Release 3.0.0.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1483 48356398-32a2-884e-a903-53898d9a118a

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 2.1.3
+PROJECT_NUMBER         = 3.0.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 
@@ -539,7 +539,8 @@ EXCLUDE_PATTERNS       = */tests/* \
                          */maintenance/* \
                          */smoketests/* \
                          */library/standalone/* \
-                         */.svn*
+                         */.svn* \
+                         */conf/*
 
 # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names 
 # (namespaces, classes, functions, etc.) that should be excluded from the output. 

INSTALL

@@ -14,11 +14,12 @@ basic sanity checks to get the most out of this library.
 ---------------------------------------------------------------------------
 1.  Compatibility
 
-HTML Purifier works in both PHP 4 and PHP 5, and is actively tested from 
-PHP 4.3.7 and up (see tests/multitest.php for specific versions). It has 
-no core dependencies with other libraries. PHP 4 support will be 
-deprecated on December 31, 2007, at which time only essential security 
-fixes will be issued for the PHP 4 version until August 8, 2008. 
+HTML Purifier is PHP 5 only, and is actively tested from PHP 5.0.0 and 
+up (see tests/multitest.php for the specific versions that are being 
+actively tested). It has no core dependencies with other libraries. PHP 
+4 support was deprecated on December 31, 2007 with HTML Purifier 3.0.0. 
+Essential security fixes will be issued for the 2.1.x branch until 
+August 8, 2008. 
 
 These optional extensions can enhance the capabilities of HTML Purifier:
 

INSTALL.fr.utf8

@@ -17,7 +17,7 @@ ce document pour quelques choses.
 
 1.  Compatibilité
 
-HTML Purifier fonctionne dans PHP 4 et PHP 5. PHP 4.3.2 est le dernier
+HTML Purifier fonctionne dans PHP 5. PHP 5.0.0 est le dernier
 version que je le testais.  Il ne dépend de les autre librairies.
 
 Les extensions optionnel est iconv (en général déjà installer) et 

NEWS

@@ -9,6 +9,34 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+3.0.0, released 2008-01-06
+# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
+  until PHP 4 is completely deprecated, but no new features will be added
+  to it.
+  + Visibility declarations added
+  + Constructor methods renamed to __construct()
+  + PHP4 reference cruft removed (in progress)
+! CSS properties are now case-insensitive
+! DefinitionCacheFactory now can register new implementations
+! New HTMLPurifier_Filter_ExtractStyleBlocks for extracting <style> from
+  documents and cleaning their contents up. Requires the CSSTidy library
+  <http://csstidy.sourceforge.net/>. You can access the blocks with the
+  'StyleBlocks' Context variable ($purifier->context->get('StyleBlocks')).
+  The output CSS can also be "scoped" for a specific element, use:
+  %Filter.ExtractStyleBlocksScope
+! Experimental support for some proprietary CSS attributes allowed:
+  opacity (and all of the browser-specific equivalents) and scrollbar colors.
+  Enable by setting %CSS.Proprietary to true.
+- Colors missing # but in hex form will be corrected
+- CSS Number algorithm improved
+- Unit testing and multi-testing now on steroids: command lines,
+  XML output, and other goodies now added.
+. Unit tests for Injector improved
+. New classes:
+  + HTMLPurifier_AttrDef_CSS_AlphaValue
+  + HTMLPurifier_AttrDef_CSS_Filter
+. Multitest now has a file docblock
+
 2.1.3, released 2007-11-05
 ! tests/multitest.php allows you to test multiple versions by running
   tests/index.php through multiple interpreters using `phpv` shell

TODO

@@ -11,11 +11,11 @@ If no interest is expressed for a feature that may required a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!
 
-2.2 release [Error'ed]
+3.1 release [Error'ed]
  # Error logging for filtering/cleanup procedures
  - XSS-attempt detection
 
-2.3 release [Do What I Mean, Not What I Say]
+3.2 release [Do What I Mean, Not What I Say]
  # Additional support for poorly written HTML
     - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
     - Friendly strict handling of <address> (block -> <br>)
@@ -31,37 +31,41 @@ afraid to cast your vote for the next feature to be implemented!
    dupe detector would also need to detect the suffix as well)
  - Externalize inline CSS to promote clean HTML
 
-2.4 release [It's All About Trust] (floating)
+3.3 release [It's All About Trust] (floating)
  # Implement untrusted, dangerous elements/attributes
  # Implement IDREF support (harder than it seems, since you cannot have
    IDREFs to non-existent IDs)
  # Frameset XHTML 1.0 and HTML 4.01 doctypes
 
-3.0 release [Beyond HTML]
+4.0 release [Beyond HTML]
  # Legit token based CSS parsing (will require revamping almost every
    AttrDef class). Probably will use CSSTidy class
  # More control over allowed CSS properties (maybe modularize it in the
    same fashion!)
- # Formatters for plaintext
-    - Smileys
  - Standardize token armor for all areas of processing
  - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
    Also, enable disabling of directionality
+ - Table of Contents generation (XHTML Compiler might be reusable)
 
-4.0 release [To XML and Beyond]
+5.0 release [To XML and Beyond]
  - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
     - Hooks for adding custom processors to custom namespaced tags and
       attributes, offer default implementation
     - Lots of documentation and samples
 
 Ongoing
+ - More refactoring to take advantage of PHP5's facilities 
  - Lots of profiling, make it faster!
  - Plugins for major CMSes (COMPLEX)
     - phpBB
-    - eFiction
     - more! (look for ones that use WYSIWYGs)
  - Complete basic smoketests
 
+AutoFormat
+ - Smileys
+ - Syntax highlighting with <pre> and possibly <?php
+ - Look at http://drupal.org/project/Modules/category/63 for ideas
+
 Unknown release (on a scratch-an-itch basis)
  # CHMOD install script for PEAR installs
  ? Have 'lang' attribute be checked against official lists, achieved by
@@ -69,7 +73,6 @@ Unknown release (on a scratch-an-itch basis)
  - Abstract ChildDef_BlockQuote to work with all elements that only
    allow blocks in them, required or optional
  - Reorganize Unit Tests
- - Reorganize configuration directives (Create more namespaces! Get messy!)
  - Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
  - Implement lenient <ruby> child validation
  - Explain how to use HTML Purifier in non-PHP languages / create
@@ -77,6 +80,12 @@ Unknown release (on a scratch-an-itch basis)
  - Fixes for Firefox's inability to handle COL alignment props (Bug 915)
  - Automatically add non-breaking spaces to empty table cells when
    empty-cells:show is applied to have compatibility with Internet Explorer
+ - Distinguish between default settings and explicitly set settings, so
+   configurations can be merged
+ - Nested configuration namespaces
+ - Allow scoped="scoped" attribute in <style> tags; may be troublesome
+   because regular CSS has no way of uniquely identifying nodes, so we'd
+   have to generate IDs
 
 Requested
 

VERSION

@@ -1 +1 @@
-2.1.3
+3.0.0

WHATSNEW

@@ -1,6 +1,10 @@
-Stability release 2.1.3 fixes a slew of minor bugs found in HTML Purifier,
-and also includes some internal code enhancements and refactorings.
-Notably, tests/multitest.php automates testing in multiple versions, 
-fatal AttrDef_URI_Email error fixed, blockquote contents are more lenient
-in HTML 4.01 Strict and fatal errors involving ID tags in img tags were
-fixed.
+Release 3.0.0 is the first release of 2008 and also HTML Purifier's first
+PHP 5 only release. The 2.1 series will still be supported for bug and
+security fixes, but will not get new features. This release a number of
+improvements in CSS handling, including the filter
+HTMLPurifier_Filter_ExtractStyleBlocks which integrates HTML Purifier with
+CSSTidy for cleaning style sheets, contains experimental support for
+proprietary CSS properties with %CSS.Proprietary, case-insensitive
+CSS properties, and more lenient hexadecimal color codes. Also, all code
+has been upgraded to full PHP 5 which is E_STRICT clean for all versions
+of PHP 5 (including the 5.0 series).

benchmarks/Lexer.php

@@ -1,13 +1,11 @@
 <?php
 
-// emulates inserting a dir called HTMLPurifier into your class dir
-set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
-
+require_once '../library/HTMLPurifier.auto.php';
 @include_once '../test-settings.php';
 
-require_once 'HTMLPurifier/ConfigSchema.php';
-require_once 'HTMLPurifier/Config.php';
-require_once 'HTMLPurifier/Context.php';
+// PEAR
+require_once 'Benchmark/Timer.php'; // to do the timing
+require_once 'Text/Password.php'; // for generating random input
 
 $LEXERS = array();
 $RUNS = isset($GLOBALS['HTMLPurifierTest']['Runs'])
@@ -16,22 +14,11 @@ $RUNS = isset($GLOBALS['HTMLPurifierTest']['Runs'])
 require_once 'HTMLPurifier/Lexer/DirectLex.php';
 $LEXERS['DirectLex'] = new HTMLPurifier_Lexer_DirectLex();
 
-if (!empty($GLOBALS['HTMLPurifierTest']['PEAR'])) {
-    require_once 'HTMLPurifier/Lexer/PEARSax3.php';
-    $LEXERS['PEARSax3'] = new HTMLPurifier_Lexer_PEARSax3();
-} else {
-    exit('PEAR required to perform benchmark.');
-}
-
 if (version_compare(PHP_VERSION, '5', '>=')) {
     require_once 'HTMLPurifier/Lexer/DOMLex.php';
     $LEXERS['DOMLex'] = new HTMLPurifier_Lexer_DOMLex();
 }
 
-// PEAR
-require_once 'Benchmark/Timer.php'; // to do the timing
-require_once 'Text/Password.php'; // for generating random input
-
 // custom class to aid unit testing
 class RowTimer extends Benchmark_Timer
 {

benchmarks/ProfileDirectLex.php

@@ -1,17 +0,0 @@
-<?php
-
-set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
-
-require_once 'HTMLPurifier/ConfigSchema.php';
-require_once 'HTMLPurifier/Config.php';
-require_once 'HTMLPurifier/Lexer/DirectLex.php';
-require_once 'HTMLPurifier/Context.php';
-
-$input = file_get_contents('samples/Lexer/4.html');
-$lexer = new HTMLPurifier_Lexer_DirectLex();
-$config = HTMLPurifier_Config::createDefault();
-$context = new HTMLPurifier_Context();
-
-for ($i = 0; $i < 10; $i++) {
-    $tokens = $lexer->tokenizeHTML($input, $config, $context);
-}

benchmarks/Trace.php

@@ -3,6 +3,11 @@
 ini_set('xdebug.trace_format', 1);
 ini_set('xdebug.show_mem_delta', true);
 
+if (file_exists('Trace.xt')) {
+    echo "Previous trace Trace.xt must be removed before this script can be run.";
+    exit;
+}
+
 xdebug_start_trace(dirname(__FILE__) . '/Trace');
 require_once '../library/HTMLPurifier.auto.php';
 
@@ -10,3 +15,5 @@ $purifier = new HTMLPurifier();
 
 $data = $purifier->purify(file_get_contents('samples/Lexer/4.html'));
 xdebug_stop_trace();
+
+echo "Trace finished.";

configdoc/library/ConfigDoc.php

@@ -4,10 +4,21 @@ require_once 'ConfigDoc/HTMLXSLTProcessor.php';
 require_once 'ConfigDoc/XMLSerializer/Types.php';
 require_once 'ConfigDoc/XMLSerializer/ConfigSchema.php';
 
+/**
+ * Facade class for configuration documentation system
+ */
 class ConfigDoc
 {
     
-    function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
+    /**
+     * Generates configuration documentation based on a HTMLPurifier_ConfigSchema
+     * object and styleshet name
+     * @param $schema Instance of HTMLPurifier_ConfigSchema to document
+     * @param $xsl_stylesheet_name Name of XSL stylesheet in ../styles/ directory to use
+     * @param $parameters Extra parameters to pass to the stylesheet
+     * @return string HTML output
+     */
+    public function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
         // generate types document, describing type constraints
         $types_serializer = new ConfigDoc_XMLSerializer_Types();
         $types_document = $types_serializer->serialize($schema);
@@ -29,9 +40,10 @@ class ConfigDoc
     
     /**
      * Remove any generated files
+     * @return boolean Success?
      */
-    function cleanup() {
-        unlink('configdoc.xml');
+    public function cleanup() {
+        return unlink('configdoc.xml');
     }
     
 }

configdoc/library/ConfigDoc/HTMLXSLTProcessor.php

@@ -1,12 +1,15 @@
 <?php
 
 /**
- * Special XSLTProcessor specifically for HTML documents. Loosely
- * based off of XSLTProcessor, but not really
+ * Special XSLT processor specifically for HTML documents. Loosely
+ * based off of XSLTProcessor, but does not inherit from that class
  */
 class ConfigDoc_HTMLXSLTProcessor
 {
     
+    /**
+     * Instance of XSLTProcessor
+     */
     protected $xsltProcessor;
     
     public function __construct() {
@@ -16,6 +19,7 @@ class ConfigDoc_HTMLXSLTProcessor
     /**
      * Imports stylesheet for processor to use
      * @param $xsl XSLT DOM tree, or filename of the XSL transformation
+     * @return bool Success?
      */
     public function importStylesheet($xsl) {
         if (is_string($xsl)) {
@@ -27,16 +31,20 @@ class ConfigDoc_HTMLXSLTProcessor
     }
     
     /**
-     * Transforms an XML file into HTML based on the stylesheet
+     * Transforms an XML file into compatible XHTML based on the stylesheet
      * @param $xml XML DOM tree
+     * @return string HTML output
+     * @todo Rename to transformToXHTML, as transformToHTML is misleading
      */
     public function transformToHTML($xml) {
         $out = $this->xsltProcessor->transformToXML($xml);
         
