mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-11 16:44:59 +02:00
Compare commits
32 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f38e81785f | ||
|
|
2cc829a8cf | ||
|
|
e80a54a7c9 | ||
|
|
6f71e65661 | ||
|
|
6f25c39c3e | ||
|
|
b8b1ac283d | ||
|
|
450fc6649d | ||
|
|
369a69d533 | ||
|
|
72f5819ef6 | ||
|
|
3540ea7fce | ||
|
|
c03953f85e | ||
|
|
0d262b3a1d | ||
|
|
234cd2196f | ||
|
|
0dbe87bbc7 | ||
|
|
245b5bdb27 | ||
|
|
864cb9e136 | ||
|
|
487fcd55ea | ||
|
|
ec6b6821cf | ||
|
|
f26eb7551a | ||
|
|
a2aca4819d | ||
|
|
a75e4c6b7c | ||
|
|
e7fa8cbdd5 | ||
|
|
5fa575f8ac | ||
|
|
9f23bc005b | ||
|
|
957a840f54 | ||
|
|
a7762c5137 | ||
|
|
aca9d725ed | ||
|
|
4ce3deba26 | ||
|
|
d4da02ba95 | ||
|
|
97d3c8509c | ||
|
|
21c6803401 | ||
|
|
36badb06f6 |
2
Doxyfile
2
Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME = HTMLPurifier
|
||||
# This could be handy for archiving the generated documentation or
|
||||
# if some version control system is used.
|
||||
|
||||
PROJECT_NUMBER = 3.0.0
|
||||
PROJECT_NUMBER = 2.1.5
|
||||
|
||||
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
|
||||
# base path where the generated documentation will be put.
|
||||
|
||||
17
INSTALL
17
INSTALL
@@ -14,17 +14,18 @@ basic sanity checks to get the most out of this library.
|
||||
---------------------------------------------------------------------------
|
||||
1. Compatibility
|
||||
|
||||
HTML Purifier is PHP 5 only, and is actively tested from PHP 5.0.0 and
|
||||
up (see tests/multitest.php for the specific versions that are being
|
||||
actively tested). It has no core dependencies with other libraries. PHP
|
||||
4 support was deprecated on December 31, 2007 with HTML Purifier 3.0.0.
|
||||
Essential security fixes will be issued for the 2.1.x branch until
|
||||
August 8, 2008.
|
||||
THIS IS A DEPRECATED PHP4 VERSION OF HTML PURIFIER.
|
||||
|
||||
If you are running PHP5, please go to http://htmlpurifier.org to download
|
||||
the latest version. This version of HTML Purifier is only actively tested
|
||||
from PHP 4.3.7 to PHP 5.0.5. Essential security will be released for this branch
|
||||
fixes will be issued for the PHP 4 version until August 8, 2008.
|
||||
|
||||
These optional extensions can enhance the capabilities of HTML Purifier:
|
||||
|
||||
* iconv : Converts text to and from non-UTF-8 encodings
|
||||
* tidy : Used for pretty-printing HTML
|
||||
* iconv : Converts text to and from non-UTF-8 encodings
|
||||
* bcmath : Used for unit conversion and imagecrash protection
|
||||
* tidy : Used for pretty-printing HTML
|
||||
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,7 +17,7 @@ ce document pour quelques choses.
|
||||
|
||||
1. Compatibilité
|
||||
|
||||
HTML Purifier fonctionne dans PHP 5. PHP 5.0.0 est le dernier
|
||||
HTML Purifier fonctionne dans PHP 4 et PHP 5. PHP 4.3.2 est le dernier
|
||||
version que je le testais. Il ne dépend de les autre librairies.
|
||||
|
||||
Les extensions optionnel est iconv (en général déjà installer) et
|
||||
|
||||
78
NEWS
78
NEWS
@@ -9,33 +9,63 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
. Internal change
|
||||
==========================
|
||||
|
||||
3.0.0, released 2008-01-06
|
||||
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
|
||||
until PHP 4 is completely deprecated, but no new features will be added
|
||||
to it.
|
||||
+ Visibility declarations added
|
||||
+ Constructor methods renamed to __construct()
|
||||
+ PHP4 reference cruft removed (in progress)
|
||||
! CSS properties are now case-insensitive
|
||||
ERRATA
|
||||
- PH5P is seriously broken here; it can result in fatal errors and exceptions.
|
||||
If you desire to use it, please use it with the latest, PHP5-only version of
|
||||
HTML Purifier.
|
||||
|
||||
2.1.5, released 2008-06-19
|
||||
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
|
||||
and height/width HTML with %HTML.MaxImgLength.
|
||||
- AttrValidator operations are now atomic; updates to attributes are not
|
||||
manifest in token until end of operations. This prevents naughty internal
|
||||
code from directly modifying CurrentToken when they're not supposed to.
|
||||
- Percent encoding checks enabled for URI query and fragment
|
||||
- Disable percent height/width attributes for img
|
||||
- Fix stray backslashes in font-family; CSS Unicode character escapes are
|
||||
now properly resolved (although *only* in font-family).
|
||||
- Improve parseCDATA algorithm to take into account newline normalization
|
||||
- Account for browser confusion between Yen character and backslash in
|
||||
Shift_JIS encoding. This fix generalizes to any other encoding which is not
|
||||
a strict superset of printable ASCII.
|
||||
- Improved adherence to Unicode by checking for non-character codepoints.
|
||||
Thanks Geoffrey Sneddon for reporting. This may result in degraded
|
||||
performance for extremely large inputs.
|
||||
- Allow CSS property-value pair ''text-decoration: none''
|
||||
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
|
||||
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
|
||||
this class.
|
||||
. API of HTMLPurifier_AttrDef_CSS_Length changed from __construct($disable_negative)
|
||||
to __construct($min, $max). __construct(true) is equivalent to
|
||||
__construct('0'). (replace __construct with HTMLPurifier_AttrDef_CSS_Length)
|
||||
. Added HTMLPurifier_AttrDef_Switch class
|
||||
. Rename HTMLPurifier_HTMLModule_Tidy->construct() to setup() and bubble method
|
||||
up inheritance hierarchy to HTMLPurifier_HTMLModule. All HTMLModules
|
||||
get this called with the configuration object. All modules now
|
||||
use this rather than __construct(), although legacy code using constructors
|
||||
will still work--the new format, however, lets modules access the
|
||||
configuration object for HTML namespace dependant tweaks.
|
||||
. AttrDef_HTML_Pixels now takes a single construction parameter, pixels.
|
||||
|
||||
2.1.4, released 2008-05-18
|
||||
! DefinitionCacheFactory now can register new implementations
|
||||
! New HTMLPurifier_Filter_ExtractStyleBlocks for extracting <style> from
|
||||
documents and cleaning their contents up. Requires the CSSTidy library
|
||||
<http://csstidy.sourceforge.net/>. You can access the blocks with the
|
||||
'StyleBlocks' Context variable ($purifier->context->get('StyleBlocks')).
|
||||
The output CSS can also be "scoped" for a specific element, use:
|
||||
%Filter.ExtractStyleBlocksScope
|
||||
! Experimental support for some proprietary CSS attributes allowed:
|
||||
opacity (and all of the browser-specific equivalents) and scrollbar colors.
|
||||
Enable by setting %CSS.Proprietary to true.
|
||||
! CSS properties are now case-insensitive
|
||||
! Encoder optimized with valid UTF-8 input
|
||||
! HTML Purifier's URI handling is a lot more robust, with much stricter
|
||||
validation checks and better percent encoding handling.
|
||||
- Colors missing # but in hex form will be corrected
|
||||
- CSS Number algorithm improved
|
||||
- Unit testing and multi-testing now on steroids: command lines,
|
||||
XML output, and other goodies now added.
|
||||
. Unit tests for Injector improved
|
||||
. New classes:
|
||||
+ HTMLPurifier_AttrDef_CSS_AlphaValue
|
||||
+ HTMLPurifier_AttrDef_CSS_Filter
|
||||
. Multitest now has a file docblock
|
||||
- Autoclose now operates iteratively, i.e. <span><span><div> now has
|
||||
both span tags closed.
|
||||
- Fix bug with trusted script handling in libxml versions later than 2.6.28.
|
||||
- Fix bug in comment parsing with DirectLex
|
||||
- Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax
|
||||
- HTMLPurifier_HTMLDefinition->addAttribute can now be called multiple times
|
||||
on the same element without emitting errors.
|
||||
- Iconv uses set_error_handler instead of shut-up operator
|
||||
- Add protection against imagecrash attack with CSS height/width
|
||||
- HTMLPurifier::getInstance() renamed to HTMLPurifier::instance() for consistency
|
||||
- Fixed bug with fallback languages in LanguageFactory
|
||||
|
||||
2.1.3, released 2007-11-05
|
||||
! tests/multitest.php allows you to test multiple versions by running
|
||||
|
||||
27
TODO
27
TODO
@@ -11,11 +11,11 @@ If no interest is expressed for a feature that may required a considerable
|
||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||
afraid to cast your vote for the next feature to be implemented!
|
||||
|
||||
3.1 release [Error'ed]
|
||||
2.2 release [Error'ed]
|
||||
# Error logging for filtering/cleanup procedures
|
||||
- XSS-attempt detection
|
||||
|
||||
3.2 release [Do What I Mean, Not What I Say]
|
||||
2.3 release [Do What I Mean, Not What I Say]
|
||||
# Additional support for poorly written HTML
|
||||
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
||||
- Friendly strict handling of <address> (block -> <br>)
|
||||
@@ -31,41 +31,37 @@ afraid to cast your vote for the next feature to be implemented!
|
||||
dupe detector would also need to detect the suffix as well)
|
||||
- Externalize inline CSS to promote clean HTML
|
||||
|
||||
3.3 release [It's All About Trust] (floating)
|
||||
2.4 release [It's All About Trust] (floating)
|
||||
# Implement untrusted, dangerous elements/attributes
|
||||
# Implement IDREF support (harder than it seems, since you cannot have
|
||||
IDREFs to non-existent IDs)
|
||||
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
||||
|
||||
4.0 release [Beyond HTML]
|
||||
3.0 release [Beyond HTML]
|
||||
# Legit token based CSS parsing (will require revamping almost every
|
||||
AttrDef class). Probably will use CSSTidy class
|
||||
# More control over allowed CSS properties (maybe modularize it in the
|
||||
same fashion!)
|
||||
# Formatters for plaintext
|
||||
- Smileys
|
||||
- Standardize token armor for all areas of processing
|
||||
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
||||
Also, enable disabling of directionality
|
||||
- Table of Contents generation (XHTML Compiler might be reusable)
|
||||
|
||||
5.0 release [To XML and Beyond]
|
||||
4.0 release [To XML and Beyond]
|
||||
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
||||
- Hooks for adding custom processors to custom namespaced tags and
|
||||
attributes, offer default implementation
|
||||
- Lots of documentation and samples
|
||||
|
||||
Ongoing
|
||||
- More refactoring to take advantage of PHP5's facilities
|
||||
- Lots of profiling, make it faster!
|
||||
- Plugins for major CMSes (COMPLEX)
|
||||
- phpBB
|
||||
- eFiction
|
||||
- more! (look for ones that use WYSIWYGs)
|
||||
- Complete basic smoketests
|
||||
|
||||
AutoFormat
|
||||
- Smileys
|
||||
- Syntax highlighting with <pre> and possibly <?php
|
||||
- Look at http://drupal.org/project/Modules/category/63 for ideas
|
||||
|
||||
Unknown release (on a scratch-an-itch basis)
|
||||
# CHMOD install script for PEAR installs
|
||||
? Have 'lang' attribute be checked against official lists, achieved by
|
||||
@@ -73,6 +69,7 @@ Unknown release (on a scratch-an-itch basis)
|
||||
- Abstract ChildDef_BlockQuote to work with all elements that only
|
||||
allow blocks in them, required or optional
|
||||
- Reorganize Unit Tests
|
||||
- Reorganize configuration directives (Create more namespaces! Get messy!)
|
||||
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
||||
- Implement lenient <ruby> child validation
|
||||
- Explain how to use HTML Purifier in non-PHP languages / create
|
||||
@@ -80,12 +77,6 @@ Unknown release (on a scratch-an-itch basis)
|
||||
- Fixes for Firefox's inability to handle COL alignment props (Bug 915)
|
||||
- Automatically add non-breaking spaces to empty table cells when
|
||||
empty-cells:show is applied to have compatibility with Internet Explorer
|
||||
- Distinguish between default settings and explicitly set settings, so
|
||||
configurations can be merged
|
||||
- Nested configuration namespaces
|
||||
- Allow scoped="scoped" attribute in <style> tags; may be troublesome
|
||||
because regular CSS has no way of uniquely identifying nodes, so we'd
|
||||
have to generate IDs
|
||||
|
||||
Requested
|
||||
|
||||
|
||||
17
WHATSNEW
17
WHATSNEW
@@ -1,10 +1,7 @@
|
||||
Release 3.0.0 is the first release of 2008 and also HTML Purifier's first
|
||||
PHP 5 only release. The 2.1 series will still be supported for bug and
|
||||
security fixes, but will not get new features. This release a number of
|
||||
improvements in CSS handling, including the filter
|
||||
HTMLPurifier_Filter_ExtractStyleBlocks which integrates HTML Purifier with
|
||||
CSSTidy for cleaning style sheets, contains experimental support for
|
||||
proprietary CSS properties with %CSS.Proprietary, case-insensitive
|
||||
CSS properties, and more lenient hexadecimal color codes. Also, all code
|
||||
has been upgraded to full PHP 5 which is E_STRICT clean for all versions
|
||||
of PHP 5 (including the 5.0 series).
|
||||
Security and bugfix release 2.1.5 is a backport that fixes two vulnerabilities
|
||||
related to CSS, one of which only occurs under Shift_JIS. It also improves
|
||||
imagecrash protection (percent CSS width and height is now disabled for
|
||||
images, and you can control the bounds with %CSS.MaxImgLength and
|
||||
%HTML.MaxImgLength). Finally, there are number of bug fixes, most notably
|
||||
support for text-decoration: none, improved adherence to Unicode and increased
|
||||
percent encoding checks.
|
||||
|
||||
@@ -1,11 +1,13 @@
|
||||
<?php
|
||||
|
||||
require_once '../library/HTMLPurifier.auto.php';
|
||||
// emulates inserting a dir called HTMLPurifier into your class dir
|
||||
set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
|
||||
|
||||
@include_once '../test-settings.php';
|
||||
|
||||
// PEAR
|
||||
require_once 'Benchmark/Timer.php'; // to do the timing
|
||||
require_once 'Text/Password.php'; // for generating random input
|
||||
require_once 'HTMLPurifier/ConfigSchema.php';
|
||||
require_once 'HTMLPurifier/Config.php';
|
||||
require_once 'HTMLPurifier/Context.php';
|
||||
|
||||
$LEXERS = array();
|
||||
$RUNS = isset($GLOBALS['HTMLPurifierTest']['Runs'])
|
||||
@@ -14,11 +16,22 @@ $RUNS = isset($GLOBALS['HTMLPurifierTest']['Runs'])
|
||||
require_once 'HTMLPurifier/Lexer/DirectLex.php';
|
||||
$LEXERS['DirectLex'] = new HTMLPurifier_Lexer_DirectLex();
|
||||
|
||||
if (!empty($GLOBALS['HTMLPurifierTest']['PEAR'])) {
|
||||
require_once 'HTMLPurifier/Lexer/PEARSax3.php';
|
||||
$LEXERS['PEARSax3'] = new HTMLPurifier_Lexer_PEARSax3();
|
||||
} else {
|
||||
exit('PEAR required to perform benchmark.');
|
||||
}
|
||||
|
||||
if (version_compare(PHP_VERSION, '5', '>=')) {
|
||||
require_once 'HTMLPurifier/Lexer/DOMLex.php';
|
||||
$LEXERS['DOMLex'] = new HTMLPurifier_Lexer_DOMLex();
|
||||
}
|
||||
|
||||
// PEAR
|
||||
require_once 'Benchmark/Timer.php'; // to do the timing
|
||||
require_once 'Text/Password.php'; // for generating random input
|
||||
|
||||
// custom class to aid unit testing
|
||||
class RowTimer extends Benchmark_Timer
|
||||
{
|
||||
|
||||
17
benchmarks/ProfileDirectLex.php
Normal file
17
benchmarks/ProfileDirectLex.php
Normal file
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
|
||||
|
||||
require_once 'HTMLPurifier/ConfigSchema.php';
|
||||
require_once 'HTMLPurifier/Config.php';
|
||||
require_once 'HTMLPurifier/Lexer/DirectLex.php';
|
||||
require_once 'HTMLPurifier/Context.php';
|
||||
|
||||
$input = file_get_contents('samples/Lexer/4.html');
|
||||
$lexer = new HTMLPurifier_Lexer_DirectLex();
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$context = new HTMLPurifier_Context();
|
||||
|
||||
for ($i = 0; $i < 10; $i++) {
|
||||
$tokens = $lexer->tokenizeHTML($input, $config, $context);
|
||||
}
|
||||
@@ -3,11 +3,6 @@
|
||||
ini_set('xdebug.trace_format', 1);
|
||||
ini_set('xdebug.show_mem_delta', true);
|
||||
|
||||
if (file_exists('Trace.xt')) {
|
||||
echo "Previous trace Trace.xt must be removed before this script can be run.";
|
||||
exit;
|
||||
}
|
||||
|
||||
xdebug_start_trace(dirname(__FILE__) . '/Trace');
|
||||
require_once '../library/HTMLPurifier.auto.php';
|
||||
|
||||
@@ -15,5 +10,3 @@ $purifier = new HTMLPurifier();
|
||||
|
||||
$data = $purifier->purify(file_get_contents('samples/Lexer/4.html'));
|
||||
xdebug_stop_trace();
|
||||
|
||||
echo "Trace finished.";
|
||||
|
||||
@@ -4,21 +4,10 @@ require_once 'ConfigDoc/HTMLXSLTProcessor.php';
|
||||
require_once 'ConfigDoc/XMLSerializer/Types.php';
|
||||
require_once 'ConfigDoc/XMLSerializer/ConfigSchema.php';
|
||||
|
||||
/**
|
||||
* Facade class for configuration documentation system
|
||||
*/
|
||||
class ConfigDoc
|
||||
{
|
||||
|
||||
/**
|
||||
* Generates configuration documentation based on a HTMLPurifier_ConfigSchema
|
||||
* object and styleshet name
|
||||
* @param $schema Instance of HTMLPurifier_ConfigSchema to document
|
||||
* @param $xsl_stylesheet_name Name of XSL stylesheet in ../styles/ directory to use
|
||||
* @param $parameters Extra parameters to pass to the stylesheet
|
||||
* @return string HTML output
|
||||
*/
|
||||
public function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
|
||||
function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
|
||||
// generate types document, describing type constraints
|
||||
$types_serializer = new ConfigDoc_XMLSerializer_Types();
|
||||
$types_document = $types_serializer->serialize($schema);
|
||||
@@ -40,10 +29,9 @@ class ConfigDoc
|
||||
|
||||
/**
|
||||
* Remove any generated files
|
||||
* @return boolean Success?
|
||||
*/
|
||||
public function cleanup() {
|
||||
return unlink('configdoc.xml');
|
||||
function cleanup() {
|
||||
unlink('configdoc.xml');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,15 +1,12 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Special XSLT processor specifically for HTML documents. Loosely
|
||||
* based off of XSLTProcessor, but does not inherit from that class
|
||||
* Special XSLTProcessor specifically for HTML documents. Loosely
|
||||
* based off of XSLTProcessor, but not really
|
||||
*/
|
||||
class ConfigDoc_HTMLXSLTProcessor
|
||||
{
|
||||
|
||||
/**
|
||||
* Instance of XSLTProcessor
|
||||
*/
|
||||
protected $xsltProcessor;
|
||||
|
||||
public function __construct() {
|
||||
@@ -19,7 +16,6 @@ class ConfigDoc_HTMLXSLTProcessor
|
||||
/**
|
||||
* Imports stylesheet for processor to use
|
||||
* @param $xsl XSLT DOM tree, or filename of the XSL transformation
|
||||
* @return bool Success?
|
||||
*/
|
||||
public function importStylesheet($xsl) {
|
||||
if (is_string($xsl)) {
|
||||
@@ -31,20 +27,16 @@ class ConfigDoc_HTMLXSLTProcessor
|
||||
}
|
||||
|
||||
/**
|
||||
* Transforms an XML file into compatible XHTML based on the stylesheet
|
||||
* Transforms an XML file into HTML based on the stylesheet
|
||||
* @param $xml XML DOM tree
|
||||
* @return string HTML output
|
||||
* @todo Rename to transformToXHTML, as transformToHTML is misleading
|
||||
*/
|
||||
public function transformToHTML($xml) {
|
||||
$out = $this->xsltProcessor->transformToXML($xml);
|
||||
|
||||
// fudges for HTML backwards compatibility
|
||||
// assumes that document is XHTML
|
||||
$out = str_replace('/>', ' />', $out); // <br /> not <br/>
|
||||
$out = str_replace(' xmlns=""', '', $out); // rm unnecessary xmlns
|
||||
$out = str_replace(' xmlns="http://www.w3.org/1999/xhtml"', '', $out); // rm unnecessary xmlns
|
||||
|
||||
if (class_exists('Tidy')) {
|
||||
// cleanup output
|
||||
$config = array(
|
||||
@@ -57,14 +49,9 @@ class ConfigDoc_HTMLXSLTProcessor
|
||||
$tidy->cleanRepair();
|
||||
$out = (string) $tidy;
|
||||
}
|
||||
|
||||
return $out;
|
||||
}
|
||||
|
||||
/**
|
||||
* Bulk sets parameters for the XSL stylesheet
|
||||
* @param array $options Associative array of options to set
|
||||
*/
|
||||
public function setParameters($options) {
|
||||
foreach ($options as $name => $value) {
|
||||
$this->xsltProcessor->setParameter('', $name, $value);
|
||||
|
||||
@@ -8,22 +8,16 @@
|
||||
class ConfigDoc_XMLSerializer
|
||||
{
|
||||
|
||||
/**
|
||||
* Appends a div containing HTML into a node
|
||||
* @param $document Base document node belongs to
|
||||
* @param $node Node to append to
|
||||
* @param $html HTML to place inside div to append
|
||||
* @todo Place this directly in DOMNode, using registerNodeClass to
|
||||
* override.
|
||||
*/
|
||||
protected function appendHTMLDiv($document, $node, $html) {
|
||||
$purifier = HTMLPurifier::getInstance();
|
||||
$html = $purifier->purify($html);
|
||||
$dom_html = $document->createDocumentFragment();
|
||||
$dom_html->appendXML($html);
|
||||
|
||||
$dom_div = $document->createElement('div');
|
||||
$dom_div->setAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
|
||||
$dom_div->appendChild($dom_html);
|
||||
|
||||
$node->appendChild($dom_div);
|
||||
}
|
||||
|
||||
|
||||
@@ -9,7 +9,6 @@ class ConfigDoc_XMLSerializer_ConfigSchema extends ConfigDoc_XMLSerializer
|
||||
* Serializes a schema into DOM form
|
||||
* @todo Split into sub-serializers
|
||||
* @param $schema HTMLPurifier_ConfigSchema to serialize
|
||||
* @return DOMDocument representation of schema
|
||||
*/
|
||||
public function serialize($schema) {
|
||||
$dom_document = new DOMDocument('1.0', 'UTF-8');
|
||||
|
||||
@@ -8,7 +8,6 @@ class ConfigDoc_XMLSerializer_Types extends ConfigDoc_XMLSerializer
|
||||
/**
|
||||
* Serializes the types in a schema into DOM form
|
||||
* @param $schema HTMLPurifier_ConfigSchema owner of types to serialize
|
||||
* @return DOMDocument representing schema types
|
||||
*/
|
||||
public function serialize($schema) {
|
||||
$types_document = new DOMDocument('1.0', 'UTF-8');
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
/*! @mainpage
|
||||
/*!
|
||||
* @mainpage
|
||||
*
|
||||
* HTML Purifier is an HTML filter that will take an arbitrary snippet of
|
||||
* HTML and rigorously test, validate and filter it into a version that
|
||||
@@ -21,8 +22,8 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
HTML Purifier 3.0.0 - Standards Compliant HTML Filtering
|
||||
Copyright (C) 2006-2008 Edward Z. Yang
|
||||
HTML Purifier 2.1.5 - Standards Compliant HTML Filtering
|
||||
Copyright (C) 2006-2007 Edward Z. Yang
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
@@ -82,19 +83,19 @@ since 2.0.0.
|
||||
class HTMLPurifier
|
||||
{
|
||||
|
||||
public $version = '3.0.0';
|
||||
var $version = '2.1.5';
|
||||
|
||||
public $config;
|
||||
public $filters = array();
|
||||
var $config;
|
||||
var $filters = array();
|
||||
|
||||
protected $strategy, $generator;
|
||||
var $strategy, $generator;
|
||||
|
||||
/**
|
||||
* Resultant HTMLPurifier_Context of last run purification. Is an array
|
||||
* of contexts if the last called method was purifyArray().
|
||||
* @public
|
||||
*/
|
||||
public $context;
|
||||
var $context;
|
||||
|
||||
/**
|
||||
* Initializes the purifier.
|
||||
@@ -104,7 +105,7 @@ class HTMLPurifier
|
||||
* The parameter can also be any type that
|
||||
* HTMLPurifier_Config::create() supports.
|
||||
*/
|
||||
public function __construct($config = null) {
|
||||
function HTMLPurifier($config = null) {
|
||||
|
||||
$this->config = HTMLPurifier_Config::create($config);
|
||||
|
||||
@@ -117,7 +118,7 @@ class HTMLPurifier
|
||||
* Adds a filter to process the output. First come first serve
|
||||
* @param $filter HTMLPurifier_Filter object
|
||||
*/
|
||||
public function addFilter($filter) {
|
||||
function addFilter($filter) {
|
||||
$this->filters[] = $filter;
|
||||
}
|
||||
|
||||
@@ -131,9 +132,8 @@ class HTMLPurifier
|
||||
* that HTMLPurifier_Config::create() supports.
|
||||
* @return Purified HTML
|
||||
*/
|
||||
public function purify($html, $config = null) {
|
||||
function purify($html, $config = null) {
|
||||
|
||||
// todo: make the config merge in, instead of replace
|
||||
$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
|
||||
|
||||
// implementation is partially environment dependant, partially
|
||||
@@ -198,7 +198,7 @@ class HTMLPurifier
|
||||
* See HTMLPurifier::purify() for more details.
|
||||
* @return Array of purified HTML
|
||||
*/
|
||||
public function purifyArray($array_of_html, $config = null) {
|
||||
function purifyArray($array_of_html, $config = null) {
|
||||
$context_array = array();
|
||||
foreach ($array_of_html as $key => $html) {
|
||||
$array_of_html[$key] = $this->purify($html, $config);
|
||||
@@ -213,10 +213,10 @@ class HTMLPurifier
|
||||
* @param $prototype Optional prototype HTMLPurifier instance to
|
||||
* overload singleton with.
|
||||
*/
|
||||
public static function &getInstance($prototype = null) {
|
||||
function &instance($prototype = null) {
|
||||
static $htmlpurifier;
|
||||
if (!$htmlpurifier || $prototype) {
|
||||
if ($prototype instanceof HTMLPurifier) {
|
||||
if (is_a($prototype, 'HTMLPurifier')) {
|
||||
$htmlpurifier = $prototype;
|
||||
} elseif ($prototype) {
|
||||
$htmlpurifier = new HTMLPurifier($prototype);
|
||||
@@ -227,7 +227,9 @@ class HTMLPurifier
|
||||
return $htmlpurifier;
|
||||
}
|
||||
|
||||
function &getInstance($prototype = null) {
|
||||
return HTMLPurifier::instance($prototype);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ class HTMLPurifier_AttrCollections
|
||||
/**
|
||||
* Associative array of attribute collections, indexed by name
|
||||
*/
|
||||
public $info = array();
|
||||
var $info = array();
|
||||
|
||||
/**
|
||||
* Performs all expansions on internal data for use by other inclusions
|
||||
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrCollections
|
||||
* @param $attr_types HTMLPurifier_AttrTypes instance
|
||||
* @param $modules Hash array of HTMLPurifier_HTMLModule members
|
||||
*/
|
||||
public function __construct($attr_types, $modules) {
|
||||
function HTMLPurifier_AttrCollections($attr_types, $modules) {
|
||||
// load extensions from the modules
|
||||
foreach ($modules as $module) {
|
||||
foreach ($module->attr_collections as $coll_i => $coll) {
|
||||
@@ -53,7 +53,7 @@ class HTMLPurifier_AttrCollections
|
||||
* all inclusions specified by the zero index.
|
||||
* @param &$attr Reference to attribute array
|
||||
*/
|
||||
public function performInclusions(&$attr) {
|
||||
function performInclusions(&$attr) {
|
||||
if (!isset($attr[0])) return;
|
||||
$merge = $attr[0];
|
||||
$seen = array(); // recursion guard
|
||||
@@ -81,7 +81,7 @@ class HTMLPurifier_AttrCollections
|
||||
* @param &$attr Reference to attribute array
|
||||
* @param $attr_types HTMLPurifier_AttrTypes instance
|
||||
*/
|
||||
public function expandIdentifiers(&$attr, $attr_types) {
|
||||
function expandIdentifiers(&$attr, $attr_types) {
|
||||
|
||||
// because foreach will process new elements we add, make sure we
|
||||
// skip duplicates
|
||||
|
||||
@@ -10,29 +10,32 @@
|
||||
* subclasses are also responsible for cleaning the code if possible.
|
||||
*/
|
||||
|
||||
abstract class HTMLPurifier_AttrDef
|
||||
class HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/**
|
||||
* Tells us whether or not an HTML attribute is minimized. Has no
|
||||
* meaning in other contexts.
|
||||
*/
|
||||
public $minimized = false;
|
||||
var $minimized = false;
|
||||
|
||||
/**
|
||||
* Tells us whether or not an HTML attribute is required. Has no
|
||||
* meaning in other contexts
|
||||
*/
|
||||
public $required = false;
|
||||
var $required = false;
|
||||
|
||||
/**
|
||||
* Validates and cleans passed string according to a definition.
|
||||
*
|
||||
* @public
|
||||
* @param $string String to be validated and cleaned.
|
||||
* @param $config Mandatory HTMLPurifier_Config object.
|
||||
* @param $context Mandatory HTMLPurifier_AttrContext object.
|
||||
*/
|
||||
abstract public function validate($string, $config, $context);
|
||||
function validate($string, $config, &$context) {
|
||||
trigger_error('Cannot call abstract function', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience method that parses a string as if it were CDATA.
|
||||
@@ -51,16 +54,15 @@ abstract class HTMLPurifier_AttrDef
|
||||
*
|
||||
* @warning This processing is inconsistent with XML's whitespace handling
|
||||
* as specified by section 3.3.3 and referenced XHTML 1.0 section
|
||||
* 4.7. Compliant processing requires all line breaks normalized
|
||||
* to "\n", so the fix is not as simple as fixing it in this
|
||||
* function. Trim and whitespace collapsing are supposed to only
|
||||
* occur in NMTOKENs. However, note that we are NOT necessarily
|
||||
* parsing XML, thus, this behavior may still be correct.
|
||||
* 4.7. However, note that we are NOT necessarily
|
||||
* parsing XML, thus, this behavior may still be correct. We
|
||||
* assume that newlines have been normalized.
|
||||
*
|
||||
* @public
|
||||
*/
|
||||
public function parseCDATA($string) {
|
||||
function parseCDATA($string) {
|
||||
$string = trim($string);
|
||||
$string = str_replace("\n", '', $string);
|
||||
$string = str_replace(array("\r", "\t"), ' ', $string);
|
||||
$string = str_replace(array("\n", "\t", "\r"), ' ', $string);
|
||||
return $string;
|
||||
}
|
||||
|
||||
@@ -68,13 +70,22 @@ abstract class HTMLPurifier_AttrDef
|
||||
* Factory method for creating this class from a string.
|
||||
* @param $string String construction info
|
||||
* @return Created AttrDef object corresponding to $string
|
||||
* @public
|
||||
*/
|
||||
public function make($string) {
|
||||
function make($string) {
|
||||
// default implementation, return flyweight of this object
|
||||
// if overloaded, it is *necessary* for you to clone the
|
||||
// object (usually by instantiating a new copy) and return that
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
|
||||
* properly. THIS IS A HACK!
|
||||
*/
|
||||
function mungeRgb($string) {
|
||||
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ require_once 'HTMLPurifier/CSSDefinition.php';
|
||||
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($css, $config, $context) {
|
||||
function validate($css, $config, &$context) {
|
||||
|
||||
$css = $this->parseCDATA($css);
|
||||
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Number.php';
|
||||
|
||||
class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
|
||||
{
|
||||
|
||||
public function __construct() {
|
||||
parent::__construct(false); // opacity is non-negative, but we will clamp it
|
||||
}
|
||||
|
||||
public function validate($number, $config, $context) {
|
||||
$result = parent::validate($number, $config, $context);
|
||||
if ($result === false) return $result;
|
||||
$float = (float) $result;
|
||||
if ($float < 0.0) $result = '0';
|
||||
if ($float > 1.0) $result = '1';
|
||||
return $result;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -14,9 +14,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
|
||||
* Local copy of component validators.
|
||||
* @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
|
||||
*/
|
||||
protected $info;
|
||||
var $info;
|
||||
|
||||
public function __construct($config) {
|
||||
function HTMLPurifier_AttrDef_CSS_Background($config) {
|
||||
$def = $config->getCSSDefinition();
|
||||
$this->info['background-color'] = $def->info['background-color'];
|
||||
$this->info['background-image'] = $def->info['background-image'];
|
||||
@@ -25,12 +25,15 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
|
||||
$this->info['background-position'] = $def->info['background-position'];
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
// regular pre-processing
|
||||
$string = $this->parseCDATA($string);
|
||||
if ($string === '') return false;
|
||||
|
||||
// munge rgb() decl if necessary
|
||||
$string = $this->mungeRgb($string);
|
||||
|
||||
// assumes URI doesn't have spaces in it
|
||||
$bits = explode(' ', strtolower($string)); // bits to process
|
||||
|
||||
|
||||
@@ -48,15 +48,15 @@ require_once 'HTMLPurifier/AttrDef/CSS/Percentage.php';
|
||||
class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
protected $length;
|
||||
protected $percentage;
|
||||
var $length;
|
||||
var $percentage;
|
||||
|
||||
public function __construct() {
|
||||
function HTMLPurifier_AttrDef_CSS_BackgroundPosition() {
|
||||
$this->length = new HTMLPurifier_AttrDef_CSS_Length();
|
||||
$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
$string = $this->parseCDATA($string);
|
||||
$bits = explode(' ', $string);
|
||||
|
||||
|
||||
@@ -11,18 +11,18 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* Local copy of properties this property is shorthand for.
|
||||
*/
|
||||
protected $info = array();
|
||||
var $info = array();
|
||||
|
||||
public function __construct($config) {
|
||||
function HTMLPurifier_AttrDef_CSS_Border($config) {
|
||||
$def = $config->getCSSDefinition();
|
||||
$this->info['border-width'] = $def->info['border-width'];
|
||||
$this->info['border-style'] = $def->info['border-style'];
|
||||
$this->info['border-top-color'] = $def->info['border-top-color'];
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
$string = $this->parseCDATA($string);
|
||||
// we specifically will not support rgb() syntax with spaces
|
||||
$string = $this->mungeRgb($string);
|
||||
$bits = explode(' ', $string);
|
||||
$done = array(); // segments we've finished
|
||||
$ret = ''; // return value
|
||||
|
||||
@@ -33,7 +33,7 @@ This directive has been available since 2.0.0.
|
||||
class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($color, $config, $context) {
|
||||
function validate($color, $config, &$context) {
|
||||
|
||||
static $colors = null;
|
||||
if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
|
||||
|
||||
@@ -14,18 +14,18 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
|
||||
|
||||
/**
|
||||
* List of HTMLPurifier_AttrDef objects that may process strings
|
||||
* @todo Make protected
|
||||
* @protected
|
||||
*/
|
||||
public $defs;
|
||||
var $defs;
|
||||
|
||||
/**
|
||||
* @param $defs List of HTMLPurifier_AttrDef objects
|
||||
*/
|
||||
public function __construct($defs) {
|
||||
function HTMLPurifier_AttrDef_CSS_Composite($defs) {
|
||||
$this->defs = $defs;
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
foreach ($this->defs as $i => $def) {
|
||||
$result = $this->defs[$i]->validate($string, $config, $context);
|
||||
if ($result !== false) return $result;
|
||||
|
||||
26
library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
Normal file
26
library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
Normal file
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Decorator which enables CSS properties to be disabled for specific elements.
|
||||
*/
|
||||
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
|
||||
{
|
||||
var $def, $element;
|
||||
|
||||
/**
|
||||
* @param $def Definition to wrap
|
||||
* @param $element Element to deny
|
||||
*/
|
||||
function HTMLPurifier_AttrDef_CSS_DenyElementDecorator(&$def, $element) {
|
||||
$this->def =& $def;
|
||||
$this->element = $element;
|
||||
}
|
||||
/**
|
||||
* Checks if CurrentToken is set and equal to $this->element
|
||||
*/
|
||||
function validate($string, $config, $context) {
|
||||
$token = $context->get('CurrentToken', true);
|
||||
if ($token && $token->name == $this->element) return false;
|
||||
return $this->def->validate($string, $config, $context);
|
||||
}
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef.php';
|
||||
require_once 'HTMLPurifier/AttrDef/Integer.php';
|
||||
|
||||
/**
|
||||
* Microsoft's proprietary filter: CSS property
|
||||
* @note Currently supports the alpha filter. In the future, this will
|
||||
* probably need an extensible framework
|
||||
*/
|
||||
class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
protected $intValidator;
|
||||
|
||||
public function __construct() {
|
||||
$this->intValidator = new HTMLPurifier_AttrDef_Integer();
|
||||
}
|
||||
|
||||
public function validate($value, $config, $context) {
|
||||
$value = $this->parseCDATA($value);
|
||||
if ($value === 'none') return $value;
|
||||
// if we looped this we could support multiple filters
|
||||
$function_length = strcspn($value, '(');
|
||||
$function = trim(substr($value, 0, $function_length));
|
||||
if ($function !== 'alpha' &&
|
||||
$function !== 'Alpha' &&
|
||||
$function !== 'progid:DXImageTransform.Microsoft.Alpha'
|
||||
) return false;
|
||||
$cursor = $function_length + 1;
|
||||
$parameters_length = strcspn($value, ')', $cursor);
|
||||
$parameters = substr($value, $cursor, $parameters_length);
|
||||
$params = explode(',', $parameters);
|
||||
$ret_params = array();
|
||||
$lookup = array();
|
||||
foreach ($params as $param) {
|
||||
list($key, $value) = explode('=', $param);
|
||||
$key = trim($key);
|
||||
$value = trim($value);
|
||||
if (isset($lookup[$key])) continue;
|
||||
if ($key !== 'opacity') continue;
|
||||
$value = $this->intValidator->validate($value, $config, $context);
|
||||
if ($value === false) continue;
|
||||
$int = (int) $value;
|
||||
if ($int > 100) $value = '100';
|
||||
if ($int < 0) $value = '0';
|
||||
$ret_params[] = "$key=$value";
|
||||
$lookup[$key] = true;
|
||||
}
|
||||
$ret_parameters = implode(',', $ret_params);
|
||||
$ret_function = "$function($ret_parameters)";
|
||||
return $ret_function;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -16,9 +16,9 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
|
||||
* CSSDefinition, this wouldn't be necessary. We'd instantiate
|
||||
* our own copies.
|
||||
*/
|
||||
protected $info = array();
|
||||
var $info = array();
|
||||
|
||||
public function __construct($config) {
|
||||
function HTMLPurifier_AttrDef_CSS_Font($config) {
|
||||
$def = $config->getCSSDefinition();
|
||||
$this->info['font-style'] = $def->info['font-style'];
|
||||
$this->info['font-variant'] = $def->info['font-variant'];
|
||||
@@ -28,7 +28,7 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
|
||||
$this->info['font-family'] = $def->info['font-family'];
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
static $system_fonts = array(
|
||||
'caption' => true,
|
||||
|
||||
@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
static $generic_names = array(
|
||||
'serif' => true,
|
||||
'sans-serif' => true,
|
||||
@@ -19,7 +19,6 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
||||
'cursive' => true
|
||||
);
|
||||
|
||||
$string = $this->parseCDATA($string);
|
||||
// assume that no font names contain commas in them
|
||||
$fonts = explode(',', $string);
|
||||
$final = '';
|
||||
@@ -38,13 +37,40 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
||||
$quote = $font[0];
|
||||
if ($font[$length - 1] !== $quote) continue;
|
||||
$font = substr($font, 1, $length - 2);
|
||||
// double-backslash processing is buggy
|
||||
$font = str_replace("\\$quote", $quote, $font); // de-escape quote
|
||||
$font = str_replace("\\\n", "\n", $font); // de-escape newlines
|
||||
|
||||
$new_font = '';
|
||||
for ($i = 0, $c = strlen($font); $i < $c; $i++) {
|
||||
if ($font[$i] === '\\') {
|
||||
$i++;
|
||||
if ($i >= $c) {
|
||||
$new_font .= '\\';
|
||||
break;
|
||||
}
|
||||
if (ctype_xdigit($font[$i])) {
|
||||
$code = $font[$i];
|
||||
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
|
||||
if (!ctype_xdigit($font[$i])) break;
|
||||
$code .= $font[$i];
|
||||
}
|
||||
// We have to be extremely careful when adding
|
||||
// new characters, to make sure we're not breaking
|
||||
// the encoding.
|
||||
$char = HTMLPurifier_Encoder::unichr(hexdec($code));
|
||||
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
|
||||
$new_font .= $char;
|
||||
if ($i < $c && trim($font[$i]) !== '') $i--;
|
||||
continue;
|
||||
}
|
||||
if ($font[$i] === "\n") continue;
|
||||
}
|
||||
$new_font .= $font[$i];
|
||||
}
|
||||
|
||||
$font = $new_font;
|
||||
}
|
||||
// $font is a pure representation of the font name
|
||||
|
||||
if (ctype_alnum($font)) {
|
||||
if (ctype_alnum($font) && $font !== '') {
|
||||
// very simple font, allow it in unharmed
|
||||
$final .= $font . ', ';
|
||||
continue;
|
||||
@@ -53,8 +79,8 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
||||
// complicated font, requires quoting
|
||||
|
||||
// armor single quotes and new lines
|
||||
$font = str_replace("\\", "\\\\", $font);
|
||||
$font = str_replace("'", "\\'", $font);
|
||||
$font = str_replace("\n", "\\\n", $font);
|
||||
$final .= "'$font', ";
|
||||
}
|
||||
$final = rtrim($final, ', ');
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Number.php';
|
||||
require_once 'HTMLPurifier/Length.php';
|
||||
require_once 'HTMLPurifier/UnitConverter.php';
|
||||
|
||||
/**
|
||||
* Represents a Length as defined by CSS.
|
||||
@@ -9,46 +9,40 @@ require_once 'HTMLPurifier/AttrDef/CSS/Number.php';
|
||||
class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/**
|
||||
* Valid unit lookup table.
|
||||
* @warning The code assumes all units are two characters long. Be careful
|
||||
* if we have to change this behavior!
|
||||
*/
|
||||
protected $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
|
||||
'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true);
|
||||
/**
|
||||
* Instance of HTMLPurifier_AttrDef_Number to defer number validation to
|
||||
*/
|
||||
protected $number_def;
|
||||
var $min, $max;
|
||||
|
||||
/**
|
||||
* @param $non_negative Bool indication whether or not negative values are
|
||||
* allowed.
|
||||
* @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
|
||||
* @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
|
||||
*/
|
||||
public function __construct($non_negative = false) {
|
||||
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
|
||||
function HTMLPurifier_AttrDef_CSS_Length($min = null, $max = null) {
|
||||
$this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
|
||||
$this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
|
||||
}
|
||||
|
||||
public function validate($length, $config, $context) {
|
||||
function validate($string, $config, $context) {
|
||||
$string = $this->parseCDATA($string);
|
||||
|
||||
$length = $this->parseCDATA($length);
|
||||
if ($length === '') return false;
|
||||
if ($length === '0') return '0';
|
||||
$strlen = strlen($length);
|
||||
if ($strlen === 1) return false; // impossible!
|
||||
// Optimizations
|
||||
if ($string === '') return false;
|
||||
if ($string === '0') return '0';
|
||||
if (strlen($string) === 1) return false;
|
||||
|
||||
// we assume all units are two characters
|
||||
$unit = substr($length, $strlen - 2);
|
||||
if (!ctype_lower($unit)) $unit = strtolower($unit);
|
||||
$number = substr($length, 0, $strlen - 2);
|
||||
$length = HTMLPurifier_Length::make($string);
|
||||
if (!$length->isValid()) return false;
|
||||
|
||||
if (!isset($this->units[$unit])) return false;
|
||||
|
||||
$number = $this->number_def->validate($number, $config, $context);
|
||||
if ($number === false) return false;
|
||||
|
||||
return $number . $unit;
|
||||
if ($this->min) {
|
||||
$c = $length->compareTo($this->min);
|
||||
if ($c === false) return false;
|
||||
if ($c < 0) return false;
|
||||
}
|
||||
if ($this->max) {
|
||||
$c = $length->compareTo($this->max);
|
||||
if ($c === false) return false;
|
||||
if ($c > 0) return false;
|
||||
}
|
||||
|
||||
return $length->toString();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -13,16 +13,16 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
|
||||
* Local copy of component validators.
|
||||
* @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
|
||||
*/
|
||||
protected $info;
|
||||
var $info;
|
||||
|
||||
public function __construct($config) {
|
||||
function HTMLPurifier_AttrDef_CSS_ListStyle($config) {
|
||||
$def = $config->getCSSDefinition();
|
||||
$this->info['list-style-type'] = $def->info['list-style-type'];
|
||||
$this->info['list-style-position'] = $def->info['list-style-position'];
|
||||
$this->info['list-style-image'] = $def->info['list-style-image'];
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
// regular pre-processing
|
||||
$string = $this->parseCDATA($string);
|
||||
|
||||
@@ -18,26 +18,24 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
|
||||
|
||||
/**
|
||||
* Instance of component definition to defer validation to.
|
||||
* @todo Make protected
|
||||
*/
|
||||
public $single;
|
||||
var $single;
|
||||
|
||||
/**
|
||||
* Max number of values allowed.
|
||||
* @todo Make protected
|
||||
*/
|
||||
public $max;
|
||||
var $max;
|
||||
|
||||
/**
|
||||
* @param $single HTMLPurifier_AttrDef to multiply
|
||||
* @param $max Max number of values allowed (usually four)
|
||||
*/
|
||||
public function __construct($single, $max = 4) {
|
||||
function HTMLPurifier_AttrDef_CSS_Multiple($single, $max = 4) {
|
||||
$this->single = $single;
|
||||
$this->max = $max;
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
$string = $this->parseCDATA($string);
|
||||
if ($string === '') return false;
|
||||
$parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
|
||||
|
||||
@@ -9,21 +9,25 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* Bool indicating whether or not only positive values allowed.
|
||||
*/
|
||||
protected $non_negative = false;
|
||||
var $non_negative = false;
|
||||
|
||||
/**
|
||||
* @param $non_negative Bool indicating whether negatives are forbidden
|
||||
*/
|
||||
public function __construct($non_negative = false) {
|
||||
function HTMLPurifier_AttrDef_CSS_Number($non_negative = false) {
|
||||
$this->non_negative = $non_negative;
|
||||
}
|
||||
|
||||
public function validate($number, $config, $context) {
|
||||
/**
|
||||
* @warning Some contexts do not pass $config, $context. These
|
||||
* variables should not be used without checking HTMLPurifier_Length.
|
||||
* This might not work properly in PHP4.
|
||||
*/
|
||||
function validate($number, $config, &$context) {
|
||||
|
||||
$number = $this->parseCDATA($number);
|
||||
|
||||
if ($number === '') return false;
|
||||
if ($number === '0') return '0';
|
||||
|
||||
$sign = '';
|
||||
switch ($number[0]) {
|
||||
@@ -38,16 +42,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
|
||||
$number = ltrim($number, '0');
|
||||
return $number ? $sign . $number : '0';
|
||||
}
|
||||
|
||||
// Period is the only non-numeric character allowed
|
||||
if (strpos($number, '.') === false) return false;
|
||||
if (!strpos($number, '.')) return false;
|
||||
|
||||
list($left, $right) = explode('.', $number, 2);
|
||||
|
||||
if ($left === '' && $right === '') return false;
|
||||
if ($left !== '' && !ctype_digit($left)) return false;
|
||||
if (!ctype_digit($left)) return false;
|
||||
$left = ltrim($left, '0');
|
||||
|
||||
$left = ltrim($left, '0');
|
||||
$right = rtrim($right, '0');
|
||||
|
||||
if ($right === '') {
|
||||
|
||||
@@ -12,16 +12,16 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation
|
||||
*/
|
||||
protected $number_def;
|
||||
var $number_def;
|
||||
|
||||
/**
|
||||
* @param Bool indicating whether to forbid negative values
|
||||
*/
|
||||
public function __construct($non_negative = false) {
|
||||
function HTMLPurifier_AttrDef_CSS_Percentage($non_negative = false) {
|
||||
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = $this->parseCDATA($string);
|
||||
|
||||
|
||||
@@ -10,15 +10,18 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
static $allowed_values = array(
|
||||
'line-through' => true,
|
||||
'overline' => true,
|
||||
'underline' => true
|
||||
'underline' => true,
|
||||
);
|
||||
|
||||
$string = strtolower($this->parseCDATA($string));
|
||||
|
||||
if ($string === 'none') return $string;
|
||||
|
||||
$parts = explode(' ', $string);
|
||||
$final = '';
|
||||
foreach ($parts as $part) {
|
||||
|
||||
@@ -14,11 +14,11 @@ require_once 'HTMLPurifier/AttrDef/URI.php';
|
||||
class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
|
||||
{
|
||||
|
||||
public function __construct() {
|
||||
parent::__construct(true); // always embedded
|
||||
function HTMLPurifier_AttrDef_CSS_URI() {
|
||||
parent::HTMLPurifier_AttrDef_URI(true); // always embedded
|
||||
}
|
||||
|
||||
public function validate($uri_string, $config, $context) {
|
||||
function validate($uri_string, $config, &$context) {
|
||||
// parse the URI out of the string and then pass it onto
|
||||
// the parent object
|
||||
|
||||
|
||||
@@ -14,28 +14,27 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
|
||||
|
||||
/**
|
||||
* Lookup table of valid values.
|
||||
* @todo Make protected
|
||||
*/
|
||||
public $valid_values = array();
|
||||
var $valid_values = array();
|
||||
|
||||
/**
|
||||
* Bool indicating whether or not enumeration is case sensitive.
|
||||
* @note In general this is always case insensitive.
|
||||
*/
|
||||
protected $case_sensitive = false; // values according to W3C spec
|
||||
var $case_sensitive = false; // values according to W3C spec
|
||||
|
||||
/**
|
||||
* @param $valid_values List of valid values
|
||||
* @param $case_sensitive Bool indicating whether or not case sensitive
|
||||
*/
|
||||
public function __construct(
|
||||
function HTMLPurifier_AttrDef_Enum(
|
||||
$valid_values = array(), $case_sensitive = false
|
||||
) {
|
||||
$this->valid_values = array_flip($valid_values);
|
||||
$this->case_sensitive = $case_sensitive;
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
$string = trim($string);
|
||||
if (!$this->case_sensitive) {
|
||||
// we may want to do full case-insensitive libraries
|
||||
@@ -51,7 +50,7 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
|
||||
* valid values. Example: "foo,bar,baz". Prepend "s:" to make
|
||||
* case sensitive
|
||||
*/
|
||||
public function make($string) {
|
||||
function make($string) {
|
||||
if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
|
||||
$string = substr($string, 2);
|
||||
$sensitive = true;
|
||||
|
||||
@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
protected $name;
|
||||
public $minimized = true;
|
||||
var $name;
|
||||
var $minimized = true;
|
||||
|
||||
public function __construct($name = false) {$this->name = $name;}
|
||||
function HTMLPurifier_AttrDef_HTML_Bool($name = false) {$this->name = $name;}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
if (empty($string)) return false;
|
||||
return $this->name;
|
||||
}
|
||||
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* @param $string Name of attribute
|
||||
*/
|
||||
public function make($string) {
|
||||
function make($string) {
|
||||
return new HTMLPurifier_AttrDef_HTML_Bool($string);
|
||||
}
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/CSS/Color.php'; // for %Core.ColorKeywords
|
||||
class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
static $colors = null;
|
||||
if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
|
||||
|
||||
@@ -19,12 +19,12 @@ require_once 'HTMLPurifier/AttrDef/Enum.php';
|
||||
class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
|
||||
{
|
||||
|
||||
public $valid_values = false; // uninitialized value
|
||||
protected $case_sensitive = false;
|
||||
var $valid_values = false; // uninitialized value
|
||||
var $case_sensitive = false;
|
||||
|
||||
public function __construct() {}
|
||||
function HTMLPurifier_AttrDef_HTML_FrameTarget() {}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
if ($this->valid_values === false) $this->valid_values = $config->get('Attr', 'AllowedFrameTargets');
|
||||
return parent::validate($string, $config, $context);
|
||||
}
|
||||
|
||||
@@ -66,7 +66,7 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
|
||||
// ref functionality disabled, since we also have to verify
|
||||
// whether or not the ID it refers to exists
|
||||
|
||||
public function validate($id, $config, $context) {
|
||||
function validate($id, $config, &$context) {
|
||||
|
||||
if (!$config->get('Attr', 'EnableID')) return false;
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Pixels.php';
|
||||
class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = trim($string);
|
||||
if ($string === '') return false;
|
||||
|
||||
@@ -27,9 +27,9 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/** Name config attribute to pull. */
|
||||
protected $name;
|
||||
var $name;
|
||||
|
||||
public function __construct($name) {
|
||||
function HTMLPurifier_AttrDef_HTML_LinkTypes($name) {
|
||||
$configLookup = array(
|
||||
'rel' => 'AllowedRel',
|
||||
'rev' => 'AllowedRev'
|
||||
@@ -42,7 +42,7 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
|
||||
$this->name = $configLookup[$name];
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$allowed = $config->get('Attr', $this->name);
|
||||
if (empty($allowed)) return false;
|
||||
|
||||
@@ -12,7 +12,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Length.php';
|
||||
class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = trim($string);
|
||||
if ($string === '') return false;
|
||||
|
||||
@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/Config.php';
|
||||
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = trim($string);
|
||||
|
||||
|
||||
@@ -8,7 +8,13 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
var $max;
|
||||
|
||||
function HTMLPurifier_AttrDef_HTML_Pixels($max = null) {
|
||||
$this->max = $max;
|
||||
}
|
||||
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = trim($string);
|
||||
if ($string === '0') return $string;
|
||||
@@ -26,11 +32,18 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
||||
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
|
||||
// WARNING, above link WILL crash you if you're using Windows
|
||||
|
||||
if ($int > 1200) return '1200';
|
||||
if ($this->max !== null && $int > $this->max) return (string) $this->max;
|
||||
|
||||
return (string) $int;
|
||||
|
||||
}
|
||||
|
||||
function make($string) {
|
||||
if ($string === '') $max = null;
|
||||
else $max = (int) $string;
|
||||
$class = get_class($this);
|
||||
return new $class($max);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -15,24 +15,24 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* Bool indicating whether or not negative values are allowed
|
||||
*/
|
||||
protected $negative = true;
|
||||
var $negative = true;
|
||||
|
||||
/**
|
||||
* Bool indicating whether or not zero is allowed
|
||||
*/
|
||||
protected $zero = true;
|
||||
var $zero = true;
|
||||
|
||||
/**
|
||||
* Bool indicating whether or not positive values are allowed
|
||||
*/
|
||||
protected $positive = true;
|
||||
var $positive = true;
|
||||
|
||||
/**
|
||||
* @param $negative Bool indicating whether or not negative values are allowed
|
||||
* @param $zero Bool indicating whether or not zero is allowed
|
||||
* @param $positive Bool indicating whether or not positive values are allowed
|
||||
*/
|
||||
public function __construct(
|
||||
function HTMLPurifier_AttrDef_Integer(
|
||||
$negative = true, $zero = true, $positive = true
|
||||
) {
|
||||
$this->negative = $negative;
|
||||
@@ -40,7 +40,7 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
|
||||
$this->positive = $positive;
|
||||
}
|
||||
|
||||
public function validate($integer, $config, $context) {
|
||||
function validate($integer, $config, &$context) {
|
||||
|
||||
$integer = $this->parseCDATA($integer);
|
||||
if ($integer === '') return false;
|
||||
|
||||
@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
|
||||
$string = trim($string);
|
||||
if (!$string) return false;
|
||||
|
||||
32
library/HTMLPurifier/AttrDef/Switch.php
Normal file
32
library/HTMLPurifier/AttrDef/Switch.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Decorator that, depending on a token, switches between two definitions.
