xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/PropertyList.php

Indentation +66 added lines, -66 removed lines

@@ -5,82 +5,82 @@
  */
 class HTMLPurifier_PropertyList
 {
-    /**
-     * Internal data-structure for properties
-     */
-    protected $data = array();
+	/**
+	 * Internal data-structure for properties
+	 */
+	protected $data = array();
 
-    /**
-     * Parent plist
-     */
-    protected $parent;
+	/**
+	 * Parent plist
+	 */
+	protected $parent;
 
-    protected $cache;
+	protected $cache;
 
-    public function __construct($parent = null) {
-        $this->parent = $parent;
-    }
+	public function __construct($parent = null) {
+		$this->parent = $parent;
+	}
 
-    /**
-     * Recursively retrieves the value for a key
-     */
-    public function get($name) {
-        if ($this->has($name)) return $this->data[$name];
-        // possible performance bottleneck, convert to iterative if necessary
-        if ($this->parent) return $this->parent->get($name);
-        throw new HTMLPurifier_Exception("Key '$name' not found");
-    }
+	/**
+	 * Recursively retrieves the value for a key
+	 */
+	public function get($name) {
+		if ($this->has($name)) return $this->data[$name];
+		// possible performance bottleneck, convert to iterative if necessary
+		if ($this->parent) return $this->parent->get($name);
+		throw new HTMLPurifier_Exception("Key '$name' not found");
+	}
 
-    /**
-     * Sets the value of a key, for this plist
-     */
-    public function set($name, $value) {
-        $this->data[$name] = $value;
-    }
+	/**
+	 * Sets the value of a key, for this plist
+	 */
+	public function set($name, $value) {
+		$this->data[$name] = $value;
+	}
 
-    /**
-     * Returns true if a given key exists
-     */
-    public function has($name) {
-        return array_key_exists($name, $this->data);
-    }
+	/**
+	 * Returns true if a given key exists
+	 */
+	public function has($name) {
+		return array_key_exists($name, $this->data);
+	}
 
-    /**
-     * Resets a value to the value of it's parent, usually the default. If
-     * no value is specified, the entire plist is reset.
-     */
-    public function reset($name = null) {
-        if ($name == null) $this->data = array();
-        else unset($this->data[$name]);
-    }
+	/**
+	 * Resets a value to the value of it's parent, usually the default. If
+	 * no value is specified, the entire plist is reset.
+	 */
+	public function reset($name = null) {
+		if ($name == null) $this->data = array();
+		else unset($this->data[$name]);
+	}
 
-    /**
-     * Squashes this property list and all of its property lists into a single
-     * array, and returns the array. This value is cached by default.
-     * @param $force If true, ignores the cache and regenerates the array.
-     */
-    public function squash($force = false) {
-        if ($this->cache !== null && !$force) return $this->cache;
-        if ($this->parent) {
-            return $this->cache = array_merge($this->parent->squash($force), $this->data);
-        } else {
-            return $this->cache = $this->data;
-        }
-    }
+	/**
+	 * Squashes this property list and all of its property lists into a single
+	 * array, and returns the array. This value is cached by default.
+	 * @param $force If true, ignores the cache and regenerates the array.
+	 */
+	public function squash($force = false) {
+		if ($this->cache !== null && !$force) return $this->cache;
+		if ($this->parent) {
+			return $this->cache = array_merge($this->parent->squash($force), $this->data);
+		} else {
+			return $this->cache = $this->data;
+		}
+	}
 
-    /**
-     * Returns the parent plist.
-     */
-    public function getParent() {
-        return $this->parent;
-    }
+	/**
+	 * Returns the parent plist.
+	 */
+	public function getParent() {
+		return $this->parent;
+	}
 
-    /**
-     * Sets the parent plist.
-     */
-    public function setParent($plist) {
-        $this->parent = $plist;
-    }
+	/**
+	 * Sets the parent plist.
+	 */
+	public function setParent($plist) {
+		$this->parent = $plist;
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +14 added lines, -5 removed lines

@@ -25,9 +25,13 @@ 
      * Recursively retrieves the value for a key
      */
     public function get($name) {
-        if ($this->has($name)) return $this->data[$name];
+        if ($this->has($name)) {
+        	return $this->data[$name];
+        }
         // possible performance bottleneck, convert to iterative if necessary
-        if ($this->parent) return $this->parent->get($name);
+        if ($this->parent) {
+        	return $this->parent->get($name);
+        }
         throw new HTMLPurifier_Exception("Key '$name' not found");
     }
 
@@ -50,8 +54,11 @@ 
      * no value is specified, the entire plist is reset.
      */
     public function reset($name = null) {
-        if ($name == null) $this->data = array();
-        else unset($this->data[$name]);
+        if ($name == null) {
+        	$this->data = array();
+        } else {
+        	unset($this->data[$name]);
+        }
     }
 
     /**
@@ -60,7 +67,9 @@ 
      * @param $force If true, ignores the cache and regenerates the array.
      */
     public function squash($force = false) {
-        if ($this->cache !== null && !$force) return $this->cache;
+        if ($this->cache !== null && !$force) {
+        	return $this->cache;
+        }
         if ($this->parent) {
             return $this->cache = array_merge($this->parent->squash($force), $this->data);
         } else {

classes/security/htmlpurifier/library/HTMLPurifier/PropertyListIterator.php

Indentation +18 added lines, -18 removed lines

@@ -6,26 +6,26 @@
 class HTMLPurifier_PropertyListIterator extends FilterIterator
 {
 
-    protected $l;
-    protected $filter;
+	protected $l;
+	protected $filter;
 
-    /**
-     * @param $data Array of data to iterate over
-     * @param $filter Optional prefix to only allow values of
-     */
-    public function __construct(Iterator $iterator, $filter = null) {
-        parent::__construct($iterator);
-        $this->l = strlen($filter);
-        $this->filter = $filter;
-    }
+	/**
+	 * @param $data Array of data to iterate over
+	 * @param $filter Optional prefix to only allow values of
+	 */
+	public function __construct(Iterator $iterator, $filter = null) {
+		parent::__construct($iterator);
+		$this->l = strlen($filter);
+		$this->filter = $filter;
+	}
 
-    public function accept() {
-        $key = $this->getInnerIterator()->key();
-        if( strncmp($key, $this->filter, $this->l) !== 0 ) {
-            return false;
-        }
-        return true;
-    }
+	public function accept() {
+		$key = $this->getInnerIterator()->key();
+		if( strncmp($key, $this->filter, $this->l) !== 0 ) {
+			return false;
+		}
+		return true;
+	}
 
 }
 

Spacing +1 added lines, -1 removed lines

@@ -21,7 +21,7 @@
 
     public function accept() {
         $key = $this->getInnerIterator()->key();
-        if( strncmp($key, $this->filter, $this->l) !== 0 ) {
+        if (strncmp($key, $this->filter, $this->l) !== 0) {
             return false;
         }
         return true;

classes/security/htmlpurifier/library/HTMLPurifier/Strategy.php

Indentation +8 added lines, -8 removed lines

@@ -12,14 +12,14 @@
 abstract class HTMLPurifier_Strategy
 {
 
-    /**
-     * Executes the strategy on the tokens.
-     *
-     * @param $tokens Array of HTMLPurifier_Token objects to be operated on.
-     * @param $config Configuration options
-     * @returns Processed array of token objects.
-     */
-    abstract public function execute($tokens, $config, $context);
+	/**
+	 * Executes the strategy on the tokens.
+	 *
+	 * @param $tokens Array of HTMLPurifier_Token objects to be operated on.
+	 * @param $config Configuration options
+	 * @returns Processed array of token objects.
+	 */
+	abstract public function execute($tokens, $config, $context);
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/Composite.php

Indentation +10 added lines, -10 removed lines

@@ -6,17 +6,17 @@
 abstract class HTMLPurifier_Strategy_Composite extends HTMLPurifier_Strategy
 {
 
-    /**
-     * List of strategies to run tokens through.
-     */
-    protected $strategies = array();
+	/**
+	 * List of strategies to run tokens through.
+	 */
+	protected $strategies = array();
 
-    public function execute($tokens, $config, $context) {
-        foreach ($this->strategies as $strategy) {
-            $tokens = $strategy->execute($tokens, $config, $context);
-        }
-        return $tokens;
-    }
+	public function execute($tokens, $config, $context) {
+		foreach ($this->strategies as $strategy) {
+			$tokens = $strategy->execute($tokens, $config, $context);
+		}
+		return $tokens;
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/Core.php

Indentation +6 added lines, -6 removed lines

@@ -6,12 +6,12 @@
 class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
 {
 
-    public function __construct() {
-        $this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
-        $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
-        $this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
-        $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
-    }
+	public function __construct() {
+		$this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
+		$this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
+		$this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
+		$this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/FixNesting.php

Indentation +291 added lines, -291 removed lines

@@ -31,297 +31,297 @@
 class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
 {
 
