1) { header('Content-Type: text/plain'); http::head(403,'Forbidden'); exit; } $allow_types = array('png','jpg','jpeg','gif','css','js','swf'); $pf = path::clean($_GET['pf']); $paths = array_reverse(explode(PATH_SEPARATOR,DC_PLUGINS_ROOT)); # Adding admin/res folder here to load some stuff $paths[] = dirname(__FILE__).'/swf'; foreach ($paths as $m) { $PF = path::real($m.'/'.$pf); if ($PF !== false) { break; } } unset($paths); if ($PF === false || !is_file($PF) || !is_readable($PF)) { header('Content-Type: text/plain'); http::head(404,'Not Found'); exit; } if (!in_array(files::getExtension($PF),$allow_types)) { header('Content-Type: text/plain'); http::head(404,'Not Found'); exit; } http::$cache_max_age = (!defined('DC_CACHE_MAX_AGE') ? 604800 : DC_CACHE_MAX_AGE); http::cache(array_merge(array($PF),get_included_files())); header('Content-Type: '.files::getMimeType($PF)); header('Content-Length: '.filesize($PF)); readfile($PF); exit; ?>