From 8ffcc41bbde39f09f94b9760768086f12bbdce42 Mon Sep 17 00:00:00 2001 From: Brian Sweeney Date: Wed, 31 Jan 2024 09:55:55 -0500 Subject: [PATCH] Update resource validation logic The previous logic did not validate the font-family when set by attribute. To accommodate style validation across all sources the Style class now accepts the Document during construction so that it has access to the allowExternalReferences property regardless of style source. --- src/Svg/Document.php | 2 +- src/Svg/Style.php | 27 +++++++++++++++++---------- src/Svg/Tag/AbstractTag.php | 2 +- src/Svg/Tag/Image.php | 10 ++++++++-- 4 files changed, 27 insertions(+), 14 deletions(-) diff --git a/src/Svg/Document.php b/src/Svg/Document.php index 309875b..990cfde 100644 --- a/src/Svg/Document.php +++ b/src/Svg/Document.php @@ -202,7 +202,7 @@ protected function before($attributes) { $surface = $this->getSurface(); - $style = new DefaultStyle(); + $style = new DefaultStyle($this); $style->inherit($this); $style->fromAttributes($attributes); diff --git a/src/Svg/Style.php b/src/Svg/Style.php index 514f546..9fac469 100644 --- a/src/Svg/Style.php +++ b/src/Svg/Style.php @@ -18,6 +18,7 @@ class Style const TYPE_ANGLE = 4; const TYPE_NUMBER = 5; + private $_document; private $_parentStyle; public $color; @@ -43,6 +44,12 @@ class Style public $fontStyle = 'normal'; public $textAnchor = 'start'; + public function __construct($document = null) { + if ($document !== null) { + $this->_document = $document; + } + } + protected function getStyleMap() { return array( @@ -139,16 +146,6 @@ public function fromStyleSheets(AbstractTag $tag, $attributes) { break; } } - - if ( - \array_key_exists("font-family", $styles) - && ( - \strtolower(\substr($this->href, 0, 7)) === "phar://" - || ($this->document->allowExternalReferences === false && \strtolower(\substr($this->href, 0, 5)) !== "data:") - ) - ) { - unset($style["font-family"]); - } } } @@ -185,6 +182,16 @@ protected function fillStyles($styles) $value = $styles[$from]; } + if ($from === "font-family") { + $scheme = \strtolower(parse_url($value, PHP_URL_SCHEME) ?: ""); + if ( + $scheme === "phar" || \strtolower(\substr($value, 0, 7)) === "phar://" + || ($this->_document !== null && $this->_document->allowExternalReferences === false && $scheme !== "data") + ) { + continue; + } + } + if ($value !== null) { $this->$to = $value; } diff --git a/src/Svg/Tag/AbstractTag.php b/src/Svg/Tag/AbstractTag.php index 9fa6793..e368aab 100644 --- a/src/Svg/Tag/AbstractTag.php +++ b/src/Svg/Tag/AbstractTag.php @@ -119,7 +119,7 @@ public function getStyle() * @return Style */ protected function makeStyle($attributes) { - $style = new Style(); + $style = new Style($this->document); $style->inherit($this); $style->fromStyleSheets($this, $attributes); $style->fromAttributes($attributes); diff --git a/src/Svg/Tag/Image.php b/src/Svg/Tag/Image.php index 8cbfccd..1689954 100644 --- a/src/Svg/Tag/Image.php +++ b/src/Svg/Tag/Image.php @@ -58,8 +58,14 @@ public function start($attributes) $this->document->getSurface()->transform(1, 0, 0, -1, 0, $height); - if (\strtolower(\substr($this->href, 0, 7)) === "phar://" || ($this->document->allowExternalReferences === false && \strtolower(\substr($this->href, 0, 5) !== "data:"))) { - return; + if ($from === "font-family") { + $scheme = \strtolower(parse_url($this->href, PHP_URL_SCHEME) ?: ""); + if ( + $scheme === "phar" || \strtolower(\substr($this->href, 0, 7)) === "phar://" + || ($this->document->allowExternalReferences === false && $scheme !== "data") + ) { + return; + } } $this->document->getSurface()->drawImage($this->href, $this->x, $this->y, $this->width, $this->height);