How can i improve this?

PHP Code:

<?php if (isset ($_GET) and !empty ($_GET)) { if (!isset ($_GET['file']) and empty ($_GET['file'])) { trigger_error ("File needed!"); } if (!isset ($_GET['type']) and empty ($_GET['type'])) { trigger_error ("Type needed!"); } $file = $_GET['file']; $type = $_GET['type']; switch ($type) { case "css": header ("Content-type: text/css"); break; case "js": header ("Content-type: text/javascript"); break; case "img": if (!isset ($_GET['img']) and empty ($_GET['img'])) { trigger_error ("Image type needed!"); } $img = $_GET['img']; switch ($img) { case "png": header ("Content-type: image/png"); break; case "gif": header ("Content-type: image/gif"); break; } break; } echo file_get_contents ($file); } ?>

Anyway to improve this?
It works fine for what i want it to do but I'm sure there's way to improve it.

Thanks.

Re: How can i improve this?

Line 3 is pretty much useless because if $_GET['file'] or $_GET['type'] are set, it will always go into the if statement.
Defining $file, $type and $img is not necessary as you only use it once, just use the $_GET['file/type/img'] variable directly.
Line 28 to 37 can be changed to 1 line with the ternary operator.
Line 40 could be dangerous as you do not check if the file exists and is in the right directory. (LFI/RFI).

Re: How can i improve this?

edit: nvm about that previous shit.

i'd do this:

PHP Code:

$allowed_types = array("text/css", "text/javascript", "image/png", "image/gif"); if(isset($_GET['file'])) { if(in_array($_GET['type'], $allowed_types)) { header("Content-type: ". $_GET['type']); echo file_get_contents($_GET['file']); } else { trigger_error("Invalid type specified!"); } } else { trigger_error("File needed!"); }

keep in mind you'd have to change the $_GET values you're sending a long a bit...

Re: How can i improve this?

May I suggest a more data-driven approach? Without error handling code you could make it clean and maintable as:

PHP Code:

$image_types = array("png" => "png", "gif" => "gif"); $text_types = array("css" => "css", "js" => "javascript"); $type = $_GET['type']; $img = $_GET['img']; $content_type = ($type == "img") ? "image/" . $image_types[$img] : "text/" . $text_types[$type]; echo "Content-type: $content_type";