aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/HTMLDefinition.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/HTMLPurifier/HTMLDefinition.php')
-rw-r--r--library/HTMLPurifier/HTMLDefinition.php211
1 files changed, 142 insertions, 69 deletions
diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php
index c99ac11eb..9b7b334dd 100644
--- a/library/HTMLPurifier/HTMLDefinition.php
+++ b/library/HTMLPurifier/HTMLDefinition.php
@@ -29,60 +29,71 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
// FULLY-PUBLIC VARIABLES ---------------------------------------------
/**
- * Associative array of element names to HTMLPurifier_ElementDef
+ * Associative array of element names to HTMLPurifier_ElementDef.
+ * @type HTMLPurifier_ElementDef[]
*/
public $info = array();
/**
* Associative array of global attribute name to attribute definition.
+ * @type array
*/
public $info_global_attr = array();
/**
* String name of parent element HTML will be going into.
+ * @type string
*/
public $info_parent = 'div';
/**
* Definition for parent element, allows parent element to be a
* tag that's not allowed inside the HTML fragment.
+ * @type HTMLPurifier_ElementDef
*/
public $info_parent_def;
/**
- * String name of element used to wrap inline elements in block context
+ * String name of element used to wrap inline elements in block context.
+ * @type string
* @note This is rarely used except for BLOCKQUOTEs in strict mode
*/
public $info_block_wrapper = 'p';
/**
- * Associative array of deprecated tag name to HTMLPurifier_TagTransform
+ * Associative array of deprecated tag name to HTMLPurifier_TagTransform.
+ * @type array
*/
public $info_tag_transform = array();
/**
* Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
+ * @type HTMLPurifier_AttrTransform[]
*/
public $info_attr_transform_pre = array();
/**
* Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
+ * @type HTMLPurifier_AttrTransform[]
*/
public $info_attr_transform_post = array();
/**
* Nested lookup array of content set name (Block, Inline) to
* element name to whether or not it belongs in that content set.
+ * @type array
*/
public $info_content_sets = array();
/**
* Indexed list of HTMLPurifier_Injector to be used.
+ * @type HTMLPurifier_Injector[]
*/
public $info_injector = array();
/**
* Doctype object
+ * @type HTMLPurifier_Doctype
*/
public $doctype;
@@ -94,12 +105,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
* Adds a custom attribute to a pre-existing element
* @note This is strictly convenience, and does not have a corresponding
* method in HTMLPurifier_HTMLModule
- * @param $element_name String element name to add attribute to
- * @param $attr_name String name of attribute
- * @param $def Attribute definition, can be string or object, see
+ * @param string $element_name Element name to add attribute to
+ * @param string $attr_name Name of attribute
+ * @param mixed $def Attribute definition, can be string or object, see
* HTMLPurifier_AttrTypes for details
*/
- public function addAttribute($element_name, $attr_name, $def) {
+ public function addAttribute($element_name, $attr_name, $def)
+ {
$module = $this->getAnonymousModule();
if (!isset($module->info[$element_name])) {
$element = $module->addBlankElement($element_name);
@@ -111,10 +123,11 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
/**
* Adds a custom element to your HTML definition
- * @note See HTMLPurifier_HTMLModule::addElement for detailed
+ * @see HTMLPurifier_HTMLModule::addElement() for detailed
* parameter and return value descriptions.
*/
- public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array()) {
+ public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array())
+ {
$module = $this->getAnonymousModule();
// assume that if the user is calling this, the element
// is safe. This may not be a good idea
@@ -125,10 +138,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
/**
* Adds a blank element to your HTML definition, for overriding
* existing behavior
- * @note See HTMLPurifier_HTMLModule::addBlankElement for detailed
+ * @param string $element_name
+ * @return HTMLPurifier_ElementDef
+ * @see HTMLPurifier_HTMLModule::addBlankElement() for detailed
* parameter and return value descriptions.
*/
- public function addBlankElement($element_name) {
+ public function addBlankElement($element_name)
+ {
$module = $this->getAnonymousModule();
$element = $module->addBlankElement($element_name);
return $element;
@@ -138,8 +154,10 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
* Retrieves a reference to the anonymous module, so you can
* bust out advanced features without having to make your own
* module.
+ * @return HTMLPurifier_HTMLModule
*/
- public function getAnonymousModule() {
+ public function getAnonymousModule()
+ {
if (!$this->_anonModule) {
$this->_anonModule = new HTMLPurifier_HTMLModule();
$this->_anonModule->name = 'Anonymous';
@@ -147,22 +165,33 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
return $this->_anonModule;
}
- private $_anonModule;
-
+ private $_anonModule = null;
// PUBLIC BUT INTERNAL VARIABLES --------------------------------------
+ /**
+ * @type string
+ */
public $type = 'HTML';
- public $manager; /**< Instance of HTMLPurifier_HTMLModuleManager */
+
+ /**
+ * @type HTMLPurifier_HTMLModuleManager
+ */
+ public $manager;
/**
* Performs low-cost, preliminary initialization.
*/
- public function __construct() {
+ public function __construct()
+ {
$this->manager = new HTMLPurifier_HTMLModuleManager();
}
- protected function doSetup($config) {
+ /**
+ * @param HTMLPurifier_Config $config
+ */
+ protected function doSetup($config)
+ {
$this->processModules($config);
$this->setupConfigStuff($config);
unset($this->manager);
@@ -176,9 +205,10 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
/**
* Extract out the information from the manager
+ * @param HTMLPurifier_Config $config
*/
- protected function processModules($config) {
-
+ protected function processModules($config)
+ {
if ($this->_anonModule) {
// for user specific changes
// this is late-loaded so we don't have to deal with PHP4
@@ -191,40 +221,53 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$this->doctype = $this->manager->doctype;
foreach ($this->manager->modules as $module) {
- foreach($module->info_tag_transform as $k => $v) {
- if ($v === false) unset($this->info_tag_transform[$k]);
- else $this->info_tag_transform[$k] = $v;
+ foreach ($module->info_tag_transform as $k => $v) {
+ if ($v === false) {
+ unset($this->info_tag_transform[$k]);
+ } else {
+ $this->info_tag_transform[$k] = $v;
+ }
}
- foreach($module->info_attr_transform_pre as $k => $v) {
- if ($v === false) unset($this->info_attr_transform_pre[$k]);
- else $this->info_attr_transform_pre[$k] = $v;
+ foreach ($module->info_attr_transform_pre as $k => $v) {
+ if ($v === false) {
+ unset($this->info_attr_transform_pre[$k]);
+ } else {
+ $this->info_attr_transform_pre[$k] = $v;
+ }
}
- foreach($module->info_attr_transform_post as $k => $v) {
- if ($v === false) unset($this->info_attr_transform_post[$k]);
- else $this->info_attr_transform_post[$k] = $v;
+ foreach ($module->info_attr_transform_post as $k => $v) {
+ if ($v === false) {
+ unset($this->info_attr_transform_post[$k]);
+ } else {
+ $this->info_attr_transform_post[$k] = $v;
+ }
}
foreach ($module->info_injector as $k => $v) {
- if ($v === false) unset($this->info_injector[$k]);
- else $this->info_injector[$k] = $v;
+ if ($v === false) {
+ unset($this->info_injector[$k]);
+ } else {
+ $this->info_injector[$k] = $v;
+ }
}
}
-
$this->info = $this->manager->getElements();
$this->info_content_sets = $this->manager->contentSets->lookup;
-
}
/**
* Sets up stuff based on config. We need a better way of doing this.
+ * @param HTMLPurifier_Config $config
*/
- protected function setupConfigStuff($config) {
-
+ protected function setupConfigStuff($config)
+ {
$block_wrapper = $config->get('HTML.BlockWrapper');
if (isset($this->info_content_sets['Block'][$block_wrapper])) {
$this->info_block_wrapper = $block_wrapper;
} else {
- trigger_error('Cannot use non-block element as block wrapper',
- E_USER_ERROR);
+ trigger_error(
+ 'Cannot use non-block element as block wrapper',
+ E_USER_ERROR
+ );
}
$parent = $config->get('HTML.Parent');
@@ -233,14 +276,15 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$this->info_parent = $parent;
$this->info_parent_def = $def;
} else {
- trigger_error('Cannot use unrecognized element as parent',
- E_USER_ERROR);
+ trigger_error(
+ 'Cannot use unrecognized element as parent',
+ E_USER_ERROR
+ );
$this->info_parent_def = $this->manager->getElement($this->info_parent, true);
}
// support template text
- $support = "(for information on implementing this, see the ".
- "support forums) ";
+ $support = "(for information on implementing this, see the support forums) ";
// setup allowed elements -----------------------------------------
@@ -256,7 +300,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
if (is_array($allowed_elements)) {
foreach ($this->info as $name => $d) {
- if(!isset($allowed_elements[$name])) unset($this->info[$name]);
+ if (!isset($allowed_elements[$name])) {
+ unset($this->info[$name]);
+ }
unset($allowed_elements[$name]);
}
// emit errors
@@ -270,7 +316,6 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$allowed_attributes_mutable = $allowed_attributes; // by copy!
if (is_array($allowed_attributes)) {
-
// This actually doesn't do anything, since we went away from
// global attributes. It's possible that userland code uses
// it, but HTMLModuleManager doesn't!
@@ -285,7 +330,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
unset($allowed_attributes_mutable[$key]);
}
}
- if ($delete) unset($this->info_global_attr[$attr]);
+ if ($delete) {
+ unset($this->info_global_attr[$attr]);
+ }
}
foreach ($this->info as $tag => $info) {
@@ -300,7 +347,16 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
unset($allowed_attributes_mutable[$key]);
}
}
- if ($delete) unset($this->info[$tag]->attr[$attr]);
+ if ($delete) {
+ if ($this->info[$tag]->attr[$attr]->required) {
+ trigger_error(
+ "Required attribute '$attr' in element '$tag' " .
+ "was not allowed, which means '$tag' will not be allowed either",
+ E_USER_WARNING
+ );
+ }
+ unset($this->info[$tag]->attr[$attr]);
+ }
}
}
// emit errors
@@ -313,23 +369,29 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$element = htmlspecialchars($bits[0]);
$attribute = htmlspecialchars($bits[1]);
if (!isset($this->info[$element])) {
- trigger_error("Cannot allow attribute '$attribute' if element '$element' is not allowed/supported $support");
+ trigger_error(
+ "Cannot allow attribute '$attribute' if element " .
+ "'$element' is not allowed/supported $support"
+ );
} else {
- trigger_error("Attribute '$attribute' in element '$element' not supported $support",
- E_USER_WARNING);
+ trigger_error(
+ "Attribute '$attribute' in element '$element' not supported $support",
+ E_USER_WARNING
+ );
}
break;
}
// otherwise fall through
case 1:
$attribute = htmlspecialchars($bits[0]);
- trigger_error("Global attribute '$attribute' is not ".
+ trigger_error(
+ "Global attribute '$attribute' is not ".
"supported in any elements $support",
- E_USER_WARNING);
+ E_USER_WARNING
+ );
break;
}
}
-
}
// setup forbidden elements ---------------------------------------
@@ -343,25 +405,34 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
continue;
}
foreach ($info->attr as $attr => $x) {
- if (
- isset($forbidden_attributes["$tag@$attr"]) ||
+ if (isset($forbidden_attributes["$tag@$attr"]) ||
isset($forbidden_attributes["*@$attr"]) ||
isset($forbidden_attributes[$attr])
) {
unset($this->info[$tag]->attr[$attr]);
continue;
- } // this segment might get removed eventually
- elseif (isset($forbidden_attributes["$tag.$attr"])) {
+ } elseif (isset($forbidden_attributes["$tag.$attr"])) { // this segment might get removed eventually
// $tag.$attr are not user supplied, so no worries!
- trigger_error("Error with $tag.$attr: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead", E_USER_WARNING);
+ trigger_error(
+ "Error with $tag.$attr: tag.attr syntax not supported for " .
+ "HTML.ForbiddenAttributes; use tag@attr instead",
+ E_USER_WARNING
+ );
}
}
}
foreach ($forbidden_attributes as $key => $v) {
- if (strlen($key) < 2) continue;
- if ($key[0] != '*') continue;
+ if (strlen($key) < 2) {
+ continue;
+ }
+ if ($key[0] != '*') {
+ continue;
+ }
if ($key[1] == '.') {
- trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
+ trigger_error(
+ "Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead",
+ E_USER_WARNING
+ );
}
}
@@ -380,12 +451,12 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
* separate lists for processing. Format is element[attr1|attr2],element2...
* @warning Although it's largely drawn from TinyMCE's implementation,
* it is different, and you'll probably have to modify your lists
- * @param $list String list to parse
- * @param array($allowed_elements, $allowed_attributes)
+ * @param array $list String list to parse
+ * @return array
* @todo Give this its own class, probably static interface
*/
- public function parseTinyMCEAllowedList($list) {
-
+ public function parseTinyMCEAllowedList($list)
+ {
$list = str_replace(array(' ', "\t"), '', $list);
$elements = array();
@@ -393,7 +464,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
$chunks = preg_split('/(,|[\n\r]+)/', $list);
foreach ($chunks as $chunk) {
- if (empty($chunk)) continue;
+ if (empty($chunk)) {
+ continue;
+ }
// remove TinyMCE element control characters
if (!strpos($chunk, '[')) {
$element = $chunk;
@@ -401,20 +474,20 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
} else {
list($element, $attr) = explode('[', $chunk);
}
- if ($element !== '*') $elements[$element] = true;
- if (!$attr) continue;
+ if ($element !== '*') {
+ $elements[$element] = true;
+ }
+ if (!$attr) {
+ continue;
+ }
$attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ]
$attr = explode('|', $attr);
foreach ($attr as $key) {
$attributes["$element.$key"] = true;
}
}
-
return array($elements, $attributes);
-
}
-
-
}
// vim: et sw=4 sts=4
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 07:57:07 +0000