0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00

[3.1.0] Split out VarParser from ConfigSchema

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1601 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-03-04 15:06:00 +00:00
parent b9eb44bf03
commit 7480e7b956
9 changed files with 257 additions and 183 deletions

3
NEWS
View File

@ -68,7 +68,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Smoketests now cleanup after magic quotes
. Generator now can output comments (however, comments are still stripped
from HTML Purifier output)
. substr_count PHP4 compatibility cludge removed
. HTMLPurifier_ConfigSchema->validate() deprecated in favor of
HTMLPurifier_VarParser->parse()
3.0.0, released 2008-01-06
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained

View File

@ -66,6 +66,8 @@ require 'HTMLPurifier/URIFilter.php';
require 'HTMLPurifier/URIParser.php';
require 'HTMLPurifier/URIScheme.php';
require 'HTMLPurifier/URISchemeRegistry.php';
require 'HTMLPurifier/VarParser.php';
require 'HTMLPurifier/VarParserException.php';
require 'HTMLPurifier/AttrDef/CSS.php';
require 'HTMLPurifier/AttrDef/Enum.php';
require 'HTMLPurifier/AttrDef/Integer.php';

View File

@ -46,6 +46,11 @@ class HTMLPurifier_Config
*/
protected $conf;
/**
* Parser for variables
*/
protected $parser;
/**
* Reference HTMLPurifier_ConfigSchema for value checking
* @note This is public for introspective purposes. Please don't
@ -70,6 +75,7 @@ class HTMLPurifier_Config
public function __construct(&$definition) {
$this->conf = $definition->defaults; // set up, copy in defaults
$this->def = $definition; // keep a copy around for checking
$this->parser = new HTMLPurifier_VarParser();
}
/**
@ -200,11 +206,16 @@ class HTMLPurifier_Config
$value, true);
return;
}
$value = $this->def->validate(
try {
$value = $this->parser->parse(
$value,
$type = $this->def->info[$namespace][$key]->type,
$this->def->info[$namespace][$key]->allow_null
);
} catch (HTMLPurifier_VarParserException $e) {
trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . $type, E_USER_WARNING);
return;
}
if (is_string($value)) {
// resolve value alias if defined
if (isset($this->def->info[$namespace][$key]->aliases[$value])) {
@ -219,10 +230,6 @@ class HTMLPurifier_Config
}
}
}
if ($this->def->isError($value)) {
trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . $type, E_USER_WARNING);
return;
}
$this->conf[$namespace][$key] = $value;
// reset definitions if the directives they depend on changed

