diff options
Diffstat (limited to 'vendor/ezyang/htmlpurifier')
24 files changed, 126 insertions, 42 deletions
diff --git a/vendor/ezyang/htmlpurifier/NEWS b/vendor/ezyang/htmlpurifier/NEWS index fd5d56cf0..9b6e10232 100644 --- a/vendor/ezyang/htmlpurifier/NEWS +++ b/vendor/ezyang/htmlpurifier/NEWS @@ -9,6 +9,20 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier . Internal change ========================== +4.10.0, released 2018-02-22 +# PHP 5.3 is no longer officially supported by HTML Purifier + (we did not specifically break support, but we are no longer + testing on PHP 5.3) +! Relative CSS length units are now supported +- A few PHP 7.2 compatibility fixes, thanks John Flatness + <john@zerocrates.org> +- Improve portability with old versions of libxml which don't + support accessing the data of a node +- IDNA2008 is now used for converting domains to ASCII, fixing + some rather strange bugs with international domains +- Fix race condition resulting in E_WARNING when creating + directories with Serializer + 4.9.3, released 2017-06-02 - Workaround PHP 7.1 infinite loop when opcode cache is enabled. Thanks @Xiphin (#134, #135) diff --git a/vendor/ezyang/htmlpurifier/README.md b/vendor/ezyang/htmlpurifier/README.md index b321f2b69..37715c607 100644 --- a/vendor/ezyang/htmlpurifier/README.md +++ b/vendor/ezyang/htmlpurifier/README.md @@ -2,7 +2,7 @@ HTML Purifier [![Build Status](https://secure.travis-ci.org/ezyang/htmlpurifier. ============= HTML Purifier is an HTML filtering solution that uses a unique combination -of robust whitelists and agressive parsing to ensure that not only are +of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant. HTML Purifier is oriented towards richly formatted documents from @@ -26,4 +26,4 @@ Package available on [Composer](https://packagist.org/packages/ezyang/htmlpurifi If you're using Composer to manage dependencies, you can use - $ composer require "ezyang/htmlpurifier": "dev-master" + $ composer require "ezyang/htmlpurifier":"dev-master" diff --git a/vendor/ezyang/htmlpurifier/VERSION b/vendor/ezyang/htmlpurifier/VERSION index e94f14fa9..1910ba9d2 100644 --- a/vendor/ezyang/htmlpurifier/VERSION +++ b/vendor/ezyang/htmlpurifier/VERSION @@ -1 +1 @@ -4.9.3
\ No newline at end of file +4.10.0
\ No newline at end of file diff --git a/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php new file mode 100644 index 000000000..d1485bf2e --- /dev/null +++ b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php @@ -0,0 +1,15 @@ +<?php + +/** + * @file + * Legacy autoloader for systems lacking spl_autoload_register + * + * Must be separate to prevent deprecation warning on PHP 7.2 + */ + +function __autoload($class) +{ + return HTMLPurifierExtras::autoload($class); +} + +// vim: et sw=4 sts=4 diff --git a/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload.php b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload.php index de4a8aaaf..69c909538 100644 --- a/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload.php +++ b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload.php @@ -17,10 +17,7 @@ if (function_exists('spl_autoload_register')) { spl_autoload_register('__autoload'); } } elseif (!function_exists('__autoload')) { - function __autoload($class) - { - return HTMLPurifierExtras::autoload($class); - } + require dirname(__FILE__) . '/HTMLPurifierExtras.autoload-legacy.php'; } // vim: et sw=4 sts=4 diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload-legacy.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload-legacy.php new file mode 100644 index 000000000..c271cd158 --- /dev/null +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload-legacy.php @@ -0,0 +1,15 @@ +<?php + +/** + * @file + * Legacy autoloader for systems lacking spl_autoload_register + * + * Must be separate to prevent deprecation warning on PHP 7.2 + */ + +function __autoload($class) +{ + return HTMLPurifier_Bootstrap::autoload($class); +} + +// vim: et sw=4 sts=4 diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload.php index c3ea67e81..9d8d29926 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload.php @@ -14,10 +14,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un spl_autoload_register('__autoload'); } } elseif (!function_exists('__autoload')) { - function __autoload($class) - { - return HTMLPurifier_Bootstrap::autoload($class); - } + require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php'; } if (ini_get('zend.ze1_compatibility_mode')) { diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.includes.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.includes.php index e8bce5c85..321bdc566 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.includes.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.includes.php @@ -7,7 +7,7 @@ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * FILE, changes will be overwritten the next time the script is run. * - * @version 4.9.3 + * @version 4.10.0 * * @warning * You must *not* include any other HTML Purifier files before this file, diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php index b4605ebc6..bada5188b 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php @@ -19,7 +19,7 @@ */ /* - HTML Purifier 4.9.3 - Standards Compliant HTML Filtering + HTML Purifier 4.10.0 - Standards Compliant HTML Filtering Copyright (C) 2006-2008 Edward Z. Yang This library is free software; you can redistribute it and/or @@ -58,12 +58,12 @@ class HTMLPurifier * Version of HTML Purifier. * @type string */ - public $version = '4.9.3'; + public $version = '4.10.0'; /** * Constant with version of HTML Purifier. */ - const VERSION = '4.9.3'; + const VERSION = '4.10.0'; /** * Global configuration object. diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php index 3b4d18674..e54a3344a 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php @@ -97,7 +97,7 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef // PHP 5.3 and later support this functionality natively if (function_exists('idn_to_ascii')) { - $string = idn_to_ascii($string); + $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46); // If we have Net_IDNA2 support, we can support IRIs by // punycoding them. (This is the most portable thing to do, diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php index 3648364b3..f37cf3713 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php @@ -21,7 +21,7 @@ class HTMLPurifier_Config * HTML Purifier's version * @type string */ - public $version = '4.9.3'; + public $version = '4.10.0'; /** * Whether or not to automatically finalize diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php index 952e48d47..b82c6bb20 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php @@ -217,9 +217,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac $directory = $this->generateDirectoryPath($config); $chmod = $config->get('Cache.SerializerPermissions'); if ($chmod === null) { - // TODO: This races - if (is_dir($directory)) return true; - return mkdir($directory); + if (!@mkdir($directory) && !is_dir($directory)) { + trigger_error( + 'Could not create directory ' . $directory . '', + E_USER_WARNING + ); + return false; + } + return true; } if (!is_dir($directory)) { $base = $this->generateBaseDirectoryPath($config); @@ -233,7 +238,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac } elseif (!$this->_testPermissions($base, $chmod)) { return false; } - if (!mkdir($directory, $chmod)) { + if (!@mkdir($directory, $chmod) && !is_dir($directory)) { trigger_error( 'Could not create directory ' . $directory . '', E_USER_WARNING diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README index 2e35c1c3d..2e35c1c3d 100755..100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php index 5060eef9e..116b470c3 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php @@ -157,11 +157,13 @@ abstract class HTMLPurifier_Injector return false; } // check for exclusion - for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) { - $node = $this->currentNesting[$i]; - $def = $this->htmlDefinition->info[$node->name]; - if (isset($def->excludes[$name])) { - return false; + if (!empty($this->currentNesting)) { + for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) { + $node = $this->currentNesting[$i]; + $def = $this->htmlDefinition->info[$node->name]; + if (isset($def->excludes[$name])) { + return false; + } } } return true; diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php index bbfbe6624..e70da55a9 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php @@ -26,12 +26,14 @@ class HTMLPurifier_Length protected $isValid; /** - * Array Lookup array of units recognized by CSS 2.1 + * Array Lookup array of units recognized by CSS 3 * @type array */ protected static $allowedUnits = array( 'em' => true, 'ex' => true, 'px' => true, 'in' => true, - 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true + 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true, + 'ch' => true, 'rem' => true, 'vw' => true, 'vh' => true, + 'vmin' => true, 'vmax' => true ); /** diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php index 22ab5820c..6238a99e3 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php @@ -127,6 +127,41 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer } /** + * Portably retrieve the tag name of a node; deals with older versions + * of libxml like 2.7.6 + * @param DOMNode $node + */ + protected function getTagName($node) + { + if (property_exists($node, 'tagName')) { + return $node->tagName; + } else if (property_exists($node, 'nodeName')) { + return $node->nodeName; + } else if (property_exists($node, 'localName')) { + return $node->localName; + } + return null; + } + + /** + * Portably retrieve the data of a node; deals with older versions + * of libxml like 2.7.6 + * @param DOMNode $node + */ + protected function getData($node) + { + if (property_exists($node, 'data')) { + return $node->data; + } else if (property_exists($node, 'nodeValue')) { + return $node->nodeValue; + } else if (property_exists($node, 'textContent')) { + return $node->textContent; + } + return null; + } + + + /** * @param DOMNode $node DOMNode to be tokenized. * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. * @param bool $collect Says whether or start and close are collected, set to @@ -141,7 +176,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer // but we're not getting the character reference nodes because // those should have been preprocessed if ($node->nodeType === XML_TEXT_NODE) { - $tokens[] = $this->factory->createText($node->data); + $data = $this->getData($node); // Handle variable data property + if ($data !== null) { + $tokens[] = $this->factory->createText($data); + } return false; } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) { // undo libxml's special treatment of <script> and <style> tags @@ -171,21 +209,20 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer // not-well tested: there may be other nodes we have to grab return false; } - $attr = $node->hasAttributes() ? $this->transformAttrToAssoc($node->attributes) : array(); - + $tag_name = $this->getTagName($node); // Handle variable tagName property + if (empty($tag_name)) { + return (bool) $node->childNodes->length; + } // We still have to make sure that the element actually IS empty if (!$node->childNodes->length) { if ($collect) { - $tokens[] = $this->factory->createEmpty($node->tagName, $attr); + $tokens[] = $this->factory->createEmpty($tag_name, $attr); } return false; } else { if ($collect) { - $tokens[] = $this->factory->createStart( - $tag_name = $node->tagName, // somehow, it get's dropped - $attr - ); + $tokens[] = $this->factory->createStart($tag_name, $attr); } return true; } @@ -197,10 +234,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer */ protected function createEndNode($node, &$tokens) { - $tokens[] = $this->factory->createEnd($node->tagName); + $tag_name = $this->getTagName($node); // Handle variable tagName property + $tokens[] = $this->factory->createEnd($tag_name); } - /** * Converts a DOMNamedNodeMap of DOMAttr objects into an assoc array. * diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/PH5P.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/PH5P.php index 0b452d17f..72476ddf3 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/PH5P.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/PH5P.php @@ -1507,7 +1507,7 @@ class HTML5 $entity = $this->character($start, $this->char); $cond = strlen($e_name) > 0; - // The rest of the parsing happens bellow. + // The rest of the parsing happens below. break; // Anything else @@ -1535,7 +1535,7 @@ class HTML5 } $cond = isset($entity); - // The rest of the parsing happens bellow. + // The rest of the parsing happens below. break; } diff --git a/vendor/ezyang/htmlpurifier/maintenance/PH5P.php b/vendor/ezyang/htmlpurifier/maintenance/PH5P.php index 9d83dcbf5..a04273e01 100644 --- a/vendor/ezyang/htmlpurifier/maintenance/PH5P.php +++ b/vendor/ezyang/htmlpurifier/maintenance/PH5P.php @@ -1080,7 +1080,7 @@ class HTML5 $entity = $this->character($start, $this->char); $cond = strlen($e_name) > 0; - // The rest of the parsing happens bellow. + // The rest of the parsing happens below. break; // Anything else @@ -1102,7 +1102,7 @@ class HTML5 } $cond = isset($entity); - // The rest of the parsing happens bellow. + // The rest of the parsing happens below. break; } diff --git a/vendor/ezyang/htmlpurifier/maintenance/compile-doxygen.sh b/vendor/ezyang/htmlpurifier/maintenance/compile-doxygen.sh index ecd1127fd..ecd1127fd 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/compile-doxygen.sh +++ b/vendor/ezyang/htmlpurifier/maintenance/compile-doxygen.sh diff --git a/vendor/ezyang/htmlpurifier/maintenance/flush-definition-cache.php b/vendor/ezyang/htmlpurifier/maintenance/flush-definition-cache.php index 138badb65..138badb65 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/flush-definition-cache.php +++ b/vendor/ezyang/htmlpurifier/maintenance/flush-definition-cache.php diff --git a/vendor/ezyang/htmlpurifier/maintenance/generate-entity-file.php b/vendor/ezyang/htmlpurifier/maintenance/generate-entity-file.php index ff1713e39..ff1713e39 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/generate-entity-file.php +++ b/vendor/ezyang/htmlpurifier/maintenance/generate-entity-file.php diff --git a/vendor/ezyang/htmlpurifier/maintenance/generate-standalone.php b/vendor/ezyang/htmlpurifier/maintenance/generate-standalone.php index 254d4d83b..254d4d83b 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/generate-standalone.php +++ b/vendor/ezyang/htmlpurifier/maintenance/generate-standalone.php diff --git a/vendor/ezyang/htmlpurifier/maintenance/merge-library.php b/vendor/ezyang/htmlpurifier/maintenance/merge-library.php index de2eecdc0..de2eecdc0 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/merge-library.php +++ b/vendor/ezyang/htmlpurifier/maintenance/merge-library.php diff --git a/vendor/ezyang/htmlpurifier/maintenance/regenerate-docs.sh b/vendor/ezyang/htmlpurifier/maintenance/regenerate-docs.sh index 6f4d720ff..6f4d720ff 100755..100644 --- a/vendor/ezyang/htmlpurifier/maintenance/regenerate-docs.sh +++ b/vendor/ezyang/htmlpurifier/maintenance/regenerate-docs.sh |