SugarURIFilter - Code Metrics - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

SugarURIFilter A
last analyzed 2016-05-10 08:39 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	70
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	0

Test Coverage

Coverage

16.66%

Metric	Value
dl	0
loc	70
ccs	4
cts	24
cp	0.1666
rs	10
wmc	21
lcom	1
cbo	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	prepare()	0	14	3
D	filter()	0	48	18

<?php
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/


require_once 'include/HTMLPurifier/HTMLPurifier.standalone.php';
require_once 'include/HTMLPurifier/HTMLPurifier.autoload.php';

/**
 * cid: scheme implementation
 */
class HTMLPurifier_URIScheme_cid extends HTMLPurifier_URIScheme
{
    public $browsable = true;
    public $may_omit_host = true;

    public function doValidate(&$uri, $config, $context) {
        $uri->userinfo = null;
        $uri->port     = null;
        $uri->host     = null;
        $uri->query    = null;
        $uri->fragment = null;
        return true;
    }

}

class HTMLPurifier_Filter_Xmp extends HTMLPurifier_Filter

{

    public $name = 'Xmp';

    public function preFilter($html, $config, $context)
    {
        return preg_replace("#<(/)?xmp>#i", "<\\1pre>", $html);
    }
}

class SugarCleaner

{
    /**
     * Singleton instance
     * @var SugarCleaner
     */
    static public $instance;

    /**
     * HTMLPurifier instance
     * @var HTMLPurifier
     */
    protected $purifier;

    function __construct()
    {
        global $sugar_config;
        $config = HTMLPurifier_Config::createDefault();

        if(!is_dir(sugar_cached("htmlclean"))) {
            create_cache_directory("htmlclean/");
        }
        $config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
        $config->set('Core.Encoding', 'UTF-8');
        $hidden_tags = array('script' => true, 'style' => true, 'title' => true, 'head' => true);
        $config->set('Core.HiddenElements', $hidden_tags);
        $config->set('Cache.SerializerPath', sugar_cached("htmlclean"));
        $config->set('URI.Base', $sugar_config['site_url']);
        $config->set('CSS.Proprietary', true);
        $config->set('HTML.TidyLevel', 'light');
        $config->set('HTML.ForbiddenElements', array('body' => true, 'html' => true));
        $config->set('AutoFormat.RemoveEmpty', false);
        $config->set('Cache.SerializerPermissions', 0775);
        // for style
        //$config->set('Filter.ExtractStyleBlocks', true);
        $config->set('Filter.ExtractStyleBlocks.TidyImpl', false); // can't use csstidy, GPL
        if(!empty($GLOBALS['sugar_config']['html_allow_objects'])) {
            // for object
            $config->set('HTML.SafeObject', true);
            // for embed
            $config->set('HTML.SafeEmbed', true);
        }
        $config->set('Output.FlashCompat', true);
        // for iframe and xmp
        $config->set('Filter.Custom',  array(new HTMLPurifier_Filter_Xmp()));
        // for link
        $config->set('HTML.DefinitionID', 'Sugar HTML Def');
        $config->set('HTML.DefinitionRev', 2);
        $config->set('Cache.SerializerPath', sugar_cached('htmlclean/'));
        // IDs are namespaced
        $config->set('Attr.EnableID', true);
        $config->set('Attr.IDPrefix', 'sugar_text_');

