Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
98.61% |
142 / 144 |
|
91.67% |
11 / 12 |
CRAP | |
0.00% |
0 / 1 |
CSSMin | |
99.30% |
142 / 143 |
|
91.67% |
11 / 12 |
44 | |
0.00% |
0 / 1 |
getLocalFileReferences | |
100.00% |
17 / 17 |
|
100.00% |
1 / 1 |
7 | |||
encodeImageAsDataURI | |
87.50% |
7 / 8 |
|
0.00% |
0 / 1 |
4.03 | |||
encodeStringAsDataURI | |
100.00% |
16 / 16 |
|
100.00% |
1 / 1 |
2 | |||
serializeStringValue | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
1 | |||
getMimeType | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
buildUrlValue | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
2 | |||
remap | |
100.00% |
50 / 50 |
|
100.00% |
1 / 1 |
4 | |||
isRemoteUrl | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
2 | |||
isLocalUrl | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
4 | |||
getUrlRegex | n/a |
0 / 0 |
n/a |
0 / 0 |
2 | |||||
resolveUrl | |
100.00% |
14 / 14 |
|
100.00% |
1 / 1 |
5 | |||
remapOne | |
100.00% |
19 / 19 |
|
100.00% |
1 / 1 |
9 | |||
minify | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | /** |
3 | * Copyright 2010 Trevor Parscal <tparscal@wikimedia.org> |
4 | * |
5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
6 | * you may not use this file except in compliance with the License. |
7 | * You may obtain a copy of the License at |
8 | * |
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
10 | * |
11 | * Unless required by applicable law or agreed to in writing, software |
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 | * See the License for the specific language governing permissions and |
15 | * limitations under the License. |
16 | * |
17 | * @file |
18 | * @license Apache-2.0 |
19 | */ |
20 | |
21 | namespace Wikimedia\Minify; |
22 | |
23 | use Net_URL2; |
24 | |
25 | /** |
26 | * Transforms CSS data. |
27 | * |
28 | * This class provides minification, URL remapping, URL extracting, and data-URL embedding. |
29 | */ |
30 | class CSSMin { |
31 | |
32 | /** |
33 | * Strip marker for comments |
34 | */ |
35 | private const PLACEHOLDER = "\x7fPLACEHOLDER\x7f"; |
36 | |
37 | /** |
38 | * Maximum file size to embed in a stylesheet. |
39 | * |
40 | * Use of `@embed` is generally discouraged (see T121730, T118514, and T120984). |
41 | * |
42 | * In a nut shell: Stylesheets, and thus any images we embed inside of them, |
43 | * are required to be fully downloaded by a browser before literally any content |
44 | * or interface component can be rendered on-screen. Embedding an image means |
45 | * you are saying it is more important to render this image than to render the |
46 | * page content (or that it is undesirable to render even the first paragraph |
47 | * of an article unless this image is also immediately there in the first paint). |
48 | * |
49 | * There are some cases where a small image can be worth embedding, for example |
50 | * if the image's file size is comparable or smaller than to size of the URL from |
51 | * which it would be lazy-loaded when CSS rules are applied. In that case, embedding |
52 | * the file content in place of the web address could be an uncompromising win for |
53 | * all users. |
54 | * |
55 | * To avoid mistakes and protect performance we put an arbitrary limit on this. |
56 | * If a file is larger than this limit, it should probably be loaded using the |
57 | * default CSS behaviour (by URL, without `@embed` instruction), or embedded as |
58 | * SVG directly in the HTML response if it is such a vital part of the page. |
59 | * |
60 | * See encodeImageAsDataURI(). |
61 | */ |
62 | private const DATA_URI_SIZE_LIMIT = 32768; |
63 | |
64 | private const EMBED_REGEX = '\/\*\s*\@embed\s*\*\/'; |
65 | private const COMMENT_REGEX = '\/\*.*?\*\/'; |
66 | |
67 | /** |
68 | * List of common image files extensions and MIME-types |
69 | */ |
70 | private const MIME_TYPES = [ |
71 | 'gif' => 'image/gif', |
72 | 'jpe' => 'image/jpeg', |
73 | 'jpeg' => 'image/jpeg', |
74 | 'jpg' => 'image/jpeg', |
75 | 'png' => 'image/png', |
76 | 'tif' => 'image/tiff', |
77 | 'tiff' => 'image/tiff', |
78 | 'xbm' => 'image/x-xbitmap', |
79 | 'svg' => 'image/svg+xml', |
80 | ]; |
81 | |
82 | /** |
83 | * Get a list of local files referenced in a stylesheet (includes non-existent files). |
84 | * |
85 | * @param string $source CSS stylesheet source to process |
86 | * @param string $path File path where the source was read from |
87 | * @return string[] List of local file references |
88 | */ |
89 | public static function getLocalFileReferences( $source, $path ) { |
90 | $stripped = preg_replace( '/' . self::COMMENT_REGEX . '/s', '', $source ); |
91 | $path = rtrim( $path, '/' ) . '/'; |
92 | $files = []; |
93 | |
94 | $rFlags = PREG_OFFSET_CAPTURE | PREG_SET_ORDER; |
95 | if ( preg_match_all( '/' . self::getUrlRegex() . '/J', $stripped, $matches, $rFlags ) ) { |
96 | foreach ( $matches as $match ) { |
97 | $url = $match['file'][0]; |
98 | |
99 | // Skip fully-qualified and protocol-relative URLs and data URIs |
100 | if ( |
101 | strpos( $url, '//' ) === 0 || |
102 | parse_url( $url, PHP_URL_SCHEME ) |
103 | ) { |
104 | break; |
105 | } |
106 | |
107 | // Strip trailing anchors - T115436 |
108 | $anchor = strpos( $url, '#' ); |
109 | if ( $anchor !== false ) { |
110 | $url = substr( $url, 0, $anchor ); |
111 | |
112 | // '#some-anchors' is not a file |
113 | if ( $url === '' ) { |
114 | break; |
115 | } |
116 | } |
117 | |
118 | $files[] = $path . $url; |
119 | } |
120 | } |
121 | return $files; |
122 | } |
123 | |
124 | /** |
125 | * Encode an image file as a data URI. |
126 | * |
127 | * If the image file has a suitable MIME type and size, encode it as a data URI, base64-encoded |
128 | * for binary files or just percent-encoded otherwise. Return false if the image type is |
129 | * unfamiliar or file exceeds the size limit. |
130 | * |
131 | * @param string $file Image file to encode. |
132 | * @param string|null $type File's MIME type or null. If null, CSSMin will |
133 | * try to autodetect the type. |
134 | * @return string|false Image contents encoded as a data URI or false. |
135 | */ |
136 | public static function encodeImageAsDataURI( $file, $type = null ) { |
137 | // Fast-fail for files that exceed the maximum data URI length |
138 | if ( filesize( $file ) >= self::DATA_URI_SIZE_LIMIT ) { |
139 | trigger_error( "File exceeds limit for embedded files: $file", E_USER_WARNING ); |
140 | return false; |
141 | } |
142 | |
143 | if ( $type === null ) { |
144 | $type = self::getMimeType( $file ); |
145 | } |
146 | if ( !$type ) { |
147 | return false; |
148 | } |
149 | |
150 | return self::encodeStringAsDataURI( file_get_contents( $file ), $type ); |
151 | } |
152 | |
153 | /** |
154 | * Encode file contents as a data URI with chosen MIME type. |
155 | * |
156 | * The URI will be base64-encoded for binary files or just percent-encoded otherwise. |
157 | * |
158 | * @since 2.0.0 |
159 | * @param string $contents File contents to encode. |
160 | * @param string $type File's MIME type. |
