Merged in bugfix/MAPG-187-dont-evaluate-asset-paths (pull request #165)

Bugfix/MAPG-187 dont evaluate asset paths
This commit is contained in:
Bence Pőcze 2020-06-28 17:38:03 +00:00
commit 34f0c92eb5
19 changed files with 74 additions and 76 deletions

View File

@ -108,7 +108,7 @@ class Linker
private function generateAssets(ParsedFragment $fragment, array &$sections) private function generateAssets(ParsedFragment $fragment, array &$sections)
{ {
foreach ($fragment->getCss() as $cssFile) { foreach ($fragment->getCss() as $cssFile) {
$asset = $this->parseAsset($cssFile, 'css'); $asset = $this->parseAsset($cssFile);
if (isset($asset['code'])) { if (isset($asset['code'])) {
$sections['inlineCss'] .= '<style>' . PHP_EOL; $sections['inlineCss'] .= '<style>' . PHP_EOL;
$sections['inlineCss'] .= $asset['code']; $sections['inlineCss'] .= $asset['code'];
@ -119,7 +119,7 @@ class Linker
} }
foreach ($fragment->getJs() as $jsFile) { foreach ($fragment->getJs() as $jsFile) {
$asset = $this->parseAsset($jsFile, 'js'); $asset = $this->parseAsset($jsFile);
if (isset($asset['code'])) { if (isset($asset['code'])) {
$sections['inlineJs'] .= '<script>' . PHP_EOL; $sections['inlineJs'] .= '<script>' . PHP_EOL;
$sections['inlineJs'] .= $asset['code']; $sections['inlineJs'] .= $asset['code'];
@ -130,25 +130,22 @@ class Linker
} }
} }
private function parseAsset(string $asset, string $type): array private function parseAsset(string $asset): array
{ {
$output = []; $output = [];
eval('$asset = ' . $asset . ';'); if (preg_match('/^[\w\/\.]+$/', $asset)) {
if ( if (
empty($_ENV['DEV']) && empty($_ENV['DEV']) &&
preg_match('/^' . $type . '\/.*/', $asset) &&
filesize(ROOT . '/public/static/' . $asset) < self::INLINE_ASSET_LIMIT filesize(ROOT . '/public/static/' . $asset) < self::INLINE_ASSET_LIMIT
) { ) {
$output['code'] = file_get_contents(ROOT . '/public/static/' . $asset); $output['code'] = file_get_contents(ROOT . '/public/static/' . $asset);
} else { } else {
if (!preg_match('/^http(s)?/', $asset)) { $output['file'] = '<?= $_ENV[\'STATIC_ROOT\'] ?>/' . $asset . '?rev=<?= REVISION ?>';
$output['file'] = $_ENV['STATIC_ROOT'] . '/' . $asset . '?rev=<?= REVISION ?>'; }
} else { } else {
$output['file'] = $asset; $output['file'] = $asset;
} }
}
return $output; return $output;
} }

View File

@ -126,7 +126,7 @@ class Parser
private function matchExtends(string $line): ?string private function matchExtends(string $line): ?string
{ {
if (preg_match('/^\s*@extends\(\'([\w\/]+)\'\)\s*$/', $line, $matches)) { if (preg_match('/^\s*@extends\(([\w\/]+)\)\s*$/', $line, $matches)) {
return $matches[1]; return $matches[1];
} }
@ -135,7 +135,7 @@ class Parser
private function matchSection(string $line): ?string private function matchSection(string $line): ?string
{ {
if (preg_match('/^\s*@section\(\'(\w+)\'\)\s*$/', $line, $matches)) { if (preg_match('/^\s*@section\((\w+)\)\s*$/', $line, $matches)) {
return $matches[1]; return $matches[1];
} }

View File

@ -1,8 +1,8 @@
@js('js/account/account.js') @js(js/account/account.js)
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Account</h2> <h2>Account</h2>
<div class="box"> <div class="box">
<form id="accountForm" action="/account" method="post" data-observe-inputs="password_new,password_new_confirm"> <form id="accountForm" action="/account" method="post" data-observe-inputs="password_new,password_new_confirm">

View File

@ -1,8 +1,8 @@
@js('js/account/account.js') @js(js/account/account.js)
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Delete account</h2> <h2>Delete account</h2>
<div class="box"> <div class="box">
<form id="deleteAccountForm" action="/account/delete" method="post" data-redirect-on-success="/"> <form id="deleteAccountForm" action="/account/delete" method="post" data-redirect-on-success="/">

View File

@ -1,8 +1,8 @@
@js('js/account/google_authenticate.js') @js(js/account/google_authenticate.js)
@extends('templates/layout_minimal') @extends(templates/layout_minimal)
@section('main') @section(main)
<h2>Authenticate with Google</h2> <h2>Authenticate with Google</h2>
<?php if (!$success): ?> <?php if (!$success): ?>
<div class="box"> <div class="box">
@ -18,7 +18,7 @@
<?php endif; ?> <?php endif; ?>
@endsection @endsection
@section('pageScript') @section(pageScript)
<script> <script>
var success = <?= $success ? 'true' : 'false' ?>; var success = <?= $success ? 'true' : 'false' ?>;
<?php if (isset($authenticatedWithGoogleUntil)): ?> <?php if (isset($authenticatedWithGoogleUntil)): ?>

View File

@ -1,16 +1,16 @@
@css('node_modules/leaflet/dist/leaflet.css') @css(node_modules/leaflet/dist/leaflet.css)
@css('css/map_editor.css') @css(css/map_editor.css)
@css('node_modules/leaflet.markercluster/dist/MarkerCluster.css') @css(node_modules/leaflet.markercluster/dist/MarkerCluster.css)
@css('node_modules/leaflet.markercluster/dist/MarkerCluster.Default.css') @css(node_modules/leaflet.markercluster/dist/MarkerCluster.Default.css)
@js('node_modules/leaflet/dist/leaflet.js') @js(node_modules/leaflet/dist/leaflet.js)
@js('node_modules/leaflet.markercluster/dist/leaflet.markercluster.js') @js(node_modules/leaflet.markercluster/dist/leaflet.markercluster.js)
@js('https://maps.googleapis.com/maps/api/js?key=' . $_ENV['GOOGLE_MAPS_JS_API_KEY']) @js(https://maps.googleapis.com/maps/api/js?key=<?= $_ENV['GOOGLE_MAPS_JS_API_KEY'] ?>)
@js('js/map_editor.js') @js(js/map_editor.js)
@extends('templates/layout_full') @extends(templates/layout_full)
@section('subheader') @section(subheader)
<span><a href="javascript:;" id="mapName" title="Edit map data"><?= $mapName ?></a></span><!-- <span><a href="javascript:;" id="mapName" title="Edit map data"><?= $mapName ?></a></span><!--
--><span><!-- --><span><!--
<?php /* Copyright (c) 2019 The Bootstrap Authors. License can be found in 'USED_SOFTWARE' in section 'Bootstrap Icons'. */ ?> <?php /* Copyright (c) 2019 The Bootstrap Authors. License can be found in 'USED_SOFTWARE' in section 'Bootstrap Icons'. */ ?>
@ -38,7 +38,7 @@
--></span> --></span>
@endsection @endsection
@section('pagemodal') @section(pagemodal)
<div id="metadata" class="modal"> <div id="metadata" class="modal">
<h2>Edit map data</h2> <h2>Edit map data</h2>
<form id="metadataForm" class="marginTop" data-no-submit="true"> <form id="metadataForm" class="marginTop" data-no-submit="true">
@ -52,7 +52,7 @@
</div> </div>
@endsection @endsection
@section('main') @section(main)
<div id="map"></div> <div id="map"></div>
<div id="panorama"></div> <div id="panorama"></div>
<div id="noPano"> <div id="noPano">
@ -68,7 +68,7 @@
</div> </div>
@endsection @endsection
@section('pageScript') @section(pageScript)
<script> <script>
var tileUrl = '<?= $_ENV['LEAFLET_TILESERVER_URL'] ?>'; var tileUrl = '<?= $_ENV['LEAFLET_TILESERVER_URL'] ?>';
var tileAttribution = '<?= $_ENV['LEAFLET_TILESERVER_ATTRIBUTION'] ?>'; var tileAttribution = '<?= $_ENV['LEAFLET_TILESERVER_ATTRIBUTION'] ?>';

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>404 | Page not found</h2> <h2>404 | Page not found</h2>
<p>The requested URL was not found on this server. <a href="/" title="<?= $_ENV['APP_NAME'] ?>">Back to start.</a></p> <p>The requested URL was not found on this server. <a href="/" title="<?= $_ENV['APP_NAME'] ?>">Back to start.</a></p>
@endsection @endsection

View File

@ -1,17 +1,17 @@
@css('css/game.css') @css(css/game.css)
@js('https://maps.googleapis.com/maps/api/js?key=' . $_ENV['GOOGLE_MAPS_JS_API_KEY']) @js(https://maps.googleapis.com/maps/api/js?key=<?= $_ENV['GOOGLE_MAPS_JS_API_KEY'] ?>)
@js('js/game.js') @js(js/game.js)
@extends('templates/layout_full') @extends(templates/layout_full)
@section('subheader') @section(subheader)
<span id="mapName" class="bold"><?= $mapName ?></span><!-- <span id="mapName" class="bold"><?= $mapName ?></span><!--
--><span>Round <span id="currentRound" class="bold"></span></span><!-- --><span>Round <span id="currentRound" class="bold"></span></span><!--
--><span>Score <span id="currentScoreSum" class="bold"></span></span> --><span>Score <span id="currentScoreSum" class="bold"></span></span>
@endsection @endsection
@section('main') @section(main)
<div id="panoCover"></div> <div id="panoCover"></div>
<div id="panorama"></div> <div id="panorama"></div>
<div id="showGuessButtonContainer"> <div id="showGuessButtonContainer">
@ -48,7 +48,7 @@
</div> </div>
@endsection @endsection
@section('pageScript') @section(pageScript)
<script> <script>
var mapId = <?= $mapId ?>; var mapId = <?= $mapId ?>;
var mapBounds = <?= json_encode($bounds) ?>; var mapBounds = <?= json_encode($bounds) ?>;

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Account activation</h2> <h2>Account activation</h2>
<div class="box"> <div class="box">
<p class="error justify">Activation failed. Please check the link you entered or retry <a href="/signup" title="Sign up">sign up</a>!</p> <p class="error justify">Activation failed. Please check the link you entered or retry <a href="/signup" title="Sign up">sign up</a>!</p>

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Account cancellation</h2> <h2>Account cancellation</h2>
<div class="box"> <div class="box">
<?php if ($success) : ?> <?php if ($success) : ?>

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Login up with Google</h2> <h2>Login up with Google</h2>
<div class="box"> <div class="box">
<p class="error justify">Authentication with Google failed. Please <a href="/login/google" title="Login with Google">try again</a>!</p> <p class="error justify">Authentication with Google failed. Please <a href="/login/google" title="Login with Google">try again</a>!</p>

View File

@ -1,8 +1,8 @@
@js('js/login/google_signup.js') @js(js/login/google_signup.js)
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Sign up</h2> <h2>Sign up</h2>
<div class="box"> <div class="box">
<form id="googleSignupForm" action="/signup/google" method="post" data-redirect-on-success="/"> <form id="googleSignupForm" action="/signup/google" method="post" data-redirect-on-success="/">

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Login</h2> <h2>Login</h2>
<div class="box"> <div class="box">
<form id="loginForm" action="/login" method="post" data-redirect-on-success="/"> <form id="loginForm" action="/login" method="post" data-redirect-on-success="/">

View File

@ -1,8 +1,8 @@
@js('js/login/signup.js') @js(js/login/signup.js)
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Sign up</h2> <h2>Sign up</h2>
<div class="box"> <div class="box">
<form id="signupForm" action="/signup" method="post" data-redirect-on-success="/signup/success"> <form id="signupForm" action="/signup" method="post" data-redirect-on-success="/signup/success">

View File

@ -1,6 +1,6 @@
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<h2>Sign up</h2> <h2>Sign up</h2>
<div class="box"> <div class="box">
<p class="justify">Sign up was successful. Please check your email and click on the activation link to activate your account!</p> <p class="justify">Sign up was successful. Please check your email and click on the activation link to activate your account!</p>

View File

@ -1,11 +1,11 @@
@css('css/maps.css') @css(css/maps.css)
@js('js/maps.js') @js(js/maps.js)
TODO: condition! TODO: condition!
@js('js/maps_admin.js') @js(js/maps_admin.js)
@extends('templates/layout_normal') @extends(templates/layout_normal)
@section('main') @section(main)
<div id="mapContainer"> <div id="mapContainer">
<?php foreach ($maps as $map): ?> <?php foreach ($maps as $map): ?>
<div class="mapItem"> <div class="mapItem">

View File

@ -1,6 +1,6 @@
@extends('templates/mapguesser') @extends(templates/mapguesser)
@section('content') @section(content)
<header class="small"> <header class="small">
<h1> <h1>
<a href="/" title="<?= $_ENV['APP_NAME'] ?>"> <a href="/" title="<?= $_ENV['APP_NAME'] ?>">

View File

@ -1,6 +1,6 @@
@extends('templates/mapguesser') @extends(templates/mapguesser)
@section('content') @section(content)
<header> <header>
<h1> <h1>
<img class="inline" width="1em" height="1em" src="<?= $_ENV['STATIC_ROOT'] ?>/img/icon.svg?rev=<?= REVISION ?>"><!-- <img class="inline" width="1em" height="1em" src="<?= $_ENV['STATIC_ROOT'] ?>/img/icon.svg?rev=<?= REVISION ?>"><!--

View File

@ -1,5 +1,6 @@
@extends('templates/mapguesser') @extends(templates/mapguesser)
@section('content')
@section(content)
<header> <header>
<h1> <h1>
<a href="/" title="<?= $_ENV['APP_NAME'] ?>"> <a href="/" title="<?= $_ENV['APP_NAME'] ?>">