Merge branch '1.10.x' of https://github.com/chamilo/chamilo-lms into B9070
Conflicts: .gitignore main/inc/lib/sessionmanager.lib.php1.10.x
Angel Fernando Quiroz Campos
10 years ago
commit
753edb57d4
@ -1,11 +1,44 @@ |
||||
{ |
||||
"name": "chamilo/chamilo-lms", |
||||
"description": "E-learning and collaboration software", |
||||
"type": "project", |
||||
"homepage": "http://www.chamilo.org", |
||||
"license": "GPL-3.0", |
||||
"support": { |
||||
"forum": "http://www.chamilo.org/forum", |
||||
"irc": "irc://irc.freenode.org/chamilo" |
||||
}, |
||||
"autoload": { |
||||
"classmap": [ |
||||
"main/auth", |
||||
"main/admin", |
||||
"main/cron/lang", |
||||
"main/coursecopy", |
||||
"main/exercice", |
||||
"main/gradebook/lib", |
||||
"main/newscorm", |
||||
"main/inc/lib", |
||||
"plugin", |
||||
"main/install", |
||||
"main/inc/lib/getid3", |
||||
"main/survey" |
||||
] |
||||
}, |
||||
"require": { |
||||
"php": ">=5.3.3", |
||||
"php-ffmpeg/php-ffmpeg": "0.3.x-dev@dev", |
||||
"sabre/vobject": "~3.1", |
||||
"toin0u/digitalocean": "~1.4", |
||||
"twig/twig": "1.*", |
||||
"michelf/php-markdown": "1.4.1", |
||||
"emojione/emojione": "1.3.0", |
||||
"zendframework/zend-config": "2.3.3" |
||||
"zendframework/zend-config": "2.3.3", |
||||
"ezyang/htmlpurifier": "4.6.0", |
||||
"aferrandini/phpqrcode": "1.0.1" |
||||
}, |
||||
"extra": { |
||||
"branch-alias": { |
||||
"dev-master": "1.10.x-dev" |
||||
} |
||||
} |
||||
} |
||||
|
||||
@ -1,18 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Set up the Chamilo autoload stack. Can be called several time if needed also |
||||
* better to avoid it. |
||||
*/ |
||||
|
||||
require_once dirname(__FILE__) . '/lib/autoload.class.php'; |
||||
Autoload::register(); |
||||
|
||||
/** |
||||
use Symfony\Component\ClassLoader\UniversalClassLoader; |
||||
$loader = new UniversalClassLoader(); |
||||
$loader->registerNamespaces(array( |
||||
'Symfony\\Component\\HttpFoundation', __DIR__.'/vendor/symfony/http-foundation', |
||||
)); |
||||
$loader->register(); |
||||
*/ |
||||
File diff suppressed because it is too large
Load Diff
@ -1 +0,0 @@ |
||||
4.2.0 |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,23 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* @file |
||||
* Defines a function wrapper for HTML Purifier for quick use. |
||||
* @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()'' |
||||
*/ |
||||
|
||||
/** |
||||
* Purify HTML. |
||||
* @param $html String HTML to purify |
||||
* @param $config Configuration to use, can be any value accepted by |
||||
* HTMLPurifier_Config::create() |
||||
*/ |
||||
function HTMLPurifier($html, $config = null) { |
||||
static $purifier = false; |
||||
if (!$purifier) { |
||||
$purifier = new HTMLPurifier(); |
||||
} |
||||
return $purifier->purify($html, $config); |
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,237 +0,0 @@ |
||||
<?php |
||||
|
||||
/*! @mainpage |
||||
* |
||||
* HTML Purifier is an HTML filter that will take an arbitrary snippet of |
||||
* HTML and rigorously test, validate and filter it into a version that |
||||
* is safe for output onto webpages. It achieves this by: |
||||
* |
||||
* -# Lexing (parsing into tokens) the document, |
||||
* -# Executing various strategies on the tokens: |
||||
* -# Removing all elements not in the whitelist, |
||||
* -# Making the tokens well-formed, |
||||
* -# Fixing the nesting of the nodes, and |
||||
* -# Validating attributes of the nodes; and |
||||
* -# Generating HTML from the purified tokens. |
||||
* |
||||
* However, most users will only need to interface with the HTMLPurifier |
||||
* and HTMLPurifier_Config. |
||||
*/ |
||||
|
||||
/* |
||||
HTML Purifier 4.2.0 - Standards Compliant HTML Filtering |
||||
Copyright (C) 2006-2008 Edward Z. Yang |
||||
|
||||
This library is free software; you can redistribute it and/or |
||||
modify it under the terms of the GNU Lesser General Public |
||||
License as published by the Free Software Foundation; either |
||||
version 2.1 of the License, or (at your option) any later version. |
||||
|
||||
This library is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||||
Lesser General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU Lesser General Public |
||||
License along with this library; if not, write to the Free Software |
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
||||
*/ |
||||
|
||||
/** |
||||
* Facade that coordinates HTML Purifier's subsystems in order to purify HTML. |
||||
* |
||||
* @note There are several points in which configuration can be specified |
||||
* for HTML Purifier. The precedence of these (from lowest to |
||||
* highest) is as follows: |
||||
* -# Instance: new HTMLPurifier($config) |
||||
* -# Invocation: purify($html, $config) |
||||
* These configurations are entirely independent of each other and |
||||
* are *not* merged (this behavior may change in the future). |
||||
* |
||||
* @todo We need an easier way to inject strategies using the configuration |
||||
* object. |
||||
*/ |
||||
class HTMLPurifier |
||||
{ |
||||
|
||||
/** Version of HTML Purifier */ |
||||
public $version = '4.2.0'; |
||||
|
||||
/** Constant with version of HTML Purifier */ |
||||
const VERSION = '4.2.0'; |
||||
|
||||
/** Global configuration object */ |
||||
public $config; |
||||
|
||||
/** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */ |
||||
private $filters = array(); |
||||
|
||||
/** Single instance of HTML Purifier */ |
||||
private static $instance; |
||||
|
||||
protected $strategy, $generator; |
||||
|
||||
/** |
||||
* Resultant HTMLPurifier_Context of last run purification. Is an array |
||||
* of contexts if the last called method was purifyArray(). |
||||
*/ |
||||
public $context; |
||||
|
||||
/** |
||||
* Initializes the purifier. |
||||
* @param $config Optional HTMLPurifier_Config object for all instances of |
||||
* the purifier, if omitted, a default configuration is |
||||
* supplied (which can be overridden on a per-use basis). |
||||
* The parameter can also be any type that |
||||
* HTMLPurifier_Config::create() supports. |
||||
*/ |
||||
public function __construct($config = null) { |
||||
|
||||
$this->config = HTMLPurifier_Config::create($config); |
||||
|
||||
$this->strategy = new HTMLPurifier_Strategy_Core(); |
||||
|
||||
} |
||||
|
||||
/** |
||||
* Adds a filter to process the output. First come first serve |
||||
* @param $filter HTMLPurifier_Filter object |
||||
*/ |
||||
public function addFilter($filter) { |
||||
trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING); |
||||
$this->filters[] = $filter; |
||||
} |
||||
|
||||
/** |
||||
* Filters an HTML snippet/document to be XSS-free and standards-compliant. |
||||
* |
||||
* @param $html String of HTML to purify |
||||
* @param $config HTMLPurifier_Config object for this operation, if omitted, |
||||
* defaults to the config object specified during this |
||||
* object's construction. The parameter can also be any type |
||||
* that HTMLPurifier_Config::create() supports. |
||||
* @return Purified HTML |
||||
*/ |
||||
public function purify($html, $config = null) { |
||||
|
||||
// :TODO: make the config merge in, instead of replace |
||||
$config = $config ? HTMLPurifier_Config::create($config) : $this->config; |
||||
|
||||
// implementation is partially environment dependant, partially |
||||
// configuration dependant |
||||
$lexer = HTMLPurifier_Lexer::create($config); |
||||
|
||||
$context = new HTMLPurifier_Context(); |
||||
|
||||
// setup HTML generator |
||||
$this->generator = new HTMLPurifier_Generator($config, $context); |
||||
$context->register('Generator', $this->generator); |
||||
|
||||
// set up global context variables |
||||
if ($config->get('Core.CollectErrors')) { |
||||
// may get moved out if other facilities use it |
||||
$language_factory = HTMLPurifier_LanguageFactory::instance(); |
||||
$language = $language_factory->create($config, $context); |
||||
$context->register('Locale', $language); |
||||
|
||||
$error_collector = new HTMLPurifier_ErrorCollector($context); |
||||
$context->register('ErrorCollector', $error_collector); |
||||
} |
||||
|
||||
// setup id_accumulator context, necessary due to the fact that |
||||
// AttrValidator can be called from many places |
||||
$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
||||
$context->register('IDAccumulator', $id_accumulator); |
||||
|
||||
$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context); |
||||
|
||||
// setup filters |
||||
$filter_flags = $config->getBatch('Filter'); |
||||
$custom_filters = $filter_flags['Custom']; |
||||
unset($filter_flags['Custom']); |
||||
$filters = array(); |
||||
foreach ($filter_flags as $filter => $flag) { |
||||
if (!$flag) continue; |
||||
if (strpos($filter, '.') !== false) continue; |
||||
$class = "HTMLPurifier_Filter_$filter"; |
||||
$filters[] = new $class; |
||||
} |
||||
foreach ($custom_filters as $filter) { |
||||
// maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat |
||||
$filters[] = $filter; |
||||
} |
||||
$filters = array_merge($filters, $this->filters); |
||||
// maybe prepare(), but later |
||||
|
||||
for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) { |
||||
$html = $filters[$i]->preFilter($html, $config, $context); |
||||
} |
||||
|
||||
// purified HTML |
||||
$html = |
||||
$this->generator->generateFromTokens( |
||||
// list of tokens |
||||
$this->strategy->execute( |
||||
// list of un-purified tokens |
||||
$lexer->tokenizeHTML( |
||||
// un-purified HTML |
||||
$html, $config, $context |
||||
), |
||||
$config, $context |
||||
) |
||||
); |
||||
|
||||
for ($i = $filter_size - 1; $i >= 0; $i--) { |
||||
$html = $filters[$i]->postFilter($html, $config, $context); |
||||
} |
||||
|
||||
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context); |
||||
$this->context =& $context; |
||||
return $html; |
||||
} |
||||
|
||||
/** |
||||
* Filters an array of HTML snippets |
||||
* @param $config Optional HTMLPurifier_Config object for this operation. |
||||
* See HTMLPurifier::purify() for more details. |
||||
* @return Array of purified HTML |
||||
*/ |
||||
public function purifyArray($array_of_html, $config = null) { |
||||
$context_array = array(); |
||||
foreach ($array_of_html as $key => $html) { |
||||
$array_of_html[$key] = $this->purify($html, $config); |
||||
$context_array[$key] = $this->context; |
||||
} |
||||
$this->context = $context_array; |
||||
return $array_of_html; |
||||
} |
||||
|
||||
/** |
||||
* Singleton for enforcing just one HTML Purifier in your system |
||||
* @param $prototype Optional prototype HTMLPurifier instance to |
||||
* overload singleton with, or HTMLPurifier_Config |
||||
* instance to configure the generated version with. |
||||
*/ |
||||
public static function instance($prototype = null) { |
||||
if (!self::$instance || $prototype) { |
||||
if ($prototype instanceof HTMLPurifier) { |
||||
self::$instance = $prototype; |
||||
} elseif ($prototype) { |
||||
self::$instance = new HTMLPurifier($prototype); |
||||
} else { |
||||
self::$instance = new HTMLPurifier(); |
||||
} |
||||
} |
||||
return self::$instance; |
||||
} |
||||
|
||||
/** |
||||
* @note Backwards compatibility, see instance() |
||||
*/ |
||||
public static function getInstance($prototype = null) { |
||||
return HTMLPurifier::instance($prototype); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,128 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Defines common attribute collections that modules reference |
||||
*/ |
||||
|
||||
class HTMLPurifier_AttrCollections |
||||
{ |
||||
|
||||
/** |
||||
* Associative array of attribute collections, indexed by name |
||||
*/ |
||||
public $info = array(); |
||||
|
||||
/** |
||||
* Performs all expansions on internal data for use by other inclusions |
||||
* It also collects all attribute collection extensions from |
||||
* modules |
||||
* @param $attr_types HTMLPurifier_AttrTypes instance |
||||
* @param $modules Hash array of HTMLPurifier_HTMLModule members |
||||
*/ |
||||
public function __construct($attr_types, $modules) { |
||||
// load extensions from the modules |
||||
foreach ($modules as $module) { |
||||
foreach ($module->attr_collections as $coll_i => $coll) { |
||||
if (!isset($this->info[$coll_i])) { |
||||
$this->info[$coll_i] = array(); |
||||
} |
||||
foreach ($coll as $attr_i => $attr) { |
||||
if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) { |
||||
// merge in includes |
||||
$this->info[$coll_i][$attr_i] = array_merge( |
||||
$this->info[$coll_i][$attr_i], $attr); |
||||
continue; |
||||
} |
||||
$this->info[$coll_i][$attr_i] = $attr; |
||||
} |
||||
} |
||||
} |
||||
// perform internal expansions and inclusions |
||||
foreach ($this->info as $name => $attr) { |
||||
// merge attribute collections that include others |
||||
$this->performInclusions($this->info[$name]); |
||||
// replace string identifiers with actual attribute objects |
||||
$this->expandIdentifiers($this->info[$name], $attr_types); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Takes a reference to an attribute associative array and performs |
||||
* all inclusions specified by the zero index. |
||||
* @param &$attr Reference to attribute array |
||||
*/ |
||||
public function performInclusions(&$attr) { |
||||
if (!isset($attr[0])) return; |
||||
$merge = $attr[0]; |
||||
$seen = array(); // recursion guard |
||||
// loop through all the inclusions |
||||
for ($i = 0; isset($merge[$i]); $i++) { |
||||
if (isset($seen[$merge[$i]])) continue; |
||||
$seen[$merge[$i]] = true; |
||||
// foreach attribute of the inclusion, copy it over |
||||
if (!isset($this->info[$merge[$i]])) continue; |
||||
foreach ($this->info[$merge[$i]] as $key => $value) { |
||||
if (isset($attr[$key])) continue; // also catches more inclusions |
||||
$attr[$key] = $value; |
||||
} |
||||
if (isset($this->info[$merge[$i]][0])) { |
||||
// recursion |
||||
$merge = array_merge($merge, $this->info[$merge[$i]][0]); |
||||
} |
||||
} |
||||
unset($attr[0]); |
||||
} |
||||
|
||||
/** |
||||
* Expands all string identifiers in an attribute array by replacing |
||||
* them with the appropriate values inside HTMLPurifier_AttrTypes |
||||
* @param &$attr Reference to attribute array |
||||
* @param $attr_types HTMLPurifier_AttrTypes instance |
||||
*/ |
||||
public function expandIdentifiers(&$attr, $attr_types) { |
||||
|
||||
// because foreach will process new elements we add, make sure we |
||||
// skip duplicates |
||||
$processed = array(); |
||||
|
||||
foreach ($attr as $def_i => $def) { |
||||
// skip inclusions |
||||
if ($def_i === 0) continue; |
||||
|
||||
if (isset($processed[$def_i])) continue; |
||||
|
||||
// determine whether or not attribute is required |
||||
if ($required = (strpos($def_i, '*') !== false)) { |
||||
// rename the definition |
||||
unset($attr[$def_i]); |
||||
$def_i = trim($def_i, '*'); |
||||
$attr[$def_i] = $def; |
||||
} |
||||
|
||||
$processed[$def_i] = true; |
||||
|
||||
// if we've already got a literal object, move on |
||||
if (is_object($def)) { |
||||
// preserve previous required |
||||
$attr[$def_i]->required = ($required || $attr[$def_i]->required); |
||||
continue; |
||||
} |
||||
|
||||
if ($def === false) { |
||||
unset($attr[$def_i]); |
||||
continue; |
||||
} |
||||
|
||||
if ($t = $attr_types->get($def)) { |
||||
$attr[$def_i] = $t; |
||||
$attr[$def_i]->required = $required; |
||||
} else { |
||||
unset($attr[$def_i]); |
||||
} |
||||
} |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,123 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Base class for all validating attribute definitions. |
||||
* |
||||
* This family of classes forms the core for not only HTML attribute validation, |
||||
* but also any sort of string that needs to be validated or cleaned (which |
||||
* means CSS properties and composite definitions are defined here too). |
||||
* Besides defining (through code) what precisely makes the string valid, |
||||
* subclasses are also responsible for cleaning the code if possible. |
||||
*/ |
||||
|
||||
abstract class HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Tells us whether or not an HTML attribute is minimized. Has no |
||||
* meaning in other contexts. |
||||
*/ |
||||
public $minimized = false; |
||||
|
||||
/** |
||||
* Tells us whether or not an HTML attribute is required. Has no |
||||
* meaning in other contexts |
||||
*/ |
||||
public $required = false; |
||||
|
||||
/** |
||||
* Validates and cleans passed string according to a definition. |
||||
* |
||||
* @param $string String to be validated and cleaned. |
||||
* @param $config Mandatory HTMLPurifier_Config object. |
||||
* @param $context Mandatory HTMLPurifier_AttrContext object. |
||||
*/ |
||||
abstract public function validate($string, $config, $context); |
||||
|
||||
/** |
||||
* Convenience method that parses a string as if it were CDATA. |
||||
* |
||||
* This method process a string in the manner specified at |
||||
* <http://www.w3.org/TR/html4/types.html#h-6.2> by removing |
||||
* leading and trailing whitespace, ignoring line feeds, and replacing |
||||
* carriage returns and tabs with spaces. While most useful for HTML |
||||
* attributes specified as CDATA, it can also be applied to most CSS |
||||
* values. |
||||
* |
||||
* @note This method is not entirely standards compliant, as trim() removes |
||||
* more types of whitespace than specified in the spec. In practice, |
||||
* this is rarely a problem, as those extra characters usually have |
||||
* already been removed by HTMLPurifier_Encoder. |
||||
* |
||||
* @warning This processing is inconsistent with XML's whitespace handling |
||||
* as specified by section 3.3.3 and referenced XHTML 1.0 section |
||||
* 4.7. However, note that we are NOT necessarily |
||||
* parsing XML, thus, this behavior may still be correct. We |
||||
* assume that newlines have been normalized. |
||||
*/ |
||||
public function parseCDATA($string) { |
||||
$string = trim($string); |
||||
$string = str_replace(array("\n", "\t", "\r"), ' ', $string); |
||||
return $string; |
||||
} |
||||
|
||||
/** |
||||
* Factory method for creating this class from a string. |
||||
* @param $string String construction info |
||||
* @return Created AttrDef object corresponding to $string |
||||
*/ |
||||
public function make($string) { |
||||
// default implementation, return a flyweight of this object. |
||||
// If $string has an effect on the returned object (i.e. you |
||||
// need to overload this method), it is best |
||||
// to clone or instantiate new copies. (Instantiation is safer.) |
||||
return $this; |
||||
} |
||||
|
||||
/** |
||||
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work |
||||
* properly. THIS IS A HACK! |
||||
*/ |
||||
protected function mungeRgb($string) { |
||||
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); |
||||
} |
||||
|
||||
/** |
||||
* Parses a possibly escaped CSS string and returns the "pure" |
||||
* version of it. |
||||
*/ |
||||
protected function expandCSSEscape($string) { |
||||
// flexibly parse it |
||||
$ret = ''; |
||||
for ($i = 0, $c = strlen($string); $i < $c; $i++) { |
||||
if ($string[$i] === '\\') { |
||||
$i++; |
||||
if ($i >= $c) { |
||||
$ret .= '\\'; |
||||
break; |
||||
} |
||||
if (ctype_xdigit($string[$i])) { |
||||
$code = $string[$i]; |
||||
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) { |
||||
if (!ctype_xdigit($string[$i])) break; |
||||
$code .= $string[$i]; |
||||
} |
||||
// We have to be extremely careful when adding |
||||
// new characters, to make sure we're not breaking |
||||
// the encoding. |
||||
$char = HTMLPurifier_Encoder::unichr(hexdec($code)); |
||||
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue; |
||||
$ret .= $char; |
||||
if ($i < $c && trim($string[$i]) !== '') $i--; |
||||
continue; |
||||
} |
||||
if ($string[$i] === "\n") continue; |
||||
} |
||||
$ret .= $string[$i]; |
||||
} |
||||
return $ret; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,21 +0,0 @@ |
||||
<?php |
||||
|
||||
class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number |
||||
{ |
||||
|
||||
public function __construct() { |
||||
parent::__construct(false); // opacity is non-negative, but we will clamp it |
||||
} |
||||
|
||||
public function validate($number, $config, $context) { |
||||
$result = parent::validate($number, $config, $context); |
||||
if ($result === false) return $result; |
||||
$float = (float) $result; |
||||
if ($float < 0.0) $result = '0'; |
||||
if ($float > 1.0) $result = '1'; |
||||
return $result; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,87 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates shorthand CSS property background. |
||||
* @warning Does not support url tokens that have internal spaces. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Local copy of component validators. |
||||
* @note See HTMLPurifier_AttrDef_Font::$info for a similar impl. |
||||
*/ |
||||
protected $info; |
||||
|
||||
public function __construct($config) { |
||||
$def = $config->getCSSDefinition(); |
||||
$this->info['background-color'] = $def->info['background-color']; |
||||
$this->info['background-image'] = $def->info['background-image']; |
||||
$this->info['background-repeat'] = $def->info['background-repeat']; |
||||
$this->info['background-attachment'] = $def->info['background-attachment']; |
||||
$this->info['background-position'] = $def->info['background-position']; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
// regular pre-processing |
||||
$string = $this->parseCDATA($string); |
||||
if ($string === '') return false; |
||||
|
||||
// munge rgb() decl if necessary |
||||
$string = $this->mungeRgb($string); |
||||
|
||||
// assumes URI doesn't have spaces in it |
||||
$bits = explode(' ', strtolower($string)); // bits to process |
||||
|
||||
$caught = array(); |
||||
$caught['color'] = false; |
||||
$caught['image'] = false; |
||||
$caught['repeat'] = false; |
||||
$caught['attachment'] = false; |
||||
$caught['position'] = false; |
||||
|
