xpressengine /
xe-core
@@ -8,37 +8,37 @@ |
||
| 8 | 8 | */ |
| 9 | 9 | class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform |
| 10 | 10 | { |
| 11 | - private $parser; |
|
| 11 | + private $parser; |
|
| 12 | 12 | |
| 13 | - public function __construct() { |
|
| 14 | - $this->parser = new HTMLPurifier_URIParser(); |
|
| 15 | - } |
|
| 13 | + public function __construct() { |
|
| 14 | + $this->parser = new HTMLPurifier_URIParser(); |
|
| 15 | + } |
|
| 16 | 16 | |
| 17 | - public function transform($attr, $config, $context) { |
|
| 17 | + public function transform($attr, $config, $context) { |
|
| 18 | 18 | |
| 19 | - if (!isset($attr['href'])) { |
|
| 20 | - return $attr; |
|
| 21 | - } |
|
| 19 | + if (!isset($attr['href'])) { |
|
| 20 | + return $attr; |
|
| 21 | + } |
|
| 22 | 22 | |
| 23 | - // XXX Kind of inefficient |
|
| 24 | - $url = $this->parser->parse($attr['href']); |
|
| 25 | - $scheme = $url->getSchemeObj($config, $context); |
|
| 23 | + // XXX Kind of inefficient |
|
| 24 | + $url = $this->parser->parse($attr['href']); |
|
| 25 | + $scheme = $url->getSchemeObj($config, $context); |
|
| 26 | 26 | |
| 27 | - if ($scheme->browsable && !$url->isLocal($config, $context)) { |
|
| 28 | - if (isset($attr['rel'])) { |
|
| 29 | - $rels = explode(' ', $attr); |
|
| 30 | - if (!in_array('nofollow', $rels)) { |
|
| 31 | - $rels[] = 'nofollow'; |
|
| 32 | - } |
|
| 33 | - $attr['rel'] = implode(' ', $rels); |
|
| 34 | - } else { |
|
| 35 | - $attr['rel'] = 'nofollow'; |
|
| 36 | - } |
|
| 37 | - } |
|
| 27 | + if ($scheme->browsable && !$url->isLocal($config, $context)) { |
|
| 28 | + if (isset($attr['rel'])) { |
|
| 29 | + $rels = explode(' ', $attr); |
|
| 30 | + if (!in_array('nofollow', $rels)) { |
|
| 31 | + $rels[] = 'nofollow'; |
|
| 32 | + } |
|
| 33 | + $attr['rel'] = implode(' ', $rels); |
|
| 34 | + } else { |
|
| 35 | + $attr['rel'] = 'nofollow'; |
|
| 36 | + } |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - return $attr; |
|
| 39 | + return $attr; |
|
| 40 | 40 | |
| 41 | - } |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | 43 | } |
| 44 | 44 | |
@@ -2,14 +2,14 @@ |
||
| 2 | 2 | |
| 3 | 3 | class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform |
| 4 | 4 | { |
| 5 | - public $name = "SafeEmbed"; |
|
| 5 | + public $name = "SafeEmbed"; |
|
| 6 | 6 | |
| 7 | - public function transform($attr, $config, $context) { |
|
| 8 | - $attr['allowscriptaccess'] = 'never'; |
|
| 9 | - $attr['allownetworking'] = 'internal'; |
|
| 10 | - $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | - return $attr; |
|
| 12 | - } |
|
| 7 | + public function transform($attr, $config, $context) { |
|
| 8 | + $attr['allowscriptaccess'] = 'never'; |
|
| 9 | + $attr['allownetworking'] = 'internal'; |
|
| 10 | + $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | + return $attr; |
|
| 12 | + } |
|
| 13 | 13 | } |
| 14 | 14 | |
| 15 | 15 | // vim: et sw=4 sts=4 |
@@ -5,12 +5,12 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | - public $name = "SafeObject"; |
|
| 8 | + public $name = "SafeObject"; |
|
| 9 | 9 | |
| 10 | - function transform($attr, $config, $context) { |
|
| 11 | - if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 12 | - return $attr; |
|
| 13 | - } |
|
| 10 | + function transform($attr, $config, $context) { |
|
| 11 | + if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 12 | + return $attr; |
|
| 13 | + } |
|
| 14 | 14 | } |
| 15 | 15 | |
| 16 | 16 | // vim: et sw=4 sts=4 |
@@ -8,7 +8,9 @@ |
||
| 8 | 8 | public $name = "SafeObject"; |
| 9 | 9 | |
| 10 | 10 | function transform($attr, $config, $context) { |
| 11 | - if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | + if (!isset($attr['type'])) { |
|
| 12 | + $attr['type'] = 'application/x-shockwave-flash'; |
|
| 13 | + } |
|
| 12 | 14 | return $attr; |
| 13 | 15 | } |
| 14 | 16 | } |
@@ -14,51 +14,51 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform |
| 16 | 16 | { |
| 17 | - public $name = "SafeParam"; |
|
| 18 | - private $uri; |
|
| 17 | + public $name = "SafeParam"; |
|
| 18 | + private $uri; |
|
| 19 | 19 | |
| 20 | - public function __construct() { |
|
| 21 | - $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded |
|
| 22 | - $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); |
|
| 23 | - } |
|
| 20 | + public function __construct() { |
|
| 21 | + $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded |
|
| 22 | + $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); |
|
| 23 | + } |
|
| 24 | 24 | |
| 25 | - public function transform($attr, $config, $context) { |
|
| 26 | - // If we add support for other objects, we'll need to alter the |
|
| 27 | - // transforms. |
|
| 28 | - switch ($attr['name']) { |
|
| 29 | - // application/x-shockwave-flash |
|
| 30 | - // Keep this synchronized with Injector/SafeObject.php |
|
| 31 | - case 'allowScriptAccess': |
|
| 32 | - $attr['value'] = 'never'; |
|
| 33 | - break; |
|
| 34 | - case 'allowNetworking': |
|
| 35 | - $attr['value'] = 'internal'; |
|
| 36 | - break; |
|
| 37 | - case 'allowFullScreen': |
|
| 38 | - if ($config->get('HTML.FlashAllowFullScreen')) { |
|
| 39 | - $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; |
|
| 40 | - } else { |
|
| 41 | - $attr['value'] = 'false'; |
|
| 42 | - } |
|
| 43 | - break; |
|
| 44 | - case 'wmode': |
|
| 45 | - $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); |
|
| 46 | - break; |
|
| 47 | - case 'movie': |
|
| 48 | - case 'src': |
|
| 49 | - $attr['name'] = "movie"; |
|
| 50 | - $attr['value'] = $this->uri->validate($attr['value'], $config, $context); |
|
| 51 | - break; |
|
| 52 | - case 'flashvars': |
|
| 53 | - // we're going to allow arbitrary inputs to the SWF, on |
|
| 54 | - // the reasoning that it could only hack the SWF, not us. |
|
| 55 | - break; |
|
| 56 | - // add other cases to support other param name/value pairs |
|
| 57 | - default: |
|
| 58 | - $attr['name'] = $attr['value'] = null; |
|
| 59 | - } |
|
| 60 | - return $attr; |
|
| 61 | - } |
|
| 25 | + public function transform($attr, $config, $context) { |
|
| 26 | + // If we add support for other objects, we'll need to alter the |
|
| 27 | + // transforms. |
|
| 28 | + switch ($attr['name']) { |
|
| 29 | + // application/x-shockwave-flash |
|
| 30 | + // Keep this synchronized with Injector/SafeObject.php |
|
| 31 | + case 'allowScriptAccess': |
|
| 32 | + $attr['value'] = 'never'; |
|
| 33 | + break; |
|
| 34 | + case 'allowNetworking': |
|
| 35 | + $attr['value'] = 'internal'; |
|
| 36 | + break; |
|
| 37 | + case 'allowFullScreen': |
|
| 38 | + if ($config->get('HTML.FlashAllowFullScreen')) { |
|
| 39 | + $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; |
|
| 40 | + } else { |
|
| 41 | + $attr['value'] = 'false'; |
|
| 42 | + } |
|
| 43 | + break; |
|
| 44 | + case 'wmode': |
|
| 45 | + $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); |
|
| 46 | + break; |
|
| 47 | + case 'movie': |
|
| 48 | + case 'src': |
|
| 49 | + $attr['name'] = "movie"; |
|
| 50 | + $attr['value'] = $this->uri->validate($attr['value'], $config, $context); |
|
| 51 | + break; |
|
| 52 | + case 'flashvars': |
|
| 53 | + // we're going to allow arbitrary inputs to the SWF, on |
|
| 54 | + // the reasoning that it could only hack the SWF, not us. |
|
| 55 | + break; |
|
| 56 | + // add other cases to support other param name/value pairs |
|
| 57 | + default: |
|
| 58 | + $attr['name'] = $attr['value'] = null; |
|
| 59 | + } |
|
| 60 | + return $attr; |
|
| 61 | + } |
|
| 62 | 62 | } |
| 63 | 63 | |
| 64 | 64 | // vim: et sw=4 sts=4 |
@@ -5,12 +5,12 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | - public function transform($attr, $config, $context) { |
|
| 9 | - if (!isset($attr['type'])) { |
|
| 10 | - $attr['type'] = 'text/javascript'; |
|
| 11 | - } |
|
| 12 | - return $attr; |
|
| 13 | - } |
|
| 8 | + public function transform($attr, $config, $context) { |
|
| 9 | + if (!isset($attr['type'])) { |
|
| 10 | + $attr['type'] = 'text/javascript'; |
|
| 11 | + } |
|
| 12 | + return $attr; |
|
| 13 | + } |
|
| 14 | 14 | } |
| 15 | 15 | |
| 16 | 16 | // vim: et sw=4 sts=4 |
@@ -9,29 +9,29 @@ |
||
| 9 | 9 | */ |
| 10 | 10 | class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform |
| 11 | 11 | { |
| 12 | - private $parser; |
|
| 12 | + private $parser; |
|
| 13 | 13 | |
| 14 | - public function __construct() { |
|
| 15 | - $this->parser = new HTMLPurifier_URIParser(); |
|
| 16 | - } |
|
| 14 | + public function __construct() { |
|
| 15 | + $this->parser = new HTMLPurifier_URIParser(); |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function transform($attr, $config, $context) { |
|
| 18 | + public function transform($attr, $config, $context) { |
|
| 19 | 19 | |
| 20 | - if (!isset($attr['href'])) { |
|
| 21 | - return $attr; |
|
| 22 | - } |
|
| 20 | + if (!isset($attr['href'])) { |
|
| 21 | + return $attr; |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - // XXX Kind of inefficient |
|
| 25 | - $url = $this->parser->parse($attr['href']); |
|
| 26 | - $scheme = $url->getSchemeObj($config, $context); |
|
| 24 | + // XXX Kind of inefficient |
|
| 25 | + $url = $this->parser->parse($attr['href']); |
|
| 26 | + $scheme = $url->getSchemeObj($config, $context); |
|
| 27 | 27 | |
| 28 | - if ($scheme->browsable && !$url->isBenign($config, $context)) { |
|
| 29 | - $attr['target'] = 'blank'; |
|
| 30 | - } |
|
| 28 | + if ($scheme->browsable && !$url->isBenign($config, $context)) { |
|
| 29 | + $attr['target'] = 'blank'; |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | - return $attr; |
|
| 32 | + return $attr; |
|
| 33 | 33 | |
| 34 | - } |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -6,12 +6,12 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public function transform($attr, $config, $context) { |
|
| 10 | - // Calculated from Firefox |
|
| 11 | - if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | - if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 13 | - return $attr; |
|
| 14 | - } |
|
| 9 | + public function transform($attr, $config, $context) { |
|
| 10 | + // Calculated from Firefox |
|
| 11 | + if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | + if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 13 | + return $attr; |
|
| 14 | + } |
|
| 15 | 15 | |
| 16 | 16 | } |
| 17 | 17 | |
@@ -8,8 +8,12 @@ |
||
| 8 | 8 | |
| 9 | 9 | public function transform($attr, $config, $context) { |
| 10 | 10 | // Calculated from Firefox |
| 11 | - if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | - if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 11 | + if (!isset($attr['cols'])) { |
|
| 12 | + $attr['cols'] = '22'; |
|
| 13 | + } |
|
| 14 | + if (!isset($attr['rows'])) { |
|
| 15 | + $attr['rows'] = '3'; |
|
| 16 | + } |
|
| 13 | 17 | return $attr; |
| 14 | 18 | } |
| 15 | 19 | |
@@ -5,87 +5,87 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTypes |
| 7 | 7 | { |
| 8 | - /** |
|
| 9 | - * Lookup array of attribute string identifiers to concrete implementations |
|
| 10 | - */ |
|
| 11 | - protected $info = array(); |
|
| 8 | + /** |
|
| 9 | + * Lookup array of attribute string identifiers to concrete implementations |
|
| 10 | + */ |
|
| 11 | + protected $info = array(); |
|
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * Constructs the info array, supplying default implementations for attribute |
|
| 15 | - * types. |
|
| 16 | - */ |
|
| 17 | - public function __construct() { |
|
| 18 | - // XXX This is kind of poor, since we don't actually /clone/ |
|
| 19 | - // instances; instead, we use the supplied make() attribute. So, |
|
| 20 | - // the underlying class must know how to deal with arguments. |
|
| 21 | - // With the old implementation of Enum, that ignored its |
|
| 22 | - // arguments when handling a make dispatch, the IAlign |
|
| 23 | - // definition wouldn't work. |
|
| 13 | + /** |
|
| 14 | + * Constructs the info array, supplying default implementations for attribute |
|
| 15 | + * types. |
|
| 16 | + */ |
|
| 17 | + public function __construct() { |
|
| 18 | + // XXX This is kind of poor, since we don't actually /clone/ |
|
| 19 | + // instances; instead, we use the supplied make() attribute. So, |
|
| 20 | + // the underlying class must know how to deal with arguments. |
|
| 21 | + // With the old implementation of Enum, that ignored its |
|
| 22 | + // arguments when handling a make dispatch, the IAlign |
|
| 23 | + // definition wouldn't work. |
|
| 24 | 24 | |
| 25 | - // pseudo-types, must be instantiated via shorthand |
|
| 26 | - $this->info['Enum'] = new HTMLPurifier_AttrDef_Enum(); |
|
| 27 | - $this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool(); |
|
| 25 | + // pseudo-types, must be instantiated via shorthand |
|
| 26 | + $this->info['Enum'] = new HTMLPurifier_AttrDef_Enum(); |
|
| 27 | + $this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool(); |
|
| 28 | 28 | |
| 29 | - $this->info['CDATA'] = new HTMLPurifier_AttrDef_Text(); |
|
| 30 | - $this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID(); |
|
| 31 | - $this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length(); |
|
| 32 | - $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength(); |
|
| 33 | - $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens(); |
|
| 34 | - $this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels(); |
|
| 35 | - $this->info['Text'] = new HTMLPurifier_AttrDef_Text(); |
|
| 36 | - $this->info['URI'] = new HTMLPurifier_AttrDef_URI(); |
|
| 37 | - $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang(); |
|
| 38 | - $this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color(); |
|
| 39 | - $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); |
|
| 40 | - $this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); |
|
| 41 | - $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); |
|
| 29 | + $this->info['CDATA'] = new HTMLPurifier_AttrDef_Text(); |
|
| 30 | + $this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID(); |
|
| 31 | + $this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length(); |
|
| 32 | + $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength(); |
|
| 33 | + $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens(); |
|
| 34 | + $this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels(); |
|
| 35 | + $this->info['Text'] = new HTMLPurifier_AttrDef_Text(); |
|
| 36 | + $this->info['URI'] = new HTMLPurifier_AttrDef_URI(); |
|
| 37 | + $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang(); |
|
| 38 | + $this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color(); |
|
| 39 | + $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); |
|
| 40 | + $this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); |
|
| 41 | + $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); |
|
| 42 | 42 | |
| 43 | - // unimplemented aliases |
|
| 44 | - $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); |
|
| 45 | - $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text(); |
|
| 46 | - $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text(); |
|
| 47 | - $this->info['Character'] = new HTMLPurifier_AttrDef_Text(); |
|
| 43 | + // unimplemented aliases |
|
| 44 | + $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); |
|
| 45 | + $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text(); |
|
| 46 | + $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text(); |
|
| 47 | + $this->info['Character'] = new HTMLPurifier_AttrDef_Text(); |
|
| 48 | 48 | |
| 49 | - // "proprietary" types |
|
| 50 | - $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class(); |
|
| 49 | + // "proprietary" types |
|
| 50 | + $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class(); |
|
| 51 | 51 | |
| 52 | - // number is really a positive integer (one or more digits) |
|
| 53 | - // FIXME: ^^ not always, see start and value of list items |
|
| 54 | - $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | - } |
|
| 52 | + // number is really a positive integer (one or more digits) |
|
| 53 | + // FIXME: ^^ not always, see start and value of list items |
|
| 54 | + $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - private static function makeEnum($in) { |
|
| 58 | - return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); |
|
| 59 | - } |
|
| 57 | + private static function makeEnum($in) { |
|
| 58 | + return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - /** |
|
| 62 | - * Retrieves a type |
|
| 63 | - * @param $type String type name |
|
| 64 | - * @return Object AttrDef for type |
|
| 65 | - */ |
|
| 66 | - public function get($type) { |
|
| 61 | + /** |
|
| 62 | + * Retrieves a type |
|
| 63 | + * @param $type String type name |
|
| 64 | + * @return Object AttrDef for type |
|
| 65 | + */ |
|
| 66 | + public function get($type) { |
|
| 67 | 67 | |
| 68 | - // determine if there is any extra info tacked on |
|
| 69 | - if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | - else $string = ''; |
|
| 68 | + // determine if there is any extra info tacked on |
|
| 69 | + if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | + else $string = ''; |
|
| 71 | 71 | |
| 72 | - if (!isset($this->info[$type])) { |
|
| 73 | - trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
|
| 74 | - return; |
|
| 75 | - } |
|
| 72 | + if (!isset($this->info[$type])) { |
|
| 73 | + trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
|
| 74 | + return; |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - return $this->info[$type]->make($string); |
|
| 77 | + return $this->info[$type]->make($string); |
|
| 78 | 78 | |
| 79 | - } |
|
| 79 | + } |
|
| 80 | 80 | |
| 81 | - /** |
|
| 82 | - * Sets a new implementation for a type |
|
| 83 | - * @param $type String type name |
|
| 84 | - * @param $impl Object AttrDef for type |
|
| 85 | - */ |
|
| 86 | - public function set($type, $impl) { |
|
| 87 | - $this->info[$type] = $impl; |
|
| 88 | - } |
|
| 81 | + /** |
|
| 82 | + * Sets a new implementation for a type |
|
| 83 | + * @param $type String type name |
|
| 84 | + * @param $impl Object AttrDef for type |
|
| 85 | + */ |
|
| 86 | + public function set($type, $impl) { |
|
| 87 | + $this->info[$type] = $impl; |
|
| 88 | + } |
|
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | // vim: et sw=4 sts=4 |
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | |
| 52 | 52 | // number is really a positive integer (one or more digits) |
| 53 | 53 | // FIXME: ^^ not always, see start and value of list items |
| 54 | - $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 54 | + $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | 55 | } |
| 56 | 56 | |
| 57 | 57 | private static function makeEnum($in) { |
@@ -66,8 +66,11 @@ |
||
| 66 | 66 | public function get($type) { |
| 67 | 67 | |
| 68 | 68 | // determine if there is any extra info tacked on |
| 69 | - if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | - else $string = ''; |
|
| 69 | + if (strpos($type, '#') !== false) { |
|
| 70 | + list($type, $string) = explode('#', $type, 2); |
|
| 71 | + } else { |
|
| 72 | + $string = ''; |
|
| 73 | + } |
|
| 71 | 74 | |
| 72 | 75 | if (!isset($this->info[$type])) { |
| 73 | 76 | trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
@@ -8,153 +8,153 @@ |
||
| 8 | 8 | class HTMLPurifier_AttrValidator |
| 9 | 9 | { |
| 10 | 10 | |
| 11 | - /** |
|
| 12 | - * Validates the attributes of a token, returning a modified token |
|
| 13 | - * that has valid tokens |
|
| 14 | - * @param $token Reference to token to validate. We require a reference |
|
| 15 | - * because the operation this class performs on the token are |
|
| 16 | - * not atomic, so the context CurrentToken to be updated |
|
| 17 | - * throughout |
|
| 18 | - * @param $config Instance of HTMLPurifier_Config |
|
| 19 | - * @param $context Instance of HTMLPurifier_Context |
|
| 20 | - */ |
|
| 21 | - public function validateToken(&$token, &$config, $context) { |
|
| 22 | - |
|
| 23 | - $definition = $config->getHTMLDefinition(); |
|
| 24 | - $e =& $context->get('ErrorCollector', true); |
|
| 25 | - |
|
| 26 | - // initialize IDAccumulator if necessary |
|
| 27 | - $ok =& $context->get('IDAccumulator', true); |
|
| 28 | - if (!$ok) { |
|
| 29 | - $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 30 | - $context->register('IDAccumulator', $id_accumulator); |
|
| 31 | - } |
|
| 32 | - |
|
| 33 | - // initialize CurrentToken if necessary |
|
| 34 | - $current_token =& $context->get('CurrentToken', true); |
|
| 35 | - if (!$current_token) $context->register('CurrentToken', $token); |
|
| 36 | - |
|
| 37 | - if ( |
|
| 38 | - !$token instanceof HTMLPurifier_Token_Start && |
|
| 39 | - !$token instanceof HTMLPurifier_Token_Empty |
|
| 40 | - ) return $token; |
|
| 41 | - |
|
| 42 | - // create alias to global definition array, see also $defs |
|
| 43 | - // DEFINITION CALL |
|
| 44 | - $d_defs = $definition->info_global_attr; |
|
| 45 | - |
|
| 46 | - // don't update token until the very end, to ensure an atomic update |
|
| 47 | - $attr = $token->attr; |
|
| 48 | - |
|
| 49 | - // do global transformations (pre) |
|
| 50 | - // nothing currently utilizes this |
|
| 51 | - foreach ($definition->info_attr_transform_pre as $transform) { |
|
| 52 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 53 | - if ($e) { |
|
| 54 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 55 | - } |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - // do local transformations only applicable to this element (pre) |
|
| 59 | - // ex. <p align="right"> to <p style="text-align:right;"> |
|
| 60 | - foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
|
| 61 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 62 | - if ($e) { |
|
| 63 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 64 | - } |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - // create alias to this element's attribute definition array, see |
|
| 68 | - // also $d_defs (global attribute definition array) |
|
| 69 | - // DEFINITION CALL |
|
| 70 | - $defs = $definition->info[$token->name]->attr; |
|
| 71 | - |
|
| 72 | - $attr_key = false; |
|
| 73 | - $context->register('CurrentAttr', $attr_key); |
|
| 74 | - |
|
| 75 | - // iterate through all the attribute keypairs |
|
| 76 | - // Watch out for name collisions: $key has previously been used |
|
| 77 | - foreach ($attr as $attr_key => $value) { |
|
| 78 | - |
|
| 79 | - // call the definition |
|
| 80 | - if ( isset($defs[$attr_key]) ) { |
|
| 81 | - // there is a local definition defined |
|
| 82 | - if ($defs[$attr_key] === false) { |
|
| 83 | - // We've explicitly been told not to allow this element. |
|
| 84 | - // This is usually when there's a global definition |
|
| 85 | - // that must be overridden. |
|
| 86 | - // Theoretically speaking, we could have a |
|
| 87 | - // AttrDef_DenyAll, but this is faster! |
|
| 88 | - $result = false; |
|
| 89 | - } else { |
|
| 90 | - // validate according to the element's definition |
|
| 91 | - $result = $defs[$attr_key]->validate( |
|
| 92 | - $value, $config, $context |
|
| 93 | - ); |
|
| 94 | - } |
|
| 95 | - } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 96 | - // there is a global definition defined, validate according |
|
| 97 | - // to the global definition |
|
| 98 | - $result = $d_defs[$attr_key]->validate( |
|
| 99 | - $value, $config, $context |
|
| 100 | - ); |
|
| 101 | - } else { |
|
| 102 | - // system never heard of the attribute? DELETE! |
|
| 103 | - $result = false; |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - // put the results into effect |
|
| 107 | - if ($result === false || $result === null) { |
|
| 108 | - // this is a generic error message that should replaced |
|
| 109 | - // with more specific ones when possible |
|
| 110 | - if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 111 | - |
|
| 112 | - // remove the attribute |
|
| 113 | - unset($attr[$attr_key]); |
|
| 114 | - } elseif (is_string($result)) { |
|
| 115 | - // generally, if a substitution is happening, there |
|
| 116 | - // was some sort of implicit correction going on. We'll |
|
| 117 | - // delegate it to the attribute classes to say exactly what. |
|
| 118 | - |
|
| 119 | - // simple substitution |
|
| 120 | - $attr[$attr_key] = $result; |
|
| 121 | - } else { |
|
| 122 | - // nothing happens |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - // we'd also want slightly more complicated substitution |
|
| 126 | - // involving an array as the return value, |
|
| 127 | - // although we're not sure how colliding attributes would |
|
| 128 | - // resolve (certain ones would be completely overriden, |
|
| 129 | - // others would prepend themselves). |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - $context->destroy('CurrentAttr'); |
|
| 133 | - |
|
| 134 | - // post transforms |
|
| 135 | - |
|
| 136 | - // global (error reporting untested) |
|
| 137 | - foreach ($definition->info_attr_transform_post as $transform) { |
|
| 138 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 139 | - if ($e) { |
|
| 140 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 141 | - } |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - // local (error reporting untested) |
|
| 145 | - foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
|
| 146 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 147 | - if ($e) { |
|
| 148 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 149 | - } |
|
| 150 | - } |
|
| 151 | - |
|
| 152 | - $token->attr = $attr; |
|
| 153 | - |
|
| 154 | - // destroy CurrentToken if we made it ourselves |
|
| 155 | - if (!$current_token) $context->destroy('CurrentToken'); |
|
| 156 | - |
|
| 157 | - } |
|
| 11 | + /** |
|
| 12 | + * Validates the attributes of a token, returning a modified token |
|
| 13 | + * that has valid tokens |
|
| 14 | + * @param $token Reference to token to validate. We require a reference |
|
| 15 | + * because the operation this class performs on the token are |
|
| 16 | + * not atomic, so the context CurrentToken to be updated |
|
| 17 | + * throughout |
|
| 18 | + * @param $config Instance of HTMLPurifier_Config |
|
| 19 | + * @param $context Instance of HTMLPurifier_Context |
|
| 20 | + */ |
|
| 21 | + public function validateToken(&$token, &$config, $context) { |
|
| 22 | + |
|
| 23 | + $definition = $config->getHTMLDefinition(); |
|
| 24 | + $e =& $context->get('ErrorCollector', true); |
|
| 25 | + |
|
| 26 | + // initialize IDAccumulator if necessary |
|
| 27 | + $ok =& $context->get('IDAccumulator', true); |
|
| 28 | + if (!$ok) { |
|
| 29 | + $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 30 | + $context->register('IDAccumulator', $id_accumulator); |
|
| 31 | + } |
|
| 32 | + |
|
| 33 | + // initialize CurrentToken if necessary |
|
| 34 | + $current_token =& $context->get('CurrentToken', true); |
|
| 35 | + if (!$current_token) $context->register('CurrentToken', $token); |
|
| 36 | + |
|
| 37 | + if ( |
|
| 38 | + !$token instanceof HTMLPurifier_Token_Start && |
|
| 39 | + !$token instanceof HTMLPurifier_Token_Empty |
|
| 40 | + ) return $token; |
|
| 41 | + |
|
| 42 | + // create alias to global definition array, see also $defs |
|
| 43 | + // DEFINITION CALL |
|
| 44 | + $d_defs = $definition->info_global_attr; |
|
| 45 | + |
|
| 46 | + // don't update token until the very end, to ensure an atomic update |
|
| 47 | + $attr = $token->attr; |
|
| 48 | + |
|
| 49 | + // do global transformations (pre) |
|
| 50 | + // nothing currently utilizes this |
|
| 51 | + foreach ($definition->info_attr_transform_pre as $transform) { |
|
| 52 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 53 | + if ($e) { |
|
| 54 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 55 | + } |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + // do local transformations only applicable to this element (pre) |
|
| 59 | + // ex. <p align="right"> to <p style="text-align:right;"> |
|
| 60 | + foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
|
| 61 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 62 | + if ($e) { |
|
| 63 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 64 | + } |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + // create alias to this element's attribute definition array, see |
|
| 68 | + // also $d_defs (global attribute definition array) |
|
| 69 | + // DEFINITION CALL |
|
| 70 | + $defs = $definition->info[$token->name]->attr; |
|
| 71 | + |
|
| 72 | + $attr_key = false; |
|
| 73 | + $context->register('CurrentAttr', $attr_key); |
|
| 74 | + |
|
| 75 | + // iterate through all the attribute keypairs |
|
| 76 | + // Watch out for name collisions: $key has previously been used |
|
| 77 | + foreach ($attr as $attr_key => $value) { |
|
| 78 | + |
|
| 79 | + // call the definition |
|
| 80 | + if ( isset($defs[$attr_key]) ) { |
|
| 81 | + // there is a local definition defined |
|
| 82 | + if ($defs[$attr_key] === false) { |
|
| 83 | + // We've explicitly been told not to allow this element. |
|
| 84 | + // This is usually when there's a global definition |
|
| 85 | + // that must be overridden. |
|
| 86 | + // Theoretically speaking, we could have a |
|
| 87 | + // AttrDef_DenyAll, but this is faster! |
|
| 88 | + $result = false; |
|
| 89 | + } else { |
|
| 90 | + // validate according to the element's definition |
|
| 91 | + $result = $defs[$attr_key]->validate( |
|
| 92 | + $value, $config, $context |
|
| 93 | + ); |
|
| 94 | + } |
|
| 95 | + } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 96 | + // there is a global definition defined, validate according |
|
| 97 | + // to the global definition |
|
| 98 | + $result = $d_defs[$attr_key]->validate( |
|
| 99 | + $value, $config, $context |
|
| 100 | + ); |
|
| 101 | + } else { |
|
| 102 | + // system never heard of the attribute? DELETE! |
|
| 103 | + $result = false; |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + // put the results into effect |
|
| 107 | + if ($result === false || $result === null) { |
|
| 108 | + // this is a generic error message that should replaced |
|
| 109 | + // with more specific ones when possible |
|
| 110 | + if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 111 | + |
|
| 112 | + // remove the attribute |
|
| 113 | + unset($attr[$attr_key]); |
|
| 114 | + } elseif (is_string($result)) { |
|
| 115 | + // generally, if a substitution is happening, there |
|
| 116 | + // was some sort of implicit correction going on. We'll |
|
| 117 | + // delegate it to the attribute classes to say exactly what. |
|
| 118 | + |
|
| 119 | + // simple substitution |
|
| 120 | + $attr[$attr_key] = $result; |
|
| 121 | + } else { |
|
| 122 | + // nothing happens |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + // we'd also want slightly more complicated substitution |
|
| 126 | + // involving an array as the return value, |
|
| 127 | + // although we're not sure how colliding attributes would |
|
| 128 | + // resolve (certain ones would be completely overriden, |
|
| 129 | + // others would prepend themselves). |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + $context->destroy('CurrentAttr'); |
|
| 133 | + |
|
| 134 | + // post transforms |
|
| 135 | + |
|
| 136 | + // global (error reporting untested) |
|
| 137 | + foreach ($definition->info_attr_transform_post as $transform) { |
|
| 138 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 139 | + if ($e) { |
|
| 140 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 141 | + } |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + // local (error reporting untested) |
|
| 145 | + foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
|
| 146 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 147 | + if ($e) { |
|
| 148 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 149 | + } |
|
| 150 | + } |
|
| 151 | + |
|
| 152 | + $token->attr = $attr; |
|
| 153 | + |
|
| 154 | + // destroy CurrentToken if we made it ourselves |
|
| 155 | + if (!$current_token) $context->destroy('CurrentToken'); |
|
| 156 | + |
|
| 157 | + } |
|
| 158 | 158 | |
| 159 | 159 | |
| 160 | 160 | } |
@@ -21,17 +21,17 @@ discard block |
||
| 21 | 21 | public function validateToken(&$token, &$config, $context) { |
| 22 | 22 | |
| 23 | 23 | $definition = $config->getHTMLDefinition(); |
| 24 | - $e =& $context->get('ErrorCollector', true); |
|
| 24 | + $e = & $context->get('ErrorCollector', true); |
|
| 25 | 25 | |
| 26 | 26 | // initialize IDAccumulator if necessary |
| 27 | - $ok =& $context->get('IDAccumulator', true); |
|
| 27 | + $ok = & $context->get('IDAccumulator', true); |
|
| 28 | 28 | if (!$ok) { |
| 29 | 29 | $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
| 30 | 30 | $context->register('IDAccumulator', $id_accumulator); |
| 31 | 31 | } |
| 32 | 32 | |
| 33 | 33 | // initialize CurrentToken if necessary |
| 34 | - $current_token =& $context->get('CurrentToken', true); |
|
| 34 | + $current_token = & $context->get('CurrentToken', true); |
|
| 35 | 35 | if (!$current_token) $context->register('CurrentToken', $token); |
| 36 | 36 | |
| 37 | 37 | if ( |
@@ -77,7 +77,7 @@ discard block |
||
| 77 | 77 | foreach ($attr as $attr_key => $value) { |
| 78 | 78 | |
| 79 | 79 | // call the definition |
| 80 | - if ( isset($defs[$attr_key]) ) { |
|
| 80 | + if (isset($defs[$attr_key])) { |
|
| 81 | 81 | // there is a local definition defined |
| 82 | 82 | if ($defs[$attr_key] === false) { |
| 83 | 83 | // We've explicitly been told not to allow this element. |
@@ -92,7 +92,7 @@ discard block |
||
| 92 | 92 | $value, $config, $context |
| 93 | 93 | ); |
| 94 | 94 | } |
| 95 | - } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 95 | + } elseif (isset($d_defs[$attr_key])) { |
|
| 96 | 96 | // there is a global definition defined, validate according |
| 97 | 97 | // to the global definition |
| 98 | 98 | $result = $d_defs[$attr_key]->validate( |
@@ -32,12 +32,16 @@ discard block |
||
| 32 | 32 | |
| 33 | 33 | // initialize CurrentToken if necessary |
| 34 | 34 | $current_token =& $context->get('CurrentToken', true); |
| 35 | - if (!$current_token) $context->register('CurrentToken', $token); |
|
| 35 | + if (!$current_token) { |
|
| 36 | + $context->register('CurrentToken', $token); |
|
| 37 | + } |
|
| 36 | 38 | |
| 37 | 39 | if ( |
| 38 | 40 | !$token instanceof HTMLPurifier_Token_Start && |
| 39 | 41 | !$token instanceof HTMLPurifier_Token_Empty |
| 40 | - ) return $token; |
|
| 42 | + ) { |
|
| 43 | + return $token; |
|
| 44 | + } |
|
| 41 | 45 | |
| 42 | 46 | // create alias to global definition array, see also $defs |
| 43 | 47 | // DEFINITION CALL |
@@ -51,7 +55,9 @@ discard block |
||
| 51 | 55 | foreach ($definition->info_attr_transform_pre as $transform) { |
| 52 | 56 | $attr = $transform->transform($o = $attr, $config, $context); |
| 53 | 57 | if ($e) { |
| 54 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 58 | + if ($attr != $o) { |
|
| 59 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 60 | + } |
|
| 55 | 61 | } |
| 56 | 62 | } |
| 57 | 63 | |
@@ -60,7 +66,9 @@ discard block |
||
| 60 | 66 | foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
| 61 | 67 | $attr = $transform->transform($o = $attr, $config, $context); |
| 62 | 68 | if ($e) { |
| 63 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 69 | + if ($attr != $o) { |
|
| 70 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 71 | + } |
|
| 64 | 72 | } |
| 65 | 73 | } |
| 66 | 74 | |
@@ -107,7 +115,9 @@ discard block |
||
| 107 | 115 | if ($result === false || $result === null) { |
| 108 | 116 | // this is a generic error message that should replaced |
| 109 | 117 | // with more specific ones when possible |
| 110 | - if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 118 | + if ($e) { |
|
| 119 | + $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 120 | + } |
|
| 111 | 121 | |
| 112 | 122 | // remove the attribute |
| 113 | 123 | unset($attr[$attr_key]); |
@@ -137,7 +147,9 @@ discard block |
||
| 137 | 147 | foreach ($definition->info_attr_transform_post as $transform) { |
| 138 | 148 | $attr = $transform->transform($o = $attr, $config, $context); |
| 139 | 149 | if ($e) { |
| 140 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 150 | + if ($attr != $o) { |
|
| 151 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 152 | + } |
|
| 141 | 153 | } |
| 142 | 154 | } |
| 143 | 155 | |
@@ -145,14 +157,18 @@ discard block |
||
| 145 | 157 | foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
| 146 | 158 | $attr = $transform->transform($o = $attr, $config, $context); |
| 147 | 159 | if ($e) { |
| 148 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 160 | + if ($attr != $o) { |
|
| 161 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 162 | + } |
|
| 149 | 163 | } |
| 150 | 164 | } |
| 151 | 165 | |
| 152 | 166 | $token->attr = $attr; |
| 153 | 167 | |
| 154 | 168 | // destroy CurrentToken if we made it ourselves |
| 155 | - if (!$current_token) $context->destroy('CurrentToken'); |
|
| 169 | + if (!$current_token) { |
|
| 170 | + $context->destroy('CurrentToken'); |
|
| 171 | + } |
|
| 156 | 172 | |
| 157 | 173 | } |
| 158 | 174 | |
