mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-19 10:45:18 +00:00
Code Releases Activity

PSR-2 reformatting PHPDoc corrections

Browse Source 
With minor corrections.

Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Marcus Bointon 2013-07-16 13:56:14 +02:00 committed by Edward Z. Yang
parent 19eee14899
commit fac747bdbd
433 changed files with 13302 additions and 6690 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
benchmarks/Lexer.php
View File

@ -23,15 +23,16 @@ if (version_compare(PHP_VERSION, '5', '>=')) {
class RowTimer extends Benchmark_Timer class RowTimer extends Benchmark_Timer
{ {
var $name; public $name;
function RowTimer($name, $auto = false) { public function RowTimer($name, $auto = false)
{
$this->name = htmlentities($name); $this->name = htmlentities($name);
$this->Benchmark_Timer($auto); $this->Benchmark_Timer($auto);
} }
function getOutput() { public function getOutput()
{
$total = $this->TimeElapsed(); $total = $this->TimeElapsed();
$result = $this->getProfiling(); $result = $this->getProfiling();
$dashes = ''; $dashes = '';
@ -68,7 +69,8 @@ class RowTimer extends Benchmark_Timer
} }
} }
function print_lexers() { function print_lexers()
{
global $LEXERS; global $LEXERS;
$first = true; $first = true;
foreach ($LEXERS as $key => $value) { foreach ($LEXERS as $key => $value) {
@ -78,7 +80,8 @@ function print_lexers() {
} }
} }
function do_benchmark($name, $document) { function do_benchmark($name, $document)
{
global $LEXERS, $RUNS; global $LEXERS, $RUNS;
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();

15
extras/ConfigDoc/HTMLXSLTProcessor.php
View File

@ -11,7 +11,8 @@ class ConfigDoc_HTMLXSLTProcessor
*/ */
protected $xsltProcessor; protected $xsltProcessor;
public function __construct($proc = false) { public function __construct($proc = false)
{
if ($proc === false) $proc = new XSLTProcessor(); if ($proc === false) $proc = new XSLTProcessor();
$this->xsltProcessor = $proc; $this->xsltProcessor = $proc;
} }
@ -19,7 +20,8 @@ class ConfigDoc_HTMLXSLTProcessor
/** /**
* @note Allows a string $xsl filename to be passed * @note Allows a string $xsl filename to be passed
*/ */
public function importStylesheet($xsl) { public function importStylesheet($xsl)
{
if (is_string($xsl)) { if (is_string($xsl)) {
$xsl_file = $xsl; $xsl_file = $xsl;
$xsl = new DOMDocument(); $xsl = new DOMDocument();
@ -34,7 +36,8 @@ class ConfigDoc_HTMLXSLTProcessor
* @return string HTML output * @return string HTML output
* @todo Rename to transformToXHTML, as transformToHTML is misleading * @todo Rename to transformToXHTML, as transformToHTML is misleading
*/ */
public function transformToHTML($xml) { public function transformToHTML($xml)
{
if (is_string($xml)) { if (is_string($xml)) {
$dom = new DOMDocument(); $dom = new DOMDocument();
$dom->load($xml); $dom->load($xml);
@ -68,7 +71,8 @@ class ConfigDoc_HTMLXSLTProcessor
* Bulk sets parameters for the XSL stylesheet * Bulk sets parameters for the XSL stylesheet
* @param array $options Associative array of options to set * @param array $options Associative array of options to set
*/ */
public function setParameters($options) { public function setParameters($options)
{
foreach ($options as $name => $value) { foreach ($options as $name => $value) {
$this->xsltProcessor->setParameter('', $name, $value); $this->xsltProcessor->setParameter('', $name, $value);
} }
@ -77,7 +81,8 @@ class ConfigDoc_HTMLXSLTProcessor
/** /**
* Forward any other calls to the XSLT processor * Forward any other calls to the XSLT processor
*/ */
public function __call($name, $arguments) { public function __call($name, $arguments)
{
call_user_func_array(array($this->xsltProcessor, $name), $arguments); call_user_func_array(array($this->xsltProcessor, $name), $arguments);
} }

21
extras/FSTools.php
View File

@ -15,7 +15,8 @@ class FSTools
/** /**
* Returns a global instance of FSTools * Returns a global instance of FSTools
*/ */
static public function singleton() { public static function singleton()
{
if (empty(FSTools::$singleton)) FSTools::$singleton = new FSTools(); if (empty(FSTools::$singleton)) FSTools::$singleton = new FSTools();
return FSTools::$singleton; return FSTools::$singleton;
} }
@ -24,7 +25,8 @@ class FSTools
* Sets our global singleton to something else; useful for overloading * Sets our global singleton to something else; useful for overloading
* functions. * functions.
*/ */
static public function setSingleton($singleton) { public static function setSingleton($singleton)
{
FSTools::$singleton = $singleton; FSTools::$singleton = $singleton;
} }
@ -33,7 +35,8 @@ class FSTools
* @param string $folder Name of folder to create * @param string $folder Name of folder to create
* @note Adapted from the PHP manual comment 76612 * @note Adapted from the PHP manual comment 76612
*/ */
public function mkdirr($folder) { public function mkdirr($folder)
{
$folders = preg_split("#[\\\\/]#", $folder); $folders = preg_split("#[\\\\/]#", $folder);
$base = ''; $base = '';
for($i = 0, $c = count($folders); $i < $c; $i++) { for($i = 0, $c = count($folders); $i < $c; $i++) {
@ -57,7 +60,8 @@ class FSTools
* so that copied files, if PHP, have includes removed * so that copied files, if PHP, have includes removed
* @note Adapted from http://aidanlister.com/repos/v/function.copyr.php * @note Adapted from http://aidanlister.com/repos/v/function.copyr.php
*/ */
public function copyr($source, $dest) { public function copyr($source, $dest)
{
// Simple copy for a file // Simple copy for a file
if (is_file($source)) { if (is_file($source)) {
return $this->copy($source, $dest); return $this->copy($source, $dest);
@ -92,7 +96,8 @@ class FSTools
* ignore hidden files, unreadable files, etc. This function * ignore hidden files, unreadable files, etc. This function
* applies to copyr(). * applies to copyr().
*/ */
public function copyable($file) { public function copyable($file)
{
return true; return true;
} }
@ -131,7 +136,8 @@ class FSTools
/** /**
* Recursively globs a directory. * Recursively globs a directory.
*/ */
public function globr($dir, $pattern, $flags = NULL) { public function globr($dir, $pattern, $flags = NULL)
{
$files = $this->glob("$dir/$pattern", $flags); $files = $this->glob("$dir/$pattern", $flags);
if ($files === false) $files = array(); if ($files === false) $files = array();
$sub_dirs = $this->glob("$dir/*", GLOB_ONLYDIR); $sub_dirs = $this->glob("$dir/*", GLOB_ONLYDIR);
@ -148,7 +154,8 @@ class FSTools
* @warning This function will not work for functions that need * @warning This function will not work for functions that need
* to pass references; manually define a stub function for those. * to pass references; manually define a stub function for those.
*/ */
public function __call($name, $args) { public function __call($name, $args)
{
return call_user_func_array($name, $args); return call_user_func_array($name, $args);
} }

45
extras/FSTools/File.php
View File

@ -23,7 +23,8 @@ class FSTools_File
* Filename of file you wish to instantiate. * Filename of file you wish to instantiate.
* @note This file need not exist * @note This file need not exist
*/ */
public function __construct($name, $fs = false) { public function __construct($name, $fs = false)
{
$this->name = $name; $this->name = $name;
$this->fs = $fs ? $fs : FSTools::singleton(); $this->fs = $fs ? $fs : FSTools::singleton();
} }
@ -38,27 +39,32 @@ class FSTools_File
* Retrieves the contents of a file * Retrieves the contents of a file
* @todo Throw an exception if file doesn't exist * @todo Throw an exception if file doesn't exist
*/ */
public function get() { public function get()
{
return $this->fs->file_get_contents($this->name); return $this->fs->file_get_contents($this->name);
} }
/** Writes contents to a file, creates new file if necessary */ /** Writes contents to a file, creates new file if necessary */
public function write($contents) { public function write($contents)
{
return $this->fs->file_put_contents($this->name, $contents); return $this->fs->file_put_contents($this->name, $contents);
} }
/** Deletes the file */ /** Deletes the file */
public function delete() { public function delete()
{
return $this->fs->unlink($this->name); return $this->fs->unlink($this->name);
} }
/** Returns true if file exists and is a file. */ /** Returns true if file exists and is a file. */
public function exists() { public function exists()
{
return $this->fs->is_file($this->name); return $this->fs->is_file($this->name);
} }
/** Returns last file modification time */ /** Returns last file modification time */
public function getMTime() { public function getMTime()
{
return $this->fs->filemtime($this->name); return $this->fs->filemtime($this->name);
} }
@ -67,19 +73,22 @@ class FSTools_File
* @note We ignore errors because of some weird owner trickery due * @note We ignore errors because of some weird owner trickery due
* to SVN duality * to SVN duality
*/ */
public function chmod($octal_code) { public function chmod($octal_code)
{
return @$this->fs->chmod($this->name, $octal_code); return @$this->fs->chmod($this->name, $octal_code);
} }
/** Opens file's handle */ /** Opens file's handle */
public function open($mode) { public function open($mode)
{
if ($this->handle) $this->close(); if ($this->handle) $this->close();
$this->handle = $this->fs->fopen($this->name, $mode); $this->handle = $this->fs->fopen($this->name, $mode);
return true; return true;
} }
/** Closes file's handle */ /** Closes file's handle */
public function close() { public function close()
{
if (!$this->handle) return false; if (!$this->handle) return false;
$status = $this->fs->fclose($this->handle); $status = $this->fs->fclose($this->handle);
$this->handle = false; $this->handle = false;
@ -87,37 +96,43 @@ class FSTools_File
} }
/** Retrieves a line from an open file, with optional max length $length */ /** Retrieves a line from an open file, with optional max length $length */
public function getLine($length = null) { public function getLine($length = null)
{
if (!$this->handle) $this->open('r'); if (!$this->handle) $this->open('r');
if ($length === null) return $this->fs->fgets($this->handle); if ($length === null) return $this->fs->fgets($this->handle);
else return $this->fs->fgets($this->handle, $length); else return $this->fs->fgets($this->handle, $length);
} }
/** Retrieves a character from an open file */ /** Retrieves a character from an open file */
public function getChar() { public function getChar()
{
if (!$this->handle) $this->open('r'); if (!$this->handle) $this->open('r');
return $this->fs->fgetc($this->handle); return $this->fs->fgetc($this->handle);
} }
/** Retrieves an $length bytes of data from an open data */ /** Retrieves an $length bytes of data from an open data */
public function read($length) { public function read($length)
{
if (!$this->handle) $this->open('r'); if (!$this->handle) $this->open('r');
return $this->fs->fread($this->handle, $length); return $this->fs->fread($this->handle, $length);
} }
/** Writes to an open file */ /** Writes to an open file */
public function put($string) { public function put($string)
{
if (!$this->handle) $this->open('a'); if (!$this->handle) $this->open('a');
return $this->fs->fwrite($this->handle, $string); return $this->fs->fwrite($this->handle, $string);
} }
/** Returns TRUE if the end of the file has been reached */ /** Returns TRUE if the end of the file has been reached */
public function eof() { public function eof()
{
if (!$this->handle) return true; if (!$this->handle) return true;
return $this->fs->feof($this->handle); return $this->fs->feof($this->handle);
} }
public function __destruct() { public function __destruct()
{
if ($this->handle) $this->close(); if ($this->handle) $this->close();
} }

3
extras/HTMLPurifierExtras.autoload.php
View File

@ -17,7 +17,8 @@ if (function_exists('spl_autoload_register')) {
spl_autoload_register('__autoload'); spl_autoload_register('__autoload');
} }
} elseif (!function_exists('__autoload')) { } elseif (!function_exists('__autoload')) {
function __autoload($class) { function __autoload($class)
{
return HTMLPurifierExtras::autoload($class); return HTMLPurifierExtras::autoload($class);
} }
} }

6
extras/HTMLPurifierExtras.php
View File

@ -7,14 +7,16 @@
class HTMLPurifierExtras class HTMLPurifierExtras
{ {
public static function autoload($class) { public static function autoload($class)
{
$path = HTMLPurifierExtras::getPath($class); $path = HTMLPurifierExtras::getPath($class);
if (!$path) return false; if (!$path) return false;
require $path; require $path;
return true; return true;
} }
public static function getPath($class) { public static function getPath($class)
{
if ( if (
strncmp('FSTools', $class, 7) !== 0 && strncmp('FSTools', $class, 7) !== 0 &&
strncmp('ConfigDoc', $class, 9) !== 0 strncmp('ConfigDoc', $class, 9) !== 0

3
library/HTMLPurifier.autoload.php
View File

@ -14,7 +14,8 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
spl_autoload_register('__autoload'); spl_autoload_register('__autoload');
} }
} elseif (!function_exists('__autoload')) { } elseif (!function_exists('__autoload')) {
function __autoload($class) { function __autoload($class)
{
return HTMLPurifier_Bootstrap::autoload($class); return HTMLPurifier_Bootstrap::autoload($class);
} }
} }

8
library/HTMLPurifier.func.php
View File

@ -8,11 +8,13 @@
/** /**
* Purify HTML. * Purify HTML.
* @param $html String HTML to purify * @param string $html String HTML to purify
* @param $config Configuration to use, can be any value accepted by * @param mixed $config Configuration to use, can be any value accepted by
* HTMLPurifier_Config::create() * HTMLPurifier_Config::create()
* @return string
*/ */
function HTMLPurifier($html, $config = null) { function HTMLPurifier($html, $config = null)
{
static $purifier = false; static $purifier = false;
if (!$purifier) { if (!$purifier) {
$purifier = new HTMLPurifier(); $purifier = new HTMLPurifier();

4
library/HTMLPurifier.kses.php
View File

@ -7,7 +7,8 @@
require_once dirname(__FILE__) . '/HTMLPurifier.auto.php'; require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
function kses($string, $allowed_html, $allowed_protocols = null) { function kses($string, $allowed_html, $allowed_protocols = null)
{
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$allowed_elements = array(); $allowed_elements = array();
$allowed_attributes = array(); $allowed_attributes = array();
@ -19,7 +20,6 @@ function kses($string, $allowed_html, $allowed_protocols = null) {
} }
$config->set('HTML.AllowedElements', $allowed_elements); $config->set('HTML.AllowedElements', $allowed_elements);
$config->set('HTML.AllowedAttributes', $allowed_attributes); $config->set('HTML.AllowedAttributes', $allowed_attributes);
$allowed_schemes = array();
if ($allowed_protocols !== null) { if ($allowed_protocols !== null) {
$config->set('URI.AllowedSchemes', $allowed_protocols); $config->set('URI.AllowedSchemes', $allowed_protocols);
} }

69
library/HTMLPurifier.php
View File

@ -55,36 +55,49 @@ class HTMLPurifier
{ {
/** /**
* @var string Version of HTML Purifier * Version of HTML Purifier.
* @type string
*/ */
public $version = '4.5.0'; public $version = '4.5.0';
/** /**
* Constant with version of HTML Purifier * Constant with version of HTML Purifier.
*/ */
const VERSION = '4.5.0'; const VERSION = '4.5.0';
/** /**
* @var HTMLPurifier_Config Global configuration object * Global configuration object.
* @type HTMLPurifier_Config
*/ */
public $config; public $config;
/** /**
* @var HTMLPurifier_Filter[] Array of extra filter objects to run on HTML, * Array of extra filter objects to run on HTML,
* for backwards compatibility * for backwards compatibility.
* @type HTMLPurifier_Filter[]
*/ */
private $filters = array(); private $filters = array();
/** /**
* @var HTMLPurifier Single instance of HTML Purifier * Single instance of HTML Purifier.
* @type HTMLPurifier
*/ */
private static $instance; private static $instance;
protected $strategy, $generator; /**
* @type HTMLPurifier_Strategy_Core
*/
protected $strategy;
/** /**
* @var HTMLPurifier_Context Resultant context of last run purification. * @type HTMLPurifier_Generator
*/
protected $generator;
/**
* Resultant context of last run purification.
* Is an array of contexts if the last called method was purifyArray(). * Is an array of contexts if the last called method was purifyArray().
* @type HTMLPurifier_Context
*/ */
public $context; public $context;
@ -98,12 +111,10 @@ class HTMLPurifier
* The parameter can also be any type that * The parameter can also be any type that
* HTMLPurifier_Config::create() supports. * HTMLPurifier_Config::create() supports.
*/ */
public function __construct($config = null) { public function __construct($config = null)
{
$this->config = HTMLPurifier_Config::create($config); $this->config = HTMLPurifier_Config::create($config);
$this->strategy = new HTMLPurifier_Strategy_Core(); $this->strategy = new HTMLPurifier_Strategy_Core();
} }
/** /**
@ -111,9 +122,10 @@ class HTMLPurifier
* *
* @param HTMLPurifier_Filter $filter HTMLPurifier_Filter object * @param HTMLPurifier_Filter $filter HTMLPurifier_Filter object
*/ */
public function addFilter($filter) { public function addFilter($filter)
{
trigger_error( trigger_error(
'HTMLPurifier->addFilter() is deprecated, use configuration directives'. 'HTMLPurifier->addFilter() is deprecated, use configuration directives' .
' in the Filter namespace or Filter.Custom', ' in the Filter namespace or Filter.Custom',
E_USER_WARNING E_USER_WARNING
); );
@ -131,8 +143,8 @@ class HTMLPurifier
* *
* @return string Purified HTML * @return string Purified HTML
*/ */
public function purify($html, $config = null) { public function purify($html, $config = null)
{
// :TODO: make the config merge in, instead of replace // :TODO: make the config merge in, instead of replace
$config = $config ? HTMLPurifier_Config::create($config) : $this->config; $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
@ -170,8 +182,12 @@ class HTMLPurifier
unset($filter_flags['Custom']); unset($filter_flags['Custom']);
$filters = array(); $filters = array();
foreach ($filter_flags as $filter => $flag) { foreach ($filter_flags as $filter => $flag) {
if (!$flag) continue; if (!$flag) {
if (strpos($filter, '.') !== false) continue; continue;
}
if (strpos($filter, '.') !== false) {
continue;
}
$class = "HTMLPurifier_Filter_$filter"; $class = "HTMLPurifier_Filter_$filter";
$filters[] = new $class; $filters[] = new $class;
} }
@ -194,9 +210,12 @@ class HTMLPurifier
// list of un-purified tokens // list of un-purified tokens
$lexer->tokenizeHTML( $lexer->tokenizeHTML(
// un-purified HTML // un-purified HTML
$html, $config, $context $html,
$config,
$context
), ),
$config, $context $config,
$context
) )
); );
@ -218,7 +237,8 @@ class HTMLPurifier
* *
* @return string[] Array of purified HTML * @return string[] Array of purified HTML
*/ */
public function purifyArray($array_of_html, $config = null) { public function purifyArray($array_of_html, $config = null)
{
$context_array = array(); $context_array = array();
foreach ($array_of_html as $key => $html) { foreach ($array_of_html as $key => $html) {
$array_of_html[$key] = $this->purify($html, $config); $array_of_html[$key] = $this->purify($html, $config);
@ -238,7 +258,8 @@ class HTMLPurifier
* *
* @return HTMLPurifier * @return HTMLPurifier
*/ */
public static function instance($prototype = null) { public static function instance($prototype = null)
{
if (!self::$instance || $prototype) { if (!self::$instance || $prototype) {
if ($prototype instanceof HTMLPurifier) { if ($prototype instanceof HTMLPurifier) {
self::$instance = $prototype; self::$instance = $prototype;
@ -262,10 +283,10 @@ class HTMLPurifier
* @return HTMLPurifier * @return HTMLPurifier
* @note Backwards compatibility, see instance() * @note Backwards compatibility, see instance()
*/ */
public static function getInstance($prototype = null) { public static function getInstance($prototype = null)
{
return HTMLPurifier::instance($prototype); return HTMLPurifier::instance($prototype);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

53
library/HTMLPurifier/AttrCollections.php
View File

@ -8,7 +8,8 @@ class HTMLPurifier_AttrCollections
{ {
/** /**
* Associative array of attribute collections, indexed by name * Associative array of attribute collections, indexed by name.
* @type array
*/ */
public $info = array(); public $info = array();
@ -16,10 +17,11 @@ class HTMLPurifier_AttrCollections
* Performs all expansions on internal data for use by other inclusions * Performs all expansions on internal data for use by other inclusions
* It also collects all attribute collection extensions from * It also collects all attribute collection extensions from
* modules * modules
* @param $attr_types HTMLPurifier_AttrTypes instance * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance
* @param $modules Hash array of HTMLPurifier_HTMLModule members * @param HTMLPurifier_HTMLModule[] $modules Hash array of HTMLPurifier_HTMLModule members
*/ */
public function __construct($attr_types, $modules) { public function __construct($attr_types, $modules)
{
// load extensions from the modules // load extensions from the modules
foreach ($modules as $module) { foreach ($modules as $module) {
foreach ($module->attr_collections as $coll_i => $coll) { foreach ($module->attr_collections as $coll_i => $coll) {
@ -30,7 +32,9 @@ class HTMLPurifier_AttrCollections
if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) { if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
// merge in includes // merge in includes
$this->info[$coll_i][$attr_i] = array_merge( $this->info[$coll_i][$attr_i] = array_merge(
$this->info[$coll_i][$attr_i], $attr); $this->info[$coll_i][$attr_i],
$attr
);
continue; continue;
} }
$this->info[$coll_i][$attr_i] = $attr; $this->info[$coll_i][$attr_i] = $attr;
@ -49,20 +53,29 @@ class HTMLPurifier_AttrCollections
/** /**
* Takes a reference to an attribute associative array and performs * Takes a reference to an attribute associative array and performs
* all inclusions specified by the zero index. * all inclusions specified by the zero index.
* @param &$attr Reference to attribute array * @param array &$attr Reference to attribute array
*/ */
public function performInclusions(&$attr) { public function performInclusions(&$attr)
if (!isset($attr[0])) return; {
if (!isset($attr[0])) {
return;
}
$merge = $attr[0]; $merge = $attr[0];
$seen = array(); // recursion guard $seen = array(); // recursion guard
// loop through all the inclusions // loop through all the inclusions
for ($i = 0; isset($merge[$i]); $i++) { for ($i = 0; isset($merge[$i]); $i++) {
if (isset($seen[$merge[$i]])) continue; if (isset($seen[$merge[$i]])) {
continue;
}
$seen[$merge[$i]] = true; $seen[$merge[$i]] = true;
// foreach attribute of the inclusion, copy it over // foreach attribute of the inclusion, copy it over
if (!isset($this->info[$merge[$i]])) continue; if (!isset($this->info[$merge[$i]])) {
continue;
}
foreach ($this->info[$merge[$i]] as $key => $value) { foreach ($this->info[$merge[$i]] as $key => $value) {
if (isset($attr[$key])) continue; // also catches more inclusions if (isset($attr[$key])) {
continue;
} // also catches more inclusions
$attr[$key] = $value; $attr[$key] = $value;
} }
if (isset($this->info[$merge[$i]][0])) { if (isset($this->info[$merge[$i]][0])) {
@ -76,20 +89,24 @@ class HTMLPurifier_AttrCollections
/** /**
* Expands all string identifiers in an attribute array by replacing * Expands all string identifiers in an attribute array by replacing
* them with the appropriate values inside HTMLPurifier_AttrTypes * them with the appropriate values inside HTMLPurifier_AttrTypes
* @param &$attr Reference to attribute array * @param array &$attr Reference to attribute array
* @param $attr_types HTMLPurifier_AttrTypes instance * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance
*/ */
public function expandIdentifiers(&$attr, $attr_types) { public function expandIdentifiers(&$attr, $attr_types)
{
// because foreach will process new elements we add, make sure we // because foreach will process new elements we add, make sure we
// skip duplicates // skip duplicates
$processed = array(); $processed = array();
foreach ($attr as $def_i => $def) { foreach ($attr as $def_i => $def) {
// skip inclusions // skip inclusions
if ($def_i === 0) continue; if ($def_i === 0) {
continue;
}
if (isset($processed[$def_i])) continue; if (isset($processed[$def_i])) {
continue;
}
// determine whether or not attribute is required // determine whether or not attribute is required
if ($required = (strpos($def_i, '*') !== false)) { if ($required = (strpos($def_i, '*') !== false)) {
@ -120,9 +137,7 @@ class HTMLPurifier_AttrCollections
unset($attr[$def_i]); unset($attr[$def_i]);
} }
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

53
library/HTMLPurifier/AttrDef.php
View File

@ -14,23 +14,25 @@ abstract class HTMLPurifier_AttrDef
{ {
/** /**
* Tells us whether or not an HTML attribute is minimized. Has no * Tells us whether or not an HTML attribute is minimized.
* meaning in other contexts. * Has no meaning in other contexts.
* @type bool
*/ */
public $minimized = false; public $minimized = false;
/** /**
* Tells us whether or not an HTML attribute is required. Has no * Tells us whether or not an HTML attribute is required.
* meaning in other contexts * Has no meaning in other contexts
* @type bool
*/ */
public $required = false; public $required = false;
/** /**
* Validates and cleans passed string according to a definition. * Validates and cleans passed string according to a definition.
* *
* @param $string String to be validated and cleaned. * @param string $string String to be validated and cleaned.
* @param $config Mandatory HTMLPurifier_Config object. * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
* @param $context Mandatory HTMLPurifier_AttrContext object. * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.
*/ */
abstract public function validate($string, $config, $context); abstract public function validate($string, $config, $context);
@ -55,7 +57,8 @@ abstract class HTMLPurifier_AttrDef
* parsing XML, thus, this behavior may still be correct. We * parsing XML, thus, this behavior may still be correct. We
* assume that newlines have been normalized. * assume that newlines have been normalized.
*/ */
public function parseCDATA($string) { public function parseCDATA($string)
{
$string = trim($string); $string = trim($string);
$string = str_replace(array("\n", "\t", "\r"), ' ', $string); $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
return $string; return $string;
@ -63,10 +66,11 @@ abstract class HTMLPurifier_AttrDef
/** /**
* Factory method for creating this class from a string. * Factory method for creating this class from a string.
* @param $string String construction info * @param string $string String construction info
* @return Created AttrDef object corresponding to $string * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string
*/ */
public function make($string) { public function make($string)
{
// default implementation, return a flyweight of this object. // default implementation, return a flyweight of this object.
// If $string has an effect on the returned object (i.e. you // If $string has an effect on the returned object (i.e. you
// need to overload this method), it is best // need to overload this method), it is best
@ -77,8 +81,11 @@ abstract class HTMLPurifier_AttrDef
/** /**
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
* properly. THIS IS A HACK! * properly. THIS IS A HACK!
* @param string $string a CSS colour definition
* @return string
*/ */
protected function mungeRgb($string) { protected function mungeRgb($string)
{
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
} }
@ -86,7 +93,8 @@ abstract class HTMLPurifier_AttrDef
* Parses a possibly escaped CSS string and returns the "pure" * Parses a possibly escaped CSS string and returns the "pure"
* version of it. * version of it.
*/ */
protected function expandCSSEscape($string) { protected function expandCSSEscape($string)
{
// flexibly parse it // flexibly parse it
$ret = ''; $ret = '';
for ($i = 0, $c = strlen($string); $i < $c; $i++) { for ($i = 0, $c = strlen($string); $i < $c; $i++) {
@ -99,25 +107,32 @@ abstract class HTMLPurifier_AttrDef
if (ctype_xdigit($string[$i])) { if (ctype_xdigit($string[$i])) {
$code = $string[$i]; $code = $string[$i];
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) { for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
if (!ctype_xdigit($string[$i])) break; if (!ctype_xdigit($string[$i])) {
break;
}
$code .= $string[$i]; $code .= $string[$i];
} }
// We have to be extremely careful when adding // We have to be extremely careful when adding
// new characters, to make sure we're not breaking // new characters, to make sure we're not breaking
// the encoding. // the encoding.
$char = HTMLPurifier_Encoder::unichr(hexdec($code)); $char = HTMLPurifier_Encoder::unichr(hexdec($code));
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue; if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
$ret .= $char; continue;
if ($i < $c && trim($string[$i]) !== '') $i--; }
$ret .= $char;
if ($i < $c && trim($string[$i]) !== '') {
$i--;
}
continue;
}
if ($string[$i] === "\n") {
continue; continue;
} }
if ($string[$i] === "\n") continue;
} }
$ret .= $string[$i]; $ret .= $string[$i];
} }
return $ret; return $ret;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

37
library/HTMLPurifier/AttrDef/CSS.php
View File

@ -14,8 +14,14 @@
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
{ {
public function validate($css, $config, $context) { /**
* @param string $css
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($css, $config, $context)
{
$css = $this->parseCDATA($css); $css = $this->parseCDATA($css);
$definition = $config->getCSSDefinition(); $definition = $config->getCSSDefinition();
@ -36,8 +42,12 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
$context->register('CurrentCSSProperty', $property); $context->register('CurrentCSSProperty', $property);
foreach ($declarations as $declaration) { foreach ($declarations as $declaration) {
if (!$declaration) continue; if (!$declaration) {
if (!strpos($declaration, ':')) continue; continue;
}
if (!strpos($declaration, ':')) {
continue;
}
list($property, $value) = explode(':', $declaration, 2); list($property, $value) = explode(':', $declaration, 2);
$property = trim($property); $property = trim($property);
$value = trim($value); $value = trim($value);
@ -47,23 +57,32 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
$ok = true; $ok = true;
break; break;
} }
if (ctype_lower($property)) break; if (ctype_lower($property)) {
break;
}
$property = strtolower($property); $property = strtolower($property);
if (isset($definition->info[$property])) { if (isset($definition->info[$property])) {
$ok = true; $ok = true;
break; break;
} }
} while(0); } while (0);
if (!$ok) continue; if (!$ok) {
continue;
}
// inefficient call, since the validator will do this again // inefficient call, since the validator will do this again
if (strtolower(trim($value)) !== 'inherit') { if (strtolower(trim($value)) !== 'inherit') {
// inherit works for everything (but only on the base property) // inherit works for everything (but only on the base property)
$result = $definition->info[$property]->validate( $result = $definition->info[$property]->validate(
$value, $config, $context ); $value,
$config,
$context
);
} else { } else {
$result = 'inherit'; $result = 'inherit';
} }
if ($result === false) continue; if ($result === false) {
continue;
}
$propvalues[$property] = $result; $propvalues[$property] = $result;
} }

27
library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
View File

@ -3,19 +3,32 @@
class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
{ {
public function __construct() { public function __construct()
{
parent::__construct(false); // opacity is non-negative, but we will clamp it parent::__construct(false); // opacity is non-negative, but we will clamp it
} }
public function validate($number, $config, $context) { /**
* @param string $number
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public function validate($number, $config, $context)
{
$result = parent::validate($number, $config, $context); $result = parent::validate($number, $config, $context);
if ($result === false) return $result; if ($result === false) {
$float = (float) $result; return $result;
if ($float < 0.0) $result = '0'; }
if ($float > 1.0) $result = '1'; $float = (float)$result;
if ($float < 0.0) {
$result = '0';
}
if ($float > 1.0) {
$result = '1';
}
return $result; return $result;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

54
library/HTMLPurifier/AttrDef/CSS/Background.php
View File

@ -9,11 +9,16 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
/** /**
* Local copy of component validators. * Local copy of component validators.
* @type HTMLPurifier_AttrDef[]
* @note See HTMLPurifier_AttrDef_Font::$info for a similar impl. * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
*/ */
protected $info; protected $info;
public function __construct($config) { /**
* @param HTMLPurifier_Config $config
*/
public function __construct($config)
{
$def = $config->getCSSDefinition(); $def = $config->getCSSDefinition();
$this->info['background-color'] = $def->info['background-color']; $this->info['background-color'] = $def->info['background-color'];
$this->info['background-image'] = $def->info['background-image']; $this->info['background-image'] = $def->info['background-image'];
@ -22,11 +27,19 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$this->info['background-position'] = $def->info['background-position']; $this->info['background-position'] = $def->info['background-position'];
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
// regular pre-processing // regular pre-processing
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
if ($string === '') return false; if ($string === '') {
return false;
}
// munge rgb() decl if necessary // munge rgb() decl if necessary
$string = $this->mungeRgb($string); $string = $this->mungeRgb($string);
@ -42,20 +55,27 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$caught['position'] = false; $caught['position'] = false;
$i = 0; // number of catches $i = 0; // number of catches
$none = false;
foreach ($bits as $bit) { foreach ($bits as $bit) {
if ($bit === '') continue; if ($bit === '') {
continue;
}
foreach ($caught as $key => $status) { foreach ($caught as $key => $status) {
if ($key != 'position') { if ($key != 'position') {
if ($status !== false) continue; if ($status !== false) {
continue;
}
$r = $this->info['background-' . $key]->validate($bit, $config, $context); $r = $this->info['background-' . $key]->validate($bit, $config, $context);
} else { } else {
$r = $bit; $r = $bit;
} }
if ($r === false) continue; if ($r === false) {
continue;
}
if ($key == 'position') { if ($key == 'position') {
if ($caught[$key] === false) $caught[$key] = ''; if ($caught[$key] === false) {
$caught[$key] = '';
}
$caught[$key] .= $r . ' '; $caught[$key] .= $r . ' ';
} else { } else {
$caught[$key] = $r; $caught[$key] = $r;
@ -65,7 +85,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
} }
} }
if (!$i) return false; if (!$i) {
return false;
}
if ($caught['position'] !== false) { if ($caught['position'] !== false) {
$caught['position'] = $this->info['background-position']-> $caught['position'] = $this->info['background-position']->
validate($caught['position'], $config, $context); validate($caught['position'], $config, $context);
@ -73,15 +95,17 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$ret = array(); $ret = array();
foreach ($caught as $value) { foreach ($caught as $value) {
if ($value === false) continue; if ($value === false) {
continue;
}
$ret[] = $value; $ret[] = $value;
} }
if (empty($ret)) return false; if (empty($ret)) {
return implode(' ', $ret); return false;
}
return implode(' ', $ret);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

52
library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
View File

@ -44,15 +44,30 @@
class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
{ {
/**
* @type HTMLPurifier_AttrDef_CSS_Length
*/
protected $length; protected $length;
/**
* @type HTMLPurifier_AttrDef_CSS_Percentage
*/
protected $percentage; protected $percentage;
public function __construct() { public function __construct()
{
$this->length = new HTMLPurifier_AttrDef_CSS_Length(); $this->length = new HTMLPurifier_AttrDef_CSS_Length();
$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage(); $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
$bits = explode(' ', $string); $bits = explode(' ', $string);
@ -74,7 +89,9 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
); );
foreach ($bits as $bit) { foreach ($bits as $bit) {
if ($bit === '') continue; if ($bit === '') {
continue;
}
// test for keyword // test for keyword
$lbit = ctype_lower($bit) ? $bit : strtolower($bit); $lbit = ctype_lower($bit) ? $bit : strtolower($bit);
@ -104,30 +121,37 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
$measures[] = $r; $measures[] = $r;
$i++; $i++;
} }
} }
if (!$i) return false; // no valid values were caught if (!$i) {
return false;
} // no valid values were caught
$ret = array(); $ret = array();
// first keyword // first keyword
if ($keywords['h']) $ret[] = $keywords['h']; if ($keywords['h']) {
elseif ($keywords['ch']) { $ret[] = $keywords['h'];
} elseif ($keywords['ch']) {
$ret[] = $keywords['ch']; $ret[] = $keywords['ch'];
$keywords['cv'] = false; // prevent re-use: center = center center $keywords['cv'] = false; // prevent re-use: center = center center
} elseif (count($measures)) {
$ret[] = array_shift($measures);
} }
elseif (count($measures)) $ret[] = array_shift($measures);
if ($keywords['v']) $ret[] = $keywords['v']; if ($keywords['v']) {
elseif ($keywords['cv']) $ret[] = $keywords['cv']; $ret[] = $keywords['v'];
elseif (count($measures)) $ret[] = array_shift($measures); } elseif ($keywords['cv']) {
$ret[] = $keywords['cv'];
} elseif (count($measures)) {
$ret[] = array_shift($measures);
}
if (empty($ret)) return false; if (empty($ret)) {
return false;
}
return implode(' ', $ret); return implode(' ', $ret);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

21
library/HTMLPurifier/AttrDef/CSS/Border.php
View File

@ -8,17 +8,29 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
/** /**
* Local copy of properties this property is shorthand for. * Local copy of properties this property is shorthand for.
* @type HTMLPurifier_AttrDef[]
*/ */
protected $info = array(); protected $info = array();
public function __construct($config) { /**
* @param HTMLPurifier_Config $config
*/
public function __construct($config)
{
$def = $config->getCSSDefinition(); $def = $config->getCSSDefinition();
$this->info['border-width'] = $def->info['border-width']; $this->info['border-width'] = $def->info['border-width'];
$this->info['border-style'] = $def->info['border-style']; $this->info['border-style'] = $def->info['border-style'];
$this->info['border-top-color'] = $def->info['border-top-color']; $this->info['border-top-color'] = $def->info['border-top-color'];
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
$string = $this->mungeRgb($string); $string = $this->mungeRgb($string);
$bits = explode(' ', $string); $bits = explode(' ', $string);
@ -26,7 +38,9 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
$ret = ''; // return value $ret = ''; // return value
foreach ($bits as $bit) { foreach ($bits as $bit) {
foreach ($this->info as $propname => $validator) { foreach ($this->info as $propname => $validator) {
if (isset($done[$propname])) continue; if (isset($done[$propname])) {
continue;
}
$r = $validator->validate($bit, $config, $context); $r = $validator->validate($bit, $config, $context);
if ($r !== false) { if ($r !== false) {
$ret .= $r . ' '; $ret .= $r . ' ';
@ -37,7 +51,6 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
} }
return rtrim($ret); return rtrim($ret);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

67
library/HTMLPurifier/AttrDef/CSS/Color.php
View File

@ -6,29 +6,47 @@
class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
{ {
public function validate($color, $config, $context) { /**
* @param string $color
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($color, $config, $context)
{
static $colors = null; static $colors = null;
if ($colors === null) $colors = $config->get('Core.ColorKeywords'); if ($colors === null) {
$colors = $config->get('Core.ColorKeywords');
}
$color = trim($color); $color = trim($color);
if ($color === '') return false; if ($color === '') {
return false;
}
$lower = strtolower($color); $lower = strtolower($color);
if (isset($colors[$lower])) return $colors[$lower]; if (isset($colors[$lower])) {
return $colors[$lower];
}
if (strpos($color, 'rgb(') !== false) { if (strpos($color, 'rgb(') !== false) {
// rgb literal handling // rgb literal handling
$length = strlen($color); $length = strlen($color);
if (strpos($color, ')') !== $length - 1) return false; if (strpos($color, ')') !== $length - 1) {
return false;
}
$triad = substr($color, 4, $length - 4 - 1); $triad = substr($color, 4, $length - 4 - 1);
$parts = explode(',', $triad); $parts = explode(',', $triad);
if (count($parts) !== 3) return false; if (count($parts) !== 3) {
return false;
}
$type = false; // to ensure that they're all the same type $type = false; // to ensure that they're all the same type
$new_parts = array(); $new_parts = array();
foreach ($parts as $part) { foreach ($parts as $part) {
$part = trim($part); $part = trim($part);
if ($part === '') return false; if ($part === '') {
return false;
}
$length = strlen($part); $length = strlen($part);
if ($part[$length - 1] === '%') { if ($part[$length - 1] === '%') {
// handle percents // handle percents
@ -37,9 +55,13 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
} elseif ($type !== 'percentage') { } elseif ($type !== 'percentage') {
return false; return false;
} }
$num = (float) substr($part, 0, $length - 1); $num = (float)substr($part, 0, $length - 1);
if ($num < 0) $num = 0; if ($num < 0) {
if ($num > 100) $num = 100; $num = 0;
}
if ($num > 100) {
$num = 100;
}
$new_parts[] = "$num%"; $new_parts[] = "$num%";
} else { } else {
// handle integers // handle integers
@ -48,10 +70,14 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
} elseif ($type !== 'integer') { } elseif ($type !== 'integer') {
return false; return false;
} }
$num = (int) $part; $num = (int)$part;
if ($num < 0) $num = 0; if ($num < 0) {
if ($num > 255) $num = 255; $num = 0;
$new_parts[] = (string) $num; }
if ($num > 255) {
$num = 255;
}
$new_parts[] = (string)$num;
} }
} }
$new_triad = implode(',', $new_parts); $new_triad = implode(',', $new_parts);
@ -65,14 +91,15 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
$color = '#' . $color; $color = '#' . $color;
} }
$length = strlen($hex); $length = strlen($hex);
if ($length !== 3 && $length !== 6) return false; if ($length !== 3 && $length !== 6) {
if (!ctype_xdigit($hex)) return false; return false;
}
if (!ctype_xdigit($hex)) {
return false;
}
} }
return $color; return $color;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

22
library/HTMLPurifier/AttrDef/CSS/Composite.php
View File

@ -13,26 +13,36 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
{ {
/** /**
* List of HTMLPurifier_AttrDef objects that may process strings * List of objects that may process strings.
* @type HTMLPurifier_AttrDef[]
* @todo Make protected * @todo Make protected
*/ */
public $defs; public $defs;
/** /**
* @param $defs List of HTMLPurifier_AttrDef objects * @param HTMLPurifier_AttrDef[] $defs List of HTMLPurifier_AttrDef objects
*/ */
public function __construct($defs) { public function __construct($defs)
{
$this->defs = $defs; $this->defs = $defs;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
foreach ($this->defs as $i => $def) { foreach ($this->defs as $i => $def) {
$result = $this->defs[$i]->validate($string, $config, $context); $result = $this->defs[$i]->validate($string, $config, $context);
if ($result !== false) return $result; if ($result !== false) {
return $result;
}
} }
return false; return false;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

28
library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
View File

@ -5,22 +5,38 @@
*/ */
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
{ {
public $def, $element; /**
* @type HTMLPurifier_AttrDef
*/
public $def;
/**
* @type string
*/
public $element;
/** /**
* @param $def Definition to wrap * @param HTMLPurifier_AttrDef $def Definition to wrap
* @param $element Element to deny * @param string $element Element to deny
*/ */
public function __construct($def, $element) { public function __construct($def, $element)
{
$this->def = $def; $this->def = $def;
$this->element = $element; $this->element = $element;
} }
/** /**
* Checks if CurrentToken is set and equal to $this->element * Checks if CurrentToken is set and equal to $this->element
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/ */
public function validate($string, $config, $context) { public function validate($string, $config, $context)
{
$token = $context->get('CurrentToken', true); $token = $context->get('CurrentToken', true);
if ($token && $token->name == $this->element) return false; if ($token && $token->name == $this->element) {
return false;
}
return $this->def->validate($string, $config, $context); return $this->def->validate($string, $config, $context);
} }
} }

47
library/HTMLPurifier/AttrDef/CSS/Filter.php
View File

@ -7,23 +7,37 @@
*/ */
class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
{ {
/**
* @type HTMLPurifier_AttrDef_Integer
*/
protected $intValidator; protected $intValidator;
public function __construct() { public function __construct()
{
$this->intValidator = new HTMLPurifier_AttrDef_Integer(); $this->intValidator = new HTMLPurifier_AttrDef_Integer();
} }
public function validate($value, $config, $context) { /**
* @param string $value
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($value, $config, $context)
{
$value = $this->parseCDATA($value); $value = $this->parseCDATA($value);
if ($value === 'none') return $value; if ($value === 'none') {
return $value;
}
// if we looped this we could support multiple filters // if we looped this we could support multiple filters
$function_length = strcspn($value, '('); $function_length = strcspn($value, '(');
$function = trim(substr($value, 0, $function_length)); $function = trim(substr($value, 0, $function_length));
if ($function !== 'alpha' && if ($function !== 'alpha' &&
$function !== 'Alpha' && $function !== 'Alpha' &&
$function !== 'progid:DXImageTransform.Microsoft.Alpha' $function !== 'progid:DXImageTransform.Microsoft.Alpha'
) return false; ) {
return false;
}
$cursor = $function_length + 1; $cursor = $function_length + 1;
$parameters_length = strcspn($value, ')', $cursor); $parameters_length = strcspn($value, ')', $cursor);
$parameters = substr($value, $cursor, $parameters_length); $parameters = substr($value, $cursor, $parameters_length);
@ -34,13 +48,23 @@ class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
list($key, $value) = explode('=', $param); list($key, $value) = explode('=', $param);
$key = trim($key); $key = trim($key);
$value = trim($value); $value = trim($value);
if (isset($lookup[$key])) continue; if (isset($lookup[$key])) {
if ($key !== 'opacity') continue; continue;
}
if ($key !== 'opacity') {
continue;
}
$value = $this->intValidator->validate($value, $config, $context); $value = $this->intValidator->validate($value, $config, $context);
if ($value === false) continue; if ($value === false) {
$int = (int) $value; continue;
if ($int > 100) $value = '100'; }
if ($int < 0) $value = '0'; $int = (int)$value;
if ($int > 100) {
$value = '100';
}
if ($int < 0) {
$value = '0';
}
$ret_params[] = "$key=$value"; $ret_params[] = "$key=$value";
$lookup[$key] = true; $lookup[$key] = true;
} }
@ -48,7 +72,6 @@ class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
$ret_function = "$function($ret_parameters)"; $ret_function = "$function($ret_parameters)";
return $ret_function; return $ret_function;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

77
library/HTMLPurifier/AttrDef/CSS/Font.php
View File

@ -7,8 +7,8 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
{ {
/** /**
* Local copy of component validators. * Local copy of validators
* * @type HTMLPurifier_AttrDef[]
* @note If we moved specific CSS property definitions to their own * @note If we moved specific CSS property definitions to their own
* classes instead of having them be assembled at run time by * classes instead of having them be assembled at run time by
* CSSDefinition, this wouldn't be necessary. We'd instantiate * CSSDefinition, this wouldn't be necessary. We'd instantiate
@ -16,7 +16,11 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
*/ */
protected $info = array(); protected $info = array();
public function __construct($config) { /**
* @param HTMLPurifier_Config $config
*/
public function __construct($config)
{
$def = $config->getCSSDefinition(); $def = $config->getCSSDefinition();
$this->info['font-style'] = $def->info['font-style']; $this->info['font-style'] = $def->info['font-style'];
$this->info['font-variant'] = $def->info['font-variant']; $this->info['font-variant'] = $def->info['font-variant'];
@ -26,8 +30,14 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
$this->info['font-family'] = $def->info['font-family']; $this->info['font-family'] = $def->info['font-family'];
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
static $system_fonts = array( static $system_fonts = array(
'caption' => true, 'caption' => true,
'icon' => true, 'icon' => true,
@ -39,7 +49,9 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
// regular pre-processing // regular pre-processing
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
if ($string === '') return false; if ($string === '') {
return false;
}
// check if it's one of the keywords // check if it's one of the keywords
$lowercase_string = strtolower($string); $lowercase_string = strtolower($string);
@ -54,15 +66,20 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
$final = ''; // output $final = ''; // output
for ($i = 0, $size = count($bits); $i < $size; $i++) { for ($i = 0, $size = count($bits); $i < $size; $i++) {
if ($bits[$i] === '') continue; if ($bits[$i] === '') {
continue;
}
switch ($stage) { switch ($stage) {
case 0: // attempting to catch font-style, font-variant or font-weight
// attempting to catch font-style, font-variant or font-weight
case 0:
foreach ($stage_1 as $validator_name) { foreach ($stage_1 as $validator_name) {
if (isset($caught[$validator_name])) continue; if (isset($caught[$validator_name])) {
continue;
}
$r = $this->info[$validator_name]->validate( $r = $this->info[$validator_name]->validate(
$bits[$i], $config, $context); $bits[$i],
$config,
$context
);
if ($r !== false) { if ($r !== false) {
$final .= $r . ' '; $final .= $r . ' ';
$caught[$validator_name] = true; $caught[$validator_name] = true;
@ -70,11 +87,13 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
} }
} }
// all three caught, continue on // all three caught, continue on
if (count($caught) >= 3) $stage = 1; if (count($caught) >= 3) {
if ($r !== false) break; $stage = 1;
}
// attempting to catch font-size and perhaps line-height if ($r !== false) {
case 1: break;
}
case 1: // attempting to catch font-size and perhaps line-height
$found_slash = false; $found_slash = false;
if (strpos($bits[$i], '/') !== false) { if (strpos($bits[$i], '/') !== false) {
list($font_size, $line_height) = list($font_size, $line_height) =
@ -89,14 +108,19 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
$line_height = false; $line_height = false;
} }
$r = $this->info['font-size']->validate( $r = $this->info['font-size']->validate(
$font_size, $config, $context); $font_size,
$config,
$context
);
if ($r !== false) { if ($r !== false) {
$final .= $r; $final .= $r;
// attempt to catch line-height // attempt to catch line-height
if ($line_height === false) { if ($line_height === false) {
// we need to scroll forward // we need to scroll forward
for ($j = $i + 1; $j < $size; $j++) { for ($j = $i + 1; $j < $size; $j++) {
if ($bits[$j] === '') continue; if ($bits[$j] === '') {
continue;
}
if ($bits[$j] === '/') { if ($bits[$j] === '/') {
if ($found_slash) { if ($found_slash) {
return false; return false;
@ -116,7 +140,10 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
if ($found_slash) { if ($found_slash) {
$i = $j; $i = $j;
$r = $this->info['line-height']->validate( $r = $this->info['line-height']->validate(
$line_height, $config, $context); $line_height,
$config,
$context
);
if ($r !== false) { if ($r !== false) {
$final .= '/' . $r; $final .= '/' . $r;
} }
@ -126,13 +153,14 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
break; break;
} }
return false; return false;
case 2: // attempting to catch font-family
// attempting to catch font-family
case 2:
$font_family = $font_family =
implode(' ', array_slice($bits, $i, $size - $i)); implode(' ', array_slice($bits, $i, $size - $i));
$r = $this->info['font-family']->validate( $r = $this->info['font-family']->validate(
$font_family, $config, $context); $font_family,
$config,
$context
);
if ($r !== false) { if ($r !== false) {
$final .= $r . ' '; $final .= $r . ' ';
// processing completed successfully // processing completed successfully
@ -143,7 +171,6 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
} }
return false; return false;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

