xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier.func.php

Indentation +5 added lines, -5 removed lines

@@ -13,11 +13,11 @@
  *        HTMLPurifier_Config::create()
  */
 function HTMLPurifier($html, $config = null) {
-    static $purifier = false;
-    if (!$purifier) {
-        $purifier = new HTMLPurifier();
-    }
-    return $purifier->purify($html, $config);
+	static $purifier = false;
+	if (!$purifier) {
+		$purifier = new HTMLPurifier();
+	}
+	return $purifier->purify($html, $config);
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier.kses.php

Indentation +17 added lines, -17 removed lines

@@ -8,23 +8,23 @@
 require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
 
 function kses($string, $allowed_html, $allowed_protocols = null) {
-    $config = HTMLPurifier_Config::createDefault();
-    $allowed_elements = array();
-    $allowed_attributes = array();
-    foreach ($allowed_html as $element => $attributes) {
-        $allowed_elements[$element] = true;
-        foreach ($attributes as $attribute => $x) {
-            $allowed_attributes["$element.$attribute"] = true;
-        }
-    }
-    $config->set('HTML.AllowedElements', $allowed_elements);
-    $config->set('HTML.AllowedAttributes', $allowed_attributes);
-    $allowed_schemes = array();
-    if ($allowed_protocols !== null) {
-        $config->set('URI.AllowedSchemes', $allowed_protocols);
-    }
-    $purifier = new HTMLPurifier($config);
-    return $purifier->purify($string);
+	$config = HTMLPurifier_Config::createDefault();
+	$allowed_elements = array();
+	$allowed_attributes = array();
+	foreach ($allowed_html as $element => $attributes) {
+		$allowed_elements[$element] = true;
+		foreach ($attributes as $attribute => $x) {
+			$allowed_attributes["$element.$attribute"] = true;
+		}
+	}
+	$config->set('HTML.AllowedElements', $allowed_elements);
+	$config->set('HTML.AllowedAttributes', $allowed_attributes);
+	$allowed_schemes = array();
+	if ($allowed_protocols !== null) {
+		$config->set('URI.AllowedSchemes', $allowed_protocols);
+	}
+	$purifier = new HTMLPurifier($config);
+	return $purifier->purify($string);
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -5,7 +5,7 @@
  * Emulation layer for code that used kses(), substituting in HTML Purifier.
  */
 
-require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
+require_once dirname(__FILE__).'/HTMLPurifier.auto.php';
 
 function kses($string, $allowed_html, $allowed_protocols = null) {
     $config = HTMLPurifier_Config::createDefault();