         // fudges for HTML backwards compatibility
+        // assumes that document is XHTML
         $out = str_replace('/>', ' />', $out); // <br /> not <br/>
         $out = str_replace(' xmlns=""', '', $out); // rm unnecessary xmlns
         $out = str_replace(' xmlns="http://www.w3.org/1999/xhtml"', '', $out); // rm unnecessary xmlns
+        
         if (class_exists('Tidy')) {
             // cleanup output
             $config = array(
@@ -49,9 +57,14 @@ class ConfigDoc_HTMLXSLTProcessor
             $tidy->cleanRepair();
             $out = (string) $tidy;
         }
+        
         return $out;
     }
     
+    /**
+     * Bulk sets parameters for the XSL stylesheet
+     * @param array $options Associative array of options to set
+     */
     public function setParameters($options) {
         foreach ($options as $name => $value) {
             $this->xsltProcessor->setParameter('', $name, $value);

configdoc/library/ConfigDoc/XMLSerializer.php

@@ -8,16 +8,22 @@
 class ConfigDoc_XMLSerializer
 {
     
+    /**
+     * Appends a div containing HTML into a node
+     * @param $document Base document node belongs to
+     * @param $node Node to append to
+     * @param $html HTML to place inside div to append
+     * @todo Place this directly in DOMNode, using registerNodeClass to
+     *       override.
+     */
     protected function appendHTMLDiv($document, $node, $html) {
         $purifier = HTMLPurifier::getInstance();
         $html = $purifier->purify($html);
         $dom_html = $document->createDocumentFragment();
         $dom_html->appendXML($html);
-        
         $dom_div = $document->createElement('div');
         $dom_div->setAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
         $dom_div->appendChild($dom_html);
-        
         $node->appendChild($dom_div);
     }
     

configdoc/library/ConfigDoc/XMLSerializer/ConfigSchema.php

@@ -9,6 +9,7 @@ class ConfigDoc_XMLSerializer_ConfigSchema extends ConfigDoc_XMLSerializer
      * Serializes a schema into DOM form
      * @todo Split into sub-serializers
      * @param $schema HTMLPurifier_ConfigSchema to serialize
+     * @return DOMDocument representation of schema
      */
     public function serialize($schema) {
         $dom_document = new DOMDocument('1.0', 'UTF-8');

configdoc/library/ConfigDoc/XMLSerializer/Types.php

@@ -8,6 +8,7 @@ class ConfigDoc_XMLSerializer_Types extends ConfigDoc_XMLSerializer
     /**
      * Serializes the types in a schema into DOM form
      * @param $schema HTMLPurifier_ConfigSchema owner of types to serialize
+     * @return DOMDocument representing schema types
      */
     public function serialize($schema) {
         $types_document = new DOMDocument('1.0', 'UTF-8');

library/HTMLPurifier.php

@@ -1,7 +1,6 @@
 <?php
 
-/*!
- * @mainpage
+/*! @mainpage
  * 
  * HTML Purifier is an HTML filter that will take an arbitrary snippet of
  * HTML and rigorously test, validate and filter it into a version that
@@ -22,8 +21,8 @@
  */
 
 /*
-    HTML Purifier 2.1.3 - Standards Compliant HTML Filtering
-    Copyright (C) 2006-2007 Edward Z. Yang
+    HTML Purifier 3.0.0 - Standards Compliant HTML Filtering
+    Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
     modify it under the terms of the GNU Lesser General Public
@@ -83,19 +82,19 @@ since 2.0.0.
 class HTMLPurifier
 {
     
-    var $version = '2.1.3';
+    public $version = '3.0.0';
     
-    var $config;
-    var $filters = array();
+    public $config;
+    public $filters = array();
     
-    var $strategy, $generator;
+    protected $strategy, $generator;
     
     /**
      * Resultant HTMLPurifier_Context of last run purification. Is an array
      * of contexts if the last called method was purifyArray().
      * @public
      */
-    var $context;
+    public $context;
     
     /**
      * Initializes the purifier.
@@ -105,7 +104,7 @@ class HTMLPurifier
      *                The parameter can also be any type that
      *                HTMLPurifier_Config::create() supports.
      */
-    function HTMLPurifier($config = null) {
+    public function __construct($config = null) {
         
         $this->config = HTMLPurifier_Config::create($config);
         
@@ -118,7 +117,7 @@ class HTMLPurifier
      * Adds a filter to process the output. First come first serve
      * @param $filter HTMLPurifier_Filter object
      */
-    function addFilter($filter) {
+    public function addFilter($filter) {
         $this->filters[] = $filter;
     }
     
@@ -132,8 +131,9 @@ class HTMLPurifier
      *                that HTMLPurifier_Config::create() supports.
      * @return Purified HTML
      */
-    function purify($html, $config = null) {
+    public function purify($html, $config = null) {
         
+        // todo: make the config merge in, instead of replace
         $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
         
         // implementation is partially environment dependant, partially
@@ -198,7 +198,7 @@ class HTMLPurifier
      *                See HTMLPurifier::purify() for more details.
      * @return Array of purified HTML
      */
-    function purifyArray($array_of_html, $config = null) {
+    public function purifyArray($array_of_html, $config = null) {
         $context_array = array();
         foreach ($array_of_html as $key => $html) {
             $array_of_html[$key] = $this->purify($html, $config);
@@ -213,10 +213,10 @@ class HTMLPurifier
      * @param $prototype Optional prototype HTMLPurifier instance to
      *                   overload singleton with.
      */
-    function &getInstance($prototype = null) {
+    public static function &getInstance($prototype = null) {
         static $htmlpurifier;
         if (!$htmlpurifier || $prototype) {
-            if (is_a($prototype, 'HTMLPurifier')) {
+            if ($prototype instanceof HTMLPurifier) {
                 $htmlpurifier = $prototype;
             } elseif ($prototype) {
                 $htmlpurifier = new HTMLPurifier($prototype);
@@ -230,3 +230,4 @@ class HTMLPurifier
     
 }
 
+

library/HTMLPurifier/AttrCollections.php

@@ -12,7 +12,7 @@ class HTMLPurifier_AttrCollections
     /**
      * Associative array of attribute collections, indexed by name
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Performs all expansions on internal data for use by other inclusions
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrCollections
      * @param $attr_types HTMLPurifier_AttrTypes instance
      * @param $modules Hash array of HTMLPurifier_HTMLModule members
      */
-    function HTMLPurifier_AttrCollections($attr_types, $modules) {
+    public function __construct($attr_types, $modules) {
         // load extensions from the modules
         foreach ($modules as $module) {
             foreach ($module->attr_collections as $coll_i => $coll) {
@@ -53,7 +53,7 @@ class HTMLPurifier_AttrCollections
      * all inclusions specified by the zero index.
      * @param &$attr Reference to attribute array
      */
-    function performInclusions(&$attr) {
+    public function performInclusions(&$attr) {
         if (!isset($attr[0])) return;
         $merge = $attr[0];
         $seen  = array(); // recursion guard
@@ -81,7 +81,7 @@ class HTMLPurifier_AttrCollections
      * @param &$attr Reference to attribute array
      * @param $attr_types HTMLPurifier_AttrTypes instance
      */
-    function expandIdentifiers(&$attr, $attr_types) {
+    public function expandIdentifiers(&$attr, $attr_types) {
         
         // because foreach will process new elements we add, make sure we
         // skip duplicates

library/HTMLPurifier/AttrDef.php

@@ -10,32 +10,29 @@
  * subclasses are also responsible for cleaning the code if possible.
  */
 
-class HTMLPurifier_AttrDef
+abstract class HTMLPurifier_AttrDef
 {
     
     /**
      * Tells us whether or not an HTML attribute is minimized. Has no
      * meaning in other contexts.
      */
-    var $minimized = false;
+    public $minimized = false;
     
     /**
      * Tells us whether or not an HTML attribute is required. Has no
      * meaning in other contexts
      */
-    var $required = false;
+    public $required = false;
     
     /**
      * Validates and cleans passed string according to a definition.
      * 
-     * @public
      * @param $string String to be validated and cleaned.
      * @param $config Mandatory HTMLPurifier_Config object.
      * @param $context Mandatory HTMLPurifier_AttrContext object.
      */
-    function validate($string, $config, &$context) {
-        trigger_error('Cannot call abstract function', E_USER_ERROR);
-    }
+    abstract public function validate($string, $config, $context);
     
     /**
      * Convenience method that parses a string as if it were CDATA.
@@ -59,10 +56,8 @@ class HTMLPurifier_AttrDef
      *          function.  Trim and whitespace collapsing are supposed to only
      *          occur in NMTOKENs.  However, note that we are NOT necessarily
      *          parsing XML, thus, this behavior may still be correct.
-     * 
-     * @public
      */
-    function parseCDATA($string) {
+    public function parseCDATA($string) {
         $string = trim($string);
         $string = str_replace("\n", '', $string);
         $string = str_replace(array("\r", "\t"), ' ', $string);
@@ -73,9 +68,8 @@ class HTMLPurifier_AttrDef
      * Factory method for creating this class from a string.
      * @param $string String construction info
      * @return Created AttrDef object corresponding to $string
-     * @public
      */
-    function make($string) {
+    public function make($string) {
         // default implementation, return flyweight of this object
         // if overloaded, it is *necessary* for you to clone the
         // object (usually by instantiating a new copy) and return that

library/HTMLPurifier/AttrDef/CSS.php

@@ -17,7 +17,7 @@ require_once 'HTMLPurifier/CSSDefinition.php';
 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
 {
     
-    function validate($css, $config, &$context) {
+    public function validate($css, $config, $context) {
         
         $css = $this->parseCDATA($css);
         
@@ -38,7 +38,20 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
             list($property, $value) = explode(':', $declaration, 2);
             $property = trim($property);
             $value    = trim($value);
-            if (!isset($definition->info[$property])) continue;
+            $ok = false;
+            do {
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+                if (ctype_lower($property)) break;
+                $property = strtolower($property);
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+            } while(0);
+            if (!$ok) continue;
             // inefficient call, since the validator will do this again
             if (strtolower(trim($value)) !== 'inherit') {
                 // inherit works for everything (but only on the base property)

library/HTMLPurifier/AttrDef/CSS/AlphaValue.php

@@ -0,0 +1,22 @@
+<?php
+
+require_once 'HTMLPurifier/AttrDef.php';
+require_once 'HTMLPurifier/AttrDef/CSS/Number.php';
+
+class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
+{
+    
+    public function __construct() {
+        parent::__construct(false); // opacity is non-negative, but we will clamp it
+    }
+    
+    public function validate($number, $config, $context) {
+        $result = parent::validate($number, $config, $context);
+        if ($result === false) return $result;
+        $float = (float) $result;
+        if ($float < 0.0) $result = '0';
+        if ($float > 1.0) $result = '1';
+        return $result;
+    }
+    
+}

library/HTMLPurifier/AttrDef/CSS/Background.php

@@ -14,9 +14,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
      * Local copy of component validators.
      * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
      */
-    var $info;
+    protected $info;
     
-    function HTMLPurifier_AttrDef_CSS_Background($config) {
+    public function __construct($config) {
         $def = $config->getCSSDefinition();
         $this->info['background-color'] = $def->info['background-color'];
         $this->info['background-image'] = $def->info['background-image'];
@@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
         $this->info['background-position'] = $def->info['background-position'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         // regular pre-processing
         $string = $this->parseCDATA($string);

library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php

@@ -48,15 +48,15 @@ require_once 'HTMLPurifier/AttrDef/CSS/Percentage.php';
 class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
 {
     
-    var $length;
-    var $percentage;
+    protected $length;
+    protected $percentage;
     
-    function HTMLPurifier_AttrDef_CSS_BackgroundPosition() {
+    public function __construct() {
         $this->length     = new HTMLPurifier_AttrDef_CSS_Length();
         $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         $string = $this->parseCDATA($string);
         $bits = explode(' ', $string);
         

library/HTMLPurifier/AttrDef/CSS/Border.php

@@ -11,16 +11,16 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
     /**
      * Local copy of properties this property is shorthand for.
      */
-    var $info = array();
+    protected $info = array();
     
-    function HTMLPurifier_AttrDef_CSS_Border($config) {
+    public function __construct($config) {
         $def = $config->getCSSDefinition();
         $this->info['border-width'] = $def->info['border-width'];
         $this->info['border-style'] = $def->info['border-style'];
         $this->info['border-top-color'] = $def->info['border-top-color'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         $string = $this->parseCDATA($string);
         // we specifically will not support rgb() syntax with spaces
         $bits = explode(' ', $string);

library/HTMLPurifier/AttrDef/CSS/Color.php

@@ -33,26 +33,19 @@ This directive has been available since 2.0.0.
 class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
 {
     
-    function validate($color, $config, &$context) {
+    public function validate($color, $config, $context) {
         
         static $colors = null;
         if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
         
         $color = trim($color);
-        if (!$color) return false;
+        if ($color === '') return false;
         
         $lower = strtolower($color);
         if (isset($colors[$lower])) return $colors[$lower];
         
-        if ($color[0] === '#') {
-            // hexadecimal handling
-            $hex = substr($color, 1);
-            $length = strlen($hex);
-            if ($length !== 3 && $length !== 6) return false;
-            if (!ctype_xdigit($hex)) return false;
-        } else {
+        if (strpos($color, 'rgb(') !== false) {
             // rgb literal handling
-            if (strpos($color, 'rgb(')) return false;
             $length = strlen($color);
             if (strpos($color, ')') !== $length - 1) return false;
             $triad = substr($color, 4, $length - 4 - 1);
@@ -90,6 +83,17 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
             }
             $new_triad = implode(',', $new_parts);
             $color = "rgb($new_triad)";
+        } else {
+            // hexadecimal handling
+            if ($color[0] === '#') {
+                $hex = substr($color, 1);
+            } else {
+                $hex = $color;
+                $color = '#' . $color;
+            }
+            $length = strlen($hex);
+            if ($length !== 3 && $length !== 6) return false;
+            if (!ctype_xdigit($hex)) return false;
         }
         
         return $color;

library/HTMLPurifier/AttrDef/CSS/Composite.php

@@ -14,18 +14,18 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
     
     /**
      * List of HTMLPurifier_AttrDef objects that may process strings
-     * @protected
+     * @todo Make protected
      */
-    var $defs;
+    public $defs;
     
