在Kohana
modules
.htaccess
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
路径保护
http://localhost/modules/mymodule/media/js/myjavascript.js
我怎么能允许这样的路径:
.php
我想将javascript和其他媒体文件包含到我的模块中,并且仍然保护其他模块文件,例如modules
我可以允许整个.php
路径,但是也会列出所有# Protect application and system files from being viewed
RewriteRule ^(?:application|system)\b.* index.php/$0 [L]
- 文件。
modules
当然有基本的PHP保护,但我仍然不希望任何人都可以列出我的<?php defined('SYSPATH') or die('No direct script access.');
路径。
{{1}}
答案 0 :(得分:1)
最好的解决方案是使用媒体控制器提供这些文件。因此用户可以请求“js / script.js”,Kohana将使用级联文件结构加载它找到的第一个文件。 Kohana附带了一个很好的媒体控制器,它位于用户指南模块中:
Line 247 of classes/controller/userguide.php
public function action_media()
{
// Get the file path from the request
$file = $this->request->param('file');
// Find the file extension
$ext = pathinfo($file, PATHINFO_EXTENSION);
// Remove the extension from the filename
$file = substr($file, 0, -(strlen($ext) + 1));
if ($file = Kohana::find_file('media/guide', $file, $ext))
{
// Check if the browser sent an "if-none-match: <etag>" header, and tell if the file hasn't changed
$this->response->check_cache(sha1($this->request->uri()).filemtime($file), $this->request);
// Send the file content as the response
$this->response->body(file_get_contents($file));
// Set the proper headers to allow caching
$this->response->headers('content-type', File::mime_by_ext($ext));
$this->response->headers('last-modified', date('r', filemtime($file)));
}
else
{
// Return a 404 status
$this->response->status(404);
}
}
这不是最快的解决方案,但如果您正确设置响应标头,则应在客户端浏览器上缓存文件。
答案 1 :(得分:1)
解决方案,在RewriteRule
之前添加此RewriteCond# Protect application and system files from being viewed
RewriteCond %{REQUEST_URI} !^(.*/)*(application|application/cache|modules/[^/]*)/media/.*$
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]