From b4badd5fb0d2f1b2784e7e14eb265c064a1231a6 Mon Sep 17 00:00:00 2001 From: Eyre_S Date: Tue, 4 Apr 2023 21:08:08 +0800 Subject: [PATCH] fix file read out of website root --- index.php | 8 +++++--- src/Data/PageMeta.php | 10 ++++++---- src/Data/SiteMeta.php | 14 +++++++++----- src/Element/Book.php | 3 ++- src/Resource/Assets.php | 35 +++++++++++++++++++++++++++++++++++ src/Resource/Data.php | 35 +++++++++++++++++++++++++++++++++++ src/Resource/Resource.php | 14 ++++++++++++++ src/Utils/PageParse.php | 4 +++- 8 files changed, 109 insertions(+), 14 deletions(-) create mode 100644 src/Resource/Assets.php create mode 100644 src/Resource/Data.php create mode 100644 src/Resource/Resource.php diff --git a/index.php b/index.php index 6ce2a42..868a30c 100644 --- a/index.php +++ b/index.php @@ -6,6 +6,8 @@ require "./vendor/autoload.php"; use SukWs\Bookshelf\Data\PageMeta; use SukWs\Bookshelf\Data\SiteConfig\RobotsPolicy; use SukWs\Bookshelf\Data\SiteMeta; +use SukWs\Bookshelf\Resource\Assets; +use SukWs\Bookshelf\Resource\Data; use SukWs\Bookshelf\Utils\PageParse; use SukWs\Bookshelf\Web\Main; @@ -26,11 +28,11 @@ try { switch ($policy) { case RobotsPolicy::allow: - exit(file_get_contents("./assets/robots.allow")); + exit(Assets::get("robots.allow")->get_content()); case RobotsPolicy::deny: - exit(file_get_contents("./assets/robots.deny")); + exit(Assets::get("robots.deny")->get_content()); case RobotsPolicy::file: - exit(file_get_contents("./data/robots.txt")); + exit(Data::get("./data/robots.txt")->get_content()); case RobotsPolicy::raw: exit(SiteMeta::getConfigurationLevelShelf("site.robots")); } diff --git a/src/Data/PageMeta.php b/src/Data/PageMeta.php index 7db5a18..1ea0ea3 100644 --- a/src/Data/PageMeta.php +++ b/src/Data/PageMeta.php @@ -6,6 +6,7 @@ use Exception; use SukWs\Bookshelf\Data\SiteConfig\ConfigName; use SukWs\Bookshelf\Element\BookContent\BookContented; use SukWs\Bookshelf\Element\BookContent\Page; +use SukWs\Bookshelf\Resource\Data; use SukWs\Bookshelf\Utils\Markdown\Markdown; use SukWs\Bookshelf\Utils\PageParse; use SukWs\Bookshelf\Utils\RequestNotExistException; @@ -45,7 +46,8 @@ class PageMeta { } else { self::$page_id = $uri[1]; } - if ($content = @file_get_contents(self::getPagePath("md"))) { + if ($data = Data::get(self::getPagePath("md"))) { + if ($content = $data->get_content()) self::$page_data = (new Markdown())->parse($content); } else { return false; @@ -89,9 +91,9 @@ class PageMeta { } public static function prismTheme (): string { - $theme = trim(self::getConfigurationLevelPage(ConfigName::prism_theme)); + $theme = self::getConfigurationLevelPage(ConfigName::prism_theme); if (empty($theme)) return "prism-material-light"; - return $theme; + return trim($theme); } /** @@ -115,7 +117,7 @@ class PageMeta { } public static function getPagePath (?string $extension = null): string { - return "./data/" . self::$bookId . "/" . self::$page_id . ($extension == null ? "" : ".".$extension); + return self::$bookId . "/" . self::$page_id . ($extension == null ? "" : ".".$extension); } } diff --git a/src/Data/SiteMeta.php b/src/Data/SiteMeta.php index 7fab5fc..6bf0ed2 100644 --- a/src/Data/SiteMeta.php +++ b/src/Data/SiteMeta.php @@ -6,6 +6,8 @@ use Exception; use SukWs\Bookshelf\Data\SiteConfig\ConfigName; use SukWs\Bookshelf\Data\SiteConfig\RobotsPolicy; use SukWs\Bookshelf\Element\Bookshelf; +use SukWs\Bookshelf\Resource\Assets; +use SukWs\Bookshelf\Resource\Data; class SiteMeta { @@ -23,7 +25,7 @@ class SiteMeta { * @throws Exception */ public static function load (): void { - self::$BOOKSHELF = Bookshelf::parseString(file_get_contents("./data/bookshelf.xml")); + self::$BOOKSHELF = Bookshelf::parseString(Data::get("bookshelf.xml")->get_content()); } public static function getBookshelf(): Bookshelf { @@ -80,13 +82,15 @@ class SiteMeta { } public static function getCustomCssContent (string $id): string { - if (!file_exists("./data/$id.css")) return ""; - return file_get_contents("./data/$id.css"); + $assets = Data::get($id.".css"); + if ($assets === false) return ""; + else return $assets->get_content(); } public static function getCustomScriptContent (string $id): string { - if (!file_exists("./data/$id.js")) return ""; - return file_get_contents("./data/$id.js"); + $assets = Data::get($id.".js"); + if ($assets === false) return ""; + else return $assets->get_content(); } public static function getUserThemes (): string { diff --git a/src/Element/Book.php b/src/Element/Book.php index 26bd001..b69d475 100644 --- a/src/Element/Book.php +++ b/src/Element/Book.php @@ -6,6 +6,7 @@ use SukWs\Bookshelf\Data\PageMeta; use DOMNode; use SukWs\Bookshelf\Element\BookContent\BookContented; use Exception; +use SukWs\Bookshelf\Resource\Data; class Book { @@ -79,7 +80,7 @@ class Book { * @throws Exception */ public function getContentedNode (): BookContented { - return BookContented::parseString(file_get_contents("./data/$this->id/book.xml")); + return BookContented::parseString(Data::get($this->id."/book.xml")->get_content()); } } diff --git a/src/Resource/Assets.php b/src/Resource/Assets.php new file mode 100644 index 0000000..e44896b --- /dev/null +++ b/src/Resource/Assets.php @@ -0,0 +1,35 @@ +path = $path; + } + + public function get_content(): string|false { + return file_get_contents($this->path); + } + + public static function get(string $id): Assets|false { + $path = realpath(self::root.$id); + if ($path !== false && self::checkSafety($path)) { + return new Assets($path); + } + return false; + } + + private static function getRealRootPath(): string { + return realpath(self::root); + } + + private static function checkSafety (string $checked): bool { + return str_starts_with(realpath($checked), self::getRealRootPath()); + } + +} \ No newline at end of file diff --git a/src/Resource/Data.php b/src/Resource/Data.php new file mode 100644 index 0000000..3c660fe --- /dev/null +++ b/src/Resource/Data.php @@ -0,0 +1,35 @@ +path = $path; + } + + public function get_content(): string { + return file_get_contents($this->path); + } + + public static function get(string $id): Data|false { + $path = realpath(self::root.$id); + if ($path !== false && self::checkSafety($path)) { + return new Data($path); + } + return false; + } + + private static function getRealRootPath(): string { + return realpath(self::root); + } + + private static function checkSafety (string $checked): bool { + return str_starts_with(realpath($checked), self::getRealRootPath()); + } + +} \ No newline at end of file diff --git a/src/Resource/Resource.php b/src/Resource/Resource.php new file mode 100644 index 0000000..3c4624e --- /dev/null +++ b/src/Resource/Resource.php @@ -0,0 +1,14 @@ +