     /**
      * @param $defs List of HTMLPurifier_AttrDef objects
      */
-    function HTMLPurifier_AttrDef_CSS_Composite($defs) {
+    public function __construct($defs) {
         $this->defs = $defs;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         foreach ($this->defs as $i => $def) {
             $result = $this->defs[$i]->validate($string, $config, $context);
             if ($result !== false) return $result;

library/HTMLPurifier/AttrDef/CSS/Filter.php

@@ -0,0 +1,55 @@
+<?php
+
+require_once 'HTMLPurifier/AttrDef.php';
+require_once 'HTMLPurifier/AttrDef/Integer.php';
+
+/**
+ * Microsoft's proprietary filter: CSS property
+ * @note Currently supports the alpha filter. In the future, this will
+ *       probably need an extensible framework
+ */
+class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
+{
+    
+    protected $intValidator;
+    
+    public function __construct() {
+        $this->intValidator = new HTMLPurifier_AttrDef_Integer();
+    }
+    
+    public function validate($value, $config, $context) {
+        $value = $this->parseCDATA($value);
+        if ($value === 'none') return $value;
+        // if we looped this we could support multiple filters
+        $function_length = strcspn($value, '(');
+        $function = trim(substr($value, 0, $function_length));
+        if ($function !== 'alpha' &&
+            $function !== 'Alpha' &&
+            $function !== 'progid:DXImageTransform.Microsoft.Alpha'
+            ) return false;
+        $cursor = $function_length + 1;
+        $parameters_length = strcspn($value, ')', $cursor);
+        $parameters = substr($value, $cursor, $parameters_length);
+        $params = explode(',', $parameters);
+        $ret_params = array();
+        $lookup = array();
+        foreach ($params as $param) {
+            list($key, $value) = explode('=', $param);
+            $key   = trim($key);
+            $value = trim($value);
+            if (isset($lookup[$key])) continue;
+            if ($key !== 'opacity') continue;
+            $value = $this->intValidator->validate($value, $config, $context);
+            if ($value === false) continue;
+            $int = (int) $value;
+            if ($int > 100) $value = '100';
+            if ($int < 0) $value = '0';
+            $ret_params[] = "$key=$value";
+            $lookup[$key] = true;
+        }
+        $ret_parameters = implode(',', $ret_params);
+        $ret_function = "$function($ret_parameters)";
+        return $ret_function;
+    }
+    
+}

library/HTMLPurifier/AttrDef/CSS/Font.php

@@ -16,9 +16,9 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
      *       CSSDefinition, this wouldn't be necessary.  We'd instantiate
      *       our own copies.
      */
-    var $info = array();
+    protected $info = array();
     
-    function HTMLPurifier_AttrDef_CSS_Font($config) {
+    public function __construct($config) {
         $def = $config->getCSSDefinition();
         $this->info['font-style']   = $def->info['font-style'];
         $this->info['font-variant'] = $def->info['font-variant'];
@@ -28,7 +28,7 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
         $this->info['font-family']  = $def->info['font-family'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         static $system_fonts = array(
             'caption' => true,

library/HTMLPurifier/AttrDef/CSS/FontFamily.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         static $generic_names = array(
             'serif' => true,
             'sans-serif' => true,

library/HTMLPurifier/AttrDef/CSS/Length.php

@@ -14,22 +14,22 @@ class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
      * @warning The code assumes all units are two characters long.  Be careful
      *          if we have to change this behavior!
      */
-    var $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
+    protected $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
          'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true);
     /**
      * Instance of HTMLPurifier_AttrDef_Number to defer number validation to
      */
-    var $number_def;
+    protected $number_def;
     
     /**
      * @param $non_negative Bool indication whether or not negative values are
      *                      allowed.
      */
-    function HTMLPurifier_AttrDef_CSS_Length($non_negative = false) {
+    public function __construct($non_negative = false) {
         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
     }
     
-    function validate($length, $config, &$context) {
+    public function validate($length, $config, $context) {
         
         $length = $this->parseCDATA($length);
         if ($length === '') return false;

library/HTMLPurifier/AttrDef/CSS/ListStyle.php

@@ -13,16 +13,16 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
      * Local copy of component validators.
      * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
      */
-    var $info;
+    protected $info;
     
-    function HTMLPurifier_AttrDef_CSS_ListStyle($config) {
+    public function __construct($config) {
         $def = $config->getCSSDefinition();
         $this->info['list-style-type']     = $def->info['list-style-type'];
         $this->info['list-style-position'] = $def->info['list-style-position'];
         $this->info['list-style-image'] = $def->info['list-style-image'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         // regular pre-processing
         $string = $this->parseCDATA($string);

library/HTMLPurifier/AttrDef/CSS/Multiple.php

@@ -18,24 +18,26 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
     
     /**
      * Instance of component definition to defer validation to.
+     * @todo Make protected
      */
-    var $single;
+    public $single;
     
     /**
      * Max number of values allowed.
+     * @todo Make protected
      */
-    var $max;
+    public $max;
     
     /**
      * @param $single HTMLPurifier_AttrDef to multiply
      * @param $max Max number of values allowed (usually four)
      */
-    function HTMLPurifier_AttrDef_CSS_Multiple($single, $max = 4) {
+    public function __construct($single, $max = 4) {
         $this->single = $single;
         $this->max = $max;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         $string = $this->parseCDATA($string);
         if ($string === '') return false;
         $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n

library/HTMLPurifier/AttrDef/CSS/Number.php

@@ -9,20 +9,21 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
     /**
      * Bool indicating whether or not only positive values allowed.
      */
-    var $non_negative = false;
+    protected $non_negative = false;
     
     /**
      * @param $non_negative Bool indicating whether negatives are forbidden
      */
-    function HTMLPurifier_AttrDef_CSS_Number($non_negative = false) {
+    public function __construct($non_negative = false) {
         $this->non_negative = $non_negative;
     }
     
-    function validate($number, $config, &$context) {
+    public function validate($number, $config, $context) {
         
         $number = $this->parseCDATA($number);
         
         if ($number === '') return false;
+        if ($number === '0') return '0';
         
         $sign = '';
         switch ($number[0]) {
@@ -37,13 +38,16 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
             $number = ltrim($number, '0');
             return $number ? $sign . $number : '0';
         }
-        if (!strpos($number, '.')) return false;
+        
+        // Period is the only non-numeric character allowed
+        if (strpos($number, '.') === false) return false;
         
         list($left, $right) = explode('.', $number, 2);
         
-        if (!ctype_digit($left)) return false;
-        $left = ltrim($left, '0');
+        if ($left === '' && $right === '') return false;
+        if ($left !== '' && !ctype_digit($left)) return false;
         
+        $left  = ltrim($left,  '0');
         $right = rtrim($right, '0');
         
         if ($right === '') {

library/HTMLPurifier/AttrDef/CSS/Percentage.php

@@ -12,16 +12,16 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
     /**
      * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation
      */
-    var $number_def;
+    protected $number_def;
     
     /**
      * @param Bool indicating whether to forbid negative values
      */
-    function HTMLPurifier_AttrDef_CSS_Percentage($non_negative = false) {
+    public function __construct($non_negative = false) {
         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = $this->parseCDATA($string);
         

library/HTMLPurifier/AttrDef/CSS/TextDecoration.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         static $allowed_values = array(
             'line-through' => true,

library/HTMLPurifier/AttrDef/CSS/URI.php

@@ -14,11 +14,11 @@ require_once 'HTMLPurifier/AttrDef/URI.php';
 class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
 {
     
-    function HTMLPurifier_AttrDef_CSS_URI() {
-        parent::HTMLPurifier_AttrDef_URI(true); // always embedded
+    public function __construct() {
+        parent::__construct(true); // always embedded
     }
     
-    function validate($uri_string, $config, &$context) {
+    public function validate($uri_string, $config, $context) {
         // parse the URI out of the string and then pass it onto
         // the parent object
         

library/HTMLPurifier/AttrDef/Enum.php

@@ -14,27 +14,28 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
     
     /**
      * Lookup table of valid values.
+     * @todo Make protected
      */
-    var $valid_values   = array();
+    public $valid_values   = array();
     
     /**
      * Bool indicating whether or not enumeration is case sensitive.
      * @note In general this is always case insensitive.
      */
-    var $case_sensitive = false; // values according to W3C spec
+    protected $case_sensitive = false; // values according to W3C spec
     
     /**
      * @param $valid_values List of valid values
      * @param $case_sensitive Bool indicating whether or not case sensitive
      */
-    function HTMLPurifier_AttrDef_Enum(
+    public function __construct(
         $valid_values = array(), $case_sensitive = false
     ) {
         $this->valid_values = array_flip($valid_values);
         $this->case_sensitive = $case_sensitive;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         $string = trim($string);
         if (!$this->case_sensitive) {
             // we may want to do full case-insensitive libraries
@@ -50,7 +51,7 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
      *      valid values. Example: "foo,bar,baz". Prepend "s:" to make
      *      case sensitive
      */
-    function make($string) {
+    public function make($string) {
         if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
             $string = substr($string, 2);
             $sensitive = true;

library/HTMLPurifier/AttrDef/HTML/Bool.php

@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
 {
     
-    var $name;
-    var $minimized = true;
+    protected $name;
+    public $minimized = true;
     
-    function HTMLPurifier_AttrDef_HTML_Bool($name = false) {$this->name = $name;}
+    public function __construct($name = false) {$this->name = $name;}
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         if (empty($string)) return false;
         return $this->name;
     }
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
     /**
      * @param $string Name of attribute
      */
-    function make($string) {
+    public function make($string) {
         return new HTMLPurifier_AttrDef_HTML_Bool($string);
     }
     

library/HTMLPurifier/AttrDef/HTML/Color.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/CSS/Color.php'; // for %Core.ColorKeywords
 class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         static $colors = null;
         if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');

library/HTMLPurifier/AttrDef/HTML/FrameTarget.php

@@ -19,12 +19,12 @@ require_once 'HTMLPurifier/AttrDef/Enum.php';
 class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
 {
     
-    var $valid_values = false; // uninitialized value
-    var $case_sensitive = false;
+    public $valid_values = false; // uninitialized value
+    protected $case_sensitive = false;
     
-    function HTMLPurifier_AttrDef_HTML_FrameTarget() {}
+    public function __construct() {}
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         if ($this->valid_values === false) $this->valid_values = $config->get('Attr', 'AllowedFrameTargets');
         return parent::validate($string, $config, $context);
     }

library/HTMLPurifier/AttrDef/HTML/ID.php

@@ -66,7 +66,7 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
     // ref functionality disabled, since we also have to verify
     // whether or not the ID it refers to exists
     
-    function validate($id, $config, &$context) {
+    public function validate($id, $config, $context) {
         
         if (!$config->get('Attr', 'EnableID')) return false;
         

library/HTMLPurifier/AttrDef/HTML/Length.php

@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Pixels.php';
 class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = trim($string);
         if ($string === '') return false;

library/HTMLPurifier/AttrDef/HTML/LinkTypes.php

@@ -27,9 +27,9 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
 {
     
     /** Name config attribute to pull. */
-    var $name;
+    protected $name;
     
-    function HTMLPurifier_AttrDef_HTML_LinkTypes($name) {
+    public function __construct($name) {
         $configLookup = array(
             'rel' => 'AllowedRel',
             'rev' => 'AllowedRev'
@@ -42,7 +42,7 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
         $this->name = $configLookup[$name];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $allowed = $config->get('Attr', $this->name);
         if (empty($allowed)) return false;

library/HTMLPurifier/AttrDef/HTML/MultiLength.php

@@ -12,7 +12,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Length.php';
 class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = trim($string);
         if ($string === '') return false;

library/HTMLPurifier/AttrDef/HTML/Nmtokens.php

@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/Config.php';
 class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = trim($string);
         

library/HTMLPurifier/AttrDef/HTML/Pixels.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = trim($string);
         if ($string === '0') return $string;

library/HTMLPurifier/AttrDef/Integer.php

@@ -15,24 +15,24 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
     /**
      * Bool indicating whether or not negative values are allowed
      */
-    var $negative = true;
+    protected $negative = true;
     
     /**
      * Bool indicating whether or not zero is allowed
      */
-    var $zero = true;
+    protected $zero = true;
     
     /**
      * Bool indicating whether or not positive values are allowed
      */
-    var $positive = true;
+    protected $positive = true;
     
     /**
      * @param $negative Bool indicating whether or not negative values are allowed
      * @param $zero Bool indicating whether or not zero is allowed
      * @param $positive Bool indicating whether or not positive values are allowed
      */
-    function HTMLPurifier_AttrDef_Integer(
+    public function __construct(
         $negative = true, $zero = true, $positive = true
     ) {
         $this->negative = $negative;
@@ -40,7 +40,7 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
         $this->positive = $positive;
     }
     
-    function validate($integer, $config, &$context) {
+    public function validate($integer, $config, $context) {
         
         $integer = $this->parseCDATA($integer);
         if ($integer === '') return false;

library/HTMLPurifier/AttrDef/Lang.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         
         $string = trim($string);
         if (!$string) return false;

library/HTMLPurifier/AttrDef/Text.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         return $this->parseCDATA($string);
     }
     

library/HTMLPurifier/AttrDef/URI.php

@@ -68,19 +68,19 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
 {
     
-    var $parser, $percentEncoder;
-    var $embedsResource;
+    protected $parser, $percentEncoder;
+    protected $embedsResource;
     
     /**
      * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
      */
-    function HTMLPurifier_AttrDef_URI($embeds_resource = false) {
+    public function __construct($embeds_resource = false) {
         $this->parser = new HTMLPurifier_URIParser();
         $this->percentEncoder = new HTMLPurifier_PercentEncoder();
         $this->embedsResource = (bool) $embeds_resource;
     }
     
-    function validate($uri, $config, &$context) {
+    public function validate($uri, $config, $context) {
         
         if ($config->get('URI', 'Disable')) return false;
         

library/HTMLPurifier/AttrDef/URI/Email.php

@@ -2,7 +2,7 @@
 
 require_once 'HTMLPurifier/AttrDef.php';
 