View File

@ -28,6 +28,11 @@ class HTMLPurifier_ConfigSchema {
*/
static protected $singleton;
/**
* Variable parser.
*/
protected $parser;
/**
* Lookup table of allowed types.
*/
@ -45,6 +50,10 @@ class HTMLPurifier_ConfigSchema {
'mixed' => 'Mixed'
);
public function __construct() {
$this->parser = new HTMLPurifier_VarParser();
}
/**
* Unserializes the default ConfigSchema.
*/
@ -127,8 +136,9 @@ class HTMLPurifier_ConfigSchema {
E_USER_ERROR);
return;
}
$default = $this->validate($default, $type, $allow_null);
if ($this->isError($default)) {
try {
$default = $this->parser->parse($default, $type, $allow_null);
} catch (HTMLPurifier_VarParserException $e) {
trigger_error('Default value does not match directive type',
E_USER_ERROR);
return;
@ -298,99 +308,6 @@ class HTMLPurifier_ConfigSchema {
$this->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
}
/**
* Validate a variable according to type. Return null if invalid.
* @todo Consider making protected
*/
public function validate($var, $type, $allow_null = false) {
if (!isset($this->types[$type])) {
trigger_error('Invalid type', E_USER_ERROR);
return;
}
if ($allow_null && $var === null) return null;
switch ($type) {
case 'mixed':
//if (is_string($var)) $var = unserialize($var);
return $var;
case 'istring':
case 'string':
case 'text': // no difference, just is longer/multiple line string
case 'itext':
if (!is_string($var)) break;
if ($type === 'istring' || $type === 'itext') $var = strtolower($var);
return $var;
case 'int':
if (is_string($var) && ctype_digit($var)) $var = (int) $var;
elseif (!is_int($var)) break;
return $var;
case 'float':
if (is_string($var) && is_numeric($var)) $var = (float) $var;
elseif (!is_float($var)) break;
return $var;
case 'bool':
if (is_int($var) && ($var === 0 || $var === 1)) {
$var = (bool) $var;
} elseif (is_string($var)) {
if ($var == 'on' || $var == 'true' || $var == '1') {
$var = true;
} elseif ($var == 'off' || $var == 'false' || $var == '0') {
$var = false;
} else {
break;
}
} elseif (!is_bool($var)) break;
return $var;
case 'list':
case 'hash':
case 'lookup':
if (is_string($var)) {
// special case: technically, this is an array with
// a single empty string item, but having an empty
// array is more intuitive
if ($var == '') return array();
if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
// simplistic string to array method that only works
// for simple lists of tag names or alphanumeric characters
$var = explode(',',$var);
} else {
$var = preg_split('/(,|[\n\r]+)/', $var);
}
// remove spaces
foreach ($var as $i => $j) $var[$i] = trim($j);
if ($type === 'hash') {
// key:value,key2:value2
$nvar = array();
foreach ($var as $keypair) {
$c = explode(':', $keypair, 2);
if (!isset($c[1])) continue;
$nvar[$c[0]] = $c[1];
}
$var = $nvar;
}
}
if (!is_array($var)) break;
$keys = array_keys($var);
if ($keys === array_keys($keys)) {
if ($type == 'list') return $var;
elseif ($type == 'lookup') {
$new = array();
foreach ($var as $key) {
$new[$key] = true;
}
return $new;
} else break;
}
if ($type === 'lookup') {
foreach ($var as $key => $value) {
$var[$key] = true;
}
}
return $var;
}
$error = new HTMLPurifier_Error();
return $error;
}
/**
* Takes an absolute path and munges it into a more manageable relative path
* @todo Consider making protected
@ -414,6 +331,13 @@ class HTMLPurifier_ConfigSchema {
if (!($var instanceof HTMLPurifier_Error)) return false;
return true;
}
/** @deprecated, use HTMLPurifier_VarParser->parse() */
public function validate($a, $b, $c = false) {
trigger_error("HTMLPurifier_ConfigSchema->validate deprecated, use HTMLPurifier_VarParser->parse instead", E_USER_NOTICE);
return $this->parser->parse($a, $b, $c);
}
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,124 @@
<?php
/**
* Parses string representations into their corresponding native PHP
* variable type.
*/
class HTMLPurifier_VarParser
{
/**
* Lookup table of allowed types.
*/
public $types = array(
'string' => true,
'istring' => true,
'text' => true,
'itext' => true,
'int' => true,
'float' => true,
'bool' => true,
'lookup' => true,
'list' => true,
'hash' => true,
'mixed' => true
);
/**
* Validate a variable according to type. Throws exception if invalid.
* It may return NULL as a valid type.
*/
public function parse($var, $type, $allow_null = false) {
if (!isset($this->types[$type])) {
throw new HTMLPurifier_VarParserException("Invalid type $type");
}
if ($allow_null && $var === null) return null;
switch ($type) {
// Note: if code "breaks" from the switch, it triggers a generic
// exception to be thrown. Specific errors can be specifically
// done here.
case 'mixed':
//if (is_string($var)) $var = unserialize($var);
return $var;
case 'istring':
case 'string':
case 'text': // no difference, just is longer/multiple line string
case 'itext':
if (!is_string($var)) break;
if ($type === 'istring' || $type === 'itext') $var = strtolower($var);
return $var;
case 'int':
if (is_string($var) && ctype_digit($var)) $var = (int) $var;
elseif (!is_int($var)) break;
return $var;
case 'float':
if (is_string($var) && is_numeric($var)) $var = (float) $var;
elseif (!is_float($var)) break;
return $var;
case 'bool':
if (is_int($var) && ($var === 0 || $var === 1)) {
$var = (bool) $var;
} elseif (is_string($var)) {
if ($var == 'on' || $var == 'true' || $var == '1') {
$var = true;
} elseif ($var == 'off' || $var == 'false' || $var == '0') {
$var = false;
} else {
throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
}
} elseif (!is_bool($var)) break;
return $var;
case 'list':
case 'hash':
case 'lookup':
if (is_string($var)) {
// special case: technically, this is an array with
// a single empty string item, but having an empty
// array is more intuitive
if ($var == '') return array();
if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
// simplistic string to array method that only works
// for simple lists of tag names or alphanumeric characters
$var = explode(',',$var);
} else {
$var = preg_split('/(,|[\n\r]+)/', $var);
}
// remove spaces
foreach ($var as $i => $j) $var[$i] = trim($j);
if ($type === 'hash') {
// key:value,key2:value2
$nvar = array();
foreach ($var as $keypair) {
$c = explode(':', $keypair, 2);
if (!isset($c[1])) continue;
$nvar[$c[0]] = $c[1];
}
$var = $nvar;
}
}
if (!is_array($var)) break;
$keys = array_keys($var);
if ($keys === array_keys($keys)) {
if ($type == 'list') return $var;
elseif ($type == 'lookup') {
$new = array();
foreach ($var as $key) {
$new[$key] = true;
}
return $new;
} else break;
}
if ($type === 'lookup') {
foreach ($var as $key => $value) {
$var[$key] = true;
}
}
return $var;
default:
// This should not happen!
throw new HTMLPurifier_Exception("Inconsistency in HTMLPurifier_VarParser: $type is not implemented");
}
throw new HTMLPurifier_VarParserException("Invalid input for type $type");
}
}

View File

@ -0,0 +1,9 @@
<?php
/**
* Exception type for HTMLPurifier_VarParser
*/
class HTMLPurifier_VarParserException extends HTMLPurifier_Exception
{
}

View File

@ -180,82 +180,5 @@ class HTMLPurifier_ConfigSchemaTest extends HTMLPurifier_Harness
$this->schema->addAlias('Home', 'Rug2', 'Home', 'Carpet');
}
function assertValid($var, $type, $ret = null) {
$ret = ($ret === null) ? $var : $ret;
$this->assertIdentical($this->schema->validate($var, $type), $ret);
}
function assertInvalid($var, $type) {
$this->assertTrue(
$this->schema->isError(
$this->schema->validate($var, $type)
)
);
}
function testValidate() {
$this->assertValid('foobar', 'string');
$this->assertValid('foobar', 'text'); // aliases, lstring = long string
$this->assertValid('FOOBAR', 'istring', 'foobar');
$this->assertValid('FOOBAR', 'itext', 'foobar');
$this->assertValid(34, 'int');
$this->assertValid(3.34, 'float');
$this->assertValid(false, 'bool');
$this->assertValid(0, 'bool', false);
$this->assertValid(1, 'bool', true);
$this->assertValid('true', 'bool', true);
$this->assertValid('false', 'bool', false);
$this->assertValid('1', 'bool', true);
$this->assertInvalid(34, 'bool');
$this->assertInvalid(null, 'bool');
$this->assertValid(array('1', '2', '3'), 'list');
$this->assertValid('foo,bar, cow', 'list', array('foo', 'bar', 'cow'));
$this->assertValid('', 'list', array());
$this->assertValid("foo\nbar", 'list', array('foo', 'bar'));
$this->assertValid("foo\nbar,baz", 'list', array('foo', 'bar', 'baz'));
$this->assertValid(array('1' => true, '2' => true), 'lookup');
$this->assertValid(array('1', '2'), 'lookup', array('1' => true, '2' => true));
$this->assertValid('foo,bar', 'lookup', array('foo' => true, 'bar' => true));
$this->assertValid("foo\nbar", 'lookup', array('foo' => true, 'bar' => true));
$this->assertValid("foo\nbar,baz", 'lookup', array('foo' => true, 'bar' => true, 'baz' => true));
$this->assertValid('', 'lookup', array());
$this->assertValid(array(), 'lookup');
$this->assertValid(array('foo' => 'bar'), 'hash');
$this->assertValid(array(1 => 'moo'), 'hash');
$this->assertInvalid(array(0 => 'moo'), 'hash');
$this->assertValid('', 'hash', array());
$this->assertValid('foo:bar,too:two', 'hash', array('foo' => 'bar', 'too' => 'two'));
$this->assertValid("foo:bar\ntoo:two,three:free", 'hash', array('foo' => 'bar', 'too' => 'two', 'three' => 'free'));
$this->assertValid('foo:bar,too', 'hash', array('foo' => 'bar'));
$this->assertValid('foo:bar,', 'hash', array('foo' => 'bar'));
$this->assertValid('foo:bar:baz', 'hash', array('foo' => 'bar:baz'));
$this->assertValid(23, 'mixed');
}
function testValidate_null() {
$this->assertTrue(
$this->schema->isError(
$this->schema->validate(null, 'string', false)
)
);
$this->assertFalse(
$this->schema->isError(
$this->schema->validate(null, 'string', true)
)
);
}
}