classes/security/htmlpurifier/library/HTMLPurifier.php

Indentation +177 added lines, -177 removed lines

@@ -54,183 +54,183 @@
 class HTMLPurifier
 {
 
-    /** Version of HTML Purifier */
-    public $version = '4.4.0';
-
-    /** Constant with version of HTML Purifier */
-    const VERSION = '4.4.0';
-
-    /** Global configuration object */
-    public $config;
-
-    /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
-    private $filters = array();
-
-    /** Single instance of HTML Purifier */
-    private static $instance;
-
-    protected $strategy, $generator;
-
-    /**
-     * Resultant HTMLPurifier_Context of last run purification. Is an array
-     * of contexts if the last called method was purifyArray().
-     */
-    public $context;
-
-    /**
-     * Initializes the purifier.
-     * @param $config Optional HTMLPurifier_Config object for all instances of
-     *                the purifier, if omitted, a default configuration is
-     *                supplied (which can be overridden on a per-use basis).
-     *                The parameter can also be any type that
-     *                HTMLPurifier_Config::create() supports.
-     */
-    public function __construct($config = null) {
-
-        $this->config = HTMLPurifier_Config::create($config);
-
-        $this->strategy     = new HTMLPurifier_Strategy_Core();
-
-    }
-
-    /**
-     * Adds a filter to process the output. First come first serve
-     * @param $filter HTMLPurifier_Filter object
-     */
-    public function addFilter($filter) {
-        trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
-        $this->filters[] = $filter;
-    }
-
-    /**
-     * Filters an HTML snippet/document to be XSS-free and standards-compliant.
-     *
-     * @param $html String of HTML to purify
-     * @param $config HTMLPurifier_Config object for this operation, if omitted,
-     *                defaults to the config object specified during this
-     *                object's construction. The parameter can also be any type
-     *                that HTMLPurifier_Config::create() supports.
-     * @return Purified HTML
-     */
-    public function purify($html, $config = null) {
-
-        // :TODO: make the config merge in, instead of replace
-        $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
-
-        // implementation is partially environment dependant, partially
-        // configuration dependant
-        $lexer = HTMLPurifier_Lexer::create($config);
-
-        $context = new HTMLPurifier_Context();
-
-        // setup HTML generator
-        $this->generator = new HTMLPurifier_Generator($config, $context);
-        $context->register('Generator', $this->generator);
-
-        // set up global context variables
-        if ($config->get('Core.CollectErrors')) {
-            // may get moved out if other facilities use it
-            $language_factory = HTMLPurifier_LanguageFactory::instance();
-            $language = $language_factory->create($config, $context);
-            $context->register('Locale', $language);
-
-            $error_collector = new HTMLPurifier_ErrorCollector($context);
-            $context->register('ErrorCollector', $error_collector);
-        }
-
-        // setup id_accumulator context, necessary due to the fact that
-        // AttrValidator can be called from many places
-        $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
-        $context->register('IDAccumulator', $id_accumulator);
-
-        $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
-
-        // setup filters
-        $filter_flags = $config->getBatch('Filter');
-        $custom_filters = $filter_flags['Custom'];
-        unset($filter_flags['Custom']);
-        $filters = array();
-        foreach ($filter_flags as $filter => $flag) {
-            if (!$flag) continue;
-            if (strpos($filter, '.') !== false) continue;
-            $class = "HTMLPurifier_Filter_$filter";
-            $filters[] = new $class;
-        }
-        foreach ($custom_filters as $filter) {
-            // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
-            $filters[] = $filter;
-        }
-        $filters = array_merge($filters, $this->filters);
-        // maybe prepare(), but later
-
-        for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
-            $html = $filters[$i]->preFilter($html, $config, $context);
-        }
-
-        // purified HTML
-        $html =
-            $this->generator->generateFromTokens(
-                // list of tokens
-                $this->strategy->execute(
-                    // list of un-purified tokens
-                    $lexer->tokenizeHTML(
-                        // un-purified HTML
-                        $html, $config, $context
-                    ),
-                    $config, $context
-                )
-            );
-
-        for ($i = $filter_size - 1; $i >= 0; $i--) {
-            $html = $filters[$i]->postFilter($html, $config, $context);
-        }
-
-        $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
-        $this->context =& $context;
-        return $html;
-    }
-
-    /**
-     * Filters an array of HTML snippets
-     * @param $config Optional HTMLPurifier_Config object for this operation.
-     *                See HTMLPurifier::purify() for more details.
-     * @return Array of purified HTML
-     */
-    public function purifyArray($array_of_html, $config = null) {
-        $context_array = array();
-        foreach ($array_of_html as $key => $html) {
-            $array_of_html[$key] = $this->purify($html, $config);
-            $context_array[$key] = $this->context;
-        }
-        $this->context = $context_array;
-        return $array_of_html;
-    }
-
-    /**
-     * Singleton for enforcing just one HTML Purifier in your system
-     * @param $prototype Optional prototype HTMLPurifier instance to
-     *                   overload singleton with, or HTMLPurifier_Config
-     *                   instance to configure the generated version with.
-     */
-    public static function instance($prototype = null) {
-        if (!self::$instance || $prototype) {
-            if ($prototype instanceof HTMLPurifier) {
-                self::$instance = $prototype;
-            } elseif ($prototype) {
-                self::$instance = new HTMLPurifier($prototype);
-            } else {
-                self::$instance = new HTMLPurifier();
-            }
-        }
-        return self::$instance;
-    }
-
-    /**
-     * @note Backwards compatibility, see instance()
-     */
-    public static function getInstance($prototype = null) {
-        return HTMLPurifier::instance($prototype);
-    }
+	/** Version of HTML Purifier */
+	public $version = '4.4.0';
+
+	/** Constant with version of HTML Purifier */
+	const VERSION = '4.4.0';
+
+	/** Global configuration object */
+	public $config;
+
+	/** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
+	private $filters = array();
+
+	/** Single instance of HTML Purifier */
+	private static $instance;
+
+	protected $strategy, $generator;
+
+	/**
+	 * Resultant HTMLPurifier_Context of last run purification. Is an array
+	 * of contexts if the last called method was purifyArray().
+	 */
+	public $context;
+
+	/**
+	 * Initializes the purifier.
+	 * @param $config Optional HTMLPurifier_Config object for all instances of
+	 *                the purifier, if omitted, a default configuration is
+	 *                supplied (which can be overridden on a per-use basis).
+	 *                The parameter can also be any type that
+	 *                HTMLPurifier_Config::create() supports.
+	 */
+	public function __construct($config = null) {
+
+		$this->config = HTMLPurifier_Config::create($config);
+
+		$this->strategy     = new HTMLPurifier_Strategy_Core();
+
+	}
+
+	/**
+	 * Adds a filter to process the output. First come first serve
+	 * @param $filter HTMLPurifier_Filter object
+	 */
+	public function addFilter($filter) {
+		trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
+		$this->filters[] = $filter;
+	}
+
+	/**
+	 * Filters an HTML snippet/document to be XSS-free and standards-compliant.
+	 *
+	 * @param $html String of HTML to purify
+	 * @param $config HTMLPurifier_Config object for this operation, if omitted,
+	 *                defaults to the config object specified during this
+	 *                object's construction. The parameter can also be any type
+	 *                that HTMLPurifier_Config::create() supports.
+	 * @return Purified HTML
+	 */
+	public function purify($html, $config = null) {
+
+		// :TODO: make the config merge in, instead of replace
+		$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
+
+		// implementation is partially environment dependant, partially
+		// configuration dependant
+		$lexer = HTMLPurifier_Lexer::create($config);
+
+		$context = new HTMLPurifier_Context();
+
+		// setup HTML generator
+		$this->generator = new HTMLPurifier_Generator($config, $context);
+		$context->register('Generator', $this->generator);
+
+		// set up global context variables
+		if ($config->get('Core.CollectErrors')) {
+			// may get moved out if other facilities use it
+			$language_factory = HTMLPurifier_LanguageFactory::instance();
+			$language = $language_factory->create($config, $context);
+			$context->register('Locale', $language);
+
+			$error_collector = new HTMLPurifier_ErrorCollector($context);
+			$context->register('ErrorCollector', $error_collector);
+		}
+
+		// setup id_accumulator context, necessary due to the fact that
+		// AttrValidator can be called from many places
+		$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+		$context->register('IDAccumulator', $id_accumulator);
+
+		$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
+
+		// setup filters
+		$filter_flags = $config->getBatch('Filter');
+		$custom_filters = $filter_flags['Custom'];
+		unset($filter_flags['Custom']);
+		$filters = array();
+		foreach ($filter_flags as $filter => $flag) {
+			if (!$flag) continue;
+			if (strpos($filter, '.') !== false) continue;
+			$class = "HTMLPurifier_Filter_$filter";
+			$filters[] = new $class;
+		}
+		foreach ($custom_filters as $filter) {
+			// maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
+			$filters[] = $filter;
+		}
+		$filters = array_merge($filters, $this->filters);
+		// maybe prepare(), but later
+
+		for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
+			$html = $filters[$i]->preFilter($html, $config, $context);
+		}
+
+		// purified HTML
+		$html =
+			$this->generator->generateFromTokens(
+				// list of tokens
+				$this->strategy->execute(
+					// list of un-purified tokens
+					$lexer->tokenizeHTML(
+						// un-purified HTML
+						$html, $config, $context
+					),
+					$config, $context
+				)
+			);
+
+		for ($i = $filter_size - 1; $i >= 0; $i--) {
+			$html = $filters[$i]->postFilter($html, $config, $context);
+		}
+
+		$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
+		$this->context =& $context;
+		return $html;
+	}
+
+	/**
+	 * Filters an array of HTML snippets
+	 * @param $config Optional HTMLPurifier_Config object for this operation.
+	 *                See HTMLPurifier::purify() for more details.
+	 * @return Array of purified HTML
+	 */
+	public function purifyArray($array_of_html, $config = null) {
+		$context_array = array();
+		foreach ($array_of_html as $key => $html) {
+			$array_of_html[$key] = $this->purify($html, $config);
+			$context_array[$key] = $this->context;
+		}
+		$this->context = $context_array;
+		return $array_of_html;
+	}
+
+	/**
+	 * Singleton for enforcing just one HTML Purifier in your system
+	 * @param $prototype Optional prototype HTMLPurifier instance to
+	 *                   overload singleton with, or HTMLPurifier_Config
+	 *                   instance to configure the generated version with.
+	 */
+	public static function instance($prototype = null) {
+		if (!self::$instance || $prototype) {
+			if ($prototype instanceof HTMLPurifier) {
+				self::$instance = $prototype;
+			} elseif ($prototype) {
+				self::$instance = new HTMLPurifier($prototype);
+			} else {
+				self::$instance = new HTMLPurifier();
+			}
+		}
+		return self::$instance;
+	}
+
+	/**
+	 * @note Backwards compatibility, see instance()
+	 */
+	public static function getInstance($prototype = null) {
+		return HTMLPurifier::instance($prototype);
+	}
 
