mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-03 20:58:11 +02:00
Code Issues Releases Wiki Activity

[3.1.0] Move $safe from ElementDef to HTMLModule

Browse Source 
- Make $info in AttrTypes protected, to force cloning
- Remove copy() functions in favor of clone

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1664 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-04-21 23:28:52 +00:00
parent 59605d592b
commit 50aa0ea714
27 changed files with 145 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/HTMLPurifier/AttrTypes.php
View File

@@ -8,7 +8,7 @@ class HTMLPurifier_AttrTypes
/**
* Lookup array of attribute string identifiers to concrete implementations
*/
public $info = array();
protected $info = array();
/**
* Constructs the info array, supplying default implementations for attribute

7
library/HTMLPurifier/Doctype.php
View File

@@ -55,12 +55,5 @@ class HTMLPurifier_Doctype
$this->dtdPublic = $dtd_public;
$this->dtdSystem = $dtd_system;
}
/**
* Clones the doctype, use before resolving modes and the like
*/
public function copy() {
return unserialize(serialize($this));
}
}

4
library/HTMLPurifier/DoctypeRegistry.php
View File

@@ -72,9 +72,7 @@ class HTMLPurifier_DoctypeRegistry
* based or not).
*/
public function make($config) {
$original_doctype = $this->get($this->getDoctypeFromConfig($config));
$doctype = $original_doctype->copy();
return $doctype;
return clone $this->get($this->getDoctypeFromConfig($config));
}
/**

16
library/HTMLPurifier/ElementDef.php
View File

@@ -90,17 +90,11 @@ class HTMLPurifier_ElementDef
*/
public $excludes = array();
/**
* Is this element safe for untrusted users to use?
*/
public $safe;
/**
* Low-level factory constructor for creating new standalone element defs
*/
public static function create($safe, $content_model, $content_model_type, $attr) {
public static function create($content_model, $content_model_type, $attr) {
$def = new HTMLPurifier_ElementDef();
$def->safe = (bool) $safe;
$def->content_model = $content_model;
$def->content_model_type = $content_model_type;
$def->attr = $attr;
@@ -144,7 +138,6 @@ class HTMLPurifier_ElementDef
}
if(!is_null($def->child)) $this->child = $def->child;
if($def->descendants_are_inline) $this->descendants_are_inline = $def->descendants_are_inline;
if(!is_null($def->safe)) $this->safe = $def->safe;
}
@@ -163,13 +156,6 @@ class HTMLPurifier_ElementDef
}
}
/**
* Retrieves a copy of the element definition
*/
public function copy() {
return unserialize(serialize($this));
}
}

2
library/HTMLPurifier/HTMLDefinition.php
View File

@@ -113,7 +113,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$module =& $this->getAnonymousModule();
// assume that if the user is calling this, the element
// is safe. This may not be a good idea
$element =& $module->addElement($element_name, true, $type, $contents, $attr_collections, $attributes);
$element =& $module->addElement($element_name, $type, $contents, $attr_collections, $attributes);
return $element;
}

19
library/HTMLPurifier/HTMLModule.php
View File

@@ -79,6 +79,20 @@ class HTMLPurifier_HTMLModule
*/
public $defines_child_def = false;
/**
* Boolean flag whether or not this module is safe. If it is not safe, all
* of its members are unsafe. Modules are safe by default (this might be
* slightly dangerous, but it doesn't make much sense to force HTML Purifier,
* which is based off of safe HTML, to explicitly say, "This is safe," even
* though there are modules which are "unsafe")
*
* @note Previously, safety could be applied at an element level granularity.
* We've removed this ability, so in order to add "unsafe" elements
* or attributes, a dedicated module with this property set to false
* must be used.
*/
public $safe = true;
/**
* Retrieves a proper HTMLPurifier_ChildDef subclass based on
* content_model and content_model_type member variables of
@@ -94,7 +108,6 @@ class HTMLPurifier_HTMLModule
/**
* Convenience function that sets up a new element
* @param $element Name of element to add
* @param $safe Is element safe for untrusted users to use?
* @param $type What content set should element be registered to?
* Set as false to skip this step.
* @param $contents Allowed children in form of:
@@ -106,7 +119,7 @@ class HTMLPurifier_HTMLModule
* @return Reference to created element definition object, so you
* can set advanced parameters
*/
public function &addElement($element, $safe, $type, $contents, $attr_includes = array(), $attr = array()) {
public function &addElement($element, $type, $contents, $attr_includes = array(), $attr = array()) {
$this->elements[] = $element;
// parse content_model
list($content_model_type, $content_model) = $this->parseContents($contents);
@@ -116,7 +129,7 @@ class HTMLPurifier_HTMLModule
if ($type) $this->addElementToContentSet($element, $type);
// create element
$this->info[$element] = HTMLPurifier_ElementDef::create(
$safe, $content_model, $content_model_type, $attr
$content_model, $content_model_type, $attr
);
// literal object $contents means direct child manipulation
if (!is_string($contents)) $this->info[$element]->child = $contents;

