0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Commit Graph

1685 Commits

Author SHA1 Message Date
Michael Kliewe
becc9d40cf
Fixed missing return value (#349) 2022-11-19 14:26:34 -08:00
Michael Kliewe
909dda6621
Fixed wrong return PHPDoc (#348) 2022-11-18 21:03:18 -08:00
Michael Kliewe
2d1314820e
Added class_exists('Net_IDNA2') around optional external class (#351) 2022-11-18 20:56:21 -08:00
Michael Kliewe
d567de85e6
Fixed undefined property (#346) 2022-11-18 20:42:06 -08:00
Kieran
e55fead09f
fix: semantic release (#341)
Same as #339 but stops library/standalone and library/HTMLPurifier.standalone.phpfrom being commit
2022-09-20 12:45:11 -04:00
Edward Z. Yang
3e832152a6
Revert "fix: semantic release (#339)" (#340)
This reverts commit d82f3d996a.
2022-09-18 15:21:20 -04:00
Kieran
d82f3d996a
fix: semantic release (#339)
* fix: semantic release

* update git assets
2022-09-18 15:15:38 -04:00
semantic-release-bot
523407fb06 chore(release): 4.16.0 [skip ci]
# [4.16.0](https://github.com/ezyang/htmlpurifier/compare/v4.15.0...v4.16.0) (2022-09-18)

### Features

* add semantic release ([#307](https://github.com/ezyang/htmlpurifier/issues/307)) ([db31243](db312435cb)), closes [#322](https://github.com/ezyang/htmlpurifier/issues/322) [#323](https://github.com/ezyang/htmlpurifier/issues/323) [#326](https://github.com/ezyang/htmlpurifier/issues/326) [#327](https://github.com/ezyang/htmlpurifier/issues/327) [#328](https://github.com/ezyang/htmlpurifier/issues/328) [#329](https://github.com/ezyang/htmlpurifier/issues/329) [#330](https://github.com/ezyang/htmlpurifier/issues/330) [#331](https://github.com/ezyang/htmlpurifier/issues/331) [#332](https://github.com/ezyang/htmlpurifier/issues/332) [#333](https://github.com/ezyang/htmlpurifier/issues/333) [#337](https://github.com/ezyang/htmlpurifier/issues/337) [#335](https://github.com/ezyang/htmlpurifier/issues/335) [ezyang/htmlpurifier#334](https://github.com/ezyang/htmlpurifier/issues/334) [#336](https://github.com/ezyang/htmlpurifier/issues/336) [#338](https://github.com/ezyang/htmlpurifier/issues/338)
2022-09-18 07:06:19 +00:00
Kieran
db312435cb
feat: add semantic release (#307)
* Add semantic release

* fix typo

* split from matrix

* remove only on push

* remove npm plugin

* write changelog to NEWS

* list assets to include in git commit

* fix update-for-release

* lint pr title

* split release into separate workflow that runs manually

* revert ci.yml changes

* remove references to WHATSNEW

* Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323)

* Replace 8.1-deprecated utf8_ funcs with mbstring (#326)

* Treat PHP version numbers as strings in GitHub Actions (#327)

YAML will try to interpret numeric values as numbers, leading to `8.0` being
interpreted as `8` instead of `'8.0'`.

This doesn't result in a functional change, but cleans up the output of the
jobs a little (e.g. in the title line).

* Update to `actions/checkout@v3` (#328)

This does not introduce any functional difference and is intended as a
future-proofing change.

see https://github.com/actions/checkout/releases/tag/v3.0.0

* Fix test selection logic in tests/test_files.php (#329)

Selecting the `fstools` tests also executed the `htmlt` tests.

* Fix some more PHP 8.2 deprecations (#330)

* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.

* Increase minimum requirement to PHP 5.6 (#331)

* Add contenteditable attribute definition (#332)

* Add contenteditable attribute definition

* gate behind html.trusted

* use enum

* Fix creation of dynamic property (#333)

* Fix creation of dynamic property (#337)

* Add PHP 8.2 to CI (#335)

* Add PHP 8.2 to CI

see ezyang/htmlpurifier#334

* Add PHP 8.2 to composer.json

* Fix contenteditable attribute definition (#336)

* Run CSSTidy tests on CI (#338)

* Run CSSTidy tests on CI

* update dirname

* use compopser instead of git clone

* use composer

* use test-settings.sample.php

* enable ext-intl

* disable Net_IDNA2

* Release 4.15.0

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
Co-authored-by: John Flatness <john@zerocrates.org>
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
2022-09-18 02:44:00 -04:00
Edward Z. Yang
8d9f4c9ec1 Release 4.15.0
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2022-09-18 02:23:57 -04:00
Kieran
25824056ee
Run CSSTidy tests on CI (#338)
* Run CSSTidy tests on CI

