56 lines
1.8 KiB
PHP
56 lines
1.8 KiB
PHP
<?php
|
|
// Serve static files from /app directory
|
|
$requestUri = $_SERVER['REQUEST_URI'];
|
|
$file = preg_replace('#^/app/#', '', parse_url($requestUri, PHP_URL_PATH));
|
|
|
|
// Map request paths to allowed base directories
|
|
$customBasePath = dirname(__DIR__) . '/custom/';
|
|
$appBasePath = __DIR__ . '/default/';
|
|
|
|
if (str_starts_with($file, 'styles/')) {
|
|
$allowedBase = realpath($customBasePath . 'styles');
|
|
$filePath = $customBasePath . $file;
|
|
} elseif (str_starts_with($file, 'fonts/')) {
|
|
$allowedBase = realpath($customBasePath . 'fonts');
|
|
$filePath = $customBasePath . $file;
|
|
} elseif (str_starts_with($file, 'assets/')) {
|
|
$allowedBase = realpath($customBasePath . 'assets');
|
|
$filePath = $customBasePath . $file;
|
|
} elseif (str_starts_with($file, 'default-styles/')) {
|
|
$allowedBase = realpath($appBasePath . 'styles');
|
|
$filePath = $appBasePath . 'styles/' . substr($file, 15);
|
|
} else {
|
|
http_response_code(404);
|
|
exit;
|
|
}
|
|
|
|
// Resolve real path and verify it's within the allowed directory
|
|
$realPath = realpath($filePath);
|
|
if ($realPath === false || $allowedBase === false || !str_starts_with($realPath, $allowedBase . '/')) {
|
|
http_response_code(404);
|
|
exit;
|
|
}
|
|
$filePath = $realPath;
|
|
|
|
// Check if file is readable
|
|
if (!is_readable($filePath)) {
|
|
http_response_code(404);
|
|
exit;
|
|
}
|
|
|
|
// Determine MIME type based on extension
|
|
$ext = pathinfo($filePath, PATHINFO_EXTENSION);
|
|
$mimeTypes = [
|
|
'css' => 'text/css',
|
|
'js' => 'application/javascript',
|
|
'woff' => 'font/woff',
|
|
'woff2' => 'font/woff2',
|
|
'ttf' => 'font/ttf',
|
|
'otf' => 'font/otf',
|
|
'eot' => 'application/vnd.ms-fontobject',
|
|
'svg' => 'image/svg+xml',
|
|
];
|
|
|
|
$mimeType = $mimeTypes[$ext] ?? (mime_content_type($filePath) ?: 'application/octet-stream');
|
|
header('Content-Type: ' . $mimeType);
|
|
readfile($filePath);
|