Convert to PHP 5 only codebase, adding visibility modifiers to all members and methods in the main library area (function only for test methods)

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1458 48356398-32a2-884e-a903-53898d9a118a

INSTALL

@@ -14,11 +14,12 @@ basic sanity checks to get the most out of this library.
 ---------------------------------------------------------------------------
 1.  Compatibility
 
-HTML Purifier works in both PHP 4 and PHP 5, and is actively tested from 
+HTML Purifier is PHP 5 only, and is actively tested from PHP 5.0.0 and 
-PHP 4.3.7 and up (see tests/multitest.php for specific versions). It has 
+up (see tests/multitest.php for the specific versions that are being 
-no core dependencies with other libraries. PHP 4 support will be 
+actively tested). It has no core dependencies with other libraries. PHP 
-deprecated on December 31, 2007, at which time only essential security 
+4 support was deprecated on December 31, 2007 with HTML Purifier 3.0.0. 
-fixes will be issued for the PHP 4 version until August 8, 2008. 
+Essential security fixes will be issued for the 2.1.x branch until 
+August 8, 2008. 
 
 These optional extensions can enhance the capabilities of HTML Purifier:
 

INSTALL.fr.utf8

@@ -17,7 +17,7 @@ ce document pour quelques choses.
 
 1.  Compatibilité
 
-HTML Purifier fonctionne dans PHP 4 et PHP 5. PHP 4.3.2 est le dernier
+HTML Purifier fonctionne dans PHP 5. PHP 5.0.0 est le dernier
 version que je le testais.  Il ne dépend de les autre librairies.
 
 Les extensions optionnel est iconv (en général déjà installer) et 

NEWS

@@ -9,6 +9,12 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+3.0.0, unknown release date
+# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
+  until PHP 4 is completely deprecated, but no new features will be added
+  to it.
+  + Visibility declarations added
+
 2.1.3, released 2007-11-05
 ! tests/multitest.php allows you to test multiple versions by running
   tests/index.php through multiple interpreters using `phpv` shell

TODO

@@ -11,11 +11,11 @@ If no interest is expressed for a feature that may required a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!
 
-2.2 release [Error'ed]
+3.1 release [Error'ed]
  # Error logging for filtering/cleanup procedures
  - XSS-attempt detection
 
-2.3 release [Do What I Mean, Not What I Say]
+3.2 release [Do What I Mean, Not What I Say]
  # Additional support for poorly written HTML
     - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
     - Friendly strict handling of <address> (block -> <br>)
@@ -31,13 +31,13 @@ afraid to cast your vote for the next feature to be implemented!
    dupe detector would also need to detect the suffix as well)
  - Externalize inline CSS to promote clean HTML
 
-2.4 release [It's All About Trust] (floating)
+3.3 release [It's All About Trust] (floating)
  # Implement untrusted, dangerous elements/attributes
  # Implement IDREF support (harder than it seems, since you cannot have
    IDREFs to non-existent IDs)
  # Frameset XHTML 1.0 and HTML 4.01 doctypes
 
-3.0 release [Beyond HTML]
+4.0 release [Beyond HTML]
  # Legit token based CSS parsing (will require revamping almost every
    AttrDef class). Probably will use CSSTidy class
  # More control over allowed CSS properties (maybe modularize it in the
@@ -48,7 +48,7 @@ afraid to cast your vote for the next feature to be implemented!
  - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
    Also, enable disabling of directionality
 
-4.0 release [To XML and Beyond]
+5.0 release [To XML and Beyond]
  - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
     - Hooks for adding custom processors to custom namespaced tags and
       attributes, offer default implementation

configdoc/library/ConfigDoc.php

@@ -4,10 +4,21 @@ require_once 'ConfigDoc/HTMLXSLTProcessor.php';
 require_once 'ConfigDoc/XMLSerializer/Types.php';
 require_once 'ConfigDoc/XMLSerializer/ConfigSchema.php';
 
+/**
+ * Facade class for configuration documentation system
+ */
 class ConfigDoc
 {
     
-    function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
+    /**
+     * Generates configuration documentation based on a HTMLPurifier_ConfigSchema
+     * object and styleshet name
+     * @param $schema Instance of HTMLPurifier_ConfigSchema to document
+     * @param $xsl_stylesheet_name Name of XSL stylesheet in ../styles/ directory to use
+     * @param $parameters Extra parameters to pass to the stylesheet
+     * @return string HTML output
+     */
+    public function generate($schema, $xsl_stylesheet_name = 'plain', $parameters = array()) {
         // generate types document, describing type constraints
         $types_serializer = new ConfigDoc_XMLSerializer_Types();
         $types_document = $types_serializer->serialize($schema);
@@ -29,9 +40,10 @@ class ConfigDoc
     
     /**
      * Remove any generated files
+     * @return boolean Success?
      */
-    function cleanup() {
+    public function cleanup() {
-        unlink('configdoc.xml');
+        return unlink('configdoc.xml');
     }
     
 }

configdoc/library/ConfigDoc/HTMLXSLTProcessor.php

@@ -1,12 +1,15 @@
 <?php
 
 /**
- * Special XSLTProcessor specifically for HTML documents. Loosely
+ * Special XSLT processor specifically for HTML documents. Loosely
- * based off of XSLTProcessor, but not really
+ * based off of XSLTProcessor, but does not inherit from that class
  */
 class ConfigDoc_HTMLXSLTProcessor
 {
     
+    /**
+     * Instance of XSLTProcessor
+     */
     protected $xsltProcessor;
     
     public function __construct() {
@@ -16,6 +19,7 @@ class ConfigDoc_HTMLXSLTProcessor
     /**
      * Imports stylesheet for processor to use
      * @param $xsl XSLT DOM tree, or filename of the XSL transformation
+     * @return bool Success?
      */
     public function importStylesheet($xsl) {
         if (is_string($xsl)) {
@@ -27,16 +31,20 @@ class ConfigDoc_HTMLXSLTProcessor
     }
     
     /**
-     * Transforms an XML file into HTML based on the stylesheet
+     * Transforms an XML file into compatible XHTML based on the stylesheet
      * @param $xml XML DOM tree
+     * @return string HTML output
+     * @todo Rename to transformToXHTML, as transformToHTML is misleading
      */
     public function transformToHTML($xml) {
         $out = $this->xsltProcessor->transformToXML($xml);
         
         // fudges for HTML backwards compatibility
+        // assumes that document is XHTML
         $out = str_replace('/>', ' />', $out); // <br /> not <br/>
         $out = str_replace(' xmlns=""', '', $out); // rm unnecessary xmlns
         $out = str_replace(' xmlns="http://www.w3.org/1999/xhtml"', '', $out); // rm unnecessary xmlns
+        
         if (class_exists('Tidy')) {
             // cleanup output
             $config = array(
@@ -49,9 +57,14 @@ class ConfigDoc_HTMLXSLTProcessor
             $tidy->cleanRepair();
             $out = (string) $tidy;
         }
+        
         return $out;
     }
     
+    /**
+     * Bulk sets parameters for the XSL stylesheet
+     * @param array $options Associative array of options to set
+     */
     public function setParameters($options) {
         foreach ($options as $name => $value) {
             $this->xsltProcessor->setParameter('', $name, $value);

configdoc/library/ConfigDoc/XMLSerializer.php

@@ -8,16 +8,22 @@
 class ConfigDoc_XMLSerializer
 {
     
+    /**
+     * Appends a div containing HTML into a node
+     * @param $document Base document node belongs to
+     * @param $node Node to append to
+     * @param $html HTML to place inside div to append
+     * @todo Place this directly in DOMNode, using registerNodeClass to
+     *       override.
+     */
     protected function appendHTMLDiv($document, $node, $html) {
         $purifier = HTMLPurifier::getInstance();
         $html = $purifier->purify($html);
         $dom_html = $document->createDocumentFragment();
         $dom_html->appendXML($html);
-        
         $dom_div = $document->createElement('div');
         $dom_div->setAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
         $dom_div->appendChild($dom_html);
-        
         $node->appendChild($dom_div);
     }
     

configdoc/library/ConfigDoc/XMLSerializer/ConfigSchema.php

@@ -9,6 +9,7 @@ class ConfigDoc_XMLSerializer_ConfigSchema extends ConfigDoc_XMLSerializer
      * Serializes a schema into DOM form
      * @todo Split into sub-serializers
      * @param $schema HTMLPurifier_ConfigSchema to serialize
+     * @return DOMDocument representation of schema
      */
     public function serialize($schema) {
         $dom_document = new DOMDocument('1.0', 'UTF-8');

configdoc/library/ConfigDoc/XMLSerializer/Types.php

@@ -8,6 +8,7 @@ class ConfigDoc_XMLSerializer_Types extends ConfigDoc_XMLSerializer
     /**
      * Serializes the types in a schema into DOM form
      * @param $schema HTMLPurifier_ConfigSchema owner of types to serialize
+     * @return DOMDocument representing schema types
      */
     public function serialize($schema) {
         $types_document = new DOMDocument('1.0', 'UTF-8');

library/HTMLPurifier.php

@@ -83,19 +83,19 @@ since 2.0.0.
 class HTMLPurifier
 {
     
-    var $version = '2.1.3';
+    public $version = '2.1.3';
     
-    var $config;
+    public $config;
-    var $filters = array();
+    public $filters = array();
     
-    var $strategy, $generator;
+    protected $strategy, $generator;
     
     /**
      * Resultant HTMLPurifier_Context of last run purification. Is an array
      * of contexts if the last called method was purifyArray().
      * @public
      */
-    var $context;
+    public $context;
     
     /**
      * Initializes the purifier.
@@ -105,7 +105,7 @@ class HTMLPurifier
      *                The parameter can also be any type that
      *                HTMLPurifier_Config::create() supports.
      */
-    function HTMLPurifier($config = null) {
+    public function HTMLPurifier($config = null) {
         
         $this->config = HTMLPurifier_Config::create($config);
         
@@ -118,7 +118,7 @@ class HTMLPurifier
      * Adds a filter to process the output. First come first serve
      * @param $filter HTMLPurifier_Filter object
      */
-    function addFilter($filter) {
+    public function addFilter($filter) {
         $this->filters[] = $filter;
     }
     
@@ -132,7 +132,7 @@ class HTMLPurifier
      *                that HTMLPurifier_Config::create() supports.
      * @return Purified HTML
      */
-    function purify($html, $config = null) {
+    public function purify($html, $config = null) {
         
         $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
         
@@ -198,7 +198,7 @@ class HTMLPurifier
      *                See HTMLPurifier::purify() for more details.
      * @return Array of purified HTML
      */
-    function purifyArray($array_of_html, $config = null) {
+    public function purifyArray($array_of_html, $config = null) {
         $context_array = array();
         foreach ($array_of_html as $key => $html) {
             $array_of_html[$key] = $this->purify($html, $config);
@@ -213,10 +213,10 @@ class HTMLPurifier
      * @param $prototype Optional prototype HTMLPurifier instance to
      *                   overload singleton with.
      */
-    function &getInstance($prototype = null) {
+    public static function &getInstance($prototype = null) {
         static $htmlpurifier;
         if (!$htmlpurifier || $prototype) {
-            if (is_a($prototype, 'HTMLPurifier')) {
+            if ($prototype instanceof HTMLPurifier) {
                 $htmlpurifier = $prototype;
             } elseif ($prototype) {
                 $htmlpurifier = new HTMLPurifier($prototype);

library/HTMLPurifier/AttrCollections.php

@@ -12,7 +12,7 @@ class HTMLPurifier_AttrCollections
     /**
      * Associative array of attribute collections, indexed by name
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Performs all expansions on internal data for use by other inclusions
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrCollections
      * @param $attr_types HTMLPurifier_AttrTypes instance
      * @param $modules Hash array of HTMLPurifier_HTMLModule members
      */
-    function HTMLPurifier_AttrCollections($attr_types, $modules) {
+    public function HTMLPurifier_AttrCollections($attr_types, $modules) {
         // load extensions from the modules
         foreach ($modules as $module) {
             foreach ($module->attr_collections as $coll_i => $coll) {
@@ -53,7 +53,7 @@ class HTMLPurifier_AttrCollections
      * all inclusions specified by the zero index.
      * @param &$attr Reference to attribute array
      */
-    function performInclusions(&$attr) {
+    public function performInclusions(&$attr) {
         if (!isset($attr[0])) return;
         $merge = $attr[0];
         $seen  = array(); // recursion guard
@@ -81,7 +81,7 @@ class HTMLPurifier_AttrCollections
      * @param &$attr Reference to attribute array
      * @param $attr_types HTMLPurifier_AttrTypes instance
      */
-    function expandIdentifiers(&$attr, $attr_types) {
+    public function expandIdentifiers(&$attr, $attr_types) {
         
         // because foreach will process new elements we add, make sure we
         // skip duplicates

library/HTMLPurifier/AttrDef.php

@@ -10,32 +10,29 @@
  * subclasses are also responsible for cleaning the code if possible.
  */
 
-class HTMLPurifier_AttrDef
+abstract class HTMLPurifier_AttrDef
 {
     
     /**
      * Tells us whether or not an HTML attribute is minimized. Has no
      * meaning in other contexts.
      */
-    var $minimized = false;
+    public $minimized = false;
     
     /**
      * Tells us whether or not an HTML attribute is required. Has no
      * meaning in other contexts
      */
-    var $required = false;
+    public $required = false;
     
     /**
      * Validates and cleans passed string according to a definition.
      * 
-     * @public
      * @param $string String to be validated and cleaned.
      * @param $config Mandatory HTMLPurifier_Config object.
      * @param $context Mandatory HTMLPurifier_AttrContext object.
      */
-    function validate($string, $config, &$context) {
+    abstract public function validate($string, $config, &$context);
-        trigger_error('Cannot call abstract function', E_USER_ERROR);
-    }
     
     /**
      * Convenience method that parses a string as if it were CDATA.
@@ -59,10 +56,8 @@ class HTMLPurifier_AttrDef
      *          function.  Trim and whitespace collapsing are supposed to only
      *          occur in NMTOKENs.  However, note that we are NOT necessarily
      *          parsing XML, thus, this behavior may still be correct.
-     * 
-     * @public
      */
-    function parseCDATA($string) {
+    public function parseCDATA($string) {
         $string = trim($string);
         $string = str_replace("\n", '', $string);
         $string = str_replace(array("\r", "\t"), ' ', $string);
@@ -73,9 +68,8 @@ class HTMLPurifier_AttrDef
      * Factory method for creating this class from a string.
      * @param $string String construction info
      * @return Created AttrDef object corresponding to $string
-     * @public
      */
-    function make($string) {
+    public function make($string) {
         // default implementation, return flyweight of this object
         // if overloaded, it is *necessary* for you to clone the
         // object (usually by instantiating a new copy) and return that

library/HTMLPurifier/AttrDef/CSS.php

@@ -17,7 +17,7 @@ require_once 'HTMLPurifier/CSSDefinition.php';
 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
 {
     
-    function validate($css, $config, &$context) {
+    public function validate($css, $config, &$context) {
         
         $css = $this->parseCDATA($css);
         

library/HTMLPurifier/AttrDef/CSS/Background.php

@@ -14,9 +14,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
      * Local copy of component validators.
      * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
      */
-    var $info;
+    protected $info;
     
-    function HTMLPurifier_AttrDef_CSS_Background($config) {
+    public function HTMLPurifier_AttrDef_CSS_Background($config) {
         $def = $config->getCSSDefinition();
         $this->info['background-color'] = $def->info['background-color'];
         $this->info['background-image'] = $def->info['background-image'];
@@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
         $this->info['background-position'] = $def->info['background-position'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         // regular pre-processing
         $string = $this->parseCDATA($string);

library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php

@@ -48,15 +48,15 @@ require_once 'HTMLPurifier/AttrDef/CSS/Percentage.php';
 class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
 {
     
-    var $length;
+    protected $length;
-    var $percentage;
+    protected $percentage;
     
-    function HTMLPurifier_AttrDef_CSS_BackgroundPosition() {
+    public function HTMLPurifier_AttrDef_CSS_BackgroundPosition() {
         $this->length     = new HTMLPurifier_AttrDef_CSS_Length();
         $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         $string = $this->parseCDATA($string);
         $bits = explode(' ', $string);
         

library/HTMLPurifier/AttrDef/CSS/Border.php

@@ -11,16 +11,16 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
     /**
      * Local copy of properties this property is shorthand for.
      */
-    var $info = array();
+    protected $info = array();
     
-    function HTMLPurifier_AttrDef_CSS_Border($config) {
+    public function HTMLPurifier_AttrDef_CSS_Border($config) {
         $def = $config->getCSSDefinition();
         $this->info['border-width'] = $def->info['border-width'];
         $this->info['border-style'] = $def->info['border-style'];
         $this->info['border-top-color'] = $def->info['border-top-color'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         $string = $this->parseCDATA($string);
         // we specifically will not support rgb() syntax with spaces
         $bits = explode(' ', $string);

library/HTMLPurifier/AttrDef/CSS/Color.php

@@ -33,7 +33,7 @@ This directive has been available since 2.0.0.
 class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
 {
     
-    function validate($color, $config, &$context) {
+    public function validate($color, $config, &$context) {
         
         static $colors = null;
         if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');

library/HTMLPurifier/AttrDef/CSS/Composite.php

@@ -14,18 +14,18 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
     
     /**
      * List of HTMLPurifier_AttrDef objects that may process strings
-     * @protected
+     * @todo Make protected
      */
-    var $defs;
+    public $defs;
     
     /**
      * @param $defs List of HTMLPurifier_AttrDef objects
      */
-    function HTMLPurifier_AttrDef_CSS_Composite($defs) {
+    public function HTMLPurifier_AttrDef_CSS_Composite($defs) {
         $this->defs = $defs;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         foreach ($this->defs as $i => $def) {
             $result = $this->defs[$i]->validate($string, $config, $context);
             if ($result !== false) return $result;

library/HTMLPurifier/AttrDef/CSS/Font.php

@@ -16,9 +16,9 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
      *       CSSDefinition, this wouldn't be necessary.  We'd instantiate
      *       our own copies.
      */
-    var $info = array();
+    protected $info = array();
     
-    function HTMLPurifier_AttrDef_CSS_Font($config) {
+    public function HTMLPurifier_AttrDef_CSS_Font($config) {
         $def = $config->getCSSDefinition();
         $this->info['font-style']   = $def->info['font-style'];
         $this->info['font-variant'] = $def->info['font-variant'];
@@ -28,7 +28,7 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
         $this->info['font-family']  = $def->info['font-family'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         static $system_fonts = array(
             'caption' => true,

library/HTMLPurifier/AttrDef/CSS/FontFamily.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         static $generic_names = array(
             'serif' => true,
             'sans-serif' => true,

library/HTMLPurifier/AttrDef/CSS/Length.php

@@ -14,22 +14,22 @@ class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
      * @warning The code assumes all units are two characters long.  Be careful
      *          if we have to change this behavior!
      */
-    var $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
+    protected $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
          'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true);
     /**
      * Instance of HTMLPurifier_AttrDef_Number to defer number validation to
      */
-    var $number_def;
+    protected $number_def;
     
     /**
      * @param $non_negative Bool indication whether or not negative values are
      *                      allowed.
      */
-    function HTMLPurifier_AttrDef_CSS_Length($non_negative = false) {
+    public function HTMLPurifier_AttrDef_CSS_Length($non_negative = false) {
         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
     }
     
-    function validate($length, $config, &$context) {
+    public function validate($length, $config, &$context) {
         
         $length = $this->parseCDATA($length);
         if ($length === '') return false;

library/HTMLPurifier/AttrDef/CSS/ListStyle.php

@@ -13,16 +13,16 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
      * Local copy of component validators.
      * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
      */
-    var $info;
+    protected $info;
     
-    function HTMLPurifier_AttrDef_CSS_ListStyle($config) {
+    public function HTMLPurifier_AttrDef_CSS_ListStyle($config) {
         $def = $config->getCSSDefinition();
         $this->info['list-style-type']     = $def->info['list-style-type'];
         $this->info['list-style-position'] = $def->info['list-style-position'];
         $this->info['list-style-image'] = $def->info['list-style-image'];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         // regular pre-processing
         $string = $this->parseCDATA($string);

library/HTMLPurifier/AttrDef/CSS/Multiple.php

@@ -18,24 +18,26 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
     
     /**
      * Instance of component definition to defer validation to.
+     * @todo Make protected
      */
-    var $single;
+    public $single;
     
     /**
      * Max number of values allowed.
+     * @todo Make protected
      */
-    var $max;
+    public $max;
     
     /**
      * @param $single HTMLPurifier_AttrDef to multiply
      * @param $max Max number of values allowed (usually four)
      */
-    function HTMLPurifier_AttrDef_CSS_Multiple($single, $max = 4) {
+    public function HTMLPurifier_AttrDef_CSS_Multiple($single, $max = 4) {
         $this->single = $single;
         $this->max = $max;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         $string = $this->parseCDATA($string);
         if ($string === '') return false;
         $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n

library/HTMLPurifier/AttrDef/CSS/Number.php

@@ -9,16 +9,16 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
     /**
      * Bool indicating whether or not only positive values allowed.
      */
-    var $non_negative = false;
+    protected $non_negative = false;
     
     /**
      * @param $non_negative Bool indicating whether negatives are forbidden
      */
-    function HTMLPurifier_AttrDef_CSS_Number($non_negative = false) {
+    public function HTMLPurifier_AttrDef_CSS_Number($non_negative = false) {
         $this->non_negative = $non_negative;
     }
     
-    function validate($number, $config, &$context) {
+    public function validate($number, $config, &$context) {
         
         $number = $this->parseCDATA($number);
         

library/HTMLPurifier/AttrDef/CSS/Percentage.php

@@ -12,16 +12,16 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
     /**
      * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation
      */
-    var $number_def;
+    protected $number_def;
     
     /**
      * @param Bool indicating whether to forbid negative values
      */
-    function HTMLPurifier_AttrDef_CSS_Percentage($non_negative = false) {
+    public function HTMLPurifier_AttrDef_CSS_Percentage($non_negative = false) {
         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = $this->parseCDATA($string);
         

library/HTMLPurifier/AttrDef/CSS/TextDecoration.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         static $allowed_values = array(
             'line-through' => true,

library/HTMLPurifier/AttrDef/CSS/URI.php

@@ -14,11 +14,11 @@ require_once 'HTMLPurifier/AttrDef/URI.php';
 class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
 {
     
-    function HTMLPurifier_AttrDef_CSS_URI() {
+    public function HTMLPurifier_AttrDef_CSS_URI() {
         parent::HTMLPurifier_AttrDef_URI(true); // always embedded
     }
     
-    function validate($uri_string, $config, &$context) {
+    public function validate($uri_string, $config, &$context) {
         // parse the URI out of the string and then pass it onto
         // the parent object
         

library/HTMLPurifier/AttrDef/Enum.php

@@ -14,27 +14,28 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
     
     /**
      * Lookup table of valid values.
+     * @todo Make protected
      */
-    var $valid_values   = array();
+    public $valid_values   = array();
     
     /**
      * Bool indicating whether or not enumeration is case sensitive.
      * @note In general this is always case insensitive.
      */
-    var $case_sensitive = false; // values according to W3C spec
+    protected $case_sensitive = false; // values according to W3C spec
     
     /**
      * @param $valid_values List of valid values
      * @param $case_sensitive Bool indicating whether or not case sensitive
      */
-    function HTMLPurifier_AttrDef_Enum(
+    public function HTMLPurifier_AttrDef_Enum(
         $valid_values = array(), $case_sensitive = false
     ) {
         $this->valid_values = array_flip($valid_values);
         $this->case_sensitive = $case_sensitive;
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         $string = trim($string);
         if (!$this->case_sensitive) {
             // we may want to do full case-insensitive libraries
@@ -50,7 +51,7 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
      *      valid values. Example: "foo,bar,baz". Prepend "s:" to make
      *      case sensitive
      */
-    function make($string) {
+    public function make($string) {
         if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
             $string = substr($string, 2);
             $sensitive = true;

library/HTMLPurifier/AttrDef/HTML/Bool.php

@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
 {
     
-    var $name;
+    protected $name;
-    var $minimized = true;
+    public $minimized = true;
     
-    function HTMLPurifier_AttrDef_HTML_Bool($name = false) {$this->name = $name;}
+    public function HTMLPurifier_AttrDef_HTML_Bool($name = false) {$this->name = $name;}
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         if (empty($string)) return false;
         return $this->name;
     }
@@ -21,7 +21,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
     /**
      * @param $string Name of attribute
      */
-    function make($string) {
+    public function make($string) {
         return new HTMLPurifier_AttrDef_HTML_Bool($string);
     }
     

library/HTMLPurifier/AttrDef/HTML/Color.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/CSS/Color.php'; // for %Core.ColorKeywords
 class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         static $colors = null;
         if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');

library/HTMLPurifier/AttrDef/HTML/FrameTarget.php

@@ -19,12 +19,12 @@ require_once 'HTMLPurifier/AttrDef/Enum.php';
 class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
 {
     
-    var $valid_values = false; // uninitialized value
+    public $valid_values = false; // uninitialized value
-    var $case_sensitive = false;
+    protected $case_sensitive = false;
     
-    function HTMLPurifier_AttrDef_HTML_FrameTarget() {}
+    public function HTMLPurifier_AttrDef_HTML_FrameTarget() {}
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         if ($this->valid_values === false) $this->valid_values = $config->get('Attr', 'AllowedFrameTargets');
         return parent::validate($string, $config, $context);
     }

library/HTMLPurifier/AttrDef/HTML/ID.php

@@ -66,7 +66,7 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
     // ref functionality disabled, since we also have to verify
     // whether or not the ID it refers to exists
     
-    function validate($id, $config, &$context) {
+    public function validate($id, $config, &$context) {
         
         if (!$config->get('Attr', 'EnableID')) return false;
         

library/HTMLPurifier/AttrDef/HTML/Length.php

@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Pixels.php';
 class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = trim($string);
         if ($string === '') return false;

library/HTMLPurifier/AttrDef/HTML/LinkTypes.php

@@ -27,9 +27,9 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
 {
     
     /** Name config attribute to pull. */
-    var $name;
+    protected $name;
     
-    function HTMLPurifier_AttrDef_HTML_LinkTypes($name) {
+    public function HTMLPurifier_AttrDef_HTML_LinkTypes($name) {
         $configLookup = array(
             'rel' => 'AllowedRel',
             'rev' => 'AllowedRev'
@@ -42,7 +42,7 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
         $this->name = $configLookup[$name];
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $allowed = $config->get('Attr', $this->name);
         if (empty($allowed)) return false;

library/HTMLPurifier/AttrDef/HTML/MultiLength.php

@@ -12,7 +12,7 @@ require_once 'HTMLPurifier/AttrDef/HTML/Length.php';
 class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = trim($string);
         if ($string === '') return false;

library/HTMLPurifier/AttrDef/HTML/Nmtokens.php

@@ -13,7 +13,7 @@ require_once 'HTMLPurifier/Config.php';
 class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = trim($string);
         

library/HTMLPurifier/AttrDef/HTML/Pixels.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = trim($string);
         if ($string === '0') return $string;

library/HTMLPurifier/AttrDef/Integer.php

@@ -15,24 +15,24 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
     /**
      * Bool indicating whether or not negative values are allowed
      */
-    var $negative = true;
+    protected $negative = true;
     
     /**
      * Bool indicating whether or not zero is allowed
      */
-    var $zero = true;
+    protected $zero = true;
     
     /**
      * Bool indicating whether or not positive values are allowed
      */
-    var $positive = true;
+    protected $positive = true;
     
     /**
      * @param $negative Bool indicating whether or not negative values are allowed
      * @param $zero Bool indicating whether or not zero is allowed
      * @param $positive Bool indicating whether or not positive values are allowed
      */
-    function HTMLPurifier_AttrDef_Integer(
+    public function HTMLPurifier_AttrDef_Integer(
         $negative = true, $zero = true, $positive = true
     ) {
         $this->negative = $negative;
@@ -40,7 +40,7 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
         $this->positive = $positive;
     }
     
-    function validate($integer, $config, &$context) {
+    public function validate($integer, $config, &$context) {
         
