xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/AttrTypes.php

Indentation +68 added lines, -68 removed lines

@@ -5,87 +5,87 @@
  */
 class HTMLPurifier_AttrTypes
 {
-    /**
-     * Lookup array of attribute string identifiers to concrete implementations
-     */
-    protected $info = array();
+	/**
+	 * Lookup array of attribute string identifiers to concrete implementations
+	 */
+	protected $info = array();
 
-    /**
-     * Constructs the info array, supplying default implementations for attribute
-     * types.
-     */
-    public function __construct() {
-        // XXX This is kind of poor, since we don't actually /clone/
-        // instances; instead, we use the supplied make() attribute. So,
-        // the underlying class must know how to deal with arguments.
-        // With the old implementation of Enum, that ignored its
-        // arguments when handling a make dispatch, the IAlign
-        // definition wouldn't work.
+	/**
+	 * Constructs the info array, supplying default implementations for attribute
+	 * types.
+	 */
+	public function __construct() {
+		// XXX This is kind of poor, since we don't actually /clone/
+		// instances; instead, we use the supplied make() attribute. So,
+		// the underlying class must know how to deal with arguments.
+		// With the old implementation of Enum, that ignored its
+		// arguments when handling a make dispatch, the IAlign
+		// definition wouldn't work.
 
-        // pseudo-types, must be instantiated via shorthand
-        $this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
-        $this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
+		// pseudo-types, must be instantiated via shorthand
+		$this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
+		$this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
 
-        $this->info['CDATA']    = new HTMLPurifier_AttrDef_Text();
-        $this->info['ID']       = new HTMLPurifier_AttrDef_HTML_ID();
-        $this->info['Length']   = new HTMLPurifier_AttrDef_HTML_Length();
-        $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
-        $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
-        $this->info['Pixels']   = new HTMLPurifier_AttrDef_HTML_Pixels();
-        $this->info['Text']     = new HTMLPurifier_AttrDef_Text();
-        $this->info['URI']      = new HTMLPurifier_AttrDef_URI();
-        $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
-        $this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
-        $this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
-        $this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
-        $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
+		$this->info['CDATA']    = new HTMLPurifier_AttrDef_Text();
+		$this->info['ID']       = new HTMLPurifier_AttrDef_HTML_ID();
+		$this->info['Length']   = new HTMLPurifier_AttrDef_HTML_Length();
+		$this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
+		$this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
+		$this->info['Pixels']   = new HTMLPurifier_AttrDef_HTML_Pixels();
+		$this->info['Text']     = new HTMLPurifier_AttrDef_Text();
+		$this->info['URI']      = new HTMLPurifier_AttrDef_URI();
+		$this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
+		$this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
+		$this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
+		$this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
+		$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
 
-        // unimplemented aliases
-        $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['Character'] = new HTMLPurifier_AttrDef_Text();
+		// unimplemented aliases
+		$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['Character'] = new HTMLPurifier_AttrDef_Text();
 
-        // "proprietary" types
-        $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
+		// "proprietary" types
+		$this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
 
-        // number is really a positive integer (one or more digits)
-        // FIXME: ^^ not always, see start and value of list items
-        $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
-    }
+		// number is really a positive integer (one or more digits)
+		// FIXME: ^^ not always, see start and value of list items
+		$this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
+	}
 
-    private static function makeEnum($in) {
-        return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
-    }
+	private static function makeEnum($in) {
+		return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
+	}
 
-    /**
-     * Retrieves a type
-     * @param $type String type name
-     * @return Object AttrDef for type
-     */
-    public function get($type) {
+	/**
+	 * Retrieves a type
+	 * @param $type String type name
+	 * @return Object AttrDef for type
+	 */
+	public function get($type) {
 
-        // determine if there is any extra info tacked on
-        if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
-        else $string = '';
+		// determine if there is any extra info tacked on
+		if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
+		else $string = '';
 
-        if (!isset($this->info[$type])) {
-            trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
-            return;
-        }
+		if (!isset($this->info[$type])) {
+			trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
+			return;
+		}
 
-        return $this->info[$type]->make($string);
+		return $this->info[$type]->make($string);
 
-    }
+	}
 
-    /**
-     * Sets a new implementation for a type
-     * @param $type String type name
-     * @param $impl Object AttrDef for type
-     */
-    public function set($type, $impl) {
-        $this->info[$type] = $impl;
-    }
+	/**
+	 * Sets a new implementation for a type
+	 * @param $type String type name
+	 * @param $impl Object AttrDef for type
+	 */
+	public function set($type, $impl) {
+		$this->info[$type] = $impl;
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -51,7 +51,7 @@
 
         // number is really a positive integer (one or more digits)
         // FIXME: ^^ not always, see start and value of list items
-        $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
+        $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
     }
 
     private static function makeEnum($in) {

Braces +5 added lines, -2 removed lines

@@ -66,8 +66,11 @@
     public function get($type) {
 
         // determine if there is any extra info tacked on
-        if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
-        else $string = '';
+        if (strpos($type, '#') !== false) {
+        	list($type, $string) = explode('#', $type, 2);
+        } else {
+        	$string = '';
+        }
 
         if (!isset($this->info[$type])) {
             trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);

classes/security/htmlpurifier/library/HTMLPurifier/AttrValidator.php

Indentation +147 added lines, -147 removed lines

@@ -8,153 +8,153 @@
 class HTMLPurifier_AttrValidator
 {
 
-    /**
-     * Validates the attributes of a token, returning a modified token
-     * that has valid tokens
-     * @param $token Reference to token to validate. We require a reference
-     *     because the operation this class performs on the token are
-     *     not atomic, so the context CurrentToken to be updated
-     *     throughout
-     * @param $config Instance of HTMLPurifier_Config
-     * @param $context Instance of HTMLPurifier_Context
-     */
-    public function validateToken(&$token, &$config, $context) {
-
-        $definition = $config->getHTMLDefinition();
-        $e =& $context->get('ErrorCollector', true);
-
-        // initialize IDAccumulator if necessary
-        $ok =& $context->get('IDAccumulator', true);
-        if (!$ok) {
-            $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
-            $context->register('IDAccumulator', $id_accumulator);
-        }
-
-        // initialize CurrentToken if necessary
-        $current_token =& $context->get('CurrentToken', true);
-        if (!$current_token) $context->register('CurrentToken', $token);
-
-        if (
-            !$token instanceof HTMLPurifier_Token_Start &&
-            !$token instanceof HTMLPurifier_Token_Empty
-        ) return $token;
-
-        // create alias to global definition array, see also $defs
-        // DEFINITION CALL
-        $d_defs = $definition->info_global_attr;
-
-        // don't update token until the very end, to ensure an atomic update
-        $attr = $token->attr;
-
-        // do global transformations (pre)
-        // nothing currently utilizes this
-        foreach ($definition->info_attr_transform_pre as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // do local transformations only applicable to this element (pre)
-        // ex. <p align="right"> to <p style="text-align:right;">
-        foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // create alias to this element's attribute definition array, see
-        // also $d_defs (global attribute definition array)
-        // DEFINITION CALL
-        $defs = $definition->info[$token->name]->attr;
-
-        $attr_key = false;
-        $context->register('CurrentAttr', $attr_key);
-
-        // iterate through all the attribute keypairs
-        // Watch out for name collisions: $key has previously been used
-        foreach ($attr as $attr_key => $value) {
-
-            // call the definition
-            if ( isset($defs[$attr_key]) ) {
-                // there is a local definition defined
-                if ($defs[$attr_key] === false) {
-                    // We've explicitly been told not to allow this element.
-                    // This is usually when there's a global definition
-                    // that must be overridden.
-                    // Theoretically speaking, we could have a
-                    // AttrDef_DenyAll, but this is faster!
-                    $result = false;
-                } else {
-                    // validate according to the element's definition
-                    $result = $defs[$attr_key]->validate(
-                                    $value, $config, $context
-                               );
-                }
-            } elseif ( isset($d_defs[$attr_key]) ) {
-                // there is a global definition defined, validate according
-                // to the global definition
-                $result = $d_defs[$attr_key]->validate(
-                                $value, $config, $context
-                           );
-            } else {
-                // system never heard of the attribute? DELETE!
-                $result = false;
-            }
-
-            // put the results into effect
-            if ($result === false || $result === null) {
-                // this is a generic error message that should replaced
-                // with more specific ones when possible
-                if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
-
-                // remove the attribute
-                unset($attr[$attr_key]);
-            } elseif (is_string($result)) {
-                // generally, if a substitution is happening, there
-                // was some sort of implicit correction going on. We'll
-                // delegate it to the attribute classes to say exactly what.
-
-                // simple substitution
-                $attr[$attr_key] = $result;
-            } else {
-                // nothing happens
-            }
-
-            // we'd also want slightly more complicated substitution
-            // involving an array as the return value,
-            // although we're not sure how colliding attributes would
-            // resolve (certain ones would be completely overriden,
-            // others would prepend themselves).
-        }
-
-        $context->destroy('CurrentAttr');
-
-        // post transforms
-
-        // global (error reporting untested)
-        foreach ($definition->info_attr_transform_post as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // local (error reporting untested)
-        foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        $token->attr = $attr;
-
-        // destroy CurrentToken if we made it ourselves
-        if (!$current_token) $context->destroy('CurrentToken');
-
-    }
+	/**
+	 * Validates the attributes of a token, returning a modified token
+	 * that has valid tokens
+	 * @param $token Reference to token to validate. We require a reference
+	 *     because the operation this class performs on the token are
+	 *     not atomic, so the context CurrentToken to be updated
+	 *     throughout
+	 * @param $config Instance of HTMLPurifier_Config
+	 * @param $context Instance of HTMLPurifier_Context
+	 */
+	public function validateToken(&$token, &$config, $context) {
+
+		$definition = $config->getHTMLDefinition();
+		$e =& $context->get('ErrorCollector', true);
+
+		// initialize IDAccumulator if necessary
+		$ok =& $context->get('IDAccumulator', true);
+		if (!$ok) {
+			$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+			$context->register('IDAccumulator', $id_accumulator);
+		}
+
+		// initialize CurrentToken if necessary
+		$current_token =& $context->get('CurrentToken', true);
+		if (!$current_token) $context->register('CurrentToken', $token);
+
+		if (
+			!$token instanceof HTMLPurifier_Token_Start &&
+			!$token instanceof HTMLPurifier_Token_Empty
+		) return $token;
+
+		// create alias to global definition array, see also $defs
+		// DEFINITION CALL
+		$d_defs = $definition->info_global_attr;
+
+		// don't update token until the very end, to ensure an atomic update
+		$attr = $token->attr;
+
+		// do global transformations (pre)
+		// nothing currently utilizes this
+		foreach ($definition->info_attr_transform_pre as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// do local transformations only applicable to this element (pre)
+		// ex. <p align="right"> to <p style="text-align:right;">
+		foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// create alias to this element's attribute definition array, see
+		// also $d_defs (global attribute definition array)
+		// DEFINITION CALL
+		$defs = $definition->info[$token->name]->attr;
+
+		$attr_key = false;
+		$context->register('CurrentAttr', $attr_key);
+
+		// iterate through all the attribute keypairs
+		// Watch out for name collisions: $key has previously been used
+		foreach ($attr as $attr_key => $value) {
+
+			// call the definition
+			if ( isset($defs[$attr_key]) ) {
+				// there is a local definition defined
+				if ($defs[$attr_key] === false) {
+					// We've explicitly been told not to allow this element.
+					// This is usually when there's a global definition
+					// that must be overridden.
+					// Theoretically speaking, we could have a
+					// AttrDef_DenyAll, but this is faster!
+					$result = false;
+				} else {
+					// validate according to the element's definition
+					$result = $defs[$attr_key]->validate(
+									$value, $config, $context
+							   );
+				}
+			} elseif ( isset($d_defs[$attr_key]) ) {
+				// there is a global definition defined, validate according
+				// to the global definition
+				$result = $d_defs[$attr_key]->validate(
+								$value, $config, $context
+						   );
+			} else {
+				// system never heard of the attribute? DELETE!
+				$result = false;
+			}
+
+			// put the results into effect
+			if ($result === false || $result === null) {
+				// this is a generic error message that should replaced
+				// with more specific ones when possible
+				if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
+
+				// remove the attribute
+				unset($attr[$attr_key]);
+			} elseif (is_string($result)) {
+				// generally, if a substitution is happening, there
+				// was some sort of implicit correction going on. We'll
+				// delegate it to the attribute classes to say exactly what.
+
+				// simple substitution
+				$attr[$attr_key] = $result;
+			} else {
+				// nothing happens
+			}
+
+			// we'd also want slightly more complicated substitution
+			// involving an array as the return value,
+			// although we're not sure how colliding attributes would
+			// resolve (certain ones would be completely overriden,
+			// others would prepend themselves).
+		}
+
+		$context->destroy('CurrentAttr');
+
+		// post transforms
+
+		// global (error reporting untested)
+		foreach ($definition->info_attr_transform_post as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// local (error reporting untested)
+		foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		$token->attr = $attr;
+
+		// destroy CurrentToken if we made it ourselves
+		if (!$current_token) $context->destroy('CurrentToken');
+
+	}
 
 
 }

Spacing +5 added lines, -5 removed lines

@@ -21,17 +21,17 @@ 
     public function validateToken(&$token, &$config, $context) {
 
         $definition = $config->getHTMLDefinition();
-        $e =& $context->get('ErrorCollector', true);
+        $e = & $context->get('ErrorCollector', true);
 
         // initialize IDAccumulator if necessary
-        $ok =& $context->get('IDAccumulator', true);
+        $ok = & $context->get('IDAccumulator', true);
         if (!$ok) {
             $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
             $context->register('IDAccumulator', $id_accumulator);
         }
 
         // initialize CurrentToken if necessary
-        $current_token =& $context->get('CurrentToken', true);
+        $current_token = & $context->get('CurrentToken', true);
         if (!$current_token) $context->register('CurrentToken', $token);
 
         if (
@@ -77,7 +77,7 @@ 
         foreach ($attr as $attr_key => $value) {
 
             // call the definition
-            if ( isset($defs[$attr_key]) ) {
+            if (isset($defs[$attr_key])) {
                 // there is a local definition defined
                 if ($defs[$attr_key] === false) {
                     // We've explicitly been told not to allow this element.
@@ -92,7 +92,7 @@ 
                                     $value, $config, $context
                                );
                 }
-            } elseif ( isset($d_defs[$attr_key]) ) {
+            } elseif (isset($d_defs[$attr_key])) {
                 // there is a global definition defined, validate according
                 // to the global definition
                 $result = $d_defs[$attr_key]->validate(

Braces +24 added lines, -8 removed lines

@@ -32,12 +32,16 @@ 
 
         // initialize CurrentToken if necessary
         $current_token =& $context->get('CurrentToken', true);
-        if (!$current_token) $context->register('CurrentToken', $token);
+        if (!$current_token) {
+        	$context->register('CurrentToken', $token);
+        }
 
         if (
             !$token instanceof HTMLPurifier_Token_Start &&
             !$token instanceof HTMLPurifier_Token_Empty
-        ) return $token;
+        ) {
+        	return $token;
+        }
 
         // create alias to global definition array, see also $defs
         // DEFINITION CALL
@@ -51,7 +55,9 @@ 
         foreach ($definition->info_attr_transform_pre as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -60,7 +66,9 @@ 
         foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -107,7 +115,9 @@ 
             if ($result === false || $result === null) {
                 // this is a generic error message that should replaced
                 // with more specific ones when possible
-                if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
+                if ($e) {
+                	$e->send(E_ERROR, 'AttrValidator: Attribute removed');
+                }
 
                 // remove the attribute
                 unset($attr[$attr_key]);
@@ -137,7 +147,9 @@ 
         foreach ($definition->info_attr_transform_post as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -145,14 +157,18 @@ 
         foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
         $token->attr = $attr;
 
         // destroy CurrentToken if we made it ourselves
-        if (!$current_token) $context->destroy('CurrentToken');
+        if (!$current_token) {
+        	$context->destroy('CurrentToken');
+        }
 
     }
 

classes/security/htmlpurifier/library/HTMLPurifier/Bootstrap.php

Indentation +70 added lines, -70 removed lines

@@ -2,22 +2,22 @@ 
 
 // constants are slow, so we use as few as possible
 if (!defined('HTMLPURIFIER_PREFIX')) {
-    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
+	define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
 }
 
 // accomodations for versions earlier than 5.0.2
 // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
 if (!defined('PHP_EOL')) {
-    switch (strtoupper(substr(PHP_OS, 0, 3))) {
-        case 'WIN':
-            define('PHP_EOL', "\r\n");
-            break;
-        case 'DAR':
-            define('PHP_EOL', "\r");
-            break;
-        default:
-            define('PHP_EOL', "\n");
-    }
+	switch (strtoupper(substr(PHP_OS, 0, 3))) {
+		case 'WIN':
+			define('PHP_EOL', "\r\n");
+			break;
+		case 'DAR':
+			define('PHP_EOL', "\r");
+			break;
+		default:
+			define('PHP_EOL', "\n");
+	}
 }
 
 /**
@@ -30,56 +30,56 @@ 
 class HTMLPurifier_Bootstrap
 {
 
-    /**
-     * Autoload function for HTML Purifier
-     * @param $class Class to load
-     */
-    public static function autoload($class) {
-        $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
-        // Technically speaking, it should be ok and more efficient to
-        // just do 'require', but Antonio Parraga reports that with
-        // Zend extensions such as Zend debugger and APC, this invariant
-        // may be broken.  Since we have efficient alternatives, pay
-        // the cost here and avoid the bug.
-        require_once HTMLPURIFIER_PREFIX . '/' . $file;
-        return true;
-    }
+	/**
+	 * Autoload function for HTML Purifier
+	 * @param $class Class to load
+	 */
+	public static function autoload($class) {
+		$file = HTMLPurifier_Bootstrap::getPath($class);
+		if (!$file) return false;
+		// Technically speaking, it should be ok and more efficient to
+		// just do 'require', but Antonio Parraga reports that with
+		// Zend extensions such as Zend debugger and APC, this invariant
+		// may be broken.  Since we have efficient alternatives, pay
+		// the cost here and avoid the bug.
+		require_once HTMLPURIFIER_PREFIX . '/' . $file;
+		return true;
+	}
 
-    /**
-     * Returns the path for a specific class.
-     */
-    public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
-        // Custom implementations
-        if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
-            $code = str_replace('_', '-', substr($class, 22));
-            $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
-        } else {
-            $file = str_replace('_', '/', $class) . '.php';
-        }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
-        return $file;
-    }
+	/**
+	 * Returns the path for a specific class.
+	 */
+	public static function getPath($class) {
+		if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+		// Custom implementations
+		if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
+			$code = str_replace('_', '-', substr($class, 22));
+			$file = 'HTMLPurifier/Language/classes/' . $code . '.php';
+		} else {
+			$file = str_replace('_', '/', $class) . '.php';
+		}
+		if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+		return $file;
+	}
 
-    /**
-     * "Pre-registers" our autoloader on the SPL stack.
-     */
-    public static function registerAutoload() {
-        $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
-            spl_autoload_register($autoload);
-        } elseif (function_exists('spl_autoload_unregister')) {
-            $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
-            $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
-                      version_compare(PHP_VERSION, '5.1.0', '>=');
-            foreach ($funcs as $func) {
-                if ($buggy && is_array($func)) {
-                    // :TRICKY: There are some compatibility issues and some
-                    // places where we need to error out
-                    $reflector = new ReflectionMethod($func[0], $func[1]);
-                    if (!$reflector->isStatic()) {
-                        throw new Exception('
+	/**
+	 * "Pre-registers" our autoloader on the SPL stack.
+	 */
+	public static function registerAutoload() {
+		$autoload = array('HTMLPurifier_Bootstrap', 'autoload');
+		if ( ($funcs = spl_autoload_functions()) === false ) {
+			spl_autoload_register($autoload);
+		} elseif (function_exists('spl_autoload_unregister')) {
+			$buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
+			$compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
+					  version_compare(PHP_VERSION, '5.1.0', '>=');
+			foreach ($funcs as $func) {
+				if ($buggy && is_array($func)) {
+					// :TRICKY: There are some compatibility issues and some
+					// places where we need to error out
+					$reflector = new ReflectionMethod($func[0], $func[1]);
+					if (!$reflector->isStatic()) {
+						throw new Exception('
                             HTML Purifier autoloader registrar is not compatible
                             with non-static object methods due to PHP Bug #44144;
                             Please do not use HTMLPurifier.autoload.php (or any
@@ -87,17 +87,17 @@ 
                             spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
                             after your own autoloaders.
                         ');
-                    }
-                    // Suprisingly, spl_autoload_register supports the
-                    // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
-                }
-                spl_autoload_unregister($func);
-            }
-            spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
-        }
-    }
+					}
+					// Suprisingly, spl_autoload_register supports the
+					// Class::staticMethod callback format, although call_user_func doesn't
+					if ($compat) $func = implode('::', $func);
+				}
+				spl_autoload_unregister($func);
+			}
+			spl_autoload_register($autoload);
+			foreach ($funcs as $func) spl_autoload_register($func);
+		}
+	}
 
