Browse Source

[DEPENDENCY] Add tgalopin/html-sanitizer-bundle and transitively tgalopin/html-sanitizer

remotes/upstream/experimental
Hugo Sales 1 year ago
parent
commit
a5cf89674e
Signed by: someonewithpc <hugo@hsal.es> GPG Key ID: 7D0C7EAFC9D835A0
8 changed files with 314 additions and 96 deletions
  1. +1
    -0
      composer.json
  2. +256
    -36
      composer.lock
  3. +1
    -0
      config/bundles.php
  4. +17
    -0
      config/packages/html_sanitizer.yaml
  5. +8
    -8
      src/Core/GNUsocial.php
  6. +0
    -49
      src/Core/Mailer.php
  7. +10
    -3
      src/Core/Security.php
  8. +21
    -0
      symfony.lock

+ 1
- 0
composer.json View File

@@ -44,6 +44,7 @@
"symfony/web-link": "5.1.*",
"symfony/yaml": "5.1.*",
"symfonycasts/verify-email-bundle": "^1.0",
"tgalopin/html-sanitizer-bundle": "^1.2",
"twig/markdown-extra": "^3.0",
"wikimedia/composer-merge-plugin": "^1.4"
},


+ 256
- 36
composer.lock View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "c4880da298d810b568e53fca29307f08",
"content-hash": "738b33106c8766b1b1028efd0d9fc94d",
"packages": [
{
"name": "alchemy/resource-component",
@@ -184,21 +184,21 @@
},
{
"name": "composer/package-versions-deprecated",
"version": "1.10.99",
"version": "1.10.99.1",
"source": {
"type": "git",
"url": "https://github.com/composer/package-versions-deprecated.git",
"reference": "dd51b4443d58b34b6d9344cf4c288e621c9a826f"
"reference": "68c9b502036e820c33445ff4d174327f6bb87486"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/dd51b4443d58b34b6d9344cf4c288e621c9a826f",
"reference": "dd51b4443d58b34b6d9344cf4c288e621c9a826f",
"url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/68c9b502036e820c33445ff4d174327f6bb87486",
"reference": "68c9b502036e820c33445ff4d174327f6bb87486",
"shasum": ""
},
"require": {
"composer-plugin-api": "^1.1.0 || ^2.0",
"php": "^7"
"php": "^7 || ^8"
},
"replace": {
"ocramius/package-versions": "1.10.99"
@@ -249,7 +249,7 @@
"type": "tidelift"
}
],
"time": "2020-07-15T08:39:18+00:00"
"time": "2020-08-13T12:55:41+00:00"
},
{
"name": "doctrine/annotations",
@@ -1741,16 +1741,16 @@
},
{
"name": "giggsey/libphonenumber-for-php",
"version": "8.12.7.1",
"version": "8.12.8",
"source": {
"type": "git",
"url": "https://github.com/giggsey/libphonenumber-for-php.git",
"reference": "fda8a51ad0769d82ce7023255e52e9c45efc1e75"
"reference": "5a6e4e730de52f55882d2db27016e2916f8791e9"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/giggsey/libphonenumber-for-php/zipball/fda8a51ad0769d82ce7023255e52e9c45efc1e75",
"reference": "fda8a51ad0769d82ce7023255e52e9c45efc1e75",
"url": "https://api.github.com/repos/giggsey/libphonenumber-for-php/zipball/5a6e4e730de52f55882d2db27016e2916f8791e9",
"reference": "5a6e4e730de52f55882d2db27016e2916f8791e9",
"shasum": ""
},
"require": {
@@ -1805,7 +1805,7 @@
"phonenumber",
"validation"
],
"time": "2020-07-25T15:34:01+00:00"
"time": "2020-08-13T17:48:08+00:00"
},
{
"name": "giggsey/locale",
@@ -1977,23 +1977,23 @@
},
{
"name": "laminas/laminas-zendframework-bridge",
"version": "1.0.4",
"version": "1.1.0",
"source": {
"type": "git",
"url": "https://github.com/laminas/laminas-zendframework-bridge.git",
"reference": "fcd87520e4943d968557803919523772475e8ea3"
"reference": "4939c81f63a8a4968c108c440275c94955753b19"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laminas/laminas-zendframework-bridge/zipball/fcd87520e4943d968557803919523772475e8ea3",
"reference": "fcd87520e4943d968557803919523772475e8ea3",
"url": "https://api.github.com/repos/laminas/laminas-zendframework-bridge/zipball/4939c81f63a8a4968c108c440275c94955753b19",
"reference": "4939c81f63a8a4968c108c440275c94955753b19",
"shasum": ""
},
"require": {
"php": "^5.6 || ^7.0"
"php": "^5.6 || ^7.0 || ^8.0"
},
