xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule.php

Indentation +220 added lines, -220 removed lines

@@ -18,226 +18,226 @@
 class HTMLPurifier_HTMLModule
 {
 
-    // -- Overloadable ----------------------------------------------------
-
-    /**
-     * Short unique string identifier of the module
-     */
-    public $name;
-
-    /**
-     * Informally, a list of elements this module changes. Not used in
-     * any significant way.
-     */
-    public $elements = array();
-
-    /**
-     * Associative array of element names to element definitions.
-     * Some definitions may be incomplete, to be merged in later
-     * with the full definition.
-     */
-    public $info = array();
-
-    /**
-     * Associative array of content set names to content set additions.
-     * This is commonly used to, say, add an A element to the Inline
-     * content set. This corresponds to an internal variable $content_sets
-     * and NOT info_content_sets member variable of HTMLDefinition.
-     */
-    public $content_sets = array();
-
-    /**
-     * Associative array of attribute collection names to attribute
-     * collection additions. More rarely used for adding attributes to
-     * the global collections. Example is the StyleAttribute module adding
-     * the style attribute to the Core. Corresponds to HTMLDefinition's
-     * attr_collections->info, since the object's data is only info,
-     * with extra behavior associated with it.
-     */
-    public $attr_collections = array();
-
-    /**
-     * Associative array of deprecated tag name to HTMLPurifier_TagTransform
-     */
-    public $info_tag_transform = array();
-
-    /**
-     * List of HTMLPurifier_AttrTransform to be performed before validation.
-     */
-    public $info_attr_transform_pre = array();
-
-    /**
-     * List of HTMLPurifier_AttrTransform to be performed after validation.
-     */
-    public $info_attr_transform_post = array();
-
-    /**
-     * List of HTMLPurifier_Injector to be performed during well-formedness fixing.
-     * An injector will only be invoked if all of it's pre-requisites are met;
-     * if an injector fails setup, there will be no error; it will simply be
-     * silently disabled.
-     */
-    public $info_injector = array();
-
-    /**
-     * Boolean flag that indicates whether or not getChildDef is implemented.
-     * For optimization reasons: may save a call to a function. Be sure
-     * to set it if you do implement getChildDef(), otherwise it will have
-     * no effect!
-     */
-    public $defines_child_def = false;
-
-    /**
-     * Boolean flag whether or not this module is safe. If it is not safe, all
-     * of its members are unsafe. Modules are safe by default (this might be
-     * slightly dangerous, but it doesn't make much sense to force HTML Purifier,
-     * which is based off of safe HTML, to explicitly say, "This is safe," even
-     * though there are modules which are "unsafe")
-     *
-     * @note Previously, safety could be applied at an element level granularity.
-     *       We've removed this ability, so in order to add "unsafe" elements
-     *       or attributes, a dedicated module with this property set to false
-     *       must be used.
-     */
-    public $safe = true;
-
-    /**
-     * Retrieves a proper HTMLPurifier_ChildDef subclass based on
-     * content_model and content_model_type member variables of
-     * the HTMLPurifier_ElementDef class. There is a similar function
-     * in HTMLPurifier_HTMLDefinition.
-     * @param $def HTMLPurifier_ElementDef instance
-     * @return HTMLPurifier_ChildDef subclass
-     */
-    public function getChildDef($def) {return false;}
-
-    // -- Convenience -----------------------------------------------------
-
-    /**
-     * Convenience function that sets up a new element
-     * @param $element Name of element to add
-     * @param $type What content set should element be registered to?
-     *              Set as false to skip this step.
-     * @param $contents Allowed children in form of:
-     *              "$content_model_type: $content_model"
-     * @param $attr_includes What attribute collections to register to
-     *              element?
-     * @param $attr What unique attributes does the element define?
-     * @note See ElementDef for in-depth descriptions of these parameters.
-     * @return Created element definition object, so you
-     *         can set advanced parameters
-     */
-    public function addElement($element, $type, $contents, $attr_includes = array(), $attr = array()) {
-        $this->elements[] = $element;
-        // parse content_model
-        list($content_model_type, $content_model) = $this->parseContents($contents);
-        // merge in attribute inclusions
-        $this->mergeInAttrIncludes($attr, $attr_includes);
-        // add element to content sets
-        if ($type) $this->addElementToContentSet($element, $type);
-        // create element
-        $this->info[$element] = HTMLPurifier_ElementDef::create(
-            $content_model, $content_model_type, $attr
-        );
-        // literal object $contents means direct child manipulation
-        if (!is_string($contents)) $this->info[$element]->child = $contents;
-        return $this->info[$element];
-    }
-
-    /**
-     * Convenience function that creates a totally blank, non-standalone
-     * element.
-     * @param $element Name of element to create
-     * @return Created element
-     */
-    public function addBlankElement($element) {
-        if (!isset($this->info[$element])) {
-            $this->elements[] = $element;
-            $this->info[$element] = new HTMLPurifier_ElementDef();
-            $this->info[$element]->standalone = false;
-        } else {
-            trigger_error("Definition for $element already exists in module, cannot redefine");
-        }
-        return $this->info[$element];
-    }
-
-    /**
-     * Convenience function that registers an element to a content set
-     * @param Element to register
-     * @param Name content set (warning: case sensitive, usually upper-case
-     *        first letter)
-     */
-    public function addElementToContentSet($element, $type) {
-        if (!isset($this->content_sets[$type])) $this->content_sets[$type] = '';
-        else $this->content_sets[$type] .= ' | ';
-        $this->content_sets[$type] .= $element;
-    }
-
-    /**
-     * Convenience function that transforms single-string contents
-     * into separate content model and content model type
-     * @param $contents Allowed children in form of:
-     *                  "$content_model_type: $content_model"
-     * @note If contents is an object, an array of two nulls will be
-     *       returned, and the callee needs to take the original $contents
-     *       and use it directly.
-     */
-    public function parseContents($contents) {
-        if (!is_string($contents)) return array(null, null); // defer
-        switch ($contents) {
-            // check for shorthand content model forms
-            case 'Empty':
-                return array('empty', '');
-            case 'Inline':
-                return array('optional', 'Inline | #PCDATA');
-            case 'Flow':
-                return array('optional', 'Flow | #PCDATA');
-        }
-        list($content_model_type, $content_model) = explode(':', $contents);
-        $content_model_type = strtolower(trim($content_model_type));
-        $content_model = trim($content_model);
-        return array($content_model_type, $content_model);
-    }
-
-    /**
-     * Convenience function that merges a list of attribute includes into
-     * an attribute array.
-     * @param $attr Reference to attr array to modify
-     * @param $attr_includes Array of includes / string include to merge in
-     */
-    public function mergeInAttrIncludes(&$attr, $attr_includes) {
-        if (!is_array($attr_includes)) {
-            if (empty($attr_includes)) $attr_includes = array();
-            else $attr_includes = array($attr_includes);
-        }
-        $attr[0] = $attr_includes;
-    }
-
-    /**
-     * Convenience function that generates a lookup table with boolean
-     * true as value.
-     * @param $list List of values to turn into a lookup
-     * @note You can also pass an arbitrary number of arguments in
-     *       place of the regular argument
-     * @return Lookup array equivalent of list
-     */
-    public function makeLookup($list) {
-        if (is_string($list)) $list = func_get_args();
