by removing
* leading and trailing whitespace, ignoring line feeds, and replacing
* carriage returns and tabs with spaces. While most useful for HTML
* attributes specified as CDATA, it can also be applied to most CSS
* values.
*
* @note This method is not entirely standards compliant, as trim() removes
* more types of whitespace than specified in the spec. In practice,
* this is rarely a problem, as those extra characters usually have
* already been removed by HTMLPurifier_Encoder.
*
* @warning This processing is inconsistent with XML's whitespace handling
* as specified by section 3.3.3 and referenced XHTML 1.0 section
* 4.7. However, note that we are NOT necessarily
* parsing XML, thus, this behavior may still be correct. We
* assume that newlines have been normalized.
*/
public function parseCDATA($string)
{
$string = trim($string);
$string = str_replace(array("\n", "\t", "\r"), ' ', $string);
return $string;
}
/**
* Factory method for creating this class from a string.
* @param string $string String construction info
* @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string
*/
public function make($string)
{
// default implementation, return a flyweight of this object.
// If $string has an effect on the returned object (i.e. you
// need to overload this method), it is best
// to clone or instantiate new copies. (Instantiation is safer.)
return $this;
}
/**
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
* properly. THIS IS A HACK!
* @param string $string a CSS colour definition
* @return string
*/
protected function mungeRgb($string)
{
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
}
/**
* Parses a possibly escaped CSS string and returns the "pure"
* version of it.
*/
protected function expandCSSEscape($string)
{
// flexibly parse it
$ret = '';
for ($i = 0, $c = strlen($string); $i < $c; $i++) {
if ($string[$i] === '\\') {
$i++;
if ($i >= $c) {
$ret .= '\\';
break;
}
if (ctype_xdigit($string[$i])) {
$code = $string[$i];
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
if (!ctype_xdigit($string[$i])) {
break;
}
$code .= $string[$i];
}
// We have to be extremely careful when adding
// new characters, to make sure we're not breaking
// the encoding.
$char = HTMLPurifier_Encoder::unichr(hexdec($code));
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
continue;
}
$ret .= $char;
if ($i < $c && trim($string[$i]) !== '') {
$i--;
}
continue;
}
if ($string[$i] === "\n") {
continue;
}
}
$ret .= $string[$i];
}
return $ret;
}
}
/**
* Processes an entire attribute array for corrections needing multiple values.
*
* Occasionally, a certain attribute will need to be removed and popped onto
* another value. Instead of creating a complex return syntax for
* HTMLPurifier_AttrDef, we just pass the whole attribute array to a
* specialized object and have that do the special work. That is the
* family of HTMLPurifier_AttrTransform.
*
* An attribute transformation can be assigned to run before or after
* HTMLPurifier_AttrDef validation. See HTMLPurifier_HTMLDefinition for
* more details.
*/
abstract class HTMLPurifier_AttrTransform
{
/**
* Abstract: makes changes to the attributes dependent on multiple values.
*
* @param array $attr Assoc array of attributes, usually from
* HTMLPurifier_Token_Tag::$attr
* @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
* @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object
* @return array Processed attribute array.
*/
abstract public function transform($attr, $config, $context);
/**
* Prepends CSS properties to the style attribute, creating the
* attribute if it doesn't exist.
* @param array &$attr Attribute array to process (passed by reference)
* @param string $css CSS to prepend
*/
public function prependCSS(&$attr, $css)
{
$attr['style'] = isset($attr['style']) ? $attr['style'] : '';
$attr['style'] = $css . $attr['style'];
}
/**
* Retrieves and removes an attribute
* @param array &$attr Attribute array to process (passed by reference)
* @param mixed $key Key of attribute to confiscate
* @return mixed
*/
public function confiscateAttr(&$attr, $key)
{
if (!isset($attr[$key])) {
return null;
}
$value = $attr[$key];
unset($attr[$key]);
return $value;
}
}
/**
* Provides lookup array of attribute types to HTMLPurifier_AttrDef objects
*/
class HTMLPurifier_AttrTypes
{
/**
* Lookup array of attribute string identifiers to concrete implementations.
* @type HTMLPurifier_AttrDef[]
*/
protected $info = array();
/**
* Constructs the info array, supplying default implementations for attribute
* types.
*/
public function __construct()
{
// XXX This is kind of poor, since we don't actually /clone/
// instances; instead, we use the supplied make() attribute. So,
// the underlying class must know how to deal with arguments.
// With the old implementation of Enum, that ignored its
// arguments when handling a make dispatch, the IAlign
// definition wouldn't work.
// pseudo-types, must be instantiated via shorthand
$this->info['Enum'] = new HTMLPurifier_AttrDef_Enum();
$this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool();
$this->info['CDATA'] = new HTMLPurifier_AttrDef_Text();
$this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID();
$this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length();
$this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
$this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
$this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels();
$this->info['Text'] = new HTMLPurifier_AttrDef_Text();
$this->info['URI'] = new HTMLPurifier_AttrDef_URI();
$this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
$this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color();
$this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right');
$this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
// unimplemented aliases
$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
$this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
$this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
$this->info['Character'] = new HTMLPurifier_AttrDef_Text();
// "proprietary" types
$this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
// number is really a positive integer (one or more digits)
// FIXME: ^^ not always, see start and value of list items
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
}
private static function makeEnum($in)
{
return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
}
/**
* Retrieves a type
* @param string $type String type name
* @return HTMLPurifier_AttrDef Object AttrDef for type
*/
public function get($type)
{
// determine if there is any extra info tacked on
if (strpos($type, '#') !== false) {
list($type, $string) = explode('#', $type, 2);
} else {
$string = '';
}
if (!isset($this->info[$type])) {
trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
return;
}
return $this->info[$type]->make($string);
}
/**
* Sets a new implementation for a type
* @param string $type String type name
* @param HTMLPurifier_AttrDef $impl Object AttrDef for type
*/
public function set($type, $impl)
{
$this->info[$type] = $impl;
}
}
/**
* Validates the attributes of a token. Doesn't manage required attributes
* very well. The only reason we factored this out was because RemoveForeignElements
* also needed it besides ValidateAttributes.
*/
class HTMLPurifier_AttrValidator
{
/**
* Validates the attributes of a token, mutating it as necessary.
* that has valid tokens
* @param HTMLPurifier_Token $token Token to validate.
* @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
* @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
*/
public function validateToken($token, $config, $context)
{
$definition = $config->getHTMLDefinition();
$e =& $context->get('ErrorCollector', true);
// initialize IDAccumulator if necessary
$ok =& $context->get('IDAccumulator', true);
if (!$ok) {
$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
$context->register('IDAccumulator', $id_accumulator);
}
// initialize CurrentToken if necessary
$current_token =& $context->get('CurrentToken', true);
if (!$current_token) {
$context->register('CurrentToken', $token);
}
if (!$token instanceof HTMLPurifier_Token_Start &&
!$token instanceof HTMLPurifier_Token_Empty
) {
return;
}
// create alias to global definition array, see also $defs
// DEFINITION CALL
$d_defs = $definition->info_global_attr;
// don't update token until the very end, to ensure an atomic update
$attr = $token->attr;
// do global transformations (pre)
// nothing currently utilizes this
foreach ($definition->info_attr_transform_pre as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
if ($e) {
if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
}
}
// do local transformations only applicable to this element (pre)
// ex. to
foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
if ($e) {
if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
}
}
// create alias to this element's attribute definition array, see
// also $d_defs (global attribute definition array)
// DEFINITION CALL
$defs = $definition->info[$token->name]->attr;
$attr_key = false;
$context->register('CurrentAttr', $attr_key);
// iterate through all the attribute keypairs
// Watch out for name collisions: $key has previously been used
foreach ($attr as $attr_key => $value) {
// call the definition
if (isset($defs[$attr_key])) {
// there is a local definition defined
if ($defs[$attr_key] === false) {
// We've explicitly been told not to allow this element.
// This is usually when there's a global definition
// that must be overridden.
// Theoretically speaking, we could have a
// AttrDef_DenyAll, but this is faster!
$result = false;
} else {
// validate according to the element's definition
$result = $defs[$attr_key]->validate(
$value,
$config,
$context
);
}
} elseif (isset($d_defs[$attr_key])) {
// there is a global definition defined, validate according
// to the global definition
$result = $d_defs[$attr_key]->validate(
$value,
$config,
$context
);
} else {
// system never heard of the attribute? DELETE!
$result = false;
}
// put the results into effect
if ($result === false || $result === null) {
// this is a generic error message that should replaced
// with more specific ones when possible
if ($e) {
$e->send(E_ERROR, 'AttrValidator: Attribute removed');
}
// remove the attribute
unset($attr[$attr_key]);
} elseif (is_string($result)) {
// generally, if a substitution is happening, there
// was some sort of implicit correction going on. We'll
// delegate it to the attribute classes to say exactly what.
// simple substitution
$attr[$attr_key] = $result;
} else {
// nothing happens
}
// we'd also want slightly more complicated substitution
// involving an array as the return value,
// although we're not sure how colliding attributes would
// resolve (certain ones would be completely overriden,
// others would prepend themselves).
}
$context->destroy('CurrentAttr');
// post transforms
// global (error reporting untested)
foreach ($definition->info_attr_transform_post as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
if ($e) {
if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
}
}
// local (error reporting untested)
foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
$attr = $transform->transform($o = $attr, $config, $context);
if ($e) {
if ($attr != $o) {
$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
}
}
}
$token->attr = $attr;
// destroy CurrentToken if we made it ourselves
if (!$current_token) {
$context->destroy('CurrentToken');
}
}
}
// constants are slow, so we use as few as possible
if (!defined('HTMLPURIFIER_PREFIX')) {
define('HTMLPURIFIER_PREFIX', dirname(__FILE__) . '/standalone');
set_include_path(HTMLPURIFIER_PREFIX . PATH_SEPARATOR . get_include_path());
}
// accomodations for versions earlier than 5.0.2
// borrowed from PHP_Compat, LGPL licensed, by Aidan Lister
if (!defined('PHP_EOL')) {
switch (strtoupper(substr(PHP_OS, 0, 3))) {
case 'WIN':
define('PHP_EOL', "\r\n");
break;
case 'DAR':
define('PHP_EOL', "\r");
break;
default:
define('PHP_EOL', "\n");
}
}
/**
* Bootstrap class that contains meta-functionality for HTML Purifier such as
* the autoload function.
*
* @note
* This class may be used without any other files from HTML Purifier.
*/
class HTMLPurifier_Bootstrap
{
/**
* Autoload function for HTML Purifier
* @param string $class Class to load
* @return bool
*/
public static function autoload($class)
{
$file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) {
return false;
}
// Technically speaking, it should be ok and more efficient to
// just do 'require', but Antonio Parraga reports that with
// Zend extensions such as Zend debugger and APC, this invariant
// may be broken. Since we have efficient alternatives, pay
// the cost here and avoid the bug.
require_once HTMLPURIFIER_PREFIX . '/' . $file;
return true;
}
/**
* Returns the path for a specific class.
* @param string $class Class path to get
* @return string
*/
public static function getPath($class)
{
if (strncmp('HTMLPurifier', $class, 12) !== 0) {
return false;
}
// Custom implementations
if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
$code = str_replace('_', '-', substr($class, 22));
$file = 'HTMLPurifier/Language/classes/' . $code . '.php';
} else {
$file = str_replace('_', '/', $class) . '.php';
}
if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
return false;
}
return $file;
}
/**
* "Pre-registers" our autoloader on the SPL stack.
*/
public static function registerAutoload()
{
$autoload = array('HTMLPurifier_Bootstrap', 'autoload');
if (($funcs = spl_autoload_functions()) === false) {
spl_autoload_register($autoload);
} elseif (function_exists('spl_autoload_unregister')) {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
// prepend flag exists, no need for shenanigans
spl_autoload_register($autoload, true, true);
} else {
$buggy = version_compare(PHP_VERSION, '5.2.11', '<');
$compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
version_compare(PHP_VERSION, '5.1.0', '>=');
foreach ($funcs as $func) {
if ($buggy && is_array($func)) {
// :TRICKY: There are some compatibility issues and some
// places where we need to error out
$reflector = new ReflectionMethod($func[0], $func[1]);
if (!$reflector->isStatic()) {
throw new Exception(
'HTML Purifier autoloader registrar is not compatible
with non-static object methods due to PHP Bug #44144;
Please do not use HTMLPurifier.autoload.php (or any
file that includes this file); instead, place the code:
spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
after your own autoloaders.'
);
}
// Suprisingly, spl_autoload_register supports the
// Class::staticMethod callback format, although call_user_func doesn't
if ($compat) {
$func = implode('::', $func);
}
}
spl_autoload_unregister($func);
}
spl_autoload_register($autoload);
foreach ($funcs as $func) {
spl_autoload_register($func);
}
}
}
}
}
/**
* Super-class for definition datatype objects, implements serialization
* functions for the class.
*/
abstract class HTMLPurifier_Definition
{
/**
* Has setup() been called yet?
* @type bool
*/
public $setup = false;
/**
* If true, write out the final definition object to the cache after
* setup. This will be true only if all invocations to get a raw
* definition object are also optimized. This does not cause file
* system thrashing because on subsequent calls the cached object
* is used and any writes to the raw definition object are short
* circuited. See enduser-customize.html for the high-level
* picture.
* @type bool
*/
public $optimized = null;
/**
* What type of definition is it?
* @type string
*/
public $type;
/**
* Sets up the definition object into the final form, something
* not done by the constructor
* @param HTMLPurifier_Config $config
*/
abstract protected function doSetup($config);
/**
* Setup function that aborts if already setup
* @param HTMLPurifier_Config $config
*/
public function setup($config)
{
if ($this->setup) {
return;
}
$this->setup = true;
$this->doSetup($config);
}
}
/**
* Defines allowed CSS attributes and what their values are.
* @see HTMLPurifier_HTMLDefinition
*/
class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
{
public $type = 'CSS';
/**
* Assoc array of attribute name to definition object.
* @type HTMLPurifier_AttrDef[]
*/
public $info = array();
/**
* Constructs the info array. The meat of this class.
* @param HTMLPurifier_Config $config
*/
protected function doSetup($config)
{
$this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
array('left', 'right', 'center', 'justify'),
false
);
$border_style =
$this->info['border-bottom-style'] =
$this->info['border-right-style'] =
$this->info['border-left-style'] =
$this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
array(
'none',
'hidden',
'dotted',
'dashed',
'solid',
'double',
'groove',
'ridge',
'inset',
'outset'
),
false
);
$this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
$this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'left', 'right', 'both'),
false
);
$this->info['float'] = new HTMLPurifier_AttrDef_Enum(
array('none', 'left', 'right'),
false
);
$this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'italic', 'oblique'),
false
);
$this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
array('normal', 'small-caps'),
false
);
$uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('none')),
new HTMLPurifier_AttrDef_CSS_URI()
)
);
$this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
array('inside', 'outside'),
false
);
$this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
array(
'disc',
'circle',
'square',
'decimal',
'lower-roman',
'upper-roman',
'lower-alpha',
'upper-alpha',
'none'
),
false
);
$this->info['list-style-image'] = $uri_or_none;
$this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
$this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
array('capitalize', 'uppercase', 'lowercase', 'none'),
false
);
$this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['background-image'] = $uri_or_none;
$this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
);
$this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
array('scroll', 'fixed')
);
$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
$border_color =
$this->info['border-top-color'] =
$this->info['border-bottom-color'] =
$this->info['border-left-color'] =
$this->info['border-right-color'] =
$this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('transparent')),
new HTMLPurifier_AttrDef_CSS_Color()
)
);
$this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
$this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
$border_width =
$this->info['border-top-width'] =
$this->info['border-bottom-width'] =
$this->info['border-left-width'] =
$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
)
);
$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
$this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length()
)
);
$this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Length()
)
);
$this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(
array(
'xx-small',
'x-small',
'small',
'medium',
'large',
'x-large',
'xx-large',
'larger',
'smaller'
)
),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_CSS_Length()
)
);
$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true)
)
);
$margin =
$this->info['margin-top'] =
$this->info['margin-bottom'] =
$this->info['margin-left'] =
$this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_Enum(array('auto'))
)
);
$this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
// non-negative
$padding =
$this->info['padding-top'] =
$this->info['padding-bottom'] =
$this->info['padding-left'] =
$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true)
)
);
$this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
$this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
)
);
$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('auto'))
)
);
$max = $config->get('CSS.MaxImgLength');
$this->info['width'] =
$this->info['height'] =
$max === null ?
$trusted_wh :
new HTMLPurifier_AttrDef_Switch(
'img',
// For img tags:
new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
new HTMLPurifier_AttrDef_Enum(array('auto'))
)
),
// For everyone else:
$trusted_wh
);
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
// this could use specialized code
$this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
array(
'normal',
'bold',
'bolder',
'lighter',
'100',
'200',
'300',
'400',
'500',
'600',
'700',
'800',
'900'
),
false
);
// MUST be called after other font properties, as it references
// a CSSDefinition object
$this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
// same here
$this->info['border'] =
$this->info['border-bottom'] =
$this->info['border-top'] =
$this->info['border-left'] =
$this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
$this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(
array('collapse', 'separate')
);
$this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(
array('top', 'bottom')
);
$this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(
array('auto', 'fixed')
);
$this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(
array(
'baseline',
'sub',
'super',
'top',
'text-top',
'middle',
'bottom',
'text-bottom'
)
),
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
)
);
$this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
// These CSS properties don't work on many browsers, but we live
// in THE FUTURE!
$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(
array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')
);
if ($config->get('CSS.Proprietary')) {
$this->doSetupProprietary($config);
}
if ($config->get('CSS.AllowTricky')) {
$this->doSetupTricky($config);
}
if ($config->get('CSS.Trusted')) {
$this->doSetupTrusted($config);
}
$allow_important = $config->get('CSS.AllowImportant');
// wrap all attr-defs with decorator that handles !important
foreach ($this->info as $k => $v) {
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
}
$this->setupConfigStuff($config);
}
/**
* @param HTMLPurifier_Config $config
*/
protected function doSetupProprietary($config)
{
// Internet Explorer only scrollbar colors
$this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-darkshadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-face-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-highlight-color'] = new HTMLPurifier_AttrDef_CSS_Color();
$this->info['scrollbar-shadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
// technically not proprietary, but CSS3, and no one supports it
$this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
$this->info['-moz-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
$this->info['-khtml-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
// only opacity, for now
$this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
// more CSS3
$this->info['page-break-after'] =
$this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(
array(
'auto',
'always',
'avoid',
'left',
'right'
)
);
$this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid'));
}
/**
* @param HTMLPurifier_Config $config
*/
protected function doSetupTricky($config)
{
$this->info['display'] = new HTMLPurifier_AttrDef_Enum(
array(
'inline',
'block',
'list-item',
'run-in',
'compact',
'marker',
'table',
'inline-block',
'inline-table',
'table-row-group',
'table-header-group',
'table-footer-group',
'table-row',
'table-column-group',
'table-column',
'table-cell',
'table-caption',
'none'
)
);
$this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(
array('visible', 'hidden', 'collapse')
);
$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
}
/**
* @param HTMLPurifier_Config $config
*/
protected function doSetupTrusted($config)
{
$this->info['position'] = new HTMLPurifier_AttrDef_Enum(
array('static', 'relative', 'absolute', 'fixed')
);
$this->info['top'] =
$this->info['left'] =
$this->info['right'] =
$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_Enum(array('auto')),
)
);
$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Integer(),
new HTMLPurifier_AttrDef_Enum(array('auto')),
)
);
}
/**
* Performs extra config-based processing. Based off of
* HTMLPurifier_HTMLDefinition.
* @param HTMLPurifier_Config $config
* @todo Refactor duplicate elements into common class (probably using
* composition, not inheritance).
*/
protected function setupConfigStuff($config)
{
// setup allowed elements
$support = "(for information on implementing this, see the " .
"support forums) ";
$allowed_properties = $config->get('CSS.AllowedProperties');
if ($allowed_properties !== null) {
foreach ($this->info as $name => $d) {
if (!isset($allowed_properties[$name])) {
unset($this->info[$name]);
}
unset($allowed_properties[$name]);
}
// emit errors
foreach ($allowed_properties as $name => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$name = htmlspecialchars($name);
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
}
}
$forbidden_properties = $config->get('CSS.ForbiddenProperties');
if ($forbidden_properties !== null) {
foreach ($this->info as $name => $d) {
if (isset($forbidden_properties[$name])) {
unset($this->info[$name]);
}
}
}
}
}
/**
* Defines allowed child nodes and validates nodes against it.
*/
abstract class HTMLPurifier_ChildDef
{
/**
* Type of child definition, usually right-most part of class name lowercase.
* Used occasionally in terms of context.
* @type string
*/
public $type;
/**
* Indicates whether or not an empty array of children is okay.
*
* This is necessary for redundant checking when changes affecting
* a child node may cause a parent node to now be disallowed.
* @type bool
*/
public $allow_empty;
/**
* Lookup array of all elements that this definition could possibly allow.
* @type array
*/
public $elements = array();
/**
* Get lookup of tag names that should not close this element automatically.
* All other elements will do so.
* @param HTMLPurifier_Config $config HTMLPurifier_Config object
* @return array
*/
public function getAllowedElements($config)
{
return $this->elements;
}
/**
* Validates nodes according to definition and returns modification.
*
* @param HTMLPurifier_Node[] $children Array of HTMLPurifier_Node
* @param HTMLPurifier_Config $config HTMLPurifier_Config object
* @param HTMLPurifier_Context $context HTMLPurifier_Context object
* @return bool|array true to leave nodes as is, false to remove parent node, array of replacement children
*/
abstract public function validateChildren($children, $config, $context);
}
/**
* Configuration object that triggers customizable behavior.
*
* @warning This class is strongly defined: that means that the class
* will fail if an undefined directive is retrieved or set.
*
* @note Many classes that could (although many times don't) use the
* configuration object make it a mandatory parameter. This is
* because a configuration object should always be forwarded,
* otherwise, you run the risk of missing a parameter and then
* being stumped when a configuration directive doesn't work.
*
* @todo Reconsider some of the public member variables
*/
class HTMLPurifier_Config
{
/**
* HTML Purifier's version
* @type string
*/
public $version = '4.6.0';
/**
* Whether or not to automatically finalize
* the object if a read operation is done.
* @type bool
*/
public $autoFinalize = true;
// protected member variables
/**
* Namespace indexed array of serials for specific namespaces.
* @see getSerial() for more info.
* @type string[]
*/
protected $serials = array();
/**
* Serial for entire configuration object.
* @type string
*/
protected $serial;
/**
* Parser for variables.
* @type HTMLPurifier_VarParser_Flexible
*/
protected $parser = null;
/**
* Reference HTMLPurifier_ConfigSchema for value checking.
* @type HTMLPurifier_ConfigSchema
* @note This is public for introspective purposes. Please don't
* abuse!
*/
public $def;
/**
* Indexed array of definitions.
* @type HTMLPurifier_Definition[]
*/
protected $definitions;
/**
* Whether or not config is finalized.
* @type bool
*/
protected $finalized = false;
/**
* Property list containing configuration directives.
* @type array
*/
protected $plist;
/**
* Whether or not a set is taking place due to an alias lookup.
* @type bool
*/
private $aliasMode;
/**
* Set to false if you do not want line and file numbers in errors.
* (useful when unit testing). This will also compress some errors
* and exceptions.
* @type bool
*/
public $chatty = true;
/**
* Current lock; only gets to this namespace are allowed.
* @type string
*/
private $lock;
/**
* Constructor
* @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines
* what directives are allowed.
* @param HTMLPurifier_PropertyList $parent
*/
public function __construct($definition, $parent = null)
{
$parent = $parent ? $parent : $definition->defaultPlist;
$this->plist = new HTMLPurifier_PropertyList($parent);
$this->def = $definition; // keep a copy around for checking
$this->parser = new HTMLPurifier_VarParser_Flexible();
}
/**
* Convenience constructor that creates a config object based on a mixed var
* @param mixed $config Variable that defines the state of the config
* object. Can be: a HTMLPurifier_Config() object,
* an array of directives based on loadArray(),
* or a string filename of an ini file.
* @param HTMLPurifier_ConfigSchema $schema Schema object
* @return HTMLPurifier_Config Configured object
*/
public static function create($config, $schema = null)
{
if ($config instanceof HTMLPurifier_Config) {
// pass-through
return $config;
}
if (!$schema) {
$ret = HTMLPurifier_Config::createDefault();
} else {
$ret = new HTMLPurifier_Config($schema);
}
if (is_string($config)) {
$ret->loadIni($config);
} elseif (is_array($config)) $ret->loadArray($config);
return $ret;
}
/**
* Creates a new config object that inherits from a previous one.
* @param HTMLPurifier_Config $config Configuration object to inherit from.
* @return HTMLPurifier_Config object with $config as its parent.
*/
public static function inherit(HTMLPurifier_Config $config)
{
return new HTMLPurifier_Config($config->def, $config->plist);
}
/**
* Convenience constructor that creates a default configuration object.
* @return HTMLPurifier_Config default object.
*/
public static function createDefault()
{
$definition = HTMLPurifier_ConfigSchema::instance();
$config = new HTMLPurifier_Config($definition);
return $config;
}
/**
* Retrieves a value from the configuration.
*
* @param string $key String key
* @param mixed $a
*
* @return mixed
*/
public function get($key, $a = null)
{
if ($a !== null) {
$this->triggerError(
"Using deprecated API: use \$config->get('$key.$a') instead",
E_USER_WARNING
);
$key = "$key.$a";
}
if (!$this->finalized) {
$this->autoFinalize();
}
if (!isset($this->def->info[$key])) {
// can't add % due to SimpleTest bug
$this->triggerError(
'Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
E_USER_WARNING
);
return;
}
if (isset($this->def->info[$key]->isAlias)) {
$d = $this->def->info[$key];
$this->triggerError(
'Cannot get value from aliased directive, use real name ' . $d->key,
E_USER_ERROR
);
return;
}
if ($this->lock) {
list($ns) = explode('.', $key);
if ($ns !== $this->lock) {
$this->triggerError(
'Cannot get value of namespace ' . $ns . ' when lock for ' .
$this->lock .
' is active, this probably indicates a Definition setup method ' .
'is accessing directives that are not within its namespace',
E_USER_ERROR
);
return;
}
}
return $this->plist->get($key);
}
/**
* Retrieves an array of directives to values from a given namespace
*
* @param string $namespace String namespace
*
* @return array
*/
public function getBatch($namespace)
{
if (!$this->finalized) {
$this->autoFinalize();
}
$full = $this->getAll();
if (!isset($full[$namespace])) {
$this->triggerError(
'Cannot retrieve undefined namespace ' .
htmlspecialchars($namespace),
E_USER_WARNING
);
return;
}
return $full[$namespace];
}
/**
* Returns a SHA-1 signature of a segment of the configuration object
* that uniquely identifies that particular configuration
*
* @param string $namespace Namespace to get serial for
*
* @return string
* @note Revision is handled specially and is removed from the batch
* before processing!
*/
public function getBatchSerial($namespace)
{
if (empty($this->serials[$namespace])) {
$batch = $this->getBatch($namespace);
unset($batch['DefinitionRev']);
$this->serials[$namespace] = sha1(serialize($batch));
}
return $this->serials[$namespace];
}
/**
* Returns a SHA-1 signature for the entire configuration object
* that uniquely identifies that particular configuration
*
* @return string
*/
public function getSerial()
{
if (empty($this->serial)) {
$this->serial = sha1(serialize($this->getAll()));
}
return $this->serial;
}
/**
* Retrieves all directives, organized by namespace
*
* @warning This is a pretty inefficient function, avoid if you can
*/
public function getAll()
{
if (!$this->finalized) {
$this->autoFinalize();
}
$ret = array();
foreach ($this->plist->squash() as $name => $value) {
list($ns, $key) = explode('.', $name, 2);
$ret[$ns][$key] = $value;
}
return $ret;
}
/**
* Sets a value to configuration.
*
* @param string $key key
* @param mixed $value value
* @param mixed $a
*/
public function set($key, $value, $a = null)
{
if (strpos($key, '.') === false) {
$namespace = $key;
$directive = $value;
$value = $a;
$key = "$key.$directive";
$this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
} else {
list($namespace) = explode('.', $key);
}
if ($this->isFinalized('Cannot set directive after finalization')) {
return;
}
if (!isset($this->def->info[$key])) {
$this->triggerError(
'Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
E_USER_WARNING
);
return;
}
$def = $this->def->info[$key];
if (isset($def->isAlias)) {
if ($this->aliasMode) {
$this->triggerError(
'Double-aliases not allowed, please fix '.
'ConfigSchema bug with' . $key,
E_USER_ERROR
);
return;
}
$this->aliasMode = true;
$this->set($def->key, $value);
$this->aliasMode = false;
$this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
return;
}
// Raw type might be negative when using the fully optimized form
// of stdclass, which indicates allow_null == true
$rtype = is_int($def) ? $def : $def->type;
if ($rtype < 0) {
$type = -$rtype;
$allow_null = true;
} else {
$type = $rtype;
$allow_null = isset($def->allow_null);
}
try {
$value = $this->parser->parse($value, $type, $allow_null);
} catch (HTMLPurifier_VarParserException $e) {
$this->triggerError(
'Value for ' . $key . ' is of invalid type, should be ' .
HTMLPurifier_VarParser::getTypeName($type),
E_USER_WARNING
);
return;
}
if (is_string($value) && is_object($def)) {
// resolve value alias if defined
if (isset($def->aliases[$value])) {
$value = $def->aliases[$value];
}
// check to see if the value is allowed
if (isset($def->allowed) && !isset($def->allowed[$value])) {
$this->triggerError(
'Value not supported, valid values are: ' .
$this->_listify($def->allowed),
E_USER_WARNING
);
return;
}
}
$this->plist->set($key, $value);
// reset definitions if the directives they depend on changed
// this is a very costly process, so it's discouraged
// with finalization
if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
$this->definitions[$namespace] = null;
}
$this->serials[$namespace] = false;
}
/**
* Convenience function for error reporting
*
* @param array $lookup
*
* @return string
*/
private function _listify($lookup)
{
$list = array();
foreach ($lookup as $name => $b) {
$list[] = $name;
}
return implode(', ', $list);
}
/**
* Retrieves object reference to the HTML definition.
*
* @param bool $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
* @param bool $optimized If true, this method may return null, to
* indicate that a cached version of the modified
* definition object is available and no further edits
* are necessary. Consider using
* maybeGetRawHTMLDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_HTMLDefinition
*/
public function getHTMLDefinition($raw = false, $optimized = false)
{
return $this->getDefinition('HTML', $raw, $optimized);
}
/**
* Retrieves object reference to the CSS definition
*
* @param bool $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
* @param bool $optimized If true, this method may return null, to
* indicate that a cached version of the modified
* definition object is available and no further edits
* are necessary. Consider using
* maybeGetRawCSSDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_CSSDefinition
*/
public function getCSSDefinition($raw = false, $optimized = false)
{
return $this->getDefinition('CSS', $raw, $optimized);
}
/**
* Retrieves object reference to the URI definition
*
* @param bool $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
* @param bool $optimized If true, this method may return null, to
* indicate that a cached version of the modified
* definition object is available and no further edits
* are necessary. Consider using
* maybeGetRawURIDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_URIDefinition
*/
public function getURIDefinition($raw = false, $optimized = false)
{
return $this->getDefinition('URI', $raw, $optimized);
}
/**
* Retrieves a definition
*
* @param string $type Type of definition: HTML, CSS, etc
* @param bool $raw Whether or not definition should be returned raw
* @param bool $optimized Only has an effect when $raw is true. Whether
* or not to return null if the result is already present in
* the cache. This is off by default for backwards
* compatibility reasons, but you need to do things this
* way in order to ensure that caching is done properly.
* Check out enduser-customize.html for more details.
* We probably won't ever change this default, as much as the
* maybe semantics is the "right thing to do."
*
* @throws HTMLPurifier_Exception
* @return HTMLPurifier_Definition
*/
public function getDefinition($type, $raw = false, $optimized = false)
{
if ($optimized && !$raw) {
throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
}
if (!$this->finalized) {
$this->autoFinalize();
}
// temporarily suspend locks, so we can handle recursive definition calls
$lock = $this->lock;
$this->lock = null;
$factory = HTMLPurifier_DefinitionCacheFactory::instance();
$cache = $factory->create($type, $this);
$this->lock = $lock;
if (!$raw) {
// full definition
// ---------------
// check if definition is in memory
if (!empty($this->definitions[$type])) {
$def = $this->definitions[$type];
// check if the definition is setup
if ($def->setup) {
return $def;
} else {
$def->setup($this);
if ($def->optimized) {
$cache->add($def, $this);
}
return $def;
}
}
// check if definition is in cache
$def = $cache->get($this);
if ($def) {
// definition in cache, save to memory and return it
$this->definitions[$type] = $def;
return $def;
}
// initialize it
$def = $this->initDefinition($type);
// set it up
$this->lock = $type;
$def->setup($this);
$this->lock = null;
// save in cache
$cache->add($def, $this);
// return it
return $def;
} else {
// raw definition
// --------------
// check preconditions
$def = null;
if ($optimized) {
if (is_null($this->get($type . '.DefinitionID'))) {
// fatally error out if definition ID not set
throw new HTMLPurifier_Exception(
"Cannot retrieve raw version without specifying %$type.DefinitionID"
);
}
}
if (!empty($this->definitions[$type])) {
$def = $this->definitions[$type];
if ($def->setup && !$optimized) {
$extra = $this->chatty ?
" (try moving this code block earlier in your initialization)" :
"";
throw new HTMLPurifier_Exception(
"Cannot retrieve raw definition after it has already been setup" .
$extra
);
}
if ($def->optimized === null) {
$extra = $this->chatty ? " (try flushing your cache)" : "";
throw new HTMLPurifier_Exception(
"Optimization status of definition is unknown" . $extra
);
}
if ($def->optimized !== $optimized) {
$msg = $optimized ? "optimized" : "unoptimized";
$extra = $this->chatty ?
" (this backtrace is for the first inconsistent call, which was for a $msg raw definition)"
: "";
throw new HTMLPurifier_Exception(
"Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra
);
}
}
// check if definition was in memory
if ($def) {
if ($def->setup) {
// invariant: $optimized === true (checked above)
return null;
} else {
return $def;
}
}
// if optimized, check if definition was in cache
// (because we do the memory check first, this formulation
// is prone to cache slamming, but I think
// guaranteeing that either /all/ of the raw
// setup code or /none/ of it is run is more important.)
if ($optimized) {
// This code path only gets run once; once we put
// something in $definitions (which is guaranteed by the
// trailing code), we always short-circuit above.
$def = $cache->get($this);
if ($def) {
// save the full definition for later, but don't
// return it yet
$this->definitions[$type] = $def;
return null;
}
}
// check invariants for creation
if (!$optimized) {
if (!is_null($this->get($type . '.DefinitionID'))) {
if ($this->chatty) {
$this->triggerError(
'Due to a documentation error in previous version of HTML Purifier, your ' .
'definitions are not being cached. If this is OK, you can remove the ' .
'%$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, ' .
'modify your code to use maybeGetRawDefinition, and test if the returned ' .
'value is null before making any edits (if it is null, that means that a ' .
'cached version is available, and no raw operations are necessary). See ' .
'' .
'Customize for more details',
E_USER_WARNING
);
} else {
$this->triggerError(
"Useless DefinitionID declaration",
E_USER_WARNING
);
}
}
}
// initialize it
$def = $this->initDefinition($type);
$def->optimized = $optimized;
return $def;
}
throw new HTMLPurifier_Exception("The impossible happened!");
}
/**
* Initialise definition
*
* @param string $type What type of definition to create
*
* @return HTMLPurifier_CSSDefinition|HTMLPurifier_HTMLDefinition|HTMLPurifier_URIDefinition
* @throws HTMLPurifier_Exception
*/
private function initDefinition($type)
{
// quick checks failed, let's create the object
if ($type == 'HTML') {
$def = new HTMLPurifier_HTMLDefinition();
} elseif ($type == 'CSS') {
$def = new HTMLPurifier_CSSDefinition();
} elseif ($type == 'URI') {
$def = new HTMLPurifier_URIDefinition();
} else {
throw new HTMLPurifier_Exception(
"Definition of $type type not supported"
);
}
$this->definitions[$type] = $def;
return $def;
}
public function maybeGetRawDefinition($name)
{
return $this->getDefinition($name, true, true);
}
public function maybeGetRawHTMLDefinition()
{
return $this->getDefinition('HTML', true, true);
}
public function maybeGetRawCSSDefinition()
{
return $this->getDefinition('CSS', true, true);
}
public function maybeGetRawURIDefinition()
{
return $this->getDefinition('URI', true, true);
}
/**
* Loads configuration values from an array with the following structure:
* Namespace.Directive => Value
*
* @param array $config_array Configuration associative array
*/
public function loadArray($config_array)
{
if ($this->isFinalized('Cannot load directives after finalization')) {
return;
}
foreach ($config_array as $key => $value) {
$key = str_replace('_', '.', $key);
if (strpos($key, '.') !== false) {
$this->set($key, $value);
} else {
$namespace = $key;
$namespace_values = $value;
foreach ($namespace_values as $directive => $value2) {
$this->set($namespace .'.'. $directive, $value2);
}
}
}
}
/**
* Returns a list of array(namespace, directive) for all directives
* that are allowed in a web-form context as per an allowed
* namespaces/directives list.
*
* @param array $allowed List of allowed namespaces/directives
* @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
*
* @return array
*/
public static function getAllowedDirectivesForForm($allowed, $schema = null)
{
if (!$schema) {
$schema = HTMLPurifier_ConfigSchema::instance();
}
if ($allowed !== true) {
if (is_string($allowed)) {
$allowed = array($allowed);
}
$allowed_ns = array();
$allowed_directives = array();
$blacklisted_directives = array();
foreach ($allowed as $ns_or_directive) {
if (strpos($ns_or_directive, '.') !== false) {
// directive
if ($ns_or_directive[0] == '-') {
$blacklisted_directives[substr($ns_or_directive, 1)] = true;
} else {
$allowed_directives[$ns_or_directive] = true;
}
} else {
// namespace
$allowed_ns[$ns_or_directive] = true;
}
}
}
$ret = array();
foreach ($schema->info as $key => $def) {
list($ns, $directive) = explode('.', $key, 2);
if ($allowed !== true) {
if (isset($blacklisted_directives["$ns.$directive"])) {
continue;
}
if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) {
continue;
}
}
if (isset($def->isAlias)) {
continue;
}
if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') {
continue;
}
$ret[] = array($ns, $directive);
}
return $ret;
}
/**
* Loads configuration values from $_GET/$_POST that were posted
* via ConfigForm
*
* @param array $array $_GET or $_POST array to import
* @param string|bool $index Index/name that the config variables are in
* @param array|bool $allowed List of allowed namespaces/directives
* @param bool $mq_fix Boolean whether or not to enable magic quotes fix
* @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
*
* @return mixed
*/
public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
{
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
$config = HTMLPurifier_Config::create($ret, $schema);
return $config;
}
/**
* Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
*
* @param array $array $_GET or $_POST array to import
* @param string|bool $index Index/name that the config variables are in
* @param array|bool $allowed List of allowed namespaces/directives
* @param bool $mq_fix Boolean whether or not to enable magic quotes fix
*/
public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true)
{
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
$this->loadArray($ret);
}
/**
* Prepares an array from a form into something usable for the more
* strict parts of HTMLPurifier_Config
*
* @param array $array $_GET or $_POST array to import
* @param string|bool $index Index/name that the config variables are in
* @param array|bool $allowed List of allowed namespaces/directives
* @param bool $mq_fix Boolean whether or not to enable magic quotes fix
* @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
*
* @return array
*/
public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
{
if ($index !== false) {
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
}
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
$ret = array();
foreach ($allowed as $key) {
list($ns, $directive) = $key;
$skey = "$ns.$directive";
if (!empty($array["Null_$skey"])) {
$ret[$ns][$directive] = null;
continue;
}
if (!isset($array[$skey])) {
continue;
}
$value = $mq ? stripslashes($array[$skey]) : $array[$skey];
$ret[$ns][$directive] = $value;
}
return $ret;
}
/**
* Loads configuration values from an ini file
*
* @param string $filename Name of ini file
*/
public function loadIni($filename)
{
if ($this->isFinalized('Cannot load directives after finalization')) {
return;
}
$array = parse_ini_file($filename, true);
$this->loadArray($array);
}
/**
* Checks whether or not the configuration object is finalized.
*
* @param string|bool $error String error message, or false for no error
*
* @return bool
*/
public function isFinalized($error = false)
{
if ($this->finalized && $error) {
$this->triggerError($error, E_USER_ERROR);
}
return $this->finalized;
}
/**
* Finalizes configuration only if auto finalize is on and not
* already finalized
*/
public function autoFinalize()
{
if ($this->autoFinalize) {
$this->finalize();
} else {
$this->plist->squash(true);
}
}
/**
* Finalizes a configuration object, prohibiting further change
*/
public function finalize()
{
$this->finalized = true;
$this->parser = null;
}
/**
* Produces a nicely formatted error message by supplying the
* stack frame information OUTSIDE of HTMLPurifier_Config.
*
* @param string $msg An error message
* @param int $no An error number
*/
protected function triggerError($msg, $no)
{
// determine previous stack frame
$extra = '';
if ($this->chatty) {
$trace = debug_backtrace();
// zip(tail(trace), trace) -- but PHP is not Haskell har har
for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
// XXX this is not correct on some versions of HTML Purifier
if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
continue;
}
$frame = $trace[$i];
$extra = " invoked on line {$frame['line']} in file {$frame['file']}";
break;
}
}
trigger_error($msg . $extra, $no);
}
/**
* Returns a serialized form of the configuration object that can
* be reconstituted.
*
* @return string
*/
public function serialize()
{
$this->getDefinition('HTML');
$this->getDefinition('CSS');
$this->getDefinition('URI');
return serialize($this);
}
}
/**
* Configuration definition, defines directives and their defaults.
*/
class HTMLPurifier_ConfigSchema
{
/**
* Defaults of the directives and namespaces.
* @type array
* @note This shares the exact same structure as HTMLPurifier_Config::$conf
*/
public $defaults = array();
/**
* The default property list. Do not edit this property list.
* @type array
*/
public $defaultPlist;
/**
* Definition of the directives.
* The structure of this is:
*
* array(
* 'Namespace' => array(
* 'Directive' => new stdclass(),
* )
* )
*
* The stdclass may have the following properties:
*
* - If isAlias isn't set:
* - type: Integer type of directive, see HTMLPurifier_VarParser for definitions
* - allow_null: If set, this directive allows null values
* - aliases: If set, an associative array of value aliases to real values
* - allowed: If set, a lookup array of allowed (string) values
* - If isAlias is set:
* - namespace: Namespace this directive aliases to
* - name: Directive name this directive aliases to
*
* In certain degenerate cases, stdclass will actually be an integer. In
* that case, the value is equivalent to an stdclass with the type
* property set to the integer. If the integer is negative, type is
* equal to the absolute value of integer, and allow_null is true.
*
* This class is friendly with HTMLPurifier_Config. If you need introspection
* about the schema, you're better of using the ConfigSchema_Interchange,
* which uses more memory but has much richer information.
* @type array
*/
public $info = array();
/**
* Application-wide singleton
* @type HTMLPurifier_ConfigSchema
*/
protected static $singleton;
public function __construct()
{
$this->defaultPlist = new HTMLPurifier_PropertyList();
}
/**
* Unserializes the default ConfigSchema.
* @return HTMLPurifier_ConfigSchema
*/
public static function makeFromSerial()
{
$contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser');
$r = unserialize($contents);
if (!$r) {
$hash = sha1($contents);
trigger_error("Unserialization of configuration schema failed, sha1 of file was $hash", E_USER_ERROR);
}
return $r;
}
/**
* Retrieves an instance of the application-wide configuration definition.
* @param HTMLPurifier_ConfigSchema $prototype
* @return HTMLPurifier_ConfigSchema
*/
public static function instance($prototype = null)
{
if ($prototype !== null) {
HTMLPurifier_ConfigSchema::$singleton = $prototype;
} elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) {
HTMLPurifier_ConfigSchema::$singleton = HTMLPurifier_ConfigSchema::makeFromSerial();
}
return HTMLPurifier_ConfigSchema::$singleton;
}
/**
* Defines a directive for configuration
* @warning Will fail of directive's namespace is defined.
* @warning This method's signature is slightly different from the legacy
* define() static method! Beware!
* @param string $key Name of directive
* @param mixed $default Default value of directive
* @param string $type Allowed type of the directive. See
* HTMLPurifier_DirectiveDef::$type for allowed values
* @param bool $allow_null Whether or not to allow null values
*/
public function add($key, $default, $type, $allow_null)
{
$obj = new stdclass();
$obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type];
if ($allow_null) {
$obj->allow_null = true;
}
$this->info[$key] = $obj;
$this->defaults[$key] = $default;
$this->defaultPlist->set($key, $default);
}
/**
* Defines a directive value alias.
*
* Directive value aliases are convenient for developers because it lets
* them set a directive to several values and get the same result.
* @param string $key Name of Directive
* @param array $aliases Hash of aliased values to the real alias
*/
public function addValueAliases($key, $aliases)
{
if (!isset($this->info[$key]->aliases)) {
$this->info[$key]->aliases = array();
}
foreach ($aliases as $alias => $real) {
$this->info[$key]->aliases[$alias] = $real;
}
}
/**
* Defines a set of allowed values for a directive.
* @warning This is slightly different from the corresponding static
* method definition.
* @param string $key Name of directive
* @param array $allowed Lookup array of allowed values
*/
public function addAllowedValues($key, $allowed)
{
$this->info[$key]->allowed = $allowed;
}
/**
* Defines a directive alias for backwards compatibility
* @param string $key Directive that will be aliased
* @param string $new_key Directive that the alias will be to
*/
public function addAlias($key, $new_key)
{
$obj = new stdclass;
$obj->key = $new_key;
$obj->isAlias = true;
$this->info[$key] = $obj;
}
/**
* Replaces any stdclass that only has the type property with type integer.
*/
public function postProcess()
{
foreach ($this->info as $key => $v) {
if (count((array) $v) == 1) {
$this->info[$key] = $v->type;
} elseif (count((array) $v) == 2 && isset($v->allow_null)) {
$this->info[$key] = -$v->type;
}
}
}
}
/**
* @todo Unit test
*/
class HTMLPurifier_ContentSets
{
/**
* List of content set strings (pipe separators) indexed by name.
* @type array
*/
public $info = array();
/**
* List of content set lookups (element => true) indexed by name.
* @type array
* @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
*/
public $lookup = array();
/**
* Synchronized list of defined content sets (keys of info).
* @type array
*/
protected $keys = array();
/**
* Synchronized list of defined content values (values of info).
* @type array
*/
protected $values = array();
/**
* Merges in module's content sets, expands identifiers in the content
* sets and populates the keys, values and lookup member variables.
* @param HTMLPurifier_HTMLModule[] $modules List of HTMLPurifier_HTMLModule
*/
public function __construct($modules)
{
if (!is_array($modules)) {
$modules = array($modules);
}
// populate content_sets based on module hints
// sorry, no way of overloading
foreach ($modules as $module) {
foreach ($module->content_sets as $key => $value) {
$temp = $this->convertToLookup($value);
if (isset($this->lookup[$key])) {
// add it into the existing content set
$this->lookup[$key] = array_merge($this->lookup[$key], $temp);
} else {
$this->lookup[$key] = $temp;
}
}
}
$old_lookup = false;
while ($old_lookup !== $this->lookup) {
$old_lookup = $this->lookup;
foreach ($this->lookup as $i => $set) {
$add = array();
foreach ($set as $element => $x) {
if (isset($this->lookup[$element])) {
$add += $this->lookup[$element];
unset($this->lookup[$i][$element]);
}
}
$this->lookup[$i] += $add;
}
}
foreach ($this->lookup as $key => $lookup) {
$this->info[$key] = implode(' | ', array_keys($lookup));
}
$this->keys = array_keys($this->info);
$this->values = array_values($this->info);
}
/**
* Accepts a definition; generates and assigns a ChildDef for it
* @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef reference
* @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
*/
public function generateChildDef(&$def, $module)
{
if (!empty($def->child)) { // already done!
return;
}
$content_model = $def->content_model;
if (is_string($content_model)) {
// Assume that $this->keys is alphanumeric
$def->content_model = preg_replace_callback(
'/\b(' . implode('|', $this->keys) . ')\b/',
array($this, 'generateChildDefCallback'),
$content_model
);
//$def->content_model = str_replace(
// $this->keys, $this->values, $content_model);
}
$def->child = $this->getChildDef($def, $module);
}
public function generateChildDefCallback($matches)
{
return $this->info[$matches[0]];
}
/**
* Instantiates a ChildDef based on content_model and content_model_type
* member variables in HTMLPurifier_ElementDef
* @note This will also defer to modules for custom HTMLPurifier_ChildDef
* subclasses that need content set expansion
* @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef to have ChildDef extracted
* @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
* @return HTMLPurifier_ChildDef corresponding to ElementDef
*/
public function getChildDef($def, $module)
{
$value = $def->content_model;
if (is_object($value)) {
trigger_error(
'Literal object child definitions should be stored in '.
'ElementDef->child not ElementDef->content_model',
E_USER_NOTICE
);
return $value;
}
switch ($def->content_model_type) {
case 'required':
return new HTMLPurifier_ChildDef_Required($value);
case 'optional':
return new HTMLPurifier_ChildDef_Optional($value);
case 'empty':
return new HTMLPurifier_ChildDef_Empty();
case 'custom':
return new HTMLPurifier_ChildDef_Custom($value);
}
// defer to its module
$return = false;
if ($module->defines_child_def) { // save a func call
$return = $module->getChildDef($def);
}
if ($return !== false) {
return $return;
}
// error-out
trigger_error(
'Could not determine which ChildDef class to instantiate',
E_USER_ERROR
);
return false;
}
/**
* Converts a string list of elements separated by pipes into
* a lookup array.
* @param string $string List of elements
* @return array Lookup array of elements
*/
protected function convertToLookup($string)
{
$array = explode('|', str_replace(' ', '', $string));
$ret = array();
foreach ($array as $k) {
$ret[$k] = true;
}
return $ret;
}
}
/**
* Registry object that contains information about the current context.
* @warning Is a bit buggy when variables are set to null: it thinks
* they don't exist! So use false instead, please.
* @note Since the variables Context deals with may not be objects,
* references are very important here! Do not remove!
*/
class HTMLPurifier_Context
{
/**
* Private array that stores the references.
* @type array
*/
private $_storage = array();
/**
* Registers a variable into the context.
* @param string $name String name
* @param mixed $ref Reference to variable to be registered
*/
public function register($name, &$ref)
{
if (array_key_exists($name, $this->_storage)) {
trigger_error(
"Name $name produces collision, cannot re-register",
E_USER_ERROR
);
return;
}
$this->_storage[$name] =& $ref;
}
/**
* Retrieves a variable reference from the context.
* @param string $name String name
* @param bool $ignore_error Boolean whether or not to ignore error
* @return mixed
*/
public function &get($name, $ignore_error = false)
{
if (!array_key_exists($name, $this->_storage)) {
if (!$ignore_error) {
trigger_error(
"Attempted to retrieve non-existent variable $name",
E_USER_ERROR
);
}
$var = null; // so we can return by reference
return $var;
}
return $this->_storage[$name];
}
/**
* Destroys a variable in the context.
* @param string $name String name
*/
public function destroy($name)
{
if (!array_key_exists($name, $this->_storage)) {
trigger_error(
"Attempted to destroy non-existent variable $name",
E_USER_ERROR
);
return;
}
unset($this->_storage[$name]);
}
/**
* Checks whether or not the variable exists.
* @param string $name String name
* @return bool
*/
public function exists($name)
{
return array_key_exists($name, $this->_storage);
}
/**
* Loads a series of variables from an associative array
* @param array $context_array Assoc array of variables to load
*/
public function loadArray($context_array)
{
foreach ($context_array as $key => $discard) {
$this->register($key, $context_array[$key]);
}
}
}
/**
* Abstract class representing Definition cache managers that implements
* useful common methods and is a factory.
* @todo Create a separate maintenance file advanced users can use to
* cache their custom HTMLDefinition, which can be loaded
* via a configuration directive
* @todo Implement memcached
*/
abstract class HTMLPurifier_DefinitionCache
{
/**
* @type string
*/
public $type;
/**
* @param string $type Type of definition objects this instance of the
* cache will handle.
*/
public function __construct($type)
{
$this->type = $type;
}
/**
* Generates a unique identifier for a particular configuration
* @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
* @return string
*/
public function generateKey($config)
{
return $config->version . ',' . // possibly replace with function calls
$config->getBatchSerial($this->type) . ',' .
$config->get($this->type . '.DefinitionRev');
}
/**
* Tests whether or not a key is old with respect to the configuration's
* version and revision number.
* @param string $key Key to test
* @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config to test against
* @return bool
*/
public function isOld($key, $config)
{
if (substr_count($key, ',') < 2) {
return true;
}
list($version, $hash, $revision) = explode(',', $key, 3);
$compare = version_compare($version, $config->version);
// version mismatch, is always old
if ($compare != 0) {
return true;
}
// versions match, ids match, check revision number
if ($hash == $config->getBatchSerial($this->type) &&
$revision < $config->get($this->type . '.DefinitionRev')) {
return true;
}
return false;
}
/**
* Checks if a definition's type jives with the cache's type
* @note Throws an error on failure
* @param HTMLPurifier_Definition $def Definition object to check
* @return bool true if good, false if not
*/
public function checkDefType($def)
{
if ($def->type !== $this->type) {
trigger_error("Cannot use definition of type {$def->type} in cache for {$this->type}");
return false;
}
return true;
}
/**
* Adds a definition object to the cache
* @param HTMLPurifier_Definition $def
* @param HTMLPurifier_Config $config
*/
abstract public function add($def, $config);
/**
* Unconditionally saves a definition object to the cache
* @param HTMLPurifier_Definition $def
* @param HTMLPurifier_Config $config
*/
abstract public function set($def, $config);
/**
* Replace an object in the cache
* @param HTMLPurifier_Definition $def
* @param HTMLPurifier_Config $config
*/
abstract public function replace($def, $config);
/**
* Retrieves a definition object from the cache
* @param HTMLPurifier_Config $config
*/
abstract public function get($config);
/**
* Removes a definition object to the cache
* @param HTMLPurifier_Config $config
*/
abstract public function remove($config);
/**
* Clears all objects from cache
* @param HTMLPurifier_Config $config
*/
abstract public function flush($config);
/**
* Clears all expired (older version or revision) objects from cache
* @note Be carefuly implementing this method as flush. Flush must
* not interfere with other Definition types, and cleanup()
* should not be repeatedly called by userland code.
* @param HTMLPurifier_Config $config
*/
abstract public function cleanup($config);
}
/**
* Responsible for creating definition caches.
*/
class HTMLPurifier_DefinitionCacheFactory
{
/**
* @type array
*/
protected $caches = array('Serializer' => array());
/**
* @type array
*/
protected $implementations = array();
/**
* @type HTMLPurifier_DefinitionCache_Decorator[]
*/
protected $decorators = array();
/**
* Initialize default decorators
*/
public function setup()
{
$this->addDecorator('Cleanup');
}
/**
* Retrieves an instance of global definition cache factory.
* @param HTMLPurifier_DefinitionCacheFactory $prototype
* @return HTMLPurifier_DefinitionCacheFactory
*/
public static function instance($prototype = null)
{
static $instance;
if ($prototype !== null) {
$instance = $prototype;
} elseif ($instance === null || $prototype === true) {
$instance = new HTMLPurifier_DefinitionCacheFactory();
$instance->setup();
}
return $instance;
}
/**
* Registers a new definition cache object
* @param string $short Short name of cache object, for reference
* @param string $long Full class name of cache object, for construction
*/
public function register($short, $long)
{
$this->implementations[$short] = $long;
}
/**
* Factory method that creates a cache object based on configuration
* @param string $type Name of definitions handled by cache
* @param HTMLPurifier_Config $config Config instance
* @return mixed
*/
public function create($type, $config)
{
$method = $config->get('Cache.DefinitionImpl');
if ($method === null) {
return new HTMLPurifier_DefinitionCache_Null($type);
}
if (!empty($this->caches[$method][$type])) {
return $this->caches[$method][$type];
}
if (isset($this->implementations[$method]) &&
class_exists($class = $this->implementations[$method], false)) {
$cache = new $class($type);
} else {
if ($method != 'Serializer') {
trigger_error("Unrecognized DefinitionCache $method, using Serializer instead", E_USER_WARNING);
}
$cache = new HTMLPurifier_DefinitionCache_Serializer($type);
}
foreach ($this->decorators as $decorator) {
$new_cache = $decorator->decorate($cache);
// prevent infinite recursion in PHP 4
unset($cache);
$cache = $new_cache;
}
$this->caches[$method][$type] = $cache;
return $this->caches[$method][$type];
}
/**
* Registers a decorator to add to all new cache objects
* @param HTMLPurifier_DefinitionCache_Decorator|string $decorator An instance or the name of a decorator
*/
public function addDecorator($decorator)
{
if (is_string($decorator)) {
$class = "HTMLPurifier_DefinitionCache_Decorator_$decorator";
$decorator = new $class;
}
$this->decorators[$decorator->name] = $decorator;
}
}
/**
* Represents a document type, contains information on which modules
* need to be loaded.
* @note This class is inspected by Printer_HTMLDefinition->renderDoctype.
* If structure changes, please update that function.
*/
class HTMLPurifier_Doctype
{
/**
* Full name of doctype
* @type string
*/
public $name;
/**
* List of standard modules (string identifiers or literal objects)
* that this doctype uses
* @type array
*/
public $modules = array();
/**
* List of modules to use for tidying up code
* @type array
*/
public $tidyModules = array();
/**
* Is the language derived from XML (i.e. XHTML)?
* @type bool
*/
public $xml = true;
/**
* List of aliases for this doctype
* @type array
*/
public $aliases = array();
/**
* Public DTD identifier
* @type string
*/
public $dtdPublic;
/**
* System DTD identifier
* @type string
*/
public $dtdSystem;
public function __construct(
$name = null,
$xml = true,
$modules = array(),
$tidyModules = array(),
$aliases = array(),
$dtd_public = null,
$dtd_system = null
) {
$this->name = $name;
$this->xml = $xml;
$this->modules = $modules;
$this->tidyModules = $tidyModules;
$this->aliases = $aliases;
$this->dtdPublic = $dtd_public;
$this->dtdSystem = $dtd_system;
}
}
class HTMLPurifier_DoctypeRegistry
{
/**
* Hash of doctype names to doctype objects.
* @type array
*/
protected $doctypes;
/**
* Lookup table of aliases to real doctype names.
* @type array
*/
protected $aliases;
/**
* Registers a doctype to the registry
* @note Accepts a fully-formed doctype object, or the
* parameters for constructing a doctype object
* @param string $doctype Name of doctype or literal doctype object
* @param bool $xml
* @param array $modules Modules doctype will load
* @param array $tidy_modules Modules doctype will load for certain modes
* @param array $aliases Alias names for doctype
* @param string $dtd_public
* @param string $dtd_system
* @return HTMLPurifier_Doctype Editable registered doctype
*/
public function register(
$doctype,
$xml = true,
$modules = array(),
$tidy_modules = array(),
$aliases = array(),
$dtd_public = null,
$dtd_system = null
) {
if (!is_array($modules)) {
$modules = array($modules);
}
if (!is_array($tidy_modules)) {
$tidy_modules = array($tidy_modules);
}
if (!is_array($aliases)) {
$aliases = array($aliases);
}
if (!is_object($doctype)) {
$doctype = new HTMLPurifier_Doctype(
$doctype,
$xml,
$modules,
$tidy_modules,
$aliases,
$dtd_public,
$dtd_system
);
}
$this->doctypes[$doctype->name] = $doctype;
$name = $doctype->name;
// hookup aliases
foreach ($doctype->aliases as $alias) {
if (isset($this->doctypes[$alias])) {
continue;
}
$this->aliases[$alias] = $name;
}
// remove old aliases
if (isset($this->aliases[$name])) {
unset($this->aliases[$name]);
}
return $doctype;
}
/**
* Retrieves reference to a doctype of a certain name
* @note This function resolves aliases
* @note When possible, use the more fully-featured make()
* @param string $doctype Name of doctype
* @return HTMLPurifier_Doctype Editable doctype object
*/
public function get($doctype)
{
if (isset($this->aliases[$doctype])) {
$doctype = $this->aliases[$doctype];
}
if (!isset($this->doctypes[$doctype])) {
trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
$anon = new HTMLPurifier_Doctype($doctype);
return $anon;
}
return $this->doctypes[$doctype];
}
/**
* Creates a doctype based on a configuration object,
* will perform initialization on the doctype
* @note Use this function to get a copy of doctype that config
* can hold on to (this is necessary in order to tell
* Generator whether or not the current document is XML
* based or not).
* @param HTMLPurifier_Config $config
* @return HTMLPurifier_Doctype
*/
public function make($config)
{
return clone $this->get($this->getDoctypeFromConfig($config));
}
/**
* Retrieves the doctype from the configuration object
* @param HTMLPurifier_Config $config
* @return string
*/
public function getDoctypeFromConfig($config)
{
// recommended test
$doctype = $config->get('HTML.Doctype');
if (!empty($doctype)) {
return $doctype;
}
$doctype = $config->get('HTML.CustomDoctype');
if (!empty($doctype)) {
return $doctype;
}
// backwards-compatibility
if ($config->get('HTML.XHTML')) {
$doctype = 'XHTML 1.0';
} else {
$doctype = 'HTML 4.01';
}
if ($config->get('HTML.Strict')) {
$doctype .= ' Strict';
} else {
$doctype .= ' Transitional';
}
return $doctype;
}
}
/**
* Structure that stores an HTML element definition. Used by
* HTMLPurifier_HTMLDefinition and HTMLPurifier_HTMLModule.
* @note This class is inspected by HTMLPurifier_Printer_HTMLDefinition.
* Please update that class too.
* @warning If you add new properties to this class, you MUST update
* the mergeIn() method.
*/
class HTMLPurifier_ElementDef
{
/**
* Does the definition work by itself, or is it created solely
* for the purpose of merging into another definition?
* @type bool
*/
public $standalone = true;
/**
* Associative array of attribute name to HTMLPurifier_AttrDef.
* @type array
* @note Before being processed by HTMLPurifier_AttrCollections
* when modules are finalized during
* HTMLPurifier_HTMLDefinition->setup(), this array may also
* contain an array at index 0 that indicates which attribute
* collections to load into the full array. It may also
* contain string indentifiers in lieu of HTMLPurifier_AttrDef,
* see HTMLPurifier_AttrTypes on how they are expanded during
* HTMLPurifier_HTMLDefinition->setup() processing.
*/
public $attr = array();
// XXX: Design note: currently, it's not possible to override
// previously defined AttrTransforms without messing around with
// the final generated config. This is by design; a previous version
// used an associated list of attr_transform, but it was extremely
// easy to accidentally override other attribute transforms by
// forgetting to specify an index (and just using 0.) While we
// could check this by checking the index number and complaining,
// there is a second problem which is that it is not at all easy to
// tell when something is getting overridden. Combine this with a
// codebase where this isn't really being used, and it's perfect for
// nuking.
/**
* List of tags HTMLPurifier_AttrTransform to be done before validation.
* @type array
*/
public $attr_transform_pre = array();
/**
* List of tags HTMLPurifier_AttrTransform to be done after validation.
* @type array
*/
public $attr_transform_post = array();
/**
* HTMLPurifier_ChildDef of this tag.
* @type HTMLPurifier_ChildDef
*/
public $child;
/**
* Abstract string representation of internal ChildDef rules.
* @see HTMLPurifier_ContentSets for how this is parsed and then transformed
* into an HTMLPurifier_ChildDef.
* @warning This is a temporary variable that is not available after
* being processed by HTMLDefinition
* @type string
*/
public $content_model;
/**
* Value of $child->type, used to determine which ChildDef to use,
* used in combination with $content_model.
* @warning This must be lowercase
* @warning This is a temporary variable that is not available after
* being processed by HTMLDefinition
* @type string
*/
public $content_model_type;
/**
* Does the element have a content model (#PCDATA | Inline)*? This
* is important for chameleon ins and del processing in
* HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
* have to worry about this one.
* @type bool
*/
public $descendants_are_inline = false;
/**
* List of the names of required attributes this element has.
* Dynamically populated by HTMLPurifier_HTMLDefinition::getElement()
* @type array
*/
public $required_attr = array();
/**
* Lookup table of tags excluded from all descendants of this tag.
* @type array
* @note SGML permits exclusions for all descendants, but this is
* not possible with DTDs or XML Schemas. W3C has elected to
* use complicated compositions of content_models to simulate
* exclusion for children, but we go the simpler, SGML-style
* route of flat-out exclusions, which correctly apply to
* all descendants and not just children. Note that the XHTML
* Modularization Abstract Modules are blithely unaware of such
* distinctions.
*/
public $excludes = array();
/**
* This tag is explicitly auto-closed by the following tags.
* @type array
*/
public $autoclose = array();
/**
* If a foreign element is found in this element, test if it is
* allowed by this sub-element; if it is, instead of closing the
* current element, place it inside this element.
* @type string
*/
public $wrap;
/**
* Whether or not this is a formatting element affected by the
* "Active Formatting Elements" algorithm.
* @type bool
*/
public $formatting;
/**
* Low-level factory constructor for creating new standalone element defs
*/
public static function create($content_model, $content_model_type, $attr)
{
$def = new HTMLPurifier_ElementDef();
$def->content_model = $content_model;
$def->content_model_type = $content_model_type;
$def->attr = $attr;
return $def;
}
/**
* Merges the values of another element definition into this one.
* Values from the new element def take precedence if a value is
* not mergeable.
* @param HTMLPurifier_ElementDef $def
*/
public function mergeIn($def)
{
// later keys takes precedence
foreach ($def->attr as $k => $v) {
if ($k === 0) {
// merge in the includes
// sorry, no way to override an include
foreach ($v as $v2) {
$this->attr[0][] = $v2;
}
continue;
}
if ($v === false) {
if (isset($this->attr[$k])) {
unset($this->attr[$k]);
}
continue;
}
$this->attr[$k] = $v;
}
$this->_mergeAssocArray($this->excludes, $def->excludes);
$this->attr_transform_pre = array_merge($this->attr_transform_pre, $def->attr_transform_pre);
$this->attr_transform_post = array_merge($this->attr_transform_post, $def->attr_transform_post);
if (!empty($def->content_model)) {
$this->content_model =
str_replace("#SUPER", $this->content_model, $def->content_model);
$this->child = false;
}
if (!empty($def->content_model_type)) {
$this->content_model_type = $def->content_model_type;
$this->child = false;
}
if (!is_null($def->child)) {
$this->child = $def->child;
}
if (!is_null($def->formatting)) {
$this->formatting = $def->formatting;
}
if ($def->descendants_are_inline) {
$this->descendants_are_inline = $def->descendants_are_inline;
}
}
/**
* Merges one array into another, removes values which equal false
* @param $a1 Array by reference that is merged into
* @param $a2 Array that merges into $a1
*/
private function _mergeAssocArray(&$a1, $a2)
{
foreach ($a2 as $k => $v) {
if ($v === false) {
if (isset($a1[$k])) {
unset($a1[$k]);
}
continue;
}
$a1[$k] = $v;
}
}
}
/**
* A UTF-8 specific character encoder that handles cleaning and transforming.
* @note All functions in this class should be static.
*/
class HTMLPurifier_Encoder
{
/**
* Constructor throws fatal error if you attempt to instantiate class
*/
private function __construct()
{
trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
}
/**
* Error-handler that mutes errors, alternative to shut-up operator.
*/
public static function muteErrorHandler()
{
}
/**
* iconv wrapper which mutes errors, but doesn't work around bugs.
* @param string $in Input encoding
* @param string $out Output encoding
* @param string $text The text to convert
* @return string
*/
public static function unsafeIconv($in, $out, $text)
{
set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
$r = iconv($in, $out, $text);
restore_error_handler();
return $r;
}
/**
* iconv wrapper which mutes errors and works around bugs.
* @param string $in Input encoding
* @param string $out Output encoding
* @param string $text The text to convert
* @param int $max_chunk_size
* @return string
*/
public static function iconv($in, $out, $text, $max_chunk_size = 8000)
{
$code = self::testIconvTruncateBug();
if ($code == self::ICONV_OK) {
return self::unsafeIconv($in, $out, $text);
} elseif ($code == self::ICONV_TRUNCATES) {
// we can only work around this if the input character set
// is utf-8
if ($in == 'utf-8') {
if ($max_chunk_size < 4) {
trigger_error('max_chunk_size is too small', E_USER_WARNING);
return false;
}
// split into 8000 byte chunks, but be careful to handle
// multibyte boundaries properly
if (($c = strlen($text)) <= $max_chunk_size) {
return self::unsafeIconv($in, $out, $text);
}
$r = '';
$i = 0;
while (true) {
if ($i + $max_chunk_size >= $c) {
$r .= self::unsafeIconv($in, $out, substr($text, $i));
break;
}
// wibble the boundary
if (0x80 != (0xC0 & ord($text[$i + $max_chunk_size]))) {
$chunk_size = $max_chunk_size;
} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 1]))) {
$chunk_size = $max_chunk_size - 1;
} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 2]))) {
$chunk_size = $max_chunk_size - 2;
} elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 3]))) {
$chunk_size = $max_chunk_size - 3;
} else {
return false; // rather confusing UTF-8...
}
$chunk = substr($text, $i, $chunk_size); // substr doesn't mind overlong lengths
$r .= self::unsafeIconv($in, $out, $chunk);
$i += $chunk_size;
}
return $r;
} else {
return false;
}
} else {
return false;
}
}
/**
* Cleans a UTF-8 string for well-formedness and SGML validity
*
* It will parse according to UTF-8 and return a valid UTF8 string, with
* non-SGML codepoints excluded.
*
* @param string $str The string to clean
* @param bool $force_php
* @return string
*
* @note Just for reference, the non-SGML code points are 0 to 31 and
* 127 to 159, inclusive. However, we allow code points 9, 10
* and 13, which are the tab, line feed and carriage return
* respectively. 128 and above the code points map to multibyte
* UTF-8 representations.
*
* @note Fallback code adapted from utf8ToUnicode by Henri Sivonen and
* hsivonen@iki.fi at under the
* LGPL license. Notes on what changed are inside, but in general,
* the original code transformed UTF-8 text into an array of integer
* Unicode codepoints. Understandably, transforming that back to
* a string would be somewhat expensive, so the function was modded to
* directly operate on the string. However, this discourages code
* reuse, and the logic enumerated here would be useful for any
* function that needs to be able to understand UTF-8 characters.
* As of right now, only smart lossless character encoding converters
* would need that, and I'm probably not going to implement them.
* Once again, PHP 6 should solve all our problems.
*/
public static function cleanUTF8($str, $force_php = false)
{
// UTF-8 validity is checked since PHP 4.3.5
// This is an optimization: if the string is already valid UTF-8, no
// need to do PHP stuff. 99% of the time, this will be the case.
// The regexp matches the XML char production, as well as well as excluding
// non-SGML codepoints U+007F to U+009F
if (preg_match(
'/^[\x{9}\x{A}\x{D}\x{20}-\x{7E}\x{A0}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]*$/Du',
$str
)) {
return $str;
}
$mState = 0; // cached expected number of octets after the current octet
// until the beginning of the next UTF8 character sequence
$mUcs4 = 0; // cached Unicode character
$mBytes = 1; // cached expected number of octets in the current sequence
// original code involved an $out that was an array of Unicode
// codepoints. Instead of having to convert back into UTF-8, we've
// decided to directly append valid UTF-8 characters onto a string
// $out once they're done. $char accumulates raw bytes, while $mUcs4
// turns into the Unicode code point, so there's some redundancy.
$out = '';
$char = '';
$len = strlen($str);
for ($i = 0; $i < $len; $i++) {
$in = ord($str{$i});
$char .= $str[$i]; // append byte to char
if (0 == $mState) {
// When mState is zero we expect either a US-ASCII character
// or a multi-octet sequence.
if (0 == (0x80 & ($in))) {
// US-ASCII, pass straight through.
if (($in <= 31 || $in == 127) &&
!($in == 9 || $in == 13 || $in == 10) // save \r\t\n
) {
// control characters, remove
} else {
$out .= $char;
}
// reset
$char = '';
$mBytes = 1;
} elseif (0xC0 == (0xE0 & ($in))) {
// First octet of 2 octet sequence
$mUcs4 = ($in);
$mUcs4 = ($mUcs4 & 0x1F) << 6;
$mState = 1;
$mBytes = 2;
} elseif (0xE0 == (0xF0 & ($in))) {
// First octet of 3 octet sequence
$mUcs4 = ($in);
$mUcs4 = ($mUcs4 & 0x0F) << 12;
$mState = 2;
$mBytes = 3;
} elseif (0xF0 == (0xF8 & ($in))) {
// First octet of 4 octet sequence
$mUcs4 = ($in);
$mUcs4 = ($mUcs4 & 0x07) << 18;
$mState = 3;
$mBytes = 4;
} elseif (0xF8 == (0xFC & ($in))) {
// First octet of 5 octet sequence.
//
// This is illegal because the encoded codepoint must be
// either:
// (a) not the shortest form or
// (b) outside the Unicode range of 0-0x10FFFF.
// Rather than trying to resynchronize, we will carry on
// until the end of the sequence and let the later error
// handling code catch it.
$mUcs4 = ($in);
$mUcs4 = ($mUcs4 & 0x03) << 24;
$mState = 4;
$mBytes = 5;
} elseif (0xFC == (0xFE & ($in))) {
// First octet of 6 octet sequence, see comments for 5
// octet sequence.
$mUcs4 = ($in);
$mUcs4 = ($mUcs4 & 1) << 30;
$mState = 5;
$mBytes = 6;
} else {
// Current octet is neither in the US-ASCII range nor a
// legal first octet of a multi-octet sequence.
$mState = 0;
$mUcs4 = 0;
$mBytes = 1;
$char = '';
}
} else {
// When mState is non-zero, we expect a continuation of the
// multi-octet sequence
if (0x80 == (0xC0 & ($in))) {
// Legal continuation.
$shift = ($mState - 1) * 6;
$tmp = $in;
$tmp = ($tmp & 0x0000003F) << $shift;
$mUcs4 |= $tmp;
if (0 == --$mState) {
// End of the multi-octet sequence. mUcs4 now contains
// the final Unicode codepoint to be output
// Check for illegal sequences and codepoints.
// From Unicode 3.1, non-shortest form is illegal
if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
(4 < $mBytes) ||
// From Unicode 3.2, surrogate characters = illegal
(($mUcs4 & 0xFFFFF800) == 0xD800) ||
// Codepoints outside the Unicode range are illegal
($mUcs4 > 0x10FFFF)
) {
} elseif (0xFEFF != $mUcs4 && // omit BOM
// check for valid Char unicode codepoints
(
0x9 == $mUcs4 ||
0xA == $mUcs4 ||
0xD == $mUcs4 ||
(0x20 <= $mUcs4 && 0x7E >= $mUcs4) ||
// 7F-9F is not strictly prohibited by XML,
// but it is non-SGML, and thus we don't allow it
(0xA0 <= $mUcs4 && 0xD7FF >= $mUcs4) ||
(0x10000 <= $mUcs4 && 0x10FFFF >= $mUcs4)
)
) {
$out .= $char;
}
// initialize UTF8 cache (reset)
$mState = 0;
$mUcs4 = 0;
$mBytes = 1;
$char = '';
}
} else {
// ((0xC0 & (*in) != 0x80) && (mState != 0))
// Incomplete multi-octet sequence.
// used to result in complete fail, but we'll reset
$mState = 0;
$mUcs4 = 0;
$mBytes = 1;
$char ='';
}
}
}
return $out;
}
/**
* Translates a Unicode codepoint into its corresponding UTF-8 character.
* @note Based on Feyd's function at
* ,
* which is in public domain.
* @note While we're going to do code point parsing anyway, a good
* optimization would be to refuse to translate code points that
* are non-SGML characters. However, this could lead to duplication.
* @note This is very similar to the unichr function in
* maintenance/generate-entity-file.php (although this is superior,
* due to its sanity checks).
*/
// +----------+----------+----------+----------+
// | 33222222 | 22221111 | 111111 | |
// | 10987654 | 32109876 | 54321098 | 76543210 | bit
// +----------+----------+----------+----------+
// | | | | 0xxxxxxx | 1 byte 0x00000000..0x0000007F
// | | | 110yyyyy | 10xxxxxx | 2 byte 0x00000080..0x000007FF
// | | 1110zzzz | 10yyyyyy | 10xxxxxx | 3 byte 0x00000800..0x0000FFFF
// | 11110www | 10wwzzzz | 10yyyyyy | 10xxxxxx | 4 byte 0x00010000..0x0010FFFF
// +----------+----------+----------+----------+
// | 00000000 | 00011111 | 11111111 | 11111111 | Theoretical upper limit of legal scalars: 2097151 (0x001FFFFF)
// | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
// +----------+----------+----------+----------+
public static function unichr($code)
{
if ($code > 1114111 or $code < 0 or
($code >= 55296 and $code <= 57343) ) {
// bits are set outside the "valid" range as defined
// by UNICODE 4.1.0
return '';
}
$x = $y = $z = $w = 0;
if ($code < 128) {
// regular ASCII character
$x = $code;
} else {
// set up bits for UTF-8
$x = ($code & 63) | 128;
if ($code < 2048) {
$y = (($code & 2047) >> 6) | 192;
} else {
$y = (($code & 4032) >> 6) | 128;
if ($code < 65536) {
$z = (($code >> 12) & 15) | 224;
} else {
$z = (($code >> 12) & 63) | 128;
$w = (($code >> 18) & 7) | 240;
}
}
}
// set up the actual character
$ret = '';
if ($w) {
$ret .= chr($w);
}
if ($z) {
$ret .= chr($z);
}
if ($y) {
$ret .= chr($y);
}
$ret .= chr($x);
return $ret;
}
/**
* @return bool
*/
public static function iconvAvailable()
{
static $iconv = null;
if ($iconv === null) {
$iconv = function_exists('iconv') && self::testIconvTruncateBug() != self::ICONV_UNUSABLE;
}
return $iconv;
}
/**
* Convert a string to UTF-8 based on configuration.
* @param string $str The string to convert
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public static function convertToUTF8($str, $config, $context)
{
$encoding = $config->get('Core.Encoding');
if ($encoding === 'utf-8') {
return $str;
}
static $iconv = null;
if ($iconv === null) {
$iconv = self::iconvAvailable();
}
if ($iconv && !$config->get('Test.ForceNoIconv')) {
// unaffected by bugs, since UTF-8 support all characters
$str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
if ($str === false) {
// $encoding is not a valid encoding
trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
return '';
}
// If the string is bjorked by Shift_JIS or a similar encoding
// that doesn't support all of ASCII, convert the naughty
// characters to their true byte-wise ASCII/UTF-8 equivalents.
$str = strtr($str, self::testEncodingSupportsASCII($encoding));
return $str;
} elseif ($encoding === 'iso-8859-1') {
$str = utf8_encode($str);
return $str;
}
$bug = HTMLPurifier_Encoder::testIconvTruncateBug();
if ($bug == self::ICONV_OK) {
trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
} else {
trigger_error(
'You have a buggy version of iconv, see https://bugs.php.net/bug.php?id=48147 ' .
'and http://sourceware.org/bugzilla/show_bug.cgi?id=13541',
E_USER_ERROR
);
}
}
/**
* Converts a string from UTF-8 based on configuration.
* @param string $str The string to convert
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
* @note Currently, this is a lossy conversion, with unexpressable
* characters being omitted.
*/
public static function convertFromUTF8($str, $config, $context)
{
$encoding = $config->get('Core.Encoding');
if ($escape = $config->get('Core.EscapeNonASCIICharacters')) {
$str = self::convertToASCIIDumbLossless($str);
}
if ($encoding === 'utf-8') {
return $str;
}
static $iconv = null;
if ($iconv === null) {
$iconv = self::iconvAvailable();
}
if ($iconv && !$config->get('Test.ForceNoIconv')) {
// Undo our previous fix in convertToUTF8, otherwise iconv will barf
$ascii_fix = self::testEncodingSupportsASCII($encoding);
if (!$escape && !empty($ascii_fix)) {
$clear_fix = array();
foreach ($ascii_fix as $utf8 => $native) {
$clear_fix[$utf8] = '';
}
$str = strtr($str, $clear_fix);
}
$str = strtr($str, array_flip($ascii_fix));
// Normal stuff
$str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
return $str;
} elseif ($encoding === 'iso-8859-1') {
$str = utf8_decode($str);
return $str;
}
trigger_error('Encoding not supported', E_USER_ERROR);
// You might be tempted to assume that the ASCII representation
// might be OK, however, this is *not* universally true over all
// encodings. So we take the conservative route here, rather
// than forcibly turn on %Core.EscapeNonASCIICharacters
}
/**
* Lossless (character-wise) conversion of HTML to ASCII
* @param string $str UTF-8 string to be converted to ASCII
* @return string ASCII encoded string with non-ASCII character entity-ized
* @warning Adapted from MediaWiki, claiming fair use: this is a common
* algorithm. If you disagree with this license fudgery,
* implement it yourself.
* @note Uses decimal numeric entities since they are best supported.
* @note This is a DUMB function: it has no concept of keeping
* character entities that the projected character encoding
* can allow. We could possibly implement a smart version
* but that would require it to also know which Unicode
* codepoints the charset supported (not an easy task).
* @note Sort of with cleanUTF8() but it assumes that $str is
* well-formed UTF-8
*/
public static function convertToASCIIDumbLossless($str)
{
$bytesleft = 0;
$result = '';
$working = 0;
$len = strlen($str);
for ($i = 0; $i < $len; $i++) {
$bytevalue = ord($str[$i]);
if ($bytevalue <= 0x7F) { //0xxx xxxx
$result .= chr($bytevalue);
$bytesleft = 0;
} elseif ($bytevalue <= 0xBF) { //10xx xxxx
$working = $working << 6;
$working += ($bytevalue & 0x3F);
$bytesleft--;
if ($bytesleft <= 0) {
$result .= "&#" . $working . ";";
}
} elseif ($bytevalue <= 0xDF) { //110x xxxx
$working = $bytevalue & 0x1F;
$bytesleft = 1;
} elseif ($bytevalue <= 0xEF) { //1110 xxxx
$working = $bytevalue & 0x0F;
$bytesleft = 2;
} else { //1111 0xxx
$working = $bytevalue & 0x07;
$bytesleft = 3;
}
}
return $result;
}
/** No bugs detected in iconv. */
const ICONV_OK = 0;
/** Iconv truncates output if converting from UTF-8 to another
* character set with //IGNORE, and a non-encodable character is found */
const ICONV_TRUNCATES = 1;
/** Iconv does not support //IGNORE, making it unusable for
* transcoding purposes */
const ICONV_UNUSABLE = 2;
/**
* glibc iconv has a known bug where it doesn't handle the magic
* //IGNORE stanza correctly. In particular, rather than ignore
* characters, it will return an EILSEQ after consuming some number
* of characters, and expect you to restart iconv as if it were
* an E2BIG. Old versions of PHP did not respect the errno, and
* returned the fragment, so as a result you would see iconv
* mysteriously truncating output. We can work around this by
* manually chopping our input into segments of about 8000
* characters, as long as PHP ignores the error code. If PHP starts
* paying attention to the error code, iconv becomes unusable.
*
* @return int Error code indicating severity of bug.
*/
public static function testIconvTruncateBug()
{
static $code = null;
if ($code === null) {
// better not use iconv, otherwise infinite loop!
$r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1" . str_repeat('a', 9000));
if ($r === false) {
$code = self::ICONV_UNUSABLE;
} elseif (($c = strlen($r)) < 9000) {
$code = self::ICONV_TRUNCATES;
} elseif ($c > 9000) {
trigger_error(
'Your copy of iconv is extremely buggy. Please notify HTML Purifier maintainers: ' .
'include your iconv version as per phpversion()',
E_USER_ERROR
);
} else {
$code = self::ICONV_OK;
}
}
return $code;
}
/**
* This expensive function tests whether or not a given character
* encoding supports ASCII. 7/8-bit encodings like Shift_JIS will
* fail this test, and require special processing. Variable width
* encodings shouldn't ever fail.
*
* @param string $encoding Encoding name to test, as per iconv format
* @param bool $bypass Whether or not to bypass the precompiled arrays.
* @return Array of UTF-8 characters to their corresponding ASCII,
* which can be used to "undo" any overzealous iconv action.
*/
public static function testEncodingSupportsASCII($encoding, $bypass = false)
{
// All calls to iconv here are unsafe, proof by case analysis:
// If ICONV_OK, no difference.
// If ICONV_TRUNCATE, all calls involve one character inputs,
// so bug is not triggered.
// If ICONV_UNUSABLE, this call is irrelevant
static $encodings = array();
if (!$bypass) {
if (isset($encodings[$encoding])) {
return $encodings[$encoding];
}
$lenc = strtolower($encoding);
switch ($lenc) {
case 'shift_jis':
return array("\xC2\xA5" => '\\', "\xE2\x80\xBE" => '~');
case 'johab':
return array("\xE2\x82\xA9" => '\\');
}
if (strpos($lenc, 'iso-8859-') === 0) {
return array();
}
}
$ret = array();
if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) {
return false;
}
for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
$c = chr($i); // UTF-8 char
$r = self::unsafeIconv('UTF-8', "$encoding//IGNORE", $c); // initial conversion
if ($r === '' ||
// This line is needed for iconv implementations that do not
// omit characters that do not exist in the target character set
($r === $c && self::unsafeIconv($encoding, 'UTF-8//IGNORE', $r) !== $c)
) {
// Reverse engineer: what's the UTF-8 equiv of this byte
// sequence? This assumes that there's no variable width
// encoding that doesn't support ASCII.
$ret[self::unsafeIconv($encoding, 'UTF-8//IGNORE', $c)] = $c;
}
}
$encodings[$encoding] = $ret;
return $ret;
}
}
/**
* Object that provides entity lookup table from entity name to character
*/
class HTMLPurifier_EntityLookup
{
/**
* Assoc array of entity name to character represented.
* @type array
*/
public $table;
/**
* Sets up the entity lookup table from the serialized file contents.
* @param bool $file
* @note The serialized contents are versioned, but were generated
* using the maintenance script generate_entity_file.php
* @warning This is not in constructor to help enforce the Singleton
*/
public function setup($file = false)
{
if (!$file) {
$file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
}
$this->table = unserialize(file_get_contents($file));
}
/**
* Retrieves sole instance of the object.
* @param bool|HTMLPurifier_EntityLookup $prototype Optional prototype of custom lookup table to overload with.
* @return HTMLPurifier_EntityLookup
*/
public static function instance($prototype = false)
{
// no references, since PHP doesn't copy unless modified
static $instance = null;
if ($prototype) {
$instance = $prototype;
} elseif (!$instance) {
$instance = new HTMLPurifier_EntityLookup();
$instance->setup();
}
return $instance;
}
}
// if want to implement error collecting here, we'll need to use some sort
// of global data (probably trigger_error) because it's impossible to pass
// $config or $context to the callback functions.
/**
* Handles referencing and derefencing character entities
*/
class HTMLPurifier_EntityParser
{
/**
* Reference to entity lookup table.
* @type HTMLPurifier_EntityLookup
*/
protected $_entity_lookup;
/**
* Callback regex string for parsing entities.
* @type string
*/
protected $_substituteEntitiesRegex =
'/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
// 1. hex 2. dec 3. string (XML style)
/**
* Decimal to parsed string conversion table for special entities.
* @type array
*/
protected $_special_dec2str =
array(
34 => '"',
38 => '&',
39 => "'",
60 => '<',
62 => '>'
);
/**
* Stripped entity names to decimal conversion table for special entities.
* @type array
*/
protected $_special_ent2dec =
array(
'quot' => 34,
'amp' => 38,
'lt' => 60,
'gt' => 62
);
/**
* Substitutes non-special entities with their parsed equivalents. Since
* running this whenever you have parsed character is t3h 5uck, we run
* it before everything else.
*
* @param string $string String to have non-special entities parsed.
* @return string Parsed string.
*/
public function substituteNonSpecialEntities($string)
{
// it will try to detect missing semicolons, but don't rely on it
return preg_replace_callback(
$this->_substituteEntitiesRegex,
array($this, 'nonSpecialEntityCallback'),
$string
);
}
/**
* Callback function for substituteNonSpecialEntities() that does the work.
*
* @param array $matches PCRE matches array, with 0 the entire match, and
* either index 1, 2 or 3 set with a hex value, dec value,
* or string (respectively).
* @return string Replacement string.
*/
protected function nonSpecialEntityCallback($matches)
{
// replaces all but big five
$entity = $matches[0];
$is_num = (@$matches[0][1] === '#');
if ($is_num) {
$is_hex = (@$entity[2] === 'x');
$code = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
// abort for special characters
if (isset($this->_special_dec2str[$code])) {
return $entity;
}
return HTMLPurifier_Encoder::unichr($code);
} else {
if (isset($this->_special_ent2dec[$matches[3]])) {
return $entity;
}
if (!$this->_entity_lookup) {
$this->_entity_lookup = HTMLPurifier_EntityLookup::instance();
}
if (isset($this->_entity_lookup->table[$matches[3]])) {
return $this->_entity_lookup->table[$matches[3]];
} else {
return $entity;
}
}
}
/**
* Substitutes only special entities with their parsed equivalents.
*
* @notice We try to avoid calling this function because otherwise, it
* would have to be called a lot (for every parsed section).
*
* @param string $string String to have non-special entities parsed.
* @return string Parsed string.
*/
public function substituteSpecialEntities($string)
{
return preg_replace_callback(
$this->_substituteEntitiesRegex,
array($this, 'specialEntityCallback'),
$string
);
}
/**
* Callback function for substituteSpecialEntities() that does the work.
*
* This callback has same syntax as nonSpecialEntityCallback().
*
* @param array $matches PCRE-style matches array, with 0 the entire match, and
* either index 1, 2 or 3 set with a hex value, dec value,
* or string (respectively).
* @return string Replacement string.
*/
protected function specialEntityCallback($matches)
{
$entity = $matches[0];
$is_num = (@$matches[0][1] === '#');
if ($is_num) {
$is_hex = (@$entity[2] === 'x');
$int = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
return isset($this->_special_dec2str[$int]) ?
$this->_special_dec2str[$int] :
$entity;
} else {
return isset($this->_special_ent2dec[$matches[3]]) ?
$this->_special_ent2dec[$matches[3]] :
$entity;
}
}
}
/**
* Error collection class that enables HTML Purifier to report HTML
* problems back to the user
*/
class HTMLPurifier_ErrorCollector
{
/**
* Identifiers for the returned error array. These are purposely numeric
* so list() can be used.
*/
const LINENO = 0;
const SEVERITY = 1;
const MESSAGE = 2;
const CHILDREN = 3;
/**
* @type array
*/
protected $errors;
/**
* @type array
*/
protected $_current;
/**
* @type array
*/
protected $_stacks = array(array());
/**
* @type HTMLPurifier_Language
*/
protected $locale;
/**
* @type HTMLPurifier_Generator
*/
protected $generator;
/**
* @type HTMLPurifier_Context
*/
protected $context;
/**
* @type array
*/
protected $lines = array();
/**
* @param HTMLPurifier_Context $context
*/
public function __construct($context)
{
$this->locale =& $context->get('Locale');
$this->context = $context;
$this->_current =& $this->_stacks[0];
$this->errors =& $this->_stacks[0];
}
/**
* Sends an error message to the collector for later use
* @param int $severity Error severity, PHP error style (don't use E_USER_)
* @param string $msg Error message text
*/
public function send($severity, $msg)
{
$args = array();
if (func_num_args() > 2) {
$args = func_get_args();
array_shift($args);
unset($args[0]);
}
$token = $this->context->get('CurrentToken', true);
$line = $token ? $token->line : $this->context->get('CurrentLine', true);
$col = $token ? $token->col : $this->context->get('CurrentCol', true);
$attr = $this->context->get('CurrentAttr', true);
// perform special substitutions, also add custom parameters
$subst = array();
if (!is_null($token)) {
$args['CurrentToken'] = $token;
}
if (!is_null($attr)) {
$subst['$CurrentAttr.Name'] = $attr;
if (isset($token->attr[$attr])) {
$subst['$CurrentAttr.Value'] = $token->attr[$attr];
}
}
if (empty($args)) {
$msg = $this->locale->getMessage($msg);
} else {
$msg = $this->locale->formatMessage($msg, $args);
}
if (!empty($subst)) {
$msg = strtr($msg, $subst);
}
// (numerically indexed)
$error = array(
self::LINENO => $line,
self::SEVERITY => $severity,
self::MESSAGE => $msg,
self::CHILDREN => array()
);
$this->_current[] = $error;
// NEW CODE BELOW ...
// Top-level errors are either:
// TOKEN type, if $value is set appropriately, or
// "syntax" type, if $value is null
$new_struct = new HTMLPurifier_ErrorStruct();
$new_struct->type = HTMLPurifier_ErrorStruct::TOKEN;
if ($token) {
$new_struct->value = clone $token;
}
if (is_int($line) && is_int($col)) {
if (isset($this->lines[$line][$col])) {
$struct = $this->lines[$line][$col];
} else {
$struct = $this->lines[$line][$col] = $new_struct;
}
// These ksorts may present a performance problem
ksort($this->lines[$line], SORT_NUMERIC);
} else {
if (isset($this->lines[-1])) {
$struct = $this->lines[-1];
} else {
$struct = $this->lines[-1] = $new_struct;
}
}
ksort($this->lines, SORT_NUMERIC);
// Now, check if we need to operate on a lower structure
if (!empty($attr)) {
$struct = $struct->getChild(HTMLPurifier_ErrorStruct::ATTR, $attr);
if (!$struct->value) {
$struct->value = array($attr, 'PUT VALUE HERE');
}
}
if (!empty($cssprop)) {
$struct = $struct->getChild(HTMLPurifier_ErrorStruct::CSSPROP, $cssprop);
if (!$struct->value) {
// if we tokenize CSS this might be a little more difficult to do
$struct->value = array($cssprop, 'PUT VALUE HERE');
}
}
// Ok, structs are all setup, now time to register the error
$struct->addError($severity, $msg);
}
/**
* Retrieves raw error data for custom formatter to use
*/
public function getRaw()
{
return $this->errors;
}
/**
* Default HTML formatting implementation for error messages
* @param HTMLPurifier_Config $config Configuration, vital for HTML output nature
* @param array $errors Errors array to display; used for recursion.
* @return string
*/
public function getHTMLFormatted($config, $errors = null)
{
$ret = array();
$this->generator = new HTMLPurifier_Generator($config, $this->context);
if ($errors === null) {
$errors = $this->errors;
}
// 'At line' message needs to be removed
// generation code for new structure goes here. It needs to be recursive.
foreach ($this->lines as $line => $col_array) {
if ($line == -1) {
continue;
}
foreach ($col_array as $col => $struct) {
$this->_renderStruct($ret, $struct, $line, $col);
}
}
if (isset($this->lines[-1])) {
$this->_renderStruct($ret, $this->lines[-1]);
}
if (empty($errors)) {
return '' . $this->locale->getMessage('ErrorCollector: No errors') . '
';
} else {
return '- ' . implode('
- ', $ret) . '
';
}
}
private function _renderStruct(&$ret, $struct, $line = null, $col = null)
{
$stack = array($struct);
$context_stack = array(array());
while ($current = array_pop($stack)) {
$context = array_pop($context_stack);
foreach ($current->errors as $error) {
list($severity, $msg) = $error;
$string = '';
$string .= '';
// W3C uses an icon to indicate the severity of the error.
$error = $this->locale->getErrorName($severity);
$string .= "$error ";
if (!is_null($line) && !is_null($col)) {
$string .= "Line $line, Column $col: ";
} else {
$string .= 'End of Document: ';
}
$string .= '' . $this->generator->escape($msg) . ' ';
$string .= '
';
// Here, have a marker for the character on the column appropriate.
// Be sure to clip extremely long lines.
//$string .= '';
//$string .= '';
//$string .= '';
$ret[] = $string;
}
foreach ($current->children as $array) {
$context[] = $current;
$stack = array_merge($stack, array_reverse($array, true));
for ($i = count($array); $i > 0; $i--) {
$context_stack[] = $context;
}
}
}
}
}
/**
* Records errors for particular segments of an HTML document such as tokens,
* attributes or CSS properties. They can contain error structs (which apply
* to components of what they represent), but their main purpose is to hold
* errors applying to whatever struct is being used.
*/
class HTMLPurifier_ErrorStruct
{
/**
* Possible values for $children first-key. Note that top-level structures
* are automatically token-level.
*/
const TOKEN = 0;
const ATTR = 1;
const CSSPROP = 2;
/**
* Type of this struct.
* @type string
*/
public $type;
/**
* Value of the struct we are recording errors for. There are various
* values for this:
* - TOKEN: Instance of HTMLPurifier_Token
* - ATTR: array('attr-name', 'value')
* - CSSPROP: array('prop-name', 'value')
* @type mixed
*/
public $value;
/**
* Errors registered for this structure.
* @type array
*/
public $errors = array();
/**
* Child ErrorStructs that are from this structure. For example, a TOKEN
* ErrorStruct would contain ATTR ErrorStructs. This is a multi-dimensional
* array in structure: [TYPE]['identifier']
* @type array
*/
public $children = array();
/**
* @param string $type
* @param string $id
* @return mixed
*/
public function getChild($type, $id)
{
if (!isset($this->children[$type][$id])) {
$this->children[$type][$id] = new HTMLPurifier_ErrorStruct();
$this->children[$type][$id]->type = $type;
}
return $this->children[$type][$id];
}
/**
* @param int $severity
* @param string $message
*/
public function addError($severity, $message)
{
$this->errors[] = array($severity, $message);
}
}
/**
* Global exception class for HTML Purifier; any exceptions we throw
* are from here.
*/
class HTMLPurifier_Exception extends Exception
{
}
/**
* Represents a pre or post processing filter on HTML Purifier's output
*
* Sometimes, a little ad-hoc fixing of HTML has to be done before
* it gets sent through HTML Purifier: you can use filters to acheive
* this effect. For instance, YouTube videos can be preserved using
* this manner. You could have used a decorator for this task, but
* PHP's support for them is not terribly robust, so we're going
* to just loop through the filters.
*
* Filters should be exited first in, last out. If there are three filters,
* named 1, 2 and 3, the order of execution should go 1->preFilter,
* 2->preFilter, 3->preFilter, purify, 3->postFilter, 2->postFilter,
* 1->postFilter.
*
* @note Methods are not declared abstract as it is perfectly legitimate
* for an implementation not to want anything to happen on a step
*/
class HTMLPurifier_Filter
{
/**
* Name of the filter for identification purposes.
* @type string
*/
public $name;
/**
* Pre-processor function, handles HTML before HTML Purifier
* @param string $html
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public function preFilter($html, $config, $context)
{
return $html;
}
/**
* Post-processor function, handles HTML after HTML Purifier
* @param string $html
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public function postFilter($html, $config, $context)
{
return $html;
}
}
/**
* Generates HTML from tokens.
* @todo Refactor interface so that configuration/context is determined
* upon instantiation, no need for messy generateFromTokens() calls
* @todo Make some of the more internal functions protected, and have
* unit tests work around that
*/
class HTMLPurifier_Generator
{
/**
* Whether or not generator should produce XML output.
* @type bool
*/
private $_xhtml = true;
/**
* :HACK: Whether or not generator should comment the insides of )#si',
array($this, 'scriptCallback'),
$html
);
}
$html = $this->normalize($html, $config, $context);
$cursor = 0; // our location in the text
$inside_tag = false; // whether or not we're parsing the inside of a tag
$array = array(); // result array
// This is also treated to mean maintain *column* numbers too
$maintain_line_numbers = $config->get('Core.MaintainLineNumbers');
if ($maintain_line_numbers === null) {
// automatically determine line numbering by checking
// if error collection is on
$maintain_line_numbers = $config->get('Core.CollectErrors');
}
if ($maintain_line_numbers) {
$current_line = 1;
$current_col = 0;
$length = strlen($html);
} else {
$current_line = false;
$current_col = false;
$length = false;
}
$context->register('CurrentLine', $current_line);
$context->register('CurrentCol', $current_col);
$nl = "\n";
// how often to manually recalculate. This will ALWAYS be right,
// but it's pretty wasteful. Set to 0 to turn off
$synchronize_interval = $config->get('Core.DirectLexLineNumberSyncInterval');
$e = false;
if ($config->get('Core.CollectErrors')) {
$e =& $context->get('ErrorCollector');
}
// for testing synchronization
$loops = 0;
while (++$loops) {
// $cursor is either at the start of a token, or inside of
// a tag (i.e. there was a < immediately before it), as indicated
// by $inside_tag
if ($maintain_line_numbers) {
// $rcursor, however, is always at the start of a token.
$rcursor = $cursor - (int)$inside_tag;
// Column number is cheap, so we calculate it every round.
// We're interested at the *end* of the newline string, so
// we need to add strlen($nl) == 1 to $nl_pos before subtracting it
// from our "rcursor" position.
$nl_pos = strrpos($html, $nl, $rcursor - $length);
$current_col = $rcursor - (is_bool($nl_pos) ? 0 : $nl_pos + 1);
// recalculate lines
if ($synchronize_interval && // synchronization is on
$cursor > 0 && // cursor is further than zero
$loops % $synchronize_interval === 0) { // time to synchronize!
$current_line = 1 + $this->substrCount($html, $nl, 0, $cursor);
}
}
$position_next_lt = strpos($html, '<', $cursor);
$position_next_gt = strpos($html, '>', $cursor);
// triggers on "asdf" but not "asdf "
// special case to set up context
if ($position_next_lt === $cursor) {
$inside_tag = true;
$cursor++;
}
if (!$inside_tag && $position_next_lt !== false) {
// We are not inside tag and there still is another tag to parse
$token = new
HTMLPurifier_Token_Text(
$this->parseData(
substr(
$html,
$cursor,
$position_next_lt - $cursor
)
)
);
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $position_next_lt - $cursor);
}
$array[] = $token;
$cursor = $position_next_lt + 1;
$inside_tag = true;
continue;
} elseif (!$inside_tag) {
// We are not inside tag but there are no more tags
// If we're already at the end, break
if ($cursor === strlen($html)) {
break;
}
// Create Text of rest of string
$token = new
HTMLPurifier_Token_Text(
$this->parseData(
substr(
$html,
$cursor
)
)
);
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
}
$array[] = $token;
break;
} elseif ($inside_tag && $position_next_gt !== false) {
// We are in tag and it is well formed
// Grab the internals of the tag
$strlen_segment = $position_next_gt - $cursor;
if ($strlen_segment < 1) {
// there's nothing to process!
$token = new HTMLPurifier_Token_Text('<');
$cursor++;
continue;
}
$segment = substr($html, $cursor, $strlen_segment);
if ($segment === false) {
// somehow, we attempted to access beyond the end of
// the string, defense-in-depth, reported by Nate Abele
break;
}
// Check if it's a comment
if (substr($segment, 0, 3) === '!--') {
// re-determine segment length, looking for -->
$position_comment_end = strpos($html, '-->', $cursor);
if ($position_comment_end === false) {
// uh oh, we have a comment that extends to
// infinity. Can't be helped: set comment
// end position to end of string
if ($e) {
$e->send(E_WARNING, 'Lexer: Unclosed comment');
}
$position_comment_end = strlen($html);
$end = true;
} else {
$end = false;
}
$strlen_segment = $position_comment_end - $cursor;
$segment = substr($html, $cursor, $strlen_segment);
$token = new
HTMLPurifier_Token_Comment(
substr(
$segment,
3,
$strlen_segment - 3
)
);
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment);
}
$array[] = $token;
$cursor = $end ? $position_comment_end : $position_comment_end + 3;
$inside_tag = false;
continue;
}
// Check if it's an end tag
$is_end_tag = (strpos($segment, '/') === 0);
if ($is_end_tag) {
$type = substr($segment, 1);
$token = new HTMLPurifier_Token_End($type);
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
}
$array[] = $token;
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Check leading character is alnum, if not, we may
// have accidently grabbed an emoticon. Translate into
// text and go our merry way
if (!ctype_alpha($segment[0])) {
// XML: $segment[0] !== '_' && $segment[0] !== ':'
if ($e) {
$e->send(E_NOTICE, 'Lexer: Unescaped lt');
}
$token = new HTMLPurifier_Token_Text('<');
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
}
$array[] = $token;
$inside_tag = false;
continue;
}
// Check if it is explicitly self closing, if so, remove
// trailing slash. Remember, we could have a tag like
, so
// any later token processing scripts must convert improperly
// classified EmptyTags from StartTags.
$is_self_closing = (strrpos($segment, '/') === $strlen_segment - 1);
if ($is_self_closing) {
$strlen_segment--;
$segment = substr($segment, 0, $strlen_segment);
}
// Check if there are any attributes
$position_first_space = strcspn($segment, $this->_whitespace);
if ($position_first_space >= $strlen_segment) {
if ($is_self_closing) {
$token = new HTMLPurifier_Token_Empty($segment);
} else {
$token = new HTMLPurifier_Token_Start($segment);
}
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
}
$array[] = $token;
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Grab out all the data
$type = substr($segment, 0, $position_first_space);
$attribute_string =
trim(
substr(
$segment,
$position_first_space
)
);
if ($attribute_string) {
$attr = $this->parseAttributeString(
$attribute_string,
$config,
$context
);
} else {
$attr = array();
}
if ($is_self_closing) {
$token = new HTMLPurifier_Token_Empty($type, $attr);
} else {
$token = new HTMLPurifier_Token_Start($type, $attr);
}
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
}
$array[] = $token;
$cursor = $position_next_gt + 1;
$inside_tag = false;
continue;
} else {
// inside tag, but there's no ending > sign
if ($e) {
$e->send(E_WARNING, 'Lexer: Missing gt');
}
$token = new
HTMLPurifier_Token_Text(
'<' .
$this->parseData(
substr($html, $cursor)
)
);
if ($maintain_line_numbers) {
$token->rawPosition($current_line, $current_col);
}
// no cursor scroll? Hmm...
$array[] = $token;
break;
}
break;
}
$context->destroy('CurrentLine');
$context->destroy('CurrentCol');
return $array;
}
/**
* PHP 5.0.x compatible substr_count that implements offset and length
* @param string $haystack
* @param string $needle
* @param int $offset
* @param int $length
* @return int
*/
protected function substrCount($haystack, $needle, $offset, $length)
{
static $oldVersion;
if ($oldVersion === null) {
$oldVersion = version_compare(PHP_VERSION, '5.1', '<');
}
if ($oldVersion) {
$haystack = substr($haystack, $offset, $length);
return substr_count($haystack, $needle);
} else {
return substr_count($haystack, $needle, $offset, $length);
}
}
/**
* Takes the inside of an HTML tag and makes an assoc array of attributes.
*
* @param string $string Inside of tag excluding name.
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array Assoc array of attributes.
*/
public function parseAttributeString($string, $config, $context)
{
$string = (string)$string; // quick typecast
if ($string == '') {
return array();
} // no attributes
$e = false;
if ($config->get('Core.CollectErrors')) {
$e =& $context->get('ErrorCollector');
}
// let's see if we can abort as quickly as possible
// one equal sign, no spaces => one attribute
$num_equal = substr_count($string, '=');
$has_space = strpos($string, ' ');
if ($num_equal === 0 && !$has_space) {
// bool attribute
return array($string => $string);
} elseif ($num_equal === 1 && !$has_space) {
// only one attribute
list($key, $quoted_value) = explode('=', $string);
$quoted_value = trim($quoted_value);
if (!$key) {
if ($e) {
$e->send(E_ERROR, 'Lexer: Missing attribute key');
}
return array();
}
if (!$quoted_value) {
return array($key => '');
}
$first_char = @$quoted_value[0];
$last_char = @$quoted_value[strlen($quoted_value) - 1];
$same_quote = ($first_char == $last_char);
$open_quote = ($first_char == '"' || $first_char == "'");
if ($same_quote && $open_quote) {
// well behaved
$value = substr($quoted_value, 1, strlen($quoted_value) - 2);
} else {
// not well behaved
if ($open_quote) {
if ($e) {
$e->send(E_ERROR, 'Lexer: Missing end quote');
}
$value = substr($quoted_value, 1);
} else {
$value = $quoted_value;
}
}
if ($value === false) {
$value = '';
}
return array($key => $this->parseData($value));
}
// setup loop environment
$array = array(); // return assoc array of attributes
$cursor = 0; // current position in string (moves forward)
$size = strlen($string); // size of the string (stays the same)
// if we have unquoted attributes, the parser expects a terminating
// space, so let's guarantee that there's always a terminating space.
$string .= ' ';
$old_cursor = -1;
while ($cursor < $size) {
if ($old_cursor >= $cursor) {
throw new Exception("Infinite loop detected");
}
$old_cursor = $cursor;
$cursor += ($value = strspn($string, $this->_whitespace, $cursor));
// grab the key
$key_begin = $cursor; //we're currently at the start of the key
// scroll past all characters that are the key (not whitespace or =)
$cursor += strcspn($string, $this->_whitespace . '=', $cursor);
$key_end = $cursor; // now at the end of the key
$key = substr($string, $key_begin, $key_end - $key_begin);
if (!$key) {
if ($e) {
$e->send(E_ERROR, 'Lexer: Missing attribute key');
}
$cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
continue; // empty key
}
// scroll past all whitespace
$cursor += strspn($string, $this->_whitespace, $cursor);
if ($cursor >= $size) {
$array[$key] = $key;
break;
}
// if the next character is an equal sign, we've got a regular
// pair, otherwise, it's a bool attribute
$first_char = @$string[$cursor];
if ($first_char == '=') {
// key="value"
$cursor++;
$cursor += strspn($string, $this->_whitespace, $cursor);
if ($cursor === false) {
$array[$key] = '';
break;
}
// we might be in front of a quote right now
$char = @$string[$cursor];
if ($char == '"' || $char == "'") {
// it's quoted, end bound is $char
$cursor++;
$value_begin = $cursor;
$cursor = strpos($string, $char, $cursor);
$value_end = $cursor;
} else {
// it's not quoted, end bound is whitespace
$value_begin = $cursor;
$cursor += strcspn($string, $this->_whitespace, $cursor);
$value_end = $cursor;
}
// we reached a premature end
if ($cursor === false) {
$cursor = $size;
$value_end = $cursor;
}
$value = substr($string, $value_begin, $value_end - $value_begin);
if ($value === false) {
$value = '';
}
$array[$key] = $this->parseData($value);
$cursor++;
} else {
// boolattr
if ($key !== '') {
$array[$key] = $key;
} else {
// purely theoretical
if ($e) {
$e->send(E_ERROR, 'Lexer: Missing attribute key');
}
}
}
}
return $array;
}
}
/**
* Concrete comment node class.
*/
class HTMLPurifier_Node_Comment extends HTMLPurifier_Node
{
/**
* Character data within comment.
* @type string
*/
public $data;
/**
* @type bool
*/
public $is_whitespace = true;
/**
* Transparent constructor.
*
* @param string $data String comment data.
* @param int $line
* @param int $col
*/
public function __construct($data, $line = null, $col = null)
{
$this->data = $data;
$this->line = $line;
$this->col = $col;
}
public function toTokenPair() {
return array(new HTMLPurifier_Token_Comment($this->data, $this->line, $this->col), null);
}
}
/**
* Concrete element node class.
*/
class HTMLPurifier_Node_Element extends HTMLPurifier_Node
{
/**
* The lower-case name of the tag, like 'a', 'b' or 'blockquote'.
*
* @note Strictly speaking, XML tags are case sensitive, so we shouldn't
* be lower-casing them, but these tokens cater to HTML tags, which are
* insensitive.
* @type string
*/
public $name;
/**
* Associative array of the node's attributes.
* @type array
*/
public $attr = array();
/**
* List of child elements.
* @type array
*/
public $children = array();
/**
* Does this use the form or the form, i.e.
* is it a pair of start/end tokens or an empty token.
* @bool
*/
public $empty = false;
public $endCol = null, $endLine = null, $endArmor = array();
public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array()) {
$this->name = $name;
$this->attr = $attr;
$this->line = $line;
$this->col = $col;
$this->armor = $armor;
}
public function toTokenPair() {
// XXX inefficiency here, normalization is not necessary
if ($this->empty) {
return array(new HTMLPurifier_Token_Empty($this->name, $this->attr, $this->line, $this->col, $this->armor), null);
} else {
$start = new HTMLPurifier_Token_Start($this->name, $this->attr, $this->line, $this->col, $this->armor);
$end = new HTMLPurifier_Token_End($this->name, array(), $this->endLine, $this->endCol, $this->endArmor);
//$end->start = $start;
return array($start, $end);
}
}
}
/**
* Concrete text token class.
*
* Text tokens comprise of regular parsed character data (PCDATA) and raw
* character data (from the CDATA sections). Internally, their
* data is parsed with all entities expanded. Surprisingly, the text token
* does have a "tag name" called #PCDATA, which is how the DTD represents it
* in permissible child nodes.
*/
class HTMLPurifier_Node_Text extends HTMLPurifier_Node
{
/**
* PCDATA tag name compatible with DTD, see
* HTMLPurifier_ChildDef_Custom for details.
* @type string
*/
public $name = '#PCDATA';
/**
* @type string
*/
public $data;
/**< Parsed character data of text. */
/**
* @type bool
*/
public $is_whitespace;
/**< Bool indicating if node is whitespace. */
/**
* Constructor, accepts data and determines if it is whitespace.
* @param string $data String parsed character data.
* @param int $line
* @param int $col
*/
public function __construct($data, $is_whitespace, $line = null, $col = null)
{
$this->data = $data;
$this->is_whitespace = $is_whitespace;
$this->line = $line;
$this->col = $col;
}
public function toTokenPair() {
return array(new HTMLPurifier_Token_Text($this->data, $this->line, $this->col), null);
}
}
/**
* Composite strategy that runs multiple strategies on tokens.
*/
abstract class HTMLPurifier_Strategy_Composite extends HTMLPurifier_Strategy
{
/**
* List of strategies to run tokens through.
* @type HTMLPurifier_Strategy[]
*/
protected $strategies = array();
/**
* @param HTMLPurifier_Token[] $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return HTMLPurifier_Token[]
*/
public function execute($tokens, $config, $context)
{
foreach ($this->strategies as $strategy) {
$tokens = $strategy->execute($tokens, $config, $context);
}
return $tokens;
}
}
/**
* Core strategy composed of the big four strategies.
*/
class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
{
public function __construct()
{
$this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
$this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
$this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
$this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
}
}
/**
* Takes a well formed list of tokens and fixes their nesting.
*
* HTML elements dictate which elements are allowed to be their children,
* for example, you can't have a p tag in a span tag. Other elements have
* much more rigorous definitions: tables, for instance, require a specific
* order for their elements. There are also constraints not expressible by
* document type definitions, such as the chameleon nature of ins/del
* tags and global child exclusions.
*
* The first major objective of this strategy is to iterate through all
* the nodes and determine whether or not their children conform to the
* element's definition. If they do not, the child definition may
* optionally supply an amended list of elements that is valid or
* require that the entire node be deleted (and the previous node
* rescanned).
*
* The second objective is to ensure that explicitly excluded elements of
* an element do not appear in its children. Code that accomplishes this
* task is pervasive through the strategy, though the two are distinct tasks
* and could, theoretically, be seperated (although it's not recommended).
*
* @note Whether or not unrecognized children are silently dropped or
* translated into text depends on the child definitions.
*
* @todo Enable nodes to be bubbled out of the structure. This is
* easier with our new algorithm.
*/
class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
{
/**
* @param HTMLPurifier_Token[] $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array|HTMLPurifier_Token[]
*/
public function execute($tokens, $config, $context)
{
//####################################################################//
// Pre-processing
// O(n) pass to convert to a tree, so that we can efficiently
// refer to substrings
$top_node = HTMLPurifier_Arborize::arborize($tokens, $config, $context);
// get a copy of the HTML definition
$definition = $config->getHTMLDefinition();
$excludes_enabled = !$config->get('Core.DisableExcludes');
// setup the context variable 'IsInline', for chameleon processing
// is 'false' when we are not inline, 'true' when it must always
// be inline, and an integer when it is inline for a certain
// branch of the document tree
$is_inline = $definition->info_parent_def->descendants_are_inline;
$context->register('IsInline', $is_inline);
// setup error collector
$e =& $context->get('ErrorCollector', true);
//####################################################################//
// Loop initialization
// stack that contains all elements that are excluded
// it is organized by parent elements, similar to $stack,
// but it is only populated when an element with exclusions is
// processed, i.e. there won't be empty exclusions.
$exclude_stack = array($definition->info_parent_def->excludes);
// variable that contains the start token while we are processing
// nodes. This enables error reporting to do its job
$node = $top_node;
// dummy token
list($token, $d) = $node->toTokenPair();
$context->register('CurrentNode', $node);
$context->register('CurrentToken', $token);
//####################################################################//
// Loop
// We need to implement a post-order traversal iteratively, to
// avoid running into stack space limits. This is pretty tricky
// to reason about, so we just manually stack-ify the recursive
// variant:
//
// function f($node) {
// foreach ($node->children as $child) {
// f($child);
// }
// validate($node);
// }
//
// Thus, we will represent a stack frame as array($node,
// $is_inline, stack of children)
// e.g. array_reverse($node->children) - already processed
// children.
$parent_def = $definition->info_parent_def;
$stack = array(
array($top_node,
$parent_def->descendants_are_inline,
$parent_def->excludes, // exclusions
0)
);
while (!empty($stack)) {
list($node, $is_inline, $excludes, $ix) = array_pop($stack);
// recursive call
$go = false;
$def = empty($stack) ? $definition->info_parent_def : $definition->info[$node->name];
while (isset($node->children[$ix])) {
$child = $node->children[$ix++];
if ($child instanceof HTMLPurifier_Node_Element) {
$go = true;
$stack[] = array($node, $is_inline, $excludes, $ix);
$stack[] = array($child,
// ToDo: I don't think it matters if it's def or
// child_def, but double check this...
$is_inline || $def->descendants_are_inline,
empty($def->excludes) ? $excludes
: array_merge($excludes, $def->excludes),
0);
break;
}
};
if ($go) continue;
list($token, $d) = $node->toTokenPair();
// base case
if ($excludes_enabled && isset($excludes[$node->name])) {
$node->dead = true;
if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node excluded');
} else {
// XXX I suppose it would be slightly more efficient to
// avoid the allocation here and have children
// strategies handle it
$children = array();
foreach ($node->children as $child) {
if (!$child->dead) $children[] = $child;
}
$result = $def->child->validateChildren($children, $config, $context);
if ($result === true) {
// nop
$node->children = $children;
} elseif ($result === false) {
$node->dead = true;
if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node removed');
} else {
$node->children = $result;
if ($e) {
// XXX This will miss mutations of internal nodes. Perhaps defer to the child validators
if (empty($result) && !empty($children)) {
$e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed');
} else if ($result != $children) {
$e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized');
}
}
}
}
}
//####################################################################//
// Post-processing
// remove context variables
$context->destroy('IsInline');
$context->destroy('CurrentNode');
$context->destroy('CurrentToken');
//####################################################################//
// Return
return HTMLPurifier_Arborize::flatten($node, $config, $context);
}
}
/**
* Takes tokens makes them well-formed (balance end tags, etc.)
*
* Specification of the armor attributes this strategy uses:
*
* - MakeWellFormed_TagClosedError: This armor field is used to
* suppress tag closed errors for certain tokens [TagClosedSuppress],
* in particular, if a tag was generated automatically by HTML
* Purifier, we may rely on our infrastructure to close it for us
* and shouldn't report an error to the user [TagClosedAuto].
*/
class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
{
/**
* Array stream of tokens being processed.
* @type HTMLPurifier_Token[]
*/
protected $tokens;
/**
* Current token.
* @type HTMLPurifier_Token
*/
protected $token;
/**
* Zipper managing the true state.
* @type HTMLPurifier_Zipper
*/
protected $zipper;
/**
* Current nesting of elements.
* @type array
*/
protected $stack;
/**
* Injectors active in this stream processing.
* @type HTMLPurifier_Injector[]
*/
protected $injectors;
/**
* Current instance of HTMLPurifier_Config.
* @type HTMLPurifier_Config
*/
protected $config;
/**
* Current instance of HTMLPurifier_Context.
* @type HTMLPurifier_Context
*/
protected $context;
/**
* @param HTMLPurifier_Token[] $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return HTMLPurifier_Token[]
* @throws HTMLPurifier_Exception
*/
public function execute($tokens, $config, $context)
{
$definition = $config->getHTMLDefinition();
// local variables
$generator = new HTMLPurifier_Generator($config, $context);
$escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
// used for autoclose early abortion
$global_parent_allowed_elements = $definition->info_parent_def->child->getAllowedElements($config);
$e = $context->get('ErrorCollector', true);
$i = false; // injector index
list($zipper, $token) = HTMLPurifier_Zipper::fromArray($tokens);
if ($token === NULL) {
return array();
}
$reprocess = false; // whether or not to reprocess the same token
$stack = array();
// member variables
$this->stack =& $stack;
$this->tokens =& $tokens;
$this->token =& $token;
$this->zipper =& $zipper;
$this->config = $config;
$this->context = $context;
// context variables
$context->register('CurrentNesting', $stack);
$context->register('InputZipper', $zipper);
$context->register('CurrentToken', $token);
// -- begin INJECTOR --
$this->injectors = array();
$injectors = $config->getBatch('AutoFormat');
$def_injectors = $definition->info_injector;
$custom_injectors = $injectors['Custom'];
unset($injectors['Custom']); // special case
foreach ($injectors as $injector => $b) {
// XXX: Fix with a legitimate lookup table of enabled filters
if (strpos($injector, '.') !== false) {
continue;
}
$injector = "HTMLPurifier_Injector_$injector";
if (!$b) {
continue;
}
$this->injectors[] = new $injector;
}
foreach ($def_injectors as $injector) {
// assumed to be objects
$this->injectors[] = $injector;
}
foreach ($custom_injectors as $injector) {
if (!$injector) {
continue;
}
if (is_string($injector)) {
$injector = "HTMLPurifier_Injector_$injector";
$injector = new $injector;
}
$this->injectors[] = $injector;
}
// give the injectors references to the definition and context
// variables for performance reasons
foreach ($this->injectors as $ix => $injector) {
$error = $injector->prepare($config, $context);
if (!$error) {
continue;
}
array_splice($this->injectors, $ix, 1); // rm the injector
trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING);
}
// -- end INJECTOR --
// a note on reprocessing:
// In order to reduce code duplication, whenever some code needs
// to make HTML changes in order to make things "correct", the
// new HTML gets sent through the purifier, regardless of its
// status. This means that if we add a start token, because it
// was totally necessary, we don't have to update nesting; we just
// punt ($reprocess = true; continue;) and it does that for us.
// isset is in loop because $tokens size changes during loop exec
for (;;
// only increment if we don't need to reprocess
$reprocess ? $reprocess = false : $token = $zipper->next($token)) {
// check for a rewind
if (is_int($i)) {
// possibility: disable rewinding if the current token has a
// rewind set on it already. This would offer protection from
// infinite loop, but might hinder some advanced rewinding.
$rewind_offset = $this->injectors[$i]->getRewindOffset();
if (is_int($rewind_offset)) {
for ($j = 0; $j < $rewind_offset; $j++) {
if (empty($zipper->front)) break;
$token = $zipper->prev($token);
// indicate that other injectors should not process this token,
// but we need to reprocess it
unset($token->skip[$i]);
$token->rewind = $i;
if ($token instanceof HTMLPurifier_Token_Start) {
array_pop($this->stack);
} elseif ($token instanceof HTMLPurifier_Token_End) {
$this->stack[] = $token->start;
}
}
}
$i = false;
}
// handle case of document end
if ($token === NULL) {
// kill processing if stack is empty
if (empty($this->stack)) {
break;
}
// peek
$top_nesting = array_pop($this->stack);
$this->stack[] = $top_nesting;
// send error [TagClosedSuppress]
if ($e && !isset($top_nesting->armor['MakeWellFormed_TagClosedError'])) {
$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by document end', $top_nesting);
}
// append, don't splice, since this is the end
$token = new HTMLPurifier_Token_End($top_nesting->name);
// punt!
$reprocess = true;
continue;
}
//echo '
'; printZipper($zipper, $token);//printTokens($this->stack);
//flush();
// quick-check: if it's not a tag, no need to process
if (empty($token->is_tag)) {
if ($token instanceof HTMLPurifier_Token_Text) {
foreach ($this->injectors as $i => $injector) {
if (isset($token->skip[$i])) {
continue;
}
if ($token->rewind !== null && $token->rewind !== $i) {
continue;
}
// XXX fuckup
$r = $token;
$injector->handleText($r);
$token = $this->processToken($r, $i);
$reprocess = true;
break;
}
}
// another possibility is a comment
continue;
}
if (isset($definition->info[$token->name])) {
$type = $definition->info[$token->name]->child->type;
} else {
$type = false; // Type is unknown, treat accordingly
}
// quick tag checks: anything that's *not* an end tag
$ok = false;
if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) {
// claims to be a start tag but is empty
$token = new HTMLPurifier_Token_Empty(
$token->name,
$token->attr,
$token->line,
$token->col,
$token->armor
);
$ok = true;
} elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) {
// claims to be empty but really is a start tag
// NB: this assignment is required
$old_token = $token;
$token = new HTMLPurifier_Token_End($token->name);
$token = $this->insertBefore(
new HTMLPurifier_Token_Start($old_token->name, $old_token->attr, $old_token->line, $old_token->col, $old_token->armor)
);
// punt (since we had to modify the input stream in a non-trivial way)
$reprocess = true;
continue;
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
// real empty token
$ok = true;
} elseif ($token instanceof HTMLPurifier_Token_Start) {
// start tag
// ...unless they also have to close their parent
if (!empty($this->stack)) {
// Performance note: you might think that it's rather
// inefficient, recalculating the autoclose information
// for every tag that a token closes (since when we
// do an autoclose, we push a new token into the
// stream and then /process/ that, before
// re-processing this token.) But this is
// necessary, because an injector can make an
// arbitrary transformations to the autoclosing
// tokens we introduce, so things may have changed
// in the meantime. Also, doing the inefficient thing is
// "easy" to reason about (for certain perverse definitions
// of "easy")
$parent = array_pop($this->stack);
$this->stack[] = $parent;
$parent_def = null;
$parent_elements = null;
$autoclose = false;
if (isset($definition->info[$parent->name])) {
$parent_def = $definition->info[$parent->name];
$parent_elements = $parent_def->child->getAllowedElements($config);
$autoclose = !isset($parent_elements[$token->name]);
}
if ($autoclose && $definition->info[$token->name]->wrap) {
// Check if an element can be wrapped by another
// element to make it valid in a context (for
// example, needs a - in between)
$wrapname = $definition->info[$token->name]->wrap;
$wrapdef = $definition->info[$wrapname];
$elements = $wrapdef->child->getAllowedElements($config);
if (isset($elements[$token->name]) && isset($parent_elements[$wrapname])) {
$newtoken = new HTMLPurifier_Token_Start($wrapname);
$token = $this->insertBefore($newtoken);
$reprocess = true;
continue;
}
}
$carryover = false;
if ($autoclose && $parent_def->formatting) {
$carryover = true;
}
if ($autoclose) {
// check if this autoclose is doomed to fail
// (this rechecks $parent, which his harmless)
$autoclose_ok = isset($global_parent_allowed_elements[$token->name]);
if (!$autoclose_ok) {
foreach ($this->stack as $ancestor) {
$elements = $definition->info[$ancestor->name]->child->getAllowedElements($config);
if (isset($elements[$token->name])) {
$autoclose_ok = true;
break;
}
if ($definition->info[$token->name]->wrap) {
$wrapname = $definition->info[$token->name]->wrap;
$wrapdef = $definition->info[$wrapname];
$wrap_elements = $wrapdef->child->getAllowedElements($config);
if (isset($wrap_elements[$token->name]) && isset($elements[$wrapname])) {
$autoclose_ok = true;
break;
}
}
}
}
if ($autoclose_ok) {
// errors need to be updated
$new_token = new HTMLPurifier_Token_End($parent->name);
$new_token->start = $parent;
// [TagClosedSuppress]
if ($e && !isset($parent->armor['MakeWellFormed_TagClosedError'])) {
if (!$carryover) {
$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag auto closed', $parent);
} else {
$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag carryover', $parent);
}
}
if ($carryover) {
$element = clone $parent;
// [TagClosedAuto]
$element->armor['MakeWellFormed_TagClosedError'] = true;
$element->carryover = true;
$token = $this->processToken(array($new_token, $token, $element));
} else {
$token = $this->insertBefore($new_token);
}
} else {
$token = $this->remove();
}
$reprocess = true;
continue;
}
}
$ok = true;
}
if ($ok) {
foreach ($this->injectors as $i => $injector) {
if (isset($token->skip[$i])) {
continue;
}
if ($token->rewind !== null && $token->rewind !== $i) {
continue;
}
$r = $token;
$injector->handleElement($r);
$token = $this->processToken($r, $i);
$reprocess = true;
break;
}
if (!$reprocess) {
// ah, nothing interesting happened; do normal processing
if ($token instanceof HTMLPurifier_Token_Start) {
$this->stack[] = $token;
} elseif ($token instanceof HTMLPurifier_Token_End) {
throw new HTMLPurifier_Exception(
'Improper handling of end tag in start code; possible error in MakeWellFormed'
);
}
}
continue;
}
// sanity check: we should be dealing with a closing tag
if (!$token instanceof HTMLPurifier_Token_End) {
throw new HTMLPurifier_Exception('Unaccounted for tag token in input stream, bug in HTML Purifier');
}
// make sure that we have something open
if (empty($this->stack)) {
if ($escape_invalid_tags) {
if ($e) {
$e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
}
$token = new HTMLPurifier_Token_Text($generator->generateFromToken($token));
} else {
if ($e) {
$e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
}
$token = $this->remove();
}
$reprocess = true;
continue;
}
// first, check for the simplest case: everything closes neatly.
// Eventually, everything passes through here; if there are problems
// we modify the input stream accordingly and then punt, so that
// the tokens get processed again.
$current_parent = array_pop($this->stack);
if ($current_parent->name == $token->name) {
$token->start = $current_parent;
foreach ($this->injectors as $i => $injector) {
if (isset($token->skip[$i])) {
continue;
}
if ($token->rewind !== null && $token->rewind !== $i) {
continue;
}
$r = $token;
$injector->handleEnd($r);
$token = $this->processToken($r, $i);
$this->stack[] = $current_parent;
$reprocess = true;
break;
}
continue;
}
// okay, so we're trying to close the wrong tag
// undo the pop previous pop
$this->stack[] = $current_parent;
// scroll back the entire nest, trying to find our tag.
// (feature could be to specify how far you'd like to go)
$size = count($this->stack);
// -2 because -1 is the last element, but we already checked that
$skipped_tags = false;
for ($j = $size - 2; $j >= 0; $j--) {
if ($this->stack[$j]->name == $token->name) {
$skipped_tags = array_slice($this->stack, $j);
break;
}
}
// we didn't find the tag, so remove
if ($skipped_tags === false) {
if ($escape_invalid_tags) {
if ($e) {
$e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
}
$token = new HTMLPurifier_Token_Text($generator->generateFromToken($token));
} else {
if ($e) {
$e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
}
$token = $this->remove();
}
$reprocess = true;
continue;
}
// do errors, in REVERSE $j order: a,b,c with
$c = count($skipped_tags);
if ($e) {
for ($j = $c - 1; $j > 0; $j--) {
// notice we exclude $j == 0, i.e. the current ending tag, from
// the errors... [TagClosedSuppress]
if (!isset($skipped_tags[$j]->armor['MakeWellFormed_TagClosedError'])) {
$e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by element end', $skipped_tags[$j]);
}
}
}
// insert tags, in FORWARD $j order: c,b,a with
$replace = array($token);
for ($j = 1; $j < $c; $j++) {
// ...as well as from the insertions
$new_token = new HTMLPurifier_Token_End($skipped_tags[$j]->name);
$new_token->start = $skipped_tags[$j];
array_unshift($replace, $new_token);
if (isset($definition->info[$new_token->name]) && $definition->info[$new_token->name]->formatting) {
// [TagClosedAuto]
$element = clone $skipped_tags[$j];
$element->carryover = true;
$element->armor['MakeWellFormed_TagClosedError'] = true;
$replace[] = $element;
}
}
$token = $this->processToken($replace);
$reprocess = true;
continue;
}
$context->destroy('CurrentToken');
$context->destroy('CurrentNesting');
$context->destroy('InputZipper');
unset($this->injectors, $this->stack, $this->tokens);
return $zipper->toArray($token);
}
/**
* Processes arbitrary token values for complicated substitution patterns.
* In general:
*
* If $token is an array, it is a list of tokens to substitute for the
* current token. These tokens then get individually processed. If there
* is a leading integer in the list, that integer determines how many
* tokens from the stream should be removed.
*
* If $token is a regular token, it is swapped with the current token.
*
* If $token is false, the current token is deleted.
*
* If $token is an integer, that number of tokens (with the first token
* being the current one) will be deleted.
*
* @param HTMLPurifier_Token|array|int|bool $token Token substitution value
* @param HTMLPurifier_Injector|int $injector Injector that performed the substitution; default is if
* this is not an injector related operation.
* @throws HTMLPurifier_Exception
*/
protected function processToken($token, $injector = -1)
{
// normalize forms of token
if (is_object($token)) {
$token = array(1, $token);
}
if (is_int($token)) {
$token = array($token);
}
if ($token === false) {
$token = array(1);
}
if (!is_array($token)) {
throw new HTMLPurifier_Exception('Invalid token type from injector');
}
if (!is_int($token[0])) {
array_unshift($token, 1);
}
if ($token[0] === 0) {
throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
}
// $token is now an array with the following form:
// array(number nodes to delete, new node 1, new node 2, ...)
$delete = array_shift($token);
list($old, $r) = $this->zipper->splice($this->token, $delete, $token);
if ($injector > -1) {
// determine appropriate skips
$oldskip = isset($old[0]) ? $old[0]->skip : array();
foreach ($token as $object) {
$object->skip = $oldskip;
$object->skip[$injector] = true;
}
}
return $r;
}
/**
* Inserts a token before the current token. Cursor now points to
* this token. You must reprocess after this.
* @param HTMLPurifier_Token $token
*/
private function insertBefore($token)
{
// NB not $this->zipper->insertBefore(), due to positioning
// differences
$splice = $this->zipper->splice($this->token, 0, array($token));
return $splice[1];
}
/**
* Removes current token. Cursor now points to new token occupying previously
* occupied space. You must reprocess after this.
*/
private function remove()
{
return $this->zipper->delete();
}
}
/**
* Removes all unrecognized tags from the list of tokens.
*
* This strategy iterates through all the tokens and removes unrecognized
* tokens. If a token is not recognized but a TagTransform is defined for
* that element, the element will be transformed accordingly.
*/
class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
{
/**
* @param HTMLPurifier_Token[] $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array|HTMLPurifier_Token[]
*/
public function execute($tokens, $config, $context)
{
$definition = $config->getHTMLDefinition();
$generator = new HTMLPurifier_Generator($config, $context);
$result = array();
$escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
$remove_invalid_img = $config->get('Core.RemoveInvalidImg');
// currently only used to determine if comments should be kept
$trusted = $config->get('HTML.Trusted');
$comment_lookup = $config->get('HTML.AllowedComments');
$comment_regexp = $config->get('HTML.AllowedCommentsRegexp');
$check_comments = $comment_lookup !== array() || $comment_regexp !== null;
$remove_script_contents = $config->get('Core.RemoveScriptContents');
$hidden_elements = $config->get('Core.HiddenElements');
// remove script contents compatibility
if ($remove_script_contents === true) {
$hidden_elements['script'] = true;
} elseif ($remove_script_contents === false && isset($hidden_elements['script'])) {
unset($hidden_elements['script']);
}
$attr_validator = new HTMLPurifier_AttrValidator();
// removes tokens until it reaches a closing tag with its value
$remove_until = false;
// converts comments into text tokens when this is equal to a tag name
$textify_comments = false;
$token = false;
$context->register('CurrentToken', $token);
$e = false;
if ($config->get('Core.CollectErrors')) {
$e =& $context->get('ErrorCollector');
}
foreach ($tokens as $token) {
if ($remove_until) {
if (empty($token->is_tag) || $token->name !== $remove_until) {
continue;
}
}
if (!empty($token->is_tag)) {
// DEFINITION CALL
// before any processing, try to transform the element
if (isset($definition->info_tag_transform[$token->name])) {
$original_name = $token->name;
// there is a transformation for this tag
// DEFINITION CALL
$token = $definition->
info_tag_transform[$token->name]->transform($token, $config, $context);
if ($e) {
$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
}
}
if (isset($definition->info[$token->name])) {
// mostly everything's good, but
// we need to make sure required attributes are in order
if (($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) &&
$definition->info[$token->name]->required_attr &&
($token->name != 'img' || $remove_invalid_img) // ensure config option still works
) {
$attr_validator->validateToken($token, $config, $context);
$ok = true;
foreach ($definition->info[$token->name]->required_attr as $name) {
if (!isset($token->attr[$name])) {
$ok = false;
break;
}
}
if (!$ok) {
if ($e) {
$e->send(
E_ERROR,
'Strategy_RemoveForeignElements: Missing required attribute',
$name
);
}
continue;
}
$token->armor['ValidateAttributes'] = true;
}
if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) {
$textify_comments = $token->name;
} elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) {
$textify_comments = false;
}
} elseif ($escape_invalid_tags) {
// invalid tag, generate HTML representation and insert in
if ($e) {
$e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
}
$token = new HTMLPurifier_Token_Text(
$generator->generateFromToken($token)
);
} else {
// check if we need to destroy all of the tag's children
// CAN BE GENERICIZED
if (isset($hidden_elements[$token->name])) {
if ($token instanceof HTMLPurifier_Token_Start) {
$remove_until = $token->name;
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
// do nothing: we're still looking
} else {
$remove_until = false;
}
if ($e) {
$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
}
} else {
if ($e) {
$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
}
}
continue;
}
} elseif ($token instanceof HTMLPurifier_Token_Comment) {
// textify comments in script tags when they are allowed
if ($textify_comments !== false) {
$data = $token->data;
$token = new HTMLPurifier_Token_Text($data);
} elseif ($trusted || $check_comments) {
// always cleanup comments
$trailing_hyphen = false;
if ($e) {
// perform check whether or not there's a trailing hyphen
if (substr($token->data, -1) == '-') {
$trailing_hyphen = true;
}
}
$token->data = rtrim($token->data, '-');
$found_double_hyphen = false;
while (strpos($token->data, '--') !== false) {
$found_double_hyphen = true;
$token->data = str_replace('--', '-', $token->data);
}
if ($trusted || !empty($comment_lookup[trim($token->data)]) ||
($comment_regexp !== null && preg_match($comment_regexp, trim($token->data)))) {
// OK good
if ($e) {
if ($trailing_hyphen) {
$e->send(
E_NOTICE,
'Strategy_RemoveForeignElements: Trailing hyphen in comment removed'
);
}
if ($found_double_hyphen) {
$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed');
}
}
} else {
if ($e) {
$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
}
continue;
}
} else {
// strip comments
if ($e) {
$e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
}
continue;
}
} elseif ($token instanceof HTMLPurifier_Token_Text) {
} else {
continue;
}
$result[] = $token;
}
if ($remove_until && $e) {
// we removed tokens until the end, throw error
$e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
}
$context->destroy('CurrentToken');
return $result;
}
}
/**
* Validate all attributes in the tokens.
*/
class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
{
/**
* @param HTMLPurifier_Token[] $tokens
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return HTMLPurifier_Token[]
*/
public function execute($tokens, $config, $context)
{
// setup validator
$validator = new HTMLPurifier_AttrValidator();
$token = false;
$context->register('CurrentToken', $token);
foreach ($tokens as $key => $token) {
// only process tokens that have attributes,
// namely start and empty tags
if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) {
continue;
}
// skip tokens that are armored
if (!empty($token->armor['ValidateAttributes'])) {
continue;
}
// note that we have no facilities here for removing tokens
$validator->validateToken($token, $config, $context);
}
$context->destroy('CurrentToken');
return $tokens;
}
}
/**
* Transforms FONT tags to the proper form (SPAN with CSS styling)
*
* This transformation takes the three proprietary attributes of FONT and
* transforms them into their corresponding CSS attributes. These are color,
* face, and size.
*
* @note Size is an interesting case because it doesn't map cleanly to CSS.
* Thanks to
* http://style.cleverchimp.com/font_size_intervals/altintervals.html
* for reasonable mappings.
* @warning This doesn't work completely correctly; specifically, this
* TagTransform operates before well-formedness is enforced, so
* the "active formatting elements" algorithm doesn't get applied.
*/
class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform
{
/**
* @type string
*/
public $transform_to = 'span';
/**
* @type array
*/
protected $_size_lookup = array(
'0' => 'xx-small',
'1' => 'xx-small',
'2' => 'small',
'3' => 'medium',
'4' => 'large',
'5' => 'x-large',
'6' => 'xx-large',
'7' => '300%',
'-1' => 'smaller',
'-2' => '60%',
'+1' => 'larger',
'+2' => '150%',
'+3' => '200%',
'+4' => '300%'
);
/**
* @param HTMLPurifier_Token_Tag $tag
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return HTMLPurifier_Token_End|string
*/
public function transform($tag, $config, $context)
{
if ($tag instanceof HTMLPurifier_Token_End) {
$new_tag = clone $tag;
$new_tag->name = $this->transform_to;
return $new_tag;
}
$attr = $tag->attr;
$prepend_style = '';
// handle color transform
if (isset($attr['color'])) {
$prepend_style .= 'color:' . $attr['color'] . ';';
unset($attr['color']);
}
// handle face transform
if (isset($attr['face'])) {
$prepend_style .= 'font-family:' . $attr['face'] . ';';
unset($attr['face']);
}
// handle size transform
if (isset($attr['size'])) {
// normalize large numbers
if ($attr['size'] !== '') {
if ($attr['size']{0} == '+' || $attr['size']{0} == '-') {
$size = (int)$attr['size'];
if ($size < -2) {
$attr['size'] = '-2';
}
if ($size > 4) {
$attr['size'] = '+4';
}
} else {
$size = (int)$attr['size'];
if ($size > 7) {
$attr['size'] = '7';
}
}
}
if (isset($this->_size_lookup[$attr['size']])) {
$prepend_style .= 'font-size:' .
$this->_size_lookup[$attr['size']] . ';';
}
unset($attr['size']);
}
if ($prepend_style) {
$attr['style'] = isset($attr['style']) ?
$prepend_style . $attr['style'] :
$prepend_style;
}
$new_tag = clone $tag;
$new_tag->name = $this->transform_to;
$new_tag->attr = $attr;
return $new_tag;
}
}
/**
* Simple transformation, just change tag name to something else,
* and possibly add some styling. This will cover most of the deprecated
* tag cases.
*/
class HTMLPurifier_TagTransform_Simple extends HTMLPurifier_TagTransform
{
/**
* @type string
*/
protected $style;
/**
* @param string $transform_to Tag name to transform to.
* @param string $style CSS style to add to the tag
*/
public function __construct($transform_to, $style = null)
{
$this->transform_to = $transform_to;
$this->style = $style;
}
/**
* @param HTMLPurifier_Token_Tag $tag
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public function transform($tag, $config, $context)
{
$new_tag = clone $tag;
$new_tag->name = $this->transform_to;
if (!is_null($this->style) &&
($new_tag instanceof HTMLPurifier_Token_Start || $new_tag instanceof HTMLPurifier_Token_Empty)
) {
$this->prependCSS($new_tag->attr, $this->style);
}
return $new_tag;
}
}
/**
* Concrete comment token class. Generally will be ignored.
*/
class HTMLPurifier_Token_Comment extends HTMLPurifier_Token
{
/**
* Character data within comment.
* @type string
*/
public $data;
/**
* @type bool
*/
public $is_whitespace = true;
/**
* Transparent constructor.
*
* @param string $data String comment data.
* @param int $line
* @param int $col
*/
public function __construct($data, $line = null, $col = null)
{
$this->data = $data;
$this->line = $line;
$this->col = $col;
}
public function toNode() {
return new HTMLPurifier_Node_Comment($this->data, $this->line, $this->col);
}
}
/**
* Abstract class of a tag token (start, end or empty), and its behavior.
*/
abstract class HTMLPurifier_Token_Tag extends HTMLPurifier_Token
{
/**
* Static bool marker that indicates the class is a tag.
*
* This allows us to check objects with !empty($obj->is_tag)
* without having to use a function call is_a().
* @type bool
*/
public $is_tag = true;
/**
* The lower-case name of the tag, like 'a', 'b' or 'blockquote'.
*
* @note Strictly speaking, XML tags are case sensitive, so we shouldn't
* be lower-casing them, but these tokens cater to HTML tags, which are
* insensitive.
* @type string
*/
public $name;
/**
* Associative array of the tag's attributes.
* @type array
*/
public $attr = array();
/**
* Non-overloaded constructor, which lower-cases passed tag name.
*
* @param string $name String name.
* @param array $attr Associative array of attributes.
* @param int $line
* @param int $col
* @param array $armor
*/
public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array())
{
$this->name = ctype_lower($name) ? $name : strtolower($name);
foreach ($attr as $key => $value) {
// normalization only necessary when key is not lowercase
if (!ctype_lower($key)) {
$new_key = strtolower($key);
if (!isset($attr[$new_key])) {
$attr[$new_key] = $attr[$key];
}
if ($new_key !== $key) {
unset($attr[$key]);
}
}
}
$this->attr = $attr;
$this->line = $line;
$this->col = $col;
$this->armor = $armor;
}
public function toNode() {
return new HTMLPurifier_Node_Element($this->name, $this->attr, $this->line, $this->col, $this->armor);
}
}
/**
* Concrete empty token class.
*/
class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag
{
public function toNode() {
$n = parent::toNode();
$n->empty = true;
return $n;
}
}
/**
* Concrete end token class.
*
* @warning This class accepts attributes even though end tags cannot. This
* is for optimization reasons, as under normal circumstances, the Lexers
* do not pass attributes.
*/
class HTMLPurifier_Token_End extends HTMLPurifier_Token_Tag
{
/**
* Token that started this node.
* Added by MakeWellFormed. Please do not edit this!
* @type HTMLPurifier_Token
*/
public $start;
public function toNode() {
throw new Exception("HTMLPurifier_Token_End->toNode not supported!");
}
}
/**
* Concrete start token class.
*/
class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag
{
}
/**
* Concrete text token class.
*
* Text tokens comprise of regular parsed character data (PCDATA) and raw
* character data (from the CDATA sections). Internally, their
* data is parsed with all entities expanded. Surprisingly, the text token
* does have a "tag name" called #PCDATA, which is how the DTD represents it
* in permissible child nodes.
*/
class HTMLPurifier_Token_Text extends HTMLPurifier_Token
{
/**
* @type string
*/
public $name = '#PCDATA';
/**< PCDATA tag name compatible with DTD. */
/**
* @type string
*/
public $data;
/**< Parsed character data of text. */
/**
* @type bool
*/
public $is_whitespace;
/**< Bool indicating if node is whitespace. */
/**
* Constructor, accepts data and determines if it is whitespace.
* @param string $data String parsed character data.
* @param int $line
* @param int $col
*/
public function __construct($data, $line = null, $col = null)
{
$this->data = $data;
$this->is_whitespace = ctype_space($data);
$this->line = $line;
$this->col = $col;
}
public function toNode() {
return new HTMLPurifier_Node_Text($this->data, $this->is_whitespace, $this->line, $this->col);
}
}
class HTMLPurifier_URIFilter_DisableExternal extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'DisableExternal';
/**
* @type array
*/
protected $ourHostParts = false;
/**
* @param HTMLPurifier_Config $config
* @return void
*/
public function prepare($config)
{
$our_host = $config->getDefinition('URI')->host;
if ($our_host !== null) {
$this->ourHostParts = array_reverse(explode('.', $our_host));
}
}
/**
* @param HTMLPurifier_URI $uri Reference
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
if (is_null($uri->host)) {
return true;
}
if ($this->ourHostParts === false) {
return false;
}
$host_parts = array_reverse(explode('.', $uri->host));
foreach ($this->ourHostParts as $i => $x) {
if (!isset($host_parts[$i])) {
return false;
}
if ($host_parts[$i] != $this->ourHostParts[$i]) {
return false;
}
}
return true;
}
}
class HTMLPurifier_URIFilter_DisableExternalResources extends HTMLPurifier_URIFilter_DisableExternal
{
/**
* @type string
*/
public $name = 'DisableExternalResources';
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
if (!$context->get('EmbeddedURI', true)) {
return true;
}
return parent::filter($uri, $config, $context);
}
}
class HTMLPurifier_URIFilter_DisableResources extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'DisableResources';
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
return !$context->get('EmbeddedURI', true);
}
}
// It's not clear to me whether or not Punycode means that hostnames
// do not have canonical forms anymore. As far as I can tell, it's
// not a problem (punycoding should be identity when no Unicode
// points are involved), but I'm not 100% sure
class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'HostBlacklist';
/**
* @type array
*/
protected $blacklist = array();
/**
* @param HTMLPurifier_Config $config
* @return bool
*/
public function prepare($config)
{
$this->blacklist = $config->get('URI.HostBlacklist');
return true;
}
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
foreach ($this->blacklist as $blacklisted_host_fragment) {
if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
return false;
}
}
return true;
}
}
// does not support network paths
class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'MakeAbsolute';
/**
* @type
*/
protected $base;
/**
* @type array
*/
protected $basePathStack = array();
/**
* @param HTMLPurifier_Config $config
* @return bool
*/
public function prepare($config)
{
$def = $config->getDefinition('URI');
$this->base = $def->base;
if (is_null($this->base)) {
trigger_error(
'URI.MakeAbsolute is being ignored due to lack of ' .
'value for URI.Base configuration',
E_USER_WARNING
);
return false;
}
$this->base->fragment = null; // fragment is invalid for base URI
$stack = explode('/', $this->base->path);
array_pop($stack); // discard last segment
$stack = $this->_collapseStack($stack); // do pre-parsing
$this->basePathStack = $stack;
return true;
}
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
if (is_null($this->base)) {
return true;
} // abort early
if ($uri->path === '' && is_null($uri->scheme) &&
is_null($uri->host) && is_null($uri->query) && is_null($uri->fragment)) {
// reference to current document
$uri = clone $this->base;
return true;
}
if (!is_null($uri->scheme)) {
// absolute URI already: don't change
if (!is_null($uri->host)) {
return true;
}
$scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) {
// scheme not recognized
return false;
}
if (!$scheme_obj->hierarchical) {
// non-hierarchal URI with explicit scheme, don't change
return true;
}
// special case: had a scheme but always is hierarchical and had no authority
}
if (!is_null($uri->host)) {
// network path, don't bother
return true;
}
if ($uri->path === '') {
$uri->path = $this->base->path;
} elseif ($uri->path[0] !== '/') {
// relative path, needs more complicated processing
$stack = explode('/', $uri->path);
$new_stack = array_merge($this->basePathStack, $stack);
if ($new_stack[0] !== '' && !is_null($this->base->host)) {
array_unshift($new_stack, '');
}
$new_stack = $this->_collapseStack($new_stack);
$uri->path = implode('/', $new_stack);
} else {
// absolute path, but still we should collapse
$uri->path = implode('/', $this->_collapseStack(explode('/', $uri->path)));
}
// re-combine
$uri->scheme = $this->base->scheme;
if (is_null($uri->userinfo)) {
$uri->userinfo = $this->base->userinfo;
}
if (is_null($uri->host)) {
$uri->host = $this->base->host;
}
if (is_null($uri->port)) {
$uri->port = $this->base->port;
}
return true;
}
/**
* Resolve dots and double-dots in a path stack
* @param array $stack
* @return array
*/
private function _collapseStack($stack)
{
$result = array();
$is_folder = false;
for ($i = 0; isset($stack[$i]); $i++) {
$is_folder = false;
// absorb an internally duplicated slash
if ($stack[$i] == '' && $i && isset($stack[$i + 1])) {
continue;
}
if ($stack[$i] == '..') {
if (!empty($result)) {
$segment = array_pop($result);
if ($segment === '' && empty($result)) {
// error case: attempted to back out too far:
// restore the leading slash
$result[] = '';
} elseif ($segment === '..') {
$result[] = '..'; // cannot remove .. with ..
}
} else {
// relative path, preserve the double-dots
$result[] = '..';
}
$is_folder = true;
continue;
}
if ($stack[$i] == '.') {
// silently absorb
$is_folder = true;
continue;
}
$result[] = $stack[$i];
}
if ($is_folder) {
$result[] = '';
}
return $result;
}
}
class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'Munge';
/**
* @type bool
*/
public $post = true;
/**
* @type string
*/
private $target;
/**
* @type HTMLPurifier_URIParser
*/
private $parser;
/**
* @type bool
*/
private $doEmbed;
/**
* @type string
*/
private $secretKey;
/**
* @type array
*/
protected $replace = array();
/**
* @param HTMLPurifier_Config $config
* @return bool
*/
public function prepare($config)
{
$this->target = $config->get('URI.' . $this->name);
$this->parser = new HTMLPurifier_URIParser();
$this->doEmbed = $config->get('URI.MungeResources');
$this->secretKey = $config->get('URI.MungeSecretKey');
if ($this->secretKey && !function_exists('hash_hmac')) {
throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
}
return true;
}
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
return true;
}
$scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) {
return true;
} // ignore unknown schemes, maybe another postfilter did it
if (!$scheme_obj->browsable) {
return true;
} // ignore non-browseable schemes, since we can't munge those in a reasonable way
if ($uri->isBenign($config, $context)) {
return true;
} // don't redirect if a benign URL
$this->makeReplace($uri, $config, $context);
$this->replace = array_map('rawurlencode', $this->replace);
$new_uri = strtr($this->target, $this->replace);
$new_uri = $this->parser->parse($new_uri);
// don't redirect if the target host is the same as the
// starting host
if ($uri->host === $new_uri->host) {
return true;
}
$uri = $new_uri; // overwrite
return true;
}
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
*/
protected function makeReplace($uri, $config, $context)
{
$string = $uri->toString();
// always available
$this->replace['%s'] = $string;
$this->replace['%r'] = $context->get('EmbeddedURI', true);
$token = $context->get('CurrentToken', true);
$this->replace['%n'] = $token ? $token->name : null;
$this->replace['%m'] = $context->get('CurrentAttr', true);
$this->replace['%p'] = $context->get('CurrentCSSProperty', true);
// not always available
if ($this->secretKey) {
$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
}
}
}
/**
* Implements safety checks for safe iframes.
*
* @warning This filter is *critical* for ensuring that %HTML.SafeIframe
* works safely.
*/
class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
{
/**
* @type string
*/
public $name = 'SafeIframe';
/**
* @type bool
*/
public $always_load = true;
/**
* @type string
*/
protected $regexp = null;
// XXX: The not so good bit about how this is all set up now is we
// can't check HTML.SafeIframe in the 'prepare' step: we have to
// defer till the actual filtering.
/**
* @param HTMLPurifier_Config $config
* @return bool
*/
public function prepare($config)
{
$this->regexp = $config->get('URI.SafeIframeRegexp');
return true;
}
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
// check if filter not applicable
if (!$config->get('HTML.SafeIframe')) {
return true;
}
// check if the filter should actually trigger
if (!$context->get('EmbeddedURI', true)) {
return true;
}
$token = $context->get('CurrentToken', true);
if (!($token && $token->name == 'iframe')) {
return true;
}
// check if we actually have some whitelists enabled
if ($this->regexp === null) {
return false;
}
// actually check the whitelists
return preg_match($this->regexp, $uri->toString());
}
}
/**
* Implements data: URI for base64 encoded images supported by GD.
*/
class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
{
/**
* @type bool
*/
public $browsable = true;
/**
* @type array
*/
public $allowed_types = array(
// you better write validation code for other types if you
// decide to allow them
'image/jpeg' => true,
'image/gif' => true,
'image/png' => true,
);
// this is actually irrelevant since we only write out the path
// component
/**
* @type bool
*/
public $may_omit_host = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$result = explode(',', $uri->path, 2);
$is_base64 = false;
$charset = null;
$content_type = null;
if (count($result) == 2) {
list($metadata, $data) = $result;
// do some legwork on the metadata
$metas = explode(';', $metadata);
while (!empty($metas)) {
$cur = array_shift($metas);
if ($cur == 'base64') {
$is_base64 = true;
break;
}
if (substr($cur, 0, 8) == 'charset=') {
// doesn't match if there are arbitrary spaces, but
// whatever dude
if ($charset !== null) {
continue;
} // garbage
$charset = substr($cur, 8); // not used
} else {
if ($content_type !== null) {
continue;
} // garbage
$content_type = $cur;
}
}
} else {
$data = $result[0];
}
if ($content_type !== null && empty($this->allowed_types[$content_type])) {
return false;
}
if ($charset !== null) {
// error; we don't allow plaintext stuff
$charset = null;
}
$data = rawurldecode($data);
if ($is_base64) {
$raw_data = base64_decode($data);
} else {
$raw_data = $data;
}
// XXX probably want to refactor this into a general mechanism
// for filtering arbitrary content types
$file = tempnam("/tmp", "");
file_put_contents($file, $raw_data);
if (function_exists('exif_imagetype')) {
$image_code = exif_imagetype($file);
unlink($file);
} elseif (function_exists('getimagesize')) {
set_error_handler(array($this, 'muteErrorHandler'));
$info = getimagesize($file);
restore_error_handler();
unlink($file);
if ($info == false) {
return false;
}
$image_code = $info[2];
} else {
trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR);
}
$real_content_type = image_type_to_mime_type($image_code);
if ($real_content_type != $content_type) {
// we're nice guys; if the content type is something else we
// support, change it over
if (empty($this->allowed_types[$real_content_type])) {
return false;
}
$content_type = $real_content_type;
}
// ok, it's kosher, rewrite what we need
$uri->userinfo = null;
$uri->host = null;
$uri->port = null;
$uri->fragment = null;
$uri->query = null;
$uri->path = "$content_type;base64," . base64_encode($raw_data);
return true;
}
/**
* @param int $errno
* @param string $errstr
*/
public function muteErrorHandler($errno, $errstr)
{
}
}
/**
* Validates file as defined by RFC 1630 and RFC 1738.
*/
class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
{
/**
* Generally file:// URLs are not accessible from most
* machines, so placing them as an img src is incorrect.
* @type bool
*/
public $browsable = false;
/**
* Basically the *only* URI scheme for which this is true, since
* accessing files on the local machine is very common. In fact,
* browsers on some operating systems don't understand the
* authority, though I hear it is used on Windows to refer to
* network shares.
* @type bool
*/
public $may_omit_host = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
// Authentication method is not supported
$uri->userinfo = null;
// file:// makes no provisions for accessing the resource
$uri->port = null;
// While it seems to work on Firefox, the querystring has
// no possible effect and is thus stripped.
$uri->query = null;
return true;
}
}
/**
* Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738.
*/
class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme
{
/**
* @type int
*/
public $default_port = 21;
/**
* @type bool
*/
public $browsable = true; // usually
/**
* @type bool
*/
public $hierarchical = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$uri->query = null;
// typecode check
$semicolon_pos = strrpos($uri->path, ';'); // reverse
if ($semicolon_pos !== false) {
$type = substr($uri->path, $semicolon_pos + 1); // no semicolon
$uri->path = substr($uri->path, 0, $semicolon_pos);
$type_ret = '';
if (strpos($type, '=') !== false) {
// figure out whether or not the declaration is correct
list($key, $typecode) = explode('=', $type, 2);
if ($key !== 'type') {
// invalid key, tack it back on encoded
$uri->path .= '%3B' . $type;
} elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') {
$type_ret = ";type=$typecode";
}
} else {
$uri->path .= '%3B' . $type;
}
$uri->path = str_replace(';', '%3B', $uri->path);
$uri->path .= $type_ret;
}
return true;
}
}
/**
* Validates http (HyperText Transfer Protocol) as defined by RFC 2616
*/
class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme
{
/**
* @type int
*/
public $default_port = 80;
/**
* @type bool
*/
public $browsable = true;
/**
* @type bool
*/
public $hierarchical = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$uri->userinfo = null;
return true;
}
}
/**
* Validates https (Secure HTTP) according to http scheme.
*/
class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http
{
/**
* @type int
*/
public $default_port = 443;
/**
* @type bool
*/
public $secure = true;
}
// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
// email is valid, but be careful!
/**
* Validates mailto (for E-mail) according to RFC 2368
* @todo Validate the email address
* @todo Filter allowed query parameters
*/
class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme
{
/**
* @type bool
*/
public $browsable = false;
/**
* @type bool
*/
public $may_omit_host = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$uri->userinfo = null;
$uri->host = null;
$uri->port = null;
// we need to validate path against RFC 2368's addr-spec
return true;
}
}
/**
* Validates news (Usenet) as defined by generic RFC 1738
*/
class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme
{
/**
* @type bool
*/
public $browsable = false;
/**
* @type bool
*/
public $may_omit_host = true;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$uri->userinfo = null;
$uri->host = null;
$uri->port = null;
$uri->query = null;
// typecode check needed on path
return true;
}
}
/**
* Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738
*/
class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme
{
/**
* @type int
*/
public $default_port = 119;
/**
* @type bool
*/
public $browsable = false;
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
$uri->userinfo = null;
$uri->query = null;
return true;
}
}
/**
* Performs safe variable parsing based on types which can be used by
* users. This may not be able to represent all possible data inputs,
* however.
*/
class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
{
/**
* @param mixed $var
* @param int $type
* @param bool $allow_null
* @return array|bool|float|int|mixed|null|string
* @throws HTMLPurifier_VarParserException
*/
protected function parseImplementation($var, $type, $allow_null)
{
if ($allow_null && $var === null) {
return null;
}
switch ($type) {
// Note: if code "breaks" from the switch, it triggers a generic
// exception to be thrown. Specific errors can be specifically
// done here.
case self::MIXED:
case self::ISTRING:
case self::STRING:
case self::TEXT:
case self::ITEXT:
return $var;
case self::INT:
if (is_string($var) && ctype_digit($var)) {
$var = (int)$var;
}
return $var;
case self::FLOAT:
if ((is_string($var) && is_numeric($var)) || is_int($var)) {
$var = (float)$var;
}
return $var;
case self::BOOL:
if (is_int($var) && ($var === 0 || $var === 1)) {
$var = (bool)$var;
} elseif (is_string($var)) {
if ($var == 'on' || $var == 'true' || $var == '1') {
$var = true;
} elseif ($var == 'off' || $var == 'false' || $var == '0') {
$var = false;
} else {
throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
}
}
return $var;
case self::ALIST:
case self::HASH:
case self::LOOKUP:
if (is_string($var)) {
// special case: technically, this is an array with
// a single empty string item, but having an empty
// array is more intuitive
if ($var == '') {
return array();
}
if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
// simplistic string to array method that only works
// for simple lists of tag names or alphanumeric characters
$var = explode(',', $var);
} else {
$var = preg_split('/(,|[\n\r]+)/', $var);
}
// remove spaces
foreach ($var as $i => $j) {
$var[$i] = trim($j);
}
if ($type === self::HASH) {
// key:value,key2:value2
$nvar = array();
foreach ($var as $keypair) {
$c = explode(':', $keypair, 2);
if (!isset($c[1])) {
continue;
}
$nvar[trim($c[0])] = trim($c[1]);
}
$var = $nvar;
}
}
if (!is_array($var)) {
break;
}
$keys = array_keys($var);
if ($keys === array_keys($keys)) {
if ($type == self::ALIST) {
return $var;
} elseif ($type == self::LOOKUP) {
$new = array();
foreach ($var as $key) {
$new[$key] = true;
}
return $new;
} else {
break;
}
}
if ($type === self::ALIST) {
trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING);
return array_values($var);
}
if ($type === self::LOOKUP) {
foreach ($var as $key => $value) {
if ($value !== true) {
trigger_error(
"Lookup array has non-true value at key '$key'; " .
"maybe your input array was not indexed numerically",
E_USER_WARNING
);
}
$var[$key] = true;
}
}
return $var;
default:
$this->errorInconsistent(__CLASS__, $type);
}
$this->errorGeneric($var, $type);
}
}
/**
* This variable parser uses PHP's internal code engine. Because it does
* this, it can represent all inputs; however, it is dangerous and cannot
* be used by users.
*/
class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
{
/**
* @param mixed $var
* @param int $type
* @param bool $allow_null
* @return null|string
*/
protected function parseImplementation($var, $type, $allow_null)
{
return $this->evalExpression($var);
}
/**
* @param string $expr
* @return mixed
* @throws HTMLPurifier_VarParserException
*/
protected function evalExpression($expr)
{
$var = null;
$result = eval("\$var = $expr;");
if ($result === false) {
throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
}
return $var;
}
}
include_once dirname(__FILE__) . '/standalone/HTMLPurifier/Filter/YouTube.php';
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
================================================
directives as $d) {
$schema->add(
$d->id->key,
$d->default,
$d->type,
$d->typeAllowsNull
);
if ($d->allowed !== null) {
$schema->addAllowedValues(
$d->id->key,
$d->allowed
);
}
foreach ($d->aliases as $alias) {
$schema->addAlias(
$alias->key,
$d->id->key
);
}
if ($d->valueAliases !== null) {
$schema->addValueAliases(
$d->id->key,
$d->valueAliases
);
}
}
$schema->postProcess();
return $schema;
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
================================================
startElement('div');
$purifier = HTMLPurifier::getInstance();
$html = $purifier->purify($html);
$this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
$this->writeRaw($html);
$this->endElement(); // div
}
/**
* @param mixed $var
* @return string
*/
protected function export($var)
{
if ($var === array()) {
return 'array()';
}
return var_export($var, true);
}
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
*/
public function build($interchange)
{
// global access, only use as last resort
$this->interchange = $interchange;
$this->setIndent(true);
$this->startDocument('1.0', 'UTF-8');
$this->startElement('configdoc');
$this->writeElement('title', $interchange->name);
foreach ($interchange->directives as $directive) {
$this->buildDirective($directive);
}
if ($this->namespace) {
$this->endElement();
} // namespace
$this->endElement(); // configdoc
$this->flush();
}
/**
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
*/
public function buildDirective($directive)
{
// Kludge, although I suppose having a notion of a "root namespace"
// certainly makes things look nicer when documentation is built.
// Depends on things being sorted.
if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
if ($this->namespace) {
$this->endElement();
} // namespace
$this->namespace = $directive->id->getRootNamespace();
$this->startElement('namespace');
$this->writeAttribute('id', $this->namespace);
$this->writeElement('name', $this->namespace);
}
$this->startElement('directive');
$this->writeAttribute('id', $directive->id->toString());
$this->writeElement('name', $directive->id->getDirective());
$this->startElement('aliases');
foreach ($directive->aliases as $alias) {
$this->writeElement('alias', $alias->toString());
}
$this->endElement(); // aliases
$this->startElement('constraints');
if ($directive->version) {
$this->writeElement('version', $directive->version);
}
$this->startElement('type');
if ($directive->typeAllowsNull) {
$this->writeAttribute('allow-null', 'yes');
}
$this->text($directive->type);
$this->endElement(); // type
if ($directive->allowed) {
$this->startElement('allowed');
foreach ($directive->allowed as $value => $x) {
$this->writeElement('value', $value);
}
$this->endElement(); // allowed
}
$this->writeElement('default', $this->export($directive->default));
$this->writeAttribute('xml:space', 'preserve');
if ($directive->external) {
$this->startElement('external');
foreach ($directive->external as $project) {
$this->writeElement('project', $project);
}
$this->endElement();
}
$this->endElement(); // constraints
if ($directive->deprecatedVersion) {
$this->startElement('deprecated');
$this->writeElement('version', $directive->deprecatedVersion);
$this->writeElement('use', $directive->deprecatedUse->toString());
$this->endElement(); // deprecated
}
$this->startElement('description');
$this->writeHTMLDiv($directive->description);
$this->endElement(); // description
$this->endElement(); // directive
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
================================================
true).
* Null if all values are allowed.
* @type array
*/
public $allowed;
/**
* List of aliases for the directive.
* e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
* @type HTMLPurifier_ConfigSchema_Interchange_Id[]
*/
public $aliases = array();
/**
* Hash of value aliases, e.g. array('alt' => 'real'). Null if value
* aliasing is disabled (necessary for non-scalar types).
* @type array
*/
public $valueAliases;
/**
* Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
* Null if the directive has always existed.
* @type string
*/
public $version;
/**
* ID of directive that supercedes this old directive.
* Null if not deprecated.
* @type HTMLPurifier_ConfigSchema_Interchange_Id
*/
public $deprecatedUse;
/**
* Version of HTML Purifier this directive was deprecated. Null if not
* deprecated.
* @type string
*/
public $deprecatedVersion;
/**
* List of external projects this directive depends on, e.g. array('CSSTidy').
* @type array
*/
public $external = array();
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
================================================
key = $key;
}
/**
* @return string
* @warning This is NOT magic, to ensure that people don't abuse SPL and
* cause problems for PHP 5.0 support.
*/
public function toString()
{
return $this->key;
}
/**
* @return string
*/
public function getRootNamespace()
{
return substr($this->key, 0, strpos($this->key, "."));
}
/**
* @return string
*/
public function getDirective()
{
return substr($this->key, strpos($this->key, ".") + 1);
}
/**
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
public static function make($id)
{
return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
================================================
array(directive info)
* @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
*/
public $directives = array();
/**
* Adds a directive array to $directives
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function addDirective($directive)
{
if (isset($this->directives[$i = $directive->id->toString()])) {
throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
}
$this->directives[$i] = $directive;
}
/**
* Convenience function to perform standard validation. Throws exception
* on failed validation.
*/
public function validate()
{
$validator = new HTMLPurifier_ConfigSchema_Validator();
return $validator->validate($this);
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
================================================
varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
}
/**
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public static function buildFromDirectory($dir = null)
{
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange();
return $builder->buildDir($interchange, $dir);
}
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public function buildDir($interchange, $dir = null)
{
if (!$dir) {
$dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
}
if (file_exists($dir . '/info.ini')) {
$info = parse_ini_file($dir . '/info.ini');
$interchange->name = $info['name'];
}
$files = array();
$dh = opendir($dir);
while (false !== ($file = readdir($dh))) {
if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
continue;
}
$files[] = $file;
}
closedir($dh);
sort($files);
foreach ($files as $file) {
$this->buildFile($interchange, $dir . '/' . $file);
}
return $interchange;
}
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $file
*/
public function buildFile($interchange, $file)
{
$parser = new HTMLPurifier_StringHashParser();
$this->build(
$interchange,
new HTMLPurifier_StringHash($parser->parseFile($file))
);
}
/**
* Builds an interchange object based on a hash.
* @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
* @param HTMLPurifier_StringHash $hash source data
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function build($interchange, $hash)
{
if (!$hash instanceof HTMLPurifier_StringHash) {
$hash = new HTMLPurifier_StringHash($hash);
}
if (!isset($hash['ID'])) {
throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
}
if (strpos($hash['ID'], '.') === false) {
if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
$hash->offsetGet('DESCRIPTION'); // prevent complaining
} else {
throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
}
} else {
$this->buildDirective($interchange, $hash);
}
$this->_findUnused($hash);
}
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param HTMLPurifier_StringHash $hash
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function buildDirective($interchange, $hash)
{
$directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
// These are required elements:
$directive->id = $this->id($hash->offsetGet('ID'));
$id = $directive->id->toString(); // convenience
if (isset($hash['TYPE'])) {
$type = explode('/', $hash->offsetGet('TYPE'));
if (isset($type[1])) {
$directive->typeAllowsNull = true;
}
$directive->type = $type[0];
} else {
throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
}
if (isset($hash['DEFAULT'])) {
try {
$directive->default = $this->varParser->parse(
$hash->offsetGet('DEFAULT'),
$directive->type,
$directive->typeAllowsNull
);
} catch (HTMLPurifier_VarParserException $e) {
throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
}
}
if (isset($hash['DESCRIPTION'])) {
$directive->description = $hash->offsetGet('DESCRIPTION');
}
if (isset($hash['ALLOWED'])) {
$directive->allowed = $this->lookup($this->evalArray($hash->offsetGet('ALLOWED')));
}
if (isset($hash['VALUE-ALIASES'])) {
$directive->valueAliases = $this->evalArray($hash->offsetGet('VALUE-ALIASES'));
}
if (isset($hash['ALIASES'])) {
$raw_aliases = trim($hash->offsetGet('ALIASES'));
$aliases = preg_split('/\s*,\s*/', $raw_aliases);
foreach ($aliases as $alias) {
$directive->aliases[] = $this->id($alias);
}
}
if (isset($hash['VERSION'])) {
$directive->version = $hash->offsetGet('VERSION');
}
if (isset($hash['DEPRECATED-USE'])) {
$directive->deprecatedUse = $this->id($hash->offsetGet('DEPRECATED-USE'));
}
if (isset($hash['DEPRECATED-VERSION'])) {
$directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
}
if (isset($hash['EXTERNAL'])) {
$directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
}
$interchange->addDirective($directive);
}
/**
* Evaluates an array PHP code string without array() wrapper
* @param string $contents
*/
protected function evalArray($contents)
{
return eval('return array(' . $contents . ');');
}
/**
* Converts an array list into a lookup array.
* @param array $array
* @return array
*/
protected function lookup($array)
{
$ret = array();
foreach ($array as $val) {
$ret[$val] = true;
}
return $ret;
}
/**
* Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
* object based on a string Id.
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
protected function id($id)
{
return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
}
/**
* Triggers errors for any unused keys passed in the hash; such keys
* may indicate typos, missing values, etc.
* @param HTMLPurifier_StringHash $hash Hash to check.
*/
protected function _findUnused($hash)
{
$accessed = $hash->getAccessed();
foreach ($hash as $k => $v) {
if (!isset($accessed[$k])) {
trigger_error("String hash key '$k' not used by builder", E_USER_NOTICE);
}
}
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
================================================
parser = new HTMLPurifier_VarParser();
}
/**
* Validates a fully-formed interchange object.
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @return bool
*/
public function validate($interchange)
{
$this->interchange = $interchange;
$this->aliases = array();
// PHP is a bit lax with integer <=> string conversions in
// arrays, so we don't use the identical !== comparison
foreach ($interchange->directives as $i => $directive) {
$id = $directive->id->toString();
if ($i != $id) {
$this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
}
$this->validateDirective($directive);
}
return true;
}
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
* @param HTMLPurifier_ConfigSchema_Interchange_Id $id
*/
public function validateId($id)
{
$id_string = $id->toString();
$this->context[] = "id '$id_string'";
if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
// handled by InterchangeBuilder
$this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
}
// keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
// we probably should check that it has at least one namespace
$this->with($id, 'key')
->assertNotEmpty()
->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
array_pop($this->context);
}
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirective($d)
{
$id = $d->id->toString();
$this->context[] = "directive '$id'";
$this->validateId($d->id);
$this->with($d, 'description')
->assertNotEmpty();
// BEGIN - handled by InterchangeBuilder
$this->with($d, 'type')
->assertNotEmpty();
$this->with($d, 'typeAllowsNull')
->assertIsBool();
try {
// This also tests validity of $d->type
$this->parser->parse($d->default, $d->type, $d->typeAllowsNull);
} catch (HTMLPurifier_VarParserException $e) {
$this->error('default', 'had error: ' . $e->getMessage());
}
// END - handled by InterchangeBuilder
if (!is_null($d->allowed) || !empty($d->valueAliases)) {
// allowed and valueAliases require that we be dealing with
// strings, so check for that early.
$d_int = HTMLPurifier_VarParser::$types[$d->type];
if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
$this->error('type', 'must be a string type when used with allowed or value aliases');
}
}
$this->validateDirectiveAllowed($d);
$this->validateDirectiveValueAliases($d);
$this->validateDirectiveAliases($d);
array_pop($this->context);
}
/**
* Extra validation if $allowed member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveAllowed($d)
{
if (is_null($d->allowed)) {
return;
}
$this->with($d, 'allowed')
->assertNotEmpty()
->assertIsLookup(); // handled by InterchangeBuilder
if (is_string($d->default) && !isset($d->allowed[$d->default])) {
$this->error('default', 'must be an allowed value');
}
$this->context[] = 'allowed';
foreach ($d->allowed as $val => $x) {
if (!is_string($val)) {
$this->error("value $val", 'must be a string');
}
}
array_pop($this->context);
}
/**
* Extra validation if $valueAliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveValueAliases($d)
{
if (is_null($d->valueAliases)) {
return;
}
$this->with($d, 'valueAliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'valueAliases';
foreach ($d->valueAliases as $alias => $real) {
if (!is_string($alias)) {
$this->error("alias $alias", 'must be a string');
}
if (!is_string($real)) {
$this->error("alias target $real from alias '$alias'", 'must be a string');
}
if ($alias === $real) {
$this->error("alias '$alias'", "must not be an alias to itself");
}
}
if (!is_null($d->allowed)) {
foreach ($d->valueAliases as $alias => $real) {
if (isset($d->allowed[$alias])) {
$this->error("alias '$alias'", 'must not be an allowed value');
} elseif (!isset($d->allowed[$real])) {
$this->error("alias '$alias'", 'must be an alias to an allowed value');
}
}
}
array_pop($this->context);
}
/**
* Extra validation if $aliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveAliases($d)
{
$this->with($d, 'aliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'aliases';
foreach ($d->aliases as $alias) {
$this->validateId($alias);
$s = $alias->toString();
if (isset($this->interchange->directives[$s])) {
$this->error("alias '$s'", 'collides with another directive');
}
if (isset($this->aliases[$s])) {
$other_directive = $this->aliases[$s];
$this->error("alias '$s'", "collides with alias for directive '$other_directive'");
}
$this->aliases[$s] = $d->id->toString();
}
array_pop($this->context);
}
// protected helper functions
/**
* Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
* for validating simple member variables of objects.
* @param $obj
* @param $member
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
protected function with($obj, $member)
{
return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
}
/**
* Emits an error, providing helpful context.
* @throws HTMLPurifier_ConfigSchema_Exception
*/
protected function error($target, $msg)
{
if ($target !== false) {
$prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
} else {
$prefix = ucfirst($this->getFormattedContext());
}
throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
}
/**
* Returns a formatted context string.
* @return string
*/
protected function getFormattedContext()
{
return implode(' in ', array_reverse($this->context));
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
================================================
context = $context;
$this->obj = $obj;
$this->member = $member;
$this->contents =& $obj->$member;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsString()
{
if (!is_string($this->contents)) {
$this->error('must be a string');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsBool()
{
if (!is_bool($this->contents)) {
$this->error('must be a boolean');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsArray()
{
if (!is_array($this->contents)) {
$this->error('must be an array');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotNull()
{
if ($this->contents === null) {
$this->error('must not be null');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertAlnum()
{
$this->assertIsString();
if (!ctype_alnum($this->contents)) {
$this->error('must be alphanumeric');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotEmpty()
{
if (empty($this->contents)) {
$this->error('must not be empty');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsLookup()
{
$this->assertIsArray();
foreach ($this->contents as $v) {
if ($v !== true) {
$this->error('must be a lookup array');
}
}
return $this;
}
/**
* @param string $msg
* @throws HTMLPurifier_ConfigSchema_Exception
*/
protected function error($msg)
{
throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
================================================
Attr.AllowedClasses
TYPE: lookup/null
VERSION: 4.0.0
DEFAULT: null
--DESCRIPTION--
List of allowed class values in the class attribute. By default, this is null,
which means all classes are allowed.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
================================================
Attr.AllowedFrameTargets
TYPE: lookup
DEFAULT: array()
--DESCRIPTION--
Lookup table of all allowed link frame targets. Some commonly used link
targets include _blank, _self, _parent and _top. Values should be
lowercase, as validation will be done in a case-sensitive manner despite
W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
so this directive will have no effect in that doctype. XHTML 1.1 does not
enable the Target module by default, you will have to manually enable it
(see the module documentation for more details.)
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
================================================
Attr.AllowedRel
TYPE: lookup
VERSION: 1.6.0
DEFAULT: array()
--DESCRIPTION--
List of allowed forward document relationships in the rel attribute. Common
values may be nofollow or print. By default, this is empty, meaning that no
document relationships are allowed.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
================================================
Attr.AllowedRev
TYPE: lookup
VERSION: 1.6.0
DEFAULT: array()
--DESCRIPTION--
List of allowed reverse document relationships in the rev attribute. This
attribute is a bit of an edge-case; if you don't know what it is for, stay
away.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
================================================
Attr.ClassUseCDATA
TYPE: bool/null
DEFAULT: null
VERSION: 4.0.0
--DESCRIPTION--
If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
it will use a relaxed CDATA definition. If true, the relaxed CDATA definition
is forced; if false, the NMTOKENS definition is forced. To get behavior
of HTML Purifier prior to 4.0.0, set this directive to false.
Some rational behind the auto-detection:
in previous versions of HTML Purifier, it was assumed that the form of
class was NMTOKENS, as specified by the XHTML Modularization (representing
XHTML 1.1 and XHTML 2.0). The DTDs for HTML 4.01 and XHTML 1.0, however
specify class as CDATA. HTML 5 effectively defines it as CDATA, but
with the additional constraint that each name should be unique (this is not
explicitly outlined in previous specifications).
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
================================================
Attr.DefaultImageAlt
TYPE: string/null
DEFAULT: null
VERSION: 3.2.0
--DESCRIPTION--
This is the content of the alt tag of an image if the user had not
previously specified an alt attribute. This applies to all images without
a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which
only applies to invalid images, and overrides in the case of an invalid image.
Default behavior with null is to use the basename of the src tag for the alt.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
================================================
Attr.DefaultInvalidImage
TYPE: string
DEFAULT: ''
--DESCRIPTION--
This is the default image an img tag will be pointed to if it does not have
a valid src attribute. In future versions, we may allow the image tag to
be removed completely, but due to design issues, this is not possible right
now.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
================================================
Attr.DefaultInvalidImageAlt
TYPE: string
DEFAULT: 'Invalid image'
--DESCRIPTION--
This is the content of the alt tag of an invalid image if the user had not
previously specified an alt attribute. It has no effect when the image is
valid but there was no alt attribute present.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
================================================
Attr.DefaultTextDir
TYPE: string
DEFAULT: 'ltr'
--DESCRIPTION--
Defines the default text direction (ltr or rtl) of the document being
parsed. This generally is the same as the value of the dir attribute in
HTML, or ltr if that is not specified.
--ALLOWED--
'ltr', 'rtl'
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
================================================
Attr.EnableID
TYPE: bool
DEFAULT: false
VERSION: 1.2.0
--DESCRIPTION--
Allows the ID attribute in HTML. This is disabled by default due to the
fact that without proper configuration user input can easily break the
validation of a webpage by specifying an ID that is already on the
surrounding HTML. If you don't mind throwing caution to the wind, enable
this directive, but I strongly recommend you also consider blacklisting IDs
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
pre-1.2.0 versions.
--ALIASES--
HTML.EnableAttrID
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
================================================
Attr.ForbiddenClasses
TYPE: lookup
VERSION: 4.0.0
DEFAULT: array()
--DESCRIPTION--
List of forbidden class values in the class attribute. By default, this is
empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
================================================
Attr.IDBlacklist
TYPE: list
DEFAULT: array()
DESCRIPTION: Array of IDs not allowed in the document.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
================================================
Attr.IDBlacklistRegexp
TYPE: string/null
VERSION: 1.6.0
DEFAULT: NULL
--DESCRIPTION--
PCRE regular expression to be matched against all IDs. If the expression is
matches, the ID is rejected. Use this with care: may cause significant
degradation. ID matching is done after all other validation.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
================================================
Attr.IDPrefix
TYPE: string
VERSION: 1.2.0
DEFAULT: ''
--DESCRIPTION--
String to prefix to IDs. If you have no idea what IDs your pages may use,
you may opt to simply add a prefix to all user-submitted ID attributes so
that they are still usable, but will not conflict with core page IDs.
Example: setting the directive to 'user_' will result in a user submitted
'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
before using this.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
================================================
Attr.IDPrefixLocal
TYPE: string
VERSION: 1.2.0
DEFAULT: ''
--DESCRIPTION--
Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you
need to allow multiple sets of user content on web page, you may need to
have a seperate prefix that changes with each iteration. This way,
seperately submitted user content displayed on the same page doesn't
clobber each other. Ideal values are unique identifiers for the content it
represents (i.e. the id of the row in the database). Be sure to add a
seperator (like an underscore) at the end. Warning: this directive will
not work unless %Attr.IDPrefix is set to a non-empty value!
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
================================================
AutoFormat.AutoParagraph
TYPE: bool
VERSION: 2.0.1
DEFAULT: false
--DESCRIPTION--
This directive turns on auto-paragraphing, where double newlines are
converted in to paragraphs whenever possible. Auto-paragraphing:
- Always applies to inline elements or text in the root node,
- Applies to inline elements or text with double newlines in nodes
that allow paragraph tags,
- Applies to double newlines in paragraph tags
p tags must be allowed for this directive to take effect.
We do not use br tags for paragraphing, as that is
semantically incorrect.
To prevent auto-paragraphing as a content-producer, refrain from using
double-newlines except to specify a new paragraph or in contexts where
it has special meaning (whitespace usually has no meaning except in
tags like pre, so this should not be difficult.) To prevent
the paragraphing of inline text adjacent to block elements, wrap them
in div tags (the behavior is slightly different outside of
the root node.)
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
================================================
AutoFormat.Custom
TYPE: list
VERSION: 2.0.1
DEFAULT: array()
--DESCRIPTION--
This directive can be used to add custom auto-format injectors.
Specify an array of injector names (class name minus the prefix)
or concrete implementations. Injector class must exist.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
================================================
AutoFormat.DisplayLinkURI
TYPE: bool
VERSION: 3.2.0
DEFAULT: false
--DESCRIPTION--
This directive turns on the in-text display of URIs in <a> tags, and disables
those links. For example, example becomes
example (http://example.com).
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
================================================
AutoFormat.Linkify
TYPE: bool
VERSION: 2.0.1
DEFAULT: false
--DESCRIPTION--
This directive turns on linkification, auto-linking http, ftp and
https URLs. a tags with the href attribute
must be allowed.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
================================================
AutoFormat.PurifierLinkify.DocURL
TYPE: string
VERSION: 2.0.1
DEFAULT: '#%s'
ALIASES: AutoFormatParam.PurifierLinkifyDocURL
--DESCRIPTION--
Location of configuration documentation to link to, let %s substitute
into the configuration's namespace and directive names sans the percent
sign.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
================================================
AutoFormat.PurifierLinkify
TYPE: bool
VERSION: 2.0.1
DEFAULT: false
--DESCRIPTION--
Internal auto-formatter that converts configuration directives in
syntax %Namespace.Directive to links. a tags
with the href attribute must be allowed.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
================================================
AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
TYPE: lookup
VERSION: 4.0.0
DEFAULT: array('td' => true, 'th' => true)
--DESCRIPTION--
When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
are enabled, this directive defines what HTML elements should not be
removede if they have only a non-breaking space in them.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
================================================
AutoFormat.RemoveEmpty.RemoveNbsp
TYPE: bool
VERSION: 4.0.0
DEFAULT: false
--DESCRIPTION--
When enabled, HTML Purifier will treat any elements that contain only
non-breaking spaces as well as regular whitespace as empty, and remove
them when %AutoForamt.RemoveEmpty is enabled.
See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements
that don't have this behavior applied to them.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
================================================
AutoFormat.RemoveEmpty
TYPE: bool
VERSION: 3.2.0
DEFAULT: false
--DESCRIPTION--
When enabled, HTML Purifier will attempt to remove empty elements that
contribute no semantic information to the document. The following types
of nodes will be removed:
-
Tags with no attributes and no content, and that are not empty
elements (remove
<a></a> but not
<br />), and
-
Tags with no content, except for:
- The
colgroup element, or
-
Elements with the
id or name attribute,
when those attributes are permitted on those elements.
Please be very careful when using this functionality; while it may not
seem that empty elements contain useful information, they can alter the
layout of a document given appropriate styling. This directive is most
useful when you are processing machine-generated HTML, please avoid using
it on regular user HTML.
Elements that contain only whitespace will be treated as empty. Non-breaking
spaces, however, do not count as whitespace. See
%AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
This algorithm is not perfect; you may still notice some empty tags,
particularly if a node had elements, but those elements were later removed
because they were not permitted in that context, or tags that, after
being auto-closed by another tag, where empty. This is for safety reasons
to prevent clever code from breaking validation. The general rule of thumb:
if a tag looked empty on the way in, it will get removed; if HTML Purifier
made it empty, it will stay.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
================================================
AutoFormat.RemoveSpansWithoutAttributes
TYPE: bool
VERSION: 4.0.1
DEFAULT: false
--DESCRIPTION--
This directive causes span tags without any attributes
to be removed. It will also remove spans that had all attributes
removed during processing.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
================================================
CSS.AllowImportant
TYPE: bool
DEFAULT: false
VERSION: 3.1.0
--DESCRIPTION--
This parameter determines whether or not !important cascade modifiers should
be allowed in user CSS. If false, !important will stripped.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
================================================
CSS.AllowTricky
TYPE: bool
DEFAULT: false
VERSION: 3.1.0
--DESCRIPTION--
This parameter determines whether or not to allow "tricky" CSS properties and
values. Tricky CSS properties/values can drastically modify page layout or
be used for deceptive practices but do not directly constitute a security risk.
For example, display:none; is considered a tricky property that
will only be allowed if this directive is set to true.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
================================================
CSS.AllowedFonts
TYPE: lookup/null
VERSION: 4.3.0
DEFAULT: NULL
--DESCRIPTION--
Allows you to manually specify a set of allowed fonts. If
NULL, all fonts are allowed. This directive
affects generic names (serif, sans-serif, monospace, cursive,
fantasy) as well as specific font families.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
================================================
CSS.AllowedProperties
TYPE: lookup/null
VERSION: 3.1.0
DEFAULT: NULL
--DESCRIPTION--
If HTML Purifier's style attributes set is unsatisfactory for your needs,
you can overload it with your own list of tags to allow. Note that this
method is subtractive: it does its job by taking away from HTML Purifier
usual feature set, so you cannot add an attribute that HTML Purifier never
supported in the first place.
Warning: If another directive conflicts with the
elements here, that directive will win and override.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
================================================
CSS.DefinitionRev
TYPE: int
VERSION: 2.0.0
DEFAULT: 1
--DESCRIPTION--
Revision identifier for your custom definition. See
%HTML.DefinitionRev for details.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
================================================
CSS.ForbiddenProperties
TYPE: lookup
VERSION: 4.2.0
DEFAULT: array()
--DESCRIPTION--
This is the logical inverse of %CSS.AllowedProperties, and it will
override that directive or any other directive. If possible,
%CSS.AllowedProperties is recommended over this directive,
because it can sometimes be difficult to tell whether or not you've
forbidden all of the CSS properties you truly would like to disallow.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
================================================
CSS.MaxImgLength
TYPE: string/null
DEFAULT: '1200px'
VERSION: 3.1.1
--DESCRIPTION--
This parameter sets the maximum allowed length on img tags,
effectively the width and height properties.
Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
in place to prevent imagecrash attacks, disable with null at your own risk.
This directive is similar to %HTML.MaxImgLength, and both should be
concurrently edited, although there are
subtle differences in the input format (the CSS max is a number with
a unit).
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
================================================
CSS.Proprietary
TYPE: bool
VERSION: 3.0.0
DEFAULT: false
--DESCRIPTION--
Whether or not to allow safe, proprietary CSS values.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
================================================
CSS.Trusted
TYPE: bool
VERSION: 4.2.1
DEFAULT: false
--DESCRIPTION--
Indicates whether or not the user's CSS input is trusted or not. If the
input is trusted, a more expansive set of allowed properties. See
also %HTML.Trusted.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
================================================
Cache.DefinitionImpl
TYPE: string/null
VERSION: 2.0.0
DEFAULT: 'Serializer'
--DESCRIPTION--
This directive defines which method to use when caching definitions,
the complex data-type that makes HTML Purifier tick. Set to null
to disable caching (not recommended, as you will see a definite
performance degradation).
--ALIASES--
Core.DefinitionCache
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
================================================
Cache.SerializerPath
TYPE: string/null
VERSION: 2.0.0
DEFAULT: NULL
--DESCRIPTION--
Absolute path with no trailing slash to store serialized definitions in.
Default is within the
HTML Purifier library inside DefinitionCache/Serializer. This
path must be writable by the webserver.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
================================================
Cache.SerializerPermissions
TYPE: int
VERSION: 4.3.0
DEFAULT: 0755
--DESCRIPTION--
Directory permissions of the files and directories created inside
the DefinitionCache/Serializer or other custom serializer path.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
================================================
Core.AggressivelyFixLt
TYPE: bool
VERSION: 2.1.0
DEFAULT: true
--DESCRIPTION--
This directive enables aggressive pre-filter fixes HTML Purifier can
perform in order to ensure that open angled-brackets do not get killed
during parsing stage. Enabling this will result in two preg_replace_callback
calls and at least two preg_replace calls for every HTML document parsed;
if your users make very well-formed HTML, you can set this directive false.
This has no effect when DirectLex is used.
Notice: This directive's default turned from false to true
in HTML Purifier 3.2.0.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
================================================
Core.AllowHostnameUnderscore
TYPE: bool
VERSION: 4.6.0
DEFAULT: false
--DESCRIPTION--
By RFC 1123, underscores are not permitted in host names.
(This is in contrast to the specification for DNS, RFC
2181, which allows underscores.)
However, most browsers do the right thing when faced with
an underscore in the host name, and so some poorly written
websites are written with the expectation this should work.
Setting this parameter to true relaxes our allowed character
check so that underscores are permitted.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
================================================
Core.CollectErrors
TYPE: bool
VERSION: 2.0.0
DEFAULT: false
--DESCRIPTION--
Whether or not to collect errors found while filtering the document. This
is a useful way to give feedback to your users. Warning:
Currently this feature is very patchy and experimental, with lots of
possible error messages not yet implemented. It will not cause any
problems, but it may not help your users either.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
================================================
Core.ColorKeywords
TYPE: hash
VERSION: 2.0.0
--DEFAULT--
array (
'maroon' => '#800000',
'red' => '#FF0000',
'orange' => '#FFA500',
'yellow' => '#FFFF00',
'olive' => '#808000',
'purple' => '#800080',
'fuchsia' => '#FF00FF',
'white' => '#FFFFFF',
'lime' => '#00FF00',
'green' => '#008000',
'navy' => '#000080',
'blue' => '#0000FF',
'aqua' => '#00FFFF',
'teal' => '#008080',
'black' => '#000000',
'silver' => '#C0C0C0',
'gray' => '#808080',
)
--DESCRIPTION--
Lookup array of color names to six digit hexadecimal number corresponding
to color, with preceding hash mark. Used when parsing colors. The lookup
is done in a case-insensitive manner.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
================================================
Core.ConvertDocumentToFragment
TYPE: bool
DEFAULT: true
--DESCRIPTION--
This parameter determines whether or not the filter should convert
input that is a full document with html and body tags to a fragment
of just the contents of a body tag. This parameter is simply something
HTML Purifier can do during an edge-case: for most inputs, this
processing is not necessary.
--ALIASES--
Core.AcceptFullDocuments
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
================================================
Core.DirectLexLineNumberSyncInterval
TYPE: int
VERSION: 2.0.0
DEFAULT: 0
--DESCRIPTION--
Specifies the number of tokens the DirectLex line number tracking
implementations should process before attempting to resyncronize the
current line count by manually counting all previous new-lines. When
at 0, this functionality is disabled. Lower values will decrease
performance, and this is only strictly necessary if the counting
algorithm is buggy (in which case you should report it as a bug).
This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
not being used.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
================================================
Core.DisableExcludes
TYPE: bool
DEFAULT: false
VERSION: 4.5.0
--DESCRIPTION--
This directive disables SGML-style exclusions, e.g. the exclusion of
<object> in any descendant of a
<pre> tag. Disabling excludes will allow some
invalid documents to pass through HTML Purifier, but HTML Purifier
will also be less likely to accidentally remove large documents during
processing.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
================================================
Core.EnableIDNA
TYPE: bool
DEFAULT: false
VERSION: 4.4.0
--DESCRIPTION--
Allows international domain names in URLs. This configuration option
requires the PEAR Net_IDNA2 module to be installed. It operates by
punycoding any internationalized host names for maximum portability.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
================================================
Core.Encoding
TYPE: istring
DEFAULT: 'utf-8'
--DESCRIPTION--
If for some reason you are unable to convert all webpages to UTF-8, you can
use this directive as a stop-gap compatibility change to let HTML Purifier
deal with non UTF-8 input. This technique has notable deficiencies:
absolutely no characters outside of the selected character encoding will be
preserved, not even the ones that have been ampersand escaped (this is due
to a UTF-8 specific feature that automatically resolves all
entities), making it pretty useless for anything except the most I18N-blind
applications, although %Core.EscapeNonASCIICharacters offers fixes this
trouble with another tradeoff. This directive only accepts ISO-8859-1 if
iconv is not enabled.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
================================================
Core.EscapeInvalidChildren
TYPE: bool
DEFAULT: false
--DESCRIPTION--
Warning: this configuration option is no longer does anything as of 4.6.0.
When true, a child is found that is not allowed in the context of the
parent element will be transformed into text as if it were ASCII. When
false, that element and all internal tags will be dropped, though text will
be preserved. There is no option for dropping the element but preserving
child nodes.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
================================================
Core.EscapeInvalidTags
TYPE: bool
DEFAULT: false
--DESCRIPTION--
When true, invalid tags will be written back to the document as plain text.
Otherwise, they are silently dropped.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
================================================
Core.EscapeNonASCIICharacters
TYPE: bool
VERSION: 1.4.0
DEFAULT: false
--DESCRIPTION--
This directive overcomes a deficiency in %Core.Encoding by blindly
converting all non-ASCII characters into decimal numeric entities before
converting it to its native encoding. This means that even characters that
can be expressed in the non-UTF-8 encoding will be entity-ized, which can
be a real downer for encodings like Big5. It also assumes that the ASCII
repetoire is available, although this is the case for almost all encodings.
Anyway, use UTF-8!
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
================================================
Core.HiddenElements
TYPE: lookup
--DEFAULT--
array (
'script' => true,
'style' => true,
)
--DESCRIPTION--
This directive is a lookup array of elements which should have their
contents removed when they are not allowed by the HTML definition.
For example, the contents of a script tag are not
normally shown in a document, so if script tags are to be removed,
their contents should be removed to. This is opposed to a b
tag, which defines some presentational changes but does not hide its
contents.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
================================================
Core.Language
TYPE: string
VERSION: 2.0.0
DEFAULT: 'en'
--DESCRIPTION--
ISO 639 language code for localizable things in HTML Purifier to use,
which is mainly error reporting. There is currently only an English (en)
translation, so this directive is currently useless.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
================================================
Core.LexerImpl
TYPE: mixed/null
VERSION: 2.0.0
DEFAULT: NULL
--DESCRIPTION--
This parameter determines what lexer implementation can be used. The
valid values are:
- null
-
Recommended, the lexer implementation will be auto-detected based on
your PHP-version and configuration.
- string lexer identifier
-
This is a slim way of manually overridding the implementation.
Currently recognized values are: DOMLex (the default PHP5
implementation)
and DirectLex (the default PHP4 implementation). Only use this if
you know what you are doing: usually, the auto-detection will
manage things for cases you aren't even aware of.
- object lexer instance
-
Super-advanced: you can specify your own, custom, implementation that
implements the interface defined by
HTMLPurifier_Lexer.
I may remove this option simply because I don't expect anyone
to use it.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
================================================
Core.MaintainLineNumbers
TYPE: bool/null
VERSION: 2.0.0
DEFAULT: NULL
--DESCRIPTION--
If true, HTML Purifier will add line number information to all tokens.
This is useful when error reporting is turned on, but can result in
significant performance degradation and should not be used when
unnecessary. This directive must be used with the DirectLex lexer,
as the DOMLex lexer does not (yet) support this functionality.
If the value is null, an appropriate value will be selected based
on other configuration.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
================================================
Core.NormalizeNewlines
TYPE: bool
VERSION: 4.2.0
DEFAULT: true
--DESCRIPTION--
Whether or not to normalize newlines to the operating
system default. When false, HTML Purifier
will attempt to preserve mixed newline files.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
================================================
Core.RemoveInvalidImg
TYPE: bool
DEFAULT: true
VERSION: 1.3.0
--DESCRIPTION--
This directive enables pre-emptive URI checking in img
tags, as the attribute validation strategy is not authorized to
remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
================================================
Core.RemoveProcessingInstructions
TYPE: bool
VERSION: 4.2.0
DEFAULT: false
--DESCRIPTION--
Instead of escaping processing instructions in the form <? ...
?>, remove it out-right. This may be useful if the HTML
you are validating contains XML processing instruction gunk, however,
it can also be user-unfriendly for people attempting to post PHP
snippets.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
================================================
Core.RemoveScriptContents
TYPE: bool/null
DEFAULT: NULL
VERSION: 2.0.0
DEPRECATED-VERSION: 2.1.0
DEPRECATED-USE: Core.HiddenElements
--DESCRIPTION--
This directive enables HTML Purifier to remove not only script tags
but all of their contents.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
================================================
Filter.Custom
TYPE: list
VERSION: 3.1.0
DEFAULT: array()
--DESCRIPTION--
This directive can be used to add custom filters; it is nearly the
equivalent of the now deprecated HTMLPurifier->addFilter()
method. Specify an array of concrete implementations.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
================================================
Filter.ExtractStyleBlocks.Escaping
TYPE: bool
VERSION: 3.0.0
DEFAULT: true
ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
--DESCRIPTION--
Whether or not to escape the dangerous characters <, > and &
as \3C, \3E and \26, respectively. This is can be safely set to false
if the contents of StyleBlocks will be placed in an external stylesheet,
where there is no risk of it being interpreted as HTML.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
================================================
Filter.ExtractStyleBlocks.Scope
TYPE: string/null
VERSION: 3.0.0
DEFAULT: NULL
ALIASES: Filter.ExtractStyleBlocksScope, FilterParam.ExtractStyleBlocksScope
--DESCRIPTION--
If you would like users to be able to define external stylesheets, but
only allow them to specify CSS declarations for a specific node and
prevent them from fiddling with other elements, use this directive.
It accepts any valid CSS selector, and will prepend this to any
CSS declaration extracted from the document. For example, if this
directive is set to #user-content and a user uses the
selector a:hover, the final selector will be
#user-content a:hover.
The comma shorthand may be used; consider the above example, with
#user-content, #user-content2, the final selector will
be #user-content a:hover, #user-content2 a:hover.
Warning: It is possible for users to bypass this measure
using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
Purifier, and I am working to get it fixed. Until then, HTML Purifier
performs a basic check to prevent this.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
================================================
Filter.ExtractStyleBlocks.TidyImpl
TYPE: mixed/null
VERSION: 3.1.0
DEFAULT: NULL
ALIASES: FilterParam.ExtractStyleBlocksTidyImpl
--DESCRIPTION--
If left NULL, HTML Purifier will attempt to instantiate a csstidy
class to use for internal cleaning. This will usually be good enough.
However, for trusted user input, you can set this to false to
disable cleaning. In addition, you can supply your own concrete implementation
of Tidy's interface to use, although I don't know why you'd want to do that.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
================================================
Filter.ExtractStyleBlocks
TYPE: bool
VERSION: 3.1.0
DEFAULT: false
EXTERNAL: CSSTidy
--DESCRIPTION--
This directive turns on the style block extraction filter, which removes
style blocks from input HTML, cleans them up with CSSTidy,
and places them in the StyleBlocks context variable, for further
use by you, usually to be placed in an external stylesheet, or a
style block in the head of your document.
Sample usage:
';
?>
Filter.ExtractStyleBlocks
body {color:#F00;} Some text';
$config = HTMLPurifier_Config::createDefault();
$config->set('Filter', 'ExtractStyleBlocks', true);
$purifier = new HTMLPurifier($config);
$html = $purifier->purify($dirty);
// This implementation writes the stylesheets to the styles/ directory.
// You can also echo the styles inside the document, but it's a bit
// more difficult to make sure they get interpreted properly by
// browsers; try the usual CSS armoring techniques.
$styles = $purifier->context->get('StyleBlocks');
$dir = 'styles/';
if (!is_dir($dir)) mkdir($dir);
$hash = sha1($_GET['html']);
foreach ($styles as $i => $style) {
file_put_contents($name = $dir . $hash . "_$i");
echo '';
}
?>
]]>
Warning: It is possible for a user to mount an
imagecrash attack using this CSS. Counter-measures are difficult;
it is not simply enough to limit the range of CSS lengths (using
relative lengths with many nesting levels allows for large values
to be attained without actually specifying them in the stylesheet),
and the flexible nature of selectors makes it difficult to selectively
disable lengths on image tags (HTML Purifier, however, does disable
CSS width and height in inline styling). There are probably two effective
counter measures: an explicit width and height set to auto in all
images in your document (unlikely) or the disabling of width and
height (somewhat reasonable). Whether or not these measures should be
used is left to the reader.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
================================================
Filter.YouTube
TYPE: bool
VERSION: 3.1.0
DEFAULT: false
--DESCRIPTION--
Warning: Deprecated in favor of %HTML.SafeObject and
%Output.FlashCompat (turn both on to allow YouTube videos and other
Flash content).
This directive enables YouTube video embedding in HTML Purifier. Check
this document
on embedding videos for more information on what this filter does.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
================================================
HTML.Allowed
TYPE: itext/null
VERSION: 2.0.0
DEFAULT: NULL
--DESCRIPTION--
This is a preferred convenience directive that combines
%HTML.AllowedElements and %HTML.AllowedAttributes.
Specify elements and attributes that are allowed using:
element1[attr1|attr2],element2.... For example,
if you would like to only allow paragraphs and links, specify
a[href],p. You can specify attributes that apply
to all elements using an asterisk, e.g. *[lang].
You can also use newlines instead of commas to separate elements.
Warning:
All of the constraints on the component directives are still enforced.
The syntax is a subset of TinyMCE's valid_elements
whitelist: directly copy-pasting it here will probably result in
broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
are set, this directive has no effect.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
================================================
HTML.AllowedAttributes
TYPE: lookup/null
VERSION: 1.3.0
DEFAULT: NULL
--DESCRIPTION--
If HTML Purifier's attribute set is unsatisfactory, overload it!
The syntax is "tag.attr" or "*.attr" for the global attributes
(style, id, class, dir, lang, xml:lang).
Warning: If another directive conflicts with the
elements here, that directive will win and override. For
example, %HTML.EnableAttrID will take precedence over *.id in this
directive. You must set that directive to true before you can use
IDs at all.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
================================================
HTML.AllowedComments
TYPE: lookup
VERSION: 4.4.0
DEFAULT: array()
--DESCRIPTION--
A whitelist which indicates what explicit comment bodies should be
allowed, modulo leading and trailing whitespace. See also %HTML.AllowedCommentsRegexp
(these directives are union'ed together, so a comment is considered
valid if any directive deems it valid.)
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
================================================
HTML.AllowedCommentsRegexp
TYPE: string/null
VERSION: 4.4.0
DEFAULT: NULL
--DESCRIPTION--
A regexp, which if it matches the body of a comment, indicates that
it should be allowed. Trailing and leading spaces are removed prior
to running this regular expression.
Warning: Make sure you specify
correct anchor metacharacters ^regex$, otherwise you may accept
comments that you did not mean to! In particular, the regex /foo|bar/
is probably not sufficiently strict, since it also allows foobar.
See also %HTML.AllowedComments (these directives are union'ed together,
so a comment is considered valid if any directive deems it valid.)
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
================================================
HTML.AllowedElements
TYPE: lookup/null
VERSION: 1.3.0
DEFAULT: NULL
--DESCRIPTION--
If HTML Purifier's tag set is unsatisfactory for your needs, you can
overload it with your own list of tags to allow. If you change
this, you probably also want to change %HTML.AllowedAttributes; see
also %HTML.Allowed which lets you set allowed elements and
attributes at the same time.
If you attempt to allow an element that HTML Purifier does not know
about, HTML Purifier will raise an error. You will need to manually
tell HTML Purifier about this element by using the
advanced customization features.
Warning: If another directive conflicts with the
elements here, that directive will win and override.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
================================================
HTML.AllowedModules
TYPE: lookup/null
VERSION: 2.0.0
DEFAULT: NULL
--DESCRIPTION--
A doctype comes with a set of usual modules to use. Without having
to mucking about with the doctypes, you can quickly activate or
disable these modules by specifying which modules you wish to allow
with this directive. This is most useful for unit testing specific
modules, although end users may find it useful for their own ends.
If you specify a module that does not exist, the manager will silently
fail to use it, so be careful! User-defined modules are not affected
by this directive. Modules defined in %HTML.CoreModules are not
affected by this directive.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
================================================
HTML.Attr.Name.UseCDATA
TYPE: bool
DEFAULT: false
VERSION: 4.0.0
--DESCRIPTION--
The W3C specification DTD defines the name attribute to be CDATA, not ID, due
to limitations of DTD. In certain documents, this relaxed behavior is desired,
whether it is to specify duplicate names, or to specify names that would be
illegal IDs (for example, names that begin with a digit.) Set this configuration
directive to true to use the relaxed parsing rules.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
================================================
HTML.BlockWrapper
TYPE: string
VERSION: 1.3.0
DEFAULT: 'p'
--DESCRIPTION--
String name of element to wrap inline elements that are inside a block
context. This only occurs in the children of blockquote in strict mode.
Example: by default value,
<blockquote>Foo</blockquote> would become
<blockquote><p>Foo</p></blockquote>.
The <p> tags can be replaced with whatever you desire,
as long as it is a block level element.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
================================================
HTML.CoreModules
TYPE: lookup
VERSION: 2.0.0
--DEFAULT--
array (
'Structure' => true,
'Text' => true,
'Hypertext' => true,
'List' => true,
'NonXMLCommonAttributes' => true,
'XMLCommonAttributes' => true,
'CommonAttributes' => true,
)
--DESCRIPTION--
Certain modularized doctypes (XHTML, namely), have certain modules
that must be included for the doctype to be an conforming document
type: put those modules here. By default, XHTML's core modules
are used. You can set this to a blank array to disable core module
protection, but this is not recommended.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
================================================
HTML.CustomDoctype
TYPE: string/null
VERSION: 2.0.1
DEFAULT: NULL
--DESCRIPTION--
A custom doctype for power-users who defined there own document
type. This directive only applies when %HTML.Doctype is blank.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
================================================
HTML.DefinitionID
TYPE: string/null
DEFAULT: NULL
VERSION: 2.0.0
--DESCRIPTION--
Unique identifier for a custom-built HTML definition. If you edit
the raw version of the HTMLDefinition, introducing changes that the
configuration object does not reflect, you must specify this variable.
If you change your custom edits, you should change this directive, or
clear your cache. Example:
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'DefinitionID', '1');
$def = $config->getHTMLDefinition();
$def->addAttribute('a', 'tabindex', 'Number');
In the above example, the configuration is still at the defaults, but
using the advanced API, an extra attribute has been added. The
configuration object normally has no way of knowing that this change
has taken place, so it needs an extra directive: %HTML.DefinitionID.
If someone else attempts to use the default configuration, these two
pieces of code will not clobber each other in the cache, since one has
an extra directive attached to it.
You must specify a value to this directive to use the
advanced API features.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
================================================
HTML.DefinitionRev
TYPE: int
VERSION: 2.0.0
DEFAULT: 1
--DESCRIPTION--
Revision identifier for your custom definition specified in
%HTML.DefinitionID. This serves the same purpose: uniquely identifying
your custom definition, but this one does so in a chronological
context: revision 3 is more up-to-date then revision 2. Thus, when
this gets incremented, the cache handling is smart enough to clean
up any older revisions of your definition as well as flush the
cache.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
================================================
HTML.Doctype
TYPE: string/null
DEFAULT: NULL
--DESCRIPTION--
Doctype to use during filtering. Technically speaking this is not actually
a doctype (as it does not identify a corresponding DTD), but we are using
this name for sake of simplicity. When non-blank, this will override any
older directives like %HTML.XHTML or %HTML.Strict.
--ALLOWED--
'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
================================================
HTML.FlashAllowFullScreen
TYPE: bool
VERSION: 4.2.0
DEFAULT: false
--DESCRIPTION--
Whether or not to permit embedded Flash content from
%HTML.SafeObject to expand to the full screen. Corresponds to
the allowFullScreen parameter.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
================================================
HTML.ForbiddenAttributes
TYPE: lookup
VERSION: 3.1.0
DEFAULT: array()
--DESCRIPTION--
While this directive is similar to %HTML.AllowedAttributes, for
forwards-compatibility with XML, this attribute has a different syntax. Instead of
tag.attr, use tag@attr. To disallow href
attributes in a tags, set this directive to
a@href. You can also disallow an attribute globally with
attr or *@attr (either syntax is fine; the latter
is provided for consistency with %HTML.AllowedAttributes).
Warning: This directive complements %HTML.ForbiddenElements,
accordingly, check
out that directive for a discussion of why you
should think twice before using this directive.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
================================================
HTML.ForbiddenElements
TYPE: lookup
VERSION: 3.1.0
DEFAULT: array()
--DESCRIPTION--
This was, perhaps, the most requested feature ever in HTML
Purifier. Please don't abuse it! This is the logical inverse of
%HTML.AllowedElements, and it will override that directive, or any
other directive.
If possible, %HTML.Allowed is recommended over this directive, because it
can sometimes be difficult to tell whether or not you've forbidden all of
the behavior you would like to disallow. If you forbid img
with the expectation of preventing images on your site, you'll be in for
a nasty surprise when people start using the background-image
CSS property.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
================================================
HTML.MaxImgLength
TYPE: int/null
DEFAULT: 1200
VERSION: 3.1.1
--DESCRIPTION--
This directive controls the maximum number of pixels in the width and
height attributes in img tags. This is
in place to prevent imagecrash attacks, disable with null at your own risk.
This directive is similar to %CSS.MaxImgLength, and both should be
concurrently edited, although there are
subtle differences in the input format (the HTML max is an integer).
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
================================================
HTML.Nofollow
TYPE: bool
VERSION: 4.3.0
DEFAULT: FALSE
--DESCRIPTION--
If enabled, nofollow rel attributes are added to all outgoing links.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
================================================
HTML.Parent
TYPE: string
VERSION: 1.3.0
DEFAULT: 'div'
--DESCRIPTION--
String name of element that HTML fragment passed to library will be
inserted in. An interesting variation would be using span as the
parent element, meaning that only inline tags would be allowed.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
================================================
HTML.Proprietary
TYPE: bool
VERSION: 3.1.0
DEFAULT: false
--DESCRIPTION--
Whether or not to allow proprietary elements and attributes in your
documents, as per HTMLPurifier_HTMLModule_Proprietary.
Warning: This can cause your documents to stop
validating!
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
================================================
HTML.SafeEmbed
TYPE: bool
VERSION: 3.1.1
DEFAULT: false
--DESCRIPTION--
Whether or not to permit embed tags in documents, with a number of extra
security features added to prevent script execution. This is similar to
what websites like MySpace do to embed tags. Embed is a proprietary
element and will cause your website to stop validating; you should
see if you can use %Output.FlashCompat with %HTML.SafeObject instead
first.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
================================================
HTML.SafeIframe
TYPE: bool
VERSION: 4.4.0
DEFAULT: false
--DESCRIPTION--
Whether or not to permit iframe tags in untrusted documents. This
directive must be accompanied by a whitelist of permitted iframes,
such as %URI.SafeIframeRegexp, otherwise it will fatally error.
This directive has no effect on strict doctypes, as iframes are not
valid.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
================================================
HTML.SafeObject
TYPE: bool
VERSION: 3.1.1
DEFAULT: false
--DESCRIPTION--
Whether or not to permit object tags in documents, with a number of extra
security features added to prevent script execution. This is similar to
what websites like MySpace do to object tags. You should also enable
%Output.FlashCompat in order to generate Internet Explorer
compatibility code for your object tags.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
================================================
HTML.SafeScripting
TYPE: lookup
VERSION: 4.5.0
DEFAULT: array()
--DESCRIPTION--
Whether or not to permit script tags to external scripts in documents.
Inline scripting is not allowed, and the script must match an explicit whitelist.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
================================================
HTML.Strict
TYPE: bool
VERSION: 1.3.0
DEFAULT: false
DEPRECATED-VERSION: 1.7.0
DEPRECATED-USE: HTML.Doctype
--DESCRIPTION--
Determines whether or not to use Transitional (loose) or Strict rulesets.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
================================================
HTML.TargetBlank
TYPE: bool
VERSION: 4.4.0
DEFAULT: FALSE
--DESCRIPTION--
If enabled, target=blank attributes are added to all outgoing links.
(This includes links from an HTTPS version of a page to an HTTP version.)
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
================================================
HTML.TidyAdd
TYPE: lookup
VERSION: 2.0.0
DEFAULT: array()
--DESCRIPTION--
Fixes to add to the default set of Tidy fixes as per your level.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
================================================
HTML.TidyLevel
TYPE: string
VERSION: 2.0.0
DEFAULT: 'medium'
--DESCRIPTION--
General level of cleanliness the Tidy module should enforce.
There are four allowed values:
- none
- No extra tidying should be done
- light
- Only fix elements that would be discarded otherwise due to
lack of support in doctype
- medium
- Enforce best practices
- heavy
- Transform all deprecated elements and attributes to standards
compliant equivalents
--ALLOWED--
'none', 'light', 'medium', 'heavy'
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
================================================
HTML.TidyRemove
TYPE: lookup
VERSION: 2.0.0
DEFAULT: array()
--DESCRIPTION--
Fixes to remove from the default set of Tidy fixes as per your level.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
================================================
HTML.Trusted
TYPE: bool
VERSION: 2.0.0
DEFAULT: false
--DESCRIPTION--
Indicates whether or not the user input is trusted or not. If the input is
trusted, a more expansive set of allowed tags and attributes will be used.
See also %CSS.Trusted.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
================================================
HTML.XHTML
TYPE: bool
DEFAULT: true
VERSION: 1.1.0
DEPRECATED-VERSION: 1.7.0
DEPRECATED-USE: HTML.Doctype
--DESCRIPTION--
Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor.
--ALIASES--
Core.XHTML
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
================================================
Output.CommentScriptContents
TYPE: bool
VERSION: 2.0.0
DEFAULT: true
--DESCRIPTION--
Determines whether or not HTML Purifier should attempt to fix up the
contents of script tags for legacy browsers with comments.
--ALIASES--
Core.CommentScriptContents
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
================================================
Output.FixInnerHTML
TYPE: bool
VERSION: 4.3.0
DEFAULT: true
--DESCRIPTION--
If true, HTML Purifier will protect against Internet Explorer's
mishandling of the innerHTML attribute by appending
a space to any attribute that does not contain angled brackets, spaces
or quotes, but contains a backtick. This slightly changes the
semantics of any given attribute, so if this is unacceptable and
you do not use innerHTML on any of your pages, you can
turn this directive off.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
================================================
Output.FlashCompat
TYPE: bool
VERSION: 4.1.0
DEFAULT: false
--DESCRIPTION--
If true, HTML Purifier will generate Internet Explorer compatibility
code for all object code. This is highly recommended if you enable
%HTML.SafeObject.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
================================================
Output.Newline
TYPE: string/null
VERSION: 2.0.1
DEFAULT: NULL
--DESCRIPTION--
Newline string to format final output with. If left null, HTML Purifier
will auto-detect the default newline type of the system and use that;
you can manually override it here. Remember, \r\n is Windows, \r
is Mac, and \n is Unix.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
================================================
Output.SortAttr
TYPE: bool
VERSION: 3.2.0
DEFAULT: false
--DESCRIPTION--
If true, HTML Purifier will sort attributes by name before writing them back
to the document, converting a tag like: <el b="" a="" c="" />
to <el a="" b="" c="" />. This is a workaround for
a bug in FCKeditor which causes it to swap attributes order, adding noise
to text diffs. If you're not seeing this bug, chances are, you don't need
this directive.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
================================================
Output.TidyFormat
TYPE: bool
VERSION: 1.1.1
DEFAULT: false
--DESCRIPTION--
Determines whether or not to run Tidy on the final output for pretty
formatting reasons, such as indentation and wrap.
This can greatly improve readability for editors who are hand-editing
the HTML, but is by no means necessary as HTML Purifier has already
fixed all major errors the HTML may have had. Tidy is a non-default
extension, and this directive will silently fail if Tidy is not
available.
If you are looking to make the overall look of your page's source
better, I recommend running Tidy on the entire page rather than just
user-content (after all, the indentation relative to the containing
blocks will be incorrect).
--ALIASES--
Core.TidyFormat
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
================================================
Test.ForceNoIconv
TYPE: bool
DEFAULT: false
--DESCRIPTION--
When set to true, HTMLPurifier_Encoder will act as if iconv does not exist
and use only pure PHP implementations.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
================================================
URI.AllowedSchemes
TYPE: lookup
--DEFAULT--
array (
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
)
--DESCRIPTION--
Whitelist that defines the schemes that a URI is allowed to have. This
prevents XSS attacks from using pseudo-schemes like javascript or mocha.
There is also support for the data and file
URI schemes, but they are not enabled by default.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
================================================
URI.Base
TYPE: string/null
VERSION: 2.1.0
DEFAULT: NULL
--DESCRIPTION--
The base URI is the URI of the document this purified HTML will be
inserted into. This information is important if HTML Purifier needs
to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
is on. You may use a non-absolute URI for this value, but behavior
may vary (%URI.MakeAbsolute deals nicely with both absolute and
relative paths, but forwards-compatibility is not guaranteed).
Warning: If set, the scheme on this URI
overrides the one specified by %URI.DefaultScheme.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
================================================
URI.DefaultScheme
TYPE: string
DEFAULT: 'http'
--DESCRIPTION--
Defines through what scheme the output will be served, in order to
select the proper object validator when no scheme information is present.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
================================================
URI.DefinitionID
TYPE: string/null
VERSION: 2.1.0
DEFAULT: NULL
--DESCRIPTION--
Unique identifier for a custom-built URI definition. If you want
to add custom URIFilters, you must specify this value.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
================================================
URI.DefinitionRev
TYPE: int
VERSION: 2.1.0
DEFAULT: 1
--DESCRIPTION--
Revision identifier for your custom definition. See
%HTML.DefinitionRev for details.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
================================================
URI.Disable
TYPE: bool
VERSION: 1.3.0
DEFAULT: false
--DESCRIPTION--
Disables all URIs in all forms. Not sure why you'd want to do that
(after all, the Internet's founded on the notion of a hyperlink).
--ALIASES--
Attr.DisableURI
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
================================================
URI.DisableExternal
TYPE: bool
VERSION: 1.2.0
DEFAULT: false
--DESCRIPTION--
Disables links to external websites. This is a highly effective anti-spam
and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
images outside of your domain will be allowed. Non-linkified URIs will
still be preserved. If you want to be able to link to subdomains or use
absolute URIs, specify %URI.Host for your website.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
================================================
URI.DisableExternalResources
TYPE: bool
VERSION: 1.3.0
DEFAULT: false
--DESCRIPTION--
Disables the embedding of external resources, preventing users from
embedding things like images from other hosts. This prevents access
tracking (good for email viewers), bandwidth leeching, cross-site request
forging, goatse.cx posting, and other nasties, but also results in a loss
of end-user functionality (they can't directly post a pic they posted from
Flickr anymore). Use it if you don't have a robust user-content moderation
team.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
================================================
URI.DisableResources
TYPE: bool
VERSION: 4.2.0
DEFAULT: false
--DESCRIPTION--
Disables embedding resources, essentially meaning no pictures. You can
still link to them though. See %URI.DisableExternalResources for why
this might be a good idea.
Note: While this directive has been available since 1.3.0,
it didn't actually start doing anything until 4.2.0.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
================================================
URI.Host
TYPE: string/null
VERSION: 1.2.0
DEFAULT: NULL
--DESCRIPTION--
Defines the domain name of the server, so we can determine whether or
an absolute URI is from your website or not. Not strictly necessary,
as users should be using relative URIs to reference resources on your
website. It will, however, let you use absolute URIs to link to
subdomains of the domain you post here: i.e. example.com will allow
sub.example.com. However, higher up domains will still be excluded:
if you set %URI.Host to sub.example.com, example.com will be blocked.
Note: This directive overrides %URI.Base because
a given page may be on a sub-domain, but you wish HTML Purifier to be
more relaxed and allow some of the parent domains too.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
================================================
URI.HostBlacklist
TYPE: list
VERSION: 1.3.0
DEFAULT: array()
--DESCRIPTION--
List of strings that are forbidden in the host of any URI. Use it to kill
domain names of spam, etc. Note that it will catch anything in the domain,
so moo.com will catch moo.com.example.com.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
================================================
URI.MakeAbsolute
TYPE: bool
VERSION: 2.1.0
DEFAULT: false
--DESCRIPTION--
Converts all URIs into absolute forms. This is useful when the HTML
being filtered assumes a specific base path, but will actually be
viewed in a different context (and setting an alternate base URI is
not possible). %URI.Base must be set for this directive to work.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
================================================
URI.Munge
TYPE: string/null
VERSION: 1.3.0
DEFAULT: NULL
--DESCRIPTION--
Munges all browsable (usually http, https and ftp)
absolute URIs into another URI, usually a URI redirection service.
This directive accepts a URI, formatted with a %s where
the url-encoded original URI should be inserted (sample:
http://www.google.com/url?q=%s).
Uses for this directive:
-
Prevent PageRank leaks, while being fairly transparent
to users (you may also want to add some client side JavaScript to
override the text in the statusbar). Notice:
Many security experts believe that this form of protection does not deter spam-bots.
-
Redirect users to a splash page telling them they are leaving your
website. While this is poor usability practice, it is often mandated
in corporate environments.
Prior to HTML Purifier 3.1.1, this directive also enabled the munging
of browsable external resources, which could break things if your redirection
script was a splash page or used meta tags. To revert to
previous behavior, please use %URI.MungeResources.
You may want to also use %URI.MungeSecretKey along with this directive
in order to enforce what URIs your redirector script allows. Open
redirector scripts can be a security risk and negatively affect the
reputation of your domain name.
Starting with HTML Purifier 3.1.1, there is also these substitutions:
| Key |
Description |
Example <a href=""> |
| %r |
1 - The URI embeds a resource
(blank) - The URI is merely a link |
|
| %n |
The name of the tag this URI came from |
a |
| %m |
The name of the attribute this URI came from |
href |
| %p |
The name of the CSS property this URI came from, or blank if irrelevant |
|
Admittedly, these letters are somewhat arbitrary; the only stipulation
was that they couldn't be a through f. r is for resource (I would have preferred
e, but you take what you can get), n is for name, m
was picked because it came after n (and I couldn't use a), p is for
property.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
================================================
URI.MungeResources
TYPE: bool
VERSION: 3.1.1
DEFAULT: false
--DESCRIPTION--
If true, any URI munging directives like %URI.Munge
will also apply to embedded resources, such as <img src="">.
Be careful enabling this directive if you have a redirector script
that does not use the Location HTTP header; all of your images
and other embedded resources will break.
Warning: It is strongly advised you use this in conjunction
%URI.MungeSecretKey to mitigate the security risk of an open redirector.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
================================================
URI.MungeSecretKey
TYPE: string/null
VERSION: 3.1.1
DEFAULT: NULL
--DESCRIPTION--
This directive enables secure checksum generation along with %URI.Munge.
It should be set to a secure key that is not shared with anyone else.
The checksum can be placed in the URI using %t. Use of this checksum
affords an additional level of protection by allowing a redirector
to check if a URI has passed through HTML Purifier with this line:
$checksum === hash_hmac("sha256", $url, $secret_key)
If the output is TRUE, the redirector script should accept the URI.
Please note that it would still be possible for an attacker to procure
secure hashes en-mass by abusing your website's Preview feature or the
like, but this service affords an additional level of protection
that should be combined with website blacklisting.
Remember this has no effect if %URI.Munge is not on.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
================================================
URI.OverrideAllowedSchemes
TYPE: bool
DEFAULT: true
--DESCRIPTION--
If this is set to true (which it is by default), you can override
%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the
registry. If false, you will also have to update that directive in order
to add more schemes.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
================================================
URI.SafeIframeRegexp
TYPE: string/null
VERSION: 4.4.0
DEFAULT: NULL
--DESCRIPTION--
A PCRE regular expression that will be matched against an iframe URI. This is
a relatively inflexible scheme, but works well enough for the most common
use-case of iframes: embedded video. This directive only has an effect if
%HTML.SafeIframe is enabled. Here are some example values:
%^http://www.youtube.com/embed/% - Allow YouTube videos%^http://player.vimeo.com/video/% - Allow Vimeo videos%^http://(www.youtube.com/embed/|player.vimeo.com/video/)% - Allow both
Note that this directive does not give you enough granularity to, say, disable
all autoplay videos. Pipe up on the HTML Purifier forums if this
is a capability you want.
--# vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
================================================
name = "HTML Purifier"
; vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/EntityLookup/entities.ser
================================================
a:253:{s:4:"fnof";s:2:"ƒ";s:5:"Alpha";s:2:"Α";s:4:"Beta";s:2:"Β";s:5:"Gamma";s:2:"Γ";s:5:"Delta";s:2:"Δ";s:7:"Epsilon";s:2:"Ε";s:4:"Zeta";s:2:"Ζ";s:3:"Eta";s:2:"Η";s:5:"Theta";s:2:"Θ";s:4:"Iota";s:2:"Ι";s:5:"Kappa";s:2:"Κ";s:6:"Lambda";s:2:"Λ";s:2:"Mu";s:2:"Μ";s:2:"Nu";s:2:"Ν";s:2:"Xi";s:2:"Ξ";s:7:"Omicron";s:2:"Ο";s:2:"Pi";s:2:"Π";s:3:"Rho";s:2:"Ρ";s:5:"Sigma";s:2:"Σ";s:3:"Tau";s:2:"Τ";s:7:"Upsilon";s:2:"Υ";s:3:"Phi";s:2:"Φ";s:3:"Chi";s:2:"Χ";s:3:"Psi";s:2:"Ψ";s:5:"Omega";s:2:"Ω";s:5:"alpha";s:2:"α";s:4:"beta";s:2:"β";s:5:"gamma";s:2:"γ";s:5:"delta";s:2:"δ";s:7:"epsilon";s:2:"ε";s:4:"zeta";s:2:"ζ";s:3:"eta";s:2:"η";s:5:"theta";s:2:"θ";s:4:"iota";s:2:"ι";s:5:"kappa";s:2:"κ";s:6:"lambda";s:2:"λ";s:2:"mu";s:2:"μ";s:2:"nu";s:2:"ν";s:2:"xi";s:2:"ξ";s:7:"omicron";s:2:"ο";s:2:"pi";s:2:"π";s:3:"rho";s:2:"ρ";s:6:"sigmaf";s:2:"ς";s:5:"sigma";s:2:"σ";s:3:"tau";s:2:"τ";s:7:"upsilon";s:2:"υ";s:3:"phi";s:2:"φ";s:3:"chi";s:2:"χ";s:3:"psi";s:2:"ψ";s:5:"omega";s:2:"ω";s:8:"thetasym";s:2:"ϑ";s:5:"upsih";s:2:"ϒ";s:3:"piv";s:2:"ϖ";s:4:"bull";s:3:"•";s:6:"hellip";s:3:"…";s:5:"prime";s:3:"′";s:5:"Prime";s:3:"″";s:5:"oline";s:3:"‾";s:5:"frasl";s:3:"⁄";s:6:"weierp";s:3:"℘";s:5:"image";s:3:"ℑ";s:4:"real";s:3:"ℜ";s:5:"trade";s:3:"™";s:7:"alefsym";s:3:"ℵ";s:4:"larr";s:3:"←";s:4:"uarr";s:3:"↑";s:4:"rarr";s:3:"→";s:4:"darr";s:3:"↓";s:4:"harr";s:3:"↔";s:5:"crarr";s:3:"↵";s:4:"lArr";s:3:"⇐";s:4:"uArr";s:3:"⇑";s:4:"rArr";s:3:"⇒";s:4:"dArr";s:3:"⇓";s:4:"hArr";s:3:"⇔";s:6:"forall";s:3:"∀";s:4:"part";s:3:"∂";s:5:"exist";s:3:"∃";s:5:"empty";s:3:"∅";s:5:"nabla";s:3:"∇";s:4:"isin";s:3:"∈";s:5:"notin";s:3:"∉";s:2:"ni";s:3:"∋";s:4:"prod";s:3:"∏";s:3:"sum";s:3:"∑";s:5:"minus";s:3:"−";s:6:"lowast";s:3:"∗";s:5:"radic";s:3:"√";s:4:"prop";s:3:"∝";s:5:"infin";s:3:"∞";s:3:"ang";s:3:"∠";s:3:"and";s:3:"∧";s:2:"or";s:3:"∨";s:3:"cap";s:3:"∩";s:3:"cup";s:3:"∪";s:3:"int";s:3:"∫";s:6:"there4";s:3:"∴";s:3:"sim";s:3:"∼";s:4:"cong";s:3:"≅";s:5:"asymp";s:3:"≈";s:2:"ne";s:3:"≠";s:5:"equiv";s:3:"≡";s:2:"le";s:3:"≤";s:2:"ge";s:3:"≥";s:3:"sub";s:3:"⊂";s:3:"sup";s:3:"⊃";s:4:"nsub";s:3:"⊄";s:4:"sube";s:3:"⊆";s:4:"supe";s:3:"⊇";s:5:"oplus";s:3:"⊕";s:6:"otimes";s:3:"⊗";s:4:"perp";s:3:"⊥";s:4:"sdot";s:3:"⋅";s:5:"lceil";s:3:"⌈";s:5:"rceil";s:3:"⌉";s:6:"lfloor";s:3:"⌊";s:6:"rfloor";s:3:"⌋";s:4:"lang";s:3:"〈";s:4:"rang";s:3:"〉";s:3:"loz";s:3:"◊";s:6:"spades";s:3:"♠";s:5:"clubs";s:3:"♣";s:6:"hearts";s:3:"♥";s:5:"diams";s:3:"♦";s:4:"quot";s:1:""";s:3:"amp";s:1:"&";s:2:"lt";s:1:"<";s:2:"gt";s:1:">";s:4:"apos";s:1:"'";s:5:"OElig";s:2:"Œ";s:5:"oelig";s:2:"œ";s:6:"Scaron";s:2:"Š";s:6:"scaron";s:2:"š";s:4:"Yuml";s:2:"Ÿ";s:4:"circ";s:2:"ˆ";s:5:"tilde";s:2:"˜";s:4:"ensp";s:3:" ";s:4:"emsp";s:3:" ";s:6:"thinsp";s:3:" ";s:4:"zwnj";s:3:"";s:3:"zwj";s:3:"";s:3:"lrm";s:3:"";s:3:"rlm";s:3:"";s:5:"ndash";s:3:"–";s:5:"mdash";s:3:"—";s:5:"lsquo";s:3:"‘";s:5:"rsquo";s:3:"’";s:5:"sbquo";s:3:"‚";s:5:"ldquo";s:3:"“";s:5:"rdquo";s:3:"”";s:5:"bdquo";s:3:"„";s:6:"dagger";s:3:"†";s:6:"Dagger";s:3:"‡";s:6:"permil";s:3:"‰";s:6:"lsaquo";s:3:"‹";s:6:"rsaquo";s:3:"›";s:4:"euro";s:3:"€";s:4:"nbsp";s:2:" ";s:5:"iexcl";s:2:"¡";s:4:"cent";s:2:"¢";s:5:"pound";s:2:"£";s:6:"curren";s:2:"¤";s:3:"yen";s:2:"¥";s:6:"brvbar";s:2:"¦";s:4:"sect";s:2:"§";s:3:"uml";s:2:"¨";s:4:"copy";s:2:"©";s:4:"ordf";s:2:"ª";s:5:"laquo";s:2:"«";s:3:"not";s:2:"¬";s:3:"shy";s:2:"";s:3:"reg";s:2:"®";s:4:"macr";s:2:"¯";s:3:"deg";s:2:"°";s:6:"plusmn";s:2:"±";s:4:"sup2";s:2:"²";s:4:"sup3";s:2:"³";s:5:"acute";s:2:"´";s:5:"micro";s:2:"µ";s:4:"para";s:2:"¶";s:6:"middot";s:2:"·";s:5:"cedil";s:2:"¸";s:4:"sup1";s:2:"¹";s:4:"ordm";s:2:"º";s:5:"raquo";s:2:"»";s:6:"frac14";s:2:"¼";s:6:"frac12";s:2:"½";s:6:"frac34";s:2:"¾";s:6:"iquest";s:2:"¿";s:6:"Agrave";s:2:"À";s:6:"Aacute";s:2:"Á";s:5:"Acirc";s:2:"Â";s:6:"Atilde";s:2:"Ã";s:4:"Auml";s:2:"Ä";s:5:"Aring";s:2:"Å";s:5:"AElig";s:2:"Æ";s:6:"Ccedil";s:2:"Ç";s:6:"Egrave";s:2:"È";s:6:"Eacute";s:2:"É";s:5:"Ecirc";s:2:"Ê";s:4:"Euml";s:2:"Ë";s:6:"Igrave";s:2:"Ì";s:6:"Iacute";s:2:"Í";s:5:"Icirc";s:2:"Î";s:4:"Iuml";s:2:"Ï";s:3:"ETH";s:2:"Ð";s:6:"Ntilde";s:2:"Ñ";s:6:"Ograve";s:2:"Ò";s:6:"Oacute";s:2:"Ó";s:5:"Ocirc";s:2:"Ô";s:6:"Otilde";s:2:"Õ";s:4:"Ouml";s:2:"Ö";s:5:"times";s:2:"×";s:6:"Oslash";s:2:"Ø";s:6:"Ugrave";s:2:"Ù";s:6:"Uacute";s:2:"Ú";s:5:"Ucirc";s:2:"Û";s:4:"Uuml";s:2:"Ü";s:6:"Yacute";s:2:"Ý";s:5:"THORN";s:2:"Þ";s:5:"szlig";s:2:"ß";s:6:"agrave";s:2:"à";s:6:"aacute";s:2:"á";s:5:"acirc";s:2:"â";s:6:"atilde";s:2:"ã";s:4:"auml";s:2:"ä";s:5:"aring";s:2:"å";s:5:"aelig";s:2:"æ";s:6:"ccedil";s:2:"ç";s:6:"egrave";s:2:"è";s:6:"eacute";s:2:"é";s:5:"ecirc";s:2:"ê";s:4:"euml";s:2:"ë";s:6:"igrave";s:2:"ì";s:6:"iacute";s:2:"í";s:5:"icirc";s:2:"î";s:4:"iuml";s:2:"ï";s:3:"eth";s:2:"ð";s:6:"ntilde";s:2:"ñ";s:6:"ograve";s:2:"ò";s:6:"oacute";s:2:"ó";s:5:"ocirc";s:2:"ô";s:6:"otilde";s:2:"õ";s:4:"ouml";s:2:"ö";s:6:"divide";s:2:"÷";s:6:"oslash";s:2:"ø";s:6:"ugrave";s:2:"ù";s:6:"uacute";s:2:"ú";s:5:"ucirc";s:2:"û";s:4:"uuml";s:2:"ü";s:6:"yacute";s:2:"ý";s:5:"thorn";s:2:"þ";s:4:"yuml";s:2:"ÿ";}
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
================================================
blocks from input HTML, cleans them up
* using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')
* so they can be used elsewhere in the document.
*
* @note
* See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for
* sample usage.
*
* @note
* This filter can also be used on stylesheets not included in the
* document--something purists would probably prefer. Just directly
* call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()
*/
class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
{
/**
* @type string
*/
public $name = 'ExtractStyleBlocks';
/**
* @type array
*/
private $_styleMatches = array();
/**
* @type csstidy
*/
private $_tidy;
/**
* @type HTMLPurifier_AttrDef_HTML_ID
*/
private $_id_attrdef;
/**
* @type HTMLPurifier_AttrDef_CSS_Ident
*/
private $_class_attrdef;
/**
* @type HTMLPurifier_AttrDef_Enum
*/
private $_enum_attrdef;
public function __construct()
{
$this->_tidy = new csstidy();
$this->_tidy->set_cfg('lowercase_s', false);
$this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);
$this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();
$this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(
array(
'first-child',
'link',
'visited',
'active',
'hover',
'focus'
)
);
}
/**
* Save the contents of CSS blocks to style matches
* @param array $matches preg_replace style $matches array
*/
protected function styleCallback($matches)
{
$this->_styleMatches[] = $matches[1];
}
/**
* Removes inline #isU', array($this, 'styleCallback'), $html);
$style_blocks = $this->_styleMatches;
$this->_styleMatches = array(); // reset
$context->register('StyleBlocks', $style_blocks); // $context must not be reused
if ($this->_tidy) {
foreach ($style_blocks as &$style) {
$style = $this->cleanCSS($style, $config, $context);
}
}
return $html;
}
/**
* Takes CSS (the stuff found in in a font-family prop).
if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {
$css = str_replace(
array('<', '>', '&'),
array('\3C ', '\3E ', '\26 '),
$css
);
}
return $css;
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Filter/YouTube.php
================================================
.*/i';
$pre_regex_list[] = '/.*.*/i';
$pre_regex_list[] = '/.*.*/i';
$pre_regex_list[] = '/.*.*/i';
$pre_regex_list[] = '/.*.*/i';
$pre_regex_list[] = '/.*.*/i';
$pre_replace = '$1';
foreach($pre_regex_list as $pre_regex) $html = preg_replace($pre_regex, $pre_replace, $html);
return $html;
}
/**
* @param string $html
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return string
*/
public function postFilter($html, $config, $context)
{
$post_regex = '/(.*)<\/span>/i';
return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
}
/**
* @param $url
* @return string
*/
protected function armorUrl($url)
{
return str_replace('--', '--', $url);
}
/**
* @param array $matches
* @return string
*/
protected function postFilterCallback($matches)
{
$url = $this->armorUrl($matches[1]);
return '';
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Language/classes/en-x-test.php
================================================
'HTML Purifier X'
);
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php
================================================
'HTML Purifier XNone'
);
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Language/messages/en.php
================================================
'HTML Purifier',
// for unit testing purposes
'LanguageFactoryTest: Pizza' => 'Pizza',
'LanguageTest: List' => '$1',
'LanguageTest: Hash' => '$1.Keys; $1.Values',
'Item separator' => ', ',
'Item separator last' => ' and ', // non-Harvard style
'ErrorCollector: No errors' => 'No errors detected. However, because error reporting is still incomplete, there may have been errors that the error collector was not notified of; please inspect the output HTML carefully.',
'ErrorCollector: At line' => ' at line $line',
'ErrorCollector: Incidental errors' => 'Incidental errors',
'Lexer: Unclosed comment' => 'Unclosed comment',
'Lexer: Unescaped lt' => 'Unescaped less-than sign (<) should be <',
'Lexer: Missing gt' => 'Missing greater-than sign (>), previous less-than sign (<) should be escaped',
'Lexer: Missing attribute key' => 'Attribute declaration has no key',
'Lexer: Missing end quote' => 'Attribute declaration has no end quote',
'Lexer: Extracted body' => 'Removed document metadata tags',
'Strategy_RemoveForeignElements: Tag transform' => '<$1> element transformed into $CurrentToken.Serialized',
'Strategy_RemoveForeignElements: Missing required attribute' => '$CurrentToken.Compact element missing required attribute $1',
'Strategy_RemoveForeignElements: Foreign element to text' => 'Unrecognized $CurrentToken.Serialized tag converted to text',
'Strategy_RemoveForeignElements: Foreign element removed' => 'Unrecognized $CurrentToken.Serialized tag removed',
'Strategy_RemoveForeignElements: Comment removed' => 'Comment containing "$CurrentToken.Data" removed',
'Strategy_RemoveForeignElements: Foreign meta element removed' => 'Unrecognized $CurrentToken.Serialized meta tag and all descendants removed',
'Strategy_RemoveForeignElements: Token removed to end' => 'Tags and text starting from $1 element where removed to end',
'Strategy_RemoveForeignElements: Trailing hyphen in comment removed' => 'Trailing hyphen(s) in comment removed',
'Strategy_RemoveForeignElements: Hyphens in comment collapsed' => 'Double hyphens in comments are not allowed, and were collapsed into single hyphens',
'Strategy_MakeWellFormed: Unnecessary end tag removed' => 'Unnecessary $CurrentToken.Serialized tag removed',
'Strategy_MakeWellFormed: Unnecessary end tag to text' => 'Unnecessary $CurrentToken.Serialized tag converted to text',
'Strategy_MakeWellFormed: Tag auto closed' => '$1.Compact started on line $1.Line auto-closed by $CurrentToken.Compact',
'Strategy_MakeWellFormed: Tag carryover' => '$1.Compact started on line $1.Line auto-continued into $CurrentToken.Compact',
'Strategy_MakeWellFormed: Stray end tag removed' => 'Stray $CurrentToken.Serialized tag removed',
'Strategy_MakeWellFormed: Stray end tag to text' => 'Stray $CurrentToken.Serialized tag converted to text',
'Strategy_MakeWellFormed: Tag closed by element end' => '$1.Compact tag started on line $1.Line closed by end of $CurrentToken.Serialized',
'Strategy_MakeWellFormed: Tag closed by document end' => '$1.Compact tag started on line $1.Line closed by end of document',
'Strategy_FixNesting: Node removed' => '$CurrentToken.Compact node removed',
'Strategy_FixNesting: Node excluded' => '$CurrentToken.Compact node removed due to descendant exclusion by ancestor element',
'Strategy_FixNesting: Node reorganized' => 'Contents of $CurrentToken.Compact node reorganized to enforce its content model',
'Strategy_FixNesting: Node contents removed' => 'Contents of $CurrentToken.Compact node removed',
'AttrValidator: Attributes transformed' => 'Attributes on $CurrentToken.Compact transformed from $1.Keys to $2.Keys',
'AttrValidator: Attribute removed' => '$CurrentAttr.Name attribute on $CurrentToken.Compact removed',
);
$errorNames = array(
E_ERROR => 'Error',
E_WARNING => 'Warning',
E_NOTICE => 'Notice'
);
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Lexer/PH5P.php
================================================
normalize($html, $config, $context);
$new_html = $this->wrapHTML($new_html, $config, $context);
try {
$parser = new HTML5($new_html);
$doc = $parser->save();
} catch (DOMException $e) {
// Uh oh, it failed. Punt to DirectLex.
$lexer = new HTMLPurifier_Lexer_DirectLex();
$context->register('PH5PError', $e); // save the error, so we can detect it
return $lexer->tokenizeHTML($html, $config, $context); // use original HTML
}
$tokens = array();
$this->tokenizeDOM(
$doc->getElementsByTagName('html')->item(0)-> //
getElementsByTagName('body')->item(0)-> //
getElementsByTagName('div')->item(0) //
,
$tokens
);
return $tokens;
}
}
/*
Copyright 2007 Jeroen van der Meer
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
class HTML5
{
private $data;
private $char;
private $EOF;
private $state;
private $tree;
private $token;
private $content_model;
private $escape = false;
private $entities = array(
'AElig;',
'AElig',
'AMP;',
'AMP',
'Aacute;',
'Aacute',
'Acirc;',
'Acirc',
'Agrave;',
'Agrave',
'Alpha;',
'Aring;',
'Aring',
'Atilde;',
'Atilde',
'Auml;',
'Auml',
'Beta;',
'COPY;',
'COPY',
'Ccedil;',
'Ccedil',
'Chi;',
'Dagger;',
'Delta;',
'ETH;',
'ETH',
'Eacute;',
'Eacute',
'Ecirc;',
'Ecirc',
'Egrave;',
'Egrave',
'Epsilon;',
'Eta;',
'Euml;',
'Euml',
'GT;',
'GT',
'Gamma;',
'Iacute;',
'Iacute',
'Icirc;',
'Icirc',
'Igrave;',
'Igrave',
'Iota;',
'Iuml;',
'Iuml',
'Kappa;',
'LT;',
'LT',
'Lambda;',
'Mu;',
'Ntilde;',
'Ntilde',
'Nu;',
'OElig;',
'Oacute;',
'Oacute',
'Ocirc;',
'Ocirc',
'Ograve;',
'Ograve',
'Omega;',
'Omicron;',
'Oslash;',
'Oslash',
'Otilde;',
'Otilde',
'Ouml;',
'Ouml',
'Phi;',
'Pi;',
'Prime;',
'Psi;',
'QUOT;',
'QUOT',
'REG;',
'REG',
'Rho;',
'Scaron;',
'Sigma;',
'THORN;',
'THORN',
'TRADE;',
'Tau;',
'Theta;',
'Uacute;',
'Uacute',
'Ucirc;',
'Ucirc',
'Ugrave;',
'Ugrave',
'Upsilon;',
'Uuml;',
'Uuml',
'Xi;',
'Yacute;',
'Yacute',
'Yuml;',
'Zeta;',
'aacute;',
'aacute',
'acirc;',
'acirc',
'acute;',
'acute',
'aelig;',
'aelig',
'agrave;',
'agrave',
'alefsym;',
'alpha;',
'amp;',
'amp',
'and;',
'ang;',
'apos;',
'aring;',
'aring',
'asymp;',
'atilde;',
'atilde',
'auml;',
'auml',
'bdquo;',
'beta;',
'brvbar;',
'brvbar',
'bull;',
'cap;',
'ccedil;',
'ccedil',
'cedil;',
'cedil',
'cent;',
'cent',
'chi;',
'circ;',
'clubs;',
'cong;',
'copy;',
'copy',
'crarr;',
'cup;',
'curren;',
'curren',
'dArr;',
'dagger;',
'darr;',
'deg;',
'deg',
'delta;',
'diams;',
'divide;',
'divide',
'eacute;',
'eacute',
'ecirc;',
'ecirc',
'egrave;',
'egrave',
'empty;',
'emsp;',
'ensp;',
'epsilon;',
'equiv;',
'eta;',
'eth;',
'eth',
'euml;',
'euml',
'euro;',
'exist;',
'fnof;',
'forall;',
'frac12;',
'frac12',
'frac14;',
'frac14',
'frac34;',
'frac34',
'frasl;',
'gamma;',
'ge;',
'gt;',
'gt',
'hArr;',
'harr;',
'hearts;',
'hellip;',
'iacute;',
'iacute',
'icirc;',
'icirc',
'iexcl;',
'iexcl',
'igrave;',
'igrave',
'image;',
'infin;',
'int;',
'iota;',
'iquest;',
'iquest',
'isin;',
'iuml;',
'iuml',
'kappa;',
'lArr;',
'lambda;',
'lang;',
'laquo;',
'laquo',
'larr;',
'lceil;',
'ldquo;',
'le;',
'lfloor;',
'lowast;',
'loz;',
'lrm;',
'lsaquo;',
'lsquo;',
'lt;',
'lt',
'macr;',
'macr',
'mdash;',
'micro;',
'micro',
'middot;',
'middot',
'minus;',
'mu;',
'nabla;',
'nbsp;',
'nbsp',
'ndash;',
'ne;',
'ni;',
'not;',
'not',
'notin;',
'nsub;',
'ntilde;',
'ntilde',
'nu;',
'oacute;',
'oacute',
'ocirc;',
'ocirc',
'oelig;',
'ograve;',
'ograve',
'oline;',
'omega;',
'omicron;',
'oplus;',
'or;',
'ordf;',
'ordf',
'ordm;',
'ordm',
'oslash;',
'oslash',
'otilde;',
'otilde',
'otimes;',
'ouml;',
'ouml',
'para;',
'para',
'part;',
'permil;',
'perp;',
'phi;',
'pi;',
'piv;',
'plusmn;',
'plusmn',
'pound;',
'pound',
'prime;',
'prod;',
'prop;',
'psi;',
'quot;',
'quot',
'rArr;',
'radic;',
'rang;',
'raquo;',
'raquo',
'rarr;',
'rceil;',
'rdquo;',
'real;',
'reg;',
'reg',
'rfloor;',
'rho;',
'rlm;',
'rsaquo;',
'rsquo;',
'sbquo;',
'scaron;',
'sdot;',
'sect;',
'sect',
'shy;',
'shy',
'sigma;',
'sigmaf;',
'sim;',
'spades;',
'sub;',
'sube;',
'sum;',
'sup1;',
'sup1',
'sup2;',
'sup2',
'sup3;',
'sup3',
'sup;',
'supe;',
'szlig;',
'szlig',
'tau;',
'there4;',
'theta;',
'thetasym;',
'thinsp;',
'thorn;',
'thorn',
'tilde;',
'times;',
'times',
'trade;',
'uArr;',
'uacute;',
'uacute',
'uarr;',
'ucirc;',
'ucirc',
'ugrave;',
'ugrave',
'uml;',
'uml',
'upsih;',
'upsilon;',
'uuml;',
'uuml',
'weierp;',
'xi;',
'yacute;',
'yacute',
'yen;',
'yen',
'yuml;',
'yuml',
'zeta;',
'zwj;',
'zwnj;'
);
const PCDATA = 0;
const RCDATA = 1;
const CDATA = 2;
const PLAINTEXT = 3;
const DOCTYPE = 0;
const STARTTAG = 1;
const ENDTAG = 2;
const COMMENT = 3;
const CHARACTR = 4;
const EOF = 5;
public function __construct($data)
{
$this->data = $data;
$this->char = -1;
$this->EOF = strlen($data);
$this->tree = new HTML5TreeConstructer;
$this->content_model = self::PCDATA;
$this->state = 'data';
while ($this->state !== null) {
$this->{$this->state . 'State'}();
}
}
public function save()
{
return $this->tree->save();
}
private function char()
{
return ($this->char < $this->EOF)
? $this->data[$this->char]
: false;
}
private function character($s, $l = 0)
{
if ($s + $l < $this->EOF) {
if ($l === 0) {
return $this->data[$s];
} else {
return substr($this->data, $s, $l);
}
}
}
private function characters($char_class, $start)
{
return preg_replace('#^([' . $char_class . ']+).*#s', '\\1', substr($this->data, $start));
}
private function dataState()
{
// Consume the next input character
$this->char++;
$char = $this->char();
if ($char === '&' && ($this->content_model === self::PCDATA || $this->content_model === self::RCDATA)) {
/* U+0026 AMPERSAND (&)
When the content model flag is set to one of the PCDATA or RCDATA
states: switch to the entity data state. Otherwise: treat it as per
the "anything else" entry below. */
$this->state = 'entityData';
} elseif ($char === '-') {
/* If the content model flag is set to either the RCDATA state or
the CDATA state, and the escape flag is false, and there are at
least three characters before this one in the input stream, and the
last four characters in the input stream, including this one, are
U+003C LESS-THAN SIGN, U+0021 EXCLAMATION MARK, U+002D HYPHEN-MINUS,
and U+002D HYPHEN-MINUS (""),
set the escape flag to false. */
if (($this->content_model === self::RCDATA ||
$this->content_model === self::CDATA) && $this->escape === true &&
$this->character($this->char, 3) === '-->'
) {
$this->escape = false;
}
/* In any case, emit the input character as a character token.
Stay in the data state. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => $char
)
);
} elseif ($this->char === $this->EOF) {
/* EOF
Emit an end-of-file token. */
$this->EOF();
} elseif ($this->content_model === self::PLAINTEXT) {
/* When the content model flag is set to the PLAINTEXT state
THIS DIFFERS GREATLY FROM THE SPEC: Get the remaining characters of
the text and emit it as a character token. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => substr($this->data, $this->char)
)
);
$this->EOF();
} else {
/* Anything else
THIS DIFFERS GREATLY FROM THE SPEC: Get as many character that
otherwise would also be treated as a character token and emit it
as a single character token. Stay in the data state. */
$len = strcspn($this->data, '<&', $this->char);
$char = substr($this->data, $this->char, $len);
$this->char += $len - 1;
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => $char
)
);
$this->state = 'data';
}
}
private function entityDataState()
{
// Attempt to consume an entity.
$entity = $this->entity();
// If nothing is returned, emit a U+0026 AMPERSAND character token.
// Otherwise, emit the character token that was returned.
$char = (!$entity) ? '&' : $entity;
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => $char
)
);
// Finally, switch to the data state.
$this->state = 'data';
}
private function tagOpenState()
{
switch ($this->content_model) {
case self::RCDATA:
case self::CDATA:
/* If the next input character is a U+002F SOLIDUS (/) character,
consume it and switch to the close tag open state. If the next
input character is not a U+002F SOLIDUS (/) character, emit a
U+003C LESS-THAN SIGN character token and switch to the data
state to process the next input character. */
if ($this->character($this->char + 1) === '/') {
$this->char++;
$this->state = 'closeTagOpen';
} else {
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => '<'
)
);
$this->state = 'data';
}
break;
case self::PCDATA:
// If the content model flag is set to the PCDATA state
// Consume the next input character:
$this->char++;
$char = $this->char();
if ($char === '!') {
/* U+0021 EXCLAMATION MARK (!)
Switch to the markup declaration open state. */
$this->state = 'markupDeclarationOpen';
} elseif ($char === '/') {
/* U+002F SOLIDUS (/)
Switch to the close tag open state. */
$this->state = 'closeTagOpen';
} elseif (preg_match('/^[A-Za-z]$/', $char)) {
/* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z
Create a new start tag token, set its tag name to the lowercase
version of the input character (add 0x0020 to the character's code
point), then switch to the tag name state. (Don't emit the token
yet; further details will be filled in before it is emitted.) */
$this->token = array(
'name' => strtolower($char),
'type' => self::STARTTAG,
'attr' => array()
);
$this->state = 'tagName';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Parse error. Emit a U+003C LESS-THAN SIGN character token and a
U+003E GREATER-THAN SIGN character token. Switch to the data state. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => '<>'
)
);
$this->state = 'data';
} elseif ($char === '?') {
/* U+003F QUESTION MARK (?)
Parse error. Switch to the bogus comment state. */
$this->state = 'bogusComment';
} else {
/* Anything else
Parse error. Emit a U+003C LESS-THAN SIGN character token and
reconsume the current input character in the data state. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => '<'
)
);
$this->char--;
$this->state = 'data';
}
break;
}
}
private function closeTagOpenState()
{
$next_node = strtolower($this->characters('A-Za-z', $this->char + 1));
$the_same = count($this->tree->stack) > 0 && $next_node === end($this->tree->stack)->nodeName;
if (($this->content_model === self::RCDATA || $this->content_model === self::CDATA) &&
(!$the_same || ($the_same && (!preg_match(
'/[\t\n\x0b\x0c >\/]/',
$this->character($this->char + 1 + strlen($next_node))
) || $this->EOF === $this->char)))
) {
/* If the content model flag is set to the RCDATA or CDATA states then
examine the next few characters. If they do not match the tag name of
the last start tag token emitted (case insensitively), or if they do but
they are not immediately followed by one of the following characters:
* U+0009 CHARACTER TABULATION
* U+000A LINE FEED (LF)
* U+000B LINE TABULATION
* U+000C FORM FEED (FF)
* U+0020 SPACE
* U+003E GREATER-THAN SIGN (>)
* U+002F SOLIDUS (/)
* EOF
...then there is a parse error. Emit a U+003C LESS-THAN SIGN character
token, a U+002F SOLIDUS character token, and switch to the data state
to process the next input character. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => 'state = 'data';
} else {
/* Otherwise, if the content model flag is set to the PCDATA state,
or if the next few characters do match that tag name, consume the
next input character: */
$this->char++;
$char = $this->char();
if (preg_match('/^[A-Za-z]$/', $char)) {
/* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z
Create a new end tag token, set its tag name to the lowercase version
of the input character (add 0x0020 to the character's code point), then
switch to the tag name state. (Don't emit the token yet; further details
will be filled in before it is emitted.) */
$this->token = array(
'name' => strtolower($char),
'type' => self::ENDTAG
);
$this->state = 'tagName';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Parse error. Switch to the data state. */
$this->state = 'data';
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit a U+003C LESS-THAN SIGN character token and a U+002F
SOLIDUS character token. Reconsume the EOF character in the data state. */
$this->emitToken(
array(
'type' => self::CHARACTR,
'data' => 'char--;
$this->state = 'data';
} else {
/* Parse error. Switch to the bogus comment state. */
$this->state = 'bogusComment';
}
}
}
private function tagNameState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Switch to the before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the EOF
character in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} elseif ($char === '/') {
/* U+002F SOLIDUS (/)
Parse error unless this is a permitted slash. Switch to the before
attribute name state. */
$this->state = 'beforeAttributeName';
} else {
/* Anything else
Append the current input character to the current tag token's tag name.
Stay in the tag name state. */
$this->token['name'] .= strtolower($char);
$this->state = 'tagName';
}
}
private function beforeAttributeNameState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Stay in the before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($char === '/') {
/* U+002F SOLIDUS (/)
Parse error unless this is a permitted slash. Stay in the before
attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the EOF
character in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
/* Anything else
Start a new attribute in the current tag token. Set that attribute's
name to the current input character, and its value to the empty string.
Switch to the attribute name state. */
$this->token['attr'][] = array(
'name' => strtolower($char),
'value' => null
);
$this->state = 'attributeName';
}
}
private function attributeNameState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Stay in the before attribute name state. */
$this->state = 'afterAttributeName';
} elseif ($char === '=') {
/* U+003D EQUALS SIGN (=)
Switch to the before attribute value state. */
$this->state = 'beforeAttributeValue';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($char === '/' && $this->character($this->char + 1) !== '>') {
/* U+002F SOLIDUS (/)
Parse error unless this is a permitted slash. Switch to the before
attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the EOF
character in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
/* Anything else
Append the current input character to the current attribute's name.
Stay in the attribute name state. */
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['name'] .= strtolower($char);
$this->state = 'attributeName';
}
}
private function afterAttributeNameState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Stay in the after attribute name state. */
$this->state = 'afterAttributeName';
} elseif ($char === '=') {
/* U+003D EQUALS SIGN (=)
Switch to the before attribute value state. */
$this->state = 'beforeAttributeValue';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($char === '/' && $this->character($this->char + 1) !== '>') {
/* U+002F SOLIDUS (/)
Parse error unless this is a permitted slash. Switch to the
before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the EOF
character in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
/* Anything else
Start a new attribute in the current tag token. Set that attribute's
name to the current input character, and its value to the empty string.
Switch to the attribute name state. */
$this->token['attr'][] = array(
'name' => strtolower($char),
'value' => null
);
$this->state = 'attributeName';
}
}
private function beforeAttributeValueState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Stay in the before attribute value state. */
$this->state = 'beforeAttributeValue';
} elseif ($char === '"') {
/* U+0022 QUOTATION MARK (")
Switch to the attribute value (double-quoted) state. */
$this->state = 'attributeValueDoubleQuoted';
} elseif ($char === '&') {
/* U+0026 AMPERSAND (&)
Switch to the attribute value (unquoted) state and reconsume
this input character. */
$this->char--;
$this->state = 'attributeValueUnquoted';
} elseif ($char === '\'') {
/* U+0027 APOSTROPHE (')
Switch to the attribute value (single-quoted) state. */
$this->state = 'attributeValueSingleQuoted';
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} else {
/* Anything else
Append the current input character to the current attribute's value.
Switch to the attribute value (unquoted) state. */
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['value'] .= $char;
$this->state = 'attributeValueUnquoted';
}
}
private function attributeValueDoubleQuotedState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if ($char === '"') {
/* U+0022 QUOTATION MARK (")
Switch to the before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($char === '&') {
/* U+0026 AMPERSAND (&)
Switch to the entity in attribute value state. */
$this->entityInAttributeValueState('double');
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the character
in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
/* Anything else
Append the current input character to the current attribute's value.
Stay in the attribute value (double-quoted) state. */
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['value'] .= $char;
$this->state = 'attributeValueDoubleQuoted';
}
}
private function attributeValueSingleQuotedState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if ($char === '\'') {
/* U+0022 QUOTATION MARK (')
Switch to the before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($char === '&') {
/* U+0026 AMPERSAND (&)
Switch to the entity in attribute value state. */
$this->entityInAttributeValueState('single');
} elseif ($this->char === $this->EOF) {
/* EOF
Parse error. Emit the current tag token. Reconsume the character
in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
/* Anything else
Append the current input character to the current attribute's value.
Stay in the attribute value (single-quoted) state. */
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['value'] .= $char;
$this->state = 'attributeValueSingleQuoted';
}
}
private function attributeValueUnquotedState()
{
// Consume the next input character:
$this->char++;
$char = $this->character($this->char);
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
/* U+0009 CHARACTER TABULATION
U+000A LINE FEED (LF)
U+000B LINE TABULATION
U+000C FORM FEED (FF)
U+0020 SPACE
Switch to the before attribute name state. */
$this->state = 'beforeAttributeName';
} elseif ($char === '&') {
/* U+0026 AMPERSAND (&)
Switch to the entity in attribute value state. */
$this->entityInAttributeValueState();
} elseif ($char === '>') {
/* U+003E GREATER-THAN SIGN (>)
Emit the current tag token. Switch to the data state. */
$this->emitToken($this->token);
$this->state = 'data';
} else {
/* Anything else
Append the current input character to the current attribute's value.
Stay in the attribute value (unquoted) state. */
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['value'] .= $char;
$this->state = 'attributeValueUnquoted';
}
}
private function entityInAttributeValueState()
{
// Attempt to consume an entity.
$entity = $this->entity();
// If nothing is returned, append a U+0026 AMPERSAND character to the
// current attribute's value. Otherwise, emit the character token that
// was returned.
$char = (!$entity)
? '&'
: $entity;
$last = count($this->token['attr']) - 1;
$this->token['attr'][$last]['value'] .= $char;
}
private function bogusCommentState()
{
/* Consume every character up to the first U+003E GREATER-THAN SIGN
character (>) or the end of the file (EOF), whichever comes first. Emit
a comment token whose data is the concatenation of all the characters
starting from and including the character that caused the state machine
to switch into the bogus comment state, up to and including the last
consumed character before the U+003E character, if any, or up to the
end of the file otherwise. (If the comment was started by the end of
the file (EOF), the token is empty.) */
$data = $this->characters('^>', $this->char);
$this->emitToken(
array(
'data' => $data,
'type' => self::COMMENT
)
);
$this->char += strlen($data);
/* Switch to the data state. */
$this->state = 'data';
/* If the end of the file was reached, reconsume the EOF character. */
if ($this->char === $this->EOF) {
$this->char = $this->EOF - 1;
}
}
private function markupDeclarationOpenState()
{
/* If the next two characters are both U+002D HYPHEN-MINUS (-)
characters, consume those two characters, create a comment token whose
data is the empty string, and switch to the comment state. */
if ($this->character($this->char + 1, 2) === '--') {
$this->char += 2;
$this->state = 'comment';
$this->token = array(
'data' => null,
'type' => self::COMMENT
);
/* Otherwise if the next seven chacacters are a case-insensitive match
for the word "DOCTYPE", then consume those characters and switch to the
DOCTYPE state. */
} elseif (strtolower($this->character($this->char + 1, 7)) === 'doctype') {
$this->char += 7;
$this->state = 'doctype';
/* Otherwise, is is a parse error. Switch to the bogus comment state.
The next character that is consumed, if any, is the first character
that will be in the comment. */
} else {
$this->char++;
$this->state = 'bogusComment';
}
}
private function commentState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
/* U+002D HYPHEN-MINUS (-) */
if ($char === '-') {
/* Switch to the comment dash state */
$this->state = 'commentDash';
/* EOF */
} elseif ($this->char === $this->EOF) {
/* Parse error. Emit the comment token. Reconsume the EOF character
in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
/* Anything else */
} else {
/* Append the input character to the comment token's data. Stay in
the comment state. */
$this->token['data'] .= $char;
}
}
private function commentDashState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
/* U+002D HYPHEN-MINUS (-) */
if ($char === '-') {
/* Switch to the comment end state */
$this->state = 'commentEnd';
/* EOF */
} elseif ($this->char === $this->EOF) {
/* Parse error. Emit the comment token. Reconsume the EOF character
in the data state. */
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
/* Anything else */
} else {
/* Append a U+002D HYPHEN-MINUS (-) character and the input
character to the comment token's data. Switch to the comment state. */
$this->token['data'] .= '-' . $char;
$this->state = 'comment';
}
}
private function commentEndState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if ($char === '>') {
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($char === '-') {
$this->token['data'] .= '-';
} elseif ($this->char === $this->EOF) {
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
$this->token['data'] .= '--' . $char;
$this->state = 'comment';
}
}
private function doctypeState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
$this->state = 'beforeDoctypeName';
} else {
$this->char--;
$this->state = 'beforeDoctypeName';
}
}
private function beforeDoctypeNameState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
// Stay in the before DOCTYPE name state.
} elseif (preg_match('/^[a-z]$/', $char)) {
$this->token = array(
'name' => strtoupper($char),
'type' => self::DOCTYPE,
'error' => true
);
$this->state = 'doctypeName';
} elseif ($char === '>') {
$this->emitToken(
array(
'name' => null,
'type' => self::DOCTYPE,
'error' => true
)
);
$this->state = 'data';
} elseif ($this->char === $this->EOF) {
$this->emitToken(
array(
'name' => null,
'type' => self::DOCTYPE,
'error' => true
)
);
$this->char--;
$this->state = 'data';
} else {
$this->token = array(
'name' => $char,
'type' => self::DOCTYPE,
'error' => true
);
$this->state = 'doctypeName';
}
}
private function doctypeNameState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
$this->state = 'AfterDoctypeName';
} elseif ($char === '>') {
$this->emitToken($this->token);
$this->state = 'data';
} elseif (preg_match('/^[a-z]$/', $char)) {
$this->token['name'] .= strtoupper($char);
} elseif ($this->char === $this->EOF) {
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
$this->token['name'] .= $char;
}
$this->token['error'] = ($this->token['name'] === 'HTML')
? false
: true;
}
private function afterDoctypeNameState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
// Stay in the DOCTYPE name state.
} elseif ($char === '>') {
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($this->char === $this->EOF) {
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
$this->token['error'] = true;
$this->state = 'bogusDoctype';
}
}
private function bogusDoctypeState()
{
/* Consume the next input character: */
$this->char++;
$char = $this->char();
if ($char === '>') {
$this->emitToken($this->token);
$this->state = 'data';
} elseif ($this->char === $this->EOF) {
$this->emitToken($this->token);
$this->char--;
$this->state = 'data';
} else {
// Stay in the bogus DOCTYPE state.
}
}
private function entity()
{
$start = $this->char;
// This section defines how to consume an entity. This definition is
// used when parsing entities in text and in attributes.
// The behaviour depends on the identity of the next character (the
// one immediately after the U+0026 AMPERSAND character):
switch ($this->character($this->char + 1)) {
// U+0023 NUMBER SIGN (#)
case '#':
// The behaviour further depends on the character after the
// U+0023 NUMBER SIGN:
switch ($this->character($this->char + 1)) {
// U+0078 LATIN SMALL LETTER X
// U+0058 LATIN CAPITAL LETTER X
case 'x':
case 'X':
// Follow the steps below, but using the range of
// characters U+0030 DIGIT ZERO through to U+0039 DIGIT
// NINE, U+0061 LATIN SMALL LETTER A through to U+0066
// LATIN SMALL LETTER F, and U+0041 LATIN CAPITAL LETTER
// A, through to U+0046 LATIN CAPITAL LETTER F (in other
// words, 0-9, A-F, a-f).
$char = 1;
$char_class = '0-9A-Fa-f';
break;
// Anything else
default:
// Follow the steps below, but using the range of
// characters U+0030 DIGIT ZERO through to U+0039 DIGIT
// NINE (i.e. just 0-9).
$char = 0;
$char_class = '0-9';
break;
}
// Consume as many characters as match the range of characters
// given above.
$this->char++;
$e_name = $this->characters($char_class, $this->char + $char + 1);
$entity = $this->character($start, $this->char);
$cond = strlen($e_name) > 0;
// The rest of the parsing happens bellow.
break;
// Anything else
default:
// Consume the maximum number of characters possible, with the
// consumed characters case-sensitively matching one of the
// identifiers in the first column of the entities table.
$e_name = $this->characters('0-9A-Za-z;', $this->char + 1);
$len = strlen($e_name);
for ($c = 1; $c <= $len; $c++) {
$id = substr($e_name, 0, $c);
$this->char++;
if (in_array($id, $this->entities)) {
if ($e_name[$c - 1] !== ';') {
if ($c < $len && $e_name[$c] == ';') {
$this->char++; // consume extra semicolon
}
}
$entity = $id;
break;
}
}
$cond = isset($entity);
// The rest of the parsing happens bellow.
break;
}
if (!$cond) {
// If no match can be made, then this is a parse error. No
// characters are consumed, and nothing is returned.
$this->char = $start;
return false;
}
// Return a character token for the character corresponding to the
// entity name (as given by the second column of the entities table).
return html_entity_decode('&' . $entity . ';', ENT_QUOTES, 'UTF-8');
}
private function emitToken($token)
{
$emit = $this->tree->emitToken($token);
if (is_int($emit)) {
$this->content_model = $emit;
} elseif ($token['type'] === self::ENDTAG) {
$this->content_model = self::PCDATA;
}
}
private function EOF()
{
$this->state = null;
$this->tree->emitToken(
array(
'type' => self::EOF
)
);
}
}
class HTML5TreeConstructer
{
public $stack = array();
private $phase;
private $mode;
private $dom;
private $foster_parent = null;
private $a_formatting = array();
private $head_pointer = null;
private $form_pointer = null;
private $scoping = array('button', 'caption', 'html', 'marquee', 'object', 'table', 'td', 'th');
private $formatting = array(
'a',
'b',
'big',
'em',
'font',
'i',
'nobr',
's',
'small',
'strike',
'strong',
'tt',
'u'
);
private $special = array(
'address',
'area',
'base',
'basefont',
'bgsound',
'blockquote',
'body',
'br',
'center',
'col',
'colgroup',
'dd',
'dir',
'div',
'dl',
'dt',
'embed',
'fieldset',
'form',
'frame',
'frameset',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'head',
'hr',
'iframe',
'image',
'img',
'input',
'isindex',
'li',
'link',
'listing',
'menu',
'meta',
'noembed',
'noframes',
'noscript',
'ol',
'optgroup',
'option',
'p',
'param',
'plaintext',
'pre',
'script',
'select',
'spacer',
'style',
'tbody',
'textarea',
'tfoot',
'thead',
'title',
'tr',
'ul',
'wbr'
);
// The different phases.
const INIT_PHASE = 0;
const ROOT_PHASE = 1;
const MAIN_PHASE = 2;
const END_PHASE = 3;
// The different insertion modes for the main phase.
const BEFOR_HEAD = 0;
const IN_HEAD = 1;
const AFTER_HEAD = 2;
const IN_BODY = 3;
const IN_TABLE = 4;
const IN_CAPTION = 5;
const IN_CGROUP = 6;
const IN_TBODY = 7;
const IN_ROW = 8;
const IN_CELL = 9;
const IN_SELECT = 10;
const AFTER_BODY = 11;
const IN_FRAME = 12;
const AFTR_FRAME = 13;
// The different types of elements.
const SPECIAL = 0;
const SCOPING = 1;
const FORMATTING = 2;
const PHRASING = 3;
const MARKER = 0;
public function __construct()
{
$this->phase = self::INIT_PHASE;
$this->mode = self::BEFOR_HEAD;
$this->dom = new DOMDocument;
$this->dom->encoding = 'UTF-8';
$this->dom->preserveWhiteSpace = true;
$this->dom->substituteEntities = true;
$this->dom->strictErrorChecking = false;
}
// Process tag tokens
public function emitToken($token)
{
switch ($this->phase) {
case self::INIT_PHASE:
return $this->initPhase($token);
break;
case self::ROOT_PHASE:
return $this->rootElementPhase($token);
break;
case self::MAIN_PHASE:
return $this->mainPhase($token);
break;
case self::END_PHASE :
return $this->trailingEndPhase($token);
break;
}
}
private function initPhase($token)
{
/* Initially, the tree construction stage must handle each token
emitted from the tokenisation stage as follows: */
/* A DOCTYPE token that is marked as being in error
A comment token
A start tag token
An end tag token
A character token that is not one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE
An end-of-file token */
if ((isset($token['error']) && $token['error']) ||
$token['type'] === HTML5::COMMENT ||
$token['type'] === HTML5::STARTTAG ||
$token['type'] === HTML5::ENDTAG ||
$token['type'] === HTML5::EOF ||
($token['type'] === HTML5::CHARACTR && isset($token['data']) &&
!preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data']))
) {
/* This specification does not define how to handle this case. In
particular, user agents may ignore the entirety of this specification
altogether for such documents, and instead invoke special parse modes
with a greater emphasis on backwards compatibility. */
$this->phase = self::ROOT_PHASE;
return $this->rootElementPhase($token);
/* A DOCTYPE token marked as being correct */
} elseif (isset($token['error']) && !$token['error']) {
/* Append a DocumentType node to the Document node, with the name
attribute set to the name given in the DOCTYPE token (which will be
"HTML"), and the other attributes specific to DocumentType objects
set to null, empty lists, or the empty string as appropriate. */
$doctype = new DOMDocumentType(null, null, 'HTML');
/* Then, switch to the root element phase of the tree construction
stage. */
$this->phase = self::ROOT_PHASE;
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
} elseif (isset($token['data']) && preg_match(
'/^[\t\n\x0b\x0c ]+$/',
$token['data']
)
) {
/* Append that character to the Document node. */
$text = $this->dom->createTextNode($token['data']);
$this->dom->appendChild($text);
}
}
private function rootElementPhase($token)
{
/* After the initial phase, as each token is emitted from the tokenisation
stage, it must be processed as described in this section. */
/* A DOCTYPE token */
if ($token['type'] === HTML5::DOCTYPE) {
// Parse error. Ignore the token.
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the Document object with the data
attribute set to the data given in the comment token. */
$comment = $this->dom->createComment($token['data']);
$this->dom->appendChild($comment);
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
} elseif ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append that character to the Document node. */
$text = $this->dom->createTextNode($token['data']);
$this->dom->appendChild($text);
/* A character token that is not one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED
(FF), or U+0020 SPACE
A start tag token
An end tag token
An end-of-file token */
} elseif (($token['type'] === HTML5::CHARACTR &&
!preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) ||
$token['type'] === HTML5::STARTTAG ||
$token['type'] === HTML5::ENDTAG ||
$token['type'] === HTML5::EOF
) {
/* Create an HTMLElement node with the tag name html, in the HTML
namespace. Append it to the Document object. Switch to the main
phase and reprocess the current token. */
$html = $this->dom->createElement('html');
$this->dom->appendChild($html);
$this->stack[] = $html;
$this->phase = self::MAIN_PHASE;
return $this->mainPhase($token);
}
}
private function mainPhase($token)
{
/* Tokens in the main phase must be handled as follows: */
/* A DOCTYPE token */
if ($token['type'] === HTML5::DOCTYPE) {
// Parse error. Ignore the token.
/* A start tag token with the tag name "html" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'html') {
/* If this start tag token was not the first start tag token, then
it is a parse error. */
/* For each attribute on the token, check to see if the attribute
is already present on the top element of the stack of open elements.
If it is not, add the attribute and its corresponding value to that
element. */
foreach ($token['attr'] as $attr) {
if (!$this->stack[0]->hasAttribute($attr['name'])) {
$this->stack[0]->setAttribute($attr['name'], $attr['value']);
}
}
/* An end-of-file token */
} elseif ($token['type'] === HTML5::EOF) {
/* Generate implied end tags. */
$this->generateImpliedEndTags();
/* Anything else. */
} else {
/* Depends on the insertion mode: */
switch ($this->mode) {
case self::BEFOR_HEAD:
return $this->beforeHead($token);
break;
case self::IN_HEAD:
return $this->inHead($token);
break;
case self::AFTER_HEAD:
return $this->afterHead($token);
break;
case self::IN_BODY:
return $this->inBody($token);
break;
case self::IN_TABLE:
return $this->inTable($token);
break;
case self::IN_CAPTION:
return $this->inCaption($token);
break;
case self::IN_CGROUP:
return $this->inColumnGroup($token);
break;
case self::IN_TBODY:
return $this->inTableBody($token);
break;
case self::IN_ROW:
return $this->inRow($token);
break;
case self::IN_CELL:
return $this->inCell($token);
break;
case self::IN_SELECT:
return $this->inSelect($token);
break;
case self::AFTER_BODY:
return $this->afterBody($token);
break;
case self::IN_FRAME:
return $this->inFrameset($token);
break;
case self::AFTR_FRAME:
return $this->afterFrameset($token);
break;
case self::END_PHASE:
return $this->trailingEndPhase($token);
break;
}
}
}
private function beforeHead($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data attribute
set to the data given in the comment token. */
$this->insertComment($token['data']);
/* A start tag token with the tag name "head" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') {
/* Create an element for the token, append the new element to the
current node and push it onto the stack of open elements. */
$element = $this->insertElement($token);
/* Set the head element pointer to this new element node. */
$this->head_pointer = $element;
/* Change the insertion mode to "in head". */
$this->mode = self::IN_HEAD;
/* A start tag token whose tag name is one of: "base", "link", "meta",
"script", "style", "title". Or an end tag with the tag name "html".
Or a character token that is not one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE. Or any other start tag token */
} elseif ($token['type'] === HTML5::STARTTAG ||
($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') ||
($token['type'] === HTML5::CHARACTR && !preg_match(
'/^[\t\n\x0b\x0c ]$/',
$token['data']
))
) {
/* Act as if a start tag token with the tag name "head" and no
attributes had been seen, then reprocess the current token. */
$this->beforeHead(
array(
'name' => 'head',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
return $this->inHead($token);
/* Any other end tag */
} elseif ($token['type'] === HTML5::ENDTAG) {
/* Parse error. Ignore the token. */
}
}
private function inHead($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE.
THIS DIFFERS FROM THE SPEC: If the current node is either a title, style
or script element, append the character to the current node regardless
of its content. */
if (($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) || (
$token['type'] === HTML5::CHARACTR && in_array(
end($this->stack)->nodeName,
array('title', 'style', 'script')
))
) {
/* Append the character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data attribute
set to the data given in the comment token. */
$this->insertComment($token['data']);
} elseif ($token['type'] === HTML5::ENDTAG &&
in_array($token['name'], array('title', 'style', 'script'))
) {
array_pop($this->stack);
return HTML5::PCDATA;
/* A start tag with the tag name "title" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'title') {
/* Create an element for the token and append the new element to the
node pointed to by the head element pointer, or, if that is null
(innerHTML case), to the current node. */
if ($this->head_pointer !== null) {
$element = $this->insertElement($token, false);
$this->head_pointer->appendChild($element);
} else {
$element = $this->insertElement($token);
}
/* Switch the tokeniser's content model flag to the RCDATA state. */
return HTML5::RCDATA;
/* A start tag with the tag name "style" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'style') {
/* Create an element for the token and append the new element to the
node pointed to by the head element pointer, or, if that is null
(innerHTML case), to the current node. */
if ($this->head_pointer !== null) {
$element = $this->insertElement($token, false);
$this->head_pointer->appendChild($element);
} else {
$this->insertElement($token);
}
/* Switch the tokeniser's content model flag to the CDATA state. */
return HTML5::CDATA;
/* A start tag with the tag name "script" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'script') {
/* Create an element for the token. */
$element = $this->insertElement($token, false);
$this->head_pointer->appendChild($element);
/* Switch the tokeniser's content model flag to the CDATA state. */
return HTML5::CDATA;
/* A start tag with the tag name "base", "link", or "meta" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array('base', 'link', 'meta')
)
) {
/* Create an element for the token and append the new element to the
node pointed to by the head element pointer, or, if that is null
(innerHTML case), to the current node. */
if ($this->head_pointer !== null) {
$element = $this->insertElement($token, false);
$this->head_pointer->appendChild($element);
array_pop($this->stack);
} else {
$this->insertElement($token);
}
/* An end tag with the tag name "head" */
} elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'head') {
/* If the current node is a head element, pop the current node off
the stack of open elements. */
if ($this->head_pointer->isSameNode(end($this->stack))) {
array_pop($this->stack);
/* Otherwise, this is a parse error. */
} else {
// k
}
/* Change the insertion mode to "after head". */
$this->mode = self::AFTER_HEAD;
/* A start tag with the tag name "head" or an end tag except "html". */
} elseif (($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') ||
($token['type'] === HTML5::ENDTAG && $token['name'] !== 'html')
) {
// Parse error. Ignore the token.
/* Anything else */
} else {
/* If the current node is a head element, act as if an end tag
token with the tag name "head" had been seen. */
if ($this->head_pointer->isSameNode(end($this->stack))) {
$this->inHead(
array(
'name' => 'head',
'type' => HTML5::ENDTAG
)
);
/* Otherwise, change the insertion mode to "after head". */
} else {
$this->mode = self::AFTER_HEAD;
}
/* Then, reprocess the current token. */
return $this->afterHead($token);
}
}
private function afterHead($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data attribute
set to the data given in the comment token. */
$this->insertComment($token['data']);
/* A start tag token with the tag name "body" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'body') {
/* Insert a body element for the token. */
$this->insertElement($token);
/* Change the insertion mode to "in body". */
$this->mode = self::IN_BODY;
/* A start tag token with the tag name "frameset" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'frameset') {
/* Insert a frameset element for the token. */
$this->insertElement($token);
/* Change the insertion mode to "in frameset". */
$this->mode = self::IN_FRAME;
/* A start tag token whose tag name is one of: "base", "link", "meta",
"script", "style", "title" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array('base', 'link', 'meta', 'script', 'style', 'title')
)
) {
/* Parse error. Switch the insertion mode back to "in head" and
reprocess the token. */
$this->mode = self::IN_HEAD;
return $this->inHead($token);
/* Anything else */
} else {
/* Act as if a start tag token with the tag name "body" and no
attributes had been seen, and then reprocess the current token. */
$this->afterHead(
array(
'name' => 'body',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
return $this->inBody($token);
}
}
private function inBody($token)
{
/* Handle the token as follows: */
switch ($token['type']) {
/* A character token */
case HTML5::CHARACTR:
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Append the token's character to the current node. */
$this->insertText($token['data']);
break;
/* A comment token */
case HTML5::COMMENT:
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$this->insertComment($token['data']);
break;
case HTML5::STARTTAG:
switch ($token['name']) {
/* A start tag token whose tag name is one of: "script",
"style" */
case 'script':
case 'style':
/* Process the token as if the insertion mode had been "in
head". */
return $this->inHead($token);
break;
/* A start tag token whose tag name is one of: "base", "link",
"meta", "title" */
case 'base':
case 'link':
case 'meta':
case 'title':
/* Parse error. Process the token as if the insertion mode
had been "in head". */
return $this->inHead($token);
break;
/* A start tag token with the tag name "body" */
case 'body':
/* Parse error. If the second element on the stack of open
elements is not a body element, or, if the stack of open
elements has only one node on it, then ignore the token.
(innerHTML case) */
if (count($this->stack) === 1 || $this->stack[1]->nodeName !== 'body') {
// Ignore
/* Otherwise, for each attribute on the token, check to see
if the attribute is already present on the body element (the
second element) on the stack of open elements. If it is not,
add the attribute and its corresponding value to that
element. */
} else {
foreach ($token['attr'] as $attr) {
if (!$this->stack[1]->hasAttribute($attr['name'])) {
$this->stack[1]->setAttribute($attr['name'], $attr['value']);
}
}
}
break;
/* A start tag whose tag name is one of: "address",
"blockquote", "center", "dir", "div", "dl", "fieldset",
"listing", "menu", "ol", "p", "ul" */
case 'address':
case 'blockquote':
case 'center':
case 'dir':
case 'div':
case 'dl':
case 'fieldset':
case 'listing':
case 'menu':
case 'ol':
case 'p':
case 'ul':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been
seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
break;
/* A start tag whose tag name is "form" */
case 'form':
/* If the form element pointer is not null, ignore the
token with a parse error. */
if ($this->form_pointer !== null) {
// Ignore.
/* Otherwise: */
} else {
/* If the stack of open elements has a p element in
scope, then act as if an end tag with the tag name p
had been seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token, and set the
form element pointer to point to the element created. */
$element = $this->insertElement($token);
$this->form_pointer = $element;
}
break;
/* A start tag whose tag name is "li", "dd" or "dt" */
case 'li':
case 'dd':
case 'dt':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been
seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
$stack_length = count($this->stack) - 1;
for ($n = $stack_length; 0 <= $n; $n--) {
/* 1. Initialise node to be the current node (the
bottommost node of the stack). */
$stop = false;
$node = $this->stack[$n];
$cat = $this->getElementCategory($node->tagName);
/* 2. If node is an li, dd or dt element, then pop all
the nodes from the current node up to node, including
node, then stop this algorithm. */
if ($token['name'] === $node->tagName || ($token['name'] !== 'li'
&& ($node->tagName === 'dd' || $node->tagName === 'dt'))
) {
for ($x = $stack_length; $x >= $n; $x--) {
array_pop($this->stack);
}
break;
}
/* 3. If node is not in the formatting category, and is
not in the phrasing category, and is not an address or
div element, then stop this algorithm. */
if ($cat !== self::FORMATTING && $cat !== self::PHRASING &&
$node->tagName !== 'address' && $node->tagName !== 'div'
) {
break;
}
}
/* Finally, insert an HTML element with the same tag
name as the token's. */
$this->insertElement($token);
break;
/* A start tag token whose tag name is "plaintext" */
case 'plaintext':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been
seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
return HTML5::PLAINTEXT;
break;
/* A start tag whose tag name is one of: "h1", "h2", "h3", "h4",
"h5", "h6" */
case 'h1':
case 'h2':
case 'h3':
case 'h4':
case 'h5':
case 'h6':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* If the stack of open elements has in scope an element whose
tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then
this is a parse error; pop elements from the stack until an
element with one of those tag names has been popped from the
stack. */
while ($this->elementInScope(array('h1', 'h2', 'h3', 'h4', 'h5', 'h6'))) {
array_pop($this->stack);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
break;
/* A start tag whose tag name is "a" */
case 'a':
/* If the list of active formatting elements contains
an element whose tag name is "a" between the end of the
list and the last marker on the list (or the start of
the list if there is no marker on the list), then this
is a parse error; act as if an end tag with the tag name
"a" had been seen, then remove that element from the list
of active formatting elements and the stack of open
elements if the end tag didn't already remove it (it
might not have if the element is not in table scope). */
$leng = count($this->a_formatting);
for ($n = $leng - 1; $n >= 0; $n--) {
if ($this->a_formatting[$n] === self::MARKER) {
break;
} elseif ($this->a_formatting[$n]->nodeName === 'a') {
$this->emitToken(
array(
'name' => 'a',
'type' => HTML5::ENDTAG
)
);
break;
}
}
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$el = $this->insertElement($token);
/* Add that element to the list of active formatting
elements. */
$this->a_formatting[] = $el;
break;
/* A start tag whose tag name is one of: "b", "big", "em", "font",
"i", "nobr", "s", "small", "strike", "strong", "tt", "u" */
case 'b':
case 'big':
case 'em':
case 'font':
case 'i':
case 'nobr':
case 's':
case 'small':
case 'strike':
case 'strong':
case 'tt':
case 'u':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$el = $this->insertElement($token);
/* Add that element to the list of active formatting
elements. */
$this->a_formatting[] = $el;
break;
/* A start tag token whose tag name is "button" */
case 'button':
/* If the stack of open elements has a button element in scope,
then this is a parse error; act as if an end tag with the tag
name "button" had been seen, then reprocess the token. (We don't
do that. Unnecessary.) */
if ($this->elementInScope('button')) {
$this->inBody(
array(
'name' => 'button',
'type' => HTML5::ENDTAG
)
);
}
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Insert a marker at the end of the list of active
formatting elements. */
$this->a_formatting[] = self::MARKER;
break;
/* A start tag token whose tag name is one of: "marquee", "object" */
case 'marquee':
case 'object':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Insert a marker at the end of the list of active
formatting elements. */
$this->a_formatting[] = self::MARKER;
break;
/* A start tag token whose tag name is "xmp" */
case 'xmp':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Switch the content model flag to the CDATA state. */
return HTML5::CDATA;
break;
/* A start tag whose tag name is "table" */
case 'table':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Change the insertion mode to "in table". */
$this->mode = self::IN_TABLE;
break;
/* A start tag whose tag name is one of: "area", "basefont",
"bgsound", "br", "embed", "img", "param", "spacer", "wbr" */
case 'area':
case 'basefont':
case 'bgsound':
case 'br':
case 'embed':
case 'img':
case 'param':
case 'spacer':
case 'wbr':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Immediately pop the current node off the stack of open elements. */
array_pop($this->stack);
break;
/* A start tag whose tag name is "hr" */
case 'hr':
/* If the stack of open elements has a p element in scope,
then act as if an end tag with the tag name p had been seen. */
if ($this->elementInScope('p')) {
$this->emitToken(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Immediately pop the current node off the stack of open elements. */
array_pop($this->stack);
break;
/* A start tag whose tag name is "image" */
case 'image':
/* Parse error. Change the token's tag name to "img" and
reprocess it. (Don't ask.) */
$token['name'] = 'img';
return $this->inBody($token);
break;
/* A start tag whose tag name is "input" */
case 'input':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an input element for the token. */
$element = $this->insertElement($token, false);
/* If the form element pointer is not null, then associate the
input element with the form element pointed to by the form
element pointer. */
$this->form_pointer !== null
? $this->form_pointer->appendChild($element)
: end($this->stack)->appendChild($element);
/* Pop that input element off the stack of open elements. */
array_pop($this->stack);
break;
/* A start tag whose tag name is "isindex" */
case 'isindex':
/* Parse error. */
// w/e
/* If the form element pointer is not null,
then ignore the token. */
if ($this->form_pointer === null) {
/* Act as if a start tag token with the tag name "form" had
been seen. */
$this->inBody(
array(
'name' => 'body',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
/* Act as if a start tag token with the tag name "hr" had
been seen. */
$this->inBody(
array(
'name' => 'hr',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
/* Act as if a start tag token with the tag name "p" had
been seen. */
$this->inBody(
array(
'name' => 'p',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
/* Act as if a start tag token with the tag name "label"
had been seen. */
$this->inBody(
array(
'name' => 'label',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
/* Act as if a stream of character tokens had been seen. */
$this->insertText(
'This is a searchable index. ' .
'Insert your search keywords here: '
);
/* Act as if a start tag token with the tag name "input"
had been seen, with all the attributes from the "isindex"
token, except with the "name" attribute set to the value
"isindex" (ignoring any explicit "name" attribute). */
$attr = $token['attr'];
$attr[] = array('name' => 'name', 'value' => 'isindex');
$this->inBody(
array(
'name' => 'input',
'type' => HTML5::STARTTAG,
'attr' => $attr
)
);
/* Act as if a stream of character tokens had been seen
(see below for what they should say). */
$this->insertText(
'This is a searchable index. ' .
'Insert your search keywords here: '
);
/* Act as if an end tag token with the tag name "label"
had been seen. */
$this->inBody(
array(
'name' => 'label',
'type' => HTML5::ENDTAG
)
);
/* Act as if an end tag token with the tag name "p" had
been seen. */
$this->inBody(
array(
'name' => 'p',
'type' => HTML5::ENDTAG
)
);
/* Act as if a start tag token with the tag name "hr" had
been seen. */
$this->inBody(
array(
'name' => 'hr',
'type' => HTML5::ENDTAG
)
);
/* Act as if an end tag token with the tag name "form" had
been seen. */
$this->inBody(
array(
'name' => 'form',
'type' => HTML5::ENDTAG
)
);
}
break;
/* A start tag whose tag name is "textarea" */
case 'textarea':
$this->insertElement($token);
/* Switch the tokeniser's content model flag to the
RCDATA state. */
return HTML5::RCDATA;
break;
/* A start tag whose tag name is one of: "iframe", "noembed",
"noframes" */
case 'iframe':
case 'noembed':
case 'noframes':
$this->insertElement($token);
/* Switch the tokeniser's content model flag to the CDATA state. */
return HTML5::CDATA;
break;
/* A start tag whose tag name is "select" */
case 'select':
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Change the insertion mode to "in select". */
$this->mode = self::IN_SELECT;
break;
/* A start or end tag whose tag name is one of: "caption", "col",
"colgroup", "frame", "frameset", "head", "option", "optgroup",
"tbody", "td", "tfoot", "th", "thead", "tr". */
case 'caption':
case 'col':
case 'colgroup':
case 'frame':
case 'frameset':
case 'head':
case 'option':
case 'optgroup':
case 'tbody':
case 'td':
case 'tfoot':
case 'th':
case 'thead':
case 'tr':
// Parse error. Ignore the token.
break;
/* A start or end tag whose tag name is one of: "event-source",
"section", "nav", "article", "aside", "header", "footer",
"datagrid", "command" */
case 'event-source':
case 'section':
case 'nav':
case 'article':
case 'aside':
case 'header':
case 'footer':
case 'datagrid':
case 'command':
// Work in progress!
break;
/* A start tag token not covered by the previous entries */
default:
/* Reconstruct the active formatting elements, if any. */
$this->reconstructActiveFormattingElements();
$this->insertElement($token, true, true);
break;
}
break;
case HTML5::ENDTAG:
switch ($token['name']) {
/* An end tag with the tag name "body" */
case 'body':
/* If the second element in the stack of open elements is
not a body element, this is a parse error. Ignore the token.
(innerHTML case) */
if (count($this->stack) < 2 || $this->stack[1]->nodeName !== 'body') {
// Ignore.
/* If the current node is not the body element, then this
is a parse error. */
} elseif (end($this->stack)->nodeName !== 'body') {
// Parse error.
}
/* Change the insertion mode to "after body". */
$this->mode = self::AFTER_BODY;
break;
/* An end tag with the tag name "html" */
case 'html':
/* Act as if an end tag with tag name "body" had been seen,
then, if that token wasn't ignored, reprocess the current
token. */
$this->inBody(
array(
'name' => 'body',
'type' => HTML5::ENDTAG
)
);
return $this->afterBody($token);
break;
/* An end tag whose tag name is one of: "address", "blockquote",
"center", "dir", "div", "dl", "fieldset", "listing", "menu",
"ol", "pre", "ul" */
case 'address':
case 'blockquote':
case 'center':
case 'dir':
case 'div':
case 'dl':
case 'fieldset':
case 'listing':
case 'menu':
case 'ol':
case 'pre':
case 'ul':
/* If the stack of open elements has an element in scope
with the same tag name as that of the token, then generate
implied end tags. */
if ($this->elementInScope($token['name'])) {
$this->generateImpliedEndTags();
/* Now, if the current node is not an element with
the same tag name as that of the token, then this
is a parse error. */
// w/e
/* If the stack of open elements has an element in
scope with the same tag name as that of the token,
then pop elements from this stack until an element
with that tag name has been popped from the stack. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->stack[$n]->nodeName === $token['name']) {
$n = -1;
}
array_pop($this->stack);
}
}
break;
/* An end tag whose tag name is "form" */
case 'form':
/* If the stack of open elements has an element in scope
with the same tag name as that of the token, then generate
implied end tags. */
if ($this->elementInScope($token['name'])) {
$this->generateImpliedEndTags();
}
if (end($this->stack)->nodeName !== $token['name']) {
/* Now, if the current node is not an element with the
same tag name as that of the token, then this is a parse
error. */
// w/e
} else {
/* Otherwise, if the current node is an element with
the same tag name as that of the token pop that element
from the stack. */
array_pop($this->stack);
}
/* In any case, set the form element pointer to null. */
$this->form_pointer = null;
break;
/* An end tag whose tag name is "p" */
case 'p':
/* If the stack of open elements has a p element in scope,
then generate implied end tags, except for p elements. */
if ($this->elementInScope('p')) {
$this->generateImpliedEndTags(array('p'));
/* If the current node is not a p element, then this is
a parse error. */
// k
/* If the stack of open elements has a p element in
scope, then pop elements from this stack until the stack
no longer has a p element in scope. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->elementInScope('p')) {
array_pop($this->stack);
} else {
break;
}
}
}
break;
/* An end tag whose tag name is "dd", "dt", or "li" */
case 'dd':
case 'dt':
case 'li':
/* If the stack of open elements has an element in scope
whose tag name matches the tag name of the token, then
generate implied end tags, except for elements with the
same tag name as the token. */
if ($this->elementInScope($token['name'])) {
$this->generateImpliedEndTags(array($token['name']));
/* If the current node is not an element with the same
tag name as the token, then this is a parse error. */
// w/e
/* If the stack of open elements has an element in scope
whose tag name matches the tag name of the token, then
pop elements from this stack until an element with that
tag name has been popped from the stack. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->stack[$n]->nodeName === $token['name']) {
$n = -1;
}
array_pop($this->stack);
}
}
break;
/* An end tag whose tag name is one of: "h1", "h2", "h3", "h4",
"h5", "h6" */
case 'h1':
case 'h2':
case 'h3':
case 'h4':
case 'h5':
case 'h6':
$elements = array('h1', 'h2', 'h3', 'h4', 'h5', 'h6');
/* If the stack of open elements has in scope an element whose
tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then
generate implied end tags. */
if ($this->elementInScope($elements)) {
$this->generateImpliedEndTags();
/* Now, if the current node is not an element with the same
tag name as that of the token, then this is a parse error. */
// w/e
/* If the stack of open elements has in scope an element
whose tag name is one of "h1", "h2", "h3", "h4", "h5", or
"h6", then pop elements from the stack until an element
with one of those tag names has been popped from the stack. */
while ($this->elementInScope($elements)) {
array_pop($this->stack);
}
}
break;
/* An end tag whose tag name is one of: "a", "b", "big", "em",
"font", "i", "nobr", "s", "small", "strike", "strong", "tt", "u" */
case 'a':
case 'b':
case 'big':
case 'em':
case 'font':
case 'i':
case 'nobr':
case 's':
case 'small':
case 'strike':
case 'strong':
case 'tt':
case 'u':
/* 1. Let the formatting element be the last element in
the list of active formatting elements that:
* is between the end of the list and the last scope
marker in the list, if any, or the start of the list
otherwise, and
* has the same tag name as the token.
*/
while (true) {
for ($a = count($this->a_formatting) - 1; $a >= 0; $a--) {
if ($this->a_formatting[$a] === self::MARKER) {
break;
} elseif ($this->a_formatting[$a]->tagName === $token['name']) {
$formatting_element = $this->a_formatting[$a];
$in_stack = in_array($formatting_element, $this->stack, true);
$fe_af_pos = $a;
break;
}
}
/* If there is no such node, or, if that node is
also in the stack of open elements but the element
is not in scope, then this is a parse error. Abort
these steps. The token is ignored. */
if (!isset($formatting_element) || ($in_stack &&
!$this->elementInScope($token['name']))
) {
break;
/* Otherwise, if there is such a node, but that node
is not in the stack of open elements, then this is a
parse error; remove the element from the list, and
abort these steps. */
} elseif (isset($formatting_element) && !$in_stack) {
unset($this->a_formatting[$fe_af_pos]);
$this->a_formatting = array_merge($this->a_formatting);
break;
}
/* 2. Let the furthest block be the topmost node in the
stack of open elements that is lower in the stack
than the formatting element, and is not an element in
the phrasing or formatting categories. There might
not be one. */
$fe_s_pos = array_search($formatting_element, $this->stack, true);
$length = count($this->stack);
for ($s = $fe_s_pos + 1; $s < $length; $s++) {
$category = $this->getElementCategory($this->stack[$s]->nodeName);
if ($category !== self::PHRASING && $category !== self::FORMATTING) {
$furthest_block = $this->stack[$s];
}
}
/* 3. If there is no furthest block, then the UA must
skip the subsequent steps and instead just pop all
the nodes from the bottom of the stack of open
elements, from the current node up to the formatting
element, and remove the formatting element from the
list of active formatting elements. */
if (!isset($furthest_block)) {
for ($n = $length - 1; $n >= $fe_s_pos; $n--) {
array_pop($this->stack);
}
unset($this->a_formatting[$fe_af_pos]);
$this->a_formatting = array_merge($this->a_formatting);
break;
}
/* 4. Let the common ancestor be the element
immediately above the formatting element in the stack
of open elements. */
$common_ancestor = $this->stack[$fe_s_pos - 1];
/* 5. If the furthest block has a parent node, then
remove the furthest block from its parent node. */
if ($furthest_block->parentNode !== null) {
$furthest_block->parentNode->removeChild($furthest_block);
}
/* 6. Let a bookmark note the position of the
formatting element in the list of active formatting
elements relative to the elements on either side
of it in the list. */
$bookmark = $fe_af_pos;
/* 7. Let node and last node be the furthest block.
Follow these steps: */
$node = $furthest_block;
$last_node = $furthest_block;
while (true) {
for ($n = array_search($node, $this->stack, true) - 1; $n >= 0; $n--) {
/* 7.1 Let node be the element immediately
prior to node in the stack of open elements. */
$node = $this->stack[$n];
/* 7.2 If node is not in the list of active
formatting elements, then remove node from
the stack of open elements and then go back
to step 1. */
if (!in_array($node, $this->a_formatting, true)) {
unset($this->stack[$n]);
$this->stack = array_merge($this->stack);
} else {
break;
}
}
/* 7.3 Otherwise, if node is the formatting
element, then go to the next step in the overall
algorithm. */
if ($node === $formatting_element) {
break;
/* 7.4 Otherwise, if last node is the furthest
block, then move the aforementioned bookmark to
be immediately after the node in the list of
active formatting elements. */
} elseif ($last_node === $furthest_block) {
$bookmark = array_search($node, $this->a_formatting, true) + 1;
}
/* 7.5 If node has any children, perform a
shallow clone of node, replace the entry for
node in the list of active formatting elements
with an entry for the clone, replace the entry
for node in the stack of open elements with an
entry for the clone, and let node be the clone. */
if ($node->hasChildNodes()) {
$clone = $node->cloneNode();
$s_pos = array_search($node, $this->stack, true);
$a_pos = array_search($node, $this->a_formatting, true);
$this->stack[$s_pos] = $clone;
$this->a_formatting[$a_pos] = $clone;
$node = $clone;
}
/* 7.6 Insert last node into node, first removing
it from its previous parent node if any. */
if ($last_node->parentNode !== null) {
$last_node->parentNode->removeChild($last_node);
}
$node->appendChild($last_node);
/* 7.7 Let last node be node. */
$last_node = $node;
}
/* 8. Insert whatever last node ended up being in
the previous step into the common ancestor node,
first removing it from its previous parent node if
any. */
if ($last_node->parentNode !== null) {
$last_node->parentNode->removeChild($last_node);
}
$common_ancestor->appendChild($last_node);
/* 9. Perform a shallow clone of the formatting
element. */
$clone = $formatting_element->cloneNode();
/* 10. Take all of the child nodes of the furthest
block and append them to the clone created in the
last step. */
while ($furthest_block->hasChildNodes()) {
$child = $furthest_block->firstChild;
$furthest_block->removeChild($child);
$clone->appendChild($child);
}
/* 11. Append that clone to the furthest block. */
$furthest_block->appendChild($clone);
/* 12. Remove the formatting element from the list
of active formatting elements, and insert the clone
into the list of active formatting elements at the
position of the aforementioned bookmark. */
$fe_af_pos = array_search($formatting_element, $this->a_formatting, true);
unset($this->a_formatting[$fe_af_pos]);
$this->a_formatting = array_merge($this->a_formatting);
$af_part1 = array_slice($this->a_formatting, 0, $bookmark - 1);
$af_part2 = array_slice($this->a_formatting, $bookmark, count($this->a_formatting));
$this->a_formatting = array_merge($af_part1, array($clone), $af_part2);
/* 13. Remove the formatting element from the stack
of open elements, and insert the clone into the stack
of open elements immediately after (i.e. in a more
deeply nested position than) the position of the
furthest block in that stack. */
$fe_s_pos = array_search($formatting_element, $this->stack, true);
$fb_s_pos = array_search($furthest_block, $this->stack, true);
unset($this->stack[$fe_s_pos]);
$s_part1 = array_slice($this->stack, 0, $fb_s_pos);
$s_part2 = array_slice($this->stack, $fb_s_pos + 1, count($this->stack));
$this->stack = array_merge($s_part1, array($clone), $s_part2);
/* 14. Jump back to step 1 in this series of steps. */
unset($formatting_element, $fe_af_pos, $fe_s_pos, $furthest_block);
}
break;
/* An end tag token whose tag name is one of: "button",
"marquee", "object" */
case 'button':
case 'marquee':
case 'object':
/* If the stack of open elements has an element in scope whose
tag name matches the tag name of the token, then generate implied
tags. */
if ($this->elementInScope($token['name'])) {
$this->generateImpliedEndTags();
/* Now, if the current node is not an element with the same
tag name as the token, then this is a parse error. */
// k
/* Now, if the stack of open elements has an element in scope
whose tag name matches the tag name of the token, then pop
elements from the stack until that element has been popped from
the stack, and clear the list of active formatting elements up
to the last marker. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->stack[$n]->nodeName === $token['name']) {
$n = -1;
}
array_pop($this->stack);
}
$marker = end(array_keys($this->a_formatting, self::MARKER, true));
for ($n = count($this->a_formatting) - 1; $n > $marker; $n--) {
array_pop($this->a_formatting);
}
}
break;
/* Or an end tag whose tag name is one of: "area", "basefont",
"bgsound", "br", "embed", "hr", "iframe", "image", "img",
"input", "isindex", "noembed", "noframes", "param", "select",
"spacer", "table", "textarea", "wbr" */
case 'area':
case 'basefont':
case 'bgsound':
case 'br':
case 'embed':
case 'hr':
case 'iframe':
case 'image':
case 'img':
case 'input':
case 'isindex':
case 'noembed':
case 'noframes':
case 'param':
case 'select':
case 'spacer':
case 'table':
case 'textarea':
case 'wbr':
// Parse error. Ignore the token.
break;
/* An end tag token not covered by the previous entries */
default:
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
/* Initialise node to be the current node (the bottommost
node of the stack). */
$node = end($this->stack);
/* If node has the same tag name as the end tag token,
then: */
if ($token['name'] === $node->nodeName) {
/* Generate implied end tags. */
$this->generateImpliedEndTags();
/* If the tag name of the end tag token does not
match the tag name of the current node, this is a
parse error. */
// k
/* Pop all the nodes from the current node up to
node, including node, then stop this algorithm. */
for ($x = count($this->stack) - $n; $x >= $n; $x--) {
array_pop($this->stack);
}
} else {
$category = $this->getElementCategory($node);
if ($category !== self::SPECIAL && $category !== self::SCOPING) {
/* Otherwise, if node is in neither the formatting
category nor the phrasing category, then this is a
parse error. Stop this algorithm. The end tag token
is ignored. */
return false;
}
}
}
break;
}
break;
}
}
private function inTable($token)
{
$clear = array('html', 'table');
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$text = $this->dom->createTextNode($token['data']);
end($this->stack)->appendChild($text);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$comment = $this->dom->createComment($token['data']);
end($this->stack)->appendChild($comment);
/* A start tag whose tag name is "caption" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'caption'
) {
/* Clear the stack back to a table context. */
$this->clearStackToTableContext($clear);
/* Insert a marker at the end of the list of active
formatting elements. */
$this->a_formatting[] = self::MARKER;
/* Insert an HTML element for the token, then switch the
insertion mode to "in caption". */
$this->insertElement($token);
$this->mode = self::IN_CAPTION;
/* A start tag whose tag name is "colgroup" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'colgroup'
) {
/* Clear the stack back to a table context. */
$this->clearStackToTableContext($clear);
/* Insert an HTML element for the token, then switch the
insertion mode to "in column group". */
$this->insertElement($token);
$this->mode = self::IN_CGROUP;
/* A start tag whose tag name is "col" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'col'
) {
$this->inTable(
array(
'name' => 'colgroup',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
$this->inColumnGroup($token);
/* A start tag whose tag name is one of: "tbody", "tfoot", "thead" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array('tbody', 'tfoot', 'thead')
)
) {
/* Clear the stack back to a table context. */
$this->clearStackToTableContext($clear);
/* Insert an HTML element for the token, then switch the insertion
mode to "in table body". */
$this->insertElement($token);
$this->mode = self::IN_TBODY;
/* A start tag whose tag name is one of: "td", "th", "tr" */
} elseif ($token['type'] === HTML5::STARTTAG &&
in_array($token['name'], array('td', 'th', 'tr'))
) {
/* Act as if a start tag token with the tag name "tbody" had been
seen, then reprocess the current token. */
$this->inTable(
array(
'name' => 'tbody',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
return $this->inTableBody($token);
/* A start tag whose tag name is "table" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'table'
) {
/* Parse error. Act as if an end tag token with the tag name "table"
had been seen, then, if that token wasn't ignored, reprocess the
current token. */
$this->inTable(
array(
'name' => 'table',
'type' => HTML5::ENDTAG
)
);
return $this->mainPhase($token);
/* An end tag whose tag name is "table" */
} elseif ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'table'
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. (innerHTML case) */
if (!$this->elementInScope($token['name'], true)) {
return false;
/* Otherwise: */
} else {
/* Generate implied end tags. */
$this->generateImpliedEndTags();
/* Now, if the current node is not a table element, then this
is a parse error. */
// w/e
/* Pop elements from this stack until a table element has been
popped from the stack. */
while (true) {
$current = end($this->stack)->nodeName;
array_pop($this->stack);
if ($current === 'table') {
break;
}
}
/* Reset the insertion mode appropriately. */
$this->resetInsertionMode();
}
/* An end tag whose tag name is one of: "body", "caption", "col",
"colgroup", "html", "tbody", "td", "tfoot", "th", "thead", "tr" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array(
'body',
'caption',
'col',
'colgroup',
'html',
'tbody',
'td',
'tfoot',
'th',
'thead',
'tr'
)
)
) {
// Parse error. Ignore the token.
/* Anything else */
} else {
/* Parse error. Process the token as if the insertion mode was "in
body", with the following exception: */
/* If the current node is a table, tbody, tfoot, thead, or tr
element, then, whenever a node would be inserted into the current
node, it must instead be inserted into the foster parent element. */
if (in_array(
end($this->stack)->nodeName,
array('table', 'tbody', 'tfoot', 'thead', 'tr')
)
) {
/* The foster parent element is the parent element of the last
table element in the stack of open elements, if there is a
table element and it has such a parent element. If there is no
table element in the stack of open elements (innerHTML case),
then the foster parent element is the first element in the
stack of open elements (the html element). Otherwise, if there
is a table element in the stack of open elements, but the last
table element in the stack of open elements has no parent, or
its parent node is not an element, then the foster parent
element is the element before the last table element in the
stack of open elements. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->stack[$n]->nodeName === 'table') {
$table = $this->stack[$n];
break;
}
}
if (isset($table) && $table->parentNode !== null) {
$this->foster_parent = $table->parentNode;
} elseif (!isset($table)) {
$this->foster_parent = $this->stack[0];
} elseif (isset($table) && ($table->parentNode === null ||
$table->parentNode->nodeType !== XML_ELEMENT_NODE)
) {
$this->foster_parent = $this->stack[$n - 1];
}
}
$this->inBody($token);
}
}
private function inCaption($token)
{
/* An end tag whose tag name is "caption" */
if ($token['type'] === HTML5::ENDTAG && $token['name'] === 'caption') {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. (innerHTML case) */
if (!$this->elementInScope($token['name'], true)) {
// Ignore
/* Otherwise: */
} else {
/* Generate implied end tags. */
$this->generateImpliedEndTags();
/* Now, if the current node is not a caption element, then this
is a parse error. */
// w/e
/* Pop elements from this stack until a caption element has
been popped from the stack. */
while (true) {
$node = end($this->stack)->nodeName;
array_pop($this->stack);
if ($node === 'caption') {
break;
}
}
/* Clear the list of active formatting elements up to the last
marker. */
$this->clearTheActiveFormattingElementsUpToTheLastMarker();
/* Switch the insertion mode to "in table". */
$this->mode = self::IN_TABLE;
}
/* A start tag whose tag name is one of: "caption", "col", "colgroup",
"tbody", "td", "tfoot", "th", "thead", "tr", or an end tag whose tag
name is "table" */
} elseif (($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array(
'caption',
'col',
'colgroup',
'tbody',
'td',
'tfoot',
'th',
'thead',
'tr'
)
)) || ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'table')
) {
/* Parse error. Act as if an end tag with the tag name "caption"
had been seen, then, if that token wasn't ignored, reprocess the
current token. */
$this->inCaption(
array(
'name' => 'caption',
'type' => HTML5::ENDTAG
)
);
return $this->inTable($token);
/* An end tag whose tag name is one of: "body", "col", "colgroup",
"html", "tbody", "td", "tfoot", "th", "thead", "tr" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array(
'body',
'col',
'colgroup',
'html',
'tbody',
'tfoot',
'th',
'thead',
'tr'
)
)
) {
// Parse error. Ignore the token.
/* Anything else */
} else {
/* Process the token as if the insertion mode was "in body". */
$this->inBody($token);
}
}
private function inColumnGroup($token)
{
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$text = $this->dom->createTextNode($token['data']);
end($this->stack)->appendChild($text);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$comment = $this->dom->createComment($token['data']);
end($this->stack)->appendChild($comment);
/* A start tag whose tag name is "col" */
} elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'col') {
/* Insert a col element for the token. Immediately pop the current
node off the stack of open elements. */
$this->insertElement($token);
array_pop($this->stack);
/* An end tag whose tag name is "colgroup" */
} elseif ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'colgroup'
) {
/* If the current node is the root html element, then this is a
parse error, ignore the token. (innerHTML case) */
if (end($this->stack)->nodeName === 'html') {
// Ignore
/* Otherwise, pop the current node (which will be a colgroup
element) from the stack of open elements. Switch the insertion
mode to "in table". */
} else {
array_pop($this->stack);
$this->mode = self::IN_TABLE;
}
/* An end tag whose tag name is "col" */
} elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'col') {
/* Parse error. Ignore the token. */
/* Anything else */
} else {
/* Act as if an end tag with the tag name "colgroup" had been seen,
and then, if that token wasn't ignored, reprocess the current token. */
$this->inColumnGroup(
array(
'name' => 'colgroup',
'type' => HTML5::ENDTAG
)
);
return $this->inTable($token);
}
}
private function inTableBody($token)
{
$clear = array('tbody', 'tfoot', 'thead', 'html');
/* A start tag whose tag name is "tr" */
if ($token['type'] === HTML5::STARTTAG && $token['name'] === 'tr') {
/* Clear the stack back to a table body context. */
$this->clearStackToTableContext($clear);
/* Insert a tr element for the token, then switch the insertion
mode to "in row". */
$this->insertElement($token);
$this->mode = self::IN_ROW;
/* A start tag whose tag name is one of: "th", "td" */
} elseif ($token['type'] === HTML5::STARTTAG &&
($token['name'] === 'th' || $token['name'] === 'td')
) {
/* Parse error. Act as if a start tag with the tag name "tr" had
been seen, then reprocess the current token. */
$this->inTableBody(
array(
'name' => 'tr',
'type' => HTML5::STARTTAG,
'attr' => array()
)
);
return $this->inRow($token);
/* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */
} elseif ($token['type'] === HTML5::ENDTAG &&
in_array($token['name'], array('tbody', 'tfoot', 'thead'))
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. */
if (!$this->elementInScope($token['name'], true)) {
// Ignore
/* Otherwise: */
} else {
/* Clear the stack back to a table body context. */
$this->clearStackToTableContext($clear);
/* Pop the current node from the stack of open elements. Switch
the insertion mode to "in table". */
array_pop($this->stack);
$this->mode = self::IN_TABLE;
}
/* A start tag whose tag name is one of: "caption", "col", "colgroup",
"tbody", "tfoot", "thead", or an end tag whose tag name is "table" */
} elseif (($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array('caption', 'col', 'colgroup', 'tbody', 'tfoor', 'thead')
)) ||
($token['type'] === HTML5::STARTTAG && $token['name'] === 'table')
) {
/* If the stack of open elements does not have a tbody, thead, or
tfoot element in table scope, this is a parse error. Ignore the
token. (innerHTML case) */
if (!$this->elementInScope(array('tbody', 'thead', 'tfoot'), true)) {
// Ignore.
/* Otherwise: */
} else {
/* Clear the stack back to a table body context. */
$this->clearStackToTableContext($clear);
/* Act as if an end tag with the same tag name as the current
node ("tbody", "tfoot", or "thead") had been seen, then
reprocess the current token. */
$this->inTableBody(
array(
'name' => end($this->stack)->nodeName,
'type' => HTML5::ENDTAG
)
);
return $this->mainPhase($token);
}
/* An end tag whose tag name is one of: "body", "caption", "col",
"colgroup", "html", "td", "th", "tr" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr')
)
) {
/* Parse error. Ignore the token. */
/* Anything else */
} else {
/* Process the token as if the insertion mode was "in table". */
$this->inTable($token);
}
}
private function inRow($token)
{
$clear = array('tr', 'html');
/* A start tag whose tag name is one of: "th", "td" */
if ($token['type'] === HTML5::STARTTAG &&
($token['name'] === 'th' || $token['name'] === 'td')
) {
/* Clear the stack back to a table row context. */
$this->clearStackToTableContext($clear);
/* Insert an HTML element for the token, then switch the insertion
mode to "in cell". */
$this->insertElement($token);
$this->mode = self::IN_CELL;
/* Insert a marker at the end of the list of active formatting
elements. */
$this->a_formatting[] = self::MARKER;
/* An end tag whose tag name is "tr" */
} elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'tr') {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. (innerHTML case) */
if (!$this->elementInScope($token['name'], true)) {
// Ignore.
/* Otherwise: */
} else {
/* Clear the stack back to a table row context. */
$this->clearStackToTableContext($clear);
/* Pop the current node (which will be a tr element) from the
stack of open elements. Switch the insertion mode to "in table
body". */
array_pop($this->stack);
$this->mode = self::IN_TBODY;
}
/* A start tag whose tag name is one of: "caption", "col", "colgroup",
"tbody", "tfoot", "thead", "tr" or an end tag whose tag name is "table" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array('caption', 'col', 'colgroup', 'tbody', 'tfoot', 'thead', 'tr')
)
) {
/* Act as if an end tag with the tag name "tr" had been seen, then,
if that token wasn't ignored, reprocess the current token. */
$this->inRow(
array(
'name' => 'tr',
'type' => HTML5::ENDTAG
)
);
return $this->inCell($token);
/* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */
} elseif ($token['type'] === HTML5::ENDTAG &&
in_array($token['name'], array('tbody', 'tfoot', 'thead'))
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. */
if (!$this->elementInScope($token['name'], true)) {
// Ignore.
/* Otherwise: */
} else {
/* Otherwise, act as if an end tag with the tag name "tr" had
been seen, then reprocess the current token. */
$this->inRow(
array(
'name' => 'tr',
'type' => HTML5::ENDTAG
)
);
return $this->inCell($token);
}
/* An end tag whose tag name is one of: "body", "caption", "col",
"colgroup", "html", "td", "th" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr')
)
) {
/* Parse error. Ignore the token. */
/* Anything else */
} else {
/* Process the token as if the insertion mode was "in table". */
$this->inTable($token);
}
}
private function inCell($token)
{
/* An end tag whose tag name is one of: "td", "th" */
if ($token['type'] === HTML5::ENDTAG &&
($token['name'] === 'td' || $token['name'] === 'th')
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as that of the token, then this is a
parse error and the token must be ignored. */
if (!$this->elementInScope($token['name'], true)) {
// Ignore.
/* Otherwise: */
} else {
/* Generate implied end tags, except for elements with the same
tag name as the token. */
$this->generateImpliedEndTags(array($token['name']));
/* Now, if the current node is not an element with the same tag
name as the token, then this is a parse error. */
// k
/* Pop elements from this stack until an element with the same
tag name as the token has been popped from the stack. */
while (true) {
$node = end($this->stack)->nodeName;
array_pop($this->stack);
if ($node === $token['name']) {
break;
}
}
/* Clear the list of active formatting elements up to the last
marker. */
$this->clearTheActiveFormattingElementsUpToTheLastMarker();
/* Switch the insertion mode to "in row". (The current node
will be a tr element at this point.) */
$this->mode = self::IN_ROW;
}
/* A start tag whose tag name is one of: "caption", "col", "colgroup",
"tbody", "td", "tfoot", "th", "thead", "tr" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array(
'caption',
'col',
'colgroup',
'tbody',
'td',
'tfoot',
'th',
'thead',
'tr'
)
)
) {
/* If the stack of open elements does not have a td or th element
in table scope, then this is a parse error; ignore the token.
(innerHTML case) */
if (!$this->elementInScope(array('td', 'th'), true)) {
// Ignore.
/* Otherwise, close the cell (see below) and reprocess the current
token. */
} else {
$this->closeCell();
return $this->inRow($token);
}
/* A start tag whose tag name is one of: "caption", "col", "colgroup",
"tbody", "td", "tfoot", "th", "thead", "tr" */
} elseif ($token['type'] === HTML5::STARTTAG && in_array(
$token['name'],
array(
'caption',
'col',
'colgroup',
'tbody',
'td',
'tfoot',
'th',
'thead',
'tr'
)
)
) {
/* If the stack of open elements does not have a td or th element
in table scope, then this is a parse error; ignore the token.
(innerHTML case) */
if (!$this->elementInScope(array('td', 'th'), true)) {
// Ignore.
/* Otherwise, close the cell (see below) and reprocess the current
token. */
} else {
$this->closeCell();
return $this->inRow($token);
}
/* An end tag whose tag name is one of: "body", "caption", "col",
"colgroup", "html" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array('body', 'caption', 'col', 'colgroup', 'html')
)
) {
/* Parse error. Ignore the token. */
/* An end tag whose tag name is one of: "table", "tbody", "tfoot",
"thead", "tr" */
} elseif ($token['type'] === HTML5::ENDTAG && in_array(
$token['name'],
array('table', 'tbody', 'tfoot', 'thead', 'tr')
)
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as that of the token (which can only
happen for "tbody", "tfoot" and "thead", or, in the innerHTML case),
then this is a parse error and the token must be ignored. */
if (!$this->elementInScope($token['name'], true)) {
// Ignore.
/* Otherwise, close the cell (see below) and reprocess the current
token. */
} else {
$this->closeCell();
return $this->inRow($token);
}
/* Anything else */
} else {
/* Process the token as if the insertion mode was "in body". */
$this->inBody($token);
}
}
private function inSelect($token)
{
/* Handle the token as follows: */
/* A character token */
if ($token['type'] === HTML5::CHARACTR) {
/* Append the token's character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$this->insertComment($token['data']);
/* A start tag token whose tag name is "option" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'option'
) {
/* If the current node is an option element, act as if an end tag
with the tag name "option" had been seen. */
if (end($this->stack)->nodeName === 'option') {
$this->inSelect(
array(
'name' => 'option',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* A start tag token whose tag name is "optgroup" */
} elseif ($token['type'] === HTML5::STARTTAG &&
$token['name'] === 'optgroup'
) {
/* If the current node is an option element, act as if an end tag
with the tag name "option" had been seen. */
if (end($this->stack)->nodeName === 'option') {
$this->inSelect(
array(
'name' => 'option',
'type' => HTML5::ENDTAG
)
);
}
/* If the current node is an optgroup element, act as if an end tag
with the tag name "optgroup" had been seen. */
if (end($this->stack)->nodeName === 'optgroup') {
$this->inSelect(
array(
'name' => 'optgroup',
'type' => HTML5::ENDTAG
)
);
}
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* An end tag token whose tag name is "optgroup" */
} elseif ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'optgroup'
) {
/* First, if the current node is an option element, and the node
immediately before it in the stack of open elements is an optgroup
element, then act as if an end tag with the tag name "option" had
been seen. */
$elements_in_stack = count($this->stack);
if ($this->stack[$elements_in_stack - 1]->nodeName === 'option' &&
$this->stack[$elements_in_stack - 2]->nodeName === 'optgroup'
) {
$this->inSelect(
array(
'name' => 'option',
'type' => HTML5::ENDTAG
)
);
}
/* If the current node is an optgroup element, then pop that node
from the stack of open elements. Otherwise, this is a parse error,
ignore the token. */
if ($this->stack[$elements_in_stack - 1] === 'optgroup') {
array_pop($this->stack);
}
/* An end tag token whose tag name is "option" */
} elseif ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'option'
) {
/* If the current node is an option element, then pop that node
from the stack of open elements. Otherwise, this is a parse error,
ignore the token. */
if (end($this->stack)->nodeName === 'option') {
array_pop($this->stack);
}
/* An end tag whose tag name is "select" */
} elseif ($token['type'] === HTML5::ENDTAG &&
$token['name'] === 'select'
) {
/* If the stack of open elements does not have an element in table
scope with the same tag name as the token, this is a parse error.
Ignore the token. (innerHTML case) */
if (!$this->elementInScope($token['name'], true)) {
// w/e
/* Otherwise: */
} else {
/* Pop elements from the stack of open elements until a select
element has been popped from the stack. */
while (true) {
$current = end($this->stack)->nodeName;
array_pop($this->stack);
if ($current === 'select') {
break;
}
}
/* Reset the insertion mode appropriately. */
$this->resetInsertionMode();
}
/* A start tag whose tag name is "select" */
} elseif ($token['name'] === 'select' &&
$token['type'] === HTML5::STARTTAG
) {
/* Parse error. Act as if the token had been an end tag with the
tag name "select" instead. */
$this->inSelect(
array(
'name' => 'select',
'type' => HTML5::ENDTAG
)
);
/* An end tag whose tag name is one of: "caption", "table", "tbody",
"tfoot", "thead", "tr", "td", "th" */
} elseif (in_array(
$token['name'],
array(
'caption',
'table',
'tbody',
'tfoot',
'thead',
'tr',
'td',
'th'
)
) && $token['type'] === HTML5::ENDTAG
) {
/* Parse error. */
// w/e
/* If the stack of open elements has an element in table scope with
the same tag name as that of the token, then act as if an end tag
with the tag name "select" had been seen, and reprocess the token.
Otherwise, ignore the token. */
if ($this->elementInScope($token['name'], true)) {
$this->inSelect(
array(
'name' => 'select',
'type' => HTML5::ENDTAG
)
);
$this->mainPhase($token);
}
/* Anything else */
} else {
/* Parse error. Ignore the token. */
}
}
private function afterBody($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Process the token as it would be processed if the insertion mode
was "in body". */
$this->inBody($token);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the first element in the stack of open
elements (the html element), with the data attribute set to the
data given in the comment token. */
$comment = $this->dom->createComment($token['data']);
$this->stack[0]->appendChild($comment);
/* An end tag with the tag name "html" */
} elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') {
/* If the parser was originally created in order to handle the
setting of an element's innerHTML attribute, this is a parse error;
ignore the token. (The element will be an html element in this
case.) (innerHTML case) */
/* Otherwise, switch to the trailing end phase. */
$this->phase = self::END_PHASE;
/* Anything else */
} else {
/* Parse error. Set the insertion mode to "in body" and reprocess
the token. */
$this->mode = self::IN_BODY;
return $this->inBody($token);
}
}
private function inFrameset($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$this->insertComment($token['data']);
/* A start tag with the tag name "frameset" */
} elseif ($token['name'] === 'frameset' &&
$token['type'] === HTML5::STARTTAG
) {
$this->insertElement($token);
/* An end tag with the tag name "frameset" */
} elseif ($token['name'] === 'frameset' &&
$token['type'] === HTML5::ENDTAG
) {
/* If the current node is the root html element, then this is a
parse error; ignore the token. (innerHTML case) */
if (end($this->stack)->nodeName === 'html') {
// Ignore
} else {
/* Otherwise, pop the current node from the stack of open
elements. */
array_pop($this->stack);
/* If the parser was not originally created in order to handle
the setting of an element's innerHTML attribute (innerHTML case),
and the current node is no longer a frameset element, then change
the insertion mode to "after frameset". */
$this->mode = self::AFTR_FRAME;
}
/* A start tag with the tag name "frame" */
} elseif ($token['name'] === 'frame' &&
$token['type'] === HTML5::STARTTAG
) {
/* Insert an HTML element for the token. */
$this->insertElement($token);
/* Immediately pop the current node off the stack of open elements. */
array_pop($this->stack);
/* A start tag with the tag name "noframes" */
} elseif ($token['name'] === 'noframes' &&
$token['type'] === HTML5::STARTTAG
) {
/* Process the token as if the insertion mode had been "in body". */
$this->inBody($token);
/* Anything else */
} else {
/* Parse error. Ignore the token. */
}
}
private function afterFrameset($token)
{
/* Handle the token as follows: */
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */
if ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Append the character to the current node. */
$this->insertText($token['data']);
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the current node with the data
attribute set to the data given in the comment token. */
$this->insertComment($token['data']);
/* An end tag with the tag name "html" */
} elseif ($token['name'] === 'html' &&
$token['type'] === HTML5::ENDTAG
) {
/* Switch to the trailing end phase. */
$this->phase = self::END_PHASE;
/* A start tag with the tag name "noframes" */
} elseif ($token['name'] === 'noframes' &&
$token['type'] === HTML5::STARTTAG
) {
/* Process the token as if the insertion mode had been "in body". */
$this->inBody($token);
/* Anything else */
} else {
/* Parse error. Ignore the token. */
}
}
private function trailingEndPhase($token)
{
/* After the main phase, as each token is emitted from the tokenisation
stage, it must be processed as described in this section. */
/* A DOCTYPE token */
if ($token['type'] === HTML5::DOCTYPE) {
// Parse error. Ignore the token.
/* A comment token */
} elseif ($token['type'] === HTML5::COMMENT) {
/* Append a Comment node to the Document object with the data
attribute set to the data given in the comment token. */
$comment = $this->dom->createComment($token['data']);
$this->dom->appendChild($comment);
/* A character token that is one of one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE */
} elseif ($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
) {
/* Process the token as it would be processed in the main phase. */
$this->mainPhase($token);
/* A character token that is not one of U+0009 CHARACTER TABULATION,
U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
or U+0020 SPACE. Or a start tag token. Or an end tag token. */
} elseif (($token['type'] === HTML5::CHARACTR &&
preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) ||
$token['type'] === HTML5::STARTTAG || $token['type'] === HTML5::ENDTAG
) {
/* Parse error. Switch back to the main phase and reprocess the
token. */
$this->phase = self::MAIN_PHASE;
return $this->mainPhase($token);
/* An end-of-file token */
} elseif ($token['type'] === HTML5::EOF) {
/* OMG DONE!! */
}
}
private function insertElement($token, $append = true, $check = false)
{
// Proprietary workaround for libxml2's limitations with tag names
if ($check) {
// Slightly modified HTML5 tag-name modification,
// removing anything that's not an ASCII letter, digit, or hyphen
$token['name'] = preg_replace('/[^a-z0-9-]/i', '', $token['name']);
// Remove leading hyphens and numbers
$token['name'] = ltrim($token['name'], '-0..9');
// In theory, this should ever be needed, but just in case
if ($token['name'] === '') {
$token['name'] = 'span';
} // arbitrary generic choice
}
$el = $this->dom->createElement($token['name']);
foreach ($token['attr'] as $attr) {
if (!$el->hasAttribute($attr['name'])) {
$el->setAttribute($attr['name'], $attr['value']);
}
}
$this->appendToRealParent($el);
$this->stack[] = $el;
return $el;
}
private function insertText($data)
{
$text = $this->dom->createTextNode($data);
$this->appendToRealParent($text);
}
private function insertComment($data)
{
$comment = $this->dom->createComment($data);
$this->appendToRealParent($comment);
}
private function appendToRealParent($node)
{
if ($this->foster_parent === null) {
end($this->stack)->appendChild($node);
} elseif ($this->foster_parent !== null) {
/* If the foster parent element is the parent element of the
last table element in the stack of open elements, then the new
node must be inserted immediately before the last table element
in the stack of open elements in the foster parent element;
otherwise, the new node must be appended to the foster parent
element. */
for ($n = count($this->stack) - 1; $n >= 0; $n--) {
if ($this->stack[$n]->nodeName === 'table' &&
$this->stack[$n]->parentNode !== null
) {
$table = $this->stack[$n];
break;
}
}
if (isset($table) && $this->foster_parent->isSameNode($table->parentNode)) {
$this->foster_parent->insertBefore($node, $table);
} else {
$this->foster_parent->appendChild($node);
}
$this->foster_parent = null;
}
}
private function elementInScope($el, $table = false)
{
if (is_array($el)) {
foreach ($el as $element) {
if ($this->elementInScope($element, $table)) {
return true;
}
}
return false;
}
$leng = count($this->stack);
for ($n = 0; $n < $leng; $n++) {
/* 1. Initialise node to be the current node (the bottommost node of
the stack). */
$node = $this->stack[$leng - 1 - $n];
if ($node->tagName === $el) {
/* 2. If node is the target node, terminate in a match state. */
return true;
} elseif ($node->tagName === 'table') {
/* 3. Otherwise, if node is a table element, terminate in a failure
state. */
return false;
} elseif ($table === true && in_array(
$node->tagName,
array(
'caption',
'td',
'th',
'button',
'marquee',
'object'
)
)
) {
/* 4. Otherwise, if the algorithm is the "has an element in scope"
variant (rather than the "has an element in table scope" variant),
and node is one of the following, terminate in a failure state. */
return false;
} elseif ($node === $node->ownerDocument->documentElement) {
/* 5. Otherwise, if node is an html element (root element), terminate
in a failure state. (This can only happen if the node is the topmost
node of the stack of open elements, and prevents the next step from
being invoked if there are no more elements in the stack.) */
return false;
}
/* Otherwise, set node to the previous entry in the stack of open
elements and return to step 2. (This will never fail, since the loop
will always terminate in the previous step if the top of the stack
is reached.) */
}
}
private function reconstructActiveFormattingElements()
{
/* 1. If there are no entries in the list of active formatting elements,
then there is nothing to reconstruct; stop this algorithm. */
$formatting_elements = count($this->a_formatting);
if ($formatting_elements === 0) {
return false;
}
/* 3. Let entry be the last (most recently added) element in the list
of active formatting elements. */
$entry = end($this->a_formatting);
/* 2. If the last (most recently added) entry in the list of active
formatting elements is a marker, or if it is an element that is in the
stack of open elements, then there is nothing to reconstruct; stop this
algorithm. */
if ($entry === self::MARKER || in_array($entry, $this->stack, true)) {
return false;
}
for ($a = $formatting_elements - 1; $a >= 0; true) {
/* 4. If there are no entries before entry in the list of active
formatting elements, then jump to step 8. */
if ($a === 0) {
$step_seven = false;
break;
}
/* 5. Let entry be the entry one earlier than entry in the list of
active formatting elements. */
$a--;
$entry = $this->a_formatting[$a];
/* 6. If entry is neither a marker nor an element that is also in
thetack of open elements, go to step 4. */
if ($entry === self::MARKER || in_array($entry, $this->stack, true)) {
break;
}
}
while (true) {
/* 7. Let entry be the element one later than entry in the list of
active formatting elements. */
if (isset($step_seven) && $step_seven === true) {
$a++;
$entry = $this->a_formatting[$a];
}
/* 8. Perform a shallow clone of the element entry to obtain clone. */
$clone = $entry->cloneNode();
/* 9. Append clone to the current node and push it onto the stack
of open elements so that it is the new current node. */
end($this->stack)->appendChild($clone);
$this->stack[] = $clone;
/* 10. Replace the entry for entry in the list with an entry for
clone. */
$this->a_formatting[$a] = $clone;
/* 11. If the entry for clone in the list of active formatting
elements is not the last entry in the list, return to step 7. */
if (end($this->a_formatting) !== $clone) {
$step_seven = true;
} else {
break;
}
}
}
private function clearTheActiveFormattingElementsUpToTheLastMarker()
{
/* When the steps below require the UA to clear the list of active
formatting elements up to the last marker, the UA must perform the
following steps: */
while (true) {
/* 1. Let entry be the last (most recently added) entry in the list
of active formatting elements. */
$entry = end($this->a_formatting);
/* 2. Remove entry from the list of active formatting elements. */
array_pop($this->a_formatting);
/* 3. If entry was a marker, then stop the algorithm at this point.
The list has been cleared up to the last marker. */
if ($entry === self::MARKER) {
break;
}
}
}
private function generateImpliedEndTags($exclude = array())
{
/* When the steps below require the UA to generate implied end tags,
then, if the current node is a dd element, a dt element, an li element,
a p element, a td element, a th element, or a tr element, the UA must
act as if an end tag with the respective tag name had been seen and
then generate implied end tags again. */
$node = end($this->stack);
$elements = array_diff(array('dd', 'dt', 'li', 'p', 'td', 'th', 'tr'), $exclude);
while (in_array(end($this->stack)->nodeName, $elements)) {
array_pop($this->stack);
}
}
private function getElementCategory($node)
{
$name = $node->tagName;
if (in_array($name, $this->special)) {
return self::SPECIAL;
} elseif (in_array($name, $this->scoping)) {
return self::SCOPING;
} elseif (in_array($name, $this->formatting)) {
return self::FORMATTING;
} else {
return self::PHRASING;
}
}
private function clearStackToTableContext($elements)
{
/* When the steps above require the UA to clear the stack back to a
table context, it means that the UA must, while the current node is not
a table element or an html element, pop elements from the stack of open
elements. If this causes any elements to be popped from the stack, then
this is a parse error. */
while (true) {
$node = end($this->stack)->nodeName;
if (in_array($node, $elements)) {
break;
} else {
array_pop($this->stack);
}
}
}
private function resetInsertionMode()
{
/* 1. Let last be false. */
$last = false;
$leng = count($this->stack);
for ($n = $leng - 1; $n >= 0; $n--) {
/* 2. Let node be the last node in the stack of open elements. */
$node = $this->stack[$n];
/* 3. If node is the first node in the stack of open elements, then
set last to true. If the element whose innerHTML attribute is being
set is neither a td element nor a th element, then set node to the
element whose innerHTML attribute is being set. (innerHTML case) */
if ($this->stack[0]->isSameNode($node)) {
$last = true;
}
/* 4. If node is a select element, then switch the insertion mode to
"in select" and abort these steps. (innerHTML case) */
if ($node->nodeName === 'select') {
$this->mode = self::IN_SELECT;
break;
/* 5. If node is a td or th element, then switch the insertion mode
to "in cell" and abort these steps. */
} elseif ($node->nodeName === 'td' || $node->nodeName === 'th') {
$this->mode = self::IN_CELL;
break;
/* 6. If node is a tr element, then switch the insertion mode to
"in row" and abort these steps. */
} elseif ($node->nodeName === 'tr') {
$this->mode = self::IN_ROW;
break;
/* 7. If node is a tbody, thead, or tfoot element, then switch the
insertion mode to "in table body" and abort these steps. */
} elseif (in_array($node->nodeName, array('tbody', 'thead', 'tfoot'))) {
$this->mode = self::IN_TBODY;
break;
/* 8. If node is a caption element, then switch the insertion mode
to "in caption" and abort these steps. */
} elseif ($node->nodeName === 'caption') {
$this->mode = self::IN_CAPTION;
break;
/* 9. If node is a colgroup element, then switch the insertion mode
to "in column group" and abort these steps. (innerHTML case) */
} elseif ($node->nodeName === 'colgroup') {
$this->mode = self::IN_CGROUP;
break;
/* 10. If node is a table element, then switch the insertion mode
to "in table" and abort these steps. */
} elseif ($node->nodeName === 'table') {
$this->mode = self::IN_TABLE;
break;
/* 11. If node is a head element, then switch the insertion mode
to "in body" ("in body"! not "in head"!) and abort these steps.
(innerHTML case) */
} elseif ($node->nodeName === 'head') {
$this->mode = self::IN_BODY;
break;
/* 12. If node is a body element, then switch the insertion mode to
"in body" and abort these steps. */
} elseif ($node->nodeName === 'body') {
$this->mode = self::IN_BODY;
break;
/* 13. If node is a frameset element, then switch the insertion
mode to "in frameset" and abort these steps. (innerHTML case) */
} elseif ($node->nodeName === 'frameset') {
$this->mode = self::IN_FRAME;
break;
/* 14. If node is an html element, then: if the head element
pointer is null, switch the insertion mode to "before head",
otherwise, switch the insertion mode to "after head". In either
case, abort these steps. (innerHTML case) */
} elseif ($node->nodeName === 'html') {
$this->mode = ($this->head_pointer === null)
? self::BEFOR_HEAD
: self::AFTER_HEAD;
break;
/* 15. If last is true, then set the insertion mode to "in body"
and abort these steps. (innerHTML case) */
} elseif ($last) {
$this->mode = self::IN_BODY;
break;
}
}
}
private function closeCell()
{
/* If the stack of open elements has a td or th element in table scope,
then act as if an end tag token with that tag name had been seen. */
foreach (array('td', 'th') as $cell) {
if ($this->elementInScope($cell, true)) {
$this->inCell(
array(
'name' => $cell,
'type' => HTML5::ENDTAG
)
);
break;
}
}
}
public function save()
{
return $this->dom;
}
}
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
================================================
def = $config->getCSSDefinition();
$ret = '';
$ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
$ret .= $this->start('table');
$ret .= $this->element('caption', 'Properties ($info)');
$ret .= $this->start('thead');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Property', array('class' => 'heavy'));
$ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
$ret .= $this->end('tr');
$ret .= $this->end('thead');
ksort($this->def->info);
foreach ($this->def->info as $property => $obj) {
$name = $this->getClass($obj, 'AttrDef_');
$ret .= $this->row($property, $name);
}
$ret .= $this->end('table');
$ret .= $this->end('div');
return $ret;
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer/ConfigForm.css
================================================
.hp-config {}
.hp-config tbody th {text-align:right; padding-right:0.5em;}
.hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;}
.hp-config .namespace th {text-align:center;}
.hp-config .verbose {display:none;}
.hp-config .controls {text-align:center;}
/* vim: et sw=4 sts=4 */
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer/ConfigForm.js
================================================
function toggleWriteability(id_of_patient, checked) {
document.getElementById(id_of_patient).disabled = checked;
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer/ConfigForm.php
================================================
docURL = $doc_url;
$this->name = $name;
$this->compress = $compress;
// initialize sub-printers
$this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default();
$this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
}
/**
* Sets default column and row size for textareas in sub-printers
* @param $cols Integer columns of textarea, null to use default
* @param $rows Integer rows of textarea, null to use default
*/
public function setTextareaDimensions($cols = null, $rows = null)
{
if ($cols) {
$this->fields['default']->cols = $cols;
}
if ($rows) {
$this->fields['default']->rows = $rows;
}
}
/**
* Retrieves styling, in case it is not accessible by webserver
*/
public static function getCSS()
{
return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.css');
}
/**
* Retrieves JavaScript, in case it is not accessible by webserver
*/
public static function getJavaScript()
{
return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.js');
}
/**
* Returns HTML output for a configuration form
* @param HTMLPurifier_Config|array $config Configuration object of current form state, or an array
* where [0] has an HTML namespace and [1] is being rendered.
* @param array|bool $allowed Optional namespace(s) and directives to restrict form to.
* @param bool $render_controls
* @return string
*/
public function render($config, $allowed = true, $render_controls = true)
{
if (is_array($config) && isset($config[0])) {
$gen_config = $config[0];
$config = $config[1];
} else {
$gen_config = $config;
}
$this->config = $config;
$this->genConfig = $gen_config;
$this->prepareGenerator($gen_config);
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $config->def);
$all = array();
foreach ($allowed as $key) {
list($ns, $directive) = $key;
$all[$ns][$directive] = $config->get($ns . '.' . $directive);
}
$ret = '';
$ret .= $this->start('table', array('class' => 'hp-config'));
$ret .= $this->start('thead');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Directive', array('class' => 'hp-directive'));
$ret .= $this->element('th', 'Value', array('class' => 'hp-value'));
$ret .= $this->end('tr');
$ret .= $this->end('thead');
foreach ($all as $ns => $directives) {
$ret .= $this->renderNamespace($ns, $directives);
}
if ($render_controls) {
$ret .= $this->start('tbody');
$ret .= $this->start('tr');
$ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
$ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit'));
$ret .= '[
Reset]';
$ret .= $this->end('td');
$ret .= $this->end('tr');
$ret .= $this->end('tbody');
}
$ret .= $this->end('table');
return $ret;
}
/**
* Renders a single namespace
* @param $ns String namespace name
* @param array $directives array of directives to values
* @return string
*/
protected function renderNamespace($ns, $directives)
{
$ret = '';
$ret .= $this->start('tbody', array('class' => 'namespace'));
$ret .= $this->start('tr');
$ret .= $this->element('th', $ns, array('colspan' => 2));
$ret .= $this->end('tr');
$ret .= $this->end('tbody');
$ret .= $this->start('tbody');
foreach ($directives as $directive => $value) {
$ret .= $this->start('tr');
$ret .= $this->start('th');
if ($this->docURL) {
$url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
$ret .= $this->start('a', array('href' => $url));
}
$attr = array('for' => "{$this->name}:$ns.$directive");
// crop directive name if it's too long
if (!$this->compress || (strlen($directive) < $this->compress)) {
$directive_disp = $directive;
} else {
$directive_disp = substr($directive, 0, $this->compress - 2) . '...';
$attr['title'] = $directive;
}
$ret .= $this->element(
'label',
$directive_disp,
// component printers must create an element with this id
$attr
);
if ($this->docURL) {
$ret .= $this->end('a');
}
$ret .= $this->end('th');
$ret .= $this->start('td');
$def = $this->config->def->info["$ns.$directive"];
if (is_int($def)) {
$allow_null = $def < 0;
$type = abs($def);
} else {
$type = $def->type;
$allow_null = isset($def->allow_null);
}
if (!isset($this->fields[$type])) {
$type = 0;
} // default
$type_obj = $this->fields[$type];
if ($allow_null) {
$type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj);
}
$ret .= $type_obj->render($ns, $directive, $value, $this->name, array($this->genConfig, $this->config));
$ret .= $this->end('td');
$ret .= $this->end('tr');
}
$ret .= $this->end('tbody');
return $ret;
}
}
/**
* Printer decorator for directives that accept null
*/
class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
{
/**
* Printer being decorated
* @type HTMLPurifier_Printer
*/
protected $obj;
/**
* @param HTMLPurifier_Printer $obj Printer to decorate
*/
public function __construct($obj)
{
parent::__construct();
$this->obj = $obj;
}
/**
* @param string $ns
* @param string $directive
* @param string $value
* @param string $name
* @param HTMLPurifier_Config|array $config
* @return string
*/
public function render($ns, $directive, $value, $name, $config)
{
if (is_array($config) && isset($config[0])) {
$gen_config = $config[0];
$config = $config[1];
} else {
$gen_config = $config;
}
$this->prepareGenerator($gen_config);
$ret = '';
$ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
$ret .= $this->text(' Null/Disabled');
$ret .= $this->end('label');
$attr = array(
'type' => 'checkbox',
'value' => '1',
'class' => 'null-toggle',
'name' => "$name" . "[Null_$ns.$directive]",
'id' => "$name:Null_$ns.$directive",
'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
);
if ($this->obj instanceof HTMLPurifier_Printer_ConfigForm_bool) {
// modify inline javascript slightly
$attr['onclick'] =
"toggleWriteability('$name:Yes_$ns.$directive',checked);" .
"toggleWriteability('$name:No_$ns.$directive',checked)";
}
if ($value === null) {
$attr['checked'] = 'checked';
}
$ret .= $this->elementEmpty('input', $attr);
$ret .= $this->text(' or ');
$ret .= $this->elementEmpty('br');
$ret .= $this->obj->render($ns, $directive, $value, $name, array($gen_config, $config));
return $ret;
}
}
/**
* Swiss-army knife configuration form field printer
*/
class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer
{
/**
* @type int
*/
public $cols = 18;
/**
* @type int
*/
public $rows = 5;
/**
* @param string $ns
* @param string $directive
* @param string $value
* @param string $name
* @param HTMLPurifier_Config|array $config
* @return string
*/
public function render($ns, $directive, $value, $name, $config)
{
if (is_array($config) && isset($config[0])) {
$gen_config = $config[0];
$config = $config[1];
} else {
$gen_config = $config;
}
$this->prepareGenerator($gen_config);
// this should probably be split up a little
$ret = '';
$def = $config->def->info["$ns.$directive"];
if (is_int($def)) {
$type = abs($def);
} else {
$type = $def->type;
}
if (is_array($value)) {
switch ($type) {
case HTMLPurifier_VarParser::LOOKUP:
$array = $value;
$value = array();
foreach ($array as $val => $b) {
$value[] = $val;
}
//TODO does this need a break?
case HTMLPurifier_VarParser::ALIST:
$value = implode(PHP_EOL, $value);
break;
case HTMLPurifier_VarParser::HASH:
$nvalue = '';
foreach ($value as $i => $v) {
$nvalue .= "$i:$v" . PHP_EOL;
}
$value = $nvalue;
break;
default:
$value = '';
}
}
if ($type === HTMLPurifier_VarParser::MIXED) {
return 'Not supported';
$value = serialize($value);
}
$attr = array(
'name' => "$name" . "[$ns.$directive]",
'id' => "$name:$ns.$directive"
);
if ($value === null) {
$attr['disabled'] = 'disabled';
}
if (isset($def->allowed)) {
$ret .= $this->start('select', $attr);
foreach ($def->allowed as $val => $b) {
$attr = array();
if ($value == $val) {
$attr['selected'] = 'selected';
}
$ret .= $this->element('option', $val, $attr);
}
$ret .= $this->end('select');
} elseif ($type === HTMLPurifier_VarParser::TEXT ||
$type === HTMLPurifier_VarParser::ITEXT ||
$type === HTMLPurifier_VarParser::ALIST ||
$type === HTMLPurifier_VarParser::HASH ||
$type === HTMLPurifier_VarParser::LOOKUP) {
$attr['cols'] = $this->cols;
$attr['rows'] = $this->rows;
$ret .= $this->start('textarea', $attr);
$ret .= $this->text($value);
$ret .= $this->end('textarea');
} else {
$attr['value'] = $value;
$attr['type'] = 'text';
$ret .= $this->elementEmpty('input', $attr);
}
return $ret;
}
}
/**
* Bool form field printer
*/
class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer
{
/**
* @param string $ns
* @param string $directive
* @param string $value
* @param string $name
* @param HTMLPurifier_Config|array $config
* @return string
*/
public function render($ns, $directive, $value, $name, $config)
{
if (is_array($config) && isset($config[0])) {
$gen_config = $config[0];
$config = $config[1];
} else {
$gen_config = $config;
}
$this->prepareGenerator($gen_config);
$ret = '';
$ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
$ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
$ret .= $this->text(' Yes');
$ret .= $this->end('label');
$attr = array(
'type' => 'radio',
'name' => "$name" . "[$ns.$directive]",
'id' => "$name:Yes_$ns.$directive",
'value' => '1'
);
if ($value === true) {
$attr['checked'] = 'checked';
}
if ($value === null) {
$attr['disabled'] = 'disabled';
}
$ret .= $this->elementEmpty('input', $attr);
$ret .= $this->start('label', array('for' => "$name:No_$ns.$directive"));
$ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
$ret .= $this->text(' No');
$ret .= $this->end('label');
$attr = array(
'type' => 'radio',
'name' => "$name" . "[$ns.$directive]",
'id' => "$name:No_$ns.$directive",
'value' => '0'
);
if ($value === false) {
$attr['checked'] = 'checked';
}
if ($value === null) {
$attr['disabled'] = 'disabled';
}
$ret .= $this->elementEmpty('input', $attr);
$ret .= $this->end('div');
return $ret;
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
================================================
config =& $config;
$this->def = $config->getHTMLDefinition();
$ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
$ret .= $this->renderDoctype();
$ret .= $this->renderEnvironment();
$ret .= $this->renderContentSets();
$ret .= $this->renderInfo();
$ret .= $this->end('div');
return $ret;
}
/**
* Renders the Doctype table
* @return string
*/
protected function renderDoctype()
{
$doctype = $this->def->doctype;
$ret = '';
$ret .= $this->start('table');
$ret .= $this->element('caption', 'Doctype');
$ret .= $this->row('Name', $doctype->name);
$ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
$ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
$ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
$ret .= $this->end('table');
return $ret;
}
/**
* Renders environment table, which is miscellaneous info
* @return string
*/
protected function renderEnvironment()
{
$def = $this->def;
$ret = '';
$ret .= $this->start('table');
$ret .= $this->element('caption', 'Environment');
$ret .= $this->row('Parent of fragment', $def->info_parent);
$ret .= $this->renderChildren($def->info_parent_def->child);
$ret .= $this->row('Block wrap name', $def->info_block_wrapper);
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Global attributes');
$ret .= $this->element('td', $this->listifyAttr($def->info_global_attr), null, 0);
$ret .= $this->end('tr');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Tag transforms');
$list = array();
foreach ($def->info_tag_transform as $old => $new) {
$new = $this->getClass($new, 'TagTransform_');
$list[] = "<$old> with $new";
}
$ret .= $this->element('td', $this->listify($list));
$ret .= $this->end('tr');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Pre-AttrTransform');
$ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_pre));
$ret .= $this->end('tr');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Post-AttrTransform');
$ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_post));
$ret .= $this->end('tr');
$ret .= $this->end('table');
return $ret;
}
/**
* Renders the Content Sets table
* @return string
*/
protected function renderContentSets()
{
$ret = '';
$ret .= $this->start('table');
$ret .= $this->element('caption', 'Content Sets');
foreach ($this->def->info_content_sets as $name => $lookup) {
$ret .= $this->heavyHeader($name);
$ret .= $this->start('tr');
$ret .= $this->element('td', $this->listifyTagLookup($lookup));
$ret .= $this->end('tr');
}
$ret .= $this->end('table');
return $ret;
}
/**
* Renders the Elements ($info) table
* @return string
*/
protected function renderInfo()
{
$ret = '';
$ret .= $this->start('table');
$ret .= $this->element('caption', 'Elements ($info)');
ksort($this->def->info);
$ret .= $this->heavyHeader('Allowed tags', 2);
$ret .= $this->start('tr');
$ret .= $this->element('td', $this->listifyTagLookup($this->def->info), array('colspan' => 2));
$ret .= $this->end('tr');
foreach ($this->def->info as $name => $def) {
$ret .= $this->start('tr');
$ret .= $this->element('th', "<$name>", array('class' => 'heavy', 'colspan' => 2));
$ret .= $this->end('tr');
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Inline content');
$ret .= $this->element('td', $def->descendants_are_inline ? 'Yes' : 'No');
$ret .= $this->end('tr');
if (!empty($def->excludes)) {
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Excludes');
$ret .= $this->element('td', $this->listifyTagLookup($def->excludes));
$ret .= $this->end('tr');
}
if (!empty($def->attr_transform_pre)) {
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Pre-AttrTransform');
$ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_pre));
$ret .= $this->end('tr');
}
if (!empty($def->attr_transform_post)) {
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Post-AttrTransform');
$ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_post));
$ret .= $this->end('tr');
}
if (!empty($def->auto_close)) {
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Auto closed by');
$ret .= $this->element('td', $this->listifyTagLookup($def->auto_close));
$ret .= $this->end('tr');
}
$ret .= $this->start('tr');
$ret .= $this->element('th', 'Allowed attributes');
$ret .= $this->element('td', $this->listifyAttr($def->attr), array(), 0);
$ret .= $this->end('tr');
if (!empty($def->required_attr)) {
$ret .= $this->row('Required attributes', $this->listify($def->required_attr));
}
$ret .= $this->renderChildren($def->child);
}
$ret .= $this->end('table');
return $ret;
}
/**
* Renders a row describing the allowed children of an element
* @param HTMLPurifier_ChildDef $def HTMLPurifier_ChildDef of pertinent element
* @return string
*/
protected function renderChildren($def)
{
$context = new HTMLPurifier_Context();
$ret = '';
$ret .= $this->start('tr');
$elements = array();
$attr = array();
if (isset($def->elements)) {
if ($def->type == 'strictblockquote') {
$def->validateChildren(array(), $this->config, $context);
}
$elements = $def->elements;
}
if ($def->type == 'chameleon') {
$attr['rowspan'] = 2;
} elseif ($def->type == 'empty') {
$elements = array();
} elseif ($def->type == 'table') {
$elements = array_flip(
array(
'col',
'caption',
'colgroup',
'thead',
'tfoot',
'tbody',
'tr'
)
);
}
$ret .= $this->element('th', 'Allowed children', $attr);
if ($def->type == 'chameleon') {
$ret .= $this->element(
'td',
'
Block: ' .
$this->escape($this->listifyTagLookup($def->block->elements)),
null,
0
);
$ret .= $this->end('tr');
$ret .= $this->start('tr');
$ret .= $this->element(
'td',
'
Inline: ' .
$this->escape($this->listifyTagLookup($def->inline->elements)),
null,
0
);
} elseif ($def->type == 'custom') {
$ret .= $this->element(
'td',
'
' . ucfirst($def->type) . ': ' .
$def->dtd_regex
);
} else {
$ret .= $this->element(
'td',
'
' . ucfirst($def->type) . ': ' .
$this->escape($this->listifyTagLookup($elements)),
null,
0
);
}
$ret .= $this->end('tr');
return $ret;
}
/**
* Listifies a tag lookup table.
* @param array $array Tag lookup array in form of array('tagname' => true)
* @return string
*/
protected function listifyTagLookup($array)
{
ksort($array);
$list = array();
foreach ($array as $name => $discard) {
if ($name !== '#PCDATA' && !isset($this->def->info[$name])) {
continue;
}
$list[] = $name;
}
return $this->listify($list);
}
/**
* Listifies a list of objects by retrieving class names and internal state
* @param array $array List of objects
* @return string
* @todo Also add information about internal state
*/
protected function listifyObjectList($array)
{
ksort($array);
$list = array();
foreach ($array as $obj) {
$list[] = $this->getClass($obj, 'AttrTransform_');
}
return $this->listify($list);
}
/**
* Listifies a hash of attributes to AttrDef classes
* @param array $array Array hash in form of array('attrname' => HTMLPurifier_AttrDef)
* @return string
*/
protected function listifyAttr($array)
{
ksort($array);
$list = array();
foreach ($array as $name => $obj) {
if ($obj === false) {
continue;
}
$list[] = "$name =
" . $this->getClass($obj, 'AttrDef_') . '';
}
return $this->listify($list);
}
/**
* Creates a heavy header row
* @param string $text
* @param int $num
* @return string
*/
protected function heavyHeader($text, $num = 1)
{
$ret = '';
$ret .= $this->start('tr');
$ret .= $this->element('th', $text, array('colspan' => $num, 'class' => 'heavy'));
$ret .= $this->end('tr');
return $ret;
}
}
// vim: et sw=4 sts=4
================================================
FILE: lib/purifier/standalone/HTMLPurifier/Printer.php
================================================
getAll();
$context = new HTMLPurifier_Context();
$this->generator = new HTMLPurifier_Generator($config, $context);
}
/**
* Main function that renders object or aspect of that object
* @note Parameters vary depending on printer
*/
// function render() {}
/**
* Returns a start tag
* @param string $tag Tag name
* @param array $attr Attribute array
* @return string
*/
protected function start($tag, $attr = array())
{
return $this->generator->generateFromToken(
new HTMLPurifier_Token_Start($tag, $attr ? $attr : array())
);
}
/**
* Returns an end tag
* @param string $tag Tag name
* @return string
*/
protected function end($tag)
{
return $this->generator->generateFromToken(
new HTMLPurifier_Token_End($tag)
);
}
/**
* Prints a complete element with content inside
* @param string $tag Tag name
* @param string $contents Element contents
* @param array $attr Tag attributes
* @param bool $escape whether or not to escape contents
* @return string
*/
protected function element($tag, $contents, $attr = array(), $escape = true)
{
return $this->start($tag, $attr) .
($escape ? $this->escape($contents) : $contents) .
$this->end($tag);
}
/**
* @param string $tag
* @param array $attr
* @return string
*/
protected function elementEmpty($tag, $attr = array())
{
return $this->generator->generateFromToken(
new HTMLPurifier_Token_Empty($tag, $attr)
);
}
/**
* @param string $text
* @return string
*/
protected function text($text)
{
return $this->generator->generateFromToken(
new HTMLPurifier_Token_Text($text)
);
}
/**
* Prints a simple key/value row in a table.
* @param string $name Key
* @param mixed $value Value
* @return string
*/
protected function row($name, $value)
{
if (is_bool($value)) {
$value = $value ? 'On' : 'Off';
}
return
$this->start('tr') . "\n" .
$this->element('th', $name) . "\n" .
$this->element('td', $value) . "\n" .
$this->end('tr');
}
/**
* Escapes a string for HTML output.
* @param string $string String to escape
* @return string
*/
protected function escape($string)
{
$string = HTMLPurifier_Encoder::cleanUTF8($string);
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
return $string;
}
/**
* Takes a list of strings and turns them into a single list
* @param string[] $array List of strings
* @param bool $polite Bool whether or not to add an end before the last
* @return string
*/
protected function listify($array, $polite = false)
{
if (empty($array)) {
return 'None';
}
$ret = '';
$i = count($array);
foreach ($array as $value) {
$i--;
$ret .= $value;
if ($i > 0 && !($polite && $i == 1)) {
$ret .= ', ';
}
if ($polite && $i == 1) {
$ret .= 'and ';
}
}
return $ret;
}
/**
* Retrieves the class of an object without prefixes, as well as metadata
* @param object $obj Object to determine class of
* @param string $sec_prefix Further prefix to remove
* @return string
*/
protected function getClass($obj, $sec_prefix = '')
{
static $five = null;
if ($five === null) {
$five = version_compare(PHP_VERSION, '5', '>=');
}
$prefix = 'HTMLPurifier_' . $sec_prefix;
if (!$five) {
$prefix = strtolower($prefix);
}
$class = str_replace($prefix, '', get_class($obj));
$lclass = strtolower($class);
$class .= '(';
switch ($lclass) {
case 'enum':
$values = array();
foreach ($obj->valid_values as $value => $bool) {
$values[] = $value;
}
$class .= implode(', ', $values);
break;
case 'css_composite':
$values = array();
foreach ($obj->defs as $def) {
$values[] = $this->getClass($def, $sec_prefix);
}
$class .= implode(', ', $values);
break;
case 'css_multiple':
$class .= $this->getClass($obj->single, $sec_prefix) . ', ';
$class .= $obj->max;
break;
case 'css_denyelementdecorator':
$class .= $this->getClass($obj->def, $sec_prefix) . ', ';
$class .= $obj->element;
break;
case 'css_importantdecorator':
$class .= $this->getClass($obj->def, $sec_prefix);
if ($obj->allow) {
$class .= ', !important';
}
break;
}
$class .= ')';
return $class;
}
}
// vim: et sw=4 sts=4
================================================
FILE: module/blog/control.php
================================================
app->loadLang('index');
}
/**
* The index page of blog module.
*
* @access public
* @return void
*/
public function index($recTotal = 0, $recPerPage = 20, $pageID = 0)
{
$this->app->loadClass('pager');
$pager = new pager($recTotal, $recPerPage, $pageID);
$this->view->title = $this->lang->blog->index;
$this->view->articles = $this->blog->getList($pager);
$this->view->pager = $pager;
$this->display();
}
/**
* Create an article.
*
* @access public
* @return void
*/
public function create()
{
if(!empty($_POST))
{
$blogID = $this->blog->create();
if(dao::isError()) die(js::error(dao::getError()) . js::locate('back'));
die(js::locate(inlink('index')));
}
$this->view->title = $this->lang->blog->add;
$this->display();
}
/**
* Update an article.
*
* @param int $id
* @access public
* @return void
*/
public function edit($id)
{
if(!empty($_POST))
{
$this->blog->update($id);
$this->locate(inlink('index'));
}
else
{
$this->view->title = $this->lang->blog->edit;
$this->view->article = $this->blog->getByID($id);
$this->display();
}
}
/**
* View an article.
*
* @param int $id
* @access public
* @return void
*/
public function view($id)
{
$this->view->title = $this->lang->blog->view;
$this->view->article = $this->blog->getByID($id);
$this->display();
}
/**
* Delete an article.
*
* @param int $id
* @access public
* @return void
*/
public function delete($id)
{
$this->blog->delete($id);
$this->locate(inlink('index'));
}
}
================================================
FILE: module/blog/css/common.css
================================================
.container > .panel {margin:0 -10px;}
.table-form th{vertical-align:middle; text-align:right;}
.table-form td, .table-form th{padding:8px;}
================================================
FILE: module/blog/lang/en.php
================================================
blog = new stdclass();
$lang->blog->index = 'Index';
$lang->blog->view = 'View';
$lang->blog->add = 'Add';
$lang->blog->edit = 'Edit';
$lang->blog->delete = 'Delete';
$lang->blog->id = 'Id';
$lang->blog->title = 'Title';
$lang->blog->date = 'Date';
$lang->blog->content = 'Content';
$lang->blog->action = 'Action';
================================================
FILE: module/blog/lang/zh-cn.php
================================================
blog = new stdclass();
$lang->blog->index = '首页';
$lang->blog->view = '详情';
$lang->blog->add = '添加';
$lang->blog->edit = '编辑';
$lang->blog->delete = '删除';
$lang->blog->id = '编号';
$lang->blog->title = '标题';
$lang->blog->date = '日期';
$lang->blog->content = '内容';
$lang->blog->action = '操作';
================================================
FILE: module/blog/model.php
================================================
dao->select('*')->from('blog')->orderBy('id desc')->page($pager)->fetchAll();
}
/**
* Get an article.
*
* @param int $id
* @access public
* @return object
*/
public function getById($id)
{
return $this->dao->findById($id)->from('blog')->fetch();
}
/**
* Create an article.
*
* @access public
* @return void
*/
public function create()
{
$article = fixer::input('post')->specialchars('title, content')->add('date', date('Y-m-d H:i:s'))->get();
$this->dao->insert('blog')->data($article)->autoCheck()->batchCheck('title,content', 'notempty')->exec();
return $this->dao->lastInsertID();
}
/**
* Update an article.
*
* @param int $articleID
* @access public
* @return void
*/
public function update($articleID)
{
$article = fixer::input('post')->specialchars('title, content')->get();
$this->dao->update('blog')->data($article)->where('id')->eq($articleID)->exec();
}
/**
* Delete an article.
*
* @param int $id
* @param null $table
* @access public
* @return void
*/
public function delete($id, $table = null)
{
$this->dao->delete()->from('blog')->where('id')->eq($id)->exec();
}
}
================================================
FILE: module/blog/view/create.html.php
================================================
================================================
FILE: module/blog/view/edit.html.php
================================================
================================================
FILE: module/blog/view/index.html.php
================================================
blog->index;?>
blog->add, "class='btn btn-primary btn-xs'");?>
| blog->id;?> |
blog->title;?> |
blog->date;?> |
blog->action;?> |
| id;?> |
title;?> |
date;?> |
createLink('blog', 'view', "id=$article->id"), $lang->blog->view);
echo html::a($this->createLink('blog', 'edit', "id=$article->id"), $lang->blog->edit);
echo html::a($this->createLink('blog', 'delete', "id=$article->id"), $lang->blog->delete);
?>
|
|
show('right', 'short');
?>
|
================================================
FILE: module/blog/view/view.html.php
================================================
blog->index, "class='btn'");?>
================================================
FILE: module/common/lang/en.php
================================================
zentaophp = 'zentaoPHP';
$lang->welcome = 'Welcome to use zentaoPHP framework.';
$lang->intro = '
zentaoPHP is a lite PHP framework, simple, fast, structured, friendly and extensible.';
$lang->more = 'More »';
$lang->save = 'Save';
$lang->loading = 'Loading...';
$lang->goback = 'Go back';
/* The menu items. */
$lang->menu = new stdclass();
$lang->menu->index = 'Home';
$lang->menu->blog = 'Demo';
/* Error info. */
$lang->error = new stdclass();
$lang->error->companyNotFound = "The domain %s does not exist.";
$lang->error->length = array("『%s』length should be『%s』", "『%s』length should between『%s』and 『%s』.");
$lang->error->reg = "『%s』should like『%s』";
$lang->error->unique = "『%s』has『%s』already.";
$lang->error->notempty = "『%s』can not be empty.";
$lang->error->empty = "『%s』 must be empty.";
$lang->error->equal = "『%s』must be『%s』.";
$lang->error->int = array("『%s』should be interger", "『%s』should between『%s-%s』.");
$lang->error->float = "『%s』should be a interger or float.";
$lang->error->email = "『%s』should be email.";
$lang->error->date = "『%s』should be date";
$lang->error->account = "『%s』should be a valid account.";
$lang->error->passwordsame = "Two passwords must be the same";
$lang->error->passwordrule = "Password should more than six letters.";
/* Pager. */
$lang->pager = new stdclass();
$lang->pager->noRecord = "No records yet.";
$lang->pager->digest = "
%s records,
%s per page,
%s/%s ";
$lang->pager->first = "First";
$lang->pager->pre = "Previous";
$lang->pager->next = "Next";
$lang->pager->last = "Last";
$lang->pager->locate = "GO!";
/* Date times. */
define('DT_DATETIME1', 'Y-m-d H:i:s');
define('DT_DATETIME2', 'y-m-d H:i');
define('DT_MONTHTIME1', 'n/d H:i');
define('DT_MONTHTIME2', 'F j, H:i');
define('DT_DATE1', 'Y-m-d');
define('DT_DATE2', 'Ymd');
define('DT_DATE3', 'F j, Y ');
define('DT_TIME1', 'H:i:s');
define('DT_TIME2', 'H:i');
================================================
FILE: module/common/lang/zh-cn.php
================================================
zentaophp = 'zentaoPHP框架';
$lang->welcome = 'zentaoPHP, 做最懂程序员的框架!';
$lang->intro = '
zentaoPHP框架 是一款轻量级的MVC开发框架,代码简单,性能良好,结构清晰,开发友好,深度可扩展!';
$lang->more = '了解更多 »';
$lang->save = '保存';
$lang->loading = '稍后...';
$lang->goback = '返回';
/* The menu items. */
$lang->menu = new stdclass();
$lang->menu->index = '首页';
$lang->menu->blog = '演示';
/* Error message. */
$lang->error = new stdclass();
$lang->error->length = array("『%s』长度错误,应当为『%s』", "『%s』长度应当不超过『%s』,且不小于『%s』。");
$lang->error->reg = "『%s』不符合格式,应当为:『%s』。";
$lang->error->unique = "『%s』已经有『%s』这条记录了。";
$lang->error->notempty = "『%s』不能为空。";
$lang->error->empty = "『%s』必须为空。";
$lang->error->equal = "『%s』必须为『%s』。";
$lang->error->int = array("『%s』应当是数字。", "『%s』应当介于『%s-%s』之间。");
$lang->error->float = "『%s』应当是数字,可以是小数。";
$lang->error->email = "『%s』应当为合法的EMAIL。";
$lang->error->date = "『%s』应当为合法的日期。";
$lang->error->account = "『%s』应当为合法的用户名。";
$lang->error->passwordsame = "两次密码应当相等。";
$lang->error->passwordrule = "密码应该符合规则,长度至少为六位。";
/* Pager items. */
$lang->pager = new stdclass();
$lang->pager->noRecord = "暂时没有记录";
$lang->pager->digest = "共
%s条记录,每页
%s条,页面:
%s/%s ";
$lang->pager->first = "首页";
$lang->pager->pre = "上页";
$lang->pager->next = "下页";
$lang->pager->last = "末页";
$lang->pager->locate = "GO!";
/* Datetime settings. */
define('DT_DATETIME1', 'Y-m-d H:i:s');
define('DT_DATETIME2', 'y-m-d H:i');
define('DT_MONTHTIME1', 'n/d H:i');
define('DT_MONTHTIME2', 'n月d日 H:i');
define('DT_DATE1', 'Y-m-d');
define('DT_DATE2', 'Ymd');
define('DT_DATE3', 'Y年m月d日');
define('DT_TIME1', 'H:i:s');
define('DT_TIME2', 'H:i');
================================================
FILE: module/common/model.php
================================================
startSession();
$this->sendHeader();
define('FIRST_RUN', true);
}
}
/**
* Start the session.
*
* @access public
* @return void
*/
public function startSession()
{
session_name($this->config->sessionVar);
if(isset($_GET[$this->config->sessionVar])) session_id($_GET[$this->config->sessionVar]);
session_start();
}
/**
* Set the header info.
*
* @access public
* @return void
*/
public function sendHeader()
{
header("Content-Type: text/html; Language={$this->config->charset}");
header("Cache-control: private");
}
/**
* Print the run info
*
* @param int $startTime
* @access public
* @return void
*/
public function printRunInfo($startTime)
{
$info['timeUsed'] = round(getTime() - $startTime, 4) * 1000;
$info['memory'] = round(memory_get_peak_usage() / 1024, 1);
$info['querys'] = count(dao::$querys);
vprintf($this->lang->runInfo, $info);
return $info;
}
}
================================================
FILE: module/common/view/footer.html.php
================================================
server->HTTP_X_PJAX == false):?>
================================================
FILE: module/common/view/nav.html.php
================================================
menu as $menuModule => $menuLabel)
{
$menuClass = $moduleName == $menuModule ? 'active' : '';
echo "';
}
?>
================================================
FILE: module/file/config.php
================================================
file->mimes['xml'] = 'text/xml';
$config->file->mimes['html'] = 'text/html';
$config->file->mimes['csv'] = 'text/csv';
$config->file->mimes['default'] = 'application/octet-stream';
$config->file->imageExtensions = array('jpeg', 'jpg', 'gif', 'png');
$config->file->image2Compress = array('.jpg', '.bmp', '.jpeg');
$config->file->charset = array('UTF-8' => 'UTF-8', 'GBK' => 'GBK', 'BIG5' => 'BIG5');
================================================
FILE: module/file/control.php
================================================
* @package file
* @version $Id: control.php 4129 2013-01-18 01:58:14Z wwccss $
* @link http://www.zentao.net
*/
class file extends control
{
/**
* AJAX: get upload request from the web editor.
*
* @access public
* @return void
*/
public function ajaxUpload($uid = '')
{
$file = $this->file->getUpload('imgFile');
$file = $file[0];
if($file)
{
if($file['size'] == 0) die(json_encode(array('error' => 1, 'message' => $this->lang->file->errorFileUpload)));
if(@move_uploaded_file($file['tmpname'], $this->file->savePath . $this->file->getSaveName($file['pathname'])))
{
/* Compress image for jpg and bmp. */
$file = $this->file->compressImage($file);
$file['addedBy'] = $this->app->user->account;
$file['addedDate'] = helper::today();
unset($file['tmpname']);
$this->dao->insert(TABLE_FILE)->data($file)->exec();
$fileID = $this->dao->lastInsertID();
$url = $this->createLink('file', 'read', "fileID=$fileID", $file['extension']);
if($uid) $_SESSION['album'][$uid][] = $fileID;
die(json_encode(array('error' => 0, 'url' => $url)));
}
else
{
$error = strip_tags(sprintf($this->lang->file->errorCanNotWrite, $this->file->savePath, $this->file->savePath));
die(json_encode(array('error' => 1, 'message' => $error)));
}
}
}
/**
* Paste image in kindeditor at firefox and chrome.
*
* @access public
* @return void
*/
public function ajaxPasteImage($uid = '')
{
if($_POST)
{
echo $this->file->pasteImage($this->post->editor, $uid);
}
}
/**
* Read file.
*
* @param int $fileID
* @access public
* @return void
*/
public function read($fileID)
{
$file = $this->file->getById($fileID);
if(empty($file) or !file_exists($file->realPath)) return false;
$mime = in_array($file->extension, $this->config->file->imageExtensions) ? "image/{$file->extension}" : $this->config->file->mimes['default'];
header("Content-type: $mime");
$handle = fopen($file->realPath, "r");
if($handle)
{
while(!feof($handle)) echo fgets($handle);
fclose($handle);
}
}
}
================================================
FILE: module/file/lang/en.php
================================================
* @package file
* @version $Id: en.php 4129 2013-01-18 01:58:14Z wwccss $
* @link http://www.zentao.net
*/
$lang->file = new stdclass();
$lang->file->common = 'Attachment';
$lang->file->uploadImages = 'Batch Upload Images';
$lang->file->download = 'Download Files';
$lang->file->uploadDate = 'Uploaded on';
$lang->file->edit = 'Rename';
$lang->file->inputFileName = 'Enter a File Name';
$lang->file->delete = 'Delete File';
$lang->file->label = 'Label:';
$lang->file->maxUploadSize = "
%s";
$lang->file->applyTemplate = "Apply a Template";
$lang->file->tplTitle = "Template Name";
$lang->file->setPublic = "Set Public Template";
$lang->file->exportFields = "Fileds to be Exported";
$lang->file->defaultTPL = "Default Template";
$lang->file->setExportTPL = "Settings";
$lang->file->preview = "Preview";
$lang->file->addFile = 'Add File';
$lang->file->beginUpload = 'Start uploading';
$lang->file->uploadSuccess = 'uploaded Successfully';
$lang->file->dragFile = 'Please drag here.';
$lang->file->errorNotExists = "
'%s' is not found.";
$lang->file->errorCanNotWrite = "
'%s' is not writable. Please change its permission. Enter sudo chmod -R 777 '%s' in Linux.";
$lang->file->confirmDelete = " Do you want to delete it?";
$lang->file->errorFileSize = " File size exceeds the limit. It cannot be uploaded!";
$lang->file->errorFileUpload = " Uploading failed. File size might exceeds the limit.";
$lang->file->errorFileFormate = " Uploading failed, file format is limited.";
$lang->file->errorFileMove = " Uploading failed, there was an error when moving file.";
$lang->file->dangerFile = " File has been rejected to upload for security issues.";
$lang->file->errorSuffix = 'Format is incorrect. .zip files ONLY!';
$lang->file->errorExtract = 'Extracting file failed. File might be damaged or invalid files in the zip package.';
$lang->file->uploadImagesExplain = <<
1. If the uploaded file is image zip package, the file name will be the label and images will be the content.
2. If the file name containing numbers/underlines, they will be omitted.
3. Image formate: jpg, jpeg, gif, png.
EOD;
================================================
FILE: module/file/lang/zh-cn.php
================================================
* @package file
* @version $Id: zh-cn.php 4630 2013-04-10 05:54:08Z chencongzhi520@gmail.com $
* @link http://www.zentao.net
*/
$lang->file = new stdclass();
$lang->file->common = '附件';
$lang->file->uploadImages = '多图上传';
$lang->file->download = '下载附件';
$lang->file->uploadDate = '上传时间:';
$lang->file->edit = '重命名';
$lang->file->inputFileName = '请输入附件名称';
$lang->file->delete = '删除附件';
$lang->file->label = '标题:';
$lang->file->maxUploadSize = "%s";
$lang->file->applyTemplate = "应用模板";
$lang->file->tplTitle = "模板名称";
$lang->file->setPublic = "设置公共模板";
$lang->file->exportFields = "要导出字段";
$lang->file->defaultTPL = "默认模板";
$lang->file->setExportTPL = "设置";
$lang->file->preview = "预览";
$lang->file->addFile = '添加文件';
$lang->file->beginUpload = '开始上传';
$lang->file->uploadSuccess = '上传成功';
$lang->file->dragFile = '请拖拽文件到此处';
$lang->file->errorNotExists = "文件夹 '%s' 不存在";
$lang->file->errorCanNotWrite = "文件夹 '%s' 不可写,请改变文件夹的权限。在linux中输入指令:sudo chmod -R 777 '%s'";
$lang->file->confirmDelete = " 您确定删除该附件吗?";
$lang->file->errorFileSize = " 文件大小已经超过限制,可能不能成功上传!";
$lang->file->errorFileUpload = " 文件上传失败,文件大小可能超出限制";
$lang->file->errorFileFormate = " 文件上传失败,文件格式不在规定范围内";
$lang->file->errorFileMove = " 文件上传失败,移动文件时出错";
$lang->file->dangerFile = " 您选择的文件存在安全风险,系统将不予上传。";
$lang->file->errorSuffix = '压缩包格式错误,只能上传zip压缩包!';
$lang->file->errorExtract = '解压缩失败!可能文件已经损坏,或压缩包里含有非法上传文件。';
$lang->file->uploadImagesExplain = '注:请上传"jpg|jpeg|gif|png"格式的图片,程序会以文件名作为标题,以图片作为内容。';
================================================
FILE: module/file/lang/zh-tw.php
================================================
* @package file
* @version $Id: zh-tw.php 4630 2013-04-10 05:54:08Z chencongzhi520@gmail.com $
* @link http://www.zentao.net
*/
$lang->file = new stdclass();
$lang->file->common = '附件';
$lang->file->uploadImages = '多圖上傳';
$lang->file->download = '下載附件';
$lang->file->uploadDate = '上傳時間:';
$lang->file->edit = '重命名';
$lang->file->inputFileName = '請輸入附件名稱';
$lang->file->delete = '刪除附件';
$lang->file->label = '標題:';
$lang->file->maxUploadSize = "%s";
$lang->file->applyTemplate = "應用模板";
$lang->file->tplTitle = "模板名稱";
$lang->file->setPublic = "設置公共模板";
$lang->file->exportFields = "要導出欄位";
$lang->file->defaultTPL = "預設模板";
$lang->file->setExportTPL = "設置";
$lang->file->preview = "預覽";
$lang->file->addFile = '添加檔案';
$lang->file->beginUpload = '開始上傳';
$lang->file->uploadSuccess = '上傳成功';
$lang->file->dragFile = '請拖拽檔案到此處';
$lang->file->errorNotExists = "檔案夾 '%s' 不存在";
$lang->file->errorCanNotWrite = "檔案夾 '%s' 不可寫,請改變檔案夾的權限。在linux中輸入指令:sudo chmod -R 777 '%s'";
$lang->file->confirmDelete = " 您確定刪除該附件嗎?";
$lang->file->errorFileSize = " 檔案大小已經超過限制,可能不能成功上傳!";
$lang->file->errorFileUpload = " 檔案上傳失敗,檔案大小可能超出限制";
$lang->file->errorFileFormate = " 檔案上傳失敗,檔案格式不在規定範圍內";
$lang->file->errorFileMove = " 檔案上傳失敗,移動檔案時出錯";
$lang->file->dangerFile = " 您選擇的檔案存在安全風險,系統將不予上傳。";
$lang->file->errorSuffix = '壓縮包格式錯誤,只能上傳zip壓縮包!';
$lang->file->errorExtract = '解壓縮失敗!可能檔案已經損壞,或壓縮包裡含有非法上傳檔案。';
$lang->file->uploadImagesExplain = '註:請上傳"jpg|jpeg|gif|png"格式的圖片,程序會以檔案名作為標題,以圖片作為內容。';
================================================
FILE: module/file/model.php
================================================
* @package file
* @version $Id: model.php 4976 2013-07-02 08:15:31Z wyd621@gmail.com $
* @link http://www.zentao.net
*/
?>
now = time();
$this->setSavePath();
$this->setWebPath();
}
/**
* Get info of a file.
*
* @param int $fileID
* @access public
* @return object
*/
public function getById($fileID)
{
$file = $this->dao->findById($fileID)->from(TABLE_FILE)->fetch();
$realPathName = $this->getRealPathName($file->pathname);
$file->realPath = $this->savePath . $realPathName;
$file->webPath = $this->webPath . $realPathName;
return $file;
}
/**
* Save upload.
*
* @param string $objectType
* @param string $objectID
* @param string $extra
* @param string $filesName
* @param string $labelsName
* @access public
* @return array
*/
public function saveUpload($objectType = '', $objectID = '', $extra = '', $filesName = 'files', $labelsName = 'labels')
{
$fileTitles = array();
$now = helper::today();
$files = $this->getUpload($filesName, $labelsName);
foreach($files as $id => $file)
{
if($file['size'] == 0) continue;
if(!move_uploaded_file($file['tmpname'], $this->savePath . $this->getSaveName($file['pathname']))) return false;
$file = $this->compressImage($file);
$file['objectType'] = $objectType;
$file['objectID'] = $objectID;
$file['addedBy'] = $this->app->user->account;
$file['addedDate'] = $now;
$file['extra'] = $extra;
unset($file['tmpname']);
$this->dao->insert(TABLE_FILE)->data($file)->exec();
$fileTitles[$this->dao->lastInsertId()] = $file['title'];
}
return $fileTitles;
}
/**
* Get counts of uploaded files.
*
* @access public
* @return int
*/
public function getCount()
{
return count($this->getUpload());
}
/**
* Get info of uploaded files.
*
* @param string $htmlTagName
* @param string $labelsName
* @access public
* @return array
*/
public function getUpload($htmlTagName = 'files', $labelsName = 'labels')
{
$files = array();
if(!isset($_FILES[$htmlTagName])) return $files;
$this->app->loadClass('purifier', true);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
/* If the file var name is an array. */
if(is_array($_FILES[$htmlTagName]['name']))
{
extract($_FILES[$htmlTagName]);
foreach($name as $id => $filename)
{
if(empty($filename)) continue;
if(!validater::checkFileName($filename)) continue;
$title = isset($_POST[$labelsName][$id]) ? $_POST[$labelsName][$id] : '';
$file['extension'] = $this->getExtension($filename);
$file['pathname'] = $this->setPathName($id, $file['extension']);
$file['title'] = !empty($title) ? htmlspecialchars($title) : str_replace('.' . $file['extension'], '', $filename);
$file['title'] = $purifier->purify($file['title']);
$file['size'] = $size[$id];
$file['tmpname'] = $tmp_name[$id];
$files[] = $file;
}
}
else
{
if(empty($_FILES[$htmlTagName]['name'])) return $files;
extract($_FILES[$htmlTagName]);
if(!validater::checkFileName($name)) return array();;
$title = isset($_POST[$labelsName][0]) ? $_POST[$labelsName][0] : '';
$file['extension'] = $this->getExtension($name);
$file['pathname'] = $this->setPathName(0, $file['extension']);
$file['title'] = !empty($title) ? htmlspecialchars($title) : substr($name, 0, strpos($name, $file['extension']) - 1);
$file['title'] = $purifier->purify($file['title']);
$file['size'] = $size;
$file['tmpname'] = $tmp_name;
return array($file);
}
return $files;
}
/**
* Get extension of a file.
*
* @param string $filename
* @access public
* @return string
*/
public function getExtension($filename)
{
$extension = trim(strtolower(pathinfo($filename, PATHINFO_EXTENSION)));
if(empty($extension) or stripos(",{$this->config->file->dangers},", ",{$extension},") !== false) return 'txt';
if(empty($extension) or stripos(",{$this->config->file->allowed},", ",{$extension},") === false) return 'txt';
return $extension;
}
/**
* Get save name.
*
* @param string $pathName
* @access public
* @return string
*/
public function getSaveName($pathName)
{
$saveName = strpos($pathName, '.') === false ? $pathName : substr($pathName, 0, strpos($pathName, '.'));
return $saveName;
}
/**
* Get real path name.
*
* @param string $pathName
* @access public
* @return string
*/
public function getRealPathName($pathName)
{
$realPath = $this->savePath . $pathName;
if(file_exists($realPath)) return $pathName;
return $this->getSaveName($pathName);
}
/**
* Set path name of the uploaded file to be saved.
*
* @param int $fileID
* @param string $extension
* @access public
* @return string
*/
public function setPathName($fileID, $extension)
{
$sessionID = session_id();
$randString = substr($sessionID, mt_rand(0, strlen($sessionID) - 5), 3);
return date('Ym/dHis', $this->now) . $fileID . mt_rand(0, 10000) . $randString . '.' . $extension;;
}
/**
* Set save path.
*
* @access public
* @return void
*/
public function setSavePath()
{
$savePath = $this->app->getAppRoot() . "data/upload/" . date('Ym/', $this->now);
if(!file_exists($savePath))
{
@mkdir($savePath, 0777, true);
touch($savePath . 'index.html');
}
$this->savePath = dirname($savePath) . '/';
}
/**
* Set the web path of upload files.
*
* @access public
* @return void
*/
public function setWebPath()
{
$this->webPath = $this->app->getWebRoot() . "data/upload/{$this->app->company->id}/";
}
/**
* Insert the set image size code.
*
* @param string $content
* @param int $maxSize
* @access public
* @return string
*/
public function setImgSize($content, $maxSize = 0)
{
if(empty($content)) return $content;
$readLinkReg = str_replace(array('%fileID%', '/', '.', '?'), array('[0-9]+', '\/', '\.', '\?'), helper::createLink('file', 'read', 'fileID=(%fileID%)', '\w+'));
$content = preg_replace('/ src="(' . $readLinkReg . ')" /', ' onload="setImageSize(this,' . $maxSize . ')" src="$1" ', $content);
preg_match_all('/ src="{([0-9]+)}" /', $content, $matchs);
if(!empty($matchs[1]))
{
$files = $this->dao->select('id,extension')->from(TABLE_FILE)->where('id')->in($matchs[1])->fetchPairs('id', 'extension');
foreach($matchs[0] as $i => $match)
{
$fileID = $matchs[1][$i];
$content = str_replace($match, ' onload="setImageSize(this,' . $maxSize . ')" src="' . helper::createLink('file', 'read', "fileID=$fileID", $files[$fileID]) . '" ', $content);
}
}
return str_replace(' src="data/upload', ' onload="setImageSize(this,' . $maxSize . ')" src="data/upload', $content);
}
/**
* Paste image in kindeditor at firefox and chrome.
*
* @param string $data
* @access public
* @return string
*/
public function pasteImage($data, $uid = '')
{
if(empty($data)) return '';
$data = str_replace('\"', '"', $data);
if(!$this->checkSavePath()) return false;
$dataLength = strlen($data);
if(ini_get('pcre.backtrack_limit') < $dataLength) ini_set('pcre.backtrack_limit', $dataLength);
preg_match_all('/;base64,(\S+)))
/U', $data, $out);
foreach($out[3] as $key => $base64Image)
{
$extension = strtolower($out[2][$key]);
if(!in_array($extension, $this->config->file->imageExtensions)) die();
$imageData = base64_decode($base64Image);
$file['extension'] = $extension;
$file['pathname'] = $this->setPathName($key, $file['extension']);
$file['size'] = strlen($imageData);
$file['addedBy'] = $this->app->user->account;
$file['addedDate'] = helper::today();
$file['title'] = basename($file['pathname']);
file_put_contents($this->savePath . $this->getSaveName($file['pathname']), $imageData);
$this->dao->insert(TABLE_FILE)->data($file)->exec();
$fileID = $this->dao->lastInsertID();
if($uid) $_SESSION['album'][$uid][] = $fileID;
$data = str_replace($out[1][$key], helper::createLink('file', 'read', "fileID=$fileID", $file['extension']), $data);
}
return $data;
}
/**
* Compress image
*
* @param array $file
* @access public
* @return array
*/
public function compressImage($file)
{
if(!extension_loaded('gd') or !function_exists('imagecreatefromjpeg')) return $file;
$pathName = $file['pathname'];
$fileName = $this->savePath . $pathName;
$suffix = strrchr($fileName, '.');
$lowerSuffix = strtolower($suffix);
if(!in_array($lowerSuffix, $this->config->file->image2Compress)) return $file;
$quality = 85;
$newSuffix = '.jpg';
$compressedName = str_replace($suffix, $newSuffix, $pathName);
$res = $lowerSuffix == '.bmp' ? $this->imagecreatefrombmp($fileName) : imagecreatefromjpeg($fileName);
imagejpeg($res, $this->savePath . $compressedName, $quality);
if($fileName != $this->savePath . $compressedName) unlink($fileName);
$file['pathname'] = $compressedName;
$file['extension'] = ltrim($newSuffix, '.');
$file['size'] = filesize($this->savePath . $compressedName);
return $file;
}
/**
* Read 24bit BMP files
* Author: de77
* Licence: MIT
* Webpage: de77.com
* Version: 07.02.2010
* Source : https://github.com/acustodioo/pic/blob/master/imagecreatefrombmp.function.php
*
* @param string $filename
* @access public
* @return resource
*/
public function imagecreatefrombmp($filename) {
$f = fopen($filename, "rb");
//read header
$header = fread($f, 54);
$header = unpack('c2identifier/Vfile_size/Vreserved/Vbitmap_data/Vheader_size/'.
'Vwidth/Vheight/vplanes/vbits_per_pixel/Vcompression/Vdata_size/'.
'Vh_resolution/Vv_resolution/Vcolors/Vimportant_colors', $header);
if ($header['identifier1'] != 66 or $header['identifier2'] != 77)
return false;
if ($header['bits_per_pixel'] != 24)
return false;
$wid2 = ceil((3 * $header['width']) / 4) * 4;
$wid = $header['width'];
$hei = $header['height'];
$img = imagecreatetruecolor($header['width'], $header['height']);
//read pixels
for ($y = $hei - 1; $y >= 0; $y--) {
$row = fread($f, $wid2);
$pixels = str_split($row, 3);
for ($x = 0; $x < $wid; $x++) {
imagesetpixel($img, $x, $y, $this->dwordize($pixels[$x]));
}
}
fclose($f);
return $img;
}
/**
* Dwordize for imagecreatefrombmp
*
* @param streing $str
* @access private
* @return int
*/
private function dwordize($str)
{
$a = ord($str[0]);
$b = ord($str[1]);
$c = ord($str[2]);
return $c * 256 * 256 + $b * 256 + $a;
}
/**
* Check save path is writeable.
*
* @access public
* @return void
*/
public function checkSavePath()
{
return is_writable($this->savePath);
}
/**
* Update objectID.
*
* @param int $uid
* @param int $objectID
* @param string $objectType
* @access public
* @return bool
*/
public function updateObjectID($uid, $objectID, $objectType)
{
if(empty($uid)) return true;
$data = new stdclass();
$data->objectID = $objectID;
$data->objectType = $objectType;
$data->extra = 'editor';
if(isset($_SESSION['album'][$uid]) and $_SESSION['album'][$uid])
{
$this->dao->update(TABLE_FILE)->data($data)->where('id')->in($_SESSION['album'][$uid])->exec();
if(dao::isError()) return false;
unset($_SESSION['album'][$uid]);
return !dao::isError();
}
}
/**
* Process image rul.
*
* @param object $data
* @param string $editorList
* @access public
* @return object
*/
public function processImgURL($data, $editorList, $uid = '')
{
if(is_string($editorList)) $editorList = explode(',', str_replace(' ', '', $editorList));
$readLinkReg = basename(helper::createLink('file', 'read', 'fileID=(%fileID%)', '(\w+)'));
$readLinkReg = str_replace(array('%fileID%', '?'), array('[0-9]+', '\?'), $readLinkReg);
foreach($editorList as $editorID)
{
if(empty($editorID) or empty($data->$editorID)) continue;
$imgURL = $this->config->requestType == 'GET' ? '{$2.$1}' : '{$1.$2}';
$data->$editorID = $this->pasteImage($data->$editorID, $uid);
$data->$editorID = preg_replace("/ src=\"$readLinkReg\" /", ' src="' . $imgURL . '" ', $data->$editorID);
$data->$editorID = preg_replace("/ src=\"" . htmlspecialchars($readLinkReg) . "\" /", ' src="' . $imgURL . '" ', $data->$editorID);
}
return $data;
}
/**
* Replace image url.
*
* @param object $data
* @param string $fields
* @access public
* @return object
*/
public function replaceImgURL($data, $fields)
{
if(is_string($fields)) $fields = explode(',', str_replace(' ', '', $fields));
foreach($fields as $field)
{
if(empty($field) or empty($data->$field)) continue;
$data->$field = preg_replace('/ src="{([0-9]+)(\.(\w+))?}" /', ' src="' . helper::createLink('file', 'read', "fileID=$1", "$3") . '" ', $data->$field);
}
return $data;
}
}
================================================
FILE: module/index/control.php
================================================
view->title = $this->lang->welcome;
$this->display();
}
}
================================================
FILE: module/index/css/index.css
================================================
.hero-unit{ border-radius:0; background:#174271; color:#FFF;}
.hero-unit p{font-size:20px;}
.hero-unit a{color:#FFF; font-size:16px; border: 1px solid #fff; padding:4px 8px; border-radius:8px;}
.col-md-3 {height:200px;}
.col-md-3 .panel{height:180px; border-radius:0;}
.col-md-3 p{font-size:14px; border:none; margin-top:3px; padding:0 4px;}
.col-md-3 h4, .col-md-3 h4 i{font-size:21px; line-height:60px; text-align:center; margin:0px; color:#174271; font-weight:normal;}
================================================
FILE: module/index/js/index.js
================================================
$(document).ready(function()
{
if(0){
$('.col-md-3').mouseover(function(){
$(this).find('h4').hide();
$(this).find('p').show();
});
$('.col-md-3').mouseout(function(){
$(this).find('h4').show();
$(this).find('p').hide();
});
}
})
================================================
FILE: module/index/lang/en.php
================================================
index = new stdclass();
$lang->index->index = 'Home';
$lang->index->blog = 'View the simple blog demo';
================================================
FILE: module/index/lang/zh-cn.php
================================================
index = new stdclass();
$lang->index->index = '首页';
$lang->index->blog = '查看简单的博客实例';
================================================
FILE: module/index/view/index.html.php
================================================
intro;?>
more, "target='_blank'");?>
代码简单
zentaoPHP框架核心只有四个文件,简单易读,可以方便的通读代码,并根据实际情况进行二次开发。
性能良好
zentaoPHP框架在实现过程中,十分重视性能。在保证功能的前提下面,尽可能的提升程序执行效率。
结构清晰
zentaoPHP框架对模块目录结构的划分清晰合理,方便代码的组织和维护。程序结构也简单明了,便于入手。
开发友好
zentaoPHP框架对开发者比较友好,比如完全中性化的命名,配置对象化,相对路径包含,深度扩展机制。
================================================
FILE: theme/my.css
================================================
/**
* The css file of ZenTaoPHP framework.
*
* All request should be routed by this router.
*
* The author disclaims copyright to this source code. In place of
* a legal notice, here is a blessing:
*
* May you do good and not evil.
* May you find forgiveness for yourself and forgive others.
* May you share freely, never taking more than you give.
*/
body {padding-bottom: 40px;}
.hero-unit {padding: 60px; margin-bottom: 30px; font-size: 16px; line-height: 30px; color: white; background-color: #1970fc; -webkit-border-radius: 2px; -moz-border-radius: 2px; border-radius: 2px;}
.hero-unit a{color:white}
#nav-right .btn{margin-top:3px; width:40px;}
.pager{margin:0}
/* Enable use of floated navbar text. */
@media (max-width: 980px) {.navbar-text.pull-right {float: none; padding-left: 5px; padding-right: 5px;}}
================================================
FILE: tools/build/debian/README.Debian
================================================
zentaophp for Debian
-----------------
-- chunsheng.wang Wed, 22 Apr 2009 16:35:39 +0800
================================================
FILE: tools/build/debian/changelog
================================================
zentaophp (1.0-1) unstable; urgency=low
* Initial release (Closes: #nnnn)
-- unknown Wed, 15 Apr 2009 14:49:47 +0800
================================================
FILE: tools/build/debian/compat
================================================
5
================================================
FILE: tools/build/debian/control
================================================
Source: zentaophp
Section: www
Priority: extra
Maintainer: chunsheng.wang
Build-Depends: debhelper (>= 5)
Standards-Version: 3.7.2
Package: zentaophp
Architecture: any
Depends: php5
Description: ZenTaoPHP is a php framework.
================================================
FILE: tools/build/debian/copyright
================================================
This package was debianized by chunsheng.wang on
Wed, 15 Apr 2009 14:49:47 +0800.
It was downloaded from
Upstream Author(s):
Copyright:
License:
The Debian packaging is (C) 2009, chunsheng.wang and
is licensed under the LGPL, see `/usr/share/common-licenses/LGPL'.
================================================
FILE: tools/build/debian/dirs
================================================
usr/share/zentao
================================================
FILE: tools/build/debian/docs
================================================
COPY*
README
================================================
FILE: tools/build/debian/files
================================================
zentaophp_1.0-1_i386.deb www extra
================================================
FILE: tools/build/debian/postinst.ex
================================================
#!/bin/sh
# postinst script for zentao
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * `configure'
# * `abort-upgrade'
# * `abort-remove' `in-favour'
#
# * `abort-remove'
# * `abort-deconfigure' `in-favour'
# `removing'
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure)
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
================================================
FILE: tools/build/debian/postrm.ex
================================================
#!/bin/sh
# postrm script for zentao
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * `remove'
# * `purge'
# * `upgrade'
# * `failed-upgrade'
# * `abort-install'
# * `abort-install'
# * `abort-upgrade'
# * `disappear'
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
================================================
FILE: tools/build/debian/preinst.ex
================================================
#!/bin/sh
# preinst script for zentao
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * `install'
# * `install'
# * `upgrade'
# * `abort-upgrade'
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
install|upgrade)
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
================================================
FILE: tools/build/debian/prerm.ex
================================================
#!/bin/sh
# prerm script for zentao
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * `remove'
# * `upgrade'
# * `failed-upgrade'
# * `remove' `in-favour'
# * `deconfigure' `in-favour'
# `removing'
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
remove|upgrade|deconfigure)
;;
failed-upgrade)
;;
*)
echo "prerm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
================================================
FILE: tools/build/debian/rules
================================================
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
configure: configure-stamp
configure-stamp:
dh_testdir
# Add here commands to configure the package.
touch configure-stamp
build: build-stamp
build-stamp: configure-stamp
dh_testdir
# Add here commands to compile the package.
#$(MAKE)
#docbook-to-man debian/local.sgml > local.1
touch $@
clean:
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
# Add here commands to clean up after the build process.
#-$(MAKE) clean
dh_clean
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
# Add here commands to install the package into debian/local.
#$(MAKE) DESTDIR=$(CURDIR)/debian/local install
cp framework/* $(CURDIR)/debian/zentaophp/usr/share/zentao/
# Build architecture-independent files here.
binary-indep: build install
# We have nothing to do by default.
# Build architecture-dependent files here.
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs
dh_installexamples
# dh_install
# dh_installmenu
# dh_installdebconf
# dh_installlogrotate
# dh_installemacsen
# dh_installpam
# dh_installmime
# dh_python
# dh_installinit
# dh_installcron
# dh_installinfo
dh_installman
dh_link
dh_strip
dh_compress
dh_fixperms
# dh_perl
# dh_makeshlibs
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install configure
================================================
FILE: tools/build/debian/watch.ex
================================================
# Example watch control file for uscan
# Rename this file to "watch" and then you can run the "uscan" command
# to check for upstream updates and more.
# See uscan(1) for format
# Compulsory line, this is a version 3 file
version=3
# Uncomment to examine a Webpage
#
#http://www.example.com/downloads.php zentao-(.*)\.tar\.gz
# Uncomment to examine a Webserver directory
#http://www.example.com/pub/zentao-(.*)\.tar\.gz
# Uncommment to examine a FTP server
#ftp://ftp.example.com/pub/zentao-(.*)\.tar\.gz debian uupdate
# Uncomment to find new files on sourceforge, for debscripts >= 2.9
# http://sf.net/zentao/zentao-(.*)\.tar\.gz
================================================
FILE: tools/build/pear/package.xml
================================================
ZenTaoPHP
pear.php.net
ZenTaoPHP is a lite, flexible MVC framework with high performance.
ZenTaoPHP is a lite, flexible MVC framework with high performance.
public domain
public domain
yes
2011-05-08
2.1.0
1.0
stable
stable
public domain
This is the 2.1 release.
5.2.0
1.4.0b1
windows
================================================
FILE: tools/chanzhi/control.class.php
================================================
public function setViewPrefix()
{
global $app, $config;
$this->viewPrefix = '';
if(RUN_MODE == 'front')
{
/* Detect mobile. */
$mobile = $app->loadClass('mobile');
if($mobile->isMobile() and !isset($config->template->mobile)) $this->viewPrefix = 'm.';
}
}
public function setViewFile($moduleName, $methodName)
{
$moduleName = strtolower(trim($moduleName));
$methodName = strtolower(trim($methodName));
$modulePath = $this->app->getModulePath($this->appName, $moduleName);
$viewExtPath = $this->app->getModuleExtPath($this->appName, $moduleName, 'view');
$viewType = $this->viewType == 'mhtml' ? 'html' : $this->viewType;
if((RUN_MODE != 'front') or (strpos($modulePath, 'module' . DS . 'ext' . DS) !== false))
{
/* If not in front mode or is ext module, view file is in modeule path. */
$mainViewFile = $modulePath . 'view' . DS . $this->viewPrefix . $methodName . '.' . $viewType . '.php';
}
else
{
/* If in front mode, view file is in www/template path. */
$mainViewFile = TPL_ROOT . $moduleName . DS . $this->viewPrefix . "{$methodName}.{$viewType}.php";
if($this->viewPrefix == 'm.' and !is_file($mainViewFile))
{
$this->viewPrefix = '';
$mainViewFile = TPL_ROOT . $moduleName . DS . $this->viewPrefix . "{$methodName}.{$viewType}.php";
}
}
/* Extension view file. */
$commonExtViewFile = $viewExtPath['common'] . $this->viewPrefix . $methodName . ".{$viewType}.php";
$siteExtViewFile = $viewExtPath['site'] . $this->viewPrefix . $methodName . ".{$viewType}.php";
$viewFile = file_exists($commonExtViewFile) ? $commonExtViewFile : $mainViewFile;
$viewFile = file_exists($siteExtViewFile) ? $siteExtViewFile : $viewFile;
if(!is_file($viewFile)) $this->app->triggerError("the view file $viewFile not found", __FILE__, __LINE__, $exit = true);
/* Extension hook file. */
$commonExtHookFiles = glob($viewExtPath['common'] . $this->viewPrefix . $methodName . ".*.{$viewType}.hook.php");
$siteExtHookFiles = glob($viewExtPath['site'] . $this->viewPrefix . $methodName . ".*.{$viewType}.hook.php");
$extHookFiles = array_merge((array) $commonExtHookFiles, (array) $siteExtHookFiles);
if(!empty($extHookFiles)) return array('viewFile' => $viewFile, 'hookFiles' => $extHookFiles);
return $viewFile;
}
public function getExtViewFile($viewFile)
{
if($this->config->site->code)
{
$extPath = dirname(realpath($viewFile)) . "/ext/_{$this->config->site->code}/";
$extViewFile = $extPath . basename($viewFile);
if(file_exists($extViewFile))
{
helper::cd($extPath);
return $extViewFile;
}
}
$extPath = RUN_MODE == 'front' ? dirname(realpath($viewFile)) . '/ext/' : dirname(dirname(realpath($viewFile))) . '/ext/view/';
$extViewFile = $extPath . basename($viewFile);
if(file_exists($extViewFile))
{
helper::cd($extPath);
return $extViewFile;
}
return false;
}
private function getCSS($moduleName, $methodName)
{
$moduleName = strtolower(trim($moduleName));
$methodName = strtolower(trim($methodName));
$modulePath = $this->app->getModulePath($this->appName, $moduleName);
$cssExtPath = $this->app->getModuleExtPath($this->appName, $moduleName, 'css') ;
$css = '';
if((RUN_MODE != 'front') or (strpos($modulePath, 'module' . DS . 'ext') !== false))
{
$mainCssFile = $modulePath . 'css' . DS . $this->viewPrefix . 'common.css';
$methodCssFile = $modulePath . 'css' . DS . $this->viewPrefix . $methodName . '.css';
if(file_exists($mainCssFile)) $css .= file_get_contents($mainCssFile);
if(file_exists($methodCssFile)) $css .= file_get_contents($methodCssFile);
}
else
{
$defaultMainCssFile = TPL_ROOT . $moduleName . DS . 'css' . DS . $this->viewPrefix . "common.css";
$defaultMethodCssFile = TPL_ROOT . $moduleName . DS . 'css' . DS . $this->viewPrefix . "{$methodName}.css";
$themeMainCssFile = TPL_ROOT . $moduleName . DS . 'css' . DS . $this->viewPrefix . "common.{$this->config->site->theme}.css";
$themeMethodCssFile = TPL_ROOT . $moduleName . DS . 'css' . DS . $this->viewPrefix . "{$methodName}.{$this->config->site->theme}.css";
if(file_exists($defaultMainCssFile)) $css .= file_get_contents($defaultMainCssFile);
if(file_exists($defaultMethodCssFile)) $css .= file_get_contents($defaultMethodCssFile);
if(file_exists($themeMainCssFile)) $css .= file_get_contents($themeMainCssFile);
if(file_exists($themeMethodCssFile)) $css .= file_get_contents($themeMethodCssFile);
}
$commonExtCssFiles = glob($cssExtPath['common'] . $methodName . DS . $this->viewPrefix . '*.css');
if(!empty($commonExtCssFiles)) foreach($commonExtCssFiles as $cssFile) $css .= file_get_contents($cssFile);
$methodExtCssFiles = glob($cssExtPath['site'] . $methodName . DS . $this->viewPrefix . '*.css');
if(!empty($methodExtCssFiles)) foreach($methodExtCssFiles as $cssFile) $css .= file_get_contents($cssFile);
return $css;
}
private function getJS($moduleName, $methodName)
{
$moduleName = strtolower(trim($moduleName));
$methodName = strtolower(trim($methodName));
$modulePath = $this->app->getModulePath($this->appName, $moduleName);
$jsExtPath = $this->app->getModuleExtPath($this->appName, $moduleName, 'js');
$js = '';
if((RUN_MODE !== 'front') or (strpos($modulePath, 'module' . DS . 'ext') !== false))
{
$mainJsFile = $modulePath . 'js' . DS . $this->viewPrefix . 'common.js';
$methodJsFile = $modulePath . 'js' . DS . $this->viewPrefix . $methodName . '.js';
if(file_exists($mainJsFile)) $js .= file_get_contents($mainJsFile);
if(file_exists($methodJsFile)) $js .= file_get_contents($methodJsFile);
}
else
{
$defaultMainJsFile = TPL_ROOT . $moduleName . DS . 'js' . DS . $this->viewPrefix . "common.js";
$defaultMethodJsFile = TPL_ROOT . $moduleName . DS . 'js' . DS . $this->viewPrefix . "{$methodName}.js";
$themeMainJsFile = TPL_ROOT . $moduleName . DS . 'js' . DS . $this->viewPrefix . "common.{$this->config->site->theme}.js";
$themeMethodJsFile = TPL_ROOT . $moduleName . DS . 'js' . DS . $this->viewPrefix . "{$methodName}.{$this->config->site->theme}.js";
if(file_exists($defaultMainJsFile)) $js .= file_get_contents($defaultMainJsFile);
if(file_exists($defaultMethodJsFile)) $js .= file_get_contents($defaultMethodJsFile);
if(file_exists($themeMainJsFile)) $js .= file_get_contents($themeMainJsFile);
if(file_exists($themeMethodJsFile)) $js .= file_get_contents($themeMethodJsFile);
}
$commonExtJsFiles = glob($jsExtPath['common'] . $methodName . DS . $this->viewPrefix . '*.js');
if(!empty($commonExtJsFiles))
{
foreach($commonExtJsFiles as $jsFile) $js .= file_get_contents($jsFile);
}
$methodExtJsFiles = glob($jsExtPath['site'] . $methodName . DS . $this->viewPrefix . '*.js');
if(!empty($methodExtJsFiles))
{
foreach($methodExtJsFiles as $jsFile) $js .= file_get_contents($jsFile);
}
return $js;
}
public function parse($moduleName = '', $methodName = '')
{
if(empty($moduleName)) $moduleName = $this->moduleName;
if(empty($methodName)) $methodName = $this->methodName;
if($this->viewType == 'json') return $this->parseJSON($moduleName, $methodName);
/* If the parser is default or run mode is admin, install, upgrade, call default parser. */
if(RUN_MODE != 'front' or $this->config->template->parser == 'default')
{
$this->parseDefault($moduleName, $methodName);
return $this->output;
}
/* Call the extened parser. */
$parserClassName = $this->config->template->parser . 'Parser';
$parserClassFile = 'parser.' . $this->config->template->parser . '.class.php';
$parserClassFile = dirname(__FILE__) . DS . $parserClassFile;
if(!is_file($parserClassFile)) $this->app->triggerError(" The parser file $parserClassFile not found", __FILE__, __LINE__, $exit = true);
helper::import($parserClassFile);
if(!class_exists($parserClassName)) $this->app->triggerError(" Can not find class : $parserClassName not found in $parserClassFile
", __FILE__, __LINE__, $exit = true);
$parser = new $parserClassName($this);
return $parser->parse($moduleName, $methodName);
}
private function parseJSON($moduleName, $methodName)
{
die('View type error.');
unset($this->view->app);
unset($this->view->config);
unset($this->view->lang);
unset($this->view->pager);
unset($this->view->header);
unset($this->view->position);
unset($this->view->moduleTree);
unset($this->view->common);
$output['status'] = is_object($this->view) ? 'success' : 'fail';
$output['data'] = json_encode($this->view);
$output['md5'] = md5(json_encode($this->view));
$this->output = json_encode($output);
}
private function parseDefault($moduleName, $methodName)
{
/* Set the view file. */
$results = $this->setViewFile($moduleName, $methodName);
$viewFile = $results;
if(is_array($results)) extract($results);
/* Get css and js. */
$css = $this->getCSS($moduleName, $methodName);
$js = $this->getJS($moduleName, $methodName);
if(RUN_MODE == 'front')
{
$template = $this->config->template->{$this->device}->name;
$theme = $this->config->template->{$this->device}->theme;
$customParam = $this->loadModel('ui')->getCustomParams($template, $theme);
$themeHooks = $this->loadThemeHooks();
$importedCSS = array();
$importedJS = array();
if(!empty($themeHooks))
{
$jsFun = "get{$theme}JS";
$cssFun = "get{$theme}CSS";
if(function_exists($jsFun)) $importedJS = $jsFun();
if(function_exists($cssFun)) $importedCSS = $cssFun();
}
$js .= zget($importedJS, "{$template}_{$theme}_all", '');
$js .= zget($this->config->js, "{$template}_{$theme}_all", '');
$js .= zget($importedJS, "{$template}_{$theme}_{$moduleName}_{$methodName}", '');
$js .= zget($this->config->js,"{$template}_{$theme}_{$moduleName}_{$methodName}", '');
$allPageCSS = zget($importedCSS, "{$template}_{$theme}_all", '');
$allPageCSS .= zget($this->config->css, "{$template}_{$theme}_all", '');
$currentPageCSS = zget($importedCSS, "{$template}_{$theme}_{$moduleName}_{$methodName}", '');
$currentPageCSS .= zget($this->config->css, "{$template}_{$theme}_{$moduleName}_{$methodName}", '');
$css .= $this->ui->compileCSS($customParam, $allPageCSS . $currentPageCSS);
}
if($css) $this->view->pageCSS = $css;
if($js) $this->view->pageJS = $js;
/* Change the dir to the view file to keep the relative pathes work. */
$currentPWD = getcwd();
chdir(dirname($viewFile));
extract((array)$this->view);
ob_start();
include $viewFile;
if(isset($hookFiles)) foreach($hookFiles as $hookFile) if(file_exists($hookFile)) include $hookFile;
$this->output .= ob_get_contents();
ob_end_clean();
/* At the end, chang the dir to the previous. */
chdir($currentPWD);
}
public function display($moduleName = '', $methodName = '')
{
if(empty($this->output)) $this->parse($moduleName, $methodName);
if(isset($this->config->cn2tw) and $this->config->cn2tw and $this->app->getClientLang() == 'zh-tw')
{
$this->app->loadClass('cn2tw', true);
$this->output = cn2tw::translate($this->output);
}
if(RUN_MODE == 'front')
{
$this->mergeCSS();
$this->mergeJS();
}
//if(isset($this->config->site->cdn))
//{
// $cdn = rtrim($this->config->site->cdn, '/');
// $this->output = str_replace('src="/data/upload', 'src="' . $cdn . '/data/upload', $this->output);
// $this->output = str_replace("src='/data/upload", "src='" . $cdn . "/data/upload", $this->output);
// $this->output = str_replace("url(/data/upload", "url(" . $cdn . "/data/upload", $this->output);
//}
echo $this->output;
}
public function createLink($moduleName, $methodName = 'index', $vars = array(), $alias = array(), $viewType = '')
{
if(empty($moduleName)) $moduleName = $this->moduleName;
return helper::createLink($moduleName, $methodName, $vars, $alias, $viewType);
}
public function inlink($methodName = 'index', $vars = array(), $alias = array(), $viewType = '')
{
return helper::createLink($this->moduleName, $methodName, $vars, $alias, $viewType);
}
/**
* Set TPL_ROOT used in template files.
*
* @access public
* @return void
*/
public function setTplRoot()
{
if(!defined('TPL_ROOT')) define('TPL_ROOT', $this->app->getTplRoot() . $this->config->template->{$this->device}->name . DS . 'view' . DS);
}
/**
* Load theme hooks.
*
* @access public
* @return array
*/
public function loadThemeHooks()
{
$theme = $this->config->template->{$this->device}->theme;
$hookPath = dirname(TPL_ROOT) . DS . 'theme' . DS . $theme . DS;
$hookFiles = glob("{$hookPath}*.php");
foreach($hookFiles as $file) include $file;
return $hookFiles;
}
/**
* Merge all css codes of one page.
*
* @access public
* @return void
*/
public function mergeCSS()
{
$pageCSS = '';
preg_match_all('/", $this->output);
if(strpos($this->output, '') == false) $this->output = "" . $this->output;
}
}
/**
* Merge all js codes of one page,
*
* @access public
* @return void
*/
public function mergeJS()
{
$pageJS = '';
preg_match_all('/", $this->output);
if(strpos($this->output, '') == false) $this->output .= "";
}
$pos = strpos($this->output, '', $pos) . substr($this->output, $pos);
return true;
}
================================================
FILE: tools/chanzhi/helper.class.php
================================================
static public function createLink($moduleName, $methodName = 'index', $vars = '', $alias = array(), $viewType = '')
{
global $app, $config;
$requestType = $config->requestType;
if(defined('FIX_PATH_INFO2') and FIX_PATH_INFO2)
{
$config->requestType = 'PATH_INFO2';
}
$clientLang = $app->getClientLang();
$lang = $config->langCode;
/* Set viewType is mhtml if visit with mobile.*/
if(!$viewType and RUN_MODE == 'front' and helper::getDevice() == 'mobile' and $methodName != 'oauthCallback') $viewType = 'mhtml';
/* Set vars and alias. */
if(!is_array($vars)) parse_str($vars, $vars);
if(!is_array($alias)) parse_str($alias, $alias);
foreach($alias as $key => $value) $alias[$key] = urlencode($value);
/* Seo modules return directly. */
if(helper::inSeoMode() and method_exists('uri', 'create' . $moduleName . $methodName))
{
if($config->requestType == 'PATH_INFO2') $config->webRoot = $_SERVER['SCRIPT_NAME'] . '/';
$link = call_user_func_array('uri::create' . $moduleName . $methodName, array('param'=> $vars, 'alias'=>$alias, 'viewType'=>$viewType));
/* Add client lang. */
if($lang and $link) $link = $config->webRoot . $lang . '/' . substr($link, strlen($config->webRoot));
if($config->requestType == 'PATH_INFO2') $config->webRoot = getWebRoot();
$config->requestType = $requestType;
if($link) return $link;
}
/* Set the view type. */
if(empty($viewType)) $viewType = $app->getViewType();
if($config->requestType == 'PATH_INFO') $link = $config->webRoot;
if($config->requestType == 'PATH_INFO2') $link = $_SERVER['SCRIPT_NAME'] . '/';
if($config->requestType == 'GET') $link = $_SERVER['SCRIPT_NAME'];
if($config->requestType != 'GET' and $lang) $link .= "$lang/";
/* Common method. */
if(helper::inSeoMode())
{
/* If the method equal the default method defined in the config file and the vars is empty, convert the link. */
if($methodName == $config->default->method and empty($vars))
{
/* If the module also equal the default module, change index-index to index.html. */
if($moduleName == $config->default->module)
{
$link .= 'index.' . $viewType;
}
elseif($viewType == $app->getViewType())
{
$link .= $moduleName . '/';
}
else
{
$link .= $moduleName . '.' . $viewType;
}
}
else
{
$link .= "$moduleName{$config->requestFix}$methodName";
foreach($vars as $value) $link .= "{$config->requestFix}$value";
$link .= '.' . $viewType;
}
}
else
{
$link .= "?{$config->moduleVar}=$moduleName&{$config->methodVar}=$methodName";
if($viewType != 'html') $link .= "&{$config->viewVar}=" . $viewType;
foreach($vars as $key => $value) $link .= "&$key=$value";
if($lang and RUN_MODE != 'admin') $link .= "&l=$lang";
}
$config->requestType = $requestType;
return $link;
}
public static function getDevice()
{
global $app, $config;
$viewType = $app->getViewType();
if($viewType == 'mhtml') return 'mobile';
if(RUN_MODE == 'admin')
{
if($app->session->device) return $app->session->device;
return 'desktop';
}
elseif(RUN_MODE == 'front')
{
if(isset($_COOKIE['visualDevice'])) return $_COOKIE['visualDevice'];
/* Detect mobile. */
$mobile = $app->loadClass('mobile');
if($mobile->isMobile())
{
if(!isset($config->template->mobile)) return 'desktop';
if(isset($config->site->mobileTemplate) and $config->site->mobileTemplate == 'close') return 'desktop';
return 'mobile';
}
}
return 'desktop';
}
function inLink($methodName = 'index', $vars = '', $alias = '', $viewType = '')
{
global $app;
return helper::createLink($app->getModuleName(), $methodName, $vars, $alias, $viewType);
}
function getWebRoot($full = false)
{
$path = $_SERVER['SCRIPT_NAME'];
if(RUN_MODE == 'shell')
{
$url = parse_url($_SERVER['argv'][1]);
$path = empty($url['path']) ? '/' : rtrim($url['path'], '/');
$path = empty($path) ? '/' : $path;
}
if($full)
{
$http = (isset($_SERVER['HTTPS']) and strtolower($_SERVER['HTTPS']) != 'off') ? 'https://' : 'http://';
return $http . $_SERVER['HTTP_HOST'] . substr($path, 0, (strrpos($path, '/') + 1));
}
return substr($path, 0, (strrpos($path, '/') + 1));
}
/**
* Get home root.
*
* @param string $langCode
* @access public
* @return string
*/
function getHomeRoot($langCode = '')
{
global $config;
$langCode = $langCode == '' ? $config->langCode : $langCode;
$defaultLang = isset($config->site->defaultLang) ? $config->site->defaultLang : $config->default->lang;
if($langCode == $config->langsShortcuts[$defaultLang]) return $config->webRoot;
$homeRoot = $config->webRoot;
if($langCode and $config->requestType == 'PATH_INFO') $homeRoot = $config->webRoot . $langCode;
if($langCode and $config->requestType == 'PATH_INFO2') $homeRoot = $config->webRoot . 'index.php/' . "$langCode";
if($langCode and $config->requestType == 'GET') $homeRoot = $config->webRoot . 'index.php?l=' . "$langCode";
if($config->requestType != 'GET') $homeRoot = rtrim($homeRoot, '/') . '/';
return $homeRoot;
}
/**
* Check admin entry.
*
* @access public
* @return string
*/
function checkAdminEntry()
{
if(strpos($_SERVER['PHP_SELF'], '/admin.php') === false) return true;
$path = dirname($_SERVER['SCRIPT_FILENAME']);
$files = scandir($path);
$defaultFiles = array('admin.php', 'index.php', 'install.php', 'loader.php', 'upgrade.php');
foreach($files as $file)
{
if(strpos($file, '.php') !== false and !in_array($file, $defaultFiles))
{
$contents = file_get_contents($path . '/' . $file);
$webRoot = getWebRoot();
if(strpos($contents, "'RUN_MODE', 'admin'") && strpos($_SERVER['PHP_SELF'], '/admin.php') !== false) die(header("location: $webRoot"));
}
}
}
/**
* Get admin entry.
*
* @access public
* @return string
*/
function getAdminEntry()
{
$path = dirname($_SERVER['SCRIPT_FILENAME']);
$files = scandir($path);
$defaultFiles = array('admin.php', 'index.php', 'install.php', 'loader.php', 'upgrade.php');
foreach($files as $file)
{
if(strpos($file, '.php') !== false and !in_array($file, $defaultFiles))
{
$contents = file_get_contents($path . '/' . $file);
if(strpos($contents, "'RUN_MODE', 'admin'") !== false) return $file;
}
}
return 'admin.php';
}
/**
* Key for chanzhi.
*
* @access public
* @return string
*/
function k()
{
global $config, $lang;
$siteCode = $config->site->code;
$codeLen = strlen($siteCode);
$keywords = explode(';', $lang->k);
$count = count($keywords);
$sum = 0;
for($i = 0; $i < $codeLen; $i++) $sum += ord($siteCode{$i});
$key = $sum % $count;
return $keywords[$key];
}
================================================
FILE: tools/chanzhi/myrouter.class.php
================================================
setTplRoot();
$this->fixRequestURI();
$this->sendHeader();
$this->fixLangConfig();
if(RUN_MODE == 'admin' and helper::isAjaxRequest()) $this->config->debug = 1;
}
public function sendHeader()
{
$type = 'html';
if((strpos($_SERVER['REQUEST_URI'], '.xml') !== false) or (isset($_GET['t']) and $_GET['t'] == 'xml')) $type = 'xml';
header("Content-Type: text/{$type}; charset={$this->config->charset}");
header("Cache-control: private");
}
public function setTplRoot()
{
$this->tplRoot = $this->wwwRoot . 'template' . DS;
}
public function getTplRoot()
{
return $this->tplRoot;
}
public function setClientLang($lang = '')
{
if(RUN_MODE != 'install' and RUN_MODE != 'upgrade' and RUN_MODE != 'shell' and $this->config->installed)
{
$result = $this->dbh->query("select value from " . TABLE_CONFIG . " where owner = 'system' and module = 'common' and section = 'site' and `key` = 'defaultLang'")->fetch();
$defaultLang = !empty($result->value) ? $result->value : $this->config->default->lang;
$result = $this->dbh->query("select value from " . TABLE_CONFIG . " where owner = 'system' and module = 'common' and section = 'site' and `key` = 'lang'")->fetch();
$enabledLangs = isset($result->value) ? $result->value : '';
$result = $this->dbh->query("select value from " . TABLE_CONFIG . " where owner = 'system' and module = 'common' and section = 'site' and `key` = 'cn2tw'")->fetch();
$this->config->cn2tw = isset($result->value) ? $result->value : '';
if(empty($enabledLangs))
{
$enabledLangs = array_keys($this->config->langs);
}
else
{
$enabledLangs = explode(',', $enabledLangs);
}
if(!in_array($defaultLang, $enabledLangs)) $defaultLang = current($enabledLangs);
/* Set default lang. */
$this->config->default->lang = $defaultLang;
}
else
{
$defaultLang = $this->config->default->lang;
$enabledLangs = array_keys($this->config->langs);
}
$langCookieVar = RUN_MODE . 'Lang';
if(!empty($lang))
{
$this->clientLang = $lang;
}
elseif(RUN_MODE == 'front')
{
if(strpos($this->server->http_referer, 'm=visual') !== false and !empty($_COOKIE['adminLang']))
{
$this->clientLang = $_COOKIE['adminLang'];
}
else
{
$flipedLangs = array_flip($this->config->langsShortcuts);
if($this->config->requestType == 'GET' and isset($_GET[$this->config->langVar])) $this->clientLang = $flipedLangs[$_GET[$this->config->langVar]];
if($this->config->requestType != 'GET')
{
$pathInfo = $this->getPathInfo();
foreach($this->config->langsShortcuts as $language => $code)
{
if(strpos(trim($pathInfo, '/'), $code) === 0) $this->clientLang = $language;
}
}
}
}
elseif(isset($_COOKIE[$langCookieVar]))
{
$this->clientLang = $_COOKIE[$langCookieVar];
}
elseif(RUN_MODE == 'admin' and isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
{
$this->clientLang = strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], ',') === false ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], ','));
}
if(!empty($this->clientLang) and in_array($this->clientLang, $enabledLangs))
{
$this->clientLang = strtolower($this->clientLang);
}
else
{
$this->clientLang = $defaultLang;
}
setcookie('lang', $this->clientLang, $this->config->cookieLife, $this->config->cookiePath);
if(in_array($this->clientLang, $enabledLangs)) return $this->clientLang;
}
public function fixLangConfig()
{
$langCode = $this->clientLang == $this->config->default->lang ? '' : $this->config->langsShortcuts[$this->clientLang];
$this->config->langCode = $langCode;
$this->config->homeRoot = getHomeRoot();
}
public function fixRequestURI()
{
if($this->config->requestType == 'GET') return true;
if(isset($_SERVER['HTTP_X_REWRITE_URL']))
{
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
}
elseif(isset($_SERVER['HTTP_REQUEST_URI']))
{
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_REQUEST_URI'];
}
}
public function parseRequest()
{
if(isGetUrl())
{
if($this->config->requestType == 'PATH_INFO2') define('FIX_PATH_INFO2', true);
$this->config->requestType = 'GET';
}
if($this->config->requestType == 'PATH_INFO' or $this->config->requestType == 'PATH_INFO2')
{
$this->parsePathInfo();
$langCode = $this->config->langsShortcuts[$this->clientLang];
if(strpos($this->URI, $langCode) === 0) $this->URI = substr($this->URI, strlen($langCode) + 1);
$this->URI = seo::parseURI($this->URI);
$this->setRouteByPathInfo();
}
elseif($this->config->requestType == 'GET')
{
$this->parseGET();
$this->setRouteByGET();
}
else
{
$this->triggerError("The request type {$this->config->requestType} not supported", __FILE__, __LINE__, $exit = true);
}
}
public function setControlFile($exitIfNone = true)
{
$modulePath = $this->getModulePath();
$this->controlFile = $modulePath . DS . 'ext' . DS . '_' . $this->siteCode . DS . 'control' . DS . $this->methodName . '.php';
if(is_file($this->controlFile)) return true;
$this->controlFile = $modulePath . DS . 'ext' . DS . 'control' . DS . $this->methodName . '.php';
if(is_file($this->controlFile)) return true;
$this->controlFile = $modulePath . DS . 'control.php';
if(!is_file($this->controlFile) && $this->getModuleName() != 'error')
{
if($this->server->request_uri == '/favicon.ico') die();
$this->setModuleName('error');
$this->setMethodName('index');
return $this->setControlFile();
}
return true;
}
public function getModulePath($appName = '', $moduleName = '')
{
$modulePath = parent::getModulePath($appName, $moduleName);
if(!file_exists($modulePath)) $modulePath = $this->getModuleRoot() . 'ext' . DS . '_' . $this->siteCode . DS . $moduleName . DS;
return $modulePath;
}
public function setRouteByGET()
{
$moduleName = isset($_GET[$this->config->moduleVar]) ? strtolower($_GET[$this->config->moduleVar]) : $this->config->default->module;
$methodName = isset($_GET[$this->config->methodVar]) ? strtolower($_GET[$this->config->methodVar]) : $this->config->default->method;
$this->setModuleName($moduleName);
$this->setMethodName($methodName);
if(strpos($this->URI, '/index.php/user-oauthCallback-qq.html') !== false)
{
$this->setModuleName('user');
$this->setMethodName('oauthCallback');
array_unshift($_GET, 'qq');
}
$this->setControlFile();
}
public function loadModule()
{
if($this->config->requestType == 'GET') unset($_GET[$this->config->langVar]);
return parent::loadModule();
}
public function setParamsByPathInfo($defaultParams = array())
{
/* Spit the URI. */
$items = explode('-', $this->URI);
$itemCount = count($items);
/* The first two item is moduleName and methodName. So the params should begin at 2.*/
$params = array();
for($i = 2; $i < $itemCount; $i ++)
{
$key = key($defaultParams); // Get key from the $defaultParams.
$params[$key] = str_replace('.', '-', $items[$i]);
next($defaultParams);
}
$this->params = $this->mergeParams($defaultParams, $params);
}
public function loadLang($moduleName, $appName = '')
{
global $app;
$langFiles = array();
$modulePath = $this->getModulePath($appName, $moduleName);
$mainLangFile = $modulePath . 'lang' . DS . $this->clientLang . '.php';
if(file_exists($mainLangFile)) $langFiles[] = $mainLangFile;
if(is_object($app))
{
$device = helper::getDevice();
$langPath = $this->getTplRoot() . $this->config->template->{$device}->name . DS . 'lang' . DS . $moduleName . DS;
$templateLangFile = $langPath . $this->clientLang . '.php';
if(file_exists($templateLangFile)) $langFiles[] = $templateLangFile;
}
/* get ext lang files. */
$extLangPath = $this->getModuleExtPath($appName, $moduleName, 'lang');
$commonExtLangFiles = helper::ls($extLangPath['common'] . $this->clientLang, '.php');
$siteExtLangFiles = helper::ls($extLangPath['site'] . $this->clientLang, '.php');
$extLangFiles = array_merge($commonExtLangFiles, $siteExtLangFiles);
$langFiles = array_merge($langFiles, $extLangFiles);
/* Set the files to includ. */
if(empty($langFiles)) return false;
global $lang;
if(!is_object($lang)) $lang = new language();
if(!isset($lang->$moduleName)) $lang->$moduleName = new stdclass();
static $loadedLangs = array();
foreach($langFiles as $langFile)
{
if(in_array($langFile, $loadedLangs)) continue;
include $langFile;
$loadedLangs[] = $langFile;
}
$this->lang = $lang;
return $lang;
}
public function headError()
{
$this->setModuleName('error');
$this->setMethodName('index');
$this->setControlFile();
$this->loadModule();
}
public function getPathInfo()
{
if(isset($_SERVER['PATH_INFO']))
{
$value = $_SERVER['PATH_INFO'];
}
elseif(isset($_SERVER['ORIG_PATH_INFO']))
{
$value = $_SERVER['ORIG_PATH_INFO'];
}
elseif(isset($_SERVER['REQUEST_URI']))
{
$value = $_SERVER['REQUEST_URI'];
}
else
{
$value = @getenv('PATH_INFO');
if(empty($value)) $value = @getenv('ORIG_PATH_INFO');
if(empty($value)) $value = @getenv('REQUEST_URI');
if(strpos($value, $_SERVER['SCRIPT_NAME']) !== false) $value = str_replace($_SERVER['SCRIPT_NAME'], '', $value);
}
if(strpos($value, '?') === false) return trim($value, '/');
$value = parse_url($value);
return trim($value['path'], '/');
}
}
================================================
FILE: tools/chanzhi/process.php
================================================
$line)
{
$first = false;
if(strpos($line, 'function setViewPrefix(') !== false)
{
$setViewPrefix = $line;
$mark = 'setViewPrefix';
$first = true;
}
if(strpos($line, 'function setViewFile(') !== false)
{
$setViewFile = $line;
$mark = 'setViewFile';
$first = true;
}
if(strpos($line, 'function getExtViewFile(') !== false)
{
$getExtViewFile = $line;
$mark = 'getExtViewFile';
$first = true;
}
if(strpos($line, 'function getCSS(') !== false)
{
$getCSS = $line;
$mark = 'getCSS';
$first = true;
}
if(strpos($line, 'function getJS(') !== false)
{
$getJS = $line;
$mark = 'getJS';
$first = true;
}
if(strpos($line, 'function parse(') !== false)
{
$parse = $line;
$mark = 'parse';
$first = true;
}
if(strpos($line, 'function parseJSON(') !== false)
{
$parseJSON = $line;
$mark = 'parseJSON';
$first = true;
}
if(strpos($line, 'function parseDefault(') !== false)
{
$parseDefault = $line;
$mark = 'parseDefault';
$first = true;
}
if(strpos($line, 'function display(') !== false)
{
$display = $line;
$mark = 'display';
$first = true;
}
if(strpos($line, 'function createLink(') !== false)
{
$createLink = $line;
$mark = 'createLink';
$first = true;
}
if(strpos($line, 'function inlink(') !== false)
{
$inlink = $line;
$mark = 'inlink';
$first = true;
}
if(strpos($line, '/**') !== false)
{
if(!isset($addLines)) $addLines = '';
$addLines .= $line;
$mark = 'addLines';
$first = true;
}
if($mark and !$first) $$mark .= $line;
}
$startLine = 0;
$mark = '';
$endTag = -1;
foreach($baseControl as $i => $line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseControl[$startLine] = rtrim($$mark);
unset($baseControl[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function setViewPrefix(') !== false)
{
$startLine = $i;
$mark = 'setViewPrefix';
}
if(strpos($line, 'function setViewFile(') !== false)
{
$startLine = $i;
$mark = 'setViewFile';
}
if(strpos($line, 'function getExtViewFile(') !== false)
{
$startLine = $i;
$mark = 'getExtViewFile';
}
if(strpos($line, 'function getCSS(') !== false)
{
$startLine = $i;
$mark = 'getCSS';
}
if(strpos($line, 'function getJS(') !== false)
{
$startLine = $i;
$mark = 'getJS';
}
if(strpos($line, 'function parse(') !== false)
{
$startLine = $i;
$mark = 'parse';
}
if(strpos($line, 'function parseJSON(') !== false)
{
$startLine = $i;
$mark = 'parseJSON';
}
if(strpos($line, 'function parseDefault(') !== false)
{
$startLine = $i;
$mark = 'parseDefault';
}
if(strpos($line, 'function display(') !== false)
{
$startLine = $i;
$mark = 'display';
}
if(strpos($line, 'function createLink(') !== false)
{
$startLine = $i;
$mark = 'createLink';
}
if(strpos($line, 'function inlink(') !== false)
{
$startLine = $i;
$mark = 'inlink';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseControl[$i]);
}
ksort($baseControl);
$baseControl[$i] = "\n" . $addLines . $baseControl[$i];
file_put_contents($chanzhiPath . 'framework/control.class.php', join("\n", $baseControl));
unset($addLines);
$baseHelper = trim(file_get_contents($chanzhiPath . 'framework/helper.class.php'));
$mergeHelper = file(dirname(__FILE__) . '/helper.class.php');
$baseHelper = explode("\n", $baseHelper);
$mark = '';
foreach($mergeHelper as $i => $line)
{
$first = false;
if(strpos($line, 'function createLink(') !== false)
{
$createLink = $line;
$mark = 'createLink';
$first = true;
}
if(strpos($line, 'function getDevice(') !== false)
{
$inLink = $line;
$mark = 'getDevice';
$first = true;
}
if(strpos($line, 'function inLink(') !== false)
{
$inLink = $line;
$mark = 'inLink';
$first = true;
}
if(strpos($line, 'function getWebRoot(') !== false)
{
$getWebRoot = $line;
$mark = 'getWebRoot';
$first = true;
}
if(strpos($line, '/**') !== false)
{
if(!isset($addLines)) $addLines = '';
$addLines .= $line;
$mark = 'addLines';
$first = true;
}
if($mark and !$first) $$mark .= $line;
}
$startLine = 0;
$mark = '';
$endTag = -1;
foreach($baseHelper as $i => $line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseHelper[$startLine] = rtrim($$mark);
unset($baseHelper[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function createLink(') !== false)
{
$startLine = $i;
$mark = 'createLink';
}
if(strpos($line, 'function getDevice(') !== false)
{
$startLine = $i;
$mark = 'getDevice';
}
if(strpos($line, 'function inLink(') !== false)
{
$startLine = $i;
$mark = 'inLink';
}
if(strpos($line, 'function getWebRoot(') !== false)
{
$startLine = $i;
$mark = 'getWebRoot';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseHelper[$i]);
}
ksort($baseHelper);
$baseHelper[$i] = $baseHelper[$i] . "\n" . $addLines;
file_put_contents($chanzhiPath . 'framework/helper.class.php', join("\n", $baseHelper));
================================================
FILE: tools/ranzhi/helper.class.php
================================================
function getWebRoot()
{
$path = $_SERVER['SCRIPT_NAME'];
if(defined('IN_SHELL'))
{
$url = parse_url($_SERVER['argv'][1]);
$path = empty($url['path']) ? '/' : rtrim($url['path'], '/');
$path = empty($path) ? '/' : preg_replace('/\/www$/', '/www/', $path);
}
$path = dirname(dirname($path));
$path = str_replace('\\', '/', $path);
if($path == '/') return '/';
return $path . '/';
}
================================================
FILE: tools/ranzhi/myrouter.class.php
================================================
setAppName($appName);
parent::__construct($appName, $appRoot);
$this->setStaticRoot();
$this->setWwwRoot();
$this->setDataRoot();
$this->setThemeRoot();
}
public function setModuleRoot()
{
$this->moduleRoot = $this->appRoot;
}
public function setStaticRoot()
{
$this->staticRoot = $this->basePath . 'www' . DS;
}
public function setWwwRoot()
{
$this->wwwRoot = rtrim(dirname(dirname($_SERVER['SCRIPT_FILENAME'])), DS) . DS;
}
public function setDataRoot()
{
$this->dataRoot = $this->staticRoot . 'data' . DS;
}
public function setThemeRoot()
{
$this->themeRoot = $this->staticRoot . 'theme' . DS;
}
public function getAppName()
{
return $this->appName;
}
public function getStaticRoot()
{
return $this->staticRoot;
}
public function getURI($full = false)
{
if($full and $this->config->requestType != 'GET')
{
if($this->URI) return $this->config->webRoot . $this->appName . '/' . $this->URI . '.' . $this->viewType;
return $this->config->webRoot . $this->appName . '/';
}
return $this->URI;
}
public function loadCommon()
{
$this->setModuleName('common');
$commonModelFile = helper::setModelFile('common');
if(!file_exists($commonModelFile)) $commonModelFile = helper::setModelFile('common', 'sys');
helper::import($commonModelFile);
if(class_exists('extcommonModel'))
{
return new extcommonModel();
}
elseif(class_exists('commonModel'))
{
return new commonModel();
}
else
{
return false;
}
}
public function setControlFile($exitIfNone = true)
{
$this->controlFile = $this->moduleRoot . $this->moduleName . DS . 'control.php';
if(!is_file($this->controlFile)) $this->controlFile = $this->basePath . 'app' . DS . 'sys' . DS . $this->moduleName . DS . 'control.php';
if(!is_file($this->controlFile))
{
$this->triggerError("the control file $this->controlFile not found.", __FILE__, __LINE__, $exitIfNone);
return false;
}
return true;
}
public function getModulePath($appName = '', $moduleName = '')
{
$modulePath = parent::getModulePath($appName, $moduleName);
if(!is_dir($modulePath) and $appName != 'sys') $modulePath = parent::getModulePath('sys', $moduleName);
return $modulePath;
}
public function getModuleExtPath($appName, $moduleName, $ext)
{
$paths = parent::getModuleExtPath($appName, $moduleName, $ext);
if((!is_dir($paths['common']) or ($paths['site'] and !is_dir($paths['site']))) and $appName != 'sys')
{
$sysPaths = parent::getModuleExtPath('sys', $moduleName, $ext);
if(!is_dir($paths['common'])) $paths['common'] = $sysPaths['common'];
if($paths['site'] and !is_dir($paths['site'])) $paths['site'] = $sysPaths['common'];
}
return $paths;
}
public function setActionExtFile()
{
$result = parent::setActionExtFile();
if(!$result and $this->appName != 'sys')
{
$oldAppName = $this->appName;
$this->appName = 'sys';
$result = parent::setActionExtFile();
$this->appName = $oldAppName;
}
return $result;
}
public function loadLang($moduleName, $appName = '')
{
if($moduleName == 'common' and $appName == '') $this->loadLang('common', 'sys');
$modulePath = $this->getModulePath($appName, $moduleName);
$mainLangFile = $modulePath . 'lang' . DS . $this->clientLang . '.php';
$extLangPath = $this->getModuleExtPath($appName, $moduleName, 'lang');
$commonExtLangFiles = helper::ls($extLangPath['common'] . $this->clientLang, '.php');
$siteExtLangFiles = helper::ls($extLangPath['site'] . $this->clientLang, '.php');
$extLangFiles = array_merge($commonExtLangFiles, $siteExtLangFiles);
/* Set the files to includ. */
if(!is_file($mainLangFile))
{
if(empty($extLangFiles)) return false; // also no extension file.
$langFiles = $extLangFiles;
}
else
{
$langFiles = array_merge(array($mainLangFile), $extLangFiles);
}
global $lang;
if(!is_object($lang)) $lang = new language();
static $loadedLangs = array();
foreach($langFiles as $langFile)
{
if(in_array($langFile, $loadedLangs)) continue;
include $langFile;
$loadedLangs[] = $langFile;
}
/* Merge from the db lang. */
if(empty($appName)) $appName = $this->appName;
if(isset($lang->db->custom[$appName][$moduleName]))
{
foreach($lang->db->custom[$appName][$moduleName] as $section => $fields)
{
foreach($fields as $key => $value)
{
if($moduleName == 'common')
{
unset($lang->{$section}[$key]);
$lang->{$section}[$key] = $value;
}
else
{
unset($lang->{$moduleName}->{$section}[$key]);
$lang->{$moduleName}->{$section}[$key] = $value;
}
}
}
}
$this->lang = $lang;
return $lang;
}
}
================================================
FILE: tools/ranzhi/process.php
================================================
$line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseModel[$startLine] = rtrim($$mark);
unset($baseModel[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function delete(') !== false)
{
$startLine = $i;
$mark = 'delete';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseModel[$i]);
}
ksort($baseModel);
file_put_contents($ranzhiPath . 'framework/model.class.php', join("\n", $baseModel));
$baseHelper = trim(file_get_contents($ranzhiPath . 'framework/helper.class.php'));
$mergeHelper = file_get_contents(dirname(__FILE__) . '/helper.class.php');
$baseHelper = explode("\n", $baseHelper);
$getWebRoot = $mergeHelper;
$startLine = 0;
$mark = '';
$endTag = -1;
foreach($baseHelper as $i => $line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseHelper[$startLine] = rtrim($$mark);
unset($baseHelper[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function getWebRoot(') !== false)
{
$startLine = $i;
$mark = 'getWebRoot';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseHelper[$i]);
}
ksort($baseHelper);
file_put_contents($ranzhiPath . 'framework/helper.class.php', join("\n", $baseHelper));
================================================
FILE: tools/zentao/front.class.php
================================================
static public function a($href = '', $title = '', $target = "_self", $misc = '', $newline = true)
{
global $config;
if(empty($title)) $title = $href;
$newline = $newline ? "\n" : '';
/* if page has onlybody param then add this param in all link. the param hide header and footer. */
if(strpos($href, 'onlybody=yes') === false and isonlybody())
{
$onlybody = strpos($link, '?') === false ? "?onlybody=yes" : "&onlybody=yes";
$href .= $onlybody;
}
if($target == '_self') return "$title$newline";
return "$title$newline";
}
static public function selectButton($scope = "", $appendClass = 'btn')
{
global $lang;
return "";
}
================================================
FILE: tools/zentao/myrouter.class.php
================================================
setModuleName('common');
$commonModelFile = helper::setModelFile('common');
if(file_exists($commonModelFile))
{
helper::import($commonModelFile);
if(class_exists('extcommonModel'))
{
$commonClass = 'class common extends extcommonModel{}';
eval($commonClass);
return new extcommonModel();
}
elseif(class_exists('commonModel'))
{
$commonClass = 'class common extends commonModel{}';
eval($commonClass);
return new commonModel();
}
else
{
return false;
}
}
}
public function loadLang($moduleName, $appName = '')
{
$modulePath = $this->getModulePath($appName, $moduleName);
$mainLangFile = $modulePath . 'lang' . DS . $this->clientLang . '.php';
$extLangPath = $this->getModuleExtPath($appName, $moduleName, 'lang');
$commonExtLangFiles = helper::ls($extLangPath['common'] . $this->clientLang, '.php');
$siteExtLangFiles = helper::ls($extLangPath['site'] . $this->clientLang, '.php');
$extLangFiles = array_merge($commonExtLangFiles, $siteExtLangFiles);
/* Set the files to includ. */
if(!is_file($mainLangFile))
{
if(empty($extLangFiles)) return false; // also no extension file.
$langFiles = $extLangFiles;
}
else
{
$langFiles = array_merge(array($mainLangFile), $extLangFiles);
}
global $lang;
if(!is_object($lang)) $lang = new language();
/* Set productCommon and projectCommon for flow. */
if($moduleName == 'common')
{
$productProject = false;
if($this->dbh and !empty($this->config->db->name)) $productProject = $this->dbh->query('SELECT value FROM' . TABLE_CONFIG . "WHERE `owner`='system' AND `module`='custom' AND `key`='productproject'")->fetch();
$productCommon = $projectCommon = 0;
if($productProject)
{
$productProject = $productProject->value;
list($productCommon, $projectCommon) = explode('_', $productProject);
}
$lang->productCommon = isset($this->config->productCommonList[$this->clientLang][(int)$productCommon]) ? $this->config->productCommonList[$this->clientLang][(int)$productCommon] : $this->config->productCommonList['zh-cn'][0];
$lang->projectCommon = isset($this->config->projectCommonList[$this->clientLang][(int)$projectCommon]) ? $this->config->projectCommonList[$this->clientLang][(int)$projectCommon] : $this->config->projectCommonList['zh-cn'][0];
}
static $loadedLangs = array();
foreach($langFiles as $langFile)
{
if(in_array($langFile, $loadedLangs)) continue;
include $langFile;
$loadedLangs[] = $langFile;
}
/* Merge from the db lang. */
if($moduleName != 'common' and isset($lang->db->custom[$moduleName]))
{
foreach($lang->db->custom[$moduleName] as $section => $fields)
{
foreach($fields as $key => $value)
{
unset($lang->{$moduleName}->{$section}[$key]);
$lang->{$moduleName}->{$section}[$key] = $value;
}
}
}
$this->lang = $lang;
return $lang;
}
}
================================================
FILE: tools/zentao/process.php
================================================
$line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseModel[$startLine] = rtrim($$mark);
unset($baseModel[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function delete(') !== false)
{
$startLine = $i;
$mark = 'delete';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseModel[$i]);
}
ksort($baseModel);
file_put_contents($zentaoPath . 'framework/model.class.php', join("\n", $baseModel));
$baseFront = trim(file_get_contents($zentaoPath . 'lib/front/front.class.php'));
$mergeFront = file(dirname(__FILE__) . '/front.class.php');
$baseFront = explode("\n", $baseFront);
$mark = '';
foreach($mergeFront as $i => $line)
{
$first = false;
if(strpos($line, 'function a(') !== false)
{
$a = $line;
$mark = 'a';
$first = true;
}
if(strpos($line, 'function selectButton(') !== false)
{
$selectButton = $line;
$mark = 'selectButton';
$first = true;
}
if($mark and !$first) $$mark .= $line;
}
$startLine = 0;
$mark = '';
$endTag = -1;
foreach($baseFront as $i => $line)
{
if($startLine and strpos($line, '{') !== false) $endTag ++;
if($startLine and strpos($line, '}') !== false) $endTag --;
if($endTag == 0 and $mark)
{
$baseFront[$startLine] = rtrim($$mark);
unset($baseFront[$i]);
$startLine = 0;
$endTag = -1;
$mark = '';
}
if(strpos($line, 'function a(') !== false)
{
$startLine = $i;
$mark = 'a';
}
if(strpos($line, 'function selectButton(') !== false)
{
$startLine = $i;
$mark = 'selectButton';
}
if($mark and $endTag == -1) $endTag = 0;
if($startLine) unset($baseFront[$i]);
}
ksort($baseFront);
file_put_contents($zentaoPath . 'lib/front/front.class.php', join("\n", $baseFront));