42
library/HTMLPurifier/AttrDef/CSS/FontFamily.php
View File

@ -8,11 +8,18 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
protected $mask = null; protected $mask = null;
public function __construct() { public function __construct()
{
$this->mask = '_- '; $this->mask = '_- ';
for ($c = 'a'; $c <= 'z'; $c++) $this->mask .= $c; for ($c = 'a'; $c <= 'z'; $c++) {
for ($c = 'A'; $c <= 'Z'; $c++) $this->mask .= $c; $this->mask .= $c;
for ($c = '0'; $c <= '9'; $c++) $this->mask .= $c; // cast-y, but should be fine }
for ($c = 'A'; $c <= 'Z'; $c++) {
$this->mask .= $c;
}
for ($c = '0'; $c <= '9'; $c++) {
$this->mask .= $c;
} // cast-y, but should be fine
// special bytes used by UTF-8 // special bytes used by UTF-8
for ($i = 0x80; $i <= 0xFF; $i++) { for ($i = 0x80; $i <= 0xFF; $i++) {
// We don't bother excluding invalid bytes in this range, // We don't bother excluding invalid bytes in this range,
@ -39,7 +46,14 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
// possible optimization: invert the mask. // possible optimization: invert the mask.
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
static $generic_names = array( static $generic_names = array(
'serif' => true, 'serif' => true,
'sans-serif' => true, 'sans-serif' => true,
@ -52,9 +66,11 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
// assume that no font names contain commas in them // assume that no font names contain commas in them
$fonts = explode(',', $string); $fonts = explode(',', $string);
$final = ''; $final = '';
foreach($fonts as $font) { foreach ($fonts as $font) {
$font = trim($font); $font = trim($font);
if ($font === '') continue; if ($font === '') {
continue;
}
// match a generic name // match a generic name
if (isset($generic_names[$font])) { if (isset($generic_names[$font])) {
if ($allowed_fonts === null || isset($allowed_fonts[$font])) { if ($allowed_fonts === null || isset($allowed_fonts[$font])) {
@ -65,9 +81,13 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
// match a quoted name // match a quoted name
if ($font[0] === '"' || $font[0] === "'") { if ($font[0] === '"' || $font[0] === "'") {
$length = strlen($font); $length = strlen($font);
if ($length <= 2) continue; if ($length <= 2) {
continue;
}
$quote = $font[0]; $quote = $font[0];
if ($font[$length - 1] !== $quote) continue; if ($font[$length - 1] !== $quote) {
continue;
}
$font = substr($font, 1, $length - 2); $font = substr($font, 1, $length - 2);
} }
@ -188,7 +208,9 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
$final .= "'$font', "; $final .= "'$font', ";
} }
$final = rtrim($final, ', '); $final = rtrim($final, ', ');
if ($final === '') return false; if ($final === '') {
return false;
}
return $final; return $final;
} }

24
library/HTMLPurifier/AttrDef/CSS/Ident.php
View File

@ -6,19 +6,27 @@
class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
// early abort: '' and '0' (strings that convert to false) are invalid // early abort: '' and '0' (strings that convert to false) are invalid
if (!$string) return false; if (!$string) {
return false;
$pattern = '/^(-?[A-Za-z_][A-Za-z_\-0-9]*)$/';
if (!preg_match($pattern, $string)) return false;
return $string;
} }
$pattern = '/^(-?[A-Za-z_][A-Za-z_\-0-9]*)$/';
if (!preg_match($pattern, $string)) {
return false;
}
return $string;
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

28
library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
View File

@ -5,20 +5,34 @@
*/ */
class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
{ {
public $def, $allow; /**
* @type HTMLPurifier_AttrDef
*/
public $def;
/**
* @type bool
*/
public $allow;
/** /**
* @param $def Definition to wrap * @param HTMLPurifier_AttrDef $def Definition to wrap
* @param $allow Whether or not to allow !important * @param bool $allow Whether or not to allow !important
*/ */
public function __construct($def, $allow = false) { public function __construct($def, $allow = false)
{
$this->def = $def; $this->def = $def;
$this->allow = $allow; $this->allow = $allow;
} }
/** /**
* Intercepts and removes !important if necessary * Intercepts and removes !important if necessary
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/ */
public function validate($string, $config, $context) { public function validate($string, $config, $context)
{
// test for ! and important tokens // test for ! and important tokens
$string = trim($string); $string = trim($string);
$is_important = false; $is_important = false;
@ -32,7 +46,9 @@ class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
} }
} }
$string = $this->def->validate($string, $config, $context); $string = $this->def->validate($string, $config, $context);
if ($this->allow && $is_important) $string .= ' !important'; if ($this->allow && $is_important) {
$string .= ' !important';
}
return $string; return $string;
} }
} }

60
library/HTMLPurifier/AttrDef/CSS/Length.php
View File

@ -6,42 +6,72 @@
class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
{ {
protected $min, $max; /**
* @type HTMLPurifier_Length|string
*/
protected $min;
/** /**
* @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable. * @type HTMLPurifier_Length|string
* @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
*/ */
public function __construct($min = null, $max = null) { protected $max;
/**
* @param HTMLPurifier_Length|string $min Minimum length, or null for no bound. String is also acceptable.
* @param HTMLPurifier_Length|string $max Maximum length, or null for no bound. String is also acceptable.
*/
public function __construct($min = null, $max = null)
{
$this->min = $min !== null ? HTMLPurifier_Length::make($min) : null; $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
$this->max = $max !== null ? HTMLPurifier_Length::make($max) : null; $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
// Optimizations // Optimizations
if ($string === '') return false; if ($string === '') {
if ($string === '0') return '0'; return false;
if (strlen($string) === 1) return false; }
if ($string === '0') {
return '0';
}
if (strlen($string) === 1) {
return false;
}
$length = HTMLPurifier_Length::make($string); $length = HTMLPurifier_Length::make($string);
if (!$length->isValid()) return false; if (!$length->isValid()) {
return false;
}
if ($this->min) { if ($this->min) {
$c = $length->compareTo($this->min); $c = $length->compareTo($this->min);
if ($c === false) return false; if ($c === false) {
if ($c < 0) return false; return false;
}
if ($c < 0) {
return false;
}
} }
if ($this->max) { if ($this->max) {
$c = $length->compareTo($this->max); $c = $length->compareTo($this->max);
if ($c === false) return false; if ($c === false) {
if ($c > 0) return false; return false;
}
if ($c > 0) {
return false;
}
} }
return $length->toString(); return $length->toString();
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

82
library/HTMLPurifier/AttrDef/CSS/ListStyle.php
View File

@ -8,23 +8,36 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
{ {
/** /**
* Local copy of component validators. * Local copy of validators.
* @type HTMLPurifier_AttrDef[]
* @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
*/ */
protected $info; protected $info;
public function __construct($config) { /**
* @param HTMLPurifier_Config $config
*/
public function __construct($config)
{
$def = $config->getCSSDefinition(); $def = $config->getCSSDefinition();
$this->info['list-style-type'] = $def->info['list-style-type']; $this->info['list-style-type'] = $def->info['list-style-type'];
$this->info['list-style-position'] = $def->info['list-style-position']; $this->info['list-style-position'] = $def->info['list-style-position'];
$this->info['list-style-image'] = $def->info['list-style-image']; $this->info['list-style-image'] = $def->info['list-style-image'];
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
// regular pre-processing // regular pre-processing
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
if ($string === '') return false; if ($string === '') {
return false;
}
// assumes URI doesn't have spaces in it // assumes URI doesn't have spaces in it
$bits = explode(' ', strtolower($string)); // bits to process $bits = explode(' ', strtolower($string)); // bits to process
@ -38,16 +51,29 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
$none = false; $none = false;
foreach ($bits as $bit) { foreach ($bits as $bit) {
if ($i >= 3) return; // optimization bit if ($i >= 3) {
if ($bit === '') continue; return;
} // optimization bit
if ($bit === '') {
continue;
}
foreach ($caught as $key => $status) { foreach ($caught as $key => $status) {
if ($status !== false) continue; if ($status !== false) {
continue;
}
$r = $this->info['list-style-' . $key]->validate($bit, $config, $context); $r = $this->info['list-style-' . $key]->validate($bit, $config, $context);
if ($r === false) continue; if ($r === false) {
continue;
}
if ($r === 'none') { if ($r === 'none') {
if ($none) continue; if ($none) {
else $none = true; continue;
if ($key == 'image') continue; } else {
$none = true;
}
if ($key == 'image') {
continue;
}
} }
$caught[$key] = $r; $caught[$key] = $r;
$i++; $i++;
@ -55,24 +81,32 @@ class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
} }
} }
if (!$i) return false; if (!$i) {
return false;
}
$ret = array(); $ret = array();
// construct type // construct type
if ($caught['type']) $ret[] = $caught['type']; if ($caught['type']) {
$ret[] = $caught['type'];
// construct image
if ($caught['image']) $ret[] = $caught['image'];
// construct position
if ($caught['position']) $ret[] = $caught['position'];
if (empty($ret)) return false;
return implode(' ', $ret);
} }
// construct image
if ($caught['image']) {
$ret[] = $caught['image'];
}
// construct position
if ($caught['position']) {
$ret[] = $caught['position'];
}
if (empty($ret)) {
return false;
}
return implode(' ', $ret);
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

31
library/HTMLPurifier/AttrDef/CSS/Multiple.php
View File

@ -13,9 +13,9 @@
*/ */
class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
{ {
/** /**
* Instance of component definition to defer validation to. * Instance of component definition to defer validation to.
* @type HTMLPurifier_AttrDef
* @todo Make protected * @todo Make protected
*/ */
public $single; public $single;
@ -27,32 +27,45 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
public $max; public $max;
/** /**
* @param $single HTMLPurifier_AttrDef to multiply * @param HTMLPurifier_AttrDef $single HTMLPurifier_AttrDef to multiply
* @param $max Max number of values allowed (usually four) * @param int $max Max number of values allowed (usually four)
*/ */
public function __construct($single, $max = 4) { public function __construct($single, $max = 4)
{
$this->single = $single; $this->single = $single;
$this->max = $max; $this->max = $max;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
if ($string === '') return false; if ($string === '') {
return false;
}
$parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
$length = count($parts); $length = count($parts);
$final = ''; $final = '';
for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) {
if (ctype_space($parts[$i])) continue; if (ctype_space($parts[$i])) {
continue;
}
$result = $this->single->validate($parts[$i], $config, $context); $result = $this->single->validate($parts[$i], $config, $context);
if ($result !== false) { if ($result !== false) {
$final .= $result . ' '; $final .= $result . ' ';
$num++; $num++;
} }
} }
if ($final === '') return false; if ($final === '') {
return false;
}
return rtrim($final); return rtrim($final);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

43
library/HTMLPurifier/AttrDef/CSS/Number.php
View File

@ -7,32 +7,44 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
{ {
/** /**
* Bool indicating whether or not only positive values allowed. * Indicates whether or not only positive values are allowed.
* @type bool
*/ */
protected $non_negative = false; protected $non_negative = false;
/** /**
* @param $non_negative Bool indicating whether negatives are forbidden * @param bool $non_negative indicates whether negatives are forbidden
*/ */
public function __construct($non_negative = false) { public function __construct($non_negative = false)
{
$this->non_negative = $non_negative; $this->non_negative = $non_negative;
} }
/** /**
* @param string $number
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string|bool
* @warning Some contexts do not pass $config, $context. These * @warning Some contexts do not pass $config, $context. These
* variables should not be used without checking HTMLPurifier_Length * variables should not be used without checking HTMLPurifier_Length
*/ */
public function validate($number, $config, $context) { public function validate($number, $config, $context)
{
$number = $this->parseCDATA($number); $number = $this->parseCDATA($number);
if ($number === '') return false; if ($number === '') {
if ($number === '0') return '0'; return false;
}
if ($number === '0') {
return '0';
}
$sign = ''; $sign = '';
switch ($number[0]) { switch ($number[0]) {
case '-': case '-':
if ($this->non_negative) return false; if ($this->non_negative) {
return false;
}
$sign = '-'; $sign = '-';
case '+': case '+':
$number = substr($number, 1); $number = substr($number, 1);
@ -44,12 +56,18 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
} }
// Period is the only non-numeric character allowed // Period is the only non-numeric character allowed
if (strpos($number, '.') === false) return false; if (strpos($number, '.') === false) {
return false;
}
list($left, $right) = explode('.', $number, 2); list($left, $right) = explode('.', $number, 2);
if ($left === '' && $right === '') return false; if ($left === '' && $right === '') {
if ($left !== '' && !ctype_digit($left)) return false; return false;
}
if ($left !== '' && !ctype_digit($left)) {
return false;
}
$left = ltrim($left, '0'); $left = ltrim($left, '0');
$right = rtrim($right, '0'); $right = rtrim($right, '0');
@ -59,11 +77,8 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
} elseif (!ctype_digit($right)) { } elseif (!ctype_digit($right)) {
return false; return false;
} }
return $sign . $left . '.' . $right; return $sign . $left . '.' . $right;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

38
library/HTMLPurifier/AttrDef/CSS/Percentage.php
View File

@ -7,34 +7,48 @@ class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
{ {
/** /**
* Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation * Instance to defer number validation to.
* @type HTMLPurifier_AttrDef_CSS_Number
*/ */
protected $number_def; protected $number_def;
/** /**
* @param Bool indicating whether to forbid negative values * @param bool $non_negative Whether to forbid negative values
*/ */
public function __construct($non_negative = false) { public function __construct($non_negative = false)
{
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
if ($string === '') return false; if ($string === '') {
return false;
}
$length = strlen($string); $length = strlen($string);
if ($length === 1) return false; if ($length === 1) {
if ($string[$length - 1] !== '%') return false; return false;
}
if ($string[$length - 1] !== '%') {
return false;
}
$number = substr($string, 0, $length - 1); $number = substr($string, 0, $length - 1);
$number = $this->number_def->validate($number, $config, $context); $number = $this->number_def->validate($number, $config, $context);
if ($number === false) return false; if ($number === false) {
return "$number%"; return false;
}
return "$number%";
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

22
library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
View File

@ -8,8 +8,14 @@
class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
static $allowed_values = array( static $allowed_values = array(
'line-through' => true, 'line-through' => true,
'overline' => true, 'overline' => true,
@ -18,7 +24,9 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
$string = strtolower($this->parseCDATA($string)); $string = strtolower($this->parseCDATA($string));
if ($string === 'none') return $string; if ($string === 'none') {
return $string;
}
$parts = explode(' ', $string); $parts = explode(' ', $string);
$final = ''; $final = '';
@ -28,11 +36,11 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
} }
} }
$final = rtrim($final); $final = rtrim($final);
if ($final === '') return false; if ($final === '') {
return $final; return false;
}
return $final;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

31
library/HTMLPurifier/AttrDef/CSS/URI.php
View File

@ -12,25 +12,39 @@
class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
{ {
public function __construct() { public function __construct()
{
parent::__construct(true); // always embedded parent::__construct(true); // always embedded
} }
public function validate($uri_string, $config, $context) { /**
* @param string $uri_string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($uri_string, $config, $context)
{
// parse the URI out of the string and then pass it onto // parse the URI out of the string and then pass it onto
// the parent object // the parent object
$uri_string = $this->parseCDATA($uri_string); $uri_string = $this->parseCDATA($uri_string);
if (strpos($uri_string, 'url(') !== 0) return false; if (strpos($uri_string, 'url(') !== 0) {
return false;
}
$uri_string = substr($uri_string, 4); $uri_string = substr($uri_string, 4);
$new_length = strlen($uri_string) - 1; $new_length = strlen($uri_string) - 1;
if ($uri_string[$new_length] != ')') return false; if ($uri_string[$new_length] != ')') {
return false;
}
$uri = trim(substr($uri_string, 0, $new_length)); $uri = trim(substr($uri_string, 0, $new_length));
if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
$quote = $uri[0]; $quote = $uri[0];
$new_length = strlen($uri) - 1; $new_length = strlen($uri) - 1;
if ($uri[$new_length] !== $quote) return false; if ($uri[$new_length] !== $quote) {
return false;
}
$uri = substr($uri, 1, $new_length - 1); $uri = substr($uri, 1, $new_length - 1);
} }
@ -38,7 +52,9 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
$result = parent::validate($uri, $config, $context); $result = parent::validate($uri, $config, $context);
if ($result === false) return false; if ($result === false) {
return false;
}
// extra sanity check; should have been done by URI // extra sanity check; should have been done by URI
$result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
@ -51,11 +67,8 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
// an innerHTML cycle, so a very unlucky query parameter could // an innerHTML cycle, so a very unlucky query parameter could
// then change the meaning of the URL. Unfortunately, there's // then change the meaning of the URL. Unfortunately, there's
// not much we can do about that... // not much we can do about that...
return "url(\"$result\")"; return "url(\"$result\")";
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

26
library/HTMLPurifier/AttrDef/Clone.php
View File

@ -7,22 +7,38 @@
class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef
{ {
/** /**
* What we're cloning * What we're cloning.
* @type HTMLPurifier_AttrDef
*/ */
protected $clone; protected $clone;
public function __construct($clone) { /**
* @param HTMLPurifier_AttrDef $clone
*/
public function __construct($clone)
{
$this->clone = $clone; $this->clone = $clone;
} }
public function validate($v, $config, $context) { /**
* @param string $v
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($v, $config, $context)
{
return $this->clone->validate($v, $config, $context); return $this->clone->validate($v, $config, $context);
} }
public function make($string) { /**
* @param string $string
* @return HTMLPurifier_AttrDef
*/
public function make($string)
{
return clone $this->clone; return clone $this->clone;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

26
library/HTMLPurifier/AttrDef/Enum.php
View File

@ -12,6 +12,7 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
/** /**
* Lookup table of valid values. * Lookup table of valid values.
* @type array
* @todo Make protected * @todo Make protected
*/ */
public $valid_values = array(); public $valid_values = array();
@ -23,17 +24,23 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
protected $case_sensitive = false; // values according to W3C spec protected $case_sensitive = false; // values according to W3C spec
/** /**
* @param $valid_values List of valid values * @param array $valid_values List of valid values
* @param $case_sensitive Bool indicating whether or not case sensitive * @param bool $case_sensitive Whether or not case sensitive
*/ */
public function __construct( public function __construct($valid_values = array(), $case_sensitive = false)
$valid_values = array(), $case_sensitive = false {
) {
$this->valid_values = array_flip($valid_values); $this->valid_values = array_flip($valid_values);
$this->case_sensitive = $case_sensitive; $this->case_sensitive = $case_sensitive;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
if (!$this->case_sensitive) { if (!$this->case_sensitive) {
// we may want to do full case-insensitive libraries // we may want to do full case-insensitive libraries
@ -45,11 +52,13 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
} }
/** /**
* @param $string In form of comma-delimited list of case-insensitive * @param string $string In form of comma-delimited list of case-insensitive
* valid values. Example: "foo,bar,baz". Prepend "s:" to make * valid values. Example: "foo,bar,baz". Prepend "s:" to make
* case sensitive * case sensitive
* @return HTMLPurifier_AttrDef_Enum
*/ */
public function make($string) { public function make($string)
{
if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
$string = substr($string, 2); $string = substr($string, 2);
$sensitive = true; $sensitive = true;
@ -59,7 +68,6 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
$values = explode(',', $string); $values = explode(',', $string);
return new HTMLPurifier_AttrDef_Enum($values, $sensitive); return new HTMLPurifier_AttrDef_Enum($values, $sensitive);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

35
library/HTMLPurifier/AttrDef/HTML/Bool.php
View File

@ -6,23 +6,46 @@
class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
{ {
/**
* @type bool
*/
protected $name; protected $name;
/**
* @type bool
*/
public $minimized = true; public $minimized = true;
public function __construct($name = false) {$this->name = $name;} /**
* @param bool $name
*/
public function __construct($name = false)
{
$this->name = $name;
}
public function validate($string, $config, $context) { /**
if (empty($string)) return false; * @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
if (empty($string)) {
return false;
}
return $this->name; return $this->name;
} }
/** /**
* @param $string Name of attribute * @param string $string Name of attribute
* @return HTMLPurifier_AttrDef_HTML_Bool
*/ */
public function make($string) { public function make($string)
{
return new HTMLPurifier_AttrDef_HTML_Bool($string); return new HTMLPurifier_AttrDef_HTML_Bool($string);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

22
library/HTMLPurifier/AttrDef/HTML/Class.php
View File

@ -5,7 +5,14 @@
*/ */
class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
{ {
protected function split($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
protected function split($string, $config, $context)
{
// really, this twiddle should be lazy loaded // really, this twiddle should be lazy loaded
$name = $config->getDefinition('HTML')->doctype->name; $name = $config->getDefinition('HTML')->doctype->name;
if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
@ -14,13 +21,20 @@ class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
return preg_split('/\s+/', $string); return preg_split('/\s+/', $string);
} }
} }
protected function filter($tokens, $config, $context) {
/**
* @param array $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
protected function filter($tokens, $config, $context)
{
$allowed = $config->get('Attr.AllowedClasses'); $allowed = $config->get('Attr.AllowedClasses');
$forbidden = $config->get('Attr.ForbiddenClasses'); $forbidden = $config->get('Attr.ForbiddenClasses');
$ret = array(); $ret = array();
foreach ($tokens as $token) { foreach ($tokens as $token) {
if ( if (($allowed === null || isset($allowed[$token])) &&
($allowed === null || isset($allowed[$token])) &&
!isset($forbidden[$token]) && !isset($forbidden[$token]) &&
// We need this O(n) check because of PHP's array // We need this O(n) check because of PHP's array
// implementation that casts -0 to 0. // implementation that casts -0 to 0.

48
library/HTMLPurifier/AttrDef/HTML/Color.php
View File

@ -6,28 +6,46 @@
class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
static $colors = null; static $colors = null;
if ($colors === null) $colors = $config->get('Core.ColorKeywords'); if ($colors === null) {
$colors = $config->get('Core.ColorKeywords');
}
$string = trim($string); $string = trim($string);
if (empty($string)) return false; if (empty($string)) {
return false;
}
$lower = strtolower($string); $lower = strtolower($string);
if (isset($colors[$lower])) return $colors[$lower]; if (isset($colors[$lower])) {
if ($string[0] === '#') $hex = substr($string, 1); return $colors[$lower];
else $hex = $string; }
if ($string[0] === '#') {
$length = strlen($hex); $hex = substr($string, 1);
if ($length !== 3 && $length !== 6) return false; } else {
if (!ctype_xdigit($hex)) return false; $hex = $string;
if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2];
return "#$hex";
} }
$length = strlen($hex);
if ($length !== 3 && $length !== 6) {
return false;
}
if (!ctype_xdigit($hex)) {
return false;
}
if ($length === 3) {
$hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
}
return "#$hex";
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

27
library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
View File

@ -6,16 +6,33 @@
class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
{ {
/**
* @type array
*/
public $valid_values = false; // uninitialized value public $valid_values = false; // uninitialized value
/**
* @type bool
*/
protected $case_sensitive = false; protected $case_sensitive = false;
public function __construct() {} public function __construct()
{
public function validate($string, $config, $context) {
if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets');
return parent::validate($string, $config, $context);
} }
/**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
if ($this->valid_values === false) {
$this->valid_values = $config->get('Attr.AllowedFrameTargets');
}
return parent::validate($string, $config, $context);
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

53
library/HTMLPurifier/AttrDef/HTML/ID.php
View File

@ -18,34 +18,56 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
/** /**
* Determines whether or not we're validating an ID in a CSS * Determines whether or not we're validating an ID in a CSS
* selector context. * selector context.
* @type bool
*/ */
protected $selector; protected $selector;
public function __construct($selector = false) { /**
* @param bool $selector
*/
public function __construct($selector = false)
{
$this->selector = $selector; $this->selector = $selector;
} }
public function validate($id, $config, $context) { /**
* @param string $id
if (!$this->selector && !$config->get('Attr.EnableID')) return false; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($id, $config, $context)
{
if (!$this->selector && !$config->get('Attr.EnableID')) {
return false;
}
$id = trim($id); // trim it first $id = trim($id); // trim it first
if ($id === '') return false; if ($id === '') {
return false;
}
$prefix = $config->get('Attr.IDPrefix'); $prefix = $config->get('Attr.IDPrefix');
if ($prefix !== '') { if ($prefix !== '') {
$prefix .= $config->get('Attr.IDPrefixLocal'); $prefix .= $config->get('Attr.IDPrefixLocal');
// prevent re-appending the prefix // prevent re-appending the prefix
if (strpos($id, $prefix) !== 0) $id = $prefix . $id; if (strpos($id, $prefix) !== 0) {
$id = $prefix . $id;
}
} elseif ($config->get('Attr.IDPrefixLocal') !== '') { } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
trigger_error('%Attr.IDPrefixLocal cannot be used unless '. trigger_error(
'%Attr.IDPrefix is set', E_USER_WARNING); '%Attr.IDPrefixLocal cannot be used unless ' .
'%Attr.IDPrefix is set',
E_USER_WARNING
);
} }
if (!$this->selector) { if (!$this->selector) {
$id_accumulator =& $context->get('IDAccumulator'); $id_accumulator =& $context->get('IDAccumulator');
if (isset($id_accumulator->ids[$id])) return false; if (isset($id_accumulator->ids[$id])) {
return false;
}
} }
// we purposely avoid using regex, hopefully this is faster // we purposely avoid using regex, hopefully this is faster
@ -53,8 +75,11 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
if (ctype_alpha($id)) { if (ctype_alpha($id)) {
$result = true; $result = true;
} else { } else {
if (!ctype_alpha(@$id[0])) return false; if (!ctype_alpha(@$id[0])) {
$trim = trim( // primitive style of regexps, I suppose return false;
}
// primitive style of regexps, I suppose
$trim = trim(
$id, $id,
'A..Za..z0..9:-._' 'A..Za..z0..9:-._'
); );
@ -66,15 +91,15 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
return false; return false;
} }
if (!$this->selector && $result) $id_accumulator->add($id); if (!$this->selector && $result) {
$id_accumulator->add($id);
}
// if no change was made to the ID, return the result // if no change was made to the ID, return the result
// else, return the new id if stripping whitespace made it // else, return the new id if stripping whitespace made it
// valid, or return false. // valid, or return false.
return $result ? $id : false; return $result ? $id : false;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

43
library/HTMLPurifier/AttrDef/HTML/Length.php
View File

@ -10,32 +10,47 @@
class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
if ($string === '') return false; if ($string === '') {
return false;
}
$parent_result = parent::validate($string, $config, $context); $parent_result = parent::validate($string, $config, $context);
if ($parent_result !== false) return $parent_result; if ($parent_result !== false) {
return $parent_result;
}
$length = strlen($string); $length = strlen($string);
$last_char = $string[$length - 1]; $last_char = $string[$length - 1];
if ($last_char !== '%') return false; if ($last_char !== '%') {
return false;
}
$points = substr($string, 0, $length - 1); $points = substr($string, 0, $length - 1);
if (!is_numeric($points)) return false; if (!is_numeric($points)) {
return false;
$points = (int) $points;
if ($points < 0) return '0%';
if ($points > 100) return '100%';
return ((string) $points) . '%';
} }
$points = (int)$points;
if ($points < 0) {
return '0%';
}
if ($points > 100) {
return '100%';
}
return ((string)$points) . '%';
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

