/**
* Sets a header.
* @param string
* @param string|array value or pair email => name
* @param bool
* @return self
*/
public function setHeader($name, $value, $append = FALSE)
{
if (!$name || preg_match('#[^a-z0-9-]#i', $name)) {
throw new Nette\InvalidArgumentException("Header name must be non-empty alphanumeric string, '{$name}' given.");
}
if ($value == NULL) {
// intentionally ==
if (!$append) {
unset($this->headers[$name]);
}
} elseif (is_array($value)) {
// email
$tmp =& $this->headers[$name];
if (!$append || !is_array($tmp)) {
$tmp = array();
}
foreach ($value as $email => $recipient) {
if ($recipient !== NULL && !Strings::checkEncoding($recipient)) {
Nette\Utils\Validators::assert($recipient, 'unicode', "header '{$name}'");
}
if (preg_match('#[\\r\\n]#', $recipient)) {
throw new Nette\InvalidArgumentException('Name must not contain line separator.');
}
Nette\Utils\Validators::assert($email, 'email', "header '{$name}'");
$tmp[$email] = $recipient;
}
} else {
$value = (string) $value;
if (!Strings::checkEncoding($value)) {
throw new Nette\InvalidArgumentException('Header is not valid UTF-8 string.');
}
$this->headers[$name] = preg_replace('#[\\r\\n]+#', ' ', $value);
}
return $this;
}
/**
* Process all {macros} and <tags/>.
* @param string
* @return string
*/
public function parse($s)
{
if (!Strings::checkEncoding($s)) {
throw new ParseException('Template is not valid UTF-8 stream.');
}
$s = str_replace("\r\n", "\n", $s);
$this->templateId = Strings::random();
$this->input =& $s;
$this->offset = 0;
$this->output = '';
$this->htmlNodes = $this->macroNodes = array();
foreach ($this->macroHandlers as $handler) {
$handler->initialize($this);
}
$len = strlen($s);
try {
while ($this->offset < $len) {
$matches = $this->{"context" . $this->context[0]}();
if (!$matches) {
// EOF
break;
} elseif (!empty($matches['comment'])) {
// {* *}
} elseif (!empty($matches['macro'])) {
// {macro}
list($macroName, $macroArgs, $macroModifiers) = $this->parseMacro($matches['macro']);
$isRightmost = $this->offset >= $len || $this->input[$this->offset] === "\n";
$this->writeMacro($macroName, $macroArgs, $macroModifiers, $isRightmost);
} else {
// common behaviour
$this->output .= $matches[0];
}
}
} catch (ParseException $e) {
if (!$e->sourceLine) {
$e->sourceLine = $this->getLine();
}
throw $e;
}
$this->output .= substr($this->input, $this->offset);
foreach ($this->htmlNodes as $node) {
if (!empty($node->attrs)) {
throw new ParseException("Missing end tag </{$node->name}> for macro-attribute " . self::N_PREFIX . implode(' and ' . self::N_PREFIX, array_keys($node->attrs)) . ".", 0, $this->getLine());
}
}
$prologs = $epilogs = '';
foreach ($this->macroHandlers as $handler) {
$res = $handler->finalize();
$prologs .= isset($res[0]) ? "<?php {$res['0']}\n?>" : '';
$epilogs .= isset($res[1]) ? "<?php {$res['1']}\n?>" : '';
}
$this->output = ($prologs ? $prologs . "<?php\n//\n// main template\n//\n?>\n" : '') . $this->output . $epilogs;
if ($this->macroNodes) {
throw new ParseException("There are unclosed macros.", 0, $this->getLine());
}
return $this->output;
}
/**
* Process all {macros} and <tags/>.