 }
 

Spacing +1 added lines, -1 removed lines

@@ -67,7 +67,7 @@
      */
     public static function registerAutoload() {
         $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
+        if (($funcs = spl_autoload_functions()) === false) {
             spl_autoload_register($autoload);
         } elseif (function_exists('spl_autoload_unregister')) {
             $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');

Braces +15 added lines, -5 removed lines

@@ -36,7 +36,9 @@ 
      */
     public static function autoload($class) {
         $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
+        if (!$file) {
+        	return false;
+        }
         // Technically speaking, it should be ok and more efficient to
         // just do 'require', but Antonio Parraga reports that with
         // Zend extensions such as Zend debugger and APC, this invariant
@@ -50,7 +52,9 @@ 
      * Returns the path for a specific class.
      */
     public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+        if (strncmp('HTMLPurifier', $class, 12) !== 0) {
+        	return false;
+        }
         // Custom implementations
         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
             $code = str_replace('_', '-', substr($class, 22));
@@ -58,7 +62,9 @@ 
         } else {
             $file = str_replace('_', '/', $class) . '.php';
         }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
+        	return false;
+        }
         return $file;
     }
 
@@ -90,12 +96,16 @@ 
                     }
                     // Suprisingly, spl_autoload_register supports the
                     // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
+                    if ($compat) {
+                    	$func = implode('::', $func);
+                    }
                 }
                 spl_autoload_unregister($func);
             }
             spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
+            foreach ($funcs as $func) {
+            	spl_autoload_register($func);
+            }
         }
     }
 

classes/security/htmlpurifier/library/HTMLPurifier/CSSDefinition.php

Indentation +310 added lines, -310 removed lines

@@ -7,316 +7,316 @@
 class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
 {
 
-    public $type = 'CSS';
-
-    /**
-     * Assoc array of attribute name to definition object.
-     */
-    public $info = array();
-
-    /**
-     * Constructs the info array.  The meat of this class.
-     */
-    protected function doSetup($config) {
-
-        $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
-            array('left', 'right', 'center', 'justify'), false);
-
-        $border_style =
-        $this->info['border-bottom-style'] =
-        $this->info['border-right-style'] =
-        $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
-            array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
-            'groove', 'ridge', 'inset', 'outset'), false);
-
-        $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
-
-        $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right', 'both'), false);
-        $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right'), false);
-        $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'italic', 'oblique'), false);
-        $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'small-caps'), false);
-
-        $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
-                new HTMLPurifier_AttrDef_Enum(array('none')),
-                new HTMLPurifier_AttrDef_CSS_URI()
-            )
-        );
-
-        $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
-            array('inside', 'outside'), false);
-        $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
-            array('disc', 'circle', 'square', 'decimal', 'lower-roman',
-            'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
-        $this->info['list-style-image'] = $uri_or_none;
-
-        $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
-
-        $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
-            array('capitalize', 'uppercase', 'lowercase', 'none'), false);
-        $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
-
-        $this->info['background-image'] = $uri_or_none;
-        $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
-            array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
-        );
-        $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
-            array('scroll', 'fixed')
-        );
-        $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
-
-        $border_color =
-        $this->info['border-top-color'] =
-        $this->info['border-bottom-color'] =
-        $this->info['border-left-color'] =
-        $this->info['border-right-color'] =
-        $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('transparent')),
-            new HTMLPurifier_AttrDef_CSS_Color()
-        ));
-
-        $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
-
-        $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
-
-        $border_width =
-        $this->info['border-top-width'] =
-        $this->info['border-bottom-width'] =
-        $this->info['border-left-width'] =
-        $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
-            new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
-        ));
-
-        $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
-
-        $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
-                'small', 'medium', 'large', 'x-large', 'xx-large',
-                'larger', 'smaller')),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $margin =
-        $this->info['margin-top'] =
-        $this->info['margin-bottom'] =
-        $this->info['margin-left'] =
-        $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-
-        $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
-
-        // non-negative
-        $padding =
-        $this->info['padding-top'] =
-        $this->info['padding-bottom'] =
-        $this->info['padding-left'] =
-        $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
-
-        $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-        $max = $config->get('CSS.MaxImgLength');
-
-        $this->info['width'] =
-        $this->info['height'] =
-            $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
-                // For img tags:
-                new HTMLPurifier_AttrDef_CSS_Composite(array(
-                    new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                    new HTMLPurifier_AttrDef_Enum(array('auto'))
-                )),
-                // For everyone else:
-                $trusted_wh
-            );
-
-        $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
-
-        $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
-
-        // this could use specialized code
-        $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
-            '400', '500', '600', '700', '800', '900'), false);
-
-        // MUST be called after other font properties, as it references
-        // a CSSDefinition object
-        $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
-
-        // same here
-        $this->info['border'] =
-        $this->info['border-bottom'] =
-        $this->info['border-top'] =
-        $this->info['border-left'] =
-        $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
-
-        $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
-            'collapse', 'separate'));
-
-        $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
-            'top', 'bottom'));
-
-        $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
-            'auto', 'fixed'));
-
-        $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
-                'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
-
-        // partial support
-        $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
-
-        if ($config->get('CSS.Proprietary')) {
-            $this->doSetupProprietary($config);
-        }
-
-        if ($config->get('CSS.AllowTricky')) {
-            $this->doSetupTricky($config);
-        }
-
-        if ($config->get('CSS.Trusted')) {
-            $this->doSetupTrusted($config);
-        }
-
-        $allow_important = $config->get('CSS.AllowImportant');
-        // wrap all attr-defs with decorator that handles !important
-        foreach ($this->info as $k => $v) {
-            $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
-        }
-
-        $this->setupConfigStuff($config);
-    }
-
-    protected function doSetupProprietary($config) {
-        // Internet Explorer only scrollbar colors
-        $this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
-
-        // technically not proprietary, but CSS3, and no one supports it
-        $this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-
-        // only opacity, for now
-        $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
-
-    }
-
-    protected function doSetupTricky($config) {
-        $this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
-            'inline', 'block', 'list-item', 'run-in', 'compact',
-            'marker', 'table', 'inline-table', 'table-row-group',
-            'table-header-group', 'table-footer-group', 'table-row',
-            'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
-        ));
-        $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
-            'visible', 'hidden', 'collapse'
-        ));
-        $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
-    }
-
-    protected function doSetupTrusted($config) {
-        $this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
-            'static', 'relative', 'absolute', 'fixed'
-        ));
-        $this->info['top'] =
-        $this->info['left'] =
-        $this->info['right'] =
-        $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-        $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Integer(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-    }
-
-    /**
-     * Performs extra config-based processing. Based off of
-     * HTMLPurifier_HTMLDefinition.
-     * @todo Refactor duplicate elements into common class (probably using
-     *       composition, not inheritance).
-     */
-    protected function setupConfigStuff($config) {
-
-        // setup allowed elements
-        $support = "(for information on implementing this, see the ".
-                   "support forums) ";
-        $allowed_properties = $config->get('CSS.AllowedProperties');
-        if ($allowed_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
-                unset($allowed_properties[$name]);
-            }
-            // emit errors
-            foreach ($allowed_properties as $name => $d) {
-                // :TODO: Is this htmlspecialchars() call really necessary?
-                $name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
-                trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
-            }
-        }
-
-        $forbidden_properties = $config->get('CSS.ForbiddenProperties');
-        if ($forbidden_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if (isset($forbidden_properties[$name])) {
-                    unset($this->info[$name]);
-                }
-            }
-        }
-
-    }
+	public $type = 'CSS';
+
+	/**
+	 * Assoc array of attribute name to definition object.
+	 */
+	public $info = array();
+
+	/**
+	 * Constructs the info array.  The meat of this class.
+	 */
+	protected function doSetup($config) {
+
+		$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
+			array('left', 'right', 'center', 'justify'), false);
+
+		$border_style =
+		$this->info['border-bottom-style'] =
+		$this->info['border-right-style'] =
+		$this->info['border-left-style'] =
+		$this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+			array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
+			'groove', 'ridge', 'inset', 'outset'), false);
+
+		$this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
+
+		$this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right', 'both'), false);
+		$this->info['float'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right'), false);
+		$this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'italic', 'oblique'), false);
+		$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'small-caps'), false);
+
+		$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
+			array(
+				new HTMLPurifier_AttrDef_Enum(array('none')),
+				new HTMLPurifier_AttrDef_CSS_URI()
+			)
+		);
+
+		$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
+			array('inside', 'outside'), false);
+		$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
+			array('disc', 'circle', 'square', 'decimal', 'lower-roman',
+			'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
+		$this->info['list-style-image'] = $uri_or_none;
+
+		$this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
+
+		$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
+			array('capitalize', 'uppercase', 'lowercase', 'none'), false);
+		$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
+
+		$this->info['background-image'] = $uri_or_none;
+		$this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
+			array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
+		);
+		$this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
+			array('scroll', 'fixed')
+		);
+		$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
+
+		$border_color =
+		$this->info['border-top-color'] =
+		$this->info['border-bottom-color'] =
+		$this->info['border-left-color'] =
+		$this->info['border-right-color'] =
+		$this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('transparent')),
+			new HTMLPurifier_AttrDef_CSS_Color()
+		));
+
+		$this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
+
+		$this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
+
+		$border_width =
+		$this->info['border-top-width'] =
+		$this->info['border-bottom-width'] =
+		$this->info['border-left-width'] =
+		$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
+			new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
+		));
+
+		$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
+
+		$this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
+				'small', 'medium', 'large', 'x-large', 'xx-large',
+				'larger', 'smaller')),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$margin =
+		$this->info['margin-top'] =
+		$this->info['margin-bottom'] =
+		$this->info['margin-left'] =
+		$this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+
+		$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
+
+		// non-negative
+		$padding =
+		$this->info['padding-top'] =
+		$this->info['padding-bottom'] =
+		$this->info['padding-left'] =
+		$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
+
+		$this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+		$max = $config->get('CSS.MaxImgLength');
+
+		$this->info['width'] =
+		$this->info['height'] =
+			$max === null ?
+			$trusted_wh :
+			new HTMLPurifier_AttrDef_Switch('img',
+				// For img tags:
+				new HTMLPurifier_AttrDef_CSS_Composite(array(
+					new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+					new HTMLPurifier_AttrDef_Enum(array('auto'))
+				)),
+				// For everyone else:
+				$trusted_wh
+			);
+
+		$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
+
+		$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
+
+		// this could use specialized code
+		$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
+			'400', '500', '600', '700', '800', '900'), false);
+
+		// MUST be called after other font properties, as it references
+		// a CSSDefinition object
+		$this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
+
+		// same here
+		$this->info['border'] =
+		$this->info['border-bottom'] =
+		$this->info['border-top'] =
+		$this->info['border-left'] =
+		$this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
+
+		$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
+			'collapse', 'separate'));
+
+		$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
+			'top', 'bottom'));
+
+		$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
+			'auto', 'fixed'));
+
+		$this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
+				'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
+
+		// partial support
+		$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
+
+		if ($config->get('CSS.Proprietary')) {
+			$this->doSetupProprietary($config);
+		}
+
+		if ($config->get('CSS.AllowTricky')) {
+			$this->doSetupTricky($config);
+		}
+
+		if ($config->get('CSS.Trusted')) {
+			$this->doSetupTrusted($config);
+		}
+
+		$allow_important = $config->get('CSS.AllowImportant');
+		// wrap all attr-defs with decorator that handles !important
+		foreach ($this->info as $k => $v) {
+			$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
+		}
+
+		$this->setupConfigStuff($config);
+	}
+
+	protected function doSetupProprietary($config) {
+		// Internet Explorer only scrollbar colors
+		$this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
+
+		// technically not proprietary, but CSS3, and no one supports it
+		$this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+
+		// only opacity, for now
+		$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
+
+	}
+
+	protected function doSetupTricky($config) {
+		$this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
+			'inline', 'block', 'list-item', 'run-in', 'compact',
+			'marker', 'table', 'inline-table', 'table-row-group',
+			'table-header-group', 'table-footer-group', 'table-row',
+			'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
+		));
+		$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
+			'visible', 'hidden', 'collapse'
+		));
+		$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
+	}
+
+	protected function doSetupTrusted($config) {
+		$this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
+			'static', 'relative', 'absolute', 'fixed'
+		));
+		$this->info['top'] =
+		$this->info['left'] =
+		$this->info['right'] =
+		$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+		$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Integer(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+	}
+
+	/**
+	 * Performs extra config-based processing. Based off of
+	 * HTMLPurifier_HTMLDefinition.
+	 * @todo Refactor duplicate elements into common class (probably using
+	 *       composition, not inheritance).
+	 */
+	protected function setupConfigStuff($config) {
+
+		// setup allowed elements
+		$support = "(for information on implementing this, see the ".
+				   "support forums) ";
+		$allowed_properties = $config->get('CSS.AllowedProperties');
+		if ($allowed_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+				unset($allowed_properties[$name]);
+			}
+			// emit errors
+			foreach ($allowed_properties as $name => $d) {
+				// :TODO: Is this htmlspecialchars() call really necessary?
+				$name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+				trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
+			}
+		}
+
+		$forbidden_properties = $config->get('CSS.ForbiddenProperties');
+		if ($forbidden_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if (isset($forbidden_properties[$name])) {
+					unset($this->info[$name]);
+				}
+			}
+		}
+
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +4 added lines, -5 removed lines

