dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
resourceloader: CSSMin::getLocalFileReferences now strips anchors
[lhc/web/wiklou.git] / includes / libs / CSSMin.php
1 <?php
2 /**
3 * Minification of CSS stylesheets.
4 *
5 * Copyright 2010 Wikimedia Foundation
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software distributed
14 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
15 * OF ANY KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations under the License.
17 *
18 * @file
19 * @version 0.1.1 -- 2010-09-11
20 * @author Trevor Parscal <tparscal@wikimedia.org>
21 * @copyright Copyright 2010 Wikimedia Foundation
22 * @license Apache-2.0
23 */
24
25 /**
26 * Transforms CSS data
27 *
28 * This class provides minification, URL remapping, URL extracting, and data-URL embedding.
29 */
30 class CSSMin {
31
32 /** @var string Strip marker for comments. **/
33 const PLACEHOLDER = "\x7fPLACEHOLDER\x7f";
34
35 /**
36 * Internet Explorer data URI length limit. See encodeImageAsDataURI().
37 */
38 const DATA_URI_SIZE_LIMIT = 32768;
39
40 const EMBED_REGEX = '\/\*\s*\@embed\s*\*\/';
41 const COMMENT_REGEX = '\/\*.*?\*\/';
42
43 /** @var string[] List of common image files extensions and MIME-types */
44 protected static $mimeTypes = [
45 'gif' => 'image/gif',
46 'jpe' => 'image/jpeg',
47 'jpeg' => 'image/jpeg',
48 'jpg' => 'image/jpeg',
49 'png' => 'image/png',
50 'tif' => 'image/tiff',
51 'tiff' => 'image/tiff',
52 'xbm' => 'image/x-xbitmap',
53 'svg' => 'image/svg+xml',
54 ];
55
56 /**
57 * Get a list of local files referenced in a stylesheet (includes non-existent files).
58 *
59 * @param string $source CSS stylesheet source to process
60 * @param string $path File path where the source was read from
61 * @return string[] List of local file references
62 */
63 public static function getLocalFileReferences( $source, $path ) {
64 $stripped = preg_replace( '/' . self::COMMENT_REGEX . '/s', '', $source );
65 $path = rtrim( $path, '/' ) . '/';
66 $files = [];
67
68 $rFlags = PREG_OFFSET_CAPTURE | PREG_SET_ORDER;
69 if ( preg_match_all( '/' . self::getUrlRegex() . '/', $stripped, $matches, $rFlags ) ) {
70 foreach ( $matches as $match ) {
71 self::processUrlMatch( $match, $rFlags );
72 $url = $match['file'][0];
73
74 // Skip fully-qualified and protocol-relative URLs and data URIs
75 if (
76 substr( $url, 0, 2 ) === '//' ||
77 parse_url( $url, PHP_URL_SCHEME )
78 ) {
79 break;
80 }
81
82 // Strip trailing anchors - T115436
83 $anchor = strpos( $url, '#' );
84 if ( $anchor !== false ) {
85 $url = substr( $url, 0, $anchor );
86
87 // '#some-anchors' is not a file
88 if ( $url === '' ) {
89 break;
90 }
91 }
92
93 $files[] = $path . $url;
94 }
95 }
96 return $files;
97 }
98
99 /**
100 * Encode an image file as a data URI.
101 *
102 * If the image file has a suitable MIME type and size, encode it as a data URI, base64-encoded
103 * for binary files or just percent-encoded otherwise. Return false if the image type is
104 * unfamiliar or file exceeds the size limit.
105 *
106 * @param string $file Image file to encode.
107 * @param string|null $type File's MIME type or null. If null, CSSMin will
108 * try to autodetect the type.
109 * @param bool $ie8Compat By default, a data URI will only be produced if it can be made short
110 * enough to fit in Internet Explorer 8 (and earlier) URI length limit (32,768 bytes). Pass
111 * `false` to remove this limitation.
112 * @return string|false Image contents encoded as a data URI or false.
113 */
114 public static function encodeImageAsDataURI( $file, $type = null, $ie8Compat = true ) {
115 // Fast-fail for files that definitely exceed the maximum data URI length
116 if ( $ie8Compat && filesize( $file ) >= self::DATA_URI_SIZE_LIMIT ) {
117 return false;
118 }
119
120 if ( $type === null ) {
121 $type = self::getMimeType( $file );
122 }
123 if ( !$type ) {
124 return false;
125 }
126
127 return self::encodeStringAsDataURI( file_get_contents( $file ), $type, $ie8Compat );
128 }
129
130 /**
131 * Encode file contents as a data URI with chosen MIME type.
