aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/htmlpurifier/HTMLPurifier
diff options
context:
space:
mode:
authorNicolas Lœuillet <nicolas@loeuillet.org>2014-02-21 15:57:10 +0100
committerNicolas Lœuillet <nicolas@loeuillet.org>2014-02-21 15:57:10 +0100
commit99679d06884120c57f43b44e55e03595f1f87bed (patch)
treea3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier
parent655214ab30ee84884dc408488b85586f36263fcb (diff)
parentd3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
downloadwallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.gz
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.zst
wallabag-99679d06884120c57f43b44e55e03595f1f87bed.zip
Merge pull request #481 from wallabag/dev1.5.2
1.5.2
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier')
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Arborize.php71
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrCollections.php143
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef.php138
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php106
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php34
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php111
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php157
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php105
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php77
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php176
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php219
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php32
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php77
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php112
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php71
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php84
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php54
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php46
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php74
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Clone.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Enum.php73
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php51
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php51
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php38
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php105
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php72
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php60
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php70
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php76
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Integer.php91
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Lang.php86
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Switch.php53
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Text.php21
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI.php111
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php20
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php29
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php128
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php89
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform.php60
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php27
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php47
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php26
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php68
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php61
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php31
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php33
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php41
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php52
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php79
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php23
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php27
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTypes.php96
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php178
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Bootstrap.php124
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/CSSDefinition.php474
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef.php52
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php67
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Custom.php102
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Empty.php38
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/List.php86
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Optional.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Required.php118
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php110
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Table.php224
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Config.php911
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema.php176
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php144
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php47
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php89
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php58
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php226
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php248
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php130
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema.serbin0 -> 15000 bytes
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt19
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt5
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt31
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt46
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt18
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt18
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt29
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt17
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt7
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt19
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt34
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt29
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt74
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt19
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt23
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt20
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt18
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt23
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt33
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt21
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt20
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt7
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt24
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt8
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt7
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt17
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt17
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt14
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt19
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt13
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt83
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt17
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt30
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt22
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini3
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ContentSets.php170
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Context.php95
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Definition.php55
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache.php129
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php112
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php78
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php85
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in82
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php76
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php285
-rwxr-xr-xinc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README3
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php106
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Doctype.php73
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/DoctypeRegistry.php142
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ElementDef.php216
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Encoder.php611
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup.php48
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser1
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/EntityParser.php153
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorCollector.php244
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorStruct.php74
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Exception.php12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Filter.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php338
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/YouTube.php65
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Generator.php286
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLDefinition.php493
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule.php284
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php31
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php55
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php190
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php51
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Image.php49
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php186
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/List.php51
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Name.php26
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php20
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Object.php62
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php42
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php36
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php62
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php73
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php33
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php75
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Target.php28
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/TargetBlank.php24
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Text.php87
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php230
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php33
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php34
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php43
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php16
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php26
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php179
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php20
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModuleManager.php459
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/IDAccumulator.php57
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector.php281
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php356
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/Linkify.php59
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php71
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php101
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php84
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php121
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Language.php204
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php9
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php12
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en.php55
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/LanguageFactory.php209
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Length.php160
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer.php357
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php280
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php539
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/PH5P.php4788
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Node.php49
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Comment.php36
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Element.php59
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Text.php54
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/PercentEncoder.php111
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer.php218
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/CSSDefinition.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js5
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.php447
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/HTMLDefinition.php324
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyList.php122
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyListIterator.php42
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Queue.php56
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy.php26
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Composite.php30
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Core.php17
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/FixNesting.php181
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/MakeWellFormed.php600
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php207
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php45
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/StringHash.php47
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/StringHashParser.php136
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform.php37
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Font.php114
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Simple.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token.php100
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Comment.php38
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Empty.php15
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/End.php24
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Start.php10
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Tag.php68
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Text.php53
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/TokenFactory.php118
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php314
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIDefinition.php112
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter.php74
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php54
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php25
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableResources.php22
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php46
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/MakeAbsolute.php158
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/Munge.php115
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php68
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIParser.php71
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme.php102
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php127
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php44
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php58
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php36
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php18
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php40
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php35
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php32
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/URISchemeRegistry.php81
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/UnitConverter.php307
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser.php198
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php130
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php38
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/VarParserException.php11
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/Zipper.php157
353 files changed, 30578 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Arborize.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Arborize.php
new file mode 100644
index 00000000..eab66566
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Arborize.php
@@ -0,0 +1,71 @@
1<?php
2
3/**
4 * Converts a stream of HTMLPurifier_Token into an HTMLPurifier_Node,
5 * and back again.
6 *
7 * @note This transformation is not an equivalence. We mutate the input
8 * token stream to make it so; see all [MUT] markers in code.
9 */
10class HTMLPurifier_Arborize
11{
12 public static function arborize($tokens, $config, $context) {
13 $definition = $config->getHTMLDefinition();
14 $parent = new HTMLPurifier_Token_Start($definition->info_parent);
15 $stack = array($parent->toNode());
16 foreach ($tokens as $token) {
17 $token->skip = null; // [MUT]
18 $token->carryover = null; // [MUT]
19 if ($token instanceof HTMLPurifier_Token_End) {
20 $token->start = null; // [MUT]
21 $r = array_pop($stack);
22 assert($r->name === $token->name);
23 assert(empty($token->attr));
24 $r->endCol = $token->col;
25 $r->endLine = $token->line;
26 $r->endArmor = $token->armor;
27 continue;
28 }
29 $node = $token->toNode();
30 $stack[count($stack)-1]->children[] = $node;
31 if ($token instanceof HTMLPurifier_Token_Start) {
32 $stack[] = $node;
33 }
34 }
35 assert(count($stack) == 1);
36 return $stack[0];
37 }
38
39 public static function flatten($node, $config, $context) {
40 $level = 0;
41 $nodes = array($level => new HTMLPurifier_Queue(array($node)));
42 $closingTokens = array();
43 $tokens = array();
44 do {
45 while (!$nodes[$level]->isEmpty()) {
46 $node = $nodes[$level]->shift(); // FIFO
47 list($start, $end) = $node->toTokenPair();
48 if ($level > 0) {
49 $tokens[] = $start;
50 }
51 if ($end !== NULL) {
52 $closingTokens[$level][] = $end;
53 }
54 if ($node instanceof HTMLPurifier_Node_Element) {
55 $level++;
56 $nodes[$level] = new HTMLPurifier_Queue();
57 foreach ($node->children as $childNode) {
58 $nodes[$level]->push($childNode);
59 }
60 }
61 }
62 $level--;
63 if ($level && isset($closingTokens[$level])) {
64 while ($token = array_pop($closingTokens[$level])) {
65 $tokens[] = $token;
66 }
67 }
68 } while ($level > 0);
69 return $tokens;
70 }
71}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrCollections.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrCollections.php
new file mode 100644
index 00000000..2d2c7d28
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrCollections.php
@@ -0,0 +1,143 @@
1<?php
2
3/**
4 * Defines common attribute collections that modules reference
5 */
6
7class HTMLPurifier_AttrCollections
8{
9
10 /**
11 * Associative array of attribute collections, indexed by name.
12 * @type array
13 */
14 public $info = array();
15
16 /**
17 * Performs all expansions on internal data for use by other inclusions
18 * It also collects all attribute collection extensions from
19 * modules
20 * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance
21 * @param HTMLPurifier_HTMLModule[] $modules Hash array of HTMLPurifier_HTMLModule members
22 */
23 public function __construct($attr_types, $modules)
24 {
25 // load extensions from the modules
26 foreach ($modules as $module) {
27 foreach ($module->attr_collections as $coll_i => $coll) {
28 if (!isset($this->info[$coll_i])) {
29 $this->info[$coll_i] = array();
30 }
31 foreach ($coll as $attr_i => $attr) {
32 if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
33 // merge in includes
34 $this->info[$coll_i][$attr_i] = array_merge(
35 $this->info[$coll_i][$attr_i],
36 $attr
37 );
38 continue;
39 }
40 $this->info[$coll_i][$attr_i] = $attr;
41 }
42 }
43 }
44 // perform internal expansions and inclusions
45 foreach ($this->info as $name => $attr) {
46 // merge attribute collections that include others
47 $this->performInclusions($this->info[$name]);
48 // replace string identifiers with actual attribute objects
49 $this->expandIdentifiers($this->info[$name], $attr_types);
50 }
51 }
52
53 /**
54 * Takes a reference to an attribute associative array and performs
55 * all inclusions specified by the zero index.
56 * @param array &$attr Reference to attribute array
57 */
58 public function performInclusions(&$attr)
59 {
60 if (!isset($attr[0])) {
61 return;
62 }
63 $merge = $attr[0];
64 $seen = array(); // recursion guard
65 // loop through all the inclusions
66 for ($i = 0; isset($merge[$i]); $i++) {
67 if (isset($seen[$merge[$i]])) {
68 continue;
69 }
70 $seen[$merge[$i]] = true;
71 // foreach attribute of the inclusion, copy it over
72 if (!isset($this->info[$merge[$i]])) {
73 continue;
74 }
75 foreach ($this->info[$merge[$i]] as $key => $value) {
76 if (isset($attr[$key])) {
77 continue;
78 } // also catches more inclusions
79 $attr[$key] = $value;
80 }
81 if (isset($this->info[$merge[$i]][0])) {
82 // recursion
83 $merge = array_merge($merge, $this->info[$merge[$i]][0]);
84 }
85 }
86 unset($attr[0]);
87 }
88
89 /**
90 * Expands all string identifiers in an attribute array by replacing
91 * them with the appropriate values inside HTMLPurifier_AttrTypes
92 * @param array &$attr Reference to attribute array
93 * @param HTMLPurifier_AttrTypes $attr_types HTMLPurifier_AttrTypes instance
94 */
95 public function expandIdentifiers(&$attr, $attr_types)
96 {
97 // because foreach will process new elements we add, make sure we
98 // skip duplicates
99 $processed = array();
100
101 foreach ($attr as $def_i => $def) {
102 // skip inclusions
103 if ($def_i === 0) {
104 continue;
105 }
106
107 if (isset($processed[$def_i])) {
108 continue;
109 }
110
111 // determine whether or not attribute is required
112 if ($required = (strpos($def_i, '*') !== false)) {
113 // rename the definition
114 unset($attr[$def_i]);
115 $def_i = trim($def_i, '*');
116 $attr[$def_i] = $def;
117 }
118
119 $processed[$def_i] = true;
120
121 // if we've already got a literal object, move on
122 if (is_object($def)) {
123 // preserve previous required
124 $attr[$def_i]->required = ($required || $attr[$def_i]->required);
125 continue;
126 }
127
128 if ($def === false) {
129 unset($attr[$def_i]);
130 continue;
131 }
132
133 if ($t = $attr_types->get($def)) {
134 $attr[$def_i] = $t;
135 $attr[$def_i]->required = $required;
136 } else {
137 unset($attr[$def_i]);
138 }
139 }
140 }
141}
142
143// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef.php
new file mode 100644
index 00000000..880d8f6d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef.php
@@ -0,0 +1,138 @@
1<?php
2
3/**
4 * Base class for all validating attribute definitions.
5 *
6 * This family of classes forms the core for not only HTML attribute validation,
7 * but also any sort of string that needs to be validated or cleaned (which
8 * means CSS properties and composite definitions are defined here too).
9 * Besides defining (through code) what precisely makes the string valid,
10 * subclasses are also responsible for cleaning the code if possible.
11 */
12
13abstract class HTMLPurifier_AttrDef
14{
15
16 /**
17 * Tells us whether or not an HTML attribute is minimized.
18 * Has no meaning in other contexts.
19 * @type bool
20 */
21 public $minimized = false;
22
23 /**
24 * Tells us whether or not an HTML attribute is required.
25 * Has no meaning in other contexts
26 * @type bool
27 */
28 public $required = false;
29
30 /**
31 * Validates and cleans passed string according to a definition.
32 *
33 * @param string $string String to be validated and cleaned.
34 * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
35 * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.
36 */
37 abstract public function validate($string, $config, $context);
38
39 /**
40 * Convenience method that parses a string as if it were CDATA.
41 *
42 * This method process a string in the manner specified at
43 * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
44 * leading and trailing whitespace, ignoring line feeds, and replacing
45 * carriage returns and tabs with spaces. While most useful for HTML
46 * attributes specified as CDATA, it can also be applied to most CSS
47 * values.
48 *
49 * @note This method is not entirely standards compliant, as trim() removes
50 * more types of whitespace than specified in the spec. In practice,
51 * this is rarely a problem, as those extra characters usually have
52 * already been removed by HTMLPurifier_Encoder.
53 *
54 * @warning This processing is inconsistent with XML's whitespace handling
55 * as specified by section 3.3.3 and referenced XHTML 1.0 section
56 * 4.7. However, note that we are NOT necessarily
57 * parsing XML, thus, this behavior may still be correct. We
58 * assume that newlines have been normalized.
59 */
60 public function parseCDATA($string)
61 {
62 $string = trim($string);
63 $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
64 return $string;
65 }
66
67 /**
68 * Factory method for creating this class from a string.
69 * @param string $string String construction info
70 * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string
71 */
72 public function make($string)
73 {
74 // default implementation, return a flyweight of this object.
75 // If $string has an effect on the returned object (i.e. you
76 // need to overload this method), it is best
77 // to clone or instantiate new copies. (Instantiation is safer.)
78 return $this;
79 }
80
81 /**
82 * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
83 * properly. THIS IS A HACK!
84 * @param string $string a CSS colour definition
85 * @return string
86 */
87 protected function mungeRgb($string)
88 {
89 return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
90 }
91
92 /**
93 * Parses a possibly escaped CSS string and returns the "pure"
94 * version of it.
95 */
96 protected function expandCSSEscape($string)
97 {
98 // flexibly parse it
99 $ret = '';
100 for ($i = 0, $c = strlen($string); $i < $c; $i++) {
101 if ($string[$i] === '\\') {
102 $i++;
103 if ($i >= $c) {
104 $ret .= '\\';
105 break;
106 }
107 if (ctype_xdigit($string[$i])) {
108 $code = $string[$i];
109 for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
110 if (!ctype_xdigit($string[$i])) {
111 break;
112 }
113 $code .= $string[$i];
114 }
115 // We have to be extremely careful when adding
116 // new characters, to make sure we're not breaking
117 // the encoding.
118 $char = HTMLPurifier_Encoder::unichr(hexdec($code));
119 if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
120 continue;
121 }
122 $ret .= $char;
123 if ($i < $c && trim($string[$i]) !== '') {
124 $i--;
125 }
126 continue;
127 }
128 if ($string[$i] === "\n") {
129 continue;
130 }
131 }
132 $ret .= $string[$i];
133 }
134 return $ret;
135 }
136}
137
138// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
new file mode 100644
index 00000000..81afcf96
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
@@ -0,0 +1,106 @@
1<?php
2
3/**
4 * Validates the HTML attribute style, otherwise known as CSS.
5 * @note We don't implement the whole CSS specification, so it might be
6 * difficult to reuse this component in the context of validating
7 * actual stylesheet declarations.
8 * @note If we were really serious about validating the CSS, we would
9 * tokenize the styles and then parse the tokens. Obviously, we
10 * are not doing that. Doing that could seriously harm performance,
11 * but would make these components a lot more viable for a CSS
12 * filtering solution.
13 */
14class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
15{
16
17 /**
18 * @param string $css
19 * @param HTMLPurifier_Config $config
20 * @param HTMLPurifier_Context $context
21 * @return bool|string
22 */
23 public function validate($css, $config, $context)
24 {
25 $css = $this->parseCDATA($css);
26
27 $definition = $config->getCSSDefinition();
28
29 // we're going to break the spec and explode by semicolons.
30 // This is because semicolon rarely appears in escaped form
31 // Doing this is generally flaky but fast
32 // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
33 // for details
34
35 $declarations = explode(';', $css);
36 $propvalues = array();
37
38 /**
39 * Name of the current CSS property being validated.
40 */
41 $property = false;
42 $context->register('CurrentCSSProperty', $property);
43
44 foreach ($declarations as $declaration) {
45 if (!$declaration) {
46 continue;
47 }
48 if (!strpos($declaration, ':')) {
49 continue;
50 }
51 list($property, $value) = explode(':', $declaration, 2);
52 $property = trim($property);
53 $value = trim($value);
54 $ok = false;
55 do {
56 if (isset($definition->info[$property])) {
57 $ok = true;
58 break;
59 }
60 if (ctype_lower($property)) {
61 break;
62 }
63 $property = strtolower($property);
64 if (isset($definition->info[$property])) {
65 $ok = true;
66 break;
67 }
68 } while (0);
69 if (!$ok) {
70 continue;
71 }
72 // inefficient call, since the validator will do this again
73 if (strtolower(trim($value)) !== 'inherit') {
74 // inherit works for everything (but only on the base property)
75 $result = $definition->info[$property]->validate(
76 $value,
77 $config,
78 $context
79 );
80 } else {
81 $result = 'inherit';
82 }
83 if ($result === false) {
84 continue;
85 }
86 $propvalues[$property] = $result;
87 }
88
89 $context->destroy('CurrentCSSProperty');
90
91 // procedure does not write the new CSS simultaneously, so it's
92 // slightly inefficient, but it's the only way of getting rid of
93 // duplicates. Perhaps config to optimize it, but not now.
94
95 $new_declarations = '';
96 foreach ($propvalues as $prop => $value) {
97 $new_declarations .= "$prop:$value;";
98 }
99
100 return $new_declarations ? $new_declarations : false;
101
102 }
103
104}
105
106// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
new file mode 100644
index 00000000..1a30e8fe
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
@@ -0,0 +1,34 @@
1<?php
2
3class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
4{
5
6 public function __construct()
7 {
8 parent::__construct(false); // opacity is non-negative, but we will clamp it
9 }
10
11 /**
12 * @param string $number
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return string
16 */
17 public function validate($number, $config, $context)
18 {
19 $result = parent::validate($number, $config, $context);
20 if ($result === false) {
21 return $result;
22 }
23 $float = (float)$result;
24 if ($float < 0.0) {
25 $result = '0';
26 }
27 if ($float > 1.0) {
28 $result = '1';
29 }
30 return $result;
31 }
32}
33
34// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
new file mode 100644
index 00000000..ecd6e276
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
@@ -0,0 +1,111 @@
1<?php
2
3/**
4 * Validates shorthand CSS property background.
5 * @warning Does not support url tokens that have internal spaces.
6 */
7class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
8{
9
10 /**
11 * Local copy of component validators.
12 * @type HTMLPurifier_AttrDef[]
13 * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
14 */
15 protected $info;
16
17 /**
18 * @param HTMLPurifier_Config $config
19 */
20 public function __construct($config)
21 {
22 $def = $config->getCSSDefinition();
23 $this->info['background-color'] = $def->info['background-color'];
24 $this->info['background-image'] = $def->info['background-image'];
25 $this->info['background-repeat'] = $def->info['background-repeat'];
26 $this->info['background-attachment'] = $def->info['background-attachment'];
27 $this->info['background-position'] = $def->info['background-position'];
28 }
29
30 /**
31 * @param string $string
32 * @param HTMLPurifier_Config $config
33 * @param HTMLPurifier_Context $context
34 * @return bool|string
35 */
36 public function validate($string, $config, $context)
37 {
38 // regular pre-processing
39 $string = $this->parseCDATA($string);
40 if ($string === '') {
41 return false;
42 }
43
44 // munge rgb() decl if necessary
45 $string = $this->mungeRgb($string);
46
47 // assumes URI doesn't have spaces in it
48 $bits = explode(' ', $string); // bits to process
49
50 $caught = array();
51 $caught['color'] = false;
52 $caught['image'] = false;
53 $caught['repeat'] = false;
54 $caught['attachment'] = false;
55 $caught['position'] = false;
56
57 $i = 0; // number of catches
58
59 foreach ($bits as $bit) {
60 if ($bit === '') {
61 continue;
62 }
63 foreach ($caught as $key => $status) {
64 if ($key != 'position') {
65 if ($status !== false) {
66 continue;
67 }
68 $r = $this->info['background-' . $key]->validate($bit, $config, $context);
69 } else {
70 $r = $bit;
71 }
72 if ($r === false) {
73 continue;
74 }
75 if ($key == 'position') {
76 if ($caught[$key] === false) {
77 $caught[$key] = '';
78 }
79 $caught[$key] .= $r . ' ';
80 } else {
81 $caught[$key] = $r;
82 }
83 $i++;
84 break;
85 }
86 }
87
88 if (!$i) {
89 return false;
90 }
91 if ($caught['position'] !== false) {
92 $caught['position'] = $this->info['background-position']->
93 validate($caught['position'], $config, $context);
94 }
95
96 $ret = array();
97 foreach ($caught as $value) {
98 if ($value === false) {
99 continue;
100 }
101 $ret[] = $value;
102 }
103
104 if (empty($ret)) {
105 return false;
106 }
107 return implode(' ', $ret);
108 }
109}
110
111// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
new file mode 100644
index 00000000..f95de5bb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
@@ -0,0 +1,157 @@
1<?php
2
3/* W3C says:
4 [ // adjective and number must be in correct order, even if
5 // you could switch them without introducing ambiguity.
6 // some browsers support that syntax
7 [
8 <percentage> | <length> | left | center | right
9 ]
10 [
11 <percentage> | <length> | top | center | bottom
12 ]?
13 ] |
14 [ // this signifies that the vertical and horizontal adjectives
15 // can be arbitrarily ordered, however, there can only be two,
16 // one of each, or none at all
17 [
18 left | center | right
19 ] ||
20 [
21 top | center | bottom
22 ]
23 ]
24 top, left = 0%
25 center, (none) = 50%
26 bottom, right = 100%
27*/
28
29/* QuirksMode says:
30 keyword + length/percentage must be ordered correctly, as per W3C
31
32 Internet Explorer and Opera, however, support arbitrary ordering. We
33 should fix it up.
34
35 Minor issue though, not strictly necessary.
36*/
37
38// control freaks may appreciate the ability to convert these to
39// percentages or something, but it's not necessary
40
41/**
42 * Validates the value of background-position.
43 */
44class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
45{
46
47 /**
48 * @type HTMLPurifier_AttrDef_CSS_Length
49 */
50 protected $length;
51
52 /**
53 * @type HTMLPurifier_AttrDef_CSS_Percentage
54 */
55 protected $percentage;
56
57 public function __construct()
58 {
59 $this->length = new HTMLPurifier_AttrDef_CSS_Length();
60 $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
61 }
62
63 /**
64 * @param string $string
65 * @param HTMLPurifier_Config $config
66 * @param HTMLPurifier_Context $context
67 * @return bool|string
68 */
69 public function validate($string, $config, $context)
70 {
71 $string = $this->parseCDATA($string);
72 $bits = explode(' ', $string);
73
74 $keywords = array();
75 $keywords['h'] = false; // left, right
76 $keywords['v'] = false; // top, bottom
77 $keywords['ch'] = false; // center (first word)
78 $keywords['cv'] = false; // center (second word)
79 $measures = array();
80
81 $i = 0;
82
83 $lookup = array(
84 'top' => 'v',
85 'bottom' => 'v',
86 'left' => 'h',
87 'right' => 'h',
88 'center' => 'c'
89 );
90
91 foreach ($bits as $bit) {
92 if ($bit === '') {
93 continue;
94 }
95
96 // test for keyword
97 $lbit = ctype_lower($bit) ? $bit : strtolower($bit);
98 if (isset($lookup[$lbit])) {
99 $status = $lookup[$lbit];
100 if ($status == 'c') {
101 if ($i == 0) {
102 $status = 'ch';
103 } else {
104 $status = 'cv';
105 }
106 }
107 $keywords[$status] = $lbit;
108 $i++;
109 }
110
111 // test for length
112 $r = $this->length->validate($bit, $config, $context);
113 if ($r !== false) {
114 $measures[] = $r;
115 $i++;
116 }
117
118 // test for percentage
119 $r = $this->percentage->validate($bit, $config, $context);
120 if ($r !== false) {
121 $measures[] = $r;
122 $i++;
123 }
124 }
125
126 if (!$i) {
127 return false;
128 } // no valid values were caught
129
130 $ret = array();
131
132 // first keyword
133 if ($keywords['h']) {
134 $ret[] = $keywords['h'];
135 } elseif ($keywords['ch']) {
136 $ret[] = $keywords['ch'];
137 $keywords['cv'] = false; // prevent re-use: center = center center
138 } elseif (count($measures)) {
139 $ret[] = array_shift($measures);
140 }
141
142 if ($keywords['v']) {
143 $ret[] = $keywords['v'];
144 } elseif ($keywords['cv']) {
145 $ret[] = $keywords['cv'];
146 } elseif (count($measures)) {
147 $ret[] = array_shift($measures);
148 }
149
150 if (empty($ret)) {
151 return false;
152 }
153 return implode(' ', $ret);
154 }
155}
156
157// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
new file mode 100644
index 00000000..bd310ff2
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Validates the border property as defined by CSS.
5 */
6class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * Local copy of properties this property is shorthand for.
11 * @type HTMLPurifier_AttrDef[]
12 */
13 protected $info = array();
14
15 /**
16 * @param HTMLPurifier_Config $config
17 */
18 public function __construct($config)
19 {
20 $def = $config->getCSSDefinition();
21 $this->info['border-width'] = $def->info['border-width'];
22 $this->info['border-style'] = $def->info['border-style'];
23 $this->info['border-top-color'] = $def->info['border-top-color'];
24 }
25
26 /**
27 * @param string $string
28 * @param HTMLPurifier_Config $config
29 * @param HTMLPurifier_Context $context
30 * @return bool|string
31 */
32 public function validate($string, $config, $context)
33 {
34 $string = $this->parseCDATA($string);
35 $string = $this->mungeRgb($string);
36 $bits = explode(' ', $string);
37 $done = array(); // segments we've finished
38 $ret = ''; // return value
39 foreach ($bits as $bit) {
40 foreach ($this->info as $propname => $validator) {
41 if (isset($done[$propname])) {
42 continue;
43 }
44 $r = $validator->validate($bit, $config, $context);
45 if ($r !== false) {
46 $ret .= $r . ' ';
47 $done[$propname] = true;
48 break;
49 }
50 }
51 }
52 return rtrim($ret);
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
new file mode 100644
index 00000000..e553c65e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
@@ -0,0 +1,105 @@
1<?php
2
3/**
4 * Validates Color as defined by CSS.
5 */
6class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @param string $color
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return bool|string
14 */
15 public function validate($color, $config, $context)
16 {
17 static $colors = null;
18 if ($colors === null) {
19 $colors = $config->get('Core.ColorKeywords');
20 }
21
22 $color = trim($color);
23 if ($color === '') {
24 return false;
25 }
26
27 $lower = strtolower($color);
28 if (isset($colors[$lower])) {
29 return $colors[$lower];
30 }
31
32 if (strpos($color, 'rgb(') !== false) {
33 // rgb literal handling
34 $length = strlen($color);
35 if (strpos($color, ')') !== $length - 1) {
36 return false;
37 }
38 $triad = substr($color, 4, $length - 4 - 1);
39 $parts = explode(',', $triad);
40 if (count($parts) !== 3) {
41 return false;
42 }
43 $type = false; // to ensure that they're all the same type
44 $new_parts = array();
45 foreach ($parts as $part) {
46 $part = trim($part);
47 if ($part === '') {
48 return false;
49 }
50 $length = strlen($part);
51 if ($part[$length - 1] === '%') {
52 // handle percents
53 if (!$type) {
54 $type = 'percentage';
55 } elseif ($type !== 'percentage') {
56 return false;
57 }
58 $num = (float)substr($part, 0, $length - 1);
59 if ($num < 0) {
60 $num = 0;
61 }
62 if ($num > 100) {
63 $num = 100;
64 }
65 $new_parts[] = "$num%";
66 } else {
67 // handle integers
68 if (!$type) {
69 $type = 'integer';
70 } elseif ($type !== 'integer') {
71 return false;
72 }
73 $num = (int)$part;
74 if ($num < 0) {
75 $num = 0;
76 }
77 if ($num > 255) {
78 $num = 255;
79 }
80 $new_parts[] = (string)$num;
81 }
82 }
83 $new_triad = implode(',', $new_parts);
84 $color = "rgb($new_triad)";
85 } else {
86 // hexadecimal handling
87 if ($color[0] === '#') {
88 $hex = substr($color, 1);
89 } else {
90 $hex = $color;
91 $color = '#' . $color;
92 }
93 $length = strlen($hex);
94 if ($length !== 3 && $length !== 6) {
95 return false;
96 }
97 if (!ctype_xdigit($hex)) {
98 return false;
99 }
100 }
101 return $color;
102 }
103}
104
105// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
new file mode 100644
index 00000000..38900232
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
@@ -0,0 +1,48 @@
1<?php
2
3/**
4 * Allows multiple validators to attempt to validate attribute.
5 *
6 * Composite is just what it sounds like: a composite of many validators.
7 * This means that multiple HTMLPurifier_AttrDef objects will have a whack
8 * at the string. If one of them passes, that's what is returned. This is
9 * especially useful for CSS values, which often are a choice between
10 * an enumerated set of predefined values or a flexible data type.
11 */
12class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
13{
14
15 /**
16 * List of objects that may process strings.
17 * @type HTMLPurifier_AttrDef[]
18 * @todo Make protected
19 */
20 public $defs;
21
22 /**
23 * @param HTMLPurifier_AttrDef[] $defs List of HTMLPurifier_AttrDef objects
24 */
25 public function __construct($defs)
26 {
27 $this->defs = $defs;
28 }
29
30 /**
31 * @param string $string
32 * @param HTMLPurifier_Config $config
33 * @param HTMLPurifier_Context $context
34 * @return bool|string
35 */
36 public function validate($string, $config, $context)
37 {
38 foreach ($this->defs as $i => $def) {
39 $result = $this->defs[$i]->validate($string, $config, $context);
40 if ($result !== false) {
41 return $result;
42 }
43 }
44 return false;
45 }
46}
47
48// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
new file mode 100644
index 00000000..ff0d897e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
@@ -0,0 +1,44 @@
1<?php
2
3/**
4 * Decorator which enables CSS properties to be disabled for specific elements.
5 */
6class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
7{
8 /**
9 * @type HTMLPurifier_AttrDef
10 */
11 public $def;
12 /**
13 * @type string
14 */
15 public $element;
16
17 /**
18 * @param HTMLPurifier_AttrDef $def Definition to wrap
19 * @param string $element Element to deny
20 */
21 public function __construct($def, $element)
22 {
23 $this->def = $def;
24 $this->element = $element;
25 }
26
27 /**
28 * Checks if CurrentToken is set and equal to $this->element
29 * @param string $string
30 * @param HTMLPurifier_Config $config
31 * @param HTMLPurifier_Context $context
32 * @return bool|string
33 */
34 public function validate($string, $config, $context)
35 {
36 $token = $context->get('CurrentToken', true);
37 if ($token && $token->name == $this->element) {
38 return false;
39 }
40 return $this->def->validate($string, $config, $context);
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
new file mode 100644
index 00000000..019722a4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
@@ -0,0 +1,77 @@
1<?php
2
3/**
4 * Microsoft's proprietary filter: CSS property
5 * @note Currently supports the alpha filter. In the future, this will
6 * probably need an extensible framework
7 */
8class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
9{
10 /**
11 * @type HTMLPurifier_AttrDef_Integer
12 */
13 protected $intValidator;
14
15 public function __construct()
16 {
17 $this->intValidator = new HTMLPurifier_AttrDef_Integer();
18 }
19
20 /**
21 * @param string $value
22 * @param HTMLPurifier_Config $config
23 * @param HTMLPurifier_Context $context
24 * @return bool|string
25 */
26 public function validate($value, $config, $context)
27 {
28 $value = $this->parseCDATA($value);
29 if ($value === 'none') {
30 return $value;
31 }
32 // if we looped this we could support multiple filters
33 $function_length = strcspn($value, '(');
34 $function = trim(substr($value, 0, $function_length));
35 if ($function !== 'alpha' &&
36 $function !== 'Alpha' &&
37 $function !== 'progid:DXImageTransform.Microsoft.Alpha'
38 ) {
39 return false;
40 }
41 $cursor = $function_length + 1;
42 $parameters_length = strcspn($value, ')', $cursor);
43 $parameters = substr($value, $cursor, $parameters_length);
44 $params = explode(',', $parameters);
45 $ret_params = array();
46 $lookup = array();
47 foreach ($params as $param) {
48 list($key, $value) = explode('=', $param);
49 $key = trim($key);
50 $value = trim($value);
51 if (isset($lookup[$key])) {
52 continue;
53 }
54 if ($key !== 'opacity') {
55 continue;
56 }
57 $value = $this->intValidator->validate($value, $config, $context);
58 if ($value === false) {
59 continue;
60 }
61 $int = (int)$value;
62 if ($int > 100) {
63 $value = '100';
64 }
65 if ($int < 0) {
66 $value = '0';
67 }
68 $ret_params[] = "$key=$value";
69 $lookup[$key] = true;
70 }
71 $ret_parameters = implode(',', $ret_params);
72 $ret_function = "$function($ret_parameters)";
73 return $ret_function;
74 }
75}
76
77// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
new file mode 100644
index 00000000..b9b63f8e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
@@ -0,0 +1,176 @@
1<?php
2
3/**
4 * Validates shorthand CSS property font.
5 */
6class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * Local copy of validators
11 * @type HTMLPurifier_AttrDef[]
12 * @note If we moved specific CSS property definitions to their own
13 * classes instead of having them be assembled at run time by
14 * CSSDefinition, this wouldn't be necessary. We'd instantiate
15 * our own copies.
16 */
17 protected $info = array();
18
19 /**
20 * @param HTMLPurifier_Config $config
21 */
22 public function __construct($config)
23 {
24 $def = $config->getCSSDefinition();
25 $this->info['font-style'] = $def->info['font-style'];
26 $this->info['font-variant'] = $def->info['font-variant'];
27 $this->info['font-weight'] = $def->info['font-weight'];
28 $this->info['font-size'] = $def->info['font-size'];
29 $this->info['line-height'] = $def->info['line-height'];
30 $this->info['font-family'] = $def->info['font-family'];
31 }
32
33 /**
34 * @param string $string
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return bool|string
38 */
39 public function validate($string, $config, $context)
40 {
41 static $system_fonts = array(
42 'caption' => true,
43 'icon' => true,
44 'menu' => true,
45 'message-box' => true,
46 'small-caption' => true,
47 'status-bar' => true
48 );
49
50 // regular pre-processing
51 $string = $this->parseCDATA($string);
52 if ($string === '') {
53 return false;
54 }
55
56 // check if it's one of the keywords
57 $lowercase_string = strtolower($string);
58 if (isset($system_fonts[$lowercase_string])) {
59 return $lowercase_string;
60 }
61
62 $bits = explode(' ', $string); // bits to process
63 $stage = 0; // this indicates what we're looking for
64 $caught = array(); // which stage 0 properties have we caught?
65 $stage_1 = array('font-style', 'font-variant', 'font-weight');
66 $final = ''; // output
67
68 for ($i = 0, $size = count($bits); $i < $size; $i++) {
69 if ($bits[$i] === '') {
70 continue;
71 }
72 switch ($stage) {
73 case 0: // attempting to catch font-style, font-variant or font-weight
74 foreach ($stage_1 as $validator_name) {
75 if (isset($caught[$validator_name])) {
76 continue;
77 }
78 $r = $this->info[$validator_name]->validate(
79 $bits[$i],
80 $config,
81 $context
82 );
83 if ($r !== false) {
84 $final .= $r . ' ';
85 $caught[$validator_name] = true;
86 break;
87 }
88 }
89 // all three caught, continue on
90 if (count($caught) >= 3) {
91 $stage = 1;
92 }
93 if ($r !== false) {
94 break;
95 }
96 case 1: // attempting to catch font-size and perhaps line-height
97 $found_slash = false;
98 if (strpos($bits[$i], '/') !== false) {
99 list($font_size, $line_height) =
100 explode('/', $bits[$i]);
101 if ($line_height === '') {
102 // ooh, there's a space after the slash!
103 $line_height = false;
104 $found_slash = true;
105 }
106 } else {
107 $font_size = $bits[$i];
108 $line_height = false;
109 }
110 $r = $this->info['font-size']->validate(
111 $font_size,
112 $config,
113 $context
114 );
115 if ($r !== false) {
116 $final .= $r;
117 // attempt to catch line-height
118 if ($line_height === false) {
119 // we need to scroll forward
120 for ($j = $i + 1; $j < $size; $j++) {
121 if ($bits[$j] === '') {
122 continue;
123 }
124 if ($bits[$j] === '/') {
125 if ($found_slash) {
126 return false;
127 } else {
128 $found_slash = true;
129 continue;
130 }
131 }
132 $line_height = $bits[$j];
133 break;
134 }
135 } else {
136 // slash already found
137 $found_slash = true;
138 $j = $i;
139 }
140 if ($found_slash) {
141 $i = $j;
142 $r = $this->info['line-height']->validate(
143 $line_height,
144 $config,
145 $context
146 );
147 if ($r !== false) {
148 $final .= '/' . $r;
149 }
150 }
151 $final .= ' ';
152 $stage = 2;
153 break;
154 }
155 return false;
156 case 2: // attempting to catch font-family
157 $font_family =
158 implode(' ', array_slice($bits, $i, $size - $i));
159 $r = $this->info['font-family']->validate(
160 $font_family,
161 $config,
162 $context
163 );
164 if ($r !== false) {
165 $final .= $r . ' ';
166 // processing completed successfully
167 return rtrim($final);
168 }
169 return false;
170 }
171 }
172 return false;
173 }
174}
175
176// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
new file mode 100644
index 00000000..f9af36d7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
@@ -0,0 +1,219 @@
1<?php
2
3/**
4 * Validates a font family list according to CSS spec
5 */
6class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
7{
8
9 protected $mask = null;
10
11 public function __construct()
12 {
13 $this->mask = '_- ';
14 for ($c = 'a'; $c <= 'z'; $c++) {
15 $this->mask .= $c;
16 }
17 for ($c = 'A'; $c <= 'Z'; $c++) {
18 $this->mask .= $c;
19 }
20 for ($c = '0'; $c <= '9'; $c++) {
21 $this->mask .= $c;
22 } // cast-y, but should be fine
23 // special bytes used by UTF-8
24 for ($i = 0x80; $i <= 0xFF; $i++) {
25 // We don't bother excluding invalid bytes in this range,
26 // because the our restriction of well-formed UTF-8 will
27 // prevent these from ever occurring.
28 $this->mask .= chr($i);
29 }
30
31 /*
32 PHP's internal strcspn implementation is
33 O(length of string * length of mask), making it inefficient
34 for large masks. However, it's still faster than
35 preg_match 8)
36 for (p = s1;;) {
37 spanp = s2;
38 do {
39 if (*spanp == c || p == s1_end) {
40 return p - s1;
41 }
42 } while (spanp++ < (s2_end - 1));
43 c = *++p;
44 }
45 */
46 // possible optimization: invert the mask.
47 }
48
49 /**
50 * @param string $string
51 * @param HTMLPurifier_Config $config
52 * @param HTMLPurifier_Context $context
53 * @return bool|string
54 */
55 public function validate($string, $config, $context)
56 {
57 static $generic_names = array(
58 'serif' => true,
59 'sans-serif' => true,
60 'monospace' => true,
61 'fantasy' => true,
62 'cursive' => true
63 );
64 $allowed_fonts = $config->get('CSS.AllowedFonts');
65
66 // assume that no font names contain commas in them
67 $fonts = explode(',', $string);
68 $final = '';
69 foreach ($fonts as $font) {
70 $font = trim($font);
71 if ($font === '') {
72 continue;
73 }
74 // match a generic name
75 if (isset($generic_names[$font])) {
76 if ($allowed_fonts === null || isset($allowed_fonts[$font])) {
77 $final .= $font . ', ';
78 }
79 continue;
80 }
81 // match a quoted name
82 if ($font[0] === '"' || $font[0] === "'") {
83 $length = strlen($font);
84 if ($length <= 2) {
85 continue;
86 }
87 $quote = $font[0];
88 if ($font[$length - 1] !== $quote) {
89 continue;
90 }
91 $font = substr($font, 1, $length - 2);
92 }
93
94 $font = $this->expandCSSEscape($font);
95
96 // $font is a pure representation of the font name
97
98 if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) {
99 continue;
100 }
101
102 if (ctype_alnum($font) && $font !== '') {
103 // very simple font, allow it in unharmed
104 $final .= $font . ', ';
105 continue;
106 }
107
108 // bugger out on whitespace. form feed (0C) really
109 // shouldn't show up regardless
110 $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font);
111
112 // Here, there are various classes of characters which need
113 // to be treated differently:
114 // - Alphanumeric characters are essentially safe. We
115 // handled these above.
116 // - Spaces require quoting, though most parsers will do
117 // the right thing if there aren't any characters that
118 // can be misinterpreted
119 // - Dashes rarely occur, but they fairly unproblematic
120 // for parsing/rendering purposes.
121 // The above characters cover the majority of Western font
122 // names.
123 // - Arbitrary Unicode characters not in ASCII. Because
124 // most parsers give little thought to Unicode, treatment
125 // of these codepoints is basically uniform, even for
126 // punctuation-like codepoints. These characters can
127 // show up in non-Western pages and are supported by most
128 // major browsers, for example: "MS 明朝" is a
129 // legitimate font-name
130 // <http://ja.wikipedia.org/wiki/MS_明朝>. See
131 // the CSS3 spec for more examples:
132 // <http://www.w3.org/TR/2011/WD-css3-fonts-20110324/localizedfamilynames.png>
133 // You can see live samples of these on the Internet:
134 // <http://www.google.co.jp/search?q=font-family+MS+明朝|ゴシック>
135 // However, most of these fonts have ASCII equivalents:
136 // for example, 'MS Mincho', and it's considered
137 // professional to use ASCII font names instead of
138 // Unicode font names. Thanks Takeshi Terada for
139 // providing this information.
140 // The following characters, to my knowledge, have not been
141 // used to name font names.
142 // - Single quote. While theoretically you might find a
143 // font name that has a single quote in its name (serving
144 // as an apostrophe, e.g. Dave's Scribble), I haven't
145 // been able to find any actual examples of this.
146 // Internet Explorer's cssText translation (which I
147 // believe is invoked by innerHTML) normalizes any
148 // quoting to single quotes, and fails to escape single
149 // quotes. (Note that this is not IE's behavior for all
150 // CSS properties, just some sort of special casing for
151 // font-family). So a single quote *cannot* be used
152 // safely in the font-family context if there will be an
153 // innerHTML/cssText translation. Note that Firefox 3.x
154 // does this too.
155 // - Double quote. In IE, these get normalized to
156 // single-quotes, no matter what the encoding. (Fun
157 // fact, in IE8, the 'content' CSS property gained
158 // support, where they special cased to preserve encoded
159 // double quotes, but still translate unadorned double
160 // quotes into single quotes.) So, because their
161 // fixpoint behavior is identical to single quotes, they
162 // cannot be allowed either. Firefox 3.x displays
163 // single-quote style behavior.
164 // - Backslashes are reduced by one (so \\ -> \) every
165 // iteration, so they cannot be used safely. This shows
166 // up in IE7, IE8 and FF3
167 // - Semicolons, commas and backticks are handled properly.
168 // - The rest of the ASCII punctuation is handled properly.
169 // We haven't checked what browsers do to unadorned
170 // versions, but this is not important as long as the
171 // browser doesn't /remove/ surrounding quotes (as IE does
172 // for HTML).
173 //
174 // With these results in hand, we conclude that there are
175 // various levels of safety:
176 // - Paranoid: alphanumeric, spaces and dashes(?)
177 // - International: Paranoid + non-ASCII Unicode
178 // - Edgy: Everything except quotes, backslashes
179 // - NoJS: Standards compliance, e.g. sod IE. Note that
180 // with some judicious character escaping (since certain
181 // types of escaping doesn't work) this is theoretically
182 // OK as long as innerHTML/cssText is not called.
183 // We believe that international is a reasonable default
184 // (that we will implement now), and once we do more
185 // extensive research, we may feel comfortable with dropping
186 // it down to edgy.
187
188 // Edgy: alphanumeric, spaces, dashes, underscores and Unicode. Use of
189 // str(c)spn assumes that the string was already well formed
190 // Unicode (which of course it is).
191 if (strspn($font, $this->mask) !== strlen($font)) {
192 continue;
193 }
194
195 // Historical:
196 // In the absence of innerHTML/cssText, these ugly
197 // transforms don't pose a security risk (as \\ and \"
198 // might--these escapes are not supported by most browsers).
199 // We could try to be clever and use single-quote wrapping
200 // when there is a double quote present, but I have choosen
201 // not to implement that. (NOTE: you can reduce the amount
202 // of escapes by one depending on what quoting style you use)
203 // $font = str_replace('\\', '\\5C ', $font);
204 // $font = str_replace('"', '\\22 ', $font);
205 // $font = str_replace("'", '\\27 ', $font);
206
207 // font possibly with spaces, requires quoting
208 $final .= "'$font', ";
209 }
210 $final = rtrim($final, ', ');
211 if ($final === '') {
212 return false;
213 }
214 return $final;
215 }
216
217}
218
219// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
new file mode 100644
index 00000000..5f13edfd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ident.php
@@ -0,0 +1,32 @@
1<?php
2
3/**
4 * Validates based on {ident} CSS grammar production
5 */
6class HTMLPurifier_AttrDef_CSS_Ident extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @param string $string
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return bool|string
14 */
15 public function validate($string, $config, $context)
16 {
17 $string = trim($string);
18
19 // early abort: '' and '0' (strings that convert to false) are invalid
20 if (!$string) {
21 return false;
22 }
23
24 $pattern = '/^(-?[A-Za-z_][A-Za-z_\-0-9]*)$/';
25 if (!preg_match($pattern, $string)) {
26 return false;
27 }
28 return $string;
29 }
30}
31
32// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
new file mode 100644
index 00000000..f4848494
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Decorator which enables !important to be used in CSS values.
5 */
6class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
7{
8 /**
9 * @type HTMLPurifier_AttrDef
10 */
11 public $def;
12 /**
13 * @type bool
14 */
15 public $allow;
16
17 /**
18 * @param HTMLPurifier_AttrDef $def Definition to wrap
19 * @param bool $allow Whether or not to allow !important
20 */
21 public function __construct($def, $allow = false)
22 {
23 $this->def = $def;
24 $this->allow = $allow;
25 }
26
27 /**
28 * Intercepts and removes !important if necessary
29 * @param string $string
30 * @param HTMLPurifier_Config $config
31 * @param HTMLPurifier_Context $context
32 * @return bool|string
33 */
34 public function validate($string, $config, $context)
35 {
36 // test for ! and important tokens
37 $string = trim($string);
38 $is_important = false;
39 // :TODO: optimization: test directly for !important and ! important
40 if (strlen($string) >= 9 && substr($string, -9) === 'important') {
41 $temp = rtrim(substr($string, 0, -9));
42 // use a temp, because we might want to restore important
43 if (strlen($temp) >= 1 && substr($temp, -1) === '!') {
44 $string = rtrim(substr($temp, 0, -1));
45 $is_important = true;
46 }
47 }
48 $string = $this->def->validate($string, $config, $context);
49 if ($this->allow && $is_important) {
50 $string .= ' !important';
51 }
52 return $string;
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
new file mode 100644
index 00000000..88da41d9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
@@ -0,0 +1,77 @@
1<?php
2
3/**
4 * Represents a Length as defined by CSS.
5 */
6class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @type HTMLPurifier_Length|string
11 */
12 protected $min;
13
14 /**
15 * @type HTMLPurifier_Length|string
16 */
17 protected $max;
18
19 /**
20 * @param HTMLPurifier_Length|string $min Minimum length, or null for no bound. String is also acceptable.
21 * @param HTMLPurifier_Length|string $max Maximum length, or null for no bound. String is also acceptable.
22 */
23 public function __construct($min = null, $max = null)
24 {
25 $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
26 $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
27 }
28
29 /**
30 * @param string $string
31 * @param HTMLPurifier_Config $config
32 * @param HTMLPurifier_Context $context
33 * @return bool|string
34 */
35 public function validate($string, $config, $context)
36 {
37 $string = $this->parseCDATA($string);
38
39 // Optimizations
40 if ($string === '') {
41 return false;
42 }
43 if ($string === '0') {
44 return '0';
45 }
46 if (strlen($string) === 1) {
47 return false;
48 }
49
50 $length = HTMLPurifier_Length::make($string);
51 if (!$length->isValid()) {
52 return false;
53 }
54
55 if ($this->min) {
56 $c = $length->compareTo($this->min);
57 if ($c === false) {
58 return false;
59 }
60 if ($c < 0) {
61 return false;
62 }
63 }
64 if ($this->max) {
65 $c = $length->compareTo($this->max);
66 if ($c === false) {
67 return false;
68 }
69 if ($c > 0) {
70 return false;
71 }
72 }
73 return $length->toString();
74 }
75}
76
77// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
new file mode 100644
index 00000000..b4cce9a9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
@@ -0,0 +1,112 @@
1<?php
2
3/**
4 * Validates shorthand CSS property list-style.
5 * @warning Does not support url tokens that have internal spaces.
6 */
7class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
8{
9
10 /**
11 * Local copy of validators.
12 * @type HTMLPurifier_AttrDef[]
13 * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
14 */
15 protected $info;
16
17 /**
18 * @param HTMLPurifier_Config $config
19 */
20 public function __construct($config)
21 {
22 $def = $config->getCSSDefinition();
23 $this->info['list-style-type'] = $def->info['list-style-type'];
24 $this->info['list-style-position'] = $def->info['list-style-position'];
25 $this->info['list-style-image'] = $def->info['list-style-image'];
26 }
27
28 /**
29 * @param string $string
30 * @param HTMLPurifier_Config $config
31 * @param HTMLPurifier_Context $context
32 * @return bool|string
33 */
34 public function validate($string, $config, $context)
35 {
36 // regular pre-processing
37 $string = $this->parseCDATA($string);
38 if ($string === '') {
39 return false;
40 }
41
42 // assumes URI doesn't have spaces in it
43 $bits = explode(' ', strtolower($string)); // bits to process
44
45 $caught = array();
46 $caught['type'] = false;
47 $caught['position'] = false;
48 $caught['image'] = false;
49
50 $i = 0; // number of catches
51 $none = false;
52
53 foreach ($bits as $bit) {
54 if ($i >= 3) {
55 return;
56 } // optimization bit
57 if ($bit === '') {
58 continue;
59 }
60 foreach ($caught as $key => $status) {
61 if ($status !== false) {
62 continue;
63 }
64 $r = $this->info['list-style-' . $key]->validate($bit, $config, $context);
65 if ($r === false) {
66 continue;
67 }
68 if ($r === 'none') {
69 if ($none) {
70 continue;
71 } else {
72 $none = true;
73 }
74 if ($key == 'image') {
75 continue;
76 }
77 }
78 $caught[$key] = $r;
79 $i++;
80 break;
81 }
82 }
83
84 if (!$i) {
85 return false;
86 }
87
88 $ret = array();
89
90 // construct type
91 if ($caught['type']) {
92 $ret[] = $caught['type'];
93 }
94
95 // construct image
96 if ($caught['image']) {
97 $ret[] = $caught['image'];
98 }
99
100 // construct position
101 if ($caught['position']) {
102 $ret[] = $caught['position'];
103 }
104
105 if (empty($ret)) {
106 return false;
107 }
108 return implode(' ', $ret);
109 }
110}
111
112// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
new file mode 100644
index 00000000..73d586f2
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
@@ -0,0 +1,71 @@
1<?php
2
3/**
4 * Framework class for strings that involve multiple values.
5 *
6 * Certain CSS properties such as border-width and margin allow multiple
7 * lengths to be specified. This class can take a vanilla border-width
8 * definition and multiply it, usually into a max of four.
9 *
10 * @note Even though the CSS specification isn't clear about it, inherit
11 * can only be used alone: it will never manifest as part of a multi
12 * shorthand declaration. Thus, this class does not allow inherit.
13 */
14class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
15{
16 /**
17 * Instance of component definition to defer validation to.
18 * @type HTMLPurifier_AttrDef
19 * @todo Make protected
20 */
21 public $single;
22
23 /**
24 * Max number of values allowed.
25 * @todo Make protected
26 */
27 public $max;
28
29 /**
30 * @param HTMLPurifier_AttrDef $single HTMLPurifier_AttrDef to multiply
31 * @param int $max Max number of values allowed (usually four)
32 */
33 public function __construct($single, $max = 4)
34 {
35 $this->single = $single;
36 $this->max = $max;
37 }
38
39 /**
40 * @param string $string
41 * @param HTMLPurifier_Config $config
42 * @param HTMLPurifier_Context $context
43 * @return bool|string
44 */
45 public function validate($string, $config, $context)
46 {
47 $string = $this->parseCDATA($string);
48 if ($string === '') {
49 return false;
50 }
51 $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
52 $length = count($parts);
53 $final = '';
54 for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) {
55 if (ctype_space($parts[$i])) {
56 continue;
57 }
58 $result = $this->single->validate($parts[$i], $config, $context);
59 if ($result !== false) {
60 $final .= $result . ' ';
61 $num++;
62 }
63 }
64 if ($final === '') {
65 return false;
66 }
67 return rtrim($final);
68 }
69}
70
71// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
new file mode 100644
index 00000000..c78f6c9d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
@@ -0,0 +1,84 @@
1<?php
2
3/**
4 * Validates a number as defined by the CSS spec.
5 */
6class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * Indicates whether or not only positive values are allowed.
11 * @type bool
12 */
13 protected $non_negative = false;
14
15 /**
16 * @param bool $non_negative indicates whether negatives are forbidden
17 */
18 public function __construct($non_negative = false)
19 {
20 $this->non_negative = $non_negative;
21 }
22
23 /**
24 * @param string $number
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return string|bool
28 * @warning Some contexts do not pass $config, $context. These
29 * variables should not be used without checking HTMLPurifier_Length
30 */
31 public function validate($number, $config, $context)
32 {
33 $number = $this->parseCDATA($number);
34
35 if ($number === '') {
36 return false;
37 }
38 if ($number === '0') {
39 return '0';
40 }
41
42 $sign = '';
43 switch ($number[0]) {
44 case '-':
45 if ($this->non_negative) {
46 return false;
47 }
48 $sign = '-';
49 case '+':
50 $number = substr($number, 1);
51 }
52
53 if (ctype_digit($number)) {
54 $number = ltrim($number, '0');
55 return $number ? $sign . $number : '0';
56 }
57
58 // Period is the only non-numeric character allowed
59 if (strpos($number, '.') === false) {
60 return false;
61 }
62
63 list($left, $right) = explode('.', $number, 2);
64
65 if ($left === '' && $right === '') {
66 return false;
67 }
68 if ($left !== '' && !ctype_digit($left)) {
69 return false;
70 }
71
72 $left = ltrim($left, '0');
73 $right = rtrim($right, '0');
74
75 if ($right === '') {
76 return $left ? $sign . $left : '0';
77 } elseif (!ctype_digit($right)) {
78 return false;
79 }
80 return $sign . $left . '.' . $right;
81 }
82}
83
84// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
new file mode 100644
index 00000000..aac1a6f5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
@@ -0,0 +1,54 @@
1<?php
2
3/**
4 * Validates a Percentage as defined by the CSS spec.
5 */
6class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * Instance to defer number validation to.
11 * @type HTMLPurifier_AttrDef_CSS_Number
12 */
13 protected $number_def;
14
15 /**
16 * @param bool $non_negative Whether to forbid negative values
17 */
18 public function __construct($non_negative = false)
19 {
20 $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
21 }
22
23 /**
24 * @param string $string
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return bool|string
28 */
29 public function validate($string, $config, $context)
30 {
31 $string = $this->parseCDATA($string);
32
33 if ($string === '') {
34 return false;
35 }
36 $length = strlen($string);
37 if ($length === 1) {
38 return false;
39 }
40 if ($string[$length - 1] !== '%') {
41 return false;
42 }
43
44 $number = substr($string, 0, $length - 1);
45 $number = $this->number_def->validate($number, $config, $context);
46
47 if ($number === false) {
48 return false;
49 }
50 return "$number%";
51 }
52}
53
54// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
new file mode 100644
index 00000000..3992de0e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
@@ -0,0 +1,46 @@
1<?php
2
3/**
4 * Validates the value for the CSS property text-decoration
5 * @note This class could be generalized into a version that acts sort of
6 * like Enum except you can compound the allowed values.
7 */
8class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
9{
10
11 /**
12 * @param string $string
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return bool|string
16 */
17 public function validate($string, $config, $context)
18 {
19 static $allowed_values = array(
20 'line-through' => true,
21 'overline' => true,
22 'underline' => true,
23 );
24
25 $string = strtolower($this->parseCDATA($string));
26
27 if ($string === 'none') {
28 return $string;
29 }
30
31 $parts = explode(' ', $string);
32 $final = '';
33 foreach ($parts as $part) {
34 if (isset($allowed_values[$part])) {
35 $final .= $part . ' ';
36 }
37 }
38 $final = rtrim($final);
39 if ($final === '') {
40 return false;
41 }
42 return $final;
43 }
44}
45
46// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
new file mode 100644
index 00000000..482b0997
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
@@ -0,0 +1,74 @@
1<?php
2
3/**
4 * Validates a URI in CSS syntax, which uses url('http://example.com')
5 * @note While theoretically speaking a URI in a CSS document could
6 * be non-embedded, as of CSS2 there is no such usage so we're
7 * generalizing it. This may need to be changed in the future.
8 * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
9 * the separator, you cannot put a literal semicolon in
10 * in the URI. Try percent encoding it, in that case.
11 */
12class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
13{
14
15 public function __construct()
16 {
17 parent::__construct(true); // always embedded
18 }
19
20 /**
21 * @param string $uri_string
22 * @param HTMLPurifier_Config $config
23 * @param HTMLPurifier_Context $context
24 * @return bool|string
25 */
26 public function validate($uri_string, $config, $context)
27 {
28 // parse the URI out of the string and then pass it onto
29 // the parent object
30
31 $uri_string = $this->parseCDATA($uri_string);
32 if (strpos($uri_string, 'url(') !== 0) {
33 return false;
34 }
35 $uri_string = substr($uri_string, 4);
36 $new_length = strlen($uri_string) - 1;
37 if ($uri_string[$new_length] != ')') {
38 return false;
39 }
40 $uri = trim(substr($uri_string, 0, $new_length));
41
42 if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
43 $quote = $uri[0];
44 $new_length = strlen($uri) - 1;
45 if ($uri[$new_length] !== $quote) {
46 return false;
47 }
48 $uri = substr($uri, 1, $new_length - 1);
49 }
50
51 $uri = $this->expandCSSEscape($uri);
52
53 $result = parent::validate($uri, $config, $context);
54
55 if ($result === false) {
56 return false;
57 }
58
59 // extra sanity check; should have been done by URI
60 $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
61
62 // suspicious characters are ()'; we're going to percent encode
63 // them for safety.
