From: Eric Wong <e@80x24.org>
Date: Sat, 23 Feb 2019 10:56:38 +0000 (+0000)
Subject: www: prevent '!important' in BOFH-specified CSS
X-Git-Tag: v1.2.0~356
X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=1c8b2e78042d774a199faa18679c22547b13420e;p=public-inbox.git

www: prevent '!important' in BOFH-specified CSS

CSS specified by the BOFH must never take precedence over
what a user sets in userContent.css.
---

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index cbaf8845..7ed4f654 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -512,8 +512,9 @@ sub stylesheets_prepare ($$) {
 		if (defined $attr->{href}) {
 			$inline_ok = 0;
 		} else {
-			open(my $fh, '<', $_) or do {
-				warn "failed to open $_: $!\n";
+			my $fn = $_;
+			open(my $fh, '<', $fn) or do {
+				warn "failed to open $fn: $!\n";
 				next;
 			};
 			my ($key) = (m!([^/]+?)(?:\.css)?\z!i);
@@ -523,6 +524,13 @@ sub stylesheets_prepare ($$) {
 				$ctime = sprintf('%x',(stat($fh))[10]);
 				$local = $mini->($local);
 			}
+
+			# do not let BOFHs override userContent.css:
+			if ($local =~ /!\s*important\b/i) {
+				warn "ignoring $fn since it uses `!important'\n";
+				next;
+			}
+
 			$css_map->{$key} = $local;
 			$attr->{href} = "$upfx$key.css?$ctime";
 			if (defined($attr->{title})) {