HTMLPurifier_HTMLDefinition - Code Metrics - Inspection of "Web: update scrutinizer settings" - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( eb6d5e...9d1a7a )

by Christian

created 2017-03-10 14:57 UTC

HTMLPurifier_HTMLDefinition C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	466
Duplicated Lines	12.23 %

Coupling/Cohesion

Components	1
Dependencies	7

Importance

Changes

Metric	Value
dl	57
loc	466
rs	5.6163
c	0
b	0
f	0
wmc	70
lcom	1
cbo	7

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like HTMLPurifier_HTMLDefinition often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use HTMLPurifier_HTMLDefinition, and based on these observations, apply Extract Interface, too.

<?php

/**
 * Definition of the purified HTML that describes allowed children,
 * attributes, and many other things.
 *
 * Conventions:
 *
 * All member variables that are prefixed with info
 * (including the main $info array) are used by HTML Purifier internals
 * and should not be directly edited when customizing the HTMLDefinition.
 * They can usually be set via configuration directives or custom
 * modules.
 *
 * On the other hand, member variables without the info prefix are used
 * internally by the HTMLDefinition and MUST NOT be used by other HTML
 * Purifier internals. Many of them, however, are public, and may be
 * edited by userspace code to tweak the behavior of HTMLDefinition.
 *
 * @note This class is inspected by Printer_HTMLDefinition; please
 *       update that class if things here change.
 *
 * @warning Directives that change this object's structure must be in
 *          the HTML or Attr namespace!
 */
class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
{

    // FULLY-PUBLIC VARIABLES ---------------------------------------------

    /**
     * Associative array of element names to HTMLPurifier_ElementDef.
     * @type HTMLPurifier_ElementDef[]
     */
    public $info = array();

    /**
     * Associative array of global attribute name to attribute definition.
     * @type array
     */
    public $info_global_attr = array();

    /**
     * String name of parent element HTML will be going into.
     * @type string
     */
    public $info_parent = 'div';

    /**
     * Definition for parent element, allows parent element to be a
     * tag that's not allowed inside the HTML fragment.
     * @type HTMLPurifier_ElementDef
     */
    public $info_parent_def;

    /**
     * String name of element used to wrap inline elements in block context.
     * @type string
     * @note This is rarely used except for BLOCKQUOTEs in strict mode
     */
    public $info_block_wrapper = 'p';

    /**
     * Associative array of deprecated tag name to HTMLPurifier_TagTransform.
     * @type array
     */
    public $info_tag_transform = array();

    /**
     * Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
     * @type HTMLPurifier_AttrTransform[]
     */
    public $info_attr_transform_pre = array();

    /**
     * Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
     * @type HTMLPurifier_AttrTransform[]
     */
    public $info_attr_transform_post = array();

    /**
     * Nested lookup array of content set name (Block, Inline) to
     * element name to whether or not it belongs in that content set.
     * @type array
     */
    public $info_content_sets = array();

    /**
     * Indexed list of HTMLPurifier_Injector to be used.
     * @type HTMLPurifier_Injector[]
     */
    public $info_injector = array();

    /**
     * Doctype object
     * @type HTMLPurifier_Doctype
     */
    public $doctype;



    // RAW CUSTOMIZATION STUFF --------------------------------------------

    /**
     * Adds a custom attribute to a pre-existing element
     * @note This is strictly convenience, and does not have a corresponding
     *       method in HTMLPurifier_HTMLModule
     * @param string $element_name Element name to add attribute to
     * @param string $attr_name Name of attribute
     * @param mixed $def Attribute definition, can be string or object, see
     *             HTMLPurifier_AttrTypes for details
     */
    public function addAttribute($element_name, $attr_name, $def)
    {
        $module = $this->getAnonymousModule();
        if (!isset($module->info[$element_name])) {
            $element = $module->addBlankElement($element_name);
        } else {
            $element = $module->info[$element_name];
        }
        $element->attr[$attr_name] = $def;
    }

    /**
     * Adds a custom element to your HTML definition
     * @see HTMLPurifier_HTMLModule::addElement() for detailed
     *       parameter and return value descriptions.
     */
    public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array())
    {
        $module = $this->getAnonymousModule();
        // assume that if the user is calling this, the element
        // is safe. This may not be a good idea
        $element = $module->addElement($element_name, $type, $contents, $attr_collections, $attributes);
        return $element;
    }

    /**
     * Adds a blank element to your HTML definition, for overriding
     * existing behavior
     * @param string $element_name
     * @return HTMLPurifier_ElementDef
     * @see HTMLPurifier_HTMLModule::addBlankElement() for detailed
     *       parameter and return value descriptions.
     */
    public function addBlankElement($element_name)
    {
        $module  = $this->getAnonymousModule();
        $element = $module->addBlankElement($element_name);
        return $element;
    }

    /**
     * Retrieves a reference to the anonymous module, so you can
     * bust out advanced features without having to make your own
     * module.
     * @return HTMLPurifier_HTMLModule
     */
    public function getAnonymousModule()
    {
        if (!$this->_anonModule) {
            $this->_anonModule = new HTMLPurifier_HTMLModule();
            $this->_anonModule->name = 'Anonymous';
        }
        return $this->_anonModule;
    }

    private $_anonModule = null;

    // PUBLIC BUT INTERNAL VARIABLES --------------------------------------

    /**
     * @type string
     */
    public $type = 'HTML';

    /**
     * @type HTMLPurifier_HTMLModuleManager
     */
    public $manager;

    /**
     * Performs low-cost, preliminary initialization.
     */
    public function __construct()
    {
        $this->manager = new HTMLPurifier_HTMLModuleManager();
    }

    /**
     * @param HTMLPurifier_Config $config
     */
    protected function doSetup($config)
    {
        $this->processModules($config);
        $this->setupConfigStuff($config);
        unset($this->manager);

        // cleanup some of the element definitions
        foreach ($this->info as $k => $v) {
            unset($this->info[$k]->content_model);
            unset($this->info[$k]->content_model_type);
        }
    }

    /**
     * Extract out the information from the manager
     * @param HTMLPurifier_Config $config
     */
    protected function processModules($config)
    {
        if ($this->_anonModule) {
            // for user specific changes
            // this is late-loaded so we don't have to deal with PHP4
            // reference wonky-ness
            $this->manager->addModule($this->_anonModule);
            unset($this->_anonModule);
        }

        $this->manager->setup($config);
        $this->doctype = $this->manager->doctype;

        foreach ($this->manager->modules as $module) {
            foreach ($module->info_tag_transform as $k => $v) {
                if ($v === false) {
                    unset($this->info_tag_transform[$k]);
                } else {
                    $this->info_tag_transform[$k] = $v;
                }
            }
            foreach ($module->info_attr_transform_pre as $k => $v) {
                if ($v === false) {
                    unset($this->info_attr_transform_pre[$k]);
                } else {
                    $this->info_attr_transform_pre[$k] = $v;
                }
            }
            foreach ($module->info_attr_transform_post as $k => $v) {
                if ($v === false) {
                    unset($this->info_attr_transform_post[$k]);
                } else {
                    $this->info_attr_transform_post[$k] = $v;
                }
            }
            foreach ($module->info_injector as $k => $v) {
                if ($v === false) {
                    unset($this->info_injector[$k]);
                } else {
                    $this->info_injector[$k] = $v;
                }
            }
        }
        $this->info = $this->manager->getElements();
        $this->info_content_sets = $this->manager->contentSets->lookup;
    }

    /**
     * Sets up stuff based on config. We need a better way of doing this.
     * @param HTMLPurifier_Config $config
     */
    protected function setupConfigStuff($config)
    {
        $block_wrapper = $config->get('HTML.BlockWrapper');
        if (isset($this->info_content_sets['Block'][$block_wrapper])) {
            $this->info_block_wrapper = $block_wrapper;
        } else {
            trigger_error(
                'Cannot use non-block element as block wrapper',
                E_USER_ERROR
            );
        }

        $parent = $config->get('HTML.Parent');
        $def = $this->manager->getElement($parent, true);
        if ($def) {
            $this->info_parent = $parent;
            $this->info_parent_def = $def;
        } else {
            trigger_error(
                'Cannot use unrecognized element as parent',
                E_USER_ERROR
            );
            $this->info_parent_def = $this->manager->getElement($this->info_parent, true);
        }

        // support template text
        $support = "(for information on implementing this, see the support forums) ";

