diff --git a/wire/core/Functions.php b/wire/core/Functions.php
index 05cb1aa5..21fe9429 100644
--- a/wire/core/Functions.php
+++ b/wire/core/Functions.php
@@ -81,6 +81,7 @@ if(!function_exists("tabIndent")):
* @param string $str String that needs the tabs
* @param int $numTabs Number of tabs to insert per line (note any existing tabs are left as-is, so indentation is retained)
* @param string $str The provided string but with tabs inserted
+ * @return string
* @deprecated
*
*/
diff --git a/wire/modules/Markup/MarkupHTMLPurifier/MarkupHTMLPurifier.module b/wire/modules/Markup/MarkupHTMLPurifier/MarkupHTMLPurifier.module
index 9b642b3a..fb1a0191 100644
--- a/wire/modules/Markup/MarkupHTMLPurifier/MarkupHTMLPurifier.module
+++ b/wire/modules/Markup/MarkupHTMLPurifier/MarkupHTMLPurifier.module
@@ -31,7 +31,7 @@ class MarkupHTMLPurifier extends WireData implements Module {
return array(
'title' => 'HTML Purifier',
'summary' => 'Front-end to the HTML Purifier library.',
- 'version' => 492,
+ 'version' => 495,
'singular' => false,
'autoload' => false,
);
@@ -114,16 +114,9 @@ class MarkupHTMLPurifier extends WireData implements Module {
*/
public function purify($html) {
- // prepare markup for things that HTMLPurifier doesn't support
- $hasTel = strpos($html, 'href="tel:') !== false;
- if($hasTel) $html = str_replace('href="tel:', 'href="tel//:', $html);
-
// purify
$html = $this->getPurifier()->purify($html);
- // finish markup for things that HTMLPurifier doesn't support
- if($hasTel) $html = str_replace('href="tel//:', 'href="tel:', $html);
-
return $html;
}
diff --git a/wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php b/wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php
index a4483471..23094267 100644
--- a/wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php
+++ b/wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php
@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run.
*
- * @version 4.9.3
+ * @version 4.11.0
*
* @warning
* You must *not* include any other HTML Purifier files before this file,
@@ -39,7 +39,7 @@
*/
/*
- HTML Purifier 4.9.3 - Standards Compliant HTML Filtering
+ HTML Purifier 4.11.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
@@ -78,12 +78,12 @@ class HTMLPurifier
* Version of HTML Purifier.
* @type string
*/
- public $version = '4.9.3';
+ public $version = '4.11.0';
/**
* Constant with version of HTML Purifier.
*/
- const VERSION = '4.9.3';
+ const VERSION = '4.11.0';
/**
* Global configuration object.
@@ -260,12 +260,16 @@ class HTMLPurifier
public function purifyArray($array_of_html, $config = null)
{
$context_array = array();
- foreach ($array_of_html as $key => $html) {
- $array_of_html[$key] = $this->purify($html, $config);
+ foreach($array_of_html as $key=>$value){
+ if (is_array($value)) {
+ $array[$key] = $this->purifyArray($value, $config);
+ } else {
+ $array[$key] = $this->purify($value, $config);
+ }
$context_array[$key] = $this->context;
}
$this->context = $context_array;
- return $array_of_html;
+ return $array;
}
/**
@@ -309,8 +313,8 @@ class HTMLPurifier
}
}
-
-
+
+
/**
@@ -382,7 +386,7 @@ class HTMLPurifier_Arborize
return $tokens;
}
}
-
+
/**
@@ -530,8 +534,8 @@ class HTMLPurifier_AttrCollections
}
}
-
-
+
+
/**
@@ -675,8 +679,8 @@ abstract class HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -736,8 +740,8 @@ abstract class HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -833,8 +837,8 @@ class HTMLPurifier_AttrTypes
}
}
-
-
+
+
/**
@@ -1012,8 +1016,8 @@ class HTMLPurifier_AttrValidator
}
-
-
+
+
// constants are slow, so we use as few as possible
@@ -1138,8 +1142,8 @@ class HTMLPurifier_Bootstrap
}
}
-
-
+
+
/**
@@ -1194,8 +1198,8 @@ abstract class HTMLPurifier_Definition
}
}
-
-
+
+
/**
@@ -1418,15 +1422,25 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
array(
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true),
- new HTMLPurifier_AttrDef_Enum(array('auto'))
+ new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit'))
+ )
+ );
+ $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
+ array(
+ new HTMLPurifier_AttrDef_CSS_Length('0'),
+ new HTMLPurifier_AttrDef_CSS_Percentage(true),
+ new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+ )
+ );
+ $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
+ array(
+ new HTMLPurifier_AttrDef_CSS_Length('0'),
+ new HTMLPurifier_AttrDef_CSS_Percentage(true),
+ new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
)
);
$max = $config->get('CSS.MaxImgLength');
- $this->info['min-width'] =
- $this->info['max-width'] =
- $this->info['min-height'] =
- $this->info['max-height'] =
$this->info['width'] =
$this->info['height'] =
$max === null ?
@@ -1443,6 +1457,38 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// For everyone else:
$trusted_wh
);
+ $this->info['min-width'] =
+ $this->info['min-height'] =
+ $max === null ?
+ $trusted_min_wh :
+ new HTMLPurifier_AttrDef_Switch(
+ 'img',
+ // For img tags:
+ new HTMLPurifier_AttrDef_CSS_Composite(
+ array(
+ new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+ new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+ )
+ ),
+ // For everyone else:
+ $trusted_min_wh
+ );
+ $this->info['max-width'] =
+ $this->info['max-height'] =
+ $max === null ?
+ $trusted_max_wh :
+ new HTMLPurifier_AttrDef_Switch(
+ 'img',
+ // For img tags:
+ new HTMLPurifier_AttrDef_CSS_Composite(
+ array(
+ new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+ new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
+ )
+ ),
+ // For everyone else:
+ $trusted_max_wh
+ );
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
@@ -1686,8 +1732,8 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
}
}
-
-
+
+
/**
@@ -1739,8 +1785,8 @@ abstract class HTMLPurifier_ChildDef
abstract public function validateChildren($children, $config, $context);
}
-
-
+
+
/**
@@ -1764,7 +1810,7 @@ class HTMLPurifier_Config
* HTML Purifier's version
* @type string
*/
- public $version = '4.9.3';
+ public $version = '4.11.0';
/**
* Whether or not to automatically finalize
@@ -2633,7 +2679,7 @@ class HTMLPurifier_Config
// zip(tail(trace), trace) -- but PHP is not Haskell har har
for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
// XXX this is not correct on some versions of HTML Purifier
