[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Plugin 5 * @subpackage Editors.tinymce 6 * 7 * @copyright (C) 2021 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Plugin\Editors\TinyMCE\PluginTraits; 12 13 use Joomla\CMS\Access\Access; 14 use Joomla\CMS\Component\ComponentHelper; 15 use Joomla\CMS\Filter\InputFilter; 16 17 // phpcs:disable PSR1.Files.SideEffects 18 \defined('_JEXEC') or die; 19 // phpcs:enable PSR1.Files.SideEffects 20 21 /** 22 * Handles the Joomla filters for the TinyMCE editor. 23 * 24 * @since 4.1.0 25 */ 26 trait GlobalFilters 27 { 28 /** 29 * Get the global text filters to arbitrary text as per settings for current user groups 30 * @param User $user The user object 31 * 32 * @return InputFilter 33 * 34 * @since 4.1.0 35 */ 36 protected static function getGlobalFilters($user) 37 { 38 // Filter settings 39 $config = ComponentHelper::getParams('com_config'); 40 $userGroups = Access::getGroupsByUser($user->get('id')); 41 $filters = $config->get('filters'); 42 43 $forbiddenListTags = []; 44 $forbiddenListAttributes = []; 45 $customListTags = []; 46 $customListAttributes = []; 47 $allowedListTags = []; 48 $allowedListAttributes = []; 49 50 $allowedList = false; 51 $forbiddenList = false; 52 $customList = false; 53 $unfiltered = false; 54 55 /** 56 * Cycle through each of the user groups the user is in. 57 * Remember they are included in the public group as well. 58 */ 59 foreach ($userGroups as $groupId) { 60 // May have added a group but not saved the filters. 61 if (!isset($filters->$groupId)) { 62 continue; 63 } 64 65 // Each group the user is in could have different filtering properties. 66 $filterData = $filters->$groupId; 67 $filterType = strtoupper($filterData->filter_type); 68 69 if ($filterType === 'NH') { 70 // Maximum HTML filtering. 71 } elseif ($filterType === 'NONE') { 72 // No HTML filtering. 73 $unfiltered = true; 74 } else { 75 /** 76 * Forbidden or allowed lists. 77 * Preprocess the tags and attributes. 78 */ 79 $tags = explode(',', $filterData->filter_tags); 80 $attributes = explode(',', $filterData->filter_attributes); 81 $tempTags = []; 82 $tempAttributes = []; 83 84 foreach ($tags as $tag) { 85 $tag = trim($tag); 86 87 if ($tag) { 88 $tempTags[] = $tag; 89 } 90 } 91 92 foreach ($attributes as $attribute) { 93 $attribute = trim($attribute); 94 95 if ($attribute) { 96 $tempAttributes[] = $attribute; 97 } 98 } 99 100 /** 101 * Collect the list of forbidden or allowed tags and attributes. 102 * Each list is cumulative. 103 * "BL" is deprecated in Joomla! 4, will be removed in Joomla! 5 104 */ 105 if (in_array($filterType, ['BL', 'FL'])) { 106 $forbiddenList = true; 107 $forbiddenListTags = array_merge($forbiddenListTags, $tempTags); 108 $forbiddenListAttributes = array_merge($forbiddenListAttributes, $tempAttributes); 109 } elseif (in_array($filterType, ['CBL', 'CFL'])) { 110 // "CBL" is deprecated in Joomla! 4, will be removed in Joomla! 5 111 // Only set to true if Tags or Attributes were added 112 if ($tempTags || $tempAttributes) { 113 $customList = true; 114 $customListTags = array_merge($customListTags, $tempTags); 115 $customListAttributes = array_merge($customListAttributes, $tempAttributes); 116 } 117 } elseif (in_array($filterType, ['WL', 'AL'])) { 118 // "WL" is deprecated in Joomla! 4, will be removed in Joomla! 5 119 $allowedList = true; 120 $allowedListTags = array_merge($allowedListTags, $tempTags); 121 $allowedListAttributes = array_merge($allowedListAttributes, $tempAttributes); 122 } 123 } 124 } 125 126 // Remove duplicates before processing (because the forbidden list uses both sets of arrays). 127 $forbiddenListTags = array_unique($forbiddenListTags); 128 $forbiddenListAttributes = array_unique($forbiddenListAttributes); 129 $customListTags = array_unique($customListTags); 130 $customListAttributes = array_unique($customListAttributes); 131 $allowedListTags = array_unique($allowedListTags); 132 $allowedListAttributes = array_unique($allowedListAttributes); 133 134 // Unfiltered assumes first priority. 135 if ($unfiltered) { 136 // Dont apply filtering. 137 return false; 138 } else { 139 // Custom forbidden list precedes Default forbidden list. 140 if ($customList) { 141 $filter = InputFilter::getInstance([], [], 1, 1); 142 143 // Override filter's default forbidden tags and attributes 144 if ($customListTags) { 145 $filter->blockedTags = $customListTags; 146 } 147 148 if ($customListAttributes) { 149 $filter->blockedAttributes = $customListAttributes; 150 } 151 } elseif ($forbiddenList) { 152 // Forbidden list takes second precedence. 153 // Remove the allowed tags and attributes from the forbidden list. 154 $forbiddenListTags = array_diff($forbiddenListTags, $allowedListTags); 155 $forbiddenListAttributes = array_diff($forbiddenListAttributes, $allowedListAttributes); 156 157 $filter = InputFilter::getInstance($forbiddenListTags, $forbiddenListAttributes, 1, 1); 158 159 // Remove allowed tags from filter's default forbidden list 160 if ($allowedListTags) { 161 $filter->blockedTags = array_diff($filter->blockedTags, $allowedListTags); 162 } 163 164 // Remove allowed attributes from filter's default forbidden list 165 if ($allowedListAttributes) { 166 $filter->blockedAttributes = array_diff($filter->blockedAttributes, $allowedListAttributes); 167 } 168 } elseif ($allowedList) { 169 // Allowed list take third precedence. 170 // Turn off XSS auto clean 171 $filter = InputFilter::getInstance($allowedListTags, $allowedListAttributes, 0, 0, 0); 172 } else { 173 // No HTML takes last place. 174 $filter = InputFilter::getInstance(); 175 } 176 177 return $filter; 178 } 179 } 180 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |