mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-04 21:28:06 +02:00
Release 2.0.1, merged in 1181 to HEAD.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/strict@1255 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
@@ -127,4 +127,3 @@ class HTMLPurifier_AttrCollections
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -84,4 +84,3 @@ class HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -66,4 +66,3 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -84,4 +84,3 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -127,4 +127,3 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -42,4 +42,3 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -98,4 +98,3 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -35,4 +35,3 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -148,4 +148,3 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -59,4 +59,3 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -53,4 +53,3 @@ class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -77,4 +77,3 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -55,4 +55,3 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -58,4 +58,3 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -40,4 +40,3 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -34,4 +34,3 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -55,4 +55,3 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -63,4 +63,3 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -27,4 +27,3 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -32,4 +32,3 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -31,4 +31,3 @@ class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -118,4 +118,3 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -41,4 +41,3 @@ class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -70,4 +70,3 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -41,4 +41,3 @@ class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Le
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -48,4 +48,3 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -34,4 +34,3 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -72,4 +72,3 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -72,4 +72,3 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -14,4 +14,3 @@ class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -302,4 +302,4 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -14,4 +14,3 @@ class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -20,4 +20,3 @@ class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_UR
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -51,4 +51,3 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -39,4 +39,3 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -98,4 +98,3 @@ class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -55,4 +55,3 @@ class HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -28,4 +28,3 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -23,4 +23,3 @@ extends HTMLPurifier_AttrTransform {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -36,4 +36,3 @@ extends HTMLPurifier_AttrTransform {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -17,4 +17,3 @@ class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -57,4 +57,3 @@ class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -51,4 +51,3 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -44,4 +44,3 @@ extends HTMLPurifier_AttrTransform {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -27,4 +27,3 @@ class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -26,4 +26,3 @@ class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -18,4 +18,3 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -79,4 +79,4 @@ class HTMLPurifier_AttrTypes
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -1,32 +1,53 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Validates the attributes of a token. Doesn't manage required attributes
|
||||
* very well. The only reason we factored this out was because RemoveForeignElements
|
||||
* also needed it besides ValidateAttributes.
|
||||
*/
|
||||
class HTMLPurifier_AttrValidator
|
||||
{
|
||||
|
||||
|
||||
function validateToken($token, &$config, &$context) {
|
||||
/**
|
||||
* Validates the attributes of a token, returning a modified token
|
||||
* that has valid tokens
|
||||
* @param $token Reference to token to validate. We require a reference
|
||||
* because the operation this class performs on the token are
|
||||
* not atomic, so the context CurrentToken to be updated
|
||||
* throughout
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
* @param $context Instance of HTMLPurifier_Context
|
||||
*/
|
||||
function validateToken(&$token, &$config, &$context) {
|
||||
|
||||
$definition = $config->getHTMLDefinition();
|
||||
$e =& $context->get('ErrorCollector', true);
|
||||
|
||||
// initialize CurrentToken if necessary
|
||||
$current_token =& $context->get('CurrentToken', true);
|
||||
if (!$current_token) $context->register('CurrentToken', $token);
|
||||
|
||||
if ($token->type !== 'start' && $token->type !== 'empty') return $token;
|
||||
|
||||
// create alias to global definition array, see also $defs
|
||||
// DEFINITION CALL
|
||||
$d_defs = $definition->info_global_attr;
|
||||
|
||||
// copy out attributes for easy manipulation
|
||||
$attr = $token->attr;
|
||||
// reference attributes for easy manipulation
|
||||
$attr =& $token->attr;
|
||||
|
||||
// do global transformations (pre)
|
||||
// nothing currently utilizes this
|
||||
foreach ($definition->info_attr_transform_pre as $transform) {
|
||||
$attr = $transform->transform($attr, $config, $context);
|
||||
$attr = $transform->transform($o = $attr, $config, $context);
|
||||
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
|
||||
}
|
||||
|
||||
// do local transformations only applicable to this element (pre)
|
||||
// ex. <p align="right"> to <p style="text-align:right;">
|
||||
foreach ($definition->info[$token->name]->attr_transform_pre
|
||||
as $transform
|
||||
) {
|
||||
$attr = $transform->transform($attr, $config, $context);
|
||||
foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
|
||||
$attr = $transform->transform($o = $attr, $config, $context);
|
||||
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
|
||||
}
|
||||
|
||||
// create alias to this element's attribute definition array, see
|
||||
@@ -34,6 +55,9 @@ class HTMLPurifier_AttrValidator
|
||||
// DEFINITION CALL
|
||||
$defs = $definition->info[$token->name]->attr;
|
||||
|
||||
$attr_key = false;
|
||||
$context->register('CurrentAttr', $attr_key);
|
||||
|
||||
// iterate through all the attribute keypairs
|
||||
// Watch out for name collisions: $key has previously been used
|
||||
foreach ($attr as $attr_key => $value) {
|
||||
@@ -67,9 +91,17 @@ class HTMLPurifier_AttrValidator
|
||||
|
||||
// put the results into effect
|
||||
if ($result === false || $result === null) {
|
||||
// this is a generic error message that should replaced
|
||||
// with more specific ones when possible
|
||||
if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
|
||||
|
||||
// remove the attribute
|
||||
unset($attr[$attr_key]);
|
||||
} elseif (is_string($result)) {
|
||||
// generally, if a substitution is happening, there
|
||||
// was some sort of implicit correction going on. We'll
|
||||
// delegate it to the attribute classes to say exactly what.
|
||||
|
||||
// simple substitution
|
||||
$attr[$attr_key] = $result;
|
||||
}
|
||||
@@ -81,25 +113,27 @@ class HTMLPurifier_AttrValidator
|
||||
// others would prepend themselves).
|
||||
}
|
||||
|
||||
$context->destroy('CurrentAttr');
|
||||
|
||||
// post transforms
|
||||
|
||||
// ex. <x lang="fr"> to <x lang="fr" xml:lang="fr">
|
||||
// global (error reporting untested)
|
||||
foreach ($definition->info_attr_transform_post as $transform) {
|
||||
$attr = $transform->transform($attr, $config, $context);
|
||||
$attr = $transform->transform($o = $attr, $config, $context);
|
||||
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
|
||||
}
|
||||
|
||||
// ex. <bdo> to <bdo dir="ltr">
|
||||
// local (error reporting untested)
|
||||
foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
|
||||
$attr = $transform->transform($attr, $config, $context);
|
||||
$attr = $transform->transform($o = $attr, $config, $context);
|
||||
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
|
||||
}
|
||||
|
||||
// commit changes
|
||||
$token->attr = $attr;
|
||||
return $token;
|
||||
// destroy CurrentToken if we made it ourselves
|
||||
if (!$current_token) $context->destroy('CurrentToken');
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -226,4 +226,3 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -36,6 +36,11 @@ class HTMLPurifier_ChildDef
|
||||
*/
|
||||
var $allow_empty;
|
||||
|
||||
/**
|
||||
* Lookup array of all elements that this definition could possibly allow
|
||||
*/
|
||||
var $elements = array();
|
||||
|
||||
/**
|
||||
* Validates nodes according to definition and returns modification.
|
||||
*
|
||||
@@ -52,4 +57,4 @@ class HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -35,6 +35,7 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
|
||||
function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
|
||||
$this->inline = new HTMLPurifier_ChildDef_Optional($inline);
|
||||
$this->block = new HTMLPurifier_ChildDef_Optional($block);
|
||||
$this->elements = $this->block->elements;
|
||||
}
|
||||
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
@@ -48,4 +49,3 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -44,6 +44,12 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
// COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
|
||||
// DOING! Seriously: if there's problems, please report them.
|
||||
|
||||
// collect all elements into the $elements array
|
||||
preg_match_all("/$el/", $reg, $matches);
|
||||
foreach ($matches[0] as $match) {
|
||||
$this->elements[$match] = true;
|
||||
}
|
||||
|
||||
// setup all elements as parentheticals with leading commas
|
||||
$reg = preg_replace("/$el/", '(,\\0)', $reg);
|
||||
|
||||
@@ -85,4 +91,3 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -19,4 +19,3 @@ class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -20,4 +20,3 @@ class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -25,7 +25,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
$elements = array_flip($elements);
|
||||
foreach ($elements as $i => $x) {
|
||||
$elements[$i] = true;
|
||||
if (empty($i)) unset($elements[$i]);
|
||||
if (empty($i)) unset($elements[$i]); // remove blank
|
||||
}
|
||||
}
|
||||
$this->elements = $elements;
|
||||
@@ -109,4 +109,3 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -73,4 +73,3 @@ extends HTMLPurifier_ChildDef_Required
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -9,6 +9,8 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
|
||||
{
|
||||
var $allow_empty = false;
|
||||
var $type = 'table';
|
||||
var $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
|
||||
'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true);
|
||||
function HTMLPurifier_ChildDef_Table() {}
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
if (empty($tokens_of_children)) return false;
|
||||
@@ -139,4 +141,3 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -41,7 +41,7 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* HTML Purifier's version
|
||||
*/
|
||||
var $version = '2.0.0';
|
||||
var $version = '2.0.1';
|
||||
|
||||
/**
|
||||
* Two-level associative array of configuration directives
|
||||
@@ -152,11 +152,15 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* Returns a md5 signature of a segment of the configuration object
|
||||
* that uniquely identifies that particular configuration
|
||||
* @note Revision is handled specially and is removed from the batch
|
||||
* before processing!
|
||||
* @param $namespace Namespace to get serial for
|
||||
*/
|
||||
function getBatchSerial($namespace) {
|
||||
if (empty($this->serials[$namespace])) {
|
||||
$this->serials[$namespace] = md5(serialize($this->getBatch($namespace)));
|
||||
$batch = $this->getBatch($namespace);
|
||||
unset($batch['DefinitionRev']);
|
||||
$this->serials[$namespace] = md5(serialize($batch));
|
||||
}
|
||||
return $this->serials[$namespace];
|
||||
}
|
||||
@@ -243,14 +247,16 @@ class HTMLPurifier_Config
|
||||
* called before it's been setup, otherwise won't work.
|
||||
*/
|
||||
function &getHTMLDefinition($raw = false) {
|
||||
return $this->getDefinition('HTML', $raw);
|
||||
$def =& $this->getDefinition('HTML', $raw);
|
||||
return $def; // prevent PHP 4.4.0 from complaining
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves reference to the CSS definition
|
||||
*/
|
||||
function &getCSSDefinition($raw = false) {
|
||||
return $this->getDefinition('CSS', $raw);
|
||||
$def =& $this->getDefinition('CSS', $raw);
|
||||
return $def;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -267,6 +273,7 @@ class HTMLPurifier_Config
|
||||
if (!empty($this->definitions[$type])) {
|
||||
if (!$this->definitions[$type]->setup) {
|
||||
$this->definitions[$type]->setup($this);
|
||||
$cache->set($this->definitions[$type], $this);
|
||||
}
|
||||
return $this->definitions[$type];
|
||||
}
|
||||
@@ -298,7 +305,7 @@ class HTMLPurifier_Config
|
||||
if (is_null($this->get($type, 'DefinitionID'))) {
|
||||
// fatally error out if definition ID not set
|
||||
trigger_error("Cannot retrieve raw version without specifying %$type.DefinitionID", E_USER_ERROR);
|
||||
$false = false;
|
||||
$false = new HTMLPurifier_Error();
|
||||
return $false;
|
||||
}
|
||||
return $this->definitions[$type];
|
||||
@@ -333,25 +340,78 @@ class HTMLPurifier_Config
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of array(namespace, directive) for all directives
|
||||
* that are allowed in a web-form context as per an allowed
|
||||
* namespaces/directives list.
