<?php
/**
 * Serve static image/assets from this directory when Apache returns 500.
 * Usage: i.php?f=header-bg-1.png or i.php?f=offers-slider/card.png
 */
$f = isset($_GET['f']) ? (string)$_GET['f'] : '';
$f = str_replace(['\\', '..'], '', $f);
if ($f === '' || preg_match('/[^a-zA-Z0-9_\.\-\@\/]/', $f)) {
    http_response_code(404);
    exit;
}
$path = realpath(__DIR__ . '/' . $f);
if ($path === false || !is_file($path) || !is_readable($path)) {
    http_response_code(404);
    exit;
}
$base = realpath(__DIR__);
if ($base === false || strpos($path, $base) !== 0) {
    http_response_code(403);
    exit;
}
$mimes = [
    'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg',
    'gif' => 'image/gif', 'webp' => 'image/webp', 'avif' => 'image/avif',
    'ico' => 'image/x-icon', 'svg' => 'image/svg+xml',
];
$ext = strtolower(pathinfo($path, PATHINFO_EXTENSION));
header('Content-Type: ' . ($mimes[$ext] ?? 'application/octet-stream'));
header('Content-Length: ' . filesize($path));
readfile($path);