@@ -26,7 +26,7 @@ 
         $this->info['border-bottom-style'] =
         $this->info['border-right-style'] =
         $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+        $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
             array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
             'groove', 'ridge', 'inset', 'outset'), false);
 
@@ -159,8 +159,7 @@ 
         $this->info['width'] =
         $this->info['height'] =
             $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
+            $trusted_wh : new HTMLPurifier_AttrDef_Switch('img',
                 // For img tags:
                 new HTMLPurifier_AttrDef_CSS_Composite(array(
                     new HTMLPurifier_AttrDef_CSS_Length('0', $max),
@@ -291,12 +290,12 @@ 
     protected function setupConfigStuff($config) {
 
         // setup allowed elements
-        $support = "(for information on implementing this, see the ".
+        $support = "(for information on implementing this, see the " .
                    "support forums) ";
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if (!isset($allowed_properties[$name])) unset($this->info[$name]);
                 unset($allowed_properties[$name]);
             }
             // emit errors

Braces +3 added lines, -1 removed lines

@@ -296,7 +296,9 @@
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if(!isset($allowed_properties[$name])) {
+                	unset($this->info[$name]);
+                }
                 unset($allowed_properties[$name]);
             }
             // emit errors

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef.php

Indentation +34 added lines, -34 removed lines

@@ -5,44 +5,44 @@
  */
 abstract class HTMLPurifier_ChildDef
 {
-    /**
-     * Type of child definition, usually right-most part of class name lowercase.
-     * Used occasionally in terms of context.
-     */
-    public $type;
+	/**
+	 * Type of child definition, usually right-most part of class name lowercase.
+	 * Used occasionally in terms of context.
+	 */
+	public $type;
 
-    /**
-     * Bool that indicates whether or not an empty array of children is okay
-     *
-     * This is necessary for redundant checking when changes affecting
-     * a child node may cause a parent node to now be disallowed.
-     */
-    public $allow_empty;
+	/**
+	 * Bool that indicates whether or not an empty array of children is okay
+	 *
+	 * This is necessary for redundant checking when changes affecting
+	 * a child node may cause a parent node to now be disallowed.
+	 */
+	public $allow_empty;
 
-    /**
-     * Lookup array of all elements that this definition could possibly allow
-     */
-    public $elements = array();
+	/**
+	 * Lookup array of all elements that this definition could possibly allow
+	 */
+	public $elements = array();
 
-    /**
-     * Get lookup of tag names that should not close this element automatically.
-     * All other elements will do so.
-     */
-    public function getAllowedElements($config) {
-        return $this->elements;
-    }
+	/**
+	 * Get lookup of tag names that should not close this element automatically.
+	 * All other elements will do so.
+	 */
+	public function getAllowedElements($config) {
+		return $this->elements;
+	}
 
-    /**
-     * Validates nodes according to definition and returns modification.
-     *
-     * @param $tokens_of_children Array of HTMLPurifier_Token
-     * @param $config HTMLPurifier_Config object
-     * @param $context HTMLPurifier_Context object
-     * @return bool true to leave nodes as is
-     * @return bool false to remove parent node
-     * @return array of replacement child tokens
-     */
-    abstract public function validateChildren($tokens_of_children, $config, $context);
+	/**
+	 * Validates nodes according to definition and returns modification.
+	 *
+	 * @param $tokens_of_children Array of HTMLPurifier_Token
+	 * @param $config HTMLPurifier_Config object
+	 * @param $context HTMLPurifier_Context object
+	 * @return bool true to leave nodes as is
+	 * @return bool false to remove parent node
+	 * @return array of replacement child tokens
+	 */
+	abstract public function validateChildren($tokens_of_children, $config, $context);
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Chameleon.php

Indentation +27 added lines, -27 removed lines

@@ -12,37 +12,37 @@
 class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
 {
 
-    /**
-     * Instance of the definition object to use when inline. Usually stricter.
-     */
-    public $inline;
+	/**
+	 * Instance of the definition object to use when inline. Usually stricter.
+	 */
+	public $inline;
 
-    /**
-     * Instance of the definition object to use when block.
-     */
-    public $block;
+	/**
+	 * Instance of the definition object to use when block.
+	 */
+	public $block;
 
-    public $type = 'chameleon';
+	public $type = 'chameleon';
 
-    /**
-     * @param $inline List of elements to allow when inline.
-     * @param $block List of elements to allow when block.
-     */
-    public function __construct($inline, $block) {
-        $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
-        $this->block  = new HTMLPurifier_ChildDef_Optional($block);
-        $this->elements = $this->block->elements;
-    }
+	/**
+	 * @param $inline List of elements to allow when inline.
+	 * @param $block List of elements to allow when block.
+	 */
+	public function __construct($inline, $block) {
+		$this->inline = new HTMLPurifier_ChildDef_Optional($inline);
+		$this->block  = new HTMLPurifier_ChildDef_Optional($block);
+		$this->elements = $this->block->elements;
+	}
 
-    public function validateChildren($tokens_of_children, $config, $context) {
-        if ($context->get('IsInline') === false) {
-            return $this->block->validateChildren(
-                $tokens_of_children, $config, $context);
-        } else {
-            return $this->inline->validateChildren(
-                $tokens_of_children, $config, $context);
-        }
-    }
+	public function validateChildren($tokens_of_children, $config, $context) {
+		if ($context->get('IsInline') === false) {
+			return $this->block->validateChildren(
+				$tokens_of_children, $config, $context);
+		} else {
+			return $this->inline->validateChildren(
+				$tokens_of_children, $config, $context);
+		}
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Custom.php

Indentation +67 added lines, -67 removed lines

@@ -8,83 +8,83 @@
  */
 class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
 {
-    public $type = 'custom';
-    public $allow_empty = false;
-    /**
-     * Allowed child pattern as defined by the DTD
-     */
-    public $dtd_regex;
-    /**
-     * PCRE regex derived from $dtd_regex
-     * @private
-     */
-    private $_pcre_regex;
-    /**
-     * @param $dtd_regex Allowed child pattern from the DTD
-     */
-    public function __construct($dtd_regex) {
-        $this->dtd_regex = $dtd_regex;
-        $this->_compileRegex();
-    }
-    /**
-     * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
-     */
-    protected function _compileRegex() {
-        $raw = str_replace(' ', '', $this->dtd_regex);
-        if ($raw{0} != '(') {
-            $raw = "($raw)";
-        }
-        $el = '[#a-zA-Z0-9_.-]+';
-        $reg = $raw;
+	public $type = 'custom';
+	public $allow_empty = false;
+	/**
+	 * Allowed child pattern as defined by the DTD
+	 */
+	public $dtd_regex;
+	/**
+	 * PCRE regex derived from $dtd_regex
+	 * @private
+	 */
+	private $_pcre_regex;
+	/**
+	 * @param $dtd_regex Allowed child pattern from the DTD
+	 */
+	public function __construct($dtd_regex) {
+		$this->dtd_regex = $dtd_regex;
+		$this->_compileRegex();
+	}
+	/**
+	 * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
+	 */
+	protected function _compileRegex() {
+		$raw = str_replace(' ', '', $this->dtd_regex);
+		if ($raw{0} != '(') {
+			$raw = "($raw)";
+		}
+		$el = '[#a-zA-Z0-9_.-]+';
+		$reg = $raw;
 
-        // COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
-        // DOING! Seriously: if there's problems, please report them.
+		// COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
+		// DOING! Seriously: if there's problems, please report them.
 
-        // collect all elements into the $elements array
-        preg_match_all("/$el/", $reg, $matches);
-        foreach ($matches[0] as $match) {
-            $this->elements[$match] = true;
-        }
+		// collect all elements into the $elements array
+		preg_match_all("/$el/", $reg, $matches);
+		foreach ($matches[0] as $match) {
+			$this->elements[$match] = true;
+		}
 
-        // setup all elements as parentheticals with leading commas
-        $reg = preg_replace("/$el/", '(,\\0)', $reg);
+		// setup all elements as parentheticals with leading commas
+		$reg = preg_replace("/$el/", '(,\\0)', $reg);
 
-        // remove commas when they were not solicited
-        $reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
+		// remove commas when they were not solicited
+		$reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
 
-        // remove all non-paranthetical commas: they are handled by first regex
-        $reg = preg_replace("/,\(/", '(', $reg);
+		// remove all non-paranthetical commas: they are handled by first regex
+		$reg = preg_replace("/,\(/", '(', $reg);
 
-        $this->_pcre_regex = $reg;
-    }
-    public function validateChildren($tokens_of_children, $config, $context) {
-        $list_of_children = '';
-        $nesting = 0; // depth into the nest
-        foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) continue;
+		$this->_pcre_regex = $reg;
+	}
+	public function validateChildren($tokens_of_children, $config, $context) {
+		$list_of_children = '';
+		$nesting = 0; // depth into the nest
+		foreach ($tokens_of_children as $token) {
+			if (!empty($token->is_whitespace)) continue;
 
-            $is_child = ($nesting == 0); // direct
+			$is_child = ($nesting == 0); // direct
 
-            if ($token instanceof HTMLPurifier_Token_Start) {
-                $nesting++;
-            } elseif ($token instanceof HTMLPurifier_Token_End) {
-                $nesting--;
-            }
+			if ($token instanceof HTMLPurifier_Token_Start) {
+				$nesting++;
+			} elseif ($token instanceof HTMLPurifier_Token_End) {
+				$nesting--;
+			}
 
-            if ($is_child) {
-                $list_of_children .= $token->name . ',';
-            }
-        }
-        // add leading comma to deal with stray comma declarations
-        $list_of_children = ',' . rtrim($list_of_children, ',');
-        $okay =
-            preg_match(
-                '/^,?'.$this->_pcre_regex.'$/',
-                $list_of_children
-            );
+			if ($is_child) {
+				$list_of_children .= $token->name . ',';
+			}
+		}
+		// add leading comma to deal with stray comma declarations
+		$list_of_children = ',' . rtrim($list_of_children, ',');
+		$okay =
+			preg_match(
+				'/^,?'.$this->_pcre_regex.'$/',
+				$list_of_children
+			);
 
-        return (bool) $okay;
-    }
+		return (bool) $okay;
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -79,7 +79,7 @@
         $list_of_children = ',' . rtrim($list_of_children, ',');
         $okay =
             preg_match(
-                '/^,?'.$this->_pcre_regex.'$/',
+                '/^,?' . $this->_pcre_regex . '$/',
                 $list_of_children
             );
 

Braces +3 added lines, -1 removed lines

@@ -61,7 +61,9 @@
         $list_of_children = '';
         $nesting = 0; // depth into the nest
         foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) continue;
+            if (!empty($token->is_whitespace)) {
+            	continue;
+            }
 
             $is_child = ($nesting == 0); // direct
 

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/Empty.php

Indentation +6 added lines, -6 removed lines

@@ -9,12 +9,12 @@
  */
 class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
 {
-    public $allow_empty = true;
-    public $type = 'empty';
-    public function __construct() {}
-    public function validateChildren($tokens_of_children, $config, $context) {
-        return array();
-    }
+	public $allow_empty = true;
+	public $type = 'empty';
+	public function __construct() {}
+	public function validateChildren($tokens_of_children, $config, $context) {
+		return array();
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef/List.php

Indentation +100 added lines, -100 removed lines

@@ -5,116 +5,116 @@
  */
 class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
 {
-    public $type = 'list';
-    // lying a little bit, so that we can handle ul and ol ourselves
-    // XXX: This whole business with 'wrap' is all a bit unsatisfactory
-    public $elements = array('li' => true, 'ul' => true, 'ol' => true);
-    public function validateChildren($tokens_of_children, $config, $context) {
-        // Flag for subclasses
-        $this->whitespace = false;
+	public $type = 'list';
+	// lying a little bit, so that we can handle ul and ol ourselves
+	// XXX: This whole business with 'wrap' is all a bit unsatisfactory
+	public $elements = array('li' => true, 'ul' => true, 'ol' => true);
+	public function validateChildren($tokens_of_children, $config, $context) {
+		// Flag for subclasses
+		$this->whitespace = false;
 
-        // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+		// if there are no tokens, delete parent node
+		if (empty($tokens_of_children)) return false;
 
-        // the new set of children
-        $result = array();
+		// the new set of children
+		$result = array();
 
-        // current depth into the nest
-        $nesting = 0;
+		// current depth into the nest
+		$nesting = 0;
 
-        // a little sanity check to make sure it's not ALL whitespace
-        $all_whitespace = true;
+		// a little sanity check to make sure it's not ALL whitespace
+		$all_whitespace = true;
 
-        $seen_li = false;
-        $need_close_li = false;
+		$seen_li = false;
+		$need_close_li = false;
 
-        foreach ($tokens_of_children as $token) {
-            if (!empty($token->is_whitespace)) {
-                $result[] = $token;
-                continue;
-            }
-            $all_whitespace = false; // phew, we're not talking about whitespace
+		foreach ($tokens_of_children as $token) {
+			if (!empty($token->is_whitespace)) {
+				$result[] = $token;
+				continue;
+			}
+			$all_whitespace = false; // phew, we're not talking about whitespace
 
-            if ($nesting == 1 && $need_close_li) {
-                $result[] = new HTMLPurifier_Token_End('li');
-                $nesting--;
-                $need_close_li = false;
-            }
+			if ($nesting == 1 && $need_close_li) {
+				$result[] = new HTMLPurifier_Token_End('li');
+				$nesting--;
+				$need_close_li = false;
+			}
 
-            $is_child = ($nesting == 0);
+			$is_child = ($nesting == 0);
 
-            if ($token instanceof HTMLPurifier_Token_Start) {
-                $nesting++;
-            } elseif ($token instanceof HTMLPurifier_Token_End) {
-                $nesting--;
-            }
+			if ($token instanceof HTMLPurifier_Token_Start) {
+				$nesting++;
+			} elseif ($token instanceof HTMLPurifier_Token_End) {
+				$nesting--;
+			}
 
-            if ($is_child) {
-                if ($token->name === 'li') {
-                    // good
-                    $seen_li = true;
-                } elseif ($token->name === 'ul' || $token->name === 'ol') {
-                    // we want to tuck this into the previous li
-                    $need_close_li = true;
-                    $nesting++;
-                    if (!$seen_li) {
-                        // create a new li element
-                        $result[] = new HTMLPurifier_Token_Start('li');
-                    } else {
-                        // backtrack until </li> found
-                        while(true) {
-                            $t = array_pop($result);
-                            if ($t instanceof HTMLPurifier_Token_End) {
-                                // XXX actually, these invariants could very plausibly be violated
-                                // if we are doing silly things with modifying the set of allowed elements.
-                                // FORTUNATELY, it doesn't make a difference, since the allowed
-                                // elements are hard-coded here!
-                                if ($t->name !== 'li') {
-                                    trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                                break;
-                            } elseif ($t instanceof HTMLPurifier_Token_Empty) { // bleagh
-                                if ($t->name !== 'li') {
-                                    trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                                // XXX this should have a helper for it...
-                                $result[] = new HTMLPurifier_Token_Start('li', $t->attr, $t->line, $t->col, $t->armor);
-                                break;
-                            } else {
-                                if (!$t->is_whitespace) {
-                                    trigger_error("Only whitespace present invariant violated in List ChildDef", E_USER_ERROR);
-                                    return false;
-                                }
-                            }
-                        }
-                    }
-                } else {
-                    // start wrapping (this doesn't precisely mimic
-                    // browser behavior, but what browsers do is kind of
-                    // hard to mimic in a standards compliant way
-                    // XXX Actually, this has no impact in practice,
-                    // because this gets handled earlier. Arguably,
-                    // we should rip out all of that processing
-                    $result[] = new HTMLPurifier_Token_Start('li');
-                    $nesting++;
-                    $seen_li = true;
-                    $need_close_li = true;
-                }
-            }
-            $result[] = $token;
-        }
-        if ($need_close_li) {
-            $result[] = new HTMLPurifier_Token_End('li');
-        }
-        if (empty($result)) return false;
-        if ($all_whitespace) {
-            return false;
-        }
-        if ($tokens_of_children == $result) return true;
-        return $result;
-    }
+			if ($is_child) {
+				if ($token->name === 'li') {
+					// good
+					$seen_li = true;
+				} elseif ($token->name === 'ul' || $token->name === 'ol') {
+					// we want to tuck this into the previous li
+					$need_close_li = true;
+					$nesting++;
+					if (!$seen_li) {
+						// create a new li element
+						$result[] = new HTMLPurifier_Token_Start('li');
+					} else {
+						// backtrack until </li> found
+						while(true) {
+							$t = array_pop($result);
+							if ($t instanceof HTMLPurifier_Token_End) {
+								// XXX actually, these invariants could very plausibly be violated
+								// if we are doing silly things with modifying the set of allowed elements.
+								// FORTUNATELY, it doesn't make a difference, since the allowed
+								// elements are hard-coded here!
+								if ($t->name !== 'li') {
+									trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+								break;
+							} elseif ($t instanceof HTMLPurifier_Token_Empty) { // bleagh
+								if ($t->name !== 'li') {
+									trigger_error("Only li present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+								// XXX this should have a helper for it...
+								$result[] = new HTMLPurifier_Token_Start('li', $t->attr, $t->line, $t->col, $t->armor);
+								break;
+							} else {
+								if (!$t->is_whitespace) {
+									trigger_error("Only whitespace present invariant violated in List ChildDef", E_USER_ERROR);
+									return false;
+								}
+							}
+						}
+					}
+				} else {
+					// start wrapping (this doesn't precisely mimic
+					// browser behavior, but what browsers do is kind of
+					// hard to mimic in a standards compliant way
+					// XXX Actually, this has no impact in practice,
+					// because this gets handled earlier. Arguably,
+					// we should rip out all of that processing
+					$result[] = new HTMLPurifier_Token_Start('li');
+					$nesting++;
+					$seen_li = true;
+					$need_close_li = true;
+				}
+			}
+			$result[] = $token;
+		}
+		if ($need_close_li) {
+			$result[] = new HTMLPurifier_Token_End('li');
+		}
+		if (empty($result)) return false;
+		if ($all_whitespace) {
+			return false;
+		}
+		if ($tokens_of_children == $result) return true;
+		return $result;
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +1 added lines, -1 removed lines

@@ -62,7 +62,7 @@
                         $result[] = new HTMLPurifier_Token_Start('li');
                     } else {
                         // backtrack until </li> found
-                        while(true) {
+                        while (true) {
                             $t = array_pop($result);
                             if ($t instanceof HTMLPurifier_Token_End) {
                                 // XXX actually, these invariants could very plausibly be violated

Braces +9 added lines, -3 removed lines

@@ -14,7 +14,9 @@ 
         $this->whitespace = false;
 
         // if there are no tokens, delete parent node
-        if (empty($tokens_of_children)) return false;
+        if (empty($tokens_of_children)) {
+        	return false;
+        }
 
         // the new set of children
         $result = array();
@@ -108,11 +110,15 @@ 
         if ($need_close_li) {
             $result[] = new HTMLPurifier_Token_End('li');
         }
-        if (empty($result)) return false;
+        if (empty($result)) {
+        	return false;
+        }
         if ($all_whitespace) {
             return false;
         }
-        if ($tokens_of_children == $result) return true;
+        if ($tokens_of_children == $result) {
+        	return true;
+        }
         return $result;
     }
 }