Release 4.14.0

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

.gitattributes

@@ -1,13 +1,23 @@
 /.gitattributes export-ignore
+/.github export-ignore
 /.gitignore export-ignore
-/.travis.yml export-ignore
+/art export-ignore
-/Doxyfile export-ignore
+/benchmarks export-ignore
-/art/ export-ignore
+/configdoc export-ignore
-/benchmarks/ export-ignore
-/configdoc/ export-ignore
 /configdoc/usage.xml -crlf
-/docs/ export-ignore
+/docs export-ignore
-/phpdoc.ini
+/Doxyfile export-ignore
-/smoketests/ export-ignore
+/extras export-ignore
-/tests/* export-ignore
+/INSTALL* export-ignore
-/tests/path2class.func.php -export-ignore
+/maintenance export-ignore
+/NEWS export-ignore
+/package.php export-ignore
+/plugins export-ignore
+/phpdoc.ini export-ignore
+/smoketests export-ignore
+/test-* export-ignore
+/tests export-ignore
+/TODO export-ignore
+/update-for-release export-ignore
+/WHATSNEW export-ignore
+/WYSIWYG export-ignore

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: ci
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  linux_tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [5.4, 5.5, 5.6, 7.0, 7.1, 7.2, 7.3, 7.4, 8.0]
+
+    name: PHP ${{ matrix.php }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+
+      - name: Clone simpletest
+        run: git clone --depth=50 https://github.com/ezyang/simpletest.git
+
+      - name: Configure simpletest
+        run: cp test-settings.travis.php test-settings.php
+
+      - name: Execute Unit tests
+        run: php tests/index.php

.travis.yml

@@ -1,19 +0,0 @@
-language: php
-php:
-    - '5.6'
-    - '7.0'
-    - '7.1'
-    - '7.2'
-    - '7.3'
-    - '7.4snapshot'
-matrix:
-    include:
-        - php: '5.4'
-          dist: trusty
-        - php: '5.5'
-          dist: trusty
-before_script:
-    - git clone --depth=50 https://github.com/ezyang/simpletest.git
-    - cp test-settings.travis.php test-settings.php
-script:
-    - php tests/index.php

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.12.0
+PROJECT_NUMBER         = 4.14.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

NEWS

@@ -9,6 +9,43 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.14.0, released 2021-12-24
+! Add "background-size" support (#289), contributed by Václav Smítal
+! Transform deprecated width attribute when tidying HTML, contributed by
+  Kieran.
+- PHP 8 support, contributed by Maksims Sļotovs.
+- Improved PHP 7.3 compatibility, contributed by kishor.
+- Avoid spurious magic quotes notice in PHP 7.4.  Thanks
+  Jasper Zonneveld for the fix.
+- Do not remove thead from table even if there are no tbody/tr (#264).
+  Thanks Marcus Artner for the fix.
+- Fix "Parameter must be an array or an object that implements
+  Countable" (#285)".  Thanks Kieran for this fix.
+. Fix unnecessary reference assignment, handling behavior change from
+  PHP5 and PHP7.  Thanks Arkadiusz Biczewski for the fix.
+
+4.13.0, released 2020-06-28
+! Add %HTML.Forms directive, which lets you accept forms in user
+  HTML without requiring full %HTML.Trusted.  Note that forms can
+  be (trivially) used to setup phishing; e.g., an attacker can
+  use CSS absolute positioning to overlay a form on top of a login
+  element, so please be sure to use this with care!   Fixes #213.
+  Thanks Mateusz Turcza for contributing this feature.
+! tr@bgcolor attribute is now supported.  Thanks Kieran Brahney
+  for this enhancement.
+- Further improvements to PHP 7.4 support, contributed by Witold
+  Wasiczko and Eloy Lafuente.
+- Fix PSR-0 compatibility.  Thanks Jordi Boggiano for contributing
+  part of this fix.
+- Fix bug with purifyArray where it doesn't work on empty arrays.
+  Thanks Fräntz Miccoli for the fix.
+- Reduce amount of maintenance scripts included in distribution
+  packages.  Thanks Sergei Morozov for this patch.
+- Remove leading zeros unless if it is only a zero, fixes #239.  Thanks
+  lubomirbartos for this fix.
+- Correct type hinting of maybeGet*, fixes #240.   Thanks Anders Jenbo
+  for this fix.
+
 4.12.0, released 2019-10-27
 ! PHP 7.4 is supported, thank you Witold Wasiczko, Mateuz Turcza and
   Edi Modrić

README.md

@@ -1,4 +1,4 @@
-HTML Purifier [![Build Status](https://secure.travis-ci.org/ezyang/htmlpurifier.svg?branch=master)](http://travis-ci.org/ezyang/htmlpurifier)
+HTML Purifier [![Build Status](https://github.com/ezyang/htmlpurifier/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/ezyang/htmlpurifier/actions/workflows/ci.yml)
 =============
 
 HTML Purifier is an HTML filtering solution that uses a unique combination

VERSION

@@ -1 +1 @@
-4.12.0
+4.14.0

WHATSNEW

@@ -1,2 +1,4 @@
-HTML Purifier 4.12.x is a maintenance release which makes
+HTML Purifier 4.14.x is a maintenance release which improves
-compatibility fixes for PHP 7.4.
+PHP7 and PHP8 compatibility.  There are also some minor new features
+(background-size) and some miscellaneous fixes to remove notices
+from recent versions of PHP.

composer.json

@@ -15,11 +15,11 @@
     "require": {
         "php": ">=5.2"
     },
-    "require-dev": {
-        "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd"
-    },
     "autoload": {
         "psr-0": { "HTMLPurifier": "library/" },
-        "files": ["library/HTMLPurifier.composer.php"]
+        "files": ["library/HTMLPurifier.composer.php"],
+        "exclude-from-classmap": [
+            "/library/HTMLPurifier/Language/"
+        ]
     }
 }

configdoc/usage.xml

@@ -19,37 +19,37 @@
  </directive>
  <directive id="CSS.MaxImgLength">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>240</line>
+   <line>256</line>
   </file>
  </directive>
  <directive id="CSS.Proprietary">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>365</line>
+   <line>381</line>
   </file>
  </directive>
  <directive id="CSS.AllowTricky">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>369</line>
+   <line>385</line>
   </file>
  </directive>
  <directive id="CSS.Trusted">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>373</line>
+   <line>389</line>
   </file>
  </directive>
  <directive id="CSS.AllowImportant">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>377</line>
+   <line>393</line>
   </file>
  </directive>
  <directive id="CSS.AllowedProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>506</line>
+   <line>522</line>
   </file>
  </directive>
  <directive id="CSS.ForbiddenProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>522</line>
+   <line>538</line>
   </file>
  </directive>
  <directive id="Cache.DefinitionImpl">
@@ -480,6 +480,11 @@
    <line>330</line>
   </file>
  </directive>
+ <directive id="HTML.Forms">
+  <file name="HTMLPurifier/HTMLModule/Forms.php">
+   <line>31</line>
+  </file>
+ </directive>
  <directive id="HTML.SafeIframe">
   <file name="HTMLPurifier/HTMLModule/Iframe.php">
    <line>28</line>

library/HTMLPurifier.autoload-legacy.php

@@ -4,12 +4,11 @@
  * @file
  * Legacy autoloader for systems lacking spl_autoload_register
  *
- * Must be separate to prevent deprecation warning on PHP 7.2
  */
 
-function __autoload($class)
+spl_autoload_register(function($class)
 {
      return HTMLPurifier_Bootstrap::autoload($class);
-}
+});
 
 // vim: et sw=4 sts=4

library/HTMLPurifier.autoload.php

@@ -17,6 +17,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
     require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php';
 }
 
+// phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.zend_ze1_compatibility_modeRemoved
 if (ini_get('zend.ze1_compatibility_mode')) {
     trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
 }

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.12.0
+ * @version 4.14.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.12.0 - Standards Compliant HTML Filtering
+    HTML Purifier 4.14.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -58,12 +58,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.12.0';
+    public $version = '4.14.0';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.12.0';
+    const VERSION = '4.14.0';
 
     /**
      * Global configuration object.
@@ -240,6 +240,7 @@ class HTMLPurifier
     public function purifyArray($array_of_html, $config = null)
     {
         $context_array = array();
+        $array = array();
         foreach($array_of_html as $key=>$value){
             if (is_array($value)) {
                 $array[$key] = $this->purifyArray($value, $config);

library/HTMLPurifier/AttrDef/CSS/Background.php

@@ -25,6 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
         $this->info['background-repeat'] = $def->info['background-repeat'];
         $this->info['background-attachment'] = $def->info['background-attachment'];
         $this->info['background-position'] = $def->info['background-position'];
+        $this->info['background-size'] = $def->info['background-size'];
     }
 
     /**
@@ -53,6 +54,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
         $caught['repeat'] = false;
         $caught['attachment'] = false;
         $caught['position'] = false;
+        $caught['size'] = false;
 
         $i = 0; // number of catches
 

library/HTMLPurifier/AttrDef/CSS/Number.php

@@ -69,7 +69,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
             return false;
         }
 
+        // Remove leading zeros until positive number or a zero stays left
+        if (ltrim($left, '0') != '') {
             $left = ltrim($left, '0');
+        } else {
+            $left = '0';
+        }
+
         $right = rtrim($right, '0');
 
         if ($right === '') {

library/HTMLPurifier/CSSDefinition.php

@@ -109,6 +109,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         );
         $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
 
+        $this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
+            array(
+                new HTMLPurifier_AttrDef_Enum(
+                    array(
+                        'auto',
+                        'cover',
+                        'contain',
+                        'initial',
+                        'inherit',
+                    )
+                ),
+                new HTMLPurifier_AttrDef_CSS_Percentage(),
+                new HTMLPurifier_AttrDef_CSS_Length()
+            )
+        );
+
         $border_color =
             $this->info['border-top-color'] =
             $this->info['border-bottom-color'] =

library/HTMLPurifier/ChildDef/Table.php

@@ -164,7 +164,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
             }
         }
 
-        if (empty($content)) {
+        if (empty($content) && $thead === false && $tfoot === false) {
             return false;
         }
 

library/HTMLPurifier/Config.php

@@ -21,7 +21,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.12.0';
+    public $version = '4.14.0';
 
     /**
      * Whether or not to automatically finalize
@@ -408,7 +408,7 @@ class HTMLPurifier_Config
      *             maybeGetRawHTMLDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_HTMLDefinition
+     * @return HTMLPurifier_HTMLDefinition|null
      */
     public function getHTMLDefinition($raw = false, $optimized = false)
     {
@@ -427,7 +427,7 @@ class HTMLPurifier_Config
      *             maybeGetRawCSSDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_CSSDefinition
+     * @return HTMLPurifier_CSSDefinition|null
      */
     public function getCSSDefinition($raw = false, $optimized = false)
     {
@@ -446,7 +446,7 @@ class HTMLPurifier_Config
      *             maybeGetRawURIDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_URIDefinition
+     * @return HTMLPurifier_URIDefinition|null
      */
     public function getURIDefinition($raw = false, $optimized = false)
     {
@@ -468,7 +468,7 @@ class HTMLPurifier_Config
      *        maybe semantics is the "right thing to do."
      *
      * @throws HTMLPurifier_Exception
-     * @return HTMLPurifier_Definition
+     * @return HTMLPurifier_Definition|null
      */
     public function getDefinition($type, $raw = false, $optimized = false)
     {
@@ -647,7 +647,7 @@ class HTMLPurifier_Config
     }
 
     /**
-     * @return HTMLPurifier_HTMLDefinition
+     * @return HTMLPurifier_HTMLDefinition|null
      */
     public function maybeGetRawHTMLDefinition()
     {
@@ -655,7 +655,7 @@ class HTMLPurifier_Config
     }
     
     /**
-     * @return HTMLPurifier_CSSDefinition
+     * @return HTMLPurifier_CSSDefinition|null
      */
     public function maybeGetRawCSSDefinition()
     {
@@ -663,7 +663,7 @@ class HTMLPurifier_Config
     }
     
     /**
-     * @return HTMLPurifier_URIDefinition
+     * @return HTMLPurifier_URIDefinition|null
      */
     public function maybeGetRawURIDefinition()
     {
@@ -803,7 +803,7 @@ class HTMLPurifier_Config
         if ($index !== false) {
             $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
         }
-        $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
+        $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
 
         $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
         $ret = array();

library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt

@@ -0,0 +1,11 @@
+HTML.Forms
+TYPE: bool
+VERSION: 4.13.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit form elements in the user input, regardless of
+    %HTML.Trusted value. Please be very careful when using this functionality, as
+    enabling forms in untrusted documents may allow for phishing attacks.
+</p>
+--# vim: et sw=4 sts=4

library/HTMLPurifier/HTMLModule.php

@@ -257,8 +257,9 @@ class HTMLPurifier_HTMLModule
      */
     public function makeLookup($list)
     {
+        $args = func_get_args();
         if (is_string($list)) {
-            $list = func_get_args();
+            $list = $args;
         }
         $ret = array();
         foreach ($list as $value) {

library/HTMLPurifier/HTMLModule/Forms.php

@@ -28,6 +28,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
      */
     public function setup($config)
     {
+        if ($config->get('HTML.Forms')) {
+            $this->safe = true;
+        }
+
         $form = $this->addElement(
             'form',
             'Form',

library/HTMLPurifier/HTMLModule/Tidy.php

@@ -146,10 +146,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
                         $type = "info_$type";
                         $e = $this;
                     }
-                    // PHP does some weird parsing when I do
+                    $e->{$type}[$attr] = $fix;
-                    // $e->$type[$attr], so I have to assign a ref.
-                    $f =& $e->$type;
-                    $f[$attr] = $fix;
                     break;
                 case 'tag_transform':
                     $this->info_tag_transform[$params['element']] = $fix;

library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php

@@ -96,6 +96,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
 
         // @bgcolor for table, tr, td, th ---------------------------------
         $r['table@bgcolor'] =
+        $r['tr@bgcolor'] =
         $r['td@bgcolor'] =
         $r['th@bgcolor'] =
             new HTMLPurifier_AttrTransform_BgColor();
@@ -167,9 +168,11 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
         // @vspace for img ------------------------------------------------
         $r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace');
 
-        // @width for hr, td, th ------------------------------------------
+        // @width for table, hr, td, th, col ------------------------------------------
+        $r['table@width'] =
         $r['td@width'] =
         $r['th@width'] =
+        $r['col@width'] =
         $r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width');
 
         return $r;

library/HTMLPurifier/Injector/Linkify.php

@@ -40,6 +40,9 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
             '/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu',
             $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
 
+        if ($bits === false) {
+            return;
+        }
 
         $token = array();
 

library/HTMLPurifier/Language/classes/en-x-test.php

@@ -1,9 +0,0 @@
-<?php
-
-// private class for unit testing
-
-class HTMLPurifier_Language_en_x_test extends HTMLPurifier_Language
-{
-}
-
-// vim: et sw=4 sts=4

library/HTMLPurifier/Language/messages/en-x-test.php

@@ -1,13 +0,0 @@
-<?php
-
-// private language message file for unit testing purposes
-
-$fallback = 'en';
-
-$messages = array(
-    'HTMLPurifier' => 'HTML Purifier X'
-);
-
-$errorNames = array();
-
-// vim: et sw=4 sts=4

library/HTMLPurifier/Language/messages/en-x-testmini.php

@@ -1,14 +0,0 @@
-<?php
-
-// private language message file for unit testing purposes
-// this language file has no class associated with it
-
-$fallback = 'en';
-
-$messages = array(
-    'HTMLPurifier' => 'HTML Purifier XNone'
-);
-
-$errorNames = array();
-
-// vim: et sw=4 sts=4

library/HTMLPurifier/Printer/HTMLDefinition.php

@@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
         $ret .= $this->element('caption', 'Doctype');
         $ret .= $this->row('Name', $doctype->name);
         $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
-        $ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
+        $ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
-        $ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
+        $ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
         $ret .= $this->end('table');
         return $ret;
     }

tests/HTMLPurifier/AttrDef/CSS/AlphaValueTest.php

@@ -9,7 +9,7 @@ class HTMLPurifier_AttrDef_CSS_AlphaValueTest extends HTMLPurifier_AttrDefHarnes
 
         $this->assertDef('0');
         $this->assertDef('1');
-        $this->assertDef('.2');
+        $this->assertDef('0.2');
 
         // clamping to [0.0, 1,0]
         $this->assertDef('1.2', '1');

tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php

@@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
         );
         $this->assertDef(
             'rgba(74, 12, 85, 0.35) repeat fixed bottom',
-            'rgba(74,12,85,.35) repeat fixed bottom'
+            'rgba(74,12,85,0.35) repeat fixed bottom'
         );
         $this->assertDef(
             'hsl(244, 47.4%, 88.1%) right center',

tests/HTMLPurifier/AttrDef/CSS/ColorTest.php

@@ -20,8 +20,8 @@ class HTMLPurifier_AttrDef_CSS_ColorTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('rgb(12%,150%,0%)', 'rgb(12%,100%,0%)'); // percentage max values
 
         $this->assertDef('rgba(255, 0, 0, 0)', 'rgba(255,0,0,0)'); // rm spaces
-        $this->assertDef('rgba(100%,0%,0%,.4)');
+        $this->assertDef('rgba(100%,0%,0%,0.4)');
-        $this->assertDef('rgba(38.1%,59.7%,1.8%,0.7)', 'rgba(38.1%,59.7%,1.8%,.7)'); // decimals okay
+        $this->assertDef('rgba(38.1%,59.7%,1.8%,0.7)', 'rgba(38.1%,59.7%,1.8%,0.7)'); // decimals okay
 
         $this->assertDef('hsl(275, 45%, 81%)', 'hsl(275,45%,81%)'); // rm spaces
         $this->assertDef('hsl(100,0%,0%)');
@@ -30,8 +30,8 @@ class HTMLPurifier_AttrDef_CSS_ColorTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('hsl(380,125%,0%)', 'hsl(360,100%,0%)'); // max values
 
         $this->assertDef('hsla(100, 74%, 29%, 0)', 'hsla(100,74%,29%,0)'); // rm spaces
-        $this->assertDef('hsla(154,87%,21%,.4)');
+        $this->assertDef('hsla(154,87%,21%,0.4)');
-        $this->assertDef('hsla(45,94.3%,4.1%,0.7)', 'hsla(45,94.3%,4.1%,.7)'); // decimals okay
+        $this->assertDef('hsla(45,94.3%,4.1%,0.7)', 'hsla(45,94.3%,4.1%,0.7)'); // decimals okay
 
         $this->assertDef('#G00', false);
         $this->assertDef('cmyk(40, 23, 43, 23)', false);

tests/HTMLPurifier/AttrDef/CSS/NumberTest.php

@@ -12,8 +12,8 @@ class HTMLPurifier_AttrDef_CSS_NumberTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('1.0', '1');
         $this->assertDef('34');
         $this->assertDef('4.5');
-        $this->assertDef('.5');
+        $this->assertDef('0.5');
-        $this->assertDef('0.5', '.5');
+        $this->assertDef('0.5', '0.5');
         $this->assertDef('-56.9');
 
         $this->assertDef('0.', '0');
@@ -21,10 +21,10 @@ class HTMLPurifier_AttrDef_CSS_NumberTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('0.0', '0');
 
         $this->assertDef('1.', '1');
-        $this->assertDef('.1', '.1');
+        $this->assertDef('.1', '0.1');
 
         $this->assertDef('1.0', '1');
-        $this->assertDef('0.1', '.1');
+        $this->assertDef('0.1', '0.1');
 
         $this->assertDef('000', '0');
         $this->assertDef(' 9', '9');

tests/HTMLPurifier/AttrDef/CSSTest.php

@@ -92,6 +92,9 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('background-repeat:repeat-y;');
         $this->assertDef('background-attachment:fixed;');
         $this->assertDef('background-position:left 90%;');
+        $this->assertDef('background-size:50%;');
+        $this->assertDef('background-size:cover;');
+        $this->assertDef('background-size:200px;');
         $this->assertDef('border-spacing:1em;');
         $this->assertDef('border-spacing:1em 2em;');
         $this->assertDef('border-color: rgb(0, 0, 0) rgb(10,0,10)', 'border-color:rgb(0,0,0) rgb(10,0,10);');
@@ -140,8 +143,8 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('scrollbar-highlight-color:#ff69b4;');
         $this->assertDef('scrollbar-shadow-color:#f0f;');
 
-        $this->assertDef('-moz-opacity:.2;');
+        $this->assertDef('-moz-opacity:0.2;');
-        $this->assertDef('-khtml-opacity:.2;');
+        $this->assertDef('-khtml-opacity:0.2;');
         $this->assertDef('filter:alpha(opacity=20);');
 
         $this->assertDef('border-top-left-radius:55pt 25pt;');
@@ -160,7 +163,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('display:none;');
         $this->assertDef('visibility:visible;');
         $this->assertDef('overflow:scroll;');
-        $this->assertDef('opacity:.2;');
+        $this->assertDef('opacity:0.2;');
     }
 
     public function testForbidden()

tests/HTMLPurifier/ChildDef/TableTest.php

@@ -44,6 +44,22 @@ class HTMLPurifier_ChildDef_TableTest extends HTMLPurifier_ChildDefHarness
         );
     }
 
+    public function testTheadOnlyNotRemoved()
+    {
+        $this->assertResult(
+            '<thead><tr><th>a</th></tr></thead>',
+            '<thead><tr><th>a</th></tr></thead>'
+        );
+    }
+
+    public function testTbodyOnlyNotRemoved()
+    {
+        $this->assertResult(
+            '<tbody><tr><th>a</th></tr></tbody>',
+            '<tbody><tr><th>a</th></tr></tbody>'
+        );
+    }
+
     public function testTrOverflowAndClose()
     {
         $this->assertResult(

tests/HTMLPurifier/HTMLModule/FormsTest.php

@@ -161,6 +161,13 @@ class HTMLPurifier_HTMLModule_FormsTest extends HTMLPurifier_HTMLModuleHarness
         $this->assertResult('<form action=""><input align="left" /></form>');
     }
 
+    public function testHTMLFormsConfigDirective()
+    {
+        $this->config->set('HTML.Trusted', false);
+        $this->config->set('HTML.Forms', true);
+
+        $this->assertResult('<form action="..." method="post"><input type="text" /><textarea cols="20" rows="3"></textarea></form>');
+    }
 }
 
 // vim: et sw=4 sts=4

tests/HTMLPurifier/LanguageFactoryTest.php

@@ -29,45 +29,6 @@ class HTMLPurifier_LanguageFactoryTest extends HTMLPurifier_Harness
 
     }
 
-    public function testFallback()
-    {
-        $this->config->set('Core.Language', 'en-x-test');
-        $language = $this->factory->create($this->config, $this->context);
-
-        $this->assertIsA($language, 'HTMLPurifier_Language_en_x_test');
-        $this->assertIdentical($language->code, 'en-x-test');
-
-        $language->load();
-
-        // test overloaded message
-        $this->assertIdentical($language->getMessage('HTMLPurifier'), 'HTML Purifier X');
-
-        // test inherited message
-        $this->assertIdentical($language->getMessage('LanguageFactoryTest: Pizza'), 'Pizza');
-
-    }
-
-    public function testFallbackWithNoClass()
-    {
-        $this->config->set('Core.Language', 'en-x-testmini');
-        $language = $this->factory->create($this->config, $this->context);
-        $this->assertIsA($language, 'HTMLPurifier_Language');
-        $this->assertIdentical($language->code, 'en-x-testmini');
-        $language->load();
-        $this->assertIdentical($language->getMessage('HTMLPurifier'), 'HTML Purifier XNone');
-        $this->assertIdentical($language->getMessage('LanguageFactoryTest: Pizza'), 'Pizza');
-        $this->assertIdentical($language->error, false);
-    }
-
-    public function testNoSuchLanguage()
-    {
-        $this->config->set('Core.Language', 'en-x-testnone');
-        $language = $this->factory->create($this->config, $this->context);
-        $this->assertIsA($language, 'HTMLPurifier_Language');
-        $this->assertIdentical($language->code, 'en-x-testnone');
-        $this->assertIdentical($language->error, true);
-    }
-
 }
 
 // vim: et sw=4 sts=4

tests/HTMLPurifierTest.php

@@ -32,6 +32,13 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
         );
     }
 
+    public function test_purifyArray_empty() {
+        $purifiedEmptyArray = $this->purifier->purifyArray(array());
+        $this->assertTrue(
+            empty($purifiedEmptyArray)
+        );
+    }
+
     public function testGetInstance()
     {
         $purifier  = HTMLPurifier::getInstance();

update-for-release

@@ -104,7 +104,7 @@ file_put_contents('library/HTMLPurifier/Config.php', $config_c);
 
 passthru('maintenance/flush.sh');
 
-if ($is_dev) echo "Review changes, write something in WHATSNEW and FOCUS, and then commit with log 'Release $version.'" . PHP_EOL;
+if ($is_dev) echo "Review changes, write something in WHATSNEW, and then commit with log 'Release $version.'" . PHP_EOL;
 else echo "Numbers updated to dev, no other modifications necessary!";
 
 // vim: et sw=4 sts=4