htmloutputter.php 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644
  1. <?php
  2. // This file is part of GNU social - https://www.gnu.org/software/social
  3. //
  4. // GNU social is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU Affero General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // GNU social is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU Affero General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU Affero General Public License
  15. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  16. /**
  17. * Low-level generator for HTML
  18. *
  19. * @package GNUsocial
  20. * @category Output
  21. *
  22. * @author Evan Prodromou <evan@status.net>
  23. * @author Sarven Capadisli <csarven@status.net>
  24. * @copyright 2008-2019 Free Software Foundation, Inc http://www.fsf.org
  25. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  26. */
  27. defined('GNUSOCIAL') || die();
  28. // Can include XHTML options but these are too fragile in practice.
  29. define('PAGE_TYPE_PREFS', 'text/html');
  30. /**
  31. * Low-level generator for HTML
  32. *
  33. * Abstracts some of the code necessary for HTML generation. Especially
  34. * has methods for generating HTML form elements. Note that these have
  35. * been created kind of haphazardly, not with an eye to making a general
  36. * HTML-creation class.
  37. *
  38. * @see Action
  39. * @see XMLOutputter
  40. *
  41. * @copyright 2008-2019 Free Software Foundation, Inc http://www.fsf.org
  42. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  43. */
  44. class htmloutputter extends XMLOutputter
  45. {
  46. protected $DTD = ['doctype' => 'html',
  47. 'spec' => '-//W3C//DTD XHTML 1.0 Strict//EN',
  48. 'uri' => 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd', ];
  49. /**
  50. * Constructor
  51. *
  52. * Just wraps the XMLOutputter constructor.
  53. *
  54. * @param string $output URI to output to, default = stdout
  55. * @param bool|null $indent Whether to indent output, if null it defaults to true
  56. *
  57. * @throws ServerException
  58. */
  59. public function __construct($output = 'php://output', $indent = null)
  60. {
  61. parent::__construct($output, $indent);
  62. }
  63. /**
  64. * Start an HTML document
  65. *
  66. * If $type isn't specified, will attempt to do content negotiation.
  67. *
  68. * Attempts to do content negotiation for language, also.
  69. *
  70. * @param null|string $type MIME type to use; default is to do negotation.
  71. *
  72. * @throws ClientException
  73. * @throws ServerException
  74. *
  75. * @return void
  76. *
  77. * @todo extract content negotiation code to an HTTP module or class.
  78. */
  79. public function startHTML(?string $type = null): void
  80. {
  81. if (!$type) {
  82. $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ?
  83. $_SERVER['HTTP_ACCEPT'] : null;
  84. // XXX: allow content negotiation for RDF, RSS, or XRDS
  85. $cp = common_accept_to_prefs($httpaccept);
  86. $sp = common_accept_to_prefs(PAGE_TYPE_PREFS);
  87. $type = common_negotiate_type($cp, $sp);
  88. if (!$type) {
  89. // TRANS: Client exception 406
  90. throw new ClientException(_('This page is not available in a ' .
  91. 'media type you accept'), 406);
  92. }
  93. }
  94. header('Content-Type: ' . $type);
  95. // Output anti-framing headers to prevent clickjacking (respected by newer
  96. // browsers).
  97. if (common_config('javascript', 'bustframes')) {
  98. header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
  99. header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
  100. }
  101. $this->extraHeaders();
  102. if (preg_match('/.*\\/.*xml/', $type)) {
  103. // Required for XML documents
  104. $this->startXML();
  105. }
  106. $this->writeDTD();
  107. $language = $this->getLanguage();
  108. $attrs = [
  109. 'xmlns' => 'http://www.w3.org/1999/xhtml',
  110. 'xml:lang' => $language,
  111. 'lang' => $language,
  112. ];
  113. if (Event::handle('StartHtmlElement', [$this, &$attrs])) {
  114. $this->elementStart('html', $attrs);
  115. Event::handle('EndHtmlElement', [$this, &$attrs]);
  116. }
  117. }
  118. /**
  119. * To specify additional HTTP headers for the action
  120. *
  121. * @return void
  122. */
  123. public function extraHeaders()
  124. {
  125. // Needs to be overloaded
  126. }
  127. /**
  128. * @return void
  129. */
  130. protected function writeDTD(): void
  131. {
  132. $this->xw->writeDTD(
  133. $this->DTD['doctype'],
  134. $this->DTD['spec'],
  135. $this->DTD['uri']
  136. );
  137. }
  138. /**
  139. * @return mixed (array|bool|string)
  140. */
  141. public function getLanguage()
  142. {
  143. // FIXME: correct language for interface
  144. return common_language();
  145. }
  146. /**
  147. * @param $doctype
  148. * @param $spec
  149. * @param $uri
  150. */
  151. public function setDTD($doctype, $spec, $uri): void
  152. {
  153. $this->DTD = ['doctype' => $doctype, 'spec' => $spec, 'uri' => $uri];
  154. }
  155. /**
  156. * Ends an HTML document
  157. *
  158. * @return void
  159. */
  160. public function endHTML(): void
  161. {
  162. $this->elementEnd('html');
  163. $this->endXML();
  164. }
  165. /**
  166. * Output an HTML text input element
  167. *
  168. * Despite the name, it is specifically for outputting a
  169. * text input element, not other <input> elements. It outputs
  170. * a cluster of elements, including a <label> and an associated
  171. * instructions span.
  172. *
  173. * If $attrs['type'] does not exist it will be set to 'text'.
  174. *
  175. * @param string $id element ID, must be unique on page
  176. * @param null|string $label text of label for the element
  177. * @param null|string $value value of the element, default null
  178. * @param null|string $instructions instructions for valid input
  179. * @param null|string $name name of the element; if null, the id will be used
  180. * @param bool $required HTML5 required attribute (exclude when false)
  181. * @param array $attrs Initial attributes manually set in an array (overwritten by previous options)
  182. *
  183. * @return void
  184. *
  185. * @todo add a $maxLength parameter
  186. * @todo add a $size parameter
  187. *
  188. */
  189. public function input(
  190. string $id,
  191. ?string $label,
  192. ?string $value = null,
  193. ?string $instructions = null,
  194. ?string $name = null,
  195. bool $required = false,
  196. array $attrs = []
  197. ): void {
  198. $this->element('label', ['for' => $id], $label);
  199. if (!array_key_exists('type', $attrs)) {
  200. $attrs['type'] = 'text';
  201. }
  202. $attrs['id'] = $id;
  203. $attrs['name'] = is_null($name) ? $id : $name;
  204. if (array_key_exists('placeholder', $attrs) && (is_null($attrs['placeholder']) || $attrs['placeholder'] === '')) {
  205. // If placeholder is type-aware equal to '' or null, unset it as we apparently don't want a placeholder value
  206. unset($attrs['placeholder']);
  207. } else {
  208. // If the placeholder is set use it, or use the label as fallback.
