xpressengine /
xe-core
@@ -7,71 +7,71 @@ |
||
| 7 | 7 | class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - /** |
|
| 11 | - * Local copy of component validators. |
|
| 12 | - * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. |
|
| 13 | - */ |
|
| 14 | - protected $info; |
|
| 15 | - |
|
| 16 | - public function __construct($config) { |
|
| 17 | - $def = $config->getCSSDefinition(); |
|
| 18 | - $this->info['list-style-type'] = $def->info['list-style-type']; |
|
| 19 | - $this->info['list-style-position'] = $def->info['list-style-position']; |
|
| 20 | - $this->info['list-style-image'] = $def->info['list-style-image']; |
|
| 21 | - } |
|
| 22 | - |
|
| 23 | - public function validate($string, $config, $context) { |
|
| 24 | - |
|
| 25 | - // regular pre-processing |
|
| 26 | - $string = $this->parseCDATA($string); |
|
| 27 | - if ($string === '') return false; |
|
| 28 | - |
|
| 29 | - // assumes URI doesn't have spaces in it |
|
| 30 | - $bits = explode(' ', strtolower($string)); // bits to process |
|
| 31 | - |
|
| 32 | - $caught = array(); |
|
| 33 | - $caught['type'] = false; |
|
| 34 | - $caught['position'] = false; |
|
| 35 | - $caught['image'] = false; |
|
| 36 | - |
|
| 37 | - $i = 0; // number of catches |
|
| 38 | - $none = false; |
|
| 39 | - |
|
| 40 | - foreach ($bits as $bit) { |
|
| 41 | - if ($i >= 3) return; // optimization bit |
|
| 42 | - if ($bit === '') continue; |
|
| 43 | - foreach ($caught as $key => $status) { |
|
| 44 | - if ($status !== false) continue; |
|
| 45 | - $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); |
|
| 46 | - if ($r === false) continue; |
|
| 47 | - if ($r === 'none') { |
|
| 48 | - if ($none) continue; |
|
| 49 | - else $none = true; |
|
| 50 | - if ($key == 'image') continue; |
|
| 51 | - } |
|
| 52 | - $caught[$key] = $r; |
|
| 53 | - $i++; |
|
| 54 | - break; |
|
| 55 | - } |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - if (!$i) return false; |
|
| 59 | - |
|
| 60 | - $ret = array(); |
|
| 61 | - |
|
| 62 | - // construct type |
|
| 63 | - if ($caught['type']) $ret[] = $caught['type']; |
|
| 64 | - |
|
| 65 | - // construct image |
|
| 66 | - if ($caught['image']) $ret[] = $caught['image']; |
|
| 67 | - |
|
| 68 | - // construct position |
|
| 69 | - if ($caught['position']) $ret[] = $caught['position']; |
|
| 70 | - |
|
| 71 | - if (empty($ret)) return false; |
|
| 72 | - return implode(' ', $ret); |
|
| 73 | - |
|
| 74 | - } |
|
| 10 | + /** |
|
| 11 | + * Local copy of component validators. |
|
| 12 | + * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl. |
|
| 13 | + */ |
|
| 14 | + protected $info; |
|
| 15 | + |
|
| 16 | + public function __construct($config) { |
|
| 17 | + $def = $config->getCSSDefinition(); |
|
| 18 | + $this->info['list-style-type'] = $def->info['list-style-type']; |
|
| 19 | + $this->info['list-style-position'] = $def->info['list-style-position']; |
|
| 20 | + $this->info['list-style-image'] = $def->info['list-style-image']; |
|
| 21 | + } |
|
| 22 | + |
|
| 23 | + public function validate($string, $config, $context) { |
|
| 24 | + |
|
| 25 | + // regular pre-processing |
|
| 26 | + $string = $this->parseCDATA($string); |
|
| 27 | + if ($string === '') return false; |
|
| 28 | + |
|
| 29 | + // assumes URI doesn't have spaces in it |
|
| 30 | + $bits = explode(' ', strtolower($string)); // bits to process |
|
| 31 | + |
|
| 32 | + $caught = array(); |
|
| 33 | + $caught['type'] = false; |
|
| 34 | + $caught['position'] = false; |
|
| 35 | + $caught['image'] = false; |
|
| 36 | + |
|
| 37 | + $i = 0; // number of catches |
|
| 38 | + $none = false; |
|
| 39 | + |
|
| 40 | + foreach ($bits as $bit) { |
|
| 41 | + if ($i >= 3) return; // optimization bit |
|
| 42 | + if ($bit === '') continue; |
|
| 43 | + foreach ($caught as $key => $status) { |
|
| 44 | + if ($status !== false) continue; |
|
| 45 | + $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); |
|
| 46 | + if ($r === false) continue; |
|
| 47 | + if ($r === 'none') { |
|
| 48 | + if ($none) continue; |
|
| 49 | + else $none = true; |
|
| 50 | + if ($key == 'image') continue; |
|
| 51 | + } |
|
| 52 | + $caught[$key] = $r; |
|
| 53 | + $i++; |
|
| 54 | + break; |
|
| 55 | + } |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + if (!$i) return false; |
|
| 59 | + |
|
| 60 | + $ret = array(); |
|
| 61 | + |
|
| 62 | + // construct type |
|
| 63 | + if ($caught['type']) $ret[] = $caught['type']; |
|
| 64 | + |
|
| 65 | + // construct image |
|
| 66 | + if ($caught['image']) $ret[] = $caught['image']; |
|
| 67 | + |
|
| 68 | + // construct position |
|
| 69 | + if ($caught['position']) $ret[] = $caught['position']; |
|
| 70 | + |
|
| 71 | + if (empty($ret)) return false; |
|
| 72 | + return implode(' ', $ret); |
|
| 73 | + |
|
| 74 | + } |
|
| 75 | 75 | |
| 76 | 76 | } |
| 77 | 77 | |
@@ -24,7 +24,9 @@ discard block |
||
| 24 | 24 | |
| 25 | 25 | // regular pre-processing |
| 26 | 26 | $string = $this->parseCDATA($string); |
| 27 | - if ($string === '') return false; |
|
| 27 | + if ($string === '') { |
|
| 28 | + return false; |
|
| 29 | + } |
|
| 28 | 30 | |
| 29 | 31 | // assumes URI doesn't have spaces in it |
| 30 | 32 | $bits = explode(' ', strtolower($string)); // bits to process |
@@ -38,16 +40,30 @@ discard block |
||
| 38 | 40 | $none = false; |
| 39 | 41 | |
| 40 | 42 | foreach ($bits as $bit) { |
| 41 | - if ($i >= 3) return; // optimization bit |
|
| 42 | - if ($bit === '') continue; |
|
| 43 | + if ($i >= 3) { |
|
| 44 | + return; |
|
| 45 | + } |
|
| 46 | + // optimization bit |
|
| 47 | + if ($bit === '') { |
|
| 48 | + continue; |
|
| 49 | + } |
|
| 43 | 50 | foreach ($caught as $key => $status) { |
| 44 | - if ($status !== false) continue; |
|
| 51 | + if ($status !== false) { |
|
| 52 | + continue; |
|
| 53 | + } |
|
| 45 | 54 | $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); |
| 46 | - if ($r === false) continue; |
|
| 55 | + if ($r === false) { |
|
| 56 | + continue; |
|
| 57 | + } |
|
| 47 | 58 | if ($r === 'none') { |
| 48 | - if ($none) continue; |
|
| 49 | - else $none = true; |
|
| 50 | - if ($key == 'image') continue; |
|
| 59 | + if ($none) { |
|
| 60 | + continue; |
|
| 61 | + } else { |
|
| 62 | + $none = true; |
|
| 63 | + } |
|
| 64 | + if ($key == 'image') { |
|
| 65 | + continue; |
|
| 66 | + } |
|
| 51 | 67 | } |
| 52 | 68 | $caught[$key] = $r; |
| 53 | 69 | $i++; |
@@ -55,20 +71,30 @@ discard block |
||
| 55 | 71 | } |
| 56 | 72 | } |
| 57 | 73 | |
| 58 | - if (!$i) return false; |
|
| 74 | + if (!$i) { |
|
| 75 | + return false; |
|
| 76 | + } |
|
| 59 | 77 | |
| 60 | 78 | $ret = array(); |
| 61 | 79 | |
| 62 | 80 | // construct type |
| 63 | - if ($caught['type']) $ret[] = $caught['type']; |
|
| 81 | + if ($caught['type']) { |
|
| 82 | + $ret[] = $caught['type']; |
|
| 83 | + } |
|
| 64 | 84 | |
| 65 | 85 | // construct image |
| 66 | - if ($caught['image']) $ret[] = $caught['image']; |
|
| 86 | + if ($caught['image']) { |
|
| 87 | + $ret[] = $caught['image']; |
|
| 88 | + } |
|
| 67 | 89 | |
| 68 | 90 | // construct position |
| 69 | - if ($caught['position']) $ret[] = $caught['position']; |
|
| 91 | + if ($caught['position']) { |
|
| 92 | + $ret[] = $caught['position']; |
|
| 93 | + } |
|
| 70 | 94 | |
| 71 | - if (empty($ret)) return false; |
|
| 95 | + if (empty($ret)) { |
|
| 96 | + return false; |
|
| 97 | + } |
|
| 72 | 98 | return implode(' ', $ret); |
| 73 | 99 | |
| 74 | 100 | } |
@@ -42,7 +42,7 @@ |
||
| 42 | 42 | if ($bit === '') continue; |
| 43 | 43 | foreach ($caught as $key => $status) { |
| 44 | 44 | if ($status !== false) continue; |
| 45 | - $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); |
|
| 45 | + $r = $this->info['list-style-'.$key]->validate($bit, $config, $context); |
|
| 46 | 46 | if ($r === false) continue; |
| 47 | 47 | if ($r === 'none') { |
| 48 | 48 | if ($none) continue; |
@@ -14,44 +14,44 @@ |
||
| 14 | 14 | class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef |
| 15 | 15 | { |
| 16 | 16 | |
| 17 | - /** |
|
| 18 | - * Instance of component definition to defer validation to. |
|
| 19 | - * @todo Make protected |
|
| 20 | - */ |
|
| 21 | - public $single; |
|
| 17 | + /** |
|
| 18 | + * Instance of component definition to defer validation to. |
|
| 19 | + * @todo Make protected |
|
| 20 | + */ |
|
| 21 | + public $single; |
|
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * Max number of values allowed. |
|
| 25 | - * @todo Make protected |
|
| 26 | - */ |
|
| 27 | - public $max; |
|
| 23 | + /** |
|
| 24 | + * Max number of values allowed. |
|
| 25 | + * @todo Make protected |
|
| 26 | + */ |
|
| 27 | + public $max; |
|
| 28 | 28 | |
| 29 | - /** |
|
| 30 | - * @param $single HTMLPurifier_AttrDef to multiply |
|
| 31 | - * @param $max Max number of values allowed (usually four) |
|
| 32 | - */ |
|
| 33 | - public function __construct($single, $max = 4) { |
|
| 34 | - $this->single = $single; |
|
| 35 | - $this->max = $max; |
|
| 36 | - } |
|
| 29 | + /** |
|
| 30 | + * @param $single HTMLPurifier_AttrDef to multiply |
|
| 31 | + * @param $max Max number of values allowed (usually four) |
|
| 32 | + */ |
|
| 33 | + public function __construct($single, $max = 4) { |
|
| 34 | + $this->single = $single; |
|
| 35 | + $this->max = $max; |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - public function validate($string, $config, $context) { |
|
| 39 | - $string = $this->parseCDATA($string); |
|
| 40 | - if ($string === '') return false; |
|
| 41 | - $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n |
|
| 42 | - $length = count($parts); |
|
| 43 | - $final = ''; |
|
| 44 | - for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { |
|
| 45 | - if (ctype_space($parts[$i])) continue; |
|
| 46 | - $result = $this->single->validate($parts[$i], $config, $context); |
|
| 47 | - if ($result !== false) { |
|
| 48 | - $final .= $result . ' '; |
|
| 49 | - $num++; |
|
| 50 | - } |
|
| 51 | - } |
|
| 52 | - if ($final === '') return false; |
|
| 53 | - return rtrim($final); |
|
| 54 | - } |
|
| 38 | + public function validate($string, $config, $context) { |
|
| 39 | + $string = $this->parseCDATA($string); |
|
| 40 | + if ($string === '') return false; |
|
| 41 | + $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n |
|
| 42 | + $length = count($parts); |
|
| 43 | + $final = ''; |
|
| 44 | + for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { |
|
| 45 | + if (ctype_space($parts[$i])) continue; |
|
| 46 | + $result = $this->single->validate($parts[$i], $config, $context); |
|
| 47 | + if ($result !== false) { |
|
| 48 | + $final .= $result . ' '; |
|
| 49 | + $num++; |
|
| 50 | + } |
|
| 51 | + } |
|
| 52 | + if ($final === '') return false; |
|
| 53 | + return rtrim($final); |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | 56 | } |
| 57 | 57 | |
@@ -37,19 +37,25 @@ |
||
| 37 | 37 | |
| 38 | 38 | public function validate($string, $config, $context) { |
| 39 | 39 | $string = $this->parseCDATA($string); |
| 40 | - if ($string === '') return false; |
|
| 40 | + if ($string === '') { |
|
| 41 | + return false; |
|
| 42 | + } |
|
| 41 | 43 | $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n |
| 42 | 44 | $length = count($parts); |
| 43 | 45 | $final = ''; |
| 44 | 46 | for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { |
| 45 | - if (ctype_space($parts[$i])) continue; |
|
| 47 | + if (ctype_space($parts[$i])) { |
|
| 48 | + continue; |
|
| 49 | + } |
|
| 46 | 50 | $result = $this->single->validate($parts[$i], $config, $context); |
| 47 | 51 | if ($result !== false) { |
| 48 | 52 | $final .= $result . ' '; |
| 49 | 53 | $num++; |
| 50 | 54 | } |
| 51 | 55 | } |
| 52 | - if ($final === '') return false; |
|
| 56 | + if ($final === '') { |
|
| 57 | + return false; |
|
| 58 | + } |
|
| 53 | 59 | return rtrim($final); |
| 54 | 60 | } |
| 55 | 61 | |
@@ -45,7 +45,7 @@ |
||
| 45 | 45 | if (ctype_space($parts[$i])) continue; |
| 46 | 46 | $result = $this->single->validate($parts[$i], $config, $context); |
| 47 | 47 | if ($result !== false) { |
| 48 | - $final .= $result . ' '; |
|
| 48 | + $final .= $result.' '; |
|
| 49 | 49 | $num++; |
| 50 | 50 | } |
| 51 | 51 | } |
@@ -6,63 +6,63 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - /** |
|
| 10 | - * Bool indicating whether or not only positive values allowed. |
|
| 11 | - */ |
|
| 12 | - protected $non_negative = false; |
|
| 13 | - |
|
| 14 | - /** |
|
| 15 | - * @param $non_negative Bool indicating whether negatives are forbidden |
|
| 16 | - */ |
|
| 17 | - public function __construct($non_negative = false) { |
|
| 18 | - $this->non_negative = $non_negative; |
|
| 19 | - } |
|
| 20 | - |
|
| 21 | - /** |
|
| 22 | - * @warning Some contexts do not pass $config, $context. These |
|
| 23 | - * variables should not be used without checking HTMLPurifier_Length |
|
| 24 | - */ |
|
| 25 | - public function validate($number, $config, $context) { |
|
| 26 | - |
|
| 27 | - $number = $this->parseCDATA($number); |
|
| 28 | - |
|
| 29 | - if ($number === '') return false; |
|
| 30 | - if ($number === '0') return '0'; |
|
| 31 | - |
|
| 32 | - $sign = ''; |
|
| 33 | - switch ($number[0]) { |
|
| 34 | - case '-': |
|
| 35 | - if ($this->non_negative) return false; |
|
| 36 | - $sign = '-'; |
|
| 37 | - case '+': |
|
| 38 | - $number = substr($number, 1); |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - if (ctype_digit($number)) { |
|
| 42 | - $number = ltrim($number, '0'); |
|
| 43 | - return $number ? $sign . $number : '0'; |
|
| 44 | - } |
|
| 45 | - |
|
| 46 | - // Period is the only non-numeric character allowed |
|
| 47 | - if (strpos($number, '.') === false) return false; |
|
| 48 | - |
|
| 49 | - list($left, $right) = explode('.', $number, 2); |
|
| 50 | - |
|
| 51 | - if ($left === '' && $right === '') return false; |
|
| 52 | - if ($left !== '' && !ctype_digit($left)) return false; |
|
| 53 | - |
|
| 54 | - $left = ltrim($left, '0'); |
|
| 55 | - $right = rtrim($right, '0'); |
