xpressengine / xe-core

classes/security/Security.class.php

Braces +10 added lines, -15 removed lines

@@ -60,12 +60,10 @@ 
 			if($use_context)
 			{
 				$var = Context::get($varName0);
-			}
-			elseif($varName0)
+			} elseif($varName0)
 			{
 				$var = $is_object ? $this->_targetVar->{$varName0} : $this->_targetVar[$varName0];
-			}
-			else
+			} else
 			{
 				$var = $this->_targetVar;
 			}
@@ -79,19 +77,16 @@ 
 			if($use_context)
 			{
 				Context::set($varName0, $var);
-			}
-			elseif($varName0)
+			} elseif($varName0)
 			{
 				if($is_object)
 				{
 					$this->_targetVar->{$varName0} = $var;
-				}
-				else
+				} else
 				{
 					$this->_targetVar[$varName0] = $var;
 				}
-			}
-			else
+			} else
 			{
 				$this->_targetVar = $var;
 			}
@@ -142,8 +137,7 @@ 
 			if($is_object)
 			{
 				$var->{$name0} = $target;
-			}
-			else
+			} else
 			{
 				$var[$name0] = $target;
 			}
@@ -165,8 +159,7 @@ 
 			if($is_object)
 			{
 				$var->{$key} = $target;
-			}
-			else
+			} else
 			{
 				$var[$key] = $target;
 			}
@@ -185,7 +178,9 @@ 
 	 */
 	static function detectingXEE($xml)
 	{
-		if(!$xml) return FALSE;
+		if(!$xml) {
+			return FALSE;
+		}
 
 		if(strpos($xml, '<!ENTITY') !== FALSE)
 		{

Spacing +26 added lines, -26 removed lines

@@ -37,15 +37,15 @@ 
 	function encodeHTML(/* , $varName1, $varName2, ... */)
 	{
 		$varNames = func_get_args();
-		if(count($varNames) < 0)
+		if (count($varNames) < 0)
 		{
 			return FALSE;
 		}
 
 		$use_context = is_null($this->_targetVar);
-		if(!$use_context)
+		if (!$use_context)
 		{
-			if(!count($varNames) || (!is_object($this->_targetVar) && !is_array($this->_targetVar)))
+			if (!count($varNames) || (!is_object($this->_targetVar) && !is_array($this->_targetVar)))
 			{
 				return $this->_encodeHTML($this->_targetVar);
 			}
@@ -53,15 +53,15 @@ 
 			$is_object = is_object($this->_targetVar);
 		}
 
-		foreach($varNames as $varName)
+		foreach ($varNames as $varName)
 		{
 			$varName = explode('.', $varName);
 			$varName0 = array_shift($varName);
-			if($use_context)
+			if ($use_context)
 			{
 				$var = Context::get($varName0);
 			}
-			elseif($varName0)
+			elseif ($varName0)
 			{
 				$var = $is_object ? $this->_targetVar->{$varName0} : $this->_targetVar[$varName0];
 			}
@@ -71,18 +71,18 @@ 
 			}
 			$var = $this->_encodeHTML($var, $varName);
 
-			if($var === FALSE)
+			if ($var === FALSE)
 			{
 				continue;
 			}
 
-			if($use_context)
+			if ($use_context)
 			{
 				Context::set($varName0, $var);
 			}
-			elseif($varName0)
+			elseif ($varName0)
 			{
-				if($is_object)
+				if ($is_object)
 				{
 					$this->_targetVar->{$varName0} = $var;
 				}
@@ -97,7 +97,7 @@ 
 			}
 		}
 
-		if(!$use_context)
+		if (!$use_context)
 		{
 			return $this->_targetVar;
 		}
@@ -111,9 +111,9 @@ 
 	 */
 	function _encodeHTML($var, $name = array())
 	{
-		if(is_string($var))
+		if (is_string($var))
 		{
-			if(strncmp('$user_lang->', $var, 12) !== 0)
+			if (strncmp('$user_lang->', $var, 12) !== 0)
 			{
 				$var = htmlspecialchars($var, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
 			}
@@ -121,7 +121,7 @@ 
 			return $var;
 		}
 
-		if(!count($name) || (!is_array($var) && !is_object($var)))
+		if (!count($name) || (!is_array($var) && !is_object($var)))
 		{
 			return false;
 		}
@@ -129,17 +129,17 @@ 
 		$is_object = is_object($var);
 		$name0 = array_shift($name);
 
-		if(strlen($name0))
+		if (strlen($name0))
 		{
 			$target = $is_object ? $var->{$name0} : $var[$name0];
 			$target = $this->_encodeHTML($target, $name);
 
-			if($target === false)
+			if ($target === false)
 			{
 				return $var;
 			}
 
-			if($is_object)
+			if ($is_object)
 			{
 				$var->{$name0} = $target;
 			}
@@ -151,18 +151,18 @@ 
 			return $var;
 		}
 
-		foreach($var as $key => $target)
+		foreach ($var as $key => $target)
 		{
 			$cloned_name = array_slice($name, 0);
 			$target = $this->_encodeHTML($target, $name);
 			$name = $cloned_name;
 
-			if($target === false)
+			if ($target === false)
 			{
 				continue;
 			}
 
-			if($is_object)
+			if ($is_object)
 			{
 				$var->{$key} = $target;
 			}
@@ -185,9 +185,9 @@ 
 	 */
 	static function detectingXEE($xml)
 	{
-		if(!$xml) return FALSE;
+		if (!$xml) return FALSE;
 
