WordPress/wp-admin/load-scripts.php
Peter Wilson f4fb98f366 Script Loader: Improve asset concatenation Etags.
Include the asset version of JavaScript and CSS files when generating the ETag for concatenated assets in `load-scripts.php` and `load-styles.php`. This ensures the ETag is updated as script versions change (for example editor package updates) rather than only when the WordPress version changes.

The `W\` prefix is added to the generated ETag to allow for CDNs and proxy servers modifying the script to add or improve the compression algorithm.

Props azaozz, dav4, ironprogrammer, johnbillion, kkmuffme, monzuralam, peterwilsoncc, sergeybiryukov.
Fixes #58433.

Built from https://develop.svn.wordpress.org/trunk@57943


git-svn-id: http://core.svn.wordpress.org/trunk@57440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-07 23:53:19 +00:00

88 lines
2.2 KiB
PHP

<?php
/*
* Disable error reporting.
*
* Set this to error_reporting( -1 ) for debugging.
*/
error_reporting( 0 );
// Set ABSPATH for execution.
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __DIR__ ) . '/' );
}
define( 'WPINC', 'wp-includes' );
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
$protocol = 'HTTP/1.0';
}
$load = $_GET['load'];
if ( is_array( $load ) ) {
ksort( $load );
$load = implode( '', $load );
}
$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );
if ( empty( $load ) ) {
header( "$protocol 400 Bad Request" );
exit;
}
require ABSPATH . 'wp-admin/includes/noop.php';
require ABSPATH . WPINC . '/script-loader.php';
require ABSPATH . WPINC . '/version.php';
$expires_offset = 31536000; // 1 year.
$out = '';
$wp_scripts = new WP_Scripts();
wp_default_scripts( $wp_scripts );
wp_default_packages_vendor( $wp_scripts );
wp_default_packages_scripts( $wp_scripts );
$etag = "WP:{$wp_version};";
foreach ( $load as $handle ) {
if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) {
continue;
}
$ver = $wp_scripts->registered[ $handle ]->ver ? $wp_scripts->registered[ $handle ]->ver : $wp_version;
$etag .= "{$handle}:{$ver};";
}
/*
* This is not intended to be cryptographically secure, just a fast way to get
* a fixed length string based on the script versions. As this file does not
* load the full WordPress environment, it is not possible to use the salted
* wp_hash() function.
*/
$etag = 'W/"' . md5( $etag ) . '"';
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) {
header( "$protocol 304 Not Modified" );
exit;
}
foreach ( $load as $handle ) {
if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) {
continue;
}
$path = ABSPATH . $wp_scripts->registered[ $handle ]->src;
$out .= get_file( $path ) . "\n";
}
header( "Etag: $etag" );
header( 'Content-Type: application/javascript; charset=UTF-8' );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' );
header( "Cache-Control: public, max-age=$expires_offset" );
echo $out;
exit;