From 76ea1de0ab37e643e5dc5377171276f5d6eaedb6 Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Fri, 31 May 2019 22:46:59 +0200 Subject: [ticket/16072] Update s9e/text-formatter PHPBB3-16072 --- phpBB/phpbb/textformatter/s9e/bbcode_merger.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/textformatter') diff --git a/phpBB/phpbb/textformatter/s9e/bbcode_merger.php b/phpBB/phpbb/textformatter/s9e/bbcode_merger.php index a05ca3c2b8..af644192d8 100644 --- a/phpBB/phpbb/textformatter/s9e/bbcode_merger.php +++ b/phpBB/phpbb/textformatter/s9e/bbcode_merger.php @@ -14,7 +14,7 @@ namespace phpbb\textformatter\s9e; use phpbb\textformatter\s9e\factory; -use s9e\TextFormatter\Configurator\Helpers\TemplateHelper; +use s9e\TextFormatter\Configurator\Helpers\TemplateLoader; use s9e\TextFormatter\Configurator\Items\UnsafeTemplate; class bbcode_merger @@ -91,9 +91,9 @@ class bbcode_merger */ protected function indent_template($template) { - $dom = TemplateHelper::loadTemplate($template); + $dom = TemplateLoader::load($template); $dom->formatOutput = true; - $template = TemplateHelper::saveTemplate($dom); + $template = TemplateLoader::save($dom); // Remove the first level of indentation if the template starts with whitespace if (preg_match('(^\\n +)', $template, $m)) -- cgit v1.2.1 From 2926ceba6a06a2f0f95452ae838a89247c493c93 Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Fri, 13 Dec 2019 01:46:09 +0100 Subject: [ticket/16250] Add a service to check BBCodes safeness PHPBB3-16250 --- phpBB/phpbb/textformatter/acp_utils_interface.php | 38 +++++++++++++ phpBB/phpbb/textformatter/s9e/acp_utils.php | 67 +++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 phpBB/phpbb/textformatter/acp_utils_interface.php create mode 100644 phpBB/phpbb/textformatter/s9e/acp_utils.php (limited to 'phpBB/phpbb/textformatter') diff --git a/phpBB/phpbb/textformatter/acp_utils_interface.php b/phpBB/phpbb/textformatter/acp_utils_interface.php new file mode 100644 index 0000000000..d1e3de9989 --- /dev/null +++ b/phpBB/phpbb/textformatter/acp_utils_interface.php @@ -0,0 +1,38 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\textformatter; + +interface acp_utils_interface +{ + /** + * Analyse given BBCode definition for issues and safeness + * + * Required elements in the return array: + * - status: + * - "safe" The BBCode is valid and can be safely used by anyone. + * - "unsafe" The BBCode is valid but may be unsafe to use. + * - "invalid_definition" There is an issue with the definition. + * - "invalid_template" There is an issue with the template. + * + * Optional elements in the return array: + * - name: Name of the BBCode based on the definition. Required if status is "safe". + * - error_text: Textual description of the issue in plain text or as a L_* string. + * - error_html: Visual description of the issue in HTML. + * + * @param string $definition BBCode definition, e.g. [b]{TEXT}[/b] + * @param string $template BBCode template, e.g. {TEXT} + * @return array + */ + public function analyse_bbcode(string $definition, string $template): array; +} diff --git a/phpBB/phpbb/textformatter/s9e/acp_utils.php b/phpBB/phpbb/textformatter/s9e/acp_utils.php new file mode 100644 index 0000000000..981fa60813 --- /dev/null +++ b/phpBB/phpbb/textformatter/s9e/acp_utils.php @@ -0,0 +1,67 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\textformatter\s9e; + +use phpbb\textformatter\acp_utils_interface; +use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException; + +class acp_utils implements acp_utils_interface +{ + /** + * @var factory $factory + */ + protected $factory; + + /** + * @param factory $factory + */ + public function __construct(factory $factory) + { + $this->factory = $factory; + } + + /** + * {@inheritdoc} + */ + public function analyse_bbcode(string $definition, string $template): array + { + $configurator = $this->factory->get_configurator(); + $return = ['status' => 'safe']; + + // Capture and normalize the BBCode name manually because there's no easy way to retrieve + // it in TextFormatter <= 2.x + if (preg_match('(\\[([-\\w]++))', $definition, $m)) + { + $return['name'] = strtoupper($m[1]); + } + + try + { + $configurator->BBCodes->addCustom($definition, $template); + } + catch (UnsafeTemplateException $e) + { + $return['status'] = 'unsafe'; + $return['error_text'] = $e->getMessage(); + $return['error_html'] = $e->highlightNode(''); + } + catch (\Exception $e) + { + $return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? 'invalid_template' : 'invalid_definition'; + $return['error_text'] = $e->getMessage(); + } + + return $return; + } +} -- cgit v1.2.1 From 2733ce07129dceb5b60acdceba1689fa5339a523 Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Mon, 16 Dec 2019 01:34:26 +0100 Subject: [ticket/16250] Reworked status as constants PHPBB3-16250 --- phpBB/phpbb/textformatter/acp_utils_interface.php | 26 ++++++++++++++++++----- phpBB/phpbb/textformatter/s9e/acp_utils.php | 6 +++--- 2 files changed, 24 insertions(+), 8 deletions(-) (limited to 'phpBB/phpbb/textformatter') diff --git a/phpBB/phpbb/textformatter/acp_utils_interface.php b/phpBB/phpbb/textformatter/acp_utils_interface.php index d1e3de9989..cdee56f19d 100644 --- a/phpBB/phpbb/textformatter/acp_utils_interface.php +++ b/phpBB/phpbb/textformatter/acp_utils_interface.php @@ -15,15 +15,31 @@ namespace phpbb\textformatter; interface acp_utils_interface { + /** + * There is an issue with the definition + */ + const BBCODE_STATUS_INVALID_DEFINITION = 'invalid_definition'; + + /** + * There is an issue with the template + */ + const BBCODE_STATUS_INVALID_TEMPLATE = 'invalid_template'; + + /** + * The BBCode is valid and can be safely used by anyone + */ + const BBCODE_STATUS_SAFE = 'safe'; + + /** + * The BBCode is valid but may be unsafe to use + */ + const BBCODE_STATUS_UNSAFE = 'unsafe'; + /** * Analyse given BBCode definition for issues and safeness * * Required elements in the return array: - * - status: - * - "safe" The BBCode is valid and can be safely used by anyone. - * - "unsafe" The BBCode is valid but may be unsafe to use. - * - "invalid_definition" There is an issue with the definition. - * - "invalid_template" There is an issue with the template. + * - status: see BBCODE_STATUS_* constants * * Optional elements in the return array: * - name: Name of the BBCode based on the definition. Required if status is "safe". diff --git a/phpBB/phpbb/textformatter/s9e/acp_utils.php b/phpBB/phpbb/textformatter/s9e/acp_utils.php index 981fa60813..c4a668020e 100644 --- a/phpBB/phpbb/textformatter/s9e/acp_utils.php +++ b/phpBB/phpbb/textformatter/s9e/acp_utils.php @@ -37,7 +37,7 @@ class acp_utils implements acp_utils_interface public function analyse_bbcode(string $definition, string $template): array { $configurator = $this->factory->get_configurator(); - $return = ['status' => 'safe']; + $return = ['status' => self::BBCODE_STATUS_SAFE]; // Capture and normalize the BBCode name manually because there's no easy way to retrieve // it in TextFormatter <= 2.x @@ -52,13 +52,13 @@ class acp_utils implements acp_utils_interface } catch (UnsafeTemplateException $e) { - $return['status'] = 'unsafe'; + $return['status'] = self::BBCODE_STATUS_UNSAFE; $return['error_text'] = $e->getMessage(); $return['error_html'] = $e->highlightNode(''); } catch (\Exception $e) { - $return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? 'invalid_template' : 'invalid_definition'; + $return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? self::BBCODE_STATUS_INVALID_TEMPLATE : self::BBCODE_STATUS_INVALID_DEFINITION; $return['error_text'] = $e->getMessage(); } -- cgit v1.2.1