aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/Injector
diff options
context:
space:
mode:
authorKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-18 17:50:05 +0100
committerKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-26 00:41:27 +0100
commitf718e2b0db0fe3477212a8dd6c3ec067f4432862 (patch)
tree8dfbd3b3d4bdcd967b50f1ee4655440bcdef5bb8 /library/HTMLPurifier/Injector
parent2115eb26a7fd2ca937286bd4e98ab74c7d6e9525 (diff)
downloadvolse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.gz
volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.bz2
volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.zip
:arrow_up: Update HTML Purifier library.
Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility. Used composer to manage this library.
Diffstat (limited to 'library/HTMLPurifier/Injector')
-rw-r--r--library/HTMLPurifier/Injector/AutoParagraph.php356
-rw-r--r--library/HTMLPurifier/Injector/DisplayLinkURI.php40
-rw-r--r--library/HTMLPurifier/Injector/Linkify.php59
-rw-r--r--library/HTMLPurifier/Injector/PurifierLinkify.php71
-rw-r--r--library/HTMLPurifier/Injector/RemoveEmpty.php101
-rw-r--r--library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php84
-rw-r--r--library/HTMLPurifier/Injector/SafeObject.php121
7 files changed, 0 insertions, 832 deletions
diff --git a/library/HTMLPurifier/Injector/AutoParagraph.php b/library/HTMLPurifier/Injector/AutoParagraph.php
deleted file mode 100644
index 4afdd128d..000000000
--- a/library/HTMLPurifier/Injector/AutoParagraph.php
+++ /dev/null
@@ -1,356 +0,0 @@
-<?php
-
-/**
- * Injector that auto paragraphs text in the root node based on
- * double-spacing.
- * @todo Ensure all states are unit tested, including variations as well.
- * @todo Make a graph of the flow control for this Injector.
- */
-class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'AutoParagraph';
-
- /**
- * @type array
- */
- public $needed = array('p');
-
- /**
- * @return HTMLPurifier_Token_Start
- */
- private function _pStart()
- {
- $par = new HTMLPurifier_Token_Start('p');
- $par->armor['MakeWellFormed_TagClosedError'] = true;
- return $par;
- }
-
- /**
- * @param HTMLPurifier_Token_Text $token
- */
- public function handleText(&$token)
- {
- $text = $token->data;
- // Does the current parent allow <p> tags?
- if ($this->allowsElement('p')) {
- if (empty($this->currentNesting) || strpos($text, "\n\n") !== false) {
- // Note that we have differing behavior when dealing with text
- // in the anonymous root node, or a node inside the document.
- // If the text as a double-newline, the treatment is the same;
- // if it doesn't, see the next if-block if you're in the document.
-
- $i = $nesting = null;
- if (!$this->forwardUntilEndToken($i, $current, $nesting) && $token->is_whitespace) {
- // State 1.1: ... ^ (whitespace, then document end)
- // ----
- // This is a degenerate case
- } else {
- if (!$token->is_whitespace || $this->_isInline($current)) {
- // State 1.2: PAR1
- // ----
-
- // State 1.3: PAR1\n\nPAR2
- // ------------
-
- // State 1.4: <div>PAR1\n\nPAR2 (see State 2)
- // ------------
- $token = array($this->_pStart());
- $this->_splitText($text, $token);
- } else {
- // State 1.5: \n<hr />
- // --
- }
- }
- } else {
- // State 2: <div>PAR1... (similar to 1.4)
- // ----
-
- // We're in an element that allows paragraph tags, but we're not
- // sure if we're going to need them.
- if ($this->_pLookAhead()) {
- // State 2.1: <div>PAR1<b>PAR1\n\nPAR2
- // ----
- // Note: This will always be the first child, since any
- // previous inline element would have triggered this very
- // same routine, and found the double newline. One possible
- // exception would be a comment.
- $token = array($this->_pStart(), $token);
- } else {
- // State 2.2.1: <div>PAR1<div>
- // ----
-
- // State 2.2.2: <div>PAR1<b>PAR1</b></div>
- // ----
- }
- }
- // Is the current parent a <p> tag?
