Release 2.0.0, merged in 1026 to HEAD.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/strict@1179 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 03:10:09 +02:00 · 2007-06-21 00:36:12 +00:00
parent c35eb3e95f
commit 0101311193
172 changed files with 7713 additions and 2520 deletions
--- a/library/HTMLPurifier/ElementDef.php
+++ b/library/HTMLPurifier/ElementDef.php
@@ -51,6 +51,8 @@ class HTMLPurifier_ElementDef
     * Abstract string representation of internal ChildDef rules. See
     * HTMLPurifier_ContentSets for how this is parsed and then transformed
     * into an HTMLPurifier_ChildDef.
+     * @warning This is a temporary variable that is not available after
+     *      being processed by HTMLDefinition
     * @public
     */
    var $content_model;
@@ -58,6 +60,9 @@ class HTMLPurifier_ElementDef
    /**
     * Value of $child->type, used to determine which ChildDef to use,
     * used in combination with $content_model.
+     * @warning This must be lowercase
+     * @warning This is a temporary variable that is not available after
+     *      being processed by HTMLDefinition
     * @public
     */
    var $content_model_type;
@@ -78,14 +83,47 @@ class HTMLPurifier_ElementDef
     * have to worry about this one.
     * @public
     */
-    var $descendants_are_inline;
+    var $descendants_are_inline = false;
+    
+    /**
+     * List of the names of required attributes this element has. Dynamically
+     * populated.
+     * @public
+     */
+    var $required_attr = array();
    
    /**
     * Lookup table of tags excluded from all descendants of this tag.
+     * @note SGML permits exclusions for all descendants, but this is
+     *       not possible with DTDs or XML Schemas. W3C has elected to
+     *       use complicated compositions of content_models to simulate
+     *       exclusion for children, but we go the simpler, SGML-style
+     *       route of flat-out exclusions, which correctly apply to
+     *       all descendants and not just children. Note that the XHTML
+     *       Modularization Abstract Modules are blithely unaware of such
+     *       distinctions.
     * @public
     */
    var $excludes = array();
    
+    /**
+     * Is this element safe for untrusted users to use?
+     */
+    var $safe;
+    
+    /**
+     * Low-level factory constructor for creating new standalone element defs
+     * @static
+     */
+    static function create($safe, $content_model, $content_model_type, $attr) {
+        $def = new HTMLPurifier_ElementDef();
+        $def->safe = (bool) $safe;
+        $def->content_model = $content_model;
+        $def->content_model_type = $content_model_type;
+        $def->attr = $attr;
+        return $def;
+    }
+    
    /**
     * Merges the values of another element definition into this one.
     * Values from the new element def take precedence if a value is
@@ -99,24 +137,57 @@ class HTMLPurifier_ElementDef
                // merge in the includes
                // sorry, no way to override an include
                foreach ($v as $v2) {
-                    $def->attr[0][] = $v2;
+                    $this->attr[0][] = $v2;
                }
                continue;
            }
+            if ($v === false) {
+                if (isset($this->attr[$k])) unset($this->attr[$k]);
+                continue;
+            }
            $this->attr[$k] = $v;
        }
-        foreach($def->attr_transform_pre    as $k => $v) $this->attr_transform_pre[$k]  = $v;
-        foreach($def->attr_transform_post   as $k => $v) $this->attr_transform_post[$k] = $v;
-        foreach($def->auto_close            as $k => $v) $this->auto_close[$k]          = $v;
-        foreach($def->excludes              as $k => $v) $this->excludes[$k]            = $v;
+        $this->_mergeAssocArray($this->attr_transform_pre, $def->attr_transform_pre);
+        $this->_mergeAssocArray($this->attr_transform_post, $def->attr_transform_post);
+        $this->_mergeAssocArray($this->auto_close, $def->auto_close);
+        $this->_mergeAssocArray($this->excludes, $def->excludes);
        
+        if(!empty($def->content_model)) {
+            $this->content_model .= ' | ' . $def->content_model;
+            $this->child = false;
+        }
+        if(!empty($def->content_model_type)) {
+            $this->content_model_type = $def->content_model_type;
+            $this->child = false;
+        }
        if(!is_null($def->child)) $this->child = $def->child;
-        if(!empty($def->content_model)) $this->content_model .= ' | ' . $def->content_model;
-        if(!empty($def->content_model_type)) $this->content_model_type = $def->content_model_type;
-        if(!is_null($def->descendants_are_inline)) $this->descendants_are_inline = $def->descendants_are_inline;
+        if($def->descendants_are_inline) $this->descendants_are_inline = $def->descendants_are_inline;
+        if(!is_null($def->safe)) $this->safe = $def->safe;
        
    }
    
+    /**
+     * Merges one array into another, removes values which equal false
+     * @param $a1 Array by reference that is merged into
+     * @param $a2 Array that merges into $a1
+     */
+    function _mergeAssocArray(&$a1, $a2) {
+        foreach ($a2 as $k => $v) {
+            if ($v === false) {
+                if (isset($a1[$k])) unset($a1[$k]);
+                continue;
+            }
+            $a1[$k] = $v;
+        }
+    }
+    
+    /**
+     * Retrieves a copy of the element definition
+     */
+    function copy() {
+        return unserialize(serialize($this));
+    }
+    
 }

 ?>