Created
August 23, 2016 07:53
-
-
Save cebe/9c52f0295b866e4bd22c6e39f8c73e66 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function actionFile($filename) | |
| { | |
| $storagePath = Yii::getAlias('@app/files'); | |
| // check filename for allowed chars (do not allow ../ to not allow listing) | |
| if (!preg_match('/^[a-z0-9]+\.[a-z0-9]+$/i', $filename) || !is_file("$storagePath/$filename")) { | |
| throw new NotFoundHttpException('The file does not exists.'); | |
| } | |
| return Yii::$app->response->sendFile("$storagePath/$filename", $filename); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment