xpressengine / xe-core

classes/security/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php

Indentation +43 added lines, -43 removed lines

@@ -14,51 +14,51 @@
  */
 class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
 {
-    public $name = "SafeParam";
-    private $uri;
+	public $name = "SafeParam";
+	private $uri;
 
-    public function __construct() {
-        $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
-        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
-    }
+	public function __construct() {
+		$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+		$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
+	}
 
-    public function transform($attr, $config, $context) {
-        // If we add support for other objects, we'll need to alter the
-        // transforms.
-        switch ($attr['name']) {
-            // application/x-shockwave-flash
-            // Keep this synchronized with Injector/SafeObject.php
-            case 'allowScriptAccess':
-                $attr['value'] = 'never';
-                break;
-            case 'allowNetworking':
-                $attr['value'] = 'internal';
-                break;
-            case 'allowFullScreen':
-                if ($config->get('HTML.FlashAllowFullScreen')) {
-                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
-                } else {
-                    $attr['value'] = 'false';
-                }
-                break;
-            case 'wmode':
-                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
-                break;
-            case 'movie':
-            case 'src':
-                $attr['name'] = "movie";
-                $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
-                break;
-            case 'flashvars':
-                // we're going to allow arbitrary inputs to the SWF, on
-                // the reasoning that it could only hack the SWF, not us.
-                break;
-            // add other cases to support other param name/value pairs
-            default:
-                $attr['name'] = $attr['value'] = null;
-        }
-        return $attr;
-    }
+	public function transform($attr, $config, $context) {
+		// If we add support for other objects, we'll need to alter the
+		// transforms.
+		switch ($attr['name']) {
+			// application/x-shockwave-flash
+			// Keep this synchronized with Injector/SafeObject.php
+			case 'allowScriptAccess':
+				$attr['value'] = 'never';
+				break;
+			case 'allowNetworking':
+				$attr['value'] = 'internal';
+				break;
+			case 'allowFullScreen':
+				if ($config->get('HTML.FlashAllowFullScreen')) {
+					$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
+				} else {
+					$attr['value'] = 'false';
+				}
+				break;
+			case 'wmode':
+				$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
+				break;
+			case 'movie':
+			case 'src':
+				$attr['name'] = "movie";
+				$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
+				break;
+			case 'flashvars':
+				// we're going to allow arbitrary inputs to the SWF, on
+				// the reasoning that it could only hack the SWF, not us.
+				break;
+			// add other cases to support other param name/value pairs
+			default:
+				$attr['name'] = $attr['value'] = null;
+		}
+		return $attr;
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php

Indentation +6 added lines, -6 removed lines

@@ -5,12 +5,12 @@
  */
 class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
 {
-    public function transform($attr, $config, $context) {
-        if (!isset($attr['type'])) {
-            $attr['type'] = 'text/javascript';
-        }
-        return $attr;
-    }
+	public function transform($attr, $config, $context) {
+		if (!isset($attr['type'])) {
+			$attr['type'] = 'text/javascript';
+		}
+		return $attr;
+	}
 }
 
 // vim: et sw=4 sts=4

classes/security/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php

Indentation +16 added lines, -16 removed lines

@@ -9,29 +9,29 @@
  */
 class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
 {
-    private $parser;
+	private $parser;
 
-    public function __construct() {
-        $this->parser = new HTMLPurifier_URIParser();
-    }
+	public function __construct() {
+		$this->parser = new HTMLPurifier_URIParser();
+	}
 
-    public function transform($attr, $config, $context) {
+	public function transform($attr, $config, $context) {
 
-        if (!isset($attr['href'])) {
-            return $attr;
-        }
+		if (!isset($attr['href'])) {
+			return $attr;
+		}
 
-        // XXX Kind of inefficient
-        $url = $this->parser->parse($attr['href']);
-        $scheme = $url->getSchemeObj($config, $context);
+		// XXX Kind of inefficient
+		$url = $this->parser->parse($attr['href']);
+		$scheme = $url->getSchemeObj($config, $context);
 
-        if ($scheme->browsable && !$url->isBenign($config, $context)) {
-            $attr['target'] = 'blank';
-        }
+		if ($scheme->browsable && !$url->isBenign($config, $context)) {
+			$attr['target'] = 'blank';
+		}
 
-        return $attr;
+		return $attr;
 
-    }
+	}
 
 }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php

Indentation +6 added lines, -6 removed lines

@@ -6,12 +6,12 @@
 class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
 {
 
-    public function transform($attr, $config, $context) {
-        // Calculated from Firefox
-        if (!isset($attr['cols'])) $attr['cols'] = '22';
-        if (!isset($attr['rows'])) $attr['rows'] = '3';
-        return $attr;
-    }
+	public function transform($attr, $config, $context) {
+		// Calculated from Firefox
+		if (!isset($attr['cols'])) $attr['cols'] = '22';
+		if (!isset($attr['rows'])) $attr['rows'] = '3';
+		return $attr;
+	}
 
 }
 

Braces +6 added lines, -2 removed lines

@@ -8,8 +8,12 @@
 
     public function transform($attr, $config, $context) {
         // Calculated from Firefox
-        if (!isset($attr['cols'])) $attr['cols'] = '22';
-        if (!isset($attr['rows'])) $attr['rows'] = '3';
+        if (!isset($attr['cols'])) {
+        	$attr['cols'] = '22';
+        }
+        if (!isset($attr['rows'])) {
+        	$attr['rows'] = '3';
+        }
         return $attr;
     }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrTypes.php

Indentation +68 added lines, -68 removed lines

@@ -5,87 +5,87 @@
  */
 class HTMLPurifier_AttrTypes
 {
-    /**
-     * Lookup array of attribute string identifiers to concrete implementations
-     */
-    protected $info = array();
+	/**
+	 * Lookup array of attribute string identifiers to concrete implementations
+	 */
+	protected $info = array();
 
-    /**
-     * Constructs the info array, supplying default implementations for attribute
-     * types.
-     */
-    public function __construct() {
-        // XXX This is kind of poor, since we don't actually /clone/
-        // instances; instead, we use the supplied make() attribute. So,
-        // the underlying class must know how to deal with arguments.
-        // With the old implementation of Enum, that ignored its
-        // arguments when handling a make dispatch, the IAlign
-        // definition wouldn't work.
+	/**
+	 * Constructs the info array, supplying default implementations for attribute
+	 * types.
+	 */
+	public function __construct() {
+		// XXX This is kind of poor, since we don't actually /clone/
+		// instances; instead, we use the supplied make() attribute. So,
+		// the underlying class must know how to deal with arguments.
+		// With the old implementation of Enum, that ignored its
+		// arguments when handling a make dispatch, the IAlign
+		// definition wouldn't work.
 