* @param string
* @return string
*/
public function parse($s)
{
if (!Strings::checkEncoding($s)) {
throw new ParseException('Template is not valid UTF-8 stream.');
}
if (!$this->macroRe) {
$this->setDelimiters('\\{(?![\\s\'"{}*])', '\\}');
}
$this->handler->initialize($this);
$s = str_replace("\r\n", "\n", $s);
$s = "\n" . $s;
$this->input =& $s;
$this->offset = 0;
$this->output = '';
$this->htmlNodes = $this->macroNodes = array();
$len = strlen($s);
while ($this->offset < $len) {
$matches = $this->{"context{$this->context}"}();
if (!$matches) {
// EOF
break;
} elseif (!empty($matches['comment'])) {
// {* *}
} elseif (!empty($matches['macro'])) {
// {macro}
list($macroName, $macroArgs, $macroModifiers) = $this->parseMacro($matches['macro']);
$code = $this->macro($macroName, $macroArgs, $macroModifiers);
$nl = isset($matches['newline']) ? "\n" : '';
if ($nl && $matches['indent'] && strncmp($code, '<?php echo ', 11)) {
// the only macro on line "without" output
$this->output .= "\n" . $code;
// preserve new line from 'indent', remove indentation
} else {
// double newline to avoid newline eating by PHP
$this->output .= $matches['indent'] . $code . (substr($code, -2) === '?>' && $this->output !== '' ? $nl : '');
}
} else {
// common behaviour
$this->output .= $matches[0];
}
}
$this->output .= substr($this->input, $this->offset);
foreach ($this->htmlNodes as $node) {
if (!$node instanceof MacroNode && !empty($node->attrs)) {
throw new ParseException("Missing end tag </{$node->name}> for macro-attribute " . self::HTML_PREFIX . implode(' and ' . self::HTML_PREFIX, array_keys($node->attrs)) . ".", 0, $this->line);
}
}
$this->handler->finalize($this->output);
if ($this->macroNodes) {
throw new ParseException("There are unclosed macros.", 0, $this->line);
}
return $this->output;
}
/**
* @param CurlWrapper $curl
* @return string
*/
public static function convertEncoding(CurlWrapper $curl)
{
if (Strings::checkEncoding($response = $curl->response)) {
return Strings::normalize($response);
}
if ($charset = static::charsetFromContentType($curl->info['content_type'])) {
$response = @iconv($charset, 'UTF-8', $response);
} else {
if ($contentType = Strings::match($response, '~<(?P<el>meta[^>]+Content-Type[^>]+)>~i')) {
foreach (Nette\Utils\Html::el($contentType['el'])->attrs as $attr => $value) {
if (strtolower($attr) !== 'content') {
continue;
}
if ($charset = static::charsetFromContentType($value)) {
$response = @iconv($charset, 'UTF-8', $response);
$response = static::fixContentTypeMeta($response);
break;
}
}
}
}
return Strings::normalize($response);
}
/**
* Sets a header.
* @param string
* @param string|array value or pair email => name
* @param bool
* @return MimePart provides a fluent interface
*/
public function setHeader($name, $value, $append = FALSE)
{
if (!$name || preg_match('#[^a-z0-9-]#i', $name)) {
throw new Nette\InvalidArgumentException("Header name must be non-empty alphanumeric string, '{$name}' given.");
}
if ($value == NULL) {
// intentionally ==
if (!$append) {
unset($this->headers[$name]);
}
} elseif (is_array($value)) {
// email
$tmp =& $this->headers[$name];
if (!$append || !is_array($tmp)) {
$tmp = array();
}
foreach ($value as $email => $name) {
if ($name !== NULL && !Strings::checkEncoding($name)) {
throw new Nette\InvalidArgumentException("Name is not valid UTF-8 string.");
}
if (!preg_match('#^[^@",\\s]+@[^@",\\s]+\\.[a-z]{2,10}$#i', $email)) {
throw new Nette\InvalidArgumentException("Email address '{$email}' is not valid.");
}
if (preg_match('#[\\r\\n]#', $name)) {
throw new Nette\InvalidArgumentException("Name must not contain line separator.");
}
$tmp[$email] = $name;
}
} else {
$value = (string) $value;
if (!Strings::checkEncoding($value)) {
throw new Nette\InvalidArgumentException("Header is not valid UTF-8 string.");
}
$this->headers[$name] = preg_replace('#[\\r\\n]+#', ' ', $value);
}
return $this;
}
/**
* Process all {macros} and <tags/>.
