diff -Nru php-htmlpurifier-4.10.0/debian/changelog php-htmlpurifier-4.11.0/debian/changelog --- php-htmlpurifier-4.10.0/debian/changelog 2018-05-19 20:23:13.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/changelog 2019-12-01 20:36:03.000000000 +0000 @@ -1,3 +1,11 @@ +php-htmlpurifier (4.11.0-1) unstable; urgency=low + + * New upstream release + * Modernise packaging + * Update Policy, add R³:no + + -- Thorsten Glaser Sun, 01 Dec 2019 21:36:03 +0100 + php-htmlpurifier (4.10.0-1) unstable; urgency=medium * Take over with permission of previous team/uploader diff -Nru php-htmlpurifier-4.10.0/debian/compat php-htmlpurifier-4.11.0/debian/compat --- php-htmlpurifier-4.10.0/debian/compat 2018-05-18 20:45:09.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -11 diff -Nru php-htmlpurifier-4.10.0/debian/control php-htmlpurifier-4.11.0/debian/control --- php-htmlpurifier-4.10.0/debian/control 2018-05-19 20:23:00.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/control 2019-12-01 20:31:46.000000000 +0000 @@ -4,10 +4,10 @@ Maintainer: Teckids Debian Task Force Uploaders: Thorsten Glaser , Dominik George Homepage: http://htmlpurifier.org/ -Build-Depends: debhelper (>= 11), - pear-channels (>= 0~20141011), - pkg-php-tools (>= 1.1~) -Standards-Version: 4.1.4 +Build-Depends: debhelper-compat (= 12), pear-channels (>= 0~20141011), + pkg-php-tools (>= 1.1~) +Standards-Version: 4.4.1 +Rules-Requires-Root: no Vcs-Git: https://salsa.debian.org/tdtf-team/php-htmlpurifier.git Vcs-Browser: https://salsa.debian.org/tdtf-team/php-htmlpurifier diff -Nru php-htmlpurifier-4.10.0/debian/copyright php-htmlpurifier-4.11.0/debian/copyright --- php-htmlpurifier-4.10.0/debian/copyright 2018-05-18 20:47:47.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/copyright 2019-12-01 20:31:46.000000000 +0000 @@ -1,7 +1,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: HTML Purifier Upstream-Contact: Edward Z. Yang -Source: http://repo.or.cz/w/htmlpurifier.git +Source: uscan --verbose --rename Files: * Copyright: 2006-2008, Edward Z. Yang diff -Nru php-htmlpurifier-4.10.0/debian/links php-htmlpurifier-4.11.0/debian/links --- php-htmlpurifier-4.10.0/debian/links 2018-05-18 20:32:56.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/links 2019-12-01 20:31:46.000000000 +0000 @@ -1 +1 @@ -var/lib/php-htmlpurifier/Serializer usr/share/php/HTMLPurifier/DefinitionCache/Serializer +var/lib/php-htmlpurifier/Serializer usr/share/php/HTMLPurifier/DefinitionCache/Serializer diff -Nru php-htmlpurifier-4.10.0/debian/patches/0001-Use-a-default-writable-directory-in-var-lib.patch php-htmlpurifier-4.11.0/debian/patches/0001-Use-a-default-writable-directory-in-var-lib.patch --- php-htmlpurifier-4.10.0/debian/patches/0001-Use-a-default-writable-directory-in-var-lib.patch 2018-05-18 20:39:33.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/patches/0001-Use-a-default-writable-directory-in-var-lib.patch 2019-12-01 20:31:46.000000000 +0000 @@ -6,8 +6,8 @@ HTMLPurifier-4.7.0/HTMLPurifier/DefinitionCache/Serializer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/HTMLPurifier-4.10.0/HTMLPurifier/DefinitionCache/Serializer.php -+++ b/HTMLPurifier-4.10.0/HTMLPurifier/DefinitionCache/Serializer.php +--- a/HTMLPurifier-4.11.0/HTMLPurifier/DefinitionCache/Serializer.php ++++ b/HTMLPurifier-4.11.0/HTMLPurifier/DefinitionCache/Serializer.php @@ -183,7 +183,7 @@ class HTMLPurifier_DefinitionCache_Seria public function generateBaseDirectoryPath($config) { diff -Nru php-htmlpurifier-4.10.0/debian/postinst php-htmlpurifier-4.11.0/debian/postinst --- php-htmlpurifier-4.10.0/debian/postinst 2018-05-18 20:32:56.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/postinst 2019-12-01 20:31:46.000000000 +0000 @@ -2,12 +2,49 @@ set -e -#DEBHELPER# +# This maintainer script can be called the following ways: +# +# * new-postinst "configure" [$most_recently_configured_version] +# The package is unpacked; all dependencies are unpacked and, when there +# are no circular dependencies, configured. +# +# * old-postinst "abort-upgrade" $new_version +# * conflictors-postinst "abort-remove" "in-favour" $package +# $new_version +# * postinst "abort-remove" +# * deconfigureds-postinst "abort-deconfigure" "in-favour" +# $failed_install_package $fip_version ["removing" +# $conflicting_package $cp_version] +# The package is unpacked; all dependencies are at least Half-Installed, +# previously been configured, and not removed. In some error situations, +# dependencies may not be even fully unpacked. +# +# * postinst "triggered" "${triggers[*]}" +# For trigger-only calls, i.e. if "configure" is not called. -if [ "$1" = "configure" ] ; then - if ! dpkg-statoverride --list /var/lib/php-htmlpurifier/Serializer >/dev/null 2>&1; then - dpkg-statoverride --update --add www-data www-data 2770 /var/lib/php-htmlpurifier/Serializer +case $1 in +configure) + x=/var/lib/php-htmlpurifier/Serializer + if ! dpkg-statoverride --list "$x" >/dev/null 2>&1; then + dpkg-statoverride --update --add www-data www-data 2770 "$x" fi -fi + ;; + +abort-upgrade|abort-remove|abort-deconfigure) + ;; + +triggered) + ;; + +*) + echo >&2 "postinst called with unknown subcommand '$1'" + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# exit 0 diff -Nru php-htmlpurifier-4.10.0/debian/rules php-htmlpurifier-4.11.0/debian/rules --- php-htmlpurifier-4.10.0/debian/rules 2018-05-18 20:44:32.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/rules 2019-12-01 20:31:46.000000000 +0000 @@ -1,4 +1,14 @@ #!/usr/bin/make -f + +ifeq (,$(filter terse,${DEB_BUILD_OPTIONS})) +export DH_VERBOSE=1 +export V=1 +export VERBOSE=1 +endif + +LC_ALL:=C.UTF-8 +export LC_ALL + %: dh $@ --buildsystem=phppear --with phppear @@ -7,4 +17,4 @@ sed -i '/README/d' */package.xml override_dh_installchangelogs: - dh_installchangelogs $(CURDIR)/debian/upstream/changelog + dh_installchangelogs debian/upstream/changelog diff -Nru php-htmlpurifier-4.10.0/debian/upstream/changelog php-htmlpurifier-4.11.0/debian/upstream/changelog --- php-htmlpurifier-4.10.0/debian/upstream/changelog 2018-05-18 20:38:39.000000000 +0000 +++ php-htmlpurifier-4.11.0/debian/upstream/changelog 2019-12-01 20:31:46.000000000 +0000 @@ -9,6 +9,34 @@ . Internal change ========================== +4.11.0, released 2019-07-14 +# SafeScripting now matches case-sensitively against its whitelist (previously it was + case-insensitive.) Thanks Dimitri Gritsajuk + for reporting. +! New directive %Core.AllowParseManyTags which allows parsing of many nested tags. + Thanks M. Suzuki for contributing the patch. +! purifyArray now supports multidimensional arrays. Thanks + Sandro Miguel Marques for contributing this patch. +! initial and inherit settings available for width, height, and the min-/max- + versions thereof. Thanks Michael Kliewe for contributing + this patch. +! More color names are supported. Thanks Daijobou for contributing. +- Compatibility fixes for PHP 7.3, including new CI for PHP 7.3 + (thank you Lukas Neumann ) and removal of + reserved words in our constants (thanks Darko Hrgovic +- Compatibility fixes for HHVM. Thanks Mateusz Turcza for contributing + this fix. +- HTML Purifier now never defines __autoload, fixing #196. Thanks + Michael Kliewe for reporting. +- In some situations, Config.php would report an undefined index: class + error; this has been fixed. Thanks DiLong Fa for contributing + this fix. +- We no longer produce )#si', - array($this, 'scriptCallback'), - $html - ); - } - - $html = $this->normalize($html, $config, $context); - - $cursor = 0; // our location in the text - $inside_tag = false; // whether or not we're parsing the inside of a tag - $array = array(); // result array - - // This is also treated to mean maintain *column* numbers too - $maintain_line_numbers = $config->get('Core.MaintainLineNumbers'); - - if ($maintain_line_numbers === null) { - // automatically determine line numbering by checking - // if error collection is on - $maintain_line_numbers = $config->get('Core.CollectErrors'); - } - - if ($maintain_line_numbers) { - $current_line = 1; - $current_col = 0; - $length = strlen($html); - } else { - $current_line = false; - $current_col = false; - $length = false; - } - $context->register('CurrentLine', $current_line); - $context->register('CurrentCol', $current_col); - $nl = "\n"; - // how often to manually recalculate. This will ALWAYS be right, - // but it's pretty wasteful. Set to 0 to turn off - $synchronize_interval = $config->get('Core.DirectLexLineNumberSyncInterval'); - - $e = false; - if ($config->get('Core.CollectErrors')) { - $e =& $context->get('ErrorCollector'); - } - - // for testing synchronization - $loops = 0; - - while (++$loops) { - // $cursor is either at the start of a token, or inside of - // a tag (i.e. there was a < immediately before it), as indicated - // by $inside_tag - - if ($maintain_line_numbers) { - // $rcursor, however, is always at the start of a token. - $rcursor = $cursor - (int)$inside_tag; - - // Column number is cheap, so we calculate it every round. - // We're interested at the *end* of the newline string, so - // we need to add strlen($nl) == 1 to $nl_pos before subtracting it - // from our "rcursor" position. - $nl_pos = strrpos($html, $nl, $rcursor - $length); - $current_col = $rcursor - (is_bool($nl_pos) ? 