Skip to content
Permalink
Browse files Browse the repository at this point in the history
show http 403 forbidden error if the type parameter is not js or css
  • Loading branch information
juanramon committed Jan 30, 2012
1 parent 8c0a3eb commit a40b766
Show file tree
Hide file tree
Showing 2 changed files with 142 additions and 154 deletions.
148 changes: 71 additions & 77 deletions oc-content/themes/modern/combine.php
Expand Up @@ -24,120 +24,114 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/


$cache = true;
$cache = true;
$cachedir = '../../uploads';
$base = dirname(__FILE__);
$base = dirname(__FILE__);

$type = $_GET['type'];
$type = $_GET['type'];
$elements = explode(',', $_GET['files']);

// Determine last modification date of the files
$lastmodified = 0;
while (list(,$element) = each($elements)) {
$path = realpath($base . '/' . $element);

if (($type == 'js' && substr($path, -3) != '.js') ||
($type == 'css' && substr($path, -4) != '.css')) {
header ("HTTP/1.0 403 Forbidden");
exit;
while( list(,$element) = each($elements) ) {
$path = realpath($base . '/' . $element) ;

if( ($type != 'js' && $type != 'css') ||
($type == 'js' && substr($path, -3) != '.js') ||
($type == 'css' && substr($path, -4) != '.css') ) {
header ("HTTP/1.0 403 Forbidden") ;
exit ;
}

if (substr($path, 0, strlen($base)) != $base || !file_exists($path)) {
header ("HTTP/1.0 404 Not Found");
exit;
}

$lastmodified = max($lastmodified, filemtime($path));
}

// Send Etag hash
$hash = $lastmodified . '-' . md5($_GET['files']);
header ("Etag: \"" . $hash . "\"");

if (isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"')
{

if( isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"' ) {
// Return visit and no modifications, so do not send anything
header ("HTTP/1.0 304 Not Modified");
header ('Content-Length: 0');
}
else
{
header ("HTTP/1.0 304 Not Modified") ;
header ('Content-Length: 0') ;
} else {
// First time visit or files were modified
if ($cache)
{
if( $cache ) {
// Determine supported compression method
$gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip');
$deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate');
$gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ;
$deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') ;

// Determine used compression method
$encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none');
$encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none') ;

// Check for buggy versions of Internet Explorer
if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches)) {
$version = floatval($matches[1]);
if ($version < 6)
if( !strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches) ) {
$version = floatval($matches[1]) ;

if( $version < 6 ) {
$encoding = 'none';
if ($version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1'))
}
if( $version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1') ) {
$encoding = 'none';
}
}

// Try the cache first to see if the combined files were already generated
$cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '');

if (file_exists($cachedir . '/' . $cachefile)) {
if ($fp = fopen($cachedir . '/' . $cachefile, 'rb')) {
$cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '') ;

if ($encoding != 'none') {
header ("Content-Encoding: " . $encoding);
if( file_exists($cachedir . '/' . $cachefile) ) {
if( $fp = fopen($cachedir . '/' . $cachefile, 'rb') ) {
if( $encoding != 'none' ) {
header ("Content-Encoding: " . $encoding) ;
}
header ("Content-Type: text/" . $type);
header ("Content-Length: " . filesize($cachedir . '/' . $cachefile));
fpassthru($fp);
fclose($fp);
exit;

header( "Content-Type: text/" . $type) ;
header( "Content-Length: " . filesize($cachedir . '/' . $cachefile) ) ;

fpassthru($fp) ;
fclose($fp) ;
exit ;
}
}
}

// Get contents of the files
$contents = '';
reset($elements);
while (list(,$element) = each($elements)) {
$path = realpath($base . '/' . $element);
$contents .= "\n\n" . file_get_contents($path);
$contents = '' ;
reset($elements) ;
while( list(,$element) = each($elements) ) {
$path = realpath($base . '/' . $element) ;
$contents .= "\n\n" . file_get_contents($path) ;
}

// Send Content-Type
header ("Content-Type: text/" . $type);

if (isset($encoding) && $encoding != 'none')
{
header ("Content-Type: text/" . $type) ;

if (isset($encoding) && $encoding != 'none') {
// Send compressed contents
$contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE);
header ("Content-Encoding: " . $encoding);
header ('Content-Length: ' . strlen($contents));
echo $contents;
}
else
{
$contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE) ;
header( "Content-Encoding: " . $encoding ) ;
header( 'Content-Length: ' . strlen($contents) ) ;
echo $contents ;
} else {
// Send regular contents
header ('Content-Length: ' . strlen($contents));
echo $contents;
header( 'Content-Length: ' . strlen($contents) ) ;
echo $contents ;
}

// Store cache
if ($cache) {
if ($fp = fopen($cachedir . '/' . $cachefile, 'wb')) {
fwrite($fp, $contents);
fclose($fp);
if( $cache ) {
if( $fp = fopen($cachedir . '/' . $cachefile, 'wb') ) {
fwrite($fp, $contents) ;
fclose($fp) ;
}
}
}

}

?>
148 changes: 71 additions & 77 deletions oc-includes/osclass/gui/combine.php
Expand Up @@ -24,120 +24,114 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/