View File

@ -0,0 +1,84 @@
<?php
class HTMLPurifier_VarParserTest extends UnitTestCase
{
protected $parser;
public function setup() {
$this->parser = new HTMLPurifier_VarParser();
}
function assertValid($var, $type, $ret = null) {
$ret = ($ret === null) ? $var : $ret;
$this->assertIdentical($this->parser->parse($var, $type), $ret);
}
function assertInvalid($var, $type, $msg = null) {
$caught = false;
try {
$this->parser->parse($var, $type);
} catch (HTMLPurifier_VarParserException $e) {
$caught = true;
if ($msg !== null) $this->assertIdentical($e->getMessage(), $msg);
}
if (!$caught) {
$this->fail('Did not catch expected error');
}
}
function testValidate() {
$this->assertValid('foobar', 'string');
$this->assertValid('foobar', 'text'); // aliases, lstring = long string
$this->assertValid('FOOBAR', 'istring', 'foobar');
$this->assertValid('FOOBAR', 'itext', 'foobar');
$this->assertValid(34, 'int');
$this->assertValid(3.34, 'float');
$this->assertValid(false, 'bool');
$this->assertValid(0, 'bool', false);
$this->assertValid(1, 'bool', true);
$this->assertValid('true', 'bool', true);
$this->assertValid('false', 'bool', false);
$this->assertValid('1', 'bool', true);
$this->assertInvalid(34, 'bool');
$this->assertInvalid(null, 'bool');
$this->assertValid(array('1', '2', '3'), 'list');
$this->assertValid('foo,bar, cow', 'list', array('foo', 'bar', 'cow'));
$this->assertValid('', 'list', array());
$this->assertValid("foo\nbar", 'list', array('foo', 'bar'));
$this->assertValid("foo\nbar,baz", 'list', array('foo', 'bar', 'baz'));
$this->assertValid(array('1' => true, '2' => true), 'lookup');
$this->assertValid(array('1', '2'), 'lookup', array('1' => true, '2' => true));
$this->assertValid('foo,bar', 'lookup', array('foo' => true, 'bar' => true));
$this->assertValid("foo\nbar", 'lookup', array('foo' => true, 'bar' => true));
$this->assertValid("foo\nbar,baz", 'lookup', array('foo' => true, 'bar' => true, 'baz' => true));
$this->assertValid('', 'lookup', array());
$this->assertValid(array(), 'lookup');
$this->assertValid(array('foo' => 'bar'), 'hash');
$this->assertValid(array(1 => 'moo'), 'hash');
$this->assertInvalid(array(0 => 'moo'), 'hash');
$this->assertValid('', 'hash', array());
$this->assertValid('foo:bar,too:two', 'hash', array('foo' => 'bar', 'too' => 'two'));
$this->assertValid("foo:bar\ntoo:two,three:free", 'hash', array('foo' => 'bar', 'too' => 'two', 'three' => 'free'));
$this->assertValid('foo:bar,too', 'hash', array('foo' => 'bar'));
$this->assertValid('foo:bar,', 'hash', array('foo' => 'bar'));
$this->assertValid('foo:bar:baz', 'hash', array('foo' => 'bar:baz'));
$this->assertValid(23, 'mixed');
}
function testValidate_null() {
$this->assertIdentical($this->parser->parse(null, 'string', true), null);
$this->expectException('HTMLPurifier_VarParserException');
$this->parser->parse(null, 'string', false);
}
}