path = $path; $this->code = $code; } public function call(Router $router, array $params): string { http_response_code($this->code); $this->serveStatic($this->path, $router); return ""; } protected function getArgs(): array { return array_merge(parent::getArgs(), [$this->path, $this->code]); } public static function serveStatic(string $path, ?Router $router = null) { $path = realpath(WEBROOT . DIRECTORY_SEPARATOR . $path); if (!startsWith($path, WEBROOT . DIRECTORY_SEPARATOR)) { http_response_code(406); echo "Access restricted, requested file outside web root: " . htmlspecialchars($path); } if (!file_exists($path) || !is_file($path) || !is_readable($path)) { http_response_code(500); echo "Unable to read file: " . htmlspecialchars($path); } $pathInfo = pathinfo($path); if ($router !== null && ($user = $router->getUser()) !== null) { $ext = $pathInfo["extension"] ?? ""; if (!$user->getConfiguration()->getSettings()->isExtensionAllowed($ext)) { http_response_code(406); echo "Access restricted: Extension '" . htmlspecialchars($ext) . "' not allowed to serve."; } } $size = filesize($path); $mimeType = mime_content_type($path); header("Content-Type: $mimeType"); header("Content-Length: $size"); header('Accept-Ranges: bytes'); if (strcasecmp($_SERVER["REQUEST_METHOD"], "HEAD") !== 0) { $handle = fopen($path, "rb"); if ($handle === false) { http_response_code(500); echo "Unable to read file: " . htmlspecialchars($path); } $offset = 0; $length = $size; if (isset($_SERVER['HTTP_RANGE'])) { preg_match('/bytes=(\d+)-(\d+)?/', $_SERVER['HTTP_RANGE'], $matches); $offset = intval($matches[1]); $length = intval($matches[2]) - $offset; http_response_code(206); header('Content-Range: bytes ' . $offset . '-' . ($offset + $length) . '/' . $size); } downloadFile($handle, $offset, $length); } } }