Author: heristop
Date: 2010-02-08 17:55:21 +0100 (Mon, 08 Feb 2010)
New Revision: 27745
Added:
plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php
Modified:
plugins/sfXssSafePlugin/trunk/config/app.sample.yml
plugins/sfXssSafePlugin/trunk/lib/helper/XssSafeHelper.php
Log:
[[wiki:sfXssSafePlugin]]
- added helper to truncate escaped text
- added class for cleanup
Modified: plugins/sfXssSafePlugin/trunk/config/app.sample.yml
===================================================================
--- plugins/sfXssSafePlugin/trunk/config/app.sample.yml 2010-02-08 16:50:33 UTC
(rev 27744)
+++ plugins/sfXssSafePlugin/trunk/config/app.sample.yml 2010-02-08 16:55:21 UTC
(rev 27745)
@@ -1,3 +1,4 @@
+# Sample configuration file for app.yml with default values
all:
sfXssSafePlugin:
Modified: plugins/sfXssSafePlugin/trunk/lib/helper/XssSafeHelper.php
===================================================================
--- plugins/sfXssSafePlugin/trunk/lib/helper/XssSafeHelper.php 2010-02-08
16:50:33 UTC (rev 27744)
+++ plugins/sfXssSafePlugin/trunk/lib/helper/XssSafeHelper.php 2010-02-08
16:55:21 UTC (rev 27745)
@@ -21,150 +21,23 @@
* The function runs HTML Purifier as an alternative between
* escaping raw and escaping entities.
*
- * @param string $dirty_html the value to clean
+ * @param string $html the value to clean
* @return string the escaped value
*/
-function esc_xsssafe($dirty_html)
+function esc_xsssafe($html)
{
- if (false === $dirty_html || null === $dirty_html || 0 === $dirty_html)
- {
- return '';
- }
-
- set_error_handler('XssSafeErrorHandler');
-
- static $purifier = false;
-
- if (!$purifier)
- {
- $hasCustom = false;
- $aElements = array();
- $aAttributes = array();
-
- // sets configuration
- $config = HTMLPurifier_Config::createDefault();
-
- $definitions = sfConfig::get('app_sfXssSafePlugin_definition');
- if (!empty($definitions))
- {
- foreach ($definitions as $def => $conf)
- {
- if (!empty($conf))
- {
- foreach ($conf as $directive => $values)
- {
- if ($def == 'AutoFormat' && $directive != 'Custom')
- {
- // customizable elements
- if ($directive == 'Element')
- {
- $aElements = $values;
- }
- // customizable attributes
- else if($directive == 'Attribute')
- {
- $aAttributes = $values;
- }
- $hasCustom = true;
- }
- else
- {
- if (($def == 'AutoFormat' && $directive == 'Custom')
- &&
- !class_exists("HTMLPurifier_Injector_$values"))
- {
- continue;
- }
- $config->set(sprintf("%s.%s", $def, $directive), $values);
- // $values can be a string or an ArrayList
- }
- }
- }
- }
- }
-
- if (sfConfig::get('sf_environment') == 'dev' ||
sfConfig::get('sf_environment') == 'test')
- {
- // turns off cache
- $config->set(sprintf("%s.%s", 'Cache', 'DefinitionImpl'), null);
- }
- else
- {
- // sets the cache directory into Symfony cache directory
- $config->set(sprintf("%s.%s", 'Cache', 'DefinitionImpl'),
sfConfig::get('sf_cache_dir'));
- }
-
- if ($hasCustom)
- {
- $def = $config->getHTMLDefinition(true);
-
- // adds custom elements
- if (!empty($aElements))
- {
- foreach ($aElements as $name => $element)
- {
- $name = strtolower($name);
- ${$name} = $def->addElement(
- $name,
- $element['type'],
- $element['contents'],
- $element['attr_includes'],
- $element['attr']
- );
- $factory = 'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator';
- if (class_exists($factory))
- {
- ${$name}->attr_transform_post[] = new $factory();
- }
- }
- }
-
- // adds custom attributs
- if (!empty($aAttributes))
- {
- foreach ($aAttributes as $name => $attr)
- {
- $name = strtolower($name);
- ${$name} = $def->addAttribute(
- $name,
- $attr['attr_name'],
- $attr['def']
- );
- }
- }
- }
-
- $purifier = new HTMLPurifier($config);
- }
-
- $clean_html = $purifier->purify($dirty_html);
-
- restore_error_handler();
- return $clean_html;
+ return sfXssSafe::clean($html);
}
define('ESC_XSSSAFE', 'esc_xsssafe');
/**
- * Error handler.
- *
- * @param mixed Error number
- * @param string Error message
- * @param string Error file
- * @param mixed Error line
+ * Truncates raw +text+ to the length of +length+ and replaces the last three
characters with the +truncate_string+
+ * if the +text+ is longer than +length+.