"require-dev": {
"phpunit/phpunit": "^5.7 || ^6.5 || ^7.5 || ^8.1",
"phpunit/phpunit": "^5.7 || ^6.5 || ^7.5 || ^8.1 || ^9.3",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
@@ -2031,7 +2031,72 @@
"type": "community_bridge"
}
],
"time": "2020-05-20T16:45:56+00:00"
"time": "2020-08-18T16:34:51+00:00"
},
{
"name": "league/uri-parser",
"version": "1.4.1",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/uri-parser.git",
"reference": "671548427e4c932352d9b9279fdfa345bf63fa00"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/uri-parser/zipball/671548427e4c932352d9b9279fdfa345bf63fa00",
"reference": "671548427e4c932352d9b9279fdfa345bf63fa00",
"shasum": ""
},
"require": {
"php": ">=7.0.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^2.0",
"phpstan/phpstan": "^0.9.2",
"phpstan/phpstan-phpunit": "^0.9.4",
"phpstan/phpstan-strict-rules": "^0.9.0",
"phpunit/phpunit": "^6.0"
},
"suggest": {
"ext-intl": "Allow parsing RFC3987 compliant hosts",
"league/uri-schemes": "Allow validating and normalizing URI parsing results"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"League\\Uri\\": "src"
},
"files": [
"src/functions_include.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Ignace Nyamagana Butera",
"email": "nyamsprod@gmail.com",
"homepage": "https://nyamsprod.com"
}
],
"description": "userland URI parser RFC 3986 compliant",
"homepage": "https://github.com/thephpleague/uri-parser",
"keywords": [
"parse_url",
"parser",
"rfc3986",
"rfc3987",
"uri",
"url"
],
"time": "2018-11-22T07:55:51+00:00"
},
{
"name": "lstrojny/functional-php",
@@ -2176,6 +2241,73 @@
],
"time": "2020-06-16T09:17:22+00:00"
},
{
"name": "masterminds/html5",
"version": "2.7.3",
"source": {
"type": "git",
"url": "https://github.com/Masterminds/html5-php.git",
"reference": "aad73dbfefd71d46072138109ce1288d96c329cc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Masterminds/html5-php/zipball/aad73dbfefd71d46072138109ce1288d96c329cc",
"reference": "aad73dbfefd71d46072138109ce1288d96c329cc",
"shasum": ""
},
"require": {
"ext-ctype": "*",
"ext-dom": "*",
"ext-libxml": "*",
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "^4.8.35",
"sami/sami": "~2.0",
"satooshi/php-coveralls": "1.0.*"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.7-dev"
}
},
"autoload": {
"psr-4": {
"Masterminds\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Matt Butcher",
"email": "technosophos@gmail.com"
},
{
"name": "Matt Farina",
"email": "matt@mattfarina.com"
},
{
"name": "Asmir Mustafic",
"email": "goetas@gmail.com"
}
],
"description": "An HTML5 parser and serializer.",
"homepage": "http://masterminds.github.io/html5-php",
"keywords": [
"HTML5",
"dom",
"html",
"parser",
"querypath",
"serializer",
"xml"
],
"time": "2020-07-05T07:53:37+00:00"
},
{
"name": "monolog/monolog",
"version": "2.1.1",
@@ -2513,16 +2645,16 @@
},
{
"name": "phpdocumentor/reflection-docblock",
"version": "5.2.0",
"version": "5.2.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "3170448f5769fe19f456173d833734e0ff1b84df"
"reference": "d870572532cd70bc3fab58f2e23ad423c8404c44"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/3170448f5769fe19f456173d833734e0ff1b84df",
"reference": "3170448f5769fe19f456173d833734e0ff1b84df",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/d870572532cd70bc3fab58f2e23ad423c8404c44",
"reference": "d870572532cd70bc3fab58f2e23ad423c8404c44",
"shasum": ""
},
"require": {
@@ -2561,7 +2693,7 @@
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"time": "2020-07-20T20:05:34+00:00"
"time": "2020-08-15T11:14:08+00:00"
},
{
"name": "phpdocumentor/type-resolver",
@@ -8259,6 +8391,94 @@
"description": "Simple, stylish Email Verification for Symfony",
"time": "2020-05-24T11:04:34+00:00"
},
{
"name": "tgalopin/html-sanitizer",
"version": "1.4.0",
"source": {
"type": "git",
"url": "https://github.com/tgalopin/html-sanitizer.git",
"reference": "56cca6b48de4e50d16a4f549e3e677ae0d561e91"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tgalopin/html-sanitizer/zipball/56cca6b48de4e50d16a4f549e3e677ae0d561e91",
"reference": "56cca6b48de4e50d16a4f549e3e677ae0d561e91",
"shasum": ""
},
"require": {
"ext-dom": "*",
"league/uri-parser": "^1.4.1",
"masterminds/html5": "^2.4",
"php": ">=7.1",
"psr/log": "^1.0"
},
"require-dev": {
"phpunit/phpunit": "^7.4",
"symfony/var-dumper": "^4.1"
},
"type": "library",
"autoload": {
"psr-4": {
"HtmlSanitizer\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Titouan Galopin",
"email": "galopintitouan@gmail.com"
}
],
"description": "Sanitize untrustworthy HTML user input",
"time": "2020-02-03T16:51:08+00:00"
},
{
"name": "tgalopin/html-sanitizer-bundle",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/tgalopin/html-sanitizer-bundle.git",
"reference": "df42087a1b1660eea37032f9ce3dc0997452d3e2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tgalopin/html-sanitizer-bundle/zipball/df42087a1b1660eea37032f9ce3dc0997452d3e2",
"reference": "df42087a1b1660eea37032f9ce3dc0997452d3e2",
"shasum": ""
},
"require": {
"php": ">=7.1",
"symfony/framework-bundle": "^3.4|^4.0|^5.0",
"tgalopin/html-sanitizer": "^1.1"
},
"require-dev": {
"phpunit/phpunit": "^7.4",
"symfony/form": "^4.1|^5.0",
"symfony/twig-bundle": "^4.1|^5.0",
"symfony/var-dumper": "^4.1|^5.0"
},
"type": "symfony-bundle",
"autoload": {
"psr-4": {
"HtmlSanitizer\\Bundle\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Titouan Galopin",
"email": "galopintitouan@gmail.com"
}
],
"description": "Symfony Bundle for https://github.com/tgalopin/html-sanitizer",
"time": "2019-11-23T09:46:29+00:00"
},
{
"name": "twig/extra-bundle",
"version": "v3.0.5",
@@ -8696,16 +8916,16 @@
},
{
"name": "composer/xdebug-handler",
"version": "1.4.2",
"version": "1.4.3",
"source": {
"type": "git",
"url": "https://github.com/composer/xdebug-handler.git",
"reference": "fa2aaf99e2087f013a14f7432c1cd2dd7d8f1f51"
"reference": "ebd27a9866ae8254e873866f795491f02418c5a5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/xdebug-handler/zipball/fa2aaf99e2087f013a14f7432c1cd2dd7d8f1f51",
"reference": "fa2aaf99e2087f013a14f7432c1cd2dd7d8f1f51",
"url": "https://api.github.com/repos/composer/xdebug-handler/zipball/ebd27a9866ae8254e873866f795491f02418c5a5",
"reference": "ebd27a9866ae8254e873866f795491f02418c5a5",
"shasum": ""
},
"require": {
@@ -8750,7 +8970,7 @@
"type": "tidelift"
}
],
"time": "2020-06-04T11:16:35+00:00"
"time": "2020-08-19T10:27:58+00:00"
},
{
"name": "friendsofphp/php-cs-fixer",
@@ -8851,16 +9071,16 @@
},
{
"name": "nikic/php-parser",
"version": "v4.8.0",
"version": "v4.9.0",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
"reference": "8c58eb4cd4f3883f82611abeac2efbc3dbed787e"
"reference": "aaee038b912e567780949787d5fe1977be11a778"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/8c58eb4cd4f3883f82611abeac2efbc3dbed787e",
"reference": "8c58eb4cd4f3883f82611abeac2efbc3dbed787e",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/aaee038b912e567780949787d5fe1977be11a778",
"reference": "aaee038b912e567780949787d5fe1977be11a778",
"shasum": ""
},
"require": {
@@ -8868,7 +9088,7 @@
"php": ">=7.0"
},
"require-dev": {
"ircmaxell/php-yacc": "^0.0.6",
"ircmaxell/php-yacc": "^0.0.7",
"phpunit/phpunit": "^6.5 || ^7.0 || ^8.0 || ^9.0"
},
"bin": [
@@ -8877,7 +9097,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "4.8-dev"
"dev-master": "4.9-dev"
}
},
"autoload": {
@@ -8899,7 +9119,7 @@
"parser",
"php"
],
"time": "2020-08-09T10:23:20+00:00"
"time": "2020-08-18T19:48:01+00:00"
},
{
"name": "php-cs-fixer/diff",


