mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-17 12:10:45 +02:00
Code Issues Releases Wiki Activity

Upgrade htmlpurifier to 4.14.0

Browse Source
This commit is contained in:
Ryan Cramer
2022-01-04 07:53:11 -05:00
parent 912c9bb30e
commit 7f79f6c236
7 changed files with 68 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php
View File

@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run. * FILE, changes will be overwritten the next time the script is run.
* *
* @version 4.12.0 * @version 4.14.0
* *
* @warning * @warning
* You must *not* include any other HTML Purifier files before this file, * You must *not* include any other HTML Purifier files before this file,
@@ -39,7 +39,7 @@
*/ */
/* /*
HTML Purifier 4.12.0 - Standards Compliant HTML Filtering HTML Purifier 4.14.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
@@ -78,12 +78,12 @@ class HTMLPurifier
* Version of HTML Purifier. * Version of HTML Purifier.
* @type string * @type string
*/ */
public $version = '4.12.0'; public $version = '4.14.0';
/** /**
* Constant with version of HTML Purifier. * Constant with version of HTML Purifier.
*/ */
const VERSION = '4.12.0'; const VERSION = '4.14.0';
/** /**
* Global configuration object. * Global configuration object.
@@ -260,6 +260,7 @@ class HTMLPurifier
public function purifyArray($array_of_html, $config = null) public function purifyArray($array_of_html, $config = null)
{ {
$context_array = array(); $context_array = array();
$array = array();
foreach($array_of_html as $key=>$value){ foreach($array_of_html as $key=>$value){
if (is_array($value)) { if (is_array($value)) {
$array[$key] = $this->purifyArray($value, $config); $array[$key] = $this->purifyArray($value, $config);
@@ -1311,6 +1312,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
); );
$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
$this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(
array(
'auto',
'cover',
'contain',
'initial',
'inherit',
)
),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_CSS_Length()
)
);
$border_color = $border_color =
$this->info['border-top-color'] = $this->info['border-top-color'] =
$this->info['border-bottom-color'] = $this->info['border-bottom-color'] =
@@ -1810,7 +1827,7 @@ class HTMLPurifier_Config
* HTML Purifier's version * HTML Purifier's version
* @type string * @type string
*/ */
public $version = '4.12.0'; public $version = '4.14.0';
/** /**
* Whether or not to automatically finalize * Whether or not to automatically finalize
@@ -2197,7 +2214,7 @@ class HTMLPurifier_Config
* maybeGetRawHTMLDefinition, which is more explicitly * maybeGetRawHTMLDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_HTMLDefinition * @return HTMLPurifier_HTMLDefinition|null
*/ */
public function getHTMLDefinition($raw = false, $optimized = false) public function getHTMLDefinition($raw = false, $optimized = false)
{ {
@@ -2216,7 +2233,7 @@ class HTMLPurifier_Config
* maybeGetRawCSSDefinition, which is more explicitly * maybeGetRawCSSDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_CSSDefinition * @return HTMLPurifier_CSSDefinition|null
*/ */
public function getCSSDefinition($raw = false, $optimized = false) public function getCSSDefinition($raw = false, $optimized = false)
{ {
@@ -2235,7 +2252,7 @@ class HTMLPurifier_Config
* maybeGetRawURIDefinition, which is more explicitly * maybeGetRawURIDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_URIDefinition * @return HTMLPurifier_URIDefinition|null
*/ */
public function getURIDefinition($raw = false, $optimized = false) public function getURIDefinition($raw = false, $optimized = false)
{ {
@@ -2257,7 +2274,7 @@ class HTMLPurifier_Config
* maybe semantics is the "right thing to do." * maybe semantics is the "right thing to do."
* *
* @throws HTMLPurifier_Exception * @throws HTMLPurifier_Exception
* @return HTMLPurifier_Definition * @return HTMLPurifier_Definition|null
*/ */
public function getDefinition($type, $raw = false, $optimized = false) public function getDefinition($type, $raw = false, $optimized = false)
{ {
@@ -2436,7 +2453,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_HTMLDefinition * @return HTMLPurifier_HTMLDefinition|null
*/ */
public function maybeGetRawHTMLDefinition() public function maybeGetRawHTMLDefinition()
{ {
@@ -2444,7 +2461,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_CSSDefinition * @return HTMLPurifier_CSSDefinition|null
*/ */
public function maybeGetRawCSSDefinition() public function maybeGetRawCSSDefinition()
{ {
@@ -2452,7 +2469,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_URIDefinition * @return HTMLPurifier_URIDefinition|null
*/ */
public function maybeGetRawURIDefinition() public function maybeGetRawURIDefinition()
{ {
@@ -2592,7 +2609,7 @@ class HTMLPurifier_Config
if ($index !== false) { if ($index !== false) {
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
} }
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
$ret = array(); $ret = array();
@@ -6206,8 +6223,9 @@ class HTMLPurifier_HTMLModule
*/ */
public function makeLookup($list) public function makeLookup($list)
{ {
$args = func_get_args();
if (is_string($list)) { if (is_string($list)) {
$list = func_get_args(); $list = $args;
} }
$ret = array(); $ret = array();
foreach ($list as $value) { foreach ($list as $value) {
@@ -10991,7 +11009,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
return false; return false;
} }
$left = ltrim($left, '0'); // Remove leading zeros until positive number or a zero stays left
if (ltrim($left, '0') != '') {
$left = ltrim($left, '0');
} else {
$left = '0';
}
$right = rtrim($right, '0'); $right = rtrim($right, '0');
if ($right === '') { if ($right === '') {
@@ -11067,6 +11091,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$this->info['background-repeat'] = $def->info['background-repeat']; $this->info['background-repeat'] = $def->info['background-repeat'];
$this->info['background-attachment'] = $def->info['background-attachment']; $this->info['background-attachment'] = $def->info['background-attachment'];
$this->info['background-position'] = $def->info['background-position']; $this->info['background-position'] = $def->info['background-position'];
$this->info['background-size'] = $def->info['background-size'];
} }
/** /**
@@ -11095,6 +11120,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$caught['repeat'] = false; $caught['repeat'] = false;
$caught['attachment'] = false; $caught['attachment'] = false;
$caught['position'] = false; $caught['position'] = false;
$caught['size'] = false;
$i = 0; // number of catches $i = 0; // number of catches
@@ -15261,7 +15287,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
} }
} }
if (empty($content)) { if (empty($content) && $thead === false && $tfoot === false) {
return false; return false;
} }
@@ -16150,6 +16176,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
*/ */
public function setup($config) public function setup($config)
{ {
if ($config->get('HTML.Forms')) {
$this->safe = true;
}
$form = $this->addElement( $form = $this->addElement(
'form', 'form',
'Form', 'Form',
@@ -17614,10 +17644,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
$type = "info_$type"; $type = "info_$type";
$e = $this; $e = $this;
} }
// PHP does some weird parsing when I do $e->{$type}[$attr] = $fix;
// $e->$type[$attr], so I have to assign a ref.
$f =& $e->$type;
$f[$attr] = $fix;
break; break;
case 'tag_transform': case 'tag_transform':
$this->info_tag_transform[$params['element']] = $fix; $this->info_tag_transform[$params['element']] = $fix;
@@ -17885,6 +17912,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @bgcolor for table, tr, td, th --------------------------------- // @bgcolor for table, tr, td, th ---------------------------------
$r['table@bgcolor'] = $r['table@bgcolor'] =
$r['tr@bgcolor'] =
$r['td@bgcolor'] = $r['td@bgcolor'] =
$r['th@bgcolor'] = $r['th@bgcolor'] =
new HTMLPurifier_AttrTransform_BgColor(); new HTMLPurifier_AttrTransform_BgColor();
@@ -17956,9 +17984,11 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @vspace for img ------------------------------------------------ // @vspace for img ------------------------------------------------
$r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace'); $r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace');
// @width for hr, td, th ------------------------------------------ // @width for table, hr, td, th, col ------------------------------------------
$r['table@width'] =
$r['td@width'] = $r['td@width'] =
$r['th@width'] = $r['th@width'] =
$r['col@width'] =
$r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width'); $r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width');
return $r; return $r;
@@ -18495,6 +18525,9 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
'/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu', '/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu',
$token->data, -1, PREG_SPLIT_DELIM_CAPTURE); $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
if ($bits === false) {
return;
}
$token = array(); $token = array();

2
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
View File

File diff suppressed because one or more lines are too long

11
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt Normal file
View File

@@ -0,0 +1,11 @@
HTML.Forms
TYPE: bool
VERSION: 4.13.0
DEFAULT: false
--DESCRIPTION--
<p>
Whether or not to permit form elements in the user input, regardless of
%HTML.Trusted value. Please be very careful when using this functionality, as
enabling forms in untrusted documents may allow for phishing attacks.
</p>
--# vim: et sw=4 sts=4

9
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php
View File

@@ -1,9 +0,0 @@
<?php
// private class for unit testing
class HTMLPurifier_Language_en_x_test extends HTMLPurifier_Language
{
}
// vim: et sw=4 sts=4

13
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-test.php
View File

@@ -1,13 +0,0 @@
<?php
// private language message file for unit testing purposes
$fallback = 'en';
$messages = array(
'HTMLPurifier' => 'HTML Purifier X'
);
$errorNames = array();
// vim: et sw=4 sts=4

14
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php
View File

@@ -1,14 +0,0 @@
<?php
// private language message file for unit testing purposes
// this language file has no class associated with it
$fallback = 'en';
$messages = array(
'HTMLPurifier' => 'HTML Purifier XNone'
);
$errorNames = array();
// vim: et sw=4 sts=4

4
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
View File

@@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
$ret .= $this->element('caption', 'Doctype'); $ret .= $this->element('caption', 'Doctype');
$ret .= $this->row('Name', $doctype->name); $ret .= $this->row('Name', $doctype->name);
$ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No'); $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
$ret .= $this->row('Default Modules', implode($doctype->modules, ', ')); $ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
$ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', ')); $ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
$ret .= $this->end('table'); $ret .= $this->end('table');
return $ret; return $ret;
} }