0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-31 20:01:52 +00:00
- Printer adheres to configuration's directives on output format
- Fix improperly named form field in ConfigForm printer
. HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows much easier selective embedding of configuration values
. Doctype objects now accept public and system DTD identifiers
. %HTML.Doctype is now constrained by specific values, to specify a custom doctype use new %HTML.CustomDoctype
. ConfigForm truncates long directives to keep the form small, and does not re-output namespaces

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1232 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-06-25 18:38:39 +00:00
parent 96b571d236
commit 9f996b125a
11 changed files with 275 additions and 73 deletions

11
NEWS
View File

@ -26,6 +26,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- DefinitionCache no longer throws errors when it encounters old - DefinitionCache no longer throws errors when it encounters old
serial files that do not conform to the current style serial files that do not conform to the current style
- Stray xmlns attributes removed from configuration documentation - Stray xmlns attributes removed from configuration documentation
- configForm.php smoketest no longer has XSS vulnerability due to
unescaped print_r output
- Printer adheres to configuration's directives on output format
- Fix improperly named form field in ConfigForm printer
. Rewire some test-cases to swallow errors rather than expect them . Rewire some test-cases to swallow errors rather than expect them
. HTMLDefinition printer updated with some of the new attributes . HTMLDefinition printer updated with some of the new attributes
. DefinitionCache keys reordered to reflect precedence: version number, . DefinitionCache keys reordered to reflect precedence: version number,
@ -36,6 +40,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Directives now keep track of aliases to themselves . Directives now keep track of aliases to themselves
. Error collector now requires a severity to be passed, use PHP's internal . Error collector now requires a severity to be passed, use PHP's internal
error constants for this error constants for this
. HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows
much easier selective embedding of configuration values
. Doctype objects now accept public and system DTD identifiers
. %HTML.Doctype is now constrained by specific values, to specify a custom
doctype use new %HTML.CustomDoctype
. ConfigForm truncates long directives to keep the form small, and does
not re-output namespaces
2.0.0, released 2007-06-20 2.0.0, released 2007-06-20
# Completely refactored HTMLModuleManager, decentralizing safety # Completely refactored HTMLModuleManager, decentralizing safety

View File

@ -341,25 +341,78 @@ class HTMLPurifier_Config
} }
} }
/**
* Returns a list of array(namespace, directive) for all directives
* that are allowed in a web-form context as per an allowed
* namespaces/directives list.
* @param $allowed List of allowed namespaces/directives
* @static
*/
function getAllowedDirectivesForForm($allowed) {
$schema = HTMLPurifier_ConfigSchema::instance();
if ($allowed !== true) {
if (is_string($allowed)) $allowed = array($allowed);
$allowed_ns = array();
$allowed_directives = array();
$blacklisted_directives = array();
foreach ($allowed as $ns_or_directive) {
if (strpos($ns_or_directive, '.') !== false) {
// directive
if ($ns_or_directive[0] == '-') {
$blacklisted_directives[substr($ns_or_directive, 1)] = true;
} else {
$allowed_directives[$ns_or_directive] = true;
}
} else {
// namespace
$allowed_ns[$ns_or_directive] = true;
}
}
}
$ret = array();
foreach ($schema->info as $ns => $keypairs) {
foreach ($keypairs as $directive => $def) {
if ($allowed !== true) {
if (isset($blacklisted_directives["$ns.$directive"])) continue;
if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
}
if ($def->class == 'alias') continue;
if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
$ret[] = array($ns, $directive);
}
}
return $ret;
}
/** /**
* Loads configuration values from $_GET/$_POST that were posted * Loads configuration values from $_GET/$_POST that were posted
* via ConfigForm * via ConfigForm
* @param $array $_GET or $_POST array to import * @param $array $_GET or $_POST array to import
* @param $index Index/name that the config variables are in * @param $index Index/name that the config variables are in
* @param $allowed List of allowed namespaces/directives
* @param $mq_fix Boolean whether or not to enable magic quotes fix * @param $mq_fix Boolean whether or not to enable magic quotes fix
* @static * @static
*/ */
function loadArrayFromForm($array, $index, $mq_fix = true) { function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
$mq = get_magic_quotes_gpc() && $mq_fix; $mq = get_magic_quotes_gpc() && $mq_fix;
foreach ($array as $key => $value) {
if (!strncmp($key, 'Null_', 5) && !empty($value)) { $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
unset($array[substr($key, 5)]); $ret = array();
unset($array[$key]); foreach ($allowed as $key) {
list($ns, $directive) = $key;
$skey = "$ns.$directive";
if (!empty($array["Null_$skey"])) {
$ret[$ns][$directive] = null;
continue;
} }
if ($mq) $array[$key] = stripslashes($value); if (!isset($array[$skey])) continue;
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
$ret[$ns][$directive] = $value;
} }
return @HTMLPurifier_Config::create($array);
$config = HTMLPurifier_Config::create($ret);
return $config;
} }
/** /**