|
||||
* @param $allowed List of allowed namespaces/directives
|
||||
* @static
|
||||
*/
|
||||
static function getAllowedDirectivesForForm($allowed) {
|
||||
$schema = HTMLPurifier_ConfigSchema::instance();
|
||||
if ($allowed !== true) {
|
||||
if (is_string($allowed)) $allowed = array($allowed);
|
||||
$allowed_ns = array();
|
||||
$allowed_directives = array();
|
||||
$blacklisted_directives = array();
|
||||
foreach ($allowed as $ns_or_directive) {
|
||||
if (strpos($ns_or_directive, '.') !== false) {
|
||||
// directive
|
||||
if ($ns_or_directive[0] == '-') {
|
||||
$blacklisted_directives[substr($ns_or_directive, 1)] = true;
|
||||
} else {
|
||||
$allowed_directives[$ns_or_directive] = true;
|
||||
}
|
||||
} else {
|
||||
// namespace
|
||||
$allowed_ns[$ns_or_directive] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
$ret = array();
|
||||
foreach ($schema->info as $ns => $keypairs) {
|
||||
foreach ($keypairs as $directive => $def) {
|
||||
if ($allowed !== true) {
|
||||
if (isset($blacklisted_directives["$ns.$directive"])) continue;
|
||||
if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
|
||||
}
|
||||
if ($def->class == 'alias') continue;
|
||||
if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
|
||||
$ret[] = array($ns, $directive);
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads configuration values from $_GET/$_POST that were posted
|
||||
* via ConfigForm
|
||||
* @param $array $_GET or $_POST array to import
|
||||
* @param $index Index/name that the config variables are in
|
||||
* @param $allowed List of allowed namespaces/directives
|
||||
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
||||
* @static
|
||||
*/
|
||||
function loadArrayFromForm($array, $index, $mq_fix = true) {
|
||||
static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
||||
$mq = get_magic_quotes_gpc() && $mq_fix;
|
||||
foreach ($array as $key => $value) {
|
||||
if (!strncmp($key, 'Null_', 5) && !empty($value)) {
|
||||
unset($array[substr($key, 5)]);
|
||||
unset($array[$key]);
|
||||
|
||||
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
|
||||
$ret = array();
|
||||
foreach ($allowed as $key) {
|
||||
list($ns, $directive) = $key;
|
||||
$skey = "$ns.$directive";
|
||||
if (!empty($array["Null_$skey"])) {
|
||||
$ret[$ns][$directive] = null;
|
||||
continue;
|
||||
}
|
||||
if ($mq) $array[$key] = stripslashes($value);
|
||||
if (!isset($array[$skey])) continue;
|
||||
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
|
||||
$ret[$ns][$directive] = $value;
|
||||
}
|
||||
return @HTMLPurifier_Config::create($array);
|
||||
|
||||
$config = HTMLPurifier_Config::create($ret);
|
||||
return $config;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -392,4 +452,4 @@ class HTMLPurifier_Config
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -7,4 +7,3 @@ class HTMLPurifier_ConfigDef {
|
||||
var $class = false;
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -61,6 +61,12 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
||||
*/
|
||||
var $aliases = array();
|
||||
|
||||
/**
|
||||
* Advisory list of directive aliases, i.e. other directives that
|
||||
* redirect here
|
||||
*/
|
||||
var $directiveAliases = array();
|
||||
|
||||
/**
|
||||
* Adds a description to the array
|
||||
*/
|
||||
@@ -71,4 +77,3 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -24,4 +24,3 @@ class HTMLPurifier_ConfigDef_DirectiveAlias extends HTMLPurifier_ConfigDef
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -20,4 +20,3 @@ class HTMLPurifier_ConfigDef_Namespace extends HTMLPurifier_ConfigDef {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -67,6 +67,8 @@ class HTMLPurifier_ConfigSchema {
|
||||
$this->defineNamespace('URI', 'Features regarding Uniform Resource Identifiers.');
|
||||
$this->defineNamespace('HTML', 'Configuration regarding allowed HTML.');
|
||||
$this->defineNamespace('CSS', 'Configuration regarding allowed CSS.');
|
||||
$this->defineNamespace('AutoFormat', 'Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s)');
|
||||
$this->defineNamespace('AutoFormatParam', 'Configuration for customizing auto-formatting functionality');
|
||||
$this->defineNamespace('Output', 'Configuration relating to the generation of (X)HTML.');
|
||||
$this->defineNamespace('Cache', 'Configuration for DefinitionCache and related subclasses.');
|
||||
$this->defineNamespace('Test', 'Developer testing configuration for our unit tests.');
|
||||
@@ -293,6 +295,7 @@ class HTMLPurifier_ConfigSchema {
|
||||
$def->info[$namespace][$name] =
|
||||
new HTMLPurifier_ConfigDef_DirectiveAlias(
|
||||
$new_namespace, $new_name);
|
||||
$def->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -401,4 +404,4 @@ class HTMLPurifier_ConfigSchema {
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -147,4 +147,3 @@ class HTMLPurifier_ContentSets
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
/**
|
||||
* Registry object that contains information about the current context.
|
||||
* @warning Is a bit buggy when variables are set to null: it thinks
|
||||
* they don't exist! So use false instead, please.
|
||||
*/
|
||||
class HTMLPurifier_Context
|
||||
{
|
||||
@@ -19,7 +21,7 @@ class HTMLPurifier_Context
|
||||
*/
|
||||
function register($name, &$ref) {
|
||||
if (isset($this->_storage[$name])) {
|
||||
trigger_error('Name collision, cannot re-register',
|
||||
trigger_error("Name $name produces collision, cannot re-register",
|
||||
E_USER_ERROR);
|
||||
return;
|
||||
}
|
||||
@@ -29,11 +31,14 @@ class HTMLPurifier_Context
|
||||
/**
|
||||
* Retrieves a variable reference from the context.
|
||||
* @param $name String name
|
||||
* @param $ignore_error Boolean whether or not to ignore error
|
||||
*/
|
||||
function &get($name) {
|
||||
function &get($name, $ignore_error = false) {
|
||||
if (!isset($this->_storage[$name])) {
|
||||
trigger_error('Attempted to retrieve non-existent variable',
|
||||
E_USER_ERROR);
|
||||
if (!$ignore_error) {
|
||||
trigger_error("Attempted to retrieve non-existent variable $name",
|
||||
E_USER_ERROR);
|
||||
}
|
||||
$var = null; // so we can return by reference
|
||||
return $var;
|
||||
}
|
||||
@@ -46,7 +51,7 @@ class HTMLPurifier_Context
|
||||
*/
|
||||
function destroy($name) {
|
||||
if (!isset($this->_storage[$name])) {
|
||||
trigger_error('Attempted to destroy non-existent variable',
|
||||
trigger_error("Attempted to destroy non-existent variable $name",
|
||||
E_USER_ERROR);
|
||||
return;
|
||||
}
|
||||
@@ -73,4 +78,3 @@ class HTMLPurifier_Context
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -38,4 +38,3 @@ class HTMLPurifier_Definition
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -4,6 +4,8 @@ require_once 'HTMLPurifier/DefinitionCache/Serializer.php';
|
||||
require_once 'HTMLPurifier/DefinitionCache/Null.php';
|
||||
|
||||
require_once 'HTMLPurifier/DefinitionCache/Decorator.php';
|
||||
require_once 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
|
||||
require_once 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
|
||||
|
||||
/**
|
||||
* Abstract class representing Definition cache managers that implements
|
||||
@@ -36,8 +38,8 @@ class HTMLPurifier_DefinitionCache
|
||||
*/
|
||||
function generateKey($config) {
|
||||
return $config->version . '-' . // possibly replace with function calls
|
||||
$config->get($this->type, 'DefinitionRev') . '-' .
|
||||
$config->getBatchSerial($this->type);
|
||||
$config->getBatchSerial($this->type) . '-' .
|
||||
$config->get($this->type, 'DefinitionRev');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -47,11 +49,17 @@ class HTMLPurifier_DefinitionCache
|
||||
* @param $config Instance of HTMLPurifier_Config to test against
|
||||
*/
|
||||
function isOld($key, $config) {
|
||||
list($version, $revision, $hash) = explode('-', $key, 3);
|
||||
if (substr_count($key, '-') < 2) return true;
|
||||
list($version, $hash, $revision) = explode('-', $key, 3);
|
||||
$compare = version_compare($version, $config->version);
|
||||
if ($compare > 0) return false;
|
||||
if ($compare == 0 && $revision >= $config->get($this->type, 'DefinitionRev')) return false;
|
||||
return true;
|
||||
// version mismatch, is always old
|
||||
if ($compare != 0) return true;
|
||||
// versions match, ids match, check revision number
|
||||
if (
|
||||
$hash == $config->getBatchSerial($this->type) &&
|
||||
$revision < $config->get($this->type, 'DefinitionRev')
|
||||
) return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -118,4 +126,3 @@ class HTMLPurifier_DefinitionCache
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -2,9 +2,6 @@
|
||||
|
||||
require_once 'HTMLPurifier/DefinitionCache.php';
|
||||
|
||||
require_once 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
|
||||
require_once 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
|
||||
|
||||
class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCache
|
||||
{
|
||||
|
||||
@@ -60,4 +57,3 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -42,4 +42,3 @@ class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -45,4 +45,3 @@ class HTMLPurifier_DefinitionCache_Decorator_Memory extends
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -44,4 +44,3 @@ class HTMLPurifier_DefinitionCache_Decorator_Template extends
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -34,4 +34,3 @@ class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -21,14 +21,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
if (file_exists($file)) return false;
|
||||
$this->_prepareDir($config);
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
function set($def, $config) {
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
$this->_prepareDir($config);
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
if (!file_exists($file)) return false;
|
||||
$this->_prepareDir($config);
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
@@ -53,6 +53,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
}
|
||||
|
||||
function flush($config) {
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
$dir = $this->generateDirectoryPath($config);
|
||||
$dh = opendir($dir);
|
||||
while (false !== ($filename = readdir($dh))) {
|
||||
@@ -63,7 +64,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
}
|
||||
|
||||
function cleanup($config) {
|
||||
$this->_prepareDir($config);
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
$dir = $this->generateDirectoryPath($config);
|
||||
$dh = opendir($dir);
|
||||
while (false !== ($filename = readdir($dh))) {
|
||||
@@ -88,9 +89,18 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
* @note No trailing slash
|
||||
*/
|
||||
function generateDirectoryPath($config) {
|
||||
$base = $this->generateBaseDirectoryPath($config);
|
||||
return $base . '/' . $this->type;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates path to base directory that contains all definition type
|
||||
* serials
|
||||
*/
|
||||
function generateBaseDirectoryPath($config) {
|
||||
$base = $config->get('Cache', 'SerializerPath');
|
||||
$base = is_null($base) ? dirname(__FILE__) . '/Serializer' : $base;
|
||||
return $base . '/' . $this->type;
|
||||
return $base;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,14 +126,65 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
|
||||
/**
|
||||
* Prepares the directory that this type stores the serials in
|
||||
* @return True if successful
|
||||
*/
|
||||
function _prepareDir($config) {
|
||||
$directory = $this->generateDirectoryPath($config);
|
||||
if (!is_dir($directory)) {
|
||||
$base = $this->generateBaseDirectoryPath($config);
|
||||
if (!is_dir($base)) {
|
||||
trigger_error('Base directory '.$base.' does not exist,
|
||||
please create or change using %Cache.SerializerPath',
|
||||
E_USER_ERROR);
|
||||
return false;
|
||||
} elseif (!$this->_testPermissions($base)) {
|
||||
return false;
|
||||
}
|
||||
mkdir($directory);
|
||||
} elseif (!$this->_testPermissions($directory)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests permissions on a directory and throws out friendly
|
||||
* error messages and attempts to chmod it itself if possible
|
||||
*/
|
||||
function _testPermissions($dir) {
|
||||
// early abort, if it is writable, everything is hunky-dory
|
||||
if (is_writable($dir)) return true;
|
||||
if (!is_dir($dir)) {
|
||||
// generally, you'll want to handle this beforehand
|
||||
// so a more specific error message can be given
|
||||
trigger_error('Directory '.$dir.' does not exist',
|
||||
E_USER_ERROR);
|
||||
return false;
|
||||
}
|
||||
if (function_exists('posix_getuid')) {
|
||||
// POSIX system, we can give more specific advice
|
||||
if (fileowner($dir) === posix_getuid()) {
|
||||
// we can chmod it ourselves
|
||||
chmod($dir, 0755);
|
||||
return true;
|
||||
} elseif (filegroup($dir) === posix_getgid()) {
|
||||
$chmod = '775';
|
||||
} else {
|
||||
// PHP's probably running as nobody, so we'll
|
||||
// need to give global permissions
|
||||
$chmod = '777';
|
||||
}
|
||||
trigger_error('Directory '.$dir.' not writable, '.
|
||||
'please chmod to ' . $chmod,
|
||||
E_USER_ERROR);
|
||||
} else {
|
||||
// generic error message
|
||||
trigger_error('Directory '.$dir.' not writable, '.
|
||||
'please alter file permissions',
|
||||
E_USER_ERROR);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -3,7 +3,7 @@
|
||||
require_once 'HTMLPurifier/DefinitionCache.php';
|
||||
|
||||
HTMLPurifier_ConfigSchema::define(
|
||||
'Core', 'DefinitionCache', 'Serializer', 'string/null', '
|
||||
'Cache', 'DefinitionImpl', 'Serializer', 'string/null', '
|
||||
This directive defines which method to use when caching definitions,
|
||||
the complex data-type that makes HTML Purifier tick. Set to null
|
||||
to disable caching (not recommended, as you will see a definite
|
||||
@@ -11,7 +11,12 @@ performance degradation). This directive has been available since 2.0.0.
|
||||
');
|
||||
|
||||
HTMLPurifier_ConfigSchema::defineAllowedValues(
|
||||
'Core', 'DefinitionCache', array('Serializer')
|
||||
'Cache', 'DefinitionImpl', array('Serializer')
|
||||
);
|
||||
|
||||
HTMLPurifier_ConfigSchema::defineAlias(
|
||||
'Core', 'DefinitionCache',
|
||||
'Cache', 'DefinitionImpl'
|
||||
);
|
||||
|
||||
|
||||
@@ -54,7 +59,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
function &create($type, $config) {
|
||||
// only one implementation as for right now, $config will
|
||||
// be used to determine implementation
|
||||
$method = $config->get('Core', 'DefinitionCache');
|
||||
$method = $config->get('Cache', 'DefinitionImpl');
|
||||
if ($method === null) {
|
||||
$null = new HTMLPurifier_DefinitionCache_Null($type);
|
||||
return $null;
|
||||
@@ -87,4 +92,3 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -3,6 +3,8 @@
|
||||
/**
|
||||
* Represents a document type, contains information on which modules
|
||||
* need to be loaded.
|
||||
* @note This class is inspected by Printer_HTMLDefinition->renderDoctype.
|
||||
* If structure changes, please update that function.
|
||||
*/
|
||||
class HTMLPurifier_Doctype
|
||||
{
|
||||
@@ -32,24 +34,33 @@ class HTMLPurifier_Doctype
|
||||
*/
|
||||
var $aliases = array();
|
||||
|
||||
/**
|
||||
* Public DTD identifier
|
||||
*/
|
||||
var $dtdPublic;
|
||||
|
||||
/**
|
||||
* System DTD identifier
|
||||
*/
|
||||
var $dtdSystem;
|
||||
|
||||
function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
|
||||
$tidyModules = array(), $aliases = array()
|
||||
$tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||
) {
|
||||
$this->name = $name;
|
||||
$this->xml = $xml;
|
||||
$this->modules = $modules;
|
||||
$this->tidyModules = $tidyModules;
|
||||
$this->aliases = $aliases;
|
||||
$this->dtdPublic = $dtd_public;
|
||||
$this->dtdSystem = $dtd_system;
|
||||
}
|
||||
|
||||
/**
|
||||
* Clones the doctype, use before resolving modes and the like
|
||||
*/
|
||||
function copy() {
|
||||
return new HTMLPurifier_Doctype(
|
||||
$this->name, $this->xml, $this->modules, $this->tidyModules, $this->aliases
|
||||
);
|
||||
return unserialize(serialize($this));
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -44,14 +44,14 @@ class HTMLPurifier_DoctypeRegistry
|
||||
* @return Reference to registered doctype (usable for further editing)
|
||||
*/
|
||||
function ®ister($doctype, $xml = true, $modules = array(),
|
||||
$tidy_modules = array(), $aliases = array()
|
||||
$tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||
) {
|
||||
if (!is_array($modules)) $modules = array($modules);
|
||||
if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
|
||||
if (!is_array($aliases)) $aliases = array($aliases);
|
||||
if (!is_object($doctype)) {
|
||||
$doctype = new HTMLPurifier_Doctype(
|
||||
$doctype, $xml, $modules, $tidy_modules, $aliases
|
||||
$doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
|
||||
);
|
||||
}
|
||||
$this->doctypes[$doctype->name] =& $doctype;
|
||||
@@ -76,7 +76,7 @@ class HTMLPurifier_DoctypeRegistry
|
||||
function &get($doctype) {
|
||||
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
|
||||
if (!isset($this->doctypes[$doctype])) {
|
||||
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist');
|
||||
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
|
||||
$anon = new HTMLPurifier_Doctype($doctype);
|
||||
return $anon;
|
||||
}
|
||||
@@ -103,9 +103,9 @@ class HTMLPurifier_DoctypeRegistry
|
||||
function getDoctypeFromConfig($config) {
|
||||
// recommended test
|
||||
$doctype = $config->get('HTML', 'Doctype');
|
||||
if ($doctype !== null) {
|
||||
return $doctype;
|
||||
}
|
||||
if (!empty($doctype)) return $doctype;
|
||||
$doctype = $config->get('HTML', 'CustomDoctype');
|
||||
if (!empty($doctype)) return $doctype;
|
||||
// backwards-compatibility
|
||||
if ($config->get('HTML', 'XHTML')) {
|
||||
$doctype = 'XHTML 1.0';
|
||||
@@ -122,4 +122,3 @@ class HTMLPurifier_DoctypeRegistry
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -3,6 +3,8 @@
|
||||
/**
|
||||
* Structure that stores an HTML element definition. Used by
|
||||
* HTMLPurifier_HTMLDefinition and HTMLPurifier_HTMLModule.
|
||||
* @note This class is inspected by HTMLPurifier_Printer_HTMLDefinition.
|
||||
* Please update that class too.
|
||||
*/
|
||||
class HTMLPurifier_ElementDef
|
||||
{
|
||||
@@ -69,13 +71,6 @@ class HTMLPurifier_ElementDef
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Lookup table of tags that close this tag. Used during parsing
|
||||
* to make sure we don't attempt to nest unclosed tags.
|
||||
* @public
|
||||
*/
|
||||
var $auto_close = array();
|
||||
|
||||
/**
|
||||
* Does the element have a content model (#PCDATA | Inline)*? This
|
||||
* is important for chameleon ins and del processing in
|
||||
@@ -149,7 +144,6 @@ class HTMLPurifier_ElementDef
|
||||
}
|
||||
$this->_mergeAssocArray($this->attr_transform_pre, $def->attr_transform_pre);
|
||||
$this->_mergeAssocArray($this->attr_transform_post, $def->attr_transform_post);
|
||||
$this->_mergeAssocArray($this->auto_close, $def->auto_close);
|
||||
$this->_mergeAssocArray($this->excludes, $def->excludes);
|
||||
|
||||
if(!empty($def->content_model)) {
|
||||
@@ -190,4 +184,4 @@ class HTMLPurifier_ElementDef
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -398,4 +398,3 @@ class HTMLPurifier_Encoder
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -43,4 +43,3 @@ class HTMLPurifier_EntityLookup {
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -154,4 +154,3 @@ class HTMLPurifier_EntityParser
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -5,4 +5,3 @@
|
||||
*/
|
||||
class HTMLPurifier_Error {}
|
||||
|
||||
?>
|
||||
@@ -10,15 +10,54 @@ class HTMLPurifier_ErrorCollector
|
||||
{
|
||||
|
||||
var $errors = array();
|
||||
var $locale;
|
||||
var $generator;
|
||||
var $context;
|
||||
|
||||
function HTMLPurifier_ErrorCollector(&$context) {
|
||||
$this->locale =& $context->get('Locale');
|
||||
$this->generator =& $context->get('Generator');
|
||||
$this->context =& $context;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sends an error message to the collector for later use
|
||||
* @param string Error message text
|
||||
* @param HTMLPurifier_Token Token that caused error
|
||||
