forked from engineyard/magento-ce-1.9
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
144 lines (126 loc) · 4.24 KB
/
index.php
File metadata and controls
144 lines (126 loc) · 4.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magentocommerce.com for more information.
*
* @category Mage
* @package Mage_Core
* @copyright Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
/**
* Proxy script to combine and compress one or few files for JS and CSS
*
* Restricts access only to files under current script's folder
*
* @category Mage
* @package Mage_Core
* @author Magento Core Team <core@magentocommerce.com>
*/
// no files specified return 404
if (empty($_GET['f'])) {
header('HTTP/1.0 404 Not Found');
echo "SYNTAX: index.php/x.js?f=dir1/file1.js,dir2/file2.js";
exit;
}
// allow web server set content type automatically
$contentType = false;
// set custom content type if specified
if (isset($_GET['c'])) {
$contentType = $_GET['c']==='auto' ? true : $_GET['c'];
}
// get files content
$files = is_array($_GET['f']) ? $_GET['f'] : explode(',', $_GET['f']);
// set allowed content-type
$contentTypeAllowed = array(
'text/javascript',
'text/css',
// 'image/gif',
// 'image/png',
// 'image/jpeg',
);
// set allowed file extensions
$fileExtAllowed = array(
'js',
'css',
// 'gif',
// 'png',
// 'js'
);
$out = '';
$lastModified = 0;
foreach ($files as $f) {
$fileRealPath = realpath($f);
// check file path (security)
if (strpos($fileRealPath, realpath(dirname(__FILE__))) !== 0) {
continue;
}
$fileExt = strtolower(pathinfo($fileRealPath, PATHINFO_EXTENSION));
// check file extension
if (empty($fileExt) || !in_array($fileExt, $fileExtAllowed)) {
continue;
}
// try automatically get content type if requested
if ($contentType === true) {
$contentTypes = array(
'js' => 'text/javascript',
'css' => 'text/css',
// 'gif' => 'image/gif',
// 'png' => 'image/png',
// 'jpg' => 'image/jpeg',
);
if (empty($contentTypes[$fileExt])) { // security
continue;
}
$contentType = !empty($contentTypes[$fileExt]) ? $contentTypes[$fileExt] : false;
}
// append file contents
// we must have blank line at the end of all files but if somebody forget to add it
// we need add it here
$out .= file_get_contents($fileRealPath) . "\n";
$lastModified = max($lastModified, filemtime($fileRealPath));
}
//checking if client have older copy then we have on server
if (function_exists('date_default_timezone_set')) {
date_default_timezone_set('UTC');
}
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $lastModified) {
header("HTTP/1.1 304 Not Modified");
exit;
}
// last modified is the max mtime for loaded files
header('Cache-Control: must-revalidate');
header('Last-modified: ' . gmdate('r', $lastModified));
// optional custom content type, can be emulated by index.php/x.js or x.css
if (is_string($contentType) && in_array($contentType, $contentTypeAllowed)) {
header('Content-type: '.$contentType);
}
// remove spaces, default on
if (!(isset($_GET['s']) && !$_GET['s'])) {
$out = preg_replace('#[ \t]+#', ' ', $out);
}
// use gzip or deflate, use this if not enabled in .htaccess, default on
//if (!(isset($_GET['z']) && !$_GET['z'])) {
// ini_set('zlib.output_compression', 1);
//}
// add Expires header if not disabled, default 1 year
if (!(isset($_GET['e']) && $_GET['e']==='no')) {
$time = time()+(isset($_GET['e']) ? $_GET['e'] : 365)*86400;
header('Expires: '.gmdate('r', $time));
}
echo $out;