=')) { require_once 'HTMLPurifier/Lexer/DOMLex.php'; $lexer = new HTMLPurifier_Lexer_DOMLex(); } else { require_once 'HTMLPurifier/Lexer/DirectLex.php'; $lexer = new HTMLPurifier_Lexer_DirectLex(); } } return $lexer; } /** * Decimal to parsed string conversion table for special entities. * @protected */ var $_special_dec2str = array( 34 => '"', 38 => '&', 39 => "'", 60 => '<', 62 => '>' ); /** * Stripped entity names to decimal conversion table for special entities. * @protected */ var $_special_ent2dec = array( 'quot' => 34, 'amp' => 38, 'lt' => 60, 'gt' => 62 ); /** * Most common entity to raw value conversion table for special entities. * @protected */ var $_special_entity2str = array( '"' => '"', '&' => '&', '<' => '<', '>' => '>', ''' => "'", ''' => "'", ''' => "'" ); /** * Callback regex string for parsing entities. * @protected */ var $_substituteEntitiesRegex = '/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z]+));?/'; // 1. hex 2. dec 3. string /** * Substitutes non-special entities with their parsed equivalents. Since * running this whenever you have parsed character is t3h 5uck, we run * it before everything else. * * @protected * @param $string String to have non-special entities parsed. * @returns Parsed string. */ function substituteNonSpecialEntities($string) { // it will try to detect missing semicolons, but don't rely on it return preg_replace_callback( $this->_substituteEntitiesRegex, array($this, 'nonSpecialEntityCallback'), $string ); } /** * Callback function for substituteNonSpecialEntities() that does the work. * * @warning Though this is public in order to let the callback happen, * calling it directly is not recommended. * @param $matches PCRE matches array, with 0 the entire match, and * either index 1, 2 or 3 set with a hex value, dec value, * or string (respectively). * @returns Replacement string. * @todo Implement string translations */ function nonSpecialEntityCallback($matches) { // replaces all but big five $entity = $matches[0]; $is_num = (@$matches[0][1] === '#'); if ($is_num) { $is_hex = (@$entity[2] === 'x'); $int = $is_hex ? hexdec($matches[1]) : (int) $matches[2]; if (isset($this->_special_dec2str[$int])) return $entity; return chr($int); } else { if (isset($this->_special_ent2dec[$matches[3]])) return $entity; if (!$this->_entity_lookup) { require_once 'HTMLPurifier/EntityLookup.php'; $this->_entity_lookup = HTMLPurifier_EntityLookup::instance(); } if (isset($this->_entity_lookup->table[$matches[3]])) { return $this->_entity_lookup->table[$matches[3]]; } else { return $entity; } } } /** * Contains a copy of the EntityLookup table. * @protected */ var $_entity_lookup; /** * Translates CDATA sections into regular sections (through escaping). * * @protected * @param $string HTML string to process. * @returns HTML with CDATA sections escaped. */ function escapeCDATA($string) { return preg_replace_callback( '//', array('HTMLPurifier_Lexer', 'CDATACallback'), $string ); } /** * Callback function for escapeCDATA() that does the work. * * @warning Though this is public in order to let the callback happen, * calling it directly is not recommended. * @params $matches PCRE matches array, with index 0 the entire match * and 1 the inside of the CDATA section. * @returns Escaped internals of the CDATA section. */ function CDATACallback($matches) { // not exactly sure why the character set is needed, but whatever return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8'); } /** * Takes a string of HTML (fragment or document) and returns the content */ function extractBody($html, $return_bool = false) { $matches = array(); $result = preg_match('!
]*>(.+?)!is', $html, $matches); if ($return_bool) return $result; if ($result) { return $matches[1]; } else { return $html; } } } ?>