-class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
+abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
 {
     
     /**

library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/URI/Email.php';
 class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         // no support for named mailboxes i.e. "Bob <bob@example.com>"
         // that needs more percent encoding to be done
         if ($string == '') return false;

library/HTMLPurifier/AttrDef/URI/Host.php

@@ -13,19 +13,19 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
     /**
      * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator
      */
-    var $ipv4;
+    protected $ipv4;
     
     /**
      * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator
      */
-    var $ipv6;
+    protected $ipv6;
     
-    function HTMLPurifier_AttrDef_URI_Host() {
+    public function __construct() {
         $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
         $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, $context) {
         $length = strlen($string);
         if ($string === '') return '';
         if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {

library/HTMLPurifier/AttrDef/URI/IPv4.php

@@ -11,11 +11,10 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
     
     /**
      * IPv4 regex, protected so that IPv6 can reuse it
-     * @protected
      */
-    var $ip4;
+    protected $ip4;
     
-    function validate($aIP, $config, &$context) {
+    public function validate($aIP, $config, $context) {
         
         if (!$this->ip4) $this->_loadRegex();
         
@@ -32,7 +31,7 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
      * Lazy load function to prevent regex from being stuffed in
      * cache.
      */
-    function _loadRegex() {
+    protected function _loadRegex() {
         $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
         $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
     }

library/HTMLPurifier/AttrDef/URI/IPv6.php

@@ -11,7 +11,7 @@ require_once 'HTMLPurifier/AttrDef/URI/IPv4.php';
 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
 {
     
-    function validate($aIP, $config, &$context) {
+    public function validate($aIP, $config, $context) {
         
         if (!$this->ip4) $this->_loadRegex();
         

library/HTMLPurifier/AttrTransform.php

@@ -14,7 +14,7 @@
  * more details.
  */
 
-class HTMLPurifier_AttrTransform
+abstract class HTMLPurifier_AttrTransform
 {
     
     /**
@@ -26,9 +26,7 @@ class HTMLPurifier_AttrTransform
      * @param $context Mandatory HTMLPurifier_Context object
      * @returns Processed attribute array.
      */
-    function transform($attr, $config, &$context) {
-        trigger_error('Cannot call abstract function', E_USER_ERROR);
-    }
+    abstract public function transform($attr, $config, $context);
     
     /**
      * Prepends CSS properties to the style attribute, creating the
@@ -36,7 +34,7 @@ class HTMLPurifier_AttrTransform
      * @param $attr Attribute array to process (passed by reference)
      * @param $css CSS to prepend
      */
-    function prependCSS(&$attr, $css) {
+    public function prependCSS(&$attr, $css) {
         $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
         $attr['style'] = $css . $attr['style'];
     }
@@ -46,7 +44,7 @@ class HTMLPurifier_AttrTransform
      * @param $attr Attribute array to process (passed by reference)
      * @param $key Key of attribute to confiscate
      */
-    function confiscateAttr(&$attr, $key) {
+    public function confiscateAttr(&$attr, $key) {
         if (!isset($attr[$key])) return null;
         $value = $attr[$key];
         unset($attr[$key]);

library/HTMLPurifier/AttrTransform/BdoDir.php

@@ -20,7 +20,7 @@ HTMLPurifier_ConfigSchema::defineAllowedValues(
 class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         if (isset($attr['dir'])) return $attr;
         $attr['dir'] = $config->get('Attr', 'DefaultTextDir');
         return $attr;

library/HTMLPurifier/AttrTransform/BgColor.php

@@ -5,10 +5,9 @@ require_once 'HTMLPurifier/AttrTransform.php';
 /**
  * Pre-transform that changes deprecated bgcolor attribute to CSS.
  */
-class HTMLPurifier_AttrTransform_BgColor
-extends HTMLPurifier_AttrTransform {
+class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
 
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         
         if (!isset($attr['bgcolor'])) return $attr;
         

library/HTMLPurifier/AttrTransform/BoolToCSS.php

@@ -11,23 +11,23 @@ extends HTMLPurifier_AttrTransform {
     /**
      * Name of boolean attribute that is trigger
      */
-    var $attr;
+    protected $attr;
     
     /**
      * CSS declarations to add to style, needs trailing semicolon
      */
-    var $css;
+    protected $css;
     
     /**
      * @param $attr string attribute name to convert from
      * @param $css string CSS declarations to add to style (needs semicolon)
      */
-    function HTMLPurifier_AttrTransform_BoolToCSS($attr, $css) {
+    public function __construct($attr, $css) {
         $this->attr = $attr;
         $this->css  = $css;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         if (!isset($attr[$this->attr])) return $attr;
         unset($attr[$this->attr]);
         $this->prependCSS($attr, $this->css);

library/HTMLPurifier/AttrTransform/Border.php

@@ -7,7 +7,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
  */
 class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
 
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         if (!isset($attr['border'])) return $attr;
         $border_width = $this->confiscateAttr($attr, 'border');
         // some validation should happen here

library/HTMLPurifier/AttrTransform/EnumToCSS.php

@@ -11,32 +11,32 @@ class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
     /**
      * Name of attribute to transform from
      */
-    var $attr;
+    protected $attr;
     
     /**
      * Lookup array of attribute values to CSS
      */
-    var $enumToCSS = array();
+    protected $enumToCSS = array();
     
     /**
      * Case sensitivity of the matching
      * @warning Currently can only be guaranteed to work with ASCII
      *          values.
      */
-    var $caseSensitive = false;
+    protected $caseSensitive = false;
     
     /**
      * @param $attr String attribute name to transform from
      * @param $enumToCSS Lookup array of attribute values to CSS
      * @param $case_sensitive Boolean case sensitivity indicator, default false
      */
-    function HTMLPurifier_AttrTransform_EnumToCSS($attr, $enum_to_css, $case_sensitive = false) {
+    public function __construct($attr, $enum_to_css, $case_sensitive = false) {
         $this->attr = $attr;
         $this->enumToCSS = $enum_to_css;
         $this->caseSensitive = (bool) $case_sensitive;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         
         if (!isset($attr[$this->attr])) return $attr;
         

library/HTMLPurifier/AttrTransform/ImgRequired.php

@@ -28,7 +28,7 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         
         $src = true;
         if (!isset($attr['src'])) {

library/HTMLPurifier/AttrTransform/ImgSpace.php

@@ -5,23 +5,22 @@ require_once 'HTMLPurifier/AttrTransform.php';
 /**
  * Pre-transform that changes deprecated hspace and vspace attributes to CSS
  */
-class HTMLPurifier_AttrTransform_ImgSpace
-extends HTMLPurifier_AttrTransform {
+class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
     
-    var $attr;
-    var $css = array(
+    protected $attr;
+    protected $css = array(
         'hspace' => array('left', 'right'),
         'vspace' => array('top', 'bottom')
     );
     
-    function HTMLPurifier_AttrTransform_ImgSpace($attr) {
+    public function __construct($attr) {
         $this->attr = $attr;
         if (!isset($this->css[$attr])) {
             trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
         }
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         
         if (!isset($attr[$this->attr])) return $attr;
         

library/HTMLPurifier/AttrTransform/Lang.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         
         $lang     = isset($attr['lang']) ? $attr['lang'] : false;
         $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;

library/HTMLPurifier/AttrTransform/Length.php

@@ -8,15 +8,15 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
 {
     
-    var $name;
-    var $cssName;
+    protected $name;
+    protected $cssName;
     
-    function HTMLPurifier_AttrTransform_Length($name, $css_name = null) {
+    public function __construct($name, $css_name = null) {
         $this->name = $name;
         $this->cssName = $css_name ? $css_name : $name;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         if (!isset($attr[$this->name])) return $attr;
         $length = $this->confiscateAttr($attr, $this->name);
         if(ctype_digit($length)) $length .= 'px';

library/HTMLPurifier/AttrTransform/Name.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, $context) {
         if (!isset($attr['name'])) return $attr;
         $id = $this->confiscateAttr($attr, 'name');
         if ( isset($attr['id']))   return $attr;

library/HTMLPurifier/AttrTypes.php

@@ -20,15 +20,14 @@ class HTMLPurifier_AttrTypes
 {
     /**
      * Lookup array of attribute string identifiers to concrete implementations
-     * @protected
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Constructs the info array, supplying default implementations for attribute
      * types.
      */
-    function HTMLPurifier_AttrTypes() {
+    public function __construct() {
         // pseudo-types, must be instantiated via shorthand
         $this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
         $this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
@@ -57,7 +56,7 @@ class HTMLPurifier_AttrTypes
      * @param $type String type name
      * @return Object AttrDef for type
      */
-    function get($type) {
+    public function get($type) {
         
         // determine if there is any extra info tacked on
         if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
@@ -77,7 +76,7 @@ class HTMLPurifier_AttrTypes
      * @param $type String type name
      * @param $impl Object AttrDef for type
      */
-    function set($type, $impl) {
+    public function set($type, $impl) {
         $this->info[$type] = $impl;
     }
 }

library/HTMLPurifier/AttrValidator.php

@@ -18,7 +18,7 @@ class HTMLPurifier_AttrValidator
      * @param $config Instance of HTMLPurifier_Config
      * @param $context Instance of HTMLPurifier_Context
      */
-    function validateToken(&$token, &$config, &$context) {
+    public function validateToken(&$token, &$config, $context) {
             
         $definition = $config->getHTMLDefinition();
         $e =& $context->get('ErrorCollector', true);

library/HTMLPurifier/CSSDefinition.php

@@ -2,11 +2,13 @@
 
 require_once 'HTMLPurifier/Definition.php';
 
+require_once 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Background.php';
 require_once 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Border.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Color.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Composite.php';
+require_once 'HTMLPurifier/AttrDef/CSS/Filter.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Font.php';
 require_once 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Length.php';
@@ -26,6 +28,14 @@ HTMLPurifier_ConfigSchema::define(
 </p>
 ');
 
+HTMLPurifier_ConfigSchema::define(
+    'CSS', 'Proprietary', false, 'bool', '
+<p>
+    Whether or not to allow safe, proprietary CSS values. This directive
+    has been available since 3.0.0.
+</p>
+');
+
 /**
  * Defines allowed CSS attributes and what their values are.
  * @see HTMLPurifier_HTMLDefinition
@@ -33,17 +43,17 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
 {
     
-    var $type = 'CSS';
+    public $type = 'CSS';
     
     /**
      * Assoc array of attribute name to definition object.
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Constructs the info array.  The meat of this class.
      */
-    function doSetup($config) {
+    protected function doSetup($config) {
         
         $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
             array('left', 'right', 'center', 'justify'), false);
@@ -224,6 +234,29 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         // partial support
         $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
         
+        if ($config->get('CSS', 'Proprietary')) {
+            $this->doSetupProprietary($config);
+        }
+        
+    }
+    
+    protected function doSetupProprietary($config) {
+        // Internet Explorer only scrollbar colors
+        $this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
+        $this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+        $this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
+        $this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+        $this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
+        $this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
+        
+        // technically not proprietary, but CSS3, and no one supports it
+        $this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+        $this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+        $this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+        
+        // only opacity, for now
+        $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
+        
     }
     
 }

library/HTMLPurifier/ChildDef.php

@@ -22,29 +22,25 @@ class HTMLPurifier_ChildDef
     /**
      * Type of child definition, usually right-most part of class name lowercase.
      * Used occasionally in terms of context.
-     * @public
      */
-    var $type;
+    public $type;
     
     /**
      * Bool that indicates whether or not an empty array of children is okay
      * 
      * This is necessary for redundant checking when changes affecting
      * a child node may cause a parent node to now be disallowed.
-     * 
-     * @public
      */
-    var $allow_empty;
+    public $allow_empty;
     
     /**
      * Lookup array of all elements that this definition could possibly allow
      */
-    var $elements = array();
+    public $elements = array();
     
     /**
      * Validates nodes according to definition and returns modification.
      * 
-     * @public
      * @param $tokens_of_children Array of HTMLPurifier_Token
      * @param $config HTMLPurifier_Config object
      * @param $context HTMLPurifier_Context object
@@ -52,7 +48,7 @@ class HTMLPurifier_ChildDef
      * @return bool false to remove parent node
      * @return array of replacement child tokens
      */
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, $context) {
         trigger_error('Call to abstract function', E_USER_ERROR);
     }
 }

library/HTMLPurifier/ChildDef/Chameleon.php

@@ -16,29 +16,27 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
     
     /**
      * Instance of the definition object to use when inline. Usually stricter.
-     * @public
      */
-    var $inline;
+    public $inline;
     
     /**
      * Instance of the definition object to use when block.
-     * @public
      */
-    var $block;
+    public $block;
     
-    var $type = 'chameleon';
+    public $type = 'chameleon';
     
     /**
      * @param $inline List of elements to allow when inline.
      * @param $block List of elements to allow when block.
      */
-    function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
+    public function __construct($inline, $block) {
         $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
         $this->block  = new HTMLPurifier_ChildDef_Optional($block);
         $this->elements = $this->block->elements;
     }
     
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, $context) {
         if ($context->get('IsInline') === false) {
             return $this->block->validateChildren(
                 $tokens_of_children, $config, $context);

library/HTMLPurifier/ChildDef/Custom.php

@@ -12,28 +12,28 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
 {
-    var $type = 'custom';
-    var $allow_empty = false;
+    public $type = 'custom';
+    public $allow_empty = false;
     /**
      * Allowed child pattern as defined by the DTD
      */
-    var $dtd_regex;
+    public $dtd_regex;
     /**
      * PCRE regex derived from $dtd_regex
      * @private
      */
-    var $_pcre_regex;
+    private $_pcre_regex;
     /**
      * @param $dtd_regex Allowed child pattern from the DTD
      */
-    function HTMLPurifier_ChildDef_Custom($dtd_regex) {
+    public function __construct($dtd_regex) {
         $this->dtd_regex = $dtd_regex;
         $this->_compileRegex();
     }
     /**
      * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
      */
-    function _compileRegex() {
+    protected function _compileRegex() {
         $raw = str_replace(' ', '', $this->dtd_regex);
         if ($raw{0} != '(') {
             $raw = "($raw)";
@@ -61,7 +61,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
         