 }
 

Spacing +2 added lines, -2 removed lines

@@ -89,7 +89,7 @@ 
 
         $this->config = HTMLPurifier_Config::create($config);
 
-        $this->strategy     = new HTMLPurifier_Strategy_Core();
+        $this->strategy = new HTMLPurifier_Strategy_Core();
 
     }
 
@@ -186,7 +186,7 @@ 
         }
 
         $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
-        $this->context =& $context;
+        $this->context = & $context;
         return $html;
     }
 

Braces +6 added lines, -2 removed lines

@@ -151,8 +151,12 @@
         unset($filter_flags['Custom']);
         $filters = array();
         foreach ($filter_flags as $filter => $flag) {
-            if (!$flag) continue;
-            if (strpos($filter, '.') !== false) continue;
+            if (!$flag) {
+            	continue;
+            }
+            if (strpos($filter, '.') !== false) {
+            	continue;
+            }
             $class = "HTMLPurifier_Filter_$filter";
             $filters[] = new $class;
         }

classes/security/htmlpurifier/library/HTMLPurifier/AttrCollections.php

Indentation +115 added lines, -115 removed lines

@@ -7,121 +7,121 @@
 class HTMLPurifier_AttrCollections
 {
 
-    /**
-     * Associative array of attribute collections, indexed by name
-     */
-    public $info = array();
-
-    /**
-     * Performs all expansions on internal data for use by other inclusions
-     * It also collects all attribute collection extensions from
-     * modules
-     * @param $attr_types HTMLPurifier_AttrTypes instance
-     * @param $modules Hash array of HTMLPurifier_HTMLModule members
-     */
-    public function __construct($attr_types, $modules) {
-        // load extensions from the modules
-        foreach ($modules as $module) {
-            foreach ($module->attr_collections as $coll_i => $coll) {
-                if (!isset($this->info[$coll_i])) {
-                    $this->info[$coll_i] = array();
-                }
-                foreach ($coll as $attr_i => $attr) {
-                    if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
-                        // merge in includes
-                        $this->info[$coll_i][$attr_i] = array_merge(
-                            $this->info[$coll_i][$attr_i], $attr);
-                        continue;
-                    }
-                    $this->info[$coll_i][$attr_i] = $attr;
-                }
-            }
-        }
-        // perform internal expansions and inclusions
-        foreach ($this->info as $name => $attr) {
-            // merge attribute collections that include others
-            $this->performInclusions($this->info[$name]);
-            // replace string identifiers with actual attribute objects
-            $this->expandIdentifiers($this->info[$name], $attr_types);
-        }
-    }
-
-    /**
-     * Takes a reference to an attribute associative array and performs
-     * all inclusions specified by the zero index.
-     * @param &$attr Reference to attribute array
-     */
-    public function performInclusions(&$attr) {
-        if (!isset($attr[0])) return;
-        $merge = $attr[0];
-        $seen  = array(); // recursion guard
-        // loop through all the inclusions
-        for ($i = 0; isset($merge[$i]); $i++) {
-            if (isset($seen[$merge[$i]])) continue;
-            $seen[$merge[$i]] = true;
-            // foreach attribute of the inclusion, copy it over
-            if (!isset($this->info[$merge[$i]])) continue;
-            foreach ($this->info[$merge[$i]] as $key => $value) {
-                if (isset($attr[$key])) continue; // also catches more inclusions
-                $attr[$key] = $value;
-            }
-            if (isset($this->info[$merge[$i]][0])) {
-                // recursion
-                $merge = array_merge($merge, $this->info[$merge[$i]][0]);
-            }
-        }
-        unset($attr[0]);
-    }
-
-    /**
-     * Expands all string identifiers in an attribute array by replacing
-     * them with the appropriate values inside HTMLPurifier_AttrTypes
-     * @param &$attr Reference to attribute array
-     * @param $attr_types HTMLPurifier_AttrTypes instance
-     */
-    public function expandIdentifiers(&$attr, $attr_types) {
-
-        // because foreach will process new elements we add, make sure we
-        // skip duplicates
-        $processed = array();
-
-        foreach ($attr as $def_i => $def) {
-            // skip inclusions
-            if ($def_i === 0) continue;
-
-            if (isset($processed[$def_i])) continue;
-
-            // determine whether or not attribute is required
-            if ($required = (strpos($def_i, '*') !== false)) {
-                // rename the definition
-                unset($attr[$def_i]);
-                $def_i = trim($def_i, '*');
-                $attr[$def_i] = $def;
-            }
-
-            $processed[$def_i] = true;
-
-            // if we've already got a literal object, move on
-            if (is_object($def)) {
-                // preserve previous required
-                $attr[$def_i]->required = ($required || $attr[$def_i]->required);
-                continue;
-            }
-
-            if ($def === false) {
-                unset($attr[$def_i]);
-                continue;
-            }
-
-            if ($t = $attr_types->get($def)) {
-                $attr[$def_i] = $t;
-                $attr[$def_i]->required = $required;
-            } else {
-                unset($attr[$def_i]);
-            }
-        }
-
-    }
+	/**
+	 * Associative array of attribute collections, indexed by name
+	 */
+	public $info = array();
+
+	/**
+	 * Performs all expansions on internal data for use by other inclusions
+	 * It also collects all attribute collection extensions from
+	 * modules
+	 * @param $attr_types HTMLPurifier_AttrTypes instance
+	 * @param $modules Hash array of HTMLPurifier_HTMLModule members
+	 */
+	public function __construct($attr_types, $modules) {
+		// load extensions from the modules
+		foreach ($modules as $module) {
+			foreach ($module->attr_collections as $coll_i => $coll) {
+				if (!isset($this->info[$coll_i])) {
+					$this->info[$coll_i] = array();
+				}
+				foreach ($coll as $attr_i => $attr) {
+					if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
+						// merge in includes
+						$this->info[$coll_i][$attr_i] = array_merge(
+							$this->info[$coll_i][$attr_i], $attr);
+						continue;
+					}
+					$this->info[$coll_i][$attr_i] = $attr;
+				}
+			}
+		}
+		// perform internal expansions and inclusions
+		foreach ($this->info as $name => $attr) {
+			// merge attribute collections that include others
+			$this->performInclusions($this->info[$name]);
+			// replace string identifiers with actual attribute objects
+			$this->expandIdentifiers($this->info[$name], $attr_types);
+		}
+	}
+
+	/**
+	 * Takes a reference to an attribute associative array and performs
+	 * all inclusions specified by the zero index.
+	 * @param &$attr Reference to attribute array
+	 */
+	public function performInclusions(&$attr) {
+		if (!isset($attr[0])) return;
+		$merge = $attr[0];
+		$seen  = array(); // recursion guard
+		// loop through all the inclusions
+		for ($i = 0; isset($merge[$i]); $i++) {
+			if (isset($seen[$merge[$i]])) continue;
+			$seen[$merge[$i]] = true;
+			// foreach attribute of the inclusion, copy it over
+			if (!isset($this->info[$merge[$i]])) continue;
+			foreach ($this->info[$merge[$i]] as $key => $value) {
+				if (isset($attr[$key])) continue; // also catches more inclusions
+				$attr[$key] = $value;
+			}
+			if (isset($this->info[$merge[$i]][0])) {
+				// recursion
+				$merge = array_merge($merge, $this->info[$merge[$i]][0]);
+			}
+		}
+		unset($attr[0]);
+	}
+
+	/**
+	 * Expands all string identifiers in an attribute array by replacing
+	 * them with the appropriate values inside HTMLPurifier_AttrTypes
+	 * @param &$attr Reference to attribute array
+	 * @param $attr_types HTMLPurifier_AttrTypes instance
+	 */
+	public function expandIdentifiers(&$attr, $attr_types) {
+
+		// because foreach will process new elements we add, make sure we
+		// skip duplicates
+		$processed = array();
+
+		foreach ($attr as $def_i => $def) {
+			// skip inclusions
+			if ($def_i === 0) continue;
+
+			if (isset($processed[$def_i])) continue;
+
+			// determine whether or not attribute is required
+			if ($required = (strpos($def_i, '*') !== false)) {
+				// rename the definition
+				unset($attr[$def_i]);
+				$def_i = trim($def_i, '*');
+				$attr[$def_i] = $def;
+			}
+
+			$processed[$def_i] = true;
+
+			// if we've already got a literal object, move on
+			if (is_object($def)) {
+				// preserve previous required
+				$attr[$def_i]->required = ($required || $attr[$def_i]->required);
+				continue;
+			}
+
+			if ($def === false) {
+				unset($attr[$def_i]);
+				continue;
+			}
+
+			if ($t = $attr_types->get($def)) {
+				$attr[$def_i] = $t;
+				$attr[$def_i]->required = $required;
+			} else {
+				unset($attr[$def_i]);
+			}
+		}
+
+	}
 
 }
 

Braces +19 added lines, -6 removed lines

@@ -52,17 +52,26 @@ 
      * @param &$attr Reference to attribute array
      */
     public function performInclusions(&$attr) {
-        if (!isset($attr[0])) return;
+        if (!isset($attr[0])) {
+        	return;
+        }
         $merge = $attr[0];
         $seen  = array(); // recursion guard
         // loop through all the inclusions
         for ($i = 0; isset($merge[$i]); $i++) {
-            if (isset($seen[$merge[$i]])) continue;
+            if (isset($seen[$merge[$i]])) {
+            	continue;
+            }
             $seen[$merge[$i]] = true;
             // foreach attribute of the inclusion, copy it over
-            if (!isset($this->info[$merge[$i]])) continue;
+            if (!isset($this->info[$merge[$i]])) {
+            	continue;
+            }
             foreach ($this->info[$merge[$i]] as $key => $value) {
-                if (isset($attr[$key])) continue; // also catches more inclusions
+                if (isset($attr[$key])) {
+                	continue;
+                }
+                // also catches more inclusions
                 $attr[$key] = $value;
             }
             if (isset($this->info[$merge[$i]][0])) {
@@ -87,9 +96,13 @@ 
 
         foreach ($attr as $def_i => $def) {
             // skip inclusions
-            if ($def_i === 0) continue;
+            if ($def_i === 0) {
+            	continue;
+            }
 
-            if (isset($processed[$def_i])) continue;
+            if (isset($processed[$def_i])) {
+            	continue;
+            }
 
             // determine whether or not attribute is required
             if ($required = (strpos($def_i, '*') !== false)) {

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef.php

Indentation +98 added lines, -98 removed lines

@@ -13,110 +13,110 @@
 abstract class HTMLPurifier_AttrDef
 {
 
-    /**
-     * Tells us whether or not an HTML attribute is minimized. Has no
-     * meaning in other contexts.
-     */
-    public $minimized = false;
+	/**
+	 * Tells us whether or not an HTML attribute is minimized. Has no
+	 * meaning in other contexts.
+	 */
+	public $minimized = false;
 
-    /**
-     * Tells us whether or not an HTML attribute is required. Has no
-     * meaning in other contexts
-     */
-    public $required = false;
+	/**
+	 * Tells us whether or not an HTML attribute is required. Has no
+	 * meaning in other contexts
+	 */
+	public $required = false;
 
-    /**
-     * Validates and cleans passed string according to a definition.
-     *
-     * @param $string String to be validated and cleaned.
-     * @param $config Mandatory HTMLPurifier_Config object.
-     * @param $context Mandatory HTMLPurifier_AttrContext object.
-     */
-    abstract public function validate($string, $config, $context);
+	/**
+	 * Validates and cleans passed string according to a definition.
+	 *
+	 * @param $string String to be validated and cleaned.
+	 * @param $config Mandatory HTMLPurifier_Config object.
+	 * @param $context Mandatory HTMLPurifier_AttrContext object.
+	 */
+	abstract public function validate($string, $config, $context);
 
-    /**
-     * Convenience method that parses a string as if it were CDATA.
-     *
-     * This method process a string in the manner specified at
-     * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
-     * leading and trailing whitespace, ignoring line feeds, and replacing
-     * carriage returns and tabs with spaces.  While most useful for HTML
-     * attributes specified as CDATA, it can also be applied to most CSS
-     * values.
-     *
-     * @note This method is not entirely standards compliant, as trim() removes
-     *       more types of whitespace than specified in the spec. In practice,
-     *       this is rarely a problem, as those extra characters usually have
-     *       already been removed by HTMLPurifier_Encoder.
-     *
-     * @warning This processing is inconsistent with XML's whitespace handling
-     *          as specified by section 3.3.3 and referenced XHTML 1.0 section
-     *          4.7.  However, note that we are NOT necessarily
-     *          parsing XML, thus, this behavior may still be correct. We
-     *          assume that newlines have been normalized.
-     */
-    public function parseCDATA($string) {
-        $string = trim($string);
-        $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
-        return $string;
-    }
+	/**
+	 * Convenience method that parses a string as if it were CDATA.
+	 *
+	 * This method process a string in the manner specified at
+	 * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
+	 * leading and trailing whitespace, ignoring line feeds, and replacing
+	 * carriage returns and tabs with spaces.  While most useful for HTML
+	 * attributes specified as CDATA, it can also be applied to most CSS
+	 * values.
+	 *
+	 * @note This method is not entirely standards compliant, as trim() removes
+	 *       more types of whitespace than specified in the spec. In practice,
+	 *       this is rarely a problem, as those extra characters usually have
+	 *       already been removed by HTMLPurifier_Encoder.
+	 *
+	 * @warning This processing is inconsistent with XML's whitespace handling
+	 *          as specified by section 3.3.3 and referenced XHTML 1.0 section
+	 *          4.7.  However, note that we are NOT necessarily
+	 *          parsing XML, thus, this behavior may still be correct. We
+	 *          assume that newlines have been normalized.
+	 */
+	public function parseCDATA($string) {
+		$string = trim($string);
+		$string = str_replace(array("\n", "\t", "\r"), ' ', $string);
+		return $string;
+	}
 
