PageRenderTime 102ms CodeModel.GetById 60ms app.highlight 6ms RepoModel.GetById 34ms app.codeStats 0ms

/wp-content/plugins/w3-total-cache/lib/Minify/Minify/Controller/MinApp.php

https://bitbucket.org/openfarmtech/weblog-content
PHP | 132 lines | 100 code | 4 blank | 28 comment | 25 complexity | 917ffecaed797384eeeb594a22daf53f MD5 | raw file
  1<?php
  2/**
  3 * Class Minify_Controller_MinApp  
  4 * @package Minify
  5 */
  6
  7require_once W3TC_LIB_MINIFY_DIR . '/Minify/Controller/Base.php';
  8
  9/**
 10 * Controller class for requests to /min/index.php
 11 * 
 12 * @package Minify
 13 * @author Stephen Clay <steve@mrclay.org>
 14 */
 15class Minify_Controller_MinApp extends Minify_Controller_Base {
 16    
 17    /**
 18     * Set up groups of files as sources
 19     * 
 20     * @param array $options controller and Minify options
 21     * @return array Minify options
 22     * 
 23     */
 24    public function setupSources($options) {
 25        // filter controller options
 26        $cOptions = array_merge(
 27            array(
 28                'allowDirs' => '//'
 29                ,'groupsOnly' => false
 30                ,'groups' => array()
 31                ,'maxFiles' => 10                
 32            )
 33            ,(isset($options['minApp']) ? $options['minApp'] : array())
 34        );
 35        unset($options['minApp']);
 36        $sources = array();
 37        if (isset($_GET['g'])) {
 38            // try groups
 39            if (! isset($cOptions['groups'][$_GET['g']])) {
 40                $this->log("A group configuration for \"{$_GET['g']}\" was not set");
 41                return $options;
 42            }
 43            
 44            $files = $cOptions['groups'][$_GET['g']];
 45            // if $files is a single object, casting will break it
 46            if (is_object($files)) {
 47                $files = array($files);
 48            } elseif (! is_array($files)) {
 49                $files = (array)$files;
 50            }
 51            foreach ($files as $file) {
 52                if ($file instanceof Minify_Source) {
 53                    $sources[] = $file;
 54                    continue;
 55                }
 56                if (0 === strpos($file, '//')) {
 57                    $file = $_SERVER['DOCUMENT_ROOT'] . substr($file, 1);
 58                }
 59                $realPath = realpath($file);
 60                if (is_file($realPath)) {
 61                    $sources[] = new Minify_Source(array(
 62                        'filepath' => $realPath
 63                    ));    
 64                } else {
 65                    $this->log("The path \"{$file}\" could not be found (or was not a file)");
 66                    continue;
 67                }
 68            }
 69        } elseif (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
 70            // try user files
 71            // The following restrictions are to limit the URLs that minify will
 72            // respond to. Ideally there should be only one way to reference a file.
 73            if (// verify at least one file, files are single comma separated, 
 74                // and are all same extension
 75                ! preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', $_GET['f'])
 76                // no "//"
 77                || strpos($_GET['f'], '//') !== false
 78                // no "\"
 79                || strpos($_GET['f'], '\\') !== false
 80                // no "./"
 81                || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['f'])
 82            ) {
 83                $this->log("GET param 'f' invalid (see MinApp.php line 63)");
 84                return $options;
 85            }
 86            $files = explode(',', $_GET['f']);
 87            if (count($files) > $cOptions['maxFiles'] || $files != array_unique($files)) {
 88                $this->log("Too many or duplicate files specified");
 89                return $options;
 90            }
 91            if (isset($_GET['b'])) {
 92                // check for validity
 93                if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
 94                    && false === strpos($_GET['b'], '..')
 95                    && $_GET['b'] !== '.') {
 96                    // valid base
 97                    $base = "/{$_GET['b']}/";       
 98                } else {
 99                    $this->log("GET param 'b' invalid (see MinApp.php line 84)");
100                    return $options;
101                }
102            } else {
103                $base = '/';
104            }
105            $allowDirs = array();
106            foreach ((array)$cOptions['allowDirs'] as $allowDir) {
107                $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir));
108            }
109            foreach ($files as $file) {
110                $path = $_SERVER['DOCUMENT_ROOT'] . $base . $file;
111                $file = realpath($path);
112                if (false === $file) {
113                    $this->log("Path \"{$path}\" failed realpath()");
114                    return $options;
115                } elseif (! parent::_fileIsSafe($file, $allowDirs)) {
116                    $this->log("Path \"{$path}\" failed Minify_Controller_Base::_fileIsSafe()");
117                    return $options;
118                } else {
119                    $sources[] = new Minify_Source(array(
120                        'filepath' => $file
121                    ));
122                }
123            }
124        }
125        if ($sources) {
126            $this->sources = $sources;
127        } else {
128            $this->log("No sources to serve");
129        }
130        return $options;
131    }
132}