View File

@ -34,23 +34,33 @@ class HTMLPurifier_Doctype
*/ */
var $aliases = array(); var $aliases = array();
/**
* Public DTD identifier
*/
var $dtdPublic;
/**
* System DTD identifier
*/
var $dtdSystem;
function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(), function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
$tidyModules = array(), $aliases = array() $tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
) { ) {
$this->name = $name; $this->name = $name;
$this->xml = $xml; $this->xml = $xml;
$this->modules = $modules; $this->modules = $modules;
$this->tidyModules = $tidyModules; $this->tidyModules = $tidyModules;
$this->aliases = $aliases; $this->aliases = $aliases;
$this->dtdPublic = $dtd_public;
$this->dtdSystem = $dtd_system;
} }
/** /**
* Clones the doctype, use before resolving modes and the like * Clones the doctype, use before resolving modes and the like
*/ */
function copy() { function copy() {
return new HTMLPurifier_Doctype( return unserialize(serialize($this));
$this->name, $this->xml, $this->modules, $this->tidyModules, $this->aliases
);
} }
} }

View File

@ -44,14 +44,14 @@ class HTMLPurifier_DoctypeRegistry
* @return Reference to registered doctype (usable for further editing) * @return Reference to registered doctype (usable for further editing)
*/ */
function &register($doctype, $xml = true, $modules = array(), function &register($doctype, $xml = true, $modules = array(),
$tidy_modules = array(), $aliases = array() $tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
) { ) {
if (!is_array($modules)) $modules = array($modules); if (!is_array($modules)) $modules = array($modules);
if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules); if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
if (!is_array($aliases)) $aliases = array($aliases); if (!is_array($aliases)) $aliases = array($aliases);
if (!is_object($doctype)) { if (!is_object($doctype)) {
$doctype = new HTMLPurifier_Doctype( $doctype = new HTMLPurifier_Doctype(
$doctype, $xml, $modules, $tidy_modules, $aliases $doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
); );
} }
$this->doctypes[$doctype->name] =& $doctype; $this->doctypes[$doctype->name] =& $doctype;
@ -76,7 +76,7 @@ class HTMLPurifier_DoctypeRegistry
function &get($doctype) { function &get($doctype) {
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype]; if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
if (!isset($this->doctypes[$doctype])) { if (!isset($this->doctypes[$doctype])) {
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist'); trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
$anon = new HTMLPurifier_Doctype($doctype); $anon = new HTMLPurifier_Doctype($doctype);
return $anon; return $anon;
} }
@ -103,9 +103,9 @@ class HTMLPurifier_DoctypeRegistry
function getDoctypeFromConfig($config) { function getDoctypeFromConfig($config) {
// recommended test // recommended test
$doctype = $config->get('HTML', 'Doctype'); $doctype = $config->get('HTML', 'Doctype');
if ($doctype !== null) { if (!empty($doctype)) return $doctype;
return $doctype; $doctype = $config->get('HTML', 'CustomDoctype');
} if (!empty($doctype)) return $doctype;
// backwards-compatibility // backwards-compatibility
if ($config->get('HTML', 'XHTML')) { if ($config->get('HTML', 'XHTML')) {
$doctype = 'XHTML 1.0'; $doctype = 'XHTML 1.0';

