xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/Bootstrap.php

Indentation +70 added lines, -70 removed lines

@@ -2,22 +2,22 @@ 
 
 // constants are slow, so we use as few as possible
 if (!defined('HTMLPURIFIER_PREFIX')) {
-    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
+	define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
 }
 
 // accomodations for versions earlier than 5.0.2
 // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
 if (!defined('PHP_EOL')) {
-    switch (strtoupper(substr(PHP_OS, 0, 3))) {
-        case 'WIN':
-            define('PHP_EOL', "\r\n");
-            break;
-        case 'DAR':
-            define('PHP_EOL', "\r");
-            break;
-        default:
-            define('PHP_EOL', "\n");
-    }
+	switch (strtoupper(substr(PHP_OS, 0, 3))) {
+		case 'WIN':
+			define('PHP_EOL', "\r\n");
+			break;
+		case 'DAR':
+			define('PHP_EOL', "\r");
+			break;
+		default:
+			define('PHP_EOL', "\n");
+	}
 }
 
 /**
@@ -30,56 +30,56 @@ 
 class HTMLPurifier_Bootstrap
 {
 
-    /**
-     * Autoload function for HTML Purifier
-     * @param $class Class to load
-     */
-    public static function autoload($class) {
-        $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
-        // Technically speaking, it should be ok and more efficient to
-        // just do 'require', but Antonio Parraga reports that with
-        // Zend extensions such as Zend debugger and APC, this invariant
-        // may be broken.  Since we have efficient alternatives, pay
-        // the cost here and avoid the bug.
-        require_once HTMLPURIFIER_PREFIX . '/' . $file;
-        return true;
-    }
+	/**
+	 * Autoload function for HTML Purifier
+	 * @param $class Class to load
+	 */
+	public static function autoload($class) {
+		$file = HTMLPurifier_Bootstrap::getPath($class);
+		if (!$file) return false;
+		// Technically speaking, it should be ok and more efficient to
+		// just do 'require', but Antonio Parraga reports that with
+		// Zend extensions such as Zend debugger and APC, this invariant
+		// may be broken.  Since we have efficient alternatives, pay
+		// the cost here and avoid the bug.
+		require_once HTMLPURIFIER_PREFIX . '/' . $file;
+		return true;
+	}
 
-    /**
-     * Returns the path for a specific class.
-     */
-    public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
-        // Custom implementations
-        if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
-            $code = str_replace('_', '-', substr($class, 22));
-            $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
-        } else {
-            $file = str_replace('_', '/', $class) . '.php';
-        }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
-        return $file;
-    }
+	/**
+	 * Returns the path for a specific class.
+	 */
+	public static function getPath($class) {
+		if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+		// Custom implementations
+		if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
+			$code = str_replace('_', '-', substr($class, 22));
+			$file = 'HTMLPurifier/Language/classes/' . $code . '.php';
+		} else {
+			$file = str_replace('_', '/', $class) . '.php';
+		}
+		if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+		return $file;
+	}
 
-    /**
-     * "Pre-registers" our autoloader on the SPL stack.
-     */
-    public static function registerAutoload() {
-        $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
-            spl_autoload_register($autoload);
-        } elseif (function_exists('spl_autoload_unregister')) {
-            $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
-            $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
-                      version_compare(PHP_VERSION, '5.1.0', '>=');
-            foreach ($funcs as $func) {
-                if ($buggy && is_array($func)) {
-                    // :TRICKY: There are some compatibility issues and some
-                    // places where we need to error out
-                    $reflector = new ReflectionMethod($func[0], $func[1]);
-                    if (!$reflector->isStatic()) {
-                        throw new Exception('
+	/**
+	 * "Pre-registers" our autoloader on the SPL stack.
+	 */
+	public static function registerAutoload() {
+		$autoload = array('HTMLPurifier_Bootstrap', 'autoload');
+		if ( ($funcs = spl_autoload_functions()) === false ) {
+			spl_autoload_register($autoload);
+		} elseif (function_exists('spl_autoload_unregister')) {
+			$buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
+			$compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
+					  version_compare(PHP_VERSION, '5.1.0', '>=');
+			foreach ($funcs as $func) {
+				if ($buggy && is_array($func)) {
+					// :TRICKY: There are some compatibility issues and some
+					// places where we need to error out
+					$reflector = new ReflectionMethod($func[0], $func[1]);
+					if (!$reflector->isStatic()) {
+						throw new Exception('
                             HTML Purifier autoloader registrar is not compatible
                             with non-static object methods due to PHP Bug #44144;
                             Please do not use HTMLPurifier.autoload.php (or any
@@ -87,17 +87,17 @@ 
                             spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
                             after your own autoloaders.
                         ');
-                    }
-                    // Suprisingly, spl_autoload_register supports the
-                    // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
-                }
-                spl_autoload_unregister($func);
-            }
-            spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
-        }
-    }
+					}
+					// Suprisingly, spl_autoload_register supports the
+					// Class::staticMethod callback format, although call_user_func doesn't
+					if ($compat) $func = implode('::', $func);
+				}
+				spl_autoload_unregister($func);
+			}
+			spl_autoload_register($autoload);
+			foreach ($funcs as $func) spl_autoload_register($func);
+		}
+	}
 
 }
 

Braces +15 added lines, -5 removed lines

@@ -36,7 +36,9 @@ 
      */
     public static function autoload($class) {
         $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
+        if (!$file) {
+        	return false;
+        }
         // Technically speaking, it should be ok and more efficient to
         // just do 'require', but Antonio Parraga reports that with
         // Zend extensions such as Zend debugger and APC, this invariant
@@ -50,7 +52,9 @@ 
      * Returns the path for a specific class.
      */
     public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+        if (strncmp('HTMLPurifier', $class, 12) !== 0) {
+        	return false;
+        }
         // Custom implementations
         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
             $code = str_replace('_', '-', substr($class, 22));
@@ -58,7 +62,9 @@ 
         } else {
             $file = str_replace('_', '/', $class) . '.php';
         }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
+        	return false;
+        }
         return $file;
     }
 
