mirror of
https://github.com/suk-ws/ph-Bookshelf.git
synced 2025-02-24 07:00:51 +08:00
fix file read out of website root
This commit is contained in:
parent
f92d488b6e
commit
b4badd5fb0
GPG Key ID:
C17CE40291207874
@ -6,6 +6,8 @@ require "./vendor/autoload.php";
|
||||
use SukWs\Bookshelf\Data\PageMeta;
|
||||
use SukWs\Bookshelf\Data\SiteConfig\RobotsPolicy;
|
||||
use SukWs\Bookshelf\Data\SiteMeta;
|
||||
use SukWs\Bookshelf\Resource\Assets;
|
||||
use SukWs\Bookshelf\Resource\Data;
|
||||
use SukWs\Bookshelf\Utils\PageParse;
|
||||
use SukWs\Bookshelf\Web\Main;
|
||||
|
||||
@ -26,11 +28,11 @@ try {
|
||||
|
||||
switch ($policy) {
|
||||
case RobotsPolicy::allow:
|
||||
exit(file_get_contents("./assets/robots.allow"));
|
||||
exit(Assets::get("robots.allow")->get_content());
|
||||
case RobotsPolicy::deny:
|
||||
exit(file_get_contents("./assets/robots.deny"));
|
||||
exit(Assets::get("robots.deny")->get_content());
|
||||
case RobotsPolicy::file:
|
||||
exit(file_get_contents("./data/robots.txt"));
|
||||
exit(Data::get("./data/robots.txt")->get_content());
|
||||
case RobotsPolicy::raw:
|
||||
exit(SiteMeta::getConfigurationLevelShelf("site.robots"));
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@ use Exception;
|
||||
use SukWs\Bookshelf\Data\SiteConfig\ConfigName;
|
||||
use SukWs\Bookshelf\Element\BookContent\BookContented;
|
||||
use SukWs\Bookshelf\Element\BookContent\Page;
|
||||
use SukWs\Bookshelf\Resource\Data;
|
||||
use SukWs\Bookshelf\Utils\Markdown\Markdown;
|
||||
use SukWs\Bookshelf\Utils\PageParse;
|
||||
use SukWs\Bookshelf\Utils\RequestNotExistException;
|
||||
@ -45,7 +46,8 @@ class PageMeta {
|
||||
} else {
|
||||
self::$page_id = $uri[1];
|
||||
}
|
||||
if ($content = @file_get_contents(self::getPagePath("md"))) {
|
||||
if ($data = Data::get(self::getPagePath("md"))) {
|
||||
if ($content = $data->get_content())
|
||||
self::$page_data = (new Markdown())->parse($content);
|
||||
} else {
|
||||
return false;
|
||||
@ -89,9 +91,9 @@ class PageMeta {
|
||||
}
|
||||
|
||||
public static function prismTheme (): string {
|
||||
$theme = trim(self::getConfigurationLevelPage(ConfigName::prism_theme));
|
||||
$theme = self::getConfigurationLevelPage(ConfigName::prism_theme);
|
||||
if (empty($theme)) return "prism-material-light";
|
||||
return $theme;
|
||||
return trim($theme);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -115,7 +117,7 @@ class PageMeta {
|
||||
}
|
||||
|
||||
public static function getPagePath (?string $extension = null): string {
|
||||
return "./data/" . self::$bookId . "/" . self::$page_id . ($extension == null ? "" : ".".$extension);
|
||||
return self::$bookId . "/" . self::$page_id . ($extension == null ? "" : ".".$extension);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -6,6 +6,8 @@ use Exception;
|
||||
use SukWs\Bookshelf\Data\SiteConfig\ConfigName;
|
||||
use SukWs\Bookshelf\Data\SiteConfig\RobotsPolicy;
|
||||
use SukWs\Bookshelf\Element\Bookshelf;
|
||||
use SukWs\Bookshelf\Resource\Assets;
|
||||
use SukWs\Bookshelf\Resource\Data;
|
||||
|
||||
class SiteMeta {
|
||||
|
||||
@ -23,7 +25,7 @@ class SiteMeta {
|
||||
* @throws Exception
|
||||
*/
|
||||
public static function load (): void {
|
||||
self::$BOOKSHELF = Bookshelf::parseString(file_get_contents("./data/bookshelf.xml"));
|
||||
self::$BOOKSHELF = Bookshelf::parseString(Data::get("bookshelf.xml")->get_content());
|
||||
}
|
||||
|
||||
public static function getBookshelf(): Bookshelf {
|
||||
@ -80,13 +82,15 @@ class SiteMeta {
|
||||
}
|
||||
|
||||
public static function getCustomCssContent (string $id): string {
|
||||
if (!file_exists("./data/$id.css")) return "";
|
||||
return file_get_contents("./data/$id.css");
|
||||
$assets = Data::get($id.".css");
|
||||
if ($assets === false) return "";
|
||||
else return $assets->get_content();
|
||||
}
|
||||
|
||||
public static function getCustomScriptContent (string $id): string {
|
||||
if (!file_exists("./data/$id.js")) return "";
|
||||
