Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
98.61% |
142 / 144 |
|
91.67% |
11 / 12 |
CRAP | |
0.00% |
0 / 1 |
CSSMin | |
99.30% |
142 / 143 |
|
91.67% |
11 / 12 |
44 | |
0.00% |
0 / 1 |
getLocalFileReferences | |
100.00% |
17 / 17 |
|
100.00% |
1 / 1 |
7 | |||
encodeImageAsDataURI | |
87.50% |
7 / 8 |
|
0.00% |
0 / 1 |
4.03 | |||
encodeStringAsDataURI | |
100.00% |
16 / 16 |
|
100.00% |
1 / 1 |
2 | |||
serializeStringValue | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
1 | |||
getMimeType | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
buildUrlValue | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
2 | |||
remap | |
100.00% |
50 / 50 |
|
100.00% |
1 / 1 |
4 | |||
isRemoteUrl | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
2 | |||
isLocalUrl | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
4 | |||
getUrlRegex | n/a |
0 / 0 |
n/a |
0 / 0 |
2 | |||||
resolveUrl | |
100.00% |
14 / 14 |
|
100.00% |
1 / 1 |
5 | |||
remapOne | |
100.00% |
19 / 19 |
|
100.00% |
1 / 1 |
9 | |||
minify | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | /** |
3 | * Copyright 2010 Trevor Parscal <tparscal@wikimedia.org> |
4 | * |
5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
6 | * you may not use this file except in compliance with the License. |
7 | * You may obtain a copy of the License at |
8 | * |
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
10 | * |
11 | * Unless required by applicable law or agreed to in writing, software |
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 | * See the License for the specific language governing permissions and |
15 | * limitations under the License. |
16 | * |
17 | * @file |
18 | * @license Apache-2.0 |
19 | */ |
20 | |
21 | namespace Wikimedia\Minify; |
22 | |
23 | use Net_URL2; |
24 | |
25 | /** |
26 | * Transforms CSS data. |
27 | * |
28 | * This class provides minification, URL remapping, URL extracting, and data-URL embedding. |
29 | */ |
30 | class CSSMin { |
31 | |
32 | /** |
33 | * Strip marker for comments |
34 | */ |
35 | private const PLACEHOLDER = "\x7fPLACEHOLDER\x7f"; |
36 | |
37 | /** |
38 | * Maximum file size to embed in a stylesheet. |
39 | * |
40 | * Use of `@embed` is generally discouraged (see T121730, T118514, and T120984). |
41 | * |
42 | * In a nut shell: Stylesheets, and thus any images we embed inside of them, |
43 | * are required to be fully downloaded by a browser before literally any content |
44 | * or interface component can be rendered on-screen. Embedding an image means |
45 | * you are saying it is more important to render this image than to render the |
46 | * page content (or that it is undesirable to render even the first paragraph |
47 | * of an article unless this image is also immediately there in the first paint). |
48 | * |
49 | * There are some cases where a small image can be worth embedding, for example |
50 | * if the image's file size is comparable or smaller than to size of the URL from |
51 | * which it would be lazy-loaded when CSS rules are applied. In that case, embedding |
52 | * the file content in place of the web address could be an uncompromising win for |
53 | * all users. |
54 | * |
55 | * To avoid mistakes and protect performance, we put an arbitrary limit on this. |
56 | * If a file is larger than this limit, it should probably be loaded using the |
57 | * default CSS behaviour (by URL, without `@embed` instruction), or embedded as |
58 | * SVG directly in the HTML response if it is such a vital part of the page. |
59 | * |
60 | * See encodeImageAsDataURI(). |
61 | */ |
62 | private const DATA_URI_SIZE_LIMIT = 32768; |
63 | |
64 | private const EMBED_REGEX = '\/\*\s*\@embed\s*\*\/'; |
65 | private const COMMENT_REGEX = '\/\*.*?\*\/'; |
66 | |
67 | /** |
68 | * List of common image files extensions and MIME-types |
69 | */ |
70 | private const MIME_TYPES = [ |
71 | 'gif' => 'image/gif', |
72 | 'jpe' => 'image/jpeg', |
73 | 'jpeg' => 'image/jpeg', |
74 | 'jpg' => 'image/jpeg', |
75 | 'png' => 'image/png', |
76 | 'tif' => 'image/tiff', |
77 | 'tiff' => 'image/tiff', |
78 | 'xbm' => 'image/x-xbitmap', |
79 | 'svg' => 'image/svg+xml', |
80 | ]; |
81 | |
82 | /** |
83 | * Get a list of local files referenced in a stylesheet (includes non-existent files). |
84 | * |
85 | * @param string $source CSS stylesheet source to process |
86 | * @param string $path File path where the source was read from |
87 | * @return string[] List of local file references |
88 | */ |
89 | public static function getLocalFileReferences( $source, $path ) { |
90 | $stripped = preg_replace( '/' . self::COMMENT_REGEX . '/s', '', $source ); |
91 | $path = rtrim( $path, '/' ) . '/'; |
92 | $files = []; |
93 | |
94 | $rFlags = PREG_OFFSET_CAPTURE | PREG_SET_ORDER; |
95 | if ( preg_match_all( '/' . self::getUrlRegex() . '/J', $stripped, $matches, $rFlags ) ) { |
96 | foreach ( $matches as $match ) { |
97 | $url = $match['file'][0]; |
98 | |
99 | // Skip fully-qualified and protocol-relative URLs and data URIs |
100 | if ( |
101 | strpos( $url, '//' ) === 0 || |
102 | parse_url( $url, PHP_URL_SCHEME ) |
103 | ) { |
104 | break; |
105 | } |
106 | |
107 | // Strip trailing anchors - T115436 |
108 | $anchor = strpos( $url, '#' ); |
109 | if ( $anchor !== false ) { |
110 | $url = substr( $url, 0, $anchor ); |
111 | |
112 | // '#some-anchors' is not a file |
113 | if ( $url === '' ) { |
114 | break; |
115 | } |
116 | } |
117 | |
118 | $files[] = $path . $url; |
119 | } |
120 | } |
121 | return $files; |
122 | } |
123 | |
124 | /** |
125 | * Encode an image file as a data URI. |
126 | * |
127 | * If the image file has a suitable MIME type and size, encode it as a data URI, base64-encoded |
128 | * for binary files or just percent-encoded otherwise. Return false if the image type is |
129 | * unfamiliar or the file exceeds the size limit. |
130 | * |
131 | * @param string $file Image file to encode. |
132 | * @param string|null $type File's MIME type or null. If null, CSSMin will |
133 | * try to autodetect the type. |
134 | * @return string|false Image contents encoded as a data URI or false. |
135 | */ |
136 | public static function encodeImageAsDataURI( $file, $type = null ) { |
137 | // Fast-fail for files that exceed the maximum data URI length |
138 | if ( filesize( $file ) >= self::DATA_URI_SIZE_LIMIT ) { |
139 | trigger_error( "File exceeds limit for embedded files: $file", E_USER_WARNING ); |
140 | return false; |
141 | } |
142 | |
143 | if ( $type === null ) { |
144 | $type = self::getMimeType( $file ); |
145 | } |
146 | if ( !$type ) { |
147 | return false; |
148 | } |
149 | |
150 | return self::encodeStringAsDataURI( file_get_contents( $file ), $type ); |
151 | } |
152 | |
153 | /** |
154 | * Encode file contents as a data URI with chosen MIME type. |
155 | * |
156 | * The URI will be base64-encoded for binary files or just percent-encoded otherwise. |
157 | * |
158 | * @since 2.0.0 |
159 | * @param string $contents File contents to encode. |
160 | * @param string $type File's MIME type. |
