diff options
| author |  Dag <me@dvikan.no>
| 2022-08-06 22:46:28 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-08-06 22:46:28 +0200 |
| commit | 2bbce8ebef8cf4f88392431aabe84a15482dc933 (patch) | |
| tree | 1f5027ca69b1dfa2364bd9319e8536b86a41e928 /formats | |
| parent | b042412416cc4ecc71c3f9c13239661a0dd588a6 (diff) | |
| download | rss-bridge-2bbce8ebef8cf4f88392431aabe84a15482dc933.tar.gz rss-bridge-2bbce8ebef8cf4f88392431aabe84a15482dc933.tar.zst rss-bridge-2bbce8ebef8cf4f88392431aabe84a15482dc933.zip | |
refactor: general code base refactor (#2950)
* refactor
* fix: bug in previous refactor
* chore: exclude phpcompat sniff due to bug in phpcompat
* fix: do not leak absolute paths
* refactor/fix: batch extensions checking, fix DOS issue
Diffstat (limited to 'formats')
| -rw-r--r-- | formats/AtomFormat.php | 34 | ||||
| -rw-r--r-- | formats/HtmlFormat.php | 67 | ||||
| -rw-r--r-- | formats/JsonFormat.php | 23 | ||||
| -rw-r--r-- | formats/MrssFormat.php | 33 | ||||
| -rw-r--r-- | formats/PlaintextFormat.php | 4 |
5 files changed, 77 insertions, 84 deletions
diff --git a/formats/AtomFormat.php b/formats/AtomFormat.php index 5f564266..c611226f 100644 --- a/formats/AtomFormat.php +++ b/formats/AtomFormat.php @@ -18,17 +18,21 @@ class AtomFormat extends FormatAbstract public function stringify() { - $urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'; - $urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ''; - $urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : ''; - $urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : ''; + $https = $_SERVER['HTTPS'] ?? null; + $urlPrefix = $https === 'on' ? 'https://' : 'http://'; + $urlHost = $_SERVER['HTTP_HOST'] ?? ''; + $urlRequest = $_SERVER['REQUEST_URI'] ?? ''; $feedUrl = $urlPrefix . $urlHost . $urlRequest; $extraInfos = $this->getExtraInfos(); - $uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : REPOSITORY; + if (empty($extraInfos['uri'])) { + $uri = REPOSITORY; + } else { + $uri = $extraInfos['uri']; + } - $document = new DomDocument('1.0', $this->getCharset()); + $document = new \DomDocument('1.0', $this->getCharset()); $document->formatOutput = true; $feed = $document->createElementNS(self::ATOM_NS, 'feed'); $document->appendChild($feed); @@ -44,10 +48,10 @@ class AtomFormat extends FormatAbstract $id->appendChild($document->createTextNode($feedUrl)); $uriparts = parse_url($uri); - if (!empty($extraInfos['icon'])) { - $iconUrl = $extraInfos['icon']; - } else { + if (empty($extraInfos['icon'])) { $iconUrl = $uriparts['scheme'] . '://' . $uriparts['host'] . '/favicon.ico'; + } else { + $iconUrl = $extraInfos['icon']; } $icon = $document->createElement('icon'); $feed->appendChild($icon); @@ -94,11 +98,13 @@ class AtomFormat extends FormatAbstract $entryID = 'urn:sha1:' . $item->getUid(); } - if (empty($entryID)) { // Fallback to provided URI + if (empty($entryID)) { + // Fallback to provided URI $entryID = $entryUri; } - if (empty($entryID)) { // Fallback to title and content + if (empty($entryID)) { + // Fallback to title and content $entryID = 'urn:sha1:' . hash('sha1', $entryTitle . $entryContent); } @@ -126,7 +132,7 @@ class AtomFormat extends FormatAbstract $title->setAttribute('type', 'html'); $title->appendChild($document->createTextNode($entryTitle)); - $entryTimestamp = gmdate(DATE_ATOM, $entryTimestamp); + $entryTimestamp = gmdate(\DATE_ATOM, $entryTimestamp); $published = $document->createElement('published'); $entry->appendChild($published); $published->appendChild($document->createTextNode($entryTimestamp)); @@ -157,14 +163,14 @@ class AtomFormat extends FormatAbstract $content = $document->createElement('content'); $content->setAttribute('type', 'html'); - $content->appendChild($document->createTextNode($this->sanitizeHtml($entryContent))); + $content->appendChild($document->createTextNode(sanitize_html($entryContent))); $entry->appendChild($content); foreach ($item->getEnclosures() as $enclosure) { $entryEnclosure = $document->createElement('link'); $entry->appendChild($entryEnclosure); $entryEnclosure->setAttribute('rel', 'enclosure'); - $entryEnclosure->setAttribute('type', getMimeType($enclosure)); + $entryEnclosure->setAttribute('type', parse_mime_type($enclosure)); $entryEnclosure->setAttribute('href', $enclosure); } diff --git a/formats/HtmlFormat.php b/formats/HtmlFormat.php index d9ab65ef..6c916de6 100644 --- a/formats/HtmlFormat.php +++ b/formats/HtmlFormat.php @@ -7,9 +7,9 @@ class HtmlFormat extends FormatAbstract public function stringify() { $extraInfos = $this->getExtraInfos(); - $title = htmlspecialchars($extraInfos['name']); - $uri = htmlspecialchars($extraInfos['uri']); - $donationUri = htmlspecialchars($extraInfos['donationUri']); + $title = e($extraInfos['name']); + $uri = e($extraInfos['uri']); + $donationUri = e($extraInfos['donationUri']); $donationsAllowed = Configuration::getConfig('admin', 'donations'); // Dynamically build buttons for all formats (except HTML) @@ -19,32 +19,39 @@ class HtmlFormat extends FormatAbstract $links = ''; foreach ($formatFactory->getFormatNames() as $format) { - if (strcasecmp($format, 'HTML') === 0) { + if ($format === 'Html') { continue; } - $query = str_ireplace('format=Html', 'format=' . $format, htmlentities($_SERVER['QUERY_STRING'])); - $buttons .= $this->buildButton($format, $query) . PHP_EOL; + $queryString = $_SERVER['QUERY_STRING']; + $query = str_ireplace('format=Html', 'format=' . $format, htmlentities($queryString)); + $buttons .= sprintf('<a href="./?%s"><button class="rss-feed">%s</button></a>', $query, $format) . "\n"; $mime = $formatFactory->create($format)->getMimeType(); - $links .= $this->buildLink($format, $query, $mime) . PHP_EOL; + $links .= sprintf('<link href="./?%s" title="%s" rel="alternate" type="%s">', $query, $format, $mime) . "\n"; } if ($donationUri !== '' && $donationsAllowed) { - $buttons .= '<a href="' - . $donationUri - . '" target="_blank"><button class="highlight">Donate to maintainer</button></a>' - . PHP_EOL; - $links .= '<link href="' - . $donationUri - . ' target="_blank"" title="Donate to Maintainer" rel="alternate">' - . PHP_EOL; + $str = sprintf( + '<a href="%s" target="_blank"><button class="highlight">Donate to maintainer</button></a>', + $donationUri + ); + $buttons .= $str; + $str1 = sprintf( + '<link href="%s target="_blank"" title="Donate to Maintainer" rel="alternate">', + $donationUri + ); + $links .= $str1; } $entries = ''; foreach ($this->getItems() as $item) { - $entryAuthor = $item->getAuthor() ? '<br /><p class="author">by: ' . $item->getAuthor() . '</p>' : ''; - $entryTitle = $this->sanitizeHtml(strip_tags($item->getTitle())); + if ($item->getAuthor()) { + $entryAuthor = sprintf('<br /><p class="author">by: %s</p>', $item->getAuthor()); + } else { + $entryAuthor = ''; + } + $entryTitle = sanitize_html(strip_tags($item->getTitle())); $entryUri = $item->getURI() ?: $uri; $entryDate = ''; @@ -58,9 +65,8 @@ class HtmlFormat extends FormatAbstract $entryContent = ''; if ($item->getContent()) { - $entryContent = '<div