View File

@ -37,14 +37,27 @@ require_once 'HTMLPurifier/HTMLModule/Tidy/XHTMLStrict.php';
require_once 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php'; require_once 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
HTMLPurifier_ConfigSchema::define( HTMLPurifier_ConfigSchema::define(
'HTML', 'Doctype', null, 'string/null', 'HTML', 'Doctype', '', 'string',
'Doctype to use, pre-defined values are HTML 4.01 Transitional, HTML 4.01 '. 'Doctype to use during filtering. '.
'Strict, XHTML 1.0 Transitional, XHTML 1.0 Strict, XHTML 1.1. '.
'Technically speaking this is not actually a doctype (as it does '. 'Technically speaking this is not actually a doctype (as it does '.
'not identify a corresponding DTD), but we are using this name '. 'not identify a corresponding DTD), but we are using this name '.
'for sake of simplicity. This will override any older directives '. 'for sake of simplicity. When non-blank, this will override any older directives '.
'like %HTML.XHTML or %HTML.Strict.' 'like %HTML.XHTML or %HTML.Strict.'
); );
HTMLPurifier_ConfigSchema::defineAllowedValues('HTML', 'Doctype', array(
'', 'HTML 4.01 Transitional', 'HTML 4.01 Strict',
'XHTML 1.0 Transitional', 'XHTML 1.0 Strict',
'XHTML 1.1'
));
HTMLPurifier_ConfigSchema::define(
'HTML', 'CustomDoctype', null, 'string/null',
'
A custom doctype for power-users who defined there own document
type. This directive only applies when %HTML.Doctype is blank.
This directive has been available since 2.0.1.
'
);
HTMLPurifier_ConfigSchema::define( HTMLPurifier_ConfigSchema::define(
'HTML', 'Trusted', false, 'bool', 'HTML', 'Trusted', false, 'bool',
@ -167,31 +180,46 @@ class HTMLPurifier_HTMLModuleManager
$this->doctypes->register( $this->doctypes->register(
'HTML 4.01 Transitional', false, 'HTML 4.01 Transitional', false,
array_merge($common, $transitional, $non_xml), array_merge($common, $transitional, $non_xml),
array('Tidy_Transitional', 'Tidy_Proprietary') array('Tidy_Transitional', 'Tidy_Proprietary'),
array(),
'-//W3C//DTD HTML 4.01 Transitional//EN',
'http://www.w3.org/TR/html4/loose.dtd'
); );
$this->doctypes->register( $this->doctypes->register(
'HTML 4.01 Strict', false, 'HTML 4.01 Strict', false,
array_merge($common, $non_xml), array_merge($common, $non_xml),
array('Tidy_Strict', 'Tidy_Proprietary') array('Tidy_Strict', 'Tidy_Proprietary'),
array(),
'-//W3C//DTD HTML 4.01//EN',
'http://www.w3.org/TR/html4/strict.dtd'
); );
$this->doctypes->register( $this->doctypes->register(
'XHTML 1.0 Transitional', true, 'XHTML 1.0 Transitional', true,
array_merge($common, $transitional, $xml, $non_xml), array_merge($common, $transitional, $xml, $non_xml),
array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary') array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary'),
array(),
'-//W3C//DTD XHTML 1.0 Transitional//EN',
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
); );
$this->doctypes->register( $this->doctypes->register(
'XHTML 1.0 Strict', true, 'XHTML 1.0 Strict', true,
array_merge($common, $xml, $non_xml), array_merge($common, $xml, $non_xml),
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_XHTMLStrict', 'Tidy_Proprietary') array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_XHTMLStrict', 'Tidy_Proprietary'),
array(),
'-//W3C//DTD XHTML 1.0 Strict//EN',
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'
); );
$this->doctypes->register( $this->doctypes->register(
'XHTML 1.1', true, 'XHTML 1.1', true,
array_merge($common, $xml), array_merge($common, $xml),
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary') // Tidy_XHTML1_1 array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary'), // Tidy_XHTML1_1
array(),
'-//W3C//DTD XHTML 1.1//EN',
'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'
); );
} }

View File

@ -26,6 +26,16 @@ class HTMLPurifier_Printer
$this->generator = new HTMLPurifier_Generator(); $this->generator = new HTMLPurifier_Generator();
} }
/**
* Give generator necessary configuration if possible
*/
function prepareGenerator($config) {
// hack for smoketests/configForm.php
if (empty($config->conf['HTML'])) return;
$context = new HTMLPurifier_Context();
$this->generator->generateFromTokens(array(), $config, $context);
}
/** /**
* Main function that renders object or aspect of that object * Main function that renders object or aspect of that object
* @note Parameters vary depending on printer * @note Parameters vary depending on printer

View File

@ -38,18 +38,19 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
/** /**
* Returns HTML output for a configuration form * Returns HTML output for a configuration form
* @param $config Configuration object of current form state * @param $config Configuration object of current form state
* @param $ns Optional namespace(s) to restrict form to * @param $allowed Optional namespace(s) and directives to restrict form to.
*/ */
function render($config, $ns = true) { function render($config, $allowed = true, $render_controls = true) {
$this->config = $config; $this->config = $config;
if ($ns === true) { $this->prepareGenerator($config);
$all = $config->getAll();
} else { $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
if (is_string($ns)) $ns = array($ns); $all = array();
foreach ($ns as $n) { foreach ($allowed as $key) {
$all = array($n => $config->getBatch($n)); list($ns, $directive) = $key;
} $all[$ns][$directive] = $config->get($ns, $directive);
} }
$ret = ''; $ret = '';
$ret .= $this->start('table', array('class' => 'hp-config')); $ret .= $this->start('table', array('class' => 'hp-config'));
$ret .= $this->start('thead'); $ret .= $this->start('thead');
@ -61,13 +62,16 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
foreach ($all as $ns => $directives) { foreach ($all as $ns => $directives) {
$ret .= $this->renderNamespace($ns, $directives); $ret .= $this->renderNamespace($ns, $directives);
} }
$ret .= $this->start('tfoot'); if ($render_controls) {
$ret .= $this->start('tr'); $ret .= $this->start('tfoot');
$ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls')); $ret .= $this->start('tr');
$ret .= '<input type="submit" value="Submit" /> [<a href="?">Reset</a>]'; $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
$ret .= $this->end('td'); $ret .= $this->elementEmpty('input', array('type' => 'Submit', 'value' => 'Submit'));
$ret .= $this->end('tr'); $ret .= '[<a href="?">Reset</a>]';
$ret .= $this->end('tfoot'); $ret .= $this->end('td');
$ret .= $this->end('tr');
$ret .= $this->end('tfoot');
}
$ret .= $this->end('table'); $ret .= $this->end('table');
return $ret; return $ret;
} }
@ -93,11 +97,20 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
$url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL); $url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
$ret .= $this->start('a', array('href' => $url)); $ret .= $this->start('a', array('href' => $url));
} }
$attr = array('for' => "{$this->name}:$ns.$directive");
// crop directive name if it's too long
if (strlen($directive) < 14) {
$directive_disp = $directive;
} else {
$directive_disp = substr($directive, 0, 12) . '...';
$attr['title'] = $directive;
}
$ret .= $this->element( $ret .= $this->element(
'label', 'label',
"%$ns.$directive", $directive_disp,
// component printers must create an element with this id // component printers must create an element with this id
array('for' => "{$this->name}:$ns.$directive") $attr
); );
if ($this->docURL) $ret .= $this->end('a'); if ($this->docURL) $ret .= $this->end('a');
$ret .= $this->end('th'); $ret .= $this->end('th');
@ -136,6 +149,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
$this->obj = $obj; $this->obj = $obj;
} }
function render($ns, $directive, $value, $name, $config) { function render($ns, $directive, $value, $name, $config) {
$this->prepareGenerator($config);
$ret = ''; $ret = '';
$ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive")); $ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose')); $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
@ -145,7 +159,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
'type' => 'checkbox', 'type' => 'checkbox',
'value' => '1', 'value' => '1',
'class' => 'null-toggle', 'class' => 'null-toggle',
'name' => "$name:Null_$ns.$directive", 'name' => "$name"."[Null_$ns.$directive]",
'id' => "$name:Null_$ns.$directive", 'id' => "$name:Null_$ns.$directive",
'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!! 'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
); );
@ -163,6 +177,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
*/ */
class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer { class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
function render($ns, $directive, $value, $name, $config) { function render($ns, $directive, $value, $name, $config) {
$this->prepareGenerator($config);
// this should probably be split up a little // this should probably be split up a little
$ret = ''; $ret = '';
$def = $config->def->info[$ns][$directive]; $def = $config->def->info[$ns][$directive];
@ -193,7 +208,6 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
$value = serialize($value); $value = serialize($value);
} }
$attr = array( $attr = array(
'type' => 'text',
'name' => "$name"."[$ns.$directive]", 'name' => "$name"."[$ns.$directive]",
'id' => "$name:$ns.$directive" 'id' => "$name:$ns.$directive"
); );
@ -208,6 +222,7 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
$ret .= $this->end('select'); $ret .= $this->end('select');
} else { } else {
$attr['value'] = $value; $attr['value'] = $value;
$attr['type'] = 'text';
$ret .= $this->elementEmpty('input', $attr); $ret .= $this->elementEmpty('input', $attr);
} }
return $ret; return $ret;
@ -219,8 +234,8 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
*/ */
class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer { class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer {
function render($ns, $directive, $value, $name, $config) { function render($ns, $directive, $value, $name, $config) {
$this->prepareGenerator($config);
$ret = ''; $ret = '';
$ret .= $this->start('div', array('id' => "$name:$ns.$directive")); $ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
$ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive")); $ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));

View File

@ -6,7 +6,7 @@ require_once 'HTMLPurifier/Printer/HTMLDefinition.php';
require_once 'HTMLPurifier/Printer/CSSDefinition.php'; require_once 'HTMLPurifier/Printer/CSSDefinition.php';
require_once 'HTMLPurifier/Printer/ConfigForm.php'; require_once 'HTMLPurifier/Printer/ConfigForm.php';
$config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config'); $config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config', 'HTML');
// you can do custom configuration! // you can do custom configuration!
if (file_exists('printDefinition.settings.php')) { if (file_exists('printDefinition.settings.php')) {
@ -22,6 +22,7 @@ $printer_config_form = new HTMLPurifier_Printer_ConfigForm(
); );
echo '<?xml version="1.0" encoding="UTF-8" ?>'; echo '<?xml version="1.0" encoding="UTF-8" ?>';
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

View File

@ -5,40 +5,36 @@ $custom_schema = new HTMLPurifier_ConfigSchema();
$old = HTMLPurifier_ConfigSchema::instance(); $old = HTMLPurifier_ConfigSchema::instance();
$custom_schema =& HTMLPurifier_ConfigSchema::instance($custom_schema); $custom_schema =& HTMLPurifier_ConfigSchema::instance($custom_schema);
if (!class_exists('CS')) { HTMLPurifier_ConfigSchema::defineNamespace('Element', 'Chemical substances that cannot be further decomposed');
class CS extends HTMLPurifier_ConfigSchema {}
}
CS::defineNamespace('Element', 'Chemical substances that cannot be further decomposed'); HTMLPurifier_ConfigSchema::define('Element', 'Abbr', 'H', 'string', 'Abbreviation of element name.');
HTMLPurifier_ConfigSchema::define('Element', 'Name', 'hydrogen', 'istring', 'Full name of atoms.');
CS::define('Element', 'Abbr', 'H', 'string', 'Abbreviation of element name.'); HTMLPurifier_ConfigSchema::define('Element', 'Number', 1, 'int', 'Atomic number, is identity.');
CS::define('Element', 'Name', 'hydrogen', 'istring', 'Full name of atoms.'); HTMLPurifier_ConfigSchema::define('Element', 'Mass', 1.00794, 'float', 'Atomic mass.');
CS::define('Element', 'Number', 1, 'int', 'Atomic number, is identity.'); HTMLPurifier_ConfigSchema::define('Element', 'Radioactive', false, 'bool', 'Does it have rapid decay?');
CS::define('Element', 'Mass', 1.00794, 'float', 'Atomic mass.'); HTMLPurifier_ConfigSchema::define('Element', 'Isotopes', array('1' => true, '2' => true, '3' => true), 'lookup',
CS::define('Element', 'Radioactive', false, 'bool', 'Does it have rapid decay?');
CS::define('Element', 'Isotopes', array('1' => true, '2' => true, '3' => true), 'lookup',
'What numbers of neutrons for this element have been observed?'); 'What numbers of neutrons for this element have been observed?');
CS::define('Element', 'Traits', array('nonmetallic', 'odorless', 'flammable'), 'list', HTMLPurifier_ConfigSchema::define('Element', 'Traits', array('nonmetallic', 'odorless', 'flammable'), 'list',
'What are general properties of the element?'); 'What are general properties of the element?');
CS::define('Element', 'IsotopeNames', array('1' => 'protium', '2' => 'deuterium', '3' => 'tritium'), 'hash', HTMLPurifier_ConfigSchema::define('Element', 'IsotopeNames', array('1' => 'protium', '2' => 'deuterium', '3' => 'tritium'), 'hash',
'Lookup hash of neutron counts to formal names.'); 'Lookup hash of neutron counts to formal names.');
CS::defineNamespace('Instrument', 'Of the musical type.'); HTMLPurifier_ConfigSchema::defineNamespace('Instrument', 'Of the musical type.');
CS::define('Instrument', 'Manufacturer', 'Yamaha', 'string', 'Who made it?'); HTMLPurifier_ConfigSchema::define('Instrument', 'Manufacturer', 'Yamaha', 'string', 'Who made it?');
CS::defineAllowedValues('Instrument', 'Manufacturer', array( HTMLPurifier_ConfigSchema::defineAllowedValues('Instrument', 'Manufacturer', array(
'Yamaha', 'Conn-Selmer', 'Vandoren', 'Laubin', 'Buffet', 'other')); 'Yamaha', 'Conn-Selmer', 'Vandoren', 'Laubin', 'Buffet', 'other'));
CS::defineValueAliases('Instrument', 'Manufacturer', array( HTMLPurifier_ConfigSchema::defineValueAliases('Instrument', 'Manufacturer', array(
'Selmer' => 'Conn-Selmer')); 'Selmer' => 'Conn-Selmer'));
CS::define('Instrument', 'Family', 'woodwind', 'istring', 'What family is it?'); HTMLPurifier_ConfigSchema::define('Instrument', 'Family', 'woodwind', 'istring', 'What family is it?');
CS::defineAllowedValues('Instrument', 'Family', array( HTMLPurifier_ConfigSchema::defineAllowedValues('Instrument', 'Family', array(
'brass', 'woodwind', 'percussion', 'string', 'keyboard', 'electronic')); 'brass', 'woodwind', 'percussion', 'string', 'keyboard', 'electronic'));
CS::defineValueAliases('Instrument', 'Family', array( HTMLPurifier_ConfigSchema::defineValueAliases('Instrument', 'Family', array(
'synth' => 'electronic')); 'synth' => 'electronic'));
CS::defineNamespace('ReportCard', 'It is for grades.'); HTMLPurifier_ConfigSchema::defineNamespace('ReportCard', 'It is for grades.');
CS::define('ReportCard', 'English', null, 'string/null', 'Grade from English class.'); HTMLPurifier_ConfigSchema::define('ReportCard', 'English', null, 'string/null', 'Grade from English class.');
CS::define('ReportCard', 'Absences', 0, 'int', 'How many times missing from school?'); HTMLPurifier_ConfigSchema::define('ReportCard', 'Absences', 0, 'int', 'How many times missing from school?');
?> ?>

View File

@ -376,6 +376,84 @@ class HTMLPurifier_ConfigTest extends UnitTestCase
} }
function test_loadArrayFromForm() {
CS::defineNamespace('Pancake', 'This should not be user customizable');
CS::define('Pancake', 'Mix', 'buttermilk', 'string', 'Type of pancake mix to use.');
CS::define('Pancake', 'Served', true, 'bool', 'But this is customizable by user.');
CS::defineNamespace('Toppings', 'This is user customizable');
CS::define('Toppings', 'Syrup', true, 'bool', 'Absolutely standard!');
CS::define('Toppings', 'Flavor', 'maple', 'string', 'What flavor is the syrup?');
CS::define('Toppings', 'Strawberries', 3, 'int', 'Quite delightful fruit.');
CS::define('Toppings', 'Calories', 2000, 'int/null', 'Some things are best left unknown.');
CS::define('Toppings', 'DefinitionID', null, 'string/null', 'Do not let this be set');
CS::define('Toppings', 'DefinitionRev', 1, 'int', 'Do not let this be set');
CS::define('Toppings', 'Protected', 1, 'int', 'Do not let this be set');
$get = array(
'breakfast' => array(
'Pancake.Mix' => 'nasty',
'Pancake.Served' => '0',
'Toppings.Syrup' => '0',
'Toppings.Flavor' => "Bug\\'s juice",
'Toppings.Strawberries' => '999',
'Toppings.Calories' => '',
'Null_Toppings.Calories' => '1',
'Toppings.DefinitionID' => '<argh>',
'Toppings.DefinitionRev' => '65',
'Toppings.Protected' => '4',
)
);
$config_expect = HTMLPurifier_Config::create(array(
'Pancake.Served' => false,
'Toppings.Syrup' => false,
'Toppings.Flavor' => "Bug's juice",
'Toppings.Strawberries' => 999,
'Toppings.Calories' => null
));
$config_result = HTMLPurifier_Config::loadArrayFromForm($get, 'breakfast', array('Pancake.Served', 'Toppings', '-Toppings.Protected'), true);
$this->assertEqual($config_expect, $config_result);
$get = array(
'breakfast' => array(
'Pancake.Mix' => 'n\\asty'
)
);
$config_expect = HTMLPurifier_Config::create(array(
'Pancake.Mix' => 'n\\asty'
));
$config_result = HTMLPurifier_Config::loadArrayFromForm($get, 'breakfast', true, false);
$this->assertEqual($config_expect, $config_result);
}
function test_getAllowedDirectivesForForm() {
CS::defineNamespace('Unused', 'Not mentioned, so deny');
CS::define('Unused', 'Unused', 'Foobar', 'string', 'Not mentioned, do not allow');
CS::defineNamespace('Partial', 'Some are mentioned, allow only those');
CS::define('Partial', 'Allowed', true, 'bool', 'Mentioned, allowed');
CS::define('Partial', 'Unused', 'Foobar', 'string', 'Not mentioned, do not allow');
CS::defineNamespace('All', 'Entire namespace allowed, allow all unless...');
CS::define('All', 'Allowed', true, 'bool', 'Not mentioned, allowed');
CS::define('All', 'Blacklisted', 'Foobar', 'string', 'Specifically blacklisted');
CS::define('All', 'DefinitionID', 'Foobar', 'string/null', 'Special case, auto-blacklisted');
CS::define('All', 'DefinitionRev', 2, 'int', 'Special case, auto-blacklisted');
$input = array('Partial.Allowed', 'All', '-All.Blacklisted');
$output = HTMLPurifier_Config::getAllowedDirectivesForForm($input);
$expect = array(
array('Partial', 'Allowed'),
array('All', 'Allowed')
);
$this->assertEqual($output, $expect);
}
} }
?> ?>

View File

@ -38,7 +38,7 @@ class HTMLPurifier_HTMLModuleManagerTest extends UnitTestCase
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'Trusted', false); $config->set('HTML', 'Trusted', false);
$config->set('HTML', 'Doctype', 'Blank'); $config->set('HTML', 'CustomDoctype', 'Blank');
$manager->setup($config); $manager->setup($config);
@ -94,7 +94,7 @@ class HTMLPurifier_HTMLModuleManagerTest extends UnitTestCase
$manager->registerModule($magic_module); $manager->registerModule($magic_module);
$config = HTMLPurifier_Config::create(array( $config = HTMLPurifier_Config::create(array(
'HTML.Doctype' => 'Fantasy Inventory 1.0', 'HTML.CustomDoctype' => 'Fantasy Inventory 1.0',
'HTML.AllowedModules' => 'Weapons' 'HTML.AllowedModules' => 'Weapons'
)); ));
$manager->setup($config); $manager->setup($config);