We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Safe way of including stylesheet with PHP

Hello.

I need to include a styleheet like this. But is this safe, can the style.css file in anyway do something i shouldent do? Like if someone types in some "not css" code, and make my website Vulnerable for any types of atacks?

public function stylesheetsAction($style){

    $this->response->setHeader("Content-Type", "text/css");
    $this->view->disable();

    include __DIR__.'/../../../themes/'.$this->folder.'/assets/css/'.$style.'.css';

}
edited Oct '16

With native include() it could be anything, some evil exec() doing system calls and deleting your entire app, or a regular PHP code to do you some other harm. If you don't trust this resource - don't include it, simple as that. If the file is rather static as it is expected from CSS style, inspect it by hand prior to inclusion. In general, you should not have any problems.

But you could also include that style with Phalcon\Assets\Manager in Phalcon.

Men... why you try send CSS via Controller? Its not good idea. CSS is static resource and should be sended via web server without framework.