123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- <?php
- /**
- * Class Minify_Controller_Version1
- * @package Minify
- */
- /**
- * Controller class for emulating version 1 of minify.php (mostly a proof-of-concept)
- *
- * <code>
- * Minify::serve('Version1');
- * </code>
- *
- * @package Minify
- * @author Stephen Clay <steve@mrclay.org>
- */
- class Minify_Controller_Version1 extends Minify_Controller_Base {
-
- /**
- * Set up groups of files as sources
- *
- * @param array $options controller and Minify options
- * @return array Minify options
- *
- */
- public function setupSources($options) {
- // PHP insecure by default: realpath() and other FS functions can't handle null bytes.
- if (isset($_GET['files'])) {
- $_GET['files'] = str_replace("\x00", '', (string)$_GET['files']);
- }
- self::_setupDefines();
- if (MINIFY_USE_CACHE) {
- $cacheDir = defined('MINIFY_CACHE_DIR')
- ? MINIFY_CACHE_DIR
- : '';
- Minify::setCache($cacheDir);
- }
- $options['badRequestHeader'] = 'HTTP/1.0 404 Not Found';
- $options['contentTypeCharset'] = MINIFY_ENCODING;
- // The following restrictions are to limit the URLs that minify will
- // respond to. Ideally there should be only one way to reference a file.
- if (! isset($_GET['files'])
- // verify at least one file, files are single comma separated,
- // and are all same extension
- || ! preg_match('/^[^,]+\\.(css|js)(,[^,]+\\.\\1)*$/', $_GET['files'], $m)
- // no "//" (makes URL rewriting easier)
- || strpos($_GET['files'], '//') !== false
- // no "\"
- || strpos($_GET['files'], '\\') !== false
- // no "./"
- || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['files'])
- ) {
- return $options;
- }
- $files = explode(',', $_GET['files']);
- if (count($files) > MINIFY_MAX_FILES) {
- return $options;
- }
-
- // strings for prepending to relative/absolute paths
- $prependRelPaths = dirname($_SERVER['SCRIPT_FILENAME'])
- . DIRECTORY_SEPARATOR;
- $prependAbsPaths = $_SERVER['DOCUMENT_ROOT'];
-
- $goodFiles = array();
- $hasBadSource = false;
-
- $allowDirs = isset($options['allowDirs'])
- ? $options['allowDirs']
- : MINIFY_BASE_DIR;
-
- foreach ($files as $file) {
- // prepend appropriate string for abs/rel paths
- $file = ($file[0] === '/' ? $prependAbsPaths : $prependRelPaths) . $file;
- // make sure a real file!
- $file = realpath($file);
- // don't allow unsafe or duplicate files
- if (parent::_fileIsSafe($file, $allowDirs)
- && !in_array($file, $goodFiles))
- {
- $goodFiles[] = $file;
- $srcOptions = array(
- 'filepath' => $file
- );
- $this->sources[] = new Minify_Source($srcOptions);
- } else {
- $hasBadSource = true;
- break;
- }
- }
- if ($hasBadSource) {
- $this->sources = array();
- }
- if (! MINIFY_REWRITE_CSS_URLS) {
- $options['rewriteCssUris'] = false;
- }
- return $options;
- }
-
- private static function _setupDefines()
- {
- $defaults = array(
- 'MINIFY_BASE_DIR' => realpath($_SERVER['DOCUMENT_ROOT'])
- ,'MINIFY_ENCODING' => 'utf-8'
- ,'MINIFY_MAX_FILES' => 16
- ,'MINIFY_REWRITE_CSS_URLS' => true
- ,'MINIFY_USE_CACHE' => true
- );
- foreach ($defaults as $const => $val) {
- if (! defined($const)) {
- define($const, $val);
- }
- }
- }
- }
|