* @param array Tokens surrounding the offending token above, use true as placeholder
|
||||
* @param $line Integer line number, or HTMLPurifier_Token that caused error
|
||||
* @param $severity int Error severity, PHP error style (don't use E_USER_)
|
||||
* @param $msg string Error message text
|
||||
*/
|
||||
function send($msg, $token, $context_tokens = array(true)) {
|
||||
$this->errors[] = array($msg, $token, $context_tokens);
|
||||
function send($severity, $msg) {
|
||||
|
||||
$args = array();
|
||||
if (func_num_args() > 2) {
|
||||
$args = func_get_args();
|
||||
array_shift($args);
|
||||
unset($args[0]);
|
||||
}
|
||||
|
||||
$token = $this->context->get('CurrentToken', true);
|
||||
$line = $token ? $token->line : $this->context->get('CurrentLine', true);
|
||||
$attr = $this->context->get('CurrentAttr', true);
|
||||
|
||||
// perform special substitutions, also add custom parameters
|
||||
$subst = array();
|
||||
if (!is_null($token)) {
|
||||
$args['CurrentToken'] = $token;
|
||||
}
|
||||
if (!is_null($attr)) {
|
||||
$subst['$CurrentAttr.Name'] = $attr;
|
||||
if (isset($token->attr[$attr])) $subst['$CurrentAttr.Value'] = $token->attr[$attr];
|
||||
}
|
||||
|
||||
if (empty($args)) {
|
||||
$msg = $this->locale->getMessage($msg);
|
||||
} else {
|
||||
$msg = $this->locale->formatMessage($msg, $args);
|
||||
}
|
||||
|
||||
if (!empty($subst)) $msg = strtr($msg, $subst);
|
||||
|
||||
$this->errors[] = array($line, $severity, $msg);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -35,39 +74,45 @@ class HTMLPurifier_ErrorCollector
|
||||
* @param $config Configuration array, vital for HTML output nature
|
||||
*/
|
||||
function getHTMLFormatted($config) {
|
||||
$generator = new HTMLPurifier_Generator();
|
||||
$context = new HTMLPurifier_Context();
|
||||
$generator->generateFromTokens(array(), $config, $context); // initialize
|
||||
$ret = array();
|
||||
|
||||
$errors = $this->errors;
|
||||
|
||||
// sort error array by line
|
||||
if ($config->get('Core', 'MaintainLineNumbers')) {
|
||||
$lines = array();
|
||||
foreach ($errors as $error) $lines[] = $error[1]->line;
|
||||
array_multisort($lines, SORT_ASC, $errors);
|
||||
// line numbers are enabled if they aren't explicitly disabled
|
||||
if ($config->get('Core', 'MaintainLineNumbers') !== false) {
|
||||
$has_line = array();
|
||||
$lines = array();
|
||||
$original_order = array();
|
||||
foreach ($errors as $i => $error) {
|
||||
$has_line[] = (int) (bool) $error[0];
|
||||
$lines[] = $error[0];
|
||||
$original_order[] = $i;
|
||||
}
|
||||
array_multisort($has_line, SORT_DESC, $lines, SORT_ASC, $original_order, SORT_ASC, $errors);
|
||||
}
|
||||
|
||||
foreach ($errors as $error) {
|
||||
$string = $generator->escape($error[0]); // message
|
||||
if (!empty($error[1]->line)) {
|
||||
$string .= ' at line ' . $error[1]->line;
|
||||
list($line, $severity, $msg) = $error;
|
||||
$string = '';
|
||||
$string .= '<strong>' . $this->locale->getErrorName($severity) . '</strong>: ';
|
||||
$string .= $this->generator->escape($msg);
|
||||
if ($line) {
|
||||
// have javascript link generation that causes
|
||||
// textarea to skip to the specified line
|
||||
$string .= $this->locale->formatMessage(
|
||||
'ErrorCollector: At line', array('line' => $line));
|
||||
}
|
||||
$string .= ' (<code>';
|
||||
foreach ($error[2] as $token) {
|
||||
if ($token !== true) {
|
||||
$string .= $generator->escape($generator->generateFromToken($token));
|
||||
} else {
|
||||
$string .= '<strong>' . $generator->escape($generator->generateFromToken($error[1])) . '</strong>';
|
||||
}
|
||||
}
|
||||
$string .= '</code>)';
|
||||
$ret[] = $string;
|
||||
}
|
||||
return $ret;
|
||||
|
||||
if (empty($errors)) {
|
||||
return '<p>' . $this->locale->getMessage('ErrorCollector: No errors') . '</p>';
|
||||
} else {
|
||||
return '<ul><li>' . implode('</li><li>', $ret) . '</li></ul>';
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -36,4 +36,3 @@ class HTMLPurifier_Filter
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -31,4 +31,3 @@ class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -4,7 +4,7 @@ HTMLPurifier_ConfigSchema::define(
|
||||
'Output', 'CommentScriptContents', true, 'bool',
|
||||
'Determines whether or not HTML Purifier should attempt to fix up '.
|
||||
'the contents of script tags for legacy browsers with comments. This '.
|
||||
'directive was available since 1.7.'
|
||||
'directive was available since 2.0.0.'
|
||||
);
|
||||
HTMLPurifier_ConfigSchema::defineAlias('Core', 'CommentScriptContents', 'Output', 'CommentScriptContents');
|
||||
|
||||
@@ -35,9 +35,19 @@ HTML
|
||||
);
|
||||
HTMLPurifier_ConfigSchema::defineAlias('Core', 'TidyFormat', 'Output', 'TidyFormat');
|
||||
|
||||
HTMLPurifier_ConfigSchema::define('Output', 'Newline', null, 'string/null', '
|
||||
<p>
|
||||
Newline string to format final output with. If left null, HTML Purifier
|
||||
will auto-detect the default newline type of the system and use that;
|
||||
you can manually override it here. Remember, \r\n is Windows, \r
|
||||
is Mac, and \n is Unix. This directive was available since 2.0.1.
|
||||
</p>
|
||||
');
|
||||
|
||||
/**
|
||||
* Generates HTML from tokens.
