mirror of
https://github.com/OpenXE-org/OpenXE.git
synced 2025-01-02 18:10:29 +01:00
124 lines
4.0 KiB
PHP
124 lines
4.0 KiB
PHP
|
<?php
|
||
|
|
||
|
namespace Xentral\Components\Sanitizer;
|
||
|
|
||
|
use Xentral\Components\Sanitizer\Helper\InternalUriWhitelistChecker;
|
||
|
use Xentral\Components\Sanitizer\Helper\UriParser;
|
||
|
use Xentral\Components\Sanitizer\HtmlPurifier\InternalUrlWhitelist;
|
||
|
|
||
|
final class SanitizerConfig
|
||
|
{
|
||
|
/** @var bool $disableExternal */
|
||
|
private $disableExternal;
|
||
|
|
||
|
/** @var bool $disableExternalResources */
|
||
|
private $disableExternalResources;
|
||
|
|
||
|
/** @var string|null $hostname */
|
||
|
private $hostname;
|
||
|
|
||
|
/** @var string|null $redirectUrl */
|
||
|
private $redirectUrl;
|
||
|
|
||
|
/** @var array $moduleActionWhitelist */
|
||
|
private $moduleActionWhitelist;
|
||
|
|
||
|
/** @var string|null $tempDir */
|
||
|
private $tempDir;
|
||
|
|
||
|
/**
|
||
|
* @param bool $disableExternal Removes all external links and resources
|
||
|
* @param bool $disableExternalResources Removes only external resources; external links are allowed
|
||
|
* @param string|null $hostname Domain name of the server; without http/https
|
||
|
* @param string|null $redirectUrl Munges all browsable (usually http, https and ftp) absolute URIs
|
||
|
* into another URI; example `http://my-redirect-service.com/?url=%s`
|
||
|
* @param array $moduleActionWhitelist Example `[ ['module' => 'welcome', 'action' => 'redirect'] ]`
|
||
|
*/
|
||
|
public function __construct(
|
||
|
$disableExternal = false,
|
||
|
$disableExternalResources = false,
|
||
|
$hostname = null,
|
||
|
$redirectUrl = null,
|
||
|
$moduleActionWhitelist = []
|
||
|
) {
|
||
|
$this->disableExternal = (bool)$disableExternal;
|
||
|
$this->disableExternalResources = (bool)$disableExternalResources;
|
||
|
$this->moduleActionWhitelist = (array)$moduleActionWhitelist;
|
||
|
if (is_string($hostname) && !empty($hostname)) {
|
||
|
$this->hostname = $hostname;
|
||
|
}
|
||
|
if (is_string($redirectUrl) && !empty($redirectUrl)) {
|
||
|
$this->redirectUrl = $redirectUrl;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @param string $tempDir
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function setTempDir($tempDir)
|
||
|
{
|
||
|
$this->tempDir = $tempDir;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @return array
|
||
|
*/
|
||
|
public function toHtmlPurifierConfig()
|
||
|
{
|
||
|
$config = $this->getPurifierDefaults();
|
||
|
$config['URI']['DisableExternal'] = $this->disableExternal;
|
||
|
$config['URI']['DisableExternalResources'] = $this->disableExternalResources;
|
||
|
|
||
|
if ($this->redirectUrl !== null) {
|
||
|
$config['URI']['Munge'] = $this->redirectUrl;
|
||
|
}
|
||
|
if ($this->hostname !== null) {
|
||
|
$config['URI']['Host'] = $this->hostname;
|
||
|
}
|
||
|
if ($this->tempDir !== null && is_dir($this->tempDir)) {
|
||
|
$config['Cache'] = [
|
||
|
'DefinitionImpl' => 'Serializer',
|
||
|
'SerializerPath' => $this->tempDir,
|
||
|
];
|
||
|
}
|
||
|
|
||
|
// Nur bestimmte interne URLs zulassen; alle anderen entfernen
|
||
|
if (!empty($this->hostname) && !empty($this->moduleActionWhitelist)) {
|
||
|
$checker = new InternalUriWhitelistChecker($this->hostname, $this->moduleActionWhitelist);
|
||
|
$autoFormatter = new InternalUrlWhitelist(new UriParser(), $checker);
|
||
|
|
||
|
if (!isset($config['AutoFormat']['Custom'])) {
|
||
|
$config['AutoFormat']['Custom'] = [];
|
||
|
}
|
||
|
$config['AutoFormat']['Custom'][] = $autoFormatter;
|
||
|
}
|
||
|
|
||
|
return $config;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @see http://htmlpurifier.org/live/configdoc/plain.html
|
||
|
*
|
||
|
* @return array
|
||
|
*/
|
||
|
private function getPurifierDefaults()
|
||
|
{
|
||
|
return [
|
||
|
'URI' => [
|
||
|
'DisableExternal' => false,
|
||
|
'DisableExternalResources' => false,
|
||
|
'Munge' => null,
|
||
|
'Host' => null,
|
||
|
],
|
||
|
'HTML' => [
|
||
|
'TidyLevel' => 'medium',
|
||
|
'TargetBlank' => true,
|
||
|
'TargetNoopener' => true,
|
||
|
'TargetNoreferrer' => true,
|
||
|
],
|
||
|
];
|
||
|
}
|
||
|
}
|