我的网站设置如下:
client request --> gate.php --> requested file
客户端发送的每个请求都会被gate.php解析。 Gate.php然后包含受限目录中的请求文件,以便客户端无法访问除gate.php之外的任何文件。
门文件:
<?php
$_uri = strtok($_SERVER["REQUEST_URI"],'?');
$_root = "<root>";
// Index //
switch($_uri) {
case "/": $_uri = "<path>"; break;
case "/css": $_uri = "<path>"; break;
case "/js": $_uri = "<path>"; break;
case "/font": $_uri = "<path>".strtok($_GET["p"],".")."/".$_GET["p"]; break;
case "/ajax": $_uri = "<path>"; break;
case "/signin": $_uri = "<path>"; break;
case "/signup": $_uri = "<path>"; break;
default:
if(substr($_uri,0,8) == "/profile") { // profile
$_uri = "<path>";
$_page = substr($_uri,9);
} else {
header("HTTP/1.1 404");
require_once($_root."<path>");
die();
}
}
!isset($_page) and isset($_GET["p"]) ? $_page = $_GET["p"] : 0;
// Mime //
$_path = explode(".",$_uri);
switch($_path[1]) {
case "php": $_path[2] = "text/html"; break;
case "css": $_path[2] = "text/css"; break;
case "js": $_path[2] = "application/javascript"; break;
case "xml": $_path[2] = "application/xml"; break;
case "svg": $_path[2] = "application/xml+svg"; break;
case "jpg": $_path[2] = "image/jpeg"; break;
case "png": $_path[2] = "image/png"; break;
case "otf": $_path[2] = "x-font/otf"; break;
case "eot": $_path[2] = "x-font/eot"; break;
case "ttf": $_path[2] = "x-font/ttf"; break;
case "woff": $_path[2] = "x-font/woff"; break;
default:
header("HTTP/1.1 500");
require_once($_root."<path>");
die();
}
$_path[2] == "text/html" ? require_once($_root."<path>") : 0;
// File //
header("Content-Type: ".$_path[2]);
require_once($_root."/sys".$_uri);
?>
问题是,当我通过门传递字体文件时,字体文件包含PHP解析并返回错误的文本<?。
有没有办法逃避字体文件,以便PHP不解析它?
答案 0 :(得分:0)
您只能使用PHP解释的require个文件。如果您想通过脚本提供其他类型的文件,则必须通过阅读它们来输出它们。
类似的东西:
$file = 'myfontfile.ttf';
if (file_exists($file)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: inline; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}