$cache = true;
$cache = true;
$cachedir = '../../uploads';
$base = dirname(__FILE__);
$base = dirname(__FILE__);

$type = $_GET['type'];
$type = $_GET['type'];
$elements = explode(',', $_GET['files']);

// Determine last modification date of the files
$lastmodified = 0;
while (list(,$element) = each($elements)) {
$path = realpath($base . '/' . $element);

if (($type == 'js' && substr($path, -3) != '.js') ||
($type == 'css' && substr($path, -4) != '.css')) {
header ("HTTP/1.0 403 Forbidden");
exit;
while( list(,$element) = each($elements) ) {
$path = realpath($base . '/' . $element) ;

if( ($type != 'js' && $type != 'css') ||
($type == 'js' && substr($path, -3) != '.js') ||
($type == 'css' && substr($path, -4) != '.css') ) {
header ("HTTP/1.0 403 Forbidden") ;
exit ;
}

if (substr($path, 0, strlen($base)) != $base || !file_exists($path)) {
header ("HTTP/1.0 404 Not Found");
exit;
}

$lastmodified = max($lastmodified, filemtime($path));
}

// Send Etag hash
$hash = $lastmodified . '-' . md5($_GET['files']);
header ("Etag: \"" . $hash . "\"");

if (isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"')
{

if( isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == '"' . $hash . '"' ) {
// Return visit and no modifications, so do not send anything
header ("HTTP/1.0 304 Not Modified");
header ('Content-Length: 0');
}
else
{
header ("HTTP/1.0 304 Not Modified") ;
header ('Content-Length: 0') ;
} else {
// First time visit or files were modified
if ($cache)
{
if( $cache ) {
// Determine supported compression method
$gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip');
$deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate');
$gzip = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ;
$deflate = strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') ;

// Determine used compression method
$encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none');
$encoding = $gzip ? 'gzip' : ($deflate ? 'deflate' : 'none') ;

// Check for buggy versions of Internet Explorer
if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches)) {
$version = floatval($matches[1]);
if ($version < 6)
if( !strstr($_SERVER['HTTP_USER_AGENT'], 'Opera') &&
preg_match('/^Mozilla\/4\.0 \(compatible; MSIE ([0-9]\.[0-9])/i', $_SERVER['HTTP_USER_AGENT'], $matches) ) {
$version = floatval($matches[1]) ;

if( $version < 6 ) {
$encoding = 'none';
if ($version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1'))
}
if( $version == 6 && !strstr($_SERVER['HTTP_USER_AGENT'], 'EV1') ) {
$encoding = 'none';
}
}

// Try the cache first to see if the combined files were already generated
$cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '');

if (file_exists($cachedir . '/' . $cachefile)) {
if ($fp = fopen($cachedir . '/' . $cachefile, 'rb')) {
$cachefile = 'cache-' . $hash . '.' . $type . ($encoding != 'none' ? '.' . $encoding : '') ;

if ($encoding != 'none') {
header ("Content-Encoding: " . $encoding);
if( file_exists($cachedir . '/' . $cachefile) ) {
if( $fp = fopen($cachedir . '/' . $cachefile, 'rb') ) {
if( $encoding != 'none' ) {
header ("Content-Encoding: " . $encoding) ;
}
header ("Content-Type: text/" . $type);
header ("Content-Length: " . filesize($cachedir . '/' . $cachefile));
fpassthru($fp);
fclose($fp);
exit;

header( "Content-Type: text/" . $type) ;
header( "Content-Length: " . filesize($cachedir . '/' . $cachefile) ) ;

fpassthru($fp) ;
fclose($fp) ;
exit ;
}
}
}

// Get contents of the files
$contents = '';
reset($elements);
while (list(,$element) = each($elements)) {
$path = realpath($base . '/' . $element);
$contents .= "\n\n" . file_get_contents($path);
$contents = '' ;
reset($elements) ;
while( list(,$element) = each($elements) ) {
$path = realpath($base . '/' . $element) ;
$contents .= "\n\n" . file_get_contents($path) ;
}

// Send Content-Type
header ("Content-Type: text/" . $type);

if (isset($encoding) && $encoding != 'none')
{
header ("Content-Type: text/" . $type) ;

if (isset($encoding) && $encoding != 'none') {
// Send compressed contents
$contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE);
header ("Content-Encoding: " . $encoding);
header ('Content-Length: ' . strlen($contents));
echo $contents;
}
else
{
$contents = gzencode($contents, 9, $gzip ? FORCE_GZIP : FORCE_DEFLATE) ;
header( "Content-Encoding: " . $encoding ) ;
header( 'Content-Length: ' . strlen($contents) ) ;
echo $contents ;
} else {
// Send regular contents
header ('Content-Length: ' . strlen($contents));
echo $contents;
header( 'Content-Length: ' . strlen($contents) ) ;
echo $contents ;
}

// Store cache
if ($cache) {
if ($fp = fopen($cachedir . '/' . $cachefile, 'wb')) {
fwrite($fp, $contents);
fclose($fp);
if( $cache ) {
if( $fp = fopen($cachedir . '/' . $cachefile, 'wb') ) {
fwrite($fp, $contents) ;
fclose($fp) ;
}
}
}

}

?>

0 comments on commit a40b766

Please sign in to comment.