         $integer = $this->parseCDATA($integer);
         if ($integer === '') return false;

library/HTMLPurifier/AttrDef/Lang.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         
         $string = trim($string);
         if (!$string) return false;

library/HTMLPurifier/AttrDef/Text.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrDef.php';
 class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         return $this->parseCDATA($string);
     }
     

library/HTMLPurifier/AttrDef/URI.php

@@ -68,19 +68,19 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
 {
     
-    var $parser, $percentEncoder;
+    protected $parser, $percentEncoder;
-    var $embedsResource;
+    protected $embedsResource;
     
     /**
      * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
      */
-    function HTMLPurifier_AttrDef_URI($embeds_resource = false) {
+    public function HTMLPurifier_AttrDef_URI($embeds_resource = false) {
         $this->parser = new HTMLPurifier_URIParser();
         $this->percentEncoder = new HTMLPurifier_PercentEncoder();
         $this->embedsResource = (bool) $embeds_resource;
     }
     
-    function validate($uri, $config, &$context) {
+    public function validate($uri, $config, &$context) {
         
         if ($config->get('URI', 'Disable')) return false;
         

library/HTMLPurifier/AttrDef/URI/Email.php

@@ -2,7 +2,7 @@
 
 require_once 'HTMLPurifier/AttrDef.php';
 
-class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
+abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
 {
     
     /**

library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php

@@ -9,7 +9,7 @@ require_once 'HTMLPurifier/AttrDef/URI/Email.php';
 class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
 {
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         // no support for named mailboxes i.e. "Bob <bob@example.com>"
         // that needs more percent encoding to be done
         if ($string == '') return false;

library/HTMLPurifier/AttrDef/URI/Host.php

@@ -13,19 +13,19 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
     /**
      * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator
      */
-    var $ipv4;
+    protected $ipv4;
     
     /**
      * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator
      */
-    var $ipv6;
+    protected $ipv6;
     
-    function HTMLPurifier_AttrDef_URI_Host() {
+    public function HTMLPurifier_AttrDef_URI_Host() {
         $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
         $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
     }
     
-    function validate($string, $config, &$context) {
+    public function validate($string, $config, &$context) {
         $length = strlen($string);
         if ($string === '') return '';
         if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {

library/HTMLPurifier/AttrDef/URI/IPv4.php

@@ -11,11 +11,10 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
     
     /**
      * IPv4 regex, protected so that IPv6 can reuse it
-     * @protected
      */
-    var $ip4;
+    protected $ip4;
     
-    function validate($aIP, $config, &$context) {
+    public function validate($aIP, $config, &$context) {
         
         if (!$this->ip4) $this->_loadRegex();
         
@@ -32,7 +31,7 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
      * Lazy load function to prevent regex from being stuffed in
      * cache.
      */
-    function _loadRegex() {
+    protected function _loadRegex() {
         $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
         $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
     }

library/HTMLPurifier/AttrDef/URI/IPv6.php

@@ -11,7 +11,7 @@ require_once 'HTMLPurifier/AttrDef/URI/IPv4.php';
 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
 {
     
-    function validate($aIP, $config, &$context) {
+    public function validate($aIP, $config, &$context) {
         
         if (!$this->ip4) $this->_loadRegex();
         

library/HTMLPurifier/AttrTransform.php

@@ -14,7 +14,7 @@
  * more details.
  */
 
-class HTMLPurifier_AttrTransform
+abstract class HTMLPurifier_AttrTransform
 {
     
     /**
@@ -26,9 +26,7 @@ class HTMLPurifier_AttrTransform
      * @param $context Mandatory HTMLPurifier_Context object
      * @returns Processed attribute array.
      */
-    function transform($attr, $config, &$context) {
+    abstract public function transform($attr, $config, &$context);
-        trigger_error('Cannot call abstract function', E_USER_ERROR);
-    }
     
     /**
      * Prepends CSS properties to the style attribute, creating the
@@ -36,7 +34,7 @@ class HTMLPurifier_AttrTransform
      * @param $attr Attribute array to process (passed by reference)
      * @param $css CSS to prepend
      */
-    function prependCSS(&$attr, $css) {
+    public function prependCSS(&$attr, $css) {
         $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
         $attr['style'] = $css . $attr['style'];
     }
@@ -46,7 +44,7 @@ class HTMLPurifier_AttrTransform
      * @param $attr Attribute array to process (passed by reference)
      * @param $key Key of attribute to confiscate
      */
-    function confiscateAttr(&$attr, $key) {
+    public function confiscateAttr(&$attr, $key) {
         if (!isset($attr[$key])) return null;
         $value = $attr[$key];
         unset($attr[$key]);

library/HTMLPurifier/AttrTransform/BdoDir.php

@@ -20,7 +20,7 @@ HTMLPurifier_ConfigSchema::defineAllowedValues(
 class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         if (isset($attr['dir'])) return $attr;
         $attr['dir'] = $config->get('Attr', 'DefaultTextDir');
         return $attr;

library/HTMLPurifier/AttrTransform/BgColor.php

@@ -5,10 +5,9 @@ require_once 'HTMLPurifier/AttrTransform.php';
 /**
  * Pre-transform that changes deprecated bgcolor attribute to CSS.
  */
-class HTMLPurifier_AttrTransform_BgColor
+class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
-extends HTMLPurifier_AttrTransform {
 
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         
         if (!isset($attr['bgcolor'])) return $attr;
         

library/HTMLPurifier/AttrTransform/BoolToCSS.php

@@ -11,23 +11,23 @@ extends HTMLPurifier_AttrTransform {
     /**
      * Name of boolean attribute that is trigger
      */
-    var $attr;
+    protected $attr;
     
     /**
      * CSS declarations to add to style, needs trailing semicolon
      */
-    var $css;
+    protected $css;
     
     /**
      * @param $attr string attribute name to convert from
      * @param $css string CSS declarations to add to style (needs semicolon)
      */
-    function HTMLPurifier_AttrTransform_BoolToCSS($attr, $css) {
+    public function HTMLPurifier_AttrTransform_BoolToCSS($attr, $css) {
         $this->attr = $attr;
         $this->css  = $css;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         if (!isset($attr[$this->attr])) return $attr;
         unset($attr[$this->attr]);
         $this->prependCSS($attr, $this->css);

library/HTMLPurifier/AttrTransform/Border.php

@@ -7,7 +7,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
  */
 class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
 
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         if (!isset($attr['border'])) return $attr;
         $border_width = $this->confiscateAttr($attr, 'border');
         // some validation should happen here

library/HTMLPurifier/AttrTransform/EnumToCSS.php

@@ -11,32 +11,32 @@ class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
     /**
      * Name of attribute to transform from
      */
-    var $attr;
+    protected $attr;
     
     /**
      * Lookup array of attribute values to CSS
      */
-    var $enumToCSS = array();
+    protected $enumToCSS = array();
     
     /**
      * Case sensitivity of the matching
      * @warning Currently can only be guaranteed to work with ASCII
      *          values.
      */
-    var $caseSensitive = false;
+    protected $caseSensitive = false;
     
     /**
      * @param $attr String attribute name to transform from
      * @param $enumToCSS Lookup array of attribute values to CSS
      * @param $case_sensitive Boolean case sensitivity indicator, default false
      */
-    function HTMLPurifier_AttrTransform_EnumToCSS($attr, $enum_to_css, $case_sensitive = false) {
+    public function HTMLPurifier_AttrTransform_EnumToCSS($attr, $enum_to_css, $case_sensitive = false) {
         $this->attr = $attr;
         $this->enumToCSS = $enum_to_css;
         $this->caseSensitive = (bool) $case_sensitive;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         
         if (!isset($attr[$this->attr])) return $attr;
         

library/HTMLPurifier/AttrTransform/ImgRequired.php

@@ -28,7 +28,7 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         
         $src = true;
         if (!isset($attr['src'])) {

library/HTMLPurifier/AttrTransform/ImgSpace.php

@@ -5,23 +5,22 @@ require_once 'HTMLPurifier/AttrTransform.php';
 /**
  * Pre-transform that changes deprecated hspace and vspace attributes to CSS
  */
-class HTMLPurifier_AttrTransform_ImgSpace
+class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
-extends HTMLPurifier_AttrTransform {
     
-    var $attr;
+    protected $attr;
-    var $css = array(
+    protected $css = array(
         'hspace' => array('left', 'right'),
         'vspace' => array('top', 'bottom')
     );
     
-    function HTMLPurifier_AttrTransform_ImgSpace($attr) {
+    public function HTMLPurifier_AttrTransform_ImgSpace($attr) {
         $this->attr = $attr;
         if (!isset($this->css[$attr])) {
             trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
         }
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         
         if (!isset($attr[$this->attr])) return $attr;
         

library/HTMLPurifier/AttrTransform/Lang.php

@@ -10,7 +10,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         
         $lang     = isset($attr['lang']) ? $attr['lang'] : false;
         $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;

library/HTMLPurifier/AttrTransform/Length.php

@@ -8,15 +8,15 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
 {
     
-    var $name;
+    protected $name;
-    var $cssName;
+    protected $cssName;
     
-    function HTMLPurifier_AttrTransform_Length($name, $css_name = null) {
+    public function HTMLPurifier_AttrTransform_Length($name, $css_name = null) {
         $this->name = $name;
         $this->cssName = $css_name ? $css_name : $name;
     }
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         if (!isset($attr[$this->name])) return $attr;
         $length = $this->confiscateAttr($attr, $this->name);
         if(ctype_digit($length)) $length .= 'px';

library/HTMLPurifier/AttrTransform/Name.php

@@ -8,7 +8,7 @@ require_once 'HTMLPurifier/AttrTransform.php';
 class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
 {
     
-    function transform($attr, $config, &$context) {
+    public function transform($attr, $config, &$context) {
         if (!isset($attr['name'])) return $attr;
         $id = $this->confiscateAttr($attr, 'name');
         if ( isset($attr['id']))   return $attr;

library/HTMLPurifier/AttrTypes.php

@@ -20,15 +20,14 @@ class HTMLPurifier_AttrTypes
 {
     /**
      * Lookup array of attribute string identifiers to concrete implementations
-     * @protected
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Constructs the info array, supplying default implementations for attribute
      * types.
      */
-    function HTMLPurifier_AttrTypes() {
+    public function HTMLPurifier_AttrTypes() {
         // pseudo-types, must be instantiated via shorthand
         $this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
         $this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
@@ -57,7 +56,7 @@ class HTMLPurifier_AttrTypes
      * @param $type String type name
      * @return Object AttrDef for type
      */
-    function get($type) {
+    public function get($type) {
         
         // determine if there is any extra info tacked on
         if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
@@ -77,7 +76,7 @@ class HTMLPurifier_AttrTypes
      * @param $type String type name
      * @param $impl Object AttrDef for type
      */
-    function set($type, $impl) {
+    public function set($type, $impl) {
         $this->info[$type] = $impl;
     }
 }

library/HTMLPurifier/AttrValidator.php

@@ -18,7 +18,7 @@ class HTMLPurifier_AttrValidator
      * @param $config Instance of HTMLPurifier_Config
      * @param $context Instance of HTMLPurifier_Context
      */
-    function validateToken(&$token, &$config, &$context) {
+    public function validateToken(&$token, &$config, &$context) {
             
         $definition = $config->getHTMLDefinition();
         $e =& $context->get('ErrorCollector', true);

library/HTMLPurifier/CSSDefinition.php

@@ -33,17 +33,17 @@ HTMLPurifier_ConfigSchema::define(
 class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
 {
     
-    var $type = 'CSS';
+    public $type = 'CSS';
     
     /**
      * Assoc array of attribute name to definition object.
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Constructs the info array.  The meat of this class.
      */
-    function doSetup($config) {
+    protected function doSetup($config) {
         
         $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
             array('left', 'right', 'center', 'justify'), false);

library/HTMLPurifier/ChildDef.php

@@ -22,29 +22,25 @@ class HTMLPurifier_ChildDef
     /**
      * Type of child definition, usually right-most part of class name lowercase.
      * Used occasionally in terms of context.
-     * @public
      */
-    var $type;
+    public $type;
     
     /**
      * Bool that indicates whether or not an empty array of children is okay
      * 
      * This is necessary for redundant checking when changes affecting
      * a child node may cause a parent node to now be disallowed.
-     * 
-     * @public
      */
-    var $allow_empty;
+    public $allow_empty;
     
     /**
      * Lookup array of all elements that this definition could possibly allow
      */
-    var $elements = array();
+    public $elements = array();
     
     /**
      * Validates nodes according to definition and returns modification.
      * 
-     * @public
      * @param $tokens_of_children Array of HTMLPurifier_Token
      * @param $config HTMLPurifier_Config object
      * @param $context HTMLPurifier_Context object
@@ -52,7 +48,7 @@ class HTMLPurifier_ChildDef
      * @return bool false to remove parent node
      * @return array of replacement child tokens
      */
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         trigger_error('Call to abstract function', E_USER_ERROR);
     }
 }

library/HTMLPurifier/ChildDef/Chameleon.php

@@ -16,29 +16,27 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
     
     /**
      * Instance of the definition object to use when inline. Usually stricter.
-     * @public
      */
-    var $inline;
+    public $inline;
     
     /**
      * Instance of the definition object to use when block.
-     * @public
      */
-    var $block;
+    public $block;
     
-    var $type = 'chameleon';
+    public $type = 'chameleon';
     
     /**
      * @param $inline List of elements to allow when inline.
      * @param $block List of elements to allow when block.
      */
-    function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
+    public function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
         $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
         $this->block  = new HTMLPurifier_ChildDef_Optional($block);
         $this->elements = $this->block->elements;
     }
     
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         if ($context->get('IsInline') === false) {
             return $this->block->validateChildren(
                 $tokens_of_children, $config, $context);

library/HTMLPurifier/ChildDef/Custom.php

@@ -12,28 +12,28 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
 {
-    var $type = 'custom';
+    public $type = 'custom';
-    var $allow_empty = false;
+    public $allow_empty = false;
     /**
      * Allowed child pattern as defined by the DTD
      */
-    var $dtd_regex;
+    public $dtd_regex;
     /**
      * PCRE regex derived from $dtd_regex
      * @private
      */
-    var $_pcre_regex;
+    private $_pcre_regex;
     /**
      * @param $dtd_regex Allowed child pattern from the DTD
      */
-    function HTMLPurifier_ChildDef_Custom($dtd_regex) {
+    public function HTMLPurifier_ChildDef_Custom($dtd_regex) {
         $this->dtd_regex = $dtd_regex;
         $this->_compileRegex();
     }
     /**
      * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
      */
-    function _compileRegex() {
+    protected function _compileRegex() {
         $raw = str_replace(' ', '', $this->dtd_regex);
         if ($raw{0} != '(') {
             $raw = "($raw)";
@@ -61,7 +61,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
         
         $this->_pcre_regex = $reg;
     }
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         $list_of_children = '';
         $nesting = 0; // depth into the nest
         foreach ($tokens_of_children as $token) {

library/HTMLPurifier/ChildDef/Empty.php

@@ -11,10 +11,10 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
 {
-    var $allow_empty = true;
+    public $allow_empty = true;
-    var $type = 'empty';
+    public $type = 'empty';
-    function HTMLPurifier_ChildDef_Empty() {}
+    public function HTMLPurifier_ChildDef_Empty() {}
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         return array();
     }
 }

library/HTMLPurifier/ChildDef/Optional.php

@@ -11,9 +11,9 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
  */
 class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
 {
-    var $allow_empty = true;
+    public $allow_empty = true;
-    var $type = 'optional';
+    public $type = 'optional';
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         $result = parent::validateChildren($tokens_of_children, $config, $context);
         if ($result === false) {
             if (empty($tokens_of_children)) return true;

library/HTMLPurifier/ChildDef/Required.php

@@ -11,11 +11,11 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
      * Lookup table of allowed elements.
      * @public
      */
-    var $elements = array();
+    public $elements = array();
     /**
      * @param $elements List of allowed element names (lowercase).
      */
-    function HTMLPurifier_ChildDef_Required($elements) {
+    public function HTMLPurifier_ChildDef_Required($elements) {
         if (is_string($elements)) {
             $elements = str_replace(' ', '', $elements);
             $elements = explode('|', $elements);
@@ -30,9 +30,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
         }
         $this->elements = $elements;
     }
-    var $allow_empty = false;
+    public $allow_empty = false;
-    var $type = 'required';
+    public $type = 'required';
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         // if there are no tokens, delete parent node
         if (empty($tokens_of_children)) return false;
         

library/HTMLPurifier/ChildDef/StrictBlockquote.php

@@ -8,12 +8,12 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
 class   HTMLPurifier_ChildDef_StrictBlockquote
 extends HTMLPurifier_ChildDef_Required
 {
-    var $real_elements;
+    protected $real_elements;
-    var $fake_elements;
+    protected $fake_elements;
-    var $allow_empty = true;
+    public $allow_empty = true;
-    var $type = 'strictblockquote';
+    public $type = 'strictblockquote';
-    var $init = false;
+    protected $init = false;
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         
         $def = $config->getHTMLDefinition();
         if (!$this->init) {

library/HTMLPurifier/ChildDef/Table.php

@@ -7,12 +7,12 @@ require_once 'HTMLPurifier/ChildDef.php';
  */
 class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
 {
-    var $allow_empty = false;
+    public $allow_empty = false;
-    var $type = 'table';
+    public $type = 'table';
-    var $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
+    public $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
         'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true);
-    function HTMLPurifier_ChildDef_Table() {}
+    public function HTMLPurifier_ChildDef_Table() {}
-    function validateChildren($tokens_of_children, $config, &$context) {
+    public function validateChildren($tokens_of_children, $config, &$context) {
         if (empty($tokens_of_children)) return false;
         
         // this ensures that the loop gets run one last time before closing

library/HTMLPurifier/Config.php

@@ -35,6 +35,8 @@ if (!defined('PHP_EOL')) {
  *       because a configuration object should always be forwarded,
  *       otherwise, you run the risk of missing a parameter and then
  *       being stumped when a configuration directive doesn't work.
+ * 
+ * @todo Reconsider some of the public member variables
  */
 class HTMLPurifier_Config
 {
@@ -42,65 +44,68 @@ class HTMLPurifier_Config
     /**
      * HTML Purifier's version
      */
-    var $version = '2.1.3';
+    public $version = '2.1.3';
-    
-    /**
-     * Two-level associative array of configuration directives
-     */
-    var $conf;
-    
-    /**
-     * Reference HTMLPurifier_ConfigSchema for value checking
-     */
-    var $def;
-    
-    /**
-     * Indexed array of definitions
-     */
-    var $definitions;
-    
-    /**
-     * Bool indicator whether or not config is finalized
-     */
-    var $finalized = false;
     
     /**
      * Bool indicator whether or not to automatically finalize 
      * the object if a read operation is done
      */
-    var $autoFinalize = true;
+    public $autoFinalize = true;
+    
+    // protected member variables
     
     /**
      * Namespace indexed array of serials for specific namespaces (see
-     * getSerial for more info).
+     * getSerial() for more info).
      */
-    var $serials = array();
+    protected $serials = array();
     
     /**
      * Serial for entire configuration object
      */
-    var $serial;
+    protected $serial;
+    
+    /**
+     * Two-level associative array of configuration directives
+     */
+    protected $conf;
+    
+    /**
+     * Reference HTMLPurifier_ConfigSchema for value checking
+     * @note This is public for introspective purposes. Please don't
+     *       abuse!
+     */
+    public $def;
+    
+    /**
+     * Indexed array of definitions
+     */
+    protected $definitions;
+    
+    /**
+     * Bool indicator whether or not config is finalized
+     */
+    protected $finalized = false;
     
     /**
      * @param $definition HTMLPurifier_ConfigSchema that defines what directives
      *                    are allowed.
      */
-    function HTMLPurifier_Config(&$definition) {
+    public function HTMLPurifier_Config(&$definition) {
         $this->conf = $definition->defaults; // set up, copy in defaults
         $this->def  = $definition; // keep a copy around for checking
     }
     
     /**
      * Convenience constructor that creates a config object based on a mixed var
-     * @static
      * @param mixed $config Variable that defines the state of the config
      *                      object. Can be: a HTMLPurifier_Config() object,
      *                      an array of directives based on loadArray(),
      *                      or a string filename of an ini file.
      * @return Configured HTMLPurifier_Config object
      */
-    function create($config) {
+    public static function create($config) {
-        if (is_a($config, 'HTMLPurifier_Config')) {
+        if ($config instanceof HTMLPurifier_Config) {
             // pass-through
             return $config;
         }
@@ -112,10 +117,9 @@ class HTMLPurifier_Config
     
     /**
      * Convenience constructor that creates a default configuration object.
-     * @static
      * @return Default HTMLPurifier_Config object.
      */
-    function createDefault() {
+    public static function createDefault() {
         $definition =& HTMLPurifier_ConfigSchema::instance();
         $config = new HTMLPurifier_Config($definition);
         return $config;
@@ -126,7 +130,7 @@ class HTMLPurifier_Config
      * @param $namespace String namespace
      * @param $key String key
      */
-    function get($namespace, $key, $from_alias = false) {
+    public function get($namespace, $key) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         if (!isset($this->def->info[$namespace][$key])) {
             // can't add % due to SimpleTest bug
@@ -147,7 +151,7 @@ class HTMLPurifier_Config
      * Retreives an array of directives to values from a given namespace
      * @param $namespace String namespace
      */
-    function getBatch($namespace) {
+    public function getBatch($namespace) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         if (!isset($this->def->info[$namespace])) {
             trigger_error('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
@@ -164,7 +168,7 @@ class HTMLPurifier_Config
      *       before processing!
      * @param $namespace Namespace to get serial for
      */
-    function getBatchSerial($namespace) {
+    public function getBatchSerial($namespace) {
         if (empty($this->serials[$namespace])) {
             $batch = $this->getBatch($namespace);
             unset($batch['DefinitionRev']);
@@ -177,7 +181,7 @@ class HTMLPurifier_Config
      * Returns a md5 signature for the entire configuration object
      * that uniquely identifies that particular configuration
      */
-    function getSerial() {
+    public function getSerial() {
         if (empty($this->serial)) {
             $this->serial = md5(serialize($this->getAll()));
         }
@@ -187,7 +191,7 @@ class HTMLPurifier_Config
     /**
      * Retrieves all directives, organized by namespace
      */
-    function getAll() {
+    public function getAll() {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         return $this->conf;
     }
@@ -198,7 +202,7 @@ class HTMLPurifier_Config
      * @param $key String key
      * @param $value Mixed value
      */
-    function set($namespace, $key, $value, $from_alias = false) {
+    public function set($namespace, $key, $value, $from_alias = false) {
         if ($this->isFinalized('Cannot set directive after finalization')) return;
         if (!isset($this->def->info[$namespace][$key])) {
             trigger_error('Cannot set undefined directive ' . htmlspecialchars("$namespace.$key") . ' to value',
@@ -252,9 +256,8 @@ class HTMLPurifier_Config
     
     /**
      * Convenience function for error reporting
-     * @private
      */
-    function _listify($lookup) {
+    private function _listify($lookup) {
         $list = array();
         foreach ($lookup as $name => $b) $list[] = $name;
         return implode(', ', $list);
@@ -265,7 +268,7 @@ class HTMLPurifier_Config
      * @param $raw Return a copy that has not been setup yet. Must be
      *             called before it's been setup, otherwise won't work.
      */
-    function &getHTMLDefinition($raw = false) {
+    public function &getHTMLDefinition($raw = false) {
         $def =& $this->getDefinition('HTML', $raw);
         return $def; // prevent PHP 4.4.0 from complaining
     }
@@ -273,7 +276,7 @@ class HTMLPurifier_Config
     /**
      * Retrieves reference to the CSS definition
      */
-    function &getCSSDefinition($raw = false) {
+    public function &getCSSDefinition($raw = false) {
         $def =& $this->getDefinition('CSS', $raw);
         return $def;
     }
@@ -283,7 +286,7 @@ class HTMLPurifier_Config
      * @param $type Type of definition: HTML, CSS, etc
      * @param $raw  Whether or not definition should be returned raw
      */
-    function &getDefinition($type, $raw = false) {
+    public function &getDefinition($type, $raw = false) {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
         $factory = HTMLPurifier_DefinitionCacheFactory::instance();
         $cache = $factory->create($type, $this);
@@ -343,7 +346,7 @@ class HTMLPurifier_Config
      * Namespace.Directive => Value
      * @param $config_array Configuration associative array
      */
-    function loadArray($config_array) {
+    public function loadArray($config_array) {
         if ($this->isFinalized('Cannot load directives after finalization')) return;
         foreach ($config_array as $key => $value) {
             $key = str_replace('_', '.', $key);
@@ -366,9 +369,8 @@ class HTMLPurifier_Config
      * that are allowed in a web-form context as per an allowed
      * namespaces/directives list.
      * @param $allowed List of allowed namespaces/directives
-     * @static
      */
-    function getAllowedDirectivesForForm($allowed) {
+    public static function getAllowedDirectivesForForm($allowed) {
         $schema = HTMLPurifier_ConfigSchema::instance();
         if ($allowed !== true) {
              if (is_string($allowed)) $allowed = array($allowed);
@@ -411,9 +413,8 @@ class HTMLPurifier_Config
      * @param $index Index/name that the config variables are in
      * @param $allowed List of allowed namespaces/directives 
      * @param $mq_fix Boolean whether or not to enable magic quotes fix
-     * @static
      */
-    function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
         $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
         $config = HTMLPurifier_Config::create($ret);
         return $config;
@@ -423,7 +424,7 @@ class HTMLPurifier_Config
      * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
      * @note Same parameters as loadArrayFromForm
      */
-    function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
          $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
          $this->loadArray($ret);
     }
@@ -431,9 +432,8 @@ class HTMLPurifier_Config
     /**
      * Prepares an array from a form into something usable for the more
      * strict parts of HTMLPurifier_Config
-     * @static
      */
-    function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
+    public static function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
         $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
         $mq = get_magic_quotes_gpc() && $mq_fix;
         
@@ -457,7 +457,7 @@ class HTMLPurifier_Config
      * Loads configuration values from an ini file
      * @param $filename Name of ini file
      */
-    function loadIni($filename) {
+    public function loadIni($filename) {
         if ($this->isFinalized('Cannot load directives after finalization')) return;
         $array = parse_ini_file($filename, true);
         $this->loadArray($array);
@@ -467,7 +467,7 @@ class HTMLPurifier_Config
      * Checks whether or not the configuration object is finalized.
      * @param $error String error message, or false for no error
      */
-    function isFinalized($error = false) {
+    public function isFinalized($error = false) {
         if ($this->finalized && $error) {
             trigger_error($error, E_USER_ERROR);
         }
@@ -478,14 +478,14 @@ class HTMLPurifier_Config
      * Finalizes configuration only if auto finalize is on and not
      * already finalized
      */
-    function autoFinalize() {
+    public function autoFinalize() {
         if (!$this->finalized && $this->autoFinalize) $this->finalize();
     }
     
     /**
      * Finalizes a configuration object, prohibiting further change
      */
-    function finalize() {
+    public function finalize() {
         $this->finalized = true;
     }
     

library/HTMLPurifier/ConfigDef.php

@@ -4,6 +4,6 @@
  * Base class for configuration entity
  */
 class HTMLPurifier_ConfigDef {
-    var $class = false;
+    public $class = false;
 }
 

library/HTMLPurifier/ConfigDef/Directive.php

@@ -9,9 +9,9 @@ require_once 'HTMLPurifier/ConfigDef.php';
 class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
 {
     
-    var $class = 'directive';
+    public $class = 'directive';
     
-    function HTMLPurifier_ConfigDef_Directive(
+    public function HTMLPurifier_ConfigDef_Directive(
         $type = null,
         $descriptions = null,
         $allow_null = null,
@@ -37,40 +37,40 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
      *      - hash (array of key => value)
      *      - mixed (anything goes)
      */
-    var $type = 'mixed';
+    public $type = 'mixed';
     
     /**
      * Plaintext descriptions of the configuration entity is. Organized by
      * file and line number, so multiple descriptions are allowed.
      */
-    var $descriptions = array();
+    public $descriptions = array();
     
     /**
      * Is null allowed? Has no effect for mixed type.
      * @bool
      */
-    var $allow_null = false;
+    public $allow_null = false;
     
     /**
      * Lookup table of allowed values of the element, bool true if all allowed.
      */
-    var $allowed = true;
+    public $allowed = true;
     
     /**
      * Hash of value aliases, i.e. values that are equivalent.
      */
-    var $aliases = array();
+    public $aliases = array();
     
     /**
      * Advisory list of directive aliases, i.e. other directives that
      * redirect here
      */
-    var $directiveAliases = array();
+    public $directiveAliases = array();
     
     /**
      * Adds a description to the array
      */
-    function addDescription($file, $line, $description) {
+    public function addDescription($file, $line, $description) {
         if (!isset($this->descriptions[$file])) $this->descriptions[$file] = array();
         $this->descriptions[$file][$line] = $description;
     }

library/HTMLPurifier/ConfigDef/DirectiveAlias.php

@@ -7,18 +7,18 @@ require_once 'HTMLPurifier/ConfigDef.php';
  */
 class HTMLPurifier_ConfigDef_DirectiveAlias extends HTMLPurifier_ConfigDef
 {
-    var $class = 'alias';
+    public $class = 'alias';
     
     /**
      * Namespace being aliased to
      */
-    var $namespace;
+    public $namespace;
     /**
      * Directive being aliased to
      */
-    var $name;
+    public $name;
     
-    function HTMLPurifier_ConfigDef_DirectiveAlias($namespace, $name) {
+    public function HTMLPurifier_ConfigDef_DirectiveAlias($namespace, $name) {
         $this->namespace = $namespace;
         $this->name = $name;
     }

library/HTMLPurifier/ConfigDef/Namespace.php

@@ -7,16 +7,16 @@ require_once 'HTMLPurifier/ConfigDef.php';
  */
 class HTMLPurifier_ConfigDef_Namespace extends HTMLPurifier_ConfigDef {
     
-    function HTMLPurifier_ConfigDef_Namespace($description = null) {
+    public function HTMLPurifier_ConfigDef_Namespace($description = null) {
         $this->description = $description;
     }
     
-    var $class = 'namespace';
+    public $class = 'namespace';
     
     /**
      * String description of what kinds of directives go in this namespace.
      */
-    var $description;
+    public $description;
     
 }
 

library/HTMLPurifier/ConfigSchema.php

@@ -33,22 +33,22 @@ class HTMLPurifier_ConfigSchema {
      * Defaults of the directives and namespaces.
      * @note This shares the exact same structure as HTMLPurifier_Config::$conf
      */
-    var $defaults = array();
+    public $defaults = array();
     
     /**
      * Definition of the directives.
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Definition of namespaces.
      */
-    var $info_namespace = array();
+    public $info_namespace = array();
     
     /**
      * Lookup table of allowed types.
      */
-    var $types = array(
+    public $types = array(
         'string'    => 'String',
         'istring'   => 'Case-insensitive string',
         'text'      => 'Text',
@@ -65,7 +65,7 @@ class HTMLPurifier_ConfigSchema {
     /**
      * Initializes the default namespaces.
      */
-    function initialize() {
+    public function initialize() {
         $this->defineNamespace('Core', 'Core features that are always available.');
         $this->defineNamespace('Attr', 'Features regarding attribute validation.');
         $this->defineNamespace('URI', 'Features regarding Uniform Resource Identifiers.');
@@ -80,9 +80,8 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Retrieves an instance of the application-wide configuration definition.
-     * @static
      */
-    function &instance($prototype = null) {
+    public static function &instance($prototype = null) {
         static $instance;
         if ($prototype !== null) {
             $instance = $prototype;
@@ -95,7 +94,6 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a directive for configuration
-     * @static
      * @warning Will fail of directive's namespace is defined
      * @param $namespace Namespace the directive is in
      * @param $name Key of directive
@@ -104,7 +102,7 @@ class HTMLPurifier_ConfigSchema {
      *      HTMLPurifier_DirectiveDef::$type for allowed values
      * @param $description Description of directive for documentation
      */
-    function define($namespace, $name, $default, $type, $description) {
+    public static function define($namespace, $name, $default, $type, $description) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         
         // basic sanity checks
@@ -173,11 +171,10 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a namespace for directives to be put into.
-     * @static
      * @param $namespace Namespace's name
      * @param $description Description of the namespace
      */
-    function defineNamespace($namespace, $description) {
+    public static function defineNamespace($namespace, $description) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT) {
             if (isset($def->info[$namespace])) {
@@ -206,13 +203,12 @@ class HTMLPurifier_ConfigSchema {
      * 
      * Directive value aliases are convenient for developers because it lets
      * them set a directive to several values and get the same result.
-     * @static
      * @param $namespace Directive's namespace
      * @param $name Name of Directive
      * @param $alias Name of aliased value
      * @param $real Value aliased value will be converted into
      */
-    function defineValueAliases($namespace, $name, $aliases) {
+    public static function defineValueAliases($namespace, $name, $aliases) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
             trigger_error('Cannot set value alias for non-existant directive',
@@ -240,12 +236,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a set of allowed values for a directive.
-     * @static
      * @param $namespace Namespace of directive
      * @param $name Name of directive
      * @param $allowed_values Arraylist of allowed values
      */
-    function defineAllowedValues($namespace, $name, $allowed_values) {
+    public static function defineAllowedValues($namespace, $name, $allowed_values) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
             trigger_error('Cannot define allowed values for undefined directive',
@@ -279,13 +274,12 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Defines a directive alias for backwards compatibility
-     * @static
      * @param $namespace
      * @param $name Directive that will be aliased
      * @param $new_namespace
      * @param $new_name Directive that the alias will be to
      */
-    function defineAlias($namespace, $name, $new_namespace, $new_name) {
+    public static function defineAlias($namespace, $name, $new_namespace, $new_name) {
         $def =& HTMLPurifier_ConfigSchema::instance();
         if (HTMLPURIFIER_SCHEMA_STRICT) {
             if (!isset($def->info[$namespace])) {
@@ -322,8 +316,9 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Validate a variable according to type. Return null if invalid.
+     * @todo Consider making protected
      */
-    function validate($var, $type, $allow_null = false) {
+    public function validate($var, $type, $allow_null = false) {
         if (!isset($this->types[$type])) {
             trigger_error('Invalid type', E_USER_ERROR);
             return;
@@ -414,8 +409,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Takes an absolute path and munges it into a more manageable relative path
+     * @todo Consider making protected
+     * @param $filename Filename to check
+     * @return string munged filename
      */
-    function mungeFilename($filename) {
+    public function mungeFilename($filename) {
         if (!HTMLPURIFIER_SCHEMA_STRICT) return $filename;
         $offset = strrpos($filename, 'HTMLPurifier');
         $filename = substr($filename, $offset);
@@ -425,10 +423,11 @@ class HTMLPurifier_ConfigSchema {
     
     /**
      * Checks if var is an HTMLPurifier_Error object
+     * @todo Consider making protected
      */
-    function isError($var) {
+    public function isError($var) {
         if (!is_object($var)) return false;
-        if (!is_a($var, 'HTMLPurifier_Error')) return false;
+        if (!($var instanceof HTMLPurifier_Error)) return false;
         return true;
     }
 }

library/HTMLPurifier/ContentSets.php

@@ -7,39 +7,38 @@ require_once 'HTMLPurifier/ChildDef/Required.php';
 require_once 'HTMLPurifier/ChildDef/Optional.php';
 require_once 'HTMLPurifier/ChildDef/Custom.php';
 
-// NOT UNIT TESTED!!!
+/**
-
+ * @todo Unit test
+ */
 class HTMLPurifier_ContentSets
 {
     
     /**
      * List of content set strings (pipe seperators) indexed by name.
-     * @public
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * List of content set lookups (element => true) indexed by name.
      * @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
-     * @public
      */
-    var $lookup = array();
+    public $lookup = array();
     
     /**
      * Synchronized list of defined content sets (keys of info)
      */
-    var $keys = array();
+    protected $keys = array();
     /**
      * Synchronized list of defined content values (values of info)
      */
-    var $values = array();
+    protected $values = array();
     
     /**
      * Merges in module's content sets, expands identifiers in the content
      * sets and populates the keys, values and lookup member variables.
      * @param $modules List of HTMLPurifier_HTMLModule
      */
-    function HTMLPurifier_ContentSets($modules) {
+    public function HTMLPurifier_ContentSets($modules) {
         if (!is_array($modules)) $modules = array($modules);
         // populate content_sets based on module hints
         // sorry, no way of overloading
@@ -79,7 +78,7 @@ class HTMLPurifier_ContentSets
      * @param $def HTMLPurifier_ElementDef reference
      * @param $module Module that defined the ElementDef
      */
-    function generateChildDef(&$def, $module) {
+    public function generateChildDef(&$def, $module) {
         if (!empty($def->child)) return; // already done!
         $content_model = $def->content_model;
         if (is_string($content_model)) {
@@ -97,7 +96,7 @@ class HTMLPurifier_ContentSets
      * @param $def HTMLPurifier_ElementDef to have ChildDef extracted
      * @return HTMLPurifier_ChildDef corresponding to ElementDef
      */
-    function getChildDef($def, $module) {
+    public function getChildDef($def, $module) {
         $value = $def->content_model;
         if (is_object($value)) {
             trigger_error(
@@ -137,7 +136,7 @@ class HTMLPurifier_ContentSets
      * @param $string List of elements
      * @return Lookup array of elements
      */
-    function convertToLookup($string) {
+    protected function convertToLookup($string) {
         $array = explode('|', str_replace(' ', '', $string));
         $ret = array();
         foreach ($array as $i => $k) {

library/HTMLPurifier/Context.php

@@ -10,16 +10,15 @@ class HTMLPurifier_Context
     
     /**
      * Private array that stores the references.
-     * @private
      */
-    var $_storage = array();
+    private $_storage = array();
     
     /**
      * Registers a variable into the context.
      * @param $name String name
      * @param $ref Variable to be registered
      */
-    function register($name, &$ref) {
+    public function register($name, &$ref) {
         if (isset($this->_storage[$name])) {
             trigger_error("Name $name produces collision, cannot re-register",
                           E_USER_ERROR);
@@ -33,7 +32,7 @@ class HTMLPurifier_Context
      * @param $name String name
      * @param $ignore_error Boolean whether or not to ignore error
      */
-    function &get($name, $ignore_error = false) {
+    public function &get($name, $ignore_error = false) {
         if (!isset($this->_storage[$name])) {
             if (!$ignore_error) {
                 trigger_error("Attempted to retrieve non-existent variable $name",
@@ -49,7 +48,7 @@ class HTMLPurifier_Context
      * Destorys a variable in the context.
      * @param $name String name
      */
-    function destroy($name) {
+    public function destroy($name) {
         if (!isset($this->_storage[$name])) {
             trigger_error("Attempted to destroy non-existent variable $name",
                           E_USER_ERROR);
@@ -62,7 +61,7 @@ class HTMLPurifier_Context
      * Checks whether or not the variable exists.
      * @param $name String name
      */
-    function exists($name) {
+    public function exists($name) {
         return isset($this->_storage[$name]);
     }
     
@@ -70,7 +69,7 @@ class HTMLPurifier_Context
      * Loads a series of variables from an associative array
      * @param $context_array Assoc array of variables to load
      */
-    function loadArray(&$context_array) {
+    public function loadArray(&$context_array) {
         foreach ($context_array as $key => $discard) {
             $this->register($key, $context_array[$key]);
         }

library/HTMLPurifier/Definition.php

@@ -4,33 +4,31 @@
  * Super-class for definition datatype objects, implements serialization
  * functions for the class.
  */
-class HTMLPurifier_Definition
+abstract class HTMLPurifier_Definition
 {
     
     /**
      * Has setup() been called yet?
      */
-    var $setup = false;
+    public $setup = false;
     
     /**
      * What type of definition is it?
      */
-    var $type;
+    public $type;
     
     /**
      * Sets up the definition object into the final form, something
      * not done by the constructor
      * @param $config HTMLPurifier_Config instance
      */
-    function doSetup($config) {
+    abstract protected function doSetup($config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Setup function that aborts if already setup
      * @param $config HTMLPurifier_Config instance
      */
-    function setup($config) {
+    public function setup($config) {
         if ($this->setup) return;
         $this->setup = true;
         $this->doSetup($config);

library/HTMLPurifier/DefinitionCache.php

@@ -10,25 +10,21 @@ require_once 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
 /**
  * Abstract class representing Definition cache managers that implements
  * useful common methods and is a factory.
- * @todo Get some sort of versioning variable so the library can easily
- *       invalidate the cache with a new version
- * @todo Make the test runner cache aware and allow the user to easily
- *       flush the cache
  * @todo Create a separate maintenance file advanced users can use to
  *       cache their custom HTMLDefinition, which can be loaded
  *       via a configuration directive
  * @todo Implement memcached
  */
-class HTMLPurifier_DefinitionCache
+abstract class HTMLPurifier_DefinitionCache
 {
     
-    var $type;
+    public $type;
     
     /**
      * @param $name Type of definition objects this instance of the
      *      cache will handle.
      */
-    function HTMLPurifier_DefinitionCache($type) {
+    public function HTMLPurifier_DefinitionCache($type) {
         $this->type = $type;
     }
     
@@ -36,7 +32,7 @@ class HTMLPurifier_DefinitionCache
      * Generates a unique identifier for a particular configuration
      * @param Instance of HTMLPurifier_Config
      */
-    function generateKey($config) {
+    public function generateKey($config) {
         return $config->version . '-' . // possibly replace with function calls
                $config->getBatchSerial($this->type) . '-' .
                $config->get($this->type, 'DefinitionRev');
@@ -48,7 +44,7 @@ class HTMLPurifier_DefinitionCache
      * @param $key Key to test
      * @param $config Instance of HTMLPurifier_Config to test against
      */
-    function isOld($key, $config) {
+    public function isOld($key, $config) {
         if (substr_count($key, '-') < 2) return true;
         list($version, $hash, $revision) = explode('-', $key, 3);
         $compare = version_compare($version, $config->version);
@@ -68,7 +64,7 @@ class HTMLPurifier_DefinitionCache
      * @param $def Definition object to check
      * @return Boolean true if good, false if not
      */
-    function checkDefType($def) {
+    public function checkDefType($def) {
         if ($def->type !== $this->type) {
             trigger_error("Cannot use definition of type {$def->type} in cache for {$this->type}");
             return false;
@@ -79,50 +75,37 @@ class HTMLPurifier_DefinitionCache
     /**
      * Adds a definition object to the cache
      */
-    function add($def, $config) {
+    abstract public function add($def, $config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Unconditionally saves a definition object to the cache
      */
-    function set($def, $config) {
+    abstract public function set($def, $config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Replace an object in the cache
      */
-    function replace($def, $config) {
+    abstract public function replace($def, $config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Retrieves a definition object from the cache
      */
-    function get($config) {
+    abstract public function get($config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Removes a definition object to the cache
      */
-    function remove($config) {
+    abstract public function remove($config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Clears all objects from cache
      */
-    function flush($config) {
+    abstract public function flush($config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
-    }
     
