Completed
Pull Request — master (#6)
by
unknown
07:57
created

htmLawed.php ➔ hl_attrval()   F

Complexity

Conditions 30
Paths 5184

Size

Total Lines 82
Code Lines 63

Duplication

Lines 20
Ratio 24.39 %

Code Coverage

Tests 1
CRAP Score 30

Importance

Changes 0
Metric Value
cc 30
eloc 63
nc 5184
nop 3
dl 20
loc 82
ccs 1
cts 1
cp 1
crap 30
rs 2.2956
c 0
b 0
f 0

How to fix   Long Method    Complexity   

Long Method

Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.

For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.

Commonly applied refactorings include:

1
<?php
2
3
/*
4
htmLawed 1.2, 11 February 2017
5
Copyright Santosh Patnaik
6
Dual licensed with LGPL 3 and GPL 2+
7
A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed
8
9
See htmLawed_README.txt/htm
10
*/
11
12
/**
13
 * @param string $t
14
 * @param int|array $C
15
 * @param array|string $S
16
 * @return string
17
 */
18
function htmLawed($t, $C = 1, $S = array()) {
19 1702
    $C = is_array($C) ? $C : array();
20 1702
    if (!empty($C['valid_xhtml'])) {
21
        $C['elements'] = empty($C['elements']) ? '*-acronym-big-center-dir-font-isindex-s-strike-tt' : $C['elements'];
22
        $C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 2;
23
        $C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 2;
24
    }
25
// config eles
26 1702
    $e = array('a' => 1, 'abbr' => 1, 'acronym' => 1, 'address' => 1, 'applet' => 1, 'area' => 1, 'article' => 1, 'aside' => 1, 'audio' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'blockquote' => 1, 'br' => 1, 'button' => 1, 'canvas' => 1, 'caption' => 1, 'center' => 1, 'cite' => 1, 'code' => 1, 'col' => 1, 'colgroup' => 1, 'command' => 1, 'data' => 1, 'datalist' => 1, 'dd' => 1, 'del' => 1, 'details' => 1, 'dfn' => 1, 'dir' => 1, 'div' => 1, 'dl' => 1, 'dt' => 1, 'em' => 1, 'embed' => 1, 'fieldset' => 1, 'figcaption' => 1, 'figure' => 1, 'font' => 1, 'footer' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'header' => 1, 'hgroup' => 1, 'hr' => 1, 'i' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'ins' => 1, 'isindex' => 1, 'kbd' => 1, 'keygen' => 1, 'label' => 1, 'legend' => 1, 'li' => 1, 'link' => 1, 'main' => 1, 'map' => 1, 'mark' => 1, 'menu' => 1, 'meta' => 1, 'meter' => 1, 'nav' => 1, 'noscript' => 1, 'object' => 1, 'ol' => 1, 'optgroup' => 1, 'option' => 1, 'output' => 1, 'p' => 1, 'param' => 1, 'pre' => 1, 'progress' => 1, 'q' => 1, 'rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1, 'ruby' => 1, 's' => 1, 'samp' => 1, 'script' => 1, 'section' => 1, 'select' => 1, 'small' => 1, 'source' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'style' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'textarea' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'time' => 1, 'tr' => 1, 'track' => 1, 'tt' => 1, 'u' => 1, 'ul' => 1, 'var' => 1, 'video' => 1, 'wbr' => 1); // 118 incl. deprecated & some Ruby
27 1702
28 559
    if (!empty($C['safe'])) {
29
        unset($e['applet'], $e['audio'], $e['canvas'], $e['embed'], $e['iframe'], $e['object'], $e['script'], $e['video']);
30 1702
    }
31 1702
    $x = !empty($C['elements']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['elements']) : '*';
32
    if ($x == '-*') {
33 1702
        $e = array();
34
    } elseif (strpos($x, '*') === false) {
35
        $e = array_flip(explode(',', $x));
36 1702
    } else {
37 1143
        if (isset($x[1])) {
38 1143
            preg_match_all('`(?:^|-|\+)[^\-+]+?(?=-|\+|$)`', $x, $m, PREG_SET_ORDER);
39 1143
            for ($i = count($m); --$i >= 0;) {
40
                $m[$i] = $m[$i][0];
41 1143
            }
42 1143
            foreach ($m as $v) {
0 ignored issues
show
Bug introduced by
The expression $m of type null|array<integer,array<integer,string>> is not guaranteed to be traversable. How about adding an additional type check?

There are different options of fixing this problem.

  1. If you want to be on the safe side, you can add an additional type-check:

    $collection = json_decode($data, true);
    if ( ! is_array($collection)) {
        throw new \RuntimeException('$collection must be an array.');
    }
    
    foreach ($collection as $item) { /** ... */ }
    
  2. If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:

    /** @var array $collection */
    $collection = json_decode($data, true);
    
    foreach ($collection as $item) { /** .. */ }
    
  3. Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.

Loading history...
43
                if ($v[0] == '+') {
44
                    $e[substr($v, 1)] = 1;
45 1143
                }
46 1143
                if ($v[0] == '-' && isset($e[($v = substr($v, 1))]) && !in_array('+'.$v, $m)) {
47
                    unset($e[$v]);
48
                }
49
            }
50
        }
51 1702
    }
52
    $C['elements'] =& $e;
53 1702
// config attrs
54 1702
    $x = !empty($C['deny_attribute']) ? strtolower(str_replace(array("\n", "\r", "\t", ' '), '', $C['deny_attribute'])) : '';
55 1702
    $x = array_flip((isset($x[0]) && $x[0] == '*') ? str_replace('/', 'data-', explode('-', str_replace('data-', '/', $x))) : explode(',', $x.(!empty($C['safe']) ? ',on*' : '')));
56 1702
    $C['deny_attribute'] = $x;
57 1702
// config URLs
58
    $x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, tel, telnet'.(empty($C['safe']) ? ', app, javascript; *: data, javascript, ' : '; *:').'file, http, https';
59 1702
    $C['schemes'] = array();
60
    foreach (explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v) {
61 1702
        $x = $x2 = null;
62 1702
        list($x, $x2) = explode(':', $v, 2);
63 1702
        if ($x2) {
64 1702
            $C['schemes'][$x] = array_flip(explode(',', $x2));
65 1702
        }
66 1702
    }
67 1702
    if (!isset($C['schemes']['*'])) {
68
        $C['schemes']['*'] = array('file' => 1, 'http' => 1, 'https' => 1);
69
        if (empty($C['safe'])) {
70 1702
            $C['schemes']['*'] += array('data' => 1, 'javascript' => 1);
71
        }
72
    }
73 1702
    if (!empty($C['safe']) && empty($C['schemes']['style'])) {
74 559
        $C['schemes']['style'] = array('!' => 1);
75
    }
76 1702
    $C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0;
77 1702
    if (!isset($C['base_url']) or !preg_match('`^[a-zA-Z\d.+\-]+://[^/]+/(.+?/)?$`', $C['base_url'])) {
78 1702
        $C['base_url'] = $C['abs_url'] = 0;
79
    }
80
// config rest
81 1702
    $C['and_mark'] = empty($C['and_mark']) ? 0 : 1;
82 1702
    $C['anti_link_spam'] = (isset($C['anti_link_spam']) && is_array($C['anti_link_spam']) && count($C['anti_link_spam']) == 2 && (empty($C['anti_link_spam'][0]) or hl_regex($C['anti_link_spam'][0])) && (empty($C['anti_link_spam'][1]) or hl_regex($C['anti_link_spam'][1]))) ? $C['anti_link_spam'] : 0;
83 1702
    $C['anti_mail_spam'] = isset($C['anti_mail_spam']) ? $C['anti_mail_spam'] : 0;
84 1702
    $C['balance'] = isset($C['balance']) ? (bool)$C['balance'] : 1;
85 1702
    $C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0);
86 1702
    $C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char'];
87 1702
    $C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0);
88 1702
    $C['css_expression'] = empty($C['css_expression']) ? 0 : 1;
89 1702
    $C['direct_list_nest'] = empty($C['direct_list_nest']) ? 0 : 1;
90 1702
    $C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1;
91 1702
    $C['hook'] = (!empty($C['hook']) && function_exists($C['hook'])) ? $C['hook'] : 0;
92 1702
    $C['hook_tag'] = (!empty($C['hook_tag']) && function_exists($C['hook_tag'])) ? $C['hook_tag'] : 0;
93 1702
    $C['keep_bad'] = isset($C['keep_bad']) ? $C['keep_bad'] : 6;
94 1702
    $C['lc_std_val'] = isset($C['lc_std_val']) ? (bool)$C['lc_std_val'] : 1;
95 1702
    $C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 1;
96 1702
    $C['named_entity'] = isset($C['named_entity']) ? (bool)$C['named_entity'] : 1;
97 1702
    $C['no_deprecated_attr'] = isset($C['no_deprecated_attr']) ? $C['no_deprecated_attr'] : 1;
98 1702
    $C['parent'] = isset($C['parent'][0]) ? strtolower($C['parent']) : 'body';
99 1702
    $C['show_setting'] = !empty($C['show_setting']) ? $C['show_setting'] : 0;
100 1702
    $C['style_pass'] = empty($C['style_pass']) ? 0 : 1;
101 1702
    $C['tidy'] = empty($C['tidy']) ? 0 : $C['tidy'];
102 1702
    $C['unique_ids'] = isset($C['unique_ids']) && (!preg_match('`\W`', $C['unique_ids'])) ? $C['unique_ids'] : 1;
103 1702
    $C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 0;
104
105 1702
    if (isset($GLOBALS['C'])) {
106 1701
        $reC = $GLOBALS['C'];
107
    }
108 1702
    $GLOBALS['C'] = $C;
109 1702
    $S = is_array($S) ? $S : hl_spec($S);
110 1702
    if (isset($GLOBALS['S'])) {
111 1701
        $reS = $GLOBALS['S'];
112
    }
113 1702
    $GLOBALS['S'] = $S;
114
115 1702
    $t = preg_replace('`[\x00-\x08\x0b-\x0c\x0e-\x1f]`', '', $t);
116 1702
    if ($C['clean_ms_char']) {
117
        $x = array("\x7f" => '', "\x80" => '&#8364;', "\x81" => '', "\x83" => '&#402;', "\x85" => '&#8230;', "\x86" => '&#8224;', "\x87" => '&#8225;', "\x88" => '&#710;', "\x89" => '&#8240;', "\x8a" => '&#352;', "\x8b" => '&#8249;', "\x8c" => '&#338;', "\x8d" => '', "\x8e" => '&#381;', "\x8f" => '', "\x90" => '', "\x95" => '&#8226;', "\x96" => '&#8211;', "\x97" => '&#8212;', "\x98" => '&#732;', "\x99" => '&#8482;', "\x9a" => '&#353;', "\x9b" => '&#8250;', "\x9c" => '&#339;', "\x9d" => '', "\x9e" => '&#382;', "\x9f" => '&#376;');
118
        $x = $x + ($C['clean_ms_char'] == 1 ? array("\x82" => '&#8218;', "\x84" => '&#8222;', "\x91" => '&#8216;', "\x92" => '&#8217;', "\x93" => '&#8220;', "\x94" => '&#8221;') : array("\x82" => '\'', "\x84" => '"', "\x91" => '\'', "\x92" => '\'', "\x93" => '"', "\x94" => '"'));
119
        $t = strtr($t, $x);
120
    }
121 1702
    if ($C['cdata'] or $C['comment']) {
122 1143
        $t = preg_replace_callback('`<!(?:(?:--.*?--)|(?:\[CDATA\[.*?\]\]))>`sm', 'hl_cmtcd', $t);
123
    }
124 1702
    $t = preg_replace_callback('`&amp;([a-zA-Z][a-zA-Z0-9]{1,30}|#(?:[0-9]{1,8}|[Xx][0-9A-Fa-f]{1,7}));`', 'hl_ent', str_replace('&', '&amp;', $t));
125 1702
    if ($C['unique_ids'] && !isset($GLOBALS['hl_Ids'])) {
126 1
        $GLOBALS['hl_Ids'] = array();
127
    }
128 1702
    if ($C['hook']) {
129
        $t = $C['hook']($t, $C, $S);
130
    }
131 1702
    if ($C['show_setting'] && preg_match('`^[a-z][a-z0-9_]*$`i', $C['show_setting'])) {
132
        $GLOBALS[$C['show_setting']] = array('config' => $C, 'spec' => $S, 'time' => microtime());
133
    }
134
// main
135 1702
    $t = preg_replace_callback('`<(?:(?:\s|$)|(?:[^>]*(?:>|$)))|>`m', 'hl_tag', $t);
136 1702
    $t = $C['balance'] ? hl_bal($t, $C['keep_bad'], $C['parent']) : $t;
137 1702
    $t = (($C['cdata'] or $C['comment']) && strpos($t, "\x01") !== false) ? str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05"), array('', '', '&', '<', '>'), $t) : $t;
138 1702
    $t = $C['tidy'] ? hl_tidy($t, $C['tidy'], $C['parent']) : $t;
139 1702
    unset($C, $e);
140 1702
    if (isset($reC)) {
141 1701
        $GLOBALS['C'] = $reC;
142
    }
143 1702
    if (isset($reS)) {
144 1701
        $GLOBALS['S'] = $reS;
145
    }
146 1702
    return $t;
147
}
148
149
function hl_attrval($a, $t, $p) {
150
// check attr val against $S
151
    static $ma = array('accesskey', 'class', 'itemtype', 'rel');
152
    $s = in_array($a, $ma) ? ' ' : ($a == 'srcset' ? ',' : '');
153
    $r = array();
154
    $t = !empty($s) ? explode($s, $t) : array($t);
155
    foreach ($t as $tk => $tv) {
156
    $o = 1;
157
        $tv = trim($tv);
158
        $l = strlen($tv);
159
    foreach ($p as $k => $v) {
160
            if (!$l) {
161
                continue;
162
            }
163
        switch ($k) {
164
            case 'maxlen':
165
                if ($l > $v) {
166
                    $o = 0;
167
                }
168
                break;
169
            case 'minlen':
170
                if ($l < $v) {
171
                    $o = 0;
172
                }
173
                break;
174
            case 'maxval':
175
                    if ((float)($tv) > $v) {
176
                    $o = 0;
177
                }
178
                break;
179
            case 'minval':
180
                    if ((float)($tv) < $v) {
181
                    $o = 0;
182
                }
183
                break;
184
            case 'match':
185
                    if (!preg_match($v, $tv)) {
186
                    $o = 0;
187
                }
188
                break;
189
            case 'nomatch':
190
                    if (preg_match($v, $tv)) {
191
                    $o = 0;
192
                }
193
                break;
194 View Code Duplication
            case 'oneof':
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
195
                $m = 0;
196
                foreach (explode('|', $v) as $n) {
197
                        if ($tv == $n) {
198
                        $m = 1;
199
                        break;
200
                    }
201
                }
202
                $o = $m;
203
                break;
204 View Code Duplication
            case 'noneof':
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
205
                $m = 1;
206
                foreach (explode('|', $v) as $n) {
207
                        if ($tv == $n) {
208
                        $m = 0;
209
                        break;
210
                    }
211
                }
212
                $o = $m;
213
                break;
214
            default:
215
                break;
216
        }
217
        if (!$o) {
218
            break;
219
        }
220
    }
221
        if ($o) {
222
            $r[] = $tv;
223
        }
224
    }
225
    if ($s == ',') {
226
        $s = ', ';
227
    }
228
    $r = implode($s, $r);
229
    return (isset($r[0]) ? $r : (isset($p['default']) ? $p['default'] : 0));
230 1702
}
231 1702
232 1702
function hl_bal($t, $do = 1, $in = 'div') {
233 1702
// balance tags
234 1702
// by content
235 1702
    $cB = array('form' => 1, 'map' => 1, 'noscript' => 1); // Block
236 1702
    $cE = array('area' => 1, 'br' => 1, 'col' => 1, 'command' => 1, 'embed' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'isindex' => 1, 'keygen' => 1, 'link' => 1, 'meta' => 1, 'param' => 1, 'source' => 1, 'track' => 1, 'wbr' => 1); // Empty
237 1702
    $cF = array('a' => 1, 'article' => 1, 'aside' => 1, 'audio' => 1, 'button' => 1, 'canvas' => 1, 'del' => 1, 'details' => 1, 'div' => 1, 'dd' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'header' => 1, 'iframe' => 1, 'ins' => 1, 'li' => 1, 'main' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'object' => 1, 'section' => 1, 'style' => 1, 'td' => 1, 'th' => 1, 'video' => 1); // Flow; later context-wise dynamic move of ins & del to $cI
238 1702
    $cI = array('abbr' => 1, 'acronym' => 1, 'address' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'caption' => 1, 'cite' => 1, 'code' => 1, 'data' => 1, 'datalist' => 1, 'dfn' => 1, 'dt' => 1, 'em' => 1, 'figcaption' => 1, 'font' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hgroup' => 1, 'i' => 1, 'kbd' => 1, 'label' => 1, 'legend' => 1, 'mark' => 1, 'meter' => 1, 'output' => 1, 'p' => 1, 'pre' => 1, 'progress' => 1, 'q' => 1, 'rb' => 1, 'rt' => 1, 's' => 1, 'samp' => 1, 'small' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'time' => 1, 'tt' => 1, 'u' => 1, 'var' => 1); // Inline
239 584
    $cN = array('a' => array('a' => 1, 'address' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'keygen' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'address' => array('address' => 1, 'article' => 1, 'aside' => 1, 'header' => 1, 'keygen' => 1, 'footer' => 1, 'nav' => 1, 'section' => 1), 'button' => array('a' => 1, 'address' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'fieldset' => 1, 'form' => 1, 'iframe' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'fieldset' => array('fieldset' => 1), 'footer' => array('header' => 1, 'footer' => 1), 'form' => array('form' => 1), 'header' => array('header' => 1, 'footer' => 1), 'label' => array('label' => 1), 'main' => array('main' => 1), 'meter' => array('meter' => 1), 'noscript' => array('script' => 1), 'pre' => array('big' => 1, 'font' => 1, 'img' => 1, 'object' => 1, 'script' => 1, 'small' => 1, 'sub' => 1, 'sup' => 1), 'progress' => array('progress' => 1), 'rb' => array('ruby' => 1), 'rt' => array('ruby' => 1), 'time' => array('time' => 1),); // Illegal
240
    $cN2 = array_keys($cN);
241 1702
    $cS = array('colgroup' => array('col' => 1), 'datalist' => array('option' => 1), 'dir' => array('li' => 1), 'dl' => array('dd' => 1, 'dt' => 1), 'hgroup' => array('h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1), 'menu' => array('li' => 1), 'ol' => array('li' => 1), 'optgroup' => array('option' => 1), 'option' => array('#pcdata' => 1), 'rbc' => array('rb' => 1), 'rp' => array('#pcdata' => 1), 'rtc' => array('rt' => 1), 'ruby' => array('rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1), 'select' => array('optgroup' => 1, 'option' => 1), 'script' => array('#pcdata' => 1), 'table' => array('caption' => 1, 'col' => 1, 'colgroup' => 1, 'tfoot' => 1, 'tbody' => 1, 'tr' => 1, 'thead' => 1), 'tbody' => array('tr' => 1), 'tfoot' => array('tr' => 1), 'textarea' => array('#pcdata' => 1), 'thead' => array('tr' => 1), 'tr' => array('td' => 1, 'th' => 1), 'ul' => array('li' => 1)); // Specific - immediate parent-child
242 1702
    if ($GLOBALS['C']['direct_list_nest']) {
243
        $cS['ol'] = $cS['ul'] = $cS['menu'] += array('menu' => 1, 'ol' => 1, 'ul' => 1);
244 1702
    }
245 1702
    $cO = array('address' => array('p' => 1), 'applet' => array('param' => 1), 'audio' => array('source' => 1, 'track' => 1), 'blockquote' => array('script' => 1), 'details' => array('summary' => 1), 'fieldset' => array('legend' => 1, '#pcdata' => 1), 'figure' => array('figcaption' => 1), 'form' => array('script' => 1), 'map' => array('area' => 1), 'object' => array('param' => 1, 'embed' => 1), 'video' => array('source' => 1, 'track' => 1)); // Other
246 1702
    $cT = array('colgroup' => 1, 'dd' => 1, 'dt' => 1, 'li' => 1, 'option' => 1, 'p' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1); // Omitable closing
247 1702
// block/inline type; a/ins/del both type; #pcdata: text
248 1702
    $eB = array('a' => 1, 'address' => 1, 'article' => 1, 'aside' => 1, 'blockquote' => 1, 'center' => 1, 'del' => 1, 'details' => 1, 'dir' => 1, 'dl' => 1, 'div' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'form' => 1, 'ins' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'header' => 1, 'hr' => 1, 'isindex' => 1, 'main' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'ol' => 1, 'p' => 1, 'pre' => 1, 'section' => 1, 'style' => 1, 'table' => 1, 'ul' => 1);
249
    $eI = array('#pcdata' => 1, 'a' => 1, 'abbr' => 1, 'acronym' => 1, 'applet' => 1, 'audio' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'br' => 1, 'button' => 1, 'canvas' => 1, 'cite' => 1, 'code' => 1, 'command' => 1, 'data' => 1, 'datalist' => 1, 'del' => 1, 'dfn' => 1, 'em' => 1, 'embed' => 1, 'figcaption' => 1, 'font' => 1, 'i' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'ins' => 1, 'kbd' => 1, 'label' => 1, 'link' => 1, 'map' => 1, 'mark' => 1, 'meta' => 1, 'meter' => 1, 'object' => 1, 'output' => 1, 'progress' => 1, 'q' => 1, 'ruby' => 1, 's' => 1, 'samp' => 1, 'select' => 1, 'script' => 1, 'small' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'textarea' => 1, 'time' => 1, 'tt' => 1, 'u' => 1, 'var' => 1, 'video' => 1, 'wbr' => 1);
250
    $eN = array('a' => 1, 'address' => 1, 'article' => 1, 'aside' => 1, 'big' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'fieldset' => 1, 'font' => 1, 'footer' => 1, 'form' => 1, 'header' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'meter' => 1, 'nav' => 1, 'object' => 1, 'progress' => 1, 'ruby' => 1, 'script' => 1, 'select' => 1, 'small' => 1, 'sub' => 1, 'sup' => 1, 'textarea' => 1, 'time' => 1); // Exclude from specific ele; $cN values
251 1702
    $eO = array('area' => 1, 'caption' => 1, 'col' => 1, 'colgroup' => 1, 'command' => 1, 'dd' => 1, 'dt' => 1, 'hgroup' => 1, 'keygen' => 1, 'legend' => 1, 'li' => 1, 'optgroup' => 1, 'option' => 1, 'param' => 1, 'rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1, 'script' => 1, 'source' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'thead' => 1, 'th' => 1, 'tr' => 1, 'track' => 1); // Missing in $eB & $eI
252 1702
    $eF = $eB + $eI;
253
254
// $in sets allowed child
255 1702
    $in = ((isset($eF[$in]) && $in != '#pcdata') or isset($eO[$in])) ? $in : 'div';
256
    if (isset($cE[$in])) {
257 1702
        return (!$do ? '' : str_replace(array('<', '>'), array('&lt;', '&gt;'), $t));
258
    }
259
    if (isset($cS[$in])) {
260
        $inOk = $cS[$in];
261 1702
    } elseif (isset($cI[$in])) {
262 1702
        $inOk = $eI;
263 1702
        $cI['del'] = 1;
264
        $cI['ins'] = 1;
265
    } elseif (isset($cF[$in])) {
266
        $inOk = $eF;
267
        unset($cI['del'], $cI['ins']);
268 1702
    } elseif (isset($cB[$in])) {
269
        $inOk = $eB;
270
        unset($cI['del'], $cI['ins']);
271 1702
    }
272
    if (isset($cO[$in])) {
273
        $inOk = $inOk + $cO[$in];
0 ignored issues
show
Bug introduced by
The variable $inOk does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
274
    }
275 1702
    if (isset($cN[$in])) {
276 1702
        $inOk = array_diff_assoc($inOk, $cN[$in]);
277 1702
    }
278
279 1702
    $t = explode('<', $t);
280
    $ok = $q = array(); // $q seq list of open non-empty ele
281 1702
    ob_start();
282 251
283 251
    for ($i = -1, $ci = count($t); ++$i < $ci;) {
284 251
        // allowed $ok in parent $p
285 27 View Code Duplication
        if ($ql = count($q)) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
286 230
            $p = array_pop($q);
287 194
            $q[] = $p;
288 194
            if (isset($cS[$p])) {
289 194
                $ok = $cS[$p];
290 38
            } elseif (isset($cI[$p])) {
291 37
                $ok = $eI;
292 37
                $cI['del'] = 1;
293 1
                $cI['ins'] = 1;
294
            } elseif (isset($cF[$p])) {
295
                $ok = $eF;
296
                unset($cI['del'], $cI['ins']);
297 251
            } elseif (isset($cB[$p])) {
298 1
                $ok = $eB;
299
                unset($cI['del'], $cI['ins']);
300 251
            }
301 251
            if (isset($cO[$p])) {
302
                $ok = $ok + $cO[$p];
303
            }
304 1702
            if (isset($cN[$p])) {
305 1702
                $ok = array_diff_assoc($ok, $cN[$p]);
306
            }
307
        } else {
308 1702
            $ok = $inOk;
309
            unset($cI['del'], $cI['ins']);
310
        }
311 1702
        // bad tags, & ele content
312 241 View Code Duplication
        if (isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
313
            echo '&lt;', $s, $e, $a, '&gt;';
0 ignored issues
show
Bug introduced by
The variable $s does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
Bug introduced by
The variable $a does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
314 241
        }
315 241 View Code Duplication
        if (isset($x[0])) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
316
            if (strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))) {
317
                echo '<div>', $x, '</div>';
318
            } elseif ($do < 3 or isset($ok['#pcdata'])) {
319
                echo $x;
320
            } elseif (strpos($x, "\x02\x04")) {
321
                foreach (preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v) {
322
                    echo(substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : ''));
323
                }
324
            } elseif ($do > 4) {
325 1702
                echo preg_replace('`\S`', '', $x);
326 1702
            }
327 1702
        }
328
        // get markup
329 787
        if (!preg_match('`^(/?)([a-z1-6]+)([^>]*)>(.*)`sm', $t[$i], $r)) {
330 787
            $x = $t[$i];
331 787
            continue;
332 787
        }
333 787
        $s = null;
334
        $e = null;
335 787
        $a = null;
336 249
        $x = null;
337 22
        list($all, $s, $e, $a, $x) = $r;
0 ignored issues
show
Unused Code introduced by
The assignment to $all is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
338
        // close tag
339 239
        if ($s) {
340 238
            if (isset($cE[$e]) or !in_array($e, $q)) {
341 238
                continue;
342 238
            } // Empty/unopen
343 238
            if ($p == $e) {
0 ignored issues
show
Bug introduced by
The variable $p does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
344
                array_pop($q);
345 1
                echo '</', $e, '>';
346 1
                unset($e);
347 1
                continue;
348 1
            } // Last open
349
            $add = ''; // Nesting - close open tags that need to be
350 1
            for ($j = -1, $cj = count($q); ++$j < $cj;) {
351
                if (($d = array_pop($q)) == $e) {
352
                    break;
353 1
                } else {
354 1
                    $add .= "</{$d}>";
355 1
                }
356
            }
357
            echo $add, '</', $e, '>';
358
            unset($e);
359 787
            continue;
360
        }
361
        // open tag
362
        // $cB ele needs $eB ele as child
363
        if (isset($cB[$e]) && strlen(trim($x))) {
364
            $t[$i] = "{$e}{$a}>";
365
            array_splice($t, $i + 1, 0, 'div>'.$x);
366
            unset($e, $x);
367 787
            ++$ci;
368
            --$i;
369
            continue;
370
        }
371
        if ((($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql)) && !isset($eB[$e]) && !isset($ok[$e])) {
372
            array_splice($t, $i, 0, 'div>');
373
            unset($e, $x);
374
            ++$ci;
375 787
            --$i;
376 787
            continue;
377 19
        }
378
        // if no open ele, $in = parent; mostly immediate parent-child relation should hold
379
        if (!$ql or !isset($eN[$e]) or !array_intersect($q, $cN2)) {
380
            if (!isset($ok[$e])) {
381
                if ($ql && isset($cT[$p])) {
382 19
                    echo '</', array_pop($q), '>';
383
                    unset($e, $x);
384 778
                    --$i;
385 768
                }
386 312
                continue;
387
            }
388 768
            if ($e !== 'span' || !empty($a)) {
389
                if (!isset($cE[$e])) {
390 778
                    $q[] = $e;
391 778
                }
392
                echo '<', $e, $a, '>';
393
            }
394
            unset($e);
395
            continue;
396
        }
397
        // specific parent-child
398
        if (isset($cS[$p][$e])) {
399
            if (!isset($cE[$e])) {
400
                $q[] = $e;
401
            }
402
            echo '<', $e, $a, '>';
403
            unset($e);
404
            continue;
405
        }
406
        // nesting
407
        $add = '';
408
        $q2 = array();
409
        for ($k = -1, $kc = count($q); ++$k < $kc;) {
410
            $d = $q[$k];
411
            $ok2 = array();
0 ignored issues
show
Unused Code introduced by
$ok2 is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
412
            if (isset($cS[$d])) {
413
                $q2[] = $d;
414
                continue;
415
            }
416
            $ok2 = isset($cI[$d]) ? $eI : $eF;
417
            if (isset($cO[$d])) {
418
                $ok2 = $ok2 + $cO[$d];
419
            }
420
            if (isset($cN[$d])) {
421
                $ok2 = array_diff_assoc($ok2, $cN[$d]);
422
            }
423
            if (!isset($ok2[$e])) {
424
                if (!$k && !isset($inOk[$e])) {
425
                    continue 2;
426
                }
427
                $add = "</{$d}>";
428
                for (; ++$k < $kc;) {
429
                    $add = "</{$q[$k]}>{$add}";
430
                }
431
                break;
432
            } else {
433
                $q2[] = $d;
434
            }
435
        }
436
        $q = $q2;
437
        if (!isset($cE[$e])) {
438
            $q[] = $e;
439
        }
440
        echo $add, '<', $e, $a, '>';
441
        unset($e);
442 1702
        continue;
443 110
    }
444 110
445 110
// end
446 28 View Code Duplication
    if ($ql = count($q)) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
447 83
        $p = array_pop($q);
448 11
        $q[] = $p;
449 11
        if (isset($cS[$p])) {
450 11
            $ok = $cS[$p];
451 73
        } elseif (isset($cI[$p])) {
452 73
            $ok = $eI;
453 73
            $cI['del'] = 1;
454
            $cI['ins'] = 1;
455
        } elseif (isset($cF[$p])) {
456
            $ok = $eF;
457
            unset($cI['del'], $cI['ins']);
458 110
        } elseif (isset($cB[$p])) {
459
            $ok = $eB;
460
            unset($cI['del'], $cI['ins']);
461 110
        }
462 110
        if (isset($cO[$p])) {
463
            $ok = $ok + $cO[$p];
464
        }
465 1629
        if (isset($cN[$p])) {
466 1629
            $ok = array_diff_assoc($ok, $cN[$p]);
467
        }
468 1702
    } else {
469
        $ok = $inOk;
470
        unset($cI['del'], $cI['ins']);
471 1702
    }
472 524 View Code Duplication
    if (isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
473
        echo '&lt;', $s, $e, $a, '&gt;';
474 524
    }
475 524 View Code Duplication
    if (isset($x[0])) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
476
        if (strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))) {
477
            echo '<div>', $x, '</div>';
478
        } elseif ($do < 3 or isset($ok['#pcdata'])) {
479
            echo $x;
480
        } elseif (strpos($x, "\x02\x04")) {
481
            foreach (preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v) {
482
                echo(substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : ''));
483
            }
484 1702
        } elseif ($do > 4) {
485 110
            echo preg_replace('`\S`', '', $x);
486
        }
487 1702
    }
488 1702
    while (!empty($q) && ($e = array_pop($q))) {
489 1702
        echo '</', $e, '>';
490
    }
491
    $o = ob_get_contents();
492
    ob_end_clean();
493
    return $o;
494
}
495 28
496 28
function hl_cmtcd($t) {
497 28
// comment/CDATA sec handler
498
    $t = $t[0];
499
    global $C;
500 28
    if (!($v = $C[$n = $t[3] == '-' ? 'comment' : 'cdata'])) {
501 28
        return $t;
502
    }
503
    if ($v == 1) {
504
        return '';
505
    }
506
    if ($n == 'comment') {
507
        if (substr(($t = preg_replace('`--+`', '-', substr($t, 4, -3))), -1) != ' ') {
508
            $t .= ' ';
509
        }
510
    } else {
511
        $t = substr($t, 1, -1);
512
    }
513
    $t = $v == 2 ? str_replace(array('&', '<', '>'), array('&amp;', '&lt;', '&gt;'), $t) : $t;
514
    return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), ($n == 'comment' ? "\x01\x02\x04!--$t--\x05\x02\x01" : "\x01\x01\x04$t\x05\x01\x01"));
515
}
516
517 244
function hl_ent($t) {
518 244
// entitity handler
519 244
    global $C;
520 244
    $t = $t[1];
521 244
    static $U = array('quot' => 1, 'amp' => 1, 'lt' => 1, 'gt' => 1);
522 149
    static $N = array('fnof' => '402', 'Alpha' => '913', 'Beta' => '914', 'Gamma' => '915', 'Delta' => '916', 'Epsilon' => '917', 'Zeta' => '918', 'Eta' => '919', 'Theta' => '920', 'Iota' => '921', 'Kappa' => '922', 'Lambda' => '923', 'Mu' => '924', 'Nu' => '925', 'Xi' => '926', 'Omicron' => '927', 'Pi' => '928', 'Rho' => '929', 'Sigma' => '931', 'Tau' => '932', 'Upsilon' => '933', 'Phi' => '934', 'Chi' => '935', 'Psi' => '936', 'Omega' => '937', 'alpha' => '945', 'beta' => '946', 'gamma' => '947', 'delta' => '948', 'epsilon' => '949', 'zeta' => '950', 'eta' => '951', 'theta' => '952', 'iota' => '953', 'kappa' => '954', 'lambda' => '955', 'mu' => '956', 'nu' => '957', 'xi' => '958', 'omicron' => '959', 'pi' => '960', 'rho' => '961', 'sigmaf' => '962', 'sigma' => '963', 'tau' => '964', 'upsilon' => '965', 'phi' => '966', 'chi' => '967', 'psi' => '968', 'omega' => '969', 'thetasym' => '977', 'upsih' => '978', 'piv' => '982', 'bull' => '8226', 'hellip' => '8230', 'prime' => '8242', 'Prime' => '8243', 'oline' => '8254', 'frasl' => '8260', 'weierp' => '8472', 'image' => '8465', 'real' => '8476', 'trade' => '8482', 'alefsym' => '8501', 'larr' => '8592', 'uarr' => '8593', 'rarr' => '8594', 'darr' => '8595', 'harr' => '8596', 'crarr' => '8629', 'lArr' => '8656', 'uArr' => '8657', 'rArr' => '8658', 'dArr' => '8659', 'hArr' => '8660', 'forall' => '8704', 'part' => '8706', 'exist' => '8707', 'empty' => '8709', 'nabla' => '8711', 'isin' => '8712', 'notin' => '8713', 'ni' => '8715', 'prod' => '8719', 'sum' => '8721', 'minus' => '8722', 'lowast' => '8727', 'radic' => '8730', 'prop' => '8733', 'infin' => '8734', 'ang' => '8736', 'and' => '8743', 'or' => '8744', 'cap' => '8745', 'cup' => '8746', 'int' => '8747', 'there4' => '8756', 'sim' => '8764', 'cong' => '8773', 'asymp' => '8776', 'ne' => '8800', 'equiv' => '8801', 'le' => '8804', 'ge' => '8805', 'sub' => '8834', 'sup' => '8835', 'nsub' => '8836', 'sube' => '8838', 'supe' => '8839', 'oplus' => '8853', 'otimes' => '8855', 'perp' => '8869', 'sdot' => '8901', 'lceil' => '8968', 'rceil' => '8969', 'lfloor' => '8970', 'rfloor' => '8971', 'lang' => '9001', 'rang' => '9002', 'loz' => '9674', 'spades' => '9824', 'clubs' => '9827', 'hearts' => '9829', 'diams' => '9830', 'apos' => '39', 'OElig' => '338', 'oelig' => '339', 'Scaron' => '352', 'scaron' => '353', 'Yuml' => '376', 'circ' => '710', 'tilde' => '732', 'ensp' => '8194', 'emsp' => '8195', 'thinsp' => '8201', 'zwnj' => '8204', 'zwj' => '8205', 'lrm' => '8206', 'rlm' => '8207', 'ndash' => '8211', 'mdash' => '8212', 'lsquo' => '8216', 'rsquo' => '8217', 'sbquo' => '8218', 'ldquo' => '8220', 'rdquo' => '8221', 'bdquo' => '8222', 'dagger' => '8224', 'Dagger' => '8225', 'permil' => '8240', 'lsaquo' => '8249', 'rsaquo' => '8250', 'euro' => '8364', 'nbsp' => '160', 'iexcl' => '161', 'cent' => '162', 'pound' => '163', 'curren' => '164', 'yen' => '165', 'brvbar' => '166', 'sect' => '167', 'uml' => '168', 'copy' => '169', 'ordf' => '170', 'laquo' => '171', 'not' => '172', 'shy' => '173', 'reg' => '174', 'macr' => '175', 'deg' => '176', 'plusmn' => '177', 'sup2' => '178', 'sup3' => '179', 'acute' => '180', 'micro' => '181', 'para' => '182', 'middot' => '183', 'cedil' => '184', 'sup1' => '185', 'ordm' => '186', 'raquo' => '187', 'frac14' => '188', 'frac12' => '189', 'frac34' => '190', 'iquest' => '191', 'Agrave' => '192', 'Aacute' => '193', 'Acirc' => '194', 'Atilde' => '195', 'Auml' => '196', 'Aring' => '197', 'AElig' => '198', 'Ccedil' => '199', 'Egrave' => '200', 'Eacute' => '201', 'Ecirc' => '202', 'Euml' => '203', 'Igrave' => '204', 'Iacute' => '205', 'Icirc' => '206', 'Iuml' => '207', 'ETH' => '208', 'Ntilde' => '209', 'Ograve' => '210', 'Oacute' => '211', 'Ocirc' => '212', 'Otilde' => '213', 'Ouml' => '214', 'times' => '215', 'Oslash' => '216', 'Ugrave' => '217', 'Uacute' => '218', 'Ucirc' => '219', 'Uuml' => '220', 'Yacute' => '221', 'THORN' => '222', 'szlig' => '223', 'agrave' => '224', 'aacute' => '225', 'acirc' => '226', 'atilde' => '227', 'auml' => '228', 'aring' => '229', 'aelig' => '230', 'ccedil' => '231', 'egrave' => '232', 'eacute' => '233', 'ecirc' => '234', 'euml' => '235', 'igrave' => '236', 'iacute' => '237', 'icirc' => '238', 'iuml' => '239', 'eth' => '240', 'ntilde' => '241', 'ograve' => '242', 'oacute' => '243', 'ocirc' => '244', 'otilde' => '245', 'ouml' => '246', 'divide' => '247', 'oslash' => '248', 'ugrave' => '249', 'uacute' => '250', 'ucirc' => '251', 'uuml' => '252', 'yacute' => '253', 'thorn' => '254', 'yuml' => '255');
523
    if ($t[0] != '#') {
524 109
        return ($C['and_mark'] ? "\x06" : '&').(isset($U[$t]) ? $t : (isset($N[$t]) ? (!$C['named_entity'] ? '#'.($C['hexdec_entity'] > 1 ? 'x'.dechex($N[$t]) : $N[$t]) : $t) : 'amp;'.$t)).';';
525 37
    }
526
    if (($n = ctype_digit($t = substr($t, 1)) ? intval($t) : hexdec(substr($t, 1))) < 9 or ($n > 13 && $n < 32) or $n == 11 or $n == 12 or ($n > 126 && $n < 160 && $n != 133) or ($n > 55295 && ($n < 57344 or ($n > 64975 && $n < 64992) or $n == 65534 or $n == 65535 or $n > 1114111))) {
527 73
        return ($C['and_mark'] ? "\x06" : '&')."amp;#{$t};";
528
    }
529
    return ($C['and_mark'] ? "\x06" : '&').'#'.(((ctype_digit($t) && $C['hexdec_entity'] < 2) or !$C['hexdec_entity']) ? $n : 'x'.dechex($n)).';';
530
}
531
532
function hl_prot($p, $c = null) {
533 541
// check URL scheme
534 541
    global $C;
535 541
    $b = $a = '';
536 25
    if ($c == null) {
537 25
        $c = 'style';
538 25
        $b = $p[1];
539 25
        $a = $p[3];
540
        $p = trim($p[2]);
541 541
    }
542 541
    $c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*'];
543 541
    static $d = 'denied:';
544 12
    if (isset($c['!']) && substr($p, 0, 7) != $d) {
545
        $p = "$d$p";
546 541
    }
547 127
    if (isset($c['*']) or !strcspn($p, '#?;') or (substr($p, 0, 7) == $d)) {
548
        return "{$b}{$p}{$a}";
549 520
    } // All ok, frag, query, param
550 314
    if (preg_match('`^([^:?[@!$()*,=/\'\]]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])) { // Denied prot
551
        return "{$b}{$d}{$p}{$a}";
552 207
    }
553
    if ($C['abs_url']) {
554
        if ($C['abs_url'] == -1 && strpos($p, $C['base_url']) === 0) { // Make url rel
555
            $p = substr($p, strlen($C['base_url']));
556
        } elseif (empty($m[1])) { // Make URL abs
557
            if (substr($p, 0, 2) == '//') {
558
                $p = substr($C['base_url'], 0, strpos($C['base_url'], ':') + 1).$p;
559
            } elseif ($p[0] == '/') {
560
                $p = preg_replace('`(^.+?://[^/]+)(.*)`', '$1', $C['base_url']).$p;
561
            } elseif (strcspn($p, './')) {
562
                $p = $C['base_url'].$p;
563
            } else {
564
                preg_match('`^([a-zA-Z\d\-+.]+://[^/]+)(.*)`', $C['base_url'], $m);
565
                $p = preg_replace('`(?<=/)\./`', '', $m[2].$p);
566
                while (preg_match('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', $p)) {
567
                    $p = preg_replace('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', '', $p);
568
                }
569
                $p = $m[1].$p;
570
            }
571
        }
572 207
    }
573
    return "{$b}{$p}{$a}";
574
}
575
576
function hl_regex($p) {
577
// check regex
578 1143
    if (empty($p)) {
579
        return 0;
580
    }
581 1143
    if ($t = ini_get('track_errors')) {
582 1143
        $o = isset($php_errormsg) ? $php_errormsg : null;
583
    } else {
584
        ini_set('track_errors', 1);
585
    }
586 1143
    unset($php_errormsg);
587 1143
    if (($d = ini_get('display_errors'))) {
588 1143
        ini_set('display_errors', 0);
589
    }
590 1143
    preg_match($p, '');
591 1143
    if ($d) {
592 1143
        ini_set('display_errors', 1);
593
    }
594 1143
    $r = isset($php_errormsg) ? 0 : 1;
595 1143
    if ($t) {
596 1143
        $php_errormsg = isset($o) ? $o : null;
0 ignored issues
show
Unused Code introduced by
$php_errormsg is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
597
    } else {
598
        ini_set('track_errors', 0);
599
    }
600 1143
    return $r;
601
}
602
603
function hl_spec($t) {
604
// final $spec
605
    $s = array();
606 559
    $t = str_replace(array("\t", "\r", "\n", ' '), '', preg_replace_callback('/"(?>(`.|[^"])*)"/sm', create_function('$m', 'return substr(str_replace(array(";", "|", "~", " ", ",", "/", "(", ")", \'`"\'), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", "\""), $m[0]), 1, -1);'), trim($t)));
607 559
    for ($i = count(($t = explode(';', $t))); --$i >= 0;) {
608 559
        $w = $t[$i];
609 559
        if (empty($w) or ($e = strpos($w, '=')) === false or !strlen(($a = substr($w, $e + 1)))) {
610 559
            continue;
611 559
        }
612
        $y = $n = array();
613
        foreach (explode(',', $a) as $v) {
614
            if (!preg_match('`^([a-z][^=/()]+)(?:\((.*?)\))?`i', $v, $m)) {
615
                continue;
616
            }
617
            if (($x = strtolower($m[1])) == '-*') {
618
                $n['*'] = 1;
619
                continue;
620
            }
621
            if ($x[0] == '-') {
622
                $n[substr($x, 1)] = 1;
623
                continue;
624
            }
625
            if (!isset($m[2])) {
626
                $y[$x] = 1;
627
                continue;
628
            }
629
            foreach (explode('/', $m[2]) as $m) {
630
                if (empty($m) or ($p = strpos($m, '=')) == 0 or $p < 5) {
631
                    $y[$x] = 1;
632
                    continue;
633
                }
634
                $y[$x][strtolower(substr($m, 0, $p))] = str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08"), array(";", "|", "~", " ", ",", "/", "(", ")"), substr($m, $p + 1));
635
            }
636 View Code Duplication
            if (isset($y[$x]['match']) && !hl_regex($y[$x]['match'])) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
637
                unset($y[$x]['match']);
638
            }
639 View Code Duplication
            if (isset($y[$x]['nomatch']) && !hl_regex($y[$x]['nomatch'])) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
640
                unset($y[$x]['nomatch']);
641
            }
642
        }
643
        if (!count($y) && !count($n)) {
644
            continue;
645
        }
646
        foreach (explode(',', substr($w, 0, $e)) as $v) {
647
            if (!strlen(($v = strtolower($v)))) {
648
                continue;
649
            }
650
            if (count($y)) {
651
                $s[$v] = $y;
652
            }
653
            if (count($n)) {
654
                $s[$v]['n'] = $n;
655
            }
656
        }
657
    }
658
    return $s;
659 559
}
660
661
function hl_tag($t) {
662
// tag/attribute handler
663
    global $C;
664
    $t = $t[0];
665 1609
// invalid < >
666 1609
    if ($t == '< ') {
667
        return '&lt; ';
668 1609
    }
669
    if ($t == '>') {
670
        return '&gt;';
671 1609
    }
672 199
    if (!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)) {
673
        return str_replace(array('<', '>'), array('&lt;', '&gt;'), $t);
674 1609
    } elseif (!isset($C['elements'][($e = strtolower($m[2]))])) {
675 91
        return (($C['keep_bad'] % 2) ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : '');
676 1555
    }
677 842
// attr string
678
    $a = str_replace(array("\n", "\r", "\t"), ' ', trim($m[3]));
679
// tag transform
680 787
    static $eD = array('acronym' => 1, 'applet' => 1, 'big' => 1, 'center' => 1, 'dir' => 1, 'font' => 1, 'isindex' => 1, 's' => 1, 'strike' => 1, 'tt' => 1); // Deprecated
681
    if ($C['make_tag_strict'] && isset($eD[$e])) {
682 787
        $trt = hl_tag2($e, $a, $C['make_tag_strict']);
683 787
        if (!$e) {
684
            return (($C['keep_bad'] % 2) ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : '');
685
        }
686
    }
687
// close tag
688
    static $eE = array('area' => 1, 'br' => 1, 'col' => 1, 'command' => 1, 'embed' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'isindex' => 1, 'keygen' => 1, 'link' => 1, 'meta' => 1, 'param' => 1, 'source' => 1, 'track' => 1, 'wbr' => 1); // Empty ele
689
    if (!empty($m[1])) {
690 787
        return (!isset($eE[$e]) ? (empty($C['hook_tag']) ? "</$e>" : $C['hook_tag']($e)) : (($C['keep_bad']) % 2 ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : ''));
691 787
    }
692 264
693
// open tag & attr
694
    static $aN = array('abbr' => array('td' => 1, 'th' => 1), 'accept' => array('form' => 1, 'input' => 1), 'accept-charset' => array('form' => 1), 'action' => array('form' => 1), 'align' => array('applet' => 1, 'caption' => 1, 'col' => 1, 'colgroup' => 1, 'div' => 1, 'embed' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'object' => 1, 'p' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'allowfullscreen' => array('iframe' => 1), 'alt' => array('applet' => 1, 'area' => 1, 'img' => 1, 'input' => 1), 'archive' => array('applet' => 1, 'object' => 1), 'async' => array('script' => 1), 'autocomplete' => array('form' => 1, 'input' => 1), 'autofocus' => array('button' => 1, 'input' => 1, 'keygen' => 1, 'select' => 1, 'textarea' => 1), 'autoplay' => array('audio' => 1, 'video' => 1), 'axis' => array('td' => 1, 'th' => 1), 'bgcolor' => array('embed' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1), 'border' => array('img' => 1, 'object' => 1, 'table' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'cellpadding' => array('table' => 1), 'cellspacing' => array('table' => 1), 'challenge' => array('keygen' => 1), 'char' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charoff' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charset' => array('a' => 1, 'script' => 1), 'checked' => array('command' => 1, 'input' => 1), 'cite' => array('blockquote' => 1, 'del' => 1, 'ins' => 1, 'q' => 1), 'classid' => array('object' => 1), 'clear' => array('br' => 1), 'code' => array('applet' => 1), 'codebase' => array('applet' => 1, 'object' => 1), 'codetype' => array('object' => 1), 'color' => array('font' => 1), 'cols' => array('textarea' => 1), 'colspan' => array('td' => 1, 'th' => 1), 'compact' => array('dir' => 1, 'dl' => 1, 'menu' => 1, 'ol' => 1, 'ul' => 1), 'content' => array('meta' => 1), 'controls' => array('audio' => 1, 'video' => 1), 'coords' => array('a' => 1, 'area' => 1), 'crossorigin' => array('img' => 1), 'data' => array('object' => 1), 'datetime' => array('del' => 1, 'ins' => 1, 'time' => 1), 'declare' => array('object' => 1), 'default' => array('track' => 1), 'defer' => array('script' => 1), 'dirname' => array('input' => 1, 'textarea' => 1), 'disabled' => array('button' => 1, 'command' => 1, 'fieldset' => 1, 'input' => 1, 'keygen' => 1, 'optgroup' => 1, 'option' => 1, 'select' => 1, 'textarea' => 1), 'download' => array('a' => 1), 'enctype' => array('form' => 1), 'face' => array('font' => 1), 'flashvars' => array('embed' => 1), 'for' => array('label' => 1, 'output' => 1), 'form' => array('button' => 1, 'fieldset' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'object' => 1, 'output' => 1, 'select' => 1, 'textarea' => 1), 'formaction' => array('button' => 1, 'input' => 1), 'formenctype' => array('button' => 1, 'input' => 1), 'formmethod' => array('button' => 1, 'input' => 1), 'formnovalidate' => array('button' => 1, 'input' => 1), 'formtarget' => array('button' => 1, 'input' => 1), 'frame' => array('table' => 1), 'frameborder' => array('iframe' => 1), 'headers' => array('td' => 1, 'th' => 1), 'height' => array('applet' => 1, 'canvas' => 1, 'embed' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'td' => 1, 'th' => 1, 'video' => 1), 'high' => array('meter' => 1), 'href' => array('a' => 1, 'area' => 1, 'link' => 1), 'hreflang' => array('a' => 1, 'area' => 1, 'link' => 1), 'hspace' => array('applet' => 1, 'embed' => 1, 'img' => 1, 'object' => 1), 'icon' => array('command' => 1), 'ismap' => array('img' => 1, 'input' => 1), 'keyparams' => array('keygen' => 1), 'keytype' => array('keygen' => 1), 'kind' => array('track' => 1), 'label' => array('command' => 1, 'menu' => 1, 'option' => 1, 'optgroup' => 1, 'track' => 1), 'language' => array('script' => 1), 'list' => array('input' => 1), 'longdesc' => array('img' => 1, 'iframe' => 1), 'loop' => array('audio' => 1, 'video' => 1), 'low' => array('meter' => 1), 'marginheight' => array('iframe' => 1), 'marginwidth' => array('iframe' => 1), 'max' => array('input' => 1, 'meter' => 1, 'progress' => 1), 'maxlength' => array('input' => 1, 'textarea' => 1), 'media' => array('a' => 1, 'area' => 1, 'link' => 1, 'source' => 1, 'style' => 1), 'mediagroup' => array('audio' => 1, 'video' => 1), 'method' => array('form' => 1), 'min' => array('input' => 1, 'meter' => 1), 'model' => array('embed' => 1), 'multiple' => array('input' => 1, 'select' => 1), 'muted' => array('audio' => 1, 'video' => 1), 'name' => array('a' => 1, 'applet' => 1, 'button' => 1, 'embed' => 1, 'fieldset' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'keygen' => 1, 'map' => 1, 'object' => 1, 'output' => 1, 'param' => 1, 'select' => 1, 'textarea' => 1), 'nohref' => array('area' => 1), 'noshade' => array('hr' => 1), 'novalidate' => array('form' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'object' => array('applet' => 1), 'open' => array('details' => 1), 'optimum' => array('meter' => 1), 'pattern' => array('input' => 1), 'ping' => array('a' => 1, 'area' => 1), 'placeholder' => array('input' => 1, 'textarea' => 1), 'pluginspage' => array('embed' => 1), 'pluginurl' => array('embed' => 1), 'poster' => array('video' => 1), 'pqg' => array('keygen' => 1), 'preload' => array('audio' => 1, 'video' => 1), 'prompt' => array('isindex' => 1), 'pubdate' => array('time' => 1), 'radiogroup' => array('command' => 1), 'readonly' => array('input' => 1, 'textarea' => 1), 'rel' => array('a' => 1, 'area' => 1, 'link' => 1), 'required' => array('input' => 1, 'select' => 1, 'textarea' => 1), 'rev' => array('a' => 1), 'reversed' => array('ol' => 1), 'rows' => array('textarea' => 1), 'rowspan' => array('td' => 1, 'th' => 1), 'rules' => array('table' => 1), 'sandbox' => array('iframe' => 1), 'scope' => array('td' => 1, 'th' => 1), 'scoped' => array('style' => 1), 'scrolling' => array('iframe' => 1), 'seamless' => array('iframe' => 1), 'selected' => array('option' => 1), 'shape' => array('a' => 1, 'area' => 1), 'size' => array('font' => 1, 'hr' => 1, 'input' => 1, 'select' => 1), 'sizes' => array('link' => 1), 'span' => array('col' => 1, 'colgroup' => 1), 'src' => array('audio' => 1, 'embed' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'script' => 1, 'source' => 1, 'track' => 1, 'video' => 1), 'srcdoc' => array('iframe' => 1), 'srclang' => array('track' => 1), 'srcset' => array('img' => 1), 'standby' => array('object' => 1), 'start' => array('ol' => 1), 'step' => array('input' => 1), 'summary' => array('table' => 1), 'target' => array('a' => 1, 'area' => 1, 'form' => 1), 'type' => array('a' => 1, 'area' => 1, 'button' => 1, 'command' => 1, 'embed' => 1, 'input' => 1, 'li' => 1, 'link' => 1, 'menu' => 1, 'object' => 1, 'ol' => 1, 'param' => 1, 'script' => 1, 'source' => 1, 'style' => 1, 'ul' => 1), 'typemustmatch' => array('object' => 1), 'usemap' => array('img' => 1, 'input' => 1, 'object' => 1), 'valign' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'value' => array('button' => 1, 'data' => 1, 'input' => 1, 'li' => 1, 'meter' => 1, 'option' => 1, 'param' => 1, 'progress' => 1), 'valuetype' => array('param' => 1), 'vspace' => array('applet' => 1, 'embed' => 1, 'img' => 1, 'object' => 1), 'width' => array('applet' => 1, 'canvas' => 1, 'col' => 1, 'colgroup' => 1, 'embed' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'pre' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'video' => 1), 'wmode' => array('embed' => 1), 'wrap' => array('textarea' => 1)); // Ele-specific
695 787
    static $aNA = array('aria-activedescendant' => 1, 'aria-atomic' => 1, 'aria-autocomplete' => 1, 'aria-busy' => 1, 'aria-checked' => 1, 'aria-controls' => 1, 'aria-describedby' => 1, 'aria-disabled' => 1, 'aria-dropeffect' => 1, 'aria-expanded' => 1, 'aria-flowto' => 1, 'aria-grabbed' => 1, 'aria-haspopup' => 1, 'aria-hidden' => 1, 'aria-invalid' => 1, 'aria-label' => 1, 'aria-labelledby' => 1, 'aria-level' => 1, 'aria-live' => 1, 'aria-multiline' => 1, 'aria-multiselectable' => 1, 'aria-orientation' => 1, 'aria-owns' => 1, 'aria-posinset' => 1, 'aria-pressed' => 1, 'aria-readonly' => 1, 'aria-relevant' => 1, 'aria-required' => 1, 'aria-selected' => 1, 'aria-setsize' => 1, 'aria-sort' => 1, 'aria-valuemax' => 1, 'aria-valuemin' => 1, 'aria-valuenow' => 1, 'aria-valuetext' => 1); // ARIA
696 787
    static $aNE = array('allowfullscreen' => 1, 'checkbox' => 1, 'checked' => 1, 'command' => 1, 'compact' => 1, 'declare' => 1, 'defer' => 1, 'default' => 1, 'disabled' => 1, 'hidden' => 1, 'inert' => 1, 'ismap' => 1, 'itemscope' => 1, 'multiple' => 1, 'nohref' => 1, 'noresize' => 1, 'noshade' => 1, 'nowrap' => 1, 'open' => 1, 'radio' => 1, 'readonly' => 1, 'required' => 1, 'reversed' => 1, 'selected' => 1); // Empty
697 787
    static $aNO = array('onabort' => 1, 'onblur' => 1, 'oncanplay' => 1, 'oncanplaythrough' => 1, 'onchange' => 1, 'onclick' => 1, 'oncontextmenu' => 1, 'oncopy' => 1, 'oncuechange' => 1, 'oncut' => 1, 'ondblclick' => 1, 'ondrag' => 1, 'ondragend' => 1, 'ondragenter' => 1, 'ondragleave' => 1, 'ondragover' => 1, 'ondragstart' => 1, 'ondrop' => 1, 'ondurationchange' => 1, 'onemptied' => 1, 'onended' => 1, 'onerror' => 1, 'onfocus' => 1, 'onformchange' => 1, 'onforminput' => 1, 'oninput' => 1, 'oninvalid' => 1, 'onkeydown' => 1, 'onkeypress' => 1, 'onkeyup' => 1, 'onload' => 1, 'onloadeddata' => 1, 'onloadedmetadata' => 1, 'onloadstart' => 1, 'onlostpointercapture' => 1, 'onmousedown' => 1, 'onmousemove' => 1, 'onmouseout' => 1, 'onmouseover' => 1, 'onmouseup' => 1, 'onmousewheel' => 1, 'onpaste' => 1, 'onpause' => 1, 'onplay' => 1, 'onplaying' => 1, 'onpointercancel' => 1, 'ongotpointercapture' => 1, 'onpointerdown' => 1, 'onpointerenter' => 1, 'onpointerleave' => 1, 'onpointermove' => 1, 'onpointerout' => 1, 'onpointerover' => 1, 'onpointerup' => 1, 'onprogress' => 1, 'onratechange' => 1, 'onreadystatechange' => 1, 'onreset' => 1, 'onsearch' => 1, 'onscroll' => 1, 'onseeked' => 1, 'onseeking' => 1, 'onselect' => 1, 'onshow' => 1, 'onstalled' => 1, 'onsubmit' => 1, 'onsuspend' => 1, 'ontimeupdate' => 1, 'ontoggle' => 1, 'ontouchcancel' => 1, 'ontouchend' => 1, 'ontouchmove' => 1, 'ontouchstart' => 1, 'onvolumechange' => 1, 'onwaiting' => 1, 'onwheel' => 1); // Event
698 787
    static $aNP = array('action' => 1, 'cite' => 1, 'classid' => 1, 'codebase' => 1, 'data' => 1, 'href' => 1, 'itemtype' => 1, 'longdesc' => 1, 'model' => 1, 'pluginspage' => 1, 'pluginurl' => 1, 'src' => 1, 'srcset' => 1, 'usemap' => 1); // Need scheme check; excludes style, on*
699
    static $aNU = array('accesskey' => 1, 'class' => 1, 'contenteditable' => 1, 'contextmenu' => 1, 'dir' => 1, 'draggable' => 1, 'dropzone' => 1, 'hidden' => 1, 'id' => 1, 'inert' => 1, 'itemid' => 1, 'itemprop' => 1, 'itemref' => 1, 'itemscope' => 1, 'itemtype' => 1, 'lang' => 1, 'role' => 1, 'spellcheck' => 1, 'style' => 1, 'tabindex' => 1, 'title' => 1, 'translate' => 1, 'xmlns' => 1, 'xml:base' => 1, 'xml:lang' => 1, 'xml:space' => 1); // Univ; excludes on*, aria*
700 787
701
    if ($C['lc_std_val']) {
702 787
        // predef attr vals for $eAL & $aNE ele
703 787
        static $aNL = array('all' => 1, 'auto' => 1, 'baseline' => 1, 'bottom' => 1, 'button' => 1, 'captions' => 1, 'center' => 1, 'chapters' => 1, 'char' => 1, 'checkbox' => 1, 'circle' => 1, 'col' => 1, 'colgroup' => 1, 'color' => 1, 'cols' => 1, 'data' => 1, 'date' => 1, 'datetime' => 1, 'datetime-local' => 1, 'default' => 1, 'descriptions' => 1, 'email' => 1, 'file' => 1, 'get' => 1, 'groups' => 1, 'hidden' => 1, 'image' => 1, 'justify' => 1, 'left' => 1, 'ltr' => 1, 'metadata' => 1, 'middle' => 1, 'month' => 1, 'none' => 1, 'number' => 1, 'object' => 1, 'password' => 1, 'poly' => 1, 'post' => 1, 'preserve' => 1, 'radio' => 1, 'range' => 1, 'rect' => 1, 'ref' => 1, 'reset' => 1, 'right' => 1, 'row' => 1, 'rowgroup' => 1, 'rows' => 1, 'rtl' => 1, 'search' => 1, 'submit' => 1, 'subtitles' => 1, 'tel' => 1, 'text' => 1, 'time' => 1, 'top' => 1, 'url' => 1, 'week' => 1);
704 787
        static $eAL = array('a' => 1, 'area' => 1, 'bdo' => 1, 'button' => 1, 'col' => 1, 'fieldset' => 1, 'form' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'ol' => 1, 'optgroup' => 1, 'option' => 1, 'param' => 1, 'script' => 1, 'select' => 1, 'table' => 1, 'td' => 1, 'textarea' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1, 'track' => 1, 'xml:space' => 1);
705
        $lcase = isset($eAL[$e]) ? 1 : 0;
706
    }
707 787
708 787
    $depTr = 0;
709
    if ($C['no_deprecated_attr']) {
710 787
        // depr attr:applicable ele
711 787
        static $aND = array('align' => array('caption' => 1, 'div' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'object' => 1, 'p' => 1, 'table' => 1), 'bgcolor' => array('table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1), 'border' => array('object' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'cellspacing' => array('table' => 1), 'clear' => array('br' => 1), 'compact' => array('dl' => 1, 'ol' => 1, 'ul' => 1), 'height' => array('td' => 1, 'th' => 1), 'hspace' => array('img' => 1, 'object' => 1), 'language' => array('script' => 1), 'name' => array('a' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'map' => 1), 'noshade' => array('hr' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'size' => array('hr' => 1), 'vspace' => array('img' => 1, 'object' => 1), 'width' => array('hr' => 1, 'pre' => 1, 'table' => 1, 'td' => 1, 'th' => 1));
712 787
        static $eAD = array('a' => 1, 'br' => 1, 'caption' => 1, 'div' => 1, 'dl' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'map' => 1, 'object' => 1, 'ol' => 1, 'p' => 1, 'pre' => 1, 'script' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1, 'ul' => 1);
713
        $depTr = isset($eAD[$e]) ? 1 : 0;
714
    }
715
716 787
// attr name-vals
717
    if (strpos($a, "\x01") !== false) {
718
        $a = preg_replace('`\x01[^\x01]*\x01`', '', $a);
719 787
    } // No comment/CDATA sec
720 787
    $mode = 0;
721 787
    $a = trim($a, ' /');
722 787
    $aA = array();
723 763
    while (strlen($a)) {
724
        $w = 0;
725 763
        switch ($mode) {
726 763
            case 0: // Name
727 745
                if (preg_match('`^[a-zA-Z][^\s=/]+`', $a, $m)) {
728 745
                    $nm = strtolower($m[0]);
729 745
                    $w = $mode = 1;
730
                    $a = ltrim(substr_replace($a, '', 0, strlen($m[0])));
731 763
                }
732 745
                break;
733 745
            case 1:
734 745
                if ($a[0] == '=') { // =
735 745
                    $w = 1;
736 745
                    $mode = 2;
737
                    $a = ltrim($a, '= ');
738
                } else { // No val
739
                    $w = 1;
740
                    $mode = 0;
741
                    $a = ltrim($a);
742
                    $aA[$nm] = '';
0 ignored issues
show
Bug introduced by
The variable $nm does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
743 745
                }
744 745
                break;
745 745
            case 2: // Val
746 745
                if (preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)) {
747 745
                    $a = ltrim($m[2]);
748 745
                    $m = $m[1];
749 745
                    $w = 1;
750 745
                    $mode = 0;
751
                    $aA[$nm] = trim(str_replace('<', '&lt;', ($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m));
752 745
                }
753
                break;
754 763
        }
755 148
        if ($w == 0) { // Parse errs, deal with space, " & '
756 148
            $a = preg_replace('`^(?:"[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*`', '', $a);
757
            $mode = 0;
758
        }
759 787
    }
760
    if ($mode == 1) {
761
        $aA[$nm] = '';
762
    }
763
764 787
// clean attrs
765 787
    global $S;
766 787
    $rl = isset($S[$e]) ? $S[$e] : array();
767 787
    $a = array();
768 787
    $nfr = 0;
769 745
    $d = $C['deny_attribute'];
770 605
    foreach ($aA as $k => $v) {
771
        if (((isset($d['*']) ? isset($d[$k]) : !isset($d[$k])) && (isset($aN[$k][$e]) or isset($aNU[$k]) or (isset($aNO[$k]) && !isset($d['on*'])) or (isset($aNA[$k]) && !isset($d['aria*'])) or (!isset($d['data*']) && preg_match('`data-((?!xml)[^:]+$)`', $k))) && !isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])) {
772 605
            if (isset($aNE[$k])) {
773 561
                $v = $k;
774
            } elseif (!empty($lcase) && (($e != 'button' or $e != 'input') or $k == 'type')) { // Rather loose but ?not cause issues
775 605
                $v = (isset($aNL[($v2 = strtolower($v))])) ? $v2 : $v;
776 62
            }
777
            if ($k == 'style' && !$C['style_pass']) {
778
                if (false !== strpos($v, '&#')) {
779
                    static $sC = array('&#x20;' => ' ', '&#32;' => ' ', '&#x45;' => 'e', '&#69;' => 'e', '&#x65;' => 'e', '&#101;' => 'e', '&#x58;' => 'x', '&#88;' => 'x', '&#x78;' => 'x', '&#120;' => 'x', '&#x50;' => 'p', '&#80;' => 'p', '&#x70;' => 'p', '&#112;' => 'p', '&#x53;' => 's', '&#83;' => 's', '&#x73;' => 's', '&#115;' => 's', '&#x49;' => 'i', '&#73;' => 'i', '&#x69;' => 'i', '&#105;' => 'i', '&#x4f;' => 'o', '&#79;' => 'o', '&#x6f;' => 'o', '&#111;' => 'o', '&#x4e;' => 'n', '&#78;' => 'n', '&#x6e;' => 'n', '&#110;' => 'n', '&#x55;' => 'u', '&#85;' => 'u', '&#x75;' => 'u', '&#117;' => 'u', '&#x52;' => 'r', '&#82;' => 'r', '&#x72;' => 'r', '&#114;' => 'r', '&#x4c;' => 'l', '&#76;' => 'l', '&#x6c;' => 'l', '&#108;' => 'l', '&#x28;' => '(', '&#40;' => '(', '&#x29;' => ')', '&#41;' => ')', '&#x20;' => ':', '&#32;' => ':', '&#x22;' => '"', '&#34;' => '"', '&#x27;' => "'", '&#39;' => "'", '&#x2f;' => '/', '&#47;' => '/', '&#x2a;' => '*', '&#42;' => '*', '&#x5c;' => '\\', '&#92;' => '\\');
780 62
                    $v = strtr($v, $sC);
781 62
                }
782 548
                $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v);
783 517
                $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v;
784 517
            } elseif (isset($aNP[$k]) or isset($aNO[$k])) {
785 517
                $v = str_replace("­", ' ', (strpos($v, '&') !== false ? str_replace(array('&#xad;', '&#173;', '&shy;'), ' ', $v) : $v)); # double-quoted char: soft-hyphen; appears here as "­" or hyphen or something else depending on viewing software
786 132
                if ($k == 'srcset') {
787
                    $v2 = '';
788 132
                    foreach (explode(',', $v) as $k1 => $v1) {
789 89
                        $v1 = explode(' ', ltrim($v1), 2);
790 89
                        $k1 = isset($v1[1]) ? trim($v1[1]) : '';
791
                        $v1 = trim($v1[0]);
792
                        if (isset($v1[0])) {
793 89
                            $v2 .= hl_prot($v1, $k).(empty($k1) ? '' : ' '.$k1).', ';
794 89
                        }
795 89
                    }
796 29
                    $v = trim($v2, ', ');
797 29
                }
798
                if ($k == 'itemtype') {
799 89
                    $v2 = '';
800 1
                    foreach (explode(' ', $v) as $v1) {
801 1
                        if (isset($v1[0])) {
802
                            $v2 .= hl_prot($v1, $k).' ';
803
                        }
804 88
                    }
805
                    $v = trim($v2, ' ');
806
                } else {
807
                $v = hl_prot($v, $k);
808
                }
809
                if ($k == 'href') { // X-spam
810 605
                    if ($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0) {
811
                        $v = str_replace('@', htmlspecialchars($C['anti_mail_spam']), $v);
812
                    } elseif ($C['anti_link_spam']) {
813 745
                        $r1 = $C['anti_link_spam'][1];
814
                        if (!empty($r1) && preg_match($r1, $v)) {
815
                            continue;
816 787
                        }
817
                        $r0 = $C['anti_link_spam'][0];
818
                        if (!empty($r0) && preg_match($r0, $v)) {
819
                            if (isset($a['rel'])) {
820
                                if (!preg_match('`\bnofollow\b`i', $a['rel'])) {
821 787
                                    $a['rel'] .= ' nofollow';
822 787
                                }
823 451
                            } elseif (isset($aA['rel'])) {
824 451
                                if (!preg_match('`\bnofollow\b`i', $aA['rel'])) {
825 451
                                    $nfr = 1;
826
                                }
827
                            } else {
828
                                $a['rel'] = 'nofollow';
829
                            }
830
                        }
831 787
                    }
832 763
                }
833 763
            }
834 648
            if (isset($rl[$k]) && is_array($rl[$k]) && ($v = hl_attrval($k, $v, $rl[$k])) === 0) {
835 648
                continue;
836
            }
837
            $a[$k] = str_replace('"', '&quot;', $v);
838
        }
839
    }
840
    if ($nfr) {
841
        $a['rel'] = isset($a['rel']) ? $a['rel'].' nofollow' : 'nofollow';
842
    }
843
844
// rqd attr
845
    static $eAR = array('area' => array('alt' => 'area'), 'bdo' => array('dir' => 'ltr'), 'command' => array('label' => ''), 'form' => array('action' => ''), 'img' => array('src' => '', 'alt' => 'image'), 'map' => array('name' => ''), 'optgroup' => array('label' => ''), 'param' => array('name' => ''), 'style' => array('scoped' => ''), 'textarea' => array('rows' => '10', 'cols' => '50'));
846
    if (isset($eAR[$e])) {
847
        foreach ($eAR[$e] as $k => $v) {
848
            if (!isset($a[$k])) {
849
                $a[$k] = isset($v[0]) ? $v : $k;
850
            }
851
        }
852
    }
853
854
// depr attr
855
    if ($depTr) {
856
        $c = array();
857
        foreach ($a as $k => $v) {
858
            if ($k == 'style' or !isset($aND[$k][$e])) {
859
                continue;
860
            }
861
            if ($k == 'align') {
862
                unset($a['align']);
863
                if ($e == 'img' && ($v == 'left' or $v == 'right')) {
864
                    $c[] = 'float: '.$v;
865
                } elseif (($e == 'div' or $e == 'table') && $v == 'center') {
866
                    $c[] = 'margin: auto';
867
                } else {
868
                    $c[] = 'text-align: '.$v;
869
                }
870
            } elseif ($k == 'bgcolor') {
871
                unset($a['bgcolor']);
872
                $c[] = 'background-color: '.$v;
873
            } elseif ($k == 'border') {
874
                unset($a['border']);
875
                $c[] = "border: {$v}px";
876
            } elseif ($k == 'bordercolor') {
877
                unset($a['bordercolor']);
878
                $c[] = 'border-color: '.$v;
879
            } elseif ($k == 'cellspacing') {
880
                unset($a['cellspacing']);
881
                $c[] = "border-spacing: {$v}px";
882 View Code Duplication
            } elseif ($k == 'clear') {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
883
                unset($a['clear']);
884
                $c[] = 'clear: '.($v != 'all' ? $v : 'both');
885
            } elseif ($k == 'compact') {
886
                unset($a['compact']);
887
                $c[] = 'font-size: 85%';
888
            } elseif ($k == 'height' or $k == 'width') {
889
                unset($a[$k]);
890
                $c[] = $k.': '.($v[0] != '*' ? $v.(ctype_digit($v) ? 'px' : '') : 'auto');
891
            } elseif ($k == 'hspace') {
892
                unset($a['hspace']);
893
                $c[] = "margin-left: {$v}px; margin-right: {$v}px";
894
            } elseif ($k == 'language' && !isset($a['type'])) {
895
                unset($a['language']);
896
                $a['type'] = 'text/'.strtolower($v);
897 763
            } elseif ($k == 'name') {
898
                if ($C['no_deprecated_attr'] == 2 or ($e != 'a' && $e != 'map')) {
899
                    unset($a['name']);
900
                }
901
                if (!isset($a['id']) && !preg_match('`\W`', $v)) {
902
                    $a['id'] = $v;
903 787
                }
904
            } elseif ($k == 'noshade') {
905
                unset($a['noshade']);
906
                $c[] = 'border-style: none; border: 0; background-color: gray; color: gray';
907
            } elseif ($k == 'nowrap') {
908
                unset($a['nowrap']);
909
                $c[] = 'white-space: nowrap';
910 View Code Duplication
            } elseif ($k == 'size') {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
911
                unset($a['size']);
912
                $c[] = 'size: '.$v.'px';
913
            } elseif ($k == 'vspace') {
914 787
                unset($a['vspace']);
915
                $c[] = "margin-top: {$v}px; margin-bottom: {$v}px";
916
            }
917
        }
918
        if (count($c)) {
919
            $c = implode('; ', $c);
920
            $a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;').'; '.$c.';' : $c.';';
921 787
        }
922
    }
923
// unique ID
924
    if ($C['unique_ids'] && isset($a['id'])) {
925 787
        if (preg_match('`\s`', ($id = $a['id'])) or (isset($GLOBALS['hl_Ids'][$id]) && $C['unique_ids'] == 1)) {
926 787
            unset($a['id']);
927 787
        } else {
928 659
            while (isset($GLOBALS['hl_Ids'][$id])) {
929
                $id = $C['unique_ids'].$id;
930 787
            }
931
            $GLOBALS['hl_Ids'][($a['id'] = $id)] = 1;
932
        }
933
    }
934
// xml:lang
935
    if ($C['xml:lang'] && isset($a['lang'])) {
936
        $a['xml:lang'] = isset($a['xml:lang']) ? $a['xml:lang'] : $a['lang'];
937
        if ($C['xml:lang'] == 2) {
938
            unset($a['lang']);
939
        }
940
    }
941
// for transformed tag
942
    if (!empty($trt)) {
943
        $a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;').'; '.$trt : $trt;
944
    }
945
// return with empty ele /
946
    if (empty($C['hook_tag'])) {
947
        $aA = '';
948
        foreach ($a as $k => $v) {
949
            $aA .= " {$k}=\"{$v}\"";
950
        }
951
        return "<{$e}{$aA}".(isset($eE[$e]) ? ' /' : '').'>';
952
    } else {
953
        return $C['hook_tag']($e, $a);
954
    }
955
}
956
957
function hl_tag2(&$e, &$a, $t = 1) {
958
// transform tag
959
    if ($e == 'big') {
960
        $e = 'span';
961
        return 'font-size: larger;';
962
    }
963
    if ($e == 's' or $e == 'strike') {
964
        $e = 'span';
965
        return 'text-decoration: line-through;';
966
    }
967
    if ($e == 'tt') {
968
        $e = 'code';
969
        return '';
970
    }
971
    if ($e == 'center') {
972
        $e = 'div';
973
        return 'text-align: center;';
974
    }
975
    static $fs = array('0' => 'xx-small', '1' => 'xx-small', '2' => 'small', '3' => 'medium', '4' => 'large', '5' => 'x-large', '6' => 'xx-large', '7' => '300%', '-1' => 'smaller', '-2' => '60%', '+1' => 'larger', '+2' => '150%', '+3' => '200%', '+4' => '300%');
976
    if ($e == 'font') {
977
        $a2 = '';
978
        while (preg_match('`(^|\s)(color|size)\s*=\s*(\'|")?(.+?)(\\3|\s|$)`i', $a, $m)) {
979
            $a = str_replace($m[0], ' ', $a);
980
            $a2 .= strtolower($m[2]) == 'color' ? (' color: '.str_replace('"', '\'', trim($m[4])).';') : (isset($fs[($m = trim($m[4]))]) ? ($a2 .= ' font-size: '.str_replace('"', '\'', $fs[$m]).';') : '');
981
        }
982
        while (preg_match('`(^|\s)face\s*=\s*(\'|")?([^=]+?)\\2`i', $a, $m) or preg_match('`(^|\s)face\s*=(\s*)(\S+)`i', $a, $m)) {
983
            $a = str_replace($m[0], ' ', $a);
984
            $a2 .= ' font-family: '.str_replace('"', '\'', trim($m[3])).';';
985
        }
986
        $e = 'span';
987
        return ltrim(str_replace('<', '', $a2));
988
    }
989
    if ($e == 'acronym') {
990
        $e = 'abbr';
991
        return '';
992
    }
993
    if ($e == 'dir') {
994
        $e = 'ul';
995
        return '';
996
    }
997
    if ($t == 2) {
998
        $e = 0;
999
        return 0;
1000
    }
1001
    return '';
1002
}
1003
1004
function hl_tidy($t, $w, $p) {
1005
// tidy/compact HTM
1006
    if (strpos(' pre,script,textarea', "$p,")) {
1007
        return $t;
1008
    }
1009
    $t = preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t));
1010
    if (($w = strtolower($w)) == -1) {
1011
        return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t);
1012
    }
1013
    $s = strpos(" $w", 't') ? "\t" : ' ';
1014
    $s = preg_match('`\d`', $w, $m) ? str_repeat($s, $m[0]) : str_repeat($s, ($s == "\t" ? 1 : 2));
1015
    $N = preg_match('`[ts]([1-9])`', $w, $m) ? $m[1] : 0;
1016
    $a = array('br' => 1);
1017
    $b = array('button' => 1, 'command' => 1, 'input' => 1, 'option' => 1, 'param' => 1, 'track' => 1);
1018
    $c = array('audio' => 1, 'canvas' => 1, 'caption' => 1, 'dd' => 1, 'dt' => 1, 'figcaption' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'isindex' => 1, 'label' => 1, 'legend' => 1, 'li' => 1, 'object' => 1, 'p' => 1, 'pre' => 1, 'style' => 1, 'summary' => 1, 'td' => 1, 'textarea' => 1, 'th' => 1, 'video' => 1);
1019
    $d = array('address' => 1, 'article' => 1, 'aside' => 1, 'blockquote' => 1, 'center' => 1, 'colgroup' => 1, 'datalist' => 1, 'details' => 1, 'dir' => 1, 'div' => 1, 'dl' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'form' => 1, 'header' => 1, 'hgroup' => 1, 'hr' => 1, 'iframe' => 1, 'main' => 1, 'map' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'ol' => 1, 'optgroup' => 1, 'rbc' => 1, 'rtc' => 1, 'ruby' => 1, 'script' => 1, 'section' => 1, 'select' => 1, 'table' => 1, 'tbody' => 1, 'tfoot' => 1, 'thead' => 1, 'tr' => 1, 'ul' => 1);
1020
    $T = explode('<', $t);
1021
    $X = 1;
1022
    while ($X) {
1023
        $n = $N;
1024
        $t = $T;
1025
        ob_start();
1026
        if (isset($d[$p])) {
1027
            echo str_repeat($s, ++$n);
1028
        }
1029
        echo ltrim(array_shift($t));
1030
        for ($i = -1, $j = count($t); ++$i < $j;) {
1031
            $r = '';
1032
            list($e, $r) = explode('>', $t[$i]);
1033
            $x = $e[0] == '/' ? 0 : (substr($e, -1) == '/' ? 1 : ($e[0] != '!' ? 2 : -1));
1034
            $y = !$x ? ltrim($e, '/') : ($x > 0 ? substr($e, 0, strcspn($e, ' ')) : 0);
1035
            $e = "<$e>";
1036
            if (isset($d[$y])) {
1037
                if (!$x) {
1038
                    if ($n) {
1039
                        echo "\n", str_repeat($s, --$n), "$e\n", str_repeat($s, $n);
1040
                    } else {
1041
                        ++$N;
1042
                        ob_end_clean();
1043
                        continue 2;
1044
                    }
1045
                } else {
1046
                    echo "\n", str_repeat($s, $n), "$e\n", str_repeat($s, ($x != 1 ? ++$n : $n));
1047
                }
1048
                echo $r;
1049
                continue;
1050
            }
1051
            $f = "\n".str_repeat($s, $n);
1052
            if (isset($c[$y])) {
1053
                if (!$x) {
1054
                    echo $e, $f, $r;
1055
                } else {
1056
                    echo $f, $e, $r;
1057
                }
1058
            } elseif (isset($b[$y])) {
1059
                echo $f, $e, $r;
1060
            } elseif (isset($a[$y])) {
1061
                echo $e, $f, $r;
1062
            } elseif (!$y) {
1063
                echo $f, $e, $f, $r;
1064
            } else {
1065
                echo $e, $r;
1066
            }
1067
        }
1068
        $X = 0;
1069
    }
1070
    $t = str_replace(array("\n ", " \n"), "\n", preg_replace('`[\n]\s*?[\n]+`', "\n", ob_get_contents()));
1071
    ob_end_clean();
1072
    if (($l = strpos(" $w", 'r') ? (strpos(" $w", 'n') ? "\r\n" : "\r") : 0)) {
1073
        $t = str_replace("\n", $l, $t);
1074
    }
1075
    return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t);
1076 1
}
1077
1078
function hl_version() {
1079
// version
1080
    return '1.2';
1081
}
1082