0ct0pu5/yellow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactored code, spring cleanup

Browse source
This commit is contained in:
markseu 2022-04-20 14:40:51 +02:00
parent fd27fe91ca
commit 1e0007805a
2 changed files with 22 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
system/extensions/core.php
View file

@ -2,7 +2,7 @@
// Core extension, https://github.com/datenstrom/yellow-extensions/tree/master/source/core
class YellowCore {
const VERSION = "0.8.70";
const VERSION = "0.8.71";
const RELEASE = "0.8.19";
public $page; // current page
public $content; // content files
@ -2165,16 +2165,15 @@ class YellowLookup {
// Return media location from file path
public function findMediaLocationFromFile($fileName) {
$location = "";
$regex = "/\.(css|gif|ico|js|jpg|png|svg|woff|woff2)$/";
$extensionDirectoryLength = strlenu($this->yellow->system->get("coreExtensionDirectory"));
$themeDirectoryLength = strlenu($this->yellow->system->get("coreThemeDirectory"));
$mediaDirectoryLength = strlenu($this->yellow->system->get("coreMediaDirectory"));
if (substru($fileName, 0, $extensionDirectoryLength)==$this->yellow->system->get("coreExtensionDirectory")) {
if ($this->isFileLocation($fileName) && preg_match($regex, $fileName)) {
if ($this->yellow->toolbox->isSafeFile($fileName)) {
$location = $this->yellow->system->get("coreExtensionLocation").substru($fileName, $extensionDirectoryLength);
}
} elseif (substru($fileName, 0, $themeDirectoryLength)==$this->yellow->system->get("coreThemeDirectory")) {
if ($this->isFileLocation($fileName) && preg_match($regex, $fileName)) {
if ($this->yellow->toolbox->isSafeFile($fileName)) {
$location = $this->yellow->system->get("coreThemeLocation").substru($fileName, $themeDirectoryLength);
}
} elseif (substru($fileName, 0, $mediaDirectoryLength)==$this->yellow->system->get("coreMediaDirectory")) {
@ -2186,16 +2185,15 @@ class YellowLookup {
// Return file path from media location
public function findFileFromMediaLocation($location) {
$fileName = "";
$regex = "/\.(css|gif|ico|js|jpg|png|svg|woff|woff2)$/";
$extensionLocationLength = strlenu($this->yellow->system->get("coreExtensionLocation"));
$themeLocationLength = strlenu($this->yellow->system->get("coreThemeLocation"));
$mediaLocationLength = strlenu($this->yellow->system->get("coreMediaLocation"));
if (substru($location, 0, $extensionLocationLength)==$this->yellow->system->get("coreExtensionLocation")) {
if ($this->isFileLocation($location) && preg_match($regex, $location)) {
if ($this->yellow->toolbox->isSafeFile($location)) {
$fileName = $this->yellow->system->get("coreExtensionDirectory").substru($location, $extensionLocationLength);
}
} elseif (substru($location, 0, $themeLocationLength)==$this->yellow->system->get("coreThemeLocation")) {
if ($this->isFileLocation($location) && preg_match($regex, $location)) {
if ($this->yellow->toolbox->isSafeFile($location)) {
$fileName = $this->yellow->system->get("coreThemeDirectory").substru($location, $themeLocationLength);
}
} elseif (substru($location, 0, $mediaLocationLength)==$this->yellow->system->get("coreMediaLocation")) {
@ -2219,7 +2217,7 @@ class YellowLookup {
return $fileNames;
}
// Return media directory from a well-known system setting
// Return media directory from a system setting
public function findMediaDirectory($key) {
return substru($key, -8, 8)=="Location" ? $this->findFileFromMediaLocation($this->yellow->system->get($key)) : "";
}
@ -2312,7 +2310,7 @@ class YellowLookup {
$location = str_replace("/./", "/", $location);
$location = str_replace(":", $this->yellow->toolbox->getLocationArgumentsSeparator(), $location);
} else {
if ($filterStrict && !preg_match("/^(http|https|ftp|mailto|tel):/", $location)) $location = "error-xss-filter";
if ($filterStrict && !$this->yellow->toolbox->isSafeUrl($location)) $location = "error-xss-filter";
}
return $location;
}
@ -2322,7 +2320,7 @@ class YellowLookup {
if (!preg_match("/^\w+:/", $location)) {
$url = "$scheme://$address$base$location";
} else {
if ($filterStrict && !preg_match("/^(http|https|ftp|mailto|tel):/", $location)) $location = "error-xss-filter";
if ($filterStrict && !$this->yellow->toolbox->isSafeUrl($location)) $location = "error-xss-filter";
$url = $location;
}
return $url;
@ -3459,11 +3457,11 @@ class YellowToolbox {
}
if ($filterStrict) {
$href = isset($elementAttributes["href"]) ? $elementAttributes["href"] : "";
if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto|tel):/", $href)) {
if (preg_match("/^\w+:/", $href) && !$this->isSafeUrl($href)) {
$elementAttributes["href"] = "error-xss-filter";
}
$href = isset($elementAttributes["xlink:href"]) ? $elementAttributes["xlink:href"] : "";
if (preg_match("/^\w+:/", $href) && !preg_match("/^(http|https|ftp|mailto|tel):/", $href)) {
if (preg_match("/^\w+:/", $href) && !$this->isSafeUrl($href)) {
$elementAttributes["xlink:href"] = "error-xss-filter";
}
}
@ -3523,6 +3521,16 @@ class YellowToolbox {
$time = intval((microtime(true)-$time) * 1000);
}
// Check if file is a well-known file type
public function isSafeFile($fileName) {
return preg_match("/\.(css|gif|ico|js|jpg|png|svg|woff|woff2)$/", $fileName);
}
// Check if URL is a well-known URL scheme
public function isSafeUrl($url) {
return preg_match("/^(http|https|ftp|mailto|tel):/", $url);
}
// Check if there are location arguments in current HTTP request
public function isLocationArguments($location = "") {
if (empty($location)) $location = $this->getServer("LOCATION").$this->getServer("LOCATION_ARGUMENTS");

4
system/extensions/update-current.ini
View file

@ -21,11 +21,11 @@ Tag: feature
system/extensions/command.php: command.php, create, update
Extension: Core
Version: 0.8.70
Version: 0.8.71
Description: Core functionality of the website.
DocumentationUrl: https://github.com/datenstrom/yellow-extensions/tree/master/source/core
DownloadUrl: https://github.com/datenstrom/yellow-extensions/raw/master/zip/core.zip
Published: 2022-04-19 19:43:28
Published: 2022-04-20 14:36:27
Developer: Datenstrom
Tag: feature
system/extensions/core.php: core.php, create, update