xpressengine /
xe-core
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | */ |
| 37 | 37 | function FileObject($path, $mode) |
| 38 | 38 | { |
| 39 | - if($path != NULL) |
|
| 39 | + if ($path != NULL) |
|
| 40 | 40 | { |
| 41 | 41 | $this->Open($path, $mode); |
| 42 | 42 | } |
@@ -51,7 +51,7 @@ discard block |
||
| 51 | 51 | function append($file_name) |
| 52 | 52 | { |
| 53 | 53 | $target = new FileObject($file_name, "r"); |
| 54 | - while(!$target->feof()) |
|
| 54 | + while (!$target->feof()) |
|
| 55 | 55 | { |
| 56 | 56 | $readstr = $target->read(); |
| 57 | 57 | $this->write($readstr); |
@@ -89,11 +89,11 @@ discard block |
||
| 89 | 89 | function write($str) |
| 90 | 90 | { |
| 91 | 91 | $len = strlen($str); |
| 92 | - if(!$str || $len <= 0) |
|
| 92 | + if (!$str || $len <= 0) |
|
| 93 | 93 | { |
| 94 | 94 | return FALSE; |
| 95 | 95 | } |
| 96 | - if(!$this->fp) |
|
| 96 | + if (!$this->fp) |
|
| 97 | 97 | { |
| 98 | 98 | return FALSE; |
| 99 | 99 | } |
@@ -112,12 +112,12 @@ discard block |
||
| 112 | 112 | */ |
| 113 | 113 | function open($path, $mode) |
| 114 | 114 | { |
| 115 | - if($this->fp != NULL) |
|
| 115 | + if ($this->fp != NULL) |
|
| 116 | 116 | { |
| 117 | 117 | $this->close(); |
| 118 | 118 | } |
| 119 | 119 | $this->fp = fopen($path, $mode); |
| 120 | - if(!is_resource($this->fp)) |
|
| 120 | + if (!is_resource($this->fp)) |
|
| 121 | 121 | { |
| 122 | 122 | $this->fp = NULL; |
| 123 | 123 | return FALSE; |
@@ -133,7 +133,7 @@ discard block |
||
| 133 | 133 | */ |
| 134 | 134 | function getPath() |
| 135 | 135 | { |
| 136 | - if($this->fp != NULL) |
|
| 136 | + if ($this->fp != NULL) |
|
| 137 | 137 | { |
| 138 | 138 | return $this->path; |
| 139 | 139 | } |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | */ |
| 151 | 151 | function close() |
| 152 | 152 | { |
| 153 | - if($this->fp != NULL) |
|
| 153 | + if ($this->fp != NULL) |
|
| 154 | 154 | { |
| 155 | 155 | fclose($this->fp); |
| 156 | 156 | $this->fp = NULL; |
@@ -136,8 +136,7 @@ |
||
| 136 | 136 | if($this->fp != NULL) |
| 137 | 137 | { |
| 138 | 138 | return $this->path; |
| 139 | - } |
|
| 140 | - else |
|
| 139 | + } else |
|
| 141 | 140 | { |
| 142 | 141 | return NULL; |
| 143 | 142 | } |
@@ -39,18 +39,18 @@ discard block |
||
| 39 | 39 | $this->point = 0; |
| 40 | 40 | |
| 41 | 41 | $first_page = $cur_page - (int) ($page_count / 2); |
| 42 | - if($first_page < 1) |
|
| 42 | + if ($first_page < 1) |
|
| 43 | 43 | { |
| 44 | 44 | $first_page = 1; |
| 45 | 45 | } |
| 46 | 46 | |
| 47 | - if($total_page > $page_count && $first_page + $page_count - 1 > $total_page) |
|
| 47 | + if ($total_page > $page_count && $first_page + $page_count - 1 > $total_page) |
|
| 48 | 48 | { |
| 49 | 49 | $first_page -= $first_page + $page_count - 1 - $total_page; |
| 50 | 50 | } |
| 51 | 51 | |
| 52 | 52 | $last_page = $total_page; |
| 53 | - if($last_page > $total_page) |
|
| 53 | + if ($last_page > $total_page) |
|
| 54 | 54 | { |
| 55 | 55 | $last_page = $total_page; |
| 56 | 56 | } |
@@ -58,7 +58,7 @@ discard block |
||
| 58 | 58 | $this->first_page = $first_page; |
| 59 | 59 | $this->last_page = $last_page; |
| 60 | 60 | |
| 61 | - if($total_page < $this->page_count) |
|
| 61 | + if ($total_page < $this->page_count) |
|
| 62 | 62 | { |
| 63 | 63 | $this->page_count = $total_page; |
| 64 | 64 | } |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | function getNextPage() |
| 72 | 72 | { |
| 73 | 73 | $page = $this->first_page + $this->point++; |
| 74 | - if($this->point > $this->page_count || $page > $this->last_page) |
|
| 74 | + if ($this->point > $this->page_count || $page > $this->last_page) |
|
| 75 | 75 | { |
| 76 | 76 | $page = 0; |
| 77 | 77 | } |
@@ -5,24 +5,24 @@ discard block |
||
| 5 | 5 | { |
| 6 | 6 | public function filter($ip_list, $ip = NULL) |
| 7 | 7 | { |
| 8 | - if(!$ip) $ip = $_SERVER['REMOTE_ADDR']; |
|
| 8 | + if (!$ip) $ip = $_SERVER['REMOTE_ADDR']; |
|
| 9 | 9 | $long_ip = ip2long($ip); |
| 10 | - foreach($ip_list as $filter_ip) |
|
| 10 | + foreach ($ip_list as $filter_ip) |
|
| 11 | 11 | { |
| 12 | 12 | $range = explode('-', $filter_ip); |
| 13 | - if(!$range[1]) // single address type |
|
| 13 | + if (!$range[1]) // single address type |
|
| 14 | 14 | { |
| 15 | 15 | $star_pos = strpos($filter_ip, '*'); |
| 16 | - if($star_pos !== FALSE ) // wild card exist |
|
| 16 | + if ($star_pos !== FALSE) // wild card exist |
|
| 17 | 17 | { |
| 18 | - if(strncmp($filter_ip, $ip, $star_pos)===0) return true; |
|
| 18 | + if (strncmp($filter_ip, $ip, $star_pos) === 0) return true; |
|
| 19 | 19 | } |
| 20 | - else if(strcmp($filter_ip, $ip)===0) |
|
| 20 | + else if (strcmp($filter_ip, $ip) === 0) |
|
| 21 | 21 | { |
| 22 | 22 | return true; |
| 23 | 23 | } |
| 24 | 24 | } |
| 25 | - else if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip) |
|
| 25 | + else if (ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip) |
|
| 26 | 26 | { |
| 27 | 27 | return true; |
| 28 | 28 | } |
@@ -74,12 +74,12 @@ discard block |
||
| 74 | 74 | ) |
| 75 | 75 | ) |
| 76 | 76 | $/"; |
| 77 | - $regex = str_replace(array("\r\n", "\n", "\r","\t"," "), '', $regex); |
|
| 77 | + $regex = str_replace(array("\r\n", "\n", "\r", "\t", " "), '', $regex); |
|
| 78 | 78 | |
| 79 | - foreach($ip_list as $i => $ip) |
|
| 79 | + foreach ($ip_list as $i => $ip) |
|
| 80 | 80 | { |
| 81 | 81 | preg_match($regex, $ip, $matches); |
| 82 | - if(!count($matches)) return false; |
|
| 82 | + if (!count($matches)) return false; |
|
| 83 | 83 | } |
| 84 | 84 | |
| 85 | 85 | return true; |
@@ -5,24 +5,28 @@ discard block |
||
| 5 | 5 | { |
| 6 | 6 | public function filter($ip_list, $ip = NULL) |
| 7 | 7 | { |
| 8 | - if(!$ip) $ip = $_SERVER['REMOTE_ADDR']; |
|
| 8 | + if(!$ip) { |
|
| 9 | + $ip = $_SERVER['REMOTE_ADDR']; |
|
| 10 | + } |
|
| 9 | 11 | $long_ip = ip2long($ip); |
| 10 | 12 | foreach($ip_list as $filter_ip) |
| 11 | 13 | { |
| 12 | 14 | $range = explode('-', $filter_ip); |
| 13 | - if(!$range[1]) // single address type |
|
| 15 | + if(!$range[1]) { |
|
| 16 | + // single address type |
|
| 14 | 17 | { |
| 15 | 18 | $star_pos = strpos($filter_ip, '*'); |
| 16 | - if($star_pos !== FALSE ) // wild card exist |
|
| 19 | + } |
|
| 20 | + if($star_pos !== FALSE ) { |
|
| 21 | + // wild card exist |
|
| 17 | 22 | { |
| 18 | 23 | if(strncmp($filter_ip, $ip, $star_pos)===0) return true; |
| 19 | 24 | } |
| 20 | - else if(strcmp($filter_ip, $ip)===0) |
|
| 25 | + } else if(strcmp($filter_ip, $ip)===0) |
|
| 21 | 26 | { |
| 22 | 27 | return true; |
| 23 | 28 | } |
| 24 | - } |
|
| 25 | - else if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip) |
|
| 29 | + } else if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip) |
|
| 26 | 30 | { |
| 27 | 31 | return true; |
| 28 | 32 | } |
@@ -79,7 +83,9 @@ discard block |
||
| 79 | 83 | foreach($ip_list as $i => $ip) |
| 80 | 84 | { |
| 81 | 85 | preg_match($regex, $ip, $matches); |
| 82 | - if(!count($matches)) return false; |
|
| 86 | + if(!count($matches)) { |
|
| 87 | + return false; |
|
| 88 | + } |
|
| 83 | 89 | } |
| 84 | 90 | |
| 85 | 91 | return true; |
@@ -55,8 +55,7 @@ discard block |
||
| 55 | 55 | { |
| 56 | 56 | $algorithm = 'md5'; // Historical default for XE |
| 57 | 57 | } |
| 58 | - } |
|
| 59 | - else |
|
| 58 | + } else |
|
| 60 | 59 | { |
| 61 | 60 | $algorithm = 'md5'; |
| 62 | 61 | } |
@@ -77,8 +76,7 @@ discard block |
||
| 77 | 76 | { |
| 78 | 77 | $work_factor = 8; // Reasonable default |
| 79 | 78 | } |
| 80 | - } |
|
| 81 | - else |
|
| 79 | + } else |
|
| 82 | 80 | { |
| 83 | 81 | $work_factor = 8; |
| 84 | 82 | } |
@@ -176,24 +174,19 @@ discard block |
||
| 176 | 174 | if(preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
| 177 | 175 | { |
| 178 | 176 | return 'bcrypt'; |
| 179 | - } |
|
| 180 | - elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 177 | + } elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 181 | 178 | { |
| 182 | 179 | return 'pbkdf2'; |
| 183 | - } |
|
| 184 | - elseif(strlen($hash) === 32 && ctype_xdigit($hash)) |
|
| 180 | + } elseif(strlen($hash) === 32 && ctype_xdigit($hash)) |
|
| 185 | 181 | { |
| 186 | 182 | return 'md5'; |
| 187 | - } |
|
| 188 | - elseif(strlen($hash) === 16 && ctype_xdigit($hash)) |
|
| 183 | + } elseif(strlen($hash) === 16 && ctype_xdigit($hash)) |
|
| 189 | 184 | { |
| 190 | 185 | return 'mysql_old_password'; |
| 191 | - } |
|
| 192 | - elseif(strlen($hash) === 41 && $hash[0] === '*') |
|
| 186 | + } elseif(strlen($hash) === 41 && $hash[0] === '*') |
|
| 193 | 187 | { |
| 194 | 188 | return 'mysql_password'; |
| 195 | - } |
|
| 196 | - else |
|
| 189 | + } else |
|
| 197 | 190 | { |
| 198 | 191 | return false; |
| 199 | 192 | } |
@@ -209,12 +202,10 @@ discard block |
||
| 209 | 202 | if(preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
| 210 | 203 | { |
| 211 | 204 | return intval($matches[1], 10); |
| 212 | - } |
|
| 213 | - elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 205 | + } elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 214 | 206 | { |
| 215 | 207 | return max(0, round(log($matches[1], 2)) - 5); |
| 216 | - } |
|
| 217 | - else |
|
| 208 | + } else |
|
| 218 | 209 | { |
| 219 | 210 | return false; |
| 220 | 211 | } |
@@ -250,22 +241,18 @@ discard block |
||
| 250 | 241 | if(function_exists('openssl_random_pseudo_bytes') && (!$is_windows || version_compare(PHP_VERSION, '5.4', '>='))) |
| 251 | 242 | { |
| 252 | 243 | $entropy = openssl_random_pseudo_bytes($entropy_capped_bytes); |
| 253 | - } |
|
| 254 | - elseif(function_exists('mcrypt_create_iv') && (!$is_windows || version_compare(PHP_VERSION, '5.3.7', '>='))) |
|
| 244 | + } elseif(function_exists('mcrypt_create_iv') && (!$is_windows || version_compare(PHP_VERSION, '5.3.7', '>='))) |
|
| 255 | 245 | { |
| 256 | 246 | $entropy = mcrypt_create_iv($entropy_capped_bytes, MCRYPT_DEV_URANDOM); |
| 257 | - } |
|
| 258 | - elseif(function_exists('mcrypt_create_iv') && $is_windows) |
|
| 247 | + } elseif(function_exists('mcrypt_create_iv') && $is_windows) |
|
| 259 | 248 | { |
| 260 | 249 | $entropy = mcrypt_create_iv($entropy_capped_bytes, MCRYPT_RAND); |
| 261 | - } |
|
| 262 | - elseif(!$is_windows && @is_readable('/dev/urandom')) |
|
| 250 | + } elseif(!$is_windows && @is_readable('/dev/urandom')) |
|
| 263 | 251 | { |
| 264 | 252 | $fp = fopen('/dev/urandom', 'rb'); |
| 265 | 253 | $entropy = fread($fp, $entropy_capped_bytes); |
| 266 | 254 | fclose($fp); |
| 267 | - } |
|
| 268 | - else |
|
| 255 | + } else |
|
| 269 | 256 | { |
| 270 | 257 | $entropy = ''; |
| 271 | 258 | for($i = 0; $i < $entropy_capped_bytes; $i += 2) |
@@ -341,8 +328,7 @@ discard block |
||
| 341 | 328 | if(function_exists('hash_pbkdf2')) |
| 342 | 329 | { |
| 343 | 330 | return hash_pbkdf2($algorithm, $password, $salt, $iterations, $length, true); |
| 344 | - } |
|
| 345 | - else |
|
| 331 | + } else |
|
| 346 | 332 | { |
| 347 | 333 | $output = ''; |
| 348 | 334 | $block_count = ceil($length / strlen(hash($algorithm, '', true))); // key length divided by the length of one hash |
@@ -350,10 +336,12 @@ discard block |
||
| 350 | 336 | { |
| 351 | 337 | $last = $salt . pack('N', $i); // $i encoded as 4 bytes, big endian |
| 352 | 338 | $last = $xorsum = hash_hmac($algorithm, $last, $password, true); // first iteration |
| 353 | - for($j = 1; $j < $iterations; $j++) // The other $count - 1 iterations |
|
| 339 | + for($j = 1; $j < $iterations; $j++) { |
|
| 340 | + // The other $count - 1 iterations |
|
| 354 | 341 | { |
| 355 | 342 | $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true)); |
| 356 | 343 | } |
| 344 | + } |
|
| 357 | 345 | $output .= $xorsum; |
| 358 | 346 | } |
| 359 | 347 | return substr($output, 0, $length); |
@@ -19,11 +19,11 @@ discard block |
||
| 19 | 19 | public function getSupportedAlgorithms() |
| 20 | 20 | { |
| 21 | 21 | $retval = array(); |
| 22 | - if(function_exists('hash_hmac') && in_array('sha256', hash_algos())) |
|
| 22 | + if (function_exists('hash_hmac') && in_array('sha256', hash_algos())) |
|
| 23 | 23 | { |
| 24 | 24 | $retval['pbkdf2'] = 'pbkdf2'; |
| 25 | 25 | } |
| 26 | - if(version_compare(PHP_VERSION, '5.3.7', '>=') && defined('CRYPT_BLOWFISH')) |
|
| 26 | + if (version_compare(PHP_VERSION, '5.3.7', '>=') && defined('CRYPT_BLOWFISH')) |
|
| 27 | 27 | { |
| 28 | 28 | $retval['bcrypt'] = 'bcrypt'; |
| 29 | 29 | } |
@@ -47,13 +47,13 @@ discard block |
||
| 47 | 47 | */ |
| 48 | 48 | public function getCurrentlySelectedAlgorithm() |
| 49 | 49 | { |
| 50 | - if(function_exists('getModel')) |
|
| 50 | + if (function_exists('getModel')) |
|
| 51 | 51 | { |
| 52 | 52 | $config = getModel('member')->getMemberConfig(); |
| 53 | 53 | $algorithm = $config->password_hashing_algorithm; |
| 54 | - if(strval($algorithm) === '') |
|
| 54 | + if (strval($algorithm) === '') |
|
| 55 | 55 | { |
| 56 | - $algorithm = 'md5'; // Historical default for XE |
|
| 56 | + $algorithm = 'md5'; // Historical default for XE |
|
| 57 | 57 | } |
| 58 | 58 | } |
| 59 | 59 | else |
@@ -69,13 +69,13 @@ discard block |
||
| 69 | 69 | */ |
| 70 | 70 | public function getWorkFactor() |
| 71 | 71 | { |
| 72 | - if(function_exists('getModel')) |
|
| 72 | + if (function_exists('getModel')) |
|
| 73 | 73 | { |
| 74 | 74 | $config = getModel('member')->getMemberConfig(); |
| 75 | 75 | $work_factor = $config->password_hashing_work_factor; |
| 76 | - if(!$work_factor || $work_factor < 4 || $work_factor > 31) |
|
| 76 | + if (!$work_factor || $work_factor < 4 || $work_factor > 31) |
|
| 77 | 77 | { |
| 78 | - $work_factor = 8; // Reasonable default |
|
| 78 | + $work_factor = 8; // Reasonable default |
|
| 79 | 79 | } |
| 80 | 80 | } |
| 81 | 81 | else |
@@ -93,18 +93,18 @@ discard block |
||
| 93 | 93 | */ |
| 94 | 94 | public function createHash($password, $algorithm = null) |
| 95 | 95 | { |
| 96 | - if($algorithm === null) |
|
| 96 | + if ($algorithm === null) |
|
| 97 | 97 | { |
| 98 | 98 | $algorithm = $this->getCurrentlySelectedAlgorithm(); |
| 99 | 99 | } |
| 100 | - if(!array_key_exists($algorithm, $this->getSupportedAlgorithms())) |
|
| 100 | + if (!array_key_exists($algorithm, $this->getSupportedAlgorithms())) |
|
| 101 | 101 | { |
| 102 | 102 | return false; |
| 103 | 103 | } |
| 104 | 104 | |
| 105 | 105 | $password = trim($password); |
| 106 | 106 | |
| 107 | - switch($algorithm) |
|
| 107 | + switch ($algorithm) |
|
| 108 | 108 | { |
| 109 | 109 | case 'md5': |
| 110 | 110 | return md5($password); |
@@ -132,14 +132,14 @@ discard block |
||
| 132 | 132 | */ |
| 133 | 133 | public function checkPassword($password, $hash, $algorithm = null) |
| 134 | 134 | { |
| 135 | - if($algorithm === null) |
|
| 135 | + if ($algorithm === null) |
|
| 136 | 136 | { |
| 137 | 137 | $algorithm = $this->checkAlgorithm($hash); |
| 138 | 138 | } |
| 139 | 139 | |
| 140 | 140 | $password = trim($password); |
| 141 | 141 | |
| 142 | - switch($algorithm) |
|
| 142 | + switch ($algorithm) |
|
| 143 | 143 | { |
| 144 | 144 | case 'md5': |
| 145 | 145 | return md5($password) === $hash || md5(sha1(md5($password))) === $hash; |
@@ -173,23 +173,23 @@ discard block |
||
| 173 | 173 | */ |
| 174 | 174 | function checkAlgorithm($hash) |
| 175 | 175 | { |
| 176 | - if(preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
|
| 176 | + if (preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
|
| 177 | 177 | { |
| 178 | 178 | return 'bcrypt'; |
| 179 | 179 | } |
| 180 | - elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 180 | + elseif (preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 181 | 181 | { |
| 182 | 182 | return 'pbkdf2'; |
| 183 | 183 | } |
| 184 | - elseif(strlen($hash) === 32 && ctype_xdigit($hash)) |
|
| 184 | + elseif (strlen($hash) === 32 && ctype_xdigit($hash)) |
|
| 185 | 185 | { |
| 186 | 186 | return 'md5'; |
| 187 | 187 | } |
| 188 | - elseif(strlen($hash) === 16 && ctype_xdigit($hash)) |
|
| 188 | + elseif (strlen($hash) === 16 && ctype_xdigit($hash)) |
|
| 189 | 189 | { |
| 190 | 190 | return 'mysql_old_password'; |
| 191 | 191 | } |
| 192 | - elseif(strlen($hash) === 41 && $hash[0] === '*') |
|
| 192 | + elseif (strlen($hash) === 41 && $hash[0] === '*') |
|
| 193 | 193 | { |
| 194 | 194 | return 'mysql_password'; |
| 195 | 195 | } |
@@ -206,11 +206,11 @@ discard block |
||
| 206 | 206 | */ |
| 207 | 207 | function checkWorkFactor($hash) |
| 208 | 208 | { |
| 209 | - if(preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
|
| 209 | + if (preg_match('/^\$2[axy]\$([0-9]{2})\$/', $hash, $matches)) |
|
| 210 | 210 | { |
| 211 | 211 | return intval($matches[1], 10); |
| 212 | 212 | } |
| 213 | - elseif(preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 213 | + elseif (preg_match('/^sha[0-9]+:([0-9]+):/', $hash, $matches)) |
|
| 214 | 214 | { |
| 215 | 215 | return max(0, round(log($matches[1], 2)) - 5); |
| 216 | 216 | } |
@@ -229,7 +229,7 @@ discard block |
||
| 229 | 229 | public function createSecureSalt($length, $format = 'hex') |
| 230 | 230 | { |
| 231 | 231 | // Find out how many bytes of entropy we really need |
| 232 | - switch($format) |
|
| 232 | + switch ($format) |
|
| 233 | 233 | { |
| 234 | 234 | case 'hex': |
| 235 | 235 | $entropy_required_bytes = ceil($length / 2); |
@@ -247,19 +247,19 @@ discard block |
||
| 247 | 247 | |
| 248 | 248 | // Find and use the most secure way to generate a random string |
| 249 | 249 | $is_windows = (defined('PHP_OS') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'); |
| 250 | - if(function_exists('openssl_random_pseudo_bytes') && (!$is_windows || version_compare(PHP_VERSION, '5.4', '>='))) |
|
| 250 | + if (function_exists('openssl_random_pseudo_bytes') && (!$is_windows || version_compare(PHP_VERSION, '5.4', '>='))) |
|
| 251 | 251 | { |
| 252 | 252 | $entropy = openssl_random_pseudo_bytes($entropy_capped_bytes); |
| 253 | 253 | } |
| 254 | - elseif(function_exists('mcrypt_create_iv') && (!$is_windows || version_compare(PHP_VERSION, '5.3.7', '>='))) |
|
| 254 | + elseif (function_exists('mcrypt_create_iv') && (!$is_windows || version_compare(PHP_VERSION, '5.3.7', '>='))) |
|
| 255 | 255 | { |
| 256 | 256 | $entropy = mcrypt_create_iv($entropy_capped_bytes, MCRYPT_DEV_URANDOM); |
| 257 | 257 | } |
| 258 | - elseif(function_exists('mcrypt_create_iv') && $is_windows) |
|
| 258 | + elseif (function_exists('mcrypt_create_iv') && $is_windows) |
|
| 259 | 259 | { |
| 260 | 260 | $entropy = mcrypt_create_iv($entropy_capped_bytes, MCRYPT_RAND); |
| 261 | 261 | } |
| 262 | - elseif(!$is_windows && @is_readable('/dev/urandom')) |
|
| 262 | + elseif (!$is_windows && @is_readable('/dev/urandom')) |
|
| 263 | 263 | { |
| 264 | 264 | $fp = fopen('/dev/urandom', 'rb'); |
| 265 | 265 | $entropy = fread($fp, $entropy_capped_bytes); |
@@ -268,7 +268,7 @@ discard block |
||
| 268 | 268 | else |
| 269 | 269 | { |
| 270 | 270 | $entropy = ''; |
| 271 | - for($i = 0; $i < $entropy_capped_bytes; $i += 2) |
|
| 271 | + for ($i = 0; $i < $entropy_capped_bytes; $i += 2) |
|
| 272 | 272 | { |
| 273 | 273 | $entropy .= pack('S', rand(0, 65536) ^ mt_rand(0, 65535)); |
| 274 | 274 | } |
@@ -276,13 +276,13 @@ discard block |
||
| 276 | 276 | |
| 277 | 277 | // Mixing (see RFC 4086 section 5) |
| 278 | 278 | $output = ''; |
| 279 | - for($i = 0; $i < $entropy_required_bytes; $i += 32) |
|
| 279 | + for ($i = 0; $i < $entropy_required_bytes; $i += 32) |
|
| 280 | 280 | { |
| 281 | - $output .= hash('sha256', $entropy . $i . rand(), true); |
|
| 281 | + $output .= hash('sha256', $entropy.$i.rand(), true); |
|
| 282 | 282 | } |
| 283 | 283 | |
| 284 | 284 | // Encode and return the random string |
| 285 | - switch($format) |
|
| 285 | + switch ($format) |
|
| 286 | 286 | { |
| 287 | 287 | case 'hex': |
| 288 | 288 | return substr(bin2hex($output), 0, $length); |
@@ -290,15 +290,15 @@ discard block |
||
| 290 | 290 | return substr($output, 0, $length); |
| 291 | 291 | case 'printable': |
| 292 | 292 | $salt = ''; |
| 293 | - for($i = 0; $i < $length; $i++) |
|
| 293 | + for ($i = 0; $i < $length; $i++) |
|
| 294 | 294 | { |
| 295 | - $salt .= chr(33 + (crc32(sha1($i . $output)) % 94)); |
|
