aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform
diff options
context:
space:
mode:
authorNicolas LÅ“uillet <nicolas@loeuillet.org>2014-02-21 15:57:10 +0100
committerNicolas LÅ“uillet <nicolas@loeuillet.org>2014-02-21 15:57:10 +0100
commit99679d06884120c57f43b44e55e03595f1f87bed (patch)
treea3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform
parent655214ab30ee84884dc408488b85586f36263fcb (diff)
parentd3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
downloadwallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.gz
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.zst
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.zip
Merge pull request #481 from wallabag/dev1.5.2
1.5.2
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform')
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php27
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php47
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php26
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php68
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php61
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php31
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php33
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php41
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php52
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php79
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php23
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php27
20 files changed, 818 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
new file mode 100644
index 00000000..f0f00068
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Pre-transform that changes proprietary background attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['background'])) {
17 return $attr;
18 }
19
20 $background = $this->confiscateAttr($attr, 'background');
21 // some validation should happen here
22
23 $this->prependCSS($attr, "background-image:url($background);");
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
new file mode 100644
index 00000000..86dcb17e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
@@ -0,0 +1,27 @@
1<?php
2
3// this MUST be placed in post, as it assumes that any value in dir is valid
4
5/**
6 * Post-trasnform that ensures that bdo tags have the dir attribute set.
7 */
8class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
9{
10
11 /**
12 * @param array $attr
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return array
16 */
17 public function transform($attr, $config, $context)
18 {
19 if (isset($attr['dir'])) {
20 return $attr;
21 }
22 $attr['dir'] = $config->get('Attr.DefaultTextDir');
23 return $attr;
24 }
25}
26
27// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
new file mode 100644
index 00000000..e45e9ba3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated bgcolor attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['bgcolor'])) {
17 return $attr;
18 }
19
20 $bgcolor = $this->confiscateAttr($attr, 'bgcolor');
21 // some validation should happen here
22
23 $this->prependCSS($attr, "background-color:$bgcolor;");
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
new file mode 100644
index 00000000..29d7ff26
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
@@ -0,0 +1,47 @@
1<?php
2
3/**
4 * Pre-transform that changes converts a boolean attribute to fixed CSS
5 */
6class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform
7{
8 /**
9 * Name of boolean attribute that is trigger.
10 * @type string
11 */
12 protected $attr;
13
14 /**
15 * CSS declarations to add to style, needs trailing semicolon.
16 * @type string
17 */
18 protected $css;
19
20 /**
21 * @param string $attr attribute name to convert from
22 * @param string $css CSS declarations to add to style (needs semicolon)
23 */
24 public function __construct($attr, $css)
25 {
26 $this->attr = $attr;
27 $this->css = $css;
28 }
29
30 /**
31 * @param array $attr
32 * @param HTMLPurifier_Config $config
33 * @param HTMLPurifier_Context $context
34 * @return array
35 */
36 public function transform($attr, $config, $context)
37 {
38 if (!isset($attr[$this->attr])) {
39 return $attr;
40 }
41 unset($attr[$this->attr]);
42 $this->prependCSS($attr, $this->css);
43 return $attr;
44 }
45}
46
47// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
new file mode 100644
index 00000000..90a8dea8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
@@ -0,0 +1,26 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated border attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['border'])) {
17 return $attr;
18 }
19 $border_width = $this->confiscateAttr($attr, 'border');
20 // some validation should happen here
21 $this->prependCSS($attr, "border:{$border_width}px solid;");
22 return $attr;
23 }
24}
25
26// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
new file mode 100644
index 00000000..e2bfbf00
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
@@ -0,0 +1,68 @@
1<?php
2
3/**
4 * Generic pre-transform that converts an attribute with a fixed number of
5 * values (enumerated) to CSS.
6 */
7class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform
8{
9 /**
10 * Name of attribute to transform from.
11 * @type string
12 */
13 protected $attr;
14
15 /**
16 * Lookup array of attribute values to CSS.
17 * @type array
18 */
19 protected $enumToCSS = array();
20
21 /**
22 * Case sensitivity of the matching.
23 * @type bool
24 * @warning Currently can only be guaranteed to work with ASCII
25 * values.
26 */
27 protected $caseSensitive = false;
28
29 /**
30 * @param string $attr Attribute name to transform from
31 * @param array $enum_to_css Lookup array of attribute values to CSS
32 * @param bool $case_sensitive Case sensitivity indicator, default false
33 */
34 public function __construct($attr, $enum_to_css, $case_sensitive = false)
35 {
36 $this->attr = $attr;
37 $this->enumToCSS = $enum_to_css;
38 $this->caseSensitive = (bool)$case_sensitive;
39 }
40
41 /**
42 * @param array $attr
43 * @param HTMLPurifier_Config $config
44 * @param HTMLPurifier_Context $context
45 * @return array
46 */
47 public function transform($attr, $config, $context)
48 {
49 if (!isset($attr[$this->attr])) {
50 return $attr;
51 }
52
53 $value = trim($attr[$this->attr]);
54 unset($attr[$this->attr]);
55
56 if (!$this->caseSensitive) {
57 $value = strtolower($value);
58 }
59
60 if (!isset($this->enumToCSS[$value])) {
61 return $attr;
62 }
63 $this->prependCSS($attr, $this->enumToCSS[$value]);
64 return $attr;
65 }
66}
67
68// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
new file mode 100644
index 00000000..561b4d9d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -0,0 +1,48 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Transform that supplies default values for the src and alt attributes
7 * in img tags, as well as prevents the img tag from being removed
8 * because of a missing alt tag. This needs to be registered as both
9 * a pre and post attribute transform.
10 */
11class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
12{
13
14 /**
15 * @param array $attr
16 * @param HTMLPurifier_Config $config
17 * @param HTMLPurifier_Context $context
18 * @return array
19 */
20 public function transform($attr, $config, $context)
21 {
22 $src = true;
23 if (!isset($attr['src'])) {
24 if ($config->get('Core.RemoveInvalidImg')) {
25 return $attr;
26 }
27 $attr['src'] = $config->get('Attr.DefaultInvalidImage');
28 $src = false;
29 }
30
31 if (!isset($attr['alt'])) {
32 if ($src) {
33 $alt = $config->get('Attr.DefaultImageAlt');
34 if ($alt === null) {
35 // truncate if the alt is too long
36 $attr['alt'] = substr(basename($attr['src']), 0, 40);
37 } else {
38 $attr['alt'] = $alt;
39 }
40 } else {
41 $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
42 }
43 }
44 return $attr;
45 }
46}
47
48// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
new file mode 100644
index 00000000..aec42aea
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
@@ -0,0 +1,61 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated hspace and vspace attributes to CSS
5 */
6class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @type string
10 */
11 protected $attr;
12
13 /**
14 * @type array
15 */
16 protected $css = array(
17 'hspace' => array('left', 'right'),
18 'vspace' => array('top', 'bottom')
19 );
20
21 /**
22 * @param string $attr
23 */
24 public function __construct($attr)
25 {
26 $this->attr = $attr;
27 if (!isset($this->css[$attr])) {
28 trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
29 }
30 }
31
32 /**
33 * @param array $attr
34 * @param HTMLPurifier_Config $config
35 * @param HTMLPurifier_Context $context
36 * @return array
37 */
38 public function transform($attr, $config, $context)
39 {
40 if (!isset($attr[$this->attr])) {
41 return $attr;
42 }
43
44 $width = $this->confiscateAttr($attr, $this->attr);
45 // some validation could happen here
46
47 if (!isset($this->css[$this->attr])) {
48 return $attr;
49 }
50
51 $style = '';
52 foreach ($this->css[$this->attr] as $suffix) {
53 $property = "margin-$suffix";
54 $style .= "$property:{$width}px;";
55 }
56 $this->prependCSS($attr, $style);
57 return $attr;
58 }
59}
60
61// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
new file mode 100644
index 00000000..17a2ce4c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Performs miscellaneous cross attribute validation and filtering for
5 * input elements. This is meant to be a post-transform.
6 */
7class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform
8{
9 /**
10 * @type HTMLPurifier_AttrDef_HTML_Pixels
11 */
12 protected $pixels;
13
14 public function __construct()
15 {
16 $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
17 }
18
19 /**
20 * @param array $attr
21 * @param HTMLPurifier_Config $config
22 * @param HTMLPurifier_Context $context
23 * @return array
24 */
25 public function transform($attr, $config, $context)
26 {
27 if (!isset($attr['type'])) {
28 $t = 'text';
29 } else {
30 $t = strtolower($attr['type']);
31 }
32 if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
33 unset($attr['checked']);
34 }
35 if (isset($attr['maxlength']) && $t !== 'text' && $t !== 'password') {
36 unset($attr['maxlength']);
37 }
38 if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
39 $result = $this->pixels->validate($attr['size'], $config, $context);
40 if ($result === false) {
41 unset($attr['size']);
42 } else {
43 $attr['size'] = $result;
44 }
45 }
46 if (isset($attr['src']) && $t !== 'image') {
47 unset($attr['src']);
48 }
49 if (!isset($attr['value']) && ($t === 'radio' || $t === 'checkbox')) {
50 $attr['value'] = '';
51 }
52 return $attr;
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
new file mode 100644
index 00000000..591b8ca7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
@@ -0,0 +1,31 @@
1<?php
2
3/**
4 * Post-transform that copies lang's value to xml:lang (and vice-versa)
5 * @note Theoretically speaking, this could be a pre-transform, but putting
6 * post is more efficient.
7 */
8class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
9{
10
11 /**
12 * @param array $attr
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return array
16 */
17 public function transform($attr, $config, $context)
18 {
19 $lang = isset($attr['lang']) ? $attr['lang'] : false;
20 $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
21
22 if ($lang !== false && $xml_lang === false) {
23 $attr['xml:lang'] = $lang;
24 } elseif ($xml_lang !== false) {
25 $attr['lang'] = $xml_lang;
26 }
27 return $attr;
28 }
29}
30
31// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
new file mode 100644
index 00000000..c4bfd976
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
@@ -0,0 +1,45 @@
1<?php
2
3/**
4 * Class for handling width/height length attribute transformations to CSS
5 */
6class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
7{
8
9 /**
10 * @type string
11 */
12 protected $name;
13
14 /**
15 * @type string
16 */
17 protected $cssName;
18
19 public function __construct($name, $css_name = null)
20 {
21 $this->name = $name;
22 $this->cssName = $css_name ? $css_name : $name;
23 }
24
25 /**
26 * @param array $attr
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return array
30 */
31 public function transform($attr, $config, $context)
32 {
33 if (!isset($attr[$this->name])) {
34 return $attr;
35 }
36 $length = $this->confiscateAttr($attr, $this->name);
37 if (ctype_digit($length)) {
38 $length .= 'px';
39 }
40 $this->prependCSS($attr, $this->cssName . ":$length;");
41 return $attr;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
new file mode 100644
index 00000000..a874d0f7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
@@ -0,0 +1,33 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated name attribute to ID if necessary
5 */
6class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
7{
8
9 /**
10 * @param array $attr
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return array
14 */
15 public function transform($attr, $config, $context)
16 {
17 // Abort early if we're using relaxed definition of name
18 if ($config->get('HTML.Attr.Name.UseCDATA')) {
19 return $attr;
20 }
21 if (!isset($attr['name'])) {
22 return $attr;
23 }
24 $id = $this->confiscateAttr($attr, 'name');
25 if (isset($attr['id'])) {
26 return $attr;
27 }
28 $attr['id'] = $id;
29 return $attr;
30 }
31}
32
33// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
new file mode 100644
index 00000000..457f8110
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
@@ -0,0 +1,41 @@
1<?php
2
3/**
4 * Post-transform that performs validation to the name attribute; if
5 * it is present with an equivalent id attribute, it is passed through;
6 * otherwise validation is performed.
7 */
8class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
9{
10
11 public function __construct()
12 {
13 $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
14 }
15
16 /**
17 * @param array $attr
18 * @param HTMLPurifier_Config $config
19 * @param HTMLPurifier_Context $context
20 * @return array
21 */
22 public function transform($attr, $config, $context)
23 {
24 if (!isset($attr['name'])) {
25 return $attr;
26 }
27 $name = $attr['name'];
28 if (isset($attr['id']) && $attr['id'] === $name) {
29 return $attr;
30 }
31 $result = $this->idDef->validate($name, $config, $context);
32 if ($result === false) {
33 unset($attr['name']);
34 } else {
35 $attr['name'] = $result;
36 }
37 return $attr;
38 }
39}
40
41// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
new file mode 100644
index 00000000..25173c21
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
@@ -0,0 +1,52 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Adds rel="nofollow" to all outbound links. This transform is
7 * only attached if Attr.Nofollow is TRUE.
8 */
9class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
10{
11 /**
12 * @type HTMLPurifier_URIParser
13 */
14 private $parser;
15
16 public function __construct()
17 {
18 $this->parser = new HTMLPurifier_URIParser();
19 }
20
21 /**
22 * @param array $attr
23 * @param HTMLPurifier_Config $config
24 * @param HTMLPurifier_Context $context
25 * @return array
26 */
27 public function transform($attr, $config, $context)
28 {
29 if (!isset($attr['href'])) {
30 return $attr;
31 }
32
33 // XXX Kind of inefficient
34 $url = $this->parser->parse($attr['href']);
35 $scheme = $url->getSchemeObj($config, $context);
36
37 if ($scheme->browsable && !$url->isLocal($config, $context)) {
38 if (isset($attr['rel'])) {
39 $rels = explode(' ', $attr['rel']);
40 if (!in_array('nofollow', $rels)) {
41 $rels[] = 'nofollow';
42 }
43 $attr['rel'] = implode(' ', $rels);
44 } else {
45 $attr['rel'] = 'nofollow';
46 }
47 }
48 return $attr;
49 }
50}
51
52// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
new file mode 100644
index 00000000..98ebf49b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
@@ -0,0 +1,25 @@
1<?php
2
3class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
4{
5 /**
6 * @type string
7 */
8 public $name = "SafeEmbed";
9
10 /**
11 * @param array $attr
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return array
15 */
16 public function transform($attr, $config, $context)
17 {
18 $attr['allowscriptaccess'] = 'never';
19 $attr['allownetworking'] = 'internal';
20 $attr['type'] = 'application/x-shockwave-flash';
21 return $attr;
22 }
23}
24
25// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
new file mode 100644
index 00000000..b71a8f9a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Writes default type for all objects. Currently only supports flash.