161 | * @return string Image contents encoded as a data URI or false. |
162 | */ |
163 | public static function encodeStringAsDataURI( $contents, $type ) { |
164 | // Try #1: Non-encoded data URI |
165 | // Remove XML declaration, it's not needed with data URI usage |
166 | $contents = preg_replace( "/<\\?xml.*?\\?>/", '', $contents ); |
167 | // The regular expression matches ASCII whitespace and printable characters. |
168 | if ( preg_match( '/^[\r\n\t\x20-\x7e]+$/', $contents ) ) { |
169 | // Do not base64-encode non-binary files (sensible SVGs). |
170 | // (This often produces longer URLs, but they compress better, yielding a net smaller size.) |
171 | $encoded = rawurlencode( $contents ); |
172 | // Unencode some things that don't need to be encoded, to make the encoding smaller |
173 | $encoded = strtr( $encoded, [ |
174 | '%20' => ' ', // Unencode spaces |
175 | '%2F' => '/', // Unencode slashes |
176 | '%3A' => ':', // Unencode colons |
177 | '%3D' => '=', // Unencode equals signs |
178 | '%0A' => ' ', // Change newlines to spaces |
179 | '%0D' => ' ', // Change carriage returns to spaces |
180 | '%09' => ' ', // Change tabs to spaces |
181 | ] ); |
182 | // Consolidate runs of multiple spaces in a row |
183 | $encoded = preg_replace( '/ {2,}/', ' ', $encoded ); |
184 | // Remove leading and trailing spaces |
185 | $encoded = trim( $encoded, ' ' ); |
186 | return 'data:' . $type . ',' . $encoded; |
187 | } |
188 | |
189 | // Try #2: Encoded data URI |
190 | return 'data:' . $type . ';base64,' . base64_encode( $contents ); |
191 | } |
192 | |
193 | /** |
194 | * Serialize a string (escape and quote) for use as a CSS string value. |
195 | * https://drafts.csswg.org/cssom/#serialize-a-string |
196 | * |
197 | * @param string $value |
198 | * @return string |
199 | */ |
200 | public static function serializeStringValue( $value ) { |
201 | $value = strtr( $value, [ "\0" => "\u{FFFD}", '\\' => '\\\\', '"' => '\\"' ] ); |
202 | $value = preg_replace_callback( '/[\x01-\x1f\x7f]/', static function ( $match ) { |
203 | return '\\' . base_convert( (string)ord( $match[0] ), 10, 16 ) . ' '; |
204 | }, $value ); |
205 | return '"' . $value . '"'; |
206 | } |
207 | |
208 | /** |
209 | * @param string $file |
210 | * @return bool|string |
211 | */ |
212 | public static function getMimeType( $file ) { |
213 | // Infer the MIME-type from the file extension |
214 | $ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) ); |
215 | return self::MIME_TYPES[$ext] ?? mime_content_type( realpath( $file ) ); |
216 | } |
217 | |
218 | /** |
219 | * Build a CSS 'url()' value for the given URL, quoting parentheses (and other funny characters) |
220 | * and escaping quotes as necessary. |
221 | * |
222 | * See http://www.w3.org/TR/css-syntax-3/#consume-a-url-token |
223 | * |
224 | * @param string $url URL to process |
225 | * @return string 'url()' value, usually just `"url($url)"`, quoted/escaped if necessary |
226 | */ |
227 | public static function buildUrlValue( $url ) { |
228 | // The list below has been crafted to match URLs such as: |
229 | // scheme://user@domain:port/~user/fi%20le.png?query=yes&really=y+s |
230 | // data:image/png;base64,R0lGODlh/+== |
231 | if ( preg_match( '!^[\w:@/~.%+;,?&=-]+$!', $url ) ) { |
232 | return "url($url)"; |
233 | } else { |
234 | return 'url("' . strtr( $url, [ '\\' => '\\\\', '"' => '\\"' ] ) . '")'; |
235 | } |
236 | } |
237 | |
238 | /** |
239 | * Remaps CSS URL paths and automatically embeds data URIs for CSS rules |
