From acccafe3daee1c94064202d38fa244bd5a15c2e7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 28 Oct 2012 12:21:21 +0400 Subject: replace htmlpurifier with htmlawed --- .../library/HTMLPurifier/AttrDef/CSS.php | 87 --------- .../HTMLPurifier/AttrDef/CSS/AlphaValue.php | 21 --- .../HTMLPurifier/AttrDef/CSS/Background.php | 87 --------- .../AttrDef/CSS/BackgroundPosition.php | 133 -------------- .../library/HTMLPurifier/AttrDef/CSS/Border.php | 43 ----- .../library/HTMLPurifier/AttrDef/CSS/Color.php | 78 -------- .../library/HTMLPurifier/AttrDef/CSS/Composite.php | 38 ---- .../AttrDef/CSS/DenyElementDecorator.php | 28 --- .../library/HTMLPurifier/AttrDef/CSS/Filter.php | 54 ------ .../library/HTMLPurifier/AttrDef/CSS/Font.php | 149 ---------------- .../HTMLPurifier/AttrDef/CSS/FontFamily.php | 197 --------------------- .../AttrDef/CSS/ImportantDecorator.php | 40 ----- .../library/HTMLPurifier/AttrDef/CSS/Length.php | 47 ----- .../library/HTMLPurifier/AttrDef/CSS/ListStyle.php | 78 -------- .../library/HTMLPurifier/AttrDef/CSS/Multiple.php | 58 ------ .../library/HTMLPurifier/AttrDef/CSS/Number.php | 69 -------- .../HTMLPurifier/AttrDef/CSS/Percentage.php | 40 ----- .../HTMLPurifier/AttrDef/CSS/TextDecoration.php | 38 ---- .../library/HTMLPurifier/AttrDef/CSS/URI.php | 61 ------- .../library/HTMLPurifier/AttrDef/Enum.php | 65 ------- .../library/HTMLPurifier/AttrDef/HTML/Bool.php | 28 --- .../library/HTMLPurifier/AttrDef/HTML/Class.php | 34 ---- .../library/HTMLPurifier/AttrDef/HTML/Color.php | 32 ---- .../HTMLPurifier/AttrDef/HTML/FrameTarget.php | 21 --- .../library/HTMLPurifier/AttrDef/HTML/ID.php | 70 -------- .../library/HTMLPurifier/AttrDef/HTML/Length.php | 41 ----- .../HTMLPurifier/AttrDef/HTML/LinkTypes.php | 53 ------ .../HTMLPurifier/AttrDef/HTML/MultiLength.php | 41 ----- .../library/HTMLPurifier/AttrDef/HTML/Nmtokens.php | 52 ------ .../library/HTMLPurifier/AttrDef/HTML/Pixels.php | 48 ----- .../library/HTMLPurifier/AttrDef/Integer.php | 73 -------- .../library/HTMLPurifier/AttrDef/Lang.php | 73 -------- .../library/HTMLPurifier/AttrDef/Switch.php | 34 ---- .../library/HTMLPurifier/AttrDef/Text.php | 15 -- .../library/HTMLPurifier/AttrDef/URI.php | 77 -------- .../library/HTMLPurifier/AttrDef/URI/Email.php | 17 -- .../HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php | 21 --- .../library/HTMLPurifier/AttrDef/URI/Host.php | 68 ------- .../library/HTMLPurifier/AttrDef/URI/IPv4.php | 39 ---- .../library/HTMLPurifier/AttrDef/URI/IPv6.php | 99 ----------- 40 files changed, 2347 deletions(-) delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php (limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrDef') diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php deleted file mode 100644 index 953e70675..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php +++ /dev/null @@ -1,87 +0,0 @@ -parseCDATA($css); - - $definition = $config->getCSSDefinition(); - - // we're going to break the spec and explode by semicolons. - // This is because semicolon rarely appears in escaped form - // Doing this is generally flaky but fast - // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI - // for details - - $declarations = explode(';', $css); - $propvalues = array(); - - /** - * Name of the current CSS property being validated. - */ - $property = false; - $context->register('CurrentCSSProperty', $property); - - foreach ($declarations as $declaration) { - if (!$declaration) continue; - if (!strpos($declaration, ':')) continue; - list($property, $value) = explode(':', $declaration, 2); - $property = trim($property); - $value = trim($value); - $ok = false; - do { - if (isset($definition->info[$property])) { - $ok = true; - break; - } - if (ctype_lower($property)) break; - $property = strtolower($property); - if (isset($definition->info[$property])) { - $ok = true; - break; - } - } while(0); - if (!$ok) continue; - // inefficient call, since the validator will do this again - if (strtolower(trim($value)) !== 'inherit') { - // inherit works for everything (but only on the base property) - $result = $definition->info[$property]->validate( - $value, $config, $context ); - } else { - $result = 'inherit'; - } - if ($result === false) continue; - $propvalues[$property] = $result; - } - - $context->destroy('CurrentCSSProperty'); - - // procedure does not write the new CSS simultaneously, so it's - // slightly inefficient, but it's the only way of getting rid of - // duplicates. Perhaps config to optimize it, but not now. - - $new_declarations = ''; - foreach ($propvalues as $prop => $value) { - $new_declarations .= "$prop:$value;"; - } - - return $new_declarations ? $new_declarations : false; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php deleted file mode 100644 index 292c040d4..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php +++ /dev/null @@ -1,21 +0,0 @@ - 1.0) $result = '1'; - return $result; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php deleted file mode 100644 index 3a3d20cd6..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php +++ /dev/null @@ -1,87 +0,0 @@ -getCSSDefinition(); - $this->info['background-color'] = $def->info['background-color']; - $this->info['background-image'] = $def->info['background-image']; - $this->info['background-repeat'] = $def->info['background-repeat']; - $this->info['background-attachment'] = $def->info['background-attachment']; - $this->info['background-position'] = $def->info['background-position']; - } - - public function validate($string, $config, $context) { - - // regular pre-processing - $string = $this->parseCDATA($string); - if ($string === '') return false; - - // munge rgb() decl if necessary - $string = $this->mungeRgb($string); - - // assumes URI doesn't have spaces in it - $bits = explode(' ', strtolower($string)); // bits to process - - $caught = array(); - $caught['color'] = false; - $caught['image'] = false; - $caught['repeat'] = false; - $caught['attachment'] = false; - $caught['position'] = false; - - $i = 0; // number of catches - $none = false; - - foreach ($bits as $bit) { - if ($bit === '') continue; - foreach ($caught as $key => $status) { - if ($key != 'position') { - if ($status !== false) continue; - $r = $this->info['background-' . $key]->validate($bit, $config, $context); - } else { - $r = $bit; - } - if ($r === false) continue; - if ($key == 'position') { - if ($caught[$key] === false) $caught[$key] = ''; - $caught[$key] .= $r . ' '; - } else { - $caught[$key] = $r; - } - $i++; - break; - } - } - - if (!$i) return false; - if ($caught['position'] !== false) { - $caught['position'] = $this->info['background-position']-> - validate($caught['position'], $config, $context); - } - - $ret = array(); - foreach ($caught as $value) { - if ($value === false) continue; - $ret[] = $value; - } - - if (empty($ret)) return false; - return implode(' ', $ret); - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php deleted file mode 100644 index fae82eaec..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php +++ /dev/null @@ -1,133 +0,0 @@ - | | left | center | right - ] - [ - | | top | center | bottom - ]? - ] | - [ // this signifies that the vertical and horizontal adjectives - // can be arbitrarily ordered, however, there can only be two, - // one of each, or none at all - [ - left | center | right - ] || - [ - top | center | bottom - ] - ] - top, left = 0% - center, (none) = 50% - bottom, right = 100% -*/ - -/* QuirksMode says: - keyword + length/percentage must be ordered correctly, as per W3C - - Internet Explorer and Opera, however, support arbitrary ordering. We - should fix it up. - - Minor issue though, not strictly necessary. -*/ - -// control freaks may appreciate the ability to convert these to -// percentages or something, but it's not necessary - -/** - * Validates the value of background-position. - */ -class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef -{ - - protected $length; - protected $percentage; - - public function __construct() { - $this->length = new HTMLPurifier_AttrDef_CSS_Length(); - $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage(); - } - - public function validate($string, $config, $context) { - $string = $this->parseCDATA($string); - $bits = explode(' ', $string); - - $keywords = array(); - $keywords['h'] = false; // left, right - $keywords['v'] = false; // top, bottom - $keywords['ch'] = false; // center (first word) - $keywords['cv'] = false; // center (second word) - $measures = array(); - - $i = 0; - - $lookup = array( - 'top' => 'v', - 'bottom' => 'v', - 'left' => 'h', - 'right' => 'h', - 'center' => 'c' - ); - - foreach ($bits as $bit) { - if ($bit === '') continue; - - // test for keyword - $lbit = ctype_lower($bit) ? $bit : strtolower($bit); - if (isset($lookup[$lbit])) { - $status = $lookup[$lbit]; - if ($status == 'c') { - if ($i == 0) { - $status = 'ch'; - } else { - $status = 'cv'; - } - } - $keywords[$status] = $lbit; - $i++; - } - - // test for length - $r = $this->length->validate($bit, $config, $context); - if ($r !== false) { - $measures[] = $r; - $i++; - } - - // test for percentage - $r = $this->percentage->validate($bit, $config, $context); - if ($r !== false) { - $measures[] = $r; - $i++; - } - - } - - if (!$i) return false; // no valid values were caught - - $ret = array(); - - // first keyword - if ($keywords['h']) $ret[] = $keywords['h']; - elseif ($keywords['ch']) { - $ret[] = $keywords['ch']; - $keywords['cv'] = false; // prevent re-use: center = center center - } - elseif (count($measures)) $ret[] = array_shift($measures); - - if ($keywords['v']) $ret[] = $keywords['v']; - elseif ($keywords['cv']) $ret[] = $keywords['cv']; - elseif (count($measures)) $ret[] = array_shift($measures); - - if (empty($ret)) return false; - return implode(' ', $ret); - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php deleted file mode 100644 index 42a1d1b4a..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php +++ /dev/null @@ -1,43 +0,0 @@ -getCSSDefinition(); - $this->info['border-width'] = $def->info['border-width']; - $this->info['border-style'] = $def->info['border-style']; - $this->info['border-top-color'] = $def->info['border-top-color']; - } - - public function validate($string, $config, $context) { - $string = $this->parseCDATA($string); - $string = $this->mungeRgb($string); - $bits = explode(' ', $string); - $done = array(); // segments we've finished - $ret = ''; // return value - foreach ($bits as $bit) { - foreach ($this->info as $propname => $validator) { - if (isset($done[$propname])) continue; - $r = $validator->validate($bit, $config, $context); - if ($r !== false) { - $ret .= $r . ' '; - $done[$propname] = true; - break; - } - } - } - return rtrim($ret); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php deleted file mode 100644 index 07f95a671..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php +++ /dev/null @@ -1,78 +0,0 @@ -get('Core.ColorKeywords'); - - $color = trim($color); - if ($color === '') return false; - - $lower = strtolower($color); - if (isset($colors[$lower])) return $colors[$lower]; - - if (strpos($color, 'rgb(') !== false) { - // rgb literal handling - $length = strlen($color); - if (strpos($color, ')') !== $length - 1) return false; - $triad = substr($color, 4, $length - 4 - 1); - $parts = explode(',', $triad); - if (count($parts) !== 3) return false; - $type = false; // to ensure that they're all the same type - $new_parts = array(); - foreach ($parts as $part) { - $part = trim($part); - if ($part === '') return false; - $length = strlen($part); - if ($part[$length - 1] === '%') { - // handle percents - if (!$type) { - $type = 'percentage'; - } elseif ($type !== 'percentage') { - return false; - } - $num = (float) substr($part, 0, $length - 1); - if ($num < 0) $num = 0; - if ($num > 100) $num = 100; - $new_parts[] = "$num%"; - } else { - // handle integers - if (!$type) { - $type = 'integer'; - } elseif ($type !== 'integer') { - return false; - } - $num = (int) $part; - if ($num < 0) $num = 0; - if ($num > 255) $num = 255; - $new_parts[] = (string) $num; - } - } - $new_triad = implode(',', $new_parts); - $color = "rgb($new_triad)"; - } else { - // hexadecimal handling - if ($color[0] === '#') { - $hex = substr($color, 1); - } else { - $hex = $color; - $color = '#' . $color; - } - $length = strlen($hex); - if ($length !== 3 && $length !== 6) return false; - if (!ctype_xdigit($hex)) return false; - } - - return $color; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php deleted file mode 100644 index de1289cba..