* update dirname

* use compopser instead of git clone

* use composer

* use test-settings.sample.php

* enable ext-intl

* disable Net_IDNA2
2022-09-14 20:55:41 -07:00
Kieran
f1d6da13bc
Fix contenteditable attribute definition (#336) 2022-09-12 07:53:24 -07:00
Tim Düsterhus
dc27c78871
Add PHP 8.2 to CI (#335)
* Add PHP 8.2 to CI

see ezyang/htmlpurifier#334

* Add PHP 8.2 to composer.json
2022-09-11 19:51:02 -04:00
Kieran
ce9cf2ec99
Fix creation of dynamic property (#337) 2022-09-10 14:03:42 -04:00
Kieran
36e06603a8
Fix creation of dynamic property (#333) 2022-09-06 13:05:15 -04:00
Kieran
dbbd3e59f9
Add contenteditable attribute definition (#332)
* Add contenteditable attribute definition

* gate behind html.trusted

* use enum
2022-09-06 13:04:45 -04:00
Tim Düsterhus
1c2bae18e3
Increase minimum requirement to PHP 5.6 (#331) 2022-09-02 21:43:29 -04:00
Tim Düsterhus
1b80051115
Fix some more PHP 8.2 deprecations (#330)
* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.
2022-09-02 21:38:58 -04:00
Tim Düsterhus
c60bba1fe4
Fix test selection logic in tests/test_files.php (#329)
Selecting the `fstools` tests also executed the `htmlt` tests.
2022-09-02 21:35:32 -04:00
Tim Düsterhus
6ec13635ce
Update to actions/checkout@v3 (#328)
This does not introduce any functional difference and is intended as a
future-proofing change.

see https://github.com/actions/checkout/releases/tag/v3.0.0
2022-08-30 09:50:18 -04:00
Tim Düsterhus
be2a668e81
Treat PHP version numbers as strings in GitHub Actions (#327)
YAML will try to interpret numeric values as numbers, leading to `8.0` being
interpreted as `8` instead of `'8.0'`.

This doesn't result in a functional change, but cleans up the output of the
jobs a little (e.g. in the title line).
2022-08-30 09:46:59 -04:00
John Flatness
dff4746e13
Replace 8.1-deprecated utf8_ funcs with mbstring (#326) 2022-08-15 22:59:31 -04:00
Kieran
3fc193c755
Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323) 2022-06-27 17:20:36 -04:00
Tim Düsterhus
1db36fb09d
Fix some PHP 8.2 deprecations (#319)
* Define HTMLPurifier_Lexer::$_entity_parser property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_URIFilterHarness::$filter property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSync::$idDef property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSyncTest::$accumulator property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrValidator_ErrorsTest::$language property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_ChildDef_List::$whitespace property

This fixes a PHP 8.2 deprecation.

* Do not modify incoming tokens in RemoveSpansWithoutAttributes

Previously the undefined property `->markForDeletion` was added to the incoming
tokens. This causes a deprecation in PHP 8.2. Fix this by storing to-be-deleted
tokens inside SplObjectStorage. In PHP 8 a WeakMap would be preferable, as that
prevents leaks if `handleEnd` is never called for the token.
2022-06-10 16:30:01 -04:00
func0der
38296c603b
Composer suggestions with extensions (#317)
* Add suggestion for usage of Filter.ExtractStyleBlocks

Resolves #316

* Add php extensions as suggestions

Resolves #316

* Correct typo in composer property
2022-06-02 23:03:44 -04:00
David Rans
1dd3e52365
PHP 8.1: fix various deprecations/errors in newest version of PHP (#310)
* Test on PHP 8.1

* PHP 8.1: fix deprecated NULL param to glob()

* PHP 8.1: fix PHP error when passing NULL to rawurlencode()

* PHP 8.1: calling ctype_lower with FALSE is deprecated

* PHP 8.1: passing NULL to setAttribute() is deprecated

* PHP 8.1: passing NULL to str_replace() is an error

* PHP 8.1: fix error passing NULL to str_replace()

* PHP 8.1: fix return type deprecation with backwards compatible attribute

* Revert typo
2022-04-08 13:48:12 -04:00
Edward Z. Yang
12ab42bd6e Release 4.14.0
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2021-12-24 20:21:49 -05:00
Kieran
1c784a5c3d
ci: test on php 8.0 (#308)
* PHP 8 support

* only php 8.0

* Merged to master

Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
2021-12-23 21:26:25 -05:00
Kieran
41fc223f96
feat: transform deprecated width attribute (#306)
* Transform deprecated col@width attribute

