mirror of
https://github.com/moodle/moodle.git
synced 2025-07-27 09:20:36 +02:00
be7f6d4834
Prior to this change, all the line endings in the imported HTMLPurifier library were using CRLF (\r\n aka Windows style), but the HTMLPurifier source and also the downloadable artefacts use LF (\n aka Linux style) as line endings. This has been the case since510d190382when with the commit "MDL-38672 import HTML Purifier 4.5.0" all line endings were changed from LF to CRLF. There was no comment in the commit on why this change was done. As the original source uses LF, this commit partly reverts510d190382and goes back to LF as line endings. Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
114 lines
3.1 KiB
PHP
114 lines
3.1 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Validates the HTML attribute ID.
|
|
* @warning Even though this is the id processor, it
|
|
* will ignore the directive Attr:IDBlacklist, since it will only
|
|
* go according to the ID accumulator. Since the accumulator is
|
|
* automatically generated, it will have already absorbed the
|
|
* blacklist. If you're hacking around, make sure you use load()!
|
|
*/
|
|
|
|
class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
|
|
{
|
|
|
|
// selector is NOT a valid thing to use for IDREFs, because IDREFs
|
|
// *must* target IDs that exist, whereas selector #ids do not.
|
|
|
|
/**
|
|
* Determines whether or not we're validating an ID in a CSS
|
|
* selector context.
|
|
* @type bool
|
|
*/
|
|
protected $selector;
|
|
|
|
/**
|
|
* @param bool $selector
|
|
*/
|
|
public function __construct($selector = false)
|
|
{
|
|
$this->selector = $selector;
|
|
}
|
|
|
|
/**
|
|
* @param string $id
|
|
* @param HTMLPurifier_Config $config
|
|
* @param HTMLPurifier_Context $context
|
|
* @return bool|string
|
|
*/
|
|
public function validate($id, $config, $context)
|
|
{
|
|
if (!$this->selector && !$config->get('Attr.EnableID')) {
|
|
return false;
|
|
}
|
|
|
|
$id = trim($id); // trim it first
|
|
|
|
if ($id === '') {
|
|
return false;
|
|
}
|
|
|
|
$prefix = $config->get('Attr.IDPrefix');
|
|
if ($prefix !== '') {
|
|
$prefix .= $config->get('Attr.IDPrefixLocal');
|
|
// prevent re-appending the prefix
|
|
if (strpos($id, $prefix) !== 0) {
|
|
$id = $prefix . $id;
|
|
}
|
|
} elseif ($config->get('Attr.IDPrefixLocal') !== '') {
|
|
trigger_error(
|
|
'%Attr.IDPrefixLocal cannot be used unless ' .
|
|
'%Attr.IDPrefix is set',
|
|
E_USER_WARNING
|
|
);
|
|
}
|
|
|
|
if (!$this->selector) {
|
|
$id_accumulator =& $context->get('IDAccumulator');
|
|
if (isset($id_accumulator->ids[$id])) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// we purposely avoid using regex, hopefully this is faster
|
|
|
|
if ($config->get('Attr.ID.HTML5') === true) {
|
|
if (preg_match('/[\t\n\x0b\x0c ]/', $id)) {
|
|
return false;
|
|
}
|
|
} else {
|
|
if (ctype_alpha($id)) {
|
|
// OK
|
|
} else {
|
|
if (!ctype_alpha(@$id[0])) {
|
|
return false;
|
|
}
|
|
// primitive style of regexps, I suppose
|
|
$trim = trim(
|
|
$id,
|
|
'A..Za..z0..9:-._'
|
|
);
|
|
if ($trim !== '') {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
$regexp = $config->get('Attr.IDBlacklistRegexp');
|
|
if ($regexp && preg_match($regexp, $id)) {
|
|
return false;
|
|
}
|
|
|
|
if (!$this->selector) {
|
|
$id_accumulator->add($id);
|
|
}
|
|
|
|
// if no change was made to the ID, return the result
|
|
// else, return the new id if stripping whitespace made it
|
|
// valid, or return false.
|
|
return $id;
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|