-        // pseudo-types, must be instantiated via shorthand
-        $this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
-        $this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
+		// pseudo-types, must be instantiated via shorthand
+		$this->info['Enum']    = new HTMLPurifier_AttrDef_Enum();
+		$this->info['Bool']    = new HTMLPurifier_AttrDef_HTML_Bool();
 
-        $this->info['CDATA']    = new HTMLPurifier_AttrDef_Text();
-        $this->info['ID']       = new HTMLPurifier_AttrDef_HTML_ID();
-        $this->info['Length']   = new HTMLPurifier_AttrDef_HTML_Length();
-        $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
-        $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
-        $this->info['Pixels']   = new HTMLPurifier_AttrDef_HTML_Pixels();
-        $this->info['Text']     = new HTMLPurifier_AttrDef_Text();
-        $this->info['URI']      = new HTMLPurifier_AttrDef_URI();
-        $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
-        $this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
-        $this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
-        $this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
-        $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
+		$this->info['CDATA']    = new HTMLPurifier_AttrDef_Text();
+		$this->info['ID']       = new HTMLPurifier_AttrDef_HTML_ID();
+		$this->info['Length']   = new HTMLPurifier_AttrDef_HTML_Length();
+		$this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
+		$this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
+		$this->info['Pixels']   = new HTMLPurifier_AttrDef_HTML_Pixels();
+		$this->info['Text']     = new HTMLPurifier_AttrDef_Text();
+		$this->info['URI']      = new HTMLPurifier_AttrDef_URI();
+		$this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
+		$this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
+		$this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
+		$this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
+		$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
 
-        // unimplemented aliases
-        $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
-        $this->info['Character'] = new HTMLPurifier_AttrDef_Text();
+		// unimplemented aliases
+		$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
+		$this->info['Character'] = new HTMLPurifier_AttrDef_Text();
 
-        // "proprietary" types
-        $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
+		// "proprietary" types
+		$this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
 
-        // number is really a positive integer (one or more digits)
-        // FIXME: ^^ not always, see start and value of list items
-        $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
-    }
+		// number is really a positive integer (one or more digits)
+		// FIXME: ^^ not always, see start and value of list items
+		$this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
+	}
 
-    private static function makeEnum($in) {
-        return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
-    }
+	private static function makeEnum($in) {
+		return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
+	}
 
-    /**
-     * Retrieves a type
-     * @param $type String type name
-     * @return Object AttrDef for type
-     */
-    public function get($type) {
+	/**
+	 * Retrieves a type
+	 * @param $type String type name
+	 * @return Object AttrDef for type
+	 */
+	public function get($type) {
 
-        // determine if there is any extra info tacked on
-        if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
-        else $string = '';
+		// determine if there is any extra info tacked on
+		if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
+		else $string = '';
 
-        if (!isset($this->info[$type])) {
-            trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
-            return;
-        }
+		if (!isset($this->info[$type])) {
+			trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
+			return;
+		}
 
-        return $this->info[$type]->make($string);
+		return $this->info[$type]->make($string);
 
-    }
+	}
 
-    /**
-     * Sets a new implementation for a type
-     * @param $type String type name
-     * @param $impl Object AttrDef for type
-     */
-    public function set($type, $impl) {
-        $this->info[$type] = $impl;
-    }
+	/**
+	 * Sets a new implementation for a type
+	 * @param $type String type name
+	 * @param $impl Object AttrDef for type
+	 */
+	public function set($type, $impl) {
+		$this->info[$type] = $impl;
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +5 added lines, -2 removed lines

@@ -66,8 +66,11 @@
     public function get($type) {
 
         // determine if there is any extra info tacked on
-        if (strpos($type, '#') !== false) list($type, $string) = explode('#', $type, 2);
-        else $string = '';
+        if (strpos($type, '#') !== false) {
+        	list($type, $string) = explode('#', $type, 2);
+        } else {
+        	$string = '';
+        }
 
         if (!isset($this->info[$type])) {
             trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);

Spacing +2 added lines, -2 removed lines

@@ -51,7 +51,7 @@ 
 
         // number is really a positive integer (one or more digits)
         // FIXME: ^^ not always, see start and value of list items
-        $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
+        $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
     }
 
     private static function makeEnum($in) {
@@ -70,7 +70,7 @@ 
         else $string = '';
 
         if (!isset($this->info[$type])) {
-            trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
+            trigger_error('Cannot retrieve undefined attribute type '.$type, E_USER_ERROR);
             return;
         }
 

