main_2lib_2security_2w_2rules_2rule_8php_source.html

<?php


namespace Bitrix\Main\Security\W\Rules;


use Bitrix\Main\IO\Path;

use Bitrix\Main\Web\Uri;

use Bitrix\Main\Security\W\Rules\Results\ModifyResult;


abstract class Rule

{

    protected $path;


    protected $context;


    protected $keys;


    protected $process;


    protected $encoding;


    public static function make(array $rule): ?static

    {

        $rule = static::prepareRuleParameters($rule);


        return match ($rule['action'])

        {

            'intval' => new IntvalRule(

                $rule['path'],

                $rule['context'],

                $rule['keys'],

                $rule['process'],

                $rule['encoding']

            ),

            'preg_replace' => new PregReplaceRule(

                $rule['path'],

                $rule['context'],

                $rule['keys'],

                $rule['process'],

                $rule['encoding'],

                $rule['pattern']

            ),

            'preg_match' => new PregMatchRule(

                $rule['path'],

                $rule['context'],

                $rule['keys'],

                $rule['process'],

                $rule['encoding'],

                $rule['pattern'],

                $rule['post_action']

            ),

            'check_csrf' => new CsrfRule(

                $rule['path'],

                $rule['context'],

                $rule['keys'],

                $rule['process'],

                $rule['encoding'],

                $rule['pattern'],

            ),

            default => null,

        };

    }


    protected static function prepareRuleParameters(array $parameters): array

    {

        if (is_string($parameters['action']))

        {

            $parameters['action'] = strtolower($parameters['action']);

        }

        elseif (is_array($parameters['action']))

        {

            $complexAction = $parameters['action'];


            $parameters['action'] = $complexAction[0];

            $parameters['post_action'] = $complexAction[1];

        }


        $parameters['encoding'] = !empty($parameters['encoding'])

            ? $parameters['encoding']

            : [];


        if (is_string($parameters['encoding']))

        {

            $parameters['encoding'] = [$parameters['encoding']];

        }


        return $parameters;

    }


    public function __construct($path, $context, $keys, $process, $encoding)

    {

        $this->path = $path;

        $this->context = $this->castContext($context);

        $this->keys = $this->castKeys($keys);

        $this->process = $process;

        $this->encoding = $encoding;

    }


    public function evaluateValue($value)

    {

        if (!empty($this->encoding))

        {

            foreach ($this->encoding as $encodingType)

            {

                $value = match ($encodingType)

                {

                    'gz' => gzdecode($value),

                    'base64' => base64_decode($value),

                    'url' => urldecode($value),

                    'hex' => hex2bin($value)

                };

            }

        }


        $result = $this->evaluate($value);


        if (!empty($this->encoding) && $result instanceof ModifyResult)

        {

            $cleanValue = $result->getCleanValue();


            foreach (array_reverse($this->encoding) as $encodingType)

            {

                $cleanValue = match ($encodingType)

                {

                    'gz' => gzencode($cleanValue),

                    'base64' => base64_encode($cleanValue),

                    'url' => urlencode($cleanValue),

                    'hex' => bin2hex($cleanValue)

                };

            }


            $result = new ModifyResult($cleanValue);

        }


        return $result;

    }


    abstract public function evaluate($value);


    protected function castContext($context)

    {

        if (!is_array($context))

        {

            $context = [$context];

        }


        foreach ($context as $k => $v)

        {

            $context[$k] = strtolower($v);

        }


        return $context;

    }


    protected function castKeys($keys)

    {

        if (!is_array($keys))

        {

            $keys = [$keys];

        }


        return $keys;

    }


    public function matchKey(array $contextKey): bool

    {

        $contextKey = join('.', $contextKey);


        foreach ($this->keys as $key)

        {

            //if ($key === $contextKey)

            // bxu_files.validKey.phpinfo();die(); =>  bxu_files.*

            if (fnmatch($key, $contextKey))

            {

                return true;

            }

        }


        return false;

    }


    public function matchPath($uri)

    {

        if ($this->path === '*')

        {

            return  true;

        }


        // normalize uri

        $parsedUri = new Uri($uri);

        $_uri = $parsedUri->getPath();


        $_uri = rawurldecode($_uri);

//

//      if (Application::hasInstance())

//      {

//          $_uri = Encoding::convertEncodingToCurrent($_uri);

//      }


        if (str_ends_with($_uri, '/'))

        {

            $_uri .= 'index.php';

        }


        $_uri = Path::normalize($_uri);


