Changeset 29636


Ignore:
Timestamp:
09/19/14 10:46:12 (5 years ago)
Author:
plg
Message:

bug 3119 fixed: patch by mmoy, allow @import url(http://...); directives in minified CSS file.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/template.class.php

    r29389 r29636  
    19161916      { 
    19171917        $output = ''; 
     1918        $header = ''; 
    19181919        foreach ($pending as $combinable) 
    19191920        { 
    19201921          $output .= "/*BEGIN $combinable->path */\n"; 
    1921           $output .= $this->process_combinable($combinable, true, $force); 
     1922          $output .= $this->process_combinable($combinable, true, $force, $header); 
    19221923          $output .= "\n"; 
    19231924        } 
     1925        $output = "/*BEGIN header */\n" . $header . "\n" . $output; 
    19241926        mkgetdir( dirname(PHPWG_ROOT_PATH.$file) ); 
    19251927        file_put_contents( PHPWG_ROOT_PATH.$file, $output ); 
     
    19301932    elseif ( count($pending)==1) 
    19311933    { 
    1932       $this->process_combinable($pending[0], false, $force); 
     1934      $header = ''; 
     1935      $this->process_combinable($pending[0], false, $force, $header); 
    19331936      $result[] = $pending[0]; 
    19341937    } 
     
    19431946   * @param bool $return_content 
    19441947   * @param bool $force 
     1948   * @param string $header CSS directives that must appear first in 
     1949   *                       the minified file (only used when 
     1950   *                       $return_content===true) 
    19451951   * @return null|string 
    19461952   */ 
    1947   private function process_combinable($combinable, $return_content, $force) 
     1953  private function process_combinable($combinable, $return_content, $force, &$header) 
    19481954  { 
    19491955    global $conf; 
     
    19711977 
    19721978      if ($this->is_css) 
    1973         $content = self::process_css($content, $combinable->path ); 
     1979        $content = self::process_css($content, $combinable->path, $header ); 
    19741980      else 
    19751981        $content = self::process_js($content, $combinable->path ); 
     
    19841990      $content = file_get_contents(PHPWG_ROOT_PATH . $combinable->path); 
    19851991      if ($this->is_css) 
    1986         $content = self::process_css($content, $combinable->path ); 
     1992        $content = self::process_css($content, $combinable->path, $header ); 
    19871993      else 
    19881994        $content = self::process_js($content, $combinable->path ); 
     
    20132019   * @param string $css file content 
    20142020   * @param string $file 
     2021   * @param string $header CSS directives that must appear first in 
     2022   *                       the minified file. 
    20152023   * @return string 
    20162024   */ 
    2017   private static function process_css($css, $file) 
    2018   { 
    2019     $css = self::process_css_rec($css, dirname($file)); 
     2025  private static function process_css($css, $file, &$header) 
     2026  { 
     2027    $css = self::process_css_rec($css, dirname($file), $header); 
    20202028    if (strpos($file, '.min')===false and version_compare(PHP_VERSION, '5.2.4', '>=')) 
    20212029    { 
     
    20322040   * @param string $css file content 
    20332041   * @param string $dir 
     2042   * @param string $header CSS directives that must appear first in 
     2043   *                       the minified file. 
    20342044   * @return string 
    20352045   */ 
    2036   private static function process_css_rec($css, $dir) 
     2046  private static function process_css_rec($css, $dir, &$header) 
    20372047  { 
    20382048    static $PATTERN_URL = "#url\(\s*['|\"]{0,1}(.*?)['|\"]{0,1}\s*\)#"; 
     
    20572067    { 
    20582068      $search = $replace = array(); 
     2069       
    20592070      foreach ($matches as $match) 
    20602071      { 
    20612072        $search[] = $match[0]; 
    2062         $sub_css = file_get_contents(PHPWG_ROOT_PATH . $dir . "/$match[1]"); 
    2063         $replace[] = self::process_css_rec($sub_css, dirname($dir . "/$match[1]") ); 
     2073         
     2074        if ( 
     2075          strpos($match[1], '..') !== false // Possible attempt to get out of Piwigo's dir 
     2076          or strpos($match[1], '://') !== false // Remote URL 
     2077          or !is_readable(PHPWG_ROOT_PATH . $dir . '/' . $match[1]) 
     2078          ) 
     2079        { 
     2080          // If anything is suspicious, don't try to process the 
     2081          // @import. Since @import need to be first and we are 
     2082          // concatenating several CSS files, remove it from here and return 
     2083          // it through $header. 
     2084          $header .= $match[0]; 
     2085          $replace[] = ''; 
     2086        } 
     2087        else 
     2088        { 
     2089          $sub_css = file_get_contents(PHPWG_ROOT_PATH . $dir . "/$match[1]"); 
     2090          $replace[] = self::process_css_rec($sub_css, dirname($dir . "/$match[1]"), $header); 
     2091        } 
    20642092      } 
    20652093      $css = str_replace($search, $replace, $css); 
Note: See TracChangeset for help on using the changeset viewer.