[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [11090] HTMLPurifier update to 4.5.0 from upstream
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [11090] HTMLPurifier update to 4.5.0 from upstream |
Date: |
Mon, 06 May 2013 06:58:53 +0000 |
Revision: 11090
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=11090
Author: sigurdne
Date: 2013-05-06 06:58:50 +0000 (Mon, 06 May 2013)
Log Message:
-----------
HTMLPurifier update to 4.5.0 from upstream
Modified Paths:
--------------
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrCollections.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Text.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTypes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrValidator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Bootstrap.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/CSSDefinition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Required.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Table.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Config.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ContentSets.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Context.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Definition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Doctype.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DoctypeRegistry.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ElementDef.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Encoder.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/EntityLookup.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/EntityParser.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ErrorCollector.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Exception.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Filter/YouTube.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Filter.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Generator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLDefinition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Image.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/List.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Object.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Target.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Text.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModuleManager.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/IDAccumulator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/Linkify.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Language/messages/en.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Language.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/LanguageFactory.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Lexer/PH5P.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Lexer.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/PercentEncoder.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer/CSSDefinition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer/ConfigForm.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer/HTMLDefinition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Printer.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/Composite.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/Core.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/FixNesting.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/MakeWellFormed.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Strategy.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/StringHash.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/StringHashParser.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/TagTransform/Font.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/TagTransform/Simple.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/TagTransform.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/Comment.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/Empty.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/End.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/Start.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/Tag.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token/Text.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Token.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/TokenFactory.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URI.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIDefinition.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/MakeAbsolute.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIParser.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/ftp.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/http.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/https.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/mailto.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/news.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/nntp.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URISchemeRegistry.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/VarParser/Native.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/VarParser.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/VarParserException.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.auto.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.autoload.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.func.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.includes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.kses.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.path.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.safe-includes.php
Added Paths:
-----------
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/List.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ErrorStruct.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Name.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/TargetBlank.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Length.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/PropertyList.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/PropertyListIterator.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/DisableResources.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/Munge.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/data.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/URIScheme/file.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/UnitConverter.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier.composer.php
Removed Paths:
-------------
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigDef/Directive.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigDef/DirectiveAlias.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigDef/Namespace.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigDef.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Namespace.php
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.PurifierLinkifyDocURL.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksEscaping.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksScope.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksTidyImpl.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.txt
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Lexer/PEARSax3.php
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrCollections.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrCollections.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrCollections.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,12 +6,12 @@
class HTMLPurifier_AttrCollections
{
-
+
/**
* Associative array of attribute collections, indexed by name
*/
public $info = array();
-
+
/**
* Performs all expansions on internal data for use by other inclusions
* It also collects all attribute collection extensions from
@@ -45,7 +45,7 @@
$this->expandIdentifiers($this->info[$name], $attr_types);
}
}
-
+
/**
* Takes a reference to an attribute associative array and performs
* all inclusions specified by the zero index.
@@ -72,7 +72,7 @@
}
unset($attr[0]);
}
-
+
/**
* Expands all string identifiers in an attribute array by replacing
* them with the appropriate values inside HTMLPurifier_AttrTypes
@@ -80,17 +80,17 @@
* @param $attr_types HTMLPurifier_AttrTypes instance
*/
public function expandIdentifiers(&$attr, $attr_types) {
-
+
// because foreach will process new elements we add, make sure we
// skip duplicates
$processed = array();
-
+
foreach ($attr as $def_i => $def) {
// skip inclusions
if ($def_i === 0) continue;
-
+
if (isset($processed[$def_i])) continue;
-
+
// determine whether or not attribute is required
if ($required = (strpos($def_i, '*') !== false)) {
// rename the definition
@@ -98,21 +98,21 @@
$def_i = trim($def_i, '*');
$attr[$def_i] = $def;
}
-
+
$processed[$def_i] = true;
-
+
// if we've already got a literal object, move on
if (is_object($def)) {
// preserve previous required
$attr[$def_i]->required = ($required ||
$attr[$def_i]->required);
continue;
}
-
+
if ($def === false) {
unset($attr[$def_i]);
continue;
}
-
+
if ($t = $attr_types->get($def)) {
$attr[$def_i] = $t;
$attr[$def_i]->required = $required;
@@ -120,8 +120,9 @@
unset($attr[$def_i]);
}
}
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,11 +2,11 @@
class HTMLPurifier_AttrDef_CSS_AlphaValue extends
HTMLPurifier_AttrDef_CSS_Number
{
-
+
public function __construct() {
parent::__construct(false); // opacity is non-negative, but we will
clamp it
}
-
+
public function validate($number, $config, $context) {
$result = parent::validate($number, $config, $context);
if ($result === false) return $result;
@@ -15,5 +15,7 @@
if ($float > 1.0) $result = '1';
return $result;
}
-
+
}
+
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,13 +6,13 @@
*/
class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of component validators.
* @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
*/
protected $info;
-
+
public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['background-color'] = $def->info['background-color'];
@@ -21,29 +21,29 @@
$this->info['background-attachment'] =
$def->info['background-attachment'];
$this->info['background-position'] = $def->info['background-position'];
}
-
+
public function validate($string, $config, $context) {
-
+
// regular pre-processing
$string = $this->parseCDATA($string);
if ($string === '') return false;
-
+
// munge rgb() decl if necessary
$string = $this->mungeRgb($string);
-
+
// assumes URI doesn't have spaces in it
- $bits = explode(' ', strtolower($string)); // bits to process
-
+ $bits = explode(' ', $string); // bits to process
+
$caught = array();
$caught['color'] = false;
$caught['image'] = false;
$caught['repeat'] = false;
$caught['attachment'] = false;
$caught['position'] = false;
-
+
$i = 0; // number of catches
$none = false;
-
+
foreach ($bits as $bit) {
if ($bit === '') continue;
foreach ($caught as $key => $status) {
@@ -64,23 +64,24 @@
break;
}
}
-
+
if (!$i) return false;
if ($caught['position'] !== false) {
$caught['position'] = $this->info['background-position']->
validate($caught['position'], $config, $context);
}
-
+
$ret = array();
foreach ($caught as $value) {
if ($value === false) continue;
$ret[] = $value;
}
-
+
if (empty($ret)) return false;
return implode(' ', $ret);
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
===================================================================
---
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
2013-05-05 13:56:35 UTC (rev 11089)
+++
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,7 +7,7 @@
[
<percentage> | <length> | left | center | right
]
- [
+ [
<percentage> | <length> | top | center | bottom
]?
] |
@@ -28,10 +28,10 @@
/* QuirksMode says:
keyword + length/percentage must be ordered correctly, as per W3C
-
+
Internet Explorer and Opera, however, support arbitrary ordering. We
should fix it up.
-
+
Minor issue though, not strictly necessary.
*/
@@ -43,27 +43,28 @@
*/
class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
{
-
+
protected $length;
protected $percentage;
-
+
public function __construct() {
$this->length = new HTMLPurifier_AttrDef_CSS_Length();
$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
}
-
+
public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
$bits = explode(' ', $string);
-
+
$keywords = array();
$keywords['h'] = false; // left, right
$keywords['v'] = false; // top, bottom
- $keywords['c'] = false; // center
+ $keywords['ch'] = false; // center (first word)
+ $keywords['cv'] = false; // center (second word)
$measures = array();
-
+
$i = 0;
-
+
$lookup = array(
'top' => 'v',
'bottom' => 'v',
@@ -71,55 +72,62 @@
'right' => 'h',
'center' => 'c'
);
-
+
foreach ($bits as $bit) {
if ($bit === '') continue;
-
+
// test for keyword
$lbit = ctype_lower($bit) ? $bit : strtolower($bit);
if (isset($lookup[$lbit])) {
$status = $lookup[$lbit];
+ if ($status == 'c') {
+ if ($i == 0) {
+ $status = 'ch';
+ } else {
+ $status = 'cv';
+ }
+ }
$keywords[$status] = $lbit;
$i++;
}
-
+
// test for length
$r = $this->length->validate($bit, $config, $context);
if ($r !== false) {
$measures[] = $r;
$i++;
}
-
+
// test for percentage
$r = $this->percentage->validate($bit, $config, $context);
if ($r !== false) {
$measures[] = $r;
$i++;
}
-
+
}
-
+
if (!$i) return false; // no valid values were caught
-
-
+
$ret = array();
-
+
// first keyword
if ($keywords['h']) $ret[] = $keywords['h'];
+ elseif ($keywords['ch']) {
+ $ret[] = $keywords['ch'];
+ $keywords['cv'] = false; // prevent re-use: center = center center
+ }
elseif (count($measures)) $ret[] = array_shift($measures);
- elseif ($keywords['c']) {
- $ret[] = $keywords['c'];
- $keywords['c'] = false; // prevent re-use: center = center center
- }
-
+
if ($keywords['v']) $ret[] = $keywords['v'];
+ elseif ($keywords['cv']) $ret[] = $keywords['cv'];
elseif (count($measures)) $ret[] = array_shift($measures);
- elseif ($keywords['c']) $ret[] = $keywords['c'];
-
+
if (empty($ret)) return false;
return implode(' ', $ret);
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,19 +5,19 @@
*/
class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of properties this property is shorthand for.
*/
protected $info = array();
-
+
public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['border-width'] = $def->info['border-width'];
$this->info['border-style'] = $def->info['border-style'];
$this->info['border-top-color'] = $def->info['border-top-color'];
}
-
+
public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
$string = $this->mungeRgb($string);
@@ -37,6 +37,7 @@
}
return rtrim($ret);
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,18 +5,18 @@
*/
class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
{
-
+
public function validate($color, $config, $context) {
-
+
static $colors = null;
- if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
-
+ if ($colors === null) $colors = $config->get('Core.ColorKeywords');
+
$color = trim($color);
if ($color === '') return false;
-
+
$lower = strtolower($color);
if (isset($colors[$lower])) return $colors[$lower];
-
+
if (strpos($color, 'rgb(') !== false) {
// rgb literal handling
$length = strlen($color);
@@ -68,10 +68,11 @@
if ($length !== 3 && $length !== 6) return false;
if (!ctype_xdigit($hex)) return false;
}
-
+
return $color;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,7 +2,7 @@
/**
* Allows multiple validators to attempt to validate attribute.
- *
+ *
* Composite is just what it sounds like: a composite of many validators.
* This means that multiple HTMLPurifier_AttrDef objects will have a whack
* at the string. If one of them passes, that's what is returned. This is
@@ -11,20 +11,20 @@
*/
class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
{
-
+
/**
* List of HTMLPurifier_AttrDef objects that may process strings
* @todo Make protected
*/
public $defs;
-
+
/**
* @param $defs List of HTMLPurifier_AttrDef objects
*/
public function __construct($defs) {
$this->defs = $defs;
}
-
+
public function validate($string, $config, $context) {
foreach ($this->defs as $i => $def) {
$result = $this->defs[$i]->validate($string, $config, $context);
@@ -32,6 +32,7 @@
}
return false;
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
===================================================================
---
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
2013-05-05 13:56:35 UTC (rev 11089)
+++
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,8 +5,8 @@
*/
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends
HTMLPurifier_AttrDef
{
- protected $def, $element;
-
+ public $def, $element;
+
/**
* @param $def Definition to wrap
* @param $element Element to deny
@@ -24,3 +24,5 @@
return $this->def->validate($string, $config, $context);
}
}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,13 +7,13 @@
*/
class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
{
-
+
protected $intValidator;
-
+
public function __construct() {
$this->intValidator = new HTMLPurifier_AttrDef_Integer();
}
-
+
public function validate($value, $config, $context) {
$value = $this->parseCDATA($value);
if ($value === 'none') return $value;
@@ -48,5 +48,7 @@
$ret_function = "$function($ret_parameters)";
return $ret_function;
}
-
+
}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,17 +5,17 @@
*/
class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of component validators.
- *
+ *
* @note If we moved specific CSS property definitions to their own
* classes instead of having them be assembled at run time by
* CSSDefinition, this wouldn't be necessary. We'd instantiate
* our own copies.
*/
protected $info = array();
-
+
public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['font-style'] = $def->info['font-style'];
@@ -25,9 +25,9 @@
$this->info['line-height'] = $def->info['line-height'];
$this->info['font-family'] = $def->info['font-family'];
}
-
+
public function validate($string, $config, $context) {
-
+
static $system_fonts = array(
'caption' => true,
'icon' => true,
@@ -36,27 +36,27 @@
'small-caption' => true,
'status-bar' => true
);
-
+
// regular pre-processing
$string = $this->parseCDATA($string);
if ($string === '') return false;
-
+
// check if it's one of the keywords
$lowercase_string = strtolower($string);
if (isset($system_fonts[$lowercase_string])) {
return $lowercase_string;
}
-
+
$bits = explode(' ', $string); // bits to process
$stage = 0; // this indicates what we're looking for
$caught = array(); // which stage 0 properties have we caught?
$stage_1 = array('font-style', 'font-variant', 'font-weight');
$final = ''; // output
-
+
for ($i = 0, $size = count($bits); $i < $size; $i++) {
if ($bits[$i] === '') continue;
switch ($stage) {
-
+
// attempting to catch font-style, font-variant or font-weight
case 0:
foreach ($stage_1 as $validator_name) {
@@ -72,7 +72,7 @@
// all three caught, continue on
if (count($caught) >= 3) $stage = 1;
if ($r !== false) break;
-
+
// attempting to catch font-size and perhaps line-height
case 1:
$found_slash = false;
@@ -126,7 +126,7 @@
break;
}
return false;
-
+
// attempting to catch font-family
case 2:
$font_family =
@@ -143,6 +143,7 @@
}
return false;
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,11 +2,43 @@
/**
* Validates a font family list according to CSS spec
- * @todo whitelisting allowed fonts would be nice
*/
class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
{
-
+
+ protected $mask = null;
+
+ public function __construct() {
+ $this->mask = '_- ';
+ for ($c = 'a'; $c <= 'z'; $c++) $this->mask .= $c;
+ for ($c = 'A'; $c <= 'Z'; $c++) $this->mask .= $c;
+ for ($c = '0'; $c <= '9'; $c++) $this->mask .= $c; // cast-y, but
should be fine
+ // special bytes used by UTF-8
+ for ($i = 0x80; $i <= 0xFF; $i++) {
+ // We don't bother excluding invalid bytes in this range,
+ // because the our restriction of well-formed UTF-8 will
+ // prevent these from ever occurring.
+ $this->mask .= chr($i);
+ }
+
+ /*
+ PHP's internal strcspn implementation is
+ O(length of string * length of mask), making it inefficient
+ for large masks. However, it's still faster than
+ preg_match 8)
+ for (p = s1;;) {
+ spanp = s2;
+ do {
+ if (*spanp == c || p == s1_end) {
+ return p - s1;
+ }
+ } while (spanp++ < (s2_end - 1));
+ c = *++p;
+ }
+ */
+ // possible optimization: invert the mask.
+ }
+
public function validate($string, $config, $context) {
static $generic_names = array(
'serif' => true,
@@ -15,8 +47,8 @@
'fantasy' => true,
'cursive' => true
);
-
- $string = $this->parseCDATA($string);
+ $allowed_fonts = $config->get('CSS.AllowedFonts');
+
// assume that no font names contain commas in them
$fonts = explode(',', $string);
$final = '';
@@ -25,7 +57,9 @@
if ($font === '') continue;
// match a generic name
if (isset($generic_names[$font])) {
- $final .= $font . ', ';
+ if ($allowed_fonts === null || isset($allowed_fonts[$font])) {
+ $final .= $font . ', ';
+ }
continue;
}
// match a quoted name
@@ -35,29 +69,129 @@
$quote = $font[0];
if ($font[$length - 1] !== $quote) continue;
$font = substr($font, 1, $length - 2);
- // double-backslash processing is buggy
- $font = str_replace("\\$quote", $quote, $font); // de-escape
quote
- $font = str_replace("\\\n", "\n", $font); // de-escape
newlines
}
+
+ $font = $this->expandCSSEscape($font);
+
// $font is a pure representation of the font name
-
- if (ctype_alnum($font)) {
+
+ if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) {
+ continue;
+ }
+
+ if (ctype_alnum($font) && $font !== '') {
// very simple font, allow it in unharmed
$final .= $font . ', ';
continue;
}
-
- // complicated font, requires quoting
-
- // armor single quotes and new lines
- $font = str_replace("'", "\\'", $font);
- $font = str_replace("\n", "\\\n", $font);
+
+ // bugger out on whitespace. form feed (0C) really
+ // shouldn't show up regardless
+ $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font);
+
+ // Here, there are various classes of characters which need
+ // to be treated differently:
+ // - Alphanumeric characters are essentially safe. We
+ // handled these above.
+ // - Spaces require quoting, though most parsers will do
+ // the right thing if there aren't any characters that
+ // can be misinterpreted
+ // - Dashes rarely occur, but they fairly unproblematic
+ // for parsing/rendering purposes.
+ // The above characters cover the majority of Western font
+ // names.
+ // - Arbitrary Unicode characters not in ASCII. Because
+ // most parsers give little thought to Unicode, treatment
+ // of these codepoints is basically uniform, even for
+ // punctuation-like codepoints. These characters can
+ // show up in non-Western pages and are supported by most
+ // major browsers, for example: "MS 明朝" is a
+ // legitimate font-name
+ // <http://ja.wikipedia.org/wiki/MS_明朝>. See
+ // the CSS3 spec for more examples:
+ //
<http://www.w3.org/TR/2011/WD-css3-fonts-20110324/localizedfamilynames.png>
+ // You can see live samples of these on the Internet:
+ // <http://www.google.co.jp/search?q=font-family+MS+明朝|ゴシック>
+ // However, most of these fonts have ASCII equivalents:
+ // for example, 'MS Mincho', and it's considered
+ // professional to use ASCII font names instead of
+ // Unicode font names. Thanks Takeshi Terada for
+ // providing this information.
+ // The following characters, to my knowledge, have not been
+ // used to name font names.
+ // - Single quote. While theoretically you might find a
+ // font name that has a single quote in its name (serving
+ // as an apostrophe, e.g. Dave's Scribble), I haven't
+ // been able to find any actual examples of this.
+ // Internet Explorer's cssText translation (which I
+ // believe is invoked by innerHTML) normalizes any
+ // quoting to single quotes, and fails to escape single
+ // quotes. (Note that this is not IE's behavior for all
+ // CSS properties, just some sort of special casing for
+ // font-family). So a single quote *cannot* be used
+ // safely in the font-family context if there will be an
+ // innerHTML/cssText translation. Note that Firefox 3.x
+ // does this too.
+ // - Double quote. In IE, these get normalized to
+ // single-quotes, no matter what the encoding. (Fun
+ // fact, in IE8, the 'content' CSS property gained
+ // support, where they special cased to preserve encoded
+ // double quotes, but still translate unadorned double
+ // quotes into single quotes.) So, because their
+ // fixpoint behavior is identical to single quotes, they
+ // cannot be allowed either. Firefox 3.x displays
+ // single-quote style behavior.
+ // - Backslashes are reduced by one (so \\ -> \) every
+ // iteration, so they cannot be used safely. This shows
+ // up in IE7, IE8 and FF3
+ // - Semicolons, commas and backticks are handled properly.
+ // - The rest of the ASCII punctuation is handled properly.
+ // We haven't checked what browsers do to unadorned
+ // versions, but this is not important as long as the
+ // browser doesn't /remove/ surrounding quotes (as IE does
+ // for HTML).
+ //
+ // With these results in hand, we conclude that there are
+ // various levels of safety:
+ // - Paranoid: alphanumeric, spaces and dashes(?)
+ // - International: Paranoid + non-ASCII Unicode
+ // - Edgy: Everything except quotes, backslashes
+ // - NoJS: Standards compliance, e.g. sod IE. Note that
+ // with some judicious character escaping (since certain
+ // types of escaping doesn't work) this is theoretically
+ // OK as long as innerHTML/cssText is not called.
+ // We believe that international is a reasonable default
+ // (that we will implement now), and once we do more
+ // extensive research, we may feel comfortable with dropping
+ // it down to edgy.
+
+ // Edgy: alphanumeric, spaces, dashes, underscores and Unicode.
Use of
+ // str(c)spn assumes that the string was already well formed
+ // Unicode (which of course it is).
+ if (strspn($font, $this->mask) !== strlen($font)) {
+ continue;
+ }
+
+ // Historical:
+ // In the absence of innerHTML/cssText, these ugly
+ // transforms don't pose a security risk (as \\ and \"
+ // might--these escapes are not supported by most browsers).
+ // We could try to be clever and use single-quote wrapping
+ // when there is a double quote present, but I have choosen
+ // not to implement that. (NOTE: you can reduce the amount
+ // of escapes by one depending on what quoting style you use)
+ // $font = str_replace('\\', '\\5C ', $font);
+ // $font = str_replace('"', '\\22 ', $font);
+ // $font = str_replace("'", '\\27 ', $font);
+
+ // font possibly with spaces, requires quoting
$final .= "'$font', ";
}
$final = rtrim($final, ', ');
if ($final === '') return false;
return $final;
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * Validates based on {ident} CSS grammar production
+ */
+class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef
+{
+
+ public function validate($string, $config, $context) {
+
+ $string = trim($string);
+
+ // early abort: '' and '0' (strings that convert to false) are invalid
+ if (!$string) return false;
+
+ $pattern = '/^(-?[A-Za-z_][A-Za-z_\-0-9]*)$/';
+ if (!preg_match($pattern, $string)) return false;
+ return $string;
+
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
===================================================================
---
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
2013-05-05 13:56:35 UTC (rev 11089)
+++
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,8 +5,8 @@
*/
class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
{
- protected $def, $allow;
-
+ public $def, $allow;
+
/**
* @param $def Definition to wrap
* @param $allow Whether or not to allow !important
@@ -36,3 +36,5 @@
return $string;
}
}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,48 +5,43 @@
*/
class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
{
-
+
+ protected $min, $max;
+
/**
- * Valid unit lookup table.
- * @warning The code assumes all units are two characters long. Be careful
- * if we have to change this behavior!
+ * @param HTMLPurifier_Length $max Minimum length, or null for no bound.
String is also acceptable.
+ * @param HTMLPurifier_Length $max Maximum length, or null for no bound.
String is also acceptable.
*/
- protected $units = array('em' => true, 'ex' => true, 'px' => true, 'in' =>
true,
- 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true);
- /**
- * Instance of HTMLPurifier_AttrDef_Number to defer number validation to
- */
- protected $number_def;
-
- /**
- * @param $non_negative Bool indication whether or not negative values are
- * allowed.
- */
- public function __construct($non_negative = false) {
- $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
+ public function __construct($min = null, $max = null) {
+ $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
+ $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
}
-
- public function validate($length, $config, $context) {
-
- $length = $this->parseCDATA($length);
- if ($length === '') return false;
- if ($length === '0') return '0';
- $strlen = strlen($length);
- if ($strlen === 1) return false; // impossible!
-
- // we assume all units are two characters
- $unit = substr($length, $strlen - 2);
- if (!ctype_lower($unit)) $unit = strtolower($unit);
- $number = substr($length, 0, $strlen - 2);
-
- if (!isset($this->units[$unit])) return false;
-
- $number = $this->number_def->validate($number, $config, $context);
- if ($number === false) return false;
-
- return $number . $unit;
-
+
+ public function validate($string, $config, $context) {
+ $string = $this->parseCDATA($string);
+
+ // Optimizations
+ if ($string === '') return false;
+ if ($string === '0') return '0';
+ if (strlen($string) === 1) return false;
+
+ $length = HTMLPurifier_Length::make($string);
+ if (!$length->isValid()) return false;
+
+ if ($this->min) {
+ $c = $length->compareTo($this->min);
+ if ($c === false) return false;
+ if ($c < 0) return false;
+ }
+ if ($this->max) {
+ $c = $length->compareTo($this->max);
+ if ($c === false) return false;
+ if ($c > 0) return false;
+ }
+
+ return $length->toString();
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,37 +6,37 @@
*/
class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of component validators.
* @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
*/
protected $info;
-
+
public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['list-style-type'] = $def->info['list-style-type'];
$this->info['list-style-position'] = $def->info['list-style-position'];
$this->info['list-style-image'] = $def->info['list-style-image'];
}
-
+
public function validate($string, $config, $context) {
-
+
// regular pre-processing
$string = $this->parseCDATA($string);
if ($string === '') return false;
-
+
// assumes URI doesn't have spaces in it
$bits = explode(' ', strtolower($string)); // bits to process
-
+
$caught = array();
$caught['type'] = false;
$caught['position'] = false;
$caught['image'] = false;
-
+
$i = 0; // number of catches
$none = false;
-
+
foreach ($bits as $bit) {
if ($i >= 3) return; // optimization bit
if ($bit === '') continue;
@@ -54,24 +54,25 @@
break;
}
}
-
+
if (!$i) return false;
-
+
$ret = array();
-
+
// construct type
if ($caught['type']) $ret[] = $caught['type'];
-
+
// construct image
if ($caught['image']) $ret[] = $caught['image'];
-
+
// construct position
if ($caught['position']) $ret[] = $caught['position'];
-
+
if (empty($ret)) return false;
return implode(' ', $ret);
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,30 +2,30 @@
/**
* Framework class for strings that involve multiple values.
