From fbc1fdd0b7244d2f03164b62eb893223ff930319 Mon Sep 17 00:00:00 2001
From: ewinslow <ewinslow@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 12 Feb 2011 01:07:33 +0000
Subject: Converted most forms to use elgg_view_form (therefore also moved the
 views to forms/*).  Some views are left that _only_ do elgg_view_form, so I
 wonder if those should even be kept around.

git-svn-id: http://code.elgg.org/elgg/trunk@8127 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 .../lib/min/lib/Minify/Controller/MinApp.php       | 132 +++++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 mod/minify/lib/min/lib/Minify/Controller/MinApp.php

(limited to 'mod/minify/lib/min/lib/Minify/Controller/MinApp.php')

diff --git a/mod/minify/lib/min/lib/Minify/Controller/MinApp.php b/mod/minify/lib/min/lib/Minify/Controller/MinApp.php
new file mode 100644
index 000000000..9582d292c
--- /dev/null
+++ b/mod/minify/lib/min/lib/Minify/Controller/MinApp.php
@@ -0,0 +1,132 @@
+<?php
+/**
+ * Class Minify_Controller_MinApp  
+ * @package Minify
+ */
+
+require_once 'Minify/Controller/Base.php';
+
+/**
+ * Controller class for requests to /min/index.php
+ * 
+ * @package Minify
+ * @author Stephen Clay <steve@mrclay.org>
+ */
+class Minify_Controller_MinApp extends Minify_Controller_Base {
+    
+    /**
+     * Set up groups of files as sources
+     * 
+     * @param array $options controller and Minify options
+     * @return array Minify options
+     * 
+     */
+    public function setupSources($options) {
+        // filter controller options
+        $cOptions = array_merge(
+            array(
+                'allowDirs' => '//'
+                ,'groupsOnly' => false
+                ,'groups' => array()
+                ,'maxFiles' => 10                
+            )
+            ,(isset($options['minApp']) ? $options['minApp'] : array())
+        );
+        unset($options['minApp']);
+        $sources = array();
+        if (isset($_GET['g'])) {
+            // try groups
+            if (! isset($cOptions['groups'][$_GET['g']])) {
+                $this->log("A group configuration for \"{$_GET['g']}\" was not set");
+                return $options;
+            }
+            
+            $files = $cOptions['groups'][$_GET['g']];
+            // if $files is a single object, casting will break it
+            if (is_object($files)) {
+                $files = array($files);
+            } elseif (! is_array($files)) {
+                $files = (array)$files;
+            }
+            foreach ($files as $file) {
+                if ($file instanceof Minify_Source) {
+                    $sources[] = $file;
+                    continue;
+                }
+                if (0 === strpos($file, '//')) {
+                    $file = $_SERVER['DOCUMENT_ROOT'] . substr($file, 1);
+                }
+                $file = realpath($file);
+                if (is_file($file)) {
+                    $sources[] = new Minify_Source(array(
+                        'filepath' => $file
+                    ));    
+                } else {
+                    $this->log("The path \"{$file}\" could not be found (or was not a file)");
+                    return $options;
+                }
+            }
+        } elseif (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
+            // try user files
+            // The following restrictions are to limit the URLs that minify will
+            // respond to. Ideally there should be only one way to reference a file.
+            if (// verify at least one file, files are single comma separated, 
+                // and are all same extension
+                ! preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', $_GET['f'])
+                // no "//"
+                || strpos($_GET['f'], '//') !== false
+                // no "\"
+                || strpos($_GET['f'], '\\') !== false
+                // no "./"
+                || preg_match('/(?:^|[^\\.])\\.\\//', $_GET['f'])
+            ) {
+                $this->log("GET param 'f' invalid (see MinApp.php line 63)");
+                return $options;
+            }
+            $files = explode(',', $_GET['f']);
+            if (count($files) > $cOptions['maxFiles'] || $files != array_unique($files)) {
+                $this->log("Too many or duplicate files specified");
+                return $options;
+            }
+            if (isset($_GET['b'])) {
+                // check for validity
+                if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
+                    && false === strpos($_GET['b'], '..')
+                    && $_GET['b'] !== '.') {
+                    // valid base
+                    $base = "/{$_GET['b']}/";       
+                } else {
+                    $this->log("GET param 'b' invalid (see MinApp.php line 84)");
+                    return $options;
+                }
+            } else {
+                $base = '/';
+            }
+            $allowDirs = array();
+            foreach ((array)$cOptions['allowDirs'] as $allowDir) {
+                $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir));
+            }
+            foreach ($files as $file) {
+                $path = $_SERVER['DOCUMENT_ROOT'] . $base . $file;
+                $file = realpath($path);
+                if (false === $file) {
+                    $this->log("Path \"{$path}\" failed realpath()");
+                    return $options;
+                } elseif (! parent::_fileIsSafe($file, $allowDirs)) {
+                    $this->log("Path \"{$path}\" failed Minify_Controller_Base::_fileIsSafe()");
+                    return $options;
+                } else {
+                    $sources[] = new Minify_Source(array(
+                        'filepath' => $file
+                    ));
+                }
+            }
+        }
+        if ($sources) {
+            $this->sources = $sources;
+        } else {
+            $this->log("No sources to serve");
+        }
+        return $options;
+    }
+}
-- 
cgit v1.2.3