||||
$i = 0; // number of catches |
||||
$none = false; |
||||
|
||||
foreach ($bits as $bit) { |
||||
if ($bit === '') continue; |
||||
foreach ($caught as $key => $status) { |
||||
if ($key != 'position') { |
||||
if ($status !== false) continue; |
||||
$r = $this->info['background-' . $key]->validate($bit, $config, $context); |
||||
} else { |
||||
$r = $bit; |
||||
} |
||||
if ($r === false) continue; |
||||
if ($key == 'position') { |
||||
if ($caught[$key] === false) $caught[$key] = ''; |
||||
$caught[$key] .= $r . ' '; |
||||
} else { |
||||
$caught[$key] = $r; |
||||
} |
||||
$i++; |
||||
break; |
||||
} |
||||
} |
||||
|
||||
if (!$i) return false; |
||||
if ($caught['position'] !== false) { |
||||
$caught['position'] = $this->info['background-position']-> |
||||
validate($caught['position'], $config, $context); |
||||
} |
||||
|
||||
$ret = array(); |
||||
foreach ($caught as $value) { |
||||
if ($value === false) continue; |
||||
$ret[] = $value; |
||||
} |
||||
|
||||
if (empty($ret)) return false; |
||||
return implode(' ', $ret); |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,133 +0,0 @@ |
||||
<?php |
||||
|
||||
/* W3C says: |
||||
[ // adjective and number must be in correct order, even if |
||||
// you could switch them without introducing ambiguity. |
||||
// some browsers support that syntax |
||||
[ |
||||
<percentage> | <length> | left | center | right |
||||
] |
||||
[ |
||||
<percentage> | <length> | top | center | bottom |
||||
]? |
||||
] | |
||||
[ // this signifies that the vertical and horizontal adjectives |
||||
// can be arbitrarily ordered, however, there can only be two, |
||||
// one of each, or none at all |
||||
[ |
||||
left | center | right |
||||
] || |
||||
[ |
||||
top | center | bottom |
||||
] |
||||
] |
||||
top, left = 0% |
||||
center, (none) = 50% |
||||
bottom, right = 100% |
||||
*/ |
||||
|
||||
/* QuirksMode says: |
||||
keyword + length/percentage must be ordered correctly, as per W3C |
||||
|
||||
Internet Explorer and Opera, however, support arbitrary ordering. We |
||||
should fix it up. |
||||
|
||||
Minor issue though, not strictly necessary. |
||||
*/ |
||||
|
||||
// control freaks may appreciate the ability to convert these to |
||||
// percentages or something, but it's not necessary |
||||
|
||||
/** |
||||
* Validates the value of background-position. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $length; |
||||
protected $percentage; |
||||
|
||||
public function __construct() { |
||||
$this->length = new HTMLPurifier_AttrDef_CSS_Length(); |
||||
$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage(); |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$string = $this->parseCDATA($string); |
||||
$bits = explode(' ', $string); |
||||
|
||||
$keywords = array(); |
||||
$keywords['h'] = false; // left, right |
||||
$keywords['v'] = false; // top, bottom |
||||
$keywords['ch'] = false; // center (first word) |
||||
$keywords['cv'] = false; // center (second word) |
||||
$measures = array(); |
||||
|
||||
$i = 0; |
||||
|
||||
$lookup = array( |
||||
'top' => 'v', |
||||
'bottom' => 'v', |
||||
'left' => 'h', |
||||
'right' => 'h', |
||||
'center' => 'c' |
||||
); |
||||
|
||||
foreach ($bits as $bit) { |
||||
if ($bit === '') continue; |
||||
|
||||
// test for keyword |
||||
$lbit = ctype_lower($bit) ? $bit : strtolower($bit); |
||||
if (isset($lookup[$lbit])) { |
||||
$status = $lookup[$lbit]; |
||||
if ($status == 'c') { |
||||
if ($i == 0) { |
||||
$status = 'ch'; |
||||
} else { |
||||
$status = 'cv'; |
||||
} |
||||
} |
||||
$keywords[$status] = $lbit; |
||||
$i++; |
||||
} |
||||
|
||||
// test for length |
||||
$r = $this->length->validate($bit, $config, $context); |
||||
if ($r !== false) { |
||||
$measures[] = $r; |
||||
$i++; |
||||
} |
||||
|
||||
// test for percentage |
||||
$r = $this->percentage->validate($bit, $config, $context); |
||||
if ($r !== false) { |
||||
$measures[] = $r; |
||||
$i++; |
||||
} |
||||
|
||||
} |
||||
|
||||
if (!$i) return false; // no valid values were caught |
||||
|
||||
$ret = array(); |
||||
|
||||
// first keyword |
||||
if ($keywords['h']) $ret[] = $keywords['h']; |
||||
elseif ($keywords['ch']) { |
||||
$ret[] = $keywords['ch']; |
||||
$keywords['cv'] = false; // prevent re-use: center = center center |
||||
} |
||||
elseif (count($measures)) $ret[] = array_shift($measures); |
||||
|
||||
if ($keywords['v']) $ret[] = $keywords['v']; |
||||
elseif ($keywords['cv']) $ret[] = $keywords['cv']; |
||||
elseif (count($measures)) $ret[] = array_shift($measures); |
||||
|
||||
if (empty($ret)) return false; |
||||
return implode(' ', $ret); |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,43 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates the border property as defined by CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Local copy of properties this property is shorthand for. |
||||
*/ |
||||
protected $info = array(); |
||||
|
||||
public function __construct($config) { |
||||
$def = $config->getCSSDefinition(); |
||||
$this->info['border-width'] = $def->info['border-width']; |
||||
$this->info['border-style'] = $def->info['border-style']; |
||||
$this->info['border-top-color'] = $def->info['border-top-color']; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$string = $this->parseCDATA($string); |
||||
$string = $this->mungeRgb($string); |
||||
$bits = explode(' ', $string); |
||||
$done = array(); // segments we've finished |
||||
$ret = ''; // return value |
||||
foreach ($bits as $bit) { |
||||
foreach ($this->info as $propname => $validator) { |
||||
if (isset($done[$propname])) continue; |
||||
$r = $validator->validate($bit, $config, $context); |
||||
if ($r !== false) { |
||||
$ret .= $r . ' '; |
||||
$done[$propname] = true; |
||||
break; |
||||
} |
||||
} |
||||
} |
||||
return rtrim($ret); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,78 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates Color as defined by CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($color, $config, $context) { |
||||
|
||||
static $colors = null; |
||||
if ($colors === null) $colors = $config->get('Core.ColorKeywords'); |
||||
|
||||
$color = trim($color); |
||||
if ($color === '') return false; |
||||
|
||||
$lower = strtolower($color); |
||||
if (isset($colors[$lower])) return $colors[$lower]; |
||||
|
||||
if (strpos($color, 'rgb(') !== false) { |
||||
// rgb literal handling |
||||
$length = strlen($color); |
||||
if (strpos($color, ')') !== $length - 1) return false; |
||||
$triad = substr($color, 4, $length - 4 - 1); |
||||
$parts = explode(',', $triad); |
||||
if (count($parts) !== 3) return false; |
||||
$type = false; // to ensure that they're all the same type |
||||
$new_parts = array(); |
||||
foreach ($parts as $part) { |
||||
$part = trim($part); |
||||
if ($part === '') return false; |
||||
$length = strlen($part); |
||||
if ($part[$length - 1] === '%') { |
||||
// handle percents |
||||
if (!$type) { |
||||
$type = 'percentage'; |
||||
} elseif ($type !== 'percentage') { |
||||
return false; |
||||
} |
||||
$num = (float) substr($part, 0, $length - 1); |
||||
if ($num < 0) $num = 0; |
||||
if ($num > 100) $num = 100; |
||||
$new_parts[] = "$num%"; |
||||
} else { |
||||
// handle integers |
||||
if (!$type) { |
||||
$type = 'integer'; |
||||
} elseif ($type !== 'integer') { |
||||
return false; |
||||
} |
||||
$num = (int) $part; |
||||
if ($num < 0) $num = 0; |
||||
if ($num > 255) $num = 255; |
||||
$new_parts[] = (string) $num; |
||||
} |
||||
} |
||||
$new_triad = implode(',', $new_parts); |
||||
$color = "rgb($new_triad)"; |
||||
} else { |
||||
// hexadecimal handling |
||||
if ($color[0] === '#') { |
||||
$hex = substr($color, 1); |
||||
} else { |
||||
$hex = $color; |
||||
$color = '#' . $color; |
||||
} |
||||
$length = strlen($hex); |
||||
if ($length !== 3 && $length !== 6) return false; |
||||
if (!ctype_xdigit($hex)) return false; |
||||
} |
||||
|
||||
return $color; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,38 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Allows multiple validators to attempt to validate attribute. |
||||
* |
||||
* Composite is just what it sounds like: a composite of many validators. |
||||
* This means that multiple HTMLPurifier_AttrDef objects will have a whack |
||||
* at the string. If one of them passes, that's what is returned. This is |
||||
* especially useful for CSS values, which often are a choice between |
||||
* an enumerated set of predefined values or a flexible data type. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* List of HTMLPurifier_AttrDef objects that may process strings |
||||
* @todo Make protected |
||||
*/ |
||||
public $defs; |
||||
|
||||
/** |
||||
* @param $defs List of HTMLPurifier_AttrDef objects |
||||
*/ |
||||
public function __construct($defs) { |
||||
$this->defs = $defs; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
foreach ($this->defs as $i => $def) { |
||||
$result = $this->defs[$i]->validate($string, $config, $context); |
||||
if ($result !== false) return $result; |
||||
} |
||||
return false; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,28 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Decorator which enables CSS properties to be disabled for specific elements. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef |
||||
{ |
||||
public $def, $element; |
||||
|
||||
/** |
||||
* @param $def Definition to wrap |
||||
* @param $element Element to deny |
||||
*/ |
||||
public function __construct($def, $element) { |
||||
$this->def = $def; |
||||
$this->element = $element; |
||||
} |
||||
/** |
||||
* Checks if CurrentToken is set and equal to $this->element |
||||
*/ |
||||
public function validate($string, $config, $context) { |
||||
$token = $context->get('CurrentToken', true); |
||||
if ($token && $token->name == $this->element) return false; |
||||
return $this->def->validate($string, $config, $context); |
||||
} |
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,54 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Microsoft's proprietary filter: CSS property |
||||
* @note Currently supports the alpha filter. In the future, this will |
||||
* probably need an extensible framework |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $intValidator; |
||||
|
||||
public function __construct() { |
||||
$this->intValidator = new HTMLPurifier_AttrDef_Integer(); |
||||
} |
||||
|
||||
public function validate($value, $config, $context) { |
||||
$value = $this->parseCDATA($value); |
||||
if ($value === 'none') return $value; |
||||
// if we looped this we could support multiple filters |
||||
$function_length = strcspn($value, '('); |
||||
$function = trim(substr($value, 0, $function_length)); |
||||
if ($function !== 'alpha' && |
||||
$function !== 'Alpha' && |
||||
$function !== 'progid:DXImageTransform.Microsoft.Alpha' |
||||
) return false; |
||||
$cursor = $function_length + 1; |
||||
$parameters_length = strcspn($value, ')', $cursor); |
||||
$parameters = substr($value, $cursor, $parameters_length); |
||||
$params = explode(',', $parameters); |
||||
$ret_params = array(); |
||||
$lookup = array(); |
||||
foreach ($params as $param) { |
||||
list($key, $value) = explode('=', $param); |
||||
$key = trim($key); |
||||
$value = trim($value); |
||||
if (isset($lookup[$key])) continue; |
||||
if ($key !== 'opacity') continue; |
||||
$value = $this->intValidator->validate($value, $config, $context); |
||||
if ($value === false) continue; |
||||
$int = (int) $value; |
||||
if ($int > 100) $value = '100'; |
||||
if ($int < 0) $value = '0'; |
||||
$ret_params[] = "$key=$value"; |
||||
$lookup[$key] = true; |
||||
} |
||||
$ret_parameters = implode(',', $ret_params); |
||||
$ret_function = "$function($ret_parameters)"; |
||||
return $ret_function; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,149 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates shorthand CSS property font. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Local copy of component validators. |
||||
* |
||||
* @note If we moved specific CSS property definitions to their own |
||||
* classes instead of having them be assembled at run time by |
||||
* CSSDefinition, this wouldn't be necessary. We'd instantiate |
||||
* our own copies. |
||||
*/ |
||||
protected $info = array(); |
||||
|
||||
public function __construct($config) { |
||||
$def = $config->getCSSDefinition(); |
||||
$this->info['font-style'] = $def->info['font-style']; |
||||
$this->info['font-variant'] = $def->info['font-variant']; |
||||
$this->info['font-weight'] = $def->info['font-weight']; |
||||
$this->info['font-size'] = $def->info['font-size']; |
||||
$this->info['line-height'] = $def->info['line-height']; |
||||
$this->info['font-family'] = $def->info['font-family']; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
static $system_fonts = array( |
||||
'caption' => true, |
||||
'icon' => true, |
||||
'menu' => true, |
||||
'message-box' => true, |
||||
'small-caption' => true, |
||||
'status-bar' => true |
||||
); |
||||
|
||||
// regular pre-processing |
||||
$string = $this->parseCDATA($string); |
||||
if ($string === '') return false; |
||||
|
||||
// check if it's one of the keywords |
||||
$lowercase_string = strtolower($string); |
||||
if (isset($system_fonts[$lowercase_string])) { |
||||
return $lowercase_string; |
||||
} |
||||
|
||||
$bits = explode(' ', $string); // bits to process |
||||
$stage = 0; // this indicates what we're looking for |
||||
$caught = array(); // which stage 0 properties have we caught? |
||||
$stage_1 = array('font-style', 'font-variant', 'font-weight'); |
||||
$final = ''; // output |
||||
|
||||
for ($i = 0, $size = count($bits); $i < $size; $i++) { |
||||
if ($bits[$i] === '') continue; |
||||
switch ($stage) { |
||||
|
||||
// attempting to catch font-style, font-variant or font-weight |
||||
case 0: |
||||
foreach ($stage_1 as $validator_name) { |
||||
if (isset($caught[$validator_name])) continue; |
||||
$r = $this->info[$validator_name]->validate( |
||||
$bits[$i], $config, $context); |
||||
if ($r !== false) { |
||||
$final .= $r . ' '; |
||||
$caught[$validator_name] = true; |
||||
break; |
||||
} |
||||
} |
||||
// all three caught, continue on |
||||
if (count($caught) >= 3) $stage = 1; |
||||
if ($r !== false) break; |
||||
|
||||
// attempting to catch font-size and perhaps line-height |
||||
case 1: |
||||
$found_slash = false; |
||||
if (strpos($bits[$i], '/') !== false) { |
||||
list($font_size, $line_height) = |
||||
explode('/', $bits[$i]); |
||||
if ($line_height === '') { |
||||
// ooh, there's a space after the slash! |
||||
$line_height = false; |
||||
$found_slash = true; |
||||
} |
||||
} else { |
||||
$font_size = $bits[$i]; |
||||
$line_height = false; |
||||
} |
||||
$r = $this->info['font-size']->validate( |
||||
$font_size, $config, $context); |
||||
if ($r !== false) { |
||||
$final .= $r; |
||||
// attempt to catch line-height |
||||
if ($line_height === false) { |
||||
// we need to scroll forward |
||||
for ($j = $i + 1; $j < $size; $j++) { |
||||
if ($bits[$j] === '') continue; |
||||
if ($bits[$j] === '/') { |
||||
if ($found_slash) { |
||||
return false; |
||||
} else { |
||||
$found_slash = true; |
||||
continue; |
||||
} |
||||
} |
||||
$line_height = $bits[$j]; |
||||
break; |
||||
} |
||||
} else { |
||||
// slash already found |
||||
$found_slash = true; |
||||
$j = $i; |
||||
} |
||||
if ($found_slash) { |
||||
$i = $j; |
||||
$r = $this->info['line-height']->validate( |
||||
$line_height, $config, $context); |
||||
if ($r !== false) { |
||||
$final .= '/' . $r; |
||||
} |
||||
} |
||||
$final .= ' '; |
||||
$stage = 2; |
||||
break; |
||||
} |
||||
return false; |
||||
|
||||
// attempting to catch font-family |
||||
case 2: |
||||
$font_family = |
||||
implode(' ', array_slice($bits, $i, $size - $i)); |
||||
$r = $this->info['font-family']->validate( |
||||
$font_family, $config, $context); |
||||
if ($r !== false) { |
||||
$final .= $r . ' '; |
||||
// processing completed successfully |
||||
return rtrim($final); |
||||
} |
||||
return false; |
||||
} |
||||
} |
||||
return false; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,72 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a font family list according to CSS spec |
||||
* @todo whitelisting allowed fonts would be nice |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
static $generic_names = array( |
||||
'serif' => true, |
||||
'sans-serif' => true, |
||||
'monospace' => true, |
||||
'fantasy' => true, |
||||
'cursive' => true |
||||
); |
||||
|
||||
// assume that no font names contain commas in them |
||||
$fonts = explode(',', $string); |
||||
$final = ''; |
||||
foreach($fonts as $font) { |
||||
$font = trim($font); |
||||
if ($font === '') continue; |
||||
// match a generic name |
||||
if (isset($generic_names[$font])) { |
||||
$final .= $font . ', '; |
||||
continue; |
||||
} |
||||
// match a quoted name |
||||
if ($font[0] === '"' || $font[0] === "'") { |
||||
$length = strlen($font); |
||||
if ($length <= 2) continue; |
||||
$quote = $font[0]; |
||||
if ($font[$length - 1] !== $quote) continue; |
||||
$font = substr($font, 1, $length - 2); |
||||
} |
||||
|
||||
$font = $this->expandCSSEscape($font); |
||||
|
||||
// $font is a pure representation of the font name |
||||
|
||||
if (ctype_alnum($font) && $font !== '') { |
||||
// very simple font, allow it in unharmed |
||||
$final .= $font . ', '; |
||||
continue; |
||||
} |
||||
|
||||
// bugger out on whitespace. form feed (0C) really |
||||
// shouldn't show up regardless |
||||
$font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font); |
||||
|
||||
// These ugly transforms don't pose a security |
||||
// risk (as \\ and \" might). We could try to be clever and |
||||
// use single-quote wrapping when there is a double quote |
||||
// present, but I have choosen not to implement that. |
||||
// (warning: this code relies on the selection of quotation |
||||
// mark below) |
||||
$font = str_replace('\\', '\\5C ', $font); |
||||
$font = str_replace('"', '\\22 ', $font); |
||||
|
||||
// complicated font, requires quoting |
||||
$final .= "\"$font\", "; // note that this will later get turned into " |
||||
} |
||||
$final = rtrim($final, ', '); |
||||
if ($final === '') return false; |
||||
return $final; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,40 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Decorator which enables !important to be used in CSS values. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef |
||||
{ |
||||
public $def, $allow; |
||||
|
||||
/** |
||||
* @param $def Definition to wrap |
||||
* @param $allow Whether or not to allow !important |
||||
*/ |
||||
public function __construct($def, $allow = false) { |
||||
$this->def = $def; |
||||
$this->allow = $allow; |
||||
} |
||||
/** |
||||
* Intercepts and removes !important if necessary |
||||
*/ |
||||
public function validate($string, $config, $context) { |
||||
// test for ! and important tokens |
||||
$string = trim($string); |
||||
$is_important = false; |
||||
// :TODO: optimization: test directly for !important and ! important |
||||
if (strlen($string) >= 9 && substr($string, -9) === 'important') { |
||||
$temp = rtrim(substr($string, 0, -9)); |
||||
// use a temp, because we might want to restore important |
||||
if (strlen($temp) >= 1 && substr($temp, -1) === '!') { |
||||
$string = rtrim(substr($temp, 0, -1)); |
||||
$is_important = true; |
||||
} |
||||
} |
||||
$string = $this->def->validate($string, $config, $context); |
||||
if ($this->allow && $is_important) $string .= ' !important'; |
||||
return $string; |
||||
} |
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,47 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Represents a Length as defined by CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $min, $max; |
||||
|
||||
/** |
||||
* @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable. |
||||
* @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable. |
||||
*/ |
||||
public function __construct($min = null, $max = null) { |
||||
$this->min = $min !== null ? HTMLPurifier_Length::make($min) : null; |
||||
$this->max = $max !== null ? HTMLPurifier_Length::make($max) : null; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$string = $this->parseCDATA($string); |
||||
|
||||
// Optimizations |
||||
if ($string === '') return false; |
||||
if ($string === '0') return '0'; |
||||
if (strlen($string) === 1) return false; |
||||
|
||||
$length = HTMLPurifier_Length::make($string); |
||||
if (!$length->isValid()) return false; |
||||
|
||||
if ($this->min) { |
||||
$c = $length->compareTo($this->min); |
||||
if ($c === false) return false; |
||||
if ($c < 0) return false; |
||||
} |
||||
if ($this->max) { |
||||
$c = $length->compareTo($this->max); |
||||
if ($c === false) return false; |
||||
if ($c > 0) return false; |
||||
} |
||||
|
||||
return $length->toString(); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,78 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates shorthand CSS property list-style. |
||||
* @warning Does not support url tokens that have internal spaces. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Local copy of component validators. |
||||
* @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. |
||||
*/ |
||||
protected $info; |
||||
|
||||
public function __construct($config) { |
||||
$def = $config->getCSSDefinition(); |
||||
$this->info['list-style-type'] = $def->info['list-style-type']; |
||||
$this->info['list-style-position'] = $def->info['list-style-position']; |
||||
$this->info['list-style-image'] = $def->info['list-style-image']; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
// regular pre-processing |
||||
$string = $this->parseCDATA($string); |
||||
if ($string === '') return false; |
||||
|
||||
// assumes URI doesn't have spaces in it |
||||
$bits = explode(' ', strtolower($string)); // bits to process |
||||
|
||||
$caught = array(); |
||||
$caught['type'] = false; |
||||
$caught['position'] = false; |
||||
$caught['image'] = false; |
||||
|
||||
$i = 0; // number of catches |
||||
$none = false; |
||||
|
||||
foreach ($bits as $bit) { |
||||
if ($i >= 3) return; // optimization bit |
||||
if ($bit === '') continue; |
||||
foreach ($caught as $key => $status) { |
||||
if ($status !== false) continue; |
||||
$r = $this->info['list-style-' . $key]->validate($bit, $config, $context); |
||||
if ($r === false) continue; |
||||
if ($r === 'none') { |
||||
if ($none) continue; |
||||
else $none = true; |
||||
if ($key == 'image') continue; |
||||
} |
||||
$caught[$key] = $r; |
||||
$i++; |
||||
break; |
||||
} |
||||
} |
||||
|
||||
if (!$i) return false; |
||||
|
||||
$ret = array(); |
||||
|
||||
// construct type |
||||
if ($caught['type']) $ret[] = $caught['type']; |
||||
|
||||
// construct image |
||||
if ($caught['image']) $ret[] = $caught['image']; |
||||
|
||||
// construct position |
||||
if ($caught['position']) $ret[] = $caught['position']; |
||||
|
||||
if (empty($ret)) return false; |
||||
return implode(' ', $ret); |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,58 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Framework class for strings that involve multiple values. |
||||
* |
||||
* Certain CSS properties such as border-width and margin allow multiple |
||||
* lengths to be specified. This class can take a vanilla border-width |
||||
* definition and multiply it, usually into a max of four. |
||||
* |
||||
* @note Even though the CSS specification isn't clear about it, inherit |
||||
* can only be used alone: it will never manifest as part of a multi |
||||
* shorthand declaration. Thus, this class does not allow inherit. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Instance of component definition to defer validation to. |
||||
* @todo Make protected |
||||
*/ |
||||
public $single; |
||||
|
||||
/** |
||||
* Max number of values allowed. |
||||
* @todo Make protected |
||||
*/ |
||||
public $max; |
||||
|
||||
/** |
||||
* @param $single HTMLPurifier_AttrDef to multiply |
||||
* @param $max Max number of values allowed (usually four) |
||||
*/ |
||||
public function __construct($single, $max = 4) { |
||||
$this->single = $single; |
||||
$this->max = $max; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$string = $this->parseCDATA($string); |
||||
if ($string === '') return false; |
||||
$parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n |
||||
$length = count($parts); |
||||
$final = ''; |
||||
for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { |
||||
if (ctype_space($parts[$i])) continue; |
||||
$result = $this->single->validate($parts[$i], $config, $context); |
||||
if ($result !== false) { |
||||
$final .= $result . ' '; |
||||
$num++; |
||||
} |
||||
} |
||||
if ($final === '') return false; |
||||
return rtrim($final); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,69 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a number as defined by the CSS spec. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Bool indicating whether or not only positive values allowed. |
||||
*/ |
||||
protected $non_negative = false; |
||||
|
||||
/** |
||||
* @param $non_negative Bool indicating whether negatives are forbidden |
||||
*/ |
||||
public function __construct($non_negative = false) { |
||||
$this->non_negative = $non_negative; |
||||
} |
||||
|
||||
/** |
||||
* @warning Some contexts do not pass $config, $context. These |
||||
* variables should not be used without checking HTMLPurifier_Length |
||||
*/ |
||||
public function validate($number, $config, $context) { |
||||
|
||||
$number = $this->parseCDATA($number); |
||||
|
||||
if ($number === '') return false; |
||||
if ($number === '0') return '0'; |
||||
|
||||
$sign = ''; |
||||
switch ($number[0]) { |
||||
case '-': |
||||
if ($this->non_negative) return false; |
||||
$sign = '-'; |
||||
case '+': |
||||
$number = substr($number, 1); |
||||
} |
||||
|
||||
if (ctype_digit($number)) { |
||||
$number = ltrim($number, '0'); |
||||
return $number ? $sign . $number : '0'; |
||||
} |
||||
|
||||
// Period is the only non-numeric character allowed |
||||
if (strpos($number, '.') === false) return false; |
||||
|
||||
list($left, $right) = explode('.', $number, 2); |
||||
|
||||
if ($left === '' && $right === '') return false; |
||||
if ($left !== '' && !ctype_digit($left)) return false; |
||||
|
||||
$left = ltrim($left, '0'); |
||||
$right = rtrim($right, '0'); |
||||
|
||||
if ($right === '') { |
||||
return $left ? $sign . $left : '0'; |
||||
} elseif (!ctype_digit($right)) { |
||||
return false; |
||||
} |
||||
|
||||
return $sign . $left . '.' . $right; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,40 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a Percentage as defined by the CSS spec. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation |
||||
*/ |
||||
protected $number_def; |
||||
|
||||
/** |
||||
* @param Bool indicating whether to forbid negative values |
||||
*/ |
||||
public function __construct($non_negative = false) { |
||||
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = $this->parseCDATA($string); |
||||
|
||||
if ($string === '') return false; |
||||
$length = strlen($string); |
||||
if ($length === 1) return false; |
||||
if ($string[$length - 1] !== '%') return false; |
||||
|
||||
$number = substr($string, 0, $length - 1); |
||||
$number = $this->number_def->validate($number, $config, $context); |
||||
|
||||
if ($number === false) return false; |
||||
return "$number%"; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,38 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates the value for the CSS property text-decoration |
||||
* @note This class could be generalized into a version that acts sort of |
||||
* like Enum except you can compound the allowed values. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
static $allowed_values = array( |
||||
'line-through' => true, |
||||
'overline' => true, |
||||
'underline' => true, |
||||
); |
||||
|
||||
$string = strtolower($this->parseCDATA($string)); |
||||
|
||||
if ($string === 'none') return $string; |
||||
|
||||
$parts = explode(' ', $string); |
||||
$final = ''; |
||||
foreach ($parts as $part) { |
||||
if (isset($allowed_values[$part])) { |
||||
$final .= $part . ' '; |
||||
} |
||||
} |
||||
$final = rtrim($final); |
||||
if ($final === '') return false; |
||||
return $final; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,52 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a URI in CSS syntax, which uses url('http://example.com') |
||||
* @note While theoretically speaking a URI in a CSS document could |
||||
* be non-embedded, as of CSS2 there is no such usage so we're |
||||
* generalizing it. This may need to be changed in the future. |
||||
* @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as |
||||
* the separator, you cannot put a literal semicolon in |
||||
* in the URI. Try percent encoding it, in that case. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI |
||||
{ |
||||
|
||||
public function __construct() { |
||||
parent::__construct(true); // always embedded |
||||
} |
||||
|
||||
public function validate($uri_string, $config, $context) { |
||||
// parse the URI out of the string and then pass it onto |
||||
// the parent object |
||||
|
||||
$uri_string = $this->parseCDATA($uri_string); |
||||
if (strpos($uri_string, 'url(') !== 0) return false; |
||||
$uri_string = substr($uri_string, 4); |
||||
$new_length = strlen($uri_string) - 1; |
||||
if ($uri_string[$new_length] != ')') return false; |
||||
$uri = trim(substr($uri_string, 0, $new_length)); |
||||
|
||||
if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
||||
$quote = $uri[0]; |
||||
$new_length = strlen($uri) - 1; |
||||
if ($uri[$new_length] !== $quote) return false; |
||||
$uri = substr($uri, 1, $new_length - 1); |
||||
} |
||||
|
||||
$uri = $this->expandCSSEscape($uri); |
||||
|
||||
$result = parent::validate($uri, $config, $context); |
||||
|
||||
if ($result === false) return false; |
||||
|
||||
// extra sanity check; should have been done by URI |
||||
$result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
||||
|
||||
return "url(\"$result\")"; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,65 +0,0 @@ |
||||
<?php |
||||
|
||||
// Enum = Enumerated |
||||
/** |
||||
* Validates a keyword against a list of valid values. |
||||
* @warning The case-insensitive compare of this function uses PHP's |
||||
* built-in strtolower and ctype_lower functions, which may |
||||
* cause problems with international comparisons |
||||
*/ |
||||
class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Lookup table of valid values. |
||||
* @todo Make protected |
||||
*/ |
||||
public $valid_values = array(); |
||||
|
||||
/** |
||||
* Bool indicating whether or not enumeration is case sensitive. |
||||
* @note In general this is always case insensitive. |
||||
*/ |
||||
protected $case_sensitive = false; // values according to W3C spec |
||||
|
||||
/** |
||||
* @param $valid_values List of valid values |
||||
* @param $case_sensitive Bool indicating whether or not case sensitive |
||||
*/ |
||||
public function __construct( |
||||
$valid_values = array(), $case_sensitive = false |
||||
) { |
||||
$this->valid_values = array_flip($valid_values); |
||||
$this->case_sensitive = $case_sensitive; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$string = trim($string); |
||||
if (!$this->case_sensitive) { |
||||
// we may want to do full case-insensitive libraries |
||||
$string = ctype_lower($string) ? $string : strtolower($string); |
||||
} |
||||
$result = isset($this->valid_values[$string]); |
||||
|
||||
return $result ? $string : false; |
||||
} |
||||
|
||||
/** |
||||
* @param $string In form of comma-delimited list of case-insensitive |
||||
* valid values. Example: "foo,bar,baz". Prepend "s:" to make |
||||
* case sensitive |
||||
*/ |
||||
public function make($string) { |
||||
if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { |
||||
$string = substr($string, 2); |
||||
$sensitive = true; |
||||
} else { |
||||
$sensitive = false; |
||||
} |
||||
$values = explode(',', $string); |
||||
return new HTMLPurifier_AttrDef_Enum($values, $sensitive); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,28 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a boolean attribute |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $name; |
||||
public $minimized = true; |
||||
|
||||
public function __construct($name = false) {$this->name = $name;} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
if (empty($string)) return false; |
||||
return $this->name; |
||||
} |
||||
|
||||
/** |
||||
* @param $string Name of attribute |
||||
*/ |
||||
public function make($string) { |
||||
return new HTMLPurifier_AttrDef_HTML_Bool($string); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,34 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Implements special behavior for class attribute (normally NMTOKENS) |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens |
||||
{ |
||||
protected function split($string, $config, $context) { |
||||
// really, this twiddle should be lazy loaded |
||||
$name = $config->getDefinition('HTML')->doctype->name; |
||||
if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { |
||||
return parent::split($string, $config, $context); |
||||
} else { |
||||
return preg_split('/\s+/', $string); |
||||
} |
||||
} |
||||
protected function filter($tokens, $config, $context) { |
||||
$allowed = $config->get('Attr.AllowedClasses'); |
||||
$forbidden = $config->get('Attr.ForbiddenClasses'); |
||||
$ret = array(); |
||||
foreach ($tokens as $token) { |
||||
if ( |
||||
($allowed === null || isset($allowed[$token])) && |
||||
!isset($forbidden[$token]) && |
||||
// We need this O(n) check because of PHP's array |
||||
// implementation that casts -0 to 0. |
||||
!in_array($token, $ret, true) |
||||
) { |
||||
$ret[] = $token; |
||||
} |
||||
} |
||||
return $ret; |
||||
} |
||||
} |
||||
@ -1,32 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a color according to the HTML spec. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
static $colors = null; |
||||
if ($colors === null) $colors = $config->get('Core.ColorKeywords'); |
||||
|
||||
$string = trim($string); |
||||
|
||||
if (empty($string)) return false; |
||||
if (isset($colors[$string])) return $colors[$string]; |
||||
if ($string[0] === '#') $hex = substr($string, 1); |
||||
else $hex = $string; |
||||
|
||||
$length = strlen($hex); |
||||
if ($length !== 3 && $length !== 6) return false; |
||||
if (!ctype_xdigit($hex)) return false; |
||||
if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; |
||||
|
||||
return "#$hex"; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,21 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Special-case enum attribute definition that lazy loads allowed frame targets |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum |
||||
{ |
||||
|
||||
public $valid_values = false; // uninitialized value |
||||
protected $case_sensitive = false; |
||||
|
||||
public function __construct() {} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); |
||||
return parent::validate($string, $config, $context); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,70 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates the HTML attribute ID. |
||||
* @warning Even though this is the id processor, it |
||||
* will ignore the directive Attr:IDBlacklist, since it will only |
||||
* go according to the ID accumulator. Since the accumulator is |
||||
* automatically generated, it will have already absorbed the |
||||
* blacklist. If you're hacking around, make sure you use load()! |
||||
*/ |
||||
|
||||
class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
// ref functionality disabled, since we also have to verify |
||||
// whether or not the ID it refers to exists |
||||
|
||||
public function validate($id, $config, $context) { |
||||
|
||||
if (!$config->get('Attr.EnableID')) return false; |
||||
|
||||
$id = trim($id); // trim it first |
||||
|
||||
if ($id === '') return false; |
||||
|
||||
$prefix = $config->get('Attr.IDPrefix'); |
||||
if ($prefix !== '') { |
||||
$prefix .= $config->get('Attr.IDPrefixLocal'); |
||||
// prevent re-appending the prefix |
||||
if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
||||
} elseif ($config->get('Attr.IDPrefixLocal') !== '') { |
||||
trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
||||
'%Attr.IDPrefix is set', E_USER_WARNING); |
||||
} |
||||
|
||||
//if (!$this->ref) { |
||||
$id_accumulator =& $context->get('IDAccumulator'); |
||||
if (isset($id_accumulator->ids[$id])) return false; |
||||
//} |
||||
|
||||
// we purposely avoid using regex, hopefully this is faster |
||||
|
||||
if (ctype_alpha($id)) { |
||||
$result = true; |
||||
} else { |
||||
if (!ctype_alpha(@$id[0])) return false; |
||||
$trim = trim( // primitive style of regexps, I suppose |
||||
$id, |
||||
'A..Za..z0..9:-._' |
||||
); |
||||
$result = ($trim === ''); |
||||
} |
||||
|
||||
$regexp = $config->get('Attr.IDBlacklistRegexp'); |
||||
if ($regexp && preg_match($regexp, $id)) { |
||||
return false; |
||||
} |
||||
|
||||
if (/*!$this->ref && */$result) $id_accumulator->add($id); |
||||
|
||||
// if no change was made to the ID, return the result |
||||
// else, return the new id if stripping whitespace made it |
||||
// valid, or return false. |
||||
return $result ? $id : false; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,41 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates the HTML type length (not to be confused with CSS's length). |
||||
* |
||||
* This accepts integer pixels or percentages as lengths for certain |
||||
* HTML attributes. |
||||
*/ |
||||
|
||||
class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = trim($string); |
||||
if ($string === '') return false; |
||||
|
||||
$parent_result = parent::validate($string, $config, $context); |
||||
if ($parent_result !== false) return $parent_result; |
||||
|
||||
$length = strlen($string); |
||||
$last_char = $string[$length - 1]; |
||||
|
||||
if ($last_char !== '%') return false; |
||||
|
||||
$points = substr($string, 0, $length - 1); |
||||
|
||||
if (!is_numeric($points)) return false; |
||||
|
||||
$points = (int) $points; |
||||
|
||||
if ($points < 0) return '0%'; |
||||
if ($points > 100) return '100%'; |
||||
|
||||
return ((string) $points) . '%'; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,53 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a rel/rev link attribute against a directive of allowed values |
||||
* @note We cannot use Enum because link types allow multiple |
||||
* values. |
||||
* @note Assumes link types are ASCII text |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** Name config attribute to pull. */ |
||||
protected $name; |
||||
|
||||
public function __construct($name) { |
||||
$configLookup = array( |
||||
'rel' => 'AllowedRel', |
||||
'rev' => 'AllowedRev' |
||||
); |
||||
if (!isset($configLookup[$name])) { |
||||
trigger_error('Unrecognized attribute name for link '. |
||||
'relationship.', E_USER_ERROR); |
||||
return; |
||||
} |
||||
$this->name = $configLookup[$name]; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$allowed = $config->get('Attr.' . $this->name); |
||||
if (empty($allowed)) return false; |
||||
|
||||
$string = $this->parseCDATA($string); |
||||
$parts = explode(' ', $string); |
||||
|
||||
// lookup to prevent duplicates |
||||
$ret_lookup = array(); |
||||
foreach ($parts as $part) { |
||||
$part = strtolower(trim($part)); |
||||
if (!isset($allowed[$part])) continue; |
||||
$ret_lookup[$part] = true; |
||||
} |
||||
|
||||
if (empty($ret_lookup)) return false; |
||||
$string = implode(' ', array_keys($ret_lookup)); |
||||
|
||||
return $string; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,41 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a MultiLength as defined by the HTML spec. |
||||
* |
||||
* A multilength is either a integer (pixel count), a percentage, or |
||||
* a relative number. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = trim($string); |
||||
if ($string === '') return false; |
||||
|
||||
$parent_result = parent::validate($string, $config, $context); |
||||
if ($parent_result !== false) return $parent_result; |
||||
|
||||
$length = strlen($string); |
||||
$last_char = $string[$length - 1]; |
||||
|
||||
if ($last_char !== '*') return false; |
||||
|
||||
$int = substr($string, 0, $length - 1); |
||||
|
||||
if ($int == '') return '*'; |
||||
if (!is_numeric($int)) return false; |
||||
|
||||
$int = (int) $int; |
||||
|
||||
if ($int < 0) return false; |
||||
if ($int == 0) return '0'; |
||||
if ($int == 1) return '*'; |
||||
return ((string) $int) . '*'; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,52 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates contents based on NMTOKENS attribute type. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = trim($string); |
||||
|
||||
// early abort: '' and '0' (strings that convert to false) are invalid |
||||
if (!$string) return false; |
||||
|
||||
$tokens = $this->split($string, $config, $context); |
||||
$tokens = $this->filter($tokens, $config, $context); |
||||
if (empty($tokens)) return false; |
||||
return implode(' ', $tokens); |
||||
|
||||
} |
||||
|
||||
/** |
||||
* Splits a space separated list of tokens into its constituent parts. |
||||
*/ |
||||
protected function split($string, $config, $context) { |
||||
// OPTIMIZABLE! |
||||
// do the preg_match, capture all subpatterns for reformulation |
||||
|
||||
// we don't support U+00A1 and up codepoints or |
||||
// escaping because I don't know how to do that with regexps |
||||
// and plus it would complicate optimization efforts (you never |
||||
// see that anyway). |
||||
$pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start |
||||
'((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. |
||||
'(?:(?=\s)|\z)/'; // look ahead for space or string end |
||||
preg_match_all($pattern, $string, $matches); |
||||
return $matches[1]; |
||||
} |
||||
|
||||
/** |
||||
* Template method for removing certain tokens based on arbitrary criteria. |
||||
* @note If we wanted to be really functional, we'd do an array_filter |
||||
* with a callback. But... we're not. |
||||
*/ |
||||
protected function filter($tokens, $config, $context) { |
||||
return $tokens; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,48 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates an integer representation of pixels according to the HTML spec. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $max; |
||||
|
||||
public function __construct($max = null) { |
||||
$this->max = $max; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = trim($string); |
||||
if ($string === '0') return $string; |
||||
if ($string === '') return false; |
||||
$length = strlen($string); |
||||
if (substr($string, $length - 2) == 'px') { |
||||
$string = substr($string, 0, $length - 2); |
||||
} |
||||
if (!is_numeric($string)) return false; |
||||
$int = (int) $string; |
||||
|
||||
if ($int < 0) return '0'; |
||||
|
||||
// upper-bound value, extremely high values can |
||||
// crash operating systems, see <http://ha.ckers.org/imagecrash.html> |
||||
// WARNING, above link WILL crash you if you're using Windows |
||||
|
||||
if ($this->max !== null && $int > $this->max) return (string) $this->max; |
||||
|
||||
return (string) $int; |
||||
|
||||
} |
||||
|
||||
public function make($string) { |
||||
if ($string === '') $max = null; |
||||
else $max = (int) $string; |
||||
$class = get_class($this); |
||||
return new $class($max); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,73 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates an integer. |
||||
* @note While this class was modeled off the CSS definition, no currently |
||||
* allowed CSS uses this type. The properties that do are: widows, |
||||
* orphans, z-index, counter-increment, counter-reset. Some of the |
||||
* HTML attributes, however, find use for a non-negative version of this. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Bool indicating whether or not negative values are allowed |
||||
*/ |
||||
protected $negative = true; |
||||
|
||||
/** |
||||
* Bool indicating whether or not zero is allowed |
||||
*/ |
||||
protected $zero = true; |
||||
|
||||
/** |
||||
* Bool indicating whether or not positive values are allowed |
||||
*/ |
||||
protected $positive = true; |
||||
|
||||
/** |
||||
* @param $negative Bool indicating whether or not negative values are allowed |
||||
* @param $zero Bool indicating whether or not zero is allowed |
||||
* @param $positive Bool indicating whether or not positive values are allowed |
||||
*/ |
||||
public function __construct( |
||||
$negative = true, $zero = true, $positive = true |
||||
) { |
||||
$this->negative = $negative; |
||||
$this->zero = $zero; |
||||
$this->positive = $positive; |
||||
} |
||||
|
||||
public function validate($integer, $config, $context) { |
||||
|
||||
$integer = $this->parseCDATA($integer); |
||||
if ($integer === '') return false; |
||||
|
||||
// we could possibly simply typecast it to integer, but there are |
||||
// certain fringe cases that must not return an integer. |
||||
|
||||
// clip leading sign |
||||
if ( $this->negative && $integer[0] === '-' ) { |
||||
$digits = substr($integer, 1); |
||||
if ($digits === '0') $integer = '0'; // rm minus sign for zero |
||||
} elseif( $this->positive && $integer[0] === '+' ) { |
||||
$digits = $integer = substr($integer, 1); // rm unnecessary plus |
||||
} else { |
||||
$digits = $integer; |
||||
} |
||||
|
||||
// test if it's numeric |
||||
if (!ctype_digit($digits)) return false; |
||||
|
||||
// perform scope tests |
||||
if (!$this->zero && $integer == 0) return false; |
||||
if (!$this->positive && $integer > 0) return false; |
||||
if (!$this->negative && $integer < 0) return false; |
||||
|
||||
return $integer; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,73 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates the HTML attribute lang, effectively a language code. |
||||
* @note Built according to RFC 3066, which obsoleted RFC 1766 |
||||
*/ |
||||
class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
|
||||
$string = trim($string); |
||||
if (!$string) return false; |
||||
|
||||
$subtags = explode('-', $string); |
||||
$num_subtags = count($subtags); |
||||
|
||||
if ($num_subtags == 0) return false; // sanity check |
||||
|
||||
// process primary subtag : $subtags[0] |
||||
$length = strlen($subtags[0]); |
||||
switch ($length) { |
||||
case 0: |
||||
return false; |
||||
case 1: |
||||
if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { |
||||
return false; |
||||
} |
||||
break; |
||||
case 2: |
||||
case 3: |
||||
if (! ctype_alpha($subtags[0]) ) { |
||||
return false; |
||||
} elseif (! ctype_lower($subtags[0]) ) { |
||||
$subtags[0] = strtolower($subtags[0]); |
||||
} |
||||
break; |
||||
default: |
||||
return false; |
||||
} |
||||
|
||||
$new_string = $subtags[0]; |
||||
if ($num_subtags == 1) return $new_string; |
||||
|
||||
// process second subtag : $subtags[1] |
||||
$length = strlen($subtags[1]); |
||||
if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { |
||||
return $new_string; |
||||
} |
||||
if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); |
||||
|
||||
$new_string .= '-' . $subtags[1]; |
||||
if ($num_subtags == 2) return $new_string; |
||||
|
||||
// process all other subtags, index 2 and up |
||||
for ($i = 2; $i < $num_subtags; $i++) { |
||||
$length = strlen($subtags[$i]); |
||||
if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) { |
||||
return $new_string; |
||||
} |
||||
if (!ctype_lower($subtags[$i])) { |
||||
$subtags[$i] = strtolower($subtags[$i]); |
||||
} |
||||
$new_string .= '-' . $subtags[$i]; |
||||
} |
||||
|
||||
return $new_string; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,34 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Decorator that, depending on a token, switches between two definitions. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_Switch |
||||
{ |
||||
|
||||
protected $tag; |
||||
protected $withTag, $withoutTag; |
||||
|
||||
/** |
||||
* @param string $tag Tag name to switch upon |
||||
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag |
||||
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token |
||||
*/ |
||||
public function __construct($tag, $with_tag, $without_tag) { |
||||
$this->tag = $tag; |
||||
$this->withTag = $with_tag; |
||||
$this->withoutTag = $without_tag; |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$token = $context->get('CurrentToken', true); |
||||
if (!$token || $token->name !== $this->tag) { |
||||
return $this->withoutTag->validate($string, $config, $context); |
||||
} else { |
||||
return $this->withTag->validate($string, $config, $context); |
||||
} |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,15 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates arbitrary text according to the HTML spec. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
return $this->parseCDATA($string); |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,77 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a URI as defined by RFC 3986. |
||||
* @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme |
||||
*/ |
||||
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
protected $parser; |
||||
protected $embedsResource; |
||||
|
||||
/** |
||||
* @param $embeds_resource_resource Does the URI here result in an extra HTTP request? |
||||
*/ |
||||
public function __construct($embeds_resource = false) { |
||||
$this->parser = new HTMLPurifier_URIParser(); |
||||
$this->embedsResource = (bool) $embeds_resource; |
||||
} |
||||
|
||||
public function make($string) { |
||||
$embeds = (bool) $string; |
||||
return new HTMLPurifier_AttrDef_URI($embeds); |
||||
} |
||||
|
||||
public function validate($uri, $config, $context) { |
||||
|
||||
if ($config->get('URI.Disable')) return false; |
||||
|
||||
$uri = $this->parseCDATA($uri); |
||||
|
||||
// parse the URI |
||||
$uri = $this->parser->parse($uri); |
||||
if ($uri === false) return false; |
||||
|
||||
// add embedded flag to context for validators |
||||
$context->register('EmbeddedURI', $this->embedsResource); |
||||
|
||||
$ok = false; |
||||
do { |
||||
|
||||
// generic validation |
||||
$result = $uri->validate($config, $context); |
||||
if (!$result) break; |
||||
|
||||
// chained filtering |
||||
$uri_def = $config->getDefinition('URI'); |
||||
$result = $uri_def->filter($uri, $config, $context); |
||||
if (!$result) break; |
||||
|
||||
// scheme-specific validation |
||||
$scheme_obj = $uri->getSchemeObj($config, $context); |
||||
if (!$scheme_obj) break; |
||||
if ($this->embedsResource && !$scheme_obj->browsable) break; |
||||
$result = $scheme_obj->validate($uri, $config, $context); |
||||
if (!$result) break; |
||||
|
||||
// Post chained filtering |
||||
$result = $uri_def->postFilter($uri, $config, $context); |
||||
if (!$result) break; |
||||
|
||||
// survived gauntlet |
||||
$ok = true; |
||||
|
||||
} while (false); |
||||
|
||||
$context->destroy('EmbeddedURI'); |
||||
if (!$ok) return false; |
||||
|
||||
// back to string |
||||
return $uri->toString(); |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,17 +0,0 @@ |
||||
<?php |
||||
|
||||
abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Unpacks a mailbox into its display-name and address |
||||
*/ |
||||
function unpack($string) { |
||||
// needs to be implemented |
||||
} |
||||
|
||||
} |
||||
|
||||
// sub-implementations |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,21 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Primitive email validation class based on the regexp found at |
||||
* http://www.regular-expressions.info/email.html |
||||
*/ |
||||
class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email |
||||
{ |
||||
|
||||
public function validate($string, $config, $context) { |
||||
// no support for named mailboxes i.e. "Bob <bob@example.com>" |
||||
// that needs more percent encoding to be done |
||||
if ($string == '') return false; |
||||
$string = trim($string); |
||||
$result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); |
||||
return $result ? $string : false; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,68 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates a host according to the IPv4, IPv6 and DNS (future) specifications. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator |
||||
*/ |
||||
protected $ipv4; |
||||
|
||||
/** |
||||
* Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator |
||||
*/ |
||||
protected $ipv6; |
||||
|
||||
public function __construct() { |
||||
$this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); |
||||
$this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); |
||||
} |
||||
|
||||
public function validate($string, $config, $context) { |
||||
$length = strlen($string); |
||||
// empty hostname is OK; it's usually semantically equivalent: |
||||
// the default host as defined by a URI scheme is used: |
||||
// |
||||
// If the URI scheme defines a default for host, then that |
||||
// default applies when the host subcomponent is undefined |
||||
// or when the registered name is empty (zero length). |
||||
if ($string === '') return ''; |
||||
if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { |
||||
//IPv6 |
||||
$ip = substr($string, 1, $length - 2); |
||||
$valid = $this->ipv6->validate($ip, $config, $context); |
||||
if ($valid === false) return false; |
||||
return '['. $valid . ']'; |
||||
} |
||||
|
||||
// need to do checks on unusual encodings too |
||||
$ipv4 = $this->ipv4->validate($string, $config, $context); |
||||
if ($ipv4 !== false) return $ipv4; |
||||
|
||||
// A regular domain name. |
||||
|
||||
// This breaks I18N domain names, but we don't have proper IRI support, |
||||
// so force users to insert Punycode. If there's complaining we'll |
||||
// try to fix things into an international friendly form. |
||||
|
||||
// The productions describing this are: |
||||
$a = '[a-z]'; // alpha |
||||
$an = '[a-z0-9]'; // alphanum |
||||
$and = '[a-z0-9-]'; // alphanum | "-" |
||||
// domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum |
||||
$domainlabel = "$an($and*$an)?"; |
||||
// toplabel = alpha | alpha *( alphanum | "-" ) alphanum |
||||
$toplabel = "$a($and*$an)?"; |
||||
// hostname = *( domainlabel "." ) toplabel [ "." ] |
||||
$match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string); |
||||
if (!$match) return false; |
||||
|
||||
return $string; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,39 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates an IPv4 address |
||||
* @author Feyd @ forums.devnetwork.net (public domain) |
||||
*/ |
||||
class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef |
||||
{ |
||||
|
