1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Firewall;
24

25
use Shieldon\Security\Xss;
26
use function array_keys;
27
use function array_search;
28

29
/*
30
 * Xss Protection Trait is loaded in Firewall instance only.
31
 */
32
trait XssProtectionTrait
33
{
34
    /**
35
     * Get options from the configuration file.
36
     * This method is same as `$this->getConfig()` but returning value from array directly.
37
     *
38
     * @param string $option  The option of the section in the the configuration.
39
     * @param string $section The section in the configuration.
40
     *
41
     * @return mixed
42
     */
43
    abstract protected function getOption(string $option, string $section = '');
44

45
    /**
46
     * Refresh / refetch the server request if needed.
47
     *
48
     * @return void
49
     */
50
    abstract protected function refreshRequest(): void;
51

52
    /**
53
     * Set up the XSS protection.
54
     *
55
     * @return void
56
     */
57 3
    protected function setupXssProtection(): void
58
    {
59 3
        $enable = $this->getOption('xss_protection');
60 3
        $protectedList = $this->getOption('xss_protected_list');
61 3
        $key = array_search(true, $enable);
62

63 3
        if (empty($key) && empty($protectedList)) {
64 3
            return;
65
        }
66

67 3
        $xss = new Xss();
68

69 3
        $this->cleanPost($enable, $xss);
70 3
        $this->cleanGet($enable, $xss);
71 3
        $this->cleanCookie($enable, $xss);
72 3
        $this->cleanProtectedList($protectedList, $xss);
73

74 3
        $this->refreshRequest();
75
    }
76

77
    /**
78
     * Clean the $_POST superglobal.
79
     *
80
     * @param array $enable The option to enable filtering $_POST.
81
     * @param Xss   $xss    The Xss instance.
82
     *
83
     * @return void
84
     */
85 3
    private function cleanPost(array $enable, Xss $xss): void
86
    {
87 3
        if ($enable['post']) {
88

89 3
            $this->kernel->setClosure(
90 3
                'xss_post',
91
                function () use ($xss) {
92 3
                    if (!empty($_POST)) {
93 3
                        foreach (array_keys($_POST) as $k) {
94 3
                            $_POST[$k] = $xss->clean($_POST[$k]);
95
                        }
96
                    }
97
                }
98
            );
99
        }
100
    }
101

102
    /**
103
     * Clean the $_GET superglobal.
104
     *
105
     * @param array $enable The option to enable filtering $_GET.
106
     * @param Xss   $xss    The Xss instance.
107
     *
108
     * @return void
109
     */
110 3
    private function cleanGet(array $enable, Xss $xss): void
111
    {
112 3
        if ($enable['get']) {
113

114 3
            $this->kernel->setClosure(
115 3
                'xss_get',
116
                function () use ($xss) {
117 3
                    if (!empty($_GET)) {
118 3
                        foreach (array_keys($_GET) as $k) {
119 3
                            $_GET[$k] = $xss->clean($_GET[$k]);
120
                        }
121
                    }
122
                }
123
            );
124
        }
125
    }
126

127
    /**
128
     * Clean the $_COOKIE superglobal.
129
     *
130
     * @param array $enable The option to enable filtering $_COOKIE.
131
     * @param Xss   $xss    The Xss instance.
132
     *
133
     * @return void
134
     */
135 3
    private function cleanCookie(array $enable, Xss $xss): void
136
    {
137 3
        if ($enable['cookie']) {
138

139 3
            $this->kernel->setClosure(
140 3
                'xss_cookie',
141
                function () use ($xss) {
142 3
                    if (!empty($_COOKIE)) {
143 3
                        foreach (array_keys($_COOKIE) as $k) {
144 3
                            $_COOKIE[$k] = $xss->clean($_COOKIE[$k]);
145
                        }
146
                    }
147
                }
148
            );
149
        }
150
    }
151

152
    /**
153
     * Clean the specific protected varibles.
154
     *
155
     * @param array $protectedList The specific variables to be filtered.
156
     * @param Xss   $xss           The Xss instance.
157
     *
158
     * @return void
159
     */
160 3
    private function cleanProtectedList(array $protectedList, Xss $xss): void
161
    {
162 3
        if (!empty($protectedList)) {
163

164 3
            $this->kernel->setClosure(
165 3
                'xss_protection', 
166
                function () use ($xss, $protectedList) {
167 3
                    foreach ($protectedList as $v) {
168 3
                        $k = $v['variable'] ?? 'undefined';
169
        
170 3
                        switch ($v['type']) {
171 3
                            case 'get':
172 3
                                if (!empty($_GET[$k])) {
173 3
                                    $_GET[$k] = $xss->clean($_GET[$k]);
174
                                }
175 3
                                break;
176
        
177 3
                            case 'post':
178 3
                                if (!empty($_POST[$k])) {
179 3
                                    $_POST[$k] = $xss->clean($_POST[$k]);
180
                                }
181 3
                                break;
182
        
183 3
                            case 'cookie':
184 3
                                if (!empty($_COOKIE[$k])) {
185 3
                                    $_COOKIE[$k] = $xss->clean($_COOKIE[$k]);
186
                                }
187 3
                                break;
188
                        }
189
                    }
190
                }
191
            );
192
        }
193
    }
194
}

Read our documentation on viewing source code .

Loading