fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'rhymix:master' into master

Browse source
This commit is contained in:
Lastorder 2025-05-26 06:58:12 +09:00 committed by GitHub
commit cb1fd188ef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
111 changed files with 4286 additions and 5469 deletions
Download patch file Download diff file Expand all files Collapse all files

16
classes/context/Context.class.php
View file

@ -1120,6 +1120,14 @@ class Context
self::$_instance->security_check = 'DENY ALL';
self::$_instance->security_check_detail = 'ERR_UNSAFE_ENV';
}
if (PHP_VERSION_ID < 80000)
{
libxml_disable_entity_loader(true);
}
libxml_set_external_entity_loader(function($a, $b, $c) {
return null;
});
}
/**
@ -1261,10 +1269,6 @@ class Context
$GLOBALS['HTTP_RAW_POST_DATA'] = '';
return;
}
if (PHP_VERSION_ID < 80000)
{
libxml_disable_entity_loader(true);
}
$params = Rhymix\Framework\Parsers\XMLRPCParser::parse($GLOBALS['HTTP_RAW_POST_DATA']) ?: [];
}
elseif($request_method === 'JSON')
@ -1339,7 +1343,7 @@ class Context
unset($_FILES[$key]);
continue;
}
$val['name'] = str_replace('&amp;', '&', escape($val['name'], false));
$val['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name']);
self::set($key, $val, true);
self::set('is_uploaded', true);
self::$_instance->is_uploaded = true;
@ -1365,7 +1369,7 @@ class Context
break;
}
$file = array();
$file['name'] = str_replace('&amp;', '&', escape($val['name'][$i], false));
$file['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name'][$i]);
$file['type'] = $val['type'][$i];
$file['tmp_name'] = $val['tmp_name'][$i];
$file['error'] = $val['error'][$i];

2
classes/display/DisplayHandler.class.php
View file

@ -257,7 +257,7 @@ class DisplayHandler extends Handler
case 'HTML':
$json_options = defined('JSON_PRETTY_PRINT') ? (JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE) : 0;
$panel_script = sprintf('<script src="%s%s?t=%d"></script>', RX_BASEURL, 'common/js/debug.js', filemtime(RX_BASEDIR . 'common/js/debug.js'));
$panel_script .= "\n<script>\nvar rhymix_debug_content = " . json_encode($data, $json_options) . ";\n</script>";
$panel_script .= "\n<script>\nRhymix.currentDebugData = " . json_encode($data, $json_options) . ";\n</script>";
$body_end_position = strrpos($output, '</body>') ?: strlen($output);
$output = substr($output, 0, $body_end_position) . "\n$panel_script\n" . substr($output, $body_end_position);
break;