||||
/** |
||||
* IPv4 regex, protected so that IPv6 can reuse it |
||||
*/ |
||||
protected $ip4; |
||||
|
||||
public function validate($aIP, $config, $context) { |
||||
|
||||
if (!$this->ip4) $this->_loadRegex(); |
||||
|
||||
if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) |
||||
{ |
||||
return $aIP; |
||||
} |
||||
|
||||
return false; |
||||
|
||||
} |
||||
|
||||
/** |
||||
* Lazy load function to prevent regex from being stuffed in |
||||
* cache. |
||||
*/ |
||||
protected function _loadRegex() { |
||||
$oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 |
||||
$this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,99 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Validates an IPv6 address. |
||||
* @author Feyd @ forums.devnetwork.net (public domain) |
||||
* @note This function requires brackets to have been removed from address |
||||
* in URI. |
||||
*/ |
||||
class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4 |
||||
{ |
||||
|
||||
public function validate($aIP, $config, $context) { |
||||
|
||||
if (!$this->ip4) $this->_loadRegex(); |
||||
|
||||
$original = $aIP; |
||||
|
||||
$hex = '[0-9a-fA-F]'; |
||||
$blk = '(?:' . $hex . '{1,4})'; |
||||
$pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128 |
||||
|
||||
// prefix check |
||||
if (strpos($aIP, '/') !== false) |
||||
{ |
||||
if (preg_match('#' . $pre . '$#s', $aIP, $find)) |
||||
{ |
||||
$aIP = substr($aIP, 0, 0-strlen($find[0])); |
||||
unset($find); |
||||
} |
||||
else |
||||
{ |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
// IPv4-compatiblity check |
||||
if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find)) |
||||
{ |
||||
$aIP = substr($aIP, 0, 0-strlen($find[0])); |
||||
$ip = explode('.', $find[0]); |
||||
$ip = array_map('dechex', $ip); |
||||
$aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; |
||||
unset($find, $ip); |
||||
} |
||||
|
||||
// compression check |
||||
$aIP = explode('::', $aIP); |
||||
$c = count($aIP); |
||||
if ($c > 2) |
||||
{ |
||||
return false; |
||||
} |
||||
elseif ($c == 2) |
||||
{ |
||||
list($first, $second) = $aIP; |
||||
$first = explode(':', $first); |
||||
$second = explode(':', $second); |
||||
|
||||
if (count($first) + count($second) > 8) |
||||
{ |
||||
return false; |
||||
} |
||||
|
||||
while(count($first) < 8) |
||||
{ |
||||
array_push($first, '0'); |
||||
} |
||||
|
||||
array_splice($first, 8 - count($second), 8, $second); |
||||
$aIP = $first; |
||||
unset($first,$second); |
||||
} |
||||
else |
||||
{ |
||||
$aIP = explode(':', $aIP[0]); |
||||
} |
||||
$c = count($aIP); |
||||
|
||||
if ($c != 8) |
||||
{ |
||||
return false; |
||||
} |
||||
|
||||
// All the pieces should be 16-bit hex strings. Are they? |
||||
foreach ($aIP as $piece) |
||||
{ |
||||
if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) |
||||
{ |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
return $original; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,6 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
</head> |
||||
<body> |
||||
</body> |
||||
</html> |
||||
@ -1,56 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Processes an entire attribute array for corrections needing multiple values. |
||||
* |
||||
* Occasionally, a certain attribute will need to be removed and popped onto |
||||
* another value. Instead of creating a complex return syntax for |
||||
* HTMLPurifier_AttrDef, we just pass the whole attribute array to a |
||||
* specialized object and have that do the special work. That is the |
||||
* family of HTMLPurifier_AttrTransform. |
||||
* |
||||
* An attribute transformation can be assigned to run before or after |
||||
* HTMLPurifier_AttrDef validation. See HTMLPurifier_HTMLDefinition for |
||||
* more details. |
||||
*/ |
||||
|
||||
abstract class HTMLPurifier_AttrTransform |
||||
{ |
||||
|
||||
/** |
||||
* Abstract: makes changes to the attributes dependent on multiple values. |
||||
* |
||||
* @param $attr Assoc array of attributes, usually from |
||||
* HTMLPurifier_Token_Tag::$attr |
||||
* @param $config Mandatory HTMLPurifier_Config object. |
||||
* @param $context Mandatory HTMLPurifier_Context object |
||||
* @returns Processed attribute array. |
||||
*/ |
||||
abstract public function transform($attr, $config, $context); |
||||
|
||||
/** |
||||
* Prepends CSS properties to the style attribute, creating the |
||||
* attribute if it doesn't exist. |
||||
* @param $attr Attribute array to process (passed by reference) |
||||
* @param $css CSS to prepend |
||||
*/ |
||||
public function prependCSS(&$attr, $css) { |
||||
$attr['style'] = isset($attr['style']) ? $attr['style'] : ''; |
||||
$attr['style'] = $css . $attr['style']; |
||||
} |
||||
|
||||
/** |
||||
* Retrieves and removes an attribute |
||||
* @param $attr Attribute array to process (passed by reference) |
||||
* @param $key Key of attribute to confiscate |
||||
*/ |
||||
public function confiscateAttr(&$attr, $key) { |
||||
if (!isset($attr[$key])) return null; |
||||
$value = $attr[$key]; |
||||
unset($attr[$key]); |
||||
return $value; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,23 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Pre-transform that changes proprietary background attribute to CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform { |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
|
||||
if (!isset($attr['background'])) return $attr; |
||||
|
||||
$background = $this->confiscateAttr($attr, 'background'); |
||||
// some validation should happen here |
||||
|
||||
$this->prependCSS($attr, "background-image:url($background);"); |
||||
|
||||
return $attr; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,19 +0,0 @@ |
||||
<?php |
||||
|
||||
// this MUST be placed in post, as it assumes that any value in dir is valid |
||||
|
||||
/** |
||||
* Post-trasnform that ensures that bdo tags have the dir attribute set. |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform |
||||
{ |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
if (isset($attr['dir'])) return $attr; |
||||
$attr['dir'] = $config->get('Attr.DefaultTextDir'); |
||||
return $attr; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,23 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Pre-transform that changes deprecated bgcolor attribute to CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform { |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
|
||||
if (!isset($attr['bgcolor'])) return $attr; |
||||
|
||||
$bgcolor = $this->confiscateAttr($attr, 'bgcolor'); |
||||
// some validation should happen here |
||||
|
||||
$this->prependCSS($attr, "background-color:$bgcolor;"); |
||||
|
||||
return $attr; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,36 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Pre-transform that changes converts a boolean attribute to fixed CSS |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform { |
||||
|
||||
/** |
||||
* Name of boolean attribute that is trigger |
||||
*/ |
||||
protected $attr; |
||||
|
||||
/** |
||||
* CSS declarations to add to style, needs trailing semicolon |
||||
*/ |
||||
protected $css; |
||||
|
||||
/** |
||||
* @param $attr string attribute name to convert from |
||||
* @param $css string CSS declarations to add to style (needs semicolon) |
||||
*/ |
||||
public function __construct($attr, $css) { |
||||
$this->attr = $attr; |
||||
$this->css = $css; |
||||
} |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
if (!isset($attr[$this->attr])) return $attr; |
||||
unset($attr[$this->attr]); |
||||
$this->prependCSS($attr, $this->css); |
||||
return $attr; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,18 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Pre-transform that changes deprecated border attribute to CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform { |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
if (!isset($attr['border'])) return $attr; |
||||
$border_width = $this->confiscateAttr($attr, 'border'); |
||||
// some validation should happen here |
||||
$this->prependCSS($attr, "border:{$border_width}px solid;"); |
||||
return $attr; |
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,58 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Generic pre-transform that converts an attribute with a fixed number of |
||||
* values (enumerated) to CSS. |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform { |
||||
|
||||
/** |
||||
* Name of attribute to transform from |
||||
*/ |
||||
protected $attr; |
||||
|
||||
/** |
||||
* Lookup array of attribute values to CSS |
||||
*/ |
||||
protected $enumToCSS = array(); |
||||
|
||||
/** |
||||
* Case sensitivity of the matching |
||||
* @warning Currently can only be guaranteed to work with ASCII |
||||
* values. |
||||
*/ |
||||
protected $caseSensitive = false; |
||||
|
||||
/** |
||||
* @param $attr String attribute name to transform from |
||||
* @param $enumToCSS Lookup array of attribute values to CSS |
||||
* @param $case_sensitive Boolean case sensitivity indicator, default false |
||||
*/ |
||||
public function __construct($attr, $enum_to_css, $case_sensitive = false) { |
||||
$this->attr = $attr; |
||||
$this->enumToCSS = $enum_to_css; |
||||
$this->caseSensitive = (bool) $case_sensitive; |
||||
} |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
|
||||
if (!isset($attr[$this->attr])) return $attr; |
||||
|
||||
$value = trim($attr[$this->attr]); |
||||
unset($attr[$this->attr]); |
||||
|
||||
if (!$this->caseSensitive) $value = strtolower($value); |
||||
|
||||
if (!isset($this->enumToCSS[$value])) { |
||||
return $attr; |
||||
} |
||||
|
||||
$this->prependCSS($attr, $this->enumToCSS[$value]); |
||||
|
||||
return $attr; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
@ -1,44 +0,0 @@ |
||||
<?php |
||||
|
||||
/** |
||||
* Pre-transform that changes deprecated hspace and vspace attributes to CSS |
||||
*/ |
||||
class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform { |
||||
|
||||
protected $attr; |
||||
protected $css = array( |
||||
'hspace' => array('left', 'right'), |
||||
'vspace' => array('top', 'bottom') |
||||
); |
||||
|
||||
public function __construct($attr) { |
||||
$this->attr = $attr; |
||||
if (!isset($this->css[$attr])) { |
||||
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute'); |
||||
} |
||||
} |
||||
|
||||
public function transform($attr, $config, $context) { |
||||
|
||||
if (!isset($attr[$this->attr])) return $attr; |
||||
|
||||
$width = $this->confiscateAttr($attr, $this->attr); |
||||
// some validation could happen here |
||||
|
||||
if (!isset($this->css[$this->attr])) return $attr; |
||||
|
||||
$style = ''; |
||||
foreach ($this->css[$this->attr] as $suffix) { |
||||
$property = "margin-$suffix"; |
||||
$style .= "$property:{$width}px;"; |
||||
} |
||||
|
||||
$this->prependCSS($attr, $style); |
||||
|
||||
return $attr; |
||||
|
||||
} |
||||
|
||||
} |
||||
|
||||
// vim: et sw=4 sts=4 |
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue