Merge pull request #481 from wallabag/dev1.5.2

1.5.2
author: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-02-21 15:57:10 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-02-21 15:57:10 +0100
commit: 99679d06884120c57f43b44e55e03595f1f87bed (patch)
tree: a3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
parent: 655214ab30ee84884dc408488b85586f36263fcb (diff)
parent: d3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
download: wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.gz
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.zst
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.zip
1 files changed, 178 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
new file mode 100644
index 00000000..1a2b0b67
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
@@ -0,0 +1,178 @@
+<?php
+/**
+ * Validates the attributes of a token. Doesn't manage required attributes
+ * very well. The only reason we factored this out was because RemoveForeignElements
+ * also needed it besides ValidateAttributes.
+ */
+class HTMLPurifier_AttrValidator
+{
+    /**
+     * Validates the attributes of a token, mutating it as necessary.
+     * that has valid tokens
+     * @param HTMLPurifier_Token $token Token to validate.
+     * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
+     * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
+     */
+    public function validateToken($token, $config, $context)
+    {
+        $definition = $config->getHTMLDefinition();
+        $e =& $context->get('ErrorCollector', true);
+        // initialize IDAccumulator if necessary
+        $ok =& $context->get('IDAccumulator', true);
+        if (!$ok) {
+            $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+            $context->register('IDAccumulator', $id_accumulator);
+        }
+        // initialize CurrentToken if necessary
+        $current_token =& $context->get('CurrentToken', true);
+        if (!$current_token) {
+            $context->register('CurrentToken', $token);
+        }
+        if (!$token instanceof HTMLPurifier_Token_Start &&
+            !$token instanceof HTMLPurifier_Token_Empty
+        ) {
+            return;
+        }
+        // create alias to global definition array, see also $defs
+        // DEFINITION CALL
+        $d_defs = $definition->info_global_attr;
+        // don't update token until the very end, to ensure an atomic update
+        $attr = $token->attr;
+        // do global transformations (pre)
+        // nothing currently utilizes this
+        foreach ($definition->info_attr_transform_pre as $transform) {
+            $attr = $transform->transform($o = $attr, $config, $context);
+            if ($e) {
+                if ($attr != $o) {
+                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
+            }
+        }
+        // do local transformations only applicable to this element (pre)
+        // ex. <p align="right"> to <p style="text-align:right;">
+        foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
+            $attr = $transform->transform($o = $attr, $config, $context);
+            if ($e) {
+                if ($attr != $o) {
+                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
+            }
+        }
+        // create alias to this element's attribute definition array, see
+        // also $d_defs (global attribute definition array)
+        // DEFINITION CALL
+        $defs = $definition->info[$token->name]->attr;
+        $attr_key = false;
+        $context->register('CurrentAttr', $attr_key);
+        // iterate through all the attribute keypairs
+        // Watch out for name collisions: $key has previously been used
+        foreach ($attr as $attr_key => $value) {
+            // call the definition
+            if (isset($defs[$attr_key])) {
+                // there is a local definition defined
+                if ($defs[$attr_key] === false) {
+                    // We've explicitly been told not to allow this element.
+                    // This is usually when there's a global definition
+                    // that must be overridden.
+                    // Theoretically speaking, we could have a
+                    // AttrDef_DenyAll, but this is faster!
+                    $result = false;
+                } else {
+                    // validate according to the element's definition
+                    $result = $defs[$attr_key]->validate(
+                        $value,
+                        $config,
+                        $context
+                    );
+                }
+            } elseif (isset($d_defs[$attr_key])) {
+                // there is a global definition defined, validate according
+                // to the global definition
+                $result = $d_defs[$attr_key]->validate(
+                    $value,
+                    $config,
+                    $context
+                );
+            } else {
+                // system never heard of the attribute? DELETE!
+                $result = false;
+            }
+            // put the results into effect
+            if ($result === false || $result === null) {
+                // this is a generic error message that should replaced
+                // with more specific ones when possible
+                if ($e) {
+                    $e->send(E_ERROR, 'AttrValidator: Attribute removed');
+                }
+                // remove the attribute
+                unset($attr[$attr_key]);
+            } elseif (is_string($result)) {
+                // generally, if a substitution is happening, there
+                // was some sort of implicit correction going on. We'll
+                // delegate it to the attribute classes to say exactly what.
+                // simple substitution
+                $attr[$attr_key] = $result;
+            } else {
+                // nothing happens
+            }
+            // we'd also want slightly more complicated substitution
+            // involving an array as the return value,
+            // although we're not sure how colliding attributes would
+            // resolve (certain ones would be completely overriden,
+            // others would prepend themselves).
+        }
+        $context->destroy('CurrentAttr');
+        // post transforms
+        // global (error reporting untested)
+        foreach ($definition->info_attr_transform_post as $transform) {
+            $attr = $transform->transform($o = $attr, $config, $context);
+            if ($e) {
+                if ($attr != $o) {
+                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
+            }
+        }
+        // local (error reporting untested)
+        foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
+            $attr = $transform->transform($o = $attr, $config, $context);
+            if ($e) {
+                if ($attr != $o) {
+                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
+                }
+            }
+        }
+        $token->attr = $attr;
+        // destroy CurrentToken if we made it ourselves
+        if (!$current_token) {
+            $context->destroy('CurrentToken');
+        }
+    }
+}
+// vim: et sw=4 sts=4
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-02-21 15:57:10 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-02-21 15:57:10 +0100
commit	99679d06884120c57f43b44e55e03595f1f87bed (patch)
tree	a3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
parent	655214ab30ee84884dc408488b85586f36263fcb (diff)
parent	d3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
download	wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.gz wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.zst wallabag-99679d06884120c57f43b44e55e03595f1f87bed.zip

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php new file mode 100644 index 00000000..1a2b0b67 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
@@ -0,0 +1,178 @@
	1	<?php
	2
	3	/**
	4	* Validates the attributes of a token. Doesn't manage required attributes
	5	* very well. The only reason we factored this out was because RemoveForeignElements
	6	* also needed it besides ValidateAttributes.
	7	*/
	8	class HTMLPurifier_AttrValidator
	9	{
	10
	11	/**
	12	* Validates the attributes of a token, mutating it as necessary.
	13	* that has valid tokens
	14	* @param HTMLPurifier_Token $token Token to validate.
	15	* @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
	16	* @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
	17	*/
	18	public function validateToken($token, $config, $context)
	19	{
	20	$definition = $config->getHTMLDefinition();
	21	$e =& $context->get('ErrorCollector', true);
	22
	23	// initialize IDAccumulator if necessary
	24	$ok =& $context->get('IDAccumulator', true);
	25	if (!$ok) {
	26	$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
	27	$context->register('IDAccumulator', $id_accumulator);
	28	}
	29
	30	// initialize CurrentToken if necessary
	31	$current_token =& $context->get('CurrentToken', true);
	32	if (!$current_token) {
	33	$context->register('CurrentToken', $token);
	34	}
	35
	36	if (!$token instanceof HTMLPurifier_Token_Start &&
	37	!$token instanceof HTMLPurifier_Token_Empty
	38	) {
	39	return;
	40	}
	41
	42	// create alias to global definition array, see also $defs
	43	// DEFINITION CALL
	44	$d_defs = $definition->info_global_attr;
	45
	46	// don't update token until the very end, to ensure an atomic update
	47	$attr = $token->attr;
	48
	49	// do global transformations (pre)
	50	// nothing currently utilizes this
	51	foreach ($definition->info_attr_transform_pre as $transform) {
	52	$attr = $transform->transform($o = $attr, $config, $context);
	53	if ($e) {
	54	if ($attr != $o) {
	55	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
	56	}
	57	}
	58	}
	59
	60	// do local transformations only applicable to this element (pre)
	61	// ex. <p align="right"> to <p style="text-align:right;">
	62	foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
	63	$attr = $transform->transform($o = $attr, $config, $context);
	64	if ($e) {
	65	if ($attr != $o) {
	66	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
	67	}
	68	}
	69	}
	70
	71	// create alias to this element's attribute definition array, see
	72	// also $d_defs (global attribute definition array)
	73	// DEFINITION CALL
	74	$defs = $definition->info[$token->name]->attr;
	75
	76	$attr_key = false;
	77	$context->register('CurrentAttr', $attr_key);
	78
	79	// iterate through all the attribute keypairs
	80	// Watch out for name collisions: $key has previously been used
	81	foreach ($attr as $attr_key => $value) {
	82
	83	// call the definition
	84	if (isset($defs[$attr_key])) {
	85	// there is a local definition defined
	86	if ($defs[$attr_key] === false) {
	87	// We've explicitly been told not to allow this element.
	88	// This is usually when there's a global definition
	89	// that must be overridden.
	90	// Theoretically speaking, we could have a
	91	// AttrDef_DenyAll, but this is faster!
	92	$result = false;
	93	} else {
	94	// validate according to the element's definition
	95	$result = $defs[$attr_key]->validate(
	96	$value,
	97	$config,
	98	$context
	99	);
	100	}
	101	} elseif (isset($d_defs[$attr_key])) {
	102	// there is a global definition defined, validate according
	103	// to the global definition
	104	$result = $d_defs[$attr_key]->validate(
	105	$value,
	106	$config,
	107	$context
	108	);
	109	} else {
	110	// system never heard of the attribute? DELETE!
	111	$result = false;
	112	}
	113
	114	// put the results into effect
	115	if ($result === false \|\| $result === null) {
	116	// this is a generic error message that should replaced
	117	// with more specific ones when possible
	118	if ($e) {
	119	$e->send(E_ERROR, 'AttrValidator: Attribute removed');
	120	}
	121
	122	// remove the attribute
	123	unset($attr[$attr_key]);
	124	} elseif (is_string($result)) {
	125	// generally, if a substitution is happening, there
	126	// was some sort of implicit correction going on. We'll
	127	// delegate it to the attribute classes to say exactly what.
	128
	129	// simple substitution
	130	$attr[$attr_key] = $result;
	131	} else {
	132	// nothing happens
	133	}
	134
	135	// we'd also want slightly more complicated substitution
	136	// involving an array as the return value,
	137	// although we're not sure how colliding attributes would
	138	// resolve (certain ones would be completely overriden,
	139	// others would prepend themselves).
	140	}
	141
	142	$context->destroy('CurrentAttr');
	143
	144	// post transforms
	145
	146	// global (error reporting untested)
	147	foreach ($definition->info_attr_transform_post as $transform) {
	148	$attr = $transform->transform($o = $attr, $config, $context);
	149	if ($e) {
	150	if ($attr != $o) {
	151	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
	152	}
	153	}
	154	}
	155
	156	// local (error reporting untested)
	157	foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
	158	$attr = $transform->transform($o = $attr, $config, $context);
	159	if ($e) {
	160	if ($attr != $o) {
	161	$e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
	162	}
	163	}
	164	}
	165
	166	$token->attr = $attr;
	167
	168	// destroy CurrentToken if we made it ourselves
	169	if (!$current_token) {
	170	$context->destroy('CurrentToken');
	171	}
	172
	173	}
	174
	175
	176	}
	177
	178	// vim: et sw=4 sts=4