| 295 | + $salt .= chr(33 + (crc32(sha1($i.$output)) % 94)); |
|
| 296 | 296 | } |
| 297 | 297 | return $salt; |
| 298 | 298 | case 'alnum': |
| 299 | 299 | default: |
| 300 | 300 | $salt = substr(base64_encode($output), 0, $length); |
| 301 | - $replacements = chr(rand(65, 90)) . chr(rand(97, 122)) . rand(0, 9); |
|
| 301 | + $replacements = chr(rand(65, 90)).chr(rand(97, 122)).rand(0, 9); |
|
| 302 | 302 | return strtr($salt, '+/=', $replacements); |
| 303 | 303 | } |
| 304 | 304 | } |
@@ -310,15 +310,15 @@ discard block |
||
| 310 | 310 | */ |
| 311 | 311 | public function createTemporaryPassword($length = 16) |
| 312 | 312 | { |
| 313 | - while(true) |
|
| 313 | + while (true) |
|
| 314 | 314 | { |
| 315 | 315 | $source = base64_encode($this->createSecureSalt(64, 'binary')); |
| 316 | 316 | $source = strtr($source, 'iIoOjl10/', '@#$%&*-!?'); |
| 317 | 317 | $source_length = strlen($source); |
| 318 | - for($i = 0; $i < $source_length - $length; $i++) |
|
| 318 | + for ($i = 0; $i < $source_length - $length; $i++) |
|
| 319 | 319 | { |
| 320 | 320 | $candidate = substr($source, $i, $length); |
| 321 | - if(preg_match('/[a-z]/', $candidate) && preg_match('/[A-Z]/', $candidate) && |
|
| 321 | + if (preg_match('/[a-z]/', $candidate) && preg_match('/[A-Z]/', $candidate) && |
|
| 322 | 322 | preg_match('/[0-9]/', $candidate) && preg_match('/[^a-zA-Z0-9]/', $candidate)) |
| 323 | 323 | { |
| 324 | 324 | return $candidate; |
@@ -337,7 +337,7 @@ discard block |
||
| 337 | 337 | $key = self::getSecretKey(); |
| 338 | 338 | $salt = self::createSecureSalt(8, 'alnum'); |
| 339 | 339 | $hash = substr(base64_encode(hash_hmac('sha256', hash_hmac('sha256', $string, $salt), $key, true)), 0, 32); |
| 340 | - return $salt . strtr($hash, '+/', '-_'); |
|
| 340 | + return $salt.strtr($hash, '+/', '-_'); |
|
| 341 | 341 | } |
| 342 | 342 | |
| 343 | 343 | /** |
@@ -348,7 +348,7 @@ discard block |
||
| 348 | 348 | */ |
| 349 | 349 | public static function checkSignature($string, $signature) |
| 350 | 350 | { |
| 351 | - if(strlen($signature) !== 40) |
|
| 351 | + if (strlen($signature) !== 40) |
|
| 352 | 352 | { |
| 353 | 353 | return false; |
| 354 | 354 | } |
@@ -367,7 +367,7 @@ discard block |
||
| 367 | 367 | { |
| 368 | 368 | // If the secret key does not exist, the config file needs to be updated |
| 369 | 369 | $db_info = Context::getDbInfo(); |
| 370 | - if(!isset($db_info->secret_key)) |
|
| 370 | + if (!isset($db_info->secret_key)) |
|
| 371 | 371 | { |
| 372 | 372 | $db_info->secret_key = self::createSecureSalt(48, 'alnum'); |
| 373 | 373 | Context::setDBInfo($db_info); |
@@ -387,19 +387,19 @@ discard block |
||
| 387 | 387 | */ |
| 388 | 388 | public function pbkdf2($password, $salt, $algorithm = 'sha256', $iterations = 8192, $length = 24) |
| 389 | 389 | { |
| 390 | - if(function_exists('hash_pbkdf2')) |
|
| 390 | + if (function_exists('hash_pbkdf2')) |
|
| 391 | 391 | { |
| 392 | 392 | return hash_pbkdf2($algorithm, $password, $salt, $iterations, $length, true); |
| 393 | 393 | } |
| 394 | 394 | else |
| 395 | 395 | { |
| 396 | 396 | $output = ''; |
| 397 | - $block_count = ceil($length / strlen(hash($algorithm, '', true))); // key length divided by the length of one hash |
|
| 398 | - for($i = 1; $i <= $block_count; $i++) |
|
| 397 | + $block_count = ceil($length / strlen(hash($algorithm, '', true))); // key length divided by the length of one hash |
|
| 398 | + for ($i = 1; $i <= $block_count; $i++) |
|
| 399 | 399 | { |
| 400 | - $last = $salt . pack('N', $i); // $i encoded as 4 bytes, big endian |
|
| 401 | - $last = $xorsum = hash_hmac($algorithm, $last, $password, true); // first iteration |
|
| 402 | - for($j = 1; $j < $iterations; $j++) // The other $count - 1 iterations |
|
| 400 | + $last = $salt.pack('N', $i); // $i encoded as 4 bytes, big endian |
|
| 401 | + $last = $xorsum = hash_hmac($algorithm, $last, $password, true); // first iteration |
|
| 402 | + for ($j = 1; $j < $iterations; $j++) // The other $count - 1 iterations |
|
| 403 | 403 | { |
| 404 | 404 | $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true)); |
| 405 | 405 | } |
@@ -417,7 +417,7 @@ discard block |
||
| 417 | 417 | */ |
| 418 | 418 | public function bcrypt($password, $salt = null) |
| 419 | 419 | { |
| 420 | - if($salt === null) |
|
| 420 | + if ($salt === null) |
|
| 421 | 421 | { |
| 422 | 422 | $salt = '$2y$'.sprintf('%02d', $this->getWorkFactor()).'$'.$this->createSecureSalt(22, 'alnum'); |
| 423 | 423 | } |
@@ -434,7 +434,7 @@ discard block |
||
| 434 | 434 | { |
| 435 | 435 | $diff = strlen($a) ^ strlen($b); |
| 436 | 436 | $maxlen = min(strlen($a), strlen($b)); |
| 437 | - for($i = 0; $i < $maxlen; $i++) |
|
| 437 | + for ($i = 0; $i < $maxlen; $i++) |
|
| 438 | 438 | { |
| 439 | 439 | $diff |= ord($a[$i]) ^ ord($b[$i]); |
| 440 | 440 | } |
@@ -60,12 +60,10 @@ discard block |
||
| 60 | 60 | if($use_context) |
| 61 | 61 | { |
| 62 | 62 | $var = Context::get($varName0); |
| 63 | - } |
|
| 64 | - elseif($varName0) |
|
| 63 | + } elseif($varName0) |
|
| 65 | 64 | { |
| 66 | 65 | $var = $is_object ? $this->_targetVar->{$varName0} : $this->_targetVar[$varName0]; |
| 67 | - } |
|
| 68 | - else |
|
| 66 | + } else |
|
| 69 | 67 | { |
| 70 | 68 | $var = $this->_targetVar; |
| 71 | 69 | } |
@@ -79,19 +77,16 @@ discard block |
||
| 79 | 77 | if($use_context) |
| 80 | 78 | { |
| 81 | 79 | Context::set($varName0, $var); |
| 82 | - } |
|
| 83 | - elseif($varName0) |
|
| 80 | + } elseif($varName0) |
|
| 84 | 81 | { |
| 85 | 82 | if($is_object) |
| 86 | 83 | { |
| 87 | 84 | $this->_targetVar->{$varName0} = $var; |
| 88 | - } |
|
| 89 | - else |
|
| 85 | + } else |
|
| 90 | 86 | { |
| 91 | 87 | $this->_targetVar[$varName0] = $var; |
| 92 | 88 | } |
| 93 | - } |
|
| 94 | - else |
|
| 89 | + } else |
|
| 95 | 90 | { |
| 96 | 91 | $this->_targetVar = $var; |
| 97 | 92 | } |
@@ -142,8 +137,7 @@ discard block |
||
| 142 | 137 | if($is_object) |
| 143 | 138 | { |
| 144 | 139 | $var->{$name0} = $target; |
| 145 | - } |
|
| 146 | - else |
|
| 140 | + } else |
|
| 147 | 141 | { |
| 148 | 142 | $var[$name0] = $target; |
| 149 | 143 | } |
@@ -165,8 +159,7 @@ discard block |
||
| 165 | 159 | if($is_object) |
| 166 | 160 | { |
| 167 | 161 | $var->{$key} = $target; |
| 168 | - } |
|
| 169 | - else |
|
| 162 | + } else |
|
| 170 | 163 | { |
| 171 | 164 | $var[$key] = $target; |
| 172 | 165 | } |
@@ -185,7 +178,9 @@ discard block |
||
| 185 | 178 | */ |
| 186 | 179 | static function detectingXEE($xml) |
| 187 | 180 | { |
| 188 | - if(!$xml) return FALSE; |
|
| 181 | + if(!$xml) { |
|
| 182 | + return FALSE; |
|
| 183 | + } |
|
| 189 | 184 | |
| 190 | 185 | if(strpos($xml, '<!ENTITY') !== FALSE) |
| 191 | 186 | { |
