Code Coverage for /home/runner/work/tao-community/tao-community/tao/helpers/class.Display.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	57.78% covered (warning)	57.78%	26 / 45	41.67% covered (danger)	41.67%	5 / 12	CRAP	0.00% covered (danger)	0.00%	0 / 1
tao_helpers_Display	57.78% covered (warning)	57.78%	26 / 45	41.67% covered (danger)	41.67%	5 / 12	46.17	0.00% covered (danger)	0.00%	0 / 1
textCutter	0.00% covered (danger)	0.00%	0 / 8	0.00% covered (danger)	0.00%	0 / 1	6
textCleaner	91.67% covered (success)	91.67%	11 / 12	0.00% covered (danger)	0.00%	0 / 1	3.01
htmlize	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
htmlEscape	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
encodeAttrValue	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
sanitizeXssHtml	100.00% covered (success)	100.00%	5 / 5	100.00% covered (success)	100.00%	1 / 1	1
replace	66.67% covered (warning)	66.67%	2 / 3	0.00% covered (danger)	0.00%	0 / 1	2.15
replaceWithUnderscore	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
replaceWithRandom	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	6
replaceWith	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getEncoding	66.67% covered (warning)	66.67%	4 / 6	0.00% covered (danger)	0.00%	0 / 1	3.33
getApplicationService	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1

1	<?php
2
3	/**
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU General Public License
6	* as published by the Free Software Foundation; under version 2
7	* of the License (non-upgradable).
8	*
9	* This program is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	* GNU General Public License for more details.
13	*
14	* You should have received a copy of the GNU General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17	*
18	* Copyright (c) 2008-2010 (original work) Deutsche Institut für Internationale Pädagogische Forschung
19	* (under the project TAO-TRANSFER);
20	* 2009-2012 (update and modification) Public Research Centre Henri Tudor
21	* (under the project TAO-SUSTAIN & TAO-DEV);
22	* 2013-2017 (update and modification) Open Assessment Technologies SA (under the project TAO-PRODUCT);
23	*
24	*/
25
26	use oat\oatbox\service\ServiceManager;
27	use oat\tao\model\service\ApplicationService;
28
29	/**
30	* Utility class focusing on display methods.
31	*
32	* @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu>
33	* @package tao
34
35	*/
36	class tao_helpers_Display
37	{
38	private static $replacement = '_';
39
40	/**
41	* Enables you to cut a long string and end it with [...] and add an hover
42	* to display the complete string on mouse over.
43	*
44	* @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu>
45	* @param string input The string input.
46	* @param int maxLength (optional, default = 75) The maximum length for the result string.
47	* @return string The cut string, enclosed in a <span> html tag. This tag received the 'cutted' CSS class.
48	*/
49	public static function textCutter($input, int $maxLength = 75): string
50	{
51	$encoding = self::getEncoding();
52
53	if (mb_strlen($input, $encoding) <= $maxLength) {
54	return $input;
55	}
56
57	return sprintf(
58	'<span title="%s" class="cutted" style="cursor:pointer;">%s[...]</span>',
59	$input,
60	mb_substr($input, 0, $maxLength, $encoding)
61	);
62	}
63
64	/**
65	* Clean a text with a joker character to replace any characters that is not alphanumeric.
66	*
67	* @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu>
68	* @param string input The string input.
69	* @param string joker (optional, default = '_') A joker character that will be the alphanumeric placeholder.
70	* @param int maxLength (optional, default = -1) output maximum length
71	* @return string The result string.
72	*/
73	public static function textCleaner($input, string $joker = '_', int $maxLength = -1): string
74	{
75	$encoding = self::getEncoding();
76
77	if ($maxLength > -1) {
78	$input = mb_substr($input, 0, $maxLength, $encoding);
79	}
80
81	$replacingPattern = strpos($encoding, 'UTF') === 0
82	? '/[^\p{L}0-9-_]+/u'
83	: '/[^a-z0-9-_]+/ui';
84
85	$patternMaps = [
86	'/\s+/u' => [self::class, 'replaceWithUnderscore'],
87	$replacingPattern => [self::class, 'replace'],
88	];
89
90	self::$replacement = $joker;
91
92	return preg_replace_callback_array($patternMaps, $input);
93	}
94
95	/**
96	* Display clean and more secure text into an HTML page. The implementation
97	* of this method is done with htmlentities.This method is Unicode safe.
98	*
99	* @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu>
100	* @param string input The input string.
101	* @return string The htmlized string.
102	*/
103	public static function htmlize($input): string
104	{
105	return htmlentities($input, ENT_COMPAT, self::getEncoding());
106	}
107
108
109
110	/**
111	* Convert special characters to HTML entities
112	*/
113	public static function htmlEscape($string): string
114	{
115	return htmlspecialchars($string);
116	}
117
118	/**
119	* Encode the value of an html attribute
120	*
121	* @param string $string
122	* @return string
123	*/
124	public static function encodeAttrValue($string): string
125	{
126	return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
127	}
128
129	/**
130	* Sanitize all parts that could be used in XSS (script, style, hijacked links, etc.)
131	* and update some attributes to use a safe behavior.
132	*
133	* @see http://htmlpurifier.org/live/configdoc/plain.html
134	*
135	* @param string $input the input HTML
136	* @return string the sanitized HTML
137	*/
138	public static function sanitizeXssHtml($input): string
139	{
140	$config = HTMLPurifier_Config::createDefault();
141
142	//we don't use HTMLPurifier cache
143	//because it writes serialized files inside it's own folder
144	//so this won't work in a multi server env
145	$config->set('Cache.DefinitionImpl', null);
146
147	//allow target=_blank on links
148	$config->set('Attr.AllowedFrameTargets', ['_blank']);
149
150	$purifier = new HTMLPurifier($config);
151	return $purifier->purify($input);
152	}
153
154	/** @noinspection PhpUnusedPrivateMethodInspection */
155	private static function replace(array $matches): string
156	{
157	return '*' === self::$replacement
158	? self::replaceWithRandom($matches)
159	: self::replaceWith($matches, self::$replacement);
160	}
161
162	/** @noinspection PhpUnusedPrivateMethodInspection */
163	private static function replaceWithUnderscore(array $matches): string
164	{
165	return self::replaceWith($matches, '_');
166	}
167
168	private static function replaceWithRandom(array $matches): string
169	{
170	$result = [];
171
172	$length = mb_strlen(reset($matches), self::getEncoding());
173
174	for ($i = 0; $i < $length; $i++) {
175	/** @noinspection RandomApiMigrationInspection */
176	$result[] = chr(mt_rand(97, 122));
177	}
178
179	return implode('', $result);
180	}
181
182	private static function replaceWith(array $matches, string $replacement): string
183	{
184	return str_repeat($replacement, mb_strlen(reset($matches), self::getEncoding()));
185	}
186
187	private static function getEncoding(): string
188	{
189	static $encoding;
190
191	if (null === $encoding) {
192	try {
193	$encoding = self::getApplicationService()->getDefaultEncoding();
194	} catch (common_Exception $exception) {
195	$encoding = mb_internal_encoding();
196	}
197	}
198
199	return $encoding;
200	}
201
202	private static function getApplicationService(): ApplicationService
203	{
204	/** @noinspection PhpIncompatibleReturnTypeInspection */
205	return ServiceManager::getServiceManager()->get(ApplicationService::SERVICE_ID);
206	}
207	}