* @param string
* @return array
*/
public function parse($input)
{
if (substr($input, 0, 3) === "") {
// BOM
$input = substr($input, 3);
}
if (!Strings::checkEncoding($input)) {
throw new Nette\InvalidArgumentException('Template is not valid UTF-8 stream.');
}
$input = str_replace("\r\n", "\n", $input);
$this->input = $input;
$this->output = array();
$this->offset = 0;
$this->setSyntax($this->defaultSyntax);
$this->setContext(self::CONTEXT_TEXT);
$this->lastHtmlTag = $this->syntaxEndTag = NULL;
$this->xmlMode = (bool) preg_match('#^<\\?xml\\s#m', $input);
while ($this->offset < strlen($input)) {
$matches = $this->{"context" . $this->context[0]}();
if (!$matches) {
// EOF
break;
} elseif (!empty($matches['comment'])) {
// {* *}
$this->addToken(Token::COMMENT, $matches[0]);
} elseif (!empty($matches['macro'])) {
// {macro}
$token = $this->addToken(Token::MACRO_TAG, $matches[0]);
list($token->name, $token->value, $token->modifiers) = $this->parseMacroTag($matches['macro']);
}
$this->filter();
}
if ($this->offset < strlen($input)) {
$this->addToken(Token::TEXT, substr($this->input, $this->offset));
}
return $this->output;
}
/**
* Creates current HttpRequest object.
* @return Request
*/
public function createHttpRequest()
{
// DETECTS URI, base path and script path of the request.
$url = new UrlScript();
$url->scheme = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'off') ? 'https' : 'http';
$url->user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$url->password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
// host & port
if ((isset($_SERVER[$tmp = 'HTTP_HOST']) || isset($_SERVER[$tmp = 'SERVER_NAME'])) && preg_match('#^([a-z0-9_.-]+|\\[[a-fA-F0-9:]+\\])(:\\d+)?\\z#', $_SERVER[$tmp], $pair)) {
$url->host = strtolower($pair[1]);
if (isset($pair[2])) {
$url->port = (int) substr($pair[2], 1);
} elseif (isset($_SERVER['SERVER_PORT'])) {
$url->port = (int) $_SERVER['SERVER_PORT'];
}
}
// path & query
if (isset($_SERVER['REQUEST_URI'])) {
// Apache, IIS 6.0
$requestUrl = $_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
// IIS 5.0 (PHP as CGI ?)
$requestUrl = $_SERVER['ORIG_PATH_INFO'];
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') {
$requestUrl .= '?' . $_SERVER['QUERY_STRING'];
}
} else {
$requestUrl = '';
}
$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
$tmp = explode('?', $requestUrl, 2);
$url->path = Strings::replace($tmp[0], $this->urlFilters['path']);
$url->query = isset($tmp[1]) ? $tmp[1] : '';
// normalized url
$url->canonicalize();
$url->path = Strings::fixEncoding($url->path);
// detect script path
if (isset($_SERVER['SCRIPT_NAME'])) {
$script = $_SERVER['SCRIPT_NAME'];
} elseif (isset($_SERVER['DOCUMENT_ROOT'], $_SERVER['SCRIPT_FILENAME']) && strncmp($_SERVER['DOCUMENT_ROOT'], $_SERVER['SCRIPT_FILENAME'], strlen($_SERVER['DOCUMENT_ROOT'])) === 0) {
$script = '/' . ltrim(strtr(substr($_SERVER['SCRIPT_FILENAME'], strlen($_SERVER['DOCUMENT_ROOT'])), '\\', '/'), '/');
} else {
$script = '/';
}
$path = strtolower($url->path) . '/';
$script = strtolower($script) . '/';
$max = min(strlen($path), strlen($script));
for ($i = 0; $i < $max; $i++) {
if ($path[$i] !== $script[$i]) {
break;
} elseif ($path[$i] === '/') {
$url->scriptPath = substr($url->path, 0, $i + 1);
}
}
// GET, POST, COOKIE
$useFilter = !in_array(ini_get('filter.default'), array('', 'unsafe_raw')) || ini_get('filter.default_flags');
parse_str($url->query, $query);
if (!$query) {
$query = $useFilter ? filter_input_array(INPUT_GET, FILTER_UNSAFE_RAW) : (empty($_GET) ? array() : $_GET);
}
$post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? array() : $_POST);
$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? array() : $_COOKIE);
$gpc = (bool) get_magic_quotes_gpc();
