mirror/minify
1
0
Fork 0
mirror of https://github.com/mrclay/minify.git synced 2025-08-19 12:21:20 +02:00
Code Issues Releases Wiki Activity

fixes to allowDirs processing, #496, #497, #498

Browse Source 
Merge branch 'pr/496'
This commit is contained in:
Elan Ruusamäe
2016-01-22 08:50:54 +02:00
parent 30961eb2ee 14bde12d3b
commit 72ae74f1c5
2 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
index.php
View File

@@ -120,6 +120,11 @@ $sourceFactoryOptions = array();
if (isset($min_serveOptions['minApp']['noMinPattern'])) { if (isset($min_serveOptions['minApp']['noMinPattern'])) {
$sourceFactoryOptions['noMinPattern'] = $min_serveOptions['minApp']['noMinPattern']; $sourceFactoryOptions['noMinPattern'] = $min_serveOptions['minApp']['noMinPattern'];
} }
if (isset($min_serveOptions['minApp']['allowDirs'])) {
$sourceFactoryOptions['allowDirs'] = $min_serveOptions['minApp']['allowDirs'];
}
$sourceFactory = new Minify_Source_Factory($env, $sourceFactoryOptions, $cache); $sourceFactory = new Minify_Source_Factory($env, $sourceFactoryOptions, $cache);
$controller = call_user_func($min_factories['controller'], $env, $sourceFactory); $controller = call_user_func($min_factories['controller'], $env, $sourceFactory);

25
lib/Minify/Source/Factory.php
View File

@@ -110,6 +110,20 @@ class Minify_Source_Factory {
return $realpath; return $realpath;
} }
/**
* turn windows-style slashes into unix-style,
* remove trailing slash
* and lowercase drive letter
*
* @param string $path absolute path
*
* @return string
*/
public function getNormalizedPath($path)
{
return lcfirst(rtrim(str_replace('\\', '/', $path), '/'));
}
/** /**
* @param mixed $spec * @param mixed $spec
* *
@@ -139,12 +153,17 @@ class Minify_Source_Factory {
} }
if ($this->options['checkAllowDirs']) { if ($this->options['checkAllowDirs']) {
$inAllowedDir = false;
foreach ((array)$this->options['allowDirs'] as $allowDir) { foreach ((array)$this->options['allowDirs'] as $allowDir) {
if (strpos($spec['filepath'], $allowDir) !== 0) { if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) === 0) {
throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." $inAllowedDir = true;
. " If the path is resolved via an alias/symlink, look into the \$min_symlinks option.");
} }
} }
if (!$inAllowedDir) {
throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs."
. " If the path is resolved via an alias/symlink, look into the \$min_symlinks option.");
}
} }
$basename = basename($spec['filepath']); $basename = basename($spec['filepath']);