diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/helpers/gallery.php | 8 | ||||
| -rw-r--r-- | modules/gallery/libraries/Gallery_View.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 22 |
3 files changed, 23 insertions, 13 deletions
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 725a710d..f1f7190c 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -222,4 +222,12 @@ class gallery_Core { static function show_profiler() { return file_exists(VARPATH . "PROFILE"); } + + /** + * Return true if we should allow Javascript and CSS combining for performance reasons. + * Typically we want this, but it's convenient for developers to be able to disable it. + */ + static function allow_css_and_js_combining() { + return !file_exists(VARPATH . "DONT_COMBINE"); + } }
\ No newline at end of file diff --git a/modules/gallery/libraries/Gallery_View.php b/modules/gallery/libraries/Gallery_View.php index 64fea0ad..8f02b53c 100644 --- a/modules/gallery/libraries/Gallery_View.php +++ b/modules/gallery/libraries/Gallery_View.php @@ -82,8 +82,10 @@ class Gallery_View_Core extends View { * @param $types a comma separated list of types to combine, eg "script,css" */ public function start_combining($types) { - foreach (explode(",", $types) as $type) { - $this->combine_queue[$type] = array(); + if (gallery::allow_css_and_js_combining()) { + foreach (explode(",", $types) as $type) { + $this->combine_queue[$type] = array(); + } } } diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 4a7153e1..51347f86 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -299,17 +299,17 @@ modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::s modules/organize/views/organize_frame.html.php 126 DIRTY_JS access::csrf_token() modules/organize/views/organize_frame.html.php 140 DIRTY_JS url::site("organize/delete") modules/organize/views/organize_frame.html.php 149 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 262 DIRTY_JS url::site("organize/rearrange") -modules/organize/views/organize_frame.html.php 273 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 312 DIRTY_JS $key -modules/organize/views/organize_frame.html.php 474 DIRTY_JS url::site("organize/tree/{$album->id}") -modules/organize/views/organize_frame.html.php 532 DIRTY_JS url::site("organize/reparent") -modules/organize/views/organize_frame.html.php 555 DIRTY_JS access::csrf_token() -modules/organize/views/organize_frame.html.php 571 DIRTY_JS access::can("edit",item::root()) -modules/organize/views/organize_frame.html.php 573 DIRTY_JS html::clean(item::root()->title) -modules/organize/views/organize_frame.html.php 575 DIRTY_JS item::root()->id -modules/organize/views/organize_frame.html.php 583 DIRTY_JS $album->id -modules/organize/views/organize_frame.html.php 584 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 264 DIRTY_JS url::site("organize/rearrange") +modules/organize/views/organize_frame.html.php 275 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 314 DIRTY_JS $key +modules/organize/views/organize_frame.html.php 476 DIRTY_JS url::site("organize/tree/{$album->id}") +modules/organize/views/organize_frame.html.php 534 DIRTY_JS url::site("organize/reparent") +modules/organize/views/organize_frame.html.php 557 DIRTY_JS access::csrf_token() +modules/organize/views/organize_frame.html.php 573 DIRTY_JS access::can("edit",item::root()) +modules/organize/views/organize_frame.html.php 575 DIRTY_JS html::clean(item::root()->title) +modules/organize/views/organize_frame.html.php 577 DIRTY_JS item::root()->id +modules/organize/views/organize_frame.html.php 585 DIRTY_JS $album->id +modules/organize/views/organize_frame.html.php 586 DIRTY_JS $album->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 3 DIRTY_ATTR request::protocol() |