|
| 56 | - |
|
| 57 | - if ($right === '') { |
|
| 58 | - return $left ? $sign . $left : '0'; |
|
| 59 | - } elseif (!ctype_digit($right)) { |
|
| 60 | - return false; |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - return $sign . $left . '.' . $right; |
|
| 64 | - |
|
| 65 | - } |
|
| 9 | + /** |
|
| 10 | + * Bool indicating whether or not only positive values allowed. |
|
| 11 | + */ |
|
| 12 | + protected $non_negative = false; |
|
| 13 | + |
|
| 14 | + /** |
|
| 15 | + * @param $non_negative Bool indicating whether negatives are forbidden |
|
| 16 | + */ |
|
| 17 | + public function __construct($non_negative = false) { |
|
| 18 | + $this->non_negative = $non_negative; |
|
| 19 | + } |
|
| 20 | + |
|
| 21 | + /** |
|
| 22 | + * @warning Some contexts do not pass $config, $context. These |
|
| 23 | + * variables should not be used without checking HTMLPurifier_Length |
|
| 24 | + */ |
|
| 25 | + public function validate($number, $config, $context) { |
|
| 26 | + |
|
| 27 | + $number = $this->parseCDATA($number); |
|
| 28 | + |
|
| 29 | + if ($number === '') return false; |
|
| 30 | + if ($number === '0') return '0'; |
|
| 31 | + |
|
| 32 | + $sign = ''; |
|
| 33 | + switch ($number[0]) { |
|
| 34 | + case '-': |
|
| 35 | + if ($this->non_negative) return false; |
|
| 36 | + $sign = '-'; |
|
| 37 | + case '+': |
|
| 38 | + $number = substr($number, 1); |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + if (ctype_digit($number)) { |
|
| 42 | + $number = ltrim($number, '0'); |
|
| 43 | + return $number ? $sign . $number : '0'; |
|
| 44 | + } |
|
| 45 | + |
|
| 46 | + // Period is the only non-numeric character allowed |
|
| 47 | + if (strpos($number, '.') === false) return false; |
|
| 48 | + |
|
| 49 | + list($left, $right) = explode('.', $number, 2); |
|
| 50 | + |
|
| 51 | + if ($left === '' && $right === '') return false; |
|
| 52 | + if ($left !== '' && !ctype_digit($left)) return false; |
|
| 53 | + |
|
| 54 | + $left = ltrim($left, '0'); |
|
| 55 | + $right = rtrim($right, '0'); |
|
| 56 | + |
|
| 57 | + if ($right === '') { |
|
| 58 | + return $left ? $sign . $left : '0'; |
|
| 59 | + } elseif (!ctype_digit($right)) { |
|
| 60 | + return false; |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + return $sign . $left . '.' . $right; |
|
| 64 | + |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | 67 | } |
| 68 | 68 | |
@@ -26,13 +26,19 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | $number = $this->parseCDATA($number); |
| 28 | 28 | |
| 29 | - if ($number === '') return false; |
|
| 30 | - if ($number === '0') return '0'; |
|
| 29 | + if ($number === '') { |
|
| 30 | + return false; |
|
| 31 | + } |
|
| 32 | + if ($number === '0') { |
|
| 33 | + return '0'; |
|
| 34 | + } |
|
| 31 | 35 | |
| 32 | 36 | $sign = ''; |
| 33 | 37 | switch ($number[0]) { |
| 34 | 38 | case '-': |
| 35 | - if ($this->non_negative) return false; |
|
| 39 | + if ($this->non_negative) { |
|
| 40 | + return false; |
|
| 41 | + } |
|
| 36 | 42 | $sign = '-'; |
| 37 | 43 | case '+': |
| 38 | 44 | $number = substr($number, 1); |
@@ -44,12 +50,18 @@ discard block |
||
| 44 | 50 | } |
| 45 | 51 | |
| 46 | 52 | // Period is the only non-numeric character allowed |
| 47 | - if (strpos($number, '.') === false) return false; |
|
| 53 | + if (strpos($number, '.') === false) { |
|
| 54 | + return false; |
|
| 55 | + } |
|
| 48 | 56 | |
| 49 | 57 | list($left, $right) = explode('.', $number, 2); |
| 50 | 58 | |
| 51 | - if ($left === '' && $right === '') return false; |
|
| 52 | - if ($left !== '' && !ctype_digit($left)) return false; |
|
| 59 | + if ($left === '' && $right === '') { |
|
| 60 | + return false; |
|
| 61 | + } |
|
| 62 | + if ($left !== '' && !ctype_digit($left)) { |
|
| 63 | + return false; |
|
| 64 | + } |
|
| 53 | 65 | |
| 54 | 66 | $left = ltrim($left, '0'); |
| 55 | 67 | $right = rtrim($right, '0'); |
@@ -40,7 +40,7 @@ discard block |
||
| 40 | 40 | |
| 41 | 41 | if (ctype_digit($number)) { |
| 42 | 42 | $number = ltrim($number, '0'); |
| 43 | - return $number ? $sign . $number : '0'; |
|
| 43 | + return $number ? $sign.$number : '0'; |
|
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | // Period is the only non-numeric character allowed |
@@ -51,16 +51,16 @@ discard block |
||
| 51 | 51 | if ($left === '' && $right === '') return false; |
| 52 | 52 | if ($left !== '' && !ctype_digit($left)) return false; |
| 53 | 53 | |
| 54 | - $left = ltrim($left, '0'); |
|
| 54 | + $left = ltrim($left, '0'); |
|
| 55 | 55 | $right = rtrim($right, '0'); |
| 56 | 56 | |
| 57 | 57 | if ($right === '') { |
| 58 | - return $left ? $sign . $left : '0'; |
|
