[3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties

- Fix broken ConfigSchema build, as well as broken aliases
- Remove another advisory property from runtime ConfigSchema classes
- Reorder flush script to more accurately reflect dependencies
- Remove some aliases from unit tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1635 48356398-32a2-884e-a903-53898d9a118a

NEWS

@@ -36,6 +36,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception.
   Developer error (not enduser error) can cause these to be triggered.
 ! Experimental kses() wrapper introduced with HTMLPurifier.kses.php
+! Finally %CSS.AllowedProperties for tweaking allowed CSS properties without
+  mucking around with HTMLPurifier_CSSDefinition
 - Autoclose now operates iteratively, i.e. <span><span><div> now has
   both span tags closed.
 - Various HTMLPurifier_Config convenience functions now accept another parameter
@@ -75,7 +77,9 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 . HTMLPurifier_ConfigSchema->validate() deprecated in favor of
   HTMLPurifier_VarParser->parse()
 . Integers auto-cast into float type by VarParser.
-. HTMLPURIFIER_STRICT
+. HTMLPURIFIER_STRICT removed; no validation is performed on runtime, only 
+  during cache generation
+. Reordered script calls in maintenance/flush.php
 
 3.0.0, released 2008-01-06
 # HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained

TODO

@@ -27,6 +27,10 @@ DOCUMENTATION
 IMPORTANT FEATURES
  - Get everything into configuration objects (filters, I'm looking at you)
  - Factor out command line parser into its own class, and unit test it
+ - Verbose mode for webtester that includes transcript from command line
+ - Command line maintenance scripts must complain with exit(1) if there are
+   fatal errors
+ - Emit notices when aliases are used (allow muting these errors)
 
 CONFIGDOC
  - Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS

library/HTMLPurifier/CSSDefinition.php

@@ -212,6 +212,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
         }
         
+        $this->setupConfigStuff($config);
     }
     
     protected function doSetupProprietary($config) {
@@ -245,5 +246,32 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         ));
     }
     
+    
+    /**
+     * Performs extra config-based processing. Based off of
+     * HTMLPurifier_HTMLDefinition.
+     * @todo Refactor duplicate elements into common class (probably using
+     *       composition, not inheritance).
+     */
+    protected function setupConfigStuff($config) {
+        
+        // setup allowed elements
+        $support = "(for information on implementing this, see the ".
+                   "support forums) ";
+        $allowed_attributes = $config->get('CSS', 'AllowedProperties');
+        if ($allowed_attributes !== null) {
+            foreach ($this->info as $name => $d) {
+                if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
+                unset($allowed_attributes[$name]);
+            }
+            // emit errors
+            foreach ($allowed_attributes as $name => $d) {
+                // :TODO: Is this htmlspecialchars() call really necessary?
+                $name = htmlspecialchars($name);
+                trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
+            }
+        }
+        
+    }
 }
 

library/HTMLPurifier/ConfigDef/Directive.php

@@ -51,11 +51,5 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
      */
     public $aliases = array();
     
-    /**
-     * Advisory list of directive aliases, i.e. other directives that
-     * redirect here
-     */
-    public $directiveAliases = array();
-    
 }
 

library/HTMLPurifier/ConfigSchema.php

@@ -118,7 +118,6 @@ class HTMLPurifier_ConfigSchema {
      */
     public function addAlias($namespace, $name, $new_namespace, $new_name) {
         $this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name);
-        $this->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
     }
     
     // DEPRECATED METHODS

library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php

@@ -9,10 +9,10 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
     
     public function build($interchange) {
         $schema = new HTMLPurifier_ConfigSchema();
-        foreach ($this->namespaces as $n) {
+        foreach ($interchange->namespaces as $n) {
             $schema->addNamespace($n->namespace);
         }
-        foreach ($this->directives as $d) {
+        foreach ($interchange->directives as $d) {
             $schema->add(
                 $d->id->namespace,
                 $d->id->directive,
@@ -29,8 +29,8 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
             }
             foreach ($d->aliases as $alias) {
                 $schema->addAlias(
-                    $alias->id->namespace,
-                    $alias->id->directive,
+                    $alias->namespace,
+                    $alias->directive,
                     $d->id->namespace,
                     $d->id->directive
                 );
@@ -43,6 +43,7 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
                 );
             }
         }
+        return $schema;
     }
     
