[ticket/16250] Add a service to check BBCodes safeness

PHPBB3-16250
2025-07-31 05:50:42 +02:00 · 2019-12-13 01:46:09 +01:00
parent 5be4cca408
commit 2926ceba6a
7 changed files with 246 additions and 5 deletions
--- a/phpBB/phpbb/textformatter/acp_utils_interface.php
+++ b/phpBB/phpbb/textformatter/acp_utils_interface.php
@@ -0,0 +1,38 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\textformatter;
+
+interface acp_utils_interface
+{
+	/**
+	* Analyse given BBCode definition for issues and safeness
+	*
+	* Required elements in the return array:
+	*  - status:
+	*    - "safe"               The BBCode is valid and can be safely used by anyone.
+	*    - "unsafe"             The BBCode is valid but may be unsafe to use.
+	*    - "invalid_definition" There is an issue with the definition.
+	*    - "invalid_template"   There is an issue with the template.
+	*
+	* Optional elements in the return array:
+	*  - name:       Name of the BBCode based on the definition. Required if status is "safe".
+	*  - error_text: Textual description of the issue in plain text or as a L_* string.
+	*  - error_html: Visual description of the issue in HTML.
+	*
+	* @param  string $definition BBCode definition, e.g. [b]{TEXT}[/b]
+	* @param  string $template   BBCode template, e.g. <b>{TEXT}</b>
+	* @return array
+	*/
+	public function analyse_bbcode(string $definition, string $template): array;
+}
--- a/phpBB/phpbb/textformatter/s9e/acp_utils.php
+++ b/phpBB/phpbb/textformatter/s9e/acp_utils.php
@@ -0,0 +1,67 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\textformatter\s9e;
+
+use phpbb\textformatter\acp_utils_interface;
+use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException;
+
+class acp_utils implements acp_utils_interface
+{
+	/**
+	* @var factory $factory
+	*/
+	protected $factory;
+
+	/**
+	* @param factory $factory
+	*/
+	public function __construct(factory $factory)
+	{
+		$this->factory = $factory;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function analyse_bbcode(string $definition, string $template): array
+	{
+		$configurator = $this->factory->get_configurator();
+		$return       = ['status' => 'safe'];
+
+		// Capture and normalize the BBCode name manually because there's no easy way to retrieve
+		// it in TextFormatter <= 2.x
+		if (preg_match('(\\[([-\\w]++))', $definition, $m))
+		{
+			$return['name'] = strtoupper($m[1]);
+		}
+
+		try
+		{
+			$configurator->BBCodes->addCustom($definition, $template);
+		}
+		catch (UnsafeTemplateException $e)
+		{
+			$return['status']     = 'unsafe';
+			$return['error_text'] = $e->getMessage();
+			$return['error_html'] = $e->highlightNode('<span class="highlight">');
+		}
+		catch (\Exception $e)
+		{
+			$return['status']     = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? 'invalid_template' : 'invalid_definition';
+			$return['error_text'] = $e->getMessage();
+		}
+
+		return $return;
+	}
+}