Fixed bug #17133: Pagetree - qtip can be used to execute custom javascript (XSS)...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_compressor.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2010-2011 Steffen Gebert (steffen@steffen-gebert.de)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 /**
29 * Compressor
30 * This merges and compresses CSS and JavaScript files of the TYPO3 Backend.
31 *
32 * @author Steffen Gebert <steffen@steffen-gebert.de>
33 * @package TYPO3
34 * @subpackage t3lib
35 * $Id$
36 */
37 class t3lib_Compressor {
38
39 protected $targetDirectory = 'typo3temp/compressor/';
40
41 // gzipped versions are only created if $TYPO3_CONF_VARS[TYPO3_MODE]['compressionLevel'] is set
42 protected $createGzipped = FALSE;
43 // default compression level is -1
44 protected $gzipCompressionLevel = -1;
45
46 /**
47 * Constructor
48 */
49 public function __construct() {
50
51 // we check for existance of our targetDirectory
52 if (!is_dir(PATH_site . $this->targetDirectory)) {
53 t3lib_div::mkdir(PATH_site . $this->targetDirectory);
54 }
55
56 // decide whether we should create gzipped versions or not
57 $compressionLevel = $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['compressionLevel'];
58 // we need zlib for gzencode()
59 if (extension_loaded('zlib') && $compressionLevel) {
60 $this->createGzipped = TRUE;
61 // $compressionLevel can also be TRUE
62 if (t3lib_div::testInt($compressionLevel)) {
63 $this->gzipCompressionLevel = intval($compressionLevel);
64 }
65 }
66 }
67
68 /**
69 * Concatenates the cssFiles
70 *
71 * Options:
72 * baseDirectories If set, only include files below one of the base directories
73 *
74 * @param array $cssFiles CSS files to process
75 * @param array $options Additional options
76 * @return array CSS files
77 */
78 public function concatenateCssFiles(array $cssFiles, $options = array()) {
79
80 $filesToInclude = array();
81 foreach ($cssFiles as $filename => $fileOptions) {
82 // we remove BACK_PATH from $filename, so make it relative to TYPO3_mainDir
83 $filenameFromMainDir = $this->getFilenameFromMainDir($filename);
84 // if $options['baseDirectories'] set, we only include files below these directories
85 if ((!isset($options['baseDirectories'])
86 || $this->checkBaseDirectory($filenameFromMainDir, array_merge($options['baseDirectories'], array($this->targetDirectory))))
87 && ($fileOptions['media'] === 'all')
88 ) {
89
90 $filesToInclude[] = $filenameFromMainDir;
91 // remove the file from the incoming file array
92 unset($cssFiles[$filename]);
93 }
94 }
95
96 if (count($filesToInclude)) {
97 $targetFile = $this->createMergedCssFile($filesToInclude);
98 $concatenatedOptions = array(
99 'rel' => 'stylesheet',
100 'media' => 'all',
101 'compress' => TRUE,
102 );
103 $targetFileRelative = $GLOBALS['BACK_PATH'] . '../' . $targetFile;
104 // place the merged stylesheet on top of the stylesheets
105 $cssFiles = array_merge(array($targetFileRelative => $concatenatedOptions), $cssFiles);
106 }
107 return $cssFiles;
108 }
109
110 /**
111 * Finds the relative path to a file, relative to the TYPO3_mainDir.
112 *
113 * @param string $filename the name of the file
114 * @return string the path to the file relative to the TYPO3_mainDir
115 */
116 private function getFilenameFromMainDir($filename) {
117 // if the file exists in the typo3/ folder or the BACK_PATH is empty, just return the $filename
118 $file = str_replace($GLOBALS['BACK_PATH'], '', $filename);
119 if (is_file(PATH_typo3 . $file) || empty($GLOBALS['BACK_PATH'])) {
120 return $file;
121 }
122
123 // build the file path relatively to the PATH_site
124 $backPath = str_replace(TYPO3_mainDir, '', $GLOBALS['BACK_PATH']);
125 $file = str_replace($backPath, '', $filename);
126 if (substr($file, 0, 3) === '../') {
127 $file = t3lib_div::resolveBackPath(PATH_typo3 . $file);
128 } else {
129 $file = PATH_site . $file;
130 }
131
132 // check if the file exists, and if so, return the path relative to TYPO3_mainDir
133 if (is_file($file)) {
134 $mainDirDepth = substr_count(TYPO3_mainDir, '/');
135 return str_repeat('../', $mainDirDepth) . str_replace(PATH_site, '', $file);
136 }
137
138 // none of above conditions were met, fallback to default behaviour
139 return substr($filename, strlen($GLOBALS['BACK_PATH']));
140 }
141
142 /**
143 * Creates a merged CSS file
144 *
145 * @param array $filesToInclude Files which should be merged, paths relative to TYPO3_mainDir
146 * @return mixed Filename of the merged file
147 */
148 protected function createMergedCssFile(array $filesToInclude) {
149 // we add up the filenames, filemtimes and filsizes to later build a checksum over
150 // it and include it in the temporary file name
151 $unique = '';
152
153 foreach ($filesToInclude as $filename) {
154 $filepath = t3lib_div::resolveBackPath(PATH_typo3 . $filename);
155 $unique .= $filename . filemtime($filepath) . filesize($filepath);
156 }
157 $targetFile = $this->targetDirectory . 'merged-' . md5($unique) . '.css';
158
159 // if the file doesn't already exist, we create it
160 if (!file_exists(PATH_site . $targetFile)) {
161 $concatenated = '';
162 // concatenate all the files together
163 foreach ($filesToInclude as $filename) {
164 $contents = t3lib_div::getUrl(t3lib_div::resolveBackPath(PATH_typo3 . $filename));
165 // only fix paths if files aren't already in typo3temp (already processed)
166 if (!t3lib_div::isFirstPartOfStr($filename, $this->targetDirectory)) {
167 $concatenated .= $this->cssFixRelativeUrlPaths($contents, dirname($filename) . '/');
168 } else {
169 $concatenated .= $contents;
170 }
171 }
172 t3lib_div::writeFile(PATH_site . $targetFile, $concatenated);
173 }
174 return $targetFile;
175 }
176
177 /**
178 * Compress multiple css files
179 *
180 * @param array $cssFiles The files to compress (array key = filename), relative to requested page
181 * @return array The CSS files after compression (array key = new filename), relative to requested page
182 */
183 public function compressCssFiles(array $cssFiles) {
184 $filesAfterCompression = array();
185 foreach ($cssFiles as $filename => $fileOptions) {
186 // if compression is enabled
187 if ($fileOptions['compress']) {
188 $filesAfterCompression[$this->compressCssFile($filename)] = $fileOptions;
189 } else {
190 $filesAfterCompression[$filename] = $fileOptions;
191 }
192 }
193 return $filesAfterCompression;
194 }
195
196 /**
197 * Compresses a CSS file
198 *
199 * Options:
200 * baseDirectories If set, only include files below one of the base directories
201 *
202 * removes comments and whitespaces
203 * Adopted from http://drupal.org/files/issues/minify_css.php__1.txt
204 *
205 * @param string $filename Source filename, relative to requested page
206 * @return string Compressed filename, relative to requested page
207 */
208 public function compressCssFile($filename) {
209 // generate the unique name of the file
210 $filenameAbsolute = t3lib_div::resolveBackPath(PATH_typo3 . substr($filename, strlen($GLOBALS['BACK_PATH'])));
211 $unique = $filenameAbsolute . filemtime($filenameAbsolute) . filesize($filenameAbsolute);
212
213 $pathinfo = pathinfo($filename);
214 $targetFile = $this->targetDirectory . $pathinfo['filename'] . '-' . md5($unique) . '.css';
215 // only create it, if it doesn't exist, yet
216 if (!file_exists(PATH_site . $targetFile) || ($this->createGzipped && !file_exists(PATH_site . $targetFile . '.gzip'))) {
217 $contents = t3lib_div::getUrl($filenameAbsolute);
218 // Perform some safe CSS optimizations.
219 $contents = str_replace("\r", '', $contents); // Strip any and all carriage returns.
220 // Match and process strings, comments and everything else, one chunk at a time.
221 // To understand this regex, read: "Mastering Regular Expressions 3rd Edition" chapter 6.
222 $contents = preg_replace_callback('%
223 # One-regex-to-rule-them-all! - version: 20100220_0100
224 # Group 1: Match a double quoted string.
225 ("[^"\\\\]*+(?:\\\\.[^"\\\\]*+)*+") | # or...
226 # Group 2: Match a single quoted string.
227 (\'[^\'\\\\]*+(?:\\\\.[^\'\\\\]*+)*+\') | # or...
228 # Group 3: Match a regular non-MacIE5-hack comment.
229 (/\*[^\\\\*]*+\*++(?:[^\\\\*/][^\\\\*]*+\*++)*+/) | # or...
230 # Group 4: Match a MacIE5-type1 comment.
231 (/\*(?:[^*\\\\]*+\**+(?!/))*+\\\\[^*]*+\*++(?:[^*/][^*]*+\*++)*+/(?<!\\\\\*/)) | # or...
