composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°6023 Fix cannot load SVG files in AttributeImage since 3.0.0 (#449)

Browse Source 
Caused by merge error in ddd6bf2

Co-authored-by: Molkobain <lajarige.guillaume@free.fr>
This commit is contained in:
Pierre Goiffon
2023-02-23 18:38:03 +01:00
committed by GitHub
parent 7aad60ed1b
commit e960a4ad53
2 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
core/htmlsanitizer.class.inc.php
View File

@@ -34,32 +34,36 @@ abstract class HTMLSanitizer
/** /**
* Sanitize an HTML string with the configured sanitizer, falling back to HTMLDOMSanitizer in case of Exception or invalid configuration * Sanitize an HTML string with the configured sanitizer, falling back to HTMLDOMSanitizer in case of Exception or invalid configuration
*
* @param string $sHTML * @param string $sHTML
* @param string $sConfigKey eg. 'html_sanitizer', 'svg_sanitizer'
*
* @return string * @return string
*/ */
public static function Sanitize($sHTML) public static function Sanitize($sHTML, $sConfigKey = 'html_sanitizer')
{ {
$sSanitizerClass = MetaModel::GetConfig()->Get('html_sanitizer'); $sSanitizerClass = utils::GetConfig()->Get($sConfigKey);
if(!class_exists($sSanitizerClass)) if (!class_exists($sSanitizerClass)) {
{
IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.'); IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.');
$sSanitizerClass = 'HTMLDOMSanitizer'; $sSanitizerClass = 'HTMLDOMSanitizer';
} } else if (!is_subclass_of($sSanitizerClass, 'HTMLSanitizer')) {
else if(!is_subclass_of($sSanitizerClass, 'HTMLSanitizer')) if ($sConfigKey === 'html_sanitizer') {
{ IssueLog::Warning('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.');
IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.'); $sSanitizerClass = 'HTMLDOMSanitizer';
$sSanitizerClass = 'HTMLDOMSanitizer'; }
if ($sConfigKey === 'svg_sanitizer') {
IssueLog::Error('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of '.HTMLSanitizer::class.' ! Won\'t sanitize string.');
return $sHTML;
}
} }
try try {
{
$oSanitizer = new $sSanitizerClass(); $oSanitizer = new $sSanitizerClass();
$sCleanHTML = $oSanitizer->DoSanitize($sHTML); $sCleanHTML = $oSanitizer->DoSanitize($sHTML);
} }
catch(Exception $e) catch (Exception $e) {
{ if ($sSanitizerClass != 'HTMLDOMSanitizer') {
if($sSanitizerClass != 'HTMLDOMSanitizer')
{
IssueLog::Warning('Failed to sanitize an HTML string with "'.$sSanitizerClass.'". The following exception occured: '.$e->getMessage()); IssueLog::Warning('Failed to sanitize an HTML string with "'.$sSanitizerClass.'". The following exception occured: '.$e->getMessage());
IssueLog::Warning('Will try to sanitize with HTMLDOMSanitizer.'); IssueLog::Warning('Will try to sanitize with HTMLDOMSanitizer.');
// try again with the HTMLDOMSanitizer // try again with the HTMLDOMSanitizer

22
tests/php-unit-tests/unitary-tests/core/sanitizer/SvgDOMSanitizerTest.php
View File

@@ -2,6 +2,7 @@
namespace Combodo\iTop\Test\UnitTest\Core\Sanitizer; namespace Combodo\iTop\Test\UnitTest\Core\Sanitizer;
use HTMLSanitizer;
use SVGDOMSanitizer; use SVGDOMSanitizer;
@@ -22,7 +23,7 @@ class SVGDOMSanitizerTest extends AbstractDOMSanitizerTest
$sOutputHtml = $this->RemoveNewLines($sOutputHtml); $sOutputHtml = $this->RemoveNewLines($sOutputHtml);
$oSanitizer = new SVGDOMSanitizer(); $oSanitizer = new SVGDOMSanitizer();
$sRes = $oSanitizer->DoSanitize($sInputHtml); $sResFromSvgSanitizer = $oSanitizer->DoSanitize($sInputHtml);
// Removing newlines as the parser gives different results depending on the PHP version // Removing newlines as the parser gives different results depending on the PHP version
// Didn't manage to get it right : // Didn't manage to get it right :
@@ -30,19 +31,22 @@ class SVGDOMSanitizerTest extends AbstractDOMSanitizerTest
// - playing with the parser preserveWhitespace/formatOutput parser options didn't help // - playing with the parser preserveWhitespace/formatOutput parser options didn't help
// So we're removing new lines on both sides :/ // So we're removing new lines on both sides :/
$sOutputHtml = $this->RemoveNewLines($sOutputHtml); $sOutputHtml = $this->RemoveNewLines($sOutputHtml);
$sRes = $this->RemoveNewLines($sRes); $sResFromSvgSanitizer = $this->RemoveNewLines($sResFromSvgSanitizer);
$this->debug($sRes); $this->debug($sResFromSvgSanitizer);
$this->assertEquals($sOutputHtml, $sRes); $this->assertEquals($sOutputHtml, $sResFromSvgSanitizer);
// N°6023 checking call through the factory is working as well
$sResFromSanitizerFactory = HTMLSanitizer::Sanitize($sInputHtml, 'svg_sanitizer');
$sResFromSanitizerFactory = $this->RemoveNewLines($sResFromSanitizerFactory);
$this->assertEquals($sOutputHtml, $sResFromSanitizerFactory);
} }
public function DoSanitizeProvider() public function DoSanitizeProvider()
{ {
return array( return [
array( ['scripts.svg'],
'scripts.svg', ];
),
);
} }
} }