xpressengine /
xe-core
@@ -2,14 +2,14 @@ |
||
| 2 | 2 | |
| 3 | 3 | class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform |
| 4 | 4 | { |
| 5 | - public $name = "SafeEmbed"; |
|
| 5 | + public $name = "SafeEmbed"; |
|
| 6 | 6 | |
| 7 | - public function transform($attr, $config, $context) { |
|
| 8 | - $attr['allowscriptaccess'] = 'never'; |
|
| 9 | - $attr['allownetworking'] = 'internal'; |
|
| 10 | - $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | - return $attr; |
|
| 12 | - } |
|
| 7 | + public function transform($attr, $config, $context) { |
|
| 8 | + $attr['allowscriptaccess'] = 'never'; |
|
| 9 | + $attr['allownetworking'] = 'internal'; |
|
| 10 | + $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | + return $attr; |
|
| 12 | + } |
|
| 13 | 13 | } |
| 14 | 14 | |
| 15 | 15 | // vim: et sw=4 sts=4 |
@@ -5,12 +5,12 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | - public $name = "SafeObject"; |
|
| 8 | + public $name = "SafeObject"; |
|
| 9 | 9 | |
| 10 | - function transform($attr, $config, $context) { |
|
| 11 | - if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 12 | - return $attr; |
|
| 13 | - } |
|
| 10 | + function transform($attr, $config, $context) { |
|
| 11 | + if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 12 | + return $attr; |
|
| 13 | + } |
|
| 14 | 14 | } |
| 15 | 15 | |
| 16 | 16 | // vim: et sw=4 sts=4 |
@@ -8,7 +8,9 @@ |
||
| 8 | 8 | public $name = "SafeObject"; |
| 9 | 9 | |
| 10 | 10 | function transform($attr, $config, $context) { |
| 11 | - if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; |
|
| 11 | + if (!isset($attr['type'])) { |
|
| 12 | + $attr['type'] = 'application/x-shockwave-flash'; |
|
| 13 | + } |
|
| 12 | 14 | return $attr; |
| 13 | 15 | } |
| 14 | 16 | } |
@@ -14,51 +14,51 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform |
| 16 | 16 | { |
| 17 | - public $name = "SafeParam"; |
|
| 18 | - private $uri; |
|
| 17 | + public $name = "SafeParam"; |
|
| 18 | + private $uri; |
|
| 19 | 19 | |
| 20 | - public function __construct() { |
|
| 21 | - $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded |
|
| 22 | - $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); |
|
| 23 | - } |
|
| 20 | + public function __construct() { |
|
| 21 | + $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded |
|
| 22 | + $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); |
|
| 23 | + } |
|
| 24 | 24 | |
| 25 | - public function transform($attr, $config, $context) { |
|
| 26 | - // If we add support for other objects, we'll need to alter the |
|
| 27 | - // transforms. |
|
| 28 | - switch ($attr['name']) { |
|
| 29 | - // application/x-shockwave-flash |
|
| 30 | - // Keep this synchronized with Injector/SafeObject.php |
|
| 31 | - case 'allowScriptAccess': |
|
| 32 | - $attr['value'] = 'never'; |
|
| 33 | - break; |
|
| 34 | - case 'allowNetworking': |
|
| 35 | - $attr['value'] = 'internal'; |
|
| 36 | - break; |
|
| 37 | - case 'allowFullScreen': |
|
| 38 | - if ($config->get('HTML.FlashAllowFullScreen')) { |
|
| 39 | - $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; |
|
| 40 | - } else { |
|
| 41 | - $attr['value'] = 'false'; |
|
| 42 | - } |
|
| 43 | - break; |
|
| 44 | - case 'wmode': |
|
| 45 | - $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); |
|
| 46 | - break; |
|
| 47 | - case 'movie': |
|
| 48 | - case 'src': |
|
| 49 | - $attr['name'] = "movie"; |
|
| 50 | - $attr['value'] = $this->uri->validate($attr['value'], $config, $context); |
|
| 51 | - break; |
|
| 52 | - case 'flashvars': |
|
| 53 | - // we're going to allow arbitrary inputs to the SWF, on |
|
| 54 | - // the reasoning that it could only hack the SWF, not us. |
|
| 55 | - break; |
|
| 56 | - // add other cases to support other param name/value pairs |
|
| 57 | - default: |
|
| 58 | - $attr['name'] = $attr['value'] = null; |
|
| 59 | - } |
|
| 60 | - return $attr; |
|
| 61 | - } |
|
| 25 | + public function transform($attr, $config, $context) { |
|
| 26 | + // If we add support for other objects, we'll need to alter the |
|
| 27 | + // transforms. |
|
| 28 | + switch ($attr['name']) { |
|
| 29 | + // application/x-shockwave-flash |
|
| 30 | + // Keep this synchronized with Injector/SafeObject.php |
|
| 31 | + case 'allowScriptAccess': |
|
| 32 | + $attr['value'] = 'never'; |
|
| 33 | + break; |
|
| 34 | + case 'allowNetworking': |
|
| 35 | + $attr['value'] = 'internal'; |
|
| 36 | + break; |
|
| 37 | + case 'allowFullScreen': |
|
| 38 | + if ($config->get('HTML.FlashAllowFullScreen')) { |
|
| 39 | + $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; |
|
| 40 | + } else { |
|
| 41 | + $attr['value'] = 'false'; |
|
| 42 | + } |
|
| 43 | + break; |
|
| 44 | + case 'wmode': |
|
| 45 | + $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); |
|
| 46 | + break; |
|
| 47 | + case 'movie': |
|
| 48 | + case 'src': |
|
| 49 | + $attr['name'] = "movie"; |
|
| 50 | + $attr['value'] = $this->uri->validate($attr['value'], $config, $context); |
|
| 51 | + break; |
|
| 52 | + case 'flashvars': |
|
| 53 | + // we're going to allow arbitrary inputs to the SWF, on |
|
| 54 | + // the reasoning that it could only hack the SWF, not us. |
|
| 55 | + break; |
|
| 56 | + // add other cases to support other param name/value pairs |
|
| 57 | + default: |
|
| 58 | + $attr['name'] = $attr['value'] = null; |
|
| 59 | + } |
|
| 60 | + return $attr; |
|
| 61 | + } |
|
| 62 | 62 | } |
| 63 | 63 | |
| 64 | 64 | // vim: et sw=4 sts=4 |
@@ -5,12 +5,12 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | - public function transform($attr, $config, $context) { |
|
| 9 | - if (!isset($attr['type'])) { |
|
| 10 | - $attr['type'] = 'text/javascript'; |
|
| 11 | - } |
|
| 12 | - return $attr; |
|
| 13 | - } |
|
| 8 | + public function transform($attr, $config, $context) { |
|
| 9 | + if (!isset($attr['type'])) { |
|
| 10 | + $attr['type'] = 'text/javascript'; |
|
| 11 | + } |
|
| 12 | + return $attr; |
|
| 13 | + } |
|
| 14 | 14 | } |
| 15 | 15 | |
| 16 | 16 | // vim: et sw=4 sts=4 |
@@ -9,29 +9,29 @@ |
||
| 9 | 9 | */ |
| 10 | 10 | class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform |
| 11 | 11 | { |
| 12 | - private $parser; |
|
| 12 | + private $parser; |
|
| 13 | 13 | |
| 14 | - public function __construct() { |
|
| 15 | - $this->parser = new HTMLPurifier_URIParser(); |
|
| 16 | - } |
|
| 14 | + public function __construct() { |
|
| 15 | + $this->parser = new HTMLPurifier_URIParser(); |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function transform($attr, $config, $context) { |
|
| 18 | + public function transform($attr, $config, $context) { |
|
| 19 | 19 | |
| 20 | - if (!isset($attr['href'])) { |
|
| 21 | - return $attr; |
|
| 22 | - } |
|
| 20 | + if (!isset($attr['href'])) { |
|
| 21 | + return $attr; |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - // XXX Kind of inefficient |
|
| 25 | - $url = $this->parser->parse($attr['href']); |
|
| 26 | - $scheme = $url->getSchemeObj($config, $context); |
|
| 24 | + // XXX Kind of inefficient |
|
| 25 | + $url = $this->parser->parse($attr['href']); |
|
| 26 | + $scheme = $url->getSchemeObj($config, $context); |
|
| 27 | 27 | |
| 28 | - if ($scheme->browsable && !$url->isBenign($config, $context)) { |
|
| 29 | - $attr['target'] = 'blank'; |
|
| 30 | - } |
|
| 28 | + if ($scheme->browsable && !$url->isBenign($config, $context)) { |
|
| 29 | + $attr['target'] = 'blank'; |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | - return $attr; |
|
| 32 | + return $attr; |
|
| 33 | 33 | |
| 34 | - } |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -6,12 +6,12 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public function transform($attr, $config, $context) { |
|
| 10 | - // Calculated from Firefox |
|
| 11 | - if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | - if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 13 | - return $attr; |
|
| 14 | - } |
|
| 9 | + public function transform($attr, $config, $context) { |
|
| 10 | + // Calculated from Firefox |
|
| 11 | + if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | + if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 13 | + return $attr; |
|
| 14 | + } |
|
| 15 | 15 | |
| 16 | 16 | } |
| 17 | 17 | |
@@ -8,8 +8,12 @@ |
||
| 8 | 8 | |
| 9 | 9 | public function transform($attr, $config, $context) { |
| 10 | 10 | // Calculated from Firefox |
| 11 | - if (!isset($attr['cols'])) $attr['cols'] = '22'; |
|
| 12 | - if (!isset($attr['rows'])) $attr['rows'] = '3'; |
|
| 11 | + if (!isset($attr['cols'])) { |
|
| 12 | + $attr['cols'] = '22'; |
|
| 13 | + } |
|
| 14 | + if (!isset($attr['rows'])) { |
|
| 15 | + $attr['rows'] = '3'; |
|
| 16 | + } |
|
| 13 | 17 | return $attr; |
| 14 | 18 | } |
| 15 | 19 | |
@@ -5,87 +5,87 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrTypes |
| 7 | 7 | { |
| 8 | - /** |
|
| 9 | - * Lookup array of attribute string identifiers to concrete implementations |
|
| 10 | - */ |
|
| 11 | - protected $info = array(); |
|
| 8 | + /** |
|
| 9 | + * Lookup array of attribute string identifiers to concrete implementations |
|
| 10 | + */ |
|
| 11 | + protected $info = array(); |
|
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * Constructs the info array, supplying default implementations for attribute |
|
| 15 | - * types. |
|
| 16 | - */ |
|
| 17 | - public function __construct() { |
|
| 18 | - // XXX This is kind of poor, since we don't actually /clone/ |
|
| 19 | - // instances; instead, we use the supplied make() attribute. So, |
|
| 20 | - // the underlying class must know how to deal with arguments. |
|
| 21 | - // With the old implementation of Enum, that ignored its |
|
| 22 | - // arguments when handling a make dispatch, the IAlign |
|
| 23 | - // definition wouldn't work. |
|
| 13 | + /** |
|
| 14 | + * Constructs the info array, supplying default implementations for attribute |
|
| 15 | + * types. |
|
| 16 | + */ |
|
| 17 | + public function __construct() { |
|
| 18 | + // XXX This is kind of poor, since we don't actually /clone/ |
|
| 19 | + // instances; instead, we use the supplied make() attribute. So, |
|
| 20 | + // the underlying class must know how to deal with arguments. |
|
| 21 | + // With the old implementation of Enum, that ignored its |
|
| 22 | + // arguments when handling a make dispatch, the IAlign |
|
| 23 | + // definition wouldn't work. |
|
| 24 | 24 | |
| 25 | - // pseudo-types, must be instantiated via shorthand |
|
| 26 | - $this->info['Enum'] = new HTMLPurifier_AttrDef_Enum(); |
|
| 27 | - $this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool(); |
|
| 25 | + // pseudo-types, must be instantiated via shorthand |
|
| 26 | + $this->info['Enum'] = new HTMLPurifier_AttrDef_Enum(); |
|
| 27 | + $this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool(); |
|
| 28 | 28 | |
| 29 | - $this->info['CDATA'] = new HTMLPurifier_AttrDef_Text(); |
|
| 30 | - $this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID(); |
|
| 31 | - $this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length(); |
|
| 32 | - $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength(); |
|
| 33 | - $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens(); |
|
| 34 | - $this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels(); |
|
| 35 | - $this->info['Text'] = new HTMLPurifier_AttrDef_Text(); |
|
| 36 | - $this->info['URI'] = new HTMLPurifier_AttrDef_URI(); |
|
| 37 | - $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang(); |
|
| 38 | - $this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color(); |
|
| 39 | - $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); |
|
| 40 | - $this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); |
|
| 41 | - $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); |