        // valid uris

        $cleanUris[] = $_uri;


        if (str_ends_with($_uri, '/index.php'))

        {

            $cleanUris[] = substr($_uri, 0, -9);

        }

        elseif (str_ends_with($_SERVER['SCRIPT_NAME'], '/index.php'))

        {

            $cleanUris[] = substr($_SERVER['SCRIPT_NAME'], 0, -9);

        }


        if ($_uri !== $_SERVER['SCRIPT_NAME'])

        {

            $cleanUris[] = $_SERVER['SCRIPT_NAME'];

        }


        // analyze

        if (str_starts_with($this->path, '~'))

        {

            $pattern = $this->path;

        }

        else

        {

            $pattern = '~^' . str_replace('~', '\~', preg_quote($this->path)) . '$~';

        }


        foreach ($cleanUris as $cleanUri)

        {

            if ($this->path === $cleanUri || preg_match($pattern, $cleanUri))

            {

                return true;

            }

        }


        return false;

    }


    public function getPath()

    {

        return $this->path;

    }


    public function getContext()

    {

        return $this->context;

    }


    public function getKeys()

    {

        return $this->keys;

    }


    public function getProcess()

    {

        return $this->process;

    }


}


Bitrix\Main\Security\W\Rules\CsrfRule
Определения csrfrule.php:1

Bitrix\Main\Security\W\Rules\IntvalRule
Определения intvalrule.php:10

Bitrix\Main\Security\W\Rules\PregMatchRule
Определения pregmatchrule.php:9

Bitrix\Main\Security\W\Rules\PregReplaceRule
Определения pregreplacerule.php:9

Bitrix\Main\Security\W\Rules\Results\ModifyResult
Определения modifyresult.php:1

Bitrix\Main\Security\W\Rules\Rule
Определения rule.php:10

Bitrix\Main\Security\W\Rules\Rule\$path
$path
Определения rule.php:11

Bitrix\Main\Security\W\Rules\Rule\getKeys
getKeys()
Определения rule.php:277

Bitrix\Main\Security\W\Rules\Rule\castContext
castContext($context)
Определения rule.php:145

Bitrix\Main\Security\W\Rules\Rule\matchKey
matchKey(array $contextKey)
Определения rule.php:170

Bitrix\Main\Security\W\Rules\Rule\$process
$process
Определения rule.php:17

Bitrix\Main\Security\W\Rules\Rule\evaluate
evaluate($value)

Bitrix\Main\Security\W\Rules\Rule\getPath
getPath()
Определения rule.php:261

Bitrix\Main\Security\W\Rules\Rule\__construct
__construct($path, $context, $keys, $process, $encoding)
Определения rule.php:95

Bitrix\Main\Security\W\Rules\Rule\getContext
getContext()
Определения rule.php:269

Bitrix\Main\Security\W\Rules\Rule\make
static make(array $rule)
Определения rule.php:21

Bitrix\Main\Security\W\Rules\Rule\matchPath
matchPath($uri)
Определения rule.php:195

Bitrix\Main\Security\W\Rules\Rule\castKeys
castKeys($keys)
Определения rule.php:160

Bitrix\Main\Security\W\Rules\Rule\evaluateValue
evaluateValue($value)
Определения rule.php:104

Bitrix\Main\Security\W\Rules\Rule\prepareRuleParameters
static prepareRuleParameters(array $parameters)
Определения rule.php:63

Bitrix\Main\Security\W\Rules\Rule\$context
$context
Определения rule.php:13

Bitrix\Main\Security\W\Rules\Rule\getProcess
getProcess()
Определения rule.php:285

Bitrix\Main\Security\W\Rules\Rule\$encoding
$encoding
Определения rule.php:19

Bitrix\Main\Security\W\Rules\Rule\$keys
$keys
Определения rule.php:15

Bitrix\Main\Web\Uri
Определения uri.php:17

array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804

$result
$result
Определения get_property_values.php:14

$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9

$uri
if(file_exists($_SERVER['DOCUMENT_ROOT'] . "/urlrewrite.php")) $uri
Определения urlrewrite.php:61

elseif
if( $daysToExpire >=0 &&$daysToExpire< 60 elseif)( $daysToExpire< 0)
Определения prolog_main_admin.php:393

$key
if(empty($signedUserToken)) $key
Определения quickway.php:257

$pattern
if(!Loader::includeModule('sale')) $pattern
Определения index.php:20

$k
$k
Определения template_pdf.php:567

path
path
Определения template_copy.php:201