V 3.5 RC 1

2025-10-14 21:43:18 +00:00 · 2011-12-05 00:23:28 +01:00
parent 6f1ee368aa
commit 4c5b7eb658
5563 changed files with 466984 additions and 985416 deletions
--- a/www/include/minify/lib/Minify/Controller/MinApp.php
+++ b/www/include/minify/lib/Minify/Controller/MinApp.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Class Minify_Controller_MinApp  
+ * Class Minify_Controller_MinApp
 * @package Minify
 */

@@ -8,18 +8,18 @@ require_once 'Minify/Controller/Base.php';

 /**
 * Controller class for requests to /min/index.php
- * 
+ *
 * @package Minify
 * @author Stephen Clay <steve@mrclay.org>
 */
 class Minify_Controller_MinApp extends Minify_Controller_Base {
-    
+
    /**
     * Set up groups of files as sources
-     * 
+     *
     * @param array $options controller and Minify options
     * @return array Minify options
-     * 
+     *
     */
    public function setupSources($options) {
        // filter controller options
@@ -28,7 +28,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
                'allowDirs' => '//'
                ,'groupsOnly' => false
                ,'groups' => array()
-                ,'maxFiles' => 10                
+                ,'maxFiles' => 10
            )
            ,(isset($options['minApp']) ? $options['minApp'] : array())
        );
@@ -37,9 +37,19 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
        if (isset($_GET['g'])) {
            // try groups
            if (! isset($cOptions['groups'][$_GET['g']])) {
+                $this->log("A group configuration for \"{$_GET['g']}\" was not set");
+
                return $options;
            }
-            foreach ((array)$cOptions['groups'][$_GET['g']] as $file) {
+
+            $files = $cOptions['groups'][$_GET['g']];
+            // if $files is a single object, casting will break it
+            if (is_object($files)) {
+                $files = array($files);
+            } elseif (! is_array($files)) {
+                $files = (array)$files;
+            }
+            foreach ($files as $file) {
                if ($file instanceof Minify_Source) {
                    $sources[] = $file;
                    continue;
@@ -51,9 +61,10 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
                if (is_file($file)) {
                    $sources[] = new Minify_Source(array(
                        'filepath' => $file
-                    ));    
+                    ));
                } else {
-                    // file doesn't exist
+                    $this->log("The path \"{$file}\" could not be found (or was not a file)");
+
                    return $options;
                }
            }
@@ -61,7 +72,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
            // try user files
            // The following restrictions are to limit the URLs that minify will
            // respond to. Ideally there should be only one way to reference a file.
-            if (// verify at least one file, files are single comma separated, 
+            if (// verify at least one file, files are single comma separated,
                // and are all same extension
                ! preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', $_GET['f'])
                // no "//"
@@ -71,11 +82,14 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
                // no "./"
                || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['f'])
            ) {
+                $this->log("GET param 'f' invalid (see MinApp.php line 63)");
+
                return $options;
            }
            $files = explode(',', $_GET['f']);
            if (count($files) > $cOptions['maxFiles'] || $files != array_unique($files)) {
-                // too many or duplicate files
+                $this->log("Too many or duplicate files specified");
+
                return $options;
            }
            if (isset($_GET['b'])) {
@@ -84,8 +98,10 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
                    && false === strpos($_GET['b'], '..')
                    && $_GET['b'] !== '.') {
                    // valid base
-                    $base = "/{$_GET['b']}/";       
+                    $base = "/{$_GET['b']}/";
                } else {
+                    $this->log("GET param 'b' invalid (see MinApp.php line 84)");
+
                    return $options;
                }
            } else {
@@ -96,21 +112,29 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
                $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir));
            }
            foreach ($files as $file) {
-                $file = realpath($_SERVER['DOCUMENT_ROOT'] . $base . $file);
-                // don't allow unsafe or duplicate files
-                if (parent::_fileIsSafe($file, $allowDirs)) {
+                $path = $_SERVER['DOCUMENT_ROOT'] . $base . $file;
+                $file = realpath($path);
+                if (false === $file) {
+                    $this->log("Path \"{$path}\" failed realpath()");
+
+                    return $options;
+                } elseif (! parent::_fileIsSafe($file, $allowDirs)) {
+                    $this->log("Path \"{$path}\" failed Minify_Controller_Base::_fileIsSafe()");
+
+                    return $options;
+                } else {
                    $sources[] = new Minify_Source(array(
                        'filepath' => $file
                    ));
-                } else {
-                    // unsafe file
-                    return $options;
                }
            }
        }
        if ($sources) {
            $this->sources = $sources;
+        } else {
+            $this->log("No sources to serve");
        }
+
        return $options;
    }
 }