return file_get_contents("./data/$id.js");
|
||||
$assets = Data::get($id.".js");
|
||||
if ($assets === false) return "";
|
||||
else return $assets->get_content();
|
||||
}
|
||||
|
||||
public static function getUserThemes (): string {
|
||||
|
||||
@ -6,6 +6,7 @@ use SukWs\Bookshelf\Data\PageMeta;
|
||||
use DOMNode;
|
||||
use SukWs\Bookshelf\Element\BookContent\BookContented;
|
||||
use Exception;
|
||||
use SukWs\Bookshelf\Resource\Data;
|
||||
|
||||
class Book {
|
||||
|
||||
@ -79,7 +80,7 @@ class Book {
|
||||
* @throws Exception
|
||||
*/
|
||||
public function getContentedNode (): BookContented {
|
||||
return BookContented::parseString(file_get_contents("./data/$this->id/book.xml"));
|
||||
return BookContented::parseString(Data::get($this->id."/book.xml")->get_content());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
35
src/Resource/Assets.php
Normal file
35
src/Resource/Assets.php
Normal file
@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
namespace SukWs\Bookshelf\Resource;
|
||||
|
||||
class Assets {
|
||||
|
||||
private const root = './assets/';
|
||||
|
||||
private readonly string $path;
|
||||
|
||||
private function __construct ($path) {
|
||||
$this->path = $path;
|
||||
}
|
||||
|
||||
public function get_content(): string|false {
|
||||
return file_get_contents($this->path);
|
||||
}
|
||||
|
||||
public static function get(string $id): Assets|false {
|
||||
$path = realpath(self::root.$id);
|
||||
if ($path !== false && self::checkSafety($path)) {
|
||||
return new Assets($path);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private static function getRealRootPath(): string {
|
||||
return realpath(self::root);
|
||||
}
|
||||
|
||||
private static function checkSafety (string $checked): bool {
|
||||
return str_starts_with(realpath($checked), self::getRealRootPath());
|
||||
}
|
||||
|
||||
}
|
||||
35
src/Resource/Data.php
Normal file
35
src/Resource/Data.php
Normal file
@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
namespace SukWs\Bookshelf\Resource;
|
||||
|
||||
class Data {
|
||||
|
||||
private const root = './data/';
|
||||
|
||||
private readonly string $path;
|
||||
|
||||
private function __construct ($path) {
|
||||
$this->path = $path;
|
||||
}
|
||||
|
||||
public function get_content(): string {
|
||||
return file_get_contents($this->path);
|
||||
}
|
||||
|
||||
public static function get(string $id): Data|false {
|
||||
$path = realpath(self::root.$id);
|
||||
if ($path !== false && self::checkSafety($path)) {
|
||||
return new Data($path);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private static function getRealRootPath(): string {
|
||||
return realpath(self::root);
|
||||
}
|
||||
|
||||
private static function checkSafety (string $checked): bool {
|
||||
return str_starts_with(realpath($checked), self::getRealRootPath());
|
||||
}
|
||||
|
||||
}
|
||||
14
src/Resource/Resource.php
Normal file
14
src/Resource/Resource.php
Normal file
@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
namespace SukWs\Bookshelf\Resource;
|
||||
|
||||
class Resource {
|
||||
|
||||
public static function getRealRootPath (): string {
|
||||
return realpath("./");
|
||||
}
|
||||
public static function checkSafety (string $checked): bool {
|
||||
return str_starts_with(realpath($checked), self::getRealRootPath());
|
||||
}
|
||||
|
||||
}
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
namespace SukWs\Bookshelf\Utils;
|
||||
|
||||
use SukWs\Bookshelf\Resource\Resource;
|
||||
|
||||
class PageParse {
|
||||
|
||||
/**
|
||||
@ -20,7 +22,7 @@ class PageParse {
|
||||
// 将utf8编码转换成gbk编码,否则,中文名称的文件无法打开
|
||||
// $filePath = iconv('UTF-8', 'gbk', $filePath);
|
||||
// 检查文件是否可读
|
||||
if (!is_file($filePath) || !is_readable($filePath)) {
|
||||
if (!is_file($filePath) || !is_readable($filePath) || !Resource::checkSafety($filePath)) {
|
||||
exit("File Can't Read!");
|
||||
}
|
||||
// 判定文件类型
|
||||
|
||||
Loading…
Reference in New Issue
Block a user