2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
38 require_once 'include/HTMLPurifier/HTMLPurifier.standalone.php';
39 require_once 'include/HTMLPurifier/HTMLPurifier.autoload.php';
42 * cid: scheme implementation
44 class HTMLPurifier_URIScheme_cid extends HTMLPurifier_URIScheme
46 public $browsable = true;
47 public $may_omit_host = true;
49 public function doValidate(&$uri, $config, $context) {
50 $uri->userinfo = null;
54 $uri->fragment = null;
60 class HTMLPurifier_Filter_Xmp extends HTMLPurifier_Filter
65 public function preFilter($html, $config, $context)
67 return preg_replace("#<(/)?xmp>#i", "<\\1pre>", $html);
77 static public $instance;
80 * HTMLPurifier instance
85 function __construct()
88 $config = HTMLPurifier_Config::createDefault();
90 if(!is_dir(sugar_cached("htmlclean"))) {
91 create_cache_directory("htmlclean");
93 $config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
94 $config->set('Core.Encoding', 'UTF-8');
95 $hidden_tags = array('script' => true, 'style' => true, 'title' => true, 'head' => true);
96 $config->set('Core.HiddenElements', $hidden_tags);
97 $config->set('Cache.SerializerPath', sugar_cached("htmlclean"));
98 $config->set('URI.Base', $sugar_config['site_url']);
99 $config->set('CSS.Proprietary', true);
100 $config->set('HTML.TidyLevel', 'light');
101 $config->set('HTML.ForbiddenElements', array('body' => true, 'html' => true));
102 $config->set('AutoFormat.RemoveEmpty', false);
104 //$config->set('Filter.ExtractStyleBlocks', true);
105 $config->set('Filter.ExtractStyleBlocks.TidyImpl', false); // can't use csstidy, GPL
107 $config->set('HTML.SafeObject', true);
109 $config->set('HTML.SafeEmbed', true);
110 $config->set('Output.FlashCompat', true);
111 // for iframe and xmp
112 $config->set('Filter.Custom', array(new HTMLPurifier_Filter_Xmp()));
114 $config->set('HTML.DefinitionID', 'Sugar HTML Def');
115 $config->set('HTML.DefinitionRev', 2);
116 $config->set('Cache.DefinitionImpl', null); // TODO: remove this later!
117 // IDs are namespaced
118 $config->set('Attr.EnableID', true);
119 $config->set('Attr.IDPrefix', 'sugar_text_');
121 if ($def = $config->maybeGetRawHTMLDefinition()) {
122 $form = $def->addElement(
124 'Flow', // content set
125 'Empty', // allowed children
126 'Core', // attribute collection
129 'rel' => 'Enum#stylesheet', // only stylesheets supported here
130 'type' => 'Enum#text/css' // only CSS supported here
133 $iframe = $def->addElement(
135 'Flow', // content set
136 'Optional: #PCDATA | Flow | Block', // allowed children
137 'Core', // attribute collection
140 'frameborder' => 'Enum#0,1',
141 'marginwidth' => 'Pixels',
142 'marginheight' => 'Pixels',
143 'scrolling' => 'Enum#|yes,no,auto',
144 'align' => 'Enum#top,middle,bottom,left,right,center',
145 'height' => 'Length',
149 $iframe->excludes=array('iframe');
151 $uri = $config->getDefinition('URI');
152 $uri->addFilter(new SugarURIFilter(), $config);
153 HTMLPurifier_URISchemeRegistry::instance()->register('cid', new HTMLPurifier_URIScheme_cid());
155 $this->purifier = new HTMLPurifier($config);
159 * Get cleaner instance
160 * @return SugarCleaner
162 public static function getInstance()
164 if(is_null(self::$instance)) {
165 self::$instance = new self;
167 return self::$instance;
171 * Clean string from potential XSS problems
172 * @param string $html
173 * @param bool $encoded Was it entity-encoded?
176 static public function cleanHtml($html, $encoded = false)
178 if(empty($html)) return $html;
181 $html = from_html($html);
183 if(!preg_match('<[^-A-Za-z0-9 `~!@#$%^&*()_=+{}\[\];:\'",./\\?\r\n|\x80-\xFF]>', $html)) {
184 /* if it only has "safe" chars, don't bother */
187 $purifier = self::getInstance()->purifier;
188 $cleanhtml = $purifier->purify($html);
189 // $styles = $purifier->context->get('StyleBlocks');
190 // if(count($styles) > 0) {
191 // $cleanhtml = "<style>".join("</style><style>", $styles)."</style>".$cleanhtml;
195 $cleanhtml = to_html($cleanhtml);
200 static public function stripTags($string, $encoded = true)
203 $string = from_html($string);
205 $string = filter_var($string, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_NO_ENCODE_QUOTES);
206 return $encoded?to_html($string):$string;
211 * URI filter for HTMLPurifier
212 * Approves only resource URIs that are in the list of trusted domains
213 * Until we have comprehensive CSRF protection, we need to sanitize URLs in emails, etc.
214 * to avoid CSRF attacks.
216 class SugarURIFilter extends HTMLPurifier_URIFilter
218 public $name = 'SugarURIFilter';
219 // public $post = true;
220 protected $allowed = array();
222 public function prepare($config)
224 global $sugar_config;
225 if(!empty($sugar_config['security_trusted_domains']) && is_array($sugar_config['security_trusted_domains']))
227 $this->allowed = $sugar_config['security_trusted_domains'];
230 $def = $config->getDefinition('URI');
231 if(!empty($def->base) && !empty($this->base->host)) {
232 $this->allowed[] = $def->base->host;
237 public function filter(&$uri, $config, $context)
239 // skip non-resource URIs
240 if (!$context->get('EmbeddedURI', true)) return true;
242 //if(empty($this->allowed)) return false;
244 if(!empty($uri->scheme) && strtolower($uri->scheme) != 'http' && strtolower($uri->scheme) != 'https') {
245 // do not touch non-HTTP URLs
249 // relative URLs permitted since email templates use it
250 // if(empty($uri->host)) return false;
251 // allow URLs with no query
252 if(empty($uri->query)) return true;
254 // allow URLs for known good hosts
255 foreach($this->allowed as $allow) {
256 // must be equal to our domain or subdomain of our domain
257 if($uri->host == $allow || substr($uri->host, -(strlen($allow)+1)) == ".$allow") {
262 // Here we try to block URLs that may be used for nasty XSRF stuff by
263 // referring back to Sugar URLs
264 // allow URLs that don't start with /? or /index.php?
265 if(!empty($uri->path) && $uri->path != '/') {
266 $lpath = strtolower($uri->path);
267 if(substr($lpath, -10) != '/index.php' && $lpath != 'index.php') {
272 $query_items = array();
273 parse_str(from_html($uri->query), $query_items);
274 // weird query, probably harmless
275 if(empty($query_items)) return true;
276 // suspiciously like SugarCRM query, reject
277 if(!empty($query_items['module']) && !empty($query_items['action'])) return false;
278 // looks like non-download entry point - allow only specific entry points
279 if(!empty($query_items['entryPoint']) && !in_array($query_items['entryPoint'], array('download', 'image', 'getImage'))) {