From 72ba4743f9ff95803ec68badae465739cf26d1a8 Mon Sep 17 00:00:00 2001
From: Myron Blair <myronblair@outlook.com>
Date: Tue, 23 Jun 2026 16:35:17 +0000
Subject: [PATCH] simplify: cache dirname(__DIR__), use str_starts_with, drop
 finfo object for mime_content_type()

---
 admin/view-doc.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/admin/view-doc.php b/admin/view-doc.php
index 4ff155f..f5b7786 100644
--- a/admin/view-doc.php
+++ b/admin/view-doc.php
@@ -29,17 +29,17 @@ if (!$row || !$row['file_path']) {
     exit('No document on file.');
 }
 
-$base = realpath(dirname(__DIR__) . '/uploads');
-$path = realpath(dirname(__DIR__) . '/' . $row['file_path']);
+$root = dirname(__DIR__);
+$base = realpath($root . '/uploads');
+$path = realpath($root . '/' . $row['file_path']);
 
-if (!$path || !$base || strpos($path, $base . DIRECTORY_SEPARATOR) !== 0) {
+if (!$path || !$base || !str_starts_with($path, $base . DIRECTORY_SEPARATOR)) {
     http_response_code(404);
     header('Content-Type: text/plain');
     exit('File not found.');
 }
 
-$finfo   = new finfo(FILEINFO_MIME_TYPE);
-$mime    = $finfo->file($path);
+$mime    = mime_content_type($path);
 $allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf'];
 if (!isset($allowed[$mime])) {
     http_response_code(403);