@@ -37,15 +37,15 @@ discard block |
||
| 37 | 37 | function encodeHTML(/* , $varName1, $varName2, ... */) |
| 38 | 38 | { |
| 39 | 39 | $varNames = func_get_args(); |
| 40 | - if(count($varNames) < 0) |
|
| 40 | + if (count($varNames) < 0) |
|
| 41 | 41 | { |
| 42 | 42 | return FALSE; |
| 43 | 43 | } |
| 44 | 44 | |
| 45 | 45 | $use_context = is_null($this->_targetVar); |
| 46 | - if(!$use_context) |
|
| 46 | + if (!$use_context) |
|
| 47 | 47 | { |
| 48 | - if(!count($varNames) || (!is_object($this->_targetVar) && !is_array($this->_targetVar))) |
|
| 48 | + if (!count($varNames) || (!is_object($this->_targetVar) && !is_array($this->_targetVar))) |
|
| 49 | 49 | { |
| 50 | 50 | return $this->_encodeHTML($this->_targetVar); |
| 51 | 51 | } |
@@ -53,15 +53,15 @@ discard block |
||
| 53 | 53 | $is_object = is_object($this->_targetVar); |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | - foreach($varNames as $varName) |
|
| 56 | + foreach ($varNames as $varName) |
|
| 57 | 57 | { |
| 58 | 58 | $varName = explode('.', $varName); |
| 59 | 59 | $varName0 = array_shift($varName); |
| 60 | - if($use_context) |
|
| 60 | + if ($use_context) |
|
| 61 | 61 | { |
| 62 | 62 | $var = Context::get($varName0); |
| 63 | 63 | } |
| 64 | - elseif($varName0) |
|
| 64 | + elseif ($varName0) |
|
| 65 | 65 | { |
| 66 | 66 | $var = $is_object ? $this->_targetVar->{$varName0} : $this->_targetVar[$varName0]; |
| 67 | 67 | } |
@@ -71,18 +71,18 @@ discard block |
||
| 71 | 71 | } |
| 72 | 72 | $var = $this->_encodeHTML($var, $varName); |
| 73 | 73 | |
| 74 | - if($var === FALSE) |
|
| 74 | + if ($var === FALSE) |
|
| 75 | 75 | { |
| 76 | 76 | continue; |
| 77 | 77 | } |
| 78 | 78 | |
| 79 | - if($use_context) |
|
| 79 | + if ($use_context) |
|
| 80 | 80 | { |
| 81 | 81 | Context::set($varName0, $var); |
| 82 | 82 | } |
| 83 | - elseif($varName0) |
|
| 83 | + elseif ($varName0) |
|
| 84 | 84 | { |
| 85 | - if($is_object) |
|
| 85 | + if ($is_object) |
|
| 86 | 86 | { |
| 87 | 87 | $this->_targetVar->{$varName0} = $var; |
| 88 | 88 | } |
@@ -97,7 +97,7 @@ discard block |
||
| 97 | 97 | } |
| 98 | 98 | } |
| 99 | 99 | |
| 100 | - if(!$use_context) |
|
| 100 | + if (!$use_context) |
|
| 101 | 101 | { |
| 102 | 102 | return $this->_targetVar; |
| 103 | 103 | } |
@@ -111,9 +111,9 @@ discard block |
||
| 111 | 111 | */ |
| 112 | 112 | function _encodeHTML($var, $name = array()) |
| 113 | 113 | { |
| 114 | - if(is_string($var)) |
|
| 114 | + if (is_string($var)) |
|
| 115 | 115 | { |
| 116 | - if(strncmp('$user_lang->', $var, 12) !== 0) |
|
| 116 | + if (strncmp('$user_lang->', $var, 12) !== 0) |
|
| 117 | 117 | { |
| 118 | 118 | $var = htmlspecialchars($var, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); |
| 119 | 119 | } |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | return $var; |
| 122 | 122 | } |
| 123 | 123 | |
| 124 | - if(!count($name) || (!is_array($var) && !is_object($var))) |
|
| 124 | + if (!count($name) || (!is_array($var) && !is_object($var))) |
|
| 125 | 125 | { |
| 126 | 126 | return false; |
| 127 | 127 | } |
@@ -129,17 +129,17 @@ discard block |
||
| 129 | 129 | $is_object = is_object($var); |
| 130 | 130 | $name0 = array_shift($name); |
| 131 | 131 | |
| 132 | - if(strlen($name0)) |
|
| 132 | + if (strlen($name0)) |
|
| 133 | 133 | { |
| 134 | 134 | $target = $is_object ? $var->{$name0} : $var[$name0]; |
| 135 | 135 | $target = $this->_encodeHTML($target, $name); |
| 136 | 136 | |
| 137 | - if($target === false) |
|
| 137 | + if ($target === false) |
|
| 138 | 138 | { |
| 139 | 139 | return $var; |
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - if($is_object) |
|
| 142 | + if ($is_object) |
|
| 143 | 143 | { |
| 144 | 144 | $var->{$name0} = $target; |
| 145 | 145 | } |
@@ -151,18 +151,18 @@ discard block |
||
| 151 | 151 | return $var; |
| 152 | 152 | } |
| 153 | 153 | |
| 154 | - foreach($var as $key => $target) |
|
| 154 | + foreach ($var as $key => $target) |
|
| 155 | 155 | { |
| 156 | 156 | $cloned_name = array_slice($name, 0); |
| 157 | 157 | $target = $this->_encodeHTML($target, $name); |
| 158 | 158 | $name = $cloned_name; |
| 159 | 159 | |
| 160 | - if($target === false) |
|
| 160 | + if ($target === false) |
|
| 161 | 161 | { |
| 162 | 162 | continue; |
| 163 | 163 | } |
| 164 | 164 | |
| 165 | - if($is_object) |
|
| 165 | + if ($is_object) |
|
| 166 | 166 | { |
| 167 | 167 | $var->{$key} = $target; |
| 168 | 168 | } |
@@ -185,9 +185,9 @@ discard block |
||
| 185 | 185 | */ |
| 186 | 186 | static function detectingXEE($xml) |
| 187 | 187 | { |
| 188 | - if(!$xml) return FALSE; |
|
| 188 | + if (!$xml) return FALSE; |
|
| 189 | 189 | |
| 190 | - if(strpos($xml, '<!ENTITY') !== FALSE) |
|
| 190 | + if (strpos($xml, '<!ENTITY') !== FALSE) |
|
| 191 | 191 | { |
| 192 | 192 | return TRUE; |
| 193 | 193 | } |
@@ -195,7 +195,7 @@ discard block |
||
| 195 | 195 | // Strip XML declaration. |
| 196 | 196 | $header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xml, 0, 100), 1); |
| 197 | 197 | $xml = trim(substr_replace($xml, $header, 0, 100)); |
| 198 | - if($xml == '') |
|
| 198 | + if ($xml == '') |
|
| 199 | 199 | { |
| 200 | 200 | return TRUE; |
| 201 | 201 | } |
@@ -203,7 +203,7 @@ discard block |
||
| 203 | 203 | // Strip DTD. |
| 204 | 204 | $header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1); |
| 205 | 205 | $xml = trim(substr_replace($xml, $header, 0, 200)); |
| 206 | - if($xml == '') |
|
| 206 | + if ($xml == '') |
|
| 207 | 207 | { |
| 208 | 208 | return TRUE; |
| 209 | 209 | } |
@@ -212,12 +212,12 @@ discard block |
||
| 212 | 212 | $root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n")); |
| 213 | 213 | |
| 214 | 214 | // Reject a second DTD. |
| 215 | - if(strtoupper($root_tag) == '<!DOCTYPE') |
|
| 215 | + if (strtoupper($root_tag) == '<!DOCTYPE') |
|
| 216 | 216 | { |
| 217 | 217 | return TRUE; |
| 218 | 218 | } |
| 219 | 219 | |
| 220 | - if(!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault'))) |
|
| 220 | + if (!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault'))) |
|
| 221 | 221 | { |
| 222 | 222 | return TRUE; |
| 223 | 223 | } |
@@ -7,20 +7,20 @@ |
||
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) { |
| 10 | - // We need unregister for our pre-registering functionality |
|
| 11 | - HTMLPurifier_Bootstrap::registerAutoload(); |
|
| 12 | - if (function_exists('__autoload')) { |
|
| 13 | - // Be polite and ensure that userland autoload gets retained |
|
| 14 | - spl_autoload_register('__autoload'); |
|
| 15 | - } |
|
| 10 | + // We need unregister for our pre-registering functionality |
|
| 11 | + HTMLPurifier_Bootstrap::registerAutoload(); |
|
| 12 | + if (function_exists('__autoload')) { |
