mirror/UNIT3D-Community-Edition
1
0
Fork 0
mirror of https://github.com/HDInnovations/UNIT3D-Community-Edition.git synced 2026-02-20 11:49:31 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb64a738ef6fb98f0e9387a55052dba09eb18e3c
UNIT3D-Community-Edition/app/Http/Middleware/HtmlEncrypt.php
HDVinnie 605c337204 refactor: encapsed strings to sprintf
2020-02-17 13:52:20 -05:00

85 lines
2.3 KiB
PHP
Raw Blame History

<?php
/**
* NOTICE OF LICENSE.
*
* UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
* The details is bundled with this project in the file LICENSE.txt.
*
* @project UNIT3D Community Edition
*
* @author HDVinnie <hdinnovations@protonmail.com>
* @license https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
*/
namespace App\Http\Middleware;
use Bepsvpt\SecureHeaders\SecureHeaders;
use Closure;
class HtmlEncrypt
{
private $hex;
/**
* HtmlEncrypt constructor.
*/
public function __construct()
{
$this->hex = '';
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
/**
* @var Response
*/
$response = $next($request);
if ($request->isMethod('get') && !$request->ajax()) {
$contentType = $response->headers->get('Content-Type');
if (strpos($contentType, 'text/html') !== false) {
$response->setContent($this->encryptHtml($response->getContent()));
}
}
return $response;
}
public function encryptHtml($content)
{
$nonce = SecureHeaders::nonce();
$text = str_split(bin2hex($content), 2);
array_walk($text, function (&$a) {
$this->addHexValue('%'.$a);
});
$script = sprintf('<script type=\'text/javascript\' nonce=\'%s\'>document.writeln(unescape(\'%s\'));</script>', $nonce, $this->hex);
if (config('html-encrypt.disable_right_click')) {
$script .= sprintf('<script type=\'text/javascript\' nonce=\'%s\'>let body = document.getElementsByTagName(\'body\')[0];var att = document.createAttribute(\'oncontextmenu\');att.value = \'return false\'\';body.setAttributeNode(att);</script>', $nonce);
}
if (config('html-encrypt.disable_ctrl_and_F12_key')) {
$script .= sprintf('<script type=\'text/javascript\' nonce=\'%s\'>document.onkeydown=function(e){if(e.ctrlKey || e.keyCode == 123){return false}}</script>', $nonce);
}
return $script;
}
public function addHexValue($hex)
{
$this->hex .= $hex;
}
}
Reference in New Issue View Git Blame Copy Permalink