        // setup allowed elements -----------------------------------------

        $allowed_elements = $config->get('HTML.AllowedElements');
        $allowed_attributes = $config->get('HTML.AllowedAttributes'); // retrieve early

        if (!is_array($allowed_elements) && !is_array($allowed_attributes)) {
            $allowed = $config->get('HTML.Allowed');
            if (is_string($allowed)) {
                list($allowed_elements, $allowed_attributes) = $this->parseTinyMCEAllowedList($allowed);
            }
        }

        if (is_array($allowed_elements)) {
            foreach ($this->info as $name => $d) {
                if (!isset($allowed_elements[$name])) {
                    unset($this->info[$name]);
                }
                unset($allowed_elements[$name]);
            }
            // emit errors
            foreach ($allowed_elements as $element => $d) {
                $element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
                trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
            }
        }

        // setup allowed attributes ---------------------------------------

        $allowed_attributes_mutable = $allowed_attributes; // by copy!
        if (is_array($allowed_attributes)) {
            // This actually doesn't do anything, since we went away from
            // global attributes. It's possible that userland code uses
            // it, but HTMLModuleManager doesn't!
            foreach ($this->info_global_attr as $attr => $x) {
                $keys = array($attr, "*@$attr", "*.$attr");
                $delete = true;
                foreach ($keys as $key) {
                    if ($delete && isset($allowed_attributes[$key])) {
                        $delete = false;
                    }
                    if (isset($allowed_attributes_mutable[$key])) {
                        unset($allowed_attributes_mutable[$key]);
                    }
                }
                if ($delete) {
                    unset($this->info_global_attr[$attr]);
                }
            }

            foreach ($this->info as $tag => $info) {
                foreach ($info->attr as $attr => $x) {
                    $keys = array("$tag@$attr", $attr, "*@$attr", "$tag.$attr", "*.$attr");
                    $delete = true;
                    foreach ($keys as $key) {
                        if ($delete && isset($allowed_attributes[$key])) {
                            $delete = false;
                        }
                        if (isset($allowed_attributes_mutable[$key])) {
                            unset($allowed_attributes_mutable[$key]);
                        }
                    }
                    if ($delete) {
                        if ($this->info[$tag]->attr[$attr]->required) {
                            trigger_error(
                                "Required attribute '$attr' in element '$tag' " .
                                "was not allowed, which means '$tag' will not be allowed either",
                                E_USER_WARNING
                            );
                        }
                        unset($this->info[$tag]->attr[$attr]);
                    }
                }
            }
            // emit errors
            foreach ($allowed_attributes_mutable as $elattr => $d) {
                $bits = preg_split('/[.@]/', $elattr, 2);
                $c = count($bits);
                switch ($c) {
                    case 2:
                        if ($bits[0] !== '*') {
                            $element = htmlspecialchars($bits[0]);
                            $attribute = htmlspecialchars($bits[1]);
                            if (!isset($this->info[$element])) {
                                trigger_error(
                                    "Cannot allow attribute '$attribute' if element " .
                                    "'$element' is not allowed/supported $support"
                                );
                            } else {
                                trigger_error(
                                    "Attribute '$attribute' in element '$element' not supported $support",
                                    E_USER_WARNING
                                );
                            }
                            break;
                        }
                        // otherwise fall through
                    case 1:
                        $attribute = htmlspecialchars($bits[0]);
                        trigger_error(
                            "Global attribute '$attribute' is not ".
                            "supported in any elements $support",
                            E_USER_WARNING
                        );
                        break;
                }
            }
        }

        // setup forbidden elements ---------------------------------------

        $forbidden_elements   = $config->get('HTML.ForbiddenElements');
        $forbidden_attributes = $config->get('HTML.ForbiddenAttributes');

        foreach ($this->info as $tag => $info) {
            if (isset($forbidden_elements[$tag])) {
                unset($this->info[$tag]);
                continue;
            }
            foreach ($info->attr as $attr => $x) {
                if (isset($forbidden_attributes["$tag@$attr"]) ||
                    isset($forbidden_attributes["*@$attr"]) ||
                    isset($forbidden_attributes[$attr])
                ) {
                    unset($this->info[$tag]->attr[$attr]);
                    continue;
                } elseif (isset($forbidden_attributes["$tag.$attr"])) { // this segment might get removed eventually
                    // $tag.$attr are not user supplied, so no worries!
                    trigger_error(
                        "Error with $tag.$attr: tag.attr syntax not supported for " .
                        "HTML.ForbiddenAttributes; use tag@attr instead",
                        E_USER_WARNING
                    );
                }
            }
        }
        foreach ($forbidden_attributes as $key => $v) {
            if (strlen($key) < 2) {
                continue;
            }
            if ($key[0] != '*') {
                continue;
            }
            if ($key[1] == '.') {
                trigger_error(
                    "Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead",
                    E_USER_WARNING
                );
            }
        }

        // setup injectors -----------------------------------------------------
        foreach ($this->info_injector as $i => $injector) {
            if ($injector->checkNeeded($config) !== false) {
                // remove injector that does not have it's required
                // elements/attributes present, and is thus not needed.
                unset($this->info_injector[$i]);
            }
        }
    }

    /**
     * Parses a TinyMCE-flavored Allowed Elements and Attributes list into
     * separate lists for processing. Format is element[attr1|attr2],element2...
     * @warning Although it's largely drawn from TinyMCE's implementation,
     *      it is different, and you'll probably have to modify your lists
     * @param array $list String list to parse
     * @return array
     * @todo Give this its own class, probably static interface
     */
    public function parseTinyMCEAllowedList($list)
    {
        $list = str_replace(array(' ', "\t"), '', $list);

        $elements = array();
        $attributes = array();

        $chunks = preg_split('/(,|[\n\r]+)/', $list);
        foreach ($chunks as $chunk) {
            if (empty($chunk)) {
                continue;
            }
            // remove TinyMCE element control characters
            if (!strpos($chunk, '[')) {
                $element = $chunk;
                $attr = false;
            } else {
                list($element, $attr) = explode('[', $chunk);
            }
            if ($element !== '*') {
                $elements[$element] = true;
            }
            if (!$attr) {
                continue;
            }
            $attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ]
            $attr = explode('|', $attr);
            foreach ($attr as $key) {
                $attributes["$element.$key"] = true;
            }
        }
        return array($elements, $attributes);
    }
}

// vim: et sw=4 sts=4


1			<?php
2
3			/**
4			* Definition of the purified HTML that describes allowed children,
5			* attributes, and many other things.
6			*
7			* Conventions:
8			*
9			* All member variables that are prefixed with info
10			* (including the main $info array) are used by HTML Purifier internals
11			* and should not be directly edited when customizing the HTMLDefinition.
12			* They can usually be set via configuration directives or custom
13			* modules.
14			*
15			* On the other hand, member variables without the info prefix are used
16			* internally by the HTMLDefinition and MUST NOT be used by other HTML
17			* Purifier internals. Many of them, however, are public, and may be
18			* edited by userspace code to tweak the behavior of HTMLDefinition.
19			*
20			* @note This class is inspected by Printer_HTMLDefinition; please
21			* update that class if things here change.
22			*
23			* @warning Directives that change this object's structure must be in
24			* the HTML or Attr namespace!
25			*/
26			class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
27			{
28
29			// FULLY-PUBLIC VARIABLES ---------------------------------------------
30
31			/**
32			* Associative array of element names to HTMLPurifier_ElementDef.
33			* @type HTMLPurifier_ElementDef[]
34			*/
35			public $info = array();
36
37			/**
38			* Associative array of global attribute name to attribute definition.
39			* @type array
40			*/
41			public $info_global_attr = array();
42
43			/**
44			* String name of parent element HTML will be going into.
45			* @type string
46			*/
47			public $info_parent = 'div';
48
49			/**
50			* Definition for parent element, allows parent element to be a
51			* tag that's not allowed inside the HTML fragment.
52			* @type HTMLPurifier_ElementDef
53			*/
54			public $info_parent_def;
55
56			/**
57			* String name of element used to wrap inline elements in block context.
58			* @type string
59			* @note This is rarely used except for BLOCKQUOTEs in strict mode
60			*/
61			public $info_block_wrapper = 'p';
62
63			/**
64			* Associative array of deprecated tag name to HTMLPurifier_TagTransform.
65			* @type array
66			*/
67			public $info_tag_transform = array();
68
69			/**
70			* Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
71			* @type HTMLPurifier_AttrTransform[]
72			*/
73			public $info_attr_transform_pre = array();
74
75			/**
76			* Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
77			* @type HTMLPurifier_AttrTransform[]
78			*/
79			public $info_attr_transform_post = array();
80
81			/**
82			* Nested lookup array of content set name (Block, Inline) to
83			* element name to whether or not it belongs in that content set.
84			* @type array
85			*/
86			public $info_content_sets = array();
87
88			/**
89			* Indexed list of HTMLPurifier_Injector to be used.
90			* @type HTMLPurifier_Injector[]
91			*/
92			public $info_injector = array();
93
94			/**
95			* Doctype object
96			* @type HTMLPurifier_Doctype
97			*/
98			public $doctype;
99
100
101
102			// RAW CUSTOMIZATION STUFF --------------------------------------------
103
104			/**
105			* Adds a custom attribute to a pre-existing element
106			* @note This is strictly convenience, and does not have a corresponding
107			* method in HTMLPurifier_HTMLModule
108			* @param string $element_name Element name to add attribute to
109			* @param string $attr_name Name of attribute
110			* @param mixed $def Attribute definition, can be string or object, see
111			* HTMLPurifier_AttrTypes for details
112			*/
113			public function addAttribute($element_name, $attr_name, $def)
114			{
115			$module = $this->getAnonymousModule();
116			if (!isset($module->info[$element_name])) {
117			$element = $module->addBlankElement($element_name);
118			} else {
119			$element = $module->info[$element_name];
120			}
121			$element->attr[$attr_name] = $def;
122			}
123
124			/**
125			* Adds a custom element to your HTML definition
126			* @see HTMLPurifier_HTMLModule::addElement() for detailed
127			* parameter and return value descriptions.
128			*/
129			public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array())
130			{
131			$module = $this->getAnonymousModule();
132			// assume that if the user is calling this, the element
133			// is safe. This may not be a good idea
134			$element = $module->addElement($element_name, $type, $contents, $attr_collections, $attributes);
135			return $element;
136			}
137
138			/**
139			* Adds a blank element to your HTML definition, for overriding
140			* existing behavior
141			* @param string $element_name
142			* @return HTMLPurifier_ElementDef
143			* @see HTMLPurifier_HTMLModule::addBlankElement() for detailed
144			* parameter and return value descriptions.
145			*/
146			public function addBlankElement($element_name)
147			{
148			$module = $this->getAnonymousModule();
149			$element = $module->addBlankElement($element_name);
150			return $element;
151			}
152
153			/**
154			* Retrieves a reference to the anonymous module, so you can
155			* bust out advanced features without having to make your own
156			* module.
