You are here

Home » API reference » Live CSS 8 » LiveCSSController.php » LiveCSSController

public function LiveCSSController::cssSave in Live CSS 8

Same name and namespace in other branches
  1. 8.2 lib/Drupal/live_css/Controller/LiveCSSController.php \Drupal\live_css\Controller\LiveCSSController::cssSave()

* cssSave(Request $request): * * The 'action' method for live_css. POST variables * are fetched through $request. A new JsonResponse object * is spawned as $json for interaction with the client. *

1 string reference to 'LiveCSSController::cssSave'
live_css.routing.yml in ./live_css.routing.yml
live_css.routing.yml

File

lib/Drupal/live_css/Controller/LiveCSSController.php, line 18

Class

LiveCSSController

Namespace

Drupal\live_css\Controller

Code

public function cssSave(Request $request) {
  $css = $request->request
    ->get('css');
  $href = $request->request
    ->get('href');
  $access = user_access('edit css');
  if (!$access || !$href || !$request) {
    throw new AccessDeniedHttpException();
  }
  global $base_url;
  global $base_path;
  $opt = config('live_css.settings');
  $json = new JsonResponse();
  $resetcache = (bool) $opt
    ->get('live_css_flush');

  // The URL may contain cache data. In that case, we need to strip them.
  // i.e. http://.../css/my_file.css?m1unhm
  $sanitized_url = $this
    ->sanitizeURL($href);

  // File path relative to Drupal root installation folder on the server.
  $doc_root = $this
    ->docRoot();
  $stripped_url = drupal_substr($sanitized_url, drupal_strlen($base_url), drupal_strlen($sanitized_url));
  $relative_file_path = $doc_root . $stripped_url;

  // Validate path for proper extension(s)
  if (substr($relative_file_path, -4) != '.css' && substr($relative_file_path, -5) != '.less') {
    $json
      ->setData(array(
      'result' => 'failure',
      'filename' => $href,
      'msg' => 'Can\'t save to files without a \'less\' or \'css\' extension!',
    ));
    return $json
      ->update();
  }

  // Not sure what asdf/asdf.g is doing here.
  $filename = array_pop(explode('/', 'asdf/asdf.g'));
  if (file_munge_filename($filename, 'css less') != $filename) {
    $json
      ->setData(array(
      'result' => 'failure',
      'filename' => $href,
      'msg' => 'The url used contains a sub-file extension which poses a security threat. Saving not allowed.',
    ));
    return $json
      ->update();
  }

  // Save file back.
  $msg = '';
  $fh = fopen($relative_file_path, 'w');
  if ($fh !== FALSE) {
    fwrite($fh, $css);
    fclose($fh);
    $result = 'success';
    if ($resetcache) {
      drupal_clear_css_cache();
      drupal_clear_js_cache();
      _drupal_flush_css_js();
    }
  }
  else {
    $result = 'failure';
    $msg = 'Can\'t open file ' . $relative_file_path . ' from ' . $href . '. Ensure that you have full write access and that the path is correct.';
  }
  $json
    ->setData(array(
    'result' => $result,
    'filename' => $href,
    'msg' => $msg,
  ));
  return $json
    ->update();
}