diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-29 17:44:02 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-29 17:44:02 -0700 |
| commit | 3080317d6e5e4ea9e56b1fd5444c4bcf5852c362 (patch) | |
| tree | b8c45bb7f6adde996184175e5d29d0a43f520097 /modules/gallery/controllers/combined.php | |
| parent | 006b63030a364677143799c7ce41eabb10c86eee (diff) | |
Refactor combined controller a bit
1) Create public javascript() and css() functions and turn __call()
into a private function to protect us against having some random
type show up in there. Otherwise anything you put in the 2nd
argument gets emitted in the header which is a security hole.
2) Fix a bug ("$key = $key[0]") which was breaking functionality.
Eliminate the hex check, it's not really necessary in the majority
case and doesn't hurt us in edge cases.
3) Convert some empty() calls to !, no need for a function call there.
4) Add phpDoc.
Diffstat (limited to 'modules/gallery/controllers/combined.php')
| -rw-r--r-- | modules/gallery/controllers/combined.php | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/modules/gallery/controllers/combined.php b/modules/gallery/controllers/combined.php index 8a157e6b..f6c6d60b 100644 --- a/modules/gallery/controllers/combined.php +++ b/modules/gallery/controllers/combined.php @@ -18,35 +18,49 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Combined_Controller extends Controller { - public function __call($type, $key) { - if (empty($key)) { - Kohana::show_404(); - } - $key = $key[0]; - if (preg_match('/[^0-9a-f]/', $key)) { - // The key can't contain non-hex, so just terminate early - Kohana::show_404(); - } + /** + * Return the combined Javascript bundle associated with the given key. + */ + public function javascript($key) { + return $this->_emit("javascript", $key); + } - // We don't need to save the session for this request - Session::abort_save(); + /** + * Return the combined CSS bundle associated with the given key. + */ + public function css($key) { + return $this->_emit("css", $key); + } + /** + * Print out a cached entry. + * @param string the combined entry type (either "javascript" or "css") + * @param string the key (typically an md5 sum) + */ + private function _emit($type, $key) { // Our data is immutable, so if they already have a copy then it needs no updating. if (!empty($_SERVER["HTTP_IF_MODIFIED_SINCE"])) { header('HTTP/1.0 304 Not Modified'); return; } + if (empty($key)) { + Kohana::show_404(); + } + + // We don't need to save the session for this request + Session::abort_save(); + $cache = Cache::instance(); if (strpos($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip") !== false ) { $content = $cache->get("{$key}_gz"); } - if (empty($content)) { + if (!$content) { $content = $cache->get($key); } - if (empty($content)) { + if (!$content) { Kohana::show_404(); } @@ -55,6 +69,7 @@ class Combined_Controller extends Controller { header("Cache-Control: public"); } + // $type is either 'javascript' or 'css' header("Content-Type: text/$type; charset=UTF-8"); header("Expires: Tue, 19 Jan 2038 00:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s T", time())); |