134
classes/module/ModuleObject.class.php
View file

@ -249,7 +249,7 @@ class ModuleObject extends BaseObject
*/
public function setPrivileges()
{
if(!$this->user->isAdmin())
if (!$this->user->isAdmin())
{
// Get privileges(granted) information for target module by <permission check> of module.xml
if(($permission = $this->xml_info->action->{$this->act}->permission) && $permission->check_var)
@ -278,33 +278,28 @@ class ModuleObject extends BaseObject
foreach($check_module_srl as $target_srl)
{
// Get privileges(granted) information of current user for target module
if(($grant = ModuleModel::getInstance()->getPrivilegesBySrl($target_srl, $permission->check_type)) === false)
$check_grant = ModuleModel::getPrivilegesBySrl($target_srl, $permission->check_type);
if ($check_grant === false)
{
return false;
}
// Check permission
if(!$this->checkPermission($grant, $this->user))
if(!$this->checkPermission($check_grant, $this->user, $failed_requirement))
{
$this->stop($this->user->isMember() ? 'msg_not_permitted_act' : 'msg_not_logged');
$this->stop($this->_generatePermissionError($failed_requirement));
return false;
}
}
}
}
// If no privileges(granted) information, check permission by privileges(granted) information for current module
if(!isset($grant))
// Check permission based on the grant information for the current module.
$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
if(!$this->checkPermission($grant, $this->user, $failed_requirement))
{
// Get privileges(granted) information of current user for current module
$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
// Check permission
if(!$this->checkPermission($grant, $this->user))
{
$this->stop($this->user->isMember() ? 'msg_not_permitted_act' : 'msg_not_logged');
return false;
}
$this->stop($this->_generatePermissionError($failed_requirement));
return false;
}
// If member action, grant access for log-in, sign-up, member pages
@ -313,7 +308,7 @@ class ModuleObject extends BaseObject
$grant->access = true;
}
// Set privileges(granted) variables
// Set aliases to grant object
$this->grant = $grant;
Context::set('grant', $grant);
@ -325,9 +320,10 @@ class ModuleObject extends BaseObject
*
* @param object $grant privileges(granted) information of user
* @param object $member_info member information
* @param string|array &$failed_requirement
* @return bool
*/
public function checkPermission($grant = null, $member_info = null)
public function checkPermission($grant = null, $member_info = null, &$failed_requirement = '')
{
// Get logged-in member information
if(!$member_info)
@ -356,21 +352,50 @@ class ModuleObject extends BaseObject
$permission = 'root';
}
// If permission is not or 'guest', Pass
if(empty($permission) || $permission == 'guest')
// If there is no permission or eveyone is allowed, pass
if (empty($permission) || $permission === 'guest' || $permission === 'everyone')
{
return true;
}
// If permission is 'member', check logged-in
else if($permission == 'member')
// If permission is 'member', the user must be logged in
if ($permission === 'member')
{
if($member_info->member_srl)
if ($member_info->member_srl)
{
return true;
}
else
{
$failed_requirement = 'member';
return false;
}
}
// If permission is 'not_member', the user must be logged out
if ($permission === 'not_member' || $permission === 'not-member')
{
if (!$member_info->member_srl || $grant->manager)
{
return true;
}
else
{
$failed_requirement = 'not_member';
return false;
}
}
// If permission is 'root', false
// Because an administrator who have root privilege(granted) was passed already
if ($permission == 'root')
{
$failed_requirement = 'root';
return false;
}
// If permission is 'manager', check 'is user have manager privilege(granted)'
else if(preg_match('/^(manager(?::(.+))?|([a-z0-9\_]+)-managers)$/', $permission, $type))
if (preg_match('/^(manager(?::(.+))?|([a-z0-9\_]+)-managers)$/', $permission, $type))
{
// If permission is manager(:scope), check manager privilege and scope
if ($grant->manager)
@ -404,32 +429,71 @@ class ModuleObject extends BaseObject
return true;
}
}
}
// If permission is 'root', false
// Because an administrator who have root privilege(granted) was passed already
else if($permission == 'root')
{
$failed_requirement = 'manager';
return false;
}
// If grant name, check the privilege(granted) of the user
else if($grant_names = explode(',', $permission))
{
$privilege_list = array_keys((array) $this->xml_info->grant);
foreach($grant_names as $name)
// Check grant name
// If multiple names are given, all of them must pass.
elseif ($grant_names = array_map('trim', explode(',', $permission)))
{
foreach ($grant_names as $name)
{
if(!in_array($name, $privilege_list) || !$grant->$name)
if (!isset($grant->{$name}))
{
return false;
}
if (!$grant->{$name})
{
$failed_requirement = $grant->whocan($name);
return false;
}
}
return true;
}
return false;
}
/**
* Generate an error message for a failed permission.
*
* @param mixed $failed_requirement
* @return string
*/
protected function _generatePermissionError($failed_requirement)
{
if ($failed_requirement === 'member' || !$this->user->isMember())
{
return 'msg_not_logged';
}
elseif ($failed_requirement === 'not_member')
{
return 'msg_required_not_logged';
}
elseif ($failed_requirement === 'manager' || $failed_requirement === 'root')
{
return 'msg_administrator_only';
}
elseif (is_array($failed_requirement) && count($failed_requirement))
{
if (class_exists('PointModel'))
{
$min_level = PointModel::getMinimumLevelForGroup($failed_requirement);
if ($min_level)
{
return sprintf(lang('member.msg_required_minimum_level'), $min_level);
}
}
return 'member.msg_required_specific_group';
}
else
{
return 'msg_not_permitted_act';
}
}
/**
* Stop processing this module instance.
*

150
classes/validator/Validator.class.php
View file

@ -30,31 +30,25 @@ class Validator
* rule list
* @var array
*/
var $_rules;
var $_rules = [];
/**
* filter list
* @var array
*/
var $_filters;
var $_filters = [];
/**
* custom message list
* @var array
*/
var $_message;
var $_message = [];
/**
* custom field name list
* @var array
*/
var $_fieldNames;
/**
* Can usable status for multibyte string function
* @var boolean
*/
var $_has_mb_func;
var $_fieldNames = [];
/**
* validator version
@ -75,12 +69,10 @@ class Validator
*/
function __construct($xml_path = '')
{
$this->_rules = array();
$this->_filters = array();
$this->_xml_ruleset = NULL;
if($xml_path)
if ($xml_path)
{
$this->load($xml_path);
}
// predefined rules
$this->addRule(array(
@ -93,8 +85,7 @@ class Validator
'float' => '/^\d+(\.\d+)?$/'
));
$this->_has_mb_func = is_callable('mb_strlen');
$this->setCacheDir(RX_BASEDIR . 'files/cache');
$this->_cache_dir = RX_BASEDIR . 'files/cache';
}
/**
@ -114,112 +105,26 @@ class Validator
*/
function load($xml_path)
{
$this->_xml_ruleset = NULL;
if(!is_readable($xml_path))
if (!file_exists($xml_path) || !is_file($xml_path) || !is_readable($xml_path))
{
return FALSE;
return false;
}
$parser = new XeXmlParser();
$xml = $parser->loadXmlFile($xml_path);
if(!isset($xml->ruleset) || !isset($xml->ruleset->fields) || !isset($xml->ruleset->fields->field))
$output = Rhymix\Framework\Parsers\RulesetParser::loadXML($xml_path);
if (!$output)
{
return FALSE;
return false;
}
$rules = array();
$messages = array();
// custom rules
if(isset($xml->ruleset->customrules) && isset($xml->ruleset->customrules->rule))
if ($output->rules)
{
$customrules = $xml->ruleset->customrules->rule;
if(!is_array($customrules))
{
$customrules = array($customrules);
}
foreach($customrules as $rule)
{
if(!isset($rule->attrs) || !isset($rule->attrs->name))
{
continue;
}
$message = $rule->message ? $rule->message->body : NULL;
$rule = (array) $rule->attrs;
$rule['message'] = $message;
$name = $rule['name'];
unset($rule['name']);
$rules[$name] = $rule;
if(isset($message))
{
$messages['invalid_' . $name] = $message;
}
}
if(count($rules))
{
$this->addRule($rules);
}
$this->addRule($output->rules);
}
// filters
$fields = $xml->ruleset->fields->field;
if(!is_array($fields))
{
$fields = array($fields);
}
$filters = array();
$fieldsNames = array();
foreach($fields as $field)
{
$name = '';
$filter = array();
if(!isset($field->attrs) || !isset($field->attrs->name))
{
continue;
}
$title = $field->title ? $field->title->body : NULL;
$filter = (array) $field->attrs;
$filter['title'] = $title;
$name = $filter['name'];
if(isset($title))
{
$fieldsNames[$name] = $title;
}
unset($filter['name']);
// conditional statement
if(isset($field->if))
{
$if = $field->if;
if(!is_array($if))
{
$if = array($if);
}
foreach($if as $idx => $cond)
{
$if[$idx] = (array) $cond->attrs;
}
$filter['if'] = $if;
}
$filters[$name] = $filter;
}
$this->_xml_ruleset = $xml->ruleset;
$this->_filters = $filters;
$this->_message = $messages;
$this->_fieldNames = $fieldsNames;
$this->_filters = $output->filters;
$this->_message = $output->messages;
$this->_fieldNames = $output->fieldsNames;
$this->_xml_path = $xml_path;
return TRUE;
return true;
}
/**
@ -389,7 +294,7 @@ class Validator
$strbytes = strlen($value);
if(!$is_min_b || !$is_max_b)
{
$strlength = $this->_has_mb_func ? mb_strlen($value, 'utf-8') : $this->mbStrLen($value);
$strlength = mb_strlen($value, 'UTF-8');
}
if(($min && $min > ($is_min_b ? $strbytes : $strlength)) || ($max && $max < ($is_max_b ? $strbytes : $strlength)))
@ -630,21 +535,6 @@ class Validator
return TRUE;
}
/**
* if not supported 'mb_strlen' function, this method can use.
* @param string $str
* @return int
*/
function mbStrLen($str)
{
$arr = count_chars($str);
for($i = 0x80; $i < 0xc0; $i++)
{
unset($arr[$i]);
}
return array_sum($arr);
}
/**
* Returns compiled javascript file path. The path begins from XE root directory.
* @return string Compiled JavaScript file path