2
library/HTMLPurifier/HTMLModule/Bdo.php
View File

@@ -14,7 +14,7 @@ class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
public function __construct() {
$bdo =& $this->addElement(
'bdo', true, 'Inline', 'Inline', array('Core', 'Lang'),
'bdo', 'Inline', 'Inline', array('Core', 'Lang'),
array(
'dir' => 'Enum#ltr,rtl', // required
// The Abstract Module specification has the attribute

4
library/HTMLPurifier/HTMLModule/Edit.php
View File

@@ -15,8 +15,8 @@ class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
'cite' => 'URI',
// 'datetime' => 'Datetime', // not implemented
);
$this->addElement('del', true, 'Inline', $contents, 'Common', $attr);
$this->addElement('ins', true, 'Inline', $contents, 'Common', $attr);
$this->addElement('del', 'Inline', $contents, 'Common', $attr);
$this->addElement('ins', 'Inline', $contents, 'Common', $attr);
}
// HTML 4.01 specifies that ins/del must not contain block

2
library/HTMLPurifier/HTMLModule/Hypertext.php
View File

@@ -10,7 +10,7 @@ class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
public function __construct() {
$a =& $this->addElement(
'a', true, 'Inline', 'Inline', 'Common',
'a', 'Inline', 'Inline', 'Common',
array(
// 'accesskey' => 'Character',
// 'charset' => 'Charset',

2
library/HTMLPurifier/HTMLModule/Image.php
View File

@@ -12,7 +12,7 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
public function __construct() {
$img =& $this->addElement(
'img', true, 'Inline', 'Empty', 'Common',
'img', 'Inline', 'Empty', 'Common',
array(
'alt*' => 'Text',
'height' => 'Length',

16
library/HTMLPurifier/HTMLModule/Legacy.php
View File

@@ -23,27 +23,27 @@ class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
public function __construct() {
$this->addElement('basefont', true, 'Inline', 'Empty', false, array(
$this->addElement('basefont', 'Inline', 'Empty', false, array(
'color' => 'Color',
'face' => 'Text', // extremely broad, we should
'size' => 'Text', // tighten it
'id' => 'ID'
));
$this->addElement('center', true, 'Block', 'Flow', 'Common');
$this->addElement('dir', true, 'Block', 'Required: li', 'Common', array(
$this->addElement('center', 'Block', 'Flow', 'Common');
$this->addElement('dir', 'Block', 'Required: li', 'Common', array(
'compact' => 'Bool#compact'
));
$this->addElement('font', true, 'Inline', 'Inline', array('Core', 'I18N'), array(
$this->addElement('font', 'Inline', 'Inline', array('Core', 'I18N'), array(
'color' => 'Color',
'face' => 'Text', // extremely broad, we should
'size' => 'Text', // tighten it
));
$this->addElement('menu', true, 'Block', 'Required: li', 'Common', array(
$this->addElement('menu', 'Block', 'Required: li', 'Common', array(
'compact' => 'Bool#compact'
));
$this->addElement('s', true, 'Inline', 'Inline', 'Common');
$this->addElement('strike', true, 'Inline', 'Inline', 'Common');
$this->addElement('u', true, 'Inline', 'Inline', 'Common');
$this->addElement('s', 'Inline', 'Inline', 'Common');
$this->addElement('strike', 'Inline', 'Inline', 'Common');
$this->addElement('u', 'Inline', 'Inline', 'Common');
// setup modifications to old elements

