Returns a list of array(namespace, directive) for all directives
that are allowed in a web-form context as per an allowed
namespaces/directives list.
| public static getAllowedDirectivesForForm ( array $allowed, HTMLPurifier_ConfigSchema $schema = null ) : array | ||
| $allowed | array | List of allowed namespaces/directives |
| $schema | HTMLPurifier_ConfigSchema | Schema to use, if not global copy |
| 리턴 | array | |
/**
* Returns HTML output for a configuration form
* @param $config Configuration object of current form state
* @param $allowed Optional namespace(s) and directives to restrict form to.
*/
function render($config, $allowed = true, $render_controls = true)
{
$this->config = $config;
$this->prepareGenerator($config);
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
$all = array();
foreach ($allowed as $key) {
list($ns, $directive) = $key;
$all[$ns][$directive] = $config->get($ns, $directive);
}
$ret = '';
$ret .= $this->start('table', array('class' => 'hp-config'));
$ret .= $this->start('thead');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Directive');
$ret .= $this->element('th', 'Value');
$ret .= $this->end('tr');
$ret .= $this->end('thead');
foreach ($all as $ns => $directives) {
$ret .= $this->renderNamespace($ns, $directives);
}
if ($render_controls) {
$ret .= $this->start('tbody');
$ret .= $this->start('tr');
$ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
$ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit'));
$ret .= '[<a href="?">Reset</a>]';
$ret .= $this->end('td');
$ret .= $this->end('tr');
$ret .= $this->end('tbody');
}
$ret .= $this->end('table');
return $ret;
}
/**
* Prepares an array from a form into something usable for the more
* strict parts of HTMLPurifier_Config
*
* @param array $array $_GET or $_POST array to import
* @param string|bool $index Index/name that the config variables are in
* @param array|bool $allowed List of allowed namespaces/directives
* @param bool $mq_fix Boolean whether or not to enable magic quotes fix
* @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
*
* @return array
*/
public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
{
if ($index !== false) {
$array = isset($array[$index]) && is_array($array[$index]) ? $array[$index] : array();
}
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
$ret = array();
foreach ($allowed as $key) {
list($ns, $directive) = $key;
$skey = "{$ns}.{$directive}";
if (!empty($array["Null_{$skey}"])) {
$ret[$ns][$directive] = null;
continue;
}
if (!isset($array[$skey])) {
continue;
}
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
$ret[$ns][$directive] = $value;
}
return $ret;
}
public function test_getAllowedDirectivesForForm()
{
$this->schema->add('Unused.Unused', 'Foobar', 'string', false);
$this->schema->add('Partial.Allowed', true, 'bool', false);
$this->schema->add('Partial.Unused', 'Foobar', 'string', false);
$this->schema->add('All.Allowed', true, 'bool', false);
$this->schema->add('All.Blacklisted', 'Foobar', 'string', false);
// explicitly blacklisted
$this->schema->add('All.DefinitionID', 'Foobar', 'string', true);
// auto-blacklisted
$this->schema->add('All.DefinitionRev', 2, 'int', false);
// auto-blacklisted
$input = array('Partial.Allowed', 'All', '-All.Blacklisted');
$output = HTMLPurifier_Config::getAllowedDirectivesForForm($input, $this->schema);
$expect = array(array('Partial', 'Allowed'), array('All', 'Allowed'));
$this->assertEqual($output, $expect);
}
/**
* @Route("/purifierconfig")
* @Method("POST")
*
* Update HTMLPurifier configuration.
*
* @param Request $request
*
* @return RedirectResponse
*
* @throws AccessDeniedException Thrown if the user doesn't have admin access to the module
*/
public function updatepurifierconfigAction(Request $request)
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) {
throw new AccessDeniedException();
}
// Load HTMLPurifier Classes
$purifier = SecurityCenterUtil::getpurifier();
// Update module variables.
$config = $request->request->get('purifierConfig', null);
$config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
$allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
foreach ($allowed as $allowedDirective) {
list($namespace, $directive) = $allowedDirective;
$directiveKey = $namespace . '.' . $directive;
$def = $purifier->config->def->info[$directiveKey];
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
if (is_int($def)) {
$directiveType = abs($def);
} else {
$directiveType = isset($def->type) ? $def->type : 0;
}
switch ($directiveType) {
case \HTMLPurifier_VarParser::LOOKUP:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][$val] = true;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::ALIST:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][] = $val;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::HASH:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
list($i, $v) = explode(':', $val);
$i = trim($i);
$v = trim($v);
if (!empty($i) && !empty($v)) {
$config[$namespace][$directive][$i] = $v;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
}
}
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
}
$this->setVar('htmlpurifierConfig', serialize($config));
// clear all cache and compile directories
ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
$request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.'));
return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL));
}
/**
* Update HTMLPurifier configuration.
*
* @return void
*/
public function updatepurifierconfig()
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Load HTMLPurifier Classes
$purifier = SecurityCenter_Util::getpurifier();
// Update module variables.
$config = FormUtil::getPassedValue('purifierConfig', null, 'POST');
$config = HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
//echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n";
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
foreach ($allowed as $allowedDirective) {
list($namespace, $directive) = $allowedDirective;
$directiveKey = $namespace . '.' . $directive;
$def = $purifier->config->def->info[$directiveKey];
if (isset($config[$namespace])
&& array_key_exists($directive, $config[$namespace])
&& is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
if (is_int($def)) {
$directiveType = abs($def);
} else {
$directiveType = (isset($def->type) ? $def->type : 0);
}
switch ($directiveType) {
case HTMLPurifier_VarParser::LOOKUP:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][$val] = true;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case HTMLPurifier_VarParser::ALIST:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][] = $val;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case HTMLPurifier_VarParser::HASH:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
list($i, $v) = explode(':', $val);
$i = trim($i);
$v = trim($v);
if (!empty($i) && !empty($v)) {
$config[$namespace][$directive][$i] = $v;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
}
}
if (isset($config[$namespace])
&& array_key_exists($directive, $config[$namespace])
&& is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
}
//echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; exit;
$this->setVar('htmlpurifierConfig', serialize($config));
$purifier = SecurityCenter_Util::getpurifier(true);
// clear all cache and compile directories
ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
LogUtil::registerStatus($this->__('Done! Saved HTMLPurifier configuration.'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
$this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
}
/**
* Prepares an array from a form into something usable for the more
* strict parts of HTMLPurifier_Config
* @static
*/
function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true)
{
$array = isset($array[$index]) && is_array($array[$index]) ? $array[$index] : array();
$mq = version_compare(PHP_VERSION, '6.0.0', '<') && @get_magic_quotes_gpc() && $mq_fix;
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
$ret = array();
foreach ($allowed as $key) {
list($ns, $directive) = $key;
$skey = "{$ns}.{$directive}";
if (!empty($array["Null_{$skey}"])) {
$ret[$ns][$directive] = null;
continue;
}
if (!isset($array[$skey])) {
continue;
}
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
$ret[$ns][$directive] = $value;
}
return $ret;
}
