Release 4.9.2

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>

.travis.yml

@@ -1,9 +1,11 @@
 language: php
 php:
+    - '5.3'
     - '5.4'
     - '5.5'
     - '5.6'
     - '7.0'
+    - '7.1'
 before_script:
     - git clone --depth=50 https://github.com/ezyang/simpletest.git
     - cp test-settings.travis.php test-settings.php

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.9.1
+PROJECT_NUMBER         = 4.9.2
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

NEWS

@@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.9.2, released 2017-03-12
+- Fixes PHP 5.3 compatibility
+- Fix breakage when decoding decimal entities.  Thanks @rybakit (#129)
+
 4.9.1, released 2017-03-08
 ! %URI.DefaultScheme can now be set to null, in which case
   all relative paths are removed.

VERSION

@@ -1 +1 @@
-4.9.1
+4.9.2

WHATSNEW

@@ -1,8 +1,12 @@
-HTML Purifier 4.9.0 is a maintenance release, collecting a year
+HTML Purifier 4.9.x is a maintenance release, collecting a year
-of accumulated bug fixes plus a few new feature.  New features
+of accumulated bug fixes plus a few new features.  New features
 include support for min/max-width/height CSS, and rgba/hsl/hsla
 in color specifications.  Major bugfixes include improvements
 in the Serializer cache to avoid chmod'ing directories, better
 entity decoding (we won't accidentally encode entities that occur
 in URLs) and rel="noopener" on links with target attributes,
 to prevent them from overwriting the original frame.
+
+4.9.0 was skipped due to a packaging problem; 4.9.2 fixes two
+major regressions in PHP 5.3 support and entity decoding; no
+other functional changes were applied.

configdoc/usage.xml

@@ -173,7 +173,7 @@
   </file>
   <file name="HTMLPurifier/Lexer.php">
    <line>313</line>
-   <line>352</line>
+   <line>353</line>
   </file>
   <file name="HTMLPurifier/HTMLModule/Image.php">
    <line>37</line>
@@ -277,25 +277,25 @@
    <line>347</line>
   </file>
  </directive>
- <directive id="Core.AggressivelyRemoveScript">
+ <directive id="Core.HiddenElements">
   <file name="HTMLPurifier/Lexer.php">
    <line>351</line>
   </file>
+  <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
+   <line>36</line>
+  </file>
+ </directive>
+ <directive id="Core.AggressivelyRemoveScript">
+  <file name="HTMLPurifier/Lexer.php">
+   <line>352</line>
+  </file>
  </directive>
  <directive id="Core.RemoveScriptContents">
-  <file name="HTMLPurifier/Lexer.php">
-   <line>352</line>
-  </file>
-  <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
-   <line>35</line>
-  </file>
- </directive>
- <directive id="Core.HiddenElements">
   <file name="HTMLPurifier/Lexer.php">
    <line>353</line>
   </file>
   <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
-   <line>36</line>
+   <line>35</line>
   </file>
  </directive>
  <directive id="URI.">

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.9.1
+ * @version 4.9.2
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.9.1 - Standards Compliant HTML Filtering
+    HTML Purifier 4.9.2 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -58,12 +58,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.9.1';
+    public $version = '4.9.2';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.9.1';
+    const VERSION = '4.9.2';
 
     /**
      * Global configuration object.

library/HTMLPurifier/AttrDef/CSS/Color.php

@@ -59,19 +59,19 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
              * Allowed types for values :
              * parameter_position => [type => max_value]
              */
-            $allowed_types = [
+            $allowed_types = array(
-                1 => ['percentage' => 100, 'integer' => 255],
+                1 => array('percentage' => 100, 'integer' => 255),
-                2 => ['percentage' => 100, 'integer' => 255],
+                2 => array('percentage' => 100, 'integer' => 255),
-                3 => ['percentage' => 100, 'integer' => 255],
+                3 => array('percentage' => 100, 'integer' => 255),
-            ];
+            );
             $allow_different_types = false;
 
             if (strpos($function, 'hsl') !== false) {
-                $allowed_types = [
+                $allowed_types = array(
-                    1 => ['integer' => 360],
+                    1 => array('integer' => 360),
-                    2 => ['percentage' => 100],
+                    2 => array('percentage' => 100),
-                    3 => ['percentage' => 100],
+                    3 => array('percentage' => 100),
-                ];
+                );
                 $allow_different_types = true;
             }
 

library/HTMLPurifier/Config.php

@@ -21,7 +21,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.9.1';
+    public $version = '4.9.2';
 
     /**
      * Whether or not to automatically finalize

library/HTMLPurifier/EntityParser.php

@@ -119,10 +119,10 @@ class HTMLPurifier_EntityParser
         $hex_part = @$matches[1];
         $dec_part = @$matches[2];
         $named_part = empty($matches[3]) ? @$matches[4] : $matches[3];
-        if ($hex_part) {
+        if ($hex_part !== NULL && $hex_part !== "") {
             return HTMLPurifier_Encoder::unichr(hexdec($hex_part));
-        } elseif ($dec_part) {
+        } elseif ($dec_part !== NULL && $dec_part !== "") {
-            return HTMLPurifier_Encoder((int) $dec_part);
+            return HTMLPurifier_Encoder::unichr((int) $dec_part);
         } else {
             if (!$this->_entity_lookup) {
                 $this->_entity_lookup = HTMLPurifier_EntityLookup::instance();

library/HTMLPurifier/Lexer.php

@@ -348,9 +348,10 @@ class HTMLPurifier_Lexer
             $html = preg_replace('#<\?.+?\?>#s', '', $html);
         }
 
+        $hidden_elements = $config->get('Core.HiddenElements');
         if ($config->get('Core.AggressivelyRemoveScript') &&
             !($config->get('HTML.Trusted') || !$config->get('Core.RemoveScriptContents')
-            || empty($config->get('Core.HiddenElements')["script"]))) {
+            || empty($hidden_elements["script"]))) {
             $html = preg_replace('#<script[^>]*>.*?</script>#i', '', $html);
         }
 

tests/HTMLPurifier/EntityParserTest.php

@@ -16,8 +16,12 @@ class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
         $char_theta = $this->_entity_lookup->table['theta'];
         $this->assertIdentical($char_theta,
             $this->EntityParser->substituteNonSpecialEntities('θ') );
+        $this->assertIdentical($char_theta,
+            $this->EntityParser->substituteTextEntities('θ') );
         $this->assertIdentical('"',
             $this->EntityParser->substituteNonSpecialEntities('"') );
+        $this->assertIdentical('"',
+            $this->EntityParser->substituteTextEntities('"') );
 
         // numeric tests, adapted from Feyd
         $args = array();
@@ -71,6 +75,11 @@ class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
                 $expect,
                 'Identical expectation [Hex: '. dechex($arg[0]) .']'
             );
+            $this->assertIdentical(
+                $this->EntityParser->substituteTextEntities($string),
+                $expect,
+                'Identical expectation [Hex: '. dechex($arg[0]) .']'
+            );
         }
 
     }
@@ -81,6 +90,10 @@ class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
             "'",
             $this->EntityParser->substituteSpecialEntities(''')
         );
+        $this->assertIdentical(
+            "'",
+            $this->EntityParser->substituteTextEntities(''')
+        );
     }
 
 }