diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
| commit | d26622e9921fdabff9186e0a2e47a2f8ed0a1238 (patch) | |
| tree | 95dfd71fc22e95776768de6a978548f0adbdb8ac /phpBB/phpbb | |
| parent | 0b3eb2f9eaac66cf76e40703f77f362d1e42e86c (diff) | |
| parent | 2733ce07129dceb5b60acdceba1689fa5339a523 (diff) | |
| download | forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.gz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.bz2 forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.xz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.zip | |
Merge pull request #5770 from JoshyPHP/ticket/16250
[ticket/16250] Add a service to check BBCodes safeness in ACP
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/textformatter/acp_utils_interface.php | 54 | ||||
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/acp_utils.php | 67 |
2 files changed, 121 insertions, 0 deletions
diff --git a/phpBB/phpbb/textformatter/acp_utils_interface.php b/phpBB/phpbb/textformatter/acp_utils_interface.php new file mode 100644 index 0000000000..cdee56f19d --- /dev/null +++ b/phpBB/phpbb/textformatter/acp_utils_interface.php @@ -0,0 +1,54 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\textformatter; + +interface acp_utils_interface +{ + /** + * There is an issue with the definition + */ + const BBCODE_STATUS_INVALID_DEFINITION = 'invalid_definition'; + + /** + * There is an issue with the template + */ + const BBCODE_STATUS_INVALID_TEMPLATE = 'invalid_template'; + + /** + * The BBCode is valid and can be safely used by anyone + */ + const BBCODE_STATUS_SAFE = 'safe'; + + /** + * The BBCode is valid but may be unsafe to use + */ + const BBCODE_STATUS_UNSAFE = 'unsafe'; + + /** + * Analyse given BBCode definition for issues and safeness + * + * Required elements in the return array: + * - status: see BBCODE_STATUS_* constants + * + * Optional elements in the return array: + * - name: Name of the BBCode based on the definition. Required if status is "safe". + * - error_text: Textual description of the issue in plain text or as a L_* string. + * - error_html: Visual description of the issue in HTML. + * + * @param string $definition BBCode definition, e.g. [b]{TEXT}[/b] + * @param string $template BBCode template, e.g. <b>{TEXT}</b> + * @return array + */ + public function analyse_bbcode(string $definition, string $template): array; +} diff --git a/phpBB/phpbb/textformatter/s9e/acp_utils.php b/phpBB/phpbb/textformatter/s9e/acp_utils.php new file mode 100644 index 0000000000..c4a668020e --- /dev/null +++ b/phpBB/phpbb/textformatter/s9e/acp_utils.php @@ -0,0 +1,67 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\textformatter\s9e; + +use phpbb\textformatter\acp_utils_interface; +use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException; + +class acp_utils implements acp_utils_interface +{ + /** + * @var factory $factory + */ + protected $factory; + + /** + * @param factory $factory + */ + public function __construct(factory $factory) + { + $this->factory = $factory; + } + + /** + * {@inheritdoc} + */ + public function analyse_bbcode(string $definition, string $template): array + { + $configurator = $this->factory->get_configurator(); + $return = ['status' => self::BBCODE_STATUS_SAFE]; + + // Capture and normalize the BBCode name manually because there's no easy way to retrieve + // it in TextFormatter <= 2.x + if (preg_match('(\\[([-\\w]++))', $definition, $m)) + { + $return['name'] = strtoupper($m[1]); + } + + try + { + $configurator->BBCodes->addCustom($definition, $template); + } + catch (UnsafeTemplateException $e) + { + $return['status'] = self::BBCODE_STATUS_UNSAFE; + $return['error_text'] = $e->getMessage(); + $return['error_html'] = $e->highlightNode('<span class="highlight">'); + } + catch (\Exception $e) + { + $return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? self::BBCODE_STATUS_INVALID_TEMPLATE : self::BBCODE_STATUS_INVALID_DEFINITION; + $return['error_text'] = $e->getMessage(); + } + + return $return; + } +} |