-    /**
-     * Factory method for creating this class from a string.
-     * @param $string String construction info
-     * @return Created AttrDef object corresponding to $string
-     */
-    public function make($string) {
-        // default implementation, return a flyweight of this object.
-        // If $string has an effect on the returned object (i.e. you
-        // need to overload this method), it is best
-        // to clone or instantiate new copies. (Instantiation is safer.)
-        return $this;
-    }
+	/**
+	 * Factory method for creating this class from a string.
+	 * @param $string String construction info
+	 * @return Created AttrDef object corresponding to $string
+	 */
+	public function make($string) {
+		// default implementation, return a flyweight of this object.
+		// If $string has an effect on the returned object (i.e. you
+		// need to overload this method), it is best
+		// to clone or instantiate new copies. (Instantiation is safer.)
+		return $this;
+	}
 
-    /**
-     * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
-     * properly. THIS IS A HACK!
-     */
-    protected function mungeRgb($string) {
-        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
-    }
+	/**
+	 * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
+	 * properly. THIS IS A HACK!
+	 */
+	protected function mungeRgb($string) {
+		return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
+	}
 
-    /**
-     * Parses a possibly escaped CSS string and returns the "pure" 
-     * version of it.
-     */
-    protected function expandCSSEscape($string) {
-        // flexibly parse it
-        $ret = '';
-        for ($i = 0, $c = strlen($string); $i < $c; $i++) {
-            if ($string[$i] === '\\') {
-                $i++;
-                if ($i >= $c) {
-                    $ret .= '\\';
-                    break;
-                }
-                if (ctype_xdigit($string[$i])) {
-                    $code = $string[$i];
-                    for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
-                        if (!ctype_xdigit($string[$i])) break;
-                        $code .= $string[$i];
-                    }
-                    // We have to be extremely careful when adding
-                    // new characters, to make sure we're not breaking
-                    // the encoding.
-                    $char = HTMLPurifier_Encoder::unichr(hexdec($code));
-                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
-                    $ret .= $char;
-                    if ($i < $c && trim($string[$i]) !== '') $i--;
-                    continue;
-                }
-                if ($string[$i] === "\n") continue;
-            }
-            $ret .= $string[$i];
-        }
-        return $ret;
-    }
+	/**
+	 * Parses a possibly escaped CSS string and returns the "pure" 
+	 * version of it.
+	 */
+	protected function expandCSSEscape($string) {
+		// flexibly parse it
+		$ret = '';
+		for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+			if ($string[$i] === '\\') {
+				$i++;
+				if ($i >= $c) {
+					$ret .= '\\';
+					break;
+				}
+				if (ctype_xdigit($string[$i])) {
+					$code = $string[$i];
+					for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
+						if (!ctype_xdigit($string[$i])) break;
+						$code .= $string[$i];
+					}
+					// We have to be extremely careful when adding
+					// new characters, to make sure we're not breaking
+					// the encoding.
+					$char = HTMLPurifier_Encoder::unichr(hexdec($code));
+					if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+					$ret .= $char;
+					if ($i < $c && trim($string[$i]) !== '') $i--;
+					continue;
+				}
+				if ($string[$i] === "\n") continue;
+			}
+			$ret .= $string[$i];
+		}
+		return $ret;
+	}
 
 }
 

Braces +12 added lines, -4 removed lines

@@ -99,19 +99,27 @@
                 if (ctype_xdigit($string[$i])) {
                     $code = $string[$i];
                     for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
-                        if (!ctype_xdigit($string[$i])) break;
+                        if (!ctype_xdigit($string[$i])) {
+                        	break;
+                        }
                         $code .= $string[$i];
                     }
                     // We have to be extremely careful when adding
                     // new characters, to make sure we're not breaking
                     // the encoding.
                     $char = HTMLPurifier_Encoder::unichr(hexdec($code));
-                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
+                    	continue;
+                    }
                     $ret .= $char;
-                    if ($i < $c && trim($string[$i]) !== '') $i--;
+                    if ($i < $c && trim($string[$i]) !== '') {
+                    	$i--;
+                    }
                     continue;
                 }
-                if ($string[$i] === "\n") continue;
+                if ($string[$i] === "\n") {
+                	continue;
+                }
             }
             $ret .= $string[$i];
         }

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php

Indentation +56 added lines, -56 removed lines

@@ -14,73 +14,73 @@
 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
 {
 
-    public function validate($css, $config, $context) {
+	public function validate($css, $config, $context) {
 
-        $css = $this->parseCDATA($css);
+		$css = $this->parseCDATA($css);
 
-        $definition = $config->getCSSDefinition();
+		$definition = $config->getCSSDefinition();
 
-        // we're going to break the spec and explode by semicolons.
-        // This is because semicolon rarely appears in escaped form
-        // Doing this is generally flaky but fast
-        // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
-        // for details
+		// we're going to break the spec and explode by semicolons.
+		// This is because semicolon rarely appears in escaped form
+		// Doing this is generally flaky but fast
+		// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
+		// for details
 
-        $declarations = explode(';', $css);
-        $propvalues = array();
+		$declarations = explode(';', $css);
+		$propvalues = array();
 
-        /**
-         * Name of the current CSS property being validated.
-         */
-        $property = false;
-        $context->register('CurrentCSSProperty', $property);
+		/**
+		 * Name of the current CSS property being validated.
+		 */
+		$property = false;
+		$context->register('CurrentCSSProperty', $property);
 
-        foreach ($declarations as $declaration) {
-            if (!$declaration) continue;
-            if (!strpos($declaration, ':')) continue;
-            list($property, $value) = explode(':', $declaration, 2);
-            $property = trim($property);
-            $value    = trim($value);
-            $ok = false;
-            do {
-                if (isset($definition->info[$property])) {
-                    $ok = true;
-                    break;
-                }
-                if (ctype_lower($property)) break;
-                $property = strtolower($property);
-                if (isset($definition->info[$property])) {
-                    $ok = true;
-                    break;
-                }
-            } while(0);
-            if (!$ok) continue;
-            // inefficient call, since the validator will do this again
-            if (strtolower(trim($value)) !== 'inherit') {
-                // inherit works for everything (but only on the base property)
-                $result = $definition->info[$property]->validate(
-                    $value, $config, $context );
-            } else {
-                $result = 'inherit';
-            }
-            if ($result === false) continue;
-            $propvalues[$property] = $result;
-        }
+		foreach ($declarations as $declaration) {
+			if (!$declaration) continue;
+			if (!strpos($declaration, ':')) continue;
+			list($property, $value) = explode(':', $declaration, 2);
+			$property = trim($property);
+			$value    = trim($value);
+			$ok = false;
+			do {
+				if (isset($definition->info[$property])) {
+					$ok = true;
+					break;
+				}
+				if (ctype_lower($property)) break;
+				$property = strtolower($property);
+				if (isset($definition->info[$property])) {
+					$ok = true;
+					break;
+				}
+			} while(0);
+			if (!$ok) continue;
+			// inefficient call, since the validator will do this again
+			if (strtolower(trim($value)) !== 'inherit') {
+				// inherit works for everything (but only on the base property)
+				$result = $definition->info[$property]->validate(
+					$value, $config, $context );
+			} else {
+				$result = 'inherit';
+			}
+			if ($result === false) continue;
+			$propvalues[$property] = $result;
+		}
 
-        $context->destroy('CurrentCSSProperty');
+		$context->destroy('CurrentCSSProperty');
 
-        // procedure does not write the new CSS simultaneously, so it's
-        // slightly inefficient, but it's the only way of getting rid of
-        // duplicates. Perhaps config to optimize it, but not now.
+		// procedure does not write the new CSS simultaneously, so it's
+		// slightly inefficient, but it's the only way of getting rid of
+		// duplicates. Perhaps config to optimize it, but not now.
 
-        $new_declarations = '';
-        foreach ($propvalues as $prop => $value) {
-            $new_declarations .= "$prop:$value;";
-        }
+		$new_declarations = '';
+		foreach ($propvalues as $prop => $value) {
+			$new_declarations .= "$prop:$value;";
+		}
 
-        return $new_declarations ? $new_declarations : false;
+		return $new_declarations ? $new_declarations : false;
 
-    }
+	}
 
 }
 

Spacing +1 added lines, -1 removed lines

@@ -53,7 +53,7 @@
                     $ok = true;
                     break;
                 }
-            } while(0);
+            } while (0);
             if (!$ok) continue;
             // inefficient call, since the validator will do this again
             if (strtolower(trim($value)) !== 'inherit') {

Braces +15 added lines, -5 removed lines

@@ -36,8 +36,12 @@ 
         $context->register('CurrentCSSProperty', $property);
 
         foreach ($declarations as $declaration) {
-            if (!$declaration) continue;
-            if (!strpos($declaration, ':')) continue;
+            if (!$declaration) {
+            	continue;
+            }
+            if (!strpos($declaration, ':')) {
+            	continue;
+            }
             list($property, $value) = explode(':', $declaration, 2);
             $property = trim($property);
             $value    = trim($value);
@@ -47,14 +51,18 @@ 
                     $ok = true;
                     break;
                 }
-                if (ctype_lower($property)) break;
+                if (ctype_lower($property)) {
+                	break;
+                }
                 $property = strtolower($property);
                 if (isset($definition->info[$property])) {
                     $ok = true;
                     break;
                 }
             } while(0);
-            if (!$ok) continue;
+            if (!$ok) {
+            	continue;
+            }
             // inefficient call, since the validator will do this again
             if (strtolower(trim($value)) !== 'inherit') {
                 // inherit works for everything (but only on the base property)
@@ -63,7 +71,9 @@ 
             } else {
                 $result = 'inherit';
             }
-            if ($result === false) continue;
+            if ($result === false) {
+            	continue;
+            }
             $propvalues[$property] = $result;
         }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php

Indentation +11 added lines, -11 removed lines

@@ -3,18 +3,18 @@
 class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
 {
 
-    public function __construct() {
-        parent::__construct(false); // opacity is non-negative, but we will clamp it
-    }
+	public function __construct() {
+		parent::__construct(false); // opacity is non-negative, but we will clamp it
+	}
 
-    public function validate($number, $config, $context) {
-        $result = parent::validate($number, $config, $context);
-        if ($result === false) return $result;
-        $float = (float) $result;
-        if ($float < 0.0) $result = '0';
-        if ($float > 1.0) $result = '1';
-        return $result;
-    }
+	public function validate($number, $config, $context) {
+		$result = parent::validate($number, $config, $context);
+		if ($result === false) return $result;
+		$float = (float) $result;
+		if ($float < 0.0) $result = '0';
+		if ($float > 1.0) $result = '1';
+		return $result;
+	}
 
 }
 

Braces +9 added lines, -3 removed lines

@@ -9,10 +9,16 @@
 
     public function validate($number, $config, $context) {
         $result = parent::validate($number, $config, $context);
-        if ($result === false) return $result;
+        if ($result === false) {
+        	return $result;
+        }
         $float = (float) $result;
-        if ($float < 0.0) $result = '0';
-        if ($float > 1.0) $result = '1';
+        if ($float < 0.0) {
+        	$result = '0';
+        }
+        if ($float > 1.0) {
+        	$result = '1';
+        }
         return $result;
     }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php

