X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Flibs%2FCSSMin.php;h=92a4f9e6f42ba581bbba5cd519b9d6ca91ab3044;hb=2664eeb6325b7c662faa813c99487b1a479299e5;hp=454fd41f923d8680fdfe852a932eba5cd092de79;hpb=99a57ca021d6e2c7bb25d927d47d8657e60b48e8;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/libs/CSSMin.php b/includes/libs/CSSMin.php index 454fd41f92..d3a02f7e56 100644 --- a/includes/libs/CSSMin.php +++ b/includes/libs/CSSMin.php @@ -19,7 +19,7 @@ * @version 0.1.1 -- 2010-09-11 * @author Trevor Parscal * @copyright Copyright 2010 Wikimedia Foundation - * @license http://www.apache.org/licenses/LICENSE-2.0 + * @license Apache-2.0 */ /** @@ -29,7 +29,7 @@ */ class CSSMin { - /** @var string Strip marker for comments. **/ + /** @var string Strip marker for comments. */ const PLACEHOLDER = "\x7fPLACEHOLDER\x7f"; /** @@ -72,15 +72,24 @@ class CSSMin { $url = $match['file'][0]; // Skip fully-qualified and protocol-relative URLs and data URIs - // Also skips the rare `behavior` property specifying application's default behavior if ( substr( $url, 0, 2 ) === '//' || - parse_url( $url, PHP_URL_SCHEME ) || - substr( $url, 0, 9 ) === '#default#' + parse_url( $url, PHP_URL_SCHEME ) ) { break; } + // Strip trailing anchors - T115436 + $anchor = strpos( $url, '#' ); + if ( $anchor !== false ) { + $url = substr( $url, 0, $anchor ); + + // '#some-anchors' is not a file + if ( $url === '' ) { + break; + } + } + $files[] = $path . $url; } } @@ -179,7 +188,7 @@ class CSSMin { * @return string */ public static function serializeStringValue( $value ) { - $value = strtr( $value, [ "\0" => "\xEF\xBF\xBD", '\\' => '\\\\', '"' => '\\"' ] ); + $value = strtr( $value, [ "\0" => "\u{FFFD}", '\\' => '\\\\', '"' => '\\"' ] ); $value = preg_replace_callback( '/[\x01-\x1f\x7f]/', function ( $match ) { return '\\' . base_convert( ord( $match[0] ), 10, 16 ) . ' '; }, $value ); @@ -193,11 +202,7 @@ class CSSMin { public static function getMimeType( $file ) { // Infer the MIME-type from the file extension $ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) ); - if ( isset( self::$mimeTypes[$ext] ) ) { - return self::$mimeTypes[$ext]; - } - - return mime_content_type( realpath( $file ) ); + return self::$mimeTypes[$ext] ?? mime_content_type( realpath( $file ) ); } /** @@ -399,16 +404,17 @@ class CSSMin { // Match these three variants separately to avoid broken urls when // e.g. a double quoted url contains a parenthesis, or when a // single quoted url contains a double quote, etc. + // FIXME: Simplify now we only support PHP 7.0.0+ // Note: PCRE doesn't support multiple capture groups with the same name by default. // - PCRE 6.7 introduced the "J" modifier (PCRE_INFO_JCHANGED for PCRE_DUPNAMES). - // https://secure.php.net/manual/en/reference.pcre.pattern.modifiers.php + // https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php // However this isn't useful since it just ignores all but the first one. // Also, while the modifier was introduced in PCRE 6.7 (PHP 5.2+) it was // not exposed to public preg_* functions until PHP 5.6.0. // - PCRE 8.36 fixed this to work as expected (e.g. merge conceptually to // only return the one matched in the part that actually matched). // However MediaWiki supports 5.5.9, which has PCRE 8.32 - // Per https://secure.php.net/manual/en/pcre.installation.php: + // Per https://www.php.net/manual/en/pcre.installation.php: // - PCRE 8.32 (PHP 5.5.0) // - PCRE 8.34 (PHP 5.5.10, PHP 5.6.0) // - PCRE 8.37 (PHP 5.5.26, PHP 5.6.9, PHP 7.0.0) @@ -484,11 +490,11 @@ class CSSMin { // Pass thru fully-qualified and protocol-relative URLs and data URIs, as well as local URLs if // we can't expand them. - // Also skips the rare `behavior` property specifying application's default behavior + // Also skips anchors or the rare `behavior` property specifying application's default behavior if ( self::isRemoteUrl( $url ) || self::isLocalUrl( $url ) || - substr( $url, 0, 9 ) === '#default#' + substr( $url, 0, 1 ) === '#' ) { return $url; }