Unreliable URI Versioning Check Regex
Closed this issue · 1 comments
GoogleCodeExporter commented
Minify version: 2.1.3
PHP version: 5.2.10
What steps will reproduce the problem?
1. Request minify resource such as http://servername/path/to/min.php?
g=main&1273622062
2. Check Cache-Control response header
3.
Expected output:
'Cache-Control max-age=31536000, public'
Actual output:
'Cache-Control max-age=1800, public'
Did any unit tests FAIL? (Please do not post the full list)
N/A
My Diagnosis:
The regex '/&\\d/' in min/index.php at Line 49 (ver: 2.1.3, 60 in 2.1.4
branch, 54 in trunk) will not match a $_SERVER['QUERY_STRING'] that has
properly escaped ampersands.
The following regex matches both escaped and unescaped ampersands in my
tests: '/(&|&)([\d]+)/'
Original code:
49. if (preg_match('/&\\d/', $_SERVER['QUERY_STRING'])) {
50. $min_serveOptions['maxAge'] = 31536000;
51. }
My Replacement:
49. if (preg_match('/(&|&)([\d]+)/', $_SERVER['QUERY_STRING'])) {
50. $min_serveOptions['maxAge'] = 31536000;
51. }
Original issue reported on code.google.com by amacDaGr...@gmail.com
on 12 May 2010 at 1:35
GoogleCodeExporter commented
You're double-escaping the ampersand.
This is the (perfectly valid) URL you want:
http://mrclay.org/min/g=js&1273622062
This is the same URL escaped for HTML:
<script src="http://mrclay.org/min/g=js&1273622062"></script>
The browser converts "&" to "&" during parsing, hence, the browser requests the
"right" URL and the original code matches fine.
Original comment by mrclay....@gmail.com
on 12 May 2010 at 4:57
- Changed state: Invalid