- if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
+ if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
continue;
}
$frame = $trace[$i];
@@ -2660,8 +2706,8 @@ class HTMLPurifier_Config
}
-
-
+
+
/**
@@ -2764,7 +2810,7 @@ class HTMLPurifier_ConfigSchema
* @param string $key Name of directive
* @param mixed $default Default value of directive
* @param string $type Allowed type of the directive. See
- * HTMLPurifier_DirectiveDef::$type for allowed values
+ * HTMLPurifier_VarParser::$types for allowed values
* @param bool $allow_null Whether or not to allow null values
*/
public function add($key, $default, $type, $allow_null)
@@ -2837,8 +2883,8 @@ class HTMLPurifier_ConfigSchema
}
}
-
-
+
+
/**
@@ -3008,8 +3054,8 @@ class HTMLPurifier_ContentSets
}
}
-
-
+
+
/**
@@ -3104,8 +3150,8 @@ class HTMLPurifier_Context
}
}
-
-
+
+
/**
@@ -3234,8 +3280,8 @@ abstract class HTMLPurifier_DefinitionCache
abstract public function cleanup($config);
}
-
-
+
+
/**
@@ -3341,8 +3387,8 @@ class HTMLPurifier_DefinitionCacheFactory
}
}
-
-
+
+
/**
@@ -3415,8 +3461,8 @@ class HTMLPurifier_Doctype
}
}
-
-
+
+
class HTMLPurifier_DoctypeRegistry
@@ -3558,8 +3604,8 @@ class HTMLPurifier_DoctypeRegistry
}
}
-
-
+
+
/**
@@ -3775,8 +3821,8 @@ class HTMLPurifier_ElementDef
}
}
-
-
+
+
/**
@@ -4393,8 +4439,8 @@ class HTMLPurifier_Encoder
}
}
-
-
+
+
/**
@@ -4442,8 +4488,8 @@ class HTMLPurifier_EntityLookup
}
}
-
-
+
+
// if want to implement error collecting here, we'll need to use some sort
@@ -4564,7 +4610,7 @@ class HTMLPurifier_EntityParser
$entity = $matches[0];
$hex_part = @$matches[1];
$dec_part = @$matches[2];
- $named_part = empty($matches[3]) ? @$matches[4] : $matches[3];
+ $named_part = empty($matches[3]) ? (empty($matches[4]) ? "" : $matches[4]) : $matches[3];
if ($hex_part !== NULL && $hex_part !== "") {
return HTMLPurifier_Encoder::unichr(hexdec($hex_part));
} elseif ($dec_part !== NULL && $dec_part !== "") {
@@ -4728,8 +4774,8 @@ class HTMLPurifier_EntityParser
}
}
-
-
+
+
/**
@@ -4973,8 +5019,8 @@ class HTMLPurifier_ErrorCollector
}
}
-
-
+
+
/**
@@ -5048,8 +5094,8 @@ class HTMLPurifier_ErrorStruct
}
}
-
-
+
+
/**
@@ -5061,8 +5107,8 @@ class HTMLPurifier_Exception extends Exception
}
-
-
+
+
/**
@@ -5118,8 +5164,8 @@ class HTMLPurifier_Filter
}
}
-
-
+
+
/**
@@ -5405,8 +5451,8 @@ class HTMLPurifier_Generator
}
}
-
-
+
+
/**
@@ -5899,8 +5945,8 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
}
}
-
-
+
+
/**
@@ -6184,8 +6230,8 @@ class HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModuleManager
@@ -6652,8 +6698,8 @@ class HTMLPurifier_HTMLModuleManager
}
}
-
-
+
+
/**
@@ -6710,8 +6756,8 @@ class HTMLPurifier_IDAccumulator
}
}
-
-
+
+
/**
@@ -6871,11 +6917,13 @@ abstract class HTMLPurifier_Injector
return false;
}
// check for exclusion
- for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
- $node = $this->currentNesting[$i];
- $def = $this->htmlDefinition->info[$node->name];
- if (isset($def->excludes[$name])) {
- return false;
+ if (!empty($this->currentNesting)) {
+ for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
+ $node = $this->currentNesting[$i];
+ $def = $this->htmlDefinition->info[$node->name];
+ if (isset($def->excludes[$name])) {
+ return false;
+ }
}
}
return true;
@@ -6992,8 +7040,8 @@ abstract class HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -7197,8 +7245,8 @@ class HTMLPurifier_Language
}
}
-
-
+
+
/**
@@ -7407,8 +7455,8 @@ class HTMLPurifier_LanguageFactory
}
}
-
-
+
+
/**
@@ -7437,12 +7485,14 @@ class HTMLPurifier_Length
protected $isValid;
/**
- * Array Lookup array of units recognized by CSS 2.1
+ * Array Lookup array of units recognized by CSS 3
* @type array
*/
protected static $allowedUnits = array(
'em' => true, 'ex' => true, 'px' => true, 'in' => true,
- 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
+ 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true,
+ 'ch' => true, 'rem' => true, 'vw' => true, 'vh' => true,
+ 'vmin' => true, 'vmax' => true
);
/**
@@ -7568,8 +7618,8 @@ class HTMLPurifier_Length
}
}
-
-
+
+
/**
@@ -7951,8 +8001,8 @@ class HTMLPurifier_Lexer
}
}
-
-
+
+
/**
@@ -8001,8 +8051,8 @@ abstract class HTMLPurifier_Node
abstract public function toTokenPair();
}
-
-
+
+
/**
@@ -8113,8 +8163,8 @@ class HTMLPurifier_PercentEncoder
}
}
-
-
+
+
/**
@@ -8236,8 +8286,8 @@ class HTMLPurifier_PropertyList
}
}
-
-
+
+
/**
@@ -8279,8 +8329,8 @@ class HTMLPurifier_PropertyListIterator extends FilterIterator
}
}
-
-
+
+
/**
@@ -8337,7 +8387,7 @@ class HTMLPurifier_Queue {
return empty($this->input) && empty($this->output);
}
}
-
+
/**
@@ -8363,8 +8413,8 @@ abstract class HTMLPurifier_Strategy
abstract public function execute($tokens, $config, $context);
}
-
-
+
+
/**
@@ -8411,8 +8461,8 @@ class HTMLPurifier_StringHash extends ArrayObject
}
}
-
-
+
+
/**
@@ -8548,8 +8598,8 @@ class HTMLPurifier_StringHashParser
}
}
-
-
+
+
/**
@@ -8586,8 +8636,8 @@ abstract class HTMLPurifier_TagTransform
}
}
-
-
+
+
/**
@@ -8687,8 +8737,8 @@ abstract class HTMLPurifier_Token
abstract public function toNode();
}
-
-
+
+
/**
@@ -8806,8 +8856,8 @@ class HTMLPurifier_TokenFactory
}
}
-
-
+
+
/**
@@ -9123,8 +9173,8 @@ class HTMLPurifier_URI
}
}
-
-
+
+
class HTMLPurifier_URIDefinition extends HTMLPurifier_Definition
@@ -9236,8 +9286,8 @@ class HTMLPurifier_URIDefinition extends HTMLPurifier_Definition
}
-
-
+
+
/**
@@ -9311,8 +9361,8 @@ abstract class HTMLPurifier_URIFilter
abstract public function filter(&$uri, $config, $context);
}
-
-
+
+
/**
@@ -9383,8 +9433,8 @@ class HTMLPurifier_URIParser
}
-
-
+
+
/**
@@ -9486,8 +9536,8 @@ abstract class HTMLPurifier_URIScheme
}
}
-
-
+
+
/**
@@ -9568,8 +9618,8 @@ class HTMLPurifier_URISchemeRegistry
}
}
-
-
+
+
/**
@@ -9876,8 +9926,8 @@ class HTMLPurifier_UnitConverter
}
}
-
-
+
+
/**
@@ -9887,34 +9937,34 @@ class HTMLPurifier_UnitConverter
class HTMLPurifier_VarParser
{
- const STRING = 1;
+ const C_STRING = 1;
const ISTRING = 2;
const TEXT = 3;
const ITEXT = 4;
- const INT = 5;
- const FLOAT = 6;
- const BOOL = 7;
+ const C_INT = 5;
+ const C_FLOAT = 6;
+ const C_BOOL = 7;
const LOOKUP = 8;
const ALIST = 9;
const HASH = 10;
- const MIXED = 11;
+ const C_MIXED = 11;
/**
* Lookup table of allowed types. Mainly for backwards compatibility, but
* also convenient for transforming string type names to the integer constants.
