HTMLPurifier update

약간 커스텀 된 부분 모두 반영. File lock 부분과 htmlspecialchars 부분.
2026-01-18 18:59:56 +09:00 · 2016-01-02 11:55:54 +09:00 · 2016-01-02 11:55:54 +09:00 · 2957f8cebe
commit 2957f8cebe
parent ae7cbf51c0
242 changed files with 11737 additions and 5915 deletions
--- a/classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php
+++ b/classes/security/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php
@ -8,11 +8,16 @@
 */
 class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
 {
-
+    /**
+     * @type string
+     */
    public $name = 'SafeObject';

-    public function setup($config) {
-
+    /**
+     * @param HTMLPurifier_Config $config
+     */
+    public function setup($config)
+    {
        // These definitions are not intrinsically safe: the attribute transforms
        // are a vital part of ensuring safety.

@ -25,17 +30,24 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
            array(
                // While technically not required by the spec, we're forcing
                // it to this value.
-                'type'   => 'Enum#application/x-shockwave-flash',
-                'width'  => 'Pixels#' . $max,
+                'type' => 'Enum#application/x-shockwave-flash',
+                'width' => 'Pixels#' . $max,
                'height' => 'Pixels#' . $max,
-                'data'   => 'URI#embedded',
-                'codebase' => new HTMLPurifier_AttrDef_Enum(array(
-                    'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
+                'data' => 'URI#embedded',
+                'codebase' => new HTMLPurifier_AttrDef_Enum(
+                    array(
+                        'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
+                    )
+                ),
            )
        );
        $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();

-        $param = $this->addElement('param', false, 'Empty', false,
+        $param = $this->addElement(
+            'param',
+            false,
+            'Empty',
+            false,
            array(
                'id' => 'ID',
                'name*' => 'Text',
@ -44,9 +56,7 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
        );
        $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
        $this->info_injector[] = 'SafeObject';
-
    }
-
 }

 // vim: et sw=4 sts=4