@@ -90,12 +96,16 @@ 
                     }
                     // Suprisingly, spl_autoload_register supports the
                     // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
+                    if ($compat) {
+                    	$func = implode('::', $func);
+                    }
                 }
                 spl_autoload_unregister($func);
             }
             spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
+            foreach ($funcs as $func) {
+            	spl_autoload_register($func);
+            }
         }
     }
 

Spacing +6 added lines, -6 removed lines

@@ -2,7 +2,7 @@ 
 
 // constants are slow, so we use as few as possible
 if (!defined('HTMLPURIFIER_PREFIX')) {
-    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
+    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__).'/..'));
 }
 
 // accomodations for versions earlier than 5.0.2
@@ -42,7 +42,7 @@ 
         // Zend extensions such as Zend debugger and APC, this invariant
         // may be broken.  Since we have efficient alternatives, pay
         // the cost here and avoid the bug.
-        require_once HTMLPURIFIER_PREFIX . '/' . $file;
+        require_once HTMLPURIFIER_PREFIX.'/'.$file;
         return true;
     }
 
@@ -54,11 +54,11 @@ 
         // Custom implementations
         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
             $code = str_replace('_', '-', substr($class, 22));
-            $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
+            $file = 'HTMLPurifier/Language/classes/'.$code.'.php';
         } else {
-            $file = str_replace('_', '/', $class) . '.php';
+            $file = str_replace('_', '/', $class).'.php';
         }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+        if (!file_exists(HTMLPURIFIER_PREFIX.'/'.$file)) return false;
         return $file;
     }
 
@@ -67,7 +67,7 @@ 
      */
     public static function registerAutoload() {
         $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
+        if (($funcs = spl_autoload_functions()) === false) {
             spl_autoload_register($autoload);
         } elseif (function_exists('spl_autoload_unregister')) {
             $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');

classes/security/htmlpurifier/library/HTMLPurifier/CSSDefinition.php

Indentation +310 added lines, -310 removed lines

@@ -7,316 +7,316 @@
 class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
 {
 
-    public $type = 'CSS';
-
-    /**
-     * Assoc array of attribute name to definition object.
-     */
-    public $info = array();
-
-    /**
-     * Constructs the info array.  The meat of this class.
-     */
-    protected function doSetup($config) {
-
-        $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
-            array('left', 'right', 'center', 'justify'), false);
-
-        $border_style =
-        $this->info['border-bottom-style'] =
-        $this->info['border-right-style'] =
-        $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
-            array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
-            'groove', 'ridge', 'inset', 'outset'), false);
-
-        $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
-
-        $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right', 'both'), false);
-        $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right'), false);
-        $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'italic', 'oblique'), false);
-        $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'small-caps'), false);
-
-        $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
-                new HTMLPurifier_AttrDef_Enum(array('none')),
-                new HTMLPurifier_AttrDef_CSS_URI()
-            )
-        );
-
-        $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
-            array('inside', 'outside'), false);
-        $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
-            array('disc', 'circle', 'square', 'decimal', 'lower-roman',
-            'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
-        $this->info['list-style-image'] = $uri_or_none;
-
-        $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
-
-        $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
-            array('capitalize', 'uppercase', 'lowercase', 'none'), false);
-        $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
-
-        $this->info['background-image'] = $uri_or_none;
-        $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
-            array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
-        );
-        $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
-            array('scroll', 'fixed')
-        );
-        $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
-
-        $border_color =
-        $this->info['border-top-color'] =
-        $this->info['border-bottom-color'] =
-        $this->info['border-left-color'] =
-        $this->info['border-right-color'] =
-        $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('transparent')),
-            new HTMLPurifier_AttrDef_CSS_Color()
-        ));
-
-        $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
-
-        $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
-
-        $border_width =
-        $this->info['border-top-width'] =
-        $this->info['border-bottom-width'] =
-        $this->info['border-left-width'] =
-        $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
-            new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
-        ));
-
-        $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
-
-        $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
-                'small', 'medium', 'large', 'x-large', 'xx-large',
-                'larger', 'smaller')),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $margin =
-        $this->info['margin-top'] =
-        $this->info['margin-bottom'] =
-        $this->info['margin-left'] =
-        $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-
-        $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
-
-        // non-negative
-        $padding =
-        $this->info['padding-top'] =
-        $this->info['padding-bottom'] =
-        $this->info['padding-left'] =
-        $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
-
-        $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-        $max = $config->get('CSS.MaxImgLength');
-
-        $this->info['width'] =
-        $this->info['height'] =
-            $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
-                // For img tags:
-                new HTMLPurifier_AttrDef_CSS_Composite(array(
-                    new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                    new HTMLPurifier_AttrDef_Enum(array('auto'))
-                )),
-                // For everyone else:
-                $trusted_wh
-            );
-
-        $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
-
-        $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
-
-        // this could use specialized code
-        $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
-            '400', '500', '600', '700', '800', '900'), false);
-
-        // MUST be called after other font properties, as it references
-        // a CSSDefinition object
-        $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
-
-        // same here
-        $this->info['border'] =
-        $this->info['border-bottom'] =
-        $this->info['border-top'] =
-        $this->info['border-left'] =
-        $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
-
-        $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
-            'collapse', 'separate'));
-
-        $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
-            'top', 'bottom'));
-
-        $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
-            'auto', 'fixed'));
-
-        $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
-                'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
-
-        // partial support
-        $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
-
-        if ($config->get('CSS.Proprietary')) {
-            $this->doSetupProprietary($config);
-        }
-
-        if ($config->get('CSS.AllowTricky')) {
-            $this->doSetupTricky($config);
-        }
-
-        if ($config->get('CSS.Trusted')) {
-            $this->doSetupTrusted($config);
-        }
-
-        $allow_important = $config->get('CSS.AllowImportant');
-        // wrap all attr-defs with decorator that handles !important
-        foreach ($this->info as $k => $v) {
-            $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
-        }
-
-        $this->setupConfigStuff($config);
-    }
-
-    protected function doSetupProprietary($config) {
-        // Internet Explorer only scrollbar colors
-        $this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
-
-        // technically not proprietary, but CSS3, and no one supports it
-        $this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-
-        // only opacity, for now
-        $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
-
-    }
-
-    protected function doSetupTricky($config) {
-        $this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
-            'inline', 'block', 'list-item', 'run-in', 'compact',
-            'marker', 'table', 'inline-table', 'table-row-group',
-            'table-header-group', 'table-footer-group', 'table-row',
-            'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
-        ));
-        $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
-            'visible', 'hidden', 'collapse'
-        ));
-        $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
-    }
-
-    protected function doSetupTrusted($config) {
-        $this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
-            'static', 'relative', 'absolute', 'fixed'
-        ));
-        $this->info['top'] =
-        $this->info['left'] =
-        $this->info['right'] =
-        $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-        $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Integer(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-    }
-
-    /**
-     * Performs extra config-based processing. Based off of
-     * HTMLPurifier_HTMLDefinition.
-     * @todo Refactor duplicate elements into common class (probably using
-     *       composition, not inheritance).
-     */
-    protected function setupConfigStuff($config) {
-
-        // setup allowed elements
-        $support = "(for information on implementing this, see the ".
-                   "support forums) ";
-        $allowed_properties = $config->get('CSS.AllowedProperties');
-        if ($allowed_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
-                unset($allowed_properties[$name]);
-            }
-            // emit errors
-            foreach ($allowed_properties as $name => $d) {
-                // :TODO: Is this htmlspecialchars() call really necessary?
-                $name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
-                trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
-            }
-        }
-
-        $forbidden_properties = $config->get('CSS.ForbiddenProperties');
-        if ($forbidden_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if (isset($forbidden_properties[$name])) {
-                    unset($this->info[$name]);
-                }
-            }
-        }
-
-    }
+	public $type = 'CSS';
+
+	/**
+	 * Assoc array of attribute name to definition object.
+	 */
+	public $info = array();
+
+	/**
+	 * Constructs the info array.  The meat of this class.
+	 */
+	protected function doSetup($config) {
+
+		$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
+			array('left', 'right', 'center', 'justify'), false);
+
+		$border_style =
+		$this->info['border-bottom-style'] =
+		$this->info['border-right-style'] =
+		$this->info['border-left-style'] =
+		$this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+			array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
+			'groove', 'ridge', 'inset', 'outset'), false);
+
+		$this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
+
+		$this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right', 'both'), false);
+		$this->info['float'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right'), false);
+		$this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'italic', 'oblique'), false);
+		$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'small-caps'), false);
+
+		$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
+			array(
+				new HTMLPurifier_AttrDef_Enum(array('none')),
+				new HTMLPurifier_AttrDef_CSS_URI()
+			)
+		);
+
+		$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
+			array('inside', 'outside'), false);
+		$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
+			array('disc', 'circle', 'square', 'decimal', 'lower-roman',
+			'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
+		$this->info['list-style-image'] = $uri_or_none;
+
+		$this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
+
+		$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
+			array('capitalize', 'uppercase', 'lowercase', 'none'), false);
+		$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
+
+		$this->info['background-image'] = $uri_or_none;
+		$this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
+			array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
+		);
+		$this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
+			array('scroll', 'fixed')
+		);
+		$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
+
+		$border_color =
+		$this->info['border-top-color'] =
+		$this->info['border-bottom-color'] =
+		$this->info['border-left-color'] =
+		$this->info['border-right-color'] =
+		$this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('transparent')),
+			new HTMLPurifier_AttrDef_CSS_Color()
+		));
+
+		$this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
+
+		$this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
+
+		$border_width =
+		$this->info['border-top-width'] =
+		$this->info['border-bottom-width'] =
+		$this->info['border-left-width'] =
+		$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
+			new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
+		));
+
+		$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
+
+		$this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
+				'small', 'medium', 'large', 'x-large', 'xx-large',
+				'larger', 'smaller')),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$margin =
+		$this->info['margin-top'] =
+		$this->info['margin-bottom'] =
+		$this->info['margin-left'] =
+		$this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+
+		$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
+
+		// non-negative
+		$padding =
+		$this->info['padding-top'] =
+		$this->info['padding-bottom'] =
+		$this->info['padding-left'] =
+		$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
+
+		$this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+		$max = $config->get('CSS.MaxImgLength');
+
+		$this->info['width'] =
+		$this->info['height'] =
+			$max === null ?
+			$trusted_wh :
+			new HTMLPurifier_AttrDef_Switch('img',
+				// For img tags:
+				new HTMLPurifier_AttrDef_CSS_Composite(array(
+					new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+					new HTMLPurifier_AttrDef_Enum(array('auto'))
+				)),
+				// For everyone else:
+				$trusted_wh
+			);
+
+		$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
+
+		$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
+
+		// this could use specialized code
+		$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
+			'400', '500', '600', '700', '800', '900'), false);
+
+		// MUST be called after other font properties, as it references
+		// a CSSDefinition object
+		$this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
+
+		// same here
+		$this->info['border'] =
+		$this->info['border-bottom'] =
+		$this->info['border-top'] =
+		$this->info['border-left'] =
+		$this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
+
+		$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
+			'collapse', 'separate'));
+
+		$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
+			'top', 'bottom'));
+
+		$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
+			'auto', 'fixed'));
+
+		$this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
+				'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
+
+		// partial support
+		$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
+
+		if ($config->get('CSS.Proprietary')) {
+			$this->doSetupProprietary($config);
+		}
+
+		if ($config->get('CSS.AllowTricky')) {
+			$this->doSetupTricky($config);
+		}
+
+		if ($config->get('CSS.Trusted')) {
+			$this->doSetupTrusted($config);
+		}
+
+		$allow_important = $config->get('CSS.AllowImportant');
+		// wrap all attr-defs with decorator that handles !important
+		foreach ($this->info as $k => $v) {
+			$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
+		}
+
+		$this->setupConfigStuff($config);
+	}
+
+	protected function doSetupProprietary($config) {
+		// Internet Explorer only scrollbar colors
+		$this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
+
+		// technically not proprietary, but CSS3, and no one supports it
+		$this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+
+		// only opacity, for now
+		$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
+
+	}
+
+	protected function doSetupTricky($config) {
+		$this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
+			'inline', 'block', 'list-item', 'run-in', 'compact',
+			'marker', 'table', 'inline-table', 'table-row-group',
+			'table-header-group', 'table-footer-group', 'table-row',
+			'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
+		));
+		$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
+			'visible', 'hidden', 'collapse'
+		));
+		$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
+	}
+
+	protected function doSetupTrusted($config) {
+		$this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
+			'static', 'relative', 'absolute', 'fixed'
+		));
+		$this->info['top'] =
+		$this->info['left'] =
+		$this->info['right'] =
+		$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+		$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Integer(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+	}
+
+	/**
+	 * Performs extra config-based processing. Based off of
+	 * HTMLPurifier_HTMLDefinition.
+	 * @todo Refactor duplicate elements into common class (probably using
+	 *       composition, not inheritance).
+	 */
+	protected function setupConfigStuff($config) {
+
+		// setup allowed elements
+		$support = "(for information on implementing this, see the ".
+				   "support forums) ";
+		$allowed_properties = $config->get('CSS.AllowedProperties');
+		if ($allowed_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+				unset($allowed_properties[$name]);
+			}
+			// emit errors
+			foreach ($allowed_properties as $name => $d) {
+				// :TODO: Is this htmlspecialchars() call really necessary?
+				$name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+				trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
+			}
+		}
+
+		$forbidden_properties = $config->get('CSS.ForbiddenProperties');
+		if ($forbidden_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if (isset($forbidden_properties[$name])) {
+					unset($this->info[$name]);
+				}
+			}
+		}
+
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +3 added lines, -1 removed lines

@@ -296,7 +296,9 @@
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if(!isset($allowed_properties[$name])) {
+                	unset($this->info[$name]);
+                }
                 unset($allowed_properties[$name]);
             }
             // emit errors

Spacing +3 added lines, -4 removed lines

@@ -26,7 +26,7 @@ 
         $this->info['border-bottom-style'] =
         $this->info['border-right-style'] =
         $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+        $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
             array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
             'groove', 'ridge', 'inset', 'outset'), false);
 
@@ -159,8 +159,7 @@ 
         $this->info['width'] =
         $this->info['height'] =
             $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
+            $trusted_wh : new HTMLPurifier_AttrDef_Switch('img',
                 // For img tags:
                 new HTMLPurifier_AttrDef_CSS_Composite(array(
                     new HTMLPurifier_AttrDef_CSS_Length('0', $max),
@@ -296,7 +295,7 @@ 
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if (!isset($allowed_properties[$name])) unset($this->info[$name]);
                 unset($allowed_properties[$name]);
             }
             // emit errors

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef.php

Indentation +34 added lines, -34 removed lines

@@ -5,44 +5,44 @@
  */
 abstract class HTMLPurifier_ChildDef
 {
-    /**
-     * Type of child definition, usually right-most part of class name lowercase.
-     * Used occasionally in terms of context.
-     */
-    public $type;
+	/**
+	 * Type of child definition, usually right-most part of class name lowercase.
+	 * Used occasionally in terms of context.
+	 */
+	public $type;
 
-    /**
-     * Bool that indicates whether or not an empty array of children is okay
-     *
-     * This is necessary for redundant checking when changes affecting
-     * a child node may cause a parent node to now be disallowed.
-     */
-    public $allow_empty;
+	/**
+	 * Bool that indicates whether or not an empty array of children is okay
+	 *
+	 * This is necessary for redundant checking when changes affecting
+	 * a child node may cause a parent node to now be disallowed.
+	 */
+	public $allow_empty;
 
-    /**
-     * Lookup array of all elements that this definition could possibly allow
-     */
-    public $elements = array();
+	/**
+	 * Lookup array of all elements that this definition could possibly allow
+	 */
+	public $elements = array();
 
-    /**
-     * Get lookup of tag names that should not close this element automatically.
-     * All other elements will do so.
-     */
-    public function getAllowedElements($config) {
-        return $this->elements;
-    }
+	/**
+	 * Get lookup of tag names that should not close this element automatically.
+	 * All other elements will do so.
+	 */
+	public function getAllowedElements($config) {
+		return $this->elements;
+	}
 
-    /**
-     * Validates nodes according to definition and returns modification.
-     *
-     * @param $tokens_of_children Array of HTMLPurifier_Token
-     * @param $config HTMLPurifier_Config object
-     * @param $context HTMLPurifier_Context object
-     * @return bool true to leave nodes as is
-     * @return bool false to remove parent node
-     * @return array of replacement child tokens
-     */
-    abstract public function validateChildren($tokens_of_children, $config, $context);
+	/**
+	 * Validates nodes according to definition and returns modification.
+	 *
+	 * @param $tokens_of_children Array of HTMLPurifier_Token
+	 * @param $config HTMLPurifier_Config object
+	 * @param $context HTMLPurifier_Context object
+	 * @return bool true to leave nodes as is
+	 * @return bool false to remove parent node
+	 * @return array of replacement child tokens
+	 */
+	abstract public function validateChildren($tokens_of_children, $config, $context);
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Chameleon.php

Indentation +27 added lines, -27 removed lines

@@ -12,37 +12,37 @@
 class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
 {
 
-    /**
-     * Instance of the definition object to use when inline. Usually stricter.
-     */
-    public $inline;
+	/**
+	 * Instance of the definition object to use when inline. Usually stricter.
+	 */
+	public $inline;
 
-    /**
-     * Instance of the definition object to use when block.
-     */
-    public $block;
+	/**
+	 * Instance of the definition object to use when block.
+	 */
+	public $block;
 
-    public $type = 'chameleon';
+	public $type = 'chameleon';
 
-    /**
-     * @param $inline List of elements to allow when inline.
-     * @param $block List of elements to allow when block.
-     */
-    public function __construct($inline, $block) {
-        $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
-        $this->block  = new HTMLPurifier_ChildDef_Optional($block);
-        $this->elements = $this->block->elements;
-    }
+	/**
+	 * @param $inline List of elements to allow when inline.
+	 * @param $block List of elements to allow when block.
+	 */
+	public function __construct($inline, $block) {
+		$this->inline = new HTMLPurifier_ChildDef_Optional($inline);
+		$this->block  = new HTMLPurifier_ChildDef_Optional($block);
+		$this->elements = $this->block->elements;
+	}
 
-    public function validateChildren($tokens_of_children, $config, $context) {
-        if ($context->get('IsInline') === false) {
-            return $this->block->validateChildren(
-                $tokens_of_children, $config, $context);
-        } else {
-            return $this->inline->validateChildren(
-                $tokens_of_children, $config, $context);
-        }
-    }
+	public function validateChildren($tokens_of_children, $config, $context) {
+		if ($context->get('IsInline') === false) {
+			return $this->block->validateChildren(
+				$tokens_of_children, $config, $context);
+		} else {
+			return $this->inline->validateChildren(
+				$tokens_of_children, $config, $context);
+		}
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Custom.php

Indentation +67 added lines, -67 removed lines

@@ -8,83 +8,83 @@
  */
 class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
 {
-    public $type = 'custom';
-    public $allow_empty = false;
-    /**
-     * Allowed child pattern as defined by the DTD
-     */
-    public $dtd_regex;
-    /**
-     * PCRE regex derived from $dtd_regex
-     * @private
-     */
-    private $_pcre_regex;
-    /**
-     * @param $dtd_regex Allowed child pattern from the DTD
-     */
-    public function __construct($dtd_regex) {
-        $this->dtd_regex = $dtd_regex;
-        $this->_compileRegex();
-    }
-    /**
-     * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
-     */
-    protected function _compileRegex() {
-        $raw = str_replace(' ', '', $this->dtd_regex);
-        if ($raw{0} != '(') {
-            $raw = "($raw)";
-        }
-        $el = '[#a-zA-Z0-9_.-]+';
-        $reg = $raw;
+	public $type = 'custom';
+	public $allow_empty = false;
+	/**
+	 * Allowed child pattern as defined by the DTD
+	 */
+	public $dtd_regex;
+	/**
+	 * PCRE regex derived from $dtd_regex
+	 * @private
+	 */
+	private $_pcre_regex;
+	/**
+	 * @param $dtd_regex Allowed child pattern from the DTD
+	 */
+	public function __construct($dtd_regex) {
+		$this->dtd_regex = $dtd_regex;
+		$this->_compileRegex();
+	}
+	/**
+	 * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
+	 */
+	protected function _compileRegex() {
+		$raw = str_replace(' ', '', $this->dtd_regex);
+		if ($raw{0} != '(') {
+			$raw = "($raw)";
+		}
+		$el = '[#a-zA-Z0-9_.-]+';
+		$reg = $raw;
 
-        // COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
-        // DOING! Seriously: if there's problems, please report them.
+		// COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
+		// DOING! Seriously: if there's problems, please report them.
 
-        // collect all elements into the $elements array
-        preg_match_all("/$el/", $reg, $matches);
-        foreach ($matches[0] as $match) {
-            $this->elements[$match] = true;
-        }
+		// collect all elements into the $elements array
+		preg_match_all("/$el/", $reg, $matches);
+		foreach ($matches[0] as $match) {
+			$this->elements[$match] = true;
+		}
 
-        // setup all elements as parentheticals with leading commas
-        $reg = preg_replace("/$el/", '(,\\0)', $reg);
+		// setup all elements as parentheticals with leading commas
+		$reg = preg_replace("/$el/", '(,\\0)', $reg);
 
-        // remove commas when they were not solicited
-        $reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
+		// remove commas when they were not solicited
+		$reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
 
-        // remove all non-paranthetical commas: they are handled by first regex
-        $reg = preg_replace("/,\(/", '(', $reg);
+		// remove all non-paranthetical commas: they are handled by first regex
+		$reg = preg_replace("/,\(/", '(', $reg);
 
-        $this->_pcre_regex = $reg;
-    }
-    public function validateChildren($tokens_of_children, $config, $context) {
-        $list_of_children = '';
-        $nesting = 0; // depth into the nest
-        foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) continue;
+		$this->_pcre_regex = $reg;
+	}
+	public function validateChildren($tokens_of_children, $config, $context) {
+		$list_of_children = '';
+		$nesting = 0; // depth into the nest
+		foreach ($tokens_of_children as $token) {
+			if (!empty($token->is_whitespace)) continue;
 
-            $is_child = ($nesting == 0); // direct
+			$is_child = ($nesting == 0); // direct
 
-            if ($token instanceof HTMLPurifier_Token_Start) {
-                $nesting++;
-            } elseif ($token instanceof HTMLPurifier_Token_End) {
-                $nesting--;
-            }
+			if ($token instanceof HTMLPurifier_Token_Start) {
+				$nesting++;
+			} elseif ($token instanceof HTMLPurifier_Token_End) {
+				$nesting--;
+			}
 
-            if ($is_child) {
-                $list_of_children .= $token->name . ',';
-            }
-        }
-        // add leading comma to deal with stray comma declarations
-        $list_of_children = ',' . rtrim($list_of_children, ',');
-        $okay =
-            preg_match(
-                '/^,?'.$this->_pcre_regex.'$/',
-                $list_of_children
-            );
+			if ($is_child) {
+				$list_of_children .= $token->name . ',';
+			}
+		}
+		// add leading comma to deal with stray comma declarations
+		$list_of_children = ',' . rtrim($list_of_children, ',');
+		$okay =
+			preg_match(
+				'/^,?'.$this->_pcre_regex.'$/',
+				$list_of_children
+			);
 
-        return (bool) $okay;
-    }
+		return (bool) $okay;
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +3 added lines, -1 removed lines

@@ -61,7 +61,9 @@
         $list_of_children = '';
         $nesting = 0; // depth into the nest
         foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) continue;
+            if (!empty($token->is_whitespace)) {
+            	continue;
+            }
 
             $is_child = ($nesting == 0); // direct
 

Spacing +2 added lines, -2 removed lines

@@ -72,11 +72,11 @@
             }
 
             if ($is_child) {
-                $list_of_children .= $token->name . ',';
+                $list_of_children .= $token->name.',';
             }
         }
         // add leading comma to deal with stray comma declarations
-        $list_of_children = ',' . rtrim($list_of_children, ',');
+        $list_of_children = ','.rtrim($list_of_children, ',');
         $okay =
             preg_match(
                 '/^,?'.$this->_pcre_regex.'$/',

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Empty.php

Indentation +6 added lines, -6 removed lines

@@ -9,12 +9,12 @@
  */
 class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
 {
-    public $allow_empty = true;
-    public $type = 'empty';
-    public function __construct() {}
-    public function validateChildren($tokens_of_children, $config, $context) {
-        return array();
-    }
+	public $allow_empty = true;
+	public $type = 'empty';
+	public function __construct() {}
+	public function validateChildren($tokens_of_children, $config, $context) {
+		return array();
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/List.php

Indentation +100 added lines, -100 removed lines

@@ -5,116 +5,116 @@
  */
 class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
 {
-    public $type = 'list';
-    // lying a little bit, so that we can handle ul and ol ourselves
-    // XXX: This whole business with 'wrap' is all a bit unsatisfactory
-    public $elements = array('li' => true, 'ul' => true, 'ol' => true);
-    public function validateChildren($tokens_of_children, $config, $context) {
-        // Flag for subclasses
-        $this->whitespace = false;
+	public $type = 'list';
+	// lying a little bit, so that we can handle ul and ol ourselves
+	// XXX: This whole business with 'wrap' is all a bit unsatisfactory
+	public $elements = array('li' => true, 'ul' => true, 'ol' => true);
+	public function validateChildren($tokens_of_children, $config, $context) {
+		// Flag for subclasses
+		$this->whitespace = false;
 
-        // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+		// if there are no tokens, delete parent node
+		if (empty($tokens_of_children)) return false;
 
-        // the new set of children
-        $result = array();
+		// the new set of children
+		$result = array();
 
-        // current depth into the nest
-        $nesting = 0;
+		// current depth into the nest
+		$nesting = 0;
 
-        // a little sanity check to make sure it's not ALL whitespace
-        $all_whitespace = true;
+		// a little sanity check to make sure it's not ALL whitespace
+		$all_whitespace = true;
 
-        $seen_li = false;
-        $need_close_li = false;
+		$seen_li = false;
+		$need_close_li = false;
 
-        foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) {
-                $result[] = $token;
-                continue;
-            }
-            $all_whitespace = false; // phew, we're not talking about whitespace
+		foreach ($tokens_of_children as $token) {
+			if (!empty($token->is_whitespace)) {
+				$result[] = $token;
+				continue;
+			}
+			$all_whitespace = false; // phew, we're not talking about whitespace
 
-            if ($nesting == 1 && $need_close_li) {
-                $result[] = new HTMLPurifier_Token_End('li');
-                $nesting--;
-                $need_close_li = false;
-            }
+			if ($nesting == 1 && $need_close_li) {
+				$result[] = new HTMLPurifier_Token_End('li');
+				$nesting--;
+				$need_close_li = false;
+			}
 
-            $is_child = ($nesting == 0);
+			$is_child = ($nesting == 0);
 
-            if ($token instanceof HTMLPurifier_Token_Start) {
-                $nesting++;
-            } elseif ($token instanceof HTMLPurifier_Token_End) {
-                $nesting--;
-            }
+			if ($token instanceof HTMLPurifier_Token_Start) {
+				$nesting++;
+			} elseif ($token instanceof HTMLPurifier_Token_End) {
+				$nesting--;
+			}
 
-            if ($is_child) {
-                if ($token->name === 'li') {
-                    // good
-                    $seen_li = true;
-                } elseif ($token->name === 'ul' || $token->name === 'ol') {
-                    // we want to tuck this into the previous li
-                    $need_close_li = true;
-                    $nesting++;
-                    if (!$seen_li) {
-                        // create a new li element
-                        $result[] = new HTMLPurifier_Token_Start('li');
-                    } else {
-                        // backtrack until </li> found
-                        while(true) {
-                            $t = array_pop($result);
-                            if ($t instanceof HTMLPurifier_Token_End) {
-                                // XXX actually, these invariants could very plausibly be violated
-                                // if we are doing silly things with modifying the set of allowed elements.
-                                // FORTUNATELY, it doesn't make a difference, since the allowed
-                                // elements are hard-coded here!
-                                if ($t->name !== 'li') {
-                                    trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                                break;
-                            } elseif ($t instanceof HTMLPurifier_Token_Empty) { // bleagh
-                                if ($t->name !== 'li') {
-                                    trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                                // XXX this should have a helper for it...
-                                $result[] = new HTMLPurifier_Token_Start('li', $t->attr, $t->line, $t->col, $t->armor);
-                                break;
-                            } else {
-                                if (!$t->is_whitespace) {
-                                    trigger_error("Only whitespace present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                            }
-                        }
-                    }
-                } else {
-                    // start wrapping (this doesn't precisely mimic
-                    // browser behavior, but what browsers do is kind of
-                    // hard to mimic in a standards compliant way
-                    // XXX Actually, this has no impact in practice,
-                    // because this gets handled earlier. Arguably,
-                    // we should rip out all of that processing
-                    $result[] = new HTMLPurifier_Token_Start('li');
-                    $nesting++;
-                    $seen_li = true;
-                    $need_close_li = true;
-                }
-            }
-            $result[] = $token;
-        }
-        if ($need_close_li) {
-            $result[] = new HTMLPurifier_Token_End('li');
-        }
-        if (empty($result)) return false;
-        if ($all_whitespace) {
-            return false;
-        }
-        if ($tokens_of_children == $result) return true;
-        return $result;
-    }
+			if ($is_child) {
+				if ($token->name === 'li') {
+					// good
+					$seen_li = true;
+				} elseif ($token->name === 'ul' || $token->name === 'ol') {
+					// we want to tuck this into the previous li
+					$need_close_li = true;
+					$nesting++;
+					if (!$seen_li) {
+						// create a new li element
+						$result[] = new HTMLPurifier_Token_Start('li');
+					} else {
+						// backtrack until </li> found
+						while(true) {
+							$t = array_pop($result);
+							if ($t instanceof HTMLPurifier_Token_End) {
+								// XXX actually, these invariants could very plausibly be violated
+								// if we are doing silly things with modifying the set of allowed elements.
+								// FORTUNATELY, it doesn't make a difference, since the allowed
+								// elements are hard-coded here!
+								if ($t->name !== 'li') {
+									trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+								break;
+							} elseif ($t instanceof HTMLPurifier_Token_Empty) { // bleagh
+								if ($t->name !== 'li') {
+									trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+								// XXX this should have a helper for it...
+								$result[] = new HTMLPurifier_Token_Start('li', $t->attr, $t->line, $t->col, $t->armor);
+								break;
+							} else {
+								if (!$t->is_whitespace) {
+									trigger_error("Only whitespace present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+							}
+						}
+					}
+				} else {
+					// start wrapping (this doesn't precisely mimic
+					// browser behavior, but what browsers do is kind of
+					// hard to mimic in a standards compliant way
+					// XXX Actually, this has no impact in practice,
+					// because this gets handled earlier. Arguably,
+					// we should rip out all of that processing
+					$result[] = new HTMLPurifier_Token_Start('li');
+					$nesting++;
+					$seen_li = true;
+					$need_close_li = true;
+				}
+			}
+			$result[] = $token;
+		}
+		if ($need_close_li) {
+			$result[] = new HTMLPurifier_Token_End('li');
+		}
+		if (empty($result)) return false;
+		if ($all_whitespace) {
+			return false;
+		}
+		if ($tokens_of_children == $result) return true;
+		return $result;
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -62,7 +62,7 @@
                         $result[] = new HTMLPurifier_Token_Start('li');
                     } else {
                         // backtrack until </li> found
-                        while(true) {
+                        while (true) {
                             $t = array_pop($result);
                             if ($t instanceof HTMLPurifier_Token_End) {
                                 // XXX actually, these invariants could very plausibly be violated

Braces +9 added lines, -3 removed lines

@@ -14,7 +14,9 @@ 
         $this->whitespace = false;
 
         // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+        if (empty($tokens_of_children)) {
+        	return false;
+        }
 
         // the new set of children
         $result = array();
@@ -108,11 +110,15 @@ 
         if ($need_close_li) {
             $result[] = new HTMLPurifier_Token_End('li');
         }
-        if (empty($result)) return false;
+        if (empty($result)) {
+        	return false;
+        }
         if ($all_whitespace) {
             return false;
         }
-        if ($tokens_of_children == $result) return true;
+        if ($tokens_of_children == $result) {
+        	return true;
+        }
         return $result;
     }
 }

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Optional.php

Indentation +12 added lines, -12 removed lines

@@ -9,18 +9,18 @@
  */
 class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
 {
-    public $allow_empty = true;
-    public $type = 'optional';
-    public function validateChildren($tokens_of_children, $config, $context) {
-        $result = parent::validateChildren($tokens_of_children, $config, $context);
-        // we assume that $tokens_of_children is not modified
-        if ($result === false) {
-            if (empty($tokens_of_children)) return true;
-            elseif ($this->whitespace) return $tokens_of_children;
-            else return array();
-        }
-        return $result;
-    }
+	public $allow_empty = true;
+	public $type = 'optional';
+	public function validateChildren($tokens_of_children, $config, $context) {
+		$result = parent::validateChildren($tokens_of_children, $config, $context);
+		// we assume that $tokens_of_children is not modified
+		if ($result === false) {
+			if (empty($tokens_of_children)) return true;
+			elseif ($this->whitespace) return $tokens_of_children;
+			else return array();
+		}
+		return $result;
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +7 added lines, -3 removed lines

@@ -15,9 +15,13 @@
         $result = parent::validateChildren($tokens_of_children, $config, $context);
         // we assume that $tokens_of_children is not modified
         if ($result === false) {
-            if (empty($tokens_of_children)) return true;
-            elseif ($this->whitespace) return $tokens_of_children;
-            else return array();
+            if (empty($tokens_of_children)) {
+            	return true;
+            } elseif ($this->whitespace) {
+            	return $tokens_of_children;
+            } else {
+            	return array();
+            }
         }
         return $result;
     }

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php

Indentation +95 added lines, -95 removed lines

@@ -5,113 +5,113 @@
  */
 class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
 {
-    /**
-     * Lookup table of allowed elements.
-     * @public
-     */
-    public $elements = array();
-    /**
-     * Whether or not the last passed node was all whitespace.
-     */
-    protected $whitespace = false;
-    /**
-     * @param $elements List of allowed element names (lowercase).
-     */
-    public function __construct($elements) {
-        if (is_string($elements)) {
-            $elements = str_replace(' ', '', $elements);
-            $elements = explode('|', $elements);
-        }
-        $keys = array_keys($elements);
-        if ($keys == array_keys($keys)) {
-            $elements = array_flip($elements);
-            foreach ($elements as $i => $x) {
-                $elements[$i] = true;
-                if (empty($i)) unset($elements[$i]); // remove blank
-            }
-        }
-        $this->elements = $elements;
-    }
-    public $allow_empty = false;
-    public $type = 'required';
-    public function validateChildren($tokens_of_children, $config, $context) {
-        // Flag for subclasses
-        $this->whitespace = false;
+	/**
+	 * Lookup table of allowed elements.
+	 * @public
+	 */
+	public $elements = array();
+	/**
+	 * Whether or not the last passed node was all whitespace.
+	 */
+	protected $whitespace = false;
+	/**
+	 * @param $elements List of allowed element names (lowercase).
+	 */
+	public function __construct($elements) {
+		if (is_string($elements)) {
+			$elements = str_replace(' ', '', $elements);
+			$elements = explode('|', $elements);
+		}
+		$keys = array_keys($elements);
+		if ($keys == array_keys($keys)) {
+			$elements = array_flip($elements);
+			foreach ($elements as $i => $x) {
+				$elements[$i] = true;
+				if (empty($i)) unset($elements[$i]); // remove blank
+			}
+		}
+		$this->elements = $elements;
+	}
+	public $allow_empty = false;
+	public $type = 'required';
+	public function validateChildren($tokens_of_children, $config, $context) {
+		// Flag for subclasses
+		$this->whitespace = false;
 
-        // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+		// if there are no tokens, delete parent node
+		if (empty($tokens_of_children)) return false;
 
-        // the new set of children
-        $result = array();
+		// the new set of children
+		$result = array();
 
-        // current depth into the nest
-        $nesting = 0;
+		// current depth into the nest
+		$nesting = 0;
 
-        // whether or not we're deleting a node
-        $is_deleting = false;
+		// whether or not we're deleting a node
+		$is_deleting = false;
 
-        // whether or not parsed character data is allowed
-        // this controls whether or not we silently drop a tag
-        // or generate escaped HTML from it
-        $pcdata_allowed = isset($this->elements['#PCDATA']);
+		// whether or not parsed character data is allowed
+		// this controls whether or not we silently drop a tag
+		// or generate escaped HTML from it
+		$pcdata_allowed = isset($this->elements['#PCDATA']);
 
-        // a little sanity check to make sure it's not ALL whitespace
-        $all_whitespace = true;
+		// a little sanity check to make sure it's not ALL whitespace
+		$all_whitespace = true;
 
-        // some configuration
-        $escape_invalid_children = $config->get('Core.EscapeInvalidChildren');
+		// some configuration
+		$escape_invalid_children = $config->get('Core.EscapeInvalidChildren');
 
-        // generator
-        $gen = new HTMLPurifier_Generator($config, $context);
+		// generator
+		$gen = new HTMLPurifier_Generator($config, $context);
 
-        foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) {
-                $result[] = $token;
-                continue;
-            }
-            $all_whitespace = false; // phew, we're not talking about whitespace
+		foreach ($tokens_of_children as $token) {
+			if (!empty($token->is_whitespace)) {
+				$result[] = $token;
+				continue;
+			}
+			$all_whitespace = false; // phew, we're not talking about whitespace
 
-            $is_child = ($nesting == 0);
+			$is_child = ($nesting == 0);
 
-            if ($token instanceof HTMLPurifier_Token_Start) {
-                $nesting++;
-            } elseif ($token instanceof HTMLPurifier_Token_End) {
-                $nesting--;
-            }
+			if ($token instanceof HTMLPurifier_Token_Start) {
+				$nesting++;
+			} elseif ($token instanceof HTMLPurifier_Token_End) {
+				$nesting--;
+			}
 
-            if ($is_child) {
-                $is_deleting = false;
-                if (!isset($this->elements[$token->name])) {
-                    $is_deleting = true;
-                    if ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text) {
-                        $result[] = $token;
-                    } elseif ($pcdata_allowed && $escape_invalid_children) {
-                        $result[] = new HTMLPurifier_Token_Text(
-                            $gen->generateFromToken($token)
-                        );
-                    }
-                    continue;
-                }
-            }
-            if (!$is_deleting || ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text)) {
-                $result[] = $token;
-            } elseif ($pcdata_allowed && $escape_invalid_children) {
-                $result[] =
-                    new HTMLPurifier_Token_Text(
-                        $gen->generateFromToken($token)
-                    );
-            } else {
-                // drop silently
-            }
-        }
-        if (empty($result)) return false;
-        if ($all_whitespace) {
-            $this->whitespace = true;
-            return false;
-        }
-        if ($tokens_of_children == $result) return true;
-        return $result;
-    }
+			if ($is_child) {
+				$is_deleting = false;
+				if (!isset($this->elements[$token->name])) {
+					$is_deleting = true;
+					if ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text) {
+						$result[] = $token;
+					} elseif ($pcdata_allowed && $escape_invalid_children) {
+						$result[] = new HTMLPurifier_Token_Text(
+							$gen->generateFromToken($token)
+						);
+					}
+					continue;
+				}
+			}
+			if (!$is_deleting || ($pcdata_allowed && $token instanceof HTMLPurifier_Token_Text)) {
+				$result[] = $token;
+			} elseif ($pcdata_allowed && $escape_invalid_children) {
+				$result[] =
+					new HTMLPurifier_Token_Text(
+						$gen->generateFromToken($token)
+					);
+			} else {
+				// drop silently
+			}
+		}
+		if (empty($result)) return false;
+		if ($all_whitespace) {
+			$this->whitespace = true;
+			return false;
+		}
+		if ($tokens_of_children == $result) return true;
+		return $result;
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +13 added lines, -4 removed lines

@@ -27,7 +27,10 @@ 
             $elements = array_flip($elements);
             foreach ($elements as $i => $x) {
                 $elements[$i] = true;
-                if (empty($i)) unset($elements[$i]); // remove blank
+                if (empty($i)) {
+                	unset($elements[$i]);
+                }
+                // remove blank
             }
         }
         $this->elements = $elements;
@@ -39,7 +42,9 @@ 
         $this->whitespace = false;
 
         // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+        if (empty($tokens_of_children)) {
+        	return false;
+        }
 
         // the new set of children
         $result = array();
@@ -104,12 +109,16 @@ 
                 // drop silently
             }
         }
-        if (empty($result)) return false;
+        if (empty($result)) {
+        	return false;
+        }
         if ($all_whitespace) {
             $this->whitespace = true;
             return false;
         }
-        if ($tokens_of_children == $result) return true;
+        if ($tokens_of_children == $result) {
+        	return true;
+        }
         return $result;
     }
 }