*/
public static $types = array(
- 'string' => self::STRING,
+ 'string' => self::C_STRING,
'istring' => self::ISTRING,
'text' => self::TEXT,
'itext' => self::ITEXT,
- 'int' => self::INT,
- 'float' => self::FLOAT,
- 'bool' => self::BOOL,
+ 'int' => self::C_INT,
+ 'float' => self::C_FLOAT,
+ 'bool' => self::C_BOOL,
'lookup' => self::LOOKUP,
'list' => self::ALIST,
'hash' => self::HASH,
- 'mixed' => self::MIXED
+ 'mixed' => self::C_MIXED
);
/**
@@ -9922,7 +9972,7 @@ class HTMLPurifier_VarParser
* allowed value lists.
*/
public static $stringTypes = array(
- self::STRING => true,
+ self::C_STRING => true,
self::ISTRING => true,
self::TEXT => true,
self::ITEXT => true,
@@ -9954,7 +10004,7 @@ class HTMLPurifier_VarParser
// These are basic checks, to make sure nothing horribly wrong
// happened in our implementations.
switch ($type) {
- case (self::STRING):
+ case (self::C_STRING):
case (self::ISTRING):
case (self::TEXT):
case (self::ITEXT):
@@ -9965,17 +10015,17 @@ class HTMLPurifier_VarParser
$var = strtolower($var);
}
return $var;
- case (self::INT):
+ case (self::C_INT):
if (!is_int($var)) {
break;
}
return $var;
- case (self::FLOAT):
+ case (self::C_FLOAT):
if (!is_float($var)) {
break;
}
return $var;
- case (self::BOOL):
+ case (self::C_BOOL):
if (!is_bool($var)) {
break;
}
@@ -9999,7 +10049,7 @@ class HTMLPurifier_VarParser
}
}
return $var;
- case (self::MIXED):
+ case (self::C_MIXED):
return $var;
default:
$this->errorInconsistent(get_class($this), $type);
@@ -10075,8 +10125,8 @@ class HTMLPurifier_VarParser
}
}
-
-
+
+
/**
@@ -10087,8 +10137,8 @@ class HTMLPurifier_VarParserException extends HTMLPurifier_Exception
}
-
-
+
+
/**
@@ -10246,7 +10296,7 @@ class HTMLPurifier_Zipper
return array($old, $r);
}
}
-
+
/**
@@ -10382,8 +10432,8 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
}
-
-
+
+
/**
@@ -10427,8 +10477,8 @@ class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef
}
}
-
-
+
+
// Enum = Enumerated
@@ -10501,8 +10551,8 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -10593,8 +10643,8 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -10680,8 +10730,8 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -10734,8 +10784,8 @@ class HTMLPurifier_AttrDef_Switch
}
}
-
-
+
+
/**
@@ -10756,8 +10806,8 @@ class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -10868,8 +10918,8 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -10953,8 +11003,8 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
}
}
-
-
+
+
class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
@@ -10988,8 +11038,8 @@ class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Numbe
}
}
-
-
+
+
/**
@@ -11100,8 +11150,8 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/* W3C says:
@@ -11258,8 +11308,8 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -11315,8 +11365,8 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -11477,8 +11527,8 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
}
-
-
+
+
/**
@@ -11526,8 +11576,8 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -11571,8 +11621,8 @@ class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -11649,8 +11699,8 @@ class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -11826,8 +11876,8 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12046,8 +12096,8 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
}
-
-
+
+
/**
@@ -12079,8 +12129,8 @@ class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12136,8 +12186,8 @@ class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12214,8 +12264,8 @@ class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12327,8 +12377,8 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12399,8 +12449,8 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12454,8 +12504,8 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12501,8 +12551,8 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12579,8 +12629,8 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
}
}
-
-
+
+
/**
@@ -12628,8 +12678,8 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12699,8 +12749,8 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12749,7 +12799,7 @@ class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
return $ret;
}
}
-
+
/**
@@ -12800,8 +12850,8 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -12839,8 +12889,8 @@ class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
}
}
-
-
+
+
/**
@@ -12953,8 +13003,8 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -13030,8 +13080,8 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -13087,8 +13137,8 @@ class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
}
}
-
-
+
+
/**
@@ -13160,8 +13210,8 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -13221,8 +13271,8 @@ class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Le
}
}
-
-
+
+
abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
@@ -13242,8 +13292,8 @@ abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
// sub-implementations
-
-
+
+
/**
@@ -13343,7 +13393,11 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
// PHP 5.3 and later support this functionality natively
if (function_exists('idn_to_ascii')) {
- $string = idn_to_ascii($string);
+ if (defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46')) {
+ $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
+ } else {
+ $string = idn_to_ascii($string);
+ }
// If we have Net_IDNA2 support, we can support IRIs by
// punycoding them. (This is the most portable thing to do,
@@ -13381,8 +13435,8 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -13427,8 +13481,8 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
}
}
-
-
+
+
/**
@@ -13517,8 +13571,8 @@ class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
}
}
-
-
+
+
/**
@@ -13547,8 +13601,8 @@ class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_UR
}
}
-
-
+
+
/**
@@ -13576,8 +13630,8 @@ class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
// this MUST be placed in post, as it assumes that any value in dir is valid
@@ -13604,8 +13658,8 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13633,8 +13687,8 @@ class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13681,8 +13735,8 @@ class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13708,8 +13762,8 @@ class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13777,8 +13831,8 @@ class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
// must be called POST validation
@@ -13825,8 +13879,8 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13887,8 +13941,8 @@ class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13944,8 +13998,8 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -13976,8 +14030,8 @@ class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14022,8 +14076,8 @@ class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14056,8 +14110,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14098,8 +14152,8 @@ class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
// must be called POST validation
@@ -14151,8 +14205,8 @@ class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
@@ -14177,8 +14231,8 @@ class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14206,8 +14260,8 @@ class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14286,8 +14340,8 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14310,8 +14364,8 @@ class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransfo
}
}
-
-
+
+
// must be called POST validation
@@ -14356,8 +14410,8 @@ class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
// must be called POST validation
@@ -14395,7 +14449,7 @@ class HTMLPurifier_AttrTransform_TargetNoopener extends HTMLPurifier_AttrTransfo
}
}
-
+
// must be called POST validation
@@ -14433,7 +14487,7 @@ class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTrans
}
}
-
+
/**
@@ -14460,8 +14514,8 @@ class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
}
}
-
-
+
+
/**
@@ -14528,8 +14582,8 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
}
}
-
-
+
+
/**
@@ -14631,8 +14685,8 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
}
}
-
-
+
+
/**
@@ -14670,8 +14724,8 @@ class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
}
}
-
-
+
+
/**
@@ -14763,8 +14817,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
}
}
-
-
+
+
/**
@@ -14882,8 +14936,8 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
}
}
-
-
+
+
/**
@@ -14928,8 +14982,8 @@ class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
}
}
-
-
+
+
/**
@@ -15039,8 +15093,8 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
}
}
-
-
+
+
/**
@@ -15264,8 +15318,8 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
}
}
-
-
+
+
class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCache
@@ -15377,8 +15431,8 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