|
||||
*/
|
||||
class HTMLPurifier_AttrDef_Switch
|
||||
{
|
||||
|
||||
var $tag;
|
||||
var $withTag, $withoutTag;
|
||||
|
||||
/**
|
||||
* @param string $tag Tag name to switch upon
|
||||
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
|
||||
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
|
||||
*/
|
||||
function HTMLPurifier_AttrDef_Switch($tag, $with_tag, $without_tag) {
|
||||
$this->tag = $tag;
|
||||
$this->withTag = $with_tag;
|
||||
$this->withoutTag = $without_tag;
|
||||
}
|
||||
|
||||
function validate($string, $config, $context) {
|
||||
$token = $context->get('CurrentToken', true);
|
||||
if (!$token || $token->name !== $this->tag) {
|
||||
return $this->withoutTag->validate($string, $config, $context);
|
||||
} else {
|
||||
return $this->withTag->validate($string, $config, $context);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
return $this->parseCDATA($string);
|
||||
}
|
||||
|
||||
|
||||
@@ -68,25 +68,22 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
protected $parser, $percentEncoder;
|
||||
protected $embedsResource;
|
||||
var $parser;
|
||||
var $embedsResource;
|
||||
|
||||
/**
|
||||
* @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
|
||||
*/
|
||||
public function __construct($embeds_resource = false) {
|
||||
function HTMLPurifier_AttrDef_URI($embeds_resource = false) {
|
||||
$this->parser = new HTMLPurifier_URIParser();
|
||||
$this->percentEncoder = new HTMLPurifier_PercentEncoder();
|
||||
$this->embedsResource = (bool) $embeds_resource;
|
||||
}
|
||||
|
||||
public function validate($uri, $config, $context) {
|
||||
function validate($uri, $config, &$context) {
|
||||
|
||||
if ($config->get('URI', 'Disable')) return false;
|
||||
|
||||
// initial operations
|
||||
$uri = $this->parseCDATA($uri);
|
||||
$uri = $this->percentEncoder->normalize($uri);
|
||||
|
||||
// parse the URI
|
||||
$uri = $this->parser->parse($uri);
|
||||
@@ -122,13 +119,6 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
$context->destroy('EmbeddedURI');
|
||||
if (!$ok) return false;
|
||||
|
||||
// munge scheme off if necessary (this must be last)
|
||||
if (!is_null($uri->scheme) && is_null($uri->host)) {
|
||||
if ($uri_def->defaultScheme == $uri->scheme) {
|
||||
$uri->scheme = null;
|
||||
}
|
||||
}
|
||||
|
||||
// back to string
|
||||
$result = $uri->toString();
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef.php';
|
||||
|
||||
abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
|
||||
class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/**
|
||||
|
||||
@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/URI/Email.php';
|
||||
class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
|
||||
{
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
// no support for named mailboxes i.e. "Bob <bob@example.com>"
|
||||
// that needs more percent encoding to be done
|
||||
if ($string == '') return false;
|
||||
|
||||
@@ -13,19 +13,19 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
|
||||
/**
|
||||
* Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator
|
||||
*/
|
||||
protected $ipv4;
|
||||
var $ipv4;
|
||||
|
||||
/**
|
||||
* Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator
|
||||
*/
|
||||
protected $ipv6;
|
||||
var $ipv6;
|
||||
|
||||
public function __construct() {
|
||||
function HTMLPurifier_AttrDef_URI_Host() {
|
||||
$this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
|
||||
$this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
|
||||
}
|
||||
|
||||
public function validate($string, $config, $context) {
|
||||
function validate($string, $config, &$context) {
|
||||
$length = strlen($string);
|
||||
if ($string === '') return '';
|
||||
if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {
|
||||
@@ -40,11 +40,23 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
|
||||
$ipv4 = $this->ipv4->validate($string, $config, $context);
|
||||
if ($ipv4 !== false) return $ipv4;
|
||||
|
||||
// validate a domain name here, do filtering, etc etc etc
|
||||
// A regular domain name.
|
||||
|
||||
// We could use this, but it would break I18N domain names
|
||||
//$match = preg_match('/^[a-z0-9][\w\-\.]*[a-z0-9]$/i', $string);
|
||||
//if (!$match) return false;
|
||||
// This breaks I18N domain names, but we don't have proper IRI support,
|
||||
// so force users to insert Punycode. If there's complaining we'll
|
||||
// try to fix things into an international friendly form.
|
||||
|
||||
// The productions describing this are:
|
||||
$a = '[a-z]'; // alpha
|
||||
$an = '[a-z0-9]'; // alphanum
|
||||
$and = '[a-z0-9-]'; // alphanum | "-"
|
||||
// domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
|
||||
$domainlabel = "$an($and*$an)?";
|
||||
// toplabel = alpha | alpha *( alphanum | "-" ) alphanum
|
||||
$toplabel = "$a($and*$an)?";
|
||||
// hostname = *( domainlabel "." ) toplabel [ "." ]
|
||||
$match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string);
|
||||
if (!$match) return false;
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
||||
@@ -11,10 +11,11 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
|
||||
|
||||
/**
|
||||
* IPv4 regex, protected so that IPv6 can reuse it
|
||||
* @protected
|
||||
*/
|
||||
protected $ip4;
|
||||
var $ip4;
|
||||
|
||||
public function validate($aIP, $config, $context) {
|
||||
function validate($aIP, $config, &$context) {
|
||||
|
||||
if (!$this->ip4) $this->_loadRegex();
|
||||
|
||||
@@ -31,7 +32,7 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
|
||||
* Lazy load function to prevent regex from being stuffed in
|
||||
* cache.
|
||||
*/
|
||||
protected function _loadRegex() {
|
||||
function _loadRegex() {
|
||||
$oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
|
||||
$this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ require_once 'HTMLPurifier/AttrDef/URI/IPv4.php';
|
||||
class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
|
||||
{
|
||||
|
||||
public function validate($aIP, $config, $context) {
|
||||
function validate($aIP, $config, &$context) {
|
||||
|
||||
if (!$this->ip4) $this->_loadRegex();
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* more details.
|
||||
*/
|
||||
|
||||
abstract class HTMLPurifier_AttrTransform
|
||||
class HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
/**
|
||||
@@ -26,7 +26,9 @@ abstract class HTMLPurifier_AttrTransform
|
||||
* @param $context Mandatory HTMLPurifier_Context object
|
||||
* @returns Processed attribute array.
|
||||
*/
|
||||
abstract public function transform($attr, $config, $context);
|
||||
function transform($attr, $config, &$context) {
|
||||
trigger_error('Cannot call abstract function', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepends CSS properties to the style attribute, creating the
|
||||
@@ -34,7 +36,7 @@ abstract class HTMLPurifier_AttrTransform
|
||||
* @param $attr Attribute array to process (passed by reference)
|
||||
* @param $css CSS to prepend
|
||||
*/
|
||||
public function prependCSS(&$attr, $css) {
|
||||
function prependCSS(&$attr, $css) {
|
||||
$attr['style'] = isset($attr['style']) ? $attr['style'] : '';
|
||||
$attr['style'] = $css . $attr['style'];
|
||||
}
|
||||
@@ -44,7 +46,7 @@ abstract class HTMLPurifier_AttrTransform
|
||||
* @param $attr Attribute array to process (passed by reference)
|
||||
* @param $key Key of attribute to confiscate
|
||||
*/
|
||||
public function confiscateAttr(&$attr, $key) {
|
||||
function confiscateAttr(&$attr, $key) {
|
||||
if (!isset($attr[$key])) return null;
|
||||
$value = $attr[$key];
|
||||
unset($attr[$key]);
|
||||
|
||||
@@ -20,7 +20,7 @@ HTMLPurifier_ConfigSchema::defineAllowedValues(
|
||||
class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
if (isset($attr['dir'])) return $attr;
|
||||
$attr['dir'] = $config->get('Attr', 'DefaultTextDir');
|
||||
return $attr;
|
||||
|
||||
@@ -5,9 +5,10 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
/**
|
||||
* Pre-transform that changes deprecated bgcolor attribute to CSS.
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
|
||||
class HTMLPurifier_AttrTransform_BgColor
|
||||
extends HTMLPurifier_AttrTransform {
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
|
||||
if (!isset($attr['bgcolor'])) return $attr;
|
||||
|
||||
|
||||
@@ -11,23 +11,23 @@ extends HTMLPurifier_AttrTransform {
|
||||
/**
|
||||
* Name of boolean attribute that is trigger
|
||||
*/
|
||||
protected $attr;
|
||||
var $attr;
|
||||
|
||||
/**
|
||||
* CSS declarations to add to style, needs trailing semicolon
|
||||
*/
|
||||
protected $css;
|
||||
var $css;
|
||||
|
||||
/**
|
||||
* @param $attr string attribute name to convert from
|
||||
* @param $css string CSS declarations to add to style (needs semicolon)
|
||||
*/
|
||||
public function __construct($attr, $css) {
|
||||
function HTMLPurifier_AttrTransform_BoolToCSS($attr, $css) {
|
||||
$this->attr = $attr;
|
||||
$this->css = $css;
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
if (!isset($attr[$this->attr])) return $attr;
|
||||
unset($attr[$this->attr]);
|
||||
$this->prependCSS($attr, $this->css);
|
||||
|
||||
@@ -7,7 +7,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
if (!isset($attr['border'])) return $attr;
|
||||
$border_width = $this->confiscateAttr($attr, 'border');
|
||||
// some validation should happen here
|
||||
|
||||
@@ -11,32 +11,32 @@ class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
|
||||
/**
|
||||
* Name of attribute to transform from
|
||||
*/
|
||||
protected $attr;
|
||||
var $attr;
|
||||
|
||||
/**
|
||||
* Lookup array of attribute values to CSS
|
||||
*/
|
||||
protected $enumToCSS = array();
|
||||
var $enumToCSS = array();
|
||||
|
||||
/**
|
||||
* Case sensitivity of the matching
|
||||
* @warning Currently can only be guaranteed to work with ASCII
|
||||
* values.
|
||||
*/
|
||||
protected $caseSensitive = false;
|
||||
var $caseSensitive = false;
|
||||
|
||||
/**
|
||||
* @param $attr String attribute name to transform from
|
||||
* @param $enumToCSS Lookup array of attribute values to CSS
|
||||
* @param $case_sensitive Boolean case sensitivity indicator, default false
|
||||
*/
|
||||
public function __construct($attr, $enum_to_css, $case_sensitive = false) {
|
||||
function HTMLPurifier_AttrTransform_EnumToCSS($attr, $enum_to_css, $case_sensitive = false) {
|
||||
$this->attr = $attr;
|
||||
$this->enumToCSS = $enum_to_css;
|
||||
$this->caseSensitive = (bool) $case_sensitive;
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
|
||||
if (!isset($attr[$this->attr])) return $attr;
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
|
||||
$src = true;
|
||||
if (!isset($attr['src'])) {
|
||||
|
||||
@@ -5,22 +5,23 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
/**
|
||||
* Pre-transform that changes deprecated hspace and vspace attributes to CSS
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
|
||||
class HTMLPurifier_AttrTransform_ImgSpace
|
||||
extends HTMLPurifier_AttrTransform {
|
||||
|
||||
protected $attr;
|
||||
protected $css = array(
|
||||
var $attr;
|
||||
var $css = array(
|
||||
'hspace' => array('left', 'right'),
|
||||
'vspace' => array('top', 'bottom')
|
||||
);
|
||||
|
||||
public function __construct($attr) {
|
||||
function HTMLPurifier_AttrTransform_ImgSpace($attr) {
|
||||
$this->attr = $attr;
|
||||
if (!isset($this->css[$attr])) {
|
||||
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
|
||||
}
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
|
||||
if (!isset($attr[$this->attr])) return $attr;
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
|
||||
$lang = isset($attr['lang']) ? $attr['lang'] : false;
|
||||
$xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
|
||||
|
||||
@@ -8,15 +8,15 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
protected $name;
|
||||
protected $cssName;
|
||||
var $name;
|
||||
var $cssName;
|
||||
|
||||
public function __construct($name, $css_name = null) {
|
||||
function HTMLPurifier_AttrTransform_Length($name, $css_name = null) {
|
||||
$this->name = $name;
|
||||
$this->cssName = $css_name ? $css_name : $name;
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
if (!isset($attr[$this->name])) return $attr;
|
||||
$length = $this->confiscateAttr($attr, $this->name);
|
||||
if(ctype_digit($length)) $length .= 'px';
|
||||
|
||||
@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
|
||||
class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
function transform($attr, $config, &$context) {
|
||||
if (!isset($attr['name'])) return $attr;
|
||||
$id = $this->confiscateAttr($attr, 'name');
|
||||
if ( isset($attr['id'])) return $attr;
|
||||
|
||||
@@ -20,14 +20,15 @@ class HTMLPurifier_AttrTypes
|
||||
{
|
||||
/**
|
||||
* Lookup array of attribute string identifiers to concrete implementations
|
||||
* @protected
|
||||
*/
|
||||
public $info = array();
|
||||
var $info = array();
|
||||
|
||||
/**
|
||||
* Constructs the info array, supplying default implementations for attribute
|
||||
* types.
|
||||
*/
|
||||
public function __construct() {
|
||||
function HTMLPurifier_AttrTypes() {
|
||||
// pseudo-types, must be instantiated via shorthand
|
||||
$this->info['Enum'] = new HTMLPurifier_AttrDef_Enum();
|
||||
$this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool();
|
||||
@@ -56,7 +57,7 @@ class HTMLPurifier_AttrTypes
|
||||
* @param $type String type name
|
||||
* @return Object AttrDef for type
|
||||
*/
|
||||
public function get($type) {
|
||||
function get($type) {
|
||||
|
||||
// determine if there is any extra info tacked on
|
||||
if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
|
||||
@@ -76,7 +77,7 @@ class HTMLPurifier_AttrTypes
|
||||
* @param $type String type name
|
||||
* @param $impl Object AttrDef for type
|
||||
*/
|
||||
public function set($type, $impl) {
|
||||
function set($type, $impl) {
|
||||
$this->info[$type] = $impl;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ class HTMLPurifier_AttrValidator
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
* @param $context Instance of HTMLPurifier_Context
|
||||
*/
|
||||
public function validateToken(&$token, &$config, $context) {
|
||||
function validateToken(&$token, &$config, &$context) {
|
||||
|
||||
$definition = $config->getHTMLDefinition();
|
||||
$e =& $context->get('ErrorCollector', true);
|
||||
@@ -40,8 +40,8 @@ class HTMLPurifier_AttrValidator
|
||||
// DEFINITION CALL
|
||||
$d_defs = $definition->info_global_attr;
|
||||
|
||||
// reference attributes for easy manipulation
|
||||
$attr =& $token->attr;
|
||||
// don't update token until the very end, to ensure an atomic update
|
||||
$attr = $token->attr;
|
||||
|
||||
// do global transformations (pre)
|
||||
// nothing currently utilizes this
|
||||
@@ -136,6 +136,8 @@ class HTMLPurifier_AttrValidator
|
||||
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
|
||||
}
|
||||
|
||||
$token->attr = $attr;
|
||||
|
||||
// destroy CurrentToken if we made it ourselves
|
||||
if (!$current_token) $context->destroy('CurrentToken');
|
||||
|
||||
|
||||
@@ -2,13 +2,12 @@
|
||||
|
||||
require_once 'HTMLPurifier/Definition.php';
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Background.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Border.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Color.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Composite.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Filter.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Font.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/Length.php';
|
||||
@@ -18,6 +17,7 @@ require_once 'HTMLPurifier/AttrDef/CSS/Percentage.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS/URI.php';
|
||||
require_once 'HTMLPurifier/AttrDef/Enum.php';
|
||||
require_once 'HTMLPurifier/AttrDef/Switch.php';
|
||||
|
||||
HTMLPurifier_ConfigSchema::define(
|
||||
'CSS', 'DefinitionRev', 1, 'int', '
|
||||
@@ -29,10 +29,16 @@ HTMLPurifier_ConfigSchema::define(
|
||||
');
|
||||
|
||||
HTMLPurifier_ConfigSchema::define(
|
||||
'CSS', 'Proprietary', false, 'bool', '
|
||||
'CSS', 'MaxImgLength', '1200px', 'string/null', '
|
||||
<p>
|
||||
Whether or not to allow safe, proprietary CSS values. This directive
|
||||
has been available since 3.0.0.
|
||||
This parameter sets the maximum allowed length on <code>img</code> tags,
|
||||
effectively the <code>width</code> and <code>height</code> properties.
|
||||
Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
|
||||
in place to prevent imagecrash attacks, disable with null at your own risk.
|
||||
This directive is similar to %HTML.MaxImgLength, and both should be
|
||||
concurrently edited, although there are
|
||||
subtle differences in the input format (the CSS max is a number with
|
||||
a unit).
|
||||
</p>
|
||||
');
|
||||
|
||||
@@ -43,17 +49,17 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
{
|
||||
|
||||
public $type = 'CSS';
|
||||
var $type = 'CSS';
|
||||
|
||||
/**
|
||||
* Assoc array of attribute name to definition object.
|
||||
*/
|
||||
public $info = array();
|
||||
var $info = array();
|
||||
|
||||
/**
|
||||
* Constructs the info array. The meat of this class.
|
||||
*/
|
||||
protected function doSetup($config) {
|
||||
function doSetup($config) {
|
||||
|
||||
$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
|
||||
array('left', 'right', 'center', 'justify'), false);
|
||||
@@ -126,7 +132,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
$this->info['border-left-width'] =
|
||||
$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
|
||||
new HTMLPurifier_AttrDef_CSS_Length(true) //disallow negative
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
|
||||
));
|
||||
|
||||
$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
|
||||
@@ -152,7 +158,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_Enum(array('normal')),
|
||||
new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
|
||||
new HTMLPurifier_AttrDef_CSS_Length(true),
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true)
|
||||
));
|
||||
|
||||
@@ -174,7 +180,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
$this->info['padding-bottom'] =
|
||||
$this->info['padding-left'] =
|
||||
$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_CSS_Length(true),
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true)
|
||||
));
|
||||
|
||||
@@ -185,13 +191,25 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage()
|
||||
));
|
||||
|
||||
$this->info['width'] =
|
||||
$this->info['height'] =
|
||||
new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_CSS_Length(true),
|
||||
$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
||||
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
||||
));
|
||||
$max = $config->get('CSS', 'MaxImgLength');
|
||||
$this->info['width'] =
|
||||
$this->info['height'] =
|
||||
$max === null ?
|
||||
$trusted_wh :
|
||||
new HTMLPurifier_AttrDef_Switch('img',
|
||||
// For img tags:
|
||||
new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
|
||||
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
||||
)),
|
||||
// For everyone else:
|
||||
$trusted_wh
|
||||
);
|
||||
|
||||
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
|
||||
|
||||
@@ -234,29 +252,6 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
// partial support
|
||||
$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
|
||||
|
||||
if ($config->get('CSS', 'Proprietary')) {
|
||||
$this->doSetupProprietary($config);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
protected function doSetupProprietary($config) {
|
||||
// Internet Explorer only scrollbar colors
|
||||
$this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
$this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
$this->info['scrollbar-darkshadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
$this->info['scrollbar-face-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
$this->info['scrollbar-highlight-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
$this->info['scrollbar-shadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
|
||||
// technically not proprietary, but CSS3, and no one supports it
|
||||
$this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
|
||||
$this->info['-moz-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
|
||||
$this->info['-khtml-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
|
||||
|
||||
// only opacity, for now
|
||||
$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -22,25 +22,29 @@ class HTMLPurifier_ChildDef
|
||||
/**
|
||||
* Type of child definition, usually right-most part of class name lowercase.
|
||||
* Used occasionally in terms of context.
|
||||
* @public
|
||||
*/
|
||||
public $type;
|
||||
var $type;
|
||||
|
||||
/**
|
||||
* Bool that indicates whether or not an empty array of children is okay
|
||||
*
|
||||
* This is necessary for redundant checking when changes affecting
|
||||
* a child node may cause a parent node to now be disallowed.
|
||||
*
|
||||
* @public
|
||||
*/
|
||||
public $allow_empty;
|
||||
var $allow_empty;
|
||||
|
||||
/**
|
||||
* Lookup array of all elements that this definition could possibly allow
|
||||
*/
|
||||
public $elements = array();
|
||||
var $elements = array();
|
||||
|
||||
/**
|
||||
* Validates nodes according to definition and returns modification.
|
||||
*
|
||||
* @public
|
||||
* @param $tokens_of_children Array of HTMLPurifier_Token
|
||||
* @param $config HTMLPurifier_Config object
|
||||
* @param $context HTMLPurifier_Context object
|
||||
@@ -48,7 +52,7 @@ class HTMLPurifier_ChildDef
|
||||
* @return bool false to remove parent node
|
||||
* @return array of replacement child tokens
|
||||
*/
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
trigger_error('Call to abstract function', E_USER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,27 +16,29 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
|
||||
|
||||
/**
|
||||
* Instance of the definition object to use when inline. Usually stricter.
|
||||
* @public
|
||||
*/
|
||||
public $inline;
|
||||
var $inline;
|
||||
|
||||
/**
|
||||
* Instance of the definition object to use when block.
|
||||
* @public
|
||||
*/
|
||||
public $block;
|
||||
var $block;
|
||||
|
||||
public $type = 'chameleon';
|
||||
var $type = 'chameleon';
|
||||
|
||||
/**
|
||||
* @param $inline List of elements to allow when inline.
|
||||
* @param $block List of elements to allow when block.
|
||||
*/
|
||||
public function __construct($inline, $block) {
|
||||
function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
|
||||
$this->inline = new HTMLPurifier_ChildDef_Optional($inline);
|
||||
$this->block = new HTMLPurifier_ChildDef_Optional($block);
|
||||
$this->elements = $this->block->elements;
|
||||
}
|
||||
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
if ($context->get('IsInline') === false) {
|
||||
return $this->block->validateChildren(
|
||||
$tokens_of_children, $config, $context);
|
||||
|
||||
@@ -12,28 +12,28 @@ require_once 'HTMLPurifier/ChildDef.php';
|
||||
*/
|
||||
class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
{
|
||||
public $type = 'custom';
|
||||
public $allow_empty = false;
|
||||
var $type = 'custom';
|
||||
var $allow_empty = false;
|
||||
/**
|
||||
* Allowed child pattern as defined by the DTD
|
||||
*/
|
||||
public $dtd_regex;
|
||||
var $dtd_regex;
|
||||
/**
|
||||
* PCRE regex derived from $dtd_regex
|
||||
* @private
|
||||
*/
|
||||
private $_pcre_regex;
|
||||
var $_pcre_regex;
|
||||
/**
|
||||
* @param $dtd_regex Allowed child pattern from the DTD
|
||||
*/
|
||||
public function __construct($dtd_regex) {
|
||||
function HTMLPurifier_ChildDef_Custom($dtd_regex) {
|
||||
$this->dtd_regex = $dtd_regex;
|
||||
$this->_compileRegex();
|
||||
}
|
||||
/**
|
||||
* Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
|
||||
*/
|
||||
protected function _compileRegex() {
|
||||
function _compileRegex() {
|
||||
$raw = str_replace(' ', '', $this->dtd_regex);
|
||||
if ($raw{0} != '(') {
|
||||
$raw = "($raw)";
|
||||
@@ -61,7 +61,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
|
||||
$this->_pcre_regex = $reg;
|
||||
}
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
$list_of_children = '';
|
||||
$nesting = 0; // depth into the nest
|
||||
foreach ($tokens_of_children as $token) {
|
||||
|
||||
@@ -11,10 +11,10 @@ require_once 'HTMLPurifier/ChildDef.php';
|
||||
*/
|
||||
class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
|
||||
{
|
||||
public $allow_empty = true;
|
||||
public $type = 'empty';
|
||||
public function __construct() {}
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
var $allow_empty = true;
|
||||
var $type = 'empty';
|
||||
function HTMLPurifier_ChildDef_Empty() {}
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
return array();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,9 +11,9 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
|
||||
*/
|
||||
class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
|
||||
{
|
||||
public $allow_empty = true;
|
||||
public $type = 'optional';
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
var $allow_empty = true;
|
||||
var $type = 'optional';
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
$result = parent::validateChildren($tokens_of_children, $config, $context);
|
||||
if ($result === false) {
|
||||
if (empty($tokens_of_children)) return true;
|
||||
|
||||
@@ -11,11 +11,11 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
* Lookup table of allowed elements.
|
||||
* @public
|
||||
*/
|
||||
public $elements = array();
|
||||
var $elements = array();
|
||||
/**
|
||||
* @param $elements List of allowed element names (lowercase).
|
||||
*/
|
||||
public function __construct($elements) {
|
||||
function HTMLPurifier_ChildDef_Required($elements) {
|
||||
if (is_string($elements)) {
|
||||
$elements = str_replace(' ', '', $elements);
|
||||
$elements = explode('|', $elements);
|
||||
@@ -30,9 +30,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
}
|
||||
$this->elements = $elements;
|
||||
}
|
||||
public $allow_empty = false;
|
||||
public $type = 'required';
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
var $allow_empty = false;
|
||||
var $type = 'required';
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
// if there are no tokens, delete parent node
|
||||
if (empty($tokens_of_children)) return false;
|
||||
|
||||
|
||||
@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
|
||||
class HTMLPurifier_ChildDef_StrictBlockquote
|
||||
extends HTMLPurifier_ChildDef_Required
|
||||
{
|
||||
protected $real_elements;
|
||||
protected $fake_elements;
|
||||
public $allow_empty = true;
|
||||
public $type = 'strictblockquote';
|
||||
protected $init = false;
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
var $real_elements;
|
||||
var $fake_elements;
|
||||
var $allow_empty = true;
|
||||
var $type = 'strictblockquote';
|
||||
var $init = false;
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
|
||||
$def = $config->getHTMLDefinition();
|
||||
if (!$this->init) {
|
||||
|
||||
@@ -7,12 +7,12 @@ require_once 'HTMLPurifier/ChildDef.php';
|
||||
*/
|
||||
class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
|
||||
{
|
||||
public $allow_empty = false;
|
||||
public $type = 'table';
|
||||
public $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
|
||||
var $allow_empty = false;
|
||||
var $type = 'table';
|
||||
var $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
|
||||
'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true);
|
||||
public function __construct() {}
|
||||
public function validateChildren($tokens_of_children, $config, $context) {
|
||||
function HTMLPurifier_ChildDef_Table() {}
|
||||
function validateChildren($tokens_of_children, $config, &$context) {
|
||||
if (empty($tokens_of_children)) return false;
|
||||
|
||||
// this ensures that the loop gets run one last time before closing
|
||||
|
||||
@@ -35,8 +35,6 @@ if (!defined('PHP_EOL')) {
|
||||
* because a configuration object should always be forwarded,
|
||||
* otherwise, you run the risk of missing a parameter and then
|
||||
* being stumped when a configuration directive doesn't work.
|
||||
*
|
||||
* @todo Reconsider some of the public member variables
|
||||
*/
|
||||
class HTMLPurifier_Config
|
||||
{
|
||||
@@ -44,68 +42,65 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* HTML Purifier's version
|
||||
*/
|
||||
public $version = '3.0.0';
|
||||
var $version = '2.1.5';
|
||||
|
||||
/**
|
||||
* Two-level associative array of configuration directives
|
||||
*/
|
||||
var $conf;
|
||||
|
||||
/**
|
||||
* Reference HTMLPurifier_ConfigSchema for value checking
|
||||
*/
|
||||
var $def;
|
||||
|
||||
/**
|
||||
* Indexed array of definitions
|
||||
*/
|
||||
var $definitions;
|
||||
|
||||
/**
|
||||
* Bool indicator whether or not config is finalized
|
||||
*/
|
||||
var $finalized = false;
|
||||
|
||||
/**
|
||||
* Bool indicator whether or not to automatically finalize
|
||||
* the object if a read operation is done
|
||||
*/
|
||||
public $autoFinalize = true;
|
||||
|
||||
// protected member variables
|
||||
var $autoFinalize = true;
|
||||
|
||||
/**
|
||||
* Namespace indexed array of serials for specific namespaces (see
|
||||
* getSerial() for more info).
|
||||
* getSerial for more info).
|
||||
*/
|
||||
protected $serials = array();
|
||||
var $serials = array();
|
||||
|
||||
/**
|
||||
* Serial for entire configuration object
|
||||
*/
|
||||
protected $serial;
|
||||
|
||||
/**
|
||||
* Two-level associative array of configuration directives
|
||||
*/
|
||||
protected $conf;
|
||||
|
||||
/**
|
||||
* Reference HTMLPurifier_ConfigSchema for value checking
|
||||
* @note This is public for introspective purposes. Please don't
|
||||
* abuse!
|
||||
*/
|
||||
public $def;
|
||||
|
||||
/**
|
||||
* Indexed array of definitions
|
||||
*/
|
||||
protected $definitions;
|
||||
|
||||
/**
|
||||
* Bool indicator whether or not config is finalized
|
||||
*/
|
||||
protected $finalized = false;
|
||||
var $serial;
|
||||
|
||||
/**
|
||||
* @param $definition HTMLPurifier_ConfigSchema that defines what directives
|
||||
* are allowed.
|
||||
*/
|
||||
public function __construct(&$definition) {
|
||||
function HTMLPurifier_Config(&$definition) {
|
||||
$this->conf = $definition->defaults; // set up, copy in defaults
|
||||
$this->def = $definition; // keep a copy around for checking
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience constructor that creates a config object based on a mixed var
|
||||
* @static
|
||||
* @param mixed $config Variable that defines the state of the config
|
||||
* object. Can be: a HTMLPurifier_Config() object,
|
||||
* an array of directives based on loadArray(),
|
||||
* or a string filename of an ini file.
|
||||
* @return Configured HTMLPurifier_Config object
|
||||
*/
|
||||
public static function create($config) {
|
||||
if ($config instanceof HTMLPurifier_Config) {
|
||||
function create($config) {
|
||||
if (is_a($config, 'HTMLPurifier_Config')) {
|
||||
// pass-through
|
||||
return $config;
|
||||
}
|
||||
@@ -117,9 +112,10 @@ class HTMLPurifier_Config
|
||||
|
||||
/**
|
||||
* Convenience constructor that creates a default configuration object.
|
||||
* @static
|
||||
* @return Default HTMLPurifier_Config object.
|
||||
*/
|
||||
public static function createDefault() {
|
||||
function createDefault() {
|
||||
$definition =& HTMLPurifier_ConfigSchema::instance();
|
||||
$config = new HTMLPurifier_Config($definition);
|
||||
return $config;
|
||||
@@ -130,7 +126,7 @@ class HTMLPurifier_Config
|
||||
* @param $namespace String namespace
|
||||
* @param $key String key
|
||||
*/
|
||||
public function get($namespace, $key) {
|
||||
function get($namespace, $key, $from_alias = false) {
|
||||
if (!$this->finalized && $this->autoFinalize) $this->finalize();
|
||||
if (!isset($this->def->info[$namespace][$key])) {
|
||||
// can't add % due to SimpleTest bug
|
||||
@@ -151,7 +147,7 @@ class HTMLPurifier_Config
|
||||
* Retreives an array of directives to values from a given namespace
|
||||
* @param $namespace String namespace
|
||||
*/
|
||||
public function getBatch($namespace) {
|
||||
function getBatch($namespace) {
|
||||
if (!$this->finalized && $this->autoFinalize) $this->finalize();
|
||||
if (!isset($this->def->info[$namespace])) {
|
||||
trigger_error('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
|
||||
@@ -168,7 +164,7 @@ class HTMLPurifier_Config
|
||||
* before processing!
|
||||
* @param $namespace Namespace to get serial for
|
||||
*/
|
||||
public function getBatchSerial($namespace) {
|
||||
function getBatchSerial($namespace) {
|
||||
if (empty($this->serials[$namespace])) {
|
||||
$batch = $this->getBatch($namespace);
|
||||
unset($batch['DefinitionRev']);
|
||||
@@ -181,7 +177,7 @@ class HTMLPurifier_Config
|
||||
* Returns a md5 signature for the entire configuration object
|
||||
* that uniquely identifies that particular configuration
|
||||
*/
|
||||
public function getSerial() {
|
||||
function getSerial() {
|
||||
if (empty($this->serial)) {
|
||||
$this->serial = md5(serialize($this->getAll()));
|
||||
}
|
||||
@@ -191,7 +187,7 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* Retrieves all directives, organized by namespace
|
||||
*/
|
||||
public function getAll() {
|
||||
function getAll() {
|
||||
if (!$this->finalized && $this->autoFinalize) $this->finalize();
|
||||
return $this->conf;
|
||||
}
|
||||
@@ -202,7 +198,7 @@ class HTMLPurifier_Config
|
||||
* @param $key String key
|
||||
* @param $value Mixed value
|
||||
*/
|
||||
public function set($namespace, $key, $value, $from_alias = false) {
|
||||
function set($namespace, $key, $value, $from_alias = false) {
|
||||
if ($this->isFinalized('Cannot set directive after finalization')) return;
|
||||
if (!isset($this->def->info[$namespace][$key])) {
|
||||
trigger_error('Cannot set undefined directive ' . htmlspecialchars("$namespace.$key") . ' to value',
|
||||
@@ -256,8 +252,9 @@ class HTMLPurifier_Config
|
||||
|
||||
/**
|
||||
* Convenience function for error reporting
|
||||
* @private
|
||||
*/
|
||||
private function _listify($lookup) {
|
||||
function _listify($lookup) {
|
||||
$list = array();
|
||||
foreach ($lookup as $name => $b) $list[] = $name;
|
||||
return implode(', ', $list);
|
||||
@@ -268,7 +265,7 @@ class HTMLPurifier_Config
|
||||
* @param $raw Return a copy that has not been setup yet. Must be
|
||||
* called before it's been setup, otherwise won't work.
|
||||
*/
|
||||
public function &getHTMLDefinition($raw = false) {
|
||||
function &getHTMLDefinition($raw = false) {
|
||||
$def =& $this->getDefinition('HTML', $raw);
|
||||
return $def; // prevent PHP 4.4.0 from complaining
|
||||
}
|
||||
@@ -276,7 +273,7 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* Retrieves reference to the CSS definition
|
||||
*/
|
||||
public function &getCSSDefinition($raw = false) {
|
||||
function &getCSSDefinition($raw = false) {
|
||||
$def =& $this->getDefinition('CSS', $raw);
|
||||
return $def;
|
||||
}
|
||||
@@ -286,7 +283,7 @@ class HTMLPurifier_Config
|
||||
* @param $type Type of definition: HTML, CSS, etc
|
||||
* @param $raw Whether or not definition should be returned raw
|
||||
*/
|
||||
public function &getDefinition($type, $raw = false) {
|
||||
function &getDefinition($type, $raw = false) {
|
||||
if (!$this->finalized && $this->autoFinalize) $this->finalize();
|
||||
$factory = HTMLPurifier_DefinitionCacheFactory::instance();
|
||||
$cache = $factory->create($type, $this);
|
||||
@@ -346,7 +343,7 @@ class HTMLPurifier_Config
|
||||
* Namespace.Directive => Value
|
||||
* @param $config_array Configuration associative array
|
||||
*/
|
||||
public function loadArray($config_array) {
|
||||
function loadArray($config_array) {
|
||||
if ($this->isFinalized('Cannot load directives after finalization')) return;
|
||||
foreach ($config_array as $key => $value) {
|
||||
$key = str_replace('_', '.', $key);
|
||||
@@ -369,8 +366,9 @@ class HTMLPurifier_Config
|
||||
* that are allowed in a web-form context as per an allowed
|
||||
* namespaces/directives list.
|
||||
* @param $allowed List of allowed namespaces/directives
|
||||
* @static
|
||||
*/
|
||||
public static function getAllowedDirectivesForForm($allowed) {
|
||||
function getAllowedDirectivesForForm($allowed) {
|
||||
$schema = HTMLPurifier_ConfigSchema::instance();
|
||||
if ($allowed !== true) {
|
||||
if (is_string($allowed)) $allowed = array($allowed);
|
||||
@@ -413,8 +411,9 @@ class HTMLPurifier_Config
|
||||
* @param $index Index/name that the config variables are in
|
||||
* @param $allowed List of allowed namespaces/directives
|
||||
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
||||
* @static
|
||||
*/
|
||||
public static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
|
||||
$config = HTMLPurifier_Config::create($ret);
|
||||
return $config;
|
||||
@@ -424,7 +423,7 @@ class HTMLPurifier_Config
|
||||
* Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
|
||||
* @note Same parameters as loadArrayFromForm
|
||||
*/
|
||||
public function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
|
||||
$this->loadArray($ret);
|
||||
}
|
||||
@@ -432,8 +431,9 @@ class HTMLPurifier_Config
|
||||
/**
|
||||
* Prepares an array from a form into something usable for the more
|
||||
* strict parts of HTMLPurifier_Config
|
||||
* @static
|
||||
*/
|
||||
public static function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
||||
$mq = get_magic_quotes_gpc() && $mq_fix;
|
||||
|
||||
@@ -457,7 +457,7 @@ class HTMLPurifier_Config
|
||||
* Loads configuration values from an ini file
|
||||
* @param $filename Name of ini file
|
||||
*/
|
||||
public function loadIni($filename) {
|
||||
function loadIni($filename) {
|
||||
if ($this->isFinalized('Cannot load directives after finalization')) return;
|
||||
$array = parse_ini_file($filename, true);
|
||||
$this->loadArray($array);
|
||||
@@ -467,7 +467,7 @@ class HTMLPurifier_Config
|
||||
* Checks whether or not the configuration object is finalized.
|
||||
* @param $error String error message, or false for no error
|
||||
*/
|
||||
public function isFinalized($error = false) {
|
||||
function isFinalized($error = false) {
|
||||
if ($this->finalized && $error) {
|
||||
trigger_error($error, E_USER_ERROR);
|
||||
}
|
||||
@@ -478,18 +478,17 @@ class HTMLPurifier_Config
|
||||
* Finalizes configuration only if auto finalize is on and not
|
||||
* already finalized
|
||||
*/
|
||||
public function autoFinalize() {
|
||||
function autoFinalize() {
|
||||
if (!$this->finalized && $this->autoFinalize) $this->finalize();
|
||||
}
|
||||
|
||||
/**
|
||||
* Finalizes a configuration object, prohibiting further change
|
||||
*/
|
||||
public function finalize() {
|
||||
function finalize() {
|
||||
$this->finalized = true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -4,6 +4,6 @@
|
||||
* Base class for configuration entity
|
||||
*/
|
||||
class HTMLPurifier_ConfigDef {
|
||||
public $class = false;
|
||||
var $class = false;
|
||||
}
|
||||
|
||||
|
||||
@@ -9,9 +9,9 @@ require_once 'HTMLPurifier/ConfigDef.php';
|
||||
class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
||||
{
|
||||
|
||||
public $class = 'directive';
|
||||
var $class = 'directive';
|
||||
|
||||
public function __construct(
|
||||
function HTMLPurifier_ConfigDef_Directive(
|
||||
$type = null,
|
||||
$descriptions = null,
|
||||
$allow_null = null,
|
||||
@@ -37,40 +37,40 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
||||
* - hash (array of key => value)
|
||||
* - mixed (anything goes)
|
||||
*/
|
||||
public $type = 'mixed';
|
||||
var $type = 'mixed';
|
||||
|
||||
/**
|
||||
* Plaintext descriptions of the configuration entity is. Organized by
|
||||
* file and line number, so multiple descriptions are allowed.
|
||||
*/
|
||||
public $descriptions = array();
|
||||
var $descriptions = array();
|
||||
|
||||
/**
|
||||
* Is null allowed? Has no effect for mixed type.
|
||||
* @bool
|
||||
*/
|
||||
public $allow_null = false;
|
||||
var $allow_null = false;
|
||||
|
||||
/**
|
||||
* Lookup table of allowed values of the element, bool true if all allowed.
|
||||
*/
|
||||
public $allowed = true;
|
||||
var $allowed = true;
|
||||
|
||||
/**
|
||||
* Hash of value aliases, i.e. values that are equivalent.
|
||||
*/
|
||||
public $aliases = array();
|
||||
var $aliases = array();
|
||||
|
||||
/**
|
||||
* Advisory list of directive aliases, i.e. other directives that
|
||||
* redirect here
|
||||
*/
|
||||
public $directiveAliases = array();
|
||||
var $directiveAliases = array();
|
||||
|
||||
/**
|
||||
* Adds a description to the array
|
||||
*/
|
||||
public function addDescription($file, $line, $description) {
|
||||
function addDescription($file, $line, $description) {
|
||||
if (!isset($this->descriptions[$file])) $this->descriptions[$file] = array();
|
||||
$this->descriptions[$file][$line] = $description;
|
||||
}
|
||||
|
||||
@@ -7,18 +7,18 @@ require_once 'HTMLPurifier/ConfigDef.php';
|
||||
*/
|
||||
class HTMLPurifier_ConfigDef_DirectiveAlias extends HTMLPurifier_ConfigDef
|
||||
{
|
||||
public $class = 'alias';
|
||||
var $class = 'alias';
|
||||
|
||||
/**
|
||||
* Namespace being aliased to
|
||||
*/
|
||||
public $namespace;
|
||||
var $namespace;
|
||||
/**
|
||||
* Directive being aliased to
|
||||
*/
|
||||
public $name;
|
||||
var $name;
|
||||
|
||||
public function __construct($namespace, $name) {
|
||||
function HTMLPurifier_ConfigDef_DirectiveAlias($namespace, $name) {
|
||||
$this->namespace = $namespace;
|
||||
$this->name = $name;
|
||||
}
|
||||
|
||||
@@ -7,16 +7,16 @@ require_once 'HTMLPurifier/ConfigDef.php';
|
||||
*/
|
||||
class HTMLPurifier_ConfigDef_Namespace extends HTMLPurifier_ConfigDef {
|
||||
|
||||
public function HTMLPurifier_ConfigDef_Namespace($description = null) {
|
||||
function HTMLPurifier_ConfigDef_Namespace($description = null) {
|
||||
$this->description = $description;
|
||||
}
|
||||
|
||||
public $class = 'namespace';
|
||||
var $class = 'namespace';
|
||||
|
||||
/**
|
||||
* String description of what kinds of directives go in this namespace.
|
||||
*/
|
||||
public $description;
|
||||
var $description;
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -33,22 +33,22 @@ class HTMLPurifier_ConfigSchema {
|
||||
* Defaults of the directives and namespaces.
|
||||
* @note This shares the exact same structure as HTMLPurifier_Config::$conf
|
||||
*/
|
||||
public $defaults = array();
|
||||
var $defaults = array();
|
||||
|
||||
/**
|
||||
* Definition of the directives.
|
||||
*/
|
||||
public $info = array();
|
||||
var $info = array();
|
||||
|
||||
/**
|
||||
* Definition of namespaces.
|
||||
*/
|
||||
public $info_namespace = array();
|
||||
var $info_namespace = array();
|
||||
|
||||
/**
|
||||
* Lookup table of allowed types.
|
||||
*/
|
||||
public $types = array(
|
||||
var $types = array(
|
||||
'string' => 'String',
|
||||
'istring' => 'Case-insensitive string',
|
||||
'text' => 'Text',
|
||||
@@ -65,7 +65,7 @@ class HTMLPurifier_ConfigSchema {
|
||||
/**
|
||||
* Initializes the default namespaces.
|
||||
*/
|
||||
public function initialize() {
|
||||
function initialize() {
|
||||
$this->defineNamespace('Core', 'Core features that are always available.');
|
||||
$this->defineNamespace('Attr', 'Features regarding attribute validation.');
|
||||
$this->defineNamespace('URI', 'Features regarding Uniform Resource Identifiers.');
|
||||
@@ -73,7 +73,6 @@ class HTMLPurifier_ConfigSchema {
|
||||
$this->defineNamespace('CSS', 'Configuration regarding allowed CSS.');
|
||||
$this->defineNamespace('AutoFormat', 'Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s)');
|
||||
$this->defineNamespace('AutoFormatParam', 'Configuration for customizing auto-formatting functionality');
|
||||
$this->defineNamespace('Filter', 'Configuration for filters');
|
||||
$this->defineNamespace('Output', 'Configuration relating to the generation of (X)HTML.');
|
||||
$this->defineNamespace('Cache', 'Configuration for DefinitionCache and related subclasses.');
|
||||
$this->defineNamespace('Test', 'Developer testing configuration for our unit tests.');
|
||||
@@ -81,8 +80,9 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Retrieves an instance of the application-wide configuration definition.
|
||||
* @static
|
||||
*/
|
||||
public static function &instance($prototype = null) {
|
||||
function &instance($prototype = null) {
|
||||
static $instance;
|
||||
if ($prototype !== null) {
|
||||
$instance = $prototype;
|
||||
@@ -95,6 +95,7 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Defines a directive for configuration
|
||||
* @static
|
||||
* @warning Will fail of directive's namespace is defined
|
||||
* @param $namespace Namespace the directive is in
|
||||
* @param $name Key of directive
|
||||
@@ -103,7 +104,7 @@ class HTMLPurifier_ConfigSchema {
|
||||
* HTMLPurifier_DirectiveDef::$type for allowed values
|
||||
* @param $description Description of directive for documentation
|
||||
*/
|
||||
public static function define($namespace, $name, $default, $type, $description) {
|
||||
function define($namespace, $name, $default, $type, $description) {
|
||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||
|
||||
// basic sanity checks
|
||||
@@ -172,10 +173,11 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Defines a namespace for directives to be put into.
|
||||
* @static
|
||||
* @param $namespace Namespace's name
|
||||
* @param $description Description of the namespace
|
||||
*/
|
||||
public static function defineNamespace($namespace, $description) {
|
||||
function defineNamespace($namespace, $description) {
|
||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
||||
if (isset($def->info[$namespace])) {
|
||||
@@ -204,12 +206,13 @@ class HTMLPurifier_ConfigSchema {
|
||||
*
|
||||
* Directive value aliases are convenient for developers because it lets
|
||||
* them set a directive to several values and get the same result.
|
||||
* @static
|
||||
* @param $namespace Directive's namespace
|
||||
* @param $name Name of Directive
|
||||
* @param $alias Name of aliased value
|
||||
* @param $real Value aliased value will be converted into
|
||||
*/
|
||||
public static function defineValueAliases($namespace, $name, $aliases) {
|
||||
function defineValueAliases($namespace, $name, $aliases) {
|
||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
||||
trigger_error('Cannot set value alias for non-existant directive',
|
||||
@@ -237,11 +240,12 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Defines a set of allowed values for a directive.
|
||||
* @static
|
||||
* @param $namespace Namespace of directive
|
||||
* @param $name Name of directive
|
||||
* @param $allowed_values Arraylist of allowed values
|
||||
*/
|
||||
public static function defineAllowedValues($namespace, $name, $allowed_values) {
|
||||
function defineAllowedValues($namespace, $name, $allowed_values) {
|
||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
||||
trigger_error('Cannot define allowed values for undefined directive',
|
||||
@@ -275,12 +279,13 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Defines a directive alias for backwards compatibility
|
||||
* @static
|
||||
* @param $namespace
|
||||
* @param $name Directive that will be aliased
|
||||
* @param $new_namespace
|
||||
* @param $new_name Directive that the alias will be to
|
||||
*/
|
||||
public static function defineAlias($namespace, $name, $new_namespace, $new_name) {
|
||||
function defineAlias($namespace, $name, $new_namespace, $new_name) {
|
||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
||||
if (!isset($def->info[$namespace])) {
|
||||
@@ -317,9 +322,8 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Validate a variable according to type. Return null if invalid.
|
||||
* @todo Consider making protected
|
||||
*/
|
||||
public function validate($var, $type, $allow_null = false) {
|
||||
function validate($var, $type, $allow_null = false) {
|
||||
if (!isset($this->types[$type])) {
|
||||
trigger_error('Invalid type', E_USER_ERROR);
|
||||
return;
|
||||
@@ -410,11 +414,8 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Takes an absolute path and munges it into a more manageable relative path
|
||||
* @todo Consider making protected
|
||||
* @param $filename Filename to check
|
||||
* @return string munged filename
|
||||
*/
|
||||
public function mungeFilename($filename) {
|
||||
function mungeFilename($filename) {
|
||||
if (!HTMLPURIFIER_SCHEMA_STRICT) return $filename;
|
||||
$offset = strrpos($filename, 'HTMLPurifier');
|
||||
$filename = substr($filename, $offset);
|
||||
@@ -424,11 +425,10 @@ class HTMLPurifier_ConfigSchema {
|
||||
|
||||
/**
|
||||
* Checks if var is an HTMLPurifier_Error object
|
||||
* @todo Consider making protected
|
||||
*/
|
||||
public function isError($var) {
|
||||
function isError($var) {
|
||||
if (!is_object($var)) return false;
|
||||
if (!($var instanceof HTMLPurifier_Error)) return false;
|
||||
if (!is_a($var, 'HTMLPurifier_Error')) return false;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,38 +7,39 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
|
||||
require_once 'HTMLPurifier/ChildDef/Optional.php';
|
||||
require_once 'HTMLPurifier/ChildDef/Custom.php';
|
||||
|
||||
/**
|
||||
* @todo Unit test
|
||||
*/
|
||||
// NOT UNIT TESTED!!!
|
||||
|
||||
class HTMLPurifier_ContentSets
|
||||
{
|
||||
|
||||
/**
|
||||
* List of content set strings (pipe seperators) indexed by name.
|
||||
* @public
|
||||
*/
|
||||
public $info = array();
|
||||
var $info = array();
|
||||
|
||||
/**
|
||||
* List of content set lookups (element => true) indexed by name.
|
||||
* @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
|
||||
* @public
|
||||
*/
|
||||
public $lookup = array();
|
||||
var $lookup = array();
|
||||
|
||||
/**
|
||||
* Synchronized list of defined content sets (keys of info)
|
||||
*/
|
||||
protected $keys = array();
|
||||
var $keys = array();
|
||||
/**
|
||||
* Synchronized list of defined content values (values of info)
|
||||
*/
|
||||
protected $values = array();
|
||||
var $values = array();
|
||||
|
||||
/**
|
||||
* Merges in module's content sets, expands identifiers in the content
|
||||
* sets and populates the keys, values and lookup member variables.
|
||||
* @param $modules List of HTMLPurifier_HTMLModule
|
||||
*/
|
||||
public function __construct($modules) {
|
||||
function HTMLPurifier_ContentSets($modules) {
|
||||
if (!is_array($modules)) $modules = array($modules);
|
||||
// populate content_sets based on module hints
|
||||
// sorry, no way of overloading
|
||||
@@ -78,7 +79,7 @@ class HTMLPurifier_ContentSets
|
||||
* @param $def HTMLPurifier_ElementDef reference
|
||||
* @param $module Module that defined the ElementDef
|
||||
*/
|
||||
public function generateChildDef(&$def, $module) {
|
||||
function generateChildDef(&$def, $module) {
|
||||
if (!empty($def->child)) return; // already done!
|
||||
$content_model = $def->content_model;
|
||||
if (is_string($content_model)) {
|
||||
@@ -96,7 +97,7 @@ class HTMLPurifier_ContentSets
|
||||
* @param $def HTMLPurifier_ElementDef to have ChildDef extracted
|
||||
* @return HTMLPurifier_ChildDef corresponding to ElementDef
|
||||
*/
|
||||
public function getChildDef($def, $module) {
|
||||
function getChildDef($def, $module) {
|
||||
$value = $def->content_model;
|
||||
if (is_object($value)) {
|
||||
trigger_error(
|
||||
@@ -136,7 +137,7 @@ class HTMLPurifier_ContentSets
|
||||
* @param $string List of elements
|
||||
* @return Lookup array of elements
|
||||
*/
|
||||
protected function convertToLookup($string) {
|
||||
function convertToLookup($string) {
|
||||
$array = explode('|', str_replace(' ', '', $string));
|
||||
$ret = array();
|
||||
foreach ($array as $i => $k) {
|
||||
|
||||
@@ -10,15 +10,16 @@ class HTMLPurifier_Context
|
||||
|
||||
/**
|
||||
* Private array that stores the references.
|
||||
* @private
|
||||
*/
|
||||
private $_storage = array();
|
||||
var $_storage = array();
|
||||
|
||||
/**
|
||||
* Registers a variable into the context.
|
||||
* @param $name String name
|
||||
* @param $ref Variable to be registered
|
||||
*/
|
||||
public function register($name, &$ref) {
|
||||
function register($name, &$ref) {
|
||||
if (isset($this->_storage[$name])) {
|
||||
trigger_error("Name $name produces collision, cannot re-register",
|
||||
E_USER_ERROR);
|
||||
@@ -32,7 +33,7 @@ class HTMLPurifier_Context
|
||||
* @param $name String name
|
||||
* @param $ignore_error Boolean whether or not to ignore error
|
||||
*/
|
||||
public function &get($name, $ignore_error = false) {
|
||||
function &get($name, $ignore_error = false) {
|
||||
if (!isset($this->_storage[$name])) {
|
||||
if (!$ignore_error) {
|
||||
trigger_error("Attempted to retrieve non-existent variable $name",
|
||||
@@ -48,7 +49,7 @@ class HTMLPurifier_Context
|
||||
* Destorys a variable in the context.
|
||||
* @param $name String name
|
||||
*/
|
||||
public function destroy($name) {
|
||||
function destroy($name) {
|
||||
if (!isset($this->_storage[$name])) {
|
||||
trigger_error("Attempted to destroy non-existent variable $name",
|
||||
E_USER_ERROR);
|
||||
@@ -61,7 +62,7 @@ class HTMLPurifier_Context
|
||||
* Checks whether or not the variable exists.
|
||||
* @param $name String name
|
||||
*/
|
||||
public function exists($name) {
|
||||
function exists($name) {
|
||||
return isset($this->_storage[$name]);
|
||||
}
|
||||
|
||||
@@ -69,7 +70,7 @@ class HTMLPurifier_Context
|
||||
* Loads a series of variables from an associative array
|
||||
* @param $context_array Assoc array of variables to load
|
||||
*/
|
||||
public function loadArray($context_array) {
|
||||
function loadArray(&$context_array) {
|
||||
foreach ($context_array as $key => $discard) {
|
||||
$this->register($key, $context_array[$key]);
|
||||
}
|
||||
|
||||
@@ -4,31 +4,33 @@
|
||||
* Super-class for definition datatype objects, implements serialization
|
||||
* functions for the class.
|
||||
*/
|
||||
abstract class HTMLPurifier_Definition
|
||||
class HTMLPurifier_Definition
|
||||
{
|
||||
|
||||
/**
|
||||
* Has setup() been called yet?
|
||||
*/
|
||||
public $setup = false;
|
||||
var $setup = false;
|
||||
|
||||
/**
|
||||
* What type of definition is it?
|
||||
*/
|
||||
public $type;
|
||||
var $type;
|
||||
|
||||
/**
|
||||
* Sets up the definition object into the final form, something
|
||||
* not done by the constructor
|
||||
* @param $config HTMLPurifier_Config instance
|
||||
*/
|
||||
abstract protected function doSetup($config);
|
||||
function doSetup($config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup function that aborts if already setup
|
||||
* @param $config HTMLPurifier_Config instance
|
||||
*/
|
||||
public function setup($config) {
|
||||
function setup($config) {
|
||||
if ($this->setup) return;
|
||||
$this->setup = true;
|
||||
$this->doSetup($config);
|
||||
|
||||
@@ -10,21 +10,25 @@ require_once 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
|
||||
/**
|
||||
* Abstract class representing Definition cache managers that implements
|
||||
* useful common methods and is a factory.
|
||||
* @todo Get some sort of versioning variable so the library can easily
|
||||
* invalidate the cache with a new version
|
||||
* @todo Make the test runner cache aware and allow the user to easily
|
||||
* flush the cache
|
||||
* @todo Create a separate maintenance file advanced users can use to
|
||||
* cache their custom HTMLDefinition, which can be loaded
|
||||
* via a configuration directive
|
||||
* @todo Implement memcached
|
||||
*/
|
||||
abstract class HTMLPurifier_DefinitionCache
|
||||
class HTMLPurifier_DefinitionCache
|
||||
{
|
||||
|
||||
public $type;
|
||||
var $type;
|
||||
|
||||
/**
|
||||
* @param $name Type of definition objects this instance of the
|
||||
* cache will handle.
|
||||
*/
|
||||
public function __construct($type) {
|
||||
function HTMLPurifier_DefinitionCache($type) {
|
||||
$this->type = $type;
|
||||
}
|
||||
|
||||
@@ -32,7 +36,7 @@ abstract class HTMLPurifier_DefinitionCache
|
||||
* Generates a unique identifier for a particular configuration
|
||||
* @param Instance of HTMLPurifier_Config
|
||||
*/
|
||||
public function generateKey($config) {
|
||||
function generateKey($config) {
|
||||
return $config->version . '-' . // possibly replace with function calls
|
||||
$config->getBatchSerial($this->type) . '-' .