132 *
133 * The URI will be base64-encoded for binary files or just percent-encoded otherwise.
134 *
135 * @since 1.25
136 *
137 * @param string $contents File contents to encode.
138 * @param string $type File's MIME type.
139 * @param bool $ie8Compat See encodeImageAsDataURI().
140 * @return string|false Image contents encoded as a data URI or false.
141 */
142 public static function encodeStringAsDataURI( $contents, $type, $ie8Compat = true ) {
143 // Try #1: Non-encoded data URI
144
145 // Remove XML declaration, it's not needed with data URI usage
146 $contents = preg_replace( "/<\\?xml.*?\\?>/", '', $contents );
147 // The regular expression matches ASCII whitespace and printable characters.
148 if ( preg_match( '/^[\r\n\t\x20-\x7e]+$/', $contents ) ) {
149 // Do not base64-encode non-binary files (sane SVGs).
150 // (This often produces longer URLs, but they compress better, yielding a net smaller size.)
151 $encoded = rawurlencode( $contents );
152 // Unencode some things that don't need to be encoded, to make the encoding smaller
153 $encoded = strtr( $encoded, [
154 '%20' => ' ', // Unencode spaces
155 '%2F' => '/', // Unencode slashes
156 '%3A' => ':', // Unencode colons
157 '%3D' => '=', // Unencode equals signs
158 '%0A' => ' ', // Change newlines to spaces
159 '%0D' => ' ', // Change carriage returns to spaces
160 '%09' => ' ', // Change tabs to spaces
161 ] );
162 // Consolidate runs of multiple spaces in a row
163 $encoded = preg_replace( '/ {2,}/', ' ', $encoded );
164 // Remove leading and trailing spaces
165 $encoded = preg_replace( '/^ | $/', '', $encoded );
166
167 $uri = 'data:' . $type . ',' . $encoded;
168 if ( !$ie8Compat || strlen( $uri ) < self::DATA_URI_SIZE_LIMIT ) {
169 return $uri;
170 }
171 }
172
173 // Try #2: Encoded data URI
174 $uri = 'data:' . $type . ';base64,' . base64_encode( $contents );
175 if ( !$ie8Compat || strlen( $uri ) < self::DATA_URI_SIZE_LIMIT ) {
176 return $uri;
177 }
178
179 // A data URI couldn't be produced
180 return false;
181 }
182
183 /**
184 * Serialize a string (escape and quote) for use as a CSS string value.
185 * https://drafts.csswg.org/cssom/#serialize-a-string
186 *
187 * @param string $value
188 * @return string
189 */
190 public static function serializeStringValue( $value ) {
191 $value = strtr( $value, [ "\0" => "\u{FFFD}", '\\' => '\\\\', '"' => '\\"' ] );
192 $value = preg_replace_callback( '/[\x01-\x1f\x7f]/', function ( $match ) {
193 return '\\' . base_convert( ord( $match[0] ), 10, 16 ) . ' ';
194 }, $value );
195 return '"' . $value . '"';
196 }
197
198 /**
199 * @param string $file
200 * @return bool|string
201 */
202 public static function getMimeType( $file ) {
203 // Infer the MIME-type from the file extension
204 $ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) );
205 if ( isset( self::$mimeTypes[$ext] ) ) {
206 return self::$mimeTypes[$ext];
207 }
208
209 return mime_content_type( realpath( $file ) );
210 }
211
212 /**
213 * Build a CSS 'url()' value for the given URL, quoting parentheses (and other funny characters)
214 * and escaping quotes as necessary.
215 *
216 * See http://www.w3.org/TR/css-syntax-3/#consume-a-url-token
217 *
218 * @param string $url URL to process
219 * @return string 'url()' value, usually just `"url($url)"`, quoted/escaped if necessary
220 */
221 public static function buildUrlValue( $url ) {
222 // The list below has been crafted to match URLs such as:
223 // scheme://user@domain:port/~user/fi%20le.png?query=yes&really=y+s
224 // data:image/png;base64,R0lGODlh/+==
225 if ( preg_match( '!^[\w\d:@/~.%+;,?&=-]+$!', $url ) ) {
226 return "url($url)";
227 } else {
228 return 'url("' . strtr( $url, [ '\\' => '\\\\', '"' => '\\"' ] ) . '")';
229 }
230 }
231
232 /**
233 * Remaps CSS URL paths and automatically embeds data URIs for CSS rules
234 * or url() values preceded by an / * @embed * / comment.
235 *
236 * @param string $source CSS data to remap
237 * @param string $local File path where the source was read from
238 * @param string $remote URL path to the file
239 * @param bool $embedData If false, never do any data URI embedding,
240 * even if / * @embed * / is found.
241 * @return string Remapped CSS data
242 */
243 public static function remap( $source, $local, $remote, $embedData = true ) {
244 // High-level overview:
245 // * For each CSS rule in $source that includes at least one url() value:
246 // * Check for an @embed comment at the start indicating that all URIs should be embedded
247 // * For each url() value:
248 // * Check for an @embed comment directly preceding the value
249 // * If either @embed comment exists:
250 // * Embedding the URL as data: URI, if it's possible / allowed
251 // * Otherwise remap the URL to work in generated stylesheets
252
253 // Guard against trailing slashes, because "some/remote/../foo.png"
254 // resolves to "some/remote/foo.png" on (some?) clients (T29052).
255 if ( substr( $remote, -1 ) == '/' ) {
256 $remote = substr( $remote, 0, -1 );
257 }
258
259 // Disallow U+007F DELETE, which is illegal anyway, and which
260 // we use for comment placeholders.
261 $source = str_replace( "\x7f", "?", $source );
262
263 // Replace all comments by a placeholder so they will not interfere with the remapping.
264 // Warning: This will also catch on anything looking like the start of a comment between
265 // quotation marks (e.g. "foo /* bar").
266 $comments = [];
267
268 $pattern = '/(?!' . self::EMBED_REGEX . ')(' . self::COMMENT_REGEX . ')/s';
269
270 $source = preg_replace_callback(
271 $pattern,
272 function ( $match ) use ( &$comments ) {
273 $comments[] = $match[ 0 ];
274 return CSSMin::PLACEHOLDER . ( count( $comments ) - 1 ) . 'x';
275 },
276 $source
277 );
278
279 // Note: This will not correctly handle cases where ';', '{' or '}'
280 // appears in the rule itself, e.g. in a quoted string. You are advised
281 // not to use such characters in file names. We also match start/end of
282 // the string to be consistent in edge-cases ('@import url(…)').
283 $pattern = '/(?:^|[;{])\K[^;{}]*' . self::getUrlRegex() . '[^;}]*(?=[;}]|$)/';
284
285 $source = preg_replace_callback(
286 $pattern,
287 function ( $matchOuter ) use ( $local, $remote, $embedData ) {
288 $rule = $matchOuter[0];
289
290 // Check for global @embed comment and remove it. Allow other comments to be present
291 // before @embed (they have been replaced with placeholders at this point).
292 $embedAll = false;
293 $rule = preg_replace(
294 '/^((?:\s+|' .
295 CSSMin::PLACEHOLDER .
296 '(\d+)x)*)' .
297 CSSMin::EMBED_REGEX .
298 '\s*/',
299 '$1',
300 $rule,
301 1,
302 $embedAll
303 );
304
305 // Build two versions of current rule: with remapped URLs
306 // and with embedded data: URIs (where possible).
307 $pattern = '/(?P<embed>' . CSSMin::EMBED_REGEX . '\s*|)' . self::getUrlRegex() . '/';
308
309 $ruleWithRemapped = preg_replace_callback(
310 $pattern,
311 function ( $match ) use ( $local, $remote ) {
312 self::processUrlMatch( $match );
313
314 $remapped = CSSMin::remapOne( $match['file'], $match['query'], $local, $remote, false );
315 return CSSMin::buildUrlValue( $remapped );
316 },
317 $rule
318 );
319
320 if ( $embedData ) {
321 // Remember the occurring MIME types to avoid fallbacks when embedding some files.
322 $mimeTypes = [];
323
324 $ruleWithEmbedded = preg_replace_callback(
325 $pattern,
326 function ( $match ) use ( $embedAll, $local, $remote, &$mimeTypes ) {
327 self::processUrlMatch( $match );
328
329 $embed = $embedAll || $match['embed'];
330 $embedded = CSSMin::remapOne(
331 $match['file'],
332 $match['query'],
333 $local,
334 $remote,
335 $embed
336 );
337
338 $url = $match['file'] . $match['query'];
339 $file = "{$local}/{$match['file']}";
340 if (
341 !self::isRemoteUrl( $url ) && !self::isLocalUrl( $url )
342 && file_exists( $file )
343 ) {
344 $mimeTypes[ CSSMin::getMimeType( $file ) ] = true;
345 }
346
347 return CSSMin::buildUrlValue( $embedded );
348 },
349 $rule
350 );
351
352 // Are all referenced images SVGs?