-    public function execute($tokens, $config, $context) {
-        //####################################################################//
-        // Pre-processing
-
-        // get a copy of the HTML definition
-        $definition = $config->getHTMLDefinition();
-
-        // insert implicit "parent" node, will be removed at end.
-        // DEFINITION CALL
-        $parent_name = $definition->info_parent;
-        array_unshift($tokens, new HTMLPurifier_Token_Start($parent_name));
-        $tokens[] = new HTMLPurifier_Token_End($parent_name);
-
-        // setup the context variable 'IsInline', for chameleon processing
-        // is 'false' when we are not inline, 'true' when it must always
-        // be inline, and an integer when it is inline for a certain
-        // branch of the document tree
-        $is_inline = $definition->info_parent_def->descendants_are_inline;
-        $context->register('IsInline', $is_inline);
-
-        // setup error collector
-        $e =& $context->get('ErrorCollector', true);
-
-        //####################################################################//
-        // Loop initialization
-
-        // stack that contains the indexes of all parents,
-        // $stack[count($stack)-1] being the current parent
-        $stack = array();
-
-        // stack that contains all elements that are excluded
-        // it is organized by parent elements, similar to $stack,
-        // but it is only populated when an element with exclusions is
-        // processed, i.e. there won't be empty exclusions.
-        $exclude_stack = array();
-
-        // variable that contains the start token while we are processing
-        // nodes. This enables error reporting to do its job
-        $start_token = false;
-        $context->register('CurrentToken', $start_token);
-
-        //####################################################################//
-        // Loop
-
-        // iterate through all start nodes. Determining the start node
-        // is complicated so it has been omitted from the loop construct
-        for ($i = 0, $size = count($tokens) ; $i < $size; ) {
-
-            //################################################################//
-            // Gather information on children
-
-            // child token accumulator
-            $child_tokens = array();
-
-            // scroll to the end of this node, report number, and collect
-            // all children
-            for ($j = $i, $depth = 0; ; $j++) {
-                if ($tokens[$j] instanceof HTMLPurifier_Token_Start) {
-                    $depth++;
-                    // skip token assignment on first iteration, this is the
-                    // token we currently are on
-                    if ($depth == 1) continue;
-                } elseif ($tokens[$j] instanceof HTMLPurifier_Token_End) {
-                    $depth--;
-                    // skip token assignment on last iteration, this is the
-                    // end token of the token we're currently on
-                    if ($depth == 0) break;
-                }
-                $child_tokens[] = $tokens[$j];
-            }
-
-            // $i is index of start token
-            // $j is index of end token
-
-            $start_token = $tokens[$i]; // to make token available via CurrentToken
-
-            //################################################################//
-            // Gather information on parent
-
-            // calculate parent information
-            if ($count = count($stack)) {
-                $parent_index = $stack[$count-1];
-                $parent_name  = $tokens[$parent_index]->name;
-                if ($parent_index == 0) {
-                    $parent_def   = $definition->info_parent_def;
-                } else {
-                    $parent_def   = $definition->info[$parent_name];
-                }
-            } else {
-                // processing as if the parent were the "root" node
-                // unknown info, it won't be used anyway, in the future,
-                // we may want to enforce one element only (this is
-                // necessary for HTML Purifier to clean entire documents
-                $parent_index = $parent_name = $parent_def = null;
-            }
-
-            // calculate context
-            if ($is_inline === false) {
-                // check if conditions make it inline
-                if (!empty($parent_def) && $parent_def->descendants_are_inline) {
-                    $is_inline = $count - 1;
-                }
-            } else {
-                // check if we're out of inline
-                if ($count === $is_inline) {
-                    $is_inline = false;
-                }
-            }
-
-            //################################################################//
-            // Determine whether element is explicitly excluded SGML-style
-
-            // determine whether or not element is excluded by checking all
-            // parent exclusions. The array should not be very large, two
-            // elements at most.
-            $excluded = false;
-            if (!empty($exclude_stack)) {
-                foreach ($exclude_stack as $lookup) {
-                    if (isset($lookup[$tokens[$i]->name])) {
-                        $excluded = true;
-                        // no need to continue processing
-                        break;
-                    }
-                }
-            }
-
-            //################################################################//
-            // Perform child validation
-
-            if ($excluded) {
-                // there is an exclusion, remove the entire node
-                $result = false;
-                $excludes = array(); // not used, but good to initialize anyway
-            } else {
-                // DEFINITION CALL
-                if ($i === 0) {
-                    // special processing for the first node
-                    $def = $definition->info_parent_def;
-                } else {
-                    $def = $definition->info[$tokens[$i]->name];
-
-                }
-
-                if (!empty($def->child)) {
-                    // have DTD child def validate children
-                    $result = $def->child->validateChildren(
-                        $child_tokens, $config, $context);
-                } else {
-                    // weird, no child definition, get rid of everything
-                    $result = false;
-                }
-
-                // determine whether or not this element has any exclusions
-                $excludes = $def->excludes;
-            }
-
-            // $result is now a bool or array
-
-            //################################################################//
-            // Process result by interpreting $result
-
-            if ($result === true || $child_tokens === $result) {
-                // leave the node as is
-
-                // register start token as a parental node start
-                $stack[] = $i;
-
-                // register exclusions if there are any
-                if (!empty($excludes)) $exclude_stack[] = $excludes;
-
-                // move cursor to next possible start node
-                $i++;
-
-            } elseif($result === false) {
-                // remove entire node
-
-                if ($e) {
-                    if ($excluded) {
-                        $e->send(E_ERROR, 'Strategy_FixNesting: Node excluded');
-                    } else {
-                        $e->send(E_ERROR, 'Strategy_FixNesting: Node removed');
-                    }
-                }
-
-                // calculate length of inner tokens and current tokens
-                $length = $j - $i + 1;
-
-                // perform removal
-                array_splice($tokens, $i, $length);
-
-                // update size
-                $size -= $length;
-
-                // there is no start token to register,
-                // current node is now the next possible start node
-                // unless it turns out that we need to do a double-check
-
-                // this is a rought heuristic that covers 100% of HTML's
-                // cases and 99% of all other cases. A child definition
-                // that would be tricked by this would be something like:
-                // ( | a b c) where it's all or nothing. Fortunately,
-                // our current implementation claims that that case would
-                // not allow empty, even if it did
-                if (!$parent_def->child->allow_empty) {
-                    // we need to do a double-check
-                    $i = $parent_index;
-                    array_pop($stack);
-                }
-
-                // PROJECTED OPTIMIZATION: Process all children elements before
-                // reprocessing parent node.
-
-            } else {
-                // replace node with $result
-
-                // calculate length of inner tokens
-                $length = $j - $i - 1;
-
-                if ($e) {
-                    if (empty($result) && $length) {
-                        $e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed');
-                    } else {
-                        $e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized');
-                    }
-                }
-
-                // perform replacement
-                array_splice($tokens, $i + 1, $length, $result);
-
-                // update size
-                $size -= $length;
-                $size += count($result);
-
-                // register start token as a parental node start
-                $stack[] = $i;
-
-                // register exclusions if there are any
-                if (!empty($excludes)) $exclude_stack[] = $excludes;
-
-                // move cursor to next possible start node
-                $i++;
-
-            }
-
-            //################################################################//
-            // Scroll to next start node
-
-            // We assume, at this point, that $i is the index of the token
-            // that is the first possible new start point for a node.
-
-            // Test if the token indeed is a start tag, if not, move forward
-            // and test again.
-            $size = count($tokens);
-            while ($i < $size and !$tokens[$i] instanceof HTMLPurifier_Token_Start) {
-                if ($tokens[$i] instanceof HTMLPurifier_Token_End) {
-                    // pop a token index off the stack if we ended a node
-                    array_pop($stack);
-                    // pop an exclusion lookup off exclusion stack if
-                    // we ended node and that node had exclusions
-                    if ($i == 0 || $i == $size - 1) {
-                        // use specialized var if it's the super-parent
-                        $s_excludes = $definition->info_parent_def->excludes;
-                    } else {
-                        $s_excludes = $definition->info[$tokens[$i]->name]->excludes;
-                    }
-                    if ($s_excludes) {
-                        array_pop($exclude_stack);
-                    }
-                }
-                $i++;
-            }
-
-        }
-
-        //####################################################################//
-        // Post-processing
-
-        // remove implicit parent tokens at the beginning and end
-        array_shift($tokens);
-        array_pop($tokens);
-
-        // remove context variables
-        $context->destroy('IsInline');
-        $context->destroy('CurrentToken');
-
-        //####################################################################//
-        // Return
-
-        return $tokens;
-
-    }
+	public function execute($tokens, $config, $context) {
+		//####################################################################//
+		// Pre-processing
+
+		// get a copy of the HTML definition
+		$definition = $config->getHTMLDefinition();
+
+		// insert implicit "parent" node, will be removed at end.
+		// DEFINITION CALL
+		$parent_name = $definition->info_parent;
+		array_unshift($tokens, new HTMLPurifier_Token_Start($parent_name));
+		$tokens[] = new HTMLPurifier_Token_End($parent_name);
+
+		// setup the context variable 'IsInline', for chameleon processing
+		// is 'false' when we are not inline, 'true' when it must always
+		// be inline, and an integer when it is inline for a certain
+		// branch of the document tree
+		$is_inline = $definition->info_parent_def->descendants_are_inline;
+		$context->register('IsInline', $is_inline);
+
+		// setup error collector
+		$e =& $context->get('ErrorCollector', true);
+
+		//####################################################################//
+		// Loop initialization
+
+		// stack that contains the indexes of all parents,
+		// $stack[count($stack)-1] being the current parent
+		$stack = array();
+
+		// stack that contains all elements that are excluded
+		// it is organized by parent elements, similar to $stack,
+		// but it is only populated when an element with exclusions is
+		// processed, i.e. there won't be empty exclusions.
+		$exclude_stack = array();
+
+		// variable that contains the start token while we are processing
+		// nodes. This enables error reporting to do its job
+		$start_token = false;
+		$context->register('CurrentToken', $start_token);
+
+		//####################################################################//
+		// Loop
+
+		// iterate through all start nodes. Determining the start node
+		// is complicated so it has been omitted from the loop construct
+		for ($i = 0, $size = count($tokens) ; $i < $size; ) {
+
+			//################################################################//
+			// Gather information on children
+
+			// child token accumulator
+			$child_tokens = array();
+
+			// scroll to the end of this node, report number, and collect
+			// all children
+			for ($j = $i, $depth = 0; ; $j++) {
+				if ($tokens[$j] instanceof HTMLPurifier_Token_Start) {
+					$depth++;
+					// skip token assignment on first iteration, this is the
+					// token we currently are on
+					if ($depth == 1) continue;
+				} elseif ($tokens[$j] instanceof HTMLPurifier_Token_End) {
+					$depth--;
+					// skip token assignment on last iteration, this is the
+					// end token of the token we're currently on
+					if ($depth == 0) break;
+				}
+				$child_tokens[] = $tokens[$j];
+			}
+
+			// $i is index of start token
+			// $j is index of end token
+
+			$start_token = $tokens[$i]; // to make token available via CurrentToken
+
+			//################################################################//
+			// Gather information on parent
+
+			// calculate parent information
+			if ($count = count($stack)) {
+				$parent_index = $stack[$count-1];
+				$parent_name  = $tokens[$parent_index]->name;
+				if ($parent_index == 0) {
+					$parent_def   = $definition->info_parent_def;
+				} else {
+					$parent_def   = $definition->info[$parent_name];
+				}
+			} else {
+				// processing as if the parent were the "root" node
+				// unknown info, it won't be used anyway, in the future,
+				// we may want to enforce one element only (this is
+				// necessary for HTML Purifier to clean entire documents
+				$parent_index = $parent_name = $parent_def = null;
+			}
+
+			// calculate context
+			if ($is_inline === false) {
+				// check if conditions make it inline
+				if (!empty($parent_def) && $parent_def->descendants_are_inline) {
+					$is_inline = $count - 1;
+				}
+			} else {
+				// check if we're out of inline
+				if ($count === $is_inline) {
+					$is_inline = false;
+				}
+			}
+
+			//################################################################//
+			// Determine whether element is explicitly excluded SGML-style
+
+			// determine whether or not element is excluded by checking all
+			// parent exclusions. The array should not be very large, two
+			// elements at most.
+			$excluded = false;
+			if (!empty($exclude_stack)) {
+				foreach ($exclude_stack as $lookup) {
+					if (isset($lookup[$tokens[$i]->name])) {
+						$excluded = true;
+						// no need to continue processing
+						break;
+					}
+				}
+			}
+
+			//################################################################//
+			// Perform child validation
+
+			if ($excluded) {
+				// there is an exclusion, remove the entire node
+				$result = false;
+				$excludes = array(); // not used, but good to initialize anyway
+			} else {
+				// DEFINITION CALL
+				if ($i === 0) {
+					// special processing for the first node
+					$def = $definition->info_parent_def;
+				} else {
+					$def = $definition->info[$tokens[$i]->name];
+
+				}
+
+				if (!empty($def->child)) {
+					// have DTD child def validate children
+					$result = $def->child->validateChildren(
+						$child_tokens, $config, $context);
+				} else {
+					// weird, no child definition, get rid of everything
+					$result = false;
+				}
+
+				// determine whether or not this element has any exclusions
+				$excludes = $def->excludes;
+			}
+
+			// $result is now a bool or array
+
+			//################################################################//
+			// Process result by interpreting $result
+
+			if ($result === true || $child_tokens === $result) {
+				// leave the node as is
+
+				// register start token as a parental node start
+				$stack[] = $i;
+
+				// register exclusions if there are any
+				if (!empty($excludes)) $exclude_stack[] = $excludes;
+
+				// move cursor to next possible start node
+				$i++;
+
+			} elseif($result === false) {
+				// remove entire node
+
+				if ($e) {
+					if ($excluded) {
+						$e->send(E_ERROR, 'Strategy_FixNesting: Node excluded');
+					} else {
+						$e->send(E_ERROR, 'Strategy_FixNesting: Node removed');
+					}
+				}
+
+				// calculate length of inner tokens and current tokens
+				$length = $j - $i + 1;
+
+				// perform removal
+				array_splice($tokens, $i, $length);
+
+				// update size
+				$size -= $length;
+
+				// there is no start token to register,
+				// current node is now the next possible start node
+				// unless it turns out that we need to do a double-check
+
+				// this is a rought heuristic that covers 100% of HTML's
+				// cases and 99% of all other cases. A child definition
+				// that would be tricked by this would be something like:
+				// ( | a b c) where it's all or nothing. Fortunately,
+				// our current implementation claims that that case would
+				// not allow empty, even if it did
+				if (!$parent_def->child->allow_empty) {
+					// we need to do a double-check
+					$i = $parent_index;
+					array_pop($stack);
+				}
+
+				// PROJECTED OPTIMIZATION: Process all children elements before
+				// reprocessing parent node.
+
+			} else {
+				// replace node with $result
+
+				// calculate length of inner tokens
+				$length = $j - $i - 1;
+
+				if ($e) {
+					if (empty($result) && $length) {
+						$e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed');
+					} else {
+						$e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized');
+					}
+				}
+
+				// perform replacement
+				array_splice($tokens, $i + 1, $length, $result);
+
+				// update size
+				$size -= $length;
+				$size += count($result);
+
+				// register start token as a parental node start
+				$stack[] = $i;
+
+				// register exclusions if there are any
+				if (!empty($excludes)) $exclude_stack[] = $excludes;
+
+				// move cursor to next possible start node
+				$i++;
+
+			}
+
+			//################################################################//
+			// Scroll to next start node
+
+			// We assume, at this point, that $i is the index of the token
+			// that is the first possible new start point for a node.
+
+			// Test if the token indeed is a start tag, if not, move forward
+			// and test again.
+			$size = count($tokens);
+			while ($i < $size and !$tokens[$i] instanceof HTMLPurifier_Token_Start) {
+				if ($tokens[$i] instanceof HTMLPurifier_Token_End) {
+					// pop a token index off the stack if we ended a node
+					array_pop($stack);
+					// pop an exclusion lookup off exclusion stack if
+					// we ended node and that node had exclusions
+					if ($i == 0 || $i == $size - 1) {
+						// use specialized var if it's the super-parent
+						$s_excludes = $definition->info_parent_def->excludes;
+					} else {
+						$s_excludes = $definition->info[$tokens[$i]->name]->excludes;
+					}
+					if ($s_excludes) {
+						array_pop($exclude_stack);
+					}
+				}
+				$i++;
+			}
+
+		}
+
+		//####################################################################//
+		// Post-processing
+
+		// remove implicit parent tokens at the beginning and end
+		array_shift($tokens);
+		array_pop($tokens);
+
+		// remove context variables
+		$context->destroy('IsInline');
+		$context->destroy('CurrentToken');
+
+		//####################################################################//
+		// Return
+
+		return $tokens;
+
+	}
 
