mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
[2.0.1]
- Printer adheres to configuration's directives on output format - Fix improperly named form field in ConfigForm printer . HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows much easier selective embedding of configuration values . Doctype objects now accept public and system DTD identifiers . %HTML.Doctype is now constrained by specific values, to specify a custom doctype use new %HTML.CustomDoctype . ConfigForm truncates long directives to keep the form small, and does not re-output namespaces git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1232 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
96b571d236
commit
9f996b125a
11
NEWS
11
NEWS
@ -26,6 +26,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
- DefinitionCache no longer throws errors when it encounters old
|
- DefinitionCache no longer throws errors when it encounters old
|
||||||
serial files that do not conform to the current style
|
serial files that do not conform to the current style
|
||||||
- Stray xmlns attributes removed from configuration documentation
|
- Stray xmlns attributes removed from configuration documentation
|
||||||
|
- configForm.php smoketest no longer has XSS vulnerability due to
|
||||||
|
unescaped print_r output
|
||||||
|
- Printer adheres to configuration's directives on output format
|
||||||
|
- Fix improperly named form field in ConfigForm printer
|
||||||
. Rewire some test-cases to swallow errors rather than expect them
|
. Rewire some test-cases to swallow errors rather than expect them
|
||||||
. HTMLDefinition printer updated with some of the new attributes
|
. HTMLDefinition printer updated with some of the new attributes
|
||||||
. DefinitionCache keys reordered to reflect precedence: version number,
|
. DefinitionCache keys reordered to reflect precedence: version number,
|
||||||
@ -36,6 +40,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
. Directives now keep track of aliases to themselves
|
. Directives now keep track of aliases to themselves
|
||||||
. Error collector now requires a severity to be passed, use PHP's internal
|
. Error collector now requires a severity to be passed, use PHP's internal
|
||||||
error constants for this
|
error constants for this
|
||||||
|
. HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows
|
||||||
|
much easier selective embedding of configuration values
|
||||||
|
. Doctype objects now accept public and system DTD identifiers
|
||||||
|
. %HTML.Doctype is now constrained by specific values, to specify a custom
|
||||||
|
doctype use new %HTML.CustomDoctype
|
||||||
|
. ConfigForm truncates long directives to keep the form small, and does
|
||||||
|
not re-output namespaces
|
||||||
|
|
||||||
2.0.0, released 2007-06-20
|
2.0.0, released 2007-06-20
|
||||||
# Completely refactored HTMLModuleManager, decentralizing safety
|
# Completely refactored HTMLModuleManager, decentralizing safety
|
||||||
|
@ -341,25 +341,78 @@ class HTMLPurifier_Config
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of array(namespace, directive) for all directives
|
||||||
|
* that are allowed in a web-form context as per an allowed
|
||||||
|
* namespaces/directives list.
|
||||||
|
* @param $allowed List of allowed namespaces/directives
|
||||||
|
* @static
|
||||||
|
*/
|
||||||
|
function getAllowedDirectivesForForm($allowed) {
|
||||||
|
$schema = HTMLPurifier_ConfigSchema::instance();
|
||||||
|
if ($allowed !== true) {
|
||||||
|
if (is_string($allowed)) $allowed = array($allowed);
|
||||||
|
$allowed_ns = array();
|
||||||
|
$allowed_directives = array();
|
||||||
|
$blacklisted_directives = array();
|
||||||
|
foreach ($allowed as $ns_or_directive) {
|
||||||
|
if (strpos($ns_or_directive, '.') !== false) {
|
||||||
|
// directive
|
||||||
|
if ($ns_or_directive[0] == '-') {
|
||||||
|
$blacklisted_directives[substr($ns_or_directive, 1)] = true;
|
||||||
|
} else {
|
||||||
|
$allowed_directives[$ns_or_directive] = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// namespace
