Changeset 3165222
- Timestamp:
- 10/08/2024 07:51:39 PM (6 months ago)
- Location:
- svgplus/trunk
- Files:
-
- 21 edited
-
includes/class-svgplus-sanitizer.php (modified) (2 diffs)
-
readme.txt (modified) (3 diffs)
-
svgplus.php (modified) (2 diffs)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/ClassLoader.php (modified) (24 diffs)
-
vendor/composer/InstalledVersions.php (modified) (1 diff)
-
vendor/composer/autoload_classmap.php (modified) (1 diff)
-
vendor/composer/autoload_namespaces.php (modified) (1 diff)
-
vendor/composer/autoload_psr4.php (modified) (1 diff)
-
vendor/composer/autoload_real.php (modified) (2 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
-
vendor/composer/installed.json (modified) (3 diffs)
-
vendor/composer/installed.php (modified) (1 diff)
-
vendor/composer/platform_check.php (modified) (1 diff)
-
vendor/enshrined/svg-sanitize/README.md (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/composer.json (modified) (2 diffs)
-
vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php (modified) (2 diffs)
-
vendor/enshrined/svg-sanitize/src/Sanitizer.php (modified) (14 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AllowedTags.php (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AttributeInterface.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
svgplus/trunk/includes/class-svgplus-sanitizer.php
r3165219 r3165222 7 7 8 8 use enshrined\svgSanitize\Sanitizer; 9 use enshrined\svgSanitize\Config; 9 10 10 11 class SVGPlus_Sanitizer { … … 24 25 $sanitizer = new Sanitizer(); 25 26 26 // Get the current config 27 $config = $sanitizer->getConfig(); 27 // Check if getConfig() method exists 28 if (method_exists($sanitizer, 'getConfig')) { 29 $config = $sanitizer->getConfig(); 28 30 29 if ($allow_animations) { 30 // Include animation elements and attributes 31 $config->addAllowedTags(['animate', 'animateTransform', 'animateMotion', 'mpath', 'set']); 32 $config->addAllowedAttrs([ 33 'attributeName', 'attributeType', 'begin', 'by', 'calcMode', 'dur', 'end', 'fill', 34 'from', 'keyPoints', 'keySplines', 'keyTimes', 'max', 'min', 'repeatCount', 35 'repeatDur', 'restart', 'to', 'values', 'additive', 'accumulate', 'path', 'rotate', 36 'origin', 'type' 37 ]); 31 if ($allow_animations) { 32 // Include animation elements and attributes 33 $config->addAllowedTags(['animate', 'animateTransform', 'animateMotion', 'mpath', 'set']); 34 $config->addAllowedAttrs([ 35 'attributeName', 'attributeType', 'begin', 'by', 'calcMode', 'dur', 'end', 'fill', 36 'from', 'keyPoints', 'keySplines', 'keyTimes', 'max', 'min', 'repeatCount', 37 'repeatDur', 'restart', 'to', 'values', 'additive', 'accumulate', 'path', 'rotate', 38 'origin', 'type' 39 ]); 40 } 41 42 // Apply the updated config to the sanitizer 43 $sanitizer->setConfig($config); 44 } else { 45 // For older versions, use constructor with custom config 46 $config = new Config(); 47 48 if ($allow_animations) { 49 // Include animation elements and attributes 50 $config->addAllowedTags(['animate', 'animateTransform', 'animateMotion', 'mpath', 'set']); 51 $config->addAllowedAttrs([ 52 'attributeName', 'attributeType', 'begin', 'by', 'calcMode', 'dur', 'end', 'fill', 53 'from', 'keyPoints', 'keySplines', 'keyTimes', 'max', 'min', 'repeatCount', 54 'repeatDur', 'restart', 'to', 'values', 'additive', 'accumulate', 'path', 'rotate', 55 'origin', 'type' 56 ]); 57 } 58 59 $sanitizer = new Sanitizer($config); 38 60 } 39 40 // Apply the updated config to the sanitizer41 $sanitizer->setConfig($config);42 61 43 62 // Sanitize the SVG -
svgplus/trunk/readme.txt
r3165218 r3165222 4 4 Requires at least: 5.0 5 5 Tested up to: 6.6 6 Stable tag: 1.0.1 06 Stable tag: 1.0.11 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 72 72 ## Changelog 73 73 74 = 1.0. 9=74 = 1.0.11 = 75 75 76 76 - Switched to using the `enshrined/svg-sanitize` library for SVG sanitization. … … 116 116 == Upgrade Notice == 117 117 118 = 1.0.1 0=118 = 1.0.11 = 119 119 120 120 Please update to this version to benefit from improved SVG sanitization and functionality enhancements. -
svgplus/trunk/svgplus.php
r3165219 r3165222 3 3 * Plugin Name: SVGPlus 4 4 * Description: Upload, sanitize, and display SVG files securely in WordPress. 5 * Version: 1.0.1 05 * Version: 1.0.11 6 6 * Author: Rizonepress 7 7 * License: GPL2 … … 14 14 15 15 // Include Composer's autoloader 16 require_once __DIR__ . '/vendor/autoload.php'; 16 if (file_exists(__DIR__ . '/vendor/autoload.php')) { 17 require_once __DIR__ . '/vendor/autoload.php'; 18 } else { 19 // Handle missing autoloader 20 error_log('SVGPlus: Composer autoloader not found. Please ensure dependencies are installed.'); 21 return; 22 } 17 23 18 24 // Include the sanitizer class 19 require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-sanitizer.php'; 25 if (file_exists(plugin_dir_path(__FILE__) . 'includes/class-svgplus-sanitizer.php')) { 26 require_once plugin_dir_path(__FILE__) . 'includes/class-svgplus-sanitizer.php'; 27 } else { 28 error_log('SVGPlus: Sanitizer class file not found.'); 29 return; 30 } 20 31 21 32 // Plugin activation hook to set default settings -
svgplus/trunk/vendor/autoload.php
r3165214 r3165222 3 3 // autoload.php @generated by Composer 4 4 5 if (PHP_VERSION_ID < 50600) {6 if (!headers_sent()) {7 header('HTTP/1.1 500 Internal Server Error');8 }9 $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;10 if (!ini_get('display_errors')) {11 if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {12 fwrite(STDERR, $err);13 } elseif (!headers_sent()) {14 echo $err;15 }16 }17 trigger_error(18 $err,19 E_USER_ERROR20 );21 }22 23 5 require_once __DIR__ . '/composer/autoload_real.php'; 24 6 25 return ComposerAutoloaderInit 278afc54527d5abefe91adfc89b3adbf::getLoader();7 return ComposerAutoloaderInit61c7f72a5d76a6a96ee3c8825ef2f87a::getLoader(); -
svgplus/trunk/vendor/composer/ClassLoader.php
