0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00

[3.1.0] Extend scanner to catch $this->config; chmod new directories from Serializer. I'm not exactly sure what the implications of the bugfix are, but hopefully it won't blow up.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1708 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-05-13 03:17:38 +00:00
parent e0c0d8eab6
commit 77ce3e8b4a
6 changed files with 61 additions and 44 deletions

1
NEWS
View File

@ -46,6 +46,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
of DOM), HTML Purifier punts to DirectLex
- Fatal error with unserialization of ScriptRequired
- Created directories are now chmod'ed properly
. Out-of-date documentation revised
. UTF-8 encoding check optimization as suggested by Diego
. HTMLPurifier_Error removed in favor of exceptions

6
TODO
View File

@ -11,12 +11,6 @@ If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented!
- Figure out what to do with $this->config configuration object calls
in the scanner
- Quick optimizations for empty strings and strings without HTML (make sure
%HTML.Parent is accounted for) - Denis
- Ensure cache files by Serializer are chmod'ed properly - Denis
FUTURE VERSIONS
---------------

View File

@ -94,6 +94,16 @@
<line>41</line>
</file>
</directive>
<directive id="Output.TidyFormat">
<file name="HTMLPurifier/Generator.php">
<line>70</line>
</file>
</directive>
<directive id="Output.Newline">
<file name="HTMLPurifier/Generator.php">
<line>84</line>
</file>
</directive>
<directive id="HTML.BlockWrapper">
<file name="HTMLPurifier/HTMLDefinition.php">
<line>213</line>

View File

@ -100,18 +100,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
* @return Number of bytes written if success, or false if failure.
*/
private function _write($file, $data) {
static $file_put_contents;
if ($file_put_contents === null) {
$file_put_contents = function_exists('file_put_contents');
}
if ($file_put_contents) {
return file_put_contents($file, $data);
}
$fh = fopen($file, 'w');
if (!$fh) return false;
$status = fwrite($fh, $data);
fclose($fh);
return $status;
return file_put_contents($file, $data);
}
/**
@ -130,7 +119,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
} elseif (!$this->_testPermissions($base)) {
return false;
}
$old = umask(0022); // disable group and world writes
mkdir($directory);
umask($old);
} elseif (!$this->_testPermissions($directory)) {
return false;
}

View File

@ -29,7 +29,7 @@ class HTMLPurifier_Generator
/**
* Configuration for the generator
*/
private $_config;
protected $config;
/**
* @param $config Instance of HTMLPurifier_Config
@ -37,7 +37,7 @@ class HTMLPurifier_Generator
*/
public function __construct($config = null, $context = null) {
if (!$config) $config = HTMLPurifier_Config::createDefault();
$this->_config = $config;
$this->config = $config;
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
$this->_def = $config->getHTMLDefinition();
$this->_xhtml = $this->_def->doctype->xml;
@ -67,7 +67,7 @@ class HTMLPurifier_Generator
}
// Tidy cleanup
if (extension_loaded('tidy') && $this->_config->get('Output', 'TidyFormat')) {
if (extension_loaded('tidy') && $this->config->get('Output', 'TidyFormat')) {
$tidy = new Tidy;
$tidy->parseString($html, array(
'indent'=> true,
@ -81,7 +81,7 @@ class HTMLPurifier_Generator
}
// Normalize newlines to system defined value
$nl = $this->_config->get('Output', 'Newline');
$nl = $this->config->get('Output', 'Newline');
if ($nl === null) $nl = PHP_EOL;
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
return $html;

View File

@ -62,7 +62,19 @@ foreach ($files as $file) {
$tokens = token_get_all(file_get_contents($file));
$file = str_replace('\\', '/', $file);
for ($i = 0, $c = count($tokens); $i < $c; $i++) {
if (!testToken($tokens[$i], T_VARIABLE, '$config')) continue;
$ok = false;
// Match $config
if (!$ok && testToken($tokens[$i], T_VARIABLE, '$config')) $ok = true;
// Match $this->config
while (!$ok && testToken($tokens[$i], T_VARIABLE, '$this')) {
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], T_OBJECT_OPERATOR)) break;
consumeWhitespace($tokens, $i);
if (testToken($tokens[$i], T_STRING, 'config')) $ok = true;
break;
}
if (!$ok) continue;
$ok = false;
for($i++; $i < $c; $i++) {
if ($tokens[$i] === ',' || $tokens[$i] === ')' || $tokens[$i] === ';') {
@ -86,31 +98,40 @@ foreach ($files as $file) {
$full_counter++;
// The T_CONSTANT_ENCAPSED_STRING may hide some more obscure use-cases;
// it may be useful to log these.
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
$namespace = substr($tokens[$i][1], 1, -1);
$matched = false;
do {
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], ',')) continue;
// What we currently don't match are batch retrievals, and
// wildcard retrievals. This data might be useful in the future,
// which is why we have a do {} while loop that doesn't actually
// do anything.
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
$directive = substr($tokens[$i][1], 1, -1);
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
$namespace = substr($tokens[$i][1], 1, -1);
$counter++;
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], ',')) continue;
$id = "$namespace.$directive";
if (!isset($tracker[$id])) $tracker[$id] = array();
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
$tracker[$id][$file][] = $line;
consumeWhitespace($tokens, $i);
if (!testToken($tokens[$i], T_CONSTANT_ENCAPSED_STRING)) continue;
$directive = substr($tokens[$i][1], 1, -1);
// echo "$file:$line uses $namespace.$directive\n";
$counter++;
$matched = true;
$id = "$namespace.$directive";
if (!isset($tracker[$id])) $tracker[$id] = array();
if (!isset($tracker[$id][$file])) $tracker[$id][$file] = array();
$tracker[$id][$file][] = $line;
} while (0);
//echo "$file:$line uses $namespace.$directive\n";
}
}
echo "\n$counter/$full_counter instances of \$config found in source code.\n";
echo "\n$counter/$full_counter instances of \$config or \$this->config found in source code.\n";
echo "Generating XML... ";