mirror of
https://github.com/RSS-Bridge/rss-bridge.git
synced 2025-08-05 08:07:33 +02:00
core: Refactor bridge whitelisting
- Move all whitelisting functionality inside Bridge.php - Set default whitelist once in index.php using Bridge::setWhitelist() - Include bridge sanitizing inside Bridge.php Bridge::sanitizeBridgeName($name) Bridge.php now maintains the whitelist internally.
This commit is contained in:
@@ -4,6 +4,12 @@ class Bridge {
|
||||
|
||||
static protected $dirBridge;
|
||||
|
||||
/**
|
||||
* Holds the active whitelist.
|
||||
* Use Bridge::getWhitelist() instead of accessing this parameter directly!
|
||||
*/
|
||||
private static $whitelist = array();
|
||||
|
||||
public function __construct(){
|
||||
throw new \LogicException('Please use ' . __CLASS__ . '::create for new object.');
|
||||
}
|
||||
@@ -78,11 +84,80 @@ EOD;
|
||||
return $listBridge;
|
||||
}
|
||||
|
||||
static public function isWhitelisted($whitelist, $name){
|
||||
return in_array($name, $whitelist)
|
||||
|| in_array($name . '.php', $whitelist)
|
||||
|| in_array($name . 'bridge', $whitelist) // DEPRECATED
|
||||
|| in_array($name . 'bridge.php', $whitelist) // DEPRECATED
|
||||
|| (count($whitelist) === 1 && trim($whitelist[0]) === '*');
|
||||
/**
|
||||
* @return bool Returns true if the given bridge is whitelisted.
|
||||
*/
|
||||
static public function isWhitelisted($name){
|
||||
return in_array(Bridge::sanitizeBridgeName($name), Bridge::getWhitelist());
|
||||
}
|
||||
|
||||
/**
|
||||
* On first call reads the whitelist from WHITELIST. Each line in the file
|
||||
* specifies one bridge that will be placed on the whitelist. An empty file
|
||||
* disables all bridges. '*' enables all bridges.
|
||||
*
|
||||
* @return array Returns a list of whitelisted bridges
|
||||
*/
|
||||
public static function getWhitelist() {
|
||||
|
||||
static $firstCall = true; // Initialized on first call
|
||||
|
||||
if($firstCall) {
|
||||
|
||||
// Create initial whitelist or load from disk
|
||||
if (!file_exists(WHITELIST) && !empty(Bridge::$whitelist)) {
|
||||
file_put_contents(WHITELIST, implode("\n", Bridge::$whitelist));
|
||||
} else {
|
||||
|
||||
$contents = trim(file_get_contents(WHITELIST));
|
||||
|
||||
if($contents === '*') { // Whitelist all bridges
|
||||
Bridge::$whitelist = Bridge::listBridges();
|
||||
} else {
|
||||
Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', explode("\n", $contents));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return Bridge::$whitelist;
|
||||
|
||||
}
|
||||
|
||||
public static function setWhitelist($default = array()) {
|
||||
Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', $default);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string Returns a sanitized bridge name if the given name has been
|
||||
* found valid, null otherwise.
|
||||
*/
|
||||
private static function sanitizeBridgeName($name) {
|
||||
|
||||
if(is_string($name)) {
|
||||
|
||||
// Trim trailing '.php' if exists
|
||||
if(preg_match('/(.+)(?:\.php)/', $name, $matches)) {
|
||||
$name = $matches[1];
|
||||
}
|
||||
|
||||
// Trim trailing 'Bridge' if exists
|
||||
if(preg_match('/(.+)(?:Bridge)/i', $name, $matches)) {
|
||||
$name = $matches[1];
|
||||
}
|
||||
|
||||
// The name is valid if a corresponding bridge file is found on disk
|
||||
if(in_array(strtolower($name), array_map('strtolower', Bridge::listBridges()))) {
|
||||
$index = array_search(strtolower($name), array_map('strtolower', Bridge::listBridges()));
|
||||
return Bridge::listBridges()[$index];
|
||||
}
|
||||
|
||||
Debug::log('Invalid bridge name specified: "' . $name . '"!');
|
||||
|
||||
}
|
||||
|
||||
return null; // Bad parameter
|
||||
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user