238
classes/xml/XmlParser.class.php
View file

@ -1,240 +1,46 @@
<?php
/**
* Xml_Node_ class
* Element node or attribute node.
* @author NAVER (developers@xpressengine.com)
* @package /classes/xml
* @version 0.1
*/
#[AllowDynamicProperties]
class Xml_Node_
{
/** In PHP5 this will silence E_STRICT warnings
* for undeclared properties.
* No effect in PHP4
*/
function __get($name)
{
return NULL;
}
}
/**
* XmlParser class
* Class parsing a given xmlrpc request and creating a data object
* @remarks <pre>{
* This class may drops unsupported xml lanuage attributes when multiple language attributes are given.
* For example, if 'xml:lang='ko, en, ch, jp..' is given in a xml file, only ko will be left ignoring all other language
* attributes when kor is only supported language. It seems to work fine now but we did not scrutinze any potential side effects,
* }</pre>
* XML Parser class from XE
*
* @author NAVER (developers@xpressengine.com)
* @package /classes/xml
* @version 0.1
* Renamed because of conflict with built-in XMLParser class in PHP 8+
*
* @deprecated
*/
class XeXmlParser
{
/**
* Xml parser
* @var resource
* Load an XML file.
*
* @deprecated
* @param string $filename
* @return ?object
*/
var $oParser = NULL;
/**
* Input xml
* @var string
*/
var $input = NULL;
/**
* Output object in array
* @var array
*/
var $output = array();
/**
* The default language type
* @var string
*/
var $lang = "en";
/**
* Load a xml file specified by a filename and parse it to Return the resultant data object
* @param string $filename a file path of file
* @return object|null Returns a data object containing data extracted from a xml file or NULL if a specified file does not exist
*/
function loadXmlFile($filename)
public static function loadXmlFile($filename): ?object
{
if(!file_exists($filename))
$filename = strval($filename);
if (file_exists($filename))
{
return;
}
$buff = FileHandler::readFile($filename);
$oXmlParser = new self();
return $oXmlParser->parse($buff);
}
/**
* Parse xml data to extract values from it and construct data object
* @param string $input a data buffer containing xml data
* @param mixed $arg1 ???
* @param mixed $arg2 ???
* @return object|null Returns a resultant data object or NULL in case of error
*/
function parse($input = '', $arg1 = NULL, $arg2 = NULL)
{
// Save the compile starting time for debugging
$start = microtime(true);
$this->lang = Context::getLangType();
$this->input = $input ? $input : $GLOBALS['HTTP_RAW_POST_DATA'];
$this->input = str_replace(array('', ''), array('', ''), $this->input);
// extracts a supported language
preg_match_all("/xml:lang=\"([^\"].+)\"/i", $this->input, $matches);
// extracts the supported lanuage when xml:lang is used
if(count($matches[1]) && $supported_lang = array_unique($matches[1]))
{
$tmpLangList = array_flip($supported_lang);
// if lang of the first log-in user doesn't exist, apply en by default if exists. Otherwise apply the first lang.
if(!isset($tmpLangList[$this->lang]))
{