         $this->_pcre_regex = $reg;
     }
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, $context) {
         $list_of_children = '';
         $nesting = 0; // depth into the nest
         foreach ($tokens_of_children as $token) {

library/HTMLPurifier/ChildDef/Empty.php

@@ -11,10 +11,10 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
 {
-    var $allow_empty = true;
-    var $type = 'empty';
-    function HTMLPurifier_ChildDef_Empty() {}
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public $allow_empty = true;
+    public $type = 'empty';
+    public function __construct() {}
+    public function validateChildren($tokens_of_children, $config, $context) {
         return array();
     }
 }

library/HTMLPurifier/ChildDef/Optional.php

@@ -11,9 +11,9 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
  */
 class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
 {
-    var $allow_empty = true;
-    var $type = 'optional';
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public $allow_empty = true;
+    public $type = 'optional';
+    public function validateChildren($tokens_of_children, $config, $context) {
         $result = parent::validateChildren($tokens_of_children, $config, $context);
         if ($result === false) {
             if (empty($tokens_of_children)) return true;

library/HTMLPurifier/ChildDef/Required.php

@@ -11,11 +11,11 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
      * Lookup table of allowed elements.
      * @public
      */
-    var $elements = array();
+    public $elements = array();
     /**
      * @param $elements List of allowed element names (lowercase).
      */
-    function HTMLPurifier_ChildDef_Required($elements) {
+    public function __construct($elements) {
         if (is_string($elements)) {
             $elements = str_replace(' ', '', $elements);
             $elements = explode('|', $elements);
@@ -30,9 +30,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
         }
         $this->elements = $elements;
     }
-    var $allow_empty = false;
-    var $type = 'required';
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public $allow_empty = false;
+    public $type = 'required';
+    public function validateChildren($tokens_of_children, $config, $context) {
         // if there are no tokens, delete parent node
         if (empty($tokens_of_children)) return false;
         

library/HTMLPurifier/ChildDef/StrictBlockquote.php

@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
 class   HTMLPurifier_ChildDef_StrictBlockquote
 extends HTMLPurifier_ChildDef_Required
 {
-    var $real_elements;
-    var $fake_elements;
-    var $allow_empty = true;
-    var $type = 'strictblockquote';
-    var $init = false;
-    function validateChildren($tokens_of_children, $config, &$context) {
+    protected $real_elements;
+    protected $fake_elements;
+    public $allow_empty = true;
+    public $type = 'strictblockquote';
+    protected $init = false;
+    public function validateChildren($tokens_of_children, $config, $context) {
         
         $def = $config->getHTMLDefinition();
         if (!$this->init) {

library/HTMLPurifier/ChildDef/Table.php

@@ -7,12 +7,12 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
 {
-    var $allow_empty = false;
-    var $type = 'table';
-    var $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
+    public $allow_empty = false;
+    public $type = 'table';
+    public $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
         'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true);
-    function HTMLPurifier_ChildDef_Table() {}
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function __construct() {}
+    public function validateChildren($tokens_of_children, $config, $context) {
         if (empty($tokens_of_children)) return false;
         
         // this ensures that the loop gets run one last time before closing

library/HTMLPurifier/Config.php

@@ -35,6 +35,8 @@ if (!defined('PHP_EOL')) {
  *       because a configuration object should always be forwarded,
  *       otherwise, you run the risk of missing a parameter and then
  *       being stumped when a configuration directive doesn't work.
+ * 
+ * @todo Reconsider some of the public member variables
  */
 class HTMLPurifier_Config
 {
@@ -42,65 +44,68 @@ class HTMLPurifier_Config
     /**
      * HTML Purifier's version
      */
-    var $version = '2.1.3';
-    
-    /**
-     * Two-level associative array of configuration directives
-     */
-    var $conf;
-    
-    /**
-     * Reference HTMLPurifier_ConfigSchema for value checking
-     */
-    var $def;
-    
-    /**
-     * Indexed array of definitions
-     */
-    var $definitions;
-    
-    /**
-     * Bool indicator whether or not config is finalized
-     */
-    var $finalized = false;
+    public $version = '3.0.0';
     
     /**
      * Bool indicator whether or not to automatically finalize 
      * the object if a read operation is done
      */
-    var $autoFinalize = true;
+    public $autoFinalize = true;
+    
+    // protected member variables
     
     /**
      * Namespace indexed array of serials for specific namespaces (see
-     * getSerial for more info).
+     * getSerial() for more info).
      */
-    var $serials = array();
+    protected $serials = array();
     
     /**
      * Serial for entire configuration object
      */
-    var $serial;
+    protected $serial;
+    
+    /**
+     * Two-level associative array of configuration directives
+     */
+    protected $conf;
+    
+    /**
+     * Reference HTMLPurifier_ConfigSchema for value checking
+     * @note This is public for introspective purposes. Please don't
+     *       abuse!
+     */
+    public $def;
+    
+    /**
+     * Indexed array of definitions
+     */
+    protected $definitions;
+    
+    /**
+     * Bool indicator whether or not config is finalized
+     */
+    protected $finalized = false;
     
     /**
      * @param $definition HTMLPurifier_ConfigSchema that defines what directives
      *                    are allowed.
      */
-    function HTMLPurifier_Config(&$definition) {
+    public function __construct(&$definition) {
         $this->conf = $definition->defaults; // set up, copy in defaults
         $this->def  = $definition; // keep a copy around for checking
     }
     
     /**
      * Convenience constructor that creates a config object based on a mixed var
-     * @static
      * @param mixed $config Variable that defines the state of the config
      *                      object. Can be: a HTMLPurifier_Config() object,
      *                      an array of directives based on loadArray(),
      *                      or a string filename of an ini file.
      * @return Configured HTMLPurifier_Config object
      */
-    function create($config) {
-        if (is_a($config, 'HTMLPurifier_Config')) {
+    public static function create($config) {
+        if ($config instanceof HTMLPurifier_Config) {
             // pass-through
             return $config;
         }
@@ -112,10 +117,9 @@ class HTMLPurifier_Config
     
     /**
      * Convenience constructor that creates a default configuration object.
-     * @static
      * @return Default HTMLPurifier_Config object.
      */
-    function createDefault() {
+    public static function createDefault() {
         $definition =& HTMLPurifier_ConfigSchema::instance();
         $config = new HTMLPurifier_Config($definition);
         return $config;
@@ -126,7 +130,7 @@ class HTMLPurifier_Config
      * @param $namespace String namespace
      * @param $key String key
      */
-    function get($namespace, $key, $from_alias = false) {
+    public function get($namespace, $key) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         if (!isset($this->def->info[$namespace][$key])) {
             // can't add % due to SimpleTest bug
@@ -147,7 +151,7 @@ class HTMLPurifier_Config
      * Retreives an array of directives to values from a given namespace
      * @param $namespace String namespace
      */
-    function getBatch($namespace) {
+    public function getBatch($namespace) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         if (!isset($this->def->info[$namespace])) {
             trigger_error('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
@@ -164,7 +168,7 @@ class HTMLPurifier_Config
      *       before processing!
      * @param $namespace Namespace to get serial for
      */
-    function getBatchSerial($namespace) {
+    public function getBatchSerial($namespace) {
         if (empty($this->serials[$namespace])) {
             $batch = $this->getBatch($namespace);
             unset($batch['DefinitionRev']);
@@ -177,7 +181,7 @@ class HTMLPurifier_Config
      * Returns a md5 signature for the entire configuration object
      * that uniquely identifies that particular configuration
      */
-    function getSerial() {
+    public function getSerial() {
         if (empty($this->serial)) {
             $this->serial = md5(serialize($this->getAll()));
         }
@@ -187,7 +191,7 @@ class HTMLPurifier_Config
     /**
      * Retrieves all directives, organized by namespace
      */
-    function getAll() {
+    public function getAll() {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         return $this->conf;
     }
@@ -198,7 +202,7 @@ class HTMLPurifier_Config
      * @param $key String key
      * @param $value Mixed value
      */
-    function set($namespace, $key, $value, $from_alias = false) {
+    public function set($namespace, $key, $value, $from_alias = false) {
         if ($this->isFinalized('Cannot set directive after finalization')) return;
         if (!isset($this->def->info[$namespace][$key])) {
             trigger_error('Cannot set undefined directive ' . htmlspecialchars("$namespace.$key") . ' to value',
@@ -252,9 +256,8 @@ class HTMLPurifier_Config
     
     /**
      * Convenience function for error reporting
-     * @private
      */
-    function _listify($lookup) {
+    private function _listify($lookup) {
         $list = array();
         foreach ($lookup as $name => $b) $list[] = $name;
         return implode(', ', $list);
@@ -265,7 +268,7 @@ class HTMLPurifier_Config
      * @param $raw Return a copy that has not been setup yet. Must be
      *             called before it's been setup, otherwise won't work.
      */
-    function &getHTMLDefinition($raw = false) {
+    public function &getHTMLDefinition($raw = false) {
         $def =& $this->getDefinition('HTML', $raw);
         return $def; // prevent PHP 4.4.0 from complaining
     }
@@ -273,7 +276,7 @@ class HTMLPurifier_Config
     /**
      * Retrieves reference to the CSS definition
      */
-    function &getCSSDefinition($raw = false) {
+    public function &getCSSDefinition($raw = false) {
         $def =& $this->getDefinition('CSS', $raw);
         return $def;
     }
@@ -283,7 +286,7 @@ class HTMLPurifier_Config
      * @param $type Type of definition: HTML, CSS, etc
      * @param $raw  Whether or not definition should be returned raw
      */
-    function &getDefinition($type, $raw = false) {
+    public function &getDefinition($type, $raw = false) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         $factory = HTMLPurifier_DefinitionCacheFactory::instance();
         $cache = $factory->create($type, $this);
@@ -343,7 +346,7 @@ class HTMLPurifier_Config
      * Namespace.Directive => Value
      * @param $config_array Configuration associative array
      */
-    function loadArray($config_array) {
+    public function loadArray($config_array) {
         if ($this->isFinalized('Cannot load directives after finalization')) return;
         foreach ($config_array as $key => $value) {
             $key = str_replace('_', '.', $key);
@@ -366,9 +369,8 @@ class HTMLPurifier_Config
      * that are allowed in a web-form context as per an allowed
      * namespaces/directives list.
      * @param $allowed List of allowed namespaces/directives
-     * @static
      */
-    function getAllowedDirectivesForForm($allowed) {
+    public static function getAllowedDirectivesForForm($allowed) {
         $schema = HTMLPurifier_ConfigSchema::instance();
         if ($allowed !== true) {
              if (is_string($allowed)) $allowed = array($allowed);
@@ -411,9 +413,8 @@ class HTMLPurifier_Config
      * @param $index Index/name that the config variables are in
      * @param $allowed List of allowed namespaces/directives 
      * @param $mq_fix Boolean whether or not to enable magic quotes fix
-     * @static
      */
-    function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
         $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
         $config = HTMLPurifier_Config::create($ret);
         return $config;
@@ -423,7 +424,7 @@ class HTMLPurifier_Config
      * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
      * @note Same parameters as loadArrayFromForm
      */
-    function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
          $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
          $this->loadArray($ret);
     }
@@ -431,9 +432,8 @@ class HTMLPurifier_Config
     /**
      * Prepares an array from a form into something usable for the more
      * strict parts of HTMLPurifier_Config
-     * @static
      */
-    function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public static function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
         $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
         $mq = get_magic_quotes_gpc() && $mq_fix;
         
@@ -457,7 +457,7 @@ class HTMLPurifier_Config
      * Loads configuration values from an ini file
      * @param $filename Name of ini file
      */
-    function loadIni($filename) {
+    public function loadIni($filename) {
         if ($this->isFinalized('Cannot load directives after finalization')) return;
         $array = parse_ini_file($filename, true);
         $this->loadArray($array);
@@ -467,7 +467,7 @@ class HTMLPurifier_Config
      * Checks whether or not the configuration object is finalized.
      * @param $error String error message, or false for no error
      */
-    function isFinalized($error = false) {
+    public function isFinalized($error = false) {
         if ($this->finalized && $error) {
             trigger_error($error, E_USER_ERROR);
         }
@@ -478,17 +478,18 @@ class HTMLPurifier_Config
      * Finalizes configuration only if auto finalize is on and not
      * already finalized
      */
-    function autoFinalize() {
+    public function autoFinalize() {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
     }
     
     /**
      * Finalizes a configuration object, prohibiting further change
      */
-    function finalize() {
+    public function finalize() {
         $this->finalized = true;
     }
     
 }
 
 
+

library/HTMLPurifier/ConfigDef.php

@@ -4,6 +4,6 @@
  * Base class for configuration entity
  */
 class HTMLPurifier_ConfigDef {
-    var $class = false;
+    public $class = false;
 }
 

library/HTMLPurifier/ConfigDef/Directive.php

@@ -9,9 +9,9 @@ require_once 'HTMLPurifier/ConfigDef.php';
 class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
 {
     
-    var $class = 'directive';
+    public $class = 'directive';
     
-    function HTMLPurifier_ConfigDef_Directive(
+    public function __construct(
         $type = null,
         $descriptions = null,
         $allow_null = null,
@@ -37,40 +37,40 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
      *      - hash (array of key => value)
      *      - mixed (anything goes)
      */
-    var $type = 'mixed';
+    public $type = 'mixed';
     
     /**
      * Plaintext descriptions of the configuration entity is. Organized by
      * file and line number, so multiple descriptions are allowed.
      */
-    var $descriptions = array();
+    public $descriptions = array();
     
     /**
      * Is null allowed? Has no effect for mixed type.
      * @bool
      */
-    var $allow_null = false;
+    public $allow_null = false;
     
     /**
      * Lookup table of allowed values of the element, bool true if all allowed.
      */
-    var $allowed = true;
+    public $allowed = true;
     
     /**
      * Hash of value aliases, i.e. values that are equivalent.
      */
-    var $aliases = array();
+    public $aliases = array();
     
     /**
      * Advisory list of directive aliases, i.e. other directives that
      * redirect here
      */
-    var $directiveAliases = array();
+    public $directiveAliases = array();
     
     /**
      * Adds a description to the array
      */
-    function addDescription($file, $line, $description) {
+    public function addDescription($file, $line, $description) {
         if (!isset($this->descriptions[$file])) $this->descriptions[$file] = array();
         $this->descriptions[$file][$line] = $description;
     }

library/HTMLPurifier/ConfigDef/DirectiveAlias.php

@@ -7,18 +7,18 @@ require_once 'HTMLPurifier/ConfigDef.php';
  */
 class HTMLPurifier_ConfigDef_DirectiveAlias extends HTMLPurifier_ConfigDef
 {
-    var $class = 'alias';
+    public $class = 'alias';
     
     /**
      * Namespace being aliased to
      */
-    var $namespace;
+    public $namespace;
     /**
      * Directive being aliased to
      */
-    var $name;
+    public $name;
     
-    function HTMLPurifier_ConfigDef_DirectiveAlias($namespace, $name) {
+    public function __construct($namespace, $name) {
         $this->namespace = $namespace;
         $this->name = $name;
     }

library/HTMLPurifier/ConfigDef/Namespace.php

@@ -7,16 +7,16 @@ require_once 'HTMLPurifier/ConfigDef.php';
  */
 class HTMLPurifier_ConfigDef_Namespace extends HTMLPurifier_ConfigDef {
     
-    function HTMLPurifier_ConfigDef_Namespace($description = null) {
+    public function HTMLPurifier_ConfigDef_Namespace($description = null) {
         $this->description = $description;
     }
     
-    var $class = 'namespace';
+    public $class = 'namespace';
     
     /**
      * String description of what kinds of directives go in this namespace.
      */
-    var $description;
+    public $description;
     
 }
 

library/HTMLPurifier/ConfigSchema.php

@@ -33,22 +33,22 @@ class HTMLPurifier_ConfigSchema {
      * Defaults of the directives and namespaces.
      * @note This shares the exact same structure as HTMLPurifier_Config::$conf
      */
-    var $defaults = array();
+    public $defaults = array();
     
     /**
      * Definition of the directives.
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Definition of namespaces.
      */
-    var $info_namespace = array();
+    public $info_namespace = array();
     
     /**
      * Lookup table of allowed types.
      */
-    var $types = array(
+    public $types = array(
         'string'    => 'String',
         'istring'   => 'Case-insensitive string',
         'text'      => 'Text',
@@ -65,7 +65,7 @@ class HTMLPurifier_ConfigSchema {
     /**
      * Initializes the default namespaces.
      */
-    function initialize() {
+    public function initialize() {
         $this->defineNamespace('Core', 'Core features that are always available.');
         $this->defineNamespace('Attr', 'Features regarding attribute validation.');
         $this->defineNamespace('URI', 'Features regarding Uniform Resource Identifiers.');
@@ -73,6 +73,7 @@ class HTMLPurifier_ConfigSchema {
         $this->defineNamespace('CSS', 'Configuration regarding allowed CSS.');
         $this->defineNamespace('AutoFormat', 'Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s)');
         $this->defineNamespace('AutoFormatParam', 'Configuration for customizing auto-formatting functionality');
+        $this->defineNamespace('Filter', 'Configuration for filters');
         $this->defineNamespace('Output', 'Configuration relating to the generation of (X)HTML.');
         $this->defineNamespace('Cache', 'Configuration for DefinitionCache and related subclasses.');
         $this->defineNamespace('Test', 'Developer testing configuration for our unit tests.');
@@ -80,9 +81,8 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Retrieves an instance of the application-wide configuration definition.
-     * @static
      */
-    function &instance($prototype = null) {
+    public static function &instance($prototype = null) {
         static $instance;
         if ($prototype !== null) {
             $instance = $prototype;
@@ -95,7 +95,6 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a directive for configuration
-     * @static
      * @warning Will fail of directive's namespace is defined
      * @param $namespace Namespace the directive is in
      * @param $name Key of directive
@@ -104,7 +103,7 @@ class HTMLPurifier_ConfigSchema {
      *      HTMLPurifier_DirectiveDef::$type for allowed values
      * @param $description Description of directive for documentation
      */
-    function define($namespace, $name, $default, $type, $description) {
+    public static function define($namespace, $name, $default, $type, $description) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         
         // basic sanity checks
@@ -173,11 +172,10 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a namespace for directives to be put into.
-     * @static
      * @param $namespace Namespace's name
      * @param $description Description of the namespace
      */
-    function defineNamespace($namespace, $description) {
+    public static function defineNamespace($namespace, $description) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT) {
             if (isset($def->info[$namespace])) {
@@ -206,13 +204,12 @@ class HTMLPurifier_ConfigSchema {
      * 
      * Directive value aliases are convenient for developers because it lets
      * them set a directive to several values and get the same result.
-     * @static
      * @param $namespace Directive's namespace
      * @param $name Name of Directive
      * @param $alias Name of aliased value
      * @param $real Value aliased value will be converted into
      */
-    function defineValueAliases($namespace, $name, $aliases) {
+    public static function defineValueAliases($namespace, $name, $aliases) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
             trigger_error('Cannot set value alias for non-existant directive',
@@ -240,12 +237,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a set of allowed values for a directive.
-     * @static
      * @param $namespace Namespace of directive
      * @param $name Name of directive
      * @param $allowed_values Arraylist of allowed values
      */
-    function defineAllowedValues($namespace, $name, $allowed_values) {
+    public static function defineAllowedValues($namespace, $name, $allowed_values) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
             trigger_error('Cannot define allowed values for undefined directive',
@@ -279,13 +275,12 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a directive alias for backwards compatibility
-     * @static
      * @param $namespace
      * @param $name Directive that will be aliased
      * @param $new_namespace
      * @param $new_name Directive that the alias will be to
      */
-    function defineAlias($namespace, $name, $new_namespace, $new_name) {
+    public static function defineAlias($namespace, $name, $new_namespace, $new_name) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT) {
             if (!isset($def->info[$namespace])) {
@@ -322,8 +317,9 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Validate a variable according to type. Return null if invalid.
+     * @todo Consider making protected
      */
-    function validate($var, $type, $allow_null = false) {
+    public function validate($var, $type, $allow_null = false) {
         if (!isset($this->types[$type])) {
             trigger_error('Invalid type', E_USER_ERROR);
             return;
@@ -414,8 +410,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Takes an absolute path and munges it into a more manageable relative path
+     * @todo Consider making protected
+     * @param $filename Filename to check
+     * @return string munged filename
      */
-    function mungeFilename($filename) {
+    public function mungeFilename($filename) {
         if (!HTMLPURIFIER_SCHEMA_STRICT) return $filename;
         $offset = strrpos($filename, 'HTMLPurifier');
         $filename = substr($filename, $offset);
@@ -425,10 +424,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Checks if var is an HTMLPurifier_Error object
+     * @todo Consider making protected
      */
-    function isError($var) {
+    public function isError($var) {
         if (!is_object($var)) return false;
-        if (!is_a($var, 'HTMLPurifier_Error')) return false;
+        if (!($var instanceof HTMLPurifier_Error)) return false;
         return true;
     }
 }

library/HTMLPurifier/ContentSets.php

@@ -7,39 +7,38 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
 require_once 'HTMLPurifier/ChildDef/Optional.php';
 require_once 'HTMLPurifier/ChildDef/Custom.php';
 
-// NOT UNIT TESTED!!!
-
+/**
+ * @todo Unit test
+ */
 class HTMLPurifier_ContentSets
 {
     
     /**
      * List of content set strings (pipe seperators) indexed by name.
-     * @public
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * List of content set lookups (element => true) indexed by name.
      * @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
-     * @public
      */
-    var $lookup = array();
+    public $lookup = array();
     
     /**
      * Synchronized list of defined content sets (keys of info)
      */
-    var $keys = array();
+    protected $keys = array();
     /**
      * Synchronized list of defined content values (values of info)
      */
-    var $values = array();
+    protected $values = array();
     
     /**
      * Merges in module's content sets, expands identifiers in the content
      * sets and populates the keys, values and lookup member variables.
      * @param $modules List of HTMLPurifier_HTMLModule
      */
-    function HTMLPurifier_ContentSets($modules) {
+    public function __construct($modules) {
         if (!is_array($modules)) $modules = array($modules);
         // populate content_sets based on module hints
         // sorry, no way of overloading
@@ -79,7 +78,7 @@ class HTMLPurifier_ContentSets
      * @param $def HTMLPurifier_ElementDef reference
      * @param $module Module that defined the ElementDef
      */
-    function generateChildDef(&$def, $module) {
+    public function generateChildDef(&$def, $module) {
         if (!empty($def->child)) return; // already done!
         $content_model = $def->content_model;
         if (is_string($content_model)) {
@@ -97,7 +96,7 @@ class HTMLPurifier_ContentSets
      * @param $def HTMLPurifier_ElementDef to have ChildDef extracted
      * @return HTMLPurifier_ChildDef corresponding to ElementDef
      */
-    function getChildDef($def, $module) {
+    public function getChildDef($def, $module) {
         $value = $def->content_model;
         if (is_object($value)) {
             trigger_error(
@@ -137,7 +136,7 @@ class HTMLPurifier_ContentSets
      * @param $string List of elements
      * @return Lookup array of elements
      */
-    function convertToLookup($string) {
+    protected function convertToLookup($string) {
         $array = explode('|', str_replace(' ', '', $string));
         $ret = array();
         foreach ($array as $i => $k) {

library/HTMLPurifier/Context.php

@@ -10,16 +10,15 @@ class HTMLPurifier_Context
     
     /**
      * Private array that stores the references.
-     * @private
      */
-    var $_storage = array();
+    private $_storage = array();
     
     /**
      * Registers a variable into the context.
      * @param $name String name
      * @param $ref Variable to be registered
      */
-    function register($name, &$ref) {
+    public function register($name, &$ref) {
         if (isset($this->_storage[$name])) {
             trigger_error("Name $name produces collision, cannot re-register",
                           E_USER_ERROR);
@@ -33,7 +32,7 @@ class HTMLPurifier_Context
      * @param $name String name
      * @param $ignore_error Boolean whether or not to ignore error
      */
-    function &get($name, $ignore_error = false) {
+    public function &get($name, $ignore_error = false) {
         if (!isset($this->_storage[$name])) {
             if (!$ignore_error) {
                 trigger_error("Attempted to retrieve non-existent variable $name",
@@ -49,7 +48,7 @@ class HTMLPurifier_Context
      * Destorys a variable in the context.
      * @param $name String name
      */
-    function destroy($name) {
+    public function destroy($name) {
         if (!isset($this->_storage[$name])) {
             trigger_error("Attempted to destroy non-existent variable $name",
                           E_USER_ERROR);
@@ -62,7 +61,7 @@ class HTMLPurifier_Context
      * Checks whether or not the variable exists.
      * @param $name String name
      */
-    function exists($name) {
+    public function exists($name) {
         return isset($this->_storage[$name]);
     }
     
@@ -70,7 +69,7 @@ class HTMLPurifier_Context
      * Loads a series of variables from an associative array
      * @param $context_array Assoc array of variables to load
      */
-    function loadArray(&$context_array) {
+    public function loadArray($context_array) {
         foreach ($context_array as $key => $discard) {
             $this->register($key, $context_array[$key]);
         }

library/HTMLPurifier/Definition.php

@@ -4,33 +4,31 @@
  * Super-class for definition datatype objects, implements serialization
  * functions for the class.
  */
-class HTMLPurifier_Definition
+abstract class HTMLPurifier_Definition
 {
     
     /**
      * Has setup() been called yet?
      */
-    var $setup = false;
+    public $setup = false;
     
     /**
      * What type of definition is it?
      */
-    var $type;
+    public $type;
     
     /**
      * Sets up the definition object into the final form, something
      * not done by the constructor
      * @param $config HTMLPurifier_Config instance
      */
-    function doSetup($config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract protected function doSetup($config);
     
     /**
      * Setup function that aborts if already setup
      * @param $config HTMLPurifier_Config instance
      */
-    function setup($config) {
+    public function setup($config) {
         if ($this->setup) return;
         $this->setup = true;
         $this->doSetup($config);

library/HTMLPurifier/DefinitionCache.php

@@ -10,25 +10,21 @@ require_once 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
 /**
  * Abstract class representing Definition cache managers that implements
  * useful common methods and is a factory.
- * @todo Get some sort of versioning variable so the library can easily
- *       invalidate the cache with a new version
- * @todo Make the test runner cache aware and allow the user to easily
- *       flush the cache
  * @todo Create a separate maintenance file advanced users can use to
  *       cache their custom HTMLDefinition, which can be loaded
  *       via a configuration directive
  * @todo Implement memcached
  */
-class HTMLPurifier_DefinitionCache
+abstract class HTMLPurifier_DefinitionCache
 {
     
-    var $type;
+    public $type;
     
     /**
      * @param $name Type of definition objects this instance of the
      *      cache will handle.
      */
-    function HTMLPurifier_DefinitionCache($type) {
+    public function __construct($type) {
         $this->type = $type;
     }
     
@@ -36,7 +32,7 @@ class HTMLPurifier_DefinitionCache
      * Generates a unique identifier for a particular configuration
      * @param Instance of HTMLPurifier_Config
      */
-    function generateKey($config) {
+    public function generateKey($config) {
         return $config->version . '-' . // possibly replace with function calls
                $config->getBatchSerial($this->type) . '-' .
                $config->get($this->type, 'DefinitionRev');
@@ -48,7 +44,7 @@ class HTMLPurifier_DefinitionCache
      * @param $key Key to test
      * @param $config Instance of HTMLPurifier_Config to test against
      */
-    function isOld($key, $config) {
+    public function isOld($key, $config) {
         if (substr_count($key, '-') < 2) return true;
         list($version, $hash, $revision) = explode('-', $key, 3);
         $compare = version_compare($version, $config->version);
@@ -68,7 +64,7 @@ class HTMLPurifier_DefinitionCache
      * @param $def Definition object to check
      * @return Boolean true if good, false if not
      */
-    function checkDefType($def) {
+    public function checkDefType($def) {
         if ($def->type !== $this->type) {
             trigger_error("Cannot use definition of type {$def->type} in cache for {$this->type}");
             return false;
@@ -79,50 +75,40 @@ class HTMLPurifier_DefinitionCache
     /**
      * Adds a definition object to the cache
      */
-    function add($def, $config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function add($def, $config);
     
     /**
      * Unconditionally saves a definition object to the cache
      */
-    function set($def, $config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function set($def, $config);
     
     /**
      * Replace an object in the cache
      */
-    function replace($def, $config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function replace($def, $config);
     
     /**
      * Retrieves a definition object from the cache
      */
-    function get($config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function get($config);
     
     /**
      * Removes a definition object to the cache
      */
-    function remove($config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function remove($config);
     
     /**
      * Clears all objects from cache
      */
-    function flush($config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function flush($config);
     
     /**
      * Clears all expired (older version or revision) objects from cache
+     * @note Be carefuly implementing this method as flush. Flush must
+     *       not interfere with other Definition types, and cleanup()
+     *       should not be repeatedly called by userland code.
      */
-    function cleanup($config) {
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
+    abstract public function cleanup($config);
+    
 }
 

library/HTMLPurifier/DefinitionCache/Decorator.php

@@ -8,15 +8,15 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
     /**
      * Cache object we are decorating
      */
-    var $cache;
+    public $cache;
     
-    function HTMLPurifier_DefinitionCache_Decorator() {}
+    public function __construct() {}
     
     /**
      * Lazy decorator function
      * @param $cache Reference to cache object to decorate
      */
-    function decorate(&$cache) {
+    public function decorate(&$cache) {
         $decorator = $this->copy();
         // reference is necessary for mocks in PHP 4
         $decorator->cache =& $cache;
@@ -27,31 +27,35 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
     /**
      * Cross-compatible clone substitute
      */
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         return $this->cache->add($def, $config);
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         return $this->cache->set($def, $config);
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         return $this->cache->replace($def, $config);
     }
     
-    function get($config) {
+    public function get($config) {
         return $this->cache->get($config);
     }
     
-    function flush($config) {
+    public function remove($config) {
+        return $this->cache->remove($config);
+    }
+    
+    public function flush($config) {
         return $this->cache->flush($config);
     }
     
-    function cleanup($config) {
+    public function cleanup($config) {
         return $this->cache->cleanup($config);
     }
     

library/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php

@@ -10,31 +10,31 @@ class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends
       HTMLPurifier_DefinitionCache_Decorator
 {
     
-    var $name = 'Cleanup';
+    public $name = 'Cleanup';
     
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator_Cleanup();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         $status = parent::add($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         $status = parent::set($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         $status = parent::replace($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function get($config) {
+    public function get($config) {
         $ret = parent::get($config);
         if (!$ret) parent::cleanup($config);
         return $ret;

library/HTMLPurifier/DefinitionCache/Decorator/Memory.php

@@ -11,32 +11,32 @@ class HTMLPurifier_DefinitionCache_Decorator_Memory extends
       HTMLPurifier_DefinitionCache_Decorator
 {
     
-    var $definitions;
-    var $name = 'Memory';
+    protected $definitions;
+    public $name = 'Memory';
     
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator_Memory();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         $status = parent::add($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         $status = parent::set($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         $status = parent::replace($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function get($config) {
+    public function get($config) {
         $key = $this->generateKey($config);
         if (isset($this->definitions[$key])) return $this->definitions[$key];
         $this->definitions[$key] = parent::get($config);

library/HTMLPurifier/DefinitionCache/Null.php

@@ -8,27 +8,31 @@ require_once 'HTMLPurifier/DefinitionCache.php';
 class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
 {
     
-    function add($def, $config) {
+    public function add($def, $config) {
         return false;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         return false;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         return false;
     }
     
-    function get($config) {
+    public function remove($config) {
         return false;
     }
     
-    function flush($config) {
+    public function get($config) {
         return false;
     }
     
-    function cleanup($config) {
+    public function flush($config) {
+        return false;
+    }
+    
+    public function cleanup($config) {
         return false;
     }
     

library/HTMLPurifier/DefinitionCache/Serializer.php

@@ -17,7 +17,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
       HTMLPurifier_DefinitionCache
 {
     
-    function add($def, $config) {
+    public function add($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (file_exists($file)) return false;
@@ -25,14 +25,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         return $this->_write($file, serialize($def));
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (!$this->_prepareDir($config)) return false;
         return $this->_write($file, serialize($def));
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
@@ -40,19 +40,19 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         return $this->_write($file, serialize($def));
     }
     
-    function get($config) {
+    public function get($config) {
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
         return unserialize(file_get_contents($file));
     }
     
-    function remove($config) {
+    public function remove($config) {
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
         return unlink($file);
     }
     
-    function flush($config) {
+    public function flush($config) {
         if (!$this->_prepareDir($config)) return false;
         $dir = $this->generateDirectoryPath($config);
         $dh  = opendir($dir);
@@ -63,7 +63,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         }
     }
     
-    function cleanup($config) {
+    public function cleanup($config) {
         if (!$this->_prepareDir($config)) return false;
         $dir = $this->generateDirectoryPath($config);
         $dh  = opendir($dir);
@@ -78,8 +78,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates the file path to the serial file corresponding to
      * the configuration and definition name
+     * @todo Make protected
      */
-    function generateFilePath($config) {
+    public function generateFilePath($config) {
         $key = $this->generateKey($config);
         return $this->generateDirectoryPath($config) . '/' . $key . '.ser';
     }
@@ -87,8 +88,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates the path to the directory contain this cache's serial files
      * @note No trailing slash
+     * @todo Make protected
      */
-    function generateDirectoryPath($config) {
+    public function generateDirectoryPath($config) {
         $base = $this->generateBaseDirectoryPath($config);
         return $base . '/' . $this->type;
     }
@@ -96,8 +98,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates path to base directory that contains all definition type
      * serials
+     * @todo Make protected
      */
-    function generateBaseDirectoryPath($config) {
+    public function generateBaseDirectoryPath($config) {
         $base = $config->get('Cache', 'SerializerPath');
         $base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base;
         return $base;
@@ -109,7 +112,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * @param $data Data to write into file
      * @return Number of bytes written if success, or false if failure.
      */
-    function _write($file, $data) {
+    private function _write($file, $data) {
         static $file_put_contents;
         if ($file_put_contents === null) {
             $file_put_contents = function_exists('file_put_contents');
@@ -128,7 +131,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * Prepares the directory that this type stores the serials in
      * @return True if successful
      */
-    function _prepareDir($config) {
+    private function _prepareDir($config) {
         $directory = $this->generateDirectoryPath($config);
         if (!is_dir($directory)) {
             $base = $this->generateBaseDirectoryPath($config);
@@ -151,7 +154,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * Tests permissions on a directory and throws out friendly
      * error messages and attempts to chmod it itself if possible
      */
-    function _testPermissions($dir) {
+    private function _testPermissions($dir) {
         // early abort, if it is writable, everything is hunky-dory
         if (is_writable($dir)) return true;
         if (!is_dir($dir)) {

library/HTMLPurifier/DefinitionCacheFactory.php

@@ -10,10 +10,6 @@ to disable caching (not recommended, as you will see a definite
 performance degradation). This directive has been available since 2.0.0.
 ');
 
-HTMLPurifier_ConfigSchema::defineAllowedValues(
-    'Cache', 'DefinitionImpl', array('Serializer')
-);
-
 HTMLPurifier_ConfigSchema::defineAlias(
     'Core', 'DefinitionCache',
     'Cache', 'DefinitionImpl'
@@ -26,21 +22,21 @@ HTMLPurifier_ConfigSchema::defineAlias(
 class HTMLPurifier_DefinitionCacheFactory
 {
     
-    var $caches = array('Serializer' => array());
-    var $decorators = array();
+    protected $caches = array('Serializer' => array());
+    protected $implementations = array();
+    protected $decorators = array();
     
     /**
      * Initialize default decorators
      */
-    function setup() {
+    public function setup() {
         $this->addDecorator('Cleanup');
     }
     
     /**
      * Retrieves an instance of global definition cache factory.
-     * @static
      */
-    function &instance($prototype = null) {
+    public static function &instance($prototype = null) {
         static $instance;
         if ($prototype !== null) {
             $instance = $prototype;
@@ -51,14 +47,21 @@ class HTMLPurifier_DefinitionCacheFactory
         return $instance;
     }
     
+    /**
+     * Registers a new definition cache object
+     * @param $short Short name of cache object, for reference
+     * @param $long Full class name of cache object, for construction 
+     */
+    public function register($short, $long) {
+        $this->implementations[$short] = $long;
+    }
+    
     /**
      * Factory method that creates a cache object based on configuration
      * @param $name Name of definitions handled by cache
      * @param $config Instance of HTMLPurifier_Config
      */
-    function &create($type, $config) {
-        // only one implementation as for right now, $config will
-        // be used to determine implementation
+    public function &create($type, $config) {
         $method = $config->get('Cache', 'DefinitionImpl');
         if ($method === null) {
             $null = new HTMLPurifier_DefinitionCache_Null($type);
@@ -67,7 +70,17 @@ class HTMLPurifier_DefinitionCacheFactory
         if (!empty($this->caches[$method][$type])) {
             return $this->caches[$method][$type];
         }
-        $cache = new HTMLPurifier_DefinitionCache_Serializer($type);
+        if (
+          isset($this->implementations[$method]) &&
+          class_exists($class = $this->implementations[$method], false)
+        ) {
+            $cache = new $class($type);
+        } else {
+            if ($method != 'Serializer') {
+                trigger_error("Unrecognized DefinitionCache $method, using Serializer instead", E_USER_WARNING);
+            }
+            $cache = new HTMLPurifier_DefinitionCache_Serializer($type);
+        }
         foreach ($this->decorators as $decorator) {
             $new_cache = $decorator->decorate($cache);
             // prevent infinite recursion in PHP 4
@@ -82,7 +95,7 @@ class HTMLPurifier_DefinitionCacheFactory
      * Registers a decorator to add to all new cache objects
      * @param 
      */
-    function addDecorator($decorator) {
+    public function addDecorator($decorator) {
         if (is_string($decorator)) {
             $class = "HTMLPurifier_DefinitionCache_Decorator_$decorator";
             $decorator = new $class;

library/HTMLPurifier/Doctype.php

@@ -11,40 +11,40 @@ class HTMLPurifier_Doctype
     /**
      * Full name of doctype
      */
-    var $name;
+    public $name;
     
     /**
      * List of standard modules (string identifiers or literal objects)
      * that this doctype uses
      */
-    var $modules = array();
+    public $modules = array();
     
     /**
      * List of modules to use for tidying up code
      */
-    var $tidyModules = array();
+    public $tidyModules = array();
     
     /**
      * Is the language derived from XML (i.e. XHTML)?
      */
-    var $xml = true;
+    public $xml = true;
     
     /**
      * List of aliases for this doctype
      */
-    var $aliases = array();
+    public $aliases = array();
     
     /**
      * Public DTD identifier
      */
-    var $dtdPublic;
+    public $dtdPublic;
     
     /**
      * System DTD identifier
      */
-    var $dtdSystem;
+    public $dtdSystem;
     
-    function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
+    public function __construct($name = null, $xml = true, $modules = array(),
         $tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
     ) {
         $this->name         = $name;
@@ -59,7 +59,7 @@ class HTMLPurifier_Doctype
     /**
      * Clones the doctype, use before resolving modes and the like
      */
-    function copy() {
+    public function copy() {
         return unserialize(serialize($this));
     }
 }

library/HTMLPurifier/DoctypeRegistry.php

@@ -23,15 +23,13 @@ class HTMLPurifier_DoctypeRegistry
     
     /**
      * Hash of doctype names to doctype objects
-     * @protected
      */
-    var $doctypes;
+    protected $doctypes;
     
     /**
      * Lookup table of aliases to real doctype names
-     * @protected
      */
-    var $aliases;
+    protected $aliases;
     
     /**
      * Registers a doctype to the registry
@@ -43,7 +41,7 @@ class HTMLPurifier_DoctypeRegistry
      * @param $aliases Alias names for doctype
      * @return Reference to registered doctype (usable for further editing)
      */
-    function &register($doctype, $xml = true, $modules = array(),
+    public function &register($doctype, $xml = true, $modules = array(),
         $tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
     ) {
         if (!is_array($modules)) $modules = array($modules);
@@ -73,7 +71,7 @@ class HTMLPurifier_DoctypeRegistry
      * @param $doctype Name of doctype
      * @return Reference to doctype object
      */
-    function &get($doctype) {
+    public function &get($doctype) {
         if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
         if (!isset($this->doctypes[$doctype])) {
             trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
@@ -91,7 +89,7 @@ class HTMLPurifier_DoctypeRegistry
      *       Generator whether or not the current document is XML
      *       based or not).
      */
-    function make($config) {
+    public function make($config) {
         $original_doctype = $this->get($this->getDoctypeFromConfig($config));
         $doctype = $original_doctype->copy();
         return $doctype;
@@ -100,7 +98,7 @@ class HTMLPurifier_DoctypeRegistry
     /**
      * Retrieves the doctype from the configuration object
      */
-    function getDoctypeFromConfig($config) {
+    public function getDoctypeFromConfig($config) {
         // recommended test
         $doctype = $config->get('HTML', 'Doctype');
         if (!empty($doctype)) return $doctype;

library/HTMLPurifier/ElementDef.php

@@ -13,7 +13,7 @@ class HTMLPurifier_ElementDef
      * Does the definition work by itself, or is it created solely
      * for the purpose of merging into another definition?
      */
-    var $standalone = true;
+    public $standalone = true;
     
