-
-
Notifications
You must be signed in to change notification settings - Fork 166
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backport writer field fix from 3.6.0
- Loading branch information
1 parent
c77ccb8
commit f64364a
Showing
15 changed files
with
3,174 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 1,11 @@ | ||
const fs = require("fs"); | ||
|
||
process.env.VUE_APP_DEV_SERVER = "https://sandbox.kirby.test"; | ||
|
||
module.exports = { | ||
host: "sandbox.kirby.test", | ||
https: { | ||
key: fs.readFileSync('/Users/luX/Library/Application Support/Caddy/certificates/local/sandbox.kirby.test/sandbox.kirby.test.key'), | ||
cert: fs.readFileSync('/Users/luX/Library/Application Support/Caddy/certificates/local/sandbox.kirby.test/sandbox.kirby.test.crt') | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 1,165 @@ | ||
<?php | ||
|
||
namespace Kirby\Sane; | ||
|
||
use DOMAttr; | ||
use DOMDocumentType; | ||
use DOMElement; | ||
use Kirby\Toolkit\Dom; | ||
|
||
/** | ||
* Base class for Sane handlers with DOM file types | ||
* @since 3.5.8 | ||
* | ||
* @package Kirby Sane | ||
* @author Lukas Bestle <[email protected]> | ||
* @link https://getkirby.com | ||
* @copyright Bastian Allgeier GmbH | ||
* @license https://opensource.org/licenses/MIT | ||
*/ | ||
class DomHandler extends Handler | ||
{ | ||
/** | ||
* List of all MIME types that may | ||
* be used in data URIs | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedDataUris = [ | ||
'data:image/png', | ||
'data:image/gif', | ||
'data:image/jpg', | ||
'data:image/jpe', | ||
'data:image/pjp', | ||
'data:img/png', | ||
'data:img/gif', | ||
'data:img/jpg', | ||
'data:img/jpe', | ||
'data:img/pjp', | ||
]; | ||
|
||
/** | ||
* Allowed hostnames for HTTP(S) URLs | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedDomains = []; | ||
|
||
/** | ||
* Names of allowed XML processing instructions | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedPIs = []; | ||
|
||
/** | ||
* The document type (`'HTML'` or `'XML'`) | ||
* (to be set in child classes) | ||
* | ||
* @var string | ||
*/ | ||
protected static $type = 'XML'; | ||
|
||
/** | ||
* Sanitizes the given string | ||
* | ||
* @param string $string | ||
* @return string | ||
* | ||
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed | ||
*/ | ||
public static function sanitize(string $string): string | ||
{ | ||
$dom = static::parse($string); | ||
$dom->sanitize(static::options()); | ||
return $dom->toString(); | ||
} | ||
|
||
/** | ||
* Validates file contents | ||
* | ||
* @param string $string | ||
* @return void | ||
* | ||
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed | ||
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation | ||
*/ | ||
public static function validate(string $string): void | ||
{ | ||
$dom = static::parse($string); | ||
$errors = $dom->sanitize(static::options()); | ||
if (count($errors) > 0) { | ||
// there may be multiple errors, we can only throw one of them at a time | ||
throw $errors[0]; | ||
} | ||
} | ||
|
||
/** | ||
* Custom callback for additional attribute sanitization | ||
* @internal | ||
* | ||
* @param \DOMAttr $attr | ||
* @return array Array with exception objects for each modification | ||
*/ | ||
public static function sanitizeAttr(DOMAttr $attr): array | ||
{ | ||
// to be extended in child classes | ||
return []; | ||
} | ||
|
||
/** | ||
* Custom callback for additional element sanitization | ||
* @internal | ||
* | ||
* @param \DOMElement $element | ||
* @return array Array with exception objects for each modification | ||
*/ | ||
public static function sanitizeElement(DOMElement $element): array | ||
{ | ||
// to be extended in child classes | ||
return []; | ||
} | ||
|
||
/** | ||
* Custom callback for additional doctype validation | ||
* @internal | ||
* | ||
* @param \DOMDocumentType $doctype | ||
* @return void | ||
*/ | ||
public static function validateDoctype(DOMDocumentType $doctype): void | ||
{ | ||
// to be extended in child classes | ||
} | ||
|
||
/** | ||
