PhpSpreadsheet/src/PhpSpreadsheet/Reader/Html.php
Mikkel Paulson 1853aaac79 Add option to suppress validation of sheet titles ()
Add option to suppress validation of sheet titles

Based on a "lowest common denominator" approach to compatibility,
we will continue to enforce a 31-character limit for sheet titles.
However, this limit should not be enforced when loading an existing
file.

Added a new optional parameter to Worksheet::setTitle() and
Worksheet::setCodeName() to suppress validation and massaging,
based on the premise that existing files should be given a
best-effort approach to loading and parsing. Unfortunately, it's
not possible with the current architecture to prevent users from
making use of this functionality, aside from with a strongly-worded
warning.

Added test coverage. I didn't see any existing unit tests of the
Worksheet class, so I created a new test to cover these methods.

Fixes 
2017-07-14 10:53:13 +02:00

643 lines
22 KiB
PHP

<?php
namespace PhpOffice\PhpSpreadsheet\Reader;
use DOMDocument;
use DOMElement;
use DOMNode;
use DOMText;
use PhpOffice\PhpSpreadsheet\Cell;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
use PhpOffice\PhpSpreadsheet\Style\Border;
use PhpOffice\PhpSpreadsheet\Style\Color;
use PhpOffice\PhpSpreadsheet\Style\Fill;
use PhpOffice\PhpSpreadsheet\Worksheet;
/**
* Copyright (c) 2006 - 2016 PhpSpreadsheet.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* @category PhpSpreadsheet
*
* @copyright Copyright (c) 2006 - 2016 PhpSpreadsheet (https://github.com/PHPOffice/PhpSpreadsheet)
* @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt LGPL
*/
/** PhpSpreadsheet root directory */
class Html extends BaseReader implements IReader
{
/**
* Sample size to read to determine if it's HTML or not.
*/
const TEST_SAMPLE_SIZE = 2048;
/**
* Input encoding.
*
* @var string
*/
protected $inputEncoding = 'ANSI';
/**
* Sheet index to read.
*
* @var int
*/
protected $sheetIndex = 0;
/**
* Formats.
*
* @var array
*/
protected $formats = [
'h1' => [
'font' => [
'bold' => true,
'size' => 24,
],
], // Bold, 24pt
'h2' => [
'font' => [
'bold' => true,
'size' => 18,
],
], // Bold, 18pt
'h3' => [
'font' => [
'bold' => true,
'size' => 13.5,
],
], // Bold, 13.5pt
'h4' => [
'font' => [
'bold' => true,
'size' => 12,
],
], // Bold, 12pt
'h5' => [
'font' => [
'bold' => true,
'size' => 10,
],
], // Bold, 10pt
'h6' => [
'font' => [
'bold' => true,
'size' => 7.5,
],
], // Bold, 7.5pt
'a' => [
'font' => [
'underline' => true,
'color' => [
'argb' => Color::COLOR_BLUE,
],
],
], // Blue underlined
'hr' => [
'borders' => [
'bottom' => [
'style' => Border::BORDER_THIN,
'color' => [
Color::COLOR_BLACK,
],
],
],
], // Bottom border
];
protected $rowspan = [];
/**
* Create a new HTML Reader instance.
*/
public function __construct()
{
$this->readFilter = new DefaultReadFilter();
}
/**
* Validate that the current file is an HTML file.
*
* @param string $pFilename
*
* @throws Exception
*
* @return bool
*/
public function canRead($pFilename)
{
// Check if file exists
try {
$this->openFile($pFilename);
} catch (Exception $e) {
return false;
}
$beginning = $this->readBeginning();
$startWithTag = self::startsWithTag($beginning);
$containsTags = self::containsTags($beginning);
$endsWithTag = self::endsWithTag($this->readEnding());
fclose($this->fileHandle);
return $startWithTag && $containsTags && $endsWithTag;
}
private function readBeginning()
{
fseek($this->fileHandle, 0);
return fread($this->fileHandle, self::TEST_SAMPLE_SIZE);
}
private function readEnding()
{
$meta = stream_get_meta_data($this->fileHandle);
$filename = $meta['uri'];
$size = filesize($filename);
$blockSize = self::TEST_SAMPLE_SIZE;
fseek($this->fileHandle, $size - $blockSize);
return fread($this->fileHandle, $blockSize);
}
private static function startsWithTag($data)
{
return '<' === substr(trim($data), 0, 1);
}
private static function endsWithTag($data)
{
return '>' === substr(trim($data), -1, 1);
}
private static function containsTags($data)
{
return strlen($data) !== strlen(strip_tags($data));
}
/**
* Loads Spreadsheet from file.
*
* @param string $pFilename
*
* @throws Exception
*
* @return Spreadsheet
*/
public function load($pFilename)
{
// Create new Spreadsheet
$spreadsheet = new Spreadsheet();
// Load into this instance
return $this->loadIntoExisting($pFilename, $spreadsheet);
}
/**
* Set input encoding.
*
* @param string $pValue Input encoding, eg: 'ANSI'
*/
public function setInputEncoding($pValue)
{
$this->inputEncoding = $pValue;
return $this;
}
/**
* Get input encoding.
*
* @return string
*/
public function getInputEncoding()
{
return $this->inputEncoding;
}
// Data Array used for testing only, should write to Spreadsheet object on completion of tests
protected $dataArray = [];
protected $tableLevel = 0;
protected $nestedColumn = ['A'];
protected function setTableStartColumn($column)
{
if ($this->tableLevel == 0) {
$column = 'A';
}
++$this->tableLevel;
$this->nestedColumn[$this->tableLevel] = $column;
return $this->nestedColumn[$this->tableLevel];
}
protected function getTableStartColumn()
{
return $this->nestedColumn[$this->tableLevel];
}
protected function releaseTableStartColumn()
{
--$this->tableLevel;
return array_pop($this->nestedColumn);
}
protected function flushCell($sheet, $column, $row, &$cellContent)
{
if (is_string($cellContent)) {
// Simple String content
if (trim($cellContent) > '') {
// Only actually write it if there's content in the string
// Write to worksheet to be done here...
// ... we return the cell so we can mess about with styles more easily
$sheet->setCellValue($column . $row, $cellContent);
$this->dataArray[$row][$column] = $cellContent;
}
} else {
// We have a Rich Text run
// TODO
$this->dataArray[$row][$column] = 'RICH TEXT: ' . $cellContent;
}
$cellContent = (string) '';
}
/**
* @param DOMNode $element
* @param Worksheet $sheet
* @param int $row
* @param string $column
* @param string $cellContent
*/
protected function processDomElement(DOMNode $element, Worksheet $sheet, &$row, &$column, &$cellContent)
{
foreach ($element->childNodes as $child) {
if ($child instanceof DOMText) {
$domText = preg_replace('/\s+/u', ' ', trim($child->nodeValue));
if (is_string($cellContent)) {
// simply append the text if the cell content is a plain text string
$cellContent .= $domText;
}
// but if we have a rich text run instead, we need to append it correctly
// TODO
} elseif ($child instanceof DOMElement) {
$attributeArray = [];
foreach ($child->attributes as $attribute) {
$attributeArray[$attribute->name] = $attribute->value;
}
switch ($child->nodeName) {
case 'meta':
foreach ($attributeArray as $attributeName => $attributeValue) {
switch ($attributeName) {
case 'content':
// TODO
// Extract character set, so we can convert to UTF-8 if required
break;
}
}
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
break;
case 'title':
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
$sheet->setTitle($cellContent, true, false);
$cellContent = '';
break;
case 'span':
case 'div':
case 'font':
case 'i':
case 'em':
case 'strong':
case 'b':
if ($cellContent > '') {
$cellContent .= ' ';
}
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
if ($cellContent > '') {
$cellContent .= ' ';
}
break;
case 'hr':
$this->flushCell($sheet, $column, $row, $cellContent);
++$row;
if (isset($this->formats[$child->nodeName])) {
$sheet->getStyle($column . $row)->applyFromArray($this->formats[$child->nodeName]);
} else {
$cellContent = '----------';
$this->flushCell($sheet, $column, $row, $cellContent);
}
++$row;
// Add a break after a horizontal rule, simply by allowing the code to dropthru
case 'br':
if ($this->tableLevel > 0) {
// If we're inside a table, replace with a \n
$cellContent .= "\n";
} else {
// Otherwise flush our existing content and move the row cursor on
$this->flushCell($sheet, $column, $row, $cellContent);
++$row;
}
break;
case 'a':
foreach ($attributeArray as $attributeName => $attributeValue) {
switch ($attributeName) {
case 'href':
$sheet->getCell($column . $row)->getHyperlink()->setUrl($attributeValue);
if (isset($this->formats[$child->nodeName])) {
$sheet->getStyle($column . $row)->applyFromArray($this->formats[$child->nodeName]);
}
break;
}
}
$cellContent .= ' ';
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
break;
case 'h1':
case 'h2':
case 'h3':
case 'h4':
case 'h5':
case 'h6':
case 'ol':
case 'ul':
case 'p':
if ($this->tableLevel > 0) {
// If we're inside a table, replace with a \n
$cellContent .= "\n";
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
} else {
if ($cellContent > '') {
$this->flushCell($sheet, $column, $row, $cellContent);
++$row;
}
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
$this->flushCell($sheet, $column, $row, $cellContent);
if (isset($this->formats[$child->nodeName])) {
$sheet->getStyle($column . $row)->applyFromArray($this->formats[$child->nodeName]);
}
++$row;
$column = 'A';
}
break;
case 'li':
if ($this->tableLevel > 0) {
// If we're inside a table, replace with a \n
$cellContent .= "\n";
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
} else {
if ($cellContent > '') {
$this->flushCell($sheet, $column, $row, $cellContent);
}
++$row;
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
$this->flushCell($sheet, $column, $row, $cellContent);
$column = 'A';
}
break;
case 'table':
$this->flushCell($sheet, $column, $row, $cellContent);
$column = $this->setTableStartColumn($column);
if ($this->tableLevel > 1) {
--$row;
}
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
$column = $this->releaseTableStartColumn();
if ($this->tableLevel > 1) {
++$column;
} else {
++$row;
}
break;
case 'thead':
case 'tbody':
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
break;
case 'tr':
$column = $this->getTableStartColumn();
$cellContent = '';
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
++$row;
break;
case 'th':
case 'td':
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
// apply inline style
$this->applyInlineStyle($sheet, $row, $column, $attributeArray);
while (isset($this->rowspan[$column . $row])) {
++$column;
}
$this->flushCell($sheet, $column, $row, $cellContent);
if (isset($attributeArray['rowspan']) && isset($attributeArray['colspan'])) {
//create merging rowspan and colspan
$columnTo = $column;
for ($i = 0; $i < $attributeArray['colspan'] - 1; ++$i) {
++$columnTo;
}
$range = $column . $row . ':' . $columnTo . ($row + $attributeArray['rowspan'] - 1);
foreach (Cell::extractAllCellReferencesInRange($range) as $value) {
$this->rowspan[$value] = true;
}
$sheet->mergeCells($range);
$column = $columnTo;
} elseif (isset($attributeArray['rowspan'])) {
//create merging rowspan
$range = $column . $row . ':' . $column . ($row + $attributeArray['rowspan'] - 1);
foreach (Cell::extractAllCellReferencesInRange($range) as $value) {
$this->rowspan[$value] = true;
}
$sheet->mergeCells($range);
} elseif (isset($attributeArray['colspan'])) {
//create merging colspan
$columnTo = $column;
for ($i = 0; $i < $attributeArray['colspan'] - 1; ++$i) {
++$columnTo;
}
$sheet->mergeCells($column . $row . ':' . $columnTo . $row);
$column = $columnTo;
} elseif (isset($attributeArray['bgcolor'])) {
$sheet->getStyle($column . $row)->applyFromArray(
[
'fill' => [
'type' => Fill::FILL_SOLID,
'color' => ['rgb' => $attributeArray['bgcolor']],
],
]
);
}
++$column;
break;
case 'body':
$row = 1;
$column = 'A';
$content = '';
$this->tableLevel = 0;
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
break;
default:
$this->processDomElement($child, $sheet, $row, $column, $cellContent);
}
}
}
}
/**
* Loads PhpSpreadsheet from file into PhpSpreadsheet instance.
*
* @param string $pFilename
* @param Spreadsheet $spreadsheet
*
* @throws Exception
*
* @return Spreadsheet
*/
public function loadIntoExisting($pFilename, Spreadsheet $spreadsheet)
{
// Validate
if (!$this->canRead($pFilename)) {
throw new Exception($pFilename . ' is an Invalid HTML file.');
}
// Create new sheet
while ($spreadsheet->getSheetCount() <= $this->sheetIndex) {
$spreadsheet->createSheet();
}
$spreadsheet->setActiveSheetIndex($this->sheetIndex);
// Create a new DOM object
$dom = new DOMDocument();
// Reload the HTML file into the DOM object
$loaded = $dom->loadHTML(mb_convert_encoding($this->securityScanFile($pFilename), 'HTML-ENTITIES', 'UTF-8'));
if ($loaded === false) {
throw new Exception('Failed to load ' . $pFilename . ' as a DOM Document');
}
// Discard white space
$dom->preserveWhiteSpace = false;
$row = 0;
$column = 'A';
$content = '';
$this->processDomElement($dom, $spreadsheet->getActiveSheet(), $row, $column, $content);
// Return
return $spreadsheet;
}
/**
* Get sheet index.
*
* @return int
*/
public function getSheetIndex()
{
return $this->sheetIndex;
}
/**
* Set sheet index.
*
* @param int $pValue Sheet index
*
* @return HTML
*/
public function setSheetIndex($pValue)
{
$this->sheetIndex = $pValue;
return $this;
}
/**
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks.
*
* @param string $xml
*
* @throws Exception
*/
public function securityScan($xml)
{
$pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/';
if (preg_match($pattern, $xml)) {
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
}
return $xml;
}
/**
* Apply inline css inline style.
*
* NOTES :
* Currently only intended for td & th element,
* and only takes 'background-color' and 'color'; property with HEX color
*
* TODO :
* - Implement to other propertie, such as border
*
* @param Worksheet $sheet
* @param array $attributeArray
* @param int $row
* @param string $column
*/
private function applyInlineStyle(&$sheet, $row, $column, $attributeArray)
{
if (!isset($attributeArray['style'])) {
return;
}
$supported_styles = ['background-color', 'color'];
// add color styles (background & text) from dom element,currently support : td & th, using ONLY inline css style with RGB color
$styles = explode(';', $attributeArray['style']);
foreach ($styles as $st) {
$value = explode(':', $st);
if (empty(trim($value[0])) || !in_array(trim($value[0]), $supported_styles)) {
continue;
}
//check if has #, so we can get clean hex
if (substr(trim($value[1]), 0, 1) == '#') {
$style_color = substr(trim($value[1]), 1);
}
if (empty($style_color)) {
continue;
}
switch (trim($value[0])) {
case 'background-color':
$sheet->getStyle($column . $row)->applyFromArray(['fill' => ['type' => Fill::FILL_SOLID, 'color' => ['rgb' => "{$style_color}"]]]);
break;
case 'color':
$sheet->getStyle($column . $row)->applyFromArray(['font' => ['color' => ['rgb' => "$style_color}"]]]);
break;
}
}
}
}