0 : $nl_pos + 1); - - // recalculate lines - if ($synchronize_interval && // synchronization is on - $cursor > 0 && // cursor is further than zero - $loops % $synchronize_interval === 0) { // time to synchronize! - $current_line = 1 + $this->substrCount($html, $nl, 0, $cursor); - } - } - - $position_next_lt = strpos($html, '<', $cursor); - $position_next_gt = strpos($html, '>', $cursor); - - // triggers on "asdf" but not "asdf " - // special case to set up context - if ($position_next_lt === $cursor) { - $inside_tag = true; - $cursor++; - } - - if (!$inside_tag && $position_next_lt !== false) { - // We are not inside tag and there still is another tag to parse - $token = new - HTMLPurifier_Token_Text( - $this->parseText( - substr( - $html, - $cursor, - $position_next_lt - $cursor - ), $config - ) - ); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $position_next_lt - $cursor); - } - $array[] = $token; - $cursor = $position_next_lt + 1; - $inside_tag = true; - continue; - } elseif (!$inside_tag) { - // We are not inside tag but there are no more tags - // If we're already at the end, break - if ($cursor === strlen($html)) { - break; - } - // Create Text of rest of string - $token = new - HTMLPurifier_Token_Text( - $this->parseText( - substr( - $html, - $cursor - ), $config - ) - ); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - } - $array[] = $token; - break; - } elseif ($inside_tag && $position_next_gt !== false) { - // We are in tag and it is well formed - // Grab the internals of the tag - $strlen_segment = $position_next_gt - $cursor; - - if ($strlen_segment < 1) { - // there's nothing to process! - $token = new HTMLPurifier_Token_Text('<'); - $cursor++; - continue; - } - - $segment = substr($html, $cursor, $strlen_segment); - - if ($segment === false) { - // somehow, we attempted to access beyond the end of - // the string, defense-in-depth, reported by Nate Abele - break; - } - - // Check if it's a comment - if (substr($segment, 0, 3) === '!--') { - // re-determine segment length, looking for --> - $position_comment_end = strpos($html, '-->', $cursor); - if ($position_comment_end === false) { - // uh oh, we have a comment that extends to - // infinity. Can't be helped: set comment - // end position to end of string - if ($e) { - $e->send(E_WARNING, 'Lexer: Unclosed comment'); - } - $position_comment_end = strlen($html); - $end = true; - } else { - $end = false; - } - $strlen_segment = $position_comment_end - $cursor; - $segment = substr($html, $cursor, $strlen_segment); - $token = new - HTMLPurifier_Token_Comment( - substr( - $segment, - 3, - $strlen_segment - 3 - ) - ); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment); - } - $array[] = $token; - $cursor = $end ? $position_comment_end : $position_comment_end + 3; - $inside_tag = false; - continue; - } - - // Check if it's an end tag - $is_end_tag = (strpos($segment, '/') === 0); - if ($is_end_tag) { - $type = substr($segment, 1); - $token = new HTMLPurifier_Token_End($type); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor); - } - $array[] = $token; - $inside_tag = false; - $cursor = $position_next_gt + 1; - continue; - } - - // Check leading character is alnum, if not, we may - // have accidently grabbed an emoticon. Translate into - // text and go our merry way - if (!ctype_alpha($segment[0])) { - // XML: $segment[0] !== '_' && $segment[0] !== ':' - if ($e) { - $e->send(E_NOTICE, 'Lexer: Unescaped lt'); - } - $token = new HTMLPurifier_Token_Text('<'); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor); - } - $array[] = $token; - $inside_tag = false; - continue; - } - - // Check if it is explicitly self closing, if so, remove - // trailing slash. Remember, we could have a tag like
, so - // any later token processing scripts must convert improperly - // classified EmptyTags from StartTags. - $is_self_closing = (strrpos($segment, '/') === $strlen_segment - 1); - if ($is_self_closing) { - $strlen_segment--; - $segment = substr($segment, 0, $strlen_segment); - } - - // Check if there are any attributes - $position_first_space = strcspn($segment, $this->_whitespace); - - if ($position_first_space >= $strlen_segment) { - if ($is_self_closing) { - $token = new HTMLPurifier_Token_Empty($segment); - } else { - $token = new HTMLPurifier_Token_Start($segment); - } - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor); - } - $array[] = $token; - $inside_tag = false; - $cursor = $position_next_gt + 1; - continue; - } - - // Grab out all the data - $type = substr($segment, 0, $position_first_space); - $attribute_string = - trim( - substr( - $segment, - $position_first_space - ) - ); - if ($attribute_string) { - $attr = $this->parseAttributeString( - $attribute_string, - $config, - $context - ); - } else { - $attr = array(); - } - - if ($is_self_closing) { - $token = new HTMLPurifier_Token_Empty($type, $attr); - } else { - $token = new HTMLPurifier_Token_Start($type, $attr); - } - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor); - } - $array[] = $token; - $cursor = $position_next_gt + 1; - $inside_tag = false; - continue; - } else { - // inside tag, but there's no ending > sign - if ($e) { - $e->send(E_WARNING, 'Lexer: Missing gt'); - } - $token = new - HTMLPurifier_Token_Text( - '<' . - $this->parseText( - substr($html, $cursor), $config - ) - ); - if ($maintain_line_numbers) { - $token->rawPosition($current_line, $current_col); - } - // no cursor scroll? Hmm... - $array[] = $token; - break; - } - break; - } - - $context->destroy('CurrentLine'); - $context->destroy('CurrentCol'); - return $array; - } - - /** - * PHP 5.0.x compatible substr_count that implements offset and length - * @param string $haystack - * @param string $needle - * @param int $offset - * @param int $length - * @return int - */ - protected function substrCount($haystack, $needle, $offset, $length) - { - static $oldVersion; - if ($oldVersion === null) { - $oldVersion = version_compare(PHP_VERSION, '5.1', '<'); - } - if ($oldVersion) { - $haystack = substr($haystack, $offset, $length); - return substr_count($haystack, $needle); - } else { - return substr_count($haystack, $needle, $offset, $length); - } - } - - /** - * Takes the inside of an HTML tag and makes an assoc array of attributes. - * - * @param string $string Inside of tag excluding name. - * @param HTMLPurifier_Config $config - * @param HTMLPurifier_Context $context - * @return array Assoc array of attributes. - */ - public function parseAttributeString($string, $config, $context) - { - $string = (string)$string; // quick typecast - - if ($string == '') { - return array(); - } // no attributes - - $e = false; - if ($config->get('Core.CollectErrors')) { - $e =& $context->get('ErrorCollector'); - } - - // let's see if we can abort as quickly as possible - // one equal sign, no spaces => one attribute - $num_equal = substr_count($string, '='); - $has_space = strpos($string, ' '); - if ($num_equal === 0 && !$has_space) { - // bool attribute - return array($string => $string); - } elseif ($num_equal === 1 && !$has_space) { - // only one attribute - list($key, $quoted_value) = explode('=', $string); - $quoted_value = trim($quoted_value); - if (!$key) { - if ($e) { - $e->send(E_ERROR, 'Lexer: Missing attribute key'); - } - return array(); - } - if (!$quoted_value) { - return array($key => ''); - } - $first_char = @$quoted_value[0]; - $last_char = @$quoted_value[strlen($quoted_value) - 1]; - - $same_quote = ($first_char == $last_char); - $open_quote = ($first_char == '"' || $first_char == "'"); - - if ($same_quote && $open_quote) { - // well behaved - $value = substr($quoted_value, 1, strlen($quoted_value) - 2); - } else { - // not well behaved - if ($open_quote) { - if ($e) { - $e->send(E_ERROR, 'Lexer: Missing end quote'); - } - $value = substr($quoted_value, 1); - } else { - $value = $quoted_value; - } - } - if ($value === false) { - $value = ''; - } - return array($key => $this->parseAttr($value, $config)); - } - - // setup loop environment - $array = array(); // return assoc array of attributes - $cursor = 0; // current position in string (moves forward) - $size = strlen($string); // size of the string (stays the same) - - // if we have unquoted attributes, the parser expects a terminating - // space, so let's guarantee that there's always a terminating space. - $string .= ' '; - - $old_cursor = -1; - while ($cursor < $size) { - if ($old_cursor >= $cursor) { - throw new Exception("Infinite loop detected"); - } - $old_cursor = $cursor; - - $cursor += ($value = strspn($string, $this->_whitespace, $cursor)); - // grab the key - - $key_begin = $cursor; //we're currently at the start of the key - - // scroll past all characters that are the key (not whitespace or =) - $cursor += strcspn($string, $this->_whitespace . '=', $cursor); - - $key_end = $cursor; // now at the end of the key - - $key = substr($string, $key_begin, $key_end - $key_begin); - - if (!