if(isset($tmpLangList['en']))
{
$this->lang = 'en';
}
else
{
$this->lang = array_shift($supported_lang);
}
}
// uncheck the language if no specific language is set.
return Rhymix\Framework\Parsers\XEXMLParser::loadXMLFile($filename);
}
else
{
$this->lang = '';
}
$this->oParser = xml_parser_create('UTF-8');
//xml_set_object($this->oParser, $this);
xml_set_element_handler($this->oParser, [$this, "_tagOpen"], [$this, "_tagClosed"]);
xml_set_character_data_handler($this->oParser, [$this, "_tagBody"]);
xml_parse($this->oParser, $this->input);
xml_parser_free($this->oParser);
if(!count($this->output))
{
return;
}
$output = array_shift($this->output);
// Save compile starting time for debugging
if (!isset($GLOBALS['__xmlparse_elapsed__']))
{
$GLOBALS['__xmlparse_elapsed__'] = 0;
}
$GLOBALS['__xmlparse_elapsed__'] += microtime(true) - $start;
return $output;
}
/**
* Start element handler.
* @param resource $parse an instance of parser
* @param string $node_name a name of node
* @param array $attrs attributes to be set
* @return array
*/
function _tagOpen($parser, $node_name, $attrs)
{
$obj = new Xml_Node_();
$obj->node_name = strtolower($node_name);
$obj->attrs = $this->_arrToAttrsObj($attrs);
$this->output[] = $obj;
}
/**
* Character data handler
* Variable in the last element of this->output
* @param resource $parse an instance of parser
* @param string $body a data to be added
* @return void
*/
function _tagBody($parser, $body)
{
//if(!trim($body)) return;
$this->output[count($this->output) - 1]->body .= $body;
}
/**
* End element handler
* @param resource $parse an instance of parser
* @param string $node_name name of xml node
* @return void
*/
function _tagClosed($parser, $node_name)
{
$node_name = strtolower($node_name);
$cur_obj = array_pop($this->output);
$parent_obj = &$this->output[count($this->output) - 1];
if($this->lang && $cur_obj->attrs->{'xml:lang'} && $cur_obj->attrs->{'xml:lang'} != $this->lang)
{
return;
}
if($this->lang && ($parent_obj->{$node_name}->attrs->{'xml:lang'} ?? null) && $parent_obj->{$node_name}->attrs->{'xml:lang'} != $this->lang)
{
return;
}
if(isset($parent_obj->{$node_name}))
{
$tmp_obj = $parent_obj->{$node_name};
if(is_array($tmp_obj))
{
$parent_obj->{$node_name}[] = $cur_obj;
}
else
{
$parent_obj->{$node_name} = array($tmp_obj, $cur_obj);
}
}
else
{
if(!is_object($parent_obj))
{
$parent_obj = (object) $parent_obj;
}
$parent_obj->{$node_name} = $cur_obj;
return null;
}
}
/**
* Method to transfer values in an array to a data object
* @param array $arr data array
* @return Xml_Node_ object
* Load an XML string.
*
* @deprecated
* @param string $$input
* @return ?object
*/
function _arrToAttrsObj($arr)
function parse($input = ''): ?object
{
$output = new Xml_Node_();
foreach($arr as $key => $val)
{
$key = strtolower($key);
$output->{$key} = $val;
}
return $output;
$input = strval($input !== '' ? $input : $GLOBALS['HTTP_RAW_POST_DATA']);
return Rhymix\Framework\Parsers\XEXMLParser::loadXMLString($input);
}
}
/**