diff options
author | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-21 15:43:14 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-21 15:43:14 +0100 |
commit | d4949327efa15b492cab1bef3fe074290a328a17 (patch) | |
tree | e89e0322bb1f1b06d663fd10fdded21bac867e5d /inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser | |
parent | c9bd17a1007bb78e5de0775efca01df0fb515031 (diff) | |
download | wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.gz wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.zst wallabag-d4949327efa15b492cab1bef3fe074290a328a17.zip |
[add] HTML Purifier added to clean code
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php | 130 | ||||
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php | 38 |
2 files changed, 168 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php new file mode 100644 index 00000000..b2ed860a --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php | |||
@@ -0,0 +1,130 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Performs safe variable parsing based on types which can be used by | ||
5 | * users. This may not be able to represent all possible data inputs, | ||
6 | * however. | ||
7 | */ | ||
8 | class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser | ||
9 | { | ||
10 | /** | ||
11 | * @param mixed $var | ||
12 | * @param int $type | ||
13 | * @param bool $allow_null | ||
14 | * @return array|bool|float|int|mixed|null|string | ||
15 | * @throws HTMLPurifier_VarParserException | ||
16 | */ | ||
17 | protected function parseImplementation($var, $type, $allow_null) | ||
18 | { | ||
19 | if ($allow_null && $var === null) { | ||
20 | return null; | ||
21 | } | ||
22 | switch ($type) { | ||
23 | // Note: if code "breaks" from the switch, it triggers a generic | ||
24 | // exception to be thrown. Specific errors can be specifically | ||
25 | // done here. | ||
26 | case self::MIXED: | ||
27 | case self::ISTRING: | ||
28 | case self::STRING: | ||
29 | case self::TEXT: | ||
30 | case self::ITEXT: | ||
31 | return $var; | ||
32 | case self::INT: | ||
33 | if (is_string($var) && ctype_digit($var)) { | ||
34 | $var = (int)$var; | ||
35 | } | ||
36 | return $var; | ||
37 | case self::FLOAT: | ||
38 | if ((is_string($var) && is_numeric($var)) || is_int($var)) { | ||
39 | $var = (float)$var; | ||
40 | } | ||
41 | return $var; | ||
42 | case self::BOOL: | ||
43 | if (is_int($var) && ($var === 0 || $var === 1)) { | ||
44 | $var = (bool)$var; | ||
45 | } elseif (is_string($var)) { | ||
46 | if ($var == 'on' || $var == 'true' || $var == '1') { | ||
47 | $var = true; | ||
48 | } elseif ($var == 'off' || $var == 'false' || $var == '0') { | ||
49 | $var = false; | ||
50 | } else { | ||
51 | throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type"); | ||
52 | } | ||
53 | } | ||
54 | return $var; | ||
55 | case self::ALIST: | ||
56 | case self::HASH: | ||
57 | case self::LOOKUP: | ||
58 | if (is_string($var)) { | ||
59 | // special case: technically, this is an array with | ||
60 | // a single empty string item, but having an empty | ||
61 | // array is more intuitive | ||
62 | if ($var == '') { | ||
63 | return array(); | ||
64 | } | ||
65 | if (strpos($var, "\n") === false && strpos($var, "\r") === false) { | ||
66 | // simplistic string to array method that only works | ||
67 | // for simple lists of tag names or alphanumeric characters | ||
68 | $var = explode(',', $var); | ||
69 | } else { | ||
70 | $var = preg_split('/(,|[\n\r]+)/', $var); | ||
71 | } | ||
72 | // remove spaces | ||
73 | foreach ($var as $i => $j) { | ||
74 | $var[$i] = trim($j); | ||
75 | } | ||
76 | if ($type === self::HASH) { | ||
77 | // key:value,key2:value2 | ||
78 | $nvar = array(); | ||
79 | foreach ($var as $keypair) { | ||
80 | $c = explode(':', $keypair, 2); | ||
81 | if (!isset($c[1])) { | ||
82 | continue; | ||
83 | } | ||
84 | $nvar[trim($c[0])] = trim($c[1]); | ||
85 | } | ||
86 | $var = $nvar; | ||
87 | } | ||
88 | } | ||
89 | if (!is_array($var)) { | ||
90 | break; | ||
91 | } | ||
92 | $keys = array_keys($var); | ||
93 | if ($keys === array_keys($keys)) { | ||
94 | if ($type == self::ALIST) { | ||
95 | return $var; | ||
96 | } elseif ($type == self::LOOKUP) { | ||
97 | $new = array(); | ||
98 | foreach ($var as $key) { | ||
99 | $new[$key] = true; | ||
100 | } | ||
101 | return $new; | ||
102 | } else { | ||
103 | break; | ||
104 | } | ||
105 | } | ||
106 | if ($type === self::ALIST) { | ||
107 | trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING); | ||
108 | return array_values($var); | ||
109 | } | ||
110 | if ($type === self::LOOKUP) { | ||
111 | foreach ($var as $key => $value) { | ||
112 | if ($value !== true) { | ||
113 | trigger_error( | ||
114 | "Lookup array has non-true value at key '$key'; " . | ||
115 | "maybe your input array was not indexed numerically", | ||
116 | E_USER_WARNING | ||
117 | ); | ||
118 | } | ||
119 | $var[$key] = true; | ||
120 | } | ||
121 | } | ||
122 | return $var; | ||
123 | default: | ||
124 | $this->errorInconsistent(__CLASS__, $type); | ||
125 | } | ||
126 | $this->errorGeneric($var, $type); | ||
127 | } | ||
128 | } | ||
129 | |||
130 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php new file mode 100644 index 00000000..c28055b5 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php | |||
@@ -0,0 +1,38 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * This variable parser uses PHP's internal code engine. Because it does | ||
5 | * this, it can represent all inputs; however, it is dangerous and cannot | ||
6 | * be used by users. | ||
7 | */ | ||
8 | class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser | ||
9 | { | ||
10 | |||
11 | /** | ||
12 | * @param mixed $var | ||
13 | * @param int $type | ||
14 | * @param bool $allow_null | ||
15 | * @return null|string | ||
16 | */ | ||
17 | protected function parseImplementation($var, $type, $allow_null) | ||
18 | { | ||
19 | return $this->evalExpression($var); | ||
20 | } | ||
21 | |||
22 | /** | ||
23 | * @param string $expr | ||
24 | * @return mixed | ||
25 | * @throws HTMLPurifier_VarParserException | ||
26 | */ | ||
27 | protected function evalExpression($expr) | ||
28 | { | ||
29 | $var = null; | ||
30 | $result = eval("\$var = $expr;"); | ||
31 | if ($result === false) { | ||
32 | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); | ||
33 | } | ||
34 | return $var; | ||
35 | } | ||
36 | } | ||
37 | |||
38 | // vim: et sw=4 sts=4 | ||