min/config.php: allows multiple allow directories

Controller/Version1.php: + option to specify multiple allow dirs Minify_Controller_Base::_fileIsSafe() allows multiple safe dirs Minify_CSS: shorter line length output
2025-08-12 09:05:08 +02:00 · 2008-08-16 15:25:27 +00:00
parent d4e71636b8
commit 348c838c8b
8 changed files with 83 additions and 33 deletions
--- a/lib/Minify/Controller/Base.php
+++ b/lib/Minify/Controller/Base.php
@@ -105,21 +105,28 @@ abstract class Minify_Controller_Base {
    }
    
    /**
-     * Is a user-given file within document root, existing,
+     * Is a user-given file within an allowable directory, existing,
     * and having an extension js/css/html/txt
     * 
     * This is a convenience function for controllers that have to accept
     * user-given paths
     *
     * @param string $file full file path (already processed by realpath())
-     * @param string $docRoot root where files are safe to serve
+     * @param array $safeDirs directories where files are safe to serve
     * @return bool file is safe
     */
-    public static function _fileIsSafe($file, $docRoot)
+    public static function _fileIsSafe($file, $safeDirs)
    {
-        if (strpos($file, $docRoot) !== 0 || ! file_exists($file)) {
-            return false;
-        }
+        $pathOk = false;
+        foreach ((array)$safeDirs as $safeDir) {
+            if (strpos($file, $safeDir) === 0 && file_exists($file)) {
+                $pathOk = true;
+                break;
+            }
+        }
+        if (! $pathOk) {
+            return false;
+        }
        $base = basename($file);
        if ($base[0] === '.') {
            return false;