$key) { - if ($e) { - $e->send(E_ERROR, 'Lexer: Missing attribute key'); - } - $cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop - continue; // empty key - } - - // scroll past all whitespace - $cursor += strspn($string, $this->_whitespace, $cursor); - - if ($cursor >= $size) { - $array[$key] = $key; - break; - } - - // if the next character is an equal sign, we've got a regular - // pair, otherwise, it's a bool attribute - $first_char = @$string[$cursor]; - - if ($first_char == '=') { - // key="value" - - $cursor++; - $cursor += strspn($string, $this->_whitespace, $cursor); - - if ($cursor === false) { - $array[$key] = ''; - break; - } - - // we might be in front of a quote right now - - $char = @$string[$cursor]; - - if ($char == '"' || $char == "'") { - // it's quoted, end bound is $char - $cursor++; - $value_begin = $cursor; - $cursor = strpos($string, $char, $cursor); - $value_end = $cursor; - } else { - // it's not quoted, end bound is whitespace - $value_begin = $cursor; - $cursor += strcspn($string, $this->_whitespace, $cursor); - $value_end = $cursor; - } - - // we reached a premature end - if ($cursor === false) { - $cursor = $size; - $value_end = $cursor; - } - - $value = substr($string, $value_begin, $value_end - $value_begin); - if ($value === false) { - $value = ''; - } - $array[$key] = $this->parseAttr($value, $config); - $cursor++; - } else { - // boolattr - if ($key !== '') { - $array[$key] = $key; - } else { - // purely theoretical - if ($e) { - $e->send(E_ERROR, 'Lexer: Missing attribute key'); - } - } - } - } - return $array; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Lexer/DOMLex.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Lexer/DOMLex.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Lexer/DOMLex.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Lexer/DOMLex.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,328 +0,0 @@ -factory = new HTMLPurifier_TokenFactory(); - } - - /** - * @param string $html - * @param HTMLPurifier_Config $config - * @param HTMLPurifier_Context $context - * @return HTMLPurifier_Token[] - */ - public function tokenizeHTML($html, $config, $context) - { - $html = $this->normalize($html, $config, $context); - - // attempt to armor stray angled brackets that cannot possibly - // form tags and thus are probably being used as emoticons - if ($config->get('Core.AggressivelyFixLt')) { - $char = '[^a-z!\/]'; - $comment = "/|\z)/is"; - $html = preg_replace_callback($comment, array($this, 'callbackArmorCommentEntities'), $html); - do { - $old = $html; - $html = preg_replace("/<($char)/i", '<\\1', $html); - } while ($html !== $old); - $html = preg_replace_callback($comment, array($this, 'callbackUndoCommentSubst'), $html); // fix comments - } - - // preprocess html, essential for UTF-8 - $html = $this->wrapHTML($html, $config, $context); - - $doc = new DOMDocument(); - $doc->encoding = 'UTF-8'; // theoretically, the above has this covered - - set_error_handler(array($this, 'muteErrorHandler')); - $doc->loadHTML($html); - restore_error_handler(); - - $body = $doc->getElementsByTagName('html')->item(0)-> // - getElementsByTagName('body')->item(0); // - - $div = $body->getElementsByTagName('div')->item(0); //
- $tokens = array(); - $this->tokenizeDOM($div, $tokens, $config); - // If the div has a sibling, that means we tripped across - // a premature
tag. So remove the div we parsed, - // and then tokenize the rest of body. We can't tokenize - // the sibling directly as we'll lose the tags in that case. - if ($div->nextSibling) { - $body->removeChild($div); - $this->tokenizeDOM($body, $tokens, $config); - } - return $tokens; - } - - /** - * Iterative function that tokenizes a node, putting it into an accumulator. - * To iterate is human, to recurse divine - L. Peter Deutsch - * @param DOMNode $node DOMNode to be tokenized. - * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. - * @return HTMLPurifier_Token of node appended to previously passed tokens. - */ - protected function tokenizeDOM($node, &$tokens, $config) - { - $level = 0; - $nodes = array($level => new HTMLPurifier_Queue(array($node))); - $closingNodes = array(); - do { - while (!$nodes[$level]->isEmpty()) { - $node = $nodes[$level]->shift(); // FIFO - $collect = $level > 0 ? true : false; - $needEndingTag = $this->createStartNode($node, $tokens, $collect, $config); - if ($needEndingTag) { - $closingNodes[$level][] = $node; - } - if ($node->childNodes && $node->childNodes->length) { - $level++; - $nodes[$level] = new HTMLPurifier_Queue(); - foreach ($node->childNodes as $childNode) { - $nodes[$level]->push($childNode); - } - } - } - $level--; - if ($level && isset($closingNodes[$level])) { - while ($node = array_pop($closingNodes[$level])) { - $this->createEndNode($node, $tokens); - } - } - } while ($level > 0); - } - - /** - * Portably retrieve the tag name of a node; deals with older versions - * of libxml like 2.7.6 - * @param DOMNode $node - */ - protected function getTagName($node) - { - if (property_exists($node, 'tagName')) { - return $node->tagName; - } else if (property_exists($node, 'nodeName')) { - return $node->nodeName; - } else if (property_exists($node, 'localName')) { - return $node->localName; - } - return null; - } - - /** - * Portably retrieve the data of a node; deals with older versions - * of libxml like 2.7.6 - * @param DOMNode $node - */ - protected function getData($node) - { - if (property_exists($node, 'data')) { - return $node->data; - } else if (property_exists($node, 'nodeValue')) { - return $node->nodeValue; - } else if (property_exists($node, 'textContent')) { - return $node->textContent; - } - return null; - } - - - /** - * @param DOMNode $node DOMNode to be tokenized. - * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. - * @param bool $collect Says whether or start and close are collected, set to - * false at first recursion because it's the implicit DIV - * tag you're dealing with. - * @return bool if the token needs an endtoken - * @todo data and tagName properties don't seem to exist in DOMNode? - */ - protected function createStartNode($node, &$tokens, $collect, $config) - { - // intercept non element nodes. WE MUST catch all of them, - // but we're not getting the character reference nodes because - // those should have been preprocessed - if ($node->nodeType === XML_TEXT_NODE) { - $data = $this->getData($node); // Handle variable data property - if ($data !== null) { - $tokens[] = $this->factory->createText($data); - } - return false; - } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) { - // undo libxml's special treatment of #i', '', $html); - } - - return $html; - } - - /** - * Takes a string of HTML (fragment or document) and returns the content - * @todo Consider making protected - */ - public function extractBody($html) - { - $matches = array(); - $result = preg_match('|(.*?)]*>(.*)|is', $html, $matches); - if ($result) { - // Make sure it's not in a comment - $comment_start = strrpos($matches[1], ''); - if ($comment_start === false || - ($comment_end !== false && $comment_end > $comment_start)) { - return $matches[2]; - } - } - return $html; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Comment.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Comment.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Comment.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Comment.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -data = $data; - $this->line = $line; - $this->col = $col; - } - - public function toTokenPair() { - return array(new HTMLPurifier_Token_Comment($this->data, $this->line, $this->col), null); - } -} diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Element.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Element.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Element.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Element.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,59 +0,0 @@ - form or the form, i.e. - * is it a pair of start/end tokens or an empty token. - * @bool - */ - public $empty = false; - - public $endCol = null, $endLine = null, $endArmor = array(); - - public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array()) { - $this->name = $name; - $this->attr = $attr; - $this->line = $line; - $this->col = $col; - $this->armor = $armor; - } - - public function toTokenPair() { - // XXX inefficiency here, normalization is not necessary - if ($this->empty) { - return array(new HTMLPurifier_Token_Empty($this->name, $this->attr, $this->line, $this->col, $this->armor), null); - } else { - $start = new HTMLPurifier_Token_Start($this->name, $this->attr, $this->line, $this->col, $this->armor); - $end = new HTMLPurifier_Token_End($this->name, array(), $this->endLine, $this->endCol, $this->endArmor); - //$end->start = $start; - return array($start, $end); - } - } -} - diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Text.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Text.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Text.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node/Text.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -data = $data; - $this->is_whitespace = $is_whitespace; - $this->line = $line; - $this->col = $col; - } - - public function toTokenPair() { - return array(new HTMLPurifier_Token_Text($this->data, $this->line, $this->col), null); - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Node.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Node.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -preserve[$i] = true; - } - for ($i = 65; $i <= 90; $i++) { // upper-case - $this->preserve[$i] = true; - } - for ($i = 97; $i <= 122; $i++) { // lower-case - $this->preserve[$i] = true; - } - $this->preserve[45] = true; // Dash - - $this->preserve[46] = true; // Period . - $this->preserve[95] = true; // Underscore _ - $this->preserve[126]= true; // Tilde ~ - - // extra letters not to escape - if ($preserve !== false) { - for ($i = 0, $c = strlen($preserve); $i < $c; $i++) { - $this->preserve[ord($preserve[$i])] = true; - } - } - } - - /** - * Our replacement for urlencode, it encodes all non-reserved characters, - * as well as any extra characters that were instructed to be preserved. - * @note - * Assumes that the string has already been normalized, making any - * and all percent escape sequences valid. Percents will not be - * re-escaped, regardless of their status in $preserve - * @param string $string String to be encoded - * @return string Encoded string. - */ - public function encode($string) - { - $ret = ''; - for ($i = 0, $c = strlen($string); $i < $c; $i++) { - if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])])) { - $ret .= '%' . sprintf('%02X', $int); - } else { - $ret .= $string[$i]; - } - } - return $ret; - } - - /** - * Fix up percent-encoding by decoding unreserved characters and normalizing. - * @warning This function is affected by $preserve, even though the - * usual desired behavior is for this not to preserve those - * characters. Be careful when reusing instances of PercentEncoder! - * @param string $string String to normalize - * @return string - */ - public function normalize($string) - { - if ($string == '') { - return ''; - } - $parts = explode('%', $string); - $ret = array_shift($parts); - foreach ($parts as $part) { - $length = strlen($part); - if ($length < 2) { - $ret .= '%25' . $part; - continue; - } - $encoding = substr($part, 0, 2); - $text = substr($part, 2); - if (!ctype_xdigit($encoding)) { - $ret .= '%25' . $part; - continue; - } - $int = hexdec($encoding); - if (isset($this->preserve[$int])) { - $ret .= chr($int) . $text; - continue; - } - $encoding = strtoupper($encoding); - $ret .= '%' . $encoding . $text; - } - return $ret; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.css php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.css --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.css 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.css 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ - -.hp-config {} - -.hp-config tbody th {text-align:right; padding-right:0.5em;} -.hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;} -.hp-config .namespace th {text-align:center;} -.hp-config .verbose {display:none;} -.hp-config .controls {text-align:center;} - -/* vim: et sw=4 sts=4 */ diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.js php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.js --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.js 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.js 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -function toggleWriteability(id_of_patient, checked) { - document.getElementById(id_of_patient).disabled = checked; -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/ConfigForm.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,451 +0,0 @@ -docURL = $doc_url; - $this->name = $name; - $this->compress = $compress; - // initialize sub-printers - $this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default(); - $this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool(); - } - - /** - * Sets default column and row size for textareas in sub-printers - * @param $cols Integer columns of textarea, null to use default - * @param $rows Integer rows of textarea, null to use default - */ - public function setTextareaDimensions($cols = null, $rows = null) - { - if ($cols) { - $this->fields['default']->cols = $cols; - } - if ($rows) { - $this->fields['default']->rows = $rows; - } - } - - /** - * Retrieves styling, in case it is not accessible by webserver - */ - public static function getCSS() - { - return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.css'); - } - - /** - * Retrieves JavaScript, in case it is not accessible by webserver - */ - public static function getJavaScript() - { - return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.js'); - } - - /** - * Returns HTML output for a configuration form - * @param HTMLPurifier_Config|array $config Configuration object of current form state, or an array - * where [0] has an HTML namespace and [1] is being rendered. - * @param array|bool $allowed Optional namespace(s) and directives to restrict form to. - * @param bool $render_controls - * @return string - */ - public function render($config, $allowed = true, $render_controls = true) - { - if (is_array($config) && isset($config[0])) { - $gen_config = $config[0]; - $config = $config[1]; - } else { - $gen_config = $config; - } - - $this->config = $config; - $this->genConfig = $gen_config; - $this->prepareGenerator($gen_config); - - $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $config->def); - $all = array(); - foreach ($allowed as $key) { - list($ns, $directive) = $key; - $all[$ns][$directive] = $config->get($ns . '.' . $directive); - } - - $ret = ''; - $ret .= $this->start('table', array('class' => 'hp-config')); - $ret .= $this->start('thead'); - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Directive', array('class' => 'hp-directive')); - $ret .= $this->element('th', 'Value', array('class' => 'hp-value')); - $ret .= $this->end('tr'); - $ret .= $this->end('thead'); - foreach ($all as $ns => $directives) { - $ret .= $this->renderNamespace($ns, $directives); - } - if ($render_controls) { - $ret .= $this->start('tbody'); - $ret .= $this->start('tr'); - $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls')); - $ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit')); - $ret .= '[Reset]'; - $ret .= $this->end('td'); - $ret .= $this->end('tr'); - $ret .= $this->end('tbody'); - } - $ret .= $this->end('table'); - return $ret; - } - - /** - * Renders a single namespace - * @param $ns String namespace name - * @param array $directives array of directives to values - * @return string - */ - protected function renderNamespace($ns, $directives) - { - $ret = ''; - $ret .= $this->start('tbody', array('class' => 'namespace')); - $ret .= $this->start('tr'); - $ret .= $this->element('th', $ns, array('colspan' => 2)); - $ret .= $this->end('tr'); - $ret .= $this->end('tbody'); - $ret .= $this->start('tbody'); - foreach ($directives as $directive => $value) { - $ret .= $this->start('tr'); - $ret .= $this->start('th'); - if ($this->docURL) { - $url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL); - $ret .= $this->start('a', array('href' => $url)); - } - $attr = array('for' => "{$this->name}:$ns.$directive"); - - // crop directive name if it's too long - if (!$this->compress || (strlen($directive) < $this->compress)) { - $directive_disp = $directive; - } else { - $directive_disp = substr($directive, 0, $this->compress - 2) . '...'; - $attr['title'] = $directive; - } - - $ret .= $this->element( - 'label', - $directive_disp, - // component printers must create an element with this id - $attr - ); - if ($this->docURL) { - $ret .= $this->end('a'); - } - $ret .= $this->end('th'); - - $ret .= $this->start('td'); - $def = $this->config->def->info["$ns.$directive"]; - if (is_int($def)) { - $allow_null = $def < 0; - $type = abs($def); - } else { - $type = $def->type; - $allow_null = isset($def->allow_null); - } - if (!isset($this->fields[$type])) { - $type = 0; - } // default - $type_obj = $this->fields[$type]; - if ($allow_null) { - $type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj); - } - $ret .= $type_obj->render($ns, $directive, $value, $this->name, array($this->genConfig, $this->config)); - $ret .= $this->end('td'); - $ret .= $this->end('tr'); - } - $ret .