mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-19 06:23:12 +01:00
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
173 lines
5.9 KiB
PHP
Executable File
173 lines
5.9 KiB
PHP
Executable File
<?php
|
|
|
|
class HTMLPurifier_DefinitionCache_Serializer extends
|
|
HTMLPurifier_DefinitionCache
|
|
{
|
|
|
|
public function add($def, $config) {
|
|
if (!$this->checkDefType($def)) return;
|
|
$file = $this->generateFilePath($config);
|
|
if (file_exists($file)) return false;
|
|
if (!$this->_prepareDir($config)) return false;
|
|
return $this->_write($file, serialize($def));
|
|
}
|
|
|
|
public function set($def, $config) {
|
|
if (!$this->checkDefType($def)) return;
|
|
$file = $this->generateFilePath($config);
|
|
if (!$this->_prepareDir($config)) return false;
|
|
return $this->_write($file, serialize($def));
|
|
}
|
|
|
|
public function replace($def, $config) {
|
|
if (!$this->checkDefType($def)) return;
|
|
$file = $this->generateFilePath($config);
|
|
if (!file_exists($file)) return false;
|
|
if (!$this->_prepareDir($config)) return false;
|
|
return $this->_write($file, serialize($def));
|
|
}
|
|
|
|
public function get($config) {
|
|
$file = $this->generateFilePath($config);
|
|
if (!file_exists($file)) return false;
|
|
return unserialize(file_get_contents($file));
|
|
}
|
|
|
|
public function remove($config) {
|
|
$file = $this->generateFilePath($config);
|
|
if (!file_exists($file)) return false;
|
|
return unlink($file);
|
|
}
|
|
|
|
public function flush($config) {
|
|
if (!$this->_prepareDir($config)) return false;
|
|
$dir = $this->generateDirectoryPath($config);
|
|
$dh = opendir($dir);
|
|
while (false !== ($filename = readdir($dh))) {
|
|
if (empty($filename)) continue;
|
|
if ($filename[0] === '.') continue;
|
|
unlink($dir . '/' . $filename);
|
|
}
|
|
}
|
|
|
|
public function cleanup($config) {
|
|
if (!$this->_prepareDir($config)) return false;
|
|
$dir = $this->generateDirectoryPath($config);
|
|
$dh = opendir($dir);
|
|
while (false !== ($filename = readdir($dh))) {
|
|
if (empty($filename)) continue;
|
|
if ($filename[0] === '.') continue;
|
|
$key = substr($filename, 0, strlen($filename) - 4);
|
|
if ($this->isOld($key, $config)) unlink($dir . '/' . $filename);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generates the file path to the serial file corresponding to
|
|
* the configuration and definition name
|
|
* @todo Make protected
|
|
*/
|
|
public function generateFilePath($config) {
|
|
$key = $this->generateKey($config);
|
|
return $this->generateDirectoryPath($config) . '/' . $key . '.ser';
|
|
}
|
|
|
|
/**
|
|
* Generates the path to the directory contain this cache's serial files
|
|
* @note No trailing slash
|
|
* @todo Make protected
|
|
*/
|
|
public function generateDirectoryPath($config) {
|
|
$base = $this->generateBaseDirectoryPath($config);
|
|
return $base . '/' . $this->type;
|
|
}
|
|
|
|
/**
|
|
* Generates path to base directory that contains all definition type
|
|
* serials
|
|
* @todo Make protected
|
|
*/
|
|
public function generateBaseDirectoryPath($config) {
|
|
$base = $config->get('Cache', 'SerializerPath');
|
|
$base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base;
|
|
return $base;
|
|
}
|
|
|
|
/**
|
|
* Convenience wrapper function for file_put_contents
|
|
* @param $file File name to write to
|
|
* @param $data Data to write into file
|
|
* @return Number of bytes written if success, or false if failure.
|
|
*/
|
|
private function _write($file, $data) {
|
|
return file_put_contents($file, $data);
|
|
}
|
|
|
|
/**
|
|
* Prepares the directory that this type stores the serials in
|
|
* @return True if successful
|
|
*/
|
|
private function _prepareDir($config) {
|
|
$directory = $this->generateDirectoryPath($config);
|
|
if (!is_dir($directory)) {
|
|
$base = $this->generateBaseDirectoryPath($config);
|
|
if (!is_dir($base)) {
|
|
trigger_error('Base directory '.$base.' does not exist,
|
|
please create or change using %Cache.SerializerPath',
|
|
E_USER_WARNING);
|
|
return false;
|
|
} elseif (!$this->_testPermissions($base)) {
|
|
return false;
|
|
}
|
|
$old = umask(0022); // disable group and world writes
|
|
mkdir($directory);
|
|
umask($old);
|
|
} elseif (!$this->_testPermissions($directory)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Tests permissions on a directory and throws out friendly
|
|
* error messages and attempts to chmod it itself if possible
|
|
*/
|
|
private function _testPermissions($dir) {
|
|
// early abort, if it is writable, everything is hunky-dory
|
|
if (is_writable($dir)) return true;
|
|
if (!is_dir($dir)) {
|
|
// generally, you'll want to handle this beforehand
|
|
// so a more specific error message can be given
|
|
trigger_error('Directory '.$dir.' does not exist',
|
|
E_USER_WARNING);
|
|
return false;
|
|
}
|
|
if (function_exists('posix_getuid')) {
|
|
// POSIX system, we can give more specific advice
|
|
if (fileowner($dir) === posix_getuid()) {
|
|
// we can chmod it ourselves
|
|
chmod($dir, 0755);
|
|
return true;
|
|
} elseif (filegroup($dir) === posix_getgid()) {
|
|
$chmod = '775';
|
|
} else {
|
|
// PHP's probably running as nobody, so we'll
|
|
// need to give global permissions
|
|
$chmod = '777';
|
|
}
|
|
trigger_error('Directory '.$dir.' not writable, '.
|
|
'please chmod to ' . $chmod,
|
|
E_USER_WARNING);
|
|
} else {
|
|
// generic error message
|
|
trigger_error('Directory '.$dir.' not writable, '.
|
|
'please alter file permissions',
|
|
E_USER_WARNING);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|