12
library/HTMLPurifier/HTMLModule/List.php
View File

@@ -20,14 +20,14 @@ class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
public $content_sets = array('Flow' => 'List');
public function __construct() {
$this->addElement('ol', true, 'List', 'Required: li', 'Common');
$this->addElement('ul', true, 'List', 'Required: li', 'Common');
$this->addElement('dl', true, 'List', 'Required: dt | dd', 'Common');
$this->addElement('ol', 'List', 'Required: li', 'Common');
$this->addElement('ul', 'List', 'Required: li', 'Common');
$this->addElement('dl', 'List', 'Required: dt | dd', 'Common');
$this->addElement('li', true, false, 'Flow', 'Common');
$this->addElement('li', false, 'Flow', 'Common');
$this->addElement('dd', true, false, 'Flow', 'Common');
$this->addElement('dt', true, false, 'Inline', 'Common');
$this->addElement('dd', false, 'Flow', 'Common');
$this->addElement('dt', false, 'Inline', 'Common');
}
}

5
library/HTMLPurifier/HTMLModule/Object.php
View File

@@ -9,10 +9,11 @@ class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
{
public $name = 'Object';
public $safe = false;
public function __construct() {
$this->addElement('object', false, 'Inline', 'Optional: #PCDATA | Flow | param', 'Common',
$this->addElement('object', 'Inline', 'Optional: #PCDATA | Flow | param', 'Common',
array(
'archive' => 'URI',
'classid' => 'URI',
@@ -29,7 +30,7 @@ class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
)
);
$this->addElement('param', false, false, 'Empty', false,
$this->addElement('param', false, 'Empty', false,
array(
'id' => 'ID',
'name*' => 'Text',

16
library/HTMLPurifier/HTMLModule/Presentation.php
View File

@@ -16,14 +16,14 @@ class HTMLPurifier_HTMLModule_Presentation extends HTMLPurifier_HTMLModule
public $name = 'Presentation';
public function __construct() {
$this->addElement('b', true, 'Inline', 'Inline', 'Common');
$this->addElement('big', true, 'Inline', 'Inline', 'Common');
$this->addElement('hr', true, 'Block', 'Empty', 'Common');
$this->addElement('i', true, 'Inline', 'Inline', 'Common');
$this->addElement('small', true, 'Inline', 'Inline', 'Common');
$this->addElement('sub', true, 'Inline', 'Inline', 'Common');
$this->addElement('sup', true, 'Inline', 'Inline', 'Common');
$this->addElement('tt', true, 'Inline', 'Inline', 'Common');
$this->addElement('b', 'Inline', 'Inline', 'Common');
$this->addElement('big', 'Inline', 'Inline', 'Common');
$this->addElement('hr', 'Block', 'Empty', 'Common');
$this->addElement('i', 'Inline', 'Inline', 'Common');
$this->addElement('small', 'Inline', 'Inline', 'Common');
$this->addElement('sub', 'Inline', 'Inline', 'Common');
$this->addElement('sup', 'Inline', 'Inline', 'Common');
$this->addElement('tt', 'Inline', 'Inline', 'Common');
}
}

2
library/HTMLPurifier/HTMLModule/Proprietary.php
View File

@@ -11,7 +11,7 @@ class HTMLPurifier_HTMLModule_Proprietary extends HTMLPurifier_HTMLModule
public function __construct() {
$this->addElement('marquee', true, 'Inline', 'Flow', 'Common',
$this->addElement('marquee', 'Inline', 'Flow', 'Common',
array(
'direction' => 'Enum#left,right,up,down',
'behavior' => 'Enum#alternate',

12
library/HTMLPurifier/HTMLModule/Ruby.php
View File

@@ -10,16 +10,16 @@ class HTMLPurifier_HTMLModule_Ruby extends HTMLPurifier_HTMLModule
public $name = 'Ruby';
public function __construct() {
$this->addElement('ruby', true, 'Inline',
$this->addElement('ruby', 'Inline',
'Custom: ((rb, (rt | (rp, rt, rp))) | (rbc, rtc, rtc?))',
'Common');
$this->addElement('rbc', true, false, 'Required: rb', 'Common');
$this->addElement('rtc', true, false, 'Required: rt', 'Common');
$rb =& $this->addElement('rb', true, false, 'Inline', 'Common');
$this->addElement('rbc', false, 'Required: rb', 'Common');
$this->addElement('rtc', false, 'Required: rt', 'Common');
$rb =& $this->addElement('rb', false, 'Inline', 'Common');
$rb->excludes = array('ruby' => true);
$rt =& $this->addElement('rt', true, false, 'Inline', 'Common', array('rbspan' => 'Number'));
$rt =& $this->addElement('rt', false, 'Inline', 'Common', array('rbspan' => 'Number'));
$rt->excludes = array('ruby' => true);
$this->addElement('rp', true, false, 'Optional: #PCDATA', 'Common');
$this->addElement('rp', false, 'Optional: #PCDATA', 'Common');
}
}