= $this->end('tbody'); - return $ret; - } - -} - -/** - * Printer decorator for directives that accept null - */ -class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer -{ - /** - * Printer being decorated - * @type HTMLPurifier_Printer - */ - protected $obj; - - /** - * @param HTMLPurifier_Printer $obj Printer to decorate - */ - public function __construct($obj) - { - parent::__construct(); - $this->obj = $obj; - } - - /** - * @param string $ns - * @param string $directive - * @param string $value - * @param string $name - * @param HTMLPurifier_Config|array $config - * @return string - */ - public function render($ns, $directive, $value, $name, $config) - { - if (is_array($config) && isset($config[0])) { - $gen_config = $config[0]; - $config = $config[1]; - } else { - $gen_config = $config; - } - $this->prepareGenerator($gen_config); - - $ret = ''; - $ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive")); - $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose')); - $ret .= $this->text(' Null/Disabled'); - $ret .= $this->end('label'); - $attr = array( - 'type' => 'checkbox', - 'value' => '1', - 'class' => 'null-toggle', - 'name' => "$name" . "[Null_$ns.$directive]", - 'id' => "$name:Null_$ns.$directive", - 'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!! - ); - if ($this->obj instanceof HTMLPurifier_Printer_ConfigForm_bool) { - // modify inline javascript slightly - $attr['onclick'] = - "toggleWriteability('$name:Yes_$ns.$directive',checked);" . - "toggleWriteability('$name:No_$ns.$directive',checked)"; - } - if ($value === null) { - $attr['checked'] = 'checked'; - } - $ret .= $this->elementEmpty('input', $attr); - $ret .= $this->text(' or '); - $ret .= $this->elementEmpty('br'); - $ret .= $this->obj->render($ns, $directive, $value, $name, array($gen_config, $config)); - return $ret; - } -} - -/** - * Swiss-army knife configuration form field printer - */ -class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer -{ - /** - * @type int - */ - public $cols = 18; - - /** - * @type int - */ - public $rows = 5; - - /** - * @param string $ns - * @param string $directive - * @param string $value - * @param string $name - * @param HTMLPurifier_Config|array $config - * @return string - */ - public function render($ns, $directive, $value, $name, $config) - { - if (is_array($config) && isset($config[0])) { - $gen_config = $config[0]; - $config = $config[1]; - } else { - $gen_config = $config; - } - $this->prepareGenerator($gen_config); - // this should probably be split up a little - $ret = ''; - $def = $config->def->info["$ns.$directive"]; - if (is_int($def)) { - $type = abs($def); - } else { - $type = $def->type; - } - if (is_array($value)) { - switch ($type) { - case HTMLPurifier_VarParser::LOOKUP: - $array = $value; - $value = array(); - foreach ($array as $val => $b) { - $value[] = $val; - } - //TODO does this need a break? - case HTMLPurifier_VarParser::ALIST: - $value = implode(PHP_EOL, $value); - break; - case HTMLPurifier_VarParser::HASH: - $nvalue = ''; - foreach ($value as $i => $v) { - if (is_array($v)) { - // HACK - $v = implode(";", $v); - } - $nvalue .= "$i:$v" . PHP_EOL; - } - $value = $nvalue; - break; - default: - $value = ''; - } - } - if ($type === HTMLPurifier_VarParser::MIXED) { - return 'Not supported'; - $value = serialize($value); - } - $attr = array( - 'name' => "$name" . "[$ns.$directive]", - 'id' => "$name:$ns.$directive" - ); - if ($value === null) { - $attr['disabled'] = 'disabled'; - } - if (isset($def->allowed)) { - $ret .= $this->start('select', $attr); - foreach ($def->allowed as $val => $b) { - $attr = array(); - if ($value == $val) { - $attr['selected'] = 'selected'; - } - $ret .= $this->element('option', $val, $attr); - } - $ret .= $this->end('select'); - } elseif ($type === HTMLPurifier_VarParser::TEXT || - $type === HTMLPurifier_VarParser::ITEXT || - $type === HTMLPurifier_VarParser::ALIST || - $type === HTMLPurifier_VarParser::HASH || - $type === HTMLPurifier_VarParser::LOOKUP) { - $attr['cols'] = $this->cols; - $attr['rows'] = $this->rows; - $ret .= $this->start('textarea', $attr); - $ret .= $this->text($value); - $ret .= $this->end('textarea'); - } else { - $attr['value'] = $value; - $attr['type'] = 'text'; - $ret .= $this->elementEmpty('input', $attr); - } - return $ret; - } -} - -/** - * Bool form field printer - */ -class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer -{ - /** - * @param string $ns - * @param string $directive - * @param string $value - * @param string $name - * @param HTMLPurifier_Config|array $config - * @return string - */ - public function render($ns, $directive, $value, $name, $config) - { - if (is_array($config) && isset($config[0])) { - $gen_config = $config[0]; - $config = $config[1]; - } else { - $gen_config = $config; - } - $this->prepareGenerator($gen_config); - $ret = ''; - $ret .= $this->start('div', array('id' => "$name:$ns.$directive")); - - $ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive")); - $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose')); - $ret .= $this->text(' Yes'); - $ret .= $this->end('label'); - - $attr = array( - 'type' => 'radio', - 'name' => "$name" . "[$ns.$directive]", - 'id' => "$name:Yes_$ns.$directive", - 'value' => '1' - ); - if ($value === true) { - $attr['checked'] = 'checked'; - } - if ($value === null) { - $attr['disabled'] = 'disabled'; - } - $ret .= $this->elementEmpty('input', $attr); - - $ret .= $this->start('label', array('for' => "$name:No_$ns.$directive")); - $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose')); - $ret .= $this->text(' No'); - $ret .= $this->end('label'); - - $attr = array( - 'type' => 'radio', - 'name' => "$name" . "[$ns.$directive]", - 'id' => "$name:No_$ns.$directive", - 'value' => '0' - ); - if ($value === false) { - $attr['checked'] = 'checked'; - } - if ($value === null) { - $attr['disabled'] = 'disabled'; - } - $ret .= $this->elementEmpty('input', $attr); - - $ret .= $this->end('div'); - - return $ret; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/CSSDefinition.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/CSSDefinition.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/CSSDefinition.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/CSSDefinition.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -def = $config->getCSSDefinition(); - $ret = ''; - - $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer')); - $ret .= $this->start('table'); - - $ret .= $this->element('caption', 'Properties ($info)'); - - $ret .= $this->start('thead'); - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Property', array('class' => 'heavy')); - $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;')); - $ret .= $this->end('tr'); - $ret .= $this->end('thead'); - - ksort($this->def->info); - foreach ($this->def->info as $property => $obj) { - $name = $this->getClass($obj, 'AttrDef_'); - $ret .= $this->row($property, $name); - } - - $ret .= $this->end('table'); - $ret .= $this->end('div'); - - return $ret; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/HTMLDefinition.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/HTMLDefinition.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/HTMLDefinition.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer/HTMLDefinition.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,324 +0,0 @@ -config =& $config; - - $this->def = $config->getHTMLDefinition(); - - $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer')); - - $ret .= $this->renderDoctype(); - $ret .= $this->renderEnvironment(); - $ret .= $this->renderContentSets(); - $ret .= $this->renderInfo(); - - $ret .= $this->end('div'); - - return $ret; - } - - /** - * Renders the Doctype table - * @return string - */ - protected function renderDoctype() - { - $doctype = $this->def->doctype; - $ret = ''; - $ret .= $this->start('table'); - $ret .= $this->element('caption', 'Doctype'); - $ret .= $this->row('Name', $doctype->name); - $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No'); - $ret .= $this->row('Default Modules', implode($doctype->modules, ', ')); - $ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', ')); - $ret .= $this->end('table'); - return $ret; - } - - - /** - * Renders environment table, which is miscellaneous info - * @return string - */ - protected function renderEnvironment() - { - $def = $this->def; - - $ret = ''; - - $ret .= $this->start('table'); - $ret .= $this->element('caption', 'Environment'); - - $ret .= $this->row('Parent of fragment', $def->info_parent); - $ret .= $this->renderChildren($def->info_parent_def->child); - $ret .= $this->row('Block wrap name', $def->info_block_wrapper); - - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Global attributes'); - $ret .= $this->element('td', $this->listifyAttr($def->info_global_attr), null, 0); - $ret .= $this->end('tr'); - - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Tag transforms'); - $list = array(); - foreach ($def->info_tag_transform as $old => $new) { - $new = $this->getClass($new, 'TagTransform_'); - $list[] = "<$old> with $new"; - } - $ret .= $this->element('td', $this->listify($list)); - $ret .= $this->end('tr'); - - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Pre-AttrTransform'); - $ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_pre)); - $ret .