mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-09-18 18:25:18 +00:00
[3.1.0] Extend scanner to catch $this->config; chmod new directories from Serializer. I'm not exactly sure what the implications of the bugfix are, but hopefully it won't blow up.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1708 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
parent
e0c0d8eab6
commit
77ce3e8b4a
1
NEWS
1
NEWS
@ -46,6 +46,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
|
||||
of DOM), HTML Purifier punts to DirectLex
|
||||
- Fatal error with unserialization of ScriptRequired
|
||||
- Created directories are now chmod'ed properly
|
||||
. Out-of-date documentation revised
|
||||
. UTF-8 encoding check optimization as suggested by Diego
|
||||
. HTMLPurifier_Error removed in favor of exceptions
|
||||
|
||||
6
TODO
6
TODO
@ -11,12 +11,6 @@ If no interest is expressed for a feature that may require a considerable
|
||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||
afraid to cast your vote for the next feature to be implemented!
|
||||
|
||||
- Figure out what to do with $this->config configuration object calls
|
||||
in the scanner
|
||||
- Quick optimizations for empty strings and strings without HTML (make sure
|
||||
%HTML.Parent is accounted for) - Denis
|
||||
- Ensure cache files by Serializer are chmod'ed properly - Denis
|
||||
|
||||
FUTURE VERSIONS
|
||||
---------------
|
||||
|
||||
|
||||
@ -94,6 +94,16 @@
|
||||
<line>41</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.TidyFormat">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>70</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.Newline">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>84</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="HTML.BlockWrapper">
|
||||
<file name="HTMLPurifier/HTMLDefinition.php">
|
||||
<line>213</line>
|
||||
|
||||
@ -100,18 +100,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
* @return Number of bytes written if success, or false if failure.
|
||||
*/
|
||||
private function _write($file, $data) {
|
||||
static $file_put_contents;
|
||||
if ($file_put_contents === null) {
|
||||
$file_put_contents = function_exists('file_put_contents');
|
||||
}
|
||||
if ($file_put_contents) {
|
||||
return file_put_contents($file, $data);
|
||||
}
|
||||
$fh = fopen($file, 'w');
|
||||
if (!$fh) return false;
|
||||
$status = fwrite($fh, $data);
|
||||
fclose($fh);
|
||||
return $status;
|
||||
return file_put_contents($file, $data);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -130,7 +119,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
||||
} elseif (!$this->_testPermissions($base)) {
|
||||
return false;
|
||||
}
|
||||
$old = umask(0022); // disable group and world writes
|
||||
mkdir($directory);
|
||||
umask($old);
|
||||
} elseif (!$this->_testPermissions($directory)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -29,7 +29,7 @@ class HTMLPurifier_Generator
|
||||
/**
|
||||
* Configuration for the generator
|
||||
*/
|
||||
private $_config;
|
||||
protected $config;
|
||||
|
||||
/**
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
@ -37,7 +37,7 @@ class HTMLPurifier_Generator
|
||||
*/
|
||||
public function __construct($config = null, $context = null) {
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
$this->_config = $config;
|
||||
$this->config = $config;
|
||||
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
||||
$this->_def = $config->getHTMLDefinition();
|
||||
$this->_xhtml = $this->_def->doctype->xml;
|
||||
@ -67,7 +67,7 @@ class HTMLPurifier_Generator
|
||||
}
|
||||
|
||||
// Tidy cleanup
|
||||
if (extension_loaded('tidy') && $this->_config->get('Output', 'TidyFormat')) {
|
||||
if (extension_loaded('tidy') && $this->config->get('Output', 'TidyFormat')) {
|
||||
$tidy = new Tidy;
|
||||
$tidy->parseString($html, array(
|
||||
'indent'=> true,
|
||||
@ -81,7 +81,7 @@ class HTMLPurifier_Generator
|
||||
}
|
||||
|
||||
// Normalize newlines to system defined value
|
||||
$nl = $this->_config->get('Output', 'Newline');
|
||||
$nl = $this->config->get('Output', 'Newline');
|
||||
if ($nl === null) $nl = PHP_EOL;
|
||||
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
||||
return $html;
|
||||
|
||||
@ -62,7 +62,19 @@ foreach ($files as $file) {
|
||||
$tokens = token_get_all(file_get_contents($file));
|
||||
$file = str_replace('\\', '/', $file);
|
||||
for ($i = 0, $c = count($tokens); $i < $c; $i++) {
|
||||
if (!testToken($tokens[$i], T_VARIABLE, '$config')) continue;
|
||||
$ok = false;
|
||||
// Match $config
|
||||
if (!$ok && testToken($tokens[$i], T_VARIABLE, '$config')) $ok = true;
|
||||
// Match $this->config
|
||||
while (!$ok && testToken($tokens[$i], T_VARIABLE, '$this')) {
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], T_OBJECT_OPERATOR)) break;
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (testToken($tokens[$i], T_STRING, 'config')) $ok = true;
|
||||
break;
|
||||
}
|
||||
if (!$ok) continue;
|
||||
|
||||
$ok = false;
|
||||
for($i++; $i < $c; $i++) {
|
||||
if ($tokens[$i] === ',' || $tokens[$i] === ')' || $tokens[$i] === ';') {
|
||||
@ -86,31 +98,40 @@ foreach ($files as $file) {
|
||||
|
||||
$full_counter++;
|
||||
|
||||
// The T_CONSTANT_ENCAPSED_STRING may hide some more obscure use-cases;
|
||||
// it may be useful to log these.
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
||||
$namespace = substr($tokens[$i][1], 1, -1);
|
||||
$matched = false;
|
||||
do {
|
||||
|
||||
// What we currently don't match are batch retrievals, and
|
||||
// wildcard retrievals. This data might be useful in the future,
|
||||
// which is why we have a do {} while loop that doesn't actually
|
||||
// do anything.
|
||||
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
||||
$namespace = substr($tokens[$i][1], 1, -1);
|
||||
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], ',')) continue;
|
||||
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
||||
$directive = substr($tokens[$i][1], 1, -1);
|
||||
|
||||
$counter++;
|
||||
$matched = true;
|
||||
|
||||
$id = "$namespace.$directive";
|
||||
if (!isset($tracker[$id])) $tracker[$id] = array();
|
||||
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
|
||||
$tracker[$id][$file][] = $line;
|
||||
|
||||
} while (0);
|
||||
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], ',')) continue;
|
||||
|
||||
consumeWhitespace($tokens, $i);
|
||||
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
||||
$directive = substr($tokens[$i][1], 1, -1);
|
||||
|
||||
$counter++;
|
||||
|
||||
$id = "$namespace.$directive";
|
||||
if (!isset($tracker[$id])) $tracker[$id] = array();
|
||||
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
|
||||
$tracker[$id][$file][] = $line;
|
||||
|
||||
// echo "$file:$line uses $namespace.$directive\n";
|
||||
//echo "$file:$line uses $namespace.$directive\n";
|
||||
}
|
||||
}
|
||||
|
||||
echo "\n$counter/$full_counter instances of \$config found in source code.\n";
|
||||
echo "\n$counter/$full_counter instances of \$config or \$this->config found in source code.\n";
|
||||
|
||||
echo "Generating XML... ";
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user