mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-05 06:01:52 +00:00
Lock configuration objects to a single namespace, to help prevent bugs.
* Also, fix a slight bug with URI definition clearing. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
parent
baf053b016
commit
10e2d32a79
5
NEWS
5
NEWS
@ -34,8 +34,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
! Implement %Attr.AllowedClasses, which allows administrators to restrict
|
! Implement %Attr.AllowedClasses, which allows administrators to restrict
|
||||||
classes users can use to a specified finite set of classes, and
|
classes users can use to a specified finite set of classes, and
|
||||||
%Attr.ForbiddenClasses, which is the logical inverse.
|
%Attr.ForbiddenClasses, which is the logical inverse.
|
||||||
|
- Fix bug where URIDefinition would not get cleared if it's directives got
|
||||||
|
changed.
|
||||||
. Created script maintenance/rename-config.php for renaming a configuration
|
. Created script maintenance/rename-config.php for renaming a configuration
|
||||||
directive while maintaining its alias. This script does not change source code.
|
directive while maintaining its alias. This script does not change source code.
|
||||||
|
. Implement namespace locking for definition construction, to prevent
|
||||||
|
bugs where a directive is used for definition construction but is not
|
||||||
|
used to construct the cache hash.
|
||||||
|
|
||||||
3.3.0, released 2009-02-16
|
3.3.0, released 2009-02-16
|
||||||
! Implement CSS property 'overflow' when %CSS.AllowTricky is true.
|
! Implement CSS property 'overflow' when %CSS.AllowTricky is true.
|
||||||
|
2
TODO
2
TODO
@ -20,8 +20,6 @@ afraid to cast your vote for the next feature to be implemented!
|
|||||||
- Think about allowing explicit order of operations hooks for transforms
|
- Think about allowing explicit order of operations hooks for transforms
|
||||||
- Allow more relaxed "class" definition than NMTOKENS for appropriate
|
- Allow more relaxed "class" definition than NMTOKENS for appropriate
|
||||||
doctypes
|
doctypes
|
||||||
- Lock when configuring Definition objects so we CAN'T access configuration
|
|
||||||
directives outside of what dependency has been registered.
|
|
||||||
|
|
||||||
FUTURE VERSIONS
|
FUTURE VERSIONS
|
||||||
---------------
|
---------------
|
||||||
|
@ -80,6 +80,11 @@ class HTMLPurifier_Config
|
|||||||
*/
|
*/
|
||||||
public $chatty = true;
|
public $chatty = true;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Current lock; only gets to this namespace are allowed.
|
||||||
|
*/
|
||||||
|
private $lock;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $definition HTMLPurifier_ConfigSchema that defines what directives
|
* @param $definition HTMLPurifier_ConfigSchema that defines what directives
|
||||||
* are allowed.
|
* are allowed.
|
||||||
@ -157,6 +162,13 @@ class HTMLPurifier_Config
|
|||||||
E_USER_ERROR);
|
E_USER_ERROR);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if ($this->lock) {
|
||||||
|
list($ns) = explode('.', $key);
|
||||||
|
if ($ns !== $this->lock) {
|
||||||
|
$this->triggerError('Cannot get value of namespace ' . $ns . ' when lock for ' . $this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', E_USER_ERROR);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
return $this->plist->get($key);
|
return $this->plist->get($key);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -285,7 +297,7 @@ class HTMLPurifier_Config
|
|||||||
// reset definitions if the directives they depend on changed
|
// reset definitions if the directives they depend on changed
|
||||||
// this is a very costly process, so it's discouraged
|
// this is a very costly process, so it's discouraged
|
||||||
// with finalization
|
// with finalization
|
||||||
if ($namespace == 'HTML' || $namespace == 'CSS') {
|
if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
|
||||||
$this->definitions[$namespace] = null;
|
$this->definitions[$namespace] = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -326,8 +338,12 @@ class HTMLPurifier_Config
|
|||||||
*/
|
*/
|
||||||
public function getDefinition($type, $raw = false) {
|
public function getDefinition($type, $raw = false) {
|
||||||
if (!$this->finalized) $this->autoFinalize();
|
if (!$this->finalized) $this->autoFinalize();
|
||||||
|
// temporarily suspend locks, so we can handle recursive definition calls
|
||||||
|
$lock = $this->lock;
|
||||||
|
$this->lock = null;
|
||||||
$factory = HTMLPurifier_DefinitionCacheFactory::instance();
|
$factory = HTMLPurifier_DefinitionCacheFactory::instance();
|
||||||
$cache = $factory->create($type, $this);
|
$cache = $factory->create($type, $this);
|
||||||
|
$this->lock = $lock;
|
||||||
if (!$raw) {
|
if (!$raw) {
|
||||||
// see if we can quickly supply a definition
|
// see if we can quickly supply a definition
|
||||||
if (!empty($this->definitions[$type])) {
|
if (!empty($this->definitions[$type])) {
|
||||||
@ -369,7 +385,9 @@ class HTMLPurifier_Config
|
|||||||
return $this->definitions[$type];
|
return $this->definitions[$type];
|
||||||
}
|
}
|
||||||
// set it up
|
// set it up
|
||||||
|
$this->lock = $type;
|
||||||
$this->definitions[$type]->setup($this);
|
$this->definitions[$type]->setup($this);
|
||||||
|
$this->lock = null;
|
||||||
// save in cache
|
// save in cache
|
||||||
$cache->set($this->definitions[$type], $this);
|
$cache->set($this->definitions[$type], $this);
|
||||||
return $this->definitions[$type];
|
return $this->definitions[$type];
|
||||||
|
Loading…
Reference in New Issue
Block a user