|
||||
$config->get($this->type, 'DefinitionRev');
|
||||
@@ -44,7 +48,7 @@ abstract class HTMLPurifier_DefinitionCache
|
||||
* @param $key Key to test
|
||||
* @param $config Instance of HTMLPurifier_Config to test against
|
||||
*/
|
||||
public function isOld($key, $config) {
|
||||
function isOld($key, $config) {
|
||||
if (substr_count($key, '-') < 2) return true;
|
||||
list($version, $hash, $revision) = explode('-', $key, 3);
|
||||
$compare = version_compare($version, $config->version);
|
||||
@@ -64,7 +68,7 @@ abstract class HTMLPurifier_DefinitionCache
|
||||
* @param $def Definition object to check
|
||||
* @return Boolean true if good, false if not
|
||||
*/
|
||||
public function checkDefType($def) {
|
||||
function checkDefType($def) {
|
||||
if ($def->type !== $this->type) {
|
||||
trigger_error("Cannot use definition of type {$def->type} in cache for {$this->type}");
|
||||
return false;
|
||||
@@ -75,32 +79,44 @@ abstract class HTMLPurifier_DefinitionCache
|
||||
/**
|
||||
* Adds a definition object to the cache
|
||||
*/
|
||||
abstract public function add($def, $config);
|
||||
function add($def, $config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unconditionally saves a definition object to the cache
|
||||
*/
|
||||
abstract public function set($def, $config);
|
||||
function set($def, $config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Replace an object in the cache
|
||||
*/
|
||||
abstract public function replace($def, $config);
|
||||
function replace($def, $config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves a definition object from the cache
|
||||
*/
|
||||
abstract public function get($config);
|
||||
function get($config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes a definition object to the cache
|
||||
*/
|
||||
abstract public function remove($config);
|
||||
function remove($config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears all objects from cache
|
||||
*/
|
||||
abstract public function flush($config);
|
||||
function flush($config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears all expired (older version or revision) objects from cache
|
||||
@@ -108,7 +124,8 @@ abstract class HTMLPurifier_DefinitionCache
|
||||
* not interfere with other Definition types, and cleanup()
|
||||
* should not be repeatedly called by userland code.
|
||||
*/
|
||||
abstract public function cleanup($config);
|
||||
|
||||
function cleanup($config) {
|
||||
trigger_error('Cannot call abstract method', E_USER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,15 +8,15 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
|
||||
/**
|
||||
* Cache object we are decorating
|
||||
*/
|
||||
public $cache;
|
||||
var $cache;
|
||||
|
||||
public function __construct() {}
|
||||
function HTMLPurifier_DefinitionCache_Decorator() {}
|
||||
|
||||
/**
|
||||
* Lazy decorator function
|
||||
* @param $cache Reference to cache object to decorate
|
||||
*/
|
||||
public function decorate(&$cache) {
|
||||
function decorate(&$cache) {
|
||||
$decorator = $this->copy();
|
||||
// reference is necessary for mocks in PHP 4
|
||||
$decorator->cache =& $cache;
|
||||
@@ -27,35 +27,31 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
|
||||
/**
|
||||
* Cross-compatible clone substitute
|
||||
*/
|
||||
public function copy() {
|
||||
function copy() {
|
||||
return new HTMLPurifier_DefinitionCache_Decorator();
|
||||
}
|
||||
|
||||
public function add($def, $config) {
|
||||
function add($def, $config) {
|
||||
return $this->cache->add($def, $config);
|
||||
}
|
||||
|
||||
public function set($def, $config) {
|
||||
function set($def, $config) {
|
||||
return $this->cache->set($def, $config);
|
||||
}
|
||||
|
||||
public function replace($def, $config) {
|
||||
function replace($def, $config) {
|
||||
return $this->cache->replace($def, $config);
|
||||
}
|
||||
|
||||
public function get($config) {
|
||||
function get($config) {
|
||||
return $this->cache->get($config);
|
||||
}
|
||||
|
||||
public function remove($config) {
|
||||
return $this->cache->remove($config);
|
||||
}
|
||||
|
||||
public function flush($config) {
|
||||
function flush($config) {
|
||||
return $this->cache->flush($config);
|
||||
}
|
||||
|
||||
public function cleanup($config) {
|
||||
function cleanup($config) {
|
||||
return $this->cache->cleanup($config);
|
||||
}
|
||||
|
||||
|
||||
@@ -10,31 +10,31 @@ class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends
|
||||
HTMLPurifier_DefinitionCache_Decorator
|
||||
{
|
||||
|
||||
public $name = 'Cleanup';
|
||||
var $name = 'Cleanup';
|
||||
|
||||
public function copy() {
|
||||
function copy() {
|
||||
return new HTMLPurifier_DefinitionCache_Decorator_Cleanup();
|
||||
}
|
||||
|
||||
public function add($def, $config) {
|
||||
function add($def, $config) {
|
||||
$status = parent::add($def, $config);
|
||||
if (!$status) parent::cleanup($config);
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function set($def, $config) {
|
||||
function set($def, $config) {
|
||||
$status = parent::set($def, $config);
|
||||
if (!$status) parent::cleanup($config);
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function replace($def, $config) {
|
||||
function replace($def, $config) {
|
||||
$status = parent::replace($def, $config);
|
||||
if (!$status) parent::cleanup($config);
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function get($config) {
|
||||
function get($config) {
|
||||
$ret = parent::get($config);
|
||||
if (!$ret) parent::cleanup($config);
|
||||
return $ret;
|
||||
|
||||
@@ -11,32 +11,32 @@ class HTMLPurifier_DefinitionCache_Decorator_Memory extends
|
||||
HTMLPurifier_DefinitionCache_Decorator
|
||||
{
|
||||
|
||||
protected $definitions;
|
||||
public $name = 'Memory';
|
||||
var $definitions;
|
||||
var $name = 'Memory';
|
||||
|
||||
public function copy() {
|
||||
function copy() {
|
||||
return new HTMLPurifier_DefinitionCache_Decorator_Memory();
|
||||
}
|
||||
|
||||
public function add($def, $config) {
|
||||
function add($def, $config) {
|
||||
$status = parent::add($def, $config);
|
||||
if ($status) $this->definitions[$this->generateKey($config)] = $def;
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function set($def, $config) {
|
||||
function set($def, $config) {
|
||||
$status = parent::set($def, $config);
|
||||
if ($status) $this->definitions[$this->generateKey($config)] = $def;
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function replace($def, $config) {
|
||||
function replace($def, $config) {
|
||||
$status = parent::replace($def, $config);
|
||||
if ($status) $this->definitions[$this->generateKey($config)] = $def;
|
||||
return $status;
|
||||
}
|
||||
|
||||
public function get($config) {
|
||||
function get($config) {
|
||||
$key = $this->generateKey($config);
|
||||
if (isset($this->definitions[$key])) return $this->definitions[$key];
|
||||
$this->definitions[$key] = parent::get($config);
|
||||
|
||||
@@ -8,31 +8,27 @@ require_once 'HTMLPurifier/DefinitionCache.php';
|
||||
class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
|
||||
{
|
||||
|
||||
public function add($def, $config) {
|
||||
function add($def, $config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function set($def, $config) {
|
||||
function set($def, $config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function replace($def, $config) {
|
||||
function replace($def, $config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function remove($config) {
|
||||
function get($config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function get($config) {
|
||||
function flush($config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function flush($config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function cleanup($config) {
|
||||
function cleanup($config) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
HTMLPurifier_DefinitionCache
|
||||
{
|
||||
|
||||
public function add($def, $config) {
|
||||
function add($def, $config) {
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
if (file_exists($file)) return false;
|
||||
@@ -25,14 +25,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
public function set($def, $config) {
|
||||
function set($def, $config) {
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
public function replace($def, $config) {
|
||||
function replace($def, $config) {
|
||||
if (!$this->checkDefType($def)) return;
|
||||
$file = $this->generateFilePath($config);
|
||||
if (!file_exists($file)) return false;
|
||||
@@ -40,19 +40,19 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
return $this->_write($file, serialize($def));
|
||||
}
|
||||
|
||||
public function get($config) {
|
||||
function get($config) {
|
||||
$file = $this->generateFilePath($config);
|
||||
if (!file_exists($file)) return false;
|
||||
return unserialize(file_get_contents($file));
|
||||
}
|
||||
|
||||
public function remove($config) {
|
||||
function remove($config) {
|
||||
$file = $this->generateFilePath($config);
|
||||
if (!file_exists($file)) return false;
|
||||
return unlink($file);
|
||||
}
|
||||
|
||||
public function flush($config) {
|
||||
function flush($config) {
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
$dir = $this->generateDirectoryPath($config);
|
||||
$dh = opendir($dir);
|
||||
@@ -63,7 +63,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
}
|
||||
}
|
||||
|
||||
public function cleanup($config) {
|
||||
function cleanup($config) {
|
||||
if (!$this->_prepareDir($config)) return false;
|
||||
$dir = $this->generateDirectoryPath($config);
|
||||
$dh = opendir($dir);
|
||||
@@ -78,9 +78,8 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
/**
|
||||
* Generates the file path to the serial file corresponding to
|
||||
* the configuration and definition name
|
||||
* @todo Make protected
|
||||
*/
|
||||
public function generateFilePath($config) {
|
||||
function generateFilePath($config) {
|
||||
$key = $this->generateKey($config);
|
||||
return $this->generateDirectoryPath($config) . '/' . $key . '.ser';
|
||||
}
|
||||
@@ -88,9 +87,8 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
/**
|
||||
* Generates the path to the directory contain this cache's serial files
|
||||
* @note No trailing slash
|
||||
* @todo Make protected
|
||||
*/
|
||||
public function generateDirectoryPath($config) {
|
||||
function generateDirectoryPath($config) {
|
||||
$base = $this->generateBaseDirectoryPath($config);
|
||||
return $base . '/' . $this->type;
|
||||
}
|
||||
@@ -98,9 +96,8 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
/**
|
||||
* Generates path to base directory that contains all definition type
|
||||
* serials
|
||||
* @todo Make protected
|
||||
*/
|
||||
public function generateBaseDirectoryPath($config) {
|
||||
function generateBaseDirectoryPath($config) {
|
||||
$base = $config->get('Cache', 'SerializerPath');
|
||||
$base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base;
|
||||
return $base;
|
||||
@@ -112,7 +109,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
* @param $data Data to write into file
|
||||
* @return Number of bytes written if success, or false if failure.
|
||||
*/
|
||||
private function _write($file, $data) {
|
||||
function _write($file, $data) {
|
||||
static $file_put_contents;
|
||||
if ($file_put_contents === null) {
|
||||
$file_put_contents = function_exists('file_put_contents');
|
||||
@@ -131,7 +128,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
* Prepares the directory that this type stores the serials in
|
||||
* @return True if successful
|
||||
*/
|
||||
private function _prepareDir($config) {
|
||||
function _prepareDir($config) {
|
||||
$directory = $this->generateDirectoryPath($config);
|
||||
if (!is_dir($directory)) {
|
||||
$base = $this->generateBaseDirectoryPath($config);
|
||||
@@ -154,7 +151,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
* Tests permissions on a directory and throws out friendly
|
||||
* error messages and attempts to chmod it itself if possible
|
||||
*/
|
||||
private function _testPermissions($dir) {
|
||||
function _testPermissions($dir) {
|
||||
// early abort, if it is writable, everything is hunky-dory
|
||||
if (is_writable($dir)) return true;
|
||||
if (!is_dir($dir)) {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/DefinitionCache.php';
|
||||
require_once 'HTMLPurifier/DefinitionCache/Serializer.php';
|
||||
|
||||
HTMLPurifier_ConfigSchema::define(
|
||||
'Cache', 'DefinitionImpl', 'Serializer', 'string/null', '
|
||||
@@ -22,21 +23,22 @@ HTMLPurifier_ConfigSchema::defineAlias(
|
||||
class HTMLPurifier_DefinitionCacheFactory
|
||||
{
|
||||
|
||||
protected $caches = array('Serializer' => array());
|
||||
protected $implementations = array();
|
||||
protected $decorators = array();
|
||||
var $caches = array('Serializer' => array());
|
||||
var $implementations = array();
|
||||
var $decorators = array();
|
||||
|
||||
/**
|
||||
* Initialize default decorators
|
||||
*/
|
||||
public function setup() {
|
||||
function setup() {
|
||||
$this->addDecorator('Cleanup');
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves an instance of global definition cache factory.
|
||||
* @static
|
||||
*/
|
||||
public static function &instance($prototype = null) {
|
||||
function &instance($prototype = null) {
|
||||
static $instance;
|
||||
if ($prototype !== null) {
|
||||
$instance = $prototype;
|
||||
@@ -52,7 +54,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
* @param $short Short name of cache object, for reference
|
||||
* @param $long Full class name of cache object, for construction
|
||||
*/
|
||||
public function register($short, $long) {
|
||||
function register($short, $long) {
|
||||
$this->implementations[$short] = $long;
|
||||
}
|
||||
|
||||
@@ -61,7 +63,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
* @param $name Name of definitions handled by cache
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
*/
|
||||
public function &create($type, $config) {
|
||||
function &create($type, $config) {
|
||||
$method = $config->get('Cache', 'DefinitionImpl');
|
||||
if ($method === null) {
|
||||
$null = new HTMLPurifier_DefinitionCache_Null($type);
|
||||
@@ -72,7 +74,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
}
|
||||
if (
|
||||
isset($this->implementations[$method]) &&
|
||||
class_exists($class = $this->implementations[$method], false)
|
||||
class_exists($class = $this->implementations[$method])
|
||||
) {
|
||||
$cache = new $class($type);
|
||||
} else {
|
||||
@@ -95,7 +97,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
||||
* Registers a decorator to add to all new cache objects
|
||||
* @param
|
||||
*/
|
||||
public function addDecorator($decorator) {
|
||||
function addDecorator($decorator) {
|
||||
if (is_string($decorator)) {
|
||||
$class = "HTMLPurifier_DefinitionCache_Decorator_$decorator";
|
||||
$decorator = new $class;
|
||||
|
||||
@@ -11,40 +11,40 @@ class HTMLPurifier_Doctype
|
||||
/**
|
||||
* Full name of doctype
|
||||
*/
|
||||
public $name;
|
||||
var $name;
|
||||
|
||||
/**
|
||||
* List of standard modules (string identifiers or literal objects)
|
||||
* that this doctype uses
|
||||
*/
|
||||
public $modules = array();
|
||||
var $modules = array();
|
||||
|
||||
/**
|
||||
* List of modules to use for tidying up code
|
||||
*/
|
||||
public $tidyModules = array();
|
||||
var $tidyModules = array();
|
||||
|
||||
/**
|
||||
* Is the language derived from XML (i.e. XHTML)?
|
||||
*/
|
||||
public $xml = true;
|
||||
var $xml = true;
|
||||
|
||||
/**
|
||||
* List of aliases for this doctype
|
||||
*/
|
||||
public $aliases = array();
|
||||
var $aliases = array();
|
||||
|
||||
/**
|
||||
* Public DTD identifier
|
||||
*/
|
||||
public $dtdPublic;
|
||||
var $dtdPublic;
|
||||
|
||||
/**
|
||||
* System DTD identifier
|
||||
*/
|
||||
public $dtdSystem;
|
||||
var $dtdSystem;
|
||||
|
||||
public function __construct($name = null, $xml = true, $modules = array(),
|
||||
function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
|
||||
$tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||
) {
|
||||
$this->name = $name;
|
||||
@@ -59,7 +59,7 @@ class HTMLPurifier_Doctype
|
||||
/**
|
||||
* Clones the doctype, use before resolving modes and the like
|
||||
*/
|
||||
public function copy() {
|
||||
function copy() {
|
||||
return unserialize(serialize($this));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,13 +23,15 @@ class HTMLPurifier_DoctypeRegistry
|
||||
|
||||
/**
|
||||
* Hash of doctype names to doctype objects
|
||||
* @protected
|
||||
*/
|
||||
protected $doctypes;
|
||||
var $doctypes;
|
||||
|
||||
/**
|
||||
* Lookup table of aliases to real doctype names
|
||||
* @protected
|
||||
*/
|
||||
protected $aliases;
|
||||
var $aliases;
|
||||
|
||||
/**
|
||||
* Registers a doctype to the registry
|
||||
@@ -41,7 +43,7 @@ class HTMLPurifier_DoctypeRegistry
|
||||
* @param $aliases Alias names for doctype
|
||||
* @return Reference to registered doctype (usable for further editing)
|
||||
*/
|
||||
public function ®ister($doctype, $xml = true, $modules = array(),
|
||||
function ®ister($doctype, $xml = true, $modules = array(),
|
||||
$tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||
) {
|
||||
if (!is_array($modules)) $modules = array($modules);
|
||||
@@ -71,7 +73,7 @@ class HTMLPurifier_DoctypeRegistry
|
||||
* @param $doctype Name of doctype
|
||||
* @return Reference to doctype object
|
||||
*/
|
||||
public function &get($doctype) {
|
||||
function &get($doctype) {
|
||||
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
|
||||
if (!isset($this->doctypes[$doctype])) {
|
||||
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
|
||||
@@ -89,7 +91,7 @@ class HTMLPurifier_DoctypeRegistry
|
||||
* Generator whether or not the current document is XML
|
||||
* based or not).
|
||||
*/
|
||||
public function make($config) {
|
||||
function make($config) {
|
||||
$original_doctype = $this->get($this->getDoctypeFromConfig($config));
|
||||
$doctype = $original_doctype->copy();
|
||||
return $doctype;
|
||||
@@ -98,7 +100,7 @@ class HTMLPurifier_DoctypeRegistry
|
||||
/**
|
||||
* Retrieves the doctype from the configuration object
|
||||
*/
|
||||
public function getDoctypeFromConfig($config) {
|
||||
function getDoctypeFromConfig($config) {
|
||||
// recommended test
|
||||
$doctype = $config->get('HTML', 'Doctype');
|
||||
if (!empty($doctype)) return $doctype;
|
||||
|
||||
@@ -13,7 +13,7 @@ class HTMLPurifier_ElementDef
|
||||
* Does the definition work by itself, or is it created solely
|
||||
* for the purpose of merging into another definition?
|
||||
*/
|
||||
public $standalone = true;
|
||||
var $standalone = true;
|
||||
|
||||
/**
|
||||
* Associative array of attribute name to HTMLPurifier_AttrDef
|
||||
@@ -25,23 +25,29 @@ class HTMLPurifier_ElementDef
|
||||
* contain string indentifiers in lieu of HTMLPurifier_AttrDef,
|
||||
* see HTMLPurifier_AttrTypes on how they are expanded during
|
||||
* HTMLPurifier_HTMLDefinition->setup() processing.
|
||||
* @public
|
||||
*/
|
||||
public $attr = array();
|
||||
var $attr = array();
|
||||
|
||||
/**
|
||||
* Indexed list of tag's HTMLPurifier_AttrTransform to be done before validation
|
||||
* @public
|
||||
*/
|
||||
public $attr_transform_pre = array();
|
||||
var $attr_transform_pre = array();
|
||||
|
||||
/**
|
||||
* Indexed list of tag's HTMLPurifier_AttrTransform to be done after validation
|
||||
* @public
|
||||
*/
|
||||
public $attr_transform_post = array();
|
||||
var $attr_transform_post = array();
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* HTMLPurifier_ChildDef of this tag.
|
||||
* @public
|
||||
*/
|
||||
public $child;
|
||||
var $child;
|
||||
|
||||
/**
|
||||
* Abstract string representation of internal ChildDef rules. See
|
||||
@@ -49,8 +55,9 @@ class HTMLPurifier_ElementDef
|
||||
* into an HTMLPurifier_ChildDef.
|
||||
* @warning This is a temporary variable that is not available after
|
||||
* being processed by HTMLDefinition
|
||||
* @public
|
||||
*/
|
||||
public $content_model;
|
||||
var $content_model;
|
||||
|
||||
/**
|
||||
* Value of $child->type, used to determine which ChildDef to use,
|
||||
@@ -58,8 +65,9 @@ class HTMLPurifier_ElementDef
|
||||
* @warning This must be lowercase
|
||||
* @warning This is a temporary variable that is not available after
|
||||
* being processed by HTMLDefinition
|
||||
* @public
|
||||
*/
|
||||
public $content_model_type;
|
||||
var $content_model_type;
|
||||
|
||||
|
||||
|
||||
@@ -68,14 +76,16 @@ class HTMLPurifier_ElementDef
|
||||
* is important for chameleon ins and del processing in
|
||||
* HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
|
||||
* have to worry about this one.