$old = error_reporting(error_reporting() ^ E_NOTICE);
// remove f*****g quotes and check (and optionally convert) encoding
if ($gpc || $this->encoding) {
$utf = strcasecmp($this->encoding, 'UTF-8') === 0;
$list = array(&$query, &$post, &$cookies);
while (list($key, $val) = each($list)) {
foreach ($val as $k => $v) {
unset($list[$key][$k]);
if ($gpc) {
$k = stripslashes($k);
}
if ($this->encoding && is_string($k) && (preg_match(self::NONCHARS, $k) || preg_last_error())) {
// invalid key -> ignore
} elseif (is_array($v)) {
$list[$key][$k] = $v;
$list[] =& $list[$key][$k];
} else {
if ($gpc && !$useFilter) {
$v = stripSlashes($v);
}
if ($this->encoding) {
if ($utf) {
$v = Strings::fixEncoding($v);
} else {
if (!Strings::checkEncoding($v)) {
$v = iconv($this->encoding, 'UTF-8//IGNORE', $v);
}
$v = html_entity_decode($v, ENT_QUOTES, 'UTF-8');
}
$v = preg_replace(self::NONCHARS, '', $v);
}
$list[$key][$k] = $v;
}
}
}
unset($list, $key, $val, $k, $v);
}
// FILES and create FileUpload objects
$files = array();
$list = array();
if (!empty($_FILES)) {
foreach ($_FILES as $k => $v) {
if ($this->encoding && is_string($k) && (preg_match(self::NONCHARS, $k) || preg_last_error())) {
continue;
}
$v['@'] =& $files[$k];
$list[] = $v;
}
}
while (list(, $v) = each($list)) {
if (!isset($v['name'])) {
continue;
} elseif (!is_array($v['name'])) {
if ($gpc) {
$v['name'] = stripSlashes($v['name']);
}
if ($this->encoding) {
$v['name'] = preg_replace(self::NONCHARS, '', Strings::fixEncoding($v['name']));
}
$v['@'] = new FileUpload($v);
continue;
}
foreach ($v['name'] as $k => $foo) {
if ($this->encoding && is_string($k) && (preg_match(self::NONCHARS, $k) || preg_last_error())) {
continue;
}
$list[] = array('name' => $v['name'][$k], 'type' => $v['type'][$k], 'size' => $v['size'][$k], 'tmp_name' => $v['tmp_name'][$k], 'error' => $v['error'][$k], '@' => &$v['@'][$k]);
}
}
error_reporting($old);
// HEADERS
if (function_exists('apache_request_headers')) {
$headers = array_change_key_case(apache_request_headers(), CASE_LOWER);
} else {
$headers = array();
foreach ($_SERVER as $k => $v) {
if (strncmp($k, 'HTTP_', 5) == 0) {
$k = substr($k, 5);
} elseif (strncmp($k, 'CONTENT_', 8)) {
continue;
}
$headers[strtr(strtolower($k), '_', '-')] = $v;
}
}
return new Request($url, $query, $post, $files, $cookies, $headers, isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : NULL, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : NULL);
}
private static function containsXss(NHtml $script)
{
if (!NStrings::checkEncoding($script->getHtml())) {
return true;
}
if (!($dom = self::createDomFromHtml($script))) {
return true;
}
$scripts = $dom->getElementsByTagName('script');
if ($scripts->length > 1) {
return true;
}
$filteredContent = $scripts->item(0)->textContent;
if ($script->getHtml() !== $filteredContent) {
return true;
}
return false;
}
// control characters checker
$checker->tasks[] = function (CodeChecker $checker, $s) {
if (!Strings::match($s, '#^[^\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]*+$#')) {
$checker->error('Contains control characters');
}
};
// BOM remover
$checker->tasks[] = function (CodeChecker $checker, $s) {
if (substr($s, 0, 3) === "") {
$checker->fix('contains BOM');
return substr($s, 3);
}
};
// UTF-8 checker
$checker->tasks[] = function (CodeChecker $checker, $s) {
if (!Strings::checkEncoding($s)) {
$checker->error('Is not valid UTF-8 file');
}
};
// invalid phpDoc checker
$checker->tasks[] = function (CodeChecker $checker, $s) {
if ($checker->is('php,phpt')) {
foreach (token_get_all($s) as $token) {
if ($token[0] === T_COMMENT && Strings::match($token[1], '#/\\*\\s.*@[a-z]#isA')) {
$checker->warning('Missing /** in phpDoc comment', $token[2]);
}
}
}
};
// short PHP 5.4 arrays
if (isset($options['--short-arrays'])) {
