Lock configuration objects to a single namespace, to help prevent bugs.

* Also, fix a slight bug with URI definition clearing.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>

NEWS

@@ -34,8 +34,13 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Implement %Attr.AllowedClasses, which allows administrators to restrict
   classes users can use to a specified finite set of classes, and
   %Attr.ForbiddenClasses, which is the logical inverse.
+- Fix bug where URIDefinition would not get cleared if it's directives got
+  changed.
 . Created script maintenance/rename-config.php for renaming a configuration
   directive while maintaining its alias.  This script does not change source code.
+. Implement namespace locking for definition construction, to prevent
+  bugs where a directive is used for definition construction but is not
+  used to construct the cache hash.
 
 3.3.0, released 2009-02-16
 ! Implement CSS property 'overflow' when %CSS.AllowTricky is true.

TODO

@@ -20,8 +20,6 @@ afraid to cast your vote for the next feature to be implemented!
 - Think about allowing explicit order of operations hooks for transforms
 - Allow more relaxed "class" definition than NMTOKENS for appropriate
   doctypes
-- Lock when configuring Definition objects so we CAN'T access configuration
-  directives outside of what dependency has been registered.
 
 FUTURE VERSIONS
 ---------------

library/HTMLPurifier/Config.php

@@ -80,6 +80,11 @@ class HTMLPurifier_Config
      */
     public $chatty = true;
 
+    /**
+     * Current lock; only gets to this namespace are allowed.
+     */
+    private $lock;
+
     /**
      * @param $definition HTMLPurifier_ConfigSchema that defines what directives
      *                    are allowed.
@@ -157,6 +162,13 @@ class HTMLPurifier_Config
                 E_USER_ERROR);
             return;
         }
+        if ($this->lock) {
+            list($ns) = explode('.', $key);
+            if ($ns !== $this->lock) {
+                $this->triggerError('Cannot get value of namespace ' . $ns . ' when lock for ' . $this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', E_USER_ERROR);
+                return;
+            }
+        }
         return $this->plist->get($key);
     }
 
@@ -285,7 +297,7 @@ class HTMLPurifier_Config
         // reset definitions if the directives they depend on changed
         // this is a very costly process, so it's discouraged
         // with finalization
-        if ($namespace == 'HTML' || $namespace == 'CSS') {
+        if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
             $this->definitions[$namespace] = null;
         }
 
@@ -326,8 +338,12 @@ class HTMLPurifier_Config
      */
     public function getDefinition($type, $raw = false) {
         if (!$this->finalized) $this->autoFinalize();
+        // temporarily suspend locks, so we can handle recursive definition calls
+        $lock = $this->lock;
+        $this->lock = null;
         $factory = HTMLPurifier_DefinitionCacheFactory::instance();
         $cache = $factory->create($type, $this);
+        $this->lock = $lock;
         if (!$raw) {
             // see if we can quickly supply a definition
             if (!empty($this->definitions[$type])) {
@@ -369,7 +385,9 @@ class HTMLPurifier_Config
             return $this->definitions[$type];
         }
         // set it up
+        $this->lock = $type;
         $this->definitions[$type]->setup($this);
+        $this->lock = null;
         // save in cache
         $cache->set($this->definitions[$type], $this);
         return $this->definitions[$type];