}
}
-
-
+
+
/**
@@ -15454,8 +15508,8 @@ class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
}
}
-
-
+
+
class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCache
@@ -15675,9 +15729,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
$directory = $this->generateDirectoryPath($config);
$chmod = $config->get('Cache.SerializerPermissions');
if ($chmod === null) {
- // TODO: This races
- if (is_dir($directory)) return true;
- return mkdir($directory);
+ if (!@mkdir($directory) && !is_dir($directory)) {
+ trigger_error(
+ 'Could not create directory ' . $directory . '',
+ E_USER_WARNING
+ );
+ return false;
+ }
+ return true;
}
if (!is_dir($directory)) {
$base = $this->generateBaseDirectoryPath($config);
@@ -15691,7 +15750,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
} elseif (!$this->_testPermissions($base, $chmod)) {
return false;
}
- if (!mkdir($directory, $chmod)) {
+ if (!@mkdir($directory, $chmod) && !is_dir($directory)) {
trigger_error(
'Could not create directory ' . $directory . '',
E_USER_WARNING
@@ -15761,8 +15820,8 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
}
}
-
-
+
+
/**
@@ -15840,8 +15899,8 @@ class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends HTMLPurifier_Defini
}
}
-
-
+
+
/**
@@ -15926,8 +15985,8 @@ class HTMLPurifier_DefinitionCache_Decorator_Memory extends HTMLPurifier_Definit
}
}
-
-
+
+
/**
@@ -15971,8 +16030,8 @@ class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
@@ -16003,8 +16062,8 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
);
}
-
-
+
+
/**
@@ -16059,8 +16118,8 @@ class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16250,8 +16309,8 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16291,8 +16350,8 @@ class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16343,8 +16402,8 @@ class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16393,8 +16452,8 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16580,8 +16639,8 @@ class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16632,8 +16691,8 @@ class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
@@ -16659,8 +16718,8 @@ class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16685,8 +16744,8 @@ class HTMLPurifier_HTMLModule_Nofollow extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_NonXMLCommonAttributes extends HTMLPurifier_HTMLModule
@@ -16706,8 +16765,8 @@ class HTMLPurifier_HTMLModule_NonXMLCommonAttributes extends HTMLPurifier_HTMLMo
);
}
-
-
+
+
/**
@@ -16769,8 +16828,8 @@ class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16812,8 +16871,8 @@ class HTMLPurifier_HTMLModule_Presentation extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16853,8 +16912,8 @@ class HTMLPurifier_HTMLModule_Proprietary extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16890,8 +16949,8 @@ class HTMLPurifier_HTMLModule_Ruby extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16931,8 +16990,8 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -16994,8 +17053,8 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17021,13 +17080,13 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
$script = $this->addElement(
'script',
'Inline',
- 'Empty',
+ 'Optional:', // Not `Empty` to not allow to autoclose the tag @see https://www.w3.org/TR/html4/interact/scripts.html
null,
array(
// While technically not required by the spec, we're forcing
// it to this value.
'type' => 'Enum#text/javascript',
- 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+ 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
)
);
$script->attr_transform_pre[] =
@@ -17035,8 +17094,8 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/*
@@ -17109,8 +17168,8 @@ class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17143,8 +17202,8 @@ class HTMLPurifier_HTMLModule_StyleAttribute extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17219,8 +17278,8 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17248,8 +17307,8 @@ class HTMLPurifier_HTMLModule_Target extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17273,8 +17332,8 @@ class HTMLPurifier_HTMLModule_TargetBlank extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17296,7 +17355,7 @@ class HTMLPurifier_HTMLModule_TargetNoopener extends HTMLPurifier_HTMLModule
$a->attr_transform_post[] = new HTMLPurifier_AttrTransform_TargetNoopener();
}
}
-
+
/**
@@ -17318,7 +17377,7 @@ class HTMLPurifier_HTMLModule_TargetNoreferrer extends HTMLPurifier_HTMLModule
$a->attr_transform_post[] = new HTMLPurifier_AttrTransform_TargetNoreferrer();
}
}
-
+
/**
@@ -17405,8 +17464,8 @@ class HTMLPurifier_HTMLModule_Text extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
/**
@@ -17636,8 +17695,8 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_XMLCommonAttributes extends HTMLPurifier_HTMLModule
@@ -17657,8 +17716,8 @@ class HTMLPurifier_HTMLModule_XMLCommonAttributes extends HTMLPurifier_HTMLModul
);
}
-
-
+
+
/**
@@ -17691,8 +17750,8 @@ class HTMLPurifier_HTMLModule_Tidy_Name extends HTMLPurifier_HTMLModule_Tidy
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_Tidy_Proprietary extends HTMLPurifier_HTMLModule_Tidy
@@ -17726,8 +17785,8 @@ class HTMLPurifier_HTMLModule_Tidy_Proprietary extends HTMLPurifier_HTMLModule_T
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule_Tidy
@@ -17906,8 +17965,8 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_Tidy_Strict extends HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4
@@ -17950,8 +18009,8 @@ class HTMLPurifier_HTMLModule_Tidy_Strict extends HTMLPurifier_HTMLModule_Tidy_X
}
}
-
-
+
+
class HTMLPurifier_HTMLModule_Tidy_Transitional extends HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4
@@ -17967,8 +18026,8 @@ class HTMLPurifier_HTMLModule_Tidy_Transitional extends HTMLPurifier_HTMLModule_
public $defaultLevel = 'heavy';
}
-
-
+
+
class HTMLPurifier_HTMLModule_Tidy_XHTML extends HTMLPurifier_HTMLModule_Tidy
@@ -17994,8 +18053,8 @@ class HTMLPurifier_HTMLModule_Tidy_XHTML extends HTMLPurifier_HTMLModule_Tidy
}
}
-
-
+
+
/**
@@ -18351,8 +18410,8 @@ class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -18392,8 +18451,8 @@ class HTMLPurifier_Injector_DisplayLinkURI extends HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -18457,8 +18516,8 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -18529,8 +18588,8 @@ class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector
}
}
-
-
+
+
class HTMLPurifier_Injector_RemoveEmpty extends HTMLPurifier_Injector
@@ -18642,8 +18701,8 @@ class HTMLPurifier_Injector_RemoveEmpty extends HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -18727,8 +18786,8 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
}
}
-
-
+
+
/**
@@ -18852,8 +18911,8 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
}
}
-
-
+
+
/**
@@ -18924,8 +18983,13 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
$doc = new DOMDocument();
$doc->encoding = 'UTF-8'; // theoretically, the above has this covered
+ $options = 0;
+ if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
+ $options |= LIBXML_PARSEHUGE;
+ }
+
set_error_handler(array($this, 'muteErrorHandler'));
- $doc->loadHTML($html);
+ $doc->loadHTML($html, $options);
restore_error_handler();
$body = $doc->getElementsByTagName('html')->item(0)-> //
@@ -18982,6 +19046,41 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
} while ($level > 0);
}
+ /**
+ * Portably retrieve the tag name of a node; deals with older versions
+ * of libxml like 2.7.6
+ * @param DOMNode $node
+ */
+ protected function getTagName($node)
+ {
+ if (isset($node->tagName)) {
+ return $node->tagName;
+ } else if (isset($node->nodeName)) {
+ return $node->nodeName;
+ } else if (isset($node->localName)) {
+ return $node->localName;
+ }
+ return null;
+ }
+
+ /**
+ * Portably retrieve the data of a node; deals with older versions
+ * of libxml like 2.7.6
+ * @param DOMNode $node
+ */
+ protected function getData($node)
+ {
+ if (isset($node->data)) {
+ return $node->data;
+ } else if (isset($node->nodeValue)) {
+ return $node->nodeValue;
+ } else if (isset($node->textContent)) {
+ return $node->textContent;
+ }
+ return null;
+ }
+
+
/**
* @param DOMNode $node DOMNode to be tokenized.
* @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens.
@@ -18997,7 +19096,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
// but we're not getting the character reference nodes because
// those should have been preprocessed
if ($node->nodeType === XML_TEXT_NODE) {
- $tokens[] = $this->factory->createText($node->data);
+ $data = $this->getData($node); // Handle variable data property
+ if ($data !== null) {
+ $tokens[] = $this->factory->createText($data);
+ }
return false;
} elseif ($node->nodeType === XML_CDATA_SECTION_NODE) {
// undo libxml's special treatment of