<?php

/**
 * @package     Joomla.Plugin
 * @subpackage  Editors.tinymce
 *
 * @copyright   (C) 2021 Open Source Matters, Inc. <https://www.joomla.org>
 * @license     GNU General Public License version 2 or later; see LICENSE.txt
 */

namespace Joomla\Plugin\Editors\TinyMCE\PluginTraits;

use Joomla\CMS\Access\Access;
use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Filter\InputFilter;

// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects

/**
 * Handles the Joomla filters for the TinyMCE editor.
 *
 * @since  4.1.0
 */
trait GlobalFilters
{
    /**
     * Get the global text filters to arbitrary text as per settings for current user groups
     * @param   User  $user  The user object
     *
     * @return  InputFilter
     *
     * @since   4.1.0
     */
    protected static function getGlobalFilters($user)
    {
        // Filter settings
        $config     = ComponentHelper::getParams('com_config');
        $userGroups = Access::getGroupsByUser($user->get('id'));
        $filters    = $config->get('filters');

        $forbiddenListTags       = [];
        $forbiddenListAttributes = [];
        $customListTags          = [];
        $customListAttributes    = [];
        $allowedListTags         = [];
        $allowedListAttributes   = [];

        $allowedList   = false;
        $forbiddenList = false;
        $customList    = false;
        $unfiltered    = false;

        /**
         * Cycle through each of the user groups the user is in.
         * Remember they are included in the public group as well.
         */
        foreach ($userGroups as $groupId) {
            // May have added a group but not saved the filters.
            if (!isset($filters->$groupId)) {
                continue;
            }

            // Each group the user is in could have different filtering properties.
            $filterData = $filters->$groupId;
            $filterType = strtoupper($filterData->filter_type);

            if ($filterType === 'NH') {
                // Maximum HTML filtering.
            } elseif ($filterType === 'NONE') {
                // No HTML filtering.
                $unfiltered = true;
            } else {
                /**
                 * Forbidden or allowed lists.
                 * Preprocess the tags and attributes.
                 */
                $tags           = explode(',', $filterData->filter_tags);
                $attributes     = explode(',', $filterData->filter_attributes);
                $tempTags       = [];
                $tempAttributes = [];

                foreach ($tags as $tag) {
                    $tag = trim($tag);

                    if ($tag) {
                        $tempTags[] = $tag;
                    }
                }

                foreach ($attributes as $attribute) {
                    $attribute = trim($attribute);

                    if ($attribute) {
                        $tempAttributes[] = $attribute;
                    }
                }

                /**
                 * Collect the list of forbidden or allowed tags and attributes.
                 * Each list is cumulative.
                 * "BL" is deprecated in Joomla! 4, will be removed in Joomla! 5
                 */
                if (in_array($filterType, ['BL', 'FL'])) {
                    $forbiddenList           = true;
                    $forbiddenListTags       = array_merge($forbiddenListTags, $tempTags);
                    $forbiddenListAttributes = array_merge($forbiddenListAttributes, $tempAttributes);
                } elseif (in_array($filterType, ['CBL', 'CFL'])) {
                    // "CBL" is deprecated in Joomla! 4, will be removed in Joomla! 5
                    // Only set to true if Tags or Attributes were added
                    if ($tempTags || $tempAttributes) {
                        $customList           = true;
                        $customListTags       = array_merge($customListTags, $tempTags);
                        $customListAttributes = array_merge($customListAttributes, $tempAttributes);
                    }
                } elseif (in_array($filterType, ['WL', 'AL'])) {
                    // "WL" is deprecated in Joomla! 4, will be removed in Joomla! 5
                    $allowedList           = true;
                    $allowedListTags       = array_merge($allowedListTags, $tempTags);
                    $allowedListAttributes = array_merge($allowedListAttributes, $tempAttributes);
                }
            }
        }

        // Remove duplicates before processing (because the forbidden list uses both sets of arrays).
        $forbiddenListTags       = array_unique($forbiddenListTags);
        $forbiddenListAttributes = array_unique($forbiddenListAttributes);
        $customListTags          = array_unique($customListTags);
        $customListAttributes    = array_unique($customListAttributes);
        $allowedListTags         = array_unique($allowedListTags);
        $allowedListAttributes   = array_unique($allowedListAttributes);

        // Unfiltered assumes first priority.
        if ($unfiltered) {
            // Dont apply filtering.
            return false;
        } else {
            // Custom forbidden list precedes Default forbidden list.
            if ($customList) {
                $filter = InputFilter::getInstance([], [], 1, 1);

                // Override filter's default forbidden tags and attributes
                if ($customListTags) {
                    $filter->blockedTags = $customListTags;
                }

                if ($customListAttributes) {
                    $filter->blockedAttributes = $customListAttributes;
                }
            } elseif ($forbiddenList) {
                // Forbidden list takes second precedence.
                // Remove the allowed tags and attributes from the forbidden list.
                $forbiddenListTags       = array_diff($forbiddenListTags, $allowedListTags);
                $forbiddenListAttributes = array_diff($forbiddenListAttributes, $allowedListAttributes);

                $filter = InputFilter::getInstance($forbiddenListTags, $forbiddenListAttributes, 1, 1);

                // Remove allowed tags from filter's default forbidden list
                if ($allowedListTags) {
                    $filter->blockedTags = array_diff($filter->blockedTags, $allowedListTags);
                }

                // Remove allowed attributes from filter's default forbidden list
                if ($allowedListAttributes) {
                    $filter->blockedAttributes = array_diff($filter->blockedAttributes, $allowedListAttributes);
                }
            } elseif ($allowedList) {
                // Allowed list take third precedence.
                // Turn off XSS auto clean
                $filter = InputFilter::getInstance($allowedListTags, $allowedListAttributes, 0, 0, 0);
            } else {
                // No HTML takes last place.
                $filter = InputFilter::getInstance();
            }

            return $filter;
        }
    }
}