 }
 

Spacing +4 added lines, -4 removed lines

@@ -52,7 +52,7 @@ 
         $context->register('IsInline', $is_inline);
 
         // setup error collector
-        $e =& $context->get('ErrorCollector', true);
+        $e = & $context->get('ErrorCollector', true);
 
         //####################################################################//
         // Loop initialization
@@ -77,7 +77,7 @@ 
 
         // iterate through all start nodes. Determining the start node
         // is complicated so it has been omitted from the loop construct
-        for ($i = 0, $size = count($tokens) ; $i < $size; ) {
+        for ($i = 0, $size = count($tokens); $i < $size;) {
 
             //################################################################//
             // Gather information on children
@@ -112,7 +112,7 @@ 
 
             // calculate parent information
             if ($count = count($stack)) {
-                $parent_index = $stack[$count-1];
+                $parent_index = $stack[$count - 1];
                 $parent_name  = $tokens[$parent_index]->name;
                 if ($parent_index == 0) {
                     $parent_def   = $definition->info_parent_def;
@@ -204,7 +204,7 @@ 
                 // move cursor to next possible start node
                 $i++;
 
-            } elseif($result === false) {
+            } elseif ($result === false) {
                 // remove entire node
 
                 if ($e) {

Braces +12 added lines, -4 removed lines

@@ -92,12 +92,16 @@ 
                     $depth++;
                     // skip token assignment on first iteration, this is the
                     // token we currently are on
-                    if ($depth == 1) continue;
+                    if ($depth == 1) {
+                    	continue;
+                    }
                 } elseif ($tokens[$j] instanceof HTMLPurifier_Token_End) {
                     $depth--;
                     // skip token assignment on last iteration, this is the
                     // end token of the token we're currently on
-                    if ($depth == 0) break;
+                    if ($depth == 0) {
+                    	break;
+                    }
                 }
                 $child_tokens[] = $tokens[$j];
             }
@@ -199,7 +203,9 @@ 
                 $stack[] = $i;
 
                 // register exclusions if there are any
-                if (!empty($excludes)) $exclude_stack[] = $excludes;
+                if (!empty($excludes)) {
+                	$exclude_stack[] = $excludes;
+                }
 
                 // move cursor to next possible start node
                 $i++;
@@ -268,7 +274,9 @@ 
                 $stack[] = $i;
 
                 // register exclusions if there are any
-                if (!empty($excludes)) $exclude_stack[] = $excludes;
+                if (!empty($excludes)) {
+                	$exclude_stack[] = $excludes;
+                }
 
                 // move cursor to next possible start node
                 $i++;

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/MakeWellFormed.php

Indentation +512 added lines, -512 removed lines

@@ -14,518 +14,518 @@
 class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
 {
 
-    /**
-     * Array stream of tokens being processed.
-     */
-    protected $tokens;
-
-    /**
-     * Current index in $tokens.
-     */
-    protected $t;
-
-    /**
-     * Current nesting of elements.
-     */
-    protected $stack;
-
-    /**
-     * Injectors active in this stream processing.
-     */
-    protected $injectors;
-
-    /**
-     * Current instance of HTMLPurifier_Config.
-     */
-    protected $config;
-
-    /**
-     * Current instance of HTMLPurifier_Context.
-     */
-    protected $context;
-
-    public function execute($tokens, $config, $context) {
-
-        $definition = $config->getHTMLDefinition();
-
-        // local variables
-        $generator = new HTMLPurifier_Generator($config, $context);
-        $escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
-        // used for autoclose early abortion
-        $global_parent_allowed_elements = array();
-        if (isset($definition->info[$definition->info_parent])) {
-            // may be unset under testing circumstances
-            $global_parent_allowed_elements = $definition->info[$definition->info_parent]->child->getAllowedElements($config);
-        }
-        $e = $context->get('ErrorCollector', true);
-        $t = false; // token index
-        $i = false; // injector index
-        $token      = false; // the current token
-        $reprocess  = false; // whether or not to reprocess the same token
-        $stack = array();
-
-        // member variables
-        $this->stack   =& $stack;
-        $this->t       =& $t;
-        $this->tokens  =& $tokens;
-        $this->config  = $config;
-        $this->context = $context;
-
-        // context variables
-        $context->register('CurrentNesting', $stack);
-        $context->register('InputIndex',     $t);
-        $context->register('InputTokens',    $tokens);
-        $context->register('CurrentToken',   $token);
-
-        // -- begin INJECTOR --
-
-        $this->injectors = array();
-
-        $injectors = $config->getBatch('AutoFormat');
-        $def_injectors = $definition->info_injector;
-        $custom_injectors = $injectors['Custom'];
-        unset($injectors['Custom']); // special case
-        foreach ($injectors as $injector => $b) {
-            // XXX: Fix with a legitimate lookup table of enabled filters
-            if (strpos($injector, '.') !== false) continue;
-            $injector = "HTMLPurifier_Injector_$injector";
-            if (!$b) continue;
-            $this->injectors[] = new $injector;
-        }
-        foreach ($def_injectors as $injector) {
-            // assumed to be objects
-            $this->injectors[] = $injector;
-        }
-        foreach ($custom_injectors as $injector) {
-            if (!$injector) continue;
-            if (is_string($injector)) {
-                $injector = "HTMLPurifier_Injector_$injector";
-                $injector = new $injector;
-            }
-            $this->injectors[] = $injector;
-        }
-
-        // give the injectors references to the definition and context
-        // variables for performance reasons
-        foreach ($this->injectors as $ix => $injector) {
-            $error = $injector->prepare($config, $context);
-            if (!$error) continue;
-            array_splice($this->injectors, $ix, 1); // rm the injector
-            trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING);
-        }
-
-        // -- end INJECTOR --
-
-        // a note on reprocessing:
-        //      In order to reduce code duplication, whenever some code needs
-        //      to make HTML changes in order to make things "correct", the
-        //      new HTML gets sent through the purifier, regardless of its
-        //      status. This means that if we add a start token, because it
-        //      was totally necessary, we don't have to update nesting; we just
-        //      punt ($reprocess = true; continue;) and it does that for us.
-
-        // isset is in loop because $tokens size changes during loop exec
-        for (
-            $t = 0;
-            $t == 0 || isset($tokens[$t - 1]);
-            // only increment if we don't need to reprocess
-            $reprocess ? $reprocess = false : $t++
-        ) {
-
-            // check for a rewind
-            if (is_int($i) && $i >= 0) {
-                // possibility: disable rewinding if the current token has a
-                // rewind set on it already. This would offer protection from
-                // infinite loop, but might hinder some advanced rewinding.
-                $rewind_to = $this->injectors[$i]->getRewind();
-                if (is_int($rewind_to) && $rewind_to < $t) {
-                    if ($rewind_to < 0) $rewind_to = 0;
-                    while ($t > $rewind_to) {
-                        $t--;
-                        $prev = $tokens[$t];
-                        // indicate that other injectors should not process this token,
-                        // but we need to reprocess it
-                        unset($prev->skip[$i]);
-                        $prev->rewind = $i;
-                        if ($prev instanceof HTMLPurifier_Token_Start) array_pop($this->stack);
-                        elseif ($prev instanceof HTMLPurifier_Token_End) $this->stack[] = $prev->start;
-                    }
-                }
-                $i = false;
-            }
-
-            // handle case of document end
-            if (!isset($tokens[$t])) {
-                // kill processing if stack is empty
-                if (empty($this->stack)) break;
-
-                // peek
-                $top_nesting = array_pop($this->stack);
-                $this->stack[] = $top_nesting;
-
-                // send error [TagClosedSuppress]
-                if ($e && !isset($top_nesting->armor['MakeWellFormed_TagClosedError'])) {
-                    $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by document end', $top_nesting);
-                }
-
-                // append, don't splice, since this is the end
-                $tokens[] = new HTMLPurifier_Token_End($top_nesting->name);
-
-                // punt!
-                $reprocess = true;
-                continue;
-            }
-
-            $token = $tokens[$t];
-
-            //echo '<br>'; printTokens($tokens, $t); printTokens($this->stack);
-            //flush();
-
-            // quick-check: if it's not a tag, no need to process
-            if (empty($token->is_tag)) {
-                if ($token instanceof HTMLPurifier_Token_Text) {
-                    foreach ($this->injectors as $i => $injector) {
-                        if (isset($token->skip[$i])) continue;
-                        if ($token->rewind !== null && $token->rewind !== $i) continue;
-                        $injector->handleText($token);
-                        $this->processToken($token, $i);
-                        $reprocess = true;
-                        break;
-                    }
-                }
-                // another possibility is a comment
-                continue;
-            }
-
-            if (isset($definition->info[$token->name])) {
-                $type = $definition->info[$token->name]->child->type;
-            } else {
-                $type = false; // Type is unknown, treat accordingly
-            }
-
-            // quick tag checks: anything that's *not* an end tag
-            $ok = false;
-            if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) {
-                // claims to be a start tag but is empty
-                $token = new HTMLPurifier_Token_Empty($token->name, $token->attr, $token->line, $token->col, $token->armor);
-                $ok = true;
-            } elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) {
-                // claims to be empty but really is a start tag
-                $this->swap(new HTMLPurifier_Token_End($token->name));
-                $this->insertBefore(new HTMLPurifier_Token_Start($token->name, $token->attr, $token->line, $token->col, $token->armor));
-                // punt (since we had to modify the input stream in a non-trivial way)
-                $reprocess = true;
-                continue;
-            } elseif ($token instanceof HTMLPurifier_Token_Empty) {
-                // real empty token
-                $ok = true;
-            } elseif ($token instanceof HTMLPurifier_Token_Start) {
-                // start tag
-
-                // ...unless they also have to close their parent
-                if (!empty($this->stack)) {
-
-                    // Performance note: you might think that it's rather
-                    // inefficient, recalculating the autoclose information
-                    // for every tag that a token closes (since when we
-                    // do an autoclose, we push a new token into the
-                    // stream and then /process/ that, before
-                    // re-processing this token.)  But this is
-                    // necessary, because an injector can make an
-                    // arbitrary transformations to the autoclosing
-                    // tokens we introduce, so things may have changed
-                    // in the meantime.  Also, doing the inefficient thing is
-                    // "easy" to reason about (for certain perverse definitions
-                    // of "easy")
-
-                    $parent = array_pop($this->stack);
-                    $this->stack[] = $parent;
-
-                    if (isset($definition->info[$parent->name])) {
-                        $elements = $definition->info[$parent->name]->child->getAllowedElements($config);
-                        $autoclose = !isset($elements[$token->name]);
-                    } else {
-                        $autoclose = false;
-                    }
-
-                    if ($autoclose && $definition->info[$token->name]->wrap) {
-                        // Check if an element can be wrapped by another 
-                        // element to make it valid in a context (for 
-                        // example, <ul><ul> needs a <li> in between)
-                        $wrapname = $definition->info[$token->name]->wrap;
-                        $wrapdef = $definition->info[$wrapname];
-                        $elements = $wrapdef->child->getAllowedElements($config);
-                        $parent_elements = $definition->info[$parent->name]->child->getAllowedElements($config);
-                        if (isset($elements[$token->name]) && isset($parent_elements[$wrapname])) {
-                            $newtoken = new HTMLPurifier_Token_Start($wrapname);
-                            $this->insertBefore($newtoken);
-                            $reprocess = true;
-                            continue;
-                        }
-                    }
-
-                    $carryover = false;
-                    if ($autoclose && $definition->info[$parent->name]->formatting) {
-                        $carryover = true;
-                    }
-
-                    if ($autoclose) {
-                        // check if this autoclose is doomed to fail
-                        // (this rechecks $parent, which his harmless)
-                        $autoclose_ok = isset($global_parent_allowed_elements[$token->name]);
-                        if (!$autoclose_ok) {
-                            foreach ($this->stack as $ancestor) {
-                                $elements = $definition->info[$ancestor->name]->child->getAllowedElements($config);
-                                if (isset($elements[$token->name])) {
-                                    $autoclose_ok = true;
-                                    break;
-                                }
-                                if ($definition->info[$token->name]->wrap) {
-                                    $wrapname = $definition->info[$token->name]->wrap;
-                                    $wrapdef = $definition->info[$wrapname];
-                                    $wrap_elements = $wrapdef->child->getAllowedElements($config);
-                                    if (isset($wrap_elements[$token->name]) && isset($elements[$wrapname])) {
-                                        $autoclose_ok = true;
-                                        break;
-                                    }
-                                }
-                            }
-                        }
-                        if ($autoclose_ok) {
-                            // errors need to be updated
-                            $new_token = new HTMLPurifier_Token_End($parent->name);
-                            $new_token->start = $parent;
-                            if ($carryover) {
-                                $element = clone $parent;
-                                // [TagClosedAuto]
-                                $element->armor['MakeWellFormed_TagClosedError'] = true;
-                                $element->carryover = true;
-                                $this->processToken(array($new_token, $token, $element));
-                            } else {
-                                $this->insertBefore($new_token);
-                            }
-                            // [TagClosedSuppress]
-                            if ($e && !isset($parent->armor['MakeWellFormed_TagClosedError'])) {
-                                if (!$carryover) {
-                                    $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag auto closed', $parent);
-                                } else {
-                                    $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag carryover', $parent);
-                                }
-                            }
-                        } else {
-                            $this->remove();
-                        }
-                        $reprocess = true;
-                        continue;
-                    }
-
-                }
-                $ok = true;
-            }
-
-            if ($ok) {
-                foreach ($this->injectors as $i => $injector) {
-                    if (isset($token->skip[$i])) continue;
-                    if ($token->rewind !== null && $token->rewind !== $i) continue;
-                    $injector->handleElement($token);
-                    $this->processToken($token, $i);
-                    $reprocess = true;
-                    break;
-                }
-                if (!$reprocess) {
-                    // ah, nothing interesting happened; do normal processing
-                    $this->swap($token);
-                    if ($token instanceof HTMLPurifier_Token_Start) {
-                        $this->stack[] = $token;
-                    } elseif ($token instanceof HTMLPurifier_Token_End) {
-                        throw new HTMLPurifier_Exception('Improper handling of end tag in start code; possible error in MakeWellFormed');
-                    }
-                }
-                continue;
-            }
-
-            // sanity check: we should be dealing with a closing tag
-            if (!$token instanceof HTMLPurifier_Token_End) {
-                throw new HTMLPurifier_Exception('Unaccounted for tag token in input stream, bug in HTML Purifier');
-            }
-
-            // make sure that we have something open
-            if (empty($this->stack)) {
-                if ($escape_invalid_tags) {
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
-                    $this->swap(new HTMLPurifier_Token_Text(
-                        $generator->generateFromToken($token)
-                    ));
-                } else {
-                    $this->remove();
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
-                }
-                $reprocess = true;
-                continue;
-            }
-
-            // first, check for the simplest case: everything closes neatly.
-            // Eventually, everything passes through here; if there are problems
-            // we modify the input stream accordingly and then punt, so that
-            // the tokens get processed again.
-            $current_parent = array_pop($this->stack);
-            if ($current_parent->name == $token->name) {
-                $token->start = $current_parent;
-                foreach ($this->injectors as $i => $injector) {
-                    if (isset($token->skip[$i])) continue;
-                    if ($token->rewind !== null && $token->rewind !== $i) continue;
-                    $injector->handleEnd($token);
-                    $this->processToken($token, $i);
-                    $this->stack[] = $current_parent;
-                    $reprocess = true;
-                    break;
-                }
-                continue;
-            }
-
-            // okay, so we're trying to close the wrong tag
-
-            // undo the pop previous pop
-            $this->stack[] = $current_parent;
-
-            // scroll back the entire nest, trying to find our tag.
-            // (feature could be to specify how far you'd like to go)
-            $size = count($this->stack);
-            // -2 because -1 is the last element, but we already checked that
-            $skipped_tags = false;
-            for ($j = $size - 2; $j >= 0; $j--) {
-                if ($this->stack[$j]->name == $token->name) {
-                    $skipped_tags = array_slice($this->stack, $j);
-                    break;
-                }
-            }
-
-            // we didn't find the tag, so remove
-            if ($skipped_tags === false) {
-                if ($escape_invalid_tags) {
-                    $this->swap(new HTMLPurifier_Token_Text(
-                        $generator->generateFromToken($token)
-                    ));
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
-                } else {
-                    $this->remove();
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
-                }
-                $reprocess = true;
-                continue;
-            }
-
-            // do errors, in REVERSE $j order: a,b,c with </a></b></c>
-            $c = count($skipped_tags);
-            if ($e) {
-                for ($j = $c - 1; $j > 0; $j--) {
-                    // notice we exclude $j == 0, i.e. the current ending tag, from
-                    // the errors... [TagClosedSuppress]
-                    if (!isset($skipped_tags[$j]->armor['MakeWellFormed_TagClosedError'])) {
-                        $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by element end', $skipped_tags[$j]);
-                    }
-                }
-            }
-
-            // insert tags, in FORWARD $j order: c,b,a with </a></b></c>
-            $replace = array($token);
-            for ($j = 1; $j < $c; $j++) {
-                // ...as well as from the insertions
-                $new_token = new HTMLPurifier_Token_End($skipped_tags[$j]->name);
-                $new_token->start = $skipped_tags[$j];
-                array_unshift($replace, $new_token);
-                if (isset($definition->info[$new_token->name]) && $definition->info[$new_token->name]->formatting) {
-                    // [TagClosedAuto]
-                    $element = clone $skipped_tags[$j];
-                    $element->carryover = true;
-                    $element->armor['MakeWellFormed_TagClosedError'] = true;
-                    $replace[] = $element;
-                }
-            }
-            $this->processToken($replace);
-            $reprocess = true;
-            continue;
-        }
-
-        $context->destroy('CurrentNesting');
-        $context->destroy('InputTokens');
-        $context->destroy('InputIndex');
-        $context->destroy('CurrentToken');
-
-        unset($this->injectors, $this->stack, $this->tokens, $this->t);
-        return $tokens;
-    }
-
-    /**
-     * Processes arbitrary token values for complicated substitution patterns.
-     * In general:
-     *
-     * If $token is an array, it is a list of tokens to substitute for the
-     * current token. These tokens then get individually processed. If there
-     * is a leading integer in the list, that integer determines how many
-     * tokens from the stream should be removed.
-     *
-     * If $token is a regular token, it is swapped with the current token.
-     *
-     * If $token is false, the current token is deleted.
-     *
-     * If $token is an integer, that number of tokens (with the first token
-     * being the current one) will be deleted.
-     *
-     * @param $token Token substitution value
-     * @param $injector Injector that performed the substitution; default is if
-     *        this is not an injector related operation.
-     */
-    protected function processToken($token, $injector = -1) {
-
-        // normalize forms of token
-        if (is_object($token)) $token = array(1, $token);
-        if (is_int($token))    $token = array($token);
-        if ($token === false)  $token = array(1);
-        if (!is_array($token)) throw new HTMLPurifier_Exception('Invalid token type from injector');
-        if (!is_int($token[0])) array_unshift($token, 1);
-        if ($token[0] === 0) throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
-
-        // $token is now an array with the following form:
-        // array(number nodes to delete, new node 1, new node 2, ...)
-
-        $delete = array_shift($token);
-        $old = array_splice($this->tokens, $this->t, $delete, $token);
-
-        if ($injector > -1) {
-            // determine appropriate skips
-            $oldskip = isset($old[0]) ? $old[0]->skip : array();
-            foreach ($token as $object) {
-                $object->skip = $oldskip;
-                $object->skip[$injector] = true;
-            }
-        }
-
-    }
-
-    /**
-     * Inserts a token before the current token. Cursor now points to
-     * this token.  You must reprocess after this.
-     */
-    private function insertBefore($token) {
-        array_splice($this->tokens, $this->t, 0, array($token));
-    }
-
-    /**
-     * Removes current token. Cursor now points to new token occupying previously
-     * occupied space.  You must reprocess after this.
-     */
-    private function remove() {
-        array_splice($this->tokens, $this->t, 1);
-    }
-
-    /**
-     * Swap current token with new token. Cursor points to new token (no
-     * change).  You must reprocess after this.
-     */
-    private function swap($token) {
-        $this->tokens[$this->t] = $token;
-    }
+	/**
+	 * Array stream of tokens being processed.
+	 */
+	protected $tokens;
+
+	/**
+	 * Current index in $tokens.
+	 */
+	protected $t;
+
+	/**
+	 * Current nesting of elements.
+	 */
+	protected $stack;
+
+	/**
+	 * Injectors active in this stream processing.
+	 */
+	protected $injectors;
+
+	/**
+	 * Current instance of HTMLPurifier_Config.
+	 */
+	protected $config;
+
+	/**
+	 * Current instance of HTMLPurifier_Context.
+	 */
+	protected $context;
+
+	public function execute($tokens, $config, $context) {
+
+		$definition = $config->getHTMLDefinition();
+
+		// local variables
+		$generator = new HTMLPurifier_Generator($config, $context);
+		$escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
+		// used for autoclose early abortion
+		$global_parent_allowed_elements = array();
+		if (isset($definition->info[$definition->info_parent])) {
+			// may be unset under testing circumstances
+			$global_parent_allowed_elements = $definition->info[$definition->info_parent]->child->getAllowedElements($config);
+		}
+		$e = $context->get('ErrorCollector', true);
+		$t = false; // token index
+		$i = false; // injector index
+		$token      = false; // the current token
+		$reprocess  = false; // whether or not to reprocess the same token
+		$stack = array();
+
+		// member variables
+		$this->stack   =& $stack;
+		$this->t       =& $t;
+		$this->tokens  =& $tokens;
+		$this->config  = $config;
+		$this->context = $context;
+
+		// context variables
+		$context->register('CurrentNesting', $stack);
+		$context->register('InputIndex',     $t);
+		$context->register('InputTokens',    $tokens);
+		$context->register('CurrentToken',   $token);
+
+		// -- begin INJECTOR --
+
+		$this->injectors = array();
+
+		$injectors = $config->getBatch('AutoFormat');
+		$def_injectors = $definition->info_injector;
+		$custom_injectors = $injectors['Custom'];
+		unset($injectors['Custom']); // special case
+		foreach ($injectors as $injector => $b) {
+			// XXX: Fix with a legitimate lookup table of enabled filters
+			if (strpos($injector, '.') !== false) continue;
+			$injector = "HTMLPurifier_Injector_$injector";
+			if (!$b) continue;
+			$this->injectors[] = new $injector;
+		}
+		foreach ($def_injectors as $injector) {
+			// assumed to be objects
+			$this->injectors[] = $injector;
+		}
+		foreach ($custom_injectors as $injector) {
+			if (!$injector) continue;
+			if (is_string($injector)) {
+				$injector = "HTMLPurifier_Injector_$injector";
+				$injector = new $injector;
+			}
+			$this->injectors[] = $injector;
+		}
+
+		// give the injectors references to the definition and context
+		// variables for performance reasons
+		foreach ($this->injectors as $ix => $injector) {
+			$error = $injector->prepare($config, $context);
+			if (!$error) continue;
+			array_splice($this->injectors, $ix, 1); // rm the injector
+			trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING);
+		}
+
+		// -- end INJECTOR --
+
+		// a note on reprocessing:
+		//      In order to reduce code duplication, whenever some code needs
+		//      to make HTML changes in order to make things "correct", the
+		//      new HTML gets sent through the purifier, regardless of its
+		//      status. This means that if we add a start token, because it
+		//      was totally necessary, we don't have to update nesting; we just
+		//      punt ($reprocess = true; continue;) and it does that for us.
+
+		// isset is in loop because $tokens size changes during loop exec
+		for (
+			$t = 0;
+			$t == 0 || isset($tokens[$t - 1]);
+			// only increment if we don't need to reprocess
+			$reprocess ? $reprocess = false : $t++
+		) {
+
+			// check for a rewind
+			if (is_int($i) && $i >= 0) {
+				// possibility: disable rewinding if the current token has a
+				// rewind set on it already. This would offer protection from
+				// infinite loop, but might hinder some advanced rewinding.
+				$rewind_to = $this->injectors[$i]->getRewind();
+				if (is_int($rewind_to) && $rewind_to < $t) {
+					if ($rewind_to < 0) $rewind_to = 0;
+					while ($t > $rewind_to) {
+						$t--;
+						$prev = $tokens[$t];
+						// indicate that other injectors should not process this token,
