// CSSP or CSS? $fileinfo = pathinfo($file); // For security reasons do not allow processing of files from above the base dir $file_path = realpath($fileinfo['dirname']); if (strpos($file_path, realpath($cssp->config['css_base_dir'])) !== 0) { $allowed = false; if (isset($cssp->config['allowed_dirs'])) { foreach ($cssp->config['allowed_dirs'] as $allowed_dir) { if (strpos($file_path, realpath($allowed_dir)) === 0) { $allowed = true; break; } } } if (!$allowed) { $cssp->report_error('Path of ' . $file . ' is not in the base directory. File not processed for security reasons.'); continue; } } if ($fileinfo['extension'] == 'css') { // Simply include normal css files in the output. Minify if not debugging and configured to minify if ($cssp->config['debug_level'] == 0 && $cssp->config['minify_css'] == true) { $css .= cssmin::minify(file_get_contents($file)); } else { $css .= file_get_contents($file); } } else { $incache = false; // Server-side cache: Has file already been parsed? $cachedir = isset($cssp->config['cache_dir']) ? $cssp->config['cache_dir'] : $cssp->config['turbine_base_dir'] . 'cache'; // Cache directory
} $etag = md5($fingerprint); // ...and check if client sends eTag to compare it with our eTag-fingerprint if ($cssp->config['debug_level'] == 0 && isset($_SERVER['HTTP_IF_NONE_MATCH']) && $_SERVER['HTTP_IF_NONE_MATCH'] === $etag) { // Browser already has the file so we tell him nothing changed and exit header('HTTP/1.1 304 Not Modified'); exit; } // Else parse the files and add the rusulting CSS code to $css $css = ''; foreach ($files as $file) { if ($file != '' && file_exists($file)) { $fileinfo = pathinfo($file); // For security reasons do not allow processing of files from above the base dir if (strpos(realpath($fileinfo['dirname']), realpath($cssp->config['css_base_dir'])) !== 0) { $cssp->report_error('Path of ' . $file . ' is not in the base directory. File not processed for security reasons.'); continue; } // CSSP or CSS? if ($fileinfo['extension'] == 'css') { // Simply include normal css files in the output. Minify if not debugging and configured to minify if ($cssp->config['debug_level'] == 0 && $cssp->config['minify_css'] == true) { $css .= cssmin::minify(file_get_contents($file)); } else { $css .= file_get_contents($file); } } else { $incache = false; // Server-side cache: Has file already been parsed? $cachedir = 'cache'; // Cache directory