|
| 29 | + $this->info['CDATA'] = new HTMLPurifier_AttrDef_Text(); |
|
| 30 | + $this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID(); |
|
| 31 | + $this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length(); |
|
| 32 | + $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength(); |
|
| 33 | + $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens(); |
|
| 34 | + $this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels(); |
|
| 35 | + $this->info['Text'] = new HTMLPurifier_AttrDef_Text(); |
|
| 36 | + $this->info['URI'] = new HTMLPurifier_AttrDef_URI(); |
|
| 37 | + $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang(); |
|
| 38 | + $this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color(); |
|
| 39 | + $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); |
|
| 40 | + $this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); |
|
| 41 | + $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); |
|
| 42 | 42 | |
| 43 | - // unimplemented aliases |
|
| 44 | - $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); |
|
| 45 | - $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text(); |
|
| 46 | - $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text(); |
|
| 47 | - $this->info['Character'] = new HTMLPurifier_AttrDef_Text(); |
|
| 43 | + // unimplemented aliases |
|
| 44 | + $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); |
|
| 45 | + $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text(); |
|
| 46 | + $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text(); |
|
| 47 | + $this->info['Character'] = new HTMLPurifier_AttrDef_Text(); |
|
| 48 | 48 | |
| 49 | - // "proprietary" types |
|
| 50 | - $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class(); |
|
| 49 | + // "proprietary" types |
|
| 50 | + $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class(); |
|
| 51 | 51 | |
| 52 | - // number is really a positive integer (one or more digits) |
|
| 53 | - // FIXME: ^^ not always, see start and value of list items |
|
| 54 | - $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | - } |
|
| 52 | + // number is really a positive integer (one or more digits) |
|
| 53 | + // FIXME: ^^ not always, see start and value of list items |
|
| 54 | + $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - private static function makeEnum($in) { |
|
| 58 | - return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); |
|
| 59 | - } |
|
| 57 | + private static function makeEnum($in) { |
|
| 58 | + return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in))); |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - /** |
|
| 62 | - * Retrieves a type |
|
| 63 | - * @param $type String type name |
|
| 64 | - * @return Object AttrDef for type |
|
| 65 | - */ |
|
| 66 | - public function get($type) { |
|
| 61 | + /** |
|
| 62 | + * Retrieves a type |
|
| 63 | + * @param $type String type name |
|
| 64 | + * @return Object AttrDef for type |
|
| 65 | + */ |
|
| 66 | + public function get($type) { |
|
| 67 | 67 | |
| 68 | - // determine if there is any extra info tacked on |
|
| 69 | - if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | - else $string = ''; |
|
| 68 | + // determine if there is any extra info tacked on |
|
| 69 | + if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | + else $string = ''; |
|
| 71 | 71 | |
| 72 | - if (!isset($this->info[$type])) { |
|
| 73 | - trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
|
| 74 | - return; |
|
| 75 | - } |
|
| 72 | + if (!isset($this->info[$type])) { |
|
| 73 | + trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
|
| 74 | + return; |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - return $this->info[$type]->make($string); |
|
| 77 | + return $this->info[$type]->make($string); |
|
| 78 | 78 | |
| 79 | - } |
|
| 79 | + } |
|
| 80 | 80 | |
| 81 | - /** |
|
| 82 | - * Sets a new implementation for a type |
|
| 83 | - * @param $type String type name |
|
| 84 | - * @param $impl Object AttrDef for type |
|
| 85 | - */ |
|
| 86 | - public function set($type, $impl) { |
|
| 87 | - $this->info[$type] = $impl; |
|
| 88 | - } |
|
| 81 | + /** |
|
| 82 | + * Sets a new implementation for a type |
|
| 83 | + * @param $type String type name |
|
| 84 | + * @param $impl Object AttrDef for type |
|
| 85 | + */ |
|
| 86 | + public function set($type, $impl) { |
|
| 87 | + $this->info[$type] = $impl; |
|
| 88 | + } |
|
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | // vim: et sw=4 sts=4 |
@@ -66,8 +66,11 @@ |
||
| 66 | 66 | public function get($type) { |
| 67 | 67 | |
| 68 | 68 | // determine if there is any extra info tacked on |
| 69 | - if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2); |
|
| 70 | - else $string = ''; |
|
| 69 | + if (strpos($type, '#') !== false) { |
|
| 70 | + list($type, $string) = explode('#', $type, 2); |
|
| 71 | + } else { |
|
| 72 | + $string = ''; |
|
| 73 | + } |
|
| 71 | 74 | |
| 72 | 75 | if (!isset($this->info[$type])) { |
| 73 | 76 | trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
@@ -51,7 +51,7 @@ discard block |
||
| 51 | 51 | |
| 52 | 52 | // number is really a positive integer (one or more digits) |
| 53 | 53 | // FIXME: ^^ not always, see start and value of list items |
| 54 | - $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 54 | + $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true); |
|
| 55 | 55 | } |
| 56 | 56 | |
| 57 | 57 | private static function makeEnum($in) { |
@@ -70,7 +70,7 @@ discard block |
||
| 70 | 70 | else $string = ''; |
| 71 | 71 | |
| 72 | 72 | if (!isset($this->info[$type])) { |
| 73 | - trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR); |
|
| 73 | + trigger_error('Cannot retrieve undefined attribute type '.$type, E_USER_ERROR); |
|
| 74 | 74 | return; |
| 75 | 75 | } |
| 76 | 76 | |
@@ -8,153 +8,153 @@ |
||
| 8 | 8 | class HTMLPurifier_AttrValidator |
| 9 | 9 | { |
| 10 | 10 | |
| 11 | - /** |
|
| 12 | - * Validates the attributes of a token, returning a modified token |
|
| 13 | - * that has valid tokens |
|
| 14 | - * @param $token Reference to token to validate. We require a reference |
|
| 15 | - * because the operation this class performs on the token are |
|
| 16 | - * not atomic, so the context CurrentToken to be updated |
|
| 17 | - * throughout |
|
| 18 | - * @param $config Instance of HTMLPurifier_Config |
|
| 19 | - * @param $context Instance of HTMLPurifier_Context |
|
| 20 | - */ |
|
| 21 | - public function validateToken(&$token, &$config, $context) { |
|
| 22 | - |
|
| 23 | - $definition = $config->getHTMLDefinition(); |
|
| 24 | - $e =& $context->get('ErrorCollector', true); |
|
| 25 | - |
|
| 26 | - // initialize IDAccumulator if necessary |
|
| 27 | - $ok =& $context->get('IDAccumulator', true); |
|
| 28 | - if (!$ok) { |
|
| 29 | - $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 30 | - $context->register('IDAccumulator', $id_accumulator); |
|
| 31 | - } |
|
| 32 | - |
|
| 33 | - // initialize CurrentToken if necessary |
|
| 34 | - $current_token =& $context->get('CurrentToken', true); |
|
| 35 | - if (!$current_token) $context->register('CurrentToken', $token); |
|
| 36 | - |
|
| 37 | - if ( |
|
| 38 | - !$token instanceof HTMLPurifier_Token_Start && |
|
| 39 | - !$token instanceof HTMLPurifier_Token_Empty |
|
| 40 | - ) return $token; |
|
| 41 | - |
|
| 42 | - // create alias to global definition array, see also $defs |
|
| 43 | - // DEFINITION CALL |
|
| 44 | - $d_defs = $definition->info_global_attr; |
|
| 45 | - |
|
| 46 | - // don't update token until the very end, to ensure an atomic update |
|
| 47 | - $attr = $token->attr; |
|
| 48 | - |
|
| 49 | - // do global transformations (pre) |
|
| 50 | - // nothing currently utilizes this |
|
| 51 | - foreach ($definition->info_attr_transform_pre as $transform) { |
|
| 52 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 53 | - if ($e) { |
|
| 54 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 55 | - } |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - // do local transformations only applicable to this element (pre) |
|
| 59 | - // ex. <p align="right"> to <p style="text-align:right;"> |
|
| 60 | - foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
|
| 61 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 62 | - if ($e) { |
|
| 63 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 64 | - } |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - // create alias to this element's attribute definition array, see |
|
| 68 | - // also $d_defs (global attribute definition array) |
|
| 69 | - // DEFINITION CALL |
|
| 70 | - $defs = $definition->info[$token->name]->attr; |
|
| 71 | - |
|
| 72 | - $attr_key = false; |
|
| 73 | - $context->register('CurrentAttr', $attr_key); |
|
| 74 | - |
|
| 75 | - // iterate through all the attribute keypairs |
|
| 76 | - // Watch out for name collisions: $key has previously been used |
|
| 77 | - foreach ($attr as $attr_key => $value) { |
|
| 78 | - |
|
| 79 | - // call the definition |
|
| 80 | - if ( isset($defs[$attr_key]) ) { |
|
| 81 | - // there is a local definition defined |
|
| 82 | - if ($defs[$attr_key] === false) { |
|
| 83 | - // We've explicitly been told not to allow this element. |
|
| 84 | - // This is usually when there's a global definition |
|
| 85 | - // that must be overridden. |
|
| 86 | - // Theoretically speaking, we could have a |
|
| 87 | - // AttrDef_DenyAll, but this is faster! |
|
| 88 | - $result = false; |
|
| 89 | - } else { |
|
| 90 | - // validate according to the element's definition |
|
| 91 | - $result = $defs[$attr_key]->validate( |
|
| 92 | - $value, $config, $context |
|
| 93 | - ); |
|
| 94 | - } |
|
| 95 | - } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 96 | - // there is a global definition defined, validate according |
|
| 97 | - // to the global definition |
|
| 98 | - $result = $d_defs[$attr_key]->validate( |
|
| 99 | - $value, $config, $context |
|
| 100 | - ); |
|
| 101 | - } else { |
|
| 102 | - // system never heard of the attribute? DELETE! |
|
| 103 | - $result = false; |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - // put the results into effect |
|
| 107 | - if ($result === false || $result === null) { |
|
| 108 | - // this is a generic error message that should replaced |
|
| 109 | - // with more specific ones when possible |
|
| 110 | - if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 111 | - |
|
| 112 | - // remove the attribute |
|
| 113 | - unset($attr[$attr_key]); |
|
| 114 | - } elseif (is_string($result)) { |
|
| 115 | - // generally, if a substitution is happening, there |
|
| 116 | - // was some sort of implicit correction going on. We'll |
|
| 117 | - // delegate it to the attribute classes to say exactly what. |
|
| 118 | - |
|
| 119 | - // simple substitution |
|
| 120 | - $attr[$attr_key] = $result; |
|
| 121 | - } else { |
|
| 122 | - // nothing happens |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - // we'd also want slightly more complicated substitution |
|
| 126 | - // involving an array as the return value, |
|
| 127 | - // although we're not sure how colliding attributes would |
|
| 128 | - // resolve (certain ones would be completely overriden, |
|
| 129 | - // others would prepend themselves). |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - $context->destroy('CurrentAttr'); |
|
| 133 | - |
|
| 134 | - // post transforms |
|
| 135 | - |
|
| 136 | - // global (error reporting untested) |
|
| 137 | - foreach ($definition->info_attr_transform_post as $transform) { |
|
| 138 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 139 | - if ($e) { |
|
| 140 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 141 | - } |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - // local (error reporting untested) |
|
| 145 | - foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
|
| 146 | - $attr = $transform->transform($o = $attr, $config, $context); |
|
| 147 | - if ($e) { |
|
| 148 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 149 | - } |
|
| 150 | - } |
|
| 151 | - |
|
| 152 | - $token->attr = $attr; |
|
| 153 | - |
|
| 154 | - // destroy CurrentToken if we made it ourselves |
|
| 155 | - if (!$current_token) $context->destroy('CurrentToken'); |
|
| 156 | - |
|
| 157 | - } |
|
| 11 | + /** |
|
| 12 | + * Validates the attributes of a token, returning a modified token |
|
| 13 | + * that has valid tokens |
|
| 14 | + * @param $token Reference to token to validate. We require a reference |
|
| 15 | + * because the operation this class performs on the token are |
|
| 16 | + * not atomic, so the context CurrentToken to be updated |
|
| 17 | + * throughout |
|
| 18 | + * @param $config Instance of HTMLPurifier_Config |
|
| 19 | + * @param $context Instance of HTMLPurifier_Context |
|
| 20 | + */ |
|
| 21 | + public function validateToken(&$token, &$config, $context) { |
|
| 22 | + |
|
| 23 | + $definition = $config->getHTMLDefinition(); |
|
| 24 | + $e =& $context->get('ErrorCollector', true); |
|
| 25 | + |
|
| 26 | + // initialize IDAccumulator if necessary |
|
| 27 | + $ok =& $context->get('IDAccumulator', true); |
|
| 28 | + if (!$ok) { |
|
| 29 | + $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
|
| 30 | + $context->register('IDAccumulator', $id_accumulator); |
|
| 31 | + } |
|
| 32 | + |
|
| 33 | + // initialize CurrentToken if necessary |
|
| 34 | + $current_token =& $context->get('CurrentToken', true); |
|
| 35 | + if (!$current_token) $context->register('CurrentToken', $token); |
|
| 36 | + |
|
| 37 | + if ( |
|
| 38 | + !$token instanceof HTMLPurifier_Token_Start && |
|
| 39 | + !$token instanceof HTMLPurifier_Token_Empty |
|
| 40 | + ) return $token; |
|
| 41 | + |
|
| 42 | + // create alias to global definition array, see also $defs |
|
| 43 | + // DEFINITION CALL |
|
| 44 | + $d_defs = $definition->info_global_attr; |
|
| 45 | + |
|
| 46 | + // don't update token until the very end, to ensure an atomic update |
|
| 47 | + $attr = $token->attr; |
|
| 48 | + |
|
| 49 | + // do global transformations (pre) |
|
| 50 | + // nothing currently utilizes this |
|
| 51 | + foreach ($definition->info_attr_transform_pre as $transform) { |
|
| 52 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 53 | + if ($e) { |
|
| 54 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 55 | + } |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + // do local transformations only applicable to this element (pre) |
|
| 59 | + // ex. <p align="right"> to <p style="text-align:right;"> |
|
| 60 | + foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
|
| 61 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 62 | + if ($e) { |
|
| 63 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 64 | + } |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + // create alias to this element's attribute definition array, see |
|
| 68 | + // also $d_defs (global attribute definition array) |
|
| 69 | + // DEFINITION CALL |
|
| 70 | + $defs = $definition->info[$token->name]->attr; |
|
| 71 | + |
|
| 72 | + $attr_key = false; |
|
| 73 | + $context->register('CurrentAttr', $attr_key); |
|
| 74 | + |
|
| 75 | + // iterate through all the attribute keypairs |
|
| 76 | + // Watch out for name collisions: $key has previously been used |
|
| 77 | + foreach ($attr as $attr_key => $value) { |
|
| 78 | + |
|
| 79 | + // call the definition |
|
| 80 | + if ( isset($defs[$attr_key]) ) { |
|
| 81 | + // there is a local definition defined |
|
| 82 | + if ($defs[$attr_key] === false) { |
|
| 83 | + // We've explicitly been told not to allow this element. |
|
| 84 | + // This is usually when there's a global definition |
|
| 85 | + // that must be overridden. |
|
| 86 | + // Theoretically speaking, we could have a |
|
| 87 | + // AttrDef_DenyAll, but this is faster! |
|
| 88 | + $result = false; |
|
| 89 | + } else { |
|
| 90 | + // validate according to the element's definition |
|
| 91 | + $result = $defs[$attr_key]->validate( |
|
| 92 | + $value, $config, $context |
|
| 93 | + ); |
|
| 94 | + } |
|
| 95 | + } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 96 | + // there is a global definition defined, validate according |
|
| 97 | + // to the global definition |
|
| 98 | + $result = $d_defs[$attr_key]->validate( |
|
| 99 | + $value, $config, $context |
|
| 100 | + ); |
|
| 101 | + } else { |
|
| 102 | + // system never heard of the attribute? DELETE! |
|
| 103 | + $result = false; |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + // put the results into effect |
|
| 107 | + if ($result === false || $result === null) { |
|
| 108 | + // this is a generic error message that should replaced |
|
| 109 | + // with more specific ones when possible |
|
| 110 | + if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 111 | + |
|
| 112 | + // remove the attribute |
|
| 113 | + unset($attr[$attr_key]); |
|
| 114 | + } elseif (is_string($result)) { |
|
| 115 | + // generally, if a substitution is happening, there |
|
| 116 | + // was some sort of implicit correction going on. We'll |
|
| 117 | + // delegate it to the attribute classes to say exactly what. |
|
| 118 | + |
|
| 119 | + // simple substitution |
|
| 120 | + $attr[$attr_key] = $result; |
|
| 121 | + } else { |
|
| 122 | + // nothing happens |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + // we'd also want slightly more complicated substitution |
|
| 126 | + // involving an array as the return value, |
|
| 127 | + // although we're not sure how colliding attributes would |
|
| 128 | + // resolve (certain ones would be completely overriden, |
|