157			* @return HTMLPurifier_HTMLModule
158			*/
159			public function getAnonymousModule()
160			{
161			if (!$this->_anonModule) {
162			$this->_anonModule = new HTMLPurifier_HTMLModule();
163			$this->_anonModule->name = 'Anonymous';
164			}
165			return $this->_anonModule;
166			}
167
168			private $_anonModule = null;
169
170			// PUBLIC BUT INTERNAL VARIABLES --------------------------------------
171
172			/**
173			* @type string
174			*/
175			public $type = 'HTML';
176
177			/**
178			* @type HTMLPurifier_HTMLModuleManager
179			*/
180			public $manager;
181
182			/**
183			* Performs low-cost, preliminary initialization.
184			*/
185			public function __construct()
186			{
187			$this->manager = new HTMLPurifier_HTMLModuleManager();
188			}
189
190			/**
191			* @param HTMLPurifier_Config $config
192			*/
193			protected function doSetup($config)
194			{
195			$this->processModules($config);
196			$this->setupConfigStuff($config);
197			unset($this->manager);
198
199			// cleanup some of the element definitions
200			foreach ($this->info as $k => $v) {
201			unset($this->info[$k]->content_model);
202			unset($this->info[$k]->content_model_type);
203			}
204			}
205
206			/**
207			* Extract out the information from the manager
208			* @param HTMLPurifier_Config $config
209			*/
210			protected function processModules($config)
211			{
212			if ($this->_anonModule) {
213			// for user specific changes
214			// this is late-loaded so we don't have to deal with PHP4
215			// reference wonky-ness
216			$this->manager->addModule($this->_anonModule);
217			unset($this->_anonModule);
218			}
219
220			$this->manager->setup($config);
221			$this->doctype = $this->manager->doctype;
222
223			foreach ($this->manager->modules as $module) {
224			foreach ($module->info_tag_transform as $k => $v) {
225			if ($v === false) {
226			unset($this->info_tag_transform[$k]);
227			} else {
228			$this->info_tag_transform[$k] = $v;
229			}
230			}
231			foreach ($module->info_attr_transform_pre as $k => $v) {
232			if ($v === false) {
233			unset($this->info_attr_transform_pre[$k]);
234			} else {
235			$this->info_attr_transform_pre[$k] = $v;
236			}
237			}
238			foreach ($module->info_attr_transform_post as $k => $v) {
239			if ($v === false) {
240			unset($this->info_attr_transform_post[$k]);
241			} else {
242			$this->info_attr_transform_post[$k] = $v;
243			}
244			}
245			foreach ($module->info_injector as $k => $v) {
246			if ($v === false) {
247			unset($this->info_injector[$k]);
248			} else {
249			$this->info_injector[$k] = $v;
250			}
251			}
252			}
253			$this->info = $this->manager->getElements();
254			$this->info_content_sets = $this->manager->contentSets->lookup;
255			}
256
257			/**
258			* Sets up stuff based on config. We need a better way of doing this.
259			* @param HTMLPurifier_Config $config
260			*/
261			protected function setupConfigStuff($config)
262			{
263			$block_wrapper = $config->get('HTML.BlockWrapper');
264			if (isset($this->info_content_sets['Block'][$block_wrapper])) {
265			$this->info_block_wrapper = $block_wrapper;
266			} else {
267			trigger_error(
268			'Cannot use non-block element as block wrapper',
269			E_USER_ERROR
270			);
271			}
272
273			$parent = $config->get('HTML.Parent');
274			$def = $this->manager->getElement($parent, true);
275			if ($def) {
276			$this->info_parent = $parent;
277			$this->info_parent_def = $def;
278			} else {
279			trigger_error(
280			'Cannot use unrecognized element as parent',
281			E_USER_ERROR
282			);
283			$this->info_parent_def = $this->manager->getElement($this->info_parent, true);
284			}
285
286			// support template text
287			$support = "(for information on implementing this, see the support forums) ";
288
289			// setup allowed elements -----------------------------------------
290
291			$allowed_elements = $config->get('HTML.AllowedElements');
292			$allowed_attributes = $config->get('HTML.AllowedAttributes'); // retrieve early
293
294			if (!is_array($allowed_elements) && !is_array($allowed_attributes)) {
295			$allowed = $config->get('HTML.Allowed');
296			if (is_string($allowed)) {
297			list($allowed_elements, $allowed_attributes) = $this->parseTinyMCEAllowedList($allowed);
298			}
299			}
300
301			if (is_array($allowed_elements)) {
302			foreach ($this->info as $name => $d) {
303			if (!isset($allowed_elements[$name])) {
304			unset($this->info[$name]);
305			}
306			unset($allowed_elements[$name]);
307			}
308			// emit errors
309			foreach ($allowed_elements as $element => $d) {
310			$element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
311			trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
312			}
313			}
314
315			// setup allowed attributes ---------------------------------------
316
317			$allowed_attributes_mutable = $allowed_attributes; // by copy!
318			if (is_array($allowed_attributes)) {
319			// This actually doesn't do anything, since we went away from
320			// global attributes. It's possible that userland code uses
321			// it, but HTMLModuleManager doesn't!
322			foreach ($this->info_global_attr as $attr => $x) {
323			$keys = array($attr, "@$attr", ".$attr");