 }

library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt

@@ -0,0 +1,17 @@
+CSS.AllowedProperties
+TYPE: lookup/null
+VERSION: 3.1.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    If HTML Purifier's style attributes set is unsatisfactory for your needs, 
+    you can overload it with your own list of tags to allow.  Note that this 
+    method is subtractive: it does its job by taking away from HTML Purifier 
+    usual feature set, so you cannot add an attribute that HTML Purifier never 
+    supported in the first place.
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the 
+    elements here, <em>that</em> directive will win and override. 
+</p>

library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocksScope.txt

@@ -1,5 +1,5 @@
 Filter.ExtractStyleBlocksScope
-TYPE: string
+TYPE: string/null
 VERSION: 3.0.0
 DEFAULT: NULL
 --DESCRIPTION--

library/HTMLPurifier/HTMLDefinition.php

@@ -252,6 +252,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
             }
             // emit errors
             foreach ($allowed_elements as $element => $d) {
+                // :TODO: Is this htmlspecialchars() call really necessary?
                 $element = htmlspecialchars($element);
                 trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
             }
@@ -283,6 +284,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
             // emit errors
             foreach ($allowed_attributes_mutable as $elattr => $d) {
                 list($element, $attribute) = explode('.', $elattr);
+                // :TODO: Is this htmlspecialchars() call really necessary?
                 $element = htmlspecialchars($element);
                 $attribute = htmlspecialchars($attribute);
                 if ($element == '*') {

maintenance/flush.php

@@ -18,6 +18,6 @@ function e($cmd) {
 }
 
 e('php generate-includes.php');
-e('php flush-definition-cache.php');
 e('php generate-schema-cache.php');
+e('php flush-definition-cache.php');
 e('php generate-standalone.php');

tests/HTMLPurifier/DefinitionCacheFactoryTest.php

@@ -45,21 +45,21 @@ class HTMLPurifier_DefinitionCacheFactoryTest extends HTMLPurifier_Harness
     }
     
     function test_create_invalid() {
-        $this->config->set('Core', 'DefinitionCache', 'Invalid');
+        $this->config->set('Cache', 'DefinitionImpl', 'Invalid');
         $this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead');
         $cache = $this->factory->create('Test', $this->config);
         $this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer');
     }
     
     function test_null() {
-        $this->config->set('Core', 'DefinitionCache', null);
+        $this->config->set('Cache', 'DefinitionImpl', null);
         $cache = $this->factory->create('Test', $this->config);
         $this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test'));
     }
     
     function test_register() {
         generate_mock_once('HTMLPurifier_DefinitionCache');
-        $this->config->set('Core', 'DefinitionCache', 'TestCache');
+        $this->config->set('Cache', 'DefinitionImpl', 'TestCache');
         $this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock');
         $cache = $this->factory->create('Test', $this->config);
         $this->assertIsA($cache, $class);

tests/HTMLPurifierTest.php

@@ -53,6 +53,23 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
         
     }
     
+    function testDifferentAllowedCSSProperties() {
+        
+        $this->purifier = new HTMLPurifier(array(
+            'CSS.AllowedProperties' => array('color', 'background-color')
+        ));
+        
+        $this->assertPurification(
+            '<div style="color:#f00;background-color:#ded;">red</div>'
+        );
+        
+        $this->assertPurification(
+            '<div style="color:#f00;border:1px solid #000">red</div>',
+            '<div style="color:#f00;">red</div>'
+        );
+        
+    }
+    
     function testDisableURI() {
         
         $this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );