mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Fix problem where stacked AttrTransforms clobber each other.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
parent
9fcffd6533
commit
7291f19347
4
NEWS
4
NEWS
@ -10,6 +10,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
==========================
|
==========================
|
||||||
|
|
||||||
4.5.0, unknown release date
|
4.5.0, unknown release date
|
||||||
|
# Fix bug where stacked attribute transforms clobber each other;
|
||||||
|
this also means it's no longer possible to override attribute
|
||||||
|
transforms in later modules. No internal code was using this
|
||||||
|
but this may break some clients.
|
||||||
|
|
||||||
4.4.0, released 2012-01-18
|
4.4.0, released 2012-01-18
|
||||||
# Removed PEARSax3 handler.
|
# Removed PEARSax3 handler.
|
||||||
|
|||||||
@ -254,7 +254,7 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="URI.">
|
<directive id="URI.">
|
||||||
<file name="HTMLPurifier/URIDefinition.php">
|
<file name="HTMLPurifier/URIDefinition.php">
|
||||||
<line>59</line>
|
<line>60</line>
|
||||||
</file>
|
</file>
|
||||||
<file name="HTMLPurifier/URIFilter/Munge.php">
|
<file name="HTMLPurifier/URIFilter/Munge.php">
|
||||||
<line>12</line>
|
<line>12</line>
|
||||||
@ -262,7 +262,7 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="URI.Host">
|
<directive id="URI.Host">
|
||||||
<file name="HTMLPurifier/URIDefinition.php">
|
<file name="HTMLPurifier/URIDefinition.php">
|
||||||
<line>69</line>
|
<line>70</line>
|
||||||
</file>
|
</file>
|
||||||
<file name="HTMLPurifier/URIScheme.php">
|
<file name="HTMLPurifier/URIScheme.php">
|
||||||
<line>81</line>
|
<line>81</line>
|
||||||
@ -270,12 +270,12 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="URI.Base">
|
<directive id="URI.Base">
|
||||||
<file name="HTMLPurifier/URIDefinition.php">
|
<file name="HTMLPurifier/URIDefinition.php">
|
||||||
<line>70</line>
|
<line>71</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="URI.DefaultScheme">
|
<directive id="URI.DefaultScheme">
|
||||||
<file name="HTMLPurifier/URIDefinition.php">
|
<file name="HTMLPurifier/URIDefinition.php">
|
||||||
<line>77</line>
|
<line>78</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="URI.AllowedSchemes">
|
<directive id="URI.AllowedSchemes">
|
||||||
|
|||||||
@ -30,13 +30,25 @@ class HTMLPurifier_ElementDef
|
|||||||
*/
|
*/
|
||||||
public $attr = array();
|
public $attr = array();
|
||||||
|
|
||||||
|
// XXX: Design note: currently, it's not possible to override
|
||||||
|
// previously defined AttrTransforms without messing around with
|
||||||
|
// the final generated config. This is by design; a previous version
|
||||||
|
// used an associated list of attr_transform, but it was extremely
|
||||||
|
// easy to accidentally override other attribute transforms by
|
||||||
|
// forgetting to specify an index (and just using 0.) While we
|
||||||
|
// could check this by checking the index number and complaining,
|
||||||
|
// there is a second problem which is that it is not at all easy to
|
||||||
|
// tell when something is getting overridden. Combine this with a
|
||||||
|
// codebase where this isn't really being used, and it's perfect for
|
||||||
|
// nuking.
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Indexed list of tag's HTMLPurifier_AttrTransform to be done before validation
|
* List of tags HTMLPurifier_AttrTransform to be done before validation
|
||||||
*/
|
*/
|
||||||
public $attr_transform_pre = array();
|
public $attr_transform_pre = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Indexed list of tag's HTMLPurifier_AttrTransform to be done after validation
|
* List of tags HTMLPurifier_AttrTransform to be done after validation
|
||||||
*/
|
*/
|
||||||
public $attr_transform_post = array();
|
public $attr_transform_post = array();
|
||||||
|
|
||||||
@ -144,9 +156,9 @@ class HTMLPurifier_ElementDef
|
|||||||
}
|
}
|
||||||
$this->attr[$k] = $v;
|
$this->attr[$k] = $v;
|
||||||
}
|
}
|
||||||
$this->_mergeAssocArray($this->attr_transform_pre, $def->attr_transform_pre);
|
|
||||||
$this->_mergeAssocArray($this->attr_transform_post, $def->attr_transform_post);
|
|
||||||
$this->_mergeAssocArray($this->excludes, $def->excludes);
|
$this->_mergeAssocArray($this->excludes, $def->excludes);
|
||||||
|
$this->attr_transform_pre = array_merge($this->attr_transform_pre, $def->attr_transform_pre);
|
||||||
|
$this->attr_transform_post = array_merge($this->attr_transform_post, $def->attr_transform_post);
|
||||||
|
|
||||||
if(!empty($def->content_model)) {
|
if(!empty($def->content_model)) {
|
||||||
$this->content_model =
|
$this->content_model =
|
||||||
|
|||||||
@ -21,7 +21,7 @@ class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
|
|||||||
// inclusions wrong for bdo: bdo allows Lang
|
// inclusions wrong for bdo: bdo allows Lang
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir();
|
$bdo->attr_transform_post[] = new HTMLPurifier_AttrTransform_BdoDir();
|
||||||
|
|
||||||
$this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl';
|
$this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,7 +11,7 @@ class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
|
|||||||
$element = $this->addBlankElement($name);
|
$element = $this->addBlankElement($name);
|
||||||
$element->attr['name'] = 'CDATA';
|
$element->attr['name'] = 'CDATA';
|
||||||
if (!$config->get('HTML.Attr.Name.UseCDATA')) {
|
if (!$config->get('HTML.Attr.Name.UseCDATA')) {
|
||||||
$element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync();
|
$element->attr_transform_post[] = new HTMLPurifier_AttrTransform_NameSync();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -45,8 +45,8 @@ class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
|
|||||||
);
|
);
|
||||||
$this->info['script']->content_model = '#PCDATA';
|
$this->info['script']->content_model = '#PCDATA';
|
||||||
$this->info['script']->content_model_type = 'optional';
|
$this->info['script']->content_model_type = 'optional';
|
||||||
$this->info['script']->attr_transform_pre['type'] =
|
$this->info['script']->attr_transform_pre[] =
|
||||||
$this->info['script']->attr_transform_post['type'] =
|
$this->info['script']->attr_transform_post[] =
|
||||||
new HTMLPurifier_AttrTransform_ScriptRequired();
|
new HTMLPurifier_AttrTransform_ScriptRequired();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,12 +22,16 @@ class HTMLPurifier_ElementDefTest extends HTMLPurifier_Harness
|
|||||||
'overloaded-attr' => $overloaded_old,
|
'overloaded-attr' => $overloaded_old,
|
||||||
'removed-attr' => $removed,
|
'removed-attr' => $removed,
|
||||||
);
|
);
|
||||||
|
/*
|
||||||
$def1->attr_transform_pre =
|
$def1->attr_transform_pre =
|
||||||
$def1->attr_transform_post = array(
|
$def1->attr_transform_post = array(
|
||||||
'old-transform' => $old,
|
'old-transform' => $old,
|
||||||
'overloaded-transform' => $overloaded_old,
|
'overloaded-transform' => $overloaded_old,
|
||||||
'removed-transform' => $removed,
|
'removed-transform' => $removed,
|
||||||
);
|
);
|
||||||
|
*/
|
||||||
|
$def1->attr_transform_pre[] = $old;
|
||||||
|
$def1->attr_transform_post[] = $old;
|
||||||
$def1->child = $overloaded_old;
|
$def1->child = $overloaded_old;
|
||||||
$def1->content_model = 'old';
|
$def1->content_model = 'old';
|
||||||
$def1->content_model_type = $overloaded_old;
|
$def1->content_model_type = $overloaded_old;
|
||||||
@ -44,12 +48,16 @@ class HTMLPurifier_ElementDefTest extends HTMLPurifier_Harness
|
|||||||
'overloaded-attr' => $overloaded_new,
|
'overloaded-attr' => $overloaded_new,
|
||||||
'removed-attr' => false,
|
'removed-attr' => false,
|
||||||
);
|
);
|
||||||
|
/*
|
||||||
$def2->attr_transform_pre =
|
$def2->attr_transform_pre =
|
||||||
$def2->attr_transform_post = array(
|
$def2->attr_transform_post = array(
|
||||||
'new-transform' => $new,
|
'new-transform' => $new,
|
||||||
'overloaded-transform' => $overloaded_new,
|
'overloaded-transform' => $overloaded_new,
|
||||||
'removed-transform' => false,
|
'removed-transform' => false,
|
||||||
);
|
);
|
||||||
|
*/
|
||||||
|
$def2->attr_transform_pre[] = $new;
|
||||||
|
$def2->attr_transform_post[] = $new;
|
||||||
$def2->child = $new;
|
$def2->child = $new;
|
||||||
$def2->content_model = '#SUPER | new';
|
$def2->content_model = '#SUPER | new';
|
||||||
$def2->content_model_type = $overloaded_new;
|
$def2->content_model_type = $overloaded_new;
|
||||||
@ -70,11 +78,14 @@ class HTMLPurifier_ElementDefTest extends HTMLPurifier_Harness
|
|||||||
'new-attr' => $new,
|
'new-attr' => $new,
|
||||||
));
|
));
|
||||||
$this->assertIdentical($def1->attr_transform_pre, $def1->attr_transform_post);
|
$this->assertIdentical($def1->attr_transform_pre, $def1->attr_transform_post);
|
||||||
|
$this->assertIdentical($def1->attr_transform_pre, array($old, $new));
|
||||||
|
/*
|
||||||
$this->assertIdentical($def1->attr_transform_pre, array(
|
$this->assertIdentical($def1->attr_transform_pre, array(
|
||||||
'old-transform' => $old,
|
'old-transform' => $old,
|
||||||
'overloaded-transform' => $overloaded_new,
|
'overloaded-transform' => $overloaded_new,
|
||||||
'new-transform' => $new,
|
'new-transform' => $new,
|
||||||
));
|
));
|
||||||
|
*/
|
||||||
$this->assertIdentical($def1->child, $new);
|
$this->assertIdentical($def1->child, $new);
|
||||||
$this->assertIdentical($def1->content_model, 'old | new');
|
$this->assertIdentical($def1->content_model, 'old | new');
|
||||||
$this->assertIdentical($def1->content_model_type, $overloaded_new);
|
$this->assertIdentical($def1->content_model_type, $overloaded_new);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user