diff options
author | Urban Müller | 2016-01-12 17:07:12 +0100 |
---|---|---|
committer | Urban Müller | 2016-01-12 17:07:12 +0100 |
commit | 3e1201bf3d3195aaf4c3555275dd9dcb9c6d95a4 (patch) | |
tree | 8cdca4409847495e2678f83e689d6e9a9e4b6259 /itjs.class | |
parent | f1fb76db297970327fccc0e2ecdc4642bc2df748 (diff) | |
download | itools-3e1201bf3d3195aaf4c3555275dd9dcb9c6d95a4.tar.gz itools-3e1201bf3d3195aaf4c3555275dd9dcb9c6d95a4.tar.bz2 itools-3e1201bf3d3195aaf4c3555275dd9dcb9c6d95a4.zip |
Revert "separate between trusted and untrusted input, correct crcs of remote resources, report non-existing trusted resources"
This reverts commit f1fb76db297970327fccc0e2ecdc4642bc2df748.
Diffstat (limited to 'itjs.class')
-rw-r--r-- | itjs.class | 22 |
1 files changed, 6 insertions, 16 deletions
@@ -112,9 +112,6 @@ static function encode($values) return $result; } -/** - * Convert UNTRUSTED comma separated filelist string to trusted local filenames. Missing files are ignored. - */ static function filenames($filelist) { $result = array(); @@ -136,7 +133,7 @@ static function filenames($filelist) $filenames = $special[$file] ?: (file_exists("$local/$file") ? "$local/$file" : "$libsearch/itjs/$file"); foreach (explode(",", $filenames) as $filename) - if (!$seen[$filename]++ && file_exists($filename)) + if (!$seen[$filename]++) $result[] = $filename; } @@ -144,7 +141,7 @@ static function filenames($filelist) } /** - * Return (php-interpreted by default) files that will be sent to client. Files must exist. + * Return (php-interpreted by default) files that will be sent to client */ static function filecontents($filenames, $execphp = true) { @@ -157,7 +154,8 @@ static function filecontents($filenames, $execphp = true) list($filename, $paramstr) = explode("?", $filename); if ($paramstr && $execphp) parse_str($paramstr, $_GET); - $result .= it::replace(array('^1$' => ""), $execphp ? include($filename) : file_get_contents($filename), array('utf8' => false)); + if (file_exists($filename)) + $result .= it::replace(array('^1$' => ""), $execphp ? include($filename) : file_get_contents($filename), array('utf8' => false)); $_GET = $origget; } $result .= ob_get_clean(); @@ -187,19 +185,14 @@ static function strip($code) /** * Compute checksum for list of files - * @param $fnlist Either comma separated UNTRUSTED url (will check itjs/ and lib.search.ch/itjs/) or array of TRUSTED filenames + * @param $fnlist Either comma separated url or array of filenames to calculate checksum for * @return Checksum for given files */ static function checksum($fnlist, $p = array()) { $p += array('short_expire' => true); - foreach (is_array($fnlist) ? $fnlist : itjs::filenames($fnlist) as $filename) - $filenames[] = !file_exists($filename) && file_exists($t = it::replace(array('^/www/[^/]*' => "/www/lib.search.ch"), $filename)) ? $t : $filename; - - if (preg_grep('/jquery(build)\.js/', $filenames)) # jquery files may be included invisibly - $filenames = array_merge($filenames, array("/www/lib.search.ch/var/jquery-ui/dist/minified/core.min.js", "/www/lib.search.ch/var/jquery/dist/jquery.min.js")); - + $filenames = array_merge(itjs::filenames(join(",", (array)$fnlist)), array("/www/lib.search.ch/var/jquery-ui/dist/minified/jquery.ui.core.min.js", "/www/lib.search.ch/var/jquery/dist/jquery.min.js")); # jquery files included by lib/jquery.js $key = "itjs_" . md5(join("", it::map('"$v" . @filemtime("$v")', $filenames))); if ($p['short_expire'] && (time() - max(@array_map('filemtime', $filenames)) < 60)) @@ -208,9 +201,6 @@ static function checksum($fnlist, $p = array()) return it_cache::get($key) ?: it_cache::put($key, substr(md5(self::filecontents($filenames, false)), 0, 10), array('ttl' => 60)); } -/** - * Convert url or TRUSTED local path to url that triggers far future expire by appending c=checksum - */ function crcurl($url, $p = array()) { if (it::match('^http', $url)) # remote url, must fetch to crc |