* Transform deprecated table@width attribute

* reformat
2021-12-23 21:26:14 -05:00
Arkadiusz Biczewski
996eaf4331
Remove unnecessary reference assigment (#301)
* Remove unnecessary reference assigment

Proposed code is PHP5 and PHP7 compatible. PHP5 interpreted `$e->$type[$attr]` as `$e->{$type[$attr]}`, but the expected behavior based on workaround is consistent with PHP7 interpretation: `($e->$type)[$attr]`. By using curly braces `{$e->$type}[$attr]` there is a forced interpretation order working for both versions.
Details can be found on https://www.php.net/manual/en/migration70.incompatible.php (section "Changes to the handling of indirect variables, properties, and methods")

* Fix syntax

Use correct syntax for indirect variable evaluation order change.
2021-09-07 14:16:55 -04:00
Kieran
c97bb93223
Fix GH workflow conditions (#298)
* Fix GH workflow conditions

* Remove PHP 8
2021-07-26 10:16:49 -04:00
Max
288bf75acc
PHP 8 Support (#297)
Co-authored-by: Maksims Sļotovs <maksims.slotovs@printful.com>
2021-07-20 09:40:50 -04:00
Kieran
3a368d7668
Switch to GitHub Actions (#293) 2021-05-21 20:46:13 -04:00
Václav Smítal
6f9aac9325
CSS: Add "background-size" tag support (#289) 2021-04-22 10:01:00 -04:00
Kieran
1354e7e8c5
Fix "Parameter must be an array or an object that implements Countable" (#285) 2021-02-27 20:42:20 -05:00
Marcus Artner
214cb8a693
Fixed Issue #264: <thead> element removed from <table> if there are no <tbody> or <tr> elements (#283) 2021-01-26 11:11:50 -05:00
Jasper Zonneveld
2512f595e0
Check PHP version before checking magic quotes (#273)
This function has been DEPRECATED as of PHP 7.4.0. Relying on this function is highly discouraged. It is basically useless as of PHP 5.4 because it will always return false, so for modern applications it can be safely removed. But as this library still supports PHP 5.2 — according to the constraints in composer.json — I added a version check to prevent this method from being called (and trigger a notice) on PHP >=7.4.

See: https://www.php.net/manual/en/function.get-magic-quotes-gpc.php
2020-09-30 20:19:10 -04:00
kishor
6aa4166b7e
Issue-256: Fix PHP 7.3 compatibility issues update zend.ze1_compatibility_mode mode (#267) 2020-09-15 20:12:43 -04:00
kishor
4285590c90
issue-256: Fix PHP 7.3 compatibility issues (#266) 2020-09-15 12:38:39 -04:00
LeSuisse
15258fd24e
Fix typo in the 4.13.0 NEWS: PHP 6.4 never existed (#262)
Corresponding PRs (#230, #242) are about PHP 7.4 and PHP 6.4 has never
existed 🙂.
2020-07-06 14:36:33 -04:00
Edward Z. Yang
08e27c97e4 Release 4.13.0
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:56:53 -04:00
Edward Z. Yang
d7be9d2a8c Update changelog
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:55:45 -04:00
Edward Z. Yang
ce7efc11b2 Delete language tests that are interfering with PSR-0 compatibility
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:38:16 -04:00
Mateusz Turcza
3bdc031224
Add %HTML.Forms config directive (#260)
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted
value. This adds support for form elements without enabling other unsafe
modules, such as Scripts, Iframe or Object.

To achieve the same effect without this directive one has to explicitly list
all enabled modules in %HTML.AllowedModules, and any not listed will be
removed. This however is not very convenient, as the allowed modules may vary
between doctypes.

Resolves #213.
2020-06-28 20:26:33 -04:00
Sergei Morozov
d148edbcf1
Exclude more resources from the distribution package (#257) 2020-06-06 10:29:01 -04:00
Fräntz Miccoli
ced089434d
Make purifyArray work with empty array (#245) 2020-02-22 12:12:02 -05:00
Kieran
c2c91f52d0
Added tr@bgcolor to tidy (#244) 2020-02-22 12:10:30 -05:00
Eloy Lafuente
37dd61c45f Correct implode() params for php74 compliance (#243)
Passing parameters to implode() in reverse order is deprecated, use
implode($glue, $parts) instead of implode($parts, $glue).

Part of https://tracker.moodle.org/browse/MDL-67115
2020-01-21 11:17:18 -05:00
Witold Wasiczko
d15890222b Add support for stable php 7.4 (#242) 2020-01-02 06:58:15 -05:00
Anders Jenbo
fe0452d688 Correct typehinting of maybeGet* (#240)
getDefinition can return null, this wasn't properly hinted leaning to false error detections with static analyzers
2019-12-04 10:29:08 -05:00