  209. $attrs['placeholder'] = isset($attrs['placeholder']) ? $attrs['placeholder'] : $label;
  210. }
  211. if (!is_null($value)) { // value can be 0 or ''
  212. $attrs['value'] = $value;
  213. }
  214. if (!empty($required)) {
  215. $attrs['required'] = 'required';
  216. }
  217. $this->element('input', $attrs);
  218. if ($instructions) {
  219. $this->element('p', 'form_guide', $instructions);
  220. }
  221. }
  222. /**
  223. * output an HTML checkbox and associated elements
  224. *
  225. * Note that the value is default 'true' (the string), which can
  226. * be used by Action::boolean()
  227. *
  228. * @param string $id element ID, must be unique on page
  229. * @param null|string $label text of label for the element
  230. * @param bool $checked if the box is checked, default false
  231. * @param null|string $instructions instructions for valid input
  232. * @param string $value value of the checkbox, default 'true'
  233. * @param bool $disabled show the checkbox disabled, default false
  234. *
  235. * @return void
  236. *
  237. * @todo add a $name parameter
  238. */
  239. public function checkbox(
  240. string $id,
  241. ?string $label,
  242. bool $checked = false,
  243. ?string $instructions = null,
  244. string $value = 'true',
  245. bool $disabled = false
  246. ): void {
  247. $attrs = ['name' => $id,
  248. 'type' => 'checkbox',
  249. 'class' => 'checkbox',
  250. 'id' => $id, ];
  251. if ($value) {
  252. $attrs['value'] = $value;
  253. }
  254. if ($checked) {
  255. $attrs['checked'] = 'checked';
  256. }
  257. if ($disabled) {
  258. $attrs['disabled'] = 'true';
  259. }
  260. $this->element('input', $attrs);
  261. $this->text(' ');
  262. $this->element(
  263. 'label',
  264. ['class' => 'checkbox',
  265. 'for' => $id, ],
  266. $label
  267. );
  268. $this->text(' ');
  269. if ($instructions) {
  270. $this->element('p', 'form_guide', $instructions);
  271. }
  272. }
  273. /**
  274. * output an HTML combobox/select and associated elements
  275. *
  276. * $content is an array of key-value pairs for the dropdown, where
  277. * the key is the option value attribute and the value is the option
  278. * text. (Careful on the overuse of 'value' here.)
  279. *
  280. * @param string $id element ID, must be unique on page
  281. * @param null|string $label text of label for the element
  282. * @param array $content options array, value => text
  283. * @param null|string $instructions instructions for valid input
  284. * @param bool $blank_select whether to have a blank entry, default false
  285. * @param null|string $selected selected value, default null
  286. *
  287. * @return void
  288. *
  289. * @todo add a $name parameter
  290. */
  291. public function dropdown(
  292. string $id,
  293. ?string $label,
  294. array $content,
  295. ?string $instructions = null,
  296. bool $blank_select = false,
  297. ?string $selected = null
  298. ): void {
  299. $this->element('label', ['for' => $id], $label);
  300. $this->elementStart('select', ['id' => $id, 'name' => $id]);
  301. if ($blank_select) {
  302. $this->element('option', ['value' => '']);
  303. }
  304. foreach ($content as $value => $option) {
  305. if ($value == $selected) {
  306. $this->element(
  307. 'option',
  308. ['value' => $value,
  309. 'selected' => 'selected', ],
  310. $option
  311. );
  312. } else {
  313. $this->element('option', ['value' => $value], $option);
  314. }
  315. }
  316. $this->elementEnd('select');
  317. if ($instructions) {
  318. $this->element('p', 'form_guide', $instructions);
  319. }
  320. }
  321. /**
  322. * output an HTML hidden element
  323. *
  324. * $id is re-used as name
  325. *
  326. * @param string $id element ID, must be unique on page
  327. * @param null|string $value hidden element value, default null
  328. * @param null|string $name name, if different than ID
  329. *
  330. * @return void
  331. */
  332. public function hidden(string $id, ?string $value = null, ?string $name = null)
  333. {
  334. $this->element('input', ['name' => $name ?: $id,
  335. 'type' => 'hidden',
  336. 'id' => $id,
  337. 'value' => $value, ]);
  338. }
  339. /**
  340. * output an HTML password input and associated elements
  341. *
  342. * @param string $id element ID, must be unique on page
  343. * @param null|string $label text of label for the element
  344. * @param null|string $instructions instructions for valid input
  345. *
  346. * @return void
  347. *
  348. * @todo add a $name parameter
  349. */
