mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-10 07:38:41 +00:00
Code Releases Activity

Fix bug: number spans should not allow zero as a value. This required augmenting HTMLPurifier/AttrDef/Integer.php to have a richer negative/zero/positive specification interface that can be extrapolated to Number and friends.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@318 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-25 02:48:49 +00:00
parent fb0003a608
commit dcec92e7b3
4 changed files with 72 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
library/HTMLPurifier/AttrDef/Integer.php
View File

@ -13,15 +13,31 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
{ {
/** /**
* Bool indicating whether or not integers can only be positive. * Bool indicating whether or not negative values are allowed
*/ */
var $non_negative = false; var $negative = true;
/** /**
* @param $non_negative bool indicating whether or not only positive * Bool indicating whether or not zero is allowed
*/ */
function HTMLPurifier_AttrDef_Integer($non_negative = false) { var $zero = true;
$this->non_negative = $non_negative;
/**
* Bool indicating whether or not positive values are allowed
*/
var $positive = true;
/**
* @param $negative Bool indicating whether or not negative values are allowed
* @param $zero Bool indicating whether or not zero is allowed
* @param $positive Bool indicating whether or not positive values are allowed
*/
function HTMLPurifier_AttrDef_Integer(
$negative = true, $zero = true, $positive = true
) {
$this->negative = $negative;
$this->zero = $zero;
$this->positive = $positive;
} }
function validate($integer, $config, &$context) { function validate($integer, $config, &$context) {
@ -29,15 +45,27 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
$integer = $this->parseCDATA($integer); $integer = $this->parseCDATA($integer);
if ($integer === '') return false; if ($integer === '') return false;
if ( !$this->non_negative && $integer[0] === '-' ) { // we could possibly simply typecast it to integer, but there are
// certain fringe cases that must not return an integer.
// clip leading sign
if ( $this->negative && $integer[0] === '-' ) {
$digits = substr($integer, 1); $digits = substr($integer, 1);
} elseif( $integer[0] === '+' ) { if ($digits === '0') $integer = '0'; // rm minus sign for zero
$digits = $integer = substr($integer, 1); } elseif( $this->positive && $integer[0] === '+' ) {
$digits = $integer = substr($integer, 1); // rm unnecessary plus
} else { } else {
$digits = $integer; $digits = $integer;
} }
// test if it's numeric
if (!ctype_digit($digits)) return false; if (!ctype_digit($digits)) return false;
// perform scope tests
if (!$this->zero && $integer == 0) return false;
if (!$this->positive && $integer > 0) return false;
if (!$this->negative && $integer < 0) return false;
return $integer; return $integer;
} }

2
library/HTMLPurifier/HTMLDefinition.php
View File

@ -331,7 +331,7 @@ class HTMLPurifier_HTMLDefinition
$this->info['col']->attr['width'] = $this->info['col']->attr['width'] =
$this->info['colgroup']->attr['width'] = $e_MultiLength; $this->info['colgroup']->attr['width'] = $e_MultiLength;
$e__NumberSpan = new HTMLPurifier_AttrDef_Integer(true); $e__NumberSpan = new HTMLPurifier_AttrDef_Integer(false, false, true);
$this->info['colgroup']->attr['span'] = $this->info['colgroup']->attr['span'] =
$this->info['col']->attr['span'] = $this->info['col']->attr['span'] =
$this->info['td']->attr['rowspan'] = $this->info['td']->attr['rowspan'] =

37
tests/HTMLPurifier/AttrDef/IntegerTest.php
View File

@ -16,20 +16,45 @@ class HTMLPurifier_AttrDef_IntegerTest extends HTMLPurifier_AttrDefHarness
$this->assertDef('14'); $this->assertDef('14');
$this->assertDef('+24', '24'); $this->assertDef('+24', '24');
$this->assertDef(' 14 ', '14'); $this->assertDef(' 14 ', '14');
$this->assertDef('-0', '0');
$this->assertDef('-1.4', false); $this->assertDef('-1.4', false);
$this->assertDef('3.4', false); $this->assertDef('3.4', false);
$this->assertDef('asdf', false); $this->assertDef('asdf', false); // must not return zero
$this->assertDef('2in', false); // must not return zero
} }
function testNonNegative() { function assertRange($negative, $zero, $positive) {
$this->assertDef('-100', $negative);
$this->assertDef('-1', $negative);
$this->assertDef('0', $zero);
$this->assertDef('1', $positive);
$this->assertDef('42', $positive);
}
$this->def = new HTMLPurifier_AttrDef_Integer(true); function testRange() {
$this->assertDef('0'); $this->def = new HTMLPurifier_AttrDef_Integer(false);
$this->assertDef('1'); $this->assertRange(false, true, true); // non-negative
$this->assertDef('-1', false);
$this->def = new HTMLPurifier_AttrDef_Integer(false, false);
$this->assertRange(false, false, true); // positive
// fringe cases
$this->def = new HTMLPurifier_AttrDef_Integer(false, false, false);
$this->assertRange(false, false, false); // allow none
$this->def = new HTMLPurifier_AttrDef_Integer(true, false, false);
$this->assertRange(true, false, false); // negative
$this->def = new HTMLPurifier_AttrDef_Integer(false, true, false);
$this->assertRange(false, true, false); // zero
$this->def = new HTMLPurifier_AttrDef_Integer(true, true, false);
$this->assertRange(true, true, false); // non-positive
} }

4
tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
View File

@ -120,6 +120,10 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
$inputs[21] = '<span dir="blahblah">Invalid value!</span>'; $inputs[21] = '<span dir="blahblah">Invalid value!</span>';
$expect[21] = '<span>Invalid value!</span>'; $expect[21] = '<span>Invalid value!</span>';
// test col.span is non-zero
$inputs[22] = '<col span="0" />';
$expect[22] = '<col />';
$this->assertStrategyWorks($strategy, $inputs, $expect, $config); $this->assertStrategyWorks($strategy, $inputs, $expect, $config);
} }