- } elseif (!empty($this->currentNesting) &&
- $this->currentNesting[count($this->currentNesting) - 1]->name == 'p') {
- // State 3.1: ...<p>PAR1
- // ----
-
- // State 3.2: ...<p>PAR1\n\nPAR2
- // ------------
- $token = array();
- $this->_splitText($text, $token);
- // Abort!
- } else {
- // State 4.1: ...<b>PAR1
- // ----
-
- // State 4.2: ...<b>PAR1\n\nPAR2
- // ------------
- }
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleElement(&$token)
- {
- // We don't have to check if we're already in a <p> tag for block
- // tokens, because the tag would have been autoclosed by MakeWellFormed.
- if ($this->allowsElement('p')) {
- if (!empty($this->currentNesting)) {
- if ($this->_isInline($token)) {
- // State 1: <div>...<b>
- // ---
- // Check if this token is adjacent to the parent token
- // (seek backwards until token isn't whitespace)
- $i = null;
- $this->backward($i, $prev);
-
- if (!$prev instanceof HTMLPurifier_Token_Start) {
- // Token wasn't adjacent
- if ($prev instanceof HTMLPurifier_Token_Text &&
- substr($prev->data, -2) === "\n\n"
- ) {
- // State 1.1.4: <div><p>PAR1</p>\n\n<b>
- // ---
- // Quite frankly, this should be handled by splitText
- $token = array($this->_pStart(), $token);
- } else {
- // State 1.1.1: <div><p>PAR1</p><b>
- // ---
- // State 1.1.2: <div><br /><b>
- // ---
- // State 1.1.3: <div>PAR<b>
- // ---
- }
- } else {
- // State 1.2.1: <div><b>
- // ---
- // Lookahead to see if <p> is needed.
- if ($this->_pLookAhead()) {
- // State 1.3.1: <div><b>PAR1\n\nPAR2
- // ---
- $token = array($this->_pStart(), $token);
- } else {
- // State 1.3.2: <div><b>PAR1</b></div>
- // ---
-
- // State 1.3.3: <div><b>PAR1</b><div></div>\n\n</div>
- // ---
- }
- }
- } else {
- // State 2.3: ...<div>
- // -----
- }
- } else {
- if ($this->_isInline($token)) {
- // State 3.1: <b>
- // ---
- // This is where the {p} tag is inserted, not reflected in
- // inputTokens yet, however.
- $token = array($this->_pStart(), $token);
- } else {
- // State 3.2: <div>
- // -----
- }
-
- $i = null;
- if ($this->backward($i, $prev)) {
- if (!$prev instanceof HTMLPurifier_Token_Text) {
- // State 3.1.1: ...</p>{p}<b>
- // ---
- // State 3.2.1: ...</p><div>
- // -----
- if (!is_array($token)) {
- $token = array($token);
- }
- array_unshift($token, new HTMLPurifier_Token_Text("\n\n"));
- } else {
- // State 3.1.2: ...</p>\n\n{p}<b>
- // ---
- // State 3.2.2: ...</p>\n\n<div>
- // -----
- // Note: PAR<ELEM> cannot occur because PAR would have been
- // wrapped in <p> tags.
- }
- }
- }
- } else {
- // State 2.2: <ul><li>
- // ----
- // State 2.4: <p><b>
- // ---
- }
- }
-
- /**
- * Splits up a text in paragraph tokens and appends them
- * to the result stream that will replace the original
- * @param string $data String text data that will be processed
- * into paragraphs
- * @param HTMLPurifier_Token[] $result Reference to array of tokens that the
- * tags will be appended onto
- */
- private function _splitText($data, &$result)
- {
- $raw_paragraphs = explode("\n\n", $data);
- $paragraphs = array(); // without empty paragraphs
- $needs_start = false;
- $needs_end = false;
-
- $c = count($raw_paragraphs);
- if ($c == 1) {
- // There were no double-newlines, abort quickly. In theory this
- // should never happen.
- $result[] = new HTMLPurifier_Token_Text($data);
- return;
- }
- for ($i = 0; $i < $c; $i++) {
- $par = $raw_paragraphs[$i];
- if (trim($par) !== '') {
- $paragraphs[] = $par;
- } else {
- if ($i == 0) {
- // Double newline at the front
- if (empty($result)) {
- // The empty result indicates that the AutoParagraph
- // injector did not add any start paragraph tokens.
- // This means that we have been in a paragraph for
- // a while, and the newline means we should start a new one.
- $result[] = new HTMLPurifier_Token_End('p');
- $result[] = new HTMLPurifier_Token_Text("\n\n");
- // However, the start token should only be added if
- // there is more processing to be done (i.e. there are
- // real paragraphs in here). If there are none, the
- // next start paragraph tag will be handled by the
- // next call to the injector
- $needs_start = true;
- } else {
- // We just started a new paragraph!
- // Reinstate a double-newline for presentation's sake, since
- // it was in the source code.
- array_unshift($result, new HTMLPurifier_Token_Text("\n\n"));
- }
- } elseif ($i + 1 == $c) {
- // Double newline at the end
- // There should be a trailing </p> when we're finally done.
- $needs_end = true;
- }
- }
- }
-
- // Check if this was just a giant blob of whitespace. Move this earlier,
- // perhaps?
- if (empty($paragraphs)) {
- return;
- }
-
- // Add the start tag indicated by \n\n at the beginning of $data
- if ($needs_start) {
- $result[] = $this->_pStart();
- }
-
- // Append the paragraphs onto the result
- foreach ($paragraphs as $par) {
- $result[] = new HTMLPurifier_Token_Text($par);
- $result[] = new HTMLPurifier_Token_End('p');
- $result[] = new HTMLPurifier_Token_Text("\n\n");
- $result[] = $this->_pStart();
- }
-
- // Remove trailing start token; Injector will handle this later if
- // it was indeed needed. This prevents from needing to do a lookahead,
- // at the cost of a lookbehind later.
- array_pop($result);
-
- // If there is no need for an end tag, remove all of it and let
- // MakeWellFormed close it later.
- if (!$needs_end) {
- array_pop($result); // removes \n\n
- array_pop($result); // removes </p>
- }
- }
-
- /**
- * Returns true if passed token is inline (and, ergo, allowed in
- * paragraph tags)
- * @param HTMLPurifier_Token $token
- * @return bool
- */
- private function _isInline($token)
- {
- return isset($this->htmlDefinition->info['p']->child->elements[$token->name]);
- }
-
- /**
- * Looks ahead in the token list and determines whether or not we need
- * to insert a <p> tag.
- * @return bool
- */
- private function _pLookAhead()
- {
- if ($this->currentToken instanceof HTMLPurifier_Token_Start) {
- $nesting = 1;
- } else {
- $nesting = 0;
- }
- $ok = false;
- $i = null;
- while ($this->forwardUntilEndToken($i, $current, $nesting)) {
- $result = $this->_checkNeedsP($current);
- if ($result !== null) {
- $ok = $result;
- break;
- }
- }
- return $ok;
- }
-
- /**
- * Determines if a particular token requires an earlier inline token
- * to get a paragraph. This should be used with _forwardUntilEndToken
- * @param HTMLPurifier_Token $current
- * @return bool
- */
- private function _checkNeedsP($current)
- {
- if ($current instanceof HTMLPurifier_Token_Start) {
- if (!$this->_isInline($current)) {
- // <div>PAR1<div>
- // ----
- // Terminate early, since we hit a block element
- return false;
- }
- } elseif ($current instanceof HTMLPurifier_Token_Text) {
- if (strpos($current->data, "\n\n") !== false) {
- // <div>PAR1<b>PAR1\n\nPAR2
- // ----
- return true;
- } else {
- // <div>PAR1<b>PAR1...
- // ----
- }
- }
- return null;
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/DisplayLinkURI.php b/library/HTMLPurifier/Injector/DisplayLinkURI.php
deleted file mode 100644
index c19b1bc27..000000000
--- a/library/HTMLPurifier/Injector/DisplayLinkURI.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-/**
- * Injector that displays the URL of an anchor instead of linking to it, in addition to showing the text of the link.
- */
-class HTMLPurifier_Injector_DisplayLinkURI extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'DisplayLinkURI';
-
- /**
- * @type array
- */
- public $needed = array('a');
-
- /**
- * @param $token
- */
- public function handleElement(&$token)
- {
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleEnd(&$token)
- {
- if (isset($token->start->attr['href'])) {
- $url = $token->start->attr['href'];
- unset($token->start->attr['href']);
- $token = array($token, new HTMLPurifier_Token_Text(" ($url)"));
- } else {
- // nothing to display
- }
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/Linkify.php b/library/HTMLPurifier/Injector/Linkify.php
deleted file mode 100644
index 069708c25..000000000
--- a/library/HTMLPurifier/Injector/Linkify.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-
-/**
- * Injector that converts http, https and ftp text URLs to actual links.
- */
-class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'Linkify';
-
- /**
- * @type array
- */
- public $needed = array('a' => array('href'));
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleText(&$token)
- {
- if (!$this->allowsElement('a')) {
- return;
- }
-
- if (strpos($token->data, '://') === false) {
- // our really quick heuristic failed, abort
- // this may not work so well if we want to match things like
- // "google.com", but then again, most people don't
- return;
- }
-
- // there is/are URL(s). Let's split the string:
- // Note: this regex is extremely permissive
- $bits = preg_split('#((?:https?|ftp)://[^\s\'",<>()]+)#Su', $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
-
-
- $token = array();
-
- // $i = index
- // $c = count
- // $l = is link
- for ($i = 0, $c = count($bits), $l = false; $i < $c; $i++, $l = !$l) {
- if (!$l) {
- if ($bits[$i] === '') {
- continue;
- }
- $token[] = new HTMLPurifier_Token_Text($bits[$i]);
- } else {
- $token[] = new HTMLPurifier_Token_Start('a', array('href' => $bits[$i]));
- $token[] = new HTMLPurifier_Token_Text($bits[$i]);
- $token[] = new HTMLPurifier_Token_End('a');
- }
- }
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/PurifierLinkify.php b/library/HTMLPurifier/Injector/PurifierLinkify.php
deleted file mode 100644
index cb9046f33..000000000
--- a/library/HTMLPurifier/Injector/PurifierLinkify.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * Injector that converts configuration directive syntax %Namespace.Directive
- * to links
- */
-class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'PurifierLinkify';
-
- /**
- * @type string
- */
- public $docURL;
-
- /**
- * @type array
- */
- public $needed = array('a' => array('href'));
-
- /**
- * @param HTMLPurifier_Config $config
- * @param HTMLPurifier_Context $context
- * @return string
- */
- public function prepare($config, $context)
- {
- $this->docURL = $config->get('AutoFormat.PurifierLinkify.DocURL');
- return parent::prepare($config, $context);
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleText(&$token)
- {
- if (!$this->allowsElement('a')) {
- return;
- }
- if (strpos($token->data, '%') === false) {
- return;
- }
-
- $bits = preg_split('#%([a-z0-9]+\.[a-z0-9]+)#Si', $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
- $token = array();
-
- // $i = index
- // $c = count
- // $l = is link
- for ($i = 0, $c = count($bits), $l = false; $i < $c; $i++, $l = !$l) {
- if (!$l) {
- if ($bits[$i] === '') {
- continue;
- }
- $token[] = new HTMLPurifier_Token_Text($bits[$i]);
- } else {
- $token[] = new HTMLPurifier_Token_Start(
- 'a',
- array('href' => str_replace('%s', $bits[$i], $this->docURL))
- );
- $token[] = new HTMLPurifier_Token_Text('%' . $bits[$i]);
- $token[] = new HTMLPurifier_Token_End('a');
- }
- }
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/RemoveEmpty.php b/library/HTMLPurifier/Injector/RemoveEmpty.php
deleted file mode 100644
index cd885722e..000000000
--- a/library/HTMLPurifier/Injector/RemoveEmpty.php
+++ /dev/null
@@ -1,101 +0,0 @@
-<?php
-
-class HTMLPurifier_Injector_RemoveEmpty extends HTMLPurifier_Injector
-{
- /**
- * @type HTMLPurifier_Context
- */
- private $context;
-
- /**
- * @type HTMLPurifier_Config
- */
- private $config;
-
- /**
- * @type HTMLPurifier_AttrValidator
- */
- private $attrValidator;
-
- /**
- * @type bool
- */
- private $removeNbsp;
-
- /**
- * @type bool
- */
- private $removeNbspExceptions;
-
- /**
- * @type array
- * TODO: make me configurable
- */
- private $_exclude = array('colgroup' => 1, 'th' => 1, 'td' => 1, 'iframe' => 1);
-
- /**
- * @param HTMLPurifier_Config $config
- * @param HTMLPurifier_Context $context
- * @return void
- */
- public function prepare($config, $context)
- {
- parent::prepare($config, $context);
- $this->config = $config;
- $this->context = $context;
- $this->removeNbsp = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp');
- $this->removeNbspExceptions = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions');
- $this->attrValidator = new HTMLPurifier_AttrValidator();
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleElement(&$token)
- {
- if (!$token instanceof HTMLPurifier_Token_Start) {
- return;
- }
- $next = false;
- $deleted = 1; // the current tag
- for ($i = count($this->inputZipper->back) - 1; $i >= 0; $i--, $deleted++) {
- $next = $this->inputZipper->back[$i];
- if ($next instanceof HTMLPurifier_Token_Text) {
- if ($next->is_whitespace) {
- continue;
- }
- if ($this->removeNbsp && !isset($this->removeNbspExceptions[$token->name])) {
- $plain = str_replace("\xC2\xA0", "", $next->data);
- $isWsOrNbsp = $plain === '' || ctype_space($plain);
- if ($isWsOrNbsp) {
- continue;
- }
- }
- }
- break;
- }
- if (!$next || ($next instanceof HTMLPurifier_Token_End && $next->name == $token->name)) {
- if (isset($this->_exclude[$token->name])) {
- return;
- }
- $this->attrValidator->validateToken($token, $this->config, $this->context);
- $token->armor['ValidateAttributes'] = true;
- if (isset($token->attr['id']) || isset($token->attr['name'])) {
- return;
- }
- $token = $deleted + 1;
- for ($b = 0, $c = count($this->inputZipper->front); $b < $c; $b++) {
- $prev = $this->inputZipper->front[$b];
- if ($prev instanceof HTMLPurifier_Token_Text && $prev->is_whitespace) {
- continue;
- }
- break;
- }
- // This is safe because we removed the token that triggered this.
- $this->rewindOffset($b+$deleted);
- return;
- }
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php b/library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
deleted file mode 100644
index 9ee7aa84d..000000000
--- a/library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-/**
- * Injector that removes spans with no attributes
- */
-class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'RemoveSpansWithoutAttributes';
-
- /**
- * @type array
- */
- public $needed = array('span');
-
- /**
- * @type HTMLPurifier_AttrValidator
- */
- private $attrValidator;
-
- /**
- * Used by AttrValidator.
- * @type HTMLPurifier_Config
- */
- private $config;
-
- /**
- * @type HTMLPurifier_Context
- */
- private $context;
-
- public function prepare($config, $context)
- {
- $this->attrValidator = new HTMLPurifier_AttrValidator();
- $this->config = $config;
- $this->context = $context;
- return parent::prepare($config, $context);
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleElement(&$token)
- {
- if ($token->name !== 'span' || !$token instanceof HTMLPurifier_Token_Start) {
- return;
- }
-
- // We need to validate the attributes now since this doesn't normally
- // happen until after MakeWellFormed. If all the attributes are removed
- // the span needs to be removed too.
- $this->attrValidator->validateToken($token, $this->config, $this->context);
- $token->armor['ValidateAttributes'] = true;
-
- if (!empty($token->attr)) {
- return;
- }
-
- $nesting = 0;
- while ($this->forwardUntilEndToken($i, $current, $nesting)) {
- }
-
- if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
- // Mark closing span tag for deletion
- $current->markForDeletion = true;
- // Delete open span tag
- $token = false;
- }
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleEnd(&$token)
- {
- if ($token->markForDeletion) {
- $token = false;
- }
- }
-}
-
-// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/Injector/SafeObject.php b/library/HTMLPurifier/Injector/SafeObject.php
deleted file mode 100644
index 3d17e07af..000000000
--- a/library/HTMLPurifier/Injector/SafeObject.php
+++ /dev/null
@@ -1,121 +0,0 @@
-<?php
-
-/**
- * Adds important param elements to inside of object in order to make
- * things safe.
- */
-class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
-{
- /**
- * @type string
- */
- public $name = 'SafeObject';
-
- /**
- * @type array
- */
- public $needed = array('object', 'param');
-
- /**
- * @type array
- */
- protected $objectStack = array();
-
- /**
- * @type array
- */
- protected $paramStack = array();
-
- /**
- * Keep this synchronized with AttrTransform/SafeParam.php.
- * @type array
- */
- protected $addParam = array(
- 'allowScriptAccess' => 'never',
- 'allowNetworking' => 'internal',
- );
-
- /**
- * @type array
- */
- protected $allowedParam = array(
- 'wmode' => true,
- 'movie' => true,
- 'flashvars' => true,
- 'src' => true,
- 'allowFullScreen' => true, // if omitted, assume to be 'false'
- );
-
- /**
- * @param HTMLPurifier_Config $config
- * @param HTMLPurifier_Context $context
- * @return void
- */
- public function prepare($config, $context)
- {
- parent::prepare($config, $context);
- }
-
- /**
- * @param HTMLPurifier_Token $token
- */
- public function handleElement(&$token)
- {
- if ($token->name == 'object') {
- $this->objectStack[] = $token;
- $this->paramStack[] = array();
- $new = array($token);
- foreach ($this->addParam as $name => $value) {
- $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
- }
- $token = $new;
- } elseif ($token->name == 'param') {
- $nest = count($this->currentNesting) - 1;
- if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
- $i = count($this->objectStack) - 1;
- if (!isset($token->attr['name'])) {
- $token = false;
- return;
- }
- $n = $token->attr['name'];
- // We need this fix because YouTube doesn't supply a data
- // attribute, which we need if a type is specified. This is
- // *very* Flash specific.
- if (!isset($this->objectStack[$i]->attr['data']) &&
- ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
- ) {
- $this->objectStack[$i]->attr['data'] = $token->attr['value'];
- }
- // Check if the parameter is the correct value but has not
- // already been added
- if (!isset($this->paramStack[$i][$n]) &&
- isset($this->addParam[$n]) &&
- $token->attr['name'] === $this->addParam[$n]) {
- // keep token, and add to param stack
- $this->paramStack[$i][$n] = true;
- } elseif (isset($this->allowedParam[$n])) {
- // keep token, don't do anything to it
- // (could possibly check for duplicates here)
- } else {
- $token = false;
- }
- } else {
- // not directly inside an object, DENY!
- $token = false;
- }
- }
- }
-
- public function handleEnd(&$token)
- {
- // This is the WRONG way of handling the object and param stacks;
- // we should be inserting them directly on the relevant object tokens
- // so that the global stack handling handles it.
- if ($token->name == 'object') {
- array_pop($this->objectStack);
- array_pop($this->paramStack);
- }
- }
-}
-
-// vim: et sw=4 sts=4