        if ($def = $config->maybeGetRawHTMLDefinition()) {
            $form = $def->addElement(
      			'link',   // name
      			'Flow',  // content set
      			'Empty', // allowed children
      			'Core', // attribute collection
                 array( // attributes
            		'href*' => 'URI',
            		'rel' => 'Enum#stylesheet', // only stylesheets supported here
            		'type' => 'Enum#text/css' // only CSS supported here
    			)
            );
            $iframe = $def->addElement(
      			'iframe',   // name
      			'Flow',  // content set
      			'Optional: #PCDATA | Flow | Block', // allowed children
      			'Core', // attribute collection
                 array( // attributes
            		'src*' => 'URI',
                    'frameborder' => 'Enum#0,1',
                    'marginwidth' =>  'Pixels',
                    'marginheight' =>  'Pixels',
                    'scrolling' => 'Enum#|yes,no,auto',
                 	'align' => 'Enum#top,middle,bottom,left,right,center',
                    'height' => 'Length',
                    'width' => 'Length',
                 )
            );
            $iframe->excludes=array('iframe');
        }
        $uri = $config->getDefinition('URI');
        $uri->addFilter(new SugarURIFilter(), $config);
        HTMLPurifier_URISchemeRegistry::instance()->register('cid', new HTMLPurifier_URIScheme_cid());

        $this->purifier = new HTMLPurifier($config);
    }

    /**
     * Get cleaner instance
     * @return SugarCleaner
     */
    public static function getInstance()
    {
        if(is_null(self::$instance)) {
            self::$instance = new self;
        }
        return self::$instance;
    }

    /**
     * Clean string from potential XSS problems
     * @param string $html
     * @param bool $encoded Was it entity-encoded?
     * @return string
     */
    static public function cleanHtml($html, $encoded = false)

    {
        if(empty($html)) return $html;

        if($encoded) {
            $html = from_html($html);
        }
        if(!preg_match('<[^-A-Za-z0-9 `~!@#$%^&*()_=+{}\[\];:\'",./\\?\r\n|\x80-\xFF]>', $html)) {
            /* if it only has "safe" chars, don't bother */
            $cleanhtml = $html;
        } else {
            $purifier = self::getInstance()->purifier;
            $cleanhtml = $purifier->purify($html);
//            $styles = $purifier->context->get('StyleBlocks');
//            if(count($styles) > 0) {
//                $cleanhtml = "<style>".join("</style><style>", $styles)."</style>".$cleanhtml;
//            }
        }
        if($encoded) {
            $cleanhtml = to_html($cleanhtml);
        }
        return $cleanhtml;
    }

    static public function stripTags($string, $encoded = true)

    {
        if($encoded) {
            $string = from_html($string);
        }
        $string = filter_var($string, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_NO_ENCODE_QUOTES);
        return $encoded?to_html($string):$string;
    }
}

/**
 * URI filter for HTMLPurifier
 * Approves only resource URIs that are in the list of trusted domains
 * Until we have comprehensive CSRF protection, we need to sanitize URLs in emails, etc.
 * to avoid CSRF attacks.
 */
class SugarURIFilter extends HTMLPurifier_URIFilter

{
    public $name = 'SugarURIFilter';
//    public $post = true;
    protected $allowed = array();

    public function prepare($config)
    {
        global $sugar_config;
        if(!empty($sugar_config['security_trusted_domains']) && is_array($sugar_config['security_trusted_domains']))
        {
            $this->allowed = $sugar_config['security_trusted_domains'];
        }
        /* Allow this host?
        $def = $config->getDefinition('URI');
        if(!empty($def->base) && !empty($this->base->host)) {
            $this->allowed[] = $def->base->host;
        }
        */
    }

    public function filter(&$uri, $config, $context)
    {
        // skip non-resource URIs
        if (!$context->get('EmbeddedURI', true)) return true;

        //if(empty($this->allowed)) return false;

        if(!empty($uri->scheme) && strtolower($uri->scheme) != 'http' && strtolower($uri->scheme) != 'https') {
	        // do not touch non-HTTP URLs
	        return true;
	    }

    	// relative URLs permitted since email templates use it
		// if(empty($uri->host)) return false;
	    // allow URLs with no query
		if(empty($uri->query)) return true;

		// allow URLs for known good hosts
		foreach($this->allowed as $allow) {
            // must be equal to our domain or subdomain of our domain
            if($uri->host == $allow || substr($uri->host, -(strlen($allow)+1)) == ".$allow") {
                return true;
            }
        }

        // Here we try to block URLs that may be used for nasty XSRF stuff by
        // referring back to Sugar URLs
        // allow URLs that don't start with /? or /index.php?
		if(!empty($uri->path) && $uri->path != '/') {
		    $lpath = strtolower($uri->path);
		    if(substr($lpath, -10) != '/index.php' && $lpath != 'index.php') {
    			return true;
	    	}
		}

        $query_items = array();
		parse_str(from_html($uri->query), $query_items);
	    // weird query, probably harmless
		if(empty($query_items)) return true;
    	// suspiciously like SugarCRM query, reject
		if(!empty($query_items['module']) && !empty($query_items['action'])) return false;
    	// looks like non-download entry point - allow only specific entry points
		if(!empty($query_items['entryPoint']) && !in_array($query_items['entryPoint'], array('download', 'image', 'getImage'))) {
			return false;
		}

		return true;
    }
}


1		<?php
2		/*********************************************************************************
3		* SugarCRM Community Edition is a customer relationship management program developed by
4		* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
5
6		* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
7		* Copyright (C) 2011 - 2014 Salesagility Ltd.
8		*
9		* This program is free software; you can redistribute it and/or modify it under
10		* the terms of the GNU Affero General Public License version 3 as published by the
11		* Free Software Foundation with the addition of the following permission added
12		* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
13		* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
14		* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
15		*
16		* This program is distributed in the hope that it will be useful, but WITHOUT
17		* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
18		* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19		* details.
20		*
21		* You should have received a copy of the GNU Affero General Public License along with
22		* this program; if not, see http://www.gnu.org/licenses or write to the Free
23		* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24		* 02110-1301 USA.
25		*
26		* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
27		* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
28		*
29		* The interactive user interfaces in modified source and object code versions
30		* of this program must display Appropriate Legal Notices, as required under
31		* Section 5 of the GNU Affero General Public License version 3.
32		*
33		* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
34		* these Appropriate Legal Notices must retain the display of the "Powered by
35		* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
36		* reasonably feasible for technical reasons, the Appropriate Legal Notices must
37		* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
38		********************************************************************************/
39
40
41		require_once 'include/HTMLPurifier/HTMLPurifier.standalone.php';
42		require_once 'include/HTMLPurifier/HTMLPurifier.autoload.php';
43
44		/**
45		* cid: scheme implementation
46		*/
47		class HTMLPurifier_URIScheme_cid extends HTMLPurifier_URIScheme
48		{
49		public $browsable = true;
50		public $may_omit_host = true;
51
52		public function doValidate(&$uri, $config, $context) {
53		$uri->userinfo = null;
54		$uri->port = null;
55		$uri->host = null;
56		$uri->query = null;
57		$uri->fragment = null;
58		return true;
59		}
60
61		}
62
63		class HTMLPurifier_Filter_Xmp extends HTMLPurifier_Filter
		0 ignored issues – show Coding Style Compatibility introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history...
64		{
65
66		public $name = 'Xmp';
67
68	5	public function preFilter($html, $config, $context)
69		{
70	5	return preg_replace("#<(/)?xmp>#i", "<\\1pre>", $html);
71		}
72		}
73
74		class SugarCleaner
		0 ignored issues – show Coding Style Compatibility introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history...
75		{
76		/**
77		* Singleton instance
78		* @var SugarCleaner
79		*/
80		static public $instance;
81
82		/**
83		* HTMLPurifier instance
84		* @var HTMLPurifier
85		*/
86		protected $purifier;
87
88	1	function __construct()
89		{
90	1	global $sugar_config;
91	1	$config = HTMLPurifier_Config::createDefault();
92
93	1	if(!is_dir(sugar_cached("htmlclean"))) {
94		create_cache_directory("htmlclean/");
95		}
96	1	$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
97	1	$config->set('Core.Encoding', 'UTF-8');
98	1	$hidden_tags = array('script' => true, 'style' => true, 'title' => true, 'head' => true);
99	1	$config->set('Core.HiddenElements', $hidden_tags);
100	1	$config->set('Cache.SerializerPath', sugar_cached("htmlclean"));
101	1	$config->set('URI.Base', $sugar_config['site_url']);
102	1	$config->set('CSS.Proprietary', true);
103	1	$config->set('HTML.TidyLevel', 'light');
104	1	$config->set('HTML.ForbiddenElements', array('body' => true, 'html' => true));
105	1	$config->set('AutoFormat.RemoveEmpty', false);
106	1	$config->set('Cache.SerializerPermissions', 0775);
107		// for style
108		//$config->set('Filter.ExtractStyleBlocks', true);
109	1	$config->set('Filter.ExtractStyleBlocks.TidyImpl', false); // can't use csstidy, GPL
110	1	if(!empty($GLOBALS['sugar_config']['html_allow_objects'])) {
111		// for object
112		$config->set('HTML.SafeObject', true);
113		// for embed
114		$config->set('HTML.SafeEmbed', true);
115		}
116	1	$config->set('Output.FlashCompat', true);
117		// for iframe and xmp
118	1	$config->set('Filter.Custom', array(new HTMLPurifier_Filter_Xmp()));
119		// for link
120	1	$config->set('HTML.DefinitionID', 'Sugar HTML Def');
121	1	$config->set('HTML.DefinitionRev', 2);
122	1	$config->set('Cache.SerializerPath', sugar_cached('htmlclean/'));
123		// IDs are namespaced
124	1	$config->set('Attr.EnableID', true);
125	1	$config->set('Attr.IDPrefix', 'sugar_text_');
126
127	1	if ($def = $config->maybeGetRawHTMLDefinition()) {
128		$form = $def->addElement(
129		'link', // name
130		'Flow', // content set
131		'Empty', // allowed children
132		'Core', // attribute collection
133		array( // attributes
134		'href*' => 'URI',
135		'rel' => 'Enum#stylesheet', // only stylesheets supported here
136		'type' => 'Enum#text/css' // only CSS supported here
137		)
138		);
139		$iframe = $def->addElement(
140		'iframe', // name
141		'Flow', // content set
142		'Optional: #PCDATA \| Flow \| Block', // allowed children
143		'Core', // attribute collection
144		array( // attributes
145		'src*' => 'URI',
146		'frameborder' => 'Enum#0,1',
147		'marginwidth' => 'Pixels',
148		'marginheight' => 'Pixels',
149		'scrolling' => 'Enum#\|yes,no,auto',
150		'align' => 'Enum#top,middle,bottom,left,right,center',
151		'height' => 'Length',
152		'width' => 'Length',
153		)
154		);
155		$iframe->excludes=array('iframe');
156		}
157	1	$uri = $config->getDefinition('URI');
158	1	$uri->addFilter(new SugarURIFilter(), $config);
159	1	HTMLPurifier_URISchemeRegistry::instance()->register('cid', new HTMLPurifier_URIScheme_cid());
160
161	1	$this->purifier = new HTMLPurifier($config);
162	1	}
163
164		/**
165		* Get cleaner instance
166		* @return SugarCleaner
167		*/
168	5	public static function getInstance()
169		{
170	5	if(is_null(self::$instance)) {
171	1	self::$instance = new self;
172		}
173	5	return self::$instance;
174		}
175
176		/**
177		* Clean string from potential XSS problems
178		* @param string $html
179		* @param bool $encoded Was it entity-encoded?
180		* @return string
181		*/
182	69	static public function cleanHtml($html, $encoded = false)
		0 ignored issues – show Coding Style introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report As per PSR2, the `static` declaration should come after the visibility declaration. Loading history...
183		{
184	69	if(empty($html)) return $html;
185
186	69	if($encoded) {
187	3	$html = from_html($html);
188		}
189	69	if(!preg_match('<[^-A-Za-z0-9 `~!@#$%^&*()_=+{}\[\];:\'",./\\?\r\n\|\x80-\xFF]>', $html)) {
190		/* if it only has "safe" chars, don't bother */
191	68	$cleanhtml = $html;
192		} else {
193	5	$purifier = self::getInstance()->purifier;
194	5	$cleanhtml = $purifier->purify($html);
195		// $styles = $purifier->context->get('StyleBlocks');
196		// if(count($styles) > 0) {
197		// $cleanhtml = "<style>".join("</style><style>", $styles)."</style>".$cleanhtml;
198		// }
199		}
200	69	if($encoded) {
201	3	$cleanhtml = to_html($cleanhtml);
202		}
203	69	return $cleanhtml;
204		}
205
206		static public function stripTags($string, $encoded = true)
		0 ignored issues – show Coding Style introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report As per PSR2, the `static` declaration should come after the visibility declaration. Loading history...
207		{
208		if($encoded) {
209		$string = from_html($string);
210		}
211		$string = filter_var($string, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_NO_ENCODE_QUOTES);
212		return $encoded?to_html($string):$string;
213		}
214		}
215
216		/**
217		* URI filter for HTMLPurifier
218		* Approves only resource URIs that are in the list of trusted domains
219		* Until we have comprehensive CSRF protection, we need to sanitize URLs in emails, etc.
220		* to avoid CSRF attacks.
221		*/
222		class SugarURIFilter extends HTMLPurifier_URIFilter
		0 ignored issues – show Coding Style Compatibility introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history...
223		{
224		public $name = 'SugarURIFilter';
225		// public $post = true;
226		protected $allowed = array();
227
228	1	public function prepare($config)
229		{
230	1	global $sugar_config;
231	1	if(!empty($sugar_config['security_trusted_domains']) && is_array($sugar_config['security_trusted_domains']))
232		{
233		$this->allowed = $sugar_config['security_trusted_domains'];
234		}
235		/* Allow this host?
236		$def = $config->getDefinition('URI');
237		if(!empty($def->base) && !empty($this->base->host)) {
238		$this->allowed[] = $def->base->host;
239		}
240		*/
241	1	}
242
243		public function filter(&$uri, $config, $context)
244		{
245		// skip non-resource URIs
246		if (!$context->get('EmbeddedURI', true)) return true;
247
248		//if(empty($this->allowed)) return false;
249
250		if(!empty($uri->scheme) && strtolower($uri->scheme) != 'http' && strtolower($uri->scheme) != 'https') {
251		// do not touch non-HTTP URLs
252		return true;
253		}
254
255		// relative URLs permitted since email templates use it
256		// if(empty($uri->host)) return false;
257		// allow URLs with no query
258		if(empty($uri->query)) return true;
259
260		// allow URLs for known good hosts
261		foreach($this->allowed as $allow) {
262		// must be equal to our domain or subdomain of our domain
263		if($uri->host == $allow \|\| substr($uri->host, -(strlen($allow)+1)) == ".$allow") {
264		return true;
265		}
266		}
267
268		// Here we try to block URLs that may be used for nasty XSRF stuff by
269		// referring back to Sugar URLs
270		// allow URLs that don't start with /? or /index.php?
271		if(!empty($uri->path) && $uri->path != '/') {
272		$lpath = strtolower($uri->path);
273		if(substr($lpath, -10) != '/index.php' && $lpath != 'index.php') {
274		return true;
275		}
276		}
277
278		$query_items = array();
279		parse_str(from_html($uri->query), $query_items);
280		// weird query, probably harmless
281		if(empty($query_items)) return true;
282		// suspiciously like SugarCRM query, reject
283		if(!empty($query_items['module']) && !empty($query_items['action'])) return false;
284		// looks like non-download entry point - allow only specific entry points
285		if(!empty($query_items['entryPoint']) && !in_array($query_items['entryPoint'], array('download', 'image', 'getImage'))) {
286		return false;
287		}
288
289		return true;
290		}
291		}
292

adamjakab / SuiteCRM

SugarURIFilter A last analyzed 2016-05-10 08:39 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

2 Methods

Duplication Side-by-Side

Filter issues like

SugarURIFilter A
last analyzed 2016-05-10 08:39 UTC