mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 12:20:44 +02:00
Code Issues Releases Wiki Activity

Removed a method specific to PHP versions earlier than 5.4 . Additional parser tests added.

Browse Source
This commit is contained in:
Cameron
2021-01-18 10:27:41 -08:00
parent 911d41a402
commit 809146ef6a
2 changed files with 134 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
e107_handlers/e_parse_class.php
View File

@@ -34,12 +34,6 @@ class e_parse
private $pref; // core prefs used in toHTML. private $pref; // core prefs used in toHTML.
// Profanity filter
private $e_pf;
// Emote filter
private $e_emote;
// 'Hooked' parsers (array) // 'Hooked' parsers (array)
private $e_hook = array(); private $e_hook = array();
@@ -72,8 +66,6 @@ class e_parse
// BBcode that contain preformatted code. // BBcode that contain preformatted code.
private $preformatted = array('html', 'markdown'); private $preformatted = array('html', 'markdown');
private $bbList = array();
// Set up the defaults // Set up the defaults
private $e_optDefault = array( private $e_optDefault = array(
@@ -1549,7 +1541,7 @@ class e_parse
case 'scode': case 'scode':
case 'code' : case 'code' :
$parseBB = false; $parseBB = false;
$full_text = $this->parseBBcodes('['.$last_bbcode.']'.$code_text.'[/'.$last_bbcode.']', $postID); $full_text = $this->parseBBCodes('['.$last_bbcode.']'.$code_text.'[/'.$last_bbcode.']', $postID);
break; break;
} }
@@ -1822,135 +1814,15 @@ class e_parse
*/ */
public function toJSON($var, $force_object = false) public function toJSON($var, $force_object = false)
{ {
if($force_object === true)
// The PHP version cannot change within a request.
static $php530;
if(!isset($php530))
{ {
$php530 = version_compare(PHP_VERSION, '5.3.0', '>=');
}
if($php530)
{
if($force_object === true)
{
// Encode <, >, ', &, and " using the json_encode() options parameter.
return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT | JSON_FORCE_OBJECT);
}
// Encode <, >, ', &, and " using the json_encode() options parameter. // Encode <, >, ', &, and " using the json_encode() options parameter.
return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT); return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT | JSON_FORCE_OBJECT);
} }
return $this->toJSONhelper($var); // Encode <, >, ', &, and " using the json_encode() options parameter.
} return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
/**
* Encodes a PHP variable to HTML-safe JSON for PHP versions below 5.3.0.
*
* @param mixed $var
* @return string
*/
public function toJSONhelper($var)
{
switch(gettype($var))
{
case 'boolean':
return $var ? 'true' : 'false'; // Lowercase necessary!
case 'integer':
case 'double':
return $var;
case 'resource':
case 'string':
// Always use Unicode escape sequences (\u0022) over JSON escape
// sequences (\") to prevent browsers interpreting these as
// special characters.
$replace_pairs = array(
// ", \ and U+0000 - U+001F must be escaped according to RFC 4627.
'\\' => '\u005C',
'"' => '\u0022',
"\x00" => '\u0000',
"\x01" => '\u0001',
"\x02" => '\u0002',
"\x03" => '\u0003',
"\x04" => '\u0004',
"\x05" => '\u0005',
"\x06" => '\u0006',
"\x07" => '\u0007',
"\x08" => '\u0008',
"\x09" => '\u0009',
"\x0a" => '\u000A',
"\x0b" => '\u000B',
"\x0c" => '\u000C',
"\x0d" => '\u000D',
"\x0e" => '\u000E',
"\x0f" => '\u000F',
"\x10" => '\u0010',
"\x11" => '\u0011',
"\x12" => '\u0012',
"\x13" => '\u0013',
"\x14" => '\u0014',
"\x15" => '\u0015',
"\x16" => '\u0016',
"\x17" => '\u0017',
"\x18" => '\u0018',
"\x19" => '\u0019',
"\x1a" => '\u001A',
"\x1b" => '\u001B',
"\x1c" => '\u001C',
"\x1d" => '\u001D',
"\x1e" => '\u001E',
"\x1f" => '\u001F',
// Prevent browsers from interpreting these as as special.
"'" => '\u0027',
'<' => '\u003C',
'>' => '\u003E',
'&' => '\u0026',
// Prevent browsers from interpreting the solidus as special and
// non-compliant JSON parsers from interpreting // as a comment.
'/' => '\u002F',
// While these are allowed unescaped according to ECMA-262, section
// 15.12.2, they cause problems in some JSON parsers.
"\xe2\x80\xa8" => '\u2028', // U+2028, Line Separator.
"\xe2\x80\xa9" => '\u2029', // U+2029, Paragraph Separator.
);
return '"' . strtr($var, $replace_pairs) . '"';
case 'array':
// Arrays in JSON can't be associative. If the array is empty or if it
// has sequential whole number keys starting with 0, it's not associative
// so we can go ahead and convert it as an array.
if(empty($var) || array_keys($var) === range(0, count($var) - 1))
{
$output = array();
foreach($var as $v)
{
$output[] = $this->toJSONhelper($v);
}
return '[ ' . implode(', ', $output) . ' ]';
}
break;
// Otherwise, fall through to convert the array as an object.
case 'object':
$output = array();
foreach($var as $k => $v)
{
$output[] = $this->toJSONhelper((string) $k) . ':' . $this->toJSONhelper($v);
}
return '{' . implode(', ', $output) . '}';
default:
return 'null';
}
} }
@@ -1968,6 +1840,7 @@ class e_parse
{ {
$text = $this->toHTML($text, true); $text = $this->toHTML($text, true);
$text = strip_tags($text); $text = strip_tags($text);
} }
$text = $this->toEmail($text); $text = $this->toEmail($text);
@@ -1981,9 +1854,13 @@ class e_parse
// if CDATA happens to be quoted in the text. // if CDATA happens to be quoted in the text.
$text = str_replace(['<![CDATA', ']]>'], ['&lt;![CDATA', ']]&gt;'], $text); $text = str_replace(['<![CDATA', ']]>'], ['&lt;![CDATA', ']]&gt;'], $text);
if($tags == true && ($text)) if($tags === true)
{ {
$text = '<![CDATA[' . $text . ']]>'; $text = !empty($text) ? '<![CDATA[' . $text . ']]>' : '';
}
else
{
$text = str_replace(['<','>'],['&lt;','&gt;'], $text);
} }
return $text; return $text;
@@ -4769,35 +4646,50 @@ class e_parse
return $text; return $text;
} }
$regex = array(
'w' => '/[^\w]/',
'd' => '/[^\d]/',
'wd' => '/[^\w]/',
'wds' => '/[^\w ]/',
'file' => '/[^\w_\.-]/',
'version' => '/[^\d_\.]/',
);
switch($type) switch($type)
{ {
case 'w': case 'w':
$ret = preg_replace('/[^\w]/', '', $text);
break;
case 'd': case 'd':
$ret = preg_replace('/[^\d]/', '', $text);
break;
case 'wd': case 'wd':
$ret = preg_replace('/[^\w]/', '', $text);
break;
case 'wds': case 'wds':
$ret = preg_replace('/[^\w ]/', '', $text); case 'version':
if($validate === true)
{
trigger_error("Unsupported type '".$type."' for validation used in e107::getParser()->filter().", E_USER_WARNING);
}
else
{
$reg = $regex[$type];
$ret = preg_replace($reg, '', $text);
}
break; break;
case 'file': case 'file':
$ret = preg_replace('/[^\w_\.-]/', '-', $text);
break;
case 'version': if($validate === true)
$ret = preg_replace('/[^\d_\.]/', '', $text); {
trigger_error("Unsupported type '".$type."' used in e107::getParser()->filter().", E_USER_WARNING);
}
else
{
$reg = $regex['file'];
$ret = preg_replace('/[^\w_\.-]/', '-', $text);
}
break; break;
default: default:
if($validate == false) if($validate === false)
{ {
$filterTypes = array( $filterTypes = array(
'int' => FILTER_SANITIZE_NUMBER_INT, 'int' => FILTER_SANITIZE_NUMBER_INT,
@@ -4818,6 +4710,11 @@ class e_parse
); );
} }
if(!isset($filterTypes[$type]))
{
trigger_error("Unsupported type '".$type."' used in e107::getParser()->filter().", E_USER_WARNING);
}
if(is_array($text)) if(is_array($text))
{ {
$ret = filter_var_array($text, $filterTypes[$type]); $ret = filter_var_array($text, $filterTypes[$type]);

91
e107_tests/tests/unit/e_parseTest.php
View File

@@ -128,12 +128,54 @@ while(&#036;row = &#036;sql-&gt;fetch())
{ {
} }
*/
public function testThumbUrlDecode() public function testThumbUrlDecode()
{ {
$tests = array(
0 => array(
'input' => '/media/img/a400xa500/myimage.jpg',
'expected' => array (
'src' => 'e_MEDIA_IMAGE/myimage.jpg',
'aw' => '400',
'ah' => '500',
)
),
1 => array(
'input' => '/media/img/400x500/myimage2.jpg',
'expected' => array (
'src' => 'e_MEDIA_IMAGE/myimage2.jpg',
'w' => '400',
'h' => '500',
)
),
2 => array(
'input' => '/theme/img/a400xa500/mytheme/myimage.jpg',
'expected' => array (
'src' => 'e_THEME/mytheme/myimage.jpg',
'aw' => '400',
'ah' => '500',
)
),
3 => array(
'input' => '/theme/img/400x500/mytheme/myimage2.jpg',
'expected' => array (
'src' => 'e_THEME/mytheme/myimage2.jpg',
'w' => '400',
'h' => '500',
)
),
);
foreach($tests as $var)
{
$result = $this->tp->thumbUrlDecode($var['input']);
$this->assertSame($var['expected'], $result);
}
} }
*/
function testToHTMLModifiers() function testToHTMLModifiers()
{ {
@@ -981,6 +1023,12 @@ while(&#036;row = &#036;sql-&gt;fetch())
} }
// Test with $tags = false;
$html = '<div class="something">One & Two < and > " or \'</div>';
$result = $this->tp->toRss($html);
$this->assertSame("One &amp; Two &lt; and &gt; \" or '", $result);
$valid = $this->isValidXML('<tag>'.$result.'</tag>');
$this->assertTrue($valid);
} }
@@ -1004,6 +1052,7 @@ while(&#036;row = &#036;sql-&gt;fetch())
if(!empty($errors)) if(!empty($errors))
{ {
var_dump($errors);
codecept_debug($errors); codecept_debug($errors);
} }
@@ -2325,6 +2374,8 @@ Your browser does not support the audio tag.
{ {
$url = 'http://www.domain.com/folder/folder2//1234_1_0.jpg'; $url = 'http://www.domain.com/folder/folder2//1234_1_0.jpg';
// Filter tests.
$tests = array( $tests = array(
0 => array('input' => 'test123 xxx', 'mode' => 'w', 'expected' => 'test123xxx'), 0 => array('input' => 'test123 xxx', 'mode' => 'w', 'expected' => 'test123xxx'),
1 => array('input' => 'test123 xxx', 'mode' => 'd', 'expected' => '123'), 1 => array('input' => 'test123 xxx', 'mode' => 'd', 'expected' => '123'),
@@ -2334,17 +2385,49 @@ Your browser does not support the audio tag.
5 => array('input' => '2.1.4 (test)', 'mode' => 'version', 'expected' => '2.1.4'), 5 => array('input' => '2.1.4 (test)', 'mode' => 'version', 'expected' => '2.1.4'),
6 => array('input' => $url, 'mode'=>'url', 'expected' => $url), 6 => array('input' => $url, 'mode'=>'url', 'expected' => $url),
7 => array('input' => array('1', 'xxx'), 'mode'=>'str', 'expected' => array('1', 'xxx')), 7 => array('input' => array('1', 'xxx'), 'mode'=>'str', 'expected' => array('1', 'xxx')),
8 => array('input' => 'myemail@email.com', 'mode'=>'email', 'expected' => 'myemail@email.com'),
); );
foreach($tests as $var) foreach($tests as $index=>$var)
{ {
$result = $this->tp->filter($var['input'],$var['mode']); $result = $this->tp->filter($var['input'],$var['mode']);
$this->assertEquals($var['expected'],$result); $this->assertEquals($var['expected'],$result, "Failed on index: ".$index);
} }
// Validate.
$tests2 = array(
0 => array('input' => 'http://www.domain.com/folder/file.zip', 'mode'=>'url'), // good url
1 => array('input' => 'http:/www.domain.com/folder/file.zip', 'mode'=>'url'), // bad url
2 => array('input' => array('1', 'xxx'), 'mode'=>'int'), // good and bad integer
3 => array('input' => 'myemail@email.com', 'mode'=>'email'), // good email
4 => array('input' => 'bad-email.com', 'mode'=>'email'), // bad email
5 => array('input' => '123.23.123.125', 'mode'=>'ip'), // good ip
6 => array('input' => 'xx.23.123.125', 'mode'=>'ip'), // bad ip
);
$expected2 = array (
0 => 'http://www.domain.com/folder/file.zip',
1 => false,
2 => array ( 1, false),
3 => 'myemail@email.com',
4 => false,
5 => '123.23.123.125',
6 => false,
);
// $ret = [];
foreach($tests2 as $index=>$var)
{
$result = $this->tp->filter($var['input'],$var['mode'], true);
// $ret[$index] = $result;
$this->assertSame($expected2[$index], $result);
}
} }
public function testCleanHtml() public function testCleanHtml()
{ {
global $_E107; global $_E107;