package Static; use CGI::Application::Plugins::Stream qw(stream_file); [..] sub setup { my $self = shift; $self->start_mode('stream'); $self->run_modes( 'stream' => 'stream' ); } sub stream { my ($self) = @_; $| = 1; my $staticdir = $self->param('staticdir'); $self->header_add(-Content_Disposition => "Inline", -Server => "CGIServer"); my $file = ''; $file = $self->query->path_info(); $file =~ s/^\/static\///; $file = "$staticdir/$file"; my $absfile = abs_path($file) or return $self->file_not_found(); $self->header_add(-content_type => 'text/css') if ($absfile =~ /\.css$/); $self->header_add(-content_type => 'audio/mpeg') if ($absfile =~ /\.mp3$/); # Verhindere Path Traversal Attacks if ($absfile =~ /^$staticdir\// && $self->stream_file( $absfile, 2048 ) ) { return; } else { $self->file_not_found() } } [...]