r3165214 r3165222 43 43 class ClassLoader 44 44 { 45 /** @var \Closure(string):void */46 private static $includeFile;47 48 /** @var string|null */49 private $vendorDir;50 51 45 // PSR-4 52 /**53 * @var array<string, array<string, int>>54 */55 46 private $prefixLengthsPsr4 = array(); 56 /**57 * @var array<string, list<string>>58 */59 47 private $prefixDirsPsr4 = array(); 60 /**61 * @var list<string>62 */63 48 private $fallbackDirsPsr4 = array(); 64 49 65 50 // PSR-0 66 /**67 * List of PSR-0 prefixes68 *69 * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))70 *71 * @var array<string, array<string, list<string>>>72 */73 51 private $prefixesPsr0 = array(); 74 /**75 * @var list<string>76 */77 52 private $fallbackDirsPsr0 = array(); 78 53 79 /** @var bool */80 54 private $useIncludePath = false; 81 82 /**83 * @var array<string, string>84 */85 55 private $classMap = array(); 86 87 /** @var bool */88 56 private $classMapAuthoritative = false; 89 90 /**91 * @var array<string, bool>92 */93 57 private $missingClasses = array(); 94 95 /** @var string|null */96 58 private $apcuPrefix; 97 59 98 /**99 * @var array<string, self>100 */101 private static $registeredLoaders = array();102 103 /**104 * @param string|null $vendorDir105 */106 public function __construct($vendorDir = null)107 {108 $this->vendorDir = $vendorDir;109 self::initializeIncludeClosure();110 }111 112 /**113 * @return array<string, list<string>>114 */115 60 public function getPrefixes() 116 61 { … … 122 67 } 123 68 124 /**125 * @return array<string, list<string>>126 */127 69 public function getPrefixesPsr4() 128 70 { … … 130 72 } 131 73 132 /**133 * @return list<string>134 */135 74 public function getFallbackDirs() 136 75 { … … 138 77 } 139 78 140 /**141 * @return list<string>142 */143 79 public function getFallbackDirsPsr4() 144 80 { … … 146 82 } 147 83 148 /**149 * @return array<string, string> Array of classname => path150 */151 84 public function getClassMap() 152 85 { … … 155 88 156 89 /** 157 * @param array<string, string> $classMap Class to filename map 158 * 159 * @return void 90 * @param array $classMap Class to filename map 160 91 */ 161 92 public function addClassMap(array $classMap) … … 172 103 * appending or prepending to the ones previously set for this prefix. 173 104 * 174 * @param string $prefix The prefix 175 * @param list<string>|string $paths The PSR-0 root directories 176 * @param bool $prepend Whether to prepend the directories 177 * 178 * @return void 105 * @param string $prefix The prefix 106 * @param array|string $paths The PSR-0 root directories 107 * @param bool $prepend Whether to prepend the directories 179 108 */ 180 109 public function add($prefix, $paths, $prepend = false) 181 110 { 182 $paths = (array) $paths;183 111 if (!$prefix) { 184 112 if ($prepend) { 185 113 $this->fallbackDirsPsr0 = array_merge( 186 $paths,114 (array) $paths, 187 115 $this->fallbackDirsPsr0 188 116 ); … … 190 118 $this->fallbackDirsPsr0 = array_merge( 191 119 $this->fallbackDirsPsr0, 192 $paths120 (array) $paths 193 121 ); 194 122 } … … 199 127 $first = $prefix[0]; 200 128 if (!isset($this->prefixesPsr0[$first][$prefix])) { 201 $this->prefixesPsr0[$first][$prefix] = $paths;129 $this->prefixesPsr0[$first][$prefix] = (array) $paths; 202 130 203 131 return; … … 205 133 if ($prepend) { 206 134 $this->prefixesPsr0[$first][$prefix] = array_merge( 207 $paths,135 (array) $paths, 208 136 $this->prefixesPsr0[$first][$prefix] 209 137 ); … … 211 139 $this->prefixesPsr0[$first][$prefix] = array_merge( 212 140 $this->prefixesPsr0[$first][$prefix], 213 $paths141 (array) $paths 214 142 ); 215 143 } … … 220 148 * appending or prepending to the ones previously set for this namespace. 221 149 * 222 * @param string 223 * @param list<string>|string $paths The PSR-4 base directories224 * @param bool 150 * @param string $prefix The prefix/namespace, with trailing '\\' 151 * @param array|string $paths The PSR-4 base directories 152 * @param bool $prepend Whether to prepend the directories 225 153 * 226 154 * @throws \InvalidArgumentException 227 *228 * @return void229 155 */ 230 156 public function addPsr4($prefix, $paths, $prepend = false) 231 157 { 232 $paths = (array) $paths;233 158 if (!$prefix) { 234 159 // Register directories for the root namespace. 235 160 if ($prepend) { 236 161 $this->fallbackDirsPsr4 = array_merge( 237 $paths,162 (array) $paths, 238 163 $this->fallbackDirsPsr4 239 164 ); … … 241 166 $this->fallbackDirsPsr4 = array_merge( 242 167 $this->fallbackDirsPsr4, 243 $paths168 (array) $paths 244 169 ); 245 170 } … … 251 176 } 252 177 $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; 253 $this->prefixDirsPsr4[$prefix] = $paths;178 $this->prefixDirsPsr4[$prefix] = (array) $paths; 254 179 } elseif ($prepend) { 255 180 // Prepend directories for an already registered namespace. 256 181 $this->prefixDirsPsr4[$prefix] = array_merge( 257 $paths,182 (array) $paths, 258 183 $this->prefixDirsPsr4[$prefix] 259 184 ); … … 262 187 $this->prefixDirsPsr4[$prefix] = array_merge( 263 188 $this->prefixDirsPsr4[$prefix], 264 $paths189 (array) $paths 265 190 ); 266 191 } … … 271 196 * replacing any others previously set for this prefix. 272 197 * 273 * @param string $prefix The prefix 274 * @param list<string>|string $paths The PSR-0 base directories 275 * 276 * @return void 198 * @param string $prefix The prefix 199 * @param array|string $paths The PSR-0 base directories 277 200 */ 278 201 public function set($prefix, $paths) … … 289 212 * replacing any others previously set for this namespace. 290 213 * 291 * @param string 292 * @param list<string>|string $paths The PSR-4 base directories214 * @param string $prefix The prefix/namespace, with trailing '\\' 215 * @param array|string $paths The PSR-4 base directories 293 216 * 294 217 * @throws \InvalidArgumentException 295 *296 * @return void297 218 */ 298 219 public function setPsr4($prefix, $paths) … … 314 235 * 315 236 * @param bool $useIncludePath 316 *317 * @return void318 237 */ 319 238 public function setUseIncludePath($useIncludePath) … … 338 257 * 339 258 * @param bool $classMapAuthoritative 340 *341 * @return void342 259 */ 343 260 public function setClassMapAuthoritative($classMapAuthoritative) … … 360 277 * 361 278 * @param string|null $apcuPrefix 362 *363 * @return void364 279 */ 365 280 public function setApcuPrefix($apcuPrefix) … … 382 297 * 383 298 * @param bool $prepend Whether to prepend the autoloader or not 384 *385 * @return void386 299 */ 387 300 public function register($prepend = false) 388 301 { 389 302 spl_autoload_register(array($this, 'loadClass'), true, $prepend); 390 391 if (null === $this->vendorDir) {392 return;393 }394 395 if ($prepend) {396 self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders;397 } else {398 unset(self::$registeredLoaders[$this->vendorDir]);399 self::$registeredLoaders[$this->vendorDir] = $this;400 }401 303 } 402 304 403 305 /** 404 306 * Unregisters this instance as an autoloader. 