|
||||
* @public
|
||||
*/
|
||||
public $descendants_are_inline = false;
|
||||
var $descendants_are_inline = false;
|
||||
|
||||
/**
|
||||
* List of the names of required attributes this element has. Dynamically
|
||||
* populated by HTMLPurifier_HTMLDefinition::getElement
|
||||
* @public
|
||||
*/
|
||||
public $required_attr = array();
|
||||
var $required_attr = array();
|
||||
|
||||
/**
|
||||
* Lookup table of tags excluded from all descendants of this tag.
|
||||
@@ -87,18 +97,20 @@ class HTMLPurifier_ElementDef
|
||||
* all descendants and not just children. Note that the XHTML
|
||||
* Modularization Abstract Modules are blithely unaware of such
|
||||
* distinctions.
|
||||
* @public
|
||||
*/
|
||||
public $excludes = array();
|
||||
var $excludes = array();
|
||||
|
||||
/**
|
||||
* Is this element safe for untrusted users to use?
|
||||
*/
|
||||
public $safe;
|
||||
var $safe;
|
||||
|
||||
/**
|
||||
* Low-level factory constructor for creating new standalone element defs
|
||||
* @static
|
||||
*/
|
||||
public static function create($safe, $content_model, $content_model_type, $attr) {
|
||||
function create($safe, $content_model, $content_model_type, $attr) {
|
||||
$def = new HTMLPurifier_ElementDef();
|
||||
$def->safe = (bool) $safe;
|
||||
$def->content_model = $content_model;
|
||||
@@ -112,7 +124,7 @@ class HTMLPurifier_ElementDef
|
||||
* Values from the new element def take precedence if a value is
|
||||
* not mergeable.
|
||||
*/
|
||||
public function mergeIn($def) {
|
||||
function mergeIn($def) {
|
||||
|
||||
// later keys takes precedence
|
||||
foreach($def->attr as $k => $v) {
|
||||
@@ -153,7 +165,7 @@ class HTMLPurifier_ElementDef
|
||||
* @param $a1 Array by reference that is merged into
|
||||
* @param $a2 Array that merges into $a1
|
||||
*/
|
||||
private function _mergeAssocArray(&$a1, $a2) {
|
||||
function _mergeAssocArray(&$a1, $a2) {
|
||||
foreach ($a2 as $k => $v) {
|
||||
if ($v === false) {
|
||||
if (isset($a1[$k])) unset($a1[$k]);
|
||||
@@ -166,7 +178,7 @@ class HTMLPurifier_ElementDef
|
||||
/**
|
||||
* Retrieves a copy of the element definition
|
||||
*/
|
||||
public function copy() {
|
||||
function copy() {
|
||||
return unserialize(serialize($this));
|
||||
}
|
||||
|
||||
|
||||
@@ -58,16 +58,23 @@ class HTMLPurifier_Encoder
|
||||
/**
|
||||
* Constructor throws fatal error if you attempt to instantiate class
|
||||
*/
|
||||
private function __construct() {
|
||||
function HTMLPurifier_Encoder() {
|
||||
trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Error-handler that mutes errors, alternative to shut-up operator.
|
||||
*/
|
||||
function muteErrorHandler() {}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Cleans a UTF-8 string for well-formedness and SGML validity
|
||||
*
|
||||
* It will parse according to UTF-8 and return a valid UTF8 string, with
|
||||
* non-SGML codepoints excluded.
|
||||
*
|
||||
* @static
|
||||
* @note Just for reference, the non-SGML code points are 0 to 31 and
|
||||
* 127 to 159, inclusive. However, we allow code points 9, 10
|
||||
* and 13, which are the tab, line feed and carriage return
|
||||
@@ -87,28 +94,15 @@ class HTMLPurifier_Encoder
|
||||
* would need that, and I'm probably not going to implement them.
|
||||
* Once again, PHP 6 should solve all our problems.
|
||||
*/
|
||||
public static function cleanUTF8($str, $force_php = false) {
|
||||
function cleanUTF8($str, $force_php = false) {
|
||||
|
||||
static $non_sgml_chars = array();
|
||||
if (empty($non_sgml_chars)) {
|
||||
for ($i = 0; $i <= 31; $i++) {
|
||||
// non-SGML ASCII chars
|
||||
// save \r, \t and \n
|
||||
if ($i == 9 || $i == 13 || $i == 10) continue;
|
||||
$non_sgml_chars[chr($i)] = '';
|
||||
}
|
||||
for ($i = 127; $i <= 159; $i++) {
|
||||
$non_sgml_chars[HTMLPurifier_Encoder::unichr($i)] = '';
|
||||
}
|
||||
}
|
||||
|
||||
static $iconv = null;
|
||||
if ($iconv === null) $iconv = function_exists('iconv');
|
||||
|
||||
if ($iconv && !$force_php) {
|
||||
// do the shortcut way
|
||||
$str = @iconv('UTF-8', 'UTF-8//IGNORE', $str);
|
||||
return strtr($str, $non_sgml_chars);
|
||||
// UTF-8 validity is checked since PHP 4.3.5
|
||||
// This is an optimization: if the string is already valid UTF-8, no
|
||||
// need to do PHP stuff. 99% of the time, this will be the case.
|
||||
// The regexp matches the XML char production, as well as well as excluding
|
||||
// non-SGML codepoints U+007F to U+009F
|
||||
if (preg_match('/^[\x{9}\x{A}\x{D}\x{20}-\x{7E}\x{A0}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]*$/Du', $str)) {
|
||||
return $str;
|
||||
}
|
||||
|
||||
$mState = 0; // cached expected number of octets after the current octet
|
||||
@@ -219,7 +213,17 @@ class HTMLPurifier_Encoder
|
||||
) {
|
||||
|
||||
} elseif (0xFEFF != $mUcs4 && // omit BOM
|
||||
!($mUcs4 >= 128 && $mUcs4 <= 159) // omit non-SGML
|
||||
// check for valid Char unicode codepoints
|
||||
(
|
||||
0x9 == $mUcs4 ||
|
||||
0xA == $mUcs4 ||
|
||||
0xD == $mUcs4 ||
|
||||
(0x20 <= $mUcs4 && 0x7E >= $mUcs4) ||
|
||||
// 7F-9F is not strictly prohibited by XML,
|
||||
// but it is non-SGML, and thus we don't allow it
|
||||
(0xA0 <= $mUcs4 && 0xD7FF >= $mUcs4) ||
|
||||
(0x10000 <= $mUcs4 && 0x10FFFF >= $mUcs4)
|
||||
)
|
||||
) {
|
||||
$out .= $char;
|
||||
}
|
||||
@@ -245,6 +249,7 @@ class HTMLPurifier_Encoder
|
||||
|
||||
/**
|
||||
* Translates a Unicode codepoint into its corresponding UTF-8 character.
|
||||
* @static
|
||||
* @note Based on Feyd's function at
|
||||
* <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
|
||||
* which is in public domain.
|
||||
@@ -269,7 +274,7 @@ class HTMLPurifier_Encoder
|
||||
// | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
|
||||
// +----------+----------+----------+----------+
|
||||
|
||||
public static function unichr($code) {
|
||||
function unichr($code) {
|
||||
if($code > 1114111 or $code < 0 or
|
||||
($code >= 55296 and $code <= 57343) ) {
|
||||
// bits are set outside the "valid" range as defined
|
||||
@@ -308,43 +313,69 @@ class HTMLPurifier_Encoder
|
||||
|
||||
/**
|
||||
* Converts a string to UTF-8 based on configuration.
|
||||
* @static
|
||||
*/
|
||||
public static function convertToUTF8($str, $config, $context) {
|
||||
static $iconv = null;
|
||||
if ($iconv === null) $iconv = function_exists('iconv');
|
||||
function convertToUTF8($str, $config, &$context) {
|
||||
$encoding = $config->get('Core', 'Encoding');
|
||||
if ($encoding === 'utf-8') return $str;
|
||||
static $iconv = null;
|
||||
if ($iconv === null) $iconv = function_exists('iconv');
|
||||
set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
|
||||
if ($iconv && !$config->get('Test', 'ForceNoIconv')) {
|
||||
return @iconv($encoding, 'utf-8//IGNORE', $str);
|
||||
$str = iconv($encoding, 'utf-8//IGNORE', $str);
|
||||
// If the string is bjorked by Shift_JIS or a similar encoding
|
||||
// that doesn't support all of ASCII, convert the naughty
|
||||
// characters to their true byte-wise ASCII/UTF-8 equivalents.
|
||||
$str = strtr($str, HTMLPurifier_Encoder::testEncodingSupportsASCII($encoding));
|
||||
restore_error_handler();
|
||||
return $str;
|
||||
} elseif ($encoding === 'iso-8859-1') {
|
||||
return @utf8_encode($str);
|
||||
$str = utf8_encode($str);
|
||||
restore_error_handler();
|
||||
return $str;
|
||||
}
|
||||
trigger_error('Encoding not supported', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts a string from UTF-8 based on configuration.
|
||||
* @static
|
||||
* @note Currently, this is a lossy conversion, with unexpressable
|
||||
* characters being omitted.
|
||||
*/
|
||||
public static function convertFromUTF8($str, $config, $context) {
|
||||
static $iconv = null;
|
||||
if ($iconv === null) $iconv = function_exists('iconv');
|
||||
function convertFromUTF8($str, $config, &$context) {
|
||||
$encoding = $config->get('Core', 'Encoding');
|
||||
if ($encoding === 'utf-8') return $str;
|
||||
if ($config->get('Core', 'EscapeNonASCIICharacters')) {
|
||||
static $iconv = null;
|
||||
if ($iconv === null) $iconv = function_exists('iconv');
|
||||
if ($escape = $config->get('Core', 'EscapeNonASCIICharacters')) {
|
||||
$str = HTMLPurifier_Encoder::convertToASCIIDumbLossless($str);
|
||||
}
|
||||
set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
|
||||
if ($iconv && !$config->get('Test', 'ForceNoIconv')) {
|
||||
return @iconv('utf-8', $encoding . '//IGNORE', $str);
|
||||
// Undo our previous fix in convertToUTF8, otherwise iconv will barf
|
||||
$ascii_fix = HTMLPurifier_Encoder::testEncodingSupportsASCII($encoding);
|
||||
if (!$escape && !empty($ascii_fix)) {
|
||||
$clear_fix = array();
|
||||
foreach ($ascii_fix as $utf8 => $native) $clear_fix[$utf8] = '';
|
||||
$str = strtr($str, $clear_fix);
|
||||
}
|
||||
$str = strtr($str, array_flip($ascii_fix));
|
||||
// Normal stuff
|
||||
$str = iconv('utf-8', $encoding . '//IGNORE', $str);
|
||||
restore_error_handler();
|
||||
return $str;
|
||||
} elseif ($encoding === 'iso-8859-1') {
|
||||
return @utf8_decode($str);
|
||||
$str = utf8_decode($str);
|
||||
restore_error_handler();
|
||||
return $str;
|
||||
}
|
||||
trigger_error('Encoding not supported', E_USER_ERROR);
|
||||
}
|
||||
|
||||
/**
|
||||
* Lossless (character-wise) conversion of HTML to ASCII
|
||||
* @static
|
||||
* @param $str UTF-8 string to be converted to ASCII
|
||||
* @returns ASCII encoded string with non-ASCII character entity-ized
|
||||
* @warning Adapted from MediaWiki, claiming fair use: this is a common
|
||||
@@ -359,7 +390,7 @@ class HTMLPurifier_Encoder
|
||||
* @note Sort of with cleanUTF8() but it assumes that $str is
|
||||
* well-formed UTF-8
|
||||
*/
|
||||
public static function convertToASCIIDumbLossless($str) {
|
||||
function convertToASCIIDumbLossless($str) {
|
||||
$bytesleft = 0;
|
||||
$result = '';
|
||||
$working = 0;
|
||||
@@ -390,6 +421,47 @@ class HTMLPurifier_Encoder
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* This expensive function tests whether or not a given character
|
||||
* encoding supports ASCII. 7/8-bit encodings like Shift_JIS will
|
||||
* fail this test, and require special processing. Variable width
|
||||
* encodings shouldn't ever fail.
|
||||
*
|
||||
* @param string $encoding Encoding name to test, as per iconv format
|
||||
* @param bool $bypass Whether or not to bypass the precompiled arrays.
|
||||
* @return Array of UTF-8 characters to their corresponding ASCII,
|
||||
* which can be used to "undo" any overzealous iconv action.
|
||||
*/
|
||||
function testEncodingSupportsASCII($encoding, $bypass = false) {
|
||||
static $encodings = array();
|
||||
if (!$bypass) {
|
||||
if (isset($encodings[$encoding])) return $encodings[$encoding];
|
||||
$lenc = strtolower($encoding);
|
||||
switch ($lenc) {
|
||||
case 'shift_jis':
|
||||
return array("\xC2\xA5" => '\\', "\xE2\x80\xBE" => '~');
|
||||
case 'johab':
|
||||
return array("\xE2\x82\xA9" => '\\');
|
||||
}
|
||||
if (strpos($lenc, 'iso-8859-') === 0) return array();
|
||||
}
|
||||
$ret = array();
|
||||
set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
|
||||
if (iconv('UTF-8', $encoding, 'a') === false) return false;
|
||||
for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
|
||||
$c = chr($i);
|
||||
if (iconv('UTF-8', "$encoding//IGNORE", $c) === '') {
|
||||
// Reverse engineer: what's the UTF-8 equiv of this byte
|
||||
// sequence? This assumes that there's no variable width
|
||||
// encoding that doesn't support ASCII.
|
||||
$ret[iconv($encoding, 'UTF-8//IGNORE', $c)] = $c;
|
||||
}
|
||||
}
|
||||
restore_error_handler();
|
||||
$encodings[$encoding] = $ret;
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -7,8 +7,9 @@ class HTMLPurifier_EntityLookup {
|
||||
|
||||
/**
|
||||
* Assoc array of entity name to character represented.
|
||||
* @public
|
||||
*/
|
||||
public $table;
|
||||
var $table;
|
||||
|
||||
/**
|
||||
* Sets up the entity lookup table from the serialized file contents.
|
||||
@@ -16,7 +17,7 @@ class HTMLPurifier_EntityLookup {
|
||||
* using the maintenance script generate_entity_file.php
|
||||
* @warning This is not in constructor to help enforce the Singleton
|
||||
*/
|
||||
public function setup($file = false) {
|
||||
function setup($file = false) {
|
||||
if (!$file) {
|
||||
$file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
|
||||
}
|
||||
@@ -25,9 +26,10 @@ class HTMLPurifier_EntityLookup {
|
||||
|
||||
/**
|
||||
* Retrieves sole instance of the object.
|
||||
* @static
|
||||
* @param Optional prototype of custom lookup table to overload with.
|
||||
*/
|
||||
public static function instance($prototype = false) {
|
||||
function instance($prototype = false) {
|
||||
// no references, since PHP doesn't copy unless modified
|
||||
static $instance = null;
|
||||
if ($prototype) {
|
||||
|
||||
@@ -15,21 +15,24 @@ class HTMLPurifier_EntityParser
|
||||
|
||||
/**
|
||||
* Reference to entity lookup table.
|
||||
* @protected
|
||||
*/
|
||||
protected $_entity_lookup;
|
||||
var $_entity_lookup;
|
||||
|
||||
/**
|
||||
* Callback regex string for parsing entities.
|
||||
* @protected
|
||||
*/
|
||||
protected $_substituteEntitiesRegex =
|
||||
var $_substituteEntitiesRegex =
|
||||
'/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
|
||||
// 1. hex 2. dec 3. string (XML style)
|
||||
|
||||
|
||||
/**
|
||||
* Decimal to parsed string conversion table for special entities.
|
||||
* @protected
|
||||
*/
|
||||
protected $_special_dec2str =
|
||||
var $_special_dec2str =
|
||||
array(
|
||||
34 => '"',
|
||||
38 => '&',
|
||||
@@ -40,8 +43,9 @@ class HTMLPurifier_EntityParser
|
||||
|
||||
/**
|
||||
* Stripped entity names to decimal conversion table for special entities.
|
||||
* @protected
|
||||
*/
|
||||
protected $_special_ent2dec =
|
||||
var $_special_ent2dec =
|
||||
array(
|
||||
'quot' => 34,
|
||||
'amp' => 38,
|
||||
@@ -54,10 +58,11 @@ class HTMLPurifier_EntityParser
|
||||
* running this whenever you have parsed character is t3h 5uck, we run
|
||||
* it before everything else.
|
||||
*
|
||||
* @protected
|
||||
* @param $string String to have non-special entities parsed.
|
||||
* @returns Parsed string.
|
||||
*/
|
||||
public function substituteNonSpecialEntities($string) {
|
||||
function substituteNonSpecialEntities($string) {
|
||||
// it will try to detect missing semicolons, but don't rely on it
|
||||
return preg_replace_callback(
|
||||
$this->_substituteEntitiesRegex,
|
||||
@@ -69,13 +74,15 @@ class HTMLPurifier_EntityParser
|
||||
/**
|
||||
* Callback function for substituteNonSpecialEntities() that does the work.
|
||||
*
|
||||
* @warning Though this is public in order to let the callback happen,
|
||||
* calling it directly is not recommended.
|
||||
* @param $matches PCRE matches array, with 0 the entire match, and
|
||||
* either index 1, 2 or 3 set with a hex value, dec value,
|
||||
* or string (respectively).
|
||||
* @returns Replacement string.
|
||||
*/
|
||||
|
||||
protected function nonSpecialEntityCallback($matches) {
|
||||
function nonSpecialEntityCallback($matches) {
|
||||
// replaces all but big five
|
||||
$entity = $matches[0];
|
||||
$is_num = (@$matches[0][1] === '#');
|
||||
@@ -106,10 +113,11 @@ class HTMLPurifier_EntityParser
|
||||
* @notice We try to avoid calling this function because otherwise, it
|
||||
* would have to be called a lot (for every parsed section).
|
||||
*
|
||||
* @protected
|
||||
* @param $string String to have non-special entities parsed.
|
||||
* @returns Parsed string.
|
||||
*/
|
||||
public function substituteSpecialEntities($string) {
|
||||
function substituteSpecialEntities($string) {
|
||||
return preg_replace_callback(
|
||||
$this->_substituteEntitiesRegex,
|
||||
array($this, 'specialEntityCallback'),
|
||||
@@ -121,12 +129,14 @@ class HTMLPurifier_EntityParser
|
||||
*
|
||||
* This callback has same syntax as nonSpecialEntityCallback().
|
||||
*
|
||||
* @warning Though this is public in order to let the callback happen,
|
||||
* calling it directly is not recommended.
|
||||
* @param $matches PCRE-style matches array, with 0 the entire match, and
|
||||
* either index 1, 2 or 3 set with a hex value, dec value,
|
||||
* or string (respectively).
|
||||
* @returns Replacement string.
|
||||
*/
|
||||
protected function specialEntityCallback($matches) {
|
||||
function specialEntityCallback($matches) {
|
||||
$entity = $matches[0];
|
||||
$is_num = (@$matches[0][1] === '#');
|
||||
if ($is_num) {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user