app/helpers/theme-asset.php

@@ -1,21 +1,14 @@
 <?php
 /**
- * Theme Asset handler
+ * Theme Asset Handler
  *
  * Serves theme assets (images, CSS, JS, etc.) securely by checking if the requested
  * theme and asset path are valid and accessible.
- *
- * This is a standalone handler that doesn't require the full application initialization.
  */
 
-// Set error reporting
+// Include necessary files
-error_reporting(E_ALL);
+require_once __DIR__ . '/../config/init.php';
-ini_set('display_errors', '1');
+require_once __DIR__ . '/../core/ConfigLoader.php';
-
-// Define base path if not defined
-if (!defined('APP_ROOT')) {
-    define('APP_ROOT', dirname(__DIR__));
-}
 
 // Basic security checks
 if (!isset($_GET['theme']) || !preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) {
@@ -44,35 +37,12 @@ if (strpos($assetPath, '..') !== false) {
 }
 
 // Build full path to the asset
-$themesDir = dirname(dirname(__DIR__)) . '/themes';
+$fullPath = __DIR__ . "/../../themes/$themeId/$assetPath";
-$fullPath = realpath("$themesDir/$themeId/$assetPath");
-
-// Additional security check to ensure the path is within the themes directory
-if ($fullPath === false) {
-    http_response_code(404);
-    header('Content-Type: text/plain');
-    error_log("Asset not found: $themesDir/$themeId/$assetPath");
-    exit("Asset not found: $themesDir/$themeId/$assetPath");
-}
-
-if (strpos($fullPath, realpath($themesDir)) !== 0) {
-    http_response_code(400);
-    header('Content-Type: text/plain');
-    error_log("Security violation: Attempted to access path outside themes directory: $fullPath");
-    exit('Invalid asset path');
-}
 
 // Check if the file exists and is readable
 if (!file_exists($fullPath) || !is_readable($fullPath)) {
     http_response_code(404);
-    header('Content-Type: text/plain');
+    exit('Asset not found');
-    error_log("File not found or not readable: $fullPath");
-    exit("File not found or not readable: " . basename($fullPath));
-}
-
-// Clear any previous output
-if (ob_get_level()) {
-    ob_clean();
 }
 
 // Determine content type based on file extension

app/helpers/theme.php

@@ -116,11 +116,9 @@ class Theme
             return null;
         }
 
-        // Generate URL that goes through index.php
+        // Use the router to generate the URL
         global $app_root;
-        // Remove any trailing slash from app_root to avoid double slashes
+        return "$app_root/app/helpers/theme-asset.php?theme=" . urlencode($themeId) . "&path=" . urlencode($assetPath);
-        $baseUrl = rtrim($app_root, '/');
-        return "$baseUrl/?page=theme-asset&theme=" . urlencode($themeId) . "&path=" . urlencode($assetPath);
     }
 
 

app/pages/theme-asset.php

@@ -1,10 +0,0 @@
-<?php
-/**
- * Theme Asset handler
- *
- * Serves theme assets through the main application router.
- * This provides a secure way to serve theme files that are outside the web root.
- */
-
-// Include the theme asset handler
-require_once __DIR__ . '/../helpers/theme-asset.php';

public_html/index.php

@@ -145,7 +145,7 @@ $allowed_urls = [
     'conferences','participants','components',
     'graphs','latest','livejs','agents',
     'profile','credentials','config','security',
-    'settings','theme','theme-asset',
+    'settings','theme',
     'status',
     'help','about',
     'login','logout',