-        $ret = array();
-        foreach ($list as $value) {
-            if (is_null($value)) continue;
-            $ret[$value] = true;
-        }
-        return $ret;
-    }
-
-    /**
-     * Lazy load construction of the module after determining whether
-     * or not it's needed, and also when a finalized configuration object
-     * is available.
-     * @param $config Instance of HTMLPurifier_Config
-     */
-    public function setup($config) {}
+	// -- Overloadable ----------------------------------------------------
+
+	/**
+	 * Short unique string identifier of the module
+	 */
+	public $name;
+
+	/**
+	 * Informally, a list of elements this module changes. Not used in
+	 * any significant way.
+	 */
+	public $elements = array();
+
+	/**
+	 * Associative array of element names to element definitions.
+	 * Some definitions may be incomplete, to be merged in later
+	 * with the full definition.
+	 */
+	public $info = array();
+
+	/**
+	 * Associative array of content set names to content set additions.
+	 * This is commonly used to, say, add an A element to the Inline
+	 * content set. This corresponds to an internal variable $content_sets
+	 * and NOT info_content_sets member variable of HTMLDefinition.
+	 */
+	public $content_sets = array();
+
+	/**
+	 * Associative array of attribute collection names to attribute
+	 * collection additions. More rarely used for adding attributes to
+	 * the global collections. Example is the StyleAttribute module adding
+	 * the style attribute to the Core. Corresponds to HTMLDefinition's
+	 * attr_collections->info, since the object's data is only info,
+	 * with extra behavior associated with it.
+	 */
+	public $attr_collections = array();
+
+	/**
+	 * Associative array of deprecated tag name to HTMLPurifier_TagTransform
+	 */
+	public $info_tag_transform = array();
+
+	/**
+	 * List of HTMLPurifier_AttrTransform to be performed before validation.
+	 */
+	public $info_attr_transform_pre = array();
+
+	/**
+	 * List of HTMLPurifier_AttrTransform to be performed after validation.
+	 */
+	public $info_attr_transform_post = array();
+
+	/**
+	 * List of HTMLPurifier_Injector to be performed during well-formedness fixing.
+	 * An injector will only be invoked if all of it's pre-requisites are met;
+	 * if an injector fails setup, there will be no error; it will simply be
+	 * silently disabled.
+	 */
+	public $info_injector = array();
+
+	/**
+	 * Boolean flag that indicates whether or not getChildDef is implemented.
+	 * For optimization reasons: may save a call to a function. Be sure
+	 * to set it if you do implement getChildDef(), otherwise it will have
+	 * no effect!
+	 */
+	public $defines_child_def = false;
+
+	/**
+	 * Boolean flag whether or not this module is safe. If it is not safe, all
+	 * of its members are unsafe. Modules are safe by default (this might be
+	 * slightly dangerous, but it doesn't make much sense to force HTML Purifier,
+	 * which is based off of safe HTML, to explicitly say, "This is safe," even
+	 * though there are modules which are "unsafe")
+	 *
+	 * @note Previously, safety could be applied at an element level granularity.
+	 *       We've removed this ability, so in order to add "unsafe" elements
+	 *       or attributes, a dedicated module with this property set to false
+	 *       must be used.
+	 */
+	public $safe = true;
+
+	/**
+	 * Retrieves a proper HTMLPurifier_ChildDef subclass based on
+	 * content_model and content_model_type member variables of
+	 * the HTMLPurifier_ElementDef class. There is a similar function
+	 * in HTMLPurifier_HTMLDefinition.
+	 * @param $def HTMLPurifier_ElementDef instance
+	 * @return HTMLPurifier_ChildDef subclass
+	 */
+	public function getChildDef($def) {return false;}
+
+	// -- Convenience -----------------------------------------------------
+
+	/**
+	 * Convenience function that sets up a new element
+	 * @param $element Name of element to add
+	 * @param $type What content set should element be registered to?
+	 *              Set as false to skip this step.
+	 * @param $contents Allowed children in form of:
+	 *              "$content_model_type: $content_model"
+	 * @param $attr_includes What attribute collections to register to
+	 *              element?
+	 * @param $attr What unique attributes does the element define?
+	 * @note See ElementDef for in-depth descriptions of these parameters.
+	 * @return Created element definition object, so you
+	 *         can set advanced parameters
+	 */
+	public function addElement($element, $type, $contents, $attr_includes = array(), $attr = array()) {
+		$this->elements[] = $element;
+		// parse content_model
+		list($content_model_type, $content_model) = $this->parseContents($contents);
+		// merge in attribute inclusions
+		$this->mergeInAttrIncludes($attr, $attr_includes);
+		// add element to content sets
+		if ($type) $this->addElementToContentSet($element, $type);
+		// create element
+		$this->info[$element] = HTMLPurifier_ElementDef::create(
+			$content_model, $content_model_type, $attr
+		);
+		// literal object $contents means direct child manipulation
+		if (!is_string($contents)) $this->info[$element]->child = $contents;
+		return $this->info[$element];
+	}
+
+	/**
+	 * Convenience function that creates a totally blank, non-standalone
+	 * element.
+	 * @param $element Name of element to create
+	 * @return Created element
+	 */
+	public function addBlankElement($element) {
+		if (!isset($this->info[$element])) {
+			$this->elements[] = $element;
+			$this->info[$element] = new HTMLPurifier_ElementDef();
+			$this->info[$element]->standalone = false;
+		} else {
+			trigger_error("Definition for $element already exists in module, cannot redefine");
+		}
+		return $this->info[$element];
+	}
+
+	/**
+	 * Convenience function that registers an element to a content set
+	 * @param Element to register
+	 * @param Name content set (warning: case sensitive, usually upper-case
+	 *        first letter)
+	 */
+	public function addElementToContentSet($element, $type) {
+		if (!isset($this->content_sets[$type])) $this->content_sets[$type] = '';
+		else $this->content_sets[$type] .= ' | ';
+		$this->content_sets[$type] .= $element;
+	}
+
+	/**
+	 * Convenience function that transforms single-string contents
+	 * into separate content model and content model type
+	 * @param $contents Allowed children in form of:
+	 *                  "$content_model_type: $content_model"
+	 * @note If contents is an object, an array of two nulls will be
+	 *       returned, and the callee needs to take the original $contents
+	 *       and use it directly.
+	 */
+	public function parseContents($contents) {
+		if (!is_string($contents)) return array(null, null); // defer
+		switch ($contents) {
+			// check for shorthand content model forms
+			case 'Empty':
+				return array('empty', '');
+			case 'Inline':
+				return array('optional', 'Inline | #PCDATA');
+			case 'Flow':
+				return array('optional', 'Flow | #PCDATA');
+		}
+		list($content_model_type, $content_model) = explode(':', $contents);
+		$content_model_type = strtolower(trim($content_model_type));
+		$content_model = trim($content_model);
+		return array($content_model_type, $content_model);
+	}
+
+	/**
+	 * Convenience function that merges a list of attribute includes into
+	 * an attribute array.
+	 * @param $attr Reference to attr array to modify
+	 * @param $attr_includes Array of includes / string include to merge in
+	 */
+	public function mergeInAttrIncludes(&$attr, $attr_includes) {
+		if (!is_array($attr_includes)) {
+			if (empty($attr_includes)) $attr_includes = array();
+			else $attr_includes = array($attr_includes);
+		}
+		$attr[0] = $attr_includes;
+	}
+
+	/**
+	 * Convenience function that generates a lookup table with boolean
+	 * true as value.
+	 * @param $list List of values to turn into a lookup
+	 * @note You can also pass an arbitrary number of arguments in
+	 *       place of the regular argument
+	 * @return Lookup array equivalent of list
+	 */
+	public function makeLookup($list) {
+		if (is_string($list)) $list = func_get_args();
+		$ret = array();
+		foreach ($list as $value) {
+			if (is_null($value)) continue;
+			$ret[$value] = true;
+		}
+		return $ret;
+	}
+
+	/**
+	 * Lazy load construction of the module after determining whether
+	 * or not it's needed, and also when a finalized configuration object
+	 * is available.
+	 * @param $config Instance of HTMLPurifier_Config
+	 */
+	public function setup($config) {}
 
 }
 

Spacing +1 added lines, -1 removed lines

@@ -109,7 +109,7 @@
      * @param $def HTMLPurifier_ElementDef instance
      * @return HTMLPurifier_ChildDef subclass
      */
-    public function getChildDef($def) {return false;}
+    public function getChildDef($def) {return false; }
 
     // -- Convenience -----------------------------------------------------
 

Braces +26 added lines, -9 removed lines

@@ -134,13 +134,17 @@ 
         // merge in attribute inclusions
         $this->mergeInAttrIncludes($attr, $attr_includes);
         // add element to content sets
-        if ($type) $this->addElementToContentSet($element, $type);
+        if ($type) {
+        	$this->addElementToContentSet($element, $type);
+        }
         // create element
         $this->info[$element] = HTMLPurifier_ElementDef::create(
             $content_model, $content_model_type, $attr
         );
         // literal object $contents means direct child manipulation
-        if (!is_string($contents)) $this->info[$element]->child = $contents;
+        if (!is_string($contents)) {
+        	$this->info[$element]->child = $contents;
+        }
         return $this->info[$element];
     }
 
@@ -168,8 +172,11 @@ 
      *        first letter)
      */
     public function addElementToContentSet($element, $type) {
-        if (!isset($this->content_sets[$type])) $this->content_sets[$type] = '';
-        else $this->content_sets[$type] .= ' | ';
+        if (!isset($this->content_sets[$type])) {
+        	$this->content_sets[$type] = '';
+        } else {
+        	$this->content_sets[$type] .= ' | ';
+        }
         $this->content_sets[$type] .= $element;
     }
 
@@ -183,7 +190,10 @@ 
      *       and use it directly.
      */
     public function parseContents($contents) {
-        if (!is_string($contents)) return array(null, null); // defer
+        if (!is_string($contents)) {
+        	return array(null, null);
+        }
+        // defer
         switch ($contents) {
             // check for shorthand content model forms
             case 'Empty':
@@ -207,8 +217,11 @@ 
      */
     public function mergeInAttrIncludes(&$attr, $attr_includes) {
         if (!is_array($attr_includes)) {
-            if (empty($attr_includes)) $attr_includes = array();
-            else $attr_includes = array($attr_includes);
+            if (empty($attr_includes)) {
+            	$attr_includes = array();
+            } else {
+            	$attr_includes = array($attr_includes);
+            }
         }
         $attr[0] = $attr_includes;
     }
@@ -222,10 +235,14 @@ 
      * @return Lookup array equivalent of list
      */
     public function makeLookup($list) {
-        if (is_string($list)) $list = func_get_args();
+        if (is_string($list)) {
+        	$list = func_get_args();
+        }
         $ret = array();
         foreach ($list as $value) {
-            if (is_null($value)) continue;
+            if (is_null($value)) {
+            	continue;
+            }
             $ret[$value] = true;
         }
         return $ret;

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Bdo.php

Indentation +16 added lines, -16 removed lines

@@ -7,24 +7,24 @@
 class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Bdo';
-    public $attr_collections = array(
-        'I18N' => array('dir' => false)
-    );
+	public $name = 'Bdo';
+	public $attr_collections = array(
+		'I18N' => array('dir' => false)
+	);
 
-    public function setup($config) {
-        $bdo = $this->addElement(
-            'bdo', 'Inline', 'Inline', array('Core', 'Lang'),
-            array(
-                'dir' => 'Enum#ltr,rtl', // required
-                // The Abstract Module specification has the attribute
-                // inclusions wrong for bdo: bdo allows Lang
-            )
-        );
-        $bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir();
+	public function setup($config) {
+		$bdo = $this->addElement(
+			'bdo', 'Inline', 'Inline', array('Core', 'Lang'),
+			array(
+				'dir' => 'Enum#ltr,rtl', // required
+				// The Abstract Module specification has the attribute
+				// inclusions wrong for bdo: bdo allows Lang
+			)
+		);
+		$bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir();
 
-        $this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl';
-    }
+		$this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl';
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/CommonAttributes.php

Indentation +17 added lines, -17 removed lines

@@ -2,24 +2,24 @@
 
 class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
 {
-    public $name = 'CommonAttributes';
+	public $name = 'CommonAttributes';
 
-    public $attr_collections = array(
-        'Core' => array(
-            0 => array('Style'),
-            // 'xml:space' => false,
-            'class' => 'Class',
-            'id' => 'ID',
-            'title' => 'CDATA',
-        ),
-        'Lang' => array(),
-        'I18N' => array(
-            0 => array('Lang'), // proprietary, for xml:lang/lang
-        ),
-        'Common' => array(
-            0 => array('Core', 'I18N')
-        )
-    );
+	public $attr_collections = array(
+		'Core' => array(
+			0 => array('Style'),
+			// 'xml:space' => false,
+			'class' => 'Class',
+			'id' => 'ID',
+			'title' => 'CDATA',
+		),
+		'Lang' => array(),
+		'I18N' => array(
+			0 => array('Lang'), // proprietary, for xml:lang/lang
+		),
+		'Common' => array(
+			0 => array('Core', 'I18N')
+		)
+	);
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Edit.php

Indentation +25 added lines, -25 removed lines

@@ -7,31 +7,31 @@
 class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Edit';
-
-    public function setup($config) {
-        $contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow';
-        $attr = array(
-            'cite' => 'URI',
-            // 'datetime' => 'Datetime', // not implemented
-        );
-        $this->addElement('del', 'Inline', $contents, 'Common', $attr);
-        $this->addElement('ins', 'Inline', $contents, 'Common', $attr);
-    }
-
-    // HTML 4.01 specifies that ins/del must not contain block
-    // elements when used in an inline context, chameleon is
-    // a complicated workaround to acheive this effect
-
-    // Inline context ! Block context (exclamation mark is
-    // separator, see getChildDef for parsing)
-
-    public $defines_child_def = true;
-    public function getChildDef($def) {
-        if ($def->content_model_type != 'chameleon') return false;
-        $value = explode('!', $def->content_model);
-        return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);
-    }
+	public $name = 'Edit';
+
+	public function setup($config) {
+		$contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow';
+		$attr = array(
+			'cite' => 'URI',
+			// 'datetime' => 'Datetime', // not implemented
+		);
+		$this->addElement('del', 'Inline', $contents, 'Common', $attr);
+		$this->addElement('ins', 'Inline', $contents, 'Common', $attr);
+	}
+
+	// HTML 4.01 specifies that ins/del must not contain block
+	// elements when used in an inline context, chameleon is
+	// a complicated workaround to acheive this effect
+
+	// Inline context ! Block context (exclamation mark is
+	// separator, see getChildDef for parsing)
+
+	public $defines_child_def = true;
+	public function getChildDef($def) {
+		if ($def->content_model_type != 'chameleon') return false;
+		$value = explode('!', $def->content_model);
+		return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);
+	}
 