405 *406 * @return void407 307 */ 408 308 public function unregister() 409 309 { 410 310 spl_autoload_unregister(array($this, 'loadClass')); 411 412 if (null !== $this->vendorDir) {413 unset(self::$registeredLoaders[$this->vendorDir]);414 }415 311 } 416 312 … … 419 315 * 420 316 * @param string $class The name of the class 421 * @return true|null True if loaded, null otherwise317 * @return bool|null True if loaded, null otherwise 422 318 */ 423 319 public function loadClass($class) 424 320 { 425 321 if ($file = $this->findFile($class)) { 426 $includeFile = self::$includeFile; 427 $includeFile($file); 322 includeFile($file); 428 323 429 324 return true; 430 325 } 431 432 return null;433 326 } 434 327 … … 475 368 } 476 369 477 /**478 * Returns the currently registered loaders keyed by their corresponding vendor directories.479 *480 * @return array<string, self>481 */482 public static function getRegisteredLoaders()483 {484 return self::$registeredLoaders;485 }486 487 /**488 * @param string $class489 * @param string $ext490 * @return string|false491 */492 370 private function findFileWithExtension($class, $ext) 493 371 { … … 555 433 return false; 556 434 } 557 558 /**559 * @return void560 */561 private static function initializeIncludeClosure()562 {563 if (self::$includeFile !== null) {564 return;565 }566 567 /**568 * Scope isolated include.569 *570 * Prevents access to $this/self from included files.571 *572 * @param string $file573 * @return void574 */575 self::$includeFile = \Closure::bind(static function($file) {576 include $file;577 }, null, null);578 }579 435 } 436 437 /** 438 * Scope isolated include. 439 * 440 * Prevents access to $this/self from included files. 441 */ 442 function includeFile($file) 443 { 444 include $file; 445 } -
svgplus/trunk/vendor/composer/InstalledVersions.php
r3165214 r3165222 1 1 <?php 2 2 3 /* 4 * This file is part of Composer. 5 * 6 * (c) Nils Adermann <[email protected]> 7 * Jordi Boggiano <[email protected]> 8 * 9 * For the full copyright and license information, please view the LICENSE 10 * file that was distributed with this source code. 11 */ 3 4 5 6 7 8 9 10 11 12 12 13 13 namespace Composer; 14 14 15 use Composer\Autoload\ClassLoader;16 15 use Composer\Semver\VersionParser; 17 16 18 /** 19 * This class is copied in every Composer installed project and available to all 20 * 21 * See also https://getcomposer.org/doc/07-runtime.md#installed-versions 22 * 23 * To require its presence, you can require `composer-runtime-api ^2.0` 24 * 25 * @final 26 */ 17 18 19 20 21 27 22 class InstalledVersions 28 23 { 29 /** 30 * @var mixed[]|null 31 * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null 32 */ 33 private static $installed; 34 35 /** 36 * @var bool|null 37 */ 38 private static $canGetVendors; 39 40 /** 41 * @var array[] 42 * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 43 */ 44 private static $installedByVendor = array(); 45 46 /** 47 * Returns a list of all package names which are present, either by being installed, replaced or provided 48 * 49 * @return string[] 50 * @psalm-return list<string> 51 */ 52 public static function getInstalledPackages() 53 { 54 $packages = array(); 55 foreach (self::getInstalled() as $installed) { 56 $packages[] = array_keys($installed['versions']); 57 } 58 59 if (1 === \count($packages)) { 60 return $packages[0]; 61 } 62 63 return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); 64 } 65 66 /** 67 * Returns a list of all package names with a specific type e.g. 'library' 68 * 69 * @param string $type 70 * @return string[] 71 * @psalm-return list<string> 72 */ 73 public static function getInstalledPackagesByType($type) 74 { 75 $packagesByType = array(); 76 77 foreach (self::getInstalled() as $installed) { 78 foreach ($installed['versions'] as $name => $package) { 79 if (isset($package['type']) && $package['type'] === $type) { 80 $packagesByType[] = $name; 81 } 82 } 83 } 84 85 return $packagesByType; 86 } 87 88 /** 89 * Checks whether the given package is installed 90 * 91 * This also returns true if the package name is provided or replaced by another package 92 * 93 * @param string $packageName 94 * @param bool $includeDevRequirements 95 * @return bool 96 */ 97 public static function isInstalled($packageName, $includeDevRequirements = true) 98 { 99 foreach (self::getInstalled() as $installed) { 100 if (isset($installed['versions'][$packageName])) { 101 return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; 102 } 103 } 104 105 return false; 106 } 107 108 /** 109 * Checks whether the given package satisfies a version constraint 110 * 111 * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: 112 * 113 * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') 114 * 115 * @param VersionParser $parser Install composer/semver to have access to this class and functionality 116 * @param string $packageName 117 * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package 118 * @return bool 119 */ 120 public static function satisfies(VersionParser $parser, $packageName, $constraint) 121 { 122 $constraint = $parser->parseConstraints((string) $constraint); 123 $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); 124 125 return $provided->matches($constraint); 126 } 127 128 /** 129 * Returns a version constraint representing all the range(s) which are installed for a given package 130 * 131 * It is easier to use this via isInstalled() with the $constraint argument if you need to check 132 * whether a given version of a package is installed, and not just whether it exists 133 * 134 * @param string $packageName 135 * @return string Version constraint usable with composer/semver 136 */ 137 public static function getVersionRanges($packageName) 138 { 139 foreach (self::getInstalled() as $installed) { 140 if (!isset($installed['versions'][$packageName])) { 141 continue; 142 } 143 144 $ranges = array(); 145 if (isset($installed['versions'][$packageName]['pretty_version'])) { 146 $ranges[] = $installed['versions'][$packageName]['pretty_version']; 147 } 148 if (array_key_exists('aliases', $installed['versions'][$packageName])) { 149 $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); 150 } 151 if (array_key_exists('replaced', $installed['versions'][$packageName])) { 152 $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); 153 } 154 if (array_key_exists('provided', $installed['versions'][$packageName])) { 155 $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); 156 } 157 158 return implode(' || ', $ranges); 159 } 160 161 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 162 } 163 164 /** 165 * @param string $packageName 166 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present 167 */ 168 public static function getVersion($packageName) 169 { 170 foreach (self::getInstalled() as $installed) { 171 if (!isset($installed['versions'][$packageName])) { 172 continue; 173 } 174 175 if (!isset($installed['versions'][$packageName]['version'])) { 176 return null; 177 } 178 179 return $installed['versions'][$packageName]['version']; 180 } 181 182 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 183 } 184 185 /** 186 * @param string $packageName 187 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present 188 */ 189 public static function getPrettyVersion($packageName) 190 { 191 foreach (self::getInstalled() as $installed) { 192 if (!isset($installed['versions'][$packageName])) { 193 continue; 194 } 195 196 if (!isset($installed['versions'][$packageName]['pretty_version'])) { 197 return null; 198 } 199 200 return $installed['versions'][$packageName]['pretty_version']; 201 } 202 203 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 204 } 205 206 /** 207 * @param string $packageName 208 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference 209 */ 210 public static function getReference($packageName) 211 { 212 foreach (self::getInstalled() as $installed) { 213 if (!isset($installed['versions'][$packageName])) { 214 continue; 215 } 216 217 if (!isset($installed['versions'][$packageName]['reference'])) { 218 return null; 219 } 220 221 return $installed['versions'][$packageName]['reference']; 222 } 223 224 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 225 } 226 227 /** 228 * @param string $packageName 229 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. 230 */ 231 public static function getInstallPath($packageName) 232 { 233 foreach (self::getInstalled() as $installed) { 234 if (!isset($installed['versions'][$packageName])) { 235 continue; 236 } 237 238 return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; 239 } 240 241 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 242 } 243 244 /** 245 * @return array 246 * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool} 247 */ 248 public static function getRootPackage() 249 { 250 $installed = self::getInstalled(); 251 252 return $installed[0]['root']; 253 } 254 255 /** 256 * Returns the raw installed.php data for custom implementations 257 * 258 * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. 259 * @return array[] 260 * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} 261 */ 262 public static function getRawData() 263 { 264 @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); 265 266 if (null === self::$installed) { 267 // only require the installed.php file if this file is loaded from its dumped location, 268 // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 269 if (substr(__DIR__, -8, 1) !== 'C') { 270 self::$installed = include __DIR__ . '/installed.php'; 271 } else { 272 self::$installed = array(); 273 } 274 } 275 276 return self::$installed; 277 } 278 279 /** 280 * Returns the raw data of all installed.php which are currently loaded for custom implementations 281 * 282 * @return array[] 283 * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 284 */ 285 public static function getAllRawData() 286 { 287 return self::getInstalled(); 288 } 289 290 /** 291 * Lets you reload the static array from another file 292 * 293 * This is only useful for complex integrations in which a project needs to use 294 * this class but then also needs to execute another project's autoloader in process, 295 * and wants to ensure both projects have access to their version of installed.php. 296 * 297 * A typical case would be PHPUnit, where it would need to make sure it reads all 298 * the data it needs from this class, then call reload() with 299 * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure 300 * the project in which it runs can then also use this class safely, without 301 * interference between PHPUnit's dependencies and the project's dependencies. 302 * 303 * @param array[] $data A vendor/composer/installed.php data set 304 * @return void 305 * 306 * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data 307 */ 308 public static function reload($data) 309 { 310 self::$installed = $data; 311 self::$installedByVendor = array(); 312 } 313 314 /** 315 * @return array[] 316 * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 317 */ 318 private static function getInstalled() 319 { 320 if (null === self::$canGetVendors) { 321 self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); 322 } 323 324 $installed = array(); 325 326 if (self::$canGetVendors) { 327 foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { 328 if (isset(self::$installedByVendor[$vendorDir])) { 329 $installed[] = self::$installedByVendor[$vendorDir]; 330 } elseif (is_file($vendorDir.'/composer/installed.php')) { 331 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 332 $required = require $vendorDir.'/composer/installed.php'; 333 $installed[] = self::$installedByVendor[$vendorDir] = $required; 334 if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 335 self::$installed = $installed[count($installed) - 1]; 336 } 337 } 338 } 339 } 340 341 if (null === self::$installed) { 342 // only require the installed.php file if this file is loaded from its dumped location, 343 // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 344 if (substr(__DIR__, -8, 1) !== 'C') { 345 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 346 $required = require __DIR__ . '/installed.php'; 347 self::$installed = $required; 348 } else { 349 self::$installed = array(); 350 } 351 } 352 353 if (self::$installed !