diff options
| -rw-r--r-- | itjs.class | 29 |
1 files changed, 20 insertions, 9 deletions
@@ -112,6 +112,9 @@ static function encode($values) return $result; } +/** + * Convert UNTRUSTED comma separated filelist string to trusted local filenames. Missing files are ignored. + */ static function filenames($filelist) { $result = array(); @@ -130,10 +133,10 @@ static function filenames($filelist) foreach (it::match("[-\w.=?&]+", basename($filelist), array('all' => true)) as $file) # split by comma but ignore illegal chars { - $filenames = $special[$file] ?: (file_exists("$local/$file") ? "$local/$file" : "$libsearch/itjs/$file"); + $filenames = $special[$file] ?: (file_exists("$local/" . it::match('^[^?]*', $file)) ? "$local/$file" : "$libsearch/itjs/$file"); foreach (explode(",", $filenames) as $filename) - if (!$seen[$filename]++) + if (!$seen[$filename]++ && file_exists(it::match('^[^?]*', $filename))) $result[] = $filename; } @@ -141,7 +144,7 @@ static function filenames($filelist) } /** - * Return (php-interpreted by default) files that will be sent to client + * Return (php-interpreted by default) files that will be sent to client. Files must exist. */ static function filecontents($filenames, $execphp = true) { @@ -154,8 +157,7 @@ static function filecontents($filenames, $execphp = true) list($filename, $paramstr) = explode("?", $filename); if ($paramstr && $execphp) parse_str($paramstr, $_GET); - if (file_exists($filename)) - $result .= it::replace(array('^1$' => ""), $execphp ? include($filename) : file_get_contents($filename), array('utf8' => false)); + $result .= it::replace(array('^1$' => ""), $execphp ? include($filename) : file_get_contents($filename), array('utf8' => false)); $_GET = $origget; } $result .= ob_get_clean(); @@ -185,22 +187,31 @@ static function strip($code) /** * Compute checksum for list of files - * @param $fnlist Either comma separated url or array of filenames to calculate checksum for + * @param $fnlist Either comma separated UNTRUSTED url (will check itjs/ and lib.search.ch/itjs/) or array of TRUSTED filenames * @return Checksum for given files */ static function checksum($fnlist, $p = array()) { $p += array('short_expire' => true); - $filenames = array_merge(itjs::filenames(join(",", (array)$fnlist)), array("/www/lib.search.ch/var/jquery-ui/dist/minified/jquery.ui.core.min.js", "/www/lib.search.ch/var/jquery/dist/jquery.min.js")); # jquery files included by lib/jquery.js + $filenames = array(); + foreach (is_array($fnlist) ? $fnlist : itjs::filenames($fnlist) as $filename) + $filenames[] = !file_exists($filename) && file_exists($t = it::replace(array('^/www/[^/]*' => "/www/lib.search.ch"), $filename)) ? $t : $filename; + + if (preg_grep('/jquery(build)\.js/', $filenames)) # jquery files may be included invisibly + $filenames = array_merge($filenames, array("/www/lib.search.ch/var/jquery-ui/dist/minified/core.min.js", "/www/lib.search.ch/var/jquery/dist/jquery.min.js")); + $key = "itjs_" . md5(join("", it::map('"$v" . @filemtime("$v")', $filenames))); - if ($p['short_expire'] && (time() - max(@array_map('filemtime', $filenames)) < 60)) + if ($filenames && $p['short_expire'] && (time() - max(@array_map('filemtime', $filenames)) < 60)) return "-"; # trigger short expire, our file may not yet be up to date on other slaves - else + else if ($filenames) return it_cache::get($key) ?: it_cache::put($key, substr(md5(self::filecontents($filenames, false)), 0, 10), array('ttl' => 60)); } +/** + * Convert url or TRUSTED local path to url that triggers far future expire by appending c=checksum + */ function crcurl($url, $p = array()) { if (it::match('^http', $url)) # remote url, must fetch to crc |