| 58 | + return $left ? $sign.$left : '0'; |
|
| 59 | 59 | } elseif (!ctype_digit($right)) { |
| 60 | 60 | return false; |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | - return $sign . $left . '.' . $right; |
|
| 63 | + return $sign.$left.'.'.$right; |
|
| 64 | 64 | |
| 65 | 65 | } |
| 66 | 66 | |
@@ -6,34 +6,34 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - /** |
|
| 10 | - * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation |
|
| 11 | - */ |
|
| 12 | - protected $number_def; |
|
| 9 | + /** |
|
| 10 | + * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation |
|
| 11 | + */ |
|
| 12 | + protected $number_def; |
|
| 13 | 13 | |
| 14 | - /** |
|
| 15 | - * @param Bool indicating whether to forbid negative values |
|
| 16 | - */ |
|
| 17 | - public function __construct($non_negative = false) { |
|
| 18 | - $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); |
|
| 19 | - } |
|
| 14 | + /** |
|
| 15 | + * @param Bool indicating whether to forbid negative values |
|
| 16 | + */ |
|
| 17 | + public function __construct($non_negative = false) { |
|
| 18 | + $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); |
|
| 19 | + } |
|
| 20 | 20 | |
| 21 | - public function validate($string, $config, $context) { |
|
| 21 | + public function validate($string, $config, $context) { |
|
| 22 | 22 | |
| 23 | - $string = $this->parseCDATA($string); |
|
| 23 | + $string = $this->parseCDATA($string); |
|
| 24 | 24 | |
| 25 | - if ($string === '') return false; |
|
| 26 | - $length = strlen($string); |
|
| 27 | - if ($length === 1) return false; |
|
| 28 | - if ($string[$length - 1] !== '%') return false; |
|
| 25 | + if ($string === '') return false; |
|
| 26 | + $length = strlen($string); |
|
| 27 | + if ($length === 1) return false; |
|
| 28 | + if ($string[$length - 1] !== '%') return false; |
|
| 29 | 29 | |
| 30 | - $number = substr($string, 0, $length - 1); |
|
| 31 | - $number = $this->number_def->validate($number, $config, $context); |
|
| 30 | + $number = substr($string, 0, $length - 1); |
|
| 31 | + $number = $this->number_def->validate($number, $config, $context); |
|
| 32 | 32 | |
| 33 | - if ($number === false) return false; |
|
| 34 | - return "$number%"; |
|
| 33 | + if ($number === false) return false; |
|
| 34 | + return "$number%"; |
|
| 35 | 35 | |
| 36 | - } |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | 38 | } |
| 39 | 39 | |
@@ -22,15 +22,23 @@ |
||
| 22 | 22 | |
| 23 | 23 | $string = $this->parseCDATA($string); |
| 24 | 24 | |
| 25 | - if ($string === '') return false; |
|
| 25 | + if ($string === '') { |
|
| 26 | + return false; |
|
| 27 | + } |
|
| 26 | 28 | $length = strlen($string); |
| 27 | - if ($length === 1) return false; |
|
| 28 | - if ($string[$length - 1] !== '%') return false; |
|
| 29 | + if ($length === 1) { |
|
| 30 | + return false; |
|
| 31 | + } |
|
| 32 | + if ($string[$length - 1] !== '%') { |
|
| 33 | + return false; |
|
| 34 | + } |
|
| 29 | 35 | |
| 30 | 36 | $number = substr($string, 0, $length - 1); |
| 31 | 37 | $number = $this->number_def->validate($number, $config, $context); |
| 32 | 38 | |
| 33 | - if ($number === false) return false; |
|
| 39 | + if ($number === false) { |
|
| 40 | + return false; |
|
| 41 | + } |
|
| 34 | 42 | return "$number%"; |
| 35 | 43 | |
| 36 | 44 | } |
@@ -8,30 +8,30 @@ |
||
| 8 | 8 | class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef |
| 9 | 9 | { |
| 10 | 10 | |
| 11 | - public function validate($string, $config, $context) { |
|
| 12 | - |
|
| 13 | - static $allowed_values = array( |
|
| 14 | - 'line-through' => true, |
|
| 15 | - 'overline' => true, |
|
| 16 | - 'underline' => true, |
|
| 17 | - ); |
|
| 18 | - |
|
| 19 | - $string = strtolower($this->parseCDATA($string)); |
|
| 20 | - |
|
| 21 | - if ($string === 'none') return $string; |
|
| 22 | - |
|
| 23 | - $parts = explode(' ', $string); |
|
| 24 | - $final = ''; |
|
| 25 | - foreach ($parts as $part) { |
|
| 26 | - if (isset($allowed_values[$part])) { |
|
| 27 | - $final .= $part . ' '; |
|
| 28 | - } |
|
| 29 | - } |
|
| 30 | - $final = rtrim($final); |
|
| 31 | - if ($final === '') return false; |
|
| 32 | - return $final; |
|
| 33 | - |
|
| 34 | - } |
|
| 11 | + public function validate($string, $config, $context) { |
|
| 12 | + |
|
| 13 | + static $allowed_values = array( |
|
| 14 | + 'line-through' => true, |
|
| 15 | + 'overline' => true, |
|
| 16 | + 'underline' => true, |
|
| 17 | + ); |
|
| 18 | + |
|
| 19 | + $string = strtolower($this->parseCDATA($string)); |
|
| 20 | + |
|
| 21 | + if ($string === 'none') return $string; |
|
| 22 | + |
|
| 23 | + $parts = explode(' ', $string); |
|
| 24 | + $final = ''; |