     /**
      * Clears all expired (older version or revision) objects from cache
      */
-    function cleanup($config) {
+    abstract public function cleanup($config);
-        trigger_error('Cannot call abstract method', E_USER_ERROR);
+    
-    }
 }
 

library/HTMLPurifier/DefinitionCache/Decorator.php

@@ -8,15 +8,15 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
     /**
      * Cache object we are decorating
      */
-    var $cache;
+    public $cache;
     
-    function HTMLPurifier_DefinitionCache_Decorator() {}
+    public function HTMLPurifier_DefinitionCache_Decorator() {}
     
     /**
      * Lazy decorator function
      * @param $cache Reference to cache object to decorate
      */
-    function decorate(&$cache) {
+    public function decorate(&$cache) {
         $decorator = $this->copy();
         // reference is necessary for mocks in PHP 4
         $decorator->cache =& $cache;
@@ -27,31 +27,35 @@ class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCach
     /**
      * Cross-compatible clone substitute
      */
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         return $this->cache->add($def, $config);
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         return $this->cache->set($def, $config);
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         return $this->cache->replace($def, $config);
     }
     
-    function get($config) {
+    public function get($config) {
         return $this->cache->get($config);
     }
     
-    function flush($config) {
+    public function remove($config) {
+        return $this->cache->remove($config);
+    }
+    
+    public function flush($config) {
         return $this->cache->flush($config);
     }
     
-    function cleanup($config) {
+    public function cleanup($config) {
         return $this->cache->cleanup($config);
     }
     

library/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php

@@ -10,31 +10,31 @@ class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends
       HTMLPurifier_DefinitionCache_Decorator
 {
     
-    var $name = 'Cleanup';
+    public $name = 'Cleanup';
     
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator_Cleanup();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         $status = parent::add($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         $status = parent::set($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         $status = parent::replace($def, $config);
         if (!$status) parent::cleanup($config);
         return $status;
     }
     
-    function get($config) {
+    public function get($config) {
         $ret = parent::get($config);
         if (!$ret) parent::cleanup($config);
         return $ret;

library/HTMLPurifier/DefinitionCache/Decorator/Memory.php

@@ -11,32 +11,32 @@ class HTMLPurifier_DefinitionCache_Decorator_Memory extends
       HTMLPurifier_DefinitionCache_Decorator
 {
     
-    var $definitions;
+    protected $definitions;
-    var $name = 'Memory';
+    public $name = 'Memory';
     
-    function copy() {
+    public function copy() {
         return new HTMLPurifier_DefinitionCache_Decorator_Memory();
     }
     
-    function add($def, $config) {
+    public function add($def, $config) {
         $status = parent::add($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         $status = parent::set($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         $status = parent::replace($def, $config);
         if ($status) $this->definitions[$this->generateKey($config)] = $def;
         return $status;
     }
     
-    function get($config) {
+    public function get($config) {
         $key = $this->generateKey($config);
         if (isset($this->definitions[$key])) return $this->definitions[$key];
         $this->definitions[$key] = parent::get($config);

library/HTMLPurifier/DefinitionCache/Null.php

@@ -8,27 +8,31 @@ require_once 'HTMLPurifier/DefinitionCache.php';
 class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
 {
     
-    function add($def, $config) {
+    public function add($def, $config) {
         return false;
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         return false;
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         return false;
     }
     
-    function get($config) {
+    public function remove($config) {
         return false;
     }
     
-    function flush($config) {
+    public function get($config) {
         return false;
     }
     
-    function cleanup($config) {
+    public function flush($config) {
+        return false;
+    }
+    
+    public function cleanup($config) {
         return false;
     }
     

library/HTMLPurifier/DefinitionCache/Serializer.php

@@ -17,7 +17,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
       HTMLPurifier_DefinitionCache
 {
     
-    function add($def, $config) {
+    public function add($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (file_exists($file)) return false;
@@ -25,14 +25,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         return $this->_write($file, serialize($def));
     }
     
-    function set($def, $config) {
+    public function set($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (!$this->_prepareDir($config)) return false;
         return $this->_write($file, serialize($def));
     }
     
-    function replace($def, $config) {
+    public function replace($def, $config) {
         if (!$this->checkDefType($def)) return;
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
@@ -40,19 +40,19 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         return $this->_write($file, serialize($def));
     }
     
-    function get($config) {
+    public function get($config) {
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
         return unserialize(file_get_contents($file));
     }
     
-    function remove($config) {
+    public function remove($config) {
         $file = $this->generateFilePath($config);
         if (!file_exists($file)) return false;
         return unlink($file);
     }
     
-    function flush($config) {
+    public function flush($config) {
         if (!$this->_prepareDir($config)) return false;
         $dir = $this->generateDirectoryPath($config);
         $dh  = opendir($dir);
@@ -63,7 +63,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
         }
     }
     
-    function cleanup($config) {
+    public function cleanup($config) {
         if (!$this->_prepareDir($config)) return false;
         $dir = $this->generateDirectoryPath($config);
         $dh  = opendir($dir);
@@ -78,8 +78,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates the file path to the serial file corresponding to
      * the configuration and definition name
+     * @todo Make protected
      */
-    function generateFilePath($config) {
+    public function generateFilePath($config) {
         $key = $this->generateKey($config);
         return $this->generateDirectoryPath($config) . '/' . $key . '.ser';
     }
@@ -87,8 +88,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates the path to the directory contain this cache's serial files
      * @note No trailing slash
+     * @todo Make protected
      */
-    function generateDirectoryPath($config) {
+    public function generateDirectoryPath($config) {
         $base = $this->generateBaseDirectoryPath($config);
         return $base . '/' . $this->type;
     }
@@ -96,8 +98,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     /**
      * Generates path to base directory that contains all definition type
      * serials
+     * @todo Make protected
      */
-    function generateBaseDirectoryPath($config) {
+    public function generateBaseDirectoryPath($config) {
         $base = $config->get('Cache', 'SerializerPath');
         $base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base;
         return $base;
@@ -109,7 +112,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * @param $data Data to write into file
      * @return Number of bytes written if success, or false if failure.
      */
-    function _write($file, $data) {
+    private function _write($file, $data) {
         static $file_put_contents;
         if ($file_put_contents === null) {
             $file_put_contents = function_exists('file_put_contents');
@@ -128,7 +131,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * Prepares the directory that this type stores the serials in
      * @return True if successful
      */
-    function _prepareDir($config) {
+    private function _prepareDir($config) {
         $directory = $this->generateDirectoryPath($config);
         if (!is_dir($directory)) {
             $base = $this->generateBaseDirectoryPath($config);
@@ -151,7 +154,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * Tests permissions on a directory and throws out friendly
      * error messages and attempts to chmod it itself if possible
      */
-    function _testPermissions($dir) {
+    private function _testPermissions($dir) {
         // early abort, if it is writable, everything is hunky-dory
         if (is_writable($dir)) return true;
         if (!is_dir($dir)) {

library/HTMLPurifier/DefinitionCacheFactory.php

@@ -26,21 +26,20 @@ HTMLPurifier_ConfigSchema::defineAlias(
 class HTMLPurifier_DefinitionCacheFactory
 {
     
-    var $caches = array('Serializer' => array());
+    protected $caches = array('Serializer' => array());
-    var $decorators = array();
+    protected $decorators = array();
     
     /**
      * Initialize default decorators
      */
-    function setup() {
+    public function setup() {
         $this->addDecorator('Cleanup');
     }
     
     /**
      * Retrieves an instance of global definition cache factory.
-     * @static
      */
-    function &instance($prototype = null) {
+    public static function &instance($prototype = null) {
         static $instance;
         if ($prototype !== null) {
             $instance = $prototype;
@@ -56,7 +55,7 @@ class HTMLPurifier_DefinitionCacheFactory
      * @param $name Name of definitions handled by cache
      * @param $config Instance of HTMLPurifier_Config
      */
-    function &create($type, $config) {
+    public function &create($type, $config) {
         // only one implementation as for right now, $config will
         // be used to determine implementation
         $method = $config->get('Cache', 'DefinitionImpl');
@@ -82,7 +81,7 @@ class HTMLPurifier_DefinitionCacheFactory
      * Registers a decorator to add to all new cache objects
      * @param 
      */
-    function addDecorator($decorator) {
+    public function addDecorator($decorator) {
         if (is_string($decorator)) {
             $class = "HTMLPurifier_DefinitionCache_Decorator_$decorator";
             $decorator = new $class;

library/HTMLPurifier/Doctype.php

@@ -11,40 +11,40 @@ class HTMLPurifier_Doctype
     /**
      * Full name of doctype
      */
-    var $name;
+    public $name;
     
     /**
      * List of standard modules (string identifiers or literal objects)
      * that this doctype uses
      */
-    var $modules = array();
+    public $modules = array();
     
     /**
      * List of modules to use for tidying up code
      */
-    var $tidyModules = array();
+    public $tidyModules = array();
     
     /**
      * Is the language derived from XML (i.e. XHTML)?
      */
-    var $xml = true;
+    public $xml = true;
     
     /**
      * List of aliases for this doctype
      */
-    var $aliases = array();
+    public $aliases = array();
     
     /**
      * Public DTD identifier
      */
-    var $dtdPublic;
+    public $dtdPublic;
     
     /**
      * System DTD identifier
      */
-    var $dtdSystem;
+    public $dtdSystem;
     
-    function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
+    public function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
         $tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
     ) {
         $this->name         = $name;
@@ -59,7 +59,7 @@ class HTMLPurifier_Doctype
     /**
      * Clones the doctype, use before resolving modes and the like
      */
-    function copy() {
+    public function copy() {
         return unserialize(serialize($this));
     }
 }

library/HTMLPurifier/DoctypeRegistry.php

@@ -23,15 +23,13 @@ class HTMLPurifier_DoctypeRegistry
     
     /**
      * Hash of doctype names to doctype objects
-     * @protected
      */
-    var $doctypes;
+    protected $doctypes;
     
     /**
      * Lookup table of aliases to real doctype names
-     * @protected
      */
-    var $aliases;
+    protected $aliases;
     
     /**
      * Registers a doctype to the registry
@@ -43,7 +41,7 @@ class HTMLPurifier_DoctypeRegistry
      * @param $aliases Alias names for doctype
      * @return Reference to registered doctype (usable for further editing)
      */
-    function &register($doctype, $xml = true, $modules = array(),
+    public function &register($doctype, $xml = true, $modules = array(),
         $tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
     ) {
         if (!is_array($modules)) $modules = array($modules);
@@ -73,7 +71,7 @@ class HTMLPurifier_DoctypeRegistry
      * @param $doctype Name of doctype
      * @return Reference to doctype object
      */
-    function &get($doctype) {
+    public function &get($doctype) {
         if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
         if (!isset($this->doctypes[$doctype])) {
             trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
@@ -91,7 +89,7 @@ class HTMLPurifier_DoctypeRegistry
      *       Generator whether or not the current document is XML
      *       based or not).
      */
-    function make($config) {
+    public function make($config) {
         $original_doctype = $this->get($this->getDoctypeFromConfig($config));
         $doctype = $original_doctype->copy();
         return $doctype;
@@ -100,7 +98,7 @@ class HTMLPurifier_DoctypeRegistry
     /**
      * Retrieves the doctype from the configuration object
      */
-    function getDoctypeFromConfig($config) {
+    public function getDoctypeFromConfig($config) {
         // recommended test
         $doctype = $config->get('HTML', 'Doctype');
         if (!empty($doctype)) return $doctype;

library/HTMLPurifier/ElementDef.php

@@ -13,7 +13,7 @@ class HTMLPurifier_ElementDef
      * Does the definition work by itself, or is it created solely
      * for the purpose of merging into another definition?
      */
-    var $standalone = true;
+    public $standalone = true;
     
     /**
      * Associative array of attribute name to HTMLPurifier_AttrDef
@@ -25,29 +25,23 @@ class HTMLPurifier_ElementDef
      *       contain string indentifiers in lieu of HTMLPurifier_AttrDef,
      *       see HTMLPurifier_AttrTypes on how they are expanded during
      *       HTMLPurifier_HTMLDefinition->setup() processing.
-     * @public
      */
-    var $attr = array();
+    public $attr = array();
     
     /**
      * Indexed list of tag's HTMLPurifier_AttrTransform to be done before validation
-     * @public
      */
-    var $attr_transform_pre = array();
+    public $attr_transform_pre = array();
     
     /**
      * Indexed list of tag's HTMLPurifier_AttrTransform to be done after validation
-     * @public
      */
-    var $attr_transform_post = array();
+    public $attr_transform_post = array();
-    
-    
     
     /**
      * HTMLPurifier_ChildDef of this tag.
-     * @public
      */
-    var $child;
+    public $child;
     
     /**
      * Abstract string representation of internal ChildDef rules. See
@@ -55,9 +49,8 @@ class HTMLPurifier_ElementDef
      * into an HTMLPurifier_ChildDef.
      * @warning This is a temporary variable that is not available after
      *      being processed by HTMLDefinition
-     * @public
      */
-    var $content_model;
+    public $content_model;
     
     /**
      * Value of $child->type, used to determine which ChildDef to use,
@@ -65,9 +58,8 @@ class HTMLPurifier_ElementDef
      * @warning This must be lowercase
      * @warning This is a temporary variable that is not available after
      *      being processed by HTMLDefinition
-     * @public
      */
-    var $content_model_type;
+    public $content_model_type;
     
     
     
@@ -76,16 +68,14 @@ class HTMLPurifier_ElementDef
      * is important for chameleon ins and del processing in 
      * HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
      * have to worry about this one.
-     * @public
      */
-    var $descendants_are_inline = false;
+    public $descendants_are_inline = false;
     
     /**
      * List of the names of required attributes this element has. Dynamically
      * populated by HTMLPurifier_HTMLDefinition::getElement
-     * @public
      */
-    var $required_attr = array();
+    public $required_attr = array();
     
     /**
      * Lookup table of tags excluded from all descendants of this tag.
@@ -97,20 +87,18 @@ class HTMLPurifier_ElementDef
      *       all descendants and not just children. Note that the XHTML
      *       Modularization Abstract Modules are blithely unaware of such
      *       distinctions.
-     * @public
      */
-    var $excludes = array();
+    public $excludes = array();
     
     /**
      * Is this element safe for untrusted users to use?
      */
-    var $safe;
+    public $safe;
     
     /**
      * Low-level factory constructor for creating new standalone element defs
-     * @static
      */
-    function create($safe, $content_model, $content_model_type, $attr) {
+    public static function create($safe, $content_model, $content_model_type, $attr) {
         $def = new HTMLPurifier_ElementDef();
         $def->safe = (bool) $safe;
         $def->content_model = $content_model;
@@ -124,7 +112,7 @@ class HTMLPurifier_ElementDef
      * Values from the new element def take precedence if a value is
      * not mergeable.
      */
-    function mergeIn($def) {
+    public function mergeIn($def) {
         
         // later keys takes precedence
         foreach($def->attr as $k => $v) {
@@ -165,7 +153,7 @@ class HTMLPurifier_ElementDef
      * @param $a1 Array by reference that is merged into
      * @param $a2 Array that merges into $a1
      */
-    function _mergeAssocArray(&$a1, $a2) {
+    private function _mergeAssocArray(&$a1, $a2) {
         foreach ($a2 as $k => $v) {
             if ($v === false) {
                 if (isset($a1[$k])) unset($a1[$k]);
@@ -178,7 +166,7 @@ class HTMLPurifier_ElementDef
     /**
      * Retrieves a copy of the element definition
      */
-    function copy() {
+    public function copy() {
         return unserialize(serialize($this));
     }
     

library/HTMLPurifier/Encoder.php

@@ -58,7 +58,7 @@ class HTMLPurifier_Encoder
     /**
      * Constructor throws fatal error if you attempt to instantiate class
      */
-    function HTMLPurifier_Encoder() {
+    private function HTMLPurifier_Encoder() {
         trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
     }
     
@@ -68,7 +68,6 @@ class HTMLPurifier_Encoder
      * It will parse according to UTF-8 and return a valid UTF8 string, with
      * non-SGML codepoints excluded.
      * 
-     * @static
      * @note Just for reference, the non-SGML code points are 0 to 31 and
      *       127 to 159, inclusive.  However, we allow code points 9, 10
      *       and 13, which are the tab, line feed and carriage return
@@ -88,7 +87,7 @@ class HTMLPurifier_Encoder
      *       would need that, and I'm probably not going to implement them.
      *       Once again, PHP 6 should solve all our problems.
      */
-    function cleanUTF8($str, $force_php = false) {
+    public static function cleanUTF8($str, $force_php = false) {
         
         static $non_sgml_chars = array();
         if (empty($non_sgml_chars)) {
@@ -246,7 +245,6 @@ class HTMLPurifier_Encoder
     
     /**
      * Translates a Unicode codepoint into its corresponding UTF-8 character.
-     * @static
      * @note Based on Feyd's function at
      *       <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
      *       which is in public domain.
@@ -271,7 +269,7 @@ class HTMLPurifier_Encoder
     // | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
     // +----------+----------+----------+----------+ 
     
-    function unichr($code) {
+    public static function unichr($code) {
         if($code > 1114111 or $code < 0 or
           ($code >= 55296 and $code <= 57343) ) {
             // bits are set outside the "valid" range as defined
@@ -310,9 +308,8 @@ class HTMLPurifier_Encoder
     
     /**
      * Converts a string to UTF-8 based on configuration.
-     * @static
      */
-    function convertToUTF8($str, $config, &$context) {
+    public static function convertToUTF8($str, $config, &$context) {
         static $iconv = null;
         if ($iconv === null) $iconv = function_exists('iconv');
         $encoding = $config->get('Core', 'Encoding');
@@ -327,11 +324,10 @@ class HTMLPurifier_Encoder
     
     /**
      * Converts a string from UTF-8 based on configuration.
-     * @static
      * @note Currently, this is a lossy conversion, with unexpressable
      *       characters being omitted.
      */
-    function convertFromUTF8($str, $config, &$context) {
+    public static function convertFromUTF8($str, $config, &$context) {
         static $iconv = null;
         if ($iconv === null) $iconv = function_exists('iconv');
         $encoding = $config->get('Core', 'Encoding');
@@ -349,7 +345,6 @@ class HTMLPurifier_Encoder
     
     /**
      * Lossless (character-wise) conversion of HTML to ASCII
-     * @static
      * @param $str UTF-8 string to be converted to ASCII
      * @returns ASCII encoded string with non-ASCII character entity-ized
      * @warning Adapted from MediaWiki, claiming fair use: this is a common
@@ -364,7 +359,7 @@ class HTMLPurifier_Encoder
      * @note Sort of with cleanUTF8() but it assumes that $str is
      *       well-formed UTF-8
      */
-    function convertToASCIIDumbLossless($str) {
+    public static function convertToASCIIDumbLossless($str) {
         $bytesleft = 0;
         $result = '';
         $working = 0;

library/HTMLPurifier/EntityLookup.php

@@ -7,9 +7,8 @@ class HTMLPurifier_EntityLookup {
     
     /**
      * Assoc array of entity name to character represented.
-     * @public
      */
-    var $table;
+    public $table;
     
     /**
      * Sets up the entity lookup table from the serialized file contents.
@@ -17,7 +16,7 @@ class HTMLPurifier_EntityLookup {
      *       using the maintenance script generate_entity_file.php
      * @warning This is not in constructor to help enforce the Singleton
      */
-    function setup($file = false) {
+    public function setup($file = false) {
         if (!$file) {
             $file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
         }
@@ -26,10 +25,9 @@ class HTMLPurifier_EntityLookup {
     
     /**
      * Retrieves sole instance of the object.
-     * @static
      * @param Optional prototype of custom lookup table to overload with.
      */
-    function instance($prototype = false) {
+    public static function instance($prototype = false) {
         // no references, since PHP doesn't copy unless modified
         static $instance = null;
         if ($prototype) {

library/HTMLPurifier/EntityParser.php

@@ -15,24 +15,21 @@ class HTMLPurifier_EntityParser
     
     /**
      * Reference to entity lookup table.
-     * @protected
      */
-    var $_entity_lookup;
+    protected $_entity_lookup;
     
     /**
      * Callback regex string for parsing entities.
-     * @protected
      */                             
-    var $_substituteEntitiesRegex =
+    protected $_substituteEntitiesRegex =
 '/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
 //     1. hex             2. dec      3. string (XML style)
     
     
     /**
      * Decimal to parsed string conversion table for special entities.
-     * @protected
      */
-    var $_special_dec2str =
+    protected $_special_dec2str =
             array(
                     34 => '"',
                     38 => '&',
@@ -43,9 +40,8 @@ class HTMLPurifier_EntityParser
     
     /**
      * Stripped entity names to decimal conversion table for special entities.
-     * @protected
      */
-    var $_special_ent2dec =
+    protected $_special_ent2dec =
             array(
                     'quot' => 34,
                     'amp'  => 38,
@@ -58,11 +54,10 @@ class HTMLPurifier_EntityParser
      * running this whenever you have parsed character is t3h 5uck, we run
      * it before everything else.
      * 
-     * @protected
      * @param $string String to have non-special entities parsed.
      * @returns Parsed string.
      */
-    function substituteNonSpecialEntities($string) {
+    public function substituteNonSpecialEntities($string) {
         // it will try to detect missing semicolons, but don't rely on it
         return preg_replace_callback(
             $this->_substituteEntitiesRegex,
@@ -74,15 +69,13 @@ class HTMLPurifier_EntityParser
     /**
      * Callback function for substituteNonSpecialEntities() that does the work.
      * 
-     * @warning Though this is public in order to let the callback happen,
-     *          calling it directly is not recommended.
      * @param $matches  PCRE matches array, with 0 the entire match, and
      *                  either index 1, 2 or 3 set with a hex value, dec value,
      *                  or string (respectively).
      * @returns Replacement string.
      */
     
-    function nonSpecialEntityCallback($matches) {
+    protected function nonSpecialEntityCallback($matches) {
         // replaces all but big five
         $entity = $matches[0];
         $is_num = (@$matches[0][1] === '#');
@@ -113,11 +106,10 @@ class HTMLPurifier_EntityParser
      * @notice We try to avoid calling this function because otherwise, it
      * would have to be called a lot (for every parsed section).
      * 
-     * @protected
      * @param $string String to have non-special entities parsed.
      * @returns Parsed string.
      */
-    function substituteSpecialEntities($string) {
+    public function substituteSpecialEntities($string) {
         return preg_replace_callback(
             $this->_substituteEntitiesRegex,
             array($this, 'specialEntityCallback'),
@@ -129,14 +121,12 @@ class HTMLPurifier_EntityParser
      * 
      * This callback has same syntax as nonSpecialEntityCallback().
      * 
-     * @warning Though this is public in order to let the callback happen,
-     *          calling it directly is not recommended.
      * @param $matches  PCRE-style matches array, with 0 the entire match, and
      *                  either index 1, 2 or 3 set with a hex value, dec value,
      *                  or string (respectively).
      * @returns Replacement string.
      */
-    function specialEntityCallback($matches) {
+    protected function specialEntityCallback($matches) {
         $entity = $matches[0];
         $is_num = (@$matches[0][1] === '#');
         if ($is_num) {

library/HTMLPurifier/ErrorCollector.php

@@ -9,12 +9,12 @@ require_once 'HTMLPurifier/Generator.php';
 class HTMLPurifier_ErrorCollector
 {
     
-    var $errors = array();
+    protected $errors = array();
-    var $locale;
+    protected $locale;
-    var $generator;
+    protected $generator;
-    var $context;
+    protected $context;
     
-    function HTMLPurifier_ErrorCollector(&$context) {
+    public function HTMLPurifier_ErrorCollector(&$context) {
         $this->locale    =& $context->get('Locale');
         $this->generator =& $context->get('Generator');
         $this->context   =& $context;
@@ -26,7 +26,7 @@ class HTMLPurifier_ErrorCollector
      * @param $severity int Error severity, PHP error style (don't use E_USER_)
      * @param $msg string Error message text
      */
-    function send($severity, $msg) {
+    public function send($severity, $msg) {
         
         $args = array();
         if (func_num_args() > 2) {
@@ -65,7 +65,7 @@ class HTMLPurifier_ErrorCollector
      * @param List of arrays in format of array(Error message text,
      *        token that caused error, tokens surrounding token)
      */
-    function getRaw() {
+    public function getRaw() {
         return $this->errors;
     }
     
@@ -73,7 +73,7 @@ class HTMLPurifier_ErrorCollector
      * Default HTML formatting implementation for error messages
      * @param $config Configuration array, vital for HTML output nature
      */
-    function getHTMLFormatted($config) {
+    public function getHTMLFormatted($config) {
         $ret = array();
         
         $errors = $this->errors;

library/HTMLPurifier/Filter.php

@@ -14,6 +14,9 @@
  * named 1, 2 and 3, the order of execution should go 1->preFilter,
  * 2->preFilter, 3->preFilter, purify, 3->postFilter, 2->postFilter,
  * 1->postFilter.
+ * 
+ * @note Methods are not declared abstract as it is perfectly legitimate
+ *       for an implementation not to want anything to happen on a step
  */
 
 class HTMLPurifier_Filter
@@ -22,17 +25,21 @@ class HTMLPurifier_Filter
     /**
      * Name of the filter for identification purposes
      */
-    var $name;
+    public $name;
     
     /**
      * Pre-processor function, handles HTML before HTML Purifier 
      */
-    function preFilter($html, $config, &$context) {}
+    public function preFilter($html, $config, &$context) {
+        return $html;
+    }
     
     /**
      * Post-processor function, handles HTML after HTML Purifier
      */
-    function postFilter($html, $config, &$context) {}
+    public function postFilter($html, $config, &$context) {
+        return $html;
+    }
     
 }
 

library/HTMLPurifier/Filter/YouTube.php

@@ -5,16 +5,16 @@ require_once 'HTMLPurifier/Filter.php';
 class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
 {
     
-    var $name = 'YouTube preservation';
+    public $name = 'YouTube preservation';
     
-    function preFilter($html, $config, &$context) {
+    public function preFilter($html, $config, &$context) {
         $pre_regex = '#<object[^>]+>.+?'.
             'http://www.youtube.com/v/([A-Za-z0-9\-_]+).+?</object>#s';
         $pre_replace = '<span class="youtube-embed">\1</span>';
         return preg_replace($pre_regex, $pre_replace, $html);
     }
     
-    function postFilter($html, $config, &$context) {
+    public function postFilter($html, $config, &$context) {
         $post_regex = '#<span class="youtube-embed">([A-Za-z0-9\-_]+)</span>#';
         $post_replace = '<object width="425" height="350" '.
             'data="http://www.youtube.com/v/\1">'.

library/HTMLPurifier/Generator.php

@@ -48,6 +48,8 @@ HTMLPurifier_ConfigSchema::define('Output', 'Newline', null, 'string/null', '
  * Generates HTML from tokens.
  * @todo Refactor interface so that configuration/context is determined
  *       upon instantiation, no need for messy generateFromTokens() calls
+ * @todo Make some of the more internal functions protected, and have
+ *       unit tests work around that
  */
 class HTMLPurifier_Generator
 {
@@ -56,19 +58,19 @@ class HTMLPurifier_Generator
      * Bool cache of %HTML.XHTML
      * @private
      */
-    var $_xhtml = true;
+    private $_xhtml = true;
     
     /**
      * Bool cache of %Output.CommentScriptContents
      * @private
      */
-    var $_scriptFix = false;
+    private $_scriptFix = false;
     
     /**
      * Cache of HTMLDefinition
      * @private
      */
-    var $_def;
+    private $_def;
     
     /**
      * Generates HTML from an array of tokens.
@@ -76,7 +78,7 @@ class HTMLPurifier_Generator
      * @param $config HTMLPurifier_Config object
      * @return Generated HTML
      */
-    function generateFromTokens($tokens, $config, &$context) {
+    public function generateFromTokens($tokens, $config, &$context) {
         $html = '';
         if (!$config) $config = HTMLPurifier_Config::createDefault();
         $this->_scriptFix   = $config->get('Output', 'CommentScriptContents');
@@ -136,7 +138,7 @@ class HTMLPurifier_Generator
      * @param $token HTMLPurifier_Token object.
      * @return Generated HTML
      */
-    function generateFromToken($token) {
+    public function generateFromToken($token) {
         if (!isset($token->type)) return '';
         if ($token->type == 'start') {
             $attr = $this->generateAttributes($token->attr, $token->name);
@@ -165,7 +167,7 @@ class HTMLPurifier_Generator
      * @warning This runs into problems if there's already a literal
      *          --> somewhere inside the script contents.
      */
-    function generateScriptFromToken($token) {
+    public function generateScriptFromToken($token) {
         if ($token->type != 'text') return $this->generateFromToken($token);
         // return '<!--' . "\n" . trim($token->data) . "\n" . '// -->';
         // more advanced version:
@@ -179,7 +181,7 @@ class HTMLPurifier_Generator
      * @param $assoc_array_of_attributes Attribute array
      * @return Generate HTML fragment for insertion.
      */
-    function generateAttributes($assoc_array_of_attributes, $element) {
+    public function generateAttributes($assoc_array_of_attributes, $element) {
         $html = '';
         foreach ($assoc_array_of_attributes as $key => $value) {
             if (!$this->_xhtml) {
@@ -200,7 +202,7 @@ class HTMLPurifier_Generator
      * @param $string String data to escape for HTML.
      * @return String escaped data.
      */
-    function escape($string) {
+    public function escape($string) {
         return htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
     }
     

library/HTMLPurifier/HTMLDefinition.php

@@ -156,65 +156,56 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
     
     /**
      * Associative array of element names to HTMLPurifier_ElementDef
-     * @public
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Associative array of global attribute name to attribute definition.
-     * @public
      */
-    var $info_global_attr = array();
+    public $info_global_attr = array();
     
     /**
      * String name of parent element HTML will be going into.
-     * @public
      */
-    var $info_parent = 'div';
+    public $info_parent = 'div';
     
     /**
      * Definition for parent element, allows parent element to be a
      * tag that's not allowed inside the HTML fragment.
-     * @public
      */
-    var $info_parent_def;
+    public $info_parent_def;
     
     /**
      * String name of element used to wrap inline elements in block context
      * @note This is rarely used except for BLOCKQUOTEs in strict mode
-     * @public
      */
-    var $info_block_wrapper = 'p';
+    public $info_block_wrapper = 'p';
     
     /**
      * Associative array of deprecated tag name to HTMLPurifier_TagTransform
-     * @public
      */
-    var $info_tag_transform = array();
+    public $info_tag_transform = array();
     
     /**
      * Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
-     * @public
      */
-    var $info_attr_transform_pre = array();
+    public $info_attr_transform_pre = array();
     
     /**
      * Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
-     * @public
      */
-    var $info_attr_transform_post = array();
+    public $info_attr_transform_post = array();
     
     /**
      * Nested lookup array of content set name (Block, Inline) to
      * element name to whether or not it belongs in that content set.
-     * @public
      */
-    var $info_content_sets = array();
+    public $info_content_sets = array();
     
     /**
      * Doctype object
      */
-    var $doctype;
+    public $doctype;
     
     
     
@@ -227,7 +218,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
      * @param $def Attribute definition, can be string or object, see
      *             HTMLPurifier_AttrTypes for details
      */
-    function addAttribute($element_name, $attr_name, $def) {
+    public function addAttribute($element_name, $attr_name, $def) {
         $module =& $this->getAnonymousModule();
         $element =& $module->addBlankElement($element_name);
         $element->attr[$attr_name] = $def;
@@ -238,7 +229,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
      * @note See HTMLPurifier_HTMLModule::addElement for detailed 
      *       parameter and return value descriptions.
      */
-    function &addElement($element_name, $type, $contents, $attr_collections, $attributes) {
+    public function &addElement($element_name, $type, $contents, $attr_collections, $attributes) {
         $module =& $this->getAnonymousModule();
         // assume that if the user is calling this, the element
         // is safe. This may not be a good idea
@@ -252,7 +243,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
      * @note See HTMLPurifier_HTMLModule::addBlankElement for detailed
      *       parameter and return value descriptions.
      */
-    function &addBlankElement($element_name) {
+    public function &addBlankElement($element_name) {
         $module  =& $this->getAnonymousModule();
         $element =& $module->addBlankElement($element_name);
         return $element;
@@ -263,7 +254,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
      * bust out advanced features without having to make your own
      * module.
      */
-    function &getAnonymousModule() {
+    public function &getAnonymousModule() {
         if (!$this->_anonModule) {
             $this->_anonModule = new HTMLPurifier_HTMLModule();
             $this->_anonModule->name = 'Anonymous';
@@ -271,22 +262,22 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
         return $this->_anonModule;
     }
     
-    var $_anonModule;
+    private $_anonModule;
     
     
     // PUBLIC BUT INTERNAL VARIABLES --------------------------------------
     
-    var $type = 'HTML';
+    public $type = 'HTML';
-    var $manager; /**< Instance of HTMLPurifier_HTMLModuleManager */
+    public $manager; /**< Instance of HTMLPurifier_HTMLModuleManager */
     
     /**
      * Performs low-cost, preliminary initialization.
      */
-    function HTMLPurifier_HTMLDefinition() {
+    public function HTMLPurifier_HTMLDefinition() {
         $this->manager = new HTMLPurifier_HTMLModuleManager();
     }
     
-    function doSetup($config) {
+    protected function doSetup($config) {
         $this->processModules($config);
         $this->setupConfigStuff($config);
         unset($this->manager);
@@ -301,7 +292,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
     /**
      * Extract out the information from the manager
      */
-    function processModules($config) {
+    protected function processModules($config) {
         
         if ($this->_anonModule) {
             // for user specific changes
@@ -337,7 +328,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
     /**
      * Sets up stuff based on config. We need a better way of doing this.
      */
-    function setupConfigStuff($config) {
+    protected function setupConfigStuff($config) {
         
         $block_wrapper = $config->get('HTML', 'BlockWrapper');
         if (isset($this->info_content_sets['Block'][$block_wrapper])) {
@@ -434,8 +425,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
      *      it is different, and you'll probably have to modify your lists
      * @param $list String list to parse
      * @param array($allowed_elements, $allowed_attributes)
+     * @todo Give this its own class, probably static interface
      */
-    function parseTinyMCEAllowedList($list) {
+    public function parseTinyMCEAllowedList($list) {
         
         $elements = array();
         $attributes = array();

library/HTMLPurifier/HTMLModule.php

@@ -12,6 +12,7 @@
  *       correspond to the variables in HTMLPurifier_HTMLDefinition.
  *       However, the prefix info carries no special meaning in these
  *       objects (include it anyway if that's the correspondence though).
+ * @todo Consider making some member functions protected
  */
 
 class HTMLPurifier_HTMLModule
@@ -22,31 +23,28 @@ class HTMLPurifier_HTMLModule
     /**
      * Short unique string identifier of the module
      */
-    var $name;
+    public $name;
     
     /**
      * Informally, a list of elements this module changes. Not used in
      * any significant way.
-     * @protected
      */
-    var $elements = array();
+    public $elements = array();
     
     /**
      * Associative array of element names to element definitions.
      * Some definitions may be incomplete, to be merged in later
      * with the full definition.
-     * @public
      */
-    var $info = array();
+    public $info = array();
     
     /**
      * Associative array of content set names to content set additions.
      * This is commonly used to, say, add an A element to the Inline
      * content set. This corresponds to an internal variable $content_sets
      * and NOT info_content_sets member variable of HTMLDefinition.
-     * @public
      */
-    var $content_sets = array();
+    public $content_sets = array();
     
     /**
      * Associative array of attribute collection names to attribute
@@ -55,36 +53,31 @@ class HTMLPurifier_HTMLModule
      * the style attribute to the Core. Corresponds to HTMLDefinition's
      * attr_collections->info, since the object's data is only info,
      * with extra behavior associated with it.
-     * @public
      */
-    var $attr_collections = array();
+    public $attr_collections = array();
     
     /**
      * Associative array of deprecated tag name to HTMLPurifier_TagTransform
-     * @public
      */
-    var $info_tag_transform = array();
+    public $info_tag_transform = array();
     
     /**
      * List of HTMLPurifier_AttrTransform to be performed before validation.
-     * @public
      */
-    var $info_attr_transform_pre = array();
+    public $info_attr_transform_pre = array();
     
     /**
      * List of HTMLPurifier_AttrTransform to be performed after validation.
-     * @public
      */
-    var $info_attr_transform_post = array();
+    public $info_attr_transform_post = array();
     
     /**
      * Boolean flag that indicates whether or not getChildDef is implemented.
      * For optimization reasons: may save a call to a function. Be sure
      * to set it if you do implement getChildDef(), otherwise it will have
      * no effect!
-     * @public
      */
-    var $defines_child_def = false;
+    public $defines_child_def = false;
     
     /**
      * Retrieves a proper HTMLPurifier_ChildDef subclass based on 
@@ -93,9 +86,8 @@ class HTMLPurifier_HTMLModule
      * in HTMLPurifier_HTMLDefinition.
      * @param $def HTMLPurifier_ElementDef instance
      * @return HTMLPurifier_ChildDef subclass
-     * @public
      */
-    function getChildDef($def) {return false;}
+    public function getChildDef($def) {return false;}
     
     // -- Convenience -----------------------------------------------------
     
@@ -113,9 +105,8 @@ class HTMLPurifier_HTMLModule
      * @note See ElementDef for in-depth descriptions of these parameters.
      * @return Reference to created element definition object, so you 
      *         can set advanced parameters
-     * @protected
      */
-    function &addElement($element, $safe, $type, $contents, $attr_includes = array(), $attr = array()) {
+    public function &addElement($element, $safe, $type, $contents, $attr_includes = array(), $attr = array()) {
         $this->elements[] = $element;
         // parse content_model
         list($content_model_type, $content_model) = $this->parseContents($contents);
@@ -138,7 +129,7 @@ class HTMLPurifier_HTMLModule
      * @param $element Name of element to create
      * @return Reference to created element
      */
-    function &addBlankElement($element) {
+    public function &addBlankElement($element) {
         if (!isset($this->info[$element])) {
             $this->elements[] = $element;
             $this->info[$element] = new HTMLPurifier_ElementDef();
@@ -154,9 +145,8 @@ class HTMLPurifier_HTMLModule
      * @param Element to register
      * @param Name content set (warning: case sensitive, usually upper-case
      *        first letter)
-     * @protected
      */
-    function addElementToContentSet($element, $type) {
+    public function addElementToContentSet($element, $type) {
         if (!isset($this->content_sets[$type])) $this->content_sets[$type] = '';
         else $this->content_sets[$type] .= ' | ';
         $this->content_sets[$type] .= $element;
@@ -171,7 +161,7 @@ class HTMLPurifier_HTMLModule
      *       returned, and the callee needs to take the original $contents
      *       and use it directly.
      */
-    function parseContents($contents) {
+    public function parseContents($contents) {
         if (!is_string($contents)) return array(null, null); // defer
         switch ($contents) {
             // check for shorthand content model forms
@@ -194,7 +184,7 @@ class HTMLPurifier_HTMLModule
      * @param $attr Reference to attr array to modify
      * @param $attr_includes Array of includes / string include to merge in
      */
-    function mergeInAttrIncludes(&$attr, $attr_includes) {
+    public function mergeInAttrIncludes(&$attr, $attr_includes) {
         if (!is_array($attr_includes)) {
             if (empty($attr_includes)) $attr_includes = array();
             else $attr_includes = array($attr_includes);
@@ -210,7 +200,7 @@ class HTMLPurifier_HTMLModule
      *       place of the regular argument
      * @return Lookup array equivalent of list
      */
-    function makeLookup($list) {
+    public function makeLookup($list) {
         if (is_string($list)) $list = func_get_args();
         $ret = array();
         foreach ($list as $value) {

library/HTMLPurifier/HTMLModule/Bdo.php

@@ -10,12 +10,12 @@ require_once 'HTMLPurifier/AttrTransform/BdoDir.php';
 class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
 {
     
-    var $name = 'Bdo';
+    public $name = 'Bdo';
-    var $attr_collections = array(
+    public $attr_collections = array(
         'I18N' => array('dir' => false)
     );
     
-    function HTMLPurifier_HTMLModule_Bdo() {
+    public function HTMLPurifier_HTMLModule_Bdo() {
         $bdo =& $this->addElement(
             'bdo', true, 'Inline', 'Inline', array('Core', 'Lang'),
             array(

library/HTMLPurifier/HTMLModule/CommonAttributes.php

@@ -4,9 +4,9 @@ require_once 'HTMLPurifier/HTMLModule.php';
 
 class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
 {
-    var $name = 'CommonAttributes';
+    public $name = 'CommonAttributes';
     
-    var $attr_collections = array(
+    public $attr_collections = array(
         'Core' => array(
             0 => array('Style'),
             // 'xml:space' => false,

library/HTMLPurifier/HTMLModule/Edit.php

@@ -10,9 +10,9 @@ require_once 'HTMLPurifier/ChildDef/Chameleon.php';
 class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
 {
     
-    var $name = 'Edit';
+    public $name = 'Edit';
     
-    function HTMLPurifier_HTMLModule_Edit() {
+    public function HTMLPurifier_HTMLModule_Edit() {
         $contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow';
         $attr = array(
             'cite' => 'URI',
@@ -29,8 +29,8 @@ class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
     // Inline context ! Block context (exclamation mark is
     // separator, see getChildDef for parsing)
     
-    var $defines_child_def = true;
+    public $defines_child_def = true;
-    function getChildDef($def) {
+    public function getChildDef($def) {
         if ($def->content_model_type != 'chameleon') return false;
         $value = explode('!', $def->content_model);
         return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);

library/HTMLPurifier/HTMLModule/Hypertext.php

@@ -9,9 +9,9 @@ require_once 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
 class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
 {
     
-    var $name = 'Hypertext';
+    public $name = 'Hypertext';
     
-    function HTMLPurifier_HTMLModule_Hypertext() {
+    public function HTMLPurifier_HTMLModule_Hypertext() {
         $a =& $this->addElement(
             'a', true, 'Inline', 'Inline', 'Common',
             array(