5 */
6class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @type string
10 */
11 public $name = "SafeObject";
12
13 /**
14 * @param array $attr
15 * @param HTMLPurifier_Config $config
16 * @param HTMLPurifier_Context $context
17 * @return array
18 */
19 public function transform($attr, $config, $context)
20 {
21 if (!isset($attr['type'])) {
22 $attr['type'] = 'application/x-shockwave-flash';
23 }
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
new file mode 100644
index 00000000..20664414
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
@@ -0,0 +1,79 @@
1<?php
2
3/**
4 * Validates name/value pairs in param tags to be used in safe objects. This
5 * will only allow name values it recognizes, and pre-fill certain attributes
6 * with required values.
7 *
8 * @note
9 * This class only supports Flash. In the future, Quicktime support
10 * may be added.
11 *
12 * @warning
13 * This class expects an injector to add the necessary parameters tags.
14 */
15class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
16{
17 /**
18 * @type string
19 */
20 public $name = "SafeParam";
21
22 /**
23 * @type HTMLPurifier_AttrDef_URI
24 */
25 private $uri;
26
27 public function __construct()
28 {
29 $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
30 $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
31 }
32
33 /**
34 * @param array $attr
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return array
38 */
39 public function transform($attr, $config, $context)
40 {
41 // If we add support for other objects, we'll need to alter the
42 // transforms.
43 switch ($attr['name']) {
44 // application/x-shockwave-flash
45 // Keep this synchronized with Injector/SafeObject.php
46 case 'allowScriptAccess':
47 $attr['value'] = 'never';
48 break;
49 case 'allowNetworking':
50 $attr['value'] = 'internal';
51 break;
52 case 'allowFullScreen':
53 if ($config->get('HTML.FlashAllowFullScreen')) {
54 $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
55 } else {
56 $attr['value'] = 'false';
57 }
58 break;
59 case 'wmode':
60 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
61 break;
62 case 'movie':
63 case 'src':
64 $attr['name'] = "movie";
65 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
66 break;
67 case 'flashvars':
68 // we're going to allow arbitrary inputs to the SWF, on
69 // the reasoning that it could only hack the SWF, not us.
70 break;
71 // add other cases to support other param name/value pairs
72 default:
73 $attr['name'] = $attr['value'] = null;
74 }
75 return $attr;
76 }
77}
78
79// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
new file mode 100644
index 00000000..49445b43
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
@@ -0,0 +1,23 @@
1<?php
2
3/**
4 * Implements required attribute stipulation for <script>
5 */
6class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['type'])) {
17 $attr['type'] = 'text/javascript';
18 }
19 return $attr;
20 }
21}
22
23// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
new file mode 100644
index 00000000..f66dcf8c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
@@ -0,0 +1,45 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Adds target="blank" to all outbound links. This transform is
7 * only attached if Attr.TargetBlank is TRUE. This works regardless
8 * of whether or not Attr.AllowedFrameTargets
9 */
10class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
11{
12 /**
13 * @type HTMLPurifier_URIParser
14 */
15 private $parser;
16
17 public function __construct()
18 {
19 $this->parser = new HTMLPurifier_URIParser();
20 }
21
22 /**
23 * @param array $attr
24 * @param HTMLPurifier_Config $config
25 * @param HTMLPurifier_Context $context
26 * @return array
27 */
28 public function transform($attr, $config, $context)
29 {
30 if (!isset($attr['href'])) {
31 return $attr;
32 }
33
34 // XXX Kind of inefficient
35 $url = $this->parser->parse($attr['href']);
36 $scheme = $url->getSchemeObj($config, $context);
37
38 if ($scheme->browsable && !$url->isBenign($config, $context)) {
39 $attr['target'] = '_blank';
40 }
41 return $attr;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
new file mode 100644
index 00000000..182fdda7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
@@ -0,0 +1,27 @@
1<?php
2
3/**
4 * Sets height/width defaults for <textarea>
5 */
6class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 // Calculated from Firefox
17 if (!isset($attr['cols'])) {
18 $attr['cols'] = '22';
19 }
20 if (!isset($attr['rows'])) {
21 $attr['rows'] = '3';
22 }
23 return $attr;
24 }
25}
26
27// vim: et sw=4 sts=4