     /**
      * Associative array of attribute name to HTMLPurifier_AttrDef
@@ -25,29 +25,23 @@ class HTMLPurifier_ElementDef
      *       contain string indentifiers in lieu of HTMLPurifier_AttrDef,
      *       see HTMLPurifier_AttrTypes on how they are expanded during
      *       HTMLPurifier_HTMLDefinition->setup() processing.
-     * @public
      */
-    var $attr = array();
+    public $attr = array();
     
     /**
      * Indexed list of tag's HTMLPurifier_AttrTransform to be done before validation
-     * @public
      */
-    var $attr_transform_pre = array();
+    public $attr_transform_pre = array();
     
     /**
      * Indexed list of tag's HTMLPurifier_AttrTransform to be done after validation
-     * @public
      */
-    var $attr_transform_post = array();
-    
-    
+    public $attr_transform_post = array();
     
     /**
      * HTMLPurifier_ChildDef of this tag.
-     * @public
      */
-    var $child;
+    public $child;
     
     /**
      * Abstract string representation of internal ChildDef rules. See
@@ -55,9 +49,8 @@ class HTMLPurifier_ElementDef
      * into an HTMLPurifier_ChildDef.
      * @warning This is a temporary variable that is not available after
      *      being processed by HTMLDefinition
-     * @public
      */
-    var $content_model;
+    public $content_model;
     
     /**
      * Value of $child->type, used to determine which ChildDef to use,
@@ -65,9 +58,8 @@ class HTMLPurifier_ElementDef
      * @warning This must be lowercase
      * @warning This is a temporary variable that is not available after
      *      being processed by HTMLDefinition
-     * @public
      */
-    var $content_model_type;
+    public $content_model_type;
     
     
     
@@ -76,16 +68,14 @@ class HTMLPurifier_ElementDef
      * is important for chameleon ins and del processing in 
      * HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
      * have to worry about this one.
-     * @public
      */
-    var $descendants_are_inline = false;
+    public $descendants_are_inline = false;
     
     /**
      * List of the names of required attributes this element has. Dynamically
-     * populated.
-     * @public
+     * populated by HTMLPurifier_HTMLDefinition::getElement
      */
-    var $required_attr = array();
+    public $required_attr = array();
     
     /**
      * Lookup table of tags excluded from all descendants of this tag.
@@ -97,20 +87,18 @@ class HTMLPurifier_ElementDef
      *       all descendants and not just children. Note that the XHTML
      *       Modularization Abstract Modules are blithely unaware of such
      *       distinctions.
-     * @public
      */
-    var $excludes = array();
+    public $excludes = array();
     
     /**
      * Is this element safe for untrusted users to use?
      */
-    var $safe;
+    public $safe;
     
     /**
      * Low-level factory constructor for creating new standalone element defs
-     * @static
      */
-    function create($safe, $content_model, $content_model_type, $attr) {
+    public static function create($safe, $content_model, $content_model_type, $attr) {
         $def = new HTMLPurifier_ElementDef();
         $def->safe = (bool) $safe;
         $def->content_model = $content_model;
@@ -124,7 +112,7 @@ class HTMLPurifier_ElementDef
      * Values from the new element def take precedence if a value is
      * not mergeable.
      */
-    function mergeIn($def) {
+    public function mergeIn($def) {
         
         // later keys takes precedence
         foreach($def->attr as $k => $v) {
@@ -165,7 +153,7 @@ class HTMLPurifier_ElementDef
      * @param $a1 Array by reference that is merged into
      * @param $a2 Array that merges into $a1
      */
-    function _mergeAssocArray(&$a1, $a2) {
+    private function _mergeAssocArray(&$a1, $a2) {
         foreach ($a2 as $k => $v) {
             if ($v === false) {
                 if (isset($a1[$k])) unset($a1[$k]);
@@ -178,7 +166,7 @@ class HTMLPurifier_ElementDef
     /**
      * Retrieves a copy of the element definition
      */
-    function copy() {
+    public function copy() {
         return unserialize(serialize($this));
     }
     

library/HTMLPurifier/Encoder.php

@@ -58,7 +58,7 @@ class HTMLPurifier_Encoder
     /**
      * Constructor throws fatal error if you attempt to instantiate class
      */
-    function HTMLPurifier_Encoder() {
+    private function __construct() {
         trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
     }
     
@@ -68,7 +68,6 @@ class HTMLPurifier_Encoder
      * It will parse according to UTF-8 and return a valid UTF8 string, with
      * non-SGML codepoints excluded.
      * 
-     * @static
      * @note Just for reference, the non-SGML code points are 0 to 31 and
      *       127 to 159, inclusive.  However, we allow code points 9, 10
      *       and 13, which are the tab, line feed and carriage return
@@ -88,7 +87,7 @@ class HTMLPurifier_Encoder
      *       would need that, and I'm probably not going to implement them.
      *       Once again, PHP 6 should solve all our problems.
      */
-    function cleanUTF8($str, $force_php = false) {
+    public static function cleanUTF8($str, $force_php = false) {
         
         static $non_sgml_chars = array();
         if (empty($non_sgml_chars)) {
@@ -246,7 +245,6 @@ class HTMLPurifier_Encoder
     
     /**
      * Translates a Unicode codepoint into its corresponding UTF-8 character.
-     * @static
      * @note Based on Feyd's function at
      *       <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
      *       which is in public domain.
@@ -271,7 +269,7 @@ class HTMLPurifier_Encoder
     // | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
     // +----------+----------+----------+----------+ 
     
-    function unichr($code) {
+    public static function unichr($code) {
         if($code > 1114111 or $code < 0 or
           ($code >= 55296 and $code <= 57343) ) {
             // bits are set outside the "valid" range as defined
@@ -310,9 +308,8 @@ class HTMLPurifier_Encoder
     
     /**
      * Converts a string to UTF-8 based on configuration.
-     * @static
      */
-    function convertToUTF8($str, $config, &$context) {
+    public static function convertToUTF8($str, $config, $context) {
         static $iconv = null;
         if ($iconv === null) $iconv = function_exists('iconv');
         $encoding = $config->get('Core', 'Encoding');
@@ -327,11 +324,10 @@ class HTMLPurifier_Encoder
     
     /**
      * Converts a string from UTF-8 based on configuration.
-     * @static
      * @note Currently, this is a lossy conversion, with unexpressable
      *       characters being omitted.
      */
-    function convertFromUTF8($str, $config, &$context) {
+    public static function convertFromUTF8($str, $config, $context) {
         static $iconv = null;
         if ($iconv === null) $iconv = function_exists('iconv');
         $encoding = $config->get('Core', 'Encoding');
@@ -349,7 +345,6 @@ class HTMLPurifier_Encoder
     
     /**
      * Lossless (character-wise) conversion of HTML to ASCII
-     * @static
      * @param $str UTF-8 string to be converted to ASCII
      * @returns ASCII encoded string with non-ASCII character entity-ized
      * @warning Adapted from MediaWiki, claiming fair use: this is a common
@@ -364,7 +359,7 @@ class HTMLPurifier_Encoder
      * @note Sort of with cleanUTF8() but it assumes that $str is
      *       well-formed UTF-8
      */
-    function convertToASCIIDumbLossless($str) {
+    public static function convertToASCIIDumbLossless($str) {
         $bytesleft = 0;
         $result = '';
         $working = 0;

library/HTMLPurifier/EntityLookup.php

@@ -7,9 +7,8 @@ class HTMLPurifier_EntityLookup {
     
     /**
      * Assoc array of entity name to character represented.
-     * @public
      */
-    var $table;
+    public $table;
     
     /**
      * Sets up the entity lookup table from the serialized file contents.
@@ -17,7 +16,7 @@ class HTMLPurifier_EntityLookup {
      *       using the maintenance script generate_entity_file.php
      * @warning This is not in constructor to help enforce the Singleton
      */
-    function setup($file = false) {
+    public function setup($file = false) {
         if (!$file) {
             $file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
         }
@@ -26,10 +25,9 @@ class HTMLPurifier_EntityLookup {
     
     /**
      * Retrieves sole instance of the object.
-     * @static
      * @param Optional prototype of custom lookup table to overload with.
      */
-    function instance($prototype = false) {
+    public static function instance($prototype = false) {
         // no references, since PHP doesn't copy unless modified
         static $instance = null;
         if ($prototype) {

library/HTMLPurifier/EntityParser.php

@@ -15,24 +15,21 @@ class HTMLPurifier_EntityParser
     
     /**
      * Reference to entity lookup table.
-     * @protected
      */
-    var $_entity_lookup;
+    protected $_entity_lookup;
     
     /**
      * Callback regex string for parsing entities.
-     * @protected
      */                             
-    var $_substituteEntitiesRegex =
+    protected $_substituteEntitiesRegex =
 '/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
 //     1. hex             2. dec      3. string (XML style)
     
     
     /**
      * Decimal to parsed string conversion table for special entities.
-     * @protected
      */
-    var $_special_dec2str =
+    protected $_special_dec2str =
             array(
                     34 => '"',
                     38 => '&',
@@ -43,9 +40,8 @@ class HTMLPurifier_EntityParser
     
     /**
      * Stripped entity names to decimal conversion table for special entities.
-     * @protected
      */
-    var $_special_ent2dec =
+    protected $_special_ent2dec =
             array(
                     'quot' => 34,
                     'amp'  => 38,
@@ -58,11 +54,10 @@ class HTMLPurifier_EntityParser
      * running this whenever you have parsed character is t3h 5uck, we run
      * it before everything else.
      * 
-     * @protected
      * @param $string String to have non-special entities parsed.
      * @returns Parsed string.
      */
-    function substituteNonSpecialEntities($string) {
+    public function substituteNonSpecialEntities($string) {
         // it will try to detect missing semicolons, but don't rely on it
         return preg_replace_callback(
             $this->_substituteEntitiesRegex,
@@ -74,15 +69,13 @@ class HTMLPurifier_EntityParser
     /**
      * Callback function for substituteNonSpecialEntities() that does the work.
      * 
-     * @warning Though this is public in order to let the callback happen,
-     *          calling it directly is not recommended.
      * @param $matches  PCRE matches array, with 0 the entire match, and
      *                  either index 1, 2 or 3 set with a hex value, dec value,
      *                  or string (respectively).
      * @returns Replacement string.
      */
     
-    function nonSpecialEntityCallback($matches) {
+    protected function nonSpecialEntityCallback($matches) {
         // replaces all but big five
         $entity = $matches[0];
         $is_num = (@$matches[0][1] === '#');
@@ -113,11 +106,10 @@ class HTMLPurifier_EntityParser
      * @notice We try to avoid calling this function because otherwise, it
      * would have to be called a lot (for every parsed section).
      * 
-     * @protected
      * @param $string String to have non-special entities parsed.
      * @returns Parsed string.
      */
-    function substituteSpecialEntities($string) {
+    public function substituteSpecialEntities($string) {
         return preg_replace_callback(
             $this->_substituteEntitiesRegex,
             array($this, 'specialEntityCallback'),
@@ -129,14 +121,12 @@ class HTMLPurifier_EntityParser
      * 
      * This callback has same syntax as nonSpecialEntityCallback().
      * 
-     * @warning Though this is public in order to let the callback happen,
-     *          calling it directly is not recommended.
      * @param $matches  PCRE-style matches array, with 0 the entire match, and
      *                  either index 1, 2 or 3 set with a hex value, dec value,
      *                  or string (respectively).
      * @returns Replacement string.
      */
-    function specialEntityCallback($matches) {
+    protected function specialEntityCallback($matches) {
         $entity = $matches[0];
         $is_num = (@$matches[0][1] === '#');
         if ($is_num) {

library/HTMLPurifier/ErrorCollector.php

@@ -9,15 +9,15 @@ require_once 'HTMLPurifier/Generator.php';
 class HTMLPurifier_ErrorCollector
 {
     
-    var $errors = array();
-    var $locale;
-    var $generator;
-    var $context;
+    protected $errors = array();
+    protected $locale;
+    protected $generator;
+    protected $context;
     
-    function HTMLPurifier_ErrorCollector(&$context) {
-        $this->locale  =& $context->get('Locale');
+    public function __construct($context) {
+        $this->locale    =& $context->get('Locale');
         $this->generator =& $context->get('Generator');
-        $this->context =& $context;
+        $this->context   =& $context;
     }
     
     /**
@@ -26,7 +26,7 @@ class HTMLPurifier_ErrorCollector
      * @param $severity int Error severity, PHP error style (don't use E_USER_)
      * @param $msg string Error message text
      */
-    function send($severity, $msg) {
+    public function send($severity, $msg) {
         
         $args = array();
         if (func_num_args() > 2) {
@@ -65,7 +65,7 @@ class HTMLPurifier_ErrorCollector
      * @param List of arrays in format of array(Error message text,
      *        token that caused error, tokens surrounding token)
      */
-    function getRaw() {
+    public function getRaw() {
         return $this->errors;
     }
     
@@ -73,7 +73,7 @@ class HTMLPurifier_ErrorCollector
      * Default HTML formatting implementation for error messages
      * @param $config Configuration array, vital for HTML output nature
      */
-    function getHTMLFormatted($config) {
+    public function getHTMLFormatted($config) {
         $ret = array();
         
         $errors = $this->errors;

library/HTMLPurifier/Filter.php

@@ -14,6 +14,9 @@
  * named 1, 2 and 3, the order of execution should go 1->preFilter,
  * 2->preFilter, 3->preFilter, purify, 3->postFilter, 2->postFilter,
  * 1->postFilter.
+ * 
+ * @note Methods are not declared abstract as it is perfectly legitimate
+ *       for an implementation not to want anything to happen on a step
  */
 
 class HTMLPurifier_Filter
@@ -22,17 +25,21 @@ class HTMLPurifier_Filter
     /**
      * Name of the filter for identification purposes
      */
-    var $name;
+    public $name;
     
     /**
      * Pre-processor function, handles HTML before HTML Purifier 
      */
-    function preFilter($html, $config, &$context) {}
+    public function preFilter($html, $config, $context) {
+        return $html;
+    }
     
     /**
      * Post-processor function, handles HTML after HTML Purifier
      */
-    function postFilter($html, $config, &$context) {}
+    public function postFilter($html, $config, $context) {
+        return $html;
+    }
     
 }