Skip to content
Permalink
Browse files

Add better support for php builtin webserver to only allow some

directories with static content.
  • Loading branch information...
decke committed Aug 28, 2019
1 parent 0315e8a commit 0a99c1ee4e14173ca6a049dfa484a758df3eee6e
Showing with 19 additions and 2 deletions.
  1. +19 −2 index.php
@@ -14,6 +14,23 @@
require_once __DIR__.'/vendor/autoload.php';
/* handle static files from php builtin webserver */
if (php_sapi_name() == 'cli-server') {
$basedir = dirname(__FILE__);
$allowed_subdirs = array('/css/', '/js/', '/fonts/', '/images/');
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$path = realpath($basedir.$uri);
if ($path !== false && strpos($path, $basedir) === 0) {
foreach ($allowed_subdirs as $dir) {
if (strpos($path, $basedir.$dir) === 0) {
return false;
}
}
}
}
$session = new Session();
$app = new \Slim\App();
@@ -146,11 +163,11 @@
return $this->view->render($response, 'map.html', array(
'css' => array('/css/leaflet.css', '/css/map.css'),
'js' => array('/js/leaflet.js', '/map.js'.$query)
'js' => array('/js/leaflet.js', '/mapdata'.$query)
));
});
$app->get('/map.js', function ($request, $response) {
$app->get('/mapdata', function ($request, $response) {
$links = array();
$location = new Location();
$locations = array();

0 comments on commit 0a99c1e

Please sign in to comment.
You can’t perform that action at this time.