diff options
author | Christian Vogeley <christian.vogeley@hotmail.de> | 2015-01-11 16:22:59 +0100 |
---|---|---|
committer | Christian Vogeley <christian.vogeley@hotmail.de> | 2015-01-11 16:22:59 +0100 |
commit | f0c7612bcd49d32e408e67ac1829ee891c677f7e (patch) | |
tree | d4cff4aa2d728524b631776ffffee71f42056421 /library/HTMLPurifier/HTMLDefinition.php | |
parent | 43f143a211c75138d09ceb89acc48ea7d5c31ca9 (diff) | |
parent | 10102ac2ac4d5b02012a9794e23656717ab05556 (diff) | |
download | volse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.tar.gz volse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.tar.bz2 volse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.zip |
Merge remote-tracking branch 'upstream/master'
Conflicts:
doc/html/classRedmatrix_1_1Import_1_1Import-members.html
doc/html/classRedmatrix_1_1Import_1_1Import.js
Diffstat (limited to 'library/HTMLPurifier/HTMLDefinition.php')
-rw-r--r-- | library/HTMLPurifier/HTMLDefinition.php | 211 |
1 files changed, 142 insertions, 69 deletions
diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php index c99ac11eb..9b7b334dd 100644 --- a/library/HTMLPurifier/HTMLDefinition.php +++ b/library/HTMLPurifier/HTMLDefinition.php @@ -29,60 +29,71 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition // FULLY-PUBLIC VARIABLES --------------------------------------------- /** - * Associative array of element names to HTMLPurifier_ElementDef + * Associative array of element names to HTMLPurifier_ElementDef. + * @type HTMLPurifier_ElementDef[] */ public $info = array(); /** * Associative array of global attribute name to attribute definition. + * @type array */ public $info_global_attr = array(); /** * String name of parent element HTML will be going into. + * @type string */ public $info_parent = 'div'; /** * Definition for parent element, allows parent element to be a * tag that's not allowed inside the HTML fragment. + * @type HTMLPurifier_ElementDef */ public $info_parent_def; /** - * String name of element used to wrap inline elements in block context + * String name of element used to wrap inline elements in block context. + * @type string * @note This is rarely used except for BLOCKQUOTEs in strict mode */ public $info_block_wrapper = 'p'; /** - * Associative array of deprecated tag name to HTMLPurifier_TagTransform + * Associative array of deprecated tag name to HTMLPurifier_TagTransform. + * @type array */ public $info_tag_transform = array(); /** * Indexed list of HTMLPurifier_AttrTransform to be performed before validation. + * @type HTMLPurifier_AttrTransform[] */ public $info_attr_transform_pre = array(); /** * Indexed list of HTMLPurifier_AttrTransform to be performed after validation. + * @type HTMLPurifier_AttrTransform[] */ public $info_attr_transform_post = array(); /** * Nested lookup array of content set name (Block, Inline) to * element name to whether or not it belongs in that content set. + * @type array */ public $info_content_sets = array(); /** * Indexed list of HTMLPurifier_Injector to be used. + * @type HTMLPurifier_Injector[] */ public $info_injector = array(); /** * Doctype object + * @type HTMLPurifier_Doctype */ public $doctype; @@ -94,12 +105,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition * Adds a custom attribute to a pre-existing element * @note This is strictly convenience, and does not have a corresponding * method in HTMLPurifier_HTMLModule - * @param $element_name String element name to add attribute to - * @param $attr_name String name of attribute - * @param $def Attribute definition, can be string or object, see + * @param string $element_name Element name to add attribute to + * @param string $attr_name Name of attribute + * @param mixed $def Attribute definition, can be string or object, see * HTMLPurifier_AttrTypes for details */ - public function addAttribute($element_name, $attr_name, $def) { + public function addAttribute($element_name, $attr_name, $def) + { $module = $this->getAnonymousModule(); if (!isset($module->info[$element_name])) { $element = $module->addBlankElement($element_name); @@ -111,10 +123,11 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition /** * Adds a custom element to your HTML definition - * @note See HTMLPurifier_HTMLModule::addElement for detailed + * @see HTMLPurifier_HTMLModule::addElement() for detailed * parameter and return value descriptions. */ - public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array()) { + public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array()) + { $module = $this->getAnonymousModule(); // assume that if the user is calling this, the element // is safe. This may not be a good idea @@ -125,10 +138,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition /** * Adds a blank element to your HTML definition, for overriding * existing behavior - * @note See HTMLPurifier_HTMLModule::addBlankElement for detailed + * @param string $element_name + * @return HTMLPurifier_ElementDef + * @see HTMLPurifier_HTMLModule::addBlankElement() for detailed * parameter and return value descriptions. */ - public function addBlankElement($element_name) { + public function addBlankElement($element_name) + { $module = $this->getAnonymousModule(); $element = $module->addBlankElement($element_name); return $element; @@ -138,8 +154,10 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition * Retrieves a reference to the anonymous module, so you can * bust out advanced features without having to make your own * module. + * @return HTMLPurifier_HTMLModule */ - public function getAnonymousModule() { + public function getAnonymousModule() + { if (!$this->_anonModule) { $this->_anonModule = new HTMLPurifier_HTMLModule(); $this->_anonModule->name = 'Anonymous'; @@ -147,22 +165,33 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition return $this->_anonModule; } - private $_anonModule; - + private $_anonModule = null; // PUBLIC BUT INTERNAL VARIABLES -------------------------------------- + /** + * @type string + */ public $type = 'HTML'; - public $manager; /**< Instance of HTMLPurifier_HTMLModuleManager */ + + /** + * @type HTMLPurifier_HTMLModuleManager + */ + public $manager; /** * Performs low-cost, preliminary initialization. */ - public function __construct() { + public function __construct() + { $this->manager = new HTMLPurifier_HTMLModuleManager(); } - protected function doSetup($config) { + /** + * @param HTMLPurifier_Config $config + */ + protected function doSetup($config) + { $this->processModules($config); $this->setupConfigStuff($config); unset($this->manager); @@ -176,9 +205,10 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition /** * Extract out the information from the manager + * @param HTMLPurifier_Config $config */ - protected function processModules($config) { - + protected function processModules($config) + { if ($this->_anonModule) { // for user specific changes // this is late-loaded so we don't have to deal with PHP4 @@ -191,40 +221,53 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $this->doctype = $this->manager->doctype; foreach ($this->manager->modules as $module) { - foreach($module->info_tag_transform as $k => $v) { - if ($v === false) unset($this->info_tag_transform[$k]); - else $this->info_tag_transform[$k] = $v; + foreach ($module->info_tag_transform as $k => $v) { + if ($v === false) { + unset($this->info_tag_transform[$k]); + } else { + $this->info_tag_transform[$k] = $v; + } } - foreach($module->info_attr_transform_pre as $k => $v) { - if ($v === false) unset($this->info_attr_transform_pre[$k]); - else $this->info_attr_transform_pre[$k] = $v; + foreach ($module->info_attr_transform_pre as $k => $v) { + if ($v === false) { + unset($this->info_attr_transform_pre[$k]); + } else { + $this->info_attr_transform_pre[$k] = $v; + } } - foreach($module->info_attr_transform_post as $k => $v) { - if ($v === false) unset($this->info_attr_transform_post[$k]); - else $this->info_attr_transform_post[$k] = $v; + foreach ($module->info_attr_transform_post as $k => $v) { + if ($v === false) { + unset($this->info_attr_transform_post[$k]); + } else { + $this->info_attr_transform_post[$k] = $v; + } } foreach ($module->info_injector as $k => $v) { - if ($v === false) unset($this->info_injector[$k]); - else $this->info_injector[$k] = $v; + if ($v === false) { + unset($this->info_injector[$k]); + } else { + $this->info_injector[$k] = $v; + } } } - $this->info = $this->manager->getElements(); $this->info_content_sets = $this->manager->contentSets->lookup; - } /** * Sets up stuff based on config. We need a better way of doing this. + * @param HTMLPurifier_Config $config */ - protected function setupConfigStuff($config) { - + protected function setupConfigStuff($config) + { $block_wrapper = $config->get('HTML.BlockWrapper'); if (isset($this->info_content_sets['Block'][$block_wrapper])) { $this->info_block_wrapper = $block_wrapper; } else { - trigger_error('Cannot use non-block element as block wrapper', - E_USER_ERROR); + trigger_error( + 'Cannot use non-block element as block wrapper', + E_USER_ERROR + ); } $parent = $config->get('HTML.Parent'); @@ -233,14 +276,15 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $this->info_parent = $parent; $this->info_parent_def = $def; } else { - trigger_error('Cannot use unrecognized element as parent', - E_USER_ERROR); + trigger_error( + 'Cannot use unrecognized element as parent', + E_USER_ERROR + ); $this->info_parent_def = $this->manager->getElement($this->info_parent, true); } // support template text - $support = "(for information on implementing this, see the ". - "support forums) "; + $support = "(for information on implementing this, see the support forums) "; // setup allowed elements ----------------------------------------- @@ -256,7 +300,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition if (is_array($allowed_elements)) { foreach ($this->info as $name => $d) { - if(!isset($allowed_elements[$name])) unset($this->info[$name]); + if (!isset($allowed_elements[$name])) { + unset($this->info[$name]); + } unset($allowed_elements[$name]); } // emit errors @@ -270,7 +316,6 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $allowed_attributes_mutable = $allowed_attributes; // by copy! if (is_array($allowed_attributes)) { - // This actually doesn't do anything, since we went away from // global attributes. It's possible that userland code uses // it, but HTMLModuleManager doesn't! @@ -285,7 +330,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition unset($allowed_attributes_mutable[$key]); } } - if ($delete) unset($this->info_global_attr[$attr]); + if ($delete) { + unset($this->info_global_attr[$attr]); + } } foreach ($this->info as $tag => $info) { @@ -300,7 +347,16 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition unset($allowed_attributes_mutable[$key]); } } - if ($delete) unset($this->info[$tag]->attr[$attr]); + if ($delete) { + if ($this->info[$tag]->attr[$attr]->required) { + trigger_error( + "Required attribute '$attr' in element '$tag' " . + "was not allowed, which means '$tag' will not be allowed either", + E_USER_WARNING + ); + } + unset($this->info[$tag]->attr[$attr]); + } } } // emit errors @@ -313,23 +369,29 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $element = htmlspecialchars($bits[0]); $attribute = htmlspecialchars($bits[1]); if (!isset($this->info[$element])) { - trigger_error("Cannot allow attribute '$attribute' if element '$element' is not allowed/supported $support"); + trigger_error( + "Cannot allow attribute '$attribute' if element " . + "'$element' is not allowed/supported $support" + ); } else { - trigger_error("Attribute '$attribute' in element '$element' not supported $support", - E_USER_WARNING); + trigger_error( + "Attribute '$attribute' in element '$element' not supported $support", + E_USER_WARNING + ); } break; } // otherwise fall through case 1: $attribute = htmlspecialchars($bits[0]); - trigger_error("Global attribute '$attribute' is not ". + trigger_error( + "Global attribute '$attribute' is not ". "supported in any elements $support", - E_USER_WARNING); + E_USER_WARNING + ); break; } } - } // setup forbidden elements --------------------------------------- @@ -343,25 +405,34 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition continue; } foreach ($info->attr as $attr => $x) { - if ( - isset($forbidden_attributes["$tag@$attr"]) || + if (isset($forbidden_attributes["$tag@$attr"]) || isset($forbidden_attributes["*@$attr"]) || isset($forbidden_attributes[$attr]) ) { unset($this->info[$tag]->attr[$attr]); continue; - } // this segment might get removed eventually - elseif (isset($forbidden_attributes["$tag.$attr"])) { + } elseif (isset($forbidden_attributes["$tag.$attr"])) { // this segment might get removed eventually // $tag.$attr are not user supplied, so no worries! - trigger_error("Error with $tag.$attr: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead", E_USER_WARNING); + trigger_error( + "Error with $tag.$attr: tag.attr syntax not supported for " . + "HTML.ForbiddenAttributes; use tag@attr instead", + E_USER_WARNING + ); } } } foreach ($forbidden_attributes as $key => $v) { - if (strlen($key) < 2) continue; - if ($key[0] != '*') continue; + if (strlen($key) < 2) { + continue; + } + if ($key[0] != '*') { + continue; + } if ($key[1] == '.') { - trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING); + trigger_error( + "Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", + E_USER_WARNING + ); } } @@ -380,12 +451,12 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition * separate lists for processing. Format is element[attr1|attr2],element2... * @warning Although it's largely drawn from TinyMCE's implementation, * it is different, and you'll probably have to modify your lists - * @param $list String list to parse - * @param array($allowed_elements, $allowed_attributes) + * @param array $list String list to parse + * @return array * @todo Give this its own class, probably static interface */ - public function parseTinyMCEAllowedList($list) { - + public function parseTinyMCEAllowedList($list) + { $list = str_replace(array(' ', "\t"), '', $list); $elements = array(); @@ -393,7 +464,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $chunks = preg_split('/(,|[\n\r]+)/', $list); foreach ($chunks as $chunk) { - if (empty($chunk)) continue; + if (empty($chunk)) { + continue; + } // remove TinyMCE element control characters if (!strpos($chunk, '[')) { $element = $chunk; @@ -401,20 +474,20 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition } else { list($element, $attr) = explode('[', $chunk); } - if ($element !== '*') $elements[$element] = true; - if (!$attr) continue; + if ($element !== '*') { + $elements[$element] = true; + } + if (!$attr) { + continue; + } $attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ] $attr = explode('|', $attr); foreach ($attr as $key) { $attributes["$element.$key"] = true; } } - return array($elements, $attributes); - } - - } // vim: et sw=4 sts=4 |