GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CORE][SECURITY][HTML] Refactor Security::sanitize to HTML::sanitize

Browse Source 
Update composer dependencies, move more general deps from ActivityPub to Core
This commit is contained in:
Diogo Peralta Cordeiro 2022-01-12 17:12:26 +00:00
parent 968b1751fd
commit 480f570238
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0
9 changed files with 322 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
components/Posting/Posting.php
View File

@ -30,7 +30,6 @@ use App\Core\GSFile;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Core\Modules\Component; use App\Core\Modules\Component;
use App\Core\Router\Router; use App\Core\Router\Router;
use App\Core\Security;
use App\Core\VisibilityScope; use App\Core\VisibilityScope;
use App\Entity\Activity; use App\Entity\Activity;
use App\Entity\Actor; use App\Entity\Actor;
@ -43,6 +42,7 @@ use App\Util\Exception\RedirectException;
use App\Util\Exception\ServerException; use App\Util\Exception\ServerException;
use App\Util\Form\FormFields; use App\Util\Form\FormFields;
use App\Util\Formatting; use App\Util\Formatting;
use App\Util\HTML;
use Component\Attachment\Entity\ActorToAttachment; use Component\Attachment\Entity\ActorToAttachment;
use Component\Attachment\Entity\AttachmentToNote; use Component\Attachment\Entity\AttachmentToNote;
use Component\Conversation\Conversation; use Component\Conversation\Conversation;
@ -74,7 +74,7 @@ class Posting extends Component
return Event::next; return Event::next;
} }
$actor = $user->getActor(); $actor = $user->getActor();
$placeholder_strings = ['How are you feeling?', 'Have something to share?', 'How was your day?']; $placeholder_strings = ['How are you feeling?', 'Have something to share?', 'How was your day?'];
Event::handle('PostingPlaceHolderString', [&$placeholder_strings]); Event::handle('PostingPlaceHolderString', [&$placeholder_strings]);
@ -146,7 +146,7 @@ class Posting extends Component
$extra_args = []; $extra_args = [];
Event::handle('AddExtraArgsToNoteContent', [$request, $actor, $data, &$extra_args, $form_params, $form]); Event::handle('AddExtraArgsToNoteContent', [$request, $actor, $data, &$extra_args, $form_params, $form]);
$target = !array_key_exists('in', $data) || $data['in'] === 'public' ? $context_actor : null; $target = !\array_key_exists('in', $data) || $data['in'] === 'public' ? $context_actor : null;
self::storeLocalNote( self::storeLocalNote(
actor: $user->getActor(), actor: $user->getActor(),
@ -290,7 +290,6 @@ class Posting extends Component
Event::handle('NewNotification', [$actor, $activity, ['object' => $mention_ids], _m('{nickname} created a note {note_id}.', ['{nickname}' => $actor->getNickname(), '{note_id}' => $activity->getObjectId()])]); Event::handle('NewNotification', [$actor, $activity, ['object' => $mention_ids], _m('{nickname} created a note {note_id}.', ['{nickname}' => $actor->getNickname(), '{note_id}' => $activity->getObjectId()])]);
} }
return $note; return $note;
} }
@ -303,7 +302,7 @@ class Posting extends Component
return Event::stop; return Event::stop;
case 'text/html': case 'text/html':
// TODO: It has to linkify and stuff as well // TODO: It has to linkify and stuff as well
$rendered = Security::sanitize($content); $rendered = HTML::sanitize($content);
return Event::stop; return Event::stop;
default: default:
return Event::next; return Event::next;

454
composer.json
View File

@ -1,229 +1,235 @@
{ {
"type": "project", "type": "project",
"name": "gnu/social", "name": "gnu/social",
"description": "Free software social networking platform.", "description": "Free software social networking platform.",
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
"require": { "require": {
"php": "^8.1", "php": "^8.1",
"ext-ctype": "*", "ext-ctype": "*",
"ext-curl": "*", "ext-curl": "*",
"ext-iconv": "*", "ext-iconv": "*",
"ext-openssl": "*", "ext-openssl": "*",
"composer/package-versions-deprecated": "1.11.*", "composer/package-versions-deprecated": "1.11.*",
"doctrine/annotations": "^1.0", "doctrine/annotations": "^1.0",
"doctrine/doctrine-bundle": "^2.4", "doctrine/doctrine-bundle": "^2.4",
"doctrine/doctrine-migrations-bundle": "^3.1", "doctrine/doctrine-migrations-bundle": "^3.1",
"doctrine/orm": "^2.9", "doctrine/orm": "^2.9",
"erusev/parsedown": "^1.7", "erusev/parsedown": "^1.7",
"knplabs/knp-time-bundle": "^1.17", "knplabs/knp-time-bundle": "^1.17",
"lstrojny/functional-php": "^1.17", "lstrojny/functional-php": "^1.17",
"nyholm/psr7": "^1.4", "masterminds/html5": "^2.7",
"odolbeau/phone-number-bundle": "^3.1", "mf2/mf2": "^0.4.6",
"oro/doctrine-extensions": "^2.0", "nyholm/psr7": "^1.4",
"php-ds/php-ds": "^1.2", "odolbeau/phone-number-bundle": "^3.1",
"phpdocumentor/reflection-docblock": "^5.2", "oro/doctrine-extensions": "^2.0",
"sensio/framework-extra-bundle": "6.*", "php-ds/php-ds": "^1.2",
"someonewithpc/memcached-polyfill": "^1.0", "phpdocumentor/reflection-docblock": "^5.2",
"someonewithpc/redis-polyfill": "dev-master", "sensio/framework-extra-bundle": "6.*",
"symfony/asset": "5.4.*", "someonewithpc/memcached-polyfill": "^1.0",
"symfony/cache": "5.4.*", "someonewithpc/redis-polyfill": "dev-master",
"symfony/config": "5.4.*", "symfony/asset": "5.4.*",
"symfony/console": "5.4.*", "symfony/cache": "5.4.*",
"symfony/dom-crawler": "5.4.*", "symfony/config": "5.4.*",
"symfony/dotenv": "5.4.*", "symfony/console": "5.4.*",
"symfony/event-dispatcher": "5.4.*", "symfony/dom-crawler": "5.4.*",
"symfony/expression-language": "5.4.*", "symfony/dotenv": "5.4.*",
"symfony/filesystem": "5.4.*", "symfony/event-dispatcher": "5.4.*",
"symfony/flex": "^1.3.1", "symfony/expression-language": "5.4.*",
"symfony/form": "5.4.*", "symfony/filesystem": "5.4.*",
"symfony/framework-bundle": "5.4.*", "symfony/flex": "^1.3.1",
"symfony/http-client": "5.4.*", "symfony/form": "5.4.*",
"symfony/intl": "5.4.*", "symfony/framework-bundle": "5.4.*",
"symfony/mailer": "5.4.*", "symfony/http-client": "5.4.*",
"symfony/messenger": "5.4.*", "symfony/intl": "5.4.*",
"symfony/mime": "5.4.*", "symfony/mailer": "5.4.*",
"symfony/monolog-bundle": "^3.1", "symfony/messenger": "5.4.*",
"symfony/notifier": "5.4.*", "symfony/mime": "5.4.*",
"symfony/process": "5.4.*", "symfony/monolog-bundle": "^3.1",
"symfony/property-access": "5.4.*", "symfony/notifier": "5.4.*",
"symfony/property-info": "5.4.*", "symfony/process": "5.4.*",
"symfony/proxy-manager-bridge": "5.4.*", "symfony/property-access": "5.4.*",
"symfony/security-bundle": "5.4.*", "symfony/property-info": "5.4.*",
"symfony/serializer": "5.4.*", "symfony/proxy-manager-bridge": "5.4.*",
"symfony/string": "5.4.*", "symfony/security-bundle": "5.4.*",
"symfony/translation": "5.4.*", "symfony/serializer": "5.4.*",
"symfony/twig-bundle": "5.4.*", "symfony/string": "5.4.*",
"symfony/validator": "5.4.*", "symfony/translation": "5.4.*",
"symfony/var-exporter": "5.4.*", "symfony/twig-bundle": "5.4.*",
