MDL-56992 core_scss: Don't allow invalid files to be included
[moodle.git] / lib / classes / scss.php
CommitLineData
65b8336e
FM
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Moodle implementation of SCSS.
19 *
20 * @package core
21 * @copyright 2016 Frédéric Massart
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25defined('MOODLE_INTERNAL') || die();
26
65b8336e
FM
27/**
28 * Moodle SCSS compiler class.
29 *
30 * @package core
31 * @copyright 2016 Frédéric Massart
32 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
33 */
34class core_scss extends \Leafo\ScssPhp\Compiler {
35
36 /** @var string The path to the SCSS file. */
37 protected $scssfile;
258143e3
FM
38 /** @var array Bits of SCSS content to prepend. */
39 protected $scssprepend = array();
65b8336e
FM
40 /** @var array Bits of SCSS content. */
41 protected $scsscontent = array();
42
43 /**
44 * Add variables.
45 *
46 * @param array $scss Associative array of variables and their values.
47 * @return void
48 */
49 public function add_variables(array $variables) {
50 $this->setVariables($variables);
51 }
52
53 /**
54 * Append raw SCSS to what's to compile.
55 *
56 * @param string $scss SCSS code.
57 * @return void
58 */
59 public function append_raw_scss($scss) {
60 $this->scsscontent[] = $scss;
61 }
62
258143e3
FM
63 /**
64 * Prepend raw SCSS to what's to compile.
65 *
66 * @param string $scss SCSS code.
67 * @return void
68 */
69 public function prepend_raw_scss($scss) {
70 $this->scssprepend[] = $scss;
71 }
72
65b8336e
FM
73 /**
74 * Set the file to compile from.
75 *
76 * The purpose of this method is to provide a way to import the
77 * content of a file without messing with the import directories.
78 *
79 * @param string $filepath The path to the file.
80 * @return void
81 */
82 public function set_file($filepath) {
83 $this->scssfile = $filepath;
84 $this->setImportPaths([dirname($filepath)]);
85 }
86
87 /**
88 * Compiles to CSS.
89 *
90 * @return string
91 */
92 public function to_css() {
258143e3 93 $content = implode(';', $this->scssprepend);
65b8336e
FM
94 if (!empty($this->scssfile)) {
95 $content .= file_get_contents($this->scssfile);
96 }
97 $content .= implode(';', $this->scsscontent);
98 return $this->compile($content);
99 }
100
a76b0b8b
AA
101 /**
102 * Compile child; returns a value to halt execution
103 *
104 * @param array $child
105 * @param \Leafo\ScssPhp\Formatter\OutputBlock $out
106 *
107 * @return array|null
108 */
109 protected function compileChild($child, \Leafo\ScssPhp\Formatter\OutputBlock $out) {
110 switch($child[0]) {
111 case \Leafo\ScssPhp\Type::T_SCSSPHP_IMPORT_ONCE:
112 case \Leafo\ScssPhp\Type::T_IMPORT:
113 list(, $rawpath) = $child;
114 $rawpath = $this->reduce($rawpath);
115 $path = $this->compileStringContent($rawpath);
116 if ($path = $this->findImport($path)) {
117 if ($this->is_valid_file($path)) {
118 return parent::compileChild($child, $out);
119 } else {
120 // Sneaky stuff, don't let non scss file in.
121 debugging("Can't import scss file - " . $path, DEBUG_DEVELOPER);
122 }
123 }
124 break;
125 default:
126 return parent::compileChild($child, $out);
127 }
128 }
129
130 /**
131 * Is the given file valid for import ?
132 *
133 * @param $path
134 * @return bool
135 */
136 protected function is_valid_file($path) {
137 global $CFG;
138
139 $realpath = realpath($path);
140
141 // Additional theme directory.
142 $addthemedirectory = core_component::get_plugin_types()['theme'];
143 $addrealroot = realpath($addthemedirectory);
144
145 // Original theme directory.
146 $themedirectory = $CFG->dirroot . "/theme";
147 $realroot = realpath($themedirectory);
148
149 // File should end in .scss and must be in sites theme directory, else ignore it.
150 $pathvalid = $realpath !== false;
151 $pathvalid = $pathvalid && (substr($path, -5) === '.scss');
152 $pathvalid = $pathvalid && (strpos($realpath, $realroot) === 0 || strpos($realpath, $addrealroot) === 0);
153 return $pathvalid;
154 }
65b8336e 155}