-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
/
ExternalTransformationsPlugin.php
177 lines (157 loc) · 5.43 KB
/
ExternalTransformationsPlugin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
<?php
/**
* Abstract class for the external transformations plugins
*/
declare(strict_types=1);
namespace PhpMyAdmin\Plugins\Transformations\Abs;
use PhpMyAdmin\Plugins\TransformationsPlugin;
use stdClass;
use const E_USER_DEPRECATED;
use function count;
use function fclose;
use function feof;
use function fgets;
use function fwrite;
use function htmlspecialchars;
use function is_resource;
use function proc_close;
use function proc_open;
use function sprintf;
use function strlen;
use function trigger_error;
/**
* Provides common methods for all of the external transformations plugins.
*/
abstract class ExternalTransformationsPlugin extends TransformationsPlugin
{
/**
* Gets the transformation description of the specific plugin
*
* @return string
*/
public static function getInfo()
{
return __(
'LINUX ONLY: Launches an external application and feeds it the column'
. ' data via standard input. Returns the standard output of the'
. ' application. The default is Tidy, to pretty-print HTML code.'
. ' For security reasons, you have to manually edit the file'
. ' libraries/classes/Plugins/Transformations/Abs/ExternalTransformationsPlugin.php'
. ' and list the tools you want to make available.'
. ' The first option is then the number of the program you want to'
. ' use. The second option should be blank for historical reasons.'
. ' The third option, if set to 1, will convert the output using'
. ' htmlspecialchars() (Default 1). The fourth option, if set to 1,'
. ' will prevent wrapping and ensure that the output appears all on'
. ' one line (Default 1).'
);
}
/**
* Enables no-wrapping
*
* @param array $options transformation options
*
* @return bool
*/
public function applyTransformationNoWrap(array $options = [])
{
if (! isset($options[3]) || $options[3] == '') {
$nowrap = true;
} elseif ($options[3] == '1' || $options[3] == 1) {
$nowrap = true;
} else {
$nowrap = false;
}
return $nowrap;
}
/**
* Does the actual work of each specific transformations plugin.
*
* @param string $buffer text to be transformed
* @param array $options transformation options
* @param stdClass|null $meta meta information
*
* @return string
*/
public function applyTransformation($buffer, array $options = [], ?stdClass $meta = null)
{
// possibly use a global transform and feed it with special options
// further operations on $buffer using the $options[] array.
$allowed_programs = [];
// WARNING:
//
// It's up to administrator to allow anything here. Note that users may
// specify any parameters, so when programs allow output redirection or
// any other possibly dangerous operations, you should write wrapper
// script that will publish only functions you really want.
//
// Add here program definitions like (note that these are NOT safe
// programs):
//
//$allowed_programs[0] = '/usr/local/bin/tidy';
//$allowed_programs[1] = '/usr/local/bin/validate';
// no-op when no allowed programs
if (count($allowed_programs) === 0) {
return $buffer;
}
$cfg = $GLOBALS['cfg'];
$options = $this->getOptions(
$options,
$cfg['DefaultTransformations']['External']
);
if (isset($allowed_programs[$options[0]])) {
$program = $allowed_programs[$options[0]];
} else {
$program = $allowed_programs[0];
}
if (isset($options[1]) && strlen((string) $options[1]) > 0) {
trigger_error(sprintf(
__(
'You are using the external transformation command line'
. ' options field, which has been deprecated for security reasons.'
. ' Add all command line options directly to the definition in %s.'
),
'[code]libraries/classes/Plugins/Transformations/Abs/ExternalTransformationsPlugin.php[/code]'
), E_USER_DEPRECATED);
}
// needs PHP >= 4.3.0
$newstring = '';
$descriptorspec = [
0 => [
'pipe',
'r',
],
1 => [
'pipe',
'w',
],
];
$process = proc_open($program . ' ' . $options[1], $descriptorspec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $buffer);
fclose($pipes[0]);
while (! feof($pipes[1])) {
$newstring .= fgets($pipes[1], 1024);
}
fclose($pipes[1]);
// we don't currently use the return value
proc_close($process);
}
if ($options[2] == 1 || $options[2] == '2') {
$retstring = htmlspecialchars($newstring);
} else {
$retstring = $newstring;
}
return $retstring;
}
/* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
/**
* Gets the transformation name of the specific plugin
*
* @return string
*/
public static function getName()
{
return 'External';
}
}