[ Index ]

PHP Cross Reference of phpBB-3.2.11-deutsch

title

Body

[close]

/vendor/s9e/text-formatter/src/Plugins/HTMLElements/ -> Configurator.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  
   3  /*
   4  * @package   s9e\TextFormatter
   5  * @copyright Copyright (c) 2010-2019 The s9e Authors
   6  * @license   http://www.opensource.org/licenses/mit-license.php The MIT License
   7  */
   8  namespace s9e\TextFormatter\Plugins\HTMLElements;
   9  use InvalidArgumentException;
  10  use RuntimeException;
  11  use s9e\TextFormatter\Configurator\Helpers\RegexpBuilder;
  12  use s9e\TextFormatter\Configurator\Items\Tag;
  13  use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
  14  use s9e\TextFormatter\Configurator\JavaScript\Dictionary;
  15  use s9e\TextFormatter\Configurator\Validators\AttributeName;
  16  use s9e\TextFormatter\Configurator\Validators\TagName;
  17  use s9e\TextFormatter\Plugins\ConfiguratorBase;
  18  class Configurator extends ConfiguratorBase
  19  {
  20      protected $aliases = [];
  21      protected $attributeFilters = [
  22          'action'     => '#url',
  23          'cite'       => '#url',
  24          'data'       => '#url',
  25          'formaction' => '#url',
  26          'href'       => '#url',
  27          'icon'       => '#url',
  28          'longdesc'   => '#url',
  29          'manifest'   => '#url',
  30          'ping'       => '#url',
  31          'poster'     => '#url',
  32          'src'        => '#url'
  33      ];
  34      protected $elements = [];
  35      protected $prefix = 'html';
  36      protected $quickMatch = '<';
  37      protected $unsafeElements = [
  38          'base',
  39          'embed',
  40          'frame',
  41          'iframe',
  42          'meta',
  43          'object',
  44          'script'
  45      ];
  46      protected $unsafeAttributes = [
  47          'style',
  48          'target'
  49      ];
  50  	public function aliasAttribute($elName, $attrName, $alias)
  51      {
  52          $elName   = $this->normalizeElementName($elName);
  53          $attrName = $this->normalizeAttributeName($attrName);
  54          $this->aliases[$elName][$attrName] = AttributeName::normalize($alias);
  55      }
  56  	public function aliasElement($elName, $tagName)
  57      {
  58          $elName = $this->normalizeElementName($elName);
  59          $this->aliases[$elName][''] = TagName::normalize($tagName);
  60      }
  61  	public function allowElement($elName)
  62      {
  63          return $this->allowElementWithSafety($elName, \false);
  64      }
  65  	public function allowUnsafeElement($elName)
  66      {
  67          return $this->allowElementWithSafety($elName, \true);
  68      }
  69  	protected function allowElementWithSafety($elName, $allowUnsafe)
  70      {
  71          $elName  = $this->normalizeElementName($elName);
  72          $tagName = $this->prefix . ':' . $elName;
  73          if (!$allowUnsafe && \in_array($elName, $this->unsafeElements))
  74              throw new RuntimeException("'" . $elName . "' elements are unsafe and are disabled by default. Please use " . __CLASS__ . '::allowUnsafeElement() to bypass this security measure');
  75          $tag = ($this->configurator->tags->exists($tagName))
  76               ? $this->configurator->tags->get($tagName)
  77               : $this->configurator->tags->add($tagName);
  78          $this->rebuildTemplate($tag, $elName, $allowUnsafe);
  79          $this->elements[$elName] = 1;
  80          return $tag;
  81      }
  82  	public function allowAttribute($elName, $attrName)
  83      {
  84          return $this->allowAttributeWithSafety($elName, $attrName, \false);
  85      }
  86  	public function allowUnsafeAttribute($elName, $attrName)
  87      {
  88          return $this->allowAttributeWithSafety($elName, $attrName, \true);
  89      }
  90  	protected function allowAttributeWithSafety($elName, $attrName, $allowUnsafe)