"symfony/web-link": "5.4.*", "symfony/validator": "5.4.*",
"symfony/yaml": "5.4.*", "symfony/var-exporter": "5.4.*",
"symfonycasts/reset-password-bundle": "^1.9", "symfony/web-link": "5.4.*",
"symfonycasts/verify-email-bundle": "^1.0", "symfony/yaml": "5.4.*",
"tgalopin/html-sanitizer-bundle": "^1.2", "symfonycasts/reset-password-bundle": "^1.9",
"theofidry/psysh-bundle": "^4.4", "symfonycasts/verify-email-bundle": "^1.0",
"twig/extra-bundle": "^2.12|^3.0", "tgalopin/html-sanitizer-bundle": "^1.2",
"twig/markdown-extra": "^3.0", "theofidry/psysh-bundle": "^4.4",
"twig/twig": "^2.12|^3.0", "twig/extra-bundle": "^2.12|^3.0",
"wikimedia/composer-merge-plugin": "^2.0" "twig/markdown-extra": "^3.0",
"twig/twig": "^2.12|^3.0",
"wikimedia/composer-merge-plugin": "^2.0"
},
"require-dev": {
"codeception/codeception": "^4.1",
"codeception/module-phpbrowser": "^2.0",
"codeception/module-symfony": "^2.1",
"doctrine/doctrine-fixtures-bundle": "^3.4",
"friendsofphp/php-cs-fixer": "^3.2.1",
"jchook/phpunit-assert-throws": "^1.0",
"niels-de-blaauw/php-doc-check": "^0.2.2",
"phpstan/phpstan": "dev-master",
"phpunit/phpunit": "^9.5",
"symfony/browser-kit": "^5.4.",
"symfony/css-selector": "^5.4.",
"symfony/debug-bundle": "^5.4.",
"symfony/error-handler": "^5.4.",
"symfony/maker-bundle": "^1.14",
"symfony/phpunit-bridge": "^5.4.",
"symfony/stopwatch": "5.4.*",
"symfony/web-profiler-bundle": "^5.4.",
"ulrichsg/getopt-php": "*",
"wp-cli/php-cli-tools": "^0.11.13",
"codeception/module-asserts": "^1.0.0"
},
"config": {
"preferred-install": {
"*": "dist"
}, },
"require-dev": { "sort-packages": true,
"codeception/codeception": "^4.1", "allow-plugins": {
"codeception/module-phpbrowser": "^2.0", "composer/package-versions-deprecated": true,
"codeception/module-symfony": "^2.1", "symfony/flex": true,
"doctrine/doctrine-fixtures-bundle": "^3.4", "wikimedia/composer-merge-plugin": true
"friendsofphp/php-cs-fixer": "^3.2.1", }
"jchook/phpunit-assert-throws": "^1.0", },
"niels-de-blaauw/php-doc-check": "^0.2.2", "autoload": {
"phpstan/phpstan": "dev-master", "files": [
"phpunit/phpunit": "^9.5", "src/Core/I18n/I18n.php"
"symfony/browser-kit": "^5.4.", ],
"symfony/css-selector": "^5.4.", "psr-4": {
"symfony/debug-bundle": "^5.4.", "App\\": "src/",
"symfony/error-handler": "^5.4.", "Plugin\\": "plugins/",
"symfony/maker-bundle": "^1.14", "Component\\": "components/"
"symfony/phpunit-bridge": "^5.4.", }
"symfony/stopwatch": "5.4.*", },
"symfony/web-profiler-bundle": "^5.4.", "autoload-dev": {
"ulrichsg/getopt-php": "*", "psr-4": {
"wp-cli/php-cli-tools": "^0.11.13", "App\\Tests\\": "tests/"
"codeception/module-asserts": "^1.0.0" }
},
"replace": {
"paragonie/random_compat": "2.*",
"symfony/polyfill-ctype": "*",
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php72": "*",
"symfony/polyfill-php71": "*",
"symfony/polyfill-php70": "*",
"symfony/polyfill-php56": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd"
}, },
"config": { "post-install-cmd": [
"preferred-install": { "@auto-scripts",
"*": "dist" "cp -fu bin/pre-commit .git/hooks"
}, ],
"sort-packages": true, "post-update-cmd": [
"allow-plugins": { "@auto-scripts"
"composer/package-versions-deprecated": true,
"symfony/flex": true,
"wikimedia/composer-merge-plugin": true
}
},
"autoload": {
"files": [
"src/Core/I18n/I18n.php"
],
"psr-4": {
"App\\": "src/",
"Plugin\\": "plugins/",
"Component\\": "components/"
}
},
"autoload-dev": {
"psr-4": {
"App\\Tests\\": "tests/"
}
},
"replace": {
