blyzer/growup-crm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: full multi-tenancy control

Browse Source
This commit is contained in:
Cauê Faleiros
2026-02-02 15:31:15 -03:00
commit c6ec92802b
1711 changed files with 258106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
packages/Webkul/Core/src/Traits/PDFHandler.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace Webkul\Core\Traits;
use Barryvdh\DomPDF\Facade\Pdf;
use Illuminate\Support\Str;
use Mpdf\Mpdf;
trait PDFHandler
{
/**
* Download PDF.
*
* @return \Illuminate\Http\Response
*/
protected function downloadPDF(string $html, ?string $fileName = null)
{
if (is_null($fileName)) {
$fileName = Str::random(32);
}
$html = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
if (in_array($direction = app()->getLocale(), ['ar', 'he'])) {
$mPDF = new Mpdf([
'margin_left' => 0,
'margin_right' => 0,
'margin_top' => 0,
'margin_bottom'=> 0,
]);
$mPDF->SetDirectionality($direction);
$mPDF->SetDisplayMode('fullpage');
$mPDF->WriteHTML($this->adjustArabicAndPersianContent($html));
return response()->streamDownload(fn () => print ($mPDF->Output('', 'S')), $fileName.'.pdf');
}
return PDF::loadHTML($this->adjustArabicAndPersianContent($html))
->setPaper('A4', 'portrait')
->set_option('defaultFont', 'Courier')
->download($fileName.'.pdf');
}
/**
* Adjust arabic and persian content.
*
* @return string
*/
protected function adjustArabicAndPersianContent(string $html)
{
$arabic = new \ArPHP\I18N\Arabic;
$p = $arabic->arIdentify($html);
for ($i = count($p) - 1; $i >= 0; $i -= 2) {
$utf8ar = $arabic->utf8Glyphs(substr($html, $p[$i - 1], $p[$i] - $p[$i - 1]));
$html = substr_replace($html, $utf8ar, $p[$i - 1], $p[$i] - $p[$i - 1]);
}
return $html;
}
}

81
packages/Webkul/Core/src/Traits/Sanitizer.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
namespace Webkul\Core\Traits;
use enshrined\svgSanitize\data\AllowedAttributes;
use enshrined\svgSanitize\data\AllowedTags;
use enshrined\svgSanitize\Sanitizer as MainSanitizer;
use Exception;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Facades\Storage;
/**
* Trait for sanitizing SVG uploads to prevent security vulnerabilities.
*/
trait Sanitizer
{
/**
* Sanitize an SVG file to remove potentially malicious content.
*/
public function sanitizeSvg(string $path, UploadedFile $file): void
{
if (! $this->isSvgFile($file)) {
return;
}
try {
$svgContent = Storage::get($path);
if (! $svgContent) {
return;
}
$sanitizer = new MainSanitizer;
$sanitizer->setAllowedAttrs(new AllowedAttributes);
$sanitizer->setAllowedTags(new AllowedTags);
$sanitizer->minify(true);
$sanitizer->removeRemoteReferences(true);
$sanitizer->removeXMLTag(true);
$sanitizer->setXMLOptions(LIBXML_NONET | LIBXML_NOBLANKS);
$sanitizedContent = $sanitizer->sanitize($svgContent);
if ($sanitizedContent === false) {
$patterns = [
'/<script\b[^>]*>(.*?)<\/script>/is',
'/\bon\w+\s*=\s*["\'][^"\']*["\']/i',
'/javascript\s*:/i',
'/data\s*:[^,]*base64/i',
];
$sanitizedContent = $svgContent;
foreach ($patterns as $pattern) {
$sanitizedContent = preg_replace($pattern, '', $sanitizedContent);
}
Storage::put($path, $sanitizedContent);
return;
}
$sanitizedContent = preg_replace('/(<script.*?>.*?<\/script>)|(\son\w+\s*=\s*["\'][^"\']*["\'])/is', '', $sanitizedContent);
Storage::put($path, $sanitizedContent);
} catch (Exception $e) {
report($e->getMessage());
Storage::delete($path);
}
}
/**
* Check if the uploaded file is an SVG based on both extension and mime type.
*/
public function isSvgFile(UploadedFile $file): bool
{
return str_contains(strtolower($file->getClientOriginalExtension()), 'svg');
}
}