feat: stockage articles en fichiers Markdown, SSO intégré, URLs propres
This commit is contained in:
Cedric Abonnel
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
define('BASE_PATH', realpath(__DIR__ . '/../'));
|
||||
|
||||
$uuid = $_GET['uuid'] ?? '';
|
||||
$name = $_GET['name'] ?? '';
|
||||
|
||||
// Valide le format UUID v4
|
||||
if (!preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i', $uuid)) {
|
||||
http_response_code(400);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Sécurise le nom de fichier (pas de traversal)
|
||||
$name = basename($name);
|
||||
if ($name === '' || $name[0] === '.') {
|
||||
http_response_code(400);
|
||||
exit;
|
||||
}
|
||||
|
||||
$path = BASE_PATH . '/data/' . $uuid . '/files/' . $name;
|
||||
|
||||
if (!is_file($path)) {
|
||||
http_response_code(404);
|
||||
exit;
|
||||
}
|
||||
|
||||
$mime = mime_content_type($path) ?: 'application/octet-stream';
|
||||
header('Content-Type: ' . $mime);
|
||||
header('Content-Length: ' . filesize($path));
|
||||
header('Cache-Control: public, max-age=31536000, immutable');
|
||||
readfile($path);
|
||||
exit;
|
||||
Reference in New Issue
Block a user