47
library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
View File

@ -9,26 +9,44 @@
class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
{ {
/** Name config attribute to pull. */ /**
* Name config attribute to pull.
* @type string
*/
protected $name; protected $name;
public function __construct($name) { /**
* @param string $name
*/
public function __construct($name)
{
$configLookup = array( $configLookup = array(
'rel' => 'AllowedRel', 'rel' => 'AllowedRel',
'rev' => 'AllowedRev' 'rev' => 'AllowedRev'
); );
if (!isset($configLookup[$name])) { if (!isset($configLookup[$name])) {
trigger_error('Unrecognized attribute name for link '. trigger_error(
'relationship.', E_USER_ERROR); 'Unrecognized attribute name for link ' .
'relationship.',
E_USER_ERROR
);
return; return;
} }
$this->name = $configLookup[$name]; $this->name = $configLookup[$name];
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$allowed = $config->get('Attr.' . $this->name); $allowed = $config->get('Attr.' . $this->name);
if (empty($allowed)) return false; if (empty($allowed)) {
return false;
}
$string = $this->parseCDATA($string); $string = $this->parseCDATA($string);
$parts = explode(' ', $string); $parts = explode(' ', $string);
@ -37,17 +55,18 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
$ret_lookup = array(); $ret_lookup = array();
foreach ($parts as $part) { foreach ($parts as $part) {
$part = strtolower(trim($part)); $part = strtolower(trim($part));
if (!isset($allowed[$part])) continue; if (!isset($allowed[$part])) {
continue;
}
$ret_lookup[$part] = true; $ret_lookup[$part] = true;
} }
if (empty($ret_lookup)) return false; if (empty($ret_lookup)) {
$string = implode(' ', array_keys($ret_lookup)); return false;
}
return $string; $string = implode(' ', array_keys($ret_lookup));
return $string;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

49
library/HTMLPurifier/AttrDef/HTML/MultiLength.php
View File

@ -9,33 +9,52 @@
class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
if ($string === '') return false; if ($string === '') {
return false;
}
$parent_result = parent::validate($string, $config, $context); $parent_result = parent::validate($string, $config, $context);
if ($parent_result !== false) return $parent_result; if ($parent_result !== false) {
return $parent_result;
}
$length = strlen($string); $length = strlen($string);
$last_char = $string[$length - 1]; $last_char = $string[$length - 1];
if ($last_char !== '*') return false; if ($last_char !== '*') {
return false;
}
$int = substr($string, 0, $length - 1); $int = substr($string, 0, $length - 1);
if ($int == '') return '*'; if ($int == '') {
if (!is_numeric($int)) return false; return '*';
}
$int = (int) $int; if (!is_numeric($int)) {
return false;
if ($int < 0) return false;
if ($int == 0) return '0';
if ($int == 1) return '*';
return ((string) $int) . '*';
} }
$int = (int)$int;
if ($int < 0) {
return false;
}
if ($int == 0) {
return '0';
}
if ($int == 1) {
return '*';
}
return ((string)$int) . '*';
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

38
library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
View File

@ -6,24 +6,38 @@
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
// early abort: '' and '0' (strings that convert to false) are invalid // early abort: '' and '0' (strings that convert to false) are invalid
if (!$string) return false; if (!$string) {
return false;
}
$tokens = $this->split($string, $config, $context); $tokens = $this->split($string, $config, $context);
$tokens = $this->filter($tokens, $config, $context); $tokens = $this->filter($tokens, $config, $context);
if (empty($tokens)) return false; if (empty($tokens)) {
return false;
}
return implode(' ', $tokens); return implode(' ', $tokens);
} }
/** /**
* Splits a space separated list of tokens into its constituent parts. * Splits a space separated list of tokens into its constituent parts.
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/ */
protected function split($string, $config, $context) { protected function split($string, $config, $context)
{
// OPTIMIZABLE! // OPTIMIZABLE!
// do the preg_match, capture all subpatterns for reformulation // do the preg_match, capture all subpatterns for reformulation
@ -31,8 +45,8 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
// escaping because I don't know how to do that with regexps // escaping because I don't know how to do that with regexps
// and plus it would complicate optimization efforts (you never // and plus it would complicate optimization efforts (you never
// see that anyway). // see that anyway).
$pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start
'((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' .
'(?:(?=\s)|\z)/'; // look ahead for space or string end '(?:(?=\s)|\z)/'; // look ahead for space or string end
preg_match_all($pattern, $string, $matches); preg_match_all($pattern, $string, $matches);
return $matches[1]; return $matches[1];
@ -42,11 +56,15 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
* Template method for removing certain tokens based on arbitrary criteria. * Template method for removing certain tokens based on arbitrary criteria.
* @note If we wanted to be really functional, we'd do an array_filter * @note If we wanted to be really functional, we'd do an array_filter
* with a callback. But... we're not. * with a callback. But... we're not.
* @param array $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/ */
protected function filter($tokens, $config, $context) { protected function filter($tokens, $config, $context)
{
return $tokens; return $tokens;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

60
library/HTMLPurifier/AttrDef/HTML/Pixels.php
View File

@ -6,43 +6,71 @@
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
{ {
/**
* @type int
*/
protected $max; protected $max;
public function __construct($max = null) { /**
* @param int $max
*/
public function __construct($max = null)
{
$this->max = $max; $this->max = $max;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
if ($string === '0') return $string; if ($string === '0') {
if ($string === '') return false; return $string;
}
if ($string === '') {
return false;
}
$length = strlen($string); $length = strlen($string);
if (substr($string, $length - 2) == 'px') { if (substr($string, $length - 2) == 'px') {
$string = substr($string, 0, $length - 2); $string = substr($string, 0, $length - 2);
} }
if (!is_numeric($string)) return false; if (!is_numeric($string)) {
$int = (int) $string; return false;
}
$int = (int)$string;
if ($int < 0) return '0'; if ($int < 0) {
return '0';
}
// upper-bound value, extremely high values can // upper-bound value, extremely high values can
// crash operating systems, see <http://ha.ckers.org/imagecrash.html> // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
// WARNING, above link WILL crash you if you're using Windows // WARNING, above link WILL crash you if you're using Windows
if ($this->max !== null && $int > $this->max) return (string) $this->max; if ($this->max !== null && $int > $this->max) {
return (string)$this->max;
return (string) $int; }
return (string)$int;
} }
public function make($string) { /**
if ($string === '') $max = null; * @param string $string
else $max = (int) $string; * @return HTMLPurifier_AttrDef
*/
public function make($string)
{
if ($string === '') {
$max = null;
} else {
$max = (int)$string;
}
$class = get_class($this); $class = get_class($this);
return new $class($max); return new $class($max);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

60
library/HTMLPurifier/AttrDef/Integer.php
View File

@ -11,17 +11,20 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
{ {
/** /**
* Bool indicating whether or not negative values are allowed * Whether or not negative values are allowed.
* @type bool
*/ */
protected $negative = true; protected $negative = true;
/** /**
* Bool indicating whether or not zero is allowed * Whether or not zero is allowed.
* @type bool
*/ */
protected $zero = true; protected $zero = true;
/** /**
* Bool indicating whether or not positive values are allowed * Whether or not positive values are allowed.
* @type bool
*/ */
protected $positive = true; protected $positive = true;
@ -30,44 +33,59 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
* @param $zero Bool indicating whether or not zero is allowed * @param $zero Bool indicating whether or not zero is allowed
* @param $positive Bool indicating whether or not positive values are allowed * @param $positive Bool indicating whether or not positive values are allowed
*/ */
public function __construct( public function __construct($negative = true, $zero = true, $positive = true)
$negative = true, $zero = true, $positive = true {
) {
$this->negative = $negative; $this->negative = $negative;
$this->zero = $zero; $this->zero = $zero;
$this->positive = $positive; $this->positive = $positive;
} }
public function validate($integer, $config, $context) { /**
* @param string $integer
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($integer, $config, $context)
{
$integer = $this->parseCDATA($integer); $integer = $this->parseCDATA($integer);
if ($integer === '') return false; if ($integer === '') {
return false;
}
// we could possibly simply typecast it to integer, but there are // we could possibly simply typecast it to integer, but there are
// certain fringe cases that must not return an integer. // certain fringe cases that must not return an integer.
// clip leading sign // clip leading sign
if ( $this->negative && $integer[0] === '-' ) { if ($this->negative && $integer[0] === '-') {
$digits = substr($integer, 1); $digits = substr($integer, 1);
if ($digits === '0') $integer = '0'; // rm minus sign for zero if ($digits === '0') {
} elseif( $this->positive && $integer[0] === '+' ) { $integer = '0';
} // rm minus sign for zero
} elseif ($this->positive && $integer[0] === '+') {
$digits = $integer = substr($integer, 1); // rm unnecessary plus $digits = $integer = substr($integer, 1); // rm unnecessary plus
} else { } else {
$digits = $integer; $digits = $integer;
} }
// test if it's numeric // test if it's numeric
if (!ctype_digit($digits)) return false; if (!ctype_digit($digits)) {
return false;
// perform scope tests
if (!$this->zero && $integer == 0) return false;
if (!$this->positive && $integer > 0) return false;
if (!$this->negative && $integer < 0) return false;
return $integer;
} }
// perform scope tests
if (!$this->zero && $integer == 0) {
return false;
}
if (!$this->positive && $integer > 0) {
return false;
}
if (!$this->negative && $integer < 0) {
return false;
}
return $integer;
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

39
library/HTMLPurifier/AttrDef/Lang.php
View File

@ -7,15 +7,25 @@
class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$string = trim($string); $string = trim($string);
if (!$string) return false; if (!$string) {
return false;
}
$subtags = explode('-', $string); $subtags = explode('-', $string);
$num_subtags = count($subtags); $num_subtags = count($subtags);
if ($num_subtags == 0) return false; // sanity check if ($num_subtags == 0) { // sanity check
return false;
}
// process primary subtag : $subtags[0] // process primary subtag : $subtags[0]
$length = strlen($subtags[0]); $length = strlen($subtags[0]);
@ -23,15 +33,15 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
case 0: case 0:
return false; return false;
case 1: case 1:
if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { if (!($subtags[0] == 'x' || $subtags[0] == 'i')) {
return false; return false;
} }
break; break;
case 2: case 2:
case 3: case 3:
if (! ctype_alpha($subtags[0]) ) { if (!ctype_alpha($subtags[0])) {
return false; return false;
} elseif (! ctype_lower($subtags[0]) ) { } elseif (!ctype_lower($subtags[0])) {
$subtags[0] = strtolower($subtags[0]); $subtags[0] = strtolower($subtags[0]);
} }
break; break;
@ -40,17 +50,23 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
} }
$new_string = $subtags[0]; $new_string = $subtags[0];
if ($num_subtags == 1) return $new_string; if ($num_subtags == 1) {
return $new_string;
}
// process second subtag : $subtags[1] // process second subtag : $subtags[1]
$length = strlen($subtags[1]); $length = strlen($subtags[1]);
if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) {
return $new_string; return $new_string;
} }
if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); if (!ctype_lower($subtags[1])) {
$subtags[1] = strtolower($subtags[1]);
}
$new_string .= '-' . $subtags[1]; $new_string .= '-' . $subtags[1];
if ($num_subtags == 2) return $new_string; if ($num_subtags == 2) {
return $new_string;
}
// process all other subtags, index 2 and up // process all other subtags, index 2 and up
for ($i = 2; $i < $num_subtags; $i++) { for ($i = 2; $i < $num_subtags; $i++) {
@ -63,11 +79,8 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
} }
$new_string .= '-' . $subtags[$i]; $new_string .= '-' . $subtags[$i];
} }
return $new_string; return $new_string;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

27
library/HTMLPurifier/AttrDef/Switch.php
View File

@ -6,21 +6,41 @@
class HTMLPurifier_AttrDef_Switch class HTMLPurifier_AttrDef_Switch
{ {
/**
* @type string
*/
protected $tag; protected $tag;
protected $withTag, $withoutTag;
/**
* @type HTMLPurifier_AttrDef
*/
protected $withTag;
/**
* @type HTMLPurifier_AttrDef
*/
protected $withoutTag;
/** /**
* @param string $tag Tag name to switch upon * @param string $tag Tag name to switch upon
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
*/ */
public function __construct($tag, $with_tag, $without_tag) { public function __construct($tag, $with_tag, $without_tag)
{
$this->tag = $tag; $this->tag = $tag;
$this->withTag = $with_tag; $this->withTag = $with_tag;
$this->withoutTag = $without_tag; $this->withoutTag = $without_tag;
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$token = $context->get('CurrentToken', true); $token = $context->get('CurrentToken', true);
if (!$token || $token->name !== $this->tag) { if (!$token || $token->name !== $this->tag) {
return $this->withoutTag->validate($string, $config, $context); return $this->withoutTag->validate($string, $config, $context);
@ -28,7 +48,6 @@ class HTMLPurifier_AttrDef_Switch
return $this->withTag->validate($string, $config, $context); return $this->withTag->validate($string, $config, $context);
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

10
library/HTMLPurifier/AttrDef/Text.php
View File

@ -6,10 +6,16 @@
class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
return $this->parseCDATA($string); return $this->parseCDATA($string);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

70
library/HTMLPurifier/AttrDef/URI.php
View File

@ -7,31 +7,54 @@
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
{ {
/**
* @type HTMLPurifier_URIParser
*/
protected $parser; protected $parser;
/**
* @type bool
*/
protected $embedsResource; protected $embedsResource;
/** /**
* @param $embeds_resource_resource Does the URI here result in an extra HTTP request? * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
*/ */
public function __construct($embeds_resource = false) { public function __construct($embeds_resource = false)
{
$this->parser = new HTMLPurifier_URIParser(); $this->parser = new HTMLPurifier_URIParser();
$this->embedsResource = (bool) $embeds_resource; $this->embedsResource = (bool)$embeds_resource;
} }
public function make($string) { /**
* @param string $string
* @return HTMLPurifier_AttrDef_URI
*/
public function make($string)
{
$embeds = ($string === 'embedded'); $embeds = ($string === 'embedded');
return new HTMLPurifier_AttrDef_URI($embeds); return new HTMLPurifier_AttrDef_URI($embeds);
} }
public function validate($uri, $config, $context) { /**
* @param string $uri
if ($config->get('URI.Disable')) return false; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($uri, $config, $context)
{
if ($config->get('URI.Disable')) {
return false;
}
$uri = $this->parseCDATA($uri); $uri = $this->parseCDATA($uri);
// parse the URI // parse the URI
$uri = $this->parser->parse($uri); $uri = $this->parser->parse($uri);
if ($uri === false) return false; if ($uri === false) {
return false;
}
// add embedded flag to context for validators // add embedded flag to context for validators
$context->register('EmbeddedURI', $this->embedsResource); $context->register('EmbeddedURI', $this->embedsResource);
@ -41,23 +64,35 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
// generic validation // generic validation
$result = $uri->validate($config, $context); $result = $uri->validate($config, $context);
if (!$result) break; if (!$result) {
break;
}
// chained filtering // chained filtering
$uri_def = $config->getDefinition('URI'); $uri_def = $config->getDefinition('URI');
$result = $uri_def->filter($uri, $config, $context); $result = $uri_def->filter($uri, $config, $context);
if (!$result) break; if (!$result) {
break;
}
// scheme-specific validation // scheme-specific validation
$scheme_obj = $uri->getSchemeObj($config, $context); $scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) break; if (!$scheme_obj) {
if ($this->embedsResource && !$scheme_obj->browsable) break; break;
}
if ($this->embedsResource && !$scheme_obj->browsable) {
break;
}
$result = $scheme_obj->validate($uri, $config, $context); $result = $scheme_obj->validate($uri, $config, $context);
if (!$result) break; if (!$result) {
break;
}
// Post chained filtering // Post chained filtering
$result = $uri_def->postFilter($uri, $config, $context); $result = $uri_def->postFilter($uri, $config, $context);
if (!$result) break; if (!$result) {
break;
}
// survived gauntlet // survived gauntlet
$ok = true; $ok = true;
@ -65,13 +100,12 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
} while (false); } while (false);
$context->destroy('EmbeddedURI'); $context->destroy('EmbeddedURI');
if (!$ok) return false; if (!$ok) {
return false;
}
// back to string // back to string
return $uri->toString(); return $uri->toString();
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

5
library/HTMLPurifier/AttrDef/URI/Email.php
View File

@ -5,8 +5,11 @@ abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
/** /**
* Unpacks a mailbox into its display-name and address * Unpacks a mailbox into its display-name and address
* @param string $string
* @return mixed
*/ */
function unpack($string) { public function unpack($string)
{
// needs to be implemented // needs to be implemented
} }

14
library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
View File

@ -7,15 +7,23 @@
class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
{ {
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
// no support for named mailboxes i.e. "Bob <bob@example.com>" // no support for named mailboxes i.e. "Bob <bob@example.com>"
// that needs more percent encoding to be done // that needs more percent encoding to be done
if ($string == '') return false; if ($string == '') {
return false;
}
$string = trim($string); $string = trim($string);
$result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string);
return $result ? $string : false; return $result ? $string : false;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

36
library/HTMLPurifier/AttrDef/URI/Host.php
View File

@ -7,21 +7,31 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
{ {
/** /**
* Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator * IPv4 sub-validator.
* @type HTMLPurifier_AttrDef_URI_IPv4
*/ */
protected $ipv4; protected $ipv4;
/** /**
* Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator * IPv6 sub-validator.
* @type HTMLPurifier_AttrDef_URI_IPv6
*/ */
protected $ipv6; protected $ipv6;
public function __construct() { public function __construct()
{
$this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
$this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
} }
public function validate($string, $config, $context) { /**
* @param string $string
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($string, $config, $context)
{
$length = strlen($string); $length = strlen($string);
// empty hostname is OK; it's usually semantically equivalent: // empty hostname is OK; it's usually semantically equivalent:
// the default host as defined by a URI scheme is used: // the default host as defined by a URI scheme is used:
@ -29,18 +39,24 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
// If the URI scheme defines a default for host, then that // If the URI scheme defines a default for host, then that
// default applies when the host subcomponent is undefined // default applies when the host subcomponent is undefined
// or when the registered name is empty (zero length). // or when the registered name is empty (zero length).
if ($string === '') return ''; if ($string === '') {
if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { return '';
}
if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') {
//IPv6 //IPv6
$ip = substr($string, 1, $length - 2); $ip = substr($string, 1, $length - 2);
$valid = $this->ipv6->validate($ip, $config, $context); $valid = $this->ipv6->validate($ip, $config, $context);
if ($valid === false) return false; if ($valid === false) {
return '['. $valid . ']'; return false;
}
return '[' . $valid . ']';
} }
// need to do checks on unusual encodings too // need to do checks on unusual encodings too
$ipv4 = $this->ipv4->validate($string, $config, $context); $ipv4 = $this->ipv4->validate($string, $config, $context);
if ($ipv4 !== false) return $ipv4; if ($ipv4 !== false) {
return $ipv4;
}
// A regular domain name. // A regular domain name.
@ -105,10 +121,8 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
// XXX error reporting // XXX error reporting
} }
} }
return false; return false;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

26
library/HTMLPurifier/AttrDef/URI/IPv4.php
View File

@ -8,32 +8,38 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
{ {
/** /**
* IPv4 regex, protected so that IPv6 can reuse it * IPv4 regex, protected so that IPv6 can reuse it.
* @type string
*/ */
protected $ip4; protected $ip4;
public function validate($aIP, $config, $context) { /**
* @param string $aIP
if (!$this->ip4) $this->_loadRegex(); * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) * @return bool|string
*/
public function validate($aIP, $config, $context)
{ {
return $aIP; if (!$this->ip4) {
$this->_loadRegex();
} }
if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) {
return $aIP;
}
return false; return false;
} }
/** /**
* Lazy load function to prevent regex from being stuffed in * Lazy load function to prevent regex from being stuffed in
* cache. * cache.
*/ */
protected function _loadRegex() { protected function _loadRegex()
{
$oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
$this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

62
library/HTMLPurifier/AttrDef/URI/IPv6.php
View File

@ -9,9 +9,17 @@
class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
{ {
public function validate($aIP, $config, $context) { /**
* @param string $aIP
if (!$this->ip4) $this->_loadRegex(); * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($aIP, $config, $context)
{
if (!$this->ip4) {
$this->_loadRegex();
}
$original = $aIP; $original = $aIP;
@ -20,23 +28,18 @@ class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
$pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128 $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
// prefix check // prefix check
if (strpos($aIP, '/') !== false) if (strpos($aIP, '/') !== false) {
{ if (preg_match('#' . $pre . '$#s', $aIP, $find)) {
if (preg_match('#' . $pre . '$#s', $aIP, $find)) $aIP = substr($aIP, 0, 0 - strlen($find[0]));
{
$aIP = substr($aIP, 0, 0-strlen($find[0]));
unset($find); unset($find);
} } else {
else
{
return false; return false;
} }
} }
// IPv4-compatiblity check // IPv4-compatiblity check
if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find)) if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) {
{ $aIP = substr($aIP, 0, 0 - strlen($find[0]));
$aIP = substr($aIP, 0, 0-strlen($find[0]));
$ip = explode('.', $find[0]); $ip = explode('.', $find[0]);
$ip = array_map('dechex', $ip); $ip = array_map('dechex', $ip);
$aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
@ -46,54 +49,41 @@ class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
// compression check // compression check
$aIP = explode('::', $aIP); $aIP = explode('::', $aIP);
$c = count($aIP); $c = count($aIP);
if ($c > 2) if ($c > 2) {
{
return false; return false;
} } elseif ($c == 2) {
elseif ($c == 2)
{
list($first, $second) = $aIP; list($first, $second) = $aIP;
$first = explode(':', $first); $first = explode(':', $first);
$second = explode(':', $second); $second = explode(':', $second);
if (count($first) + count($second) > 8) if (count($first) + count($second) > 8) {
{
return false; return false;
} }
while(count($first) < 8) while (count($first) < 8) {
{
array_push($first, '0'); array_push($first, '0');
} }
array_splice($first, 8 - count($second), 8, $second); array_splice($first, 8 - count($second), 8, $second);
$aIP = $first; $aIP = $first;
unset($first,$second); unset($first, $second);
} } else {
else
{
$aIP = explode(':', $aIP[0]); $aIP = explode(':', $aIP[0]);
} }
$c = count($aIP); $c = count($aIP);
if ($c != 8) if ($c != 8) {
{
return false; return false;
} }
// All the pieces should be 16-bit hex strings. Are they? // All the pieces should be 16-bit hex strings. Are they?
foreach ($aIP as $piece) foreach ($aIP as $piece) {
{ if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) {
if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece)))
{
return false; return false;
} }
} }
return $original; return $original;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

28
library/HTMLPurifier/AttrTransform.php
View File

@ -20,37 +20,41 @@ abstract class HTMLPurifier_AttrTransform
/** /**
* Abstract: makes changes to the attributes dependent on multiple values. * Abstract: makes changes to the attributes dependent on multiple values.
* *
* @param $attr Assoc array of attributes, usually from * @param array $attr Assoc array of attributes, usually from
* HTMLPurifier_Token_Tag::$attr * HTMLPurifier_Token_Tag::$attr
* @param $config Mandatory HTMLPurifier_Config object. * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
* @param $context Mandatory HTMLPurifier_Context object * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object
* @returns Processed attribute array. * @return array Processed attribute array.
*/ */
abstract public function transform($attr, $config, $context); abstract public function transform($attr, $config, $context);
/** /**
* Prepends CSS properties to the style attribute, creating the * Prepends CSS properties to the style attribute, creating the
* attribute if it doesn't exist. * attribute if it doesn't exist.
* @param $attr Attribute array to process (passed by reference) * @param array &$attr Attribute array to process (passed by reference)
* @param $css CSS to prepend * @param string $css CSS to prepend
*/ */
public function prependCSS(&$attr, $css) { public function prependCSS(&$attr, $css)
{
$attr['style'] = isset($attr['style']) ? $attr['style'] : ''; $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
$attr['style'] = $css . $attr['style']; $attr['style'] = $css . $attr['style'];
} }
/** /**
* Retrieves and removes an attribute * Retrieves and removes an attribute
* @param $attr Attribute array to process (passed by reference) * @param array &$attr Attribute array to process (passed by reference)
* @param $key Key of attribute to confiscate * @param mixed $key Key of attribute to confiscate
* @return mixed
*/ */
public function confiscateAttr(&$attr, $key) { public function confiscateAttr(&$attr, $key)
if (!isset($attr[$key])) return null; {
if (!isset($attr[$key])) {
return null;
}
$value = $attr[$key]; $value = $attr[$key];
unset($attr[$key]); unset($attr[$key]);
return $value; return $value;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

21
library/HTMLPurifier/AttrTransform/Background.php
View File

@ -3,21 +3,26 @@
/** /**
* Pre-transform that changes proprietary background attribute to CSS. * Pre-transform that changes proprietary background attribute to CSS.
*/ */
class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context) { /**
* @param array $attr
if (!isset($attr['background'])) return $attr; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['background'])) {
return $attr;
}
$background = $this->confiscateAttr($attr, 'background'); $background = $this->confiscateAttr($attr, 'background');
// some validation should happen here // some validation should happen here
$this->prependCSS($attr, "background-image:url($background);"); $this->prependCSS($attr, "background-image:url($background);");
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

14
library/HTMLPurifier/AttrTransform/BdoDir.php
View File

@ -8,12 +8,20 @@
class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { /**
if (isset($attr['dir'])) return $attr; * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (isset($attr['dir'])) {
return $attr;
}
$attr['dir'] = $config->get('Attr.DefaultTextDir'); $attr['dir'] = $config->get('Attr.DefaultTextDir');
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

