Version1.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. <?php
  2. /**
  3. * Class Minify_Controller_Version1
  4. * @package Minify
  5. */
  6. /**
  7. * Controller class for emulating version 1 of minify.php (mostly a proof-of-concept)
  8. *
  9. * <code>
  10. * Minify::serve('Version1');
  11. * </code>
  12. *
  13. * @package Minify
  14. * @author Stephen Clay <steve@mrclay.org>
  15. */
  16. class Minify_Controller_Version1 extends Minify_Controller_Base {
  17. /**
  18. * Set up groups of files as sources
  19. *
  20. * @param array $options controller and Minify options
  21. * @return array Minify options
  22. *
  23. */
  24. public function setupSources($options) {
  25. // PHP insecure by default: realpath() and other FS functions can't handle null bytes.
  26. if (isset($_GET['files'])) {
  27. $_GET['files'] = str_replace("\x00", '', (string)$_GET['files']);
  28. }
  29. self::_setupDefines();
  30. if (MINIFY_USE_CACHE) {
  31. $cacheDir = defined('MINIFY_CACHE_DIR')
  32. ? MINIFY_CACHE_DIR
  33. : '';
  34. Minify::setCache($cacheDir);
  35. }
  36. $options['badRequestHeader'] = 'HTTP/1.0 404 Not Found';
  37. $options['contentTypeCharset'] = MINIFY_ENCODING;
  38. // The following restrictions are to limit the URLs that minify will
  39. // respond to. Ideally there should be only one way to reference a file.
  40. if (! isset($_GET['files'])
  41. // verify at least one file, files are single comma separated,
  42. // and are all same extension
  43. || ! preg_match('/^[^,]+\\.(css|js)(,[^,]+\\.\\1)*$/', $_GET['files'], $m)
  44. // no "//" (makes URL rewriting easier)
  45. || strpos($_GET['files'], '//') !== false
  46. // no "\"
  47. || strpos($_GET['files'], '\\') !== false
  48. // no "./"
  49. || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['files'])
  50. ) {
  51. return $options;
  52. }
  53. $files = explode(',', $_GET['files']);
  54. if (count($files) > MINIFY_MAX_FILES) {
  55. return $options;
  56. }
  57. // strings for prepending to relative/absolute paths
  58. $prependRelPaths = dirname($_SERVER['SCRIPT_FILENAME'])
  59. . DIRECTORY_SEPARATOR;
  60. $prependAbsPaths = $_SERVER['DOCUMENT_ROOT'];
  61. $goodFiles = array();
  62. $hasBadSource = false;
  63. $allowDirs = isset($options['allowDirs'])
  64. ? $options['allowDirs']
  65. : MINIFY_BASE_DIR;
  66. foreach ($files as $file) {
  67. // prepend appropriate string for abs/rel paths
  68. $file = ($file[0] === '/' ? $prependAbsPaths : $prependRelPaths) . $file;
  69. // make sure a real file!
  70. $file = realpath($file);
  71. // don't allow unsafe or duplicate files
  72. if (parent::_fileIsSafe($file, $allowDirs)
  73. && !in_array($file, $goodFiles))
  74. {
  75. $goodFiles[] = $file;
  76. $srcOptions = array(
  77. 'filepath' => $file
  78. );
  79. $this->sources[] = new Minify_Source($srcOptions);
  80. } else {
  81. $hasBadSource = true;
  82. break;
  83. }
  84. }
  85. if ($hasBadSource) {
  86. $this->sources = array();
  87. }
  88. if (! MINIFY_REWRITE_CSS_URLS) {
  89. $options['rewriteCssUris'] = false;
  90. }
  91. return $options;
  92. }
  93. private static function _setupDefines()
  94. {
  95. $defaults = array(
  96. 'MINIFY_BASE_DIR' => realpath($_SERVER['DOCUMENT_ROOT'])
  97. ,'MINIFY_ENCODING' => 'utf-8'
  98. ,'MINIFY_MAX_FILES' => 16
  99. ,'MINIFY_REWRITE_CSS_URLS' => true
  100. ,'MINIFY_USE_CACHE' => true
  101. );
  102. foreach ($defaults as $const => $val) {
  103. if (! defined($const)) {
  104. define($const, $val);
  105. }
  106. }
  107. }
  108. }