= $this->end('tr'); - - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Post-AttrTransform'); - $ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_post)); - $ret .= $this->end('tr'); - - $ret .= $this->end('table'); - return $ret; - } - - /** - * Renders the Content Sets table - * @return string - */ - protected function renderContentSets() - { - $ret = ''; - $ret .= $this->start('table'); - $ret .= $this->element('caption', 'Content Sets'); - foreach ($this->def->info_content_sets as $name => $lookup) { - $ret .= $this->heavyHeader($name); - $ret .= $this->start('tr'); - $ret .= $this->element('td', $this->listifyTagLookup($lookup)); - $ret .= $this->end('tr'); - } - $ret .= $this->end('table'); - return $ret; - } - - /** - * Renders the Elements ($info) table - * @return string - */ - protected function renderInfo() - { - $ret = ''; - $ret .= $this->start('table'); - $ret .= $this->element('caption', 'Elements ($info)'); - ksort($this->def->info); - $ret .= $this->heavyHeader('Allowed tags', 2); - $ret .= $this->start('tr'); - $ret .= $this->element('td', $this->listifyTagLookup($this->def->info), array('colspan' => 2)); - $ret .= $this->end('tr'); - foreach ($this->def->info as $name => $def) { - $ret .= $this->start('tr'); - $ret .= $this->element('th', "<$name>", array('class' => 'heavy', 'colspan' => 2)); - $ret .= $this->end('tr'); - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Inline content'); - $ret .= $this->element('td', $def->descendants_are_inline ? 'Yes' : 'No'); - $ret .= $this->end('tr'); - if (!empty($def->excludes)) { - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Excludes'); - $ret .= $this->element('td', $this->listifyTagLookup($def->excludes)); - $ret .= $this->end('tr'); - } - if (!empty($def->attr_transform_pre)) { - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Pre-AttrTransform'); - $ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_pre)); - $ret .= $this->end('tr'); - } - if (!empty($def->attr_transform_post)) { - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Post-AttrTransform'); - $ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_post)); - $ret .= $this->end('tr'); - } - if (!empty($def->auto_close)) { - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Auto closed by'); - $ret .= $this->element('td', $this->listifyTagLookup($def->auto_close)); - $ret .= $this->end('tr'); - } - $ret .= $this->start('tr'); - $ret .= $this->element('th', 'Allowed attributes'); - $ret .= $this->element('td', $this->listifyAttr($def->attr), array(), 0); - $ret .= $this->end('tr'); - - if (!empty($def->required_attr)) { - $ret .= $this->row('Required attributes', $this->listify($def->required_attr)); - } - - $ret .= $this->renderChildren($def->child); - } - $ret .= $this->end('table'); - return $ret; - } - - /** - * Renders a row describing the allowed children of an element - * @param HTMLPurifier_ChildDef $def HTMLPurifier_ChildDef of pertinent element - * @return string - */ - protected function renderChildren($def) - { - $context = new HTMLPurifier_Context(); - $ret = ''; - $ret .= $this->start('tr'); - $elements = array(); - $attr = array(); - if (isset($def->elements)) { - if ($def->type == 'strictblockquote') { - $def->validateChildren(array(), $this->config, $context); - } - $elements = $def->elements; - } - if ($def->type == 'chameleon') { - $attr['rowspan'] = 2; - } elseif ($def->type == 'empty') { - $elements = array(); - } elseif ($def->type == 'table') { - $elements = array_flip( - array( - 'col', - 'caption', - 'colgroup', - 'thead', - 'tfoot', - 'tbody', - 'tr' - ) - ); - } - $ret .= $this->element('th', 'Allowed children', $attr); - - if ($def->type == 'chameleon') { - - $ret .= $this->element( - 'td', - 'Block: ' . - $this->escape($this->listifyTagLookup($def->block->elements)), - null, - 0 - ); - $ret .= $this->end('tr'); - $ret .= $this->start('tr'); - $ret .= $this->element( - 'td', - 'Inline: ' . - $this->escape($this->listifyTagLookup($def->inline->elements)), - null, - 0 - ); - - } elseif ($def->type == 'custom') { - - $ret .= $this->element( - 'td', - '' . ucfirst($def->type) . ': ' . - $def->dtd_regex - ); - - } else { - $ret .= $this->element( - 'td', - '' . ucfirst($def->type) . ': ' . - $this->escape($this->listifyTagLookup($elements)), - null, - 0 - ); - } - $ret .= $this->end('tr'); - return $ret; - } - - /** - * Listifies a tag lookup table. - * @param array $array Tag lookup array in form of array('tagname' => true) - * @return string - */ - protected function listifyTagLookup($array) - { - ksort($array); - $list = array(); - foreach ($array as $name => $discard) { - if ($name !== '#PCDATA' && !isset($this->def->info[$name])) { - continue; - } - $list[] = $name; - } - return $this->listify($list); - } - - /** - * Listifies a list of objects by retrieving class names and internal state - * @param array $array List of objects - * @return string - * @todo Also add information about internal state - */ - protected function listifyObjectList($array) - { - ksort($array); - $list = array(); - foreach ($array as $obj) { - $list[] = $this->getClass($obj, 'AttrTransform_'); - } - return $this->listify($list); - } - - /** - * Listifies a hash of attributes to AttrDef classes - * @param array $array Array hash in form of array('attrname' => HTMLPurifier_AttrDef) - * @return string - */ - protected function listifyAttr($array) - { - ksort($array); - $list = array(); - foreach ($array as $name => $obj) { - if ($obj === false) { - continue; - } - $list[] = "$name = " . $this->getClass($obj, 'AttrDef_') . ''; - } - return $this->listify($list); - } - - /** - * Creates a heavy header row - * @param string $text - * @param int $num - * @return string - */ - protected function heavyHeader($text, $num = 1) - { - $ret = ''; - $ret .= $this->start('tr'); - $ret .= $this->element('th', $text, array('colspan' => $num, 'class' => 'heavy')); - $ret .= $this->end('tr'); - return $ret; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Printer.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,218 +0,0 @@ -getAll(); - $context = new HTMLPurifier_Context(); - $this->generator = new HTMLPurifier_Generator($config, $context); - } - - /** - * Main function that renders object or aspect of that object - * @note Parameters vary depending on printer - */ - // function render() {} - - /** - * Returns a start tag - * @param string $tag Tag name - * @param array $attr Attribute array - * @return string - */ - protected function start($tag, $attr = array()) - { - return $this->generator->generateFromToken( - new HTMLPurifier_Token_Start($tag, $attr ? $attr : array()) - ); - } - - /** - * Returns an end tag - * @param string $tag Tag name - * @return string - */ - protected function end($tag) - { - return $this->generator->generateFromToken( - new HTMLPurifier_Token_End($tag) - ); - } - - /** - * Prints a complete element with content inside - * @param string $tag Tag name - * @param string $contents Element contents - * @param array $attr Tag attributes - * @param bool $escape whether or not to escape contents - * @return string - */ - protected function element($tag, $contents, $attr = array(), $escape = true) - { - return $this->start($tag, $attr) . - ($escape ? $this->escape($contents) : $contents) . - $this->end($tag); - } - - /** - * @param string $tag - * @param array $attr - * @return string - */ - protected function elementEmpty($tag, $attr = array()) - { - return $this->generator->generateFromToken( - new HTMLPurifier_Token_Empty($tag, $attr) - ); - } - - /** - * @param string $text - * @return string - */ - protected function text($text) - { - return $this->generator->generateFromToken( - new HTMLPurifier_Token_Text($text) - ); - } - - /** - * Prints a simple key/value row in a table. - * @param string $name Key - * @param mixed $value Value - * @return string - */ - protected function row($name, $value) - { - if (is_bool($value)) { - $value = $value ? 'On' : 'Off'; - } - return - $this->start('tr') . "\n" . - $this->element('th', $name) . "\n" . - $this->element('td', $value) . "\n" . - $this->end('tr'); - } - - /** - * Escapes a string for HTML output. - * @param string $string String to escape - * @return string - */ - protected function escape($string) - { - $string = HTMLPurifier_Encoder::cleanUTF8($string); - $string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8'); - return $string; - } - - /** - * Takes a list of strings and turns them into a single list - * @param string[] $array List of strings - * @param bool $polite Bool whether or not to add an end before the last - * @return string - */ - protected function listify($array, $polite = false) - { - if (empty($array)) { - return 'None'; - } - $ret = ''; - $i = count($array); - foreach ($array as $value) { - $i--; - $ret .= $value; - if ($i > 0 && !($polite && $i == 1)) { - $ret .= ', '; - } - if ($polite && $i == 1) { - $ret .