fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-19 19:29:56 +09:00
Code Issues Projects Releases Packages Wiki Activity

HTMLPurifier update

Browse source 
약간 커스텀 된 부분 모두 반영.
File lock 부분과 htmlspecialchars 부분.
This commit is contained in:
MinSoo Kim 2016-01-02 11:55:54 +09:00
parent ae7cbf51c0
commit 2957f8cebe
242 changed files with 11737 additions and 5915 deletions
Download patch file Download diff file Expand all files Collapse all files

8
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
View file

@ -7,7 +7,12 @@
class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
{
public function build($interchange) {
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @return HTMLPurifier_ConfigSchema
*/
public function build($interchange)
{
$schema = new HTMLPurifier_ConfigSchema();
foreach ($interchange->directives as $d) {
$schema->add(
@ -38,7 +43,6 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
$schema->postProcess();
return $schema;
}
}
// vim: et sw=4 sts=4

94
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
View file

@ -7,10 +7,21 @@
class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
{
/**
* @type HTMLPurifier_ConfigSchema_Interchange
*/
protected $interchange;
/**
* @type string
*/
private $namespace;
protected function writeHTMLDiv($html) {
/**
* @param string $html
*/
protected function writeHTMLDiv($html)
{
$this->startElement('div');
$purifier = HTMLPurifier::getInstance();
@ -21,12 +32,23 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->endElement(); // div
}
protected function export($var) {
if ($var === array()) return 'array()';
/**
* @param mixed $var
* @return string
*/
protected function export($var)
{
if ($var === array()) {
return 'array()';
}
return var_export($var, true);
}
public function build($interchange) {
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
*/
public function build($interchange)
{
// global access, only use as last resort
$this->interchange = $interchange;
@ -39,19 +61,26 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->buildDirective($directive);
}
if ($this->namespace) $this->endElement(); // namespace
if ($this->namespace) {
$this->endElement();
} // namespace
$this->endElement(); // configdoc
$this->flush();
}
public function buildDirective($directive) {
/**
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
*/
public function buildDirective($directive)
{
// Kludge, although I suppose having a notion of a "root namespace"
// certainly makes things look nicer when documentation is built.
// Depends on things being sorted.
if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
if ($this->namespace) $this->endElement(); // namespace
if ($this->namespace) {
$this->endElement();
} // namespace
$this->namespace = $directive->id->getRootNamespace();
$this->startElement('namespace');
$this->writeAttribute('id', $this->namespace);
@ -64,43 +93,52 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->writeElement('name', $directive->id->getDirective());
$this->startElement('aliases');
foreach ($directive->aliases as $alias) $this->writeElement('alias', $alias->toString());
foreach ($directive->aliases as $alias) {
$this->writeElement('alias', $alias->toString());
}
$this->endElement(); // aliases
$this->startElement('constraints');
if ($directive->version) $this->writeElement('version', $directive->version);
$this->startElement('type');
if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes');
$this->text($directive->type);
$this->endElement(); // type
if ($directive->allowed) {
$this->startElement('allowed');
foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value);
$this->endElement(); // allowed
if ($directive->version) {
$this->writeElement('version', $directive->version);
}
$this->startElement('type');
if ($directive->typeAllowsNull) {
$this->writeAttribute('allow-null', 'yes');
}
$this->text($directive->type);
$this->endElement(); // type
if ($directive->allowed) {
$this->startElement('allowed');
foreach ($directive->allowed as $value => $x) {
$this->writeElement('value', $value);
}
$this->writeElement('default', $this->export($directive->default));
$this->writeAttribute('xml:space', 'preserve');
if ($directive->external) {
$this->startElement('external');
foreach ($directive->external as $project) $this->writeElement('project', $project);
$this->endElement();
$this->endElement(); // allowed
}
$this->writeElement('default', $this->export($directive->default));
$this->writeAttribute('xml:space', 'preserve');
if ($directive->external) {
$this->startElement('external');
foreach ($directive->external as $project) {
$this->writeElement('project', $project);
}
$this->endElement();
}
$this->endElement(); // constraints
if ($directive->deprecatedVersion) {
$this->startElement('deprecated');
$this->writeElement('version', $directive->deprecatedVersion);
$this->writeElement('use', $directive->deprecatedUse->toString());
$this->writeElement('version', $directive->deprecatedVersion);
$this->writeElement('use', $directive->deprecatedUse->toString());
$this->endElement(); // deprecated
}
$this->startElement('description');
$this->writeHTMLDiv($directive->description);
$this->writeHTMLDiv($directive->description);
$this->endElement(); // description
$this->endElement(); // directive
}
}
// vim: et sw=4 sts=4

11
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php
View file

@ -10,18 +10,23 @@ class HTMLPurifier_ConfigSchema_Interchange
/**
* Name of the application this schema is describing.
* @type string
*/
public $name;
/**
* Array of Directive ID => array(directive info)
* @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
*/
public $directives = array();
/**
* Adds a directive array to $directives
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function addDirective($directive) {
public function addDirective($directive)
{
if (isset($this->directives[$i = $directive->id->toString()])) {
throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
}
@ -32,11 +37,11 @@ class HTMLPurifier_ConfigSchema_Interchange
* Convenience function to perform standard validation. Throws exception
* on failed validation.
*/
public function validate() {
public function validate()
{
$validator = new HTMLPurifier_ConfigSchema_Validator();
return $validator->validate($this);
}
}
// vim: et sw=4 sts=4

28
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
View file

@ -7,71 +7,83 @@ class HTMLPurifier_ConfigSchema_Interchange_Directive
{
/**
* ID of directive, instance of HTMLPurifier_ConfigSchema_Interchange_Id.
* ID of directive.
* @type HTMLPurifier_ConfigSchema_Interchange_Id
*/
public $id;
/**
* String type, e.g. 'integer' or 'istring'.
* Type, e.g. 'integer' or 'istring'.
* @type string
*/
public $type;
/**
* Default value, e.g. 3 or 'DefaultVal'.
* @type mixed
*/
public $default;
/**
* HTML description.
* @type string
*/
public $description;
/**
* Boolean whether or not null is allowed as a value.
* Whether or not null is allowed as a value.
* @type bool
*/
public $typeAllowsNull = false;
/**
* Lookup table of allowed scalar values, e.g. array('allowed' => true).
* Lookup table of allowed scalar values.
* e.g. array('allowed' => true).
* Null if all values are allowed.
* @type array
*/
public $allowed;
/**
* List of aliases for the directive,
* List of aliases for the directive.
* e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
* @type HTMLPurifier_ConfigSchema_Interchange_Id[]
*/
public $aliases = array();
/**
* Hash of value aliases, e.g. array('alt' => 'real'). Null if value
* aliasing is disabled (necessary for non-scalar types).
* @type array
*/
public $valueAliases;
/**
* Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
* Null if the directive has always existed.
* @type string
*/
public $version;
/**
* ID of directive that supercedes this old directive, is an instance
* of HTMLPurifier_ConfigSchema_Interchange_Id. Null if not deprecated.
* ID of directive that supercedes this old directive.
* Null if not deprecated.
* @type HTMLPurifier_ConfigSchema_Interchange_Id
*/
public $deprecatedUse;
/**
* Version of HTML Purifier this directive was deprecated. Null if not
* deprecated.
* @type string
*/
public $deprecatedVersion;
/**
* List of external projects this directive depends on, e.g. array('CSSTidy').
* @type array
*/
public $external = array();
}
// vim: et sw=4 sts=4

33
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
View file

@ -6,32 +6,53 @@
class HTMLPurifier_ConfigSchema_Interchange_Id
{
/**
* @type string
*/
public $key;
public function __construct($key) {
/**
* @param string $key
*/
public function __construct($key)
{
$this->key = $key;
}
/**
* @return string
* @warning This is NOT magic, to ensure that people don't abuse SPL and
* cause problems for PHP 5.0 support.
*/
public function toString() {
public function toString()
{
return $this->key;
}
public function getRootNamespace() {
/**
* @return string
*/
public function getRootNamespace()
{
return substr($this->key, 0, strpos($this->key, "."));
}
public function getDirective() {
/**
* @return string
*/
public function getDirective()
{
return substr($this->key, strpos($this->key, ".") + 1);
}
public static function make($id) {
/**
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
public static function make($id)
{
return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
}
}
// vim: et sw=4 sts=4

