theme = config_item('theme'); } function css() { $css_file = $this->uri->segment(4); $css_file = basename($css_file); // Fix LFI Vulnerability if ($css_file == 'fonts') { $font_file = $this->uri->segment(5); $font_file = basename($font_file); //file path $file_path = 'themes/' . $this->theme . '/css/fonts/' . $font_file; if (!file_exists($file_path)) { return false; } $path_parts = pathinfo(dirname(dirname(dirname(__FILE__))) . '/' . $file_path); if ($path_parts['extension'] == "woff") { header('Content-type: application/font-woff'); } if ($path_parts['extension'] == "eot") { header('Content-type: application/vnd.ms-fontobject'); } if ($path_parts['extension'] == "ttf" || $path_parts['extension'] == "ttc") { header('Content-type: application/x-font-ttf'); } if ($path_parts['extension'] == "otf") { header('Content-type: font/opentype'); } if ($path_parts['extension'] == "svg") { header('Content-type: image/svg+xml'); } if ($path_parts['extension'] == "svgz") { header("Content-Encoding: gzip"); header('Content-type: image/svg+xml'); } //send $this->_expires_header(1); readfile($file_path); } else { //file path $file_path = 'themes/' . $this->theme . '/css/' . $css_file; //fallback to default css if view in theme not found if (!file_exists($file_path)) { $file_path = 'themes/default/css/' . $css_file; } // Double checking file if (!file_exists($file_path)) { return false; } //send header('Content-type: text/css'); $this->_expires_header(1); readfile($file_path); } } function fonts() { $font_file = $this->uri->segment(4); //file path $file_path = 'themes/' . $this->theme . '/fonts/' . $font_file; //no fallback to default, since default has no such fonts //since no fallbcack, there is no doucle checking for file if (!file_exists($file_path)) { return false; } //send $path_parts = pathinfo(dirname(dirname(dirname(__FILE__))) . '/' . $file_path); if ($path_parts['extension'] == "woff") { header('Content-type: application/font-woff'); } if ($path_parts['extension'] == "eot") { header('Content-type: application/vnd.ms-fontobject'); } if ($path_parts['extension'] == "ttf" || $path_parts['extension'] == "ttc") { header('Content-type: application/x-font-ttf'); } if ($path_parts['extension'] == "otf") { header('Content-type: font/opentype'); } if ($path_parts['extension'] == "svg") { header('Content-type: image/svg+xml'); } if ($path_parts['extension'] == "svgz") { header("Content-Encoding: gzip"); header('Content-type: image/svg+xml'); } $this->_expires_header(1); readfile($file_path); } function images() { $image_file = $this->uri->segment(4); $image_file = basename($image_file); //file path $file_path = 'themes/' . $this->theme . '/images/' . $image_file; //fallback to default css if view in theme not found if (!file_exists($file_path)) { $file_path = 'themes/default/images/' . $image_file; } // double checking file if (!file_exists($file_path)) { return false; } //send $size = getimagesize($file_path); header('Content-type: ' . $size['mime']); $this->_expires_header(30); readfile($file_path); } function js() { //get js $segments = $this->uri->segment_array(); array_shift($segments); array_shift($segments); array_shift($segments); $js_file = implode('/', $segments); $js_file = str_replace('../', '', $js_file); //file path $file_path = 'themes/' . $this->theme . '/js/' . $js_file; //fallback to default js if js in theme not found if (!file_exists($file_path)) { $file_path = 'themes/default/js/' . $js_file; } // return empty string if not found, to not mess up existing JS if (!file_exists($file_path)) { header('HTTP/1.1 404 Not Found'); return ''; } //send header('Content-Type: application/x-javascript; charset=utf-8'); $this->_expires_header(30); readfile($file_path); } private function _expires_header($days) { header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 60 * 60 * 24 * $days)); } }