* Returns the sanitization options for the handler | ||
* (to be extended in child classes) | ||
* | ||
* @return array | ||
*/ | ||
protected static function options(): array | ||
{ | ||
return [ | ||
'allowedDataUris' => static::$allowedDataUris, | ||
'allowedDomains' => static::$allowedDomains, | ||
'allowedPIs' => static::$allowedPIs, | ||
'attrCallback' => [static::class, 'sanitizeAttr'], | ||
'doctypeCallback' => [static::class, 'validateDoctype'], | ||
'elementCallback' => [static::class, 'sanitizeElement'], | ||
]; | ||
} | ||
|
||
/** | ||
* Parses the given string into a `Toolkit\Dom` object | ||
* | ||
* @param string $string | ||
* @return \Kirby\Toolkit\Dom | ||
* | ||
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed | ||
*/ | ||
protected static function parse(string $string) | ||
{ | ||
return new Dom($string, static::$type); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 1,144 @@ | ||
<?php | ||
|
||
namespace Kirby\Sane; | ||
|
||
/** | ||
* Sane handler for HTML files | ||
* @since 3.5.8 | ||
* | ||
* @package Kirby Sane | ||
* @author Bastian Allgeier <[email protected]>, | ||
* Lukas Bestle <[email protected]> | ||
* @link https://getkirby.com | ||
* @copyright Bastian Allgeier GmbH | ||
* @license https://opensource.org/licenses/MIT | ||
*/ | ||
class Html extends DomHandler | ||
{ | ||
/** | ||
* Global list of allowed attribute prefixes | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedAttrPrefixes = [ | ||
'aria-', | ||
'data-', | ||
]; | ||
|
||
/** | ||
* Global list of allowed attributes | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedAttrs = [ | ||
'class', | ||
'id', | ||
]; | ||
|
||
/** | ||
* Allowed hostnames for HTTP(S) URLs | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedDomains = true; | ||
|
||
/** | ||
* Associative array of all allowed tag names with the value | ||
* of either an array with the list of all allowed attributes | ||
* for this tag, `true` to allow any attribute from the | ||
* `allowedAttrs` list or `false` to allow the tag without | ||
* any attributes | ||
* | ||
* @var array | ||
*/ | ||
public static $allowedTags = [ | ||
'a' => ['href', 'rel', 'title', 'target'], | ||
'abbr' => ['title'], | ||
'b' => true, | ||
'body' => true, | ||
'blockquote' => true, | ||
'br' => true, | ||
'code' => true, | ||
'dl' => true, | ||
'dd' => true, | ||
'del' => true, | ||
'div' => true, | ||
'dt' => true, | ||
'em' => true, | ||
'footer' => true, | ||
'h1' => true, | ||
'h2' => true, | ||
'h3' => true, | ||
'h4' => true, | ||
'h5' => true, | ||
'h6' => true, | ||
'hr' => true, | ||
'html' => true, | ||
'i' => true, | ||
'ins' => true, | ||
'li' => true, | ||
'small' => true, | ||
'span' => true, | ||
'strong' => true, | ||
'sub' => true, | ||
'sup' => true, | ||
'ol' => true, | ||
'p' => true, | ||
'pre' => true, | ||
's' => true, | ||
'u' => true, | ||
'ul' => true, | ||
]; | ||
|
||
/** | ||
* Array of explicitly disallowed tags | ||
* | ||
* IMPORTANT: Use lower-case names here because | ||
* of the case-insensitive matching | ||
* | ||
* @var array | ||
*/ | ||
public static $disallowedTags = [ | ||
'iframe', | ||
'meta', | ||
'object', | ||
'script', | ||
'style', | ||
]; | ||
|
||
/** | ||
* List of attributes that may contain URLs | ||
* | ||
* @var array | ||
*/ | ||
public static $urlAttrs = [ | ||
'href', | ||
'src', | ||
'xlink:href', | ||
]; | ||
|
||
/** | ||
* The document type (`'HTML'` or `'XML'`) | ||
* | ||
* @var string | ||
*/ | ||
protected static $type = 'HTML'; | ||
|
||
/** | ||
* Returns the sanitization options for the handler | ||
* | ||
* @return array | ||
*/ | ||
protected static function options(): array | ||
{ | ||
return array_merge(parent::options(), [ | ||
'allowedAttrPrefixes' => static::$allowedAttrPrefixes, | ||
'allowedAttrs' => static::$allowedAttrs, | ||
'allowedNamespaces' => [], | ||
'allowedPIs' => [], | ||
'allowedTags' => static::$allowedTags, | ||
'disallowedTags' => static::$disallowedTags, | ||
'urlAttrs' => static::$urlAttrs, | ||
]); | ||
} | ||
} |
Oops, something went wrong.