Skip to content
Browse files

show http 403 forbidden error if the type parameter is not js or css

  • Loading branch information...
1 parent 8c0a3eb commit a40b76695994442644e46e1b776d79660500566a @juanramon juanramon committed Jan 30, 2012
Showing with 142 additions and 154 deletions.
  1. +71 −77 oc-content/themes/modern/combine.php
  2. +71 −77 oc-includes/osclass/gui/combine.php
View
148 oc-content/themes/modern/combine.php
@@ -24,120 +24,114 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-
- $cache = true;
+ $cache = true;
$cachedir = '../../uploads';
- $base = dirname(__FILE__);
+ $base = dirname(__FILE__);
- $type = $_GET['type'];
+ $type = $_GET['type'];
$elements = explode(',', $_GET['files']);
-
+
// Determine last modification date of the files
$lastmodified = 0;
- while (list(,$element) = each($elements)) {
- $path = realpath($base . '/' . $element);
-
- if (($type == 'js' && substr($path, -3) != '.js') ||
- ($type == 'css' && substr($path, -4) != '.css')) {
- header ("HTTP/1.0 403 Forbidden");
- exit;
+ while( list(,$element) = each($elements) ) {
+ $path = realpath($base . '/' . $element) ;
+
+ if( ($type != 'js' && $type != 'css') ||
+ ($type == 'js' && substr($path, -3) != '.js') ||
+ ($type == 'css' && substr($path, -4) != '.css') ) {
+ header ("HTTP/1.0 403 Forbidden") ;
+ exit ;
}
-
+
if (substr($path, 0, strlen($base)) != $base || !file_exists($path)) {
header ("HTTP/1.0 404 Not Found");
exit;
}
-
+
$lastmodified = max($lastmodified, filemtime($path));
}
// Send Etag hash
$hash = $lastmodified . '-' . md5($_GET['files']);
header ("Etag: \"" . $hash . "\"");
-
- if (isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
- stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"')
- {
+
+ if( isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
+ stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"' ) {
// Return visit and no modifications, so do not send anything
- header ("HTTP/1.0 304 Not Modified");
- header ('Content-Length: 0');
- }
- else
- {
+ header ("HTTP/1.0 304 Not Modified") ;
+ header ('Content-Length: 0') ;
+ } else {
// First time visit or files were modified
- if ($cache)
- {
+ if( $cache ) {
// Determine supported compression method
- $gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip');
- $deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate');
-
+ $gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ;
+ $deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') ;
+
// Determine used compression method
- $encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none');
-
+ $encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none') ;
+
// Check for buggy versions of Internet Explorer
- if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
- preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches)) {
- $version = floatval($matches[1]);
-
- if ($version < 6)
+ if( !strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
+ preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches) ) {
+ $version = floatval($matches[1]) ;
+
+ if( $version < 6 ) {
$encoding = 'none';
-
- if ($version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1'))
+ }
+ if( $version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1') ) {
$encoding = 'none';
+ }
}
-
+
// Try the cache first to see if the combined files were already generated
- $cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '');
-
- if (file_exists($cachedir . '/' . $cachefile)) {
- if ($fp = fopen($cachedir . '/' . $cachefile, 'rb')) {
+ $cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '') ;
- if ($encoding != 'none') {
- header ("Content-Encoding: " . $encoding);
+ if( file_exists($cachedir . '/' . $cachefile) ) {
+ if( $fp = fopen($cachedir . '/' . $cachefile, 'rb') ) {
+ if( $encoding != 'none' ) {
+ header ("Content-Encoding: " . $encoding) ;
}
-
- header ("Content-Type: text/" . $type);
- header ("Content-Length: " . filesize($cachedir . '/' . $cachefile));
-
- fpassthru($fp);
- fclose($fp);
- exit;
+
+ header( "Content-Type: text/" . $type) ;
+ header( "Content-Length: " . filesize($cachedir . '/' . $cachefile) ) ;
+
+ fpassthru($fp) ;
+ fclose($fp) ;
+ exit ;
}
}
}
-
+
// Get contents of the files
- $contents = '';
- reset($elements);
- while (list(,$element) = each($elements)) {
- $path = realpath($base . '/' . $element);
- $contents .= "\n\n" . file_get_contents($path);
+ $contents = '' ;
+ reset($elements) ;
+ while( list(,$element) = each($elements) ) {
+ $path = realpath($base . '/' . $element) ;
+ $contents .= "\n\n" . file_get_contents($path) ;
}
-
+
// Send Content-Type
- header ("Content-Type: text/" . $type);
-
- if (isset($encoding) && $encoding != 'none')
- {
+ header ("Content-Type: text/" . $type) ;
+
+ if (isset($encoding) && $encoding != 'none') {
// Send compressed contents
- $contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE);
- header ("Content-Encoding: " . $encoding);
- header ('Content-Length: ' . strlen($contents));
- echo $contents;
- }
- else
- {
+ $contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE) ;
+ header( "Content-Encoding: " . $encoding ) ;
+ header( 'Content-Length: ' . strlen($contents) ) ;
+ echo $contents ;
+ } else {
// Send regular contents
- header ('Content-Length: ' . strlen($contents));
- echo $contents;
+ header( 'Content-Length: ' . strlen($contents) ) ;
+ echo $contents ;
}
// Store cache
- if ($cache) {
- if ($fp = fopen($cachedir . '/' . $cachefile, 'wb')) {
- fwrite($fp, $contents);
- fclose($fp);
+ if( $cache ) {
+ if( $fp = fopen($cachedir . '/' . $cachefile, 'wb') ) {
+ fwrite($fp, $contents) ;
+ fclose($fp) ;
}
}
- }
-
+ }
+
+?>
View
148 oc-includes/osclass/gui/combine.php
@@ -24,120 +24,114 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-
- $cache = true;
+ $cache = true;
$cachedir = '../../uploads';
- $base = dirname(__FILE__);
+ $base = dirname(__FILE__);
- $type = $_GET['type'];
+ $type = $_GET['type'];
$elements = explode(',', $_GET['files']);
-
+
// Determine last modification date of the files
$lastmodified = 0;
- while (list(,$element) = each($elements)) {
- $path = realpath($base . '/' . $element);
-
- if (($type == 'js' && substr($path, -3) != '.js') ||
- ($type == 'css' && substr($path, -4) != '.css')) {
- header ("HTTP/1.0 403 Forbidden");
- exit;
+ while( list(,$element) = each($elements) ) {
+ $path = realpath($base . '/' . $element) ;
+
+ if( ($type != 'js' && $type != 'css') ||
+ ($type == 'js' && substr($path, -3) != '.js') ||
+ ($type == 'css' && substr($path, -4) != '.css') ) {
+ header ("HTTP/1.0 403 Forbidden") ;
+ exit ;
}
-
+
if (substr($path, 0, strlen($base)) != $base || !file_exists($path)) {
header ("HTTP/1.0 404 Not Found");
exit;
}
-
+
$lastmodified = max($lastmodified, filemtime($path));
}
// Send Etag hash
$hash = $lastmodified . '-' . md5($_GET['files']);
header ("Etag: \"" . $hash . "\"");
-
- if (isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
- stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"')
- {
+
+ if( isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
+ stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"' ) {
// Return visit and no modifications, so do not send anything
- header ("HTTP/1.0 304 Not Modified");
- header ('Content-Length: 0');
- }
- else
- {
+ header ("HTTP/1.0 304 Not Modified") ;
+ header ('Content-Length: 0') ;
+ } else {
// First time visit or files were modified
- if ($cache)
- {
+ if( $cache ) {
// Determine supported compression method
- $gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip');
- $deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate');
-
+ $gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ;
+ $deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') ;
+
// Determine used compression method
- $encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none');
-
+ $encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none') ;
+
// Check for buggy versions of Internet Explorer
- if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
- preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches)) {
- $version = floatval($matches[1]);
-
- if ($version < 6)
+ if( !strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
+ preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches) ) {
+ $version = floatval($matches[1]) ;
+
+ if( $version < 6 ) {
$encoding = 'none';
-
- if ($version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1'))
+ }
+ if( $version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1') ) {
$encoding = 'none';
+ }
}
-
+
// Try the cache first to see if the combined files were already generated
- $cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '');
-
- if (file_exists($cachedir . '/' . $cachefile)) {
- if ($fp = fopen($cachedir . '/' . $cachefile, 'rb')) {
+ $cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '') ;
- if ($encoding != 'none') {
- header ("Content-Encoding: " . $encoding);
+ if( file_exists($cachedir . '/' . $cachefile) ) {
+ if( $fp = fopen($cachedir . '/' . $cachefile, 'rb') ) {
+ if( $encoding != 'none' ) {
+ header ("Content-Encoding: " . $encoding) ;
}
-
- header ("Content-Type: text/" . $type);
- header ("Content-Length: " . filesize($cachedir . '/' . $cachefile));
-
- fpassthru($fp);
- fclose($fp);
- exit;
+
+ header( "Content-Type: text/" . $type) ;
+ header( "Content-Length: " . filesize($cachedir . '/' . $cachefile) ) ;
+
+ fpassthru($fp) ;
+ fclose($fp) ;
+ exit ;
}
}
}
-
+
// Get contents of the files
- $contents = '';
- reset($elements);
- while (list(,$element) = each($elements)) {
- $path = realpath($base . '/' . $element);
- $contents .= "\n\n" . file_get_contents($path);
+ $contents = '' ;
+ reset($elements) ;
+ while( list(,$element) = each($elements) ) {
+ $path = realpath($base . '/' . $element) ;
+ $contents .= "\n\n" . file_get_contents($path) ;
}
-
+
// Send Content-Type
- header ("Content-Type: text/" . $type);
-
- if (isset($encoding) && $encoding != 'none')
- {
+ header ("Content-Type: text/" . $type) ;
+
+ if (isset($encoding) && $encoding != 'none') {
// Send compressed contents
- $contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE);
- header ("Content-Encoding: " . $encoding);
- header ('Content-Length: ' . strlen($contents));
- echo $contents;
- }
- else
- {
+ $contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE) ;
+ header( "Content-Encoding: " . $encoding ) ;
+ header( 'Content-Length: ' . strlen($contents) ) ;
+ echo $contents ;
+ } else {
// Send regular contents
- header ('Content-Length: ' . strlen($contents));
- echo $contents;
+ header( 'Content-Length: ' . strlen($contents) ) ;
+ echo $contents ;
}
// Store cache
- if ($cache) {
- if ($fp = fopen($cachedir . '/' . $cachefile, 'wb')) {
- fwrite($fp, $contents);
- fclose($fp);
+ if( $cache ) {
+ if( $fp = fopen($cachedir . '/' . $cachefile, 'wb') ) {
+ fwrite($fp, $contents) ;
+ fclose($fp) ;
}
}
- }
-
+ }
+
+?>

0 comments on commit a40b766

Please sign in to comment.
Something went wrong with that request. Please try again.