'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', 'webp' => 'image/webp', 'svg' => 'image/svg+xml', 'pdf' => 'application/pdf', 'zip' => 'application/zip', 'mp4' => 'video/mp4', 'webm' => 'video/webm', 'ogg' => 'video/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/wav', 'css' => 'text/css', 'js' => 'application/javascript', ]; if (strpos($path, '/-media/') === 0) { $relative = ltrim(substr($path, 7), '/'); $root = realpath(__DIR__ . '/..'); $filePath = $root . '/content/' . $relative; if (strpos($filePath, $root . '/content') === 0) { $ext = strtolower(pathinfo($filePath, PATHINFO_EXTENSION)); if (in_array($ext, $allowedExt) && file_exists($filePath) && !is_dir($filePath)) { if (isset($mimeTypes[$ext])) { header('Content-Type: ' . $mimeTypes[$ext]); } readfile($filePath); exit; } } http_response_code(404); echo '

404 - Not Found

'; exit; } if (strpos($path, '/-assets/') === 0) { $relative = ltrim(substr($path, 8), '/'); $root = realpath(__DIR__ . '/..'); $servePath = null; $candidates = [ $root . '/content/-assets/' . $relative, $root . '/content/' . $relative, ]; foreach ($candidates as $candidate) { if (strpos($candidate, $root . '/content') !== 0) continue; if (file_exists($candidate) && !is_dir($candidate)) { $ext = strtolower(pathinfo($candidate, PATHINFO_EXTENSION)); if (in_array($ext, $allowedExt)) { $servePath = $candidate; break; } } } if ($servePath !== null) { $ext = strtolower(pathinfo($servePath, PATHINFO_EXTENSION)); if (isset($mimeTypes[$ext])) { header('Content-Type: ' . $mimeTypes[$ext]); } readfile($servePath); exit; } http_response_code(404); echo '

404 - Not Found

'; exit; } // Block direct access to content files if (strpos($path, '/content/') === 0) { http_response_code(403); echo '

403 - Forbidden

Access denied.

'; exit; } $cms = new CodePressCMS($config); $cms->render();