Indentation +74 added lines, -74 removed lines

@@ -7,80 +7,80 @@
 class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
 {
 
-    /**
-     * Local copy of component validators.
-     * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
-     */
-    protected $info;
-
-    public function __construct($config) {
-        $def = $config->getCSSDefinition();
-        $this->info['background-color'] = $def->info['background-color'];
-        $this->info['background-image'] = $def->info['background-image'];
-        $this->info['background-repeat'] = $def->info['background-repeat'];
-        $this->info['background-attachment'] = $def->info['background-attachment'];
-        $this->info['background-position'] = $def->info['background-position'];
-    }
-
-    public function validate($string, $config, $context) {
-
-        // regular pre-processing
-        $string = $this->parseCDATA($string);
-        if ($string === '') return false;
-
-        // munge rgb() decl if necessary
-        $string = $this->mungeRgb($string);
-
-        // assumes URI doesn't have spaces in it
-        $bits = explode(' ', strtolower($string)); // bits to process
-
-        $caught = array();
-        $caught['color']    = false;
-        $caught['image']    = false;
-        $caught['repeat']   = false;
-        $caught['attachment'] = false;
-        $caught['position'] = false;
-
-        $i = 0; // number of catches
-        $none = false;
-
-        foreach ($bits as $bit) {
-            if ($bit === '') continue;
-            foreach ($caught as $key => $status) {
-                if ($key != 'position') {
-                    if ($status !== false) continue;
-                    $r = $this->info['background-' . $key]->validate($bit, $config, $context);
-                } else {
-                    $r = $bit;
-                }
-                if ($r === false) continue;
-                if ($key == 'position') {
-                    if ($caught[$key] === false) $caught[$key] = '';
-                    $caught[$key] .= $r . ' ';
-                } else {
-                    $caught[$key] = $r;
-                }
-                $i++;
-                break;
-            }
-        }
-
-        if (!$i) return false;
-        if ($caught['position'] !== false) {
-            $caught['position'] = $this->info['background-position']->
-                validate($caught['position'], $config, $context);
-        }
-
-        $ret = array();
-        foreach ($caught as $value) {
-            if ($value === false) continue;
-            $ret[] = $value;
-        }
-
-        if (empty($ret)) return false;
-        return implode(' ', $ret);
-
-    }
+	/**
+	 * Local copy of component validators.
+	 * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
+	 */
+	protected $info;
+
+	public function __construct($config) {
+		$def = $config->getCSSDefinition();
+		$this->info['background-color'] = $def->info['background-color'];
+		$this->info['background-image'] = $def->info['background-image'];
+		$this->info['background-repeat'] = $def->info['background-repeat'];
+		$this->info['background-attachment'] = $def->info['background-attachment'];
+		$this->info['background-position'] = $def->info['background-position'];
+	}
+
+	public function validate($string, $config, $context) {
+
+		// regular pre-processing
+		$string = $this->parseCDATA($string);
+		if ($string === '') return false;
+
+		// munge rgb() decl if necessary
+		$string = $this->mungeRgb($string);
+
+		// assumes URI doesn't have spaces in it
+		$bits = explode(' ', strtolower($string)); // bits to process
+
+		$caught = array();
+		$caught['color']    = false;
+		$caught['image']    = false;
+		$caught['repeat']   = false;
+		$caught['attachment'] = false;
+		$caught['position'] = false;
+
+		$i = 0; // number of catches
+		$none = false;
+
+		foreach ($bits as $bit) {
+			if ($bit === '') continue;
+			foreach ($caught as $key => $status) {
+				if ($key != 'position') {
+					if ($status !== false) continue;
+					$r = $this->info['background-' . $key]->validate($bit, $config, $context);
+				} else {
+					$r = $bit;
+				}
+				if ($r === false) continue;
+				if ($key == 'position') {
+					if ($caught[$key] === false) $caught[$key] = '';
+					$caught[$key] .= $r . ' ';
+				} else {
+					$caught[$key] = $r;
+				}
+				$i++;
+				break;
+			}
+		}
+
+		if (!$i) return false;
+		if ($caught['position'] !== false) {
+			$caught['position'] = $this->info['background-position']->
+				validate($caught['position'], $config, $context);
+		}
+
+		$ret = array();
+		foreach ($caught as $value) {
+			if ($value === false) continue;
+			$ret[] = $value;
+		}
+
+		if (empty($ret)) return false;
+		return implode(' ', $ret);
+
+	}
 
 }
 

Braces +24 added lines, -8 removed lines

@@ -26,7 +26,9 @@ 
 
         // regular pre-processing
         $string = $this->parseCDATA($string);
-        if ($string === '') return false;
+        if ($string === '') {
+        	return false;
+        }
 
         // munge rgb() decl if necessary
         $string = $this->mungeRgb($string);
@@ -45,17 +47,25 @@ 
         $none = false;
 
         foreach ($bits as $bit) {
-            if ($bit === '') continue;
+            if ($bit === '') {
+            	continue;
+            }
             foreach ($caught as $key => $status) {
                 if ($key != 'position') {
-                    if ($status !== false) continue;
+                    if ($status !== false) {
+                    	continue;
+                    }
                     $r = $this->info['background-' . $key]->validate($bit, $config, $context);
                 } else {
                     $r = $bit;
                 }
-                if ($r === false) continue;
+                if ($r === false) {
+                	continue;
+                }
                 if ($key == 'position') {
-                    if ($caught[$key] === false) $caught[$key] = '';
+                    if ($caught[$key] === false) {
+                    	$caught[$key] = '';
+                    }
                     $caught[$key] .= $r . ' ';
                 } else {
                     $caught[$key] = $r;
@@ -65,7 +75,9 @@ 
             }
         }
 
-        if (!$i) return false;
+        if (!$i) {
+        	return false;
+        }
         if ($caught['position'] !== false) {
             $caught['position'] = $this->info['background-position']->
                 validate($caught['position'], $config, $context);
@@ -73,11 +85,15 @@ 
 
         $ret = array();
         foreach ($caught as $value) {
-            if ($value === false) continue;
+            if ($value === false) {
+            	continue;
+            }
             $ret[] = $value;
         }
 
-        if (empty($ret)) return false;
+        if (empty($ret)) {
+        	return false;
+        }
         return implode(' ', $ret);
 
     }

Spacing +2 added lines, -2 removed lines

@@ -49,14 +49,14 @@
             foreach ($caught as $key => $status) {
                 if ($key != 'position') {
                     if ($status !== false) continue;
-                    $r = $this->info['background-' . $key]->validate($bit, $config, $context);
+                    $r = $this->info['background-'.$key]->validate($bit, $config, $context);
                 } else {
                     $r = $bit;
                 }
                 if ($r === false) continue;
                 if ($key == 'position') {
                     if ($caught[$key] === false) $caught[$key] = '';
-                    $caught[$key] .= $r . ' ';
+                    $caught[$key] .= $r.' ';
                 } else {
                     $caught[$key] = $r;
                 }

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php

Indentation +83 added lines, -83 removed lines

@@ -44,89 +44,89 @@
 class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
 {
 
