mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
[3.1.0] Extend scanner to catch $this->config; chmod new directories from Serializer. I'm not exactly sure what the implications of the bugfix are, but hopefully it won't blow up.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1708 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
parent
e0c0d8eab6
commit
77ce3e8b4a
1
NEWS
1
NEWS
@ -46,6 +46,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
|
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
|
||||||
of DOM), HTML Purifier punts to DirectLex
|
of DOM), HTML Purifier punts to DirectLex
|
||||||
- Fatal error with unserialization of ScriptRequired
|
- Fatal error with unserialization of ScriptRequired
|
||||||
|
- Created directories are now chmod'ed properly
|
||||||
. Out-of-date documentation revised
|
. Out-of-date documentation revised
|
||||||
. UTF-8 encoding check optimization as suggested by Diego
|
. UTF-8 encoding check optimization as suggested by Diego
|
||||||
. HTMLPurifier_Error removed in favor of exceptions
|
. HTMLPurifier_Error removed in favor of exceptions
|
||||||
|
|||||||
6
TODO
6
TODO
@ -11,12 +11,6 @@ If no interest is expressed for a feature that may require a considerable
|
|||||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||||
afraid to cast your vote for the next feature to be implemented!
|
afraid to cast your vote for the next feature to be implemented!
|
||||||
|
|
||||||
- Figure out what to do with $this->config configuration object calls
|
|
||||||
in the scanner
|
|
||||||
- Quick optimizations for empty strings and strings without HTML (make sure
|
|
||||||
%HTML.Parent is accounted for) - Denis
|
|
||||||
- Ensure cache files by Serializer are chmod'ed properly - Denis
|
|
||||||
|
|
||||||
FUTURE VERSIONS
|
FUTURE VERSIONS
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
|
|||||||
@ -94,6 +94,16 @@
|
|||||||
<line>41</line>
|
<line>41</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
|
<directive id="Output.TidyFormat">
|
||||||
|
<file name="HTMLPurifier/Generator.php">
|
||||||
|
<line>70</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
|
<directive id="Output.Newline">
|
||||||
|
<file name="HTMLPurifier/Generator.php">
|
||||||
|
<line>84</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
<directive id="HTML.BlockWrapper">
|
<directive id="HTML.BlockWrapper">
|
||||||
<file name="HTMLPurifier/HTMLDefinition.php">
|
<file name="HTMLPurifier/HTMLDefinition.php">
|
||||||
<line>213</line>
|
<line>213</line>
|
||||||
|
|||||||
@ -100,19 +100,8 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
|||||||
* @return Number of bytes written if success, or false if failure.
|
* @return Number of bytes written if success, or false if failure.
|
||||||
*/
|
*/
|
||||||
private function _write($file, $data) {
|
private function _write($file, $data) {
|
||||||
static $file_put_contents;
|
|
||||||
if ($file_put_contents === null) {
|
|
||||||
$file_put_contents = function_exists('file_put_contents');
|
|
||||||
}
|
|
||||||
if ($file_put_contents) {
|
|
||||||
return file_put_contents($file, $data);
|
return file_put_contents($file, $data);
|
||||||
}
|
}
|
||||||
$fh = fopen($file, 'w');
|
|
||||||
if (!$fh) return false;
|
|
||||||
$status = fwrite($fh, $data);
|
|
||||||
fclose($fh);
|
|
||||||
return $status;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prepares the directory that this type stores the serials in
|
* Prepares the directory that this type stores the serials in
|
||||||
@ -130,7 +119,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
|
|||||||
} elseif (!$this->_testPermissions($base)) {
|
} elseif (!$this->_testPermissions($base)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
$old = umask(0022); // disable group and world writes
|
||||||
mkdir($directory);
|
mkdir($directory);
|
||||||
|
umask($old);
|
||||||
} elseif (!$this->_testPermissions($directory)) {
|
} elseif (!$this->_testPermissions($directory)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -29,7 +29,7 @@ class HTMLPurifier_Generator
|
|||||||
/**
|
/**
|
||||||
* Configuration for the generator
|
* Configuration for the generator
|
||||||
*/
|
*/
|
||||||
private $_config;
|
protected $config;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $config Instance of HTMLPurifier_Config
|
* @param $config Instance of HTMLPurifier_Config
|
||||||
@ -37,7 +37,7 @@ class HTMLPurifier_Generator
|
|||||||
*/
|
*/
|
||||||
public function __construct($config = null, $context = null) {
|
public function __construct($config = null, $context = null) {
|
||||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||||
$this->_config = $config;
|
$this->config = $config;
|
||||||
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
||||||
$this->_def = $config->getHTMLDefinition();
|
$this->_def = $config->getHTMLDefinition();
|
||||||
$this->_xhtml = $this->_def->doctype->xml;
|
$this->_xhtml = $this->_def->doctype->xml;
|
||||||
@ -67,7 +67,7 @@ class HTMLPurifier_Generator
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Tidy cleanup
|
// Tidy cleanup
|
||||||
if (extension_loaded('tidy') && $this->_config->get('Output', 'TidyFormat')) {
|
if (extension_loaded('tidy') && $this->config->get('Output', 'TidyFormat')) {
|
||||||
$tidy = new Tidy;
|
$tidy = new Tidy;
|
||||||
$tidy->parseString($html, array(
|
$tidy->parseString($html, array(
|
||||||
'indent'=> true,
|
'indent'=> true,
|
||||||
@ -81,7 +81,7 @@ class HTMLPurifier_Generator
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Normalize newlines to system defined value
|
// Normalize newlines to system defined value
|
||||||
$nl = $this->_config->get('Output', 'Newline');
|
$nl = $this->config->get('Output', 'Newline');
|
||||||
if ($nl === null) $nl = PHP_EOL;
|
if ($nl === null) $nl = PHP_EOL;
|
||||||
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
||||||
return $html;
|
return $html;
|
||||||
|
|||||||
@ -62,7 +62,19 @@ foreach ($files as $file) {
|
|||||||
$tokens = token_get_all(file_get_contents($file));
|
$tokens = token_get_all(file_get_contents($file));
|
||||||
$file = str_replace('\\', '/', $file);
|
$file = str_replace('\\', '/', $file);
|
||||||
for ($i = 0, $c = count($tokens); $i < $c; $i++) {
|
for ($i = 0, $c = count($tokens); $i < $c; $i++) {
|
||||||
if (!testToken($tokens[$i], T_VARIABLE, '$config')) continue;
|
$ok = false;
|
||||||
|
// Match $config
|
||||||
|
if (!$ok && testToken($tokens[$i], T_VARIABLE, '$config')) $ok = true;
|
||||||
|
// Match $this->config
|
||||||
|
while (!$ok && testToken($tokens[$i], T_VARIABLE, '$this')) {
|
||||||
|
consumeWhitespace($tokens, $i);
|
||||||
|
if (!testToken($tokens[$i], T_OBJECT_OPERATOR)) break;
|
||||||
|
consumeWhitespace($tokens, $i);
|
||||||
|
if (testToken($tokens[$i], T_STRING, 'config')) $ok = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!$ok) continue;
|
||||||
|
|
||||||
$ok = false;
|
$ok = false;
|
||||||
for($i++; $i < $c; $i++) {
|
for($i++; $i < $c; $i++) {
|
||||||
if ($tokens[$i] === ',' || $tokens[$i] === ')' || $tokens[$i] === ';') {
|
if ($tokens[$i] === ',' || $tokens[$i] === ')' || $tokens[$i] === ';') {
|
||||||
@ -86,8 +98,14 @@ foreach ($files as $file) {
|
|||||||
|
|
||||||
$full_counter++;
|
$full_counter++;
|
||||||
|
|
||||||
// The T_CONSTANT_ENCAPSED_STRING may hide some more obscure use-cases;
|
$matched = false;
|
||||||
// it may be useful to log these.
|
do {
|
||||||
|
|
||||||
|
// What we currently don't match are batch retrievals, and
|
||||||
|
// wildcard retrievals. This data might be useful in the future,
|
||||||
|
// which is why we have a do {} while loop that doesn't actually
|
||||||
|
// do anything.
|
||||||
|
|
||||||
consumeWhitespace($tokens, $i);
|
consumeWhitespace($tokens, $i);
|
||||||
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
|
||||||
$namespace = substr($tokens[$i][1], 1, -1);
|
$namespace = substr($tokens[$i][1], 1, -1);
|
||||||
@ -100,17 +118,20 @@ foreach ($files as $file) {
|
|||||||
$directive = substr($tokens[$i][1], 1, -1);
|
$directive = substr($tokens[$i][1], 1, -1);
|
||||||
|
|
||||||
$counter++;
|
$counter++;
|
||||||
|
$matched = true;
|
||||||
|
|
||||||
$id = "$namespace.$directive";
|
$id = "$namespace.$directive";
|
||||||
if (!isset($tracker[$id])) $tracker[$id] = array();
|
if (!isset($tracker[$id])) $tracker[$id] = array();
|
||||||
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
|
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
|
||||||
$tracker[$id][$file][] = $line;
|
$tracker[$id][$file][] = $line;
|
||||||
|
|
||||||
|
} while (0);
|
||||||
|
|
||||||
//echo "$file:$line uses $namespace.$directive\n";
|
//echo "$file:$line uses $namespace.$directive\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "\n$counter/$full_counter instances of \$config found in source code.\n";
|
echo "\n$counter/$full_counter instances of \$config or \$this->config found in source code.\n";
|
||||||
|
|
||||||
echo "Generating XML... ";
|
echo "Generating XML... ";
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user