- *
+ *
* Certain CSS properties such as border-width and margin allow multiple
* lengths to be specified. This class can take a vanilla border-width
* definition and multiply it, usually into a max of four.
- *
+ *
* @note Even though the CSS specification isn't clear about it, inherit
* can only be used alone: it will never manifest as part of a multi
* shorthand declaration. Thus, this class does not allow inherit.
*/
class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
{
-
+
/**
* Instance of component definition to defer validation to.
* @todo Make protected
*/
public $single;
-
+
/**
* Max number of values allowed.
* @todo Make protected
*/
public $max;
-
+
/**
* @param $single HTMLPurifier_AttrDef to multiply
* @param $max Max number of values allowed (usually four)
@@ -34,7 +34,7 @@
$this->single = $single;
$this->max = $max;
}
-
+
public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
if ($string === '') return false;
@@ -52,6 +52,7 @@
if ($final === '') return false;
return rtrim($final);
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,26 +5,30 @@
*/
class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
{
-
+
/**
* Bool indicating whether or not only positive values allowed.
*/
protected $non_negative = false;
-
+
/**
* @param $non_negative Bool indicating whether negatives are forbidden
*/
public function __construct($non_negative = false) {
$this->non_negative = $non_negative;
}
-
+
+ /**
+ * @warning Some contexts do not pass $config, $context. These
+ * variables should not be used without checking
HTMLPurifier_Length
+ */
public function validate($number, $config, $context) {
-
+
$number = $this->parseCDATA($number);
-
+
if ($number === '') return false;
if ($number === '0') return '0';
-
+
$sign = '';
switch ($number[0]) {
case '-':
@@ -33,32 +37,33 @@
case '+':
$number = substr($number, 1);
}
-
+
if (ctype_digit($number)) {
$number = ltrim($number, '0');
return $number ? $sign . $number : '0';
}
-
+
// Period is the only non-numeric character allowed
if (strpos($number, '.') === false) return false;
-
+
list($left, $right) = explode('.', $number, 2);
-
+
if ($left === '' && $right === '') return false;
if ($left !== '' && !ctype_digit($left)) return false;
-
+
$left = ltrim($left, '0');
$right = rtrim($right, '0');
-
+
if ($right === '') {
return $left ? $sign . $left : '0';
} elseif (!ctype_digit($right)) {
return false;
}
-
+
return $sign . $left . '.' . $right;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,35 +5,36 @@
*/
class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
{
-
+
/**
* Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation
*/
protected $number_def;
-
+
/**
* @param Bool indicating whether to forbid negative values
*/
public function __construct($non_negative = false) {
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
}
-
+
public function validate($string, $config, $context) {
-
+
$string = $this->parseCDATA($string);
-
+
if ($string === '') return false;
$length = strlen($string);
if ($length === 1) return false;
if ($string[$length - 1] !== '%') return false;
-
+
$number = substr($string, 0, $length - 1);
$number = $this->number_def->validate($number, $config, $context);
-
+
if ($number === false) return false;
return "$number%";
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,16 +7,19 @@
*/
class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
{
-
+
public function validate($string, $config, $context) {
-
+
static $allowed_values = array(
'line-through' => true,
'overline' => true,
- 'underline' => true
+ 'underline' => true,
);
-
+
$string = strtolower($this->parseCDATA($string));
+
+ if ($string === 'none') return $string;
+
$parts = explode(' ', $string);
$final = '';
foreach ($parts as $part) {
@@ -27,8 +30,9 @@
$final = rtrim($final);
if ($final === '') return false;
return $final;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -11,45 +11,51 @@
*/
class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
{
-
+
public function __construct() {
parent::__construct(true); // always embedded
}
-
+
public function validate($uri_string, $config, $context) {
// parse the URI out of the string and then pass it onto
// the parent object
-
+
$uri_string = $this->parseCDATA($uri_string);
if (strpos($uri_string, 'url(') !== 0) return false;
$uri_string = substr($uri_string, 4);
$new_length = strlen($uri_string) - 1;
if ($uri_string[$new_length] != ')') return false;
$uri = trim(substr($uri_string, 0, $new_length));
-
+
if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
$quote = $uri[0];
$new_length = strlen($uri) - 1;
if ($uri[$new_length] !== $quote) return false;
$uri = substr($uri, 1, $new_length - 1);
}
-
- $keys = array( '(', ')', ',', ' ', '"', "'");
- $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
- $uri = str_replace($values, $keys, $uri);
-
+
+ $uri = $this->expandCSSEscape($uri);
+
$result = parent::validate($uri, $config, $context);
-
+
if ($result === false) return false;
-
- // escape necessary characters according to CSS spec
- // except for the comma, none of these should appear in the
- // URI at all
- $result = str_replace($keys, $values, $result);
-
- return "url($result)";
-
+
+ // extra sanity check; should have been done by URI
+ $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "",
$result);
+
+ // suspicious characters are ()'; we're going to percent encode
+ // them for safety.
+ $result = str_replace(array('(', ')', "'"), array('%28', '%29',
'%27'), $result);
+
+ // there's an extra bug where ampersands lose their escaping on
+ // an innerHTML cycle, so a very unlucky query parameter could
+ // then change the meaning of the URL. Unfortunately, there's
+ // not much we can do about that...
+
+ return "url(\"$result\")";
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -13,22 +13,28 @@
*/
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
{
-
+
public function validate($css, $config, $context) {
-
+
$css = $this->parseCDATA($css);
-
+
$definition = $config->getCSSDefinition();
-
+
// we're going to break the spec and explode by semicolons.
// This is because semicolon rarely appears in escaped form
// Doing this is generally flaky but fast
// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
// for details
-
+
$declarations = explode(';', $css);
$propvalues = array();
-
+
+ /**
+ * Name of the current CSS property being validated.
+ */
+ $property = false;
+ $context->register('CurrentCSSProperty', $property);
+
foreach ($declarations as $declaration) {
if (!$declaration) continue;
if (!strpos($declaration, ':')) continue;
@@ -60,19 +66,22 @@
if ($result === false) continue;
$propvalues[$property] = $result;
}
-
+
+ $context->destroy('CurrentCSSProperty');
+
// procedure does not write the new CSS simultaneously, so it's
// slightly inefficient, but it's the only way of getting rid of
// duplicates. Perhaps config to optimize it, but not now.
-
+
$new_declarations = '';
foreach ($propvalues as $prop => $value) {
$new_declarations .= "$prop:$value;";
}
-
+
return $new_declarations ? $new_declarations : false;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Dummy AttrDef that mimics another AttrDef, BUT it generates clones
+ * with make.
+ */
+class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef
+{
+ /**
+ * What we're cloning
+ */
+ protected $clone;
+
+ public function __construct($clone) {
+ $this->clone = $clone;
+ }
+
+ public function validate($v, $config, $context) {
+ return $this->clone->validate($v, $config, $context);
+ }
+
+ public function make($string) {
+ return clone $this->clone;
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -9,19 +9,19 @@
*/
class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
{
-
+
/**
* Lookup table of valid values.
* @todo Make protected
*/
public $valid_values = array();
-
+
/**
* Bool indicating whether or not enumeration is case sensitive.
* @note In general this is always case insensitive.
*/
protected $case_sensitive = false; // values according to W3C spec
-
+
/**
* @param $valid_values List of valid values
* @param $case_sensitive Bool indicating whether or not case sensitive
@@ -32,7 +32,7 @@
$this->valid_values = array_flip($valid_values);
$this->case_sensitive = $case_sensitive;
}
-
+
public function validate($string, $config, $context) {
$string = trim($string);
if (!$this->case_sensitive) {
@@ -40,10 +40,10 @@
$string = ctype_lower($string) ? $string : strtolower($string);
}
$result = isset($this->valid_values[$string]);
-
+
return $result ? $string : false;
}
-
+
/**
* @param $string In form of comma-delimited list of case-insensitive
* valid values. Example: "foo,bar,baz". Prepend "s:" to make
@@ -59,6 +59,7 @@
$values = explode(',', $string);
return new HTMLPurifier_AttrDef_Enum($values, $sensitive);
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,23 +5,24 @@
*/
class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
{
-
+
protected $name;
public $minimized = true;
-
+
public function __construct($name = false) {$this->name = $name;}
-
+
public function validate($string, $config, $context) {
if (empty($string)) return false;
return $this->name;
}
-
+
/**
* @param $string Name of attribute
*/
public function make($string) {
return new HTMLPurifier_AttrDef_HTML_Bool($string);
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Implements special behavior for class attribute (normally NMTOKENS)
+ */
+class HTMLPurifier_AttrDef_HTML_Class extends
HTMLPurifier_AttrDef_HTML_Nmtokens
+{
+ protected function split($string, $config, $context) {
+ // really, this twiddle should be lazy loaded
+ $name = $config->getDefinition('HTML')->doctype->name;
+ if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
+ return parent::split($string, $config, $context);
+ } else {
+ return preg_split('/\s+/', $string);
+ }
+ }
+ protected function filter($tokens, $config, $context) {
+ $allowed = $config->get('Attr.AllowedClasses');
+ $forbidden = $config->get('Attr.ForbiddenClasses');
+ $ret = array();
+ foreach ($tokens as $token) {
+ if (
+ ($allowed === null || isset($allowed[$token])) &&
+ !isset($forbidden[$token]) &&
+ // We need this O(n) check because of PHP's array
+ // implementation that casts -0 to 0.
+ !in_array($token, $ret, true)
+ ) {
+ $ret[] = $token;
+ }
+ }
+ return $ret;
+ }
+}
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,27 +5,29 @@
*/
class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
{
-
+
public function validate($string, $config, $context) {
-
+
static $colors = null;
- if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
-
+ if ($colors === null) $colors = $config->get('Core.ColorKeywords');
+
$string = trim($string);
-
+
if (empty($string)) return false;
- if (isset($colors[$string])) return $colors[$string];
+ $lower = strtolower($string);
+ if (isset($colors[$lower])) return $colors[$lower];
if ($string[0] === '#') $hex = substr($string, 1);
else $hex = $string;
-
+
$length = strlen($hex);
if ($length !== 3 && $length !== 6) return false;
if (!ctype_xdigit($hex)) return false;
if ($length === 3) $hex =
$hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2];
-
+
return "#$hex";
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,16 +5,17 @@
*/
class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
{
-
+
public $valid_values = false; // uninitialized value
protected $case_sensitive = false;
-
+
public function __construct() {}
-
+
public function validate($string, $config, $context) {
- if ($this->valid_values === false) $this->valid_values =
$config->get('Attr', 'AllowedFrameTargets');
+ if ($this->valid_values === false) $this->valid_values =
$config->get('Attr.AllowedFrameTargets');
return parent::validate($string, $config, $context);
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -11,35 +11,45 @@
class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
{
-
- // ref functionality disabled, since we also have to verify
- // whether or not the ID it refers to exists
-
+
+ // selector is NOT a valid thing to use for IDREFs, because IDREFs
+ // *must* target IDs that exist, whereas selector #ids do not.
+
+ /**
+ * Determines whether or not we're validating an ID in a CSS
+ * selector context.
+ */
+ protected $selector;
+
+ public function __construct($selector = false) {
+ $this->selector = $selector;
+ }
+
public function validate($id, $config, $context) {
-
- if (!$config->get('Attr', 'EnableID')) return false;
-
+
+ if (!$this->selector && !$config->get('Attr.EnableID')) return false;
+
$id = trim($id); // trim it first
-
+
if ($id === '') return false;
-
- $prefix = $config->get('Attr', 'IDPrefix');
+
+ $prefix = $config->get('Attr.IDPrefix');
if ($prefix !== '') {
- $prefix .= $config->get('Attr', 'IDPrefixLocal');
+ $prefix .= $config->get('Attr.IDPrefixLocal');
// prevent re-appending the prefix
if (strpos($id, $prefix) !== 0) $id = $prefix . $id;
- } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') {
+ } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
trigger_error('%Attr.IDPrefixLocal cannot be used unless '.
