mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 21:40:43 +02:00
[ticket/16250] Add a service to check BBCodes safeness
PHPBB3-16250
This commit is contained in:
38
phpBB/phpbb/textformatter/acp_utils_interface.php
Normal file
38
phpBB/phpbb/textformatter/acp_utils_interface.php
Normal file
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace phpbb\textformatter;
|
||||
|
||||
interface acp_utils_interface
|
||||
{
|
||||
/**
|
||||
* Analyse given BBCode definition for issues and safeness
|
||||
*
|
||||
* Required elements in the return array:
|
||||
* - status:
|
||||
* - "safe" The BBCode is valid and can be safely used by anyone.
|
||||
* - "unsafe" The BBCode is valid but may be unsafe to use.
|
||||
* - "invalid_definition" There is an issue with the definition.
|
||||
* - "invalid_template" There is an issue with the template.
|
||||
*
|
||||
* Optional elements in the return array:
|
||||
* - name: Name of the BBCode based on the definition. Required if status is "safe".
|
||||
* - error_text: Textual description of the issue in plain text or as a L_* string.
|
||||
* - error_html: Visual description of the issue in HTML.
|
||||
*
|
||||
* @param string $definition BBCode definition, e.g. [b]{TEXT}[/b]
|
||||
* @param string $template BBCode template, e.g. <b>{TEXT}</b>
|
||||
* @return array
|
||||
*/
|
||||
public function analyse_bbcode(string $definition, string $template): array;
|
||||
}
|
67
phpBB/phpbb/textformatter/s9e/acp_utils.php
Normal file
67
phpBB/phpbb/textformatter/s9e/acp_utils.php
Normal file
@@ -0,0 +1,67 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace phpbb\textformatter\s9e;
|
||||
|
||||
use phpbb\textformatter\acp_utils_interface;
|
||||
use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException;
|
||||
|
||||
class acp_utils implements acp_utils_interface
|
||||
{
|
||||
/**
|
||||
* @var factory $factory
|
||||
*/
|
||||
protected $factory;
|
||||
|
||||
/**
|
||||
* @param factory $factory
|
||||
*/
|
||||
public function __construct(factory $factory)
|
||||
{
|
||||
$this->factory = $factory;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function analyse_bbcode(string $definition, string $template): array
|
||||
{
|
||||
$configurator = $this->factory->get_configurator();
|
||||
$return = ['status' => 'safe'];
|
||||
|
||||
// Capture and normalize the BBCode name manually because there's no easy way to retrieve
|
||||
// it in TextFormatter <= 2.x
|
||||
if (preg_match('(\\[([-\\w]++))', $definition, $m))
|
||||
{
|
||||
$return['name'] = strtoupper($m[1]);
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
$configurator->BBCodes->addCustom($definition, $template);
|
||||
}
|
||||
catch (UnsafeTemplateException $e)
|
||||
{
|
||||
$return['status'] = 'unsafe';
|
||||
$return['error_text'] = $e->getMessage();
|
||||
$return['error_html'] = $e->highlightNode('<span class="highlight">');
|
||||
}
|
||||
catch (\Exception $e)
|
||||
{
|
||||
$return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? 'invalid_template' : 'invalid_definition';
|
||||
$return['error_text'] = $e->getMessage();
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user