diff --git a/NEWS b/NEWS
index 96abd22e..8f9d14cc 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
of DOM), HTML Purifier punts to DirectLex
- Fatal error with unserialization of ScriptRequired
+- Created directories are now chmod'ed properly
. Out-of-date documentation revised
. UTF-8 encoding check optimization as suggested by Diego
. HTMLPurifier_Error removed in favor of exceptions
diff --git a/TODO b/TODO
index db82c4c2..eca4768c 100644
--- a/TODO
+++ b/TODO
@@ -11,12 +11,6 @@ If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented!
- - Figure out what to do with $this->config configuration object calls
- in the scanner
- - Quick optimizations for empty strings and strings without HTML (make sure
- %HTML.Parent is accounted for) - Denis
- - Ensure cache files by Serializer are chmod'ed properly - Denis
-
FUTURE VERSIONS
---------------
diff --git a/configdoc/usage.xml b/configdoc/usage.xml
index 286f8d16..0d7346b3 100644
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@@ -94,6 +94,16 @@
41
+
+
+ 70
+
+
+
+
+ 84
+
+
213
diff --git a/library/HTMLPurifier/DefinitionCache/Serializer.php b/library/HTMLPurifier/DefinitionCache/Serializer.php
index be3c9ef9..ef082217 100644
--- a/library/HTMLPurifier/DefinitionCache/Serializer.php
+++ b/library/HTMLPurifier/DefinitionCache/Serializer.php
@@ -100,18 +100,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
* @return Number of bytes written if success, or false if failure.
*/
private function _write($file, $data) {
- static $file_put_contents;
- if ($file_put_contents === null) {
- $file_put_contents = function_exists('file_put_contents');
- }
- if ($file_put_contents) {
- return file_put_contents($file, $data);
- }
- $fh = fopen($file, 'w');
- if (!$fh) return false;
- $status = fwrite($fh, $data);
- fclose($fh);
- return $status;
+ return file_put_contents($file, $data);
}
/**
@@ -130,7 +119,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
} elseif (!$this->_testPermissions($base)) {
return false;
}
+ $old = umask(0022); // disable group and world writes
mkdir($directory);
+ umask($old);
} elseif (!$this->_testPermissions($directory)) {
return false;
}
diff --git a/library/HTMLPurifier/Generator.php b/library/HTMLPurifier/Generator.php
index 736772da..e35ce8cf 100644
--- a/library/HTMLPurifier/Generator.php
+++ b/library/HTMLPurifier/Generator.php
@@ -29,7 +29,7 @@ class HTMLPurifier_Generator
/**
* Configuration for the generator
*/
- private $_config;
+ protected $config;
/**
* @param $config Instance of HTMLPurifier_Config
@@ -37,7 +37,7 @@ class HTMLPurifier_Generator
*/
public function __construct($config = null, $context = null) {
if (!$config) $config = HTMLPurifier_Config::createDefault();
- $this->_config = $config;
+ $this->config = $config;
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
$this->_def = $config->getHTMLDefinition();
$this->_xhtml = $this->_def->doctype->xml;
@@ -67,7 +67,7 @@ class HTMLPurifier_Generator
}
// Tidy cleanup
- if (extension_loaded('tidy') && $this->_config->get('Output', 'TidyFormat')) {
+ if (extension_loaded('tidy') && $this->config->get('Output', 'TidyFormat')) {
$tidy = new Tidy;
$tidy->parseString($html, array(
'indent'=> true,
@@ -81,7 +81,7 @@ class HTMLPurifier_Generator
}
// Normalize newlines to system defined value
- $nl = $this->_config->get('Output', 'Newline');
+ $nl = $this->config->get('Output', 'Newline');
if ($nl === null) $nl = PHP_EOL;
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
return $html;
diff --git a/maintenance/config-scanner.php b/maintenance/config-scanner.php
index fb786b02..d933f875 100644
--- a/maintenance/config-scanner.php
+++ b/maintenance/config-scanner.php
@@ -62,7 +62,19 @@ foreach ($files as $file) {
$tokens = token_get_all(file_get_contents($file));
$file = str_replace('\\', '/', $file);
for ($i = 0, $c = count($tokens); $i < $c; $i++) {
- if (!testToken($tokens[$i], T_VARIABLE, '$config')) continue;
+ $ok = false;
+ // Match $config
+ if (!$ok && testToken($tokens[$i], T_VARIABLE, '$config')) $ok = true;
+ // Match $this->config
+ while (!$ok && testToken($tokens[$i], T_VARIABLE, '$this')) {
+ consumeWhitespace($tokens, $i);
+ if (!testToken($tokens[$i], T_OBJECT_OPERATOR)) break;
+ consumeWhitespace($tokens, $i);
+ if (testToken($tokens[$i], T_STRING, 'config')) $ok = true;
+ break;
+ }
+ if (!$ok) continue;
+
$ok = false;
for($i++; $i < $c; $i++) {
if ($tokens[$i] === ',' || $tokens[$i] === ')' || $tokens[$i] === ';') {
@@ -86,31 +98,40 @@ foreach ($files as $file) {
$full_counter++;
- // The T_CONSTANT_ENCAPSED_STRING may hide some more obscure use-cases;
- // it may be useful to log these.
- consumeWhitespace($tokens, $i);
- if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
- $namespace = substr($tokens[$i][1], 1, -1);
+ $matched = false;
+ do {
+
+ // What we currently don't match are batch retrievals, and
+ // wildcard retrievals. This data might be useful in the future,
+ // which is why we have a do {} while loop that doesn't actually
+ // do anything.
+
+ consumeWhitespace($tokens, $i);
+ if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
+ $namespace = substr($tokens[$i][1], 1, -1);
+
+ consumeWhitespace($tokens, $i);
+ if (!testToken($tokens[$i], ',')) continue;
+
+ consumeWhitespace($tokens, $i);
+ if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
+ $directive = substr($tokens[$i][1], 1, -1);
+
+ $counter++;
+ $matched = true;
+
+ $id = "$namespace.$directive";
+ if (!isset($tracker[$id])) $tracker[$id] = array();
+ if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
+ $tracker[$id][$file][] = $line;
+
+ } while (0);
- consumeWhitespace($tokens, $i);
- if (!testToken($tokens[$i], ',')) continue;
-
- consumeWhitespace($tokens, $i);
- if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
- $directive = substr($tokens[$i][1], 1, -1);
-
- $counter++;
-
- $id = "$namespace.$directive";
- if (!isset($tracker[$id])) $tracker[$id] = array();
- if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
- $tracker[$id][$file][] = $line;
-
- // echo "$file:$line uses $namespace.$directive\n";
+ //echo "$file:$line uses $namespace.$directive\n";
}
}
-echo "\n$counter/$full_counter instances of \$config found in source code.\n";
+echo "\n$counter/$full_counter instances of \$config or \$this->config found in source code.\n";
echo "Generating XML... ";