Changeset 1250


Ignore:
Timestamp:
05/03/10 13:08:46 (7 years ago)
Author:
gogo
Message:

ticket:1515 Security patch to prevent rogue access to the compressors in contrib.

Location:
trunk/contrib
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/contrib/compress.php

    r1084 r1250  
    8585         
    8686        exec("echo \"".(preg_match('/XinhaCore.js$/',$file) ? $file_prefix.$core_prefix : $file_prefix)."\" > $file && java -jar ${cwd}/dojo_js_compressor.jar -c ${file}_uncompr.js >> $file 2>&1"); 
    87         if (preg_match('/js: ".*?", line \d+:/',file_get_contents($file))) 
     87        if (preg_match('/js: ".*?", line \d+:/',file_get_contents($file)) || preg_match('/sh: java: command not found/', file_get_contents($file))) 
    8888        { 
    8989                unlink($file); 
  • trunk/contrib/compress_yui.php

    r1175 r1250  
    9393 
    9494        passthru("echo \"".(preg_match('/XinhaCore.js$/',$file) ? $file_prefix.$core_prefix : $prefix)."\" > $file && java -jar {$xinha_root}/contrib/yuicompressor-2.4.2.jar  --charset UTF-8 ${file}_uncompr${ext} >> $file 2>&1"); 
    95         if (preg_match('/\d+:\d+:syntax error/',file_get_contents($file))) 
     95        if (preg_match('/\d+:\d+:syntax error/',file_get_contents($file)) || preg_match('/sh: java: command not found/', file_get_contents($file))) 
    9696        { 
    9797                unlink($file); 
Note: See TracChangeset for help on using the changeset viewer.