  350. public function password(string $id, ?string $label, ?string $instructions = null): void
  351. {
  352. $this->element('label', ['for' => $id], $label);
  353. $attrs = ['name' => $id,
  354. 'type' => 'password',
  355. 'class' => 'password',
  356. 'id' => $id, ];
  357. $this->element('input', $attrs);
  358. if ($instructions) {
  359. $this->element('p', 'form_guide', $instructions);
  360. }
  361. }
  362. /**
  363. * output an HTML submit input and associated elements
  364. *
  365. * @param string $id element ID, must be unique on page
  366. * @param null|string $label text of the button
  367. * @param string $cls class of the button, default 'submit'
  368. * @param null|string $name name, if different than ID
  369. * @param null|string $title title text for the submit button
  370. *
  371. * @return void
  372. *
  373. * @todo add a $name parameter
  374. */
  375. public function submit(
  376. string $id,
  377. ?string $label,
  378. string $cls = 'submit',
  379. ?string $name = null,
  380. ?string $title = null
  381. ): void {
  382. $this->element('input', ['type' => 'submit',
  383. 'id' => $id,
  384. 'name' => $name ?: $id,
  385. 'class' => $cls,
  386. 'value' => $label,
  387. 'title' => $title, ]);
  388. }
  389. /**
  390. * output a script (almost always javascript) tag
  391. *
  392. * @param string $src relative or absolute script path
  393. * @param string $type 'type' attribute value of the tag
  394. *
  395. * @throws ServerException
  396. *
  397. * @return void
  398. */
  399. public function script(string $src, string $type = 'text/javascript'): void
  400. {
  401. if (Event::handle('StartScriptElement', [$this, &$src, &$type])) {
  402. $url = parse_url($src);
  403. if (empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment'])) {
  404. // XXX: this seems like a big assumption
  405. if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
  406. $src = common_path($src, GNUsocial::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
  407. } else {
  408. if (GNUsocial::isHTTPS()) {
  409. $server = common_config('javascript', 'sslserver');
  410. if (empty($server)) {
  411. if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) {
  412. $server = common_config('site', 'sslserver');
  413. } elseif (common_config('site', 'server')) {
  414. $server = common_config('site', 'server');
  415. }
  416. $path = common_config('site', 'path') . '/js/';
  417. } else {
  418. $path = common_config('javascript', 'sslpath');
  419. if (empty($path)) {
  420. $path = common_config('javascript', 'path');
  421. }
  422. }
  423. $protocol = 'https';
  424. } else {
  425. $path = common_config('javascript', 'path');
  426. if (empty($path)) {
  427. $path = common_config('site', 'path') . '/js/';
  428. }
  429. $server = common_config('javascript', 'server');
  430. if (empty($server)) {
  431. $server = common_config('site', 'server');
  432. }
  433. $protocol = 'http';
  434. }
  435. if ($path[strlen($path) - 1] != '/') {
  436. $path .= '/';
  437. }
  438. if ($path[0] != '/') {
  439. $path = '/' . $path;
  440. }
  441. $src = $protocol . '://' . $server . $path . $src . '?version=' . GNUSOCIAL_VERSION;
  442. }
  443. }
  444. $this->element(
  445. 'script',
  446. ['type' => $type,
  447. 'src' => $src, ],
  448. ' '
  449. );
  450. Event::handle('EndScriptElement', [$this, $src, $type]);
  451. }
  452. }
  453. /**
  454. * output a css link
  455. *
  456. * @param string $src relative path within the theme directory, or an absolute path
  457. * @param string $theme 'theme' that contains the stylesheet
  458. * @param null|string $media
  459. *
  460. * @throws ServerException
  461. *
  462. * @return void
  463. */
  464. public function cssLink(string $src, ?string $theme = null, ?string $media = null): void
  465. {
  466. if (Event::handle('StartCssLinkElement', [$this, &$src, &$theme, &$media])) {
  467. $url = parse_url($src);
  468. if (empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment'])) {
  469. if (file_exists(Theme::file($src, $theme))) {
  470. $src = Theme::path($src, $theme);
  471. } else {
  472. $src = common_path($src, GNUsocial::isHTTPS());
  473. }
  474. $src .= '?version=' . GNUSOCIAL_VERSION;
  475. }
  476. $this->element('link', ['rel' => 'stylesheet',
  477. 'type' => 'text/css',
  478. 'href' => $src,
  479. 'media' => $media, ]);
  480. Event::handle('EndCssLinkElement', [$this, $src, $theme, $media]);
  481. }
  482. }
  483. /**
  484. * output a style (almost always css) tag with inline
  485. * code.
  486. *
  487. * @param string $code code to put in the style tag
  488. * @param string $type 'type' attribute value of the tag
  489. * @param null|string $media 'media' attribute value of the tag
  490. *
  491. * @return void
  492. */
  493. public function style(string $code, string $type = 'text/css', ?string $media = null)
  494. {
  495. if (Event::handle('StartStyleElement', [$this, &$code, &$type, &$media])) {
  496. $this->elementStart('style', ['type' => $type, 'media' => $media]);
  497. $this->raw($code);
  498. $this->elementEnd('style');
  499. Event::handle('EndStyleElement', [$this, $code, $type, $media]);
  500. }
  501. }
  502. /**
  503. * output an HTML textarea and associated elements
  504. *
  505. * @param string $id element ID, must be unique on page
  506. * @param null|string $label text of label for the element
  507. * @param null|string $content content of the textarea, default none
  508. * @param null|string $instructions instructions for valid input
  509. * @param null|string $name name of textarea; if null, $id will be used
  510. * @param null|int $cols number of columns
  511. * @param null|int $rows number of rows
  512. * @param bool $required HTML5 required attribute (exclude when false)
  513. *
  514. * @return void
  515. */
  516. public function textarea(
  517. string $id,
  518. ?string $label,
  519. ?string $content = null,
  520. ?string $instructions = null,
  521. ?string $name = null,
  522. ?int $cols = null,
  523. ?int $rows = null,
  524. bool $required = false
  525. ): void {
  526. $this->element('label', ['for' => $id], $label);
  527. $attrs = [
  528. 'rows' => 3,
  529. 'cols' => 40,
  530. 'id' => $id,
  531. ];
  532. $attrs['name'] = is_null($name) ? $id : $name;
  533. if ($cols != null) {
  534. $attrs['cols'] = $cols;
  535. }
  536. if ($rows != null) {
  537. $attrs['rows'] = $rows;
  538. }
  539. if (!empty($required)) {
  540. $attrs['required'] = 'required';
  541. }
  542. $this->element(
  543. 'textarea',
  544. $attrs,
  545. $content
  546. );
  547. if ($instructions) {
  548. $this->element('p', 'form_guide', $instructions);
  549. }
  550. }
  551. /**
  552. * Internal script to autofocus the given element on page onload.
  553. *
  554. * @param string $id element ID, must refer to an existing element
  555. *
  556. * @return void
  557. *
  558. */
  559. public function autofocus(string $id): void
  560. {
  561. $this->inlineScript(
  562. ' $(document).ready(function() {' .
  563. ' var el = $("#' . $id . '");' .
  564. ' if (el.length) { el.focus(); }' .
  565. ' });'
  566. );
  567. }
  568. /**
  569. * output a script (almost always javascript) tag with inline
  570. * code.
  571. *
  572. * @param string $code code to put in the script tag
  573. * @param string $type 'type' attribute value of the tag
  574. *
  575. * @return void
  576. */
  577. public function inlineScript(string $code, string $type = 'text/javascript'): void
  578. {
  579. if (Event::handle('StartInlineScriptElement', [$this, &$code, &$type])) {
  580. $this->elementStart('script', ['type' => $type]);
  581. if ($type == 'text/javascript') {
  582. $this->raw('/*<![CDATA[*/ '); // XHTML compat
  583. }
  584. $this->raw($code);
  585. if ($type == 'text/javascript') {
  586. $this->raw(' /*]]>*/'); // XHTML compat
  587. }
  588. $this->elementEnd('script');
  589. Event::handle('EndInlineScriptElement', [$this, $code, $type]);
  590. }
  591. }
  592. }