Version1.php
3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
/**
* Class Minify_Controller_Version1
* @package Minify
*/
/**
* Controller class for emulating version 1 of minify.php (mostly a proof-of-concept)
*
* <code>
* Minify::serve('Version1');
* </code>
*
* @package Minify
* @author Stephen Clay <steve@mrclay.org>
*/
class Minify_Controller_Version1 extends Minify_Controller_Base {
/**
* Set up groups of files as sources
*
* @param array $options controller and Minify options
* @return array Minify options
*
*/
public function setupSources($options) {
// PHP insecure by default: realpath() and other FS functions can't handle null bytes.
if (isset($_GET['files'])) {
$_GET['files'] = str_replace("\x00", '', (string)$_GET['files']);
}
self::_setupDefines();
if (MINIFY_USE_CACHE) {
$cacheDir = defined('MINIFY_CACHE_DIR')
? MINIFY_CACHE_DIR
: '';
Minify::setCache($cacheDir);
}
$options['badRequestHeader'] = 'HTTP/1.0 404 Not Found';
$options['contentTypeCharset'] = MINIFY_ENCODING;
// The following restrictions are to limit the URLs that minify will
// respond to. Ideally there should be only one way to reference a file.
if (! isset($_GET['files'])
// verify at least one file, files are single comma separated,
// and are all same extension
|| ! preg_match('/^[^,]+\\.(css|js)(,[^,]+\\.\\1)*$/', $_GET['files'], $m)
// no "//" (makes URL rewriting easier)
|| strpos($_GET['files'], '//') !== false
// no "\"
|| strpos($_GET['files'], '\\') !== false
// no "./"
|| preg_match('/(?:^|[^\\.])\\.\\//', $_GET['files'])
) {
return $options;
}
$files = explode(',', $_GET['files']);
if (count($files) > MINIFY_MAX_FILES) {
return $options;
}
// strings for prepending to relative/absolute paths
$prependRelPaths = dirname($_SERVER['SCRIPT_FILENAME'])
. DIRECTORY_SEPARATOR;
$prependAbsPaths = $_SERVER['DOCUMENT_ROOT'];
$goodFiles = array();
$hasBadSource = false;
$allowDirs = isset($options['allowDirs'])
? $options['allowDirs']
: MINIFY_BASE_DIR;
foreach ($files as $file) {
// prepend appropriate string for abs/rel paths
$file = ($file[0] === '/' ? $prependAbsPaths : $prependRelPaths) . $file;
// make sure a real file!
$file = realpath($file);
// don't allow unsafe or duplicate files
if (parent::_fileIsSafe($file, $allowDirs)
&& !in_array($file, $goodFiles))
{
$goodFiles[] = $file;
$srcOptions = array(
'filepath' => $file
);
$this->sources[] = new Minify_Source($srcOptions);
} else {
$hasBadSource = true;
break;
}
}
if ($hasBadSource) {
$this->sources = array();
}
if (! MINIFY_REWRITE_CSS_URLS) {
$options['rewriteCssUris'] = false;
}
return $options;
}
private static function _setupDefines()
{
$defaults = array(
'MINIFY_BASE_DIR' => realpath($_SERVER['DOCUMENT_ROOT'])
,'MINIFY_ENCODING' => 'utf-8'
,'MINIFY_MAX_FILES' => 16
,'MINIFY_REWRITE_CSS_URLS' => true
,'MINIFY_USE_CACHE' => true
);
foreach ($defaults as $const => $val) {
if (! defined($const)) {
define($const, $val);
}
}
}
}