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php +++ /dev/null @@ -1,38 +0,0 @@ -defs = $defs; - } - - public function validate($string, $config, $context) { - foreach ($this->defs as $i => $def) { - $result = $this->defs[$i]->validate($string, $config, $context); - if ($result !== false) return $result; - } - return false; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php deleted file mode 100644 index 6599c5b2d..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php +++ /dev/null @@ -1,28 +0,0 @@ -def = $def; - $this->element = $element; - } - /** - * Checks if CurrentToken is set and equal to $this->element - */ - public function validate($string, $config, $context) { - $token = $context->get('CurrentToken', true); - if ($token && $token->name == $this->element) return false; - return $this->def->validate($string, $config, $context); - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php deleted file mode 100644 index 147894b86..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php +++ /dev/null @@ -1,54 +0,0 @@ -intValidator = new HTMLPurifier_AttrDef_Integer(); - } - - public function validate($value, $config, $context) { - $value = $this->parseCDATA($value); - if ($value === 'none') return $value; - // if we looped this we could support multiple filters - $function_length = strcspn($value, '('); - $function = trim(substr($value, 0, $function_length)); - if ($function !== 'alpha' && - $function !== 'Alpha' && - $function !== 'progid:DXImageTransform.Microsoft.Alpha' - ) return false; - $cursor = $function_length + 1; - $parameters_length = strcspn($value, ')', $cursor); - $parameters = substr($value, $cursor, $parameters_length); - $params = explode(',', $parameters); - $ret_params = array(); - $lookup = array(); - foreach ($params as $param) { - list($key, $value) = explode('=', $param); - $key = trim($key); - $value = trim($value); - if (isset($lookup[$key])) continue; - if ($key !== 'opacity') continue; - $value = $this->intValidator->validate($value, $config, $context); - if ($value === false) continue; - $int = (int) $value; - if ($int > 100) $value = '100'; - if ($int < 0) $value = '0'; - $ret_params[] = "$key=$value"; - $lookup[$key] = true; - } - $ret_parameters = implode(',', $ret_params); - $ret_function = "$function($ret_parameters)"; - return $ret_function; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php deleted file mode 100644 index 699ee0b70..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php +++ /dev/null @@ -1,149 +0,0 @@ -getCSSDefinition(); - $this->info['font-style'] = $def->info['font-style']; - $this->info['font-variant'] = $def->info['font-variant']; - $this->info['font-weight'] = $def->info['font-weight']; - $this->info['font-size'] = $def->info['font-size']; - $this->info['line-height'] = $def->info['line-height']; - $this->info['font-family'] = $def->info['font-family']; - } - - public function validate($string, $config, $context) { - - static $system_fonts = array( - 'caption' => true, - 'icon' => true, - 'menu' => true, - 'message-box' => true, - 'small-caption' => true, - 'status-bar' => true - ); - - // regular pre-processing - $string = $this->parseCDATA($string); - if ($string === '') return false; - - // check if it's one of the keywords - $lowercase_string = strtolower($string); - if (isset($system_fonts[$lowercase_string])) { - return $lowercase_string; - } - - $bits = explode(' ', $string); // bits to process - $stage = 0; // this indicates what we're looking for - $caught = array(); // which stage 0 properties have we caught? - $stage_1 = array('font-style', 'font-variant', 'font-weight'); - $final = ''; // output - - for ($i = 0, $size = count($bits); $i < $size; $i++) { - if ($bits[$i] === '') continue; - switch ($stage) { - - // attempting to catch font-style, font-variant or font-weight - case 0: - foreach ($stage_1 as $validator_name) { - if (isset($caught[$validator_name])) continue; - $r = $this->info[$validator_name]->validate( - $bits[$i], $config, $context); - if ($r !== false) { - $final .= $r . ' '; - $caught[$validator_name] = true; - break; - } - } - // all three caught, continue on - if (count($caught) >= 3) $stage = 1; - if ($r !== false) break; - - // attempting to catch font-size and perhaps line-height - case 1: - $found_slash = false; - if (strpos($bits[$i], '/') !== false) { - list($font_size, $line_height) = - explode('/', $bits[$i]); - if ($line_height === '') { - // ooh, there's a space after the slash! - $line_height = false; - $found_slash = true; - } - } else { - $font_size = $bits[$i]; - $line_height = false; - } - $r = $this->info['font-size']->validate( - $font_size, $config, $context); - if ($r !== false) { - $final .= $r; - // attempt to catch line-height - if ($line_height === false) { - // we need to scroll forward - for ($j = $i + 1; $j < $size; $j++) { - if ($bits[$j] === '') continue; - if ($bits[$j] === '/') { - if ($found_slash) { - return false; - } else { - $found_slash = true; - continue; - } - } - $line_height = $bits[$j]; - break; - } - } else { - // slash already found - $found_slash = true; - $j = $i; - } - if ($found_slash) { - $i = $j; - $r = $this->info['line-height']->validate( - $line_height, $config, $context); - if ($r !== false) { - $final .= '/' . $r; - } - } - $final .= ' '; - $stage = 2; - break; - } - return false; - - // attempting to catch font-family - case 2: - $font_family = - implode(' ', array_slice($bits, $i, $size - $i)); - $r = $this->info['font-family']->validate( - $font_family, $config, $context); - if ($r !== false) { - $final .= $r . ' '; - // processing completed successfully - return rtrim($final); - } - return false; - } - } - return false; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php deleted file mode 100644 index 0d9a4e12c..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php +++ /dev/null @@ -1,197 +0,0 @@ -mask = '- '; - for ($c = 'a'; $c <= 'z'; $c++) $this->mask .= $c; - for ($c = 'A'; $c <= 'Z'; $c++) $this->mask .= $c; - for ($c = '0'; $c <= '9'; $c++) $this->mask .= $c; // cast-y, but should be fine - // special bytes used by UTF-8 - for ($i = 0x80; $i <= 0xFF; $i++) { - // We don't bother excluding invalid bytes in this range, - // because the our restriction of well-formed UTF-8 will - // prevent these from ever occurring. - $this->mask .= chr($i); - } - - /* - PHP's internal strcspn implementation is - O(length of string * length of mask), making it inefficient - for large masks. However, it's still faster than - preg_match 8) - for (p = s1;;) { - spanp = s2; - do { - if (*spanp == c || p == s1_end) { - return p - s1; - } - } while (spanp++ < (s2_end - 1)); - c = *++p; - } - */ - // possible optimization: invert the mask. - } - - public function validate($string, $config, $context) { - static $generic_names = array( - 'serif' => true, - 'sans-serif' => true, - 'monospace' => true, - 'fantasy' => true, - 'cursive' => true - ); - $allowed_fonts = $config->get('CSS.AllowedFonts'); - - // assume that no font names contain commas in them - $fonts = explode(',', $string); - $final = ''; - foreach($fonts as $font) { - $font = trim($font); - if ($font === '') continue; - // match a generic name - if (isset($generic_names[$font])) { - if ($allowed_fonts === null || isset($allowed_fonts[$font])) { - $final .= $font . ', '; - } - continue; - } - // match a quoted name - if ($font[0] === '"' || $font[0] === "'") { - $length = strlen($font); - if ($length <= 2) continue; - $quote = $font[0]; - if ($font[$length - 1] !== $quote) continue; - $font = substr($font, 1, $length - 2); - } - - $font = $this->expandCSSEscape($font); - - // $font is a pure representation of the font name - - if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) { - continue; - } - - if (ctype_alnum($font) && $font !== '') { - // very simple font, allow it in unharmed - $final .= $font . ', '; - continue; - } - - // bugger out on whitespace. form feed (0C) really - // shouldn't show up regardless - $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font); - - // Here, there are various classes of characters which need - // to be treated differently: - // - Alphanumeric characters are essentially safe. We - // handled these above. - // - Spaces require quoting, though most parsers will do - // the right thing if there aren't any characters that - // can be misinterpreted - // - Dashes rarely occur, but they fairly unproblematic - // for parsing/rendering purposes. - // The above characters cover the majority of Western font - // names. - // - Arbitrary Unicode characters not in ASCII. Because - // most parsers give little thought to Unicode, treatment - // of these codepoints is basically uniform, even for - // punctuation-like codepoints. These characters can - // show up in non-Western pages and are supported by most - // major browsers, for example: "MS 明朝" is a - // legitimate font-name - // . See - // the CSS3 spec for more examples: - // - // You can see live samples of these on the Internet: - // - // However, most of these fonts have ASCII equivalents: - // for example, 'MS Mincho', and it's considered - // professional to use ASCII font names instead of - // Unicode font names. Thanks Takeshi Terada for - // providing this information. - // The following characters, to my knowledge, have not been - // used to name font names. - // - Single quote. While theoretically you might find a - // font name that has a single quote in its name (serving - // as an apostrophe, e.g. Dave's Scribble), I haven't - // been able to find any actual examples of this. - // Internet Explorer's cssText translation (which I - // believe is invoked by innerHTML) normalizes any - // quoting to single quotes, and fails to escape single - // quotes. (Note that this is not IE's behavior for all - // CSS properties, just some sort of special casing for - // font-family). So a single quote *cannot* be used - // safely in the font-family context if there will be an - // innerHTML/cssText translation. Note that Firefox 3.x - // does this too. - // - Double quote. In IE, these get normalized to - // single-quotes, no matter what the encoding. (Fun - // fact, in IE8, the 'content' CSS property gained - // support, where they special cased to preserve encoded - // double quotes, but still translate unadorned double - // quotes into single quotes.) So, because their - // fixpoint behavior is identical to single quotes, they - // cannot be allowed either. Firefox 3.x displays - // single-quote style behavior. - // - Backslashes are reduced by one (so \\ -> \) every - // iteration, so they cannot be used safely. This shows - // up in IE7, IE8 and FF3 - // - Semicolons, commas and backticks are handled properly. - // - The rest of the ASCII punctuation is handled properly. - // We haven't checked what browsers do to unadorned - // versions, but this is not important as long as the - // browser doesn't /remove/ surrounding quotes (as IE does - // for HTML). - // - // With these results in hand, we conclude that there are - // various levels of safety: - // - Paranoid: alphanumeric, spaces and dashes(?) - // - International: Paranoid + non-ASCII Unicode - // - Edgy: Everything except quotes, backslashes - // - NoJS: Standards compliance, e.g. sod IE. Note that - // with some judicious character escaping (since certain - // types of escaping doesn't work) this is theoretically - // OK as long as innerHTML/cssText is not called. - // We believe that international is a reasonable default - // (that we will implement now), and once we do more - // extensive research, we may feel comfortable with dropping - // it down to edgy. - - // Edgy: alphanumeric, spaces, dashes and Unicode. Use of - // str(c)spn assumes that the string was already well formed - // Unicode (which of course it is). - if (strspn($font, $this->mask) !== strlen($font)) { - continue; - } - - // Historical: - // In the absence of innerHTML/cssText, these ugly - // transforms don't pose a security risk (as \\ and \" - // might--these escapes are not supported by most browsers). - // We could try to be clever and use single-quote wrapping - // when there is a double quote present, but I have choosen - // not to implement that. (NOTE: you can reduce the amount - // of escapes by one depending on what quoting style you use) - // $font = str_replace('\\', '\\5C ', $font); - // $font = str_replace('"', '\\22 ', $font); - // $font = str_replace("'", '\\27 ', $font); - - // font possibly with spaces, requires quoting - $final .= "'$font', "; - } - $final = rtrim($final, ', '); - if ($final === '') return false; - return $final; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php deleted file mode 100644 index 4e6b35e5a..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php +++ /dev/null @@ -1,40 +0,0 @@ -def = $def; - $this->allow = $allow; - } - /** - * Intercepts and removes !important if necessary - */ - public function validate($string, $config, $context) { - // test for ! and important tokens - $string = trim($string); - $is_important = false; - // :TODO: optimization: test directly for !important and ! important - if (strlen($string) >= 9 && substr($string, -9) === 'important') { - $temp = rtrim(substr($string, 0, -9)); - // use a temp, because we might want to restore important - if (strlen($temp) >= 1 && substr($temp, -1) === '!') { - $string = rtrim(substr($temp, 0, -1)); - $is_important = true; - } - } - $string = $this->def->validate($string, $config, $context); - if ($this->allow && $is_important) $string .= ' !important'; - return $string; - } -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php deleted file mode 100644 index a07ec5813..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php +++ /dev/null @@ -1,47 +0,0 @@ -min = $min !== null ? HTMLPurifier_Length::make($min) : null; - $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null; - } - - public function validate($string, $config, $context) { - $string = $this->parseCDATA($string); - - // Optimizations - if ($string === '') return false; - if ($string === '0') return '0'; - if (strlen($string) === 1) return false; - - $length = HTMLPurifier_Length::make($string); - if (!$length->isValid()) return false; - - if ($this->min) { - $c = $length->compareTo($this->min); - if ($c === false) return false; - if ($c < 0) return false; - } - if ($this->max) { - $c = $length->compareTo($this->max); - if ($c === false) return false; - if ($c > 0) return false; - } - - return $length->toString(); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php deleted file mode 100644 index 4406868c0..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php +++ /dev/null @@ -1,78 +0,0 @@ -getCSSDefinition(); - $this->info['list-style-type'] = $def->info['list-style-type']; - $this->info['list-style-position'] = $def->info['list-style-position']; - $this->info['list-style-image'] = $def->info['list-style-image']; - } - - public function validate($string, $config, $context) { - - // regular pre-processing - $string = $this->parseCDATA($string); - if ($string === '') return false; - - // assumes URI doesn't have spaces in it - $bits = explode(' ', strtolower($string)); // bits to process - - $caught = array(); - $caught['type'] = false; - $caught['position'] = false; - $caught['image'] = false; - - $i = 0; // number of catches - $none = false; - - foreach ($bits as $bit) { - if ($i >= 3) return; // optimization bit - if ($bit === '') continue; - foreach ($caught as $key => $status) { - if ($status !== false) continue; - $r = $this->info['list-style-' . $key]->validate($bit, $config, $context); - if ($r === false) continue; - if ($r === 'none') { - if ($none) continue; - else $none = true; - if ($key == 'image') continue; - } - $caught[$key] = $r; - $i++; - break; - } - } - - if (!$i) return false; - - $ret = array(); - - // construct type - if ($caught['type']) $ret[] = $caught['type']; - - // construct image - if ($caught['image']) $ret[] = $caught['image']; - - // construct position - if ($caught['position']) $ret[] = $caught['position']; - - if (empty($ret)) return false; - return implode(' ', $ret); - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php deleted file mode 100644 index 4d62a40d7..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php +++ /dev/null @@ -1,58 +0,0 @@ -single = $single; - $this->max = $max; - } - - public function validate($string, $config, $context) { - $string = $this->parseCDATA($string); - if ($string === '') return false; - $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n - $length = count($parts); - $final = ''; - for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) { - if (ctype_space($parts[$i])) continue; - $result = $this->single->validate($parts[$i], $config, $context); - if ($result !== false) { - $final .= $result . ' '; - $num++; - } - } - if ($final === '') return false; - return rtrim($final); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php deleted file mode 100644 index 3f99e12ec..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php +++ /dev/null @@ -1,69 +0,0 @@ -non_negative = $non_negative; - } - - /** - * @warning Some contexts do not pass $config, $context. These - * variables should not be used without checking HTMLPurifier_Length - */ - public function validate($number, $config, $context) { - - $number = $this->parseCDATA($number); - - if ($number === '') return false; - if ($number === '0') return '0'; - - $sign = ''; - switch ($number[0]) { - case '-': - if ($this->non_negative) return false; - $sign = '-'; - case '+': - $number = substr($number, 1); - } - - if (ctype_digit($number)) { - $number = ltrim($number, '0'); - return $number ? $sign . $number : '0'; - } - - // Period is the only non-numeric character allowed - if (strpos($number, '.') === false) return false; - - list($left, $right) = explode('.', $number, 2); - - if ($left === '' && $right === '') return false; - if ($left !== '' && !ctype_digit($left)) return false; - - $left = ltrim($left, '0'); - $right = rtrim($right, '0'); - - if ($right === '') { - return $left ? $sign . $left : '0'; - } elseif (!ctype_digit($right)) { - return false; - } - - return $sign . $left . '.' . $right; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php deleted file mode 100644 index c34b8fc3c..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php +++ /dev/null @@ -1,40 +0,0 @@ -number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); - } - - public function validate($string, $config, $context) { - - $string = $this->parseCDATA($string); - - if ($string === '') return false; - $length = strlen($string); - if ($length === 1) return false; - if ($string[$length - 1] !== '%') return false; - - $number = substr($string, 0, $length - 1); - $number = $this->number_def->validate($number, $config, $context); - - if ($number === false) return false; - return "$number%"; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php deleted file mode 100644 index 772c922d8..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php +++ /dev/null @@ -1,38 +0,0 @@ - true, - 'overline' => true, - 'underline' => true, - ); - - $string = strtolower($this->parseCDATA($string)); - - if ($string === 'none') return $string; - - $parts = explode(' ', $string); - $final = ''; - foreach ($parts as $part) { - if (isset($allowed_values[$part])) { - $final .= $part . ' '; - } - } - $final = rtrim($final); - if ($final === '') return false; - return $final; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php deleted file mode 100644 index c2f767e57..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php +++ /dev/null @@ -1,61 +0,0 @@ -parseCDATA($uri_string); - if (strpos($uri_string, 'url(') !== 0) return false; - $uri_string = substr($uri_string, 4); - $new_length = strlen($uri_string) - 1; - if ($uri_string[$new_length] != ')') return false; - $uri = trim(substr($uri_string, 0, $new_length)); - - if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { - $quote = $uri[0]; - $new_length = strlen($uri) - 1; - if ($uri[$new_length] !== $quote) return false; - $uri = substr($uri, 1, $new_length - 1); - } - - $uri = $this->expandCSSEscape($uri); - - $result = parent::validate($uri, $config, $context); - - if ($result === false) return false; - - // extra sanity check; should have been done by URI - $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result); - - // suspicious characters are ()'; we're going to percent encode - // them for safety. - $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result); - - // there's an extra bug where ampersands lose their escaping on - // an innerHTML cycle, so a very unlucky query parameter could - // then change the meaning of the URL. Unfortunately, there's - // not much we can do about that... - - return "url(\"$result\")"; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php deleted file mode 100644 index 5d603ebcc..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php +++ /dev/null @@ -1,65 +0,0 @@ -valid_values = array_flip($valid_values); - $this->case_sensitive = $case_sensitive; - } - - public function validate($string, $config, $context) { - $string = trim($string); - if (!$this->case_sensitive) { - // we may want to do full case-insensitive libraries - $string = ctype_lower($string) ? $string : strtolower($string); - } - $result = isset($this->valid_values[$string]); - - return $result ? $string : false; - } - - /** - * @param $string In form of comma-delimited list of case-insensitive - * valid values. Example: "foo,bar,baz". Prepend "s:" to make - * case sensitive - */ - public function make($string) { - if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') { - $string = substr($string, 2); - $sensitive = true; - } else { - $sensitive = false; - } - $values = explode(',', $string); - return new HTMLPurifier_AttrDef_Enum($values, $sensitive); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php deleted file mode 100644 index e06987eb8..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php +++ /dev/null @@ -1,28 +0,0 @@ -name = $name;} - - public function validate($string, $config, $context) { - if (empty($string)) return false; - return $this->name; - } - - /** - * @param $string Name of attribute - */ - public function make($string) { - return new HTMLPurifier_AttrDef_HTML_Bool($string); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php deleted file mode 100644 index 370068d97..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php +++ /dev/null @@ -1,34 +0,0 @@ -getDefinition('HTML')->doctype->name; - if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { - return parent::split($string, $config, $context); - } else { - return preg_split('/\s+/', $string); - } - } - protected function filter($tokens, $config, $context) { - $allowed = $config->get('Attr.AllowedClasses'); - $forbidden = $config->get('Attr.ForbiddenClasses'); - $ret = array(); - foreach ($tokens as $token) { - if ( - ($allowed === null || isset($allowed[$token])) && - !isset($forbidden[$token]) && - // We need this O(n) check because of PHP's array - // implementation that casts -0 to 0. - !in_array($token, $ret, true) - ) { - $ret[] = $token; - } - } - return $ret; - } -} diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php deleted file mode 100644 index d01e20454..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php +++ /dev/null @@ -1,32 +0,0 @@ -get('Core.ColorKeywords'); - - $string = trim($string); - - if (empty($string)) return false; - if (isset($colors[$string])) return $colors[$string]; - if ($string[0] === '#') $hex = substr($string, 1); - else $hex = $string; - - $length = strlen($hex); - if ($length !== 3 && $length !== 6) return false; - if (!ctype_xdigit($hex)) return false; - if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; - - return "#$hex"; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php deleted file mode 100644 index ae6ea7c01..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php +++ /dev/null @@ -1,21 +0,0 @@ -valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); - return parent::validate($string, $config, $context); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php deleted file mode 100644 index 81d03762d..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php +++ /dev/null @@ -1,70 +0,0 @@ -get('Attr.EnableID')) return false; - - $id = trim($id); // trim it first - - if ($id === '') return false; - - $prefix = $config->get('Attr.IDPrefix'); - if ($prefix !== '') { - $prefix .= $config->get('Attr.IDPrefixLocal'); - // prevent re-appending the prefix - if (strpos($id, $prefix) !== 0) $id = $prefix . $id; - } elseif ($config->get('Attr.IDPrefixLocal') !== '') { - trigger_error('%Attr.IDPrefixLocal cannot be used unless '. - '%Attr.IDPrefix is set', E_USER_WARNING); - } - - //if (!$this->ref) { - $id_accumulator =& $context->get('IDAccumulator'); - if (isset($id_accumulator->ids[$id])) return false; - //} - - // we purposely avoid using regex, hopefully this is faster - - if (ctype_alpha($id)) { - $result = true; - } else { - if (!ctype_alpha(@$id[0])) return false; - $trim = trim( // primitive style of regexps, I suppose - $id, - 'A..Za..z0..9:-._' - ); - $result = ($trim === ''); - } - - $regexp = $config->get('Attr.IDBlacklistRegexp'); - if ($regexp && preg_match($regexp, $id)) { - return false; - } - - if (/*!$this->ref && */$result) $id_accumulator->add($id); - - // if no change was made to the ID, return the result - // else, return the new id if stripping whitespace made it - // valid, or return false. - return $result ? $id : false; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php deleted file mode 100644 index a242f9c23..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php +++ /dev/null @@ -1,41 +0,0 @@ - 100) return '100%'; - - return ((string) $points) . '%'; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php deleted file mode 100644 index 76d25ed08..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php +++ /dev/null @@ -1,53 +0,0 @@ - 'AllowedRel', - 'rev' => 'AllowedRev' - ); - if (!isset($configLookup[$name])) { - trigger_error('Unrecognized attribute name for link '. - 'relationship.', E_USER_ERROR); - return; - } - $this->name = $configLookup[$name]; - } - - public function validate($string, $config, $context) { - - $allowed = $config->get('Attr.' . $this->name); - if (empty($allowed)) return false; - - $string = $this->parseCDATA($string); - $parts = explode(' ', $string); - - // lookup to prevent duplicates - $ret_lookup = array(); - foreach ($parts as $part) { - $part = strtolower(trim($part)); - if (!isset($allowed[$part])) continue; - $ret_lookup[$part] = true; - } - - if (empty($ret_lookup)) return false; - $string = implode(' ', array_keys($ret_lookup)); - - return $string; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php deleted file mode 100644 index c72fc76e4..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php +++ /dev/null @@ -1,41 +0,0 @@ -split($string, $config, $context); - $tokens = $this->filter($tokens, $config, $context); - if (empty($tokens)) return false; - return implode(' ', $tokens); - - } - - /** - * Splits a space separated list of tokens into its constituent parts. - */ - protected function split($string, $config, $context) { - // OPTIMIZABLE! - // do the preg_match, capture all subpatterns for reformulation - - // we don't support U+00A1 and up codepoints or - // escaping because I don't know how to do that with regexps - // and plus it would complicate optimization efforts (you never - // see that anyway). - $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start - '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. - '(?:(?=\s)|\z)/'; // look ahead for space or string end - preg_match_all($pattern, $string, $matches); - return $matches[1]; - } - - /** - * Template method for removing certain tokens based on arbitrary criteria. - * @note If we wanted to be really functional, we'd do an array_filter - * with a callback. But... we're not. - */ - protected function filter($tokens, $config, $context) { - return $tokens; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php deleted file mode 100644 index 4cb2c1b85..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php +++ /dev/null @@ -1,48 +0,0 @@ -max = $max; - } - - public function validate($string, $config, $context) { - - $string = trim($string); - if ($string === '0') return $string; - if ($string === '') return false; - $length = strlen($string); - if (substr($string, $length - 2) == 'px') { - $string = substr($string, 0, $length - 2); - } - if (!is_numeric($string)) return false; - $int = (int) $string; - - if ($int < 0) return '0'; - - // upper-bound value, extremely high values can - // crash operating systems, see - // WARNING, above link WILL crash you if you're using Windows - - if ($this->max !== null && $int > $this->max) return (string) $this->max; - - return (string) $int; - - } - - public function make($string) { - if ($string === '') $max = null; - else $max = (int) $string; - $class = get_class($this); - return new $class($max); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php deleted file mode 100644 index d59738d2a..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php +++ /dev/null @@ -1,73 +0,0 @@ -negative = $negative; - $this->zero = $zero; - $this->positive = $positive; - } - - public function validate($integer, $config, $context) { - - $integer = $this->parseCDATA($integer); - if ($integer === '') return false; - - // we could possibly simply typecast it to integer, but there are - // certain fringe cases that must not return an integer. - - // clip leading sign - if ( $this->negative && $integer[0] === '-' ) { - $digits = substr($integer, 1); - if ($digits === '0') $integer = '0'; // rm minus sign for zero - } elseif( $this->positive && $integer[0] === '+' ) { - $digits = $integer = substr($integer, 1); // rm unnecessary plus - } else { - $digits = $integer; - } - - // test if it's numeric - if (!ctype_digit($digits)) return false; - - // perform scope tests - if (!$this->zero && $integer == 0) return false; - if (!$this->positive && $integer > 0) return false; - if (!$this->negative && $integer < 0) return false; - - return $integer; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php deleted file mode 100644 index 10e6da56d..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php +++ /dev/null @@ -1,73 +0,0 @@ - 8 || !ctype_alnum($subtags[1])) { - return $new_string; - } - if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); - - $new_string .= '-' . $subtags[1]; - if ($num_subtags == 2) return $new_string; - - // process all other subtags, index 2 and up - for ($i = 2; $i < $num_subtags; $i++) { - $length = strlen($subtags[$i]); - if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) { - return $new_string; - } - if (!ctype_lower($subtags[$i])) { - $subtags[$i] = strtolower($subtags[$i]); - } - $new_string .= '-' . $subtags[$i]; - } - - return $new_string; - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php deleted file mode 100644 index c9e3ed193..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php +++ /dev/null @@ -1,34 +0,0 @@ -tag = $tag; - $this->withTag = $with_tag; - $this->withoutTag = $without_tag; - } - - public function validate($string, $config, $context) { - $token = $context->get('CurrentToken', true); - if (!$token || $token->name !== $this->tag) { - return $this->withoutTag->validate($string, $config, $context); - } else { - return $this->withTag->validate($string, $config, $context); - } - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php deleted file mode 100644 index c6216cc53..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php +++ /dev/null @@ -1,15 +0,0 @@ -parseCDATA($string); - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php deleted file mode 100644 index 01a6d83e9..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php +++ /dev/null @@ -1,77 +0,0 @@ -parser = new HTMLPurifier_URIParser(); - $this->embedsResource = (bool) $embeds_resource; - } - - public function make($string) { - $embeds = (bool) $string; - return new HTMLPurifier_AttrDef_URI($embeds); - } - - public function validate($uri, $config, $context) { - - if ($config->get('URI.Disable')) return false; - - $uri = $this->parseCDATA($uri); - - // parse the URI - $uri = $this->parser->parse($uri); - if ($uri === false) return false; - - // add embedded flag to context for validators - $context->register('EmbeddedURI', $this->embedsResource); - - $ok = false; - do { - - // generic validation - $result = $uri->validate($config, $context); - if (!$result) break; - - // chained filtering - $uri_def = $config->getDefinition('URI'); - $result = $uri_def->filter($uri, $config, $context); - if (!$result) break; - - // scheme-specific validation - $scheme_obj = $uri->getSchemeObj($config, $context); - if (!$scheme_obj) break; - if ($this->embedsResource && !$scheme_obj->browsable) break; - $result = $scheme_obj->validate($uri, $config, $context); - if (!$result) break; - - // Post chained filtering - $result = $uri_def->postFilter($uri, $config, $context); - if (!$result) break; - - // survived gauntlet - $ok = true; - - } while (false); - - $context->destroy('EmbeddedURI'); - if (!$ok) return false; - - // back to string - return $uri->toString(); - - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php deleted file mode 100644 index bfee9d166..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php +++ /dev/null @@ -1,17 +0,0 @@ -" - // that needs more percent encoding to be done - if ($string == '') return false; - $string = trim($string); - $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); - return $result ? $string : false; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php deleted file mode 100644 index feca469d7..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php +++ /dev/null @@ -1,68 +0,0 @@ -ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); - $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); - } - - public function validate($string, $config, $context) { - $length = strlen($string); - // empty hostname is OK; it's usually semantically equivalent: - // the default host as defined by a URI scheme is used: - // - // If the URI scheme defines a default for host, then that - // default applies when the host subcomponent is undefined - // or when the registered name is empty (zero length). - if ($string === '') return ''; - if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { - //IPv6 - $ip = substr($string, 1, $length - 2); - $valid = $this->ipv6->validate($ip, $config, $context); - if ($valid === false) return false; - return '['. $valid . ']'; - } - - // need to do checks on unusual encodings too - $ipv4 = $this->ipv4->validate($string, $config, $context); - if ($ipv4 !== false) return $ipv4; - - // A regular domain name. - - // This breaks I18N domain names, but we don't have proper IRI support, - // so force users to insert Punycode. If there's complaining we'll - // try to fix things into an international friendly form. - - // The productions describing this are: - $a = '[a-z]'; // alpha - $an = '[a-z0-9]'; // alphanum - $and = '[a-z0-9-]'; // alphanum | "-" - // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum - $domainlabel = "$an($and*$an)?"; - // toplabel = alpha | alpha *( alphanum | "-" ) alphanum - $toplabel = "$a($and*$an)?"; - // hostname = *( domainlabel "." ) toplabel [ "." ] - $match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string); - if (!$match) return false; - - return $string; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php deleted file mode 100644 index ec4cf591b..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php +++ /dev/null @@ -1,39 +0,0 @@ -ip4) $this->_loadRegex(); - - if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) - { - return $aIP; - } - - return false; - - } - - /** - * Lazy load function to prevent regex from being stuffed in - * cache. - */ - protected function _loadRegex() { - $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 - $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; - } - -} - -// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php deleted file mode 100644 index 9454e9be5..000000000 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php +++ /dev/null @@ -1,99 +0,0 @@ -ip4) $this->_loadRegex(); - - $original = $aIP; - - $hex = '[0-9a-fA-F]'; - $blk = '(?:' . $hex . '{1,4})'; - $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128 - - // prefix check - if (strpos($aIP, '/') !== false) - { - if (preg_match('#' . $pre . '$#s', $aIP, $find)) - { - $aIP = substr($aIP, 0, 0-strlen($find[0])); - unset($find); - } - else - { - return false; - } - } - - // IPv4-compatiblity check - if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find)) - { - $aIP = substr($aIP, 0, 0-strlen($find[0])); - $ip = explode('.', $find[0]); - $ip = array_map('dechex', $ip); - $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; - unset($find, $ip); - } - - // compression check - $aIP = explode('::', $aIP); - $c = count($aIP); - if ($c > 2) - { - return false; - } - elseif ($c == 2) - { - list($first, $second) = $aIP; - $first = explode(':', $first); - $second = explode(':', $second); - - if (count($first) + count($second) > 8) - { - return false; - } - - while(count($first) < 8) - { - array_push($first, '0'); - } - - array_splice($first, 8 - count($second), 8, $second); - $aIP = $first; - unset($first,$second); - } - else - { - $aIP = explode(':', $aIP[0]); - } - $c = count($aIP); - - if ($c != 8) - { - return false; - } - - // All the pieces should be 16-bit hex strings. Are they? - foreach ($aIP as $piece) - { - if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) - { - return false; - } - } - - return $original; - - } - -} - -// vim: et sw=4 sts=4 -- cgit v1.2.3