Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
57.78% |
26 / 45 |
|
41.67% |
5 / 12 |
CRAP | |
0.00% |
0 / 1 |
tao_helpers_Display | |
57.78% |
26 / 45 |
|
41.67% |
5 / 12 |
46.17 | |
0.00% |
0 / 1 |
textCutter | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
6 | |||
textCleaner | |
91.67% |
11 / 12 |
|
0.00% |
0 / 1 |
3.01 | |||
htmlize | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
htmlEscape | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
encodeAttrValue | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
sanitizeXssHtml | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
1 | |||
replace | |
66.67% |
2 / 3 |
|
0.00% |
0 / 1 |
2.15 | |||
replaceWithUnderscore | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
replaceWithRandom | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
6 | |||
replaceWith | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getEncoding | |
66.67% |
4 / 6 |
|
0.00% |
0 / 1 |
3.33 | |||
getApplicationService | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | |
3 | /** |
4 | * This program is free software; you can redistribute it and/or |
5 | * modify it under the terms of the GNU General Public License |
6 | * as published by the Free Software Foundation; under version 2 |
7 | * of the License (non-upgradable). |
8 | * |
9 | * This program is distributed in the hope that it will be useful, |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 | * GNU General Public License for more details. |
13 | * |
14 | * You should have received a copy of the GNU General Public License |
15 | * along with this program; if not, write to the Free Software |
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
17 | * |
18 | * Copyright (c) 2008-2010 (original work) Deutsche Institut für Internationale Pädagogische Forschung |
19 | * (under the project TAO-TRANSFER); |
20 | * 2009-2012 (update and modification) Public Research Centre Henri Tudor |
21 | * (under the project TAO-SUSTAIN & TAO-DEV); |
22 | * 2013-2017 (update and modification) Open Assessment Technologies SA (under the project TAO-PRODUCT); |
23 | * |
24 | */ |
25 | |
26 | use oat\oatbox\service\ServiceManager; |
27 | use oat\tao\model\service\ApplicationService; |
28 | |
29 | /** |
30 | * Utility class focusing on display methods. |
31 | * |
32 | * @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu> |
33 | * @package tao |
34 | |
35 | */ |
36 | class tao_helpers_Display |
37 | { |
38 | private static $replacement = '_'; |
39 | |
40 | /** |
41 | * Enables you to cut a long string and end it with [...] and add an hover |
42 | * to display the complete string on mouse over. |
43 | * |
44 | * @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu> |
45 | * @param string input The string input. |
46 | * @param int maxLength (optional, default = 75) The maximum length for the result string. |
47 | * @return string The cut string, enclosed in a <span> html tag. This tag received the 'cutted' CSS class. |
48 | */ |
49 | public static function textCutter($input, int $maxLength = 75): string |
50 | { |
51 | $encoding = self::getEncoding(); |
52 | |
53 | if (mb_strlen($input, $encoding) <= $maxLength) { |
54 | return $input; |
55 | } |
56 | |
57 | return sprintf( |
58 | '<span title="%s" class="cutted" style="cursor:pointer;">%s[...]</span>', |
59 | $input, |
60 | mb_substr($input, 0, $maxLength, $encoding) |
61 | ); |
62 | } |
63 | |
64 | /** |
65 | * Clean a text with a joker character to replace any characters that is not alphanumeric. |
66 | * |
67 | * @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu> |
68 | * @param string input The string input. |
69 | * @param string joker (optional, default = '_') A joker character that will be the alphanumeric placeholder. |
70 | * @param int maxLength (optional, default = -1) output maximum length |
71 | * @return string The result string. |
72 | */ |
73 | public static function textCleaner($input, string $joker = '_', int $maxLength = -1): string |
74 | { |
75 | $encoding = self::getEncoding(); |
76 | |
77 | if ($maxLength > -1) { |
78 | $input = mb_substr($input, 0, $maxLength, $encoding); |