|
| 25 | + foreach ($parts as $part) { |
|
| 26 | + if (isset($allowed_values[$part])) { |
|
| 27 | + $final .= $part . ' '; |
|
| 28 | + } |
|
| 29 | + } |
|
| 30 | + $final = rtrim($final); |
|
| 31 | + if ($final === '') return false; |
|
| 32 | + return $final; |
|
| 33 | + |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -18,7 +18,9 @@ discard block |
||
| 18 | 18 | |
| 19 | 19 | $string = strtolower($this->parseCDATA($string)); |
| 20 | 20 | |
| 21 | - if ($string === 'none') return $string; |
|
| 21 | + if ($string === 'none') { |
|
| 22 | + return $string; |
|
| 23 | + } |
|
| 22 | 24 | |
| 23 | 25 | $parts = explode(' ', $string); |
| 24 | 26 | $final = ''; |
@@ -28,7 +30,9 @@ discard block |
||
| 28 | 30 | } |
| 29 | 31 | } |
| 30 | 32 | $final = rtrim($final); |
| 31 | - if ($final === '') return false; |
|
| 33 | + if ($final === '') { |
|
| 34 | + return false; |
|
| 35 | + } |
|
| 32 | 36 | return $final; |
| 33 | 37 | |
| 34 | 38 | } |
@@ -24,7 +24,7 @@ |
||
| 24 | 24 | $final = ''; |
| 25 | 25 | foreach ($parts as $part) { |
| 26 | 26 | if (isset($allowed_values[$part])) { |
| 27 | - $final .= $part . ' '; |
|
| 27 | + $final .= $part.' '; |
|
| 28 | 28 | } |
| 29 | 29 | } |
| 30 | 30 | $final = rtrim($final); |
@@ -12,49 +12,49 @@ |
||
| 12 | 12 | class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI |
| 13 | 13 | { |
| 14 | 14 | |
| 15 | - public function __construct() { |
|
| 16 | - parent::__construct(true); // always embedded |
|
| 17 | - } |
|
| 15 | + public function __construct() { |
|
| 16 | + parent::__construct(true); // always embedded |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | - public function validate($uri_string, $config, $context) { |
|
| 20 | - // parse the URI out of the string and then pass it onto |
|
| 21 | - // the parent object |
|
| 19 | + public function validate($uri_string, $config, $context) { |
|
| 20 | + // parse the URI out of the string and then pass it onto |
|
| 21 | + // the parent object |
|
| 22 | 22 | |
| 23 | - $uri_string = $this->parseCDATA($uri_string); |
|
| 24 | - if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 25 | - $uri_string = substr($uri_string, 4); |
|
| 26 | - $new_length = strlen($uri_string) - 1; |
|
| 27 | - if ($uri_string[$new_length] != ')') return false; |
|
| 28 | - $uri = trim(substr($uri_string, 0, $new_length)); |
|
| 23 | + $uri_string = $this->parseCDATA($uri_string); |
|
| 24 | + if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 25 | + $uri_string = substr($uri_string, 4); |
|
| 26 | + $new_length = strlen($uri_string) - 1; |
|
| 27 | + if ($uri_string[$new_length] != ')') return false; |
|
| 28 | + $uri = trim(substr($uri_string, 0, $new_length)); |
|
| 29 | 29 | |
| 30 | - if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
|
| 31 | - $quote = $uri[0]; |
|
| 32 | - $new_length = strlen($uri) - 1; |
|
| 33 | - if ($uri[$new_length] !== $quote) return false; |
|
| 34 | - $uri = substr($uri, 1, $new_length - 1); |
|
| 35 | - } |
|
| 30 | + if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
|
| 31 | + $quote = $uri[0]; |
|
| 32 | + $new_length = strlen($uri) - 1; |
|
| 33 | + if ($uri[$new_length] !== $quote) return false; |
|
| 34 | + $uri = substr($uri, 1, $new_length - 1); |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | - $uri = $this->expandCSSEscape($uri); |
|
| 37 | + $uri = $this->expandCSSEscape($uri); |
|
| 38 | 38 | |
| 39 | - $result = parent::validate($uri, $config, $context); |
|
| 39 | + $result = parent::validate($uri, $config, $context); |
|
| 40 | 40 | |
| 41 | - if ($result === false) return false; |
|
| 41 | + if ($result === false) return false; |
|
| 42 | 42 | |
| 43 | - // extra sanity check; should have been done by URI |
|
| 44 | - $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
|
| 43 | + // extra sanity check; should have been done by URI |
|
| 44 | + $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
|
| 45 | 45 | |
| 46 | - // suspicious characters are ()'; we're going to percent encode |
|
| 47 | - // them for safety. |
|
| 48 | - $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); |
|
| 46 | + // suspicious characters are ()'; we're going to percent encode |
|
| 47 | + // them for safety. |
|
| 48 | + $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); |
|
| 49 | 49 | |
| 50 | - // there's an extra bug where ampersands lose their escaping on |
|
| 51 | - // an innerHTML cycle, so a very unlucky query parameter could |
|
| 52 | - // then change the meaning of the URL. Unfortunately, there's |
|
| 53 | - // not much we can do about that... |
|
| 50 | + // there's an extra bug where ampersands lose their escaping on |
|
| 51 | + // an innerHTML cycle, so a very unlucky query parameter could |
|
| 52 | + // then change the meaning of the URL. Unfortunately, there's |
|
| 53 | + // not much we can do about that... |
|
| 54 | 54 | |
| 55 | - return "url(\"$result\")"; |
|
| 55 | + return "url(\"$result\")"; |
|
| 56 | 56 | |
| 57 | - } |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | 59 | } |
| 60 | 60 | |
@@ -21,16 +21,22 @@ discard block |
||
| 21 | 21 | // the parent object |
| 22 | 22 | |
| 23 | 23 | $uri_string = $this->parseCDATA($uri_string); |
| 24 | - if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 24 | + if (strpos($uri_string, 'url(') !== 0) { |
|
| 25 | + return false; |
|
| 26 | + } |
|
| 25 | 27 | $uri_string = substr($uri_string, 4); |
| 26 | 28 | $new_length = strlen($uri_string) - 1; |
| 27 | - if ($uri_string[$new_length] != ')') return false; |
|
| 29 | + if ($uri_string[$new_length] != ')') { |
|
| 30 | + return false; |
|
| 31 | + } |
|
| 28 | 32 | $uri = trim(substr($uri_string, 0, $new_length)); |
| 29 | 33 | |
| 30 | 34 | if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
| 31 | 35 | $quote = $uri[0]; |
| 32 | 36 | $new_length = strlen($uri) - 1; |
| 33 | - if ($uri[$new_length] !== $quote) return false; |
|
| 37 | + if ($uri[$new_length] !== $quote) { |
|
| 38 | + return false; |
|
| 39 | + } |
|
| 34 | 40 | $uri = substr($uri, 1, $new_length - 1); |
| 35 | 41 | } |
| 36 | 42 | |
@@ -38,7 +44,9 @@ discard block |
||
| 38 | 44 | |
| 39 | 45 | $result = parent::validate($uri, $config, $context); |
| 40 | 46 | |
| 41 | - if ($result === false) return false; |
|
| 47 | + if ($result === false) { |
|
| 48 | + return false; |
|
| 49 | + } |
|
| 42 | 50 | |
| 43 | 51 | // extra sanity check; should have been done by URI |
| 44 | 52 | $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
@@ -6,22 +6,22 @@ |
||
| 6 | 6 | */ |
| 7 | 7 | class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | - /** |
|
| 10 | - * What we're cloning |
|
| 11 | - */ |
|
| 12 | - protected $clone; |
|
| 9 | + /** |
|
| 10 | + * What we're cloning |
|
| 11 | + */ |
|
| 12 | + protected $clone; |
|
| 13 | 13 | |
| 14 | - public function __construct($clone) { |
|
| 15 | - $this->clone = $clone; |
|
| 16 | - } |
|
| 14 | + public function __construct($clone) { |
|
| 15 | + $this->clone = $clone; |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function validate($v, $config, $context) { |
|
| 19 | - return $this->clone->validate($v, $config, $context); |
|
| 20 | - } |
|
| 18 | + public function validate($v, $config, $context) { |
|
| 19 | + return $this->clone->validate($v, $config, $context); |
|
| 20 | + } |
|
| 21 | 21 | |
| 22 | - public function make($string) { |
|
| 23 | - return clone $this->clone; |
|
| 24 | - } |
|
| 22 | + public function make($string) { |
|
| 23 | + return clone $this->clone; |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | 26 | } |
| 27 | 27 | |
@@ -10,55 +10,55 @@ |
||
| 10 | 10 | class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef |
| 11 | 11 | { |
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * Lookup table of valid values. |
|
| 15 | - * @todo Make protected |
|
| 16 | - */ |
|
| 17 | - public $valid_values = array(); |
|
| 13 | + /** |
|
| 14 | + * Lookup table of valid values. |
|
| 15 | + * @todo Make protected |
|
| 16 | + */ |
|
| 17 | + public $valid_values = array(); |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * Bool indicating whether or not enumeration is case sensitive. |
|
| 21 | - * @note In general this is always case insensitive. |
|
| 22 | - */ |
|
| 23 | - protected $case_sensitive = false; // values according to W3C spec |
|
| 19 | + /** |
|
| 20 | + * Bool indicating whether or not enumeration is case sensitive. |
|
| 21 | + * @note In general this is always case insensitive. |
|
| 22 | + */ |
|
| 23 | + protected $case_sensitive = false; // values according to W3C spec |
|
| 24 | 24 | |
| 25 | - /** |
|
| 26 | - * @param $valid_values List of valid values |
|
| 27 | - * @param $case_sensitive Bool indicating whether or not case sensitive |
|
| 28 | - */ |
|
| 29 | - public function __construct( |
|
| 30 | - $valid_values = array(), $case_sensitive = false |
|
| 31 | - ) { |
|
| 32 | - $this->valid_values = array_flip($valid_values); |
|
| 33 | - $this->case_sensitive = $case_sensitive; |
|
| 34 | - } |
|
| 25 | + /** |
|
| 26 | + * @param $valid_values List of valid values |
|
| 27 | + * @param $case_sensitive Bool indicating whether or not case sensitive |
|
| 28 | + */ |
|
| 29 | + public function __construct( |
|
| 30 | + $valid_values = array(), $case_sensitive = false |
|
| 31 | + ) { |
|
| 32 | + $this->valid_values = array_flip($valid_values); |
|
| 33 | + $this->case_sensitive = $case_sensitive; |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - public function validate($string, $config, $context) { |
|
| 37 | - $string = trim($string); |
|
| 38 | - if (!$this->case_sensitive) { |
|
| 39 | - // we may want to do full case-insensitive libraries |
|
| 40 | - $string = ctype_lower($string) ? $string : strtolower($string); |
|
| 41 | - } |
|
| 42 | - $result = isset($this->valid_values[$string]); |
|
| 36 | + public function validate($string, $config, $context) { |
|
| 37 | + $string = trim($string); |
|
| 38 | + if (!$this->case_sensitive) { |
|
| 39 | + // we may want to do full case-insensitive libraries |
|
| 40 | + $string = ctype_lower($string) ? $string : strtolower($string); |
|
| 41 | + } |
|
| 42 | + $result = isset($this->valid_values[$string]); |
|
| 43 | 43 | |
| 44 | - return $result ? $string : false; |
|
| 45 | - } |
|
| 44 | + return $result ? $string : false; |
|
| 45 | + } |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * @param $string In form of comma-delimited list of case-insensitive |
|
| 49 | - * valid values. Example: "foo,bar,baz". Prepend "s:" to make |
|
| 50 | - * case sensitive |
|
| 51 | - */ |
|
| 52 | - public function make($string) { |
|
| 53 | - if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { |
|
| 54 | - $string = substr($string, 2); |
|
| 55 | - $sensitive = true; |
|
| 56 | - } else { |
|
| 57 | - $sensitive = false; |
|
| 58 | - } |
|
| 59 | - $values = explode(',', $string); |
|
| 60 | - return new HTMLPurifier_AttrDef_Enum($values, $sensitive); |
|
| 61 | - } |
|
| 47 | + /** |
|
| 48 | + * @param $string In form of comma-delimited list of case-insensitive |
|
| 49 | + * valid values. Example: "foo,bar,baz". Prepend "s:" to make |
|
| 50 | + * case sensitive |
|
| 51 | + */ |
|
| 52 | + public function make($string) { |
|
| 53 | + if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { |
|
| 54 | + $string = substr($string, 2); |
|
| 55 | + $sensitive = true; |
|
| 56 | + } else { |
|
| 57 | + $sensitive = false; |
|
| 58 | + } |
|
| 59 | + $values = explode(',', $string); |
|
| 60 | + return new HTMLPurifier_AttrDef_Enum($values, $sensitive); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | 63 | } |
| 64 | 64 | |
@@ -14,7 +14,7 @@ |
||
| 14 | 14 | * Lookup table of valid values. |
| 15 | 15 | * @todo Make protected |
| 16 | 16 | */ |
| 17 | - public $valid_values = array(); |
|
| 17 | + public $valid_values = array(); |
|
| 18 | 18 | |
| 19 | 19 | /** |
| 20 | 20 | * Bool indicating whether or not enumeration is case sensitive. |
@@ -6,22 +6,22 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - protected $name; |
|
| 10 | - public $minimized = true; |
|
| 9 | + protected $name; |
|
| 10 | + public $minimized = true; |
|
| 11 | 11 | |
| 12 | - public function __construct($name = false) {$this->name = $name;} |
|
| 12 | + public function __construct($name = false) {$this->name = $name;} |
|
| 13 | 13 | |
| 14 | - public function validate($string, $config, $context) { |
|
| 15 | - if (empty($string)) return false; |
|
| 16 | - return $this->name; |
|
| 17 | - } |
|
| 14 | + public function validate($string, $config, $context) { |
|
| 15 | + if (empty($string)) return false; |
|
| 16 | + return $this->name; |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * @param $string Name of attribute |
|
| 21 | - */ |
|
| 22 | - public function make($string) { |
|
| 23 | - return new HTMLPurifier_AttrDef_HTML_Bool($string); |
|
| 24 | - } |
|
| 19 | + /** |
|
| 20 | + * @param $string Name of attribute |
|
| 21 | + */ |
|
| 22 | + public function make($string) { |
|
| 23 | + return new HTMLPurifier_AttrDef_HTML_Bool($string); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | 26 | } |
| 27 | 27 | |
@@ -9,7 +9,7 @@ |
||
| 9 | 9 | protected $name; |
| 10 | 10 | public $minimized = true; |
| 11 | 11 | |
| 12 | - public function __construct($name = false) {$this->name = $name;} |
|
| 12 | + public function __construct($name = false) {$this->name = $name; } |
|
| 13 | 13 | |
| 14 | 14 | public function validate($string, $config, $context) { |
| 15 | 15 | if (empty($string)) return false; |
@@ -12,7 +12,9 @@ |
||
| 12 | 12 | public function __construct($name = false) {$this->name = $name;} |
| 13 | 13 | |
| 14 | 14 | public function validate($string, $config, $context) { |
| 15 | - if (empty($string)) return false; |
|
| 15 | + if (empty($string)) { |
|
| 16 | + return false; |
|
| 17 | + } |
|
| 16 | 18 | return $this->name; |
| 17 | 19 | } |
| 18 | 20 | |