+						// but we need to reprocess it
+						unset($prev->skip[$i]);
+						$prev->rewind = $i;
+						if ($prev instanceof HTMLPurifier_Token_Start) array_pop($this->stack);
+						elseif ($prev instanceof HTMLPurifier_Token_End) $this->stack[] = $prev->start;
+					}
+				}
+				$i = false;
+			}
+
+			// handle case of document end
+			if (!isset($tokens[$t])) {
+				// kill processing if stack is empty
+				if (empty($this->stack)) break;
+
+				// peek
+				$top_nesting = array_pop($this->stack);
+				$this->stack[] = $top_nesting;
+
+				// send error [TagClosedSuppress]
+				if ($e && !isset($top_nesting->armor['MakeWellFormed_TagClosedError'])) {
+					$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by document end', $top_nesting);
+				}
+
+				// append, don't splice, since this is the end
+				$tokens[] = new HTMLPurifier_Token_End($top_nesting->name);
+
+				// punt!
+				$reprocess = true;
+				continue;
+			}
+
+			$token = $tokens[$t];
+
+			//echo '<br>'; printTokens($tokens, $t); printTokens($this->stack);
+			//flush();
+
+			// quick-check: if it's not a tag, no need to process
+			if (empty($token->is_tag)) {
+				if ($token instanceof HTMLPurifier_Token_Text) {
+					foreach ($this->injectors as $i => $injector) {
+						if (isset($token->skip[$i])) continue;
+						if ($token->rewind !== null && $token->rewind !== $i) continue;
+						$injector->handleText($token);
+						$this->processToken($token, $i);
+						$reprocess = true;
+						break;
+					}
+				}
+				// another possibility is a comment
+				continue;
+			}
+
+			if (isset($definition->info[$token->name])) {
+				$type = $definition->info[$token->name]->child->type;
+			} else {
+				$type = false; // Type is unknown, treat accordingly
+			}
+
+			// quick tag checks: anything that's *not* an end tag
+			$ok = false;
+			if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) {
+				// claims to be a start tag but is empty
+				$token = new HTMLPurifier_Token_Empty($token->name, $token->attr, $token->line, $token->col, $token->armor);
+				$ok = true;
+			} elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) {
+				// claims to be empty but really is a start tag
+				$this->swap(new HTMLPurifier_Token_End($token->name));
+				$this->insertBefore(new HTMLPurifier_Token_Start($token->name, $token->attr, $token->line, $token->col, $token->armor));
+				// punt (since we had to modify the input stream in a non-trivial way)
+				$reprocess = true;
+				continue;
+			} elseif ($token instanceof HTMLPurifier_Token_Empty) {
+				// real empty token
+				$ok = true;
+			} elseif ($token instanceof HTMLPurifier_Token_Start) {
+				// start tag
+
+				// ...unless they also have to close their parent
+				if (!empty($this->stack)) {
+
+					// Performance note: you might think that it's rather
+					// inefficient, recalculating the autoclose information
+					// for every tag that a token closes (since when we
+					// do an autoclose, we push a new token into the
+					// stream and then /process/ that, before
+					// re-processing this token.)  But this is
+					// necessary, because an injector can make an
+					// arbitrary transformations to the autoclosing
+					// tokens we introduce, so things may have changed
+					// in the meantime.  Also, doing the inefficient thing is
+					// "easy" to reason about (for certain perverse definitions
+					// of "easy")
+
+					$parent = array_pop($this->stack);
+					$this->stack[] = $parent;
+
+					if (isset($definition->info[$parent->name])) {
+						$elements = $definition->info[$parent->name]->child->getAllowedElements($config);
+						$autoclose = !isset($elements[$token->name]);
+					} else {
+						$autoclose = false;
+					}
+
+					if ($autoclose && $definition->info[$token->name]->wrap) {
+						// Check if an element can be wrapped by another 
+						// element to make it valid in a context (for 
+						// example, <ul><ul> needs a <li> in between)
+						$wrapname = $definition->info[$token->name]->wrap;
+						$wrapdef = $definition->info[$wrapname];
+						$elements = $wrapdef->child->getAllowedElements($config);
+						$parent_elements = $definition->info[$parent->name]->child->getAllowedElements($config);
+						if (isset($elements[$token->name]) && isset($parent_elements[$wrapname])) {
+							$newtoken = new HTMLPurifier_Token_Start($wrapname);
+							$this->insertBefore($newtoken);
+							$reprocess = true;
+							continue;
+						}
+					}
+
+					$carryover = false;
+					if ($autoclose && $definition->info[$parent->name]->formatting) {
+						$carryover = true;
+					}
+
+					if ($autoclose) {
+						// check if this autoclose is doomed to fail
+						// (this rechecks $parent, which his harmless)
+						$autoclose_ok = isset($global_parent_allowed_elements[$token->name]);
+						if (!$autoclose_ok) {
+							foreach ($this->stack as $ancestor) {
+								$elements = $definition->info[$ancestor->name]->child->getAllowedElements($config);
+								if (isset($elements[$token->name])) {
+									$autoclose_ok = true;
+									break;
+								}
+								if ($definition->info[$token->name]->wrap) {
+									$wrapname = $definition->info[$token->name]->wrap;
+									$wrapdef = $definition->info[$wrapname];
+									$wrap_elements = $wrapdef->child->getAllowedElements($config);
+									if (isset($wrap_elements[$token->name]) && isset($elements[$wrapname])) {
+										$autoclose_ok = true;
+										break;
+									}
+								}
+							}
+						}
+						if ($autoclose_ok) {
+							// errors need to be updated
+							$new_token = new HTMLPurifier_Token_End($parent->name);
+							$new_token->start = $parent;
+							if ($carryover) {
+								$element = clone $parent;
+								// [TagClosedAuto]
+								$element->armor['MakeWellFormed_TagClosedError'] = true;
+								$element->carryover = true;
+								$this->processToken(array($new_token, $token, $element));
+							} else {
+								$this->insertBefore($new_token);
+							}
+							// [TagClosedSuppress]
+							if ($e && !isset($parent->armor['MakeWellFormed_TagClosedError'])) {
+								if (!$carryover) {
+									$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag auto closed', $parent);
+								} else {
+									$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag carryover', $parent);
+								}
+							}
+						} else {
+							$this->remove();
+						}
+						$reprocess = true;
+						continue;
+					}
+
+				}
+				$ok = true;
+			}
+
+			if ($ok) {
+				foreach ($this->injectors as $i => $injector) {
+					if (isset($token->skip[$i])) continue;
+					if ($token->rewind !== null && $token->rewind !== $i) continue;
+					$injector->handleElement($token);
+					$this->processToken($token, $i);
+					$reprocess = true;
+					break;
+				}
+				if (!$reprocess) {
+					// ah, nothing interesting happened; do normal processing
+					$this->swap($token);
+					if ($token instanceof HTMLPurifier_Token_Start) {
+						$this->stack[] = $token;
+					} elseif ($token instanceof HTMLPurifier_Token_End) {
+						throw new HTMLPurifier_Exception('Improper handling of end tag in start code; possible error in MakeWellFormed');
+					}
+				}
+				continue;
+			}
+
+			// sanity check: we should be dealing with a closing tag
+			if (!$token instanceof HTMLPurifier_Token_End) {
+				throw new HTMLPurifier_Exception('Unaccounted for tag token in input stream, bug in HTML Purifier');
+			}
+
+			// make sure that we have something open
+			if (empty($this->stack)) {
+				if ($escape_invalid_tags) {
+					if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
+					$this->swap(new HTMLPurifier_Token_Text(
+						$generator->generateFromToken($token)
+					));
+				} else {
+					$this->remove();
+					if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
+				}
+				$reprocess = true;
+				continue;
+			}
+
+			// first, check for the simplest case: everything closes neatly.
+			// Eventually, everything passes through here; if there are problems
+			// we modify the input stream accordingly and then punt, so that
+			// the tokens get processed again.
+			$current_parent = array_pop($this->stack);
+			if ($current_parent->name == $token->name) {
+				$token->start = $current_parent;
+				foreach ($this->injectors as $i => $injector) {
+					if (isset($token->skip[$i])) continue;
+					if ($token->rewind !== null && $token->rewind !== $i) continue;
+					$injector->handleEnd($token);
+					$this->processToken($token, $i);
+					$this->stack[] = $current_parent;
+					$reprocess = true;
+					break;
+				}
+				continue;
+			}
+
+			// okay, so we're trying to close the wrong tag
+
+			// undo the pop previous pop
+			$this->stack[] = $current_parent;
+
+			// scroll back the entire nest, trying to find our tag.
+			// (feature could be to specify how far you'd like to go)
+			$size = count($this->stack);
+			// -2 because -1 is the last element, but we already checked that
+			$skipped_tags = false;
+			for ($j = $size - 2; $j >= 0; $j--) {
+				if ($this->stack[$j]->name == $token->name) {
+					$skipped_tags = array_slice($this->stack, $j);
+					break;
+				}
+			}
+
+			// we didn't find the tag, so remove
+			if ($skipped_tags === false) {
+				if ($escape_invalid_tags) {
+					$this->swap(new HTMLPurifier_Token_Text(
+						$generator->generateFromToken($token)
+					));
+					if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
+				} else {
+					$this->remove();
+					if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
+				}
+				$reprocess = true;
+				continue;
+			}
+
+			// do errors, in REVERSE $j order: a,b,c with </a></b></c>
+			$c = count($skipped_tags);
+			if ($e) {
+				for ($j = $c - 1; $j > 0; $j--) {
+					// notice we exclude $j == 0, i.e. the current ending tag, from
+					// the errors... [TagClosedSuppress]
+					if (!isset($skipped_tags[$j]->armor['MakeWellFormed_TagClosedError'])) {
+						$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by element end', $skipped_tags[$j]);
+					}
+				}
+			}
+
+			// insert tags, in FORWARD $j order: c,b,a with </a></b></c>
+			$replace = array($token);
+			for ($j = 1; $j < $c; $j++) {
+				// ...as well as from the insertions
+				$new_token = new HTMLPurifier_Token_End($skipped_tags[$j]->name);
+				$new_token->start = $skipped_tags[$j];
+				array_unshift($replace, $new_token);
+				if (isset($definition->info[$new_token->name]) && $definition->info[$new_token->name]->formatting) {
+					// [TagClosedAuto]
+					$element = clone $skipped_tags[$j];
+					$element->carryover = true;
+					$element->armor['MakeWellFormed_TagClosedError'] = true;
+					$replace[] = $element;
+				}
+			}
+			$this->processToken($replace);
+			$reprocess = true;
+			continue;
+		}
+
+		$context->destroy('CurrentNesting');
+		$context->destroy('InputTokens');
+		$context->destroy('InputIndex');
+		$context->destroy('CurrentToken');
+
+		unset($this->injectors, $this->stack, $this->tokens, $this->t);
+		return $tokens;
+	}
+
+	/**
+	 * Processes arbitrary token values for complicated substitution patterns.
+	 * In general:
+	 *
+	 * If $token is an array, it is a list of tokens to substitute for the
+	 * current token. These tokens then get individually processed. If there
+	 * is a leading integer in the list, that integer determines how many
+	 * tokens from the stream should be removed.
+	 *
+	 * If $token is a regular token, it is swapped with the current token.
+	 *
+	 * If $token is false, the current token is deleted.
+	 *
+	 * If $token is an integer, that number of tokens (with the first token
+	 * being the current one) will be deleted.
+	 *
+	 * @param $token Token substitution value
+	 * @param $injector Injector that performed the substitution; default is if
+	 *        this is not an injector related operation.
+	 */
+	protected function processToken($token, $injector = -1) {
+
+		// normalize forms of token
+		if (is_object($token)) $token = array(1, $token);
+		if (is_int($token))    $token = array($token);
+		if ($token === false)  $token = array(1);
+		if (!is_array($token)) throw new HTMLPurifier_Exception('Invalid token type from injector');
+		if (!is_int($token[0])) array_unshift($token, 1);
+		if ($token[0] === 0) throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
+
+		// $token is now an array with the following form:
+		// array(number nodes to delete, new node 1, new node 2, ...)
+
+		$delete = array_shift($token);
+		$old = array_splice($this->tokens, $this->t, $delete, $token);
+
+		if ($injector > -1) {
+			// determine appropriate skips
+			$oldskip = isset($old[0]) ? $old[0]->skip : array();
+			foreach ($token as $object) {
+				$object->skip = $oldskip;
+				$object->skip[$injector] = true;
+			}
+		}
+
+	}
+
+	/**
+	 * Inserts a token before the current token. Cursor now points to
+	 * this token.  You must reprocess after this.
+	 */
+	private function insertBefore($token) {
+		array_splice($this->tokens, $this->t, 0, array($token));
+	}
+
+	/**
+	 * Removes current token. Cursor now points to new token occupying previously
+	 * occupied space.  You must reprocess after this.
+	 */
+	private function remove() {
+		array_splice($this->tokens, $this->t, 1);
+	}
+
+	/**
+	 * Swap current token with new token. Cursor points to new token (no
+	 * change).  You must reprocess after this.
+	 */
+	private function swap($token) {
+		$this->tokens[$this->t] = $token;
+	}
 
