HTMLPurifier update

약간 커스텀 된 부분 모두 반영. File lock 부분과 htmlspecialchars 부분.
2026-01-23 13:19:56 +09:00 · 2016-01-02 11:55:54 +09:00 · 2016-01-02 11:55:54 +09:00 · 2957f8cebe
commit 2957f8cebe
parent ae7cbf51c0
242 changed files with 11737 additions and 5915 deletions
--- a/classes/security/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php
+++ b/classes/security/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php
@ -8,12 +8,14 @@ class HTMLPurifier_URISchemeRegistry

    /**
     * Retrieve sole instance of the registry.
-     * @param $prototype Optional prototype to overload sole instance with,
+     * @param HTMLPurifier_URISchemeRegistry $prototype Optional prototype to overload sole instance with,
     *                   or bool true to reset to default registry.
+     * @return HTMLPurifier_URISchemeRegistry
     * @note Pass a registry object $prototype with a compatible interface and
     *       the function will copy it and return it all further times.
     */
-    public static function instance($prototype = null) {
+    public static function instance($prototype = null)
+    {
        static $instance = null;
        if ($prototype !== null) {
            $instance = $prototype;
@ -25,17 +27,22 @@ class HTMLPurifier_URISchemeRegistry

    /**
     * Cache of retrieved schemes.
+     * @type HTMLPurifier_URIScheme[]
     */
    protected $schemes = array();

    /**
     * Retrieves a scheme validator object
-     * @param $scheme String scheme name like http or mailto
-     * @param $config HTMLPurifier_Config object
-     * @param $config HTMLPurifier_Context object
+     * @param string $scheme String scheme name like http or mailto
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return HTMLPurifier_URIScheme
     */
-    public function getScheme($scheme, $config, $context) {
-        if (!$config) $config = HTMLPurifier_Config::createDefault();
+    public function getScheme($scheme, $config, $context)
+    {
+        if (!$config) {
+            $config = HTMLPurifier_Config::createDefault();
+        }

        // important, otherwise attacker could include arbitrary file
        $allowed_schemes = $config->get('URI.AllowedSchemes');
@ -45,24 +52,30 @@ class HTMLPurifier_URISchemeRegistry
            return;
        }

-        if (isset($this->schemes[$scheme])) return $this->schemes[$scheme];
-        if (!isset($allowed_schemes[$scheme])) return;
+        if (isset($this->schemes[$scheme])) {
+            return $this->schemes[$scheme];
+        }
+        if (!isset($allowed_schemes[$scheme])) {
+            return;
+        }

        $class = 'HTMLPurifier_URIScheme_' . $scheme;
-        if (!class_exists($class)) return;
+        if (!class_exists($class)) {
+            return;
+        }
        $this->schemes[$scheme] = new $class();
        return $this->schemes[$scheme];
    }

    /**
     * Registers a custom scheme to the cache, bypassing reflection.
-     * @param $scheme Scheme name
-     * @param $scheme_obj HTMLPurifier_URIScheme object
+     * @param string $scheme Scheme name
+     * @param HTMLPurifier_URIScheme $scheme_obj
     */
-    public function register($scheme, $scheme_obj) {
+    public function register($scheme, $scheme_obj)
+    {
        $this->schemes[$scheme] = $scheme_obj;
    }
-
 }

 // vim: et sw=4 sts=4