= 'and '; - } - } - return $ret; - } - - /** - * Retrieves the class of an object without prefixes, as well as metadata - * @param object $obj Object to determine class of - * @param string $sec_prefix Further prefix to remove - * @return string - */ - protected function getClass($obj, $sec_prefix = '') - { - static $five = null; - if ($five === null) { - $five = version_compare(PHP_VERSION, '5', '>='); - } - $prefix = 'HTMLPurifier_' . $sec_prefix; - if (!$five) { - $prefix = strtolower($prefix); - } - $class = str_replace($prefix, '', get_class($obj)); - $lclass = strtolower($class); - $class .= '('; - switch ($lclass) { - case 'enum': - $values = array(); - foreach ($obj->valid_values as $value => $bool) { - $values[] = $value; - } - $class .= implode(', ', $values); - break; - case 'css_composite': - $values = array(); - foreach ($obj->defs as $def) { - $values[] = $this->getClass($def, $sec_prefix); - } - $class .= implode(', ', $values); - break; - case 'css_multiple': - $class .= $this->getClass($obj->single, $sec_prefix) . ', '; - $class .= $obj->max; - break; - case 'css_denyelementdecorator': - $class .= $this->getClass($obj->def, $sec_prefix) . ', '; - $class .= $obj->element; - break; - case 'css_importantdecorator': - $class .= $this->getClass($obj->def, $sec_prefix); - if ($obj->allow) { - $class .= ', !important'; - } - break; - } - $class .= ')'; - return $class; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyListIterator.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyListIterator.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyListIterator.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyListIterator.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -l = strlen($filter); - $this->filter = $filter; - } - - /** - * @return bool - */ - public function accept() - { - $key = $this->getInnerIterator()->key(); - if (strncmp($key, $this->filter, $this->l) !== 0) { - return false; - } - return true; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyList.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyList.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyList.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/PropertyList.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,122 +0,0 @@ -parent = $parent; - } - - /** - * Recursively retrieves the value for a key - * @param string $name - * @throws HTMLPurifier_Exception - */ - public function get($name) - { - if ($this->has($name)) { - return $this->data[$name]; - } - // possible performance bottleneck, convert to iterative if necessary - if ($this->parent) { - return $this->parent->get($name); - } - throw new HTMLPurifier_Exception("Key '$name' not found"); - } - - /** - * Sets the value of a key, for this plist - * @param string $name - * @param mixed $value - */ - public function set($name, $value) - { - $this->data[$name] = $value; - } - - /** - * Returns true if a given key exists - * @param string $name - * @return bool - */ - public function has($name) - { - return array_key_exists($name, $this->data); - } - - /** - * Resets a value to the value of it's parent, usually the default. If - * no value is specified, the entire plist is reset. - * @param string $name - */ - public function reset($name = null) - { - if ($name == null) { - $this->data = array(); - } else { - unset($this->data[$name]); - } - } - - /** - * Squashes this property list and all of its property lists into a single - * array, and returns the array. This value is cached by default. - * @param bool $force If true, ignores the cache and regenerates the array. - * @return array - */ - public function squash($force = false) - { - if ($this->cache !== null && !$force) { - return $this->cache; - } - if ($this->parent) { - return $this->cache = array_merge($this->parent->squash($force), $this->data); - } else { - return $this->cache = $this->data; - } - } - - /** - * Returns the parent plist. - * @return HTMLPurifier_PropertyList - */ - public function getParent() - { - return $this->parent; - } - - /** - * Sets the parent plist. - * @param HTMLPurifier_PropertyList $plist Parent plist - */ - public function setParent($plist) - { - $this->parent = $plist; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Queue.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Queue.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Queue.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Queue.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ -input = $input; - $this->output = array(); - } - - /** - * Shifts an element off the front of the queue. - */ - public function shift() { - if (empty($this->output)) { - $this->output = array_reverse($this->input); - $this->input = array(); - } - if (empty($this->output)) { - return NULL; - } - return array_pop($this->output); - } - - /** - * Pushes an element onto the front of the queue. - */ - public function push($x) { - array_push($this->input, $x); - } - - /** - * Checks if it's empty. - */ - public function isEmpty() { - return empty($this->input) && empty($this->output); - } -} diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Composite.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Composite.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Composite.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Composite.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -strategies as $strategy) { - $tokens = $strategy->execute($tokens, $config, $context); - } - return $tokens; - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Core.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Core.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Core.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/Core.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements(); - $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed(); - $this->strategies[] = new HTMLPurifier_Strategy_FixNesting(); - $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes(); - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/FixNesting.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/FixNesting.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/FixNesting.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/FixNesting.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,181 +0,0 @@ -getHTMLDefinition(); - - $excludes_enabled = !$config->get('Core.DisableExcludes'); - - // setup the context variable 'IsInline', for chameleon processing - // is 'false' when we are not inline, 'true' when it must always - // be inline, and an integer when it is inline for a certain - // branch of the document tree - $is_inline = $definition->info_parent_def->descendants_are_inline; - $context->register('IsInline', $is_inline); - - // setup error collector - $e =& $context->get('ErrorCollector', true); - - //####################################################################// - // Loop initialization - - // stack that contains all elements that are excluded - // it is organized by parent elements, similar to $stack, - // but it is only populated when an element with exclusions is - // processed, i.e. there won't be empty exclusions. - $exclude_stack = array($definition->info_parent_def->excludes); - - // variable that contains the start token while we are processing - // nodes. This enables error reporting to do its job - $node = $top_node; - // dummy token - list($token, $d) = $node->toTokenPair(); - $context->register('CurrentNode', $node); - $context->register('CurrentToken', $token); - - //####################################################################// - // Loop - - // We need to implement a post-order traversal iteratively, to - // avoid running into stack space limits. This is pretty tricky - // to reason about, so we just manually stack-ify the recursive - // variant: - // - // function f($node) { - // foreach ($node->children as $child) { - // f($child); - // } - // validate($node); - // } - // - // Thus, we will represent a stack frame as array($node, - // $is_inline, stack of children) - // e.g. array_reverse($node->children) - already processed - // children. - - $parent_def = $definition->info_parent_def; - $stack = array( - array($top_node, - $parent_def->descendants_are_inline, - $parent_def->excludes, // exclusions - 0) - ); - - while (!empty($stack)) { - list($node, $is_inline, $excludes, $ix) = array_pop($stack); - // recursive call - $go = false; - $def = empty($stack) ? $definition->info_parent_def : $definition->info[$node->name]; - while (isset($node->children[$ix])) { - $child = $node->children[$ix++]; - if ($child instanceof HTMLPurifier_Node_Element) { - $go = true; - $stack[] = array($node, $is_inline, $excludes, $ix); - $stack[] = array($child, - // ToDo: I don't think it matters if it's def or - // child_def, but double check this... - $is_inline || $def->descendants_are_inline, - empty($def->excludes) ? $excludes - : array_merge($excludes, $def->excludes), - 0); - break; - } - }; - if ($go) continue; - list($token, $d) = $node->toTokenPair(); - // base case - if ($excludes_enabled && isset($excludes[$node->name])) { - $node->dead = true; - if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node excluded'); - } else { - // XXX I suppose it would be slightly more efficient to - // avoid the allocation here and have children - // strategies handle it - $children = array(); - foreach ($node->children as $child) { - if (!$child->dead) $children[] = $child; - } - $result = $def->child->validateChildren($children, $config, $context); - if ($result === true) { - // nop - $node->children = $children; - } elseif ($result === false) { - $node->dead = true; - if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node removed'); - } else { - $node->children = $result; - if ($e) { - // XXX This will miss mutations of internal nodes. Perhaps defer to the child validators - if (empty($result) && !empty($children)) { - $e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed'); - } else if ($result != $children) { - $e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized'); - } - } - } - } - } - - //####################################################################// - // Post-processing - - // remove context variables - $context->destroy('IsInline'); - $context->destroy('CurrentNode'); - $context->destroy('CurrentToken'); - - //####################################################################// - // Return - - return HTMLPurifier_Arborize::flatten($node, $config, $context); - } -} - -// vim: et sw=4 sts=4 diff -Nru php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/MakeWellFormed.php php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/MakeWellFormed.php --- php-htmlpurifier-4.10.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/MakeWellFormed.php 2018-02-23 02:08:20.000000000 +0000 +++ php-htmlpurifier-4.11.0/HTMLPurifier-4.10.0/HTMLPurifier/Strategy/MakeWellFormed.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,659 +0,0 @@ -getHTMLDefinition(); - - // local variables - $generator = new HTMLPurifier_Generator($config, $context); - $escape_invalid_tags = $config->get('Core.EscapeInvalidTags'); - // used for autoclose early abortion - $global_parent_allowed_elements = $definition->info_parent_def->child->getAllowedElements($config); - $e = $context->get('ErrorCollector', true); - $i = false; // injector index - list($zipper, $token) = HTMLPurifier_Zipper::fromArray($tokens); - if ($token === NULL) { - return array(); - } - $reprocess = false; // whether or not to reprocess the same token - $stack = array(); - - // member variables - $this->stack =& $stack; - $this->tokens =& $tokens; - $this->token =& $token; - $this->zipper =& $zipper; - $this->config = $config; - $this->context = $context; - - // context variables - $context->register('CurrentNesting', $stack); - $context->register('InputZipper', $zipper); - $context->register('CurrentToken', $token); - - // -- begin INJECTOR -- - - $this->injectors = array(); - - $injectors = $config->getBatch('AutoFormat'); - $def_injectors = $definition->info_injector; - $custom_injectors = $injectors['Custom']; - unset($injectors['Custom']); // special case - foreach ($injectors as $injector => $b) { - // XXX: Fix with a legitimate lookup table of enabled filters - if (strpos($injector, '.') !== false) { - continue; - } - $injector = "HTMLPurifier_Injector_$injector"; - if (!$b) { - continue; - } - $this->injectors[] = new $injector; - } - foreach ($def_injectors as $injector) { - // assumed to be objects - $this->injectors[] = $injector; - } - foreach ($custom_injectors as $injector) { - if (!$injector) { - continue; - } - if (is_string($injector)) { - $injector = "HTMLPurifier_Injector_$injector"; - $injector = new $injector; - } - $this->injectors[] = $injector; - } - - // give the injectors references to the definition and context - // variables for performance reasons - foreach ($this->injectors as $ix => $injector) { - $error = $injector->prepare($config, $context); - if (!$error) { - continue; - } - array_splice($this->injectors, $ix, 1); // rm the injector - trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING); - } - - // -- end INJECTOR -- - - // a note on reprocessing: - // In order to reduce code duplication, whenever some code needs - // to make HTML changes in order to make things "correct", the - // new HTML gets sent through the purifier, regardless of its - // status. This means that if we add a start token, because it - // was totally necessary, we don't have to update nesting; we just - // punt ($reprocess = true; continue;) and it does that for us. - - // isset is in loop because $tokens size changes during loop exec - for (;; - // only increment if we don't need to reprocess - $reprocess ? $reprocess = false : $token = $zipper->next($token)) { - - // check for a rewind - if (is_int($i)) { - // possibility: disable rewinding if the current token has a - // rewind set on it already. This would offer protection from - // infinite loop, but might hinder some advanced rewinding. - $rewind_offset = $this->injectors[$i]->getRewindOffset(); - if (is_int($rewind_offset)) { - for ($j = 0; $j < $rewind_offset; $j++) { - if (empty($zipper->front)) break; - $token = $zipper->prev($token); - // indicate that other injectors should not process this token, - // but we need to reprocess it. See Note [Injector skips] - unset($token->skip[$i]); - $token->rewind = $i; - if ($token instanceof HTMLPurifier_Token_Start) { - array_pop($this->stack); - } elseif ($token instanceof HTMLPurifier_Token_End) { - $this->stack[] = $token->start; - } - } - } - $i = false; - } - - // handle case of document end - if ($token === NULL) { - // kill processing if stack is empty - if (empty($this->stack)) { - break; - } - - // peek - $top_nesting = array_pop($this->stack); - $this->stack[] = $top_nesting; - - // send error [TagClosedSuppress] - if ($e && !isset($top_nesting->armor['MakeWellFormed_TagClosedError'])) { - $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by document end', $top_nesting); - } - - // append, don't splice, since this is the end - $token = new HTMLPurifier_Token_End($top_nesting->name); - - // punt! - $reprocess = true; - continue; - } - - //echo '
'; printZipper($zipper, $token);//printTokens($this->stack); - //flush(); - - // quick-check: if it's not a tag, no need to process - if (empty($token->is_tag)) { - if ($token instanceof HTMLPurifier_Token_Text) { - foreach ($this->injectors as $i => $injector) { - if (isset($token->skip[$i])) { - // See Note [Injector skips] - continue; - } - if ($token->rewind !== null && $token->rewind !== $i) { - continue; - } - // XXX fuckup - $r = $token; - $injector->handleText($r); - $token = $this->processToken($r, $i); - $reprocess = true; - break; - } - } - // another possibility is a comment - continue; - } - - if (isset($definition->info[$token->name])) { - $type = $definition->info[$token->name]->child->type; - } else { - $type = false; // Type is unknown, treat accordingly - } - - // quick tag checks: anything that's *not* an end tag - $ok = false; - if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) { - // claims to be a start tag but is empty - $token = new HTMLPurifier_Token_Empty( - $token->name, - $token->attr, - $token->line, - $token->col, - $token->armor - ); - $ok = true; - } elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) { - // claims to be empty but really is a start tag - // NB: this assignment is required - $old_token = $token; - $token = new HTMLPurifier_Token_End($token->name); - $token = $this->insertBefore( - new HTMLPurifier_Token_Start($old_token->name, $old_token->attr, $old_token->line, $old_token->col, $old_token->armor) - ); - // punt (since we had to modify the input stream in a non-trivial way) - $reprocess = true; - continue; - } elseif ($token instanceof HTMLPurifier_Token_Empty) { - // real empty token - $ok = true; - } elseif ($token instanceof HTMLPurifier_Token_Start) { - // start tag - - // ...unless they also have to close their parent - if (!empty($this->stack)) { - - // Performance note: you might think that it's rather - // inefficient, recalculating the autoclose information - // for every tag that a token closes (since when we - // do an autoclose, we push a new token into the - // stream and then /process/ that, before - // re-processing this token.) But this is - // necessary, because an injector can make an - // arbitrary transformations to the autoclosing - // tokens we introduce, so things may have changed - // in the meantime. Also, doing the inefficient thing is - // "easy" to reason about (for certain perverse definitions - // of "easy") - - $parent = array_pop($this->stack); - $this->stack[] = $parent; - - $parent_def = null; - $parent_elements = null; - $autoclose = false; - if (isset($definition->info[$parent->name])) { - $parent_def = $definition->info[$parent->name]; - $parent_elements = $parent_def->child->getAllowedElements($config); - $autoclose = !isset($parent_elements[$token->name]); - } - - if ($autoclose && $definition->info[$token->name]->wrap) { - // Check if an element can be wrapped by another - // element to make it valid in a context (for - // example,