232 # Group 5: Match a MacIE5-type2 comment.
233 (/\*[^*]*\*+(?:[^/*][^*]*\*+)*/(?<=\\\\\*/)) # folllowed by...
234 # Group 6: Match everything up to final closing regular comment
235 ([^/]*+(?:(?!\*)/[^/]*+)*?)
236 # Group 7: Match final closing regular comment
237 (/\*[^/]++(?:(?<!\*)/(?!\*)[^/]*+)*+/(?<=(?<!\\\\)\*/)) | # or...
238 # Group 8: Match regular non-string, non-comment text.
239 ([^"\'/]*+(?:(?!/\*)/[^"\'/]*+)*+)
240 %Ssx', array('self', 'compressCssPregCallback'), $contents); // Do it!
241 $contents = preg_replace('/^\s++/', '', $contents); // Strip leading whitespace.
242 $contents = preg_replace('/[ \t]*+\n\s*+/S', "\n", $contents); // Consolidate multi-lines space.
243 $contents = preg_replace('/(?<!\s)\s*+$/S', "\n", $contents); // Ensure file ends in newline.
244 // we have to fix relative paths, if we aren't working on a file in our target directory
245 if (!is_int(strpos($filename, $this->targetDirectory))) {
246 $filenameRelativeToMainDir = substr($filename, strlen($GLOBALS['BACK_PATH']));
247 $contents = $this->cssFixRelativeUrlPaths($contents, dirname($filenameRelativeToMainDir) . '/');
248 }
249 $this->writeFileAndCompressed($targetFile, $contents);
250 }
251
252 return $GLOBALS['BACK_PATH'] . '../' . $this->returnFileReference($targetFile);
253 }
254
255 /**
256 * Callback function for preg_replace
257 *
258 * @see compressCssFile
259 * @param array $matches
260 * @return string the compressed string
261 */
262 public static function compressCssPregCallback($matches) {
263 if ($matches[1]) { // Group 1: Double quoted string.
264 return $matches[1]; // Return the string unmodified.
265 } elseif ($matches[2]) { // Group 2: Single quoted string.
266 return $matches[2]; // Return the string unmodified.
267 } elseif ($matches[3]) { // Group 3: Regular non-MacIE5-hack comment.
268 return "\n"; // Return single space.
269 } elseif ($matches[4]) { // Group 4: MacIE5-hack-type-1 comment.
270 return "\n/*\\T1*/\n"; // Return minimal MacIE5-hack-type-1 comment.
271 }
272 elseif ($matches[5]) { // Group 5,6,7: MacIE5-hack-type-2 comment
273 $matches[6] = preg_replace('/\s++([+>{};,)])/S', '$1', $matches[6]); // Clean pre-punctuation.
274 $matches[6] = preg_replace('/([+>{}:;,(])\s++/S', '$1', $matches[6]); // Clean post-punctuation.
275 $matches[6] = preg_replace('/;?\}/S', "}\n", $matches[6]); // Add a touch of formatting.
276 return "\n/*T2\\*/" . $matches[6] . "\n/*T2E*/\n"; // Minify and reassemble composite type2 comment.
277 } elseif (isset($matches[8])) { // Group 8: Non-string, non-comment. Safe to clean whitespace here.
278 $matches[8] = preg_replace('/^\s++/', '', $matches[8]); // Strip all leading whitespace.
279 $matches[8] = preg_replace('/\s++$/', '', $matches[8]); // Strip all trailing whitespace.
280 $matches[8] = preg_replace('/\s{2,}+/', ' ', $matches[8]); // Consolidate multiple whitespace.
281 $matches[8] = preg_replace('/\s++([+>{};,)])/S', '$1', $matches[8]); // Clean pre-punctuation.
282 $matches[8] = preg_replace('/([+>{}:;,(])\s++/S', '$1', $matches[8]); // Clean post-punctuation.
283 $matches[8] = preg_replace('/;?\}/S', "}\n", $matches[8]); // Add a touch of formatting.
