xpressengine /
xe-core
@@ -12,49 +12,49 @@ |
||
| 12 | 12 | class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI |
| 13 | 13 | { |
| 14 | 14 | |
| 15 | - public function __construct() { |
|
| 16 | - parent::__construct(true); // always embedded |
|
| 17 | - } |
|
| 15 | + public function __construct() { |
|
| 16 | + parent::__construct(true); // always embedded |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | - public function validate($uri_string, $config, $context) { |
|
| 20 | - // parse the URI out of the string and then pass it onto |
|
| 21 | - // the parent object |
|
| 19 | + public function validate($uri_string, $config, $context) { |
|
| 20 | + // parse the URI out of the string and then pass it onto |
|
| 21 | + // the parent object |
|
| 22 | 22 | |
| 23 | - $uri_string = $this->parseCDATA($uri_string); |
|
| 24 | - if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 25 | - $uri_string = substr($uri_string, 4); |
|
| 26 | - $new_length = strlen($uri_string) - 1; |
|
| 27 | - if ($uri_string[$new_length] != ')') return false; |
|
| 28 | - $uri = trim(substr($uri_string, 0, $new_length)); |
|
| 23 | + $uri_string = $this->parseCDATA($uri_string); |
|
| 24 | + if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 25 | + $uri_string = substr($uri_string, 4); |
|
| 26 | + $new_length = strlen($uri_string) - 1; |
|
| 27 | + if ($uri_string[$new_length] != ')') return false; |
|
| 28 | + $uri = trim(substr($uri_string, 0, $new_length)); |
|
| 29 | 29 | |
| 30 | - if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
|
| 31 | - $quote = $uri[0]; |
|
| 32 | - $new_length = strlen($uri) - 1; |
|
| 33 | - if ($uri[$new_length] !== $quote) return false; |
|
| 34 | - $uri = substr($uri, 1, $new_length - 1); |
|
| 35 | - } |
|
| 30 | + if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
|
| 31 | + $quote = $uri[0]; |
|
| 32 | + $new_length = strlen($uri) - 1; |
|
| 33 | + if ($uri[$new_length] !== $quote) return false; |
|
| 34 | + $uri = substr($uri, 1, $new_length - 1); |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | - $uri = $this->expandCSSEscape($uri); |
|
| 37 | + $uri = $this->expandCSSEscape($uri); |
|
| 38 | 38 | |
| 39 | - $result = parent::validate($uri, $config, $context); |
|
| 39 | + $result = parent::validate($uri, $config, $context); |
|
| 40 | 40 | |
| 41 | - if ($result === false) return false; |
|
| 41 | + if ($result === false) return false; |
|
| 42 | 42 | |
| 43 | - // extra sanity check; should have been done by URI |
|
| 44 | - $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
|
| 43 | + // extra sanity check; should have been done by URI |
|
| 44 | + $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
|
| 45 | 45 | |
| 46 | - // suspicious characters are ()'; we're going to percent encode |
|
| 47 | - // them for safety. |
|
| 48 | - $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); |
|
| 46 | + // suspicious characters are ()'; we're going to percent encode |
|
| 47 | + // them for safety. |
|
| 48 | + $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); |
|
| 49 | 49 | |
| 50 | - // there's an extra bug where ampersands lose their escaping on |
|
| 51 | - // an innerHTML cycle, so a very unlucky query parameter could |
|
| 52 | - // then change the meaning of the URL. Unfortunately, there's |
|
| 53 | - // not much we can do about that... |
|
| 50 | + // there's an extra bug where ampersands lose their escaping on |
|
| 51 | + // an innerHTML cycle, so a very unlucky query parameter could |
|
| 52 | + // then change the meaning of the URL. Unfortunately, there's |
|
| 53 | + // not much we can do about that... |
|
| 54 | 54 | |
| 55 | - return "url(\"$result\")"; |
|
| 55 | + return "url(\"$result\")"; |
|
| 56 | 56 | |
| 57 | - } |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | 59 | } |
| 60 | 60 | |
@@ -21,16 +21,22 @@ discard block |
||
| 21 | 21 | // the parent object |
| 22 | 22 | |
| 23 | 23 | $uri_string = $this->parseCDATA($uri_string); |
| 24 | - if (strpos($uri_string, 'url(') !== 0) return false; |
|
| 24 | + if (strpos($uri_string, 'url(') !== 0) { |
|
| 25 | + return false; |
|
| 26 | + } |
|
| 25 | 27 | $uri_string = substr($uri_string, 4); |
| 26 | 28 | $new_length = strlen($uri_string) - 1; |
| 27 | - if ($uri_string[$new_length] != ')') return false; |
|
| 29 | + if ($uri_string[$new_length] != ')') { |
|
| 30 | + return false; |
|
| 31 | + } |
|
| 28 | 32 | $uri = trim(substr($uri_string, 0, $new_length)); |
| 29 | 33 | |
| 30 | 34 | if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { |
| 31 | 35 | $quote = $uri[0]; |
| 32 | 36 | $new_length = strlen($uri) - 1; |
| 33 | - if ($uri[$new_length] !== $quote) return false; |
|
| 37 | + if ($uri[$new_length] !== $quote) { |
|
| 38 | + return false; |
|
| 39 | + } |
|
| 34 | 40 | $uri = substr($uri, 1, $new_length - 1); |
| 35 | 41 | } |
| 36 | 42 | |
@@ -38,7 +44,9 @@ discard block |
||
| 38 | 44 | |
| 39 | 45 | $result = parent::validate($uri, $config, $context); |
| 40 | 46 | |
| 41 | - if ($result === false) return false; |
|
| 47 | + if ($result === false) { |
|
| 48 | + return false; |
|
| 49 | + } |
|
| 42 | 50 | |
| 43 | 51 | // extra sanity check; should have been done by URI |
| 44 | 52 | $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); |
@@ -6,22 +6,22 @@ |
||
| 6 | 6 | */ |
| 7 | 7 | class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | - /** |
|
| 10 | - * What we're cloning |
|
| 11 | - */ |
|
| 12 | - protected $clone; |
|
| 9 | + /** |
|
| 10 | + * What we're cloning |
|
| 11 | + */ |
|
| 12 | + protected $clone; |
|
| 13 | 13 | |
| 14 | - public function __construct($clone) { |
|
| 15 | - $this->clone = $clone; |
|
| 16 | - } |
|
| 14 | + public function __construct($clone) { |
|
| 15 | + $this->clone = $clone; |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function validate($v, $config, $context) { |
|
| 19 | - return $this->clone->validate($v, $config, $context); |
|
| 20 | - } |
|
| 18 | + public function validate($v, $config, $context) { |
|
| 19 | + return $this->clone->validate($v, $config, $context); |
|
| 20 | + } |
|
| 21 | 21 | |
| 22 | - public function make($string) { |
|
| 23 | - return clone $this->clone; |
|
| 24 | - } |
|
| 22 | + public function make($string) { |
|
| 23 | + return clone $this->clone; |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | 26 | } |
| 27 | 27 | |
@@ -10,55 +10,55 @@ |
||
| 10 | 10 | class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef |
| 11 | 11 | { |
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * Lookup table of valid values. |
|
| 15 | - * @todo Make protected |
|
| 16 | - */ |
|
| 17 | - public $valid_values = array(); |
|
| 13 | + /** |
|
| 14 | + * Lookup table of valid values. |
|
| 15 | + * @todo Make protected |
|
| 16 | + */ |
|
| 17 | + public $valid_values = array(); |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * Bool indicating whether or not enumeration is case sensitive. |
|
| 21 | - * @note In general this is always case insensitive. |
|
| 22 | - */ |
|
| 23 | - protected $case_sensitive = false; // values according to W3C spec |
|
| 19 | + /** |
|
| 20 | + * Bool indicating whether or not enumeration is case sensitive. |
|
| 21 | + * @note In general this is always case insensitive. |
|
| 22 | + */ |
|
| 23 | + protected $case_sensitive = false; // values according to W3C spec |
|
| 24 | 24 | |
| 25 | - /** |
|
| 26 | - * @param $valid_values List of valid values |
|
| 27 | - * @param $case_sensitive Bool indicating whether or not case sensitive |
|
| 28 | - */ |
|
| 29 | - public function __construct( |
|
| 30 | - $valid_values = array(), $case_sensitive = false |
|
| 31 | - ) { |
|
| 32 | - $this->valid_values = array_flip($valid_values); |
|
| 33 | - $this->case_sensitive = $case_sensitive; |
|
| 34 | - } |
|
| 25 | + /** |
|
| 26 | + * @param $valid_values List of valid values |
|
| 27 | + * @param $case_sensitive Bool indicating whether or not case sensitive |
|
| 28 | + */ |
|
| 29 | + public function __construct( |
|
| 30 | + $valid_values = array(), $case_sensitive = false |
|
| 31 | + ) { |
|
| 32 | + $this->valid_values = array_flip($valid_values); |
|
| 33 | + $this->case_sensitive = $case_sensitive; |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - public function validate($string, $config, $context) { |
|
| 37 | - $string = trim($string); |
|
| 38 | - if (!$this->case_sensitive) { |
|
| 39 | - // we may want to do full case-insensitive libraries |
|
| 40 | - $string = ctype_lower($string) ? $string : strtolower($string); |
|
| 41 | - } |
|
| 42 | - $result = isset($this->valid_values[$string]); |
|
| 36 | + public function validate($string, $config, $context) { |
|
| 37 | + $string = trim($string); |
|
| 38 | + if (!$this->case_sensitive) { |
|
| 39 | + // we may want to do full case-insensitive libraries |
|
| 40 | + $string = ctype_lower($string) ? $string : strtolower($string); |
|
| 41 | + } |
|
| 42 | + $result = isset($this->valid_values[$string]); |
|
| 43 | 43 | |
| 44 | - return $result ? $string : false; |
|
| 45 | - } |
|
| 44 | + return $result ? $string : false; |
|
| 45 | + } |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * @param $string In form of comma-delimited list of case-insensitive |
|
| 49 | - * valid values. Example: "foo,bar,baz". Prepend "s:" to make |
|
| 50 | - * case sensitive |
|
| 51 | - */ |
|
| 52 | - public function make($string) { |
|
| 53 | - if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { |
|
| 54 | - $string = substr($string, 2); |
|
| 55 | - $sensitive = true; |
|
| 56 | - } else { |
|
| 57 | - $sensitive = false; |
|
| 58 | - } |
|
| 59 | - $values = explode(',', $string); |
|
| 60 | - return new HTMLPurifier_AttrDef_Enum($values, $sensitive); |
|
| 61 | - } |
|
| 47 | + /** |
|
| 48 | + * @param $string In form of comma-delimited list of case-insensitive |
|
| 49 | + * valid values. Example: "foo,bar,baz". Prepend "s:" to make |
|
| 50 | + * case sensitive |
|
| 51 | + */ |
|
| 52 | + public function make($string) { |
|
| 53 | + if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { |
|
| 54 | + $string = substr($string, 2); |
|
| 55 | + $sensitive = true; |
|
| 56 | + } else { |
|
| 57 | + $sensitive = false; |
|
| 58 | + } |
|
| 59 | + $values = explode(',', $string); |
|
| 60 | + return new HTMLPurifier_AttrDef_Enum($values, $sensitive); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | 63 | } |
| 64 | 64 | |
@@ -14,7 +14,7 @@ |
||
| 14 | 14 | * Lookup table of valid values. |
| 15 | 15 | * @todo Make protected |
| 16 | 16 | */ |
| 17 | - public $valid_values = array(); |
|
| 17 | + public $valid_values = array(); |
|
| 18 | 18 | |
| 19 | 19 | /** |
| 20 | 20 | * Bool indicating whether or not enumeration is case sensitive. |
@@ -6,22 +6,22 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - protected $name; |
|
| 10 | - public $minimized = true; |
|
| 9 | + protected $name; |
|
| 10 | + public $minimized = true; |
|
| 11 | 11 | |
| 12 | - public function __construct($name = false) {$this->name = $name;} |
|
| 12 | + public function __construct($name = false) {$this->name = $name;} |
|
| 13 | 13 | |
| 14 | - public function validate($string, $config, $context) { |
|
| 15 | - if (empty($string)) return false; |
|
| 16 | - return $this->name; |
|
| 17 | - } |
|
| 14 | + public function validate($string, $config, $context) { |
|
| 15 | + if (empty($string)) return false; |
|
| 16 | + return $this->name; |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * @param $string Name of attribute |
|
| 21 | - */ |
|
| 22 | - public function make($string) { |
|
| 23 | - return new HTMLPurifier_AttrDef_HTML_Bool($string); |
|
| 24 | - } |
|
| 19 | + /** |
|
| 20 | + * @param $string Name of attribute |
|
| 21 | + */ |
|
| 22 | + public function make($string) { |
|
| 23 | + return new HTMLPurifier_AttrDef_HTML_Bool($string); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | 26 | } |
| 27 | 27 | |
@@ -9,7 +9,7 @@ |
||
| 9 | 9 | protected $name; |
| 10 | 10 | public $minimized = true; |
| 11 | 11 | |
| 12 | - public function __construct($name = false) {$this->name = $name;} |
|
| 12 | + public function __construct($name = false) {$this->name = $name; } |
|
| 13 | 13 | |
| 14 | 14 | public function validate($string, $config, $context) { |
| 15 | 15 | if (empty($string)) return false; |
@@ -12,7 +12,9 @@ |
||
| 12 | 12 | public function __construct($name = false) {$this->name = $name;} |
| 13 | 13 | |
| 14 | 14 | public function validate($string, $config, $context) { |
| 15 | - if (empty($string)) return false; |
|
| 15 | + if (empty($string)) { |
|
| 16 | + return false; |
|
| 17 | + } |
|
| 16 | 18 | return $this->name; |
| 17 | 19 | } |
| 18 | 20 | |
@@ -5,30 +5,30 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens |
| 7 | 7 | { |
| 8 | - protected function split($string, $config, $context) { |
|
| 9 | - // really, this twiddle should be lazy loaded |
|
| 10 | - $name = $config->getDefinition('HTML')->doctype->name; |
|
| 11 | - if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { |
|
| 12 | - return parent::split($string, $config, $context); |
|
| 13 | - } else { |
|
| 14 | - return preg_split('/\s+/', $string); |
|
| 15 | - } |
|
| 16 | - } |
|
| 17 | - protected function filter($tokens, $config, $context) { |
|
| 18 | - $allowed = $config->get('Attr.AllowedClasses'); |
|
| 19 | - $forbidden = $config->get('Attr.ForbiddenClasses'); |
|
| 20 | - $ret = array(); |
|
| 21 | - foreach ($tokens as $token) { |
|
| 22 | - if ( |
|
| 23 | - ($allowed === null || isset($allowed[$token])) && |
|
| 24 | - !isset($forbidden[$token]) && |
|
| 25 | - // We need this O(n) check because of PHP's array |
|
| 26 | - // implementation that casts -0 to 0. |
|
| 27 | - !in_array($token, $ret, true) |
|
| 28 | - ) { |
|
| 29 | - $ret[] = $token; |
|
| 30 | - } |
|
| 31 | - } |
|
| 32 | - return $ret; |
|
| 33 | - } |
|
| 8 | + protected function split($string, $config, $context) { |
|
| 9 | + // really, this twiddle should be lazy loaded |
|
| 10 | + $name = $config->getDefinition('HTML')->doctype->name; |
|
| 11 | + if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { |
|
| 12 | + return parent::split($string, $config, $context); |
|
| 13 | + } else { |
|
| 14 | + return preg_split('/\s+/', $string); |
|
| 15 | + } |
|
| 16 | + } |
|
| 17 | + protected function filter($tokens, $config, $context) { |
|
| 18 | + $allowed = $config->get('Attr.AllowedClasses'); |
|
| 19 | + $forbidden = $config->get('Attr.ForbiddenClasses'); |
|
| 20 | + $ret = array(); |
|
| 21 | + foreach ($tokens as $token) { |
|
| 22 | + if ( |
|
| 23 | + ($allowed === null || isset($allowed[$token])) && |
|
| 24 | + !isset($forbidden[$token]) && |
|
| 25 | + // We need this O(n) check because of PHP's array |
|
| 26 | + // implementation that casts -0 to 0. |
|
| 27 | + !in_array($token, $ret, true) |
|
| 28 | + ) { |
|
| 29 | + $ret[] = $token; |
|
| 30 | + } |
|
| 31 | + } |
|
| 32 | + return $ret; |
|
| 33 | + } |
|
| 34 | 34 | } |
@@ -6,26 +6,26 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public function validate($string, $config, $context) { |
|
| 9 | + public function validate($string, $config, $context) { |
|
| 10 | 10 | |
| 11 | - static $colors = null; |
|
| 12 | - if ($colors === null) $colors = $config->get('Core.ColorKeywords'); |
|
| 11 | + static $colors = null; |
|
| 12 | + if ($colors === null) $colors = $config->get('Core.ColorKeywords'); |
|
| 13 | 13 | |
| 14 | - $string = trim($string); |
|
| 14 | + $string = trim($string); |
|
| 15 | 15 | |
| 16 | - if (empty($string)) return false; |
|
| 17 | - if (isset($colors[strtolower($string)])) return $colors[$string]; |
|
| 18 | - if ($string[0] === '#') $hex = substr($string, 1); |
|
| 19 | - else $hex = $string; |
|
| 16 | + if (empty($string)) return false; |
|
| 17 | + if (isset($colors[strtolower($string)])) return $colors[$string]; |
|
| 18 | + if ($string[0] === '#') $hex = substr($string, 1); |
|
| 19 | + else $hex = $string; |
|
| 20 | 20 | |
| 21 | - $length = strlen($hex); |
|
| 22 | - if ($length !== 3 && $length !== 6) return false; |
|
| 23 | - if (!ctype_xdigit($hex)) return false; |
|
| 24 | - if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; |
|
| 21 | + $length = strlen($hex); |
|
| 22 | + if ($length !== 3 && $length !== 6) return false; |
|
| 23 | + if (!ctype_xdigit($hex)) return false; |
|
| 24 | + if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; |
|
| 25 | 25 | |
| 26 | - return "#$hex"; |
|
| 26 | + return "#$hex"; |
|
| 27 | 27 | |
| 28 | - } |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | 30 | } |
| 31 | 31 | |
@@ -9,19 +9,34 @@ |
||
| 9 | 9 | public function validate($string, $config, $context) { |
| 10 | 10 | |
| 11 | 11 | static $colors = null; |
| 12 | - if ($colors === null) $colors = $config->get('Core.ColorKeywords'); |
|
| 12 | + if ($colors === null) { |
|
| 13 | + $colors = $config->get('Core.ColorKeywords'); |
|
| 14 | + } |
|
| 13 | 15 | |
| 14 | 16 | $string = trim($string); |
| 15 | 17 | |
| 16 | - if (empty($string)) return false; |
|
| 17 | - if (isset($colors[strtolower($string)])) return $colors[$string]; |
|
| 18 | - if ($string[0] === '#') $hex = substr($string, 1); |
|
| 19 | - else $hex = $string; |
|
| 18 | + if (empty($string)) { |
|
| 19 | + return false; |
|
| 20 | + } |
|
| 21 | + if (isset($colors[strtolower($string)])) { |
|
| 22 | + return $colors[$string]; |
|
| 23 | + } |
|
| 24 | + if ($string[0] === '#') { |
|
| 25 | + $hex = substr($string, 1); |
|
| 26 | + } else { |
|
| 27 | + $hex = $string; |
|
| 28 | + } |
|
| 20 | 29 | |
| 21 | 30 | $length = strlen($hex); |
| 22 | - if ($length !== 3 && $length !== 6) return false; |
|
| 23 | - if (!ctype_xdigit($hex)) return false; |
|
| 24 | - if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; |
|
| 31 | + if ($length !== 3 && $length !== 6) { |
|
| 32 | + return false; |
|
| 33 | + } |
|
| 34 | + if (!ctype_xdigit($hex)) { |
|
| 35 | + return false; |
|
| 36 | + } |
|
| 37 | + if ($length === 3) { |
|
| 38 | + $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; |
|
| 39 | + } |
|
| 25 | 40 | |
| 26 | 41 | return "#$hex"; |
| 27 | 42 | |
@@ -6,15 +6,15 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public $valid_values = false; // uninitialized value |
|
| 10 | - protected $case_sensitive = false; |
|
| 9 | + public $valid_values = false; // uninitialized value |
|
| 10 | + protected $case_sensitive = false; |
|
| 11 | 11 | |
| 12 | - public function __construct() {} |
|
| 12 | + public function __construct() {} |
|
| 13 | 13 | |
| 14 | - public function validate($string, $config, $context) { |
|
| 15 | - if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); |
|
| 16 | - return parent::validate($string, $config, $context); |
|
| 17 | - } |
|
| 14 | + public function validate($string, $config, $context) { |
|
| 15 | + if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); |
|
| 16 | + return parent::validate($string, $config, $context); |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | 19 | } |
| 20 | 20 | |
@@ -12,7 +12,9 @@ |
||
| 12 | 12 | public function __construct() {} |
| 13 | 13 | |
| 14 | 14 | public function validate($string, $config, $context) { |
| 15 | - if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); |
|
| 15 | + if ($this->valid_values === false) { |
|
| 16 | + $this->valid_values = $config->get('Attr.AllowedFrameTargets'); |
|
| 17 | + } |
|
| 16 | 18 | return parent::validate($string, $config, $context); |
| 17 | 19 | } |
| 18 | 20 | |
@@ -12,68 +12,68 @@ |
||
| 12 | 12 | class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef |
| 13 | 13 | { |
| 14 | 14 | |
| 15 | - // selector is NOT a valid thing to use for IDREFs, because IDREFs |
|
| 16 | - // *must* target IDs that exist, whereas selector #ids do not. |
|
| 17 | - |
|
| 18 | - /** |
|
| 19 | - * Determines whether or not we're validating an ID in a CSS |
|
| 20 | - * selector context. |
|
| 21 | - */ |
|
| 22 | - protected $selector; |
|
| 23 | - |
|
| 24 | - public function __construct($selector = false) { |
|
| 25 | - $this->selector = $selector; |
|
| 26 | - } |
|
| 27 | - |
|
| 28 | - public function validate($id, $config, $context) { |
|
| 29 | - |
|
| 30 | - if (!$this->selector && !$config->get('Attr.EnableID')) return false; |
|
| 31 | - |
|
| 32 | - $id = trim($id); // trim it first |
|
| 33 | - |
|
| 34 | - if ($id === '') return false; |
|
| 35 | - |
|
| 36 | - $prefix = $config->get('Attr.IDPrefix'); |
|
| 37 | - if ($prefix !== '') { |
|
| 38 | - $prefix .= $config->get('Attr.IDPrefixLocal'); |
|
| 39 | - // prevent re-appending the prefix |
|
| 40 | - if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
|
| 41 | - } elseif ($config->get('Attr.IDPrefixLocal') !== '') { |
|
| 42 | - trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
|
| 43 | - '%Attr.IDPrefix is set', E_USER_WARNING); |
|
| 44 | - } |
|
| 45 | - |
|
| 46 | - if (!$this->selector) { |
|
| 47 | - $id_accumulator =& $context->get('IDAccumulator'); |
|
| 48 | - if (isset($id_accumulator->ids[$id])) return false; |
|
| 49 | - } |
|
| 50 | - |
|
| 51 | - // we purposely avoid using regex, hopefully this is faster |
|
| 52 | - |
|
| 53 | - if (ctype_alpha($id)) { |
|
| 54 | - $result = true; |
|
| 55 | - } else { |
|
| 56 | - if (!ctype_alpha(@$id[0])) return false; |
|
| 57 | - $trim = trim( // primitive style of regexps, I suppose |
|
| 58 | - $id, |
|
| 59 | - 'A..Za..z0..9:-._' |
|
| 60 | - ); |
|
| 61 | - $result = ($trim === ''); |
|
| 62 | - } |
|
| 63 | - |
|
| 64 | - $regexp = $config->get('Attr.IDBlacklistRegexp'); |
|
| 65 | - if ($regexp && preg_match($regexp, $id)) { |
|
| 66 | - return false; |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - if (!$this->selector && $result) $id_accumulator->add($id); |
|
| 70 | - |
|
| 71 | - // if no change was made to the ID, return the result |
|
| 72 | - // else, return the new id if stripping whitespace made it |
|
| 73 | - // valid, or return false. |
|
| 74 | - return $result ? $id : false; |
|
| 75 | - |
|
| 76 | - } |
|
| 15 | + // selector is NOT a valid thing to use for IDREFs, because IDREFs |
|
| 16 | + // *must* target IDs that exist, whereas selector #ids do not. |
|
| 17 | + |
|
| 18 | + /** |
|
| 19 | + * Determines whether or not we're validating an ID in a CSS |
|
| 20 | + * selector context. |
|
| 21 | + */ |
|
| 22 | + protected $selector; |
|
| 23 | + |
|
| 24 | + public function __construct($selector = false) { |
|
| 25 | + $this->selector = $selector; |
|
| 26 | + } |
|
| 27 | + |
|
| 28 | + public function validate($id, $config, $context) { |
|
| 29 | + |
|
| 30 | + if (!$this->selector && !$config->get('Attr.EnableID')) return false; |
|
| 31 | + |
|
| 32 | + $id = trim($id); // trim it first |
|
| 33 | + |
|
| 34 | + if ($id === '') return false; |
|
| 35 | + |
|
| 36 | + $prefix = $config->get('Attr.IDPrefix'); |
|
| 37 | + if ($prefix !== '') { |
|
| 38 | + $prefix .= $config->get('Attr.IDPrefixLocal'); |
|
| 39 | + // prevent re-appending the prefix |
|
| 40 | + if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
|
| 41 | + } elseif ($config->get('Attr.IDPrefixLocal') !== '') { |
|
| 42 | + trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
|
| 43 | + '%Attr.IDPrefix is set', E_USER_WARNING); |
|
| 44 | + } |
