diff options
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrTransform')
20 files changed, 0 insertions, 619 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php deleted file mode 100644 index 0e1ff24a3..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php +++ /dev/null @@ -1,23 +0,0 @@ -<?php - -/** - * Pre-transform that changes proprietary background attribute to CSS. - */ -class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform { - - public function transform($attr, $config, $context) { - - if (!isset($attr['background'])) return $attr; - - $background = $this->confiscateAttr($attr, 'background'); - // some validation should happen here - - $this->prependCSS($attr, "background-image:url($background);"); - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php deleted file mode 100644 index 4d1a05665..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php +++ /dev/null @@ -1,19 +0,0 @@ -<?php - -// this MUST be placed in post, as it assumes that any value in dir is valid - -/** - * Post-trasnform that ensures that bdo tags have the dir attribute set. - */ -class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform -{ - - public function transform($attr, $config, $context) { - if (isset($attr['dir'])) return $attr; - $attr['dir'] = $config->get('Attr.DefaultTextDir'); - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php deleted file mode 100644 index ad3916bb9..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php +++ /dev/null @@ -1,23 +0,0 @@ -<?php - -/** - * Pre-transform that changes deprecated bgcolor attribute to CSS. - */ -class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform { - - public function transform($attr, $config, $context) { - - if (!isset($attr['bgcolor'])) return $attr; - - $bgcolor = $this->confiscateAttr($attr, 'bgcolor'); - // some validation should happen here - - $this->prependCSS($attr, "background-color:$bgcolor;"); - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php deleted file mode 100644 index 51159b671..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php - -/** - * Pre-transform that changes converts a boolean attribute to fixed CSS - */ -class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform { - - /** - * Name of boolean attribute that is trigger - */ - protected $attr; - - /** - * CSS declarations to add to style, needs trailing semicolon - */ - protected $css; - - /** - * @param $attr string attribute name to convert from - * @param $css string CSS declarations to add to style (needs semicolon) - */ - public function __construct($attr, $css) { - $this->attr = $attr; - $this->css = $css; - } - - public function transform($attr, $config, $context) { - if (!isset($attr[$this->attr])) return $attr; - unset($attr[$this->attr]); - $this->prependCSS($attr, $this->css); - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php deleted file mode 100644 index 476b0b079..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php - -/** - * Pre-transform that changes deprecated border attribute to CSS. - */ -class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform { - - public function transform($attr, $config, $context) { - if (!isset($attr['border'])) return $attr; - $border_width = $this->confiscateAttr($attr, 'border'); - // some validation should happen here - $this->prependCSS($attr, "border:{$border_width}px solid;"); - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php deleted file mode 100644 index 2a5b4514a..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php +++ /dev/null @@ -1,58 +0,0 @@ -<?php - -/** - * Generic pre-transform that converts an attribute with a fixed number of - * values (enumerated) to CSS. - */ -class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform { - - /** - * Name of attribute to transform from - */ - protected $attr; - - /** - * Lookup array of attribute values to CSS - */ - protected $enumToCSS = array(); - - /** - * Case sensitivity of the matching - * @warning Currently can only be guaranteed to work with ASCII - * values. - */ - protected $caseSensitive = false; - - /** - * @param $attr String attribute name to transform from - * @param $enumToCSS Lookup array of attribute values to CSS - * @param $case_sensitive Boolean case sensitivity indicator, default false - */ - public function __construct($attr, $enum_to_css, $case_sensitive = false) { - $this->attr = $attr; - $this->enumToCSS = $enum_to_css; - $this->caseSensitive = (bool) $case_sensitive; - } - - public function transform($attr, $config, $context) { - - if (!isset($attr[$this->attr])) return $attr; - - $value = trim($attr[$this->attr]); - unset($attr[$this->attr]); - - if (!$this->caseSensitive) $value = strtolower($value); - - if (!isset($this->enumToCSS[$value])) { - return $attr; - } - - $this->prependCSS($attr, $this->enumToCSS[$value]); - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php deleted file mode 100644 index 7f0e4b7a5..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php +++ /dev/null @@ -1,43 +0,0 @@ -<?php - -// must be called POST validation - -/** - * Transform that supplies default values for the src and alt attributes - * in img tags, as well as prevents the img tag from being removed - * because of a missing alt tag. This needs to be registered as both - * a pre and post attribute transform. - */ -class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform -{ - - public function transform($attr, $config, $context) { - - $src = true; - if (!isset($attr['src'])) { - if ($config->get('Core.RemoveInvalidImg')) return $attr; - $attr['src'] = $config->get('Attr.DefaultInvalidImage'); - $src = false; - } - - if (!isset($attr['alt'])) { - if ($src) { - $alt = $config->get('Attr.DefaultImageAlt'); - if ($alt === null) { - // truncate if the alt is too long - $attr['alt'] = substr(basename($attr['src']),0,40); - } else { - $attr['alt'] = $alt; - } - } else { - $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); - } - } - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php deleted file mode 100644 index fd84c10c3..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php - -/** - * Pre-transform that changes deprecated hspace and vspace attributes to CSS - */ -class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform { - - protected $attr; - protected $css = array( - 'hspace' => array('left', 'right'), - 'vspace' => array('top', 'bottom') - ); - - public function __construct($attr) { - $this->attr = $attr; - if (!isset($this->css[$attr])) { - trigger_error(htmlspecialchars($attr) . ' is not valid space attribute'); - } - } - - public function transform($attr, $config, $context) { - - if (!isset($attr[$this->attr])) return $attr; - - $width = $this->confiscateAttr($attr, $this->attr); - // some validation could happen here - - if (!isset($this->css[$this->attr])) return $attr; - - $style = ''; - foreach ($this->css[$this->attr] as $suffix) { - $property = "margin-$suffix"; - $style .= "$property:{$width}px;"; - } - - $this->prependCSS($attr, $style); - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php deleted file mode 100644 index 16829552d..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -/** - * Performs miscellaneous cross attribute validation and filtering for - * input elements. This is meant to be a post-transform. - */ -class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform { - - protected $pixels; - - public function __construct() { - $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels(); - } - - public function transform($attr, $config, $context) { - if (!isset($attr['type'])) $t = 'text'; - else $t = strtolower($attr['type']); - if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') { - unset($attr['checked']); - } - if (isset($attr['maxlength']) && $t !== 'text' && $t !== 'password') { - unset($attr['maxlength']); - } - if (isset($attr['size']) && $t !== 'text' && $t !== 'password') { - $result = $this->pixels->validate($attr['size'], $config, $context); - if ($result === false) unset($attr['size']); - else $attr['size'] = $result; - } - if (isset($attr['src']) && $t !== 'image') { - unset($attr['src']); - } - if (!isset($attr['value']) && ($t === 'radio' || $t === 'checkbox')) { - $attr['value'] = ''; - } - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php deleted file mode 100644 index 5869e7f82..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php +++ /dev/null @@ -1,28 +0,0 @@ -<?php - -/** - * Post-transform that copies lang's value to xml:lang (and vice-versa) - * @note Theoretically speaking, this could be a pre-transform, but putting - * post is more efficient. - */ -class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform -{ - - public function transform($attr, $config, $context) { - - $lang = isset($attr['lang']) ? $attr['lang'] : false; - $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false; - - if ($lang !== false && $xml_lang === false) { - $attr['xml:lang'] = $lang; - } elseif ($xml_lang !== false) { - $attr['lang'] = $xml_lang; - } - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php deleted file mode 100644 index ea2f30473..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php - -/** - * Class for handling width/height length attribute transformations to CSS - */ -class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform -{ - - protected $name; - protected $cssName; - - public function __construct($name, $css_name = null) { - $this->name = $name; - $this->cssName = $css_name ? $css_name : $name; - } - - public function transform($attr, $config, $context) { - if (!isset($attr[$this->name])) return $attr; - $length = $this->confiscateAttr($attr, $this->name); - if(ctype_digit($length)) $length .= 'px'; - $this->prependCSS($attr, $this->cssName . ":$length;"); - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php deleted file mode 100644 index 15315bc73..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php +++ /dev/null @@ -1,21 +0,0 @@ -<?php - -/** - * Pre-transform that changes deprecated name attribute to ID if necessary - */ -class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform -{ - - public function transform($attr, $config, $context) { - // Abort early if we're using relaxed definition of name - if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr; - if (!isset($attr['name'])) return $attr; - $id = $this->confiscateAttr($attr, 'name'); - if ( isset($attr['id'])) return $attr; - $attr['id'] = $id; - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php deleted file mode 100644 index a95638c14..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php - -/** - * Post-transform that performs validation to the name attribute; if - * it is present with an equivalent id attribute, it is passed through; - * otherwise validation is performed. - */ -class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform -{ - - public function __construct() { - $this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); - } - - public function transform($attr, $config, $context) { - if (!isset($attr['name'])) return $attr; - $name = $attr['name']; - if (isset($attr['id']) && $attr['id'] === $name) return $attr; - $result = $this->idDef->validate($name, $config, $context); - if ($result === false) unset($attr['name']); - else $attr['name'] = $result; - return $attr; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php deleted file mode 100644 index f7fb1209b..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -// must be called POST validation - -/** - * Adds rel="nofollow" to all outbound links. This transform is - * only attached if Attr.Nofollow is TRUE. - */ -class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform -{ - private $parser; - - public function __construct() { - $this->parser = new HTMLPurifier_URIParser(); - } - - public function transform($attr, $config, $context) { - - if (!isset($attr['href'])) { - return $attr; - } - - // XXX Kind of inefficient - $url = $this->parser->parse($attr['href']); - $scheme = $url->getSchemeObj($config, $context); - - if ($scheme->browsable && !$url->isLocal($config, $context)) { - if (isset($attr['rel'])) { - $rels = explode(' ', $attr); - if (!in_array('nofollow', $rels)) { - $rels[] = 'nofollow'; - } - $attr['rel'] = implode(' ', $rels); - } else { - $attr['rel'] = 'nofollow'; - } - } - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php deleted file mode 100644 index 4da449981..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php - -class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform -{ - public $name = "SafeEmbed"; - - public function transform($attr, $config, $context) { - $attr['allowscriptaccess'] = 'never'; - $attr['allownetworking'] = 'internal'; - $attr['type'] = 'application/x-shockwave-flash'; - return $attr; - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php deleted file mode 100644 index 1ed74898b..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php +++ /dev/null @@ -1,16 +0,0 @@ -<?php - -/** - * Writes default type for all objects. Currently only supports flash. - */ -class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform -{ - public $name = "SafeObject"; - - function transform($attr, $config, $context) { - if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash'; - return $attr; - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php deleted file mode 100644 index bd86a7455..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php +++ /dev/null @@ -1,64 +0,0 @@ -<?php - -/** - * Validates name/value pairs in param tags to be used in safe objects. This - * will only allow name values it recognizes, and pre-fill certain attributes - * with required values. - * - * @note - * This class only supports Flash. In the future, Quicktime support - * may be added. - * - * @warning - * This class expects an injector to add the necessary parameters tags. - */ -class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform -{ - public $name = "SafeParam"; - private $uri; - - public function __construct() { - $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded - $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); - } - - public function transform($attr, $config, $context) { - // If we add support for other objects, we'll need to alter the - // transforms. - switch ($attr['name']) { - // application/x-shockwave-flash - // Keep this synchronized with Injector/SafeObject.php - case 'allowScriptAccess': - $attr['value'] = 'never'; - break; - case 'allowNetworking': - $attr['value'] = 'internal'; - break; - case 'allowFullScreen': - if ($config->get('HTML.FlashAllowFullScreen')) { - $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; - } else { - $attr['value'] = 'false'; - } - break; - case 'wmode': - $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); - break; - case 'movie': - case 'src': - $attr['name'] = "movie"; - $attr['value'] = $this->uri->validate($attr['value'], $config, $context); - break; - case 'flashvars': - // we're going to allow arbitrary inputs to the SWF, on - // the reasoning that it could only hack the SWF, not us. - break; - // add other cases to support other param name/value pairs - default: - $attr['name'] = $attr['value'] = null; - } - return $attr; - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php deleted file mode 100644 index 4499050a2..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php +++ /dev/null @@ -1,16 +0,0 @@ -<?php - -/** - * Implements required attribute stipulation for <script> - */ -class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform -{ - public function transform($attr, $config, $context) { - if (!isset($attr['type'])) { - $attr['type'] = 'text/javascript'; - } - return $attr; - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php deleted file mode 100644 index a6502c749..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/TargetBlank.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php - -// must be called POST validation - -/** - * Adds target="blank" to all outbound links. This transform is - * only attached if Attr.TargetBlank is TRUE. This works regardless - * of whether or not Attr.AllowedFrameTargets - */ -class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform -{ - private $parser; - - public function __construct() { - $this->parser = new HTMLPurifier_URIParser(); - } - - public function transform($attr, $config, $context) { - - if (!isset($attr['href'])) { - return $attr; - } - - // XXX Kind of inefficient - $url = $this->parser->parse($attr['href']); - $scheme = $url->getSchemeObj($config, $context); - - if ($scheme->browsable && !$url->isBenign($config, $context)) { - $attr['target'] = 'blank'; - } - - return $attr; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php deleted file mode 100644 index 81ac3488b..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php - -/** - * Sets height/width defaults for <textarea> - */ -class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform -{ - - public function transform($attr, $config, $context) { - // Calculated from Firefox - if (!isset($attr['cols'])) $attr['cols'] = '22'; - if (!isset($attr['rows'])) $attr['rows'] = '3'; - return $attr; - } - -} - -// vim: et sw=4 sts=4 |