fix: address code review - add sanitizer comments, fix strrpos false-return edge case
Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/1afce49e-510d-49a6-9d11-0b7118d3cf85 Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
parent
de80f89619
commit
7391d23487
1 changed files with 12 additions and 2 deletions
|
|
@ -185,6 +185,14 @@ function config_games_script_node_names(): array
|
||||||
* CDATA section so the file becomes well-formed. Non-script elements are left
|
* CDATA section so the file becomes well-formed. Non-script elements are left
|
||||||
* untouched.
|
* untouched.
|
||||||
*
|
*
|
||||||
|
* Assumptions / limitations:
|
||||||
|
* - Script elements are treated as leaf nodes (no child elements expected).
|
||||||
|
* Nested XML tags inside a script block are not supported and the regex
|
||||||
|
* will not handle them correctly.
|
||||||
|
* - The detection of an already-present CDATA section relies on the opening
|
||||||
|
* tag being immediately followed by '<![CDATA[' (with optional whitespace).
|
||||||
|
* If a script block mixes text and CDATA it is left unchanged.
|
||||||
|
*
|
||||||
* This is applied to raw XML submitted through the editor's "Raw XML" path
|
* This is applied to raw XML submitted through the editor's "Raw XML" path
|
||||||
* before the validation step, giving a best-effort fix rather than a hard
|
* before the validation step, giving a best-effort fix rather than a hard
|
||||||
* rejection for the most common authoring mistake.
|
* rejection for the most common authoring mistake.
|
||||||
|
|
@ -201,7 +209,9 @@ function config_games_sanitize_xml_scripts(string $xml): string
|
||||||
function ($m) use ($tag) {
|
function ($m) use ($tag) {
|
||||||
$attrs = $m[1];
|
$attrs = $m[1];
|
||||||
$content = $m[2];
|
$content = $m[2];
|
||||||
// Only wrap if the content contains raw < that are not XML entities/tags.
|
// Only wrap if the content contains a raw '<' character. XML
|
||||||
|
// entities such as < do not contain a literal '<' so they
|
||||||
|
// are not matched here and do not trigger CDATA wrapping.
|
||||||
if (strpos($content, '<') === false) {
|
if (strpos($content, '<') === false) {
|
||||||
return $m[0];
|
return $m[0];
|
||||||
}
|
}
|
||||||
|
|
@ -432,7 +442,7 @@ function config_games_save_xml($db, $home_cfg_id, array $nodesPayload)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$hasChildren = !empty($nodeData['has_children']);
|
$hasChildren = !empty($nodeData['has_children']);
|
||||||
$nodeName = strtolower(substr($path, (int)strrpos($path, '/') + 1));
|
$nodeName = strtolower(($slashPos = strrpos($path, '/')) !== false ? substr($path, $slashPos + 1) : $path);
|
||||||
$isScriptNode = in_array($nodeName, config_games_script_node_names(), true);
|
$isScriptNode = in_array($nodeName, config_games_script_node_names(), true);
|
||||||
if (array_key_exists('value', (array)$nodeData)) {
|
if (array_key_exists('value', (array)$nodeData)) {
|
||||||
$normalizedValue = config_games_normalize_newlines($nodeData['value']);
|
$normalizedValue = config_games_normalize_newlines($nodeData['value']);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue