projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CRM_Utils_JS - Fix backslash handling
[civicrm-core.git] / CRM / Utils / JS.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 * Parse Javascript content and extract translatable strings.
30 *
31 * @package CRM
32 * @copyright CiviCRM LLC (c) 2004-2019
33 */
34 class CRM_Utils_JS {
35
36 /**
37 * Parse a javascript file for translatable strings.
38 *
39 * @param string $jsCode
40 * Raw Javascript code.
41 * @return array
42 * Array of translatable strings
43 */
44 public static function parseStrings($jsCode) {
45 $strings = [];
46 // Match all calls to ts() in an array.
47 // Note: \s also matches newlines with the 's' modifier.
48 preg_match_all('~
49 [^\w]ts\s* # match "ts" with whitespace
50 \(\s* # match "(" argument list start
51 ((?:(?:\'(?:\\\\\'|[^\'])*\'|"(?:\\\\"|[^"])*")(?:\s*\+\s*)?)+)\s*
52 [,\)] # match ")" or "," to finish
53 ~sx', $jsCode, $matches);
54 foreach ($matches[1] as $text) {
55 $quote = $text[0];
56 // Remove newlines
57 $text = str_replace("\\\n", '', $text);
58 // Unescape escaped quotes
59 $text = str_replace('\\' . $quote, $quote, $text);
60 // Remove end quotes
61 $text = substr(ltrim($text, $quote), 0, -1);
62 $strings[$text] = $text;
63 }
64 return array_values($strings);
65 }
66
67 /**
68 * Identify duplicate, adjacent, identical closures and consolidate them.
69 *
70 * Note that you can only dedupe closures if they are directly adjacent and
71 * have exactly the same parameters.
72 *
73 * @param array $scripts
74 * Javascript source.
75 * @param array $localVars
76 * Ordered list of JS vars to identify the start of a closure.
77 * @param array $inputVals
78 * Ordered list of input values passed into the closure.
79 * @return string
80 * Javascript source.
81 */
82 public static function dedupeClosures($scripts, $localVars, $inputVals) {
83 // Example opening: (function (angular, $, _) {
84 $opening = '\s*\(\s*function\s*\(\s*';
85 $opening .= implode(',\s*', array_map(function ($v) {
86 return preg_quote($v, '/');
87 }, $localVars));
88 $opening .= '\)\s*\{';
89 $opening = '/^' . $opening . '/';
90
91 // Example closing: })(angular, CRM.$, CRM._);
92 $closing = '\}\s*\)\s*\(\s*';
93 $closing .= implode(',\s*', array_map(function ($v) {
94 return preg_quote($v, '/');
95 }, $inputVals));
96 $closing .= '\);\s*';
97 $closing = "/$closing\$/";
98
99 $scripts = array_values($scripts);
100 for ($i = count($scripts) - 1; $i > 0; $i--) {
101 if (preg_match($closing, $scripts[$i - 1]) && preg_match($opening, $scripts[$i])) {
102 $scripts[$i - 1] = preg_replace($closing, '', $scripts[$i - 1]);
103 $scripts[$i] = preg_replace($opening, '', $scripts[$i]);
104 }
105 }
106
107 return $scripts;
108 }
109
110 /**
111 * This is a primitive comment stripper. It doesn't catch all comments
112 * and falls short of minification, but it doesn't munge Angular injections
113 * and is fast enough to run synchronously (without caching).
114 *
115 * At time of writing, running this against the Angular modules, this impl
116 * of stripComments currently adds 10-20ms and cuts ~7%.
117 *
118 * Please be extremely cautious about extending this. If you want better
119 * minification, you should probably remove this implementation,
120 * import a proper JSMin implementation, and cache its output.
121 *
122 * @param string $script
123 * @return string
124 */
125 public static function stripComments($script) {
126 return preg_replace(":^\\s*//[^\n]+$:m", "", $script);
127 }
128
129 /**
130 * Decodes a js variable (not necessarily strict json but valid js) into a php variable.
131 *
132 * This is similar to using json_decode($js, TRUE) but more forgiving about syntax.
133 *
134 * ex. {a: 'Apple', 'b': "Banana", c: [1, 2, 3]}
135 * Returns: [
136 * 'a' => 'Apple',
137 * 'b' => 'Banana',
138 * 'c' => [1, 2, 3],
139 * ]
140 *
141 * @param string $js
142 * @return mixed
143 */
144 public static function decode($js) {
145 $js = trim($js);
146 $first = substr($js, 0, 1);
147 $last = substr($js, -1);
148 if ($last === $first && ($first === "'" || $first === '"')) {
149 // Use a temp placeholder for escaped backslashes
150 $backslash = chr(0) . 'backslash' . chr(0);
151 return str_replace(['\\\\', "\\'", '\\"', '\\&', '\\/', $backslash], [$backslash, "'", '"', '&', '/', '\\'], substr($js, 1, -1));
152 }
153 if (($first === '{' && $last === '}') || ($first === '[' && $last === ']')) {
154 $obj = self::getRawProps($js);
155 foreach ($obj as $idx => $item) {
156 $obj[$idx] = self::decode($item);
157 }
158 return $obj;
159 }
160 return json_decode($js);
161 }
162
163 /**
164 * Encodes a variable to js notation (not strict json) suitable for e.g. an angular attribute.
165 *
166 * Like json_encode() but the output looks more like native javascript,
167 * with single quotes around strings and no unnecessary quotes around object keys.
168 *
169 * Ex input: [
170 * 'a' => 'Apple',
171 * 'b' => 'Banana',
172 * 'c' => [1, 2, 3],
173 * ]
174 * Ex output: {a: 'Apple', b: 'Banana', c: [1, 2, 3]}
175 *
176 * @param mixed $value
177 * @return string
178 */
179 public static function encode($value) {
180 if (is_array($value)) {
181 return self::writeObject($value, TRUE);
182 }
183 $result = json_encode($value, JSON_UNESCAPED_SLASHES);
184 // Convert double-quotes around string to single quotes
185 if (is_string($value) && substr($result, 0, 1) === '"' && substr($result, -1) === '"') {
186 $backslash = chr(0) . 'backslash' . chr(0);
187 return "'" . str_replace(['\\\\', '\\"', "'", $backslash], [$backslash, '"', "\\'", '\\\\'], substr($result, 1, -1)) . "'";
188 }
189 return $result;
190 }
191
192 /**
193 * Gets the properties of a javascript object/array WITHOUT decoding them.
194 *
195 * Useful when the object might contain js functions, expressions, etc. which cannot be decoded.
196 * Returns an array with keys as property names and values as raw strings of js.
197 *
198 * Ex Input: {foo: getFoo(arg), 'bar': function() {return "bar";}}
199 * Returns: [
200 * 'foo' => 'getFoo(arg)',
201 * 'bar' => 'function() {return "bar";}',
202 * ]
203 *
204 * @param $js
205 * @return array
206 * @throws \Exception
207 */
208 public static function getRawProps($js) {
209 $js = trim($js);
210 if (!is_string($js) || $js === '' || !($js[0] === '{' || $js[0] === '[')) {
211 throw new Exception("Invalid js object string passed to CRM_Utils_JS::getRawProps");
212 }
213 $chars = str_split(substr($js, 1));
214 $isEscaped = $quote = NULL;
215 $type = $js[0] === '{' ? 'object' : 'array';
216 $key = $type == 'array' ? 0 : NULL;
217 $item = '';
218 $end = strlen($js) - 2;
219 $quotes = ['"', "'", '/'];
220 $brackets = [
221 '}' => '{',
222 ')' => '(',
223 ']' => '[',
224 ':' => '?',
225 ];
226 $enclosures = array_fill_keys($brackets, 0);
227 $result = [];
228 foreach ($chars as $index => $char) {
229 if (!$isEscaped && in_array($char, $quotes, TRUE)) {
230 // Open quotes, taking care not to mistake the division symbol for opening a regex
231 if (!$quote && !($char == '/' && preg_match('{[\w)]\s*$}', $item))) {
232 $quote = $char;
233 }
234 // Close quotes
235 elseif ($char === $quote) {
236 $quote = NULL;
237 }
238 }
239 if (!$quote) {
240 // Delineates property key
241 if ($char == ':' && !array_filter($enclosures) && !$key) {
242 $key = $item;
243 $item = '';
244 continue;
245 }
246 // Delineates property value
247 if (($char == ',' || $index == $end) && !array_filter($enclosures) && isset($key) && trim($item) !== '') {
248 // Trim, unquote, and unescape characters in key
249 if ($type == 'object') {
250 $key = trim($key);
251 $key = in_array($key[0], $quotes) ? self::decode($key) : $key;
252 }
253 $result[$key] = trim($item);
254 $key = $type == 'array' ? $key + 1 : NULL;
255 $item = '';
256 continue;
257 }
258 // Open brackets - we'll ignore delineators inside
259 if (isset($enclosures[$char])) {
260 $enclosures[$char]++;
261 }
262 // Close brackets
263 if (isset($brackets[$char]) && $enclosures[$brackets[$char]]) {
264 $enclosures[$brackets[$char]]--;
265 }
266 }
267 $item .= $char;
268 // We are escaping the next char if this is a backslash not preceded by an odd number of backslashes
269 $isEscaped = $char === '\\' && ((strlen($item) - strlen(rtrim($item, '\\'))) % 2);
270 }
271 return $result;
272 }
273
274 /**
275 * Converts a php array to javascript object/array notation (not strict JSON).
276 *
277 * Does not encode keys unless they contain special characters.
278 * Does not encode values by default, so either specify $encodeValues = TRUE,
279 * or pass strings of valid js/json as values (per output from getRawProps).
280 * @see CRM_Utils_JS::getRawProps
281 *
282 * @param array $obj
283 * @param bool $encodeValues
284 * @return string
285 */
286 public static function writeObject($obj, $encodeValues = FALSE) {
287 $js = [];
288 $brackets = isset($obj[0]) && array_keys($obj) === range(0, count($obj) - 1) ? ['[', ']'] : ['{', '}'];
289 foreach ($obj as $key => $val) {
290 if ($encodeValues) {
291 $val = self::encode($val);
292 }
293 if ($brackets[0] == '{') {
294 // Enclose the key in quotes unless it is purely alphanumeric
295 if (preg_match('/\W/', $key)) {
296 // Prefer single quotes
297 $key = preg_match('/^[\w "]+$/', $key) ? "'" . $key . "'" : json_encode($key, JSON_UNESCAPED_SLASHES);
298 }
299 $js[] = "$key: $val";
300 }
301 else {
302 $js[] = $val;
303 }
304 }
305 return $brackets[0] . implode(', ', $js) . $brackets[1];
306 }
307
308 }