diff options
Diffstat (limited to 'library/HTMLPurifier/AttrDef/HTML')
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Bool.php | 35 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Class.php | 22 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Color.php | 45 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/FrameTarget.php | 25 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/ID.php | 71 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Length.php | 41 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/LinkTypes.php | 43 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/MultiLength.php | 51 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Nmtokens.php | 40 | ||||
| -rw-r--r-- | library/HTMLPurifier/AttrDef/HTML/Pixels.php | 60 |
10 files changed, 320 insertions, 113 deletions
diff --git a/library/HTMLPurifier/AttrDef/HTML/Bool.php b/library/HTMLPurifier/AttrDef/HTML/Bool.php index e06987eb8..036a240e1 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Bool.php +++ b/library/HTMLPurifier/AttrDef/HTML/Bool.php @@ -6,23 +6,46 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef { + /** + * @type bool + */ protected $name; + + /** + * @type bool + */ public $minimized = true; - public function __construct($name = false) {$this->name = $name;} + /** + * @param bool $name + */ + public function __construct($name = false) + { + $this->name = $name; + } - public function validate($string, $config, $context) { - if (empty($string)) return false; + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { + if (empty($string)) { + return false; + } return $this->name; } /** - * @param $string Name of attribute + * @param string $string Name of attribute + * @return HTMLPurifier_AttrDef_HTML_Bool */ - public function make($string) { + public function make($string) + { return new HTMLPurifier_AttrDef_HTML_Bool($string); } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/Class.php b/library/HTMLPurifier/AttrDef/HTML/Class.php index 370068d97..d5013488f 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Class.php +++ b/library/HTMLPurifier/AttrDef/HTML/Class.php @@ -5,7 +5,14 @@ */ class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens { - protected function split($string, $config, $context) { + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + protected function split($string, $config, $context) + { // really, this twiddle should be lazy loaded $name = $config->getDefinition('HTML')->doctype->name; if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { @@ -14,13 +21,20 @@ class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens return preg_split('/\s+/', $string); } } - protected function filter($tokens, $config, $context) { + + /** + * @param array $tokens + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return array + */ + protected function filter($tokens, $config, $context) + { $allowed = $config->get('Attr.AllowedClasses'); $forbidden = $config->get('Attr.ForbiddenClasses'); $ret = array(); foreach ($tokens as $token) { - if ( - ($allowed === null || isset($allowed[$token])) && + if (($allowed === null || isset($allowed[$token])) && !isset($forbidden[$token]) && // We need this O(n) check because of PHP's array // implementation that casts -0 to 0. diff --git a/library/HTMLPurifier/AttrDef/HTML/Color.php b/library/HTMLPurifier/AttrDef/HTML/Color.php index d01e20454..946ebb782 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Color.php +++ b/library/HTMLPurifier/AttrDef/HTML/Color.php @@ -6,27 +6,46 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef { - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { static $colors = null; - if ($colors === null) $colors = $config->get('Core.ColorKeywords'); + if ($colors === null) { + $colors = $config->get('Core.ColorKeywords'); + } $string = trim($string); - if (empty($string)) return false; - if (isset($colors[$string])) return $colors[$string]; - if ($string[0] === '#') $hex = substr($string, 1); - else $hex = $string; + if (empty($string)) { + return false; + } + $lower = strtolower($string); + if (isset($colors[$lower])) { + return $colors[$lower]; + } + if ($string[0] === '#') { + $hex = substr($string, 1); + } else { + $hex = $string; + } $length = strlen($hex); - if ($length !== 3 && $length !== 6) return false; - if (!ctype_xdigit($hex)) return false; - if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; - + if ($length !== 3 && $length !== 6) { + return false; + } + if (!ctype_xdigit($hex)) { + return false; + } + if ($length === 3) { + $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2]; + } return "#$hex"; - } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php index ae6ea7c01..d79ba12b3 100644 --- a/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php +++ b/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php @@ -6,16 +6,33 @@ class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum { + /** + * @type array + */ public $valid_values = false; // uninitialized value + + /** + * @type bool + */ protected $case_sensitive = false; - public function __construct() {} + public function __construct() + { + } - public function validate($string, $config, $context) { - if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { + if ($this->valid_values === false) { + $this->valid_values = $config->get('Attr.AllowedFrameTargets'); + } return parent::validate($string, $config, $context); } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/ID.php b/library/HTMLPurifier/AttrDef/HTML/ID.php index 81d03762d..3d86efb44 100644 --- a/library/HTMLPurifier/AttrDef/HTML/ID.php +++ b/library/HTMLPurifier/AttrDef/HTML/ID.php @@ -12,42 +12,77 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef { - // ref functionality disabled, since we also have to verify - // whether or not the ID it refers to exists - - public function validate($id, $config, $context) { + // selector is NOT a valid thing to use for IDREFs, because IDREFs + // *must* target IDs that exist, whereas selector #ids do not. + + /** + * Determines whether or not we're validating an ID in a CSS + * selector context. + * @type bool + */ + protected $selector; + + /** + * @param bool $selector + */ + public function __construct($selector = false) + { + $this->selector = $selector; + } - if (!$config->get('Attr.EnableID')) return false; + /** + * @param string $id + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($id, $config, $context) + { + if (!$this->selector && !$config->get('Attr.EnableID')) { + return false; + } $id = trim($id); // trim it first - if ($id === '') return false; + if ($id === '') { + return false; + } $prefix = $config->get('Attr.IDPrefix'); if ($prefix !== '') { $prefix .= $config->get('Attr.IDPrefixLocal'); // prevent re-appending the prefix - if (strpos($id, $prefix) !== 0) $id = $prefix . $id; + if (strpos($id, $prefix) !== 0) { + $id = $prefix . $id; + } } elseif ($config->get('Attr.IDPrefixLocal') !== '') { - trigger_error('%Attr.IDPrefixLocal cannot be used unless '. - '%Attr.IDPrefix is set', E_USER_WARNING); + trigger_error( + '%Attr.IDPrefixLocal cannot be used unless ' . + '%Attr.IDPrefix is set', + E_USER_WARNING + ); } - //if (!$this->ref) { + if (!$this->selector) { $id_accumulator =& $context->get('IDAccumulator'); - if (isset($id_accumulator->ids[$id])) return false; - //} + if (isset($id_accumulator->ids[$id])) { + return false; + } + } // we purposely avoid using regex, hopefully this is faster if (ctype_alpha($id)) { $result = true; } else { - if (!ctype_alpha(@$id[0])) return false; - $trim = trim( // primitive style of regexps, I suppose + if (!ctype_alpha(@$id[0])) { + return false; + } + // primitive style of regexps, I suppose + $trim = trim( $id, 'A..Za..z0..9:-._' - ); + ); $result = ($trim === ''); } @@ -56,15 +91,15 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef return false; } - if (/*!$this->ref && */$result) $id_accumulator->add($id); + if (!$this->selector && $result) { + $id_accumulator->add($id); + } // if no change was made to the ID, return the result // else, return the new id if stripping whitespace made it // valid, or return false. return $result ? $id : false; - } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/Length.php b/library/HTMLPurifier/AttrDef/HTML/Length.php index a242f9c23..1c4006fbb 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Length.php +++ b/library/HTMLPurifier/AttrDef/HTML/Length.php @@ -10,32 +10,47 @@ class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels { - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { $string = trim($string); - if ($string === '') return false; + if ($string === '') { + return false; + } $parent_result = parent::validate($string, $config, $context); - if ($parent_result !== false) return $parent_result; + if ($parent_result !== false) { + return $parent_result; + } $length = strlen($string); $last_char = $string[$length - 1]; - if ($last_char !== '%') return false; + if ($last_char !== '%') { + return false; + } $points = substr($string, 0, $length - 1); - if (!is_numeric($points)) return false; - - $points = (int) $points; + if (!is_numeric($points)) { + return false; + } - if ($points < 0) return '0%'; - if ($points > 100) return '100%'; - - return ((string) $points) . '%'; + $points = (int)$points; + if ($points < 0) { + return '0%'; + } + if ($points > 100) { + return '100%'; + } + return ((string)$points) . '%'; } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php index 76d25ed08..63fa04c15 100644 --- a/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php +++ b/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php @@ -9,26 +9,44 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef { - /** Name config attribute to pull. */ + /** + * Name config attribute to pull. + * @type string + */ protected $name; - public function __construct($name) { + /** + * @param string $name + */ + public function __construct($name) + { $configLookup = array( 'rel' => 'AllowedRel', 'rev' => 'AllowedRev' ); if (!isset($configLookup[$name])) { - trigger_error('Unrecognized attribute name for link '. - 'relationship.', E_USER_ERROR); + trigger_error( + 'Unrecognized attribute name for link ' . + 'relationship.', + E_USER_ERROR + ); return; } $this->name = $configLookup[$name]; } - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { $allowed = $config->get('Attr.' . $this->name); - if (empty($allowed)) return false; + if (empty($allowed)) { + return false; + } $string = $this->parseCDATA($string); $parts = explode(' ', $string); @@ -37,17 +55,18 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef $ret_lookup = array(); foreach ($parts as $part) { $part = strtolower(trim($part)); - if (!isset($allowed[$part])) continue; + if (!isset($allowed[$part])) { + continue; + } $ret_lookup[$part] = true; } - if (empty($ret_lookup)) return false; + if (empty($ret_lookup)) { + return false; + } $string = implode(' ', array_keys($ret_lookup)); - return $string; - } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/MultiLength.php b/library/HTMLPurifier/AttrDef/HTML/MultiLength.php index c72fc76e4..bbb20f2f8 100644 --- a/library/HTMLPurifier/AttrDef/HTML/MultiLength.php +++ b/library/HTMLPurifier/AttrDef/HTML/MultiLength.php @@ -9,33 +9,52 @@ class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length { - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { $string = trim($string); - if ($string === '') return false; + if ($string === '') { + return false; + } $parent_result = parent::validate($string, $config, $context); - if ($parent_result !== false) return $parent_result; + if ($parent_result !== false) { + return $parent_result; + } $length = strlen($string); $last_char = $string[$length - 1]; - if ($last_char !== '*') return false; + if ($last_char !== '*') { + return false; + } $int = substr($string, 0, $length - 1); - if ($int == '') return '*'; - if (!is_numeric($int)) return false; - - $int = (int) $int; - - if ($int < 0) return false; - if ($int == 0) return '0'; - if ($int == 1) return '*'; - return ((string) $int) . '*'; - + if ($int == '') { + return '*'; + } + if (!is_numeric($int)) { + return false; + } + + $int = (int)$int; + if ($int < 0) { + return false; + } + if ($int == 0) { + return '0'; + } + if ($int == 1) { + return '*'; + } + return ((string)$int) . '*'; } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php index aa34120bd..f79683b4f 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php +++ b/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php @@ -6,24 +6,38 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef { - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { $string = trim($string); // early abort: '' and '0' (strings that convert to false) are invalid - if (!$string) return false; + if (!$string) { + return false; + } $tokens = $this->split($string, $config, $context); $tokens = $this->filter($tokens, $config, $context); - if (empty($tokens)) return false; + if (empty($tokens)) { + return false; + } return implode(' ', $tokens); - } /** * Splits a space separated list of tokens into its constituent parts. + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return array */ - protected function split($string, $config, $context) { + protected function split($string, $config, $context) + { // OPTIMIZABLE! // do the preg_match, capture all subpatterns for reformulation @@ -31,9 +45,9 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef // escaping because I don't know how to do that with regexps // and plus it would complicate optimization efforts (you never // see that anyway). - $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start - '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. - '(?:(?=\s)|\z)/'; // look ahead for space or string end + $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start + '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' . + '(?:(?=\s)|\z)/'; // look ahead for space or string end preg_match_all($pattern, $string, $matches); return $matches[1]; } @@ -42,11 +56,15 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef * Template method for removing certain tokens based on arbitrary criteria. * @note If we wanted to be really functional, we'd do an array_filter * with a callback. But... we're not. + * @param array $tokens + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return array */ - protected function filter($tokens, $config, $context) { + protected function filter($tokens, $config, $context) + { return $tokens; } - } // vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/AttrDef/HTML/Pixels.php b/library/HTMLPurifier/AttrDef/HTML/Pixels.php index 4cb2c1b85..a1d019e09 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Pixels.php +++ b/library/HTMLPurifier/AttrDef/HTML/Pixels.php @@ -6,43 +6,71 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef { + /** + * @type int + */ protected $max; - public function __construct($max = null) { + /** + * @param int $max + */ + public function __construct($max = null) + { $this->max = $max; } - public function validate($string, $config, $context) { - + /** + * @param string $string + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool|string + */ + public function validate($string, $config, $context) + { $string = trim($string); - if ($string === '0') return $string; - if ($string === '') return false; + if ($string === '0') { + return $string; + } + if ($string === '') { + return false; + } $length = strlen($string); if (substr($string, $length - 2) == 'px') { $string = substr($string, 0, $length - 2); } - if (!is_numeric($string)) return false; - $int = (int) $string; + if (!is_numeric($string)) { + return false; + } + $int = (int)$string; - if ($int < 0) return '0'; + if ($int < 0) { + return '0'; + } // upper-bound value, extremely high values can // crash operating systems, see <http://ha.ckers.org/imagecrash.html> // WARNING, above link WILL crash you if you're using Windows - if ($this->max !== null && $int > $this->max) return (string) $this->max; - - return (string) $int; - + if ($this->max !== null && $int > $this->max) { + return (string)$this->max; + } + return (string)$int; } - public function make($string) { - if ($string === '') $max = null; - else $max = (int) $string; + /** + * @param string $string + * @return HTMLPurifier_AttrDef + */ + public function make($string) + { + if ($string === '') { + $max = null; + } else { + $max = (int)$string; + } $class = get_class($this); return new $class($max); } - } // vim: et sw=4 sts=4 |