240 | * or url() values preceded by an `/ * @embed * /` comment. |
241 | * |
242 | * @param string $source CSS data to remap |
243 | * @param string $local File path where the source was read from |
244 | * @param string $remote Full URL to the file's directory (may be protocol-relative, trailing slash is optional) |
245 | * @param bool $embedData If false, never do any data URI embedding, |
246 | * even if `/ * @embed * /` is found. |
247 | * @return string Remapped CSS data |
248 | */ |
249 | public static function remap( $source, $local, $remote, $embedData = true ) { |
250 | // High-level overview: |
251 | // * For each CSS rule in $source that includes at least one url() value: |
252 | // * Check for an @embed comment at the start indicating that all URIs should be embedded |
253 | // * For each url() value: |
254 | // * Check for an @embed comment directly preceding the value |
255 | // * If either @embed comment exists: |
256 | // * Embedding the URL as data: URI, if it's possible / allowed |
257 | // * Otherwise remap the URL to work in generated stylesheets |
258 | |
259 | // Guard against trailing slashes, because "some/remote/../foo.png" |
260 | // resolves to "some/remote/foo.png" on (some?) clients (T29052). |
261 | // But, don't turn "/" into "" since that is invalid as base URL (T282280). |
262 | $remote = $remote === '/' ? $remote : rtrim( $remote, '/' ); |
263 | |
264 | // Disallow U+007F DELETE, which is illegal anyway, and which |
265 | // we use for comment placeholders. |
266 | $source = strtr( $source, "\x7f", "?" ); |
267 | |
268 | // Replace all comments by a placeholder so they will not interfere with the remapping. |
269 | // Warning: This will also catch on anything looking like the start of a comment between |
270 | // quotation marks (e.g. "foo /* bar"). |
271 | $comments = []; |
272 | |
273 | $pattern = '/(?!' . self::EMBED_REGEX . ')(' . self::COMMENT_REGEX . ')/s'; |
274 | |
275 | $source = preg_replace_callback( |
276 | $pattern, |
277 | static function ( $match ) use ( &$comments ) { |
278 | $comments[] = $match[ 0 ]; |
279 | return self::PLACEHOLDER . ( count( $comments ) - 1 ) . 'x'; |
280 | }, |
281 | $source |
282 | ); |
283 | |
284 | // Note: This will not correctly handle cases where ';', '{' or '}' |
285 | // appears in the rule itself, e.g. in a quoted string. You are advised |
286 | // not to use such characters in file names. We also match start/end of |
287 | // the string to be consistent in edge-cases ('@import url(…)'). |
288 | $pattern = '/(?:^|[;{])\K[^;{}]*' . self::getUrlRegex() . '[^;}]*(?=[;}]|$)/J'; |
289 | |
290 | $source = preg_replace_callback( |
291 | $pattern, |
292 | static function ( $matchOuter ) use ( $local, $remote, $embedData ) { |
293 | $rule = $matchOuter[0]; |
294 | |
295 | // Check for global @embed comment and remove it. Allow other comments to be present |
296 | // before @embed (they have been replaced with placeholders at this point). |
297 | $embedAll = false; |
298 | $rule = preg_replace( |
299 | '/^((?:\s+|' . |
300 | self::PLACEHOLDER . |
301 | '(\d+)x)*)' . |
302 | self::EMBED_REGEX . |
303 | '\s*/', |
304 | '$1', |
305 | $rule, |
306 | 1, |
307 | $embedAll |
308 | ); |
309 | |
310 | // Build two versions of current rule: with remapped URLs |
311 | // and with embedded data: URIs (where possible). |
312 | $pattern = '/(?P<embed>' . self::EMBED_REGEX . '\s*|)' . self::getUrlRegex() . '/J'; |
313 | |
314 | return preg_replace_callback( |
315 | $pattern, |
