mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-12 17:54:44 +02:00
Code Issues Releases Wiki Activity

Upgrade htmlpurifier to 4.15.0, should also resolve processwire/processwire-issues#1664

Browse Source
This commit is contained in:
Ryan Cramer
2023-01-13 08:54:36 -05:00
parent 11a16d5693
commit a0b91e4472
3 changed files with 488 additions and 440 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wire/modules/Markup/MarkupHTMLPurifier/MarkupHTMLPurifier.module
View File

@@ -33,7 +33,7 @@ class MarkupHTMLPurifier extends WireData implements Module {
return array(
'title' => 'HTML Purifier',
'summary' => 'Front-end to the HTML Purifier library.',
'version' => 496,
'version' => 497,
'singular' => false,
'autoload' => false,
);
@@ -66,6 +66,7 @@ class MarkupHTMLPurifier extends WireData implements Module {
*
*/
public function __construct() {
parent::__construct();
require_once(dirname(__FILE__) . '/htmlpurifier/HTMLPurifier.standalone.php');
$this->settings = \HTMLPurifier_Config::createDefault();
$this->settings->autoFinalize = false;

89
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/HTMLPurifier.standalone.php
View File

@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run.
*
* @version 4.14.0
* @version 4.15.0
*
* @warning
* You must *not* include any other HTML Purifier files before this file,
@@ -39,7 +39,7 @@
*/
/*
HTML Purifier 4.14.0 - Standards Compliant HTML Filtering
HTML Purifier 4.15.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
@@ -78,12 +78,12 @@ class HTMLPurifier
* Version of HTML Purifier.
* @type string
*/
public $version = '4.14.0';
public $version = '4.15.0';
/**
* Constant with version of HTML Purifier.
*/
const VERSION = '4.14.0';
const VERSION = '4.15.0';
/**
* Global configuration object.
@@ -786,6 +786,7 @@ class HTMLPurifier_AttrTypes
$this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right');
$this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
$this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable();
// unimplemented aliases
$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
@@ -1827,7 +1828,7 @@ class HTMLPurifier_Config
* HTML Purifier's version
* @type string
*/
public $version = '4.14.0';
public $version = '4.15.0';
/**
* Whether or not to automatically finalize
@@ -3801,7 +3802,7 @@ class HTMLPurifier_ElementDef
if (!empty($def->content_model)) {
$this->content_model =
str_replace("#SUPER", $this->content_model, $def->content_model);
str_replace("#SUPER", (string)$this->content_model, $def->content_model);
$this->child = false;
}
if (!empty($def->content_model_type)) {
@@ -4240,8 +4241,8 @@ class HTMLPurifier_Encoder
// characters to their true byte-wise ASCII/UTF-8 equivalents.
$str = strtr($str, self::testEncodingSupportsASCII($encoding));
return $str;
} elseif ($encoding === 'iso-8859-1') {
$str = utf8_encode($str);
} elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
$str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
return $str;
}
$bug = HTMLPurifier_Encoder::testIconvTruncateBug();
@@ -4292,8 +4293,8 @@ class HTMLPurifier_Encoder
// Normal stuff
$str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
return $str;
} elseif ($encoding === 'iso-8859-1') {
$str = utf8_decode($str);
} elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
$str = mb_convert_encoding($str, 'ISO-8859-1', 'UTF-8');
return $str;
}
trigger_error('Encoding not supported', E_USER_ERROR);
@@ -7555,7 +7556,7 @@ class HTMLPurifier_Length
if ($this->n === '0' && $this->unit === false) {
return true;
}
if (!ctype_lower($this->unit)) {
if ($this->unit === false || !ctype_lower($this->unit)) {
$this->unit = strtolower($this->unit);
}
if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {
@@ -7688,6 +7689,11 @@ class HTMLPurifier_Lexer
*/
public $tracksLineNumbers = false;
/**
* @type HTMLPurifier_EntityParser
*/
private $_entity_parser;
// -- STATIC ----------------------------------------------------------
/**
@@ -7946,8 +7952,8 @@ class HTMLPurifier_Lexer
{
// normalize newlines to \n
if ($config->get('Core.NormalizeNewlines')) {
$html = str_replace("\r\n", "\n", $html);
$html = str_replace("\r", "\n", $html);
$html = str_replace("\r\n", "\n", (string)$html);
$html = str_replace("\r", "\n", (string)$html);
}
if ($config->get('HTML.Trusted')) {
@@ -12882,6 +12888,23 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
{
public function validate($string, $config, $context)
{
$allowed = array('false');
if ($config->get('HTML.Trusted')) {
$allowed = array('', 'true', 'false');
}
$enum = new HTMLPurifier_AttrDef_Enum($allowed);
return $enum->validate($string, $config, $context);
}
}
/**
* Special-case enum attribute definition that lazy loads allowed frame targets
*/
@@ -14150,6 +14173,11 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
{
/**
* @type HTMLPurifier_AttrDef_HTML_ID
*/
public $idDef;
public function __construct()
{
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
@@ -14316,6 +14344,11 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
*/
private $uri;
/**
* @type HTMLPurifier_AttrDef_Enum
*/
public $wmode;
public function __construct()
{
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
@@ -14778,6 +14811,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
// XXX: This whole business with 'wrap' is all a bit unsatisfactory
public $elements = array('li' => true, 'ul' => true, 'ol' => true);
public $whitespace;
/**
* @param array $children
* @param HTMLPurifier_Config $config
@@ -16079,6 +16114,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
'class' => 'Class',
'id' => 'ID',
'title' => 'CDATA',
'contenteditable' => 'ContentEditable',
),
'Lang' => array(),
'I18N' => array(
@@ -18771,6 +18807,16 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
*/
private $context;
/**
* @type SplObjectStorage
*/
private $markForDeletion;
public function __construct()
{
$this->markForDeletion = new SplObjectStorage();
}
public function prepare($config, $context)
{
$this->attrValidator = new HTMLPurifier_AttrValidator();
@@ -18804,7 +18850,7 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
// Mark closing span tag for deletion
$current->markForDeletion = true;
$this->markForDeletion->attach($current);
// Delete open span tag
$token = false;
}
@@ -18815,7 +18861,8 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
*/
public function handleEnd(&$token)
{
if ($token->markForDeletion) {
if ($this->markForDeletion->contains($token)) {
$this->markForDeletion->detach($token);
$token = false;
}
}
@@ -21639,7 +21686,7 @@ class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
public function filter(&$uri, $config, $context)
{
foreach ($this->blacklist as $blacklisted_host_fragment) {
if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
if ($uri->host !== null && strpos($uri->host, $blacklisted_host_fragment) !== false) {
return false;
}
}
@@ -21910,11 +21957,11 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
$string = $uri->toString();
// always available
$this->replace['%s'] = $string;
$this->replace['%r'] = $context->get('EmbeddedURI', true);
$token = $context->get('CurrentToken', true);
$this->replace['%n'] = $token ? $token->name : null;
$this->replace['%m'] = $context->get('CurrentAttr', true);
$this->replace['%p'] = $context->get('CurrentCSSProperty', true);
$this->replace['%r'] = $context->get('EmbeddedURI', true) ?: '';
$token = $context->get('CurrentToken', true) ?: '';
$this->replace['%n'] = $token ? $token->name : '';
$this->replace['%m'] = $context->get('CurrentAttr', true) ?: '';
$this->replace['%p'] = $context->get('CurrentCSSProperty', true) ?: '';
// not always available
if ($this->secretKey) {
$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);

2
wire/modules/Markup/MarkupHTMLPurifier/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
View File

@@ -4410,7 +4410,7 @@ class HTML5TreeConstructer
foreach ($token['attr'] as $attr) {
if (!$el->hasAttribute($attr['name'])) {
$el->setAttribute($attr['name'], $attr['value']);
$el->setAttribute($attr['name'], (string)$attr['value']);
}
}