fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-18 10:49:54 +09:00
Code Issues Projects Releases Packages Wiki Activity

HTMLPurifier update

Browse source 
약간 커스텀 된 부분 모두 반영.
File lock 부분과 htmlspecialchars 부분.
This commit is contained in:
MinSoo Kim 2016-01-02 11:55:54 +09:00
parent ae7cbf51c0
commit 2957f8cebe
242 changed files with 11737 additions and 5915 deletions
Download patch file Download diff file Expand all files Collapse all files

85
classes/security/htmlpurifier/library/HTMLPurifier/ElementDef.php
View file

@ -10,15 +10,16 @@
*/
class HTMLPurifier_ElementDef
{
/**
* Does the definition work by itself, or is it created solely
* for the purpose of merging into another definition?
* @type bool
*/
public $standalone = true;
/**
* Associative array of attribute name to HTMLPurifier_AttrDef
* Associative array of attribute name to HTMLPurifier_AttrDef.
* @type array
* @note Before being processed by HTMLPurifier_AttrCollections
* when modules are finalized during
* HTMLPurifier_HTMLDefinition->setup(), this array may also
@ -30,27 +31,43 @@ class HTMLPurifier_ElementDef
*/
public $attr = array();
// XXX: Design note: currently, it's not possible to override
// previously defined AttrTransforms without messing around with
// the final generated config. This is by design; a previous version
// used an associated list of attr_transform, but it was extremely
// easy to accidentally override other attribute transforms by
// forgetting to specify an index (and just using 0.) While we
// could check this by checking the index number and complaining,
// there is a second problem which is that it is not at all easy to
// tell when something is getting overridden. Combine this with a
// codebase where this isn't really being used, and it's perfect for
// nuking.
/**
* Indexed list of tag's HTMLPurifier_AttrTransform to be done before validation
* List of tags HTMLPurifier_AttrTransform to be done before validation.
* @type array
*/
public $attr_transform_pre = array();
/**
* Indexed list of tag's HTMLPurifier_AttrTransform to be done after validation
* List of tags HTMLPurifier_AttrTransform to be done after validation.
* @type array
*/
public $attr_transform_post = array();
/**
* HTMLPurifier_ChildDef of this tag.
* @type HTMLPurifier_ChildDef
*/
public $child;
/**
* Abstract string representation of internal ChildDef rules. See
* HTMLPurifier_ContentSets for how this is parsed and then transformed
* Abstract string representation of internal ChildDef rules.
* @see HTMLPurifier_ContentSets for how this is parsed and then transformed
* into an HTMLPurifier_ChildDef.
* @warning This is a temporary variable that is not available after
* being processed by HTMLDefinition
* @type string
*/
public $content_model;
@ -60,27 +77,29 @@ class HTMLPurifier_ElementDef
* @warning This must be lowercase
* @warning This is a temporary variable that is not available after
* being processed by HTMLDefinition
* @type string
*/
public $content_model_type;
/**
* Does the element have a content model (#PCDATA | Inline)*? This
* is important for chameleon ins and del processing in
* HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
* have to worry about this one.
* @type bool
*/
public $descendants_are_inline = false;
/**
* List of the names of required attributes this element has. Dynamically
* populated by HTMLPurifier_HTMLDefinition::getElement
* List of the names of required attributes this element has.
* Dynamically populated by HTMLPurifier_HTMLDefinition::getElement()
* @type array
*/
public $required_attr = array();
/**
* Lookup table of tags excluded from all descendants of this tag.
* @type array
* @note SGML permits exclusions for all descendants, but this is
* not possible with DTDs or XML Schemas. W3C has elected to
* use complicated compositions of content_models to simulate
@ -94,6 +113,7 @@ class HTMLPurifier_ElementDef
/**
* This tag is explicitly auto-closed by the following tags.
* @type array
*/
public $autoclose = array();
@ -101,19 +121,22 @@ class HTMLPurifier_ElementDef
* If a foreign element is found in this element, test if it is
* allowed by this sub-element; if it is, instead of closing the
* current element, place it inside this element.
* @type string
*/
public $wrap;
/**
* Whether or not this is a formatting element affected by the
* "Active Formatting Elements" algorithm.
* @type bool
*/
public $formatting;
/**
* Low-level factory constructor for creating new standalone element defs
*/
public static function create($content_model, $content_model_type, $attr) {
public static function create($content_model, $content_model_type, $attr)
{
$def = new HTMLPurifier_ElementDef();
$def->content_model = $content_model;
$def->content_model_type = $content_model_type;
@ -125,11 +148,12 @@ class HTMLPurifier_ElementDef
* Merges the values of another element definition into this one.
* Values from the new element def take precedence if a value is
* not mergeable.
* @param HTMLPurifier_ElementDef $def
*/
public function mergeIn($def) {
public function mergeIn($def)
{
// later keys takes precedence
foreach($def->attr as $k => $v) {
foreach ($def->attr as $k => $v) {
if ($k === 0) {
// merge in the includes
// sorry, no way to override an include
@ -139,28 +163,35 @@ class HTMLPurifier_ElementDef
continue;
}
if ($v === false) {
if (isset($this->attr[$k])) unset($this->attr[$k]);
if (isset($this->attr[$k])) {
unset($this->attr[$k]);
}
continue;
}
$this->attr[$k] = $v;
}
$this->_mergeAssocArray($this->attr_transform_pre, $def->attr_transform_pre);
$this->_mergeAssocArray($this->attr_transform_post, $def->attr_transform_post);
$this->_mergeAssocArray($this->excludes, $def->excludes);
$this->attr_transform_pre = array_merge($this->attr_transform_pre, $def->attr_transform_pre);
$this->attr_transform_post = array_merge($this->attr_transform_post, $def->attr_transform_post);
if(!empty($def->content_model)) {
if (!empty($def->content_model)) {
$this->content_model =
str_replace("#SUPER", $this->content_model, $def->content_model);
$this->child = false;
}
if(!empty($def->content_model_type)) {
if (!empty($def->content_model_type)) {
$this->content_model_type = $def->content_model_type;
$this->child = false;
}
if(!is_null($def->child)) $this->child = $def->child;
if(!is_null($def->formatting)) $this->formatting = $def->formatting;
if($def->descendants_are_inline) $this->descendants_are_inline = $def->descendants_are_inline;
if (!is_null($def->child)) {
$this->child = $def->child;
}
if (!is_null($def->formatting)) {
$this->formatting = $def->formatting;
}
if ($def->descendants_are_inline) {
$this->descendants_are_inline = $def->descendants_are_inline;
}
}
/**
@ -168,16 +199,18 @@ class HTMLPurifier_ElementDef
* @param $a1 Array by reference that is merged into
* @param $a2 Array that merges into $a1
*/
private function _mergeAssocArray(&$a1, $a2) {
private function _mergeAssocArray(&$a1, $a2)
{
foreach ($a2 as $k => $v) {
if ($v === false) {
if (isset($a1[$k])) unset($a1[$k]);
if (isset($a1[$k])) {
unset($a1[$k]);
}
continue;
}
$a1[$k] = $v;
}
}
}
// vim: et sw=4 sts=4