classes/security/htmlpurifier/library/HTMLPurifier/AttrValidator.php

Indentation +147 added lines, -147 removed lines

@@ -8,153 +8,153 @@
 class HTMLPurifier_AttrValidator
 {
 
-    /**
-     * Validates the attributes of a token, returning a modified token
-     * that has valid tokens
-     * @param $token Reference to token to validate. We require a reference
-     *     because the operation this class performs on the token are
-     *     not atomic, so the context CurrentToken to be updated
-     *     throughout
-     * @param $config Instance of HTMLPurifier_Config
-     * @param $context Instance of HTMLPurifier_Context
-     */
-    public function validateToken(&$token, &$config, $context) {
-
-        $definition = $config->getHTMLDefinition();
-        $e =& $context->get('ErrorCollector', true);
-
-        // initialize IDAccumulator if necessary
-        $ok =& $context->get('IDAccumulator', true);
-        if (!$ok) {
-            $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
-            $context->register('IDAccumulator', $id_accumulator);
-        }
-
-        // initialize CurrentToken if necessary
-        $current_token =& $context->get('CurrentToken', true);
-        if (!$current_token) $context->register('CurrentToken', $token);
-
-        if (
-            !$token instanceof HTMLPurifier_Token_Start &&
-            !$token instanceof HTMLPurifier_Token_Empty
-        ) return $token;
-
-        // create alias to global definition array, see also $defs
-        // DEFINITION CALL
-        $d_defs = $definition->info_global_attr;
-
-        // don't update token until the very end, to ensure an atomic update
-        $attr = $token->attr;
-
-        // do global transformations (pre)
-        // nothing currently utilizes this
-        foreach ($definition->info_attr_transform_pre as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // do local transformations only applicable to this element (pre)
-        // ex. <p align="right"> to <p style="text-align:right;">
-        foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // create alias to this element's attribute definition array, see
-        // also $d_defs (global attribute definition array)
-        // DEFINITION CALL
-        $defs = $definition->info[$token->name]->attr;
-
-        $attr_key = false;
-        $context->register('CurrentAttr', $attr_key);
-
-        // iterate through all the attribute keypairs
-        // Watch out for name collisions: $key has previously been used
-        foreach ($attr as $attr_key => $value) {
-
-            // call the definition
-            if ( isset($defs[$attr_key]) ) {
-                // there is a local definition defined
-                if ($defs[$attr_key] === false) {
-                    // We've explicitly been told not to allow this element.
-                    // This is usually when there's a global definition
-                    // that must be overridden.
-                    // Theoretically speaking, we could have a
-                    // AttrDef_DenyAll, but this is faster!
-                    $result = false;
-                } else {
-                    // validate according to the element's definition
-                    $result = $defs[$attr_key]->validate(
-                                    $value, $config, $context
-                               );
-                }
-            } elseif ( isset($d_defs[$attr_key]) ) {
-                // there is a global definition defined, validate according
-                // to the global definition
-                $result = $d_defs[$attr_key]->validate(
-                                $value, $config, $context
-                           );
-            } else {
-                // system never heard of the attribute? DELETE!
-                $result = false;
-            }
-
-            // put the results into effect
-            if ($result === false || $result === null) {
-                // this is a generic error message that should replaced
-                // with more specific ones when possible
-                if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
-
-                // remove the attribute
-                unset($attr[$attr_key]);
-            } elseif (is_string($result)) {
-                // generally, if a substitution is happening, there
-                // was some sort of implicit correction going on. We'll
-                // delegate it to the attribute classes to say exactly what.
-
-                // simple substitution
-                $attr[$attr_key] = $result;
-            } else {
-                // nothing happens
-            }
-
-            // we'd also want slightly more complicated substitution
-            // involving an array as the return value,
-            // although we're not sure how colliding attributes would
-            // resolve (certain ones would be completely overriden,
-            // others would prepend themselves).
-        }
-
-        $context->destroy('CurrentAttr');
-
-        // post transforms
-
-        // global (error reporting untested)
-        foreach ($definition->info_attr_transform_post as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        // local (error reporting untested)
-        foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
-            $attr = $transform->transform($o = $attr, $config, $context);
-            if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
-            }
-        }
-
-        $token->attr = $attr;
-
-        // destroy CurrentToken if we made it ourselves
-        if (!$current_token) $context->destroy('CurrentToken');
-
-    }
+	/**
+	 * Validates the attributes of a token, returning a modified token
+	 * that has valid tokens
+	 * @param $token Reference to token to validate. We require a reference
+	 *     because the operation this class performs on the token are
+	 *     not atomic, so the context CurrentToken to be updated
+	 *     throughout
+	 * @param $config Instance of HTMLPurifier_Config
+	 * @param $context Instance of HTMLPurifier_Context
+	 */
+	public function validateToken(&$token, &$config, $context) {
+
+		$definition = $config->getHTMLDefinition();
+		$e =& $context->get('ErrorCollector', true);
+
+		// initialize IDAccumulator if necessary
+		$ok =& $context->get('IDAccumulator', true);
+		if (!$ok) {
+			$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+			$context->register('IDAccumulator', $id_accumulator);
+		}
+
+		// initialize CurrentToken if necessary
+		$current_token =& $context->get('CurrentToken', true);
+		if (!$current_token) $context->register('CurrentToken', $token);
+
+		if (
+			!$token instanceof HTMLPurifier_Token_Start &&
+			!$token instanceof HTMLPurifier_Token_Empty
+		) return $token;
+
+		// create alias to global definition array, see also $defs
+		// DEFINITION CALL
+		$d_defs = $definition->info_global_attr;
+
+		// don't update token until the very end, to ensure an atomic update
+		$attr = $token->attr;
+
+		// do global transformations (pre)
+		// nothing currently utilizes this
+		foreach ($definition->info_attr_transform_pre as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// do local transformations only applicable to this element (pre)
+		// ex. <p align="right"> to <p style="text-align:right;">
+		foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// create alias to this element's attribute definition array, see
+		// also $d_defs (global attribute definition array)
+		// DEFINITION CALL
+		$defs = $definition->info[$token->name]->attr;
+
+		$attr_key = false;
+		$context->register('CurrentAttr', $attr_key);
+
+		// iterate through all the attribute keypairs
+		// Watch out for name collisions: $key has previously been used
+		foreach ($attr as $attr_key => $value) {
+
+			// call the definition
+			if ( isset($defs[$attr_key]) ) {
+				// there is a local definition defined
+				if ($defs[$attr_key] === false) {
+					// We've explicitly been told not to allow this element.
+					// This is usually when there's a global definition
+					// that must be overridden.
+					// Theoretically speaking, we could have a
+					// AttrDef_DenyAll, but this is faster!
+					$result = false;
+				} else {
+					// validate according to the element's definition
+					$result = $defs[$attr_key]->validate(
+									$value, $config, $context
+							   );
+				}
+			} elseif ( isset($d_defs[$attr_key]) ) {
+				// there is a global definition defined, validate according
+				// to the global definition
+				$result = $d_defs[$attr_key]->validate(
+								$value, $config, $context
+						   );
+			} else {
+				// system never heard of the attribute? DELETE!
+				$result = false;
+			}
+
+			// put the results into effect
+			if ($result === false || $result === null) {
+				// this is a generic error message that should replaced
+				// with more specific ones when possible
+				if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
+
+				// remove the attribute
+				unset($attr[$attr_key]);
+			} elseif (is_string($result)) {
+				// generally, if a substitution is happening, there
+				// was some sort of implicit correction going on. We'll
+				// delegate it to the attribute classes to say exactly what.
+
+				// simple substitution
+				$attr[$attr_key] = $result;
+			} else {
+				// nothing happens
+			}
+
+			// we'd also want slightly more complicated substitution
+			// involving an array as the return value,
+			// although we're not sure how colliding attributes would
+			// resolve (certain ones would be completely overriden,
+			// others would prepend themselves).
+		}
+
+		$context->destroy('CurrentAttr');
+
+		// post transforms
+
+		// global (error reporting untested)
+		foreach ($definition->info_attr_transform_post as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		// local (error reporting untested)
+		foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
+			$attr = $transform->transform($o = $attr, $config, $context);
+			if ($e) {
+				if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+			}
+		}
+
+		$token->attr = $attr;
+
+		// destroy CurrentToken if we made it ourselves
+		if (!$current_token) $context->destroy('CurrentToken');
+
+	}
 
 
 }

Spacing +5 added lines, -5 removed lines

@@ -21,17 +21,17 @@ 
     public function validateToken(&$token, &$config, $context) {
 
         $definition = $config->getHTMLDefinition();
-        $e =& $context->get('ErrorCollector', true);
+        $e = & $context->get('ErrorCollector', true);
 
         // initialize IDAccumulator if necessary
-        $ok =& $context->get('IDAccumulator', true);
+        $ok = & $context->get('IDAccumulator', true);
         if (!$ok) {
             $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
             $context->register('IDAccumulator', $id_accumulator);
         }
 
         // initialize CurrentToken if necessary
-        $current_token =& $context->get('CurrentToken', true);
+        $current_token = & $context->get('CurrentToken', true);
         if (!$current_token) $context->register('CurrentToken', $token);
 
         if (
@@ -77,7 +77,7 @@ 
         foreach ($attr as $attr_key => $value) {
 
             // call the definition
-            if ( isset($defs[$attr_key]) ) {
+            if (isset($defs[$attr_key])) {
                 // there is a local definition defined
                 if ($defs[$attr_key] === false) {
                     // We've explicitly been told not to allow this element.
@@ -92,7 +92,7 @@ 
                                     $value, $config, $context
                                );
                 }
-            } elseif ( isset($d_defs[$attr_key]) ) {
+            } elseif (isset($d_defs[$attr_key])) {
                 // there is a global definition defined, validate according
                 // to the global definition
                 $result = $d_defs[$attr_key]->validate(

Braces +24 added lines, -8 removed lines

@@ -32,12 +32,16 @@ 
 
         // initialize CurrentToken if necessary
         $current_token =& $context->get('CurrentToken', true);
-        if (!$current_token) $context->register('CurrentToken', $token);
+        if (!$current_token) {
+        	$context->register('CurrentToken', $token);
+        }
 
         if (
             !$token instanceof HTMLPurifier_Token_Start &&
             !$token instanceof HTMLPurifier_Token_Empty
-        ) return $token;
+        ) {
+        	return $token;
+        }
 
         // create alias to global definition array, see also $defs
         // DEFINITION CALL
@@ -51,7 +55,9 @@ 
         foreach ($definition->info_attr_transform_pre as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -60,7 +66,9 @@ 
         foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -107,7 +115,9 @@ 
             if ($result === false || $result === null) {
                 // this is a generic error message that should replaced
                 // with more specific ones when possible
-                if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
+                if ($e) {
+                	$e->send(E_ERROR, 'AttrValidator: Attribute removed');
+                }
 
                 // remove the attribute
                 unset($attr[$attr_key]);
@@ -137,7 +147,9 @@ 
         foreach ($definition->info_attr_transform_post as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
@@ -145,14 +157,18 @@ 
         foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
             $attr = $transform->transform($o = $attr, $config, $context);
             if ($e) {
-                if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                if ($attr != $o) {
+                	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
             }
         }
 
         $token->attr = $attr;
 
         // destroy CurrentToken if we made it ourselves
-        if (!$current_token) $context->destroy('CurrentToken');
+        if (!$current_token) {
+        	$context->destroy('CurrentToken');
+        }
 
     }
 

classes/security/htmlpurifier/library/HTMLPurifier/Bootstrap.php

Indentation +70 added lines, -70 removed lines

@@ -2,22 +2,22 @@ 
 
 // constants are slow, so we use as few as possible
 if (!defined('HTMLPURIFIER_PREFIX')) {
-    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
+	define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
 }
 
 // accomodations for versions earlier than 5.0.2
 // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
 if (!defined('PHP_EOL')) {
-    switch (strtoupper(substr(PHP_OS, 0, 3))) {
-        case 'WIN':
-            define('PHP_EOL', "\r\n");
-            break;
-        case 'DAR':
-            define('PHP_EOL', "\r");
-            break;
-        default:
-            define('PHP_EOL', "\n");
-    }
+	switch (strtoupper(substr(PHP_OS, 0, 3))) {
+		case 'WIN':
+			define('PHP_EOL', "\r\n");
+			break;
+		case 'DAR':
+			define('PHP_EOL', "\r");
+			break;
+		default:
+			define('PHP_EOL', "\n");
+	}
 }
 
 /**
@@ -30,56 +30,56 @@ 
 class HTMLPurifier_Bootstrap
 {
 
-    /**
-     * Autoload function for HTML Purifier
-     * @param $class Class to load
-     */
-    public static function autoload($class) {
-        $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
-        // Technically speaking, it should be ok and more efficient to
-        // just do 'require', but Antonio Parraga reports that with
-        // Zend extensions such as Zend debugger and APC, this invariant
-        // may be broken.  Since we have efficient alternatives, pay
-        // the cost here and avoid the bug.
-        require_once HTMLPURIFIER_PREFIX . '/' . $file;
-        return true;
-    }
+	/**
+	 * Autoload function for HTML Purifier
+	 * @param $class Class to load
+	 */
+	public static function autoload($class) {
+		$file = HTMLPurifier_Bootstrap::getPath($class);
+		if (!$file) return false;
+		// Technically speaking, it should be ok and more efficient to
+		// just do 'require', but Antonio Parraga reports that with
+		// Zend extensions such as Zend debugger and APC, this invariant
+		// may be broken.  Since we have efficient alternatives, pay
+		// the cost here and avoid the bug.
+		require_once HTMLPURIFIER_PREFIX . '/' . $file;
+		return true;
+	}
 
-    /**
-     * Returns the path for a specific class.
-     */
-    public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
-        // Custom implementations
-        if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
-            $code = str_replace('_', '-', substr($class, 22));
-            $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
-        } else {
-            $file = str_replace('_', '/', $class) . '.php';
-        }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
-        return $file;
-    }
+	/**
+	 * Returns the path for a specific class.
+	 */
+	public static function getPath($class) {
+		if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+		// Custom implementations
+		if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
+			$code = str_replace('_', '-', substr($class, 22));
+			$file = 'HTMLPurifier/Language/classes/' . $code . '.php';
+		} else {
+			$file = str_replace('_', '/', $class) . '.php';
+		}
+		if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+		return $file;
+	}
 
-    /**
-     * "Pre-registers" our autoloader on the SPL stack.
-     */
-    public static function registerAutoload() {
-        $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
-            spl_autoload_register($autoload);
-        } elseif (function_exists('spl_autoload_unregister')) {
-            $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
-            $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
-                      version_compare(PHP_VERSION, '5.1.0', '>=');
-            foreach ($funcs as $func) {
-                if ($buggy && is_array($func)) {
-                    // :TRICKY: There are some compatibility issues and some
-                    // places where we need to error out
-                    $reflector = new ReflectionMethod($func[0], $func[1]);
-                    if (!$reflector->isStatic()) {
-                        throw new Exception('
+	/**
+	 * "Pre-registers" our autoloader on the SPL stack.
+	 */
+	public static function registerAutoload() {
+		$autoload = array('HTMLPurifier_Bootstrap', 'autoload');
+		if ( ($funcs = spl_autoload_functions()) === false ) {
+			spl_autoload_register($autoload);
+		} elseif (function_exists('spl_autoload_unregister')) {
+			$buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
+			$compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
+					  version_compare(PHP_VERSION, '5.1.0', '>=');
+			foreach ($funcs as $func) {
+				if ($buggy && is_array($func)) {
+					// :TRICKY: There are some compatibility issues and some
+					// places where we need to error out
+					$reflector = new ReflectionMethod($func[0], $func[1]);
+					if (!$reflector->isStatic()) {
+						throw new Exception('
                             HTML Purifier autoloader registrar is not compatible
                             with non-static object methods due to PHP Bug #44144;
                             Please do not use HTMLPurifier.autoload.php (or any
@@ -87,17 +87,17 @@ 
                             spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
                             after your own autoloaders.
                         ');
-                    }
-                    // Suprisingly, spl_autoload_register supports the
-                    // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
-                }
-                spl_autoload_unregister($func);
-            }
-            spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
-        }
-    }
+					}
+					// Suprisingly, spl_autoload_register supports the
+					// Class::staticMethod callback format, although call_user_func doesn't
+					if ($compat) $func = implode('::', $func);
+				}
+				spl_autoload_unregister($func);
+			}
+			spl_autoload_register($autoload);
+			foreach ($funcs as $func) spl_autoload_register($func);
+		}
+	}
 
 }
 

Braces +15 added lines, -5 removed lines

@@ -36,7 +36,9 @@ 
      */
     public static function autoload($class) {
         $file = HTMLPurifier_Bootstrap::getPath($class);
-        if (!$file) return false;
+        if (!$file) {
+        	return false;
+        }
         // Technically speaking, it should be ok and more efficient to
         // just do 'require', but Antonio Parraga reports that with
         // Zend extensions such as Zend debugger and APC, this invariant
@@ -50,7 +52,9 @@ 
      * Returns the path for a specific class.
      */
     public static function getPath($class) {
-        if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
+        if (strncmp('HTMLPurifier', $class, 12) !== 0) {
+        	return false;
+        }
         // Custom implementations
         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
             $code = str_replace('_', '-', substr($class, 22));
@@ -58,7 +62,9 @@ 
         } else {
             $file = str_replace('_', '/', $class) . '.php';
         }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
+        	return false;
+        }
         return $file;
     }
 
@@ -90,12 +96,16 @@ 
                     }
                     // Suprisingly, spl_autoload_register supports the
                     // Class::staticMethod callback format, although call_user_func doesn't
-                    if ($compat) $func = implode('::', $func);
+                    if ($compat) {
+                    	$func = implode('::', $func);
+                    }
                 }
                 spl_autoload_unregister($func);
             }
             spl_autoload_register($autoload);
-            foreach ($funcs as $func) spl_autoload_register($func);
+            foreach ($funcs as $func) {
+            	spl_autoload_register($func);
+            }
         }
     }
 

Spacing +6 added lines, -6 removed lines

@@ -2,7 +2,7 @@ 
 
 // constants are slow, so we use as few as possible
 if (!defined('HTMLPURIFIER_PREFIX')) {
-    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
+    define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__).'/..'));
 }
 
 // accomodations for versions earlier than 5.0.2
@@ -42,7 +42,7 @@ 
         // Zend extensions such as Zend debugger and APC, this invariant
         // may be broken.  Since we have efficient alternatives, pay
         // the cost here and avoid the bug.
-        require_once HTMLPURIFIER_PREFIX . '/' . $file;
+        require_once HTMLPURIFIER_PREFIX.'/'.$file;
         return true;
     }
 
@@ -54,11 +54,11 @@ 
         // Custom implementations
         if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
             $code = str_replace('_', '-', substr($class, 22));
-            $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
+            $file = 'HTMLPurifier/Language/classes/'.$code.'.php';
         } else {
-            $file = str_replace('_', '/', $class) . '.php';
+            $file = str_replace('_', '/', $class).'.php';
         }
-        if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
+        if (!file_exists(HTMLPURIFIER_PREFIX.'/'.$file)) return false;
         return $file;
     }
 
@@ -67,7 +67,7 @@ 
      */
     public static function registerAutoload() {
         $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if ( ($funcs = spl_autoload_functions()) === false ) {
+        if (($funcs = spl_autoload_functions()) === false) {
             spl_autoload_register($autoload);
         } elseif (function_exists('spl_autoload_unregister')) {
             $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');

classes/security/htmlpurifier/library/HTMLPurifier/CSSDefinition.php

Indentation +310 added lines, -310 removed lines

@@ -7,316 +7,316 @@
 class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
 {
 
-    public $type = 'CSS';
-
-    /**
-     * Assoc array of attribute name to definition object.
-     */
-    public $info = array();
-
-    /**
-     * Constructs the info array.  The meat of this class.
-     */
-    protected function doSetup($config) {
-
-        $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
-            array('left', 'right', 'center', 'justify'), false);
-
-        $border_style =
-        $this->info['border-bottom-style'] =
-        $this->info['border-right-style'] =
-        $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
-            array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
-            'groove', 'ridge', 'inset', 'outset'), false);
-
-        $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
-
-        $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right', 'both'), false);
-        $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right'), false);
-        $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'italic', 'oblique'), false);
-        $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'small-caps'), false);
-
-        $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
-                new HTMLPurifier_AttrDef_Enum(array('none')),
-                new HTMLPurifier_AttrDef_CSS_URI()
-            )
-        );
-
-        $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
-            array('inside', 'outside'), false);
-        $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
-            array('disc', 'circle', 'square', 'decimal', 'lower-roman',
-            'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
-        $this->info['list-style-image'] = $uri_or_none;
-
-        $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
-
-        $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
-            array('capitalize', 'uppercase', 'lowercase', 'none'), false);
-        $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
-
-        $this->info['background-image'] = $uri_or_none;
-        $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
-            array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
-        );
-        $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
-            array('scroll', 'fixed')
-        );
-        $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
-
-        $border_color =
-        $this->info['border-top-color'] =
-        $this->info['border-bottom-color'] =
-        $this->info['border-left-color'] =
-        $this->info['border-right-color'] =
-        $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('transparent')),
-            new HTMLPurifier_AttrDef_CSS_Color()
-        ));
-
-        $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
-
-        $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
-
-        $border_width =
-        $this->info['border-top-width'] =
-        $this->info['border-bottom-width'] =
-        $this->info['border-left-width'] =
-        $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
-            new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
-        ));
-
-        $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
-
-        $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
-                'small', 'medium', 'large', 'x-large', 'xx-large',
-                'larger', 'smaller')),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_CSS_Length()
-        ));
-
-        $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('normal')),
-            new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $margin =
-        $this->info['margin-top'] =
-        $this->info['margin-bottom'] =
-        $this->info['margin-left'] =
-        $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-
-        $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
-
-        // non-negative
-        $padding =
-        $this->info['padding-top'] =
-        $this->info['padding-bottom'] =
-        $this->info['padding-left'] =
-        $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true)
-        ));
-
-        $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
-
-        $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length('0'),
-            new HTMLPurifier_AttrDef_CSS_Percentage(true),
-            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
-        $max = $config->get('CSS.MaxImgLength');
-
-        $this->info['width'] =
-        $this->info['height'] =
-            $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
-                // For img tags:
-                new HTMLPurifier_AttrDef_CSS_Composite(array(
-                    new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                    new HTMLPurifier_AttrDef_Enum(array('auto'))
-                )),
-                // For everyone else:
-                $trusted_wh
-            );
-
-        $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
-
-        $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
-
-        // this could use specialized code
-        $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
-            '400', '500', '600', '700', '800', '900'), false);
-
-        // MUST be called after other font properties, as it references
-        // a CSSDefinition object
-        $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
-
-        // same here
-        $this->info['border'] =
-        $this->info['border-bottom'] =
-        $this->info['border-top'] =
-        $this->info['border-left'] =
-        $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
-
-        $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
-            'collapse', 'separate'));
-
-        $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
-            'top', 'bottom'));
-
-        $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
-            'auto', 'fixed'));
-
-        $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
-                'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage()
-        ));
-
-        $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
-
-        // partial support
-        $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
-
-        if ($config->get('CSS.Proprietary')) {
-            $this->doSetupProprietary($config);
-        }
-
-        if ($config->get('CSS.AllowTricky')) {
-            $this->doSetupTricky($config);
-        }
-
-        if ($config->get('CSS.Trusted')) {
-            $this->doSetupTrusted($config);
-        }
-
-        $allow_important = $config->get('CSS.AllowImportant');
-        // wrap all attr-defs with decorator that handles !important
-        foreach ($this->info as $k => $v) {
-            $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
-        }
-
-        $this->setupConfigStuff($config);
-    }
-
-    protected function doSetupProprietary($config) {
-        // Internet Explorer only scrollbar colors
-        $this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
-        $this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
-
-        // technically not proprietary, but CSS3, and no one supports it
-        $this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-        $this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
-
-        // only opacity, for now
-        $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
-
-    }
-
-    protected function doSetupTricky($config) {
-        $this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
-            'inline', 'block', 'list-item', 'run-in', 'compact',
-            'marker', 'table', 'inline-table', 'table-row-group',
-            'table-header-group', 'table-footer-group', 'table-row',
-            'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
-        ));
-        $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
-            'visible', 'hidden', 'collapse'
-        ));
-        $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
-    }
-
-    protected function doSetupTrusted($config) {
-        $this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
-            'static', 'relative', 'absolute', 'fixed'
-        ));
-        $this->info['top'] =
-        $this->info['left'] =
-        $this->info['right'] =
-        $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_CSS_Length(),
-            new HTMLPurifier_AttrDef_CSS_Percentage(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-        $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
-            new HTMLPurifier_AttrDef_Integer(),
-            new HTMLPurifier_AttrDef_Enum(array('auto')),
-        ));
-    }
-
-    /**
-     * Performs extra config-based processing. Based off of
-     * HTMLPurifier_HTMLDefinition.
-     * @todo Refactor duplicate elements into common class (probably using
-     *       composition, not inheritance).
-     */
-    protected function setupConfigStuff($config) {
-
-        // setup allowed elements
-        $support = "(for information on implementing this, see the ".
-                   "support forums) ";
-        $allowed_properties = $config->get('CSS.AllowedProperties');
-        if ($allowed_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
-                unset($allowed_properties[$name]);
-            }
-            // emit errors
-            foreach ($allowed_properties as $name => $d) {
-                // :TODO: Is this htmlspecialchars() call really necessary?
-                $name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
-                trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
-            }
-        }
-
-        $forbidden_properties = $config->get('CSS.ForbiddenProperties');
-        if ($forbidden_properties !== null) {
-            foreach ($this->info as $name => $d) {
-                if (isset($forbidden_properties[$name])) {
-                    unset($this->info[$name]);
-                }
-            }
-        }
-
-    }
+	public $type = 'CSS';
+
+	/**
+	 * Assoc array of attribute name to definition object.
+	 */
+	public $info = array();
+
+	/**
+	 * Constructs the info array.  The meat of this class.
+	 */
+	protected function doSetup($config) {
+
+		$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
+			array('left', 'right', 'center', 'justify'), false);
+
+		$border_style =
+		$this->info['border-bottom-style'] =
+		$this->info['border-right-style'] =
+		$this->info['border-left-style'] =
+		$this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+			array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
+			'groove', 'ridge', 'inset', 'outset'), false);
+
+		$this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
+
+		$this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right', 'both'), false);
+		$this->info['float'] = new HTMLPurifier_AttrDef_Enum(
+			array('none', 'left', 'right'), false);
+		$this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'italic', 'oblique'), false);
+		$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'small-caps'), false);
+
+		$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
+			array(
+				new HTMLPurifier_AttrDef_Enum(array('none')),
+				new HTMLPurifier_AttrDef_CSS_URI()
+			)
+		);
+
+		$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
+			array('inside', 'outside'), false);
+		$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
+			array('disc', 'circle', 'square', 'decimal', 'lower-roman',
+			'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
+		$this->info['list-style-image'] = $uri_or_none;
+
+		$this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
+
+		$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
+			array('capitalize', 'uppercase', 'lowercase', 'none'), false);
+		$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
+
+		$this->info['background-image'] = $uri_or_none;
+		$this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
+			array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
+		);
+		$this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
+			array('scroll', 'fixed')
+		);
+		$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
+
+		$border_color =
+		$this->info['border-top-color'] =
+		$this->info['border-bottom-color'] =
+		$this->info['border-left-color'] =
+		$this->info['border-right-color'] =
+		$this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('transparent')),
+			new HTMLPurifier_AttrDef_CSS_Color()
+		));
+
+		$this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
+
+		$this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
+
+		$border_width =
+		$this->info['border-top-width'] =
+		$this->info['border-bottom-width'] =
+		$this->info['border-left-width'] =
+		$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
+			new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
+		));
+
+		$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
+
+		$this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
+				'small', 'medium', 'large', 'x-large', 'xx-large',
+				'larger', 'smaller')),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_CSS_Length()
+		));
+
+		$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('normal')),
+			new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$margin =
+		$this->info['margin-top'] =
+		$this->info['margin-bottom'] =
+		$this->info['margin-left'] =
+		$this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+
+		$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
+
+		// non-negative
+		$padding =
+		$this->info['padding-top'] =
+		$this->info['padding-bottom'] =
+		$this->info['padding-left'] =
+		$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true)
+		));
+
+		$this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
+
+		$this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length('0'),
+			new HTMLPurifier_AttrDef_CSS_Percentage(true),
+			new HTMLPurifier_AttrDef_Enum(array('auto'))
+		));
+		$max = $config->get('CSS.MaxImgLength');
+
+		$this->info['width'] =
+		$this->info['height'] =
+			$max === null ?
+			$trusted_wh :
+			new HTMLPurifier_AttrDef_Switch('img',
+				// For img tags:
+				new HTMLPurifier_AttrDef_CSS_Composite(array(
+					new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+					new HTMLPurifier_AttrDef_Enum(array('auto'))
+				)),
+				// For everyone else:
+				$trusted_wh
+			);
+
+		$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
+
+		$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
+
+		// this could use specialized code
+		$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
+			array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
+			'400', '500', '600', '700', '800', '900'), false);
+
+		// MUST be called after other font properties, as it references
+		// a CSSDefinition object
+		$this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
+
+		// same here
+		$this->info['border'] =
+		$this->info['border-bottom'] =
+		$this->info['border-top'] =
+		$this->info['border-left'] =
+		$this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
+
+		$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
+			'collapse', 'separate'));
+
+		$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
+			'top', 'bottom'));
+
+		$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
+			'auto', 'fixed'));
+
+		$this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
+				'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
+
+		// partial support
+		$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
+
+		if ($config->get('CSS.Proprietary')) {
+			$this->doSetupProprietary($config);
+		}
+
+		if ($config->get('CSS.AllowTricky')) {
+			$this->doSetupTricky($config);
+		}
+
+		if ($config->get('CSS.Trusted')) {
+			$this->doSetupTrusted($config);
+		}
+
+		$allow_important = $config->get('CSS.AllowImportant');
+		// wrap all attr-defs with decorator that handles !important
+		foreach ($this->info as $k => $v) {
+			$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
+		}
+
+		$this->setupConfigStuff($config);
+	}
+
+	protected function doSetupProprietary($config) {
+		// Internet Explorer only scrollbar colors
+		$this->info['scrollbar-arrow-color']        = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-base-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-darkshadow-color']   = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-face-color']         = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-highlight-color']    = new HTMLPurifier_AttrDef_CSS_Color();
+		$this->info['scrollbar-shadow-color']       = new HTMLPurifier_AttrDef_CSS_Color();
+
+		// technically not proprietary, but CSS3, and no one supports it
+		$this->info['opacity']          = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-moz-opacity']     = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+		$this->info['-khtml-opacity']   = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+
+		// only opacity, for now
+		$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
+
+	}
+
+	protected function doSetupTricky($config) {
+		$this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
+			'inline', 'block', 'list-item', 'run-in', 'compact',
+			'marker', 'table', 'inline-table', 'table-row-group',
+			'table-header-group', 'table-footer-group', 'table-row',
+			'table-column-group', 'table-column', 'table-cell', 'table-caption', 'none'
+		));
+		$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
+			'visible', 'hidden', 'collapse'
+		));
+		$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
+	}
+
+	protected function doSetupTrusted($config) {
+		$this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
+			'static', 'relative', 'absolute', 'fixed'
+		));
+		$this->info['top'] =
+		$this->info['left'] =
+		$this->info['right'] =
+		$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+		$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_Integer(),
+			new HTMLPurifier_AttrDef_Enum(array('auto')),
+		));
+	}
+
+	/**
+	 * Performs extra config-based processing. Based off of
+	 * HTMLPurifier_HTMLDefinition.
+	 * @todo Refactor duplicate elements into common class (probably using
+	 *       composition, not inheritance).
+	 */
+	protected function setupConfigStuff($config) {
+
+		// setup allowed elements
+		$support = "(for information on implementing this, see the ".
+				   "support forums) ";
+		$allowed_properties = $config->get('CSS.AllowedProperties');
+		if ($allowed_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+				unset($allowed_properties[$name]);
+			}
+			// emit errors
+			foreach ($allowed_properties as $name => $d) {
+				// :TODO: Is this htmlspecialchars() call really necessary?
+				$name = htmlspecialchars($name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+				trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
+			}
+		}
+
+		$forbidden_properties = $config->get('CSS.ForbiddenProperties');
+		if ($forbidden_properties !== null) {
+			foreach ($this->info as $name => $d) {
+				if (isset($forbidden_properties[$name])) {
+					unset($this->info[$name]);
+				}
+			}
+		}
+
+	}
 }
 
 // vim: et sw=4 sts=4

Braces +3 added lines, -1 removed lines

@@ -296,7 +296,9 @@
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if(!isset($allowed_properties[$name])) {
+                	unset($this->info[$name]);
+                }
                 unset($allowed_properties[$name]);
             }
             // emit errors

Spacing +3 added lines, -4 removed lines

@@ -26,7 +26,7 @@ 
         $this->info['border-bottom-style'] =
         $this->info['border-right-style'] =
         $this->info['border-left-style'] =
-        $this->info['border-top-style'] =  new HTMLPurifier_AttrDef_Enum(
+        $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
             array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
             'groove', 'ridge', 'inset', 'outset'), false);
 
@@ -159,8 +159,7 @@ 
         $this->info['width'] =
         $this->info['height'] =
             $max === null ?
-            $trusted_wh :
-            new HTMLPurifier_AttrDef_Switch('img',
+            $trusted_wh : new HTMLPurifier_AttrDef_Switch('img',
                 // For img tags:
                 new HTMLPurifier_AttrDef_CSS_Composite(array(
                     new HTMLPurifier_AttrDef_CSS_Length('0', $max),
@@ -296,7 +295,7 @@ 
         $allowed_properties = $config->get('CSS.AllowedProperties');
         if ($allowed_properties !== null) {
             foreach ($this->info as $name => $d) {
-                if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+                if (!isset($allowed_properties[$name])) unset($this->info[$name]);
                 unset($allowed_properties[$name]);
             }
             // emit errors

classes/security/htmlpurifier/library/HTMLPurifier/ChildDef.php

Indentation +34 added lines, -34 removed lines

@@ -5,44 +5,44 @@
  */
 abstract class HTMLPurifier_ChildDef
 {
-    /**
-     * Type of child definition, usually right-most part of class name lowercase.
-     * Used occasionally in terms of context.
-     */
-    public $type;
+	/**
+	 * Type of child definition, usually right-most part of class name lowercase.
+	 * Used occasionally in terms of context.
+	 */
+	public $type;
 
-    /**
-     * Bool that indicates whether or not an empty array of children is okay
-     *
-     * This is necessary for redundant checking when changes affecting
-     * a child node may cause a parent node to now be disallowed.
-     */
-    public $allow_empty;
+	/**
+	 * Bool that indicates whether or not an empty array of children is okay
+	 *
+	 * This is necessary for redundant checking when changes affecting
+	 * a child node may cause a parent node to now be disallowed.
+	 */
+	public $allow_empty;
 
-    /**
-     * Lookup array of all elements that this definition could possibly allow
-     */
-    public $elements = array();
+	/**
+	 * Lookup array of all elements that this definition could possibly allow
+	 */
+	public $elements = array();
 
-    /**
-     * Get lookup of tag names that should not close this element automatically.
-     * All other elements will do so.
-     */
-    public function getAllowedElements($config) {
-        return $this->elements;
-    }
+	/**
+	 * Get lookup of tag names that should not close this element automatically.
+	 * All other elements will do so.
+	 */
+	public function getAllowedElements($config) {
+		return $this->elements;
+	}
 
-    /**
-     * Validates nodes according to definition and returns modification.
-     *
-     * @param $tokens_of_children Array of HTMLPurifier_Token
-     * @param $config HTMLPurifier_Config object
-     * @param $context HTMLPurifier_Context object
-     * @return bool true to leave nodes as is
-     * @return bool false to remove parent node
-     * @return array of replacement child tokens
-     */
-    abstract public function validateChildren($tokens_of_children, $config, $context);
+	/**
+	 * Validates nodes according to definition and returns modification.
+	 *
+	 * @param $tokens_of_children Array of HTMLPurifier_Token
+	 * @param $config HTMLPurifier_Config object
+	 * @param $context HTMLPurifier_Context object
+	 * @return bool true to leave nodes as is
+	 * @return bool false to remove parent node
+	 * @return array of replacement child tokens
+	 */
+	abstract public function validateChildren($tokens_of_children, $config, $context);
 }
 
 // vim: et sw=4 sts=4