From f4f0f80d2118437e5047ba266f92d7acb3c38fb7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 11 Apr 2011 16:41:01 +0400
Subject: update HTMLPurifier; enable embedded flash video in articles

---
 .../HTMLPurifier/AttrTransform/Background.php      |  0
 .../library/HTMLPurifier/AttrTransform/BdoDir.php  |  2 +-
 .../library/HTMLPurifier/AttrTransform/BgColor.php |  0
 .../HTMLPurifier/AttrTransform/BoolToCSS.php       |  0
 .../library/HTMLPurifier/AttrTransform/Border.php  |  0
 .../HTMLPurifier/AttrTransform/EnumToCSS.php       |  0
 .../HTMLPurifier/AttrTransform/ImgRequired.php     | 11 +++---
 .../HTMLPurifier/AttrTransform/ImgSpace.php        |  0
 .../library/HTMLPurifier/AttrTransform/Input.php   |  0
 .../library/HTMLPurifier/AttrTransform/Lang.php    |  0
 .../library/HTMLPurifier/AttrTransform/Length.php  |  0
 .../library/HTMLPurifier/AttrTransform/Name.php    |  2 ++
 .../HTMLPurifier/AttrTransform/NameSync.php        | 27 ++++++++++++++
 .../HTMLPurifier/AttrTransform/Nofollow.php        | 41 ++++++++++++++++++++++
 .../HTMLPurifier/AttrTransform/SafeEmbed.php       |  0
 .../HTMLPurifier/AttrTransform/SafeObject.php      |  0
 .../HTMLPurifier/AttrTransform/SafeParam.php       | 16 ++++++++-
 .../HTMLPurifier/AttrTransform/ScriptRequired.php  |  0
 .../HTMLPurifier/AttrTransform/Textarea.php        |  0
 19 files changed, 92 insertions(+), 7 deletions(-)
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
 create mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
 create mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php

(limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrTransform')

diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
old mode 100755
new mode 100644
index 40310b914..4d1a05665
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
@@ -10,7 +10,7 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
 
     public function transform($attr, $config, $context) {
         if (isset($attr['dir'])) return $attr;
-        $attr['dir'] = $config->get('Attr', 'DefaultTextDir');
+        $attr['dir'] = $config->get('Attr.DefaultTextDir');
         return $attr;
     }
 
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
old mode 100755
new mode 100644
index 25c9403c2..7f0e4b7a5
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -15,21 +15,22 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
 
         $src = true;
         if (!isset($attr['src'])) {
-            if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
-            $attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
+            if ($config->get('Core.RemoveInvalidImg')) return $attr;
+            $attr['src'] = $config->get('Attr.DefaultInvalidImage');
             $src = false;
         }
 
         if (!isset($attr['alt'])) {
             if ($src) {
-                $alt = $config->get('Attr', 'DefaultImageAlt');
+                $alt = $config->get('Attr.DefaultImageAlt');
                 if ($alt === null) {
-                    $attr['alt'] = basename($attr['src']);
+                    // truncate if the alt is too long
+                    $attr['alt'] = substr(basename($attr['src']),0,40);
                 } else {
                     $attr['alt'] = $alt;
                 }
             } else {
-                $attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
+                $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
             }
         }
 
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
old mode 100755
new mode 100644
index e6f93aee3..15315bc73
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
@@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
 {
 
     public function transform($attr, $config, $context) {
+        // Abort early if we're using relaxed definition of name
+        if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
         if (!isset($attr['name'])) return $attr;
         $id = $this->confiscateAttr($attr, 'name');
         if ( isset($attr['id']))   return $attr;
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
new file mode 100644
index 000000000..a95638c14
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Post-transform that performs validation to the name attribute; if
+ * it is present with an equivalent id attribute, it is passed through;
+ * otherwise validation is performed.
+ */
+class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
+{
+
+    public function __construct() {
+        $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['name'])) return $attr;
+        $name = $attr['name'];
+        if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+        $result = $this->idDef->validate($name, $config, $context);
+        if ($result === false) unset($attr['name']);
+        else $attr['name'] = $result;
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
new file mode 100644
index 000000000..573b42c9c
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
@@ -0,0 +1,41 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Adds rel="nofollow" to all outbound links.  This transform is
+ * only attached if Attr.Nofollow is TRUE.
+ */
+class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
+{
+    private $parser;
+
+    public function __construct() {
+        $this->parser = new HTMLPurifier_URIParser();
+    }
+
+    public function transform($attr, $config, $context) {
+
+        if (!isset($attr['href'])) {
+            return $attr;
+        }
+
+        // XXX Kind of inefficient
+        $url = $this->parser->parse($attr['href']);
+        $scheme = $url->getSchemeObj($config, $context);
+
+        if (!is_null($url->host) && $scheme !== false && $scheme->browsable) {
+            if (isset($attr['rel'])) {
+                $attr['rel'] .= ' nofollow';
+            } else {
+                $attr['rel'] = 'nofollow';
+            }
+        }
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
old mode 100755
new mode 100644
index 94e8052a9..bd86a7455
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
 
     public function __construct() {
         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
     }
 
     public function transform($attr, $config, $context) {
@@ -33,12 +34,25 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
             case 'allowNetworking':
                 $attr['value'] = 'internal';
                 break;
+            case 'allowFullScreen':
+                if ($config->get('HTML.FlashAllowFullScreen')) {
+                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
+                } else {
+                    $attr['value'] = 'false';
+                }
+                break;
             case 'wmode':
-                $attr['value'] = 'window';
+                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
                 break;
             case 'movie':
+            case 'src':
+                $attr['name'] = "movie";
                 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
                 break;
+            case 'flashvars':
+                // we're going to allow arbitrary inputs to the SWF, on
+                // the reasoning that it could only hack the SWF, not us.
+                break;
             // add other cases to support other param name/value pairs
             default:
                 $attr['name'] = $attr['value'] = null;
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php
old mode 100755
new mode 100644
-- 
cgit v1.2.3