Kohana的模块-files

Question

在Kohana有一个在.htaccess

# Protect application and system files from being viewed 
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L] 

modules -path保护我怎么能允许像路径：

http://localhost/modules/mymodule/media/js/myjavascript.js

我想包括JavaScript和其他媒体文件到我的模块，并仍然保护其他模块文件，如.php

我可以允许整个modules -path，但是所有的.php文件也会被列出。

# Protect application and system files from being viewed 
RewriteRule ^(?:application|system)\b.* index.php/$0 [L] 

肯定有基本的PHP - 保护，但我还是不希望任何人都可以列出我modules -path。

<?php defined('SYSPATH') or die('No direct script access.'); 

Answer 1

最好的解决方案是使用媒体控制器来处理这些文件。因此，用户可以请求“js/script.js”，Kohana会使用级联文件结构加载它找到的第一个文件。还有附带的Kohana一个很好的媒体控制器，它是Userguide模块：

Line 247 of classes/controller/userguide.php

public function action_media() 
{ 
    // Get the file path from the request 
    $file = $this->request->param('file'); 

    // Find the file extension 
    $ext = pathinfo($file, PATHINFO_EXTENSION); 

    // Remove the extension from the filename 
    $file = substr($file, 0, -(strlen($ext) + 1)); 

    if ($file = Kohana::find_file('media/guide', $file, $ext)) 
    { 
     // Check if the browser sent an "if-none-match: <etag>" header, and tell if the file hasn't changed 
     $this->response->check_cache(sha1($this->request->uri()).filemtime($file), $this->request); 

     // Send the file content as the response 
     $this->response->body(file_get_contents($file)); 

     // Set the proper headers to allow caching 
     $this->response->headers('content-type', File::mime_by_ext($ext)); 
     $this->response->headers('last-modified', date('r', filemtime($file))); 
    } 
    else 
    { 
     // Return a 404 status 
     $this->response->status(404); 
    } 
} 

这不会是最快的解决方案，但如果你正确设置响应标头中的文件应在缓存客户浏览器。

Answer 2

解决方案，只需重写规则之前添加此的RewriteCond

# Protect application and system files from being viewed 
RewriteCond %{REQUEST_URI} !^(.*/)*(application|application/cache|modules/[^/]*)/media/.*$ 
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]