Minify could use an abstract controller class that maps URLs to an array
of file paths to be combined.
This way the user could chose other ways to specify sets of files, like
pre-defined groups, or by specifying particular directories that can be
used, particular patterns that the file names must match, custom formats
for the URLs (avoiding the need for mod_rewrite), etc. In this way, all
the path resolution code could be moved to only controllers that need it.
URLs could be like:
/minify.php/js/jQuery,plugin.jQuery,myScript
or just
/minify.php/homePageJs
A problem with the current system is that the visitor has the ability to
specify long sets of files in different orders that are of no use to the
site, yet PHP still has to act on these requests, resolve paths, check
file existence, combine, minimize, cache and serve these bogus files. Not
exactly a DoS issue, I know.
With that in mind, I'd suggest that the default controller should force
the user to define keys to groups of files that need combining. Or at
least force the user to define allowable directories for certain types. In
any case being able to eliminate relative path resolution would be great
for security.
Original issue reported on code.google.com by stephen....@gmail.com on 21 Sep 2007 at 4:34
Original issue reported on code.google.com by
stephen....@gmail.com
on 21 Sep 2007 at 4:34