|
| 45 | + |
|
| 46 | + if (!$this->selector) { |
|
| 47 | + $id_accumulator =& $context->get('IDAccumulator'); |
|
| 48 | + if (isset($id_accumulator->ids[$id])) return false; |
|
| 49 | + } |
|
| 50 | + |
|
| 51 | + // we purposely avoid using regex, hopefully this is faster |
|
| 52 | + |
|
| 53 | + if (ctype_alpha($id)) { |
|
| 54 | + $result = true; |
|
| 55 | + } else { |
|
| 56 | + if (!ctype_alpha(@$id[0])) return false; |
|
| 57 | + $trim = trim( // primitive style of regexps, I suppose |
|
| 58 | + $id, |
|
| 59 | + 'A..Za..z0..9:-._' |
|
| 60 | + ); |
|
| 61 | + $result = ($trim === ''); |
|
| 62 | + } |
|
| 63 | + |
|
| 64 | + $regexp = $config->get('Attr.IDBlacklistRegexp'); |
|
| 65 | + if ($regexp && preg_match($regexp, $id)) { |
|
| 66 | + return false; |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + if (!$this->selector && $result) $id_accumulator->add($id); |
|
| 70 | + |
|
| 71 | + // if no change was made to the ID, return the result |
|
| 72 | + // else, return the new id if stripping whitespace made it |
|
| 73 | + // valid, or return false. |
|
| 74 | + return $result ? $id : false; |
|
| 75 | + |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | 78 | } |
| 79 | 79 | |
@@ -27,17 +27,23 @@ discard block |
||
| 27 | 27 | |
| 28 | 28 | public function validate($id, $config, $context) { |
| 29 | 29 | |
| 30 | - if (!$this->selector && !$config->get('Attr.EnableID')) return false; |
|
| 30 | + if (!$this->selector && !$config->get('Attr.EnableID')) { |
|
| 31 | + return false; |
|
| 32 | + } |
|
| 31 | 33 | |
| 32 | 34 | $id = trim($id); // trim it first |
| 33 | 35 | |
| 34 | - if ($id === '') return false; |
|
| 36 | + if ($id === '') { |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 35 | 39 | |
| 36 | 40 | $prefix = $config->get('Attr.IDPrefix'); |
| 37 | 41 | if ($prefix !== '') { |
| 38 | 42 | $prefix .= $config->get('Attr.IDPrefixLocal'); |
| 39 | 43 | // prevent re-appending the prefix |
| 40 | - if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
|
| 44 | + if (strpos($id, $prefix) !== 0) { |
|
| 45 | + $id = $prefix . $id; |
|
| 46 | + } |
|
| 41 | 47 | } elseif ($config->get('Attr.IDPrefixLocal') !== '') { |
| 42 | 48 | trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
| 43 | 49 | '%Attr.IDPrefix is set', E_USER_WARNING); |
@@ -45,7 +51,9 @@ discard block |
||
| 45 | 51 | |
| 46 | 52 | if (!$this->selector) { |
| 47 | 53 | $id_accumulator =& $context->get('IDAccumulator'); |
| 48 | - if (isset($id_accumulator->ids[$id])) return false; |
|
| 54 | + if (isset($id_accumulator->ids[$id])) { |
|
| 55 | + return false; |
|
| 56 | + } |
|
| 49 | 57 | } |
| 50 | 58 | |
| 51 | 59 | // we purposely avoid using regex, hopefully this is faster |
@@ -53,7 +61,9 @@ discard block |
||
| 53 | 61 | if (ctype_alpha($id)) { |
| 54 | 62 | $result = true; |
| 55 | 63 | } else { |
| 56 | - if (!ctype_alpha(@$id[0])) return false; |
|
| 64 | + if (!ctype_alpha(@$id[0])) { |
|
| 65 | + return false; |
|
| 66 | + } |
|
| 57 | 67 | $trim = trim( // primitive style of regexps, I suppose |
| 58 | 68 | $id, |
| 59 | 69 | 'A..Za..z0..9:-._' |
@@ -66,7 +76,9 @@ discard block |
||
| 66 | 76 | return false; |
| 67 | 77 | } |
| 68 | 78 | |
| 69 | - if (!$this->selector && $result) $id_accumulator->add($id); |
|
| 79 | + if (!$this->selector && $result) { |
|
| 80 | + $id_accumulator->add($id); |
|
| 81 | + } |
|
| 70 | 82 | |
| 71 | 83 | // if no change was made to the ID, return the result |
| 72 | 84 | // else, return the new id if stripping whitespace made it |
@@ -37,14 +37,14 @@ |
||
| 37 | 37 | if ($prefix !== '') { |
| 38 | 38 | $prefix .= $config->get('Attr.IDPrefixLocal'); |
| 39 | 39 | // prevent re-appending the prefix |
| 40 | - if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
|
| 40 | + if (strpos($id, $prefix) !== 0) $id = $prefix.$id; |
|
| 41 | 41 | } elseif ($config->get('Attr.IDPrefixLocal') !== '') { |