  91      {
  92          $elName   = $this->normalizeElementName($elName);
  93          $attrName = $this->normalizeAttributeName($attrName);
  94          $tagName  = $this->prefix . ':' . $elName;
  95          if (!isset($this->elements[$elName]))
  96              throw new RuntimeException("Element '" . $elName . "' has not been allowed");
  97          if (!$allowUnsafe)
  98              if (\substr($attrName, 0, 2) === 'on'
  99               || \in_array($attrName, $this->unsafeAttributes))
 100                  throw new RuntimeException("'" . $attrName . "' attributes are unsafe and are disabled by default. Please use " . __CLASS__ . '::allowUnsafeAttribute() to bypass this security measure');
 101          $tag = $this->configurator->tags->get($tagName);
 102          if (!isset($tag->attributes[$attrName]))
 103          {
 104              $attribute = $tag->attributes->add($attrName);
 105              $attribute->required = \false;
 106              if (isset($this->attributeFilters[$attrName]))
 107              {
 108                  $filterName = $this->attributeFilters[$attrName];
 109                  $filter = $this->configurator->attributeFilters->get($filterName);
 110                  $attribute->filterChain->append($filter);
 111              }
 112          }
 113          $this->rebuildTemplate($tag, $elName, $allowUnsafe);
 114          return $tag->attributes[$attrName];
 115      }
 116  	protected function normalizeElementName($elName)
 117      {
 118          if (!\preg_match('#^[a-z][a-z0-9]*$#Di', $elName))
 119              throw new InvalidArgumentException ("Invalid element name '" . $elName . "'");
 120          return \strtolower($elName);
 121      }
 122  	protected function normalizeAttributeName($attrName)
 123      {
 124          if (!\preg_match('#^[a-z][-\\w]*$#Di', $attrName))
 125              throw new InvalidArgumentException ("Invalid attribute name '" . $attrName . "'");
 126          return \strtolower($attrName);
 127      }
 128  	protected function rebuildTemplate(Tag $tag, $elName, $allowUnsafe)
 129      {
 130          $template = '<' . $elName . '>';
 131          foreach ($tag->attributes as $attrName => $attribute)
 132              $template .= '<xsl:copy-of select="@' . $attrName . '"/>';
 133          $template .= '<xsl:apply-templates/></' . $elName . '>';
 134          if ($allowUnsafe)
 135              $template = new UnsafeTemplate($template);
 136          $tag->setTemplate($template);
 137      }
 138  	public function asConfig()
 139      {
 140          if (empty($this->elements) && empty($this->aliases))
 141              return;
 142          $attrRegexp = '[a-z][-a-z0-9]*(?>\\s*=\\s*(?>"[^"]*"|\'[^\']*\'|[^\\s"\'=<>`]+))?';
 143          $tagRegexp  = RegexpBuilder::fromList(\array_merge(
 144              \array_keys($this->aliases),
 145              \array_keys($this->elements)
 146          ));
 147          $endTagRegexp   = '/(' . $tagRegexp . ')';
 148          $startTagRegexp = '(' . $tagRegexp . ')((?>\\s+' . $attrRegexp . ')*+)\\s*/?';
 149          $regexp = '#<(?>' . $endTagRegexp . '|' . $startTagRegexp . ')\\s*>#i';
 150          $config = [
 151              'quickMatch' => $this->quickMatch,
 152              'prefix'     => $this->prefix,
 153              'regexp'     => $regexp
 154          ];
 155          if (!empty($this->aliases))
 156          {
 157              $config['aliases'] = new Dictionary;
 158              foreach ($this->aliases as $elName => $aliases)
 159                  $config['aliases'][$elName] = new Dictionary($aliases);
 160          }
 161          return $config;
 162      }
 163  	public function getJSHints()
 164      {
 165          return ['HTMLELEMENTS_HAS_ALIASES' => (int) !empty($this->aliases)];
 166      }
 167  }

Body

Body

Body

Body


Generated: Wed Nov 11 20:33:01 2020 Cross-referenced by PHPXref 0.7.1