Merge pull request #130 from Coderberg/2.x

Release 2.10.2

Author: Coderberg

composer.lock

@@ -7,7 +7,7 @@ parameters:
     locale: 'en'
     app_locales: 'en|ru|nl|bg|hu'
     images_directory: '%kernel.project_dir%/public/uploads/images'
-    app_version: '2.10.1'
+    app_version: '2.10.2'
 
 services:
     # default configuration for services in *this* file

config/services.yaml

@@ -68,6 +68,8 @@ public function sanitizeHtml(Property $property, bool $isHtmlAllowed): Property
         if (!$isHtmlAllowed) {
             $property = $this->propertyTransformer->contentToPlainText($property);
             $property = $this->propertyTransformer->contentToHtml($property);
+        } else {
+            $property = $this->propertyTransformer->removeScriptsFromHtml($property);
         }
 
         return $property;

src/Service/User/PropertyService.php

@@ -11,20 +11,25 @@ final class PropertyTransformer
 {
     public function contentToHtml(Property $property): Property
     {
-        $htmlContent = HtmlHelper::text2Html($property->getPropertyDescription()->getContent());
-        $property->setPropertyDescription(
-            $property->getPropertyDescription()->setContent($htmlContent)
-        );
-
-        return $property;
+        return $this->transformContent($property, HtmlHelper::text2Html(...));
     }
 
     public function contentToPlainText(Property $property): Property
     {
-        $htmlContent = $property->getPropertyDescription()->getContent();
-        $textContent = HtmlHelper::html2Text($htmlContent);
+        return $this->transformContent($property, HtmlHelper::html2Text(...));
+    }
+
+    public function removeScriptsFromHtml(Property $property): Property
+    {
+        return $this->transformContent($property, HtmlHelper::removeScriptsFromHtml(...));
+    }
+
+    private function transformContent(Property $property, callable $transformFunction): Property
+    {
+        $content = $property->getPropertyDescription()->getContent();
+        $transformedContent = \call_user_func($transformFunction, $content);
         $property->setPropertyDescription(
-            $property->getPropertyDescription()->setContent($textContent)
+            $property->getPropertyDescription()->setContent($transformedContent)
         );
 
         return $property;

src/Transformer/PropertyTransformer.php

@@ -17,4 +17,12 @@ public static function text2Html(string $text): string
     {
         return preg_replace("/\r\n|\r|\n/", '<br>', $text);
     }
+
+    public static function removeScriptsFromHtml(string $html): string
+    {
+        $sanitizedHtml = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);
+        $sanitizedHtml = preg_replace('# on\w+="[^"]*"#i', '', (string) $sanitizedHtml);
+
+        return preg_replace("# on\w+='[^']*'#i", '', (string) $sanitizedHtml);
+    }
 }

src/Utils/HtmlHelper.php

@@ -7,6 +7,7 @@
 use App\Entity\Category;
 use App\Tests\Helper\WebTestHelper;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 final class CategoryControllerTest extends WebTestCase
@@ -23,7 +24,7 @@ final class CategoryControllerTest extends WebTestCase
     public function testAdminNewCategory(): void
     {
         $client = $this->authAsAdmin($this);
-        $crawler = $client->request('GET', '/en/admin/category/new');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/category/new');
 
         $form = $crawler->selectButton('Create category')->form([
             'category[name]' => self::NAME,
@@ -58,7 +59,7 @@ public function testAdminEditCategory(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/category/'.$category.'/edit');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/category/'.$category.'/edit');
 
         $form = $crawler->selectButton('Save changes')->form([
             'category[name]' => self::EDITED_NAME,
@@ -91,7 +92,7 @@ public function testAdminDeleteCategory(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/category');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/category');
         $client->submit($crawler->filter('#delete-form-'.$category)->form());
         $this->assertSame(
             Response::HTTP_FOUND,

tests/Functional/Controller/Admin/CategoryControllerTest.php

@@ -5,6 +5,7 @@
 namespace App\Tests\Functional\Controller\Admin;
 
 use App\Entity\City;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 final class CityControllerTest extends AbstractLocationControllerTest
@@ -14,7 +15,7 @@ final class CityControllerTest extends AbstractLocationControllerTest
      */
     public function testAdminNewCity(): void
     {
-        $crawler = $this->client->request('GET', '/en/admin/locations/city/new');
+        $crawler = $this->client->request(Request::METHOD_GET, '/en/admin/locations/city/new');
 
         $form = $crawler->selectButton('Create city')->form([
             'city[name]' => self::NAME,
@@ -52,7 +53,7 @@ public function testAdminEditCity(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $this->client->request('GET', '/en/admin/locations/city/'.$city.'/edit');
+        $crawler = $this->client->request(Request::METHOD_GET, '/en/admin/locations/city/'.$city.'/edit');
 
         $form = $crawler->selectButton('Save changes')->form([
             'city[name]' => self::EDITED_NAME,
@@ -88,7 +89,7 @@ public function testAdminDeleteCity(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $this->client->request('GET', '/en/admin/locations/city');
+        $crawler = $this->client->request(Request::METHOD_GET, '/en/admin/locations/city');
         $this->client->submit($crawler->filter('#delete-form-'.$city)->form());
         $this->assertSame(
             Response::HTTP_FOUND,

tests/Functional/Controller/Admin/CityControllerTest.php

@@ -7,6 +7,7 @@
 use App\Entity\Currency;
 use App\Tests\Helper\WebTestHelper;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 final class CurrencyControllerTest extends WebTestCase
@@ -23,7 +24,7 @@ public function testAdminNewCurrency(): void
     {
         $client = $this->authAsAdmin($this);
 
-        $crawler = $client->request('GET', '/en/admin/currency/new');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/currency/new');
 
         $form = $crawler->selectButton('Create currency')->form([
             'currency[currency_title]' => self::CURRENCY,
@@ -57,7 +58,7 @@ public function testAdminEditCurrency(): void
                 'code' => self::CURRENCY,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/currency/'.$currency.'/edit');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/currency/'.$currency.'/edit');
 
         $form = $crawler->selectButton('Save changes')->form([
             'currency[currency_title]' => self::EDITED,
@@ -91,7 +92,7 @@ public function testAdminDeleteCurrency(): void
                 'code' => self::EDITED,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/currency');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/currency');
         $client->submit($crawler->filter('#delete-form-'.$currency)->form());
         $this->assertSame(
             Response::HTTP_FOUND,

tests/Functional/Controller/Admin/CurrencyControllerTest.php

@@ -6,6 +6,7 @@
 
 use App\Tests\Helper\WebTestHelper;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 
 final class DashboardControllerTest extends WebTestCase
 {
@@ -14,7 +15,7 @@ final class DashboardControllerTest extends WebTestCase
     public function testAdminDashboard(): void
     {
         $client = $this->authAsAdmin($this);
-        $client->request('GET', '/en/admin');
+        $client->request(Request::METHOD_GET, '/en/admin');
         $this->assertResponseIsSuccessful(sprintf('The %s public URL loads correctly.', '/admin'));
     }
 }

tests/Functional/Controller/Admin/DashboardControllerTest.php

@@ -7,6 +7,7 @@
 use App\Entity\DealType;
 use App\Tests\Helper\WebTestHelper;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 final class DealTypeControllerTest extends WebTestCase
@@ -24,7 +25,7 @@ public function testAdminNewDealType(): void
     {
         $client = $this->authAsAdmin($this);
 
-        $crawler = $client->request('GET', '/en/admin/deal_type/new');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/deal_type/new');
 
         $form = $crawler->selectButton('Create deal type')->form([
             'deal_type[name]' => self::NAME,
@@ -59,7 +60,7 @@ public function testAdminEditDealType(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/deal_type/'.$dealType.'/edit');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/deal_type/'.$dealType.'/edit');
 
         $form = $crawler->selectButton('Save changes')->form([
             'deal_type[name]' => self::EDITED_NAME,
@@ -92,7 +93,7 @@ public function testAdminDeleteDealType(): void
                 'slug' => self::SLUG,
             ])->getId();
 
-        $crawler = $client->request('GET', '/en/admin/deal_type');
+        $crawler = $client->request(Request::METHOD_GET, '/en/admin/deal_type');
         $client->submit($crawler->filter('#delete-form-'.$dealType)->form());
         $this->assertSame(
             Response::HTTP_FOUND,