"paragonie/random_compat": "2.*",
"symfony/polyfill-ctype": "*",
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php72": "*",
"symfony/polyfill-php71": "*",
"symfony/polyfill-php70": "*",
"symfony/polyfill-php56": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd"
},
"post-install-cmd": [
"@auto-scripts",
"cp -fu bin/pre-commit .git/hooks"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "5.4.*"
},
"merge-plugin": {
"include": [
"components/*/composer.json",
"plugins/*/composer.json"
]
}
},
"repositories": [
{
"type": "package",
"package": {
"name": "niels-de-blaauw/php-doc-check",
"version": "0.2.2",
"bin": [
"bin/php-doc-check"
],
"autoload": {
"psr-4": {
"NdB\\PhpDocCheck\\": "src"
}
},
"source": {
"url": "https://github.com/someonewithpc/php-doc-check.git",
"type": "git",
"reference": "master"
}
}
},
{
"type": "package",
"package": {
"name": "ulrichsg/getopt-php",
"version": "4.0.0",
"autoload": {
"psr-4": {
"GetOpt\\": "src"
}
},
"source": {
"url": "https://github.com/someonewithpc/getopt-php.git",
"type": "git",
"reference": "master"
}
}
},
{
"type": "package",
"package": {
"name": "codeception/codeception",
"version": "4.1.30",
"autoload": {
"psr-4": {
"Codeception\\": "src/Codeception",
"Codeception\\Extension\\": "ext"
},
"files": ["functions.php"]
},
"require": {
"php": ">=5.6.0 <9.0",
"ext-curl": "*",
"ext-json": "*",
"ext-mbstring": "*",
"codeception/lib-asserts": "^1.0 | 2.0.*@dev",
"guzzlehttp/psr7": "^1.4 | ^2.0",
"symfony/finder": ">=2.7 <6.0",
"symfony/console": ">=2.7 <6.0",
"symfony/event-dispatcher": ">=2.7 <6.0",
"symfony/yaml": ">=2.7 <6.0",
"symfony/css-selector": ">=2.7 <6.0",
"behat/gherkin": "^4.4.0",
"codeception/phpunit-wrapper": ">6.0.15 <6.1.0 | ^6.6.1 | ^7.7.1 | ^8.1.1 | ^9.0",
"codeception/stub": "^2.0 | ^3.0 | ^4.0"
},
"bin":["codecept"],
"source": {
"url": "https://github.com/someonewithpc/Codeception.git",
"type": "git",
"reference": "4.1"
}
}
}
] ]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "5.4.*"
},
"merge-plugin": {
"include": [
"components/*/composer.json",
"plugins/*/composer.json"
]
}
},
"repositories": [
{
"type": "package",
"package": {
"name": "niels-de-blaauw/php-doc-check",
"version": "0.2.2",
"bin": [
"bin/php-doc-check"
],
"autoload": {
"psr-4": {
"NdB\\PhpDocCheck\\": "src"
}
},
"source": {
"url": "https://github.com/someonewithpc/php-doc-check.git",
"type": "git",
"reference": "master"
}
}
},
{
"type": "package",
"package": {
"name": "ulrichsg/getopt-php",
"version": "4.0.0",
"autoload": {
"psr-4": {
"GetOpt\\": "src"
}
},
"source": {
"url": "https://github.com/someonewithpc/getopt-php.git",
"type": "git",
"reference": "master"
}
}
},
{
"type": "package",
"package": {
"name": "codeception/codeception",
"version": "4.1.30",
"autoload": {
"psr-4": {
"Codeception\\": "src/Codeception",
"Codeception\\Extension\\": "ext"
},
"files": [
"functions.php"
]
},
"require": {
"php": ">=5.6.0 <9.0",
"ext-curl": "*",
"ext-json": "*",
"ext-mbstring": "*",
"codeception/lib-asserts": "^1.0 | 2.0.*@dev",
"guzzlehttp/psr7": "^1.4 | ^2.0",
"symfony/finder": ">=2.7 <6.0",
"symfony/console": ">=2.7 <6.0",
"symfony/event-dispatcher": ">=2.7 <6.0",
"symfony/yaml": ">=2.7 <6.0",
"symfony/css-selector": ">=2.7 <6.0",
"behat/gherkin": "^4.4.0",
"codeception/phpunit-wrapper": ">6.0.15 <6.1.0 | ^6.6.1 | ^7.7.1 | ^8.1.1 | ^9.0",
"codeception/stub": "^2.0 | ^3.0 | ^4.0"
},
"bin": [
"codecept"
],
"source": {
"url": "https://github.com/someonewithpc/Codeception.git",
"type": "git",
"reference": "4.1"
}
}
}
]
} }

