composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'support/3.0' into develop

Browse Source 
# Conflicts:
#	datamodels/2.x/itop-portal-base/portal/src/Twig/AppExtension.php
This commit is contained in:
Eric Espie
2022-12-07 13:52:42 +01:00
parent 0579f1b1dc f66692d5cf
commit e4d8489292
5 changed files with 74 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
datamodels/2.x/itop-oauth-client/src/Service/PopupMenuExtension.php
View File

@@ -7,7 +7,6 @@
namespace Combodo\iTop\OAuthClient\Service;
use ApplicationContext;
use Combodo\iTop\Core\Authentication\Client\OAuth\OAuthClientProviderFactory;
use Dict;
use iPopupMenuExtension;
use JSPopupMenuItem;
@@ -42,11 +41,10 @@ class PopupMenuExtension implements \iPopupMenuExtension
$sAjaxUri = utils::GetAbsoluteUrlModulePage(static::MODULE_CODE, 'ajax.php');
// Add a new menu item that triggers a custom JS function defined in our own javascript file: js/sample.js
$sJSFileUrl = 'env-'.utils::GetCurrentEnvironment().'/'.static::MODULE_CODE.'/assets/js/oauth_connect.js';
$sRedirectUri = OAuthClientProviderFactory::GetRedirectUri();
$aResult[] = new JSPopupMenuItem(
$sMenu.' from '.$sObjClass,
Dict::S($sMenu),
"OAuthConnect('$sClass', $sId, '$sAjaxUri', '$sRedirectUri')",
"OAuthConnect('$sClass', $sId, '$sAjaxUri')",
[$sJSFileUrl]
);

88
datamodels/2.x/itop-portal-base/portal/src/Twig/AppExtension.php
View File

@@ -22,6 +22,7 @@ namespace Combodo\iTop\Portal\Twig;
use AttributeDate;
use AttributeDateTime;
use AttributeText;
use Closure;
use Dict;
use Exception;
use Twig\Environment;
@@ -163,7 +164,7 @@ class AppExtension extends AbstractExtension
$filters[] = new TwigFilter('var_export', 'var_export');
//since 2.7.7 3.0.2 3.1.0 N°4867 "Twig content not allowed" error when use the extkey widget search icon in the user portal
//overwrite native twig filter : disable use of 'system' filter
// Since 2.7.8 filter more functions as filter 'filter' is used by the portal
$filters[] = new TwigFilter('filter', function ($array, $arrow) {
$ret = $this->SanitizeFilter($array, $arrow);
if ($ret !== false) {
@@ -172,42 +173,83 @@ class AppExtension extends AbstractExtension
$oEnv = new Environment(new FilesystemLoader());
return twig_array_filter($oEnv, $array, $arrow);
});
// Since 2.7.8 deactivate map
$filters[] = new TwigFilter('map', function ($array, $arrow) {
$ret = $this->SanitizeFilter($array, $arrow);
if ($ret !== false) {
return [$ret];
}
$oEnv = new Environment(new FilesystemLoader());
return twig_array_map($oEnv, $array, $arrow);
return $array;
});
// Since 2.7.8 deactivate reduce
$filters[] = new TwigFilter('reduce', function ($array, $arrow, $initial = null) {
$ret = $this->SanitizeFilter($array, $arrow);
if ($ret !== false) {
return $ret;
}
// reduce return mixed results not only arrays
$oEnv = new Environment(new FilesystemLoader());
return twig_array_reduce($oEnv, $array, $arrow, $initial);
return $array;
});
$filters[] = new TwigFilter('sort', function ($array, $arrow, $initial = null) {
$ret = $this->SanitizeFilter($array, $arrow);
if ($ret !== false) {
return $ret;
}
// reduce return mixed results not only arrays
$oEnv = new Environment(new FilesystemLoader());
return twig_array_reduce($oEnv, $array, $arrow, $initial);
return $array;
});
return $filters;
}
private function SanitizeFilter($array, $arrow)
{
$aRestricted = [
'system',
'exec',
'passthru',
'popen',
'proc_open',
'shell_exec',
'file_get_contents',
'file_put_contents',
'eval',
'pcntl_exec',
'chgrp',
'chmod',
'chown',
'lchgrp',
'lchown',
'umask',
'copy',
'delete',
'unlink',
'link',
'mkdir',
'rmdir',
'rename',
'symlink',
'tempnam',
'tmpfile',
'touch',
'fgetc',
'fgetcsv',
'fgets',
'fgetss',
'file',
'flock',
'fopen',
'fpassthru',
'fputcsv',
'fputs',
'fread',
'fscanf',
'ftruncate',
'fwrite',
'glob',
'readfile',
'readlink',
'parse_ini_file',
'mail',
];
$aRestrictedStartWith = ['ftp_', 'zip_', 'stream_'];
if (is_string($arrow)) {
if (in_array(strtolower($arrow), ['system', 'exec', 'passthru', 'popen'])) {
if (in_array(strtolower($arrow), $aRestricted)) {
return json_encode($array);
}
foreach ($aRestrictedStartWith as $sRestrictedStartWith) {
if (utils::StartsWith($arrow, $sRestrictedStartWith)) {
return json_encode($array);
}
}
} elseif ($arrow instanceof Closure) {
return json_encode($array);
}
return false;
}

2
setup/licenses/community-licenses.xml
View File

@@ -1674,7 +1674,7 @@ to represent the company, product, or service to which they refer.**
</license>
<license>
<product scope="datamodels">apereo/phpcas</product>
<author>Joachim Fritschi - Adam Franco</author>
<author>Joachim Fritschi - Adam Franco - Henry Pan</author>
<license_type>Apache-2.0</license_type>
<text><![CDATA[
Apache License

10
test/twig/test.html
View File

@@ -19,7 +19,7 @@
[&quot;touch+\/tmp\/test+&quot;]
<div>[34, 36, 38, 40, 42]|filter(v => v > 38)|join(', ')</div>
40, 42
[34,36,38,40,42]
<div>app.request.server.all|join(',')</div>
@@ -28,16 +28,16 @@
<div>[0]|reduce('system','echo')</div>
[0]
0
<div>[1, 2, 3]|reduce((carry, v) => carry + v)</div>
6
1, 2, 3
<div>['echo']|map('system')|join</div>
[&quot;echo&quot;]
echo
<div>{"Bob": "Smith", "Alice": "Dupond"}|map((value, key) => "#{key} #{value}")|join(', ')</div>
Bob Smith, Alice Dupond
Smith, Dupond
<div>['echo',1]|sort('system')|join</div>
[&quot;echo&quot;,1]

4
test/twig/test.html.twig
View File

@@ -28,11 +28,11 @@
{{ self }}
<div>[0]|reduce('system','echo')</div>
{{ [0]|reduce('system','echo') }}
{{ [0]|reduce('system','echo')|join(', ') }}
<div>[1, 2, 3]|reduce((carry, v) => carry + v)</div>
{% set numbers = [1, 2, 3] %}
{{ numbers|reduce((carry, v) => carry + v) }}
{{ numbers|reduce((carry, v) => carry + v)|join(', ') }}
<div>['echo']|map('system')|join</div>
{{ ['echo']|map('system')|join }}