-    protected $length;
-    protected $percentage;
-
-    public function __construct() {
-        $this->length     = new HTMLPurifier_AttrDef_CSS_Length();
-        $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
-    }
-
-    public function validate($string, $config, $context) {
-        $string = $this->parseCDATA($string);
-        $bits = explode(' ', $string);
-
-        $keywords = array();
-        $keywords['h'] = false; // left, right
-        $keywords['v'] = false; // top, bottom
-        $keywords['ch'] = false; // center (first word)
-        $keywords['cv'] = false; // center (second word)
-        $measures = array();
-
-        $i = 0;
-
-        $lookup = array(
-            'top' => 'v',
-            'bottom' => 'v',
-            'left' => 'h',
-            'right' => 'h',
-            'center' => 'c'
-        );
-
-        foreach ($bits as $bit) {
-            if ($bit === '') continue;
-
-            // test for keyword
-            $lbit = ctype_lower($bit) ? $bit : strtolower($bit);
-            if (isset($lookup[$lbit])) {
-                $status = $lookup[$lbit];
-                if ($status == 'c') {
-                    if ($i == 0) {
-                        $status = 'ch';
-                    } else {
-                        $status = 'cv';
-                    }
-                }
-                $keywords[$status] = $lbit;
-                $i++;
-            }
-
-            // test for length
-            $r = $this->length->validate($bit, $config, $context);
-            if ($r !== false) {
-                $measures[] = $r;
-                $i++;
-            }
-
-            // test for percentage
-            $r = $this->percentage->validate($bit, $config, $context);
-            if ($r !== false) {
-                $measures[] = $r;
-                $i++;
-            }
-
-        }
-
-        if (!$i) return false; // no valid values were caught
-
-        $ret = array();
-
-        // first keyword
-        if     ($keywords['h'])     $ret[] = $keywords['h'];
-        elseif ($keywords['ch']) {
-            $ret[] = $keywords['ch'];
-            $keywords['cv'] = false; // prevent re-use: center = center center
-        }
-        elseif (count($measures))   $ret[] = array_shift($measures);
-
-        if     ($keywords['v'])     $ret[] = $keywords['v'];
-        elseif ($keywords['cv'])    $ret[] = $keywords['cv'];
-        elseif (count($measures))   $ret[] = array_shift($measures);
-
-        if (empty($ret)) return false;
-        return implode(' ', $ret);
-
-    }
+	protected $length;
+	protected $percentage;
+
+	public function __construct() {
+		$this->length     = new HTMLPurifier_AttrDef_CSS_Length();
+		$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
+	}
+
+	public function validate($string, $config, $context) {
+		$string = $this->parseCDATA($string);
+		$bits = explode(' ', $string);
+
+		$keywords = array();
+		$keywords['h'] = false; // left, right
+		$keywords['v'] = false; // top, bottom
+		$keywords['ch'] = false; // center (first word)
+		$keywords['cv'] = false; // center (second word)
+		$measures = array();
+
+		$i = 0;
+
+		$lookup = array(
+			'top' => 'v',
+			'bottom' => 'v',
+			'left' => 'h',
+			'right' => 'h',
+			'center' => 'c'
+		);
+
+		foreach ($bits as $bit) {
+			if ($bit === '') continue;
+
+			// test for keyword
+			$lbit = ctype_lower($bit) ? $bit : strtolower($bit);
+			if (isset($lookup[$lbit])) {
+				$status = $lookup[$lbit];
+				if ($status == 'c') {
+					if ($i == 0) {
+						$status = 'ch';
+					} else {
+						$status = 'cv';
+					}
+				}
+				$keywords[$status] = $lbit;
+				$i++;
+			}
+
+			// test for length
+			$r = $this->length->validate($bit, $config, $context);
+			if ($r !== false) {
+				$measures[] = $r;
+				$i++;
+			}
+
+			// test for percentage
+			$r = $this->percentage->validate($bit, $config, $context);
+			if ($r !== false) {
+				$measures[] = $r;
+				$i++;
+			}
+
+		}
+
+		if (!$i) return false; // no valid values were caught
+
+		$ret = array();
+
+		// first keyword
+		if     ($keywords['h'])     $ret[] = $keywords['h'];
+		elseif ($keywords['ch']) {
+			$ret[] = $keywords['ch'];
+			$keywords['cv'] = false; // prevent re-use: center = center center
+		}
+		elseif (count($measures))   $ret[] = array_shift($measures);
+
+		if     ($keywords['v'])     $ret[] = $keywords['v'];
+		elseif ($keywords['cv'])    $ret[] = $keywords['cv'];
+		elseif (count($measures))   $ret[] = array_shift($measures);
+
+		if (empty($ret)) return false;
+		return implode(' ', $ret);
+
+	}
 
 }
 

Spacing +2 added lines, -2 removed lines

@@ -112,14 +112,14 @@
         $ret = array();
 
         // first keyword
-        if     ($keywords['h'])     $ret[] = $keywords['h'];
+        if ($keywords['h'])     $ret[] = $keywords['h'];
         elseif ($keywords['ch']) {
             $ret[] = $keywords['ch'];
             $keywords['cv'] = false; // prevent re-use: center = center center
         }
         elseif (count($measures))   $ret[] = array_shift($measures);
 
-        if     ($keywords['v'])     $ret[] = $keywords['v'];
+        if ($keywords['v'])     $ret[] = $keywords['v'];
         elseif ($keywords['cv'])    $ret[] = $keywords['cv'];
         elseif (count($measures))   $ret[] = array_shift($measures);
 

Braces +22 added lines, -9 removed lines

@@ -74,7 +74,9 @@ 
         );
 
         foreach ($bits as $bit) {
-            if ($bit === '') continue;
+            if ($bit === '') {
+            	continue;
+            }
 
             // test for keyword
             $lbit = ctype_lower($bit) ? $bit : strtolower($bit);
@@ -107,23 +109,34 @@ 
 
         }
 
-        if (!$i) return false; // no valid values were caught
+        if (!$i) {
+        	return false;
+        }
+        // no valid values were caught
 
         $ret = array();
 
         // first keyword
-        if     ($keywords['h'])     $ret[] = $keywords['h'];
-        elseif ($keywords['ch']) {
+        if     ($keywords['h']) {
+        	$ret[] = $keywords['h'];
+        } elseif ($keywords['ch']) {
             $ret[] = $keywords['ch'];
             $keywords['cv'] = false; // prevent re-use: center = center center
+        } elseif (count($measures)) {
+        	$ret[] = array_shift($measures);
         }
-        elseif (count($measures))   $ret[] = array_shift($measures);
 
-        if     ($keywords['v'])     $ret[] = $keywords['v'];
-        elseif ($keywords['cv'])    $ret[] = $keywords['cv'];
-        elseif (count($measures))   $ret[] = array_shift($measures);
+        if     ($keywords['v']) {
+        	$ret[] = $keywords['v'];
+        } elseif ($keywords['cv']) {
+        	$ret[] = $keywords['cv'];
+        } elseif (count($measures)) {
+        	$ret[] = array_shift($measures);
+        }
 
-        if (empty($ret)) return false;
+        if (empty($ret)) {
+        	return false;
+        }
         return implode(' ', $ret);
 
     }