[2.1.5] [MFH] Complete the imagecrash added protection fixes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1785 48356398-32a2-884e-a903-53898d9a118a
2025-08-05 13:47:24 +02:00 · 2008-06-11 01:53:31 +00:00
parent 0dbe87bbc7
commit 234cd2196f
13 changed files with 457 additions and 109 deletions
--- a/library/HTMLPurifier/Length.php
+++ b/library/HTMLPurifier/Length.php
@@ -2,7 +2,7 @@

 /**
 * Represents a measurable length, with a string numeric magnitude
- * and a unit.
+ * and a unit. This object is immutable.
 */
 class HTMLPurifier_Length
 {
@@ -18,12 +18,17 @@ class HTMLPurifier_Length
    var $unit;
    
    /**
+     * Whether or not this length is valid. Null if not calculated yet.
+     */
+    var $isValid;
+    
+    /*
     * @param number $n Magnitude
     * @param string $u Unit
     */
    function HTMLPurifier_Length($n = '0', $u = false) {
-        $this->n = $n;
-        $this->unit = $u;
+        $this->n = (string) $n;
+        $this->unit = $u !== false ? (string) $u : false;
    }
    
    /**
@@ -31,6 +36,7 @@ class HTMLPurifier_Length
     * @warning Does not perform validation.
     */
    function make($s) {
+        if (is_a($s, 'HTMLPurifier_Length')) return $s;
        $n_length = strspn($s, '1234567890.+-');
        $n = substr($s, 0, $n_length);
        $unit = substr($s, $n_length);
@@ -40,20 +46,22 @@ class HTMLPurifier_Length
    
    /**
     * Validates the number and unit.
-     * @param bool $non_negative Whether or not to disable negative values.
-     * @note Maybe should be put in another class.
     */
-    function validate($non_negative = false, $config, $context) {
+    function validate() {
        // Special case:
+
        static $allowedUnits = array(
            'em' => true, 'ex' => true, 'px' => true, 'in' => true,
            'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
        );
+        if ($this->n === '+0' || $this->n === '-0') $this->n = '0';
        if ($this->n === '0' && $this->unit === false) return true;
        if (!ctype_lower($this->unit)) $this->unit = strtolower($this->unit);
        if (!isset($allowedUnits[$this->unit])) return false;
-        $def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
-        $result = $def->validate($this->n, $config, $context);
+        // Hack:
+        $def = new HTMLPurifier_AttrDef_CSS_Number();
+        $a = false; // hack hack
+        $result = $def->validate($this->n, $a, $a);
        if ($result === false) return false;
        $this->n = $result;
        return true;
@@ -63,7 +71,41 @@ class HTMLPurifier_Length
     * Returns string representation of number.
     */
    function toString() {
+        if (!$this->isValid()) return false;
        return $this->n . $this->unit;
    }
    
+    /**
+     * Retrieves string numeric magnitude.
+     */
+    function getN() {return $this->n;}
+    
+    /**
+     * Retrieves string unit.
+     */
+    function getUnit() {return $this->unit;}
+    
+    /**
+     * Returns true if this length unit is valid.
+     */
+    function isValid() {
+        if ($this->isValid === null) $this->isValid = $this->validate();
+        return $this->isValid;
+    }
+    
+    /**
+     * Compares two lengths, and returns 1 if greater, -1 if less and 0 if equal.
+     * @warning If both values are too large or small, this calculation will
+     *          not work properly
+     */
+    function compareTo($l) {
+        if ($l === false) return false;
+        if ($l->unit !== $this->unit) {
+            $converter = new HTMLPurifier_UnitConverter();
+            $l = $converter->convert($l, $this->unit);
+            if ($l === false) return false;
+        }
+        return $this->n - $l->n;
+    }
+    
 }