lib/javascript.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * This file is serving optimised JS
  19  *
  20  * @package    core_lib
  21  * @copyright  2010 Petr Skoda (skodak)
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 // disable moodle specific debug messages and any errors in output,
  26 // comment out when debugging or better look into error log!
  27 define('NO_DEBUG_DISPLAY', true);
  28
  29 // we need just the values from config.php and minlib.php
  30 define('ABORT_AFTER_CONFIG', true);
  31 require('../config.php'); // this stops immediately at the beginning of lib/setup.php
  32 require_once("$CFG->dirroot/lib/jslib.php");
  33
  34 if ($slashargument = min_get_slash_argument()) {
  35     $slashargument = ltrim($slashargument, '/');
  36     if (substr_count($slashargument, '/') < 1) {
  37         header('HTTP/1.0 404 not found');
  38         die('Slash argument must contain both a revision and a file path');
  39     }
  40     // image must be last because it may contain "/"
  41     list($rev, $file) = explode('/', $slashargument, 2);
  42     $rev  = min_clean_param($rev, 'INT');
  43     $file = '/'.min_clean_param($file, 'SAFEPATH');
  44
  45 } else {
  46     $rev  = min_optional_param('rev', -1, 'INT');
  47     $file = min_optional_param('jsfile', '', 'RAW'); // 'file' would collide with URL rewriting!
  48 }
  49
  50 // some security first - pick only files with .js extension in dirroot
  51 $jsfiles = array();
  52 $files = explode(',', $file);
  53 foreach ($files as $fsfile) {
  54     $jsfile = realpath($CFG->dirroot.$fsfile);
  55     if ($jsfile === false) {
  56         // does not exist
  57         continue;
  58     }
  59     if ($CFG->dirroot === '/') {
  60         // Some shared hosting sites serve files directly from '/',
  61         // this is NOT supported, but at least allow JS when showing
  62         // errors and warnings.
  63     } else if (strpos($jsfile, $CFG->dirroot . DIRECTORY_SEPARATOR) !== 0) {
  64         // hackers - not in dirroot
  65         continue;
  66     }
  67     if (substr($jsfile, -3) !== '.js') {
  68         // hackers - not a JS file
  69         continue;
  70     }
  71     $jsfiles[] = $jsfile;
  72 }
  73
  74 if (!$jsfiles) {
  75     // bad luck - no valid files
  76     header('HTTP/1.0 404 not found');
  77     die('No valid javascript files found');
  78 }
  79
  80 $etag = sha1($rev.implode(',', $jsfiles));
  81
  82 // Use the caching only for meaningful revision numbers which prevents future cache poisoning.
  83 if ($rev > 0 and $rev < (time() + 60*60)) {
  84     $candidate = $CFG->localcachedir.'/js/'.$etag;
  85
  86     if (file_exists($candidate)) {
  87         if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
  88             // we do not actually need to verify the etag value because our files
  89             // never change in cache because we increment the rev parameter
  90             js_send_unmodified(filemtime($candidate), $etag);
  91         }
  92         js_send_cached($candidate, $etag);
  93
  94     } else {
  95         // The JS needs minfifying, so we're gonna have to load our full Moodle
  96         // environment to process it..
  97         define('ABORT_AFTER_CONFIG_CANCEL', true);
  98
  99         define('NO_MOODLE_COOKIES', true); // Session not used here.
 100         define('NO_UPGRADE_CHECK', true);  // Ignore upgrade check.
 101
 102         require("$CFG->dirroot/lib/setup.php");
 103
 104         js_write_cache_file_content($candidate, core_minify::js_files($jsfiles));
 105         // verify nothing failed in cache file creation
 106         clearstatcache();
 107         if (file_exists($candidate)) {
 108             js_send_cached($candidate, $etag);
 109         }
 110     }
 111 }
 112
 113 $content = '';
 114 foreach ($jsfiles as $jsfile) {
 115     $content .= file_get_contents($jsfile)."\n";
 116 }
 117 js_send_uncached($content);