From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 90F4D202BB; Sat, 23 Feb 2019 10:56:39 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Cc: Dmitry Alexandrov <321942@gmail.com>, Mateusz Loskot Subject: [PATCH 2/2] www: prevent '!important' in BOFH-specified CSS Date: Sat, 23 Feb 2019 10:56:38 +0000 Message-Id: <20190223105638.15465-3-e@80x24.org> In-Reply-To: <20190223105638.15465-1-e@80x24.org> References: <20190223024712.qcvjsnnwzfzxp3az@dcvr> <20190223105638.15465-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: CSS specified by the BOFH must never take precedence over what a user sets in userContent.css. --- lib/PublicInbox/WWW.pm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index cbaf884..7ed4f65 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -512,8 +512,9 @@ sub stylesheets_prepare ($$) { if (defined $attr->{href}) { $inline_ok = 0; } else { - open(my $fh, '<', $_) or do { - warn "failed to open $_: $!\n"; + my $fn = $_; + open(my $fh, '<', $fn) or do { + warn "failed to open $fn: $!\n"; next; }; my ($key) = (m!([^/]+?)(?:\.css)?\z!i); @@ -523,6 +524,13 @@ sub stylesheets_prepare ($$) { $ctime = sprintf('%x',(stat($fh))[10]); $local = $mini->($local); } + + # do not let BOFHs override userContent.css: + if ($local =~ /!\s*important\b/i) { + warn "ignoring $fn since it uses `!important'\n"; + next; + } + $css_map->{$key} = $local; $attr->{href} = "$upfx$key.css?$ctime"; if (defined($attr->{title})) { -- EW