From 1ada9c26f86282ba9a527709dd5a326f22874c05 Mon Sep 17 00:00:00 2001
From: logmanoriginal <logmanoriginal@users.noreply.github.com>
Date: Tue, 18 Jun 2019 18:32:56 +0200
Subject: [PATCH] format: Sanitize format name in the format factory

RSS-Bridge currently sanitizes the format name only for the display
action, which can cause problems if other actions depend on formats
as well.

It is therefore better to do sanitization in the factory class for
formats. Additionally, formats should not require a perfect match,
so 'Atom' and 'aToM' make no difference. This will also allow users
to define formats in their own style (i.e. only lowercase via CLI).

References #1001
---
 actions/DisplayAction.php |  6 -----
 lib/Format.php            | 53 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/actions/DisplayAction.php b/actions/DisplayAction.php
index a1b106f5..7a59ad7f 100644
--- a/actions/DisplayAction.php
+++ b/actions/DisplayAction.php
@@ -18,12 +18,6 @@ class DisplayAction extends ActionAbstract {
 		$format = $this->userData['format']
 			or returnClientError('You must specify a format!');
 
-		// DEPRECATED: 'nameFormat' scheme is replaced by 'name' in format parameter values
-		//             this is to keep compatibility until futher complete removal
-		if(($pos = strpos($format, 'Format')) === (strlen($format) - strlen('Format'))) {
-			$format = substr($format, 0, $pos);
-		}
-
 		// whitelist control
 		if(!Bridge::isWhitelisted($bridge)) {
 			throw new \Exception('This bridge is not whitelisted', 401);
diff --git a/lib/Format.php b/lib/Format.php
index 061b1f21..edbe5f57 100644
--- a/lib/Format.php
+++ b/lib/Format.php
@@ -68,7 +68,7 @@ class Format {
 			throw new \InvalidArgumentException('Format name invalid!');
 		}
 
-		$name = $name . 'Format';
+		$name = self::sanitizeFormatName($name) . 'Format';
 		$pathFormat = self::getWorkingDir() . $name . '.php';
 
 		if(!file_exists($pathFormat)) {
@@ -163,4 +163,55 @@ class Format {
 
 		return $formatNames;
 	}
+
+	/**
+	 * Returns the sanitized format name.
+	 *
+	 * The format name can be specified in various ways:
+	 * * The PHP file name (i.e. `AtomFormat.php`)
+	 * * The PHP file name without file extension (i.e. `AtomFormat`)
+	 * * The format name (i.e. `Atom`)
+	 *
+	 * Casing is ignored (i.e. `ATOM` and `atom` are the same).
+	 *
+	 * A format file matching the given format name must exist in the working
+	 * directory!
+	 *
+	 * @param string $name The format name
+	 * @return string|null The sanitized format name if the provided name is
+	 * valid, null otherwise.
+	 */
+	protected static function sanitizeFormatName($name) {
+
+		if(is_string($name)) {
+
+			// Trim trailing '.php' if exists
+			if(preg_match('/(.+)(?:\.php)/', $name, $matches)) {
+				$name = $matches[1];
+			}
+
+			// Trim trailing 'Format' if exists
+			if(preg_match('/(.+)(?:Format)/i', $name, $matches)) {
+				$name = $matches[1];
+			}
+
+			// Improve performance for correctly written format names
+			if(in_array($name, self::getFormatNames())) {
+				$index = array_search($name, self::getFormatNames());
+				return self::getFormatNames()[$index];
+			}
+
+			// The name is valid if a corresponding format file is found on disk
+			if(in_array(strtolower($name), array_map('strtolower', self::getFormatNames()))) {
+				$index = array_search(strtolower($name), array_map('strtolower', self::getFormatNames()));
+				return self::getFormatNames()[$index];
+			}
+
+			Debug::log('Invalid format name: "' . $name . '"!');
+
+		}
+
+		return null; // Bad parameter
+
+	}
 }