Changeset 32955
- Timestamp:
- 08/26/11 20:09:33 (2 years ago)
- Files:
-
- plugins/sfXssSafePlugin/trunk/LICENSE (modified) (1 diff)
- plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php (modified) (7 diffs)
- plugins/sfXssSafePlugin/trunk/test/unit/XssSafeTest.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
plugins/sfXssSafePlugin/trunk/LICENSE
r32954 r32955 1 1 Copyright (c) 2008-2011 Alexandre Mogère 2 2 3 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 3 Permission is hereby granted, free of charge, to any person obtaining a copy 4 of this software and associated documentation files (the "Software"), to deal 5 in the Software without restriction, including without limitation the rights 6 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 copies of the Software, and to permit persons to whom the Software is furnished 8 to do so, subject to the following conditions: 4 9 5 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 10 The above copyright notice and this permission notice shall be included in all 11 copies or substantial portions of the Software. 6 12 7 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 THE SOFTWARE. plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php
r27745 r32955 1 1 <?php 2 3 /* 4 * This file is part of sfXssSafePlugin. 5 * 6 * (c) Alexandre Mogère 7 * 8 * This source file is subject to the MIT license that is bundled 9 * with this source code in the file LICENSE. 10 */ 2 11 3 12 class sfXssSafe … … 23 32 // sets configuration 24 33 $config = HTMLPurifier_Config::createDefault(); 25 26 34 $definitions = sfConfig::get('app_sfXssSafePlugin_definition'); 35 27 36 if (!empty($definitions)) 28 37 { … … 41 50 } 42 51 // customizable attributes 43 else if ($directive == 'Attribute')52 else if ($directive == 'Attribute') 44 53 { 45 54 $attributes = $values; … … 49 58 else 50 59 { 51 if ( ($def == 'AutoFormat' && $directive == 'Custom')52 60 if ($def == 'AutoFormat' && 61 $directive == 'Custom' && 53 62 !class_exists("HTMLPurifier_Injector_$values")) 54 63 { … … 64 73 65 74 // deactivated cache for dev environment 66 $env = sfConfig::get('sf_environment'); 67 if ($env == 'dev' || $env == 'test') 75 if (in_array(sfConfig::get('sf_environment'), array('dev', 'test'))) 68 76 { 69 77 // turns off cache … … 78 86 if ($hasCustom) 79 87 { 80 $def = $config->getHTMLDefinition(true); 81 82 // adds custom elements 83 if (!empty($elements)) 84 { 85 foreach ($elements as $name => $element) 86 { 87 $name = strtolower($name); 88 ${$name} = $def->addElement( 89 $name, 90 $element['type'], 91 $element['contents'], 92 $element['attr_includes'], 93 $element['attr'] 94 ); 95 $factory = 'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator'; 96 if (class_exists($factory)) 97 { 98 ${$name}->attr_transform_post[] = new $factory(); 99 } 100 } 101 } 102 88 if ($def = $config->maybeGetRawHTMLDefinition()) 89 { 90 // adds custom elements 91 if (!empty($elements)) 92 { 93 foreach ($elements as $name => $element) 94 { 95 $name = strtolower($name); 96 ${$name} = $def->addElement( 97 $name, 98 $element['type'], 99 $element['contents'], 100 $element['attr_includes'], 101 $element['attr'] 102 ); 103 104 $factory = 'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator'; 105 if (class_exists($factory)) 106 { 107 ${$name}->attr_transform_post[] = new $factory(); 108 } 109 } 110 } 111 } 112 103 113 // adds custom attributs 104 114 if (!empty($attributes)) … … 106 116 foreach ($attributes as $name => $attr) 107 117 { 108 109 110 111 112 113 114 118 $name = strtolower($name); 119 ${$name} = $def->addAttribute( 120 $name, 121 $attr['attr_name'], 122 $attr['def'] 123 ); 124 } 115 125 } 116 126 } plugins/sfXssSafePlugin/trunk/test/unit/XssSafeTest.php
r27542 r32955 155 155 'IMG Embedded commands 1' => array( 156 156 'input' => '<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">', 157 'output' => '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciousc ode" />'157 'output' => '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciousc" />' 158 158 ), 159 159 'IMG STYLE w/expression' => array(
