mirror/minify
1
0
Fork 0
mirror of https://github.com/mrclay/minify.git synced 2025-08-06 22:26:28 +02:00
Code Issues Releases Wiki Activity

Removed /../ from most rewritten URIs. Inspired by patch from Oleg Cherniy

Browse Source
This commit is contained in:
Steve Clay
2008-10-01 19:01:49 +00:00
parent 626075511a
commit cc62534837
6 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
min/lib/Minify/CSS.php
View File

@@ -285,7 +285,12 @@ class Minify_CSS {
$path = substr($path, strlen($_SERVER['DOCUMENT_ROOT'])); $path = substr($path, strlen($_SERVER['DOCUMENT_ROOT']));
// fix to absolute URL // fix to absolute URL
$url = strtr($path, DIRECTORY_SEPARATOR, '/'); $url = strtr($path, DIRECTORY_SEPARATOR, '/');
// remove /./ and /../ where possible
$url = str_replace('/./', '/', $url); $url = str_replace('/./', '/', $url);
// inspired by patch from Oleg Cherniy
do {
$url = preg_replace('@/[^/]+/\\.\\./@', '/', $url, -1, $changed);
} while ($changed);
} }
} }
} }

10
min/lib/Minify/CSS/UriRewriter.php
View File

@@ -90,12 +90,12 @@ class Minify_CSS_UriRewriter {
$path = substr($path, strlen(self::$_docRoot)); $path = substr($path, strlen(self::$_docRoot));
// fix to root-relative URI // fix to root-relative URI
$uri = strtr($path, DIRECTORY_SEPARATOR, '/'); $uri = strtr($path, DIRECTORY_SEPARATOR, '/');
// eat . // remove /./ and /../ where possible
$uri = str_replace('/./', '/', $uri); $uri = str_replace('/./', '/', $uri);
// eat .. // inspired by patch from Oleg Cherniy
while (preg_match('@/[^/\\.]+/\\.\\./@', $uri, $m)) { do {
$uri = str_replace($m[0], '/', $uri); $uri = preg_replace('@/[^/]+/\\.\\./@', '/', $uri, -1, $changed);
} } while ($changed);
} }
} }
if ($isImport) { if ($isImport) {

5
min/lib/Minify/ImportProcessor.php
View File

@@ -144,7 +144,12 @@ class Minify_ImportProcessor {
$path = substr($path, strlen($_SERVER['DOCUMENT_ROOT'])); $path = substr($path, strlen($_SERVER['DOCUMENT_ROOT']));
// fix to absolute URL // fix to absolute URL
$url = strtr($path, DIRECTORY_SEPARATOR, '/'); $url = strtr($path, DIRECTORY_SEPARATOR, '/');
// remove /./ and /../ where possible
$url = str_replace('/./', '/', $url); $url = str_replace('/./', '/', $url);
// inspired by patch from Oleg Cherniy
do {
$url = preg_replace('@/[^/]+/\\.\\./@', '/', $url, -1, $changed);
} while ($changed);
} }
} }
return "url({$quote}{$url}{$quote})"; return "url({$quote}{$url}{$quote})";

2
min_unit_tests/_test_files/css_uriRewriter/exp.css
View File

@@ -1,5 +1,7 @@
@import "/_test_files/css_uriRewriter/foo.css"; @import "/_test_files/css_uriRewriter/foo.css";
@import '/_test_files/css_uriRewriter/bar/foo.css' print; @import '/_test_files/css_uriRewriter/bar/foo.css' print;
@import '/_test_files/bar/foo.css' print;
@import '/foo.css' print;
@import '/css/foo.css'; /* abs, should not alter */ @import '/css/foo.css'; /* abs, should not alter */
@import 'http://foo.com/css/foo.css'; /* abs, should not alter */ @import 'http://foo.com/css/foo.css'; /* abs, should not alter */
@import url(/_test_files/foo.css) tv, projection; @import url(/_test_files/foo.css) tv, projection;

2
min_unit_tests/_test_files/css_uriRewriter/in.css
View File

@@ -1,5 +1,7 @@
@import "foo.css"; @import "foo.css";
@import 'bar/foo.css' print; @import 'bar/foo.css' print;
@import '../bar/foo.css' print;
@import '../../foo.css' print;
@import '/css/foo.css'; /* abs, should not alter */ @import '/css/foo.css'; /* abs, should not alter */
@import 'http://foo.com/css/foo.css'; /* abs, should not alter */ @import 'http://foo.com/css/foo.css'; /* abs, should not alter */
@import url(../foo.css) tv, projection; @import url(../foo.css) tv, projection;

8
min_unit_tests/_test_files/importProcessor/output.css
View File

@@ -32,17 +32,17 @@ h1 + p {
} }
@import url(http://example.com/hello.css); @import url(http://example.com/hello.css);
adjacent foo { background: red url(/red.gif); } adjacent foo { background: red url(/red.gif); }
adjacent bar { background: url('%TEST_FILES_URI%/importProcessor/../green.gif') } adjacent bar { background: url('%TEST_FILES_URI%/green.gif') }
} }
@media tv,projection { @media tv,projection {
/* @import url('%TEST_FILES_URI%/importProcessor/1/bad.css') bad; */ /* @import url('%TEST_FILES_URI%/importProcessor/1/bad.css') bad; */
adjacent2 foo { background: red url(/red.gif); } adjacent2 foo { background: red url(/red.gif); }
adjacent2 bar { background: url('%TEST_FILES_URI%/importProcessor/1/../green.gif') } adjacent2 bar { background: url('%TEST_FILES_URI%/importProcessor/green.gif') }
@import '../input.css'; @import '../input.css';
tv foo { background: red url(/red.gif); } tv foo { background: red url(/red.gif); }
tv bar { background: url('%TEST_FILES_URI%/importProcessor/1/../green.gif') } tv bar { background: url('%TEST_FILES_URI%/importProcessor/green.gif') }
} }
input foo { background: red url(/red.gif); } input foo { background: red url(/red.gif); }
input bar { background: url('%TEST_FILES_URI%/importProcessor/../green.gif') } input bar { background: url('%TEST_FILES_URI%/green.gif') }