|
| 13 | + // Be polite and ensure that userland autoload gets retained |
|
| 14 | + spl_autoload_register('__autoload'); |
|
| 15 | + } |
|
| 16 | 16 | } elseif (!function_exists('__autoload')) { |
| 17 | - function __autoload($class) { |
|
| 18 | - return HTMLPurifier_Bootstrap::autoload($class); |
|
| 19 | - } |
|
| 17 | + function __autoload($class) { |
|
| 18 | + return HTMLPurifier_Bootstrap::autoload($class); |
|
| 19 | + } |
|
| 20 | 20 | } |
| 21 | 21 | |
| 22 | 22 | if (ini_get('zend.ze1_compatibility_mode')) { |
| 23 | - trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR); |
|
| 23 | + trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR); |
|
| 24 | 24 | } |
| 25 | 25 | |
| 26 | 26 | // vim: et sw=4 sts=4 |
@@ -13,11 +13,11 @@ |
||
| 13 | 13 | * HTMLPurifier_Config::create() |
| 14 | 14 | */ |
| 15 | 15 | function HTMLPurifier($html, $config = null) { |
| 16 | - static $purifier = false; |
|
| 17 | - if (!$purifier) { |
|
| 18 | - $purifier = new HTMLPurifier(); |
|
| 19 | - } |
|
| 20 | - return $purifier->purify($html, $config); |
|
| 16 | + static $purifier = false; |
|
| 17 | + if (!$purifier) { |
|
| 18 | + $purifier = new HTMLPurifier(); |
|
| 19 | + } |
|
| 20 | + return $purifier->purify($html, $config); |
|
| 21 | 21 | } |
| 22 | 22 | |
| 23 | 23 | // vim: et sw=4 sts=4 |
@@ -8,23 +8,23 @@ |
||
| 8 | 8 | require_once dirname(__FILE__) . '/HTMLPurifier.auto.php'; |
| 9 | 9 | |
| 10 | 10 | function kses($string, $allowed_html, $allowed_protocols = null) { |
| 11 | - $config = HTMLPurifier_Config::createDefault(); |
|
| 12 | - $allowed_elements = array(); |
|
| 13 | - $allowed_attributes = array(); |
|
| 14 | - foreach ($allowed_html as $element => $attributes) { |
|
| 15 | - $allowed_elements[$element] = true; |
|
| 16 | - foreach ($attributes as $attribute => $x) { |
|
| 17 | - $allowed_attributes["$element.$attribute"] = true; |
|
| 18 | - } |
|
| 19 | - } |
|
| 20 | - $config->set('HTML.AllowedElements', $allowed_elements); |
|
| 21 | - $config->set('HTML.AllowedAttributes', $allowed_attributes); |
|
| 22 | - $allowed_schemes = array(); |
|
| 23 | - if ($allowed_protocols !== null) { |
|
| 24 | - $config->set('URI.AllowedSchemes', $allowed_protocols); |
|
| 25 | - } |
|
| 26 | - $purifier = new HTMLPurifier($config); |
|
| 27 | - return $purifier->purify($string); |
|
| 11 | + $config = HTMLPurifier_Config::createDefault(); |
|
| 12 | + $allowed_elements = array(); |
|
| 13 | + $allowed_attributes = array(); |
|
| 14 | + foreach ($allowed_html as $element => $attributes) { |
|
| 15 | + $allowed_elements[$element] = true; |
|
| 16 | + foreach ($attributes as $attribute => $x) { |
|
| 17 | + $allowed_attributes["$element.$attribute"] = true; |
|
| 18 | + } |
|
| 19 | + } |
|
| 20 | + $config->set('HTML.AllowedElements', $allowed_elements); |
|
| 21 | + $config->set('HTML.AllowedAttributes', $allowed_attributes); |
|
| 22 | + $allowed_schemes = array(); |
|
| 23 | + if ($allowed_protocols !== null) { |
|
| 24 | + $config->set('URI.AllowedSchemes', $allowed_protocols); |
|
| 25 | + } |
|
| 26 | + $purifier = new HTMLPurifier($config); |
|
| 27 | + return $purifier->purify($string); |
|
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | // vim: et sw=4 sts=4 |
@@ -5,7 +5,7 @@ |
||
| 5 | 5 | * Emulation layer for code that used kses(), substituting in HTML Purifier. |
| 6 | 6 | */ |
| 7 | 7 | |
| 8 | -require_once dirname(__FILE__) . '/HTMLPurifier.auto.php'; |
|
| 8 | +require_once dirname(__FILE__).'/HTMLPurifier.auto.php'; |
|
| 9 | 9 | |
| 10 | 10 | function kses($string, $allowed_html, $allowed_protocols = null) { |
| 11 | 11 | $config = HTMLPurifier_Config::createDefault(); |
@@ -54,183 +54,183 @@ |
||
| 54 | 54 | class HTMLPurifier |
| 55 | 55 | { |
| 56 | 56 | |
| 57 | - /** Version of HTML Purifier */ |
|
| 58 | - public $version = '4.4.0'; |
|
| 59 | - |
|
| 60 | - /** Constant with version of HTML Purifier */ |
|
| 61 | - const VERSION = '4.4.0'; |
|
| 62 | - |
|
| 63 | - /** Global configuration object */ |
|
| 64 | - public $config; |
|
| 65 | - |
|
| 66 | - /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */ |
|
| 67 | - private $filters = array(); |
|
| 68 | - |
|
| 69 | - /** Single instance of HTML Purifier */ |
|
| 70 | - private static $instance; |
|
| 71 | - |
|
| 72 | - protected $strategy, $generator; |
|
| 73 | - |
|
| 74 | - /** |
|
| 75 | - * Resultant HTMLPurifier_Context of last run purification. Is an array |
|
| 76 | - * of contexts if the last called method was purifyArray(). |
|
| 77 | - */ |
|
| 78 | - public $context; |
|
| 79 | - |
|
| 80 | - /** |
|
| 81 | - * Initializes the purifier. |
|
| 82 | - * @param $config Optional HTMLPurifier_Config object for all instances of |
|
| 83 | - * the purifier, if omitted, a default configuration is |
|
| 84 | - * supplied (which can be overridden on a per-use basis). |
|
| 85 | - * The parameter can also be any type that |
|
| 86 | - * HTMLPurifier_Config::create() supports. |
|
| 87 | - */ |
|
| 88 | - public function __construct($config = null) { |
|
| 89 | - |
|
| 90 | - $this->config = HTMLPurifier_Config::create($config); |
|
| 91 | - |
|
| 92 | - $this->strategy = new HTMLPurifier_Strategy_Core(); |
|
| 93 | - |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - /** |
|
| 97 | - * Adds a filter to process the output. First come first serve |
|
| 98 | - * @param $filter HTMLPurifier_Filter object |
|
| 99 | - */ |
|
| 100 | - public function addFilter($filter) { |
|
| 101 | - trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING); |
|
| 102 | - $this->filters[] = $filter; |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - /** |
|
| 106 | - * Filters an HTML snippet/document to be XSS-free and standards-compliant. |
|
| 107 | - * |
|
| 108 | - * @param $html String of HTML to purify |
|
| 109 | - * @param $config HTMLPurifier_Config object for this operation, if omitted, |
|
| 110 | - * defaults to the config object specified during this |
|
| 111 | - * object's construction. The parameter can also be any type |
|
| 112 | - * that HTMLPurifier_Config::create() supports. |
|
| 113 | - * @return Purified HTML |
|
| 114 | - */ |
|
| 115 | - public function purify($html, $config = null) { |
|
| 116 | - |
|
| 117 | - // :TODO: make the config merge in, instead of replace |
|
| 118 | - $config = $config ? HTMLPurifier_Config::create($config) : $this->config; |
|
| 119 | - |
|
| 120 | - // implementation is partially environment dependant, partially |
|
| 121 | - // configuration dependant |
|
| 122 | - $lexer = HTMLPurifier_Lexer::create($config); |
|
| 123 | - |
|
| 124 | - $context = new HTMLPurifier_Context(); |
|
| 125 | - |
|
| 126 | - // setup HTML generator |
|
| 127 | - $this->generator = new HTMLPurifier_Generator($config, $context); |
|
| 128 | - $context->register('Generator', $this->generator); |
|
| 129 | - |
|
| 130 | - // set up global context variables |
|
| 131 | - if ($config->get('Core.CollectErrors')) { |
|
| 132 | - // may get moved out if other facilities use it |
|
| 133 | - $language_factory = HTMLPurifier_LanguageFactory::instance(); |
|
| 134 | - $language = $language_factory->create($config, $context); |
|
| 135 | - $context->register('Locale', $language); |
|
| 136 | - |
|
| 137 | - $error_collector = new HTMLPurifier_ErrorCollector($context); |
|
| 138 | - $context->register('ErrorCollector', $error_collector); |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - // setup id_accumulator context, necessary due to the fact that |
|
| 142 | - // AttrValidator can be called from many places |
|
| 143 | - $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 144 | - $context->register('IDAccumulator', $id_accumulator); |
|
| 145 | - |
|
| 146 | - $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context); |
|
| 147 | - |
|
| 148 | - // setup filters |
|
| 149 | - $filter_flags = $config->getBatch('Filter'); |
|
| 150 | - $custom_filters = $filter_flags['Custom']; |
|
| 151 | - unset($filter_flags['Custom']); |
|
| 152 | - $filters = array(); |
|
| 153 | - foreach ($filter_flags as $filter => $flag) { |
|
| 154 | - if (!$flag) continue; |
|
| 155 | - if (strpos($filter, '.') !== false) continue; |
|
| 156 | - $class = "HTMLPurifier_Filter_$filter"; |
|
| 157 | - $filters[] = new $class; |
|
| 158 | - } |
|
| 159 | - foreach ($custom_filters as $filter) { |
|
| 160 | - // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat |
|
| 161 | - $filters[] = $filter; |
|
| 162 | - } |
|
| 163 | - $filters = array_merge($filters, $this->filters); |
|
| 164 | - // maybe prepare(), but later |
|
| 165 | - |
|
| 166 | - for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) { |
|
| 167 | - $html = $filters[$i]->preFilter($html, $config, $context); |
|
| 168 | - } |
|
| 169 | - |
|
| 170 | - // purified HTML |
|
| 171 | - $html = |
|
| 172 | - $this->generator->generateFromTokens( |
|
| 173 | - // list of tokens |
|
| 174 | - $this->strategy->execute( |
|
| 175 | - // list of un-purified tokens |
|
| 176 | - $lexer->tokenizeHTML( |
|
| 177 | - // un-purified HTML |
|
| 178 | - $html, $config, $context |
|
| 179 | - ), |
|
| 180 | - $config, $context |
|
| 181 | - ) |
|
| 182 | - ); |
|
| 183 | - |
|
| 184 | - for ($i = $filter_size - 1; $i >= 0; $i--) { |
|
| 185 | - $html = $filters[$i]->postFilter($html, $config, $context); |
|
| 186 | - } |
|
| 187 | - |
|
| 188 | - $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context); |
|
| 189 | - $this->context =& $context; |
|
| 190 | - return $html; |
|
| 191 | - } |
|
| 192 | - |
|
| 193 | - /** |
|
| 194 | - * Filters an array of HTML snippets |
|
| 195 | - * @param $config Optional HTMLPurifier_Config object for this operation. |
|
| 196 | - * See HTMLPurifier::purify() for more details. |
|
| 197 | - * @return Array of purified HTML |
|
| 198 | - */ |
|
| 199 | - public function purifyArray($array_of_html, $config = null) { |
|
| 200 | - $context_array = array(); |
|
| 201 | - foreach ($array_of_html as $key => $html) { |
|
| 202 | - $array_of_html[$key] = $this->purify($html, $config); |
|
| 203 | - $context_array[$key] = $this->context; |
|
| 204 | - } |
|
| 205 | - $this->context = $context_array; |
|
| 206 | - return $array_of_html; |
|
| 207 | - } |
|
| 208 | - |
|
| 209 | - /** |
|
| 210 | - * Singleton for enforcing just one HTML Purifier in your system |
|
| 211 | - * @param $prototype Optional prototype HTMLPurifier instance to |
|
| 212 | - * overload singleton with, or HTMLPurifier_Config |
|
| 213 | - * instance to configure the generated version with. |
|
| 214 | - */ |
|
| 215 | - public static function instance($prototype = null) { |
|
| 216 | - if (!self::$instance || $prototype) { |
|
| 217 | - if ($prototype instanceof HTMLPurifier) { |
|
| 218 | - self::$instance = $prototype; |
|
| 219 | - } elseif ($prototype) { |
|
| 220 | - self::$instance = new HTMLPurifier($prototype); |
|
| 221 | - } else { |
|
| 222 | - self::$instance = new HTMLPurifier(); |
|
| 223 | - } |
|
| 224 | - } |
|
| 225 | - return self::$instance; |
|
| 226 | - } |
|
| 227 | - |
|
| 228 | - /** |
|
| 229 | - * @note Backwards compatibility, see instance() |
|
| 230 | - */ |
|
| 231 | - public static function getInstance($prototype = null) { |
|
| 232 | - return HTMLPurifier::instance($prototype); |
|
| 233 | - } |
|
| 57 | + /** Version of HTML Purifier */ |
|
| 58 | + public $version = '4.4.0'; |
|
| 59 | + |
|
| 60 | + /** Constant with version of HTML Purifier */ |
|
| 61 | + const VERSION = '4.4.0'; |
|
| 62 | + |
|
| 63 | + /** Global configuration object */ |
|
| 64 | + public $config; |
|
| 65 | + |
|
| 66 | + /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */ |
|
| 67 | + private $filters = array(); |
|
| 68 | + |
|
| 69 | + /** Single instance of HTML Purifier */ |
|
| 70 | + private static $instance; |
|
| 71 | + |
|
| 72 | + protected $strategy, $generator; |
|
| 73 | + |
|
| 74 | + /** |
|
| 75 | + * Resultant HTMLPurifier_Context of last run purification. Is an array |
|
| 76 | + * of contexts if the last called method was purifyArray(). |
|
| 77 | + */ |
|
| 78 | + public $context; |
|
| 79 | + |
|
| 80 | + /** |
|
| 81 | + * Initializes the purifier. |
|
| 82 | + * @param $config Optional HTMLPurifier_Config object for all instances of |
|
| 83 | + * the purifier, if omitted, a default configuration is |
|
| 84 | + * supplied (which can be overridden on a per-use basis). |
|
| 85 | + * The parameter can also be any type that |
|
| 86 | + * HTMLPurifier_Config::create() supports. |
|
| 87 | + */ |
|
| 88 | + public function __construct($config = null) { |
|
| 89 | + |
|
| 90 | + $this->config = HTMLPurifier_Config::create($config); |
|
| 91 | + |
|
| 92 | + $this->strategy = new HTMLPurifier_Strategy_Core(); |
|
| 93 | + |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + /** |
|
| 97 | + * Adds a filter to process the output. First come first serve |
|
| 98 | + * @param $filter HTMLPurifier_Filter object |
|
| 99 | + */ |
|
| 100 | + public function addFilter($filter) { |
|
| 101 | + trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING); |
|
| 102 | + $this->filters[] = $filter; |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + /** |
|
| 106 | + * Filters an HTML snippet/document to be XSS-free and standards-compliant. |
|
| 107 | + * |
|
| 108 | + * @param $html String of HTML to purify |
|