21
library/HTMLPurifier/AttrTransform/BgColor.php
View File

@ -3,21 +3,26 @@
/** /**
* Pre-transform that changes deprecated bgcolor attribute to CSS. * Pre-transform that changes deprecated bgcolor attribute to CSS.
*/ */
class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context) { /**
* @param array $attr
if (!isset($attr['bgcolor'])) return $attr; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['bgcolor'])) {
return $attr;
}
$bgcolor = $this->confiscateAttr($attr, 'bgcolor'); $bgcolor = $this->confiscateAttr($attr, 'bgcolor');
// some validation should happen here // some validation should happen here
$this->prependCSS($attr, "background-color:$bgcolor;"); $this->prependCSS($attr, "background-color:$bgcolor;");
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

31
library/HTMLPurifier/AttrTransform/BoolToCSS.php
View File

@ -3,34 +3,45 @@
/** /**
* Pre-transform that changes converts a boolean attribute to fixed CSS * Pre-transform that changes converts a boolean attribute to fixed CSS
*/ */
class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform
{
/** /**
* Name of boolean attribute that is trigger * Name of boolean attribute that is trigger.
* @type string
*/ */
protected $attr; protected $attr;
/** /**
* CSS declarations to add to style, needs trailing semicolon * CSS declarations to add to style, needs trailing semicolon.
* @type string
*/ */
protected $css; protected $css;
/** /**
* @param $attr string attribute name to convert from * @param string $attr attribute name to convert from
* @param $css string CSS declarations to add to style (needs semicolon) * @param string $css CSS declarations to add to style (needs semicolon)
*/ */
public function __construct($attr, $css) { public function __construct($attr, $css)
{
$this->attr = $attr; $this->attr = $attr;
$this->css = $css; $this->css = $css;
} }
public function transform($attr, $config, $context) { /**
if (!isset($attr[$this->attr])) return $attr; * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr[$this->attr])) {
return $attr;
}
unset($attr[$this->attr]); unset($attr[$this->attr]);
$this->prependCSS($attr, $this->css); $this->prependCSS($attr, $this->css);
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

18
library/HTMLPurifier/AttrTransform/Border.php
View File

@ -3,16 +3,24 @@
/** /**
* Pre-transform that changes deprecated border attribute to CSS. * Pre-transform that changes deprecated border attribute to CSS.
*/ */
class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context) { /**
if (!isset($attr['border'])) return $attr; * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['border'])) {
return $attr;
}
$border_width = $this->confiscateAttr($attr, 'border'); $border_width = $this->confiscateAttr($attr, 'border');
// some validation should happen here // some validation should happen here
$this->prependCSS($attr, "border:{$border_width}px solid;"); $this->prependCSS($attr, "border:{$border_width}px solid;");
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

46
library/HTMLPurifier/AttrTransform/EnumToCSS.php
View File

@ -4,55 +4,65 @@
* Generic pre-transform that converts an attribute with a fixed number of * Generic pre-transform that converts an attribute with a fixed number of
* values (enumerated) to CSS. * values (enumerated) to CSS.
*/ */
class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform
{
/** /**
* Name of attribute to transform from * Name of attribute to transform from.
* @type string
*/ */
protected $attr; protected $attr;
/** /**
* Lookup array of attribute values to CSS * Lookup array of attribute values to CSS.
* @type array
*/ */
protected $enumToCSS = array(); protected $enumToCSS = array();
/** /**
* Case sensitivity of the matching * Case sensitivity of the matching.
* @type bool
* @warning Currently can only be guaranteed to work with ASCII * @warning Currently can only be guaranteed to work with ASCII
* values. * values.
*/ */
protected $caseSensitive = false; protected $caseSensitive = false;
/** /**
* @param $attr String attribute name to transform from * @param string $attr Attribute name to transform from
* @param $enumToCSS Lookup array of attribute values to CSS * @param array $enum_to_css Lookup array of attribute values to CSS
* @param $case_sensitive Boolean case sensitivity indicator, default false * @param bool $case_sensitive Case sensitivity indicator, default false
*/ */
public function __construct($attr, $enum_to_css, $case_sensitive = false) { public function __construct($attr, $enum_to_css, $case_sensitive = false)
{
$this->attr = $attr; $this->attr = $attr;
$this->enumToCSS = $enum_to_css; $this->enumToCSS = $enum_to_css;
$this->caseSensitive = (bool) $case_sensitive; $this->caseSensitive = (bool)$case_sensitive;
} }
public function transform($attr, $config, $context) { /**
* @param array $attr
if (!isset($attr[$this->attr])) return $attr; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr[$this->attr])) {
return $attr;
}
$value = trim($attr[$this->attr]); $value = trim($attr[$this->attr]);
unset($attr[$this->attr]); unset($attr[$this->attr]);
if (!$this->caseSensitive) $value = strtolower($value); if (!$this->caseSensitive) {
$value = strtolower($value);
}
if (!isset($this->enumToCSS[$value])) { if (!isset($this->enumToCSS[$value])) {
return $attr; return $attr;
} }
$this->prependCSS($attr, $this->enumToCSS[$value]); $this->prependCSS($attr, $this->enumToCSS[$value]);
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

19
library/HTMLPurifier/AttrTransform/ImgRequired.php
View File

@ -11,11 +11,19 @@
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
$src = true; $src = true;
if (!isset($attr['src'])) { if (!isset($attr['src'])) {
if ($config->get('Core.RemoveInvalidImg')) return $attr; if ($config->get('Core.RemoveInvalidImg')) {
return $attr;
}
$attr['src'] = $config->get('Attr.DefaultInvalidImage'); $attr['src'] = $config->get('Attr.DefaultInvalidImage');
$src = false; $src = false;
} }
@ -25,7 +33,7 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
$alt = $config->get('Attr.DefaultImageAlt'); $alt = $config->get('Attr.DefaultImageAlt');
if ($alt === null) { if ($alt === null) {
// truncate if the alt is too long // truncate if the alt is too long
$attr['alt'] = substr(basename($attr['src']),0,40); $attr['alt'] = substr(basename($attr['src']), 0, 40);
} else { } else {
$attr['alt'] = $alt; $attr['alt'] = $alt;
} }
@ -33,11 +41,8 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
$attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
} }
} }
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

39
library/HTMLPurifier/AttrTransform/ImgSpace.php
View File

@ -3,42 +3,59 @@
/** /**
* Pre-transform that changes deprecated hspace and vspace attributes to CSS * Pre-transform that changes deprecated hspace and vspace attributes to CSS
*/ */
class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform
{
/**
* @type string
*/
protected $attr; protected $attr;
/**
* @type array
*/
protected $css = array( protected $css = array(
'hspace' => array('left', 'right'), 'hspace' => array('left', 'right'),
'vspace' => array('top', 'bottom') 'vspace' => array('top', 'bottom')
); );
public function __construct($attr) { /**
* @param string $attr
*/
public function __construct($attr)
{
$this->attr = $attr; $this->attr = $attr;
if (!isset($this->css[$attr])) { if (!isset($this->css[$attr])) {
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute'); trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
} }
} }
public function transform($attr, $config, $context) { /**
* @param array $attr
if (!isset($attr[$this->attr])) return $attr; * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr[$this->attr])) {
return $attr;
}
$width = $this->confiscateAttr($attr, $this->attr); $width = $this->confiscateAttr($attr, $this->attr);
// some validation could happen here // some validation could happen here
if (!isset($this->css[$this->attr])) return $attr; if (!isset($this->css[$this->attr])) {
return $attr;
}
$style = ''; $style = '';
foreach ($this->css[$this->attr] as $suffix) { foreach ($this->css[$this->attr] as $suffix) {
$property = "margin-$suffix"; $property = "margin-$suffix";
$style .= "$property:{$width}px;"; $style .= "$property:{$width}px;";
} }
$this->prependCSS($attr, $style); $this->prependCSS($attr, $style);
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

34
library/HTMLPurifier/AttrTransform/Input.php
View File

@ -4,17 +4,31 @@
* Performs miscellaneous cross attribute validation and filtering for * Performs miscellaneous cross attribute validation and filtering for
* input elements. This is meant to be a post-transform. * input elements. This is meant to be a post-transform.
*/ */
class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform { class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform
{
/**
* @type HTMLPurifier_AttrDef_HTML_Pixels
*/
protected $pixels; protected $pixels;
public function __construct() { public function __construct()
{
$this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels(); $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
} }
public function transform($attr, $config, $context) { /**
if (!isset($attr['type'])) $t = 'text'; * @param array $attr
else $t = strtolower($attr['type']); * @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['type'])) {
$t = 'text';
} else {
$t = strtolower($attr['type']);
}
if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') { if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
unset($attr['checked']); unset($attr['checked']);
} }
@ -23,8 +37,11 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
} }
if (isset($attr['size']) && $t !== 'text' && $t !== 'password') { if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
$result = $this->pixels->validate($attr['size'], $config, $context); $result = $this->pixels->validate($attr['size'], $config, $context);
if ($result === false) unset($attr['size']); if ($result === false) {
else $attr['size'] = $result; unset($attr['size']);
} else {
$attr['size'] = $result;
}
} }
if (isset($attr['src']) && $t !== 'image') { if (isset($attr['src']) && $t !== 'image') {
unset($attr['src']); unset($attr['src']);
@ -34,7 +51,6 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
} }
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

13
library/HTMLPurifier/AttrTransform/Lang.php
View File

@ -8,8 +8,14 @@
class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
$lang = isset($attr['lang']) ? $attr['lang'] : false; $lang = isset($attr['lang']) ? $attr['lang'] : false;
$xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false; $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
@ -18,11 +24,8 @@ class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
} elseif ($xml_lang !== false) { } elseif ($xml_lang !== false) {
$attr['lang'] = $xml_lang; $attr['lang'] = $xml_lang;
} }
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

28
library/HTMLPurifier/AttrTransform/Length.php
View File

@ -6,22 +6,40 @@
class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
{ {
/**
* @type string
*/
protected $name; protected $name;
/**
* @type string
*/
protected $cssName; protected $cssName;
public function __construct($name, $css_name = null) { public function __construct($name, $css_name = null)
{
$this->name = $name; $this->name = $name;
$this->cssName = $css_name ? $css_name : $name; $this->cssName = $css_name ? $css_name : $name;
} }
public function transform($attr, $config, $context) { /**
if (!isset($attr[$this->name])) return $attr; * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr[$this->name])) {
return $attr;
}
$length = $this->confiscateAttr($attr, $this->name); $length = $this->confiscateAttr($attr, $this->name);
if(ctype_digit($length)) $length .= 'px'; if (ctype_digit($length)) {
$length .= 'px';
}
$this->prependCSS($attr, $this->cssName . ":$length;"); $this->prependCSS($attr, $this->cssName . ":$length;");
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

22
library/HTMLPurifier/AttrTransform/Name.php
View File

@ -6,16 +6,28 @@
class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
// Abort early if we're using relaxed definition of name // Abort early if we're using relaxed definition of name
if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr; if ($config->get('HTML.Attr.Name.UseCDATA')) {
if (!isset($attr['name'])) return $attr; return $attr;
}
if (!isset($attr['name'])) {
return $attr;
}
$id = $this->confiscateAttr($attr, 'name'); $id = $this->confiscateAttr($attr, 'name');
if ( isset($attr['id'])) return $attr; if (isset($attr['id'])) {
return $attr;
}
$attr['id'] = $id; $attr['id'] = $id;
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

32
library/HTMLPurifier/AttrTransform/NameSync.php
View File

@ -8,20 +8,34 @@
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
{ {
public function __construct() { public function __construct()
{
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
} }
public function transform($attr, $config, $context) { /**
if (!isset($attr['name'])) return $attr; * @param array $attr
$name = $attr['name']; * @param HTMLPurifier_Config $config
if (isset($attr['id']) && $attr['id'] === $name) return $attr; * @param HTMLPurifier_Context $context
$result = $this->idDef->validate($name, $config, $context); * @return array
if ($result === false) unset($attr['name']); */
else $attr['name'] = $result; public function transform($attr, $config, $context)
{
if (!isset($attr['name'])) {
return $attr;
}
$name = $attr['name'];
if (isset($attr['id']) && $attr['id'] === $name) {
return $attr;
}
$result = $this->idDef->validate($name, $config, $context);
if ($result === false) {
unset($attr['name']);
} else {
$attr['name'] = $result;
}
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

19
library/HTMLPurifier/AttrTransform/Nofollow.php
View File

@ -8,14 +8,24 @@
*/ */
class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
{ {
/**
* @type HTMLPurifier_URIParser
*/
private $parser; private $parser;
public function __construct() { public function __construct()
{
$this->parser = new HTMLPurifier_URIParser(); $this->parser = new HTMLPurifier_URIParser();
} }
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['href'])) { if (!isset($attr['href'])) {
return $attr; return $attr;
} }
@ -35,11 +45,8 @@ class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
$attr['rel'] = 'nofollow'; $attr['rel'] = 'nofollow';
} }
} }
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

12
library/HTMLPurifier/AttrTransform/SafeEmbed.php
View File

@ -2,9 +2,19 @@
class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
{ {
/**
* @type string
*/
public $name = "SafeEmbed"; public $name = "SafeEmbed";
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
$attr['allowscriptaccess'] = 'never'; $attr['allowscriptaccess'] = 'never';
$attr['allownetworking'] = 'internal'; $attr['allownetworking'] = 'internal';
$attr['type'] = 'application/x-shockwave-flash'; $attr['type'] = 'application/x-shockwave-flash';

16
library/HTMLPurifier/AttrTransform/SafeObject.php
View File

@ -5,10 +5,22 @@
*/ */
class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
{ {
/**
* @type string
*/
public $name = "SafeObject"; public $name = "SafeObject";
function transform($attr, $config, $context) { /**
if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['type'])) {
$attr['type'] = 'application/x-shockwave-flash';
}
return $attr; return $attr;
} }
} }

19
library/HTMLPurifier/AttrTransform/SafeParam.php
View File

@ -14,15 +14,30 @@
*/ */
class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
{ {
/**
* @type string
*/
public $name = "SafeParam"; public $name = "SafeParam";
/**
* @type HTMLPurifier_AttrDef_URI
*/
private $uri; private $uri;
public function __construct() { public function __construct()
{
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
} }
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
// If we add support for other objects, we'll need to alter the // If we add support for other objects, we'll need to alter the
// transforms. // transforms.
switch ($attr['name']) { switch ($attr['name']) {

9
library/HTMLPurifier/AttrTransform/ScriptRequired.php
View File

@ -5,7 +5,14 @@
*/ */
class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['type'])) { if (!isset($attr['type'])) {
$attr['type'] = 'text/javascript'; $attr['type'] = 'text/javascript';
} }

19
library/HTMLPurifier/AttrTransform/TargetBlank.php
View File

@ -9,14 +9,24 @@
*/ */
class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
{ {
/**
* @type HTMLPurifier_URIParser
*/
private $parser; private $parser;
public function __construct() { public function __construct()
{
$this->parser = new HTMLPurifier_URIParser(); $this->parser = new HTMLPurifier_URIParser();
} }
public function transform($attr, $config, $context) { /**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if (!isset($attr['href'])) { if (!isset($attr['href'])) {
return $attr; return $attr;
} }
@ -28,11 +38,8 @@ class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
if ($scheme->browsable && !$url->isBenign($config, $context)) { if ($scheme->browsable && !$url->isBenign($config, $context)) {
$attr['target'] = '_blank'; $attr['target'] = '_blank';
} }
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

19
library/HTMLPurifier/AttrTransform/Textarea.php
View File

@ -5,14 +5,23 @@
*/ */
class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
{ {
/**
public function transform($attr, $config, $context) { * @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
// Calculated from Firefox // Calculated from Firefox
if (!isset($attr['cols'])) $attr['cols'] = '22'; if (!isset($attr['cols'])) {
if (!isset($attr['rows'])) $attr['rows'] = '3'; $attr['cols'] = '22';
}
if (!isset($attr['rows'])) {
$attr['rows'] = '3';
}
return $attr; return $attr;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

33
library/HTMLPurifier/AttrTypes.php
View File

@ -6,7 +6,8 @@
class HTMLPurifier_AttrTypes class HTMLPurifier_AttrTypes
{ {
/** /**
* Lookup array of attribute string identifiers to concrete implementations * Lookup array of attribute string identifiers to concrete implementations.
* @type HTMLPurifier_AttrDef[]
*/ */
protected $info = array(); protected $info = array();
@ -14,7 +15,8 @@ class HTMLPurifier_AttrTypes
* Constructs the info array, supplying default implementations for attribute * Constructs the info array, supplying default implementations for attribute
* types. * types.
*/ */
public function __construct() { public function __construct()
{
// XXX This is kind of poor, since we don't actually /clone/ // XXX This is kind of poor, since we don't actually /clone/
// instances; instead, we use the supplied make() attribute. So, // instances; instead, we use the supplied make() attribute. So,
// the underlying class must know how to deal with arguments. // the underlying class must know how to deal with arguments.
@ -54,36 +56,39 @@ class HTMLPurifier_AttrTypes
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
} }
private static function makeEnum($in) { private static function makeEnum($in)
{
return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
} }
/** /**
* Retrieves a type * Retrieves a type
* @param $type String type name * @param string $type String type name
* @return Object AttrDef for type * @return HTMLPurifier_AttrDef Object AttrDef for type
*/ */
public function get($type) { public function get($type)
{
// determine if there is any extra info tacked on // determine if there is any extra info tacked on
if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); if (strpos($type, '#') !== false) {
else $string = ''; list($type, $string) = explode('#', $type, 2);
} else {
$string = '';
}
if (!isset($this->info[$type])) { if (!isset($this->info[$type])) {
trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
return; return;
} }
return $this->info[$type]->make($string); return $this->info[$type]->make($string);
} }
/** /**
* Sets a new implementation for a type * Sets a new implementation for a type
* @param $type String type name * @param string $type String type name
* @param $impl Object AttrDef for type * @param HTMLPurifier_AttrDef $impl Object AttrDef for type
*/ */
public function set($type, $impl) { public function set($type, $impl)
{
$this->info[$type] = $impl; $this->info[$type] = $impl;
} }
} }

58
library/HTMLPurifier/AttrValidator.php
View File

@ -11,15 +11,16 @@ class HTMLPurifier_AttrValidator
/** /**
* Validates the attributes of a token, returning a modified token * Validates the attributes of a token, returning a modified token
* that has valid tokens * that has valid tokens
* @param $token Reference to token to validate. We require a reference * @param HTMLPurifier_Token $token Reference to token to validate. We require a reference
* because the operation this class performs on the token are * because the operation this class performs on the token are
* not atomic, so the context CurrentToken to be updated * not atomic, so the context CurrentToken to be updated
* throughout * throughout
* @param $config Instance of HTMLPurifier_Config * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
* @param $context Instance of HTMLPurifier_Context * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
* @return HTMLPurifier_Token
*/ */
public function validateToken(&$token, &$config, $context) { public function validateToken(&$token, &$config, $context)
{
$definition = $config->getHTMLDefinition(); $definition = $config->getHTMLDefinition();
$e =& $context->get('ErrorCollector', true); $e =& $context->get('ErrorCollector', true);
@ -32,12 +33,15 @@ class HTMLPurifier_AttrValidator
// initialize CurrentToken if necessary // initialize CurrentToken if necessary
$current_token =& $context->get('CurrentToken', true); $current_token =& $context->get('CurrentToken', true);
if (!$current_token) $context->register('CurrentToken', $token); if (!$current_token) {
$context->register('CurrentToken', $token);
}
if ( if (!$token instanceof HTMLPurifier_Token_Start &&
!$token instanceof HTMLPurifier_Token_Start &&
!$token instanceof HTMLPurifier_Token_Empty !$token instanceof HTMLPurifier_Token_Empty
) return $token; ) {
return $token;
}
// create alias to global definition array, see also $defs // create alias to global definition array, see also $defs
// DEFINITION CALL // DEFINITION CALL
@ -51,7 +55,9 @@ class HTMLPurifier_AttrValidator
foreach ($definition->info_attr_transform_pre as $transform) { foreach ($definition->info_attr_transform_pre as $transform) {
$attr = $transform->transform($o = $attr, $config, $context); $attr = $transform->transform($o = $attr, $config, $context);
if ($e) { if ($e) {
if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
} }
} }
@ -60,7 +66,9 @@ class HTMLPurifier_AttrValidator
foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
$attr = $transform->transform($o = $attr, $config, $context); $attr = $transform->transform($o = $attr, $config, $context);
if ($e) { if ($e) {
if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
} }
} }
@ -77,7 +85,7 @@ class HTMLPurifier_AttrValidator
foreach ($attr as $attr_key => $value) { foreach ($attr as $attr_key => $value) {
// call the definition // call the definition
if ( isset($defs[$attr_key]) ) { if (isset($defs[$attr_key])) {
// there is a local definition defined // there is a local definition defined
if ($defs[$attr_key] === false) { if ($defs[$attr_key] === false) {
// We've explicitly been told not to allow this element. // We've explicitly been told not to allow this element.
@ -89,14 +97,18 @@ class HTMLPurifier_AttrValidator
} else { } else {
// validate according to the element's definition // validate according to the element's definition
$result = $defs[$attr_key]->validate( $result = $defs[$attr_key]->validate(
$value, $config, $context $value,
$config,
$context
); );
} }
} elseif ( isset($d_defs[$attr_key]) ) { } elseif (isset($d_defs[$attr_key])) {
// there is a global definition defined, validate according // there is a global definition defined, validate according
// to the global definition // to the global definition
$result = $d_defs[$attr_key]->validate( $result = $d_defs[$attr_key]->validate(
$value, $config, $context $value,
$config,
$context
); );
} else { } else {
// system never heard of the attribute? DELETE! // system never heard of the attribute? DELETE!
@ -107,7 +119,9 @@ class HTMLPurifier_AttrValidator
if ($result === false || $result === null) { if ($result === false || $result === null) {
// this is a generic error message that should replaced // this is a generic error message that should replaced
// with more specific ones when possible // with more specific ones when possible
if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); if ($e) {
$e->send(E_ERROR, 'AttrValidator: Attribute removed');
}
// remove the attribute // remove the attribute
unset($attr[$attr_key]); unset($attr[$attr_key]);
@ -137,7 +151,9 @@ class HTMLPurifier_AttrValidator
foreach ($definition->info_attr_transform_post as $transform) { foreach ($definition->info_attr_transform_post as $transform) {
$attr = $transform->transform($o = $attr, $config, $context); $attr = $transform->transform($o = $attr, $config, $context);
if ($e) { if ($e) {
if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
} }
} }
@ -145,14 +161,18 @@ class HTMLPurifier_AttrValidator
foreach ($definition->info[$token->name]->attr_transform_post as $transform) { foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
$attr = $transform->transform($o = $attr, $config, $context); $attr = $transform->transform($o = $attr, $config, $context);
if ($e) { if ($e) {
if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
} }
} }
$token->attr = $attr; $token->attr = $attr;
// destroy CurrentToken if we made it ourselves // destroy CurrentToken if we made it ourselves
if (!$current_token) $context->destroy('CurrentToken'); if (!$current_token) {
$context->destroy('CurrentToken');
}
} }

45
library/HTMLPurifier/Bootstrap.php
View File

@ -32,11 +32,15 @@ class HTMLPurifier_Bootstrap
/** /**
* Autoload function for HTML Purifier * Autoload function for HTML Purifier
* @param $class Class to load * @param string $class Class to load
* @return bool
*/ */
public static function autoload($class) { public static function autoload($class)
{
$file = HTMLPurifier_Bootstrap::getPath($class); $file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) return false; if (!$file) {
return false;
}
// Technically speaking, it should be ok and more efficient to // Technically speaking, it should be ok and more efficient to
// just do 'require', but Antonio Parraga reports that with // just do 'require', but Antonio Parraga reports that with
// Zend extensions such as Zend debugger and APC, this invariant // Zend extensions such as Zend debugger and APC, this invariant
@ -48,9 +52,14 @@ class HTMLPurifier_Bootstrap
/** /**
* Returns the path for a specific class. * Returns the path for a specific class.
* @param string $class Class path to get
* @return string
*/ */
public static function getPath($class) { public static function getPath($class)
if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; {
if (strncmp('HTMLPurifier', $class, 12) !== 0) {
return false;
}
// Custom implementations // Custom implementations
if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
$code = str_replace('_', '-', substr($class, 22)); $code = str_replace('_', '-', substr($class, 22));
@ -58,16 +67,19 @@ class HTMLPurifier_Bootstrap
} else { } else {
$file = str_replace('_', '/', $class) . '.php'; $file = str_replace('_', '/', $class) . '.php';
} }
if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
return false;
}
return $file; return $file;
} }
/** /**
* "Pre-registers" our autoloader on the SPL stack. * "Pre-registers" our autoloader on the SPL stack.
*/ */
public static function registerAutoload() { public static function registerAutoload()
{
$autoload = array('HTMLPurifier_Bootstrap', 'autoload'); $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
if ( ($funcs = spl_autoload_functions()) === false ) { if (($funcs = spl_autoload_functions()) === false) {
spl_autoload_register($autoload); spl_autoload_register($autoload);
} elseif (function_exists('spl_autoload_unregister')) { } elseif (function_exists('spl_autoload_unregister')) {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) { if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
@ -83,27 +95,30 @@ class HTMLPurifier_Bootstrap
// places where we need to error out // places where we need to error out
$reflector = new ReflectionMethod($func[0], $func[1]); $reflector = new ReflectionMethod($func[0], $func[1]);
if (!$reflector->isStatic()) { if (!$reflector->isStatic()) {
throw new Exception(' throw new Exception(
HTML Purifier autoloader registrar is not compatible 'HTML Purifier autoloader registrar is not compatible
with non-static object methods due to PHP Bug #44144; with non-static object methods due to PHP Bug #44144;
Please do not use HTMLPurifier.autoload.php (or any Please do not use HTMLPurifier.autoload.php (or any
file that includes this file); instead, place the code: file that includes this file); instead, place the code:
spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\')) spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
after your own autoloaders. after your own autoloaders.'
'); );
} }
// Suprisingly, spl_autoload_register supports the // Suprisingly, spl_autoload_register supports the
// Class::staticMethod callback format, although call_user_func doesn't // Class::staticMethod callback format, although call_user_func doesn't
if ($compat) $func = implode('::', $func); if ($compat) {
$func = implode('::', $func);
}
} }
spl_autoload_unregister($func); spl_autoload_unregister($func);
} }
spl_autoload_register($autoload); spl_autoload_register($autoload);
foreach ($funcs as $func) spl_autoload_register($func); foreach ($funcs as $func) {
spl_autoload_register($func);
}
} }
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

302
library/HTMLPurifier/CSSDefinition.php
View File

@ -11,35 +11,59 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
/** /**
* Assoc array of attribute name to definition object. * Assoc array of attribute name to definition object.
* @type HTMLPurifier_AttrDef[]
*/ */
public $info = array(); public $info = array();
/** /**
* Constructs the info array. The meat of this class. * Constructs the info array. The meat of this class.
* @param HTMLPurifier_Config $config
*/ */
protected function doSetup($config) { protected function doSetup($config)
{
$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum( $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
array('left', 'right', 'center', 'justify'), false); array('left', 'right', 'center', 'justify'),
false
);
$border_style = $border_style =
$this->info['border-bottom-style'] = $this->info['border-bottom-style'] =
$this->info['border-right-style'] = $this->info['border-right-style'] =
$this->info['border-left-style'] = $this->info['border-left-style'] =
$this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum( $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double', array(
'groove', 'ridge', 'inset', 'outset'), false); 'none',
'hidden',
'dotted',
'dashed',
'solid',
'double',
'groove',
'ridge',
'inset',
'outset'
),
false
);
$this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style); $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
$this->info['clear'] = new HTMLPurifier_AttrDef_Enum( $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'left', 'right', 'both'), false); array('none', 'left', 'right', 'both'),
false
);
$this->info['float'] = new HTMLPurifier_AttrDef_Enum( $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'left', 'right'), false); array('none', 'left', 'right'),
false
);
$this->info['font-style'] = new HTMLPurifier_AttrDef_Enum( $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'italic', 'oblique'), false); array('normal', 'italic', 'oblique'),
false
);
$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum( $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'small-caps'), false); array('normal', 'small-caps'),
false
);
$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite( $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
array( array(
@ -49,16 +73,31 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
); );
$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum( $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
array('inside', 'outside'), false); array('inside', 'outside'),
false
);
$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum( $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
array('disc', 'circle', 'square', 'decimal', 'lower-roman', array(
'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false); 'disc',
'circle',
'square',
'decimal',
'lower-roman',
'upper-roman',
'lower-alpha',
'upper-alpha',
'none'
),
false
);
$this->info['list-style-image'] = $uri_or_none; $this->info['list-style-image'] = $uri_or_none;
$this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config); $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum( $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
array('capitalize', 'uppercase', 'lowercase', 'none'), false); array('capitalize', 'uppercase', 'lowercase', 'none'),
false
);
$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color(); $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['background-image'] = $uri_or_none; $this->info['background-image'] = $uri_or_none;
@ -75,10 +114,12 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['border-bottom-color'] = $this->info['border-bottom-color'] =
$this->info['border-left-color'] = $this->info['border-left-color'] =
$this->info['border-right-color'] = $this->info['border-right-color'] =
$this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('transparent')), new HTMLPurifier_AttrDef_Enum(array('transparent')),
new HTMLPurifier_AttrDef_CSS_Color() new HTMLPurifier_AttrDef_CSS_Color()
)); )
);
$this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config); $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
@ -88,47 +129,69 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['border-top-width'] = $this->info['border-top-width'] =
$this->info['border-bottom-width'] = $this->info['border-bottom-width'] =
$this->info['border-left-width'] = $this->info['border-left-width'] =
$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')), new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
)); )
);
$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width); $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
$this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')), new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length() new HTMLPurifier_AttrDef_CSS_Length()
)); )
);
$this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')), new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length() new HTMLPurifier_AttrDef_CSS_Length()
)); )
);
$this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small', array(
'small', 'medium', 'large', 'x-large', 'xx-large', new HTMLPurifier_AttrDef_Enum(
'larger', 'smaller')), array(
'xx-small',
'x-small',
'small',
'medium',
'large',
'x-large',
'xx-large',
'larger',
'smaller'
)
),
new HTMLPurifier_AttrDef_CSS_Percentage(), new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_CSS_Length() new HTMLPurifier_AttrDef_CSS_Length()
)); )
);
$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')), new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true) new HTMLPurifier_AttrDef_CSS_Percentage(true)
)); )
);
$margin = $margin =
$this->info['margin-top'] = $this->info['margin-top'] =
$this->info['margin-bottom'] = $this->info['margin-bottom'] =
$this->info['margin-left'] = $this->info['margin-left'] =
$this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage(), new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_Enum(array('auto')) new HTMLPurifier_AttrDef_Enum(array('auto'))
)); )
);
$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin); $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
@ -137,35 +200,44 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['padding-top'] = $this->info['padding-top'] =
$this->info['padding-bottom'] = $this->info['padding-bottom'] =
$this->info['padding-left'] = $this->info['padding-left'] =
$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true) new HTMLPurifier_AttrDef_CSS_Percentage(true)
)); )
);
$this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding); $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
$this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage() new HTMLPurifier_AttrDef_CSS_Percentage()
)); )
);
$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array( $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true), new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('auto')) new HTMLPurifier_AttrDef_Enum(array('auto'))
)); )
);
$max = $config->get('CSS.MaxImgLength'); $max = $config->get('CSS.MaxImgLength');
$this->info['width'] = $this->info['width'] =
$this->info['height'] = $this->info['height'] =
$max === null ? $max === null ?
$trusted_wh : $trusted_wh :
new HTMLPurifier_AttrDef_Switch('img', new HTMLPurifier_AttrDef_Switch(
'img',
// For img tags: // For img tags:
new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0', $max), new HTMLPurifier_AttrDef_CSS_Length('0', $max),
new HTMLPurifier_AttrDef_Enum(array('auto')) new HTMLPurifier_AttrDef_Enum(array('auto'))
)), )
),
// For everyone else: // For everyone else:
$trusted_wh $trusted_wh
); );
@ -176,8 +248,23 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// this could use specialized code // this could use specialized code
$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum( $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300', array(
'400', '500', '600', '700', '800', '900'), false); 'normal',
'bold',
'bolder',
'lighter',
'100',
'200',
'300',
'400',
'500',
'600',
'700',
'800',
'900'
),
false
);
// MUST be called after other font properties, as it references // MUST be called after other font properties, as it references
// a CSSDefinition object // a CSSDefinition object
@ -190,27 +277,44 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['border-left'] = $this->info['border-left'] =
$this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config); $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array( $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(
'collapse', 'separate')); array('collapse', 'separate')
);
$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array( $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(
'top', 'bottom')); array('top', 'bottom')
);
$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array( $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(
'auto', 'fixed')); array('auto', 'fixed')
);
$this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(
new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super', array(
'top', 'text-top', 'middle', 'bottom', 'text-bottom')), new HTMLPurifier_AttrDef_Enum(
array(
'baseline',
'sub',
'super',
'top',
'text-top',
'middle',
'bottom',
'text-bottom'
)
),
new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage() new HTMLPurifier_AttrDef_CSS_Percentage()
)); )
);
$this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2); $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
// These CSS properties don't work on many browsers, but we live // These CSS properties don't work on many browsers, but we live
// in THE FUTURE! // in THE FUTURE!
$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')); $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(
array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')
);
if ($config->get('CSS.Proprietary')) { if ($config->get('CSS.Proprietary')) {
$this->doSetupProprietary($config); $this->doSetupProprietary($config);
@ -233,7 +337,11 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->setupConfigStuff($config); $this->setupConfigStuff($config);
} }
protected function doSetupProprietary($config) { /**
* @param HTMLPurifier_Config $config
*/
protected function doSetupProprietary($config)
{
// Internet Explorer only scrollbar colors // Internet Explorer only scrollbar colors
$this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color(); $this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color(); $this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color();
@ -252,57 +360,96 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// more CSS3 // more CSS3
$this->info['page-break-after'] = $this->info['page-break-after'] =
$this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(array('auto','always','avoid','left','right')); $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(
$this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto','avoid')); array(
'auto',
'always',
'avoid',
'left',
'right'
)
);
$this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid'));
} }
protected function doSetupTricky($config) { /**
$this->info['display'] = new HTMLPurifier_AttrDef_Enum(array( * @param HTMLPurifier_Config $config
'inline', 'block', 'list-item', 'run-in', 'compact', */
'marker', 'table', 'inline-block', 'inline-table', 'table-row-group', protected function doSetupTricky($config)
'table-header-group', 'table-footer-group', 'table-row', {
'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none' $this->info['display'] = new HTMLPurifier_AttrDef_Enum(
)); array(
$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array( 'inline',
'visible', 'hidden', 'collapse' 'block',
)); 'list-item',
'run-in',
'compact',
'marker',
'table',
'inline-block',
'inline-table',
'table-row-group',
'table-header-group',
'table-footer-group',
'table-row',
'table-column-group',
'table-column',
'table-cell',
'table-caption',
'none'
)
);
$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(
array('visible', 'hidden', 'collapse')
);
$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll')); $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
} }
protected function doSetupTrusted($config) { /**
$this->info['position'] = new HTMLPurifier_AttrDef_Enum(array( * @param HTMLPurifier_Config $config
'static', 'relative', 'absolute', 'fixed' */
)); protected function doSetupTrusted($config)
{
$this->info['position'] = new HTMLPurifier_AttrDef_Enum(
array('static', 'relative', 'absolute', 'fixed')
);
$this->info['top'] = $this->info['top'] =
$this->info['left'] = $this->info['left'] =
$this->info['right'] = $this->info['right'] =
$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage(), new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_Enum(array('auto')), new HTMLPurifier_AttrDef_Enum(array('auto')),
)); )
$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array( );
$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Integer(), new HTMLPurifier_AttrDef_Integer(),
new HTMLPurifier_AttrDef_Enum(array('auto')), new HTMLPurifier_AttrDef_Enum(array('auto')),
)); )
);
} }
/** /**
* Performs extra config-based processing. Based off of * Performs extra config-based processing. Based off of
* HTMLPurifier_HTMLDefinition. * HTMLPurifier_HTMLDefinition.
* @param HTMLPurifier_Config $config
* @todo Refactor duplicate elements into common class (probably using * @todo Refactor duplicate elements into common class (probably using
* composition, not inheritance). * composition, not inheritance).
*/ */
protected function setupConfigStuff($config) { protected function setupConfigStuff($config)
{
// setup allowed elements // setup allowed elements
$support = "(for information on implementing this, see the ". $support = "(for information on implementing this, see the " .
"support forums) "; "support forums) ";
$allowed_properties = $config->get('CSS.AllowedProperties'); $allowed_properties = $config->get('CSS.AllowedProperties');
if ($allowed_properties !== null) { if ($allowed_properties !== null) {
foreach ($this->info as $name => $d) { foreach ($this->info as $name => $d) {
if(!isset($allowed_properties[$name])) unset($this->info[$name]); if (!isset($allowed_properties[$name])) {
unset($this->info[$name]);
}
unset($allowed_properties[$name]); unset($allowed_properties[$name]);
} }
// emit errors // emit errors
@ -321,7 +468,6 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
} }
} }
} }
} }
} }

22
library/HTMLPurifier/ChildDef.php
View File

@ -8,39 +8,43 @@ abstract class HTMLPurifier_ChildDef
/** /**
* Type of child definition, usually right-most part of class name lowercase. * Type of child definition, usually right-most part of class name lowercase.
* Used occasionally in terms of context. * Used occasionally in terms of context.
* @type string
*/ */
public $type; public $type;
/** /**
* Bool that indicates whether or not an empty array of children is okay * Indicates whether or not an empty array of children is okay.
* *
* This is necessary for redundant checking when changes affecting * This is necessary for redundant checking when changes affecting
* a child node may cause a parent node to now be disallowed. * a child node may cause a parent node to now be disallowed.
* @type bool
*/ */
public $allow_empty; public $allow_empty;
/** /**
* Lookup array of all elements that this definition could possibly allow * Lookup array of all elements that this definition could possibly allow.
* @type array
*/ */
public $elements = array(); public $elements = array();
/** /**
* Get lookup of tag names that should not close this element automatically. * Get lookup of tag names that should not close this element automatically.
* All other elements will do so. * All other elements will do so.
* @param HTMLPurifier_Config $config HTMLPurifier_Config object
* @return array
*/ */
public function getAllowedElements($config) { public function getAllowedElements($config)
{
return $this->elements; return $this->elements;
} }
/** /**
* Validates nodes according to definition and returns modification. * Validates nodes according to definition and returns modification.
* *
* @param $tokens_of_children Array of HTMLPurifier_Token * @param HTMLPurifier_Token[] $tokens_of_children Array of HTMLPurifier_Token
* @param $config HTMLPurifier_Config object * @param HTMLPurifier_Config $config HTMLPurifier_Config object
* @param $context HTMLPurifier_Context object * @param HTMLPurifier_Context $context HTMLPurifier_Context object
* @return bool true to leave nodes as is * @return bool|array true to leave nodes as is, false to remove parent node, array of replacement child tokens
* @return bool false to remove parent node
* @return array of replacement child tokens
*/ */
abstract public function validateChildren($tokens_of_children, $config, $context); abstract public function validateChildren($tokens_of_children, $config, $context);
} }

31
library/HTMLPurifier/ChildDef/Chameleon.php
View File

@ -14,33 +14,52 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
/** /**
* Instance of the definition object to use when inline. Usually stricter. * Instance of the definition object to use when inline. Usually stricter.
* @type HTMLPurifier_ChildDef_Optional
*/ */
public $inline; public $inline;
/** /**
* Instance of the definition object to use when block. * Instance of the definition object to use when block.
* @type HTMLPurifier_ChildDef_Optional
*/ */
public $block; public $block;
/**
* @type string
*/
public $type = 'chameleon'; public $type = 'chameleon';
/** /**
* @param $inline List of elements to allow when inline. * @param array $inline List of elements to allow when inline.
* @param $block List of elements to allow when block. * @param array $block List of elements to allow when block.
*/ */
public function __construct($inline, $block) { public function __construct($inline, $block)
{
$this->inline = new HTMLPurifier_ChildDef_Optional($inline); $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
$this->block = new HTMLPurifier_ChildDef_Optional($block); $this->block = new HTMLPurifier_ChildDef_Optional($block);
$this->elements = $this->block->elements; $this->elements = $this->block->elements;
} }
public function validateChildren($tokens_of_children, $config, $context) { /**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function validateChildren($tokens_of_children, $config, $context)
{
if ($context->get('IsInline') === false) { if ($context->get('IsInline') === false) {
return $this->block->validateChildren( return $this->block->validateChildren(
$tokens_of_children, $config, $context); $tokens_of_children,
$config,
$context
);
} else { } else {
return $this->inline->validateChildren( return $this->inline->validateChildren(
$tokens_of_children, $config, $context); $tokens_of_children,
$config,
$context
);
} }
} }
} }

47
library/HTMLPurifier/ChildDef/Custom.php
View File

@ -8,28 +8,42 @@
*/ */
class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
{ {
public $type = 'custom';
public $allow_empty = false;
/** /**
* Allowed child pattern as defined by the DTD * @type string
*/
public $type = 'custom';
/**
* @type bool
*/
public $allow_empty = false;
/**
* Allowed child pattern as defined by the DTD.
* @type string
*/ */
public $dtd_regex; public $dtd_regex;
/** /**
* PCRE regex derived from $dtd_regex * PCRE regex derived from $dtd_regex.
* @private * @type string
*/ */
private $_pcre_regex; private $_pcre_regex;
/** /**
* @param $dtd_regex Allowed child pattern from the DTD * @param $dtd_regex Allowed child pattern from the DTD
*/ */
public function __construct($dtd_regex) { public function __construct($dtd_regex)
{
$this->dtd_regex = $dtd_regex; $this->dtd_regex = $dtd_regex;
$this->_compileRegex(); $this->_compileRegex();
} }
/** /**
* Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex) * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
*/ */
protected function _compileRegex() { protected function _compileRegex()
{
$raw = str_replace(' ', '', $this->dtd_regex); $raw = str_replace(' ', '', $this->dtd_regex);
if ($raw{0} != '(') { if ($raw{0} != '(') {
$raw = "($raw)"; $raw = "($raw)";
@ -57,11 +71,21 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
$this->_pcre_regex = $reg; $this->_pcre_regex = $reg;
} }
public function validateChildren($tokens_of_children, $config, $context) {
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function validateChildren($tokens_of_children, $config, $context)
{
$list_of_children = ''; $list_of_children = '';
$nesting = 0; // depth into the nest $nesting = 0; // depth into the nest
foreach ($tokens_of_children as $token) { foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) continue; if (!empty($token->is_whitespace)) {
continue;
}
$is_child = ($nesting == 0); // direct $is_child = ($nesting == 0); // direct
@ -79,11 +103,10 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
$list_of_children = ',' . rtrim($list_of_children, ','); $list_of_children = ',' . rtrim($list_of_children, ',');
$okay = $okay =
preg_match( preg_match(
'/^,?'.$this->_pcre_regex.'$/', '/^,?' . $this->_pcre_regex . '$/',
$list_of_children $list_of_children
); );
return (bool)$okay;
return (bool) $okay;
} }
} }

22
library/HTMLPurifier/ChildDef/Empty.php
View File

@ -9,10 +9,28 @@
*/ */
class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
{ {
/**
* @type bool
*/
public $allow_empty = true; public $allow_empty = true;
/**
* @type string
*/
public $type = 'empty'; public $type = 'empty';
public function __construct() {}
public function validateChildren($tokens_of_children, $config, $context) { public function __construct()
{
}
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
return array(); return array();
} }
} }

35
library/HTMLPurifier/ChildDef/List.php
View File

@ -5,16 +5,32 @@
*/ */
class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
{ {
/**
* @type string
*/
public $type = 'list'; public $type = 'list';
/**
* @type array
*/
// lying a little bit, so that we can handle ul and ol ourselves // lying a little bit, so that we can handle ul and ol ourselves
// XXX: This whole business with 'wrap' is all a bit unsatisfactory // XXX: This whole business with 'wrap' is all a bit unsatisfactory
public $elements = array('li' => true, 'ul' => true, 'ol' => true); public $elements = array('li' => true, 'ul' => true, 'ol' => true);
public function validateChildren($tokens_of_children, $config, $context) {
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
// Flag for subclasses // Flag for subclasses
$this->whitespace = false; $this->whitespace = false;
// if there are no tokens, delete parent node // if there are no tokens, delete parent node
if (empty($tokens_of_children)) return false; if (empty($tokens_of_children)) {
return false;
}
// the new set of children // the new set of children
$result = array(); $result = array();
@ -62,7 +78,7 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
$result[] = new HTMLPurifier_Token_Start('li'); $result[] = new HTMLPurifier_Token_Start('li');
} else { } else {
// backtrack until </li> found // backtrack until </li> found
while(true) { while (true) {
$t = array_pop($result); $t = array_pop($result);
if ($t instanceof HTMLPurifier_Token_End) { if ($t instanceof HTMLPurifier_Token_End) {
// XXX actually, these invariants could very plausibly be violated // XXX actually, these invariants could very plausibly be violated
@ -84,7 +100,10 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
break; break;
} else { } else {
if (!$t->is_whitespace) { if (!$t->is_whitespace) {
trigger_error("Only whitespace present invariant violated in List ChildDef", E_USER_ERROR); trigger_error(
"Only whitespace present invariant violated in List ChildDef",
E_USER_ERROR
);
return false; return false;
} }
} }
@ -108,11 +127,15 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
if ($need_close_li) { if ($need_close_li) {
$result[] = new HTMLPurifier_Token_End('li'); $result[] = new HTMLPurifier_Token_End('li');
} }
if (empty($result)) return false; if (empty($result)) {
return false;
}
if ($all_whitespace) { if ($all_whitespace) {
return false; return false;
} }
if ($tokens_of_children == $result) return true; if ($tokens_of_children == $result) {
return true;
}
return $result; return $result;
} }
} }

27
library/HTMLPurifier/ChildDef/Optional.php
View File

@ -9,15 +9,34 @@
*/ */
class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
{ {
/**
* @type bool
*/
public $allow_empty = true; public $allow_empty = true;
/**
* @type string
*/
public $type = 'optional'; public $type = 'optional';
public function validateChildren($tokens_of_children, $config, $context) {
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
$result = parent::validateChildren($tokens_of_children, $config, $context); $result = parent::validateChildren($tokens_of_children, $config, $context);
// we assume that $tokens_of_children is not modified // we assume that $tokens_of_children is not modified
if ($result === false) { if ($result === false) {
if (empty($tokens_of_children)) return true; if (empty($tokens_of_children)) {
elseif ($this->whitespace) return $tokens_of_children; return true;
else return array(); } elseif ($this->whitespace) {
return $tokens_of_children;
} else {
return array();
}
} }
return $result; return $result;
} }

44
library/HTMLPurifier/ChildDef/Required.php
View File

@ -7,17 +7,21 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
{ {
/** /**
* Lookup table of allowed elements. * Lookup table of allowed elements.
* @public * @type array
*/ */
public $elements = array(); public $elements = array();
/** /**
* Whether or not the last passed node was all whitespace. * Whether or not the last passed node was all whitespace.
* @type bool
*/ */
protected $whitespace = false; protected $whitespace = false;
/** /**
* @param $elements List of allowed element names (lowercase). * @param array|string $elements List of allowed element names (lowercase).
*/ */
public function __construct($elements) { public function __construct($elements)
{
if (is_string($elements)) { if (is_string($elements)) {
$elements = str_replace(' ', '', $elements); $elements = str_replace(' ', '', $elements);
$elements = explode('|', $elements); $elements = explode('|', $elements);
@ -27,19 +31,39 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
$elements = array_flip($elements); $elements = array_flip($elements);
foreach ($elements as $i => $x) { foreach ($elements as $i => $x) {
$elements[$i] = true; $elements[$i] = true;
if (empty($i)) unset($elements[$i]); // remove blank if (empty($i)) {
unset($elements[$i]);
} // remove blank
} }
} }
$this->elements = $elements; $this->elements = $elements;
} }
/**
* @type bool
*/
public $allow_empty = false; public $allow_empty = false;
/**
* @type string
*/
public $type = 'required'; public $type = 'required';
public function validateChildren($tokens_of_children, $config, $context) {
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
// Flag for subclasses // Flag for subclasses
$this->whitespace = false; $this->whitespace = false;
// if there are no tokens, delete parent node // if there are no tokens, delete parent node
if (empty($tokens_of_children)) return false; if (empty($tokens_of_children)) {
return false;
}
// the new set of children // the new set of children
$result = array(); $result = array();
@ -104,12 +128,16 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
// drop silently // drop silently
} }
} }
if (empty($result)) return false; if (empty($result)) {
return false;
}
if ($all_whitespace) { if ($all_whitespace) {
$this->whitespace = true; $this->whitespace = true;
return false; return false;
} }
if ($tokens_of_children == $result) return true; if ($tokens_of_children == $result) {
return true;
}
return $result; return $result;
} }
} }

68
library/HTMLPurifier/ChildDef/StrictBlockquote.php
View File

@ -5,23 +5,51 @@
*/ */
class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Required class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Required
{ {
/**
* @type array
*/
protected $real_elements; protected $real_elements;
/**
* @type array
*/
protected $fake_elements; protected $fake_elements;
/**
* @type bool
*/
public $allow_empty = true; public $allow_empty = true;
/**
* @type string
*/
public $type = 'strictblockquote'; public $type = 'strictblockquote';
/**
* @type bool
*/
protected $init = false; protected $init = false;
/** /**
* @param HTMLPurifier_Config $config
* @return array
* @note We don't want MakeWellFormed to auto-close inline elements since * @note We don't want MakeWellFormed to auto-close inline elements since
* they might be allowed. * they might be allowed.
*/ */
public function getAllowedElements($config) { public function getAllowedElements($config)
{
$this->init($config); $this->init($config);
return $this->fake_elements; return $this->fake_elements;
} }
public function validateChildren($tokens_of_children, $config, $context) { /**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
$this->init($config); $this->init($config);
// trick the parent class into thinking it allows more // trick the parent class into thinking it allows more
@ -29,12 +57,16 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
$result = parent::validateChildren($tokens_of_children, $config, $context); $result = parent::validateChildren($tokens_of_children, $config, $context);
$this->elements = $this->real_elements; $this->elements = $this->real_elements;
if ($result === false) return array(); if ($result === false) {
if ($result === true) $result = $tokens_of_children; return array();
}
if ($result === true) {
$result = $tokens_of_children;
}
$def = $config->getHTMLDefinition(); $def = $config->getHTMLDefinition();
$block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper); $block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper);
$block_wrap_end = new HTMLPurifier_Token_End( $def->info_block_wrapper); $block_wrap_end = new HTMLPurifier_Token_End($def->info_block_wrapper);
$is_inline = false; $is_inline = false;
$depth = 0; $depth = 0;
$ret = array(); $ret = array();
@ -45,10 +77,8 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
// ifs are nested for readability // ifs are nested for readability
if (!$is_inline) { if (!$is_inline) {
if (!$depth) { if (!$depth) {
if ( if (($token instanceof HTMLPurifier_Token_Text && !$token->is_whitespace) ||
($token instanceof HTMLPurifier_Token_Text && !$token->is_whitespace) || (!$token instanceof HTMLPurifier_Token_Text && !isset($this->elements[$token->name]))) {
(!$token instanceof HTMLPurifier_Token_Text && !isset($this->elements[$token->name]))
) {
$is_inline = true; $is_inline = true;
$ret[] = $block_wrap_start; $ret[] = $block_wrap_start;
} }
@ -66,14 +96,24 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
} }
} }
$ret[] = $token; $ret[] = $token;
if ($token instanceof HTMLPurifier_Token_Start) $depth++; if ($token instanceof HTMLPurifier_Token_Start) {
if ($token instanceof HTMLPurifier_Token_End) $depth--; $depth++;
}
if ($token instanceof HTMLPurifier_Token_End) {
$depth--;
}
}
if ($is_inline) {
$ret[] = $block_wrap_end;
} }
if ($is_inline) $ret[] = $block_wrap_end;
return $ret; return $ret;
} }
private function init($config) { /**
* @param HTMLPurifier_Config $config
*/
private function init($config)
{
if (!$this->init) { if (!$this->init) {
$def = $config->getHTMLDefinition(); $def = $config->getHTMLDefinition();
// allow all inline elements // allow all inline elements

77
library/HTMLPurifier/ChildDef/Table.php
View File

@ -31,13 +31,44 @@
*/ */
class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
{ {
/**
* @type bool
*/
public $allow_empty = false; public $allow_empty = false;
/**
* @type string
*/
public $type = 'table'; public $type = 'table';
public $elements = array('tr' => true, 'tbody' => true, 'thead' => true,
'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true); /**
public function __construct() {} * @type array
public function validateChildren($tokens_of_children, $config, $context) { */
if (empty($tokens_of_children)) return false; public $elements = array(
'tr' => true,
'tbody' => true,
'thead' => true,
'tfoot' => true,
'caption' => true,
'colgroup' => true,
'col' => true
);
public function __construct()
{
}
/**
* @param array $tokens_of_children
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function validateChildren($tokens_of_children, $config, $context)
{
if (empty($tokens_of_children)) {
return false;
}
// this ensures that the loop gets run one last time before closing // this ensures that the loop gets run one last time before closing
// up. It's a little bit of a hack, but it works! Just make sure you // up. It's a little bit of a hack, but it works! Just make sure you
@ -88,7 +119,9 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
$content[] = $collection; $content[] = $collection;
break; break;
case 'caption': case 'caption':
if ($caption !== false) break; if ($caption !== false) {
break;
}
$caption = $collection; $caption = $collection;
break; break;
case 'thead': case 'thead':
@ -116,7 +149,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
// doesn't float an extra tfoot to the // doesn't float an extra tfoot to the
// bottom like it does for the first one. // bottom like it does for the first one.
$collection[$tag_index]->name = 'tbody'; $collection[$tag_index]->name = 'tbody';
$collection[count($collection)-1]->name = 'tbody'; $collection[count($collection) - 1]->name = 'tbody';
$content[] = $collection; $content[] = $collection;
} }
break; break;
@ -134,7 +167,9 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
} }
// terminate // terminate
if ($token === false) break; if ($token === false) {
break;
}
if ($is_child) { if ($is_child) {
// determine what we're dealing with // determine what we're dealing with
@ -147,7 +182,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
$tag_index = 0; $tag_index = 0;
continue; continue;
} }
switch($token->name) { switch ($token->name) {
case 'caption': case 'caption':
case 'colgroup': case 'colgroup':
case 'thead': case 'thead':
@ -172,7 +207,9 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
} }
} }
if (empty($content)) return false; if (empty($content)) {
return false;
}
// INVARIANT: all members of content are non-empty. This can // INVARIANT: all members of content are non-empty. This can
// be shown by observing when things are pushed onto content: // be shown by observing when things are pushed onto content:
// they are only ever pushed when is_collecting is true, and // they are only ever pushed when is_collecting is true, and
@ -180,10 +217,20 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
// that collections are non-empty when is_collecting is true. // that collections are non-empty when is_collecting is true.
$ret = array(); $ret = array();
if ($caption !== false) $ret = array_merge($ret, $caption); if ($caption !== false) {
if ($cols !== false) foreach ($cols as $token_array) $ret = array_merge($ret, $token_array); $ret = array_merge($ret, $caption);
if ($thead !== false) $ret = array_merge($ret, $thead); }
if ($tfoot !== false) $ret = array_merge($ret, $tfoot); if ($cols !== false) {
foreach ($cols as $token_array) {
$ret = array_merge($ret, $token_array);
}
}
if ($thead !== false) {
$ret = array_merge($ret, $thead);
}
if ($tfoot !== false) {
$ret = array_merge($ret, $tfoot);
}
if ($tbody_mode) { if ($tbody_mode) {
// a little tricky, since the start of the collection may be // a little tricky, since the start of the collection may be
@ -228,7 +275,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
} }
} }
if (!empty($collection) && $is_collecting == false){ if (!empty($collection) && $is_collecting == false) {
// grab the trailing space // grab the trailing space
$ret = array_merge($ret, $collection); $ret = array_merge($ret, $collection);
} }

84
library/HTMLPurifier/Config.php
View File

@ -19,79 +19,89 @@ class HTMLPurifier_Config
/** /**
* HTML Purifier's version * HTML Purifier's version
* @type string
*/ */
public $version = '4.5.0'; public $version = '4.5.0';
/** /**
* @var bool indicator whether or not to automatically finalize * Whether or not to automatically finalize
* the object if a read operation is done * the object if a read operation is done.
* @type bool
*/ */
public $autoFinalize = true; public $autoFinalize = true;
// protected member variables // protected member variables
/** /**
* Namespace indexed array of serials for specific namespaces (see * Namespace indexed array of serials for specific namespaces.
* getSerial() for more info). * @see getSerial() for more info.
* @type string[]
*/ */
protected $serials = array(); protected $serials = array();
/** /**
* Serial for entire configuration object * Serial for entire configuration object.
* @type string
*/ */
protected $serial; protected $serial;
/** /**
* Parser for variables * Parser for variables.
* @type HTMLPurifier_VarParser_Flexible
*/ */
protected $parser = null; protected $parser = null;
/** /**
* Reference HTMLPurifier_ConfigSchema for value checking * Reference HTMLPurifier_ConfigSchema for value checking.
* @type HTMLPurifier_ConfigSchema
* @note This is public for introspective purposes. Please don't * @note This is public for introspective purposes. Please don't
* abuse! * abuse!
*/ */
public $def; public $def;
/** /**
* @var HTMLPurifier_Definition[] Indexed array of definitions * Indexed array of definitions.
* @type HTMLPurifier_Definition[]
*/ */
protected $definitions; protected $definitions;
/** /**
* Bool indicator whether or not config is finalized * Whether or not config is finalized.
* @type bool
*/ */
protected $finalized = false; protected $finalized = false;
/** /**
* Property list containing configuration directives. * Property list containing configuration directives.
* @type array
*/ */
protected $plist; protected $plist;
/** /**
* Whether or not a set is taking place due to an * Whether or not a set is taking place due to an alias lookup.
* alias lookup. * @type bool
*/ */
private $aliasMode; private $aliasMode;
/** /**
* Set to false if you do not want line and file numbers in errors * Set to false if you do not want line and file numbers in errors.
* (useful when unit testing). This will also compress some errors * (useful when unit testing). This will also compress some errors
* and exceptions. * and exceptions.
* @type bool
*/ */
public $chatty = true; public $chatty = true;
/** /**
* Current lock; only gets to this namespace are allowed. * Current lock; only gets to this namespace are allowed.
* @type string
*/ */
private $lock; private $lock;
/** /**
* Constructor * Constructor
*
* @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines * @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines
* what directives are allowed. * what directives are allowed.
* @param mixed $parent * @param HTMLPurifier_PropertyList $parent
*/ */
public function __construct($definition, $parent = null) public function __construct($definition, $parent = null)
{ {
@ -103,13 +113,11 @@ class HTMLPurifier_Config
/** /**
* Convenience constructor that creates a config object based on a mixed var * Convenience constructor that creates a config object based on a mixed var
*
* @param mixed $config Variable that defines the state of the config * @param mixed $config Variable that defines the state of the config
* object. Can be: a HTMLPurifier_Config() object, * object. Can be: a HTMLPurifier_Config() object,
* an array of directives based on loadArray(), * an array of directives based on loadArray(),
* or a string filename of an ini file. * or a string filename of an ini file.
* @param HTMLPurifier_ConfigSchema $schema Schema object * @param HTMLPurifier_ConfigSchema $schema Schema object
*
* @return HTMLPurifier_Config Configured object * @return HTMLPurifier_Config Configured object
*/ */
public static function create($config, $schema = null) public static function create($config, $schema = null)
@ -125,17 +133,13 @@ class HTMLPurifier_Config
} }
if (is_string($config)) { if (is_string($config)) {
$ret->loadIni($config); $ret->loadIni($config);
} } elseif (is_array($config)) $ret->loadArray($config);
elseif (is_array($config)) $ret->loadArray($config);
return $ret; return $ret;
} }
/** /**
* Creates a new config object that inherits from a previous one. * Creates a new config object that inherits from a previous one.
* * @param HTMLPurifier_Config $config Configuration object to inherit from.
* @param HTMLPurifier_Config $config Configuration object to inherit
* from.
*
* @return HTMLPurifier_Config object with $config as its parent. * @return HTMLPurifier_Config object with $config as its parent.
*/ */
public static function inherit(HTMLPurifier_Config $config) public static function inherit(HTMLPurifier_Config $config)
@ -195,7 +199,9 @@ class HTMLPurifier_Config
if ($ns !== $this->lock) { if ($ns !== $this->lock) {
$this->triggerError( $this->triggerError(
'Cannot get value of namespace ' . $ns . ' when lock for ' . 'Cannot get value of namespace ' . $ns . ' when lock for ' .
$this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', $this->lock .
' is active, this probably indicates a Definition setup method ' .
'is accessing directives that are not within its namespace',
E_USER_ERROR E_USER_ERROR
); );
return; return;
@ -384,7 +390,9 @@ class HTMLPurifier_Config
private function _listify($lookup) private function _listify($lookup)
{ {
$list = array(); $list = array();
foreach ($lookup as $name => $b) $list[] = $name; foreach ($lookup as $name => $b) {
$list[] = $name;
}
return implode(', ', $list); return implode(', ', $list);
} }
@ -400,7 +408,7 @@ class HTMLPurifier_Config
* maybeGetRawHTMLDefinition, which is more explicitly * maybeGetRawHTMLDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return mixed * @return HTMLPurifier_HTMLDefinition
*/ */
public function getHTMLDefinition($raw = false, $optimized = false) public function getHTMLDefinition($raw = false, $optimized = false)
{ {
@ -419,7 +427,7 @@ class HTMLPurifier_Config
* maybeGetRawCSSDefinition, which is more explicitly * maybeGetRawCSSDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return mixed * @return HTMLPurifier_CSSDefinition
*/ */
public function getCSSDefinition($raw = false, $optimized = false) public function getCSSDefinition($raw = false, $optimized = false)
{ {
@ -438,7 +446,7 @@ class HTMLPurifier_Config
* maybeGetRawURIDefinition, which is more explicitly * maybeGetRawURIDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return mixed * @return HTMLPurifier_URIDefinition
*/ */
public function getURIDefinition($raw = false, $optimized = false) public function getURIDefinition($raw = false, $optimized = false)
{ {
@ -460,7 +468,7 @@ class HTMLPurifier_Config
* maybe semantics is the "right thing to do." * maybe semantics is the "right thing to do."
* *
* @throws HTMLPurifier_Exception * @throws HTMLPurifier_Exception
* @return mixed * @return HTMLPurifier_Definition
*/ */
public function getDefinition($type, $raw = false, $optimized = false) public function getDefinition($type, $raw = false, $optimized = false)
{ {
@ -542,8 +550,12 @@ class HTMLPurifier_Config
} }
if ($def->optimized !== $optimized) { if ($def->optimized !== $optimized) {
$msg = $optimized ? "optimized" : "unoptimized"; $msg = $optimized ? "optimized" : "unoptimized";
$extra = $this->chatty ? " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)" : ""; $extra = $this->chatty ?
throw new HTMLPurifier_Exception("Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra); " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)"
: "";
throw new HTMLPurifier_Exception(
"Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra
);
} }
} }
// check if definition was in memory // check if definition was in memory
@ -576,7 +588,17 @@ class HTMLPurifier_Config
if (!$optimized) { if (!$optimized) {
if (!is_null($this->get($type . '.DefinitionID'))) { if (!is_null($this->get($type . '.DefinitionID'))) {
if ($this->chatty) { if ($this->chatty) {
$this->triggerError("Due to a documentation error in previous version of HTML Purifier, your definitions are not being cached. If this is OK, you can remove the %$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, modify your code to use maybeGetRawDefinition, and test if the returned value is null before making any edits (if it is null, that means that a cached version is available, and no raw operations are necessary). See <a href='http://htmlpurifier.org/docs/enduser-customize.html#optimized'>Customize</a> for more details", E_USER_WARNING); $this->triggerError(
'Due to a documentation error in previous version of HTML Purifier, your ' .
'definitions are not being cached. If this is OK, you can remove the ' .
'%$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, ' .
'modify your code to use maybeGetRawDefinition, and test if the returned ' .
'value is null before making any edits (if it is null, that means that a ' .
'cached version is available, and no raw operations are necessary). See ' .
'<a href="http://htmlpurifier.org/docs/enduser-customize.html#optimized">' .
'Customize</a> for more details',
E_USER_WARNING
);
} else { } else {
$this->triggerError( $this->triggerError(
"Useless DefinitionID declaration", "Useless DefinitionID declaration",

70
library/HTMLPurifier/ConfigSchema.php
View File

@ -3,21 +3,24 @@
/** /**
* Configuration definition, defines directives and their defaults. * Configuration definition, defines directives and their defaults.
*/ */
class HTMLPurifier_ConfigSchema { class HTMLPurifier_ConfigSchema
{
/** /**
* Defaults of the directives and namespaces. * Defaults of the directives and namespaces.
* @type array
* @note This shares the exact same structure as HTMLPurifier_Config::$conf * @note This shares the exact same structure as HTMLPurifier_Config::$conf
*/ */
public $defaults = array(); public $defaults = array();
/** /**
* The default property list. Do not edit this property list. * The default property list. Do not edit this property list.
* @type array
*/ */
public $defaultPlist; public $defaultPlist;
/** /**
* Definition of the directives. The structure of this is: * Definition of the directives.
* The structure of this is:
* *
* array( * array(
* 'Namespace' => array( * 'Namespace' => array(
@ -44,22 +47,27 @@ class HTMLPurifier_ConfigSchema {
* This class is friendly with HTMLPurifier_Config. If you need introspection * This class is friendly with HTMLPurifier_Config. If you need introspection
* about the schema, you're better of using the ConfigSchema_Interchange, * about the schema, you're better of using the ConfigSchema_Interchange,
* which uses more memory but has much richer information. * which uses more memory but has much richer information.
* @type array
*/ */
public $info = array(); public $info = array();
/** /**
* Application-wide singleton * Application-wide singleton
* @type HTMLPurifier_ConfigSchema
*/ */
static protected $singleton; protected static $singleton;
public function __construct() { public function __construct()
{
$this->defaultPlist = new HTMLPurifier_PropertyList(); $this->defaultPlist = new HTMLPurifier_PropertyList();
} }
/** /**
* Unserializes the default ConfigSchema. * Unserializes the default ConfigSchema.
* @return HTMLPurifier_ConfigSchema
*/ */
public static function makeFromSerial() { public static function makeFromSerial()
{
$contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser'); $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser');
$r = unserialize($contents); $r = unserialize($contents);
if (!$r) { if (!$r) {
@ -71,8 +79,11 @@ class HTMLPurifier_ConfigSchema {
/** /**
* Retrieves an instance of the application-wide configuration definition. * Retrieves an instance of the application-wide configuration definition.
* @param HTMLPurifier_ConfigSchema $prototype
* @return HTMLPurifier_ConfigSchema
*/ */
public static function instance($prototype = null) { public static function instance($prototype = null)
{
if ($prototype !== null) { if ($prototype !== null) {
HTMLPurifier_ConfigSchema::$singleton = $prototype; HTMLPurifier_ConfigSchema::$singleton = $prototype;
} elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) { } elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) {
@ -86,17 +97,19 @@ class HTMLPurifier_ConfigSchema {
* @warning Will fail of directive's namespace is defined. * @warning Will fail of directive's namespace is defined.
* @warning This method's signature is slightly different from the legacy * @warning This method's signature is slightly different from the legacy
* define() static method! Beware! * define() static method! Beware!
* @param $namespace Namespace the directive is in * @param string $key Name of directive
* @param $name Key of directive * @param mixed $default Default value of directive
* @param $default Default value of directive * @param string $type Allowed type of the directive. See
* @param $type Allowed type of the directive. See
* HTMLPurifier_DirectiveDef::$type for allowed values * HTMLPurifier_DirectiveDef::$type for allowed values
* @param $allow_null Whether or not to allow null values * @param bool $allow_null Whether or not to allow null values
*/ */
public function add($key, $default, $type, $allow_null) { public function add($key, $default, $type, $allow_null)
{
$obj = new stdclass(); $obj = new stdclass();
$obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type]; $obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type];
if ($allow_null) $obj->allow_null = true; if ($allow_null) {
$obj->allow_null = true;
}
$this->info[$key] = $obj; $this->info[$key] = $obj;
$this->defaults[$key] = $default; $this->defaults[$key] = $default;
$this->defaultPlist->set($key, $default); $this->defaultPlist->set($key, $default);
@ -107,11 +120,11 @@ class HTMLPurifier_ConfigSchema {
* *
* Directive value aliases are convenient for developers because it lets * Directive value aliases are convenient for developers because it lets
* them set a directive to several values and get the same result. * them set a directive to several values and get the same result.
* @param $namespace Directive's namespace * @param string $key Name of Directive
* @param $name Name of Directive * @param array $aliases Hash of aliased values to the real alias
* @param $aliases Hash of aliased values to the real alias
*/ */
public function addValueAliases($key, $aliases) { public function addValueAliases($key, $aliases)
{
if (!isset($this->info[$key]->aliases)) { if (!isset($this->info[$key]->aliases)) {
$this->info[$key]->aliases = array(); $this->info[$key]->aliases = array();
} }
@ -124,22 +137,21 @@ class HTMLPurifier_ConfigSchema {
* Defines a set of allowed values for a directive. * Defines a set of allowed values for a directive.
* @warning This is slightly different from the corresponding static * @warning This is slightly different from the corresponding static
* method definition. * method definition.
* @param $namespace Namespace of directive * @param string $key Name of directive
* @param $name Name of directive * @param array $allowed Lookup array of allowed values
* @param $allowed Lookup array of allowed values
*/ */
public function addAllowedValues($key, $allowed) { public function addAllowedValues($key, $allowed)
{
$this->info[$key]->allowed = $allowed; $this->info[$key]->allowed = $allowed;
} }
/** /**
* Defines a directive alias for backwards compatibility * Defines a directive alias for backwards compatibility
* @param $namespace * @param string $key Directive that will be aliased
* @param $name Directive that will be aliased * @param string $new_key Directive that the alias will be to
* @param $new_namespace
* @param $new_name Directive that the alias will be to
*/ */
public function addAlias($key, $new_key) { public function addAlias($key, $new_key)
{
$obj = new stdclass; $obj = new stdclass;
$obj->key = $new_key; $obj->key = $new_key;
$obj->isAlias = true; $obj->isAlias = true;
@ -149,7 +161,8 @@ class HTMLPurifier_ConfigSchema {
/** /**
* Replaces any stdclass that only has the type property with type integer. * Replaces any stdclass that only has the type property with type integer.
*/ */
public function postProcess() { public function postProcess()
{
foreach ($this->info as $key => $v) { foreach ($this->info as $key => $v) {
if (count((array) $v) == 1) { if (count((array) $v) == 1) {
$this->info[$key] = $v->type; $this->info[$key] = $v->type;
@ -158,7 +171,6 @@ class HTMLPurifier_ConfigSchema {
} }
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

8
library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
View File

@ -7,7 +7,12 @@
class HTMLPurifier_ConfigSchema_Builder_ConfigSchema class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
{ {
public function build($interchange) { /**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @return HTMLPurifier_ConfigSchema
*/
public function build($interchange)
{
$schema = new HTMLPurifier_ConfigSchema(); $schema = new HTMLPurifier_ConfigSchema();
foreach ($interchange->directives as $d) { foreach ($interchange->directives as $d) {
$schema->add( $schema->add(
@ -38,7 +43,6 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
$schema->postProcess(); $schema->postProcess();
return $schema; return $schema;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

66
library/HTMLPurifier/ConfigSchema/Builder/Xml.php
View File

@ -7,10 +7,21 @@
class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
{ {
/**
* @type HTMLPurifier_ConfigSchema_Interchange
*/
protected $interchange; protected $interchange;
/**
* @type string
*/
private $namespace; private $namespace;
protected function writeHTMLDiv($html) { /**
* @param string $html
*/
protected function writeHTMLDiv($html)
{
$this->startElement('div'); $this->startElement('div');
$purifier = HTMLPurifier::getInstance(); $purifier = HTMLPurifier::getInstance();
@ -21,12 +32,23 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->endElement(); // div $this->endElement(); // div
} }
protected function export($var) { /**
if ($var === array()) return 'array()'; * @param mixed $var
* @return string
*/
protected function export($var)
{
if ($var === array()) {
return 'array()';
}
return var_export($var, true); return var_export($var, true);
} }
public function build($interchange) { /**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
*/
public function build($interchange)
{
// global access, only use as last resort // global access, only use as last resort
$this->interchange = $interchange; $this->interchange = $interchange;
@ -39,19 +61,26 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->buildDirective($directive); $this->buildDirective($directive);
} }
if ($this->namespace) $this->endElement(); // namespace if ($this->namespace) {
$this->endElement();
} // namespace
$this->endElement(); // configdoc $this->endElement(); // configdoc
$this->flush(); $this->flush();
} }
public function buildDirective($directive) { /**
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
*/
public function buildDirective($directive)
{
// Kludge, although I suppose having a notion of a "root namespace" // Kludge, although I suppose having a notion of a "root namespace"
// certainly makes things look nicer when documentation is built. // certainly makes things look nicer when documentation is built.
// Depends on things being sorted. // Depends on things being sorted.
if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) { if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
if ($this->namespace) $this->endElement(); // namespace if ($this->namespace) {
$this->endElement();
} // namespace
$this->namespace = $directive->id->getRootNamespace(); $this->namespace = $directive->id->getRootNamespace();
$this->startElement('namespace'); $this->startElement('namespace');
$this->writeAttribute('id', $this->namespace); $this->writeAttribute('id', $this->namespace);
@ -64,25 +93,35 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->writeElement('name', $directive->id->getDirective()); $this->writeElement('name', $directive->id->getDirective());
$this->startElement('aliases'); $this->startElement('aliases');
foreach ($directive->aliases as $alias) $this->writeElement('alias', $alias->toString()); foreach ($directive->aliases as $alias) {
$this->writeElement('alias', $alias->toString());
}
$this->endElement(); // aliases $this->endElement(); // aliases
$this->startElement('constraints'); $this->startElement('constraints');
if ($directive->version) $this->writeElement('version', $directive->version); if ($directive->version) {
$this->writeElement('version', $directive->version);
}
$this->startElement('type'); $this->startElement('type');
if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes'); if ($directive->typeAllowsNull) {
$this->writeAttribute('allow-null', 'yes');
}
$this->text($directive->type); $this->text($directive->type);
$this->endElement(); // type $this->endElement(); // type
if ($directive->allowed) { if ($directive->allowed) {
$this->startElement('allowed'); $this->startElement('allowed');
foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value); foreach ($directive->allowed as $value => $x) {
$this->writeElement('value', $value);
}
$this->endElement(); // allowed $this->endElement(); // allowed
} }
$this->writeElement('default', $this->export($directive->default)); $this->writeElement('default', $this->export($directive->default));
$this->writeAttribute('xml:space', 'preserve'); $this->writeAttribute('xml:space', 'preserve');
if ($directive->external) { if ($directive->external) {
$this->startElement('external'); $this->startElement('external');
foreach ($directive->external as $project) $this->writeElement('project', $project); foreach ($directive->external as $project) {
$this->writeElement('project', $project);
}
$this->endElement(); $this->endElement();
} }
$this->endElement(); // constraints $this->endElement(); // constraints
@ -100,7 +139,6 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->endElement(); // directive $this->endElement(); // directive
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

11
library/HTMLPurifier/ConfigSchema/Interchange.php
View File

@ -10,18 +10,23 @@ class HTMLPurifier_ConfigSchema_Interchange
/** /**
* Name of the application this schema is describing. * Name of the application this schema is describing.
* @type string
*/ */
public $name; public $name;
/** /**
* Array of Directive ID => array(directive info) * Array of Directive ID => array(directive info)
* @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
*/ */
public $directives = array(); public $directives = array();
/** /**
* Adds a directive array to $directives * Adds a directive array to $directives
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
* @throws HTMLPurifier_ConfigSchema_Exception
*/ */
public function addDirective($directive) { public function addDirective($directive)
{
if (isset($this->directives[$i = $directive->id->toString()])) { if (isset($this->directives[$i = $directive->id->toString()])) {
throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'"); throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
} }
@ -32,11 +37,11 @@ class HTMLPurifier_ConfigSchema_Interchange
* Convenience function to perform standard validation. Throws exception * Convenience function to perform standard validation. Throws exception
* on failed validation. * on failed validation.
*/ */
public function validate() { public function validate()
{
$validator = new HTMLPurifier_ConfigSchema_Validator(); $validator = new HTMLPurifier_ConfigSchema_Validator();
return $validator->validate($this); return $validator->validate($this);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

28
library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
View File

@ -7,71 +7,83 @@ class HTMLPurifier_ConfigSchema_Interchange_Directive
{ {
/** /**
* ID of directive, instance of HTMLPurifier_ConfigSchema_Interchange_Id. * ID of directive.
* @type HTMLPurifier_ConfigSchema_Interchange_Id
*/ */
public $id; public $id;
/** /**
* String type, e.g. 'integer' or 'istring'. * Type, e.g. 'integer' or 'istring'.
* @type string
*/ */
public $type; public $type;
/** /**
* Default value, e.g. 3 or 'DefaultVal'. * Default value, e.g. 3 or 'DefaultVal'.
* @type mixed
*/ */
public $default; public $default;
/** /**
* HTML description. * HTML description.
* @type string
*/ */
public $description; public $description;
/** /**
* Boolean whether or not null is allowed as a value. * Whether or not null is allowed as a value.
* @type bool
*/ */
public $typeAllowsNull = false; public $typeAllowsNull = false;
/** /**
* Lookup table of allowed scalar values, e.g. array('allowed' => true). * Lookup table of allowed scalar values.
* e.g. array('allowed' => true).
* Null if all values are allowed. * Null if all values are allowed.
* @type array
*/ */
public $allowed; public $allowed;
/** /**
* List of aliases for the directive, * List of aliases for the directive.
* e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))). * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
* @type HTMLPurifier_ConfigSchema_Interchange_Id[]
*/ */
public $aliases = array(); public $aliases = array();
/** /**
* Hash of value aliases, e.g. array('alt' => 'real'). Null if value * Hash of value aliases, e.g. array('alt' => 'real'). Null if value
* aliasing is disabled (necessary for non-scalar types). * aliasing is disabled (necessary for non-scalar types).
* @type array
*/ */
public $valueAliases; public $valueAliases;
/** /**
* Version of HTML Purifier the directive was introduced, e.g. '1.3.1'. * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
* Null if the directive has always existed. * Null if the directive has always existed.
* @type string
*/ */
public $version; public $version;
/** /**
* ID of directive that supercedes this old directive, is an instance * ID of directive that supercedes this old directive.
* of HTMLPurifier_ConfigSchema_Interchange_Id. Null if not deprecated. * Null if not deprecated.
* @type HTMLPurifier_ConfigSchema_Interchange_Id
*/ */
public $deprecatedUse; public $deprecatedUse;
/** /**
* Version of HTML Purifier this directive was deprecated. Null if not * Version of HTML Purifier this directive was deprecated. Null if not
* deprecated. * deprecated.
* @type string
*/ */
public $deprecatedVersion; public $deprecatedVersion;
/** /**
* List of external projects this directive depends on, e.g. array('CSSTidy'). * List of external projects this directive depends on, e.g. array('CSSTidy').
* @type array
*/ */
public $external = array(); public $external = array();
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

33
library/HTMLPurifier/ConfigSchema/Interchange/Id.php
View File

@ -6,32 +6,53 @@
class HTMLPurifier_ConfigSchema_Interchange_Id class HTMLPurifier_ConfigSchema_Interchange_Id
{ {
/**
* @type string
*/
public $key; public $key;
public function __construct($key) { /**
* @param string $key
*/
public function __construct($key)
{
$this->key = $key; $this->key = $key;
} }
/** /**
* @return string
* @warning This is NOT magic, to ensure that people don't abuse SPL and * @warning This is NOT magic, to ensure that people don't abuse SPL and
* cause problems for PHP 5.0 support. * cause problems for PHP 5.0 support.
*/ */
public function toString() { public function toString()
{
return $this->key; return $this->key;
} }
public function getRootNamespace() { /**
* @return string
*/
public function getRootNamespace()
{
return substr($this->key, 0, strpos($this->key, ".")); return substr($this->key, 0, strpos($this->key, "."));
} }
public function getDirective() { /**
* @return string
*/
public function getDirective()
{
return substr($this->key, strpos($this->key, ".") + 1); return substr($this->key, strpos($this->key, ".") + 1);
} }
public static function make($id) { /**
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
public static function make($id)
{
return new HTMLPurifier_ConfigSchema_Interchange_Id($id); return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

88
library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
View File

@ -5,21 +5,39 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/** /**
* Used for processing DEFAULT, nothing else. * Used for processing DEFAULT, nothing else.
* @type HTMLPurifier_VarParser
*/ */
protected $varParser; protected $varParser;
public function __construct($varParser = null) { /**
* @param HTMLPurifier_VarParser $varParser
*/
public function __construct($varParser = null)
{
$this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native(); $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
} }
public static function buildFromDirectory($dir = null) { /**
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public static function buildFromDirectory($dir = null)
{
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder(); $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange(); $interchange = new HTMLPurifier_ConfigSchema_Interchange();
return $builder->buildDir($interchange, $dir); return $builder->buildDir($interchange, $dir);
} }
public function buildDir($interchange, $dir = null) { /**
if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema'; * @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public function buildDir($interchange, $dir = null)
{
if (!$dir) {
$dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
}
if (file_exists($dir . '/info.ini')) { if (file_exists($dir . '/info.ini')) {
$info = parse_ini_file($dir . '/info.ini'); $info = parse_ini_file($dir . '/info.ini');
$interchange->name = $info['name']; $interchange->name = $info['name'];
@ -39,24 +57,30 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
foreach ($files as $file) { foreach ($files as $file) {
$this->buildFile($interchange, $dir . '/' . $file); $this->buildFile($interchange, $dir . '/' . $file);
} }
return $interchange; return $interchange;
} }
public function buildFile($interchange, $file) { /**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $file
*/
public function buildFile($interchange, $file)
{
$parser = new HTMLPurifier_StringHashParser(); $parser = new HTMLPurifier_StringHashParser();
$this->build( $this->build(
$interchange, $interchange,
new HTMLPurifier_StringHash( $parser->parseFile($file) ) new HTMLPurifier_StringHash($parser->parseFile($file))
); );
} }
/** /**
* Builds an interchange object based on a hash. * Builds an interchange object based on a hash.
* @param $interchange HTMLPurifier_ConfigSchema_Interchange object to build * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
* @param $hash HTMLPurifier_ConfigSchema_StringHash source data * @param HTMLPurifier_StringHash $hash source data
* @throws HTMLPurifier_ConfigSchema_Exception
*/ */
public function build($interchange, $hash) { public function build($interchange, $hash)
{
if (!$hash instanceof HTMLPurifier_StringHash) { if (!$hash instanceof HTMLPurifier_StringHash) {
$hash = new HTMLPurifier_StringHash($hash); $hash = new HTMLPurifier_StringHash($hash);
} }
@ -75,7 +99,13 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
$this->_findUnused($hash); $this->_findUnused($hash);
} }
public function buildDirective($interchange, $hash) { /**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param HTMLPurifier_StringHash $hash
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function buildDirective($interchange, $hash)
{
$directive = new HTMLPurifier_ConfigSchema_Interchange_Directive(); $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
// These are required elements: // These are required elements:
@ -84,7 +114,9 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['TYPE'])) { if (isset($hash['TYPE'])) {
$type = explode('/', $hash->offsetGet('TYPE')); $type = explode('/', $hash->offsetGet('TYPE'));
if (isset($type[1])) $directive->typeAllowsNull = true; if (isset($type[1])) {
$directive->typeAllowsNull = true;
}
$directive->type = $type[0]; $directive->type = $type[0];
} else { } else {
throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined"); throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
@ -92,7 +124,11 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['DEFAULT'])) { if (isset($hash['DEFAULT'])) {
try { try {
$directive->default = $this->varParser->parse($hash->offsetGet('DEFAULT'), $directive->type, $directive->typeAllowsNull); $directive->default = $this->varParser->parse(
$hash->offsetGet('DEFAULT'),
$directive->type,
$directive->typeAllowsNull
);
} catch (HTMLPurifier_VarParserException $e) { } catch (HTMLPurifier_VarParserException $e) {
throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'"); throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
} }
@ -139,34 +175,45 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/** /**
* Evaluates an array PHP code string without array() wrapper * Evaluates an array PHP code string without array() wrapper
* @param string $contents
*/ */
protected function evalArray($contents) { protected function evalArray($contents)
return eval('return array('. $contents .');'); {
return eval('return array(' . $contents . ');');
} }
/** /**
* Converts an array list into a lookup array. * Converts an array list into a lookup array.
* @param array $array
* @return array
*/ */
protected function lookup($array) { protected function lookup($array)
{
$ret = array(); $ret = array();
foreach ($array as $val) $ret[$val] = true; foreach ($array as $val) {
$ret[$val] = true;
}
return $ret; return $ret;
} }
/** /**
* Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
* object based on a string Id. * object based on a string Id.
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/ */
protected function id($id) { protected function id($id)
{
return HTMLPurifier_ConfigSchema_Interchange_Id::make($id); return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
} }
/** /**
* Triggers errors for any unused keys passed in the hash; such keys * Triggers errors for any unused keys passed in the hash; such keys
* may indicate typos, missing values, etc. * may indicate typos, missing values, etc.
* @param $hash Instance of ConfigSchema_StringHash to check. * @param HTMLPurifier_StringHash $hash Hash to check.
*/ */
protected function _findUnused($hash) { protected function _findUnused($hash)
{
$accessed = $hash->getAccessed(); $accessed = $hash->getAccessed();
foreach ($hash as $k => $v) { foreach ($hash as $k => $v) {
if (!isset($accessed[$k])) { if (!isset($accessed[$k])) {
@ -174,7 +221,6 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
} }
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

90
library/HTMLPurifier/ConfigSchema/Validator.php
View File

@ -12,36 +12,48 @@ class HTMLPurifier_ConfigSchema_Validator
{ {
/** /**
* Easy to access global objects. * @type HTMLPurifier_ConfigSchema_Interchange
*/ */
protected $interchange, $aliases; protected $interchange;
/**
* @type array
*/
protected $aliases;
/** /**
* Context-stack to provide easy to read error messages. * Context-stack to provide easy to read error messages.
* @type array
*/ */
protected $context = array(); protected $context = array();
/** /**
* HTMLPurifier_VarParser to test default's type. * to test default's type.
* @type HTMLPurifier_VarParser
*/ */
protected $parser; protected $parser;
public function __construct() { public function __construct()
{
$this->parser = new HTMLPurifier_VarParser(); $this->parser = new HTMLPurifier_VarParser();
} }
/** /**
* Validates a fully-formed interchange object. Throws an * Validates a fully-formed interchange object.
* HTMLPurifier_ConfigSchema_Exception if there's a problem. * @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @return bool
*/ */
public function validate($interchange) { public function validate($interchange)
{
$this->interchange = $interchange; $this->interchange = $interchange;
$this->aliases = array(); $this->aliases = array();
// PHP is a bit lax with integer <=> string conversions in // PHP is a bit lax with integer <=> string conversions in
// arrays, so we don't use the identical !== comparison // arrays, so we don't use the identical !== comparison
foreach ($interchange->directives as $i => $directive) { foreach ($interchange->directives as $i => $directive) {
$id = $directive->id->toString(); $id = $directive->id->toString();
if ($i != $id) $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'"); if ($i != $id) {
$this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
}
$this->validateDirective($directive); $this->validateDirective($directive);
} }
return true; return true;
@ -49,8 +61,10 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Id object. * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
* @param HTMLPurifier_ConfigSchema_Interchange_Id $id
*/ */
public function validateId($id) { public function validateId($id)
{
$id_string = $id->toString(); $id_string = $id->toString();
$this->context[] = "id '$id_string'"; $this->context[] = "id '$id_string'";
if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) { if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
@ -67,8 +81,10 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object. * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/ */
public function validateDirective($d) { public function validateDirective($d)
{
$id = $d->id->toString(); $id = $d->id->toString();
$this->context[] = "directive '$id'"; $this->context[] = "directive '$id'";
$this->validateId($d->id); $this->validateId($d->id);
@ -108,9 +124,13 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Extra validation if $allowed member variable of * Extra validation if $allowed member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined. * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/ */
public function validateDirectiveAllowed($d) { public function validateDirectiveAllowed($d)
if (is_null($d->allowed)) return; {
if (is_null($d->allowed)) {
return;
}
$this->with($d, 'allowed') $this->with($d, 'allowed')
->assertNotEmpty() ->assertNotEmpty()
->assertIsLookup(); // handled by InterchangeBuilder ->assertIsLookup(); // handled by InterchangeBuilder
@ -119,7 +139,9 @@ class HTMLPurifier_ConfigSchema_Validator
} }
$this->context[] = 'allowed'; $this->context[] = 'allowed';
foreach ($d->allowed as $val => $x) { foreach ($d->allowed as $val => $x) {
if (!is_string($val)) $this->error("value $val", 'must be a string'); if (!is_string($val)) {
$this->error("value $val", 'must be a string');
}
} }
array_pop($this->context); array_pop($this->context);
} }
@ -127,15 +149,23 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Extra validation if $valueAliases member variable of * Extra validation if $valueAliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined. * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/ */
public function validateDirectiveValueAliases($d) { public function validateDirectiveValueAliases($d)
if (is_null($d->valueAliases)) return; {
if (is_null($d->valueAliases)) {
return;
}
$this->with($d, 'valueAliases') $this->with($d, 'valueAliases')
->assertIsArray(); // handled by InterchangeBuilder ->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'valueAliases'; $this->context[] = 'valueAliases';
foreach ($d->valueAliases as $alias => $real) { foreach ($d->valueAliases as $alias => $real) {
if (!is_string($alias)) $this->error("alias $alias", 'must be a string'); if (!is_string($alias)) {
if (!is_string($real)) $this->error("alias target $real from alias '$alias'", 'must be a string'); $this->error("alias $alias", 'must be a string');
}
if (!is_string($real)) {
$this->error("alias target $real from alias '$alias'", 'must be a string');
}
if ($alias === $real) { if ($alias === $real) {
$this->error("alias '$alias'", "must not be an alias to itself"); $this->error("alias '$alias'", "must not be an alias to itself");
} }
@ -155,8 +185,10 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Extra validation if $aliases member variable of * Extra validation if $aliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined. * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/ */
public function validateDirectiveAliases($d) { public function validateDirectiveAliases($d)
{
$this->with($d, 'aliases') $this->with($d, 'aliases')
->assertIsArray(); // handled by InterchangeBuilder ->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'aliases'; $this->context[] = 'aliases';
@ -180,27 +212,37 @@ class HTMLPurifier_ConfigSchema_Validator
/** /**
* Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
* for validating simple member variables of objects. * for validating simple member variables of objects.
* @param $obj
* @param $member
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/ */
protected function with($obj, $member) { protected function with($obj, $member)
{
return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member); return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
} }
/** /**
* Emits an error, providing helpful context. * Emits an error, providing helpful context.
* @throws HTMLPurifier_ConfigSchema_Exception
*/ */
protected function error($target, $msg) { protected function error($target, $msg)
if ($target !== false) $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext(); {
else $prefix = ucfirst($this->getFormattedContext()); if ($target !== false) {
$prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
} else {
$prefix = ucfirst($this->getFormattedContext());
}
throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg)); throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
} }
/** /**
* Returns a formatted context string. * Returns a formatted context string.
* @return string
*/ */
protected function getFormattedContext() { protected function getFormattedContext()
{
return implode(' in ', array_reverse($this->context)); return implode(' in ', array_reverse($this->context));
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

100
library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
View File

@ -8,59 +8,123 @@
*/ */
class HTMLPurifier_ConfigSchema_ValidatorAtom class HTMLPurifier_ConfigSchema_ValidatorAtom
{ {
/**
* @type string
*/
protected $context;
protected $context, $obj, $member, $contents; /**
* @type object
*/
protected $obj;
public function __construct($context, $obj, $member) { /**
* @type string
*/
protected $member;
/**
* @type mixed
*/
protected $contents;
public function __construct($context, $obj, $member)
{
$this->context = $context; $this->context = $context;
$this->obj = $obj; $this->obj = $obj;
$this->member = $member; $this->member = $member;
$this->contents =& $obj->$member; $this->contents =& $obj->$member;
} }
public function assertIsString() { /**
if (!is_string($this->contents)) $this->error('must be a string'); * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsString()
{
if (!is_string($this->contents)) {
$this->error('must be a string');
}
return $this; return $this;
} }
public function assertIsBool() { /**
if (!is_bool($this->contents)) $this->error('must be a boolean'); * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsBool()
{
if (!is_bool($this->contents)) {
$this->error('must be a boolean');
}
return $this; return $this;
} }
public function assertIsArray() { /**
if (!is_array($this->contents)) $this->error('must be an array'); * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsArray()
{
if (!is_array($this->contents)) {
$this->error('must be an array');
}
return $this; return $this;
} }
public function assertNotNull() { /**
if ($this->contents === null) $this->error('must not be null'); * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotNull()
{
if ($this->contents === null) {
$this->error('must not be null');
}
return $this; return $this;
} }
public function assertAlnum() { /**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertAlnum()
{
$this->assertIsString(); $this->assertIsString();
if (!ctype_alnum($this->contents)) $this->error('must be alphanumeric'); if (!ctype_alnum($this->contents)) {
$this->error('must be alphanumeric');
}
return $this; return $this;
} }
public function assertNotEmpty() { /**
if (empty($this->contents)) $this->error('must not be empty'); * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotEmpty()
{
if (empty($this->contents)) {
$this->error('must not be empty');
}
return $this; return $this;
} }
public function assertIsLookup() { /**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsLookup()
{
$this->assertIsArray(); $this->assertIsArray();
foreach ($this->contents as $v) { foreach ($this->contents as $v) {
if ($v !== true) $this->error('must be a lookup array'); if ($v !== true) {
$this->error('must be a lookup array');
}
} }
return $this; return $this;
} }
protected function error($msg) { /**
* @param string $msg
* @throws HTMLPurifier_ConfigSchema_Exception
*/
protected function error($msg)
{
throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg); throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

55
library/HTMLPurifier/ContentSets.php
View File

@ -7,35 +7,42 @@ class HTMLPurifier_ContentSets
{ {
/** /**
* List of content set strings (pipe seperators) indexed by name. * List of content set strings (pipe separators) indexed by name.
* @type array
*/ */
public $info = array(); public $info = array();
/** /**
* List of content set lookups (element => true) indexed by name. * List of content set lookups (element => true) indexed by name.
* @type array
* @note This is in HTMLPurifier_HTMLDefinition->info_content_sets * @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
*/ */
public $lookup = array(); public $lookup = array();
/** /**
* Synchronized list of defined content sets (keys of info) * Synchronized list of defined content sets (keys of info).
* @type array
*/ */
protected $keys = array(); protected $keys = array();
/** /**
* Synchronized list of defined content values (values of info) * Synchronized list of defined content values (values of info).
* @type array
*/ */
protected $values = array(); protected $values = array();
/** /**
* Merges in module's content sets, expands identifiers in the content * Merges in module's content sets, expands identifiers in the content
* sets and populates the keys, values and lookup member variables. * sets and populates the keys, values and lookup member variables.
* @param $modules List of HTMLPurifier_HTMLModule * @param HTMLPurifier_HTMLModule[] $modules List of HTMLPurifier_HTMLModule
*/ */
public function __construct($modules) { public function __construct($modules)
if (!is_array($modules)) $modules = array($modules); {
if (!is_array($modules)) {
$modules = array($modules);
}
// populate content_sets based on module hints // populate content_sets based on module hints
// sorry, no way of overloading // sorry, no way of overloading
foreach ($modules as $module_i => $module) { foreach ($modules as $module) {
foreach ($module->content_sets as $key => $value) { foreach ($module->content_sets as $key => $value) {
$temp = $this->convertToLookup($value); $temp = $this->convertToLookup($value);
if (isset($this->lookup[$key])) { if (isset($this->lookup[$key])) {
@ -70,11 +77,14 @@ class HTMLPurifier_ContentSets
/** /**
* Accepts a definition; generates and assigns a ChildDef for it * Accepts a definition; generates and assigns a ChildDef for it
* @param $def HTMLPurifier_ElementDef reference * @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef reference
* @param $module Module that defined the ElementDef * @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
*/ */
public function generateChildDef(&$def, $module) { public function generateChildDef(&$def, $module)
if (!empty($def->child)) return; // already done! {
if (!empty($def->child)) { // already done!
return;
}
$content_model = $def->content_model; $content_model = $def->content_model;
if (is_string($content_model)) { if (is_string($content_model)) {
// Assume that $this->keys is alphanumeric // Assume that $this->keys is alphanumeric
@ -89,7 +99,8 @@ class HTMLPurifier_ContentSets
$def->child = $this->getChildDef($def, $module); $def->child = $this->getChildDef($def, $module);
} }
public function generateChildDefCallback($matches) { public function generateChildDefCallback($matches)
{
return $this->info[$matches[0]]; return $this->info[$matches[0]];
} }
@ -98,10 +109,12 @@ class HTMLPurifier_ContentSets
* member variables in HTMLPurifier_ElementDef * member variables in HTMLPurifier_ElementDef
* @note This will also defer to modules for custom HTMLPurifier_ChildDef * @note This will also defer to modules for custom HTMLPurifier_ChildDef
* subclasses that need content set expansion * subclasses that need content set expansion
* @param $def HTMLPurifier_ElementDef to have ChildDef extracted * @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef to have ChildDef extracted
* @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
* @return HTMLPurifier_ChildDef corresponding to ElementDef * @return HTMLPurifier_ChildDef corresponding to ElementDef
*/ */
public function getChildDef($def, $module) { public function getChildDef($def, $module)
{
$value = $def->content_model; $value = $def->content_model;
if (is_object($value)) { if (is_object($value)) {
trigger_error( trigger_error(
@ -126,7 +139,9 @@ class HTMLPurifier_ContentSets
if ($module->defines_child_def) { // save a func call if ($module->defines_child_def) { // save a func call
$return = $module->getChildDef($def); $return = $module->getChildDef($def);
} }
if ($return !== false) return $return; if ($return !== false) {
return $return;
}
// error-out // error-out
trigger_error( trigger_error(
'Could not determine which ChildDef class to instantiate', 'Could not determine which ChildDef class to instantiate',
@ -138,18 +153,18 @@ class HTMLPurifier_ContentSets
/** /**
* Converts a string list of elements separated by pipes into * Converts a string list of elements separated by pipes into
* a lookup array. * a lookup array.
* @param $string List of elements * @param string $string List of elements
* @return Lookup array of elements * @return array Lookup array of elements
*/ */
protected function convertToLookup($string) { protected function convertToLookup($string)
{
$array = explode('|', str_replace(' ', '', $string)); $array = explode('|', str_replace(' ', '', $string));
$ret = array(); $ret = array();
foreach ($array as $i => $k) { foreach ($array as $k) {
$ret[$k] = true; $ret[$k] = true;
} }
return $ret; return $ret;
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

53
library/HTMLPurifier/Context.php
View File

@ -12,18 +12,22 @@ class HTMLPurifier_Context
/** /**
* Private array that stores the references. * Private array that stores the references.
* @type array
*/ */
private $_storage = array(); private $_storage = array();
/** /**
* Registers a variable into the context. * Registers a variable into the context.
* @param $name String name * @param string $name String name
* @param $ref Reference to variable to be registered * @param mixed $ref Reference to variable to be registered
*/ */
public function register($name, &$ref) { public function register($name, &$ref)
{
if (isset($this->_storage[$name])) { if (isset($this->_storage[$name])) {
trigger_error("Name $name produces collision, cannot re-register", trigger_error(
E_USER_ERROR); "Name $name produces collision, cannot re-register",
E_USER_ERROR
);
return; return;
} }
$this->_storage[$name] =& $ref; $this->_storage[$name] =& $ref;
@ -31,14 +35,18 @@ class HTMLPurifier_Context
/** /**
* Retrieves a variable reference from the context. * Retrieves a variable reference from the context.
* @param $name String name * @param string $name String name
* @param $ignore_error Boolean whether or not to ignore error * @param bool $ignore_error Boolean whether or not to ignore error
* @return mixed
*/ */
public function &get($name, $ignore_error = false) { public function &get($name, $ignore_error = false)
{
if (!isset($this->_storage[$name])) { if (!isset($this->_storage[$name])) {
if (!$ignore_error) { if (!$ignore_error) {
trigger_error("Attempted to retrieve non-existent variable $name", trigger_error(
E_USER_ERROR); "Attempted to retrieve non-existent variable $name",
E_USER_ERROR
);
} }
$var = null; // so we can return by reference $var = null; // so we can return by reference
return $var; return $var;
@ -47,13 +55,16 @@ class HTMLPurifier_Context
} }
/** /**
* Destorys a variable in the context. * Destroys a variable in the context.
* @param $name String name * @param string $name String name
*/ */
public function destroy($name) { public function destroy($name)
{
if (!isset($this->_storage[$name])) { if (!isset($this->_storage[$name])) {
trigger_error("Attempted to destroy non-existent variable $name", trigger_error(
E_USER_ERROR); "Attempted to destroy non-existent variable $name",
E_USER_ERROR
);
return; return;
} }
unset($this->_storage[$name]); unset($this->_storage[$name]);
@ -61,22 +72,24 @@ class HTMLPurifier_Context
/** /**
* Checks whether or not the variable exists. * Checks whether or not the variable exists.
* @param $name String name * @param string $name String name
* @return bool
*/ */
public function exists($name) { public function exists($name)
{
return isset($this->_storage[$name]); return isset($this->_storage[$name]);
} }
/** /**
* Loads a series of variables from an associative array * Loads a series of variables from an associative array
* @param $context_array Assoc array of variables to load * @param array $context_array Assoc array of variables to load
*/ */
public function loadArray($context_array) { public function loadArray($context_array)
{
foreach ($context_array as $key => $discard) { foreach ($context_array as $key => $discard) {
$this->register($key, $context_array[$key]); $this->register($key, $context_array[$key]);
} }
} }
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

Some files were not shown because too many files have changed in this diff Show More