Files
CodePress/cms/router.php

59 lines
1.7 KiB
PHP

<?php
// Router file for PHP development server to handle security and static files
$requestUri = $_SERVER['REQUEST_URI'];
$parsedUrl = parse_url($requestUri);
$path = $parsedUrl['path'];
// Block direct access to content directory
if (strpos($path, '/content/') === 0) {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>Access denied.</p>';
return true;
}
// Block PHP execution in content directory
if (preg_match('/\.php$/i', $path) && strpos($path, '/content/') !== false) {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>PHP execution not allowed in content directory.</p>';
return true;
}
// Block access to sensitive files
$sensitiveFiles = ['.htaccess', 'config.php'];
foreach ($sensitiveFiles as $file) {
if (basename($path) === $file && dirname($path) === '/') {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>Access denied.</p>';
return true;
}
}
// Serve static files from engine/assets
if (strpos($path, '/engine/') === 0) {
$filePath = __DIR__ . $path;
if (file_exists($filePath)) {
// Set appropriate content type
$extension = strtolower(pathinfo($filePath, PATHINFO_EXTENSION));
$mimeTypes = [
'css' => 'text/css',
'js' => 'application/javascript',
'svg' => 'image/svg+xml',
'woff' => 'font/woff',
'woff2' => 'font/woff2',
'ttf' => 'font/ttf'
];
if (isset($mimeTypes[$extension])) {
header('Content-Type: ' . $mimeTypes[$extension]);
}
// Serve the file
readfile($filePath);
return true;
}
}
// Route all other requests to index.php
include __DIR__ . '/index.php';
return true;