| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package s9e\TextFormatter 5 * @copyright Copyright (c) 2010-2022 The s9e authors 6 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 7 */ 8 namespace s9e\TextFormatter\Configurator; 9 10 use ArrayAccess; 11 use Iterator; 12 use s9e\TextFormatter\Configurator\Collections\TemplateCheckList; 13 use s9e\TextFormatter\Configurator\Helpers\TemplateLoader; 14 use s9e\TextFormatter\Configurator\Items\Tag; 15 use s9e\TextFormatter\Configurator\Items\UnsafeTemplate; 16 use s9e\TextFormatter\Configurator\TemplateChecks\DisallowElementNS; 17 use s9e\TextFormatter\Configurator\TemplateChecks\DisallowXPathFunction; 18 use s9e\TextFormatter\Configurator\TemplateChecks\RestrictFlashScriptAccess; 19 use s9e\TextFormatter\Configurator\Traits\CollectionProxy; 20 21 /** 22 * @method mixed add(mixed $value, null $void) Add (append) a value to this list 23 * @method mixed append(mixed $value) Append a value to this list 24 * @method array asConfig() 25 * @method void clear() Empty this collection 26 * @method bool contains(mixed $value) Test whether a given value is present in this collection 27 * @method integer count() 28 * @method mixed current() 29 * @method void delete(string $key) Delete a value from this list and remove gaps in keys 30 * @method bool exists(string $key) Test whether an item of given key exists 31 * @method mixed get(string $key) Return a value from this collection 32 * @method mixed indexOf(mixed $value) Find the index of a given value 33 * @method mixed insert(integer $offset, mixed $value) Insert a value at an arbitrary 0-based position 34 * @method integer|string key() 35 * @method mixed next() 36 * @method integer normalizeKey(mixed $key) Ensure that the key is a valid offset 37 * @method TemplateCheck normalizeValue(mixed $check) Normalize the value to an instance of TemplateCheck 38 * @method bool offsetExists(string|integer $offset) 39 * @method mixed offsetGet(string|integer $offset) 40 * @method void offsetSet(mixed $offset, mixed $value) Custom offsetSet() implementation to allow assignment with a null offset to append to the 41 * @method void offsetUnset(string|integer $offset) 42 * @method string onDuplicate(string|null $action) Query and set the action to take when add() is called with a key that already exists 43 * @method mixed prepend(mixed $value) Prepend a value to this list 44 * @method integer remove(mixed $value) Remove all items matching given value 45 * @method void rewind() 46 * @method mixed set(string $key, mixed $value) Set and overwrite a value in this collection 47 * @method bool valid() 48 */ 49 class TemplateChecker implements ArrayAccess, Iterator 50 { 51 use CollectionProxy; 52 53 /** 54 * @var TemplateCheckList Collection of TemplateCheck instances 55 */ 56 protected $collection; 57 58 /** 59 * @var bool Whether checks are currently disabled 60 */ 61 protected $disabled = false; 62 63 /** 64 * Constructor 65 * 66 * Will load the default checks 67 */ 68 public function __construct() 69 { 70 $this->collection = new TemplateCheckList; 71 $this->collection->append('DisallowAttributeSets'); 72 $this->collection->append('DisallowCopy'); 73 $this->collection->append('DisallowDisableOutputEscaping'); 74 $this->collection->append('DisallowDynamicAttributeNames'); 75 $this->collection->append('DisallowDynamicElementNames'); 76 $this->collection->append('DisallowObjectParamsWithGeneratedName'); 77 $this->collection->append('DisallowPHPTags'); 78 $this->collection->append('DisallowUnsafeCopyOf'); 79 $this->collection->append('DisallowUnsafeDynamicCSS'); 80 $this->collection->append('DisallowUnsafeDynamicJS'); 81 $this->collection->append('DisallowUnsafeDynamicURL'); 82 $this->collection->append(new DisallowElementNS('http://icl.com/saxon', 'output')); 83 $this->collection->append(new DisallowXPathFunction('document')); 84 $this->collection->append(new RestrictFlashScriptAccess('sameDomain', true)); 85 86 // Check for unsupported XSL last to allow for the more specialized checks to be run first 87 $this->collection->append('DisallowUnsupportedXSL'); 88 } 89 90 /** 91 * Check a given tag's templates for disallowed content 92 * 93 * @param Tag $tag Tag whose templates will be checked 94 * @return void 95 */ 96 public function checkTag(Tag $tag) 97 { 98 if (isset($tag->template) && !($tag->template instanceof UnsafeTemplate)) 99 { 100 $template = (string) $tag->template; 101 $this->checkTemplate($template, $tag); 102 } 103 } 104 105 /** 106 * Check a given template for disallowed content 107 * 108 * @param string $template Template 109 * @param Tag $tag Tag this template belongs to 110 * @return void 111 */ 112 public function checkTemplate($template, Tag $tag = null) 113 { 114 if ($this->disabled) 115 { 116 return; 117 } 118 119 if (!isset($tag)) 120 { 121 $tag = new Tag; 122 } 123 124 // Load the template into a DOMDocument 125 $dom = TemplateLoader::load($template); 126 127 foreach ($this->collection as $check) 128 { 129 $check->check($dom->documentElement, $tag); 130 } 131 } 132 133 /** 134 * Disable all checks 135 * 136 * @deprecated 2.2.0 Use UnsafeTemplate instead 137 * 138 * @return void 139 */ 140 public function disable() 141 { 142 $this->disabled = true; 143 } 144 145 /** 146 * Enable all checks 147 * 148 * @deprecated 2.2.0 149 * 150 * @return void 151 */ 152 public function enable() 153 { 154 $this->disabled = false; 155 } 156 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |