Returns a list of array(namespace, directive) for all directives
that are allowed in a web-form context as per an allowed
namespaces/directives list.
public static getAllowedDirectivesForForm ( array $allowed, HTMLPurifier_ConfigSchema $schema = null ) : array | ||
$allowed | array | List of allowed namespaces/directives |
$schema | HTMLPurifier_ConfigSchema | Schema to use, if not global copy |
return | array |
/** * Returns HTML output for a configuration form * @param $config Configuration object of current form state * @param $allowed Optional namespace(s) and directives to restrict form to. */ function render($config, $allowed = true, $render_controls = true) { $this->config = $config; $this->prepareGenerator($config); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed); $all = array(); foreach ($allowed as $key) { list($ns, $directive) = $key; $all[$ns][$directive] = $config->get($ns, $directive); } $ret = ''; $ret .= $this->start('table', array('class' => 'hp-config')); $ret .= $this->start('thead'); $ret .= $this->start('tr'); $ret .= $this->element('th', 'Directive'); $ret .= $this->element('th', 'Value'); $ret .= $this->end('tr'); $ret .= $this->end('thead'); foreach ($all as $ns => $directives) { $ret .= $this->renderNamespace($ns, $directives); } if ($render_controls) { $ret .= $this->start('tbody'); $ret .= $this->start('tr'); $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls')); $ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit')); $ret .= '[<a href="?">Reset</a>]'; $ret .= $this->end('td'); $ret .= $this->end('tr'); $ret .= $this->end('tbody'); } $ret .= $this->end('table'); return $ret; }
/** * Prepares an array from a form into something usable for the more * strict parts of HTMLPurifier_Config * * @param array $array $_GET or $_POST array to import * @param string|bool $index Index/name that the config variables are in * @param array|bool $allowed List of allowed namespaces/directives * @param bool $mq_fix Boolean whether or not to enable magic quotes fix * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy * * @return array */ public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) { if ($index !== false) { $array = isset($array[$index]) && is_array($array[$index]) ? $array[$index] : array(); } $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $ret = array(); foreach ($allowed as $key) { list($ns, $directive) = $key; $skey = "{$ns}.{$directive}"; if (!empty($array["Null_{$skey}"])) { $ret[$ns][$directive] = null; continue; } if (!isset($array[$skey])) { continue; } $value = $mq ? stripslashes($array[$skey]) : $array[$skey]; $ret[$ns][$directive] = $value; } return $ret; }
public function test_getAllowedDirectivesForForm() { $this->schema->add('Unused.Unused', 'Foobar', 'string', false); $this->schema->add('Partial.Allowed', true, 'bool', false); $this->schema->add('Partial.Unused', 'Foobar', 'string', false); $this->schema->add('All.Allowed', true, 'bool', false); $this->schema->add('All.Blacklisted', 'Foobar', 'string', false); // explicitly blacklisted $this->schema->add('All.DefinitionID', 'Foobar', 'string', true); // auto-blacklisted $this->schema->add('All.DefinitionRev', 2, 'int', false); // auto-blacklisted $input = array('Partial.Allowed', 'All', '-All.Blacklisted'); $output = HTMLPurifier_Config::getAllowedDirectivesForForm($input, $this->schema); $expect = array(array('Partial', 'Allowed'), array('All', 'Allowed')); $this->assertEqual($output, $expect); }
/** * @Route("/purifierconfig") * @Method("POST") * * Update HTMLPurifier configuration. * * @param Request $request * * @return RedirectResponse * * @throws AccessDeniedException Thrown if the user doesn't have admin access to the module */ public function updatepurifierconfigAction(Request $request) { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) { throw new AccessDeniedException(); } // Load HTMLPurifier Classes $purifier = SecurityCenterUtil::getpurifier(); // Update module variables. $config = $request->request->get('purifierConfig', null); $config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def); $allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def); foreach ($allowed as $allowedDirective) { list($namespace, $directive) = $allowedDirective; $directiveKey = $namespace . '.' . $directive; $def = $purifier->config->def->info[$directiveKey]; if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } if (isset($config[$namespace]) && isset($config[$namespace][$directive])) { if (is_int($def)) { $directiveType = abs($def); } else { $directiveType = isset($def->type) ? $def->type : 0; } switch ($directiveType) { case \HTMLPurifier_VarParser::LOOKUP: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][$val] = true; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::ALIST: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][] = $val; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::HASH: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { list($i, $v) = explode(':', $val); $i = trim($i); $v = trim($v); if (!empty($i) && !empty($v)) { $config[$namespace][$directive][$i] = $v; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; } } if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } } $this->setVar('htmlpurifierConfig', serialize($config)); // clear all cache and compile directories ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly $request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.')); return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL)); }
/** * Update HTMLPurifier configuration. * * @return void */ public function updatepurifierconfig() { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Load HTMLPurifier Classes $purifier = SecurityCenter_Util::getpurifier(); // Update module variables. $config = FormUtil::getPassedValue('purifierConfig', null, 'POST'); $config = HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def); //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def); foreach ($allowed as $allowedDirective) { list($namespace, $directive) = $allowedDirective; $directiveKey = $namespace . '.' . $directive; $def = $purifier->config->def->info[$directiveKey]; if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } if (isset($config[$namespace]) && isset($config[$namespace][$directive])) { if (is_int($def)) { $directiveType = abs($def); } else { $directiveType = (isset($def->type) ? $def->type : 0); } switch ($directiveType) { case HTMLPurifier_VarParser::LOOKUP: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][$val] = true; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case HTMLPurifier_VarParser::ALIST: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][] = $val; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case HTMLPurifier_VarParser::HASH: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { list($i, $v) = explode(':', $val); $i = trim($i); $v = trim($v); if (!empty($i) && !empty($v)) { $config[$namespace][$directive][$i] = $v; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; } } if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } } //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; exit; $this->setVar('htmlpurifierConfig', serialize($config)); $purifier = SecurityCenter_Util::getpurifier(true); // clear all cache and compile directories ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Saved HTMLPurifier configuration.')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig')); }
/** * Prepares an array from a form into something usable for the more * strict parts of HTMLPurifier_Config * @static */ function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) { $array = isset($array[$index]) && is_array($array[$index]) ? $array[$index] : array(); $mq = version_compare(PHP_VERSION, '6.0.0', '<') && @get_magic_quotes_gpc() && $mq_fix; $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed); $ret = array(); foreach ($allowed as $key) { list($ns, $directive) = $key; $skey = "{$ns}.{$directive}"; if (!empty($array["Null_{$skey}"])) { $ret[$ns][$directive] = null; continue; } if (!isset($array[$skey])) { continue; } $value = $mq ? stripslashes($array[$skey]) : $array[$skey]; $ret[$ns][$directive] = $value; } return $ret; }