|
||||||
|
$allowed_ns[$ns_or_directive] = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$ret = array();
|
||||||
|
foreach ($schema->info as $ns => $keypairs) {
|
||||||
|
foreach ($keypairs as $directive => $def) {
|
||||||
|
if ($allowed !== true) {
|
||||||
|
if (isset($blacklisted_directives["$ns.$directive"])) continue;
|
||||||
|
if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
|
||||||
|
}
|
||||||
|
if ($def->class == 'alias') continue;
|
||||||
|
if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
|
||||||
|
$ret[] = array($ns, $directive);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loads configuration values from $_GET/$_POST that were posted
|
* Loads configuration values from $_GET/$_POST that were posted
|
||||||
* via ConfigForm
|
* via ConfigForm
|
||||||
* @param $array $_GET or $_POST array to import
|
* @param $array $_GET or $_POST array to import
|
||||||
* @param $index Index/name that the config variables are in
|
* @param $index Index/name that the config variables are in
|
||||||
|
* @param $allowed List of allowed namespaces/directives
|
||||||
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function loadArrayFromForm($array, $index, $mq_fix = true) {
|
function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||||
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
||||||
$mq = get_magic_quotes_gpc() && $mq_fix;
|
$mq = get_magic_quotes_gpc() && $mq_fix;
|
||||||
foreach ($array as $key => $value) {
|
|
||||||
if (!strncmp($key, 'Null_', 5) && !empty($value)) {
|
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
|
||||||
unset($array[substr($key, 5)]);
|
$ret = array();
|
||||||
unset($array[$key]);
|
foreach ($allowed as $key) {
|
||||||
|
list($ns, $directive) = $key;
|
||||||
|
$skey = "$ns.$directive";
|
||||||
|
if (!empty($array["Null_$skey"])) {
|
||||||
|
$ret[$ns][$directive] = null;
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
if ($mq) $array[$key] = stripslashes($value);
|
if (!isset($array[$skey])) continue;
|
||||||
|
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
|
||||||
|
$ret[$ns][$directive] = $value;
|
||||||
}
|
}
|
||||||
return @HTMLPurifier_Config::create($array);
|
|
||||||
|
$config = HTMLPurifier_Config::create($ret);
|
||||||
|
return $config;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -34,23 +34,33 @@ class HTMLPurifier_Doctype
|
|||||||
*/
|
*/
|
||||||
var $aliases = array();
|
var $aliases = array();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Public DTD identifier
|
||||||
|
*/
|
||||||
|
var $dtdPublic;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* System DTD identifier
|
||||||
|
*/
|
||||||
|
var $dtdSystem;
|
||||||
|
|
||||||
function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
|
function HTMLPurifier_Doctype($name = null, $xml = true, $modules = array(),
|
||||||
$tidyModules = array(), $aliases = array()
|
$tidyModules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||||
) {
|
) {
|
||||||
$this->name = $name;
|
$this->name = $name;
|
||||||
$this->xml = $xml;
|
$this->xml = $xml;
|
||||||
$this->modules = $modules;
|
$this->modules = $modules;
|
||||||
$this->tidyModules = $tidyModules;
|
$this->tidyModules = $tidyModules;
|
||||||
$this->aliases = $aliases;
|
$this->aliases = $aliases;
|
||||||
|
$this->dtdPublic = $dtd_public;
|
||||||
|
$this->dtdSystem = $dtd_system;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Clones the doctype, use before resolving modes and the like
|
* Clones the doctype, use before resolving modes and the like
|
||||||
*/
|
*/
|
||||||
function copy() {
|
function copy() {
|
||||||
return new HTMLPurifier_Doctype(
|
return unserialize(serialize($this));
|
||||||
$this->name, $this->xml, $this->modules, $this->tidyModules, $this->aliases
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -44,14 +44,14 @@ class HTMLPurifier_DoctypeRegistry
|
|||||||
* @return Reference to registered doctype (usable for further editing)
|
* @return Reference to registered doctype (usable for further editing)
|
