Skip to content

Commit

Permalink
Stricter checks for not importing absolute paths
Browse files Browse the repository at this point in the history 
Fixes #100
  • Loading branch information
@matthiasmullie
matthiasmullie committed Jan 25, 2017
1 parent cd15113 commit c803a1e
Showing 1 changed file with 24 additions and 41 deletions.
65 changes: 24 additions & 41 deletions src/CSS.php
View file
Expand Up @@ -120,16 +120,7 @@ protected function combineImports($source, $content, $parents)
(?P<quotes>["\']?)
# fetch path
(?P<path>
# do not fetch data uris, external sources or absolute paths
(?!(
["\']?
(data:|https?:\\/\\/|\\/)
))
.+?
)
(?P<path>.+?)
# (optional) close path enclosure
(?P=quotes)
Expand Down Expand Up @@ -164,16 +155,7 @@ protected function combineImports($source, $content, $parents)
(?P<quotes>["\'])
# fetch path
(?P<path>
# do not fetch data uris, external sources or absolute paths
(?!(
["\']?
(data:|https?:\\/\\/|\\/)
))
.+?
)
(?P<path>.+?)
# close path enclosure
(?P=quotes)
Expand Down Expand Up @@ -211,33 +193,33 @@ protected function combineImports($source, $content, $parents)

// only replace the import with the content if we can grab the
// content of the file
if ($this->canImportFile($importPath)) {
// check if current file was not imported previously in the same
// import chain.
if (in_array($importPath, $parents)) {
throw new FileImportException('Failed to import file "'.$importPath.'": circular reference detected.');
}
if (!$this->canImportByPath($match['path']) || !$this->canImportFile($importPath)) {
continue;
}

// grab referenced file & minify it (which may include importing
// yet other @import statements recursively)
$minifier = new static($importPath);
$importContent = $minifier->execute($source, $parents);
// check if current file was not imported previously in the same
// import chain.
if (in_array($importPath, $parents)) {
throw new FileImportException('Failed to import file "'.$importPath.'": circular reference detected.');
}

// check if this is only valid for certain media
if (!empty($match['media'])) {
$importContent = '@media '.$match['media'].'{'.$importContent.'}';
}
// grab referenced file & minify it (which may include importing
// yet other @import statements recursively)
$minifier = new static($importPath);
$importContent = $minifier->execute($source, $parents);

// add to replacement array
$search[] = $match[0];
$replace[] = $importContent;
// check if this is only valid for certain media
if (!empty($match['media'])) {
$importContent = '@media '.$match['media'].'{'.$importContent.'}';
}

// add to replacement array
$search[] = $match[0];
$replace[] = $importContent;
}

// replace the import statements
$content = str_replace($search, $replace, $content);

return $content;
return str_replace($search, $replace, $content);
}

/**
Expand All @@ -254,7 +236,7 @@ protected function combineImports($source, $content, $parents)
protected function importFiles($source, $content)
{
$extensions = array_keys($this->importExtensions);
$regex = '/url\((["\']?)((?!["\']?data:).*?\.('.implode('|', $extensions).'))\\1\)/i';
$regex = '/url\((["\']?)(.*?\.('.implode('|', $extensions).'))\\1\)/i';
if ($extensions && preg_match_all($regex, $content, $matches, PREG_SET_ORDER)) {
$search = array();
$replace = array();
Expand All @@ -268,6 +250,7 @@ protected function importFiles($source, $content)

// only replace the import with the content if we're able to get
// the content of the file, and it's relatively small
var_dump($match[2], $this->canImportByPath($match[2]), $this->canImportFile($path) && $this->canImportBySize($path));
if ($this->canImportFile($path) && $this->canImportBySize($path)) {
// grab content && base64-ize
$importContent = $this->load($path);
Expand Down

0 comments on commit c803a1e

Please sign in to comment.