Merge remote-tracking branch 'upstream/develop' into 1602-gcontact-cleanup
This commit is contained in:
		
				commit
				
					
						9261154eab
					
				
			
		
					 483 changed files with 23212 additions and 10894 deletions
				
			
		
							
								
								
									
										2
									
								
								boot.php
									
										
									
									
									
								
							
							
						
						
									
										2
									
								
								boot.php
									
										
									
									
									
								
							|  | @ -17,6 +17,8 @@ | |||
|  * easily as email does today. | ||||
|  */ | ||||
| 
 | ||||
| require_once('include/autoloader.php'); | ||||
|   | ||||
| require_once('include/config.php'); | ||||
| require_once('include/network.php'); | ||||
| require_once('include/plugin.php'); | ||||
|  |  | |||
|  | @ -47,8 +47,10 @@ Friendica Documentation and Resources | |||
| * [Theme Development](help/themes) | ||||
| * [Smarty 3 Templates](help/smarty3-templates) | ||||
| * [Database schema documantation](help/database) | ||||
| * [Class Autoloading](help/autoloader) | ||||
| * [Code - Reference(Doxygen generated - sets cookies)](doc/html/) | ||||
| 
 | ||||
| 
 | ||||
| **External Resources** | ||||
| 
 | ||||
| * [Main Website](http://friendica.com) | ||||
|  |  | |||
							
								
								
									
										209
									
								
								doc/autoloader.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										209
									
								
								doc/autoloader.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,209 @@ | |||
| Autoloader | ||||
| ========== | ||||
| 
 | ||||
| * [Home](help) | ||||
| 
 | ||||
| There is some initial support to class autoloading in Friendica core. | ||||
| 
 | ||||
| The autoloader code is in `include/autoloader.php`. | ||||
| It's derived from composer autoloader code. | ||||
| 
 | ||||
| Namespaces and Classes are mapped to folders and files in `library/`, | ||||
| and the map must be updated by hand, because we don't use composer yet. | ||||
| The mapping is defined by files in `include/autoloader/` folder. | ||||
| 
 | ||||
| Currently, only HTMLPurifier library is loaded using autoloader. | ||||
| 
 | ||||
| 
 | ||||
| ## A quick introdution to class autoloading | ||||
| 
 | ||||
| The autoloader it's a way for php to automagically include the file that define a class when the class is first used, without the need to use "require_once" every time. | ||||
| 
 | ||||
| Once is setup you don't have to use it in any way. You need a class? you use the class. | ||||
| 
 | ||||
| At his basic is a function passed to the "spl_autoload_register()" function, which receive as argument the class name the script want and is it job to include the correct php file where that class is defined. | ||||
| The best source for documentation is [php site](http://php.net/manual/en/language.oop5.autoload.php). | ||||
| 
 | ||||
| One example, based on fictional friendica code. | ||||
| 
 | ||||
| Let's say you have a php file in "include/" that define a very useful class: | ||||
| 
 | ||||
| ``` | ||||
|     file: include/ItemsManager.php | ||||
|     <?php | ||||
|     namespace \Friendica; | ||||
|      | ||||
|     class ItemsManager { | ||||
|        public function getAll() { ... } | ||||
|        public function getByID($id) { ... } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| The class "ItemsManager" has been declared in "Friendica" namespace. | ||||
| Namespaces are useful to keep things separated and avoid names clash (could be that a library you want to use defines a class named "ItemsManager", but as long as is in another namespace, you don't have any problem) | ||||
| 
 | ||||
| If we were using composer, we had configured it with path where to find the classes of "Friendica" namespace, and then the composer script will generate the autoloader machinery for us. | ||||
| As we don't use composer, we need check that the autoloader knows the Friendica namespace. | ||||
| So in "include/autoloader/autoload_psr4.php" there should be something like | ||||
| 
 | ||||
| ``` | ||||
|     $vendorDir = dirname(dirname(dirname(__FILE__)))."/library"; | ||||
|     $baseDir = dirname($vendorDir); | ||||
|     return array( | ||||
|        "Friendica" => array($baseDir."/include"); | ||||
|     ); | ||||
| ``` | ||||
| 
 | ||||
| 
 | ||||
| That tells the autoloader code to look for files that defines classes in "Friendica" namespace under "include/" folder. (And btw, that's why the file has the same name as the class it defines.) | ||||
| 
 | ||||
| *note*: The structure of files in "include/autoloader/" has been copied from the code generated by composer, to ease the work of enable autoloader for external libraries under "library/" | ||||
| 
 | ||||
| Let's say now that you need to load some items in a view, maybe in a fictional "mod/network.php". | ||||
| Somewere at the start of the scripts, the autoloader was initialized. In Friendica is done at the top of "boot.php", with "require_once('include/autoloader.php');". | ||||
| 
 | ||||
| The code will be something like: | ||||
| 
 | ||||
| ``` | ||||
|     file: mod/network.php | ||||
|     <?php | ||||
|      | ||||
|     function network_content(&$a) { | ||||
|        $itemsmanager = new \Friendica\ItemsManager(); | ||||
|        $items = $itemsmanager->getAll(); | ||||
|      | ||||
|        // pass $items to template | ||||
|        // return result | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| That's a quite simple example, but look: no "require()"! | ||||
| You need to use a class, you use the class and you don't need to do anything more. | ||||
| 
 | ||||
| Going further: now we have a bunch of "*Manager" classes that cause some code duplication, let's define a BaseManager class, where to move all code in common between all managers: | ||||
| 
 | ||||
| ``` | ||||
|     file: include/BaseManager.php | ||||
|     <?php | ||||
|     namespace \Friendica; | ||||
|      | ||||
|     class BaseManager { | ||||
|       public function thatFunctionEveryManagerUses() { ... } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| and then let's change the ItemsManager class to use this code | ||||
| 
 | ||||
| ``` | ||||
|     file: include/ItemsManager.php | ||||
|     <?php | ||||
|     namespace \Friendica; | ||||
|      | ||||
|     class ItemsManager extends BaseManager { | ||||
|        public function getAll() { ... } | ||||
|        public function getByID($id) { ... } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| The autoloader don't mind what you need the class for. You need a class, you get the class. | ||||
| It works with the "BaseManager" example here, it works when we need to call static methods on a class: | ||||
| 
 | ||||
| ``` | ||||
|     file: include/dfrn.php | ||||
|     <?php     | ||||
|     namespace \Friendica; | ||||
|      | ||||
|     class dfrn { | ||||
|       public static function  mail($item, $owner) { ... } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| ``` | ||||
|     file: mod/mail.php | ||||
|     <?php | ||||
|      | ||||
|     mail_post($a){ | ||||
|      ... | ||||
|      \Friendica\dfrn::mail($item, $owner); | ||||
|      ... | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| If your code is in same namespace as the class you need, you don't need to prepend it: | ||||
| 
 | ||||
| ``` | ||||
|     file: include/delivery.php | ||||
|     <?php | ||||
|      | ||||
|     namespace \Friendica; | ||||
|      | ||||
|     // this is the same content of current include/delivery.php,  | ||||
|     // but has been declared to be in "Friendica" namespace | ||||
|      | ||||
|     [...] | ||||
|     switch($contact['network']) { | ||||
|      | ||||
|         case NETWORK_DFRN: | ||||
|             if ($mail) { | ||||
|                 $item['body'] = ... | ||||
|                 $atom = dfrn::mail($item, $owner); | ||||
|             } elseif ($fsuggest) { | ||||
|                 $atom = dfrn::fsuggest($item, $owner); | ||||
|                 q("DELETE FROM `fsuggest` WHERE `id` = %d LIMIT 1", intval($item['id'])); | ||||
|             } elseif ($relocate) | ||||
|                 $atom = dfrn::relocate($owner, $uid); | ||||
|     [...] | ||||
| ``` | ||||
| 
 | ||||
| This is real "include/delivery.php" unchanged, but as the code is declared to be in "Friendica" namespace, you don't need to write it when you need to use the "dfrn" class. | ||||
| But if you want to use classes from another library, you need to use the full namespace, e.g. | ||||
| 
 | ||||
| ``` | ||||
|     <?php | ||||
|     namespace \Frienidca; | ||||
|      | ||||
|     class Diaspora { | ||||
|       public function md2bbcode() { | ||||
|         $html = \Michelf\MarkdownExtra::defaultTransform($text);  | ||||
|       } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| if you use that class in many places of the code and you don't want to write the full path to the class everytime, you can use the "use" php keyword | ||||
| 
 | ||||
| ``` | ||||
|     <?php | ||||
|     namespace \Frienidca; | ||||
|      | ||||
|     use \Michelf\MarkdownExtra; | ||||
|      | ||||
|     class Diaspora { | ||||
|       public function md2bbcode() { | ||||
|         $html = MarkdownExtra::defaultTransform($text);  | ||||
|       } | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| Note that namespaces are like paths in filesystem, separated by "\", with the first "\" being the global scope. | ||||
| You can go more deep if you want to, like: | ||||
| 
 | ||||
| ``` | ||||
|     <?php | ||||
|     namespace \Friendica\Network; | ||||
|      | ||||
|     class DFRN { | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| or | ||||
| 
 | ||||
| ``` | ||||
|     <?php | ||||
|     namespace \Friendica\DBA; | ||||
|      | ||||
|     class MySQL { | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| So you can think of namespaces as folders in a unix filesystem, with global scope as the root ("\"). | ||||
| 
 | ||||
|  | @ -814,8 +814,6 @@ | |||
| 
 | ||||
| 		if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { | ||||
| 
 | ||||
| 			require_once('library/HTMLPurifier.auto.php'); | ||||
| 
 | ||||
| 			$txt = html2bb_video($txt); | ||||
| 			$config = HTMLPurifier_Config::createDefault(); | ||||
| 			$config->set('Cache.DefinitionImpl', null); | ||||
|  | @ -855,9 +853,6 @@ | |||
| 		if(requestdata('htmlstatus')) { | ||||
| 			$txt = requestdata('htmlstatus'); | ||||
| 			if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { | ||||
| 
 | ||||
| 				require_once('library/HTMLPurifier.auto.php'); | ||||
| 
 | ||||
| 				$txt = html2bb_video($txt); | ||||
| 
 | ||||
| 				$config = HTMLPurifier_Config::createDefault(); | ||||
|  |  | |||
							
								
								
									
										69
									
								
								include/autoloader.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								include/autoloader.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,69 @@ | |||
| <?php | ||||
| /** | ||||
|  * @file include/autoloader.php | ||||
|  */ | ||||
| 
 | ||||
| /** | ||||
|  * @brief composer-derived autoloader init | ||||
|  **/ | ||||
| class FriendicaAutoloaderInit | ||||
| { | ||||
|     private static $loader; | ||||
| 
 | ||||
|     public static function loadClassLoader($class) | ||||
|     { | ||||
|         if ('Composer\Autoload\ClassLoader' === $class) { | ||||
|             require __DIR__ . '/autoloader/ClassLoader.php'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     public static function getLoader() | ||||
|     { | ||||
|         if (null !== self::$loader) { | ||||
|             return self::$loader; | ||||
|         } | ||||
| 
 | ||||
|         spl_autoload_register(array('FriendicaAutoloaderInit', 'loadClassLoader'), true, true); | ||||
|         self::$loader = $loader = new \Composer\Autoload\ClassLoader(); | ||||
|         spl_autoload_unregister(array('FriendicaAutoloaderInit', 'loadClassLoader')); | ||||
| 
 | ||||
|         // library 
 | ||||
|         $map = require __DIR__ . '/autoloader/autoload_namespaces.php'; | ||||
|         foreach ($map as $namespace => $path) { | ||||
|             $loader->set($namespace, $path); | ||||
|         } | ||||
| 
 | ||||
|         $map = require __DIR__ . '/autoloader/autoload_psr4.php'; | ||||
|         foreach ($map as $namespace => $path) { | ||||
|             $loader->setPsr4($namespace, $path); | ||||
|         } | ||||
| 
 | ||||
|         $classMap = require __DIR__ . '/autoloader/autoload_classmap.php'; | ||||
|         if ($classMap) { | ||||
|             $loader->addClassMap($classMap); | ||||
|         } | ||||
|          | ||||
|         $loader->register(true); | ||||
|          | ||||
|         $includeFiles = require __DIR__ . '/autoloader/autoload_files.php'; | ||||
|         foreach ($includeFiles as $fileIdentifier => $file) { | ||||
|             friendicaRequire($fileIdentifier, $file); | ||||
|         } | ||||
|          | ||||
| 
 | ||||
|         return $loader; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| function friendicaRequire($fileIdentifier, $file) | ||||
| { | ||||
|     if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { | ||||
|         require $file; | ||||
| 
 | ||||
|         $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| return FriendicaAutoloaderInit::getLoader(); | ||||
							
								
								
									
										413
									
								
								include/autoloader/ClassLoader.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										413
									
								
								include/autoloader/ClassLoader.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,413 @@ | |||
| <?php | ||||
| 
 | ||||
| /* | ||||
|  * This file is part of Composer. | ||||
|  * | ||||
|  * (c) Nils Adermann <naderman@naderman.de> | ||||
|  *     Jordi Boggiano <j.boggiano@seld.be> | ||||
|  * | ||||
|  * For the full copyright and license information, please view the LICENSE.composer | ||||
|  * file that was distributed with this source code. | ||||
|  */ | ||||
| 
 | ||||
| namespace Composer\Autoload; | ||||
| 
 | ||||
| /** | ||||
|  * ClassLoader implements a PSR-0 class loader | ||||
|  * | ||||
|  * See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md | ||||
|  * | ||||
|  *     $loader = new \Composer\Autoload\ClassLoader(); | ||||
|  * | ||||
|  *     // register classes with namespaces
 | ||||
|  *     $loader->add('Symfony\Component', __DIR__.'/component'); | ||||
|  *     $loader->add('Symfony',           __DIR__.'/framework'); | ||||
|  * | ||||
|  *     // activate the autoloader
 | ||||
|  *     $loader->register(); | ||||
|  * | ||||
|  *     // to enable searching the include path (eg. for PEAR packages)
 | ||||
|  *     $loader->setUseIncludePath(true); | ||||
|  * | ||||
|  * In this example, if you try to use a class in the Symfony\Component | ||||
|  * namespace or one of its children (Symfony\Component\Console for instance), | ||||
|  * the autoloader will first look for the class under the component/ | ||||
|  * directory, and it will then fallback to the framework/ directory if not | ||||
|  * found before giving up. | ||||
|  * | ||||
|  * This class is loosely based on the Symfony UniversalClassLoader. | ||||
|  * | ||||
|  * @author Fabien Potencier <fabien@symfony.com> | ||||
|  * @author Jordi Boggiano <j.boggiano@seld.be> | ||||
|  */ | ||||
| class ClassLoader | ||||
| { | ||||
|     // PSR-4
 | ||||
|     private $prefixLengthsPsr4 = array(); | ||||
|     private $prefixDirsPsr4 = array(); | ||||
|     private $fallbackDirsPsr4 = array(); | ||||
| 
 | ||||
|     // PSR-0
 | ||||
|     private $prefixesPsr0 = array(); | ||||
|     private $fallbackDirsPsr0 = array(); | ||||
| 
 | ||||
|     private $useIncludePath = false; | ||||
|     private $classMap = array(); | ||||
| 
 | ||||
|     private $classMapAuthoritative = false; | ||||
| 
 | ||||
|     public function getPrefixes() | ||||
|     { | ||||
|         if (!empty($this->prefixesPsr0)) { | ||||
|             return call_user_func_array('array_merge', $this->prefixesPsr0); | ||||
|         } | ||||
| 
 | ||||
|         return array(); | ||||
|     } | ||||
| 
 | ||||
|     public function getPrefixesPsr4() | ||||
|     { | ||||
|         return $this->prefixDirsPsr4; | ||||
|     } | ||||
| 
 | ||||
|     public function getFallbackDirs() | ||||
|     { | ||||
|         return $this->fallbackDirsPsr0; | ||||
|     } | ||||
| 
 | ||||
|     public function getFallbackDirsPsr4() | ||||
|     { | ||||
|         return $this->fallbackDirsPsr4; | ||||
|     } | ||||
| 
 | ||||
|     public function getClassMap() | ||||
|     { | ||||
|         return $this->classMap; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $classMap Class to filename map | ||||
|      */ | ||||
|     public function addClassMap(array $classMap) | ||||
|     { | ||||
|         if ($this->classMap) { | ||||
|             $this->classMap = array_merge($this->classMap, $classMap); | ||||
|         } else { | ||||
|             $this->classMap = $classMap; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Registers a set of PSR-0 directories for a given prefix, either | ||||
|      * appending or prepending to the ones previously set for this prefix. | ||||
|      * | ||||
|      * @param string       $prefix  The prefix | ||||
|      * @param array|string $paths   The PSR-0 root directories | ||||
|      * @param bool         $prepend Whether to prepend the directories | ||||
|      */ | ||||
|     public function add($prefix, $paths, $prepend = false) | ||||
|     { | ||||
|         if (!$prefix) { | ||||
|             if ($prepend) { | ||||
|                 $this->fallbackDirsPsr0 = array_merge( | ||||
|                     (array) $paths, | ||||
|                     $this->fallbackDirsPsr0 | ||||
|                 ); | ||||
|             } else { | ||||
|                 $this->fallbackDirsPsr0 = array_merge( | ||||
|                     $this->fallbackDirsPsr0, | ||||
|                     (array) $paths | ||||
|                 ); | ||||
|             } | ||||
| 
 | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         $first = $prefix[0]; | ||||
|         if (!isset($this->prefixesPsr0[$first][$prefix])) { | ||||
|             $this->prefixesPsr0[$first][$prefix] = (array) $paths; | ||||
| 
 | ||||
|             return; | ||||
|         } | ||||
|         if ($prepend) { | ||||
|             $this->prefixesPsr0[$first][$prefix] = array_merge( | ||||
|                 (array) $paths, | ||||
|                 $this->prefixesPsr0[$first][$prefix] | ||||
|             ); | ||||
|         } else { | ||||
|             $this->prefixesPsr0[$first][$prefix] = array_merge( | ||||
|                 $this->prefixesPsr0[$first][$prefix], | ||||
|                 (array) $paths | ||||
|             ); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Registers a set of PSR-4 directories for a given namespace, either | ||||
|      * appending or prepending to the ones previously set for this namespace. | ||||
|      * | ||||
|      * @param string       $prefix  The prefix/namespace, with trailing '\\' | ||||
|      * @param array|string $paths   The PSR-0 base directories | ||||
|      * @param bool         $prepend Whether to prepend the directories | ||||
|      * | ||||
|      * @throws \InvalidArgumentException | ||||
|      */ | ||||
|     public function addPsr4($prefix, $paths, $prepend = false) | ||||
|     { | ||||
|         if (!$prefix) { | ||||
|             // Register directories for the root namespace.
 | ||||
|             if ($prepend) { | ||||
|                 $this->fallbackDirsPsr4 = array_merge( | ||||
|                     (array) $paths, | ||||
|                     $this->fallbackDirsPsr4 | ||||
|                 ); | ||||
|             } else { | ||||
|                 $this->fallbackDirsPsr4 = array_merge( | ||||
|                     $this->fallbackDirsPsr4, | ||||
|                     (array) $paths | ||||
|                 ); | ||||
|             } | ||||
|         } elseif (!isset($this->prefixDirsPsr4[$prefix])) { | ||||
|             // Register directories for a new namespace.
 | ||||
|             $length = strlen($prefix); | ||||
|             if ('\\' !== $prefix[$length - 1]) { | ||||
|                 throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); | ||||
|             } | ||||
|             $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; | ||||
|             $this->prefixDirsPsr4[$prefix] = (array) $paths; | ||||
|         } elseif ($prepend) { | ||||
|             // Prepend directories for an already registered namespace.
 | ||||
|             $this->prefixDirsPsr4[$prefix] = array_merge( | ||||
|                 (array) $paths, | ||||
|                 $this->prefixDirsPsr4[$prefix] | ||||
|             ); | ||||
|         } else { | ||||
|             // Append directories for an already registered namespace.
 | ||||
|             $this->prefixDirsPsr4[$prefix] = array_merge( | ||||
|                 $this->prefixDirsPsr4[$prefix], | ||||
|                 (array) $paths | ||||
|             ); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Registers a set of PSR-0 directories for a given prefix, | ||||
|      * replacing any others previously set for this prefix. | ||||
|      * | ||||
|      * @param string       $prefix The prefix | ||||
|      * @param array|string $paths  The PSR-0 base directories | ||||
|      */ | ||||
|     public function set($prefix, $paths) | ||||
|     { | ||||
|         if (!$prefix) { | ||||
|             $this->fallbackDirsPsr0 = (array) $paths; | ||||
|         } else { | ||||
|             $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Registers a set of PSR-4 directories for a given namespace, | ||||
|      * replacing any others previously set for this namespace. | ||||
|      * | ||||
|      * @param string       $prefix The prefix/namespace, with trailing '\\' | ||||
|      * @param array|string $paths  The PSR-4 base directories | ||||
|      * | ||||
|      * @throws \InvalidArgumentException | ||||
|      */ | ||||
|     public function setPsr4($prefix, $paths) | ||||
|     { | ||||
|         if (!$prefix) { | ||||
|             $this->fallbackDirsPsr4 = (array) $paths; | ||||
|         } else { | ||||
|             $length = strlen($prefix); | ||||
|             if ('\\' !== $prefix[$length - 1]) { | ||||
|                 throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); | ||||
|             } | ||||
|             $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; | ||||
|             $this->prefixDirsPsr4[$prefix] = (array) $paths; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Turns on searching the include path for class files. | ||||
|      * | ||||
|      * @param bool $useIncludePath | ||||
|      */ | ||||
|     public function setUseIncludePath($useIncludePath) | ||||
|     { | ||||
|         $this->useIncludePath = $useIncludePath; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Can be used to check if the autoloader uses the include path to check | ||||
|      * for classes. | ||||
|      * | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function getUseIncludePath() | ||||
|     { | ||||
|         return $this->useIncludePath; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Turns off searching the prefix and fallback directories for classes | ||||
|      * that have not been registered with the class map. | ||||
|      * | ||||
|      * @param bool $classMapAuthoritative | ||||
|      */ | ||||
|     public function setClassMapAuthoritative($classMapAuthoritative) | ||||
|     { | ||||
|         $this->classMapAuthoritative = $classMapAuthoritative; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Should class lookup fail if not found in the current class map? | ||||
|      * | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function isClassMapAuthoritative() | ||||
|     { | ||||
|         return $this->classMapAuthoritative; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Registers this instance as an autoloader. | ||||
|      * | ||||
|      * @param bool $prepend Whether to prepend the autoloader or not | ||||
|      */ | ||||
|     public function register($prepend = false) | ||||
|     { | ||||
|         spl_autoload_register(array($this, 'loadClass'), true, $prepend); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Unregisters this instance as an autoloader. | ||||
|      */ | ||||
|     public function unregister() | ||||
|     { | ||||
|         spl_autoload_unregister(array($this, 'loadClass')); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads the given class or interface. | ||||
|      * | ||||
|      * @param  string    $class The name of the class | ||||
|      * @return bool|null True if loaded, null otherwise | ||||
|      */ | ||||
|     public function loadClass($class) | ||||
|     { | ||||
|         if ($file = $this->findFile($class)) { | ||||
|             includeFile($file); | ||||
| 
 | ||||
|             return true; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Finds the path to the file where the class is defined. | ||||
|      * | ||||
|      * @param string $class The name of the class | ||||
|      * | ||||
|      * @return string|false The path if found, false otherwise | ||||
|      */ | ||||
|     public function findFile($class) | ||||
|     { | ||||
|         // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
 | ||||
|         if ('\\' == $class[0]) { | ||||
|             $class = substr($class, 1); | ||||
|         } | ||||
| 
 | ||||
|         // class map lookup
 | ||||
|         if (isset($this->classMap[$class])) { | ||||
|             return $this->classMap[$class]; | ||||
|         } | ||||
|         if ($this->classMapAuthoritative) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $file = $this->findFileWithExtension($class, '.php'); | ||||
| 
 | ||||
|         // Search for Hack files if we are running on HHVM
 | ||||
|         if ($file === null && defined('HHVM_VERSION')) { | ||||
|             $file = $this->findFileWithExtension($class, '.hh'); | ||||
|         } | ||||
| 
 | ||||
|         if ($file === null) { | ||||
|             // Remember that this class does not exist.
 | ||||
|             return $this->classMap[$class] = false; | ||||
|         } | ||||
| 
 | ||||
|         return $file; | ||||
|     } | ||||
| 
 | ||||
|     private function findFileWithExtension($class, $ext) | ||||
|     { | ||||
|         // PSR-4 lookup
 | ||||
|         $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; | ||||
| 
 | ||||
|         $first = $class[0]; | ||||
|         if (isset($this->prefixLengthsPsr4[$first])) { | ||||
|             foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) { | ||||
|                 if (0 === strpos($class, $prefix)) { | ||||
|                     foreach ($this->prefixDirsPsr4[$prefix] as $dir) { | ||||
|                         if (is_file($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) { | ||||
|                             return $file; | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // PSR-4 fallback dirs
 | ||||
|         foreach ($this->fallbackDirsPsr4 as $dir) { | ||||
|             if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { | ||||
|                 return $file; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // PSR-0 lookup
 | ||||
|         if (false !== $pos = strrpos($class, '\\')) { | ||||
|             // namespaced class name
 | ||||
|             $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) | ||||
|                 . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); | ||||
|         } else { | ||||
|             // PEAR-like class name
 | ||||
|             $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; | ||||
|         } | ||||
| 
 | ||||
|         if (isset($this->prefixesPsr0[$first])) { | ||||
|             foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { | ||||
|                 if (0 === strpos($class, $prefix)) { | ||||
|                     foreach ($dirs as $dir) { | ||||
|                         if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { | ||||
|                             return $file; | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // PSR-0 fallback dirs
 | ||||
|         foreach ($this->fallbackDirsPsr0 as $dir) { | ||||
|             if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { | ||||
|                 return $file; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // PSR-0 include paths.
 | ||||
|         if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { | ||||
|             return $file; | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| /** | ||||
|  * Scope isolated include. | ||||
|  * | ||||
|  * Prevents access to $this/self from included files. | ||||
|  */ | ||||
| function includeFile($file) | ||||
| { | ||||
|     include $file; | ||||
| } | ||||
							
								
								
									
										19
									
								
								include/autoloader/LICENSE.composer
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								include/autoloader/LICENSE.composer
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,19 @@ | |||
| Copyright (c) 2015 Nils Adermann, Jordi Boggiano | ||||
| 
 | ||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
| of this software and associated documentation files (the Software), to deal | ||||
| in the Software without restriction, including without limitation the rights | ||||
| to use, copy, modify, merge, publish, distribute, sublicense, andor sell | ||||
| copies of the Software, and to permit persons to whom the Software is furnished | ||||
| to do so, subject to the following conditions | ||||
| 
 | ||||
| The above copyright notice and this permission notice shall be included in all | ||||
| copies or substantial portions of the Software. | ||||
| 
 | ||||
| THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||||
| THE SOFTWARE. | ||||
							
								
								
									
										9
									
								
								include/autoloader/autoload_classmap.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								include/autoloader/autoload_classmap.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | |||
| <?php | ||||
| 
 | ||||
| // autoload_classmap.php @generated by Composer
 | ||||
| 
 | ||||
| $vendorDir = dirname(dirname(dirname(__FILE__)))."/library"; | ||||
| $baseDir = dirname($vendorDir); | ||||
| 
 | ||||
| return array( | ||||
| ); | ||||
							
								
								
									
										10
									
								
								include/autoloader/autoload_files.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								include/autoloader/autoload_files.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | |||
| <?php | ||||
| 
 | ||||
| // autoload_files.php @generated by Composer
 | ||||
| 
 | ||||
| $vendorDir = dirname(dirname(dirname(__FILE__)))."/library"; | ||||
| $baseDir = dirname($vendorDir); | ||||
| 
 | ||||
| return array( | ||||
|     '2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php', | ||||
| ); | ||||
							
								
								
									
										10
									
								
								include/autoloader/autoload_namespaces.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								include/autoloader/autoload_namespaces.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | |||
| <?php | ||||
| 
 | ||||
| // autoload_namespaces.php @generated by Composer
 | ||||
| 
 | ||||
| $vendorDir = dirname(dirname(dirname(__FILE__)))."/library"; | ||||
| $baseDir = dirname($vendorDir); | ||||
| 
 | ||||
| return array( | ||||
|     'HTMLPurifier' => array($vendorDir . '/ezyang/htmlpurifier/library'), | ||||
| ); | ||||
							
								
								
									
										9
									
								
								include/autoloader/autoload_psr4.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								include/autoloader/autoload_psr4.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | |||
| <?php | ||||
| 
 | ||||
| // autoload_psr4.php @generated by Composer
 | ||||
| 
 | ||||
| $vendorDir = dirname(dirname(dirname(__FILE__)))."/library"; | ||||
| $baseDir = dirname($vendorDir); | ||||
| 
 | ||||
| return array( | ||||
| ); | ||||
|  | @ -18,7 +18,6 @@ require_once("include/event.php"); | |||
| require_once("include/text.php"); | ||||
| require_once("include/oembed.php"); | ||||
| require_once("include/html2bbcode.php"); | ||||
| require_once("library/HTMLPurifier.auto.php"); | ||||
| 
 | ||||
| /** | ||||
|  * @brief This class contain functions to create and send DFRN XML files | ||||
|  |  | |||
|  | @ -76,7 +76,6 @@ function format_event_html($ev, $simple = false) { | |||
| function parse_event($h) { | ||||
| 
 | ||||
| 	require_once('include/Scrape.php'); | ||||
| 	require_once('library/HTMLPurifier.auto.php'); | ||||
| 	require_once('include/html2bbcode'); | ||||
| 
 | ||||
| 	$h = '<html><body>' . $h . '</body></html>'; | ||||
|  |  | |||
|  | @ -215,7 +215,7 @@ function mini_group_select($uid,$gid = 0) { | |||
| 
 | ||||
| /** | ||||
|  * @brief Create group sidebar widget | ||||
|  *  | ||||
|  * | ||||
|  * @param string $every | ||||
|  * @param string $each | ||||
|  * @param string $editmode | ||||
|  | @ -234,7 +234,7 @@ function group_side($every="contacts",$each="group",$editmode = "standard", $gro | |||
| 		return ''; | ||||
| 
 | ||||
| 	$groups = array(); | ||||
| 	 | ||||
| 
 | ||||
| 	$groups[] = array( | ||||
| 		'text' 	=> t('Everybody'), | ||||
| 		'id' => 0, | ||||
|  | @ -255,7 +255,7 @@ function group_side($every="contacts",$each="group",$editmode = "standard", $gro | |||
| 	if(count($r)) { | ||||
| 		foreach($r as $rr) { | ||||
| 			$selected = (($group_id == $rr['id']) ? ' group-selected' : ''); | ||||
| 			 | ||||
| 
 | ||||
| 			if ($editmode == "full") { | ||||
| 				$groupedit = array( | ||||
| 					'href' => "group/".$rr['id'], | ||||
|  | @ -264,7 +264,7 @@ function group_side($every="contacts",$each="group",$editmode = "standard", $gro | |||
| 			} else { | ||||
| 				$groupedit = null; | ||||
| 			} | ||||
| 			 | ||||
| 
 | ||||
| 			$groups[] = array( | ||||
| 				'id'		=> $rr['id'], | ||||
| 				'cid'		=> $cid, | ||||
|  | @ -362,14 +362,13 @@ function groups_containing($uid,$c) { | |||
|  */ | ||||
| function groups_count_unseen() { | ||||
| 
 | ||||
| 	$r = q("SELECT `group`.`id`, `group`.`name`, COUNT(`item`.`id`) AS `count` FROM `group`, `group_member`, `item`
 | ||||
| 			WHERE `group`.`uid` = %d | ||||
| 			AND `item`.`uid` = %d | ||||
| 			AND `item`.`unseen` AND `item`.`visible` | ||||
| 			AND NOT `item`.`deleted` | ||||
| 			AND `item`.`contact-id` = `group_member`.`contact-id` | ||||
| 			AND `group_member`.`gid` = `group`.`id` | ||||
| 			GROUP BY `group`.`id` ",
 | ||||
| 	$r = q("SELECT `group`.`id`, `group`.`name`,
 | ||||
| 			(SELECT COUNT(*) FROM `item` | ||||
| 				WHERE `uid` = %d AND `unseen` AND | ||||
| 					`contact-id` IN (SELECT `contact-id` FROM `group_member` | ||||
| 								WHERE `group_member`.`gid` = `group`.`id` AND `group_member`.`uid` = %d)) AS `count` | ||||
| 			FROM `group` WHERE `group`.`uid` = %d;",
 | ||||
| 		intval(local_user()), | ||||
| 		intval(local_user()), | ||||
| 		intval(local_user()) | ||||
| 	); | ||||
|  |  | |||
|  | @ -1,21 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number | ||||
| { | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         parent::__construct(false); // opacity is non-negative, but we will clamp it
 | ||||
|     } | ||||
| 
 | ||||
|     public function validate($number, $config, $context) { | ||||
|         $result = parent::validate($number, $config, $context); | ||||
|         if ($result === false) return $result; | ||||
|         $float = (float) $result; | ||||
|         if ($float < 0.0) $result = '0'; | ||||
|         if ($float > 1.0) $result = '1'; | ||||
|         return $result; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,28 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Decorator which enables CSS properties to be disabled for specific elements. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef | ||||
| { | ||||
|     public $def, $element; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $def Definition to wrap | ||||
|      * @param $element Element to deny | ||||
|      */ | ||||
|     public function __construct($def, $element) { | ||||
|         $this->def = $def; | ||||
|         $this->element = $element; | ||||
|     } | ||||
|     /** | ||||
|      * Checks if CurrentToken is set and equal to $this->element | ||||
|      */ | ||||
|     public function validate($string, $config, $context) { | ||||
|         $token = $context->get('CurrentToken', true); | ||||
|         if ($token && $token->name == $this->element) return false; | ||||
|         return $this->def->validate($string, $config, $context); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,72 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a font family list according to CSS spec | ||||
|  * @todo whitelisting allowed fonts would be nice | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         static $generic_names = array( | ||||
|             'serif' => true, | ||||
|             'sans-serif' => true, | ||||
|             'monospace' => true, | ||||
|             'fantasy' => true, | ||||
|             'cursive' => true | ||||
|         ); | ||||
| 
 | ||||
|         // assume that no font names contain commas in them
 | ||||
|         $fonts = explode(',', $string); | ||||
|         $final = ''; | ||||
|         foreach($fonts as $font) { | ||||
|             $font = trim($font); | ||||
|             if ($font === '') continue; | ||||
|             // match a generic name
 | ||||
|             if (isset($generic_names[$font])) { | ||||
|                 $final .= $font . ', '; | ||||
|                 continue; | ||||
|             } | ||||
|             // match a quoted name
 | ||||
|             if ($font[0] === '"' || $font[0] === "'") { | ||||
|                 $length = strlen($font); | ||||
|                 if ($length <= 2) continue; | ||||
|                 $quote = $font[0]; | ||||
|                 if ($font[$length - 1] !== $quote) continue; | ||||
|                 $font = substr($font, 1, $length - 2); | ||||
|             } | ||||
| 
 | ||||
|             $font = $this->expandCSSEscape($font); | ||||
| 
 | ||||
|             // $font is a pure representation of the font name
 | ||||
| 
 | ||||
|             if (ctype_alnum($font) && $font !== '') { | ||||
|                 // very simple font, allow it in unharmed
 | ||||
|                 $final .= $font . ', '; | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             // bugger out on whitespace.  form feed (0C) really
 | ||||
|             // shouldn't show up regardless
 | ||||
|             $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font); | ||||
| 
 | ||||
|             // These ugly transforms don't pose a security
 | ||||
|             // risk (as \\ and \" might).  We could try to be clever and
 | ||||
|             // use single-quote wrapping when there is a double quote
 | ||||
|             // present, but I have choosen not to implement that.
 | ||||
|             // (warning: this code relies on the selection of quotation
 | ||||
|             // mark below)
 | ||||
|             $font = str_replace('\\', '\\5C ', $font); | ||||
|             $font = str_replace('"',  '\\22 ', $font); | ||||
| 
 | ||||
|             // complicated font, requires quoting
 | ||||
|             $final .= "\"$font\", "; // note that this will later get turned into "
 | ||||
|         } | ||||
|         $final = rtrim($final, ', '); | ||||
|         if ($final === '') return false; | ||||
|         return $final; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,47 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Represents a Length as defined by CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     protected $min, $max; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable. | ||||
|      * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable. | ||||
|      */ | ||||
|     public function __construct($min = null, $max = null) { | ||||
|         $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null; | ||||
|         $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         $string = $this->parseCDATA($string); | ||||
| 
 | ||||
|         // Optimizations
 | ||||
|         if ($string === '') return false; | ||||
|         if ($string === '0') return '0'; | ||||
|         if (strlen($string) === 1) return false; | ||||
| 
 | ||||
|         $length = HTMLPurifier_Length::make($string); | ||||
|         if (!$length->isValid()) return false; | ||||
| 
 | ||||
|         if ($this->min) { | ||||
|             $c = $length->compareTo($this->min); | ||||
|             if ($c === false) return false; | ||||
|             if ($c < 0) return false; | ||||
|         } | ||||
|         if ($this->max) { | ||||
|             $c = $length->compareTo($this->max); | ||||
|             if ($c === false) return false; | ||||
|             if ($c > 0) return false; | ||||
|         } | ||||
| 
 | ||||
|         return $length->toString(); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,78 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates shorthand CSS property list-style. | ||||
|  * @warning Does not support url tokens that have internal spaces. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Local copy of component validators. | ||||
|      * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. | ||||
|      */ | ||||
|     protected $info; | ||||
| 
 | ||||
|     public function __construct($config) { | ||||
|         $def = $config->getCSSDefinition(); | ||||
|         $this->info['list-style-type']     = $def->info['list-style-type']; | ||||
|         $this->info['list-style-position'] = $def->info['list-style-position']; | ||||
|         $this->info['list-style-image'] = $def->info['list-style-image']; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         // regular pre-processing
 | ||||
|         $string = $this->parseCDATA($string); | ||||
|         if ($string === '') return false; | ||||
| 
 | ||||
|         // assumes URI doesn't have spaces in it
 | ||||
|         $bits = explode(' ', strtolower($string)); // bits to process
 | ||||
| 
 | ||||
|         $caught = array(); | ||||
|         $caught['type']     = false; | ||||
|         $caught['position'] = false; | ||||
|         $caught['image']    = false; | ||||
| 
 | ||||
|         $i = 0; // number of catches
 | ||||
|         $none = false; | ||||
| 
 | ||||
|         foreach ($bits as $bit) { | ||||
|             if ($i >= 3) return; // optimization bit
 | ||||
|             if ($bit === '') continue; | ||||
|             foreach ($caught as $key => $status) { | ||||
|                 if ($status !== false) continue; | ||||
|                 $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); | ||||
|                 if ($r === false) continue; | ||||
|                 if ($r === 'none') { | ||||
|                     if ($none) continue; | ||||
|                     else $none = true; | ||||
|                     if ($key == 'image') continue; | ||||
|                 } | ||||
|                 $caught[$key] = $r; | ||||
|                 $i++; | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (!$i) return false; | ||||
| 
 | ||||
|         $ret = array(); | ||||
| 
 | ||||
|         // construct type
 | ||||
|         if ($caught['type']) $ret[] = $caught['type']; | ||||
| 
 | ||||
|         // construct image
 | ||||
|         if ($caught['image']) $ret[] = $caught['image']; | ||||
| 
 | ||||
|         // construct position
 | ||||
|         if ($caught['position']) $ret[] = $caught['position']; | ||||
| 
 | ||||
|         if (empty($ret)) return false; | ||||
|         return implode(' ', $ret); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,40 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a Percentage as defined by the CSS spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation | ||||
|      */ | ||||
|     protected $number_def; | ||||
| 
 | ||||
|     /** | ||||
|      * @param Bool indicating whether to forbid negative values | ||||
|      */ | ||||
|     public function __construct($non_negative = false) { | ||||
|         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         $string = $this->parseCDATA($string); | ||||
| 
 | ||||
|         if ($string === '') return false; | ||||
|         $length = strlen($string); | ||||
|         if ($length === 1) return false; | ||||
|         if ($string[$length - 1] !== '%') return false; | ||||
| 
 | ||||
|         $number = substr($string, 0, $length - 1); | ||||
|         $number = $this->number_def->validate($number, $config, $context); | ||||
| 
 | ||||
|         if ($number === false) return false; | ||||
|         return "$number%"; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,28 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a boolean attribute | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     protected $name; | ||||
|     public $minimized = true; | ||||
| 
 | ||||
|     public function __construct($name = false) {$this->name = $name;} | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         if (empty($string)) return false; | ||||
|         return $this->name; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param $string Name of attribute | ||||
|      */ | ||||
|     public function make($string) { | ||||
|         return new HTMLPurifier_AttrDef_HTML_Bool($string); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,32 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a color according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         static $colors = null; | ||||
|         if ($colors === null) $colors = $config->get('Core.ColorKeywords'); | ||||
| 
 | ||||
|         $string = trim($string); | ||||
| 
 | ||||
|         if (empty($string)) return false; | ||||
|         if (isset($colors[$string])) return $colors[$string]; | ||||
|         if ($string[0] === '#') $hex = substr($string, 1); | ||||
|         else $hex = $string; | ||||
| 
 | ||||
|         $length = strlen($hex); | ||||
|         if ($length !== 3 && $length !== 6) return false; | ||||
|         if (!ctype_xdigit($hex)) return false; | ||||
|         if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; | ||||
| 
 | ||||
|         return "#$hex"; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,21 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Special-case enum attribute definition that lazy loads allowed frame targets | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum | ||||
| { | ||||
| 
 | ||||
|     public $valid_values = false; // uninitialized value
 | ||||
|     protected $case_sensitive = false; | ||||
| 
 | ||||
|     public function __construct() {} | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); | ||||
|         return parent::validate($string, $config, $context); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,70 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates the HTML attribute ID. | ||||
|  * @warning Even though this is the id processor, it | ||||
|  *          will ignore the directive Attr:IDBlacklist, since it will only | ||||
|  *          go according to the ID accumulator. Since the accumulator is | ||||
|  *          automatically generated, it will have already absorbed the | ||||
|  *          blacklist. If you're hacking around, make sure you use load()! | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     // ref functionality disabled, since we also have to verify
 | ||||
|     // whether or not the ID it refers to exists
 | ||||
| 
 | ||||
|     public function validate($id, $config, $context) { | ||||
| 
 | ||||
|         if (!$config->get('Attr.EnableID')) return false; | ||||
| 
 | ||||
|         $id = trim($id); // trim it first
 | ||||
| 
 | ||||
|         if ($id === '') return false; | ||||
| 
 | ||||
|         $prefix = $config->get('Attr.IDPrefix'); | ||||
|         if ($prefix !== '') { | ||||
|             $prefix .= $config->get('Attr.IDPrefixLocal'); | ||||
|             // prevent re-appending the prefix
 | ||||
|             if (strpos($id, $prefix) !== 0) $id = $prefix . $id; | ||||
|         } elseif ($config->get('Attr.IDPrefixLocal') !== '') { | ||||
|             trigger_error('%Attr.IDPrefixLocal cannot be used unless '. | ||||
|                 '%Attr.IDPrefix is set', E_USER_WARNING); | ||||
|         } | ||||
| 
 | ||||
|         //if (!$this->ref) {
 | ||||
|             $id_accumulator =& $context->get('IDAccumulator'); | ||||
|             if (isset($id_accumulator->ids[$id])) return false; | ||||
|         //}
 | ||||
| 
 | ||||
|         // we purposely avoid using regex, hopefully this is faster
 | ||||
| 
 | ||||
|         if (ctype_alpha($id)) { | ||||
|             $result = true; | ||||
|         } else { | ||||
|             if (!ctype_alpha(@$id[0])) return false; | ||||
|             $trim = trim( // primitive style of regexps, I suppose
 | ||||
|                 $id, | ||||
|                 'A..Za..z0..9:-._' | ||||
|               ); | ||||
|             $result = ($trim === ''); | ||||
|         } | ||||
| 
 | ||||
|         $regexp = $config->get('Attr.IDBlacklistRegexp'); | ||||
|         if ($regexp && preg_match($regexp, $id)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         if (/*!$this->ref && */$result) $id_accumulator->add($id); | ||||
| 
 | ||||
|         // if no change was made to the ID, return the result
 | ||||
|         // else, return the new id if stripping whitespace made it
 | ||||
|         //     valid, or return false.
 | ||||
|         return $result ? $id : false; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,41 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates the HTML type length (not to be confused with CSS's length). | ||||
|  * | ||||
|  * This accepts integer pixels or percentages as lengths for certain | ||||
|  * HTML attributes. | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         $string = trim($string); | ||||
|         if ($string === '') return false; | ||||
| 
 | ||||
|         $parent_result = parent::validate($string, $config, $context); | ||||
|         if ($parent_result !== false) return $parent_result; | ||||
| 
 | ||||
|         $length = strlen($string); | ||||
|         $last_char = $string[$length - 1]; | ||||
| 
 | ||||
|         if ($last_char !== '%') return false; | ||||
| 
 | ||||
|         $points = substr($string, 0, $length - 1); | ||||
| 
 | ||||
|         if (!is_numeric($points)) return false; | ||||
| 
 | ||||
|         $points = (int) $points; | ||||
| 
 | ||||
|         if ($points < 0) return '0%'; | ||||
|         if ($points > 100) return '100%'; | ||||
| 
 | ||||
|         return ((string) $points) . '%'; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,41 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a MultiLength as defined by the HTML spec. | ||||
|  * | ||||
|  * A multilength is either a integer (pixel count), a percentage, or | ||||
|  * a relative number. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         $string = trim($string); | ||||
|         if ($string === '') return false; | ||||
| 
 | ||||
|         $parent_result = parent::validate($string, $config, $context); | ||||
|         if ($parent_result !== false) return $parent_result; | ||||
| 
 | ||||
|         $length = strlen($string); | ||||
|         $last_char = $string[$length - 1]; | ||||
| 
 | ||||
|         if ($last_char !== '*') return false; | ||||
| 
 | ||||
|         $int = substr($string, 0, $length - 1); | ||||
| 
 | ||||
|         if ($int == '') return '*'; | ||||
|         if (!is_numeric($int)) return false; | ||||
| 
 | ||||
|         $int = (int) $int; | ||||
| 
 | ||||
|         if ($int < 0) return false; | ||||
|         if ($int == 0) return '0'; | ||||
|         if ($int == 1) return '*'; | ||||
|         return ((string) $int) . '*'; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,48 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates an integer representation of pixels according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     protected $max; | ||||
| 
 | ||||
|     public function __construct($max = null) { | ||||
|         $this->max = $max; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|         $string = trim($string); | ||||
|         if ($string === '0') return $string; | ||||
|         if ($string === '')  return false; | ||||
|         $length = strlen($string); | ||||
|         if (substr($string, $length - 2) == 'px') { | ||||
|             $string = substr($string, 0, $length - 2); | ||||
|         } | ||||
|         if (!is_numeric($string)) return false; | ||||
|         $int = (int) $string; | ||||
| 
 | ||||
|         if ($int < 0) return '0'; | ||||
| 
 | ||||
|         // upper-bound value, extremely high values can
 | ||||
|         // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
 | ||||
|         // WARNING, above link WILL crash you if you're using Windows
 | ||||
| 
 | ||||
|         if ($this->max !== null && $int > $this->max) return (string) $this->max; | ||||
| 
 | ||||
|         return (string) $int; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     public function make($string) { | ||||
|         if ($string === '') $max = null; | ||||
|         else $max = (int) $string; | ||||
|         $class = get_class($this); | ||||
|         return new $class($max); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,15 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates arbitrary text according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         return $this->parseCDATA($string); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,62 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a host according to the IPv4, IPv6 and DNS (future) specifications. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator | ||||
|      */ | ||||
|     protected $ipv4; | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator | ||||
|      */ | ||||
|     protected $ipv6; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); | ||||
|         $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         $length = strlen($string); | ||||
|         if ($string === '') return ''; | ||||
|         if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { | ||||
|             //IPv6
 | ||||
|             $ip = substr($string, 1, $length - 2); | ||||
|             $valid = $this->ipv6->validate($ip, $config, $context); | ||||
|             if ($valid === false) return false; | ||||
|             return '['. $valid . ']'; | ||||
|         } | ||||
| 
 | ||||
|         // need to do checks on unusual encodings too
 | ||||
|         $ipv4 = $this->ipv4->validate($string, $config, $context); | ||||
|         if ($ipv4 !== false) return $ipv4; | ||||
| 
 | ||||
|         // A regular domain name.
 | ||||
| 
 | ||||
|         // This breaks I18N domain names, but we don't have proper IRI support,
 | ||||
|         // so force users to insert Punycode. If there's complaining we'll
 | ||||
|         // try to fix things into an international friendly form.
 | ||||
| 
 | ||||
|         // The productions describing this are:
 | ||||
|         $a   = '[a-z]';     // alpha
 | ||||
|         $an  = '[a-z0-9]';  // alphanum
 | ||||
|         $and = '[a-z0-9-]'; // alphanum | "-"
 | ||||
|         // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
 | ||||
|         $domainlabel   = "$an($and*$an)?"; | ||||
|         // toplabel    = alpha | alpha *( alphanum | "-" ) alphanum
 | ||||
|         $toplabel      = "$a($and*$an)?"; | ||||
|         // hostname    = *( domainlabel "." ) toplabel [ "." ]
 | ||||
|         $match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string); | ||||
|         if (!$match) return false; | ||||
| 
 | ||||
|         return $string; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,99 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates an IPv6 address. | ||||
|  * @author Feyd @ forums.devnetwork.net (public domain) | ||||
|  * @note This function requires brackets to have been removed from address | ||||
|  *       in URI. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4 | ||||
| { | ||||
| 
 | ||||
|     public function validate($aIP, $config, $context) { | ||||
| 
 | ||||
|         if (!$this->ip4) $this->_loadRegex(); | ||||
| 
 | ||||
|         $original = $aIP; | ||||
| 
 | ||||
|         $hex = '[0-9a-fA-F]'; | ||||
|         $blk = '(?:' . $hex . '{1,4})'; | ||||
|         $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))';   // /0 - /128
 | ||||
| 
 | ||||
|         //      prefix check
 | ||||
|         if (strpos($aIP, '/') !== false) | ||||
|         { | ||||
|                 if (preg_match('#' . $pre . '$#s', $aIP, $find)) | ||||
|                 { | ||||
|                         $aIP = substr($aIP, 0, 0-strlen($find[0])); | ||||
|                         unset($find); | ||||
|                 } | ||||
|                 else | ||||
|                 { | ||||
|                         return false; | ||||
|                 } | ||||
|         } | ||||
| 
 | ||||
|         //      IPv4-compatiblity check
 | ||||
|         if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find)) | ||||
|         { | ||||
|                 $aIP = substr($aIP, 0, 0-strlen($find[0])); | ||||
|                 $ip = explode('.', $find[0]); | ||||
|                 $ip = array_map('dechex', $ip); | ||||
|                 $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; | ||||
|                 unset($find, $ip); | ||||
|         } | ||||
| 
 | ||||
|         //      compression check
 | ||||
|         $aIP = explode('::', $aIP); | ||||
|         $c = count($aIP); | ||||
|         if ($c > 2) | ||||
|         { | ||||
|                 return false; | ||||
|         } | ||||
|         elseif ($c == 2) | ||||
|         { | ||||
|                 list($first, $second) = $aIP; | ||||
|                 $first = explode(':', $first); | ||||
|                 $second = explode(':', $second); | ||||
| 
 | ||||
|                 if (count($first) + count($second) > 8) | ||||
|                 { | ||||
|                         return false; | ||||
|                 } | ||||
| 
 | ||||
|                 while(count($first) < 8) | ||||
|                 { | ||||
|                         array_push($first, '0'); | ||||
|                 } | ||||
| 
 | ||||
|                 array_splice($first, 8 - count($second), 8, $second); | ||||
|                 $aIP = $first; | ||||
|                 unset($first,$second); | ||||
|         } | ||||
|         else | ||||
|         { | ||||
|                 $aIP = explode(':', $aIP[0]); | ||||
|         } | ||||
|         $c = count($aIP); | ||||
| 
 | ||||
|         if ($c != 8) | ||||
|         { | ||||
|                 return false; | ||||
|         } | ||||
| 
 | ||||
|         //      All the pieces should be 16-bit hex strings. Are they?
 | ||||
|         foreach ($aIP as $piece) | ||||
|         { | ||||
|                 if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) | ||||
|                 { | ||||
|                         return false; | ||||
|                 } | ||||
|         } | ||||
| 
 | ||||
|         return $original; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,36 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Pre-transform that changes converts a boolean attribute to fixed CSS | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
|     /** | ||||
|      * Name of boolean attribute that is trigger | ||||
|      */ | ||||
|     protected $attr; | ||||
| 
 | ||||
|     /** | ||||
|      * CSS declarations to add to style, needs trailing semicolon | ||||
|      */ | ||||
|     protected $css; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $attr string attribute name to convert from | ||||
|      * @param $css string CSS declarations to add to style (needs semicolon) | ||||
|      */ | ||||
|     public function __construct($attr, $css) { | ||||
|         $this->attr = $attr; | ||||
|         $this->css  = $css; | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (!isset($attr[$this->attr])) return $attr; | ||||
|         unset($attr[$this->attr]); | ||||
|         $this->prependCSS($attr, $this->css); | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,58 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Generic pre-transform that converts an attribute with a fixed number of | ||||
|  * values (enumerated) to CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
|     /** | ||||
|      * Name of attribute to transform from | ||||
|      */ | ||||
|     protected $attr; | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup array of attribute values to CSS | ||||
|      */ | ||||
|     protected $enumToCSS = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Case sensitivity of the matching | ||||
|      * @warning Currently can only be guaranteed to work with ASCII | ||||
|      *          values. | ||||
|      */ | ||||
|     protected $caseSensitive = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $attr String attribute name to transform from | ||||
|      * @param $enumToCSS Lookup array of attribute values to CSS | ||||
|      * @param $case_sensitive Boolean case sensitivity indicator, default false | ||||
|      */ | ||||
|     public function __construct($attr, $enum_to_css, $case_sensitive = false) { | ||||
|         $this->attr = $attr; | ||||
|         $this->enumToCSS = $enum_to_css; | ||||
|         $this->caseSensitive = (bool) $case_sensitive; | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|         if (!isset($attr[$this->attr])) return $attr; | ||||
| 
 | ||||
|         $value = trim($attr[$this->attr]); | ||||
|         unset($attr[$this->attr]); | ||||
| 
 | ||||
|         if (!$this->caseSensitive) $value = strtolower($value); | ||||
| 
 | ||||
|         if (!isset($this->enumToCSS[$value])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $this->prependCSS($attr, $this->enumToCSS[$value]); | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,27 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Class for handling width/height length attribute transformations to CSS | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     protected $name; | ||||
|     protected $cssName; | ||||
| 
 | ||||
|     public function __construct($name, $css_name = null) { | ||||
|         $this->name = $name; | ||||
|         $this->cssName = $css_name ? $css_name : $name; | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (!isset($attr[$this->name])) return $attr; | ||||
|         $length = $this->confiscateAttr($attr, $this->name); | ||||
|         if(ctype_digit($length)) $length .= 'px'; | ||||
|         $this->prependCSS($attr, $this->cssName . ":$length;"); | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,21 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Pre-transform that changes deprecated name attribute to ID if necessary | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         // Abort early if we're using relaxed definition of name
 | ||||
|         if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr; | ||||
|         if (!isset($attr['name'])) return $attr; | ||||
|         $id = $this->confiscateAttr($attr, 'name'); | ||||
|         if ( isset($attr['id']))   return $attr; | ||||
|         $attr['id'] = $id; | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,27 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Post-transform that performs validation to the name attribute; if | ||||
|  * it is present with an equivalent id attribute, it is passed through; | ||||
|  * otherwise validation is performed. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         $this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (!isset($attr['name'])) return $attr; | ||||
|         $name = $attr['name']; | ||||
|         if (isset($attr['id']) && $attr['id'] === $name) return $attr; | ||||
|         $result = $this->idDef->validate($name, $config, $context); | ||||
|         if ($result === false) unset($attr['name']); | ||||
|         else $attr['name'] = $result; | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,16 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Writes default type for all objects. Currently only supports flash. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     public $name = "SafeObject"; | ||||
| 
 | ||||
|     function transform($attr, $config, $context) { | ||||
|         if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,18 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Sets height/width defaults for <textarea> | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         // Calculated from Firefox
 | ||||
|         if (!isset($attr['cols'])) $attr['cols'] = '22'; | ||||
|         if (!isset($attr['rows'])) $attr['rows'] = '3'; | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,98 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| // constants are slow, so we use as few as possible
 | ||||
| if (!defined('HTMLPURIFIER_PREFIX')) { | ||||
|     define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..')); | ||||
| } | ||||
| 
 | ||||
| // accomodations for versions earlier than 5.0.2
 | ||||
| // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
 | ||||
| if (!defined('PHP_EOL')) { | ||||
|     switch (strtoupper(substr(PHP_OS, 0, 3))) { | ||||
|         case 'WIN': | ||||
|             define('PHP_EOL', "\r\n"); | ||||
|             break; | ||||
|         case 'DAR': | ||||
|             define('PHP_EOL', "\r"); | ||||
|             break; | ||||
|         default: | ||||
|             define('PHP_EOL', "\n"); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| /** | ||||
|  * Bootstrap class that contains meta-functionality for HTML Purifier such as | ||||
|  * the autoload function. | ||||
|  * | ||||
|  * @note | ||||
|  *      This class may be used without any other files from HTML Purifier. | ||||
|  */ | ||||
| class HTMLPurifier_Bootstrap | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Autoload function for HTML Purifier | ||||
|      * @param $class Class to load | ||||
|      */ | ||||
|     public static function autoload($class) { | ||||
|         $file = HTMLPurifier_Bootstrap::getPath($class); | ||||
|         if (!$file) return false; | ||||
|         require HTMLPURIFIER_PREFIX . '/' . $file; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns the path for a specific class. | ||||
|      */ | ||||
|     public static function getPath($class) { | ||||
|         if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; | ||||
|         // Custom implementations
 | ||||
|         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { | ||||
|             $code = str_replace('_', '-', substr($class, 22)); | ||||
|             $file = 'HTMLPurifier/Language/classes/' . $code . '.php'; | ||||
|         } else { | ||||
|             $file = str_replace('_', '/', $class) . '.php'; | ||||
|         } | ||||
|         if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; | ||||
|         return $file; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * "Pre-registers" our autoloader on the SPL stack. | ||||
|      */ | ||||
|     public static function registerAutoload() { | ||||
|         $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); | ||||
|         if ( ($funcs = spl_autoload_functions()) === false ) { | ||||
|             spl_autoload_register($autoload); | ||||
|         } elseif (function_exists('spl_autoload_unregister')) { | ||||
|             $compat = version_compare(PHP_VERSION, '5.1.2', '<=') && | ||||
|                       version_compare(PHP_VERSION, '5.1.0', '>='); | ||||
|             foreach ($funcs as $func) { | ||||
|                 if (is_array($func)) { | ||||
|                     // :TRICKY: There are some compatibility issues and some
 | ||||
|                     // places where we need to error out
 | ||||
|                     $reflector = new ReflectionMethod($func[0], $func[1]); | ||||
|                     if (!$reflector->isStatic()) { | ||||
|                         throw new Exception(' | ||||
|                             HTML Purifier autoloader registrar is not compatible | ||||
|                             with non-static object methods due to PHP Bug #44144;
 | ||||
|                             Please do not use HTMLPurifier.autoload.php (or any | ||||
|                             file that includes this file); instead, place the code: | ||||
|                             spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\')) | ||||
|                             after your own autoloaders. | ||||
|                         '); | ||||
|                     } | ||||
|                     // Suprisingly, spl_autoload_register supports the
 | ||||
|                     // Class::staticMethod callback format, although call_user_func doesn't
 | ||||
|                     if ($compat) $func = implode('::', $func); | ||||
|                 } | ||||
|                 spl_autoload_unregister($func); | ||||
|             } | ||||
|             spl_autoload_register($autoload); | ||||
|             foreach ($funcs as $func) spl_autoload_register($func); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,292 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Defines allowed CSS attributes and what their values are. | ||||
|  * @see HTMLPurifier_HTMLDefinition | ||||
|  */ | ||||
| class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition | ||||
| { | ||||
| 
 | ||||
|     public $type = 'CSS'; | ||||
| 
 | ||||
|     /** | ||||
|      * Assoc array of attribute name to definition object. | ||||
|      */ | ||||
|     public $info = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Constructs the info array.  The meat of this class. | ||||
|      */ | ||||
|     protected function doSetup($config) { | ||||
| 
 | ||||
|         $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('left', 'right', 'center', 'justify'), false); | ||||
| 
 | ||||
|         $border_style = | ||||
|         $this->info['border-bottom-style'] = | ||||
|         $this->info['border-right-style'] = | ||||
|         $this->info['border-left-style'] = | ||||
|         $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum( | ||||
|             array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double', | ||||
|             'groove', 'ridge', 'inset', 'outset'), false); | ||||
| 
 | ||||
|         $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style); | ||||
| 
 | ||||
|         $this->info['clear'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('none', 'left', 'right', 'both'), false); | ||||
|         $this->info['float'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('none', 'left', 'right'), false); | ||||
|         $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('normal', 'italic', 'oblique'), false); | ||||
|         $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('normal', 'small-caps'), false); | ||||
| 
 | ||||
|         $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('none')), | ||||
|                 new HTMLPurifier_AttrDef_CSS_URI() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('inside', 'outside'), false); | ||||
|         $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('disc', 'circle', 'square', 'decimal', 'lower-roman', | ||||
|             'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false); | ||||
|         $this->info['list-style-image'] = $uri_or_none; | ||||
| 
 | ||||
|         $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config); | ||||
| 
 | ||||
|         $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('capitalize', 'uppercase', 'lowercase', 'none'), false); | ||||
|         $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
| 
 | ||||
|         $this->info['background-image'] = $uri_or_none; | ||||
|         $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('repeat', 'repeat-x', 'repeat-y', 'no-repeat') | ||||
|         ); | ||||
|         $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('scroll', 'fixed') | ||||
|         ); | ||||
|         $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); | ||||
| 
 | ||||
|         $border_color = | ||||
|         $this->info['border-top-color'] = | ||||
|         $this->info['border-bottom-color'] = | ||||
|         $this->info['border-left-color'] = | ||||
|         $this->info['border-right-color'] = | ||||
|         $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('transparent')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Color() | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config); | ||||
| 
 | ||||
|         $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color); | ||||
| 
 | ||||
|         $border_width = | ||||
|         $this->info['border-top-width'] = | ||||
|         $this->info['border-bottom-width'] = | ||||
|         $this->info['border-left-width'] = | ||||
|         $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
 | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width); | ||||
| 
 | ||||
|         $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Length() | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Length() | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small', | ||||
|                 'small', 'medium', 'large', 'x-large', 'xx-large', | ||||
|                 'larger', 'smaller')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage(), | ||||
|             new HTMLPurifier_AttrDef_CSS_Length() | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
 | ||||
|             new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage(true) | ||||
|         )); | ||||
| 
 | ||||
|         $margin = | ||||
|         $this->info['margin-top'] = | ||||
|         $this->info['margin-bottom'] = | ||||
|         $this->info['margin-left'] = | ||||
|         $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage(), | ||||
|             new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin); | ||||
| 
 | ||||
|         // non-negative
 | ||||
|         $padding = | ||||
|         $this->info['padding-top'] = | ||||
|         $this->info['padding-bottom'] = | ||||
|         $this->info['padding-left'] = | ||||
|         $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage(true) | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding); | ||||
| 
 | ||||
|         $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage() | ||||
|         )); | ||||
| 
 | ||||
|         $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage(true), | ||||
|             new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|         )); | ||||
|         $max = $config->get('CSS.MaxImgLength'); | ||||
| 
 | ||||
|         $this->info['width'] = | ||||
|         $this->info['height'] = | ||||
|             $max === null ? | ||||
|             $trusted_wh : | ||||
|             new HTMLPurifier_AttrDef_Switch('img', | ||||
|                 // For img tags:
 | ||||
|                 new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|                     new HTMLPurifier_AttrDef_CSS_Length('0', $max), | ||||
|                     new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|                 )), | ||||
|                 // For everyone else:
 | ||||
|                 $trusted_wh | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); | ||||
| 
 | ||||
|         $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily(); | ||||
| 
 | ||||
|         // this could use specialized code
 | ||||
|         $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300', | ||||
|             '400', '500', '600', '700', '800', '900'), false); | ||||
| 
 | ||||
|         // MUST be called after other font properties, as it references
 | ||||
|         // a CSSDefinition object
 | ||||
|         $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config); | ||||
| 
 | ||||
|         // same here
 | ||||
|         $this->info['border'] = | ||||
|         $this->info['border-bottom'] = | ||||
|         $this->info['border-top'] = | ||||
|         $this->info['border-left'] = | ||||
|         $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config); | ||||
| 
 | ||||
|         $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array( | ||||
|             'collapse', 'separate')); | ||||
| 
 | ||||
|         $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array( | ||||
|             'top', 'bottom')); | ||||
| 
 | ||||
|         $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array( | ||||
|             'auto', 'fixed')); | ||||
| 
 | ||||
|         $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array( | ||||
|             new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super', | ||||
|                 'top', 'text-top', 'middle', 'bottom', 'text-bottom')), | ||||
|             new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|             new HTMLPurifier_AttrDef_CSS_Percentage() | ||||
|         )); | ||||
| 
 | ||||
|         $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2); | ||||
| 
 | ||||
|         // partial support
 | ||||
|         $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap')); | ||||
| 
 | ||||
|         if ($config->get('CSS.Proprietary')) { | ||||
|             $this->doSetupProprietary($config); | ||||
|         } | ||||
| 
 | ||||
|         if ($config->get('CSS.AllowTricky')) { | ||||
|             $this->doSetupTricky($config); | ||||
|         } | ||||
| 
 | ||||
|         $allow_important = $config->get('CSS.AllowImportant'); | ||||
|         // wrap all attr-defs with decorator that handles !important
 | ||||
|         foreach ($this->info as $k => $v) { | ||||
|             $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important); | ||||
|         } | ||||
| 
 | ||||
|         $this->setupConfigStuff($config); | ||||
|     } | ||||
| 
 | ||||
|     protected function doSetupProprietary($config) { | ||||
|         // Internet Explorer only scrollbar colors
 | ||||
|         $this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
| 
 | ||||
|         // technically not proprietary, but CSS3, and no one supports it
 | ||||
|         $this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
|         $this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
|         $this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
| 
 | ||||
|         // only opacity, for now
 | ||||
|         $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter(); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     protected function doSetupTricky($config) { | ||||
|         $this->info['display'] = new HTMLPurifier_AttrDef_Enum(array( | ||||
|             'inline', 'block', 'list-item', 'run-in', 'compact', | ||||
|             'marker', 'table', 'inline-table', 'table-row-group', | ||||
|             'table-header-group', 'table-footer-group', 'table-row', | ||||
|             'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none' | ||||
|         )); | ||||
|         $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array( | ||||
|             'visible', 'hidden', 'collapse' | ||||
|         )); | ||||
|         $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll')); | ||||
|     } | ||||
| 
 | ||||
| 
 | ||||
|     /** | ||||
|      * Performs extra config-based processing. Based off of | ||||
|      * HTMLPurifier_HTMLDefinition. | ||||
|      * @todo Refactor duplicate elements into common class (probably using | ||||
|      *       composition, not inheritance). | ||||
|      */ | ||||
|     protected function setupConfigStuff($config) { | ||||
| 
 | ||||
|         // setup allowed elements
 | ||||
|         $support = "(for information on implementing this, see the ". | ||||
|                    "support forums) "; | ||||
|         $allowed_attributes = $config->get('CSS.AllowedProperties'); | ||||
|         if ($allowed_attributes !== null) { | ||||
|             foreach ($this->info as $name => $d) { | ||||
|                 if(!isset($allowed_attributes[$name])) unset($this->info[$name]); | ||||
|                 unset($allowed_attributes[$name]); | ||||
|             } | ||||
|             // emit errors
 | ||||
|             foreach ($allowed_attributes as $name => $d) { | ||||
|                 // :TODO: Is this htmlspecialchars() call really necessary?
 | ||||
|                 $name = htmlspecialchars($name); | ||||
|                 trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,26 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition that allows a set of elements, and allows no children. | ||||
|  * @note This is a hack to reuse code from HTMLPurifier_ChildDef_Required, | ||||
|  *       really, one shouldn't inherit from the other.  Only altered behavior | ||||
|  *       is to overload a returned false with an array.  Thus, it will never | ||||
|  *       return false. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required | ||||
| { | ||||
|     public $allow_empty = true; | ||||
|     public $type = 'optional'; | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
|         $result = parent::validateChildren($tokens_of_children, $config, $context); | ||||
|         // we assume that $tokens_of_children is not modified
 | ||||
|         if ($result === false) { | ||||
|             if (empty($tokens_of_children)) return true; | ||||
|             elseif ($this->whitespace) return $tokens_of_children; | ||||
|             else return array(); | ||||
|         } | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,117 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition that allows a set of elements, but disallows empty children. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * Lookup table of allowed elements. | ||||
|      * @public | ||||
|      */ | ||||
|     public $elements = array(); | ||||
|     /** | ||||
|      * Whether or not the last passed node was all whitespace. | ||||
|      */ | ||||
|     protected $whitespace = false; | ||||
|     /** | ||||
|      * @param $elements List of allowed element names (lowercase). | ||||
|      */ | ||||
|     public function __construct($elements) { | ||||
|         if (is_string($elements)) { | ||||
|             $elements = str_replace(' ', '', $elements); | ||||
|             $elements = explode('|', $elements); | ||||
|         } | ||||
|         $keys = array_keys($elements); | ||||
|         if ($keys == array_keys($keys)) { | ||||
|             $elements = array_flip($elements); | ||||
|             foreach ($elements as $i => $x) { | ||||
|                 $elements[$i] = true; | ||||
|                 if (empty($i)) unset($elements[$i]); // remove blank
 | ||||
|             } | ||||
|         } | ||||
|         $this->elements = $elements; | ||||
|     } | ||||
|     public $allow_empty = false; | ||||
|     public $type = 'required'; | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
|         // Flag for subclasses
 | ||||
|         $this->whitespace = false; | ||||
| 
 | ||||
|         // if there are no tokens, delete parent node
 | ||||
|         if (empty($tokens_of_children)) return false; | ||||
| 
 | ||||
|         // the new set of children
 | ||||
|         $result = array(); | ||||
| 
 | ||||
|         // current depth into the nest
 | ||||
|         $nesting = 0; | ||||
| 
 | ||||
|         // whether or not we're deleting a node
 | ||||
|         $is_deleting = false; | ||||
| 
 | ||||
|         // whether or not parsed character data is allowed
 | ||||
|         // this controls whether or not we silently drop a tag
 | ||||
|         // or generate escaped HTML from it
 | ||||
|         $pcdata_allowed = isset($this->elements['#PCDATA']); | ||||
| 
 | ||||
|         // a little sanity check to make sure it's not ALL whitespace
 | ||||
|         $all_whitespace = true; | ||||
| 
 | ||||
|         // some configuration
 | ||||
|         $escape_invalid_children = $config->get('Core.EscapeInvalidChildren'); | ||||
| 
 | ||||
|         // generator
 | ||||
|         $gen = new HTMLPurifier_Generator($config, $context); | ||||
| 
 | ||||
|         foreach ($tokens_of_children as $token) { | ||||
|             if (!empty($token->is_whitespace)) { | ||||
|                 $result[] = $token; | ||||
|                 continue; | ||||
|             } | ||||
|             $all_whitespace = false; // phew, we're not talking about whitespace
 | ||||
| 
 | ||||
|             $is_child = ($nesting == 0); | ||||
| 
 | ||||
|             if ($token instanceof HTMLPurifier_Token_Start) { | ||||
|                 $nesting++; | ||||
|             } elseif ($token instanceof HTMLPurifier_Token_End) { | ||||
|                 $nesting--; | ||||
|             } | ||||
| 
 | ||||
|             if ($is_child) { | ||||
|                 $is_deleting = false; | ||||
|                 if (!isset($this->elements[$token->name])) { | ||||
|                     $is_deleting = true; | ||||
|                     if ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text) { | ||||
|                         $result[] = $token; | ||||
|                     } elseif ($pcdata_allowed && $escape_invalid_children) { | ||||
|                         $result[] = new HTMLPurifier_Token_Text( | ||||
|                             $gen->generateFromToken($token) | ||||
|                         ); | ||||
|                     } | ||||
|                     continue; | ||||
|                 } | ||||
|             } | ||||
|             if (!$is_deleting || ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text)) { | ||||
|                 $result[] = $token; | ||||
|             } elseif ($pcdata_allowed && $escape_invalid_children) { | ||||
|                 $result[] = | ||||
|                     new HTMLPurifier_Token_Text( | ||||
|                         $gen->generateFromToken($token) | ||||
|                     ); | ||||
|             } else { | ||||
|                 // drop silently
 | ||||
|             } | ||||
|         } | ||||
|         if (empty($result)) return false; | ||||
|         if ($all_whitespace) { | ||||
|             $this->whitespace = true; | ||||
|             return false; | ||||
|         } | ||||
|         if ($tokens_of_children == $result) return true; | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,88 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Takes the contents of blockquote when in strict and reformats for validation. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Required | ||||
| { | ||||
|     protected $real_elements; | ||||
|     protected $fake_elements; | ||||
|     public $allow_empty = true; | ||||
|     public $type = 'strictblockquote'; | ||||
|     protected $init = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @note We don't want MakeWellFormed to auto-close inline elements since | ||||
|      *       they might be allowed. | ||||
|      */ | ||||
|     public function getAllowedElements($config) { | ||||
|         $this->init($config); | ||||
|         return $this->fake_elements; | ||||
|     } | ||||
| 
 | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
| 
 | ||||
|         $this->init($config); | ||||
| 
 | ||||
|         // trick the parent class into thinking it allows more
 | ||||
|         $this->elements = $this->fake_elements; | ||||
|         $result = parent::validateChildren($tokens_of_children, $config, $context); | ||||
|         $this->elements = $this->real_elements; | ||||
| 
 | ||||
|         if ($result === false) return array(); | ||||
|         if ($result === true) $result = $tokens_of_children; | ||||
| 
 | ||||
|         $def = $config->getHTMLDefinition(); | ||||
|         $block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper); | ||||
|         $block_wrap_end   = new HTMLPurifier_Token_End(  $def->info_block_wrapper); | ||||
|         $is_inline = false; | ||||
|         $depth = 0; | ||||
|         $ret = array(); | ||||
| 
 | ||||
|         // assuming that there are no comment tokens
 | ||||
|         foreach ($result as $i => $token) { | ||||
|             $token = $result[$i]; | ||||
|             // ifs are nested for readability
 | ||||
|             if (!$is_inline) { | ||||
|                 if (!$depth) { | ||||
|                      if ( | ||||
|                         ($token instanceof HTMLPurifier_Token_Text && !$token->is_whitespace) || | ||||
|                         (!$token instanceof HTMLPurifier_Token_Text && !isset($this->elements[$token->name])) | ||||
|                      ) { | ||||
|                         $is_inline = true; | ||||
|                         $ret[] = $block_wrap_start; | ||||
|                      } | ||||
|                 } | ||||
|             } else { | ||||
|                 if (!$depth) { | ||||
|                     // starting tokens have been inline text / empty
 | ||||
|                     if ($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) { | ||||
|                         if (isset($this->elements[$token->name])) { | ||||
|                             // ended
 | ||||
|                             $ret[] = $block_wrap_end; | ||||
|                             $is_inline = false; | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|             $ret[] = $token; | ||||
|             if ($token instanceof HTMLPurifier_Token_Start) $depth++; | ||||
|             if ($token instanceof HTMLPurifier_Token_End)   $depth--; | ||||
|         } | ||||
|         if ($is_inline) $ret[] = $block_wrap_end; | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     private function init($config) { | ||||
|         if (!$this->init) { | ||||
|             $def = $config->getHTMLDefinition(); | ||||
|             // allow all inline elements
 | ||||
|             $this->real_elements = $this->elements; | ||||
|             $this->fake_elements = $def->info_content_sets['Flow']; | ||||
|             $this->fake_elements['#PCDATA'] = true; | ||||
|             $this->init = true; | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,142 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition for tables | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     public $allow_empty = false; | ||||
|     public $type = 'table'; | ||||
|     public $elements = array('tr' => true, 'tbody' => true, 'thead' => true, | ||||
|         'tfoot' => true, 'caption' => true, 'colgroup' => true, 'col' => true); | ||||
|     public function __construct() {} | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
|         if (empty($tokens_of_children)) return false; | ||||
| 
 | ||||
|         // this ensures that the loop gets run one last time before closing
 | ||||
|         // up. It's a little bit of a hack, but it works! Just make sure you
 | ||||
|         // get rid of the token later.
 | ||||
|         $tokens_of_children[] = false; | ||||
| 
 | ||||
|         // only one of these elements is allowed in a table
 | ||||
|         $caption = false; | ||||
|         $thead   = false; | ||||
|         $tfoot   = false; | ||||
| 
 | ||||
|         // as many of these as you want
 | ||||
|         $cols    = array(); | ||||
|         $content = array(); | ||||
| 
 | ||||
|         $nesting = 0; // current depth so we can determine nodes
 | ||||
|         $is_collecting = false; // are we globbing together tokens to package
 | ||||
|                                 // into one of the collectors?
 | ||||
|         $collection = array(); // collected nodes
 | ||||
|         $tag_index = 0; // the first node might be whitespace,
 | ||||
|                             // so this tells us where the start tag is
 | ||||
| 
 | ||||
|         foreach ($tokens_of_children as $token) { | ||||
|             $is_child = ($nesting == 0); | ||||
| 
 | ||||
|             if ($token === false) { | ||||
|                 // terminating sequence started
 | ||||
|             } elseif ($token instanceof HTMLPurifier_Token_Start) { | ||||
|                 $nesting++; | ||||
|             } elseif ($token instanceof HTMLPurifier_Token_End) { | ||||
|                 $nesting--; | ||||
|             } | ||||
| 
 | ||||
|             // handle node collection
 | ||||
|             if ($is_collecting) { | ||||
|                 if ($is_child) { | ||||
|                     // okay, let's stash the tokens away
 | ||||
|                     // first token tells us the type of the collection
 | ||||
|                     switch ($collection[$tag_index]->name) { | ||||
|                         case 'tr': | ||||
|                         case 'tbody': | ||||
|                             $content[] = $collection; | ||||
|                             break; | ||||
|                         case 'caption': | ||||
|                             if ($caption !== false) break; | ||||
|                             $caption = $collection; | ||||
|                             break; | ||||
|                         case 'thead': | ||||
|                         case 'tfoot': | ||||
|                             // access the appropriate variable, $thead or $tfoot
 | ||||
|                             $var = $collection[$tag_index]->name; | ||||
|                             if ($$var === false) { | ||||
|                                 $$var = $collection; | ||||
|                             } else { | ||||
|                                 // transmutate the first and less entries into
 | ||||
|                                 // tbody tags, and then put into content
 | ||||
|                                 $collection[$tag_index]->name = 'tbody'; | ||||
|                                 $collection[count($collection)-1]->name = 'tbody'; | ||||
|                                 $content[] = $collection; | ||||
|                             } | ||||
|                             break; | ||||
|                          case 'colgroup': | ||||
|                             $cols[] = $collection; | ||||
|                             break; | ||||
|                     } | ||||
|                     $collection = array(); | ||||
|                     $is_collecting = false; | ||||
|                     $tag_index = 0; | ||||
|                 } else { | ||||
|                     // add the node to the collection
 | ||||
|                     $collection[] = $token; | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             // terminate
 | ||||
|             if ($token === false) break; | ||||
| 
 | ||||
|             if ($is_child) { | ||||
|                 // determine what we're dealing with
 | ||||
|                 if ($token->name == 'col') { | ||||
|                     // the only empty tag in the possie, we can handle it
 | ||||
|                     // immediately
 | ||||
|                     $cols[] = array_merge($collection, array($token)); | ||||
|                     $collection = array(); | ||||
|                     $tag_index = 0; | ||||
|                     continue; | ||||
|                 } | ||||
|                 switch($token->name) { | ||||
|                     case 'caption': | ||||
|                     case 'colgroup': | ||||
|                     case 'thead': | ||||
|                     case 'tfoot': | ||||
|                     case 'tbody': | ||||
|                     case 'tr': | ||||
|                         $is_collecting = true; | ||||
|                         $collection[] = $token; | ||||
|                         continue; | ||||
|                     default: | ||||
|                         if (!empty($token->is_whitespace)) { | ||||
|                             $collection[] = $token; | ||||
|                             $tag_index++; | ||||
|                         } | ||||
|                         continue; | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (empty($content)) return false; | ||||
| 
 | ||||
|         $ret = array(); | ||||
|         if ($caption !== false) $ret = array_merge($ret, $caption); | ||||
|         if ($cols !== false)    foreach ($cols as $token_array) $ret = array_merge($ret, $token_array); | ||||
|         if ($thead !== false)   $ret = array_merge($ret, $thead); | ||||
|         if ($tfoot !== false)   $ret = array_merge($ret, $tfoot); | ||||
|         foreach ($content as $token_array) $ret = array_merge($ret, $token_array); | ||||
|         if (!empty($collection) && $is_collecting == false){ | ||||
|             // grab the trailing space
 | ||||
|             $ret = array_merge($ret, $collection); | ||||
|         } | ||||
| 
 | ||||
|         array_pop($tokens_of_children); // remove phantom token
 | ||||
| 
 | ||||
|         return ($ret === $tokens_of_children) ? true : $ret; | ||||
| 
 | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,580 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Configuration object that triggers customizable behavior. | ||||
|  * | ||||
|  * @warning This class is strongly defined: that means that the class | ||||
|  *          will fail if an undefined directive is retrieved or set. | ||||
|  * | ||||
|  * @note Many classes that could (although many times don't) use the | ||||
|  *       configuration object make it a mandatory parameter.  This is | ||||
|  *       because a configuration object should always be forwarded, | ||||
|  *       otherwise, you run the risk of missing a parameter and then | ||||
|  *       being stumped when a configuration directive doesn't work. | ||||
|  * | ||||
|  * @todo Reconsider some of the public member variables | ||||
|  */ | ||||
| class HTMLPurifier_Config | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * HTML Purifier's version | ||||
|      */ | ||||
|     public $version = '4.1.1'; | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicator whether or not to automatically finalize | ||||
|      * the object if a read operation is done | ||||
|      */ | ||||
|     public $autoFinalize = true; | ||||
| 
 | ||||
|     // protected member variables
 | ||||
| 
 | ||||
|     /** | ||||
|      * Namespace indexed array of serials for specific namespaces (see | ||||
|      * getSerial() for more info). | ||||
|      */ | ||||
|     protected $serials = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Serial for entire configuration object | ||||
|      */ | ||||
|     protected $serial; | ||||
| 
 | ||||
|     /** | ||||
|      * Parser for variables | ||||
|      */ | ||||
|     protected $parser; | ||||
| 
 | ||||
|     /** | ||||
|      * Reference HTMLPurifier_ConfigSchema for value checking | ||||
|      * @note This is public for introspective purposes. Please don't | ||||
|      *       abuse! | ||||
|      */ | ||||
|     public $def; | ||||
| 
 | ||||
|     /** | ||||
|      * Indexed array of definitions | ||||
|      */ | ||||
|     protected $definitions; | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicator whether or not config is finalized | ||||
|      */ | ||||
|     protected $finalized = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Property list containing configuration directives. | ||||
|      */ | ||||
|     protected $plist; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not a set is taking place due to an | ||||
|      * alias lookup. | ||||
|      */ | ||||
|     private $aliasMode; | ||||
| 
 | ||||
|     /** | ||||
|      * Set to false if you do not want line and file numbers in errors | ||||
|      * (useful when unit testing) | ||||
|      */ | ||||
|     public $chatty = true; | ||||
| 
 | ||||
|     /** | ||||
|      * Current lock; only gets to this namespace are allowed. | ||||
|      */ | ||||
|     private $lock; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $definition HTMLPurifier_ConfigSchema that defines what directives | ||||
|      *                    are allowed. | ||||
|      */ | ||||
|     public function __construct($definition, $parent = null) { | ||||
|         $parent = $parent ? $parent : $definition->defaultPlist; | ||||
|         $this->plist = new HTMLPurifier_PropertyList($parent); | ||||
|         $this->def = $definition; // keep a copy around for checking
 | ||||
|         $this->parser = new HTMLPurifier_VarParser_Flexible(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience constructor that creates a config object based on a mixed var | ||||
|      * @param mixed $config Variable that defines the state of the config | ||||
|      *                      object. Can be: a HTMLPurifier_Config() object, | ||||
|      *                      an array of directives based on loadArray(), | ||||
|      *                      or a string filename of an ini file. | ||||
|      * @param HTMLPurifier_ConfigSchema Schema object | ||||
|      * @return Configured HTMLPurifier_Config object | ||||
|      */ | ||||
|     public static function create($config, $schema = null) { | ||||
|         if ($config instanceof HTMLPurifier_Config) { | ||||
|             // pass-through
 | ||||
|             return $config; | ||||
|         } | ||||
|         if (!$schema) { | ||||
|             $ret = HTMLPurifier_Config::createDefault(); | ||||
|         } else { | ||||
|             $ret = new HTMLPurifier_Config($schema); | ||||
|         } | ||||
|         if (is_string($config)) $ret->loadIni($config); | ||||
|         elseif (is_array($config)) $ret->loadArray($config); | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a new config object that inherits from a previous one. | ||||
|      * @param HTMLPurifier_Config $config Configuration object to inherit | ||||
|      *        from. | ||||
|      * @return HTMLPurifier_Config object with $config as its parent. | ||||
|      */ | ||||
|     public static function inherit(HTMLPurifier_Config $config) { | ||||
|         return new HTMLPurifier_Config($config->def, $config->plist); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience constructor that creates a default configuration object. | ||||
|      * @return Default HTMLPurifier_Config object. | ||||
|      */ | ||||
|     public static function createDefault() { | ||||
|         $definition = HTMLPurifier_ConfigSchema::instance(); | ||||
|         $config = new HTMLPurifier_Config($definition); | ||||
|         return $config; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retreives a value from the configuration. | ||||
|      * @param $key String key | ||||
|      */ | ||||
|     public function get($key, $a = null) { | ||||
|         if ($a !== null) { | ||||
|             $this->triggerError("Using deprecated API: use \$config->get('$key.$a') instead", E_USER_WARNING); | ||||
|             $key = "$key.$a"; | ||||
|         } | ||||
|         if (!$this->finalized) $this->autoFinalize(); | ||||
|         if (!isset($this->def->info[$key])) { | ||||
|             // can't add % due to SimpleTest bug
 | ||||
|             $this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key), | ||||
|                 E_USER_WARNING); | ||||
|             return; | ||||
|         } | ||||
|         if (isset($this->def->info[$key]->isAlias)) { | ||||
|             $d = $this->def->info[$key]; | ||||
|             $this->triggerError('Cannot get value from aliased directive, use real name ' . $d->key, | ||||
|                 E_USER_ERROR); | ||||
|             return; | ||||
|         } | ||||
|         if ($this->lock) { | ||||
|             list($ns) = explode('.', $key); | ||||
|             if ($ns !== $this->lock) { | ||||
|                 $this->triggerError('Cannot get value of namespace ' . $ns . ' when lock for ' . $this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', E_USER_ERROR); | ||||
|                 return; | ||||
|             } | ||||
|         } | ||||
|         return $this->plist->get($key); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retreives an array of directives to values from a given namespace | ||||
|      * @param $namespace String namespace | ||||
|      */ | ||||
|     public function getBatch($namespace) { | ||||
|         if (!$this->finalized) $this->autoFinalize(); | ||||
|         $full = $this->getAll(); | ||||
|         if (!isset($full[$namespace])) { | ||||
|             $this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace), | ||||
|                 E_USER_WARNING); | ||||
|             return; | ||||
|         } | ||||
|         return $full[$namespace]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a md5 signature of a segment of the configuration object | ||||
|      * that uniquely identifies that particular configuration | ||||
|      * @note Revision is handled specially and is removed from the batch | ||||
|      *       before processing! | ||||
|      * @param $namespace Namespace to get serial for | ||||
|      */ | ||||
|     public function getBatchSerial($namespace) { | ||||
|         if (empty($this->serials[$namespace])) { | ||||
|             $batch = $this->getBatch($namespace); | ||||
|             unset($batch['DefinitionRev']); | ||||
|             $this->serials[$namespace] = md5(serialize($batch)); | ||||
|         } | ||||
|         return $this->serials[$namespace]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a md5 signature for the entire configuration object | ||||
|      * that uniquely identifies that particular configuration | ||||
|      */ | ||||
|     public function getSerial() { | ||||
|         if (empty($this->serial)) { | ||||
|             $this->serial = md5(serialize($this->getAll())); | ||||
|         } | ||||
|         return $this->serial; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves all directives, organized by namespace | ||||
|      * @warning This is a pretty inefficient function, avoid if you can | ||||
|      */ | ||||
|     public function getAll() { | ||||
|         if (!$this->finalized) $this->autoFinalize(); | ||||
|         $ret = array(); | ||||
|         foreach ($this->plist->squash() as $name => $value) { | ||||
|             list($ns, $key) = explode('.', $name, 2); | ||||
|             $ret[$ns][$key] = $value; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Sets a value to configuration. | ||||
|      * @param $key String key | ||||
|      * @param $value Mixed value | ||||
|      */ | ||||
|     public function set($key, $value, $a = null) { | ||||
|         if (strpos($key, '.') === false) { | ||||
|             $namespace = $key; | ||||
|             $directive = $value; | ||||
|             $value = $a; | ||||
|             $key = "$key.$directive"; | ||||
|             $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE); | ||||
|         } else { | ||||
|             list($namespace) = explode('.', $key); | ||||
|         } | ||||
|         if ($this->isFinalized('Cannot set directive after finalization')) return; | ||||
|         if (!isset($this->def->info[$key])) { | ||||
|             $this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key) . ' to value', | ||||
|                 E_USER_WARNING); | ||||
|             return; | ||||
|         } | ||||
|         $def = $this->def->info[$key]; | ||||
| 
 | ||||
|         if (isset($def->isAlias)) { | ||||
|             if ($this->aliasMode) { | ||||
|                 $this->triggerError('Double-aliases not allowed, please fix '. | ||||
|                     'ConfigSchema bug with' . $key, E_USER_ERROR); | ||||
|                 return; | ||||
|             } | ||||
|             $this->aliasMode = true; | ||||
|             $this->set($def->key, $value); | ||||
|             $this->aliasMode = false; | ||||
|             $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE); | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         // Raw type might be negative when using the fully optimized form
 | ||||
|         // of stdclass, which indicates allow_null == true
 | ||||
|         $rtype = is_int($def) ? $def : $def->type; | ||||
|         if ($rtype < 0) { | ||||
|             $type = -$rtype; | ||||
|             $allow_null = true; | ||||
|         } else { | ||||
|             $type = $rtype; | ||||
|             $allow_null = isset($def->allow_null); | ||||
|         } | ||||
| 
 | ||||
|         try { | ||||
|             $value = $this->parser->parse($value, $type, $allow_null); | ||||
|         } catch (HTMLPurifier_VarParserException $e) { | ||||
|             $this->triggerError('Value for ' . $key . ' is of invalid type, should be ' . HTMLPurifier_VarParser::getTypeName($type), E_USER_WARNING); | ||||
|             return; | ||||
|         } | ||||
|         if (is_string($value) && is_object($def)) { | ||||
|             // resolve value alias if defined
 | ||||
|             if (isset($def->aliases[$value])) { | ||||
|                 $value = $def->aliases[$value]; | ||||
|             } | ||||
|             // check to see if the value is allowed
 | ||||
|             if (isset($def->allowed) && !isset($def->allowed[$value])) { | ||||
|                 $this->triggerError('Value not supported, valid values are: ' . | ||||
|                     $this->_listify($def->allowed), E_USER_WARNING); | ||||
|                 return; | ||||
|             } | ||||
|         } | ||||
|         $this->plist->set($key, $value); | ||||
| 
 | ||||
|         // reset definitions if the directives they depend on changed
 | ||||
|         // this is a very costly process, so it's discouraged
 | ||||
|         // with finalization
 | ||||
|         if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') { | ||||
|             $this->definitions[$namespace] = null; | ||||
|         } | ||||
| 
 | ||||
|         $this->serials[$namespace] = false; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience function for error reporting | ||||
|      */ | ||||
|     private function _listify($lookup) { | ||||
|         $list = array(); | ||||
|         foreach ($lookup as $name => $b) $list[] = $name; | ||||
|         return implode(', ', $list); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves object reference to the HTML definition. | ||||
|      * @param $raw Return a copy that has not been setup yet. Must be | ||||
|      *             called before it's been setup, otherwise won't work. | ||||
|      */ | ||||
|     public function getHTMLDefinition($raw = false) { | ||||
|         return $this->getDefinition('HTML', $raw); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves object reference to the CSS definition | ||||
|      * @param $raw Return a copy that has not been setup yet. Must be | ||||
|      *             called before it's been setup, otherwise won't work. | ||||
|      */ | ||||
|     public function getCSSDefinition($raw = false) { | ||||
|         return $this->getDefinition('CSS', $raw); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a definition | ||||
|      * @param $type Type of definition: HTML, CSS, etc | ||||
|      * @param $raw  Whether or not definition should be returned raw | ||||
|      */ | ||||
|     public function getDefinition($type, $raw = false) { | ||||
|         if (!$this->finalized) $this->autoFinalize(); | ||||
|         // temporarily suspend locks, so we can handle recursive definition calls
 | ||||
|         $lock = $this->lock; | ||||
|         $this->lock = null; | ||||
|         $factory = HTMLPurifier_DefinitionCacheFactory::instance(); | ||||
|         $cache = $factory->create($type, $this); | ||||
|         $this->lock = $lock; | ||||
|         if (!$raw) { | ||||
|             // see if we can quickly supply a definition
 | ||||
|             if (!empty($this->definitions[$type])) { | ||||
|                 if (!$this->definitions[$type]->setup) { | ||||
|                     $this->definitions[$type]->setup($this); | ||||
|                     $cache->set($this->definitions[$type], $this); | ||||
|                 } | ||||
|                 return $this->definitions[$type]; | ||||
|             } | ||||
|             // memory check missed, try cache
 | ||||
|             $this->definitions[$type] = $cache->get($this); | ||||
|             if ($this->definitions[$type]) { | ||||
|                 // definition in cache, return it
 | ||||
|                 return $this->definitions[$type]; | ||||
|             } | ||||
|         } elseif ( | ||||
|             !empty($this->definitions[$type]) && | ||||
|             !$this->definitions[$type]->setup | ||||
|         ) { | ||||
|             // raw requested, raw in memory, quick return
 | ||||
|             return $this->definitions[$type]; | ||||
|         } | ||||
|         // quick checks failed, let's create the object
 | ||||
|         if ($type == 'HTML') { | ||||
|             $this->definitions[$type] = new HTMLPurifier_HTMLDefinition(); | ||||
|         } elseif ($type == 'CSS') { | ||||
|             $this->definitions[$type] = new HTMLPurifier_CSSDefinition(); | ||||
|         } elseif ($type == 'URI') { | ||||
|             $this->definitions[$type] = new HTMLPurifier_URIDefinition(); | ||||
|         } else { | ||||
|             throw new HTMLPurifier_Exception("Definition of $type type not supported"); | ||||
|         } | ||||
|         // quick abort if raw
 | ||||
|         if ($raw) { | ||||
|             if (is_null($this->get($type . '.DefinitionID'))) { | ||||
|                 // fatally error out if definition ID not set
 | ||||
|                 throw new HTMLPurifier_Exception("Cannot retrieve raw version without specifying %$type.DefinitionID"); | ||||
|             } | ||||
|             return $this->definitions[$type]; | ||||
|         } | ||||
|         // set it up
 | ||||
|         $this->lock = $type; | ||||
|         $this->definitions[$type]->setup($this); | ||||
|         $this->lock = null; | ||||
|         // save in cache
 | ||||
|         $cache->set($this->definitions[$type], $this); | ||||
|         return $this->definitions[$type]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from an array with the following structure: | ||||
|      * Namespace.Directive => Value | ||||
|      * @param $config_array Configuration associative array | ||||
|      */ | ||||
|     public function loadArray($config_array) { | ||||
|         if ($this->isFinalized('Cannot load directives after finalization')) return; | ||||
|         foreach ($config_array as $key => $value) { | ||||
|             $key = str_replace('_', '.', $key); | ||||
|             if (strpos($key, '.') !== false) { | ||||
|                 $this->set($key, $value); | ||||
|             } else { | ||||
|                 $namespace = $key; | ||||
|                 $namespace_values = $value; | ||||
|                 foreach ($namespace_values as $directive => $value) { | ||||
|                     $this->set($namespace .'.'. $directive, $value); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a list of array(namespace, directive) for all directives | ||||
|      * that are allowed in a web-form context as per an allowed | ||||
|      * namespaces/directives list. | ||||
|      * @param $allowed List of allowed namespaces/directives | ||||
|      */ | ||||
|     public static function getAllowedDirectivesForForm($allowed, $schema = null) { | ||||
|         if (!$schema) { | ||||
|             $schema = HTMLPurifier_ConfigSchema::instance(); | ||||
|         } | ||||
|         if ($allowed !== true) { | ||||
|              if (is_string($allowed)) $allowed = array($allowed); | ||||
|              $allowed_ns = array(); | ||||
|              $allowed_directives = array(); | ||||
|              $blacklisted_directives = array(); | ||||
|              foreach ($allowed as $ns_or_directive) { | ||||
|                  if (strpos($ns_or_directive, '.') !== false) { | ||||
|                      // directive
 | ||||
|                      if ($ns_or_directive[0] == '-') { | ||||
|                          $blacklisted_directives[substr($ns_or_directive, 1)] = true; | ||||
|                      } else { | ||||
|                          $allowed_directives[$ns_or_directive] = true; | ||||
|                      } | ||||
|                  } else { | ||||
|                      // namespace
 | ||||
|                      $allowed_ns[$ns_or_directive] = true; | ||||
|                  } | ||||
|              } | ||||
|         } | ||||
|         $ret = array(); | ||||
|         foreach ($schema->info as $key => $def) { | ||||
|             list($ns, $directive) = explode('.', $key, 2); | ||||
|             if ($allowed !== true) { | ||||
|                 if (isset($blacklisted_directives["$ns.$directive"])) continue; | ||||
|                 if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue; | ||||
|             } | ||||
|             if (isset($def->isAlias)) continue; | ||||
|             if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue; | ||||
|             $ret[] = array($ns, $directive); | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from $_GET/$_POST that were posted | ||||
|      * via ConfigForm | ||||
|      * @param $array $_GET or $_POST array to import | ||||
|      * @param $index Index/name that the config variables are in | ||||
|      * @param $allowed List of allowed namespaces/directives | ||||
|      * @param $mq_fix Boolean whether or not to enable magic quotes fix | ||||
|      * @param $schema Instance of HTMLPurifier_ConfigSchema to use, if not global copy | ||||
|      */ | ||||
|     public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) { | ||||
|         $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema); | ||||
|         $config = HTMLPurifier_Config::create($ret, $schema); | ||||
|         return $config; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Merges in configuration values from $_GET/$_POST to object. NOT STATIC. | ||||
|      * @note Same parameters as loadArrayFromForm | ||||
|      */ | ||||
|     public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true) { | ||||
|          $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def); | ||||
|          $this->loadArray($ret); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Prepares an array from a form into something usable for the more | ||||
|      * strict parts of HTMLPurifier_Config | ||||
|      */ | ||||
|     public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) { | ||||
|         if ($index !== false) $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); | ||||
|         $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); | ||||
| 
 | ||||
|         $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); | ||||
|         $ret = array(); | ||||
|         foreach ($allowed as $key) { | ||||
|             list($ns, $directive) = $key; | ||||
|             $skey = "$ns.$directive"; | ||||
|             if (!empty($array["Null_$skey"])) { | ||||
|                 $ret[$ns][$directive] = null; | ||||
|                 continue; | ||||
|             } | ||||
|             if (!isset($array[$skey])) continue; | ||||
|             $value = $mq ? stripslashes($array[$skey]) : $array[$skey]; | ||||
|             $ret[$ns][$directive] = $value; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from an ini file | ||||
|      * @param $filename Name of ini file | ||||
|      */ | ||||
|     public function loadIni($filename) { | ||||
|         if ($this->isFinalized('Cannot load directives after finalization')) return; | ||||
|         $array = parse_ini_file($filename, true); | ||||
|         $this->loadArray($array); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Checks whether or not the configuration object is finalized. | ||||
|      * @param $error String error message, or false for no error | ||||
|      */ | ||||
|     public function isFinalized($error = false) { | ||||
|         if ($this->finalized && $error) { | ||||
|             $this->triggerError($error, E_USER_ERROR); | ||||
|         } | ||||
|         return $this->finalized; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Finalizes configuration only if auto finalize is on and not | ||||
|      * already finalized | ||||
|      */ | ||||
|     public function autoFinalize() { | ||||
|         if ($this->autoFinalize) { | ||||
|             $this->finalize(); | ||||
|         } else { | ||||
|             $this->plist->squash(true); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Finalizes a configuration object, prohibiting further change | ||||
|      */ | ||||
|     public function finalize() { | ||||
|         $this->finalized = true; | ||||
|         unset($this->parser); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Produces a nicely formatted error message by supplying the | ||||
|      * stack frame information from two levels up and OUTSIDE of | ||||
|      * HTMLPurifier_Config. | ||||
|      */ | ||||
|     protected function triggerError($msg, $no) { | ||||
|         // determine previous stack frame
 | ||||
|         $backtrace = debug_backtrace(); | ||||
|         if ($this->chatty && isset($backtrace[1])) { | ||||
|             $frame = $backtrace[1]; | ||||
|             $extra = " on line {$frame['line']} in file {$frame['file']}"; | ||||
|         } else { | ||||
|             $extra = ''; | ||||
|         } | ||||
|         trigger_error($msg . $extra, $no); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a serialized form of the configuration object that can | ||||
|      * be reconstituted. | ||||
|      */ | ||||
|     public function serialize() { | ||||
|         $this->getDefinition('HTML'); | ||||
|         $this->getDefinition('CSS'); | ||||
|         $this->getDefinition('URI'); | ||||
|         return serialize($this); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,66 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Fluent interface for validating the contents of member variables. | ||||
|  * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for | ||||
|  * use-cases. We name this an 'atom' because it's ONLY for validations that | ||||
|  * are independent and usually scalar. | ||||
|  */ | ||||
| class HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
| { | ||||
| 
 | ||||
|     protected $context, $obj, $member, $contents; | ||||
| 
 | ||||
|     public function __construct($context, $obj, $member) { | ||||
|         $this->context     = $context; | ||||
|         $this->obj         = $obj; | ||||
|         $this->member      = $member; | ||||
|         $this->contents    =& $obj->$member; | ||||
|     } | ||||
| 
 | ||||
|     public function assertIsString() { | ||||
|         if (!is_string($this->contents)) $this->error('must be a string'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertIsBool() { | ||||
|         if (!is_bool($this->contents)) $this->error('must be a boolean'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertIsArray() { | ||||
|         if (!is_array($this->contents)) $this->error('must be an array'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertNotNull() { | ||||
|         if ($this->contents === null) $this->error('must not be null'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertAlnum() { | ||||
|         $this->assertIsString(); | ||||
|         if (!ctype_alnum($this->contents)) $this->error('must be alphanumeric'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertNotEmpty() { | ||||
|         if (empty($this->contents)) $this->error('must not be empty'); | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     public function assertIsLookup() { | ||||
|         $this->assertIsArray(); | ||||
|         foreach ($this->contents as $v) { | ||||
|             if ($v !== true) $this->error('must be a lookup array'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     protected function error($msg) { | ||||
|         throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
										
											Binary file not shown.
										
									
								
							|  | @ -1,18 +0,0 @@ | |||
| HTML.AllowedElements | ||||
| TYPE: lookup/null | ||||
| VERSION: 1.3.0 | ||||
| DEFAULT: NULL | ||||
| --DESCRIPTION-- | ||||
| <p> | ||||
|     If HTML Purifier's tag set is unsatisfactory for your needs, you | ||||
|     can overload it with your own list of tags to allow.  Note that this | ||||
|     method is subtractive: it does its job by taking away from HTML Purifier | ||||
|     usual feature set, so you cannot add a tag that HTML Purifier never | ||||
|     supported in the first place (like embed, form or head).  If you | ||||
|     change this, you probably also want to change %HTML.AllowedAttributes. | ||||
| </p> | ||||
| <p> | ||||
|     <strong>Warning:</strong> If another directive conflicts with the | ||||
|     elements here, <em>that</em> directive will win and override. | ||||
| </p> | ||||
| --# vim: et sw=4 sts=4 | ||||
|  | @ -1,82 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Registry object that contains information about the current context. | ||||
|  * @warning Is a bit buggy when variables are set to null: it thinks | ||||
|  *          they don't exist! So use false instead, please. | ||||
|  * @note Since the variables Context deals with may not be objects, | ||||
|  *       references are very important here! Do not remove! | ||||
|  */ | ||||
| class HTMLPurifier_Context | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Private array that stores the references. | ||||
|      */ | ||||
|     private $_storage = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Registers a variable into the context. | ||||
|      * @param $name String name | ||||
|      * @param $ref Reference to variable to be registered | ||||
|      */ | ||||
|     public function register($name, &$ref) { | ||||
|         if (isset($this->_storage[$name])) { | ||||
|             trigger_error("Name $name produces collision, cannot re-register", | ||||
|                           E_USER_ERROR); | ||||
|             return; | ||||
|         } | ||||
|         $this->_storage[$name] =& $ref; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a variable reference from the context. | ||||
|      * @param $name String name | ||||
|      * @param $ignore_error Boolean whether or not to ignore error | ||||
|      */ | ||||
|     public function &get($name, $ignore_error = false) { | ||||
|         if (!isset($this->_storage[$name])) { | ||||
|             if (!$ignore_error) { | ||||
|                 trigger_error("Attempted to retrieve non-existent variable $name", | ||||
|                               E_USER_ERROR); | ||||
|             } | ||||
|             $var = null; // so we can return by reference
 | ||||
|             return $var; | ||||
|         } | ||||
|         return $this->_storage[$name]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Destorys a variable in the context. | ||||
|      * @param $name String name | ||||
|      */ | ||||
|     public function destroy($name) { | ||||
|         if (!isset($this->_storage[$name])) { | ||||
|             trigger_error("Attempted to destroy non-existent variable $name", | ||||
|                           E_USER_ERROR); | ||||
|             return; | ||||
|         } | ||||
|         unset($this->_storage[$name]); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Checks whether or not the variable exists. | ||||
|      * @param $name String name | ||||
|      */ | ||||
|     public function exists($name) { | ||||
|         return isset($this->_storage[$name]); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads a series of variables from an associative array | ||||
|      * @param $context_array Assoc array of variables to load | ||||
|      */ | ||||
|     public function loadArray($context_array) { | ||||
|         foreach ($context_array as $key => $discard) { | ||||
|             $this->register($key, $context_array[$key]); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,39 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Super-class for definition datatype objects, implements serialization | ||||
|  * functions for the class. | ||||
|  */ | ||||
| abstract class HTMLPurifier_Definition | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Has setup() been called yet? | ||||
|      */ | ||||
|     public $setup = false; | ||||
| 
 | ||||
|     /** | ||||
|      * What type of definition is it? | ||||
|      */ | ||||
|     public $type; | ||||
| 
 | ||||
|     /** | ||||
|      * Sets up the definition object into the final form, something | ||||
|      * not done by the constructor | ||||
|      * @param $config HTMLPurifier_Config instance | ||||
|      */ | ||||
|     abstract protected function doSetup($config); | ||||
| 
 | ||||
|     /** | ||||
|      * Setup function that aborts if already setup | ||||
|      * @param $config HTMLPurifier_Config instance | ||||
|      */ | ||||
|     public function setup($config) { | ||||
|         if ($this->setup) return; | ||||
|         $this->setup = true; | ||||
|         $this->doSetup($config); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,62 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCache | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Cache object we are decorating | ||||
|      */ | ||||
|     public $cache; | ||||
| 
 | ||||
|     public function __construct() {} | ||||
| 
 | ||||
|     /** | ||||
|      * Lazy decorator function
 | ||||
|      * @param $cache Reference to cache object to decorate | ||||
|      */ | ||||
|     public function decorate(&$cache) { | ||||
|         $decorator = $this->copy(); | ||||
|         // reference is necessary for mocks in PHP 4
 | ||||
|         $decorator->cache =& $cache; | ||||
|         $decorator->type  = $cache->type; | ||||
|         return $decorator; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Cross-compatible clone substitute | ||||
|      */ | ||||
|     public function copy() { | ||||
|         return new HTMLPurifier_DefinitionCache_Decorator(); | ||||
|     } | ||||
| 
 | ||||
|     public function add($def, $config) { | ||||
|         return $this->cache->add($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     public function set($def, $config) { | ||||
|         return $this->cache->set($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     public function replace($def, $config) { | ||||
|         return $this->cache->replace($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     public function get($config) { | ||||
|         return $this->cache->get($config); | ||||
|     } | ||||
| 
 | ||||
|     public function remove($config) { | ||||
|         return $this->cache->remove($config); | ||||
|     } | ||||
| 
 | ||||
|     public function flush($config) { | ||||
|         return $this->cache->flush($config); | ||||
|     } | ||||
| 
 | ||||
|     public function cleanup($config) { | ||||
|         return $this->cache->cleanup($config); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,43 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition cache decorator class that cleans up the cache | ||||
|  * whenever there is a cache miss. | ||||
|  */ | ||||
| class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends | ||||
|       HTMLPurifier_DefinitionCache_Decorator | ||||
| { | ||||
| 
 | ||||
|     public $name = 'Cleanup'; | ||||
| 
 | ||||
|     public function copy() { | ||||
|         return new HTMLPurifier_DefinitionCache_Decorator_Cleanup(); | ||||
|     } | ||||
| 
 | ||||
|     public function add($def, $config) { | ||||
|         $status = parent::add($def, $config); | ||||
|         if (!$status) parent::cleanup($config); | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function set($def, $config) { | ||||
|         $status = parent::set($def, $config); | ||||
|         if (!$status) parent::cleanup($config); | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function replace($def, $config) { | ||||
|         $status = parent::replace($def, $config); | ||||
|         if (!$status) parent::cleanup($config); | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function get($config) { | ||||
|         $ret = parent::get($config); | ||||
|         if (!$ret) parent::cleanup($config); | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,46 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition cache decorator class that saves all cache retrievals | ||||
|  * to PHP's memory; good for unit tests or circumstances where | ||||
|  * there are lots of configuration objects floating around. | ||||
|  */ | ||||
| class HTMLPurifier_DefinitionCache_Decorator_Memory extends | ||||
|       HTMLPurifier_DefinitionCache_Decorator | ||||
| { | ||||
| 
 | ||||
|     protected $definitions; | ||||
|     public $name = 'Memory'; | ||||
| 
 | ||||
|     public function copy() { | ||||
|         return new HTMLPurifier_DefinitionCache_Decorator_Memory(); | ||||
|     } | ||||
| 
 | ||||
|     public function add($def, $config) { | ||||
|         $status = parent::add($def, $config); | ||||
|         if ($status) $this->definitions[$this->generateKey($config)] = $def; | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function set($def, $config) { | ||||
|         $status = parent::set($def, $config); | ||||
|         if ($status) $this->definitions[$this->generateKey($config)] = $def; | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function replace($def, $config) { | ||||
|         $status = parent::replace($def, $config); | ||||
|         if ($status) $this->definitions[$this->generateKey($config)] = $def; | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     public function get($config) { | ||||
|         $key = $this->generateKey($config); | ||||
|         if (isset($this->definitions[$key])) return $this->definitions[$key]; | ||||
|         $this->definitions[$key] = parent::get($config); | ||||
|         return $this->definitions[$key]; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,47 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| require_once 'HTMLPurifier/DefinitionCache/Decorator.php'; | ||||
| 
 | ||||
| /** | ||||
|  * Definition cache decorator template. | ||||
|  */ | ||||
| class HTMLPurifier_DefinitionCache_Decorator_Template extends | ||||
|       HTMLPurifier_DefinitionCache_Decorator | ||||
| { | ||||
| 
 | ||||
|     var $name = 'Template'; // replace this
 | ||||
| 
 | ||||
|     function copy() { | ||||
|         // replace class name with yours
 | ||||
|         return new HTMLPurifier_DefinitionCache_Decorator_Template(); | ||||
|     } | ||||
| 
 | ||||
|     // remove methods you don't need
 | ||||
| 
 | ||||
|     function add($def, $config) { | ||||
|         return parent::add($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     function set($def, $config) { | ||||
|         return parent::set($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     function replace($def, $config) { | ||||
|         return parent::replace($def, $config); | ||||
|     } | ||||
| 
 | ||||
|     function get($config) { | ||||
|         return parent::get($config); | ||||
|     } | ||||
| 
 | ||||
|     function flush() { | ||||
|         return parent::flush(); | ||||
|     } | ||||
| 
 | ||||
|     function cleanup($config) { | ||||
|         return parent::cleanup($config); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,39 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Null cache object to use when no caching is on. | ||||
|  */ | ||||
| class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache | ||||
| { | ||||
| 
 | ||||
|     public function add($def, $config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function set($def, $config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function replace($def, $config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function remove($config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function get($config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function flush($config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     public function cleanup($config) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,172 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_DefinitionCache_Serializer extends | ||||
|       HTMLPurifier_DefinitionCache | ||||
| { | ||||
| 
 | ||||
|     public function add($def, $config) { | ||||
|         if (!$this->checkDefType($def)) return; | ||||
|         $file = $this->generateFilePath($config); | ||||
|         if (file_exists($file)) return false; | ||||
|         if (!$this->_prepareDir($config)) return false; | ||||
|         return $this->_write($file, serialize($def)); | ||||
|     } | ||||
| 
 | ||||
|     public function set($def, $config) { | ||||
|         if (!$this->checkDefType($def)) return; | ||||
|         $file = $this->generateFilePath($config); | ||||
|         if (!$this->_prepareDir($config)) return false; | ||||
|         return $this->_write($file, serialize($def)); | ||||
|     } | ||||
| 
 | ||||
|     public function replace($def, $config) { | ||||
|         if (!$this->checkDefType($def)) return; | ||||
|         $file = $this->generateFilePath($config); | ||||
|         if (!file_exists($file)) return false; | ||||
|         if (!$this->_prepareDir($config)) return false; | ||||
|         return $this->_write($file, serialize($def)); | ||||
|     } | ||||
| 
 | ||||
|     public function get($config) { | ||||
|         $file = $this->generateFilePath($config); | ||||
|         if (!file_exists($file)) return false; | ||||
|         return unserialize(file_get_contents($file)); | ||||
|     } | ||||
| 
 | ||||
|     public function remove($config) { | ||||
|         $file = $this->generateFilePath($config); | ||||
|         if (!file_exists($file)) return false; | ||||
|         return unlink($file); | ||||
|     } | ||||
| 
 | ||||
|     public function flush($config) { | ||||
|         if (!$this->_prepareDir($config)) return false; | ||||
|         $dir = $this->generateDirectoryPath($config); | ||||
|         $dh  = opendir($dir); | ||||
|         while (false !== ($filename = readdir($dh))) { | ||||
|             if (empty($filename)) continue; | ||||
|             if ($filename[0] === '.') continue; | ||||
|             unlink($dir . '/' . $filename); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     public function cleanup($config) { | ||||
|         if (!$this->_prepareDir($config)) return false; | ||||
|         $dir = $this->generateDirectoryPath($config); | ||||
|         $dh  = opendir($dir); | ||||
|         while (false !== ($filename = readdir($dh))) { | ||||
|             if (empty($filename)) continue; | ||||
|             if ($filename[0] === '.') continue; | ||||
|             $key = substr($filename, 0, strlen($filename) - 4); | ||||
|             if ($this->isOld($key, $config)) unlink($dir . '/' . $filename); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generates the file path to the serial file corresponding to | ||||
|      * the configuration and definition name | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public function generateFilePath($config) { | ||||
|         $key = $this->generateKey($config); | ||||
|         return $this->generateDirectoryPath($config) . '/' . $key . '.ser'; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generates the path to the directory contain this cache's serial files | ||||
|      * @note No trailing slash | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public function generateDirectoryPath($config) { | ||||
|         $base = $this->generateBaseDirectoryPath($config); | ||||
|         return $base . '/' . $this->type; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generates path to base directory that contains all definition type | ||||
|      * serials | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public function generateBaseDirectoryPath($config) { | ||||
|         $base = $config->get('Cache.SerializerPath'); | ||||
|         $base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base; | ||||
|         return $base; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience wrapper function for file_put_contents | ||||
|      * @param $file File name to write to | ||||
|      * @param $data Data to write into file | ||||
|      * @return Number of bytes written if success, or false if failure. | ||||
|      */ | ||||
|     private function _write($file, $data) { | ||||
|         return file_put_contents($file, $data); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Prepares the directory that this type stores the serials in | ||||
|      * @return True if successful | ||||
|      */ | ||||
|     private function _prepareDir($config) { | ||||
|         $directory = $this->generateDirectoryPath($config); | ||||
|         if (!is_dir($directory)) { | ||||
|             $base = $this->generateBaseDirectoryPath($config); | ||||
|             if (!is_dir($base)) { | ||||
|                 trigger_error('Base directory '.$base.' does not exist, | ||||
|                     please create or change using %Cache.SerializerPath', | ||||
|                     E_USER_WARNING); | ||||
|                 return false; | ||||
|             } elseif (!$this->_testPermissions($base)) { | ||||
|                 return false; | ||||
|             } | ||||
|             $old = umask(0022); // disable group and world writes
 | ||||
|             mkdir($directory); | ||||
|             umask($old); | ||||
|         } elseif (!$this->_testPermissions($directory)) { | ||||
|             return false; | ||||
|         } | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Tests permissions on a directory and throws out friendly | ||||
|      * error messages and attempts to chmod it itself if possible | ||||
|      */ | ||||
|     private function _testPermissions($dir) { | ||||
|         // early abort, if it is writable, everything is hunky-dory
 | ||||
|         if (is_writable($dir)) return true; | ||||
|         if (!is_dir($dir)) { | ||||
|             // generally, you'll want to handle this beforehand
 | ||||
|             // so a more specific error message can be given
 | ||||
|             trigger_error('Directory '.$dir.' does not exist', | ||||
|                 E_USER_WARNING); | ||||
|             return false; | ||||
|         } | ||||
|         if (function_exists('posix_getuid')) { | ||||
|             // POSIX system, we can give more specific advice
 | ||||
|             if (fileowner($dir) === posix_getuid()) { | ||||
|                 // we can chmod it ourselves
 | ||||
|                 chmod($dir, 0755); | ||||
|                 return true; | ||||
|             } elseif (filegroup($dir) === posix_getgid()) { | ||||
|                 $chmod = '775'; | ||||
|             } else { | ||||
|                 // PHP's probably running as nobody, so we'll
 | ||||
|                 // need to give global permissions
 | ||||
|                 $chmod = '777'; | ||||
|             } | ||||
|             trigger_error('Directory '.$dir.' not writable, '. | ||||
|                 'please chmod to ' . $chmod, | ||||
|                 E_USER_WARNING); | ||||
|         } else { | ||||
|             // generic error message
 | ||||
|             trigger_error('Directory '.$dir.' not writable, '. | ||||
|                 'please alter file permissions', | ||||
|                 E_USER_WARNING); | ||||
|         } | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							|  | @ -1,135 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * This filter extracts <style> blocks from input HTML, cleans them up | ||||
|  * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks') | ||||
|  * so they can be used elsewhere in the document. | ||||
|  * | ||||
|  * @note | ||||
|  *      See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for | ||||
|  *      sample usage. | ||||
|  * | ||||
|  * @note | ||||
|  *      This filter can also be used on stylesheets not included in the | ||||
|  *      document--something purists would probably prefer. Just directly | ||||
|  *      call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS() | ||||
|  */ | ||||
| class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter | ||||
| { | ||||
| 
 | ||||
|     public $name = 'ExtractStyleBlocks'; | ||||
|     private $_styleMatches = array(); | ||||
|     private $_tidy; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         $this->_tidy = new csstidy(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Save the contents of CSS blocks to style matches | ||||
|      * @param $matches preg_replace style $matches array | ||||
|      */ | ||||
|     protected function styleCallback($matches) { | ||||
|         $this->_styleMatches[] = $matches[1]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Removes inline <style> tags from HTML, saves them for later use | ||||
|      * @todo Extend to indicate non-text/css style blocks | ||||
|      */ | ||||
|     public function preFilter($html, $config, $context) { | ||||
|         $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl'); | ||||
|         if ($tidy !== null) $this->_tidy = $tidy; | ||||
|         $html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html); | ||||
|         $style_blocks = $this->_styleMatches; | ||||
|         $this->_styleMatches = array(); // reset
 | ||||
|         $context->register('StyleBlocks', $style_blocks); // $context must not be reused
 | ||||
|         if ($this->_tidy) { | ||||
|             foreach ($style_blocks as &$style) { | ||||
|                 $style = $this->cleanCSS($style, $config, $context); | ||||
|             } | ||||
|         } | ||||
|         return $html; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Takes CSS (the stuff found in <style>) and cleans it. | ||||
|      * @warning Requires CSSTidy <http://csstidy.sourceforge.net/> | ||||
|      * @param $css     CSS styling to clean | ||||
|      * @param $config  Instance of HTMLPurifier_Config | ||||
|      * @param $context Instance of HTMLPurifier_Context | ||||
|      * @return Cleaned CSS | ||||
|      */ | ||||
|     public function cleanCSS($css, $config, $context) { | ||||
|         // prepare scope
 | ||||
|         $scope = $config->get('Filter.ExtractStyleBlocks.Scope'); | ||||
|         if ($scope !== null) { | ||||
|             $scopes = array_map('trim', explode(',', $scope)); | ||||
|         } else { | ||||
|             $scopes = array(); | ||||
|         } | ||||
|         // remove comments from CSS
 | ||||
|         $css = trim($css); | ||||
|         if (strncmp('<!--', $css, 4) === 0) { | ||||
|             $css = substr($css, 4); | ||||
|         } | ||||
|         if (strlen($css) > 3 && substr($css, -3) == '-->') { | ||||
|             $css = substr($css, 0, -3); | ||||
|         } | ||||
|         $css = trim($css); | ||||
|         $this->_tidy->parse($css); | ||||
|         $css_definition = $config->getDefinition('CSS'); | ||||
|         foreach ($this->_tidy->css as $k => $decls) { | ||||
|             // $decls are all CSS declarations inside an @ selector
 | ||||
|             $new_decls = array(); | ||||
|             foreach ($decls as $selector => $style) { | ||||
|                 $selector = trim($selector); | ||||
|                 if ($selector === '') continue; // should not happen
 | ||||
|                 if ($selector[0] === '+') { | ||||
|                     if ($selector !== '' && $selector[0] === '+') continue; | ||||
|                 } | ||||
|                 if (!empty($scopes)) { | ||||
|                     $new_selector = array(); // because multiple ones are possible
 | ||||
|                     $selectors = array_map('trim', explode(',', $selector)); | ||||
|                     foreach ($scopes as $s1) { | ||||
|                         foreach ($selectors as $s2) { | ||||
|                             $new_selector[] = "$s1 $s2"; | ||||
|                         } | ||||
|                     } | ||||
|                     $selector = implode(', ', $new_selector); // now it's a string
 | ||||
|                 } | ||||
|                 foreach ($style as $name => $value) { | ||||
|                     if (!isset($css_definition->info[$name])) { | ||||
|                         unset($style[$name]); | ||||
|                         continue; | ||||
|                     } | ||||
|                     $def = $css_definition->info[$name]; | ||||
|                     $ret = $def->validate($value, $config, $context); | ||||
|                     if ($ret === false) unset($style[$name]); | ||||
|                     else $style[$name] = $ret; | ||||
|                 } | ||||
|                 $new_decls[$selector] = $style; | ||||
|             } | ||||
|             $this->_tidy->css[$k] = $new_decls; | ||||
|         } | ||||
|         // remove stuff that shouldn't be used, could be reenabled
 | ||||
|         // after security risks are analyzed
 | ||||
|         $this->_tidy->import = array(); | ||||
|         $this->_tidy->charset = null; | ||||
|         $this->_tidy->namespace = null; | ||||
|         $css = $this->_tidy->print->plain(); | ||||
|         // we are going to escape any special characters <>& to ensure
 | ||||
|         // that no funny business occurs (i.e. </style> in a font-family prop).
 | ||||
|         if ($config->get('Filter.ExtractStyleBlocks.Escaping')) { | ||||
|             $css = str_replace( | ||||
|                 array('<',    '>',    '&'), | ||||
|                 array('\3C ', '\3E ', '\26 '), | ||||
|                 $css | ||||
|             ); | ||||
|         } | ||||
|         return $css; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,39 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter | ||||
| { | ||||
| 
 | ||||
|     public $name = 'YouTube'; | ||||
| 
 | ||||
|     public function preFilter($html, $config, $context) { | ||||
|         $pre_regex = '#<object[^>]+>.+?'. | ||||
|             'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s'; | ||||
|         $pre_replace = '<span class="youtube-embed">\1</span>'; | ||||
|         return preg_replace($pre_regex, $pre_replace, $html); | ||||
|     } | ||||
| 
 | ||||
|     public function postFilter($html, $config, $context) { | ||||
|         $post_regex = '#<span class="youtube-embed">((?:v|cp)/[A-Za-z0-9\-_=]+)</span>#'; | ||||
|         return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html); | ||||
|     } | ||||
| 
 | ||||
|     protected function armorUrl($url) { | ||||
|         return str_replace('--', '--', $url); | ||||
|     } | ||||
| 
 | ||||
|     protected function postFilterCallback($matches) { | ||||
|         $url = $this->armorUrl($matches[1]); | ||||
|         return '<object width="425" height="350" type="application/x-shockwave-flash" '. | ||||
|             'data="http://www.youtube.com/'.$url.'">'. | ||||
|             '<param name="movie" value="http://www.youtube.com/'.$url.'"></param>'. | ||||
|             '<!--[if IE]>'. | ||||
|             '<embed src="http://www.youtube.com/'.$url.'"'. | ||||
|             'type="application/x-shockwave-flash"'. | ||||
|             'wmode="transparent" width="425" height="350" />'. | ||||
|             '<![endif]-->'. | ||||
|             '</object>'; | ||||
| 
 | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,118 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * XHTML 1.1 Forms module, defines all form-related elements found in HTML 4. | ||||
|  */ | ||||
| class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule | ||||
| { | ||||
|     public $name = 'Forms'; | ||||
|     public $safe = false; | ||||
| 
 | ||||
|     public $content_sets = array( | ||||
|         'Block' => 'Form', | ||||
|         'Inline' => 'Formctrl', | ||||
|     ); | ||||
| 
 | ||||
|     public function setup($config) { | ||||
|         $form = $this->addElement('form', 'Form', | ||||
|           'Required: Heading | List | Block | fieldset', 'Common', array( | ||||
|             'accept' => 'ContentTypes', | ||||
|             'accept-charset' => 'Charsets', | ||||
|             'action*' => 'URI', | ||||
|             'method' => 'Enum#get,post', | ||||
|             // really ContentType, but these two are the only ones used today
 | ||||
|             'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data', | ||||
|         )); | ||||
|         $form->excludes = array('form' => true); | ||||
| 
 | ||||
|         $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array( | ||||
|             'accept' => 'ContentTypes', | ||||
|             'accesskey' => 'Character', | ||||
|             'alt' => 'Text', | ||||
|             'checked' => 'Bool#checked', | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'maxlength' => 'Number', | ||||
|             'name' => 'CDATA', | ||||
|             'readonly' => 'Bool#readonly', | ||||
|             'size' => 'Number', | ||||
|             'src' => 'URI#embeds', | ||||
|             'tabindex' => 'Number', | ||||
|             'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image', | ||||
|             'value' => 'CDATA', | ||||
|         )); | ||||
|         $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input(); | ||||
| 
 | ||||
|         $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array( | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'multiple' => 'Bool#multiple', | ||||
|             'name' => 'CDATA', | ||||
|             'size' => 'Number', | ||||
|             'tabindex' => 'Number', | ||||
|         )); | ||||
| 
 | ||||
|         $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array( | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'label' => 'Text', | ||||
|             'selected' => 'Bool#selected', | ||||
|             'value' => 'CDATA', | ||||
|         )); | ||||
|         // It's illegal for there to be more than one selected, but not
 | ||||
|         // be multiple. Also, no selected means undefined behavior. This might
 | ||||
|         // be difficult to implement; perhaps an injector, or a context variable.
 | ||||
| 
 | ||||
|         $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array( | ||||
|             'accesskey' => 'Character', | ||||
|             'cols*' => 'Number', | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'name' => 'CDATA', | ||||
|             'readonly' => 'Bool#readonly', | ||||
|             'rows*' => 'Number', | ||||
|             'tabindex' => 'Number', | ||||
|         )); | ||||
|         $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea(); | ||||
| 
 | ||||
|         $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array( | ||||
|             'accesskey' => 'Character', | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'name' => 'CDATA', | ||||
|             'tabindex' => 'Number', | ||||
|             'type' => 'Enum#button,submit,reset', | ||||
|             'value' => 'CDATA', | ||||
|         )); | ||||
| 
 | ||||
|         // For exclusions, ideally we'd specify content sets, not literal elements
 | ||||
|         $button->excludes = $this->makeLookup( | ||||
|             'form', 'fieldset', // Form
 | ||||
|             'input', 'select', 'textarea', 'label', 'button', // Formctrl
 | ||||
|             'a' // as per HTML 4.01 spec, this is omitted by modularization
 | ||||
|         ); | ||||
| 
 | ||||
|         // Extra exclusion: img usemap="" is not permitted within this element.
 | ||||
|         // We'll omit this for now, since we don't have any good way of
 | ||||
|         // indicating it yet.
 | ||||
| 
 | ||||
|         // This is HIGHLY user-unfriendly; we need a custom child-def for this
 | ||||
|         $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common'); | ||||
| 
 | ||||
|         $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array( | ||||
|             'accesskey' => 'Character', | ||||
|             // 'for' => 'IDREF', // IDREF not implemented, cannot allow
 | ||||
|         )); | ||||
|         $label->excludes = array('label' => true); | ||||
| 
 | ||||
|         $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array( | ||||
|             'accesskey' => 'Character', | ||||
|         )); | ||||
| 
 | ||||
|         $this->addElement('optgroup', false, 'Required: option', 'Common', array( | ||||
|             'disabled' => 'Bool#disabled', | ||||
|             'label*' => 'Text', | ||||
|         )); | ||||
| 
 | ||||
|         // Don't forget an injector for <isindex>. This one's a little complex
 | ||||
|         // because it maps to multiple elements.
 | ||||
| 
 | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,21 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_HTMLModule_Tidy_Strict extends HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 | ||||
| { | ||||
|     public $name = 'Tidy_Strict'; | ||||
|     public $defaultLevel = 'light'; | ||||
| 
 | ||||
|     public function makeFixes() { | ||||
|         $r = parent::makeFixes(); | ||||
|         $r['blockquote#content_model_type'] = 'strictblockquote'; | ||||
|         return $r; | ||||
|     } | ||||
| 
 | ||||
|     public $defines_child_def = true; | ||||
|     public function getChildDef($def) { | ||||
|         if ($def->content_model_type != 'strictblockquote') return parent::getChildDef($def); | ||||
|         return new HTMLPurifier_ChildDef_StrictBlockquote($def->content_model); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,51 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_Injector_RemoveEmpty extends HTMLPurifier_Injector | ||||
| { | ||||
| 
 | ||||
|     private $context, $config, $attrValidator, $removeNbsp, $removeNbspExceptions; | ||||
| 
 | ||||
|     public function prepare($config, $context) { | ||||
|         parent::prepare($config, $context); | ||||
|         $this->config = $config; | ||||
|         $this->context = $context; | ||||
|         $this->removeNbsp = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp'); | ||||
|         $this->removeNbspExceptions = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions'); | ||||
|         $this->attrValidator = new HTMLPurifier_AttrValidator(); | ||||
|     } | ||||
| 
 | ||||
|     public function handleElement(&$token) { | ||||
|         if (!$token instanceof HTMLPurifier_Token_Start) return; | ||||
|         $next = false; | ||||
|         for ($i = $this->inputIndex + 1, $c = count($this->inputTokens); $i < $c; $i++) { | ||||
|             $next = $this->inputTokens[$i]; | ||||
|             if ($next instanceof HTMLPurifier_Token_Text) { | ||||
|                 if ($next->is_whitespace) continue; | ||||
|                 if ($this->removeNbsp && !isset($this->removeNbspExceptions[$token->name])) { | ||||
|                     $plain = str_replace("\xC2\xA0", "", $next->data); | ||||
|                     $isWsOrNbsp = $plain === '' || ctype_space($plain); | ||||
|                     if ($isWsOrNbsp) continue; | ||||
|                 } | ||||
|             } | ||||
|             break; | ||||
|         } | ||||
|         if (!$next || ($next instanceof HTMLPurifier_Token_End && $next->name == $token->name)) { | ||||
|             if ($token->name == 'colgroup') return; | ||||
|             $this->attrValidator->validateToken($token, $this->config, $this->context); | ||||
|             $token->armor['ValidateAttributes'] = true; | ||||
|             if (isset($token->attr['id']) || isset($token->attr['name'])) return; | ||||
|             $token = $i - $this->inputIndex + 1; | ||||
|             for ($b = $this->inputIndex - 1; $b > 0; $b--) { | ||||
|                 $prev = $this->inputTokens[$b]; | ||||
|                 if ($prev instanceof HTMLPurifier_Token_Text && $prev->is_whitespace) continue; | ||||
|                 break; | ||||
|             } | ||||
|             // This is safe because we removed the token that triggered this.
 | ||||
|             $this->rewind($b - 1); | ||||
|             return; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,63 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| $fallback = false; | ||||
| 
 | ||||
| $messages = array( | ||||
| 
 | ||||
| 'HTMLPurifier' => 'HTML Purifier', | ||||
| 
 | ||||
| // for unit testing purposes
 | ||||
| 'LanguageFactoryTest: Pizza' => 'Pizza', | ||||
| 'LanguageTest: List' => '$1', | ||||
| 'LanguageTest: Hash' => '$1.Keys; $1.Values', | ||||
| 
 | ||||
| 'Item separator' => ', ', | ||||
| 'Item separator last' => ' and ', // non-Harvard style
 | ||||
| 
 | ||||
| 'ErrorCollector: No errors' => 'No errors detected. However, because error reporting is still incomplete, there may have been errors that the error collector was not notified of; please inspect the output HTML carefully.', | ||||
| 'ErrorCollector: At line'   => ' at line $line', | ||||
| 'ErrorCollector: Incidental errors'  => 'Incidental errors', | ||||
| 
 | ||||
| 'Lexer: Unclosed comment'      => 'Unclosed comment', | ||||
| 'Lexer: Unescaped lt'          => 'Unescaped less-than sign (<) should be <', | ||||
| 'Lexer: Missing gt'            => 'Missing greater-than sign (>), previous less-than sign (<) should be escaped', | ||||
| 'Lexer: Missing attribute key' => 'Attribute declaration has no key', | ||||
| 'Lexer: Missing end quote'     => 'Attribute declaration has no end quote', | ||||
| 'Lexer: Extracted body'        => 'Removed document metadata tags', | ||||
| 
 | ||||
| 'Strategy_RemoveForeignElements: Tag transform'              => '<$1> element transformed into $CurrentToken.Serialized', | ||||
| 'Strategy_RemoveForeignElements: Missing required attribute' => '$CurrentToken.Compact element missing required attribute $1', | ||||
| 'Strategy_RemoveForeignElements: Foreign element to text'    => 'Unrecognized $CurrentToken.Serialized tag converted to text', | ||||
| 'Strategy_RemoveForeignElements: Foreign element removed'    => 'Unrecognized $CurrentToken.Serialized tag removed', | ||||
| 'Strategy_RemoveForeignElements: Comment removed'            => 'Comment containing "$CurrentToken.Data" removed', | ||||
| 'Strategy_RemoveForeignElements: Foreign meta element removed' => 'Unrecognized $CurrentToken.Serialized meta tag and all descendants removed', | ||||
| 'Strategy_RemoveForeignElements: Token removed to end'       => 'Tags and text starting from $1 element where removed to end', | ||||
| 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed' => 'Trailing hyphen(s) in comment removed', | ||||
| 'Strategy_RemoveForeignElements: Hyphens in comment collapsed' => 'Double hyphens in comments are not allowed, and were collapsed into single hyphens', | ||||
| 
 | ||||
| 'Strategy_MakeWellFormed: Unnecessary end tag removed' => 'Unnecessary $CurrentToken.Serialized tag removed', | ||||
| 'Strategy_MakeWellFormed: Unnecessary end tag to text' => 'Unnecessary $CurrentToken.Serialized tag converted to text', | ||||
| 'Strategy_MakeWellFormed: Tag auto closed'             => '$1.Compact started on line $1.Line auto-closed by $CurrentToken.Compact', | ||||
| 'Strategy_MakeWellFormed: Tag carryover'               => '$1.Compact started on line $1.Line auto-continued into $CurrentToken.Compact', | ||||
| 'Strategy_MakeWellFormed: Stray end tag removed'       => 'Stray $CurrentToken.Serialized tag removed', | ||||
| 'Strategy_MakeWellFormed: Stray end tag to text'       => 'Stray $CurrentToken.Serialized tag converted to text', | ||||
| 'Strategy_MakeWellFormed: Tag closed by element end'   => '$1.Compact tag started on line $1.Line closed by end of $CurrentToken.Serialized', | ||||
| 'Strategy_MakeWellFormed: Tag closed by document end'  => '$1.Compact tag started on line $1.Line closed by end of document', | ||||
| 
 | ||||
| 'Strategy_FixNesting: Node removed'          => '$CurrentToken.Compact node removed', | ||||
| 'Strategy_FixNesting: Node excluded'         => '$CurrentToken.Compact node removed due to descendant exclusion by ancestor element', | ||||
| 'Strategy_FixNesting: Node reorganized'      => 'Contents of $CurrentToken.Compact node reorganized to enforce its content model', | ||||
| 'Strategy_FixNesting: Node contents removed' => 'Contents of $CurrentToken.Compact node removed', | ||||
| 
 | ||||
| 'AttrValidator: Attributes transformed' => 'Attributes on $CurrentToken.Compact transformed from $1.Keys to $2.Keys', | ||||
| 'AttrValidator: Attribute removed' => '$CurrentAttr.Name attribute on $CurrentToken.Compact removed', | ||||
| 
 | ||||
| ); | ||||
| 
 | ||||
| $errorNames = array( | ||||
|     E_ERROR   => 'Error', | ||||
|     E_WARNING => 'Warning', | ||||
|     E_NOTICE  => 'Notice' | ||||
| ); | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,139 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Proof-of-concept lexer that uses the PEAR package XML_HTMLSax3 to parse HTML. | ||||
|  * | ||||
|  * PEAR, not suprisingly, also has a SAX parser for HTML.  I don't know | ||||
|  * very much about implementation, but it's fairly well written.  However, that | ||||
|  * abstraction comes at a price: performance. You need to have it installed, | ||||
|  * and if the API changes, it might break our adapter. Not sure whether or not | ||||
|  * it's UTF-8 aware, but it has some entity parsing trouble (in all areas, | ||||
|  * text and attributes). | ||||
|  * | ||||
|  * Quite personally, I don't recommend using the PEAR class, and the defaults | ||||
|  * don't use it. The unit tests do perform the tests on the SAX parser too, but | ||||
|  * whatever it does for poorly formed HTML is up to it. | ||||
|  * | ||||
|  * @todo Generalize so that XML_HTMLSax is also supported. | ||||
|  * | ||||
|  * @warning Entity-resolution inside attributes is broken. | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_Lexer_PEARSax3 extends HTMLPurifier_Lexer | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Internal accumulator array for SAX parsers. | ||||
|      */ | ||||
|     protected $tokens = array(); | ||||
|     protected $last_token_was_empty; | ||||
| 
 | ||||
|     private $parent_handler; | ||||
|     private $stack = array(); | ||||
| 
 | ||||
|     public function tokenizeHTML($string, $config, $context) { | ||||
| 
 | ||||
|         $this->tokens = array(); | ||||
|         $this->last_token_was_empty = false; | ||||
| 
 | ||||
|         $string = $this->normalize($string, $config, $context); | ||||
| 
 | ||||
|         $this->parent_handler = set_error_handler(array($this, 'muteStrictErrorHandler')); | ||||
| 
 | ||||
|         $parser = new XML_HTMLSax3(); | ||||
|         $parser->set_object($this); | ||||
|         $parser->set_element_handler('openHandler','closeHandler'); | ||||
|         $parser->set_data_handler('dataHandler'); | ||||
|         $parser->set_escape_handler('escapeHandler'); | ||||
| 
 | ||||
|         // doesn't seem to work correctly for attributes
 | ||||
|         $parser->set_option('XML_OPTION_ENTITIES_PARSED', 1); | ||||
| 
 | ||||
|         $parser->parse($string); | ||||
| 
 | ||||
|         restore_error_handler(); | ||||
| 
 | ||||
|         return $this->tokens; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Open tag event handler, interface is defined by PEAR package. | ||||
|      */ | ||||
|     public function openHandler(&$parser, $name, $attrs, $closed) { | ||||
|         // entities are not resolved in attrs
 | ||||
|         foreach ($attrs as $key => $attr) { | ||||
|             $attrs[$key] = $this->parseData($attr); | ||||
|         } | ||||
|         if ($closed) { | ||||
|             $this->tokens[] = new HTMLPurifier_Token_Empty($name, $attrs); | ||||
|             $this->last_token_was_empty = true; | ||||
|         } else { | ||||
|             $this->tokens[] = new HTMLPurifier_Token_Start($name, $attrs); | ||||
|         } | ||||
|         $this->stack[] = $name; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Close tag event handler, interface is defined by PEAR package. | ||||
|      */ | ||||
|     public function closeHandler(&$parser, $name) { | ||||
|         // HTMLSax3 seems to always send empty tags an extra close tag
 | ||||
|         // check and ignore if you see it:
 | ||||
|         // [TESTME] to make sure it doesn't overreach
 | ||||
|         if ($this->last_token_was_empty) { | ||||
|             $this->last_token_was_empty = false; | ||||
|             return true; | ||||
|         } | ||||
|         $this->tokens[] = new HTMLPurifier_Token_End($name); | ||||
|         if (!empty($this->stack)) array_pop($this->stack); | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Data event handler, interface is defined by PEAR package. | ||||
|      */ | ||||
|     public function dataHandler(&$parser, $data) { | ||||
|         $this->last_token_was_empty = false; | ||||
|         $this->tokens[] = new HTMLPurifier_Token_Text($data); | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Escaped text handler, interface is defined by PEAR package. | ||||
|      */ | ||||
|     public function escapeHandler(&$parser, $data) { | ||||
|         if (strpos($data, '--') === 0) { | ||||
|             // remove trailing and leading double-dashes
 | ||||
|             $data = substr($data, 2); | ||||
|             if (strlen($data) >= 2 && substr($data, -2) == "--") { | ||||
|                 $data = substr($data, 0, -2); | ||||
|             } | ||||
|             if (isset($this->stack[sizeof($this->stack) - 1]) && | ||||
|                 $this->stack[sizeof($this->stack) - 1] == "style") { | ||||
|                 $this->tokens[] = new HTMLPurifier_Token_Text($data); | ||||
|             } else { | ||||
|                 $this->tokens[] = new HTMLPurifier_Token_Comment($data); | ||||
|             } | ||||
|             $this->last_token_was_empty = false; | ||||
|         } | ||||
|         // CDATA is handled elsewhere, but if it was handled here:
 | ||||
|         //if (strpos($data, '[CDATA[') === 0) {
 | ||||
|         //    $this->tokens[] = new HTMLPurifier_Token_Text(
 | ||||
|         //        substr($data, 7, strlen($data) - 9) );
 | ||||
|         //}
 | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * An error handler that mutes strict errors | ||||
|      */ | ||||
|     public function muteStrictErrorHandler($errno, $errstr, $errfile=null, $errline=null, $errcontext=null) { | ||||
|         if ($errno == E_STRICT) return; | ||||
|         return call_user_func($this->parent_handler, $errno, $errstr, $errfile, $errline, $errcontext); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,3906 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Experimental HTML5-based parser using Jeroen van der Meer's PH5P library. | ||||
|  * Occupies space in the HTML5 pseudo-namespace, which may cause conflicts. | ||||
|  *  | ||||
|  * @note | ||||
|  *    Recent changes to PHP's DOM extension have resulted in some fatal | ||||
|  *    error conditions with the original version of PH5P. Pending changes, | ||||
|  *    this lexer will punt to DirectLex if DOM throughs an exception. | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_Lexer_PH5P extends HTMLPurifier_Lexer_DOMLex { | ||||
|      | ||||
|     public function tokenizeHTML($html, $config, $context) { | ||||
|         $new_html = $this->normalize($html, $config, $context); | ||||
|         $new_html = $this->wrapHTML($new_html, $config, $context); | ||||
|         try { | ||||
|             $parser = new HTML5($new_html); | ||||
|             $doc = $parser->save(); | ||||
|         } catch (DOMException $e) { | ||||
|             // Uh oh, it failed. Punt to DirectLex.
 | ||||
|             $lexer = new HTMLPurifier_Lexer_DirectLex(); | ||||
|             $context->register('PH5PError', $e); // save the error, so we can detect it
 | ||||
|             return $lexer->tokenizeHTML($html, $config, $context); // use original HTML
 | ||||
|         } | ||||
|         $tokens = array(); | ||||
|         $this->tokenizeDOM( | ||||
|             $doc->getElementsByTagName('html')->item(0)-> // <html>
 | ||||
|                   getElementsByTagName('body')->item(0)-> //   <body>
 | ||||
|                   getElementsByTagName('div')->item(0)    //     <div>
 | ||||
|             , $tokens); | ||||
|         return $tokens; | ||||
|     } | ||||
|      | ||||
| } | ||||
| 
 | ||||
| /* | ||||
| 
 | ||||
| Copyright 2007 Jeroen van der Meer <http://jero.net/>  | ||||
| 
 | ||||
| Permission is hereby granted, free of charge, to any person obtaining a  | ||||
| copy of this software and associated documentation files (the  | ||||
| "Software"), to deal in the Software without restriction, including  | ||||
| without limitation the rights to use, copy, modify, merge, publish,  | ||||
| distribute, sublicense, and/or sell copies of the Software, and to  | ||||
| permit persons to whom the Software is furnished to do so, subject to  | ||||
| the following conditions:  | ||||
| 
 | ||||
| The above copyright notice and this permission notice shall be included  | ||||
| in all copies or substantial portions of the Software.  | ||||
| 
 | ||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS  | ||||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF  | ||||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  | ||||
| IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY  | ||||
| CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,  | ||||
| TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE  | ||||
| SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  | ||||
| 
 | ||||
| */ | ||||
| 
 | ||||
| class HTML5 { | ||||
|     private $data; | ||||
|     private $char; | ||||
|     private $EOF; | ||||
|     private $state; | ||||
|     private $tree; | ||||
|     private $token; | ||||
|     private $content_model; | ||||
|     private $escape = false; | ||||
|     private $entities = array('AElig;','AElig','AMP;','AMP','Aacute;','Aacute', | ||||
|     'Acirc;','Acirc','Agrave;','Agrave','Alpha;','Aring;','Aring','Atilde;', | ||||
|     'Atilde','Auml;','Auml','Beta;','COPY;','COPY','Ccedil;','Ccedil','Chi;', | ||||
|     'Dagger;','Delta;','ETH;','ETH','Eacute;','Eacute','Ecirc;','Ecirc','Egrave;', | ||||
|     'Egrave','Epsilon;','Eta;','Euml;','Euml','GT;','GT','Gamma;','Iacute;', | ||||
|     'Iacute','Icirc;','Icirc','Igrave;','Igrave','Iota;','Iuml;','Iuml','Kappa;', | ||||
|     'LT;','LT','Lambda;','Mu;','Ntilde;','Ntilde','Nu;','OElig;','Oacute;', | ||||
|     'Oacute','Ocirc;','Ocirc','Ograve;','Ograve','Omega;','Omicron;','Oslash;', | ||||
|     'Oslash','Otilde;','Otilde','Ouml;','Ouml','Phi;','Pi;','Prime;','Psi;', | ||||
|     'QUOT;','QUOT','REG;','REG','Rho;','Scaron;','Sigma;','THORN;','THORN', | ||||
|     'TRADE;','Tau;','Theta;','Uacute;','Uacute','Ucirc;','Ucirc','Ugrave;', | ||||
|     'Ugrave','Upsilon;','Uuml;','Uuml','Xi;','Yacute;','Yacute','Yuml;','Zeta;', | ||||
|     'aacute;','aacute','acirc;','acirc','acute;','acute','aelig;','aelig', | ||||
|     'agrave;','agrave','alefsym;','alpha;','amp;','amp','and;','ang;','apos;', | ||||
|     'aring;','aring','asymp;','atilde;','atilde','auml;','auml','bdquo;','beta;', | ||||
|     'brvbar;','brvbar','bull;','cap;','ccedil;','ccedil','cedil;','cedil', | ||||
|     'cent;','cent','chi;','circ;','clubs;','cong;','copy;','copy','crarr;', | ||||
|     'cup;','curren;','curren','dArr;','dagger;','darr;','deg;','deg','delta;', | ||||
|     'diams;','divide;','divide','eacute;','eacute','ecirc;','ecirc','egrave;', | ||||
|     'egrave','empty;','emsp;','ensp;','epsilon;','equiv;','eta;','eth;','eth', | ||||
|     'euml;','euml','euro;','exist;','fnof;','forall;','frac12;','frac12', | ||||
|     'frac14;','frac14','frac34;','frac34','frasl;','gamma;','ge;','gt;','gt', | ||||
|     'hArr;','harr;','hearts;','hellip;','iacute;','iacute','icirc;','icirc', | ||||
|     'iexcl;','iexcl','igrave;','igrave','image;','infin;','int;','iota;', | ||||
|     'iquest;','iquest','isin;','iuml;','iuml','kappa;','lArr;','lambda;','lang;', | ||||
|     'laquo;','laquo','larr;','lceil;','ldquo;','le;','lfloor;','lowast;','loz;', | ||||
|     'lrm;','lsaquo;','lsquo;','lt;','lt','macr;','macr','mdash;','micro;','micro', | ||||
|     'middot;','middot','minus;','mu;','nabla;','nbsp;','nbsp','ndash;','ne;', | ||||
|     'ni;','not;','not','notin;','nsub;','ntilde;','ntilde','nu;','oacute;', | ||||
|     'oacute','ocirc;','ocirc','oelig;','ograve;','ograve','oline;','omega;', | ||||
|     'omicron;','oplus;','or;','ordf;','ordf','ordm;','ordm','oslash;','oslash', | ||||
|     'otilde;','otilde','otimes;','ouml;','ouml','para;','para','part;','permil;', | ||||
|     'perp;','phi;','pi;','piv;','plusmn;','plusmn','pound;','pound','prime;', | ||||
|     'prod;','prop;','psi;','quot;','quot','rArr;','radic;','rang;','raquo;', | ||||
|     'raquo','rarr;','rceil;','rdquo;','real;','reg;','reg','rfloor;','rho;', | ||||
|     'rlm;','rsaquo;','rsquo;','sbquo;','scaron;','sdot;','sect;','sect','shy;', | ||||
|     'shy','sigma;','sigmaf;','sim;','spades;','sub;','sube;','sum;','sup1;', | ||||
|     'sup1','sup2;','sup2','sup3;','sup3','sup;','supe;','szlig;','szlig','tau;', | ||||
|     'there4;','theta;','thetasym;','thinsp;','thorn;','thorn','tilde;','times;', | ||||
|     'times','trade;','uArr;','uacute;','uacute','uarr;','ucirc;','ucirc', | ||||
|     'ugrave;','ugrave','uml;','uml','upsih;','upsilon;','uuml;','uuml','weierp;', | ||||
|     'xi;','yacute;','yacute','yen;','yen','yuml;','yuml','zeta;','zwj;','zwnj;'); | ||||
| 
 | ||||
|     const PCDATA    = 0; | ||||
|     const RCDATA    = 1; | ||||
|     const CDATA     = 2; | ||||
|     const PLAINTEXT = 3; | ||||
| 
 | ||||
|     const DOCTYPE  = 0; | ||||
|     const STARTTAG = 1; | ||||
|     const ENDTAG   = 2; | ||||
|     const COMMENT  = 3; | ||||
|     const CHARACTR = 4; | ||||
|     const EOF      = 5; | ||||
| 
 | ||||
|     public function __construct($data) { | ||||
|         $data = str_replace("\r\n", "\n", $data); | ||||
|         $data = str_replace("\r", null, $data); | ||||
| 
 | ||||
|         $this->data = $data; | ||||
|         $this->char = -1; | ||||
|         $this->EOF  = strlen($data); | ||||
|         $this->tree = new HTML5TreeConstructer; | ||||
|         $this->content_model = self::PCDATA; | ||||
| 
 | ||||
|         $this->state = 'data'; | ||||
| 
 | ||||
|         while($this->state !== null) { | ||||
|             $this->{$this->state.'State'}(); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     public function save() { | ||||
|         return $this->tree->save(); | ||||
|     } | ||||
| 
 | ||||
|     private function char() { | ||||
|         return ($this->char < $this->EOF) | ||||
|             ? $this->data[$this->char] | ||||
|             : false; | ||||
|     } | ||||
| 
 | ||||
|     private function character($s, $l = 0) { | ||||
|         if($s + $l < $this->EOF) { | ||||
|             if($l === 0) { | ||||
|                 return $this->data[$s]; | ||||
|             } else { | ||||
|                 return substr($this->data, $s, $l); | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function characters($char_class, $start) { | ||||
|         return preg_replace('#^(['.$char_class.']+).*#s', '\\1', substr($this->data, $start)); | ||||
|     } | ||||
| 
 | ||||
|     private function dataState() { | ||||
|         // Consume the next input character
 | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if($char === '&' && ($this->content_model === self::PCDATA || $this->content_model === self::RCDATA)) { | ||||
|             /* U+0026 AMPERSAND (&) | ||||
|             When the content model flag is set to one of the PCDATA or RCDATA | ||||
|             states: switch to the entity data state. Otherwise: treat it as per | ||||
|             the "anything else"    entry below. */ | ||||
|             $this->state = 'entityData'; | ||||
| 
 | ||||
|         } elseif($char === '-') { | ||||
|             /* If the content model flag is set to either the RCDATA state or | ||||
|             the CDATA state, and the escape flag is false, and there are at | ||||
|             least three characters before this one in the input stream, and the | ||||
|             last four characters in the input stream, including this one, are | ||||
|             U+003C LESS-THAN SIGN, U+0021 EXCLAMATION MARK, U+002D HYPHEN-MINUS, | ||||
|             and U+002D HYPHEN-MINUS ("<!--"), then set the escape flag to true. */ | ||||
|             if(($this->content_model === self::RCDATA || $this->content_model === | ||||
|             self::CDATA) && $this->escape === false && | ||||
|             $this->char >= 3 && $this->character($this->char - 4, 4) === '<!--') { | ||||
|                 $this->escape = true; | ||||
|             } | ||||
| 
 | ||||
|             /* In any case, emit the input character as a character token. Stay | ||||
|             in the data state. */ | ||||
|             $this->emitToken(array( | ||||
|                 'type' => self::CHARACTR, | ||||
|                 'data' => $char | ||||
|             )); | ||||
| 
 | ||||
|         /* U+003C LESS-THAN SIGN (<) */ | ||||
|         } elseif($char === '<' && ($this->content_model === self::PCDATA || | ||||
|         (($this->content_model === self::RCDATA || | ||||
|         $this->content_model === self::CDATA) && $this->escape === false))) { | ||||
|             /* When the content model flag is set to the PCDATA state: switch | ||||
|             to the tag open state. | ||||
| 
 | ||||
|             When the content model flag is set to either the RCDATA state or | ||||
|             the CDATA state and the escape flag is false: switch to the tag | ||||
|             open state. | ||||
| 
 | ||||
|             Otherwise: treat it as per the "anything else" entry below. */ | ||||
|             $this->state = 'tagOpen'; | ||||
| 
 | ||||
|         /* U+003E GREATER-THAN SIGN (>) */ | ||||
|         } elseif($char === '>') { | ||||
|             /* If the content model flag is set to either the RCDATA state or | ||||
|             the CDATA state, and the escape flag is true, and the last three | ||||
|             characters in the input stream including this one are U+002D | ||||
|             HYPHEN-MINUS, U+002D HYPHEN-MINUS, U+003E GREATER-THAN SIGN ("-->"), | ||||
|             set the escape flag to false. */ | ||||
|             if(($this->content_model === self::RCDATA || | ||||
|             $this->content_model === self::CDATA) && $this->escape === true && | ||||
|             $this->character($this->char, 3) === '-->') { | ||||
|                 $this->escape = false; | ||||
|             } | ||||
| 
 | ||||
|             /* In any case, emit the input character as a character token. | ||||
|             Stay in the data state. */ | ||||
|             $this->emitToken(array( | ||||
|                 'type' => self::CHARACTR, | ||||
|                 'data' => $char | ||||
|             )); | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Emit an end-of-file token. */ | ||||
|             $this->EOF(); | ||||
| 
 | ||||
|         } elseif($this->content_model === self::PLAINTEXT) { | ||||
|             /* When the content model flag is set to the PLAINTEXT state | ||||
|             THIS DIFFERS GREATLY FROM THE SPEC: Get the remaining characters of | ||||
|             the text and emit it as a character token. */ | ||||
|             $this->emitToken(array( | ||||
|                 'type' => self::CHARACTR, | ||||
|                 'data' => substr($this->data, $this->char) | ||||
|             )); | ||||
| 
 | ||||
|             $this->EOF(); | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             THIS DIFFERS GREATLY FROM THE SPEC: Get as many character that | ||||
|             otherwise would also be treated as a character token and emit it | ||||
|             as a single character token. Stay in the data state. */ | ||||
|             $len  = strcspn($this->data, '<&', $this->char); | ||||
|             $char = substr($this->data, $this->char, $len); | ||||
|             $this->char += $len - 1; | ||||
| 
 | ||||
|             $this->emitToken(array( | ||||
|                 'type' => self::CHARACTR, | ||||
|                 'data' => $char | ||||
|             )); | ||||
| 
 | ||||
|             $this->state = 'data'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function entityDataState() { | ||||
|         // Attempt to consume an entity.
 | ||||
|         $entity = $this->entity(); | ||||
| 
 | ||||
|         // If nothing is returned, emit a U+0026 AMPERSAND character token.
 | ||||
|         // Otherwise, emit the character token that was returned.
 | ||||
|         $char = (!$entity) ? '&' : $entity; | ||||
|         $this->emitToken(array( | ||||
|             'type' => self::CHARACTR, | ||||
|             'data' => $char | ||||
|         )); | ||||
| 
 | ||||
|         // Finally, switch to the data state.
 | ||||
|         $this->state = 'data'; | ||||
|     } | ||||
| 
 | ||||
|     private function tagOpenState() { | ||||
|         switch($this->content_model) { | ||||
|             case self::RCDATA: | ||||
|             case self::CDATA: | ||||
|                 /* If the next input character is a U+002F SOLIDUS (/) character, | ||||
|                 consume it and switch to the close tag open state. If the next | ||||
|                 input character is not a U+002F SOLIDUS (/) character, emit a | ||||
|                 U+003C LESS-THAN SIGN character token and switch to the data | ||||
|                 state to process the next input character. */ | ||||
|                 if($this->character($this->char + 1) === '/') { | ||||
|                     $this->char++; | ||||
|                     $this->state = 'closeTagOpen'; | ||||
| 
 | ||||
|                 } else { | ||||
|                     $this->emitToken(array( | ||||
|                         'type' => self::CHARACTR, | ||||
|                         'data' => '<' | ||||
|                     )); | ||||
| 
 | ||||
|                     $this->state = 'data'; | ||||
|                 } | ||||
|             break; | ||||
| 
 | ||||
|             case self::PCDATA: | ||||
|                 // If the content model flag is set to the PCDATA state
 | ||||
|                 // Consume the next input character:
 | ||||
|                 $this->char++; | ||||
|                 $char = $this->char(); | ||||
| 
 | ||||
|                 if($char === '!') { | ||||
|                     /* U+0021 EXCLAMATION MARK (!) | ||||
|                     Switch to the markup declaration open state. */ | ||||
|                     $this->state = 'markupDeclarationOpen'; | ||||
| 
 | ||||
|                 } elseif($char === '/') { | ||||
|                     /* U+002F SOLIDUS (/) | ||||
|                     Switch to the close tag open state. */ | ||||
|                     $this->state = 'closeTagOpen'; | ||||
| 
 | ||||
|                 } elseif(preg_match('/^[A-Za-z]$/', $char)) { | ||||
|                     /* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z | ||||
|                     Create a new start tag token, set its tag name to the lowercase | ||||
|                     version of the input character (add 0x0020 to the character's code | ||||
|                     point), then switch to the tag name state. (Don't emit the token | ||||
|                     yet; further details will be filled in before it is emitted.) */ | ||||
|                     $this->token = array( | ||||
|                         'name'  => strtolower($char), | ||||
|                         'type'  => self::STARTTAG, | ||||
|                         'attr'  => array() | ||||
|                     ); | ||||
| 
 | ||||
|                     $this->state = 'tagName'; | ||||
| 
 | ||||
|                 } elseif($char === '>') { | ||||
|                     /* U+003E GREATER-THAN SIGN (>) | ||||
|                     Parse error. Emit a U+003C LESS-THAN SIGN character token and a | ||||
|                     U+003E GREATER-THAN SIGN character token. Switch to the data state. */ | ||||
|                     $this->emitToken(array( | ||||
|                         'type' => self::CHARACTR, | ||||
|                         'data' => '<>' | ||||
|                     )); | ||||
| 
 | ||||
|                     $this->state = 'data'; | ||||
| 
 | ||||
|                 } elseif($char === '?') { | ||||
|                     /* U+003F QUESTION MARK (?) | ||||
|                     Parse error. Switch to the bogus comment state. */ | ||||
|                     $this->state = 'bogusComment'; | ||||
| 
 | ||||
|                 } else { | ||||
|                     /* Anything else | ||||
|                     Parse error. Emit a U+003C LESS-THAN SIGN character token and | ||||
|                     reconsume the current input character in the data state. */ | ||||
|                     $this->emitToken(array( | ||||
|                         'type' => self::CHARACTR, | ||||
|                         'data' => '<' | ||||
|                     )); | ||||
| 
 | ||||
|                     $this->char--; | ||||
|                     $this->state = 'data'; | ||||
|                 } | ||||
|             break; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function closeTagOpenState() { | ||||
|         $next_node = strtolower($this->characters('A-Za-z', $this->char + 1)); | ||||
|         $the_same = count($this->tree->stack) > 0 && $next_node === end($this->tree->stack)->nodeName; | ||||
| 
 | ||||
|         if(($this->content_model === self::RCDATA || $this->content_model === self::CDATA) && | ||||
|         (!$the_same || ($the_same && (!preg_match('/[\t\n\x0b\x0c >\/]/', | ||||
|         $this->character($this->char + 1 + strlen($next_node))) || $this->EOF === $this->char)))) { | ||||
|             /* If the content model flag is set to the RCDATA or CDATA states then | ||||
|             examine the next few characters. If they do not match the tag name of | ||||
|             the last start tag token emitted (case insensitively), or if they do but | ||||
|             they are not immediately followed by one of the following characters: | ||||
|                 * U+0009 CHARACTER TABULATION | ||||
|                 * U+000A LINE FEED (LF) | ||||
|                 * U+000B LINE TABULATION | ||||
|                 * U+000C FORM FEED (FF) | ||||
|                 * U+0020 SPACE | ||||
|                 * U+003E GREATER-THAN SIGN (>) | ||||
|                 * U+002F SOLIDUS (/) | ||||
|                 * EOF | ||||
|             ...then there is a parse error. Emit a U+003C LESS-THAN SIGN character | ||||
|             token, a U+002F SOLIDUS character token, and switch to the data state | ||||
|             to process the next input character. */ | ||||
|             $this->emitToken(array( | ||||
|                 'type' => self::CHARACTR, | ||||
|                 'data' => '</' | ||||
|             )); | ||||
| 
 | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Otherwise, if the content model flag is set to the PCDATA state, | ||||
|             or if the next few characters do match that tag name, consume the | ||||
|             next input character: */ | ||||
|             $this->char++; | ||||
|             $char = $this->char(); | ||||
| 
 | ||||
|             if(preg_match('/^[A-Za-z]$/', $char)) { | ||||
|                 /* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z | ||||
|                 Create a new end tag token, set its tag name to the lowercase version | ||||
|                 of the input character (add 0x0020 to the character's code point), then | ||||
|                 switch to the tag name state. (Don't emit the token yet; further details | ||||
|                 will be filled in before it is emitted.) */ | ||||
|                 $this->token = array( | ||||
|                     'name'  => strtolower($char), | ||||
|                     'type'  => self::ENDTAG | ||||
|                 ); | ||||
| 
 | ||||
|                 $this->state = 'tagName'; | ||||
| 
 | ||||
|             } elseif($char === '>') { | ||||
|                 /* U+003E GREATER-THAN SIGN (>) | ||||
|                 Parse error. Switch to the data state. */ | ||||
|                 $this->state = 'data'; | ||||
| 
 | ||||
|             } elseif($this->char === $this->EOF) { | ||||
|                 /* EOF | ||||
|                 Parse error. Emit a U+003C LESS-THAN SIGN character token and a U+002F | ||||
|                 SOLIDUS character token. Reconsume the EOF character in the data state. */ | ||||
|                 $this->emitToken(array( | ||||
|                     'type' => self::CHARACTR, | ||||
|                     'data' => '</' | ||||
|                 )); | ||||
| 
 | ||||
|                 $this->char--; | ||||
|                 $this->state = 'data'; | ||||
| 
 | ||||
|             } else { | ||||
|                 /* Parse error. Switch to the bogus comment state. */ | ||||
|                 $this->state = 'bogusComment'; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function tagNameState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Switch to the before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the EOF | ||||
|             character in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($char === '/') { | ||||
|             /* U+002F SOLIDUS (/) | ||||
|             Parse error unless this is a permitted slash. Switch to the before | ||||
|             attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current tag token's tag name. | ||||
|             Stay in the tag name state. */ | ||||
|             $this->token['name'] .= strtolower($char); | ||||
|             $this->state = 'tagName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function beforeAttributeNameState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Stay in the before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($char === '/') { | ||||
|             /* U+002F SOLIDUS (/) | ||||
|             Parse error unless this is a permitted slash. Stay in the before | ||||
|             attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the EOF | ||||
|             character in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Start a new attribute in the current tag token. Set that attribute's | ||||
|             name to the current input character, and its value to the empty string. | ||||
|             Switch to the attribute name state. */ | ||||
|             $this->token['attr'][] = array( | ||||
|                 'name'  => strtolower($char), | ||||
|                 'value' => null | ||||
|             ); | ||||
| 
 | ||||
|             $this->state = 'attributeName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function attributeNameState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Stay in the before attribute name state. */ | ||||
|             $this->state = 'afterAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '=') { | ||||
|             /* U+003D EQUALS SIGN (=) | ||||
|             Switch to the before attribute value state. */ | ||||
|             $this->state = 'beforeAttributeValue'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($char === '/' && $this->character($this->char + 1) !== '>') { | ||||
|             /* U+002F SOLIDUS (/) | ||||
|             Parse error unless this is a permitted slash. Switch to the before | ||||
|             attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the EOF | ||||
|             character in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current attribute's name. | ||||
|             Stay in the attribute name state. */ | ||||
|             $last = count($this->token['attr']) - 1; | ||||
|             $this->token['attr'][$last]['name'] .= strtolower($char); | ||||
| 
 | ||||
|             $this->state = 'attributeName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function afterAttributeNameState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Stay in the after attribute name state. */ | ||||
|             $this->state = 'afterAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '=') { | ||||
|             /* U+003D EQUALS SIGN (=) | ||||
|             Switch to the before attribute value state. */ | ||||
|             $this->state = 'beforeAttributeValue'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($char === '/' && $this->character($this->char + 1) !== '>') { | ||||
|             /* U+002F SOLIDUS (/) | ||||
|             Parse error unless this is a permitted slash. Switch to the | ||||
|             before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the EOF | ||||
|             character in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Start a new attribute in the current tag token. Set that attribute's | ||||
|             name to the current input character, and its value to the empty string. | ||||
|             Switch to the attribute name state. */ | ||||
|             $this->token['attr'][] = array( | ||||
|                 'name'  => strtolower($char), | ||||
|                 'value' => null | ||||
|             ); | ||||
| 
 | ||||
|             $this->state = 'attributeName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function beforeAttributeValueState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Stay in the before attribute value state. */ | ||||
|             $this->state = 'beforeAttributeValue'; | ||||
| 
 | ||||
|         } elseif($char === '"') { | ||||
|             /* U+0022 QUOTATION MARK (")
 | ||||
|             Switch to the attribute value (double-quoted) state. */ | ||||
|             $this->state = 'attributeValueDoubleQuoted'; | ||||
| 
 | ||||
|         } elseif($char === '&') { | ||||
|             /* U+0026 AMPERSAND (&) | ||||
|             Switch to the attribute value (unquoted) state and reconsume | ||||
|             this input character. */ | ||||
|             $this->char--; | ||||
|             $this->state = 'attributeValueUnquoted'; | ||||
| 
 | ||||
|         } elseif($char === '\'') { | ||||
|             /* U+0027 APOSTROPHE (') | ||||
|             Switch to the attribute value (single-quoted) state. */ | ||||
|             $this->state = 'attributeValueSingleQuoted'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current attribute's value. | ||||
|             Switch to the attribute value (unquoted) state. */ | ||||
|             $last = count($this->token['attr']) - 1; | ||||
|             $this->token['attr'][$last]['value'] .= $char; | ||||
| 
 | ||||
|             $this->state = 'attributeValueUnquoted'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function attributeValueDoubleQuotedState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if($char === '"') { | ||||
|             /* U+0022 QUOTATION MARK (")
 | ||||
|             Switch to the before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '&') { | ||||
|             /* U+0026 AMPERSAND (&) | ||||
|             Switch to the entity in attribute value state. */ | ||||
|             $this->entityInAttributeValueState('double'); | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the character | ||||
|             in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current attribute's value. | ||||
|             Stay in the attribute value (double-quoted) state. */ | ||||
|             $last = count($this->token['attr']) - 1; | ||||
|             $this->token['attr'][$last]['value'] .= $char; | ||||
| 
 | ||||
|             $this->state = 'attributeValueDoubleQuoted'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function attributeValueSingleQuotedState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if($char === '\'') { | ||||
|             /* U+0022 QUOTATION MARK (') | ||||
|             Switch to the before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '&') { | ||||
|             /* U+0026 AMPERSAND (&) | ||||
|             Switch to the entity in attribute value state. */ | ||||
|             $this->entityInAttributeValueState('single'); | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* EOF | ||||
|             Parse error. Emit the current tag token. Reconsume the character | ||||
|             in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current attribute's value. | ||||
|             Stay in the attribute value (single-quoted) state. */ | ||||
|             $last = count($this->token['attr']) - 1; | ||||
|             $this->token['attr'][$last]['value'] .= $char; | ||||
| 
 | ||||
|             $this->state = 'attributeValueSingleQuoted'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function attributeValueUnquotedState() { | ||||
|         // Consume the next input character:
 | ||||
|         $this->char++; | ||||
|         $char = $this->character($this->char); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             /* U+0009 CHARACTER TABULATION | ||||
|             U+000A LINE FEED (LF) | ||||
|             U+000B LINE TABULATION | ||||
|             U+000C FORM FEED (FF) | ||||
|             U+0020 SPACE | ||||
|             Switch to the before attribute name state. */ | ||||
|             $this->state = 'beforeAttributeName'; | ||||
| 
 | ||||
|         } elseif($char === '&') { | ||||
|             /* U+0026 AMPERSAND (&) | ||||
|             Switch to the entity in attribute value state. */ | ||||
|             $this->entityInAttributeValueState(); | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             /* U+003E GREATER-THAN SIGN (>) | ||||
|             Emit the current tag token. Switch to the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             /* Anything else | ||||
|             Append the current input character to the current attribute's value. | ||||
|             Stay in the attribute value (unquoted) state. */ | ||||
|             $last = count($this->token['attr']) - 1; | ||||
|             $this->token['attr'][$last]['value'] .= $char; | ||||
| 
 | ||||
|             $this->state = 'attributeValueUnquoted'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function entityInAttributeValueState() { | ||||
|         // Attempt to consume an entity.
 | ||||
|         $entity = $this->entity(); | ||||
| 
 | ||||
|         // If nothing is returned, append a U+0026 AMPERSAND character to the
 | ||||
|         // current attribute's value. Otherwise, emit the character token that
 | ||||
|         // was returned.
 | ||||
|         $char = (!$entity) | ||||
|             ? '&' | ||||
|             : $entity; | ||||
| 
 | ||||
|         $last = count($this->token['attr']) - 1; | ||||
|         $this->token['attr'][$last]['value'] .= $char; | ||||
|     } | ||||
| 
 | ||||
|     private function bogusCommentState() { | ||||
|         /* Consume every character up to the first U+003E GREATER-THAN SIGN | ||||
|         character (>) or the end of the file (EOF), whichever comes first. Emit | ||||
|         a comment token whose data is the concatenation of all the characters | ||||
|         starting from and including the character that caused the state machine | ||||
|         to switch into the bogus comment state, up to and including the last | ||||
|         consumed character before the U+003E character, if any, or up to the | ||||
|         end of the file otherwise. (If the comment was started by the end of | ||||
|         the file (EOF), the token is empty.) */ | ||||
|         $data = $this->characters('^>', $this->char); | ||||
|         $this->emitToken(array( | ||||
|             'data' => $data, | ||||
|             'type' => self::COMMENT | ||||
|         )); | ||||
| 
 | ||||
|         $this->char += strlen($data); | ||||
| 
 | ||||
|         /* Switch to the data state. */ | ||||
|         $this->state = 'data'; | ||||
| 
 | ||||
|         /* If the end of the file was reached, reconsume the EOF character. */ | ||||
|         if($this->char === $this->EOF) { | ||||
|             $this->char = $this->EOF - 1; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function markupDeclarationOpenState() { | ||||
|         /* If the next two characters are both U+002D HYPHEN-MINUS (-) | ||||
|         characters, consume those two characters, create a comment token whose | ||||
|         data is the empty string, and switch to the comment state. */ | ||||
|         if($this->character($this->char + 1, 2) === '--') { | ||||
|             $this->char += 2; | ||||
|             $this->state = 'comment'; | ||||
|             $this->token = array( | ||||
|                 'data' => null, | ||||
|                 'type' => self::COMMENT | ||||
|             ); | ||||
| 
 | ||||
|         /* Otherwise if the next seven chacacters are a case-insensitive match | ||||
|         for the word "DOCTYPE", then consume those characters and switch to the | ||||
|         DOCTYPE state. */ | ||||
|         } elseif(strtolower($this->character($this->char + 1, 7)) === 'doctype') { | ||||
|             $this->char += 7; | ||||
|             $this->state = 'doctype'; | ||||
| 
 | ||||
|         /* Otherwise, is is a parse error. Switch to the bogus comment state. | ||||
|         The next character that is consumed, if any, is the first character | ||||
|         that will be in the comment. */ | ||||
|         } else { | ||||
|             $this->char++; | ||||
|             $this->state = 'bogusComment'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function commentState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         /* U+002D HYPHEN-MINUS (-) */ | ||||
|         if($char === '-') { | ||||
|             /* Switch to the comment dash state  */ | ||||
|             $this->state = 'commentDash'; | ||||
| 
 | ||||
|         /* EOF */ | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* Parse error. Emit the comment token. Reconsume the EOF character | ||||
|             in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Append the input character to the comment token's data. Stay in | ||||
|             the comment state. */ | ||||
|             $this->token['data'] .= $char; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function commentDashState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         /* U+002D HYPHEN-MINUS (-) */ | ||||
|         if($char === '-') { | ||||
|             /* Switch to the comment end state  */ | ||||
|             $this->state = 'commentEnd'; | ||||
| 
 | ||||
|         /* EOF */ | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             /* Parse error. Emit the comment token. Reconsume the EOF character | ||||
|             in the data state. */ | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Append a U+002D HYPHEN-MINUS (-) character and the input | ||||
|             character to the comment token's data. Switch to the comment state. */ | ||||
|             $this->token['data'] .= '-'.$char; | ||||
|             $this->state = 'comment'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function commentEndState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if($char === '>') { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($char === '-') { | ||||
|             $this->token['data'] .= '-'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             $this->token['data'] .= '--'.$char; | ||||
|             $this->state = 'comment'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function doctypeState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             $this->state = 'beforeDoctypeName'; | ||||
| 
 | ||||
|         } else { | ||||
|             $this->char--; | ||||
|             $this->state = 'beforeDoctypeName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function beforeDoctypeNameState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             // Stay in the before DOCTYPE name state.
 | ||||
| 
 | ||||
|         } elseif(preg_match('/^[a-z]$/', $char)) { | ||||
|             $this->token = array( | ||||
|                 'name' => strtoupper($char), | ||||
|                 'type' => self::DOCTYPE, | ||||
|                 'error' => true | ||||
|             ); | ||||
| 
 | ||||
|             $this->state = 'doctypeName'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             $this->emitToken(array( | ||||
|                 'name' => null, | ||||
|                 'type' => self::DOCTYPE, | ||||
|                 'error' => true | ||||
|             )); | ||||
| 
 | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             $this->emitToken(array( | ||||
|                 'name' => null, | ||||
|                 'type' => self::DOCTYPE, | ||||
|                 'error' => true | ||||
|             )); | ||||
| 
 | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             $this->token = array( | ||||
|                 'name' => $char, | ||||
|                 'type' => self::DOCTYPE, | ||||
|                 'error' => true | ||||
|             ); | ||||
| 
 | ||||
|             $this->state = 'doctypeName'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function doctypeNameState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             $this->state = 'AfterDoctypeName'; | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif(preg_match('/^[a-z]$/', $char)) { | ||||
|             $this->token['name'] .= strtoupper($char); | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             $this->token['name'] .= $char; | ||||
|         } | ||||
| 
 | ||||
|         $this->token['error'] = ($this->token['name'] === 'HTML') | ||||
|             ? false | ||||
|             : true; | ||||
|     } | ||||
| 
 | ||||
|     private function afterDoctypeNameState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if(preg_match('/^[\t\n\x0b\x0c ]$/', $char)) { | ||||
|             // Stay in the DOCTYPE name state.
 | ||||
| 
 | ||||
|         } elseif($char === '>') { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             $this->token['error'] = true; | ||||
|             $this->state = 'bogusDoctype'; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function bogusDoctypeState() { | ||||
|         /* Consume the next input character: */ | ||||
|         $this->char++; | ||||
|         $char = $this->char(); | ||||
| 
 | ||||
|         if($char === '>') { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } elseif($this->char === $this->EOF) { | ||||
|             $this->emitToken($this->token); | ||||
|             $this->char--; | ||||
|             $this->state = 'data'; | ||||
| 
 | ||||
|         } else { | ||||
|             // Stay in the bogus DOCTYPE state.
 | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function entity() { | ||||
|         $start = $this->char; | ||||
| 
 | ||||
|         // This section defines how to consume an entity. This definition is
 | ||||
|         // used when parsing entities in text and in attributes.
 | ||||
| 
 | ||||
|         // The behaviour depends on the identity of the next character (the
 | ||||
|         // one immediately after the U+0026 AMPERSAND character): 
 | ||||
| 
 | ||||
|         switch($this->character($this->char + 1)) { | ||||
|             // U+0023 NUMBER SIGN (#)
 | ||||
|             case '#': | ||||
| 
 | ||||
|                 // The behaviour further depends on the character after the
 | ||||
|                 // U+0023 NUMBER SIGN:
 | ||||
|                 switch($this->character($this->char + 1)) { | ||||
|                     // U+0078 LATIN SMALL LETTER X
 | ||||
|                     // U+0058 LATIN CAPITAL LETTER X
 | ||||
|                     case 'x': | ||||
|                     case 'X': | ||||
|                         // Follow the steps below, but using the range of
 | ||||
|                         // characters U+0030 DIGIT ZERO through to U+0039 DIGIT
 | ||||
|                         // NINE, U+0061 LATIN SMALL LETTER A through to U+0066
 | ||||
|                         // LATIN SMALL LETTER F, and U+0041 LATIN CAPITAL LETTER
 | ||||
|                         // A, through to U+0046 LATIN CAPITAL LETTER F (in other
 | ||||
|                         // words, 0-9, A-F, a-f).
 | ||||
|                         $char = 1; | ||||
|                         $char_class = '0-9A-Fa-f'; | ||||
|                     break; | ||||
| 
 | ||||
|                     // Anything else
 | ||||
|                     default: | ||||
|                         // Follow the steps below, but using the range of
 | ||||
|                         // characters U+0030 DIGIT ZERO through to U+0039 DIGIT
 | ||||
|                         // NINE (i.e. just 0-9).
 | ||||
|                         $char = 0; | ||||
|                         $char_class = '0-9'; | ||||
|                     break; | ||||
|                 } | ||||
| 
 | ||||
|                 // Consume as many characters as match the range of characters
 | ||||
|                 // given above.
 | ||||
|                 $this->char++; | ||||
|                 $e_name = $this->characters($char_class, $this->char + $char + 1); | ||||
|                 $entity = $this->character($start, $this->char); | ||||
|                 $cond = strlen($e_name) > 0; | ||||
| 
 | ||||
|                 // The rest of the parsing happens bellow.
 | ||||
|             break; | ||||
| 
 | ||||
|             // Anything else
 | ||||
|             default: | ||||
|                 // Consume the maximum number of characters possible, with the
 | ||||
|                 // consumed characters case-sensitively matching one of the
 | ||||
|                 // identifiers in the first column of the entities table.
 | ||||
|                 $e_name = $this->characters('0-9A-Za-z;', $this->char + 1); | ||||
|                 $len = strlen($e_name); | ||||
| 
 | ||||
|                 for($c = 1; $c <= $len; $c++) { | ||||
|                     $id = substr($e_name, 0, $c); | ||||
|                     $this->char++; | ||||
| 
 | ||||
|                     if(in_array($id, $this->entities)) { | ||||
|                         if ($e_name[$c-1] !== ';') { | ||||
|                             if ($c < $len && $e_name[$c] == ';') { | ||||
|                                 $this->char++; // consume extra semicolon
 | ||||
|                             } | ||||
|                         } | ||||
|                         $entity = $id; | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 $cond = isset($entity); | ||||
|                 // The rest of the parsing happens bellow.
 | ||||
|             break; | ||||
|         } | ||||
| 
 | ||||
|         if(!$cond) { | ||||
|             // If no match can be made, then this is a parse error. No
 | ||||
|             // characters are consumed, and nothing is returned.
 | ||||
|             $this->char = $start; | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // Return a character token for the character corresponding to the
 | ||||
|         // entity name (as given by the second column of the entities table).
 | ||||
|         return html_entity_decode('&'.$entity.';', ENT_QUOTES, 'UTF-8'); | ||||
|     } | ||||
| 
 | ||||
|     private function emitToken($token) { | ||||
|         $emit = $this->tree->emitToken($token); | ||||
| 
 | ||||
|         if(is_int($emit)) { | ||||
|             $this->content_model = $emit; | ||||
| 
 | ||||
|         } elseif($token['type'] === self::ENDTAG) { | ||||
|             $this->content_model = self::PCDATA; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function EOF() { | ||||
|         $this->state = null; | ||||
|         $this->tree->emitToken(array( | ||||
|             'type' => self::EOF | ||||
|         )); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| class HTML5TreeConstructer { | ||||
|     public $stack = array(); | ||||
| 
 | ||||
|     private $phase; | ||||
|     private $mode; | ||||
|     private $dom; | ||||
|     private $foster_parent = null; | ||||
|     private $a_formatting  = array(); | ||||
| 
 | ||||
|     private $head_pointer = null; | ||||
|     private $form_pointer = null; | ||||
| 
 | ||||
|     private $scoping = array('button','caption','html','marquee','object','table','td','th'); | ||||
|     private $formatting = array('a','b','big','em','font','i','nobr','s','small','strike','strong','tt','u'); | ||||
|     private $special = array('address','area','base','basefont','bgsound', | ||||
|     'blockquote','body','br','center','col','colgroup','dd','dir','div','dl', | ||||
|     'dt','embed','fieldset','form','frame','frameset','h1','h2','h3','h4','h5', | ||||
|     'h6','head','hr','iframe','image','img','input','isindex','li','link', | ||||
|     'listing','menu','meta','noembed','noframes','noscript','ol','optgroup', | ||||
|     'option','p','param','plaintext','pre','script','select','spacer','style', | ||||
|     'tbody','textarea','tfoot','thead','title','tr','ul','wbr'); | ||||
| 
 | ||||
|     // The different phases.
 | ||||
|     const INIT_PHASE = 0; | ||||
|     const ROOT_PHASE = 1; | ||||
|     const MAIN_PHASE = 2; | ||||
|     const END_PHASE  = 3; | ||||
| 
 | ||||
|     // The different insertion modes for the main phase.
 | ||||
|     const BEFOR_HEAD = 0; | ||||
|     const IN_HEAD    = 1; | ||||
|     const AFTER_HEAD = 2; | ||||
|     const IN_BODY    = 3; | ||||
|     const IN_TABLE   = 4; | ||||
|     const IN_CAPTION = 5; | ||||
|     const IN_CGROUP  = 6; | ||||
|     const IN_TBODY   = 7; | ||||
|     const IN_ROW     = 8; | ||||
|     const IN_CELL    = 9; | ||||
|     const IN_SELECT  = 10; | ||||
|     const AFTER_BODY = 11; | ||||
|     const IN_FRAME   = 12; | ||||
|     const AFTR_FRAME = 13; | ||||
| 
 | ||||
|     // The different types of elements.
 | ||||
|     const SPECIAL    = 0; | ||||
|     const SCOPING    = 1; | ||||
|     const FORMATTING = 2; | ||||
|     const PHRASING   = 3; | ||||
| 
 | ||||
|     const MARKER     = 0; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         $this->phase = self::INIT_PHASE; | ||||
|         $this->mode = self::BEFOR_HEAD; | ||||
|         $this->dom = new DOMDocument; | ||||
| 
 | ||||
|         $this->dom->encoding = 'UTF-8'; | ||||
|         $this->dom->preserveWhiteSpace = true; | ||||
|         $this->dom->substituteEntities = true; | ||||
|         $this->dom->strictErrorChecking = false; | ||||
|     } | ||||
| 
 | ||||
|     // Process tag tokens
 | ||||
|     public function emitToken($token) { | ||||
|         switch($this->phase) { | ||||
|             case self::INIT_PHASE: return $this->initPhase($token); break; | ||||
|             case self::ROOT_PHASE: return $this->rootElementPhase($token); break; | ||||
|             case self::MAIN_PHASE: return $this->mainPhase($token); break; | ||||
|             case self::END_PHASE : return $this->trailingEndPhase($token); break; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function initPhase($token) { | ||||
|         /* Initially, the tree construction stage must handle each token | ||||
|         emitted from the tokenisation stage as follows: */ | ||||
| 
 | ||||
|         /* A DOCTYPE token that is marked as being in error | ||||
|         A comment token | ||||
|         A start tag token | ||||
|         An end tag token | ||||
|         A character token that is not one of one of U+0009 CHARACTER TABULATION, | ||||
|             U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|             or U+0020 SPACE | ||||
|         An end-of-file token */ | ||||
|         if((isset($token['error']) && $token['error']) || | ||||
|         $token['type'] === HTML5::COMMENT || | ||||
|         $token['type'] === HTML5::STARTTAG || | ||||
|         $token['type'] === HTML5::ENDTAG || | ||||
|         $token['type'] === HTML5::EOF || | ||||
|         ($token['type'] === HTML5::CHARACTR && isset($token['data']) && | ||||
|         !preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data']))) { | ||||
|             /* This specification does not define how to handle this case. In | ||||
|             particular, user agents may ignore the entirety of this specification | ||||
|             altogether for such documents, and instead invoke special parse modes | ||||
|             with a greater emphasis on backwards compatibility. */ | ||||
| 
 | ||||
|             $this->phase = self::ROOT_PHASE; | ||||
|             return $this->rootElementPhase($token); | ||||
| 
 | ||||
|         /* A DOCTYPE token marked as being correct */ | ||||
|         } elseif(isset($token['error']) && !$token['error']) { | ||||
|             /* Append a DocumentType node to the Document  node, with the name | ||||
|             attribute set to the name given in the DOCTYPE token (which will be | ||||
|             "HTML"), and the other attributes specific to DocumentType objects | ||||
|             set to null, empty lists, or the empty string as appropriate. */ | ||||
|             $doctype = new DOMDocumentType(null, null, 'HTML'); | ||||
| 
 | ||||
|             /* Then, switch to the root element phase of the tree construction | ||||
|             stage. */ | ||||
|             $this->phase = self::ROOT_PHASE; | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         } elseif(isset($token['data']) && preg_match('/^[\t\n\x0b\x0c ]+$/', | ||||
|         $token['data'])) { | ||||
|             /* Append that character  to the Document node. */ | ||||
|             $text = $this->dom->createTextNode($token['data']); | ||||
|             $this->dom->appendChild($text); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function rootElementPhase($token) { | ||||
|         /* After the initial phase, as each token is emitted from the tokenisation | ||||
|         stage, it must be processed as described in this section. */ | ||||
| 
 | ||||
|         /* A DOCTYPE token */ | ||||
|         if($token['type'] === HTML5::DOCTYPE) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the Document object with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $comment = $this->dom->createComment($token['data']); | ||||
|             $this->dom->appendChild($comment); | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         } elseif($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append that character  to the Document node. */ | ||||
|             $text = $this->dom->createTextNode($token['data']); | ||||
|             $this->dom->appendChild($text); | ||||
| 
 | ||||
|         /* A character token that is not one of U+0009 CHARACTER TABULATION, | ||||
|             U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED | ||||
|             (FF), or U+0020 SPACE | ||||
|         A start tag token | ||||
|         An end tag token | ||||
|         An end-of-file token */ | ||||
|         } elseif(($token['type'] === HTML5::CHARACTR && | ||||
|         !preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) || | ||||
|         $token['type'] === HTML5::STARTTAG || | ||||
|         $token['type'] === HTML5::ENDTAG || | ||||
|         $token['type'] === HTML5::EOF) { | ||||
|             /* Create an HTMLElement node with the tag name html, in the HTML | ||||
|             namespace. Append it to the Document object. Switch to the main | ||||
|             phase and reprocess the current token. */ | ||||
|             $html = $this->dom->createElement('html'); | ||||
|             $this->dom->appendChild($html); | ||||
|             $this->stack[] = $html; | ||||
| 
 | ||||
|             $this->phase = self::MAIN_PHASE; | ||||
|             return $this->mainPhase($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function mainPhase($token) { | ||||
|         /* Tokens in the main phase must be handled as follows: */ | ||||
| 
 | ||||
|         /* A DOCTYPE token */ | ||||
|         if($token['type'] === HTML5::DOCTYPE) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* A start tag token with the tag name "html" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'html') { | ||||
|             /* If this start tag token was not the first start tag token, then | ||||
|             it is a parse error. */ | ||||
| 
 | ||||
|             /* For each attribute on the token, check to see if the attribute | ||||
|             is already present on the top element of the stack of open elements. | ||||
|             If it is not, add the attribute and its corresponding value to that | ||||
|             element. */ | ||||
|             foreach($token['attr'] as $attr) { | ||||
|                 if(!$this->stack[0]->hasAttribute($attr['name'])) { | ||||
|                     $this->stack[0]->setAttribute($attr['name'], $attr['value']); | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|         /* An end-of-file token */ | ||||
|         } elseif($token['type'] === HTML5::EOF) { | ||||
|             /* Generate implied end tags. */ | ||||
|             $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|         /* Anything else. */ | ||||
|         } else { | ||||
|             /* Depends on the insertion mode: */ | ||||
|             switch($this->mode) { | ||||
|                 case self::BEFOR_HEAD: return $this->beforeHead($token); break; | ||||
|                 case self::IN_HEAD:    return $this->inHead($token); break; | ||||
|                 case self::AFTER_HEAD: return $this->afterHead($token); break; | ||||
|                 case self::IN_BODY:    return $this->inBody($token); break; | ||||
|                 case self::IN_TABLE:   return $this->inTable($token); break; | ||||
|                 case self::IN_CAPTION: return $this->inCaption($token); break; | ||||
|                 case self::IN_CGROUP:  return $this->inColumnGroup($token); break; | ||||
|                 case self::IN_TBODY:   return $this->inTableBody($token); break; | ||||
|                 case self::IN_ROW:     return $this->inRow($token); break; | ||||
|                 case self::IN_CELL:    return $this->inCell($token); break; | ||||
|                 case self::IN_SELECT:  return $this->inSelect($token); break; | ||||
|                 case self::AFTER_BODY: return $this->afterBody($token); break; | ||||
|                 case self::IN_FRAME:   return $this->inFrameset($token); break; | ||||
|                 case self::AFTR_FRAME: return $this->afterFrameset($token); break; | ||||
|                 case self::END_PHASE:  return $this->trailingEndPhase($token); break; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function beforeHead($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data attribute | ||||
|             set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         /* A start tag token with the tag name "head" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') { | ||||
|             /* Create an element for the token, append the new element to the | ||||
|             current node and push it onto the stack of open elements. */ | ||||
|             $element = $this->insertElement($token); | ||||
| 
 | ||||
|             /* Set the head element pointer to this new element node. */ | ||||
|             $this->head_pointer = $element; | ||||
| 
 | ||||
|             /* Change the insertion mode to "in head". */ | ||||
|             $this->mode = self::IN_HEAD; | ||||
| 
 | ||||
|         /* A start tag token whose tag name is one of: "base", "link", "meta", | ||||
|         "script", "style", "title". Or an end tag with the tag name "html". | ||||
|         Or a character token that is not one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE. Or any other start tag token */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG || | ||||
|         ($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') || | ||||
|         ($token['type'] === HTML5::CHARACTR && !preg_match('/^[\t\n\x0b\x0c ]$/', | ||||
|         $token['data']))) { | ||||
|             /* Act as if a start tag token with the tag name "head" and no | ||||
|             attributes had been seen, then reprocess the current token. */ | ||||
|             $this->beforeHead(array( | ||||
|                 'name' => 'head', | ||||
|                 'type' => HTML5::STARTTAG, | ||||
|                 'attr' => array() | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inHead($token); | ||||
| 
 | ||||
|         /* Any other end tag */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG) { | ||||
|             /* Parse error. Ignore the token. */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inHead($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE. | ||||
| 
 | ||||
|         THIS DIFFERS FROM THE SPEC: If the current node is either a title, style | ||||
|         or script element, append the character to the current node regardless | ||||
|         of its content. */ | ||||
|         if(($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) || ( | ||||
|         $token['type'] === HTML5::CHARACTR && in_array(end($this->stack)->nodeName, | ||||
|         array('title', 'style', 'script')))) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data attribute | ||||
|             set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         in_array($token['name'], array('title', 'style', 'script'))) { | ||||
|             array_pop($this->stack); | ||||
|             return HTML5::PCDATA; | ||||
| 
 | ||||
|         /* A start tag with the tag name "title" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'title') { | ||||
|             /* Create an element for the token and append the new element to the | ||||
|             node pointed to by the head element pointer, or, if that is null | ||||
|             (innerHTML case), to the current node. */ | ||||
|             if($this->head_pointer !== null) { | ||||
|                 $element = $this->insertElement($token, false); | ||||
|                 $this->head_pointer->appendChild($element); | ||||
| 
 | ||||
|             } else { | ||||
|                 $element = $this->insertElement($token); | ||||
|             } | ||||
| 
 | ||||
|             /* Switch the tokeniser's content model flag  to the RCDATA state. */ | ||||
|             return HTML5::RCDATA; | ||||
| 
 | ||||
|         /* A start tag with the tag name "style" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'style') { | ||||
|             /* Create an element for the token and append the new element to the | ||||
|             node pointed to by the head element pointer, or, if that is null | ||||
|             (innerHTML case), to the current node. */ | ||||
|             if($this->head_pointer !== null) { | ||||
|                 $element = $this->insertElement($token, false); | ||||
|                 $this->head_pointer->appendChild($element); | ||||
| 
 | ||||
|             } else { | ||||
|                 $this->insertElement($token); | ||||
|             } | ||||
| 
 | ||||
|             /* Switch the tokeniser's content model flag  to the CDATA state. */ | ||||
|             return HTML5::CDATA; | ||||
| 
 | ||||
|         /* A start tag with the tag name "script" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'script') { | ||||
|             /* Create an element for the token. */ | ||||
|             $element = $this->insertElement($token, false); | ||||
|             $this->head_pointer->appendChild($element); | ||||
| 
 | ||||
|             /* Switch the tokeniser's content model flag  to the CDATA state. */ | ||||
|             return HTML5::CDATA; | ||||
| 
 | ||||
|         /* A start tag with the tag name "base", "link", or "meta" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('base', 'link', 'meta'))) { | ||||
|             /* Create an element for the token and append the new element to the | ||||
|             node pointed to by the head element pointer, or, if that is null | ||||
|             (innerHTML case), to the current node. */ | ||||
|             if($this->head_pointer !== null) { | ||||
|                 $element = $this->insertElement($token, false); | ||||
|                 $this->head_pointer->appendChild($element); | ||||
|                 array_pop($this->stack); | ||||
| 
 | ||||
|             } else { | ||||
|                 $this->insertElement($token); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag with the tag name "head" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && $token['name'] === 'head') { | ||||
|             /* If the current node is a head element, pop the current node off | ||||
|             the stack of open elements. */ | ||||
|             if($this->head_pointer->isSameNode(end($this->stack))) { | ||||
|                 array_pop($this->stack); | ||||
| 
 | ||||
|             /* Otherwise, this is a parse error. */ | ||||
|             } else { | ||||
|                 // k
 | ||||
|             } | ||||
| 
 | ||||
|             /* Change the insertion mode to "after head". */ | ||||
|             $this->mode = self::AFTER_HEAD; | ||||
| 
 | ||||
|         /* A start tag with the tag name "head" or an end tag except "html". */ | ||||
|         } elseif(($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') || | ||||
|         ($token['type'] === HTML5::ENDTAG && $token['name'] !== 'html')) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* If the current node is a head element, act as if an end tag | ||||
|             token with the tag name "head" had been seen. */ | ||||
|             if($this->head_pointer->isSameNode(end($this->stack))) { | ||||
|                 $this->inHead(array( | ||||
|                     'name' => 'head', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
| 
 | ||||
|             /* Otherwise, change the insertion mode to "after head". */ | ||||
|             } else { | ||||
|                 $this->mode = self::AFTER_HEAD; | ||||
|             } | ||||
| 
 | ||||
|             /* Then, reprocess the current token. */ | ||||
|             return $this->afterHead($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function afterHead($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data attribute | ||||
|             set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         /* A start tag token with the tag name "body" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'body') { | ||||
|             /* Insert a body element for the token. */ | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|             /* Change the insertion mode to "in body". */ | ||||
|             $this->mode = self::IN_BODY; | ||||
| 
 | ||||
|         /* A start tag token with the tag name "frameset" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'frameset') { | ||||
|             /* Insert a frameset element for the token. */ | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|             /* Change the insertion mode to "in frameset". */ | ||||
|             $this->mode = self::IN_FRAME; | ||||
| 
 | ||||
|         /* A start tag token whose tag name is one of: "base", "link", "meta", | ||||
|         "script", "style", "title" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('base', 'link', 'meta', 'script', 'style', 'title'))) { | ||||
|             /* Parse error. Switch the insertion mode back to "in head" and | ||||
|             reprocess the token. */ | ||||
|             $this->mode = self::IN_HEAD; | ||||
|             return $this->inHead($token); | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Act as if a start tag token with the tag name "body" and no | ||||
|             attributes had been seen, and then reprocess the current token. */ | ||||
|             $this->afterHead(array( | ||||
|                 'name' => 'body', | ||||
|                 'type' => HTML5::STARTTAG, | ||||
|                 'attr' => array() | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inBody($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inBody($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         switch($token['type']) { | ||||
|             /* A character token */ | ||||
|             case HTML5::CHARACTR: | ||||
|                 /* Reconstruct the active formatting elements, if any. */ | ||||
|                 $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                 /* Append the token's character to the current node. */ | ||||
|                 $this->insertText($token['data']); | ||||
|             break; | ||||
| 
 | ||||
|             /* A comment token */ | ||||
|             case HTML5::COMMENT: | ||||
|                 /* Append a Comment node to the current node with the data | ||||
|                 attribute set to the data given in the comment token. */ | ||||
|                 $this->insertComment($token['data']); | ||||
|             break; | ||||
| 
 | ||||
|             case HTML5::STARTTAG: | ||||
|             switch($token['name']) { | ||||
|                 /* A start tag token whose tag name is one of: "script", | ||||
|                 "style" */ | ||||
|                 case 'script': case 'style': | ||||
|                     /* Process the token as if the insertion mode had been "in
 | ||||
|                     head". */
 | ||||
|                     return $this->inHead($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token whose tag name is one of: "base", "link", | ||||
|                 "meta", "title" */ | ||||
|                 case 'base': case 'link': case 'meta': case 'title': | ||||
|                     /* Parse error. Process the token as if the insertion mode | ||||
|                     had    been "in head". */ | ||||
|                     return $this->inHead($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token with the tag name "body" */ | ||||
|                 case 'body': | ||||
|                     /* Parse error. If the second element on the stack of open | ||||
|                     elements is not a body element, or, if the stack of open | ||||
|                     elements has only one node on it, then ignore the token. | ||||
|                     (innerHTML case) */ | ||||
|                     if(count($this->stack) === 1 || $this->stack[1]->nodeName !== 'body') { | ||||
|                         // Ignore
 | ||||
| 
 | ||||
|                     /* Otherwise, for each attribute on the token, check to see | ||||
|                     if the attribute is already present on the body element (the | ||||
|                     second element)    on the stack of open elements. If it is not, | ||||
|                     add the attribute and its corresponding value to that | ||||
|                     element. */ | ||||
|                     } else { | ||||
|                         foreach($token['attr'] as $attr) { | ||||
|                             if(!$this->stack[1]->hasAttribute($attr['name'])) { | ||||
|                                 $this->stack[1]->setAttribute($attr['name'], $attr['value']); | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is one of: "address", | ||||
|                 "blockquote", "center", "dir", "div", "dl", "fieldset", | ||||
|                 "listing", "menu", "ol", "p", "ul" */ | ||||
|                 case 'address': case 'blockquote': case 'center': case 'dir': | ||||
|                 case 'div': case 'dl': case 'fieldset': case 'listing': | ||||
|                 case 'menu': case 'ol': case 'p': case 'ul': | ||||
|                     /* If the stack of open elements has a p element in scope, | ||||
|                     then act as if an end tag with the tag name p had been | ||||
|                     seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "form" */ | ||||
|                 case 'form': | ||||
|                     /* If the form element pointer is not null, ignore the | ||||
|                     token with a parse error. */ | ||||
|                     if($this->form_pointer !== null) { | ||||
|                         // Ignore.
 | ||||
| 
 | ||||
|                     /* Otherwise: */ | ||||
|                     } else { | ||||
|                         /* If the stack of open elements has a p element in | ||||
|                         scope, then act as if an end tag with the tag name p | ||||
|                         had been seen. */ | ||||
|                         if($this->elementInScope('p')) { | ||||
|                             $this->emitToken(array( | ||||
|                                 'name' => 'p', | ||||
|                                 'type' => HTML5::ENDTAG | ||||
|                             )); | ||||
|                         } | ||||
| 
 | ||||
|                         /* Insert an HTML element for the token, and set the | ||||
|                         form element pointer to point to the element created. */ | ||||
|                         $element = $this->insertElement($token); | ||||
|                         $this->form_pointer = $element; | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "li", "dd" or "dt" */ | ||||
|                 case 'li': case 'dd': case 'dt': | ||||
|                     /* If the stack of open elements has a p  element in scope, | ||||
|                     then act as if an end tag with the tag name p had been | ||||
|                     seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     $stack_length = count($this->stack) - 1; | ||||
| 
 | ||||
|                     for($n = $stack_length; 0 <= $n; $n--) { | ||||
|                         /* 1. Initialise node to be the current node (the | ||||
|                         bottommost node of the stack). */ | ||||
|                         $stop = false; | ||||
|                         $node = $this->stack[$n]; | ||||
|                         $cat  = $this->getElementCategory($node->tagName); | ||||
| 
 | ||||
|                         /* 2. If node is an li, dd or dt element, then pop all | ||||
|                         the    nodes from the current node up to node, including | ||||
|                         node, then stop this algorithm. */ | ||||
|                         if($token['name'] === $node->tagName ||    ($token['name'] !== 'li' | ||||
|                         && ($node->tagName === 'dd' || $node->tagName === 'dt'))) { | ||||
|                             for($x = $stack_length; $x >= $n ; $x--) { | ||||
|                                 array_pop($this->stack); | ||||
|                             } | ||||
| 
 | ||||
|                             break; | ||||
|                         } | ||||
| 
 | ||||
|                         /* 3. If node is not in the formatting category, and is | ||||
|                         not    in the phrasing category, and is not an address or | ||||
|                         div element, then stop this algorithm. */ | ||||
|                         if($cat !== self::FORMATTING && $cat !== self::PHRASING && | ||||
|                         $node->tagName !== 'address' && $node->tagName !== 'div') { | ||||
|                             break; | ||||
|                         } | ||||
|                     } | ||||
| 
 | ||||
|                     /* Finally, insert an HTML element with the same tag | ||||
|                     name as the    token's. */ | ||||
|                     $this->insertElement($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token whose tag name is "plaintext" */ | ||||
|                 case 'plaintext': | ||||
|                     /* If the stack of open elements has a p  element in scope, | ||||
|                     then act as if an end tag with the tag name p had been | ||||
|                     seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     return HTML5::PLAINTEXT; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is one of: "h1", "h2", "h3", "h4", | ||||
|                 "h5", "h6" */ | ||||
|                 case 'h1': case 'h2': case 'h3': case 'h4': case 'h5': case 'h6': | ||||
|                     /* If the stack of open elements has a p  element in scope, | ||||
|                     then act as if an end tag with the tag name p had been seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* If the stack of open elements has in scope an element whose | ||||
|                     tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then | ||||
|                     this is a parse error; pop elements from the stack until an | ||||
|                     element with one of those tag names has been popped from the | ||||
|                     stack. */ | ||||
|                     while($this->elementInScope(array('h1', 'h2', 'h3', 'h4', 'h5', 'h6'))) { | ||||
|                         array_pop($this->stack); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "a" */ | ||||
|                 case 'a': | ||||
|                     /* If the list of active formatting elements contains | ||||
|                     an element whose tag name is "a" between the end of the | ||||
|                     list and the last marker on the list (or the start of | ||||
|                     the list if there is no marker on the list), then this | ||||
|                     is a parse error; act as if an end tag with the tag name | ||||
|                     "a" had been seen, then remove that element from the list | ||||
|                     of active formatting elements and the stack of open | ||||
|                     elements if the end tag didn't already remove it (it | ||||
|                     might not have if the element is not in table scope). */ | ||||
|                     $leng = count($this->a_formatting); | ||||
| 
 | ||||
|                     for($n = $leng - 1; $n >= 0; $n--) { | ||||
|                         if($this->a_formatting[$n] === self::MARKER) { | ||||
|                             break; | ||||
| 
 | ||||
|                         } elseif($this->a_formatting[$n]->nodeName === 'a') { | ||||
|                             $this->emitToken(array( | ||||
|                                 'name' => 'a', | ||||
|                                 'type' => HTML5::ENDTAG | ||||
|                             )); | ||||
|                             break; | ||||
|                         } | ||||
|                     } | ||||
| 
 | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $el = $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Add that element to the list of active formatting | ||||
|                     elements. */ | ||||
|                     $this->a_formatting[] = $el; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is one of: "b", "big", "em", "font", | ||||
|                 "i", "nobr", "s", "small", "strike", "strong", "tt", "u" */ | ||||
|                 case 'b': case 'big': case 'em': case 'font': case 'i': | ||||
|                 case 'nobr': case 's': case 'small': case 'strike': | ||||
|                 case 'strong': case 'tt': case 'u': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $el = $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Add that element to the list of active formatting | ||||
|                     elements. */ | ||||
|                     $this->a_formatting[] = $el; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token whose tag name is "button" */ | ||||
|                 case 'button': | ||||
|                     /* If the stack of open elements has a button element in scope, | ||||
|                     then this is a parse error; act as if an end tag with the tag | ||||
|                     name "button" had been seen, then reprocess the token. (We don't | ||||
|                     do that. Unnecessary.) */ | ||||
|                     if($this->elementInScope('button')) { | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'button', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Insert a marker at the end of the list of active | ||||
|                     formatting elements. */ | ||||
|                     $this->a_formatting[] = self::MARKER; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token whose tag name is one of: "marquee", "object" */ | ||||
|                 case 'marquee': case 'object': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Insert a marker at the end of the list of active | ||||
|                     formatting elements. */ | ||||
|                     $this->a_formatting[] = self::MARKER; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token whose tag name is "xmp" */ | ||||
|                 case 'xmp': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Switch the content model flag to the CDATA state. */ | ||||
|                     return HTML5::CDATA; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "table" */ | ||||
|                 case 'table': | ||||
|                     /* If the stack of open elements has a p element in scope, | ||||
|                     then act as if an end tag with the tag name p had been seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Change the insertion mode to "in table". */ | ||||
|                     $this->mode = self::IN_TABLE; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is one of: "area", "basefont", | ||||
|                 "bgsound", "br", "embed", "img", "param", "spacer", "wbr" */ | ||||
|                 case 'area': case 'basefont': case 'bgsound': case 'br': | ||||
|                 case 'embed': case 'img': case 'param': case 'spacer': | ||||
|                 case 'wbr': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Immediately pop the current node off the stack of open elements. */ | ||||
|                     array_pop($this->stack); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "hr" */ | ||||
|                 case 'hr': | ||||
|                     /* If the stack of open elements has a p element in scope, | ||||
|                     then act as if an end tag with the tag name p had been seen. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->emitToken(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Immediately pop the current node off the stack of open elements. */ | ||||
|                     array_pop($this->stack); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "image" */ | ||||
|                 case 'image': | ||||
|                     /* Parse error. Change the token's tag name to "img" and | ||||
|                     reprocess it. (Don't ask.) */ | ||||
|                     $token['name'] = 'img'; | ||||
|                     return $this->inBody($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "input" */ | ||||
|                 case 'input': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an input element for the token. */ | ||||
|                     $element = $this->insertElement($token, false); | ||||
| 
 | ||||
|                     /* If the form element pointer is not null, then associate the | ||||
|                     input element with the form element pointed to by the form | ||||
|                     element pointer. */ | ||||
|                     $this->form_pointer !== null | ||||
|                         ? $this->form_pointer->appendChild($element) | ||||
|                         : end($this->stack)->appendChild($element); | ||||
| 
 | ||||
|                     /* Pop that input element off the stack of open elements. */ | ||||
|                     array_pop($this->stack); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "isindex" */ | ||||
|                 case 'isindex': | ||||
|                     /* Parse error. */ | ||||
|                     // w/e
 | ||||
| 
 | ||||
|                     /* If the form element pointer is not null, | ||||
|                     then ignore the token. */ | ||||
|                     if($this->form_pointer === null) { | ||||
|                         /* Act as if a start tag token with the tag name "form" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'body', | ||||
|                             'type' => HTML5::STARTTAG, | ||||
|                             'attr' => array() | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a start tag token with the tag name "hr" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'hr', | ||||
|                             'type' => HTML5::STARTTAG, | ||||
|                             'attr' => array() | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a start tag token with the tag name "p" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::STARTTAG, | ||||
|                             'attr' => array() | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a start tag token with the tag name "label" | ||||
|                         had been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'label', | ||||
|                             'type' => HTML5::STARTTAG, | ||||
|                             'attr' => array() | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a stream of character tokens had been seen. */ | ||||
|                         $this->insertText('This is a searchable index. '. | ||||
|                         'Insert your search keywords here: '); | ||||
| 
 | ||||
|                         /* Act as if a start tag token with the tag name "input" | ||||
|                         had been seen, with all the attributes from the "isindex" | ||||
|                         token, except with the "name" attribute set to the value | ||||
|                         "isindex" (ignoring any explicit "name" attribute). */ | ||||
|                         $attr = $token['attr']; | ||||
|                         $attr[] = array('name' => 'name', 'value' => 'isindex'); | ||||
| 
 | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'input', | ||||
|                             'type' => HTML5::STARTTAG, | ||||
|                             'attr' => $attr | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a stream of character tokens had been seen | ||||
|                         (see below for what they should say). */ | ||||
|                         $this->insertText('This is a searchable index. '. | ||||
|                         'Insert your search keywords here: '); | ||||
| 
 | ||||
|                         /* Act as if an end tag token with the tag name "label" | ||||
|                         had been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'label', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if an end tag token with the tag name "p" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'p', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if a start tag token with the tag name "hr" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'hr', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
| 
 | ||||
|                         /* Act as if an end tag token with the tag name "form" had | ||||
|                         been seen. */ | ||||
|                         $this->inBody(array( | ||||
|                             'name' => 'form', | ||||
|                             'type' => HTML5::ENDTAG | ||||
|                         )); | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "textarea" */ | ||||
|                 case 'textarea': | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Switch the tokeniser's content model flag to the | ||||
|                     RCDATA state. */ | ||||
|                     return HTML5::RCDATA; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is one of: "iframe", "noembed", | ||||
|                 "noframes" */ | ||||
|                 case 'iframe': case 'noembed': case 'noframes': | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Switch the tokeniser's content model flag to the CDATA state. */ | ||||
|                     return HTML5::CDATA; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag whose tag name is "select" */ | ||||
|                 case 'select': | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     /* Insert an HTML element for the token. */ | ||||
|                     $this->insertElement($token); | ||||
| 
 | ||||
|                     /* Change the insertion mode to "in select". */ | ||||
|                     $this->mode = self::IN_SELECT; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start or end tag whose tag name is one of: "caption", "col", | ||||
|                 "colgroup", "frame", "frameset", "head", "option", "optgroup", | ||||
|                 "tbody", "td", "tfoot", "th", "thead", "tr". */ | ||||
|                 case 'caption': case 'col': case 'colgroup': case 'frame': | ||||
|                 case 'frameset': case 'head': case 'option': case 'optgroup': | ||||
|                 case 'tbody': case 'td': case 'tfoot': case 'th': case 'thead': | ||||
|                 case 'tr': | ||||
|                     // Parse error. Ignore the token.
 | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start or end tag whose tag name is one of: "event-source", | ||||
|                 "section", "nav", "article", "aside", "header", "footer", | ||||
|                 "datagrid", "command" */ | ||||
|                 case 'event-source': case 'section': case 'nav': case 'article': | ||||
|                 case 'aside': case 'header': case 'footer': case 'datagrid': | ||||
|                 case 'command': | ||||
|                     // Work in progress!
 | ||||
|                 break; | ||||
| 
 | ||||
|                 /* A start tag token not covered by the previous entries */ | ||||
|                 default: | ||||
|                     /* Reconstruct the active formatting elements, if any. */ | ||||
|                     $this->reconstructActiveFormattingElements(); | ||||
| 
 | ||||
|                     $this->insertElement($token, true, true); | ||||
|                 break; | ||||
|             } | ||||
|             break; | ||||
| 
 | ||||
|             case HTML5::ENDTAG: | ||||
|             switch($token['name']) { | ||||
|                 /* An end tag with the tag name "body" */ | ||||
|                 case 'body': | ||||
|                     /* If the second element in the stack of open elements is | ||||
|                     not a body element, this is a parse error. Ignore the token. | ||||
|                     (innerHTML case) */ | ||||
|                     if(count($this->stack) < 2 || $this->stack[1]->nodeName !== 'body') { | ||||
|                         // Ignore.
 | ||||
| 
 | ||||
|                     /* If the current node is not the body element, then this | ||||
|                     is a parse error. */ | ||||
|                     } elseif(end($this->stack)->nodeName !== 'body') { | ||||
|                         // Parse error.
 | ||||
|                     } | ||||
| 
 | ||||
|                     /* Change the insertion mode to "after body". */ | ||||
|                     $this->mode = self::AFTER_BODY; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag with the tag name "html" */ | ||||
|                 case 'html': | ||||
|                     /* Act as if an end tag with tag name "body" had been seen, | ||||
|                     then, if that token wasn't ignored, reprocess the current | ||||
|                     token. */ | ||||
|                     $this->inBody(array( | ||||
|                         'name' => 'body', | ||||
|                         'type' => HTML5::ENDTAG | ||||
|                     )); | ||||
| 
 | ||||
|                     return $this->afterBody($token); | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is one of: "address", "blockquote", | ||||
|                 "center", "dir", "div", "dl", "fieldset", "listing", "menu", | ||||
|                 "ol", "pre", "ul" */ | ||||
|                 case 'address': case 'blockquote': case 'center': case 'dir': | ||||
|                 case 'div': case 'dl': case 'fieldset': case 'listing': | ||||
|                 case 'menu': case 'ol': case 'pre': case 'ul': | ||||
|                     /* If the stack of open elements has an element in scope | ||||
|                     with the same tag name as that of the token, then generate | ||||
|                     implied end tags. */ | ||||
|                     if($this->elementInScope($token['name'])) { | ||||
|                         $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                         /* Now, if the current node is not an element with | ||||
|                         the same tag name as that of the token, then this | ||||
|                         is a parse error. */ | ||||
|                         // w/e
 | ||||
| 
 | ||||
|                         /* If the stack of open elements has an element in | ||||
|                         scope with the same tag name as that of the token, | ||||
|                         then pop elements from this stack until an element | ||||
|                         with that tag name has been popped from the stack. */ | ||||
|                         for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                             if($this->stack[$n]->nodeName === $token['name']) { | ||||
|                                 $n = -1; | ||||
|                             } | ||||
| 
 | ||||
|                             array_pop($this->stack); | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is "form" */ | ||||
|                 case 'form': | ||||
|                     /* If the stack of open elements has an element in scope | ||||
|                     with the same tag name as that of the token, then generate | ||||
|                     implied    end tags. */ | ||||
|                     if($this->elementInScope($token['name'])) { | ||||
|                         $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                     }  | ||||
| 
 | ||||
|                     if(end($this->stack)->nodeName !== $token['name']) { | ||||
|                         /* Now, if the current node is not an element with the | ||||
|                         same tag name as that of the token, then this is a parse | ||||
|                         error. */ | ||||
|                         // w/e
 | ||||
| 
 | ||||
|                     } else { | ||||
|                         /* Otherwise, if the current node is an element with | ||||
|                         the same tag name as that of the token pop that element | ||||
|                         from the stack. */ | ||||
|                         array_pop($this->stack); | ||||
|                     } | ||||
| 
 | ||||
|                     /* In any case, set the form element pointer to null. */ | ||||
|                     $this->form_pointer = null; | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is "p" */ | ||||
|                 case 'p': | ||||
|                     /* If the stack of open elements has a p element in scope, | ||||
|                     then generate implied end tags, except for p elements. */ | ||||
|                     if($this->elementInScope('p')) { | ||||
|                         $this->generateImpliedEndTags(array('p')); | ||||
| 
 | ||||
|                         /* If the current node is not a p element, then this is | ||||
|                         a parse error. */ | ||||
|                         // k
 | ||||
| 
 | ||||
|                         /* If the stack of open elements has a p element in | ||||
|                         scope, then pop elements from this stack until the stack | ||||
|                         no longer has a p element in scope. */ | ||||
|                         for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                             if($this->elementInScope('p')) { | ||||
|                                 array_pop($this->stack); | ||||
| 
 | ||||
|                             } else { | ||||
|                                 break; | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is "dd", "dt", or "li" */ | ||||
|                 case 'dd': case 'dt': case 'li': | ||||
|                     /* If the stack of open elements has an element in scope | ||||
|                     whose tag name matches the tag name of the token, then | ||||
|                     generate implied end tags, except for elements with the | ||||
|                     same tag name as the token. */ | ||||
|                     if($this->elementInScope($token['name'])) { | ||||
|                         $this->generateImpliedEndTags(array($token['name'])); | ||||
| 
 | ||||
|                         /* If the current node is not an element with the same | ||||
|                         tag name as the token, then this is a parse error. */ | ||||
|                         // w/e
 | ||||
| 
 | ||||
|                         /* If the stack of open elements has an element in scope | ||||
|                         whose tag name matches the tag name of the token, then | ||||
|                         pop elements from this stack until an element with that | ||||
|                         tag name has been popped from the stack. */ | ||||
|                         for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                             if($this->stack[$n]->nodeName === $token['name']) { | ||||
|                                 $n = -1; | ||||
|                             } | ||||
| 
 | ||||
|                             array_pop($this->stack); | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is one of: "h1", "h2", "h3", "h4", | ||||
|                 "h5", "h6" */ | ||||
|                 case 'h1': case 'h2': case 'h3': case 'h4': case 'h5': case 'h6': | ||||
|                     $elements = array('h1', 'h2', 'h3', 'h4', 'h5', 'h6'); | ||||
| 
 | ||||
|                     /* If the stack of open elements has in scope an element whose | ||||
|                     tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then | ||||
|                     generate implied end tags. */ | ||||
|                     if($this->elementInScope($elements)) { | ||||
|                         $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                         /* Now, if the current node is not an element with the same | ||||
|                         tag name as that of the token, then this is a parse error. */ | ||||
|                         // w/e
 | ||||
| 
 | ||||
|                         /* If the stack of open elements has in scope an element | ||||
|                         whose tag name is one of "h1", "h2", "h3", "h4", "h5", or | ||||
|                         "h6", then pop elements from the stack until an element | ||||
|                         with one of those tag names has been popped from the stack. */ | ||||
|                         while($this->elementInScope($elements)) { | ||||
|                             array_pop($this->stack); | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag whose tag name is one of: "a", "b", "big", "em", | ||||
|                 "font", "i", "nobr", "s", "small", "strike", "strong", "tt", "u" */ | ||||
|                 case 'a': case 'b': case 'big': case 'em': case 'font': | ||||
|                 case 'i': case 'nobr': case 's': case 'small': case 'strike': | ||||
|                 case 'strong': case 'tt': case 'u': | ||||
|                     /* 1. Let the formatting element be the last element in | ||||
|                     the list of active formatting elements that: | ||||
|                         * is between the end of the list and the last scope | ||||
|                         marker in the list, if any, or the start of the list | ||||
|                         otherwise, and | ||||
|                         * has the same tag name as the token. | ||||
|                     */ | ||||
|                     while(true) { | ||||
|                         for($a = count($this->a_formatting) - 1; $a >= 0; $a--) { | ||||
|                             if($this->a_formatting[$a] === self::MARKER) { | ||||
|                                 break; | ||||
| 
 | ||||
|                             } elseif($this->a_formatting[$a]->tagName === $token['name']) { | ||||
|                                 $formatting_element = $this->a_formatting[$a]; | ||||
|                                 $in_stack = in_array($formatting_element, $this->stack, true); | ||||
|                                 $fe_af_pos = $a; | ||||
|                                 break; | ||||
|                             } | ||||
|                         } | ||||
| 
 | ||||
|                         /* If there is no such node, or, if that node is | ||||
|                         also in the stack of open elements but the element | ||||
|                         is not in scope, then this is a parse error. Abort | ||||
|                         these steps. The token is ignored. */ | ||||
|                         if(!isset($formatting_element) || ($in_stack && | ||||
|                         !$this->elementInScope($token['name']))) { | ||||
|                             break; | ||||
| 
 | ||||
|                         /* Otherwise, if there is such a node, but that node | ||||
|                         is not in the stack of open elements, then this is a | ||||
|                         parse error; remove the element from the list, and | ||||
|                         abort these steps. */ | ||||
|                         } elseif(isset($formatting_element) && !$in_stack) { | ||||
|                             unset($this->a_formatting[$fe_af_pos]); | ||||
|                             $this->a_formatting = array_merge($this->a_formatting); | ||||
|                             break; | ||||
|                         } | ||||
| 
 | ||||
|                         /* 2. Let the furthest block be the topmost node in the | ||||
|                         stack of open elements that is lower in the stack | ||||
|                         than the formatting element, and is not an element in | ||||
|                         the phrasing or formatting categories. There might | ||||
|                         not be one. */ | ||||
|                         $fe_s_pos = array_search($formatting_element, $this->stack, true); | ||||
|                         $length = count($this->stack); | ||||
| 
 | ||||
|                         for($s = $fe_s_pos + 1; $s < $length; $s++) { | ||||
|                             $category = $this->getElementCategory($this->stack[$s]->nodeName); | ||||
| 
 | ||||
|                             if($category !== self::PHRASING && $category !== self::FORMATTING) { | ||||
|                                 $furthest_block = $this->stack[$s]; | ||||
|                             } | ||||
|                         } | ||||
| 
 | ||||
|                         /* 3. If there is no furthest block, then the UA must | ||||
|                         skip the subsequent steps and instead just pop all | ||||
|                         the nodes from the bottom of the stack of open | ||||
|                         elements, from the current node up to the formatting | ||||
|                         element, and remove the formatting element from the | ||||
|                         list of active formatting elements. */ | ||||
|                         if(!isset($furthest_block)) { | ||||
|                             for($n = $length - 1; $n >= $fe_s_pos; $n--) { | ||||
|                                 array_pop($this->stack); | ||||
|                             } | ||||
| 
 | ||||
|                             unset($this->a_formatting[$fe_af_pos]); | ||||
|                             $this->a_formatting = array_merge($this->a_formatting); | ||||
|                             break; | ||||
|                         } | ||||
| 
 | ||||
|                         /* 4. Let the common ancestor be the element | ||||
|                         immediately above the formatting element in the stack | ||||
|                         of open elements. */ | ||||
|                         $common_ancestor = $this->stack[$fe_s_pos - 1]; | ||||
| 
 | ||||
|                         /* 5. If the furthest block has a parent node, then | ||||
|                         remove the furthest block from its parent node. */ | ||||
|                         if($furthest_block->parentNode !== null) { | ||||
|                             $furthest_block->parentNode->removeChild($furthest_block); | ||||
|                         } | ||||
| 
 | ||||
|                         /* 6. Let a bookmark note the position of the | ||||
|                         formatting element in the list of active formatting | ||||
|                         elements relative to the elements on either side | ||||
|                         of it in the list. */ | ||||
|                         $bookmark = $fe_af_pos; | ||||
| 
 | ||||
|                         /* 7. Let node and last node  be the furthest block. | ||||
|                         Follow these steps: */ | ||||
|                         $node = $furthest_block; | ||||
|                         $last_node = $furthest_block; | ||||
| 
 | ||||
|                         while(true) { | ||||
|                             for($n = array_search($node, $this->stack, true) - 1; $n >= 0; $n--) { | ||||
|                                 /* 7.1 Let node be the element immediately | ||||
|                                 prior to node in the stack of open elements. */ | ||||
|                                 $node = $this->stack[$n]; | ||||
| 
 | ||||
|                                 /* 7.2 If node is not in the list of active | ||||
|                                 formatting elements, then remove node from | ||||
|                                 the stack of open elements and then go back | ||||
|                                 to step 1. */ | ||||
|                                 if(!in_array($node, $this->a_formatting, true)) { | ||||
|                                     unset($this->stack[$n]); | ||||
|                                     $this->stack = array_merge($this->stack); | ||||
| 
 | ||||
|                                 } else { | ||||
|                                     break; | ||||
|                                 } | ||||
|                             } | ||||
| 
 | ||||
|                             /* 7.3 Otherwise, if node is the formatting | ||||
|                             element, then go to the next step in the overall | ||||
|                             algorithm. */ | ||||
|                             if($node === $formatting_element) { | ||||
|                                 break; | ||||
| 
 | ||||
|                             /* 7.4 Otherwise, if last node is the furthest | ||||
|                             block, then move the aforementioned bookmark to | ||||
|                             be immediately after the node in the list of | ||||
|                             active formatting elements. */ | ||||
|                             } elseif($last_node === $furthest_block) { | ||||
|                                 $bookmark = array_search($node, $this->a_formatting, true) + 1; | ||||
|                             } | ||||
| 
 | ||||
|                             /* 7.5 If node has any children, perform a | ||||
|                             shallow clone of node, replace the entry for | ||||
|                             node in the list of active formatting elements | ||||
|                             with an entry for the clone, replace the entry | ||||
|                             for node in the stack of open elements with an | ||||
|                             entry for the clone, and let node be the clone. */ | ||||
|                             if($node->hasChildNodes()) { | ||||
|                                 $clone = $node->cloneNode(); | ||||
|                                 $s_pos = array_search($node, $this->stack, true); | ||||
|                                 $a_pos = array_search($node, $this->a_formatting, true); | ||||
| 
 | ||||
|                                 $this->stack[$s_pos] = $clone; | ||||
|                                 $this->a_formatting[$a_pos] = $clone; | ||||
|                                 $node = $clone; | ||||
|                             } | ||||
| 
 | ||||
|                             /* 7.6 Insert last node into node, first removing | ||||
|                             it from its previous parent node if any. */ | ||||
|                             if($last_node->parentNode !== null) { | ||||
|                                 $last_node->parentNode->removeChild($last_node); | ||||
|                             } | ||||
| 
 | ||||
|                             $node->appendChild($last_node); | ||||
| 
 | ||||
|                             /* 7.7 Let last node be node. */ | ||||
|                             $last_node = $node; | ||||
|                         } | ||||
| 
 | ||||
|                         /* 8. Insert whatever last node ended up being in | ||||
|                         the previous step into the common ancestor node, | ||||
|                         first removing it from its previous parent node if | ||||
|                         any. */ | ||||
|                         if($last_node->parentNode !== null) { | ||||
|                             $last_node->parentNode->removeChild($last_node); | ||||
|                         } | ||||
| 
 | ||||
|                         $common_ancestor->appendChild($last_node); | ||||
| 
 | ||||
|                         /* 9. Perform a shallow clone of the formatting | ||||
|                         element. */ | ||||
|                         $clone = $formatting_element->cloneNode(); | ||||
| 
 | ||||
|                         /* 10. Take all of the child nodes of the furthest | ||||
|                         block and append them to the clone created in the | ||||
|                         last step. */ | ||||
|                         while($furthest_block->hasChildNodes()) { | ||||
|                             $child = $furthest_block->firstChild; | ||||
|                             $furthest_block->removeChild($child); | ||||
|                             $clone->appendChild($child); | ||||
|                         } | ||||
| 
 | ||||
|                         /* 11. Append that clone to the furthest block. */ | ||||
|                         $furthest_block->appendChild($clone); | ||||
| 
 | ||||
|                         /* 12. Remove the formatting element from the list | ||||
|                         of active formatting elements, and insert the clone | ||||
|                         into the list of active formatting elements at the | ||||
|                         position of the aforementioned bookmark. */ | ||||
|                         $fe_af_pos = array_search($formatting_element, $this->a_formatting, true); | ||||
|                         unset($this->a_formatting[$fe_af_pos]); | ||||
|                         $this->a_formatting = array_merge($this->a_formatting); | ||||
| 
 | ||||
|                         $af_part1 = array_slice($this->a_formatting, 0, $bookmark - 1); | ||||
|                         $af_part2 = array_slice($this->a_formatting, $bookmark, count($this->a_formatting)); | ||||
|                         $this->a_formatting = array_merge($af_part1, array($clone), $af_part2); | ||||
| 
 | ||||
|                         /* 13. Remove the formatting element from the stack | ||||
|                         of open elements, and insert the clone into the stack | ||||
|                         of open elements immediately after (i.e. in a more | ||||
|                         deeply nested position than) the position of the | ||||
|                         furthest block in that stack. */ | ||||
|                         $fe_s_pos = array_search($formatting_element, $this->stack, true); | ||||
|                         $fb_s_pos = array_search($furthest_block, $this->stack, true); | ||||
|                         unset($this->stack[$fe_s_pos]); | ||||
| 
 | ||||
|                         $s_part1 = array_slice($this->stack, 0, $fb_s_pos); | ||||
|                         $s_part2 = array_slice($this->stack, $fb_s_pos + 1, count($this->stack)); | ||||
|                         $this->stack = array_merge($s_part1, array($clone), $s_part2); | ||||
| 
 | ||||
|                         /* 14. Jump back to step 1 in this series of steps. */ | ||||
|                         unset($formatting_element, $fe_af_pos, $fe_s_pos, $furthest_block); | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag token whose tag name is one of: "button", | ||||
|                 "marquee", "object" */ | ||||
|                 case 'button': case 'marquee': case 'object': | ||||
|                     /* If the stack of open elements has an element in scope whose | ||||
|                     tag name matches the tag name of the token, then generate implied | ||||
|                     tags. */ | ||||
|                     if($this->elementInScope($token['name'])) { | ||||
|                         $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                         /* Now, if the current node is not an element with the same | ||||
|                         tag name as the token, then this is a parse error. */ | ||||
|                         // k
 | ||||
| 
 | ||||
|                         /* Now, if the stack of open elements has an element in scope | ||||
|                         whose tag name matches the tag name of the token, then pop | ||||
|                         elements from the stack until that element has been popped from | ||||
|                         the stack, and clear the list of active formatting elements up | ||||
|                         to the last marker. */ | ||||
|                         for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                             if($this->stack[$n]->nodeName === $token['name']) { | ||||
|                                 $n = -1; | ||||
|                             } | ||||
| 
 | ||||
|                             array_pop($this->stack); | ||||
|                         } | ||||
| 
 | ||||
|                         $marker = end(array_keys($this->a_formatting, self::MARKER, true)); | ||||
| 
 | ||||
|                         for($n = count($this->a_formatting) - 1; $n > $marker; $n--) { | ||||
|                             array_pop($this->a_formatting); | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
| 
 | ||||
|                 /* Or an end tag whose tag name is one of: "area", "basefont", | ||||
|                 "bgsound", "br", "embed", "hr", "iframe", "image", "img", | ||||
|                 "input", "isindex", "noembed", "noframes", "param", "select", | ||||
|                 "spacer", "table", "textarea", "wbr" */ | ||||
|                 case 'area': case 'basefont': case 'bgsound': case 'br': | ||||
|                 case 'embed': case 'hr': case 'iframe': case 'image': | ||||
|                 case 'img': case 'input': case 'isindex': case 'noembed': | ||||
|                 case 'noframes': case 'param': case 'select': case 'spacer': | ||||
|                 case 'table': case 'textarea': case 'wbr': | ||||
|                     // Parse error. Ignore the token.
 | ||||
|                 break; | ||||
| 
 | ||||
|                 /* An end tag token not covered by the previous entries */ | ||||
|                 default: | ||||
|                     for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                         /* Initialise node to be the current node (the bottommost | ||||
|                         node of the stack). */ | ||||
|                         $node = end($this->stack); | ||||
| 
 | ||||
|                         /* If node has the same tag name as the end tag token, | ||||
|                         then: */ | ||||
|                         if($token['name'] === $node->nodeName) { | ||||
|                             /* Generate implied end tags. */ | ||||
|                             $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                             /* If the tag name of the end tag token does not | ||||
|                             match the tag name of the current node, this is a | ||||
|                             parse error. */ | ||||
|                             // k
 | ||||
| 
 | ||||
|                             /* Pop all the nodes from the current node up to | ||||
|                             node, including node, then stop this algorithm. */ | ||||
|                             for($x = count($this->stack) - $n; $x >= $n; $x--) { | ||||
|                                 array_pop($this->stack); | ||||
|                             } | ||||
|                                      | ||||
|                         } else { | ||||
|                             $category = $this->getElementCategory($node); | ||||
| 
 | ||||
|                             if($category !== self::SPECIAL && $category !== self::SCOPING) { | ||||
|                                 /* Otherwise, if node is in neither the formatting | ||||
|                                 category nor the phrasing category, then this is a | ||||
|                                 parse error. Stop this algorithm. The end tag token | ||||
|                                 is ignored. */ | ||||
|                                 return false; | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 break; | ||||
|             } | ||||
|             break; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inTable($token) { | ||||
|         $clear = array('html', 'table'); | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $text = $this->dom->createTextNode($token['data']); | ||||
|             end($this->stack)->appendChild($text); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $comment = $this->dom->createComment($token['data']); | ||||
|             end($this->stack)->appendChild($comment); | ||||
| 
 | ||||
|         /* A start tag whose tag name is "caption" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'caption') { | ||||
|             /* Clear the stack back to a table context. */ | ||||
|             $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|             /* Insert a marker at the end of the list of active | ||||
|             formatting elements. */ | ||||
|             $this->a_formatting[] = self::MARKER; | ||||
| 
 | ||||
|             /* Insert an HTML element for the token, then switch the | ||||
|             insertion mode to "in caption". */ | ||||
|             $this->insertElement($token); | ||||
|             $this->mode = self::IN_CAPTION; | ||||
| 
 | ||||
|         /* A start tag whose tag name is "colgroup" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'colgroup') { | ||||
|             /* Clear the stack back to a table context. */ | ||||
|             $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|             /* Insert an HTML element for the token, then switch the | ||||
|             insertion mode to "in column group". */ | ||||
|             $this->insertElement($token); | ||||
|             $this->mode = self::IN_CGROUP; | ||||
| 
 | ||||
|         /* A start tag whose tag name is "col" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'col') { | ||||
|             $this->inTable(array( | ||||
|                 'name' => 'colgroup', | ||||
|                 'type' => HTML5::STARTTAG, | ||||
|                 'attr' => array() | ||||
|             )); | ||||
| 
 | ||||
|             $this->inColumnGroup($token); | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "tbody", "tfoot", "thead" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('tbody', 'tfoot', 'thead'))) { | ||||
|             /* Clear the stack back to a table context. */ | ||||
|             $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|             /* Insert an HTML element for the token, then switch the insertion | ||||
|             mode to "in table body". */ | ||||
|             $this->insertElement($token); | ||||
|             $this->mode = self::IN_TBODY; | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "td", "th", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         in_array($token['name'], array('td', 'th', 'tr'))) { | ||||
|             /* Act as if a start tag token with the tag name "tbody" had been | ||||
|             seen, then reprocess the current token. */ | ||||
|             $this->inTable(array( | ||||
|                 'name' => 'tbody', | ||||
|                 'type' => HTML5::STARTTAG, | ||||
|                 'attr' => array() | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inTableBody($token); | ||||
| 
 | ||||
|         /* A start tag whose tag name is "table" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'table') { | ||||
|             /* Parse error. Act as if an end tag token with the tag name "table" | ||||
|             had been seen, then, if that token wasn't ignored, reprocess the | ||||
|             current token. */ | ||||
|             $this->inTable(array( | ||||
|                 'name' => 'table', | ||||
|                 'type' => HTML5::ENDTAG | ||||
|             )); | ||||
| 
 | ||||
|             return $this->mainPhase($token); | ||||
| 
 | ||||
|         /* An end tag whose tag name is "table" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'table') { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. (innerHTML case) */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 return false; | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Generate implied end tags. */ | ||||
|                 $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                 /* Now, if the current node is not a table element, then this | ||||
|                 is a parse error. */ | ||||
|                 // w/e
 | ||||
| 
 | ||||
|                 /* Pop elements from this stack until a table element has been | ||||
|                 popped from the stack. */ | ||||
|                 while(true) { | ||||
|                     $current = end($this->stack)->nodeName; | ||||
|                     array_pop($this->stack); | ||||
| 
 | ||||
|                     if($current === 'table') { | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 /* Reset the insertion mode appropriately. */ | ||||
|                 $this->resetInsertionMode(); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "body", "caption", "col", | ||||
|         "colgroup", "html", "tbody", "td", "tfoot", "th", "thead", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('body', 'caption', 'col', 'colgroup', 'html', 'tbody', 'td', | ||||
|         'tfoot', 'th', 'thead', 'tr'))) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Parse error. Process the token as if the insertion mode was "in
 | ||||
|             body", with the following exception: */
 | ||||
| 
 | ||||
|             /* If the current node is a table, tbody, tfoot, thead, or tr | ||||
|             element, then, whenever a node would be inserted into the current | ||||
|             node, it must instead be inserted into the foster parent element. */ | ||||
|             if(in_array(end($this->stack)->nodeName, | ||||
|             array('table', 'tbody', 'tfoot', 'thead', 'tr'))) { | ||||
|                 /* The foster parent element is the parent element of the last | ||||
|                 table element in the stack of open elements, if there is a | ||||
|                 table element and it has such a parent element. If there is no | ||||
|                 table element in the stack of open elements (innerHTML case), | ||||
|                 then the foster parent element is the first element in the | ||||
|                 stack of open elements (the html  element). Otherwise, if there | ||||
|                 is a table element in the stack of open elements, but the last | ||||
|                 table element in the stack of open elements has no parent, or | ||||
|                 its parent node is not an element, then the foster parent | ||||
|                 element is the element before the last table element in the | ||||
|                 stack of open elements. */ | ||||
|                 for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                     if($this->stack[$n]->nodeName === 'table') { | ||||
|                         $table = $this->stack[$n]; | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 if(isset($table) && $table->parentNode !== null) { | ||||
|                     $this->foster_parent = $table->parentNode; | ||||
| 
 | ||||
|                 } elseif(!isset($table)) { | ||||
|                     $this->foster_parent = $this->stack[0]; | ||||
| 
 | ||||
|                 } elseif(isset($table) && ($table->parentNode === null || | ||||
|                 $table->parentNode->nodeType !== XML_ELEMENT_NODE)) { | ||||
|                     $this->foster_parent = $this->stack[$n - 1]; | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             $this->inBody($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inCaption($token) { | ||||
|         /* An end tag whose tag name is "caption" */ | ||||
|         if($token['type'] === HTML5::ENDTAG && $token['name'] === 'caption') { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. (innerHTML case) */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Generate implied end tags. */ | ||||
|                 $this->generateImpliedEndTags(); | ||||
| 
 | ||||
|                 /* Now, if the current node is not a caption element, then this | ||||
|                 is a parse error. */ | ||||
|                 // w/e
 | ||||
| 
 | ||||
|                 /* Pop elements from this stack until a caption element has | ||||
|                 been popped from the stack. */ | ||||
|                 while(true) { | ||||
|                     $node = end($this->stack)->nodeName; | ||||
|                     array_pop($this->stack); | ||||
| 
 | ||||
|                     if($node === 'caption') { | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 /* Clear the list of active formatting elements up to the last | ||||
|                 marker. */ | ||||
|                 $this->clearTheActiveFormattingElementsUpToTheLastMarker(); | ||||
| 
 | ||||
|                 /* Switch the insertion mode to "in table". */ | ||||
|                 $this->mode = self::IN_TABLE; | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "caption", "col", "colgroup", | ||||
|         "tbody", "td", "tfoot", "th", "thead", "tr", or an end tag whose tag | ||||
|         name is "table" */ | ||||
|         } elseif(($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', | ||||
|         'thead', 'tr'))) || ($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'table')) { | ||||
|             /* Parse error. Act as if an end tag with the tag name "caption" | ||||
|             had been seen, then, if that token wasn't ignored, reprocess the | ||||
|             current token. */ | ||||
|             $this->inCaption(array( | ||||
|                 'name' => 'caption', | ||||
|                 'type' => HTML5::ENDTAG | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inTable($token); | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "body", "col", "colgroup", | ||||
|         "html", "tbody", "td", "tfoot", "th", "thead", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('body', 'col', 'colgroup', 'html', 'tbody', 'tfoot', 'th', | ||||
|         'thead', 'tr'))) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Process the token as if the insertion mode was "in body". */ | ||||
|             $this->inBody($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inColumnGroup($token) { | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $text = $this->dom->createTextNode($token['data']); | ||||
|             end($this->stack)->appendChild($text); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $comment = $this->dom->createComment($token['data']); | ||||
|             end($this->stack)->appendChild($comment); | ||||
| 
 | ||||
|         /* A start tag whose tag name is "col" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && $token['name'] === 'col') { | ||||
|             /* Insert a col element for the token. Immediately pop the current | ||||
|             node off the stack of open elements. */ | ||||
|             $this->insertElement($token); | ||||
|             array_pop($this->stack); | ||||
| 
 | ||||
|         /* An end tag whose tag name is "colgroup" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'colgroup') { | ||||
|             /* If the current node is the root html element, then this is a | ||||
|             parse error, ignore the token. (innerHTML case) */ | ||||
|             if(end($this->stack)->nodeName === 'html') { | ||||
|                 // Ignore
 | ||||
| 
 | ||||
|             /* Otherwise, pop the current node (which will be a colgroup | ||||
|             element) from the stack of open elements. Switch the insertion | ||||
|             mode to "in table". */ | ||||
|             } else { | ||||
|                 array_pop($this->stack); | ||||
|                 $this->mode = self::IN_TABLE; | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is "col" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && $token['name'] === 'col') { | ||||
|             /* Parse error. Ignore the token. */ | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Act as if an end tag with the tag name "colgroup" had been seen, | ||||
|             and then, if that token wasn't ignored, reprocess the current token. */ | ||||
|             $this->inColumnGroup(array( | ||||
|                 'name' => 'colgroup', | ||||
|                 'type' => HTML5::ENDTAG | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inTable($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inTableBody($token) { | ||||
|         $clear = array('tbody', 'tfoot', 'thead', 'html'); | ||||
| 
 | ||||
|         /* A start tag whose tag name is "tr" */ | ||||
|         if($token['type'] === HTML5::STARTTAG && $token['name'] === 'tr') { | ||||
|             /* Clear the stack back to a table body context. */ | ||||
|             $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|             /* Insert a tr element for the token, then switch the insertion | ||||
|             mode to "in row". */ | ||||
|             $this->insertElement($token); | ||||
|             $this->mode = self::IN_ROW; | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "th", "td" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         ($token['name'] === 'th' ||    $token['name'] === 'td')) { | ||||
|             /* Parse error. Act as if a start tag with the tag name "tr" had | ||||
|             been seen, then reprocess the current token. */ | ||||
|             $this->inTableBody(array( | ||||
|                 'name' => 'tr', | ||||
|                 'type' => HTML5::STARTTAG, | ||||
|                 'attr' => array() | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inRow($token); | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         in_array($token['name'], array('tbody', 'tfoot', 'thead'))) { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Clear the stack back to a table body context. */ | ||||
|                 $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|                 /* Pop the current node from the stack of open elements. Switch | ||||
|                 the insertion mode to "in table". */ | ||||
|                 array_pop($this->stack); | ||||
|                 $this->mode = self::IN_TABLE; | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "caption", "col", "colgroup", | ||||
|         "tbody", "tfoot", "thead", or an end tag whose tag name is "table" */ | ||||
|         } elseif(($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('caption', 'col', 'colgroup', 'tbody', 'tfoor', 'thead'))) || | ||||
|         ($token['type'] === HTML5::STARTTAG && $token['name'] === 'table')) { | ||||
|             /* If the stack of open elements does not have a tbody, thead, or | ||||
|             tfoot element in table scope, this is a parse error. Ignore the | ||||
|             token. (innerHTML case) */ | ||||
|             if(!$this->elementInScope(array('tbody', 'thead', 'tfoot'), true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Clear the stack back to a table body context. */ | ||||
|                 $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|                 /* Act as if an end tag with the same tag name as the current | ||||
|                 node ("tbody", "tfoot", or "thead") had been seen, then | ||||
|                 reprocess the current token. */ | ||||
|                 $this->inTableBody(array( | ||||
|                     'name' => end($this->stack)->nodeName, | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
| 
 | ||||
|                 return $this->mainPhase($token); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "body", "caption", "col", | ||||
|         "colgroup", "html", "td", "th", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr'))) { | ||||
|             /* Parse error. Ignore the token. */ | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Process the token as if the insertion mode was "in table". */ | ||||
|             $this->inTable($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inRow($token) { | ||||
|         $clear = array('tr', 'html'); | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "th", "td" */ | ||||
|         if($token['type'] === HTML5::STARTTAG && | ||||
|         ($token['name'] === 'th' || $token['name'] === 'td')) { | ||||
|             /* Clear the stack back to a table row context. */ | ||||
|             $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|             /* Insert an HTML element for the token, then switch the insertion | ||||
|             mode to "in cell". */ | ||||
|             $this->insertElement($token); | ||||
|             $this->mode = self::IN_CELL; | ||||
| 
 | ||||
|             /* Insert a marker at the end of the list of active formatting | ||||
|             elements. */ | ||||
|             $this->a_formatting[] = self::MARKER; | ||||
| 
 | ||||
|         /* An end tag whose tag name is "tr" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && $token['name'] === 'tr') { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. (innerHTML case) */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Clear the stack back to a table row context. */ | ||||
|                 $this->clearStackToTableContext($clear); | ||||
| 
 | ||||
|                 /* Pop the current node (which will be a tr element) from the | ||||
|                 stack of open elements. Switch the insertion mode to "in table
 | ||||
|                 body". */
 | ||||
|                 array_pop($this->stack); | ||||
|                 $this->mode = self::IN_TBODY; | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "caption", "col", "colgroup", | ||||
|         "tbody", "tfoot", "thead", "tr" or an end tag whose tag name is "table" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('caption', 'col', 'colgroup', 'tbody', 'tfoot', 'thead', 'tr'))) { | ||||
|             /* Act as if an end tag with the tag name "tr" had been seen, then, | ||||
|             if that token wasn't ignored, reprocess the current token. */ | ||||
|             $this->inRow(array( | ||||
|                 'name' => 'tr', | ||||
|                 'type' => HTML5::ENDTAG | ||||
|             )); | ||||
| 
 | ||||
|             return $this->inCell($token); | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         in_array($token['name'], array('tbody', 'tfoot', 'thead'))) { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Otherwise, act as if an end tag with the tag name "tr" had | ||||
|                 been seen, then reprocess the current token. */ | ||||
|                 $this->inRow(array( | ||||
|                     'name' => 'tr', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
| 
 | ||||
|                 return $this->inCell($token); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "body", "caption", "col", | ||||
|         "colgroup", "html", "td", "th" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr'))) { | ||||
|             /* Parse error. Ignore the token. */ | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Process the token as if the insertion mode was "in table". */ | ||||
|             $this->inTable($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inCell($token) { | ||||
|         /* An end tag whose tag name is one of: "td", "th" */ | ||||
|         if($token['type'] === HTML5::ENDTAG && | ||||
|         ($token['name'] === 'td' || $token['name'] === 'th')) { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as that of the token, then this is a | ||||
|             parse error and the token must be ignored. */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Generate implied end tags, except for elements with the same | ||||
|                 tag name as the token. */ | ||||
|                 $this->generateImpliedEndTags(array($token['name'])); | ||||
| 
 | ||||
|                 /* Now, if the current node is not an element with the same tag | ||||
|                 name as the token, then this is a parse error. */ | ||||
|                 // k
 | ||||
| 
 | ||||
|                 /* Pop elements from this stack until an element with the same | ||||
|                 tag name as the token has been popped from the stack. */ | ||||
|                 while(true) { | ||||
|                     $node = end($this->stack)->nodeName; | ||||
|                     array_pop($this->stack); | ||||
| 
 | ||||
|                     if($node === $token['name']) { | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 /* Clear the list of active formatting elements up to the last | ||||
|                 marker. */ | ||||
|                 $this->clearTheActiveFormattingElementsUpToTheLastMarker(); | ||||
| 
 | ||||
|                 /* Switch the insertion mode to "in row". (The current node | ||||
|                 will be a tr element at this point.) */ | ||||
|                 $this->mode = self::IN_ROW; | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "caption", "col", "colgroup", | ||||
|         "tbody", "td", "tfoot", "th", "thead", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', | ||||
|         'thead', 'tr'))) { | ||||
|             /* If the stack of open elements does not have a td or th element | ||||
|             in table scope, then this is a parse error; ignore the token. | ||||
|             (innerHTML case) */ | ||||
|             if(!$this->elementInScope(array('td', 'th'), true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise, close the cell (see below) and reprocess the current | ||||
|             token. */ | ||||
|             } else { | ||||
|                 $this->closeCell(); | ||||
|                 return $this->inRow($token); | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is one of: "caption", "col", "colgroup", | ||||
|         "tbody", "td", "tfoot", "th", "thead", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && in_array($token['name'], | ||||
|         array('caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', | ||||
|         'thead', 'tr'))) { | ||||
|             /* If the stack of open elements does not have a td or th element | ||||
|             in table scope, then this is a parse error; ignore the token. | ||||
|             (innerHTML case) */ | ||||
|             if(!$this->elementInScope(array('td', 'th'), true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise, close the cell (see below) and reprocess the current | ||||
|             token. */ | ||||
|             } else { | ||||
|                 $this->closeCell(); | ||||
|                 return $this->inRow($token); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "body", "caption", "col", | ||||
|         "colgroup", "html" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('body', 'caption', 'col', 'colgroup', 'html'))) { | ||||
|             /* Parse error. Ignore the token. */ | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "table", "tbody", "tfoot", | ||||
|         "thead", "tr" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && in_array($token['name'], | ||||
|         array('table', 'tbody', 'tfoot', 'thead', 'tr'))) { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as that of the token (which can only | ||||
|             happen for "tbody", "tfoot" and "thead", or, in the innerHTML case), | ||||
|             then this is a parse error and the token must be ignored. */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // Ignore.
 | ||||
| 
 | ||||
|             /* Otherwise, close the cell (see below) and reprocess the current | ||||
|             token. */ | ||||
|             } else { | ||||
|                 $this->closeCell(); | ||||
|                 return $this->inRow($token); | ||||
|             } | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Process the token as if the insertion mode was "in body". */ | ||||
|             $this->inBody($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inSelect($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token */ | ||||
|         if($token['type'] === HTML5::CHARACTR) { | ||||
|             /* Append the token's character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         /* A start tag token whose tag name is "option" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'option') { | ||||
|             /* If the current node is an option element, act as if an end tag | ||||
|             with the tag name "option" had been seen. */ | ||||
|             if(end($this->stack)->nodeName === 'option') { | ||||
|                 $this->inSelect(array( | ||||
|                     'name' => 'option', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
|             } | ||||
| 
 | ||||
|             /* Insert an HTML element for the token. */ | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|         /* A start tag token whose tag name is "optgroup" */ | ||||
|         } elseif($token['type'] === HTML5::STARTTAG && | ||||
|         $token['name'] === 'optgroup') { | ||||
|             /* If the current node is an option element, act as if an end tag | ||||
|             with the tag name "option" had been seen. */ | ||||
|             if(end($this->stack)->nodeName === 'option') { | ||||
|                 $this->inSelect(array( | ||||
|                     'name' => 'option', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
|             } | ||||
| 
 | ||||
|             /* If the current node is an optgroup element, act as if an end tag | ||||
|             with the tag name "optgroup" had been seen. */ | ||||
|             if(end($this->stack)->nodeName === 'optgroup') { | ||||
|                 $this->inSelect(array( | ||||
|                     'name' => 'optgroup', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
|             } | ||||
| 
 | ||||
|             /* Insert an HTML element for the token. */ | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|         /* An end tag token whose tag name is "optgroup" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'optgroup') { | ||||
|             /* First, if the current node is an option element, and the node | ||||
|             immediately before it in the stack of open elements is an optgroup | ||||
|             element, then act as if an end tag with the tag name "option" had | ||||
|             been seen. */ | ||||
|             $elements_in_stack = count($this->stack); | ||||
| 
 | ||||
|             if($this->stack[$elements_in_stack - 1]->nodeName === 'option' && | ||||
|             $this->stack[$elements_in_stack - 2]->nodeName === 'optgroup') { | ||||
|                 $this->inSelect(array( | ||||
|                     'name' => 'option', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
|             } | ||||
| 
 | ||||
|             /* If the current node is an optgroup element, then pop that node | ||||
|             from the stack of open elements. Otherwise, this is a parse error, | ||||
|             ignore the token. */ | ||||
|             if($this->stack[$elements_in_stack - 1] === 'optgroup') { | ||||
|                 array_pop($this->stack); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag token whose tag name is "option" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'option') { | ||||
|             /* If the current node is an option element, then pop that node | ||||
|             from the stack of open elements. Otherwise, this is a parse error, | ||||
|             ignore the token. */ | ||||
|             if(end($this->stack)->nodeName === 'option') { | ||||
|                 array_pop($this->stack); | ||||
|             } | ||||
| 
 | ||||
|         /* An end tag whose tag name is "select" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && | ||||
|         $token['name'] === 'select') { | ||||
|             /* If the stack of open elements does not have an element in table | ||||
|             scope with the same tag name as the token, this is a parse error. | ||||
|             Ignore the token. (innerHTML case) */ | ||||
|             if(!$this->elementInScope($token['name'], true)) { | ||||
|                 // w/e
 | ||||
| 
 | ||||
|             /* Otherwise: */ | ||||
|             } else { | ||||
|                 /* Pop elements from the stack of open elements until a select | ||||
|                 element has been popped from the stack. */ | ||||
|                 while(true) { | ||||
|                     $current = end($this->stack)->nodeName; | ||||
|                     array_pop($this->stack); | ||||
| 
 | ||||
|                     if($current === 'select') { | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 /* Reset the insertion mode appropriately. */ | ||||
|                 $this->resetInsertionMode(); | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag whose tag name is "select" */ | ||||
|         } elseif($token['name'] === 'select' && | ||||
|         $token['type'] === HTML5::STARTTAG) { | ||||
|             /* Parse error. Act as if the token had been an end tag with the | ||||
|             tag name "select" instead. */ | ||||
|             $this->inSelect(array( | ||||
|                 'name' => 'select', | ||||
|                 'type' => HTML5::ENDTAG | ||||
|             )); | ||||
| 
 | ||||
|         /* An end tag whose tag name is one of: "caption", "table", "tbody", | ||||
|         "tfoot", "thead", "tr", "td", "th" */ | ||||
|         } elseif(in_array($token['name'], array('caption', 'table', 'tbody', | ||||
|         'tfoot', 'thead', 'tr', 'td', 'th')) && $token['type'] === HTML5::ENDTAG) { | ||||
|             /* Parse error. */ | ||||
|             // w/e
 | ||||
| 
 | ||||
|             /* If the stack of open elements has an element in table scope with | ||||
|             the same tag name as that of the token, then act as if an end tag | ||||
|             with the tag name "select" had been seen, and reprocess the token. | ||||
|             Otherwise, ignore the token. */ | ||||
|             if($this->elementInScope($token['name'], true)) { | ||||
|                 $this->inSelect(array( | ||||
|                     'name' => 'select', | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
| 
 | ||||
|                 $this->mainPhase($token); | ||||
|             } | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Parse error. Ignore the token. */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function afterBody($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Process the token as it would be processed if the insertion mode | ||||
|             was "in body". */ | ||||
|             $this->inBody($token); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the first element in the stack of open | ||||
|             elements (the html element), with the data attribute set to the | ||||
|             data given in the comment token. */ | ||||
|             $comment = $this->dom->createComment($token['data']); | ||||
|             $this->stack[0]->appendChild($comment); | ||||
| 
 | ||||
|         /* An end tag with the tag name "html" */ | ||||
|         } elseif($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') { | ||||
|             /* If the parser was originally created in order to handle the | ||||
|             setting of an element's innerHTML attribute, this is a parse error; | ||||
|             ignore the token. (The element will be an html element in this | ||||
|             case.) (innerHTML case) */ | ||||
| 
 | ||||
|             /* Otherwise, switch to the trailing end phase. */ | ||||
|             $this->phase = self::END_PHASE; | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Parse error. Set the insertion mode to "in body" and reprocess | ||||
|             the token. */ | ||||
|             $this->mode = self::IN_BODY; | ||||
|             return $this->inBody($token); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function inFrameset($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         /* A start tag with the tag name "frameset" */ | ||||
|         } elseif($token['name'] === 'frameset' && | ||||
|         $token['type'] === HTML5::STARTTAG) { | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|         /* An end tag with the tag name "frameset" */ | ||||
|         } elseif($token['name'] === 'frameset' && | ||||
|         $token['type'] === HTML5::ENDTAG) { | ||||
|             /* If the current node is the root html element, then this is a | ||||
|             parse error; ignore the token. (innerHTML case) */ | ||||
|             if(end($this->stack)->nodeName === 'html') { | ||||
|                 // Ignore
 | ||||
| 
 | ||||
|             } else { | ||||
|                 /* Otherwise, pop the current node from the stack of open | ||||
|                 elements. */ | ||||
|                 array_pop($this->stack); | ||||
| 
 | ||||
|                 /* If the parser was not originally created in order to handle | ||||
|                 the setting of an element's innerHTML attribute (innerHTML case), | ||||
|                 and the current node is no longer a frameset element, then change | ||||
|                 the insertion mode to "after frameset". */ | ||||
|                 $this->mode = self::AFTR_FRAME; | ||||
|             } | ||||
| 
 | ||||
|         /* A start tag with the tag name "frame" */ | ||||
|         } elseif($token['name'] === 'frame' && | ||||
|         $token['type'] === HTML5::STARTTAG) { | ||||
|             /* Insert an HTML element for the token. */ | ||||
|             $this->insertElement($token); | ||||
| 
 | ||||
|             /* Immediately pop the current node off the stack of open elements. */ | ||||
|             array_pop($this->stack); | ||||
| 
 | ||||
|         /* A start tag with the tag name "noframes" */ | ||||
|         } elseif($token['name'] === 'noframes' && | ||||
|         $token['type'] === HTML5::STARTTAG) { | ||||
|             /* Process the token as if the insertion mode had been "in body". */ | ||||
|             $this->inBody($token); | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Parse error. Ignore the token. */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function afterFrameset($token) { | ||||
|         /* Handle the token as follows: */ | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */ | ||||
|         if($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Append the character to the current node. */ | ||||
|             $this->insertText($token['data']); | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the current node with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $this->insertComment($token['data']); | ||||
| 
 | ||||
|         /* An end tag with the tag name "html" */ | ||||
|         } elseif($token['name'] === 'html' && | ||||
|         $token['type'] === HTML5::ENDTAG) { | ||||
|             /* Switch to the trailing end phase. */ | ||||
|             $this->phase = self::END_PHASE; | ||||
| 
 | ||||
|         /* A start tag with the tag name "noframes" */ | ||||
|         } elseif($token['name'] === 'noframes' && | ||||
|         $token['type'] === HTML5::STARTTAG) { | ||||
|             /* Process the token as if the insertion mode had been "in body". */ | ||||
|             $this->inBody($token); | ||||
| 
 | ||||
|         /* Anything else */ | ||||
|         } else { | ||||
|             /* Parse error. Ignore the token. */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function trailingEndPhase($token) { | ||||
|         /* After the main phase, as each token is emitted from the tokenisation | ||||
|         stage, it must be processed as described in this section. */ | ||||
| 
 | ||||
|         /* A DOCTYPE token */ | ||||
|         if($token['type'] === HTML5::DOCTYPE) { | ||||
|             // Parse error. Ignore the token.
 | ||||
| 
 | ||||
|         /* A comment token */ | ||||
|         } elseif($token['type'] === HTML5::COMMENT) { | ||||
|             /* Append a Comment node to the Document object with the data | ||||
|             attribute set to the data given in the comment token. */ | ||||
|             $comment = $this->dom->createComment($token['data']); | ||||
|             $this->dom->appendChild($comment); | ||||
| 
 | ||||
|         /* A character token that is one of one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE */ | ||||
|         } elseif($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) { | ||||
|             /* Process the token as it would be processed in the main phase. */ | ||||
|             $this->mainPhase($token); | ||||
| 
 | ||||
|         /* A character token that is not one of U+0009 CHARACTER TABULATION, | ||||
|         U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF), | ||||
|         or U+0020 SPACE. Or a start tag token. Or an end tag token. */ | ||||
|         } elseif(($token['type'] === HTML5::CHARACTR && | ||||
|         preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) || | ||||
|         $token['type'] === HTML5::STARTTAG || $token['type'] === HTML5::ENDTAG) { | ||||
|             /* Parse error. Switch back to the main phase and reprocess the | ||||
|             token. */ | ||||
|             $this->phase = self::MAIN_PHASE; | ||||
|             return $this->mainPhase($token); | ||||
| 
 | ||||
|         /* An end-of-file token */ | ||||
|         } elseif($token['type'] === HTML5::EOF) { | ||||
|             /* OMG DONE!! */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function insertElement($token, $append = true, $check = false) { | ||||
|         // Proprietary workaround for libxml2's limitations with tag names
 | ||||
|         if ($check) { | ||||
|             // Slightly modified HTML5 tag-name modification,
 | ||||
|             // removing anything that's not an ASCII letter, digit, or hyphen
 | ||||
|             $token['name'] = preg_replace('/[^a-z0-9-]/i', '', $token['name']); | ||||
|             // Remove leading hyphens and numbers
 | ||||
|             $token['name'] = ltrim($token['name'], '-0..9'); | ||||
|             // In theory, this should ever be needed, but just in case
 | ||||
|             if ($token['name'] === '') $token['name'] = 'span'; // arbitrary generic choice
 | ||||
|         } | ||||
|          | ||||
|         $el = $this->dom->createElement($token['name']); | ||||
| 
 | ||||
|         foreach($token['attr'] as $attr) { | ||||
|             if(!$el->hasAttribute($attr['name'])) { | ||||
|                 $el->setAttribute($attr['name'], $attr['value']); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         $this->appendToRealParent($el); | ||||
|         $this->stack[] = $el; | ||||
| 
 | ||||
|         return $el; | ||||
|     } | ||||
| 
 | ||||
|     private function insertText($data) { | ||||
|         $text = $this->dom->createTextNode($data); | ||||
|         $this->appendToRealParent($text); | ||||
|     } | ||||
| 
 | ||||
|     private function insertComment($data) { | ||||
|         $comment = $this->dom->createComment($data); | ||||
|         $this->appendToRealParent($comment); | ||||
|     } | ||||
| 
 | ||||
|     private function appendToRealParent($node) { | ||||
|         if($this->foster_parent === null) { | ||||
|             end($this->stack)->appendChild($node); | ||||
| 
 | ||||
|         } elseif($this->foster_parent !== null) { | ||||
|             /* If the foster parent element is the parent element of the | ||||
|             last table element in the stack of open elements, then the new | ||||
|             node must be inserted immediately before the last table element | ||||
|             in the stack of open elements in the foster parent element; | ||||
|             otherwise, the new node must be appended to the foster parent | ||||
|             element. */ | ||||
|             for($n = count($this->stack) - 1; $n >= 0; $n--) { | ||||
|                 if($this->stack[$n]->nodeName === 'table' && | ||||
|                 $this->stack[$n]->parentNode !== null) { | ||||
|                     $table = $this->stack[$n]; | ||||
|                     break; | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             if(isset($table) && $this->foster_parent->isSameNode($table->parentNode)) | ||||
|                 $this->foster_parent->insertBefore($node, $table); | ||||
|             else | ||||
|                 $this->foster_parent->appendChild($node); | ||||
| 
 | ||||
|             $this->foster_parent = null; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function elementInScope($el, $table = false) { | ||||
|         if(is_array($el)) { | ||||
|             foreach($el as $element) { | ||||
|                 if($this->elementInScope($element, $table)) { | ||||
|                     return true; | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $leng = count($this->stack); | ||||
| 
 | ||||
|         for($n = 0; $n < $leng; $n++) { | ||||
|             /* 1. Initialise node to be the current node (the bottommost node of | ||||
|             the stack). */ | ||||
|             $node = $this->stack[$leng - 1 - $n]; | ||||
| 
 | ||||
|             if($node->tagName === $el) { | ||||
|                 /* 2. If node is the target node, terminate in a match state. */ | ||||
|                 return true; | ||||
| 
 | ||||
|             } elseif($node->tagName === 'table') { | ||||
|                 /* 3. Otherwise, if node is a table element, terminate in a failure | ||||
|                 state. */ | ||||
|                 return false; | ||||
| 
 | ||||
|             } elseif($table === true && in_array($node->tagName, array('caption', 'td', | ||||
|             'th', 'button', 'marquee', 'object'))) { | ||||
|                 /* 4. Otherwise, if the algorithm is the "has an element in scope" | ||||
|                 variant (rather than the "has an element in table scope" variant), | ||||
|                 and node is one of the following, terminate in a failure state. */ | ||||
|                 return false; | ||||
| 
 | ||||
|             } elseif($node === $node->ownerDocument->documentElement) { | ||||
|                 /* 5. Otherwise, if node is an html element (root element), terminate | ||||
|                 in a failure state. (This can only happen if the node is the topmost | ||||
|                 node of the    stack of open elements, and prevents the next step from | ||||
|                 being invoked if there are no more elements in the stack.) */ | ||||
|                 return false; | ||||
|             } | ||||
| 
 | ||||
|             /* Otherwise, set node to the previous entry in the stack of open | ||||
|             elements and return to step 2. (This will never fail, since the loop | ||||
|             will always terminate in the previous step if the top of the stack | ||||
|             is reached.) */ | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function reconstructActiveFormattingElements() { | ||||
|         /* 1. If there are no entries in the list of active formatting elements, | ||||
|         then there is nothing to reconstruct; stop this algorithm. */ | ||||
|         $formatting_elements = count($this->a_formatting); | ||||
| 
 | ||||
|         if($formatting_elements === 0) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         /* 3. Let entry be the last (most recently added) element in the list | ||||
|         of active formatting elements. */ | ||||
|         $entry = end($this->a_formatting); | ||||
| 
 | ||||
|         /* 2. If the last (most recently added) entry in the list of active | ||||
|         formatting elements is a marker, or if it is an element that is in the | ||||
|         stack of open elements, then there is nothing to reconstruct; stop this | ||||
|         algorithm. */ | ||||
|         if($entry === self::MARKER || in_array($entry, $this->stack, true)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         for($a = $formatting_elements - 1; $a >= 0; true) { | ||||
|             /* 4. If there are no entries before entry in the list of active | ||||
|             formatting elements, then jump to step 8. */ | ||||
|             if($a === 0) { | ||||
|                 $step_seven = false; | ||||
|                 break; | ||||
|             } | ||||
| 
 | ||||
|             /* 5. Let entry be the entry one earlier than entry in the list of | ||||
|             active formatting elements. */ | ||||
|             $a--; | ||||
|             $entry = $this->a_formatting[$a]; | ||||
| 
 | ||||
|             /* 6. If entry is neither a marker nor an element that is also in | ||||
|             thetack of open elements, go to step 4. */ | ||||
|             if($entry === self::MARKER || in_array($entry, $this->stack, true)) { | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         while(true) { | ||||
|             /* 7. Let entry be the element one later than entry in the list of | ||||
|             active formatting elements. */ | ||||
|             if(isset($step_seven) && $step_seven === true) { | ||||
|                 $a++; | ||||
|                 $entry = $this->a_formatting[$a]; | ||||
|             } | ||||
| 
 | ||||
|             /* 8. Perform a shallow clone of the element entry to obtain clone. */ | ||||
|             $clone = $entry->cloneNode(); | ||||
| 
 | ||||
|             /* 9. Append clone to the current node and push it onto the stack | ||||
|             of open elements  so that it is the new current node. */ | ||||
|             end($this->stack)->appendChild($clone); | ||||
|             $this->stack[] = $clone; | ||||
| 
 | ||||
|             /* 10. Replace the entry for entry in the list with an entry for | ||||
|             clone. */ | ||||
|             $this->a_formatting[$a] = $clone; | ||||
| 
 | ||||
|             /* 11. If the entry for clone in the list of active formatting | ||||
|             elements is not the last entry in the list, return to step 7. */ | ||||
|             if(end($this->a_formatting) !== $clone) { | ||||
|                 $step_seven = true; | ||||
|             } else { | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function clearTheActiveFormattingElementsUpToTheLastMarker() { | ||||
|         /* When the steps below require the UA to clear the list of active | ||||
|         formatting elements up to the last marker, the UA must perform the | ||||
|         following steps: */ | ||||
| 
 | ||||
|         while(true) { | ||||
|             /* 1. Let entry be the last (most recently added) entry in the list | ||||
|             of active formatting elements. */ | ||||
|             $entry = end($this->a_formatting); | ||||
| 
 | ||||
|             /* 2. Remove entry from the list of active formatting elements. */ | ||||
|             array_pop($this->a_formatting); | ||||
| 
 | ||||
|             /* 3. If entry was a marker, then stop the algorithm at this point. | ||||
|             The list has been cleared up to the last marker. */ | ||||
|             if($entry === self::MARKER) { | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function generateImpliedEndTags($exclude = array()) { | ||||
|         /* When the steps below require the UA to generate implied end tags, | ||||
|         then, if the current node is a dd element, a dt element, an li element, | ||||
|         a p element, a td element, a th  element, or a tr element, the UA must | ||||
|         act as if an end tag with the respective tag name had been seen and | ||||
|         then generate implied end tags again. */ | ||||
|         $node = end($this->stack); | ||||
|         $elements = array_diff(array('dd', 'dt', 'li', 'p', 'td', 'th', 'tr'), $exclude); | ||||
| 
 | ||||
|         while(in_array(end($this->stack)->nodeName, $elements)) { | ||||
|             array_pop($this->stack); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function getElementCategory($node) { | ||||
|         $name = $node->tagName; | ||||
|         if(in_array($name, $this->special)) | ||||
|             return self::SPECIAL; | ||||
| 
 | ||||
|         elseif(in_array($name, $this->scoping)) | ||||
|             return self::SCOPING; | ||||
| 
 | ||||
|         elseif(in_array($name, $this->formatting)) | ||||
|             return self::FORMATTING; | ||||
| 
 | ||||
|         else | ||||
|             return self::PHRASING; | ||||
|     } | ||||
| 
 | ||||
|     private function clearStackToTableContext($elements) { | ||||
|         /* When the steps above require the UA to clear the stack back to a | ||||
|         table context, it means that the UA must, while the current node is not | ||||
|         a table element or an html element, pop elements from the stack of open | ||||
|         elements. If this causes any elements to be popped from the stack, then | ||||
|         this is a parse error. */ | ||||
|         while(true) { | ||||
|             $node = end($this->stack)->nodeName; | ||||
| 
 | ||||
|             if(in_array($node, $elements)) { | ||||
|                 break; | ||||
|             } else { | ||||
|                 array_pop($this->stack); | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function resetInsertionMode() { | ||||
|         /* 1. Let last be false. */ | ||||
|         $last = false; | ||||
|         $leng = count($this->stack); | ||||
| 
 | ||||
|         for($n = $leng - 1; $n >= 0; $n--) { | ||||
|             /* 2. Let node be the last node in the stack of open elements. */ | ||||
|             $node = $this->stack[$n]; | ||||
| 
 | ||||
|             /* 3. If node is the first node in the stack of open elements, then | ||||
|             set last to true. If the element whose innerHTML  attribute is being | ||||
|             set is neither a td  element nor a th element, then set node to the | ||||
|             element whose innerHTML  attribute is being set. (innerHTML  case) */ | ||||
|             if($this->stack[0]->isSameNode($node)) { | ||||
|                 $last = true; | ||||
|             } | ||||
| 
 | ||||
|             /* 4. If node is a select element, then switch the insertion mode to | ||||
|             "in select" and abort these steps. (innerHTML case) */ | ||||
|             if($node->nodeName === 'select') { | ||||
|                 $this->mode = self::IN_SELECT; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 5. If node is a td or th element, then switch the insertion mode | ||||
|             to "in cell" and abort these steps. */ | ||||
|             } elseif($node->nodeName === 'td' || $node->nodeName === 'th') { | ||||
|                 $this->mode = self::IN_CELL; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 6. If node is a tr element, then switch the insertion mode to | ||||
|             "in    row" and abort these steps. */ | ||||
|             } elseif($node->nodeName === 'tr') { | ||||
|                 $this->mode = self::IN_ROW; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 7. If node is a tbody, thead, or tfoot element, then switch the | ||||
|             insertion mode to "in table body" and abort these steps. */ | ||||
|             } elseif(in_array($node->nodeName, array('tbody', 'thead', 'tfoot'))) { | ||||
|                 $this->mode = self::IN_TBODY; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 8. If node is a caption element, then switch the insertion mode | ||||
|             to "in caption" and abort these steps. */ | ||||
|             } elseif($node->nodeName === 'caption') { | ||||
|                 $this->mode = self::IN_CAPTION; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 9. If node is a colgroup element, then switch the insertion mode | ||||
|             to "in column group" and abort these steps. (innerHTML case) */ | ||||
|             } elseif($node->nodeName === 'colgroup') { | ||||
|                 $this->mode = self::IN_CGROUP; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 10. If node is a table element, then switch the insertion mode | ||||
|             to "in table" and abort these steps. */ | ||||
|             } elseif($node->nodeName === 'table') { | ||||
|                 $this->mode = self::IN_TABLE; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 11. If node is a head element, then switch the insertion mode | ||||
|             to "in body" ("in body"! not "in head"!) and abort these steps. | ||||
|             (innerHTML case) */ | ||||
|             } elseif($node->nodeName === 'head') { | ||||
|                 $this->mode = self::IN_BODY; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 12. If node is a body element, then switch the insertion mode to | ||||
|             "in body" and abort these steps. */ | ||||
|             } elseif($node->nodeName === 'body') { | ||||
|                 $this->mode = self::IN_BODY; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 13. If node is a frameset element, then switch the insertion | ||||
|             mode to "in frameset" and abort these steps. (innerHTML case) */ | ||||
|             } elseif($node->nodeName === 'frameset') { | ||||
|                 $this->mode = self::IN_FRAME; | ||||
|                 break; | ||||
| 
 | ||||
|             /* 14. If node is an html element, then: if the head element | ||||
|             pointer is null, switch the insertion mode to "before head", | ||||
|             otherwise, switch the insertion mode to "after head". In either | ||||
|             case, abort these steps. (innerHTML case) */ | ||||
|             } elseif($node->nodeName === 'html') { | ||||
|                 $this->mode = ($this->head_pointer === null) | ||||
|                     ? self::BEFOR_HEAD | ||||
|                     : self::AFTER_HEAD; | ||||
| 
 | ||||
|                 break; | ||||
| 
 | ||||
|             /* 15. If last is true, then set the insertion mode to "in body" | ||||
|             and    abort these steps. (innerHTML case) */ | ||||
|             } elseif($last) { | ||||
|                 $this->mode = self::IN_BODY; | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private function closeCell() { | ||||
|         /* If the stack of open elements has a td or th element in table scope, | ||||
|         then act as if an end tag token with that tag name had been seen. */ | ||||
|         foreach(array('td', 'th') as $cell) { | ||||
|             if($this->elementInScope($cell, true)) { | ||||
|                 $this->inCell(array( | ||||
|                     'name' => $cell, | ||||
|                     'type' => HTML5::ENDTAG | ||||
|                 )); | ||||
| 
 | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     public function save() { | ||||
|         return $this->dom; | ||||
|     } | ||||
| } | ||||
| ?>
 | ||||
|  | @ -1,328 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Takes a well formed list of tokens and fixes their nesting. | ||||
|  * | ||||
|  * HTML elements dictate which elements are allowed to be their children, | ||||
|  * for example, you can't have a p tag in a span tag.  Other elements have | ||||
|  * much more rigorous definitions: tables, for instance, require a specific | ||||
|  * order for their elements.  There are also constraints not expressible by | ||||
|  * document type definitions, such as the chameleon nature of ins/del | ||||
|  * tags and global child exclusions. | ||||
|  * | ||||
|  * The first major objective of this strategy is to iterate through all the | ||||
|  * nodes (not tokens) of the list of tokens and determine whether or not | ||||
|  * their children conform to the element's definition.  If they do not, the | ||||
|  * child definition may optionally supply an amended list of elements that | ||||
|  * is valid or require that the entire node be deleted (and the previous | ||||
|  * node rescanned). | ||||
|  * | ||||
|  * The second objective is to ensure that explicitly excluded elements of | ||||
|  * an element do not appear in its children.  Code that accomplishes this | ||||
|  * task is pervasive through the strategy, though the two are distinct tasks | ||||
|  * and could, theoretically, be seperated (although it's not recommended). | ||||
|  * | ||||
|  * @note Whether or not unrecognized children are silently dropped or | ||||
|  *       translated into text depends on the child definitions. | ||||
|  * | ||||
|  * @todo Enable nodes to be bubbled out of the structure. | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy | ||||
| { | ||||
| 
 | ||||
|     public function execute($tokens, $config, $context) { | ||||
|         //####################################################################//
 | ||||
|         // Pre-processing
 | ||||
| 
 | ||||
|         // get a copy of the HTML definition
 | ||||
|         $definition = $config->getHTMLDefinition(); | ||||
| 
 | ||||
|         // insert implicit "parent" node, will be removed at end.
 | ||||
|         // DEFINITION CALL
 | ||||
|         $parent_name = $definition->info_parent; | ||||
|         array_unshift($tokens, new HTMLPurifier_Token_Start($parent_name)); | ||||
|         $tokens[] = new HTMLPurifier_Token_End($parent_name); | ||||
| 
 | ||||
|         // setup the context variable 'IsInline', for chameleon processing
 | ||||
|         // is 'false' when we are not inline, 'true' when it must always
 | ||||
|         // be inline, and an integer when it is inline for a certain
 | ||||
|         // branch of the document tree
 | ||||
|         $is_inline = $definition->info_parent_def->descendants_are_inline; | ||||
|         $context->register('IsInline', $is_inline); | ||||
| 
 | ||||
|         // setup error collector
 | ||||
|         $e =& $context->get('ErrorCollector', true); | ||||
| 
 | ||||
|         //####################################################################//
 | ||||
|         // Loop initialization
 | ||||
| 
 | ||||
|         // stack that contains the indexes of all parents,
 | ||||
|         // $stack[count($stack)-1] being the current parent
 | ||||
|         $stack = array(); | ||||
| 
 | ||||
|         // stack that contains all elements that are excluded
 | ||||
|         // it is organized by parent elements, similar to $stack,
 | ||||
|         // but it is only populated when an element with exclusions is
 | ||||
|         // processed, i.e. there won't be empty exclusions.
 | ||||
|         $exclude_stack = array(); | ||||
| 
 | ||||
|         // variable that contains the start token while we are processing
 | ||||
|         // nodes. This enables error reporting to do its job
 | ||||
|         $start_token = false; | ||||
|         $context->register('CurrentToken', $start_token); | ||||
| 
 | ||||
|         //####################################################################//
 | ||||
|         // Loop
 | ||||
| 
 | ||||
|         // iterate through all start nodes. Determining the start node
 | ||||
|         // is complicated so it has been omitted from the loop construct
 | ||||
|         for ($i = 0, $size = count($tokens) ; $i < $size; ) { | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Gather information on children
 | ||||
| 
 | ||||
|             // child token accumulator
 | ||||
|             $child_tokens = array(); | ||||
| 
 | ||||
|             // scroll to the end of this node, report number, and collect
 | ||||
|             // all children
 | ||||
|             for ($j = $i, $depth = 0; ; $j++) { | ||||
|                 if ($tokens[$j] instanceof HTMLPurifier_Token_Start) { | ||||
|                     $depth++; | ||||
|                     // skip token assignment on first iteration, this is the
 | ||||
|                     // token we currently are on
 | ||||
|                     if ($depth == 1) continue; | ||||
|                 } elseif ($tokens[$j] instanceof HTMLPurifier_Token_End) { | ||||
|                     $depth--; | ||||
|                     // skip token assignment on last iteration, this is the
 | ||||
|                     // end token of the token we're currently on
 | ||||
|                     if ($depth == 0) break; | ||||
|                 } | ||||
|                 $child_tokens[] = $tokens[$j]; | ||||
|             } | ||||
| 
 | ||||
|             // $i is index of start token
 | ||||
|             // $j is index of end token
 | ||||
| 
 | ||||
|             $start_token = $tokens[$i]; // to make token available via CurrentToken
 | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Gather information on parent
 | ||||
| 
 | ||||
|             // calculate parent information
 | ||||
|             if ($count = count($stack)) { | ||||
|                 $parent_index = $stack[$count-1]; | ||||
|                 $parent_name  = $tokens[$parent_index]->name; | ||||
|                 if ($parent_index == 0) { | ||||
|                     $parent_def   = $definition->info_parent_def; | ||||
|                 } else { | ||||
|                     $parent_def   = $definition->info[$parent_name]; | ||||
|                 } | ||||
|             } else { | ||||
|                 // processing as if the parent were the "root" node
 | ||||
|                 // unknown info, it won't be used anyway, in the future,
 | ||||
|                 // we may want to enforce one element only (this is
 | ||||
|                 // necessary for HTML Purifier to clean entire documents
 | ||||
|                 $parent_index = $parent_name = $parent_def = null; | ||||
|             } | ||||
| 
 | ||||
|             // calculate context
 | ||||
|             if ($is_inline === false) { | ||||
|                 // check if conditions make it inline
 | ||||
|                 if (!empty($parent_def) && $parent_def->descendants_are_inline) { | ||||
|                     $is_inline = $count - 1; | ||||
|                 } | ||||
|             } else { | ||||
|                 // check if we're out of inline
 | ||||
|                 if ($count === $is_inline) { | ||||
|                     $is_inline = false; | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Determine whether element is explicitly excluded SGML-style
 | ||||
| 
 | ||||
|             // determine whether or not element is excluded by checking all
 | ||||
|             // parent exclusions. The array should not be very large, two
 | ||||
|             // elements at most.
 | ||||
|             $excluded = false; | ||||
|             if (!empty($exclude_stack)) { | ||||
|                 foreach ($exclude_stack as $lookup) { | ||||
|                     if (isset($lookup[$tokens[$i]->name])) { | ||||
|                         $excluded = true; | ||||
|                         // no need to continue processing
 | ||||
|                         break; | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Perform child validation
 | ||||
| 
 | ||||
|             if ($excluded) { | ||||
|                 // there is an exclusion, remove the entire node
 | ||||
|                 $result = false; | ||||
|                 $excludes = array(); // not used, but good to initialize anyway
 | ||||
|             } else { | ||||
|                 // DEFINITION CALL
 | ||||
|                 if ($i === 0) { | ||||
|                     // special processing for the first node
 | ||||
|                     $def = $definition->info_parent_def; | ||||
|                 } else { | ||||
|                     $def = $definition->info[$tokens[$i]->name]; | ||||
| 
 | ||||
|                 } | ||||
| 
 | ||||
|                 if (!empty($def->child)) { | ||||
|                     // have DTD child def validate children
 | ||||
|                     $result = $def->child->validateChildren( | ||||
|                         $child_tokens, $config, $context); | ||||
|                 } else { | ||||
|                     // weird, no child definition, get rid of everything
 | ||||
|                     $result = false; | ||||
|                 } | ||||
| 
 | ||||
|                 // determine whether or not this element has any exclusions
 | ||||
|                 $excludes = $def->excludes; | ||||
|             } | ||||
| 
 | ||||
|             // $result is now a bool or array
 | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Process result by interpreting $result
 | ||||
| 
 | ||||
|             if ($result === true || $child_tokens === $result) { | ||||
|                 // leave the node as is
 | ||||
| 
 | ||||
|                 // register start token as a parental node start
 | ||||
|                 $stack[] = $i; | ||||
| 
 | ||||
|                 // register exclusions if there are any
 | ||||
|                 if (!empty($excludes)) $exclude_stack[] = $excludes; | ||||
| 
 | ||||
|                 // move cursor to next possible start node
 | ||||
|                 $i++; | ||||
| 
 | ||||
|             } elseif($result === false) { | ||||
|                 // remove entire node
 | ||||
| 
 | ||||
|                 if ($e) { | ||||
|                     if ($excluded) { | ||||
|                         $e->send(E_ERROR, 'Strategy_FixNesting: Node excluded'); | ||||
|                     } else { | ||||
|                         $e->send(E_ERROR, 'Strategy_FixNesting: Node removed'); | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 // calculate length of inner tokens and current tokens
 | ||||
|                 $length = $j - $i + 1; | ||||
| 
 | ||||
|                 // perform removal
 | ||||
|                 array_splice($tokens, $i, $length); | ||||
| 
 | ||||
|                 // update size
 | ||||
|                 $size -= $length; | ||||
| 
 | ||||
|                 // there is no start token to register,
 | ||||
|                 // current node is now the next possible start node
 | ||||
|                 // unless it turns out that we need to do a double-check
 | ||||
| 
 | ||||
|                 // this is a rought heuristic that covers 100% of HTML's
 | ||||
|                 // cases and 99% of all other cases. A child definition
 | ||||
|                 // that would be tricked by this would be something like:
 | ||||
|                 // ( | a b c) where it's all or nothing. Fortunately,
 | ||||
|                 // our current implementation claims that that case would
 | ||||
|                 // not allow empty, even if it did
 | ||||
|                 if (!$parent_def->child->allow_empty) { | ||||
|                     // we need to do a double-check
 | ||||
|                     $i = $parent_index; | ||||
|                     array_pop($stack); | ||||
|                 } | ||||
| 
 | ||||
|                 // PROJECTED OPTIMIZATION: Process all children elements before
 | ||||
|                 // reprocessing parent node.
 | ||||
| 
 | ||||
|             } else { | ||||
|                 // replace node with $result
 | ||||
| 
 | ||||
|                 // calculate length of inner tokens
 | ||||
|                 $length = $j - $i - 1; | ||||
| 
 | ||||
|                 if ($e) { | ||||
|                     if (empty($result) && $length) { | ||||
|                         $e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed'); | ||||
|                     } else { | ||||
|                         $e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized'); | ||||
|                     } | ||||
|                 } | ||||
| 
 | ||||
|                 // perform replacement
 | ||||
|                 array_splice($tokens, $i + 1, $length, $result); | ||||
| 
 | ||||
|                 // update size
 | ||||
|                 $size -= $length; | ||||
|                 $size += count($result); | ||||
| 
 | ||||
|                 // register start token as a parental node start
 | ||||
|                 $stack[] = $i; | ||||
| 
 | ||||
|                 // register exclusions if there are any
 | ||||
|                 if (!empty($excludes)) $exclude_stack[] = $excludes; | ||||
| 
 | ||||
|                 // move cursor to next possible start node
 | ||||
|                 $i++; | ||||
| 
 | ||||
|             } | ||||
| 
 | ||||
|             //################################################################//
 | ||||
|             // Scroll to next start node
 | ||||
| 
 | ||||
|             // We assume, at this point, that $i is the index of the token
 | ||||
|             // that is the first possible new start point for a node.
 | ||||
| 
 | ||||
|             // Test if the token indeed is a start tag, if not, move forward
 | ||||
|             // and test again.
 | ||||
|             $size = count($tokens); | ||||
|             while ($i < $size and !$tokens[$i] instanceof HTMLPurifier_Token_Start) { | ||||
|                 if ($tokens[$i] instanceof HTMLPurifier_Token_End) { | ||||
|                     // pop a token index off the stack if we ended a node
 | ||||
|                     array_pop($stack); | ||||
|                     // pop an exclusion lookup off exclusion stack if
 | ||||
|                     // we ended node and that node had exclusions
 | ||||
|                     if ($i == 0 || $i == $size - 1) { | ||||
|                         // use specialized var if it's the super-parent
 | ||||
|                         $s_excludes = $definition->info_parent_def->excludes; | ||||
|                     } else { | ||||
|                         $s_excludes = $definition->info[$tokens[$i]->name]->excludes; | ||||
|                     } | ||||
|                     if ($s_excludes) { | ||||
|                         array_pop($exclude_stack); | ||||
|                     } | ||||
|                 } | ||||
|                 $i++; | ||||
|             } | ||||
| 
 | ||||
|         } | ||||
| 
 | ||||
|         //####################################################################//
 | ||||
|         // Post-processing
 | ||||
| 
 | ||||
|         // remove implicit parent tokens at the beginning and end
 | ||||
|         array_shift($tokens); | ||||
|         array_pop($tokens); | ||||
| 
 | ||||
|         // remove context variables
 | ||||
|         $context->destroy('IsInline'); | ||||
|         $context->destroy('CurrentToken'); | ||||
| 
 | ||||
|         //####################################################################//
 | ||||
|         // Return
 | ||||
| 
 | ||||
|         return $tokens; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,57 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Abstract base token class that all others inherit from. | ||||
|  */ | ||||
| class HTMLPurifier_Token { | ||||
|     public $line; /**< Line number node was on in source document. Null if unknown. */ | ||||
|     public $col;  /**< Column of line node was on in source document. Null if unknown. */ | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup array of processing that this token is exempt from. | ||||
|      * Currently, valid values are "ValidateAttributes" and | ||||
|      * "MakeWellFormed_TagClosedError" | ||||
|      */ | ||||
|     public $armor = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Used during MakeWellFormed. | ||||
|      */ | ||||
|     public $skip; | ||||
|     public $rewind; | ||||
|     public $carryover; | ||||
| 
 | ||||
|     public function __get($n) { | ||||
|       if ($n === 'type') { | ||||
|         trigger_error('Deprecated type property called; use instanceof', E_USER_NOTICE); | ||||
|         switch (get_class($this)) { | ||||
|           case 'HTMLPurifier_Token_Start':      return 'start'; | ||||
|           case 'HTMLPurifier_Token_Empty':      return 'empty'; | ||||
|           case 'HTMLPurifier_Token_End':        return 'end'; | ||||
|           case 'HTMLPurifier_Token_Text':       return 'text'; | ||||
|           case 'HTMLPurifier_Token_Comment':    return 'comment'; | ||||
|           default: return null; | ||||
|         } | ||||
|       } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Sets the position of the token in the source document. | ||||
|      */ | ||||
|     public function position($l = null, $c = null) { | ||||
|         $this->line = $l; | ||||
|         $this->col  = $c; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience function for DirectLex settings line/col position. | ||||
|      */ | ||||
|     public function rawPosition($l, $c) { | ||||
|         if ($c === -1) $l++; | ||||
|         $this->line = $l; | ||||
|         $this->col  = $c; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,22 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Concrete comment token class. Generally will be ignored. | ||||
|  */ | ||||
| class HTMLPurifier_Token_Comment extends HTMLPurifier_Token | ||||
| { | ||||
|     public $data; /**< Character data within comment. */ | ||||
|     public $is_whitespace = true; | ||||
|     /** | ||||
|      * Transparent constructor. | ||||
|      * | ||||
|      * @param $data String comment data. | ||||
|      */ | ||||
|     public function __construct($data, $line = null, $col = null) { | ||||
|         $this->data = $data; | ||||
|         $this->line = $line; | ||||
|         $this->col  = $col; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,94 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Factory for token generation. | ||||
|  * | ||||
|  * @note Doing some benchmarking indicates that the new operator is much | ||||
|  *       slower than the clone operator (even discounting the cost of the | ||||
|  *       constructor).  This class is for that optimization. | ||||
|  *       Other then that, there's not much point as we don't | ||||
|  *       maintain parallel HTMLPurifier_Token hierarchies (the main reason why | ||||
|  *       you'd want to use an abstract factory). | ||||
|  * @todo Port DirectLex to use this | ||||
|  */ | ||||
| class HTMLPurifier_TokenFactory | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Prototypes that will be cloned. | ||||
|      * @private | ||||
|      */ | ||||
|     // p stands for prototype
 | ||||
|     private $p_start, $p_end, $p_empty, $p_text, $p_comment; | ||||
| 
 | ||||
|     /** | ||||
|      * Generates blank prototypes for cloning. | ||||
|      */ | ||||
|     public function __construct() { | ||||
|         $this->p_start  = new HTMLPurifier_Token_Start('', array()); | ||||
|         $this->p_end    = new HTMLPurifier_Token_End(''); | ||||
|         $this->p_empty  = new HTMLPurifier_Token_Empty('', array()); | ||||
|         $this->p_text   = new HTMLPurifier_Token_Text(''); | ||||
|         $this->p_comment= new HTMLPurifier_Token_Comment(''); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a HTMLPurifier_Token_Start. | ||||
|      * @param $name Tag name | ||||
|      * @param $attr Associative array of attributes | ||||
|      * @return Generated HTMLPurifier_Token_Start | ||||
|      */ | ||||
|     public function createStart($name, $attr = array()) { | ||||
|         $p = clone $this->p_start; | ||||
|         $p->__construct($name, $attr); | ||||
|         return $p; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a HTMLPurifier_Token_End. | ||||
|      * @param $name Tag name | ||||
|      * @return Generated HTMLPurifier_Token_End | ||||
|      */ | ||||
|     public function createEnd($name) { | ||||
|         $p = clone $this->p_end; | ||||
|         $p->__construct($name); | ||||
|         return $p; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a HTMLPurifier_Token_Empty. | ||||
|      * @param $name Tag name | ||||
|      * @param $attr Associative array of attributes | ||||
|      * @return Generated HTMLPurifier_Token_Empty | ||||
|      */ | ||||
|     public function createEmpty($name, $attr = array()) { | ||||
|         $p = clone $this->p_empty; | ||||
|         $p->__construct($name, $attr); | ||||
|         return $p; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a HTMLPurifier_Token_Text. | ||||
|      * @param $data Data of text token | ||||
|      * @return Generated HTMLPurifier_Token_Text | ||||
|      */ | ||||
|     public function createText($data) { | ||||
|         $p = clone $this->p_text; | ||||
|         $p->__construct($data); | ||||
|         return $p; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a HTMLPurifier_Token_Comment. | ||||
|      * @param $data Data of comment token | ||||
|      * @return Generated HTMLPurifier_Token_Comment | ||||
|      */ | ||||
|     public function createComment($data) { | ||||
|         $p = clone $this->p_comment; | ||||
|         $p->__construct($data); | ||||
|         return $p; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,173 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * HTML Purifier's internal representation of a URI. | ||||
|  * @note | ||||
|  *      Internal data-structures are completely escaped. If the data needs | ||||
|  *      to be used in a non-URI context (which is very unlikely), be sure | ||||
|  *      to decode it first. The URI may not necessarily be well-formed until | ||||
|  *      validate() is called. | ||||
|  */ | ||||
| class HTMLPurifier_URI | ||||
| { | ||||
| 
 | ||||
|     public $scheme, $userinfo, $host, $port, $path, $query, $fragment; | ||||
| 
 | ||||
|     /** | ||||
|      * @note Automatically normalizes scheme and port | ||||
|      */ | ||||
|     public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment) { | ||||
|         $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme); | ||||
|         $this->userinfo = $userinfo; | ||||
|         $this->host = $host; | ||||
|         $this->port = is_null($port) ? $port : (int) $port; | ||||
|         $this->path = $path; | ||||
|         $this->query = $query; | ||||
|         $this->fragment = $fragment; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a scheme object corresponding to the URI's scheme/default | ||||
|      * @param $config Instance of HTMLPurifier_Config | ||||
|      * @param $context Instance of HTMLPurifier_Context | ||||
|      * @return Scheme object appropriate for validating this URI | ||||
|      */ | ||||
|     public function getSchemeObj($config, $context) { | ||||
|         $registry = HTMLPurifier_URISchemeRegistry::instance(); | ||||
|         if ($this->scheme !== null) { | ||||
|             $scheme_obj = $registry->getScheme($this->scheme, $config, $context); | ||||
|             if (!$scheme_obj) return false; // invalid scheme, clean it out
 | ||||
|         } else { | ||||
|             // no scheme: retrieve the default one
 | ||||
|             $def = $config->getDefinition('URI'); | ||||
|             $scheme_obj = $registry->getScheme($def->defaultScheme, $config, $context); | ||||
|             if (!$scheme_obj) { | ||||
|                 // something funky happened to the default scheme object
 | ||||
|                 trigger_error( | ||||
|                     'Default scheme object "' . $def->defaultScheme . '" was not readable', | ||||
|                     E_USER_WARNING | ||||
|                 ); | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         return $scheme_obj; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generic validation method applicable for all schemes. May modify | ||||
|      * this URI in order to get it into a compliant form. | ||||
|      * @param $config Instance of HTMLPurifier_Config | ||||
|      * @param $context Instance of HTMLPurifier_Context | ||||
|      * @return True if validation/filtering succeeds, false if failure | ||||
|      */ | ||||
|     public function validate($config, $context) { | ||||
| 
 | ||||
|         // ABNF definitions from RFC 3986
 | ||||
|         $chars_sub_delims = '!$&\'()*+,;='; | ||||
|         $chars_gen_delims = ':/?#[]@'; | ||||
|         $chars_pchar = $chars_sub_delims . ':@'; | ||||
| 
 | ||||
|         // validate scheme (MUST BE FIRST!)
 | ||||
|         if (!is_null($this->scheme) && is_null($this->host)) { | ||||
|             $def = $config->getDefinition('URI'); | ||||
|             if ($def->defaultScheme === $this->scheme) { | ||||
|                 $this->scheme = null; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // validate host
 | ||||
|         if (!is_null($this->host)) { | ||||
|             $host_def = new HTMLPurifier_AttrDef_URI_Host(); | ||||
|             $this->host = $host_def->validate($this->host, $config, $context); | ||||
|             if ($this->host === false) $this->host = null; | ||||
|         } | ||||
| 
 | ||||
|         // validate username
 | ||||
|         if (!is_null($this->userinfo)) { | ||||
|             $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':'); | ||||
|             $this->userinfo = $encoder->encode($this->userinfo); | ||||
|         } | ||||
| 
 | ||||
|         // validate port
 | ||||
|         if (!is_null($this->port)) { | ||||
|             if ($this->port < 1 || $this->port > 65535) $this->port = null; | ||||
|         } | ||||
| 
 | ||||
|         // validate path
 | ||||
|         $path_parts = array(); | ||||
|         $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/'); | ||||
|         if (!is_null($this->host)) { | ||||
|             // path-abempty (hier and relative)
 | ||||
|             $this->path = $segments_encoder->encode($this->path); | ||||
|         } elseif ($this->path !== '' && $this->path[0] === '/') { | ||||
|             // path-absolute (hier and relative)
 | ||||
|             if (strlen($this->path) >= 2 && $this->path[1] === '/') { | ||||
|                 // This shouldn't ever happen!
 | ||||
|                 $this->path = ''; | ||||
|             } else { | ||||
|                 $this->path = $segments_encoder->encode($this->path); | ||||
|             } | ||||
|         } elseif (!is_null($this->scheme) && $this->path !== '') { | ||||
|             // path-rootless (hier)
 | ||||
|             // Short circuit evaluation means we don't need to check nz
 | ||||
|             $this->path = $segments_encoder->encode($this->path); | ||||
|         } elseif (is_null($this->scheme) && $this->path !== '') { | ||||
|             // path-noscheme (relative)
 | ||||
|             // (once again, not checking nz)
 | ||||
|             $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@'); | ||||
|             $c = strpos($this->path, '/'); | ||||
|             if ($c !== false) { | ||||
|                 $this->path = | ||||
|                     $segment_nc_encoder->encode(substr($this->path, 0, $c)) . | ||||
|                     $segments_encoder->encode(substr($this->path, $c)); | ||||
|             } else { | ||||
|                 $this->path = $segment_nc_encoder->encode($this->path); | ||||
|             } | ||||
|         } else { | ||||
|             // path-empty (hier and relative)
 | ||||
|             $this->path = ''; // just to be safe
 | ||||
|         } | ||||
| 
 | ||||
|         // qf = query and fragment
 | ||||
|         $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?'); | ||||
| 
 | ||||
|         if (!is_null($this->query)) { | ||||
|             $this->query = $qf_encoder->encode($this->query); | ||||
|         } | ||||
| 
 | ||||
|         if (!is_null($this->fragment)) { | ||||
|             $this->fragment = $qf_encoder->encode($this->fragment); | ||||
|         } | ||||
| 
 | ||||
|         return true; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convert URI back to string | ||||
|      * @return String URI appropriate for output | ||||
|      */ | ||||
|     public function toString() { | ||||
|         // reconstruct authority
 | ||||
|         $authority = null; | ||||
|         if (!is_null($this->host)) { | ||||
|             $authority = ''; | ||||
|             if(!is_null($this->userinfo)) $authority .= $this->userinfo . '@'; | ||||
|             $authority .= $this->host; | ||||
|             if(!is_null($this->port))     $authority .= ':' . $this->port; | ||||
|         } | ||||
| 
 | ||||
|         // reconstruct the result
 | ||||
|         $result = ''; | ||||
|         if (!is_null($this->scheme))    $result .= $this->scheme . ':'; | ||||
|         if (!is_null($authority))       $result .=  '//' . $authority; | ||||
|         $result .= $this->path; | ||||
|         if (!is_null($this->query))     $result .= '?' . $this->query; | ||||
|         if (!is_null($this->fragment))  $result .= '#' . $this->fragment; | ||||
| 
 | ||||
|         return $result; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,45 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Chainable filters for custom URI processing. | ||||
|  * | ||||
|  * These filters can perform custom actions on a URI filter object, | ||||
|  * including transformation or blacklisting. | ||||
|  * | ||||
|  * @warning This filter is called before scheme object validation occurs. | ||||
|  *          Make sure, if you require a specific scheme object, you | ||||
|  *          you check that it exists. This allows filters to convert | ||||
|  *          proprietary URI schemes into regular ones. | ||||
|  */ | ||||
| abstract class HTMLPurifier_URIFilter | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Unique identifier of filter | ||||
|      */ | ||||
|     public $name; | ||||
| 
 | ||||
|     /** | ||||
|      * True if this filter should be run after scheme validation. | ||||
|      */ | ||||
|     public $post = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Performs initialization for the filter | ||||
|      */ | ||||
|     public function prepare($config) {return true;} | ||||
| 
 | ||||
|     /** | ||||
|      * Filter a URI object | ||||
|      * @param $uri Reference to URI object variable | ||||
|      * @param $config Instance of HTMLPurifier_Config | ||||
|      * @param $context Instance of HTMLPurifier_Context | ||||
|      * @return bool Whether or not to continue processing: false indicates | ||||
|      *         URL is no good, true indicates continue processing. Note that | ||||
|      *         all changes are committed directly on the URI object | ||||
|      */ | ||||
|     abstract public function filter(&$uri, $config, $context); | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,23 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_URIFilter_DisableExternal extends HTMLPurifier_URIFilter | ||||
| { | ||||
|     public $name = 'DisableExternal'; | ||||
|     protected $ourHostParts = false; | ||||
|     public function prepare($config) { | ||||
|         $our_host = $config->getDefinition('URI')->host; | ||||
|         if ($our_host !== null) $this->ourHostParts = array_reverse(explode('.', $our_host)); | ||||
|     } | ||||
|     public function filter(&$uri, $config, $context) { | ||||
|         if (is_null($uri->host)) return true; | ||||
|         if ($this->ourHostParts === false) return false; | ||||
|         $host_parts = array_reverse(explode('.', $uri->host)); | ||||
|         foreach ($this->ourHostParts as $i => $x) { | ||||
|             if (!isset($host_parts[$i])) return false; | ||||
|             if ($host_parts[$i] != $this->ourHostParts[$i]) return false; | ||||
|         } | ||||
|         return true; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,12 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_URIFilter_DisableExternalResources extends HTMLPurifier_URIFilter_DisableExternal | ||||
| { | ||||
|     public $name = 'DisableExternalResources'; | ||||
|     public function filter(&$uri, $config, $context) { | ||||
|         if (!$context->get('EmbeddedURI', true)) return true; | ||||
|         return parent::filter($uri, $config, $context); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,21 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter | ||||
| { | ||||
|     public $name = 'HostBlacklist'; | ||||
|     protected $blacklist = array(); | ||||
|     public function prepare($config) { | ||||
|         $this->blacklist = $config->get('URI.HostBlacklist'); | ||||
|         return true; | ||||
|     } | ||||
|     public function filter(&$uri, $config, $context) { | ||||
|         foreach($this->blacklist as $blacklisted_host_fragment) { | ||||
|             if (strpos($uri->host, $blacklisted_host_fragment) !== false) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         return true; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,58 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter | ||||
| { | ||||
|     public $name = 'Munge'; | ||||
|     public $post = true; | ||||
|     private $target, $parser, $doEmbed, $secretKey; | ||||
| 
 | ||||
|     protected $replace = array(); | ||||
| 
 | ||||
|     public function prepare($config) { | ||||
|         $this->target    = $config->get('URI.' . $this->name); | ||||
|         $this->parser    = new HTMLPurifier_URIParser(); | ||||
|         $this->doEmbed   = $config->get('URI.MungeResources'); | ||||
|         $this->secretKey = $config->get('URI.MungeSecretKey'); | ||||
|         return true; | ||||
|     } | ||||
|     public function filter(&$uri, $config, $context) { | ||||
|         if ($context->get('EmbeddedURI', true) && !$this->doEmbed) return true; | ||||
| 
 | ||||
|         $scheme_obj = $uri->getSchemeObj($config, $context); | ||||
|         if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
 | ||||
|         if (is_null($uri->host) || empty($scheme_obj->browsable)) { | ||||
|             return true; | ||||
|         } | ||||
|         // don't redirect if target host is our host
 | ||||
|         if ($uri->host === $config->getDefinition('URI')->host) { | ||||
|             return true; | ||||
|         } | ||||
| 
 | ||||
|         $this->makeReplace($uri, $config, $context); | ||||
|         $this->replace = array_map('rawurlencode', $this->replace); | ||||
| 
 | ||||
|         $new_uri = strtr($this->target, $this->replace); | ||||
|         $new_uri = $this->parser->parse($new_uri); | ||||
|         // don't redirect if the target host is the same as the
 | ||||
|         // starting host
 | ||||
|         if ($uri->host === $new_uri->host) return true; | ||||
|         $uri = $new_uri; // overwrite
 | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     protected function makeReplace($uri, $config, $context) { | ||||
|         $string = $uri->toString(); | ||||
|         // always available
 | ||||
|         $this->replace['%s'] = $string; | ||||
|         $this->replace['%r'] = $context->get('EmbeddedURI', true); | ||||
|         $token = $context->get('CurrentToken', true); | ||||
|         $this->replace['%n'] = $token ? $token->name : null; | ||||
|         $this->replace['%m'] = $context->get('CurrentAttr', true); | ||||
|         $this->replace['%p'] = $context->get('CurrentCSSProperty', true); | ||||
|         // not always available
 | ||||
|         if ($this->secretKey) $this->replace['%t'] = sha1($this->secretKey . ':' . $string); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,42 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validator for the components of a URI for a specific scheme | ||||
|  */ | ||||
| class HTMLPurifier_URIScheme | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Scheme's default port (integer) | ||||
|      */ | ||||
|     public $default_port = null; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not URIs of this schem are locatable by a browser | ||||
|      * http and ftp are accessible, while mailto and news are not. | ||||
|      */ | ||||
|     public $browsable = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not the URI always uses <hier_part>, resolves edge cases | ||||
|      * with making relative URIs absolute | ||||
|      */ | ||||
|     public $hierarchical = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Validates the components of a URI | ||||
|      * @note This implementation should be called by children if they define | ||||
|      *       a default port, as it does port processing. | ||||
|      * @param $uri Instance of HTMLPurifier_URI | ||||
|      * @param $config HTMLPurifier_Config object | ||||
|      * @param $context HTMLPurifier_Context object | ||||
|      * @return Bool success or failure | ||||
|      */ | ||||
|     public function validate(&$uri, $config, $context) { | ||||
|         if ($this->default_port == $uri->port) $uri->port = null; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,22 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates news (Usenet) as defined by generic RFC 1738 | ||||
|  */ | ||||
| class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme { | ||||
| 
 | ||||
|     public $browsable = false; | ||||
| 
 | ||||
|     public function validate(&$uri, $config, $context) { | ||||
|         parent::validate($uri, $config, $context); | ||||
|         $uri->userinfo = null; | ||||
|         $uri->host     = null; | ||||
|         $uri->port     = null; | ||||
|         $uri->query    = null; | ||||
|         // typecode check needed on path
 | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,20 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738 | ||||
|  */ | ||||
| class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme { | ||||
| 
 | ||||
|     public $default_port = 119; | ||||
|     public $browsable = false; | ||||
| 
 | ||||
|     public function validate(&$uri, $config, $context) { | ||||
|         parent::validate($uri, $config, $context); | ||||
|         $uri->userinfo = null; | ||||
|         $uri->query    = null; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,154 +0,0 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Parses string representations into their corresponding native PHP | ||||
|  * variable type. The base implementation does a simple type-check. | ||||
|  */ | ||||
| class HTMLPurifier_VarParser | ||||
| { | ||||
| 
 | ||||
|     const STRING    = 1; | ||||
|     const ISTRING   = 2; | ||||
|     const TEXT      = 3; | ||||
|     const ITEXT     = 4; | ||||
|     const INT       = 5; | ||||
|     const FLOAT     = 6; | ||||
|     const BOOL      = 7; | ||||
|     const LOOKUP    = 8; | ||||
|     const ALIST     = 9; | ||||
|     const HASH      = 10; | ||||
|     const MIXED     = 11; | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup table of allowed types. Mainly for backwards compatibility, but | ||||
|      * also convenient for transforming string type names to the integer constants. | ||||
|      */ | ||||
|     static public $types = array( | ||||
|         'string'    => self::STRING, | ||||
|         'istring'   => self::ISTRING, | ||||
|         'text'      => self::TEXT, | ||||
|         'itext'     => self::ITEXT, | ||||
|         'int'       => self::INT, | ||||
|         'float'     => self::FLOAT, | ||||
|         'bool'      => self::BOOL, | ||||
|         'lookup'    => self::LOOKUP, | ||||
|         'list'      => self::ALIST, | ||||
|         'hash'      => self::HASH, | ||||
|         'mixed'     => self::MIXED | ||||
|     ); | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup table of types that are string, and can have aliases or | ||||
|      * allowed value lists. | ||||
|      */ | ||||
|     static public $stringTypes = array( | ||||
|         self::STRING    => true, | ||||
|         self::ISTRING   => true, | ||||
|         self::TEXT      => true, | ||||
|         self::ITEXT     => true, | ||||
|     ); | ||||
| 
 | ||||
|     /** | ||||
|      * Validate a variable according to type. Throws | ||||
|      * HTMLPurifier_VarParserException if invalid. | ||||
|      * It may return NULL as a valid type if $allow_null is true. | ||||
|      * | ||||
|      * @param $var Variable to validate | ||||
|      * @param $type Type of variable, see HTMLPurifier_VarParser->types | ||||
|      * @param $allow_null Whether or not to permit null as a value | ||||
|      * @return Validated and type-coerced variable | ||||
|      */ | ||||
|     final public function parse($var, $type, $allow_null = false) { | ||||
|         if (is_string($type)) { | ||||
|             if (!isset(HTMLPurifier_VarParser::$types[$type])) { | ||||
|                 throw new HTMLPurifier_VarParserException("Invalid type '$type'"); | ||||
|             } else { | ||||
|                 $type = HTMLPurifier_VarParser::$types[$type]; | ||||
|             } | ||||
|         } | ||||
|         $var = $this->parseImplementation($var, $type, $allow_null); | ||||
|         if ($allow_null && $var === null) return null; | ||||
|         // These are basic checks, to make sure nothing horribly wrong
 | ||||
|         // happened in our implementations.
 | ||||
|         switch ($type) { | ||||
|             case (self::STRING): | ||||
|             case (self::ISTRING): | ||||
|             case (self::TEXT): | ||||
|             case (self::ITEXT): | ||||
|                 if (!is_string($var)) break; | ||||
|                 if ($type == self::ISTRING || $type == self::ITEXT) $var = strtolower($var); | ||||
|                 return $var; | ||||
|             case (self::INT): | ||||
|                 if (!is_int($var)) break; | ||||
|                 return $var; | ||||
|             case (self::FLOAT): | ||||
|                 if (!is_float($var)) break; | ||||
|                 return $var; | ||||
|             case (self::BOOL): | ||||
|                 if (!is_bool($var)) break; | ||||
|                 return $var; | ||||
|             case (self::LOOKUP): | ||||
|             case (self::ALIST): | ||||
|             case (self::HASH): | ||||
|                 if (!is_array($var)) break; | ||||
|                 if ($type === self::LOOKUP) { | ||||
|                     foreach ($var as $k) if ($k !== true) $this->error('Lookup table contains value other than true'); | ||||
|                 } elseif ($type === self::ALIST) { | ||||
|                     $keys = array_keys($var); | ||||
|                     if (array_keys($keys) !== $keys) $this->error('Indices for list are not uniform'); | ||||
|                 } | ||||
|                 return $var; | ||||
|             case (self::MIXED): | ||||
|                 return $var; | ||||
|             default: | ||||
|                 $this->errorInconsistent(get_class($this), $type); | ||||
|         } | ||||
|         $this->errorGeneric($var, $type); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Actually implements the parsing. Base implementation is to not | ||||
|      * do anything to $var. Subclasses should overload this! | ||||
|      */ | ||||
|     protected function parseImplementation($var, $type, $allow_null) { | ||||
|         return $var; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Throws an exception. | ||||
|      */ | ||||
|     protected function error($msg) { | ||||
|         throw new HTMLPurifier_VarParserException($msg); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Throws an inconsistency exception. | ||||
|      * @note This should not ever be called. It would be called if we | ||||
|      *       extend the allowed values of HTMLPurifier_VarParser without | ||||
|      *       updating subclasses. | ||||
|      */ | ||||
|     protected function errorInconsistent($class, $type) { | ||||
|         throw new HTMLPurifier_Exception("Inconsistency in $class: ".HTMLPurifier_VarParser::getTypeName($type)." not implemented"); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Generic error for if a type didn't work. | ||||
|      */ | ||||
|     protected function errorGeneric($var, $type) { | ||||
|         $vtype = gettype($var); | ||||
|         $this->error("Expected type ".HTMLPurifier_VarParser::getTypeName($type).", got $vtype"); | ||||
|     } | ||||
| 
 | ||||
|     static public function getTypeName($type) { | ||||
|         static $lookup; | ||||
|         if (!$lookup) { | ||||
|             // Lazy load the alternative lookup table
 | ||||
|             $lookup = array_flip(HTMLPurifier_VarParser::$types); | ||||
|         } | ||||
|         if (!isset($lookup[$type])) return 'unknown'; | ||||
|         return $lookup[$type]; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										9
									
								
								library/ezyang/htmlpurifier/CREDITS
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								library/ezyang/htmlpurifier/CREDITS
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | |||
| 
 | ||||
| CREDITS | ||||
| 
 | ||||
| Almost everything written by Edward Z. Yang (Ambush Commander).  Lots of thanks | ||||
| to the DevNetwork Community for their help (see docs/ref-devnetwork.html for | ||||
| more details), Feyd especially (namely IPv6 and optimization).  Thanks to RSnake | ||||
| for letting me package his fantastic XSS cheatsheet for a smoketest. | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										374
									
								
								library/ezyang/htmlpurifier/INSTALL
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										374
									
								
								library/ezyang/htmlpurifier/INSTALL
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,374 @@ | |||
| 
 | ||||
| Install | ||||
|     How to install HTML Purifier | ||||
| 
 | ||||
| HTML Purifier is designed to run out of the box, so actually using the | ||||
| library is extremely easy.  (Although... if you were looking for a | ||||
| step-by-step installation GUI, you've downloaded the wrong software!) | ||||
| 
 | ||||
| While the impatient can get going immediately with some of the sample | ||||
| code at the bottom of this library, it's well worth reading this entire | ||||
| document--most of the other documentation assumes that you are familiar | ||||
| with these contents. | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 1.  Compatibility | ||||
| 
 | ||||
| HTML Purifier is PHP 5 only, and is actively tested from PHP 5.0.5 and | ||||
| up. It has no core dependencies with other libraries. PHP | ||||
| 4 support was deprecated on December 31, 2007 with HTML Purifier 3.0.0. | ||||
| HTML Purifier is not compatible with zend.ze1_compatibility_mode. | ||||
| 
 | ||||
| These optional extensions can enhance the capabilities of HTML Purifier: | ||||
| 
 | ||||
|     * iconv  : Converts text to and from non-UTF-8 encodings | ||||
|     * bcmath : Used for unit conversion and imagecrash protection | ||||
|     * tidy   : Used for pretty-printing HTML | ||||
| 
 | ||||
| These optional libraries can enhance the capabilities of HTML Purifier: | ||||
| 
 | ||||
|     * CSSTidy : Clean CSS stylesheets using %Core.ExtractStyleBlocks | ||||
|     * Net_IDNA2 (PEAR) : IRI support using %Core.EnableIDNA | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 2.  Reconnaissance | ||||
| 
 | ||||
| A big plus of HTML Purifier is its inerrant support of standards, so | ||||
| your web-pages should be standards-compliant.  (They should also use | ||||
| semantic markup, but that's another issue altogether, one HTML Purifier | ||||
| cannot fix without reading your mind.) | ||||
| 
 | ||||
| HTML Purifier can process these doctypes: | ||||
| 
 | ||||
| * XHTML 1.0 Transitional (default) | ||||
| * XHTML 1.0 Strict | ||||
| * HTML 4.01 Transitional | ||||
| * HTML 4.01 Strict | ||||
| * XHTML 1.1 | ||||
| 
 | ||||
| ...and these character encodings: | ||||
| 
 | ||||
| * UTF-8 (default) | ||||
| * Any encoding iconv supports (with crippled internationalization support) | ||||
| 
 | ||||
| These defaults reflect what my choices would be if I were authoring an | ||||
| HTML document, however, what you choose depends on the nature of your | ||||
| codebase.  If you don't know what doctype you are using, you can determine | ||||
| the doctype from this identifier at the top of your source code: | ||||
| 
 | ||||
|     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | ||||
|         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||||
| 
 | ||||
| ...and the character encoding from this code: | ||||
| 
 | ||||
|     <meta http-equiv="Content-type" content="text/html;charset=ENCODING"> | ||||
| 
 | ||||
| If the character encoding declaration is missing, STOP NOW, and | ||||
| read 'docs/enduser-utf8.html' (web accessible at | ||||
| http://htmlpurifier.org/docs/enduser-utf8.html).  In fact, even if it is | ||||
| present, read this document anyway, as many websites specify their | ||||
| document's character encoding incorrectly. | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 3.  Including the library | ||||
| 
 | ||||
| The procedure is quite simple: | ||||
| 
 | ||||
|     require_once '/path/to/library/HTMLPurifier.auto.php'; | ||||
| 
 | ||||
| This will setup an autoloader, so the library's files are only included | ||||
| when you use them. | ||||
| 
 | ||||
| Only the contents in the library/ folder are necessary, so you can remove | ||||
| everything else when using HTML Purifier in a production environment. | ||||
| 
 | ||||
| If you installed HTML Purifier via PEAR, all you need to do is: | ||||
| 
 | ||||
|     require_once 'HTMLPurifier.auto.php'; | ||||
| 
 | ||||
| Please note that the usual PEAR practice of including just the classes you | ||||
| want will not work with HTML Purifier's autoloading scheme. | ||||
| 
 | ||||
| Advanced users, read on; other users can skip to section 4. | ||||
| 
 | ||||
| Autoload compatibility | ||||
| ---------------------- | ||||
| 
 | ||||
|     HTML Purifier attempts to be as smart as possible when registering an | ||||
|     autoloader, but there are some cases where you will need to change | ||||
|     your own code to accomodate HTML Purifier. These are those cases: | ||||
| 
 | ||||
|     PHP VERSION IS LESS THAN 5.1.2, AND YOU'VE DEFINED __autoload | ||||
|         Because spl_autoload_register() doesn't exist in early versions | ||||
|         of PHP 5, HTML Purifier has no way of adding itself to the autoload | ||||
|         stack. Modify your __autoload function to test | ||||
|         HTMLPurifier_Bootstrap::autoload($class) | ||||
| 
 | ||||
|         For example, suppose your autoload function looks like this: | ||||
| 
 | ||||
|             function __autoload($class) { | ||||
|                 require str_replace('_', '/', $class) . '.php'; | ||||
|                 return true; | ||||
|             } | ||||
| 
 | ||||
|         A modified version with HTML Purifier would look like this: | ||||
| 
 | ||||
|             function __autoload($class) { | ||||
|                 if (HTMLPurifier_Bootstrap::autoload($class)) return true; | ||||
|                 require str_replace('_', '/', $class) . '.php'; | ||||
|                 return true; | ||||
|             } | ||||
| 
 | ||||
|         Note that there *is* some custom behavior in our autoloader; the | ||||
|         original autoloader in our example would work for 99% of the time, | ||||
|         but would fail when including language files. | ||||
| 
 | ||||
|     AN __autoload FUNCTION IS DECLARED AFTER OUR AUTOLOADER IS REGISTERED | ||||
|         spl_autoload_register() has the curious behavior of disabling | ||||
|         the existing __autoload() handler. Users need to explicitly | ||||
|         spl_autoload_register('__autoload'). Because we use SPL when it | ||||
|         is available, __autoload() will ALWAYS be disabled. If __autoload() | ||||
|         is declared before HTML Purifier is loaded, this is not a problem: | ||||
|         HTML Purifier will register the function for you. But if it is | ||||
|         declared afterwards, it will mysteriously not work. This | ||||
|         snippet of code (after your autoloader is defined) will fix it: | ||||
| 
 | ||||
|             spl_autoload_register('__autoload') | ||||
| 
 | ||||
|     Users should also be on guard if they use a version of PHP previous | ||||
|     to 5.1.2 without an autoloader--HTML Purifier will define __autoload() | ||||
|     for you, which can collide with an autoloader that was added by *you* | ||||
|     later. | ||||
| 
 | ||||
| 
 | ||||
| For better performance | ||||
| ---------------------- | ||||
| 
 | ||||
|     Opcode caches, which greatly speed up PHP initialization for scripts | ||||
|     with large amounts of code (HTML Purifier included), don't like | ||||
|     autoloaders. We offer an include file that includes all of HTML Purifier's | ||||
|     files in one go in an opcode cache friendly manner: | ||||
| 
 | ||||
|         // If /path/to/library isn't already in your include path, uncomment | ||||
|         // the below line: | ||||
|         // require '/path/to/library/HTMLPurifier.path.php'; | ||||
| 
 | ||||
|         require 'HTMLPurifier.includes.php'; | ||||
| 
 | ||||
|     Optional components still need to be included--you'll know if you try to | ||||
|     use a feature and you get a class doesn't exists error! The autoloader | ||||
|     can be used in conjunction with this approach to catch classes that are | ||||
|     missing. Simply add this afterwards: | ||||
| 
 | ||||
|         require 'HTMLPurifier.autoload.php'; | ||||
| 
 | ||||
| Standalone version | ||||
| ------------------ | ||||
| 
 | ||||
|     HTML Purifier has a standalone distribution; you can also generate | ||||
|     a standalone file from the full version by running the script | ||||
|     maintenance/generate-standalone.php . The standalone version has the | ||||
|     benefit of having most of its code in one file, so parsing is much | ||||
|     faster and the library is easier to manage. | ||||
| 
 | ||||
|     If HTMLPurifier.standalone.php exists in the library directory, you | ||||
|     can use it like this: | ||||
| 
 | ||||
|         require '/path/to/HTMLPurifier.standalone.php'; | ||||
| 
 | ||||
|     This is equivalent to including HTMLPurifier.includes.php, except that | ||||
|     the contents of standalone/ will be added to your path. To override this | ||||
|     behavior, specify a new HTMLPURIFIER_PREFIX where standalone files can | ||||
|     be found (usually, this will be one directory up, the "true" library | ||||
|     directory in full distributions). Don't forget to set your path too! | ||||
| 
 | ||||
|     The autoloader can be added to the end to ensure the classes are | ||||
|     loaded when necessary; otherwise you can manually include them. | ||||
|     To use the autoloader, use this: | ||||
| 
 | ||||
|         require 'HTMLPurifier.autoload.php'; | ||||
| 
 | ||||
| For advanced users | ||||
| ------------------ | ||||
| 
 | ||||
|     HTMLPurifier.auto.php performs a number of operations that can be done | ||||
|     individually. These are: | ||||
| 
 | ||||
|         HTMLPurifier.path.php | ||||
|             Puts /path/to/library in the include path. For high performance, | ||||
|             this should be done in php.ini. | ||||
| 
 | ||||
|         HTMLPurifier.autoload.php | ||||
|             Registers our autoload handler HTMLPurifier_Bootstrap::autoload($class). | ||||
| 
 | ||||
|     You can do these operations by yourself--in fact, you must modify your own | ||||
|     autoload handler if you are using a version of PHP earlier than PHP 5.1.2 | ||||
|     (See "Autoload compatibility" above). | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 4. Configuration | ||||
| 
 | ||||
| HTML Purifier is designed to run out-of-the-box, but occasionally HTML | ||||
| Purifier needs to be told what to do.  If you answer no to any of these | ||||
| questions, read on; otherwise, you can skip to the next section (or, if you're | ||||
| into configuring things just for the heck of it, skip to 4.3). | ||||
| 
 | ||||
| * Am I using UTF-8? | ||||
| * Am I using XHTML 1.0 Transitional? | ||||
| 
 | ||||
| If you answered no to any of these questions, instantiate a configuration | ||||
| object and read on: | ||||
| 
 | ||||
|     $config = HTMLPurifier_Config::createDefault(); | ||||
| 
 | ||||
| 
 | ||||
| 4.1. Setting a different character encoding | ||||
| 
 | ||||
| You really shouldn't use any other encoding except UTF-8, especially if you | ||||
| plan to support multilingual websites (read section three for more details). | ||||
| However, switching to UTF-8 is not always immediately feasible, so we can | ||||
| adapt. | ||||
| 
 | ||||
| HTML Purifier uses iconv to support other character encodings, as such, | ||||
| any encoding that iconv supports <http://www.gnu.org/software/libiconv/> | ||||
| HTML Purifier supports with this code: | ||||
| 
 | ||||
|     $config->set('Core.Encoding', /* put your encoding here */); | ||||
| 
 | ||||
| An example usage for Latin-1 websites (the most common encoding for English | ||||
| websites): | ||||
| 
 | ||||
|     $config->set('Core.Encoding', 'ISO-8859-1'); | ||||
| 
 | ||||
| Note that HTML Purifier's support for non-Unicode encodings is crippled by the | ||||
| fact that any character not supported by that encoding will be silently | ||||
| dropped, EVEN if it is ampersand escaped.  If you want to work around | ||||
| this, you are welcome to read docs/enduser-utf8.html for a fix, | ||||
| but please be cognizant of the issues the "solution" creates (for this | ||||
| reason, I do not include the solution in this document). | ||||
| 
 | ||||
| 
 | ||||
| 4.2. Setting a different doctype | ||||
| 
 | ||||
| For those of you using HTML 4.01 Transitional, you can disable | ||||
| XHTML output like this: | ||||
| 
 | ||||
|     $config->set('HTML.Doctype', 'HTML 4.01 Transitional'); | ||||
| 
 | ||||
| Other supported doctypes include: | ||||
| 
 | ||||
|     * HTML 4.01 Strict | ||||
|     * HTML 4.01 Transitional | ||||
|     * XHTML 1.0 Strict | ||||
|     * XHTML 1.0 Transitional | ||||
|     * XHTML 1.1 | ||||
| 
 | ||||
| 
 | ||||
| 4.3. Other settings | ||||
| 
 | ||||
| There are more configuration directives which can be read about | ||||
| here: <http://htmlpurifier.org/live/configdoc/plain.html>  They're a bit boring, | ||||
| but they can help out for those of you who like to exert maximum control over | ||||
| your code.  Some of the more interesting ones are configurable at the | ||||
| demo <http://htmlpurifier.org/demo.php> and are well worth looking into | ||||
| for your own system. | ||||
| 
 | ||||
| For example, you can fine tune allowed elements and attributes, convert | ||||
| relative URLs to absolute ones, and even autoparagraph input text! These | ||||
| are, respectively, %HTML.Allowed, %URI.MakeAbsolute and %URI.Base, and | ||||
| %AutoFormat.AutoParagraph. The %Namespace.Directive naming convention | ||||
| translates to: | ||||
| 
 | ||||
|     $config->set('Namespace.Directive', $value); | ||||
| 
 | ||||
| E.g. | ||||
| 
 | ||||
|     $config->set('HTML.Allowed', 'p,b,a[href],i'); | ||||
|     $config->set('URI.Base', 'http://www.example.com'); | ||||
|     $config->set('URI.MakeAbsolute', true); | ||||
|     $config->set('AutoFormat.AutoParagraph', true); | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 5. Caching | ||||
| 
 | ||||
| HTML Purifier generates some cache files (generally one or two) to speed up | ||||
| its execution. For maximum performance, make sure that | ||||
| library/HTMLPurifier/DefinitionCache/Serializer is writeable by the webserver. | ||||
| 
 | ||||
| If you are in the library/ folder of HTML Purifier, you can set the | ||||
| appropriate permissions using: | ||||
| 
 | ||||
|     chmod -R 0755 HTMLPurifier/DefinitionCache/Serializer | ||||
| 
 | ||||
| If the above command doesn't work, you may need to assign write permissions | ||||
| to all. This may be necessary if your webserver runs as nobody, but is | ||||
| not recommended since it means any other user can write files in the | ||||
| directory. Use: | ||||
| 
 | ||||
|     chmod -R 0777 HTMLPurifier/DefinitionCache/Serializer | ||||
| 
 | ||||
| You can also chmod files via your FTP client; this option | ||||
| is usually accessible by right clicking the corresponding directory and | ||||
| then selecting "chmod" or "file permissions". | ||||
| 
 | ||||
| Starting with 2.0.1, HTML Purifier will generate friendly error messages | ||||
| that will tell you exactly what you have to chmod the directory to, if in doubt, | ||||
| follow its advice. | ||||
| 
 | ||||
| If you are unable or unwilling to give write permissions to the cache | ||||
| directory, you can either disable the cache (and suffer a performance | ||||
| hit): | ||||
| 
 | ||||
|     $config->set('Core.DefinitionCache', null); | ||||
| 
 | ||||
| Or move the cache directory somewhere else (no trailing slash): | ||||
| 
 | ||||
|     $config->set('Cache.SerializerPath', '/home/user/absolute/path'); | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 6.   Using the code | ||||
| 
 | ||||
| The interface is mind-numbingly simple: | ||||
| 
 | ||||
|     $purifier = new HTMLPurifier($config); | ||||
|     $clean_html = $purifier->purify( $dirty_html ); | ||||
| 
 | ||||
| That's it!  For more examples, check out docs/examples/ (they aren't very | ||||
| different though).  Also, docs/enduser-slow.html gives advice on what to | ||||
| do if HTML Purifier is slowing down your application. | ||||
| 
 | ||||
| 
 | ||||
| --------------------------------------------------------------------------- | ||||
| 7.   Quick install | ||||
| 
 | ||||
| First, make sure library/HTMLPurifier/DefinitionCache/Serializer is | ||||
| writable by the webserver (see Section 5: Caching above for details). | ||||
| If your website is in UTF-8 and XHTML Transitional, use this code: | ||||
| 
 | ||||
| <?php | ||||
|     require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; | ||||
| 
 | ||||
|     $config = HTMLPurifier_Config::createDefault(); | ||||
|     $purifier = new HTMLPurifier($config); | ||||
|     $clean_html = $purifier->purify($dirty_html); | ||||
| ?> | ||||
| 
 | ||||
| If your website is in a different encoding or doctype, use this code: | ||||
| 
 | ||||
| <?php | ||||
|     require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; | ||||
| 
 | ||||
|     $config = HTMLPurifier_Config::createDefault(); | ||||
|     $config->set('Core.Encoding', 'ISO-8859-1'); // replace with your encoding | ||||
|     $config->set('HTML.Doctype', 'HTML 4.01 Transitional'); // replace with your doctype | ||||
|     $purifier = new HTMLPurifier($config); | ||||
| 
 | ||||
|     $clean_html = $purifier->purify($dirty_html); | ||||
| ?> | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										60
									
								
								library/ezyang/htmlpurifier/INSTALL.fr.utf8
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										60
									
								
								library/ezyang/htmlpurifier/INSTALL.fr.utf8
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,60 @@ | |||
|  | ||||
| Installation | ||||
|     Comment installer HTML Purifier | ||||
| 
 | ||||
| Attention : Ce document est encodé en UTF-8, si les lettres avec des accents | ||||
| ne s'affichent pas, prenez un meilleur éditeur de texte. | ||||
| 
 | ||||
| L'installation de HTML Purifier est très simple, parce qu'il n'a pas besoin | ||||
| de configuration. Pour les utilisateurs impatients, le code se trouve dans le | ||||
| pied de page, mais je recommande de lire le document. | ||||
| 
 | ||||
| 1.  Compatibilité | ||||
| 
 | ||||
| HTML Purifier fonctionne avec PHP 5. PHP 5.0.5 est la dernière version testée. | ||||
| Il ne dépend pas d'autres librairies. | ||||
| 
 | ||||
| Les extensions optionnelles sont iconv (généralement déjà installée) et tidy | ||||
| (répendue aussi). Si vous utilisez UTF-8 et que vous ne voulez pas l'indentation, | ||||
| vous pouvez utiliser HTML Purifier sans ces extensions. | ||||
| 
 | ||||
| 
 | ||||
| 2.  Inclure la librairie | ||||
| 
 | ||||
| Quand vous devez l'utilisez, incluez le : | ||||
| 
 | ||||
|     require_once('/path/to/library/HTMLPurifier.auto.php'); | ||||
| 
 | ||||
| Ne pas l'inclure si ce n'est pas nécessaire, car HTML Purifier est lourd. | ||||
| 
 | ||||
| HTML Purifier utilise "autoload". Si vous avez défini la fonction __autoload, | ||||
| vous devez ajouter cette fonction : | ||||
| 
 | ||||
|     spl_autoload_register('__autoload') | ||||
| 
 | ||||
| Plus d'informations dans le document "INSTALL". | ||||
| 
 | ||||
| 3.  Installation rapide | ||||
| 
 | ||||
| Si votre site Web est en UTF-8 et XHTML Transitional, utilisez : | ||||
| 
 | ||||
| <?php | ||||
|     require_once('/path/to/htmlpurifier/library/HTMLPurifier.auto.php'); | ||||
|     $purificateur = new HTMLPurifier(); | ||||
|     $html_propre = $purificateur->purify($html_a_purifier); | ||||
| ?> | ||||
| 
 | ||||
| Sinon, utilisez : | ||||
| 
 | ||||
| <?php | ||||
|     require_once('/path/to/html/purifier/library/HTMLPurifier.auto.load'); | ||||
|     $config = $HTMLPurifier_Config::createDefault(); | ||||
|     $config->set('Core', 'Encoding', 'ISO-8859-1'); //Remplacez par votre | ||||
|     encodage | ||||
|     $config->set('Core', 'XHTML', true); //Remplacer par false si HTML 4.01 | ||||
|     $purificateur = new HTMLPurifier($config); | ||||
|     $html_propre = $purificateur->purify($html_a_purifier); | ||||
| ?> | ||||
| 
 | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										504
									
								
								library/ezyang/htmlpurifier/LICENSE
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										504
									
								
								library/ezyang/htmlpurifier/LICENSE
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,504 @@ | |||
| 		  GNU LESSER GENERAL PUBLIC LICENSE | ||||
| 		       Version 2.1, February 1999 | ||||
| 
 | ||||
|  Copyright (C) 1991, 1999 Free Software Foundation, Inc. | ||||
|  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA | ||||
|  Everyone is permitted to copy and distribute verbatim copies | ||||
|  of this license document, but changing it is not allowed. | ||||
| 
 | ||||
| [This is the first released version of the Lesser GPL.  It also counts | ||||
|  as the successor of the GNU Library Public License, version 2, hence | ||||
|  the version number 2.1.] | ||||
| 
 | ||||
| 			    Preamble | ||||
| 
 | ||||
|   The licenses for most software are designed to take away your | ||||
| freedom to share and change it.  By contrast, the GNU General Public | ||||
| Licenses are intended to guarantee your freedom to share and change | ||||
| free software--to make sure the software is free for all its users. | ||||
| 
 | ||||
|   This license, the Lesser General Public License, applies to some | ||||
| specially designated software packages--typically libraries--of the | ||||
| Free Software Foundation and other authors who decide to use it.  You | ||||
| can use it too, but we suggest you first think carefully about whether | ||||
| this license or the ordinary General Public License is the better | ||||
| strategy to use in any particular case, based on the explanations below. | ||||
| 
 | ||||
|   When we speak of free software, we are referring to freedom of use, | ||||
| not price.  Our General Public Licenses are designed to make sure that | ||||
| you have the freedom to distribute copies of free software (and charge | ||||
| for this service if you wish); that you receive source code or can get | ||||
| it if you want it; that you can change the software and use pieces of | ||||
| it in new free programs; and that you are informed that you can do | ||||
| these things. | ||||
| 
 | ||||
|   To protect your rights, we need to make restrictions that forbid | ||||
| distributors to deny you these rights or to ask you to surrender these | ||||
| rights.  These restrictions translate to certain responsibilities for | ||||
| you if you distribute copies of the library or if you modify it. | ||||
| 
 | ||||
|   For example, if you distribute copies of the library, whether gratis | ||||
| or for a fee, you must give the recipients all the rights that we gave | ||||
| you.  You must make sure that they, too, receive or can get the source | ||||
| code.  If you link other code with the library, you must provide | ||||
| complete object files to the recipients, so that they can relink them | ||||
| with the library after making changes to the library and recompiling | ||||
| it.  And you must show them these terms so they know their rights. | ||||
| 
 | ||||
|   We protect your rights with a two-step method: (1) we copyright the | ||||
| library, and (2) we offer you this license, which gives you legal | ||||
| permission to copy, distribute and/or modify the library. | ||||
| 
 | ||||
|   To protect each distributor, we want to make it very clear that | ||||
| there is no warranty for the free library.  Also, if the library is | ||||
| modified by someone else and passed on, the recipients should know | ||||
| that what they have is not the original version, so that the original | ||||
| author's reputation will not be affected by problems that might be | ||||
| introduced by others. | ||||
|  | ||||
|   Finally, software patents pose a constant threat to the existence of | ||||
| any free program.  We wish to make sure that a company cannot | ||||
| effectively restrict the users of a free program by obtaining a | ||||
| restrictive license from a patent holder.  Therefore, we insist that | ||||
| any patent license obtained for a version of the library must be | ||||
| consistent with the full freedom of use specified in this license. | ||||
| 
 | ||||
|   Most GNU software, including some libraries, is covered by the | ||||
| ordinary GNU General Public License.  This license, the GNU Lesser | ||||
| General Public License, applies to certain designated libraries, and | ||||
| is quite different from the ordinary General Public License.  We use | ||||
| this license for certain libraries in order to permit linking those | ||||
| libraries into non-free programs. | ||||
| 
 | ||||
|   When a program is linked with a library, whether statically or using | ||||
| a shared library, the combination of the two is legally speaking a | ||||
| combined work, a derivative of the original library.  The ordinary | ||||
| General Public License therefore permits such linking only if the | ||||
| entire combination fits its criteria of freedom.  The Lesser General | ||||
| Public License permits more lax criteria for linking other code with | ||||
| the library. | ||||
| 
 | ||||
|   We call this license the "Lesser" General Public License because it | ||||
| does Less to protect the user's freedom than the ordinary General | ||||
| Public License.  It also provides other free software developers Less | ||||
| of an advantage over competing non-free programs.  These disadvantages | ||||
| are the reason we use the ordinary General Public License for many | ||||
| libraries.  However, the Lesser license provides advantages in certain | ||||
| special circumstances. | ||||
| 
 | ||||
|   For example, on rare occasions, there may be a special need to | ||||
| encourage the widest possible use of a certain library, so that it becomes | ||||
| a de-facto standard.  To achieve this, non-free programs must be | ||||
| allowed to use the library.  A more frequent case is that a free | ||||
| library does the same job as widely used non-free libraries.  In this | ||||
| case, there is little to gain by limiting the free library to free | ||||
| software only, so we use the Lesser General Public License. | ||||
| 
 | ||||
|   In other cases, permission to use a particular library in non-free | ||||
| programs enables a greater number of people to use a large body of | ||||
| free software.  For example, permission to use the GNU C Library in | ||||
| non-free programs enables many more people to use the whole GNU | ||||
| operating system, as well as its variant, the GNU/Linux operating | ||||
| system. | ||||
| 
 | ||||
|   Although the Lesser General Public License is Less protective of the | ||||
| users' freedom, it does ensure that the user of a program that is | ||||
| linked with the Library has the freedom and the wherewithal to run | ||||
| that program using a modified version of the Library. | ||||
| 
 | ||||
|   The precise terms and conditions for copying, distribution and | ||||
| modification follow.  Pay close attention to the difference between a | ||||
| "work based on the library" and a "work that uses the library".  The | ||||
| former contains code derived from the library, whereas the latter must | ||||
| be combined with the library in order to run. | ||||
|  | ||||
| 		  GNU LESSER GENERAL PUBLIC LICENSE | ||||
|    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION | ||||
| 
 | ||||
|   0. This License Agreement applies to any software library or other | ||||
| program which contains a notice placed by the copyright holder or | ||||
| other authorized party saying it may be distributed under the terms of | ||||
| this Lesser General Public License (also called "this License"). | ||||
| Each licensee is addressed as "you". | ||||
| 
 | ||||
|   A "library" means a collection of software functions and/or data | ||||
| prepared so as to be conveniently linked with application programs | ||||
| (which use some of those functions and data) to form executables. | ||||
| 
 | ||||
|   The "Library", below, refers to any such software library or work | ||||
| which has been distributed under these terms.  A "work based on the | ||||
| Library" means either the Library or any derivative work under | ||||
| copyright law: that is to say, a work containing the Library or a | ||||
| portion of it, either verbatim or with modifications and/or translated | ||||
| straightforwardly into another language.  (Hereinafter, translation is | ||||
| included without limitation in the term "modification".) | ||||
| 
 | ||||
|   "Source code" for a work means the preferred form of the work for | ||||
| making modifications to it.  For a library, complete source code means | ||||
| all the source code for all modules it contains, plus any associated | ||||
| interface definition files, plus the scripts used to control compilation | ||||
| and installation of the library. | ||||
| 
 | ||||
|   Activities other than copying, distribution and modification are not | ||||
| covered by this License; they are outside its scope.  The act of | ||||
| running a program using the Library is not restricted, and output from | ||||
| such a program is covered only if its contents constitute a work based | ||||
| on the Library (independent of the use of the Library in a tool for | ||||
| writing it).  Whether that is true depends on what the Library does | ||||
| and what the program that uses the Library does. | ||||
| 
 | ||||
|   1. You may copy and distribute verbatim copies of the Library's | ||||
| complete source code as you receive it, in any medium, provided that | ||||
| you conspicuously and appropriately publish on each copy an | ||||
| appropriate copyright notice and disclaimer of warranty; keep intact | ||||
| all the notices that refer to this License and to the absence of any | ||||
| warranty; and distribute a copy of this License along with the | ||||
| Library. | ||||
| 
 | ||||
|   You may charge a fee for the physical act of transferring a copy, | ||||
| and you may at your option offer warranty protection in exchange for a | ||||
| fee. | ||||
|  | ||||
|   2. You may modify your copy or copies of the Library or any portion | ||||
| of it, thus forming a work based on the Library, and copy and | ||||
| distribute such modifications or work under the terms of Section 1 | ||||
| above, provided that you also meet all of these conditions: | ||||
| 
 | ||||
|     a) The modified work must itself be a software library. | ||||
| 
 | ||||
|     b) You must cause the files modified to carry prominent notices | ||||
|     stating that you changed the files and the date of any change. | ||||
| 
 | ||||
|     c) You must cause the whole of the work to be licensed at no | ||||
|     charge to all third parties under the terms of this License. | ||||
| 
 | ||||
|     d) If a facility in the modified Library refers to a function or a | ||||
|     table of data to be supplied by an application program that uses | ||||
|     the facility, other than as an argument passed when the facility | ||||
|     is invoked, then you must make a good faith effort to ensure that, | ||||
|     in the event an application does not supply such function or | ||||
|     table, the facility still operates, and performs whatever part of | ||||
|     its purpose remains meaningful. | ||||
| 
 | ||||
|     (For example, a function in a library to compute square roots has | ||||
|     a purpose that is entirely well-defined independent of the | ||||
|     application.  Therefore, Subsection 2d requires that any | ||||
|     application-supplied function or table used by this function must | ||||
|     be optional: if the application does not supply it, the square | ||||
|     root function must still compute square roots.) | ||||
| 
 | ||||
| These requirements apply to the modified work as a whole.  If | ||||
| identifiable sections of that work are not derived from the Library, | ||||
| and can be reasonably considered independent and separate works in | ||||
| themselves, then this License, and its terms, do not apply to those | ||||
| sections when you distribute them as separate works.  But when you | ||||
| distribute the same sections as part of a whole which is a work based | ||||
| on the Library, the distribution of the whole must be on the terms of | ||||
| this License, whose permissions for other licensees extend to the | ||||
| entire whole, and thus to each and every part regardless of who wrote | ||||
| it. | ||||
| 
 | ||||
| Thus, it is not the intent of this section to claim rights or contest | ||||
| your rights to work written entirely by you; rather, the intent is to | ||||
| exercise the right to control the distribution of derivative or | ||||
| collective works based on the Library. | ||||
| 
 | ||||
| In addition, mere aggregation of another work not based on the Library | ||||
| with the Library (or with a work based on the Library) on a volume of | ||||
| a storage or distribution medium does not bring the other work under | ||||
| the scope of this License. | ||||
| 
 | ||||
|   3. You may opt to apply the terms of the ordinary GNU General Public | ||||
| License instead of this License to a given copy of the Library.  To do | ||||
| this, you must alter all the notices that refer to this License, so | ||||
| that they refer to the ordinary GNU General Public License, version 2, | ||||
| instead of to this License.  (If a newer version than version 2 of the | ||||
| ordinary GNU General Public License has appeared, then you can specify | ||||
| that version instead if you wish.)  Do not make any other change in | ||||
| these notices. | ||||
|  | ||||
|   Once this change is made in a given copy, it is irreversible for | ||||
| that copy, so the ordinary GNU General Public License applies to all | ||||
| subsequent copies and derivative works made from that copy. | ||||
| 
 | ||||
|   This option is useful when you wish to copy part of the code of | ||||
| the Library into a program that is not a library. | ||||
| 
 | ||||
|   4. You may copy and distribute the Library (or a portion or | ||||
| derivative of it, under Section 2) in object code or executable form | ||||
| under the terms of Sections 1 and 2 above provided that you accompany | ||||
| it with the complete corresponding machine-readable source code, which | ||||
| must be distributed under the terms of Sections 1 and 2 above on a | ||||
| medium customarily used for software interchange. | ||||
| 
 | ||||
|   If distribution of object code is made by offering access to copy | ||||
| from a designated place, then offering equivalent access to copy the | ||||
| source code from the same place satisfies the requirement to | ||||
| distribute the source code, even though third parties are not | ||||
| compelled to copy the source along with the object code. | ||||
| 
 | ||||
|   5. A program that contains no derivative of any portion of the | ||||
| Library, but is designed to work with the Library by being compiled or | ||||
| linked with it, is called a "work that uses the Library".  Such a | ||||
| work, in isolation, is not a derivative work of the Library, and | ||||
| therefore falls outside the scope of this License. | ||||
| 
 | ||||
|   However, linking a "work that uses the Library" with the Library | ||||
| creates an executable that is a derivative of the Library (because it | ||||
| contains portions of the Library), rather than a "work that uses the | ||||
| library".  The executable is therefore covered by this License. | ||||
| Section 6 states terms for distribution of such executables. | ||||
| 
 | ||||
|   When a "work that uses the Library" uses material from a header file | ||||
| that is part of the Library, the object code for the work may be a | ||||
| derivative work of the Library even though the source code is not. | ||||
| Whether this is true is especially significant if the work can be | ||||
| linked without the Library, or if the work is itself a library.  The | ||||
| threshold for this to be true is not precisely defined by law. | ||||
| 
 | ||||
|   If such an object file uses only numerical parameters, data | ||||
| structure layouts and accessors, and small macros and small inline | ||||
| functions (ten lines or less in length), then the use of the object | ||||
| file is unrestricted, regardless of whether it is legally a derivative | ||||
| work.  (Executables containing this object code plus portions of the | ||||
| Library will still fall under Section 6.) | ||||
| 
 | ||||
|   Otherwise, if the work is a derivative of the Library, you may | ||||
| distribute the object code for the work under the terms of Section 6. | ||||
| Any executables containing that work also fall under Section 6, | ||||
| whether or not they are linked directly with the Library itself. | ||||
|  | ||||
|   6. As an exception to the Sections above, you may also combine or | ||||
| link a "work that uses the Library" with the Library to produce a | ||||
| work containing portions of the Library, and distribute that work | ||||
| under terms of your choice, provided that the terms permit | ||||
| modification of the work for the customer's own use and reverse | ||||
| engineering for debugging such modifications. | ||||
| 
 | ||||
|   You must give prominent notice with each copy of the work that the | ||||
| Library is used in it and that the Library and its use are covered by | ||||
| this License.  You must supply a copy of this License.  If the work | ||||
| during execution displays copyright notices, you must include the | ||||
| copyright notice for the Library among them, as well as a reference | ||||
| directing the user to the copy of this License.  Also, you must do one | ||||
| of these things: | ||||
| 
 | ||||
|     a) Accompany the work with the complete corresponding | ||||
|     machine-readable source code for the Library including whatever | ||||
|     changes were used in the work (which must be distributed under | ||||
|     Sections 1 and 2 above); and, if the work is an executable linked | ||||
|     with the Library, with the complete machine-readable "work that | ||||
|     uses the Library", as object code and/or source code, so that the | ||||
|     user can modify the Library and then relink to produce a modified | ||||
|     executable containing the modified Library.  (It is understood | ||||
|     that the user who changes the contents of definitions files in the | ||||
|     Library will not necessarily be able to recompile the application | ||||
|     to use the modified definitions.) | ||||
| 
 | ||||
|     b) Use a suitable shared library mechanism for linking with the | ||||
|     Library.  A suitable mechanism is one that (1) uses at run time a | ||||
|     copy of the library already present on the user's computer system, | ||||
|     rather than copying library functions into the executable, and (2) | ||||
|     will operate properly with a modified version of the library, if | ||||
|     the user installs one, as long as the modified version is | ||||
|     interface-compatible with the version that the work was made with. | ||||
| 
 | ||||
|     c) Accompany the work with a written offer, valid for at | ||||
|     least three years, to give the same user the materials | ||||
|     specified in Subsection 6a, above, for a charge no more | ||||
|     than the cost of performing this distribution. | ||||
| 
 | ||||
|     d) If distribution of the work is made by offering access to copy | ||||
|     from a designated place, offer equivalent access to copy the above | ||||
|     specified materials from the same place. | ||||
| 
 | ||||
|     e) Verify that the user has already received a copy of these | ||||
|     materials or that you have already sent this user a copy. | ||||
| 
 | ||||
|   For an executable, the required form of the "work that uses the | ||||
| Library" must include any data and utility programs needed for | ||||
| reproducing the executable from it.  However, as a special exception, | ||||
| the materials to be distributed need not include anything that is | ||||
| normally distributed (in either source or binary form) with the major | ||||
| components (compiler, kernel, and so on) of the operating system on | ||||
| which the executable runs, unless that component itself accompanies | ||||
| the executable. | ||||
| 
 | ||||
|   It may happen that this requirement contradicts the license | ||||
| restrictions of other proprietary libraries that do not normally | ||||
| accompany the operating system.  Such a contradiction means you cannot | ||||
| use both them and the Library together in an executable that you | ||||
| distribute. | ||||
|  | ||||
|   7. You may place library facilities that are a work based on the | ||||
| Library side-by-side in a single library together with other library | ||||
| facilities not covered by this License, and distribute such a combined | ||||
| library, provided that the separate distribution of the work based on | ||||
| the Library and of the other library facilities is otherwise | ||||
| permitted, and provided that you do these two things: | ||||
| 
 | ||||
|     a) Accompany the combined library with a copy of the same work | ||||
|     based on the Library, uncombined with any other library | ||||
|     facilities.  This must be distributed under the terms of the | ||||
|     Sections above. | ||||
| 
 | ||||
|     b) Give prominent notice with the combined library of the fact | ||||
|     that part of it is a work based on the Library, and explaining | ||||
|     where to find the accompanying uncombined form of the same work. | ||||
| 
 | ||||
|   8. You may not copy, modify, sublicense, link with, or distribute | ||||
| the Library except as expressly provided under this License.  Any | ||||
| attempt otherwise to copy, modify, sublicense, link with, or | ||||
| distribute the Library is void, and will automatically terminate your | ||||
| rights under this License.  However, parties who have received copies, | ||||
| or rights, from you under this License will not have their licenses | ||||
| terminated so long as such parties remain in full compliance. | ||||
| 
 | ||||
|   9. You are not required to accept this License, since you have not | ||||
| signed it.  However, nothing else grants you permission to modify or | ||||
| distribute the Library or its derivative works.  These actions are | ||||
| prohibited by law if you do not accept this License.  Therefore, by | ||||
| modifying or distributing the Library (or any work based on the | ||||
| Library), you indicate your acceptance of this License to do so, and | ||||
| all its terms and conditions for copying, distributing or modifying | ||||
| the Library or works based on it. | ||||
| 
 | ||||
|   10. Each time you redistribute the Library (or any work based on the | ||||
| Library), the recipient automatically receives a license from the | ||||
| original licensor to copy, distribute, link with or modify the Library | ||||
| subject to these terms and conditions.  You may not impose any further | ||||
| restrictions on the recipients' exercise of the rights granted herein. | ||||
| You are not responsible for enforcing compliance by third parties with | ||||
| this License. | ||||
|  | ||||
|   11. If, as a consequence of a court judgment or allegation of patent | ||||
| infringement or for any other reason (not limited to patent issues), | ||||
| conditions are imposed on you (whether by court order, agreement or | ||||
| otherwise) that contradict the conditions of this License, they do not | ||||
| excuse you from the conditions of this License.  If you cannot | ||||
| distribute so as to satisfy simultaneously your obligations under this | ||||
| License and any other pertinent obligations, then as a consequence you | ||||
| may not distribute the Library at all.  For example, if a patent | ||||
| license would not permit royalty-free redistribution of the Library by | ||||
| all those who receive copies directly or indirectly through you, then | ||||
| the only way you could satisfy both it and this License would be to | ||||
| refrain entirely from distribution of the Library. | ||||
| 
 | ||||
| If any portion of this section is held invalid or unenforceable under any | ||||
| particular circumstance, the balance of the section is intended to apply, | ||||
| and the section as a whole is intended to apply in other circumstances. | ||||
| 
 | ||||
| It is not the purpose of this section to induce you to infringe any | ||||
| patents or other property right claims or to contest validity of any | ||||
| such claims; this section has the sole purpose of protecting the | ||||
| integrity of the free software distribution system which is | ||||
| implemented by public license practices.  Many people have made | ||||
| generous contributions to the wide range of software distributed | ||||
| through that system in reliance on consistent application of that | ||||
| system; it is up to the author/donor to decide if he or she is willing | ||||
| to distribute software through any other system and a licensee cannot | ||||
| impose that choice. | ||||
| 
 | ||||
| This section is intended to make thoroughly clear what is believed to | ||||
| be a consequence of the rest of this License. | ||||
| 
 | ||||
|   12. If the distribution and/or use of the Library is restricted in | ||||
| certain countries either by patents or by copyrighted interfaces, the | ||||
| original copyright holder who places the Library under this License may add | ||||
| an explicit geographical distribution limitation excluding those countries, | ||||
| so that distribution is permitted only in or among countries not thus | ||||
| excluded.  In such case, this License incorporates the limitation as if | ||||
| written in the body of this License. | ||||
| 
 | ||||
|   13. The Free Software Foundation may publish revised and/or new | ||||
| versions of the Lesser General Public License from time to time. | ||||
| Such new versions will be similar in spirit to the present version, | ||||
| but may differ in detail to address new problems or concerns. | ||||
| 
 | ||||
| Each version is given a distinguishing version number.  If the Library | ||||
| specifies a version number of this License which applies to it and | ||||
| "any later version", you have the option of following the terms and | ||||
| conditions either of that version or of any later version published by | ||||
| the Free Software Foundation.  If the Library does not specify a | ||||
| license version number, you may choose any version ever published by | ||||
| the Free Software Foundation. | ||||
|  | ||||
|   14. If you wish to incorporate parts of the Library into other free | ||||
| programs whose distribution conditions are incompatible with these, | ||||
| write to the author to ask for permission.  For software which is | ||||
| copyrighted by the Free Software Foundation, write to the Free | ||||
| Software Foundation; we sometimes make exceptions for this.  Our | ||||
| decision will be guided by the two goals of preserving the free status | ||||
| of all derivatives of our free software and of promoting the sharing | ||||
| and reuse of software generally. | ||||
| 
 | ||||
| 			    NO WARRANTY | ||||
| 
 | ||||
|   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO | ||||
| WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. | ||||
| EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR | ||||
| OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY | ||||
| KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE | ||||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||||
| PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE | ||||
| LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME | ||||
| THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. | ||||
| 
 | ||||
|   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN | ||||
| WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY | ||||
| AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU | ||||
| FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR | ||||
| CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE | ||||
| LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING | ||||
| RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A | ||||
| FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF | ||||
| SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH | ||||
| DAMAGES. | ||||
| 
 | ||||
| 		     END OF TERMS AND CONDITIONS | ||||
|  | ||||
|            How to Apply These Terms to Your New Libraries | ||||
| 
 | ||||
|   If you develop a new library, and you want it to be of the greatest | ||||
| possible use to the public, we recommend making it free software that | ||||
| everyone can redistribute and change.  You can do so by permitting | ||||
| redistribution under these terms (or, alternatively, under the terms of the | ||||
| ordinary General Public License). | ||||
| 
 | ||||
|   To apply these terms, attach the following notices to the library.  It is | ||||
| safest to attach them to the start of each source file to most effectively | ||||
| convey the exclusion of warranty; and each file should have at least the | ||||
| "copyright" line and a pointer to where the full notice is found. | ||||
| 
 | ||||
|     <one line to give the library's name and a brief idea of what it does.> | ||||
|     Copyright (C) <year>  <name of author> | ||||
| 
 | ||||
|     This library is free software; you can redistribute it and/or | ||||
|     modify it under the terms of the GNU Lesser General Public | ||||
|     License as published by the Free Software Foundation; either | ||||
|     version 2.1 of the License, or (at your option) any later version. | ||||
| 
 | ||||
|     This library is distributed in the hope that it will be useful, | ||||
|     but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | ||||
|     Lesser General Public License for more details. | ||||
| 
 | ||||
|     You should have received a copy of the GNU Lesser General Public | ||||
|     License along with this library; if not, write to the Free Software | ||||
|     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA | ||||
| 
 | ||||
| Also add information on how to contact you by electronic and paper mail. | ||||
| 
 | ||||
| You should also get your employer (if you work as a programmer) or your | ||||
| school, if any, to sign a "copyright disclaimer" for the library, if | ||||
| necessary.  Here is a sample; alter the names: | ||||
| 
 | ||||
|   Yoyodyne, Inc., hereby disclaims all copyright interest in the | ||||
|   library `Frob' (a library for tweaking knobs) written by James Random Hacker. | ||||
| 
 | ||||
|   <signature of Ty Coon>, 1 April 1990 | ||||
|   Ty Coon, President of Vice | ||||
| 
 | ||||
| That's all there is to it! | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										1094
									