353 $needsEmbedFallback = $mimeTypes !== [ 'image/svg+xml' => true ];
354 }
355
356 if ( !$embedData || $ruleWithEmbedded === $ruleWithRemapped ) {
357 // We're not embedding anything, or we tried to but the file is not embeddable
358 return $ruleWithRemapped;
359 } elseif ( $embedData && $needsEmbedFallback ) {
360 // Build 2 CSS properties; one which uses a data URI in place of the @embed comment, and
361 // the other with a remapped and versioned URL with an Internet Explorer 6 and 7 hack
362 // making it ignored in all browsers that support data URIs
363 return "$ruleWithEmbedded;$ruleWithRemapped!ie";
364 } else {
365 // Look ma, no fallbacks! This is for files which IE 6 and 7 don't support anyway: SVG.
366 return $ruleWithEmbedded;
367 }
368 }, $source );
369
370 // Re-insert comments
371 $pattern = '/' . self::PLACEHOLDER . '(\d+)x/';
372 $source = preg_replace_callback( $pattern, function ( $match ) use ( &$comments ) {
373 return $comments[ $match[1] ];
374 }, $source );
375
376 return $source;
377 }
378
379 /**
380 * Is this CSS rule referencing a remote URL?
381 *
382 * @param string $maybeUrl
383 * @return bool
384 */
385 protected static function isRemoteUrl( $maybeUrl ) {
386 if ( substr( $maybeUrl, 0, 2 ) === '//' || parse_url( $maybeUrl, PHP_URL_SCHEME ) ) {
387 return true;
388 }
389 return false;
390 }
391
392 /**
393 * Is this CSS rule referencing a local URL?
394 *
395 * @param string $maybeUrl
396 * @return bool
397 */
398 protected static function isLocalUrl( $maybeUrl ) {
399 return isset( $maybeUrl[1] ) && $maybeUrl[0] === '/' && $maybeUrl[1] !== '/';
400 }
401
402 /**
403 * @codeCoverageIgnore
404 */
405 private static function getUrlRegex() {
406 static $urlRegex;
407 if ( $urlRegex === null ) {
408 // Match these three variants separately to avoid broken urls when
409 // e.g. a double quoted url contains a parenthesis, or when a
410 // single quoted url contains a double quote, etc.
411 // FIXME: Simplify now we only support PHP 7.0.0+
412 // Note: PCRE doesn't support multiple capture groups with the same name by default.
413 // - PCRE 6.7 introduced the "J" modifier (PCRE_INFO_JCHANGED for PCRE_DUPNAMES).
414 // https://secure.php.net/manual/en/reference.pcre.pattern.modifiers.php
415 // However this isn't useful since it just ignores all but the first one.
416 // Also, while the modifier was introduced in PCRE 6.7 (PHP 5.2+) it was
417 // not exposed to public preg_* functions until PHP 5.6.0.
418 // - PCRE 8.36 fixed this to work as expected (e.g. merge conceptually to
419 // only return the one matched in the part that actually matched).
420 // However MediaWiki supports 5.5.9, which has PCRE 8.32
421 // Per https://secure.php.net/manual/en/pcre.installation.php:
422 // - PCRE 8.32 (PHP 5.5.0)
423 // - PCRE 8.34 (PHP 5.5.10, PHP 5.6.0)
424 // - PCRE 8.37 (PHP 5.5.26, PHP 5.6.9, PHP 7.0.0)
425 // Workaround by using different groups and merge via processUrlMatch().
426 // - Using string concatenation for class constant or member assignments
427 // is only supported in PHP 5.6. Use a getter method for now.
428 $urlRegex = '(' .
429 // Unquoted url
430 'url\(\s*(?P<file0>[^\s\'"][^\?\)]+?)(?P<query0>\?[^\)]*?|)\s*\)' .
431 // Single quoted url
432 '|url\(\s*\'(?P<file1>[^\?\']+?)(?P<query1>\?[^\']*?|)\'\s*\)' .
433 // Double quoted url
434 '|url\(\s*"(?P<file2>[^\?"]+?)(?P<query2>\?[^"]*?|)"\s*\)' .
435 ')';
436 }
437 return $urlRegex;
438 }
439
440 private static function processUrlMatch( array &$match, $flags = 0 ) {
441 if ( $flags & PREG_SET_ORDER ) {
442 // preg_match_all with PREG_SET_ORDER will return each group in each
443 // match array, and if it didn't match, instead of the sub array
444 // being an empty array it is `[ '', -1 ]`...
445 if ( isset( $match['file0'] ) && $match['file0'][1] !== -1 ) {
446 $match['file'] = $match['file0'];
447 $match['query'] = $match['query0'];
448 } elseif ( isset( $match['file1'] ) && $match['file1'][1] !== -1 ) {
449 $match['file'] = $match['file1'];
450 $match['query'] = $match['query1'];
451 } else {
452 if ( !isset( $match['file2'] ) || $match['file2'][1] === -1 ) {
453 throw new Exception( 'URL must be non-empty' );
454 }
455 $match['file'] = $match['file2'];
456 $match['query'] = $match['query2'];
457 }
458 } else {
459 if ( isset( $match['file0'] ) && $match['file0'] !== '' ) {
460 $match['file'] = $match['file0'];
461 $match['query'] = $match['query0'];
462 } elseif ( isset( $match['file1'] ) && $match['file1'] !== '' ) {
463 $match['file'] = $match['file1'];
464 $match['query'] = $match['query1'];
465 } else {
466 if ( !isset( $match['file2'] ) || $match['file2'] === '' ) {
467 throw new Exception( 'URL must be non-empty' );
468 }
469 $match['file'] = $match['file2'];
470 $match['query'] = $match['query2'];
471 }
472 }
473 }
474
475 /**
476 * Remap or embed a CSS URL path.
477 *
478 * @param string $file URL to remap/embed
479 * @param string $query
480 * @param string $local File path where the source was read from
481 * @param string $remote URL path to the file
482 * @param bool $embed Whether to do any data URI embedding
483 * @return string Remapped/embedded URL data
484 */
485 public static function remapOne( $file, $query, $local, $remote, $embed ) {
486 // The full URL possibly with query, as passed to the 'url()' value in CSS
487 $url = $file . $query;
488
489 // Expand local URLs with absolute paths like /w/index.php to possibly protocol-relative URL, if
490 // wfExpandUrl() is available. (This will not be the case if we're running outside of MW.)
491 if ( self::isLocalUrl( $url ) && function_exists( 'wfExpandUrl' ) ) {
492 return wfExpandUrl( $url, PROTO_RELATIVE );
493 }
494
495 // Pass thru fully-qualified and protocol-relative URLs and data URIs, as well as local URLs if
496 // we can't expand them.
497 // Also skips anchors or the rare `behavior` property specifying application's default behavior
498 if (
499 self::isRemoteUrl( $url ) ||
500 self::isLocalUrl( $url ) ||
501 substr( $url, 0, 1 ) === '#'
502 ) {
503 return $url;
504 }
505
506 if ( $local === false ) {
507 // Assume that all paths are relative to $remote, and make them absolute
508 $url = $remote . '/' . $url;
509 } else {
510 // We drop the query part here and instead make the path relative to $remote
511 $url = "{$remote}/{$file}";
512 // Path to the actual file on the filesystem
513 $localFile = "{$local}/{$file}";
514 if ( file_exists( $localFile ) ) {
515 if ( $embed ) {
516 $data = self::encodeImageAsDataURI( $localFile );
517 if ( $data !== false ) {
518 return $data;
519 }
520 }
521 if ( class_exists( OutputPage::class ) ) {
522 $url = OutputPage::transformFilePath( $remote, $local, $file );
523 } else {
524 // Add version parameter as the first five hex digits
525 // of the MD5 hash of the file's contents.
526 $url .= '?' . substr( md5_file( $localFile ), 0, 5 );
527 }
528 }
529 // If any of these conditions failed (file missing, we don't want to embed it
530 // or it's not embeddable), return the URL (possibly with ?timestamp part)
531 }
532 if ( function_exists( 'wfRemoveDotSegments' ) ) {
533 $url = wfRemoveDotSegments( $url );
534 }
535 return $url;
536 }
537
538 /**
539 * Removes whitespace from CSS data
540 *
541 * @param string $css CSS data to minify
542 * @return string Minified CSS data
543 */
544 public static function minify( $css ) {
545 return trim(
546 str_replace(
547 [ '; ', ': ', ' {', '{ ', ', ', '} ', ';}', '( ', ' )', '[ ', ' ]' ],
548 [ ';', ':', '{', '{', ',', '}', '}', '(', ')', '[', ']' ],
549 preg_replace( [ '/\s+/', '/\/\*.*?\*\//s' ], [ ' ', '' ], $css )
550 )
551 );
552 }
553 }
Wiklou, le Wiki du Wiklou