== array()) { 354 $installed[] = self::$installed; 355 } 356 357 return $installed; 358 } 359 } 24 private static $installed = array ( 25 'root' => 26 array ( 27 'pretty_version' => '1.0.0+no-version-set', 28 'version' => '1.0.0.0', 29 'aliases' => 30 array ( 31 ), 32 'reference' => NULL, 33 'name' => '__root__', 34 ), 35 'versions' => 36 array ( 37 '__root__' => 38 array ( 39 'pretty_version' => '1.0.0+no-version-set', 40 'version' => '1.0.0.0', 41 'aliases' => 42 array ( 43 ), 44 'reference' => NULL, 45 ), 46 'enshrined/svg-sanitize' => 47 array ( 48 'pretty_version' => '0.14.1', 49 'version' => '0.14.1.0', 50 'aliases' => 51 array ( 52 ), 53 'reference' => '307b42066fb0b76b5119f5e1f0826e18fefabe95', 54 ), 55 ), 56 ); 57 58 59 60 61 62 63 64 public static function getInstalledPackages() 65 { 66 return array_keys(self::$installed['versions']); 67 } 68 69 70 71 72 73 74 75 76 77 public static function isInstalled($packageName) 78 { 79 return isset(self::$installed['versions'][$packageName]); 80 } 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 public static function satisfies(VersionParser $parser, $packageName, $constraint) 96 { 97 $constraint = $parser->parseConstraints($constraint); 98 $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); 99 100 return $provided->matches($constraint); 101 } 102 103 104 105 106 107 108 109 110 111 112 public static function getVersionRanges($packageName) 113 { 114 if (!isset(self::$installed['versions'][$packageName])) { 115 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 116 } 117 118 $ranges = array(); 119 if (isset(self::$installed['versions'][$packageName]['pretty_version'])) { 120 $ranges[] = self::$installed['versions'][$packageName]['pretty_version']; 121 } 122 if (array_key_exists('aliases', self::$installed['versions'][$packageName])) { 123 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['aliases']); 124 } 125 if (array_key_exists('replaced', self::$installed['versions'][$packageName])) { 126 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['replaced']); 127 } 128 if (array_key_exists('provided', self::$installed['versions'][$packageName])) { 129 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['provided']); 130 } 131 132 return implode(' || ', $ranges); 133 } 134 135 136 137 138 139 public static function getVersion($packageName) 140 { 141 if (!isset(self::$installed['versions'][$packageName])) { 142 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 143 } 144 145 if (!isset(self::$installed['versions'][$packageName]['version'])) { 146 return null; 147 } 148 149 return self::$installed['versions'][$packageName]['version']; 150 } 151 152 153 154 155 156 public static function getPrettyVersion($packageName) 157 { 158 if (!isset(self::$installed['versions'][$packageName])) { 159 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 160 } 161 162 if (!isset(self::$installed['versions'][$packageName]['pretty_version'])) { 163 return null; 164 } 165 166 return self::$installed['versions'][$packageName]['pretty_version']; 167 } 168 169 170 171 172 173 public static function getReference($packageName) 174 { 175 if (!isset(self::$installed['versions'][$packageName])) { 176 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 177 } 178 179 if (!isset(self::$installed['versions'][$packageName]['reference'])) { 180 return null; 181 } 182 183 return self::$installed['versions'][$packageName]['reference']; 184 } 185 186 187 188 189 190 public static function getRootPackage() 191 { 192 return self::$installed['root']; 193 } 194 195 196 197 198 199 200 201 public static function getRawData() 202 { 203 return self::$installed; 204 } 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 public static function reload($data) 225 { 226 self::$installed = $data; 227 } 228 } -
svgplus/trunk/vendor/composer/autoload_classmap.php
r3165214 r3165222 3 3 // autoload_classmap.php @generated by Composer 4 4 5 $vendorDir = dirname( __DIR__);5 $vendorDir = dirname(dirname(__FILE__)); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_namespaces.php
r3165214 r3165222 3 3 // autoload_namespaces.php @generated by Composer 4 4 5 $vendorDir = dirname( __DIR__);5 $vendorDir = dirname(dirname(__FILE__)); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_psr4.php
r3165214 r3165222 3 3 // autoload_psr4.php @generated by Composer 4 4 5 $vendorDir = dirname( __DIR__);5 $vendorDir = dirname(dirname(__FILE__)); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_real.php
r3165214 r3165222 3 3 // autoload_real.php @generated by Composer 4 4 5 class ComposerAutoloaderInit 278afc54527d5abefe91adfc89b3adbf5 class ComposerAutoloaderInit61c7f72a5d76a6a96ee3c8825ef2f87a 6 6 { 7 7 private static $loader; … … 25 25 require __DIR__ . '/platform_check.php'; 26 26 27 spl_autoload_register(array('ComposerAutoloaderInit 278afc54527d5abefe91adfc89b3adbf', 'loadClassLoader'), true, true);28 self::$loader = $loader = new \Composer\Autoload\ClassLoader( \dirname(__DIR__));29 spl_autoload_unregister(array('ComposerAutoloaderInit 278afc54527d5abefe91adfc89b3adbf', 'loadClassLoader'));27 spl_autoload_register(array('ComposerAutoloaderInit61c7f72a5d76a6a96ee3c8825ef2f87a', 'loadClassLoader'), true, true); 28 self::$loader = $loader = new \Composer\Autoload\ClassLoader(); 29 spl_autoload_unregister(array('ComposerAutoloaderInit61c7f72a5d76a6a96ee3c8825ef2f87a', 'loadClassLoader')); 30 30 31 require __DIR__ . '/autoload_static.php'; 32 call_user_func(\Composer\Autoload\ComposerStaticInit278afc54527d5abefe91adfc89b3adbf::getInitializer($loader)); 31 $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); 32 if ($useStaticLoader) { 33 require __DIR__ . '/autoload_static.php'; 34 35 call_user_func(\Composer\Autoload\ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a::getInitializer($loader)); 36 } else { 37 $map = require __DIR__ . '/autoload_namespaces.php'; 38 foreach ($map as $namespace => $path) { 39 $loader->set($namespace, $path); 40 } 41 42 $map = require __DIR__ . '/autoload_psr4.php'; 43 foreach ($map as $namespace => $path) { 44 $loader->setPsr4($namespace, $path); 45 } 46 47 $classMap = require __DIR__ . '/autoload_classmap.php'; 48 if ($classMap) { 49 $loader->addClassMap($classMap); 50 } 51 } 33 52 34 53 $loader->register(true); -
