Prevent saving invalid custom less (#1273)

* Prevent saving invalid custom less * Fix formatting * Fix formatting again * Move custom less format check to its own listener * Move listener to AdminServiceProvider * Rename listener method
2025-01-21 04:43:17 +08:00 · 2017-12-13 22:39:09 +01:00 · 2017-12-13 22:39:09 +01:00 · d2f187716e
commit d2f187716e
parent a0c95e6705
2 changed files with 53 additions and 0 deletions
--- a/src/Admin/AdminServiceProvider.php
+++ b/src/Admin/AdminServiceProvider.php
@ -11,6 +11,7 @@

 namespace Flarum\Admin;

+use Flarum\Core\Listener\CheckCustomLessFormat;
 use Flarum\Event\ExtensionWasDisabled;
 use Flarum\Event\ExtensionWasEnabled;
 use Flarum\Event\SettingWasSet;
@ -46,6 +47,8 @@ class AdminServiceProvider extends AbstractServiceProvider
        $this->flushWebAppAssetsWhenThemeChanged();

        $this->flushWebAppAssetsWhenExtensionsChanged();
+
+        $this->checkCustomLessFormat();
    }

    /**
@ -93,4 +96,11 @@ class AdminServiceProvider extends AbstractServiceProvider
    {
        return $this->app->make(WebApp::class)->getAssets();
    }
+
+    protected function checkCustomLessFormat()
+    {
+        $events = $this->app->make('events');
+
+        $events->subscribe(CheckCustomLessFormat::class);
+    }
 }
--- a/src/Core/Listener/CheckCustomLessFormat.php
+++ b/src/Core/Listener/CheckCustomLessFormat.php
@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Core\Listener;
+
+use Flarum\Core\Exception\ValidationException;
+use Flarum\Event\PrepareSerializedSetting;
+use Illuminate\Contracts\Events\Dispatcher;
+use Less_Exception_Parser;
+use Less_Parser;
+
+class CheckCustomLessFormat
+{
+    public function subscribe(Dispatcher $events)
+    {
+        $events->listen(PrepareSerializedSetting::class, [$this, 'check']);
+    }
+
+    public function check(PrepareSerializedSetting $event)
+    {
+        if ($event->key === 'custom_less') {
+            $parser = new Less_Parser();
+
+            try {
+                // Check the custom less format before saving
+                // Variables names are not checked, we would have to set them and call getCss() to check them
+                $parser->parse($event->value);
+            } catch (Less_Exception_Parser $e) {
+                throw new ValidationException([
+                    'custom_less' => $e->getMessage(),
+                ]);
+            }
+        }
+    }
+}