Xataface: actions/load_script.php Source File

Xataface 2.0
Xataface Application Framework
00001 <?php
00002 class dataface_actions_load_script {
00003 
00004 
00005         function handle($params){
00006                 session_write_close();
00007                 $app = Dataface_Application::getInstance();
00008                 $expires = 60*60*72;
00009                 try {
00010                 
00011                         
00012                         
00013                         $query = $app->getQuery();
00014                         
00015                         $script = @$query['--script'];
00016                         if ( !$script ){
00017                                 throw new Exception("Script could not be found", 404);
00018                         }
00019                         
00020                         $scripts = explode(',', $script);
00021                         
00022                         $jt = Dataface_JavascriptTool::getInstance();
00023                         
00024                         $jt->clearScripts();
00025                         $app->fireEvent('beforeLoadScript');
00026                         foreach ($scripts as $script){
00027                                 $script = trim($script);
00028         
00029                                 //echo '['.$script.']';exit;
00030                                 $script = $this->sanitizePath($script);
00031                                 
00032                                 $jt->import($script);
00033                         }
00034                         
00035                         header('Connection:close');
00036                         $conf = Dataface_Application::getInstance()->_conf;
00037                         $conf = @$conf['Dataface_JavascriptTool'];
00038                         if ( !$conf ) $conf = array();
00039                         if ( !@$conf['debug'] ){
00040                                 header("Pragma: public", true);
00041                                 header("Cache-Control:max-age=".$expires.', public, s-maxage='.$expires, true);
00042                                 header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$expires) . ' GMT', true);
00043                         }
00044                         header('Content-type: text/javascript; charset="'.$app->_conf['oe'].'"');
00045                         
00046                         $out = $jt->getContents();
00047                         header('Content-Length: '.strlen($out));
00048                         echo $out;
00049                         flush();
00050                         
00051                 } catch (Exception $ex){
00052                         
00053                         
00054                         header('Content-type: text/javascript; charset="'.$app->_conf['oe'].'"');
00055                         $out = 'console.log('.json_encode($ex->getMessage()).');';
00056                         header('Content-Length: '.strlen($out));
00057                         echo $out;
00058                         flush();
00059                         
00060                 }
00061                 
00062                 
00063                 
00064                 
00065         }
00066         
00067         
00068         function sanitizePath($path){
00069                 
00070                 $parts = explode('/', $path);
00071                 foreach ($parts as $part){
00072                         if ( strpos($part, '\\') !== false ) throw new Exception("Illegal backslash in path.");
00073                         if ( preg_match('/\s/', $part) ) throw new Exception("Illegal white space in path.");
00074                         if ( $part == '..' ) throw new Exception("Illegal .. in path");
00075                         
00076                 }
00077                 $path = implode('/', $parts);
00078                 if ( $path{0} == '/' ) throw new Exception("Absolute paths not supported");
00079                 return $path;
00080         
00081         }
00082 }