								
								library/ezyang/htmlpurifier/NEWS
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1094
									
								
								library/ezyang/htmlpurifier/NEWS
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,1094 @@ | |||
| NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier | ||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| | ||||
| 
 | ||||
| = KEY ==================== | ||||
|     # Breaks back-compat | ||||
|     ! Feature | ||||
|     - Bugfix | ||||
|       + Sub-comment | ||||
|     . Internal change | ||||
| ========================== | ||||
| 
 | ||||
| 4.7.0, released 2015-08-04 | ||||
| # opacity is now considered a "tricky" CSS property rather than a | ||||
|   proprietary one. | ||||
| ! %AutoFormat.RemoveEmpty.Predicate for specifying exactly when | ||||
|   an element should be considered "empty" (maybe preserve if it | ||||
|   has attributes), and modify iframe support so that the iframe | ||||
|   is removed if it is missing a src attribute.  Thanks meeva for | ||||
|   reporting. | ||||
| - Don't truncate upon encountering </div> when using DOMLex.  Thanks | ||||
|   Myrto Christina for finally convincing me to fix this. | ||||
| - Update YouTube filter for new code. | ||||
| - Fix parsing of rgb() values with spaces in them for 'border' | ||||
|   attribute. | ||||
| - Don't remove foo="" attributes if foo is a boolean attribute.  Thanks | ||||
|   valME for reporting. | ||||
| 
 | ||||
| 4.6.0, released 2013-11-30 | ||||
| # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret). | ||||
|   Please update any verification scripts you may have. | ||||
| # URI parsing algorithm was made more strict, so only prefixes which | ||||
|   looks like schemes will actually be schemes.  Thanks | ||||
|   Michael Gusev <mgusev@sugarcrm.com> for fixing. | ||||
| # %Core.EscapeInvalidChildren is no longer supported, and no longer does | ||||
|   anything. | ||||
| ! New directive %Core.AllowHostnameUnderscore which allows underscores | ||||
|   in hostnames. | ||||
| - Eliminate quadratic behavior in DOMLex by using a proper queue. | ||||
|   Thanks Ole Laursen for noticing this. | ||||
| - Rewritten MakeWellFormed/FixNesting implementation eliminates quadratic | ||||
|   behavior in the rest of the purificaiton pipeline.  Thanks Chedburn | ||||
|   Networks for sponsoring this work. | ||||
| - Made Linkify URL parser a bit less permissive, so that non-breaking | ||||
|   spaces and commas are not included as part of URL.  Thanks nAS for fixing. | ||||
| - Fix some bad interactions with %HTML.Allowed and injectors.  Thanks | ||||
|   David Hirtz for reporting. | ||||
| - Fix infinite loop in DirectLex. Thanks Ashar Javed (@soaj1664ashar) | ||||
|   for reporting. | ||||
| 
 | ||||
| 4.5.0, released 2013-02-17 | ||||
| # Fix bug where stacked attribute transforms clobber each other; | ||||
|   this also means it's no longer possible to override attribute | ||||
|   transforms in later modules.  No internal code was using this | ||||
|   but this may break some clients. | ||||
| # We now use SHA-1 to identify cached definitions, instead of MD5. | ||||
| ! Support display:inline-block | ||||
| ! Support for more white-space CSS values. | ||||
| ! Permit underscores in font families | ||||
| ! Support for page-break-* CSS3 properties when proprietary properties | ||||
|   are enabled. | ||||
| ! New directive %Core.DisableExcludes; can be set to 'true' to turn off | ||||
|   SGML excludes checking.  If HTML Purifier is removing too much text | ||||
|   and you don't care about full standards compliance, try setting this to | ||||
|   'true'. | ||||
| - Use prepend for SPL autoloading on PHP 5.3 and later. | ||||
| - Fix bug with nofollow transform when pre-existing rel exists. | ||||
| - Fix bug where background:url() always gets lower-cased | ||||
|   (but not background-image:url()) | ||||
| - Fix bug with non lower-case color names in HTML | ||||
| - Fix bug where data URI validation doesn't remove temporary files. | ||||
|   Thanks Javier Marín Ros <javiermarinros@gmail.com> for reporting. | ||||
| - Don't remove certain empty tags on RemoveEmpty. | ||||
| 
 | ||||
| 4.4.0, released 2012-01-18 | ||||
| # Removed PEARSax3 handler. | ||||
| # URI.Munge now munges URIs inside the same host that go from https | ||||
|   to http.  Reported by Neike Taika-Tessaro. | ||||
| # Core.EscapeNonASCIICharacters now always transforms entities to | ||||
|   entities, even if target encoding is UTF-8. | ||||
| # Tighten up selector validation in ExtractStyleBlocks. | ||||
|   Non-syntactically valid selectors are now rejected, along with | ||||
|   some of the more obscure ones such as attribute selectors, the | ||||
|   :lang pseudoselector, and anything not in CSS2.1.  Furthermore, | ||||
|   ID and class selectors now work properly with the relevant | ||||
|   configuration attributes.  Also, mute errors when parsing CSS | ||||
|   with CSS Tidy.  Reported by Mario Heiderich and Norman Hippert. | ||||
| ! Added support for 'scope' attribute on tables. | ||||
| ! Added %HTML.TargetBlank, which adds target="blank" to all outgoing links. | ||||
| ! Properly handle sub-lists directly nested inside of lists in | ||||
|   a standards compliant way, by moving them into the preceding <li> | ||||
| ! Added %HTML.AllowedComments and %HTML.AllowedCommentsRegexp for | ||||
|   limited allowed comments in untrusted situations. | ||||
| ! Implement iframes, and allow them to be used in untrusted mode with | ||||
|   %HTML.SafeIframe and %URI.SafeIframeRegexp.  Thanks Bradley M. Froehle | ||||
|   <brad.froehle@gmail.com> for submitting an initial version of the patch. | ||||
| ! The Forms module now works properly for transitional doctypes. | ||||
| ! Added support for internationalized domain names. You need the PEAR | ||||
|   Net_IDNA2 module to be in your path; if it is installed, ensure the | ||||
|   class can be loaded and then set %Core.EnableIDNA to true. | ||||
| - Color keywords are now case insensitive.  Thanks Yzmir Ramirez | ||||
|   <yramirez-htmlpurifier@adicio.com> for reporting. | ||||
| - Explicitly initialize anonModule variable to null. | ||||
| - Do not duplicate nofollow if already present.  Thanks 178 | ||||
|   for reporting. | ||||
| - Do not add nofollow if hostname matches our current host.  Thanks 178 | ||||
|   for reporting, and Neike Taika-Tessaro for helping diagnose. | ||||
| - Do not unset parser variable; this fixes intermittent serialization | ||||
|   problems.  Thanks Neike Taika-Tessaro for reporting, bill | ||||
|   <10010tiger@gmail.com> for diagnosing. | ||||
| - Fix iconv truncation bug, where non-UTF-8 target encodings see | ||||
|   output truncated after around 8000 characters.  Thanks Jörg Ludwig | ||||
|   <joerg.ludwig@iserv.eu> for reporting. | ||||
| - Fix broken table content model for XHTML1.1 (and also earlier | ||||
|   versions, although the W3C validator doesn't catch those violations). | ||||
|   Thanks GlitchMr <glitch.mr@gmail.com> for reporting. | ||||
| 
 | ||||
| 4.3.0, released 2011-03-27 | ||||
| # Fixed broken caching of customized raw definitions, but requires an | ||||
|   API change.  The old API still works but will emit a warning, | ||||
|   see http://htmlpurifier.org/docs/enduser-customize.html#optimized | ||||
|   for how to upgrade your code. | ||||
| # Protect against Internet Explorer innerHTML behavior by specially | ||||
|   treating attributes with backticks but no angled brackets, quotes or | ||||
|   spaces.  This constitutes a slight semantic change, which can be | ||||
|   reverted using %Output.FixInnerHTML.  Reported by Neike Taika-Tessaro | ||||
|   and Mario Heiderich. | ||||
| # Protect against cssText/innerHTML by restricting allowed characters | ||||
|   used in fonts further than mandated by the specification and encoding | ||||
|   some extra special characters in URLs.  Reported by Neike | ||||
|   Taika-Tessaro and Mario Heiderich. | ||||
| ! Added %HTML.Nofollow to add rel="nofollow" to external links. | ||||
| ! More types of SPL autoloaders allowed on later versions of PHP. | ||||
| ! Implementations for position, top, left, right, bottom, z-index | ||||
|   when %CSS.Trusted is on. | ||||
| ! Add %Cache.SerializerPermissions option for custom serializer | ||||
|   directory/file permissions | ||||
| ! Fix longstanding bug in Flash support for non-IE browsers, and | ||||
|   allow more wmode attributes. | ||||
| ! Add %CSS.AllowedFonts to restrict permissible font names. | ||||
| - Switch to an iterative traversal of the DOM, which prevents us | ||||
|   from running out of stack space for deeply nested documents. | ||||
|   Thanks Maxim Krizhanovsky for contributing a patch. | ||||
| - Make removal of conditional IE comments ungreedy; thanks Bernd | ||||
|   for reporting. | ||||
| - Escape CDATA before removing Internet Explorer comments. | ||||
| - Fix removal of id attributes under certain conditions by ensuring | ||||
|   armor attributes are preserved when recreating tags. | ||||
| - Check if schema.ser was corrupted. | ||||
| - Check if zend.ze1_compatibility_mode is on, and error out if it is. | ||||
|   This safety check is only done for HTMLPurifier.auto.php; if you | ||||
|   are using standalone or the specialized includes files, you're | ||||
|   expected to know what you're doing. | ||||
| - Stop repeatedly writing the cache file after I'm done customizing a | ||||
|   raw definition.  Reported by ajh. | ||||
| - Switch to using require_once in the Bootstrap to work around bad | ||||
|   interaction with Zend Debugger and APC.  Reported by Antonio Parraga. | ||||
| - Fix URI handling when hostname is missing but scheme is present. | ||||
|   Reported by Neike Taika-Tessaro. | ||||
| - Fix missing numeric entities on DirectLex; thanks Neike Taika-Tessaro | ||||
|   for reporting. | ||||
| - Fix harmless notice from indexing into empty string.  Thanks Matthijs | ||||
|   Kooijman <matthijs@stdin.nl> for reporting. | ||||
| - Don't autoclose no parent elements are able to support the element | ||||
|   that triggered the autoclose.  In particular fixes strange behavior | ||||
|   of stray <li> tags.  Thanks pkuliga@gmail.com for reporting and | ||||
|   Neike Taika-Tessaro <pinkgothic@gmail.com> for debugging assistance. | ||||
| 
 | ||||
| 4.2.0, released 2010-09-15 | ||||
| ! Added %Core.RemoveProcessingInstructions, which lets you remove | ||||
|   <? ... ?> statements. | ||||
| ! Added %URI.DisableResources functionality; the directive originally | ||||
|   did nothing.  Thanks David Rothstein for reporting. | ||||
| ! Add documentation about configuration directive types. | ||||
| ! Add %CSS.ForbiddenProperties configuration directive. | ||||
| ! Add %HTML.FlashAllowFullScreen to permit embedded Flash objects | ||||
|   to utilize full-screen mode. | ||||
| ! Add optional support for the <code>file</code> URI scheme, enable | ||||
|   by explicitly setting %URI.AllowedSchemes. | ||||
| ! Add %Core.NormalizeNewlines options to allow turning off newline | ||||
|   normalization. | ||||
| - Fix improper handling of Internet Explorer conditional comments | ||||
|   by parser.  Thanks zmonteca for reporting. | ||||
| - Fix missing attributes bug when running on Mac Snow Leopard and APC. | ||||
|   Thanks sidepodcast for the fix. | ||||
| - Warn if an element is allowed, but an attribute it requires is | ||||
|   not allowed. | ||||
| 
 | ||||
| 4.1.1, released 2010-05-31 | ||||
| - Fix undefined index warnings in maintenance scripts. | ||||
| - Fix bug in DirectLex for parsing elements with a single attribute | ||||
|   with entities. | ||||
| - Rewrite CSS output logic for font-family and url().  Thanks Mario | ||||
|   Heiderich <mario.heiderich@googlemail.com> for reporting and Takeshi | ||||
|   Terada <t-terada@violet.plala.or.jp> for suggesting the fix. | ||||
| - Emit an error for CollectErrors if a body is extracted | ||||
| - Fix bug where in background-position for center keyword handling. | ||||
| - Fix infinite loop when a wrapper element is inserted in a context | ||||
|   where it's not allowed.  Thanks Lars <lars@renoz.dk> for reporting. | ||||
| - Remove +x bit and shebang from index.php; only supported mode is to | ||||
|   explicitly call it with php. | ||||
| - Make test script less chatty when log_errors is on. | ||||
| 
 | ||||
| 4.1.0, released 2010-04-26 | ||||
| ! Support proprietary height attribute on table element | ||||
| ! Support YouTube slideshows that contain /cp/ in their URL. | ||||
| ! Support for data: URI scheme; not enabled by default, add it using | ||||
|   %URI.AllowedSchemes | ||||
| ! Support flashvars when using %HTML.SafeObject and %HTML.SafeEmbed. | ||||
| ! Support for Internet Explorer compatibility with %HTML.SafeObject | ||||
|   using %Output.FlashCompat. | ||||
| ! Handle <ol><ol> properly, by inserting the necessary <li> tag. | ||||
| - Always quote the insides of url(...) in CSS. | ||||
| 
 | ||||
| 4.0.0, released 2009-07-07 | ||||
| # APIs for ConfigSchema subsystem have substantially changed. See | ||||
|   docs/dev-config-bcbreaks.txt for details; in essence, anything that | ||||
|   had both namespace and directive now have a single unified key. | ||||
| # Some configuration directives were renamed, specifically: | ||||
|     %AutoFormatParam.PurifierLinkifyDocURL -> %AutoFormat.PurifierLinkify.DocURL | ||||
|     %FilterParam.ExtractStyleBlocksEscaping -> %Filter.ExtractStyleBlocks.Escaping | ||||
|     %FilterParam.ExtractStyleBlocksScope -> %Filter.ExtractStyleBlocks.Scope | ||||
|     %FilterParam.ExtractStyleBlocksTidyImpl -> %Filter.ExtractStyleBlocks.TidyImpl | ||||
|   As usual, the old directive names will still work, but will throw E_NOTICE | ||||
|   errors. | ||||
| # The allowed values for class have been relaxed to allow all of CDATA for | ||||
|   doctypes that are not XHTML 1.1 or XHTML 2.0.  For old behavior, set | ||||
|   %Attr.ClassUseCDATA to false. | ||||
| # Instead of appending the content model to an old content model, a blank | ||||
|   element will replace the old content model.  You can use #SUPER to get | ||||
|   the old content model. | ||||
| ! More robust support for name="" and id="" | ||||
| ! HTMLPurifier_Config::inherit($config) allows you to inherit one | ||||
|   configuration, and have changes to that configuration be propagated | ||||
|   to all of its children. | ||||
| ! Implement %HTML.Attr.Name.UseCDATA, which relaxes validation rules on | ||||
|   the name attribute when set. Use with care. Thanks Ian Cook for | ||||
|   sponsoring. | ||||
| ! Implement %AutoFormat.RemoveEmpty.RemoveNbsp, which removes empty | ||||
|   tags that contain non-breaking spaces as well other whitespace. You | ||||
|   can also modify which tags should have   maintained with | ||||
|   %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions. | ||||
| ! Implement %Attr.AllowedClasses, which allows administrators to restrict | ||||
|   classes users can use to a specified finite set of classes, and | ||||
|   %Attr.ForbiddenClasses, which is the logical inverse. | ||||
| ! You can now maintain your own configuration schema directories by | ||||
|   creating a config-schema.php file or passing an extra argument. Check | ||||
|   docs/dev-config-schema.html for more details. | ||||
| ! Added HTMLPurifier_Config->serialize() method, which lets you save away | ||||
|   your configuration in a compact serial file, which you can unserialize | ||||
|   and use directly without having to go through the overhead of setup. | ||||
| - Fix bug where URIDefinition would not get cleared if it's directives got | ||||
|   changed. | ||||
| - Fix fatal error in HTMLPurifier_Encoder on certain platforms (probably NetBSD 5.0) | ||||
| - Fix bug in Linkify autoformatter involving <a><span>http://foo</span></a> | ||||
| - Make %URI.Munge not apply to links that have the same host as your host. | ||||
| - Prevent stray </body> tag from truncating output, if a second </body> | ||||
|   is present. | ||||
| . Created script maintenance/rename-config.php for renaming a configuration | ||||
|   directive while maintaining its alias.  This script does not change source code. | ||||
| . Implement namespace locking for definition construction, to prevent | ||||
|   bugs where a directive is used for definition construction but is not | ||||
|   used to construct the cache hash. | ||||
| 
 | ||||
| 3.3.0, released 2009-02-16 | ||||
| ! Implement CSS property 'overflow' when %CSS.AllowTricky is true. | ||||
| ! Implement generic property list classess | ||||
| - Fix bug with testEncodingSupportsASCII() algorithm when iconv() implementation | ||||
|   does not do the "right thing" with characters not supported in the output | ||||
|   set. | ||||
| - Spellcheck UTF-8: The Secret To Character Encoding | ||||
| - Fix improper removal of the contents of elements with only whitespace. Thanks | ||||
|   Eric Wald for reporting. | ||||
| - Fix broken test suite in versions of PHP without spl_autoload_register() | ||||
| - Fix degenerate case with YouTube filter involving double hyphens. | ||||
|   Thanks Pierre Attar for reporting. | ||||
| - Fix YouTube rendering problem on certain versions of Firefox. | ||||
| - Fix CSSDefinition Printer problems with decorators | ||||
| - Add text parameter to unit tests, forces text output | ||||
| . Add verbose mode to command line test runner, use (--verbose) | ||||
| . Turn on unit tests for UnitConverter | ||||
| . Fix missing version number in configuration %Attr.DefaultImageAlt (added 3.2.0) | ||||
| . Fix newline errors that caused spurious failures when CRLF HTML Purifier was | ||||
|   tested on Linux. | ||||
| . Removed trailing whitespace from all text files, see | ||||
|   remote-trailing-whitespace.php maintenance script. | ||||
| . Convert configuration to use property list backend. | ||||
| 
 | ||||
| 3.2.0, released 2008-10-31 | ||||
| # Using %Core.CollectErrors forces line number/column tracking on, whereas | ||||
|   previously you could theoretically turn it off. | ||||
| # HTMLPurifier_Injector->notifyEnd() is formally deprecated. Please | ||||
|   use handleEnd() instead. | ||||
| ! %Output.AttrSort for when you need your attributes in alphabetical order to | ||||
|   deal with a bug in FCKEditor. Requested by frank farmer. | ||||
| ! Enable HTML comments when %HTML.Trusted is on. Requested by Waldo Jaquith. | ||||
| ! Proper support for name attribute. It is now allowed and equivalent to the id | ||||
|   attribute in a and img tags, and is only converted to id when %HTML.TidyLevel | ||||
|   is heavy (for all doctypes). | ||||
| ! %AutoFormat.RemoveEmpty to remove some empty tags from documents. Please don't | ||||
|   use on hand-written HTML. | ||||
| ! Add error-cases for unsupported elements in MakeWellFormed. This enables | ||||
|   the strategy to be used, standalone, on untrusted input. | ||||
| ! %Core.AggressivelyFixLt is on by default. This causes more sensible | ||||
|   processing of left angled brackets in smileys and other whatnot. | ||||
| ! Test scripts now have a 'type' parameter, which lets you say 'htmlpurifier', | ||||
|   'phpt', 'vtest', etc. in order to only execute those tests. This supercedes | ||||
|   the --only-phpt parameter, although for backwards-compatibility the flag | ||||
|   will still work. | ||||
| ! AutoParagraph auto-formatter will now preserve double-newlines upon output. | ||||
|   Users who are not performing inbound filtering, this may seem a little | ||||
|   useless, but as a bonus, the test suite and handling of edge cases is also | ||||
|   improved. | ||||
| ! Experimental implementation of forms for %HTML.Trusted | ||||
| ! Track column numbers when maintain line numbers is on | ||||
| ! Proprietary 'background' attribute on table-related elements converted into | ||||
|   corresponding CSS.  Thanks Fusemail for sponsoring this feature! | ||||
| ! Add forward(), forwardUntilEndToken(), backward() and current() to Injector | ||||
|   supertype. | ||||
| ! HTMLPurifier_Injector->handleEnd() permits modification to end tokens. The | ||||
|   time of operation varies slightly from notifyEnd() as *all* end tokens are | ||||
|   processed by the injector before they are subject to the well-formedness rules. | ||||
| ! %Attr.DefaultImageAlt allows overriding default behavior of setting alt to | ||||
|   basename of image when not present. | ||||
| ! %AutoFormat.DisplayLinkURI neuters <a> tags into plain text URLs. | ||||
| - Fix two bugs in %URI.MakeAbsolute; one involving empty paths in base URLs, | ||||
|   the other involving an undefined $is_folder error. | ||||
| - Throw error when %Core.Encoding is set to a spurious value. Previously, | ||||
|   this errored silently and returned false. | ||||
| - Redirected stderr to stdout for flush error output. | ||||
| - %URI.DisableExternal will now use the host in %URI.Base if %URI.Host is not | ||||
|   available. | ||||
| - Do not re-munge URL if the output URL has the same host as the input URL. | ||||
|   Requested by Chris. | ||||
| - Fix error in documentation regarding %Filter.ExtractStyleBlocks | ||||
| - Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment | ||||
| - Fix bug with inline elements in blockquotes conflicting with strict doctype | ||||
| - Detect if HTML support is disabled for DOM by checking for loadHTML() method. | ||||
| - Fix bug where dots and double-dots in absolute URLs without hostname were | ||||
|   not collapsed by URIFilter_MakeAbsolute. | ||||
| - Fix bug with anonymous modules operating on SafeEmbed or SafeObject elements | ||||
|   by reordering their addition. | ||||
| - Will now throw exception on many error conditions during lexer creation; also | ||||
|   throw an exception when MaintainLineNumbers is true, but a non-tracksLineNumbers | ||||
|   is being used. | ||||
| - Detect if domxml extension is loaded, and use DirectLEx accordingly. | ||||
| - Improve handling of big numbers with floating point arithmetic in UnitConverter. | ||||
|   Reported by David Morton. | ||||
| . Strategy_MakeWellFormed now operates in-place, saving memory and allowing | ||||
|   for more interesting filter-backtracking | ||||
| . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind | ||||
|   index to reprocess tokens. | ||||
| . StringHashParser now allows for multiline sections with "empty" content; | ||||
|   previously the section would remain undefined. | ||||
| . Added --quick option to multitest.php, which tests only the most recent | ||||
|   release for each series. | ||||
| . Added --distro option to multitest.php, which accepts either 'normal' or | ||||
|   'standalone'. This supercedes --exclude-normal and --exclude-standalone | ||||
| 
 | ||||
| 3.1.1, released 2008-06-19 | ||||
| # %URI.Munge now, by default, does not munge resources (for example, <img src="">) | ||||
|   In order to enable this again, please set %URI.MungeResources to true. | ||||
| ! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength, | ||||
|   and height/width HTML with %HTML.MaxImgLength. | ||||
| ! %URI.MungeSecretKey for secure URI munging. Thanks Chris | ||||
|   for sponsoring this feature. Check out the corresponding documentation | ||||
|   for details. (Att Nightly testers: The API for this feature changed before | ||||
|   the general release. Namely, rename your directives %URI.SecureMungeSecretKey => | ||||
|   %URI.MungeSecretKey and and %URI.SecureMunge => %URI.Munge) | ||||
| ! Implemented post URI filtering. Set member variable $post to true to set | ||||
|   a URIFilter as such. | ||||
| ! Allow modules to define injectors via $info_injector. Injectors are | ||||
|   automatically disabled if injector's needed elements are not found. | ||||
| ! Support for "safe" objects added, use %HTML.SafeObject and %HTML.SafeEmbed. | ||||
|   Thanks Chris for sponsoring. If you've been using ad hoc code from the | ||||
|   forums, PLEASE use this instead. | ||||
| ! Added substitutions for %e, %n, %a and %p in %URI.Munge (in order, | ||||
|   embedded, tag name, attribute name, CSS property name). See %URI.Munge | ||||
|   for more details. Requested by Jochem Blok. | ||||
| - Disable percent height/width attributes for img. | ||||
| - AttrValidator operations are now atomic; updates to attributes are not | ||||
|   manifest in token until end of operations. This prevents naughty internal | ||||
|   code from directly modifying CurrentToken when they're not supposed to. | ||||
|   This semantics change was requested by frank farmer. | ||||
| - Percent encoding checks enabled for URI query and fragment | ||||
| - Fix stray backslashes in font-family; CSS Unicode character escapes are | ||||
|   now properly resolved (although *only* in font-family). Thanks Takeshi Terada | ||||
|   for reporting. | ||||
| - Improve parseCDATA algorithm to take into account newline normalization | ||||
| - Account for browser confusion between Yen character and backslash in | ||||
|   Shift_JIS encoding. This fix generalizes to any other encoding which is not | ||||
|   a strict superset of printable ASCII. Thanks Takeshi Terada for reporting. | ||||
| - Fix missing configuration parameter in Generator calls. Thanks vs for the | ||||
|   partial patch. | ||||
| - Improved adherence to Unicode by checking for non-character codepoints. | ||||
|   Thanks Geoffrey Sneddon for reporting. This may result in degraded | ||||
|   performance for extremely large inputs. | ||||
| - Allow CSS property-value pair ''text-decoration: none''. Thanks Jochem Blok | ||||
|   for reporting. | ||||
| . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient | ||||
|   handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses | ||||
|   this class. | ||||
| . API of HTMLPurifier_AttrDef_CSS_Length changed from __construct($disable_negative) | ||||
|   to __construct($min, $max). __construct(true) is equivalent to | ||||
|   __construct('0'). | ||||
| . Added HTMLPurifier_AttrDef_Switch class | ||||
| . Rename HTMLPurifier_HTMLModule_Tidy->construct() to setup() and bubble method | ||||
|   up inheritance hierarchy to HTMLPurifier_HTMLModule. All HTMLModules | ||||
|   get this called with the configuration object.  All modules now | ||||
|   use this rather than __construct(), although legacy code using constructors | ||||
|   will still work--the new format, however, lets modules access the | ||||
|   configuration object for HTML namespace dependant tweaks. | ||||
| . AttrDef_HTML_Pixels now takes a single construction parameter, pixels. | ||||
| . ConfigSchema data-structure heavily optimized; on average it uses a third | ||||
|   the memory it did previously. The interface has changed accordingly, | ||||
|   consult changes to HTMLPurifier_Config for details. | ||||
| . Variable parsing types now are magic integers instead of strings | ||||
| . Added benchmark for ConfigSchema | ||||
| . HTMLPurifier_Generator requires $config and $context parameters. If you | ||||
|   don't know what they should be, use HTMLPurifier_Config::createDefault() | ||||
|   and new HTMLPurifier_Context(). | ||||
| . Printers now properly distinguish between output configuration, and | ||||
|   target configuration. This is not applicable to scripts using | ||||
|   the Printers for HTML Purifier related tasks. | ||||
| . HTML/CSS Printers must be primed with prepareGenerator($gen_config), otherwise | ||||
|   fatal errors will ensue. | ||||
| . URIFilter->prepare can return false in order to abort loading of the filter | ||||
| . Factory for AttrDef_URI implemented, URI#embedded to indicate URI that embeds | ||||
|   an external resource. | ||||
| . %URI.Munge functionality factored out into a post-filter class. | ||||
| . Added CurrentCSSProperty context variable during CSS validation | ||||
| 
 | ||||
| 3.1.0, released 2008-05-18 | ||||
| # Unnecessary references to objects (vestiges of PHP4) removed from method | ||||
|   signatures.  The following methods do not need references when assigning from | ||||
|   them and will result in E_STRICT errors if you try: | ||||
|     + HTMLPurifier_Config->get*Definition() [* = HTML, CSS] | ||||
|     + HTMLPurifier_ConfigSchema::instance() | ||||
|     + HTMLPurifier_DefinitionCacheFactory::instance() | ||||
|     + HTMLPurifier_DefinitionCacheFactory->create() | ||||
|     + HTMLPurifier_DoctypeRegistry->register() | ||||
|     + HTMLPurifier_DoctypeRegistry->get() | ||||
|     + HTMLPurifier_HTMLModule->addElement() | ||||
|     + HTMLPurifier_HTMLModule->addBlankElement() | ||||
|     + HTMLPurifier_LanguageFactory::instance() | ||||
| # Printer_ConfigForm's get*() functions were static-ified | ||||
| # %HTML.ForbiddenAttributes requires attribute declarations to be in the | ||||
|   form of tag@attr, NOT tag.attr (which will throw an error and won't do | ||||
|   anything). This is for forwards compatibility with XML; you'd do best | ||||
|   to migrate an %HTML.AllowedAttributes directives to this syntax too. | ||||
| ! Allow index to be false for config from form creation | ||||
| ! Added HTMLPurifier::VERSION constant | ||||
| ! Commas, not dashes, used for serializer IDs. This change is forwards-compatible | ||||
|   and allows for version numbers like "3.1.0-dev". | ||||
| ! %HTML.Allowed deals gracefully with whitespace anywhere, anytime! | ||||
| ! HTML Purifier's URI handling is a lot more robust, with much stricter | ||||
|   validation checks and better percent encoding handling. Thanks Gareth Heyes | ||||
|   for indicating security vulnerabilities from lax percent encoding. | ||||
| ! Bootstrap autoloader deals more robustly with classes that don't exist, | ||||
|   preventing class_exists($class, true) from barfing. | ||||
| - InterchangeBuilder now alphabetizes its lists | ||||
| - Validation error in configdoc output fixed | ||||
| - Iconv and other encoding errors muted even with custom error handlers that | ||||
|   do not honor error_reporting | ||||
| - Add protection against imagecrash attack with CSS height/width | ||||
| - HTMLPurifier::instance() created for consistency, is equivalent to getInstance() | ||||
| - Fixed and revamped broken ConfigForm smoketest | ||||
| - Bug with bool/null fields in Printer_ConfigForm fixed | ||||
| - Bug with global forbidden attributes fixed | ||||
| - Improved error messages for allowed and forbidden HTML elements and attributes | ||||
| - Missing (or null) in configdoc documentation restored | ||||
| - If DOM throws and exception during parsing with PH5P (occurs in newer versions | ||||
|   of DOM), HTML Purifier punts to DirectLex | ||||
| - Fatal error with unserialization of ScriptRequired | ||||
| - Created directories are now chmod'ed properly | ||||
| - Fixed bug with fallback languages in LanguageFactory | ||||
| - Standalone testing setup properly with autoload | ||||
| . Out-of-date documentation revised | ||||
| . UTF-8 encoding check optimization as suggested by Diego | ||||
| . HTMLPurifier_Error removed in favor of exceptions | ||||
| . More copy() function removed; should use clone instead | ||||
| . More extensive unit tests for HTMLDefinition | ||||
| . assertPurification moved to central harness | ||||
| . HTMLPurifier_Generator accepts $config and $context parameters during | ||||
|   instantiation, not runtime | ||||
| . Double-quotes outside of attribute values are now unescaped | ||||
| 
 | ||||
| 3.1.0rc1, released 2008-04-22 | ||||
| # Autoload support added. Internal require_once's removed in favor of an | ||||
|   explicit require list or autoloading. To use HTML Purifier, | ||||
|   you must now either use HTMLPurifier.auto.php | ||||
|   or HTMLPurifier.includes.php; setting the include path and including | ||||
|   HTMLPurifier.php is insufficient--in such cases include HTMLPurifier.autoload.php | ||||
|   as well to register our autoload handler (or modify your autoload function | ||||
|   to check HTMLPurifier_Bootstrap::getPath($class)). You can also use | ||||
|   HTMLPurifier.safe-includes.php for a less performance friendly but more | ||||
|   user-friendly library load. | ||||
| # HTMLPurifier_ConfigSchema static functions are officially deprecated. Schema | ||||
|   information is stored in the ConfigSchema directory, and the | ||||
|   maintenance/generate-schema-cache.php generates the schema.ser file, which | ||||
|   is now instantiated. Support for userland schema changes coming soon! | ||||
| # HTMLPurifier_Config will now throw E_USER_NOTICE when you use a directive | ||||
|   alias; to get rid of these errors just modify your configuration to use | ||||
|   the new directive name. | ||||
| # HTMLPurifier->addFilter is deprecated; built-in filters can now be | ||||
|   enabled using %Filter.$filter_name or by setting your own filters using | ||||
|   %Filter.Custom | ||||
| # Directive-level safety properties superceded in favor of module-level | ||||
|   safety. Internal method HTMLModule->addElement() has changed, although | ||||
|   the externally visible HTMLDefinition->addElement has *not* changed. | ||||
| ! Extra utility classes for testing and non-library operations can | ||||
|   be found in extras/. Specifically, these are FSTools and ConfigDoc. | ||||
|   You may find a use for these in your own project, but right now they | ||||
|   are highly experimental and volatile. | ||||
| ! Integration with PHPT allows for automated smoketests | ||||
| ! Limited support for proprietary HTML elements, namely <marquee>, sponsored | ||||
|   by Chris. You can enable them with %HTML.Proprietary if your client | ||||
|   demands them. | ||||
| ! Support for !important CSS cascade modifier. By default, this will be stripped | ||||
|   from CSS, but you can enable it using %CSS.AllowImportant | ||||
| ! Support for display and visibility CSS properties added, set %CSS.AllowTricky | ||||
|   to true to use them. | ||||
| ! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception. | ||||
|   Developer error (not enduser error) can cause these to be triggered. | ||||
| ! Experimental kses() wrapper introduced with HTMLPurifier.kses.php | ||||
| ! Finally %CSS.AllowedProperties for tweaking allowed CSS properties without | ||||
|   mucking around with HTMLPurifier_CSSDefinition | ||||
| ! ConfigDoc output has been enhanced with version and deprecation info. | ||||
| ! %HTML.ForbiddenAttributes and %HTML.ForbiddenElements implemented. | ||||
| - Autoclose now operates iteratively, i.e. <span><span><div> now has | ||||
|   both span tags closed. | ||||
| - Various HTMLPurifier_Config convenience functions now accept another parameter | ||||
|   $schema which defines what HTMLPurifier_ConfigSchema to use besides the | ||||
|   global default. | ||||
| - Fix bug with trusted script handling in libxml versions later than 2.6.28. | ||||
| - Fix bug in ExtractStyleBlocks with comments in style tags | ||||
| - Fix bug in comment parsing for DirectLex | ||||
| - Flush output now displayed when in command line mode for unit tester | ||||
| - Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax | ||||
| - HTMLPurifier_HTMLDefinition->addAttribute can now be called multiple times | ||||
|   on the same element without emitting errors. | ||||
| - Fixed fatal error in PH5P lexer with invalid tag names | ||||
| . Plugins now get their own changelogs according to project conventions. | ||||
| . Convert tokens to use instanceof, reducing memory footprint and | ||||
|   improving comparison speed. | ||||
| . Dry runs now supported in SimpleTest; testing facilities improved | ||||
| . Bootstrap class added for handling autoloading functionality | ||||
| . Implemented recursive glob at FSTools->globr | ||||
| . ConfigSchema now has instance methods for all corresponding define* | ||||
|   static methods. | ||||
| . A couple of new historical maintenance scripts were added. | ||||
| . HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php split into two files | ||||
| . tests/index.php can now be run from any directory. | ||||
| . HTMLPurifier_Token subclasses split into seperate files | ||||
| . HTMLPURIFIER_PREFIX now is defined in Bootstrap.php, NOT HTMLPurifier.php | ||||
| . HTMLPURIFIER_PREFIX can now be defined outside of HTML Purifier | ||||
| . New --php=php flag added, allows PHP executable to be specified (command | ||||
|   line only!) | ||||
| . htmlpurifier_add_test() preferred method to translate test files in to | ||||
|   classes, because it handles PHPT files too. | ||||
| . Debugger class is deprecated and will be removed soon. | ||||
| . Command line argument parsing for testing scripts revamped, now --opt value | ||||
|   format is supported. | ||||
| . Smoketests now cleanup after magic quotes | ||||
| . Generator now can output comments (however, comments are still stripped | ||||
|   from HTML Purifier output) | ||||
| . HTMLPurifier_ConfigSchema->validate() deprecated in favor of | ||||
|   HTMLPurifier_VarParser->parse() | ||||
| . Integers auto-cast into float type by VarParser. | ||||
| . HTMLPURIFIER_STRICT removed; no validation is performed on runtime, only | ||||
|   during cache generation | ||||
| . Reordered script calls in maintenance/flush.php | ||||
| . Command line scripts now honor exit codes | ||||
| . When --flush fails in unit testers, abort tests and print message | ||||
| . Improved documentation in docs/dev-flush.html about the maintenance scripts | ||||
| . copy() methods removed in favor of clone keyword | ||||
| 
 | ||||
| 3.0.0, released 2008-01-06 | ||||
| # HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained | ||||
|   until PHP 4 is completely deprecated, but no new features will be added | ||||
|   to it. | ||||
|   + Visibility declarations added | ||||
|   + Constructor methods renamed to __construct() | ||||
|   + PHP4 reference cruft removed (in progress) | ||||
| ! CSS properties are now case-insensitive | ||||
| ! DefinitionCacheFactory now can register new implementations | ||||
| ! New HTMLPurifier_Filter_ExtractStyleBlocks for extracting <style> from | ||||
|   documents and cleaning their contents up. Requires the CSSTidy library | ||||
|   <http://csstidy.sourceforge.net/>. You can access the blocks with the | ||||
|   'StyleBlocks' Context variable ($purifier->context->get('StyleBlocks')). | ||||
|   The output CSS can also be "scoped" for a specific element, use: | ||||
|   %Filter.ExtractStyleBlocksScope | ||||
| ! Experimental support for some proprietary CSS attributes allowed: | ||||
|   opacity (and all of the browser-specific equivalents) and scrollbar colors. | ||||
|   Enable by setting %CSS.Proprietary to true. | ||||
| - Colors missing # but in hex form will be corrected | ||||
| - CSS Number algorithm improved | ||||
| - Unit testing and multi-testing now on steroids: command lines, | ||||
|   XML output, and other goodies now added. | ||||
| . Unit tests for Injector improved | ||||
| . New classes: | ||||
|   + HTMLPurifier_AttrDef_CSS_AlphaValue | ||||
|   + HTMLPurifier_AttrDef_CSS_Filter | ||||
| . Multitest now has a file docblock | ||||
| 
 | ||||
| 2.1.3, released 2007-11-05 | ||||
| ! tests/multitest.php allows you to test multiple versions by running | ||||
|   tests/index.php through multiple interpreters using `phpv` shell | ||||
|   script (you must provide this script!) | ||||
| - Fixed poor include ordering for Email URI AttrDefs, causes fatal errors | ||||
|   on some systems. | ||||
| - Injector algorithm further refined: off-by-one error regarding skip | ||||
|   counts for dormant injectors fixed | ||||
| - Corrective blockquote definition now enabled for HTML 4.01 Strict | ||||
| - Fatal error when <img> tag (or any other element with required attributes) | ||||
|   has 'id' attribute fixed, thanks NykO18 for reporting | ||||
| - Fix warning emitted when a non-supported URI scheme is passed to the | ||||
|   MakeAbsolute URIFilter, thanks NykO18 (again) | ||||
| - Further refine AutoParagraph injector. Behavior inside of elements | ||||
|   allowing paragraph tags clarified: only inline content delimeted by | ||||
|   double newlines (not block elements) are paragraphed. | ||||
| - Buggy treatment of end tags of elements that have required attributes | ||||
|   fixed (does not manifest on default tag-set) | ||||
| - Spurious internal content reorganization error suppressed | ||||
| - HTMLDefinition->addElement now returns a reference to the created | ||||
|   element object, as implied by the documentation | ||||
| - Phorum mod's HTML Purifier help message expanded (unreleased elsewhere) | ||||
| - Fix a theoretical class of infinite loops from DirectLex reported | ||||
|   by Nate Abele | ||||
| - Work around unnecessary DOMElement type-cast in PH5P that caused errors | ||||
|   in PHP 5.1 | ||||
| - Work around PHP 4 SimpleTest lack-of-error complaining for one-time-only | ||||
|   HTMLDefinition errors, this may indicate problems with error-collecting | ||||
|   facilities in PHP 5 | ||||
| - Make ErrorCollectorEMock work in both PHP 4 and PHP 5 | ||||
| - Make PH5P work with PHP 5.0 by removing unnecessary array parameter typedef | ||||
| . %Core.AcceptFullDocuments renamed to %Core.ConvertDocumentToFragment | ||||
|   to better communicate its purpose | ||||
| . Error unit tests can now specify the expectation of no errors. Future | ||||
|   iterations of the harness will be extremely strict about what errors | ||||
|   are allowed | ||||
| . Extend Injector hooks to allow for more powerful injector routines | ||||
| . HTMLDefinition->addBlankElement created, as according to the HTMLModule | ||||
|   method | ||||
| . Doxygen configuration file updated, with minor improvements | ||||
| . Test runner now checks for similarly named files in conf/ directory too. | ||||
| . Minor cosmetic change to flush-definition-cache.php: trailing newline is | ||||
|   outputted | ||||
| . Maintenance script for generating PH5P patch added, original PH5P source | ||||
|   file also added under version control | ||||
| . Full unit test runner script title made more descriptive with PHP version | ||||
| . Updated INSTALL file to state that 4.3.7 is the earliest version we | ||||
|   are actively testing | ||||
| 
 | ||||
| 2.1.2, released 2007-09-03 | ||||
| ! Implemented Object module for trusted users | ||||
| ! Implemented experimental HTML5 parsing mode using PH5P. To use, add | ||||
|   this to your code: | ||||
|         require_once 'HTMLPurifier/Lexer/PH5P.php'; | ||||
|         $config->set('Core', 'LexerImpl', 'PH5P'); | ||||
|   Note that this Lexer introduces some classes not in the HTMLPurifier | ||||
|   namespace.  Also, this is PHP5 only. | ||||
| ! CSS property border-spacing implemented | ||||
| - Fix non-visible parsing error in DirectLex with empty tags that have | ||||
|   slashes inside attribute values. | ||||
| - Fix typo in CSS definition: border-collapse:seperate; was incorrectly | ||||
|   accepted as valid CSS. Usually non-visible, because this styling is the | ||||
|   default for tables in most browsers. Thanks Brett Zamir for pointing | ||||
|   this out. | ||||
| - Fix validation errors in configuration form | ||||
| - Hammer out a bunch of edge-case bugs in the standalone distribution | ||||
| - Inclusion reflection removed from URISchemeRegistry; you must manually | ||||
|   include any new schema files you wish to use | ||||
| - Numerous typo fixes in documentation thanks to Brett Zamir | ||||
| . Unit test refactoring for one logical test per test function | ||||
| . Config and context parameters in ComplexHarness deprecated: instead, edit | ||||
|   the $config and $context member variables | ||||
| . HTML wrapper in DOMLex now takes DTD identifiers into account; doesn't | ||||
|   really make a difference, but is good for completeness sake | ||||
| . merge-library.php script refactored for greater code reusability and | ||||
|   PHP4 compatibility | ||||
| 
 | ||||
| 2.1.1, released 2007-08-04 | ||||
| - Fix show-stopper bug in %URI.MakeAbsolute functionality | ||||
| - Fix PHP4 syntax error in standalone version | ||||
| . Add prefix directory to include path for standalone, this prevents | ||||
|   other installations from clobbering the standalone's URI schemes | ||||
| . Single test methods can be invoked by prefixing with __only | ||||
| 
 | ||||
| 2.1.0, released 2007-08-02 | ||||
| # flush-htmldefinition-cache.php superseded in favor of a generic | ||||
|   flush-definition-cache.php script, you can clear a specific cache | ||||
|   by passing its name as a parameter to the script | ||||
| ! Phorum mod implemented for HTML Purifier | ||||
| ! With %Core.AggressivelyFixLt, <3 and similar emoticons no longer | ||||
|   trigger HTML removal in PHP5 (DOMLex). This directive is not necessary | ||||
|   for PHP4 (DirectLex). | ||||
| ! Standalone file now available, which greatly reduces the amount of | ||||
|   includes (although there are still a few files that reside in the | ||||
|   standalone folder) | ||||
| ! Relative URIs can now be transformed into their absolute equivalents | ||||
|   using %URI.Base and %URI.MakeAbsolute | ||||
| ! Ruby implemented for XHTML 1.1 | ||||
| ! You can now define custom URI filtering behavior, see enduser-uri-filter.html | ||||
|   for more details | ||||
| ! UTF-8 font names now supported in CSS | ||||
| - AutoFormatters emit friendly error messages if tags or attributes they | ||||
|   need are not allowed | ||||
| - ConfigForm's compactification of directive names is now configurable | ||||
| - AutoParagraph autoformatter algorithm refined after field-testing | ||||
| - XHTML 1.1 now applies XHTML 1.0 Strict cleanup routines, namely | ||||
|   blockquote wrapping | ||||
| - Contents of <style> tags removed by default when tags are removed | ||||
| . HTMLPurifier_Config->getSerial() implemented, this is extremely useful | ||||
|   for output cache invalidation | ||||
| . ConfigForm printer now can retrieve CSS and JS files as strings, in | ||||
|   case HTML Purifier's directory is not publically accessible | ||||
| . Introduce new text/itext configuration directive values: these represent | ||||
|   longer strings that would be more appropriately edited with a textarea | ||||
| . Allow newlines to act as separators for lists, hashes, lookups and | ||||
|   %HTML.Allowed | ||||
| . ConfigForm generates textareas instead of text inputs for lists, hashes, | ||||
|   lookups, text and itext fields | ||||
| . Hidden element content removal genericized: %Core.HiddenElements can | ||||
|   be used to customize this behavior, by default <script> and <style> are | ||||
|   hidden | ||||
| . Added HTMLPURIFIER_PREFIX constant, should be used instead of dirname(__FILE__) | ||||
| . Custom ChildDef added to default include list | ||||
| . URIScheme reflection improved: will not attempt to include file if class | ||||
|   already exists. May clobber autoload, so I need to keep an eye on it | ||||
| . ConfigSchema heavily optimized, will only collect information and validate | ||||
|   definitions when HTMLPURIFIER_SCHEMA_STRICT is true. | ||||
| . AttrDef_URI unit tests and implementation refactored | ||||
| . benchmarks/ directory now protected from public view with .htaccess file; | ||||
|   run the tests via command line | ||||
| . URI scheme is munged off if there is no authority and the scheme is the | ||||
|   default one | ||||
| . All unit tests inherit from HTMLPurifier_Harness, not UnitTestCase | ||||
| . Interface for URIScheme changed | ||||
| . Generic URI object to hold components of URI added, most systems involved | ||||
|   in URI validation have been migrated to use it | ||||
| . Custom filtering for URIs factored out to URIDefinition interface for | ||||
|   maximum extensibility | ||||
| 
 | ||||
| 2.0.1, released 2007-06-27 | ||||
| ! Tag auto-closing now based on a ChildDef heuristic rather than a | ||||
|   manually set auto_close array; some behavior may change | ||||
| ! Experimental AutoFormat functionality added: auto-paragraph and | ||||
|   linkify your HTML input by setting %AutoFormat.AutoParagraph and | ||||
|   %AutoFormat.Linkify to true | ||||
| ! Newlines normalized internally, and then converted back to the | ||||
|   value of PHP_EOL. If this is not desired, set your newline format | ||||
|   using %Output.Newline. | ||||
| ! Beta error collection, messages are implemented for the most generic | ||||
|   cases involving Lexing or Strategies | ||||
| - Clean up special case code for <script> tags | ||||
| - Reorder includes for DefinitionCache decorators, fixes a possible | ||||
|   missing class error | ||||
| - Fixed bug where manually modified definitions were not saved via cache | ||||
|   (mostly harmless, except for the fact that it would be a little slower) | ||||
| - Configuration objects with different serials do not clobber each | ||||
|   others when revision numbers are unequal | ||||
| - Improve Serializer DefinitionCache directory permissions checks | ||||
| - DefinitionCache no longer throws errors when it encounters old | ||||
|   serial files that do not conform to the current style | ||||
| - Stray xmlns attributes removed from configuration documentation | ||||
| - configForm.php smoketest no longer has XSS vulnerability due to | ||||
|   unescaped print_r output | ||||
| - Printer adheres to configuration's directives on output format | ||||
| - Fix improperly named form field in ConfigForm printer | ||||
| . Rewire some test-cases to swallow errors rather than expect them | ||||
| . HTMLDefinition printer updated with some of the new attributes | ||||
| . DefinitionCache keys reordered to reflect precedence: version number, | ||||
|   hash, then revision number | ||||
| . %Core.DefinitionCache renamed to %Cache.DefinitionImpl | ||||
| . Interlinking in configuration documentation added using | ||||
|   Injector_PurifierLinkify | ||||
| . Directives now keep track of aliases to themselves | ||||
| . Error collector now requires a severity to be passed, use PHP's internal | ||||
|   error constants for this | ||||
| . HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows | ||||
|   much easier selective embedding of configuration values | ||||
| . Doctype objects now accept public and system DTD identifiers | ||||
| . %HTML.Doctype is now constrained by specific values, to specify a custom | ||||
|   doctype use new %HTML.CustomDoctype | ||||
| . ConfigForm truncates long directives to keep the form small, and does | ||||
|   not re-output namespaces | ||||
| 
 | ||||
| 2.0.0, released 2007-06-20 | ||||
| # Completely refactored HTMLModuleManager, decentralizing safety | ||||
|   information | ||||
| # Transform modules changed to Tidy modules, which offer more flexibility | ||||
|   and better modularization | ||||
| # Configuration object now finalizes itself when a read operation is | ||||
|   performed on it, ensuring that its internal state stays consistent. | ||||
|   To revert this behavior, you can set the $autoFinalize member variable | ||||
|   off, but it's not recommended. | ||||
| # New compact syntax for AttrDef objects that can be used to instantiate | ||||
|   new objects via make() | ||||
| # Definitions (esp. HTMLDefinition) are now cached for a significant | ||||
|   performance boost. You can disable caching by setting %Core.DefinitionCache | ||||
|   to null. You CANNOT edit raw definitions without setting the corresponding | ||||
|   DefinitionID directive (%HTML.DefinitionID for HTMLDefinition). | ||||
| # Contents between <script> tags are now completely removed if <script> | ||||
|   is not allowed | ||||
| # Prototype-declarations for Lexer removed in favor of configuration | ||||
|   determination of Lexer implementations. | ||||
| ! HTML Purifier now works in PHP 4.3.2. | ||||
| ! Configuration form-editing API makes tweaking HTMLPurifier_Config a | ||||
|   breeze! | ||||
| ! Configuration directives that accept hashes now allow new string | ||||
|   format: key1:value1,key2:value2 | ||||
| ! ConfigDoc now factored into OOP design | ||||
| ! All deprecated elements now natively supported | ||||
| ! Implement TinyMCE styled whitelist specification format in | ||||
|   %HTML.Allowed | ||||
| ! Config object gives more friendly error messages when things go wrong | ||||
| ! Advanced API implemented: easy functions for creating elements (addElement) | ||||
|   and attributes (addAttribute) on HTMLDefinition | ||||
| ! Add native support for required attributes | ||||
| - Deprecated and removed EnableRedundantUTF8Cleaning. It didn't even work! | ||||
| - DOMLex will not emit errors when a custom error handler that does not | ||||
|   honor error_reporting is used | ||||
| - StrictBlockquote child definition refrains from wrapping whitespace | ||||
|   in tags now. | ||||
| - Bug resulting from tag transforms to non-allowed elements fixed | ||||
| - ChildDef_Custom's regex generation has been improved, removing several | ||||
|   false positives | ||||
| . Unit test for ElementDef created, ElementDef behavior modified to | ||||
|   be more flexible | ||||
| . Added convenience functions for HTMLModule constructors | ||||
| . AttrTypes now has accessor functions that should be used instead | ||||
|   of directly manipulating info | ||||
| . TagTransform_Center deprecated in favor of generic TagTransform_Simple | ||||
| . Add extra protection in AttrDef_URI against phantom Schemes | ||||
| . Doctype object added to HTMLDefinition which describes certain aspects | ||||
|   of the operational document type | ||||
| . Lexer is now pre-emptively included, with a conditional include for the | ||||
|   PHP5 only version. | ||||
| . HTMLDefinition and CSSDefinition have a common parent class: Definition. | ||||
| . DirectLex can now track line-numbers | ||||
| . Preliminary error collector is in place, although no code actually reports | ||||
|   errors yet | ||||
| . Factor out most of ValidateAttributes to new AttrValidator class | ||||
| 
 | ||||
| 1.6.1, released 2007-05-05 | ||||
| ! Support for more deprecated attributes via transformations: | ||||
|   + hspace and vspace in img | ||||
|   + size and noshade in hr | ||||
|   + nowrap in td | ||||
|   + clear in br | ||||
|   + align in caption, table, img and hr | ||||
|   + type in ul, ol and li | ||||
| ! DirectLex now preserves text in which a < bracket is followed by | ||||
|   a non-alphanumeric character. This means that certain emoticons | ||||
|   are now preserved. | ||||
| ! %Core.RemoveInvalidImg is now operational, when set to false invalid | ||||
|   images will hang around with an empty src | ||||
| ! target attribute in a tag supported, use %Attr.AllowedFrameTargets | ||||
|   to enable | ||||
| ! CSS property white-space now allows nowrap (supported in all modern | ||||
|   browsers) but not others (which have spotty browser implementations) | ||||
| ! XHTML 1.1 mode now sort-of works without any fatal errors, and | ||||
|   lang is now moved over to xml:lang. | ||||
| ! Attribute transformation smoketest available at smoketests/attrTransform.php | ||||
| ! Transformation of font's size attribute now handles super-large numbers | ||||
| - Possibly fatal bug with __autoload() fixed in module manager | ||||
| - Invert HTMLModuleManager->addModule() processing order to check | ||||
|   prefixes first and then the literal module | ||||
| - Empty strings get converted to empty arrays instead of arrays with | ||||
|   an empty string in them. | ||||
| - Merging in attribute lists now works. | ||||
| . Demo script removed: it has been added to the website's repository | ||||
| . Basic.php script modified to work out of the box | ||||
| . Refactor AttrTransform classes to reduce duplication | ||||
| . AttrTransform_TextAlign axed in favor of a more general | ||||
|   AttrTransform_EnumToCSS, refer to HTMLModule/TransformToStrict.php to | ||||
|   see how the new equivalent is implemented | ||||
| . Unit tests now use exclusively assertIdentical | ||||
| 
 | ||||
| 1.6.0, released 2007-04-01 | ||||
| ! Support for most common deprecated attributes via transformations: | ||||
|   + bgcolor in td, th, tr and table | ||||
|   + border in img | ||||
|   + name in a and img | ||||
|   + width in td, th and hr | ||||
|   + height in td, th | ||||
| ! Support for CSS attribute 'height' added | ||||
| ! Support for rel and rev attributes in a tags added, use %Attr.AllowedRel | ||||
|   and %Attr.AllowedRev to activate | ||||
| - You can define ID blacklists using regular expressions via | ||||
|   %Attr.IDBlacklistRegexp | ||||
| - Error messages are emitted when you attempt to "allow" elements or | ||||
|   attributes that HTML Purifier does not support | ||||
| - Fix segfault in unit test. The problem is not very reproduceable and | ||||
|   I don't know what causes it, but a six line patch fixed it. | ||||
| 
 | ||||
| 1.5.0, released 2007-03-23 | ||||
| ! Added a rudimentary I18N and L10N system modeled off MediaWiki. It | ||||
|   doesn't actually do anything yet, but keep your eyes peeled. | ||||
| ! docs/enduser-utf8.html explains how to use UTF-8 and HTML Purifier | ||||
| ! Newly structured HTMLDefinition modeled off of XHTML 1.1 modules. | ||||
|   I am loathe to release beta quality APIs, but this is exactly that; | ||||
|   don't use the internal interfaces if you're not willing to do migration | ||||
|   later on. | ||||
| - Allow 'x' subtag in language codes | ||||
| - Fixed buggy chameleon-support for ins and del | ||||
| . Added support for IDREF attributes (i.e. for) | ||||
| . Renamed HTMLPurifier_AttrDef_Class to HTMLPurifier_AttrDef_Nmtokens | ||||
| . Removed context variable ParentType, replaced with IsInline, which | ||||
|   is false when you're not inline and an integer of the parent that | ||||
|   caused you to become inline when you are (so possibly zero) | ||||
| . Removed ElementDef->type in favor of ElementDef->descendants_are_inline | ||||
|   and HTMLDefinition->content_sets | ||||
| . StrictBlockquote now reports what elements its supposed to allow, | ||||
|   rather than what it does allow | ||||
| . Removed HTMLDefinition->info_flow_elements in favor of | ||||
|   HTMLDefinition->content_sets['Flow'] | ||||
| . Removed redundant "exclusionary" definitions from DTD roster | ||||
| . StrictBlockquote now requires a construction parameter as if it | ||||
|   were an Required ChildDef, this is the "real" set of allowed elements | ||||
| . AttrDef partitioned into HTML, CSS and URI segments | ||||
| . Modify Youtube filter regexp to be multiline | ||||
| . Require both PHP5 and DOM extension in order to use DOMLex, fixes | ||||
|   some edge cases where a DOMDocument class exists in a PHP4 environment | ||||
|   due to DOM XML extension. | ||||
| 
 | ||||
| 1.4.1, released 2007-01-21 | ||||
| ! docs/enduser-youtube.html updated according to new functionality | ||||
| - YouTube IDs can have underscores and dashes | ||||
| 
 | ||||
| 1.4.0, released 2007-01-21 | ||||
| ! Implemented list-style-image, URIs now allowed in list-style | ||||
| ! Implemented background-image, background-repeat, background-attachment | ||||
|   and background-position CSS properties. Shorthand property background | ||||
|   supports all of these properties. | ||||
| ! Configuration documentation looks nicer | ||||
| ! Added %Core.EscapeNonASCIICharacters to workaround loss of Unicode | ||||
|   characters while %Core.Encoding is set to a non-UTF-8 encoding. | ||||
| ! Support for configuration directive aliases added | ||||
| ! Config object can now be instantiated from ini files | ||||
| ! YouTube preservation code added to the core, with two lines of code | ||||
|   you can add it as a filter to your code. See smoketests/preserveYouTube.php | ||||
|   for sample code. | ||||
| ! Moved SLOW to docs/enduser-slow.html and added code examples | ||||
| - Replaced version check with functionality check for DOM (thanks Stephen | ||||
|   Khoo) | ||||
| . Added smoketest 'all.php', which loads all other smoketests via frames | ||||
| . Implemented AttrDef_CSSURI for url(http://google.com) style declarations | ||||
| . Added convenient single test selector form on test runner | ||||
| 
 | ||||
| 1.3.2, released 2006-12-25 | ||||
| ! HTMLPurifier object now accepts configuration arrays, no need to manually | ||||
|   instantiate a configuration object | ||||
| ! Context object now accessible to outside | ||||
| ! Added enduser-youtube.html, explains how to embed YouTube videos. See | ||||
|   also corresponding smoketest preserveYouTube.php. | ||||
| ! Added purifyArray(), which takes a list of HTML and purifies it all | ||||
| ! Added static member variable $version to HTML Purifier with PHP-compatible | ||||
|   version number string. | ||||
| - Fixed fatal error thrown by upper-cased language attributes | ||||
| - printDefinition.php: added labels, added better clarification | ||||
| . HTMLPurifier_Config::create() added, takes mixed variable and converts into | ||||
|   a HTMLPurifier_Config object. | ||||
| 
 | ||||
| 1.3.1, released 2006-12-06 | ||||
| ! Added HTMLPurifier.func.php stub for a convenient function to call the library | ||||
| - Fixed bug in RemoveInvalidImg code that caused all images to be dropped | ||||
|   (thanks to .mario for reporting this) | ||||
| . Standardized all attribute handling variables to attr, made it plural | ||||
| 
 | ||||
| 1.3.0, released 2006-11-26 | ||||
| # Invalid images are now removed, rather than replaced with a dud | ||||
|   <img src="" alt="Invalid image" />. Previous behavior can be restored | ||||
|   with new directive %Core.RemoveInvalidImg set to false. | ||||
| ! (X)HTML Strict now supported | ||||
|   + Transparently handles inline elements in block context (blockquote) | ||||
| ! Added GET method to demo for easier validation, added 50kb max input size | ||||
| ! New directive %HTML.BlockWrapper, for block-ifying inline elements | ||||
| ! New directive %HTML.Parent, allows you to only allow inline content | ||||
| ! New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let | ||||
|   users narrow the set of allowed tags | ||||
| ! <li value="4"> and <ul start="2"> now allowed in loose mode | ||||
| ! New directives %URI.DisableExternalResources and %URI.DisableResources | ||||
| ! New directive %Attr.DisableURI, which eliminates all hyperlinking | ||||
| ! New directive %URI.Munge, munges URI so you can use some sort of redirector | ||||
|   service to avoid PageRank leaks or warn users that they are exiting your site. | ||||
| ! Added spiffy new smoketest printDefinition.php, which lets you twiddle with | ||||
|   the configuration settings and see how the internal rules are affected. | ||||
| ! New directive %URI.HostBlacklist for blocking links to bad hosts. | ||||
|   xssAttacks.php smoketest updated accordingly. | ||||
| - Added missing type to ChildDef_Chameleon | ||||
| - Remove Tidy option from demo if there is not Tidy available | ||||
| . ChildDef_Required guards against empty tags | ||||
| . Lookup table HTMLDefinition->info_flow_elements added | ||||
| . Added peace-of-mind variable initialization to Strategy_FixNesting | ||||
| . Added HTMLPurifier->info_parent_def, parent child processing made special | ||||
| . Added internal documents briefly summarizing future progression of HTML | ||||
| . HTMLPurifier_Config->getBatch($namespace) added | ||||
| . More lenient casting to bool from string in HTMLPurifier_ConfigSchema | ||||
| . Refactored ChildDef classes into their own files | ||||
| 
 | ||||
| 1.2.0, released 2006-11-19 | ||||
| # ID attributes now disabled by default. New directives: | ||||
|   + %HTML.EnableAttrID - restores old behavior by allowing IDs | ||||
|   + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs | ||||
|     so that they don't collide with your IDs | ||||
|   + %Attr.IDPrefixLocal - Same as above, but for when there are multiple | ||||
|     instances of user content on the page | ||||
|   + Profuse documentation on how to use these available in docs/enduser-id.txt | ||||
| ! Added MODx plugin <http://modxcms.com/forums/index.php/topic,6604.0.html> | ||||
| ! Added percent encoding normalization | ||||
| ! XSS attacks smoketest given facelift | ||||
| ! Configuration documentation now has table of contents | ||||
| ! Added %URI.DisableExternal, which prevents links to external websites.  You | ||||
|   can also use %URI.Host to permit absolute linking to subdomains | ||||
| ! Non-accessible resources (ex. mailto) blocked from embedded URIs (img src) | ||||
| - Type variable in HTMLDefinition was not being set properly, fixed | ||||
| - Documentation updated | ||||
|   + TODO added request Phalanger | ||||
|   + TODO added request Native compression | ||||
|   + TODO added request Remove redundant tags | ||||
|   + TODO added possible plaintext formatter for HTML Purifier documentation | ||||
|   + Updated ConfigDoc TODO | ||||
|   + Improved inline comments in AttrDef/Class.php, AttrDef/CSS.php | ||||
|     and AttrDef/Host.php | ||||
|   + Revamped documentation into HTML, along with misc updates | ||||
| - HTMLPurifier_Context doesn't throw a variable reference error if you attempt | ||||
|   to retrieve a non-existent variable | ||||
| . Switched to purify()-wide Context object registry | ||||
| . Refactored unit tests to minimize duplication | ||||
| . XSS attack sheet updated | ||||
| . configdoc.xml now has xml:space attached to default value nodes | ||||
| . Allow configuration directives to permit null values | ||||
| . Cleaned up test-cases to remove unnecessary swallowErrors() | ||||
| 
 | ||||
| 1.1.2, released 2006-09-30 | ||||
| ! Add HTMLPurifier.auto.php stub file that configures include_path | ||||
| - Documentation updated | ||||
|   + INSTALL document rewritten | ||||
|   + TODO added semi-lossy conversion | ||||
|   + API Doxygen docs' file exclusions updated | ||||
|   + Added notes on HTML versus XML attribute whitespace handling | ||||
|   + Noted that HTMLPurifier_ChildDef_Custom isn't being used | ||||
|   + Noted that config object's definitions are cached versions | ||||
| - Fixed lack of attribute parsing in HTMLPurifier_Lexer_PEARSax3 | ||||
| - ftp:// URIs now have their typecodes checked | ||||
| - Hooked up HTMLPurifier_ChildDef_Custom's unit tests (they weren't being run) | ||||
| . Line endings standardized throughout project (svn:eol-style standardized) | ||||
| . Refactored parseData() to general Lexer class | ||||
| . Tester named "HTML Purifier" not "HTMLPurifier" | ||||
| 
 | ||||
| 1.1.1, released 2006-09-24 | ||||
| ! Configuration option to optionally Tidy up output for indentation to make up | ||||
|   for dropped whitespace by DOMLex (pretty-printing for the entire application | ||||
|   should be done by a page-wide Tidy) | ||||
| - Various documentation updates | ||||
| - Fixed parse error in configuration documentation script | ||||
| - Fixed fatal error in benchmark scripts, slightly augmented | ||||
| - As far as possible, whitespace is preserved in-between table children | ||||
| - Sample test-settings.php file included | ||||
| 
 | ||||
| 1.1.0, released 2006-09-16 | ||||
| ! Directive documentation generation using XSLT | ||||
| ! XHTML can now be turned off, output becomes <br> | ||||
| - Made URI validator more forgiving: will ignore leading and trailing | ||||
|   quotes, apostrophes and less than or greater than signs. | ||||
| - Enforce alphanumeric namespace and directive names for configuration. | ||||
| - Table child definition made more flexible, will fix up poorly ordered elements | ||||
| . Renamed ConfigDef to ConfigSchema | ||||
| 
 | ||||
| 1.0.1, released 2006-09-04 | ||||
| - Fixed slight bug in DOMLex attribute parsing | ||||
| - Fixed rejection of case-insensitive configuration values when there is a | ||||
|   set of allowed values.  This manifested in %Core.Encoding. | ||||
| - Fixed rejection of inline style declarations that had lots of extra | ||||
|   space in them.  This manifested in TinyMCE. | ||||
| 
 | ||||
| 1.0.0, released 2006-09-01 | ||||
| ! Shorthand CSS properties implemented: font, border, background, list-style | ||||
| ! Basic color keywords translated into hexadecimal values | ||||
| ! Table CSS properties implemented | ||||
| ! Support for charsets other than UTF-8 (defined by iconv) | ||||
| ! Malformed UTF-8 and non-SGML character detection and cleaning implemented | ||||
| - Fixed broken numeric entity conversion | ||||
| - API documentation completed | ||||
| . (HTML|CSS)Definition de-singleton-ized | ||||
| 
 | ||||
| 1.0.0beta, released 2006-08-16 | ||||
| ! First public release, most functionality implemented. Notable omissions are: | ||||
|   + Shorthand CSS properties | ||||
|   + Table CSS properties | ||||
|   + Deprecated attribute transformations | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										24
									
								
								library/ezyang/htmlpurifier/README
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								library/ezyang/htmlpurifier/README
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,24 @@ | |||
| 
 | ||||
| README | ||||
|     All about HTML Purifier | ||||
| 
 | ||||
| HTML Purifier is an HTML filtering solution that uses a unique combination | ||||
| of robust whitelists and agressive parsing to ensure that not only are | ||||
| XSS attacks thwarted, but the resulting HTML is standards compliant. | ||||
| 
 | ||||
| HTML Purifier is oriented towards richly formatted documents from | ||||
| untrusted sources that require CSS and a full tag-set.  This library can | ||||
| be configured to accept a more restrictive set of tags, but it won't be | ||||
| as efficient as more bare-bones parsers. It will, however, do the job | ||||
| right, which may be more important. | ||||
| 
 | ||||
| Places to go: | ||||
| 
 | ||||
| * See INSTALL for a quick installation guide | ||||
| * See docs/ for developer-oriented documentation, code examples and | ||||
|   an in-depth installation guide. | ||||
| * See WYSIWYG for information on editors like TinyMCE and FCKeditor | ||||
| 
 | ||||
| HTML Purifier can be found on the web at: http://htmlpurifier.org/ | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										150
									
								
								library/ezyang/htmlpurifier/TODO
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										150
									
								
								library/ezyang/htmlpurifier/TODO
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,150 @@ | |||
| 
 | ||||
| TODO List | ||||
| 
 | ||||
| = KEY ==================== | ||||
|     # Flagship | ||||
|     - Regular | ||||
|     ? Maybe I'll Do It | ||||
| ========================== | ||||
| 
 | ||||
| If no interest is expressed for a feature that may require a considerable | ||||
| amount of effort to implement, it may get endlessly delayed. Do not be | ||||
| afraid to cast your vote for the next feature to be implemented! | ||||
| 
 | ||||
| Things to do as soon as possible: | ||||
| 
 | ||||
|  - http://htmlpurifier.org/phorum/read.php?3,5560,6307#msg-6307 | ||||
|  - Think about allowing explicit order of operations hooks for transforms | ||||
|  - Fix "<.<" bug (trailing < is removed if not EOD) | ||||
|  - Build in better internal state dumps and debugging tools for remote | ||||
|    debugging | ||||
|  - Allowed/Allowed* have strange interactions when both set | ||||
|  ? Transform lone embeds into object tags | ||||
|  - Deprecated config options that emit warnings when you set them (with' | ||||
|    a way of muting the warning if you really want to) | ||||
|  - Make HTML.Trusted work with Output.FlashCompat | ||||
|  - HTML.Trusted and HTML.SafeObject have funny interaction; general | ||||
|    problem is what to do when a module "supersedes" another | ||||
|    (see also tables and basic tables.)  This is a little dicier | ||||
|    because HTML.SafeObject has some extra functionality that | ||||
|    trusted might find useful.  See http://htmlpurifier.org/phorum/read.php?3,5762,6100 | ||||
| 
 | ||||
| FUTURE VERSIONS | ||||
| --------------- | ||||
| 
 | ||||
| 4.8 release [OMG CONFIG PONIES] | ||||
|  ! Fix Printer. It's from the old days when we didn't have decent XML classes | ||||
|  ! Factor demo.php into a set of Printer classes, and then create a stub | ||||
|    file for users here (inside the actual HTML Purifier library) | ||||
|  - Fix error handling with form construction | ||||
|  - Do encoding validation in Printers, or at least, where user data comes in | ||||
|  - Config: Add examples to everything (make built-in which also automatically | ||||
|    gives output) | ||||
|  - Add "register" field to config schemas to eliminate dependence on | ||||
|    naming conventions (try to remember why we ultimately decided on tihs) | ||||
| 
 | ||||
| 5.0 release [HTML 5] | ||||
|  # Swap out code to use html5lib tokenizer and tree-builder | ||||
|  ! Allow turning off of FixNesting and required attribute insertion | ||||
| 
 | ||||
| 5.1 release [It's All About Trust] (floating) | ||||
|  # Implement untrusted, dangerous elements/attributes | ||||
|  # Implement IDREF support (harder than it seems, since you cannot have | ||||
|    IDREFs to non-existent IDs) | ||||
|      - Implement <area> (client and server side image maps are blocking | ||||
|        on IDREF support) | ||||
|  # Frameset XHTML 1.0 and HTML 4.01 doctypes | ||||
|  - Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?) | ||||
| 
 | ||||
| 5.2 release [Error'ed] | ||||
|  # Error logging for filtering/cleanup procedures | ||||
|  # Additional support for poorly written HTML | ||||
|     - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) | ||||
|     - Friendly strict handling of <address> (block -> <br>) | ||||
|  - XSS-attempt detection--certain errors are flagged XSS-like | ||||
|  - Append something to duplicate IDs so they're still usable (impl. note: the | ||||
|    dupe detector would also need to detect the suffix as well) | ||||
| 
 | ||||
| 6.0 release [Beyond HTML] | ||||
|  # Legit token based CSS parsing (will require revamping almost every | ||||
|    AttrDef class). Probably will use CSSTidy | ||||
|  # More control over allowed CSS properties using a modularization | ||||
|  # IRI support (this includes IDN) | ||||
|  - Standardize token armor for all areas of processing | ||||
| 
 | ||||
| 7.0 release [To XML and Beyond] | ||||
|  - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) | ||||
|     - Hooks for adding custom processors to custom namespaced tags and | ||||
|       attributes, offer default implementation | ||||
|     - Lots of documentation and samples | ||||
| 
 | ||||
| Ongoing | ||||
|  - More refactoring to take advantage of PHP5's facilities | ||||
|  - Refactor unit tests into lots of test methods | ||||
|  - Plugins for major CMSes (COMPLEX) | ||||
|     - phpBB | ||||
|     - Also, a FAQ for extension writers with HTML Purifier | ||||
| 
 | ||||
| AutoFormat | ||||
|  - Smileys | ||||
|  - Syntax highlighting (with GeSHi) with <pre> and possibly <?php | ||||
|  - Look at http://drupal.org/project/Modules/category/63 for ideas | ||||
| 
 | ||||
| Neat feature related | ||||
|  ! Support exporting configuration, so users can easily tweak settings | ||||
|    in the demo, and then copy-paste into their own setup | ||||
|  - Advanced URI filtering schemes (see docs/proposal-new-directives.txt) | ||||
|  - Allow scoped="scoped" attribute in <style> tags; may be troublesome | ||||
|    because regular CSS has no way of uniquely identifying nodes, so we'd | ||||
|    have to generate IDs | ||||
|  - Explain how to use HTML Purifier in non-PHP languages / create | ||||
|    a simple command line stub (or complicated?) | ||||
|  - Fixes for Firefox's inability to handle COL alignment props (Bug 915) | ||||
|  - Automatically add non-breaking spaces to empty table cells when | ||||
|    empty-cells:show is applied to have compatibility with Internet Explorer | ||||
|  - Table of Contents generation (XHTML Compiler might be reusable). May also | ||||
|    be out-of-band information. | ||||
|  - Full set of color keywords. Also, a way to add onto them without | ||||
|    finalizing the configuration object. | ||||
|  - Write a var_export and memcached DefinitionCache - Denis | ||||
|  - Built-in support for target="_blank" on all external links | ||||
|  - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand. | ||||
|    Also, enable disabling of directionality | ||||
|  ? Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg | ||||
|  ? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes: | ||||
|     1. Analyzing which tags to remove duplicants | ||||
|     2. Ensure attributes are merged into the parent tag | ||||
|     3. Extend the tag exclusion system to specify whether or not the | ||||
|     contents should be dropped or not (currently, there's code that could do | ||||
|     something like this if it didn't drop the inner text too.) | ||||
|  ? Make AutoParagraph also support paragraph-izing double <br> tags, and not | ||||
|    just double newlines.  This is kind of tough to do in the current framework, | ||||
|    though, and might be reasonably approximated by search replacing double <br>s | ||||
|    with newlines before running it through HTML Purifier. | ||||
| 
 | ||||
| Maintenance related (slightly boring) | ||||
|  # CHMOD install script for PEAR installs | ||||
|  ! Factor out command line parser into its own class, and unit test it | ||||
|  - Reduce size of internal data-structures (esp. HTMLDefinition) | ||||
|  - Allow merging configurations.  Thus, | ||||
|         a -> b -> default | ||||
|         c -> d -> default | ||||
|    becomes | ||||
|         a -> b -> c -> d -> default | ||||
|    Maybe allow more fine-grained tuning of this behavior. Alternatively, | ||||
|    encourage people to use short plist depths before building them up. | ||||
|  - Time PHPT tests | ||||
| 
 | ||||
| ChildDef related (very boring) | ||||
|  - Abstract ChildDef_BlockQuote to work with all elements that only | ||||
|    allow blocks in them, required or optional | ||||
|  - Implement lenient <ruby> child validation | ||||
| 
 | ||||
| Wontfix | ||||
|  - Non-lossy smart alternate character encoding transformations (unless | ||||
|    patch provided) | ||||
|  - Pretty-printing HTML: users can use Tidy on the output on entire page | ||||
|  - Native content compression, whitespace stripping: use gzip if this is | ||||
|    really important | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										1
									
								
								library/ezyang/htmlpurifier/VERSION
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								library/ezyang/htmlpurifier/VERSION
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | |||
| 4.7.0 | ||||
							
								
								
									
										4
									
								
								library/ezyang/htmlpurifier/WHATSNEW
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								library/ezyang/htmlpurifier/WHATSNEW
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,4 @@ | |||
| HTML Purifier 4.7.0 is a bugfix release, collecting two years | ||||
| worth of accumulated bug fixes.  Highlighted bugfixes are updated | ||||
| YouTube filter code, corrected rgb() CSS parsing, and one new | ||||
| configuration option, %AutoFormat.RemoveEmpty.Predicate. | ||||
							
								
								
									
										20
									
								
								library/ezyang/htmlpurifier/WYSIWYG
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								library/ezyang/htmlpurifier/WYSIWYG
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,20 @@ | |||
| 
 | ||||
| WYSIWYG - What You See Is What You Get | ||||
|     HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor | ||||
| 
 | ||||
| Javascript-based WYSIWYG editors, simply stated, are quite amazing.  But I've | ||||
| always been wary about using them due to security issues: they handle the | ||||
| client-side magic, but once you've been served a piping hot load of unfiltered | ||||
| HTML, what should be done then?  In some situations, you can serve it uncleaned, | ||||
| since you only offer these facilities to trusted(?) authors. | ||||
| 
 | ||||
| Unfortunantely, for blog comments and anonymous input, BBCode, Textile and | ||||
| other markup languages still reign supreme.  Put simply: filtering HTML is | ||||
| hard work, and these WYSIWYG authors don't offer anything to alleviate that | ||||
| trouble.  Therein lies the solution: | ||||
| 
 | ||||
| HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors. | ||||
| 
 | ||||
| Enough said. | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
							
								
								
									
										22
									
								
								library/ezyang/htmlpurifier/composer.json
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								library/ezyang/htmlpurifier/composer.json
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,22 @@ | |||
| { | ||||
|     "name": "ezyang/htmlpurifier", | ||||
|     "description": "Standards compliant HTML filter written in PHP", | ||||
|     "type": "library", | ||||
|     "keywords": ["html"], | ||||
|     "homepage": "http://htmlpurifier.org/", | ||||
|     "license": "LGPL", | ||||
|     "authors": [ | ||||
|         { | ||||
|             "name": "Edward Z. Yang", | ||||
|             "email": "admin@htmlpurifier.org", | ||||
|             "homepage": "http://ezyang.com" | ||||
|         } | ||||
|     ], | ||||
|     "require": { | ||||
|         "php": ">=5.2" | ||||
|     }, | ||||
|     "autoload": { | ||||
|         "psr-0": { "HTMLPurifier": "library/" }, | ||||
|         "files": ["library/HTMLPurifier.composer.php"] | ||||
|     } | ||||
| } | ||||
|  | @ -0,0 +1,91 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Decorator/extender XSLT processor specifically for HTML documents. | ||||
|  */ | ||||
| class ConfigDoc_HTMLXSLTProcessor | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of XSLTProcessor | ||||
|      */ | ||||
|     protected $xsltProcessor; | ||||
| 
 | ||||
|     public function __construct($proc = false) | ||||
|     { | ||||
|         if ($proc === false) $proc = new XSLTProcessor(); | ||||
|         $this->xsltProcessor = $proc; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @note Allows a string $xsl filename to be passed | ||||
|      */ | ||||
|     public function importStylesheet($xsl) | ||||
|     { | ||||
|         if (is_string($xsl)) { | ||||
|             $xsl_file = $xsl; | ||||
|             $xsl = new DOMDocument(); | ||||
|             $xsl->load($xsl_file); | ||||
|         } | ||||
|         return $this->xsltProcessor->importStylesheet($xsl); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Transforms an XML file into compatible XHTML based on the stylesheet | ||||
|      * @param $xml XML DOM tree, or string filename | ||||
|      * @return string HTML output | ||||
|      * @todo Rename to transformToXHTML, as transformToHTML is misleading | ||||
|      */ | ||||
|     public function transformToHTML($xml) | ||||
|     { | ||||
|         if (is_string($xml)) { | ||||
|             $dom = new DOMDocument(); | ||||
|             $dom->load($xml); | ||||
|         } else { | ||||
|             $dom = $xml; | ||||
|         } | ||||
|         $out = $this->xsltProcessor->transformToXML($dom); | ||||
| 
 | ||||
|         // fudges for HTML backwards compatibility
 | ||||
|         // assumes that document is XHTML
 | ||||
|         $out = str_replace('/>', ' />', $out); // <br /> not <br/>
 | ||||
|         $out = str_replace(' xmlns=""', '', $out); // rm unnecessary xmlns
 | ||||
| 
 | ||||
|         if (class_exists('Tidy')) { | ||||
|             // cleanup output
 | ||||
|             $config = array( | ||||
|                 'indent'        => true, | ||||
|                 'output-xhtml'  => true, | ||||
|                 'wrap'          => 80 | ||||
|             ); | ||||
|             $tidy = new Tidy; | ||||
|             $tidy->parseString($out, $config, 'utf8'); | ||||
|             $tidy->cleanRepair(); | ||||
|             $out = (string) $tidy; | ||||
|         } | ||||
| 
 | ||||
|         return $out; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Bulk sets parameters for the XSL stylesheet | ||||
|      * @param array $options Associative array of options to set | ||||
|      */ | ||||
|     public function setParameters($options) | ||||
|     { | ||||
|         foreach ($options as $name => $value) { | ||||
|             $this->xsltProcessor->setParameter('', $name, $value); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Forward any other calls to the XSLT processor | ||||
|      */ | ||||
|     public function __call($name, $arguments) | ||||
|     { | ||||
|         call_user_func_array(array($this->xsltProcessor, $name), $arguments); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										164
									
								
								library/ezyang/htmlpurifier/extras/FSTools.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										164
									
								
								library/ezyang/htmlpurifier/extras/FSTools.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,164 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Filesystem tools not provided by default; can recursively create, copy | ||||
|  * and delete folders. Some template methods are provided for extensibility. | ||||
|  * | ||||
|  * @note This class must be instantiated to be used, although it does | ||||
|  *       not maintain state. | ||||
|  */ | ||||
| class FSTools | ||||
| { | ||||
| 
 | ||||
|     private static $singleton; | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a global instance of FSTools | ||||
|      */ | ||||
|     public static function singleton() | ||||
|     { | ||||
|         if (empty(FSTools::$singleton)) FSTools::$singleton = new FSTools(); | ||||
|         return FSTools::$singleton; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Sets our global singleton to something else; useful for overloading | ||||
|      * functions. | ||||
|      */ | ||||
|     public static function setSingleton($singleton) | ||||
|     { | ||||
|         FSTools::$singleton = $singleton; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Recursively creates a directory | ||||
|      * @param string $folder Name of folder to create | ||||
|      * @note Adapted from the PHP manual comment 76612 | ||||
|      */ | ||||
|     public function mkdirr($folder) | ||||
|     { | ||||
|         $folders = preg_split("#[\\\\/]#", $folder); | ||||
|         $base = ''; | ||||
|         for($i = 0, $c = count($folders); $i < $c; $i++) { | ||||
|             if(empty($folders[$i])) { | ||||
|                 if (!$i) { | ||||
|                     // special case for root level
 | ||||
|                     $base .= DIRECTORY_SEPARATOR; | ||||
|                 } | ||||
|                 continue; | ||||
|             } | ||||
|             $base .= $folders[$i]; | ||||
|             if(!is_dir($base)){ | ||||
|                 $this->mkdir($base); | ||||
|             } | ||||
|             $base .= DIRECTORY_SEPARATOR; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Copy a file, or recursively copy a folder and its contents; modified | ||||
|      * so that copied files, if PHP, have includes removed | ||||
|      * @note Adapted from http://aidanlister.com/repos/v/function.copyr.php | ||||
|      */ | ||||
|     public function copyr($source, $dest) | ||||
|     { | ||||
|         // Simple copy for a file
 | ||||
|         if (is_file($source)) { | ||||
|             return $this->copy($source, $dest); | ||||
|         } | ||||
|         // Make destination directory
 | ||||
|         if (!is_dir($dest)) { | ||||
|             $this->mkdir($dest); | ||||
|         } | ||||
|         // Loop through the folder
 | ||||
|         $dir = $this->dir($source); | ||||
|         while ( false !== ($entry = $dir->read()) ) { | ||||
|             // Skip pointers
 | ||||
|             if ($entry == '.' || $entry == '..') { | ||||
|                 continue; | ||||
|             } | ||||
|             if (!$this->copyable($entry)) { | ||||
|                 continue; | ||||
|             } | ||||
|             // Deep copy directories
 | ||||
|             if ($dest !== "$source/$entry") { | ||||
|                 $this->copyr("$source/$entry", "$dest/$entry"); | ||||
|             } | ||||
|         } | ||||
|         // Clean up
 | ||||
|         $dir->close(); | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Overloadable function that tests a filename for copyability. By | ||||
|      * default, everything should be copied; you can restrict things to | ||||
|      * ignore hidden files, unreadable files, etc. This function
 | ||||
|      * applies to copyr(). | ||||
|      */ | ||||
|     public function copyable($file) | ||||
|     { | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Delete a file, or a folder and its contents | ||||
|      * @note Adapted from http://aidanlister.com/repos/v/function.rmdirr.php | ||||
|      */ | ||||
|     public function rmdirr($dirname) | ||||
|     { | ||||
|         // Sanity check
 | ||||
|         if (!$this->file_exists($dirname)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // Simple delete for a file
 | ||||
|         if ($this->is_file($dirname) || $this->is_link($dirname)) { | ||||
|             return $this->unlink($dirname); | ||||
|         } | ||||
| 
 | ||||
|         // Loop through the folder
 | ||||
|         $dir = $this->dir($dirname); | ||||
|         while (false !== $entry = $dir->read()) { | ||||
|             // Skip pointers
 | ||||
|             if ($entry == '.' || $entry == '..') { | ||||
|                 continue; | ||||
|             } | ||||
|             // Recurse
 | ||||
|             $this->rmdirr($dirname . DIRECTORY_SEPARATOR . $entry); | ||||
|         } | ||||
| 
 | ||||
|         // Clean up
 | ||||
|         $dir->close(); | ||||
|         return $this->rmdir($dirname); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Recursively globs a directory. | ||||
|      */ | ||||
|     public function globr($dir, $pattern, $flags = NULL) | ||||
|     { | ||||
|         $files = $this->glob("$dir/$pattern", $flags); | ||||
|         if ($files === false) $files = array(); | ||||
|         $sub_dirs = $this->glob("$dir/*", GLOB_ONLYDIR); | ||||
|         if ($sub_dirs === false) $sub_dirs = array(); | ||||
|         foreach ($sub_dirs as $sub_dir) { | ||||
|             $sub_files = $this->globr($sub_dir, $pattern, $flags); | ||||
|             $files = array_merge($files, $sub_files); | ||||
|         } | ||||
|         return $files; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Allows for PHP functions to be called and be stubbed. | ||||
|      * @warning This function will not work for functions that need | ||||
|      *      to pass references; manually define a stub function for those. | ||||
|      */ | ||||
|     public function __call($name, $args) | ||||
|     { | ||||
|         return call_user_func_array($name, $args); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										141
									
								
								library/ezyang/htmlpurifier/extras/FSTools/File.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										141
									
								
								library/ezyang/htmlpurifier/extras/FSTools/File.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,141 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Represents a file in the filesystem | ||||
|  * | ||||
|  * @warning Be sure to distinguish between get() and write() versus | ||||
|  *      read() and put(), the former operates on the entire file, while | ||||
|  *      the latter operates on a handle. | ||||
|  */ | ||||
| class FSTools_File | ||||
| { | ||||
| 
 | ||||
|     /** Filename of file this object represents */ | ||||
|     protected $name; | ||||
| 
 | ||||
|     /** Handle for the file */ | ||||
|     protected $handle = false; | ||||
| 
 | ||||
|     /** Instance of FSTools for interfacing with filesystem */ | ||||
|     protected $fs; | ||||
| 
 | ||||
|     /** | ||||
|      * Filename of file you wish to instantiate. | ||||
|      * @note This file need not exist | ||||
|      */ | ||||
|     public function __construct($name, $fs = false) | ||||
|     { | ||||
|         $this->name = $name; | ||||
|         $this->fs = $fs ? $fs : FSTools::singleton(); | ||||
|     } | ||||
| 
 | ||||
|     /** Returns the filename of the file. */ | ||||
|     public function getName() {return $this->name;} | ||||
| 
 | ||||
|     /** Returns directory of the file without trailing slash */ | ||||
|     public function getDirectory() {return $this->fs->dirname($this->name);} | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves the contents of a file | ||||
|      * @todo Throw an exception if file doesn't exist | ||||
|      */ | ||||
|     public function get() | ||||
|     { | ||||
|         return $this->fs->file_get_contents($this->name); | ||||
|     } | ||||
| 
 | ||||
|     /** Writes contents to a file, creates new file if necessary */ | ||||
|     public function write($contents) | ||||
|     { | ||||
|         return $this->fs->file_put_contents($this->name, $contents); | ||||
|     } | ||||
| 
 | ||||
|     /** Deletes the file */ | ||||
|     public function delete() | ||||
|     { | ||||
|         return $this->fs->unlink($this->name); | ||||
|     } | ||||
| 
 | ||||
|     /** Returns true if file exists and is a file. */ | ||||
|     public function exists() | ||||
|     { | ||||
|         return $this->fs->is_file($this->name); | ||||
|     } | ||||
| 
 | ||||
|     /** Returns last file modification time */ | ||||
|     public function getMTime() | ||||
|     { | ||||
|         return $this->fs->filemtime($this->name); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Chmod a file | ||||
|      * @note We ignore errors because of some weird owner trickery due | ||||
|      *       to SVN duality | ||||
|      */ | ||||
|     public function chmod($octal_code) | ||||
|     { | ||||
|         return @$this->fs->chmod($this->name, $octal_code); | ||||
|     } | ||||
| 
 | ||||
|     /** Opens file's handle */ | ||||
|     public function open($mode) | ||||
|     { | ||||
|         if ($this->handle) $this->close(); | ||||
|         $this->handle = $this->fs->fopen($this->name, $mode); | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** Closes file's handle */ | ||||
|     public function close() | ||||
|     { | ||||
|         if (!$this->handle) return false; | ||||
|         $status = $this->fs->fclose($this->handle); | ||||
|         $this->handle = false; | ||||
|         return $status; | ||||
|     } | ||||
| 
 | ||||
|     /** Retrieves a line from an open file, with optional max length $length */ | ||||
|     public function getLine($length = null) | ||||
|     { | ||||
|         if (!$this->handle) $this->open('r'); | ||||
|         if ($length === null) return $this->fs->fgets($this->handle); | ||||
|         else return $this->fs->fgets($this->handle, $length); | ||||
|     } | ||||
| 
 | ||||
|     /** Retrieves a character from an open file */ | ||||
|     public function getChar() | ||||
|     { | ||||
|         if (!$this->handle) $this->open('r'); | ||||
|         return $this->fs->fgetc($this->handle); | ||||
|     } | ||||
| 
 | ||||
|     /** Retrieves an $length bytes of data from an open data */ | ||||
|     public function read($length) | ||||
|     { | ||||
|         if (!$this->handle) $this->open('r'); | ||||
|         return $this->fs->fread($this->handle, $length); | ||||
|     } | ||||
| 
 | ||||
|     /** Writes to an open file */ | ||||
|     public function put($string) | ||||
|     { | ||||
|         if (!$this->handle) $this->open('a'); | ||||
|         return $this->fs->fwrite($this->handle, $string); | ||||
|     } | ||||
| 
 | ||||
|     /** Returns TRUE if the end of the file has been reached */ | ||||
|     public function eof() | ||||
|     { | ||||
|         if (!$this->handle) return true; | ||||
|         return $this->fs->feof($this->handle); | ||||
|     } | ||||
| 
 | ||||
|     public function __destruct() | ||||
|     { | ||||
|         if ($this->handle) $this->close(); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,11 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * This is a stub include that automatically configures the include path. | ||||
|  */ | ||||
| 
 | ||||
| set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() ); | ||||
| require_once 'HTMLPurifierExtras.php'; | ||||
| require_once 'HTMLPurifierExtras.autoload.php'; | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,26 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * @file | ||||
|  * Convenience file that registers autoload handler for HTML Purifier. | ||||
|  * | ||||
|  * @warning | ||||
|  *      This autoloader does not contain the compatibility code seen in | ||||
|  *      HTMLPurifier_Bootstrap; the user is expected to make any necessary | ||||
|  *      changes to use this library. | ||||
|  */ | ||||
| 
 | ||||
| if (function_exists('spl_autoload_register')) { | ||||
|     spl_autoload_register(array('HTMLPurifierExtras', 'autoload')); | ||||
|     if (function_exists('__autoload')) { | ||||
|         // Be polite and ensure that userland autoload gets retained
 | ||||
|         spl_autoload_register('__autoload'); | ||||
|     } | ||||
| } elseif (!function_exists('__autoload')) { | ||||
|     function __autoload($class) | ||||
|     { | ||||
|         return HTMLPurifierExtras::autoload($class); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										31
									
								
								library/ezyang/htmlpurifier/extras/HTMLPurifierExtras.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								library/ezyang/htmlpurifier/extras/HTMLPurifierExtras.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,31 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Meta-class for HTML Purifier's extra class hierarchies, similar to | ||||
|  * HTMLPurifier_Bootstrap. | ||||
|  */ | ||||
| class HTMLPurifierExtras | ||||
| { | ||||
| 
 | ||||
|     public static function autoload($class) | ||||
|     { | ||||
|         $path = HTMLPurifierExtras::getPath($class); | ||||
|         if (!$path) return false; | ||||
|         require $path; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     public static function getPath($class) | ||||
|     { | ||||
|         if ( | ||||
|             strncmp('FSTools', $class, 7) !== 0 && | ||||
|             strncmp('ConfigDoc', $class, 9) !== 0 | ||||
|         ) return false; | ||||
|         // Custom implementations can go here
 | ||||
|         // Standard implementation:
 | ||||
|         return str_replace('_', '/', $class) . '.php'; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										32
									
								
								library/ezyang/htmlpurifier/extras/README
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								library/ezyang/htmlpurifier/extras/README
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,32 @@ | |||
| 
 | ||||
| HTML Purifier Extras | ||||
|     The Method Behind The Madness! | ||||
| 
 | ||||
| The extras/ folder in HTML Purifier contains--you guessed it--extra things | ||||
| for HTML Purifier.  Specifically, these are two extra libraries called | ||||
| FSTools and ConfigSchema.  They're extra for a reason: you don't need them | ||||
| if you're using HTML Purifier for normal usage: filtering HTML.  However, | ||||
| if you're a developer, and would like to test HTML Purifier, or need to | ||||
| use one of HTML Purifier's maintenance scripts, chances are they'll need | ||||
| these libraries. Who knows: maybe you'll find them useful too! | ||||
| 
 | ||||
| Here are the libraries: | ||||
| 
 | ||||
| 
 | ||||
| FSTools | ||||
| ------- | ||||
| 
 | ||||
| Short for File System Tools, this is a poor-man's object-oriented wrapper for | ||||
| the filesystem. It currently consists of two classes: | ||||
| 
 | ||||
| - FSTools: This is a singleton that contains a manner of useful functions | ||||
|   such as recursive glob, directory removal, etc, as well as the ability | ||||
|   to call arbitrary native PHP functions through it like $FS->fopen(...). | ||||
|   This makes it a lot simpler to mock these filesystem calls for unit testing. | ||||
| 
 | ||||
| - FSTools_File: This object represents a single file, and has almost any | ||||
|   method imaginable one would need. | ||||
| 
 | ||||
| Check the files themselves for more information. | ||||
| 
 | ||||
|     vim: et sw=4 sts=4 | ||||
|  | @ -3,6 +3,7 @@ | |||
| /** | ||||
|  * @file | ||||
|  * Convenience file that registers autoload handler for HTML Purifier. | ||||
|  * It also does some sanity checks. | ||||
|  */ | ||||
| 
 | ||||
| if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) { | ||||
|  | @ -13,9 +14,14 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un | |||
|         spl_autoload_register('__autoload'); | ||||
|     } | ||||
| } elseif (!function_exists('__autoload')) { | ||||
|     function __autoload($class) { | ||||
|     function __autoload($class) | ||||
|     { | ||||
|         return HTMLPurifier_Bootstrap::autoload($class); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| if (ini_get('zend.ze1_compatibility_mode')) { | ||||
|     trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR); | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,4 @@ | |||
| <?php | ||||
| if (!defined('HTMLPURIFIER_PREFIX')) { | ||||
|     define('HTMLPURIFIER_PREFIX', dirname(__FILE__)); | ||||
| } | ||||
|  | @ -8,11 +8,13 @@ | |||
| 
 | ||||
| /** | ||||
|  * Purify HTML. | ||||
|  * @param $html String HTML to purify | ||||
|  * @param $config Configuration to use, can be any value accepted by | ||||
|  * @param string $html String HTML to purify | ||||
|  * @param mixed $config Configuration to use, can be any value accepted by | ||||
|  *        HTMLPurifier_Config::create() | ||||
|  * @return string | ||||
|  */ | ||||
| function HTMLPurifier($html, $config = null) { | ||||
| function HTMLPurifier($html, $config = null) | ||||
| { | ||||
|     static $purifier = false; | ||||
|     if (!$purifier) { | ||||
|         $purifier = new HTMLPurifier(); | ||||
|  | @ -7,7 +7,7 @@ | |||
|  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS | ||||
|  * FILE, changes will be overwritten the next time the script is run. | ||||
|  * | ||||
|  * @version 4.1.1 | ||||
|  * @version 4.7.0 | ||||
|  * | ||||
|  * @warning | ||||
|  *      You must *not* include any other HTML Purifier files before this file, | ||||
|  | @ -19,6 +19,7 @@ | |||
|  */ | ||||
| 
 | ||||
| require 'HTMLPurifier.php'; | ||||
| require 'HTMLPurifier/Arborize.php'; | ||||
| require 'HTMLPurifier/AttrCollections.php'; | ||||
| require 'HTMLPurifier/AttrDef.php'; | ||||
| require 'HTMLPurifier/AttrTransform.php'; | ||||
|  | @ -54,9 +55,11 @@ require 'HTMLPurifier/Language.php'; | |||
| require 'HTMLPurifier/LanguageFactory.php'; | ||||
| require 'HTMLPurifier/Length.php'; | ||||
| require 'HTMLPurifier/Lexer.php'; | ||||
| require 'HTMLPurifier/Node.php'; | ||||
| require 'HTMLPurifier/PercentEncoder.php'; | ||||
| require 'HTMLPurifier/PropertyList.php'; | ||||
| require 'HTMLPurifier/PropertyListIterator.php'; | ||||
| require 'HTMLPurifier/Queue.php'; | ||||
| require 'HTMLPurifier/Strategy.php'; | ||||
| require 'HTMLPurifier/StringHash.php'; | ||||
| require 'HTMLPurifier/StringHashParser.php'; | ||||
|  | @ -72,7 +75,9 @@ require 'HTMLPurifier/URISchemeRegistry.php'; | |||
| require 'HTMLPurifier/UnitConverter.php'; | ||||
| require 'HTMLPurifier/VarParser.php'; | ||||
| require 'HTMLPurifier/VarParserException.php'; | ||||
| require 'HTMLPurifier/Zipper.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS.php'; | ||||
| require 'HTMLPurifier/AttrDef/Clone.php'; | ||||
| require 'HTMLPurifier/AttrDef/Enum.php'; | ||||
| require 'HTMLPurifier/AttrDef/Integer.php'; | ||||
| require 'HTMLPurifier/AttrDef/Lang.php'; | ||||
|  | @ -90,6 +95,7 @@ require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php'; | |||
| require 'HTMLPurifier/AttrDef/CSS/Filter.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/Font.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/FontFamily.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/Ident.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/ImportantDecorator.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/Length.php'; | ||||
| require 'HTMLPurifier/AttrDef/CSS/ListStyle.php'; | ||||
|  | @ -125,14 +131,17 @@ require 'HTMLPurifier/AttrTransform/Lang.php'; | |||
| require 'HTMLPurifier/AttrTransform/Length.php'; | ||||
| require 'HTMLPurifier/AttrTransform/Name.php'; | ||||
| require 'HTMLPurifier/AttrTransform/NameSync.php'; | ||||
| require 'HTMLPurifier/AttrTransform/Nofollow.php'; | ||||
| require 'HTMLPurifier/AttrTransform/SafeEmbed.php'; | ||||
| require 'HTMLPurifier/AttrTransform/SafeObject.php'; | ||||
| require 'HTMLPurifier/AttrTransform/SafeParam.php'; | ||||
| require 'HTMLPurifier/AttrTransform/ScriptRequired.php'; | ||||
| require 'HTMLPurifier/AttrTransform/TargetBlank.php'; | ||||
| require 'HTMLPurifier/AttrTransform/Textarea.php'; | ||||
| require 'HTMLPurifier/ChildDef/Chameleon.php'; | ||||
| require 'HTMLPurifier/ChildDef/Custom.php'; | ||||
| require 'HTMLPurifier/ChildDef/Empty.php'; | ||||
| require 'HTMLPurifier/ChildDef/List.php'; | ||||
| require 'HTMLPurifier/ChildDef/Required.php'; | ||||
| require 'HTMLPurifier/ChildDef/Optional.php'; | ||||
| require 'HTMLPurifier/ChildDef/StrictBlockquote.php'; | ||||
|  | @ -147,10 +156,12 @@ require 'HTMLPurifier/HTMLModule/CommonAttributes.php'; | |||
| require 'HTMLPurifier/HTMLModule/Edit.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Forms.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Hypertext.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Iframe.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Image.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Legacy.php'; | ||||
| require 'HTMLPurifier/HTMLModule/List.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Name.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Nofollow.php'; | ||||
| require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Object.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Presentation.php'; | ||||
|  | @ -158,10 +169,12 @@ require 'HTMLPurifier/HTMLModule/Proprietary.php'; | |||
| require 'HTMLPurifier/HTMLModule/Ruby.php'; | ||||
| require 'HTMLPurifier/HTMLModule/SafeEmbed.php'; | ||||
| require 'HTMLPurifier/HTMLModule/SafeObject.php'; | ||||
| require 'HTMLPurifier/HTMLModule/SafeScripting.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Scripting.php'; | ||||
| require 'HTMLPurifier/HTMLModule/StyleAttribute.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Tables.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Target.php'; | ||||
| require 'HTMLPurifier/HTMLModule/TargetBlank.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Text.php'; | ||||
| require 'HTMLPurifier/HTMLModule/Tidy.php'; | ||||
| require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php'; | ||||
|  | @ -180,6 +193,9 @@ require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php'; | |||
| require 'HTMLPurifier/Injector/SafeObject.php'; | ||||
| require 'HTMLPurifier/Lexer/DOMLex.php'; | ||||
| require 'HTMLPurifier/Lexer/DirectLex.php'; | ||||
| require 'HTMLPurifier/Node/Comment.php'; | ||||
| require 'HTMLPurifier/Node/Element.php'; | ||||
| require 'HTMLPurifier/Node/Text.php'; | ||||
| require 'HTMLPurifier/Strategy/Composite.php'; | ||||
| require 'HTMLPurifier/Strategy/Core.php'; | ||||
| require 'HTMLPurifier/Strategy/FixNesting.php'; | ||||
|  | @ -196,10 +212,13 @@ require 'HTMLPurifier/Token/Start.php'; | |||
| require 'HTMLPurifier/Token/Text.php'; | ||||
| require 'HTMLPurifier/URIFilter/DisableExternal.php'; | ||||
| require 'HTMLPurifier/URIFilter/DisableExternalResources.php'; | ||||
| require 'HTMLPurifier/URIFilter/DisableResources.php'; | ||||
| require 'HTMLPurifier/URIFilter/HostBlacklist.php'; | ||||
| require 'HTMLPurifier/URIFilter/MakeAbsolute.php'; | ||||
| require 'HTMLPurifier/URIFilter/Munge.php'; | ||||
| require 'HTMLPurifier/URIFilter/SafeIframe.php'; | ||||
| require 'HTMLPurifier/URIScheme/data.php'; | ||||
| require 'HTMLPurifier/URIScheme/file.php'; | ||||
| require 'HTMLPurifier/URIScheme/ftp.php'; | ||||
| require 'HTMLPurifier/URIScheme/http.php'; | ||||
| require 'HTMLPurifier/URIScheme/https.php'; | ||||
|  | @ -7,7 +7,8 @@ | |||
| 
 | ||||
| require_once dirname(__FILE__) . '/HTMLPurifier.auto.php'; | ||||
| 
 | ||||
| function kses($string, $allowed_html, $allowed_protocols = null) { | ||||
| function kses($string, $allowed_html, $allowed_protocols = null) | ||||
| { | ||||
|     $config = HTMLPurifier_Config::createDefault(); | ||||
|     $allowed_elements = array(); | ||||
|     $allowed_attributes = array(); | ||||
|  | @ -19,7 +20,6 @@ function kses($string, $allowed_html, $allowed_protocols = null) { | |||
|     } | ||||
|     $config->set('HTML.AllowedElements', $allowed_elements); | ||||
|     $config->set('HTML.AllowedAttributes', $allowed_attributes); | ||||
|     $allowed_schemes = array(); | ||||
|     if ($allowed_protocols !== null) { | ||||
|         $config->set('URI.AllowedSchemes', $allowed_protocols); | ||||
|     } | ||||
|  | @ -19,7 +19,7 @@ | |||
|  */ | ||||
| 
 | ||||
| /* | ||||
|     HTML Purifier 4.1.1 - Standards Compliant HTML Filtering | ||||
|     HTML Purifier 4.7.0 - Standards Compliant HTML Filtering | ||||
|     Copyright (C) 2006-2008 Edward Z. Yang | ||||
| 
 | ||||
|     This library is free software; you can redistribute it and/or | ||||
|  | @ -54,66 +54,97 @@ | |||
| class HTMLPurifier | ||||
| { | ||||
| 
 | ||||
|     /** Version of HTML Purifier */ | ||||
|     public $version = '4.1.1'; | ||||
| 
 | ||||
|     /** Constant with version of HTML Purifier */ | ||||
|     const VERSION = '4.1.1'; | ||||
| 
 | ||||
|     /** Global configuration object */ | ||||
|     public $config; | ||||
| 
 | ||||
|     /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */ | ||||
|     private $filters = array(); | ||||
| 
 | ||||
|     /** Single instance of HTML Purifier */ | ||||
|     private static $instance; | ||||
| 
 | ||||
|     protected $strategy, $generator; | ||||
|     /** | ||||
|      * Version of HTML Purifier. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $version = '4.7.0'; | ||||
| 
 | ||||
|     /** | ||||
|      * Resultant HTMLPurifier_Context of last run purification. Is an array | ||||
|      * of contexts if the last called method was purifyArray(). | ||||
|      * Constant with version of HTML Purifier. | ||||
|      */ | ||||
|     const VERSION = '4.7.0'; | ||||
| 
 | ||||
|     /** | ||||
|      * Global configuration object. | ||||
|      * @type HTMLPurifier_Config | ||||
|      */ | ||||
|     public $config; | ||||
| 
 | ||||
|     /** | ||||
|      * Array of extra filter objects to run on HTML, | ||||
|      * for backwards compatibility. | ||||
|      * @type HTMLPurifier_Filter[] | ||||
|      */ | ||||
|     private $filters = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Single instance of HTML Purifier. | ||||
|      * @type HTMLPurifier | ||||
|      */ | ||||
|     private static $instance; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_Strategy_Core | ||||
|      */ | ||||
|     protected $strategy; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_Generator | ||||
|      */ | ||||
|     protected $generator; | ||||
| 
 | ||||
|     /** | ||||
|      * Resultant context of last run purification. | ||||
|      * Is an array of contexts if the last called method was purifyArray(). | ||||
|      * @type HTMLPurifier_Context | ||||
|      */ | ||||
|     public $context; | ||||
| 
 | ||||
|     /** | ||||
|      * Initializes the purifier. | ||||
|      * @param $config Optional HTMLPurifier_Config object for all instances of | ||||
|      *                the purifier, if omitted, a default configuration is | ||||
|      *                supplied (which can be overridden on a per-use basis). | ||||
|      * | ||||
|      * @param HTMLPurifier_Config $config Optional HTMLPurifier_Config object | ||||
|      *                for all instances of the purifier, if omitted, a default | ||||
|      *                configuration is supplied (which can be overridden on a | ||||
|      *                per-use basis). | ||||
|      *                The parameter can also be any type that | ||||
|      *                HTMLPurifier_Config::create() supports. | ||||
|      */ | ||||
|     public function __construct($config = null) { | ||||
| 
 | ||||
|     public function __construct($config = null) | ||||
|     { | ||||
|         $this->config = HTMLPurifier_Config::create($config); | ||||
| 
 | ||||
|         $this->strategy     = new HTMLPurifier_Strategy_Core(); | ||||
| 
 | ||||
|         $this->strategy = new HTMLPurifier_Strategy_Core(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Adds a filter to process the output. First come first serve | ||||
|      * @param $filter HTMLPurifier_Filter object | ||||
|      * | ||||
|      * @param HTMLPurifier_Filter $filter HTMLPurifier_Filter object | ||||
|      */ | ||||
|     public function addFilter($filter) { | ||||
|         trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING); | ||||
|     public function addFilter($filter) | ||||
|     { | ||||
|         trigger_error( | ||||
|             'HTMLPurifier->addFilter() is deprecated, use configuration directives' . | ||||
|             ' in the Filter namespace or Filter.Custom', | ||||
|             E_USER_WARNING | ||||
|         ); | ||||
|         $this->filters[] = $filter; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Filters an HTML snippet/document to be XSS-free and standards-compliant. | ||||
|      * | ||||
|      * @param $html String of HTML to purify | ||||
|      * @param $config HTMLPurifier_Config object for this operation, if omitted, | ||||
|      *                defaults to the config object specified during this | ||||
|      * @param string $html String of HTML to purify | ||||
|      * @param HTMLPurifier_Config $config Config object for this operation, | ||||
|      *                if omitted, defaults to the config object specified during this | ||||
|      *                object's construction. The parameter can also be any type | ||||
|      *                that HTMLPurifier_Config::create() supports. | ||||
|      * @return Purified HTML | ||||
|      * | ||||
|      * @return string Purified HTML | ||||
|      */ | ||||
|     public function purify($html, $config = null) { | ||||
| 
 | ||||
|     public function purify($html, $config = null) | ||||
|     { | ||||
|         // :TODO: make the config merge in, instead of replace
 | ||||
|         $config = $config ? HTMLPurifier_Config::create($config) : $this->config; | ||||
| 
 | ||||
|  | @ -151,8 +182,12 @@ class HTMLPurifier | |||
|         unset($filter_flags['Custom']); | ||||
|         $filters = array(); | ||||
|         foreach ($filter_flags as $filter => $flag) { | ||||
|             if (!$flag) continue; | ||||
|             if (strpos($filter, '.') !== false) continue; | ||||
|             if (!$flag) { | ||||
|                 continue; | ||||
|             } | ||||
|             if (strpos($filter, '.') !== false) { | ||||
|                 continue; | ||||
|             } | ||||
|             $class = "HTMLPurifier_Filter_$filter"; | ||||
|             $filters[] = new $class; | ||||
|         } | ||||
|  | @ -175,9 +210,12 @@ class HTMLPurifier | |||
|                     // list of un-purified tokens
 | ||||
|                     $lexer->tokenizeHTML( | ||||
|                         // un-purified HTML
 | ||||
|                         $html, $config, $context | ||||
|                         $html, | ||||
|                         $config, | ||||
|                         $context | ||||
|                     ), | ||||
|                     $config, $context | ||||
|                     $config, | ||||
|                     $context | ||||
|                 ) | ||||
|             ); | ||||
| 
 | ||||
|  | @ -192,11 +230,15 @@ class HTMLPurifier | |||
| 
 | ||||
|     /** | ||||
|      * Filters an array of HTML snippets | ||||
|      * @param $config Optional HTMLPurifier_Config object for this operation. | ||||
|      * | ||||
|      * @param string[] $array_of_html Array of html snippets | ||||
|      * @param HTMLPurifier_Config $config Optional config object for this operation. | ||||
|      *                See HTMLPurifier::purify() for more details. | ||||
|      * @return Array of purified HTML | ||||
|      * | ||||
|      * @return string[] Array of purified HTML | ||||
|      */ | ||||
|     public function purifyArray($array_of_html, $config = null) { | ||||
|     public function purifyArray($array_of_html, $config = null) | ||||
|     { | ||||
|         $context_array = array(); | ||||
|         foreach ($array_of_html as $key => $html) { | ||||
|             $array_of_html[$key] = $this->purify($html, $config); | ||||
|  | @ -208,11 +250,16 @@ class HTMLPurifier | |||
| 
 | ||||
|     /** | ||||
|      * Singleton for enforcing just one HTML Purifier in your system | ||||
|      * @param $prototype Optional prototype HTMLPurifier instance to | ||||
|      *                   overload singleton with, or HTMLPurifier_Config | ||||
|      *                   instance to configure the generated version with. | ||||
|      * | ||||
|      * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype | ||||
|      *                   HTMLPurifier instance to overload singleton with, | ||||
|      *                   or HTMLPurifier_Config instance to configure the | ||||
|      *                   generated version with. | ||||
|      * | ||||
|      * @return HTMLPurifier | ||||
|      */ | ||||
|     public static function instance($prototype = null) { | ||||
|     public static function instance($prototype = null) | ||||
|     { | ||||
|         if (!self::$instance || $prototype) { | ||||
|             if ($prototype instanceof HTMLPurifier) { | ||||
|                 self::$instance = $prototype; | ||||
|  | @ -226,12 +273,20 @@ class HTMLPurifier | |||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Singleton for enforcing just one HTML Purifier in your system | ||||
|      * | ||||
|      * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype | ||||
|      *                   HTMLPurifier instance to overload singleton with, | ||||
|      *                   or HTMLPurifier_Config instance to configure the | ||||
|      *                   generated version with. | ||||
|      * | ||||
|      * @return HTMLPurifier | ||||
|      * @note Backwards compatibility, see instance() | ||||
|      */ | ||||
|     public static function getInstance($prototype = null) { | ||||
|     public static function getInstance($prototype = null) | ||||
|     { | ||||
|         return HTMLPurifier::instance($prototype); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -13,6 +13,7 @@ | |||
| $__dir = dirname(__FILE__); | ||||
| 
 | ||||
| require_once $__dir . '/HTMLPurifier.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Arborize.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrCollections.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform.php'; | ||||
|  | @ -48,9 +49,11 @@ require_once $__dir . '/HTMLPurifier/Language.php'; | |||
| require_once $__dir . '/HTMLPurifier/LanguageFactory.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Length.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Lexer.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Node.php'; | ||||
| require_once $__dir . '/HTMLPurifier/PercentEncoder.php'; | ||||
| require_once $__dir . '/HTMLPurifier/PropertyList.php'; | ||||
| require_once $__dir . '/HTMLPurifier/PropertyListIterator.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Queue.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Strategy.php'; | ||||
| require_once $__dir . '/HTMLPurifier/StringHash.php'; | ||||
| require_once $__dir . '/HTMLPurifier/StringHashParser.php'; | ||||
|  | @ -66,7 +69,9 @@ require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php'; | |||
| require_once $__dir . '/HTMLPurifier/UnitConverter.php'; | ||||
| require_once $__dir . '/HTMLPurifier/VarParser.php'; | ||||
| require_once $__dir . '/HTMLPurifier/VarParserException.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Zipper.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/Clone.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php'; | ||||
|  | @ -84,6 +89,7 @@ require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php'; | |||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Ident.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php'; | ||||
|  | @ -119,14 +125,17 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php'; | |||
| require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/Nofollow.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/TargetBlank.php'; | ||||
| require_once $__dir . '/HTMLPurifier/AttrTransform/Textarea.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/List.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/Required.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php'; | ||||
| require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php'; | ||||
|  | @ -141,10 +150,12 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php'; | |||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Forms.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Iframe.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/List.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Nofollow.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php'; | ||||
|  | @ -152,10 +163,12 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php'; | |||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/SafeScripting.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/TargetBlank.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php'; | ||||
| require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php'; | ||||
|  | @ -174,6 +187,9 @@ require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php'; | |||
| require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Node/Comment.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Node/Element.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Node/Text.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Strategy/Composite.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Strategy/Core.php'; | ||||
| require_once $__dir . '/HTMLPurifier/Strategy/FixNesting.php'; | ||||
|  | @ -190,10 +206,13 @@ require_once $__dir . '/HTMLPurifier/Token/Start.php'; | |||
| require_once $__dir . '/HTMLPurifier/Token/Text.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/DisableResources.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIFilter/SafeIframe.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIScheme/data.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIScheme/file.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIScheme/http.php'; | ||||
| require_once $__dir . '/HTMLPurifier/URIScheme/https.php'; | ||||
|  | @ -0,0 +1,71 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Converts a stream of HTMLPurifier_Token into an HTMLPurifier_Node, | ||||
|  * and back again. | ||||
|  * | ||||
|  * @note This transformation is not an equivalence.  We mutate the input | ||||
|  * token stream to make it so; see all [MUT] markers in code. | ||||
|  */ | ||||
| class HTMLPurifier_Arborize | ||||
| { | ||||
|     public static function arborize($tokens, $config, $context) { | ||||
|         $definition = $config->getHTMLDefinition(); | ||||
|         $parent = new HTMLPurifier_Token_Start($definition->info_parent); | ||||
|         $stack = array($parent->toNode()); | ||||
|         foreach ($tokens as $token) { | ||||
|             $token->skip = null; // [MUT]
 | ||||
|             $token->carryover = null; // [MUT]
 | ||||
|             if ($token instanceof HTMLPurifier_Token_End) { | ||||
|                 $token->start = null; // [MUT]
 | ||||
|                 $r = array_pop($stack); | ||||
|                 assert($r->name === $token->name); | ||||
|                 assert(empty($token->attr)); | ||||
|                 $r->endCol = $token->col; | ||||
|                 $r->endLine = $token->line; | ||||
|                 $r->endArmor = $token->armor; | ||||
|                 continue; | ||||
|             } | ||||
|             $node = $token->toNode(); | ||||
|             $stack[count($stack)-1]->children[] = $node; | ||||
|             if ($token instanceof HTMLPurifier_Token_Start) { | ||||
|                 $stack[] = $node; | ||||
|             } | ||||
|         } | ||||
|         assert(count($stack) == 1); | ||||
|         return $stack[0]; | ||||
|     } | ||||
| 
 | ||||
|     public static function flatten($node, $config, $context) { | ||||
|         $level = 0; | ||||
|         $nodes = array($level => new HTMLPurifier_Queue(array($node))); | ||||
|         $closingTokens = array(); | ||||
|         $tokens = array(); | ||||
|         do { | ||||
|             while (!$nodes[$level]->isEmpty()) { | ||||
|                 $node = $nodes[$level]->shift(); // FIFO
 | ||||
|                 list($start, $end) = $node->toTokenPair(); | ||||
|                 if ($level > 0) { | ||||
|                     $tokens[] = $start; | ||||
|                 } | ||||
|                 if ($end !== NULL) { | ||||
|                     $closingTokens[$level][] = $end; | ||||
|                 } | ||||
|                 if ($node instanceof HTMLPurifier_Node_Element) { | ||||
|                     $level++; | ||||
|                     $nodes[$level] = new HTMLPurifier_Queue(); | ||||
|                     foreach ($node->children as $childNode) { | ||||
|                         $nodes[$level]->push($childNode); | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|             $level--; | ||||
|             if ($level && isset($closingTokens[$level])) { | ||||
|                 while ($token = array_pop($closingTokens[$level])) { | ||||
|                     $tokens[] = $token; | ||||
|                 } | ||||
|             } | ||||
|         } while ($level > 0); | ||||
|         return $tokens; | ||||
|     } | ||||
| } | ||||
|  | @ -8,7 +8,8 @@ class HTMLPurifier_AttrCollections | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Associative array of attribute collections, indexed by name | ||||
|      * Associative array of attribute collections, indexed by name. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $info = array(); | ||||
| 
 | ||||
|  | @ -16,10 +17,11 @@ class HTMLPurifier_AttrCollections | |||
|      * Performs all expansions on internal data for use by other inclusions | ||||
|      * It also collects all attribute collection extensions from | ||||
|      * modules | ||||
|      * @param $attr_types HTMLPurifier_AttrTypes instance | ||||
|      * @param $modules Hash array of HTMLPurifier_HTMLModule members | ||||
|      * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance | ||||
|      * @param HTMLPurifier_HTMLModule[] $modules Hash array of HTMLPurifier_HTMLModule members | ||||
|      */ | ||||
|     public function __construct($attr_types, $modules) { | ||||
|     public function __construct($attr_types, $modules) | ||||
|     { | ||||
|         // load extensions from the modules
 | ||||
|         foreach ($modules as $module) { | ||||
|             foreach ($module->attr_collections as $coll_i => $coll) { | ||||
|  | @ -30,7 +32,9 @@ class HTMLPurifier_AttrCollections | |||
|                     if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) { | ||||
|                         // merge in includes
 | ||||
|                         $this->info[$coll_i][$attr_i] = array_merge( | ||||
|                             $this->info[$coll_i][$attr_i], $attr); | ||||
|                             $this->info[$coll_i][$attr_i], | ||||
|                             $attr | ||||
|                         ); | ||||
|                         continue; | ||||
|                     } | ||||
|                     $this->info[$coll_i][$attr_i] = $attr; | ||||
|  | @ -49,20 +53,29 @@ class HTMLPurifier_AttrCollections | |||
|     /** | ||||
|      * Takes a reference to an attribute associative array and performs | ||||
|      * all inclusions specified by the zero index. | ||||
|      * @param &$attr Reference to attribute array | ||||
|      * @param array &$attr Reference to attribute array | ||||
|      */ | ||||
|     public function performInclusions(&$attr) { | ||||
|         if (!isset($attr[0])) return; | ||||
|     public function performInclusions(&$attr) | ||||
|     { | ||||
|         if (!isset($attr[0])) { | ||||
|             return; | ||||
|         } | ||||
|         $merge = $attr[0]; | ||||
|         $seen  = array(); // recursion guard
 | ||||
|         // loop through all the inclusions
 | ||||
|         for ($i = 0; isset($merge[$i]); $i++) { | ||||
|             if (isset($seen[$merge[$i]])) continue; | ||||
|             if (isset($seen[$merge[$i]])) { | ||||
|                 continue; | ||||
|             } | ||||
|             $seen[$merge[$i]] = true; | ||||
|             // foreach attribute of the inclusion, copy it over
 | ||||
|             if (!isset($this->info[$merge[$i]])) continue; | ||||
|             if (!isset($this->info[$merge[$i]])) { | ||||
|                 continue; | ||||
|             } | ||||
|             foreach ($this->info[$merge[$i]] as $key => $value) { | ||||
|                 if (isset($attr[$key])) continue; // also catches more inclusions
 | ||||
|                 if (isset($attr[$key])) { | ||||
|                     continue; | ||||
|                 } // also catches more inclusions
 | ||||
|                 $attr[$key] = $value; | ||||
|             } | ||||
|             if (isset($this->info[$merge[$i]][0])) { | ||||
|  | @ -76,20 +89,24 @@ class HTMLPurifier_AttrCollections | |||
|     /** | ||||
|      * Expands all string identifiers in an attribute array by replacing | ||||
|      * them with the appropriate values inside HTMLPurifier_AttrTypes | ||||
|      * @param &$attr Reference to attribute array | ||||
|      * @param $attr_types HTMLPurifier_AttrTypes instance | ||||
|      * @param array &$attr Reference to attribute array | ||||
|      * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance | ||||
|      */ | ||||
|     public function expandIdentifiers(&$attr, $attr_types) { | ||||
| 
 | ||||
|     public function expandIdentifiers(&$attr, $attr_types) | ||||
|     { | ||||
|         // because foreach will process new elements we add, make sure we
 | ||||
|         // skip duplicates
 | ||||
|         $processed = array(); | ||||
| 
 | ||||
|         foreach ($attr as $def_i => $def) { | ||||
|             // skip inclusions
 | ||||
|             if ($def_i === 0) continue; | ||||
|             if ($def_i === 0) { | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             if (isset($processed[$def_i])) continue; | ||||
|             if (isset($processed[$def_i])) { | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             // determine whether or not attribute is required
 | ||||
|             if ($required = (strpos($def_i, '*') !== false)) { | ||||
|  | @ -120,9 +137,7 @@ class HTMLPurifier_AttrCollections | |||
|                 unset($attr[$def_i]); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -14,23 +14,25 @@ abstract class HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Tells us whether or not an HTML attribute is minimized. Has no | ||||
|      * meaning in other contexts. | ||||
|      * Tells us whether or not an HTML attribute is minimized. | ||||
|      * Has no meaning in other contexts. | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $minimized = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Tells us whether or not an HTML attribute is required. Has no | ||||
|      * meaning in other contexts | ||||
|      * Tells us whether or not an HTML attribute is required. | ||||
|      * Has no meaning in other contexts | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $required = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Validates and cleans passed string according to a definition. | ||||
|      * | ||||
|      * @param $string String to be validated and cleaned. | ||||
|      * @param $config Mandatory HTMLPurifier_Config object. | ||||
|      * @param $context Mandatory HTMLPurifier_AttrContext object. | ||||
|      * @param string $string String to be validated and cleaned. | ||||
|      * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object. | ||||
|      * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object. | ||||
|      */ | ||||
|     abstract public function validate($string, $config, $context); | ||||
| 
 | ||||
|  | @ -55,7 +57,8 @@ abstract class HTMLPurifier_AttrDef | |||
|      *          parsing XML, thus, this behavior may still be correct. We | ||||
|      *          assume that newlines have been normalized. | ||||
|      */ | ||||
|     public function parseCDATA($string) { | ||||
|     public function parseCDATA($string) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         $string = str_replace(array("\n", "\t", "\r"), ' ', $string); | ||||
|         return $string; | ||||
|  | @ -63,10 +66,11 @@ abstract class HTMLPurifier_AttrDef | |||
| 
 | ||||
|     /** | ||||
|      * Factory method for creating this class from a string. | ||||
|      * @param $string String construction info | ||||
|      * @return Created AttrDef object corresponding to $string | ||||
|      * @param string $string String construction info | ||||
|      * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string | ||||
|      */ | ||||
|     public function make($string) { | ||||
|     public function make($string) | ||||
|     { | ||||
|         // default implementation, return a flyweight of this object.
 | ||||
|         // If $string has an effect on the returned object (i.e. you
 | ||||
|         // need to overload this method), it is best
 | ||||
|  | @ -77,16 +81,20 @@ abstract class HTMLPurifier_AttrDef | |||
|     /** | ||||
|      * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work | ||||
|      * properly. THIS IS A HACK! | ||||
|      * @param string $string a CSS colour definition | ||||
|      * @return string | ||||
|      */ | ||||
|     protected function mungeRgb($string) { | ||||
|     protected function mungeRgb($string) | ||||
|     { | ||||
|         return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Parses a possibly escaped CSS string and returns the "pure"  | ||||
|      * Parses a possibly escaped CSS string and returns the "pure" | ||||
|      * version of it. | ||||
|      */ | ||||
|     protected function expandCSSEscape($string) { | ||||
|     protected function expandCSSEscape($string) | ||||
|     { | ||||
|         // flexibly parse it
 | ||||
|         $ret = ''; | ||||
|         for ($i = 0, $c = strlen($string); $i < $c; $i++) { | ||||
|  | @ -99,25 +107,32 @@ abstract class HTMLPurifier_AttrDef | |||
|                 if (ctype_xdigit($string[$i])) { | ||||
|                     $code = $string[$i]; | ||||
|                     for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) { | ||||
|                         if (!ctype_xdigit($string[$i])) break; | ||||
|                         if (!ctype_xdigit($string[$i])) { | ||||
|                             break; | ||||
|                         } | ||||
|                         $code .= $string[$i]; | ||||
|                     } | ||||
|                     // We have to be extremely careful when adding
 | ||||
|                     // new characters, to make sure we're not breaking
 | ||||
|                     // the encoding.
 | ||||
|                     $char = HTMLPurifier_Encoder::unichr(hexdec($code)); | ||||
|                     if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue; | ||||
|                     if (HTMLPurifier_Encoder::cleanUTF8($char) === '') { | ||||
|                         continue; | ||||
|                     } | ||||
|                     $ret .= $char; | ||||
|                     if ($i < $c && trim($string[$i]) !== '') $i--; | ||||
|                     if ($i < $c && trim($string[$i]) !== '') { | ||||
|                         $i--; | ||||
|                     } | ||||
|                     continue; | ||||
|                 } | ||||
|                 if ($string[$i] === "\n") { | ||||
|                     continue; | ||||
|                 } | ||||
|                 if ($string[$i] === "\n") continue; | ||||
|             } | ||||
|             $ret .= $string[$i]; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -14,8 +14,14 @@ | |||
| class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($css, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $css | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($css, $config, $context) | ||||
|     { | ||||
|         $css = $this->parseCDATA($css); | ||||
| 
 | ||||
|         $definition = $config->getCSSDefinition(); | ||||
|  | @ -36,34 +42,47 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef | |||
|         $context->register('CurrentCSSProperty', $property); | ||||
| 
 | ||||
|         foreach ($declarations as $declaration) { | ||||
|             if (!$declaration) continue; | ||||
|             if (!strpos($declaration, ':')) continue; | ||||
|             if (!$declaration) { | ||||
|                 continue; | ||||
|             } | ||||
|             if (!strpos($declaration, ':')) { | ||||
|                 continue; | ||||
|             } | ||||
|             list($property, $value) = explode(':', $declaration, 2); | ||||
|             $property = trim($property); | ||||
|             $value    = trim($value); | ||||
|             $value = trim($value); | ||||
|             $ok = false; | ||||
|             do { | ||||
|                 if (isset($definition->info[$property])) { | ||||
|                     $ok = true; | ||||
|                     break; | ||||
|                 } | ||||
|                 if (ctype_lower($property)) break; | ||||
|                 if (ctype_lower($property)) { | ||||
|                     break; | ||||
|                 } | ||||
|                 $property = strtolower($property); | ||||
|                 if (isset($definition->info[$property])) { | ||||
|                     $ok = true; | ||||
|                     break; | ||||
|                 } | ||||
|             } while(0); | ||||
|             if (!$ok) continue; | ||||
|             } while (0); | ||||
|             if (!$ok) { | ||||
|                 continue; | ||||
|             } | ||||
|             // inefficient call, since the validator will do this again
 | ||||
|             if (strtolower(trim($value)) !== 'inherit') { | ||||
|                 // inherit works for everything (but only on the base property)
 | ||||
|                 $result = $definition->info[$property]->validate( | ||||
|                     $value, $config, $context ); | ||||
|                     $value, | ||||
|                     $config, | ||||
|                     $context | ||||
|                 ); | ||||
|             } else { | ||||
|                 $result = 'inherit'; | ||||
|             } | ||||
|             if ($result === false) continue; | ||||
|             if ($result === false) { | ||||
|                 continue; | ||||
|             } | ||||
|             $propvalues[$property] = $result; | ||||
|         } | ||||
| 
 | ||||
|  | @ -0,0 +1,34 @@ | |||
| <?php | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number | ||||
| { | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         parent::__construct(false); // opacity is non-negative, but we will clamp it
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $number | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return string | ||||
|      */ | ||||
|     public function validate($number, $config, $context) | ||||
|     { | ||||
|         $result = parent::validate($number, $config, $context); | ||||
|         if ($result === false) { | ||||
|             return $result; | ||||
|         } | ||||
|         $float = (float)$result; | ||||
|         if ($float < 0.0) { | ||||
|             $result = '0'; | ||||
|         } | ||||
|         if ($float > 1.0) { | ||||
|             $result = '1'; | ||||
|         } | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -9,11 +9,16 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|     /** | ||||
|      * Local copy of component validators. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl. | ||||
|      */ | ||||
|     protected $info; | ||||
| 
 | ||||
|     public function __construct($config) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     public function __construct($config) | ||||
|     { | ||||
|         $def = $config->getCSSDefinition(); | ||||
|         $this->info['background-color'] = $def->info['background-color']; | ||||
|         $this->info['background-image'] = $def->info['background-image']; | ||||
|  | @ -22,40 +27,55 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef | |||
|         $this->info['background-position'] = $def->info['background-position']; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         // regular pre-processing
 | ||||
|         $string = $this->parseCDATA($string); | ||||
|         if ($string === '') return false; | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // munge rgb() decl if necessary
 | ||||
|         $string = $this->mungeRgb($string); | ||||
| 
 | ||||
|         // assumes URI doesn't have spaces in it
 | ||||
|         $bits = explode(' ', strtolower($string)); // bits to process
 | ||||
|         $bits = explode(' ', $string); // bits to process
 | ||||
| 
 | ||||
|         $caught = array(); | ||||
|         $caught['color']    = false; | ||||
|         $caught['image']    = false; | ||||
|         $caught['repeat']   = false; | ||||
|         $caught['color'] = false; | ||||
|         $caught['image'] = false; | ||||
|         $caught['repeat'] = false; | ||||
|         $caught['attachment'] = false; | ||||
|         $caught['position'] = false; | ||||
| 
 | ||||
|         $i = 0; // number of catches
 | ||||
|         $none = false; | ||||
| 
 | ||||
|         foreach ($bits as $bit) { | ||||
|             if ($bit === '') continue; | ||||
|             if ($bit === '') { | ||||
|                 continue; | ||||
|             } | ||||
|             foreach ($caught as $key => $status) { | ||||
|                 if ($key != 'position') { | ||||
|                     if ($status !== false) continue; | ||||
|                     if ($status !== false) { | ||||
|                         continue; | ||||
|                     } | ||||
|                     $r = $this->info['background-' . $key]->validate($bit, $config, $context); | ||||
|                 } else { | ||||
|                     $r = $bit; | ||||
|                 } | ||||
|                 if ($r === false) continue; | ||||
|                 if ($r === false) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 if ($key == 'position') { | ||||
|                     if ($caught[$key] === false) $caught[$key] = ''; | ||||
|                     if ($caught[$key] === false) { | ||||
|                         $caught[$key] = ''; | ||||
|                     } | ||||
|                     $caught[$key] .= $r . ' '; | ||||
|                 } else { | ||||
|                     $caught[$key] = $r; | ||||
|  | @ -65,7 +85,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef | |||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (!$i) return false; | ||||
|         if (!$i) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($caught['position'] !== false) { | ||||
|             $caught['position'] = $this->info['background-position']-> | ||||
|                 validate($caught['position'], $config, $context); | ||||
|  | @ -73,15 +95,17 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|         $ret = array(); | ||||
|         foreach ($caught as $value) { | ||||
|             if ($value === false) continue; | ||||
|             if ($value === false) { | ||||
|                 continue; | ||||
|             } | ||||
|             $ret[] = $value; | ||||
|         } | ||||
| 
 | ||||
|         if (empty($ret)) return false; | ||||
|         if (empty($ret)) { | ||||
|             return false; | ||||
|         } | ||||
|         return implode(' ', $ret); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -44,15 +44,30 @@ | |||
| class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef_CSS_Length | ||||
|      */ | ||||
|     protected $length; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef_CSS_Percentage | ||||
|      */ | ||||
|     protected $percentage; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|         $this->length     = new HTMLPurifier_AttrDef_CSS_Length(); | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->length = new HTMLPurifier_AttrDef_CSS_Length(); | ||||
|         $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage(); | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = $this->parseCDATA($string); | ||||
|         $bits = explode(' ', $string); | ||||
| 
 | ||||
|  | @ -74,7 +89,9 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef | |||
|         ); | ||||
| 
 | ||||
|         foreach ($bits as $bit) { | ||||
|             if ($bit === '') continue; | ||||
|             if ($bit === '') { | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             // test for keyword
 | ||||
|             $lbit = ctype_lower($bit) ? $bit : strtolower($bit); | ||||
|  | @ -104,30 +121,37 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef | |||
|                 $measures[] = $r; | ||||
|                 $i++; | ||||
|             } | ||||
| 
 | ||||
|         } | ||||
| 
 | ||||
|         if (!$i) return false; // no valid values were caught
 | ||||
|         if (!$i) { | ||||
|             return false; | ||||
|         } // no valid values were caught
 | ||||
| 
 | ||||
|         $ret = array(); | ||||
| 
 | ||||
|         // first keyword
 | ||||
|         if     ($keywords['h'])     $ret[] = $keywords['h']; | ||||
|         elseif ($keywords['ch']) { | ||||
|         if ($keywords['h']) { | ||||
|             $ret[] = $keywords['h']; | ||||
|         } elseif ($keywords['ch']) { | ||||
|             $ret[] = $keywords['ch']; | ||||
|             $keywords['cv'] = false; // prevent re-use: center = center center
 | ||||
|         } elseif (count($measures)) { | ||||
|             $ret[] = array_shift($measures); | ||||
|         } | ||||
|         elseif (count($measures))   $ret[] = array_shift($measures); | ||||
| 
 | ||||
|         if     ($keywords['v'])     $ret[] = $keywords['v']; | ||||
|         elseif ($keywords['cv'])    $ret[] = $keywords['cv']; | ||||
|         elseif (count($measures))   $ret[] = array_shift($measures); | ||||
|         if ($keywords['v']) { | ||||
|             $ret[] = $keywords['v']; | ||||
|         } elseif ($keywords['cv']) { | ||||
|             $ret[] = $keywords['cv']; | ||||
|         } elseif (count($measures)) { | ||||
|             $ret[] = array_shift($measures); | ||||
|         } | ||||
| 
 | ||||
|         if (empty($ret)) return false; | ||||
|         if (empty($ret)) { | ||||
|             return false; | ||||
|         } | ||||
|         return implode(' ', $ret); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -8,17 +8,29 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|     /** | ||||
|      * Local copy of properties this property is shorthand for. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      */ | ||||
|     protected $info = array(); | ||||
| 
 | ||||
|     public function __construct($config) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     public function __construct($config) | ||||
|     { | ||||
|         $def = $config->getCSSDefinition(); | ||||
|         $this->info['border-width'] = $def->info['border-width']; | ||||
|         $this->info['border-style'] = $def->info['border-style']; | ||||
|         $this->info['border-top-color'] = $def->info['border-top-color']; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = $this->parseCDATA($string); | ||||
|         $string = $this->mungeRgb($string); | ||||
|         $bits = explode(' ', $string); | ||||
|  | @ -26,7 +38,9 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef | |||
|         $ret = ''; // return value
 | ||||
|         foreach ($bits as $bit) { | ||||
|             foreach ($this->info as $propname => $validator) { | ||||
|                 if (isset($done[$propname])) continue; | ||||
|                 if (isset($done[$propname])) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 $r = $validator->validate($bit, $config, $context); | ||||
|                 if ($r !== false) { | ||||
|                     $ret .= $r . ' '; | ||||
|  | @ -37,7 +51,6 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef | |||
|         } | ||||
|         return rtrim($ret); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -6,29 +6,47 @@ | |||
| class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($color, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $color | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($color, $config, $context) | ||||
|     { | ||||
|         static $colors = null; | ||||
|         if ($colors === null) $colors = $config->get('Core.ColorKeywords'); | ||||
|         if ($colors === null) { | ||||
|             $colors = $config->get('Core.ColorKeywords'); | ||||
|         } | ||||
| 
 | ||||
|         $color = trim($color); | ||||
|         if ($color === '') return false; | ||||
|         if ($color === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $lower = strtolower($color); | ||||
|         if (isset($colors[$lower])) return $colors[$lower]; | ||||
|         if (isset($colors[$lower])) { | ||||
|             return $colors[$lower]; | ||||
|         } | ||||
| 
 | ||||
|         if (strpos($color, 'rgb(') !== false) { | ||||
|             // rgb literal handling
 | ||||
|             $length = strlen($color); | ||||
|             if (strpos($color, ')') !== $length - 1) return false; | ||||
|             if (strpos($color, ')') !== $length - 1) { | ||||
|                 return false; | ||||
|             } | ||||
|             $triad = substr($color, 4, $length - 4 - 1); | ||||
|             $parts = explode(',', $triad); | ||||
|             if (count($parts) !== 3) return false; | ||||
|             if (count($parts) !== 3) { | ||||
|                 return false; | ||||
|             } | ||||
|             $type = false; // to ensure that they're all the same type
 | ||||
|             $new_parts = array(); | ||||
|             foreach ($parts as $part) { | ||||
|                 $part = trim($part); | ||||
|                 if ($part === '') return false; | ||||
|                 if ($part === '') { | ||||
|                     return false; | ||||
|                 } | ||||
|                 $length = strlen($part); | ||||
|                 if ($part[$length - 1] === '%') { | ||||
|                     // handle percents
 | ||||
|  | @ -37,9 +55,13 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef | |||
|                     } elseif ($type !== 'percentage') { | ||||
|                         return false; | ||||
|                     } | ||||
|                     $num = (float) substr($part, 0, $length - 1); | ||||
|                     if ($num < 0) $num = 0; | ||||
|                     if ($num > 100) $num = 100; | ||||
|                     $num = (float)substr($part, 0, $length - 1); | ||||
|                     if ($num < 0) { | ||||
|                         $num = 0; | ||||
|                     } | ||||
|                     if ($num > 100) { | ||||
|                         $num = 100; | ||||
|                     } | ||||
|                     $new_parts[] = "$num%"; | ||||
|                 } else { | ||||
|                     // handle integers
 | ||||
|  | @ -48,10 +70,14 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef | |||
|                     } elseif ($type !== 'integer') { | ||||
|                         return false; | ||||
|                     } | ||||
|                     $num = (int) $part; | ||||
|                     if ($num < 0) $num = 0; | ||||
|                     if ($num > 255) $num = 255; | ||||
|                     $new_parts[] = (string) $num; | ||||
|                     $num = (int)$part; | ||||
|                     if ($num < 0) { | ||||
|                         $num = 0; | ||||
|                     } | ||||
|                     if ($num > 255) { | ||||
|                         $num = 255; | ||||
|                     } | ||||
|                     $new_parts[] = (string)$num; | ||||
|                 } | ||||
|             } | ||||
|             $new_triad = implode(',', $new_parts); | ||||
|  | @ -65,14 +91,15 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef | |||
|                 $color = '#' . $color; | ||||
|             } | ||||
|             $length = strlen($hex); | ||||
|             if ($length !== 3 && $length !== 6) return false; | ||||
|             if (!ctype_xdigit($hex)) return false; | ||||
|             if ($length !== 3 && $length !== 6) { | ||||
|                 return false; | ||||
|             } | ||||
|             if (!ctype_xdigit($hex)) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         return $color; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -13,26 +13,36 @@ class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * List of HTMLPurifier_AttrDef objects that may process strings | ||||
|      * List of objects that may process strings. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public $defs; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $defs List of HTMLPurifier_AttrDef objects | ||||
|      * @param HTMLPurifier_AttrDef[] $defs List of HTMLPurifier_AttrDef objects | ||||
|      */ | ||||
|     public function __construct($defs) { | ||||
|     public function __construct($defs) | ||||
|     { | ||||
|         $this->defs = $defs; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         foreach ($this->defs as $i => $def) { | ||||
|             $result = $this->defs[$i]->validate($string, $config, $context); | ||||
|             if ($result !== false) return $result; | ||||
|             if ($result !== false) { | ||||
|                 return $result; | ||||
|             } | ||||
|         } | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,44 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Decorator which enables CSS properties to be disabled for specific elements. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef | ||||
| { | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     public $def; | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $element; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_AttrDef $def Definition to wrap | ||||
|      * @param string $element Element to deny | ||||
|      */ | ||||
|     public function __construct($def, $element) | ||||
|     { | ||||
|         $this->def = $def; | ||||
|         $this->element = $element; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Checks if CurrentToken is set and equal to $this->element | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $token = $context->get('CurrentToken', true); | ||||
|         if ($token && $token->name == $this->element) { | ||||
|             return false; | ||||
|         } | ||||
|         return $this->def->validate($string, $config, $context); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,23 +7,37 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef_Integer | ||||
|      */ | ||||
|     protected $intValidator; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->intValidator = new HTMLPurifier_AttrDef_Integer(); | ||||
|     } | ||||
| 
 | ||||
|     public function validate($value, $config, $context) { | ||||
|     /** | ||||
|      * @param string $value | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($value, $config, $context) | ||||
|     { | ||||
|         $value = $this->parseCDATA($value); | ||||
|         if ($value === 'none') return $value; | ||||
|         if ($value === 'none') { | ||||
|             return $value; | ||||
|         } | ||||
|         // if we looped this we could support multiple filters
 | ||||
|         $function_length = strcspn($value, '('); | ||||
|         $function = trim(substr($value, 0, $function_length)); | ||||
|         if ($function !== 'alpha' && | ||||
|             $function !== 'Alpha' && | ||||
|             $function !== 'progid:DXImageTransform.Microsoft.Alpha' | ||||
|             ) return false; | ||||
|         ) { | ||||
|             return false; | ||||
|         } | ||||
|         $cursor = $function_length + 1; | ||||
|         $parameters_length = strcspn($value, ')', $cursor); | ||||
|         $parameters = substr($value, $cursor, $parameters_length); | ||||
|  | @ -32,15 +46,25 @@ class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef | |||
|         $lookup = array(); | ||||
|         foreach ($params as $param) { | ||||
|             list($key, $value) = explode('=', $param); | ||||
|             $key   = trim($key); | ||||
|             $key = trim($key); | ||||
|             $value = trim($value); | ||||
|             if (isset($lookup[$key])) continue; | ||||
|             if ($key !== 'opacity') continue; | ||||
|             if (isset($lookup[$key])) { | ||||
|                 continue; | ||||
|             } | ||||
|             if ($key !== 'opacity') { | ||||
|                 continue; | ||||
|             } | ||||
|             $value = $this->intValidator->validate($value, $config, $context); | ||||
|             if ($value === false) continue; | ||||
|             $int = (int) $value; | ||||
|             if ($int > 100) $value = '100'; | ||||
|             if ($int < 0) $value = '0'; | ||||
|             if ($value === false) { | ||||
|                 continue; | ||||
|             } | ||||
|             $int = (int)$value; | ||||
|             if ($int > 100) { | ||||
|                 $value = '100'; | ||||
|             } | ||||
|             if ($int < 0) { | ||||
|                 $value = '0'; | ||||
|             } | ||||
|             $ret_params[] = "$key=$value"; | ||||
|             $lookup[$key] = true; | ||||
|         } | ||||
|  | @ -48,7 +72,6 @@ class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef | |||
|         $ret_function = "$function($ret_parameters)"; | ||||
|         return $ret_function; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,8 +7,8 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Local copy of component validators. | ||||
|      * | ||||
|      * Local copy of validators | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      * @note If we moved specific CSS property definitions to their own | ||||
|      *       classes instead of having them be assembled at run time by | ||||
|      *       CSSDefinition, this wouldn't be necessary.  We'd instantiate | ||||
|  | @ -16,18 +16,28 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|      */ | ||||
|     protected $info = array(); | ||||
| 
 | ||||
|     public function __construct($config) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     public function __construct($config) | ||||
|     { | ||||
|         $def = $config->getCSSDefinition(); | ||||
|         $this->info['font-style']   = $def->info['font-style']; | ||||
|         $this->info['font-style'] = $def->info['font-style']; | ||||
|         $this->info['font-variant'] = $def->info['font-variant']; | ||||
|         $this->info['font-weight']  = $def->info['font-weight']; | ||||
|         $this->info['font-size']    = $def->info['font-size']; | ||||
|         $this->info['line-height']  = $def->info['line-height']; | ||||
|         $this->info['font-family']  = $def->info['font-family']; | ||||
|         $this->info['font-weight'] = $def->info['font-weight']; | ||||
|         $this->info['font-size'] = $def->info['font-size']; | ||||
|         $this->info['line-height'] = $def->info['line-height']; | ||||
|         $this->info['font-family'] = $def->info['font-family']; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         static $system_fonts = array( | ||||
|             'caption' => true, | ||||
|             'icon' => true, | ||||
|  | @ -39,7 +49,9 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|         // regular pre-processing
 | ||||
|         $string = $this->parseCDATA($string); | ||||
|         if ($string === '') return false; | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // check if it's one of the keywords
 | ||||
|         $lowercase_string = strtolower($string); | ||||
|  | @ -54,15 +66,20 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|         $final = ''; // output
 | ||||
| 
 | ||||
|         for ($i = 0, $size = count($bits); $i < $size; $i++) { | ||||
|             if ($bits[$i] === '') continue; | ||||
|             if ($bits[$i] === '') { | ||||
|                 continue; | ||||
|             } | ||||
|             switch ($stage) { | ||||
| 
 | ||||
|                 // attempting to catch font-style, font-variant or font-weight
 | ||||
|                 case 0: | ||||
|                 case 0: // attempting to catch font-style, font-variant or font-weight
 | ||||
|                     foreach ($stage_1 as $validator_name) { | ||||
|                         if (isset($caught[$validator_name])) continue; | ||||
|                         if (isset($caught[$validator_name])) { | ||||
|                             continue; | ||||
|                         } | ||||
|                         $r = $this->info[$validator_name]->validate( | ||||
|                                                 $bits[$i], $config, $context); | ||||
|                             $bits[$i], | ||||
|                             $config, | ||||
|                             $context | ||||
|                         ); | ||||
|                         if ($r !== false) { | ||||
|                             $final .= $r . ' '; | ||||
|                             $caught[$validator_name] = true; | ||||
|  | @ -70,15 +87,17 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|                         } | ||||
|                     } | ||||
|                     // all three caught, continue on
 | ||||
|                     if (count($caught) >= 3) $stage = 1; | ||||
|                     if ($r !== false) break; | ||||
| 
 | ||||
|                 // attempting to catch font-size and perhaps line-height
 | ||||
|                 case 1: | ||||
|                     if (count($caught) >= 3) { | ||||
|                         $stage = 1; | ||||
|                     } | ||||
|                     if ($r !== false) { | ||||
|                         break; | ||||
|                     } | ||||
|                 case 1: // attempting to catch font-size and perhaps line-height
 | ||||
|                     $found_slash = false; | ||||
|                     if (strpos($bits[$i], '/') !== false) { | ||||
|                         list($font_size, $line_height) = | ||||
|                                                     explode('/', $bits[$i]); | ||||
|                             explode('/', $bits[$i]); | ||||
|                         if ($line_height === '') { | ||||
|                             // ooh, there's a space after the slash!
 | ||||
|                             $line_height = false; | ||||
|  | @ -89,14 +108,19 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|                         $line_height = false; | ||||
|                     } | ||||
|                     $r = $this->info['font-size']->validate( | ||||
|                                               $font_size, $config, $context); | ||||
|                         $font_size, | ||||
|                         $config, | ||||
|                         $context | ||||
|                     ); | ||||
|                     if ($r !== false) { | ||||
|                         $final .= $r; | ||||
|                         // attempt to catch line-height
 | ||||
|                         if ($line_height === false) { | ||||
|                             // we need to scroll forward
 | ||||
|                             for ($j = $i + 1; $j < $size; $j++) { | ||||
|                                 if ($bits[$j] === '') continue; | ||||
|                                 if ($bits[$j] === '') { | ||||
|                                     continue; | ||||
|                                 } | ||||
|                                 if ($bits[$j] === '/') { | ||||
|                                     if ($found_slash) { | ||||
|                                         return false; | ||||
|  | @ -116,7 +140,10 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|                         if ($found_slash) { | ||||
|                             $i = $j; | ||||
|                             $r = $this->info['line-height']->validate( | ||||
|                                               $line_height, $config, $context); | ||||
|                                 $line_height, | ||||
|                                 $config, | ||||
|                                 $context | ||||
|                             ); | ||||
|                             if ($r !== false) { | ||||
|                                 $final .= '/' . $r; | ||||
|                             } | ||||
|  | @ -126,13 +153,14 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|                         break; | ||||
|                     } | ||||
|                     return false; | ||||
| 
 | ||||
|                 // attempting to catch font-family
 | ||||
|                 case 2: | ||||
|                 case 2: // attempting to catch font-family
 | ||||
|                     $font_family = | ||||
|                         implode(' ', array_slice($bits, $i, $size - $i)); | ||||
|                     $r = $this->info['font-family']->validate( | ||||
|                                               $font_family, $config, $context); | ||||
|                         $font_family, | ||||
|                         $config, | ||||
|                         $context | ||||
|                     ); | ||||
|                     if ($r !== false) { | ||||
|                         $final .= $r . ' '; | ||||
|                         // processing completed successfully
 | ||||
|  | @ -143,7 +171,6 @@ class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef | |||
|         } | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,219 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a font family list according to CSS spec | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     protected $mask = null; | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->mask = '_- '; | ||||
|         for ($c = 'a'; $c <= 'z'; $c++) { | ||||
|             $this->mask .= $c; | ||||
|         } | ||||
|         for ($c = 'A'; $c <= 'Z'; $c++) { | ||||
|             $this->mask .= $c; | ||||
|         } | ||||
|         for ($c = '0'; $c <= '9'; $c++) { | ||||
|             $this->mask .= $c; | ||||
|         } // cast-y, but should be fine
 | ||||
|         // special bytes used by UTF-8
 | ||||
|         for ($i = 0x80; $i <= 0xFF; $i++) { | ||||
|             // We don't bother excluding invalid bytes in this range,
 | ||||
|             // because the our restriction of well-formed UTF-8 will
 | ||||
|             // prevent these from ever occurring.
 | ||||
|             $this->mask .= chr($i); | ||||
|         } | ||||
| 
 | ||||
|         /* | ||||
|             PHP's internal strcspn implementation is | ||||
|             O(length of string * length of mask), making it inefficient | ||||
|             for large masks.  However, it's still faster than | ||||
|             preg_match 8) | ||||
|           for (p = s1;;) { | ||||
|             spanp = s2; | ||||
|             do { | ||||
|               if (*spanp == c || p == s1_end) { | ||||
|                 return p - s1; | ||||
|               } | ||||
|             } while (spanp++ < (s2_end - 1)); | ||||
|             c = *++p; | ||||
|           } | ||||
|          */ | ||||
|         // possible optimization: invert the mask.
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         static $generic_names = array( | ||||
|             'serif' => true, | ||||
|             'sans-serif' => true, | ||||
|             'monospace' => true, | ||||
|             'fantasy' => true, | ||||
|             'cursive' => true | ||||
|         ); | ||||
|         $allowed_fonts = $config->get('CSS.AllowedFonts'); | ||||
| 
 | ||||
|         // assume that no font names contain commas in them
 | ||||
|         $fonts = explode(',', $string); | ||||
|         $final = ''; | ||||
|         foreach ($fonts as $font) { | ||||
|             $font = trim($font); | ||||
|             if ($font === '') { | ||||
|                 continue; | ||||
|             } | ||||
|             // match a generic name
 | ||||
|             if (isset($generic_names[$font])) { | ||||
|                 if ($allowed_fonts === null || isset($allowed_fonts[$font])) { | ||||
|                     $final .= $font . ', '; | ||||
|                 } | ||||
|                 continue; | ||||
|             } | ||||
|             // match a quoted name
 | ||||
|             if ($font[0] === '"' || $font[0] === "'") { | ||||
|                 $length = strlen($font); | ||||
|                 if ($length <= 2) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 $quote = $font[0]; | ||||
|                 if ($font[$length - 1] !== $quote) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 $font = substr($font, 1, $length - 2); | ||||
|             } | ||||
| 
 | ||||
|             $font = $this->expandCSSEscape($font); | ||||
| 
 | ||||
|             // $font is a pure representation of the font name
 | ||||
| 
 | ||||
|             if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) { | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             if (ctype_alnum($font) && $font !== '') { | ||||
|                 // very simple font, allow it in unharmed
 | ||||
|                 $final .= $font . ', '; | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             // bugger out on whitespace.  form feed (0C) really
 | ||||
|             // shouldn't show up regardless
 | ||||
|             $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font); | ||||
| 
 | ||||
|             // Here, there are various classes of characters which need
 | ||||
|             // to be treated differently:
 | ||||
|             //  - Alphanumeric characters are essentially safe.  We
 | ||||
|             //    handled these above.
 | ||||
|             //  - Spaces require quoting, though most parsers will do
 | ||||
|             //    the right thing if there aren't any characters that
 | ||||
|             //    can be misinterpreted
 | ||||
|             //  - Dashes rarely occur, but they fairly unproblematic
 | ||||
|             //    for parsing/rendering purposes.
 | ||||
|             //  The above characters cover the majority of Western font
 | ||||
|             //  names.
 | ||||
|             //  - Arbitrary Unicode characters not in ASCII.  Because
 | ||||
|             //    most parsers give little thought to Unicode, treatment
 | ||||
|             //    of these codepoints is basically uniform, even for
 | ||||
|             //    punctuation-like codepoints.  These characters can
 | ||||
|             //    show up in non-Western pages and are supported by most
 | ||||
|             //    major browsers, for example: "MS 明朝" is a
 | ||||
|             //    legitimate font-name
 | ||||
|             //    <http://ja.wikipedia.org/wiki/MS_明朝>.  See
 | ||||
|             //    the CSS3 spec for more examples:
 | ||||
|             //    <http://www.w3.org/TR/2011/WD-css3-fonts-20110324/localizedfamilynames.png>
 | ||||
|             //    You can see live samples of these on the Internet:
 | ||||
|             //    <http://www.google.co.jp/search?q=font-family+MS+明朝|ゴシック>
 | ||||
|             //    However, most of these fonts have ASCII equivalents:
 | ||||
|             //    for example, 'MS Mincho', and it's considered
 | ||||
|             //    professional to use ASCII font names instead of
 | ||||
|             //    Unicode font names.  Thanks Takeshi Terada for
 | ||||
|             //    providing this information.
 | ||||
|             //  The following characters, to my knowledge, have not been
 | ||||
|             //  used to name font names.
 | ||||
|             //  - Single quote.  While theoretically you might find a
 | ||||
|             //    font name that has a single quote in its name (serving
 | ||||
|             //    as an apostrophe, e.g. Dave's Scribble), I haven't
 | ||||
|             //    been able to find any actual examples of this.
 | ||||
|             //    Internet Explorer's cssText translation (which I
 | ||||
|             //    believe is invoked by innerHTML) normalizes any
 | ||||
|             //    quoting to single quotes, and fails to escape single
 | ||||
|             //    quotes.  (Note that this is not IE's behavior for all
 | ||||
|             //    CSS properties, just some sort of special casing for
 | ||||
|             //    font-family).  So a single quote *cannot* be used
 | ||||
|             //    safely in the font-family context if there will be an
 | ||||
|             //    innerHTML/cssText translation.  Note that Firefox 3.x
 | ||||
|             //    does this too.
 | ||||
|             //  - Double quote.  In IE, these get normalized to
 | ||||
|             //    single-quotes, no matter what the encoding.  (Fun
