/wp-content/plugins/w3-total-cache/lib/Minify/Minify/Controller/MinApp.php
PHP | 132 lines | 100 code | 4 blank | 28 comment | 25 complexity | 917ffecaed797384eeeb594a22daf53f MD5 | raw file
Possible License(s): GPL-2.0, AGPL-1.0, LGPL-2.0, LGPL-3.0, BSD-3-Clause, GPL-3.0, LGPL-2.1, AGPL-3.0, CC-BY-SA-3.0
- <?php
- /**
- * Class Minify_Controller_MinApp
- * @package Minify
- */
- require_once W3TC_LIB_MINIFY_DIR . '/Minify/Controller/Base.php';
- /**
- * Controller class for requests to /min/index.php
- *
- * @package Minify
- * @author Stephen Clay <steve@mrclay.org>
- */
- class Minify_Controller_MinApp extends Minify_Controller_Base {
-
- /**
- * Set up groups of files as sources
- *
- * @param array $options controller and Minify options
- * @return array Minify options
- *
- */
- public function setupSources($options) {
- // filter controller options
- $cOptions = array_merge(
- array(
- 'allowDirs' => '//'
- ,'groupsOnly' => false
- ,'groups' => array()
- ,'maxFiles' => 10
- )
- ,(isset($options['minApp']) ? $options['minApp'] : array())
- );
- unset($options['minApp']);
- $sources = array();
- if (isset($_GET['g'])) {
- // try groups
- if (! isset($cOptions['groups'][$_GET['g']])) {
- $this->log("A group configuration for \"{$_GET['g']}\" was not set");
- return $options;
- }
-
- $files = $cOptions['groups'][$_GET['g']];
- // if $files is a single object, casting will break it
- if (is_object($files)) {
- $files = array($files);
- } elseif (! is_array($files)) {
- $files = (array)$files;
- }
- foreach ($files as $file) {
- if ($file instanceof Minify_Source) {
- $sources[] = $file;
- continue;
- }
- if (0 === strpos($file, '//')) {
- $file = $_SERVER['DOCUMENT_ROOT'] . substr($file, 1);
- }
- $realPath = realpath($file);
- if (is_file($realPath)) {
- $sources[] = new Minify_Source(array(
- 'filepath' => $realPath
- ));
- } else {
- $this->log("The path \"{$file}\" could not be found (or was not a file)");
- continue;
- }
- }
- } elseif (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
- // try user files
- // The following restrictions are to limit the URLs that minify will
- // respond to. Ideally there should be only one way to reference a file.
- if (// verify at least one file, files are single comma separated,
- // and are all same extension
- ! preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', $_GET['f'])
- // no "//"
- || strpos($_GET['f'], '//') !== false
- // no "\"
- || strpos($_GET['f'], '\\') !== false
- // no "./"
- || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['f'])
- ) {
- $this->log("GET param 'f' invalid (see MinApp.php line 63)");
- return $options;
- }
- $files = explode(',', $_GET['f']);
- if (count($files) > $cOptions['maxFiles'] || $files != array_unique($files)) {
- $this->log("Too many or duplicate files specified");
- return $options;
- }
- if (isset($_GET['b'])) {
- // check for validity
- if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
- && false === strpos($_GET['b'], '..')
- && $_GET['b'] !== '.') {
- // valid base
- $base = "/{$_GET['b']}/";
- } else {
- $this->log("GET param 'b' invalid (see MinApp.php line 84)");
- return $options;
- }
- } else {
- $base = '/';
- }
- $allowDirs = array();
- foreach ((array)$cOptions['allowDirs'] as $allowDir) {
- $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir));
- }
- foreach ($files as $file) {
- $path = $_SERVER['DOCUMENT_ROOT'] . $base . $file;
- $file = realpath($path);
- if (false === $file) {
- $this->log("Path \"{$path}\" failed realpath()");
- return $options;
- } elseif (! parent::_fileIsSafe($file, $allowDirs)) {
- $this->log("Path \"{$path}\" failed Minify_Controller_Base::_fileIsSafe()");
- return $options;
- } else {
- $sources[] = new Minify_Source(array(
- 'filepath' => $file
- ));
- }
- }
- }
- if ($sources) {
- $this->sources = $sources;
- } else {
- $this->log("No sources to serve");
- }
- return $options;
- }
- }