||||||
*/
|
*/
|
||||||
function ®ister($doctype, $xml = true, $modules = array(),
|
function ®ister($doctype, $xml = true, $modules = array(),
|
||||||
$tidy_modules = array(), $aliases = array()
|
$tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
|
||||||
) {
|
) {
|
||||||
if (!is_array($modules)) $modules = array($modules);
|
if (!is_array($modules)) $modules = array($modules);
|
||||||
if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
|
if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
|
||||||
if (!is_array($aliases)) $aliases = array($aliases);
|
if (!is_array($aliases)) $aliases = array($aliases);
|
||||||
if (!is_object($doctype)) {
|
if (!is_object($doctype)) {
|
||||||
$doctype = new HTMLPurifier_Doctype(
|
$doctype = new HTMLPurifier_Doctype(
|
||||||
$doctype, $xml, $modules, $tidy_modules, $aliases
|
$doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$this->doctypes[$doctype->name] =& $doctype;
|
$this->doctypes[$doctype->name] =& $doctype;
|
||||||
@ -76,7 +76,7 @@ class HTMLPurifier_DoctypeRegistry
|
|||||||
function &get($doctype) {
|
function &get($doctype) {
|
||||||
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
|
if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
|
||||||
if (!isset($this->doctypes[$doctype])) {
|
if (!isset($this->doctypes[$doctype])) {
|
||||||
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist');
|
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
|
||||||
$anon = new HTMLPurifier_Doctype($doctype);
|
$anon = new HTMLPurifier_Doctype($doctype);
|
||||||
return $anon;
|
return $anon;
|
||||||
}
|
}
|
||||||
@ -103,9 +103,9 @@ class HTMLPurifier_DoctypeRegistry
|
|||||||
function getDoctypeFromConfig($config) {
|
function getDoctypeFromConfig($config) {
|
||||||
// recommended test
|
// recommended test
|
||||||
$doctype = $config->get('HTML', 'Doctype');
|
$doctype = $config->get('HTML', 'Doctype');
|
||||||
if ($doctype !== null) {
|
if (!empty($doctype)) return $doctype;
|
||||||
return $doctype;
|
$doctype = $config->get('HTML', 'CustomDoctype');
|
||||||
}
|
if (!empty($doctype)) return $doctype;
|
||||||
// backwards-compatibility
|
// backwards-compatibility
|
||||||
if ($config->get('HTML', 'XHTML')) {
|
if ($config->get('HTML', 'XHTML')) {
|
||||||
$doctype = 'XHTML 1.0';
|
$doctype = 'XHTML 1.0';
|
||||||
|
@ -37,14 +37,27 @@ require_once 'HTMLPurifier/HTMLModule/Tidy/XHTMLStrict.php';
|
|||||||
require_once 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
|
require_once 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
|
||||||
|
|
||||||
HTMLPurifier_ConfigSchema::define(
|
HTMLPurifier_ConfigSchema::define(
|
||||||
'HTML', 'Doctype', null, 'string/null',
|
'HTML', 'Doctype', '', 'string',
|
||||||
'Doctype to use, pre-defined values are HTML 4.01 Transitional, HTML 4.01 '.
|
'Doctype to use during filtering. '.
|
||||||
'Strict, XHTML 1.0 Transitional, XHTML 1.0 Strict, XHTML 1.1. '.
|
|
||||||
'Technically speaking this is not actually a doctype (as it does '.
|
'Technically speaking this is not actually a doctype (as it does '.
|
||||||
'not identify a corresponding DTD), but we are using this name '.
|
'not identify a corresponding DTD), but we are using this name '.
|
||||||
'for sake of simplicity. This will override any older directives '.
|
'for sake of simplicity. When non-blank, this will override any older directives '.
|
||||||
'like %HTML.XHTML or %HTML.Strict.'
|
'like %HTML.XHTML or %HTML.Strict.'
|
||||||
);
|
);
|
||||||
|
HTMLPurifier_ConfigSchema::defineAllowedValues('HTML', 'Doctype', array(
|
||||||
|
'', 'HTML 4.01 Transitional', 'HTML 4.01 Strict',
|
||||||
|
'XHTML 1.0 Transitional', 'XHTML 1.0 Strict',
|
||||||
|
'XHTML 1.1'
|
||||||
|
));
|
||||||
|
|
||||||
|
HTMLPurifier_ConfigSchema::define(
|
||||||
|
'HTML', 'CustomDoctype', null, 'string/null',
|
||||||
|
'
|
||||||
|
A custom doctype for power-users who defined there own document
|
||||||
|
type. This directive only applies when %HTML.Doctype is blank.
|
||||||
|
This directive has been available since 2.0.1.
|
||||||
|
'
|
||||||
|
);
|
||||||
|
|
||||||
HTMLPurifier_ConfigSchema::define(
|
HTMLPurifier_ConfigSchema::define(
|
||||||
'HTML', 'Trusted', false, 'bool',
|
'HTML', 'Trusted', false, 'bool',
|
||||||
@ -167,31 +180,46 @@ class HTMLPurifier_HTMLModuleManager
|
|||||||
$this->doctypes->register(
|
$this->doctypes->register(
|
||||||
'HTML 4.01 Transitional', false,
|
'HTML 4.01 Transitional', false,
|
||||||
array_merge($common, $transitional, $non_xml),
|
array_merge($common, $transitional, $non_xml),
|
||||||
array('Tidy_Transitional', 'Tidy_Proprietary')
|
array('Tidy_Transitional', 'Tidy_Proprietary'),
|
||||||
|
array(),
|
||||||
|
'-//W3C//DTD HTML 4.01 Transitional//EN',
|
||||||
|
'http://www.w3.org/TR/html4/loose.dtd'
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->doctypes->register(
|
$this->doctypes->register(
|
||||||
'HTML 4.01 Strict', false,
|
'HTML 4.01 Strict', false,
|
||||||
array_merge($common, $non_xml),
|
array_merge($common, $non_xml),
|
||||||
array('Tidy_Strict', 'Tidy_Proprietary')
|
array('Tidy_Strict', 'Tidy_Proprietary'),
|
||||||
|
array(),
|
||||||
|
'-//W3C//DTD HTML 4.01//EN',
|
||||||
|
'http://www.w3.org/TR/html4/strict.dtd'
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->doctypes->register(
|
$this->doctypes->register(
|
||||||
'XHTML 1.0 Transitional', true,
|
'XHTML 1.0 Transitional', true,
|
||||||
array_merge($common, $transitional, $xml, $non_xml),
|
array_merge($common, $transitional, $xml, $non_xml),
|
||||||
array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary')
|
array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary'),
|
||||||
|
array(),
|
||||||
|
'-//W3C//DTD XHTML 1.0 Transitional//EN',
|
||||||
|
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->doctypes->register(
|
$this->doctypes->register(
|
||||||
'XHTML 1.0 Strict', true,
|
'XHTML 1.0 Strict', true,
|
||||||
array_merge($common, $xml, $non_xml),
|
array_merge($common, $xml, $non_xml),
|
||||||
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_XHTMLStrict', 'Tidy_Proprietary')
|
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_XHTMLStrict', 'Tidy_Proprietary'),
|
||||||
|
array(),
|
||||||
|
'-//W3C//DTD XHTML 1.0 Strict//EN',
|
||||||
|
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->doctypes->register(
|
$this->doctypes->register(
|
||||||
'XHTML 1.1', true,
|
'XHTML 1.1', true,
|
||||||
array_merge($common, $xml),
|
array_merge($common, $xml),
|
||||||
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary') // Tidy_XHTML1_1
|
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary'), // Tidy_XHTML1_1
|
||||||
|
array(),
|
||||||
|
'-//W3C//DTD XHTML 1.1//EN',
|
||||||
|
'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,16 @@ class HTMLPurifier_Printer
|
|||||||
$this->generator = new HTMLPurifier_Generator();
|
$this->generator = new HTMLPurifier_Generator();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Give generator necessary configuration if possible
|
||||||
|
*/
|
||||||
|
function prepareGenerator($config) {
|
||||||
|
// hack for smoketests/configForm.php
|
||||||
|
if (empty($config->conf['HTML'])) return;
|
||||||
|
$context = new HTMLPurifier_Context();
|
||||||
|
$this->generator->generateFromTokens(array(), $config, $context);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Main function that renders object or aspect of that object
|
* Main function that renders object or aspect of that object
|
||||||
* @note Parameters vary depending on printer
|
* @note Parameters vary depending on printer
|
||||||
|
@ -38,18 +38,19 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
|
|||||||
/**
|
/**
|
||||||
* Returns HTML output for a configuration form
|
* Returns HTML output for a configuration form
|
||||||
* @param $config Configuration object of current form state
|
* @param $config Configuration object of current form state
|
||||||
* @param $ns Optional namespace(s) to restrict form to
|
* @param $allowed Optional namespace(s) and directives to restrict form to.
|
||||||
*/
|
*/
|
||||||
function render($config, $ns = true) {
|
function render($config, $allowed = true, $render_controls = true) {
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
if ($ns === true) {
|
$this->prepareGenerator($config);
|
||||||
$all = $config->getAll();
|
|
||||||
} else {
|
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
|
||||||
if (is_string($ns)) $ns = array($ns);
|
$all = array();
|
||||||
foreach ($ns as $n) {
|
foreach ($allowed as $key) {
|
||||||
$all = array($n => $config->getBatch($n));
|
list($ns, $directive) = $key;
|
||||||
}
|
$all[$ns][$directive] = $config->get($ns, $directive);
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret = '';
|
$ret = '';
|
||||||
$ret .= $this->start('table', array('class' => 'hp-config'));
|
$ret .= $this->start('table', array('class' => 'hp-config'));
|
||||||
$ret .= $this->start('thead');
|
$ret .= $this->start('thead');
|
||||||
@ -61,13 +62,16 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
|
|||||||
foreach ($all as $ns => $directives) {
|
foreach ($all as $ns => $directives) {
|
||||||
$ret .= $this->renderNamespace($ns, $directives);
|
$ret .= $this->renderNamespace($ns, $directives);
|
||||||
}
|
}
|
||||||
$ret .= $this->start('tfoot');
|
if ($render_controls) {
|
||||||
$ret .= $this->start('tr');
|
$ret .= $this->start('tfoot');
|
||||||
$ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
|
$ret .= $this->start('tr');
|
||||||
$ret .= '<input type="submit" value="Submit" /> [<a href="?">Reset</a>]';
|
$ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
|
||||||
$ret .= $this->end('td');
|
$ret .= $this->elementEmpty('input', array('type' => 'Submit', 'value' => 'Submit'));
|
||||||
$ret .= $this->end('tr');
|
$ret .= '[<a href="?">Reset</a>]';
|
||||||
$ret .= $this->end('tfoot');
|
$ret .= $this->end('td');
|
||||||
|
$ret .= $this->end('tr');
|
||||||
|
$ret .= $this->end('tfoot');
|
||||||
|
}
|
||||||
$ret .= $this->end('table');
|
$ret .= $this->end('table');
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
@ -93,11 +97,20 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
|
|||||||
$url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
|
$url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
|
||||||
$ret .= $this->start('a', array('href' => $url));
|
$ret .= $this->start('a', array('href' => $url));
|
||||||
}
|
}
|
||||||
|
$attr = array('for' => "{$this->name}:$ns.$directive");
|
||||||
|
// crop directive name if it's too long
|
||||||
|
if (strlen($directive) < 14) {
|
||||||
|
$directive_disp = $directive;
|
||||||
|
} else {
|
||||||
|
$directive_disp = substr($directive, 0, 12) . '...';
|
||||||
|
$attr['title'] = $directive;
|
||||||
|
}
|
||||||
|
|
||||||
$ret .= $this->element(
|
$ret .= $this->element(
|
||||||
'label',
|
'label',
|
||||||
"%$ns.$directive",
|
$directive_disp,
|
||||||
// component printers must create an element with this id
|
// component printers must create an element with this id
|
||||||
array('for' => "{$this->name}:$ns.$directive")
|
$attr
|
||||||
);
|
);
|
||||||
if ($this->docURL) $ret .= $this->end('a');
|
if ($this->docURL) $ret .= $this->end('a');
|
||||||
$ret .= $this->end('th');
|
$ret .= $this->end('th');
|
||||||
@ -136,6 +149,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
|
|||||||
$this->obj = $obj;
|
$this->obj = $obj;
|
||||||
}
|
}
|
||||||
function render($ns, $directive, $value, $name, $config) {
|
function render($ns, $directive, $value, $name, $config) {
|
||||||
|
$this->prepareGenerator($config);
|
||||||
$ret = '';
|
$ret = '';
|
||||||
$ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
|
$ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
|
||||||
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
|
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
|
||||||
@ -145,7 +159,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
|
|||||||
'type' => 'checkbox',
|
'type' => 'checkbox',
|
||||||
'value' => '1',
|
'value' => '1',
|
||||||
'class' => 'null-toggle',
|
'class' => 'null-toggle',
|
||||||
'name' => "$name:Null_$ns.$directive",
|
'name' => "$name"."[Null_$ns.$directive]",
|
||||||
'id' => "$name:Null_$ns.$directive",
|
'id' => "$name:Null_$ns.$directive",
|
||||||
'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
|
'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
|
||||||
);
|
);
|
||||||
@ -163,6 +177,7 @@ class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
|
|||||||
*/
|
*/
|
||||||
class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
|
class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
|
||||||
function render($ns, $directive, $value, $name, $config) {
|
function render($ns, $directive, $value, $name, $config) {
|
||||||
|
$this->prepareGenerator($config);
|
||||||
// this should probably be split up a little
|
// this should probably be split up a little
|
||||||
$ret = '';
|
$ret = '';
|
||||||
$def = $config->def->info[$ns][$directive];
|
$def = $config->def->info[$ns][$directive];
|
||||||
@ -193,7 +208,6 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
|
|||||||
$value = serialize($value);
|
$value = serialize($value);
|
||||||
}
|
}
|
||||||
$attr = array(
|
$attr = array(
|
||||||
'type' => 'text',
|
|
||||||
'name' => "$name"."[$ns.$directive]",
|
'name' => "$name"."[$ns.$directive]",
|
||||||
'id' => "$name:$ns.$directive"
|
'id' => "$name:$ns.$directive"
|
||||||
);
|
);
|
||||||
@ -208,6 +222,7 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
|
|||||||
$ret .= $this->end('select');
|
$ret .= $this->end('select');
|
||||||
} else {
|
} else {
|
||||||
$attr['value'] = $value;
|
$attr['value'] = $value;
|
||||||
|
$attr['type'] = 'text';
|
||||||
$ret .= $this->elementEmpty('input', $attr);
|
$ret .= $this->elementEmpty('input', $attr);
|
||||||
}
|
}
|
||||||
return $ret;
|
return $ret;
|
||||||
@ -219,8 +234,8 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
|
|||||||
*/
|
*/
|
||||||
class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer {
|
class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer {
|
||||||
function render($ns, $directive, $value, $name, $config) {
|
function render($ns, $directive, $value, $name, $config) {
|
||||||
|
$this->prepareGenerator($config);
|
||||||
$ret = '';
|
$ret = '';
|
||||||
|
|
||||||
$ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
|
$ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
|
||||||
|
|
||||||
$ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
|
$ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
|
||||||
|
@ -6,7 +6,7 @@ require_once 'HTMLPurifier/Printer/HTMLDefinition.php';
|
|||||||
require_once 'HTMLPurifier/Printer/CSSDefinition.php';
|
require_once 'HTMLPurifier/Printer/CSSDefinition.php';
|
||||||
require_once 'HTMLPurifier/Printer/ConfigForm.php';
|
require_once 'HTMLPurifier/Printer/ConfigForm.php';
|
||||||
|
|
||||||
$config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config');
|
$config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config', 'HTML');
|
||||||
|
|
||||||
// you can do custom configuration!
|
// you can do custom configuration!
|
||||||
if (file_exists('printDefinition.settings.php')) {
|
if (file_exists('printDefinition.settings.php')) {
|
||||||
@ -22,6 +22,7 @@ $printer_config_form = new HTMLPurifier_Printer_ConfigForm(
|
|||||||
);
|
);
|
||||||
|
|
||||||
echo '<?xml version="1.0" encoding="UTF-8" ?>';
|
echo '<?xml version="1.0" encoding="UTF-8" ?>';
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||||
|
@ -5,40 +5,36 @@ $custom_schema = new HTMLPurifier_ConfigSchema();
|
|||||||
$old = HTMLPurifier_ConfigSchema::instance();
|
$old = HTMLPurifier_ConfigSchema::instance();
|
||||||
$custom_schema =& HTMLPurifier_ConfigSchema::instance($custom_schema);
|
$custom_schema =& HTMLPurifier_ConfigSchema::instance($custom_schema);
|
||||||
|
|
||||||
if (!class_exists('CS')) {
|
HTMLPurifier_ConfigSchema::defineNamespace('Element', 'Chemical substances that cannot be further decomposed');
|
||||||
class CS extends HTMLPurifier_ConfigSchema {}
|
|
||||||
}
|
|
||||||
|
|
||||||
CS::defineNamespace('Element', 'Chemical substances that cannot be further decomposed');
|
HTMLPurifier_ConfigSchema::define('Element', 'Abbr', 'H', 'string', 'Abbreviation of element name.');
|
||||||
|
HTMLPurifier_ConfigSchema::define('Element', 'Name', 'hydrogen', 'istring', 'Full name of atoms.');
|
||||||
CS::define('Element', 'Abbr', 'H', 'string', 'Abbreviation of element name.');
|
HTMLPurifier_ConfigSchema::define('Element', 'Number', 1, 'int', 'Atomic number, is identity.');
|
||||||
CS::define('Element', 'Name', 'hydrogen', 'istring', 'Full name of atoms.');
|
HTMLPurifier_ConfigSchema::define('Element', 'Mass', 1.00794, 'float', 'Atomic mass.');
|
||||||
CS::define('Element', 'Number', 1, 'int', 'Atomic number, is identity.');
|
HTMLPurifier_ConfigSchema::define('Element', 'Radioactive', false, 'bool', 'Does it have rapid decay?');
|
||||||
CS::define('Element', 'Mass', 1.00794, 'float', 'Atomic mass.');
|
HTMLPurifier_ConfigSchema::define('Element', 'Isotopes', array('1' => true, '2' => true, '3' => true), 'lookup',
|
||||||
CS::define('Element', 'Radioactive', false, 'bool', 'Does it have rapid decay?');
|
|
||||||
CS::define('Element', 'Isotopes', array('1' => true, '2' => true, '3' => true), 'lookup',
|
|
||||||
'What numbers of neutrons for this element have been observed?');
|
'What numbers of neutrons for this element have been observed?');
|
||||||
CS::define('Element', 'Traits', array('nonmetallic', 'odorless', 'flammable'), 'list',
|
HTMLPurifier_ConfigSchema::define('Element', 'Traits', array('nonmetallic', 'odorless', 'flammable'), 'list',
|
||||||
'What are general properties of the element?');
|
'What are general properties of the element?');
|
||||||
CS::define('Element', 'IsotopeNames', array('1' => 'protium', '2' => 'deuterium', '3' => 'tritium'), 'hash',
|
HTMLPurifier_ConfigSchema::define('Element', 'IsotopeNames', array('1' => 'protium', '2' => 'deuterium', '3' => 'tritium'), 'hash',
|
||||||
'Lookup hash of neutron counts to formal names.');
|
'Lookup hash of neutron counts to formal names.');
|
||||||
|
|
||||||
CS::defineNamespace('Instrument', 'Of the musical type.');
|
HTMLPurifier_ConfigSchema::defineNamespace('Instrument', 'Of the musical type.');
|
||||||
|
|
||||||
CS::define('Instrument', 'Manufacturer', 'Yamaha', 'string', 'Who made it?');
|
HTMLPurifier_ConfigSchema::define('Instrument', 'Manufacturer', 'Yamaha', 'string', 'Who made it?');
|
||||||
CS::defineAllowedValues('Instrument', 'Manufacturer', array(
|
HTMLPurifier_ConfigSchema::defineAllowedValues('Instrument', 'Manufacturer', array(
|
||||||
'Yamaha', 'Conn-Selmer', 'Vandoren', 'Laubin', 'Buffet', 'other'));
|
'Yamaha', 'Conn-Selmer', 'Vandoren', 'Laubin', 'Buffet', 'other'));
|
||||||
CS::defineValueAliases('Instrument', 'Manufacturer', array(
|
HTMLPurifier_ConfigSchema::defineValueAliases('Instrument', 'Manufacturer', array(
|
||||||
'Selmer' => 'Conn-Selmer'));
|
'Selmer' => 'Conn-Selmer'));
|
||||||
|
|
||||||
CS::define('Instrument', 'Family', 'woodwind', 'istring', 'What family is it?');
|
HTMLPurifier_ConfigSchema::define('Instrument', 'Family', 'woodwind', 'istring', 'What family is it?');
|
||||||
CS::defineAllowedValues('Instrument', 'Family', array(
|
HTMLPurifier_ConfigSchema::defineAllowedValues('Instrument', 'Family', array(
|
||||||
'brass', 'woodwind', 'percussion', 'string', 'keyboard', 'electronic'));
|
'brass', 'woodwind', 'percussion', 'string', 'keyboard', 'electronic'));
|
||||||
CS::defineValueAliases('Instrument', 'Family', array(
|
HTMLPurifier_ConfigSchema::defineValueAliases('Instrument', 'Family', array(
|
||||||
'synth' => 'electronic'));
|
'synth' => 'electronic'));
|
||||||
|
|
||||||
CS::defineNamespace('ReportCard', 'It is for grades.');
|
HTMLPurifier_ConfigSchema::defineNamespace('ReportCard', 'It is for grades.');
|
||||||
CS::define('ReportCard', 'English', null, 'string/null', 'Grade from English class.');
|
HTMLPurifier_ConfigSchema::define('ReportCard', 'English', null, 'string/null', 'Grade from English class.');
|
||||||
CS::define('ReportCard', 'Absences', 0, 'int', 'How many times missing from school?');
|
HTMLPurifier_ConfigSchema::define('ReportCard', 'Absences', 0, 'int', 'How many times missing from school?');
|
||||||
|
|
||||||
?>
|
?>
|
@ -376,6 +376,84 @@ class HTMLPurifier_ConfigTest extends UnitTestCase
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_loadArrayFromForm() {
|
||||||
|
|
||||||
|
CS::defineNamespace('Pancake', 'This should not be user customizable');
|
||||||
|
CS::define('Pancake', 'Mix', 'buttermilk', 'string', 'Type of pancake mix to use.');
|
||||||
|
CS::define('Pancake', 'Served', true, 'bool', 'But this is customizable by user.');
|
||||||
|
CS::defineNamespace('Toppings', 'This is user customizable');
|
||||||
|
CS::define('Toppings', 'Syrup', true, 'bool', 'Absolutely standard!');
|
||||||
|
CS::define('Toppings', 'Flavor', 'maple', 'string', 'What flavor is the syrup?');
|
||||||
|
CS::define('Toppings', 'Strawberries', 3, 'int', 'Quite delightful fruit.');
|
||||||
|
CS::define('Toppings', 'Calories', 2000, 'int/null', 'Some things are best left unknown.');
|
||||||
|
CS::define('Toppings', 'DefinitionID', null, 'string/null', 'Do not let this be set');
|
||||||
|
CS::define('Toppings', 'DefinitionRev', 1, 'int', 'Do not let this be set');
|
||||||
|
CS::define('Toppings', 'Protected', 1, 'int', 'Do not let this be set');
|
||||||
|
|
||||||
|
$get = array(
|
||||||
|
'breakfast' => array(
|
||||||
|
'Pancake.Mix' => 'nasty',
|
||||||
|
'Pancake.Served' => '0',
|
||||||
|
'Toppings.Syrup' => '0',
|
||||||
|
'Toppings.Flavor' => "Bug\\'s juice",
|
||||||
|
'Toppings.Strawberries' => '999',
|
||||||
|
'Toppings.Calories' => '',
|
||||||
|
'Null_Toppings.Calories' => '1',
|
||||||
|
'Toppings.DefinitionID' => '<argh>',
|
||||||
|
'Toppings.DefinitionRev' => '65',
|
||||||
|
'Toppings.Protected' => '4',
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
$config_expect = HTMLPurifier_Config::create(array(
|
||||||
|
'Pancake.Served' => false,
|
||||||
|
'Toppings.Syrup' => false,
|
||||||
|
'Toppings.Flavor' => "Bug's juice",
|
||||||
|
'Toppings.Strawberries' => 999,
|
||||||
|
'Toppings.Calories' => null
|
||||||
|
));
|
||||||
|
|
||||||
|
$config_result = HTMLPurifier_Config::loadArrayFromForm($get, 'breakfast', array('Pancake.Served', 'Toppings', '-Toppings.Protected'), true);
|
||||||
|
|
||||||
|
$this->assertEqual($config_expect, $config_result);
|
||||||
|
|
||||||
|
|
||||||
|
$get = array(
|
||||||
|
'breakfast' => array(
|
||||||
|
'Pancake.Mix' => 'n\\asty'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
$config_expect = HTMLPurifier_Config::create(array(
|
||||||
|
'Pancake.Mix' => 'n\\asty'
|
||||||
|
));
|
||||||
|
$config_result = HTMLPurifier_Config::loadArrayFromForm($get, 'breakfast', true, false);
|
||||||
|
$this->assertEqual($config_expect, $config_result);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function test_getAllowedDirectivesForForm() {
|
||||||
|
CS::defineNamespace('Unused', 'Not mentioned, so deny');
|
||||||
|
CS::define('Unused', 'Unused', 'Foobar', 'string', 'Not mentioned, do not allow');
|
||||||
|
CS::defineNamespace('Partial', 'Some are mentioned, allow only those');
|
||||||
|
CS::define('Partial', 'Allowed', true, 'bool', 'Mentioned, allowed');
|
||||||
|
CS::define('Partial', 'Unused', 'Foobar', 'string', 'Not mentioned, do not allow');
|
||||||
|
CS::defineNamespace('All', 'Entire namespace allowed, allow all unless...');
|
||||||
|
CS::define('All', 'Allowed', true, 'bool', 'Not mentioned, allowed');
|
||||||
|
CS::define('All', 'Blacklisted', 'Foobar', 'string', 'Specifically blacklisted');
|
||||||
|
CS::define('All', 'DefinitionID', 'Foobar', 'string/null', 'Special case, auto-blacklisted');
|
||||||
|
CS::define('All', 'DefinitionRev', 2, 'int', 'Special case, auto-blacklisted');
|
||||||
|
|
||||||
|
$input = array('Partial.Allowed', 'All', '-All.Blacklisted');
|
||||||
|
$output = HTMLPurifier_Config::getAllowedDirectivesForForm($input);
|
||||||
|
$expect = array(
|
||||||
|
array('Partial', 'Allowed'),
|
||||||
|
array('All', 'Allowed')
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertEqual($output, $expect);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
@ -38,7 +38,7 @@ class HTMLPurifier_HTMLModuleManagerTest extends UnitTestCase
|
|||||||
|
|
||||||
$config = HTMLPurifier_Config::createDefault();
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
$config->set('HTML', 'Trusted', false);
|
$config->set('HTML', 'Trusted', false);
|
||||||
$config->set('HTML', 'Doctype', 'Blank');
|
$config->set('HTML', 'CustomDoctype', 'Blank');
|
||||||
|
|
||||||
$manager->setup($config);
|
$manager->setup($config);
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ class HTMLPurifier_HTMLModuleManagerTest extends UnitTestCase
|
|||||||
$manager->registerModule($magic_module);
|
$manager->registerModule($magic_module);
|
||||||
|
|
||||||
$config = HTMLPurifier_Config::create(array(
|
$config = HTMLPurifier_Config::create(array(
|
||||||
'HTML.Doctype' => 'Fantasy Inventory 1.0',
|
'HTML.CustomDoctype' => 'Fantasy Inventory 1.0',
|
||||||
'HTML.AllowedModules' => 'Weapons'
|
'HTML.AllowedModules' => 'Weapons'
|
||||||
));
|
));
|
||||||
$manager->setup($config);
|
$manager->setup($config);
|
||||||
|
Loading…
Reference in New Issue
Block a user