mirror/UNIT3D-Community-Edition
1
0
Fork 0
mirror of https://github.com/HDInnovations/UNIT3D-Community-Edition.git synced 2026-03-20 04:11:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e9bf9fedff68bb242edc19b14a872f12f3e94de6
UNIT3D-Community-Edition/app/Http/Middleware/HtmlEncrypt.php
HDVinnie 608c508fe7 refactor: symplify quote escapes
2020-04-24 11:19:08 -04:00

85 lines
2.3 KiB
PHP
Raw Blame History

<?php
/**
* NOTICE OF LICENSE.
*
* UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
* The details is bundled with this project in the file LICENSE.txt.
*
* @project UNIT3D Community Edition
*
* @author HDVinnie <hdinnovations@protonmail.com>
* @license https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
*/
namespace App\Http\Middleware;
use Bepsvpt\SecureHeaders\SecureHeaders;
use Closure;
class HtmlEncrypt
{
private $hex;
/**
* HtmlEncrypt constructor.
*/
public function __construct()
{
$this->hex = '';
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
/**
* @var Response
*/
$response = $next($request);
if ($request->isMethod('get') && ! $request->ajax()) {
$contentType = $response->headers->get('Content-Type');
if (strpos($contentType, 'text/html') !== false) {
$response->setContent($this->encryptHtml($response->getContent()));
}
}
return $response;
}
public function encryptHtml($content)
{
$nonce = SecureHeaders::nonce();
$text = str_split(bin2hex($content), 2);
array_walk($text, function (&$a) {
$this->addHexValue('%'.$a);
});
$script = sprintf("<script type='text/javascript' nonce='%s'>document.writeln(unescape('%s'));</script>", $nonce, $this->hex);
if (config('html-encrypt.disable_right_click')) {
$script .= sprintf("<script type='text/javascript' nonce='%s'>let body = document.getElementsByTagName('body')[0];var att = document.createAttribute('oncontextmenu');att.value = 'return false'';body.setAttributeNode(att);</script>", $nonce);
}
if (config('html-encrypt.disable_ctrl_and_F12_key')) {
$script .= sprintf("<script type='text/javascript' nonce='%s'>document.onkeydown=function(e){if(e.ctrlKey || e.keyCode == 123){return false}}</script>", $nonce);
}
return $script;
}
public function addHexValue($hex)
{
$this->hex .= $hex;
}
}
Reference in New Issue View Git Blame Copy Permalink