class="content">' - . $this->sanitizeHtml($item->getContent()) - . '</div>'; + $str2 = sprintf('<div class="content">%s</div>', sanitize_html($item->getContent())); + $entryContent = $str2; } $entryEnclosures = ''; @@ -69,7 +75,7 @@ class HtmlFormat extends FormatAbstract foreach ($item->getEnclosures() as $enclosure) { $template = '<li class="enclosure"><a href="%s" rel="noopener noreferrer nofollow">%s</a></li>'; - $url = $this->sanitizeHtml($enclosure); + $url = sanitize_html($enclosure); $anchorText = substr($url, strrpos($url, '/') + 1); $entryEnclosures .= sprintf($template, $url, $anchorText); @@ -84,7 +90,7 @@ class HtmlFormat extends FormatAbstract foreach ($item->getCategories() as $category) { $entryCategories .= '<li class="category">' - . $this->sanitizeHtml($category) + . sanitize_html($category) . '</li>'; } @@ -106,8 +112,6 @@ EOD; } $charset = $this->getCharset(); - - /* Data are prepared, now let's begin the "MAGIE !!!" */ $toReturn = <<<EOD <!DOCTYPE html> <html> @@ -136,19 +140,4 @@ EOD; $toReturn = mb_convert_encoding($toReturn, $this->getCharset(), 'UTF-8'); return $toReturn; } - - private function buildButton($format, $query) - { - return <<<EOD -<a href="./?{$query}"><button class="rss-feed">{$format}</button></a> -EOD; - } - - private function buildLink($format, $query, $mime) - { - return <<<EOD -<link href="./?{$query}" title="{$format}" rel="alternate" type="{$mime}"> - -EOD; - } } diff --git a/formats/JsonFormat.php b/formats/JsonFormat.php index 3b2a29ab..bb9e81a2 100644 --- a/formats/JsonFormat.php +++ b/formats/JsonFormat.php @@ -25,10 +25,10 @@ class JsonFormat extends FormatAbstract public function stringify() { - $urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'; - $urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ''; - $urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : ''; - $urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : ''; + $https = $_SERVER['HTTPS'] ?? null; + $urlPrefix = $https === 'on' ? 'https://' : 'http://'; + $urlHost = $_SERVER['HTTP_HOST'] ?? ''; + $urlRequest = $_SERVER['REQUEST_URI'] ?? ''; $extraInfos = $this->getExtraInfos(); @@ -52,7 +52,7 @@ class JsonFormat extends FormatAbstract $entryTitle = $item->getTitle(); $entryUri = $item->getURI(); $entryTimestamp = $item->getTimestamp(); - $entryContent = $item->getContent() ? $this->sanitizeHtml($item->getContent()) : ''; + $entryContent = $item->getContent() ? sanitize_html($item->getContent()) : ''; $entryEnclosures = $item->getEnclosures(); $entryCategories = $item->getCategories(); @@ -76,13 +76,13 @@ class JsonFormat extends FormatAbstract ]; } if (!empty($entryTimestamp)) { - $entry['date_modified'] = gmdate(DATE_ATOM, $entryTimestamp); + $entry['date_modified'] = gmdate(\DATE_ATOM, $entryTimestamp); } if (!empty($entryUri)) { $entry['url'] = $entryUri; } if (!empty($entryContent)) { - if ($this->isHTML($entryContent)) { + if (is_html($entryContent)) { $entry['content_html'] = $entryContent; } else { $entry['content_text'] = $entryContent; @@ -93,7 +93,7 @@ class JsonFormat extends FormatAbstract foreach ($entryEnclosures as $enclosure) { $entry['attachments'][] = [ 'url' => $enclosure, - 'mime_type' => getMimeType($enclosure) + 'mime_type' => parse_mime_type($enclosure) ]; } } @@ -121,13 +121,8 @@ class JsonFormat extends FormatAbstract * So consider this a hack. * Switch to JSON_INVALID_UTF8_IGNORE when PHP 7.2 is the latest platform requirement. */ - $json = json_encode($data, JSON_PRETTY_PRINT | JSON_PARTIAL_OUTPUT_ON_ERROR); + $json = json_encode($data, \JSON_PRETTY_PRINT | \JSON_PARTIAL_OUTPUT_ON_ERROR); return $json; } - - private function isHTML($text) - { - return (strlen(strip_tags($text)) != strlen($text)); - } } diff --git a/formats/MrssFormat.php b/formats/MrssFormat.php index 45c2181f..f4067b73 100644 --- a/formats/MrssFormat.php +++ b/formats/MrssFormat.php @@ -33,22 +33,28 @@ class MrssFormat extends FormatAbstract protected const MRSS_NS = 'http://search.yahoo.com/mrss/'; const ALLOWED_IMAGE_EXT = [ - '.gif', '.jpg', '.png' + '.gif', + '.jpg', + '.png', ]; public function stringify() { - $urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'; - $urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ''; - $urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : ''; - $urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : ''; + $https = $_SERVER['HTTPS'] ?? null; + $urlPrefix = $https == 'on' ? 'https://' : 'http://'; + $urlHost = $_SERVER['HTTP_HOST'] ?? ''; + $urlRequest = $_SERVER['REQUEST_URI'] ?? ''; $feedUrl = $urlPrefix . $urlHost . $urlRequest; $extraInfos = $this->getExtraInfos(); - $uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : REPOSITORY; + if (empty($extraInfos['uri'])) { + $uri = REPOSITORY; + } else { + $uri = $extraInfos['uri']; + } - $document = new DomDocument('1.0', $this->getCharset()); + $document = new \DomDocument('1.0', $this->getCharset()); $document->formatOutput = true; $feed = $document->createElement('rss'); $document->appendChild($feed); @@ -103,16 +109,18 @@ class MrssFormat extends FormatAbstract $itemTimestamp = $item->getTimestamp(); $itemTitle = $item->getTitle(); $itemUri = $item->getURI(); - $itemContent = $item->getContent() ? $this->sanitizeHtml($item->getContent()) : ''; + $itemContent = $item->getContent() ? sanitize_html($item->getContent()) : ''; $entryID = $item->getUid(); $isPermaLink = 'false'; - if (empty($entryID) && !empty($itemUri)) { // Fallback to provided URI + if (empty($entryID) && !empty($itemUri)) { + // Fallback to provided URI $entryID = $itemUri; $isPermaLink = 'true'; } - if (empty($entryID)) { // Fallback to title and content + if (empty($entryID)) { + // Fallback to title and content $entryID = hash('sha1', $itemTitle . $itemContent); } @@ -139,7 +147,7 @@ class MrssFormat extends FormatAbstract if (!empty($itemTimestamp)) { $entryPublished = $document->createElement('pubDate'); $entry->appendChild($entryPublished); - $entryPublished->appendChild($document->createTextNode(gmdate(DATE_RFC2822, $itemTimestamp))); + $entryPublished->appendChild($document->createTextNode(gmdate(\DATE_RFC2822, $itemTimestamp))); } if (!empty($itemContent)) { @@ -152,10 +160,9 @@ class MrssFormat extends FormatAbstract $entryEnclosure = $document->createElementNS(self::MRSS_NS, 'content'); $entry->appendChild($entryEnclosure); $entryEnclosure->setAttribute('url', $enclosure); - $entryEnclosure->setAttribute('type', getMimeType($enclosure)); + $entryEnclosure->setAttribute('type', parse_mime_type($enclosure)); } - $entryCategories = ''; foreach ($item->getCategories() as $category) { $entryCategory = $document->createElement('category'); $entry->appendChild($entryCategory); diff --git a/formats/PlaintextFormat.php b/formats/PlaintextFormat.php index a1e125c7..c8c4e9d6 100644 --- a/formats/PlaintextFormat.php +++ b/formats/PlaintextFormat.php @@ -1,9 +1,5 @@ <?php -/** -* Plaintext -* Returns $this->items as raw php data. -*/ class PlaintextFormat extends FormatAbstract { const MIME_TYPE = 'text/plain'; |