161 | * @return string Image contents encoded as a data URI or false. |
162 | */ |
163 | public static function encodeStringAsDataURI( $contents, $type ) { |
164 | // Try #1: Non-encoded data URI |
165 | // Remove XML declaration, it's not needed with data URI usage |
166 | $contents = preg_replace( "/<\\?xml.*?\\?>/", '', $contents ); |
167 | // The regular expression matches ASCII whitespace and printable characters. |
168 | if ( preg_match( '/^[\r\n\t\x20-\x7e]+$/', $contents ) ) { |
169 | // Do not base64-encode non-binary files (sensible SVGs). |
170 | // (This often produces longer URLs, but they compress better, yielding a net smaller size.) |
171 | $encoded = rawurlencode( $contents ); |
172 | // Unencode some things that don't need to be encoded, to make the encoding smaller |
173 | $encoded = strtr( $encoded, [ |
174 | // Unencode spaces |
175 | '%20' => ' ', |
176 | // Unencode slashes |
177 | '%2F' => '/', |
178 | // Unencode colons |
179 | '%3A' => ':', |
180 | // Unencode equals signs |
181 | '%3D' => '=', |
182 | // Change newlines to spaces |
183 | '%0A' => ' ', |
184 | // Change carriage returns to spaces |
185 | '%0D' => ' ', |
186 | // Change tabs to spaces |
187 | '%09' => ' ', |
188 | ] ); |
189 | // Consolidate runs of multiple spaces in a row |
190 | $encoded = preg_replace( '/ {2,}/', ' ', $encoded ); |
191 | // Remove leading and trailing spaces |
192 | $encoded = trim( $encoded, ' ' ); |
193 | return 'data:' . $type . ',' . $encoded; |
194 | } |
195 | |
196 | // Try #2: Encoded data URI |
197 | return 'data:' . $type . ';base64,' . base64_encode( $contents ); |
198 | } |
199 | |
200 | /** |
201 | * Serialize a string (escape and quote) for use as a CSS string value. |
202 | * https://drafts.csswg.org/cssom/#serialize-a-string |
203 | * |
204 | * @param string $value |
205 | * @return string |
206 | */ |
207 | public static function serializeStringValue( $value ) { |
208 | $value = strtr( $value, [ "\0" => "\u{FFFD}", '\\' => '\\\\', '"' => '\\"' ] ); |
209 | $value = preg_replace_callback( '/[\x01-\x1f\x7f]/', static function ( $match ) { |
210 | return '\\' . base_convert( (string)ord( $match[0] ), 10, 16 ) . ' '; |
211 | }, $value ); |
212 | return '"' . $value . '"'; |
213 | } |
214 | |
215 | /** |
216 | * @param string $file |
217 | * @return bool|string |
218 | */ |
219 | public static function getMimeType( $file ) { |
220 | // Infer the MIME-type from the file extension |
221 | $ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) ); |
222 | return self::MIME_TYPES[$ext] ?? mime_content_type( realpath( $file ) ); |
223 | } |
224 | |
225 | /** |
226 | * Build a CSS 'url()' value for the given URL, quoting parentheses (and other funny characters) |
227 | * and escaping quotes as necessary. |
228 | * |
229 | * See http://www.w3.org/TR/css-syntax-3/#consume-a-url-token |
230 | * |
231 | * @param string $url URL to process |
232 | * @return string 'url()' value, usually just `"url($url)"`, quoted/escaped if necessary |
233 | */ |
234 | public static function buildUrlValue( $url ) { |
235 | // The list below has been crafted to match URLs such as: |
236 | // scheme://user@domain:port/~user/fi%20le.png?query=yes&really=y+s |
237 | // data:image/png;base64,R0lGODlh/+== |
238 | if ( preg_match( '!^[\w:@/~.%+;,?&=-]+$!', $url ) ) { |
239 | return "url($url)"; |
240 | } else { |
241 | return 'url("' . strtr( $url, [ '\\' => '\\\\', '"' => '\\"' ] ) . '")'; |
242 | } |
243 | } |
244 | |
245 | /** |
246 | * Remaps CSS URL paths and automatically embeds data URIs for CSS rules |
247 | * or url() values preceded by an `/ * @embed * /` comment. |
248 | * |
249 | * @param string $source CSS data to remap |
250 | * @param string $local File path where the source was read from |
251 | * @param string $remote Full URL to the file's directory (may be protocol-relative, trailing slash is optional) |
252 | * @param bool $embedData If false, never do any data URI embedding, |
253 | * even if `/ * @embed * /` is found. |
254 | * @return string Remapped CSS data |
255 | */ |
256 | public static function remap( $source, $local, $remote, $embedData = true ) { |
257 | // High-level overview: |
258 | // * For each CSS rule in $source that includes at least one url() value: |
259 | // * Check for an @embed comment at the start indicating that all URIs should be embedded |
260 | // * For each url() value: |
261 | // * Check for an @embed comment directly preceding the value |
262 | // * If either @embed comment exists: |
263 | // * Embedding the URL as data: URI, if it's possible / allowed |
264 | // * Otherwise remap the URL to work in generated stylesheets |
265 | |
266 | // Guard against trailing slashes, because "some/remote/../foo.png" |
267 | // resolves to "some/remote/foo.png" on (some?) clients (T29052). |
268 | // But, don't turn "/" into "" since that is invalid as base URL (T282280). |
269 | $remote = $remote === '/' ? $remote : rtrim( $remote, '/' ); |
270 | |
271 | // Disallow U+007F DELETE, which is illegal anyway, and which |
272 | // we use for comment placeholders. |
273 | $source = strtr( $source, "\x7f", "?" ); |
274 | |
275 | // Replace all comments by a placeholder so they will not interfere with the remapping. |
276 | // Warning: This will also catch on anything looking like the start of a comment between |
277 | // quotation marks (e.g. "foo /* bar"). |
278 | $comments = []; |
279 | |
280 | $pattern = '/(?!' . self::EMBED_REGEX . ')(' . self::COMMENT_REGEX . ')/s'; |
281 | |
282 | $source = preg_replace_callback( |
283 | $pattern, |
284 | static function ( $match ) use ( &$comments ) { |
285 | $comments[] = $match[ 0 ]; |
286 | return self::PLACEHOLDER . ( count( $comments ) - 1 ) . 'x'; |
287 | }, |
288 | $source |
289 | ); |
290 | |
291 | // Note: This will not correctly handle cases where ';', '{' or '}' |
292 | // appears in the rule itself, e.g. in a quoted string. You are advised |
293 | // not to use such characters in file names. We also match start/end of |
294 | // the string to be consistent in edge-cases ('@import url(…)'). |
295 | $pattern = '/(?:^|[;{])\K[^;{}]*' . self::getUrlRegex() . '[^;}]*+(?=[;}]|$)/J'; |
296 | |
297 | $source = preg_replace_callback( |
298 | $pattern, |
299 | static function ( $matchOuter ) use ( $local, $remote, $embedData ) { |
300 | $rule = $matchOuter[0]; |
301 | |
302 | // Check for global @embed comment and remove it. Allow other comments to be present |
303 | // before @embed (they have been replaced with placeholders at this point). |
304 | $embedAll = false; |
305 | $rule = preg_replace( |
306 | '/^((?:\s++|' . |
307 | self::PLACEHOLDER . |
308 | '(\d+)x)*+)' . |
309 | self::EMBED_REGEX . |
310 | '\s*/', |
311 | '$1', |
312 | $rule, |
313 | 1, |
314 | $embedAll |
315 | ); |
316 | |
317 | // Build two versions of current rule: with remapped URLs |
318 | // and with embedded data: URIs (where possible). |
319 | $pattern = '/(?P<embed>' . self::EMBED_REGEX . '\s*|)' . self::getUrlRegex() . '/J'; |
320 | |
321 | return preg_replace_callback( |
322 | $pattern, |
323 | static function ( $match ) use ( $local, $remote, $embedData, $embedAll ) { |
324 | // For each url reference in the CSS, call remapOne() |
325 | // to insert either a remapped URL or an embedded data URI. |
326 | // We enable use of data URIs if both of these are true: |
327 | // 1. The PHP caller enabled the option, |
328 | // 2. and, the CSS declared `@embed` either above the rule |
329 | // for all URLs inside that block, or above the individual |
330 | // property for that one property. |
331 | $embedOne = $embedData && ( $embedAll || $match['embed'] ); |
332 | $remapped = self::remapOne( |
333 | $match['file'], |
334 | $match['query'], |
335 | $local, |
336 | $remote, |
337 | $embedOne |
338 | ); |
339 | return self::buildUrlValue( $remapped ); |
340 | }, |
341 | $rule |
342 | ); |
343 | }, $source ); |
344 | |
345 | // Re-insert comments |
346 | $pattern = '/' . self::PLACEHOLDER . '(\d+)x/'; |
347 | return preg_replace_callback( $pattern, static function ( $match ) use ( &$comments ) { |
348 | return $comments[ $match[1] ]; |
349 | }, $source ); |
350 | } |
351 | |
352 | /** |
353 | * Is this CSS rule referencing a remote URL? |
354 | * |
355 | * @param string $maybeUrl |
356 | * @return bool |
357 | */ |
358 | protected static function isRemoteUrl( $maybeUrl ) { |
359 | return strpos( $maybeUrl, '//' ) === 0 || parse_url( $maybeUrl, PHP_URL_SCHEME ); |
360 | } |
361 | |
362 | /** |
363 | * Is this CSS rule referencing a local URL? |
364 | * |
365 | * @param string $maybeUrl |
366 | * @return bool |
367 | */ |
368 | protected static function isLocalUrl( $maybeUrl ) { |
369 | // Accept "/" (known local) |
370 | // Accept "/anything" (known local) |
371 | // Reject "//anything" (known remote) |
372 | // Reject "" (invalid/uncertain) |
373 | return $maybeUrl === '/' || ( isset( $maybeUrl[1] ) && $maybeUrl[0] === '/' && $maybeUrl[1] !== '/' ); |
374 | } |
375 | |
376 | /** |
377 | * @codeCoverageIgnore |
378 | * @return string |
379 | */ |
380 | private static function getUrlRegex() { |
381 | static $urlRegex; |
382 | if ( $urlRegex === null ) { |
383 | // The extra + avoid backtracking where it is not needed |
384 | $urlRegex = 'url\(\s*+(?:' . |
385 | // Unquoted url |
386 | '(?P<file>[^\'"][^?)]+?)(?P<query>\?[^)]*?|)' . |
387 | // Single quoted url |
388 | '|\'(?P<file>[^?\']++)(?P<query>\?[^\']*+|)\'' . |
389 | // Double quoted url |
390 | '|"(?P<file>[^?"]++)(?P<query>\?[^"]*+|)"' . |
391 | ')\s*\)'; |
392 | } |
393 | return $urlRegex; |
394 | } |
395 | |
396 | /** |
397 | * Resolve a possibly-relative URL against a base URL. |
398 | * |
399 | * @param string $base |
400 | * @param string $url |
401 | * @return string |
402 | */ |
403 | private static function resolveUrl( string $base, string $url ): string { |
404 | // Net_URL2::resolve() doesn't allow for resolving against server-less URLs. |
405 | // We need this as for MediaWiki/ResourceLoader, the remote base path may either |
406 | // be separate (e.g. a separate domain), or simply local (like "/w"). In the |
407 | // local case, we don't want to needlessly include the server in the output. |
408 | $isServerless = self::isLocalUrl( $base ); |
409 | if ( $isServerless ) { |
410 | $base = "https://placeholder.invalid$base"; |
411 | } |
412 | // Net_URL2::resolve() doesn't allow for protocol-relative URLs, but we want to. |
413 | $isProtoRelative = strpos( $base, '//' ) === 0; |
414 | if ( $isProtoRelative ) { |
415 | $base = "https:$base"; |
416 | } |
417 | |
418 | $baseUrl = new Net_URL2( $base ); |
419 | $ret = $baseUrl->resolve( $url ); |
420 | if ( $isProtoRelative ) { |
421 | $ret->setScheme( false ); |
422 | } |
423 | if ( $isServerless ) { |
424 | $ret->setScheme( false ); |
425 | $ret->setHost( false ); |
426 | } |
427 | return $ret->getURL(); |
428 | } |
429 | |
430 | /** |
431 | * Remap or embed a CSS URL path. |
432 | * |
433 | * @param string $file URL to remap/embed |
434 | * @param string $query |
435 | * @param string $local File path where the source was read from |
436 | * @param string $remote Full URL to the file's directory (may be protocol-relative, trailing slash is optional) |
437 | * @param bool $embed Whether to do any data URI embedding |
438 | * @return string Remapped/embedded URL data |
439 | */ |
440 | public static function remapOne( $file, $query, $local, $remote, $embed ) { |
441 | // The full URL possibly with query, as passed to the 'url()' value in CSS |
442 | $url = $file . $query; |
443 | |
444 | // Expand local URLs with absolute paths to a full URL (possibly protocol-relative). |
445 | if ( self::isLocalUrl( $url ) ) { |
446 | return self::resolveUrl( $remote, $url ); |
447 | } |
448 | |
449 | // Pass through fully-qualified and protocol-relative URLs and data URIs, as well as local URLs if |
450 | // we can't expand them. |
451 | // Also skips anchors or the rare `behavior` property specifying application's default behavior |
452 | if ( |
453 | self::isRemoteUrl( $url ) || |
454 | ( $url[0] ?? '' ) === '#' |
455 | ) { |
456 | return $url; |
457 | } |
458 | |
459 | // The $remote must have a trailing slash beyond this point for correct path resolution. |
460 | if ( ( $remote[-1] ?? '' ) !== '/' ) { |
461 | $remote .= '/'; |
462 | } |
463 | |
464 | if ( $local === false ) { |
465 | // CSS specifies a path that is neither a local file path, nor a local URL. |
466 | // It is probably already a fully-qualitied URL or data URI, but try to expand |
467 | // it just in case. |
468 | $url = self::resolveUrl( $remote, $url ); |
469 | } else { |
470 | // We drop the query part here and instead make the path relative to $remote |
471 | $url = self::resolveUrl( $remote, $file ); |
472 | // Path to the actual file on the filesystem |
473 | $localFile = "{$local}/{$file}"; |
474 | if ( file_exists( $localFile ) ) { |
475 | if ( $embed ) { |
476 | $data = self::encodeImageAsDataURI( $localFile ); |
477 | if ( $data !== false ) { |
478 | return $data; |
479 | } |
480 | } |
481 | // Add version parameter as the first five hex digits |
482 | // of the MD5 hash of the file's contents. |
483 | $url .= '?' . substr( md5_file( $localFile ), 0, 5 ); |
484 | } |
485 | // If any of these conditions failed (file missing, we don't want to embed it |
486 | // or it's not embeddable), return the URL (possibly with ?timestamp part) |
487 | } |
488 | return $url; |
489 | } |
490 | |
491 | /** |
492 | * Removes whitespace from CSS data |
493 | * |
494 | * @param string $css CSS data to minify |
495 | * @return string Minified CSS data |
496 | */ |
497 | public static function minify( $css ) { |
498 | return trim( |
499 | str_replace( |
500 | [ '; ', ': ', ' {', '{ ', ', ', '} ', ';}', '( ', ' )', '[ ', ' ]' ], |
501 | [ ';', ':', '{', '{', ',', '}', '}', '(', ')', '[', ']' ], |
502 | preg_replace( [ '/\s+/', '/\/\*.*?\*\//s' ], [ ' ', '' ], $css ) |
503 | ) |
504 | ); |
505 | } |
506 | } |
507 | |
508 | /** |
509 | * @deprecated since 2.1.0 Use Wikimedia\Minify\CSSMin instead |
510 | */ |
511 | class_alias( CSSMin::class, 'CSSMin' ); |