Source of file ProtectedFileController.php
Size: 2,392 Bytes - Last Modified: 2021-12-23T10:27:40+00:00
/var/www/docs.ssmods.com/process/src/src/Storage/ProtectedFileController.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 | <?php namespace SilverStripe\Assets\Storage; use SilverStripe\Assets\File; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\Controller; use SilverStripe\Control\HTTPResponse; /** * Provides routing for session-whitelisted protected files */ class ProtectedFileController extends Controller { /** * Designated router * * @var AssetStoreRouter */ protected $handler = null; /** * @return AssetStoreRouter */ public function getRouteHandler() { return $this->handler; } /** * @param AssetStoreRouter $handler * @return $this */ public function setRouteHandler(AssetStoreRouter $handler) { $this->handler = $handler; return $this; } private static $url_handlers = [ '$Filename' => "handleFile" ]; private static $allowed_actions = [ 'handleFile' ]; /** * Provide a response for the given file request * * @param HTTPRequest $request * @return HTTPResponse */ public function handleFile(HTTPRequest $request) { $filename = $this->parseFilename($request); // Deny requests to private file if (!$this->isValidFilename($filename)) { return $this->httpError(400, "Invalid request"); } // Pass through to backend return $this->getRouteHandler()->getResponseFor($filename); } /** * Check if the given filename is safe to pass to the route handler. * This should block direct requests to assets/.protected/ paths * * @param $filename * @return bool True if the filename is allowed */ public function isValidFilename($filename) { // Block hidden files return !preg_match('#(^|[\\\\/])\\..*#', $filename); } /** * Get the file component from the request * * @param HTTPRequest $request * @return string */ protected function parseFilename(HTTPRequest $request) { $filename = ''; $next = $request->param('Filename'); while ($next) { $filename = $filename ? File::join_paths($filename, $next) : $next; $next = $request->shift(); } if ($extension = $request->getExtension()) { $filename = $filename . "." . $extension; } return $filename; } } |