| 109 | + * @param $config HTMLPurifier_Config object for this operation, if omitted, |
|
| 110 | + * defaults to the config object specified during this |
|
| 111 | + * object's construction. The parameter can also be any type |
|
| 112 | + * that HTMLPurifier_Config::create() supports. |
|
| 113 | + * @return Purified HTML |
|
| 114 | + */ |
|
| 115 | + public function purify($html, $config = null) { |
|
| 116 | + |
|
| 117 | + // :TODO: make the config merge in, instead of replace |
|
| 118 | + $config = $config ? HTMLPurifier_Config::create($config) : $this->config; |
|
| 119 | + |
|
| 120 | + // implementation is partially environment dependant, partially |
|
| 121 | + // configuration dependant |
|
| 122 | + $lexer = HTMLPurifier_Lexer::create($config); |
|
| 123 | + |
|
| 124 | + $context = new HTMLPurifier_Context(); |
|
| 125 | + |
|
| 126 | + // setup HTML generator |
|
| 127 | + $this->generator = new HTMLPurifier_Generator($config, $context); |
|
| 128 | + $context->register('Generator', $this->generator); |
|
| 129 | + |
|
| 130 | + // set up global context variables |
|
| 131 | + if ($config->get('Core.CollectErrors')) { |
|
| 132 | + // may get moved out if other facilities use it |
|
| 133 | + $language_factory = HTMLPurifier_LanguageFactory::instance(); |
|
| 134 | + $language = $language_factory->create($config, $context); |
|
| 135 | + $context->register('Locale', $language); |
|
| 136 | + |
|
| 137 | + $error_collector = new HTMLPurifier_ErrorCollector($context); |
|
| 138 | + $context->register('ErrorCollector', $error_collector); |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + // setup id_accumulator context, necessary due to the fact that |
|
| 142 | + // AttrValidator can be called from many places |
|
| 143 | + $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 144 | + $context->register('IDAccumulator', $id_accumulator); |
|
| 145 | + |
|
| 146 | + $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context); |
|
| 147 | + |
|
| 148 | + // setup filters |
|
| 149 | + $filter_flags = $config->getBatch('Filter'); |
|
| 150 | + $custom_filters = $filter_flags['Custom']; |
|
| 151 | + unset($filter_flags['Custom']); |
|
| 152 | + $filters = array(); |
|
| 153 | + foreach ($filter_flags as $filter => $flag) { |
|
| 154 | + if (!$flag) continue; |
|
| 155 | + if (strpos($filter, '.') !== false) continue; |
|
| 156 | + $class = "HTMLPurifier_Filter_$filter"; |
|
| 157 | + $filters[] = new $class; |
|
| 158 | + } |
|
| 159 | + foreach ($custom_filters as $filter) { |
|
| 160 | + // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat |
|
| 161 | + $filters[] = $filter; |
|
| 162 | + } |
|
| 163 | + $filters = array_merge($filters, $this->filters); |
|
| 164 | + // maybe prepare(), but later |
|
| 165 | + |
|
| 166 | + for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) { |
|
| 167 | + $html = $filters[$i]->preFilter($html, $config, $context); |
|
| 168 | + } |
|
| 169 | + |
|
| 170 | + // purified HTML |
|
| 171 | + $html = |
|
| 172 | + $this->generator->generateFromTokens( |
|
| 173 | + // list of tokens |
|
| 174 | + $this->strategy->execute( |
|
| 175 | + // list of un-purified tokens |
|
| 176 | + $lexer->tokenizeHTML( |
|
| 177 | + // un-purified HTML |
|
| 178 | + $html, $config, $context |
|
| 179 | + ), |
|
| 180 | + $config, $context |
|
| 181 | + ) |
|
| 182 | + ); |
|
| 183 | + |
|
| 184 | + for ($i = $filter_size - 1; $i >= 0; $i--) { |
|
| 185 | + $html = $filters[$i]->postFilter($html, $config, $context); |
|
| 186 | + } |
|
| 187 | + |
|
| 188 | + $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context); |
|
| 189 | + $this->context =& $context; |
|
| 190 | + return $html; |
|
| 191 | + } |
|
| 192 | + |
|
| 193 | + /** |
|
| 194 | + * Filters an array of HTML snippets |
|
| 195 | + * @param $config Optional HTMLPurifier_Config object for this operation. |
|
| 196 | + * See HTMLPurifier::purify() for more details. |
|
| 197 | + * @return Array of purified HTML |
|
| 198 | + */ |
|
| 199 | + public function purifyArray($array_of_html, $config = null) { |
|
| 200 | + $context_array = array(); |
|
| 201 | + foreach ($array_of_html as $key => $html) { |
|
| 202 | + $array_of_html[$key] = $this->purify($html, $config); |
|
| 203 | + $context_array[$key] = $this->context; |
|
| 204 | + } |
|
| 205 | + $this->context = $context_array; |
|
| 206 | + return $array_of_html; |
|
| 207 | + } |
|
| 208 | + |
|
| 209 | + /** |
|
| 210 | + * Singleton for enforcing just one HTML Purifier in your system |
|
| 211 | + * @param $prototype Optional prototype HTMLPurifier instance to |
|
| 212 | + * overload singleton with, or HTMLPurifier_Config |
|
| 213 | + * instance to configure the generated version with. |
|
| 214 | + */ |
|
| 215 | + public static function instance($prototype = null) { |
|
| 216 | + if (!self::$instance || $prototype) { |
|
| 217 | + if ($prototype instanceof HTMLPurifier) { |
|
| 218 | + self::$instance = $prototype; |
|
| 219 | + } elseif ($prototype) { |
|
| 220 | + self::$instance = new HTMLPurifier($prototype); |
|
| 221 | + } else { |
|
| 222 | + self::$instance = new HTMLPurifier(); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + return self::$instance; |
|
| 226 | + } |
|
| 227 | + |
|
| 228 | + /** |
|
| 229 | + * @note Backwards compatibility, see instance() |
|
| 230 | + */ |
|
| 231 | + public static function getInstance($prototype = null) { |
|
| 232 | + return HTMLPurifier::instance($prototype); |
|
| 233 | + } |
|
| 234 | 234 | |
| 235 | 235 | } |
| 236 | 236 | |
@@ -89,7 +89,7 @@ discard block |
||
| 89 | 89 | |
| 90 | 90 | $this->config = HTMLPurifier_Config::create($config); |
| 91 | 91 | |
| 92 | - $this->strategy = new HTMLPurifier_Strategy_Core(); |
|
| 92 | + $this->strategy = new HTMLPurifier_Strategy_Core(); |
|
| 93 | 93 | |
| 94 | 94 | } |
| 95 | 95 | |
@@ -186,7 +186,7 @@ discard block |
||
| 186 | 186 | } |
| 187 | 187 | |
| 188 | 188 | $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context); |
| 189 | - $this->context =& $context; |
|
| 189 | + $this->context = & $context; |
|
| 190 | 190 | return $html; |
| 191 | 191 | } |
| 192 | 192 | |
@@ -151,8 +151,12 @@ |
||
| 151 | 151 | unset($filter_flags['Custom']); |
| 152 | 152 | $filters = array(); |
| 153 | 153 | foreach ($filter_flags as $filter => $flag) { |
| 154 | - if (!$flag) continue; |
|
| 155 | - if (strpos($filter, '.') !== false) continue; |
|
| 154 | + if (!$flag) { |
|
| 155 | + continue; |
|
| 156 | + } |
|
| 157 | + if (strpos($filter, '.') !== false) { |
|
| 158 | + continue; |
|
| 159 | + } |
|
| 156 | 160 | $class = "HTMLPurifier_Filter_$filter"; |
| 157 | 161 | $filters[] = new $class; |
| 158 | 162 | } |