|
||||
* @todo Create a configuration-wide instance that all objects retrieve
|
||||
* @todo Refactor interface so that configuration/context is determined
|
||||
* upon instantiation, no need for messy generateFromTokens() calls
|
||||
*/
|
||||
class HTMLPurifier_Generator
|
||||
{
|
||||
@@ -76,13 +86,17 @@ class HTMLPurifier_Generator
|
||||
|
||||
if (!$tokens) return '';
|
||||
for ($i = 0, $size = count($tokens); $i < $size; $i++) {
|
||||
if ($this->_scriptFix && $tokens[$i]->name === 'script') {
|
||||
if ($this->_scriptFix && $tokens[$i]->name === 'script'
|
||||
&& $i + 2 < $size && $tokens[$i+2]->type == 'end') {
|
||||
// script special case
|
||||
// the contents of the script block must be ONE token
|
||||
// for this to work
|
||||
$html .= $this->generateFromToken($tokens[$i++]);
|
||||
$html .= $this->generateScriptFromToken($tokens[$i++]);
|
||||
while ($tokens[$i]->name != 'script') {
|
||||
$html .= $this->generateScriptFromToken($tokens[$i++]);
|
||||
}
|
||||
// We're not going to do this: it wouldn't be valid anyway
|
||||
//while ($tokens[$i]->name != 'script') {
|
||||
// $html .= $this->generateScriptFromToken($tokens[$i++]);
|
||||
//}
|
||||
}
|
||||
$html .= $this->generateFromToken($tokens[$i]);
|
||||
}
|
||||
@@ -110,6 +124,10 @@ class HTMLPurifier_Generator
|
||||
$html = (string) $tidy;
|
||||
}
|
||||
}
|
||||
// normalize newlines to system
|
||||
$nl = $config->get('Output', 'Newline');
|
||||
if ($nl === null) $nl = PHP_EOL;
|
||||
$html = str_replace("\n", $nl, $html);
|
||||
return $html;
|
||||
}
|
||||
|
||||
@@ -148,10 +166,12 @@ class HTMLPurifier_Generator
|
||||
* --> somewhere inside the script contents.
|
||||
*/
|
||||
function generateScriptFromToken($token) {
|
||||
if (!$token->type == 'text') return $this->generateFromToken($token);
|
||||
return '<!--' . PHP_EOL . $token->data . PHP_EOL . '// -->';
|
||||
if ($token->type != 'text') return $this->generateFromToken($token);
|
||||
// return '<!--' . "\n" . trim($token->data) . "\n" . '// -->';
|
||||
// more advanced version:
|
||||
// return '<!--//--><![CDATA[//><!--' . PHP_EOL . $token->data . PHP_EOL . '//--><!]]>';
|
||||
// thanks <http://lachy.id.au/log/2005/05/script-comments>
|
||||
$data = preg_replace('#//\s*$#', '', $token->data);
|
||||
return '<!--//--><![CDATA[//><!--' . "\n" . trim($data) . "\n" . '//--><!]]>';
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -186,4 +206,3 @@ class HTMLPurifier_Generator
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -145,8 +145,8 @@ HTMLPurifier_ConfigSchema::define(
|
||||
* Purifier internals. Many of them, however, are public, and may be
|
||||
* edited by userspace code to tweak the behavior of HTMLDefinition.
|
||||
*
|
||||
* HTMLPurifier_Printer_HTMLDefinition is a notable exception to this
|
||||
* rule: in the interest of comprehensiveness, it will sniff everything.
|
||||
* @note This class is inspected by Printer_HTMLDefinition; please
|
||||
* update that class if things here change.
|
||||
*/
|
||||
class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
||||
{
|
||||
@@ -451,4 +451,4 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -221,4 +221,3 @@ class HTMLPurifier_HTMLModule
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -31,4 +31,3 @@ class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -24,4 +24,3 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
|
||||
);
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -38,4 +38,3 @@ class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -30,4 +30,3 @@ class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -34,4 +34,3 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -138,4 +138,3 @@ class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -26,8 +26,7 @@ class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
|
||||
$this->addElement('ul', true, 'List', 'Required: li', 'Common');
|
||||
$this->addElement('dl', true, 'List', 'Required: dt | dd', 'Common');
|
||||
|
||||
$li =& $this->addElement('li', true, false, 'Flow', 'Common');
|
||||
$li->auto_close = array('li' => true);
|
||||
$this->addElement('li', true, false, 'Flow', 'Common');
|
||||
|
||||
$this->addElement('dd', true, false, 'Flow', 'Common');
|
||||
$this->addElement('dt', true, false, 'Inline', 'Common');
|
||||
@@ -35,4 +34,3 @@ class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -13,4 +13,3 @@ class HTMLPurifier_HTMLModule_NonXMLCommonAttributes extends HTMLPurifier_HTMLMo
|
||||
);
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -30,4 +30,3 @@ class HTMLPurifier_HTMLModule_Presentation extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -5,14 +5,6 @@
|
||||
WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
|
||||
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
|
||||
|
||||
Usage:
|
||||
|
||||
require_once 'HTMLPurifier/HTMLModule/Scripting.php';
|
||||
$def =& $config->getHTMLDefinition(true); // get the raw version
|
||||
$def->manager->addModule('Scripting');
|
||||
|
||||
This must come before any other calls to getHTMLDefinition()
|
||||
|
||||
*/
|
||||
|
||||
/**
|
||||
@@ -63,9 +55,9 @@ class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
|
||||
);
|
||||
$this->info['script']->content_model = '#PCDATA';
|
||||
$this->info['script']->content_model_type = 'optional';
|
||||
$this->info['script']->attr_transform_pre['type'] =
|
||||
$this->info['script']->attr_transform_post['type'] =
|
||||
new HTMLPurifier_AttrTransform_ScriptRequired();
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -24,4 +24,3 @@ class HTMLPurifier_HTMLModule_StyleAttribute extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -56,10 +56,7 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
|
||||
$cell_align
|
||||
);
|
||||
$this->addElement('col', true, false, 'Empty', 'Common', $cell_col);
|
||||
$colgroup =& $this->addElement('colgroup', true, false, 'Optional: col', 'Common', $cell_col);
|
||||
$colgroup->auto_close = $this->makeLookup(
|
||||
'thead', 'tbody', 'tfoot', 'tr'
|
||||
);
|
||||
$this->addElement('colgroup', true, false, 'Optional: col', 'Common', $cell_col);
|
||||
|
||||
$this->addElement('tbody', true, false, 'Required: tr', 'Common', $cell_align);
|
||||
$this->addElement('thead', true, false, 'Required: tr', 'Common', $cell_align);
|
||||
@@ -69,4 +66,3 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user