324			$delete = true;
325			foreach ($keys as $key) {
326			if ($delete && isset($allowed_attributes[$key])) {
327			$delete = false;
328			}
329			if (isset($allowed_attributes_mutable[$key])) {
330			unset($allowed_attributes_mutable[$key]);
331			}
332			}
333			if ($delete) {
334			unset($this->info_global_attr[$attr]);
335			}
336			}
337
338			foreach ($this->info as $tag => $info) {
339			foreach ($info->attr as $attr => $x) {
340			$keys = array("$tag@$attr", $attr, "@$attr", "$tag.$attr", ".$attr");
341			$delete = true;
342			foreach ($keys as $key) {
343			if ($delete && isset($allowed_attributes[$key])) {
344			$delete = false;
345			}
346			if (isset($allowed_attributes_mutable[$key])) {
347			unset($allowed_attributes_mutable[$key]);
348			}
349			}
350			if ($delete) {
351			if ($this->info[$tag]->attr[$attr]->required) {
352			trigger_error(
353			"Required attribute '$attr' in element '$tag' " .
354			"was not allowed, which means '$tag' will not be allowed either",
355			E_USER_WARNING
356			);
357			}
358			unset($this->info[$tag]->attr[$attr]);
359			}
360			}
361			}
362			// emit errors
363			foreach ($allowed_attributes_mutable as $elattr => $d) {
364			$bits = preg_split('/[.@]/', $elattr, 2);
365			$c = count($bits);
366			switch ($c) {
367			case 2:
368			if ($bits[0] !== '*') {
369			$element = htmlspecialchars($bits[0]);
370			$attribute = htmlspecialchars($bits[1]);
371			if (!isset($this->info[$element])) {
372			trigger_error(
373			"Cannot allow attribute '$attribute' if element " .
374			"'$element' is not allowed/supported $support"
375			);
376			} else {
377			trigger_error(
378			"Attribute '$attribute' in element '$element' not supported $support",
379			E_USER_WARNING
380			);
381			}
382			break;
383			}
384			// otherwise fall through
385			case 1:
386			$attribute = htmlspecialchars($bits[0]);
387			trigger_error(
388			"Global attribute '$attribute' is not ".
389			"supported in any elements $support",
390			E_USER_WARNING
391			);
392			break;
393			}
394			}
395			}
396
397			// setup forbidden elements ---------------------------------------
398
399			$forbidden_elements = $config->get('HTML.ForbiddenElements');
400			$forbidden_attributes = $config->get('HTML.ForbiddenAttributes');
401
402			foreach ($this->info as $tag => $info) {
403			if (isset($forbidden_elements[$tag])) {
404			unset($this->info[$tag]);
405			continue;
406			}
407			foreach ($info->attr as $attr => $x) {
408			if (isset($forbidden_attributes["$tag@$attr"]) \|\|
409			isset($forbidden_attributes["*@$attr"]) \|\|
410			isset($forbidden_attributes[$attr])
411			) {
412			unset($this->info[$tag]->attr[$attr]);
413			continue;
414			} elseif (isset($forbidden_attributes["$tag.$attr"])) { // this segment might get removed eventually
415			// $tag.$attr are not user supplied, so no worries!
416			trigger_error(
417			"Error with $tag.$attr: tag.attr syntax not supported for " .
418			"HTML.ForbiddenAttributes; use tag@attr instead",
419			E_USER_WARNING
420			);
421			}
422			}
423			}
424			foreach ($forbidden_attributes as $key => $v) {
425			if (strlen($key) < 2) {
426			continue;
427			}
428			if ($key[0] != '*') {
429			continue;
430			}
431			if ($key[1] == '.') {
432			trigger_error(
433			"Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead",
434			E_USER_WARNING
435			);
436			}
437			}
438
439			// setup injectors -----------------------------------------------------
440			foreach ($this->info_injector as $i => $injector) {
441			if ($injector->checkNeeded($config) !== false) {
442			// remove injector that does not have it's required
443			// elements/attributes present, and is thus not needed.
444			unset($this->info_injector[$i]);
445			}
446			}
447			}
448
449			/**
450			* Parses a TinyMCE-flavored Allowed Elements and Attributes list into
451			* separate lists for processing. Format is element[attr1\|attr2],element2...
452			* @warning Although it's largely drawn from TinyMCE's implementation,
453			* it is different, and you'll probably have to modify your lists
454			* @param array $list String list to parse
455			* @return array
456			* @todo Give this its own class, probably static interface
457			*/
458			public function parseTinyMCEAllowedList($list)
459			{
460			$list = str_replace(array(' ', "\t"), '', $list);
461
462			$elements = array();
463			$attributes = array();
464
465			$chunks = preg_split('/(,\|[\n\r]+)/', $list);
466			foreach ($chunks as $chunk) {
467			if (empty($chunk)) {
468			continue;
469			}
470			// remove TinyMCE element control characters
471			if (!strpos($chunk, '[')) {
472			$element = $chunk;
473			$attr = false;
474			} else {
475			list($element, $attr) = explode('[', $chunk);
476			}
477			if ($element !== '*') {
478			$elements[$element] = true;
479			}
480			if (!$attr) {
481			continue;
482			}
483			$attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ]
484			$attr = explode('\|', $attr);
485			foreach ($attr as $key) {
486			$attributes["$element.$key"] = true;
487			}
488			}
489			return array($elements, $attributes);
490			}
491			}
492
493			// vim: et sw=4 sts=4
494

BOINC / boinc