[2.1.0] Allow i18n font names

- Minor typos fixed; we're release ready! git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1350 48356398-32a2-884e-a903-53898d9a118a
2024-12-22 08:21:52 +00:00 · 2007-08-03 02:48:52 +00:00 · 2007-08-03 02:48:52 +00:00 · a40e16dd2e
commit a40e16dd2e
parent ee388e86c0
6 changed files with 21 additions and 17 deletions
--- a/1
+++ b/1
@ -25,6 +25,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Ruby implemented for XHTML 1.1
 ! You can now define custom URI filtering behavior, see enduser-uri-filter.html
  for more details
+! UTF-8 font names now supported in CSS
 - AutoFormatters emit friendly error messages if tags or attributes they
  need are not allowed
 - ConfigForm's compactification of directive names is now configurable
--- a/8
+++ b/8
@ -11,12 +11,6 @@ If no interest is expressed for a feature that may required a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!

-2.1 release [Refactor, refactor!]
- - Configuration profiles: predefined directives set with one func call
- - Allow non-ASCII characters in font names
- - Explain how to use HTML Purifier in non-PHP languages / create
-   a simple command line stub
-
 2.2 release [Error'ed]
 # Error logging for filtering/cleanup procedures
 - XSS-attempt detection
@ -80,6 +74,8 @@ Unknown release (on a scratch-an-itch basis)
 - Reorganize configuration directives (Create more namespaces! Get messy!)
 - Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
 - Implement lenient <ruby> child validation
+ - Explain how to use HTML Purifier in non-PHP languages / create
+   a simple command line stub (or complicated?)

 Requested

--- a/docs/enduser-security.txt
+++ b/docs/enduser-security.txt
@ -10,9 +10,7 @@ to be effective. Things to remember:

 2. IDs: see enduser-id.html for more info

-3. Links: document pending feature completion
-Rudimentary blacklisting, we should also allow only relative URIs. We
-need a doc to explain the stuff.
+3. URIs: see enduser-uri-filter.html

 4. CSS: document pending
 Explain which CSS styles we blocked and why.
--- a/docs/proposal-filter-levels.txt
+++ b/docs/proposal-filter-levels.txt
@ -32,7 +32,7 @@ Here are some fuzzy levels you could set:

 One final note: when you start axing tags that are more commonly used, you
 run the risk of accidentally destroying user data, especially if the data
-is incoming from a WYSIWYG eidtor that hasn't been synced accordingly. This may
+is incoming from a WYSIWYG editor that hasn't been synced accordingly. This may
 make forbidden element to text transformations desirable (for example, images).


--- a/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
+++ b/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
@ -38,19 +38,24 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
                $quote = $font[0];
                if ($font[$length - 1] !== $quote) continue;
                $font = substr($font, 1, $length - 2);
+                // double-backslash processing is buggy
+                $font = str_replace("\\$quote", $quote, $font); // de-escape quote
+                $font = str_replace("\\\n", "\n", $font);       // de-escape newlines
            }
-            // process font
+            // $font is a pure representation of the font name
+            
            if (ctype_alnum($font)) {
                // very simple font, allow it in unharmed
                $final .= $font . ', ';
                continue;
            }
-            $nospace = str_replace(array(' ', '.', '!'), '', $font);
-            if (ctype_alnum($nospace)) {
-                // font with spaces in it
-                $final .= "'$font', ";
-                continue;
-            }
+            
+            // complicated font, requires quoting
+            
+            // armor single quotes and new lines
+            $font = str_replace("'", "\\'", $font);
+            $font = str_replace("\n", "\\\n", $font);
+            $final .= "'$font', ";
        }
        $final = rtrim($final, ', ');
        if ($final === '') return false;
--- a/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php
@ -16,6 +16,10 @@ class HTMLPurifier_AttrDef_CSS_FontFamilyTest extends HTMLPurifier_AttrDefHarnes
        $this->assertDef('01234');
        $this->assertDef(',', false);
        $this->assertDef('Times New Roman, serif', '\'Times New Roman\', serif');
+        $this->assertDef($d = "'John\\'s Font'");
+        $this->assertDef("John's Font", $d);
+        $this->assertDef($d = "'\xE5\xAE\x8B\xE4\xBD\x93'");
+        $this->assertDef("\xE5\xAE\x8B\xE4\xBD\x93", $d);
        
    }