 }
 

Braces +3 added lines, -1 removed lines

@@ -28,7 +28,9 @@
 
     public $defines_child_def = true;
     public function getChildDef($def) {
-        if ($def->content_model_type != 'chameleon') return false;
+        if ($def->content_model_type != 'chameleon') {
+        	return false;
+        }
         $value = explode('!', $def->content_model);
         return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);
     }

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php

Indentation +109 added lines, -109 removed lines

@@ -5,115 +5,115 @@
  */
 class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
 {
-    public $name = 'Forms';
-    public $safe = false;
-
-    public $content_sets = array(
-        'Block' => 'Form',
-        'Inline' => 'Formctrl',
-    );
-
-    public function setup($config) {
-        $form = $this->addElement('form', 'Form',
-          'Required: Heading | List | Block | fieldset', 'Common', array(
-            'accept' => 'ContentTypes',
-            'accept-charset' => 'Charsets',
-            'action*' => 'URI',
-            'method' => 'Enum#get,post',
-            // really ContentType, but these two are the only ones used today
-            'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
-        ));
-        $form->excludes = array('form' => true);
-
-        $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array(
-            'accept' => 'ContentTypes',
-            'accesskey' => 'Character',
-            'alt' => 'Text',
-            'checked' => 'Bool#checked',
-            'disabled' => 'Bool#disabled',
-            'maxlength' => 'Number',
-            'name' => 'CDATA',
-            'readonly' => 'Bool#readonly',
-            'size' => 'Number',
-            'src' => 'URI#embedded',
-            'tabindex' => 'Number',
-            'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
-            'value' => 'CDATA',
-        ));
-        $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();
-
-        $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array(
-            'disabled' => 'Bool#disabled',
-            'multiple' => 'Bool#multiple',
-            'name' => 'CDATA',
-            'size' => 'Number',
-            'tabindex' => 'Number',
-        ));
-
-        $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array(
-            'disabled' => 'Bool#disabled',
-            'label' => 'Text',
-            'selected' => 'Bool#selected',
-            'value' => 'CDATA',
-        ));
-        // It's illegal for there to be more than one selected, but not
-        // be multiple. Also, no selected means undefined behavior. This might
-        // be difficult to implement; perhaps an injector, or a context variable.
-
-        $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array(
-            'accesskey' => 'Character',
-            'cols*' => 'Number',
-            'disabled' => 'Bool#disabled',
-            'name' => 'CDATA',
-            'readonly' => 'Bool#readonly',
-            'rows*' => 'Number',
-            'tabindex' => 'Number',
-        ));
-        $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();
-
-        $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array(
-            'accesskey' => 'Character',
-            'disabled' => 'Bool#disabled',
-            'name' => 'CDATA',
-            'tabindex' => 'Number',
-            'type' => 'Enum#button,submit,reset',
-            'value' => 'CDATA',
-        ));
-
-        // For exclusions, ideally we'd specify content sets, not literal elements
-        $button->excludes = $this->makeLookup(
-            'form', 'fieldset', // Form
-            'input', 'select', 'textarea', 'label', 'button', // Formctrl
-            'a', // as per HTML 4.01 spec, this is omitted by modularization
-            'isindex', 'iframe' // legacy items
-        );
-
-        // Extra exclusion: img usemap="" is not permitted within this element.
-        // We'll omit this for now, since we don't have any good way of
-        // indicating it yet.
-
-        // This is HIGHLY user-unfriendly; we need a custom child-def for this
-        $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
-
-        $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array(
-            'accesskey' => 'Character',
-            // 'for' => 'IDREF', // IDREF not implemented, cannot allow
-        ));
-        $label->excludes = array('label' => true);
-
-        $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array(
-            'accesskey' => 'Character',
-        ));
-
-        $this->addElement('optgroup', false, 'Required: option', 'Common', array(
-            'disabled' => 'Bool#disabled',
-            'label*' => 'Text',
-        ));
-
-        // Don't forget an injector for <isindex>. This one's a little complex
-        // because it maps to multiple elements.
-
-    }
+	public $name = 'Forms';
+	public $safe = false;
+
+	public $content_sets = array(
+		'Block' => 'Form',
+		'Inline' => 'Formctrl',
+	);
+
+	public function setup($config) {
+		$form = $this->addElement('form', 'Form',
+		  'Required: Heading | List | Block | fieldset', 'Common', array(
+			'accept' => 'ContentTypes',
+			'accept-charset' => 'Charsets',
+			'action*' => 'URI',
+			'method' => 'Enum#get,post',
+			// really ContentType, but these two are the only ones used today
+			'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
+		));
+		$form->excludes = array('form' => true);
+
+		$input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array(
+			'accept' => 'ContentTypes',
+			'accesskey' => 'Character',
+			'alt' => 'Text',
+			'checked' => 'Bool#checked',
+			'disabled' => 'Bool#disabled',
+			'maxlength' => 'Number',
+			'name' => 'CDATA',
+			'readonly' => 'Bool#readonly',
+			'size' => 'Number',
+			'src' => 'URI#embedded',
+			'tabindex' => 'Number',
+			'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
+			'value' => 'CDATA',
+		));
+		$input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();
+
+		$this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array(
+			'disabled' => 'Bool#disabled',
+			'multiple' => 'Bool#multiple',
+			'name' => 'CDATA',
+			'size' => 'Number',
+			'tabindex' => 'Number',
+		));
+
+		$this->addElement('option', false, 'Optional: #PCDATA', 'Common', array(
+			'disabled' => 'Bool#disabled',
+			'label' => 'Text',
+			'selected' => 'Bool#selected',
+			'value' => 'CDATA',
+		));
+		// It's illegal for there to be more than one selected, but not
+		// be multiple. Also, no selected means undefined behavior. This might
+		// be difficult to implement; perhaps an injector, or a context variable.
+
+		$textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array(
+			'accesskey' => 'Character',
+			'cols*' => 'Number',
+			'disabled' => 'Bool#disabled',
+			'name' => 'CDATA',
+			'readonly' => 'Bool#readonly',
+			'rows*' => 'Number',
+			'tabindex' => 'Number',
+		));
+		$textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();
+
+		$button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array(
+			'accesskey' => 'Character',
+			'disabled' => 'Bool#disabled',
+			'name' => 'CDATA',
+			'tabindex' => 'Number',
+			'type' => 'Enum#button,submit,reset',
+			'value' => 'CDATA',
+		));
+
+		// For exclusions, ideally we'd specify content sets, not literal elements
+		$button->excludes = $this->makeLookup(
+			'form', 'fieldset', // Form
+			'input', 'select', 'textarea', 'label', 'button', // Formctrl
+			'a', // as per HTML 4.01 spec, this is omitted by modularization
+			'isindex', 'iframe' // legacy items
+		);
+
+		// Extra exclusion: img usemap="" is not permitted within this element.
+		// We'll omit this for now, since we don't have any good way of
+		// indicating it yet.
+
+		// This is HIGHLY user-unfriendly; we need a custom child-def for this
+		$this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
+
+		$label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array(
+			'accesskey' => 'Character',
+			// 'for' => 'IDREF', // IDREF not implemented, cannot allow
+		));
+		$label->excludes = array('label' => true);
+
+		$this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array(
+			'accesskey' => 'Character',
+		));
+
+		$this->addElement('optgroup', false, 'Required: option', 'Common', array(
+			'disabled' => 'Bool#disabled',
+			'label*' => 'Text',
+		));
+
+		// Don't forget an injector for <isindex>. This one's a little complex
+		// because it maps to multiple elements.
+
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Hypertext.php

Indentation +18 added lines, -18 removed lines

@@ -6,25 +6,25 @@
 class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Hypertext';
+	public $name = 'Hypertext';
 
-    public function setup($config) {
-        $a = $this->addElement(
-            'a', 'Inline', 'Inline', 'Common',
-            array(
-                // 'accesskey' => 'Character',
-                // 'charset' => 'Charset',
-                'href' => 'URI',
-                // 'hreflang' => 'LanguageCode',
-                'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'),
-                'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'),
-                // 'tabindex' => 'Number',
-                // 'type' => 'ContentType',
-            )
-        );
-        $a->formatting = true;
-        $a->excludes = array('a' => true);
-    }
+	public function setup($config) {
+		$a = $this->addElement(
+			'a', 'Inline', 'Inline', 'Common',
+			array(
+				// 'accesskey' => 'Character',
+				// 'charset' => 'Charset',
+				'href' => 'URI',
+				// 'hreflang' => 'LanguageCode',
+				'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'),
+				'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'),
+				// 'tabindex' => 'Number',
+				// 'type' => 'ContentType',
+			)
+		);
+		$a->formatting = true;
+		$a->excludes = array('a' => true);
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Iframe.php

Indentation +21 added lines, -21 removed lines

@@ -10,28 +10,28 @@
 class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Iframe';
-    public $safe = false;
+	public $name = 'Iframe';
+	public $safe = false;
 
-    public function setup($config) {
-        if ($config->get('HTML.SafeIframe')) {
-            $this->safe = true;
-        }
-        $this->addElement(
-            'iframe', 'Inline', 'Flow', 'Common',
-            array(
-                'src' => 'URI#embedded',
-                'width' => 'Length',
-                'height' => 'Length',
-                'name' => 'ID',
-                'scrolling' => 'Enum#yes,no,auto',
-                'frameborder' => 'Enum#0,1',
-                'longdesc' => 'URI',
-                'marginheight' => 'Pixels',
-                'marginwidth' => 'Pixels',
-            )
-        );
-    }
+	public function setup($config) {
+		if ($config->get('HTML.SafeIframe')) {
+			$this->safe = true;
+		}
+		$this->addElement(
+			'iframe', 'Inline', 'Flow', 'Common',
+			array(
+				'src' => 'URI#embedded',
+				'width' => 'Length',
+				'height' => 'Length',
+				'name' => 'ID',
+				'scrolling' => 'Enum#yes,no,auto',
+				'frameborder' => 'Enum#0,1',
+				'longdesc' => 'URI',
+				'marginheight' => 'Pixels',
+				'marginwidth' => 'Pixels',
+			)
+		);
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Image.php

Indentation +24 added lines, -24 removed lines

@@ -8,32 +8,32 @@
 class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Image';
+	public $name = 'Image';
 
-    public function setup($config) {
-        $max = $config->get('HTML.MaxImgLength');
-        $img = $this->addElement(
-            'img', 'Inline', 'Empty', 'Common',
-            array(
-                'alt*' => 'Text',
-                // According to the spec, it's Length, but percents can
-                // be abused, so we allow only Pixels.
-                'height' => 'Pixels#' . $max,
-                'width'  => 'Pixels#' . $max,
-                'longdesc' => 'URI',
-                'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
-            )
-        );
-        if ($max === null || $config->get('HTML.Trusted')) {
-            $img->attr['height'] =
-            $img->attr['width'] = 'Length';
-        }
+	public function setup($config) {
+		$max = $config->get('HTML.MaxImgLength');
+		$img = $this->addElement(
+			'img', 'Inline', 'Empty', 'Common',
+			array(
+				'alt*' => 'Text',
+				// According to the spec, it's Length, but percents can
+				// be abused, so we allow only Pixels.
+				'height' => 'Pixels#' . $max,
+				'width'  => 'Pixels#' . $max,
+				'longdesc' => 'URI',
+				'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
+			)
+		);
+		if ($max === null || $config->get('HTML.Trusted')) {
+			$img->attr['height'] =
+			$img->attr['width'] = 'Length';
+		}
 
-        // kind of strange, but splitting things up would be inefficient
-        $img->attr_transform_pre[] =
-        $img->attr_transform_post[] =
-            new HTMLPurifier_AttrTransform_ImgRequired();
-    }
+		// kind of strange, but splitting things up would be inefficient
+		$img->attr_transform_pre[] =
+		$img->attr_transform_post[] =
+			new HTMLPurifier_AttrTransform_ImgRequired();
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php

Indentation +127 added lines, -127 removed lines

@@ -19,140 +19,140 @@
 class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
 {
 
-    public $name = 'Legacy';
+	public $name = 'Legacy';
 
-    public function setup($config) {
-
-        $this->addElement('basefont', 'Inline', 'Empty', false, array(
-            'color' => 'Color',
-            'face' => 'Text', // extremely broad, we should
-            'size' => 'Text', // tighten it
-            'id' => 'ID'
-        ));
-        $this->addElement('center', 'Block', 'Flow', 'Common');
-        $this->addElement('dir', 'Block', 'Required: li', 'Common', array(
-            'compact' => 'Bool#compact'
-        ));
-        $this->addElement('font', 'Inline', 'Inline', array('Core', 'I18N'), array(
-            'color' => 'Color',
-            'face' => 'Text', // extremely broad, we should
-            'size' => 'Text', // tighten it
-        ));
-        $this->addElement('menu', 'Block', 'Required: li', 'Common', array(
-            'compact' => 'Bool#compact'
-        ));
-
-        $s = $this->addElement('s', 'Inline', 'Inline', 'Common');
-        $s->formatting = true;
-
-        $strike = $this->addElement('strike', 'Inline', 'Inline', 'Common');
-        $strike->formatting = true;
-
-        $u = $this->addElement('u', 'Inline', 'Inline', 'Common');
-        $u->formatting = true;
-
-        // setup modifications to old elements
-
-        $align = 'Enum#left,right,center,justify';
-
-        $address = $this->addBlankElement('address');
-        $address->content_model = 'Inline | #PCDATA | p';
-        $address->content_model_type = 'optional';
-        $address->child = false;
-
-        $blockquote = $this->addBlankElement('blockquote');
-        $blockquote->content_model = 'Flow | #PCDATA';
-        $blockquote->content_model_type = 'optional';
-        $blockquote->child = false;
-
-        $br = $this->addBlankElement('br');
-        $br->attr['clear'] = 'Enum#left,all,right,none';
-
-        $caption = $this->addBlankElement('caption');
-        $caption->attr['align'] = 'Enum#top,bottom,left,right';
-
-        $div = $this->addBlankElement('div');
-        $div->attr['align'] = $align;
-
-        $dl = $this->addBlankElement('dl');
-        $dl->attr['compact'] = 'Bool#compact';
-
-        for ($i = 1; $i <= 6; $i++) {
-            $h = $this->addBlankElement("h$i");
-            $h->attr['align'] = $align;
-        }
-
-        $hr = $this->addBlankElement('hr');
-        $hr->attr['align'] = $align;
-        $hr->attr['noshade'] = 'Bool#noshade';
-        $hr->attr['size'] = 'Pixels';
-        $hr->attr['width'] = 'Length';
-
-        $img = $this->addBlankElement('img');
-        $img->attr['align'] = 'IAlign';
-        $img->attr['border'] = 'Pixels';
-        $img->attr['hspace'] = 'Pixels';
-        $img->attr['vspace'] = 'Pixels';
-
-        // figure out this integer business
-
-        $li = $this->addBlankElement('li');
-        $li->attr['value'] = new HTMLPurifier_AttrDef_Integer();
-        $li->attr['type']  = 'Enum#s:1,i,I,a,A,disc,square,circle';
-
-        $ol = $this->addBlankElement('ol');
-        $ol->attr['compact'] = 'Bool#compact';
-        $ol->attr['start'] = new HTMLPurifier_AttrDef_Integer();
-        $ol->attr['type'] = 'Enum#s:1,i,I,a,A';
-
-        $p = $this->addBlankElement('p');
-        $p->attr['align'] = $align;
-
-        $pre = $this->addBlankElement('pre');
-        $pre->attr['width'] = 'Number';
-
-        // script omitted
-
-        $table = $this->addBlankElement('table');
-        $table->attr['align'] = 'Enum#left,center,right';
-        $table->attr['bgcolor'] = 'Color';
-
-        $tr = $this->addBlankElement('tr');
-        $tr->attr['bgcolor'] = 'Color';
-
-        $th = $this->addBlankElement('th');
-        $th->attr['bgcolor'] = 'Color';
-        $th->attr['height'] = 'Length';
-        $th->attr['nowrap'] = 'Bool#nowrap';
-        $th->attr['width'] = 'Length';
-
-        $td = $this->addBlankElement('td');
-        $td->attr['bgcolor'] = 'Color';
-        $td->attr['height'] = 'Length';
-        $td->attr['nowrap'] = 'Bool#nowrap';
-        $td->attr['width'] = 'Length';
+	public function setup($config) {
+
+		$this->addElement('basefont', 'Inline', 'Empty', false, array(
+			'color' => 'Color',
+			'face' => 'Text', // extremely broad, we should
+			'size' => 'Text', // tighten it
+			'id' => 'ID'
+		));
+		$this->addElement('center', 'Block', 'Flow', 'Common');
+		$this->addElement('dir', 'Block', 'Required: li', 'Common', array(
+			'compact' => 'Bool#compact'
+		));
+		$this->addElement('font', 'Inline', 'Inline', array('Core', 'I18N'), array(
+			'color' => 'Color',
+			'face' => 'Text', // extremely broad, we should
+			'size' => 'Text', // tighten it
+		));
+		$this->addElement('menu', 'Block', 'Required: li', 'Common', array(
+			'compact' => 'Bool#compact'
+		));
+
+		$s = $this->addElement('s', 'Inline', 'Inline', 'Common');
+		$s->formatting = true;
+
+		$strike = $this->addElement('strike', 'Inline', 'Inline', 'Common');
+		$strike->formatting = true;
+
+		$u = $this->addElement('u', 'Inline', 'Inline', 'Common');
+		$u->formatting = true;
+
+		// setup modifications to old elements
+
+		$align = 'Enum#left,right,center,justify';
+
+		$address = $this->addBlankElement('address');
+		$address->content_model = 'Inline | #PCDATA | p';
+		$address->content_model_type = 'optional';
+		$address->child = false;
+
+		$blockquote = $this->addBlankElement('blockquote');
+		$blockquote->content_model = 'Flow | #PCDATA';
+		$blockquote->content_model_type = 'optional';
+		$blockquote->child = false;
+
+		$br = $this->addBlankElement('br');
+		$br->attr['clear'] = 'Enum#left,all,right,none';
+
+		$caption = $this->addBlankElement('caption');
+		$caption->attr['align'] = 'Enum#top,bottom,left,right';
+
+		$div = $this->addBlankElement('div');
+		$div->attr['align'] = $align;
+
+		$dl = $this->addBlankElement('dl');
+		$dl->attr['compact'] = 'Bool#compact';
+
+		for ($i = 1; $i <= 6; $i++) {
+			$h = $this->addBlankElement("h$i");
+			$h->attr['align'] = $align;
+		}
+
+		$hr = $this->addBlankElement('hr');
+		$hr->attr['align'] = $align;
+		$hr->attr['noshade'] = 'Bool#noshade';
+		$hr->attr['size'] = 'Pixels';
+		$hr->attr['width'] = 'Length';
+
+		$img = $this->addBlankElement('img');
+		$img->attr['align'] = 'IAlign';
+		$img->attr['border'] = 'Pixels';
+		$img->attr['hspace'] = 'Pixels';
+		$img->attr['vspace'] = 'Pixels';
+
+		// figure out this integer business
+
+		$li = $this->addBlankElement('li');
+		$li->attr['value'] = new HTMLPurifier_AttrDef_Integer();
+		$li->attr['type']  = 'Enum#s:1,i,I,a,A,disc,square,circle';
+
+		$ol = $this->addBlankElement('ol');
+		$ol->attr['compact'] = 'Bool#compact';
+		$ol->attr['start'] = new HTMLPurifier_AttrDef_Integer();
+		$ol->attr['type'] = 'Enum#s:1,i,I,a,A';
+
+		$p = $this->addBlankElement('p');
+		$p->attr['align'] = $align;
+
+		$pre = $this->addBlankElement('pre');
+		$pre->attr['width'] = 'Number';
+
+		// script omitted
+
+		$table = $this->addBlankElement('table');
+		$table->attr['align'] = 'Enum#left,center,right';
+		$table->attr['bgcolor'] = 'Color';
+
+		$tr = $this->addBlankElement('tr');
+		$tr->attr['bgcolor'] = 'Color';
+
+		$th = $this->addBlankElement('th');
+		$th->attr['bgcolor'] = 'Color';
+		$th->attr['height'] = 'Length';
+		$th->attr['nowrap'] = 'Bool#nowrap';
+		$th->attr['width'] = 'Length';
+
+		$td = $this->addBlankElement('td');
+		$td->attr['bgcolor'] = 'Color';
+		$td->attr['height'] = 'Length';
+		$td->attr['nowrap'] = 'Bool#nowrap';
+		$td->attr['width'] = 'Length';
 
-        $ul = $this->addBlankElement('ul');
-        $ul->attr['compact'] = 'Bool#compact';
-        $ul->attr['type'] = 'Enum#square,disc,circle';
+		$ul = $this->addBlankElement('ul');
+		$ul->attr['compact'] = 'Bool#compact';
+		$ul->attr['type'] = 'Enum#square,disc,circle';
 
-        // "safe" modifications to "unsafe" elements
-        // WARNING: If you want to add support for an unsafe, legacy
-        // attribute, make a new TrustedLegacy module with the trusted
-        // bit set appropriately
+		// "safe" modifications to "unsafe" elements
+		// WARNING: If you want to add support for an unsafe, legacy
+		// attribute, make a new TrustedLegacy module with the trusted
+		// bit set appropriately
 
-        $form = $this->addBlankElement('form');
-        $form->content_model = 'Flow | #PCDATA';
-        $form->content_model_type = 'optional';
-        $form->attr['target'] = 'FrameTarget';
+		$form = $this->addBlankElement('form');
+		$form->content_model = 'Flow | #PCDATA';
+		$form->content_model_type = 'optional';
+		$form->attr['target'] = 'FrameTarget';
 
-        $input = $this->addBlankElement('input');
-        $input->attr['align'] = 'IAlign';
+		$input = $this->addBlankElement('input');
+		$input->attr['align'] = 'IAlign';
 
-        $legend = $this->addBlankElement('legend');
-        $legend->attr['align'] = 'LAlign';
+		$legend = $this->addBlankElement('legend');
+		$legend->attr['align'] = 'LAlign';
 
-    }
+	}
 
 }