HTMLPurifier update

약간 커스텀 된 부분 모두 반영. File lock 부분과 htmlspecialchars 부분.
2026-04-28 06:42:14 +09:00 · 2016-01-02 11:55:54 +09:00 · 2016-01-02 11:55:54 +09:00 · 2957f8cebe
commit 2957f8cebe
parent ae7cbf51c0
242 changed files with 11737 additions and 5915 deletions
--- a/classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
+++ b/classes/security/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
@ -11,17 +11,20 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
 {

    /**
-     * Bool indicating whether or not negative values are allowed
+     * Whether or not negative values are allowed.
+     * @type bool
     */
    protected $negative = true;

    /**
-     * Bool indicating whether or not zero is allowed
+     * Whether or not zero is allowed.
+     * @type bool
     */
    protected $zero = true;

    /**
-     * Bool indicating whether or not positive values are allowed
+     * Whether or not positive values are allowed.
+     * @type bool
     */
    protected $positive = true;

@ -30,44 +33,59 @@ class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
     * @param $zero Bool indicating whether or not zero is allowed
     * @param $positive Bool indicating whether or not positive values are allowed
     */
-    public function __construct(
-        $negative = true, $zero = true, $positive = true
-    ) {
+    public function __construct($negative = true, $zero = true, $positive = true)
+    {
        $this->negative = $negative;
-        $this->zero     = $zero;
+        $this->zero = $zero;
        $this->positive = $positive;
    }

-    public function validate($integer, $config, $context) {
-
+    /**
+     * @param string $integer
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($integer, $config, $context)
+    {
        $integer = $this->parseCDATA($integer);
-        if ($integer === '') return false;
+        if ($integer === '') {
+            return false;
+        }

        // we could possibly simply typecast it to integer, but there are
        // certain fringe cases that must not return an integer.

        // clip leading sign
-        if ( $this->negative && $integer[0] === '-' ) {
+        if ($this->negative && $integer[0] === '-') {
            $digits = substr($integer, 1);
-            if ($digits === '0') $integer = '0'; // rm minus sign for zero
-        } elseif( $this->positive && $integer[0] === '+' ) {
+            if ($digits === '0') {
+                $integer = '0';
+            } // rm minus sign for zero
+        } elseif ($this->positive && $integer[0] === '+') {
            $digits = $integer = substr($integer, 1); // rm unnecessary plus
        } else {
            $digits = $integer;
        }

        // test if it's numeric
-        if (!ctype_digit($digits)) return false;
+        if (!ctype_digit($digits)) {
+            return false;
+        }

        // perform scope tests
-        if (!$this->zero     && $integer == 0) return false;
-        if (!$this->positive && $integer > 0) return false;
-        if (!$this->negative && $integer < 0) return false;
+        if (!$this->zero && $integer == 0) {
+            return false;
+        }
+        if (!$this->positive && $integer > 0) {
+            return false;
+        }
+        if (!$this->negative && $integer < 0) {
+            return false;
+        }

        return $integer;
-
    }
-
 }

 // vim: et sw=4 sts=4