forked from ILIAS-eLearning/ILIAS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrules
142 lines (125 loc) · 5.45 KB
/
rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/**
* A documentation for writing dicto rules and executing this file could be found at:
*
* http://scg.unibe.ch/dicto/examples.php
* https://github.com/lechimp-p/dicto.php
*
*/
IlClasses = Classes with name:"il.*"
AssClasses = Classes with name:"ass.*"
WholeIliasCodebase = {IlClasses, AssClasses}
GUIClassesOnly = Classes with name:".*GUI.*"
GUIClasses = {GUIClassesOnly, Methods in: GUIClassesOnly}
GlobalsExceptDIC = {Globals} except {Globals with name:"DIC"}
TriggerError = Functions with name:"trigger_error"
RaiseError = Functions with name:"raiseError"
IlTopLevelException = Classes with name:"ilException"
IlExceptions = Classes with name:"il.*Exception*"
IlExceptionsWithoutTopLevelException = {IlExceptions} except {IlTopLevelException}
IlDBClass = Classes with name:"ilDB"
IlDBGlobal = Globals with name:"ilDB"
IlDB = {IlDBClass, IlDBGlobal}
IlTemplateClass = Classes with name:"ilTemplate"
IlTemplateGlobal = Globals with name:"tpl"
IlTemplate = {IlTemplateClass, IlTemplateGlobal}
IlTabsClass = Classes with name:"ilTabsGUI"
IlTabsGlobal = Globals with name:"ilTabs"
IlTabs = {IlTabsClass, IlTabsGlobal}
IlInitialisation = Classes with name:"ilInitialisation"
WholeIliasCodebaseExceptInitialisation = WholeIliasCodebase except IlInitialisation
SetErrorHandler = Functions with name:"set_error_handler"
SetExceptionHandler = Functions with name:"set_exception_handler"
SetErrorOrExceptionHandler = {SetExceptionHandler, SetErrorHandler}
IliasTemplateFiles = Files with name:"tpl[.].*[.]html"
SVGFiles = Files with name:".*[.]svg"
/**
* The global php function trigger_error is a procedural concept. Please
* ommit this php function and use an ILIAS exception instead.
*/
WholeIliasCodebase cannot invoke: TriggerError
/**
* Exit and die are a bad idea in both development and production: In
* development you have no idea what went wrong and in production the
* user receives a white page and has no idea whats going on. The
* implemented exception handling does not work if you use exit or die.
*
* If you want to send a file consider using: Services/FileDelivery.
*
* Exception: Currently if you want to output json you most likely have
* to use exit() at the moment.
*/
WholeIliasCodebase cannot invoke: ExitOrDie
/**
* The error and exception handler of ILIAS should not be overridden!
*/
WholeIliasCodebase cannot invoke: SetErrorOrExceptionHandler
/**
* The php function Eval() is not good practice. Its use often comes with
* a high security risk, because it is generally not a trivial task to
* make sure that a paramater of eval() can be fully trusted. And if it is,
* then eval() is usually not neccessary. It is also tricky to debug, because
* it obfuscates control flow. Last but not least, it does not work with HHVM
* in the special "RepoAuthoritative" mode, which makes PHP run extra-fast.
*/
WholeIliasCodebase cannot invoke: Eval
/**
* Silencing errors with the @ operator is bad practice. It makes code
* uneccessarily harder to debug if the currently suppressed error changes
* into a real show-stopper bug. Try to handle the possible warnings and errors.
*/
WholeIliasCodebase cannot depend on: ErrorSuppressor
/**
* The GUI-Layer should not itself interact with the database. Try to build
* reusable Model classes, adding a layer of abstraction instead of accessing
* the database.
*/
GUIClasses cannot depend on: IlDB
/**
* Only the GUI-Layer should use the global variable ilTabs and the class
* ilTabsGUI. If you use them in a Model the model cannot be used for e.g.
* SOAP requests without unnecessary overhead.
*/
only GUIClasses can depend on: IlTabs
/**
* Only the GUI-Layer should use the global variable ilTemplate and the
* class ilTemplate itself. If you use ilTemplate in the model it cannot be
* used by calls that do not initiate global ilTemplate for example SOAP.
*/
only GUIClasses can depend on: IlTemplate
/**
* ILIAS should not rely on PEAR::RaiseError. We would like to introduce
* exceptions instead.
*/
WholeIliasCodebase cannot invoke: RaiseError
/**
* Used to detect HTML <script>-Tags.
*/
IliasTemplateFiles cannot contain text: "<script"
/**
* Used to detect JavaScript in e.g. HTML attributes, e.g.
* <a href="javascript:void(0);">x</a>
*/
IliasTemplateFiles cannot contain text: "javascript\s*:"
/**
* Used to detect inline JavaScript events, e.g. <a onclick="alert('HelloWorld');">x</a>
*/
IliasTemplateFiles cannot contain text: "on(blur|change|click|dblclick|focus|keydown|keypress|keyup|load|mousemove|mouseup|mousedown|mouseenter|mouseleave|mouseout|mouseover|mousewheel|resize|select|submit|unload|wheel|scroll)"
/**
* ILIAS uses a lot of globals to make system wide services accessible from
* everywhere. Examples for those services are logging, RBAC and Control-flow.
* It is well known that globals are an obstacle for unit tests and also hide
* dependencies of objects somewhere in the methods instead of making them
* explicit.
*
* The use of any global in the ILIAS core besides the global pimple container
* object is deprecated with the beginning of the ILIAS 5.2 development. The
* migration process should be terminated with the release of ILIAS 5.2..
* Afterwards any global besides the pimple container is considered a bug.
*
* Decision by JF 2015-08-03: http://www.ilias.de/docu/goto.php?target=wiki_1357_JourFixe-2015-08-03#ilPageTocA123
*/
WholeIliasCodebaseExceptInitialisation cannot depend on: GlobalsExceptDIC
/**
* https://mantis.ilias.de/view.php?id=25040
*/
SVGFiles cannot contain text: "<foreignObject"