1
|
|
|
<?php |
2
|
|
|
## |
3
|
|
|
## Plugin for htmlArea, to run code through the server's HTML Tidy |
4
|
|
|
## By Adam Wright, for The University of Western Australia |
5
|
|
|
## This is the server-side script, which dirty code is run through. |
6
|
|
|
## |
7
|
|
|
## Distributed under the same terms as HTMLArea itself. |
8
|
|
|
## This notice MUST stay intact for use (see license.txt). |
9
|
|
|
## |
10
|
|
|
|
11
|
|
|
// Get the original source |
12
|
|
|
$source = $_POST['htisource_name']; |
13
|
|
|
$source = stripslashes($source); |
14
|
|
|
$cwd = str_replace("\\", '/', getcwd()) . '/'; |
15
|
|
|
|
16
|
|
|
// Open a tidy process - I hope it's installed! |
17
|
|
|
$descriptorspec = [ |
18
|
|
|
0 => ['pipe', 'r'], |
19
|
|
|
1 => ['pipe', 'w'] |
20
|
|
|
]; |
21
|
|
|
$process = @proc_open("tidy -utf8 -config {$cwd}html-tidy-config.cfg", $descriptorspec, $pipes); |
22
|
|
|
|
23
|
|
|
// Make sure the program started and we got the hooks... |
24
|
|
|
// Either way, get some source code into $source |
25
|
|
|
if (is_resource($process)) { |
26
|
|
|
// Feed untidy source into the stdin |
27
|
|
|
fwrite($pipes[0], $source); |
28
|
|
|
fclose($pipes[0]); |
29
|
|
|
|
30
|
|
|
// Read clean source out to the browser |
31
|
|
|
while (!feof($pipes[1])) { |
32
|
|
|
//echo fgets($pipes[1], 1024); |
33
|
|
|
$newsrc .= fgets($pipes[1], 1024); |
34
|
|
|
} |
35
|
|
|
fclose($pipes[1]); |
36
|
|
|
|
37
|
|
|
// Clean up after ourselves |
38
|
|
|
proc_close($process); |
39
|
|
|
} else { |
40
|
|
|
/* Use tidy if it's available from PECL */ |
41
|
|
|
if (function_exists('tidy_parse_string')) { |
42
|
|
|
$tempsrc = tidy_parse_string($source); |
43
|
|
|
tidy_clean_repair(); |
|
|
|
|
44
|
|
|
$newsrc = tidy_get_output(); |
|
|
|
|
45
|
|
|
} else { |
46
|
|
|
// Better give them back what they came with, so they don't lose it all... |
47
|
|
|
$newsrc = "<body>\n" . $source . "\n</body>"; |
48
|
|
|
} |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
// Split our source into an array by lines |
52
|
|
|
$srcLines = preg_split("/\n/", $newsrc, -1, PREG_SPLIT_NO_EMPTY); |
53
|
|
|
|
54
|
|
|
// Get only the lines between the body tags |
55
|
|
|
$startLn = 0; |
56
|
|
|
while (false === strpos($srcLines[$startLn++], '<body') && $startLn < sizeof($srcLines)) { |
57
|
|
|
; |
58
|
|
|
} |
59
|
|
|
$endLn = $startLn; |
60
|
|
|
while (false === strpos($srcLines[$endLn++], '</body') && $endLn < sizeof($srcLines)) { |
61
|
|
|
; |
62
|
|
|
} |
63
|
|
|
|
64
|
|
|
$srcLines = array_slice($srcLines, $startLn, ($endLn - $startLn - 1)); |
65
|
|
|
|
66
|
|
|
// Create a set of javascript code to compile a new source string |
67
|
|
|
foreach ($srcLines as $line) { |
68
|
|
|
$jsMakeSrc .= "\tns += '" . str_replace("'", "\'", $line) . "\\n';\n"; |
69
|
|
|
} |
70
|
|
|
if (!sizeof($srcLines)) { |
71
|
|
|
echo "alert(HTMLArea._lc('Tidy failed. Check your HTML for syntax errors.', 'HtmlTidy'));\n"; |
72
|
|
|
} else { |
73
|
|
|
?> |
74
|
|
|
var ns=""; |
75
|
|
|
<?php echo $jsMakeSrc; ?> |
76
|
|
|
editor.setHTML(ns); |
77
|
|
|
<? } ?> |
|
|
|
|
78
|
|
|
|
This check compares calls to functions or methods with their respective definitions. If the call has less arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.