90
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
View file

@ -5,21 +5,39 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/**
* Used for processing DEFAULT, nothing else.
* @type HTMLPurifier_VarParser
*/
protected $varParser;
public function __construct($varParser = null) {
/**
* @param HTMLPurifier_VarParser $varParser
*/
public function __construct($varParser = null)
{
$this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
}
public static function buildFromDirectory($dir = null) {
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
/**
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public static function buildFromDirectory($dir = null)
{
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange();
return $builder->buildDir($interchange, $dir);
}
public function buildDir($interchange, $dir = null) {
if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $dir
* @return HTMLPurifier_ConfigSchema_Interchange
*/
public function buildDir($interchange, $dir = null)
{
if (!$dir) {
$dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
}
if (file_exists($dir . '/info.ini')) {
$info = parse_ini_file($dir . '/info.ini');
$interchange->name = $info['name'];
@ -39,24 +57,30 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
foreach ($files as $file) {
$this->buildFile($interchange, $dir . '/' . $file);
}
return $interchange;
}
public function buildFile($interchange, $file) {
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param string $file
*/
public function buildFile($interchange, $file)
{
$parser = new HTMLPurifier_StringHashParser();
$this->build(
$interchange,
new HTMLPurifier_StringHash( $parser->parseFile($file) )
new HTMLPurifier_StringHash($parser->parseFile($file))
);
}
/**
* Builds an interchange object based on a hash.
* @param $interchange HTMLPurifier_ConfigSchema_Interchange object to build
* @param $hash HTMLPurifier_ConfigSchema_StringHash source data
* @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
* @param HTMLPurifier_StringHash $hash source data
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function build($interchange, $hash) {
public function build($interchange, $hash)
{
if (!$hash instanceof HTMLPurifier_StringHash) {
$hash = new HTMLPurifier_StringHash($hash);
}
@ -75,7 +99,13 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
$this->_findUnused($hash);
}
public function buildDirective($interchange, $hash) {
/**
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @param HTMLPurifier_StringHash $hash
* @throws HTMLPurifier_ConfigSchema_Exception
*/
public function buildDirective($interchange, $hash)
{
$directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
// These are required elements:
@ -84,7 +114,9 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['TYPE'])) {
$type = explode('/', $hash->offsetGet('TYPE'));
if (isset($type[1])) $directive->typeAllowsNull = true;
if (isset($type[1])) {
$directive->typeAllowsNull = true;
}
$directive->type = $type[0];
} else {
throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
@ -92,7 +124,11 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['DEFAULT'])) {
try {
$directive->default = $this->varParser->parse($hash->offsetGet('DEFAULT'), $directive->type, $directive->typeAllowsNull);
$directive->default = $this->varParser->parse(
$hash->offsetGet('DEFAULT'),
$directive->type,
$directive->typeAllowsNull
);
} catch (HTMLPurifier_VarParserException $e) {
throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
}
@ -139,34 +175,45 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/**
* Evaluates an array PHP code string without array() wrapper
* @param string $contents
*/
protected function evalArray($contents) {
return eval('return array('. $contents .');');
protected function evalArray($contents)
{
return eval('return array(' . $contents . ');');
}
/**
* Converts an array list into a lookup array.
* @param array $array
* @return array
*/
protected function lookup($array) {
protected function lookup($array)
{
$ret = array();
foreach ($array as $val) $ret[$val] = true;
foreach ($array as $val) {
$ret[$val] = true;
}
return $ret;
}
/**
* Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
* object based on a string Id.
* @param string $id
* @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
protected function id($id) {
protected function id($id)
{
return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
}
/**
* Triggers errors for any unused keys passed in the hash; such keys
* may indicate typos, missing values, etc.
* @param $hash Instance of ConfigSchema_StringHash to check.
* @param HTMLPurifier_StringHash $hash Hash to check.
*/
protected function _findUnused($hash) {
protected function _findUnused($hash)
{
$accessed = $hash->getAccessed();
foreach ($hash as $k => $v) {
if (!isset($accessed[$k])) {
@ -174,7 +221,6 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
}
}
}
}
// vim: et sw=4 sts=4

90
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php
View file

@ -12,36 +12,48 @@ class HTMLPurifier_ConfigSchema_Validator
{
/**
* Easy to access global objects.
* @type HTMLPurifier_ConfigSchema_Interchange
*/
protected $interchange, $aliases;
protected $interchange;
/**
* @type array
*/
protected $aliases;
/**
* Context-stack to provide easy to read error messages.
* @type array
*/
protected $context = array();
/**
* HTMLPurifier_VarParser to test default's type.
* to test default's type.
* @type HTMLPurifier_VarParser
*/
protected $parser;
public function __construct() {
public function __construct()
{
$this->parser = new HTMLPurifier_VarParser();
}
/**
* Validates a fully-formed interchange object. Throws an
* HTMLPurifier_ConfigSchema_Exception if there's a problem.
* Validates a fully-formed interchange object.
* @param HTMLPurifier_ConfigSchema_Interchange $interchange
* @return bool
*/
public function validate($interchange) {
public function validate($interchange)
{
$this->interchange = $interchange;
$this->aliases = array();
// PHP is a bit lax with integer <=> string conversions in
// arrays, so we don't use the identical !== comparison
foreach ($interchange->directives as $i => $directive) {
$id = $directive->id->toString();
if ($i != $id) $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
if ($i != $id) {
$this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
}
$this->validateDirective($directive);
}
return true;
@ -49,8 +61,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
* @param HTMLPurifier_ConfigSchema_Interchange_Id $id
*/
public function validateId($id) {
public function validateId($id)
{
$id_string = $id->toString();
$this->context[] = "id '$id_string'";
if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
@ -67,8 +81,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirective($d) {
public function validateDirective($d)
{
$id = $d->id->toString();
$this->context[] = "directive '$id'";
$this->validateId($d->id);
@ -108,9 +124,13 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $allowed member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveAllowed($d) {
if (is_null($d->allowed)) return;
public function validateDirectiveAllowed($d)
{
if (is_null($d->allowed)) {
return;
}
$this->with($d, 'allowed')
->assertNotEmpty()
->assertIsLookup(); // handled by InterchangeBuilder
@ -119,7 +139,9 @@ class HTMLPurifier_ConfigSchema_Validator
}
$this->context[] = 'allowed';
foreach ($d->allowed as $val => $x) {
if (!is_string($val)) $this->error("value $val", 'must be a string');
if (!is_string($val)) {
$this->error("value $val", 'must be a string');
}
}
array_pop($this->context);
}
@ -127,15 +149,23 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $valueAliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveValueAliases($d) {
if (is_null($d->valueAliases)) return;
public function validateDirectiveValueAliases($d)
{
if (is_null($d->valueAliases)) {
return;
}
$this->with($d, 'valueAliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'valueAliases';
foreach ($d->valueAliases as $alias => $real) {
if (!is_string($alias)) $this->error("alias $alias", 'must be a string');
if (!is_string($real)) $this->error("alias target $real from alias '$alias'", 'must be a string');
if (!is_string($alias)) {
$this->error("alias $alias", 'must be a string');
}
if (!is_string($real)) {
$this->error("alias target $real from alias '$alias'", 'must be a string');
}
if ($alias === $real) {
$this->error("alias '$alias'", "must not be an alias to itself");
}
@ -155,8 +185,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $aliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
* @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
public function validateDirectiveAliases($d) {
public function validateDirectiveAliases($d)
{
$this->with($d, 'aliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'aliases';
@ -180,27 +212,37 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
* for validating simple member variables of objects.
* @param $obj
* @param $member
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
protected function with($obj, $member) {
protected function with($obj, $member)
{
return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
}
/**
* Emits an error, providing helpful context.
* @throws HTMLPurifier_ConfigSchema_Exception
*/
protected function error($target, $msg) {
if ($target !== false) $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
else $prefix = ucfirst($this->getFormattedContext());
protected function error($target, $msg)
{
if ($target !== false) {
$prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
} else {
$prefix = ucfirst($this->getFormattedContext());
}
throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
}
/**
* Returns a formatted context string.
* @return string
*/
protected function getFormattedContext() {
protected function getFormattedContext()
{
return implode(' in ', array_reverse($this->context));
}
}
// vim: et sw=4 sts=4

150
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
View file

@ -8,59 +8,123 @@
*/
class HTMLPurifier_ConfigSchema_ValidatorAtom
{
/**
* @type string
*/
protected $context;
protected $context, $obj, $member, $contents;
/**
* @type object
*/
protected $obj;
public function __construct($context, $obj, $member) {
$this->context = $context;
$this->obj = $obj;
$this->member = $member;
$this->contents =& $obj->$member;
/**
* @type string
*/
protected $member;
/**
* @type mixed
*/
protected $contents;
public function __construct($context, $obj, $member)
{
$this->context = $context;
$this->obj = $obj;
$this->member = $member;
$this->contents =& $obj->$member;
}
public function assertIsString() {
if (!is_string($this->contents)) $this->error('must be a string');
return $this;
}
public function assertIsBool() {
if (!is_bool($this->contents)) $this->error('must be a boolean');
return $this;
}
public function assertIsArray() {
if (!is_array($this->contents)) $this->error('must be an array');
return $this;
}
public function assertNotNull() {
if ($this->contents === null) $this->error('must not be null');
return $this;
}
public function assertAlnum() {
$this->assertIsString();
if (!ctype_alnum($this->contents)) $this->error('must be alphanumeric');
return $this;
}
public function assertNotEmpty() {
if (empty($this->contents)) $this->error('must not be empty');
return $this;
}
public function assertIsLookup() {
$this->assertIsArray();
foreach ($this->contents as $v) {
if ($v !== true) $this->error('must be a lookup array');
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsString()
{
if (!is_string($this->contents)) {
$this->error('must be a string');
}
return $this;
}
protected function error($msg) {
throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsBool()
{
if (!is_bool($this->contents)) {
$this->error('must be a boolean');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsArray()
{
if (!is_array($this->contents)) {
$this->error('must be an array');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotNull()
{
if ($this->contents === null) {
$this->error('must not be null');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertAlnum()
{
$this->assertIsString();
if (!ctype_alnum($this->contents)) {
$this->error('must be alphanumeric');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertNotEmpty()
{
if (empty($this->contents)) {
$this->error('must not be empty');
}
return $this;
}
/**
* @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
public function assertIsLookup()
{
$this->assertIsArray();
foreach ($this->contents as $v) {
if ($v !== true) {
$this->error('must be a lookup array');
}
}
return $this;
}
/**
* @param string $msg
* @throws HTMLPurifier_ConfigSchema_Exception
*/
protected function error($msg)
{
throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
}
}
// vim: et sw=4 sts=4

BIN
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema.ser
View file

Binary file not shown.

14
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt Normal file
View file

@ -0,0 +1,14 @@
AutoFormat.RemoveEmpty.Predicate
TYPE: hash
VERSION: 4.7.0
DEFAULT: array('colgroup' => array(), 'th' => array(), 'td' => array(), 'iframe' => array('src'))
--DESCRIPTION--
<p>
Given that an element has no contents, it will be removed by default, unless
this predicate dictates otherwise. The predicate can either be an associative
map from tag name to list of attributes that must be present for the element
to be considered preserved: thus, the default always preserves <code>colgroup</code>,
<code>th</code> and <code>td</code>, and also <code>iframe</code> if it
has a <code>src</code>.
</p>
--# vim: et sw=4 sts=4

16
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt Normal file
View file

@ -0,0 +1,16 @@
Core.AllowHostnameUnderscore
TYPE: bool
VERSION: 4.6.0
DEFAULT: false
--DESCRIPTION--
<p>
By RFC 1123, underscores are not permitted in host names.
(This is in contrast to the specification for DNS, RFC
2181, which allows underscores.)
However, most browsers do the right thing when faced with
an underscore in the host name, and so some poorly written
websites are written with the expectation this should work.
Setting this parameter to true relaxes our allowed character
check so that underscores are permitted.
</p>
--# vim: et sw=4 sts=4

14
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt Normal file
View file

@ -0,0 +1,14 @@
Core.DisableExcludes
TYPE: bool
DEFAULT: false
VERSION: 4.5.0
--DESCRIPTION--
<p>
This directive disables SGML-style exclusions, e.g. the exclusion of
<code>&lt;object&gt;</code> in any descendant of a
<code>&lt;pre&gt;</code> tag. Disabling excludes will allow some
invalid documents to pass through HTML Purifier, but HTML Purifier
will also be less likely to accidentally remove large documents during
processing.
</p>
--# vim: et sw=4 sts=4

6
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
View file

@ -2,9 +2,11 @@ Core.EscapeInvalidChildren
TYPE: bool
DEFAULT: false
--DESCRIPTION--
When true, a child is found that is not allowed in the context of the
<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
<p>When true, a child is found that is not allowed in the context of the
parent element will be transformed into text as if it were ASCII. When
false, that element and all internal tags will be dropped, though text will
be preserved. There is no option for dropping the element but preserving
child nodes.
child nodes.</p>
--# vim: et sw=4 sts=4

2
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
View file

@ -4,6 +4,6 @@ VERSION: 2.0.1
DEFAULT: NULL
--DESCRIPTION--
A custom doctype for power-users who defined there own document
A custom doctype for power-users who defined their own document
type. This directive only applies when %HTML.Doctype is blank.
--# vim: et sw=4 sts=4

10
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt Normal file
View file

@ -0,0 +1,10 @@
HTML.SafeScripting
TYPE: lookup
VERSION: 4.5.0
DEFAULT: array()
--DESCRIPTION--
<p>
Whether or not to permit script tags to external scripts in documents.
Inline scripting is not allowed, and the script must match an explicit whitelist.
</p>
--# vim: et sw=4 sts=4

2
classes/security/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
View file

@ -11,7 +11,7 @@ DEFAULT: NULL
to check if a URI has passed through HTML Purifier with this line:
</p>
<pre>$checksum === sha1($secret_key . ':' . $url)</pre>
<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
<p>
If the output is TRUE, the redirector script should accept the URI.