xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/Language/messages/en-x-test.php

Indentation +1 added lines, -1 removed lines

@@ -5,7 +5,7 @@
 $fallback = 'en';
 
 $messages = array(
-    'HTMLPurifier' => 'HTML Purifier X'
+	'HTMLPurifier' => 'HTML Purifier X'
 );
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/Language/messages/en-x-testmini.php

Indentation +1 added lines, -1 removed lines

@@ -6,7 +6,7 @@
 $fallback = 'en';
 
 $messages = array(
-    'HTMLPurifier' => 'HTML Purifier XNone'
+	'HTMLPurifier' => 'HTML Purifier XNone'
 );
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/Language/messages/en.php

Indentation +3 added lines, -3 removed lines

@@ -55,9 +55,9 @@
 );
 
 $errorNames = array(
-    E_ERROR   => 'Error',
-    E_WARNING => 'Warning',
-    E_NOTICE  => 'Notice'
+	E_ERROR   => 'Error',
+	E_WARNING => 'Warning',
+	E_NOTICE  => 'Notice'
 );
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/LanguageFactory.php

Indentation +182 added lines, -182 removed lines

@@ -10,188 +10,188 @@
 class HTMLPurifier_LanguageFactory
 {
 
-    /**
-     * Cache of language code information used to load HTMLPurifier_Language objects
-     * Structure is: $factory->cache[$language_code][$key] = $value
-     * @value array map
-     */
-    public $cache;
-
-    /**
-     * Valid keys in the HTMLPurifier_Language object. Designates which
-     * variables to slurp out of a message file.
-     * @value array list
-     */
-    public $keys = array('fallback', 'messages', 'errorNames');
-
-    /**
-     * Instance of HTMLPurifier_AttrDef_Lang to validate language codes
-     * @value object HTMLPurifier_AttrDef_Lang
-     */
-    protected $validator;
-
-    /**
-     * Cached copy of dirname(__FILE__), directory of current file without
-     * trailing slash
-     * @value string filename
-     */
-    protected $dir;
-
-    /**
-     * Keys whose contents are a hash map and can be merged
-     * @value array lookup
-     */
-    protected $mergeable_keys_map = array('messages' => true, 'errorNames' => true);
-
-    /**
-     * Keys whose contents are a list and can be merged
-     * @value array lookup
-     */
-    protected $mergeable_keys_list = array();
-
-    /**
-     * Retrieve sole instance of the factory.
-     * @param $prototype Optional prototype to overload sole instance with,
-     *                   or bool true to reset to default factory.
-     */
-    public static function instance($prototype = null) {
-        static $instance = null;
-        if ($prototype !== null) {
-            $instance = $prototype;
-        } elseif ($instance === null || $prototype == true) {
-            $instance = new HTMLPurifier_LanguageFactory();
-            $instance->setup();
-        }
-        return $instance;
-    }
-
-    /**
-     * Sets up the singleton, much like a constructor
-     * @note Prevents people from getting this outside of the singleton
-     */
-    public function setup() {
-        $this->validator = new HTMLPurifier_AttrDef_Lang();
-        $this->dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier';
-    }
-
-    /**
-     * Creates a language object, handles class fallbacks
-     * @param $config Instance of HTMLPurifier_Config
-     * @param $context Instance of HTMLPurifier_Context
-     * @param $code Code to override configuration with. Private parameter.
-     */
-    public function create($config, $context, $code = false) {
-
-        // validate language code
-        if ($code === false) {
-            $code = $this->validator->validate(
-              $config->get('Core.Language'), $config, $context
-            );
-        } else {
-            $code = $this->validator->validate($code, $config, $context);
-        }
-        if ($code === false) $code = 'en'; // malformed code becomes English
-
-        $pcode = str_replace('-', '_', $code); // make valid PHP classname
-        static $depth = 0; // recursion protection
-
-        if ($code == 'en') {
-            $lang = new HTMLPurifier_Language($config, $context);
-        } else {
-            $class = 'HTMLPurifier_Language_' . $pcode;
-            $file  = $this->dir . '/Language/classes/' . $code . '.php';
-            if (file_exists($file) || class_exists($class, false)) {
-                $lang = new $class($config, $context);
-            } else {
-                // Go fallback
-                $raw_fallback = $this->getFallbackFor($code);
-                $fallback = $raw_fallback ? $raw_fallback : 'en';
-                $depth++;
-                $lang = $this->create($config, $context, $fallback);
-                if (!$raw_fallback) {
-                    $lang->error = true;
-                }
-                $depth--;
-            }
-        }
-
-        $lang->code = $code;
-
-        return $lang;
-
-    }
-
-    /**
-     * Returns the fallback language for language
-     * @note Loads the original language into cache
-     * @param $code string language code
-     */
-    public function getFallbackFor($code) {
-        $this->loadLanguage($code);
-        return $this->cache[$code]['fallback'];
-    }
-
-    /**
-     * Loads language into the cache, handles message file and fallbacks
-     * @param $code string language code
-     */
-    public function loadLanguage($code) {
-        static $languages_seen = array(); // recursion guard
-
-        // abort if we've already loaded it
-        if (isset($this->cache[$code])) return;
-
-        // generate filename
-        $filename = $this->dir . '/Language/messages/' . $code . '.php';
-
-        // default fallback : may be overwritten by the ensuing include
-        $fallback = ($code != 'en') ? 'en' : false;
-
-        // load primary localisation
-        if (!file_exists($filename)) {
-            // skip the include: will rely solely on fallback
-            $filename = $this->dir . '/Language/messages/en.php';
-            $cache = array();
-        } else {
-            include $filename;
-            $cache = compact($this->keys);
-        }
-
-        // load fallback localisation
-        if (!empty($fallback)) {
-
-            // infinite recursion guard
-            if (isset($languages_seen[$code])) {
-                trigger_error('Circular fallback reference in language ' .
-                    $code, E_USER_ERROR);
-                $fallback = 'en';
-            }
-            $language_seen[$code] = true;
-
-            // load the fallback recursively
-            $this->loadLanguage($fallback);
-            $fallback_cache = $this->cache[$fallback];
-
-            // merge fallback with current language
-            foreach ( $this->keys as $key ) {
-                if (isset($cache[$key]) && isset($fallback_cache[$key])) {
-                    if (isset($this->mergeable_keys_map[$key])) {
-                        $cache[$key] = $cache[$key] + $fallback_cache[$key];
-                    } elseif (isset($this->mergeable_keys_list[$key])) {
-                        $cache[$key] = array_merge( $fallback_cache[$key], $cache[$key] );
-                    }
-                } else {
-                    $cache[$key] = $fallback_cache[$key];
-                }
-            }
-
-        }
-
-        // save to cache for later retrieval
-        $this->cache[$code] = $cache;
-
-        return;
-    }
+	/**
+	 * Cache of language code information used to load HTMLPurifier_Language objects
+	 * Structure is: $factory->cache[$language_code][$key] = $value
+	 * @value array map
+	 */
+	public $cache;
+
+	/**
+	 * Valid keys in the HTMLPurifier_Language object. Designates which
+	 * variables to slurp out of a message file.
+	 * @value array list
+	 */
+	public $keys = array('fallback', 'messages', 'errorNames');
+
+	/**
+	 * Instance of HTMLPurifier_AttrDef_Lang to validate language codes
+	 * @value object HTMLPurifier_AttrDef_Lang
+	 */
+	protected $validator;
+
+	/**
+	 * Cached copy of dirname(__FILE__), directory of current file without
+	 * trailing slash
+	 * @value string filename
+	 */
+	protected $dir;
+
+	/**
+	 * Keys whose contents are a hash map and can be merged
+	 * @value array lookup
+	 */
+	protected $mergeable_keys_map = array('messages' => true, 'errorNames' => true);
+
+	/**
+	 * Keys whose contents are a list and can be merged
+	 * @value array lookup
+	 */
+	protected $mergeable_keys_list = array();
+
+	/**
+	 * Retrieve sole instance of the factory.
+	 * @param $prototype Optional prototype to overload sole instance with,
+	 *                   or bool true to reset to default factory.
+	 */
+	public static function instance($prototype = null) {
+		static $instance = null;
+		if ($prototype !== null) {
+			$instance = $prototype;
+		} elseif ($instance === null || $prototype == true) {
+			$instance = new HTMLPurifier_LanguageFactory();
+			$instance->setup();
+		}
+		return $instance;
+	}
+
+	/**
+	 * Sets up the singleton, much like a constructor
+	 * @note Prevents people from getting this outside of the singleton
+	 */
+	public function setup() {
+		$this->validator = new HTMLPurifier_AttrDef_Lang();
+		$this->dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier';
+	}
+
+	/**
+	 * Creates a language object, handles class fallbacks
+	 * @param $config Instance of HTMLPurifier_Config
+	 * @param $context Instance of HTMLPurifier_Context
+	 * @param $code Code to override configuration with. Private parameter.
+	 */
+	public function create($config, $context, $code = false) {
+
+		// validate language code
+		if ($code === false) {
+			$code = $this->validator->validate(
+			  $config->get('Core.Language'), $config, $context
+			);
+		} else {
+			$code = $this->validator->validate($code, $config, $context);
+		}
+		if ($code === false) $code = 'en'; // malformed code becomes English
+
+		$pcode = str_replace('-', '_', $code); // make valid PHP classname
+		static $depth = 0; // recursion protection
+
+		if ($code == 'en') {
+			$lang = new HTMLPurifier_Language($config, $context);
+		} else {
+			$class = 'HTMLPurifier_Language_' . $pcode;
+			$file  = $this->dir . '/Language/classes/' . $code . '.php';
+			if (file_exists($file) || class_exists($class, false)) {
+				$lang = new $class($config, $context);
+			} else {
+				// Go fallback
+				$raw_fallback = $this->getFallbackFor($code);
+				$fallback = $raw_fallback ? $raw_fallback : 'en';
+				$depth++;
+				$lang = $this->create($config, $context, $fallback);
+				if (!$raw_fallback) {
+					$lang->error = true;
+				}
+				$depth--;
+			}
+		}
+
+		$lang->code = $code;
+
+		return $lang;
+
+	}
+
+	/**
+	 * Returns the fallback language for language
+	 * @note Loads the original language into cache
+	 * @param $code string language code
+	 */
+	public function getFallbackFor($code) {
+		$this->loadLanguage($code);
+		return $this->cache[$code]['fallback'];
+	}
+
+	/**
+	 * Loads language into the cache, handles message file and fallbacks
+	 * @param $code string language code
+	 */
+	public function loadLanguage($code) {
+		static $languages_seen = array(); // recursion guard
+
+		// abort if we've already loaded it
+		if (isset($this->cache[$code])) return;
+
+		// generate filename
+		$filename = $this->dir . '/Language/messages/' . $code . '.php';
+
+		// default fallback : may be overwritten by the ensuing include
+		$fallback = ($code != 'en') ? 'en' : false;
+
+		// load primary localisation
+		if (!file_exists($filename)) {
+			// skip the include: will rely solely on fallback
+			$filename = $this->dir . '/Language/messages/en.php';
+			$cache = array();
+		} else {
+			include $filename;
+			$cache = compact($this->keys);
+		}
+
+		// load fallback localisation
+		if (!empty($fallback)) {
+
+			// infinite recursion guard
+			if (isset($languages_seen[$code])) {
+				trigger_error('Circular fallback reference in language ' .
+					$code, E_USER_ERROR);
+				$fallback = 'en';
+			}
+			$language_seen[$code] = true;
+
+			// load the fallback recursively
+			$this->loadLanguage($fallback);
+			$fallback_cache = $this->cache[$fallback];
+
+			// merge fallback with current language
+			foreach ( $this->keys as $key ) {
+				if (isset($cache[$key]) && isset($fallback_cache[$key])) {
+					if (isset($this->mergeable_keys_map[$key])) {
+						$cache[$key] = $cache[$key] + $fallback_cache[$key];
+					} elseif (isset($this->mergeable_keys_list[$key])) {
+						$cache[$key] = array_merge( $fallback_cache[$key], $cache[$key] );
+					}
+				} else {
+					$cache[$key] = $fallback_cache[$key];
+				}
+			}
+
+		}
+
+		// save to cache for later retrieval
+		$this->cache[$code] = $cache;
+
+		return;
+	}
 
 }
 

Spacing +2 added lines, -2 removed lines

@@ -173,12 +173,12 @@
             $fallback_cache = $this->cache[$fallback];
 
             // merge fallback with current language
-            foreach ( $this->keys as $key ) {
+            foreach ($this->keys as $key) {
                 if (isset($cache[$key]) && isset($fallback_cache[$key])) {
                     if (isset($this->mergeable_keys_map[$key])) {
                         $cache[$key] = $cache[$key] + $fallback_cache[$key];
                     } elseif (isset($this->mergeable_keys_list[$key])) {
-                        $cache[$key] = array_merge( $fallback_cache[$key], $cache[$key] );
+                        $cache[$key] = array_merge($fallback_cache[$key], $cache[$key]);
                     }
                 } else {
                     $cache[$key] = $fallback_cache[$key];

Braces +7 added lines, -2 removed lines

@@ -90,7 +90,10 @@ 
         } else {
             $code = $this->validator->validate($code, $config, $context);
         }
-        if ($code === false) $code = 'en'; // malformed code becomes English
+        if ($code === false) {
+        	$code = 'en';
+        }
+        // malformed code becomes English
 
         $pcode = str_replace('-', '_', $code); // make valid PHP classname
         static $depth = 0; // recursion protection
@@ -139,7 +142,9 @@ 
         static $languages_seen = array(); // recursion guard
 
         // abort if we've already loaded it
-        if (isset($this->cache[$code])) return;
+        if (isset($this->cache[$code])) {
+        	return;
+        }
 
         // generate filename
         $filename = $this->dir . '/Language/messages/' . $code . '.php';

classes/security/htmlpurifier/library/HTMLPurifier/Length.php

Indentation +91 added lines, -91 removed lines

@@ -7,108 +7,108 @@
 class HTMLPurifier_Length
 {
 
-    /**
-     * String numeric magnitude.
-     */
-    protected $n;
+	/**
+	 * String numeric magnitude.
+	 */
+	protected $n;
 
-    /**
-     * String unit. False is permitted if $n = 0.
-     */
-    protected $unit;
+	/**
+	 * String unit. False is permitted if $n = 0.
+	 */
+	protected $unit;
 
-    /**
-     * Whether or not this length is valid. Null if not calculated yet.
-     */
-    protected $isValid;
+	/**
+	 * Whether or not this length is valid. Null if not calculated yet.
+	 */
+	protected $isValid;
 
-    /**
-     * Lookup array of units recognized by CSS 2.1
-     */
-    protected static $allowedUnits = array(
-        'em' => true, 'ex' => true, 'px' => true, 'in' => true,
-        'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
-    );
+	/**
+	 * Lookup array of units recognized by CSS 2.1
+	 */
+	protected static $allowedUnits = array(
+		'em' => true, 'ex' => true, 'px' => true, 'in' => true,
+		'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
+	);
 
-    /**
-     * @param number $n Magnitude
-     * @param string $u Unit
-     */
-    public function __construct($n = '0', $u = false) {
-        $this->n = (string) $n;
-        $this->unit = $u !== false ? (string) $u : false;
-    }
+	/**
+	 * @param number $n Magnitude
+	 * @param string $u Unit
+	 */
+	public function __construct($n = '0', $u = false) {
+		$this->n = (string) $n;
+		$this->unit = $u !== false ? (string) $u : false;
+	}
 
-    /**
-     * @param string $s Unit string, like '2em' or '3.4in'
-     * @warning Does not perform validation.
-     */
-    static public function make($s) {
-        if ($s instanceof HTMLPurifier_Length) return $s;
-        $n_length = strspn($s, '1234567890.+-');
-        $n = substr($s, 0, $n_length);
-        $unit = substr($s, $n_length);
-        if ($unit === '') $unit = false;
-        return new HTMLPurifier_Length($n, $unit);
-    }
+	/**
+	 * @param string $s Unit string, like '2em' or '3.4in'
+	 * @warning Does not perform validation.
+	 */
+	static public function make($s) {
+		if ($s instanceof HTMLPurifier_Length) return $s;
+		$n_length = strspn($s, '1234567890.+-');
+		$n = substr($s, 0, $n_length);
+		$unit = substr($s, $n_length);
+		if ($unit === '') $unit = false;
+		return new HTMLPurifier_Length($n, $unit);
+	}
 
-    /**
-     * Validates the number and unit.
-     */
-    protected function validate() {
-        // Special case:
-        if ($this->n === '+0' || $this->n === '-0') $this->n = '0';
-        if ($this->n === '0' && $this->unit === false) return true;
-        if (!ctype_lower($this->unit)) $this->unit = strtolower($this->unit);
-        if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) return false;
-        // Hack:
-        $def = new HTMLPurifier_AttrDef_CSS_Number();
-        $result = $def->validate($this->n, false, false);
-        if ($result === false) return false;
-        $this->n = $result;
-        return true;
-    }
+	/**
+	 * Validates the number and unit.
+	 */
+	protected function validate() {
+		// Special case:
+		if ($this->n === '+0' || $this->n === '-0') $this->n = '0';
+		if ($this->n === '0' && $this->unit === false) return true;
+		if (!ctype_lower($this->unit)) $this->unit = strtolower($this->unit);
+		if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) return false;
+		// Hack:
+		$def = new HTMLPurifier_AttrDef_CSS_Number();
+		$result = $def->validate($this->n, false, false);
+		if ($result === false) return false;
+		$this->n = $result;
+		return true;
+	}
 
-    /**
-     * Returns string representation of number.
-     */
-    public function toString() {
-        if (!$this->isValid()) return false;
-        return $this->n . $this->unit;
-    }
+	/**
+	 * Returns string representation of number.
+	 */
+	public function toString() {
+		if (!$this->isValid()) return false;
+		return $this->n . $this->unit;
+	}
 
-    /**
-     * Retrieves string numeric magnitude.
-     */
-    public function getN() {return $this->n;}
+	/**
+	 * Retrieves string numeric magnitude.
+	 */
+	public function getN() {return $this->n;}
 
-    /**
-     * Retrieves string unit.
-     */
-    public function getUnit() {return $this->unit;}
+	/**
+	 * Retrieves string unit.
+	 */
+	public function getUnit() {return $this->unit;}
 
-    /**
-     * Returns true if this length unit is valid.
-     */
-    public function isValid() {
-        if ($this->isValid === null) $this->isValid = $this->validate();
-        return $this->isValid;
-    }
+	/**
+	 * Returns true if this length unit is valid.
+	 */
+	public function isValid() {
+		if ($this->isValid === null) $this->isValid = $this->validate();
+		return $this->isValid;
+	}
 
-    /**
-     * Compares two lengths, and returns 1 if greater, -1 if less and 0 if equal.
-     * @warning If both values are too large or small, this calculation will
-     *          not work properly
-     */
-    public function compareTo($l) {
-        if ($l === false) return false;
-        if ($l->unit !== $this->unit) {
-            $converter = new HTMLPurifier_UnitConverter();
-            $l = $converter->convert($l, $this->unit);
-            if ($l === false) return false;
-        }
-        return $this->n - $l->n;
-    }
+	/**
+	 * Compares two lengths, and returns 1 if greater, -1 if less and 0 if equal.
+	 * @warning If both values are too large or small, this calculation will
+	 *          not work properly
+	 */
+	public function compareTo($l) {
+		if ($l === false) return false;
+		if ($l->unit !== $this->unit) {
+			$converter = new HTMLPurifier_UnitConverter();
+			$l = $converter->convert($l, $this->unit);
+			if ($l === false) return false;
+		}
+		return $this->n - $l->n;
+	}
 
 }
 

Spacing +2 added lines, -2 removed lines

@@ -80,12 +80,12 @@
     /**
      * Retrieves string numeric magnitude.
      */
-    public function getN() {return $this->n;}
+    public function getN() {return $this->n; }
 
     /**
      * Retrieves string unit.
      */
-    public function getUnit() {return $this->unit;}
+    public function getUnit() {return $this->unit; }
 
     /**
      * Returns true if this length unit is valid.

Braces +33 added lines, -11 removed lines

@@ -44,11 +44,15 @@ 
      * @warning Does not perform validation.
      */
     static public function make($s) {
-        if ($s instanceof HTMLPurifier_Length) return $s;
+        if ($s instanceof HTMLPurifier_Length) {
+        	return $s;
+        }
         $n_length = strspn($s, '1234567890.+-');
         $n = substr($s, 0, $n_length);
         $unit = substr($s, $n_length);
-        if ($unit === '') $unit = false;
+        if ($unit === '') {
+        	$unit = false;
+        }
         return new HTMLPurifier_Length($n, $unit);
     }
 
@@ -57,14 +61,24 @@ 
      */
     protected function validate() {
         // Special case:
-        if ($this->n === '+0' || $this->n === '-0') $this->n = '0';
-        if ($this->n === '0' && $this->unit === false) return true;
-        if (!ctype_lower($this->unit)) $this->unit = strtolower($this->unit);
-        if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) return false;
+        if ($this->n === '+0' || $this->n === '-0') {
+        	$this->n = '0';
+        }
+        if ($this->n === '0' && $this->unit === false) {
+        	return true;
+        }
+        if (!ctype_lower($this->unit)) {
+        	$this->unit = strtolower($this->unit);
+        }
+        if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {
+        	return false;
+        }
         // Hack:
         $def = new HTMLPurifier_AttrDef_CSS_Number();
         $result = $def->validate($this->n, false, false);
-        if ($result === false) return false;
+        if ($result === false) {
+        	return false;
+        }
         $this->n = $result;
         return true;
     }
@@ -73,7 +87,9 @@ 
      * Returns string representation of number.
      */
     public function toString() {
-        if (!$this->isValid()) return false;
+        if (!$this->isValid()) {
+        	return false;
+        }
         return $this->n . $this->unit;
     }
 
@@ -91,7 +107,9 @@ 
      * Returns true if this length unit is valid.
      */
     public function isValid() {
-        if ($this->isValid === null) $this->isValid = $this->validate();
+        if ($this->isValid === null) {
+        	$this->isValid = $this->validate();
+        }
         return $this->isValid;
     }
 
@@ -101,11 +119,15 @@ 
      *          not work properly
      */
     public function compareTo($l) {
-        if ($l === false) return false;
+        if ($l === false) {
+        	return false;
+        }
         if ($l->unit !== $this->unit) {
             $converter = new HTMLPurifier_UnitConverter();
             $l = $converter->convert($l, $this->unit);
-            if ($l === false) return false;
+            if ($l === false) {
+            	return false;
+            }
         }
         return $this->n - $l->n;
     }

classes/security/htmlpurifier/library/HTMLPurifier/Lexer.php

Indentation +276 added lines, -276 removed lines

@@ -42,284 +42,284 @@
 class HTMLPurifier_Lexer
 {
 
-    /**
-     * Whether or not this lexer implements line-number/column-number tracking.
-     * If it does, set to true.
-     */
-    public $tracksLineNumbers = false;
-
-    // -- STATIC ----------------------------------------------------------
-
-    /**
-     * Retrieves or sets the default Lexer as a Prototype Factory.
-     *
-     * By default HTMLPurifier_Lexer_DOMLex will be returned. There are
-     * a few exceptions involving special features that only DirectLex
-     * implements.
-     *
-     * @note The behavior of this class has changed, rather than accepting
-     *       a prototype object, it now accepts a configuration object.
-     *       To specify your own prototype, set %Core.LexerImpl to it.
-     *       This change in behavior de-singletonizes the lexer object.
-     *
-     * @param $config Instance of HTMLPurifier_Config
-     * @return Concrete lexer.
-     */
-    public static function create($config) {
-
-        if (!($config instanceof HTMLPurifier_Config)) {
-            $lexer = $config;
-            trigger_error("Passing a prototype to
+	/**
+	 * Whether or not this lexer implements line-number/column-number tracking.
+	 * If it does, set to true.
+	 */
+	public $tracksLineNumbers = false;
+
+	// -- STATIC ----------------------------------------------------------
+
+	/**
+	 * Retrieves or sets the default Lexer as a Prototype Factory.
+	 *
+	 * By default HTMLPurifier_Lexer_DOMLex will be returned. There are
+	 * a few exceptions involving special features that only DirectLex
+	 * implements.
+	 *
+	 * @note The behavior of this class has changed, rather than accepting
+	 *       a prototype object, it now accepts a configuration object.
+	 *       To specify your own prototype, set %Core.LexerImpl to it.
+	 *       This change in behavior de-singletonizes the lexer object.
+	 *
+	 * @param $config Instance of HTMLPurifier_Config
+	 * @return Concrete lexer.
+	 */
+	public static function create($config) {
+
+		if (!($config instanceof HTMLPurifier_Config)) {
+			$lexer = $config;
+			trigger_error("Passing a prototype to
               HTMLPurifier_Lexer::create() is deprecated, please instead
               use %Core.LexerImpl", E_USER_WARNING);
-        } else {
-            $lexer = $config->get('Core.LexerImpl');
-        }
-
-        $needs_tracking =
-            $config->get('Core.MaintainLineNumbers') ||
-            $config->get('Core.CollectErrors');
-
-        $inst = null;
-        if (is_object($lexer)) {
-            $inst = $lexer;
-        } else {
-
-            if (is_null($lexer)) { do {
-                // auto-detection algorithm
-
-                if ($needs_tracking) {
-                    $lexer = 'DirectLex';
-                    break;
-                }
-
-                if (
-                    class_exists('DOMDocument') &&
-                    method_exists('DOMDocument', 'loadHTML') &&
-                    !extension_loaded('domxml')
-                ) {
-                    // check for DOM support, because while it's part of the
-                    // core, it can be disabled compile time. Also, the PECL
-                    // domxml extension overrides the default DOM, and is evil
-                    // and nasty and we shan't bother to support it
-                    $lexer = 'DOMLex';
-                } else {
-                    $lexer = 'DirectLex';
-                }
-
-            } while(0); } // do..while so we can break
-
-            // instantiate recognized string names
-            switch ($lexer) {
-                case 'DOMLex':
-                    $inst = new HTMLPurifier_Lexer_DOMLex();
-                    break;
-                case 'DirectLex':
-                    $inst = new HTMLPurifier_Lexer_DirectLex();
-                    break;
-                case 'PH5P':
-                    $inst = new HTMLPurifier_Lexer_PH5P();
-                    break;
-                default:
-                    throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
-            }
-        }
-
-        if (!$inst) throw new HTMLPurifier_Exception('No lexer was instantiated');
-
-        // once PHP DOM implements native line numbers, or we
-        // hack out something using XSLT, remove this stipulation
-        if ($needs_tracking && !$inst->tracksLineNumbers) {
-            throw new HTMLPurifier_Exception('Cannot use lexer that does not support line numbers with Core.MaintainLineNumbers or Core.CollectErrors (use DirectLex instead)');
-        }
-
-        return $inst;
-
-    }
-
-    // -- CONVENIENCE MEMBERS ---------------------------------------------
-
-    public function __construct() {
-        $this->_entity_parser = new HTMLPurifier_EntityParser();
-    }
-
-    /**
-     * Most common entity to raw value conversion table for special entities.
-     */
-    protected $_special_entity2str =
-            array(
-                    '"' => '"',
-                    '&'  => '&',
-                    '&lt;'   => '<',
-                    '&gt;'   => '>',
-                    '&#39;'  => "'",
-                    '&#039;' => "'",
-                    '&#x27;' => "'"
-            );
-
-    /**
-     * Parses special entities into the proper characters.
-     *
-     * This string will translate escaped versions of the special characters
-     * into the correct ones.
-     *
-     * @warning
-     * You should be able to treat the output of this function as
-     * completely parsed, but that's only because all other entities should
-     * have been handled previously in substituteNonSpecialEntities()
-     *
-     * @param $string String character data to be parsed.
-     * @returns Parsed character data.
-     */
-    public function parseData($string) {
-
-        // following functions require at least one character
-        if ($string === '') return '';
-
-        // subtracts amps that cannot possibly be escaped
-        $num_amp = substr_count($string, '&') - substr_count($string, '& ') -
-            ($string[strlen($string)-1] === '&' ? 1 : 0);
-
-        if (!$num_amp) return $string; // abort if no entities
-        $num_esc_amp = substr_count($string, '&amp;');
-        $string = strtr($string, $this->_special_entity2str);
-
-        // code duplication for sake of optimization, see above
-        $num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
-            ($string[strlen($string)-1] === '&' ? 1 : 0);
-
-        if ($num_amp_2 <= $num_esc_amp) return $string;
-
-        // hmm... now we have some uncommon entities. Use the callback.
-        $string = $this->_entity_parser->substituteSpecialEntities($string);
-        return $string;
-    }
-
-    /**
-     * Lexes an HTML string into tokens.
-     *
-     * @param $string String HTML.
-     * @return HTMLPurifier_Token array representation of HTML.
-     */
-    public function tokenizeHTML($string, $config, $context) {
-        trigger_error('Call to abstract class', E_USER_ERROR);
-    }
-
-    /**
-     * Translates CDATA sections into regular sections (through escaping).
-     *
-     * @param $string HTML string to process.
-     * @returns HTML with CDATA sections escaped.
-     */
-    protected static function escapeCDATA($string) {
-        return preg_replace_callback(
-            '/<!\[CDATA\[(.+?)\]\]>/s',
-            array('HTMLPurifier_Lexer', 'CDATACallback'),
-            $string
-        );
-    }
-
-    /**
-     * Special CDATA case that is especially convoluted for <script>
-     */
-    protected static function escapeCommentedCDATA($string) {
-        return preg_replace_callback(
-            '#<!--//--><!\[CDATA\[//><!--(.+?)//--><!\]\]>#s',
-            array('HTMLPurifier_Lexer', 'CDATACallback'),
-            $string
-        );
-    }
-
-    /**
-     * Special Internet Explorer conditional comments should be removed.
-     */
-    protected static function removeIEConditional($string) {
-        return preg_replace(
-            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
-            '',
-            $string
-        );
-    }
-
-    /**
-     * Callback function for escapeCDATA() that does the work.
-     *
-     * @warning Though this is public in order to let the callback happen,
-     *          calling it directly is not recommended.
-     * @params $matches PCRE matches array, with index 0 the entire match
-     *                  and 1 the inside of the CDATA section.
-     * @returns Escaped internals of the CDATA section.
-     */
-    protected static function CDATACallback($matches) {
-        // not exactly sure why the character set is needed, but whatever
-        return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8', false);
-    }
-
-    /**
-     * Takes a piece of HTML and normalizes it by converting entities, fixing
-     * encoding, extracting bits, and other good stuff.
-     * @todo Consider making protected
-     */
-    public function normalize($html, $config, $context) {
-
-        // normalize newlines to \n
-        if ($config->get('Core.NormalizeNewlines')) {
-            $html = str_replace("\r\n", "\n", $html);
-            $html = str_replace("\r", "\n", $html);
-        }
-
-        if ($config->get('HTML.Trusted')) {
-            // escape convoluted CDATA
-            $html = $this->escapeCommentedCDATA($html);
-        }
-
-        // escape CDATA
-        $html = $this->escapeCDATA($html);
-
-        $html = $this->removeIEConditional($html);
-
-        // extract body from document if applicable
-        if ($config->get('Core.ConvertDocumentToFragment')) {
-            $e = false;
-            if ($config->get('Core.CollectErrors')) {
-                $e =& $context->get('ErrorCollector');
-            }
-            $new_html = $this->extractBody($html);
-            if ($e && $new_html != $html) {
-                $e->send(E_WARNING, 'Lexer: Extracted body');
-            }
-            $html = $new_html;
-        }
-
-        // expand entities that aren't the big five
-        $html = $this->_entity_parser->substituteNonSpecialEntities($html);
-
-        // clean into wellformed UTF-8 string for an SGML context: this has
-        // to be done after entity expansion because the entities sometimes
-        // represent non-SGML characters (horror, horror!)
-        $html = HTMLPurifier_Encoder::cleanUTF8($html);
-
-        // if processing instructions are to removed, remove them now
-        if ($config->get('Core.RemoveProcessingInstructions')) {
-            $html = preg_replace('#<\?.+?\?>#s', '', $html);
-        }
-
-        return $html;
-    }
-
-    /**
-     * Takes a string of HTML (fragment or document) and returns the content
-     * @todo Consider making protected
-     */
-    public function extractBody($html) {
-        $matches = array();
-        $result = preg_match('!<body[^>]*>(.*)</body>!is', $html, $matches);
-        if ($result) {
-            return $matches[1];
-        } else {
-            return $html;
-        }
-    }
+		} else {
+			$lexer = $config->get('Core.LexerImpl');
+		}
+
+		$needs_tracking =
+			$config->get('Core.MaintainLineNumbers') ||
+			$config->get('Core.CollectErrors');
+
+		$inst = null;
+		if (is_object($lexer)) {
+			$inst = $lexer;
+		} else {
+
+			if (is_null($lexer)) { do {
+				// auto-detection algorithm
+
+				if ($needs_tracking) {
+					$lexer = 'DirectLex';
+					break;
+				}
+
+				if (
+					class_exists('DOMDocument') &&
+					method_exists('DOMDocument', 'loadHTML') &&
+					!extension_loaded('domxml')
+				) {
+					// check for DOM support, because while it's part of the
+					// core, it can be disabled compile time. Also, the PECL
+					// domxml extension overrides the default DOM, and is evil
+					// and nasty and we shan't bother to support it
+					$lexer = 'DOMLex';
+				} else {
+					$lexer = 'DirectLex';
+				}
+
+			} while(0); } // do..while so we can break
+
+			// instantiate recognized string names
+			switch ($lexer) {
+				case 'DOMLex':
+					$inst = new HTMLPurifier_Lexer_DOMLex();
+					break;
+				case 'DirectLex':
+					$inst = new HTMLPurifier_Lexer_DirectLex();
+					break;
+				case 'PH5P':
+					$inst = new HTMLPurifier_Lexer_PH5P();
+					break;
+				default:
+					throw new HTMLPurifier_Exception("Cannot instantiate unrecognized Lexer type " . htmlspecialchars($lexer, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
+			}
+		}
+
+		if (!$inst) throw new HTMLPurifier_Exception('No lexer was instantiated');
+
+		// once PHP DOM implements native line numbers, or we
+		// hack out something using XSLT, remove this stipulation
+		if ($needs_tracking && !$inst->tracksLineNumbers) {
+			throw new HTMLPurifier_Exception('Cannot use lexer that does not support line numbers with Core.MaintainLineNumbers or Core.CollectErrors (use DirectLex instead)');
+		}
+
+		return $inst;
+
+	}
+
+	// -- CONVENIENCE MEMBERS ---------------------------------------------
+
+	public function __construct() {
+		$this->_entity_parser = new HTMLPurifier_EntityParser();
+	}
+
+	/**
+	 * Most common entity to raw value conversion table for special entities.
+	 */
+	protected $_special_entity2str =
+			array(
+					'&quot;' => '"',
+					'&amp;'  => '&',
+					'&lt;'   => '<',
+					'&gt;'   => '>',
+					'&#39;'  => "'",
+					'&#039;' => "'",
+					'&#x27;' => "'"
+			);
+
+	/**
+	 * Parses special entities into the proper characters.
+	 *
+	 * This string will translate escaped versions of the special characters
+	 * into the correct ones.
+	 *
+	 * @warning
+	 * You should be able to treat the output of this function as
+	 * completely parsed, but that's only because all other entities should
+	 * have been handled previously in substituteNonSpecialEntities()
+	 *
+	 * @param $string String character data to be parsed.
+	 * @returns Parsed character data.
+	 */
+	public function parseData($string) {
+
+		// following functions require at least one character
+		if ($string === '') return '';
+
+		// subtracts amps that cannot possibly be escaped
+		$num_amp = substr_count($string, '&') - substr_count($string, '& ') -
+			($string[strlen($string)-1] === '&' ? 1 : 0);
+
+		if (!$num_amp) return $string; // abort if no entities
+		$num_esc_amp = substr_count($string, '&amp;');
+		$string = strtr($string, $this->_special_entity2str);
+
+		// code duplication for sake of optimization, see above
+		$num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
+			($string[strlen($string)-1] === '&' ? 1 : 0);
+
+		if ($num_amp_2 <= $num_esc_amp) return $string;
+
+		// hmm... now we have some uncommon entities. Use the callback.
+		$string = $this->_entity_parser->substituteSpecialEntities($string);
+		return $string;
+	}
+
+	/**
+	 * Lexes an HTML string into tokens.
+	 *
+	 * @param $string String HTML.
+	 * @return HTMLPurifier_Token array representation of HTML.
+	 */
+	public function tokenizeHTML($string, $config, $context) {
+		trigger_error('Call to abstract class', E_USER_ERROR);
+	}
+
+	/**
+	 * Translates CDATA sections into regular sections (through escaping).
+	 *
+	 * @param $string HTML string to process.
+	 * @returns HTML with CDATA sections escaped.
+	 */
+	protected static function escapeCDATA($string) {
+		return preg_replace_callback(
+			'/<!\[CDATA\[(.+?)\]\]>/s',
+			array('HTMLPurifier_Lexer', 'CDATACallback'),
+			$string
+		);
+	}
+
+	/**
+	 * Special CDATA case that is especially convoluted for <script>
+	 */
+	protected static function escapeCommentedCDATA($string) {
+		return preg_replace_callback(
+			'#<!--//--><!\[CDATA\[//><!--(.+?)//--><!\]\]>#s',
+			array('HTMLPurifier_Lexer', 'CDATACallback'),
+			$string
+		);
+	}
+
+	/**
+	 * Special Internet Explorer conditional comments should be removed.
+	 */
+	protected static function removeIEConditional($string) {
+		return preg_replace(
+			'#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
+			'',
+			$string
+		);
+	}
+
+	/**
+	 * Callback function for escapeCDATA() that does the work.
+	 *
+	 * @warning Though this is public in order to let the callback happen,
+	 *          calling it directly is not recommended.
+	 * @params $matches PCRE matches array, with index 0 the entire match
+	 *                  and 1 the inside of the CDATA section.
+	 * @returns Escaped internals of the CDATA section.
+	 */
+	protected static function CDATACallback($matches) {
+		// not exactly sure why the character set is needed, but whatever
+		return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8', false);
+	}
+
+	/**
+	 * Takes a piece of HTML and normalizes it by converting entities, fixing
+	 * encoding, extracting bits, and other good stuff.
+	 * @todo Consider making protected
+	 */
+	public function normalize($html, $config, $context) {
+
+		// normalize newlines to \n
+		if ($config->get('Core.NormalizeNewlines')) {
+			$html = str_replace("\r\n", "\n", $html);
+			$html = str_replace("\r", "\n", $html);
+		}
+
+		if ($config->get('HTML.Trusted')) {
+			// escape convoluted CDATA
+			$html = $this->escapeCommentedCDATA($html);
+		}
+
+		// escape CDATA
+		$html = $this->escapeCDATA($html);
+
+		$html = $this->removeIEConditional($html);
+
+		// extract body from document if applicable
+		if ($config->get('Core.ConvertDocumentToFragment')) {
+			$e = false;
+			if ($config->get('Core.CollectErrors')) {
+				$e =& $context->get('ErrorCollector');
+			}
+			$new_html = $this->extractBody($html);
+			if ($e && $new_html != $html) {
+				$e->send(E_WARNING, 'Lexer: Extracted body');
+			}
+			$html = $new_html;
+		}
+
+		// expand entities that aren't the big five
+		$html = $this->_entity_parser->substituteNonSpecialEntities($html);
+
+		// clean into wellformed UTF-8 string for an SGML context: this has
+		// to be done after entity expansion because the entities sometimes
+		// represent non-SGML characters (horror, horror!)
+		$html = HTMLPurifier_Encoder::cleanUTF8($html);
+
+		// if processing instructions are to removed, remove them now
+		if ($config->get('Core.RemoveProcessingInstructions')) {
+			$html = preg_replace('#<\?.+?\?>#s', '', $html);
+		}
+
+		return $html;
+	}
+
+	/**
+	 * Takes a string of HTML (fragment or document) and returns the content
+	 * @todo Consider making protected
+	 */
+	public function extractBody($html) {
+		$matches = array();
+		$result = preg_match('!<body[^>]*>(.*)</body>!is', $html, $matches);
+		if ($result) {
+			return $matches[1];
+		} else {
+			return $html;
+		}
+	}
 
 }
 

Spacing +4 added lines, -4 removed lines

@@ -107,7 +107,7 @@ 
                     $lexer = 'DirectLex';
                 }
 
-            } while(0); } // do..while so we can break
+            } while (0); } // do..while so we can break
 
             // instantiate recognized string names
             switch ($lexer) {
@@ -178,7 +178,7 @@ 
 
         // subtracts amps that cannot possibly be escaped
         $num_amp = substr_count($string, '&') - substr_count($string, '& ') -
-            ($string[strlen($string)-1] === '&' ? 1 : 0);
+            ($string[strlen($string) - 1] === '&' ? 1 : 0);
 
         if (!$num_amp) return $string; // abort if no entities
         $num_esc_amp = substr_count($string, '&');
@@ -186,7 +186,7 @@ 
 
         // code duplication for sake of optimization, see above
         $num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
-            ($string[strlen($string)-1] === '&' ? 1 : 0);
+            ($string[strlen($string) - 1] === '&' ? 1 : 0);
 
         if ($num_amp_2 <= $num_esc_amp) return $string;
 
@@ -282,7 +282,7 @@ 
         if ($config->get('Core.ConvertDocumentToFragment')) {
             $e = false;
             if ($config->get('Core.CollectErrors')) {
-                $e =& $context->get('ErrorCollector');
+                $e = & $context->get('ErrorCollector');
             }
             $new_html = $this->extractBody($html);
             if ($e && $new_html != $html) {

Braces +13 added lines, -4 removed lines

@@ -125,7 +125,9 @@ 
             }
         }
 
-        if (!$inst) throw new HTMLPurifier_Exception('No lexer was instantiated');
+        if (!$inst) {
+        	throw new HTMLPurifier_Exception('No lexer was instantiated');
+        }
 
         // once PHP DOM implements native line numbers, or we
         // hack out something using XSLT, remove this stipulation
@@ -174,13 +176,18 @@ 
     public function parseData($string) {
 
         // following functions require at least one character
-        if ($string === '') return '';
+        if ($string === '') {
+        	return '';
+        }
 
         // subtracts amps that cannot possibly be escaped
         $num_amp = substr_count($string, '&') - substr_count($string, '& ') -
             ($string[strlen($string)-1] === '&' ? 1 : 0);
 
-        if (!$num_amp) return $string; // abort if no entities
+        if (!$num_amp) {
+        	return $string;
+        }
+        // abort if no entities
         $num_esc_amp = substr_count($string, '&');
         $string = strtr($string, $this->_special_entity2str);
 
@@ -188,7 +195,9 @@ 
         $num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
             ($string[strlen($string)-1] === '&' ? 1 : 0);
 
-        if ($num_amp_2 <= $num_esc_amp) return $string;
+        if ($num_amp_2 <= $num_esc_amp) {
+        	return $string;
+        }
 
         // hmm... now we have some uncommon entities. Use the callback.
         $string = $this->_entity_parser->substituteSpecialEntities($string);

classes/security/htmlpurifier/library/HTMLPurifier/PercentEncoder.php

Indentation +77 added lines, -77 removed lines

@@ -11,87 +11,87 @@
 class HTMLPurifier_PercentEncoder
 {
 
-    /**
-     * Reserved characters to preserve when using encode().
-     */
-    protected $preserve = array();
+	/**
+	 * Reserved characters to preserve when using encode().
+	 */
+	protected $preserve = array();
 
-    /**
-     * String of characters that should be preserved while using encode().
-     */
-    public function __construct($preserve = false) {
-        // unreserved letters, ought to const-ify
-        for ($i = 48; $i <= 57;  $i++) $this->preserve[$i] = true; // digits
-        for ($i = 65; $i <= 90;  $i++) $this->preserve[$i] = true; // upper-case
-        for ($i = 97; $i <= 122; $i++) $this->preserve[$i] = true; // lower-case
-        $this->preserve[45] = true; // Dash         -
-        $this->preserve[46] = true; // Period       .
-        $this->preserve[95] = true; // Underscore   _
-        $this->preserve[126]= true; // Tilde        ~
+	/**
+	 * String of characters that should be preserved while using encode().
+	 */
+	public function __construct($preserve = false) {
+		// unreserved letters, ought to const-ify
+		for ($i = 48; $i <= 57;  $i++) $this->preserve[$i] = true; // digits
+		for ($i = 65; $i <= 90;  $i++) $this->preserve[$i] = true; // upper-case
+		for ($i = 97; $i <= 122; $i++) $this->preserve[$i] = true; // lower-case
+		$this->preserve[45] = true; // Dash         -
+		$this->preserve[46] = true; // Period       .
+		$this->preserve[95] = true; // Underscore   _
+		$this->preserve[126]= true; // Tilde        ~
 
-        // extra letters not to escape
-        if ($preserve !== false) {
-            for ($i = 0, $c = strlen($preserve); $i < $c; $i++) {
-                $this->preserve[ord($preserve[$i])] = true;
-            }
-        }
-    }
+		// extra letters not to escape
+		if ($preserve !== false) {
+			for ($i = 0, $c = strlen($preserve); $i < $c; $i++) {
+				$this->preserve[ord($preserve[$i])] = true;
+			}
+		}
+	}
 
-    /**
-     * Our replacement for urlencode, it encodes all non-reserved characters,
-     * as well as any extra characters that were instructed to be preserved.
-     * @note
-     *      Assumes that the string has already been normalized, making any
-     *      and all percent escape sequences valid. Percents will not be
-     *      re-escaped, regardless of their status in $preserve
-     * @param $string String to be encoded
-     * @return Encoded string.
-     */
-    public function encode($string) {
-        $ret = '';
-        for ($i = 0, $c = strlen($string); $i < $c; $i++) {
-            if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])]) ) {
-                $ret .= '%' . sprintf('%02X', $int);
-            } else {
-                $ret .= $string[$i];
-            }
-        }
-        return $ret;
-    }
+	/**
+	 * Our replacement for urlencode, it encodes all non-reserved characters,
+	 * as well as any extra characters that were instructed to be preserved.
+	 * @note
+	 *      Assumes that the string has already been normalized, making any
+	 *      and all percent escape sequences valid. Percents will not be
+	 *      re-escaped, regardless of their status in $preserve
+	 * @param $string String to be encoded
+	 * @return Encoded string.
+	 */
+	public function encode($string) {
+		$ret = '';
+		for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+			if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])]) ) {
+				$ret .= '%' . sprintf('%02X', $int);
+			} else {
+				$ret .= $string[$i];
+			}
+		}
+		return $ret;
+	}
 
-    /**
-     * Fix up percent-encoding by decoding unreserved characters and normalizing.
-     * @warning This function is affected by $preserve, even though the
-     *          usual desired behavior is for this not to preserve those
-     *          characters. Be careful when reusing instances of PercentEncoder!
-     * @param $string String to normalize
-     */
-    public function normalize($string) {
-        if ($string == '') return '';
-        $parts = explode('%', $string);
-        $ret = array_shift($parts);
-        foreach ($parts as $part) {
-            $length = strlen($part);
-            if ($length < 2) {
-                $ret .= '%25' . $part;
-                continue;
-            }
-            $encoding = substr($part, 0, 2);
-            $text     = substr($part, 2);
-            if (!ctype_xdigit($encoding)) {
-                $ret .= '%25' . $part;
-                continue;
-            }
-            $int = hexdec($encoding);
-            if (isset($this->preserve[$int])) {
-                $ret .= chr($int) . $text;
-                continue;
-            }
-            $encoding = strtoupper($encoding);
-            $ret .= '%' . $encoding . $text;
-        }
-        return $ret;
-    }
+	/**
+	 * Fix up percent-encoding by decoding unreserved characters and normalizing.
+	 * @warning This function is affected by $preserve, even though the
+	 *          usual desired behavior is for this not to preserve those
+	 *          characters. Be careful when reusing instances of PercentEncoder!
+	 * @param $string String to normalize
+	 */
+	public function normalize($string) {
+		if ($string == '') return '';
+		$parts = explode('%', $string);
+		$ret = array_shift($parts);
+		foreach ($parts as $part) {
+			$length = strlen($part);
+			if ($length < 2) {
+				$ret .= '%25' . $part;
+				continue;
+			}
+			$encoding = substr($part, 0, 2);
+			$text     = substr($part, 2);
+			if (!ctype_xdigit($encoding)) {
+				$ret .= '%25' . $part;
+				continue;
+			}
+			$int = hexdec($encoding);
+			if (isset($this->preserve[$int])) {
+				$ret .= chr($int) . $text;
+				continue;
+			}
+			$encoding = strtoupper($encoding);
+			$ret .= '%' . $encoding . $text;
+		}
+		return $ret;
+	}
 
 }
 

Spacing +4 added lines, -4 removed lines

@@ -21,13 +21,13 @@ 
      */
     public function __construct($preserve = false) {
         // unreserved letters, ought to const-ify
-        for ($i = 48; $i <= 57;  $i++) $this->preserve[$i] = true; // digits
-        for ($i = 65; $i <= 90;  $i++) $this->preserve[$i] = true; // upper-case
+        for ($i = 48; $i <= 57; $i++) $this->preserve[$i] = true; // digits
+        for ($i = 65; $i <= 90; $i++) $this->preserve[$i] = true; // upper-case
         for ($i = 97; $i <= 122; $i++) $this->preserve[$i] = true; // lower-case
         $this->preserve[45] = true; // Dash         -
         $this->preserve[46] = true; // Period       .
         $this->preserve[95] = true; // Underscore   _
-        $this->preserve[126]= true; // Tilde        ~
+        $this->preserve[126] = true; // Tilde        ~
 
         // extra letters not to escape
         if ($preserve !== false) {
@@ -50,7 +50,7 @@ 
     public function encode($string) {
         $ret = '';
         for ($i = 0, $c = strlen($string); $i < $c; $i++) {
-            if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])]) ) {
+            if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])])) {
                 $ret .= '%' . sprintf('%02X', $int);
             } else {
                 $ret .= $string[$i];

Braces +15 added lines, -4 removed lines

@@ -21,9 +21,18 @@ 
      */
     public function __construct($preserve = false) {
         // unreserved letters, ought to const-ify
-        for ($i = 48; $i <= 57;  $i++) $this->preserve[$i] = true; // digits
-        for ($i = 65; $i <= 90;  $i++) $this->preserve[$i] = true; // upper-case
-        for ($i = 97; $i <= 122; $i++) $this->preserve[$i] = true; // lower-case
+        for ($i = 48; $i <= 57;  $i++) {
+        	$this->preserve[$i] = true;
+        }
+        // digits
+        for ($i = 65; $i <= 90;  $i++) {
+        	$this->preserve[$i] = true;
+        }
+        // upper-case
+        for ($i = 97; $i <= 122; $i++) {
+        	$this->preserve[$i] = true;
+        }
+        // lower-case
         $this->preserve[45] = true; // Dash         -
         $this->preserve[46] = true; // Period       .
         $this->preserve[95] = true; // Underscore   _
@@ -67,7 +76,9 @@ 
      * @param $string String to normalize
      */
     public function normalize($string) {
-        if ($string == '') return '';
+        if ($string == '') {
+        	return '';
+        }
         $parts = explode('%', $string);
         $ret = array_shift($parts);
         foreach ($parts as $part) {

classes/security/htmlpurifier/library/HTMLPurifier/Printer/CSSDefinition.php

Indentation +22 added lines, -22 removed lines

@@ -3,35 +3,35 @@
 class HTMLPurifier_Printer_CSSDefinition extends HTMLPurifier_Printer
 {
 
-    protected $def;
+	protected $def;
 
-    public function render($config) {
-        $this->def = $config->getCSSDefinition();
-        $ret = '';
+	public function render($config) {
+		$this->def = $config->getCSSDefinition();
+		$ret = '';
 
-        $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
-        $ret .= $this->start('table');
+		$ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
+		$ret .= $this->start('table');
 
-        $ret .= $this->element('caption', 'Properties ($info)');
+		$ret .= $this->element('caption', 'Properties ($info)');
 
-        $ret .= $this->start('thead');
-        $ret .= $this->start('tr');
-        $ret .= $this->element('th', 'Property', array('class' => 'heavy'));
-        $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
-        $ret .= $this->end('tr');
-        $ret .= $this->end('thead');
+		$ret .= $this->start('thead');
+		$ret .= $this->start('tr');
+		$ret .= $this->element('th', 'Property', array('class' => 'heavy'));
+		$ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
+		$ret .= $this->end('tr');
+		$ret .= $this->end('thead');
 
-        ksort($this->def->info);
-        foreach ($this->def->info as $property => $obj) {
-            $name = $this->getClass($obj, 'AttrDef_');
-            $ret .= $this->row($property, $name);
-        }
+		ksort($this->def->info);
+		foreach ($this->def->info as $property => $obj) {
+			$name = $this->getClass($obj, 'AttrDef_');
+			$ret .= $this->row($property, $name);
+		}
 
-        $ret .= $this->end('table');
-        $ret .= $this->end('div');
+		$ret .= $this->end('table');
+		$ret .= $this->end('div');
 
-        return $ret;
-    }
+		return $ret;
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/Printer/ConfigForm.php

Indentation +316 added lines, -316 removed lines

@@ -6,179 +6,179 @@ 
 class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
 {
 
-    /**
-     * Printers for specific fields
-     */
-    protected $fields = array();
+	/**
+	 * Printers for specific fields
+	 */
+	protected $fields = array();
 
-    /**
-     * Documentation URL, can have fragment tagged on end
-     */
-    protected $docURL;
+	/**
+	 * Documentation URL, can have fragment tagged on end
+	 */
+	protected $docURL;
 
-    /**
-     * Name of form element to stuff config in
-     */
-    protected $name;
+	/**
+	 * Name of form element to stuff config in
+	 */
+	protected $name;
 
-    /**
-     * Whether or not to compress directive names, clipping them off
-     * after a certain amount of letters. False to disable or integer letters
-     * before clipping.
-     */
-    protected $compress = false;
+	/**
+	 * Whether or not to compress directive names, clipping them off
+	 * after a certain amount of letters. False to disable or integer letters
+	 * before clipping.
+	 */
+	protected $compress = false;
 
-    /**
-     * @param $name Form element name for directives to be stuffed into
-     * @param $doc_url String documentation URL, will have fragment tagged on
-     * @param $compress Integer max length before compressing a directive name, set to false to turn off
-     */
-    public function __construct(
-        $name, $doc_url = null, $compress = false
-    ) {
-        parent::__construct();
-        $this->docURL = $doc_url;
-        $this->name   = $name;
-        $this->compress = $compress;
-        // initialize sub-printers
-        $this->fields[0]    = new HTMLPurifier_Printer_ConfigForm_default();
-        $this->fields[HTMLPurifier_VarParser::BOOL]       = new HTMLPurifier_Printer_ConfigForm_bool();
-    }
+	/**
+	 * @param $name Form element name for directives to be stuffed into
+	 * @param $doc_url String documentation URL, will have fragment tagged on
+	 * @param $compress Integer max length before compressing a directive name, set to false to turn off
+	 */
+	public function __construct(
+		$name, $doc_url = null, $compress = false
+	) {
+		parent::__construct();
+		$this->docURL = $doc_url;
+		$this->name   = $name;
+		$this->compress = $compress;
+		// initialize sub-printers
+		$this->fields[0]    = new HTMLPurifier_Printer_ConfigForm_default();
+		$this->fields[HTMLPurifier_VarParser::BOOL]       = new HTMLPurifier_Printer_ConfigForm_bool();
+	}
 
-    /**
-     * Sets default column and row size for textareas in sub-printers
-     * @param $cols Integer columns of textarea, null to use default
-     * @param $rows Integer rows of textarea, null to use default
-     */
-    public function setTextareaDimensions($cols = null, $rows = null) {
-        if ($cols) $this->fields['default']->cols = $cols;
-        if ($rows) $this->fields['default']->rows = $rows;
-    }
+	/**
+	 * Sets default column and row size for textareas in sub-printers
+	 * @param $cols Integer columns of textarea, null to use default
+	 * @param $rows Integer rows of textarea, null to use default
+	 */
+	public function setTextareaDimensions($cols = null, $rows = null) {
+		if ($cols) $this->fields['default']->cols = $cols;
+		if ($rows) $this->fields['default']->rows = $rows;
+	}
 
-    /**
-     * Retrieves styling, in case it is not accessible by webserver
-     */
-    public static function getCSS() {
-        return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.css');
-    }
+	/**
+	 * Retrieves styling, in case it is not accessible by webserver
+	 */
+	public static function getCSS() {
+		return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.css');
+	}
 
-    /**
-     * Retrieves JavaScript, in case it is not accessible by webserver
-     */
-    public static function getJavaScript() {
-        return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.js');
-    }
+	/**
+	 * Retrieves JavaScript, in case it is not accessible by webserver
+	 */
+	public static function getJavaScript() {
+		return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.js');
+	}
 
-    /**
-     * Returns HTML output for a configuration form
-     * @param $config Configuration object of current form state, or an array
-     *        where [0] has an HTML namespace and [1] is being rendered.
-     * @param $allowed Optional namespace(s) and directives to restrict form to.
-     */
-    public function render($config, $allowed = true, $render_controls = true) {
-        if (is_array($config) && isset($config[0])) {
-            $gen_config = $config[0];
-            $config = $config[1];
-        } else {
-            $gen_config = $config;
-        }
+	/**
+	 * Returns HTML output for a configuration form
+	 * @param $config Configuration object of current form state, or an array
+	 *        where [0] has an HTML namespace and [1] is being rendered.
+	 * @param $allowed Optional namespace(s) and directives to restrict form to.
+	 */
+	public function render($config, $allowed = true, $render_controls = true) {
+		if (is_array($config) && isset($config[0])) {
+			$gen_config = $config[0];
+			$config = $config[1];
+		} else {
+			$gen_config = $config;
+		}
 
-        $this->config = $config;
-        $this->genConfig = $gen_config;
-        $this->prepareGenerator($gen_config);
+		$this->config = $config;
+		$this->genConfig = $gen_config;
+		$this->prepareGenerator($gen_config);
 
-        $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $config->def);
-        $all = array();
-        foreach ($allowed as $key) {
-            list($ns, $directive) = $key;
-            $all[$ns][$directive] = $config->get($ns .'.'. $directive);
-        }
+		$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $config->def);
+		$all = array();
+		foreach ($allowed as $key) {
+			list($ns, $directive) = $key;
+			$all[$ns][$directive] = $config->get($ns .'.'. $directive);
+		}
 
-        $ret = '';
-        $ret .= $this->start('table', array('class' => 'hp-config'));
-        $ret .= $this->start('thead');
-        $ret .= $this->start('tr');
-            $ret .= $this->element('th', 'Directive', array('class' => 'hp-directive'));
-            $ret .= $this->element('th', 'Value', array('class' => 'hp-value'));
-        $ret .= $this->end('tr');
-        $ret .= $this->end('thead');
-        foreach ($all as $ns => $directives) {
-            $ret .= $this->renderNamespace($ns, $directives);
-        }
-        if ($render_controls) {
-             $ret .= $this->start('tbody');
-             $ret .= $this->start('tr');
-                 $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
-                     $ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit'));
-                     $ret .= '[<a href="?">Reset</a>]';
-                 $ret .= $this->end('td');
-             $ret .= $this->end('tr');
-             $ret .= $this->end('tbody');
-        }
-        $ret .= $this->end('table');
-        return $ret;
-    }
+		$ret = '';
+		$ret .= $this->start('table', array('class' => 'hp-config'));
+		$ret .= $this->start('thead');
+		$ret .= $this->start('tr');
+			$ret .= $this->element('th', 'Directive', array('class' => 'hp-directive'));
+			$ret .= $this->element('th', 'Value', array('class' => 'hp-value'));
+		$ret .= $this->end('tr');
+		$ret .= $this->end('thead');
+		foreach ($all as $ns => $directives) {
+			$ret .= $this->renderNamespace($ns, $directives);
+		}
+		if ($render_controls) {
+			 $ret .= $this->start('tbody');
+			 $ret .= $this->start('tr');
+				 $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
+					 $ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit'));
+					 $ret .= '[<a href="?">Reset</a>]';
+				 $ret .= $this->end('td');
+			 $ret .= $this->end('tr');
+			 $ret .= $this->end('tbody');
+		}
+		$ret .= $this->end('table');
+		return $ret;
+	}
 
-    /**
-     * Renders a single namespace
-     * @param $ns String namespace name
-     * @param $directive Associative array of directives to values
-     */
-    protected function renderNamespace($ns, $directives) {
-        $ret = '';
-        $ret .= $this->start('tbody', array('class' => 'namespace'));
-        $ret .= $this->start('tr');
-            $ret .= $this->element('th', $ns, array('colspan' => 2));
-        $ret .= $this->end('tr');
-        $ret .= $this->end('tbody');
-        $ret .= $this->start('tbody');
-        foreach ($directives as $directive => $value) {
-            $ret .= $this->start('tr');
-            $ret .= $this->start('th');
-            if ($this->docURL) {
-                $url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
-                $ret .= $this->start('a', array('href' => $url));
-            }
-                $attr = array('for' => "{$this->name}:$ns.$directive");
+	/**
+	 * Renders a single namespace
+	 * @param $ns String namespace name
+	 * @param $directive Associative array of directives to values
+	 */
+	protected function renderNamespace($ns, $directives) {
+		$ret = '';
+		$ret .= $this->start('tbody', array('class' => 'namespace'));
+		$ret .= $this->start('tr');
+			$ret .= $this->element('th', $ns, array('colspan' => 2));
+		$ret .= $this->end('tr');
+		$ret .= $this->end('tbody');
+		$ret .= $this->start('tbody');
+		foreach ($directives as $directive => $value) {
+			$ret .= $this->start('tr');
+			$ret .= $this->start('th');
+			if ($this->docURL) {
+				$url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
+				$ret .= $this->start('a', array('href' => $url));
+			}
+				$attr = array('for' => "{$this->name}:$ns.$directive");
 
-                // crop directive name if it's too long
-                if (!$this->compress || (strlen($directive) < $this->compress)) {
-                    $directive_disp = $directive;
-                } else {
-                    $directive_disp = substr($directive, 0, $this->compress - 2) . '...';
-                    $attr['title'] = $directive;
-                }
+				// crop directive name if it's too long
+				if (!$this->compress || (strlen($directive) < $this->compress)) {
+					$directive_disp = $directive;
+				} else {
+					$directive_disp = substr($directive, 0, $this->compress - 2) . '...';
+					$attr['title'] = $directive;
+				}
 
-                $ret .= $this->element(
-                    'label',
-                    $directive_disp,
-                    // component printers must create an element with this id
-                    $attr
-                );
-            if ($this->docURL) $ret .= $this->end('a');
-            $ret .= $this->end('th');
+				$ret .= $this->element(
+					'label',
+					$directive_disp,
+					// component printers must create an element with this id
+					$attr
+				);
+			if ($this->docURL) $ret .= $this->end('a');
+			$ret .= $this->end('th');
 
-            $ret .= $this->start('td');
-                $def = $this->config->def->info["$ns.$directive"];
-                if (is_int($def)) {
-                    $allow_null = $def < 0;
-                    $type = abs($def);
-                } else {
-                    $type = $def->type;
-                    $allow_null = isset($def->allow_null);
-                }
-                if (!isset($this->fields[$type])) $type = 0; // default
-                $type_obj = $this->fields[$type];
-                if ($allow_null) {
-                    $type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj);
-                }
-                $ret .= $type_obj->render($ns, $directive, $value, $this->name, array($this->genConfig, $this->config));
-            $ret .= $this->end('td');
-            $ret .= $this->end('tr');
-        }
-        $ret .= $this->end('tbody');
-        return $ret;
-    }
+			$ret .= $this->start('td');
+				$def = $this->config->def->info["$ns.$directive"];
+				if (is_int($def)) {
+					$allow_null = $def < 0;
+					$type = abs($def);
+				} else {
+					$type = $def->type;
+					$allow_null = isset($def->allow_null);
+				}
+				if (!isset($this->fields[$type])) $type = 0; // default
+				$type_obj = $this->fields[$type];
+				if ($allow_null) {
+					$type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj);
+				}
+				$ret .= $type_obj->render($ns, $directive, $value, $this->name, array($this->genConfig, $this->config));
+			$ret .= $this->end('td');
+			$ret .= $this->end('tr');
+		}
+		$ret .= $this->end('tbody');
+		return $ret;
+	}
 
 }
 
@@ -186,183 +186,183 @@ 
  * Printer decorator for directives that accept null
  */
 class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer {
-    /**
-     * Printer being decorated
-     */
-    protected $obj;
-    /**
-     * @param $obj Printer to decorate
-     */
-    public function __construct($obj) {
-        parent::__construct();
-        $this->obj = $obj;
-    }
-    public function render($ns, $directive, $value, $name, $config) {
-        if (is_array($config) && isset($config[0])) {
-            $gen_config = $config[0];
-            $config = $config[1];
-        } else {
-            $gen_config = $config;
-        }
-        $this->prepareGenerator($gen_config);
+	/**
+	 * Printer being decorated
+	 */
+	protected $obj;
+	/**
+	 * @param $obj Printer to decorate
+	 */
+	public function __construct($obj) {
+		parent::__construct();
+		$this->obj = $obj;
+	}
+	public function render($ns, $directive, $value, $name, $config) {
+		if (is_array($config) && isset($config[0])) {
+			$gen_config = $config[0];
+			$config = $config[1];
+		} else {
+			$gen_config = $config;
+		}
+		$this->prepareGenerator($gen_config);
 
-        $ret = '';
-        $ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
-        $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
-        $ret .= $this->text(' Null/Disabled');
-        $ret .= $this->end('label');
-        $attr = array(
-            'type' => 'checkbox',
-            'value' => '1',
-            'class' => 'null-toggle',
-            'name' => "$name"."[Null_$ns.$directive]",
-            'id' => "$name:Null_$ns.$directive",
-            'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
-        );
-        if ($this->obj instanceof HTMLPurifier_Printer_ConfigForm_bool) {
-            // modify inline javascript slightly
-            $attr['onclick'] = "toggleWriteability('$name:Yes_$ns.$directive',checked);toggleWriteability('$name:No_$ns.$directive',checked)";
-        }
-        if ($value === null) $attr['checked'] = 'checked';
-        $ret .= $this->elementEmpty('input', $attr);
-        $ret .= $this->text(' or ');
-        $ret .= $this->elementEmpty('br');
-        $ret .= $this->obj->render($ns, $directive, $value, $name, array($gen_config, $config));
-        return $ret;
-    }
+		$ret = '';
+		$ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
+		$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
+		$ret .= $this->text(' Null/Disabled');
+		$ret .= $this->end('label');
+		$attr = array(
+			'type' => 'checkbox',
+			'value' => '1',
+			'class' => 'null-toggle',
+			'name' => "$name"."[Null_$ns.$directive]",
+			'id' => "$name:Null_$ns.$directive",
+			'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
+		);
+		if ($this->obj instanceof HTMLPurifier_Printer_ConfigForm_bool) {
+			// modify inline javascript slightly
+			$attr['onclick'] = "toggleWriteability('$name:Yes_$ns.$directive',checked);toggleWriteability('$name:No_$ns.$directive',checked)";
+		}
+		if ($value === null) $attr['checked'] = 'checked';
+		$ret .= $this->elementEmpty('input', $attr);
+		$ret .= $this->text(' or ');
+		$ret .= $this->elementEmpty('br');
+		$ret .= $this->obj->render($ns, $directive, $value, $name, array($gen_config, $config));
+		return $ret;
+	}
 }
 
 /**
  * Swiss-army knife configuration form field printer
  */
 class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer {
-    public $cols = 18;
-    public $rows = 5;
-    public function render($ns, $directive, $value, $name, $config) {
-        if (is_array($config) && isset($config[0])) {
-            $gen_config = $config[0];
-            $config = $config[1];
-        } else {
-            $gen_config = $config;
-        }
-        $this->prepareGenerator($gen_config);
-        // this should probably be split up a little
-        $ret = '';
-        $def = $config->def->info["$ns.$directive"];
-        if (is_int($def)) {
-            $type = abs($def);
-        } else {
-            $type = $def->type;
-        }
-        if (is_array($value)) {
-            switch ($type) {
-                case HTMLPurifier_VarParser::LOOKUP:
-                    $array = $value;
-                    $value = array();
-                    foreach ($array as $val => $b) {
-                        $value[] = $val;
-                    }
-                case HTMLPurifier_VarParser::ALIST:
-                    $value = implode(PHP_EOL, $value);
-                    break;
-                case HTMLPurifier_VarParser::HASH:
-                    $nvalue = '';
-                    foreach ($value as $i => $v) {
-                        $nvalue .= "$i:$v" . PHP_EOL;
-                    }
-                    $value = $nvalue;
-                    break;
-                default:
-                    $value = '';
-            }
-        }
-        if ($type === HTMLPurifier_VarParser::MIXED) {
-            return 'Not supported';
-            $value = serialize($value);
-        }
-        $attr = array(
-            'name' => "$name"."[$ns.$directive]",
-            'id' => "$name:$ns.$directive"
-        );
-        if ($value === null) $attr['disabled'] = 'disabled';
-        if (isset($def->allowed)) {
-            $ret .= $this->start('select', $attr);
-            foreach ($def->allowed as $val => $b) {
-                $attr = array();
-                if ($value == $val) $attr['selected'] = 'selected';
-                $ret .= $this->element('option', $val, $attr);
-            }
-            $ret .= $this->end('select');
-        } elseif (
-            $type === HTMLPurifier_VarParser::TEXT ||
-            $type === HTMLPurifier_VarParser::ITEXT ||
-            $type === HTMLPurifier_VarParser::ALIST ||
-            $type === HTMLPurifier_VarParser::HASH ||
-            $type === HTMLPurifier_VarParser::LOOKUP
-        ) {
-            $attr['cols'] = $this->cols;
-            $attr['rows'] = $this->rows;
-            $ret .= $this->start('textarea', $attr);
-            $ret .= $this->text($value);
-            $ret .= $this->end('textarea');
-        } else {
-            $attr['value'] = $value;
-            $attr['type'] = 'text';
-            $ret .= $this->elementEmpty('input', $attr);
-        }
-        return $ret;
-    }
+	public $cols = 18;
+	public $rows = 5;
+	public function render($ns, $directive, $value, $name, $config) {
+		if (is_array($config) && isset($config[0])) {
+			$gen_config = $config[0];
+			$config = $config[1];
+		} else {
+			$gen_config = $config;
+		}
+		$this->prepareGenerator($gen_config);
+		// this should probably be split up a little
+		$ret = '';
+		$def = $config->def->info["$ns.$directive"];
+		if (is_int($def)) {
+			$type = abs($def);
+		} else {
+			$type = $def->type;
+		}
+		if (is_array($value)) {
+			switch ($type) {
+				case HTMLPurifier_VarParser::LOOKUP:
+					$array = $value;
+					$value = array();
+					foreach ($array as $val => $b) {
+						$value[] = $val;
+					}
+				case HTMLPurifier_VarParser::ALIST:
+					$value = implode(PHP_EOL, $value);
+					break;
+				case HTMLPurifier_VarParser::HASH:
+					$nvalue = '';
+					foreach ($value as $i => $v) {
+						$nvalue .= "$i:$v" . PHP_EOL;
+					}
+					$value = $nvalue;
+					break;
+				default:
+					$value = '';
+			}
+		}
+		if ($type === HTMLPurifier_VarParser::MIXED) {
+			return 'Not supported';
+			$value = serialize($value);
+		}
+		$attr = array(
+			'name' => "$name"."[$ns.$directive]",
+			'id' => "$name:$ns.$directive"
+		);
+		if ($value === null) $attr['disabled'] = 'disabled';
+		if (isset($def->allowed)) {
+			$ret .= $this->start('select', $attr);
+			foreach ($def->allowed as $val => $b) {
+				$attr = array();
+				if ($value == $val) $attr['selected'] = 'selected';
+				$ret .= $this->element('option', $val, $attr);
+			}
+			$ret .= $this->end('select');
+		} elseif (
+			$type === HTMLPurifier_VarParser::TEXT ||
+			$type === HTMLPurifier_VarParser::ITEXT ||
+			$type === HTMLPurifier_VarParser::ALIST ||
+			$type === HTMLPurifier_VarParser::HASH ||
+			$type === HTMLPurifier_VarParser::LOOKUP
+		) {
+			$attr['cols'] = $this->cols;
+			$attr['rows'] = $this->rows;
+			$ret .= $this->start('textarea', $attr);
+			$ret .= $this->text($value);
+			$ret .= $this->end('textarea');
+		} else {
+			$attr['value'] = $value;
+			$attr['type'] = 'text';
+			$ret .= $this->elementEmpty('input', $attr);
+		}
+		return $ret;
+	}
 }
 
 /**
  * Bool form field printer
  */
 class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer {
-    public function render($ns, $directive, $value, $name, $config) {
-        if (is_array($config) && isset($config[0])) {
-            $gen_config = $config[0];
-            $config = $config[1];
-        } else {
-            $gen_config = $config;
-        }
-        $this->prepareGenerator($gen_config);
-        $ret = '';
-        $ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
+	public function render($ns, $directive, $value, $name, $config) {
+		if (is_array($config) && isset($config[0])) {
+			$gen_config = $config[0];
+			$config = $config[1];
+		} else {
+			$gen_config = $config;
+		}
+		$this->prepareGenerator($gen_config);
+		$ret = '';
+		$ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
 
-        $ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
-        $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
-        $ret .= $this->text(' Yes');
-        $ret .= $this->end('label');
+		$ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
+		$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
+		$ret .= $this->text(' Yes');
+		$ret .= $this->end('label');
 
-        $attr = array(
-            'type' => 'radio',
-            'name' => "$name"."[$ns.$directive]",
-            'id' => "$name:Yes_$ns.$directive",
-            'value' => '1'
-        );
-        if ($value === true) $attr['checked'] = 'checked';
-        if ($value === null) $attr['disabled'] = 'disabled';
-        $ret .= $this->elementEmpty('input', $attr);
+		$attr = array(
+			'type' => 'radio',
+			'name' => "$name"."[$ns.$directive]",
+			'id' => "$name:Yes_$ns.$directive",
+			'value' => '1'
+		);
+		if ($value === true) $attr['checked'] = 'checked';
+		if ($value === null) $attr['disabled'] = 'disabled';
+		$ret .= $this->elementEmpty('input', $attr);
 
-        $ret .= $this->start('label', array('for' => "$name:No_$ns.$directive"));
-        $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
-        $ret .= $this->text(' No');
-        $ret .= $this->end('label');
+		$ret .= $this->start('label', array('for' => "$name:No_$ns.$directive"));
+		$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
+		$ret .= $this->text(' No');
+		$ret .= $this->end('label');
 
-        $attr = array(
-            'type' => 'radio',
-            'name' => "$name"."[$ns.$directive]",
-            'id' => "$name:No_$ns.$directive",
-            'value' => '0'
-        );
-        if ($value === false) $attr['checked'] = 'checked';
-        if ($value === null) $attr['disabled'] = 'disabled';
-        $ret .= $this->elementEmpty('input', $attr);
+		$attr = array(
+			'type' => 'radio',
+			'name' => "$name"."[$ns.$directive]",
+			'id' => "$name:No_$ns.$directive",
+			'value' => '0'
+		);
+		if ($value === false) $attr['checked'] = 'checked';
+		if ($value === null) $attr['disabled'] = 'disabled';
+		$ret .= $this->elementEmpty('input', $attr);
 
-        $ret .= $this->end('div');
+		$ret .= $this->end('div');
 
-        return $ret;
-    }
+		return $ret;
+	}
 }
 
 // vim: et sw=4 sts=4

Spacing +7 added lines, -7 removed lines

@@ -41,8 +41,8 @@ 
         $this->name   = $name;
         $this->compress = $compress;
         // initialize sub-printers
-        $this->fields[0]    = new HTMLPurifier_Printer_ConfigForm_default();
-        $this->fields[HTMLPurifier_VarParser::BOOL]       = new HTMLPurifier_Printer_ConfigForm_bool();
+        $this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default();
+        $this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
     }
 
     /**
@@ -91,7 +91,7 @@ 
         $all = array();
         foreach ($allowed as $key) {
             list($ns, $directive) = $key;
-            $all[$ns][$directive] = $config->get($ns .'.'. $directive);
+            $all[$ns][$directive] = $config->get($ns . '.' . $directive);
         }
 
         $ret = '';
@@ -215,7 +215,7 @@ 
             'type' => 'checkbox',
             'value' => '1',
             'class' => 'null-toggle',
-            'name' => "$name"."[Null_$ns.$directive]",
+            'name' => "$name" . "[Null_$ns.$directive]",
             'id' => "$name:Null_$ns.$directive",
             'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
         );
@@ -281,7 +281,7 @@ 
             $value = serialize($value);
         }
         $attr = array(
-            'name' => "$name"."[$ns.$directive]",
+            'name' => "$name" . "[$ns.$directive]",
             'id' => "$name:$ns.$directive"
         );
         if ($value === null) $attr['disabled'] = 'disabled';
@@ -336,7 +336,7 @@ 
 
         $attr = array(
             'type' => 'radio',
-            'name' => "$name"."[$ns.$directive]",
+            'name' => "$name" . "[$ns.$directive]",
             'id' => "$name:Yes_$ns.$directive",
             'value' => '1'
         );
@@ -351,7 +351,7 @@ 
 
         $attr = array(
             'type' => 'radio',
-            'name' => "$name"."[$ns.$directive]",
+            'name' => "$name" . "[$ns.$directive]",
             'id' => "$name:No_$ns.$directive",
             'value' => '0'
         );

Braces +34 added lines, -11 removed lines

@@ -51,8 +51,12 @@ 
      * @param $rows Integer rows of textarea, null to use default
      */
     public function setTextareaDimensions($cols = null, $rows = null) {
-        if ($cols) $this->fields['default']->cols = $cols;
-        if ($rows) $this->fields['default']->rows = $rows;
+        if ($cols) {
+        	$this->fields['default']->cols = $cols;
+        }
+        if ($rows) {
+        	$this->fields['default']->rows = $rows;
+        }
     }
 
     /**
@@ -155,7 +159,9 @@ 
                     // component printers must create an element with this id
                     $attr
                 );
-            if ($this->docURL) $ret .= $this->end('a');
+            if ($this->docURL) {
+            	$ret .= $this->end('a');
+            }
             $ret .= $this->end('th');
 
             $ret .= $this->start('td');
@@ -167,7 +173,10 @@ 
                     $type = $def->type;
                     $allow_null = isset($def->allow_null);
                 }
-                if (!isset($this->fields[$type])) $type = 0; // default
+                if (!isset($this->fields[$type])) {
+                	$type = 0;
+                }
+                // default
                 $type_obj = $this->fields[$type];
                 if ($allow_null) {
                     $type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj);
@@ -223,7 +232,9 @@ 
             // modify inline javascript slightly
             $attr['onclick'] = "toggleWriteability('$name:Yes_$ns.$directive',checked);toggleWriteability('$name:No_$ns.$directive',checked)";
         }
-        if ($value === null) $attr['checked'] = 'checked';
+        if ($value === null) {
+        	$attr['checked'] = 'checked';
+        }
         $ret .= $this->elementEmpty('input', $attr);
         $ret .= $this->text(' or ');
         $ret .= $this->elementEmpty('br');
@@ -284,12 +295,16 @@ 
             'name' => "$name"."[$ns.$directive]",
             'id' => "$name:$ns.$directive"
         );
-        if ($value === null) $attr['disabled'] = 'disabled';
+        if ($value === null) {
+        	$attr['disabled'] = 'disabled';
+        }
         if (isset($def->allowed)) {
             $ret .= $this->start('select', $attr);
             foreach ($def->allowed as $val => $b) {
                 $attr = array();
-                if ($value == $val) $attr['selected'] = 'selected';
+                if ($value == $val) {
+                	$attr['selected'] = 'selected';
+                }
                 $ret .= $this->element('option', $val, $attr);
             }
             $ret .= $this->end('select');
@@ -340,8 +355,12 @@ 
             'id' => "$name:Yes_$ns.$directive",
             'value' => '1'
         );
-        if ($value === true) $attr['checked'] = 'checked';
-        if ($value === null) $attr['disabled'] = 'disabled';
+        if ($value === true) {
+        	$attr['checked'] = 'checked';
+        }
+        if ($value === null) {
+        	$attr['disabled'] = 'disabled';
+        }
         $ret .= $this->elementEmpty('input', $attr);
 
         $ret .= $this->start('label', array('for' => "$name:No_$ns.$directive"));
@@ -355,8 +374,12 @@ 
             'id' => "$name:No_$ns.$directive",
             'value' => '0'
         );
-        if ($value === false) $attr['checked'] = 'checked';
-        if ($value === null) $attr['disabled'] = 'disabled';
+        if ($value === false) {
+        	$attr['checked'] = 'checked';
+        }
+        if ($value === null) {
+        	$attr['disabled'] = 'disabled';
+        }
         $ret .= $this->elementEmpty('input', $attr);
 
         $ret .= $this->end('div');