+ 1
- 0
config/bundles.php View File

@@ -14,4 +14,5 @@ return [
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
SymfonyCasts\Bundle\VerifyEmail\SymfonyCastsVerifyEmailBundle::class => ['all' => true],
Misd\PhoneNumberBundle\MisdPhoneNumberBundle::class => ['all' => true],
HtmlSanitizer\Bundle\HtmlSanitizerBundle::class => ['all' => true],
];

+ 17
- 0
config/packages/html_sanitizer.yaml View File

@@ -0,0 +1,17 @@
html_sanitizer:
default_sanitizer: 'default'
sanitizers:
default:
# Read https://github.com/tgalopin/html-sanitizer/blob/master/docs/1-getting-started.md#extensions
# to learn more about which extensions you would like to enable.
extensions:
- 'basic'
# - 'list'
# - 'table'
# - 'image'
# - 'code'
# - 'iframe'
# - 'extra'

# Read https://github.com/tgalopin/html-sanitizer/blob/master/docs/3-configuration-reference.md
# to discover all the available options for each extension.

+ 8
- 8
src/Core/GNUsocial.php View File

@@ -48,6 +48,7 @@ use App\Core\I18n\I18n;
use App\Core\Queue\Queue;
use App\Core\Router\Router;
use Doctrine\ORM\EntityManagerInterface;
use HtmlSanitizer\SanitizerInterface;
use Psr\Log\LoggerInterface;
use Symfony\Component\Console\Event\ConsoleCommandEvent;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -56,7 +57,6 @@ use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Messenger\MessageBusInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Routing\RouterInterface;
@@ -80,9 +80,10 @@ class GNUsocial implements EventSubscriberInterface
protected EventDispatcherInterface $event_dispatcher;
protected SessionInterface $session;
protected SSecurity $security;
protected MailerInterface $mailer;
protected ModuleManager $module_manager;
protected Httpclientinterface $client;
protected HttpClientInterface $client;
protected SanitizerInterface $sanitizer;

/**
* Symfony dependency injection gives us access to these services
*/
@@ -96,9 +97,9 @@ class GNUsocial implements EventSubscriberInterface
EventDispatcherInterface $ed,
SessionInterface $sess,
SSecurity $sec,
MailerInterface $mail,
ModuleManager $mm,
HttpClientInterface $cl)
HttpClientInterface $cl,
SanitizerInterface $san)
{
$this->logger = $logger;
$this->translator = $trans;
@@ -110,9 +111,9 @@ class GNUsocial implements EventSubscriberInterface
$this->event_dispatcher = $ed;
$this->session = $sess;
$this->security = $sec;
$this->mailer = $mail;
$this->module_manager = $mm;
$this->client = $cl;
$this->saniter = $san;

$this->initialize();
}
@@ -131,8 +132,7 @@ class GNUsocial implements EventSubscriberInterface
DB::setManager($this->entity_manager);
Form::setFactory($this->form_factory);
Queue::setMessageBus($this->message_bus);
Security::setHelper($this->security);
Mailer::setMailer($this->mailer);
Security::setHelper($this->security, $this->saniter);
Router::setRouter($this->router, $this->url_generator);
HTTPClient::setClient($this->client);



+ 0
- 49
src/Core/Mailer.php View File

@@ -1,49 +0,0 @@
<?php

// {{{ License

// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.

// }}}

/**
* Mailer wrapper
*
* @package GNUsocial
* @category Wrapper
*
* @author Hugo Sales <hugo@fc.up.pt>
* @copyright 2020 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/

namespace App\Core;

use Symfony\Component\Mailer\MailerInterface;

abstract class Mailer
{
private static MailerInterface $mailer;
public static function setMailer($m)
{
self::$mailer = $m;
}

public static function __callStatic(string $method, array $args)
{
return self::{$method}(...$args);
}
}

+ 10
- 3
src/Core/Security.php View File

@@ -30,19 +30,26 @@

namespace App\Core;

use HtmlSanitizer\SanitizerInterface;
use Symfony\Component\Security\Core\Security as SSecurity;

abstract class Security
{
private static ?SSecurity $security;
private static ?SanitizerInterface $sanitizer;

public static function setHelper($s): void
public static function setHelper($sec, $san): void
{
self::$security = $s;
self::$security = $sec;
self::$sanitizer = $san;
}

public static function __callStatic(string $name, array $args)
{
return self::$security->{$name}(...$args);
if (method_exists(self::$security, $name)) {
return self::$security->{$name}(...$args);
} else {
return self::$sanitizer->{$name}(...$args);
}
}
}

+ 21
- 0
symfony.lock View File

@@ -126,9 +126,15 @@
"laminas/laminas-zendframework-bridge": {
"version": "1.0.4"
},
"league/uri-parser": {
"version": "1.4.1"
},
"lstrojny/functional-php": {
"version": "1.11.0"
},
"masterminds/html5": {
"version": "2.7.3"
},
"monolog/monolog": {
"version": "2.1.0"
},
@@ -591,6 +597,21 @@
"symfony/yaml": {
"version": "v5.1.0"
},
"tgalopin/html-sanitizer": {
"version": "1.4.0"
},
"tgalopin/html-sanitizer-bundle": {
"version": "1.0",
"recipe": {
"repo": "github.com/symfony/recipes-contrib",
"branch": "master",
"version": "1.0",
"ref": "26a72f38eede2c53b5d3ccbed5c150e10a93268d"
},
"files": [
"config/packages/html_sanitizer.yaml"
]
},
"twig/extra-bundle": {
"version": "v3.0.3"
},


Loading…
Cancel
Save