host/julienmonnerie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update Composer packages

Browse source
This commit is contained in:
Paul Nicoué 2022-12-19 14:56:05 +01:00
parent 0320235f6c
commit a8b68fb61b
378 changed files with 28466 additions and 28852 deletions
Download patch file Download diff file Expand all files Collapse all files

34
kirby/src/Sane/DomHandler.php
View file

@ -22,10 +22,8 @@ class DomHandler extends Handler
/**
* List of all MIME types that may
* be used in data URIs
*
* @var array
*/
public static $allowedDataUris = [
public static array $allowedDataUris = [
'data:image/png',
'data:image/gif',
'data:image/jpg',
@ -41,31 +39,24 @@ class DomHandler extends Handler
/**
* Allowed hostnames for HTTP(S) URLs
*
* @var array
* @var array|true
*/
public static $allowedDomains = [];
public static array|bool $allowedDomains = true;
/**
* Names of allowed XML processing instructions
*
* @var array
*/
public static $allowedPIs = [];
public static array $allowedPIs = [];
/**
* The document type (`'HTML'` or `'XML'`)
* (to be set in child classes)
*
* @var string
*/
protected static $type = 'XML';
protected static string $type = 'XML';
/**
* Sanitizes the given string
*
* @param string $string
* @return string
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed
*/
public static function sanitize(string $string): string
@ -78,9 +69,6 @@ class DomHandler extends Handler
/**
* Validates file contents
*
* @param string $string
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
*/
@ -98,7 +86,6 @@ class DomHandler extends Handler
* Custom callback for additional attribute sanitization
* @internal
*
* @param \DOMAttr $attr
* @return array Array with exception objects for each modification
*/
public static function sanitizeAttr(DOMAttr $attr): array
@ -111,7 +98,6 @@ class DomHandler extends Handler
* Custom callback for additional element sanitization
* @internal
*
* @param \DOMElement $element
* @return array Array with exception objects for each modification
*/
public static function sanitizeElement(DOMElement $element): array
@ -123,9 +109,6 @@ class DomHandler extends Handler
/**
* Custom callback for additional doctype validation
* @internal
*
* @param \DOMDocumentType $doctype
* @return void
*/
public static function validateDoctype(DOMDocumentType $doctype): void
{
@ -135,8 +118,6 @@ class DomHandler extends Handler
/**
* Returns the sanitization options for the handler
* (to be extended in child classes)
*
* @return array
*/
protected static function options(): array
{
@ -153,12 +134,9 @@ class DomHandler extends Handler
/**
* Parses the given string into a `Toolkit\Dom` object
*
* @param string $string
* @return \Kirby\Toolkit\Dom
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed
*/
protected static function parse(string $string)
protected static function parse(string $string): Dom
{
return new Dom($string, static::$type);
}

15
kirby/src/Sane/Handler.php
View file

@ -21,9 +21,6 @@ abstract class Handler
{
/**
* Sanitizes the given string
*
* @param string $string
* @return string
*/
abstract public static function sanitize(string $string): string;
@ -31,9 +28,6 @@ abstract class Handler
* Sanitizes the contents of a file by overwriting
* the file with the sanitized version
*
* @param string $file
* @return void
*
* @throws \Kirby\Exception\Exception If the file does not exist
* @throws \Kirby\Exception\Exception On other errors
*/
@ -46,9 +40,6 @@ abstract class Handler
/**
* Validates file contents
*
* @param string $string
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
* @throws \Kirby\Exception\Exception On other errors
*/
@ -57,9 +48,6 @@ abstract class Handler
/**
* Validates the contents of a file
*
* @param string $file
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
* @throws \Kirby\Exception\Exception If the file does not exist
* @throws \Kirby\Exception\Exception On other errors
@ -73,9 +61,6 @@ abstract class Handler
* Reads the contents of a file
* for sanitization or validation
*
* @param string $file
* @return string
*
* @throws \Kirby\Exception\Exception If the file does not exist
*/
protected static function readFile(string $file): string