| 129 | + // others would prepend themselves). |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + $context->destroy('CurrentAttr'); |
|
| 133 | + |
|
| 134 | + // post transforms |
|
| 135 | + |
|
| 136 | + // global (error reporting untested) |
|
| 137 | + foreach ($definition->info_attr_transform_post as $transform) { |
|
| 138 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 139 | + if ($e) { |
|
| 140 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 141 | + } |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + // local (error reporting untested) |
|
| 145 | + foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
|
| 146 | + $attr = $transform->transform($o = $attr, $config, $context); |
|
| 147 | + if ($e) { |
|
| 148 | + if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 149 | + } |
|
| 150 | + } |
|
| 151 | + |
|
| 152 | + $token->attr = $attr; |
|
| 153 | + |
|
| 154 | + // destroy CurrentToken if we made it ourselves |
|
| 155 | + if (!$current_token) $context->destroy('CurrentToken'); |
|
| 156 | + |
|
| 157 | + } |
|
| 158 | 158 | |
| 159 | 159 | |
| 160 | 160 | } |
@@ -21,17 +21,17 @@ discard block |
||
| 21 | 21 | public function validateToken(&$token, &$config, $context) { |
| 22 | 22 | |
| 23 | 23 | $definition = $config->getHTMLDefinition(); |
| 24 | - $e =& $context->get('ErrorCollector', true); |
|
| 24 | + $e = & $context->get('ErrorCollector', true); |
|
| 25 | 25 | |
| 26 | 26 | // initialize IDAccumulator if necessary |
| 27 | - $ok =& $context->get('IDAccumulator', true); |
|
| 27 | + $ok = & $context->get('IDAccumulator', true); |
|
| 28 | 28 | if (!$ok) { |
| 29 | 29 | $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); |
| 30 | 30 | $context->register('IDAccumulator', $id_accumulator); |
| 31 | 31 | } |
| 32 | 32 | |
| 33 | 33 | // initialize CurrentToken if necessary |
| 34 | - $current_token =& $context->get('CurrentToken', true); |
|
| 34 | + $current_token = & $context->get('CurrentToken', true); |
|
| 35 | 35 | if (!$current_token) $context->register('CurrentToken', $token); |
| 36 | 36 | |
| 37 | 37 | if ( |
@@ -77,7 +77,7 @@ discard block |
||
| 77 | 77 | foreach ($attr as $attr_key => $value) { |
| 78 | 78 | |
| 79 | 79 | // call the definition |
| 80 | - if ( isset($defs[$attr_key]) ) { |
|
| 80 | + if (isset($defs[$attr_key])) { |
|
| 81 | 81 | // there is a local definition defined |
| 82 | 82 | if ($defs[$attr_key] === false) { |
| 83 | 83 | // We've explicitly been told not to allow this element. |
@@ -92,7 +92,7 @@ discard block |
||
| 92 | 92 | $value, $config, $context |
| 93 | 93 | ); |
| 94 | 94 | } |
| 95 | - } elseif ( isset($d_defs[$attr_key]) ) { |
|
| 95 | + } elseif (isset($d_defs[$attr_key])) { |
|
| 96 | 96 | // there is a global definition defined, validate according |
| 97 | 97 | // to the global definition |
| 98 | 98 | $result = $d_defs[$attr_key]->validate( |
@@ -32,12 +32,16 @@ discard block |
||
| 32 | 32 | |
| 33 | 33 | // initialize CurrentToken if necessary |
| 34 | 34 | $current_token =& $context->get('CurrentToken', true); |
| 35 | - if (!$current_token) $context->register('CurrentToken', $token); |
|
| 35 | + if (!$current_token) { |
|
| 36 | + $context->register('CurrentToken', $token); |
|
| 37 | + } |
|
| 36 | 38 | |
| 37 | 39 | if ( |
| 38 | 40 | !$token instanceof HTMLPurifier_Token_Start && |
| 39 | 41 | !$token instanceof HTMLPurifier_Token_Empty |
| 40 | - ) return $token; |
|
| 42 | + ) { |
|
| 43 | + return $token; |
|
| 44 | + } |
|
| 41 | 45 | |
| 42 | 46 | // create alias to global definition array, see also $defs |
| 43 | 47 | // DEFINITION CALL |
@@ -51,7 +55,9 @@ discard block |
||
| 51 | 55 | foreach ($definition->info_attr_transform_pre as $transform) { |
| 52 | 56 | $attr = $transform->transform($o = $attr, $config, $context); |
| 53 | 57 | if ($e) { |
| 54 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 58 | + if ($attr != $o) { |
|
| 59 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 60 | + } |
|
| 55 | 61 | } |
| 56 | 62 | } |
| 57 | 63 | |
@@ -60,7 +66,9 @@ discard block |
||
| 60 | 66 | foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { |
| 61 | 67 | $attr = $transform->transform($o = $attr, $config, $context); |
| 62 | 68 | if ($e) { |
| 63 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 69 | + if ($attr != $o) { |
|
| 70 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 71 | + } |
|
| 64 | 72 | } |
| 65 | 73 | } |
| 66 | 74 | |
@@ -107,7 +115,9 @@ discard block |
||
| 107 | 115 | if ($result === false || $result === null) { |
| 108 | 116 | // this is a generic error message that should replaced |
| 109 | 117 | // with more specific ones when possible |
| 110 | - if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 118 | + if ($e) { |
|
| 119 | + $e->send(E_ERROR, 'AttrValidator: Attribute removed'); |
|
| 120 | + } |
|
| 111 | 121 | |
| 112 | 122 | // remove the attribute |
| 113 | 123 | unset($attr[$attr_key]); |
@@ -137,7 +147,9 @@ discard block |
||
| 137 | 147 | foreach ($definition->info_attr_transform_post as $transform) { |
| 138 | 148 | $attr = $transform->transform($o = $attr, $config, $context); |
| 139 | 149 | if ($e) { |
| 140 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 150 | + if ($attr != $o) { |
|
| 151 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 152 | + } |
|
| 141 | 153 | } |
| 142 | 154 | } |
| 143 | 155 | |
@@ -145,14 +157,18 @@ discard block |
||
| 145 | 157 | foreach ($definition->info[$token->name]->attr_transform_post as $transform) { |
| 146 | 158 | $attr = $transform->transform($o = $attr, $config, $context); |
| 147 | 159 | if ($e) { |
| 148 | - if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 160 | + if ($attr != $o) { |
|
| 161 | + $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); |
|
| 162 | + } |
|
| 149 | 163 | } |
| 150 | 164 | } |
| 151 | 165 | |
| 152 | 166 | $token->attr = $attr; |
| 153 | 167 | |
| 154 | 168 | // destroy CurrentToken if we made it ourselves |
| 155 | - if (!$current_token) $context->destroy('CurrentToken'); |
|
| 169 | + if (!$current_token) { |
|
| 170 | + $context->destroy('CurrentToken'); |
|
| 171 | + } |
|
| 156 | 172 | |
| 157 | 173 | } |
| 158 | 174 | |
@@ -2,22 +2,22 @@ discard block |
||
| 2 | 2 | |
| 3 | 3 | // constants are slow, so we use as few as possible |
| 4 | 4 | if (!defined('HTMLPURIFIER_PREFIX')) { |
| 5 | - define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..')); |
|
| 5 | + define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..')); |
|
| 6 | 6 | } |
| 7 | 7 | |
| 8 | 8 | // accomodations for versions earlier than 5.0.2 |
| 9 | 9 | // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <[email protected]> |
| 10 | 10 | if (!defined('PHP_EOL')) { |
| 11 | - switch (strtoupper(substr(PHP_OS, 0, 3))) { |
|
| 12 | - case 'WIN': |
|
| 13 | - define('PHP_EOL', "\r\n"); |
|
| 14 | - break; |
|
| 15 | - case 'DAR': |
|
| 16 | - define('PHP_EOL', "\r"); |
|
| 17 | - break; |
|
| 18 | - default: |
|
| 19 | - define('PHP_EOL', "\n"); |
|
| 20 | - } |
|
| 11 | + switch (strtoupper(substr(PHP_OS, 0, 3))) { |
|
| 12 | + case 'WIN': |
|
| 13 | + define('PHP_EOL', "\r\n"); |
|
| 14 | + break; |
|
| 15 | + case 'DAR': |
|
| 16 | + define('PHP_EOL', "\r"); |
|
| 17 | + break; |
|
| 18 | + default: |
|
| 19 | + define('PHP_EOL', "\n"); |
|
| 20 | + } |
|
| 21 | 21 | } |
| 22 | 22 | |
| 23 | 23 | /** |
@@ -30,56 +30,56 @@ discard block |
||
| 30 | 30 | class HTMLPurifier_Bootstrap |
| 31 | 31 | { |
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * Autoload function for HTML Purifier |
|
| 35 | - * @param $class Class to load |
|
| 36 | - */ |
|
| 37 | - public static function autoload($class) { |
|
| 38 | - $file = HTMLPurifier_Bootstrap::getPath($class); |
|
| 39 | - if (!$file) return false; |
|
| 40 | - // Technically speaking, it should be ok and more efficient to |
|
| 41 | - // just do 'require', but Antonio Parraga reports that with |
|
| 42 | - // Zend extensions such as Zend debugger and APC, this invariant |
|
| 43 | - // may be broken. Since we have efficient alternatives, pay |
|
| 44 | - // the cost here and avoid the bug. |
|
| 45 | - require_once HTMLPURIFIER_PREFIX . '/' . $file; |
|
| 46 | - return true; |
|
| 47 | - } |
|
| 33 | + /** |
|
| 34 | + * Autoload function for HTML Purifier |
|
| 35 | + * @param $class Class to load |
|
| 36 | + */ |
|
| 37 | + public static function autoload($class) { |
|
| 38 | + $file = HTMLPurifier_Bootstrap::getPath($class); |
|
| 39 | + if (!$file) return false; |
|
| 40 | + // Technically speaking, it should be ok and more efficient to |
|
| 41 | + // just do 'require', but Antonio Parraga reports that with |
|
| 42 | + // Zend extensions such as Zend debugger and APC, this invariant |
|
| 43 | + // may be broken. Since we have efficient alternatives, pay |
|
| 44 | + // the cost here and avoid the bug. |
|
| 45 | + require_once HTMLPURIFIER_PREFIX . '/' . $file; |
|
| 46 | + return true; |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - /** |
|
| 50 | - * Returns the path for a specific class. |
|
| 51 | - */ |
|
| 52 | - public static function getPath($class) { |
|
| 53 | - if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; |
|
| 54 | - // Custom implementations |
|
| 55 | - if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { |
|
| 56 | - $code = str_replace('_', '-', substr($class, 22)); |
|
| 57 | - $file = 'HTMLPurifier/Language/classes/' . $code . '.php'; |
|
| 58 | - } else { |
|
| 59 | - $file = str_replace('_', '/', $class) . '.php'; |
|
| 60 | - } |
|
| 61 | - if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; |
|
| 62 | - return $file; |
|
| 63 | - } |
|
| 49 | + /** |
|
| 50 | + * Returns the path for a specific class. |
|
| 51 | + */ |
|
| 52 | + public static function getPath($class) { |
|
| 53 | + if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; |
|
| 54 | + // Custom implementations |
|
| 55 | + if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { |
|
| 56 | + $code = str_replace('_', '-', substr($class, 22)); |
|
| 57 | + $file = 'HTMLPurifier/Language/classes/' . $code . '.php'; |
|
| 58 | + } else { |
|
| 59 | + $file = str_replace('_', '/', $class) . '.php'; |
|
| 60 | + } |
|
| 61 | + if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; |
|
| 62 | + return $file; |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * "Pre-registers" our autoloader on the SPL stack. |
|
| 67 | - */ |
|
| 68 | - public static function registerAutoload() { |
|
| 69 | - $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); |
|
| 70 | - if ( ($funcs = spl_autoload_functions()) === false ) { |
|
| 71 | - spl_autoload_register($autoload); |
|
| 72 | - } elseif (function_exists('spl_autoload_unregister')) { |
|
| 73 | - $buggy = version_compare(PHP_VERSION, '5.2.11', '<'); |
|
| 74 | - $compat = version_compare(PHP_VERSION, '5.1.2', '<=') && |
|
| 75 | - version_compare(PHP_VERSION, '5.1.0', '>='); |
|
| 76 | - foreach ($funcs as $func) { |
|
| 77 | - if ($buggy && is_array($func)) { |
|
| 78 | - // :TRICKY: There are some compatibility issues and some |
|
| 79 | - // places where we need to error out |
|
| 80 | - $reflector = new ReflectionMethod($func[0], $func[1]); |
|
| 81 | - if (!$reflector->isStatic()) { |
|
| 82 | - throw new Exception(' |
|
| 65 | + /** |
|
| 66 | + * "Pre-registers" our autoloader on the SPL stack. |
|
| 67 | + */ |
|
| 68 | + public static function registerAutoload() { |
|
| 69 | + $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); |
|
| 70 | + if ( ($funcs = spl_autoload_functions()) === false ) { |
|
| 71 | + spl_autoload_register($autoload); |
|
| 72 | + } elseif (function_exists('spl_autoload_unregister')) { |
|
| 73 | + $buggy = version_compare(PHP_VERSION, '5.2.11', '<'); |
|
| 74 | + $compat = version_compare(PHP_VERSION, '5.1.2', '<=') && |
|
| 75 | + version_compare(PHP_VERSION, '5.1.0', '>='); |
|
| 76 | + foreach ($funcs as $func) { |
|
| 77 | + if ($buggy && is_array($func)) { |
|
| 78 | + // :TRICKY: There are some compatibility issues and some |
|
| 79 | + // places where we need to error out |
|
| 80 | + $reflector = new ReflectionMethod($func[0], $func[1]); |
|
| 81 | + if (!$reflector->isStatic()) { |
|
| 82 | + throw new Exception(' |
|
| 83 | 83 | HTML Purifier autoloader registrar is not compatible |
| 84 | 84 | with non-static object methods due to PHP Bug #44144; |
| 85 | 85 | Please do not use HTMLPurifier.autoload.php (or any |
@@ -87,17 +87,17 @@ discard block |
||
| 87 | 87 | spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\')) |
| 88 | 88 | after your own autoloaders. |
| 89 | 89 | '); |
| 90 | - } |
|
| 91 | - // Suprisingly, spl_autoload_register supports the |
|
| 92 | - // Class::staticMethod callback format, although call_user_func doesn't |
|
| 93 | - if ($compat) $func = implode('::', $func); |
|
| 94 | - } |
|
| 95 | - spl_autoload_unregister($func); |
|
| 96 | - } |
|
| 97 | - spl_autoload_register($autoload); |
|
| 98 | - foreach ($funcs as $func) spl_autoload_register($func); |
|
| 99 | - } |
|
| 100 | - } |
|
| 90 | + } |
|
| 91 | + // Suprisingly, spl_autoload_register supports the |
|
| 92 | + // Class::staticMethod callback format, although call_user_func doesn't |
|
| 93 | + if ($compat) $func = implode('::', $func); |
|
| 94 | + } |
|
| 95 | + spl_autoload_unregister($func); |
|
| 96 | + } |
|
| 97 | + spl_autoload_register($autoload); |
|
| 98 | + foreach ($funcs as $func) spl_autoload_register($func); |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | 102 | } |
| 103 | 103 | |
@@ -36,7 +36,9 @@ discard block |
||
| 36 | 36 | */ |
| 37 | 37 | public static function autoload($class) { |
| 38 | 38 | $file = HTMLPurifier_Bootstrap::getPath($class); |
| 39 | - if (!$file) return false; |
|
| 39 | + if (!$file) { |
|
| 40 | + return false; |
|
| 41 | + } |
|
| 40 | 42 | // Technically speaking, it should be ok and more efficient to |
| 41 | 43 | // just do 'require', but Antonio Parraga reports that with |
| 42 | 44 | // Zend extensions such as Zend debugger and APC, this invariant |
@@ -50,7 +52,9 @@ discard block |
||
| 50 | 52 | * Returns the path for a specific class. |
| 51 | 53 | */ |
| 52 | 54 | public static function getPath($class) { |
| 53 | - if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; |
|
| 55 | + if (strncmp('HTMLPurifier', $class, 12) !== 0) { |
|
| 56 | + return false; |
|
| 57 | + } |
|
| 54 | 58 | // Custom implementations |
| 55 | 59 | if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { |
| 56 | 60 | $code = str_replace('_', '-', substr($class, 22)); |
@@ -58,7 +62,9 @@ discard block |
||
| 58 | 62 | } else { |
| 59 | 63 | $file = str_replace('_', '/', $class) . '.php'; |
| 60 | 64 | } |
| 61 | - if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; |
|
| 65 | + if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) { |
|
| 66 | + return false; |
|
| 67 | + } |
|
| 62 | 68 | return $file; |
| 63 | 69 | } |
| 64 | 70 | |
@@ -90,12 +96,16 @@ discard block |
||
| 90 | 96 | } |
| 91 | 97 | // Suprisingly, spl_autoload_register supports the |
| 92 | 98 | // Class::staticMethod callback format, although call_user_func doesn't |
| 93 | - if ($compat) $func = implode('::', $func); |
|
| 99 | + if ($compat) { |
|
| 100 | + $func = implode('::', $func); |
|
| 101 | + } |
|
| 94 | 102 | } |
| 95 | 103 | spl_autoload_unregister($func); |
| 96 | 104 | } |
| 97 | 105 | spl_autoload_register($autoload); |
| 98 | - foreach ($funcs as $func) spl_autoload_register($func); |
|
| 106 | + foreach ($funcs as $func) { |
|
| 107 | + spl_autoload_register($func); |
|
| 108 | + } |
|
| 99 | 109 | } |
| 100 | 110 | } |
| 101 | 111 | |
@@ -2,7 +2,7 @@ discard block |
||
| 2 | 2 | |
| 3 | 3 | // constants are slow, so we use as few as possible |
| 4 | 4 | if (!defined('HTMLPURIFIER_PREFIX')) { |
| 5 | - define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..')); |
|
| 5 | + define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__).'/..')); |
|
| 6 | 6 | } |
| 7 | 7 | |
| 8 | 8 | // accomodations for versions earlier than 5.0.2 |
@@ -42,7 +42,7 @@ discard block |
||
| 42 | 42 | // Zend extensions such as Zend debugger and APC, this invariant |
| 43 | 43 | // may be broken. Since we have efficient alternatives, pay |
| 44 | 44 | // the cost here and avoid the bug. |
| 45 | - require_once HTMLPURIFIER_PREFIX . '/' . $file; |
|
| 45 | + require_once HTMLPURIFIER_PREFIX.'/'.$file; |
|
| 46 | 46 | return true; |
| 47 | 47 | } |
| 48 | 48 | |
@@ -54,11 +54,11 @@ discard block |
||
| 54 | 54 | // Custom implementations |
| 55 | 55 | if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { |
| 56 | 56 | $code = str_replace('_', '-', substr($class, 22)); |
| 57 | - $file = 'HTMLPurifier/Language/classes/' . $code . '.php'; |
|
| 57 | + $file = 'HTMLPurifier/Language/classes/'.$code.'.php'; |
|
| 58 | 58 | } else { |
| 59 | - $file = str_replace('_', '/', $class) . '.php'; |
|
| 59 | + $file = str_replace('_', '/', $class).'.php'; |
|
| 60 | 60 | } |
| 61 | - if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false; |
|
| 61 | + if (!file_exists(HTMLPURIFIER_PREFIX.'/'.$file)) return false; |
|
| 62 | 62 | return $file; |
| 63 | 63 | } |
| 64 | 64 | |
@@ -67,7 +67,7 @@ discard block |
||
| 67 | 67 | */ |
| 68 | 68 | public static function registerAutoload() { |
| 69 | 69 | $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); |
| 70 | - if ( ($funcs = spl_autoload_functions()) === false ) { |
|
| 70 | + if (($funcs = spl_autoload_functions()) === false) { |
|
| 71 | 71 | spl_autoload_register($autoload); |
| 72 | 72 | } elseif (function_exists('spl_autoload_unregister')) { |
| 73 | 73 | $buggy = version_compare(PHP_VERSION, '5.2.11', '<'); |