 }
 

Spacing +6 added lines, -6 removed lines

@@ -65,17 +65,17 @@
         $stack = array();
 
         // member variables
-        $this->stack   =& $stack;
-        $this->t       =& $t;
-        $this->tokens  =& $tokens;
+        $this->stack   = & $stack;
+        $this->t       = & $t;
+        $this->tokens  = & $tokens;
         $this->config  = $config;
         $this->context = $context;
 
         // context variables
         $context->register('CurrentNesting', $stack);
-        $context->register('InputIndex',     $t);
-        $context->register('InputTokens',    $tokens);
-        $context->register('CurrentToken',   $token);
+        $context->register('InputIndex', $t);
+        $context->register('InputTokens', $tokens);
+        $context->register('CurrentToken', $token);
 
         // -- begin INJECTOR --
 

Braces +71 added lines, -24 removed lines

@@ -87,9 +87,13 @@ 
         unset($injectors['Custom']); // special case
         foreach ($injectors as $injector => $b) {
             // XXX: Fix with a legitimate lookup table of enabled filters
-            if (strpos($injector, '.') !== false) continue;
+            if (strpos($injector, '.') !== false) {
+            	continue;
+            }
             $injector = "HTMLPurifier_Injector_$injector";
-            if (!$b) continue;
+            if (!$b) {
+            	continue;
+            }
             $this->injectors[] = new $injector;
         }
         foreach ($def_injectors as $injector) {
@@ -97,7 +101,9 @@ 
             $this->injectors[] = $injector;
         }
         foreach ($custom_injectors as $injector) {
-            if (!$injector) continue;
+            if (!$injector) {
+            	continue;
+            }
             if (is_string($injector)) {
                 $injector = "HTMLPurifier_Injector_$injector";
                 $injector = new $injector;
@@ -109,7 +115,9 @@ 
         // variables for performance reasons
         foreach ($this->injectors as $ix => $injector) {
             $error = $injector->prepare($config, $context);
-            if (!$error) continue;
+            if (!$error) {
+            	continue;
+            }
             array_splice($this->injectors, $ix, 1); // rm the injector
             trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING);
         }
@@ -139,7 +147,9 @@ 
                 // infinite loop, but might hinder some advanced rewinding.
                 $rewind_to = $this->injectors[$i]->getRewind();
                 if (is_int($rewind_to) && $rewind_to < $t) {
-                    if ($rewind_to < 0) $rewind_to = 0;
+                    if ($rewind_to < 0) {
+                    	$rewind_to = 0;
+                    }
                     while ($t > $rewind_to) {
                         $t--;
                         $prev = $tokens[$t];
@@ -147,8 +157,11 @@ 
                         // but we need to reprocess it
                         unset($prev->skip[$i]);
                         $prev->rewind = $i;
-                        if ($prev instanceof HTMLPurifier_Token_Start) array_pop($this->stack);
-                        elseif ($prev instanceof HTMLPurifier_Token_End) $this->stack[] = $prev->start;
+                        if ($prev instanceof HTMLPurifier_Token_Start) {
+                        	array_pop($this->stack);
+                        } elseif ($prev instanceof HTMLPurifier_Token_End) {
+                        	$this->stack[] = $prev->start;
+                        }
                     }
                 }
                 $i = false;
@@ -157,7 +170,9 @@ 
             // handle case of document end
             if (!isset($tokens[$t])) {
                 // kill processing if stack is empty
-                if (empty($this->stack)) break;
+                if (empty($this->stack)) {
+                	break;
+                }
 
                 // peek
                 $top_nesting = array_pop($this->stack);
@@ -185,8 +200,12 @@ 
             if (empty($token->is_tag)) {
                 if ($token instanceof HTMLPurifier_Token_Text) {
                     foreach ($this->injectors as $i => $injector) {
-                        if (isset($token->skip[$i])) continue;
-                        if ($token->rewind !== null && $token->rewind !== $i) continue;
+                        if (isset($token->skip[$i])) {
+                        	continue;
+                        }
+                        if ($token->rewind !== null && $token->rewind !== $i) {
+                        	continue;
+                        }
                         $injector->handleText($token);
                         $this->processToken($token, $i);
                         $reprocess = true;
@@ -325,8 +344,12 @@ 
 
             if ($ok) {
                 foreach ($this->injectors as $i => $injector) {
-                    if (isset($token->skip[$i])) continue;
-                    if ($token->rewind !== null && $token->rewind !== $i) continue;
+                    if (isset($token->skip[$i])) {
+                    	continue;
+                    }
+                    if ($token->rewind !== null && $token->rewind !== $i) {
+                    	continue;
+                    }
                     $injector->handleElement($token);
                     $this->processToken($token, $i);
                     $reprocess = true;
@@ -352,13 +375,17 @@ 
             // make sure that we have something open
             if (empty($this->stack)) {
                 if ($escape_invalid_tags) {
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
+                    if ($e) {
+                    	$e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
+                    }
                     $this->swap(new HTMLPurifier_Token_Text(
                         $generator->generateFromToken($token)
                     ));
                 } else {
                     $this->remove();
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
+                    if ($e) {
+                    	$e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
+                    }
                 }
                 $reprocess = true;
                 continue;
@@ -372,8 +399,12 @@ 
             if ($current_parent->name == $token->name) {
                 $token->start = $current_parent;
                 foreach ($this->injectors as $i => $injector) {
-                    if (isset($token->skip[$i])) continue;
-                    if ($token->rewind !== null && $token->rewind !== $i) continue;
+                    if (isset($token->skip[$i])) {
+                    	continue;
+                    }
+                    if ($token->rewind !== null && $token->rewind !== $i) {
+                    	continue;
+                    }
                     $injector->handleEnd($token);
                     $this->processToken($token, $i);
                     $this->stack[] = $current_parent;
@@ -406,10 +437,14 @@ 
                     $this->swap(new HTMLPurifier_Token_Text(
                         $generator->generateFromToken($token)
                     ));
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
+                    if ($e) {
+                    	$e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
+                    }
                 } else {
                     $this->remove();
-                    if ($e) $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
+                    if ($e) {
+                    	$e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
+                    }
                 }
                 $reprocess = true;
                 continue;
@@ -479,12 +514,24 @@ 
     protected function processToken($token, $injector = -1) {
 
         // normalize forms of token
-        if (is_object($token)) $token = array(1, $token);
-        if (is_int($token))    $token = array($token);
-        if ($token === false)  $token = array(1);
-        if (!is_array($token)) throw new HTMLPurifier_Exception('Invalid token type from injector');
-        if (!is_int($token[0])) array_unshift($token, 1);
-        if ($token[0] === 0) throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
+        if (is_object($token)) {
+        	$token = array(1, $token);
+        }
+        if (is_int($token)) {
+        	$token = array($token);
+        }
+        if ($token === false) {
+        	$token = array(1);
+        }
+        if (!is_array($token)) {
+        	throw new HTMLPurifier_Exception('Invalid token type from injector');
+        }
+        if (!is_int($token[0])) {
+        	array_unshift($token, 1);
+        }
+        if ($token[0] === 0) {
+        	throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
+        }
 
         // $token is now an array with the following form:
         // array(number nodes to delete, new node 1, new node 2, ...)

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/RemoveForeignElements.php

Indentation +171 added lines, -171 removed lines

@@ -11,177 +11,177 @@
 class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
 {
 
-    public function execute($tokens, $config, $context) {
-        $definition = $config->getHTMLDefinition();
-        $generator = new HTMLPurifier_Generator($config, $context);
-        $result = array();
-
-        $escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
-        $remove_invalid_img  = $config->get('Core.RemoveInvalidImg');
-
-        // currently only used to determine if comments should be kept
-        $trusted = $config->get('HTML.Trusted');
-        $comment_lookup = $config->get('HTML.AllowedComments');
-        $comment_regexp = $config->get('HTML.AllowedCommentsRegexp');
-        $check_comments = $comment_lookup !== array() || $comment_regexp !== null;
-
-        $remove_script_contents = $config->get('Core.RemoveScriptContents');
-        $hidden_elements     = $config->get('Core.HiddenElements');
-
-        // remove script contents compatibility
-        if ($remove_script_contents === true) {
-            $hidden_elements['script'] = true;
-        } elseif ($remove_script_contents === false && isset($hidden_elements['script'])) {
-            unset($hidden_elements['script']);
-        }
-
-        $attr_validator = new HTMLPurifier_AttrValidator();
-
-        // removes tokens until it reaches a closing tag with its value
-        $remove_until = false;
-
-        // converts comments into text tokens when this is equal to a tag name
-        $textify_comments = false;
-
-        $token = false;
-        $context->register('CurrentToken', $token);
-
-        $e = false;
-        if ($config->get('Core.CollectErrors')) {
-            $e =& $context->get('ErrorCollector');
-        }
-
-        foreach($tokens as $token) {
-            if ($remove_until) {
-                if (empty($token->is_tag) || $token->name !== $remove_until) {
-                    continue;
-                }
-            }
-            if (!empty( $token->is_tag )) {
-                // DEFINITION CALL
-
-                // before any processing, try to transform the element
-                if (
-                    isset($definition->info_tag_transform[$token->name])
-                ) {
-                    $original_name = $token->name;
-                    // there is a transformation for this tag
-                    // DEFINITION CALL
-                    $token = $definition->
-                                info_tag_transform[$token->name]->
-                                    transform($token, $config, $context);
-                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
-                }
-
-                if (isset($definition->info[$token->name])) {
-
-                    // mostly everything's good, but
-                    // we need to make sure required attributes are in order
-                    if (
-                        ($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) &&
-                        $definition->info[$token->name]->required_attr &&
-                        ($token->name != 'img' || $remove_invalid_img) // ensure config option still works
-                    ) {
-                        $attr_validator->validateToken($token, $config, $context);
-                        $ok = true;
-                        foreach ($definition->info[$token->name]->required_attr as $name) {
-                            if (!isset($token->attr[$name])) {
-                                $ok = false;
-                                break;
-                            }
-                        }
-                        if (!$ok) {
-                            if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name);
-                            continue;
-                        }
-                        $token->armor['ValidateAttributes'] = true;
-                    }
-
-                    if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) {
-                        $textify_comments = $token->name;
-                    } elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) {
-                        $textify_comments = false;
-                    }
-
-                } elseif ($escape_invalid_tags) {
-                    // invalid tag, generate HTML representation and insert in
-                    if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
-                    $token = new HTMLPurifier_Token_Text(
-                        $generator->generateFromToken($token)
-                    );
-                } else {
-                    // check if we need to destroy all of the tag's children
-                    // CAN BE GENERICIZED
-                    if (isset($hidden_elements[$token->name])) {
-                        if ($token instanceof HTMLPurifier_Token_Start) {
-                            $remove_until = $token->name;
-                        } elseif ($token instanceof HTMLPurifier_Token_Empty) {
-                            // do nothing: we're still looking
-                        } else {
-                            $remove_until = false;
-                        }
-                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
-                    } else {
-                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
-                    }
-                    continue;
-                }
-            } elseif ($token instanceof HTMLPurifier_Token_Comment) {
-                // textify comments in script tags when they are allowed
-                if ($textify_comments !== false) {
-                    $data = $token->data;
-                    $token = new HTMLPurifier_Token_Text($data);
-                } elseif ($trusted || $check_comments) {
-                    // always cleanup comments
-                    $trailing_hyphen = false;
-                    if ($e) {
-                        // perform check whether or not there's a trailing hyphen
-                        if (substr($token->data, -1) == '-') {
-                            $trailing_hyphen = true;
-                        }
-                    }
-                    $token->data = rtrim($token->data, '-');
-                    $found_double_hyphen = false;
-                    while (strpos($token->data, '--') !== false) {
-                        $found_double_hyphen = true;
-                        $token->data = str_replace('--', '-', $token->data);
-                    }
-                    if ($trusted || !empty($comment_lookup[trim($token->data)]) || ($comment_regexp !== NULL && preg_match($comment_regexp, trim($token->data)))) {
-                        // OK good
-                        if ($e) {
-                            if ($trailing_hyphen) {
-                                $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed');
-                            }
-                            if ($found_double_hyphen) {
-                                $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed');
-                            }
-                        }
-                    } else {
-                        if ($e) {
-                            $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
-                        }
-                        continue;
-                    }
-                } else {
-                    // strip comments
-                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
-                    continue;
-                }
-            } elseif ($token instanceof HTMLPurifier_Token_Text) {
-            } else {
-                continue;
-            }
-            $result[] = $token;
-        }
-        if ($remove_until && $e) {
-            // we removed tokens until the end, throw error
-            $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
-        }
-
-        $context->destroy('CurrentToken');
-
-        return $result;
-    }
+	public function execute($tokens, $config, $context) {
+		$definition = $config->getHTMLDefinition();
+		$generator = new HTMLPurifier_Generator($config, $context);
+		$result = array();
+
+		$escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
+		$remove_invalid_img  = $config->get('Core.RemoveInvalidImg');
+
+		// currently only used to determine if comments should be kept
+		$trusted = $config->get('HTML.Trusted');
+		$comment_lookup = $config->get('HTML.AllowedComments');
+		$comment_regexp = $config->get('HTML.AllowedCommentsRegexp');
+		$check_comments = $comment_lookup !== array() || $comment_regexp !== null;
+
+		$remove_script_contents = $config->get('Core.RemoveScriptContents');
+		$hidden_elements     = $config->get('Core.HiddenElements');
+
+		// remove script contents compatibility
+		if ($remove_script_contents === true) {
+			$hidden_elements['script'] = true;
+		} elseif ($remove_script_contents === false && isset($hidden_elements['script'])) {
+			unset($hidden_elements['script']);
+		}
+
+		$attr_validator = new HTMLPurifier_AttrValidator();
+
+		// removes tokens until it reaches a closing tag with its value
+		$remove_until = false;
+
+		// converts comments into text tokens when this is equal to a tag name
+		$textify_comments = false;
+
+		$token = false;
+		$context->register('CurrentToken', $token);
+
+		$e = false;
+		if ($config->get('Core.CollectErrors')) {
+			$e =& $context->get('ErrorCollector');
+		}
+
+		foreach($tokens as $token) {
+			if ($remove_until) {
+				if (empty($token->is_tag) || $token->name !== $remove_until) {
+					continue;
+				}
+			}
+			if (!empty( $token->is_tag )) {
+				// DEFINITION CALL
+
+				// before any processing, try to transform the element
+				if (
+					isset($definition->info_tag_transform[$token->name])
+				) {
+					$original_name = $token->name;
+					// there is a transformation for this tag
+					// DEFINITION CALL
+					$token = $definition->
+								info_tag_transform[$token->name]->
+									transform($token, $config, $context);
+					if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
+				}
+
+				if (isset($definition->info[$token->name])) {
+
+					// mostly everything's good, but
+					// we need to make sure required attributes are in order
+					if (
+						($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) &&
+						$definition->info[$token->name]->required_attr &&
+						($token->name != 'img' || $remove_invalid_img) // ensure config option still works
+					) {
+						$attr_validator->validateToken($token, $config, $context);
+						$ok = true;
+						foreach ($definition->info[$token->name]->required_attr as $name) {
+							if (!isset($token->attr[$name])) {
+								$ok = false;
+								break;
+							}
+						}
+						if (!$ok) {
+							if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name);
+							continue;
+						}
+						$token->armor['ValidateAttributes'] = true;
+					}
+
+					if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) {
+						$textify_comments = $token->name;
+					} elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) {
+						$textify_comments = false;
+					}
+
+				} elseif ($escape_invalid_tags) {
+					// invalid tag, generate HTML representation and insert in
+					if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
+					$token = new HTMLPurifier_Token_Text(
+						$generator->generateFromToken($token)
+					);
+				} else {
+					// check if we need to destroy all of the tag's children
+					// CAN BE GENERICIZED
+					if (isset($hidden_elements[$token->name])) {
+						if ($token instanceof HTMLPurifier_Token_Start) {
+							$remove_until = $token->name;
+						} elseif ($token instanceof HTMLPurifier_Token_Empty) {
+							// do nothing: we're still looking
+						} else {
+							$remove_until = false;
+						}
+						if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
+					} else {
+						if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
+					}
+					continue;
+				}
+			} elseif ($token instanceof HTMLPurifier_Token_Comment) {
+				// textify comments in script tags when they are allowed
+				if ($textify_comments !== false) {
+					$data = $token->data;
+					$token = new HTMLPurifier_Token_Text($data);
+				} elseif ($trusted || $check_comments) {
+					// always cleanup comments
+					$trailing_hyphen = false;
+					if ($e) {
+						// perform check whether or not there's a trailing hyphen
+						if (substr($token->data, -1) == '-') {
+							$trailing_hyphen = true;
+						}
+					}
+					$token->data = rtrim($token->data, '-');
+					$found_double_hyphen = false;
+					while (strpos($token->data, '--') !== false) {
+						$found_double_hyphen = true;
+						$token->data = str_replace('--', '-', $token->data);
+					}
+					if ($trusted || !empty($comment_lookup[trim($token->data)]) || ($comment_regexp !== NULL && preg_match($comment_regexp, trim($token->data)))) {
+						// OK good
+						if ($e) {
+							if ($trailing_hyphen) {
+								$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed');
+							}
+							if ($found_double_hyphen) {
+								$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed');
+							}
+						}
+					} else {
+						if ($e) {
+							$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
+						}
+						continue;
+					}
+				} else {
+					// strip comments
+					if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
+					continue;
+				}
+			} elseif ($token instanceof HTMLPurifier_Token_Text) {
+			} else {
+				continue;
+			}
+			$result[] = $token;
+		}
+		if ($remove_until && $e) {
+			// we removed tokens until the end, throw error
+			$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
+		}
+
+		$context->destroy('CurrentToken');
+
+		return $result;
+	}
 
 }
 

Spacing +4 added lines, -4 removed lines

@@ -26,7 +26,7 @@ 
         $check_comments = $comment_lookup !== array() || $comment_regexp !== null;
 
         $remove_script_contents = $config->get('Core.RemoveScriptContents');
-        $hidden_elements     = $config->get('Core.HiddenElements');
+        $hidden_elements = $config->get('Core.HiddenElements');
 
         // remove script contents compatibility
         if ($remove_script_contents === true) {
@@ -48,16 +48,16 @@ 
 
         $e = false;
         if ($config->get('Core.CollectErrors')) {
-            $e =& $context->get('ErrorCollector');
+            $e = & $context->get('ErrorCollector');
         }
 
-        foreach($tokens as $token) {
+        foreach ($tokens as $token) {
             if ($remove_until) {
                 if (empty($token->is_tag) || $token->name !== $remove_until) {
                     continue;
                 }
             }
-            if (!empty( $token->is_tag )) {
+            if (!empty($token->is_tag)) {
                 // DEFINITION CALL
 
                 // before any processing, try to transform the element

Braces +18 added lines, -6 removed lines

@@ -70,7 +70,9 @@ 
                     $token = $definition->
                                 info_tag_transform[$token->name]->
                                     transform($token, $config, $context);
-                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
+                    if ($e) {
+                    	$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
+                    }
                 }
 
                 if (isset($definition->info[$token->name])) {
@@ -91,7 +93,9 @@ 
                             }
                         }
                         if (!$ok) {
-                            if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name);
+                            if ($e) {
+                            	$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name);
+                            }
                             continue;
                         }
                         $token->armor['ValidateAttributes'] = true;
@@ -105,7 +109,9 @@ 
 
                 } elseif ($escape_invalid_tags) {
                     // invalid tag, generate HTML representation and insert in
-                    if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
+                    if ($e) {
+                    	$e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
+                    }
                     $token = new HTMLPurifier_Token_Text(
                         $generator->generateFromToken($token)
                     );
@@ -120,9 +126,13 @@ 
                         } else {
                             $remove_until = false;
                         }
-                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
+                        if ($e) {
+                        	$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
+                        }
                     } else {
-                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
+                        if ($e) {
+                        	$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
+                        }
                     }
                     continue;
                 }
@@ -164,7 +174,9 @@ 
                     }
                 } else {
                     // strip comments
-                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
+                    if ($e) {
+                    	$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
+                    }
                     continue;
                 }
             } elseif ($token instanceof HTMLPurifier_Token_Text) {

classes/security/htmlpurifier/library/HTMLPurifier/Strategy/ValidateAttributes.php

Indentation +18 added lines, -18 removed lines

@@ -7,32 +7,32 @@
 class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
 {
 
-    public function execute($tokens, $config, $context) {
+	public function execute($tokens, $config, $context) {
 
-        // setup validator
-        $validator = new HTMLPurifier_AttrValidator();
+		// setup validator
+		$validator = new HTMLPurifier_AttrValidator();
 
-        $token = false;
-        $context->register('CurrentToken', $token);
+		$token = false;
+		$context->register('CurrentToken', $token);
 
-        foreach ($tokens as $key => $token) {
+		foreach ($tokens as $key => $token) {
 
-            // only process tokens that have attributes,
-            //   namely start and empty tags
-            if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
+			// only process tokens that have attributes,
+			//   namely start and empty tags
+			if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
 
-            // skip tokens that are armored
-            if (!empty($token->armor['ValidateAttributes'])) continue;
+			// skip tokens that are armored
+			if (!empty($token->armor['ValidateAttributes'])) continue;
 
-            // note that we have no facilities here for removing tokens
-            $validator->validateToken($token, $config, $context);
+			// note that we have no facilities here for removing tokens
+			$validator->validateToken($token, $config, $context);
 
-            $tokens[$key] = $token; // for PHP 4
-        }
-        $context->destroy('CurrentToken');
+			$tokens[$key] = $token; // for PHP 4
+		}
+		$context->destroy('CurrentToken');
 
-        return $tokens;
-    }
+		return $tokens;
+	}
 
 }
 

Braces +6 added lines, -2 removed lines

@@ -19,10 +19,14 @@
 
             // only process tokens that have attributes,
             //   namely start and empty tags
-            if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
+            if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) {
+            	continue;
+            }
 
             // skip tokens that are armored
-            if (!empty($token->armor['ValidateAttributes'])) continue;
+            if (!empty($token->armor['ValidateAttributes'])) {
+            	continue;
+            }
 
             // note that we have no facilities here for removing tokens
             $validator->validateToken($token, $config, $context);