From 8bbab088dd5830d8dd1151a3684dde5c197ba268 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Mon, 23 Jul 2012 15:17:42 -0500 Subject: [ticket/10631] Validation for extensions PHPBB3-10631 --- phpBB/includes/extension/metadata_manager.php | 298 ++++++++++++++++---------- 1 file changed, 179 insertions(+), 119 deletions(-) (limited to 'phpBB/includes/extension/metadata_manager.php') diff --git a/phpBB/includes/extension/metadata_manager.php b/phpBB/includes/extension/metadata_manager.php index 6af02e47b7..0e0b609a68 100644 --- a/phpBB/includes/extension/metadata_manager.php +++ b/phpBB/includes/extension/metadata_manager.php @@ -31,18 +31,71 @@ class phpbb_extension_metadata_manager public $metadata; protected $metadata_file; + /** + * Array of validation regular expressions, see __call() + * + * @var mixed + */ + protected $validation = array( + 'name' => '#^[a-zA-Z0-9_\x7f-\xff]{2,}/[a-zA-Z0-9_\x7f-\xff]{2,}$#', + 'type' => '#^phpbb3-extension$#', + 'description' => '#.*#', + 'version' => '#.+#', + 'licence' => '#.+#', + 'extra' => array( + 'display-name' => '#.*#', + ), + ); + + /** + * Magic method to catch validation calls + * + * @param string $name + * @param mixed $arguments + * @return int + */ + public function __call($name, $arguments) + { + // Validation Magic methods + if (strpos($name, 'validate_') === 0) + { + // Remove validate_ + $name = substr($name, 9); + + // Replace underscores with dashes (underscores are not used) + $name = str_replace('_', '-', $name); + + if (strpos($name, 'extra-') === 0) + { + // Remove extra_ + $name = substr($name, 6); + + if (isset($this->validation['extra'][$name])) + { + // Extra means it's optional, so return true if it does not exist + return (isset($this->metadata['extra'][$name])) ? preg_match($this->validation['extra'][$name], $this->metadata['extra'][$name]) : true; + } + } + else if (isset($this->validation[$name])) + { + return preg_match($this->validation[$name], $this->metadata[$name]); + } + } + } + /** * Creates the metadata manager - * + * * @param dbal $db A database connection * @param string $extension_manager An instance of the phpbb extension manager * @param string $phpbb_root_path Path to the phpbb includes directory. * @param string $phpEx php file extension */ - public function __construct($ext_name, dbal $db, phpbb_extension_manager $extension_manager, $phpbb_root_path, $phpEx = '.php', phpbb_template $template) + public function __construct($ext_name, dbal $db, phpbb_extension_manager $extension_manager, $phpbb_root_path, $phpEx = '.php', phpbb_template $template, phpbb_config $config) { $this->phpbb_root_path = $phpbb_root_path; $this->db = $db; + $this->config = $config; $this->phpEx = $phpEx; $this->template = $template; $this->extension_manager = $extension_manager; @@ -53,12 +106,11 @@ class phpbb_extension_metadata_manager /** * Processes and gets the metadata requested - * - * @param string $element All for all metadata that it has and is valid, otherwise specify which section you want by its shorthand term. - * @param boolean $template_output True if you want the requested metadata assigned to template vars (only works on the 'all" case - * @return array Contains all of the requested metadata + * + * @param string $element All for all metadata that it has and is valid, otherwise specify which section you want by its shorthand term. + * @return bool|array Contains all of the requested metadata or bool False if not valid */ - public function get_metadata($element = 'all', $template_output = false) + public function get_metadata($element = 'all') { // TODO: Check ext_name exists and is an extension that exists if (!$this->set_metadata_file()) @@ -66,34 +118,37 @@ class phpbb_extension_metadata_manager return false; } + // Fetch the metadata if (!$this->fetch_metadata()) { return false; } - switch ($element) + // Clean the metadata + if (!$this->clean_metadata_array()) + { + return false; + } + + switch ($element) { case 'all': default: - if (!$this->clean_metadata_array()) + // Validate the metadata + if (!$this->validate_metadata_array()) { return false; } - if ($template_output) - { - $this->output_template_data(); - } - return $this->metadata; break; - + case 'name': return ($this->validate_name()) ? $this->metadata['name'] : false; break; - + case 'display-name': - if ($this->validate_extra_display_name()) + if (isset($this->metadata['extra']['display-name']) && $this->validate_extra_display_name()) { return $this->metadata['extra']['display-name']; } @@ -108,7 +163,7 @@ class phpbb_extension_metadata_manager /** * Sets the filepath of the metadata file - * + * * @return boolean Set to true if it exists */ private function set_metadata_file() @@ -129,122 +184,156 @@ class phpbb_extension_metadata_manager } /** - * This array handles the validation and cleaning of the array - * - * @return array Contains the cleaned and validated metadata array + * Gets the contents of the composer.json file + * + * @return bool True of false (if loading succeeded or failed) */ - private function clean_metadata_array() - { - if (!$this->validate_name() || !$this->validate_type() || !$this->validate_licence() || !$this->validate_description() || !$this->validate_version() || !$this->validate_require_phpbb() || !$this->validate_extra_display_name()) + private function fetch_metadata() + { + if (!file_exists($this->metadata_file)) { return false; } - - $this->check_for_optional(true); + else + { + if (!($file_contents = file_get_contents($this->metadata_file))) + { + return false; + } -// TODO: Remove all parts of the array we don't want or shouldn't be there due to nub mod authors -// $this->metadata = $metadata_finished; + if (($metadata = json_decode($file_contents, true)) === NULL) + { + return false; + } - return $this->metadata; - } + $this->metadata = $metadata; - /** - * Validates the contents of the name field - * - * @return boolean True when passes validation - */ - private function validate_name() - { - return preg_match('#^[a-zA-Z0-9_\x7f-\xff]{2,}/[a-zA-Z0-9_\x7f-\xff]{2,}$#', $this->metadata['name']); + return true; + } } /** - * Validates the contents of the type field - * - * @return boolean True when passes validation + * This array handles the validation and cleaning of the array + * + * @return array Contains the cleaned and validated metadata array */ - private function validate_type() + private function clean_metadata_array() { - return $this->metadata['type'] == 'phpbb3-extension'; - } +// TODO: Remove all parts of the array we don't want or shouldn't be there due to nub mod authors +// $this->metadata = $metadata_finished; - /** - * Validates the contents of the description field - * - * @return boolean True when passes validation - */ - private function validate_description() - { - return true;//preg_match('#^{10,}$#', $this->metadata['description']); + return $this->metadata; } /** - * Validates the contents of the version field - * - * @return boolean True when passes validation + * This array handles the validation of strings + * + * @return bool True if validation succeeded, False if failed */ - private function validate_version() + public function validate_metadata_array() { - return preg_match('#^[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{1,2}#', $this->metadata['version']); + $validate = array( + 'name', + 'type', + 'licence', + 'description', + 'version', + 'extra_display-name', + ); + + foreach ($validate as $type) + { + $type = 'validate_' . $type; + + if (!$this->$type()) + { + return false; + } + } + + return true; } /** - * Validates the contents of the license field - * - * @return boolean True when passes validation + * This array handles the verification that this extension can be enabled on this board + * + * @return bool True if validation succeeded, False if failed */ - private function validate_licence() + public function validate_enable() { - // Nothing to validate except existence - return isset($this->metadata['licence']); + $validate = array( + 'require_phpbb', + 'require_php', + ); + + foreach ($validate as $type) + { + $type = 'validate_' . $type; + + if (!$this->$type()) + { + return false; + } + } + + return true; } + /** * Validates the contents of the phpbb requirement field - * + * * @return boolean True when passes validation */ private function validate_require_phpbb() { - return (preg_match('#^[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{1,2}$#', $this->metadata['require']['phpbb']) && version_compare($this->metadata['require']['phpbb'], '3.1.0', '>=')); + if (!isset($this->metadata['require']['phpbb'])) + { + return true; + } + + return $this->_validate_version($this->metadata['require']['phpbb'], $this->config['version']); } /** - * Validates the contents of the display name field - * + * Validates the contents of the php requirement field + * * @return boolean True when passes validation */ - private function validate_extra_display_name() + private function validate_require_php() { - return true;//preg_match('#^[a-zA-Z0-9_]{2,0}$#', $this->metadata['name']); + if (!isset($this->metadata['require']['php'])) + { + return true; + } + + return $this->_validate_version($this->metadata['require']['php'], phpversion()); } /** - * Checks which optional fields exist - * - * @return boolean False if any that exist fail validation, otherwise true. - */ - public function check_for_optional() + * Version validation helper + * + * @param string $string The string for comparing to a version + * @param string $current_version The version to compare to + * @return bool True/False if meets version requirements + */ + private function _validate_version($string, $current_version) { - if ((isset($this->metadata['require']['php']) && !$this->validate_require_php()) || (isset($this->metadata['time']) && !$this->validate_time()) || (isset($this->metadata['validate_homepage']) && !$this->validate_homepage())) + // Allow them to specify their own comparison operator (ex: <3.1.2, >=3.1.0) + $comparison_matches = false; + preg_match('#[=<>]+#', $string, $comparison_matches); + + if (!empty($comparison_matches)) { - return false; + return version_compare($current_version, str_replace(array($comparison_matches[0], ' '), '', $string), $comparison_matches[0]); } - } - /** - * Validates the contents of the php requirement field - * - * @return boolean True when passes validation - */ - private function validate_require_php() - { - return (preg_match('#^[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{1,2}$#', $this->metadata['require']['php']) && version_compare($this->metadata['require']['php'], phpversion(), '>=')); + return version_compare($current_version, $string, '>='); } /** * Validates the contents of the time field - * + * * @return boolean True when passes validation */ private function validate_time() @@ -255,7 +344,7 @@ class phpbb_extension_metadata_manager /** * Validates the contents of the homepage field - * + * * @return boolean True when passes validation */ private function validate_homepage() @@ -265,7 +354,7 @@ class phpbb_extension_metadata_manager /** * Validates the contents of the authors field - * + * * @return boolean True when passes validation */ private function validate_authors() @@ -291,38 +380,9 @@ class phpbb_extension_metadata_manager return true; } - /** - * Gets the contents of the composer.json file - * - * @return bool True of false (if loading succeeded or failed) - */ - private function fetch_metadata() - { - if (!file_exists($this->metadata_file)) - { - return false; - } - else - { - if (!($file_contents = file_get_contents($this->metadata_file))) - { - return false; - } - - if (($metadata = json_decode($file_contents, true)) === NULL) - { - return false; - } - - $this->metadata = $metadata; - - return true; - } - } - /** * Outputs the metadata into the template - * + * * @return null */ public function output_template_data() @@ -350,7 +410,7 @@ class phpbb_extension_metadata_manager 'AUTHOR_ROLE' => (isset($author['role'])) ? htmlspecialchars($author['role']) : '', )); } - + return; } } -- cgit v1.2.1