 | ||||
|             //    fact, in IE8, the 'content' CSS property gained
 | ||||
|             //    support, where they special cased to preserve encoded
 | ||||
|             //    double quotes, but still translate unadorned double
 | ||||
|             //    quotes into single quotes.)  So, because their
 | ||||
|             //    fixpoint behavior is identical to single quotes, they
 | ||||
|             //    cannot be allowed either.  Firefox 3.x displays
 | ||||
|             //    single-quote style behavior.
 | ||||
|             //  - Backslashes are reduced by one (so \\ -> \) every
 | ||||
|             //    iteration, so they cannot be used safely.  This shows
 | ||||
|             //    up in IE7, IE8 and FF3
 | ||||
|             //  - Semicolons, commas and backticks are handled properly.
 | ||||
|             //  - The rest of the ASCII punctuation is handled properly.
 | ||||
|             // We haven't checked what browsers do to unadorned
 | ||||
|             // versions, but this is not important as long as the
 | ||||
|             // browser doesn't /remove/ surrounding quotes (as IE does
 | ||||
|             // for HTML).
 | ||||
|             //
 | ||||
|             // With these results in hand, we conclude that there are
 | ||||
|             // various levels of safety:
 | ||||
|             //  - Paranoid: alphanumeric, spaces and dashes(?)
 | ||||
|             //  - International: Paranoid + non-ASCII Unicode
 | ||||
|             //  - Edgy: Everything except quotes, backslashes
 | ||||
|             //  - NoJS: Standards compliance, e.g. sod IE. Note that
 | ||||
|             //    with some judicious character escaping (since certain
 | ||||
|             //    types of escaping doesn't work) this is theoretically
 | ||||
|             //    OK as long as innerHTML/cssText is not called.
 | ||||
|             // We believe that international is a reasonable default
 | ||||
|             // (that we will implement now), and once we do more
 | ||||
|             // extensive research, we may feel comfortable with dropping
 | ||||
|             // it down to edgy.
 | ||||
| 
 | ||||
|             // Edgy: alphanumeric, spaces, dashes, underscores and Unicode.  Use of
 | ||||
|             // str(c)spn assumes that the string was already well formed
 | ||||
|             // Unicode (which of course it is).
 | ||||
|             if (strspn($font, $this->mask) !== strlen($font)) { | ||||
|                 continue; | ||||
|             } | ||||
| 
 | ||||
|             // Historical:
 | ||||
|             // In the absence of innerHTML/cssText, these ugly
 | ||||
|             // transforms don't pose a security risk (as \\ and \"
 | ||||
|             // might--these escapes are not supported by most browsers).
 | ||||
|             // We could try to be clever and use single-quote wrapping
 | ||||
|             // when there is a double quote present, but I have choosen
 | ||||
|             // not to implement that.  (NOTE: you can reduce the amount
 | ||||
|             // of escapes by one depending on what quoting style you use)
 | ||||
|             // $font = str_replace('\\', '\\5C ', $font);
 | ||||
|             // $font = str_replace('"',  '\\22 ', $font);
 | ||||
|             // $font = str_replace("'",  '\\27 ', $font);
 | ||||
| 
 | ||||
|             // font possibly with spaces, requires quoting
 | ||||
|             $final .= "'$font', "; | ||||
|         } | ||||
|         $final = rtrim($final, ', '); | ||||
|         if ($final === '') { | ||||
|             return false; | ||||
|         } | ||||
|         return $final; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,32 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates based on {ident} CSS grammar production | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
| 
 | ||||
|         // early abort: '' and '0' (strings that convert to false) are invalid
 | ||||
|         if (!$string) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $pattern = '/^(-?[A-Za-z_][A-Za-z_\-0-9]*)$/'; | ||||
|         if (!preg_match($pattern, $string)) { | ||||
|             return false; | ||||
|         } | ||||
|         return $string; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -5,20 +5,34 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef | ||||
| { | ||||
|     public $def, $allow; | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     public $def; | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $def Definition to wrap | ||||
|      * @param $allow Whether or not to allow !important | ||||
|      * @param HTMLPurifier_AttrDef $def Definition to wrap | ||||
|      * @param bool $allow Whether or not to allow !important | ||||
|      */ | ||||
|     public function __construct($def, $allow = false) { | ||||
|     public function __construct($def, $allow = false) | ||||
|     { | ||||
|         $this->def = $def; | ||||
|         $this->allow = $allow; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Intercepts and removes !important if necessary | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) { | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         // test for ! and important tokens
 | ||||
|         $string = trim($string); | ||||
|         $is_important = false; | ||||
|  | @ -32,7 +46,9 @@ class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef | |||
|             } | ||||
|         } | ||||
|         $string = $this->def->validate($string, $config, $context); | ||||
|         if ($this->allow && $is_important) $string .= ' !important'; | ||||
|         if ($this->allow && $is_important) { | ||||
|             $string .= ' !important'; | ||||
|         } | ||||
|         return $string; | ||||
|     } | ||||
| } | ||||
|  | @ -0,0 +1,77 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Represents a Length as defined by CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_Length|string | ||||
|      */ | ||||
|     protected $min; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_Length|string | ||||
|      */ | ||||
|     protected $max; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Length|string $min Minimum length, or null for no bound. String is also acceptable. | ||||
|      * @param HTMLPurifier_Length|string $max Maximum length, or null for no bound. String is also acceptable. | ||||
|      */ | ||||
|     public function __construct($min = null, $max = null) | ||||
|     { | ||||
|         $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null; | ||||
|         $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = $this->parseCDATA($string); | ||||
| 
 | ||||
|         // Optimizations
 | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
|         if ($string === '0') { | ||||
|             return '0'; | ||||
|         } | ||||
|         if (strlen($string) === 1) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $length = HTMLPurifier_Length::make($string); | ||||
|         if (!$length->isValid()) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         if ($this->min) { | ||||
|             $c = $length->compareTo($this->min); | ||||
|             if ($c === false) { | ||||
|                 return false; | ||||
|             } | ||||
|             if ($c < 0) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         if ($this->max) { | ||||
|             $c = $length->compareTo($this->max); | ||||
|             if ($c === false) { | ||||
|                 return false; | ||||
|             } | ||||
|             if ($c > 0) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         return $length->toString(); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,112 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates shorthand CSS property list-style. | ||||
|  * @warning Does not support url tokens that have internal spaces. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Local copy of validators. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. | ||||
|      */ | ||||
|     protected $info; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     public function __construct($config) | ||||
|     { | ||||
|         $def = $config->getCSSDefinition(); | ||||
|         $this->info['list-style-type'] = $def->info['list-style-type']; | ||||
|         $this->info['list-style-position'] = $def->info['list-style-position']; | ||||
|         $this->info['list-style-image'] = $def->info['list-style-image']; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         // regular pre-processing
 | ||||
|         $string = $this->parseCDATA($string); | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // assumes URI doesn't have spaces in it
 | ||||
|         $bits = explode(' ', strtolower($string)); // bits to process
 | ||||
| 
 | ||||
|         $caught = array(); | ||||
|         $caught['type'] = false; | ||||
|         $caught['position'] = false; | ||||
|         $caught['image'] = false; | ||||
| 
 | ||||
|         $i = 0; // number of catches
 | ||||
|         $none = false; | ||||
| 
 | ||||
|         foreach ($bits as $bit) { | ||||
|             if ($i >= 3) { | ||||
|                 return; | ||||
|             } // optimization bit
 | ||||
|             if ($bit === '') { | ||||
|                 continue; | ||||
|             } | ||||
|             foreach ($caught as $key => $status) { | ||||
|                 if ($status !== false) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); | ||||
|                 if ($r === false) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 if ($r === 'none') { | ||||
|                     if ($none) { | ||||
|                         continue; | ||||
|                     } else { | ||||
|                         $none = true; | ||||
|                     } | ||||
|                     if ($key == 'image') { | ||||
|                         continue; | ||||
|                     } | ||||
|                 } | ||||
|                 $caught[$key] = $r; | ||||
|                 $i++; | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (!$i) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $ret = array(); | ||||
| 
 | ||||
|         // construct type
 | ||||
|         if ($caught['type']) { | ||||
|             $ret[] = $caught['type']; | ||||
|         } | ||||
| 
 | ||||
|         // construct image
 | ||||
|         if ($caught['image']) { | ||||
|             $ret[] = $caught['image']; | ||||
|         } | ||||
| 
 | ||||
|         // construct position
 | ||||
|         if ($caught['position']) { | ||||
|             $ret[] = $caught['position']; | ||||
|         } | ||||
| 
 | ||||
|         if (empty($ret)) { | ||||
|             return false; | ||||
|         } | ||||
|         return implode(' ', $ret); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -13,9 +13,9 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of component definition to defer validation to. | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public $single; | ||||
|  | @ -27,32 +27,45 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef | |||
|     public $max; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $single HTMLPurifier_AttrDef to multiply | ||||
|      * @param $max Max number of values allowed (usually four) | ||||
|      * @param HTMLPurifier_AttrDef $single HTMLPurifier_AttrDef to multiply | ||||
|      * @param int $max Max number of values allowed (usually four) | ||||
|      */ | ||||
|     public function __construct($single, $max = 4) { | ||||
|     public function __construct($single, $max = 4) | ||||
|     { | ||||
|         $this->single = $single; | ||||
|         $this->max = $max; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|         $string = $this->parseCDATA($string); | ||||
|         if ($string === '') return false; | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = $this->mungeRgb($this->parseCDATA($string)); | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
|         $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
 | ||||
|         $length = count($parts); | ||||
|         $final = ''; | ||||
|         for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { | ||||
|             if (ctype_space($parts[$i])) continue; | ||||
|             if (ctype_space($parts[$i])) { | ||||
|                 continue; | ||||
|             } | ||||
|             $result = $this->single->validate($parts[$i], $config, $context); | ||||
|             if ($result !== false) { | ||||
|                 $final .= $result . ' '; | ||||
|                 $num++; | ||||
|             } | ||||
|         } | ||||
|         if ($final === '') return false; | ||||
|         if ($final === '') { | ||||
|             return false; | ||||
|         } | ||||
|         return rtrim($final); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,32 +7,44 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicating whether or not only positive values allowed. | ||||
|      * Indicates whether or not only positive values are allowed. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $non_negative = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $non_negative Bool indicating whether negatives are forbidden | ||||
|      * @param bool $non_negative indicates whether negatives are forbidden | ||||
|      */ | ||||
|     public function __construct($non_negative = false) { | ||||
|     public function __construct($non_negative = false) | ||||
|     { | ||||
|         $this->non_negative = $non_negative; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $number | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return string|bool | ||||
|      * @warning Some contexts do not pass $config, $context. These | ||||
|      *          variables should not be used without checking HTMLPurifier_Length | ||||
|      */ | ||||
|     public function validate($number, $config, $context) { | ||||
| 
 | ||||
|     public function validate($number, $config, $context) | ||||
|     { | ||||
|         $number = $this->parseCDATA($number); | ||||
| 
 | ||||
|         if ($number === '') return false; | ||||
|         if ($number === '0') return '0'; | ||||
|         if ($number === '') { | ||||
|             return false; | ||||
|         } | ||||
|         if ($number === '0') { | ||||
|             return '0'; | ||||
|         } | ||||
| 
 | ||||
|         $sign = ''; | ||||
|         switch ($number[0]) { | ||||
|             case '-': | ||||
|                 if ($this->non_negative) return false; | ||||
|                 if ($this->non_negative) { | ||||
|                     return false; | ||||
|                 } | ||||
|                 $sign = '-'; | ||||
|             case '+': | ||||
|                 $number = substr($number, 1); | ||||
|  | @ -44,14 +56,20 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef | |||
|         } | ||||
| 
 | ||||
|         // Period is the only non-numeric character allowed
 | ||||
|         if (strpos($number, '.') === false) return false; | ||||
|         if (strpos($number, '.') === false) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         list($left, $right) = explode('.', $number, 2); | ||||
| 
 | ||||
|         if ($left === '' && $right === '') return false; | ||||
|         if ($left !== '' && !ctype_digit($left)) return false; | ||||
|         if ($left === '' && $right === '') { | ||||
|             return false; | ||||
|         } | ||||
|         if ($left !== '' && !ctype_digit($left)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $left  = ltrim($left,  '0'); | ||||
|         $left = ltrim($left, '0'); | ||||
|         $right = rtrim($right, '0'); | ||||
| 
 | ||||
|         if ($right === '') { | ||||
|  | @ -59,11 +77,8 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef | |||
|         } elseif (!ctype_digit($right)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         return $sign . $left . '.' . $right; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,54 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a Percentage as defined by the CSS spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Instance to defer number validation to. | ||||
|      * @type HTMLPurifier_AttrDef_CSS_Number | ||||
|      */ | ||||
|     protected $number_def; | ||||
| 
 | ||||
|     /** | ||||
|      * @param bool $non_negative Whether to forbid negative values | ||||
|      */ | ||||
|     public function __construct($non_negative = false) | ||||
|     { | ||||
|         $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = $this->parseCDATA($string); | ||||
| 
 | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
|         $length = strlen($string); | ||||
|         if ($length === 1) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($string[$length - 1] !== '%') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $number = substr($string, 0, $length - 1); | ||||
|         $number = $this->number_def->validate($number, $config, $context); | ||||
| 
 | ||||
|         if ($number === false) { | ||||
|             return false; | ||||
|         } | ||||
|         return "$number%"; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -8,8 +8,14 @@ | |||
| class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         static $allowed_values = array( | ||||
|             'line-through' => true, | ||||
|             'overline' => true, | ||||
|  | @ -18,7 +24,9 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|         $string = strtolower($this->parseCDATA($string)); | ||||
| 
 | ||||
|         if ($string === 'none') return $string; | ||||
|         if ($string === 'none') { | ||||
|             return $string; | ||||
|         } | ||||
| 
 | ||||
|         $parts = explode(' ', $string); | ||||
|         $final = ''; | ||||
|  | @ -28,11 +36,11 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef | |||
|             } | ||||
|         } | ||||
|         $final = rtrim($final); | ||||
|         if ($final === '') return false; | ||||
|         if ($final === '') { | ||||
|             return false; | ||||
|         } | ||||
|         return $final; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -12,25 +12,39 @@ | |||
| class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI | ||||
| { | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         parent::__construct(true); // always embedded
 | ||||
|     } | ||||
| 
 | ||||
|     public function validate($uri_string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $uri_string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($uri_string, $config, $context) | ||||
|     { | ||||
|         // parse the URI out of the string and then pass it onto
 | ||||
|         // the parent object
 | ||||
| 
 | ||||
|         $uri_string = $this->parseCDATA($uri_string); | ||||
|         if (strpos($uri_string, 'url(') !== 0) return false; | ||||
|         if (strpos($uri_string, 'url(') !== 0) { | ||||
|             return false; | ||||
|         } | ||||
|         $uri_string = substr($uri_string, 4); | ||||
|         $new_length = strlen($uri_string) - 1; | ||||
|         if ($uri_string[$new_length] != ')') return false; | ||||
|         if ($uri_string[$new_length] != ')') { | ||||
|             return false; | ||||
|         } | ||||
|         $uri = trim(substr($uri_string, 0, $new_length)); | ||||
| 
 | ||||
|         if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { | ||||
|             $quote = $uri[0]; | ||||
|             $new_length = strlen($uri) - 1; | ||||
|             if ($uri[$new_length] !== $quote) return false; | ||||
|             if ($uri[$new_length] !== $quote) { | ||||
|                 return false; | ||||
|             } | ||||
|             $uri = substr($uri, 1, $new_length - 1); | ||||
|         } | ||||
| 
 | ||||
|  | @ -38,15 +52,23 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI | |||
| 
 | ||||
|         $result = parent::validate($uri, $config, $context); | ||||
| 
 | ||||
|         if ($result === false) return false; | ||||
|         if ($result === false) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // extra sanity check; should have been done by URI
 | ||||
|         $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); | ||||
| 
 | ||||
|         // suspicious characters are ()'; we're going to percent encode
 | ||||
|         // them for safety.
 | ||||
|         $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); | ||||
| 
 | ||||
|         // there's an extra bug where ampersands lose their escaping on
 | ||||
|         // an innerHTML cycle, so a very unlucky query parameter could
 | ||||
|         // then change the meaning of the URL.  Unfortunately, there's
 | ||||
|         // not much we can do about that...
 | ||||
|         return "url(\"$result\")";
 | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,44 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Dummy AttrDef that mimics another AttrDef, BUT it generates clones | ||||
|  * with make. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef | ||||
| { | ||||
|     /** | ||||
|      * What we're cloning. | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     protected $clone; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_AttrDef $clone | ||||
|      */ | ||||
|     public function __construct($clone) | ||||
|     { | ||||
|         $this->clone = $clone; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $v | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($v, $config, $context) | ||||
|     { | ||||
|         return $this->clone->validate($v, $config, $context); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @return HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     public function make($string) | ||||
|     { | ||||
|         return clone $this->clone; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -12,9 +12,10 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|     /** | ||||
|      * Lookup table of valid values. | ||||
|      * @type array | ||||
|      * @todo Make protected | ||||
|      */ | ||||
|     public $valid_values   = array(); | ||||
|     public $valid_values = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicating whether or not enumeration is case sensitive. | ||||
|  | @ -23,17 +24,23 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef | |||
|     protected $case_sensitive = false; // values according to W3C spec
 | ||||
| 
 | ||||
|     /** | ||||
|      * @param $valid_values List of valid values | ||||
|      * @param $case_sensitive Bool indicating whether or not case sensitive | ||||
|      * @param array $valid_values List of valid values | ||||
|      * @param bool $case_sensitive Whether or not case sensitive | ||||
|      */ | ||||
|     public function __construct( | ||||
|         $valid_values = array(), $case_sensitive = false | ||||
|     ) { | ||||
|     public function __construct($valid_values = array(), $case_sensitive = false) | ||||
|     { | ||||
|         $this->valid_values = array_flip($valid_values); | ||||
|         $this->case_sensitive = $case_sensitive; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         if (!$this->case_sensitive) { | ||||
|             // we may want to do full case-insensitive libraries
 | ||||
|  | @ -45,11 +52,13 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef | |||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param $string In form of comma-delimited list of case-insensitive | ||||
|      * @param string $string In form of comma-delimited list of case-insensitive | ||||
|      *      valid values. Example: "foo,bar,baz". Prepend "s:" to make | ||||
|      *      case sensitive | ||||
|      * @return HTMLPurifier_AttrDef_Enum | ||||
|      */ | ||||
|     public function make($string) { | ||||
|     public function make($string) | ||||
|     { | ||||
|         if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { | ||||
|             $string = substr($string, 2); | ||||
|             $sensitive = true; | ||||
|  | @ -59,7 +68,6 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef | |||
|         $values = explode(',', $string); | ||||
|         return new HTMLPurifier_AttrDef_Enum($values, $sensitive); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,48 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a boolean attribute | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $name; | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $minimized = true; | ||||
| 
 | ||||
|     /** | ||||
|      * @param bool $name | ||||
|      */ | ||||
|     public function __construct($name = false) | ||||
|     { | ||||
|         $this->name = $name; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         return $this->name; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string Name of attribute | ||||
|      * @return HTMLPurifier_AttrDef_HTML_Bool | ||||
|      */ | ||||
|     public function make($string) | ||||
|     { | ||||
|         return new HTMLPurifier_AttrDef_HTML_Bool($string); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -5,7 +5,14 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens | ||||
| { | ||||
|     protected function split($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     protected function split($string, $config, $context) | ||||
|     { | ||||
|         // really, this twiddle should be lazy loaded
 | ||||
|         $name = $config->getDefinition('HTML')->doctype->name; | ||||
|         if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { | ||||
|  | @ -14,13 +21,20 @@ class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens | |||
|             return preg_split('/\s+/', $string); | ||||
|         } | ||||
|     } | ||||
|     protected function filter($tokens, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $tokens | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     protected function filter($tokens, $config, $context) | ||||
|     { | ||||
|         $allowed = $config->get('Attr.AllowedClasses'); | ||||
|         $forbidden = $config->get('Attr.ForbiddenClasses'); | ||||
|         $ret = array(); | ||||
|         foreach ($tokens as $token) { | ||||
|             if ( | ||||
|                 ($allowed === null || isset($allowed[$token])) && | ||||
|             if (($allowed === null || isset($allowed[$token])) && | ||||
|                 !isset($forbidden[$token]) && | ||||
|                 // We need this O(n) check because of PHP's array
 | ||||
|                 // implementation that casts -0 to 0.
 | ||||
|  | @ -0,0 +1,51 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a color according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         static $colors = null; | ||||
|         if ($colors === null) { | ||||
|             $colors = $config->get('Core.ColorKeywords'); | ||||
|         } | ||||
| 
 | ||||
|         $string = trim($string); | ||||
| 
 | ||||
|         if (empty($string)) { | ||||
|             return false; | ||||
|         } | ||||
|         $lower = strtolower($string); | ||||
|         if (isset($colors[$lower])) { | ||||
|             return $colors[$lower]; | ||||
|         } | ||||
|         if ($string[0] === '#') { | ||||
|             $hex = substr($string, 1); | ||||
|         } else { | ||||
|             $hex = $string; | ||||
|         } | ||||
| 
 | ||||
|         $length = strlen($hex); | ||||
|         if ($length !== 3 && $length !== 6) { | ||||
|             return false; | ||||
|         } | ||||
|         if (!ctype_xdigit($hex)) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($length === 3) { | ||||
|             $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2]; | ||||
|         } | ||||
|         return "#$hex"; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,38 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Special-case enum attribute definition that lazy loads allowed frame targets | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     public $valid_values = false; // uninitialized value
 | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $case_sensitive = false; | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         if ($this->valid_values === false) { | ||||
|             $this->valid_values = $config->get('Attr.AllowedFrameTargets'); | ||||
|         } | ||||
|         return parent::validate($string, $config, $context); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,105 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates the HTML attribute ID. | ||||
|  * @warning Even though this is the id processor, it | ||||
|  *          will ignore the directive Attr:IDBlacklist, since it will only | ||||
|  *          go according to the ID accumulator. Since the accumulator is | ||||
|  *          automatically generated, it will have already absorbed the | ||||
|  *          blacklist. If you're hacking around, make sure you use load()! | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     // selector is NOT a valid thing to use for IDREFs, because IDREFs
 | ||||
|     // *must* target IDs that exist, whereas selector #ids do not.
 | ||||
| 
 | ||||
|     /** | ||||
|      * Determines whether or not we're validating an ID in a CSS | ||||
|      * selector context. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $selector; | ||||
| 
 | ||||
|     /** | ||||
|      * @param bool $selector | ||||
|      */ | ||||
|     public function __construct($selector = false) | ||||
|     { | ||||
|         $this->selector = $selector; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $id | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($id, $config, $context) | ||||
|     { | ||||
|         if (!$this->selector && !$config->get('Attr.EnableID')) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $id = trim($id); // trim it first
 | ||||
| 
 | ||||
|         if ($id === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $prefix = $config->get('Attr.IDPrefix'); | ||||
|         if ($prefix !== '') { | ||||
|             $prefix .= $config->get('Attr.IDPrefixLocal'); | ||||
|             // prevent re-appending the prefix
 | ||||
|             if (strpos($id, $prefix) !== 0) { | ||||
|                 $id = $prefix . $id; | ||||
|             } | ||||
|         } elseif ($config->get('Attr.IDPrefixLocal') !== '') { | ||||
|             trigger_error( | ||||
|                 '%Attr.IDPrefixLocal cannot be used unless ' . | ||||
|                 '%Attr.IDPrefix is set', | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|         } | ||||
| 
 | ||||
|         if (!$this->selector) { | ||||
|             $id_accumulator =& $context->get('IDAccumulator'); | ||||
|             if (isset($id_accumulator->ids[$id])) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         // we purposely avoid using regex, hopefully this is faster
 | ||||
| 
 | ||||
|         if (ctype_alpha($id)) { | ||||
|             $result = true; | ||||
|         } else { | ||||
|             if (!ctype_alpha(@$id[0])) { | ||||
|                 return false; | ||||
|             } | ||||
|             // primitive style of regexps, I suppose
 | ||||
|             $trim = trim( | ||||
|                 $id, | ||||
|                 'A..Za..z0..9:-._' | ||||
|             ); | ||||
|             $result = ($trim === ''); | ||||
|         } | ||||
| 
 | ||||
|         $regexp = $config->get('Attr.IDBlacklistRegexp'); | ||||
|         if ($regexp && preg_match($regexp, $id)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         if (!$this->selector && $result) { | ||||
|             $id_accumulator->add($id); | ||||
|         } | ||||
| 
 | ||||
|         // if no change was made to the ID, return the result
 | ||||
|         // else, return the new id if stripping whitespace made it
 | ||||
|         //     valid, or return false.
 | ||||
|         return $result ? $id : false; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,56 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates the HTML type length (not to be confused with CSS's length). | ||||
|  * | ||||
|  * This accepts integer pixels or percentages as lengths for certain | ||||
|  * HTML attributes. | ||||
|  */ | ||||
| 
 | ||||
| class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $parent_result = parent::validate($string, $config, $context); | ||||
|         if ($parent_result !== false) { | ||||
|             return $parent_result; | ||||
|         } | ||||
| 
 | ||||
|         $length = strlen($string); | ||||
|         $last_char = $string[$length - 1]; | ||||
| 
 | ||||
|         if ($last_char !== '%') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $points = substr($string, 0, $length - 1); | ||||
| 
 | ||||
|         if (!is_numeric($points)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $points = (int)$points; | ||||
| 
 | ||||
|         if ($points < 0) { | ||||
|             return '0%'; | ||||
|         } | ||||
|         if ($points > 100) { | ||||
|             return '100%'; | ||||
|         } | ||||
|         return ((string)$points) . '%'; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -9,26 +9,44 @@ | |||
| class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** Name config attribute to pull. */ | ||||
|     /** | ||||
|      * Name config attribute to pull. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $name; | ||||
| 
 | ||||
|     public function __construct($name) { | ||||
|     /** | ||||
|      * @param string $name | ||||
|      */ | ||||
|     public function __construct($name) | ||||
|     { | ||||
|         $configLookup = array( | ||||
|             'rel' => 'AllowedRel', | ||||
|             'rev' => 'AllowedRev' | ||||
|         ); | ||||
|         if (!isset($configLookup[$name])) { | ||||
|             trigger_error('Unrecognized attribute name for link '. | ||||
|                 'relationship.', E_USER_ERROR); | ||||
|             trigger_error( | ||||
|                 'Unrecognized attribute name for link ' . | ||||
|                 'relationship.', | ||||
|                 E_USER_ERROR | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         $this->name = $configLookup[$name]; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $allowed = $config->get('Attr.' . $this->name); | ||||
|         if (empty($allowed)) return false; | ||||
|         if (empty($allowed)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $string = $this->parseCDATA($string); | ||||
|         $parts = explode(' ', $string); | ||||
|  | @ -37,17 +55,18 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef | |||
|         $ret_lookup = array(); | ||||
|         foreach ($parts as $part) { | ||||
|             $part = strtolower(trim($part)); | ||||
|             if (!isset($allowed[$part])) continue; | ||||
|             if (!isset($allowed[$part])) { | ||||
|                 continue; | ||||
|             } | ||||
|             $ret_lookup[$part] = true; | ||||
|         } | ||||
| 
 | ||||
|         if (empty($ret_lookup)) return false; | ||||
|         if (empty($ret_lookup)) { | ||||
|             return false; | ||||
|         } | ||||
|         $string = implode(' ', array_keys($ret_lookup)); | ||||
| 
 | ||||
|         return $string; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,60 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a MultiLength as defined by the HTML spec. | ||||
|  * | ||||
|  * A multilength is either a integer (pixel count), a percentage, or | ||||
|  * a relative number. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $parent_result = parent::validate($string, $config, $context); | ||||
|         if ($parent_result !== false) { | ||||
|             return $parent_result; | ||||
|         } | ||||
| 
 | ||||
|         $length = strlen($string); | ||||
|         $last_char = $string[$length - 1]; | ||||
| 
 | ||||
|         if ($last_char !== '*') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $int = substr($string, 0, $length - 1); | ||||
| 
 | ||||
|         if ($int == '') { | ||||
|             return '*'; | ||||
|         } | ||||
|         if (!is_numeric($int)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $int = (int)$int; | ||||
|         if ($int < 0) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($int == 0) { | ||||
|             return '0'; | ||||
|         } | ||||
|         if ($int == 1) { | ||||
|             return '*'; | ||||
|         } | ||||
|         return ((string)$int) . '*'; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -6,24 +6,38 @@ | |||
| class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
| 
 | ||||
|         // early abort: '' and '0' (strings that convert to false) are invalid
 | ||||
|         if (!$string) return false; | ||||
|         if (!$string) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $tokens = $this->split($string, $config, $context); | ||||
|         $tokens = $this->filter($tokens, $config, $context); | ||||
|         if (empty($tokens)) return false; | ||||
|         if (empty($tokens)) { | ||||
|             return false; | ||||
|         } | ||||
|         return implode(' ', $tokens); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Splits a space separated list of tokens into its constituent parts. | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     protected function split($string, $config, $context) { | ||||
|     protected function split($string, $config, $context) | ||||
|     { | ||||
|         // OPTIMIZABLE!
 | ||||
|         // do the preg_match, capture all subpatterns for reformulation
 | ||||
| 
 | ||||
|  | @ -31,9 +45,9 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef | |||
|         // escaping because I don't know how to do that with regexps
 | ||||
|         // and plus it would complicate optimization efforts (you never
 | ||||
|         // see that anyway).
 | ||||
|         $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
 | ||||
|                    '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. | ||||
|                    '(?:(?=\s)|\z)/'; // look ahead for space or string end
 | ||||
|         $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start
 | ||||
|             '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' . | ||||
|             '(?:(?=\s)|\z)/'; // look ahead for space or string end
 | ||||
|         preg_match_all($pattern, $string, $matches); | ||||
|         return $matches[1]; | ||||
|     } | ||||
|  | @ -42,11 +56,15 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef | |||
|      * Template method for removing certain tokens based on arbitrary criteria. | ||||
|      * @note If we wanted to be really functional, we'd do an array_filter | ||||
|      *       with a callback. But... we're not. | ||||
|      * @param array $tokens | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     protected function filter($tokens, $config, $context) { | ||||
|     protected function filter($tokens, $config, $context) | ||||
|     { | ||||
|         return $tokens; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,76 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates an integer representation of pixels according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type int | ||||
|      */ | ||||
|     protected $max; | ||||
| 
 | ||||
|     /** | ||||
|      * @param int $max | ||||
|      */ | ||||
|     public function __construct($max = null) | ||||
|     { | ||||
|         $this->max = $max; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         if ($string === '0') { | ||||
|             return $string; | ||||
|         } | ||||
|         if ($string === '') { | ||||
|             return false; | ||||
|         } | ||||
|         $length = strlen($string); | ||||
|         if (substr($string, $length - 2) == 'px') { | ||||
|             $string = substr($string, 0, $length - 2); | ||||
|         } | ||||
|         if (!is_numeric($string)) { | ||||
|             return false; | ||||
|         } | ||||
|         $int = (int)$string; | ||||
| 
 | ||||
|         if ($int < 0) { | ||||
|             return '0'; | ||||
|         } | ||||
| 
 | ||||
|         // upper-bound value, extremely high values can
 | ||||
|         // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
 | ||||
|         // WARNING, above link WILL crash you if you're using Windows
 | ||||
| 
 | ||||
|         if ($this->max !== null && $int > $this->max) { | ||||
|             return (string)$this->max; | ||||
|         } | ||||
|         return (string)$int; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @return HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     public function make($string) | ||||
|     { | ||||
|         if ($string === '') { | ||||
|             $max = null; | ||||
|         } else { | ||||
|             $max = (int)$string; | ||||
|         } | ||||
|         $class = get_class($this); | ||||
|         return new $class($max); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -11,17 +11,20 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicating whether or not negative values are allowed | ||||
|      * Whether or not negative values are allowed. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $negative = true; | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicating whether or not zero is allowed | ||||
|      * Whether or not zero is allowed. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $zero = true; | ||||
| 
 | ||||
|     /** | ||||
|      * Bool indicating whether or not positive values are allowed | ||||
|      * Whether or not positive values are allowed. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $positive = true; | ||||
| 
 | ||||
|  | @ -30,44 +33,59 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef | |||
|      * @param $zero Bool indicating whether or not zero is allowed | ||||
|      * @param $positive Bool indicating whether or not positive values are allowed | ||||
|      */ | ||||
|     public function __construct( | ||||
|         $negative = true, $zero = true, $positive = true | ||||
|     ) { | ||||
|     public function __construct($negative = true, $zero = true, $positive = true) | ||||
|     { | ||||
|         $this->negative = $negative; | ||||
|         $this->zero     = $zero; | ||||
|         $this->zero = $zero; | ||||
|         $this->positive = $positive; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($integer, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $integer | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($integer, $config, $context) | ||||
|     { | ||||
|         $integer = $this->parseCDATA($integer); | ||||
|         if ($integer === '') return false; | ||||
|         if ($integer === '') { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // we could possibly simply typecast it to integer, but there are
 | ||||
|         // certain fringe cases that must not return an integer.
 | ||||
| 
 | ||||
|         // clip leading sign
 | ||||
|         if ( $this->negative && $integer[0] === '-' ) { | ||||
|         if ($this->negative && $integer[0] === '-') { | ||||
|             $digits = substr($integer, 1); | ||||
|             if ($digits === '0') $integer = '0'; // rm minus sign for zero
 | ||||
|         } elseif( $this->positive && $integer[0] === '+' ) { | ||||
|             if ($digits === '0') { | ||||
|                 $integer = '0'; | ||||
|             } // rm minus sign for zero
 | ||||
|         } elseif ($this->positive && $integer[0] === '+') { | ||||
|             $digits = $integer = substr($integer, 1); // rm unnecessary plus
 | ||||
|         } else { | ||||
|             $digits = $integer; | ||||
|         } | ||||
| 
 | ||||
|         // test if it's numeric
 | ||||
|         if (!ctype_digit($digits)) return false; | ||||
|         if (!ctype_digit($digits)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // perform scope tests
 | ||||
|         if (!$this->zero     && $integer == 0) return false; | ||||
|         if (!$this->positive && $integer > 0) return false; | ||||
|         if (!$this->negative && $integer < 0) return false; | ||||
|         if (!$this->zero && $integer == 0) { | ||||
|             return false; | ||||
|         } | ||||
|         if (!$this->positive && $integer > 0) { | ||||
|             return false; | ||||
|         } | ||||
|         if (!$this->negative && $integer < 0) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         return $integer; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,15 +7,25 @@ | |||
| class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $string = trim($string); | ||||
|         if (!$string) return false; | ||||
|         if (!$string) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $subtags = explode('-', $string); | ||||
|         $num_subtags = count($subtags); | ||||
| 
 | ||||
|         if ($num_subtags == 0) return false; // sanity check
 | ||||
|         if ($num_subtags == 0) { // sanity check
 | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // process primary subtag : $subtags[0]
 | ||||
|         $length = strlen($subtags[0]); | ||||
|  | @ -23,15 +33,15 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef | |||
|             case 0: | ||||
|                 return false; | ||||
|             case 1: | ||||
|                 if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { | ||||
|                 if (!($subtags[0] == 'x' || $subtags[0] == 'i')) { | ||||
|                     return false; | ||||
|                 } | ||||
|                 break; | ||||
|             case 2: | ||||
|             case 3: | ||||
|                 if (! ctype_alpha($subtags[0]) ) { | ||||
|                 if (!ctype_alpha($subtags[0])) { | ||||
|                     return false; | ||||
|                 } elseif (! ctype_lower($subtags[0]) ) { | ||||
|                 } elseif (!ctype_lower($subtags[0])) { | ||||
|                     $subtags[0] = strtolower($subtags[0]); | ||||
|                 } | ||||
|                 break; | ||||
|  | @ -40,17 +50,23 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef | |||
|         } | ||||
| 
 | ||||
|         $new_string = $subtags[0]; | ||||
|         if ($num_subtags == 1) return $new_string; | ||||
|         if ($num_subtags == 1) { | ||||
|             return $new_string; | ||||
|         } | ||||
| 
 | ||||
|         // process second subtag : $subtags[1]
 | ||||
|         $length = strlen($subtags[1]); | ||||
|         if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { | ||||
|             return $new_string; | ||||
|         } | ||||
|         if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); | ||||
|         if (!ctype_lower($subtags[1])) { | ||||
|             $subtags[1] = strtolower($subtags[1]); | ||||
|         } | ||||
| 
 | ||||
|         $new_string .= '-' . $subtags[1]; | ||||
|         if ($num_subtags == 2) return $new_string; | ||||
|         if ($num_subtags == 2) { | ||||
|             return $new_string; | ||||
|         } | ||||
| 
 | ||||
|         // process all other subtags, index 2 and up
 | ||||
|         for ($i = 2; $i < $num_subtags; $i++) { | ||||
|  | @ -63,11 +79,8 @@ class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef | |||
|             } | ||||
|             $new_string .= '-' . $subtags[$i]; | ||||
|         } | ||||
| 
 | ||||
|         return $new_string; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -6,21 +6,41 @@ | |||
| class HTMLPurifier_AttrDef_Switch | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $tag; | ||||
|     protected $withTag, $withoutTag; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     protected $withTag; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef | ||||
|      */ | ||||
|     protected $withoutTag; | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $tag Tag name to switch upon | ||||
|      * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag | ||||
|      * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token | ||||
|      */ | ||||
|     public function __construct($tag, $with_tag, $without_tag) { | ||||
|     public function __construct($tag, $with_tag, $without_tag) | ||||
|     { | ||||
|         $this->tag = $tag; | ||||
|         $this->withTag = $with_tag; | ||||
|         $this->withoutTag = $without_tag; | ||||
|     } | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $token = $context->get('CurrentToken', true); | ||||
|         if (!$token || $token->name !== $this->tag) { | ||||
|             return $this->withoutTag->validate($string, $config, $context); | ||||
|  | @ -28,7 +48,6 @@ class HTMLPurifier_AttrDef_Switch | |||
|             return $this->withTag->validate($string, $config, $context); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,21 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates arbitrary text according to the HTML spec. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         return $this->parseCDATA($string); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,31 +7,54 @@ | |||
| class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_URIParser | ||||
|      */ | ||||
|     protected $parser; | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $embedsResource; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $embeds_resource_resource Does the URI here result in an extra HTTP request? | ||||
|      * @param bool $embeds_resource Does the URI here result in an extra HTTP request? | ||||
|      */ | ||||
|     public function __construct($embeds_resource = false) { | ||||
|     public function __construct($embeds_resource = false) | ||||
|     { | ||||
|         $this->parser = new HTMLPurifier_URIParser(); | ||||
|         $this->embedsResource = (bool) $embeds_resource; | ||||
|         $this->embedsResource = (bool)$embeds_resource; | ||||
|     } | ||||
| 
 | ||||
|     public function make($string) { | ||||
|         $embeds = (bool) $string; | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @return HTMLPurifier_AttrDef_URI | ||||
|      */ | ||||
|     public function make($string) | ||||
|     { | ||||
|         $embeds = ($string === 'embedded'); | ||||
|         return new HTMLPurifier_AttrDef_URI($embeds); | ||||
|     } | ||||
| 
 | ||||
|     public function validate($uri, $config, $context) { | ||||
| 
 | ||||
|         if ($config->get('URI.Disable')) return false; | ||||
|     /** | ||||
|      * @param string $uri | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($uri, $config, $context) | ||||
|     { | ||||
|         if ($config->get('URI.Disable')) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $uri = $this->parseCDATA($uri); | ||||
| 
 | ||||
|         // parse the URI
 | ||||
|         $uri = $this->parser->parse($uri); | ||||
|         if ($uri === false) return false; | ||||
|         if ($uri === false) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // add embedded flag to context for validators
 | ||||
|         $context->register('EmbeddedURI', $this->embedsResource); | ||||
|  | @ -41,23 +64,35 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|             // generic validation
 | ||||
|             $result = $uri->validate($config, $context); | ||||
|             if (!$result) break; | ||||
|             if (!$result) { | ||||
|                 break; | ||||
|             } | ||||
| 
 | ||||
|             // chained filtering
 | ||||
|             $uri_def = $config->getDefinition('URI'); | ||||
|             $result = $uri_def->filter($uri, $config, $context); | ||||
|             if (!$result) break; | ||||
|             if (!$result) { | ||||
|                 break; | ||||
|             } | ||||
| 
 | ||||
|             // scheme-specific validation
 | ||||
|             $scheme_obj = $uri->getSchemeObj($config, $context); | ||||
|             if (!$scheme_obj) break; | ||||
|             if ($this->embedsResource && !$scheme_obj->browsable) break; | ||||
|             if (!$scheme_obj) { | ||||
|                 break; | ||||
|             } | ||||
|             if ($this->embedsResource && !$scheme_obj->browsable) { | ||||
|                 break; | ||||
|             } | ||||
|             $result = $scheme_obj->validate($uri, $config, $context); | ||||
|             if (!$result) break; | ||||
|             if (!$result) { | ||||
|                 break; | ||||
|             } | ||||
| 
 | ||||
|             // Post chained filtering
 | ||||
|             $result = $uri_def->postFilter($uri, $config, $context); | ||||
|             if (!$result) break; | ||||
|             if (!$result) { | ||||
|                 break; | ||||
|             } | ||||
| 
 | ||||
|             // survived gauntlet
 | ||||
|             $ok = true; | ||||
|  | @ -65,13 +100,12 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef | |||
|         } while (false); | ||||
| 
 | ||||
|         $context->destroy('EmbeddedURI'); | ||||
|         if (!$ok) return false; | ||||
| 
 | ||||
|         if (!$ok) { | ||||
|             return false; | ||||
|         } | ||||
|         // back to string
 | ||||
|         return $uri->toString(); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -5,8 +5,11 @@ abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef | |||
| 
 | ||||
|     /** | ||||
|      * Unpacks a mailbox into its display-name and address | ||||
|      * @param string $string | ||||
|      * @return mixed | ||||
|      */ | ||||
|     function unpack($string) { | ||||
|     public function unpack($string) | ||||
|     { | ||||
|         // needs to be implemented
 | ||||
|     } | ||||
| 
 | ||||
|  | @ -7,15 +7,23 @@ | |||
| class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email | ||||
| { | ||||
| 
 | ||||
|     public function validate($string, $config, $context) { | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         // no support for named mailboxes i.e. "Bob <bob@example.com>"
 | ||||
|         // that needs more percent encoding to be done
 | ||||
|         if ($string == '') return false; | ||||
|         if ($string == '') { | ||||
|             return false; | ||||
|         } | ||||
|         $string = trim($string); | ||||
|         $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); | ||||
|         return $result ? $string : false; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,128 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates a host according to the IPv4, IPv6 and DNS (future) specifications. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * IPv4 sub-validator. | ||||
|      * @type HTMLPurifier_AttrDef_URI_IPv4 | ||||
|      */ | ||||
|     protected $ipv4; | ||||
| 
 | ||||
|     /** | ||||
|      * IPv6 sub-validator. | ||||
|      * @type HTMLPurifier_AttrDef_URI_IPv6 | ||||
|      */ | ||||
|     protected $ipv6; | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); | ||||
|         $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $string | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($string, $config, $context) | ||||
|     { | ||||
|         $length = strlen($string); | ||||
|         // empty hostname is OK; it's usually semantically equivalent:
 | ||||
|         // the default host as defined by a URI scheme is used:
 | ||||
|         //
 | ||||
|         //      If the URI scheme defines a default for host, then that
 | ||||
|         //      default applies when the host subcomponent is undefined
 | ||||
|         //      or when the registered name is empty (zero length).
 | ||||
|         if ($string === '') { | ||||
|             return ''; | ||||
|         } | ||||
|         if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') { | ||||
|             //IPv6
 | ||||
|             $ip = substr($string, 1, $length - 2); | ||||
|             $valid = $this->ipv6->validate($ip, $config, $context); | ||||
|             if ($valid === false) { | ||||
|                 return false; | ||||
|             } | ||||
|             return '[' . $valid . ']'; | ||||
|         } | ||||
| 
 | ||||
|         // need to do checks on unusual encodings too
 | ||||
|         $ipv4 = $this->ipv4->validate($string, $config, $context); | ||||
|         if ($ipv4 !== false) { | ||||
|             return $ipv4; | ||||
|         } | ||||
| 
 | ||||
|         // A regular domain name.
 | ||||
| 
 | ||||
|         // This doesn't match I18N domain names, but we don't have proper IRI support,
 | ||||
|         // so force users to insert Punycode.
 | ||||
| 
 | ||||
|         // There is not a good sense in which underscores should be
 | ||||
|         // allowed, since it's technically not! (And if you go as
 | ||||
|         // far to allow everything as specified by the DNS spec...
 | ||||
|         // well, that's literally everything, modulo some space limits
 | ||||
|         // for the components and the overall name (which, by the way,
 | ||||
|         // we are NOT checking!).  So we (arbitrarily) decide this:
 | ||||
|         // let's allow underscores wherever we would have allowed
 | ||||
|         // hyphens, if they are enabled.  This is a pretty good match
 | ||||
|         // for browser behavior, for example, a large number of browsers
 | ||||
|         // cannot handle foo_.example.com, but foo_bar.example.com is
 | ||||
|         // fairly well supported.
 | ||||
|         $underscore = $config->get('Core.AllowHostnameUnderscore') ? '_' : ''; | ||||
| 
 | ||||
|         // The productions describing this are:
 | ||||
|         $a   = '[a-z]';     // alpha
 | ||||
|         $an  = '[a-z0-9]';  // alphanum
 | ||||
|         $and = "[a-z0-9-$underscore]"; // alphanum | "-"
 | ||||
|         // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
 | ||||
|         $domainlabel = "$an($and*$an)?"; | ||||
|         // toplabel    = alpha | alpha *( alphanum | "-" ) alphanum
 | ||||
|         $toplabel = "$a($and*$an)?"; | ||||
|         // hostname    = *( domainlabel "." ) toplabel [ "." ]
 | ||||
|         if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { | ||||
|             return $string; | ||||
|         } | ||||
| 
 | ||||
|         // If we have Net_IDNA2 support, we can support IRIs by
 | ||||
|         // punycoding them. (This is the most portable thing to do,
 | ||||
|         // since otherwise we have to assume browsers support
 | ||||
| 
 | ||||
|         if ($config->get('Core.EnableIDNA')) { | ||||
|             $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true)); | ||||
|             // we need to encode each period separately
 | ||||
|             $parts = explode('.', $string); | ||||
|             try { | ||||
|                 $new_parts = array(); | ||||
|                 foreach ($parts as $part) { | ||||
|                     $encodable = false; | ||||
|                     for ($i = 0, $c = strlen($part); $i < $c; $i++) { | ||||
|                         if (ord($part[$i]) > 0x7a) { | ||||
|                             $encodable = true; | ||||
|                             break; | ||||
|                         } | ||||
|                     } | ||||
|                     if (!$encodable) { | ||||
|                         $new_parts[] = $part; | ||||
|                     } else { | ||||
|                         $new_parts[] = $idna->encode($part); | ||||
|                     } | ||||
|                 } | ||||
|                 $string = implode('.', $new_parts); | ||||
|                 if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { | ||||
|                     return $string; | ||||
|                 } | ||||
|             } catch (Exception $e) { | ||||
|                 // XXX error reporting
 | ||||
|             } | ||||
|         } | ||||
|         return false; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -8,32 +8,38 @@ class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * IPv4 regex, protected so that IPv6 can reuse it | ||||
|      * IPv4 regex, protected so that IPv6 can reuse it. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $ip4; | ||||
| 
 | ||||
|     public function validate($aIP, $config, $context) { | ||||
| 
 | ||||
|         if (!$this->ip4) $this->_loadRegex(); | ||||
| 
 | ||||
|         if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) | ||||
|         { | ||||
|                 return $aIP; | ||||
|     /** | ||||
|      * @param string $aIP | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($aIP, $config, $context) | ||||
|     { | ||||
|         if (!$this->ip4) { | ||||
|             $this->_loadRegex(); | ||||
|         } | ||||
| 
 | ||||
|         if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) { | ||||
|             return $aIP; | ||||
|         } | ||||
|         return false; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Lazy load function to prevent regex from being stuffed in | ||||
|      * cache. | ||||
|      */ | ||||
|     protected function _loadRegex() { | ||||
|     protected function _loadRegex() | ||||
|     { | ||||
|         $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
 | ||||
|         $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,89 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Validates an IPv6 address. | ||||
|  * @author Feyd @ forums.devnetwork.net (public domain) | ||||
|  * @note This function requires brackets to have been removed from address | ||||
|  *       in URI. | ||||
|  */ | ||||
| class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4 | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $aIP | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool|string | ||||
|      */ | ||||
|     public function validate($aIP, $config, $context) | ||||
|     { | ||||
|         if (!$this->ip4) { | ||||
|             $this->_loadRegex(); | ||||
|         } | ||||
| 
 | ||||
|         $original = $aIP; | ||||
| 
 | ||||
|         $hex = '[0-9a-fA-F]'; | ||||
|         $blk = '(?:' . $hex . '{1,4})'; | ||||
|         $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
 | ||||
| 
 | ||||
|         //      prefix check
 | ||||
|         if (strpos($aIP, '/') !== false) { | ||||
|             if (preg_match('#' . $pre . '$#s', $aIP, $find)) { | ||||
|                 $aIP = substr($aIP, 0, 0 - strlen($find[0])); | ||||
|                 unset($find); | ||||
|             } else { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         //      IPv4-compatiblity check
 | ||||
|         if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) { | ||||
|             $aIP = substr($aIP, 0, 0 - strlen($find[0])); | ||||
|             $ip = explode('.', $find[0]); | ||||
|             $ip = array_map('dechex', $ip); | ||||
|             $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; | ||||
|             unset($find, $ip); | ||||
|         } | ||||
| 
 | ||||
|         //      compression check
 | ||||
|         $aIP = explode('::', $aIP); | ||||
|         $c = count($aIP); | ||||
|         if ($c > 2) { | ||||
|             return false; | ||||
|         } elseif ($c == 2) { | ||||
|             list($first, $second) = $aIP; | ||||
|             $first = explode(':', $first); | ||||
|             $second = explode(':', $second); | ||||
| 
 | ||||
|             if (count($first) + count($second) > 8) { | ||||
|                 return false; | ||||
|             } | ||||
| 
 | ||||
|             while (count($first) < 8) { | ||||
|                 array_push($first, '0'); | ||||
|             } | ||||
| 
 | ||||
|             array_splice($first, 8 - count($second), 8, $second); | ||||
|             $aIP = $first; | ||||
|             unset($first, $second); | ||||
|         } else { | ||||
|             $aIP = explode(':', $aIP[0]); | ||||
|         } | ||||
|         $c = count($aIP); | ||||
| 
 | ||||
|         if ($c != 8) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         //      All the pieces should be 16-bit hex strings. Are they?
 | ||||
|         foreach ($aIP as $piece) { | ||||
|             if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         return $original; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -20,37 +20,41 @@ abstract class HTMLPurifier_AttrTransform | |||
|     /** | ||||
|      * Abstract: makes changes to the attributes dependent on multiple values. | ||||
|      * | ||||
|      * @param $attr Assoc array of attributes, usually from | ||||
|      * @param array $attr Assoc array of attributes, usually from | ||||
|      *              HTMLPurifier_Token_Tag::$attr | ||||
|      * @param $config Mandatory HTMLPurifier_Config object. | ||||
|      * @param $context Mandatory HTMLPurifier_Context object | ||||
|      * @returns Processed attribute array. | ||||
|      * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object. | ||||
|      * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object | ||||
|      * @return array Processed attribute array. | ||||
|      */ | ||||
|     abstract public function transform($attr, $config, $context); | ||||
| 
 | ||||
|     /** | ||||
|      * Prepends CSS properties to the style attribute, creating the | ||||
|      * attribute if it doesn't exist. | ||||
|      * @param $attr Attribute array to process (passed by reference) | ||||
|      * @param $css CSS to prepend | ||||
|      * @param array &$attr Attribute array to process (passed by reference) | ||||
|      * @param string $css CSS to prepend | ||||
|      */ | ||||
|     public function prependCSS(&$attr, $css) { | ||||
|     public function prependCSS(&$attr, $css) | ||||
|     { | ||||
|         $attr['style'] = isset($attr['style']) ? $attr['style'] : ''; | ||||
|         $attr['style'] = $css . $attr['style']; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves and removes an attribute | ||||
|      * @param $attr Attribute array to process (passed by reference) | ||||
|      * @param $key Key of attribute to confiscate | ||||
|      * @param array &$attr Attribute array to process (passed by reference) | ||||
|      * @param mixed $key Key of attribute to confiscate | ||||
|      * @return mixed | ||||
|      */ | ||||
|     public function confiscateAttr(&$attr, $key) { | ||||
|         if (!isset($attr[$key])) return null; | ||||
|     public function confiscateAttr(&$attr, $key) | ||||
|     { | ||||
|         if (!isset($attr[$key])) { | ||||
|             return null; | ||||
|         } | ||||
|         $value = $attr[$key]; | ||||
|         unset($attr[$key]); | ||||
|         return $value; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -3,21 +3,26 @@ | |||
| /** | ||||
|  * Pre-transform that changes proprietary background attribute to CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|         if (!isset($attr['background'])) return $attr; | ||||
| class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['background'])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $background = $this->confiscateAttr($attr, 'background'); | ||||
|         // some validation should happen here
 | ||||
| 
 | ||||
|         $this->prependCSS($attr, "background-image:url($background);"); | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -8,12 +8,20 @@ | |||
| class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (isset($attr['dir'])) return $attr; | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (isset($attr['dir'])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $attr['dir'] = $config->get('Attr.DefaultTextDir'); | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -3,21 +3,26 @@ | |||
| /** | ||||
|  * Pre-transform that changes deprecated bgcolor attribute to CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|         if (!isset($attr['bgcolor'])) return $attr; | ||||
| class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['bgcolor'])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $bgcolor = $this->confiscateAttr($attr, 'bgcolor'); | ||||
|         // some validation should happen here
 | ||||
| 
 | ||||
|         $this->prependCSS($attr, "background-color:$bgcolor;"); | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,47 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Pre-transform that changes converts a boolean attribute to fixed CSS | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * Name of boolean attribute that is trigger. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $attr; | ||||
| 
 | ||||
|     /** | ||||
|      * CSS declarations to add to style, needs trailing semicolon. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $css; | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $attr attribute name to convert from | ||||
|      * @param string $css CSS declarations to add to style (needs semicolon) | ||||
|      */ | ||||
|     public function __construct($attr, $css) | ||||
|     { | ||||
|         $this->attr = $attr; | ||||
|         $this->css = $css; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr[$this->attr])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         unset($attr[$this->attr]); | ||||
|         $this->prependCSS($attr, $this->css); | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -3,16 +3,24 @@ | |||
| /** | ||||
|  * Pre-transform that changes deprecated border attribute to CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (!isset($attr['border'])) return $attr; | ||||
| class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['border'])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $border_width = $this->confiscateAttr($attr, 'border'); | ||||
|         // some validation should happen here
 | ||||
|         $this->prependCSS($attr, "border:{$border_width}px solid;"); | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,68 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Generic pre-transform that converts an attribute with a fixed number of | ||||
|  * values (enumerated) to CSS. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * Name of attribute to transform from. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $attr; | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup array of attribute values to CSS. | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $enumToCSS = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Case sensitivity of the matching. | ||||
|      * @type bool | ||||
|      * @warning Currently can only be guaranteed to work with ASCII | ||||
|      *          values. | ||||
|      */ | ||||
|     protected $caseSensitive = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $attr Attribute name to transform from | ||||
|      * @param array $enum_to_css Lookup array of attribute values to CSS | ||||
|      * @param bool $case_sensitive Case sensitivity indicator, default false | ||||
|      */ | ||||
|     public function __construct($attr, $enum_to_css, $case_sensitive = false) | ||||
|     { | ||||
|         $this->attr = $attr; | ||||
|         $this->enumToCSS = $enum_to_css; | ||||
|         $this->caseSensitive = (bool)$case_sensitive; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr[$this->attr])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $value = trim($attr[$this->attr]); | ||||
|         unset($attr[$this->attr]); | ||||
| 
 | ||||
|         if (!$this->caseSensitive) { | ||||
|             $value = strtolower($value); | ||||
|         } | ||||
| 
 | ||||
|         if (!isset($this->enumToCSS[$value])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $this->prependCSS($attr, $this->enumToCSS[$value]); | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -11,11 +11,19 @@ | |||
| class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         $src = true; | ||||
|         if (!isset($attr['src'])) { | ||||
|             if ($config->get('Core.RemoveInvalidImg')) return $attr; | ||||
|             if ($config->get('Core.RemoveInvalidImg')) { | ||||
|                 return $attr; | ||||
|             } | ||||
|             $attr['src'] = $config->get('Attr.DefaultInvalidImage'); | ||||
|             $src = false; | ||||
|         } | ||||
|  | @ -25,7 +33,7 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform | |||
|                 $alt = $config->get('Attr.DefaultImageAlt'); | ||||
|                 if ($alt === null) { | ||||
|                     // truncate if the alt is too long
 | ||||
|                     $attr['alt'] = substr(basename($attr['src']),0,40); | ||||
|                     $attr['alt'] = substr(basename($attr['src']), 0, 40); | ||||
|                 } else { | ||||
|                     $attr['alt'] = $alt; | ||||
|                 } | ||||
|  | @ -33,11 +41,8 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform | |||
|                 $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -3,42 +3,59 @@ | |||
| /** | ||||
|  * Pre-transform that changes deprecated hspace and vspace attributes to CSS | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
| class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $attr; | ||||
| 
 | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $css = array( | ||||
|         'hspace' => array('left', 'right'), | ||||
|         'vspace' => array('top', 'bottom') | ||||
|     ); | ||||
| 
 | ||||
|     public function __construct($attr) { | ||||
|     /** | ||||
|      * @param string $attr | ||||
|      */ | ||||
|     public function __construct($attr) | ||||
|     { | ||||
|         $this->attr = $attr; | ||||
|         if (!isset($this->css[$attr])) { | ||||
|             trigger_error(htmlspecialchars($attr) . ' is not valid space attribute'); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|         if (!isset($attr[$this->attr])) return $attr; | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr[$this->attr])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $width = $this->confiscateAttr($attr, $this->attr); | ||||
|         // some validation could happen here
 | ||||
| 
 | ||||
|         if (!isset($this->css[$this->attr])) return $attr; | ||||
|         if (!isset($this->css[$this->attr])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         $style = ''; | ||||
|         foreach ($this->css[$this->attr] as $suffix) { | ||||
|             $property = "margin-$suffix"; | ||||
|             $style .= "$property:{$width}px;"; | ||||
|         } | ||||
| 
 | ||||
|         $this->prependCSS($attr, $style); | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -4,17 +4,31 @@ | |||
|  * Performs miscellaneous cross attribute validation and filtering for | ||||
|  * input elements. This is meant to be a post-transform. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform { | ||||
| 
 | ||||
| class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef_HTML_Pixels | ||||
|      */ | ||||
|     protected $pixels; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels(); | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|         if (!isset($attr['type'])) $t = 'text'; | ||||
|         else $t = strtolower($attr['type']); | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['type'])) { | ||||
|             $t = 'text'; | ||||
|         } else { | ||||
|             $t = strtolower($attr['type']); | ||||
|         } | ||||
|         if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') { | ||||
|             unset($attr['checked']); | ||||
|         } | ||||
|  | @ -23,8 +37,11 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform { | |||
|         } | ||||
|         if (isset($attr['size']) && $t !== 'text' && $t !== 'password') { | ||||
|             $result = $this->pixels->validate($attr['size'], $config, $context); | ||||
|             if ($result === false) unset($attr['size']); | ||||
|             else $attr['size'] = $result; | ||||
|             if ($result === false) { | ||||
|                 unset($attr['size']); | ||||
|             } else { | ||||
|                 $attr['size'] = $result; | ||||
|             } | ||||
|         } | ||||
|         if (isset($attr['src']) && $t !== 'image') { | ||||
|             unset($attr['src']); | ||||
|  | @ -34,7 +51,6 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform { | |||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -8,9 +8,15 @@ | |||
| class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
| 
 | ||||
|         $lang     = isset($attr['lang']) ? $attr['lang'] : false; | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         $lang = isset($attr['lang']) ? $attr['lang'] : false; | ||||
|         $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false; | ||||
| 
 | ||||
|         if ($lang !== false && $xml_lang === false) { | ||||
|  | @ -18,11 +24,8 @@ class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform | |||
|         } elseif ($xml_lang !== false) { | ||||
|             $attr['lang'] = $xml_lang; | ||||
|         } | ||||
| 
 | ||||
|         return $attr; | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,45 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Class for handling width/height length attribute transformations to CSS | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $name; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $cssName; | ||||
| 
 | ||||
|     public function __construct($name, $css_name = null) | ||||
|     { | ||||
|         $this->name = $name; | ||||
|         $this->cssName = $css_name ? $css_name : $name; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr[$this->name])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $length = $this->confiscateAttr($attr, $this->name); | ||||
|         if (ctype_digit($length)) { | ||||
|             $length .= 'px'; | ||||
|         } | ||||
|         $this->prependCSS($attr, $this->cssName . ":$length;"); | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,33 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Pre-transform that changes deprecated name attribute to ID if necessary | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         // Abort early if we're using relaxed definition of name
 | ||||
|         if ($config->get('HTML.Attr.Name.UseCDATA')) { | ||||
|             return $attr; | ||||
|         } | ||||
|         if (!isset($attr['name'])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $id = $this->confiscateAttr($attr, 'name'); | ||||
|         if (isset($attr['id'])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $attr['id'] = $id; | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,41 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Post-transform that performs validation to the name attribute; if | ||||
|  * it is present with an equivalent id attribute, it is passed through; | ||||
|  * otherwise validation is performed. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform | ||||
| { | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['name'])) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $name = $attr['name']; | ||||
|         if (isset($attr['id']) && $attr['id'] === $name) { | ||||
|             return $attr; | ||||
|         } | ||||
|         $result = $this->idDef->validate($name, $config, $context); | ||||
|         if ($result === false) { | ||||
|             unset($attr['name']); | ||||
|         } else { | ||||
|             $attr['name'] = $result; | ||||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,52 @@ | |||
| <?php | ||||
| 
 | ||||
| // must be called POST validation
 | ||||
| 
 | ||||
| /** | ||||
|  * Adds rel="nofollow" to all outbound links.  This transform is | ||||
|  * only attached if Attr.Nofollow is TRUE. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type HTMLPurifier_URIParser | ||||
|      */ | ||||
|     private $parser; | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->parser = new HTMLPurifier_URIParser(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['href'])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         // XXX Kind of inefficient
 | ||||
|         $url = $this->parser->parse($attr['href']); | ||||
|         $scheme = $url->getSchemeObj($config, $context); | ||||
| 
 | ||||
|         if ($scheme->browsable && !$url->isLocal($config, $context)) { | ||||
|             if (isset($attr['rel'])) { | ||||
|                 $rels = explode(' ', $attr['rel']); | ||||
|                 if (!in_array('nofollow', $rels)) { | ||||
|                     $rels[] = 'nofollow'; | ||||
|                 } | ||||
|                 $attr['rel'] = implode(' ', $rels); | ||||
|             } else { | ||||
|                 $attr['rel'] = 'nofollow'; | ||||
|             } | ||||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -2,9 +2,19 @@ | |||
| 
 | ||||
| class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $name = "SafeEmbed"; | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         $attr['allowscriptaccess'] = 'never'; | ||||
|         $attr['allownetworking'] = 'internal'; | ||||
|         $attr['type'] = 'application/x-shockwave-flash'; | ||||
|  | @ -0,0 +1,28 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Writes default type for all objects. Currently only supports flash. | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $name = "SafeObject"; | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['type'])) { | ||||
|             $attr['type'] = 'application/x-shockwave-flash'; | ||||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -14,14 +14,30 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $name = "SafeParam"; | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_AttrDef_URI | ||||
|      */ | ||||
|     private $uri; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
 | ||||
|         $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); | ||||
|     } | ||||
| 
 | ||||
|     public function transform($attr, $config, $context) { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         // If we add support for other objects, we'll need to alter the
 | ||||
|         // transforms.
 | ||||
|         switch ($attr['name']) { | ||||
|  | @ -33,8 +49,15 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform | |||
|             case 'allowNetworking': | ||||
|                 $attr['value'] = 'internal'; | ||||
|                 break; | ||||
|             case 'allowFullScreen': | ||||
|                 if ($config->get('HTML.FlashAllowFullScreen')) { | ||||
|                     $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; | ||||
|                 } else { | ||||
|                     $attr['value'] = 'false'; | ||||
|                 } | ||||
|                 break; | ||||
|             case 'wmode': | ||||
|                 $attr['value'] = 'window'; | ||||
|                 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); | ||||
|                 break; | ||||
|             case 'movie': | ||||
|             case 'src': | ||||
|  | @ -5,7 +5,14 @@ | |||
|  */ | ||||
| class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     public function transform($attr, $config, $context) { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['type'])) { | ||||
|             $attr['type'] = 'text/javascript'; | ||||
|         } | ||||
|  | @ -0,0 +1,45 @@ | |||
| <?php | ||||
| 
 | ||||
| // must be called POST validation
 | ||||
| 
 | ||||
| /** | ||||
|  * Adds target="blank" to all outbound links.  This transform is | ||||
|  * only attached if Attr.TargetBlank is TRUE.  This works regardless | ||||
|  * of whether or not Attr.AllowedFrameTargets | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @type HTMLPurifier_URIParser | ||||
|      */ | ||||
|     private $parser; | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->parser = new HTMLPurifier_URIParser(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         if (!isset($attr['href'])) { | ||||
|             return $attr; | ||||
|         } | ||||
| 
 | ||||
|         // XXX Kind of inefficient
 | ||||
|         $url = $this->parser->parse($attr['href']); | ||||
|         $scheme = $url->getSchemeObj($config, $context); | ||||
| 
 | ||||
|         if ($scheme->browsable && !$url->isBenign($config, $context)) { | ||||
|             $attr['target'] = '_blank'; | ||||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,27 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Sets height/width defaults for <textarea> | ||||
|  */ | ||||
| class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform | ||||
| { | ||||
|     /** | ||||
|      * @param array $attr | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function transform($attr, $config, $context) | ||||
|     { | ||||
|         // Calculated from Firefox
 | ||||
|         if (!isset($attr['cols'])) { | ||||
|             $attr['cols'] = '22'; | ||||
|         } | ||||
|         if (!isset($attr['rows'])) { | ||||
|             $attr['rows'] = '3'; | ||||
|         } | ||||
|         return $attr; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -6,7 +6,8 @@ | |||
| class HTMLPurifier_AttrTypes | ||||
| { | ||||
|     /** | ||||
|      * Lookup array of attribute string identifiers to concrete implementations | ||||
|      * Lookup array of attribute string identifiers to concrete implementations. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      */ | ||||
|     protected $info = array(); | ||||
| 
 | ||||
|  | @ -14,7 +15,15 @@ class HTMLPurifier_AttrTypes | |||
|      * Constructs the info array, supplying default implementations for attribute | ||||
|      * types. | ||||
|      */ | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         // XXX This is kind of poor, since we don't actually /clone/
 | ||||
|         // instances; instead, we use the supplied make() attribute. So,
 | ||||
|         // the underlying class must know how to deal with arguments.
 | ||||
|         // With the old implementation of Enum, that ignored its
 | ||||
|         // arguments when handling a make dispatch, the IAlign
 | ||||
|         // definition wouldn't work.
 | ||||
| 
 | ||||
|         // pseudo-types, must be instantiated via shorthand
 | ||||
|         $this->info['Enum']    = new HTMLPurifier_AttrDef_Enum(); | ||||
|         $this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool(); | ||||
|  | @ -29,6 +38,9 @@ class HTMLPurifier_AttrTypes | |||
|         $this->info['URI']      = new HTMLPurifier_AttrDef_URI(); | ||||
|         $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang(); | ||||
|         $this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color(); | ||||
|         $this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right'); | ||||
|         $this->info['LAlign']   = self::makeEnum('top,bottom,left,right'); | ||||
|         $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); | ||||
| 
 | ||||
|         // unimplemented aliases
 | ||||
|         $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); | ||||
|  | @ -44,32 +56,39 @@ class HTMLPurifier_AttrTypes | |||
|         $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true); | ||||
|     } | ||||
| 
 | ||||
|     private static function makeEnum($in) | ||||
|     { | ||||
|         return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a type | ||||
|      * @param $type String type name | ||||
|      * @return Object AttrDef for type | ||||
|      * @param string $type String type name | ||||
|      * @return HTMLPurifier_AttrDef Object AttrDef for type | ||||
|      */ | ||||
|     public function get($type) { | ||||
| 
 | ||||
|     public function get($type) | ||||
|     { | ||||
|         // determine if there is any extra info tacked on
 | ||||
|         if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); | ||||
|         else $string = ''; | ||||
|         if (strpos($type, '#') !== false) { | ||||
|             list($type, $string) = explode('#', $type, 2); | ||||
|         } else { | ||||
|             $string = ''; | ||||
|         } | ||||
| 
 | ||||
|         if (!isset($this->info[$type])) { | ||||
|             trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         return $this->info[$type]->make($string); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Sets a new implementation for a type | ||||
|      * @param $type String type name | ||||
|      * @param $impl Object AttrDef for type | ||||
|      * @param string $type String type name | ||||
|      * @param HTMLPurifier_AttrDef $impl Object AttrDef for type | ||||
|      */ | ||||
|     public function set($type, $impl) { | ||||
|     public function set($type, $impl) | ||||
|     { | ||||
|         $this->info[$type] = $impl; | ||||
|     } | ||||
| } | ||||
|  | @ -9,17 +9,14 @@ class HTMLPurifier_AttrValidator | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Validates the attributes of a token, returning a modified token | ||||
|      * Validates the attributes of a token, mutating it as necessary. | ||||
|      * that has valid tokens | ||||
|      * @param $token Reference to token to validate. We require a reference | ||||
|      *     because the operation this class performs on the token are | ||||
|      *     not atomic, so the context CurrentToken to be updated | ||||
|      *     throughout | ||||
|      * @param $config Instance of HTMLPurifier_Config | ||||
|      * @param $context Instance of HTMLPurifier_Context | ||||
|      * @param HTMLPurifier_Token $token Token to validate. | ||||
|      * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config | ||||
|      * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context | ||||
|      */ | ||||
|     public function validateToken(&$token, &$config, $context) { | ||||
| 
 | ||||
|     public function validateToken($token, $config, $context) | ||||
|     { | ||||
|         $definition = $config->getHTMLDefinition(); | ||||
|         $e =& $context->get('ErrorCollector', true); | ||||
| 
 | ||||
|  | @ -32,12 +29,15 @@ class HTMLPurifier_AttrValidator | |||
| 
 | ||||
|         // initialize CurrentToken if necessary
 | ||||
|         $current_token =& $context->get('CurrentToken', true); | ||||
|         if (!$current_token) $context->register('CurrentToken', $token); | ||||
|         if (!$current_token) { | ||||
|             $context->register('CurrentToken', $token); | ||||
|         } | ||||
| 
 | ||||
|         if ( | ||||
|             !$token instanceof HTMLPurifier_Token_Start && | ||||
|         if (!$token instanceof HTMLPurifier_Token_Start && | ||||
|             !$token instanceof HTMLPurifier_Token_Empty | ||||
|         ) return $token; | ||||
|         ) { | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         // create alias to global definition array, see also $defs
 | ||||
|         // DEFINITION CALL
 | ||||
|  | @ -51,7 +51,9 @@ class HTMLPurifier_AttrValidator | |||
|         foreach ($definition->info_attr_transform_pre as $transform) { | ||||
|             $attr = $transform->transform($o = $attr, $config, $context); | ||||
|             if ($e) { | ||||
|                 if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 if ($attr != $o) { | ||||
|                     $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|  | @ -60,7 +62,9 @@ class HTMLPurifier_AttrValidator | |||
|         foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { | ||||
|             $attr = $transform->transform($o = $attr, $config, $context); | ||||
|             if ($e) { | ||||
|                 if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 if ($attr != $o) { | ||||
|                     $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|  | @ -77,7 +81,7 @@ class HTMLPurifier_AttrValidator | |||
|         foreach ($attr as $attr_key => $value) { | ||||
| 
 | ||||
|             // call the definition
 | ||||
|             if ( isset($defs[$attr_key]) ) { | ||||
|             if (isset($defs[$attr_key])) { | ||||
|                 // there is a local definition defined
 | ||||
|                 if ($defs[$attr_key] === false) { | ||||
|                     // We've explicitly been told not to allow this element.
 | ||||
|  | @ -89,15 +93,19 @@ class HTMLPurifier_AttrValidator | |||
|                 } else { | ||||
|                     // validate according to the element's definition
 | ||||
|                     $result = $defs[$attr_key]->validate( | ||||
|                                     $value, $config, $context | ||||
|                                ); | ||||
|                         $value, | ||||
|                         $config, | ||||
|                         $context | ||||
|                     ); | ||||
|                 } | ||||
|             } elseif ( isset($d_defs[$attr_key]) ) { | ||||
|             } elseif (isset($d_defs[$attr_key])) { | ||||
|                 // there is a global definition defined, validate according
 | ||||
|                 // to the global definition
 | ||||
|                 $result = $d_defs[$attr_key]->validate( | ||||
|                                 $value, $config, $context | ||||
|                            ); | ||||
|                     $value, | ||||
|                     $config, | ||||
|                     $context | ||||
|                 ); | ||||
|             } else { | ||||
|                 // system never heard of the attribute? DELETE!
 | ||||
|                 $result = false; | ||||
|  | @ -107,7 +115,9 @@ class HTMLPurifier_AttrValidator | |||
|             if ($result === false || $result === null) { | ||||
|                 // this is a generic error message that should replaced
 | ||||
|                 // with more specific ones when possible
 | ||||
|                 if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); | ||||
|                 if ($e) { | ||||
|                     $e->send(E_ERROR, 'AttrValidator: Attribute removed'); | ||||
|                 } | ||||
| 
 | ||||
|                 // remove the attribute
 | ||||
|                 unset($attr[$attr_key]); | ||||
|  | @ -137,7 +147,9 @@ class HTMLPurifier_AttrValidator | |||
|         foreach ($definition->info_attr_transform_post as $transform) { | ||||
|             $attr = $transform->transform($o = $attr, $config, $context); | ||||
|             if ($e) { | ||||
|                 if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 if ($attr != $o) { | ||||
|                     $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|  | @ -145,14 +157,18 @@ class HTMLPurifier_AttrValidator | |||
|         foreach ($definition->info[$token->name]->attr_transform_post as $transform) { | ||||
|             $attr = $transform->transform($o = $attr, $config, $context); | ||||
|             if ($e) { | ||||
|                 if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 if ($attr != $o) { | ||||
|                     $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         $token->attr = $attr; | ||||
| 
 | ||||
|         // destroy CurrentToken if we made it ourselves
 | ||||
|         if (!$current_token) $context->destroy('CurrentToken'); | ||||
|         if (!$current_token) { | ||||
|             $context->destroy('CurrentToken'); | ||||
|         } | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
							
