Changeset 29636 for trunk


Ignore:
Timestamp:
Sep 19, 2014, 10:46:12 AM (10 years ago)
Author:
plg
Message:

bug 3119 fixed: patch by mmoy, allow @import url(http://...); directives in minified CSS file.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/template.class.php

    r29389 r29636  
    19161916      {
    19171917        $output = '';
     1918        $header = '';
    19181919        foreach ($pending as $combinable)
    19191920        {
    19201921          $output .= "/*BEGIN $combinable->path */\n";
    1921           $output .= $this->process_combinable($combinable, true, $force);
     1922          $output .= $this->process_combinable($combinable, true, $force, $header);
    19221923          $output .= "\n";
    19231924        }
     1925        $output = "/*BEGIN header */\n" . $header . "\n" . $output;
    19241926        mkgetdir( dirname(PHPWG_ROOT_PATH.$file) );
    19251927        file_put_contents( PHPWG_ROOT_PATH.$file, $output );
     
    19301932    elseif ( count($pending)==1)
    19311933    {
    1932       $this->process_combinable($pending[0], false, $force);
     1934      $header = '';
     1935      $this->process_combinable($pending[0], false, $force, $header);
    19331936      $result[] = $pending[0];
    19341937    }
     
    19431946   * @param bool $return_content
    19441947   * @param bool $force
     1948   * @param string $header CSS directives that must appear first in
     1949   *                       the minified file (only used when
     1950   *                       $return_content===true)
    19451951   * @return null|string
    19461952   */
    1947   private function process_combinable($combinable, $return_content, $force)
     1953  private function process_combinable($combinable, $return_content, $force, &$header)
    19481954  {
    19491955    global $conf;
     
    19711977
    19721978      if ($this->is_css)
    1973         $content = self::process_css($content, $combinable->path );
     1979        $content = self::process_css($content, $combinable->path, $header );
    19741980      else
    19751981        $content = self::process_js($content, $combinable->path );
     
    19841990      $content = file_get_contents(PHPWG_ROOT_PATH . $combinable->path);
    19851991      if ($this->is_css)
    1986         $content = self::process_css($content, $combinable->path );
     1992        $content = self::process_css($content, $combinable->path, $header );
    19871993      else
    19881994        $content = self::process_js($content, $combinable->path );
     
    20132019   * @param string $css file content
    20142020   * @param string $file
     2021   * @param string $header CSS directives that must appear first in
     2022   *                       the minified file.
    20152023   * @return string
    20162024   */
    2017   private static function process_css($css, $file)
    2018   {
    2019     $css = self::process_css_rec($css, dirname($file));
     2025  private static function process_css($css, $file, &$header)
     2026  {
     2027    $css = self::process_css_rec($css, dirname($file), $header);
    20202028    if (strpos($file, '.min')===false and version_compare(PHP_VERSION, '5.2.4', '>='))
    20212029    {
     
    20322040   * @param string $css file content
    20332041   * @param string $dir
     2042   * @param string $header CSS directives that must appear first in
     2043   *                       the minified file.
    20342044   * @return string
    20352045   */
    2036   private static function process_css_rec($css, $dir)
     2046  private static function process_css_rec($css, $dir, &$header)
    20372047  {
    20382048    static $PATTERN_URL = "#url\(\s*['|\"]{0,1}(.*?)['|\"]{0,1}\s*\)#";
     
    20572067    {
    20582068      $search = $replace = array();
     2069     
    20592070      foreach ($matches as $match)
    20602071      {
    20612072        $search[] = $match[0];
    2062         $sub_css = file_get_contents(PHPWG_ROOT_PATH . $dir . "/$match[1]");
    2063         $replace[] = self::process_css_rec($sub_css, dirname($dir . "/$match[1]") );
     2073       
     2074        if (
     2075          strpos($match[1], '..') !== false // Possible attempt to get out of Piwigo's dir
     2076          or strpos($match[1], '://') !== false // Remote URL
     2077          or !is_readable(PHPWG_ROOT_PATH . $dir . '/' . $match[1])
     2078          )
     2079        {
     2080          // If anything is suspicious, don't try to process the
     2081          // @import. Since @import need to be first and we are
     2082          // concatenating several CSS files, remove it from here and return
     2083          // it through $header.
     2084          $header .= $match[0];
     2085          $replace[] = '';
     2086        }
     2087        else
     2088        {
     2089          $sub_css = file_get_contents(PHPWG_ROOT_PATH . $dir . "/$match[1]");
     2090          $replace[] = self::process_css_rec($sub_css, dirname($dir . "/$match[1]"), $header);
     2091        }
    20642092      }
    20652093      $css = str_replace($search, $replace, $css);
Note: See TracChangeset for help on using the changeset viewer.