svgplus/trunk/vendor/composer/autoload_static.php
r3165214 r3165222 5 5 namespace Composer\Autoload; 6 6 7 class ComposerStaticInit 278afc54527d5abefe91adfc89b3adbf7 class ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a 8 8 { 9 9 public static $prefixLengthsPsr4 = array ( … … 28 28 { 29 29 return \Closure::bind(function () use ($loader) { 30 $loader->prefixLengthsPsr4 = ComposerStaticInit 278afc54527d5abefe91adfc89b3adbf::$prefixLengthsPsr4;31 $loader->prefixDirsPsr4 = ComposerStaticInit 278afc54527d5abefe91adfc89b3adbf::$prefixDirsPsr4;32 $loader->classMap = ComposerStaticInit 278afc54527d5abefe91adfc89b3adbf::$classMap;30 $loader->prefixLengthsPsr4 = ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a::$prefixLengthsPsr4; 31 $loader->prefixDirsPsr4 = ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a::$prefixDirsPsr4; 32 $loader->classMap = ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a::$classMap; 33 33 34 34 }, null, ClassLoader::class); -
svgplus/trunk/vendor/composer/installed.json
r3165214 r3165222 3 3 { 4 4 "name": "enshrined/svg-sanitize", 5 "version": "0. 20.0",6 "version_normalized": "0. 20.0.0",5 "version": "0.14.1", 6 "version_normalized": "0.14.1.0", 7 7 "source": { 8 8 "type": "git", 9 9 "url": "https://github.com/darylldoyle/svg-sanitizer.git", 10 "reference": " 068d9fcf912c88a0471d101d95a2caa87c50aee7"10 "reference": "307b42066fb0b76b5119f5e1f0826e18fefabe95" 11 11 }, 12 12 "dist": { 13 13 "type": "zip", 14 "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/ 068d9fcf912c88a0471d101d95a2caa87c50aee7",15 "reference": " 068d9fcf912c88a0471d101d95a2caa87c50aee7",14 "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/307b42066fb0b76b5119f5e1f0826e18fefabe95", 15 "reference": "307b42066fb0b76b5119f5e1f0826e18fefabe95", 16 16 "shasum": "" 17 17 }, … … 19 19 "ext-dom": "*", 20 20 "ext-libxml": "*", 21 "php": "^7. 1|| ^8.0"21 "php": "^7.0 || ^8.0" 22 22 }, 23 23 "require-dev": { 24 "codeclimate/php-test-reporter": "^0.1.2", 24 25 "phpunit/phpunit": "^6.5 || ^8.5" 25 26 }, 26 "time": "202 4-09-05T10:18:12+00:00",27 "time": "2021-08-09T23:46:54+00:00", 27 28 "type": "library", 28 29 "installation-source": "dist", … … 45 46 "support": { 46 47 "issues": "https://github.com/darylldoyle/svg-sanitizer/issues", 47 "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0. 20.0"48 "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.14.1" 48 49 }, 49 50 "install-path": "../enshrined/svg-sanitize" -
svgplus/trunk/vendor/composer/installed.php
r3165214 r3165222 1 <?php return array( 2 'root' => array( 3 'name' => 'derickpayne/svgplus', 4 'pretty_version' => '1.0.0+no-version-set', 5 'version' => '1.0.0.0', 6 'reference' => null, 7 'type' => 'library', 8 'install_path' => __DIR__ . '/../../', 9 'aliases' => array(), 10 'dev' => true, 1 <?php return array ( 2 'root' => 3 array ( 4 'pretty_version' => '1.0.0+no-version-set', 5 'version' => '1.0.0.0', 6 'aliases' => 7 array ( 11 8 ), 12 'versions' => array( 13 'derickpayne/svgplus' => array( 14 'pretty_version' => '1.0.0+no-version-set', 15 'version' => '1.0.0.0', 16 'reference' => null, 17 'type' => 'library', 18 'install_path' => __DIR__ . '/../../', 19 'aliases' => array(), 20 'dev_requirement' => false, 21 ), 22 'enshrined/svg-sanitize' => array( 23 'pretty_version' => '0.20.0', 24 'version' => '0.20.0.0', 25 'reference' => '068d9fcf912c88a0471d101d95a2caa87c50aee7', 26 'type' => 'library', 27 'install_path' => __DIR__ . '/../enshrined/svg-sanitize', 28 'aliases' => array(), 29 'dev_requirement' => false, 30 ), 9 'reference' => NULL, 10 'name' => '__root__', 11 ), 12 'versions' => 13 array ( 14 '__root__' => 15 array ( 16 'pretty_version' => '1.0.0+no-version-set', 17 'version' => '1.0.0.0', 18 'aliases' => 19 array ( 20 ), 21 'reference' => NULL, 31 22 ), 23 'enshrined/svg-sanitize' => 24 array ( 25 'pretty_version' => '0.14.1', 26 'version' => '0.14.1.0', 27 'aliases' => 28 array ( 29 ), 30 'reference' => '307b42066fb0b76b5119f5e1f0826e18fefabe95', 31 ), 32 ), 32 33 ); -
svgplus/trunk/vendor/composer/platform_check.php
r3165214 r3165222 5 5 $issues = array(); 6 6 7 if (!(PHP_VERSION_ID >= 70100)) {8 $issues[] = 'Your Composer dependencies require a PHP version ">= 7.1.0". You are running ' . PHP_VERSION . '.';7 if (!(PHP_VERSION_ID >= 50600)) { 8 $issues[] = 'Your Composer dependencies require a PHP version ">= 5.6.0". You are running ' . PHP_VERSION . '.'; 9 9 } 10 10 -
svgplus/trunk/vendor/enshrined/svg-sanitize/README.md
r3165214 r3165222 1 1 # svg-sanitizer 2 2 3 [](https://travis-ci.org/darylldoyle/svg-sanitizer) [](https://codeclimate.com/github/darylldoyle/svg-sanitizer/coverage)3 [](https://travis-ci.org/darylldoyle/svg-sanitizer) [](https://codeclimate.com/github/darylldoyle/svg-sanitizer/coverage) 4 4 5 This is my attempt at building a decent SVG sanitizer in PHP. The work is lar gely borrowed from [DOMPurify](https://github.com/cure53/DOMPurify).5 This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from [DOMPurify](https://github.com/cure53/DOMPurify). 6 6 7 7 ## Installation … … 41 41 These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`. 42 42 43 ## Remove remote references 43 ## Remove remote references 44 44 45 45 You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitizer. … … 74 74 ## TYPO3 75 75 76 This SVG sanitizer library is used per default in the core of TYPO3 v9 and later versions. 77 See [corresponding changelog entry](https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/9.5.x/Important-94492-IntroduceSVGSanitizer.html) for more details. 76 An integration for TYPO3 CMS of this library is available as composer package `t3g/svg-sanitizer` at [https://github.com/TYPO3GmbH/svg_sanitizer](https://github.com/TYPO3GmbH/svg_sanitizer) 78 77 79 78 ## Tests -
svgplus/trunk/vendor/enshrined/svg-sanitize/composer.json
r3165214 r3165222 10 10 ], 11 11 "scripts": { 12 "test": "phpunit --no-coverage", 13 "test:coverage": "phpunit" 12 "test": "phpunit --no-coverage" 14 13 }, 15 14 "autoload": { … … 26 25 "ext-dom": "*", 27 26 "ext-libxml": "*", 28 "php": "^7. 1|| ^8.0"27 "php": "^7.0 || ^8.0" 29 28 }, 30 29 "require-dev": { 31 "phpunit/phpunit": "^6.5 || ^8.5" 30 "phpunit/phpunit": "^6.5 || ^8.5", 31 "codeclimate/php-test-reporter": "^0.1.2" 32 32 } 33 33 } -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php
