1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00

[ticket/16250] Add a service to check BBCodes safeness

PHPBB3-16250
This commit is contained in:
JoshyPHP
2019-12-13 01:46:09 +01:00
parent 5be4cca408
commit 2926ceba6a
7 changed files with 246 additions and 5 deletions

View File

@@ -0,0 +1,38 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\textformatter;
interface acp_utils_interface
{
/**
* Analyse given BBCode definition for issues and safeness
*
* Required elements in the return array:
* - status:
* - "safe" The BBCode is valid and can be safely used by anyone.
* - "unsafe" The BBCode is valid but may be unsafe to use.
* - "invalid_definition" There is an issue with the definition.
* - "invalid_template" There is an issue with the template.
*
* Optional elements in the return array:
* - name: Name of the BBCode based on the definition. Required if status is "safe".
* - error_text: Textual description of the issue in plain text or as a L_* string.
* - error_html: Visual description of the issue in HTML.
*
* @param string $definition BBCode definition, e.g. [b]{TEXT}[/b]
* @param string $template BBCode template, e.g. <b>{TEXT}</b>
* @return array
*/
public function analyse_bbcode(string $definition, string $template): array;
}

View File

@@ -0,0 +1,67 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\textformatter\s9e;
use phpbb\textformatter\acp_utils_interface;
use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException;
class acp_utils implements acp_utils_interface
{
/**
* @var factory $factory
*/
protected $factory;
/**
* @param factory $factory
*/
public function __construct(factory $factory)
{
$this->factory = $factory;
}
/**
* {@inheritdoc}
*/
public function analyse_bbcode(string $definition, string $template): array
{
$configurator = $this->factory->get_configurator();
$return = ['status' => 'safe'];
// Capture and normalize the BBCode name manually because there's no easy way to retrieve
// it in TextFormatter <= 2.x
if (preg_match('(\\[([-\\w]++))', $definition, $m))
{
$return['name'] = strtoupper($m[1]);
}
try
{
$configurator->BBCodes->addCustom($definition, $template);
}
catch (UnsafeTemplateException $e)
{
$return['status'] = 'unsafe';
$return['error_text'] = $e->getMessage();
$return['error_html'] = $e->highlightNode('<span class="highlight">');
}
catch (\Exception $e)
{
$return['status'] = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? 'invalid_template' : 'invalid_definition';
$return['error_text'] = $e->getMessage();
}
return $return;
}
}