11
library/HTMLPurifier/HTMLModule/Scripting.php
View File

@@ -31,6 +31,7 @@ class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
public $name = 'Scripting';
public $elements = array('script', 'noscript');
public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
public $safe = false;
public function __construct() {
// TODO: create custom child-definition for noscript that
@@ -41,13 +42,15 @@ class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
// TODO: convert this to new syntax, main problem is getting
// both content sets working
foreach ($this->elements as $element) {
$this->info[$element] = new HTMLPurifier_ElementDef();
$this->info[$element]->safe = false;
}
// In theory, this could be safe, but I don't see any reason to
// allow it.
$this->info['noscript'] = new HTMLPurifier_ElementDef();
$this->info['noscript']->attr = array( 0 => array('Common') );
$this->info['noscript']->content_model = 'Heading | List | Block';
$this->info['noscript']->content_model_type = 'required';
$this->info['script'] = new HTMLPurifier_ElementDef();
$this->info['script']->attr = array(
'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
'src' => new HTMLPurifier_AttrDef_URI(true),

20
library/HTMLPurifier/HTMLModule/Tables.php
View File

@@ -10,9 +10,9 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
public function __construct() {
$this->addElement('caption', true, false, 'Inline', 'Common');
$this->addElement('caption', false, 'Inline', 'Common');
$this->addElement('table', true, 'Block',
$this->addElement('table', 'Block',
new HTMLPurifier_ChildDef_Table(), 'Common',
array(
'border' => 'Pixels',
@@ -40,10 +40,10 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
),
$cell_align
);
$this->addElement('td', true, false, 'Flow', 'Common', $cell_t);
$this->addElement('th', true, false, 'Flow', 'Common', $cell_t);
$this->addElement('td', false, 'Flow', 'Common', $cell_t);
$this->addElement('th', false, 'Flow', 'Common', $cell_t);
$this->addElement('tr', true, false, 'Required: td | th', 'Common', $cell_align);
$this->addElement('tr', false, 'Required: td | th', 'Common', $cell_align);
$cell_col = array_merge(
array(
@@ -52,12 +52,12 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
),
$cell_align
);
$this->addElement('col', true, false, 'Empty', 'Common', $cell_col);
$this->addElement('colgroup', true, false, 'Optional: col', 'Common', $cell_col);
$this->addElement('col', false, 'Empty', 'Common', $cell_col);
$this->addElement('colgroup', false, 'Optional: col', 'Common', $cell_col);
$this->addElement('tbody', true, false, 'Required: tr', 'Common', $cell_align);
$this->addElement('thead', true, false, 'Required: tr', 'Common', $cell_align);
$this->addElement('tfoot', true, false, 'Required: tr', 'Common', $cell_align);
$this->addElement('tbody', false, 'Required: tr', 'Common', $cell_align);
$this->addElement('thead', false, 'Required: tr', 'Common', $cell_align);
$this->addElement('tfoot', false, 'Required: tr', 'Common', $cell_align);
}

48
library/HTMLPurifier/HTMLModule/Text.php
View File

@@ -23,38 +23,38 @@ class HTMLPurifier_HTMLModule_Text extends HTMLPurifier_HTMLModule
public function __construct() {
// Inline Phrasal -------------------------------------------------
$this->addElement('abbr', true, 'Inline', 'Inline', 'Common');
$this->addElement('acronym', true, 'Inline', 'Inline', 'Common');
$this->addElement('cite', true, 'Inline', 'Inline', 'Common');
$this->addElement('code', true, 'Inline', 'Inline', 'Common');
$this->addElement('dfn', true, 'Inline', 'Inline', 'Common');
$this->addElement('em', true, 'Inline', 'Inline', 'Common');
$this->addElement('kbd', true, 'Inline', 'Inline', 'Common');
$this->addElement('q', true, 'Inline', 'Inline', 'Common', array('cite' => 'URI'));
$this->addElement('samp', true, 'Inline', 'Inline', 'Common');
$this->addElement('strong', true, 'Inline', 'Inline', 'Common');
$this->addElement('var', true, 'Inline', 'Inline', 'Common');
$this->addElement('abbr', 'Inline', 'Inline', 'Common');
$this->addElement('acronym', 'Inline', 'Inline', 'Common');
$this->addElement('cite', 'Inline', 'Inline', 'Common');
$this->addElement('code', 'Inline', 'Inline', 'Common');
$this->addElement('dfn', 'Inline', 'Inline', 'Common');
$this->addElement('em', 'Inline', 'Inline', 'Common');
$this->addElement('kbd', 'Inline', 'Inline', 'Common');
$this->addElement('q', 'Inline', 'Inline', 'Common', array('cite' => 'URI'));
$this->addElement('samp', 'Inline', 'Inline', 'Common');
$this->addElement('strong', 'Inline', 'Inline', 'Common');
$this->addElement('var', 'Inline', 'Inline', 'Common');
// Inline Structural ----------------------------------------------
$this->addElement('span', true, 'Inline', 'Inline', 'Common');
$this->addElement('br', true, 'Inline', 'Empty', 'Core');
$this->addElement('span', 'Inline', 'Inline', 'Common');
$this->addElement('br', 'Inline', 'Empty', 'Core');
// Block Phrasal --------------------------------------------------
$this->addElement('address', true, 'Block', 'Inline', 'Common');
$this->addElement('blockquote', true, 'Block', 'Optional: Heading | Block | List', 'Common', array('cite' => 'URI') );
$pre =& $this->addElement('pre', true, 'Block', 'Inline', 'Common');
$this->addElement('address', 'Block', 'Inline', 'Common');
$this->addElement('blockquote', 'Block', 'Optional: Heading | Block | List', 'Common', array('cite' => 'URI') );
$pre =& $this->addElement('pre', 'Block', 'Inline', 'Common');
$pre->excludes = $this->makeLookup(
'img', 'big', 'small', 'object', 'applet', 'font', 'basefont' );
$this->addElement('h1', true, 'Heading', 'Inline', 'Common');
$this->addElement('h2', true, 'Heading', 'Inline', 'Common');
$this->addElement('h3', true, 'Heading', 'Inline', 'Common');
$this->addElement('h4', true, 'Heading', 'Inline', 'Common');
$this->addElement('h5', true, 'Heading', 'Inline', 'Common');
$this->addElement('h6', true, 'Heading', 'Inline', 'Common');
$this->addElement('h1', 'Heading', 'Inline', 'Common');
$this->addElement('h2', 'Heading', 'Inline', 'Common');
$this->addElement('h3', 'Heading', 'Inline', 'Common');
$this->addElement('h4', 'Heading', 'Inline', 'Common');
$this->addElement('h5', 'Heading', 'Inline', 'Common');
$this->addElement('h6', 'Heading', 'Inline', 'Common');
// Block Structural -----------------------------------------------
$this->addElement('p', true, 'Block', 'Inline', 'Common');
$this->addElement('div', true, 'Block', 'Flow', 'Common');
$this->addElement('p', 'Block', 'Inline', 'Common');
$this->addElement('div', 'Block', 'Flow', 'Common');
}

59
library/HTMLPurifier/HTMLModuleManager.php
View File

@@ -59,9 +59,7 @@ class HTMLPurifier_HTMLModuleManager
$this->attrTypes = new HTMLPurifier_AttrTypes();
$this->doctypes = new HTMLPurifier_DoctypeRegistry();
// setup default HTML doctypes
// module reuse
// setup basic modules
$common = array(
'CommonAttributes', 'Text', 'Hypertext', 'List',
'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
@@ -71,6 +69,7 @@ class HTMLPurifier_HTMLModuleManager
$xml = array('XMLCommonAttributes');
$non_xml = array('NonXMLCommonAttributes');
// setup basic doctypes
$this->doctypes->register(
'HTML 4.01 Transitional', false,
array_merge($common, $transitional, $non_xml),
@@ -124,6 +123,9 @@ class HTMLPurifier_HTMLModuleManager
* @param $module Mixed: string module name, with or without
* HTMLPurifier_HTMLModule prefix, or instance of
* subclass of HTMLPurifier_HTMLModule.
* @param $overload Boolean whether or not to overload previous modules.
* If this is not set, and you do overload a module,
* HTML Purifier will complain with a warning.
* @note This function will not call autoload, you must instantiate
* (and thus invoke) autoload outside the method.
* @note If a string is passed as a module name, different variants
@@ -135,11 +137,8 @@ class HTMLPurifier_HTMLModuleManager
* If your object name collides with an internal class, specify
* your module manually. All modules must have been included
* externally: registerModule will not perform inclusions for you!
* @warning If your module has the same name as an already loaded
* module, your module will overload the old one WITHOUT
* warning.
*/
public function registerModule($module) {
public function registerModule($module, $overload = false) {
if (is_string($module)) {
// attempt to load the module
$original_module = $module;
@@ -165,6 +164,9 @@ class HTMLPurifier_HTMLModuleManager
trigger_error('Module instance of ' . get_class($module) . ' must have name');
return;
}
if (!$overload && isset($this->registeredModules[$module->name])) {
trigger_error('Overloading ' . $module->name . ' without explicit overload parameter', E_USER_WARNING);
}
$this->registeredModules[$module->name] = $module;
}
@@ -274,10 +276,9 @@ class HTMLPurifier_HTMLModuleManager
$elements = array();
foreach ($this->modules as $module) {
if (!$this->trusted && !$module->safe) continue;
foreach ($module->info as $name => $v) {
if (isset($elements[$name])) continue;
// if element is not safe, don't use it
if (!$this->trusted && ($v->safe === false)) continue;
$elements[$name] = $this->getElement($name);
}
}
@@ -298,43 +299,45 @@ class HTMLPurifier_HTMLModuleManager
* @param $trusted Boolean trusted overriding parameter: set to true
* if you want the full version of an element
* @return Merged HTMLPurifier_ElementDef
* @note You may notice that modules are getting iterated over twice (once
* in getElements() and once here). This
* is because
*/
public function getElement($name, $trusted = null) {
$def = false;
if ($trusted === null) $trusted = $this->trusted;
$modules = $this->modules;
if (!isset($this->elementLookup[$name])) {
return false;
}
// setup global state variables
$def = false;
if ($trusted === null) $trusted = $this->trusted;
// iterate through each module that has registered itself to this
// element
foreach($this->elementLookup[$name] as $module_name) {
$module = $modules[$module_name];
$module = $this->modules[$module_name];
// copy is used because, ideally speaking, the original
// definition should not be modified. Usually, this will
// make no difference, but for consistency's sake
$new_def = $module->info[$name]->copy();
// refuse to create/merge in a definition that is deemed unsafe
if (!$trusted && ($new_def->safe === false)) {
$def = false;
// refuse to create/merge from a module that is deemed unsafe--
// pretend the module doesn't exist--when trusted mode is not on.
if (!$trusted && !$module->safe) {
continue;
}
// clone is used because, ideally speaking, the original
// definition should not be modified. Usually, this will
// make no difference, but for consistency's sake
$new_def = clone $module->info[$name];
if (!$def && $new_def->standalone) {
// element with unknown safety is not to be trusted.
// however, a merge-in definition with undefined safety
// is fine
if (!$trusted && !$new_def->safe) continue;
$def = $new_def;
} elseif ($def) {
// This will occur even if $new_def is standalone. In practice,
// this will usually result in a full replacement.
$def->mergeIn($new_def);
} else {
// could "save it for another day":
// :TODO:
// non-standalone definitions that don't have a standalone
// to merge into could be deferred to the end
continue;

7
library/HTMLPurifier/URI.php
View File

@@ -105,12 +105,5 @@ class HTMLPurifier_URI
return $result;
}
/**
* Returns a copy of the URI object
*/
public function copy() {
return unserialize(serialize($this));
}
}

2
library/HTMLPurifier/URIFilter/MakeAbsolute.php
View File

@@ -27,7 +27,7 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
is_null($uri->host) && is_null($uri->query) && is_null($uri->fragment)
) {
// reference to current document
$uri = $this->base->copy();
$uri = clone $this->base;
return true;
}
if (!is_null($uri->scheme)) {