'%Attr.IDPrefix is set', E_USER_WARNING);
}
-
- //if (!$this->ref) {
+
+ if (!$this->selector) {
$id_accumulator =& $context->get('IDAccumulator');
if (isset($id_accumulator->ids[$id])) return false;
- //}
-
+ }
+
// we purposely avoid using regex, hopefully this is faster
-
+
if (ctype_alpha($id)) {
$result = true;
} else {
@@ -50,20 +60,21 @@
);
$result = ($trim === '');
}
-
- $regexp = $config->get('Attr', 'IDBlacklistRegexp');
+
+ $regexp = $config->get('Attr.IDBlacklistRegexp');
if ($regexp && preg_match($regexp, $id)) {
return false;
}
-
- if (/*!$this->ref && */$result) $id_accumulator->add($id);
-
+
+ if (!$this->selector && $result) $id_accumulator->add($id);
+
// if no change was made to the ID, return the result
// else, return the new id if stripping whitespace made it
// valid, or return false.
return $result ? $id : false;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,39 +2,40 @@
/**
* Validates the HTML type length (not to be confused with CSS's length).
- *
+ *
* This accepts integer pixels or percentages as lengths for certain
* HTML attributes.
*/
class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
{
-
+
public function validate($string, $config, $context) {
-
+
$string = trim($string);
if ($string === '') return false;
-
+
$parent_result = parent::validate($string, $config, $context);
if ($parent_result !== false) return $parent_result;
-
+
$length = strlen($string);
$last_char = $string[$length - 1];
-
+
if ($last_char !== '%') return false;
-
+
$points = substr($string, 0, $length - 1);
-
+
if (!is_numeric($points)) return false;
-
+
$points = (int) $points;
-
+
if ($points < 0) return '0%';
if ($points > 100) return '100%';
-
+
return ((string) $points) . '%';
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -8,10 +8,10 @@
*/
class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
{
-
+
/** Name config attribute to pull. */
protected $name;
-
+
public function __construct($name) {
$configLookup = array(
'rel' => 'AllowedRel',
@@ -24,15 +24,15 @@
}
$this->name = $configLookup[$name];
}
-
+
public function validate($string, $config, $context) {
-
- $allowed = $config->get('Attr', $this->name);
+
+ $allowed = $config->get('Attr.' . $this->name);
if (empty($allowed)) return false;
-
+
$string = $this->parseCDATA($string);
$parts = explode(' ', $string);
-
+
// lookup to prevent duplicates
$ret_lookup = array();
foreach ($parts as $part) {
@@ -40,16 +40,14 @@
if (!isset($allowed[$part])) continue;
$ret_lookup[$part] = true;
}
-
+
if (empty($ret_lookup)) return false;
-
- $ret_array = array();
- foreach ($ret_lookup as $part => $bool) $ret_array[] = $part;
- $string = implode(' ', $ret_array);
-
+ $string = implode(' ', array_keys($ret_lookup));
+
return $string;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,39 +2,40 @@
/**
* Validates a MultiLength as defined by the HTML spec.
- *
+ *
* A multilength is either a integer (pixel count), a percentage, or
* a relative number.
*/
class HTMLPurifier_AttrDef_HTML_MultiLength extends
HTMLPurifier_AttrDef_HTML_Length
{
-
+
public function validate($string, $config, $context) {
-
+
$string = trim($string);
if ($string === '') return false;
-
+
$parent_result = parent::validate($string, $config, $context);
if ($parent_result !== false) return $parent_result;
-
+
$length = strlen($string);
$last_char = $string[$length - 1];
-
+
if ($last_char !== '*') return false;
-
+
$int = substr($string, 0, $length - 1);
-
+
if ($int == '') return '*';
if (!is_numeric($int)) return false;
-
+
$int = (int) $int;
-
+
if ($int < 0) return false;
if ($int == 0) return '0';
if ($int == 1) return '*';
return ((string) $int) . '*';
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,46 +2,51 @@
/**
* Validates contents based on NMTOKENS attribute type.
- * @note The only current use for this is the class attribute in HTML
- * @note Could have some functionality factored out into Nmtoken class
- * @warning We cannot assume this class will be used only for 'class'
- * attributes. Not sure how to hook in magic behavior, then.
*/
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
{
-
+
public function validate($string, $config, $context) {
-
+
$string = trim($string);
-
+
// early abort: '' and '0' (strings that convert to false) are invalid
if (!$string) return false;
-
+
+ $tokens = $this->split($string, $config, $context);
+ $tokens = $this->filter($tokens, $config, $context);
+ if (empty($tokens)) return false;
+ return implode(' ', $tokens);
+
+ }
+
+ /**
+ * Splits a space separated list of tokens into its constituent parts.
+ */
+ protected function split($string, $config, $context) {
// OPTIMIZABLE!
// do the preg_match, capture all subpatterns for reformulation
-
+
// we don't support U+00A1 and up codepoints or
// escaping because I don't know how to do that with regexps
// and plus it would complicate optimization efforts (you never
// see that anyway).
- $matches = array();
$pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
'((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
'(?:(?=\s)|\z)/'; // look ahead for space or string end
preg_match_all($pattern, $string, $matches);
-
- if (empty($matches[1])) return false;
-
- // reconstruct string
- $new_string = '';
- foreach ($matches[1] as $token) {
- $new_string .= $token . ' ';
- }
- $new_string = rtrim($new_string);
-
- return $new_string;
-
+ return $matches[1];
}
-
+
+ /**
+ * Template method for removing certain tokens based on arbitrary criteria.
+ * @note If we wanted to be really functional, we'd do an array_filter
+ * with a callback. But... we're not.
+ */
+ protected function filter($tokens, $config, $context) {
+ return $tokens;
+ }
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,9 +5,15 @@
*/
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
{
-
+
+ protected $max;
+
+ public function __construct($max = null) {
+ $this->max = $max;
+ }
+
public function validate($string, $config, $context) {
-
+
$string = trim($string);
if ($string === '0') return $string;
if ($string === '') return false;
@@ -17,18 +23,26 @@
}
if (!is_numeric($string)) return false;
$int = (int) $string;
-
+
if ($int < 0) return '0';
-
+
// upper-bound value, extremely high values can
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
// WARNING, above link WILL crash you if you're using Windows
-
- if ($int > 1200) return '1200';
-
+
+ if ($this->max !== null && $int > $this->max) return (string)
$this->max;
+
return (string) $int;
-
+
}
-
+
+ public function make($string) {
+ if ($string === '') $max = null;
+ else $max = (int) $string;
+ $class = get_class($this);
+ return new $class($max);
+ }
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -9,22 +9,22 @@
*/
class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
{
-
+
/**
* Bool indicating whether or not negative values are allowed
*/
protected $negative = true;
-
+
/**
* Bool indicating whether or not zero is allowed
*/
protected $zero = true;
-
+
/**
* Bool indicating whether or not positive values are allowed
*/
protected $positive = true;
-
+
/**
* @param $negative Bool indicating whether or not negative values are
allowed
* @param $zero Bool indicating whether or not zero is allowed
@@ -37,15 +37,15 @@
$this->zero = $zero;
$this->positive = $positive;
}
-
+
public function validate($integer, $config, $context) {
-
+
$integer = $this->parseCDATA($integer);
if ($integer === '') return false;
-
+
// we could possibly simply typecast it to integer, but there are
// certain fringe cases that must not return an integer.
-
+
// clip leading sign
if ( $this->negative && $integer[0] === '-' ) {
$digits = substr($integer, 1);
@@ -55,18 +55,19 @@
} else {
$digits = $integer;
}
-
+
// test if it's numeric
if (!ctype_digit($digits)) return false;
-
+
// perform scope tests
if (!$this->zero && $integer == 0) return false;
if (!$this->positive && $integer > 0) return false;
if (!$this->negative && $integer < 0) return false;
-
+
return $integer;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,17 +6,17 @@
*/
class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
{
-
+
public function validate($string, $config, $context) {
-
+
$string = trim($string);
if (!$string) return false;
-
+
$subtags = explode('-', $string);
$num_subtags = count($subtags);
-
+
if ($num_subtags == 0) return false; // sanity check
-
+
// process primary subtag : $subtags[0]
$length = strlen($subtags[0]);
switch ($length) {
@@ -38,20 +38,20 @@
default:
return false;
}
-
+
$new_string = $subtags[0];
if ($num_subtags == 1) return $new_string;
-
+
// process second subtag : $subtags[1]
$length = strlen($subtags[1]);
if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length >
8 || !ctype_alnum($subtags[1])) {
return $new_string;
}
if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]);
-
+
$new_string .= '-' . $subtags[1];
if ($num_subtags == 2) return $new_string;
-
+
// process all other subtags, index 2 and up
for ($i = 2; $i < $num_subtags; $i++) {
$length = strlen($subtags[$i]);
@@ -63,10 +63,11 @@
}
$new_string .= '-' . $subtags[$i];
}
-
+
return $new_string;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Decorator that, depending on a token, switches between two definitions.
+ */
+class HTMLPurifier_AttrDef_Switch
+{
+
+ protected $tag;
+ protected $withTag, $withoutTag;
+
+ /**
+ * @param string $tag Tag name to switch upon
+ * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
+ * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match,
or there is no token
+ */
+ public function __construct($tag, $with_tag, $without_tag) {
+ $this->tag = $tag;
+ $this->withTag = $with_tag;
+ $this->withoutTag = $without_tag;
+ }
+
+ public function validate($string, $config, $context) {
+ $token = $context->get('CurrentToken', true);
+ if (!$token || $token->name !== $this->tag) {
+ return $this->withoutTag->validate($string, $config, $context);
+ } else {
+ return $this->withTag->validate($string, $config, $context);
+ }
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Text.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Text.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/Text.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,10 +5,11 @@
*/
class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
{
-
+
public function validate($string, $config, $context) {
return $this->parseCDATA($string);
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
===================================================================
---
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
2013-05-05 13:56:35 UTC (rev 11089)
+++
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -1,12 +1,12 @@
<?php
/**
- * Primitive email validation class based on the regexp found at
+ * Primitive email validation class based on the regexp found at
* http://www.regular-expressions.info/email.html
*/
class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends
HTMLPurifier_AttrDef_URI_Email
{
-
+
public function validate($string, $config, $context) {
// no support for named mailboxes i.e. "Bob <address@hidden>"
// that needs more percent encoding to be done
@@ -15,6 +15,7 @@
$result = preg_match('/address@hidden,4}$/i', $string);
return $result ? $string : false;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,14 +2,16 @@
abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
{
-
+
/**
* Unpacks a mailbox into its display-name and address
*/
function unpack($string) {
// needs to be implemented
}
-
+
}
// sub-implementations
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,24 +5,30 @@
*/
class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
{
-
+
/**
* Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator
*/
protected $ipv4;
-
+
/**
* Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator
*/
protected $ipv6;
-
+
public function __construct() {
$this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
$this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
}
-
+
public function validate($string, $config, $context) {
$length = strlen($string);
+ // empty hostname is OK; it's usually semantically equivalent:
+ // the default host as defined by a URI scheme is used:
+ //
+ // If the URI scheme defines a default for host, then that
+ // default applies when the host subcomponent is undefined
+ // or when the registered name is empty (zero length).
if ($string === '') return '';
if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {
//IPv6
@@ -31,17 +37,16 @@
if ($valid === false) return false;
return '['. $valid . ']';
}
-
+
// need to do checks on unusual encodings too
$ipv4 = $this->ipv4->validate($string, $config, $context);
if ($ipv4 !== false) return $ipv4;
-
+
// A regular domain name.
-
- // This breaks I18N domain names, but we don't have proper IRI support,
- // so force users to insert Punycode. If there's complaining we'll
- // try to fix things into an international friendly form.
-
+
+ // This doesn't match I18N domain names, but we don't have proper IRI
support,
+ // so force users to insert Punycode.
+
// The productions describing this are:
$a = '[a-z]'; // alpha
$an = '[a-z0-9]'; // alphanum
@@ -51,11 +56,46 @@
// toplabel = alpha | alpha *( alphanum | "-" ) alphanum
$toplabel = "$a($and*$an)?";
// hostname = *( domainlabel "." ) toplabel [ "." ]
- $match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string);
- if (!$match) return false;
-
- return $string;
+ if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
+ return $string;
+ }
+
+ // If we have Net_IDNA2 support, we can support IRIs by
+ // punycoding them. (This is the most portable thing to do,
+ // since otherwise we have to assume browsers support
+
+ if ($config->get('Core.EnableIDNA')) {
+ $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' =>
false, 'strict' => true));
+ // we need to encode each period separately
+ $parts = explode('.', $string);
+ try {
+ $new_parts = array();
+ foreach ($parts as $part) {
+ $encodable = false;
+ for ($i = 0, $c = strlen($part); $i < $c; $i++) {
+ if (ord($part[$i]) > 0x7a) {
+ $encodable = true;
+ break;
+ }
+ }
+ if (!$encodable) {
+ $new_parts[] = $part;
+ } else {
+ $new_parts[] = $idna->encode($part);
+ }
+ }
+ $string = implode('.', $new_parts);
+ if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string))
{
+ return $string;
+ }
+ } catch (Exception $e) {
+ // XXX error reporting
+ }
+ }
+
+ return false;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,25 +6,25 @@
*/
class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
{
-
+
/**
* IPv4 regex, protected so that IPv6 can reuse it
*/
protected $ip4;
-
+
public function validate($aIP, $config, $context) {
-
+
if (!$this->ip4) $this->_loadRegex();
-
+
if (preg_match('#^' . $this->ip4 . '$#s', $aIP))
{
return $aIP;
}
-
+
return false;
-
+
}
-
+
/**
* Lazy load function to prevent regex from being stuffed in
* cache.
@@ -33,6 +33,7 @@
$oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
$this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -8,17 +8,17 @@
*/
class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
{
-
+
public function validate($aIP, $config, $context) {
-
+
if (!$this->ip4) $this->_loadRegex();
-
+
$original = $aIP;
-
+
$hex = '[0-9a-fA-F]';
$blk = '(?:' . $hex . '{1,4})';
$pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
-
+
// prefix check
if (strpos($aIP, '/') !== false)
{
@@ -32,8 +32,8 @@
return false;
}
}
-
- // IPv4-compatiblity check
+
+ // IPv4-compatiblity check
if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find))
{
$aIP = substr($aIP, 0, 0-strlen($find[0]));
@@ -42,7 +42,7 @@
$aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
unset($find, $ip);
}
-
+
// compression check
$aIP = explode('::', $aIP);
$c = count($aIP);
@@ -55,12 +55,12 @@
list($first, $second) = $aIP;
$first = explode(':', $first);
$second = explode(':', $second);
-
+
if (count($first) + count($second) > 8)
{
return false;
}
-
+
while(count($first) < 8)
{
array_push($first, '0');
@@ -75,12 +75,12 @@
$aIP = explode(':', $aIP[0]);
}
$c = count($aIP);
-
+
if ($c != 8)
{
return false;
}
-
+
// All the pieces should be 16-bit hex strings. Are they?
foreach ($aIP as $piece)
{
@@ -89,10 +89,11 @@
return false;
}
}
-
+
return $original;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef/URI.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,10 +6,10 @@
*/
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
{
-
+
protected $parser;
protected $embedsResource;
-
+
/**
* @param $embeds_resource_resource Does the URI here result in an extra
HTTP request?
*/
@@ -17,63 +17,61 @@
$this->parser = new HTMLPurifier_URIParser();
$this->embedsResource = (bool) $embeds_resource;
}
-
+
+ public function make($string) {
+ $embeds = ($string === 'embedded');
+ return new HTMLPurifier_AttrDef_URI($embeds);
+ }
+
public function validate($uri, $config, $context) {
-
- if ($config->get('URI', 'Disable')) return false;
-
+
+ if ($config->get('URI.Disable')) return false;
+
$uri = $this->parseCDATA($uri);
-
+
// parse the URI
$uri = $this->parser->parse($uri);
if ($uri === false) return false;
-
+
// add embedded flag to context for validators
- $context->register('EmbeddedURI', $this->embedsResource);
-
+ $context->register('EmbeddedURI', $this->embedsResource);
+
$ok = false;
do {
-
+
// generic validation
$result = $uri->validate($config, $context);
if (!$result) break;
-
+
// chained filtering
$uri_def = $config->getDefinition('URI');
$result = $uri_def->filter($uri, $config, $context);
if (!$result) break;
-
- // scheme-specific validation
+
+ // scheme-specific validation
$scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) break;
if ($this->embedsResource && !$scheme_obj->browsable) break;
$result = $scheme_obj->validate($uri, $config, $context);
if (!$result) break;
-
+
+ // Post chained filtering
+ $result = $uri_def->postFilter($uri, $config, $context);
+ if (!$result) break;
+
// survived gauntlet
$ok = true;
-
+
} while (false);
-
+
$context->destroy('EmbeddedURI');
if (!$ok) return false;
-
+
// back to string
- $result = $uri->toString();
-
- // munge entire URI if necessary
- if (
- !is_null($uri->host) && // indicator for authority
- !empty($scheme_obj->browsable) &&
- !is_null($munge = $config->get('URI', 'Munge'))
- ) {
- $result = str_replace('%s', rawurlencode($result), $munge);
- }
-
- return $result;
-
+ return $uri->toString();
+
}
-
+
}
-
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef.php 2013-05-05
13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrDef.php 2013-05-06
06:58:50 UTC (rev 11090)
@@ -2,68 +2,65 @@
/**
* Base class for all validating attribute definitions.
- *
+ *
* This family of classes forms the core for not only HTML attribute
validation,
* but also any sort of string that needs to be validated or cleaned (which
- * means CSS properties and composite definitions are defined here too).
+ * means CSS properties and composite definitions are defined here too).
* Besides defining (through code) what precisely makes the string valid,
* subclasses are also responsible for cleaning the code if possible.
*/
abstract class HTMLPurifier_AttrDef
{
-
+
/**
* Tells us whether or not an HTML attribute is minimized. Has no
* meaning in other contexts.
*/
public $minimized = false;
-
+
/**
* Tells us whether or not an HTML attribute is required. Has no
* meaning in other contexts
*/
public $required = false;
-
+
/**
* Validates and cleans passed string according to a definition.
- *
+ *
* @param $string String to be validated and cleaned.
* @param $config Mandatory HTMLPurifier_Config object.
* @param $context Mandatory HTMLPurifier_AttrContext object.
*/
abstract public function validate($string, $config, $context);
-
+
/**
* Convenience method that parses a string as if it were CDATA.
- *
+ *
* This method process a string in the manner specified at
* <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
* leading and trailing whitespace, ignoring line feeds, and replacing
* carriage returns and tabs with spaces. While most useful for HTML
* attributes specified as CDATA, it can also be applied to most CSS
* values.
- *
+ *
* @note This method is not entirely standards compliant, as trim() removes
* more types of whitespace than specified in the spec. In practice,
* this is rarely a problem, as those extra characters usually have
* already been removed by HTMLPurifier_Encoder.
- *
+ *
* @warning This processing is inconsistent with XML's whitespace handling
* as specified by section 3.3.3 and referenced XHTML 1.0 section
- * 4.7. Compliant processing requires all line breaks normalized
- * to "\n", so the fix is not as simple as fixing it in this
- * function. Trim and whitespace collapsing are supposed to only
- * occur in NMTOKENs. However, note that we are NOT necessarily
- * parsing XML, thus, this behavior may still be correct.
+ * 4.7. However, note that we are NOT necessarily
+ * parsing XML, thus, this behavior may still be correct. We
+ * assume that newlines have been normalized.
*/
public function parseCDATA($string) {
$string = trim($string);
- $string = str_replace("\n", '', $string);
- $string = str_replace(array("\r", "\t"), ' ', $string);
+ $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
return $string;
}
-
+
/**
* Factory method for creating this class from a string.
* @param $string String construction info
@@ -76,7 +73,7 @@
// to clone or instantiate new copies. (Instantiation is safer.)
return $this;
}
-
+
/**
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
* properly. THIS IS A HACK!
@@ -84,6 +81,43 @@
protected function mungeRgb($string) {
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/',
'rgb(\1,\2,\3)', $string);
}
-
+
+ /**
+ * Parses a possibly escaped CSS string and returns the "pure"
+ * version of it.
+ */
+ protected function expandCSSEscape($string) {
+ // flexibly parse it
+ $ret = '';
+ for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+ if ($string[$i] === '\\') {
+ $i++;
+ if ($i >= $c) {
+ $ret .= '\\';
+ break;
+ }
+ if (ctype_xdigit($string[$i])) {
+ $code = $string[$i];
+ for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
+ if (!ctype_xdigit($string[$i])) break;
+ $code .= $string[$i];
+ }
+ // We have to be extremely careful when adding
+ // new characters, to make sure we're not breaking
+ // the encoding.
+ $char = HTMLPurifier_Encoder::unichr(hexdec($code));
+ if (HTMLPurifier_Encoder::cleanUTF8($char) === '')
continue;
+ $ret .= $char;
+ if ($i < $c && trim($string[$i]) !== '') $i--;
+ continue;
+ }
+ if ($string[$i] === "\n") continue;
+ }
+ $ret .= $string[$i];
+ }
+ return $ret;
+ }
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Pre-transform that changes proprietary background attribute to CSS.
+ */
+class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
{
+
+ public function transform($attr, $config, $context) {
+
+ if (!isset($attr['background'])) return $attr;
+
+ $background = $this->confiscateAttr($attr, 'background');
+ // some validation should happen here
+
+ $this->prependCSS($attr, "background-image:url($background);");
+
+ return $attr;
+
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,12 +7,13 @@
*/
class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
{
-
+
public function transform($attr, $config, $context) {
if (isset($attr['dir'])) return $attr;
- $attr['dir'] = $config->get('Attr', 'DefaultTextDir');
+ $attr['dir'] = $config->get('Attr.DefaultTextDir');
return $attr;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,17 +6,18 @@
class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
public function transform($attr, $config, $context) {
-
+
if (!isset($attr['bgcolor'])) return $attr;
-
+
$bgcolor = $this->confiscateAttr($attr, 'bgcolor');
// some validation should happen here
-
+
$this->prependCSS($attr, "background-color:$bgcolor;");
-
+
return $attr;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -4,17 +4,17 @@
* Pre-transform that changes converts a boolean attribute to fixed CSS
*/
class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform {
-
+
/**
* Name of boolean attribute that is trigger
*/
protected $attr;
-
+
/**
* CSS declarations to add to style, needs trailing semicolon
*/
protected $css;
-
+
/**
* @param $attr string attribute name to convert from
* @param $css string CSS declarations to add to style (needs semicolon)
@@ -23,13 +23,14 @@
$this->attr = $attr;
$this->css = $css;
}
-
+
public function transform($attr, $config, $context) {
if (!isset($attr[$this->attr])) return $attr;
unset($attr[$this->attr]);
$this->prependCSS($attr, $this->css);
return $attr;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -12,6 +12,7 @@
$this->prependCSS($attr, "border:{$border_width}px solid;");
return $attr;
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,24 +5,24 @@
* values (enumerated) to CSS.
*/
class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
-
+
/**
* Name of attribute to transform from
*/
protected $attr;
-
+
/**
* Lookup array of attribute values to CSS
*/
protected $enumToCSS = array();
-
+
/**
* Case sensitivity of the matching
* @warning Currently can only be guaranteed to work with ASCII
* values.
*/
protected $caseSensitive = false;
-
+
/**
* @param $attr String attribute name to transform from
* @param $enumToCSS Lookup array of attribute values to CSS
@@ -33,25 +33,26 @@
$this->enumToCSS = $enum_to_css;
$this->caseSensitive = (bool) $case_sensitive;
}
-
+
public function transform($attr, $config, $context) {
-
+
if (!isset($attr[$this->attr])) return $attr;
-
+
$value = trim($attr[$this->attr]);
unset($attr[$this->attr]);
-
+
if (!$this->caseSensitive) $value = strtolower($value);
-
+
if (!isset($this->enumToCSS[$value])) {
return $attr;
}
-
+
$this->prependCSS($attr, $this->enumToCSS[$value]);
-
+
return $attr;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -10,27 +10,34 @@
*/
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
{
-
+
public function transform($attr, $config, $context) {
-
+
$src = true;
if (!isset($attr['src'])) {
- if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
- $attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
+ if ($config->get('Core.RemoveInvalidImg')) return $attr;
+ $attr['src'] = $config->get('Attr.DefaultInvalidImage');
$src = false;
}
-
+
if (!isset($attr['alt'])) {
if ($src) {
- $attr['alt'] = basename($attr['src']);
+ $alt = $config->get('Attr.DefaultImageAlt');
+ if ($alt === null) {
+ // truncate if the alt is too long
+ $attr['alt'] = substr(basename($attr['src']),0,40);
+ } else {
+ $attr['alt'] = $alt;
+ }
} else {
- $attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
+ $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
}
}
-
+
return $attr;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -4,40 +4,41 @@
* Pre-transform that changes deprecated hspace and vspace attributes to CSS
*/
class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
-
+
protected $attr;
protected $css = array(
'hspace' => array('left', 'right'),
'vspace' => array('top', 'bottom')
);
-
+
public function __construct($attr) {
$this->attr = $attr;
if (!isset($this->css[$attr])) {
trigger_error(htmlspecialchars($attr) . ' is not valid space
attribute');
}
}
-
+
public function transform($attr, $config, $context) {
-
+
if (!isset($attr[$this->attr])) return $attr;
-
+
$width = $this->confiscateAttr($attr, $this->attr);
// some validation could happen here
-
+
if (!isset($this->css[$this->attr])) return $attr;
-
+
$style = '';
foreach ($this->css[$this->attr] as $suffix) {
$property = "margin-$suffix";
$style .= "$property:{$width}px;";
}
-
+
$this->prependCSS($attr, $style);
-
+
return $attr;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Performs miscellaneous cross attribute validation and filtering for
+ * input elements. This is meant to be a post-transform.
+ */
+class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
+
+ protected $pixels;
+
+ public function __construct() {
+ $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
+ }
+
+ public function transform($attr, $config, $context) {
+ if (!isset($attr['type'])) $t = 'text';
+ else $t = strtolower($attr['type']);
+ if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
+ unset($attr['checked']);
+ }
+ if (isset($attr['maxlength']) && $t !== 'text' && $t !== 'password') {
+ unset($attr['maxlength']);
+ }
+ if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
+ $result = $this->pixels->validate($attr['size'], $config,
$context);
+ if ($result === false) unset($attr['size']);
+ else $attr['size'] = $result;
+ }
+ if (isset($attr['src']) && $t !== 'image') {
+ unset($attr['src']);
+ }
+ if (!isset($attr['value']) && ($t === 'radio' || $t === 'checkbox')) {
+ $attr['value'] = '';
+ }
+ return $attr;
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,21 +7,22 @@
*/
class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
{
-
+
public function transform($attr, $config, $context) {
-
+
$lang = isset($attr['lang']) ? $attr['lang'] : false;
$xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
-
+
if ($lang !== false && $xml_lang === false) {
$attr['xml:lang'] = $lang;
} elseif ($xml_lang !== false) {
$attr['lang'] = $xml_lang;
}
-
+
return $attr;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,15 +5,15 @@
*/
class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
{
-
+
protected $name;
protected $cssName;
-
+
public function __construct($name, $css_name = null) {
$this->name = $name;
$this->cssName = $css_name ? $css_name : $name;
}
-
+
public function transform($attr, $config, $context) {
if (!isset($attr[$this->name])) return $attr;
$length = $this->confiscateAttr($attr, $this->name);
@@ -21,6 +21,7 @@
$this->prependCSS($attr, $this->cssName . ":$length;");
return $attr;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -5,14 +5,17 @@
*/
class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
{
-
+
public function transform($attr, $config, $context) {
+ // Abort early if we're using relaxed definition of name
+ if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
if (!isset($attr['name'])) return $attr;
$id = $this->confiscateAttr($attr, 'name');
if ( isset($attr['id'])) return $attr;
$attr['id'] = $id;
return $attr;
}
-
+
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Post-transform that performs validation to the name attribute; if
+ * it is present with an equivalent id attribute, it is passed through;
+ * otherwise validation is performed.
+ */
+class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
+{
+
+ public function __construct() {
+ $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
+ }
+
+ public function transform($attr, $config, $context) {
+ if (!isset($attr['name'])) return $attr;
+ $name = $attr['name'];
+ if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+ $result = $this->idDef->validate($name, $config, $context);
+ if ($result === false) unset($attr['name']);
+ else $attr['name'] = $result;
+ return $attr;
+ }
+
+}
+
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,45 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Adds rel="nofollow" to all outbound links. This transform is
+ * only attached if Attr.Nofollow is TRUE.
+ */
+class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
+{
+ private $parser;
+
+ public function __construct() {
+ $this->parser = new HTMLPurifier_URIParser();
+ }
+
+ public function transform($attr, $config, $context) {
+
+ if (!isset($attr['href'])) {
+ return $attr;
+ }
+
+ // XXX Kind of inefficient
+ $url = $this->parser->parse($attr['href']);
+ $scheme = $url->getSchemeObj($config, $context);
+
+ if ($scheme->browsable && !$url->isLocal($config, $context)) {
+ if (isset($attr['rel'])) {
+ $rels = explode(' ', $attr['rel']);
+ if (!in_array('nofollow', $rels)) {
+ $rels[] = 'nofollow';
+ }
+ $attr['rel'] = implode(' ', $rels);
+ } else {
+ $attr['rel'] = 'nofollow';
+ }
+ }
+
+ return $attr;
+
+ }
+
+}
+
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,15 @@
+<?php
+
+class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
+{
+ public $name = "SafeEmbed";
+
+ public function transform($attr, $config, $context) {
+ $attr['allowscriptaccess'] = 'never';
+ $attr['allownetworking'] = 'internal';
+ $attr['type'] = 'application/x-shockwave-flash';
+ return $attr;
+ }
+}
+
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Writes default type for all objects. Currently only supports flash.
+ */
+class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
+{
+ public $name = "SafeObject";
+
+ function transform($attr, $config, $context) {
+ if (!isset($attr['type'])) $attr['type'] =
'application/x-shockwave-flash';
+ return $attr;
+ }
+}
+
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,64 @@
+<?php
+
+/**
+ * Validates name/value pairs in param tags to be used in safe objects. This
+ * will only allow name values it recognizes, and pre-fill certain attributes
+ * with required values.
+ *
+ * @note
+ * This class only supports Flash. In the future, Quicktime support
+ * may be added.
+ *
+ * @warning
+ * This class expects an injector to add the necessary parameters tags.
+ */
+class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
+{
+ public $name = "SafeParam";
+ private $uri;
+
+ public function __construct() {
+ $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+ $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque',
'transparent'));
+ }
+
+ public function transform($attr, $config, $context) {
+ // If we add support for other objects, we'll need to alter the
+ // transforms.
+ switch ($attr['name']) {
+ // application/x-shockwave-flash
+ // Keep this synchronized with Injector/SafeObject.php
+ case 'allowScriptAccess':
+ $attr['value'] = 'never';
+ break;
+ case 'allowNetworking':
+ $attr['value'] = 'internal';
+ break;
+ case 'allowFullScreen':
+ if ($config->get('HTML.FlashAllowFullScreen')) {
+ $attr['value'] = ($attr['value'] == 'true') ? 'true' :
'false';
+ } else {
+ $attr['value'] = 'false';
+ }
+ break;
+ case 'wmode':
+ $attr['value'] = $this->wmode->validate($attr['value'],
$config, $context);
+ break;
+ case 'movie':
+ case 'src':
+ $attr['name'] = "movie";
+ $attr['value'] = $this->uri->validate($attr['value'], $config,
$context);
+ break;
+ case 'flashvars':
+ // we're going to allow arbitrary inputs to the SWF, on
+ // the reasoning that it could only hack the SWF, not us.
+ break;
+ // add other cases to support other param name/value pairs
+ default:
+ $attr['name'] = $attr['value'] = null;
+ }
+ return $attr;
+ }
+}
+
+// vim: et sw=4 sts=4
Modified:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
===================================================================
---
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
2013-05-05 13:56:35 UTC (rev 11089)
+++
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -12,3 +12,5 @@
return $attr;
}
}
+
+// vim: et sw=4 sts=4
Added:
trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,38 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Adds target="blank" to all outbound links. This transform is
+ * only attached if Attr.TargetBlank is TRUE. This works regardless
+ * of whether or not Attr.AllowedFrameTargets
+ */
+class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
+{
+ private $parser;
+
+ public function __construct() {
+ $this->parser = new HTMLPurifier_URIParser();
+ }
+
+ public function transform($attr, $config, $context) {
+
+ if (!isset($attr['href'])) {
+ return $attr;
+ }
+
+ // XXX Kind of inefficient
+ $url = $this->parser->parse($attr['href']);
+ $scheme = $url->getSchemeObj($config, $context);
+
+ if ($scheme->browsable && !$url->isBenign($config, $context)) {
+ $attr['target'] = '_blank';
+ }
+
+ return $attr;
+
+ }
+
+}
+
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,18 @@
+<?php
+
+/**
+ * Sets height/width defaults for <textarea>
+ */
+class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
+{
+
+ public function transform($attr, $config, $context) {
+ // Calculated from Firefox
+ if (!isset($attr['cols'])) $attr['cols'] = '22';
+ if (!isset($attr['rows'])) $attr['rows'] = '3';
+ return $attr;
+ }
+
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTransform.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,13 +2,13 @@
/**
* Processes an entire attribute array for corrections needing multiple values.
- *
+ *
* Occasionally, a certain attribute will need to be removed and popped onto
* another value. Instead of creating a complex return syntax for
* HTMLPurifier_AttrDef, we just pass the whole attribute array to a
* specialized object and have that do the special work. That is the
* family of HTMLPurifier_AttrTransform.
- *
+ *
* An attribute transformation can be assigned to run before or after
* HTMLPurifier_AttrDef validation. See HTMLPurifier_HTMLDefinition for
* more details.
@@ -16,10 +16,10 @@
abstract class HTMLPurifier_AttrTransform
{
-
+
/**
* Abstract: makes changes to the attributes dependent on multiple values.
- *
+ *
* @param $attr Assoc array of attributes, usually from
* HTMLPurifier_Token_Tag::$attr
* @param $config Mandatory HTMLPurifier_Config object.
@@ -27,7 +27,7 @@
* @returns Processed attribute array.
*/
abstract public function transform($attr, $config, $context);
-
+
/**
* Prepends CSS properties to the style attribute, creating the
* attribute if it doesn't exist.
@@ -38,7 +38,7 @@
$attr['style'] = isset($attr['style']) ? $attr['style'] : '';
$attr['style'] = $css . $attr['style'];
}
-
+
/**
* Retrieves and removes an attribute
* @param $attr Attribute array to process (passed by reference)
@@ -50,6 +50,7 @@
unset($attr[$key]);
return $value;
}
-
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTypes.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTypes.php 2013-05-05
13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrTypes.php 2013-05-06
06:58:50 UTC (rev 11090)
@@ -9,16 +9,23 @@
* Lookup array of attribute string identifiers to concrete implementations
*/
protected $info = array();
-
+
/**
* Constructs the info array, supplying default implementations for
attribute
* types.
*/
public function __construct() {
+ // XXX This is kind of poor, since we don't actually /clone/
+ // instances; instead, we use the supplied make() attribute. So,
+ // the underlying class must know how to deal with arguments.
+ // With the old implementation of Enum, that ignored its
+ // arguments when handling a make dispatch, the IAlign
+ // definition wouldn't work.
+
// pseudo-types, must be instantiated via shorthand
$this->info['Enum'] = new HTMLPurifier_AttrDef_Enum();
$this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool();
-
+
$this->info['CDATA'] = new HTMLPurifier_AttrDef_Text();
$this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID();
$this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length();
@@ -29,35 +36,48 @@
$this->info['URI'] = new HTMLPurifier_AttrDef_URI();
$this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
$this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color();
-
+ $this->info['IAlign'] =
self::makeEnum('top,middle,bottom,left,right');
+ $this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
+ $this->info['FrameTarget'] = new
HTMLPurifier_AttrDef_HTML_FrameTarget();
+
// unimplemented aliases
$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
-
+ $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
+ $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
+ $this->info['Character'] = new HTMLPurifier_AttrDef_Text();
+
+ // "proprietary" types
+ $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
+
// number is really a positive integer (one or more digits)
// FIXME: ^^ not always, see start and value of list items
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false,
false, true);
}
-
+
+ private static function makeEnum($in) {
+ return new HTMLPurifier_AttrDef_Clone(new
HTMLPurifier_AttrDef_Enum(explode(',', $in)));
+ }
+
/**
* Retrieves a type
* @param $type String type name
* @return Object AttrDef for type
*/
public function get($type) {
-
+
// determine if there is any extra info tacked on
if (strpos($type, '#') !== false) list($type, $string) = explode('#',
$type, 2);
else $string = '';
-
+
if (!isset($this->info[$type])) {
trigger_error('Cannot retrieve undefined attribute type ' . $type,
E_USER_ERROR);
return;
}
-
+
return $this->info[$type]->make($string);
-
+
}
-
+
/**
* Sets a new implementation for a type
* @param $type String type name
@@ -68,4 +88,4 @@
}
}
-
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrValidator.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrValidator.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/AttrValidator.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -7,7 +7,7 @@
*/
class HTMLPurifier_AttrValidator
{
-
+
/**
* Validates the attributes of a token, returning a modified token
* that has valid tokens
@@ -19,59 +19,63 @@
* @param $context Instance of HTMLPurifier_Context
*/
public function validateToken(&$token, &$config, $context) {
-
+
$definition = $config->getHTMLDefinition();
$e =& $context->get('ErrorCollector', true);
-
+
// initialize IDAccumulator if necessary
$ok =& $context->get('IDAccumulator', true);
if (!$ok) {
$id_accumulator = HTMLPurifier_IDAccumulator::build($config,
$context);
$context->register('IDAccumulator', $id_accumulator);
}
-
+
// initialize CurrentToken if necessary
$current_token =& $context->get('CurrentToken', true);
if (!$current_token) $context->register('CurrentToken', $token);
-
+
if (
- !$token instanceof HTMLPurifier_Token_Start &&
- !$token instanceof HTMLPurifier_Token_Empty
+ !$token instanceof HTMLPurifier_Token_Start &&
+ !$token instanceof HTMLPurifier_Token_Empty
) return $token;
-
+
// create alias to global definition array, see also $defs
// DEFINITION CALL
$d_defs = $definition->info_global_attr;
-
- // reference attributes for easy manipulation
- $attr =& $token->attr;
-
+
+ // don't update token until the very end, to ensure an atomic update
+ $attr = $token->attr;
+
// do global transformations (pre)
// nothing currently utilizes this
foreach ($definition->info_attr_transform_pre as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
- if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator:
Attributes transformed', $o, $attr);
+ if ($e) {
+ if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes
transformed', $o, $attr);
+ }
}
-
+
// do local transformations only applicable to this element (pre)
// ex. <p align="right"> to <p style="text-align:right;">
foreach ($definition->info[$token->name]->attr_transform_pre as
$transform) {
$attr = $transform->transform($o = $attr, $config, $context);
- if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator:
Attributes transformed', $o, $attr);
+ if ($e) {
+ if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes
transformed', $o, $attr);
+ }
}
-
+
// create alias to this element's attribute definition array, see
// also $d_defs (global attribute definition array)
// DEFINITION CALL
$defs = $definition->info[$token->name]->attr;
-
+
$attr_key = false;
$context->register('CurrentAttr', $attr_key);
-
+
// iterate through all the attribute keypairs
// Watch out for name collisions: $key has previously been used
foreach ($attr as $attr_key => $value) {
-
+
// call the definition
if ( isset($defs[$attr_key]) ) {
// there is a local definition defined
@@ -98,52 +102,61 @@
// system never heard of the attribute? DELETE!
$result = false;
}
-
+
// put the results into effect
if ($result === false || $result === null) {
// this is a generic error message that should replaced
// with more specific ones when possible
if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
-
+
// remove the attribute
unset($attr[$attr_key]);
} elseif (is_string($result)) {
// generally, if a substitution is happening, there
// was some sort of implicit correction going on. We'll
// delegate it to the attribute classes to say exactly what.
-
+
// simple substitution
$attr[$attr_key] = $result;
+ } else {
+ // nothing happens
}
-
+
// we'd also want slightly more complicated substitution
// involving an array as the return value,
// although we're not sure how colliding attributes would
// resolve (certain ones would be completely overriden,
// others would prepend themselves).
}
-
+
$context->destroy('CurrentAttr');
-
+
// post transforms
-
+
// global (error reporting untested)
foreach ($definition->info_attr_transform_post as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
- if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator:
Attributes transformed', $o, $attr);
+ if ($e) {
+ if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes
transformed', $o, $attr);
+ }
}
-
+
// local (error reporting untested)
foreach ($definition->info[$token->name]->attr_transform_post as
$transform) {
$attr = $transform->transform($o = $attr, $config, $context);
- if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator:
Attributes transformed', $o, $attr);
+ if ($e) {
+ if ($attr != $o) $e->send(E_NOTICE, 'AttrValidator: Attributes
transformed', $o, $attr);
+ }
}
-
+
+ $token->attr = $attr;
+
// destroy CurrentToken if we made it ourselves
if (!$current_token) $context->destroy('CurrentToken');
-
+
}
-
-
+
+
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Bootstrap.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Bootstrap.php 2013-05-05
13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/Bootstrap.php 2013-05-06
06:58:50 UTC (rev 11090)
@@ -29,7 +29,7 @@
*/
class HTMLPurifier_Bootstrap
{
-
+
/**
* Autoload function for HTML Purifier
* @param $class Class to load
@@ -37,10 +37,15 @@
public static function autoload($class) {
$file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) return false;
- require HTMLPURIFIER_PREFIX . '/' . $file;
+ // Technically speaking, it should be ok and more efficient to
+ // just do 'require', but Antonio Parraga reports that with
+ // Zend extensions such as Zend debugger and APC, this invariant
+ // may be broken. Since we have efficient alternatives, pay
+ // the cost here and avoid the bug.
+ require_once HTMLPURIFIER_PREFIX . '/' . $file;
return true;
}
-
+
/**
* Returns the path for a specific class.
*/
@@ -56,7 +61,7 @@
if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
return $file;
}
-
+
/**
* "Pre-registers" our autoloader on the SPL stack.
*/
@@ -65,32 +70,40 @@
if ( ($funcs = spl_autoload_functions()) === false ) {
spl_autoload_register($autoload);
} elseif (function_exists('spl_autoload_unregister')) {
- $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
- version_compare(PHP_VERSION, '5.1.0', '>=');
- foreach ($funcs as $func) {
- if (is_array($func)) {
- // :TRICKY: There are some compatibility issues and some
- // places where we need to error out
- $reflector = new ReflectionMethod($func[0], $func[1]);
- if (!$reflector->isStatic()) {
- throw new Exception('
- HTML Purifier autoloader registrar is not
compatible
- with non-static object methods due to PHP Bug
#44144;
- Please do not use HTMLPurifier.autoload.php (or any
- file that includes this file); instead, place the
code:
-
spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
- after your own autoloaders.
- ');
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ // prepend flag exists, no need for shenanigans
+ spl_autoload_register($autoload, true, true);
+ } else {
+ $buggy = version_compare(PHP_VERSION, '5.2.11', '<');
+ $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
+ version_compare(PHP_VERSION, '5.1.0', '>=');
+ foreach ($funcs as $func) {
+ if ($buggy && is_array($func)) {
+ // :TRICKY: There are some compatibility issues and
some
+ // places where we need to error out
+ $reflector = new ReflectionMethod($func[0], $func[1]);
+ if (!$reflector->isStatic()) {
+ throw new Exception('
+ HTML Purifier autoloader registrar is not
compatible
+ with non-static object methods due to PHP Bug
#44144;
+ Please do not use HTMLPurifier.autoload.php
(or any
+ file that includes this file); instead, place
the code:
+
spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
+ after your own autoloaders.
+ ');
+ }
+ // Suprisingly, spl_autoload_register supports the
+ // Class::staticMethod callback format, although
call_user_func doesn't
+ if ($compat) $func = implode('::', $func);
}
- // Suprisingly, spl_autoload_register supports the
- // Class::staticMethod callback format, although
call_user_func doesn't
- if ($compat) $func = implode('::', $func);
+ spl_autoload_unregister($func);
}
- spl_autoload_unregister($func);
+ spl_autoload_register($autoload);
+ foreach ($funcs as $func) spl_autoload_register($func);
}
- spl_autoload_register($autoload);
- foreach ($funcs as $func) spl_autoload_register($func);
}
}
-
+
}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/CSSDefinition.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/CSSDefinition.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/CSSDefinition.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -6,32 +6,32 @@
*/
class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
{
-
+
public $type = 'CSS';
-
+
/**
* Assoc array of attribute name to definition object.
*/
public $info = array();
-
+
/**
* Constructs the info array. The meat of this class.
*/
protected function doSetup($config) {
-
+
$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
array('left', 'right', 'center', 'justify'), false);
-
+
$border_style =
- $this->info['border-bottom-style'] =
- $this->info['border-right-style'] =
- $this->info['border-left-style'] =
+ $this->info['border-bottom-style'] =
+ $this->info['border-right-style'] =
+ $this->info['border-left-style'] =
$this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'hidden', 'dotted', 'dashed', 'solid', 'double',
'groove', 'ridge', 'inset', 'outset'), false);
-
+
$this->info['border-style'] = new
HTMLPurifier_AttrDef_CSS_Multiple($border_style);
-
+
$this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'left', 'right', 'both'), false);
$this->info['float'] = new HTMLPurifier_AttrDef_Enum(
@@ -40,27 +40,27 @@
array('normal', 'italic', 'oblique'), false);
$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'small-caps'), false);
-
+
$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('none')),
new HTMLPurifier_AttrDef_CSS_URI()
)
);
-
+
$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
array('inside', 'outside'), false);
$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
array('disc', 'circle', 'square', 'decimal', 'lower-roman',
'upper-roman', 'lower-alpha', 'upper-alpha', 'none'), false);
$this->info['list-style-image'] = $uri_or_none;
-
+
$this->info['list-style'] = new
HTMLPurifier_AttrDef_CSS_ListStyle($config);
-
+
$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
array('capitalize', 'uppercase', 'lowercase', 'none'), false);
$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
-
+
$this->info['background-image'] = $uri_or_none;
$this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
@@ -69,42 +69,42 @@
array('scroll', 'fixed')
);
$this->info['background-position'] = new
HTMLPurifier_AttrDef_CSS_BackgroundPosition();
-
- $border_color =
- $this->info['border-top-color'] =
- $this->info['border-bottom-color'] =
- $this->info['border-left-color'] =
- $this->info['border-right-color'] =
+
+ $border_color =
+ $this->info['border-top-color'] =
+ $this->info['border-bottom-color'] =
+ $this->info['border-left-color'] =
+ $this->info['border-right-color'] =
$this->info['background-color'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('transparent')),
new HTMLPurifier_AttrDef_CSS_Color()
));
-
+
$this->info['background'] = new
HTMLPurifier_AttrDef_CSS_Background($config);
-
+
$this->info['border-color'] = new
HTMLPurifier_AttrDef_CSS_Multiple($border_color);
-
- $border_width =
- $this->info['border-top-width'] =
- $this->info['border-bottom-width'] =
- $this->info['border-left-width'] =
+
+ $border_width =
+ $this->info['border-top-width'] =
+ $this->info['border-bottom-width'] =
+ $this->info['border-left-width'] =
$this->info['border-right-width'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
- new HTMLPurifier_AttrDef_CSS_Length(true) //disallow negative
+ new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
));
-
+
$this->info['border-width'] = new
HTMLPurifier_AttrDef_CSS_Multiple($border_width);
-
+
$this->info['letter-spacing'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length()
));
-
+
$this->info['word-spacing'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length()
));
-
+
$this->info['font-size'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('xx-small', 'x-small',
'small', 'medium', 'large', 'x-large', 'xx-large',
@@ -112,110 +112,127 @@
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_CSS_Length()
));
-
+
$this->info['line-height'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
- new HTMLPurifier_AttrDef_CSS_Length(true),
+ new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true)
));
-
+
$margin =
- $this->info['margin-top'] =
- $this->info['margin-bottom'] =
- $this->info['margin-left'] =
+ $this->info['margin-top'] =
+ $this->info['margin-bottom'] =
+ $this->info['margin-left'] =
$this->info['margin-right'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_Enum(array('auto'))
));
-
+
$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
-
+
// non-negative
$padding =
- $this->info['padding-top'] =
- $this->info['padding-bottom'] =
- $this->info['padding-left'] =
+ $this->info['padding-top'] =
+ $this->info['padding-bottom'] =
+ $this->info['padding-left'] =
$this->info['padding-right'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
- new HTMLPurifier_AttrDef_CSS_Length(true),
+ new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true)
));
-
+
$this->info['padding'] = new
HTMLPurifier_AttrDef_CSS_Multiple($padding);
-
+
$this->info['text-indent'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
-
+
+ $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length('0'),
+ new HTMLPurifier_AttrDef_CSS_Percentage(true),
+ new HTMLPurifier_AttrDef_Enum(array('auto'))
+ ));
+ $max = $config->get('CSS.MaxImgLength');
+
$this->info['width'] =
$this->info['height'] =
- new HTMLPurifier_AttrDef_CSS_DenyElementDecorator(
- new HTMLPurifier_AttrDef_CSS_Composite(array(
- new HTMLPurifier_AttrDef_CSS_Length(true),
- new HTMLPurifier_AttrDef_CSS_Percentage(true),
- new HTMLPurifier_AttrDef_Enum(array('auto'))
- )), 'img');
-
+ $max === null ?
+ $trusted_wh :
+ new HTMLPurifier_AttrDef_Switch('img',
+ // For img tags:
+ new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+ new HTMLPurifier_AttrDef_Enum(array('auto'))
+ )),
+ // For everyone else:
+ $trusted_wh
+ );
+
$this->info['text-decoration'] = new
HTMLPurifier_AttrDef_CSS_TextDecoration();
-
+
$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
-
+
// this could use specialized code
$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',
'400', '500', '600', '700', '800', '900'), false);
-
+
// MUST be called after other font properties, as it references
// a CSSDefinition object
$this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
-
+
// same here
$this->info['border'] =
- $this->info['border-bottom'] =
- $this->info['border-top'] =
- $this->info['border-left'] =
+ $this->info['border-bottom'] =
+ $this->info['border-top'] =
+ $this->info['border-left'] =
$this->info['border-right'] = new
HTMLPurifier_AttrDef_CSS_Border($config);
-
+
$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(array(
'collapse', 'separate'));
-
+
$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(array(
'top', 'bottom'));
-
+
$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(array(
'auto', 'fixed'));
-
+
$this->info['vertical-align'] = new
HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('baseline', 'sub', 'super',
'top', 'text-top', 'middle', 'bottom', 'text-bottom')),
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
-
+
$this->info['border-spacing'] = new
HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
-
- // partial support
- $this->info['white-space'] = new
HTMLPurifier_AttrDef_Enum(array('nowrap'));
-
- if ($config->get('CSS', 'Proprietary')) {
+
+ // These CSS properties don't work on many browsers, but we live
+ // in THE FUTURE!
+ $this->info['white-space'] = new
HTMLPurifier_AttrDef_Enum(array('nowrap', 'normal', 'pre', 'pre-wrap',
'pre-line'));
+
+ if ($config->get('CSS.Proprietary')) {
$this->doSetupProprietary($config);
}
-
- if ($config->get('CSS', 'AllowTricky')) {
+
+ if ($config->get('CSS.AllowTricky')) {
$this->doSetupTricky($config);
}
-
- $allow_important = $config->get('CSS', 'AllowImportant');
+
+ if ($config->get('CSS.Trusted')) {
+ $this->doSetupTrusted($config);
+ }
+
+ $allow_important = $config->get('CSS.AllowImportant');
// wrap all attr-defs with decorator that handles !important
foreach ($this->info as $k => $v) {
$this->info[$k] = new
HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
}
-
+
$this->setupConfigStuff($config);
}
-
+
protected function doSetupProprietary($config) {
// Internet Explorer only scrollbar colors
$this->info['scrollbar-arrow-color'] = new
HTMLPurifier_AttrDef_CSS_Color();
@@ -224,30 +241,53 @@
$this->info['scrollbar-face-color'] = new
HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-highlight-color'] = new
HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-shadow-color'] = new
HTMLPurifier_AttrDef_CSS_Color();
-
+
// technically not proprietary, but CSS3, and no one supports it
$this->info['opacity'] = new
HTMLPurifier_AttrDef_CSS_AlphaValue();
$this->info['-moz-opacity'] = new
HTMLPurifier_AttrDef_CSS_AlphaValue();
$this->info['-khtml-opacity'] = new
HTMLPurifier_AttrDef_CSS_AlphaValue();
-
+
// only opacity, for now
$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
-
+
+ // more CSS3
+ $this->info['page-break-after'] =
+ $this->info['page-break-before'] = new
HTMLPurifier_AttrDef_Enum(array('auto','always','avoid','left','right'));
+ $this->info['page-break-inside'] = new
HTMLPurifier_AttrDef_Enum(array('auto','avoid'));
+
}
-
+
protected function doSetupTricky($config) {
$this->info['display'] = new HTMLPurifier_AttrDef_Enum(array(
'inline', 'block', 'list-item', 'run-in', 'compact',
- 'marker', 'table', 'inline-table', 'table-row-group',
+ 'marker', 'table', 'inline-block', 'inline-table',
'table-row-group',
'table-header-group', 'table-footer-group', 'table-row',
'table-column-group', 'table-column', 'table-cell',
'table-caption', 'none'
));
$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(array(
'visible', 'hidden', 'collapse'
));
+ $this->info['overflow'] = new
HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
}
-
-
+
+ protected function doSetupTrusted($config) {
+ $this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
+ 'static', 'relative', 'absolute', 'fixed'
+ ));
+ $this->info['top'] =
+ $this->info['left'] =
+ $this->info['right'] =
+ $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage(),
+ new HTMLPurifier_AttrDef_Enum(array('auto')),
+ ));
+ $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_Integer(),
+ new HTMLPurifier_AttrDef_Enum(array('auto')),
+ ));
+ }
+
/**
* Performs extra config-based processing. Based off of
* HTMLPurifier_HTMLDefinition.
@@ -255,24 +295,34 @@
* composition, not inheritance).
*/
protected function setupConfigStuff($config) {
-
+
// setup allowed elements
$support = "(for information on implementing this, see the ".
"support forums) ";
- $allowed_attributes = $config->get('CSS', 'AllowedProperties');
- if ($allowed_attributes !== null) {
+ $allowed_properties = $config->get('CSS.AllowedProperties');
+ if ($allowed_properties !== null) {
foreach ($this->info as $name => $d) {
- if(!isset($allowed_attributes[$name]))
unset($this->info[$name]);
- unset($allowed_attributes[$name]);
+ if(!isset($allowed_properties[$name]))
unset($this->info[$name]);
+ unset($allowed_properties[$name]);
}
// emit errors
- foreach ($allowed_attributes as $name => $d) {
+ foreach ($allowed_properties as $name => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$name = htmlspecialchars($name);
trigger_error("Style attribute '$name' is not supported
$support", E_USER_WARNING);
}
}
-
+
+ $forbidden_properties = $config->get('CSS.ForbiddenProperties');
+ if ($forbidden_properties !== null) {
+ foreach ($this->info as $name => $d) {
+ if (isset($forbidden_properties[$name])) {
+ unset($this->info[$name]);
+ }
+ }
+ }
+
}
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,7 +2,7 @@
/**
* Definition that uses different definitions depending on context.
- *
+ *
* The del and ins tags are notable because they allow different types of
* elements depending on whether or not they're in a block or inline context.
* Chameleon allows this behavior to happen by using two different
@@ -11,19 +11,19 @@
*/
class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
{
-
+
/**
* Instance of the definition object to use when inline. Usually stricter.
*/
public $inline;
-
+
/**
* Instance of the definition object to use when block.
*/
public $block;
-
+
public $type = 'chameleon';
-
+
/**
* @param $inline List of elements to allow when inline.
* @param $block List of elements to allow when block.
@@ -33,7 +33,7 @@
$this->block = new HTMLPurifier_ChildDef_Optional($block);
$this->elements = $this->block->elements;
}
-
+
public function validateChildren($tokens_of_children, $config, $context) {
if ($context->get('IsInline') === false) {
return $this->block->validateChildren(
@@ -45,3 +45,4 @@
}
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -2,11 +2,9 @@
/**
* Custom validation class, accepts DTD child definitions
- *
+ *
* @warning Currently this class is an all or nothing proposition, that is,
* it will only give a bool return value.
- * @note This class is currently not used by any code, although it is unit
- * tested.
*/
class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
{
@@ -38,25 +36,25 @@
}
$el = '[#a-zA-Z0-9_.-]+';
$reg = $raw;
-
+
// COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
// DOING! Seriously: if there's problems, please report them.
-
+
// collect all elements into the $elements array
preg_match_all("/$el/", $reg, $matches);
foreach ($matches[0] as $match) {
$this->elements[$match] = true;
}
-
+
// setup all elements as parentheticals with leading commas
$reg = preg_replace("/$el/", '(,\\0)', $reg);
-
+
// remove commas when they were not solicited
$reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
-
+
// remove all non-paranthetical commas: they are handled by first regex
$reg = preg_replace("/,\(/", '(', $reg);
-
+
$this->_pcre_regex = $reg;
}
public function validateChildren($tokens_of_children, $config, $context) {
@@ -64,15 +62,15 @@
$nesting = 0; // depth into the nest
foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) continue;
-
+
$is_child = ($nesting == 0); // direct
-
+
if ($token instanceof HTMLPurifier_Token_Start) {
$nesting++;
} elseif ($token instanceof HTMLPurifier_Token_End) {
$nesting--;
}
-
+
if ($is_child) {
$list_of_children .= $token->name . ',';
}
@@ -84,8 +82,9 @@
'/^,?'.$this->_pcre_regex.'$/',
$list_of_children
);
-
+
return (bool) $okay;
}
}
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
2013-05-05 13:56:35 UTC (rev 11089)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -17,3 +17,4 @@
}
}
+// vim: et sw=4 sts=4
Added: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/List.php
===================================================================
--- trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/List.php
(rev 0)
+++ trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/List.php
2013-05-06 06:58:50 UTC (rev 11090)
@@ -0,0 +1,120 @@
+<?php
+
+/**
+ * Definition for list containers ul and ol.
+ */
+class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
+{
+ public $type = 'list';
+ // lying a little bit, so that we can handle ul and ol ourselves
+ // XXX: This whole business with 'wrap' is all a bit unsatisfactory
+ public $elements = array('li' => true, 'ul' => true, 'ol' => true);
+ public function validateChildren($tokens_of_children, $config, $context) {
+ // Flag for subclasses
+ $this->whitespace = false;
+
+ // if there are no tokens, delete parent node
+ if (empty($tokens_of_children)) return false;
+
+ // the new set of children
+ $result = array();
+
+ // current depth into the nest
+ $nesting = 0;
+
+ // a little sanity check to make sure it's not ALL whitespace
+ $all_whitespace = true;
+
+ $seen_li = false;
+ $need_close_li = false;
+
+ foreach ($tokens_of_children as $token) {
+ if (!empty($token->is_whitespace)) {
+ $result[] = $token;
+ continue;
+ }
+ $all_whitespace = false; // phew, we're not talking about
whitespace
+
+ if ($nesting == 1 && $need_close_li) {
+ $result[] = new HTMLPurifier_Token_End('li');
+ $nesting--;
+ $need_close_li = false;
+ }
+
+ $is_child = ($nesting == 0);
+
+ if ($token instanceof HTMLPurifier_Token_Start) {
+ $nesting++;
+ } elseif ($token instanceof HTMLPurifier_Token_End) {
+ $nesting--;
+ }
+
+ if ($is_child) {
+ if ($token->name === 'li') {
+ // good
+ $seen_li = true;
+ } elseif ($token->name === 'ul' || $token->name === 'ol') {
+ // we want to tuck this into the previous li
+ $need_close_li = true;
+ $nesting++;
+ if (!$seen_li) {
+ // create a new li element
+ $result[] = new HTMLPurifier_Token_Start('li');
+ } else {
+ // backtrack until </li> found
+ while(true) {
+ $t = array_pop($result);
+ if ($t instanceof HTMLPurifier_Token_End) {
+ // XXX actually, these invariants could very
plausibly be violated
+ // if we are doing silly things with modifying
the set of allowed elements.
+ // FORTUNATELY, it doesn't make a difference,
since the allowed
+ // elements are hard-coded here!
+ if ($t->name !== 'li') {
+ trigger_error("Only li present invariant
violated in List ChildDef", E_USER_ERROR);
+ return false;
+ }
+ break;
+ } elseif ($t instanceof HTMLPurifier_Token_Empty)
{ // bleagh
+ if ($t->name !== 'li') {
+ trigger_error("Only li present invariant
violated in List ChildDef", E_USER_ERROR);
+ return false;
+ }
+ // XXX this should have a helper for it...
+ $result[] = new HTMLPurifier_Token_Start('li',
$t->attr, $t->line, $t->col, $t->armor);
+ break;
+ } else {
+ if (!$t->is_whitespace) {
+ trigger_error("Only whitespace present
invariant violated in List ChildDef", E_USER_ERROR);
+ return false;
+ }
+ }
+ }
+ }
+ } else {
+ // start wrapping (this doesn't precisely mimic
+ // browser behavior, but what browsers do is kind of
+ // hard to mimic in a standards compliant way
+ // XXX Actually, this has no impact in practice,
+ // because this gets handled earlier. Arguably,
+ // we should rip out all of that processing
+ $result[] = new HTMLPurifier_Token_Start('li');
+ $nesting++;
+ $seen_li = true;
+ $need_close_li = true;
+ }
+ }
+ $result[] = $token;
+ }
+ if ($need_close_li) {
+ $result[] = new HTMLPurifier_Token_End('li');
+ }
+ if (empty($result)) return false;
+ if ($all_whitespace) {
+ return false;
+ }
+ if ($tokens_of_children == $result) return true;
+ return $result;
+ }
+}
+
+// vim: et sw=4 sts=4
Modified: trunk/phpgwapi/inc/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
@@ Diff output truncated at 153600 characters. @@
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [11090] HTMLPurifier update to 4.5.0 from upstream,
Sigurd Nes <=