r3165214 r3165222 1 1 <?php 2 3 2 4 namespace enshrined\svgSanitize\Exceptions; 5 3 6 4 7 use Exception; … … 19 22 * @param \DOMElement|null $element 20 23 */ 21 public function __construct($message = "", $code = 0, ?Exception $previous = null, ?\DOMElement $element = null)24 public function __construct($message = "", $code = 0, Exception $previous = null, \DOMElement $element = null) 22 25 { 23 26 $this->element = $element; -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/Sanitizer.php
r3165214 r3165222 1 1 <?php 2 2 3 namespace enshrined\svgSanitize; 3 4 … … 8 9 use enshrined\svgSanitize\data\XPath; 9 10 use enshrined\svgSanitize\ElementReference\Resolver; 11 use enshrined\svgSanitize\ElementReference\Subject; 10 12 11 13 /** … … 40 42 * @var bool 41 43 */ 42 protected $ xmlErrorHandlerPreviousValue;44 protected $minifyXML = false; 43 45 44 46 /** 45 47 * @var bool 46 48 */ 47 protected $minifyXML = false; 49 protected $removeRemoteReferences = false; 50 51 /** 52 * @var int 53 */ 54 protected $useThreshold = 1000; 48 55 49 56 /** 50 57 * @var bool 51 58 */ 52 protected $remove RemoteReferences= false;59 protected $removeXMLTag = false; 53 60 54 61 /** 55 62 * @var int 56 63 */ 57 protected $useThreshold = 1000; 58 59 /** 60 * @var bool 61 */ 62 protected $removeXMLTag = false; 64 protected $xmlOptions = LIBXML_NOEMPTYTAG; 65 66 /** 67 * @var array 68 */ 69 protected $xmlIssues = array(); 70 71 /** 72 * @var Resolver 73 */ 74 protected $elementReferenceResolver; 63 75 64 76 /** 65 77 * @var int 66 78 */ 67 protected $xmlOptions = LIBXML_NOEMPTYTAG;68 69 /**70 * @var array71 */72 protected $xmlIssues = array();73 74 /**75 * @var Resolver76 */77 protected $elementReferenceResolver;78 79 /**80 * @var int81 */82 79 protected $useNestingLimit = 15; 83 84 /**85 * @var bool86 */87 protected $allowHugeFiles = false;88 80 89 81 /** … … 189 181 } 190 182 191 /**192 * Can we allow huge files?193 *194 * @return bool195 */196 public function getAllowHugeFiles() {197 return $this->allowHugeFiles;198 }199 200 /**201 * Set whether we can allow huge files.202 *203 * @param bool $allowHugeFiles204 */205 public function setAllowHugeFiles( $allowHugeFiles ) {206 $this->allowHugeFiles = $allowHugeFiles;207 }208 209 183 210 184 /** … … 212 186 * 213 187 * @param string $dirty 214 * @return string |false188 * @return string 215 189 */ 216 190 public function sanitize($dirty) … … 221 195 } 222 196 223 do { 224 /* 225 * recursively remove php tags because they can be hidden inside tags 226 * i.e. <?p<?php test?>hp echo . ' danger! ';?> 227 */ 228 $dirty = preg_replace('/<\?(=|php)(.+?)\?>/i', '', $dirty); 229 } while (preg_match('/<\?(=|php)(.+?)\?>/i', $dirty) != 0); 197 // Strip php tags 198 $dirty = preg_replace('/<\?(=|php)(.+?)\?>/i', '', $dirty); 230 199 231 200 $this->resetInternal(); 232 201 $this->setUpBefore(); 233 202 234 $loaded = $this->xmlDocument->loadXML($dirty , $this->getAllowHugeFiles() ? LIBXML_PARSEHUGE : 0);203 $loaded = $this->xmlDocument->loadXML($dirty); 235 204 236 205 // If we couldn't parse the XML then we go no further. Reset and return false 237 206 if (!$loaded) { 238 $this->xmlIssues = self::getXmlErrors();239 207 $this->resetAfter(); 240 208 return false; … … 247 215 $elementsToRemove = $this->elementReferenceResolver->getElementsToRemove(); 248 216 249 // Start the cleaning process 250 $this->startClean($this->xmlDocument->childNodes, $elementsToRemove); 217 // Grab all the elements 218 $allElements = $this->xmlDocument->getElementsByTagName("*"); 219 220 // remove doctype after node elements have been analyzed 221 $this->removeDoctype(); 222 // Start the cleaning proccess 223 $this->startClean($allElements, $elementsToRemove); 251 224 252 225 // Save cleaned XML to a variable … … 280 253 } 281 254 282 // Suppress the errors because we don't really have to worry about formation before cleansing. 283 // See reset in resetAfter(). 284 $this->xmlErrorHandlerPreviousValue = libxml_use_internal_errors(true); 255 // Suppress the errors because we don't really have to worry about formation before cleansing 256 libxml_use_internal_errors(true); 285 257 286 258 // Reset array of altered XML … … 299 271 libxml_disable_entity_loader($this->xmlLoaderValue); 300 272 } 301 302 libxml_clear_errors(); 303 libxml_use_internal_errors($this->xmlErrorHandlerPreviousValue); 273 } 274 275 /** 276 * Remove the XML Doctype 277 * It may be caught later on output but that seems to be buggy, so we need to make sure it's gone 278 */ 279 protected function removeDoctype() 280 { 281 foreach ($this->xmlDocument->childNodes as $child) { 282 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { 283 $child->parentNode->removeChild($child); 284 } 285 } 304 286 } 305 287 … … 335 317 } 336 318 337 if ($currentElement instanceof \DOMElement) { 338 // If the tag isn't in the whitelist, remove it and continue with next iteration 339 if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) { 319 // If the tag isn't in the whitelist, remove it and continue with next iteration 320 if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) { 321 $currentElement->parentNode->removeChild($currentElement); 322 $this->xmlIssues[] = array( 323 'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'', 324 'line' => $currentElement->getLineNo(), 325 ); 326 continue; 327 } 328 329 $this->cleanHrefs($currentElement); 330 331 $this->cleanXlinkHrefs($currentElement); 332 333 $this->cleanAttributesOnWhitelist($currentElement); 334 335 if (strtolower($currentElement->tagName) === 'use') { 336 if ($this->isUseTagDirty($currentElement) 337 || $this->isUseTagExceedingThreshold($currentElement) 338 ) { 340 339 $currentElement->parentNode->removeChild($currentElement); 341 340 $this->xmlIssues[] = array( 342 'message' => 'Suspicious tag\'' . $currentElement->tagName . '\'',341 'message' => 'Suspicious \'' . $currentElement->tagName . '\'', 343 342 'line' => $currentElement->getLineNo(), 344 343 ); 345 344 continue; 346 345 } 347 348 $this->cleanHrefs( $currentElement );349 350 $this->cleanXlinkHrefs( $currentElement );351 352 $this->cleanAttributesOnWhitelist($currentElement);353 354 if (strtolower($currentElement->tagName) === 'use') {355 if ($this->isUseTagDirty($currentElement)356 || $this->isUseTagExceedingThreshold($currentElement)357 ) {358 $currentElement->parentNode->removeChild($currentElement);359 $this->xmlIssues[] = array(360 'message' => 'Suspicious \'' . $currentElement->tagName . '\'',361 'line' => $currentElement->getLineNo(),362 );363 continue;364 }365 }366 367 // Strip out font elements that will break out of foreign content.368 if (strtolower($currentElement->tagName) === 'font') {369 $breaksOutOfForeignContent = false;370 for ($x = $currentElement->attributes->length - 1; $x >= 0; $x--) {371 // get attribute name372 $attrName = $currentElement->attributes->item( $x )->nodeName;373 374 if (in_array(strtolower($attrName), ['face', 'color', 'size'])) {375 $breaksOutOfForeignContent = true;376 }377 }378 379 if ($breaksOutOfForeignContent) {380 $currentElement->parentNode->removeChild($currentElement);381 $this->xmlIssues[] = array(382 'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'',383 'line' => $currentElement->getLineNo(),384 );385 continue;386 }387 }388 }389 390 $this->cleanUnsafeNodes($currentElement);391 392 if ($currentElement->hasChildNodes()) {393 $this->startClean($currentElement->childNodes, $elementsToRemove);394 346 } 395 347 } … … 405 357 for ($x = $element->attributes->length - 1; $x >= 0; $x--) { 406 358 // get attribute name 407 $attrName = $element->attributes->item($x)->n odeName;359 $attrName = $element->attributes->item($x)->name; 408 360 409 361 // Remove attribute if not in whitelist … … 481 433 } 482 434 483 484 485 486 487 488 489 490 491 435 /** 436 * Only allow whitelisted starts to be within the href. 437 * 438 * This will stop scripts etc from being passed through, with or without attempting to hide bypasses. 439 * This stops the need for us to use a complicated script regex. 440 * 441 * @param $value 442 * @return bool 443 */ 492 444 protected function isHrefSafeValue($value) { 493 445 … … 525 477 'data:image/pjp', // PJPEG 526 478 ))) { 527 479 return true; 528 480 } 529 481 … … 676 628 $this->useNestingLimit = (int) $limit; 677 629 } 678 679 /**680 * Remove nodes that are either invalid or malformed.681 *682 * @param \DOMNode $currentElement The current element.683 */684 protected function cleanUnsafeNodes(\DOMNode $currentElement) {685 // Replace CDATA node with encoded text node686 if ($currentElement instanceof \DOMCdataSection) {687 $textNode = $currentElement->ownerDocument->createTextNode($currentElement->nodeValue);688 $currentElement->parentNode->replaceChild($textNode, $currentElement);689 // If the element doesn't have a tagname, remove it and continue with next iteration690 } elseif (!$currentElement instanceof \DOMElement && !$currentElement instanceof \DOMText) {691 $currentElement->parentNode->removeChild($currentElement);692 $this->xmlIssues[] = array(693 'message' => 'Suspicious node \'' . $currentElement->nodeName . '\'',694 'line' => $currentElement->getLineNo(),695 );696 return;697 }698 699 if ( $currentElement->childNodes && $currentElement->childNodes->length > 0 ) {700 for ($j = $currentElement->childNodes->length - 1; $j >= 0; $j--) {701 /** @var \DOMElement $childElement */702 $childElement = $currentElement->childNodes->item($j);703 $this->cleanUnsafeNodes($childElement);704 }705 }706 }707 708 /**709 * Retrieve array of errors710 * @return array711 */712 private static function getXmlErrors()713 {714 $errors = [];715 foreach (libxml_get_errors() as $error) {716 $errors[] = [717 'message' => trim($error->message),718 'line' => $error->line,719 ];720 }721 722 return $errors;723 }724 630 } -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php
r3165214 r3165222 1 1 <?php 2 3 2 4 namespace enshrined\svgSanitize\data; 5 3 6 4 7 /** … … 152 155 'fill-rule', 153 156 'filter', 154 'filterUnits',155 157 'flood-color', 156 158 'flood-opacity', … … 271 273 'viewbox', 272 274 'visibility', 273 'vector-effect',274 275 'vert-adv-y', 275 276 'vert-origin-x', -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AllowedTags.php
r3165214 r3165222 1 1 <?php 2 3 2 4 namespace enshrined\svgSanitize\data; 5 3 6 4 7 /** … … 20 23 // HTML 21 24 'a', 25 'abbr', 26 'acronym', 27 'address', 28 'area', 29 'article', 30 'aside', 31 'audio', 32 'b', 33 'bdi', 34 'bdo', 35 'big', 36 'blink', 37 'blockquote', 38 'body', 39 'br', 40 'button', 41 'canvas', 42 'caption', 43 'center', 44 'cite', 45 'code', 46 'col', 47 'colgroup', 48 'content', 49 'data', 50 'datalist', 51 'dd', 52 'decorator', 53 'del', 54 'details', 55 'dfn', 56 'dir', 57 'div', 58 'dl', 59 'dt', 60 'element', 61 'em', 62 'fieldset', 63 'figcaption', 64 'figure', 22 65 'font', 66 'footer', 67 'form', 68 'h1', 69 'h2', 70 'h3', 71 'h4', 72 'h5', 73 'h6', 74 'head', 75 'header', 76 'hgroup', 77 'hr', 78 'html', 79 'i', 23 80 'image', 81 'img', 82 'input', 83 'ins', 84 'kbd', 85 'label', 86 'legend', 87 'li', 88 'main', 89 'map', 90 'mark', 91 'marquee', 92 'menu', 93 'menuitem', 94 'meter', 95 'nav', 96 'nobr', 97 'ol', 98 'optgroup', 99 'option', 100 'output', 101 'p', 102 'pre', 103 'progress', 104 'q', 105 'rp', 106 'rt', 107 'ruby', 108 's', 109 'samp', 110 'section', 111 'select', 112 'shadow', 113 'small', 114 'source', 115 'spacer', 116 'span', 117 'strike', 118 'strong', 24 119 'style', 120 'sub', 121 'summary', 122 'sup', 123 'table', 124 'tbody', 125 'td', 126 'template', 127 'textarea', 128 'tfoot', 129 'th', 130 'thead', 131 'time', 132 'tr', 133 'track', 134 'tt', 135 'u', 136 'ul', 137 'var', 138 'video', 139 'wbr', 25 140 26 141 // SVG … … 93 208 'feTurbulence', 94 209 210 //MathML 211 'math', 212 'menclose', 213 'merror', 214 'mfenced', 215 'mfrac', 216 'mglyph', 217 'mi', 218 'mlabeledtr', 219 'mmuliscripts', 220 'mn', 221 'mo', 222 'mover', 223 'mpadded', 224 'mphantom', 225 'mroot', 226 'mrow', 227 'ms', 228 'mpspace', 229 'msqrt', 230 'mystyle', 231 'msub', 232 'msup', 233 'msubsup', 234 'mtable', 235 'mtd', 236 'mtext', 237 'mtr', 238 'munder', 239 'munderover', 240 95 241 //text 96 242 '#text' -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AttributeInterface.php
r3165214 r3165222 1 1 <?php 2 2 namespace enshrined\svgSanitize\data; 3 3 4 4 5 /**
Note: See TracChangeset
for help on using the changeset viewer.