[ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package s9e\TextFormatter 5 * @copyright Copyright (c) 2010-2022 The s9e authors 6 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 7 */ 8 namespace s9e\TextFormatter\Configurator\TemplateChecks; 9 10 use DOMElement; 11 use DOMXPath; 12 use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException; 13 use s9e\TextFormatter\Configurator\Helpers\AVTHelper; 14 use s9e\TextFormatter\Configurator\Items\Tag; 15 use s9e\TextFormatter\Configurator\TemplateCheck; 16 17 class DisallowXPathFunction extends TemplateCheck 18 { 19 /** 20 * @var string Name of the disallowed function 21 */ 22 public $funcName; 23 24 /** 25 * Constructor 26 * 27 * @param string $funcName Name of the disallowed function 28 */ 29 public function __construct($funcName) 30 { 31 $this->funcName = $funcName; 32 } 33 34 /** 35 * Test for the presence of given XPath function 36 * 37 * @param DOMElement $template <xsl:template/> node 38 * @param Tag $tag Tag this template belongs to 39 * @return void 40 */ 41 public function check(DOMElement $template, Tag $tag) 42 { 43 // Regexp that matches the function call 44 $regexp = '#(?!<\\pL)' . preg_quote($this->funcName, '#') . '\\s*\\(#iu'; 45 46 // Allow whitespace around colons (NOTE: colons are unnecessarily escaped by preg_quote()) 47 $regexp = str_replace('\\:', '\\s*:\\s*', $regexp); 48 49 foreach ($this->getExpressions($template) as $expr => $node) 50 { 51 // Remove string literals from the expression 52 $expr = preg_replace('#([\'"]).*?\\1#s', '', $expr); 53 54 // Test whether the expression contains a document() call 55 if (preg_match($regexp, $expr)) 56 { 57 throw new UnsafeTemplateException('An XPath expression uses the ' . $this->funcName . '() function', $node); 58 } 59 } 60 } 61 62 /** 63 * Get all the potential XPath expressions used in given template 64 * 65 * @param DOMElement $template <xsl:template/> node 66 * @return array XPath expression as key, reference node as value 67 */ 68 protected function getExpressions(DOMElement $template) 69 { 70 $xpath = new DOMXPath($template->ownerDocument); 71 $exprs = []; 72 73 foreach ($xpath->query('//@*') as $attribute) 74 { 75 if ($attribute->parentNode->namespaceURI === self::XMLNS_XSL) 76 { 77 // Attribute of an XSL element. May or may not use XPath, but it shouldn't produce 78 // false-positives 79 $expr = $attribute->value; 80 $exprs[$expr] = $attribute; 81 } 82 else 83 { 84 // Attribute of an HTML (or otherwise) element -- Look for inline expressions 85 foreach (AVTHelper::parse($attribute->value) as $token) 86 { 87 if ($token[0] === 'expression') 88 { 89 $exprs[$token[1]] = $attribute; 90 } 91 } 92 } 93 } 94 95 return $exprs; 96 } 97 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |