xpressengine / xe-core

classes/mail/Mail.class.php

Doc Comments +1 added lines, -1 removed lines

@@ -128,7 +128,7 @@
 	/**
 	 * Constructor function
 	 *
-	 * @return void
+	 * @return string
 	 */
 	function Mail()
 	{

Braces +12 added lines, -24 removed lines

@@ -151,8 +151,7 @@ 
 		if($this->isVaildMailAddress($account_name))
 		{
 			$this->Username = $account_name;
-		}
-		else
+		} else
 		{
 			$this->Username = $account_name . '@gmail.com';
 		}
@@ -190,8 +189,7 @@ 
 			$this->IsSMTP();
 			$this->AltBody = "To view the message, please use an HTML compatible email viewer!";
 			return TRUE;
-		}
-		else
+		} else
 		{
 			$this->IsMail();
 			return FALSE;
@@ -246,8 +244,7 @@ 
 		{
 			$this->sender_name = $name;
 			$this->sender_email = $email;
-		}
-		else
+		} else
 		{
 			$this->SetFrom($email, $name);
 		}
@@ -280,8 +277,7 @@ 
 		{
 			$this->receiptor_name = $name;
 			$this->receiptor_email = $email;
-		}
-		else
+		} else
 		{
 			$this->AddAddress($email, $name);
 		}
@@ -312,8 +308,7 @@ 
 		if($this->Mailer == "mail")
 		{
 			$this->title = $title;
-		}
-		else
+		} else
 		{
 			$this->Subject = $title;
 		}
@@ -340,8 +335,7 @@ 
 		if($this->Mailer == "mail")
 		{
 			$this->bcc = $bcc;
-		}
-		else
+		} else
 		{
 			$this->AddBCC($bcc);
 		}
@@ -380,8 +374,7 @@ 
 		if($this->Mailer == "mail")
 		{
 			$this->replyTo = $replyTo;
-		}
-		else
+		} else
 		{
 			$this->AddReplyTo($replyTo);
 		}
@@ -399,8 +392,7 @@ 
 		if($this->Mailer == "mail")
 		{
 			$this->content = $content;
-		}
-		else
+		} else
 		{
 			$this->MsgHTML($content);
 		}
@@ -486,8 +478,7 @@ 
 				$this->body = implode("", $res);
 				$this->body .= "--" . $boundary . "--";
 			}
-		}
-		else
+		} else
 		{
 			if(count($this->attachments) > 0)
 			{
@@ -578,8 +569,7 @@ 
 				return mail($this->getReceiptor(), $this->getTitle(), $this->body, $headers, $this->additional_params);
 			}
 			return mail($this->getReceiptor(), $this->getTitle(), $this->body, $headers);
-		}
-		else
+		} else
 		{
 			$this->procAttachments();
 			return parent::Send();
@@ -604,8 +594,7 @@ 
 			if(checkdnsrr($host, "MX") || checkdnsrr($host, "A"))
 			{
 				return TRUE;
-			}
-			else
+			} else
 			{
 				return FALSE;
 			}
@@ -624,8 +613,7 @@ 
 		if(preg_match("/([a-z0-9\_\-\.]+)@([a-z0-9\_\-\.]+)/i", $email_address))
 		{
 			return $email_address;
-		}
-		else
+		} else
 		{
 			return '';
 		}

Spacing +79 added lines, -79 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 /* Copyright (C) NAVER <http://www.navercorp.com> */
 
-require_once _XE_PATH_ . "libs/phpmailer/phpmailer.php";
+require_once _XE_PATH_."libs/phpmailer/phpmailer.php";
 
 /**
  * Mailing class for XpressEngine
@@ -148,13 +148,13 @@ 
 		$this->SMTPSecure = "tls";
 		$this->Host = 'smtp.gmail.com';
 		$this->Port = '587';
-		if($this->isVaildMailAddress($account_name))
+		if ($this->isVaildMailAddress($account_name))
 		{
 			$this->Username = $account_name;
 		}
 		else
 		{
-			$this->Username = $account_name . '@gmail.com';
+			$this->Username = $account_name.'@gmail.com';
 		}
 		$this->Password = $account_passwd;
 		$this->IsSMTP();
@@ -180,12 +180,12 @@ 
 		$this->Password = $pass;
 		$this->Port = $port;
 
-		if($secure == 'ssl' || $secure == 'tls')
+		if ($secure == 'ssl' || $secure == 'tls')
 		{
 			$this->SMTPSecure = $secure;
 		}
 
-		if(($this->SMTPAuth !== NULL && $this->Host !== NULL && $this->Username !== NULL && $this->Password !== NULL) || ($this->SMTPAuth === NULL && $this->Host !== NULL))
+		if (($this->SMTPAuth !== NULL && $this->Host !== NULL && $this->Username !== NULL && $this->Password !== NULL) || ($this->SMTPAuth === NULL && $this->Host !== NULL))
 		{
 			$this->IsSMTP();
 			$this->AltBody = "To view the message, please use an HTML compatible email viewer!";
@@ -242,7 +242,7 @@ 
 	 */
 	function setSender($name, $email)
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->sender_name = $name;
 			$this->sender_email = $email;
@@ -260,9 +260,9 @@ 
 	 */
 	function getSender()
 	{
-		if(!stristr(PHP_OS, 'win') && $this->sender_name)
+		if (!stristr(PHP_OS, 'win') && $this->sender_name)
 		{
-			return sprintf("%s <%s>", '=?utf-8?b?' . base64_encode($this->sender_name) . '?=', $this->sender_email);
+			return sprintf("%s <%s>", '=?utf-8?b?'.base64_encode($this->sender_name).'?=', $this->sender_email);
 		}
 		return $this->sender_email;
 	}
@@ -276,7 +276,7 @@ 
 	 */
 	function setReceiptor($name, $email)
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->receiptor_name = $name;
 			$this->receiptor_email = $email;
@@ -294,9 +294,9 @@ 
 	 */
 	function getReceiptor()
 	{
-		if(!stristr(PHP_OS, 'win') && $this->receiptor_name && $this->receiptor_name != $this->receiptor_email)
+		if (!stristr(PHP_OS, 'win') && $this->receiptor_name && $this->receiptor_name != $this->receiptor_email)
 		{
-			return sprintf("%s <%s>", '=?utf-8?b?' . base64_encode($this->receiptor_name) . '?=', $this->receiptor_email);
+			return sprintf("%s <%s>", '=?utf-8?b?'.base64_encode($this->receiptor_name).'?=', $this->receiptor_email);
 		}
 		return $this->receiptor_email;
 	}
@@ -309,7 +309,7 @@ 
 	 */
 	function setTitle($title)
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->title = $title;
 		}
@@ -326,7 +326,7 @@ 
 	 */
 	function getTitle()
 	{
-		return '=?utf-8?b?' . base64_encode($this->title) . '?=';
+		return '=?utf-8?b?'.base64_encode($this->title).'?=';
 	}
 
 	/**
@@ -337,7 +337,7 @@ 
 	 */
 	function setBCC($bcc)
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->bcc = $bcc;
 		}
@@ -377,7 +377,7 @@ 
 	 */
 	function setReplyTo($replyTo)
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->replyTo = $replyTo;
 		}
@@ -396,7 +396,7 @@ 
 	function setContent($content)
 	{
 		$content = preg_replace_callback('/<img([^>]+)>/i', array($this, 'replaceResourceRealPath'), $content);
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
 			$this->content = $content;
 		}
@@ -415,7 +415,7 @@ 
 	 */
 	function replaceResourceRealPath($matches)
 	{
-		return preg_replace('/src=(["\']?)files/i', 'src=$1' . Context::getRequestUri() . 'files', $matches[0]);
+		return preg_replace('/src=(["\']?)files/i', 'src=$1'.Context::getRequestUri().'files', $matches[0]);
 	}
 
 	/**
@@ -456,42 +456,42 @@ 
 	 */
 	function procAttachments()
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
-			if(count($this->attachments) > 0)
+			if (count($this->attachments) > 0)
 			{
-				$this->body = $this->header . $this->body;
-				$boundary = '----==' . uniqid(rand(), TRUE);
-				$this->header = "Content-Type: multipart/mixed;" . $this->eol . "\tboundary=\"" . $boundary . "\"" . $this->eol . $this->eol;
-				$this->body = "--" . $boundary . $this->eol . $this->body . $this->eol . $this->eol;
+				$this->body = $this->header.$this->body;
+				$boundary = '----=='.uniqid(rand(), TRUE);
+				$this->header = "Content-Type: multipart/mixed;".$this->eol."\tboundary=\"".$boundary."\"".$this->eol.$this->eol;
+				$this->body = "--".$boundary.$this->eol.$this->body.$this->eol.$this->eol;
 				$res = array();
 				$res[] = $this->body;
-				foreach($this->attachments as $filename => $attachment)
+				foreach ($this->attachments as $filename => $attachment)
 				{
 					$type = $this->returnMIMEType($filename);
 					$file_handler = new FileHandler();
 					$file_str = $file_handler->readFile($attachment);
 					$chunks = chunk_split(base64_encode($file_str));
 					$tempBody = sprintf(
-							"--" . $boundary . $this->eol .
-							"Content-Type: %s;" . $this->eol .
-							"\tname=\"%s\"" . $this->eol .
-							"Content-Transfer-Encoding: base64" . $this->eol .
-							"Content-Description: %s" . $this->eol .
-							"Content-Disposition: attachment;" . $this->eol .
-							"\tfilename=\"%s\"" . $this->eol . $this->eol .
-							"%s" . $this->eol . $this->eol, $type, $filename, $filename, $filename, $chunks);
+							"--".$boundary.$this->eol.
+							"Content-Type: %s;".$this->eol.
+							"\tname=\"%s\"".$this->eol.
+							"Content-Transfer-Encoding: base64".$this->eol.
+							"Content-Description: %s".$this->eol.
+							"Content-Disposition: attachment;".$this->eol.
+							"\tfilename=\"%s\"".$this->eol.$this->eol.
+							"%s".$this->eol.$this->eol, $type, $filename, $filename, $filename, $chunks);
 					$res[] = $tempBody;
 				}
 				$this->body = implode("", $res);
-				$this->body .= "--" . $boundary . "--";
+				$this->body .= "--".$boundary."--";
 			}
 		}
 		else
 		{
-			if(count($this->attachments) > 0)
+			if (count($this->attachments) > 0)
 			{
-				foreach($this->attachments as $filename => $attachment)
+				foreach ($this->attachments as $filename => $attachment)
 				{
 					parent::AddAttachment($attachment);
 				}
@@ -506,33 +506,33 @@ 
 	 */
 	function procCidAttachments()
 	{
-		if(count($this->cidAttachments) > 0)
+		if (count($this->cidAttachments) > 0)
 		{
-			$this->body = $this->header . $this->body;
-			$boundary = '----==' . uniqid(rand(), TRUE);
-			$this->header = "Content-Type: multipart/relative;" . $this->eol . "\ttype=\"multipart/alternative\";" . $this->eol . "\tboundary=\"" . $boundary . "\"" . $this->eol . $this->eol;
-			$this->body = "--" . $boundary . $this->eol . $this->body . $this->eol . $this->eol;
+			$this->body = $this->header.$this->body;
+			$boundary = '----=='.uniqid(rand(), TRUE);
+			$this->header = "Content-Type: multipart/relative;".$this->eol."\ttype=\"multipart/alternative\";".$this->eol."\tboundary=\"".$boundary."\"".$this->eol.$this->eol;
+			$this->body = "--".$boundary.$this->eol.$this->body.$this->eol.$this->eol;
 			$res = array();
 			$res[] = $this->body;
-			foreach($this->cidAttachments as $cid => $attachment)
+			foreach ($this->cidAttachments as $cid => $attachment)
 			{
 				$filename = basename($attachment);
 				$type = $this->returnMIMEType(FileHandler::getRealPath($attachment));
 				$file_str = FileHandler::readFile($attachment);
 				$chunks = chunk_split(base64_encode($file_str));
 				$tempBody = sprintf(
-						"--" . $boundary . $this->eol .
-						"Content-Type: %s;" . $this->eol .
-						"\tname=\"%s\"" . $this->eol .
-						"Content-Transfer-Encoding: base64" . $this->eol .
-						"Content-ID: <%s>" . $this->eol .
-						"Content-Description: %s" . $this->eol .
-						"Content-Location: %s" . $this->eol . $this->eol .
-						"%s" . $this->eol . $this->eol, $type, $filename, $cid, $filename, $filename, $chunks);
+						"--".$boundary.$this->eol.
+						"Content-Type: %s;".$this->eol.
+						"\tname=\"%s\"".$this->eol.
+						"Content-Transfer-Encoding: base64".$this->eol.
+						"Content-ID: <%s>".$this->eol.
+						"Content-Description: %s".$this->eol.
+						"Content-Location: %s".$this->eol.$this->eol.
+						"%s".$this->eol.$this->eol, $type, $filename, $cid, $filename, $filename, $chunks);
 				$res[] = $tempBody;
 			}
 			$this->body = implode("", $res);
-			$this->body .= "--" . $boundary . "--";
+			$this->body .= "--".$boundary."--";
 		}
 	}
 
@@ -543,37 +543,37 @@ 
 	 */
 	function send()
 	{
-		if($this->Mailer == "mail")
+		if ($this->Mailer == "mail")
 		{
-			$boundary = '----==' . uniqid(rand(), TRUE);
+			$boundary = '----=='.uniqid(rand(), TRUE);
 			$this->eol = $GLOBALS['_qmail_compatibility'] == "Y" ? "\n" : "\r\n";
-			$this->header = "Content-Type: multipart/alternative;" . $this->eol . "\tboundary=\"" . $boundary . "\"" . $this->eol . $this->eol;
+			$this->header = "Content-Type: multipart/alternative;".$this->eol."\tboundary=\"".$boundary."\"".$this->eol.$this->eol;
 			$this->body = sprintf(
-					"--%s" . $this->eol .
-					"Content-Type: text/plain; charset=utf-8; format=flowed" . $this->eol .
-					"Content-Transfer-Encoding: base64" . $this->eol .
-					"Content-Disposition: inline" . $this->eol . $this->eol .
-					"%s" .
-					"--%s" . $this->eol .
-					"Content-Type: text/html; charset=utf-8" . $this->eol .
-					"Content-Transfer-Encoding: base64" . $this->eol .
-					"Content-Disposition: inline" . $this->eol . $this->eol .
-					"%s" .
-					"--%s--" .
+					"--%s".$this->eol.
+					"Content-Type: text/plain; charset=utf-8; format=flowed".$this->eol.
+					"Content-Transfer-Encoding: base64".$this->eol.
+					"Content-Disposition: inline".$this->eol.$this->eol.
+					"%s".
+					"--%s".$this->eol.
+					"Content-Type: text/html; charset=utf-8".$this->eol.
+					"Content-Transfer-Encoding: base64".$this->eol.
+					"Content-Disposition: inline".$this->eol.$this->eol.
+					"%s".
+					"--%s--".
 					"", $boundary, $this->getPlainContent(), $boundary, $this->getHTMLContent(), $boundary
 			);
 			$this->procCidAttachments();
 			$this->procAttachments();
 			$headers = sprintf(
-					"From: %s" . $this->eol .
-					"%s" .
-					"%s" .
-					"%s" .
-					"%s" .
-					"MIME-Version: 1.0" . $this->eol . "", $this->getSender(), $this->messageId ? ("Message-ID: <" . $this->messageId . ">" . $this->eol) : "", $this->replyTo ? ("Reply-To: <" . $this->replyTo . ">" . $this->eol) : "", $this->bcc ? ("Bcc: " . $this->bcc . $this->eol) : "", $this->references ? ("References: <" . $this->references . ">" . $this->eol . "In-Reply-To: <" . $this->references . ">" . $this->eol) : ""
+					"From: %s".$this->eol.
+					"%s".
+					"%s".
+					"%s".
+					"%s".
+					"MIME-Version: 1.0".$this->eol."", $this->getSender(), $this->messageId ? ("Message-ID: <".$this->messageId.">".$this->eol) : "", $this->replyTo ? ("Reply-To: <".$this->replyTo.">".$this->eol) : "", $this->bcc ? ("Bcc: ".$this->bcc.$this->eol) : "", $this->references ? ("References: <".$this->references.">".$this->eol."In-Reply-To: <".$this->references.">".$this->eol) : ""
 			);
 			$headers .= $this->header;
-			if($this->additional_params)
+			if ($this->additional_params)
 			{
 				return mail($this->getReceiptor(), $this->getTitle(), $this->body, $headers, $this->additional_params);
 			}
@@ -594,14 +594,14 @@ 
 	 */
 	function checkMailMX($email_address)
 	{
-		if(!Mail::isVaildMailAddress($email_address))
+		if (!Mail::isVaildMailAddress($email_address))
 		{
 			return FALSE;
 		}
 		list($user, $host) = explode("@", $email_address);
-		if(function_exists('checkdnsrr'))
+		if (function_exists('checkdnsrr'))
 		{
-			if(checkdnsrr($host, "MX") || checkdnsrr($host, "A"))
+			if (checkdnsrr($host, "MX") || checkdnsrr($host, "A"))
 			{
 				return TRUE;
 			}
@@ -621,7 +621,7 @@ 
 	 */
 	function isVaildMailAddress($email_address)
 	{
-		if(preg_match("/([a-z0-9\_\-\.]+)@([a-z0-9\_\-\.]+)/i", $email_address))
+		if (preg_match("/([a-z0-9\_\-\.]+)@([a-z0-9\_\-\.]+)/i", $email_address))
 		{
 			return $email_address;
 		}
@@ -640,7 +640,7 @@ 
 	function returnMIMEType($filename)
 	{
 		preg_match("|\.([a-z0-9]{2,4})$|i", $filename, $fileSuffix);
-		switch(strtolower($fileSuffix[1]))
+		switch (strtolower($fileSuffix[1]))
 		{
 			case "js" :
 				return "application/x-javascript";
@@ -654,7 +654,7 @@ 
 			case "gif" :
 			case "bmp" :
 			case "tiff" :
-				return "image/" . strtolower($fileSuffix[1]);
+				return "image/".strtolower($fileSuffix[1]);
 			case "css" :
 				return "text/css";
 			case "xml" :
@@ -708,11 +708,11 @@ 
 			case "swf" :
 				return "application/x-shockwave-flash";
 			default :
-				if(function_exists("mime_content_type"))
+				if (function_exists("mime_content_type"))
 				{
 					$fileSuffix = mime_content_type($filename);
 				}
-				return "unknown/" . trim($fileSuffix[0], ".");
+				return "unknown/".trim($fileSuffix[0], ".");
 		}
 	}
 

classes/module/ModuleHandler.class.php

Doc Comments +5 added lines, -1 removed lines

@@ -112,7 +112,7 @@ 
 
 	/**
 	 * Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action
-	 * @return boolean true: OK, false: redirected
+	 * @return string|boolean true: OK, false: redirected
 	 * */
 	function init()
 	{
@@ -1128,6 +1128,10 @@ 
 		return $GLOBALS['_loaded_module'][$module][$type][$kind];
 	}
 
+	/**
+	 * @param string $type
+	 * @param string $kind
+	 */
 	function _getModuleFilePath($module, $type, $kind, &$classPath, &$highClassFile, &$classFile, &$instanceName)
 	{
 		$classPath = ModuleHandler::getModulePath($module);

Indentation +4 added lines, -4 removed lines

@@ -59,10 +59,10 @@
 		$this->mid = $mid ? $mid : Context::get('mid');
 		$this->document_srl = $document_srl ? (int) $document_srl : (int) Context::get('document_srl');
 		$this->module_srl = $module_srl ? (int) $module_srl : (int) Context::get('module_srl');
-        if($entry = Context::get('entry'))
-        {
-            $this->entry = Context::convertEncodingStr($entry);
-        }
+		if($entry = Context::get('entry'))
+		{
+			$this->entry = Context::convertEncodingStr($entry);
+		}
 
 		// Validate variables to prevent XSS
 		$isInvalid = NULL;

Spacing +180 added lines, -180 removed lines

@@ -35,7 +35,7 @@ 
 	function ModuleHandler($module = '', $act = '', $mid = '', $document_srl = '', $module_srl = '')
 	{
 		// If XE has not installed yet, set module as install
-		if(!Context::isInstalled())
+		if (!Context::isInstalled())
 		{
 			$this->module = 'install';
 			$this->act = Context::get('act');
@@ -43,10 +43,10 @@ 
 		}
 
 		$oContext = Context::getInstance();
-		if($oContext->isSuccessInit == FALSE)
+		if ($oContext->isSuccessInit == FALSE)
 		{
 			$logged_info = Context::get('logged_info');
-			if($logged_info->is_admin != "Y")
+			if ($logged_info->is_admin != "Y")
 			{
 				$this->error = 'msg_invalid_request';
 				return;
@@ -59,26 +59,26 @@ 
 		$this->mid = $mid ? $mid : Context::get('mid');
 		$this->document_srl = $document_srl ? (int) $document_srl : (int) Context::get('document_srl');
 		$this->module_srl = $module_srl ? (int) $module_srl : (int) Context::get('module_srl');
-        if($entry = Context::get('entry'))
+        if ($entry = Context::get('entry'))
         {
             $this->entry = Context::convertEncodingStr($entry);
         }
 
 		// Validate variables to prevent XSS
 		$isInvalid = NULL;
-		if($this->module && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->module))
+		if ($this->module && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->module))
 		{
 			$isInvalid = TRUE;
 		}
-		if($this->mid && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->mid))
+		if ($this->mid && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->mid))
 		{
 			$isInvalid = TRUE;
 		}
-		if($this->act && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->act))
+		if ($this->act && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->act))
 		{
 			$isInvalid = TRUE;
 		}
-		if($isInvalid)
+		if ($isInvalid)
 		{
 			htmlHeader();
 			echo Context::getLang("msg_invalid_request");
@@ -87,14 +87,14 @@ 
 			exit;
 		}
 
-		if(isset($this->act) && (strlen($this->act) >= 4 && substr_compare($this->act, 'disp', 0, 4) === 0))
+		if (isset($this->act) && (strlen($this->act) >= 4 && substr_compare($this->act, 'disp', 0, 4) === 0))
 		{
-			if(Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && $_SERVER['HTTPS'] != 'on')
+			if (Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && $_SERVER['HTTPS'] != 'on')
 			{
-				if(Context::get('_https_port')!=null) {
-					header('location:https://' . $_SERVER['HTTP_HOST'] . ':' . Context::get('_https_port') . $_SERVER['REQUEST_URI']);
+				if (Context::get('_https_port') != null) {
+					header('location:https://'.$_SERVER['HTTP_HOST'].':'.Context::get('_https_port').$_SERVER['REQUEST_URI']);
 				} else {
-					header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+					header('location:https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
 				}
 				return;
 			}
@@ -102,9 +102,9 @@ 
 
 		// call a trigger before moduleHandler init
 		ModuleHandler::triggerCall('moduleHandler.init', 'before', $this);
-		if(__ERROR_LOG__ == 1 && __DEBUG_OUTPUT__ == 0)
+		if (__ERROR_LOG__ == 1 && __DEBUG_OUTPUT__ == 0)
 		{
-			if(__DEBUG_PROTECT__ === 0 || __DEBUG_PROTECT__ === 1 && __DEBUG_PROTECT_IP__ == $_SERVER['REMOTE_ADDR'])
+			if (__DEBUG_PROTECT__ === 0 || __DEBUG_PROTECT__ === 1 && __DEBUG_PROTECT_IP__ == $_SERVER['REMOTE_ADDR'])
 			{
 				set_error_handler(array($this, 'xeErrorLog'), E_WARNING);
 				register_shutdown_function(array($this, 'shutdownHandler'));
@@ -115,40 +115,40 @@ 
 		$called_position = 'before_module_init';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? 'mobile' : 'pc');
-		if(file_exists($addon_file)) include($addon_file);
+		if (file_exists($addon_file)) include($addon_file);
 	}
 
 	public static function xeErrorLog($errnumber, $errormassage, $errorfile, $errorline, $errorcontext)
 	{
-		if(($errnumber & 3) == 0 || error_reporting() == 0)
+		if (($errnumber & 3) == 0 || error_reporting() == 0)
 		{
 			return false;
 		}
 
 		set_error_handler(function() { }, ~0);
 
-		$debug_file = _XE_PATH_ . 'files/_debug_message.php';
-		if(!file_exists($debug_file))
+		$debug_file = _XE_PATH_.'files/_debug_message.php';
+		if (!file_exists($debug_file))
 		{
 			$print[] = '<?php exit() ?>';
 		}
 
 		$errorname = self::getErrorType($errnumber);
-		$print[] = '['.date('Y-m-d H:i:s').'] ' . $errorname . ' : ' . $errormassage;
+		$print[] = '['.date('Y-m-d H:i:s').'] '.$errorname.' : '.$errormassage;
 		$backtrace_args = defined('DEBUG_BACKTRACE_IGNORE_ARGS') ? \DEBUG_BACKTRACE_IGNORE_ARGS : 0;
 		$backtrace = debug_backtrace($backtrace_args);
-		if(count($backtrace) > 1 && $backtrace[1]['function'] === 'xeErrorLog' && !$backtrace[1]['class'])
+		if (count($backtrace) > 1 && $backtrace[1]['function'] === 'xeErrorLog' && !$backtrace[1]['class'])
 		{
 			array_shift($backtrace);
 		}
 
-		foreach($backtrace as $key => $value)
+		foreach ($backtrace as $key => $value)
 		{
-			$message = '    - ' . $value['file'] . ' : ' . $value['line'];
+			$message = '    - '.$value['file'].' : '.$value['line'];
 			$print[] = $message;
 		}
 		$print[] = PHP_EOL;
-		@file_put_contents($debug_file, implode(PHP_EOL, $print), FILE_APPEND|LOCK_EX);
+		@file_put_contents($debug_file, implode(PHP_EOL, $print), FILE_APPEND | LOCK_EX);
 		restore_error_handler();
 
 		return true;
@@ -164,21 +164,21 @@ 
 
 		set_error_handler(function() { }, ~0);
 
-		$debug_file = _XE_PATH_ . 'files/_debug_message.php';
-		if(!file_exists($debug_file))
+		$debug_file = _XE_PATH_.'files/_debug_message.php';
+		if (!file_exists($debug_file))
 		{
 			$print[] = '<?php exit() ?>';
 		}
 
 		$errorname = self::getErrorType($errinfo['type']);
 		$print[] = '['.date('Y-m-d H:i:s').']';
-		$print[] = $errorname . ' : ' . $errinfo['message'];
+		$print[] = $errorname.' : '.$errinfo['message'];
 
-		$message = '    - ' . $errinfo['file'] . ' : ' . $errinfo['line'];
+		$message = '    - '.$errinfo['file'].' : '.$errinfo['line'];
 		$print[] = $message;
 
 		$print[] = PHP_EOL;
-		@file_put_contents($debug_file, implode(PHP_EOL, $print), FILE_APPEND|LOCK_EX);
+		@file_put_contents($debug_file, implode(PHP_EOL, $print), FILE_APPEND | LOCK_EX);
 		set_error_handler(array($this, 'dummyHandler'), ~0);
 
 		return true;
@@ -222,9 +222,9 @@ 
 		$defaultUrlInfo = parse_url($dbInfo->default_url);
 		$defaultHost = $defaultUrlInfo['host'];
 
-		foreach($urls as $url)
+		foreach ($urls as $url)
 		{
-			if(empty($url))
+			if (empty($url))
 			{
 				continue;
 			}
@@ -232,29 +232,29 @@ 
 			$urlInfo = parse_url($url);
 			$host = $urlInfo['host'];
 
-			if($host && ($host != $defaultHost && $host != $site_module_info->domain))
+			if ($host && ($host != $defaultHost && $host != $site_module_info->domain))
 			{
 				throw new Exception('msg_default_url_is_null');
 			}
 		}
 
-		if(!$this->document_srl && $this->mid && $this->entry)
+		if (!$this->document_srl && $this->mid && $this->entry)
 		{
 			$oDocumentModel = getModel('document');
 			$this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry);
-			if($this->document_srl)
+			if ($this->document_srl)
 			{
 				Context::set('document_srl', $this->document_srl);
 			}
 		}
 
 		// Get module's information based on document_srl, if it's specified
-		if($this->document_srl)
+		if ($this->document_srl)
 		{
 
 			$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
 			// If the document does not exist, remove document_srl
-			if(!$module_info)
+			if (!$module_info)
 			{
 				unset($this->document_srl);
 			}
@@ -262,13 +262,13 @@ 
 			{
 				// If it exists, compare mid based on the module information
 				// if mids are not matching, set it as the document's mid
-				if(!$this->mid || ($this->mid != $module_info->mid))
+				if (!$this->mid || ($this->mid != $module_info->mid))
 				{
 
-					if(Context::getRequestMethod() == 'GET')
+					if (Context::getRequestMethod() == 'GET')
 					{
 						$this->mid = $module_info->mid;
-						header('location:' . getNotEncodedSiteUrl($site_module_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl));
+						header('location:'.getNotEncodedSiteUrl($site_module_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl));
 						return FALSE;
 					}
 					else
@@ -279,7 +279,7 @@ 
 
 				}
 				// if requested module is different from one of the document, remove the module information retrieved based on the document number
-				if($this->module && $module_info->module != $this->module)
+				if ($this->module && $module_info->module != $this->module)
 				{
 					unset($module_info);
 				}
@@ -288,36 +288,36 @@ 
 		}
 
 		// If module_info is not set yet, and there exists mid information, get module information based on the mid
-		if(!$module_info && $this->mid)
+		if (!$module_info && $this->mid)
 		{
 			$module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl);
 			//if($this->module && $module_info->module != $this->module) unset($module_info);
 		}
 
 		// redirect, if module_site_srl and site_srl are different
-		if(!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0)
+		if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0)
 		{
 			$site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl);
-			header("location:" . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid));
+			header("location:".getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid));
 			return FALSE;
 		}
 
 		// If module_info is not set still, and $module does not exist, find the default module
-		if(!$module_info && !$this->module && !$this->mid)
+		if (!$module_info && !$this->module && !$this->mid)
 		{
 			$module_info = $site_module_info;
 		}
 
-		if(!$module_info && !$this->module && $site_module_info->module_site_srl)
+		if (!$module_info && !$this->module && $site_module_info->module_site_srl)
 		{
 			$module_info = $site_module_info;
 		}
 
 		// redirect, if site_srl of module_info is different from one of site's module_info
-		if($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler())
+		if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !isCrawler())
 		{
 			// If the module is of virtual site
-			if($module_info->site_srl)
+			if ($module_info->site_srl)
 			{
 				$site_info = $oModuleModel->getSiteInfo($module_info->site_srl);
 				$redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
@@ -326,7 +326,7 @@ 
 			else
 			{
 				$db_info = Context::getDBInfo();
-				if(!$db_info->default_url)
+				if (!$db_info->default_url)
 				{
 					return Context::getLang('msg_default_url_is_not_defined');
 				}
@@ -335,12 +335,12 @@ 
 					$redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
 				}
 			}
-			header("location:" . $redirect_url);
+			header("location:".$redirect_url);
 			return FALSE;
 		}
 
 		// If module info was set, retrieve variables from the module information
-		if($module_info)
+		if ($module_info)
 		{
 			$this->module = $module_info->module;
 			$this->mid = $module_info->mid;
@@ -351,7 +351,7 @@ 
 			$targetSrl = (Mobile::isFromMobilePhone()) ? 'mlayout_srl' : 'layout_srl';
 
 			// use the site default layout.
-			if($module_info->{$targetSrl} == -1)
+			if ($module_info->{$targetSrl} == -1)
 			{
 				$oLayoutAdminModel = getAdminModel('layout');
 				$layoutSrl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $module_info->site_srl);
@@ -369,7 +369,7 @@ 
 		}
 
 		// Set module and mid into module_info
-		if(!isset($this->module_info))
+		if (!isset($this->module_info))
 		{
 			$this->module_info = new stdClass();
 		}
@@ -380,21 +380,21 @@ 
 		$this->module_info->site_srl = $site_module_info->site_srl;
 
 		// Still no module? it's an error
-		if(!$this->module)
+		if (!$this->module)
 		{
 			$this->error = 'msg_module_is_not_exists';
 			$this->httpStatusCode = '404';
 		}
 
 		// If mid exists, set mid into context
-		if($this->mid)
+		if ($this->mid)
 		{
 			Context::set('mid', $this->mid, TRUE);
 		}
 
 		// Call a trigger after moduleHandler init
 		$output = ModuleHandler::triggerCall('moduleHandler.init', 'after', $this->module_info);
-		if(!$output->toBool())
+		if (!$output->toBool())
 		{
 			$this->error = $output->getMessage();
 			return TRUE;
@@ -416,14 +416,14 @@ 
 		$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
 
 		// If error occurred while preparation, return a message instance
-		if($this->error)
+		if ($this->error)
 		{
 			$this->_setInputErrorToContext();
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 			$oMessageObject->setError(-1);
 			$oMessageObject->setMessage($this->error);
 			$oMessageObject->dispMessage();
-			if($this->httpStatusCode)
+			if ($this->httpStatusCode)
 			{
 				$oMessageObject->setHttpStatusCode($this->httpStatusCode);
 			}
@@ -434,22 +434,22 @@ 
 		$xml_info = $oModuleModel->getModuleActionXml($this->module);
 
 		// If not installed yet, modify act
-		if($this->module == "install")
+		if ($this->module == "install")
 		{
-			if(!$this->act || !$xml_info->action->{$this->act})
+			if (!$this->act || !$xml_info->action->{$this->act})
 			{
 				$this->act = $xml_info->default_index_act;
 			}
 		}
 
 		// if act exists, find type of the action, if not use default index act
-		if(!$this->act)
+		if (!$this->act)
 		{
 			$this->act = $xml_info->default_index_act;
 		}
 
 		// still no act means error
-		if(!$this->act)
+		if (!$this->act)
 		{
 			$this->error = 'msg_module_is_not_exists';
 			$this->httpStatusCode = '404';
@@ -459,7 +459,7 @@ 
 			$oMessageObject->setError(-1);
 			$oMessageObject->setMessage($this->error);
 			$oMessageObject->dispMessage();
-			if($this->httpStatusCode)
+			if ($this->httpStatusCode)
 			{
 				$oMessageObject->setHttpStatusCode($this->httpStatusCode);
 			}
@@ -477,17 +477,17 @@ 
 			Context::addMetaTag('robots', 'noindex');
 		}
 
-		if(!$kind && $this->module == 'admin')
+		if (!$kind && $this->module == 'admin')
 		{
 			$kind = 'admin';
 		}
 
 		// check REQUEST_METHOD in controller
-		if($type == 'controller')
+		if ($type == 'controller')
 		{
 			$allowedMethod = $xml_info->action->{$this->act}->method;
 
-			if(!$allowedMethod)
+			if (!$allowedMethod)
 			{
 				$allowedMethodList[0] = 'POST';
 			}
@@ -496,7 +496,7 @@ 
 				$allowedMethodList = explode('|', strtoupper($allowedMethod));
 			}
 
-			if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
+			if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
 			{
 				$this->error = "msg_invalid_request";
 				$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
@@ -507,7 +507,7 @@ 
 			}
 		}
 
-		if($this->module_info->use_mobile != "Y")
+		if ($this->module_info->use_mobile != "Y")
 		{
 			Mobile::setMobile(FALSE);
 		}
@@ -516,7 +516,7 @@ 
 
 		// check CSRF for non-GET actions
 		$use_check_csrf = isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false';
-		if($use_check_csrf && $_SERVER['REQUEST_METHOD'] !== 'GET' && Context::isInstalled() && !checkCSRF())
+		if ($use_check_csrf && $_SERVER['REQUEST_METHOD'] !== 'GET' && Context::isInstalled() && !checkCSRF())
 		{
 			$this->error = 'msg_invalid_request';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
@@ -527,7 +527,7 @@ 
 		}
 
 		// Admin ip
-		if($kind == 'admin' && $_SESSION['denied_admin'] == 'Y')
+		if ($kind == 'admin' && $_SESSION['denied_admin'] == 'Y')
 		{
 			$this->_setInputErrorToContext();
 			$this->error = "msg_not_permitted_act";
@@ -539,13 +539,13 @@ 
 		}
 
 		// if(type == view, and case for using mobilephone)
-		if($type == "view" && Mobile::isFromMobilePhone() && Context::isInstalled())
+		if ($type == "view" && Mobile::isFromMobilePhone() && Context::isInstalled())
 		{
 			$orig_type = "view";
 			$type = "mobile";
 			// create a module instance
 			$oModule = $this->getModuleInstance($this->module, $type, $kind);
-			if(!is_object($oModule) || !method_exists($oModule, $this->act))
+			if (!is_object($oModule) || !method_exists($oModule, $this->act))
 			{
 				$type = $orig_type;
 				Mobile::setMobile(FALSE);
@@ -558,14 +558,14 @@ 
 			$oModule = $this->getModuleInstance($this->module, $type, $kind);
 		}
 
-		if(!is_object($oModule))
+		if (!is_object($oModule))
 		{
 			$this->_setInputErrorToContext();
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 			$oMessageObject->setError(-1);
 			$oMessageObject->setMessage($this->error);
 			$oMessageObject->dispMessage();
-			if($this->httpStatusCode)
+			if ($this->httpStatusCode)
 			{
 				$oMessageObject->setHttpStatusCode($this->httpStatusCode);
 			}
@@ -573,10 +573,10 @@ 
 		}
 
 		// If there is no such action in the module object
-		if(!isset($xml_info->action->{$this->act}) || !method_exists($oModule, $this->act))
+		if (!isset($xml_info->action->{$this->act}) || !method_exists($oModule, $this->act))
 		{
 
-			if(!Context::isInstalled())
+			if (!Context::isInstalled())
 			{
 				$this->_setInputErrorToContext();
 				$this->error = 'msg_invalid_request';
@@ -584,7 +584,7 @@ 
 				$oMessageObject->setError(-1);
 				$oMessageObject->setMessage($this->error);
 				$oMessageObject->dispMessage();
-				if($this->httpStatusCode)
+				if ($this->httpStatusCode)
 				{
 					$oMessageObject->setHttpStatusCode($this->httpStatusCode);
 				}
@@ -593,12 +593,12 @@ 
 
 			$forward = NULL;
 			// 1. Look for the module with action name
-			if(preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches))
+			if (preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches))
 			{
-				$module = strtolower($matches[2] . $matches[3]);
+				$module = strtolower($matches[2].$matches[3]);
 				$xml_info = $oModuleModel->getModuleActionXml($module);
 
-				if($xml_info->action->{$this->act} && ((stripos($this->act, 'admin') !== FALSE) || $xml_info->action->{$this->act}->standalone != 'false'))
+				if ($xml_info->action->{$this->act} && ((stripos($this->act, 'admin') !== FALSE) || $xml_info->action->{$this->act}->standalone != 'false'))
 				{
 					$forward = new stdClass();
 					$forward->module = $module;
@@ -619,12 +619,12 @@ 
 				}
 			}
 
-			if(!$forward)
+			if (!$forward)
 			{
 				$forward = $oModuleModel->getActionForward($this->act);
 			}
 
-			if($forward->module && $forward->type && $forward->act && $forward->act == $this->act)
+			if ($forward->module && $forward->type && $forward->act && $forward->act == $this->act)
 			{
 				$kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : '';
 				$type = $forward->type;
@@ -632,7 +632,7 @@ 
 				$tpl_path = $oModule->getTemplatePath();
 				$orig_module = $oModule;
 
-				if($forward->meta_noindex === 'true') {
+				if ($forward->meta_noindex === 'true') {
 					Context::addMetaTag('robots', 'noindex');
 				}
 
@@ -640,7 +640,7 @@ 
 
 				// check CSRF for non-GET actions
 				$use_check_csrf = isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false';
-				if($use_check_csrf && $_SERVER['REQUEST_METHOD'] !== 'GET' && Context::isInstalled() && !checkCSRF())
+				if ($use_check_csrf && $_SERVER['REQUEST_METHOD'] !== 'GET' && Context::isInstalled() && !checkCSRF())
 				{
 					$this->error = 'msg_invalid_request';
 					$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
@@ -652,11 +652,11 @@ 
 
 				// SECISSUE also check foward act method
 				// check REQUEST_METHOD in controller
-				if($type == 'controller')
+				if ($type == 'controller')
 				{
 					$allowedMethod = $xml_info->action->{$forward->act}->method;
 
-					if(!$allowedMethod)
+					if (!$allowedMethod)
 					{
 						$allowedMethodList[0] = 'POST';
 					}
@@ -665,7 +665,7 @@ 
 						$allowedMethodList = explode('|', strtoupper($allowedMethod));
 					}
 
-					if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
+					if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
 					{
 						$this->error = "msg_invalid_request";
 						$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
@@ -676,13 +676,13 @@ 
 					}
 				}
 
-				if($type == "view" && Mobile::isFromMobilePhone())
+				if ($type == "view" && Mobile::isFromMobilePhone())
 				{
 					$orig_type = "view";
 					$type = "mobile";
 					// create a module instance
 					$oModule = $this->getModuleInstance($forward->module, $type, $kind);
-					if(!is_object($oModule) || !method_exists($oModule, $this->act))
+					if (!is_object($oModule) || !method_exists($oModule, $this->act))
 					{
 						$type = $orig_type;
 						Mobile::setMobile(FALSE);
@@ -694,25 +694,25 @@ 
 					$oModule = $this->getModuleInstance($forward->module, $type, $kind);
 				}
 
-				if(!is_object($oModule))
+				if (!is_object($oModule))
 				{
 					$this->_setInputErrorToContext();
 					$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 					$oMessageObject->setError(-1);
 					$oMessageObject->setMessage('msg_module_is_not_exists');
 					$oMessageObject->dispMessage();
-					if($this->httpStatusCode)
+					if ($this->httpStatusCode)
 					{
 						$oMessageObject->setHttpStatusCode($this->httpStatusCode);
 					}
 					return $oMessageObject;
 				}
 
-				if($this->module == "admin" && $type == "view")
+				if ($this->module == "admin" && $type == "view")
 				{
-					if($logged_info->is_admin == 'Y')
+					if ($logged_info->is_admin == 'Y')
 					{
-						if($this->act != 'dispLayoutAdminLayoutModify')
+						if ($this->act != 'dispLayoutAdminLayoutModify')
 						{
 							$oAdminView = getAdminView('admin');
 							$oAdminView->makeGnbUrl($forward->module);
@@ -732,10 +732,10 @@ 
 						return $oMessageObject;
 					}
 				}
-				if($kind == 'admin')
+				if ($kind == 'admin')
 				{
 					$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
-					if(!$grant->manager)
+					if (!$grant->manager)
 					{
 						$this->_setInputErrorToContext();
 						$this->error = 'msg_is_not_manager';
@@ -747,7 +747,7 @@ 
 					}
 					else
 					{
-						if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
+						if (!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
 						{
 							$this->_setInputErrorToContext();
 							$this->error = 'msg_is_not_administrator';
@@ -760,7 +760,7 @@ 
 					}
 				}
 			}
-			else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
+			else if ($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
 			{
 				$this->act = $xml_info->default_index_act;
 			}
@@ -774,16 +774,16 @@ 
 		}
 
 		// ruleset check...
-		if(!empty($ruleset))
+		if (!empty($ruleset))
 		{
 			$rulesetModule = $forward->module ? $forward->module : $this->module;
 			$rulesetFile = $oModuleModel->getValidatorFilePath($rulesetModule, $ruleset, $this->mid);
-			if(!empty($rulesetFile))
+			if (!empty($rulesetFile))
 			{
-				if($_SESSION['XE_VALIDATOR_ERROR_LANG'])
+				if ($_SESSION['XE_VALIDATOR_ERROR_LANG'])
 				{
 					$errorLang = $_SESSION['XE_VALIDATOR_ERROR_LANG'];
-					foreach($errorLang as $key => $val)
+					foreach ($errorLang as $key => $val)
 					{
 						Context::setLang($key, $val);
 					}
@@ -792,7 +792,7 @@ 
 
 				$Validator = new Validator($rulesetFile);
 				$result = $Validator->validate();
-				if(!$result)
+				if (!$result)
 				{
 					$lastError = $Validator->getLastError();
 					$returnUrl = Context::get('error_return_url');
@@ -824,26 +824,26 @@ 
 				'dispLayoutPreviewWithModule' => 1
 		);
 		$db_use_mobile = Mobile::isMobileEnabled();
-		if($type == "view" && $this->module_info->use_mobile == "Y" && Mobile::isMobileCheckByAgent() && !isset($skipAct[Context::get('act')]) && $db_use_mobile === true)
+		if ($type == "view" && $this->module_info->use_mobile == "Y" && Mobile::isMobileCheckByAgent() && !isset($skipAct[Context::get('act')]) && $db_use_mobile === true)
 		{
 			global $lang;
 			$header = '<style>div.xe_mobile{opacity:0.7;margin:1em 0;padding:.5em;background:#333;border:1px solid #666;border-left:0;border-right:0}p.xe_mobile{text-align:center;margin:1em 0}a.xe_mobile{color:#ff0;font-weight:bold;font-size:24px}@media only screen and (min-width:500px){a.xe_mobile{font-size:15px}}</style>';
-			$footer = '<div class="xe_mobile"><p class="xe_mobile"><a class="xe_mobile" href="' . getUrl('m', '1') . '">' . $lang->msg_pc_to_mobile . '</a></p></div>';
+			$footer = '<div class="xe_mobile"><p class="xe_mobile"><a class="xe_mobile" href="'.getUrl('m', '1').'">'.$lang->msg_pc_to_mobile.'</a></p></div>';
 			Context::addHtmlHeader($header);
 			Context::addHtmlFooter($footer);
 		}
 
-		if(($type == 'view' || $type == 'mobile') && $kind != 'admin')
+		if (($type == 'view' || $type == 'mobile') && $kind != 'admin')
 		{
 			$module_config = $oModuleModel->getModuleConfig('module');
-			if($module_config->htmlFooter)
+			if ($module_config->htmlFooter)
 			{
 				Context::addHtmlFooter($module_config->htmlFooter);
 			}
-			if($module_config->siteTitle)
+			if ($module_config->siteTitle)
 			{
 				$siteTitle = Context::getBrowserTitle();
-				if(!$siteTitle)
+				if (!$siteTitle)
 				{
 					Context::setBrowserTitle($module_config->siteTitle);
 				}
@@ -860,18 +860,18 @@ 
 		$procResult = $oModule->proc();
 
 		$methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1);
-		if(!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]))
+		if (!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]))
 		{
 			$error = $oModule->getError();
 			$message = $oModule->getMessage();
 			$messageType = $oModule->getMessageType();
 			$redirectUrl = $oModule->getRedirectUrl();
-			if($messageType == 'error') debugPrint($message, 'ERROR');
+			if ($messageType == 'error') debugPrint($message, 'ERROR');
 
-			if(!$procResult)
+			if (!$procResult)
 			{
 				$this->error = $message;
-				if(!$redirectUrl && Context::get('error_return_url'))
+				if (!$redirectUrl && Context::get('error_return_url'))
 				{
 					$redirectUrl = Context::get('error_return_url');
 				}
@@ -884,13 +884,13 @@ 
 
 			$_SESSION['XE_VALIDATOR_ERROR'] = $error;
 			$_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id');
-			if($message != 'success')
+			if ($message != 'success')
 			{
 				$_SESSION['XE_VALIDATOR_MESSAGE'] = $message;
 			}
 			$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = $messageType;
 
-			if(Context::get('xeVirtualRequestMethod') != 'xml')
+			if (Context::get('xeVirtualRequestMethod') != 'xml')
 			{
 				$_SESSION['XE_VALIDATOR_RETURN_URL'] = $redirectUrl;
 			}
@@ -906,27 +906,27 @@ 
 	 * */
 	function _setInputErrorToContext()
 	{
-		if($_SESSION['XE_VALIDATOR_ERROR'] && !Context::get('XE_VALIDATOR_ERROR'))
+		if ($_SESSION['XE_VALIDATOR_ERROR'] && !Context::get('XE_VALIDATOR_ERROR'))
 		{
 			Context::set('XE_VALIDATOR_ERROR', $_SESSION['XE_VALIDATOR_ERROR']);
 		}
-		if($_SESSION['XE_VALIDATOR_MESSAGE'] && !Context::get('XE_VALIDATOR_MESSAGE'))
+		if ($_SESSION['XE_VALIDATOR_MESSAGE'] && !Context::get('XE_VALIDATOR_MESSAGE'))
 		{
 			Context::set('XE_VALIDATOR_MESSAGE', $_SESSION['XE_VALIDATOR_MESSAGE']);
 		}
-		if($_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] && !Context::get('XE_VALIDATOR_MESSAGE_TYPE'))
+		if ($_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] && !Context::get('XE_VALIDATOR_MESSAGE_TYPE'))
 		{
 			Context::set('XE_VALIDATOR_MESSAGE_TYPE', $_SESSION['XE_VALIDATOR_MESSAGE_TYPE']);
 		}
-		if($_SESSION['XE_VALIDATOR_RETURN_URL'] && !Context::get('XE_VALIDATOR_RETURN_URL'))
+		if ($_SESSION['XE_VALIDATOR_RETURN_URL'] && !Context::get('XE_VALIDATOR_RETURN_URL'))
 		{
 			Context::set('XE_VALIDATOR_RETURN_URL', $_SESSION['XE_VALIDATOR_RETURN_URL']);
 		}
-		if($_SESSION['XE_VALIDATOR_ID'] && !Context::get('XE_VALIDATOR_ID'))
+		if ($_SESSION['XE_VALIDATOR_ID'] && !Context::get('XE_VALIDATOR_ID'))
 		{
 			Context::set('XE_VALIDATOR_ID', $_SESSION['XE_VALIDATOR_ID']);
 		}
-		if(count($_SESSION['INPUT_ERROR']))
+		if (count($_SESSION['INPUT_ERROR']))
 		{
 			Context::set('INPUT_ERROR', $_SESSION['INPUT_ERROR']);
 		}
@@ -956,7 +956,7 @@ 
 	{
 		$requestVars = Context::getRequestVars();
 		unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url);
-		foreach($requestVars AS $key => $value)
+		foreach ($requestVars AS $key => $value)
 		{
 			$_SESSION['INPUT_ERROR'][$key] = $value;
 		}
@@ -970,41 +970,41 @@ 
 	function displayContent($oModule = NULL)
 	{
 		// If the module is not set or not an object, set error
-		if(!$oModule || !is_object($oModule))
+		if (!$oModule || !is_object($oModule))
 		{
 			$this->error = 'msg_module_is_not_exists';
 			$this->httpStatusCode = '404';
 		}
 
 		// If connection to DB has a problem even though it's not install module, set error
-		if($this->module != 'install' && isset($GLOBALS['__DB__']) && $GLOBALS['__DB__'][Context::getDBType()]->isConnected() == FALSE)
+		if ($this->module != 'install' && isset($GLOBALS['__DB__']) && $GLOBALS['__DB__'][Context::getDBType()]->isConnected() == FALSE)
 		{
 			$this->error = 'msg_dbconnect_failed';
 		}
 
 		// Call trigger after moduleHandler proc
 		$output = ModuleHandler::triggerCall('moduleHandler.proc', 'after', $oModule);
-		if(!$output->toBool())
+		if (!$output->toBool())
 		{
 			$this->error = $output->getMessage();
 		}
 
 		// Use message view object, if HTML call
 		$methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1);
-		if(!isset($methodList[Context::getRequestMethod()]))
+		if (!isset($methodList[Context::getRequestMethod()]))
 		{
 
-			if($_SESSION['XE_VALIDATOR_RETURN_URL'])
+			if ($_SESSION['XE_VALIDATOR_RETURN_URL'])
 			{
 				$display_handler = new DisplayHandler();
 				$display_handler->_debugOutput();
 
-				header('location:' . $_SESSION['XE_VALIDATOR_RETURN_URL']);
+				header('location:'.$_SESSION['XE_VALIDATOR_RETURN_URL']);
 				return;
 			}
 
 			// If error occurred, handle it
-			if($this->error)
+			if ($this->error)
 			{
 				// display content with message module instance
 				$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
@@ -1013,14 +1013,14 @@ 
 				$oMessageObject->setMessage($this->error);
 				$oMessageObject->dispMessage();
 
-				if($oMessageObject->getHttpStatusCode() && $oMessageObject->getHttpStatusCode() != '200')
+				if ($oMessageObject->getHttpStatusCode() && $oMessageObject->getHttpStatusCode() != '200')
 				{
 					$this->_setHttpStatusMessage($oMessageObject->getHttpStatusCode());
 					$oMessageObject->setTemplateFile('http_status_code');
 				}
 
 				// If module was called normally, change the templates of the module into ones of the message view module
-				if($oModule)
+				if ($oModule)
 				{
 					$oModule->setTemplatePath($oMessageObject->getTemplatePath());
 					$oModule->setTemplateFile($oMessageObject->getTemplateFile());
@@ -1035,7 +1035,7 @@ 
 			}
 
 			// Check if layout_srl exists for the module
-			if(Mobile::isFromMobilePhone())
+			if (Mobile::isFromMobilePhone())
 			{
 				$layout_srl = $oModule->module_info->mlayout_srl;
 			}
@@ -1045,58 +1045,58 @@ 
 			}
 
 			// if layout_srl is rollback by module, set default layout
-			if($layout_srl == -1)
+			if ($layout_srl == -1)
 			{
 				$viewType = (Mobile::isFromMobilePhone()) ? 'M' : 'P';
 				$oLayoutAdminModel = getAdminModel('layout');
 				$layout_srl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $oModule->module_info->site_srl);
 			}
 
-			if($layout_srl && !$oModule->getLayoutFile())
+			if ($layout_srl && !$oModule->getLayoutFile())
 			{
 
 				// If layout_srl exists, get information of the layout, and set the location of layout_path/ layout_file
 				$oLayoutModel = getModel('layout');
 				$layout_info = $oLayoutModel->getLayout($layout_srl);
-				if($layout_info)
+				if ($layout_info)
 				{
 
 					// Input extra_vars into $layout_info
-					if($layout_info->extra_var_count)
+					if ($layout_info->extra_var_count)
 					{
 
-						foreach($layout_info->extra_var as $var_id => $val)
+						foreach ($layout_info->extra_var as $var_id => $val)
 						{
-							if($val->type == 'image')
+							if ($val->type == 'image')
 							{
-								if(strncmp('./files/attach/images/', $val->value, 22) === 0)
+								if (strncmp('./files/attach/images/', $val->value, 22) === 0)
 								{
-									$val->value = Context::getRequestUri() . substr($val->value, 2);
+									$val->value = Context::getRequestUri().substr($val->value, 2);
 								}
 							}
 							$layout_info->{$var_id} = $val->value;
 						}
 					}
 					// Set menus into context
-					if($layout_info->menu_count)
+					if ($layout_info->menu_count)
 					{
-						foreach($layout_info->menu as $menu_id => $menu)
+						foreach ($layout_info->menu as $menu_id => $menu)
 						{
 							// set default menu set(included home menu)
-							if(!$menu->menu_srl || $menu->menu_srl == -1)
+							if (!$menu->menu_srl || $menu->menu_srl == -1)
 							{
 								$oMenuAdminController = getAdminController('menu');
 								$homeMenuCacheFile = $oMenuAdminController->getHomeMenuCacheFile();
 
-								if(FileHandler::exists($homeMenuCacheFile))
+								if (FileHandler::exists($homeMenuCacheFile))
 								{
 									include($homeMenuCacheFile);
 								}
 
-								if(!$menu->menu_srl)
+								if (!$menu->menu_srl)
 								{
-									$menu->xml_file = str_replace('.xml.php', $homeMenuSrl . '.xml.php', $menu->xml_file);
-									$menu->php_file = str_replace('.php', $homeMenuSrl . '.php', $menu->php_file);
+									$menu->xml_file = str_replace('.xml.php', $homeMenuSrl.'.xml.php', $menu->xml_file);
+									$menu->php_file = str_replace('.php', $homeMenuSrl.'.php', $menu->php_file);
 									$layout_info->menu->{$menu_id}->menu_srl = $homeMenuSrl;
 								}
 								else
@@ -1107,7 +1107,7 @@ 
 							}
 
 							$php_file = FileHandler::exists($menu->php_file);
-							if($php_file)
+							if ($php_file)
 							{
 								include($php_file);
 							}
@@ -1123,17 +1123,17 @@ 
 
 					// If layout was modified, use the modified version
 					$edited_layout = $oLayoutModel->getUserLayoutHtml($layout_info->layout_srl);
-					if(file_exists($edited_layout))
+					if (file_exists($edited_layout))
 					{
 						$oModule->setEditedLayoutFile($edited_layout);
 					}
 				}
 			}
 			$isLayoutDrop = Context::get('isLayoutDrop');
-			if($isLayoutDrop)
+			if ($isLayoutDrop)
 			{
 				$kind = stripos($this->act, 'admin') !== FALSE ? 'admin' : '';
-				if($kind == 'admin')
+				if ($kind == 'admin')
 				{
 					$oModule->setLayoutFile('popup_layout');
 				}
@@ -1171,7 +1171,7 @@ 
 	function &getModuleInstance($module, $type = 'view', $kind = '')
 	{
 
-		if(__DEBUG__ == 3)
+		if (__DEBUG__ == 3)
 		{
 			$start_time = getMicroTime();
 		}
@@ -1181,51 +1181,51 @@ 
 		$type = strtolower($type);
 
 		$kinds = array('svc' => 1, 'admin' => 1);
-		if(!isset($kinds[$kind]))
+		if (!isset($kinds[$kind]))
 		{
 			$kind = 'svc';
 		}
 
-		$key = $module . '.' . ($kind != 'admin' ? '' : 'admin') . '.' . $type;
+		$key = $module.'.'.($kind != 'admin' ? '' : 'admin').'.'.$type;
 
-		if(is_array($GLOBALS['__MODULE_EXTEND__']) && array_key_exists($key, $GLOBALS['__MODULE_EXTEND__']))
+		if (is_array($GLOBALS['__MODULE_EXTEND__']) && array_key_exists($key, $GLOBALS['__MODULE_EXTEND__']))
 		{
 			$module = $extend_module = $GLOBALS['__MODULE_EXTEND__'][$key];
 		}
 
 		// if there is no instance of the module in global variable, create a new one
-		if(!isset($GLOBALS['_loaded_module'][$module][$type][$kind]))
+		if (!isset($GLOBALS['_loaded_module'][$module][$type][$kind]))
 		{
 			ModuleHandler::_getModuleFilePath($module, $type, $kind, $class_path, $high_class_file, $class_file, $instance_name);
 
-			if($extend_module && (!is_readable($high_class_file) || !is_readable($class_file)))
+			if ($extend_module && (!is_readable($high_class_file) || !is_readable($class_file)))
 			{
 				$module = $parent_module;
 				ModuleHandler::_getModuleFilePath($module, $type, $kind, $class_path, $high_class_file, $class_file, $instance_name);
 			}
 
 			// Check if the base class and instance class exist
-			if(!class_exists($module, true))
+			if (!class_exists($module, true))
 			{
 				return NULL;
 			}
-			if(!class_exists($instance_name, true))
+			if (!class_exists($instance_name, true))
 			{
 				return NULL;
 			}
 
 			// Create an instance
 			$oModule = new $instance_name();
-			if(!is_object($oModule))
+			if (!is_object($oModule))
 			{
 				return NULL;
 			}
 
 			// Load language files for the class
-			Context::loadLang($class_path . 'lang');
-			if($extend_module)
+			Context::loadLang($class_path.'lang');
+			if ($extend_module)
 			{
-				Context::loadLang(ModuleHandler::getModulePath($parent_module) . 'lang');
+				Context::loadLang(ModuleHandler::getModulePath($parent_module).'lang');
 			}
 
 			// Set variables to the instance
@@ -1233,10 +1233,10 @@ 
 			$oModule->setModulePath($class_path);
 
 			// If the module has a constructor, run it.
-			if(!isset($GLOBALS['_called_constructor'][$instance_name]))
+			if (!isset($GLOBALS['_called_constructor'][$instance_name]))
 			{
 				$GLOBALS['_called_constructor'][$instance_name] = TRUE;
-				if(@method_exists($oModule, $instance_name))
+				if (@method_exists($oModule, $instance_name))
 				{
 					$oModule->{$instance_name}();
 				}
@@ -1246,7 +1246,7 @@ 
 			$GLOBALS['_loaded_module'][$module][$type][$kind] = $oModule;
 		}
 
-		if(__DEBUG__ == 3)
+		if (__DEBUG__ == 3)
 		{
 			$GLOBALS['__elapsed_class_load__'] += getMicroTime() - $start_time;
 		}
@@ -1262,17 +1262,17 @@ 
 		$highClassFile = sprintf('%s%s%s.class.php', _XE_PATH_, $classPath, $module);
 		$highClassFile = FileHandler::getRealPath($highClassFile);
 
-		$types = array('view','controller','model','api','wap','mobile','class');
-		if(!in_array($type, $types))
+		$types = array('view', 'controller', 'model', 'api', 'wap', 'mobile', 'class');
+		if (!in_array($type, $types))
 		{
 			$type = $types[0];
 		}
-		if($type == 'class')
+		if ($type == 'class')
 		{
 			$instanceName = '%s';
 			$classFile = '%s%s.%s.php';
 		}
-		elseif($kind == 'admin' && array_search($type, $types) < 3)
+		elseif ($kind == 'admin' && array_search($type, $types) < 3)
 		{
 			$instanceName = '%sAdmin%s';
 			$classFile = '%s%s.admin.%s.php';
@@ -1297,26 +1297,26 @@ 
 	function triggerCall($trigger_name, $called_position, &$obj)
 	{
 		// skip if not installed
-		if(!Context::isInstalled())
+		if (!Context::isInstalled())
 		{
 			return new BaseObject();
 		}
 
 		$oModuleModel = getModel('module');
 		$triggers = $oModuleModel->getTriggers($trigger_name, $called_position);
-		if(!$triggers || count($triggers) < 1)
+		if (!$triggers || count($triggers) < 1)
 		{
 			return new BaseObject();
 		}
 
 		//store before trigger call time
 		$before_trigger_time = NULL;
-		if(__LOG_SLOW_TRIGGER__> 0)
+		if (__LOG_SLOW_TRIGGER__ > 0)
 		{
 			$before_trigger_time = microtime(true);
 		}
 
-		foreach($triggers as $item)
+		foreach ($triggers as $item)
 		{
 			$module = $item->module;
 			$type = $item->type;
@@ -1324,7 +1324,7 @@ 
 
 			// todo why don't we call a normal class object ?
 			$oModule = getModule($module, $type);
-			if(!$oModule || !method_exists($oModule, $called_method))
+			if (!$oModule || !method_exists($oModule, $called_method))
 			{
 				continue;
 			}
@@ -1337,12 +1337,12 @@ 
 			$elapsed_time_trigger = $after_each_trigger_time - $before_each_trigger_time;
 
 			$slowlog = new stdClass;
-			$slowlog->caller = $trigger_name . '.' . $called_position;
-			$slowlog->called = $module . '.' . $called_method;
+			$slowlog->caller = $trigger_name.'.'.$called_position;
+			$slowlog->called = $module.'.'.$called_method;
 			$slowlog->called_extension = $module;
-			if($trigger_name != 'XE.writeSlowlog') writeSlowlog('trigger', $elapsed_time_trigger, $slowlog);
+			if ($trigger_name != 'XE.writeSlowlog') writeSlowlog('trigger', $elapsed_time_trigger, $slowlog);
 
-			if(is_object($output) && method_exists($output, 'toBool') && !$output->toBool())
+			if (is_object($output) && method_exists($output, 'toBool') && !$output->toBool())
 			{
 				return $output;
 			}
@@ -1427,9 +1427,9 @@ 
 			'511' => 'Network Authentication Required',
 		);
 		$statusMessage = $statusMessageList[$code];
-		if(!$statusMessage)
+		if (!$statusMessage)
 		{
-			$statusMessage = 'HTTP ' . $code;
+			$statusMessage = 'HTTP '.$code;
 		}
 
 		Context::set('http_status_code', $code);

Braces +30 added lines, -45 removed lines

@@ -115,7 +115,9 @@ 
 		$called_position = 'before_module_init';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? 'mobile' : 'pc');
-		if(file_exists($addon_file)) include($addon_file);
+		if(file_exists($addon_file)) {
+			include($addon_file);
+		}
 	}
 
 	public static function xeErrorLog($errnumber, $errormassage, $errorfile, $errorline, $errorcontext)
@@ -257,8 +259,7 @@ 
 			if(!$module_info)
 			{
 				unset($this->document_srl);
-			}
-			else
+			} else
 			{
 				// If it exists, compare mid based on the module information
 				// if mids are not matching, set it as the document's mid
@@ -270,8 +271,7 @@ 
 						$this->mid = $module_info->mid;
 						header('location:' . getNotEncodedSiteUrl($site_module_info->domain, 'mid', $this->mid, 'document_srl', $this->document_srl));
 						return FALSE;
-					}
-					else
+					} else
 					{
 						$this->mid = $module_info->mid;
 						Context::set('mid', $this->mid);
@@ -322,15 +322,13 @@ 
 				$site_info = $oModuleModel->getSiteInfo($module_info->site_srl);
 				$redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
 				// If it's called from a virtual site, though it's not a module of the virtual site
-			}
-			else
+			} else
 			{
 				$db_info = Context::getDBInfo();
 				if(!$db_info->default_url)
 				{
 					return Context::getLang('msg_default_url_is_not_defined');
-				}
-				else
+				} else
 				{
 					$redirect_url = getNotEncodedSiteUrl($db_info->default_url, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry'));
 				}
@@ -355,8 +353,7 @@ 
 			{
 				$oLayoutAdminModel = getAdminModel('layout');
 				$layoutSrl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $module_info->site_srl);
-			}
-			else
+			} else
 			{
 				$layoutSrl = $module_info->{$targetSrl};
 			}
@@ -490,8 +487,7 @@ 
 			if(!$allowedMethod)
 			{
 				$allowedMethodList[0] = 'POST';
-			}
-			else
+			} else
 			{
 				$allowedMethodList = explode('|', strtoupper($allowedMethod));
 			}
@@ -551,8 +547,7 @@ 
 				Mobile::setMobile(FALSE);
 				$oModule = $this->getModuleInstance($this->module, $type, $kind);
 			}
-		}
-		else
+		} else
 		{
 			// create a module instance
 			$oModule = $this->getModuleInstance($this->module, $type, $kind);
@@ -606,8 +601,7 @@ 
 					$forward->ruleset = $xml_info->action->{$this->act}->ruleset;
 					$forward->meta_noindex = $xml_info->action->{$this->act}->meta_noindex;
 					$forward->act = $this->act;
-				}
-				else
+				} else
 				{
 					$this->error = 'msg_invalid_request';
 					$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
@@ -659,8 +653,7 @@ 
 					if(!$allowedMethod)
 					{
 						$allowedMethodList[0] = 'POST';
-					}
-					else
+					} else
 					{
 						$allowedMethodList = explode('|', strtoupper($allowedMethod));
 					}
@@ -688,8 +681,7 @@ 
 						Mobile::setMobile(FALSE);
 						$oModule = $this->getModuleInstance($forward->module, $type, $kind);
 					}
-				}
-				else
+				} else
 				{
 					$oModule = $this->getModuleInstance($forward->module, $type, $kind);
 				}
@@ -719,8 +711,7 @@ 
 							$oModule->setLayoutPath("./modules/admin/tpl");
 							$oModule->setLayoutFile("layout.html");
 						}
-					}
-					else
+					} else
 					{
 						$this->_setInputErrorToContext();
 
@@ -744,8 +735,7 @@ 
 						$oMessageObject->setMessage($this->error);
 						$oMessageObject->dispMessage();
 						return $oMessageObject;
-					}
-					else
+					} else
 					{
 						if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
 						{
@@ -759,12 +749,10 @@ 
 						}
 					}
 				}
-			}
-			else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
+			} else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
 			{
 				$this->act = $xml_info->default_index_act;
-			}
-			else
+			} else
 			{
 				$this->error = 'msg_invalid_request';
 				$oModule->setError(-1);
@@ -866,7 +854,9 @@ 
 			$message = $oModule->getMessage();
 			$messageType = $oModule->getMessageType();
 			$redirectUrl = $oModule->getRedirectUrl();
-			if($messageType == 'error') debugPrint($message, 'ERROR');
+			if($messageType == 'error') {
+				debugPrint($message, 'ERROR');
+			}
 
 			if(!$procResult)
 			{
@@ -876,8 +866,7 @@ 
 					$redirectUrl = Context::get('error_return_url');
 				}
 				$this->_setInputValueToSession();
-			}
-			else
+			} else
 			{
 
 			}
@@ -1025,8 +1014,7 @@ 
 					$oModule->setTemplatePath($oMessageObject->getTemplatePath());
 					$oModule->setTemplateFile($oMessageObject->getTemplateFile());
 					// Otherwise, set message instance as the target module
-				}
-				else
+				} else
 				{
 					$oModule = $oMessageObject;
 				}
@@ -1038,8 +1026,7 @@ 
 			if(Mobile::isFromMobilePhone())
 			{
 				$layout_srl = $oModule->module_info->mlayout_srl;
-			}
-			else
+			} else
 			{
 				$layout_srl = $oModule->module_info->layout_srl;
 			}
@@ -1098,8 +1085,7 @@ 
 									$menu->xml_file = str_replace('.xml.php', $homeMenuSrl . '.xml.php', $menu->xml_file);
 									$menu->php_file = str_replace('.php', $homeMenuSrl . '.php', $menu->php_file);
 									$layout_info->menu->{$menu_id}->menu_srl = $homeMenuSrl;
-								}
-								else
+								} else
 								{
 									$menu->xml_file = str_replace($menu->menu_srl, $homeMenuSrl, $menu->xml_file);
 									$menu->php_file = str_replace($menu->menu_srl, $homeMenuSrl, $menu->php_file);
@@ -1136,8 +1122,7 @@ 
 				if($kind == 'admin')
 				{
 					$oModule->setLayoutFile('popup_layout');
-				}
-				else
+				} else
 				{
 					$oModule->setLayoutPath('common/tpl');
 					$oModule->setLayoutFile('default_layout');
@@ -1271,13 +1256,11 @@ 
 		{
 			$instanceName = '%s';
 			$classFile = '%s%s.%s.php';
-		}
-		elseif($kind == 'admin' && array_search($type, $types) < 3)
+		} elseif($kind == 'admin' && array_search($type, $types) < 3)
 		{
 			$instanceName = '%sAdmin%s';
 			$classFile = '%s%s.admin.%s.php';
-		}
-		else
+		} else
 		{
 			$instanceName = '%s%s';
 			$classFile = '%s%s.%s.php';
@@ -1340,7 +1323,9 @@ 
 			$slowlog->caller = $trigger_name . '.' . $called_position;
 			$slowlog->called = $module . '.' . $called_method;
 			$slowlog->called_extension = $module;
-			if($trigger_name != 'XE.writeSlowlog') writeSlowlog('trigger', $elapsed_time_trigger, $slowlog);
+			if($trigger_name != 'XE.writeSlowlog') {
+				writeSlowlog('trigger', $elapsed_time_trigger, $slowlog);
+			}
 
 			if(is_object($output) && method_exists($output, 'toBool') && !$output->toBool())
 			{

classes/module/ModuleObject.class.php

Doc Comments +4 added lines, -1 removed lines

@@ -141,7 +141,7 @@ 
 
 	/**
 	 * sett to set module information
-	 * @param object $module_info object containing module information
+	 * @param stdClass $module_info object containing module information
 	 * @param object $xml_info object containing module description
 	 * @return void
 	 * */
@@ -247,6 +247,7 @@ 
 	/**
 	 * set the file name of the template file
 	 * @param string name of file
+	 * @param string $filename
 	 * @return void
 	 * */
 	function setTemplateFile($filename)
@@ -270,6 +271,7 @@ 
 	/**
 	 * set the directory path of the template directory
 	 * @param string path of template directory.
+	 * @param string $path
 	 * @return void
 	 * */
 	function setTemplatePath($path)
@@ -325,6 +327,7 @@ 
 	/**
 	 * set the file name of the layout file
 	 * @param string name of file
+	 * @param string $filename
 	 * @return void
 	 * */
 	function setLayoutFile($filename)

Spacing +41 added lines, -41 removed lines

@@ -44,9 +44,9 @@ 
 	 * */
 	function setModulePath($path)
 	{
-		if(substr_compare($path, '/', -1) !== 0)
+		if (substr_compare($path, '/', -1) !== 0)
 		{
-			$path.='/';
+			$path .= '/';
 		}
 		$this->module_path = $path;
 	}
@@ -60,12 +60,12 @@ 
 	function setRedirectUrl($url = './', $output = NULL)
 	{
 		$ajaxRequestMethod = array_flip($this->ajaxRequestMethod);
-		if(!isset($ajaxRequestMethod[Context::getRequestMethod()]))
+		if (!isset($ajaxRequestMethod[Context::getRequestMethod()]))
 		{
 			$this->add('redirect_url', $url);
 		}
 
-		if($output !== NULL && is_object($output))
+		if ($output !== NULL && is_object($output))
 		{
 			return $output;
 		}
@@ -110,7 +110,7 @@ 
 	{
 		$type = $this->get('message_type');
 		$typeList = array('error' => 1, 'info' => 1, 'update' => 1);
-		if(!isset($typeList[$type]))
+		if (!isset($typeList[$type]))
 		{
 			$type = $this->getError() ? 'error' : 'info';
 		}
@@ -161,10 +161,10 @@ 
 		$oModuleModel = getModel('module');
 		// permission settings. access, manager(== is_admin) are fixed and privilege name in XE
 		$module_srl = Context::get('module_srl');
-		if(!$module_info->mid && !is_array($module_srl) && preg_match('/^([0-9]+)$/', $module_srl))
+		if (!$module_info->mid && !is_array($module_srl) && preg_match('/^([0-9]+)$/', $module_srl))
 		{
 			$request_module = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
-			if($request_module->module_srl == $module_srl)
+			if ($request_module->module_srl == $module_srl)
 			{
 				$grant = $oModuleModel->getGrant($request_module, $logged_info);
 			}
@@ -173,7 +173,7 @@ 
 		{
 			$grant = $oModuleModel->getGrant($module_info, $logged_info, $xml_info);
 			// have at least access grant
-			if(substr_count($this->act, 'Member') || substr_count($this->act, 'Communication'))
+			if (substr_count($this->act, 'Member') || substr_count($this->act, 'Communication'))
 			{
 				$grant->access = 1;
 			}
@@ -181,24 +181,24 @@ 
 		// display no permission if the current module doesn't have an access privilege
 		//if(!$grant->access) return $this->stop("msg_not_permitted");
 		// checks permission and action if you don't have an admin privilege
-		if(!$grant->manager)
+		if (!$grant->manager)
 		{
 			// get permission types(guest, member, manager, root) of the currently requested action
 			$permission_target = $xml_info->permission->{$this->act};
 			// check manager if a permission in module.xml otherwise action if no permission
-			if(!$permission_target && substr_count($this->act, 'Admin'))
+			if (!$permission_target && substr_count($this->act, 'Admin'))
 			{
 				$permission_target = 'manager';
 			}
 			// Check permissions
-			switch($permission_target)
+			switch ($permission_target)
 			{
 				case 'root' :
 				case 'manager' :
 					$this->stop('msg_is_not_administrator');
 					return;
 				case 'member' :
-					if(!$is_logged)
+					if (!$is_logged)
 					{
 						$this->stop('msg_not_permitted_act');
 						return;
@@ -213,7 +213,7 @@ 
 
 		$this->module_config = $oModuleModel->getModuleConfig($this->module, $module_info->site_srl);
 
-		if(method_exists($this, 'init'))
+		if (method_exists($this, 'init'))
 		{
 			$this->init();
 		}
@@ -251,7 +251,7 @@ 
 	 * */
 	function setTemplateFile($filename)
 	{
-		if(isset($filename) && substr_compare($filename, '.html', -5) !== 0)
+		if (isset($filename) && substr_compare($filename, '.html', -5) !== 0)
 		{
 			$filename .= '.html';
 		}
@@ -274,14 +274,14 @@ 
 	 * */
 	function setTemplatePath($path)
 	{
-		if(!$path) return;
+		if (!$path) return;
 
-		if((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
+		if ((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
 		{
-			$path = './' . $path;
+			$path = './'.$path;
 		}
 
-		if(substr_compare($path, '/', -1) !== 0)
+		if (substr_compare($path, '/', -1) !== 0)
 		{
 			$path .= '/';
 		}
@@ -304,9 +304,9 @@ 
 	 * */
 	function setEditedLayoutFile($filename)
 	{
-		if(!$filename) return;
+		if (!$filename) return;
 
-		if(substr_compare($filename, '.html', -5) !== 0)
+		if (substr_compare($filename, '.html', -5) !== 0)
 		{
 			$filename .= '.html';
 		}
@@ -329,9 +329,9 @@ 
 	 * */
 	function setLayoutFile($filename)
 	{
-		if(!$filename) return;
+		if (!$filename) return;
 
-		if(substr_compare($filename, '.html', -5) !== 0)
+		if (substr_compare($filename, '.html', -5) !== 0)
 		{
 			$filename .= '.html';
 		}
@@ -353,13 +353,13 @@ 
 	 * */
 	function setLayoutPath($path)
 	{
-		if(!$path) return;
+		if (!$path) return;
 
-		if((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
+		if ((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
 		{
-			$path = './' . $path;
+			$path = './'.$path;
 		}
-		if(substr_compare($path, '/', -1) !== 0)
+		if (substr_compare($path, '/', -1) !== 0)
 		{
 			$path .= '/';
 		}
@@ -382,7 +382,7 @@ 
 	function proc()
 	{
 		// pass if stop_proc is true
-		if($this->stop_proc)
+		if ($this->stop_proc)
 		{
 			debugPrint($this->message, 'ERROR');
 			return FALSE;
@@ -390,7 +390,7 @@ 
 
 		// trigger call
 		$triggerOutput = ModuleHandler::triggerCall('moduleObject.proc', 'before', $this);
-		if(!$triggerOutput->toBool())
+		if (!$triggerOutput->toBool())
 		{
 			$this->setError($triggerOutput->getError());
 			$this->setMessage($triggerOutput->getMessage());
@@ -401,12 +401,12 @@ 
 		$called_position = 'before_module_proc';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc");
-		if(FileHandler::exists($addon_file)) include($addon_file);
+		if (FileHandler::exists($addon_file)) include($addon_file);
 
-		if(isset($this->xml_info->action->{$this->act}) && method_exists($this, $this->act))
+		if (isset($this->xml_info->action->{$this->act}) && method_exists($this, $this->act))
 		{
 			// Check permissions
-			if($this->module_srl && !$this->grant->access)
+			if ($this->module_srl && !$this->grant->access)
 			{
 				$this->stop("msg_not_permitted_act");
 				return FALSE;
@@ -415,21 +415,21 @@ 
 			// integrate skin information of the module(change to sync skin info with the target module only by seperating its table)
 			$is_default_skin = ((!Mobile::isFromMobilePhone() && $this->module_info->is_skin_fix == 'N') || (Mobile::isFromMobilePhone() && $this->module_info->is_mskin_fix == 'N'));
 			$usedSkinModule = !($this->module == 'page' && ($this->module_info->page_type == 'OUTSIDE' || $this->module_info->page_type == 'WIDGET'));
-			if($usedSkinModule && $is_default_skin && $this->module != 'admin' && strpos($this->act, 'Admin') === false && $this->module == $this->module_info->module)
+			if ($usedSkinModule && $is_default_skin && $this->module != 'admin' && strpos($this->act, 'Admin') === false && $this->module == $this->module_info->module)
 			{
 				$dir = (Mobile::isFromMobilePhone()) ? 'm.skins' : 'skins';
 				$valueName = (Mobile::isFromMobilePhone()) ? 'mskin' : 'skin';
 				$oModuleModel = getModel('module');
 				$skinType = (Mobile::isFromMobilePhone()) ? 'M' : 'P';
 				$skinName = $oModuleModel->getModuleDefaultSkin($this->module, $skinType);
-				if($this->module == 'page')
+				if ($this->module == 'page')
 				{
 					$this->module_info->{$valueName} = $skinName;
 				}
 				else
 				{
 					$isTemplatPath = (strpos($this->getTemplatePath(), '/tpl/') !== FALSE);
-					if(!$isTemplatPath)
+					if (!$isTemplatPath)
 					{
 						$this->setTemplatePath(sprintf('%s%s/%s/', $this->module_path, $dir, $skinName));
 					}
@@ -449,7 +449,7 @@ 
 
 		// trigger call
 		$triggerOutput = ModuleHandler::triggerCall('moduleObject.proc', 'after', $this);
-		if(!$triggerOutput->toBool())
+		if (!$triggerOutput->toBool())
 		{
 			$this->setError($triggerOutput->getError());
 			$this->setMessage($triggerOutput->getMessage());
@@ -460,25 +460,25 @@ 
 		$called_position = 'after_module_proc';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc");
-		if(FileHandler::exists($addon_file)) include($addon_file);
+		if (FileHandler::exists($addon_file)) include($addon_file);
 
-		if(is_a($output, 'BaseObject') || is_subclass_of($output, 'BaseObject'))
+		if (is_a($output, 'BaseObject') || is_subclass_of($output, 'BaseObject'))
 		{
 			$this->setError($output->getError());
 			$this->setMessage($output->getMessage());
 
-			if(!$output->toBool())
+			if (!$output->toBool())
 			{
 				return FALSE;
 			}
 		}
 		// execute api methods of the module if view action is and result is XMLRPC or JSON
-		if($this->module_info->module_type == 'view' || $this->module_info->module_type == 'mobile')
+		if ($this->module_info->module_type == 'view' || $this->module_info->module_type == 'mobile')
 		{
-			if(Context::getResponseMethod() == 'XMLRPC' || Context::getResponseMethod() == 'JSON')
+			if (Context::getResponseMethod() == 'XMLRPC' || Context::getResponseMethod() == 'JSON')
 			{
 				$oAPI = getAPI($this->module_info->module, 'api');
-				if(method_exists($oAPI, $this->act))
+				if (method_exists($oAPI, $this->act))
 				{
 					$oAPI->{$this->act}($this);
 				}

Braces +21 added lines, -12 removed lines

@@ -168,8 +168,7 @@ 
 			{
 				$grant = $oModuleModel->getGrant($request_module, $logged_info);
 			}
-		}
-		else
+		} else
 		{
 			$grant = $oModuleModel->getGrant($module_info, $logged_info, $xml_info);
 			// have at least access grant
@@ -274,7 +273,9 @@ 
 	 * */
 	function setTemplatePath($path)
 	{
-		if(!$path) return;
+		if(!$path) {
+			return;
+		}
 
 		if((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
 		{
@@ -304,7 +305,9 @@ 
 	 * */
 	function setEditedLayoutFile($filename)
 	{
-		if(!$filename) return;
+		if(!$filename) {
+			return;
+		}
 
 		if(substr_compare($filename, '.html', -5) !== 0)
 		{
@@ -329,7 +332,9 @@ 
 	 * */
 	function setLayoutFile($filename)
 	{
-		if(!$filename) return;
+		if(!$filename) {
+			return;
+		}
 
 		if(substr_compare($filename, '.html', -5) !== 0)
 		{
@@ -353,7 +358,9 @@ 
 	 * */
 	function setLayoutPath($path)
 	{
-		if(!$path) return;
+		if(!$path) {
+			return;
+		}
 
 		if((strlen($path) >= 1 && substr_compare($path, '/', 0, 1) !== 0) && (strlen($path) >= 2 && substr_compare($path, './', 0, 2) !== 0))
 		{
@@ -401,7 +408,9 @@ 
 		$called_position = 'before_module_proc';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc");
-		if(FileHandler::exists($addon_file)) include($addon_file);
+		if(FileHandler::exists($addon_file)) {
+			include($addon_file);
+		}
 
 		if(isset($this->xml_info->action->{$this->act}) && method_exists($this, $this->act))
 		{
@@ -425,8 +434,7 @@ 
 				if($this->module == 'page')
 				{
 					$this->module_info->{$valueName} = $skinName;
-				}
-				else
+				} else
 				{
 					$isTemplatPath = (strpos($this->getTemplatePath(), '/tpl/') !== FALSE);
 					if(!$isTemplatPath)
@@ -441,8 +449,7 @@ 
 			Context::set('module_info', $this->module_info);
 			// Run
 			$output = $this->{$this->act}();
-		}
-		else
+		} else
 		{
 			return FALSE;
 		}
@@ -460,7 +467,9 @@ 
 		$called_position = 'after_module_proc';
 		$oAddonController = getController('addon');
 		$addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc");
-		if(FileHandler::exists($addon_file)) include($addon_file);
+		if(FileHandler::exists($addon_file)) {
+			include($addon_file);
+		}
 
 		if(is_a($output, 'BaseObject') || is_subclass_of($output, 'BaseObject'))
 		{

classes/security/EmbedFilter.class.php

Doc Comments +5 added lines, -4 removed lines

@@ -295,6 +295,7 @@ 
 
 	/**
 	 * Check the content.
+	 * @param string $content
 	 * @return void
 	 */
 	function check(&$content)
@@ -487,7 +488,7 @@ 
 
 	/**
 	 * Check white domain in object data attribute or embed src attribute.
-	 * @return string
+	 * @return boolean
 	 */
 	function isWhiteDomain($urlAttribute)
 	{
@@ -506,7 +507,7 @@ 
 
 	/**
 	 * Check white domain in iframe src attribute.
-	 * @return string
+	 * @return boolean
 	 */
 	function isWhiteIframeDomain($urlAttribute)
 	{
@@ -525,7 +526,7 @@ 
 
 	/**
 	 * Check white mime type in object type attribute or embed type attribute.
-	 * @return string
+	 * @return boolean
 	 */
 	function isWhiteMimetype($mimeType)
 	{
@@ -590,7 +591,7 @@ 
 
 	/**
 	 * Make white domain list cache file from xml config file.
-	 * @param $whitelist array
+	 * @param stdClass $whitelist array
 	 * @return void
 	 */
 	function _makeWhiteDomainList($whitelist = NULL)

Braces +11 added lines, -12 removed lines

@@ -563,14 +563,12 @@ 
 				}
 				$this->allowscriptaccessList[count($this->allowscriptaccessList) - 1]--;
 			}
-		}
-		else if($m[1] == 'embed')
+		} else if($m[1] == 'embed')
 		{
 			if(stripos($m[0], 'allowscriptaccess'))
 			{
 				$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
-			}
-			else
+			} else
 			{
 				$m[0] = preg_replace('/\<embed/i', '<embed allowscriptaccess="never"', $m[0]);
 			}
@@ -627,8 +625,7 @@ 
 			{
 				$whiteUrlList = $whitelist->object;
 				$whiteIframeUrlList = $whitelist->iframe;
-			}
-			else
+			} else
 			{
 				$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
 
@@ -636,8 +633,12 @@ 
 				$domainListObj = $xmlParser->parse($xmlBuff);
 				$embedDomainList = $domainListObj->whiteurl->embed->domain;
 				$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
-				if(!is_array($embedDomainList)) $embedDomainList = array();
-				if(!is_array($iframeDomainList)) $iframeDomainList = array();
+				if(!is_array($embedDomainList)) {
+					$embedDomainList = array();
+				}
+				if(!is_array($iframeDomainList)) {
+					$iframeDomainList = array();
+				}
 
 				foreach($embedDomainList AS $key => $value)
 				{
@@ -648,8 +649,7 @@ 
 						{
 							$whiteUrlList[] = $value->body;
 						}
-					}
-					else
+					} else
 					{
 						$whiteUrlList[] = $patternList->body;
 					}
@@ -664,8 +664,7 @@ 
 						{
 							$whiteIframeUrlList[] = $value->body;
 						}
-					}
-					else
+					} else
 					{
 						$whiteIframeUrlList[] = $patternList->body;
 					}

Spacing +65 added lines, -65 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 /* Copyright (C) NAVER <http://www.navercorp.com> */
 
-include _XE_PATH_ . 'classes/security/phphtmlparser/src/htmlparser.inc';
+include _XE_PATH_.'classes/security/phphtmlparser/src/htmlparser.inc';
 
 class EmbedFilter
 {
@@ -276,7 +276,7 @@ 
 	 */
 	function getInstance()
 	{
-		if(!isset($GLOBALS['__EMBEDFILTER_INSTANCE__']))
+		if (!isset($GLOBALS['__EMBEDFILTER_INSTANCE__']))
 		{
 			$GLOBALS['__EMBEDFILTER_INSTANCE__'] = new EmbedFilter();
 		}
@@ -316,9 +316,9 @@ 
 	{
 		preg_match_all('/<\s*object\s*[^>]+(?:\/?>?)/is', $content, $m);
 		$objectTagList = $m[0];
-		if($objectTagList)
+		if ($objectTagList)
 		{
-			foreach($objectTagList AS $key => $objectTag)
+			foreach ($objectTagList AS $key => $objectTag)
 			{
 				$isWhiteDomain = true;
 				$isWhiteMimetype = true;
@@ -326,21 +326,21 @@ 
 				$ext = '';
 
 				$parser = new HtmlParser($objectTag);
-				while($parser->parse())
+				while ($parser->parse())
 				{
-					if(is_array($parser->iNodeAttributes))
+					if (is_array($parser->iNodeAttributes))
 					{
-						foreach($parser->iNodeAttributes AS $attrName => $attrValue)
+						foreach ($parser->iNodeAttributes AS $attrName => $attrValue)
 						{
 							// data url check
-							if($attrValue && strtolower($attrName) == 'data')
+							if ($attrValue && strtolower($attrName) == 'data')
 							{
 								$ext = strtolower(substr(strrchr($attrValue, "."), 1));
 								$isWhiteDomain = $this->isWhiteDomain($attrValue);
 							}
 
 							// mime type check
-							if(strtolower($attrName) == 'type' && $attrValue)
+							if (strtolower($attrName) == 'type' && $attrValue)
 							{
 								$isWhiteMimetype = $this->isWhiteMimetype($attrValue);
 							}
@@ -348,7 +348,7 @@ 
 					}
 				}
 
-				if(!$isWhiteDomain || !$isWhiteMimetype)
+				if (!$isWhiteDomain || !$isWhiteMimetype)
 				{
 					$content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
 				}
@@ -364,9 +364,9 @@ 
 	{
 		preg_match_all('/<\s*embed\s*[^>]+(?:\/?>?)/is', $content, $m);
 		$embedTagList = $m[0];
-		if($embedTagList)
+		if ($embedTagList)
 		{
-			foreach($embedTagList AS $key => $embedTag)
+			foreach ($embedTagList AS $key => $embedTag)
 			{
 				$isWhiteDomain = TRUE;
 				$isWhiteMimetype = TRUE;
@@ -374,21 +374,21 @@ 
 				$ext = '';
 
 				$parser = new HtmlParser($embedTag);
-				while($parser->parse())
+				while ($parser->parse())
 				{
-					if(is_array($parser->iNodeAttributes))
+					if (is_array($parser->iNodeAttributes))
 					{
-						foreach($parser->iNodeAttributes AS $attrName => $attrValue)
+						foreach ($parser->iNodeAttributes AS $attrName => $attrValue)
 						{
 							// src url check
-							if($attrValue && strtolower($attrName) == 'src')
+							if ($attrValue && strtolower($attrName) == 'src')
 							{
 								$ext = strtolower(substr(strrchr($attrValue, "."), 1));
 								$isWhiteDomain = $this->isWhiteDomain($attrValue);
 							}
 
 							// mime type check
-							if(strtolower($attrName) == 'type' && $attrValue)
+							if (strtolower($attrName) == 'type' && $attrValue)
 							{
 								$isWhiteMimetype = $this->isWhiteMimetype($attrValue);
 							}
@@ -396,7 +396,7 @@ 
 					}
 				}
 
-				if(!$isWhiteDomain || !$isWhiteMimetype)
+				if (!$isWhiteDomain || !$isWhiteMimetype)
 				{
 					$content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
 				}
@@ -415,22 +415,22 @@ 
 
 		preg_match_all('/<\s*iframe\s*[^>]+(?:\/?>?)/is', $content, $m);
 		$iframeTagList = $m[0];
-		if($iframeTagList)
+		if ($iframeTagList)
 		{
-			foreach($iframeTagList AS $key => $iframeTag)
+			foreach ($iframeTagList AS $key => $iframeTag)
 			{
 				$isWhiteDomain = TRUE;
 				$ext = '';
 
 				$parser = new HtmlParser($iframeTag);
-				while($parser->parse())
+				while ($parser->parse())
 				{
-					if(is_array($parser->iNodeAttributes))
+					if (is_array($parser->iNodeAttributes))
 					{
-						foreach($parser->iNodeAttributes AS $attrName => $attrValue)
+						foreach ($parser->iNodeAttributes AS $attrName => $attrValue)
 						{
 							// src url check
-							if(strtolower($attrName) == 'src' && $attrValue)
+							if (strtolower($attrName) == 'src' && $attrValue)
 							{
 								$ext = strtolower(substr(strrchr($attrValue, "."), 1));
 								$isWhiteDomain = $this->isWhiteIframeDomain($attrValue);
@@ -439,7 +439,7 @@ 
 					}
 				}
 
-				if(!$isWhiteDomain)
+				if (!$isWhiteDomain)
 				{
 					$content = str_replace($iframeTag, htmlspecialchars($iframeTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
 				}
@@ -455,26 +455,26 @@ 
 	{
 		preg_match_all('/<\s*param\s*[^>]+(?:\/?>?)/is', $content, $m);
 		$paramTagList = $m[0];
-		if($paramTagList)
+		if ($paramTagList)
 		{
-			foreach($paramTagList AS $key => $paramTag)
+			foreach ($paramTagList AS $key => $paramTag)
 			{
 				$isWhiteDomain = TRUE;
 				$isWhiteExt = TRUE;
 				$ext = '';
 
 				$parser = new HtmlParser($paramTag);
-				while($parser->parse())
+				while ($parser->parse())
 				{
-					if($parser->iNodeAttributes['name'] && $parser->iNodeAttributes['value'])
+					if ($parser->iNodeAttributes['name'] && $parser->iNodeAttributes['value'])
 					{
 						$name = strtolower($parser->iNodeAttributes['name']);
-						if($name == 'movie' || $name == 'src' || $name == 'href' || $name == 'url' || $name == 'source')
+						if ($name == 'movie' || $name == 'src' || $name == 'href' || $name == 'url' || $name == 'source')
 						{
 							$ext = strtolower(substr(strrchr($parser->iNodeAttributes['value'], "."), 1));
 							$isWhiteDomain = $this->isWhiteDomain($parser->iNodeAttributes['value']);
 
-							if(!$isWhiteDomain)
+							if (!$isWhiteDomain)
 							{
 								$content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), $content);
 							}
@@ -491,11 +491,11 @@ 
 	 */
 	function isWhiteDomain($urlAttribute)
 	{
-		if(is_array($this->whiteUrlList))
+		if (is_array($this->whiteUrlList))
 		{
-			foreach($this->whiteUrlList AS $key => $value)
+			foreach ($this->whiteUrlList AS $key => $value)
 			{
-				if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
+				if (preg_match('@^'.preg_quote($value).'@i', $urlAttribute))
 				{
 					return TRUE;
 				}
@@ -510,11 +510,11 @@ 
 	 */
 	function isWhiteIframeDomain($urlAttribute)
 	{
-		if(is_array($this->whiteIframeUrlList))
+		if (is_array($this->whiteIframeUrlList))
 		{
-			foreach($this->whiteIframeUrlList AS $key => $value)
+			foreach ($this->whiteIframeUrlList AS $key => $value)
 			{
-				if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
+				if (preg_match('@^'.preg_quote($value).'@i', $urlAttribute))
 				{
 					return TRUE;
 				}
@@ -529,7 +529,7 @@ 
 	 */
 	function isWhiteMimetype($mimeType)
 	{
-		if(isset($this->mimeTypeList[$mimeType]))
+		if (isset($this->mimeTypeList[$mimeType]))
 		{
 			return TRUE;
 		}
@@ -538,7 +538,7 @@ 
 
 	function isWhiteExt($ext)
 	{
-		if(isset($this->extList[$ext]))
+		if (isset($this->extList[$ext]))
 		{
 			return TRUE;
 		}
@@ -547,26 +547,26 @@ 
 
 	function _checkAllowScriptAccess($m)
 	{
-		if($m[1] == 'object')
+		if ($m[1] == 'object')
 		{
 			$this->allowscriptaccessList[] = 1;
 		}
 
-		if($m[1] == 'param')
+		if ($m[1] == 'param')
 		{
-			if(stripos($m[0], 'allowscriptaccess'))
+			if (stripos($m[0], 'allowscriptaccess'))
 			{
 				$m[0] = '<param name="allowscriptaccess" value="never"';
-				if(substr($m[0], -1) == '/')
+				if (substr($m[0], -1) == '/')
 				{
 					$m[0] .= '/';
 				}
 				$this->allowscriptaccessList[count($this->allowscriptaccessList) - 1]--;
 			}
 		}
-		else if($m[1] == 'embed')
+		else if ($m[1] == 'embed')
 		{
-			if(stripos($m[0], 'allowscriptaccess'))
+			if (stripos($m[0], 'allowscriptaccess'))
 			{
 				$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
 			}
@@ -580,9 +580,9 @@ 
 
 	function _addAllowScriptAccess($m)
 	{
-		if($this->allowscriptaccessList[$this->allowscriptaccessKey] == 1)
+		if ($this->allowscriptaccessList[$this->allowscriptaccessKey] == 1)
 		{
-			$m[0] = $m[0] . '<param name="allowscriptaccess" value="never"></param>';
+			$m[0] = $m[0].'<param name="allowscriptaccess" value="never"></param>';
 		}
 		$this->allowscriptaccessKey++;
 		return $m[0];
@@ -599,31 +599,31 @@ 
 		$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
 
 		$isMake = FALSE;
-		if(!file_exists($whiteUrlCacheFile))
+		if (!file_exists($whiteUrlCacheFile))
 		{
 			$isMake = TRUE;
 		}
-		if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
+		if (file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
 		{
 			$isMake = TRUE;
 		}
 
-		if(gettype($whitelist) == 'array' && gettype($whitelist['object']) == 'array' && gettype($whitelist['iframe']) == 'array')
+		if (gettype($whitelist) == 'array' && gettype($whitelist['object']) == 'array' && gettype($whitelist['iframe']) == 'array')
 		{
 			$isMake = FALSE;
 		}
 
-		if(isset($whitelist) && gettype($whitelist) == 'object')
+		if (isset($whitelist) && gettype($whitelist) == 'object')
 		{
 			$isMake = TRUE;
 		}
 
-		if($isMake)
+		if ($isMake)
 		{
 			$whiteUrlList = array();
 			$whiteIframeUrlList = array();
 
-			if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
+			if (gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
 			{
 				$whiteUrlList = $whitelist->object;
 				$whiteIframeUrlList = $whitelist->iframe;
@@ -636,15 +636,15 @@ 
 				$domainListObj = $xmlParser->parse($xmlBuff);
 				$embedDomainList = $domainListObj->whiteurl->embed->domain;
 				$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
-				if(!is_array($embedDomainList)) $embedDomainList = array();
-				if(!is_array($iframeDomainList)) $iframeDomainList = array();
+				if (!is_array($embedDomainList)) $embedDomainList = array();
+				if (!is_array($iframeDomainList)) $iframeDomainList = array();
 
-				foreach($embedDomainList AS $key => $value)
+				foreach ($embedDomainList AS $key => $value)
 				{
 					$patternList = $value->pattern;
-					if(is_array($patternList))
+					if (is_array($patternList))
 					{
-						foreach($patternList AS $key => $value)
+						foreach ($patternList AS $key => $value)
 						{
 							$whiteUrlList[] = $value->body;
 						}
@@ -655,12 +655,12 @@ 
 					}
 				}
 
-				foreach($iframeDomainList AS $key => $value)
+				foreach ($iframeDomainList AS $key => $value)
 				{
 					$patternList = $value->pattern;
-					if(is_array($patternList))
+					if (is_array($patternList))
 					{
-						foreach($patternList AS $key => $value)
+						foreach ($patternList AS $key => $value)
 						{
 							$whiteIframeUrlList[] = $value->body;
 						}
@@ -674,12 +674,12 @@ 
 
 			$db_info = Context::getDBInfo();
 
-			if($db_info->embed_white_object)
+			if ($db_info->embed_white_object)
 			{
 				$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
 			}
 
-			if($db_info->embed_white_iframe)
+			if ($db_info->embed_white_iframe)
 			{
 				$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
 			}
@@ -691,8 +691,8 @@ 
 
 			$buff = array();
 			$buff[] = '<?php if(!defined("__XE__")) exit();';
-			$buff[] = '$whiteUrlList = ' . var_export($whiteUrlList, TRUE) . ';';
-			$buff[] = '$whiteIframeUrlList = ' . var_export($whiteIframeUrlList, TRUE) . ';';
+			$buff[] = '$whiteUrlList = '.var_export($whiteUrlList, TRUE).';';
+			$buff[] = '$whiteIframeUrlList = '.var_export($whiteIframeUrlList, TRUE).';';
 
 			FileHandler::writeFile($this->whiteUrlCacheFile, implode(PHP_EOL, $buff));
 		}

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php

Doc Comments +1 added lines

@@ -11,6 +11,7 @@
     /**
      * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
      * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
+     * @param string $min
      */
     public function __construct($min = null, $max = null) {
         $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;

Indentation +35 added lines, -35 removed lines

@@ -6,41 +6,41 @@
 class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
 {
 
-    protected $min, $max;
-
-    /**
-     * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
-     * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
-     */
-    public function __construct($min = null, $max = null) {
-        $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
-        $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
-    }
-
-    public function validate($string, $config, $context) {
-        $string = $this->parseCDATA($string);
-
-        // Optimizations
-        if ($string === '') return false;
-        if ($string === '0') return '0';
-        if (strlen($string) === 1) return false;
-
-        $length = HTMLPurifier_Length::make($string);
-        if (!$length->isValid()) return false;
-
-        if ($this->min) {
-            $c = $length->compareTo($this->min);
-            if ($c === false) return false;
-            if ($c < 0) return false;
-        }
-        if ($this->max) {
-            $c = $length->compareTo($this->max);
-            if ($c === false) return false;
-            if ($c > 0) return false;
-        }
-
-        return $length->toString();
-    }
+	protected $min, $max;
+
+	/**
+	 * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
+	 * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
+	 */
+	public function __construct($min = null, $max = null) {
+		$this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
+		$this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
+	}
+
+	public function validate($string, $config, $context) {
+		$string = $this->parseCDATA($string);
+
+		// Optimizations
+		if ($string === '') return false;
+		if ($string === '0') return '0';
+		if (strlen($string) === 1) return false;
+
+		$length = HTMLPurifier_Length::make($string);
+		if (!$length->isValid()) return false;
+
+		if ($this->min) {
+			$c = $length->compareTo($this->min);
+			if ($c === false) return false;
+			if ($c < 0) return false;
+		}
+		if ($this->max) {
+			$c = $length->compareTo($this->max);
+			if ($c === false) return false;
+			if ($c > 0) return false;
+		}
+
+		return $length->toString();
+	}
 
 }
 

Braces +24 added lines, -8 removed lines

@@ -21,22 +21,38 @@
         $string = $this->parseCDATA($string);
 
         // Optimizations
-        if ($string === '') return false;
-        if ($string === '0') return '0';
-        if (strlen($string) === 1) return false;
+        if ($string === '') {
+        	return false;
+        }
+        if ($string === '0') {
+        	return '0';
+        }
+        if (strlen($string) === 1) {
+        	return false;
+        }
 
         $length = HTMLPurifier_Length::make($string);
-        if (!$length->isValid()) return false;
+        if (!$length->isValid()) {
+        	return false;
+        }
 
         if ($this->min) {
             $c = $length->compareTo($this->min);
-            if ($c === false) return false;
-            if ($c < 0) return false;
+            if ($c === false) {
+            	return false;
+            }
+            if ($c < 0) {
+            	return false;
+            }
         }
         if ($this->max) {
             $c = $length->compareTo($this->max);
-            if ($c === false) return false;
-            if ($c > 0) return false;
+            if ($c === false) {
+            	return false;
+            }
+            if ($c > 0) {
+            	return false;
+            }
         }
 
         return $length->toString();

classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php

Doc Comments +3 added lines

@@ -9,6 +9,9 @@
 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
 {
 
+    /**
+     * @param string $aIP
+     */
     public function validate($aIP, $config, $context) {
 
         if (!$this->ip4) $this->_loadRegex();

Indentation +84 added lines, -84 removed lines

@@ -9,90 +9,90 @@
 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
 {
 
-    public function validate($aIP, $config, $context) {
-
-        if (!$this->ip4) $this->_loadRegex();
-
-        $original = $aIP;
-
-        $hex = '[0-9a-fA-F]';
-        $blk = '(?:' . $hex . '{1,4})';
-        $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))';   // /0 - /128
-
-        //      prefix check
-        if (strpos($aIP, '/') !== false)
-        {
-                if (preg_match('#' . $pre . '$#s', $aIP, $find))
-                {
-                        $aIP = substr($aIP, 0, 0-strlen($find[0]));
-                        unset($find);
-                }
-                else
-                {
-                        return false;
-                }
-        }
-
-        //      IPv4-compatiblity check
-        if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find))
-        {
-                $aIP = substr($aIP, 0, 0-strlen($find[0]));
-                $ip = explode('.', $find[0]);
-                $ip = array_map('dechex', $ip);
-                $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
-                unset($find, $ip);
-        }
-
-        //      compression check
-        $aIP = explode('::', $aIP);
-        $c = count($aIP);
-        if ($c > 2)
-        {
-                return false;
-        }
-        elseif ($c == 2)
-        {
-                list($first, $second) = $aIP;
-                $first = explode(':', $first);
-                $second = explode(':', $second);
-
-                if (count($first) + count($second) > 8)
-                {
-                        return false;
-                }
-
-                while(count($first) < 8)
-                {
-                        array_push($first, '0');
-                }
-
-                array_splice($first, 8 - count($second), 8, $second);
-                $aIP = $first;
-                unset($first,$second);
-        }
-        else
-        {
-                $aIP = explode(':', $aIP[0]);
-        }
-        $c = count($aIP);
-
-        if ($c != 8)
-        {
-                return false;
-        }
-
-        //      All the pieces should be 16-bit hex strings. Are they?
-        foreach ($aIP as $piece)
-        {
-                if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece)))
-                {
-                        return false;
-                }
-        }
-
-        return $original;
-
-    }
+	public function validate($aIP, $config, $context) {
+
+		if (!$this->ip4) $this->_loadRegex();
+
+		$original = $aIP;
+
+		$hex = '[0-9a-fA-F]';
+		$blk = '(?:' . $hex . '{1,4})';
+		$pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))';   // /0 - /128
+
+		//      prefix check
+		if (strpos($aIP, '/') !== false)
+		{
+				if (preg_match('#' . $pre . '$#s', $aIP, $find))
+				{
+						$aIP = substr($aIP, 0, 0-strlen($find[0]));
+						unset($find);
+				}
+				else
+				{
+						return false;
+				}
+		}
+
+		//      IPv4-compatiblity check
+		if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find))
+		{
+				$aIP = substr($aIP, 0, 0-strlen($find[0]));
+				$ip = explode('.', $find[0]);
+				$ip = array_map('dechex', $ip);
+				$aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
+				unset($find, $ip);
+		}
+
+		//      compression check
+		$aIP = explode('::', $aIP);
+		$c = count($aIP);
+		if ($c > 2)
+		{
+				return false;
+		}
+		elseif ($c == 2)
+		{
+				list($first, $second) = $aIP;
+				$first = explode(':', $first);
+				$second = explode(':', $second);
+
+				if (count($first) + count($second) > 8)
+				{
+						return false;
+				}
+
+				while(count($first) < 8)
+				{
+						array_push($first, '0');
+				}
+
+				array_splice($first, 8 - count($second), 8, $second);
+				$aIP = $first;
+				unset($first,$second);
+		}
+		else
+		{
+				$aIP = explode(':', $aIP[0]);
+		}
+		$c = count($aIP);
+
+		if ($c != 8)
+		{
+				return false;
+		}
+
+		//      All the pieces should be 16-bit hex strings. Are they?
+		foreach ($aIP as $piece)
+		{
+				if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece)))
+				{
+						return false;
+				}
+		}
+
+		return $original;
+
+	}
 
 }
 

Braces +6 added lines, -7 removed lines

@@ -11,7 +11,9 @@ 
 
     public function validate($aIP, $config, $context) {
 
-        if (!$this->ip4) $this->_loadRegex();
+        if (!$this->ip4) {
+        	$this->_loadRegex();
+        }
 
         $original = $aIP;
 
@@ -26,8 +28,7 @@ 
                 {
                         $aIP = substr($aIP, 0, 0-strlen($find[0]));
                         unset($find);
-                }
-                else
+                } else
                 {
                         return false;
                 }
@@ -49,8 +50,7 @@ 
         if ($c > 2)
         {
                 return false;
-        }
-        elseif ($c == 2)
+        } elseif ($c == 2)
         {
                 list($first, $second) = $aIP;
                 $first = explode(':', $first);
@@ -69,8 +69,7 @@ 
                 array_splice($first, 8 - count($second), 8, $second);
                 $aIP = $first;
                 unset($first,$second);
-        }
-        else
+        } else
         {
                 $aIP = explode(':', $aIP[0]);
         }

Spacing +9 added lines, -9 removed lines

@@ -16,15 +16,15 @@ 
         $original = $aIP;
 
         $hex = '[0-9a-fA-F]';
-        $blk = '(?:' . $hex . '{1,4})';
-        $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))';   // /0 - /128
+        $blk = '(?:'.$hex.'{1,4})';
+        $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
 
         //      prefix check
         if (strpos($aIP, '/') !== false)
         {
-                if (preg_match('#' . $pre . '$#s', $aIP, $find))
+                if (preg_match('#'.$pre.'$#s', $aIP, $find))
                 {
-                        $aIP = substr($aIP, 0, 0-strlen($find[0]));
+                        $aIP = substr($aIP, 0, 0 - strlen($find[0]));
                         unset($find);
                 }
                 else
@@ -34,12 +34,12 @@ 
         }
 
         //      IPv4-compatiblity check
-        if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find))
+        if (preg_match('#(?<=:'.')'.$this->ip4.'$#s', $aIP, $find))
         {
-                $aIP = substr($aIP, 0, 0-strlen($find[0]));
+                $aIP = substr($aIP, 0, 0 - strlen($find[0]));
                 $ip = explode('.', $find[0]);
                 $ip = array_map('dechex', $ip);
-                $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
+                $aIP .= $ip[0].$ip[1].':'.$ip[2].$ip[3];
                 unset($find, $ip);
         }
 
@@ -61,14 +61,14 @@ 
                         return false;
                 }
 
-                while(count($first) < 8)
+                while (count($first) < 8)
                 {
                         array_push($first, '0');
                 }
 
                 array_splice($first, 8 - count($second), 8, $second);
                 $aIP = $first;
-                unset($first,$second);
+                unset($first, $second);
         }
         else
         {

classes/security/htmlpurifier/library/HTMLPurifier/DoctypeRegistry.php

Doc Comments +3 added lines, -1 removed lines

@@ -17,10 +17,12 @@
      * Registers a doctype to the registry
      * @note Accepts a fully-formed doctype object, or the
      *       parameters for constructing a doctype object
-     * @param $doctype Name of doctype or literal doctype object
+     * @param string $doctype Name of doctype or literal doctype object
      * @param $modules Modules doctype will load
      * @param $modules_for_modes Modules doctype will load for certain modes
      * @param $aliases Alias names for doctype
+     * @param string $dtd_public
+     * @param string $dtd_system
      * @return Editable registered doctype
      */
     public function register($doctype, $xml = true, $modules = array(),

Indentation +89 added lines, -89 removed lines

@@ -3,100 +3,100 @@
 class HTMLPurifier_DoctypeRegistry
 {
 
-    /**
-     * Hash of doctype names to doctype objects
-     */
-    protected $doctypes;
+	/**
+	 * Hash of doctype names to doctype objects
+	 */
+	protected $doctypes;
 
-    /**
-     * Lookup table of aliases to real doctype names
-     */
-    protected $aliases;
+	/**
+	 * Lookup table of aliases to real doctype names
+	 */
+	protected $aliases;
 
-    /**
-     * Registers a doctype to the registry
-     * @note Accepts a fully-formed doctype object, or the
-     *       parameters for constructing a doctype object
-     * @param $doctype Name of doctype or literal doctype object
-     * @param $modules Modules doctype will load
-     * @param $modules_for_modes Modules doctype will load for certain modes
-     * @param $aliases Alias names for doctype
-     * @return Editable registered doctype
-     */
-    public function register($doctype, $xml = true, $modules = array(),
-        $tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
-    ) {
-        if (!is_array($modules)) $modules = array($modules);
-        if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
-        if (!is_array($aliases)) $aliases = array($aliases);
-        if (!is_object($doctype)) {
-            $doctype = new HTMLPurifier_Doctype(
-                $doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
-            );
-        }
-        $this->doctypes[$doctype->name] = $doctype;
-        $name = $doctype->name;
-        // hookup aliases
-        foreach ($doctype->aliases as $alias) {
-            if (isset($this->doctypes[$alias])) continue;
-            $this->aliases[$alias] = $name;
-        }
-        // remove old aliases
-        if (isset($this->aliases[$name])) unset($this->aliases[$name]);
-        return $doctype;
-    }
+	/**
+	 * Registers a doctype to the registry
+	 * @note Accepts a fully-formed doctype object, or the
+	 *       parameters for constructing a doctype object
+	 * @param $doctype Name of doctype or literal doctype object
+	 * @param $modules Modules doctype will load
+	 * @param $modules_for_modes Modules doctype will load for certain modes
+	 * @param $aliases Alias names for doctype
+	 * @return Editable registered doctype
+	 */
+	public function register($doctype, $xml = true, $modules = array(),
+		$tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
+	) {
+		if (!is_array($modules)) $modules = array($modules);
+		if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
+		if (!is_array($aliases)) $aliases = array($aliases);
+		if (!is_object($doctype)) {
+			$doctype = new HTMLPurifier_Doctype(
+				$doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
+			);
+		}
+		$this->doctypes[$doctype->name] = $doctype;
+		$name = $doctype->name;
+		// hookup aliases
+		foreach ($doctype->aliases as $alias) {
+			if (isset($this->doctypes[$alias])) continue;
+			$this->aliases[$alias] = $name;
+		}
+		// remove old aliases
+		if (isset($this->aliases[$name])) unset($this->aliases[$name]);
+		return $doctype;
+	}
 
-    /**
-     * Retrieves reference to a doctype of a certain name
-     * @note This function resolves aliases
-     * @note When possible, use the more fully-featured make()
-     * @param $doctype Name of doctype
-     * @return Editable doctype object
-     */
-    public function get($doctype) {
-        if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
-        if (!isset($this->doctypes[$doctype])) {
-            trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
-            $anon = new HTMLPurifier_Doctype($doctype);
-            return $anon;
-        }
-        return $this->doctypes[$doctype];
-    }
+	/**
+	 * Retrieves reference to a doctype of a certain name
+	 * @note This function resolves aliases
+	 * @note When possible, use the more fully-featured make()
+	 * @param $doctype Name of doctype
+	 * @return Editable doctype object
+	 */
+	public function get($doctype) {
+		if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
+		if (!isset($this->doctypes[$doctype])) {
+			trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
+			$anon = new HTMLPurifier_Doctype($doctype);
+			return $anon;
+		}
+		return $this->doctypes[$doctype];
+	}
 
-    /**
-     * Creates a doctype based on a configuration object,
-     * will perform initialization on the doctype
-     * @note Use this function to get a copy of doctype that config
-     *       can hold on to (this is necessary in order to tell
-     *       Generator whether or not the current document is XML
-     *       based or not).
-     */
-    public function make($config) {
-        return clone $this->get($this->getDoctypeFromConfig($config));
-    }
+	/**
+	 * Creates a doctype based on a configuration object,
+	 * will perform initialization on the doctype
+	 * @note Use this function to get a copy of doctype that config
+	 *       can hold on to (this is necessary in order to tell
+	 *       Generator whether or not the current document is XML
+	 *       based or not).
+	 */
+	public function make($config) {
+		return clone $this->get($this->getDoctypeFromConfig($config));
+	}
 
-    /**
-     * Retrieves the doctype from the configuration object
-     */
-    public function getDoctypeFromConfig($config) {
-        // recommended test
-        $doctype = $config->get('HTML.Doctype');
-        if (!empty($doctype)) return $doctype;
-        $doctype = $config->get('HTML.CustomDoctype');
-        if (!empty($doctype)) return $doctype;
-        // backwards-compatibility
-        if ($config->get('HTML.XHTML')) {
-            $doctype = 'XHTML 1.0';
-        } else {
-            $doctype = 'HTML 4.01';
-        }
-        if ($config->get('HTML.Strict')) {
-            $doctype .= ' Strict';
-        } else {
-            $doctype .= ' Transitional';
-        }
-        return $doctype;
-    }
+	/**
+	 * Retrieves the doctype from the configuration object
+	 */
+	public function getDoctypeFromConfig($config) {
+		// recommended test
+		$doctype = $config->get('HTML.Doctype');
+		if (!empty($doctype)) return $doctype;
+		$doctype = $config->get('HTML.CustomDoctype');
+		if (!empty($doctype)) return $doctype;
+		// backwards-compatibility
+		if ($config->get('HTML.XHTML')) {
+			$doctype = 'XHTML 1.0';
+		} else {
+			$doctype = 'HTML 4.01';
+		}
+		if ($config->get('HTML.Strict')) {
+			$doctype .= ' Strict';
+		} else {
+			$doctype .= ' Transitional';
+		}
+		return $doctype;
+	}
 
 }
 

Braces +24 added lines, -8 removed lines

@@ -26,9 +26,15 @@ 
     public function register($doctype, $xml = true, $modules = array(),
         $tidy_modules = array(), $aliases = array(), $dtd_public = null, $dtd_system = null
     ) {
-        if (!is_array($modules)) $modules = array($modules);
-        if (!is_array($tidy_modules)) $tidy_modules = array($tidy_modules);
-        if (!is_array($aliases)) $aliases = array($aliases);
+        if (!is_array($modules)) {
+        	$modules = array($modules);
+        }
+        if (!is_array($tidy_modules)) {
+        	$tidy_modules = array($tidy_modules);
+        }
+        if (!is_array($aliases)) {
+        	$aliases = array($aliases);
+        }
         if (!is_object($doctype)) {
             $doctype = new HTMLPurifier_Doctype(
                 $doctype, $xml, $modules, $tidy_modules, $aliases, $dtd_public, $dtd_system
@@ -38,11 +44,15 @@ 
         $name = $doctype->name;
         // hookup aliases
         foreach ($doctype->aliases as $alias) {
-            if (isset($this->doctypes[$alias])) continue;
+            if (isset($this->doctypes[$alias])) {
+            	continue;
+            }
             $this->aliases[$alias] = $name;
         }
         // remove old aliases
-        if (isset($this->aliases[$name])) unset($this->aliases[$name]);
+        if (isset($this->aliases[$name])) {
+        	unset($this->aliases[$name]);
+        }
         return $doctype;
     }
 
@@ -54,7 +64,9 @@ 
      * @return Editable doctype object
      */
     public function get($doctype) {
-        if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
+        if (isset($this->aliases[$doctype])) {
+        	$doctype = $this->aliases[$doctype];
+        }
         if (!isset($this->doctypes[$doctype])) {
             trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
             $anon = new HTMLPurifier_Doctype($doctype);
@@ -81,9 +93,13 @@ 
     public function getDoctypeFromConfig($config) {
         // recommended test
         $doctype = $config->get('HTML.Doctype');
-        if (!empty($doctype)) return $doctype;
+        if (!empty($doctype)) {
+        	return $doctype;
+        }
         $doctype = $config->get('HTML.CustomDoctype');
-        if (!empty($doctype)) return $doctype;
+        if (!empty($doctype)) {
+        	return $doctype;
+        }
         // backwards-compatibility
         if ($config->get('HTML.XHTML')) {
             $doctype = 'XHTML 1.0';

Spacing +1 added lines, -1 removed lines

@@ -56,7 +56,7 @@
     public function get($doctype) {
         if (isset($this->aliases[$doctype])) $doctype = $this->aliases[$doctype];
         if (!isset($this->doctypes[$doctype])) {
-            trigger_error('Doctype ' . htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . ' does not exist', E_USER_ERROR);
+            trigger_error('Doctype '.htmlspecialchars($doctype, ENT_COMPAT | ENT_HTML401, 'UTF-8', false).' does not exist', E_USER_ERROR);
             $anon = new HTMLPurifier_Doctype($doctype);
             return $anon;
         }

classes/security/htmlpurifier/library/HTMLPurifier/Encoder.php

Doc Comments +5 added lines

@@ -31,6 +31,9 @@ 
 
     /**
      * iconv wrapper which mutes errors and works around bugs.
+     * @param string $in
+     * @param string $out
+     * @param string $text
      */
     public static function iconv($in, $out, $text, $max_chunk_size = 8000) {
         $code = self::testIconvTruncateBug();
@@ -332,6 +335,7 @@ 
 
     /**
      * Converts a string to UTF-8 based on configuration.
+     * @param HTMLPurifier_Context $context
      */
     public static function convertToUTF8($str, $config, $context) {
         $encoding = $config->get('Core.Encoding');
@@ -362,6 +366,7 @@ 
      * Converts a string from UTF-8 based on configuration.
      * @note Currently, this is a lossy conversion, with unexpressable
      *       characters being omitted.
+     * @param HTMLPurifier_Context $context
      */
     public static function convertFromUTF8($str, $config, $context) {
         $encoding = $config->get('Core.Encoding');

Indentation +526 added lines, -526 removed lines

@@ -7,532 +7,532 @@
 class HTMLPurifier_Encoder
 {
 
-    /**
-     * Constructor throws fatal error if you attempt to instantiate class
-     */
-    private function __construct() {
-        trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
-    }
-
-    /**
-     * Error-handler that mutes errors, alternative to shut-up operator.
-     */
-    public static function muteErrorHandler() {}
-
-    /**
-     * iconv wrapper which mutes errors, but doesn't work around bugs.
-     */
-    public static function unsafeIconv($in, $out, $text) {
-        set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
-        $r = iconv($in, $out, $text);
-        restore_error_handler();
-        return $r;
-    }
-
-    /**
-     * iconv wrapper which mutes errors and works around bugs.
-     */
-    public static function iconv($in, $out, $text, $max_chunk_size = 8000) {
-        $code = self::testIconvTruncateBug();
-        if ($code == self::ICONV_OK) {
-            return self::unsafeIconv($in, $out, $text);
-        } elseif ($code == self::ICONV_TRUNCATES) {
-            // we can only work around this if the input character set
-            // is utf-8
-            if ($in == 'utf-8') {
-                if ($max_chunk_size < 4) {
-                    trigger_error('max_chunk_size is too small', E_USER_WARNING);
-                    return false;
-                }
-                // split into 8000 byte chunks, but be careful to handle
-                // multibyte boundaries properly
-                if (($c = strlen($text)) <= $max_chunk_size) {
-                    return self::unsafeIconv($in, $out, $text);
-                }
-                $r = '';
-                $i = 0;
-                while (true) {
-                    if ($i + $max_chunk_size >= $c) {
-                        $r .= self::unsafeIconv($in, $out, substr($text, $i));
-                        break;
-                    }
-                    // wibble the boundary
-                    if (0x80 != (0xC0 & ord($text[$i + $max_chunk_size]))) {
-                        $chunk_size = $max_chunk_size;
-                    } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 1]))) {
-                        $chunk_size = $max_chunk_size - 1;
-                    } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 2]))) {
-                        $chunk_size = $max_chunk_size - 2;
-                    } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 3]))) {
-                        $chunk_size = $max_chunk_size - 3;
-                    } else {
-                        return false; // rather confusing UTF-8...
-                    }
-                    $chunk = substr($text, $i, $chunk_size); // substr doesn't mind overlong lengths
-                    $r .= self::unsafeIconv($in, $out, $chunk);
-                    $i += $chunk_size;
-                }
-                return $r;
-            } else {
-                return false;
-            }
-        } else {
-            return false;
-        }
-    }
-
-    /**
-     * Cleans a UTF-8 string for well-formedness and SGML validity
-     *
-     * It will parse according to UTF-8 and return a valid UTF8 string, with
-     * non-SGML codepoints excluded.
-     *
-     * @note Just for reference, the non-SGML code points are 0 to 31 and
-     *       127 to 159, inclusive.  However, we allow code points 9, 10
-     *       and 13, which are the tab, line feed and carriage return
-     *       respectively. 128 and above the code points map to multibyte
-     *       UTF-8 representations.
-     *
-     * @note Fallback code adapted from utf8ToUnicode by Henri Sivonen and
-     *       hsivonen@iki.fi at <http://iki.fi/hsivonen/php-utf8/> under the
-     *       LGPL license.  Notes on what changed are inside, but in general,
-     *       the original code transformed UTF-8 text into an array of integer
-     *       Unicode codepoints. Understandably, transforming that back to
-     *       a string would be somewhat expensive, so the function was modded to
-     *       directly operate on the string.  However, this discourages code
-     *       reuse, and the logic enumerated here would be useful for any
-     *       function that needs to be able to understand UTF-8 characters.
-     *       As of right now, only smart lossless character encoding converters
-     *       would need that, and I'm probably not going to implement them.
-     *       Once again, PHP 6 should solve all our problems.
-     */
-    public static function cleanUTF8($str, $force_php = false) {
-
-        // UTF-8 validity is checked since PHP 4.3.5
-        // This is an optimization: if the string is already valid UTF-8, no
-        // need to do PHP stuff. 99% of the time, this will be the case.
-        // The regexp matches the XML char production, as well as well as excluding
-        // non-SGML codepoints U+007F to U+009F
-        if (preg_match('/^[\x{9}\x{A}\x{D}\x{20}-\x{7E}\x{A0}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]*$/Du', $str)) {
-            return $str;
-        }
-
-        $mState = 0; // cached expected number of octets after the current octet
-                     // until the beginning of the next UTF8 character sequence
-        $mUcs4  = 0; // cached Unicode character
-        $mBytes = 1; // cached expected number of octets in the current sequence
-
-        // original code involved an $out that was an array of Unicode
-        // codepoints.  Instead of having to convert back into UTF-8, we've
-        // decided to directly append valid UTF-8 characters onto a string
-        // $out once they're done.  $char accumulates raw bytes, while $mUcs4
-        // turns into the Unicode code point, so there's some redundancy.
-
-        $out = '';
-        $char = '';
-
-        $len = strlen($str);
-        for($i = 0; $i < $len; $i++) {
-            $in = ord($str{$i});
-            $char .= $str[$i]; // append byte to char
-            if (0 == $mState) {
-                // When mState is zero we expect either a US-ASCII character
-                // or a multi-octet sequence.
-                if (0 == (0x80 & ($in))) {
-                    // US-ASCII, pass straight through.
-                    if (($in <= 31 || $in == 127) &&
-                        !($in == 9 || $in == 13 || $in == 10) // save \r\t\n
-                    ) {
-                        // control characters, remove
-                    } else {
-                        $out .= $char;
-                    }
-                    // reset
-                    $char = '';
-                    $mBytes = 1;
-                } elseif (0xC0 == (0xE0 & ($in))) {
-                    // First octet of 2 octet sequence
-                    $mUcs4 = ($in);
-                    $mUcs4 = ($mUcs4 & 0x1F) << 6;
-                    $mState = 1;
-                    $mBytes = 2;
-                } elseif (0xE0 == (0xF0 & ($in))) {
-                    // First octet of 3 octet sequence
-                    $mUcs4 = ($in);
-                    $mUcs4 = ($mUcs4 & 0x0F) << 12;
-                    $mState = 2;
-                    $mBytes = 3;
-                } elseif (0xF0 == (0xF8 & ($in))) {
-                    // First octet of 4 octet sequence
-                    $mUcs4 = ($in);
-                    $mUcs4 = ($mUcs4 & 0x07) << 18;
-                    $mState = 3;
-                    $mBytes = 4;
-                } elseif (0xF8 == (0xFC & ($in))) {
-                    // First octet of 5 octet sequence.
-                    //
-                    // This is illegal because the encoded codepoint must be
-                    // either:
-                    // (a) not the shortest form or
-                    // (b) outside the Unicode range of 0-0x10FFFF.
-                    // Rather than trying to resynchronize, we will carry on
-                    // until the end of the sequence and let the later error
-                    // handling code catch it.
-                    $mUcs4 = ($in);
-                    $mUcs4 = ($mUcs4 & 0x03) << 24;
-                    $mState = 4;
-                    $mBytes = 5;
-                } elseif (0xFC == (0xFE & ($in))) {
-                    // First octet of 6 octet sequence, see comments for 5
-                    // octet sequence.
-                    $mUcs4 = ($in);
-                    $mUcs4 = ($mUcs4 & 1) << 30;
-                    $mState = 5;
-                    $mBytes = 6;
-                } else {
-                    // Current octet is neither in the US-ASCII range nor a
-                    // legal first octet of a multi-octet sequence.
-                    $mState = 0;
-                    $mUcs4  = 0;
-                    $mBytes = 1;
-                    $char = '';
-                }
-            } else {
-                // When mState is non-zero, we expect a continuation of the
-                // multi-octet sequence
-                if (0x80 == (0xC0 & ($in))) {
-                    // Legal continuation.
-                    $shift = ($mState - 1) * 6;
-                    $tmp = $in;
-                    $tmp = ($tmp & 0x0000003F) << $shift;
-                    $mUcs4 |= $tmp;
-
-                    if (0 == --$mState) {
-                        // End of the multi-octet sequence. mUcs4 now contains
-                        // the final Unicode codepoint to be output
-
-                        // Check for illegal sequences and codepoints.
-
-                        // From Unicode 3.1, non-shortest form is illegal
-                        if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
-                            ((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
-                            ((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
-                            (4 < $mBytes) ||
-                            // From Unicode 3.2, surrogate characters = illegal
-                            (($mUcs4 & 0xFFFFF800) == 0xD800) ||
-                            // Codepoints outside the Unicode range are illegal
-                            ($mUcs4 > 0x10FFFF)
-                        ) {
-
-                        } elseif (0xFEFF != $mUcs4 && // omit BOM
-                            // check for valid Char unicode codepoints
-                            (
-                                0x9 == $mUcs4 ||
-                                0xA == $mUcs4 ||
-                                0xD == $mUcs4 ||
-                                (0x20 <= $mUcs4 && 0x7E >= $mUcs4) ||
-                                // 7F-9F is not strictly prohibited by XML,
-                                // but it is non-SGML, and thus we don't allow it
-                                (0xA0 <= $mUcs4 && 0xD7FF >= $mUcs4) ||
-                                (0x10000 <= $mUcs4 && 0x10FFFF >= $mUcs4)
-                            )
-                        ) {
-                            $out .= $char;
-                        }
-                        // initialize UTF8 cache (reset)
-                        $mState = 0;
-                        $mUcs4  = 0;
-                        $mBytes = 1;
-                        $char = '';
-                    }
-                } else {
-                    // ((0xC0 & (*in) != 0x80) && (mState != 0))
-                    // Incomplete multi-octet sequence.
-                    // used to result in complete fail, but we'll reset
-                    $mState = 0;
-                    $mUcs4  = 0;
-                    $mBytes = 1;
-                    $char ='';
-                }
-            }
-        }
-        return $out;
-    }
-
-    /**
-     * Translates a Unicode codepoint into its corresponding UTF-8 character.
-     * @note Based on Feyd's function at
-     *       <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
-     *       which is in public domain.
-     * @note While we're going to do code point parsing anyway, a good
-     *       optimization would be to refuse to translate code points that
-     *       are non-SGML characters.  However, this could lead to duplication.
-     * @note This is very similar to the unichr function in
-     *       maintenance/generate-entity-file.php (although this is superior,
-     *       due to its sanity checks).
-     */
-
-    // +----------+----------+----------+----------+
-    // | 33222222 | 22221111 | 111111   |          |
-    // | 10987654 | 32109876 | 54321098 | 76543210 | bit
-    // +----------+----------+----------+----------+
-    // |          |          |          | 0xxxxxxx | 1 byte 0x00000000..0x0000007F
-    // |          |          | 110yyyyy | 10xxxxxx | 2 byte 0x00000080..0x000007FF
-    // |          | 1110zzzz | 10yyyyyy | 10xxxxxx | 3 byte 0x00000800..0x0000FFFF
-    // | 11110www | 10wwzzzz | 10yyyyyy | 10xxxxxx | 4 byte 0x00010000..0x0010FFFF
-    // +----------+----------+----------+----------+
-    // | 00000000 | 00011111 | 11111111 | 11111111 | Theoretical upper limit of legal scalars: 2097151 (0x001FFFFF)
-    // | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
-    // +----------+----------+----------+----------+
-
-    public static function unichr($code) {
-        if($code > 1114111 or $code < 0 or
-          ($code >= 55296 and $code <= 57343) ) {
-            // bits are set outside the "valid" range as defined
-            // by UNICODE 4.1.0
-            return '';
-        }
-
-        $x = $y = $z = $w = 0;
-        if ($code < 128) {
-            // regular ASCII character
-            $x = $code;
-        } else {
-            // set up bits for UTF-8
-            $x = ($code & 63) | 128;
-            if ($code < 2048) {
-                $y = (($code & 2047) >> 6) | 192;
-            } else {
-                $y = (($code & 4032) >> 6) | 128;
-                if($code < 65536) {
-                    $z = (($code >> 12) & 15) | 224;
-                } else {
-                    $z = (($code >> 12) & 63) | 128;
-                    $w = (($code >> 18) & 7)  | 240;
-                }
-            }
-        }
-        // set up the actual character
-        $ret = '';
-        if($w) $ret .= chr($w);
-        if($z) $ret .= chr($z);
-        if($y) $ret .= chr($y);
-        $ret .= chr($x);
-
-        return $ret;
-    }
-
-    public static function iconvAvailable() {
-        static $iconv = null;
-        if ($iconv === null) {
-            $iconv = function_exists('iconv') && self::testIconvTruncateBug() != self::ICONV_UNUSABLE;
-        }
-        return $iconv;
-    }
-
-    /**
-     * Converts a string to UTF-8 based on configuration.
-     */
-    public static function convertToUTF8($str, $config, $context) {
-        $encoding = $config->get('Core.Encoding');
-        if ($encoding === 'utf-8') return $str;
-        static $iconv = null;
-        if ($iconv === null) $iconv = self::iconvAvailable();
-        if ($iconv && !$config->get('Test.ForceNoIconv')) {
-            // unaffected by bugs, since UTF-8 support all characters
-            $str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
-            if ($str === false) {
-                // $encoding is not a valid encoding
-                trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
-                return '';
-            }
-            // If the string is bjorked by Shift_JIS or a similar encoding
-            // that doesn't support all of ASCII, convert the naughty
-            // characters to their true byte-wise ASCII/UTF-8 equivalents.
-            $str = strtr($str, self::testEncodingSupportsASCII($encoding));
-            return $str;
-        } elseif ($encoding === 'iso-8859-1') {
-            $str = utf8_encode($str);
-            return $str;
-        }
-        trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
-    }
-
-    /**
-     * Converts a string from UTF-8 based on configuration.
-     * @note Currently, this is a lossy conversion, with unexpressable
-     *       characters being omitted.
-     */
-    public static function convertFromUTF8($str, $config, $context) {
-        $encoding = $config->get('Core.Encoding');
-        if ($escape = $config->get('Core.EscapeNonASCIICharacters')) {
-            $str = self::convertToASCIIDumbLossless($str);
-        }
-        if ($encoding === 'utf-8') return $str;
-        static $iconv = null;
-        if ($iconv === null) $iconv = self::iconvAvailable();
-        if ($iconv && !$config->get('Test.ForceNoIconv')) {
-            // Undo our previous fix in convertToUTF8, otherwise iconv will barf
-            $ascii_fix = self::testEncodingSupportsASCII($encoding);
-            if (!$escape && !empty($ascii_fix)) {
-                $clear_fix = array();
-                foreach ($ascii_fix as $utf8 => $native) $clear_fix[$utf8] = '';
-                $str = strtr($str, $clear_fix);
-            }
-            $str = strtr($str, array_flip($ascii_fix));
-            // Normal stuff
-            $str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
-            return $str;
-        } elseif ($encoding === 'iso-8859-1') {
-            $str = utf8_decode($str);
-            return $str;
-        }
-        trigger_error('Encoding not supported', E_USER_ERROR);
-        // You might be tempted to assume that the ASCII representation
-        // might be OK, however, this is *not* universally true over all
-        // encodings.  So we take the conservative route here, rather
-        // than forcibly turn on %Core.EscapeNonASCIICharacters
-    }
-
-    /**
-     * Lossless (character-wise) conversion of HTML to ASCII
-     * @param $str UTF-8 string to be converted to ASCII
-     * @returns ASCII encoded string with non-ASCII character entity-ized
-     * @warning Adapted from MediaWiki, claiming fair use: this is a common
-     *       algorithm. If you disagree with this license fudgery,
-     *       implement it yourself.
-     * @note Uses decimal numeric entities since they are best supported.
-     * @note This is a DUMB function: it has no concept of keeping
-     *       character entities that the projected character encoding
-     *       can allow. We could possibly implement a smart version
-     *       but that would require it to also know which Unicode
-     *       codepoints the charset supported (not an easy task).
-     * @note Sort of with cleanUTF8() but it assumes that $str is
-     *       well-formed UTF-8
-     */
-    public static function convertToASCIIDumbLossless($str) {
-        $bytesleft = 0;
-        $result = '';
-        $working = 0;
-        $len = strlen($str);
-        for( $i = 0; $i < $len; $i++ ) {
-            $bytevalue = ord( $str[$i] );
-            if( $bytevalue <= 0x7F ) { //0xxx xxxx
-                $result .= chr( $bytevalue );
-                $bytesleft = 0;
-            } elseif( $bytevalue <= 0xBF ) { //10xx xxxx
-                $working = $working << 6;
-                $working += ($bytevalue & 0x3F);
-                $bytesleft--;
-                if( $bytesleft <= 0 ) {
-                    $result .= "&#" . $working . ";";
-                }
-            } elseif( $bytevalue <= 0xDF ) { //110x xxxx
-                $working = $bytevalue & 0x1F;
-                $bytesleft = 1;
-            } elseif( $bytevalue <= 0xEF ) { //1110 xxxx
-                $working = $bytevalue & 0x0F;
-                $bytesleft = 2;
-            } else { //1111 0xxx
-                $working = $bytevalue & 0x07;
-                $bytesleft = 3;
-            }
-        }
-        return $result;
-    }
-
-    /** No bugs detected in iconv. */
-    const ICONV_OK = 0;
-
-    /** Iconv truncates output if converting from UTF-8 to another
-     *  character set with //IGNORE, and a non-encodable character is found */
-    const ICONV_TRUNCATES = 1;
-
-    /** Iconv does not support //IGNORE, making it unusable for
-     *  transcoding purposes */
-    const ICONV_UNUSABLE = 2;
-
-    /**
-     * glibc iconv has a known bug where it doesn't handle the magic
-     * //IGNORE stanza correctly.  In particular, rather than ignore
-     * characters, it will return an EILSEQ after consuming some number
-     * of characters, and expect you to restart iconv as if it were
-     * an E2BIG.  Old versions of PHP did not respect the errno, and
-     * returned the fragment, so as a result you would see iconv
-     * mysteriously truncating output. We can work around this by
-     * manually chopping our input into segments of about 8000
-     * characters, as long as PHP ignores the error code.  If PHP starts
-     * paying attention to the error code, iconv becomes unusable.
-     *
-     * @returns Error code indicating severity of bug.
-     */
-    public static function testIconvTruncateBug() {
-        static $code = null;
-        if ($code === null) {
-            // better not use iconv, otherwise infinite loop!
-            $r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1" . str_repeat('a', 9000));
-            if ($r === false) {
-                $code = self::ICONV_UNUSABLE;
-            } elseif (($c = strlen($r)) < 9000) {
-                $code = self::ICONV_TRUNCATES;
-            } elseif ($c > 9000) {
-                trigger_error('Your copy of iconv is extremely buggy. Please notify HTML Purifier maintainers: include your iconv version as per phpversion()', E_USER_ERROR);
-            } else {
-                $code = self::ICONV_OK;
-            }
-        }
-        return $code;
-    }
-
-    /**
-     * This expensive function tests whether or not a given character
-     * encoding supports ASCII. 7/8-bit encodings like Shift_JIS will
-     * fail this test, and require special processing. Variable width
-     * encodings shouldn't ever fail.
-     *
-     * @param string $encoding Encoding name to test, as per iconv format
-     * @param bool $bypass Whether or not to bypass the precompiled arrays.
-     * @return Array of UTF-8 characters to their corresponding ASCII,
-     *      which can be used to "undo" any overzealous iconv action.
-     */
-    public static function testEncodingSupportsASCII($encoding, $bypass = false) {
-        // All calls to iconv here are unsafe, proof by case analysis:
-        // If ICONV_OK, no difference.
-        // If ICONV_TRUNCATE, all calls involve one character inputs,
-        // so bug is not triggered.
-        // If ICONV_UNUSABLE, this call is irrelevant
-        static $encodings = array();
-        if (!$bypass) {
-            if (isset($encodings[$encoding])) return $encodings[$encoding];
-            $lenc = strtolower($encoding);
-            switch ($lenc) {
-                case 'shift_jis':
-                    return array("\xC2\xA5" => '\\', "\xE2\x80\xBE" => '~');
-                case 'johab':
-                    return array("\xE2\x82\xA9" => '\\');
-            }
-            if (strpos($lenc, 'iso-8859-') === 0) return array();
-        }
-        $ret = array();
-        if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) return false;
-        for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
-            $c = chr($i); // UTF-8 char
-            $r = self::unsafeIconv('UTF-8', "$encoding//IGNORE", $c); // initial conversion
-            if (
-                $r === '' ||
-                // This line is needed for iconv implementations that do not
-                // omit characters that do not exist in the target character set
-                ($r === $c && self::unsafeIconv($encoding, 'UTF-8//IGNORE', $r) !== $c)
-            ) {
-                // Reverse engineer: what's the UTF-8 equiv of this byte
-                // sequence? This assumes that there's no variable width
-                // encoding that doesn't support ASCII.
-                $ret[self::unsafeIconv($encoding, 'UTF-8//IGNORE', $c)] = $c;
-            }
-        }
-        $encodings[$encoding] = $ret;
-        return $ret;
-    }
+	/**
+	 * Constructor throws fatal error if you attempt to instantiate class
+	 */
+	private function __construct() {
+		trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
+	}
+
+	/**
+	 * Error-handler that mutes errors, alternative to shut-up operator.
+	 */
+	public static function muteErrorHandler() {}
+
+	/**
+	 * iconv wrapper which mutes errors, but doesn't work around bugs.
+	 */
+	public static function unsafeIconv($in, $out, $text) {
+		set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
+		$r = iconv($in, $out, $text);
+		restore_error_handler();
+		return $r;
+	}
+
+	/**
+	 * iconv wrapper which mutes errors and works around bugs.
+	 */
+	public static function iconv($in, $out, $text, $max_chunk_size = 8000) {
+		$code = self::testIconvTruncateBug();
+		if ($code == self::ICONV_OK) {
+			return self::unsafeIconv($in, $out, $text);
+		} elseif ($code == self::ICONV_TRUNCATES) {
+			// we can only work around this if the input character set
+			// is utf-8
+			if ($in == 'utf-8') {
+				if ($max_chunk_size < 4) {
+					trigger_error('max_chunk_size is too small', E_USER_WARNING);
+					return false;
+				}
+				// split into 8000 byte chunks, but be careful to handle
+				// multibyte boundaries properly
+				if (($c = strlen($text)) <= $max_chunk_size) {
+					return self::unsafeIconv($in, $out, $text);
+				}
+				$r = '';
+				$i = 0;
+				while (true) {
+					if ($i + $max_chunk_size >= $c) {
+						$r .= self::unsafeIconv($in, $out, substr($text, $i));
+						break;
+					}
+					// wibble the boundary
+					if (0x80 != (0xC0 & ord($text[$i + $max_chunk_size]))) {
+						$chunk_size = $max_chunk_size;
+					} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 1]))) {
+						$chunk_size = $max_chunk_size - 1;
+					} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 2]))) {
+						$chunk_size = $max_chunk_size - 2;
+					} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 3]))) {
+						$chunk_size = $max_chunk_size - 3;
+					} else {
+						return false; // rather confusing UTF-8...
+					}
+					$chunk = substr($text, $i, $chunk_size); // substr doesn't mind overlong lengths
+					$r .= self::unsafeIconv($in, $out, $chunk);
+					$i += $chunk_size;
+				}
+				return $r;
+			} else {
+				return false;
+			}
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * Cleans a UTF-8 string for well-formedness and SGML validity
+	 *
+	 * It will parse according to UTF-8 and return a valid UTF8 string, with
+	 * non-SGML codepoints excluded.
+	 *
+	 * @note Just for reference, the non-SGML code points are 0 to 31 and
+	 *       127 to 159, inclusive.  However, we allow code points 9, 10
+	 *       and 13, which are the tab, line feed and carriage return
+	 *       respectively. 128 and above the code points map to multibyte
+	 *       UTF-8 representations.
+	 *
+	 * @note Fallback code adapted from utf8ToUnicode by Henri Sivonen and
+	 *       hsivonen@iki.fi at <http://iki.fi/hsivonen/php-utf8/> under the
+	 *       LGPL license.  Notes on what changed are inside, but in general,
+	 *       the original code transformed UTF-8 text into an array of integer
+	 *       Unicode codepoints. Understandably, transforming that back to
+	 *       a string would be somewhat expensive, so the function was modded to
+	 *       directly operate on the string.  However, this discourages code
+	 *       reuse, and the logic enumerated here would be useful for any
+	 *       function that needs to be able to understand UTF-8 characters.
+	 *       As of right now, only smart lossless character encoding converters
+	 *       would need that, and I'm probably not going to implement them.
+	 *       Once again, PHP 6 should solve all our problems.
+	 */
+	public static function cleanUTF8($str, $force_php = false) {
+
+		// UTF-8 validity is checked since PHP 4.3.5
+		// This is an optimization: if the string is already valid UTF-8, no
+		// need to do PHP stuff. 99% of the time, this will be the case.
+		// The regexp matches the XML char production, as well as well as excluding
+		// non-SGML codepoints U+007F to U+009F
+		if (preg_match('/^[\x{9}\x{A}\x{D}\x{20}-\x{7E}\x{A0}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]*$/Du', $str)) {
+			return $str;
+		}
+
+		$mState = 0; // cached expected number of octets after the current octet
+					 // until the beginning of the next UTF8 character sequence
+		$mUcs4  = 0; // cached Unicode character
+		$mBytes = 1; // cached expected number of octets in the current sequence
+
+		// original code involved an $out that was an array of Unicode
+		// codepoints.  Instead of having to convert back into UTF-8, we've
+		// decided to directly append valid UTF-8 characters onto a string
+		// $out once they're done.  $char accumulates raw bytes, while $mUcs4
+		// turns into the Unicode code point, so there's some redundancy.
+
+		$out = '';
+		$char = '';
+
+		$len = strlen($str);
+		for($i = 0; $i < $len; $i++) {
+			$in = ord($str{$i});
+			$char .= $str[$i]; // append byte to char
+			if (0 == $mState) {
+				// When mState is zero we expect either a US-ASCII character
+				// or a multi-octet sequence.
+				if (0 == (0x80 & ($in))) {
+					// US-ASCII, pass straight through.
+					if (($in <= 31 || $in == 127) &&
+						!($in == 9 || $in == 13 || $in == 10) // save \r\t\n
+					) {
+						// control characters, remove
+					} else {
+						$out .= $char;
+					}
+					// reset
+					$char = '';
+					$mBytes = 1;
+				} elseif (0xC0 == (0xE0 & ($in))) {
+					// First octet of 2 octet sequence
+					$mUcs4 = ($in);
+					$mUcs4 = ($mUcs4 & 0x1F) << 6;
+					$mState = 1;
+					$mBytes = 2;
+				} elseif (0xE0 == (0xF0 & ($in))) {
+					// First octet of 3 octet sequence
+					$mUcs4 = ($in);
+					$mUcs4 = ($mUcs4 & 0x0F) << 12;
+					$mState = 2;
+					$mBytes = 3;
+				} elseif (0xF0 == (0xF8 & ($in))) {
+					// First octet of 4 octet sequence
+					$mUcs4 = ($in);
+					$mUcs4 = ($mUcs4 & 0x07) << 18;
+					$mState = 3;
+					$mBytes = 4;
+				} elseif (0xF8 == (0xFC & ($in))) {
+					// First octet of 5 octet sequence.
+					//
+					// This is illegal because the encoded codepoint must be
+					// either:
+					// (a) not the shortest form or
+					// (b) outside the Unicode range of 0-0x10FFFF.
+					// Rather than trying to resynchronize, we will carry on
+					// until the end of the sequence and let the later error
+					// handling code catch it.
+					$mUcs4 = ($in);
+					$mUcs4 = ($mUcs4 & 0x03) << 24;
+					$mState = 4;
+					$mBytes = 5;
+				} elseif (0xFC == (0xFE & ($in))) {
+					// First octet of 6 octet sequence, see comments for 5
+					// octet sequence.
+					$mUcs4 = ($in);
+					$mUcs4 = ($mUcs4 & 1) << 30;
+					$mState = 5;
+					$mBytes = 6;
+				} else {
+					// Current octet is neither in the US-ASCII range nor a
+					// legal first octet of a multi-octet sequence.
+					$mState = 0;
+					$mUcs4  = 0;
+					$mBytes = 1;
+					$char = '';
+				}
+			} else {
+				// When mState is non-zero, we expect a continuation of the
+				// multi-octet sequence
+				if (0x80 == (0xC0 & ($in))) {
+					// Legal continuation.
+					$shift = ($mState - 1) * 6;
+					$tmp = $in;
+					$tmp = ($tmp & 0x0000003F) << $shift;
+					$mUcs4 |= $tmp;
+
+					if (0 == --$mState) {
+						// End of the multi-octet sequence. mUcs4 now contains
+						// the final Unicode codepoint to be output
+
+						// Check for illegal sequences and codepoints.
+
+						// From Unicode 3.1, non-shortest form is illegal
+						if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
+							((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
+							((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
+							(4 < $mBytes) ||
+							// From Unicode 3.2, surrogate characters = illegal
+							(($mUcs4 & 0xFFFFF800) == 0xD800) ||
+							// Codepoints outside the Unicode range are illegal
+							($mUcs4 > 0x10FFFF)
+						) {
+
+						} elseif (0xFEFF != $mUcs4 && // omit BOM
+							// check for valid Char unicode codepoints
+							(
+								0x9 == $mUcs4 ||
+								0xA == $mUcs4 ||
+								0xD == $mUcs4 ||
+								(0x20 <= $mUcs4 && 0x7E >= $mUcs4) ||
+								// 7F-9F is not strictly prohibited by XML,
+								// but it is non-SGML, and thus we don't allow it
+								(0xA0 <= $mUcs4 && 0xD7FF >= $mUcs4) ||
+								(0x10000 <= $mUcs4 && 0x10FFFF >= $mUcs4)
+							)
+						) {
+							$out .= $char;
+						}
+						// initialize UTF8 cache (reset)
+						$mState = 0;
+						$mUcs4  = 0;
+						$mBytes = 1;
+						$char = '';
+					}
+				} else {
+					// ((0xC0 & (*in) != 0x80) && (mState != 0))
+					// Incomplete multi-octet sequence.
+					// used to result in complete fail, but we'll reset
+					$mState = 0;
+					$mUcs4  = 0;
+					$mBytes = 1;
+					$char ='';
+				}
+			}
+		}
+		return $out;
+	}
+
+	/**
+	 * Translates a Unicode codepoint into its corresponding UTF-8 character.
+	 * @note Based on Feyd's function at
+	 *       <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
+	 *       which is in public domain.
+	 * @note While we're going to do code point parsing anyway, a good
+	 *       optimization would be to refuse to translate code points that
+	 *       are non-SGML characters.  However, this could lead to duplication.
+	 * @note This is very similar to the unichr function in
+	 *       maintenance/generate-entity-file.php (although this is superior,
+	 *       due to its sanity checks).
+	 */
+
+	// +----------+----------+----------+----------+
+	// | 33222222 | 22221111 | 111111   |          |
+	// | 10987654 | 32109876 | 54321098 | 76543210 | bit
+	// +----------+----------+----------+----------+
+	// |          |          |          | 0xxxxxxx | 1 byte 0x00000000..0x0000007F
+	// |          |          | 110yyyyy | 10xxxxxx | 2 byte 0x00000080..0x000007FF
+	// |          | 1110zzzz | 10yyyyyy | 10xxxxxx | 3 byte 0x00000800..0x0000FFFF
+	// | 11110www | 10wwzzzz | 10yyyyyy | 10xxxxxx | 4 byte 0x00010000..0x0010FFFF
+	// +----------+----------+----------+----------+
+	// | 00000000 | 00011111 | 11111111 | 11111111 | Theoretical upper limit of legal scalars: 2097151 (0x001FFFFF)
+	// | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
+	// +----------+----------+----------+----------+
+
+	public static function unichr($code) {
+		if($code > 1114111 or $code < 0 or
+		  ($code >= 55296 and $code <= 57343) ) {
+			// bits are set outside the "valid" range as defined
+			// by UNICODE 4.1.0
+			return '';
+		}
+
+		$x = $y = $z = $w = 0;
+		if ($code < 128) {
+			// regular ASCII character
+			$x = $code;
+		} else {
+			// set up bits for UTF-8
+			$x = ($code & 63) | 128;
+			if ($code < 2048) {
+				$y = (($code & 2047) >> 6) | 192;
+			} else {
+				$y = (($code & 4032) >> 6) | 128;
+				if($code < 65536) {
+					$z = (($code >> 12) & 15) | 224;
+				} else {
+					$z = (($code >> 12) & 63) | 128;
+					$w = (($code >> 18) & 7)  | 240;
+				}
+			}
+		}
+		// set up the actual character
+		$ret = '';
+		if($w) $ret .= chr($w);
+		if($z) $ret .= chr($z);
+		if($y) $ret .= chr($y);
+		$ret .= chr($x);
+
+		return $ret;
+	}
+
+	public static function iconvAvailable() {
+		static $iconv = null;
+		if ($iconv === null) {
+			$iconv = function_exists('iconv') && self::testIconvTruncateBug() != self::ICONV_UNUSABLE;
+		}
+		return $iconv;
+	}
+
+	/**
+	 * Converts a string to UTF-8 based on configuration.
+	 */
+	public static function convertToUTF8($str, $config, $context) {
+		$encoding = $config->get('Core.Encoding');
+		if ($encoding === 'utf-8') return $str;
+		static $iconv = null;
+		if ($iconv === null) $iconv = self::iconvAvailable();
+		if ($iconv && !$config->get('Test.ForceNoIconv')) {
+			// unaffected by bugs, since UTF-8 support all characters
+			$str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
+			if ($str === false) {
+				// $encoding is not a valid encoding
+				trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
+				return '';
+			}
+			// If the string is bjorked by Shift_JIS or a similar encoding
+			// that doesn't support all of ASCII, convert the naughty
+			// characters to their true byte-wise ASCII/UTF-8 equivalents.
+			$str = strtr($str, self::testEncodingSupportsASCII($encoding));
+			return $str;
+		} elseif ($encoding === 'iso-8859-1') {
+			$str = utf8_encode($str);
+			return $str;
+		}
+		trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
+	}
+
+	/**
+	 * Converts a string from UTF-8 based on configuration.
+	 * @note Currently, this is a lossy conversion, with unexpressable
+	 *       characters being omitted.
+	 */
+	public static function convertFromUTF8($str, $config, $context) {
+		$encoding = $config->get('Core.Encoding');
+		if ($escape = $config->get('Core.EscapeNonASCIICharacters')) {
+			$str = self::convertToASCIIDumbLossless($str);
+		}
+		if ($encoding === 'utf-8') return $str;
+		static $iconv = null;
+		if ($iconv === null) $iconv = self::iconvAvailable();
+		if ($iconv && !$config->get('Test.ForceNoIconv')) {
+			// Undo our previous fix in convertToUTF8, otherwise iconv will barf
+			$ascii_fix = self::testEncodingSupportsASCII($encoding);
+			if (!$escape && !empty($ascii_fix)) {
+				$clear_fix = array();
+				foreach ($ascii_fix as $utf8 => $native) $clear_fix[$utf8] = '';
+				$str = strtr($str, $clear_fix);
+			}
+			$str = strtr($str, array_flip($ascii_fix));
+			// Normal stuff
+			$str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
+			return $str;
+		} elseif ($encoding === 'iso-8859-1') {
+			$str = utf8_decode($str);
+			return $str;
+		}
+		trigger_error('Encoding not supported', E_USER_ERROR);
+		// You might be tempted to assume that the ASCII representation
+		// might be OK, however, this is *not* universally true over all
+		// encodings.  So we take the conservative route here, rather
+		// than forcibly turn on %Core.EscapeNonASCIICharacters
+	}
+
+	/**
+	 * Lossless (character-wise) conversion of HTML to ASCII
+	 * @param $str UTF-8 string to be converted to ASCII
+	 * @returns ASCII encoded string with non-ASCII character entity-ized
+	 * @warning Adapted from MediaWiki, claiming fair use: this is a common
+	 *       algorithm. If you disagree with this license fudgery,
+	 *       implement it yourself.
+	 * @note Uses decimal numeric entities since they are best supported.
+	 * @note This is a DUMB function: it has no concept of keeping
+	 *       character entities that the projected character encoding
+	 *       can allow. We could possibly implement a smart version
+	 *       but that would require it to also know which Unicode
+	 *       codepoints the charset supported (not an easy task).
+	 * @note Sort of with cleanUTF8() but it assumes that $str is
+	 *       well-formed UTF-8
+	 */
+	public static function convertToASCIIDumbLossless($str) {
+		$bytesleft = 0;
+		$result = '';
+		$working = 0;
+		$len = strlen($str);
+		for( $i = 0; $i < $len; $i++ ) {
+			$bytevalue = ord( $str[$i] );
+			if( $bytevalue <= 0x7F ) { //0xxx xxxx
+				$result .= chr( $bytevalue );
+				$bytesleft = 0;
+			} elseif( $bytevalue <= 0xBF ) { //10xx xxxx
+				$working = $working << 6;
+				$working += ($bytevalue & 0x3F);
+				$bytesleft--;
+				if( $bytesleft <= 0 ) {
+					$result .= "&#" . $working . ";";
+				}
+			} elseif( $bytevalue <= 0xDF ) { //110x xxxx
+				$working = $bytevalue & 0x1F;
+				$bytesleft = 1;
+			} elseif( $bytevalue <= 0xEF ) { //1110 xxxx
+				$working = $bytevalue & 0x0F;
+				$bytesleft = 2;
+			} else { //1111 0xxx
+				$working = $bytevalue & 0x07;
+				$bytesleft = 3;
+			}
+		}
+		return $result;
+	}
+
+	/** No bugs detected in iconv. */
+	const ICONV_OK = 0;
+
+	/** Iconv truncates output if converting from UTF-8 to another
+	 *  character set with //IGNORE, and a non-encodable character is found */
+	const ICONV_TRUNCATES = 1;
+
+	/** Iconv does not support //IGNORE, making it unusable for
+	 *  transcoding purposes */
+	const ICONV_UNUSABLE = 2;
+
+	/**
+	 * glibc iconv has a known bug where it doesn't handle the magic
+	 * //IGNORE stanza correctly.  In particular, rather than ignore
+	 * characters, it will return an EILSEQ after consuming some number
+	 * of characters, and expect you to restart iconv as if it were
+	 * an E2BIG.  Old versions of PHP did not respect the errno, and
+	 * returned the fragment, so as a result you would see iconv
+	 * mysteriously truncating output. We can work around this by
+	 * manually chopping our input into segments of about 8000
+	 * characters, as long as PHP ignores the error code.  If PHP starts
+	 * paying attention to the error code, iconv becomes unusable.
+	 *
+	 * @returns Error code indicating severity of bug.
+	 */
+	public static function testIconvTruncateBug() {
+		static $code = null;
+		if ($code === null) {
+			// better not use iconv, otherwise infinite loop!
+			$r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1" . str_repeat('a', 9000));
+			if ($r === false) {
+				$code = self::ICONV_UNUSABLE;
+			} elseif (($c = strlen($r)) < 9000) {
+				$code = self::ICONV_TRUNCATES;
+			} elseif ($c > 9000) {
+				trigger_error('Your copy of iconv is extremely buggy. Please notify HTML Purifier maintainers: include your iconv version as per phpversion()', E_USER_ERROR);
+			} else {
+				$code = self::ICONV_OK;
+			}
+		}
+		return $code;
+	}
+
+	/**
+	 * This expensive function tests whether or not a given character
+	 * encoding supports ASCII. 7/8-bit encodings like Shift_JIS will
+	 * fail this test, and require special processing. Variable width
+	 * encodings shouldn't ever fail.
+	 *
+	 * @param string $encoding Encoding name to test, as per iconv format
+	 * @param bool $bypass Whether or not to bypass the precompiled arrays.
+	 * @return Array of UTF-8 characters to their corresponding ASCII,
+	 *      which can be used to "undo" any overzealous iconv action.
+	 */
+	public static function testEncodingSupportsASCII($encoding, $bypass = false) {
+		// All calls to iconv here are unsafe, proof by case analysis:
+		// If ICONV_OK, no difference.
+		// If ICONV_TRUNCATE, all calls involve one character inputs,
+		// so bug is not triggered.
+		// If ICONV_UNUSABLE, this call is irrelevant
+		static $encodings = array();
+		if (!$bypass) {
+			if (isset($encodings[$encoding])) return $encodings[$encoding];
+			$lenc = strtolower($encoding);
+			switch ($lenc) {
+				case 'shift_jis':
+					return array("\xC2\xA5" => '\\', "\xE2\x80\xBE" => '~');
+				case 'johab':
+					return array("\xE2\x82\xA9" => '\\');
+			}
+			if (strpos($lenc, 'iso-8859-') === 0) return array();
+		}
+		$ret = array();
+		if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) return false;
+		for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
+			$c = chr($i); // UTF-8 char
+			$r = self::unsafeIconv('UTF-8', "$encoding//IGNORE", $c); // initial conversion
+			if (
+				$r === '' ||
+				// This line is needed for iconv implementations that do not
+				// omit characters that do not exist in the target character set
+				($r === $c && self::unsafeIconv($encoding, 'UTF-8//IGNORE', $r) !== $c)
+			) {
+				// Reverse engineer: what's the UTF-8 equiv of this byte
+				// sequence? This assumes that there's no variable width
+				// encoding that doesn't support ASCII.
+				$ret[self::unsafeIconv($encoding, 'UTF-8//IGNORE', $c)] = $c;
+			}
+		}
+		$encodings[$encoding] = $ret;
+		return $ret;
+	}
 
 
 }

Braces +33 added lines, -11 removed lines

@@ -314,9 +314,15 @@ 
         }
         // set up the actual character
         $ret = '';
-        if($w) $ret .= chr($w);
-        if($z) $ret .= chr($z);
-        if($y) $ret .= chr($y);
+        if($w) {
+        	$ret .= chr($w);
+        }
+        if($z) {
+        	$ret .= chr($z);
+        }
+        if($y) {
+        	$ret .= chr($y);
+        }
         $ret .= chr($x);
 
         return $ret;
@@ -335,9 +341,13 @@ 
      */
     public static function convertToUTF8($str, $config, $context) {
         $encoding = $config->get('Core.Encoding');
-        if ($encoding === 'utf-8') return $str;
+        if ($encoding === 'utf-8') {
+        	return $str;
+        }
         static $iconv = null;
-        if ($iconv === null) $iconv = self::iconvAvailable();
+        if ($iconv === null) {
+        	$iconv = self::iconvAvailable();
+        }
         if ($iconv && !$config->get('Test.ForceNoIconv')) {
             // unaffected by bugs, since UTF-8 support all characters
             $str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
@@ -368,15 +378,21 @@ 
         if ($escape = $config->get('Core.EscapeNonASCIICharacters')) {
             $str = self::convertToASCIIDumbLossless($str);
         }
-        if ($encoding === 'utf-8') return $str;
+        if ($encoding === 'utf-8') {
+        	return $str;
+        }
         static $iconv = null;
-        if ($iconv === null) $iconv = self::iconvAvailable();
+        if ($iconv === null) {
+        	$iconv = self::iconvAvailable();
+        }
         if ($iconv && !$config->get('Test.ForceNoIconv')) {
             // Undo our previous fix in convertToUTF8, otherwise iconv will barf
             $ascii_fix = self::testEncodingSupportsASCII($encoding);
             if (!$escape && !empty($ascii_fix)) {
                 $clear_fix = array();
-                foreach ($ascii_fix as $utf8 => $native) $clear_fix[$utf8] = '';
+                foreach ($ascii_fix as $utf8 => $native) {
+                	$clear_fix[$utf8] = '';
+                }
                 $str = strtr($str, $clear_fix);
             }
             $str = strtr($str, array_flip($ascii_fix));
@@ -503,7 +519,9 @@ 
         // If ICONV_UNUSABLE, this call is irrelevant
         static $encodings = array();
         if (!$bypass) {
-            if (isset($encodings[$encoding])) return $encodings[$encoding];
+            if (isset($encodings[$encoding])) {
+            	return $encodings[$encoding];
+            }
             $lenc = strtolower($encoding);
             switch ($lenc) {
                 case 'shift_jis':
@@ -511,10 +529,14 @@ 
                 case 'johab':
                     return array("\xE2\x82\xA9" => '\\');
             }
-            if (strpos($lenc, 'iso-8859-') === 0) return array();
+            if (strpos($lenc, 'iso-8859-') === 0) {
+            	return array();
+            }
         }
         $ret = array();
-        if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) return false;
+        if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) {
+        	return false;
+        }
         for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
             $c = chr($i); // UTF-8 char
             $r = self::unsafeIconv('UTF-8', "$encoding//IGNORE", $c); // initial conversion

Spacing +21 added lines, -21 removed lines

@@ -132,7 +132,7 @@ 
         $char = '';
 
         $len = strlen($str);
-        for($i = 0; $i < $len; $i++) {
+        for ($i = 0; $i < $len; $i++) {
             $in = ord($str{$i});
             $char .= $str[$i]; // append byte to char
             if (0 == $mState) {
@@ -252,7 +252,7 @@ 
                     $mState = 0;
                     $mUcs4  = 0;
                     $mBytes = 1;
-                    $char ='';
+                    $char = '';
                 }
             }
         }
@@ -286,8 +286,8 @@ 
     // +----------+----------+----------+----------+
 
     public static function unichr($code) {
-        if($code > 1114111 or $code < 0 or
-          ($code >= 55296 and $code <= 57343) ) {
+        if ($code > 1114111 or $code < 0 or
+          ($code >= 55296 and $code <= 57343)) {
             // bits are set outside the "valid" range as defined
             // by UNICODE 4.1.0
             return '';
@@ -304,19 +304,19 @@ 
                 $y = (($code & 2047) >> 6) | 192;
             } else {
                 $y = (($code & 4032) >> 6) | 128;
-                if($code < 65536) {
+                if ($code < 65536) {
                     $z = (($code >> 12) & 15) | 224;
                 } else {
                     $z = (($code >> 12) & 63) | 128;
-                    $w = (($code >> 18) & 7)  | 240;
+                    $w = (($code >> 18) & 7) | 240;
                 }
             }
         }
         // set up the actual character
         $ret = '';
-        if($w) $ret .= chr($w);
-        if($z) $ret .= chr($z);
-        if($y) $ret .= chr($y);
+        if ($w) $ret .= chr($w);
+        if ($z) $ret .= chr($z);
+        if ($y) $ret .= chr($y);
         $ret .= chr($x);
 
         return $ret;
@@ -343,7 +343,7 @@ 
             $str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
             if ($str === false) {
                 // $encoding is not a valid encoding
-                trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
+                trigger_error('Invalid encoding '.$encoding, E_USER_ERROR);
                 return '';
             }
             // If the string is bjorked by Shift_JIS or a similar encoding
@@ -381,7 +381,7 @@ 
             }
             $str = strtr($str, array_flip($ascii_fix));
             // Normal stuff
-            $str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
+            $str = self::iconv('utf-8', $encoding.'//IGNORE', $str);
             return $str;
         } elseif ($encoding === 'iso-8859-1') {
             $str = utf8_decode($str);
@@ -415,22 +415,22 @@ 
         $result = '';
         $working = 0;
         $len = strlen($str);
-        for( $i = 0; $i < $len; $i++ ) {
-            $bytevalue = ord( $str[$i] );
-            if( $bytevalue <= 0x7F ) { //0xxx xxxx
-                $result .= chr( $bytevalue );
+        for ($i = 0; $i < $len; $i++) {
+            $bytevalue = ord($str[$i]);
+            if ($bytevalue <= 0x7F) { //0xxx xxxx
+                $result .= chr($bytevalue);
                 $bytesleft = 0;
-            } elseif( $bytevalue <= 0xBF ) { //10xx xxxx
+            } elseif ($bytevalue <= 0xBF) { //10xx xxxx
                 $working = $working << 6;
                 $working += ($bytevalue & 0x3F);
                 $bytesleft--;
-                if( $bytesleft <= 0 ) {
-                    $result .= "&#" . $working . ";";
+                if ($bytesleft <= 0) {
+                    $result .= "&#".$working.";";
                 }
-            } elseif( $bytevalue <= 0xDF ) { //110x xxxx
+            } elseif ($bytevalue <= 0xDF) { //110x xxxx
                 $working = $bytevalue & 0x1F;
                 $bytesleft = 1;
-            } elseif( $bytevalue <= 0xEF ) { //1110 xxxx
+            } elseif ($bytevalue <= 0xEF) { //1110 xxxx
                 $working = $bytevalue & 0x0F;
                 $bytesleft = 2;
             } else { //1111 0xxx
@@ -470,7 +470,7 @@ 
         static $code = null;
         if ($code === null) {
             // better not use iconv, otherwise infinite loop!
-            $r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1" . str_repeat('a', 9000));
+            $r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1".str_repeat('a', 9000));
             if ($r === false) {
                 $code = self::ICONV_UNUSABLE;
             } elseif (($c = strlen($r)) < 9000) {

classes/security/htmlpurifier/library/HTMLPurifier/ErrorCollector.php

Doc Comments +3 added lines

@@ -25,6 +25,9 @@
 
     protected $lines = array();
 
+    /**
+     * @param HTMLPurifier_Context $context
+     */
     public function __construct($context) {
         $this->locale    =& $context->get('Locale');
         $this->context   = $context;

Indentation +196 added lines, -196 removed lines

@@ -7,202 +7,202 @@
 class HTMLPurifier_ErrorCollector
 {
 
-    /**
-     * Identifiers for the returned error array. These are purposely numeric
-     * so list() can be used.
-     */
-    const LINENO   = 0;
-    const SEVERITY = 1;
-    const MESSAGE  = 2;
-    const CHILDREN = 3;
-
-    protected $errors;
-    protected $_current;
-    protected $_stacks = array(array());
-    protected $locale;
-    protected $generator;
-    protected $context;
-
-    protected $lines = array();
-
-    public function __construct($context) {
-        $this->locale    =& $context->get('Locale');
-        $this->context   = $context;
-        $this->_current  =& $this->_stacks[0];
-        $this->errors    =& $this->_stacks[0];
-    }
-
-    /**
-     * Sends an error message to the collector for later use
-     * @param $severity int Error severity, PHP error style (don't use E_USER_)
-     * @param $msg string Error message text
-     * @param $subst1 string First substitution for $msg
-     * @param $subst2 string ...
-     */
-    public function send($severity, $msg) {
-
-        $args = array();
-        if (func_num_args() > 2) {
-            $args = func_get_args();
-            array_shift($args);
-            unset($args[0]);
-        }
-
-        $token = $this->context->get('CurrentToken', true);
-        $line  = $token ? $token->line : $this->context->get('CurrentLine', true);
-        $col   = $token ? $token->col  : $this->context->get('CurrentCol',  true);
-        $attr  = $this->context->get('CurrentAttr', true);
-
-        // perform special substitutions, also add custom parameters
-        $subst = array();
-        if (!is_null($token)) {
-            $args['CurrentToken'] = $token;
-        }
-        if (!is_null($attr)) {
-            $subst['$CurrentAttr.Name'] = $attr;
-            if (isset($token->attr[$attr])) $subst['$CurrentAttr.Value'] = $token->attr[$attr];
-        }
-
-        if (empty($args)) {
-            $msg = $this->locale->getMessage($msg);
-        } else {
-            $msg = $this->locale->formatMessage($msg, $args);
-        }
-
-        if (!empty($subst)) $msg = strtr($msg, $subst);
-
-        // (numerically indexed)
-        $error = array(
-            self::LINENO   => $line,
-            self::SEVERITY => $severity,
-            self::MESSAGE  => $msg,
-            self::CHILDREN => array()
-        );
-        $this->_current[] = $error;
-
-
-        // NEW CODE BELOW ...
-
-        $struct = null;
-        // Top-level errors are either:
-        //  TOKEN type, if $value is set appropriately, or
-        //  "syntax" type, if $value is null
-        $new_struct = new HTMLPurifier_ErrorStruct();
-        $new_struct->type = HTMLPurifier_ErrorStruct::TOKEN;
-        if ($token) $new_struct->value = clone $token;
-        if (is_int($line) && is_int($col)) {
-            if (isset($this->lines[$line][$col])) {
-                $struct = $this->lines[$line][$col];
-            } else {
-                $struct = $this->lines[$line][$col] = $new_struct;
-            }
-            // These ksorts may present a performance problem
-            ksort($this->lines[$line], SORT_NUMERIC);
-        } else {
-            if (isset($this->lines[-1])) {
-                $struct = $this->lines[-1];
-            } else {
-                $struct = $this->lines[-1] = $new_struct;
-            }
-        }
-        ksort($this->lines, SORT_NUMERIC);
-
-        // Now, check if we need to operate on a lower structure
-        if (!empty($attr)) {
-            $struct = $struct->getChild(HTMLPurifier_ErrorStruct::ATTR, $attr);
-            if (!$struct->value) {
-                $struct->value = array($attr, 'PUT VALUE HERE');
-            }
-        }
-        if (!empty($cssprop)) {
-            $struct = $struct->getChild(HTMLPurifier_ErrorStruct::CSSPROP, $cssprop);
-            if (!$struct->value) {
-                // if we tokenize CSS this might be a little more difficult to do
-                $struct->value = array($cssprop, 'PUT VALUE HERE');
-            }
-        }
-
-        // Ok, structs are all setup, now time to register the error
-        $struct->addError($severity, $msg);
-    }
-
-    /**
-     * Retrieves raw error data for custom formatter to use
-     * @param List of arrays in format of array(line of error,
-     *        error severity, error message,
-     *        recursive sub-errors array)
-     */
-    public function getRaw() {
-        return $this->errors;
-    }
-
-    /**
-     * Default HTML formatting implementation for error messages
-     * @param $config Configuration array, vital for HTML output nature
-     * @param $errors Errors array to display; used for recursion.
-     */
-    public function getHTMLFormatted($config, $errors = null) {
-        $ret = array();
-
-        $this->generator = new HTMLPurifier_Generator($config, $this->context);
-        if ($errors === null) $errors = $this->errors;
-
-        // 'At line' message needs to be removed
-
-        // generation code for new structure goes here. It needs to be recursive.
-        foreach ($this->lines as $line => $col_array) {
-            if ($line == -1) continue;
-            foreach ($col_array as $col => $struct) {
-                $this->_renderStruct($ret, $struct, $line, $col);
-            }
-        }
-        if (isset($this->lines[-1])) {
-            $this->_renderStruct($ret, $this->lines[-1]);
-        }
-
-        if (empty($errors)) {
-            return '<p>' . $this->locale->getMessage('ErrorCollector: No errors') . '</p>';
-        } else {
-            return '<ul><li>' . implode('</li><li>', $ret) . '</li></ul>';
-        }
-
-    }
-
-    private function _renderStruct(&$ret, $struct, $line = null, $col = null) {
-        $stack = array($struct);
-        $context_stack = array(array());
-        while ($current = array_pop($stack)) {
-            $context = array_pop($context_stack);
-            foreach ($current->errors as $error) {
-                list($severity, $msg) = $error;
-                $string = '';
-                $string .= '<div>';
-                // W3C uses an icon to indicate the severity of the error.
-                $error = $this->locale->getErrorName($severity);
-                $string .= "<span class=\"error e$severity\"><strong>$error</strong></span> ";
-                if (!is_null($line) && !is_null($col)) {
-                    $string .= "<em class=\"location\">Line $line, Column $col: </em> ";
-                } else {
-                    $string .= '<em class="location">End of Document: </em> ';
-                }
-                $string .= '<strong class="description">' . $this->generator->escape($msg) . '</strong> ';
-                $string .= '</div>';
-                // Here, have a marker for the character on the column appropriate.
-                // Be sure to clip extremely long lines.
-                //$string .= '<pre>';
-                //$string .= '';
-                //$string .= '</pre>';
-                $ret[] = $string;
-            }
-            foreach ($current->children as $type => $array) {
-                $context[] = $current;
-                $stack = array_merge($stack, array_reverse($array, true));
-                for ($i = count($array); $i > 0; $i--) {
-                    $context_stack[] = $context;
-                }
-            }
-        }
-    }
+	/**
+	 * Identifiers for the returned error array. These are purposely numeric
+	 * so list() can be used.
+	 */
+	const LINENO   = 0;
+	const SEVERITY = 1;
+	const MESSAGE  = 2;
+	const CHILDREN = 3;
+
+	protected $errors;
+	protected $_current;
+	protected $_stacks = array(array());
+	protected $locale;
+	protected $generator;
+	protected $context;
+
+	protected $lines = array();
+
+	public function __construct($context) {
+		$this->locale    =& $context->get('Locale');
+		$this->context   = $context;
+		$this->_current  =& $this->_stacks[0];
+		$this->errors    =& $this->_stacks[0];
+	}
+
+	/**
+	 * Sends an error message to the collector for later use
+	 * @param $severity int Error severity, PHP error style (don't use E_USER_)
+	 * @param $msg string Error message text
+	 * @param $subst1 string First substitution for $msg
+	 * @param $subst2 string ...
+	 */
+	public function send($severity, $msg) {
+
+		$args = array();
+		if (func_num_args() > 2) {
+			$args = func_get_args();
+			array_shift($args);
+			unset($args[0]);
+		}
+
+		$token = $this->context->get('CurrentToken', true);
+		$line  = $token ? $token->line : $this->context->get('CurrentLine', true);
+		$col   = $token ? $token->col  : $this->context->get('CurrentCol',  true);
+		$attr  = $this->context->get('CurrentAttr', true);
+
+		// perform special substitutions, also add custom parameters
+		$subst = array();
+		if (!is_null($token)) {
+			$args['CurrentToken'] = $token;
+		}
+		if (!is_null($attr)) {
+			$subst['$CurrentAttr.Name'] = $attr;
+			if (isset($token->attr[$attr])) $subst['$CurrentAttr.Value'] = $token->attr[$attr];
+		}
+
+		if (empty($args)) {
+			$msg = $this->locale->getMessage($msg);
+		} else {
+			$msg = $this->locale->formatMessage($msg, $args);
+		}
+
+		if (!empty($subst)) $msg = strtr($msg, $subst);
+
+		// (numerically indexed)
+		$error = array(
+			self::LINENO   => $line,
+			self::SEVERITY => $severity,
+			self::MESSAGE  => $msg,
+			self::CHILDREN => array()
+		);
+		$this->_current[] = $error;
+
+
+		// NEW CODE BELOW ...
+
+		$struct = null;
+		// Top-level errors are either:
+		//  TOKEN type, if $value is set appropriately, or
+		//  "syntax" type, if $value is null
+		$new_struct = new HTMLPurifier_ErrorStruct();
+		$new_struct->type = HTMLPurifier_ErrorStruct::TOKEN;
+		if ($token) $new_struct->value = clone $token;
+		if (is_int($line) && is_int($col)) {
+			if (isset($this->lines[$line][$col])) {
+				$struct = $this->lines[$line][$col];
+			} else {
+				$struct = $this->lines[$line][$col] = $new_struct;
+			}
+			// These ksorts may present a performance problem
+			ksort($this->lines[$line], SORT_NUMERIC);
+		} else {
+			if (isset($this->lines[-1])) {
+				$struct = $this->lines[-1];
+			} else {
+				$struct = $this->lines[-1] = $new_struct;
+			}
+		}
+		ksort($this->lines, SORT_NUMERIC);
+
+		// Now, check if we need to operate on a lower structure
+		if (!empty($attr)) {
+			$struct = $struct->getChild(HTMLPurifier_ErrorStruct::ATTR, $attr);
+			if (!$struct->value) {
+				$struct->value = array($attr, 'PUT VALUE HERE');
+			}
+		}
+		if (!empty($cssprop)) {
+			$struct = $struct->getChild(HTMLPurifier_ErrorStruct::CSSPROP, $cssprop);
+			if (!$struct->value) {
+				// if we tokenize CSS this might be a little more difficult to do
+				$struct->value = array($cssprop, 'PUT VALUE HERE');
+			}
+		}
+
+		// Ok, structs are all setup, now time to register the error
+		$struct->addError($severity, $msg);
+	}
+
+	/**
+	 * Retrieves raw error data for custom formatter to use
+	 * @param List of arrays in format of array(line of error,
+	 *        error severity, error message,
+	 *        recursive sub-errors array)
+	 */
+	public function getRaw() {
+		return $this->errors;
+	}
+
+	/**
+	 * Default HTML formatting implementation for error messages
+	 * @param $config Configuration array, vital for HTML output nature
+	 * @param $errors Errors array to display; used for recursion.
+	 */
+	public function getHTMLFormatted($config, $errors = null) {
+		$ret = array();
+
+		$this->generator = new HTMLPurifier_Generator($config, $this->context);
+		if ($errors === null) $errors = $this->errors;
+
+		// 'At line' message needs to be removed
+
+		// generation code for new structure goes here. It needs to be recursive.
+		foreach ($this->lines as $line => $col_array) {
+			if ($line == -1) continue;
+			foreach ($col_array as $col => $struct) {
+				$this->_renderStruct($ret, $struct, $line, $col);
+			}
+		}
+		if (isset($this->lines[-1])) {
+			$this->_renderStruct($ret, $this->lines[-1]);
+		}
+
+		if (empty($errors)) {
+			return '<p>' . $this->locale->getMessage('ErrorCollector: No errors') . '</p>';
+		} else {
+			return '<ul><li>' . implode('</li><li>', $ret) . '</li></ul>';
+		}
+
+	}
+
+	private function _renderStruct(&$ret, $struct, $line = null, $col = null) {
+		$stack = array($struct);
+		$context_stack = array(array());
+		while ($current = array_pop($stack)) {
+			$context = array_pop($context_stack);
+			foreach ($current->errors as $error) {
+				list($severity, $msg) = $error;
+				$string = '';
+				$string .= '<div>';
+				// W3C uses an icon to indicate the severity of the error.
+				$error = $this->locale->getErrorName($severity);
+				$string .= "<span class=\"error e$severity\"><strong>$error</strong></span> ";
+				if (!is_null($line) && !is_null($col)) {
+					$string .= "<em class=\"location\">Line $line, Column $col: </em> ";
+				} else {
+					$string .= '<em class="location">End of Document: </em> ';
+				}
+				$string .= '<strong class="description">' . $this->generator->escape($msg) . '</strong> ';
+				$string .= '</div>';
+				// Here, have a marker for the character on the column appropriate.
+				// Be sure to clip extremely long lines.
+				//$string .= '<pre>';
+				//$string .= '';
+				//$string .= '</pre>';
+				$ret[] = $string;
+			}
+			foreach ($current->children as $type => $array) {
+				$context[] = $current;
+				$stack = array_merge($stack, array_reverse($array, true));
+				for ($i = count($array); $i > 0; $i--) {
+					$context_stack[] = $context;
+				}
+			}
+		}
+	}
 
 }
 

Braces +15 added lines, -5 removed lines

@@ -60,7 +60,9 @@ 
         }
         if (!is_null($attr)) {
             $subst['$CurrentAttr.Name'] = $attr;
-            if (isset($token->attr[$attr])) $subst['$CurrentAttr.Value'] = $token->attr[$attr];
+            if (isset($token->attr[$attr])) {
+            	$subst['$CurrentAttr.Value'] = $token->attr[$attr];
+            }
         }
 
         if (empty($args)) {
@@ -69,7 +71,9 @@ 
             $msg = $this->locale->formatMessage($msg, $args);
         }
 
-        if (!empty($subst)) $msg = strtr($msg, $subst);
+        if (!empty($subst)) {
+        	$msg = strtr($msg, $subst);
+        }
 
         // (numerically indexed)
         $error = array(
@@ -89,7 +93,9 @@ 
         //  "syntax" type, if $value is null
         $new_struct = new HTMLPurifier_ErrorStruct();
         $new_struct->type = HTMLPurifier_ErrorStruct::TOKEN;
-        if ($token) $new_struct->value = clone $token;
+        if ($token) {
+        	$new_struct->value = clone $token;
+        }
         if (is_int($line) && is_int($col)) {
             if (isset($this->lines[$line][$col])) {
                 $struct = $this->lines[$line][$col];
@@ -145,13 +151,17 @@ 
         $ret = array();
 
         $this->generator = new HTMLPurifier_Generator($config, $this->context);
-        if ($errors === null) $errors = $this->errors;
+        if ($errors === null) {
+        	$errors = $this->errors;
+        }
 
         // 'At line' message needs to be removed
 
         // generation code for new structure goes here. It needs to be recursive.
         foreach ($this->lines as $line => $col_array) {
-            if ($line == -1) continue;
+            if ($line == -1) {
+            	continue;
+            }
             foreach ($col_array as $col => $struct) {
                 $this->_renderStruct($ret, $struct, $line, $col);
             }

Spacing +7 added lines, -7 removed lines

@@ -26,10 +26,10 @@ 
     protected $lines = array();
 
     public function __construct($context) {
-        $this->locale    =& $context->get('Locale');
+        $this->locale    = & $context->get('Locale');
         $this->context   = $context;
-        $this->_current  =& $this->_stacks[0];
-        $this->errors    =& $this->_stacks[0];
+        $this->_current  = & $this->_stacks[0];
+        $this->errors    = & $this->_stacks[0];
     }
 
     /**
@@ -50,7 +50,7 @@ 
 
         $token = $this->context->get('CurrentToken', true);
         $line  = $token ? $token->line : $this->context->get('CurrentLine', true);
-        $col   = $token ? $token->col  : $this->context->get('CurrentCol',  true);
+        $col   = $token ? $token->col : $this->context->get('CurrentCol', true);
         $attr  = $this->context->get('CurrentAttr', true);
 
         // perform special substitutions, also add custom parameters
@@ -161,9 +161,9 @@ 
         }
 
         if (empty($errors)) {
-            return '<p>' . $this->locale->getMessage('ErrorCollector: No errors') . '</p>';
+            return '<p>'.$this->locale->getMessage('ErrorCollector: No errors').'</p>';
         } else {
-            return '<ul><li>' . implode('</li><li>', $ret) . '</li></ul>';
+            return '<ul><li>'.implode('</li><li>', $ret).'</li></ul>';
         }
 
     }
@@ -185,7 +185,7 @@ 
                 } else {
                     $string .= '<em class="location">End of Document: </em> ';
                 }
-                $string .= '<strong class="description">' . $this->generator->escape($msg) . '</strong> ';
+                $string .= '<strong class="description">'.$this->generator->escape($msg).'</strong> ';
                 $string .= '</div>';
                 // Here, have a marker for the character on the column appropriate.
                 // Be sure to clip extremely long lines.