								
								
									
										124
									
								
								library/ezyang/htmlpurifier/library/HTMLPurifier/Bootstrap.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								library/ezyang/htmlpurifier/library/HTMLPurifier/Bootstrap.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,124 @@ | |||
| <?php | ||||
| 
 | ||||
| // constants are slow, so we use as few as possible
 | ||||
| if (!defined('HTMLPURIFIER_PREFIX')) { | ||||
|     define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..')); | ||||
| } | ||||
| 
 | ||||
| // accomodations for versions earlier than 5.0.2
 | ||||
| // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
 | ||||
| if (!defined('PHP_EOL')) { | ||||
|     switch (strtoupper(substr(PHP_OS, 0, 3))) { | ||||
|         case 'WIN': | ||||
|             define('PHP_EOL', "\r\n"); | ||||
|             break; | ||||
|         case 'DAR': | ||||
|             define('PHP_EOL', "\r"); | ||||
|             break; | ||||
|         default: | ||||
|             define('PHP_EOL', "\n"); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| /** | ||||
|  * Bootstrap class that contains meta-functionality for HTML Purifier such as | ||||
|  * the autoload function. | ||||
|  * | ||||
|  * @note | ||||
|  *      This class may be used without any other files from HTML Purifier. | ||||
|  */ | ||||
| class HTMLPurifier_Bootstrap | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Autoload function for HTML Purifier | ||||
|      * @param string $class Class to load | ||||
|      * @return bool | ||||
|      */ | ||||
|     public static function autoload($class) | ||||
|     { | ||||
|         $file = HTMLPurifier_Bootstrap::getPath($class); | ||||
|         if (!$file) { | ||||
|             return false; | ||||
|         } | ||||
|         // Technically speaking, it should be ok and more efficient to
 | ||||
|         // just do 'require', but Antonio Parraga reports that with
 | ||||
|         // Zend extensions such as Zend debugger and APC, this invariant
 | ||||
|         // may be broken.  Since we have efficient alternatives, pay
 | ||||
|         // the cost here and avoid the bug.
 | ||||
|         require_once HTMLPURIFIER_PREFIX . '/' . $file; | ||||
|         return true; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns the path for a specific class. | ||||
|      * @param string $class Class path to get | ||||
|      * @return string | ||||
|      */ | ||||
|     public static function getPath($class) | ||||
|     { | ||||
|         if (strncmp('HTMLPurifier', $class, 12) !== 0) { | ||||
|             return false; | ||||
|         } | ||||
|         // Custom implementations
 | ||||
|         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { | ||||
|             $code = str_replace('_', '-', substr($class, 22)); | ||||
|             $file = 'HTMLPurifier/Language/classes/' . $code . '.php'; | ||||
|         } else { | ||||
|             $file = str_replace('_', '/', $class) . '.php'; | ||||
|         } | ||||
|         if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) { | ||||
|             return false; | ||||
|         } | ||||
|         return $file; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * "Pre-registers" our autoloader on the SPL stack. | ||||
|      */ | ||||
|     public static function registerAutoload() | ||||
|     { | ||||
|         $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); | ||||
|         if (($funcs = spl_autoload_functions()) === false) { | ||||
|             spl_autoload_register($autoload); | ||||
|         } elseif (function_exists('spl_autoload_unregister')) { | ||||
|             if (version_compare(PHP_VERSION, '5.3.0', '>=')) { | ||||
|                 // prepend flag exists, no need for shenanigans
 | ||||
|                 spl_autoload_register($autoload, true, true); | ||||
|             } else { | ||||
|                 $buggy  = version_compare(PHP_VERSION, '5.2.11', '<'); | ||||
|                 $compat = version_compare(PHP_VERSION, '5.1.2', '<=') && | ||||
|                           version_compare(PHP_VERSION, '5.1.0', '>='); | ||||
|                 foreach ($funcs as $func) { | ||||
|                     if ($buggy && is_array($func)) { | ||||
|                         // :TRICKY: There are some compatibility issues and some
 | ||||
|                         // places where we need to error out
 | ||||
|                         $reflector = new ReflectionMethod($func[0], $func[1]); | ||||
|                         if (!$reflector->isStatic()) { | ||||
|                             throw new Exception( | ||||
|                                 'HTML Purifier autoloader registrar is not compatible | ||||
|                                 with non-static object methods due to PHP Bug #44144;
 | ||||
|                                 Please do not use HTMLPurifier.autoload.php (or any | ||||
|                                 file that includes this file); instead, place the code: | ||||
|                                 spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\')) | ||||
|                                 after your own autoloaders.' | ||||
|                             ); | ||||
|                         } | ||||
|                         // Suprisingly, spl_autoload_register supports the
 | ||||
|                         // Class::staticMethod callback format, although call_user_func doesn't
 | ||||
|                         if ($compat) { | ||||
|                             $func = implode('::', $func); | ||||
|                         } | ||||
|                     } | ||||
|                     spl_autoload_unregister($func); | ||||
|                 } | ||||
|                 spl_autoload_register($autoload); | ||||
|                 foreach ($funcs as $func) { | ||||
|                     spl_autoload_register($func); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,474 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Defines allowed CSS attributes and what their values are. | ||||
|  * @see HTMLPurifier_HTMLDefinition | ||||
|  */ | ||||
| class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition | ||||
| { | ||||
| 
 | ||||
|     public $type = 'CSS'; | ||||
| 
 | ||||
|     /** | ||||
|      * Assoc array of attribute name to definition object. | ||||
|      * @type HTMLPurifier_AttrDef[] | ||||
|      */ | ||||
|     public $info = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Constructs the info array.  The meat of this class. | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     protected function doSetup($config) | ||||
|     { | ||||
|         $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('left', 'right', 'center', 'justify'), | ||||
|             false | ||||
|         ); | ||||
| 
 | ||||
|         $border_style = | ||||
|             $this->info['border-bottom-style'] = | ||||
|             $this->info['border-right-style'] = | ||||
|             $this->info['border-left-style'] = | ||||
|             $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum( | ||||
|                 array( | ||||
|                     'none', | ||||
|                     'hidden', | ||||
|                     'dotted', | ||||
|                     'dashed', | ||||
|                     'solid', | ||||
|                     'double', | ||||
|                     'groove', | ||||
|                     'ridge', | ||||
|                     'inset', | ||||
|                     'outset' | ||||
|                 ), | ||||
|                 false | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style); | ||||
| 
 | ||||
|         $this->info['clear'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('none', 'left', 'right', 'both'), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['float'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('none', 'left', 'right'), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('normal', 'italic', 'oblique'), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('normal', 'small-caps'), | ||||
|             false | ||||
|         ); | ||||
| 
 | ||||
|         $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('none')), | ||||
|                 new HTMLPurifier_AttrDef_CSS_URI() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('inside', 'outside'), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array( | ||||
|                 'disc', | ||||
|                 'circle', | ||||
|                 'square', | ||||
|                 'decimal', | ||||
|                 'lower-roman', | ||||
|                 'upper-roman', | ||||
|                 'lower-alpha', | ||||
|                 'upper-alpha', | ||||
|                 'none' | ||||
|             ), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['list-style-image'] = $uri_or_none; | ||||
| 
 | ||||
|         $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config); | ||||
| 
 | ||||
|         $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('capitalize', 'uppercase', 'lowercase', 'none'), | ||||
|             false | ||||
|         ); | ||||
|         $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
| 
 | ||||
|         $this->info['background-image'] = $uri_or_none; | ||||
|         $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('repeat', 'repeat-x', 'repeat-y', 'no-repeat') | ||||
|         ); | ||||
|         $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('scroll', 'fixed') | ||||
|         ); | ||||
|         $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); | ||||
| 
 | ||||
|         $border_color = | ||||
|             $this->info['border-top-color'] = | ||||
|             $this->info['border-bottom-color'] = | ||||
|             $this->info['border-left-color'] = | ||||
|             $this->info['border-right-color'] = | ||||
|             $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|                 array( | ||||
|                     new HTMLPurifier_AttrDef_Enum(array('transparent')), | ||||
|                     new HTMLPurifier_AttrDef_CSS_Color() | ||||
|                 ) | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config); | ||||
| 
 | ||||
|         $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color); | ||||
| 
 | ||||
|         $border_width = | ||||
|             $this->info['border-top-width'] = | ||||
|             $this->info['border-bottom-width'] = | ||||
|             $this->info['border-left-width'] = | ||||
|             $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|                 array( | ||||
|                     new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')), | ||||
|                     new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
 | ||||
|                 ) | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width); | ||||
| 
 | ||||
|         $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum( | ||||
|                     array( | ||||
|                         'xx-small', | ||||
|                         'x-small', | ||||
|                         'small', | ||||
|                         'medium', | ||||
|                         'large', | ||||
|                         'x-large', | ||||
|                         'xx-large', | ||||
|                         'larger', | ||||
|                         'smaller' | ||||
|                     ) | ||||
|                 ), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage(), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('normal')), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
 | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage(true) | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $margin = | ||||
|             $this->info['margin-top'] = | ||||
|             $this->info['margin-bottom'] = | ||||
|             $this->info['margin-left'] = | ||||
|             $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|                 array( | ||||
|                     new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|                     new HTMLPurifier_AttrDef_CSS_Percentage(), | ||||
|                     new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|                 ) | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin); | ||||
| 
 | ||||
|         // non-negative
 | ||||
|         $padding = | ||||
|             $this->info['padding-top'] = | ||||
|             $this->info['padding-bottom'] = | ||||
|             $this->info['padding-left'] = | ||||
|             $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|                 array( | ||||
|                     new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|                     new HTMLPurifier_AttrDef_CSS_Percentage(true) | ||||
|                 ) | ||||
|             ); | ||||
| 
 | ||||
|         $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding); | ||||
| 
 | ||||
|         $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length('0'), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage(true), | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|             ) | ||||
|         ); | ||||
|         $max = $config->get('CSS.MaxImgLength'); | ||||
| 
 | ||||
|         $this->info['width'] = | ||||
|         $this->info['height'] = | ||||
|             $max === null ? | ||||
|                 $trusted_wh : | ||||
|                 new HTMLPurifier_AttrDef_Switch( | ||||
|                     'img', | ||||
|                     // For img tags:
 | ||||
|                     new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|                         array( | ||||
|                             new HTMLPurifier_AttrDef_CSS_Length('0', $max), | ||||
|                             new HTMLPurifier_AttrDef_Enum(array('auto')) | ||||
|                         ) | ||||
|                     ), | ||||
|                     // For everyone else:
 | ||||
|                     $trusted_wh | ||||
|                 ); | ||||
| 
 | ||||
|         $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); | ||||
| 
 | ||||
|         $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily(); | ||||
| 
 | ||||
|         // this could use specialized code
 | ||||
|         $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array( | ||||
|                 'normal', | ||||
|                 'bold', | ||||
|                 'bolder', | ||||
|                 'lighter', | ||||
|                 '100', | ||||
|                 '200', | ||||
|                 '300', | ||||
|                 '400', | ||||
|                 '500', | ||||
|                 '600', | ||||
|                 '700', | ||||
|                 '800', | ||||
|                 '900' | ||||
|             ), | ||||
|             false | ||||
|         ); | ||||
| 
 | ||||
|         // MUST be called after other font properties, as it references
 | ||||
|         // a CSSDefinition object
 | ||||
|         $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config); | ||||
| 
 | ||||
|         // same here
 | ||||
|         $this->info['border'] = | ||||
|         $this->info['border-bottom'] = | ||||
|         $this->info['border-top'] = | ||||
|         $this->info['border-left'] = | ||||
|         $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config); | ||||
| 
 | ||||
|         $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('collapse', 'separate') | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('top', 'bottom') | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('auto', 'fixed') | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Enum( | ||||
|                     array( | ||||
|                         'baseline', | ||||
|                         'sub', | ||||
|                         'super', | ||||
|                         'top', | ||||
|                         'text-top', | ||||
|                         'middle', | ||||
|                         'bottom', | ||||
|                         'text-bottom' | ||||
|                     ) | ||||
|                 ), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage() | ||||
|             ) | ||||
|         ); | ||||
| 
 | ||||
|         $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2); | ||||
| 
 | ||||
|         // These CSS properties don't work on many browsers, but we live
 | ||||
|         // in THE FUTURE!
 | ||||
|         $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line') | ||||
|         ); | ||||
| 
 | ||||
|         if ($config->get('CSS.Proprietary')) { | ||||
|             $this->doSetupProprietary($config); | ||||
|         } | ||||
| 
 | ||||
|         if ($config->get('CSS.AllowTricky')) { | ||||
|             $this->doSetupTricky($config); | ||||
|         } | ||||
| 
 | ||||
|         if ($config->get('CSS.Trusted')) { | ||||
|             $this->doSetupTrusted($config); | ||||
|         } | ||||
| 
 | ||||
|         $allow_important = $config->get('CSS.AllowImportant'); | ||||
|         // wrap all attr-defs with decorator that handles !important
 | ||||
|         foreach ($this->info as $k => $v) { | ||||
|             $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important); | ||||
|         } | ||||
| 
 | ||||
|         $this->setupConfigStuff($config); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     protected function doSetupProprietary($config) | ||||
|     { | ||||
|         // Internet Explorer only scrollbar colors
 | ||||
|         $this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-darkshadow-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-face-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-highlight-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
|         $this->info['scrollbar-shadow-color'] = new HTMLPurifier_AttrDef_CSS_Color(); | ||||
| 
 | ||||
|         // vendor specific prefixes of opacity
 | ||||
|         $this->info['-moz-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
|         $this->info['-khtml-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
| 
 | ||||
|         // only opacity, for now
 | ||||
|         $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter(); | ||||
| 
 | ||||
|         // more CSS3
 | ||||
|         $this->info['page-break-after'] = | ||||
|         $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array( | ||||
|                 'auto', | ||||
|                 'always', | ||||
|                 'avoid', | ||||
|                 'left', | ||||
|                 'right' | ||||
|             ) | ||||
|         ); | ||||
|         $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid')); | ||||
| 
 | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     protected function doSetupTricky($config) | ||||
|     { | ||||
|         $this->info['display'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array( | ||||
|                 'inline', | ||||
|                 'block', | ||||
|                 'list-item', | ||||
|                 'run-in', | ||||
|                 'compact', | ||||
|                 'marker', | ||||
|                 'table', | ||||
|                 'inline-block', | ||||
|                 'inline-table', | ||||
|                 'table-row-group', | ||||
|                 'table-header-group', | ||||
|                 'table-footer-group', | ||||
|                 'table-row', | ||||
|                 'table-column-group', | ||||
|                 'table-column', | ||||
|                 'table-cell', | ||||
|                 'table-caption', | ||||
|                 'none' | ||||
|             ) | ||||
|         ); | ||||
|         $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('visible', 'hidden', 'collapse') | ||||
|         ); | ||||
|         $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll')); | ||||
|         $this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     protected function doSetupTrusted($config) | ||||
|     { | ||||
|         $this->info['position'] = new HTMLPurifier_AttrDef_Enum( | ||||
|             array('static', 'relative', 'absolute', 'fixed') | ||||
|         ); | ||||
|         $this->info['top'] = | ||||
|         $this->info['left'] = | ||||
|         $this->info['right'] = | ||||
|         $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_CSS_Length(), | ||||
|                 new HTMLPurifier_AttrDef_CSS_Percentage(), | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('auto')), | ||||
|             ) | ||||
|         ); | ||||
|         $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite( | ||||
|             array( | ||||
|                 new HTMLPurifier_AttrDef_Integer(), | ||||
|                 new HTMLPurifier_AttrDef_Enum(array('auto')), | ||||
|             ) | ||||
|         ); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Performs extra config-based processing. Based off of | ||||
|      * HTMLPurifier_HTMLDefinition. | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @todo Refactor duplicate elements into common class (probably using | ||||
|      *       composition, not inheritance). | ||||
|      */ | ||||
|     protected function setupConfigStuff($config) | ||||
|     { | ||||
|         // setup allowed elements
 | ||||
|         $support = "(for information on implementing this, see the " . | ||||
|             "support forums) "; | ||||
|         $allowed_properties = $config->get('CSS.AllowedProperties'); | ||||
|         if ($allowed_properties !== null) { | ||||
|             foreach ($this->info as $name => $d) { | ||||
|                 if (!isset($allowed_properties[$name])) { | ||||
|                     unset($this->info[$name]); | ||||
|                 } | ||||
|                 unset($allowed_properties[$name]); | ||||
|             } | ||||
|             // emit errors
 | ||||
|             foreach ($allowed_properties as $name => $d) { | ||||
|                 // :TODO: Is this htmlspecialchars() call really necessary?
 | ||||
|                 $name = htmlspecialchars($name); | ||||
|                 trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING); | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         $forbidden_properties = $config->get('CSS.ForbiddenProperties'); | ||||
|         if ($forbidden_properties !== null) { | ||||
|             foreach ($this->info as $name => $d) { | ||||
|                 if (isset($forbidden_properties[$name])) { | ||||
|                     unset($this->info[$name]); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -1,48 +1,52 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Defines allowed child nodes and validates tokens against it. | ||||
|  * Defines allowed child nodes and validates nodes against it. | ||||
|  */ | ||||
| abstract class HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * Type of child definition, usually right-most part of class name lowercase. | ||||
|      * Used occasionally in terms of context. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type; | ||||
| 
 | ||||
|     /** | ||||
|      * Bool that indicates whether or not an empty array of children is okay | ||||
|      * Indicates whether or not an empty array of children is okay. | ||||
|      * | ||||
|      * This is necessary for redundant checking when changes affecting | ||||
|      * a child node may cause a parent node to now be disallowed. | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty; | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup array of all elements that this definition could possibly allow | ||||
|      * Lookup array of all elements that this definition could possibly allow. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $elements = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Get lookup of tag names that should not close this element automatically. | ||||
|      * All other elements will do so. | ||||
|      * @param HTMLPurifier_Config $config HTMLPurifier_Config object | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getAllowedElements($config) { | ||||
|     public function getAllowedElements($config) | ||||
|     { | ||||
|         return $this->elements; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Validates nodes according to definition and returns modification. | ||||
|      * | ||||
|      * @param $tokens_of_children Array of HTMLPurifier_Token | ||||
|      * @param $config HTMLPurifier_Config object | ||||
|      * @param $context HTMLPurifier_Context object | ||||
|      * @return bool true to leave nodes as is | ||||
|      * @return bool false to remove parent node | ||||
|      * @return array of replacement child tokens | ||||
|      * @param HTMLPurifier_Node[] $children Array of HTMLPurifier_Node | ||||
|      * @param HTMLPurifier_Config $config HTMLPurifier_Config object | ||||
|      * @param HTMLPurifier_Context $context HTMLPurifier_Context object | ||||
|      * @return bool|array true to leave nodes as is, false to remove parent node, array of replacement children | ||||
|      */ | ||||
|     abstract public function validateChildren($tokens_of_children, $config, $context); | ||||
|     abstract public function validateChildren($children, $config, $context); | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -14,33 +14,52 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef | |||
| 
 | ||||
|     /** | ||||
|      * Instance of the definition object to use when inline. Usually stricter. | ||||
|      * @type HTMLPurifier_ChildDef_Optional | ||||
|      */ | ||||
|     public $inline; | ||||
| 
 | ||||
|     /** | ||||
|      * Instance of the definition object to use when block. | ||||
|      * @type HTMLPurifier_ChildDef_Optional | ||||
|      */ | ||||
|     public $block; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'chameleon'; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $inline List of elements to allow when inline. | ||||
|      * @param $block List of elements to allow when block. | ||||
|      * @param array $inline List of elements to allow when inline. | ||||
|      * @param array $block List of elements to allow when block. | ||||
|      */ | ||||
|     public function __construct($inline, $block) { | ||||
|     public function __construct($inline, $block) | ||||
|     { | ||||
|         $this->inline = new HTMLPurifier_ChildDef_Optional($inline); | ||||
|         $this->block  = new HTMLPurifier_ChildDef_Optional($block); | ||||
|         $this->block = new HTMLPurifier_ChildDef_Optional($block); | ||||
|         $this->elements = $this->block->elements; | ||||
|     } | ||||
| 
 | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_Node[] $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         if ($context->get('IsInline') === false) { | ||||
|             return $this->block->validateChildren( | ||||
|                 $tokens_of_children, $config, $context); | ||||
|                 $children, | ||||
|                 $config, | ||||
|                 $context | ||||
|             ); | ||||
|         } else { | ||||
|             return $this->inline->validateChildren( | ||||
|                 $tokens_of_children, $config, $context); | ||||
|                 $children, | ||||
|                 $config, | ||||
|                 $context | ||||
|             ); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | @ -8,28 +8,42 @@ | |||
|  */ | ||||
| class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     public $type = 'custom'; | ||||
|     public $allow_empty = false; | ||||
|     /** | ||||
|      * Allowed child pattern as defined by the DTD | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'custom'; | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Allowed child pattern as defined by the DTD. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $dtd_regex; | ||||
| 
 | ||||
|     /** | ||||
|      * PCRE regex derived from $dtd_regex | ||||
|      * @private | ||||
|      * PCRE regex derived from $dtd_regex. | ||||
|      * @type string | ||||
|      */ | ||||
|     private $_pcre_regex; | ||||
| 
 | ||||
|     /** | ||||
|      * @param $dtd_regex Allowed child pattern from the DTD | ||||
|      */ | ||||
|     public function __construct($dtd_regex) { | ||||
|     public function __construct($dtd_regex) | ||||
|     { | ||||
|         $this->dtd_regex = $dtd_regex; | ||||
|         $this->_compileRegex(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex) | ||||
|      */ | ||||
|     protected function _compileRegex() { | ||||
|     protected function _compileRegex() | ||||
|     { | ||||
|         $raw = str_replace(' ', '', $this->dtd_regex); | ||||
|         if ($raw{0} != '(') { | ||||
|             $raw = "($raw)"; | ||||
|  | @ -57,33 +71,31 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef | |||
| 
 | ||||
|         $this->_pcre_regex = $reg; | ||||
|     } | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Node[] $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         $list_of_children = ''; | ||||
|         $nesting = 0; // depth into the nest
 | ||||
|         foreach ($tokens_of_children as $token) { | ||||
|             if (!empty($token->is_whitespace)) continue; | ||||
| 
 | ||||
|             $is_child = ($nesting == 0); // direct
 | ||||
| 
 | ||||
|             if ($token instanceof HTMLPurifier_Token_Start) { | ||||
|                 $nesting++; | ||||
|             } elseif ($token instanceof HTMLPurifier_Token_End) { | ||||
|                 $nesting--; | ||||
|             } | ||||
| 
 | ||||
|             if ($is_child) { | ||||
|                 $list_of_children .= $token->name . ','; | ||||
|         foreach ($children as $node) { | ||||
|             if (!empty($node->is_whitespace)) { | ||||
|                 continue; | ||||
|             } | ||||
|             $list_of_children .= $node->name . ','; | ||||
|         } | ||||
|         // add leading comma to deal with stray comma declarations
 | ||||
|         $list_of_children = ',' . rtrim($list_of_children, ','); | ||||
|         $okay = | ||||
|             preg_match( | ||||
|                 '/^,?'.$this->_pcre_regex.'$/', | ||||
|                 '/^,?' . $this->_pcre_regex . '$/', | ||||
|                 $list_of_children | ||||
|             ); | ||||
| 
 | ||||
|         return (bool) $okay; | ||||
|         return (bool)$okay; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
|  | @ -9,10 +9,28 @@ | |||
|  */ | ||||
| class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = true; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'empty'; | ||||
|     public function __construct() {} | ||||
|     public function validateChildren($tokens_of_children, $config, $context) { | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Node[] $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         return array(); | ||||
|     } | ||||
| } | ||||
|  | @ -0,0 +1,86 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition for list containers ul and ol. | ||||
|  * | ||||
|  * What does this do?  The big thing is to handle ol/ul at the top | ||||
|  * level of list nodes, which should be handled specially by /folding/ | ||||
|  * them into the previous list node.  We generally shouldn't ever | ||||
|  * see other disallowed elements, because the autoclose behavior | ||||
|  * in MakeWellFormed handles it. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'list'; | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     // lying a little bit, so that we can handle ul and ol ourselves
 | ||||
|     // XXX: This whole business with 'wrap' is all a bit unsatisfactory
 | ||||
|     public $elements = array('li' => true, 'ul' => true, 'ol' => true); | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         // Flag for subclasses
 | ||||
|         $this->whitespace = false; | ||||
| 
 | ||||
|         // if there are no tokens, delete parent node
 | ||||
|         if (empty($children)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // the new set of children
 | ||||
|         $result = array(); | ||||
| 
 | ||||
|         // a little sanity check to make sure it's not ALL whitespace
 | ||||
|         $all_whitespace = true; | ||||
| 
 | ||||
|         $current_li = false; | ||||
| 
 | ||||
|         foreach ($children as $node) { | ||||
|             if (!empty($node->is_whitespace)) { | ||||
|                 $result[] = $node; | ||||
|                 continue; | ||||
|             } | ||||
|             $all_whitespace = false; // phew, we're not talking about whitespace
 | ||||
| 
 | ||||
|             if ($node->name === 'li') { | ||||
|                 // good
 | ||||
|                 $current_li = $node; | ||||
|                 $result[] = $node; | ||||
|             } else { | ||||
|                 // we want to tuck this into the previous li
 | ||||
|                 // Invariant: we expect the node to be ol/ul
 | ||||
|                 // ToDo: Make this more robust in the case of not ol/ul
 | ||||
|                 // by distinguishing between existing li and li created
 | ||||
|                 // to handle non-list elements; non-list elements should
 | ||||
|                 // not be appended to an existing li; only li created
 | ||||
|                 // for non-list. This distinction is not currently made.
 | ||||
|                 if ($current_li === false) { | ||||
|                     $current_li = new HTMLPurifier_Node_Element('li'); | ||||
|                     $result[] = $current_li; | ||||
|                 } | ||||
|                 $current_li->children[] = $node; | ||||
|                 $current_li->empty = false; // XXX fascinating! Check for this error elsewhere ToDo
 | ||||
|             } | ||||
|         } | ||||
|         if (empty($result)) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($all_whitespace) { | ||||
|             return false; | ||||
|         } | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,45 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition that allows a set of elements, and allows no children. | ||||
|  * @note This is a hack to reuse code from HTMLPurifier_ChildDef_Required, | ||||
|  *       really, one shouldn't inherit from the other.  Only altered behavior | ||||
|  *       is to overload a returned false with an array.  Thus, it will never | ||||
|  *       return false. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required | ||||
| { | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = true; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'optional'; | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         $result = parent::validateChildren($children, $config, $context); | ||||
|         // we assume that $children is not modified
 | ||||
|         if ($result === false) { | ||||
|             if (empty($children)) { | ||||
|                 return true; | ||||
|             } elseif ($this->whitespace) { | ||||
|                 return $children; | ||||
|             } else { | ||||
|                 return array(); | ||||
|             } | ||||
|         } | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,118 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition that allows a set of elements, but disallows empty children. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * Lookup table of allowed elements. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $elements = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not the last passed node was all whitespace. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $whitespace = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @param array|string $elements List of allowed element names (lowercase). | ||||
|      */ | ||||
|     public function __construct($elements) | ||||
|     { | ||||
|         if (is_string($elements)) { | ||||
|             $elements = str_replace(' ', '', $elements); | ||||
|             $elements = explode('|', $elements); | ||||
|         } | ||||
|         $keys = array_keys($elements); | ||||
|         if ($keys == array_keys($keys)) { | ||||
|             $elements = array_flip($elements); | ||||
|             foreach ($elements as $i => $x) { | ||||
|                 $elements[$i] = true; | ||||
|                 if (empty($i)) { | ||||
|                     unset($elements[$i]); | ||||
|                 } // remove blank
 | ||||
|             } | ||||
|         } | ||||
|         $this->elements = $elements; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'required'; | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         // Flag for subclasses
 | ||||
|         $this->whitespace = false; | ||||
| 
 | ||||
|         // if there are no tokens, delete parent node
 | ||||
|         if (empty($children)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // the new set of children
 | ||||
|         $result = array(); | ||||
| 
 | ||||
|         // whether or not parsed character data is allowed
 | ||||
|         // this controls whether or not we silently drop a tag
 | ||||
|         // or generate escaped HTML from it
 | ||||
|         $pcdata_allowed = isset($this->elements['#PCDATA']); | ||||
| 
 | ||||
|         // a little sanity check to make sure it's not ALL whitespace
 | ||||
|         $all_whitespace = true; | ||||
| 
 | ||||
|         $stack = array_reverse($children); | ||||
|         while (!empty($stack)) { | ||||
|             $node = array_pop($stack); | ||||
|             if (!empty($node->is_whitespace)) { | ||||
|                 $result[] = $node; | ||||
|                 continue; | ||||
|             } | ||||
|             $all_whitespace = false; // phew, we're not talking about whitespace
 | ||||
| 
 | ||||
|             if (!isset($this->elements[$node->name])) { | ||||
|                 // special case text
 | ||||
|                 // XXX One of these ought to be redundant or something
 | ||||
|                 if ($pcdata_allowed && $node instanceof HTMLPurifier_Node_Text) { | ||||
|                     $result[] = $node; | ||||
|                     continue; | ||||
|                 } | ||||
|                 // spill the child contents in
 | ||||
|                 // ToDo: Make configurable
 | ||||
|                 if ($node instanceof HTMLPurifier_Node_Element) { | ||||
|                     for ($i = count($node->children) - 1; $i >= 0; $i--) { | ||||
|                         $stack[] = $node->children[$i]; | ||||
|                     } | ||||
|                     continue; | ||||
|                 } | ||||
|                 continue; | ||||
|             } | ||||
|             $result[] = $node; | ||||
|         } | ||||
|         if (empty($result)) { | ||||
|             return false; | ||||
|         } | ||||
|         if ($all_whitespace) { | ||||
|             $this->whitespace = true; | ||||
|             return false; | ||||
|         } | ||||
|         return $result; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,110 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Takes the contents of blockquote when in strict and reformats for validation. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Required | ||||
| { | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $real_elements; | ||||
| 
 | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $fake_elements; | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = true; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'strictblockquote'; | ||||
| 
 | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $init = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @return array | ||||
|      * @note We don't want MakeWellFormed to auto-close inline elements since | ||||
|      *       they might be allowed. | ||||
|      */ | ||||
|     public function getAllowedElements($config) | ||||
|     { | ||||
|         $this->init($config); | ||||
|         return $this->fake_elements; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         $this->init($config); | ||||
| 
 | ||||
|         // trick the parent class into thinking it allows more
 | ||||
|         $this->elements = $this->fake_elements; | ||||
|         $result = parent::validateChildren($children, $config, $context); | ||||
|         $this->elements = $this->real_elements; | ||||
| 
 | ||||
|         if ($result === false) { | ||||
|             return array(); | ||||
|         } | ||||
|         if ($result === true) { | ||||
|             $result = $children; | ||||
|         } | ||||
| 
 | ||||
|         $def = $config->getHTMLDefinition(); | ||||
|         $block_wrap_name = $def->info_block_wrapper; | ||||
|         $block_wrap = false; | ||||
|         $ret = array(); | ||||
| 
 | ||||
|         foreach ($result as $node) { | ||||
|             if ($block_wrap === false) { | ||||
|                 if (($node instanceof HTMLPurifier_Node_Text && !$node->is_whitespace) || | ||||
|                     ($node instanceof HTMLPurifier_Node_Element && !isset($this->elements[$node->name]))) { | ||||
|                         $block_wrap = new HTMLPurifier_Node_Element($def->info_block_wrapper); | ||||
|                         $ret[] = $block_wrap; | ||||
|                 } | ||||
|             } else { | ||||
|                 if ($node instanceof HTMLPurifier_Node_Element && isset($this->elements[$node->name])) { | ||||
|                     $block_wrap = false; | ||||
| 
 | ||||
|                 } | ||||
|             } | ||||
|             if ($block_wrap) { | ||||
|                 $block_wrap->children[] = $node; | ||||
|             } else { | ||||
|                 $ret[] = $node; | ||||
|             } | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      */ | ||||
|     private function init($config) | ||||
|     { | ||||
|         if (!$this->init) { | ||||
|             $def = $config->getHTMLDefinition(); | ||||
|             // allow all inline elements
 | ||||
|             $this->real_elements = $this->elements; | ||||
|             $this->fake_elements = $def->info_content_sets['Flow']; | ||||
|             $this->fake_elements['#PCDATA'] = true; | ||||
|             $this->init = true; | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,224 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Definition for tables.  The general idea is to extract out all of the | ||||
|  * essential bits, and then reconstruct it later. | ||||
|  * | ||||
|  * This is a bit confusing, because the DTDs and the W3C | ||||
|  * validators seem to disagree on the appropriate definition. The | ||||
|  * DTD claims: | ||||
|  * | ||||
|  *      (CAPTION?, (COL*|COLGROUP*), THEAD?, TFOOT?, TBODY+) | ||||
|  * | ||||
|  * But actually, the HTML4 spec then has this to say: | ||||
|  * | ||||
|  *      The TBODY start tag is always required except when the table | ||||
|  *      contains only one table body and no table head or foot sections. | ||||
|  *      The TBODY end tag may always be safely omitted. | ||||
|  * | ||||
|  * So the DTD is kind of wrong.  The validator is, unfortunately, kind | ||||
|  * of on crack. | ||||
|  * | ||||
|  * The definition changed again in XHTML1.1; and in my opinion, this | ||||
|  * formulation makes the most sense. | ||||
|  * | ||||
|  *      caption?, ( col* | colgroup* ), (( thead?, tfoot?, tbody+ ) | ( tr+ )) | ||||
|  * | ||||
|  * Essentially, we have two modes: thead/tfoot/tbody mode, and tr mode. | ||||
|  * If we encounter a thead, tfoot or tbody, we are placed in the former | ||||
|  * mode, and we *must* wrap any stray tr segments with a tbody. But if | ||||
|  * we don't run into any of them, just have tr tags is OK. | ||||
|  */ | ||||
| class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef | ||||
| { | ||||
|     /** | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $allow_empty = false; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type = 'table'; | ||||
| 
 | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     public $elements = array( | ||||
|         'tr' => true, | ||||
|         'tbody' => true, | ||||
|         'thead' => true, | ||||
|         'tfoot' => true, | ||||
|         'caption' => true, | ||||
|         'colgroup' => true, | ||||
|         'col' => true | ||||
|     ); | ||||
| 
 | ||||
|     public function __construct() | ||||
|     { | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param array $children | ||||
|      * @param HTMLPurifier_Config $config | ||||
|      * @param HTMLPurifier_Context $context | ||||
|      * @return array | ||||
|      */ | ||||
|     public function validateChildren($children, $config, $context) | ||||
|     { | ||||
|         if (empty($children)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         // only one of these elements is allowed in a table
 | ||||
|         $caption = false; | ||||
|         $thead = false; | ||||
|         $tfoot = false; | ||||
| 
 | ||||
|         // whitespace
 | ||||
|         $initial_ws = array(); | ||||
|         $after_caption_ws = array(); | ||||
|         $after_thead_ws = array(); | ||||
|         $after_tfoot_ws = array(); | ||||
| 
 | ||||
|         // as many of these as you want
 | ||||
|         $cols = array(); | ||||
|         $content = array(); | ||||
| 
 | ||||
|         $tbody_mode = false; // if true, then we need to wrap any stray
 | ||||
|                              // <tr>s with a <tbody>.
 | ||||
| 
 | ||||
|         $ws_accum =& $initial_ws; | ||||
| 
 | ||||
|         foreach ($children as $node) { | ||||
|             if ($node instanceof HTMLPurifier_Node_Comment) { | ||||
|                 $ws_accum[] = $node; | ||||
|                 continue; | ||||
|             } | ||||
|             switch ($node->name) { | ||||
|             case 'tbody': | ||||
|                 $tbody_mode = true; | ||||
|                 // fall through
 | ||||
|             case 'tr': | ||||
|                 $content[] = $node; | ||||
|                 $ws_accum =& $content; | ||||
|                 break; | ||||
|             case 'caption': | ||||
|                 // there can only be one caption!
 | ||||
|                 if ($caption !== false)  break; | ||||
|                 $caption = $node; | ||||
|                 $ws_accum =& $after_caption_ws; | ||||
|                 break; | ||||
|             case 'thead': | ||||
|                 $tbody_mode = true; | ||||
|                 // XXX This breaks rendering properties with
 | ||||
|                 // Firefox, which never floats a <thead> to
 | ||||
|                 // the top. Ever. (Our scheme will float the
 | ||||
|                 // first <thead> to the top.)  So maybe
 | ||||
|                 // <thead>s that are not first should be
 | ||||
|                 // turned into <tbody>? Very tricky, indeed.
 | ||||
|                 if ($thead === false) { | ||||
|                     $thead = $node; | ||||
|                     $ws_accum =& $after_thead_ws; | ||||
|                 } else { | ||||
|                     // Oops, there's a second one! What
 | ||||
|                     // should we do?  Current behavior is to
 | ||||
|                     // transmutate the first and last entries into
 | ||||
|                     // tbody tags, and then put into content.
 | ||||
|                     // Maybe a better idea is to *attach
 | ||||
|                     // it* to the existing thead or tfoot?
 | ||||
|                     // We don't do this, because Firefox
 | ||||
|                     // doesn't float an extra tfoot to the
 | ||||
|                     // bottom like it does for the first one.
 | ||||
|                     $node->name = 'tbody'; | ||||
|                     $content[] = $node; | ||||
|                     $ws_accum =& $content; | ||||
|                 } | ||||
|                 break; | ||||
|             case 'tfoot': | ||||
|                 // see above for some aveats
 | ||||
|                 $tbody_mode = true; | ||||
|                 if ($tfoot === false) { | ||||
|                     $tfoot = $node; | ||||
|                     $ws_accum =& $after_tfoot_ws; | ||||
|                 } else { | ||||
|                     $node->name = 'tbody'; | ||||
|                     $content[] = $node; | ||||
|                     $ws_accum =& $content; | ||||
|                 } | ||||
|                 break; | ||||
|             case 'colgroup': | ||||
|             case 'col': | ||||
|                 $cols[] = $node; | ||||
|                 $ws_accum =& $cols; | ||||
|                 break; | ||||
|             case '#PCDATA': | ||||
|                 // How is whitespace handled? We treat is as sticky to
 | ||||
|                 // the *end* of the previous element. So all of the
 | ||||
|                 // nonsense we have worked on is to keep things
 | ||||
|                 // together.
 | ||||
|                 if (!empty($node->is_whitespace)) { | ||||
|                     $ws_accum[] = $node; | ||||
|                 } | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (empty($content)) { | ||||
|             return false; | ||||
|         } | ||||
| 
 | ||||
|         $ret = $initial_ws; | ||||
|         if ($caption !== false) { | ||||
|             $ret[] = $caption; | ||||
|             $ret = array_merge($ret, $after_caption_ws); | ||||
|         } | ||||
|         if ($cols !== false) { | ||||
|             $ret = array_merge($ret, $cols); | ||||
|         } | ||||
|         if ($thead !== false) { | ||||
|             $ret[] = $thead; | ||||
|             $ret = array_merge($ret, $after_thead_ws); | ||||
|         } | ||||
|         if ($tfoot !== false) { | ||||
|             $ret[] = $tfoot; | ||||
|             $ret = array_merge($ret, $after_tfoot_ws); | ||||
|         } | ||||
| 
 | ||||
|         if ($tbody_mode) { | ||||
|             // we have to shuffle tr into tbody
 | ||||
|             $current_tr_tbody = null; | ||||
| 
 | ||||
|             foreach($content as $node) { | ||||
|                 switch ($node->name) { | ||||
|                 case 'tbody': | ||||
|                     $current_tr_tbody = null; | ||||
|                     $ret[] = $node; | ||||
|                     break; | ||||
|                 case 'tr': | ||||
|                     if ($current_tr_tbody === null) { | ||||
|                         $current_tr_tbody = new HTMLPurifier_Node_Element('tbody'); | ||||
|                         $ret[] = $current_tr_tbody; | ||||
|                     } | ||||
|                     $current_tr_tbody->children[] = $node; | ||||
|                     break; | ||||
|                 case '#PCDATA': | ||||
|                     assert($node->is_whitespace); | ||||
|                     if ($current_tr_tbody === null) { | ||||
|                         $ret[] = $node; | ||||
|                     } else { | ||||
|                         $current_tr_tbody->children[] = $node; | ||||
|                     } | ||||
|                     break; | ||||
|                 } | ||||
|             } | ||||
|         } else { | ||||
|             $ret = array_merge($ret, $content); | ||||
|         } | ||||
| 
 | ||||
|         return $ret; | ||||
| 
 | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
							
								
								
									
										920
									
								
								library/ezyang/htmlpurifier/library/HTMLPurifier/Config.php
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										920
									
								
								library/ezyang/htmlpurifier/library/HTMLPurifier/Config.php
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,920 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Configuration object that triggers customizable behavior. | ||||
|  * | ||||
|  * @warning This class is strongly defined: that means that the class | ||||
|  *          will fail if an undefined directive is retrieved or set. | ||||
|  * | ||||
|  * @note Many classes that could (although many times don't) use the | ||||
|  *       configuration object make it a mandatory parameter.  This is | ||||
|  *       because a configuration object should always be forwarded, | ||||
|  *       otherwise, you run the risk of missing a parameter and then | ||||
|  *       being stumped when a configuration directive doesn't work. | ||||
|  * | ||||
|  * @todo Reconsider some of the public member variables | ||||
|  */ | ||||
| class HTMLPurifier_Config | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * HTML Purifier's version | ||||
|      * @type string | ||||
|      */ | ||||
|     public $version = '4.7.0'; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not to automatically finalize | ||||
|      * the object if a read operation is done. | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $autoFinalize = true; | ||||
| 
 | ||||
|     // protected member variables
 | ||||
| 
 | ||||
|     /** | ||||
|      * Namespace indexed array of serials for specific namespaces. | ||||
|      * @see getSerial() for more info. | ||||
|      * @type string[] | ||||
|      */ | ||||
|     protected $serials = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Serial for entire configuration object. | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $serial; | ||||
| 
 | ||||
|     /** | ||||
|      * Parser for variables. | ||||
|      * @type HTMLPurifier_VarParser_Flexible | ||||
|      */ | ||||
|     protected $parser = null; | ||||
| 
 | ||||
|     /** | ||||
|      * Reference HTMLPurifier_ConfigSchema for value checking. | ||||
|      * @type HTMLPurifier_ConfigSchema | ||||
|      * @note This is public for introspective purposes. Please don't | ||||
|      *       abuse! | ||||
|      */ | ||||
|     public $def; | ||||
| 
 | ||||
|     /** | ||||
|      * Indexed array of definitions. | ||||
|      * @type HTMLPurifier_Definition[] | ||||
|      */ | ||||
|     protected $definitions; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not config is finalized. | ||||
|      * @type bool | ||||
|      */ | ||||
|     protected $finalized = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Property list containing configuration directives. | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $plist; | ||||
| 
 | ||||
|     /** | ||||
|      * Whether or not a set is taking place due to an alias lookup. | ||||
|      * @type bool | ||||
|      */ | ||||
|     private $aliasMode; | ||||
| 
 | ||||
|     /** | ||||
|      * Set to false if you do not want line and file numbers in errors. | ||||
|      * (useful when unit testing).  This will also compress some errors | ||||
|      * and exceptions. | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $chatty = true; | ||||
| 
 | ||||
|     /** | ||||
|      * Current lock; only gets to this namespace are allowed. | ||||
|      * @type string | ||||
|      */ | ||||
|     private $lock; | ||||
| 
 | ||||
|     /** | ||||
|      * Constructor | ||||
|      * @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines | ||||
|      * what directives are allowed. | ||||
|      * @param HTMLPurifier_PropertyList $parent | ||||
|      */ | ||||
|     public function __construct($definition, $parent = null) | ||||
|     { | ||||
|         $parent = $parent ? $parent : $definition->defaultPlist; | ||||
|         $this->plist = new HTMLPurifier_PropertyList($parent); | ||||
|         $this->def = $definition; // keep a copy around for checking
 | ||||
|         $this->parser = new HTMLPurifier_VarParser_Flexible(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience constructor that creates a config object based on a mixed var | ||||
|      * @param mixed $config Variable that defines the state of the config | ||||
|      *                      object. Can be: a HTMLPurifier_Config() object, | ||||
|      *                      an array of directives based on loadArray(), | ||||
|      *                      or a string filename of an ini file. | ||||
|      * @param HTMLPurifier_ConfigSchema $schema Schema object | ||||
|      * @return HTMLPurifier_Config Configured object | ||||
|      */ | ||||
|     public static function create($config, $schema = null) | ||||
|     { | ||||
|         if ($config instanceof HTMLPurifier_Config) { | ||||
|             // pass-through
 | ||||
|             return $config; | ||||
|         } | ||||
|         if (!$schema) { | ||||
|             $ret = HTMLPurifier_Config::createDefault(); | ||||
|         } else { | ||||
|             $ret = new HTMLPurifier_Config($schema); | ||||
|         } | ||||
|         if (is_string($config)) { | ||||
|             $ret->loadIni($config); | ||||
|         } elseif (is_array($config)) $ret->loadArray($config); | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Creates a new config object that inherits from a previous one. | ||||
|      * @param HTMLPurifier_Config $config Configuration object to inherit from. | ||||
|      * @return HTMLPurifier_Config object with $config as its parent. | ||||
|      */ | ||||
|     public static function inherit(HTMLPurifier_Config $config) | ||||
|     { | ||||
|         return new HTMLPurifier_Config($config->def, $config->plist); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience constructor that creates a default configuration object. | ||||
|      * @return HTMLPurifier_Config default object. | ||||
|      */ | ||||
|     public static function createDefault() | ||||
|     { | ||||
|         $definition = HTMLPurifier_ConfigSchema::instance(); | ||||
|         $config = new HTMLPurifier_Config($definition); | ||||
|         return $config; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a value from the configuration. | ||||
|      * | ||||
|      * @param string $key String key | ||||
|      * @param mixed $a | ||||
|      * | ||||
|      * @return mixed | ||||
|      */ | ||||
|     public function get($key, $a = null) | ||||
|     { | ||||
|         if ($a !== null) { | ||||
|             $this->triggerError( | ||||
|                 "Using deprecated API: use \$config->get('$key.$a') instead", | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|             $key = "$key.$a"; | ||||
|         } | ||||
|         if (!$this->finalized) { | ||||
|             $this->autoFinalize(); | ||||
|         } | ||||
|         if (!isset($this->def->info[$key])) { | ||||
|             // can't add % due to SimpleTest bug
 | ||||
|             $this->triggerError( | ||||
|                 'Cannot retrieve value of undefined directive ' . htmlspecialchars($key), | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         if (isset($this->def->info[$key]->isAlias)) { | ||||
|             $d = $this->def->info[$key]; | ||||
|             $this->triggerError( | ||||
|                 'Cannot get value from aliased directive, use real name ' . $d->key, | ||||
|                 E_USER_ERROR | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         if ($this->lock) { | ||||
|             list($ns) = explode('.', $key); | ||||
|             if ($ns !== $this->lock) { | ||||
|                 $this->triggerError( | ||||
|                     'Cannot get value of namespace ' . $ns . ' when lock for ' . | ||||
|                     $this->lock . | ||||
|                     ' is active, this probably indicates a Definition setup method ' . | ||||
|                     'is accessing directives that are not within its namespace', | ||||
|                     E_USER_ERROR | ||||
|                 ); | ||||
|                 return; | ||||
|             } | ||||
|         } | ||||
|         return $this->plist->get($key); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves an array of directives to values from a given namespace | ||||
|      * | ||||
|      * @param string $namespace String namespace | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getBatch($namespace) | ||||
|     { | ||||
|         if (!$this->finalized) { | ||||
|             $this->autoFinalize(); | ||||
|         } | ||||
|         $full = $this->getAll(); | ||||
|         if (!isset($full[$namespace])) { | ||||
|             $this->triggerError( | ||||
|                 'Cannot retrieve undefined namespace ' . | ||||
|                 htmlspecialchars($namespace), | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         return $full[$namespace]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a SHA-1 signature of a segment of the configuration object | ||||
|      * that uniquely identifies that particular configuration | ||||
|      * | ||||
|      * @param string $namespace Namespace to get serial for | ||||
|      * | ||||
|      * @return string | ||||
|      * @note Revision is handled specially and is removed from the batch | ||||
|      *       before processing! | ||||
|      */ | ||||
|     public function getBatchSerial($namespace) | ||||
|     { | ||||
|         if (empty($this->serials[$namespace])) { | ||||
|             $batch = $this->getBatch($namespace); | ||||
|             unset($batch['DefinitionRev']); | ||||
|             $this->serials[$namespace] = sha1(serialize($batch)); | ||||
|         } | ||||
|         return $this->serials[$namespace]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a SHA-1 signature for the entire configuration object | ||||
|      * that uniquely identifies that particular configuration | ||||
|      * | ||||
|      * @return string | ||||
|      */ | ||||
|     public function getSerial() | ||||
|     { | ||||
|         if (empty($this->serial)) { | ||||
|             $this->serial = sha1(serialize($this->getAll())); | ||||
|         } | ||||
|         return $this->serial; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves all directives, organized by namespace | ||||
|      * | ||||
|      * @warning This is a pretty inefficient function, avoid if you can | ||||
|      */ | ||||
|     public function getAll() | ||||
|     { | ||||
|         if (!$this->finalized) { | ||||
|             $this->autoFinalize(); | ||||
|         } | ||||
|         $ret = array(); | ||||
|         foreach ($this->plist->squash() as $name => $value) { | ||||
|             list($ns, $key) = explode('.', $name, 2); | ||||
|             $ret[$ns][$key] = $value; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Sets a value to configuration. | ||||
|      * | ||||
|      * @param string $key key | ||||
|      * @param mixed $value value | ||||
|      * @param mixed $a | ||||
|      */ | ||||
|     public function set($key, $value, $a = null) | ||||
|     { | ||||
|         if (strpos($key, '.') === false) { | ||||
|             $namespace = $key; | ||||
|             $directive = $value; | ||||
|             $value = $a; | ||||
|             $key = "$key.$directive"; | ||||
|             $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE); | ||||
|         } else { | ||||
|             list($namespace) = explode('.', $key); | ||||
|         } | ||||
|         if ($this->isFinalized('Cannot set directive after finalization')) { | ||||
|             return; | ||||
|         } | ||||
|         if (!isset($this->def->info[$key])) { | ||||
|             $this->triggerError( | ||||
|                 'Cannot set undefined directive ' . htmlspecialchars($key) . ' to value', | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         $def = $this->def->info[$key]; | ||||
| 
 | ||||
|         if (isset($def->isAlias)) { | ||||
|             if ($this->aliasMode) { | ||||
|                 $this->triggerError( | ||||
|                     'Double-aliases not allowed, please fix '. | ||||
|                     'ConfigSchema bug with' . $key, | ||||
|                     E_USER_ERROR | ||||
|                 ); | ||||
|                 return; | ||||
|             } | ||||
|             $this->aliasMode = true; | ||||
|             $this->set($def->key, $value); | ||||
|             $this->aliasMode = false; | ||||
|             $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE); | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         // Raw type might be negative when using the fully optimized form
 | ||||
|         // of stdclass, which indicates allow_null == true
 | ||||
|         $rtype = is_int($def) ? $def : $def->type; | ||||
|         if ($rtype < 0) { | ||||
|             $type = -$rtype; | ||||
|             $allow_null = true; | ||||
|         } else { | ||||
|             $type = $rtype; | ||||
|             $allow_null = isset($def->allow_null); | ||||
|         } | ||||
| 
 | ||||
|         try { | ||||
|             $value = $this->parser->parse($value, $type, $allow_null); | ||||
|         } catch (HTMLPurifier_VarParserException $e) { | ||||
|             $this->triggerError( | ||||
|                 'Value for ' . $key . ' is of invalid type, should be ' . | ||||
|                 HTMLPurifier_VarParser::getTypeName($type), | ||||
|                 E_USER_WARNING | ||||
|             ); | ||||
|             return; | ||||
|         } | ||||
|         if (is_string($value) && is_object($def)) { | ||||
|             // resolve value alias if defined
 | ||||
|             if (isset($def->aliases[$value])) { | ||||
|                 $value = $def->aliases[$value]; | ||||
|             } | ||||
|             // check to see if the value is allowed
 | ||||
|             if (isset($def->allowed) && !isset($def->allowed[$value])) { | ||||
|                 $this->triggerError( | ||||
|                     'Value not supported, valid values are: ' . | ||||
|                     $this->_listify($def->allowed), | ||||
|                     E_USER_WARNING | ||||
|                 ); | ||||
|                 return; | ||||
|             } | ||||
|         } | ||||
|         $this->plist->set($key, $value); | ||||
| 
 | ||||
|         // reset definitions if the directives they depend on changed
 | ||||
|         // this is a very costly process, so it's discouraged
 | ||||
|         // with finalization
 | ||||
|         if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') { | ||||
|             $this->definitions[$namespace] = null; | ||||
|         } | ||||
| 
 | ||||
|         $this->serials[$namespace] = false; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience function for error reporting | ||||
|      * | ||||
|      * @param array $lookup | ||||
|      * | ||||
|      * @return string | ||||
|      */ | ||||
|     private function _listify($lookup) | ||||
|     { | ||||
|         $list = array(); | ||||
|         foreach ($lookup as $name => $b) { | ||||
|             $list[] = $name; | ||||
|         } | ||||
|         return implode(', ', $list); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves object reference to the HTML definition. | ||||
|      * | ||||
|      * @param bool $raw Return a copy that has not been setup yet. Must be | ||||
|      *             called before it's been setup, otherwise won't work. | ||||
|      * @param bool $optimized If true, this method may return null, to | ||||
|      *             indicate that a cached version of the modified | ||||
|      *             definition object is available and no further edits | ||||
|      *             are necessary.  Consider using | ||||
|      *             maybeGetRawHTMLDefinition, which is more explicitly | ||||
|      *             named, instead. | ||||
|      * | ||||
|      * @return HTMLPurifier_HTMLDefinition | ||||
|      */ | ||||
|     public function getHTMLDefinition($raw = false, $optimized = false) | ||||
|     { | ||||
|         return $this->getDefinition('HTML', $raw, $optimized); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves object reference to the CSS definition | ||||
|      * | ||||
|      * @param bool $raw Return a copy that has not been setup yet. Must be | ||||
|      *             called before it's been setup, otherwise won't work. | ||||
|      * @param bool $optimized If true, this method may return null, to | ||||
|      *             indicate that a cached version of the modified | ||||
|      *             definition object is available and no further edits | ||||
|      *             are necessary.  Consider using | ||||
|      *             maybeGetRawCSSDefinition, which is more explicitly | ||||
|      *             named, instead. | ||||
|      * | ||||
|      * @return HTMLPurifier_CSSDefinition | ||||
|      */ | ||||
|     public function getCSSDefinition($raw = false, $optimized = false) | ||||
|     { | ||||
|         return $this->getDefinition('CSS', $raw, $optimized); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves object reference to the URI definition | ||||
|      * | ||||
|      * @param bool $raw Return a copy that has not been setup yet. Must be | ||||
|      *             called before it's been setup, otherwise won't work. | ||||
|      * @param bool $optimized If true, this method may return null, to | ||||
|      *             indicate that a cached version of the modified | ||||
|      *             definition object is available and no further edits | ||||
|      *             are necessary.  Consider using | ||||
|      *             maybeGetRawURIDefinition, which is more explicitly | ||||
|      *             named, instead. | ||||
|      * | ||||
|      * @return HTMLPurifier_URIDefinition | ||||
|      */ | ||||
|     public function getURIDefinition($raw = false, $optimized = false) | ||||
|     { | ||||
|         return $this->getDefinition('URI', $raw, $optimized); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves a definition | ||||
|      * | ||||
|      * @param string $type Type of definition: HTML, CSS, etc | ||||
|      * @param bool $raw Whether or not definition should be returned raw | ||||
|      * @param bool $optimized Only has an effect when $raw is true.  Whether | ||||
|      *        or not to return null if the result is already present in | ||||
|      *        the cache.  This is off by default for backwards | ||||
|      *        compatibility reasons, but you need to do things this | ||||
|      *        way in order to ensure that caching is done properly. | ||||
|      *        Check out enduser-customize.html for more details. | ||||
|      *        We probably won't ever change this default, as much as the | ||||
|      *        maybe semantics is the "right thing to do." | ||||
|      * | ||||
|      * @throws HTMLPurifier_Exception | ||||
|      * @return HTMLPurifier_Definition | ||||
|      */ | ||||
|     public function getDefinition($type, $raw = false, $optimized = false) | ||||
|     { | ||||
|         if ($optimized && !$raw) { | ||||
|             throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false"); | ||||
|         } | ||||
|         if (!$this->finalized) { | ||||
|             $this->autoFinalize(); | ||||
|         } | ||||
|         // temporarily suspend locks, so we can handle recursive definition calls
 | ||||
|         $lock = $this->lock; | ||||
|         $this->lock = null; | ||||
|         $factory = HTMLPurifier_DefinitionCacheFactory::instance(); | ||||
|         $cache = $factory->create($type, $this); | ||||
|         $this->lock = $lock; | ||||
|         if (!$raw) { | ||||
|             // full definition
 | ||||
|             // ---------------
 | ||||
|             // check if definition is in memory
 | ||||
|             if (!empty($this->definitions[$type])) { | ||||
|                 $def = $this->definitions[$type]; | ||||
|                 // check if the definition is setup
 | ||||
|                 if ($def->setup) { | ||||
|                     return $def; | ||||
|                 } else { | ||||
|                     $def->setup($this); | ||||
|                     if ($def->optimized) { | ||||
|                         $cache->add($def, $this); | ||||
|                     } | ||||
|                     return $def; | ||||
|                 } | ||||
|             } | ||||
|             // check if definition is in cache
 | ||||
|             $def = $cache->get($this); | ||||
|             if ($def) { | ||||
|                 // definition in cache, save to memory and return it
 | ||||
|                 $this->definitions[$type] = $def; | ||||
|                 return $def; | ||||
|             } | ||||
|             // initialize it
 | ||||
|             $def = $this->initDefinition($type); | ||||
|             // set it up
 | ||||
|             $this->lock = $type; | ||||
|             $def->setup($this); | ||||
|             $this->lock = null; | ||||
|             // save in cache
 | ||||
|             $cache->add($def, $this); | ||||
|             // return it
 | ||||
|             return $def; | ||||
|         } else { | ||||
|             // raw definition
 | ||||
|             // --------------
 | ||||
|             // check preconditions
 | ||||
|             $def = null; | ||||
|             if ($optimized) { | ||||
|                 if (is_null($this->get($type . '.DefinitionID'))) { | ||||
|                     // fatally error out if definition ID not set
 | ||||
|                     throw new HTMLPurifier_Exception( | ||||
|                         "Cannot retrieve raw version without specifying %$type.DefinitionID" | ||||
|                     ); | ||||
|                 } | ||||
|             } | ||||
|             if (!empty($this->definitions[$type])) { | ||||
|                 $def = $this->definitions[$type]; | ||||
|                 if ($def->setup && !$optimized) { | ||||
|                     $extra = $this->chatty ? | ||||
|                         " (try moving this code block earlier in your initialization)" : | ||||
|                         ""; | ||||
|                     throw new HTMLPurifier_Exception( | ||||
|                         "Cannot retrieve raw definition after it has already been setup" . | ||||
|                         $extra | ||||
|                     ); | ||||
|                 } | ||||
|                 if ($def->optimized === null) { | ||||
|                     $extra = $this->chatty ? " (try flushing your cache)" : ""; | ||||
|                     throw new HTMLPurifier_Exception( | ||||
|                         "Optimization status of definition is unknown" . $extra | ||||
|                     ); | ||||
|                 } | ||||
|                 if ($def->optimized !== $optimized) { | ||||
|                     $msg = $optimized ? "optimized" : "unoptimized"; | ||||
|                     $extra = $this->chatty ? | ||||
|                         " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)" | ||||
|                         : ""; | ||||
|                     throw new HTMLPurifier_Exception( | ||||
|                         "Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra | ||||
|                     ); | ||||
|                 } | ||||
|             } | ||||
|             // check if definition was in memory
 | ||||
|             if ($def) { | ||||
|                 if ($def->setup) { | ||||
|                     // invariant: $optimized === true (checked above)
 | ||||
|                     return null; | ||||
|                 } else { | ||||
|                     return $def; | ||||
|                 } | ||||
|             } | ||||
|             // if optimized, check if definition was in cache
 | ||||
|             // (because we do the memory check first, this formulation
 | ||||
|             // is prone to cache slamming, but I think
 | ||||
|             // guaranteeing that either /all/ of the raw
 | ||||
|             // setup code or /none/ of it is run is more important.)
 | ||||
|             if ($optimized) { | ||||
|                 // This code path only gets run once; once we put
 | ||||
|                 // something in $definitions (which is guaranteed by the
 | ||||
|                 // trailing code), we always short-circuit above.
 | ||||
|                 $def = $cache->get($this); | ||||
|                 if ($def) { | ||||
|                     // save the full definition for later, but don't
 | ||||
|                     // return it yet
 | ||||
|                     $this->definitions[$type] = $def; | ||||
|                     return null; | ||||
|                 } | ||||
|             } | ||||
|             // check invariants for creation
 | ||||
|             if (!$optimized) { | ||||
|                 if (!is_null($this->get($type . '.DefinitionID'))) { | ||||
|                     if ($this->chatty) { | ||||
|                         $this->triggerError( | ||||
|                             'Due to a documentation error in previous version of HTML Purifier, your ' . | ||||
|                             'definitions are not being cached.  If this is OK, you can remove the ' . | ||||
|                             '%$type.DefinitionRev and %$type.DefinitionID declaration.  Otherwise, ' . | ||||
|                             'modify your code to use maybeGetRawDefinition, and test if the returned ' . | ||||
|                             'value is null before making any edits (if it is null, that means that a ' . | ||||
|                             'cached version is available, and no raw operations are necessary).  See ' . | ||||
|                             '<a href="http://htmlpurifier.org/docs/enduser-customize.html#optimized">' . | ||||
|                             'Customize</a> for more details', | ||||
|                             E_USER_WARNING | ||||
|                         ); | ||||
|                     } else { | ||||
|                         $this->triggerError( | ||||
|                             "Useless DefinitionID declaration", | ||||
|                             E_USER_WARNING | ||||
|                         ); | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|             // initialize it
 | ||||
|             $def = $this->initDefinition($type); | ||||
|             $def->optimized = $optimized; | ||||
|             return $def; | ||||
|         } | ||||
|         throw new HTMLPurifier_Exception("The impossible happened!"); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Initialise definition | ||||
|      * | ||||
|      * @param string $type What type of definition to create | ||||
|      * | ||||
|      * @return HTMLPurifier_CSSDefinition|HTMLPurifier_HTMLDefinition|HTMLPurifier_URIDefinition | ||||
|      * @throws HTMLPurifier_Exception | ||||
|      */ | ||||
|     private function initDefinition($type) | ||||
|     { | ||||
|         // quick checks failed, let's create the object
 | ||||
|         if ($type == 'HTML') { | ||||
|             $def = new HTMLPurifier_HTMLDefinition(); | ||||
|         } elseif ($type == 'CSS') { | ||||
|             $def = new HTMLPurifier_CSSDefinition(); | ||||
|         } elseif ($type == 'URI') { | ||||
|             $def = new HTMLPurifier_URIDefinition(); | ||||
|         } else { | ||||
|             throw new HTMLPurifier_Exception( | ||||
|                 "Definition of $type type not supported" | ||||
|             ); | ||||
|         } | ||||
|         $this->definitions[$type] = $def; | ||||
|         return $def; | ||||
|     } | ||||
| 
 | ||||
|     public function maybeGetRawDefinition($name) | ||||
|     { | ||||
|         return $this->getDefinition($name, true, true); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_HTMLDefinition | ||||
|      */ | ||||
|     public function maybeGetRawHTMLDefinition() | ||||
|     { | ||||
|         return $this->getDefinition('HTML', true, true); | ||||
|     } | ||||
|      | ||||
|     /** | ||||
|      * @return HTMLPurifier_CSSDefinition | ||||
|      */ | ||||
|     public function maybeGetRawCSSDefinition() | ||||
|     { | ||||
|         return $this->getDefinition('CSS', true, true); | ||||
|     } | ||||
|      | ||||
|     /** | ||||
|      * @return HTMLPurifier_URIDefinition | ||||
|      */ | ||||
|     public function maybeGetRawURIDefinition() | ||||
|     { | ||||
|         return $this->getDefinition('URI', true, true); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from an array with the following structure: | ||||
|      * Namespace.Directive => Value | ||||
|      * | ||||
|      * @param array $config_array Configuration associative array | ||||
|      */ | ||||
|     public function loadArray($config_array) | ||||
|     { | ||||
|         if ($this->isFinalized('Cannot load directives after finalization')) { | ||||
|             return; | ||||
|         } | ||||
|         foreach ($config_array as $key => $value) { | ||||
|             $key = str_replace('_', '.', $key); | ||||
|             if (strpos($key, '.') !== false) { | ||||
|                 $this->set($key, $value); | ||||
|             } else { | ||||
|                 $namespace = $key; | ||||
|                 $namespace_values = $value; | ||||
|                 foreach ($namespace_values as $directive => $value2) { | ||||
|                     $this->set($namespace .'.'. $directive, $value2); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a list of array(namespace, directive) for all directives | ||||
|      * that are allowed in a web-form context as per an allowed | ||||
|      * namespaces/directives list. | ||||
|      * | ||||
|      * @param array $allowed List of allowed namespaces/directives | ||||
|      * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public static function getAllowedDirectivesForForm($allowed, $schema = null) | ||||
|     { | ||||
|         if (!$schema) { | ||||
|             $schema = HTMLPurifier_ConfigSchema::instance(); | ||||
|         } | ||||
|         if ($allowed !== true) { | ||||
|             if (is_string($allowed)) { | ||||
|                 $allowed = array($allowed); | ||||
|             } | ||||
|             $allowed_ns = array(); | ||||
|             $allowed_directives = array(); | ||||
|             $blacklisted_directives = array(); | ||||
|             foreach ($allowed as $ns_or_directive) { | ||||
|                 if (strpos($ns_or_directive, '.') !== false) { | ||||
|                     // directive
 | ||||
|                     if ($ns_or_directive[0] == '-') { | ||||
|                         $blacklisted_directives[substr($ns_or_directive, 1)] = true; | ||||
|                     } else { | ||||
|                         $allowed_directives[$ns_or_directive] = true; | ||||
|                     } | ||||
|                 } else { | ||||
|                     // namespace
 | ||||
|                     $allowed_ns[$ns_or_directive] = true; | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|         $ret = array(); | ||||
|         foreach ($schema->info as $key => $def) { | ||||
|             list($ns, $directive) = explode('.', $key, 2); | ||||
|             if ($allowed !== true) { | ||||
|                 if (isset($blacklisted_directives["$ns.$directive"])) { | ||||
|                     continue; | ||||
|                 } | ||||
|                 if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) { | ||||
|                     continue; | ||||
|                 } | ||||
|             } | ||||
|             if (isset($def->isAlias)) { | ||||
|                 continue; | ||||
|             } | ||||
|             if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') { | ||||
|                 continue; | ||||
|             } | ||||
|             $ret[] = array($ns, $directive); | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from $_GET/$_POST that were posted | ||||
|      * via ConfigForm | ||||
|      * | ||||
|      * @param array $array $_GET or $_POST array to import | ||||
|      * @param string|bool $index Index/name that the config variables are in | ||||
|      * @param array|bool $allowed List of allowed namespaces/directives | ||||
|      * @param bool $mq_fix Boolean whether or not to enable magic quotes fix | ||||
|      * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy | ||||
|      * | ||||
|      * @return mixed | ||||
|      */ | ||||
|     public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) | ||||
|     { | ||||
|         $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema); | ||||
|         $config = HTMLPurifier_Config::create($ret, $schema); | ||||
|         return $config; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Merges in configuration values from $_GET/$_POST to object. NOT STATIC. | ||||
|      * | ||||
|      * @param array $array $_GET or $_POST array to import | ||||
|      * @param string|bool $index Index/name that the config variables are in | ||||
|      * @param array|bool $allowed List of allowed namespaces/directives | ||||
|      * @param bool $mq_fix Boolean whether or not to enable magic quotes fix | ||||
|      */ | ||||
|     public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true) | ||||
|     { | ||||
|          $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def); | ||||
|          $this->loadArray($ret); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Prepares an array from a form into something usable for the more | ||||
|      * strict parts of HTMLPurifier_Config | ||||
|      * | ||||
|      * @param array $array $_GET or $_POST array to import | ||||
|      * @param string|bool $index Index/name that the config variables are in | ||||
|      * @param array|bool $allowed List of allowed namespaces/directives | ||||
|      * @param bool $mq_fix Boolean whether or not to enable magic quotes fix | ||||
|      * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) | ||||
|     { | ||||
|         if ($index !== false) { | ||||
|             $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); | ||||
|         } | ||||
|         $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); | ||||
| 
 | ||||
|         $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); | ||||
|         $ret = array(); | ||||
|         foreach ($allowed as $key) { | ||||
|             list($ns, $directive) = $key; | ||||
|             $skey = "$ns.$directive"; | ||||
|             if (!empty($array["Null_$skey"])) { | ||||
|                 $ret[$ns][$directive] = null; | ||||
|                 continue; | ||||
|             } | ||||
|             if (!isset($array[$skey])) { | ||||
|                 continue; | ||||
|             } | ||||
|             $value = $mq ? stripslashes($array[$skey]) : $array[$skey]; | ||||
|             $ret[$ns][$directive] = $value; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Loads configuration values from an ini file | ||||
|      * | ||||
|      * @param string $filename Name of ini file | ||||
|      */ | ||||
|     public function loadIni($filename) | ||||
|     { | ||||
|         if ($this->isFinalized('Cannot load directives after finalization')) { | ||||
|             return; | ||||
|         } | ||||
|         $array = parse_ini_file($filename, true); | ||||
|         $this->loadArray($array); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Checks whether or not the configuration object is finalized. | ||||
|      * | ||||
|      * @param string|bool $error String error message, or false for no error | ||||
|      * | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function isFinalized($error = false) | ||||
|     { | ||||
|         if ($this->finalized && $error) { | ||||
|             $this->triggerError($error, E_USER_ERROR); | ||||
|         } | ||||
|         return $this->finalized; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Finalizes configuration only if auto finalize is on and not | ||||
|      * already finalized | ||||
|      */ | ||||
|     public function autoFinalize() | ||||
|     { | ||||
|         if ($this->autoFinalize) { | ||||
|             $this->finalize(); | ||||
|         } else { | ||||
|             $this->plist->squash(true); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Finalizes a configuration object, prohibiting further change | ||||
|      */ | ||||
|     public function finalize() | ||||
|     { | ||||
|         $this->finalized = true; | ||||
|         $this->parser = null; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Produces a nicely formatted error message by supplying the | ||||
|      * stack frame information OUTSIDE of HTMLPurifier_Config. | ||||
|      * | ||||
|      * @param string $msg An error message | ||||
|      * @param int $no An error number | ||||
|      */ | ||||
|     protected function triggerError($msg, $no) | ||||
|     { | ||||
|         // determine previous stack frame
 | ||||
|         $extra = ''; | ||||
|         if ($this->chatty) { | ||||
|             $trace = debug_backtrace(); | ||||
|             // zip(tail(trace), trace) -- but PHP is not Haskell har har
 | ||||
|             for ($i = 0, $c = count($trace); $i < $c - 1; $i++) { | ||||
|                 // XXX this is not correct on some versions of HTML Purifier
 | ||||
|                 if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') { | ||||
|                     continue; | ||||
|                 } | ||||
|                 $frame = $trace[$i]; | ||||
|                 $extra = " invoked on line {$frame['line']} in file {$frame['file']}"; | ||||
|                 break; | ||||
|             } | ||||
|         } | ||||
|         trigger_error($msg . $extra, $no); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a serialized form of the configuration object that can | ||||
|      * be reconstituted. | ||||
|      * | ||||
|      * @return string | ||||
|      */ | ||||
|     public function serialize() | ||||
|     { | ||||
|         $this->getDefinition('HTML'); | ||||
|         $this->getDefinition('CSS'); | ||||
|         $this->getDefinition('URI'); | ||||
|         return serialize($this); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -3,21 +3,24 @@ | |||
| /** | ||||
|  * Configuration definition, defines directives and their defaults. | ||||
|  */ | ||||
| class HTMLPurifier_ConfigSchema { | ||||
| 
 | ||||
| class HTMLPurifier_ConfigSchema | ||||
| { | ||||
|     /** | ||||
|      * Defaults of the directives and namespaces. | ||||
|      * @type array | ||||
|      * @note This shares the exact same structure as HTMLPurifier_Config::$conf | ||||
|      */ | ||||
|     public $defaults = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * The default property list. Do not edit this property list. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $defaultPlist; | ||||
| 
 | ||||
|     /** | ||||
|      * Definition of the directives. The structure of this is: | ||||
|      * Definition of the directives. | ||||
|      * The structure of this is: | ||||
|      * | ||||
|      *  array( | ||||
|      *      'Namespace' => array( | ||||
|  | @ -44,29 +47,43 @@ class HTMLPurifier_ConfigSchema { | |||
|      * This class is friendly with HTMLPurifier_Config. If you need introspection | ||||
|      * about the schema, you're better of using the ConfigSchema_Interchange, | ||||
|      * which uses more memory but has much richer information. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $info = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Application-wide singleton | ||||
|      * @type HTMLPurifier_ConfigSchema | ||||
|      */ | ||||
|     static protected $singleton; | ||||
|     protected static $singleton; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->defaultPlist = new HTMLPurifier_PropertyList(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Unserializes the default ConfigSchema. | ||||
|      * @return HTMLPurifier_ConfigSchema | ||||
|      */ | ||||
|     public static function makeFromSerial() { | ||||
|         return unserialize(file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser')); | ||||
|     public static function makeFromSerial() | ||||
|     { | ||||
|         $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser'); | ||||
|         $r = unserialize($contents); | ||||
|         if (!$r) { | ||||
|             $hash = sha1($contents); | ||||
|             trigger_error("Unserialization of configuration schema failed, sha1 of file was $hash", E_USER_ERROR); | ||||
|         } | ||||
|         return $r; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Retrieves an instance of the application-wide configuration definition. | ||||
|      * @param HTMLPurifier_ConfigSchema $prototype | ||||
|      * @return HTMLPurifier_ConfigSchema | ||||
|      */ | ||||
|     public static function instance($prototype = null) { | ||||
|     public static function instance($prototype = null) | ||||
|     { | ||||
|         if ($prototype !== null) { | ||||
|             HTMLPurifier_ConfigSchema::$singleton = $prototype; | ||||
|         } elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) { | ||||
|  | @ -80,17 +97,19 @@ class HTMLPurifier_ConfigSchema { | |||
|      * @warning Will fail of directive's namespace is defined. | ||||
|      * @warning This method's signature is slightly different from the legacy | ||||
|      *          define() static method! Beware! | ||||
|      * @param $namespace Namespace the directive is in | ||||
|      * @param $name Key of directive | ||||
|      * @param $default Default value of directive | ||||
|      * @param $type Allowed type of the directive. See | ||||
|      * @param string $key Name of directive | ||||
|      * @param mixed $default Default value of directive | ||||
|      * @param string $type Allowed type of the directive. See | ||||
|      *      HTMLPurifier_DirectiveDef::$type for allowed values | ||||
|      * @param $allow_null Whether or not to allow null values | ||||
|      * @param bool $allow_null Whether or not to allow null values | ||||
|      */ | ||||
|     public function add($key, $default, $type, $allow_null) { | ||||
|     public function add($key, $default, $type, $allow_null) | ||||
|     { | ||||
|         $obj = new stdclass(); | ||||
|         $obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type]; | ||||
|         if ($allow_null) $obj->allow_null = true; | ||||
|         if ($allow_null) { | ||||
|             $obj->allow_null = true; | ||||
|         } | ||||
|         $this->info[$key] = $obj; | ||||
|         $this->defaults[$key] = $default; | ||||
|         $this->defaultPlist->set($key, $default); | ||||
|  | @ -101,11 +120,11 @@ class HTMLPurifier_ConfigSchema { | |||
|      * | ||||
|      * Directive value aliases are convenient for developers because it lets | ||||
|      * them set a directive to several values and get the same result. | ||||
|      * @param $namespace Directive's namespace | ||||
|      * @param $name Name of Directive | ||||
|      * @param $aliases Hash of aliased values to the real alias | ||||
|      * @param string $key Name of Directive | ||||
|      * @param array $aliases Hash of aliased values to the real alias | ||||
|      */ | ||||
|     public function addValueAliases($key, $aliases) { | ||||
|     public function addValueAliases($key, $aliases) | ||||
|     { | ||||
|         if (!isset($this->info[$key]->aliases)) { | ||||
|             $this->info[$key]->aliases = array(); | ||||
|         } | ||||
|  | @ -118,22 +137,21 @@ class HTMLPurifier_ConfigSchema { | |||
|      * Defines a set of allowed values for a directive. | ||||
|      * @warning This is slightly different from the corresponding static | ||||
|      *          method definition. | ||||
|      * @param $namespace Namespace of directive | ||||
|      * @param $name Name of directive | ||||
|      * @param $allowed Lookup array of allowed values | ||||
|      * @param string $key Name of directive | ||||
|      * @param array $allowed Lookup array of allowed values | ||||
|      */ | ||||
|     public function addAllowedValues($key, $allowed) { | ||||
|     public function addAllowedValues($key, $allowed) | ||||
|     { | ||||
|         $this->info[$key]->allowed = $allowed; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Defines a directive alias for backwards compatibility | ||||
|      * @param $namespace | ||||
|      * @param $name Directive that will be aliased | ||||
|      * @param $new_namespace | ||||
|      * @param $new_name Directive that the alias will be to | ||||
|      * @param string $key Directive that will be aliased | ||||
|      * @param string $new_key Directive that the alias will be to | ||||
|      */ | ||||
|     public function addAlias($key, $new_key) { | ||||
|     public function addAlias($key, $new_key) | ||||
|     { | ||||
|         $obj = new stdclass; | ||||
|         $obj->key = $new_key; | ||||
|         $obj->isAlias = true; | ||||
|  | @ -143,7 +161,8 @@ class HTMLPurifier_ConfigSchema { | |||
|     /** | ||||
|      * Replaces any stdclass that only has the type property with type integer. | ||||
|      */ | ||||
|     public function postProcess() { | ||||
|     public function postProcess() | ||||
|     { | ||||
|         foreach ($this->info as $key => $v) { | ||||
|             if (count((array) $v) == 1) { | ||||
|                 $this->info[$key] = $v->type; | ||||
|  | @ -152,7 +171,6 @@ class HTMLPurifier_ConfigSchema { | |||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,7 +7,12 @@ | |||
| class HTMLPurifier_ConfigSchema_Builder_ConfigSchema | ||||
| { | ||||
| 
 | ||||
|     public function build($interchange) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      * @return HTMLPurifier_ConfigSchema | ||||
|      */ | ||||
|     public function build($interchange) | ||||
|     { | ||||
|         $schema = new HTMLPurifier_ConfigSchema(); | ||||
|         foreach ($interchange->directives as $d) { | ||||
|             $schema->add( | ||||
|  | @ -38,7 +43,6 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema | |||
|         $schema->postProcess(); | ||||
|         return $schema; | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,10 +7,21 @@ | |||
| class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange | ||||
|      */ | ||||
|     protected $interchange; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     private $namespace; | ||||
| 
 | ||||
|     protected function writeHTMLDiv($html) { | ||||
|     /** | ||||
|      * @param string $html | ||||
|      */ | ||||
|     protected function writeHTMLDiv($html) | ||||
|     { | ||||
|         $this->startElement('div'); | ||||
| 
 | ||||
|         $purifier = HTMLPurifier::getInstance(); | ||||
|  | @ -21,12 +32,23 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter | |||
|         $this->endElement(); // div
 | ||||
|     } | ||||
| 
 | ||||
|     protected function export($var) { | ||||
|         if ($var === array()) return 'array()'; | ||||
|     /** | ||||
|      * @param mixed $var | ||||
|      * @return string | ||||
|      */ | ||||
|     protected function export($var) | ||||
|     { | ||||
|         if ($var === array()) { | ||||
|             return 'array()'; | ||||
|         } | ||||
|         return var_export($var, true); | ||||
|     } | ||||
| 
 | ||||
|     public function build($interchange) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      */ | ||||
|     public function build($interchange) | ||||
|     { | ||||
|         // global access, only use as last resort
 | ||||
|         $this->interchange = $interchange; | ||||
| 
 | ||||
|  | @ -39,19 +61,26 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter | |||
|             $this->buildDirective($directive); | ||||
|         } | ||||
| 
 | ||||
|         if ($this->namespace) $this->endElement(); // namespace
 | ||||
|         if ($this->namespace) { | ||||
|             $this->endElement(); | ||||
|         } // namespace
 | ||||
| 
 | ||||
|         $this->endElement(); // configdoc
 | ||||
|         $this->flush(); | ||||
|     } | ||||
| 
 | ||||
|     public function buildDirective($directive) { | ||||
| 
 | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive | ||||
|      */ | ||||
|     public function buildDirective($directive) | ||||
|     { | ||||
|         // Kludge, although I suppose having a notion of a "root namespace"
 | ||||
|         // certainly makes things look nicer when documentation is built.
 | ||||
|         // Depends on things being sorted.
 | ||||
|         if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) { | ||||
|             if ($this->namespace) $this->endElement(); // namespace
 | ||||
|             if ($this->namespace) { | ||||
|                 $this->endElement(); | ||||
|             } // namespace
 | ||||
|             $this->namespace = $directive->id->getRootNamespace(); | ||||
|             $this->startElement('namespace'); | ||||
|             $this->writeAttribute('id', $this->namespace); | ||||
|  | @ -64,43 +93,52 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter | |||
|         $this->writeElement('name', $directive->id->getDirective()); | ||||
| 
 | ||||
|         $this->startElement('aliases'); | ||||
|             foreach ($directive->aliases as $alias) $this->writeElement('alias', $alias->toString()); | ||||
|         foreach ($directive->aliases as $alias) { | ||||
|             $this->writeElement('alias', $alias->toString()); | ||||
|         } | ||||
|         $this->endElement(); // aliases
 | ||||
| 
 | ||||
|         $this->startElement('constraints'); | ||||
|             if ($directive->version) $this->writeElement('version', $directive->version); | ||||
|             $this->startElement('type'); | ||||
|                 if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes'); | ||||
|                 $this->text($directive->type); | ||||
|             $this->endElement(); // type
 | ||||
|             if ($directive->allowed) { | ||||
|                 $this->startElement('allowed'); | ||||
|                     foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value); | ||||
|                 $this->endElement(); // allowed
 | ||||
|         if ($directive->version) { | ||||
|             $this->writeElement('version', $directive->version); | ||||
|         } | ||||
|         $this->startElement('type'); | ||||
|         if ($directive->typeAllowsNull) { | ||||
|             $this->writeAttribute('allow-null', 'yes'); | ||||
|         } | ||||
|         $this->text($directive->type); | ||||
|         $this->endElement(); // type
 | ||||
|         if ($directive->allowed) { | ||||
|             $this->startElement('allowed'); | ||||
|             foreach ($directive->allowed as $value => $x) { | ||||
|                 $this->writeElement('value', $value); | ||||
|             } | ||||
|             $this->writeElement('default', $this->export($directive->default)); | ||||
|             $this->writeAttribute('xml:space', 'preserve'); | ||||
|             if ($directive->external) { | ||||
|                 $this->startElement('external'); | ||||
|                     foreach ($directive->external as $project) $this->writeElement('project', $project); | ||||
|                 $this->endElement(); | ||||
|             $this->endElement(); // allowed
 | ||||
|         } | ||||
|         $this->writeElement('default', $this->export($directive->default)); | ||||
|         $this->writeAttribute('xml:space', 'preserve'); | ||||
|         if ($directive->external) { | ||||
|             $this->startElement('external'); | ||||
|             foreach ($directive->external as $project) { | ||||
|                 $this->writeElement('project', $project); | ||||
|             } | ||||
|             $this->endElement(); | ||||
|         } | ||||
|         $this->endElement(); // constraints
 | ||||
| 
 | ||||
|         if ($directive->deprecatedVersion) { | ||||
|             $this->startElement('deprecated'); | ||||
|                 $this->writeElement('version', $directive->deprecatedVersion); | ||||
|                 $this->writeElement('use', $directive->deprecatedUse->toString()); | ||||
|             $this->writeElement('version', $directive->deprecatedVersion); | ||||
|             $this->writeElement('use', $directive->deprecatedUse->toString()); | ||||
|             $this->endElement(); // deprecated
 | ||||
|         } | ||||
| 
 | ||||
|         $this->startElement('description'); | ||||
|             $this->writeHTMLDiv($directive->description); | ||||
|         $this->writeHTMLDiv($directive->description); | ||||
|         $this->endElement(); // description
 | ||||
| 
 | ||||
|         $this->endElement(); // directive
 | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -10,18 +10,23 @@ class HTMLPurifier_ConfigSchema_Interchange | |||
| 
 | ||||
|     /** | ||||
|      * Name of the application this schema is describing. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $name; | ||||
| 
 | ||||
|     /** | ||||
|      * Array of Directive ID => array(directive info) | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange_Directive[] | ||||
|      */ | ||||
|     public $directives = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Adds a directive array to $directives | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive | ||||
|      * @throws HTMLPurifier_ConfigSchema_Exception | ||||
|      */ | ||||
|     public function addDirective($directive) { | ||||
|     public function addDirective($directive) | ||||
|     { | ||||
|         if (isset($this->directives[$i = $directive->id->toString()])) { | ||||
|             throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'"); | ||||
|         } | ||||
|  | @ -32,11 +37,11 @@ class HTMLPurifier_ConfigSchema_Interchange | |||
|      * Convenience function to perform standard validation. Throws exception | ||||
|      * on failed validation. | ||||
|      */ | ||||
|     public function validate() { | ||||
|     public function validate() | ||||
|     { | ||||
|         $validator = new HTMLPurifier_ConfigSchema_Validator(); | ||||
|         return $validator->validate($this); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -7,71 +7,83 @@ class HTMLPurifier_ConfigSchema_Interchange_Directive | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * ID of directive, instance of HTMLPurifier_ConfigSchema_Interchange_Id. | ||||
|      * ID of directive. | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange_Id | ||||
|      */ | ||||
|     public $id; | ||||
| 
 | ||||
|     /** | ||||
|      * String type, e.g. 'integer' or 'istring'. | ||||
|      * Type, e.g. 'integer' or 'istring'. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $type; | ||||
| 
 | ||||
|     /** | ||||
|      * Default value, e.g. 3 or 'DefaultVal'. | ||||
|      * @type mixed | ||||
|      */ | ||||
|     public $default; | ||||
| 
 | ||||
|     /** | ||||
|      * HTML description. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $description; | ||||
| 
 | ||||
|     /** | ||||
|      * Boolean whether or not null is allowed as a value. | ||||
|      * Whether or not null is allowed as a value. | ||||
|      * @type bool | ||||
|      */ | ||||
|     public $typeAllowsNull = false; | ||||
| 
 | ||||
|     /** | ||||
|      * Lookup table of allowed scalar values, e.g. array('allowed' => true). | ||||
|      * Lookup table of allowed scalar values. | ||||
|      * e.g. array('allowed' => true). | ||||
|      * Null if all values are allowed. | ||||
|      * @type array | ||||
|      */ | ||||
|     public $allowed; | ||||
| 
 | ||||
|     /** | ||||
|      * List of aliases for the directive, | ||||
|      * List of aliases for the directive. | ||||
|      * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))). | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange_Id[] | ||||
|      */ | ||||
|     public $aliases = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * Hash of value aliases, e.g. array('alt' => 'real'). Null if value | ||||
|      * aliasing is disabled (necessary for non-scalar types). | ||||
|      * @type array | ||||
|      */ | ||||
|     public $valueAliases; | ||||
| 
 | ||||
|     /** | ||||
|      * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'. | ||||
|      * Null if the directive has always existed. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $version; | ||||
| 
 | ||||
|     /** | ||||
|      * ID of directive that supercedes this old directive, is an instance | ||||
|      * of HTMLPurifier_ConfigSchema_Interchange_Id. Null if not deprecated. | ||||
|      * ID of directive that supercedes this old directive. | ||||
|      * Null if not deprecated. | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange_Id | ||||
|      */ | ||||
|     public $deprecatedUse; | ||||
| 
 | ||||
|     /** | ||||
|      * Version of HTML Purifier this directive was deprecated. Null if not | ||||
|      * deprecated. | ||||
|      * @type string | ||||
|      */ | ||||
|     public $deprecatedVersion; | ||||
| 
 | ||||
|     /** | ||||
|      * List of external projects this directive depends on, e.g. array('CSSTidy'). | ||||
|      * @type array | ||||
|      */ | ||||
|     public $external = array(); | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -6,32 +6,53 @@ | |||
| class HTMLPurifier_ConfigSchema_Interchange_Id | ||||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     public $key; | ||||
| 
 | ||||
|     public function __construct($key) { | ||||
|     /** | ||||
|      * @param string $key | ||||
|      */ | ||||
|     public function __construct($key) | ||||
|     { | ||||
|         $this->key = $key; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return string | ||||
|      * @warning This is NOT magic, to ensure that people don't abuse SPL and | ||||
|      *          cause problems for PHP 5.0 support. | ||||
|      */ | ||||
|     public function toString() { | ||||
|     public function toString() | ||||
|     { | ||||
|         return $this->key; | ||||
|     } | ||||
| 
 | ||||
|     public function getRootNamespace() { | ||||
|     /** | ||||
|      * @return string | ||||
|      */ | ||||
|     public function getRootNamespace() | ||||
|     { | ||||
|         return substr($this->key, 0, strpos($this->key, ".")); | ||||
|     } | ||||
| 
 | ||||
|     public function getDirective() { | ||||
|     /** | ||||
|      * @return string | ||||
|      */ | ||||
|     public function getDirective() | ||||
|     { | ||||
|         return substr($this->key, strpos($this->key, ".") + 1); | ||||
|     } | ||||
| 
 | ||||
|     public static function make($id) { | ||||
|     /** | ||||
|      * @param string $id | ||||
|      * @return HTMLPurifier_ConfigSchema_Interchange_Id | ||||
|      */ | ||||
|     public static function make($id) | ||||
|     { | ||||
|         return new HTMLPurifier_ConfigSchema_Interchange_Id($id); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -5,21 +5,39 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
| 
 | ||||
|     /** | ||||
|      * Used for processing DEFAULT, nothing else. | ||||
|      * @type HTMLPurifier_VarParser | ||||
|      */ | ||||
|     protected $varParser; | ||||
| 
 | ||||
|     public function __construct($varParser = null) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_VarParser $varParser | ||||
|      */ | ||||
|     public function __construct($varParser = null) | ||||
|     { | ||||
|         $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native(); | ||||
|     } | ||||
| 
 | ||||
|     public static function buildFromDirectory($dir = null) { | ||||
|         $builder     = new HTMLPurifier_ConfigSchema_InterchangeBuilder(); | ||||
|     /** | ||||
|      * @param string $dir | ||||
|      * @return HTMLPurifier_ConfigSchema_Interchange | ||||
|      */ | ||||
|     public static function buildFromDirectory($dir = null) | ||||
|     { | ||||
|         $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder(); | ||||
|         $interchange = new HTMLPurifier_ConfigSchema_Interchange(); | ||||
|         return $builder->buildDir($interchange, $dir); | ||||
|     } | ||||
| 
 | ||||
|     public function buildDir($interchange, $dir = null) { | ||||
|         if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema'; | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      * @param string $dir | ||||
|      * @return HTMLPurifier_ConfigSchema_Interchange | ||||
|      */ | ||||
|     public function buildDir($interchange, $dir = null) | ||||
|     { | ||||
|         if (!$dir) { | ||||
|             $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema'; | ||||
|         } | ||||
|         if (file_exists($dir . '/info.ini')) { | ||||
|             $info = parse_ini_file($dir . '/info.ini'); | ||||
|             $interchange->name = $info['name']; | ||||
|  | @ -39,24 +57,30 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
|         foreach ($files as $file) { | ||||
|             $this->buildFile($interchange, $dir . '/' . $file); | ||||
|         } | ||||
| 
 | ||||
|         return $interchange; | ||||
|     } | ||||
| 
 | ||||
|     public function buildFile($interchange, $file) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      * @param string $file | ||||
|      */ | ||||
|     public function buildFile($interchange, $file) | ||||
|     { | ||||
|         $parser = new HTMLPurifier_StringHashParser(); | ||||
|         $this->build( | ||||
|             $interchange, | ||||
|             new HTMLPurifier_StringHash( $parser->parseFile($file) ) | ||||
|             new HTMLPurifier_StringHash($parser->parseFile($file)) | ||||
|         ); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Builds an interchange object based on a hash. | ||||
|      * @param $interchange HTMLPurifier_ConfigSchema_Interchange object to build | ||||
|      * @param $hash HTMLPurifier_ConfigSchema_StringHash source data | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build | ||||
|      * @param HTMLPurifier_StringHash $hash source data | ||||
|      * @throws HTMLPurifier_ConfigSchema_Exception | ||||
|      */ | ||||
|     public function build($interchange, $hash) { | ||||
|     public function build($interchange, $hash) | ||||
|     { | ||||
|         if (!$hash instanceof HTMLPurifier_StringHash) { | ||||
|             $hash = new HTMLPurifier_StringHash($hash); | ||||
|         } | ||||
|  | @ -75,7 +99,13 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
|         $this->_findUnused($hash); | ||||
|     } | ||||
| 
 | ||||
|     public function buildDirective($interchange, $hash) { | ||||
|     /** | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      * @param HTMLPurifier_StringHash $hash | ||||
|      * @throws HTMLPurifier_ConfigSchema_Exception | ||||
|      */ | ||||
|     public function buildDirective($interchange, $hash) | ||||
|     { | ||||
|         $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive(); | ||||
| 
 | ||||
|         // These are required elements:
 | ||||
|  | @ -84,7 +114,9 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
| 
 | ||||
|         if (isset($hash['TYPE'])) { | ||||
|             $type = explode('/', $hash->offsetGet('TYPE')); | ||||
|             if (isset($type[1])) $directive->typeAllowsNull = true; | ||||
|             if (isset($type[1])) { | ||||
|                 $directive->typeAllowsNull = true; | ||||
|             } | ||||
|             $directive->type = $type[0]; | ||||
|         } else { | ||||
|             throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined"); | ||||
|  | @ -92,7 +124,11 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
| 
 | ||||
|         if (isset($hash['DEFAULT'])) { | ||||
|             try { | ||||
|                 $directive->default = $this->varParser->parse($hash->offsetGet('DEFAULT'), $directive->type, $directive->typeAllowsNull); | ||||
|                 $directive->default = $this->varParser->parse( | ||||
|                     $hash->offsetGet('DEFAULT'), | ||||
|                     $directive->type, | ||||
|                     $directive->typeAllowsNull | ||||
|                 ); | ||||
|             } catch (HTMLPurifier_VarParserException $e) { | ||||
|                 throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'"); | ||||
|             } | ||||
|  | @ -139,34 +175,45 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
| 
 | ||||
|     /** | ||||
|      * Evaluates an array PHP code string without array() wrapper | ||||
|      * @param string $contents | ||||
|      */ | ||||
|     protected function evalArray($contents) { | ||||
|         return eval('return array('. $contents .');'); | ||||
|     protected function evalArray($contents) | ||||
|     { | ||||
|         return eval('return array(' . $contents . ');'); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Converts an array list into a lookup array. | ||||
|      * @param array $array | ||||
|      * @return array | ||||
|      */ | ||||
|     protected function lookup($array) { | ||||
|     protected function lookup($array) | ||||
|     { | ||||
|         $ret = array(); | ||||
|         foreach ($array as $val) $ret[$val] = true; | ||||
|         foreach ($array as $val) { | ||||
|             $ret[$val] = true; | ||||
|         } | ||||
|         return $ret; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id | ||||
|      * object based on a string Id. | ||||
|      * @param string $id | ||||
|      * @return HTMLPurifier_ConfigSchema_Interchange_Id | ||||
|      */ | ||||
|     protected function id($id) { | ||||
|     protected function id($id) | ||||
|     { | ||||
|         return HTMLPurifier_ConfigSchema_Interchange_Id::make($id); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Triggers errors for any unused keys passed in the hash; such keys | ||||
|      * may indicate typos, missing values, etc. | ||||
|      * @param $hash Instance of ConfigSchema_StringHash to check. | ||||
|      * @param HTMLPurifier_StringHash $hash Hash to check. | ||||
|      */ | ||||
|     protected function _findUnused($hash) { | ||||
|     protected function _findUnused($hash) | ||||
|     { | ||||
|         $accessed = $hash->getAccessed(); | ||||
|         foreach ($hash as $k => $v) { | ||||
|             if (!isset($accessed[$k])) { | ||||
|  | @ -174,7 +221,6 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder | |||
|             } | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -12,36 +12,48 @@ class HTMLPurifier_ConfigSchema_Validator | |||
| { | ||||
| 
 | ||||
|     /** | ||||
|      * Easy to access global objects. | ||||
|      * @type HTMLPurifier_ConfigSchema_Interchange | ||||
|      */ | ||||
|     protected $interchange, $aliases; | ||||
|     protected $interchange; | ||||
| 
 | ||||
|     /** | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $aliases; | ||||
| 
 | ||||
|     /** | ||||
|      * Context-stack to provide easy to read error messages. | ||||
|      * @type array | ||||
|      */ | ||||
|     protected $context = array(); | ||||
| 
 | ||||
|     /** | ||||
|      * HTMLPurifier_VarParser to test default's type. | ||||
|      * to test default's type. | ||||
|      * @type HTMLPurifier_VarParser | ||||
|      */ | ||||
|     protected $parser; | ||||
| 
 | ||||
|     public function __construct() { | ||||
|     public function __construct() | ||||
|     { | ||||
|         $this->parser = new HTMLPurifier_VarParser(); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Validates a fully-formed interchange object. Throws an | ||||
|      * HTMLPurifier_ConfigSchema_Exception if there's a problem. | ||||
|      * Validates a fully-formed interchange object. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange $interchange | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function validate($interchange) { | ||||
|     public function validate($interchange) | ||||
|     { | ||||
|         $this->interchange = $interchange; | ||||
|         $this->aliases = array(); | ||||
|         // PHP is a bit lax with integer <=> string conversions in
 | ||||
|         // arrays, so we don't use the identical !== comparison
 | ||||
|         foreach ($interchange->directives as $i => $directive) { | ||||
|             $id = $directive->id->toString(); | ||||
|             if ($i != $id) $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'"); | ||||
|             if ($i != $id) { | ||||
|                 $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'"); | ||||
|             } | ||||
|             $this->validateDirective($directive); | ||||
|         } | ||||
|         return true; | ||||
|  | @ -49,8 +61,10 @@ class HTMLPurifier_ConfigSchema_Validator | |||
| 
 | ||||
|     /** | ||||
|      * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Id $id | ||||
|      */ | ||||
|     public function validateId($id) { | ||||
|     public function validateId($id) | ||||
|     { | ||||
|         $id_string = $id->toString(); | ||||
|         $this->context[] = "id '$id_string'"; | ||||
|         if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) { | ||||
|  | @ -67,8 +81,10 @@ class HTMLPurifier_ConfigSchema_Validator | |||
| 
 | ||||
|     /** | ||||
|      * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d | ||||
|      */ | ||||
|     public function validateDirective($d) { | ||||
|     public function validateDirective($d) | ||||
|     { | ||||
|         $id = $d->id->toString(); | ||||
|         $this->context[] = "directive '$id'"; | ||||
|         $this->validateId($d->id); | ||||
|  | @ -108,9 +124,13 @@ class HTMLPurifier_ConfigSchema_Validator | |||
|     /** | ||||
|      * Extra validation if $allowed member variable of | ||||
|      * HTMLPurifier_ConfigSchema_Interchange_Directive is defined. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d | ||||
|      */ | ||||
|     public function validateDirectiveAllowed($d) { | ||||
|         if (is_null($d->allowed)) return; | ||||
|     public function validateDirectiveAllowed($d) | ||||
|     { | ||||
|         if (is_null($d->allowed)) { | ||||
|             return; | ||||
|         } | ||||
|         $this->with($d, 'allowed') | ||||
|             ->assertNotEmpty() | ||||
|             ->assertIsLookup(); // handled by InterchangeBuilder
 | ||||
|  | @ -119,7 +139,9 @@ class HTMLPurifier_ConfigSchema_Validator | |||
|         } | ||||
|         $this->context[] = 'allowed'; | ||||
|         foreach ($d->allowed as $val => $x) { | ||||
|             if (!is_string($val)) $this->error("value $val", 'must be a string'); | ||||
|             if (!is_string($val)) { | ||||
|                 $this->error("value $val", 'must be a string'); | ||||
|             } | ||||
|         } | ||||
|         array_pop($this->context); | ||||
|     } | ||||
|  | @ -127,15 +149,23 @@ class HTMLPurifier_ConfigSchema_Validator | |||
|     /** | ||||
|      * Extra validation if $valueAliases member variable of | ||||
|      * HTMLPurifier_ConfigSchema_Interchange_Directive is defined. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d | ||||
|      */ | ||||
|     public function validateDirectiveValueAliases($d) { | ||||
|         if (is_null($d->valueAliases)) return; | ||||
|     public function validateDirectiveValueAliases($d) | ||||
|     { | ||||
|         if (is_null($d->valueAliases)) { | ||||
|             return; | ||||
|         } | ||||
|         $this->with($d, 'valueAliases') | ||||
|             ->assertIsArray(); // handled by InterchangeBuilder
 | ||||
|         $this->context[] = 'valueAliases'; | ||||
|         foreach ($d->valueAliases as $alias => $real) { | ||||
|             if (!is_string($alias)) $this->error("alias $alias", 'must be a string'); | ||||
|             if (!is_string($real))  $this->error("alias target $real from alias '$alias'",  'must be a string'); | ||||
|             if (!is_string($alias)) { | ||||
|                 $this->error("alias $alias", 'must be a string'); | ||||
|             } | ||||
|             if (!is_string($real)) { | ||||
|                 $this->error("alias target $real from alias '$alias'", 'must be a string'); | ||||
|             } | ||||
|             if ($alias === $real) { | ||||
|                 $this->error("alias '$alias'", "must not be an alias to itself"); | ||||
|             } | ||||
|  | @ -155,8 +185,10 @@ class HTMLPurifier_ConfigSchema_Validator | |||
|     /** | ||||
|      * Extra validation if $aliases member variable of | ||||
|      * HTMLPurifier_ConfigSchema_Interchange_Directive is defined. | ||||
|      * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d | ||||
|      */ | ||||
|     public function validateDirectiveAliases($d) { | ||||
|     public function validateDirectiveAliases($d) | ||||
|     { | ||||
|         $this->with($d, 'aliases') | ||||
|             ->assertIsArray(); // handled by InterchangeBuilder
 | ||||
|         $this->context[] = 'aliases'; | ||||
|  | @ -180,27 +212,37 @@ class HTMLPurifier_ConfigSchema_Validator | |||
|     /** | ||||
|      * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      * for validating simple member variables of objects. | ||||
|      * @param $obj | ||||
|      * @param $member | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     protected function with($obj, $member) { | ||||
|     protected function with($obj, $member) | ||||
|     { | ||||
|         return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Emits an error, providing helpful context. | ||||
|      * @throws HTMLPurifier_ConfigSchema_Exception | ||||
|      */ | ||||
|     protected function error($target, $msg) { | ||||
|         if ($target !== false) $prefix = ucfirst($target) . ' in ' .  $this->getFormattedContext(); | ||||
|         else $prefix = ucfirst($this->getFormattedContext()); | ||||
|     protected function error($target, $msg) | ||||
|     { | ||||
|         if ($target !== false) { | ||||
|             $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext(); | ||||
|         } else { | ||||
|             $prefix = ucfirst($this->getFormattedContext()); | ||||
|         } | ||||
|         throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg)); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Returns a formatted context string. | ||||
|      * @return string | ||||
|      */ | ||||
|     protected function getFormattedContext() { | ||||
|     protected function getFormattedContext() | ||||
|     { | ||||
|         return implode(' in ', array_reverse($this->context)); | ||||
|     } | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
|  | @ -0,0 +1,130 @@ | |||
| <?php | ||||
| 
 | ||||
| /** | ||||
|  * Fluent interface for validating the contents of member variables. | ||||
|  * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for | ||||
|  * use-cases. We name this an 'atom' because it's ONLY for validations that | ||||
|  * are independent and usually scalar. | ||||
|  */ | ||||
| class HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
| { | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $context; | ||||
| 
 | ||||
|     /** | ||||
|      * @type object | ||||
|      */ | ||||
|     protected $obj; | ||||
| 
 | ||||
|     /** | ||||
|      * @type string | ||||
|      */ | ||||
|     protected $member; | ||||
| 
 | ||||
|     /** | ||||
|      * @type mixed | ||||
|      */ | ||||
|     protected $contents; | ||||
| 
 | ||||
|     public function __construct($context, $obj, $member) | ||||
|     { | ||||
|         $this->context = $context; | ||||
|         $this->obj = $obj; | ||||
|         $this->member = $member; | ||||
|         $this->contents =& $obj->$member; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertIsString() | ||||
|     { | ||||
|         if (!is_string($this->contents)) { | ||||
|             $this->error('must be a string'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertIsBool() | ||||
|     { | ||||
|         if (!is_bool($this->contents)) { | ||||
|             $this->error('must be a boolean'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertIsArray() | ||||
|     { | ||||
|         if (!is_array($this->contents)) { | ||||
|             $this->error('must be an array'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertNotNull() | ||||
|     { | ||||
|         if ($this->contents === null) { | ||||
|             $this->error('must not be null'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertAlnum() | ||||
|     { | ||||
|         $this->assertIsString(); | ||||
|         if (!ctype_alnum($this->contents)) { | ||||
|             $this->error('must be alphanumeric'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertNotEmpty() | ||||
|     { | ||||
|         if (empty($this->contents)) { | ||||
|             $this->error('must not be empty'); | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @return HTMLPurifier_ConfigSchema_ValidatorAtom | ||||
|      */ | ||||
|     public function assertIsLookup() | ||||
|     { | ||||
|         $this->assertIsArray(); | ||||
|         foreach ($this->contents as $v) { | ||||
|             if ($v !== true) { | ||||
|                 $this->error('must be a lookup array'); | ||||
|             } | ||||
|         } | ||||
|         return $this; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * @param string $msg | ||||
|      * @throws HTMLPurifier_ConfigSchema_Exception | ||||
|      */ | ||||
|     protected function error($msg) | ||||
|     { | ||||
|         throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| // vim: et sw=4 sts=4
 | ||||
										
											Binary file not shown.
										
									
								
							Some files were not shown because too many files have changed in this diff Show more
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue