|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Ffcms\Core\Helper; |
|
4
|
|
|
|
|
5
|
|
|
use Ffcms\Core\App; |
|
6
|
|
|
use Ffcms\Core\Helper\Type\Any; |
|
7
|
|
|
use Ffcms\Core\Helper\Type\Arr; |
|
8
|
|
|
use Ffcms\Core\Helper\Type\Obj; |
|
9
|
|
|
use Ffcms\Core\Helper\Type\Str; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* Class Security. Basic framework security entry point |
|
13
|
|
|
* @package Ffcms\Core\Helper |
|
14
|
|
|
*/ |
|
15
|
|
|
class Security |
|
16
|
|
|
{ |
|
17
|
|
|
protected $purifier; |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* Security constructor. Construct html purifier instance. |
|
21
|
|
|
*/ |
|
22
|
|
|
public function __construct() |
|
23
|
|
|
{ |
|
24
|
|
|
$config = \HTMLPurifier_Config::createDefault(); |
|
25
|
|
|
$config->set('Cache.SerializerPath', root . '/Private/Cache/HTMLPurifier/'); |
|
|
|
|
|
|
26
|
|
|
$config->set('HTML.Allowed', 'p,b,strong,em,a[href],i,span,ul,ol,li,blockquote,h2,h3,pre,code,img[src|alt|width|height]'); |
|
27
|
|
|
//$config->set('URI.Base', 'http://www.example.com'); |
|
|
|
|
|
|
28
|
|
|
//$config->set('URI.MakeAbsolute', true); |
|
|
|
|
|
|
29
|
|
|
$config->set('AutoFormat.AutoParagraph', false); |
|
30
|
|
|
$config->set('HTML.TargetBlank', true); |
|
31
|
|
|
|
|
32
|
|
|
$this->purifier = new \HTMLPurifier($config); |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Secure html code |
|
37
|
|
|
* @param string|array $data |
|
38
|
|
|
* @return string |
|
39
|
|
|
*/ |
|
40
|
|
|
public function secureHtml($data): ?string |
|
41
|
|
|
{ |
|
42
|
|
|
return (Any::isArray($data) ? $this->purifier->purifyArray($data) : $this->purifier->purify($data)); |
|
|
|
|
|
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
/** |
|
46
|
|
|
* String html tags and escape quotes |
|
47
|
|
|
* @param string|array $html |
|
48
|
|
|
* @param boolean $escapeQuotes |
|
49
|
|
|
* @return string|array|null |
|
50
|
|
|
*/ |
|
51
|
|
|
public function strip_tags($html, $escapeQuotes = true) |
|
52
|
|
|
{ |
|
53
|
|
|
// recursive usage |
|
54
|
|
|
if (Any::isArray($html)) { |
|
55
|
|
|
foreach ($html as $key=>$value) { |
|
56
|
|
|
$html[$key] = $this->strip_tags($value, $escapeQuotes); |
|
57
|
|
|
} |
|
58
|
|
|
return $html; |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
$text = strip_tags($html); |
|
|
|
|
|
|
62
|
|
|
if ($escapeQuotes) { |
|
63
|
|
|
$text = $this->escapeQuotes($text); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
return $text; |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
/** |
|
70
|
|
|
* Strip php tags and notations in string. |
|
71
|
|
|
* @param array|string $data |
|
72
|
|
|
* @return array|null|string |
|
73
|
|
|
*/ |
|
74
|
|
|
public function strip_php_tags($data) |
|
75
|
|
|
{ |
|
76
|
|
|
if (is_array($data)) { |
|
77
|
|
|
foreach ($data as $key=>$value) { |
|
78
|
|
|
$data[$key] = $this->strip_php_tags($value); |
|
79
|
|
|
} |
|
80
|
|
|
return $data; |
|
81
|
|
|
} |
|
82
|
|
|
return addslashes(htmlspecialchars(strip_tags($data))); |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* Alternative var_export function for php >= 5.4 syntax |
|
87
|
|
|
* @deprecated |
|
88
|
|
|
* @param $var |
|
89
|
|
|
* @param null $indent |
|
|
|
|
|
|
90
|
|
|
* @return mixed|string |
|
91
|
|
|
*/ |
|
92
|
|
|
public function var_export54($var, $indent = null, $guessTypes = false) |
|
93
|
|
|
{ |
|
94
|
|
|
return Arr::exportVar($var, $indent, $guessTypes); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
/** |
|
98
|
|
|
* Escape quotes |
|
99
|
|
|
* @param string $html |
|
100
|
|
|
* @return string |
|
101
|
|
|
*/ |
|
102
|
|
|
public function escapeQuotes($html) |
|
103
|
|
|
{ |
|
104
|
|
|
return Str::ireplace(["\"", "'", """], '', $html); |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* Crypt password secure with Blow fish crypt algo (defined in salt) |
|
109
|
|
|
* Blow fish crypt example: crypt('somedata', '$2a$07$usesomesillystringfor$'), where $2a$07$ - definition of algo, |
|
110
|
|
|
* usesomesillystringfor - is salt (must be 21 or more chars), $ - end caret. Output: $2a$07$usesomesillystringfor.sUeCOxyFvckc3xgq1Kzqq90gLrrIVjq |
|
111
|
|
|
* @param string $password |
|
112
|
|
|
* @param string|null $salt |
|
113
|
|
|
* @return string |
|
114
|
|
|
* @deprecated |
|
115
|
|
|
*/ |
|
116
|
|
|
public static function password_hash($password, $salt = null) |
|
117
|
|
|
{ |
|
118
|
|
|
if ($salt === null || !Any::isStr($salt) || Str::length($salt) < 1) { |
|
119
|
|
|
$salt = App::$Properties->get('passwordSalt'); |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
return crypt($password, $salt); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* Generate simple hash of 8 chars (32bit) for string. This method is NOT SECURE for crypt reason! |
|
127
|
|
|
* @param string $string |
|
128
|
|
|
* @return string|null |
|
129
|
|
|
*/ |
|
130
|
|
|
public static function simpleHash($string): ?string |
|
131
|
|
|
{ |
|
132
|
|
|
if (!Any::isLine($string)) { |
|
133
|
|
|
return null; |
|
134
|
|
|
} |
|
135
|
|
|
|
|
136
|
|
|
return dechex(crc32($string)); |
|
137
|
|
|
} |
|
138
|
|
|
} |
|
139
|
|
|
|
phpffcms /
ffcms-core
Loading history...