-		if(strpos($xml, '<!ENTITY') !== FALSE)
+		if (strpos($xml, '<!ENTITY') !== FALSE)
 		{
 			return TRUE;
 		}
@@ -195,7 +195,7 @@ 
 		// Strip XML declaration.
 		$header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xml, 0, 100), 1);
 		$xml = trim(substr_replace($xml, $header, 0, 100));
-		if($xml == '')
+		if ($xml == '')
 		{
 			return TRUE;
 		}
@@ -203,7 +203,7 @@ 
 		// Strip DTD.
 		$header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);
 		$xml = trim(substr_replace($xml, $header, 0, 200));
-		if($xml == '')
+		if ($xml == '')
 		{
 			return TRUE;
 		}
@@ -212,12 +212,12 @@ 
 		$root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));
 
 		// Reject a second DTD.
-		if(strtoupper($root_tag) == '<!DOCTYPE')
+		if (strtoupper($root_tag) == '<!DOCTYPE')
 		{
 			return TRUE;
 		}
 
-		if(!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault')))
+		if (!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault')))
 		{
 			return TRUE;
 		}

classes/security/htmlpurifier/library/HTMLPurifier.autoload.php

Indentation +10 added lines, -10 removed lines

@@ -7,20 +7,20 @@
  */
 
 if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
-    // We need unregister for our pre-registering functionality
-    HTMLPurifier_Bootstrap::registerAutoload();
-    if (function_exists('__autoload')) {
-        // Be polite and ensure that userland autoload gets retained
-        spl_autoload_register('__autoload');
-    }
+	// We need unregister for our pre-registering functionality
+	HTMLPurifier_Bootstrap::registerAutoload();
+	if (function_exists('__autoload')) {
+		// Be polite and ensure that userland autoload gets retained
+		spl_autoload_register('__autoload');
+	}
 } elseif (!function_exists('__autoload')) {
-    function __autoload($class) {
-        return HTMLPurifier_Bootstrap::autoload($class);
-    }
+	function __autoload($class) {
+		return HTMLPurifier_Bootstrap::autoload($class);
+	}
 }
 
 if (ini_get('zend.ze1_compatibility_mode')) {
-    trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
+	trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier.func.php

Indentation +5 added lines, -5 removed lines

@@ -13,11 +13,11 @@
  *        HTMLPurifier_Config::create()
  */
 function HTMLPurifier($html, $config = null) {
-    static $purifier = false;
-    if (!$purifier) {
-        $purifier = new HTMLPurifier();
-    }
-    return $purifier->purify($html, $config);
+	static $purifier = false;
+	if (!$purifier) {
+		$purifier = new HTMLPurifier();
+	}
+	return $purifier->purify($html, $config);
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier.kses.php

Indentation +17 added lines, -17 removed lines

@@ -8,23 +8,23 @@
 require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
 
 function kses($string, $allowed_html, $allowed_protocols = null) {
-    $config = HTMLPurifier_Config::createDefault();
-    $allowed_elements = array();
-    $allowed_attributes = array();
-    foreach ($allowed_html as $element => $attributes) {
-        $allowed_elements[$element] = true;
-        foreach ($attributes as $attribute => $x) {
-            $allowed_attributes["$element.$attribute"] = true;
-        }
-    }
-    $config->set('HTML.AllowedElements', $allowed_elements);
-    $config->set('HTML.AllowedAttributes', $allowed_attributes);
-    $allowed_schemes = array();
-    if ($allowed_protocols !== null) {
-        $config->set('URI.AllowedSchemes', $allowed_protocols);
-    }
-    $purifier = new HTMLPurifier($config);
-    return $purifier->purify($string);
+	$config = HTMLPurifier_Config::createDefault();
+	$allowed_elements = array();
+	$allowed_attributes = array();
+	foreach ($allowed_html as $element => $attributes) {
+		$allowed_elements[$element] = true;
+		foreach ($attributes as $attribute => $x) {
+			$allowed_attributes["$element.$attribute"] = true;
+		}
+	}
+	$config->set('HTML.AllowedElements', $allowed_elements);
+	$config->set('HTML.AllowedAttributes', $allowed_attributes);
+	$allowed_schemes = array();
+	if ($allowed_protocols !== null) {
+		$config->set('URI.AllowedSchemes', $allowed_protocols);
+	}
+	$purifier = new HTMLPurifier($config);
+	return $purifier->purify($string);
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -5,7 +5,7 @@
  * Emulation layer for code that used kses(), substituting in HTML Purifier.
  */
 
-require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
+require_once dirname(__FILE__).'/HTMLPurifier.auto.php';
 
 function kses($string, $allowed_html, $allowed_protocols = null) {
     $config = HTMLPurifier_Config::createDefault();

classes/security/htmlpurifier/library/HTMLPurifier.php

Indentation +177 added lines, -177 removed lines

@@ -54,183 +54,183 @@
 class HTMLPurifier
 {
 
-    /** Version of HTML Purifier */
-    public $version = '4.4.0';
-
-    /** Constant with version of HTML Purifier */
-    const VERSION = '4.4.0';
-
-    /** Global configuration object */
-    public $config;
-
-    /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
-    private $filters = array();
-
-    /** Single instance of HTML Purifier */
-    private static $instance;
-
-    protected $strategy, $generator;
-
-    /**
-     * Resultant HTMLPurifier_Context of last run purification. Is an array
-     * of contexts if the last called method was purifyArray().
-     */
-    public $context;
-
-    /**
-     * Initializes the purifier.
-     * @param $config Optional HTMLPurifier_Config object for all instances of
-     *                the purifier, if omitted, a default configuration is
-     *                supplied (which can be overridden on a per-use basis).
-     *                The parameter can also be any type that
-     *                HTMLPurifier_Config::create() supports.
-     */
-    public function __construct($config = null) {
-
-        $this->config = HTMLPurifier_Config::create($config);
-
-        $this->strategy     = new HTMLPurifier_Strategy_Core();
-
-    }
-
-    /**
-     * Adds a filter to process the output. First come first serve
-     * @param $filter HTMLPurifier_Filter object
-     */
-    public function addFilter($filter) {
-        trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
-        $this->filters[] = $filter;
-    }
-
-    /**
-     * Filters an HTML snippet/document to be XSS-free and standards-compliant.
-     *
-     * @param $html String of HTML to purify
-     * @param $config HTMLPurifier_Config object for this operation, if omitted,
-     *                defaults to the config object specified during this
-     *                object's construction. The parameter can also be any type
-     *                that HTMLPurifier_Config::create() supports.
-     * @return Purified HTML
-     */
-    public function purify($html, $config = null) {
-
-        // :TODO: make the config merge in, instead of replace
-        $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
-
-        // implementation is partially environment dependant, partially
-        // configuration dependant
-        $lexer = HTMLPurifier_Lexer::create($config);
-
-        $context = new HTMLPurifier_Context();
-
-        // setup HTML generator
-        $this->generator = new HTMLPurifier_Generator($config, $context);
-        $context->register('Generator', $this->generator);
-
-        // set up global context variables
-        if ($config->get('Core.CollectErrors')) {
-            // may get moved out if other facilities use it
-            $language_factory = HTMLPurifier_LanguageFactory::instance();
-            $language = $language_factory->create($config, $context);
-            $context->register('Locale', $language);
-
-            $error_collector = new HTMLPurifier_ErrorCollector($context);
-            $context->register('ErrorCollector', $error_collector);
-        }
-
-        // setup id_accumulator context, necessary due to the fact that
-        // AttrValidator can be called from many places
-        $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
-        $context->register('IDAccumulator', $id_accumulator);
-
-        $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
-
-        // setup filters
-        $filter_flags = $config->getBatch('Filter');
-        $custom_filters = $filter_flags['Custom'];
-        unset($filter_flags['Custom']);
-        $filters = array();
-        foreach ($filter_flags as $filter => $flag) {
-            if (!$flag) continue;
-            if (strpos($filter, '.') !== false) continue;
-            $class = "HTMLPurifier_Filter_$filter";
-            $filters[] = new $class;
-        }
-        foreach ($custom_filters as $filter) {
-            // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
-            $filters[] = $filter;
-        }
-        $filters = array_merge($filters, $this->filters);
-        // maybe prepare(), but later
-
-        for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
-            $html = $filters[$i]->preFilter($html, $config, $context);
-        }
-
-        // purified HTML
-        $html =
-            $this->generator->generateFromTokens(
-                // list of tokens
-                $this->strategy->execute(
-                    // list of un-purified tokens
-                    $lexer->tokenizeHTML(
-                        // un-purified HTML
-                        $html, $config, $context
-                    ),
-                    $config, $context
-                )
-            );
-
-        for ($i = $filter_size - 1; $i >= 0; $i--) {
-            $html = $filters[$i]->postFilter($html, $config, $context);
-        }
-
-        $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
-        $this->context =& $context;
-        return $html;
-    }
-
-    /**
-     * Filters an array of HTML snippets
-     * @param $config Optional HTMLPurifier_Config object for this operation.
-     *                See HTMLPurifier::purify() for more details.
-     * @return Array of purified HTML
-     */
-    public function purifyArray($array_of_html, $config = null) {
-        $context_array = array();
-        foreach ($array_of_html as $key => $html) {
-            $array_of_html[$key] = $this->purify($html, $config);
-            $context_array[$key] = $this->context;
-        }
-        $this->context = $context_array;
-        return $array_of_html;
-    }
-
-    /**
-     * Singleton for enforcing just one HTML Purifier in your system
-     * @param $prototype Optional prototype HTMLPurifier instance to
-     *                   overload singleton with, or HTMLPurifier_Config
-     *                   instance to configure the generated version with.
-     */
-    public static function instance($prototype = null) {
-        if (!self::$instance || $prototype) {
-            if ($prototype instanceof HTMLPurifier) {
-                self::$instance = $prototype;
-            } elseif ($prototype) {
-                self::$instance = new HTMLPurifier($prototype);
-            } else {
-                self::$instance = new HTMLPurifier();
-            }
-        }
-        return self::$instance;
-    }
-
-    /**
-     * @note Backwards compatibility, see instance()
-     */
-    public static function getInstance($prototype = null) {
-        return HTMLPurifier::instance($prototype);
-    }
+	/** Version of HTML Purifier */
+	public $version = '4.4.0';
+
+	/** Constant with version of HTML Purifier */
+	const VERSION = '4.4.0';
+
+	/** Global configuration object */
+	public $config;
+
+	/** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
+	private $filters = array();
+
+	/** Single instance of HTML Purifier */
+	private static $instance;
+
+	protected $strategy, $generator;
+
+	/**
+	 * Resultant HTMLPurifier_Context of last run purification. Is an array
+	 * of contexts if the last called method was purifyArray().
+	 */
+	public $context;
+
+	/**
+	 * Initializes the purifier.
+	 * @param $config Optional HTMLPurifier_Config object for all instances of
+	 *                the purifier, if omitted, a default configuration is
+	 *                supplied (which can be overridden on a per-use basis).
+	 *                The parameter can also be any type that
+	 *                HTMLPurifier_Config::create() supports.
+	 */
+	public function __construct($config = null) {
+
+		$this->config = HTMLPurifier_Config::create($config);
+
+		$this->strategy     = new HTMLPurifier_Strategy_Core();
+
+	}
+
+	/**
+	 * Adds a filter to process the output. First come first serve
+	 * @param $filter HTMLPurifier_Filter object
+	 */
+	public function addFilter($filter) {
+		trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
+		$this->filters[] = $filter;
+	}
+
+	/**
+	 * Filters an HTML snippet/document to be XSS-free and standards-compliant.
+	 *
+	 * @param $html String of HTML to purify
+	 * @param $config HTMLPurifier_Config object for this operation, if omitted,
+	 *                defaults to the config object specified during this
+	 *                object's construction. The parameter can also be any type
+	 *                that HTMLPurifier_Config::create() supports.
+	 * @return Purified HTML
+	 */
+	public function purify($html, $config = null) {
+
+		// :TODO: make the config merge in, instead of replace
+		$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
+
+		// implementation is partially environment dependant, partially
+		// configuration dependant
+		$lexer = HTMLPurifier_Lexer::create($config);
+
+		$context = new HTMLPurifier_Context();
+
+		// setup HTML generator
+		$this->generator = new HTMLPurifier_Generator($config, $context);
+		$context->register('Generator', $this->generator);
+
+		// set up global context variables
+		if ($config->get('Core.CollectErrors')) {
+			// may get moved out if other facilities use it
+			$language_factory = HTMLPurifier_LanguageFactory::instance();
+			$language = $language_factory->create($config, $context);
+			$context->register('Locale', $language);
+
+			$error_collector = new HTMLPurifier_ErrorCollector($context);
+			$context->register('ErrorCollector', $error_collector);
+		}
+
+		// setup id_accumulator context, necessary due to the fact that
+		// AttrValidator can be called from many places
+		$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+		$context->register('IDAccumulator', $id_accumulator);
+
+		$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
+
+		// setup filters
+		$filter_flags = $config->getBatch('Filter');
+		$custom_filters = $filter_flags['Custom'];
+		unset($filter_flags['Custom']);
+		$filters = array();
+		foreach ($filter_flags as $filter => $flag) {
+			if (!$flag) continue;
+			if (strpos($filter, '.') !== false) continue;
+			$class = "HTMLPurifier_Filter_$filter";
+			$filters[] = new $class;
+		}
+		foreach ($custom_filters as $filter) {
+			// maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
+			$filters[] = $filter;
+		}
+		$filters = array_merge($filters, $this->filters);
+		// maybe prepare(), but later
+
+		for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
+			$html = $filters[$i]->preFilter($html, $config, $context);
+		}
+
+		// purified HTML
+		$html =
+			$this->generator->generateFromTokens(
+				// list of tokens
+				$this->strategy->execute(
+					// list of un-purified tokens
+					$lexer->tokenizeHTML(
+						// un-purified HTML
+						$html, $config, $context
+					),
+					$config, $context
+				)
+			);
+
+		for ($i = $filter_size - 1; $i >= 0; $i--) {
+			$html = $filters[$i]->postFilter($html, $config, $context);
+		}
+
+		$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
+		$this->context =& $context;
+		return $html;
+	}
+
+	/**
+	 * Filters an array of HTML snippets
+	 * @param $config Optional HTMLPurifier_Config object for this operation.
+	 *                See HTMLPurifier::purify() for more details.
+	 * @return Array of purified HTML
+	 */
+	public function purifyArray($array_of_html, $config = null) {
+		$context_array = array();
+		foreach ($array_of_html as $key => $html) {
+			$array_of_html[$key] = $this->purify($html, $config);
+			$context_array[$key] = $this->context;
+		}
+		$this->context = $context_array;
+		return $array_of_html;
+	}
+
+	/**
+	 * Singleton for enforcing just one HTML Purifier in your system
+	 * @param $prototype Optional prototype HTMLPurifier instance to
+	 *                   overload singleton with, or HTMLPurifier_Config
+	 *                   instance to configure the generated version with.
+	 */
+	public static function instance($prototype = null) {
+		if (!self::$instance || $prototype) {
+			if ($prototype instanceof HTMLPurifier) {
+				self::$instance = $prototype;
+			} elseif ($prototype) {
+				self::$instance = new HTMLPurifier($prototype);
+			} else {
+				self::$instance = new HTMLPurifier();
+			}
+		}
+		return self::$instance;
+	}
+
+	/**
+	 * @note Backwards compatibility, see instance()
+	 */
+	public static function getInstance($prototype = null) {
+		return HTMLPurifier::instance($prototype);
+	}
 
 }
 

Spacing +2 added lines, -2 removed lines

@@ -89,7 +89,7 @@ 
 
         $this->config = HTMLPurifier_Config::create($config);
 
-        $this->strategy     = new HTMLPurifier_Strategy_Core();
+        $this->strategy = new HTMLPurifier_Strategy_Core();
 
     }
 
@@ -186,7 +186,7 @@ 
         }
 
         $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
-        $this->context =& $context;
+        $this->context = & $context;
         return $html;
     }
 

Braces +6 added lines, -2 removed lines

@@ -151,8 +151,12 @@
         unset($filter_flags['Custom']);
         $filters = array();
         foreach ($filter_flags as $filter => $flag) {
-            if (!$flag) continue;
-            if (strpos($filter, '.') !== false) continue;
+            if (!$flag) {
+            	continue;
+            }
+            if (strpos($filter, '.') !== false) {
+            	continue;
+            }
             $class = "HTMLPurifier_Filter_$filter";
             $filters[] = new $class;
         }

classes/security/htmlpurifier/library/HTMLPurifier/AttrCollections.php

Indentation +115 added lines, -115 removed lines

@@ -7,121 +7,121 @@
 class HTMLPurifier_AttrCollections
 {
 
-    /**
-     * Associative array of attribute collections, indexed by name
-     */
-    public $info = array();
-
-    /**
-     * Performs all expansions on internal data for use by other inclusions
-     * It also collects all attribute collection extensions from
-     * modules
-     * @param $attr_types HTMLPurifier_AttrTypes instance
-     * @param $modules Hash array of HTMLPurifier_HTMLModule members
-     */
-    public function __construct($attr_types, $modules) {
-        // load extensions from the modules
-        foreach ($modules as $module) {
-            foreach ($module->attr_collections as $coll_i => $coll) {
-                if (!isset($this->info[$coll_i])) {
-                    $this->info[$coll_i] = array();
-                }
-                foreach ($coll as $attr_i => $attr) {
-                    if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
-                        // merge in includes
-                        $this->info[$coll_i][$attr_i] = array_merge(
-                            $this->info[$coll_i][$attr_i], $attr);
-                        continue;
-                    }
-                    $this->info[$coll_i][$attr_i] = $attr;
-                }
-            }
-        }
-        // perform internal expansions and inclusions
-        foreach ($this->info as $name => $attr) {
-            // merge attribute collections that include others
-            $this->performInclusions($this->info[$name]);
-            // replace string identifiers with actual attribute objects
-            $this->expandIdentifiers($this->info[$name], $attr_types);
-        }
-    }
-
-    /**
-     * Takes a reference to an attribute associative array and performs
-     * all inclusions specified by the zero index.
-     * @param &$attr Reference to attribute array
-     */
-    public function performInclusions(&$attr) {
-        if (!isset($attr[0])) return;
-        $merge = $attr[0];
-        $seen  = array(); // recursion guard
-        // loop through all the inclusions
-        for ($i = 0; isset($merge[$i]); $i++) {
-            if (isset($seen[$merge[$i]])) continue;
-            $seen[$merge[$i]] = true;
-            // foreach attribute of the inclusion, copy it over
-            if (!isset($this->info[$merge[$i]])) continue;
-            foreach ($this->info[$merge[$i]] as $key => $value) {
-                if (isset($attr[$key])) continue; // also catches more inclusions
-                $attr[$key] = $value;
-            }
-            if (isset($this->info[$merge[$i]][0])) {
-                // recursion
-                $merge = array_merge($merge, $this->info[$merge[$i]][0]);
-            }
-        }
-        unset($attr[0]);
-    }
-
-    /**
-     * Expands all string identifiers in an attribute array by replacing
-     * them with the appropriate values inside HTMLPurifier_AttrTypes
-     * @param &$attr Reference to attribute array
-     * @param $attr_types HTMLPurifier_AttrTypes instance
-     */
-    public function expandIdentifiers(&$attr, $attr_types) {
-
-        // because foreach will process new elements we add, make sure we
-        // skip duplicates
-        $processed = array();
-
-        foreach ($attr as $def_i => $def) {
-            // skip inclusions
-            if ($def_i === 0) continue;
-
-            if (isset($processed[$def_i])) continue;
-
-            // determine whether or not attribute is required
-            if ($required = (strpos($def_i, '*') !== false)) {
-                // rename the definition
-                unset($attr[$def_i]);
-                $def_i = trim($def_i, '*');
-                $attr[$def_i] = $def;
-            }
-
-            $processed[$def_i] = true;
-
-            // if we've already got a literal object, move on
-            if (is_object($def)) {
-                // preserve previous required
-                $attr[$def_i]->required = ($required || $attr[$def_i]->required);
-                continue;
-            }
-
-            if ($def === false) {
-                unset($attr[$def_i]);
-                continue;
-            }
-
-            if ($t = $attr_types->get($def)) {
-                $attr[$def_i] = $t;
-                $attr[$def_i]->required = $required;
-            } else {
-                unset($attr[$def_i]);
-            }
-        }
-
-    }
+	/**
+	 * Associative array of attribute collections, indexed by name
+	 */
+	public $info = array();
+
+	/**
+	 * Performs all expansions on internal data for use by other inclusions
+	 * It also collects all attribute collection extensions from
+	 * modules
+	 * @param $attr_types HTMLPurifier_AttrTypes instance
+	 * @param $modules Hash array of HTMLPurifier_HTMLModule members
+	 */
+	public function __construct($attr_types, $modules) {
+		// load extensions from the modules
+		foreach ($modules as $module) {
+			foreach ($module->attr_collections as $coll_i => $coll) {
+				if (!isset($this->info[$coll_i])) {
+					$this->info[$coll_i] = array();
+				}
+				foreach ($coll as $attr_i => $attr) {
+					if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
+						// merge in includes
+						$this->info[$coll_i][$attr_i] = array_merge(
+							$this->info[$coll_i][$attr_i], $attr);
+						continue;
+					}
+					$this->info[$coll_i][$attr_i] = $attr;
+				}
+			}
+		}
+		// perform internal expansions and inclusions
+		foreach ($this->info as $name => $attr) {
+			// merge attribute collections that include others
+			$this->performInclusions($this->info[$name]);
+			// replace string identifiers with actual attribute objects
+			$this->expandIdentifiers($this->info[$name], $attr_types);
+		}
+	}
+
+	/**
+	 * Takes a reference to an attribute associative array and performs
+	 * all inclusions specified by the zero index.
+	 * @param &$attr Reference to attribute array
+	 */
+	public function performInclusions(&$attr) {
+		if (!isset($attr[0])) return;
+		$merge = $attr[0];
+		$seen  = array(); // recursion guard
+		// loop through all the inclusions
+		for ($i = 0; isset($merge[$i]); $i++) {
+			if (isset($seen[$merge[$i]])) continue;
+			$seen[$merge[$i]] = true;
+			// foreach attribute of the inclusion, copy it over
+			if (!isset($this->info[$merge[$i]])) continue;
+			foreach ($this->info[$merge[$i]] as $key => $value) {
+				if (isset($attr[$key])) continue; // also catches more inclusions
+				$attr[$key] = $value;
+			}
+			if (isset($this->info[$merge[$i]][0])) {
+				// recursion
+				$merge = array_merge($merge, $this->info[$merge[$i]][0]);
+			}
+		}
+		unset($attr[0]);
+	}
+
+	/**
+	 * Expands all string identifiers in an attribute array by replacing
+	 * them with the appropriate values inside HTMLPurifier_AttrTypes
+	 * @param &$attr Reference to attribute array
+	 * @param $attr_types HTMLPurifier_AttrTypes instance
+	 */
+	public function expandIdentifiers(&$attr, $attr_types) {
+
+		// because foreach will process new elements we add, make sure we
+		// skip duplicates
+		$processed = array();
+
+		foreach ($attr as $def_i => $def) {
+			// skip inclusions
+			if ($def_i === 0) continue;
+
+			if (isset($processed[$def_i])) continue;
+
+			// determine whether or not attribute is required
+			if ($required = (strpos($def_i, '*') !== false)) {
+				// rename the definition
+				unset($attr[$def_i]);
+				$def_i = trim($def_i, '*');
+				$attr[$def_i] = $def;
+			}
+
+			$processed[$def_i] = true;
+
+			// if we've already got a literal object, move on
+			if (is_object($def)) {
+				// preserve previous required
+				$attr[$def_i]->required = ($required || $attr[$def_i]->required);
+				continue;
+			}
+
+			if ($def === false) {
+				unset($attr[$def_i]);
+				continue;
+			}
+
+			if ($t = $attr_types->get($def)) {
+				$attr[$def_i] = $t;
+				$attr[$def_i]->required = $required;
+			} else {
+				unset($attr[$def_i]);
+			}
+		}
+
+	}
 
 }
 

Braces +19 added lines, -6 removed lines

@@ -52,17 +52,26 @@ 
      * @param &$attr Reference to attribute array
      */
     public function performInclusions(&$attr) {
-        if (!isset($attr[0])) return;
+        if (!isset($attr[0])) {
+        	return;
+        }
         $merge = $attr[0];
         $seen  = array(); // recursion guard
         // loop through all the inclusions
         for ($i = 0; isset($merge[$i]); $i++) {
-            if (isset($seen[$merge[$i]])) continue;
+            if (isset($seen[$merge[$i]])) {
+            	continue;
+            }
             $seen[$merge[$i]] = true;
             // foreach attribute of the inclusion, copy it over
-            if (!isset($this->info[$merge[$i]])) continue;
+            if (!isset($this->info[$merge[$i]])) {
+            	continue;
+            }
             foreach ($this->info[$merge[$i]] as $key => $value) {
-                if (isset($attr[$key])) continue; // also catches more inclusions
+                if (isset($attr[$key])) {
+                	continue;
+                }
+                // also catches more inclusions
                 $attr[$key] = $value;
             }
             if (isset($this->info[$merge[$i]][0])) {
@@ -87,9 +96,13 @@ 
 
         foreach ($attr as $def_i => $def) {
             // skip inclusions
-            if ($def_i === 0) continue;
+            if ($def_i === 0) {
+            	continue;
+            }
 
-            if (isset($processed[$def_i])) continue;
+            if (isset($processed[$def_i])) {
+            	continue;
+            }
 
             // determine whether or not attribute is required
             if ($required = (strpos($def_i, '*') !== false)) {

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef.php

Indentation +98 added lines, -98 removed lines

@@ -13,110 +13,110 @@
 abstract class HTMLPurifier_AttrDef
 {
 
-    /**
-     * Tells us whether or not an HTML attribute is minimized. Has no
-     * meaning in other contexts.
-     */
-    public $minimized = false;
+	/**
+	 * Tells us whether or not an HTML attribute is minimized. Has no
+	 * meaning in other contexts.
+	 */
+	public $minimized = false;
 
-    /**
-     * Tells us whether or not an HTML attribute is required. Has no
-     * meaning in other contexts
-     */
-    public $required = false;
+	/**
+	 * Tells us whether or not an HTML attribute is required. Has no
+	 * meaning in other contexts
+	 */
+	public $required = false;
 
-    /**
-     * Validates and cleans passed string according to a definition.
-     *
-     * @param $string String to be validated and cleaned.
-     * @param $config Mandatory HTMLPurifier_Config object.
-     * @param $context Mandatory HTMLPurifier_AttrContext object.
-     */
-    abstract public function validate($string, $config, $context);
+	/**
+	 * Validates and cleans passed string according to a definition.
+	 *
+	 * @param $string String to be validated and cleaned.
+	 * @param $config Mandatory HTMLPurifier_Config object.
+	 * @param $context Mandatory HTMLPurifier_AttrContext object.
+	 */
+	abstract public function validate($string, $config, $context);
 
-    /**
-     * Convenience method that parses a string as if it were CDATA.
-     *
-     * This method process a string in the manner specified at
-     * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
-     * leading and trailing whitespace, ignoring line feeds, and replacing
-     * carriage returns and tabs with spaces.  While most useful for HTML
-     * attributes specified as CDATA, it can also be applied to most CSS
-     * values.
-     *
-     * @note This method is not entirely standards compliant, as trim() removes
-     *       more types of whitespace than specified in the spec. In practice,
-     *       this is rarely a problem, as those extra characters usually have
-     *       already been removed by HTMLPurifier_Encoder.
-     *
-     * @warning This processing is inconsistent with XML's whitespace handling
-     *          as specified by section 3.3.3 and referenced XHTML 1.0 section
-     *          4.7.  However, note that we are NOT necessarily
-     *          parsing XML, thus, this behavior may still be correct. We
-     *          assume that newlines have been normalized.
-     */
-    public function parseCDATA($string) {
-        $string = trim($string);
-        $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
-        return $string;
-    }
+	/**
+	 * Convenience method that parses a string as if it were CDATA.
+	 *
+	 * This method process a string in the manner specified at
+	 * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
+	 * leading and trailing whitespace, ignoring line feeds, and replacing
+	 * carriage returns and tabs with spaces.  While most useful for HTML
+	 * attributes specified as CDATA, it can also be applied to most CSS
+	 * values.
+	 *
+	 * @note This method is not entirely standards compliant, as trim() removes
+	 *       more types of whitespace than specified in the spec. In practice,
+	 *       this is rarely a problem, as those extra characters usually have
+	 *       already been removed by HTMLPurifier_Encoder.
+	 *
+	 * @warning This processing is inconsistent with XML's whitespace handling
+	 *          as specified by section 3.3.3 and referenced XHTML 1.0 section
+	 *          4.7.  However, note that we are NOT necessarily
+	 *          parsing XML, thus, this behavior may still be correct. We
+	 *          assume that newlines have been normalized.
+	 */
+	public function parseCDATA($string) {
+		$string = trim($string);
+		$string = str_replace(array("\n", "\t", "\r"), ' ', $string);
+		return $string;
+	}
 
