From d2f187716e0e7ed5fe6e2266dd0680f96ba31db2 Mon Sep 17 00:00:00 2001
From: Clark Winkelmann <clark.winkelmann@gmail.com>
Date: Wed, 13 Dec 2017 22:39:09 +0100
Subject: [PATCH] Prevent saving invalid custom less (#1273)

* Prevent saving invalid custom less

* Fix formatting

* Fix formatting again

* Move custom less format check to its own listener

* Move listener to AdminServiceProvider

* Rename listener method
---
 src/Admin/AdminServiceProvider.php          | 10 +++++
 src/Core/Listener/CheckCustomLessFormat.php | 43 +++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 src/Core/Listener/CheckCustomLessFormat.php

diff --git a/src/Admin/AdminServiceProvider.php b/src/Admin/AdminServiceProvider.php
index 576f0e7bd..2dfc9f53f 100644
--- a/src/Admin/AdminServiceProvider.php
+++ b/src/Admin/AdminServiceProvider.php
@@ -11,6 +11,7 @@
 
 namespace Flarum\Admin;
 
+use Flarum\Core\Listener\CheckCustomLessFormat;
 use Flarum\Event\ExtensionWasDisabled;
 use Flarum\Event\ExtensionWasEnabled;
 use Flarum\Event\SettingWasSet;
@@ -46,6 +47,8 @@ class AdminServiceProvider extends AbstractServiceProvider
         $this->flushWebAppAssetsWhenThemeChanged();
 
         $this->flushWebAppAssetsWhenExtensionsChanged();
+
+        $this->checkCustomLessFormat();
     }
 
     /**
@@ -93,4 +96,11 @@ class AdminServiceProvider extends AbstractServiceProvider
     {
         return $this->app->make(WebApp::class)->getAssets();
     }
+
+    protected function checkCustomLessFormat()
+    {
+        $events = $this->app->make('events');
+
+        $events->subscribe(CheckCustomLessFormat::class);
+    }
 }
diff --git a/src/Core/Listener/CheckCustomLessFormat.php b/src/Core/Listener/CheckCustomLessFormat.php
new file mode 100644
index 000000000..324b62bae
--- /dev/null
+++ b/src/Core/Listener/CheckCustomLessFormat.php
@@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Core\Listener;
+
+use Flarum\Core\Exception\ValidationException;
+use Flarum\Event\PrepareSerializedSetting;
+use Illuminate\Contracts\Events\Dispatcher;
+use Less_Exception_Parser;
+use Less_Parser;
+
+class CheckCustomLessFormat
+{
+    public function subscribe(Dispatcher $events)
+    {
+        $events->listen(PrepareSerializedSetting::class, [$this, 'check']);
+    }
+
+    public function check(PrepareSerializedSetting $event)
+    {
+        if ($event->key === 'custom_less') {
+            $parser = new Less_Parser();
+
+            try {
+                // Check the custom less format before saving
+                // Variables names are not checked, we would have to set them and call getCss() to check them
+                $parser->parse($event->value);
+            } catch (Less_Exception_Parser $e) {
+                throw new ValidationException([
+                    'custom_less' => $e->getMessage(),
+                ]);
+            }
+        }
+    }
+}