invoiceninja/app/Libraries/HTMLUtils.php

<?php

namespace App\Libraries;

use HTMLPurifier;
use HTMLPurifier_Config;

class HTMLUtils
{
    public static function sanitizeCSS($css)
    {
        // Allow referencing the body element
        $css = preg_replace('/(?<![a-z0-9\-\_\#\.])body(?![a-z0-9\-\_])/i', '.body', $css);

        //
        // Inspired by http://stackoverflow.com/a/5209050/1721527, dleavitt <https://stackoverflow.com/users/362110/dleavitt>
        //

        // Create a new configuration object
        $config = HTMLPurifier_Config::createDefault();
        $config->set('Filter.ExtractStyleBlocks', true);
        $config->set('CSS.AllowImportant', true);
        $config->set('CSS.AllowTricky', true);
        $config->set('CSS.Trusted', true);
        $config->set('Cache.SerializerPath', base_path('storage/framework/cache'));

        // Create a new purifier instance
        $purifier = new HTMLPurifier($config);

        // Wrap our CSS in style tags and pass to purifier.
        // we're not actually interested in the html response though
        $purifier->purify('<style>'.$css.'</style>');

        // The "style" blocks are stored seperately
        $css = $purifier->context->get('StyleBlocks');

        // Get the first style block
        return count($css) ? $css[0] : '';
    }

    public static function sanitizeHTML($html)
    {
        $html = html_entity_decode($html);

        $config = HTMLPurifier_Config::createDefault();
        $config->set('Cache.SerializerPath', base_path('storage/framework/cache'));

        $purifier = new HTMLPurifier($config);

        return $purifier->purify($html);
    }

    public static function previousUrl($fallback)
    {
        $previous = url()->previous();
        $current = request()->url();

        if ($previous == $current) {
            return url($fallback);
        } else {
            return $previous;
        }
    }

    public static function getEnvForAccount($field, $default = '')
    {
        $key = '';

        if ($user = auth()->user()) {
            $key .= $user->account->id . '_';
        }

        $key .= $field;

        return env($key, env($field, $default));
    }
}
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`<?php`

			`namespace App\Libraries;`
Refactor client portal and email settings requests 2017-01-12 12:52:37 +01:00
			`use HTMLPurifier;`
			`use HTMLPurifier_Config;`

			`class HTMLUtils`
			`{`
Improve JSON encoding in HTML 2017-05-07 09:00:38 +02:00			`public static function sanitizeCSS($css)`
Refactor client portal and email settings requests 2017-01-12 12:52:37 +01:00			`{`
			`// Allow referencing the body element`
			`$css = preg_replace('/(?<![a-z0-9\-\_\#\.])body(?![a-z0-9\-\_])/i', '.body', $css);`

			`//`
			`// Inspired by http://stackoverflow.com/a/5209050/1721527, dleavitt <https://stackoverflow.com/users/362110/dleavitt>`
			`//`

			`// Create a new configuration object`
			`$config = HTMLPurifier_Config::createDefault();`
			`$config->set('Filter.ExtractStyleBlocks', true);`
			`$config->set('CSS.AllowImportant', true);`
			`$config->set('CSS.AllowTricky', true);`
			`$config->set('CSS.Trusted', true);`
htmlpurifier cache not writable #1627 2017-08-20 09:15:19 +02:00			`$config->set('Cache.SerializerPath', base_path('storage/framework/cache'));`
Refactor client portal and email settings requests 2017-01-12 12:52:37 +01:00
			`// Create a new purifier instance`
			`$purifier = new HTMLPurifier($config);`

			`// Wrap our CSS in style tags and pass to purifier.`
			`// we're not actually interested in the html response though`
			`$purifier->purify('<style>'.$css.'</style>');`

			`// The "style" blocks are stored seperately`
			`$css = $purifier->context->get('StyleBlocks');`

			`// Get the first style block`
			`return count($css) ? $css[0] : '';`
			`}`
Improve JSON encoding in HTML 2017-05-07 09:00:38 +02:00
			`public static function sanitizeHTML($html)`
			`{`
XSS fixes 2017-08-04 15:39:11 +02:00			`$html = html_entity_decode($html);`

Improve JSON encoding in HTML 2017-05-07 09:00:38 +02:00			`$config = HTMLPurifier_Config::createDefault();`
htmlpurifier cache not writable #1627 2017-08-20 09:15:19 +02:00			`$config->set('Cache.SerializerPath', base_path('storage/framework/cache'));`

Improve JSON encoding in HTML 2017-05-07 09:00:38 +02:00			`$purifier = new HTMLPurifier($config);`

			`return $purifier->purify($html);`
			`}`
Improve cancel button links 2017-06-13 14:42:41 +02:00
			`public static function previousUrl($fallback)`
			`{`
			`$previous = url()->previous();`
			`$current = request()->url();`

			`if ($previous == $current) {`
			`return url($fallback);`
			`} else {`
			`return $previous;`
			`}`
			`}`
Support per-company SMTP settings [Self-host] 2018-01-22 17:24:37 +01:00
			`public static function getEnvForAccount($field, $default = '')`
			`{`
			`$key = '';`

			`if ($user = auth()->user()) {`
			`$key .= $user->account->id . '_';`
			`}`

			`$key .= $field;`

			`return env($key, env($field, $default));`
			`}`
Refactor client portal and email settings requests 2017-01-12 12:52:37 +01:00			`}`