-    /**
-     * Factory method for creating this class from a string.
-     * @param $string String construction info
-     * @return Created AttrDef object corresponding to $string
-     */
-    public function make($string) {
-        // default implementation, return a flyweight of this object.
-        // If $string has an effect on the returned object (i.e. you
-        // need to overload this method), it is best
-        // to clone or instantiate new copies. (Instantiation is safer.)
-        return $this;
-    }
+	/**
+	 * Factory method for creating this class from a string.
+	 * @param $string String construction info
+	 * @return Created AttrDef object corresponding to $string
+	 */
+	public function make($string) {
+		// default implementation, return a flyweight of this object.
+		// If $string has an effect on the returned object (i.e. you
+		// need to overload this method), it is best
+		// to clone or instantiate new copies. (Instantiation is safer.)
+		return $this;
+	}
 
-    /**
-     * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
-     * properly. THIS IS A HACK!
-     */
-    protected function mungeRgb($string) {
-        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
-    }
+	/**
+	 * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
+	 * properly. THIS IS A HACK!
+	 */
+	protected function mungeRgb($string) {
+		return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
+	}
 
-    /**
-     * Parses a possibly escaped CSS string and returns the "pure" 
-     * version of it.
-     */
-    protected function expandCSSEscape($string) {
-        // flexibly parse it
-        $ret = '';
-        for ($i = 0, $c = strlen($string); $i < $c; $i++) {
-            if ($string[$i] === '\\') {
-                $i++;
-                if ($i >= $c) {
-                    $ret .= '\\';
-                    break;
-                }
-                if (ctype_xdigit($string[$i])) {
-                    $code = $string[$i];
-                    for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
-                        if (!ctype_xdigit($string[$i])) break;
-                        $code .= $string[$i];
-                    }
-                    // We have to be extremely careful when adding
-                    // new characters, to make sure we're not breaking
-                    // the encoding.
-                    $char = HTMLPurifier_Encoder::unichr(hexdec($code));
-                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
-                    $ret .= $char;
-                    if ($i < $c && trim($string[$i]) !== '') $i--;
-                    continue;
-                }
-                if ($string[$i] === "\n") continue;
-            }
-            $ret .= $string[$i];
-        }
-        return $ret;
-    }
+	/**
+	 * Parses a possibly escaped CSS string and returns the "pure" 
+	 * version of it.
+	 */
+	protected function expandCSSEscape($string) {
+		// flexibly parse it
+		$ret = '';
+		for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+			if ($string[$i] === '\\') {
+				$i++;
+				if ($i >= $c) {
+					$ret .= '\\';
+					break;
+				}
+				if (ctype_xdigit($string[$i])) {
+					$code = $string[$i];
+					for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
+						if (!ctype_xdigit($string[$i])) break;
+						$code .= $string[$i];
+					}
+					// We have to be extremely careful when adding
+					// new characters, to make sure we're not breaking
+					// the encoding.
+					$char = HTMLPurifier_Encoder::unichr(hexdec($code));
+					if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+					$ret .= $char;
+					if ($i < $c && trim($string[$i]) !== '') $i--;
+					continue;
+				}
+				if ($string[$i] === "\n") continue;
+			}
+			$ret .= $string[$i];
+		}
+		return $ret;
+	}
 
 }
 

Braces +12 added lines, -4 removed lines

@@ -99,19 +99,27 @@
                 if (ctype_xdigit($string[$i])) {
                     $code = $string[$i];
                     for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
-                        if (!ctype_xdigit($string[$i])) break;
+                        if (!ctype_xdigit($string[$i])) {
+                        	break;
+                        }
                         $code .= $string[$i];
                     }
                     // We have to be extremely careful when adding
                     // new characters, to make sure we're not breaking
                     // the encoding.
                     $char = HTMLPurifier_Encoder::unichr(hexdec($code));
-                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
+                    	continue;
+                    }
                     $ret .= $char;
-                    if ($i < $c && trim($string[$i]) !== '') $i--;
+                    if ($i < $c && trim($string[$i]) !== '') {
+                    	$i--;
+                    }
                     continue;
                 }
-                if ($string[$i] === "\n") continue;
+                if ($string[$i] === "\n") {
+                	continue;
+                }
             }
             $ret .= $string[$i];
         }

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php

Indentation +56 added lines, -56 removed lines

@@ -14,73 +14,73 @@
 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
 {
 
-    public function validate($css, $config, $context) {
+	public function validate($css, $config, $context) {
 
-        $css = $this->parseCDATA($css);
+		$css = $this->parseCDATA($css);
 
-        $definition = $config->getCSSDefinition();
+		$definition = $config->getCSSDefinition();
 
-        // we're going to break the spec and explode by semicolons.
-        // This is because semicolon rarely appears in escaped form
-        // Doing this is generally flaky but fast
-        // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
-        // for details
+		// we're going to break the spec and explode by semicolons.
+		// This is because semicolon rarely appears in escaped form
+		// Doing this is generally flaky but fast
+		// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
+		// for details
 
-        $declarations = explode(';', $css);
-        $propvalues = array();
+		$declarations = explode(';', $css);
+		$propvalues = array();
 
-        /**
-         * Name of the current CSS property being validated.
-         */
-        $property = false;
-        $context->register('CurrentCSSProperty', $property);
+		/**
+		 * Name of the current CSS property being validated.
+		 */
+		$property = false;
+		$context->register('CurrentCSSProperty', $property);
 
-        foreach ($declarations as $declaration) {
-            if (!$declaration) continue;
-            if (!strpos($declaration, ':')) continue;
-            list($property, $value) = explode(':', $declaration, 2);
-            $property = trim($property);
-            $value    = trim($value);
-            $ok = false;
-            do {
-                if (isset($definition->info[$property])) {
-                    $ok = true;
-                    break;
-                }
-                if (ctype_lower($property)) break;
-                $property = strtolower($property);
-                if (isset($definition->info[$property])) {
-                    $ok = true;
-                    break;
-                }
-            } while(0);
-            if (!$ok) continue;
-            // inefficient call, since the validator will do this again
-            if (strtolower(trim($value)) !== 'inherit') {
-                // inherit works for everything (but only on the base property)
-                $result = $definition->info[$property]->validate(
-                    $value, $config, $context );
-            } else {
-                $result = 'inherit';
-            }
-            if ($result === false) continue;
-            $propvalues[$property] = $result;
-        }
+		foreach ($declarations as $declaration) {
+			if (!$declaration) continue;
+			if (!strpos($declaration, ':')) continue;
+			list($property, $value) = explode(':', $declaration, 2);
+			$property = trim($property);
+			$value    = trim($value);
+			$ok = false;
+			do {
+				if (isset($definition->info[$property])) {
+					$ok = true;
+					break;
+				}
+				if (ctype_lower($property)) break;
+				$property = strtolower($property);
+				if (isset($definition->info[$property])) {
+					$ok = true;
+					break;
+				}
+			} while(0);
+			if (!$ok) continue;
+			// inefficient call, since the validator will do this again
+			if (strtolower(trim($value)) !== 'inherit') {
+				// inherit works for everything (but only on the base property)
+				$result = $definition->info[$property]->validate(
+					$value, $config, $context );
+			} else {
+				$result = 'inherit';
+			}
+			if ($result === false) continue;
+			$propvalues[$property] = $result;
+		}
 
-        $context->destroy('CurrentCSSProperty');
+		$context->destroy('CurrentCSSProperty');
 
-        // procedure does not write the new CSS simultaneously, so it's
-        // slightly inefficient, but it's the only way of getting rid of
-        // duplicates. Perhaps config to optimize it, but not now.
+		// procedure does not write the new CSS simultaneously, so it's
+		// slightly inefficient, but it's the only way of getting rid of
+		// duplicates. Perhaps config to optimize it, but not now.
 
-        $new_declarations = '';
-        foreach ($propvalues as $prop => $value) {
-            $new_declarations .= "$prop:$value;";
-        }
+		$new_declarations = '';
+		foreach ($propvalues as $prop => $value) {
+			$new_declarations .= "$prop:$value;";
+		}
 
-        return $new_declarations ? $new_declarations : false;
+		return $new_declarations ? $new_declarations : false;
 
-    }
+	}
 
 }
 

Spacing +1 added lines, -1 removed lines

@@ -53,7 +53,7 @@
                     $ok = true;
                     break;
                 }
-            } while(0);
+            } while (0);
             if (!$ok) continue;
             // inefficient call, since the validator will do this again
             if (strtolower(trim($value)) !== 'inherit') {

Braces +15 added lines, -5 removed lines

@@ -36,8 +36,12 @@ 
         $context->register('CurrentCSSProperty', $property);
 
         foreach ($declarations as $declaration) {
-            if (!$declaration) continue;
-            if (!strpos($declaration, ':')) continue;
+            if (!$declaration) {
+            	continue;
+            }
+            if (!strpos($declaration, ':')) {
+            	continue;
+            }
             list($property, $value) = explode(':', $declaration, 2);
             $property = trim($property);
             $value    = trim($value);
@@ -47,14 +51,18 @@ 
                     $ok = true;
                     break;
                 }
-                if (ctype_lower($property)) break;
+                if (ctype_lower($property)) {
+                	break;
+                }
                 $property = strtolower($property);
                 if (isset($definition->info[$property])) {
                     $ok = true;
                     break;
                 }
             } while(0);
-            if (!$ok) continue;
+            if (!$ok) {
+            	continue;
+            }
             // inefficient call, since the validator will do this again
             if (strtolower(trim($value)) !== 'inherit') {
                 // inherit works for everything (but only on the base property)
@@ -63,7 +71,9 @@ 
             } else {
                 $result = 'inherit';
             }
-            if ($result === false) continue;
+            if ($result === false) {
+            	continue;
+            }
             $propvalues[$property] = $result;
         }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php

Indentation +11 added lines, -11 removed lines

@@ -3,18 +3,18 @@
 class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
 {
 
-    public function __construct() {
-        parent::__construct(false); // opacity is non-negative, but we will clamp it
-    }
+	public function __construct() {
+		parent::__construct(false); // opacity is non-negative, but we will clamp it
+	}
 
-    public function validate($number, $config, $context) {
-        $result = parent::validate($number, $config, $context);
-        if ($result === false) return $result;
-        $float = (float) $result;
-        if ($float < 0.0) $result = '0';
-        if ($float > 1.0) $result = '1';
-        return $result;
-    }
+	public function validate($number, $config, $context) {
+		$result = parent::validate($number, $config, $context);
+		if ($result === false) return $result;
+		$float = (float) $result;
+		if ($float < 0.0) $result = '0';
+		if ($float > 1.0) $result = '1';
+		return $result;
+	}
 
 }
 

Braces +9 added lines, -3 removed lines

@@ -9,10 +9,16 @@
 
     public function validate($number, $config, $context) {
         $result = parent::validate($number, $config, $context);
-        if ($result === false) return $result;
+        if ($result === false) {
+        	return $result;
+        }
         $float = (float) $result;
-        if ($float < 0.0) $result = '0';
-        if ($float > 1.0) $result = '1';
+        if ($float < 0.0) {
+        	$result = '0';
+        }
+        if ($float > 1.0) {
+        	$result = '1';
+        }
         return $result;
     }