Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
TemplateChecker.php
001 <?php
002
003 /**
004 * @package s9e\TextFormatter
005 * @copyright Copyright (c) 2010-2022 The s9e authors
006 * @license http://www.opensource.org/licenses/mit-license.php The MIT License
007 */
008 namespace s9e\TextFormatter\Configurator;
009
010 use ArrayAccess;
011 use Iterator;
012 use s9e\TextFormatter\Configurator\Collections\TemplateCheckList;
013 use s9e\TextFormatter\Configurator\Helpers\TemplateLoader;
014 use s9e\TextFormatter\Configurator\Items\Tag;
015 use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
016 use s9e\TextFormatter\Configurator\TemplateChecks\DisallowElementNS;
017 use s9e\TextFormatter\Configurator\TemplateChecks\DisallowXPathFunction;
018 use s9e\TextFormatter\Configurator\TemplateChecks\RestrictFlashScriptAccess;
019 use s9e\TextFormatter\Configurator\Traits\CollectionProxy;
020
021 /**
022 * @method mixed add(mixed $value, null $void) Add (append) a value to this list
023 * @method mixed append(mixed $value) Append a value to this list
024 * @method array asConfig()
025 * @method void clear() Empty this collection
026 * @method bool contains(mixed $value) Test whether a given value is present in this collection
027 * @method integer count()
028 * @method mixed current()
029 * @method void delete(string $key) Delete a value from this list and remove gaps in keys
030 * @method bool exists(string $key) Test whether an item of given key exists
031 * @method mixed get(string $key) Return a value from this collection
032 * @method mixed indexOf(mixed $value) Find the index of a given value
033 * @method mixed insert(integer $offset, mixed $value) Insert a value at an arbitrary 0-based position
034 * @method integer|string key()
035 * @method mixed next()
036 * @method integer normalizeKey(mixed $key) Ensure that the key is a valid offset
037 * @method TemplateCheck normalizeValue(mixed $check) Normalize the value to an instance of TemplateCheck
038 * @method bool offsetExists(string|integer $offset)
039 * @method mixed offsetGet(string|integer $offset)
040 * @method void offsetSet(mixed $offset, mixed $value) Custom offsetSet() implementation to allow assignment with a null offset to append to the
041 * @method void offsetUnset(string|integer $offset)
042 * @method string onDuplicate(string|null $action) Query and set the action to take when add() is called with a key that already exists
043 * @method mixed prepend(mixed $value) Prepend a value to this list
044 * @method integer remove(mixed $value) Remove all items matching given value
045 * @method void rewind()
046 * @method mixed set(string $key, mixed $value) Set and overwrite a value in this collection
047 * @method bool valid()
048 */
049 class TemplateChecker implements ArrayAccess, Iterator
050 {
051 use CollectionProxy;
052
053 /**
054 * @var TemplateCheckList Collection of TemplateCheck instances
055 */
056 protected $collection;
057
058 /**
059 * @var bool Whether checks are currently disabled
060 */
061 protected $disabled = false;
062
063 /**
064 * Constructor
065 *
066 * Will load the default checks
067 */
068 public function __construct()
069 {
070 $this->collection = new TemplateCheckList;
071 $this->collection->append('DisallowAttributeSets');
072 $this->collection->append('DisallowCopy');
073 $this->collection->append('DisallowDisableOutputEscaping');
074 $this->collection->append('DisallowDynamicAttributeNames');
075 $this->collection->append('DisallowDynamicElementNames');
076 $this->collection->append('DisallowObjectParamsWithGeneratedName');
077 $this->collection->append('DisallowPHPTags');
078 $this->collection->append('DisallowUnsafeCopyOf');
079 $this->collection->append('DisallowUnsafeDynamicCSS');
080 $this->collection->append('DisallowUnsafeDynamicJS');
081 $this->collection->append('DisallowUnsafeDynamicURL');
082 $this->collection->append(new DisallowElementNS('http://icl.com/saxon', 'output'));
083 $this->collection->append(new DisallowXPathFunction('document'));
084 $this->collection->append(new RestrictFlashScriptAccess('sameDomain', true));
085
086 // Check for unsupported XSL last to allow for the more specialized checks to be run first
087 $this->collection->append('DisallowUnsupportedXSL');
088 }
089
090 /**
091 * Check a given tag's templates for disallowed content
092 *
093 * @param Tag $tag Tag whose templates will be checked
094 * @return void
095 */
096 public function checkTag(Tag $tag)
097 {
098 if (isset($tag->template) && !($tag->template instanceof UnsafeTemplate))
099 {
100 $template = (string) $tag->template;
101 $this->checkTemplate($template, $tag);
102 }
103 }
104
105 /**
106 * Check a given template for disallowed content
107 *
108 * @param string $template Template
109 * @param Tag $tag Tag this template belongs to
110 * @return void
111 */
112 public function checkTemplate($template, Tag $tag = null)
113 {
114 if ($this->disabled)
115 {
116 return;
117 }
118
119 if (!isset($tag))
120 {
121 $tag = new Tag;
122 }
123
124 // Load the template into a DOMDocument
125 $dom = TemplateLoader::load($template);
126
127 foreach ($this->collection as $check)
128 {
129 $check->check($dom->documentElement, $tag);
130 }
131 }
132
133 /**
134 * Disable all checks
135 *
136 * @deprecated 2.2.0 Use UnsafeTemplate instead
137 *
138 * @return void
139 */
140 public function disable()
141 {
142 $this->disabled = true;
143 }
144
145 /**
146 * Enable all checks
147 *
148 * @deprecated 2.2.0
149 *
150 * @return void
151 */
152 public function enable()
153 {
154 $this->disabled = false;
155 }
156 }