summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArto Bendiken2007-09-21 12:00:44 (GMT)
committerArto Bendiken2007-09-21 12:00:44 (GMT)
commitd338cadf9cad7a48c4876462cc719f7969989b15 (patch)
treeb7238e37762c7b1db90a0fa28d600e59ba40e6a0
parente06d7eb6697368d62e47b6f26ec584b74522699c (diff)
Imported latest 5.x version from SVN development repository.
-rw-r--r--boost.api.inc11
-rw-r--r--boost.module1
2 files changed, 7 insertions, 5 deletions
diff --git a/boost.api.inc b/boost.api.inc
index 60926c3..dae0e94 100644
--- a/boost.api.inc
+++ b/boost.api.inc
@@ -177,12 +177,13 @@ function boost_file_path($path) {
$path = 'index'; // special handling for Drupal's front page
}
- // Compose the full file system path to the static file
- $cache_dir = boost_cache_directory();
- $cache_file = implode('/', array($cache_dir, $path)) . BOOST_FILE_EXTENSION;
+ // Convert any undesirable characters in the path to underscores
+ $path = preg_replace('@[^/a-z0-9_-]@i', '_', $path);
- // Security check to make sure the file actually is where it should be
- return file_check_location($cache_file, $cache_dir);
+ // Limit the maximum directory nesting depth of the path
+ $path = implode('/', array_slice(explode('/', $path), 0, BOOST_MAX_PATH_DEPTH));
+
+ return boost_cache_directory() . '/' . $path . BOOST_FILE_EXTENSION;
}
/**
diff --git a/boost.module b/boost.module
index c4f72cd..dee29c4 100644
--- a/boost.module
+++ b/boost.module
@@ -15,6 +15,7 @@ define('BOOST_FRONTPAGE', drupal_get_normal_path(variable_get('site_f
define('BOOST_ENABLED', variable_get('boost', CACHE_DISABLED));
define('BOOST_FILE_PATH', variable_get('boost_file_path', 'cache'));
define('BOOST_FILE_EXTENSION', variable_get('boost_file_extension', '.html'));
+define('BOOST_MAX_PATH_DEPTH', 10);
define('BOOST_CACHEABILITY_OPTION', variable_get('boost_cacheability_option', 0));
define('BOOST_CACHEABILITY_PAGES', variable_get('boost_cacheability_pages', ''));
define('BOOST_FETCH_METHOD', variable_get('boost_fetch_method', 'php'));