|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
00001 <?php 00007 require_once 'Minify/Controller/Base.php'; 00008 00015 class Minify_Controller_MinApp extends Minify_Controller_Base { 00016 00024 public function setupSources($options) { 00025 // filter controller options 00026 $cOptions = array_merge( 00027 array( 00028 'allowDirs' => '//' 00029 ,'groupsOnly' => false 00030 ,'groups' => array() 00031 ,'maxFiles' => 10 00032 ) 00033 ,(isset($options['minApp']) ? $options['minApp'] : array()) 00034 ); 00035 unset($options['minApp']); 00036 $sources = array(); 00037 if (isset($_GET['g'])) { 00038 // try groups 00039 if (! isset($cOptions['groups'][$_GET['g']])) { 00040 $this->log("A group configuration for \"{$_GET['g']}\" was not set"); 00041 return $options; 00042 } 00043 00044 $files = $cOptions['groups'][$_GET['g']]; 00045 // if $files is a single object, casting will break it 00046 if (is_object($files)) { 00047 $files = array($files); 00048 } elseif (! is_array($files)) { 00049 $files = (array)$files; 00050 } 00051 foreach ($files as $file) { 00052 if ($file instanceof Minify_Source) { 00053 $sources[] = $file; 00054 continue; 00055 } 00056 if (0 === strpos($file, '//')) { 00057 $file = $_SERVER['DOCUMENT_ROOT'] . substr($file, 1); 00058 } 00059 $file = realpath($file); 00060 if (is_file($file)) { 00061 $sources[] = new Minify_Source(array( 00062 'filepath' => $file 00063 )); 00064 } else { 00065 $this->log("The path \"{$file}\" could not be found (or was not a file)"); 00066 return $options; 00067 } 00068 } 00069 } elseif (! $cOptions['groupsOnly'] && isset($_GET['f'])) { 00070 // try user files 00071 // The following restrictions are to limit the URLs that minify will 00072 // respond to. Ideally there should be only one way to reference a file. 00073 if (// verify at least one file, files are single comma separated, 00074 // and are all same extension 00075 ! preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', $_GET['f']) 00076 // no "//" 00077 || strpos($_GET['f'], '//') !== false 00078 // no "\" 00079 || strpos($_GET['f'], '\\') !== false 00080 // no "./" 00081 || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['f']) 00082 ) { 00083 $this->log("GET param 'f' invalid (see MinApp.php line 63)"); 00084 return $options; 00085 } 00086 $files = explode(',', $_GET['f']); 00087 if (count($files) > $cOptions['maxFiles'] || $files != array_unique($files)) { 00088 $this->log("Too many or duplicate files specified"); 00089 return $options; 00090 } 00091 if (isset($_GET['b'])) { 00092 // check for validity 00093 if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b']) 00094 && false === strpos($_GET['b'], '..') 00095 && $_GET['b'] !== '.') { 00096 // valid base 00097 $base = "/{$_GET['b']}/"; 00098 } else { 00099 $this->log("GET param 'b' invalid (see MinApp.php line 84)"); 00100 return $options; 00101 } 00102 } else { 00103 $base = '/'; 00104 } 00105 $allowDirs = array(); 00106 foreach ((array)$cOptions['allowDirs'] as $allowDir) { 00107 $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir)); 00108 } 00109 foreach ($files as $file) { 00110 $path = $_SERVER['DOCUMENT_ROOT'] . $base . $file; 00111 $file = realpath($path); 00112 if (false === $file) { 00113 $this->log("Path \"{$path}\" failed realpath()"); 00114 return $options; 00115 } elseif (! parent::_fileIsSafe($file, $allowDirs)) { 00116 $this->log("Path \"{$path}\" failed Minify_Controller_Base::_fileIsSafe()"); 00117 return $options; 00118 } else { 00119 $sources[] = new Minify_Source(array( 00120 'filepath' => $file 00121 )); 00122 } 00123 } 00124 } 00125 if ($sources) { 00126 $this->sources = $sources; 00127 } else { 00128 $this->log("No sources to serve"); 00129 } 00130 return $options; 00131 } 00132 }
1.7.6.1 
