Skip to content

Commit

Permalink
MDL-68426 theme: Set a limit on paths length in yui_combo
Browse files Browse the repository at this point in the history
The maximum paths length is now consistent with the YUI loader.
This fix also removes any duplicate paths, so each file is only ever
fetched once.
  • Loading branch information
mickhawkins authored and andrewnicols committed Jul 9, 2020
1 parent 3897447 commit f1d86e0
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion theme/yui_combo.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,21 @@
combo_not_found();
}

$etag = sha1($parts);
$parts = trim($parts, '&');

// Remove any duplicate parts, since each file only needs to be loaded once (which also helps reduce total file size).
$parts = implode('&', array_unique(explode('&', $parts)));

// Limit length of parts to match the YUI loader limit of 1024, to prevent loading an arbitrary number of files.
if (strlen($parts) > 1024) {
$parts = substr($parts, 0, 1024);

// If the shortened $parts has been cut off mid-way through a filename, trim back to the end of the previous filename.
if (substr($parts, -3) !== '.js' && substr($parts, -4) !== '.css') {
$parts = substr($parts, 0, strrpos($parts, '&'));
}
}

// find out what we are serving - only one type per request
$content = '';
if (substr($parts, -3) === '.js') {
Expand All @@ -51,6 +63,8 @@
combo_not_found();
}

$etag = sha1($parts);

// if they are requesting a revision that's not -1, and they have supplied an
// If-Modified-Since header, we can send back a 304 Not Modified since the
// content never changes (the rev number is increased any time the content changes)
Expand Down

0 comments on commit f1d86e0

Please sign in to comment.