284 return $matches[8];
285 }
286 return $matches[0] . "\n/* ERROR! Unexpected _proccess_css_minify() parameter */\n"; // never get here
287 }
288
289 /**
290 * Compress multiple javascript files
291 *
292 * @param array $jsFiles The files to compress (array key = filename), relative to requested page
293 * @return array The js files after compression (array key = new filename), relative to requested page
294 */
295 public function compressJsFiles(array $jsFiles) {
296 $filesAfterCompression = array();
297 foreach ($jsFiles as $filename => $fileOptions) {
298 // we remove BACK_PATH from $filename, so make it relative to TYPO3_mainDir
299 $filenameFromMainDir = $this->getFilenameFromMainDir($filename);
300 // if compression is enabled
301 if ($fileOptions['compress']) {
302 $filesAfterCompression[$this->compressJsFile($filename)] = $fileOptions;
303 } else {
304 $filesAfterCompression[$filename] = $fileOptions;
305 }
306 }
307 return $filesAfterCompression;
308 }
309
310 /**
311 * Compresses a javascript file
312 *
313 * Options:
314 * baseDirectories If set, only include files below one of the base directories
315 *
316 * @param string $filename Source filename, relative to requested page
317 * @return string Filename of the compressed file, relative to requested page
318 */
319 public function compressJsFile($filename) {
320 // generate the unique name of the file
321 $filenameAbsolute = t3lib_div::resolveBackPath(PATH_typo3 . $this->getFilenameFromMainDir($filename));
322 $unique = $filenameAbsolute . filemtime($filenameAbsolute) . filesize($filenameAbsolute);
323
324 $pathinfo = pathinfo($filename);
325 $targetFile = $this->targetDirectory . $pathinfo['filename'] . '-' . md5($unique) . '.js';
326 // only create it, if it doesn't exist, yet
327 if (!file_exists(PATH_site . $targetFile) || ($this->createGzipped && !file_exists(PATH_site . $targetFile . '.gzip'))) {
328 $contents = t3lib_div::getUrl($filenameAbsolute);
329 $this->writeFileAndCompressed($targetFile, $contents);
330 }
331 return $GLOBALS['BACK_PATH'] . '../' . $this->returnFileReference($targetFile);
332 }
333
334 /**
335 * Decides whether a CSS file comes from one of the baseDirectories
336 *
337 * @param string $filename Filename
338 * @return boolean File belongs to a skin or not
339 */
340 protected function checkBaseDirectory($filename, array $baseDirectories) {
341 foreach ($baseDirectories as $baseDirectory) {
342 // check, if $filename starts with $skinStylesheetDirectory
343 if (t3lib_div::isFirstPartOfStr($filename, $baseDirectory)) {
344 return TRUE;
345 }
346 }
347 return FALSE;
348 }
349
350 /**
351 * Fixes the relative paths inside of url() references in CSS files
352 *
353 * @param string $contents Data to process
354 * @param string $oldDir Directory of the originial file, relative to TYPO3_mainDir
355 * @return string Processed data
356 */
357 protected function cssFixRelativeUrlPaths($contents, $oldDir) {
358 $matches = array();
359
360 preg_match_all('/url(\(\s*["\']?([^"\']+)["\']?\s*\))/iU', $contents, $matches);
361 foreach ($matches[2] as $matchCount => $match) {
362 // remove '," or white-spaces around
363 $match = preg_replace('/[\"\'\s]/', '', $match);
364
365 // we must not rewrite paths containing ":", e.g. data URIs (see RFC 2397)
366 if (strpos($match, ':') === FALSE) {
367 $newPath = t3lib_div::resolveBackPath('../../' . TYPO3_mainDir . $oldDir . $match);
368 $contents = str_replace($matches[1][$matchCount], '(\'' . $newPath . '\')', $contents);
369 }
370 }
371 return $contents;
372 }
373
374 /**
375 * Writes $contents into file $filename together with a gzipped version into $filename.gz
376 *
377 * @param string $filename Target filename
378 * @param strings $contents File contents
379 * @return void
380 */
381 protected function writeFileAndCompressed($filename, $contents) {
382 // write uncompressed file
383 t3lib_div::writeFile(PATH_site . $filename, $contents);
384
385 if ($this->createGzipped) {
386 // create compressed version
387 t3lib_div::writeFile(PATH_site . $filename . '.gzip', gzencode($contents, $this->gzipCompressionLevel));
388 }
389 }
390
391 /**
392 * Decides whether a client can deal with gzipped content or not and returns the according file name,
393 * based on HTTP_ACCEPT_ENCODING
394 *
395 * @param string $filename File name
396 * @return string $filename suffixed with '.gzip' or not - dependent on HTTP_ACCEPT_ENCODING
397 */
398 protected function returnFileReference($filename) {
399 // if the client accepts gzip and we can create gzipped files, we give him compressed versions
400 if ($this->createGzipped && strpos(t3lib_div::getIndpEnv('HTTP_ACCEPT_ENCODING'), 'gzip') !== FALSE) {
401 return $filename . '.gzip';
402 } else {
403 return $filename;
404 }
405 }
406 }
407
408 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_compressor.php'])) {
409 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_compressor.php']);
410 }
411
412 ?>