| 42 | 42 | trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
| 43 | 43 | '%Attr.IDPrefix is set', E_USER_WARNING); |
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | if (!$this->selector) { |
| 47 | - $id_accumulator =& $context->get('IDAccumulator'); |
|
| 47 | + $id_accumulator = & $context->get('IDAccumulator'); |
|
| 48 | 48 | if (isset($id_accumulator->ids[$id])) return false; |
| 49 | 49 | } |
| 50 | 50 | |
@@ -10,31 +10,31 @@ |
||
| 10 | 10 | class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels |
| 11 | 11 | { |
| 12 | 12 | |
| 13 | - public function validate($string, $config, $context) { |
|
| 13 | + public function validate($string, $config, $context) { |
|
| 14 | 14 | |
| 15 | - $string = trim($string); |
|
| 16 | - if ($string === '') return false; |
|
| 15 | + $string = trim($string); |
|
| 16 | + if ($string === '') return false; |
|
| 17 | 17 | |
| 18 | - $parent_result = parent::validate($string, $config, $context); |
|
| 19 | - if ($parent_result !== false) return $parent_result; |
|
| 18 | + $parent_result = parent::validate($string, $config, $context); |
|
| 19 | + if ($parent_result !== false) return $parent_result; |
|
| 20 | 20 | |
| 21 | - $length = strlen($string); |
|
| 22 | - $last_char = $string[$length - 1]; |
|
| 21 | + $length = strlen($string); |
|
| 22 | + $last_char = $string[$length - 1]; |
|
| 23 | 23 | |
| 24 | - if ($last_char !== '%') return false; |
|
| 24 | + if ($last_char !== '%') return false; |
|
| 25 | 25 | |
| 26 | - $points = substr($string, 0, $length - 1); |
|
| 26 | + $points = substr($string, 0, $length - 1); |
|
| 27 | 27 | |
| 28 | - if (!is_numeric($points)) return false; |
|
| 28 | + if (!is_numeric($points)) return false; |
|
| 29 | 29 | |
| 30 | - $points = (int) $points; |
|
| 30 | + $points = (int) $points; |
|
| 31 | 31 | |
| 32 | - if ($points < 0) return '0%'; |
|
| 33 | - if ($points > 100) return '100%'; |
|
| 32 | + if ($points < 0) return '0%'; |
|
| 33 | + if ($points > 100) return '100%'; |
|
| 34 | 34 | |
| 35 | - return ((string) $points) . '%'; |
|
| 35 | + return ((string) $points) . '%'; |
|
| 36 | 36 | |
| 37 | - } |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | 39 | } |
| 40 | 40 | |
@@ -13,24 +13,36 @@ |
||
| 13 | 13 | public function validate($string, $config, $context) { |
| 14 | 14 | |
| 15 | 15 | $string = trim($string); |
| 16 | - if ($string === '') return false; |
|
| 16 | + if ($string === '') { |
|
| 17 | + return false; |
|
| 18 | + } |
|
| 17 | 19 | |
| 18 | 20 | $parent_result = parent::validate($string, $config, $context); |
| 19 | - if ($parent_result !== false) return $parent_result; |
|
| 21 | + if ($parent_result !== false) { |
|
| 22 | + return $parent_result; |
|
| 23 | + } |
|
| 20 | 24 | |
| 21 | 25 | $length = strlen($string); |
| 22 | 26 | $last_char = $string[$length - 1]; |
| 23 | 27 | |
| 24 | - if ($last_char !== '%') return false; |
|
| 28 | + if ($last_char !== '%') { |
|
| 29 | + return false; |
|
| 30 | + } |
|
| 25 | 31 | |
| 26 | 32 | $points = substr($string, 0, $length - 1); |
| 27 | 33 | |
| 28 | - if (!is_numeric($points)) return false; |
|
| 34 | + if (!is_numeric($points)) { |
|
| 35 | + return false; |
|
| 36 | + } |
|
| 29 | 37 | |
| 30 | 38 | $points = (int) $points; |
| 31 | 39 | |
| 32 | - if ($points < 0) return '0%'; |
|
| 33 | - if ($points > 100) return '100%'; |
|
| 40 | + if ($points < 0) { |
|
| 41 | + return '0%'; |
|
| 42 | + } |
|
| 43 | + if ($points > 100) { |
|
| 44 | + return '100%'; |
|
| 45 | + } |
|
| 34 | 46 | |
| 35 | 47 | return ((string) $points) . '%'; |
| 36 | 48 | |
@@ -32,7 +32,7 @@ |
||
| 32 | 32 | if ($points < 0) return '0%'; |
| 33 | 33 | if ($points > 100) return '100%'; |
| 34 | 34 | |
| 35 | - return ((string) $points) . '%'; |
|
| 35 | + return ((string) $points).'%'; |
|
| 36 | 36 | |
| 37 | 37 | } |
| 38 | 38 | |