316 | static function ( $match ) use ( $local, $remote, $embedData, $embedAll ) { |
317 | // For each url reference in the CSS, call remapOne() |
318 | // to insert either a remapped URL or an embedded data URI. |
319 | // We enable use of data URIs if both of these are true: |
320 | // 1. The PHP caller enabled the option, |
321 | // 2. and, the CSS declared `@embed` either above the rule |
322 | // for all URLs inside that block, or above the individual |
323 | // property for that one property. |
324 | $embedOne = $embedData && ( $embedAll || $match['embed'] ); |
325 | $remapped = self::remapOne( |
326 | $match['file'], |
327 | $match['query'], |
328 | $local, |
329 | $remote, |
330 | $embedOne |
331 | ); |
332 | return self::buildUrlValue( $remapped ); |
333 | }, |
334 | $rule |
335 | ); |
336 | }, $source ); |
337 | |
338 | // Re-insert comments |
339 | $pattern = '/' . self::PLACEHOLDER . '(\d+)x/'; |
340 | return preg_replace_callback( $pattern, static function ( $match ) use ( &$comments ) { |
341 | return $comments[ $match[1] ]; |
342 | }, $source ); |
343 | } |
344 | |
345 | /** |
346 | * Is this CSS rule referencing a remote URL? |
347 | * |
348 | * @param string $maybeUrl |
349 | * @return bool |
350 | */ |
351 | protected static function isRemoteUrl( $maybeUrl ) { |
352 | return strpos( $maybeUrl, '//' ) === 0 || parse_url( $maybeUrl, PHP_URL_SCHEME ); |
353 | } |
354 | |
355 | /** |
356 | * Is this CSS rule referencing a local URL? |
357 | * |
358 | * @param string $maybeUrl |
359 | * @return bool |
360 | */ |
361 | protected static function isLocalUrl( $maybeUrl ) { |
362 | // Accept "/" (known local) |
363 | // Accept "/anything" (known local) |
364 | // Reject "//anything" (known remote) |
365 | // Reject "" (invalid/uncertain) |
366 | return $maybeUrl === '/' || ( isset( $maybeUrl[1] ) && $maybeUrl[0] === '/' && $maybeUrl[1] !== '/' ); |
367 | } |
368 | |
369 | /** |
370 | * @codeCoverageIgnore |
371 | * @return string |
372 | */ |
373 | private static function getUrlRegex() { |
374 | static $urlRegex; |
375 | if ( $urlRegex === null ) { |
376 | $urlRegex = '(' . |
377 | // Unquoted url |
378 | 'url\(\s*(?P<file>[^\s\'"][^\?\)]+?)(?P<query>\?[^\)]*?|)\s*\)' . |
379 | // Single quoted url |
380 | '|url\(\s*\'(?P<file>[^\?\']+?)(?P<query>\?[^\']*?|)\'\s*\)' . |
381 | // Double quoted url |
382 | '|url\(\s*"(?P<file>[^\?"]+?)(?P<query>\?[^"]*?|)"\s*\)' . |
383 | ')'; |
384 | } |
385 | return $urlRegex; |
386 | } |
387 | |
388 | /** |
389 | * Resolve a possibly-relative URL against a base URL. |
390 | * |
391 | * @param string $base |
392 | * @param string $url |
393 | * @return string |
394 | */ |
395 | private static function resolveUrl( string $base, string $url ): string { |
396 | // Net_URL2::resolve() doesn't allow for resolving against server-less URLs. |
397 | // We need this as for MediaWiki/ResourceLoader, the remote base path may either |
398 | // be separate (e.g. a separate domain), or simply local (like "/w"). In the |
399 | // local case, we don't want to needlessly include the server in the output. |
400 | $isServerless = self::isLocalUrl( $base ); |
401 | if ( $isServerless ) { |
402 | $base = "https://placeholder.invalid$base"; |
403 | } |
404 | // Net_URL2::resolve() doesn't allow for protocol-relative URLs, but we want to. |
405 | $isProtoRelative = strpos( $base, '//' ) === 0; |
406 | if ( $isProtoRelative ) { |
407 | $base = "https:$base"; |
408 | } |
409 | |
410 | $baseUrl = new Net_URL2( $base ); |
411 | $ret = $baseUrl->resolve( $url ); |
412 | if ( $isProtoRelative ) { |
413 | $ret->setScheme( false ); |
414 | } |
415 | if ( $isServerless ) { |
416 | $ret->setScheme( false ); |
417 | $ret->setHost( false ); |
418 | } |
419 | return $ret->getURL(); |
420 | } |
421 | |
422 | /** |
423 | * Remap or embed a CSS URL path. |
424 | * |
425 | * @param string $file URL to remap/embed |
426 | * @param string $query |
427 | * @param string $local File path where the source was read from |
428 | * @param string $remote Full URL to the file's directory (may be protocol-relative, trailing slash is optional) |
429 | * @param bool $embed Whether to do any data URI embedding |
430 | * @return string Remapped/embedded URL data |
431 | */ |
432 | public static function remapOne( $file, $query, $local, $remote, $embed ) { |
433 | // The full URL possibly with query, as passed to the 'url()' value in CSS |
434 | $url = $file . $query; |
435 | |
436 | // Expand local URLs with absolute paths to a full URL (possibly protocol-relative). |
437 | if ( self::isLocalUrl( $url ) ) { |
438 | return self::resolveUrl( $remote, $url ); |
439 | } |
440 | |
441 | // Pass through fully-qualified and protocol-relative URLs and data URIs, as well as local URLs if |
442 | // we can't expand them. |
443 | // Also skips anchors or the rare `behavior` property specifying application's default behavior |
444 | if ( |
445 | self::isRemoteUrl( $url ) || |
446 | ( $url[0] ?? '' ) === '#' |
447 | ) { |
448 | return $url; |
449 | } |
450 | |
451 | // The $remote must have a trailing slash beyond this point for correct path resolution. |
452 | if ( ( $remote[-1] ?? '' ) !== '/' ) { |
453 | $remote .= '/'; |
454 | } |
455 | |
456 | if ( $local === false ) { |
457 | // CSS specifies a path that is neither a local file path, nor a local URL. |
458 | // It is probably already a fully-qualitied URL or data URI, but try to expand |
459 | // it just in case. |
460 | $url = self::resolveUrl( $remote, $url ); |
461 | } else { |
462 | // We drop the query part here and instead make the path relative to $remote |
463 | $url = self::resolveUrl( $remote, $file ); |
464 | // Path to the actual file on the filesystem |
465 | $localFile = "{$local}/{$file}"; |
466 | if ( file_exists( $localFile ) ) { |
467 | if ( $embed ) { |
468 | $data = self::encodeImageAsDataURI( $localFile ); |
469 | if ( $data !== false ) { |
470 | return $data; |
471 | } |
472 | } |
473 | // Add version parameter as the first five hex digits |
474 | // of the MD5 hash of the file's contents. |
475 | $url .= '?' . substr( md5_file( $localFile ), 0, 5 ); |
476 | } |
477 | // If any of these conditions failed (file missing, we don't want to embed it |
478 | // or it's not embeddable), return the URL (possibly with ?timestamp part) |
479 | } |
480 | return $url; |
481 | } |
482 | |
483 | /** |
484 | * Removes whitespace from CSS data |
485 | * |
486 | * @param string $css CSS data to minify |
487 | * @return string Minified CSS data |
488 | */ |
489 | public static function minify( $css ) { |
490 | return trim( |
491 | str_replace( |
492 | [ '; ', ': ', ' {', '{ ', ', ', '} ', ';}', '( ', ' )', '[ ', ' ]' ], |
493 | [ ';', ':', '{', '{', ',', '}', '}', '(', ')', '[', ']' ], |
494 | preg_replace( [ '/\s+/', '/\/\*.*?\*\//s' ], [ ' ', '' ], $css ) |
495 | ) |
496 | ); |
497 | } |
498 | } |
499 | |
500 | /** |
501 | * @deprecated since 2.1.0 Use Wikimedia\Minify\CSSMin instead |
502 | */ |
503 | class_alias( CSSMin::class, 'CSSMin' ); |