33
kirby/src/Sane/Html.php
View file

@ -17,41 +17,28 @@ class Html extends DomHandler
{
/**
* Global list of allowed attribute prefixes
*
* @var array
*/
public static $allowedAttrPrefixes = [
public static array $allowedAttrPrefixes = [
'aria-',
'data-',
];
/**
* Global list of allowed attributes
*
* @var array
*/
public static $allowedAttrs = [
public static array $allowedAttrs = [
'class',
'id',
];
/**
* Allowed hostnames for HTTP(S) URLs
*
* @var array
*/
public static $allowedDomains = true;
/**
* Associative array of all allowed tag names with the value
* of either an array with the list of all allowed attributes
* for this tag, `true` to allow any attribute from the
* `allowedAttrs` list or `false` to allow the tag without
* any attributes
*
* @var array
*/
public static $allowedTags = [
public static array $allowedTags = [
'a' => ['href', 'rel', 'title', 'target'],
'abbr' => ['title'],
'b' => true,
@ -95,10 +82,8 @@ class Html extends DomHandler
*
* IMPORTANT: Use lower-case names here because
* of the case-insensitive matching
*
* @var array
*/
public static $disallowedTags = [
public static array $disallowedTags = [
'iframe',
'meta',
'object',
@ -108,10 +93,8 @@ class Html extends DomHandler
/**
* List of attributes that may contain URLs
*
* @var array
*/
public static $urlAttrs = [
public static array $urlAttrs = [
'href',
'src',
'xlink:href',
@ -119,15 +102,11 @@ class Html extends DomHandler
/**
* The document type (`'HTML'` or `'XML'`)
*
* @var string
*/
protected static $type = 'HTML';
protected static string $type = 'HTML';
/**
* Returns the sanitization options for the handler
*
* @return array
*/
protected static function options(): array
{

33
kirby/src/Sane/Sane.php
View file

@ -23,10 +23,8 @@ class Sane
{
/**
* Handler Type Aliases
*
* @var array
*/
public static $aliases = [
public static array $aliases = [
'application/xml' => 'xml',
'image/svg' => 'svg',
'image/svg+xml' => 'svg',
@ -36,10 +34,8 @@ class Sane
/**
* All registered handlers
*
* @var array
*/
public static $handlers = [
public static array $handlers = [
'html' => 'Kirby\Sane\Html',
'svg' => 'Kirby\Sane\Svg',
'svgz' => 'Kirby\Sane\Svgz',
@ -49,21 +45,19 @@ class Sane
/**
* Handler getter
*
* @param string $type
* @param bool $lazy If set to `true`, `null` is returned for undefined handlers
* @return \Kirby\Sane\Handler|null
*
* @throws \Kirby\Exception\NotFoundException If no handler was found and `$lazy` was set to `false`
*/
public static function handler(string $type, bool $lazy = false)
public static function handler(string $type, bool $lazy = false): Handler|null
{
// normalize the type
$type = mb_strtolower($type);
// find a handler or alias
$alias = static::$aliases[$type] ?? null;
$handler = static::$handlers[$type] ??
static::$handlers[static::$aliases[$type] ?? null] ??
null;
($alias ? static::$handlers[$alias] ?? null : null);
if (empty($handler) === false && class_exists($handler) === true) {
return new $handler();
@ -79,10 +73,6 @@ class Sane
/**
* Sanitizes the given string with the specified handler
* @since 3.6.0
*
* @param string $string
* @param string $type
* @return string
*/
public static function sanitize(string $string, string $type): string
{
@ -96,18 +86,16 @@ class Sane
* the extension and MIME type if not specified
* @since 3.6.0
*
* @param string $file
* @param string|bool $typeLazy Explicit handler type string,
* `true` for lazy autodetection or
* `false` for normal autodetection
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
* @throws \Kirby\Exception\LogicException If more than one handler applies
* @throws \Kirby\Exception\NotFoundException If the handler was not found
* @throws \Kirby\Exception\Exception On other errors
*/
public static function sanitizeFile(string $file, $typeLazy = false): void
public static function sanitizeFile(string $file, string|bool $typeLazy = false): void
{
if (is_string($typeLazy) === true) {
static::handler($typeLazy)->sanitizeFile($file);
@ -137,10 +125,6 @@ class Sane
/**
* Validates file contents with the specified handler
*
* @param string $string
* @param string $type
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
* @throws \Kirby\Exception\NotFoundException If the handler was not found
* @throws \Kirby\Exception\Exception On other errors
@ -155,17 +139,15 @@ class Sane
* the sane handlers are automatically chosen by
* the extension and MIME type if not specified
*
* @param string $file
* @param string|bool $typeLazy Explicit handler type string,
* `true` for lazy autodetection or
* `false` for normal autodetection
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
* @throws \Kirby\Exception\NotFoundException If the handler was not found
* @throws \Kirby\Exception\Exception On other errors
*/
public static function validateFile(string $file, $typeLazy = false): void
public static function validateFile(string $file, string|bool $typeLazy = false): void
{
if (is_string($typeLazy) === true) {
static::handler($typeLazy)->validateFile($file);
@ -181,7 +163,6 @@ class Sane
* Returns all handler objects that apply to the given file based on
* file extension and MIME type
*
* @param string $file
* @param bool $lazy If set to `true`, undefined handlers are skipped
* @return array<\Kirby\Sane\Handler>
*/

41
kirby/src/Sane/Svg.php
View file

@ -33,20 +33,16 @@ class Svg extends Xml
/**
* Global list of allowed attribute prefixes
*
* @var array
*/
public static $allowedAttrPrefixes = [
public static array $allowedAttrPrefixes = [
'aria-',
'data-',
];
/**
* Global list of allowed attributes
*
* @var array
*/
public static $allowedAttrs = [
public static array $allowedAttrs = [
// core attributes
'id',
'lang',
@ -267,11 +263,16 @@ class Svg extends Xml
];
/**
* Associative array of all allowed namespace URIs
* Allowed hostnames for HTTP(S) URLs
*
* @var array
* @var array|true
*/
public static $allowedNamespaces = [
public static array|bool $allowedDomains = [];
/**
* Associative array of all allowed namespace URIs
*/
public static array $allowedNamespaces = [
'' => 'http://www.w3.org/2000/svg',
'xlink' => 'http://www.w3.org/1999/xlink'
];
@ -282,10 +283,8 @@ class Svg extends Xml
* for this tag, `true` to allow any attribute from the
* `allowedAttrs` list or `false` to allow the tag without
* any attributes
*
* @var array
*/
public static $allowedTags = [
public static array $allowedTags = [
'a' => true,
'altGlyph' => true,
'altGlyphDef' => true,
@ -360,10 +359,8 @@ class Svg extends Xml
*
* IMPORTANT: Use lower-case names here because
* of the case-insensitive matching
*
* @var array
*/
public static $disallowedTags = [
public static array $disallowedTags = [
'animate',
'color-profile',
'cursor',
@ -393,7 +390,6 @@ class Svg extends Xml
* Custom callback for additional attribute sanitization
* @internal
*
* @param \DOMAttr $attr
* @return array Array with exception objects for each modification
*/
public static function sanitizeAttr(DOMAttr $attr): array
@ -415,7 +411,7 @@ class Svg extends Xml
// the target must not contain any other <use> elements
if (
is_a($target, 'DOMElement') === true &&
$target instanceof DOMElement &&
$target->getElementsByTagName('use')->count() > 0
) {
$errors[] = new InvalidArgumentException(
@ -433,7 +429,6 @@ class Svg extends Xml
* Custom callback for additional element sanitization
* @internal
*
* @param \DOMElement $element
* @return array Array with exception objects for each modification
*/
public static function sanitizeElement(DOMElement $element): array
@ -459,9 +454,6 @@ class Svg extends Xml
/**
* Custom callback for additional doctype validation
* @internal
*
* @param \DOMDocumentType $doctype
* @return void
*/
public static function validateDoctype(DOMDocumentType $doctype): void
{
@ -472,8 +464,6 @@ class Svg extends Xml
/**
* Returns the sanitization options for the handler
*
* @return array
*/
protected static function options(): array
{
@ -489,12 +479,9 @@ class Svg extends Xml
/**
* Parses the given string into a `Toolkit\Dom` object
*
* @param string $string
* @return \Kirby\Toolkit\Dom
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed
*/
protected static function parse(string $string)
protected static function parse(string $string): Dom
{
$svg = parent::parse($string);

9
kirby/src/Sane/Svgz.php
View file

@ -19,9 +19,6 @@ class Svgz extends Svg
/**
* Sanitizes the given string
*
* @param string $string
* @return string
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed or recompressed
*/
public static function sanitize(string $string): string
@ -40,9 +37,6 @@ class Svgz extends Svg
/**
* Validates file contents
*
* @param string $string
* @return void
*
* @throws \Kirby\Exception\InvalidArgumentException If the file couldn't be parsed
* @throws \Kirby\Exception\InvalidArgumentException If the file didn't pass validation
*/
@ -53,9 +47,6 @@ class Svgz extends Svg
/**
* Uncompresses the SVGZ data
*
* @param string $string
* @return string
*/
protected static function uncompress(string $string): string
{

4
kirby/src/Sane/Xml.php
View file

@ -24,7 +24,6 @@ class Xml extends DomHandler
* Custom callback for additional element sanitization
* @internal
*
* @param \DOMElement $element
* @return array Array with exception objects for each modification
*/
public static function sanitizeElement(DOMElement $element): array
@ -54,9 +53,6 @@ class Xml extends DomHandler
/**
* Custom callback for additional doctype validation
* @internal
*
* @param \DOMDocumentType $doctype
* @return void
*/
public static function validateDoctype(DOMDocumentType $doctype): void
{