34
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "4533a7f4059639e03dbbb34b48f09cf5", "content-hash": "db8e2506856c53c049c3338ab21cfc88",
"packages": [ "packages": [
{ {
"name": "alchemy/binary-driver", "name": "alchemy/binary-driver",
@ -1341,24 +1341,24 @@
}, },
{ {
"name": "doctrine/orm", "name": "doctrine/orm",
"version": "2.10.4", "version": "2.11.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/doctrine/orm.git", "url": "https://github.com/doctrine/orm.git",
"reference": "cccb2e2fdfed2969afb3d65c5ea82bafdefbe1a7" "reference": "bfed8cb6ed448f4ab1ea3fff06e4d6c44439e4ef"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/doctrine/orm/zipball/cccb2e2fdfed2969afb3d65c5ea82bafdefbe1a7", "url": "https://api.github.com/repos/doctrine/orm/zipball/bfed8cb6ed448f4ab1ea3fff06e4d6c44439e4ef",
"reference": "cccb2e2fdfed2969afb3d65c5ea82bafdefbe1a7", "reference": "bfed8cb6ed448f4ab1ea3fff06e4d6c44439e4ef",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"composer/package-versions-deprecated": "^1.8", "composer-runtime-api": "^2",
"doctrine/cache": "^1.12.1 || ^2.1.1", "doctrine/cache": "^1.12.1 || ^2.1.1",
"doctrine/collections": "^1.5", "doctrine/collections": "^1.5",
"doctrine/common": "^3.0.3", "doctrine/common": "^3.0.3",
"doctrine/dbal": "^2.13.1 || ^3.1.1", "doctrine/dbal": "^2.13.1 || ^3.2",
"doctrine/deprecations": "^0.5.3", "doctrine/deprecations": "^0.5.3",
"doctrine/event-manager": "^1.1", "doctrine/event-manager": "^1.1",
"doctrine/inflector": "^1.4 || ^2.0", "doctrine/inflector": "^1.4 || ^2.0",
@ -1367,7 +1367,7 @@
"doctrine/persistence": "^2.2", "doctrine/persistence": "^2.2",
"ext-ctype": "*", "ext-ctype": "*",
"ext-pdo": "*", "ext-pdo": "*",
"php": "^7.1 ||^8.0", "php": "^7.1 || ^8.0",
"psr/cache": "^1 || ^2 || ^3", "psr/cache": "^1 || ^2 || ^3",
"symfony/console": "^3.0 || ^4.0 || ^5.0 || ^6.0", "symfony/console": "^3.0 || ^4.0 || ^5.0 || ^6.0",
"symfony/polyfill-php72": "^1.23", "symfony/polyfill-php72": "^1.23",
@ -1380,12 +1380,12 @@
"doctrine/annotations": "^1.13", "doctrine/annotations": "^1.13",
"doctrine/coding-standard": "^9.0", "doctrine/coding-standard": "^9.0",
"phpbench/phpbench": "^0.16.10 || ^1.0", "phpbench/phpbench": "^0.16.10 || ^1.0",
"phpstan/phpstan": "1.2.0", "phpstan/phpstan": "1.3.3",
"phpunit/phpunit": "^7.5 || ^8.5 || ^9.4", "phpunit/phpunit": "^7.5 || ^8.5 || ^9.4",
"squizlabs/php_codesniffer": "3.6.2", "squizlabs/php_codesniffer": "3.6.2",
"symfony/cache": "^4.4 || ^5.2", "symfony/cache": "^4.4 || ^5.4 || ^6.0",
"symfony/yaml": "^3.4 || ^4.0 || ^5.0 || ^6.0", "symfony/yaml": "^3.4 || ^4.0 || ^5.0 || ^6.0",
"vimeo/psalm": "4.15.0" "vimeo/psalm": "4.18.1"
}, },
"suggest": { "suggest": {
"symfony/cache": "Provides cache support for Setup Tool with doctrine/cache 2.0", "symfony/cache": "Provides cache support for Setup Tool with doctrine/cache 2.0",
@ -1434,9 +1434,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/doctrine/orm/issues", "issues": "https://github.com/doctrine/orm/issues",
"source": "https://github.com/doctrine/orm/tree/2.10.4" "source": "https://github.com/doctrine/orm/tree/2.11.0"
}, },
"time": "2021-12-20T21:23:47+00:00" "time": "2022-01-12T13:20:33+00:00"
}, },
{ {
"name": "doctrine/persistence", "name": "doctrine/persistence",
@ -12444,12 +12444,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpstan/phpstan.git", "url": "https://github.com/phpstan/phpstan.git",
"reference": "707ce16c439d6e225f4dc81bd4b2e25b8befcd36" "reference": "66b515292c080298a44a2cd15680711f706ca7bf"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/707ce16c439d6e225f4dc81bd4b2e25b8befcd36", "url": "https://api.github.com/repos/phpstan/phpstan/zipball/66b515292c080298a44a2cd15680711f706ca7bf",
"reference": "707ce16c439d6e225f4dc81bd4b2e25b8befcd36", "reference": "66b515292c080298a44a2cd15680711f706ca7bf",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -12501,7 +12501,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-01-12T11:13:52+00:00" "time": "2022-01-12T13:05:10+00:00"
}, },
{ {
"name": "phpunit/php-code-coverage", "name": "phpunit/php-code-coverage",

4
plugins/ActivityPub/composer.json
View File

@ -1,7 +1,5 @@
{ {
"require": { "require": {
"landrok/activitypub": "^0.5.6", "landrok/activitypub": "^0.5.6"
"masterminds/html5": "^2.7",
"mf2/mf2": "^0.4.6"
} }
} }

4
src/Core/GNUsocial.php
View File

@ -53,6 +53,7 @@ use App\Security\EmailVerifier;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\ConfigurationException; use App\Util\Exception\ConfigurationException;
use App\Util\Formatting; use App\Util\Formatting;
use App\Util\HTML;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use HtmlSanitizer\SanitizerInterface; use HtmlSanitizer\SanitizerInterface;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -169,7 +170,8 @@ class GNUsocial implements EventSubscriberInterface
DB::setManager($this->entity_manager); DB::setManager($this->entity_manager);
Form::setFactory($this->form_factory); Form::setFactory($this->form_factory);
Queue::setMessageBus($this->message_bus); Queue::setMessageBus($this->message_bus);
Security::setHelper($this->security, $this->sanitizer); Security::setHelper($this->security);
HTML::setSanitizer($this->sanitizer);
Router::setRouter($this->router); Router::setRouter($this->router);
HTTPClient::setClient($this->client); HTTPClient::setClient($this->client);
Formatting::setTwig($this->twig); Formatting::setTwig($this->twig);

14
src/Core/Security.php
View File

@ -34,7 +34,6 @@ namespace App\Core;
use App\Entity\LocalUser; use App\Entity\LocalUser;
use BadMethodCallException; use BadMethodCallException;
use HtmlSanitizer\SanitizerInterface;
use Symfony\Component\Security\Core\Security as SymfonySecurity; use Symfony\Component\Security\Core\Security as SymfonySecurity;
/** /**
@ -43,19 +42,16 @@ use Symfony\Component\Security\Core\Security as SymfonySecurity;
* *
* @codeCoverageIgnore * @codeCoverageIgnore
* @mixin SymfonySecurity * @mixin SymfonySecurity
* @mixin SanitizerInterface
* *
* @method static LocalUser getUser() * @method static LocalUser getUser()
*/ */
abstract class Security abstract class Security
{ {
private static ?SymfonySecurity $security; private static ?SymfonySecurity $security;
private static ?SanitizerInterface $sanitizer;
public static function setHelper($sec, $san): void public static function setHelper($sec): void
{ {
self::$security = $sec; self::$security = $sec;
self::$sanitizer = $san;
} }
public static function __callStatic(string $name, array $args) public static function __callStatic(string $name, array $args)
@ -63,11 +59,7 @@ abstract class Security
if (method_exists(self::$security, $name)) { if (method_exists(self::$security, $name)) {
return self::$security->{$name}(...$args); return self::$security->{$name}(...$args);
} else { } else {
if (method_exists(self::$sanitizer, $name)) { throw new BadMethodCallException("Method Security::{$name} doesn't exist");
return self::$sanitizer->{$name}(...$args);
} else {
throw new BadMethodCallException("Method Security::{$name} doesn't exist");
}
} }
} }
} }

21
src/Util/HTML.php
View File

@ -29,11 +29,23 @@ declare(strict_types = 1);
namespace App\Util; namespace App\Util;
use BadMethodCallException;
use Functional as F; use Functional as F;
use HtmlSanitizer\SanitizerInterface;
use InvalidArgumentException; use InvalidArgumentException;
/**
* @mixin SanitizerInterface
*/
abstract class HTML abstract class HTML
{ {
private static ?SanitizerInterface $sanitizer;
public static function setSanitizer($sanitizer): void
{
self::$sanitizer = $sanitizer;
}
/** /**
* Tags whose content is sensitive to indentation, so we shouldn't indent them * Tags whose content is sensitive to indentation, so we shouldn't indent them
*/ */
@ -136,4 +148,13 @@ abstract class HTML
return $out; return $out;
} }
} }
public static function __callStatic(string $name, array $args)
{
if (method_exists(self::$sanitizer, $name)) {
return self::$sanitizer->{$name}(...$args);
} else {
throw new BadMethodCallException("Method Security::{$name} doesn't exist");
}
}
} }

42
symfony.lock
View File

@ -5,9 +5,51 @@
"behat/gherkin": { "behat/gherkin": {
"version": "v4.9.0" "version": "v4.9.0"
}, },
"codeception/codeception": {
"version": "4.1",
"recipe": {
"repo": "github.com/symfony/recipes-contrib",
"branch": "master",
"version": "2.3",
"ref": "30798e46831f4fc641fca83c0423918518901cd7"
},
"files": [
"codeception.yml",
"tests/_data/.gitignore",
"tests/_output/.gitignore",
"tests/_support/AcceptanceTester.php",
"tests/_support/FunctionalTester.php",
"tests/_support/Helper/Acceptance.php",
"tests/_support/Helper/Functional.php",
"tests/_support/Helper/Unit.php",
"tests/_support/UnitTester.php",
"tests/_support/_generated/.gitignore",
"tests/acceptance.suite.yml",
"tests/acceptance/.gitignore",
"tests/functional.suite.yml",
"tests/functional/.gitignore",
"tests/unit.suite.yml",
"tests/unit/.gitignore"
]
},
"codeception/lib-asserts": {
"version": "1.13.2"
},
"codeception/lib-innerbrowser": {
"version": "2.0.1"
},
"codeception/module-asserts": { "codeception/module-asserts": {
"version": "1.3.1" "version": "1.3.1"
}, },
"codeception/module-phpbrowser": {
"version": "2.0.2"
},
"codeception/module-symfony": {
"version": "2.1.1"
},
"codeception/phpunit-wrapper": {
"version": "9.0.6"
},
"codeception/stub": { "codeception/stub": {
"version": "4.0.1" "version": "4.0.1"
}, },

2
tests/Util/CommonTest.php
View File

@ -103,7 +103,7 @@ class CommonTest extends GNUsocialTestCase
$user->setId(0); $user->setId(0);
$sec = $this->getMockBuilder(SSecurity::class)->setConstructorArgs([self::$kernel->getContainer()])->getMock(); $sec = $this->getMockBuilder(SSecurity::class)->setConstructorArgs([self::$kernel->getContainer()])->getMock();
$sec->method('getUser')->willReturn($user); $sec->method('getUser')->willReturn($user);
Security::setHelper($sec, null); Security::setHelper($sec);
// $cookies = $client->loginUser($user)->getCookieJar(); // $cookies = $client->loginUser($user)->getCookieJar();
// $cookies->get('MOCKSESSID')->getValue(); // $cookies->get('MOCKSESSID')->getValue();