*/
-function XssSafeErrorHandler($errno, $errstr, $errfile, $errline)
+function truncate_safe_text($text, $length = 30, $truncate_string = '...',
$truncate_lastspace = false)
{
- if (($errno & error_reporting()) == 0)
- {
- return;
- }
+ sfContext::getInstance()->getConfiguration()->loadHelpers('Text');
- throw new sfException(sprintf('{XssSafeHelper} Error at %s line %s (%s)',
- $errfile,
- $errline,
- $errstr)
- );
-}
-
-?>
+ return esc_xsssafe(truncate_text($text, $length, $truncate_string,
$truncate_lastspace));
+}
\ No newline at end of file
Added: plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php
===================================================================
--- plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php
(rev 0)
+++ plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php 2010-02-08
16:55:21 UTC (rev 27745)
@@ -0,0 +1,148 @@
+<?php
+
+class sfXssSafe
+{
+ public static function clean($dirtyHtml)
+ {
+ if (false === $dirtyHtml || null === $dirtyHtml || 0 === $dirtyHtml)
+ {
+ return '';
+ }
+
+ // set error handler to throw exceptions
+ set_error_handler(array('sfXssSafe', 'xssSafeErrorHandler'));
+
+ static $purifier = false;
+
+ if (!$purifier)
+ {
+ $hasCustom = false;
+ $elements = array();
+ $attributes = array();
+
+ // sets configuration
+ $config = HTMLPurifier_Config::createDefault();
+
+ $definitions = sfConfig::get('app_sfXssSafePlugin_definition');
+ if (!empty($definitions))
+ {
+ foreach ($definitions as $def => $conf)
+ {
+ if (!empty($conf))
+ {
+ foreach ($conf as $directive => $values)
+ {
+ if ($def == 'AutoFormat' && $directive != 'Custom')
+ {
+ // customizable elements
+ if ($directive == 'Element')
+ {
+ $elements = $values;
+ }
+ // customizable attributes
+ else if($directive == 'Attribute')
+ {
+ $attributes = $values;
+ }
+ $hasCustom = true;
+ }
+ else
+ {
+ if (($def == 'AutoFormat' && $directive == 'Custom')
+ &&
+ !class_exists("HTMLPurifier_Injector_$values"))
+ {
+ continue;
+ }
+ $config->set(sprintf("%s.%s", $def, $directive), $values);
+ // $values can be a string or an ArrayList
+ }
+ }
+ }
+ }
+ }
+
+ // deactivated cache for dev environment
+ $env = sfConfig::get('sf_environment');
+ if ($env == 'dev' || $env == 'test')
+ {
+ // turns off cache
+ $config->set(sprintf("%s.%s", 'Cache', 'DefinitionImpl'), null);
+ }
+ else
+ {
+ // sets the cache directory into Symfony cache directory
+ $config->set(sprintf("%s.%s", 'Cache', 'DefinitionImpl'),
sfConfig::get('sf_cache_dir'));
+ }
+
+ if ($hasCustom)
+ {
+ $def = $config->getHTMLDefinition(true);
+
+ // adds custom elements
+ if (!empty($elements))
+ {
+ foreach ($elements as $name => $element)
+ {
+ $name = strtolower($name);
+ ${$name} = $def->addElement(
+ $name,
+ $element['type'],
+ $element['contents'],
+ $element['attr_includes'],
+ $element['attr']
+ );
+ $factory =
'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator';
+ if (class_exists($factory))
+ {
+ ${$name}->attr_transform_post[] = new $factory();
+ }
+ }
+ }
+
+ // adds custom attributs
+ if (!empty($attributes))
+ {
+ foreach ($attributes as $name => $attr)
+ {
+ $name = strtolower($name);
+ ${$name} = $def->addAttribute(
+ $name,
+ $attr['attr_name'],
+ $attr['def']
+ );
+ }
+ }
+ }
+
+ $purifier = new HTMLPurifier($config);
+ }
+
+ $cleanHtml = $purifier->purify($dirtyHtml);
+
+ restore_error_handler();
+ return $cleanHtml;
+ }
+
+ /**
+ * Error handler.
+ *
+ * @param mixed Error number
+ * @param string Error message
+ * @param string Error file
+ * @param mixed Error line
+ */
+ public static function xssSafeErrorHandler($errno, $errstr, $errfile,
$errline)
+ {
+ if (($errno & error_reporting()) == 0)
+ {
+ return;
+ }
+
+ throw new sfException(sprintf("[XssSafe class] Error at %s line %s\n\n%s",
+ $errfile,
+ $errline,
+ $errstr
+ ));
+ }
+}
\ No newline at end of file
--
You received this message because you are subscribed to the Google Groups
"symfony SVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-svn?hl=en.