79 | } |
80 | |
81 | $replacingPattern = strpos($encoding, 'UTF') === 0 |
82 | ? '/[^\p{L}0-9-_]+/u' |
83 | : '/[^a-z0-9-_]+/ui'; |
84 | |
85 | $patternMaps = [ |
86 | '/\s+/u' => [self::class, 'replaceWithUnderscore'], |
87 | $replacingPattern => [self::class, 'replace'], |
88 | ]; |
89 | |
90 | self::$replacement = $joker; |
91 | |
92 | return preg_replace_callback_array($patternMaps, $input); |
93 | } |
94 | |
95 | /** |
96 | * Display clean and more secure text into an HTML page. The implementation |
97 | * of this method is done with htmlentities.This method is Unicode safe. |
98 | * |
99 | * @author Bertrand Chevrier, <bertrand.chevrier@tudor.lu> |
100 | * @param string input The input string. |
101 | * @return string The htmlized string. |
102 | */ |
103 | public static function htmlize($input): string |
104 | { |
105 | return htmlentities($input, ENT_COMPAT, self::getEncoding()); |
106 | } |
107 | |
108 | |
109 | |
110 | /** |
111 | * Convert special characters to HTML entities |
112 | */ |
113 | public static function htmlEscape($string): string |
114 | { |
115 | return htmlspecialchars($string); |
116 | } |
117 | |
118 | /** |
119 | * Encode the value of an html attribute |
120 | * |
121 | * @param string $string |
122 | * @return string |
123 | */ |
124 | public static function encodeAttrValue($string): string |
125 | { |
126 | return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); |
127 | } |
128 | |
129 | /** |
130 | * Sanitize all parts that could be used in XSS (script, style, hijacked links, etc.) |
131 | * and update some attributes to use a safe behavior. |
132 | * |
133 | * @see http://htmlpurifier.org/live/configdoc/plain.html |
134 | * |
135 | * @param string $input the input HTML |
136 | * @return string the sanitized HTML |
137 | */ |
138 | public static function sanitizeXssHtml($input): string |
139 | { |
140 | $config = HTMLPurifier_Config::createDefault(); |
141 | |
142 | //we don't use HTMLPurifier cache |
143 | //because it writes serialized files inside it's own folder |
144 | //so this won't work in a multi server env |
145 | $config->set('Cache.DefinitionImpl', null); |
146 | |
147 | //allow target=_blank on links |
148 | $config->set('Attr.AllowedFrameTargets', ['_blank']); |
149 | |
150 | $purifier = new HTMLPurifier($config); |
151 | return $purifier->purify($input); |
152 | } |
153 | |
154 | /** @noinspection PhpUnusedPrivateMethodInspection */ |
155 | private static function replace(array $matches): string |
156 | { |
157 | return '*' === self::$replacement |
158 | ? self::replaceWithRandom($matches) |
159 | : self::replaceWith($matches, self::$replacement); |
160 | } |
161 | |
162 | /** @noinspection PhpUnusedPrivateMethodInspection */ |
163 | private static function replaceWithUnderscore(array $matches): string |
164 | { |
165 | return self::replaceWith($matches, '_'); |
166 | } |
167 | |
168 | private static function replaceWithRandom(array $matches): string |
169 | { |
170 | $result = []; |
171 | |
172 | $length = mb_strlen(reset($matches), self::getEncoding()); |
173 | |
174 | for ($i = 0; $i < $length; $i++) { |
175 | /** @noinspection RandomApiMigrationInspection */ |
176 | $result[] = chr(mt_rand(97, 122)); |
177 | } |
178 | |
179 | return implode('', $result); |
180 | } |
181 | |
182 | private static function replaceWith(array $matches, string $replacement): string |
183 | { |
184 | return str_repeat($replacement, mb_strlen(reset($matches), self::getEncoding())); |
185 | } |
186 | |
187 | private static function getEncoding(): string |
188 | { |
189 | static $encoding; |
190 | |
191 | if (null === $encoding) { |
192 | try { |
193 | $encoding = self::getApplicationService()->getDefaultEncoding(); |
194 | } catch (common_Exception $exception) { |
195 | $encoding = mb_internal_encoding(); |
196 | } |
197 | } |
198 | |
199 | return $encoding; |
200 | } |
201 | |
202 | private static function getApplicationService(): ApplicationService |
203 | { |
204 | /** @noinspection PhpIncompatibleReturnTypeInspection */ |
205 | return ServiceManager::getServiceManager()->get(ApplicationService::SERVICE_ID); |
206 | } |
207 | } |