← Back to branch summary

~hakjoon/xpattern/content-plugins

« back to all changes in this revision

Viewing changes to textpattern/lib/txplib_misc.php

  • Committer: Michael Manfre
  • Date: 2008-01-24 04:34:43 UTC
  • Revision ID: mmanfre@gmail.com-20080124043443-n5jtwd8a7v678q3g
css names are restricted to ascii characters with sanitizeForUrl(). Added extra safety checks with sanitizeFilename(). txp:css does not use cached files if the 'n' argument is not specified. The db query to look up the section's css name would negate performance improvements.

Show diffs side-by-side

added added

removed removed

Lines of Context:
textpattern/lib/txplib_misc.php
2037
2037
        function strip_prefix($str, $pfx) {
2038
2038
                return preg_replace('/^'.preg_quote($pfx, '/').'/', '', $str);
2039
2039
        }
 
2040
 
 
2041
 
 
2042
//-------------------------------------------------------------
 
2043
        function sanitizeFilename($name)
 
2044
        {
 
2045
                // Remove all non-whitelisted characters
 
2046
                $name = preg_replace("/[^A-Za-z0-9\-_.]/","",$name);
 
2047
                // prevent directory traversal
 
2048
                $name = basename($name);
 
2049
 
 
2050
                return $name;
 
2051
        }
 
2052
 
 
2053
//-------------------------------------------------------------
 
2054
        function css_static_enabled()
 
2055
        {
 
2056
                global $txp_css_dir, $path_to_site;
 
2057
 
 
2058
                return !empty($txp_css_dir) and is_dir($path_to_site.'/'.$txp_css_dir);
 
2059
        }
 
2060
//-------------------------------------------------------------
 
2061
        function css_save_static($name, $css)
 
2062
        {
 
2063
                global $txp_css_dir, $path_to_site;
 
2064
                
 
2065
                if (css_static_enabled() and !empty($name) and !empty($css))
 
2066
                {
 
2067
                        $file   = $path_to_site.'/'.$txp_css_dir.'/'.sanitizeFilename($name.'.css');
 
2068
                        $handle = fopen($file, 'wb');
 
2069
                        fwrite($handle, base64_decode($css));
 
2070
                        fclose($handle);
 
2071
                }
 
2072
        }
 
2073
 
 
2074
//-------------------------------------------------------------
 
2075
        function css_delete_static($name)
 
2076
        {
 
2077
                global $txp_css_dir, $path_to_site;
 
2078
 
 
2079
                $name = sanitizeFilename($name.'.css');
 
2080
                $file = $path_to_site.'/'.$txp_css_dir.'/'.$name;
 
2081
                
 
2082
                if (!empty($txp_css_dir) and is_writeable($file))
 
2083
                {
 
2084
                        unlink($file);
 
2085
                }
 
2086
        }
 
2087
 
2040
2088
?>