64 $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
65
66 // there's an extra bug where ampersands lose their escaping on
67 // an innerHTML cycle, so a very unlucky query parameter could
68 // then change the meaning of the URL. Unfortunately, there's
69 // not much we can do about that...
70 return "url(\"$result\")";
71 }
72}
73
74// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Clone.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
new file mode 100644
index 00000000..b181d1bc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Clone.php
@@ -0,0 +1,44 @@
1<?php
2
3/**
4 * Dummy AttrDef that mimics another AttrDef, BUT it generates clones
5 * with make.
6 */
7class HTMLPurifier_AttrDef_Clone extends HTMLPurifier_AttrDef
8{
9 /**
10 * What we're cloning.
11 * @type HTMLPurifier_AttrDef
12 */
13 protected $clone;
14
15 /**
16 * @param HTMLPurifier_AttrDef $clone
17 */
18 public function __construct($clone)
19 {
20 $this->clone = $clone;
21 }
22
23 /**
24 * @param string $v
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return bool|string
28 */
29 public function validate($v, $config, $context)
30 {
31 return $this->clone->validate($v, $config, $context);
32 }
33
34 /**
35 * @param string $string
36 * @return HTMLPurifier_AttrDef
37 */
38 public function make($string)
39 {
40 return clone $this->clone;
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Enum.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
new file mode 100644
index 00000000..b40122b6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
@@ -0,0 +1,73 @@
1<?php
2
3// Enum = Enumerated
4/**
5 * Validates a keyword against a list of valid values.
6 * @warning The case-insensitive compare of this function uses PHP's
7 * built-in strtolower and ctype_lower functions, which may
8 * cause problems with international comparisons
9 */
10class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
11{
12
13 /**
14 * Lookup table of valid values.
15 * @type array
16 * @todo Make protected
17 */
18 public $valid_values = array();
19
20 /**
21 * Bool indicating whether or not enumeration is case sensitive.
22 * @note In general this is always case insensitive.
23 */
24 protected $case_sensitive = false; // values according to W3C spec
25
26 /**
27 * @param array $valid_values List of valid values
28 * @param bool $case_sensitive Whether or not case sensitive
29 */
30 public function __construct($valid_values = array(), $case_sensitive = false)
31 {
32 $this->valid_values = array_flip($valid_values);
33 $this->case_sensitive = $case_sensitive;
34 }
35
36 /**
37 * @param string $string
38 * @param HTMLPurifier_Config $config
39 * @param HTMLPurifier_Context $context
40 * @return bool|string
41 */
42 public function validate($string, $config, $context)
43 {
44 $string = trim($string);
45 if (!$this->case_sensitive) {
46 // we may want to do full case-insensitive libraries
47 $string = ctype_lower($string) ? $string : strtolower($string);
48 }
49 $result = isset($this->valid_values[$string]);
50
51 return $result ? $string : false;
52 }
53
54 /**
55 * @param string $string In form of comma-delimited list of case-insensitive
56 * valid values. Example: "foo,bar,baz". Prepend "s:" to make
57 * case sensitive
58 * @return HTMLPurifier_AttrDef_Enum
59 */
60 public function make($string)
61 {
62 if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
63 $string = substr($string, 2);
64 $sensitive = true;
65 } else {
66 $sensitive = false;
67 }
68 $values = explode(',', $string);
69 return new HTMLPurifier_AttrDef_Enum($values, $sensitive);
70 }
71}
72
73// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
new file mode 100644
index 00000000..1463c647
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
@@ -0,0 +1,51 @@
1<?php
2
3/**
4 * Validates a boolean attribute
5 */
6class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @type bool
11 */
12 protected $name;
13
14 /**
15 * @type bool
16 */
17 public $minimized = true;
18
19 /**
20 * @param bool $name
21 */
22 public function __construct($name = false)
23 {
24 $this->name = $name;
25 }
26
27 /**
28 * @param string $string
29 * @param HTMLPurifier_Config $config
30 * @param HTMLPurifier_Context $context
31 * @return bool|string
32 */
33 public function validate($string, $config, $context)
34 {
35 if (empty($string)) {
36 return false;
37 }
38 return $this->name;
39 }
40
41 /**
42 * @param string $string Name of attribute
43 * @return HTMLPurifier_AttrDef_HTML_Bool
44 */
45 public function make($string)
46 {
47 return new HTMLPurifier_AttrDef_HTML_Bool($string);
48 }
49}
50
51// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
new file mode 100644
index 00000000..b874c7e1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,48 @@
1<?php
2
3/**
4 * Implements special behavior for class attribute (normally NMTOKENS)
5 */
6class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
7{
8 /**
9 * @param string $string
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return bool|string
13 */
14 protected function split($string, $config, $context)
15 {
16 // really, this twiddle should be lazy loaded
17 $name = $config->getDefinition('HTML')->doctype->name;
18 if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
19 return parent::split($string, $config, $context);
20 } else {
21 return preg_split('/\s+/', $string);
22 }
23 }
24
25 /**
26 * @param array $tokens
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return array
30 */
31 protected function filter($tokens, $config, $context)
32 {
33 $allowed = $config->get('Attr.AllowedClasses');
34 $forbidden = $config->get('Attr.ForbiddenClasses');
35 $ret = array();
36 foreach ($tokens as $token) {
37 if (($allowed === null || isset($allowed[$token])) &&
38 !isset($forbidden[$token]) &&
39 // We need this O(n) check because of PHP's array
40 // implementation that casts -0 to 0.
41 !in_array($token, $ret, true)
42 ) {
43 $ret[] = $token;
44 }
45 }
46 return $ret;
47 }
48}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
new file mode 100644
index 00000000..25c93fc6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
@@ -0,0 +1,51 @@
1<?php
2
3/**
4 * Validates a color according to the HTML spec.
5 */
6class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @param string $string
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return bool|string
14 */
15 public function validate($string, $config, $context)
16 {
17 static $colors = null;
18 if ($colors === null) {
19 $colors = $config->get('Core.ColorKeywords');
20 }
21
22 $string = trim($string);
23
24 if (empty($string)) {
25 return false;
26 }
27 $lower = strtolower($string);
28 if (isset($colors[$lower])) {
29 return $colors[$lower];
30 }
31 if ($string[0] === '#') {
32 $hex = substr($string, 1);
33 } else {
34 $hex = $string;
35 }
36
37 $length = strlen($hex);
38 if ($length !== 3 && $length !== 6) {
39 return false;
40 }
41 if (!ctype_xdigit($hex)) {
42 return false;
43 }
44 if ($length === 3) {
45 $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
46 }
47 return "#$hex";
48 }
49}
50
51// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
new file mode 100644
index 00000000..7446b6da
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
@@ -0,0 +1,38 @@
1<?php
2
3/**
4 * Special-case enum attribute definition that lazy loads allowed frame targets
5 */
6class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
7{
8
9 /**
10 * @type array
11 */
12 public $valid_values = false; // uninitialized value
13
14 /**
15 * @type bool
16 */
17 protected $case_sensitive = false;
18
19 public function __construct()
20 {
21 }
22
23 /**
24 * @param string $string
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return bool|string
28 */
29 public function validate($string, $config, $context)
30 {
31 if ($this->valid_values === false) {
32 $this->valid_values = $config->get('Attr.AllowedFrameTargets');
33 }
34 return parent::validate($string, $config, $context);
35 }
36}
37
38// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
new file mode 100644
index 00000000..ccd4a24a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
@@ -0,0 +1,105 @@
1<?php
2
3/**
4 * Validates the HTML attribute ID.
5 * @warning Even though this is the id processor, it
6 * will ignore the directive Attr:IDBlacklist, since it will only
7 * go according to the ID accumulator. Since the accumulator is
8 * automatically generated, it will have already absorbed the
9 * blacklist. If you're hacking around, make sure you use load()!
10 */
11
12class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
13{
14
15 // selector is NOT a valid thing to use for IDREFs, because IDREFs
16 // *must* target IDs that exist, whereas selector #ids do not.
17
18 /**
19 * Determines whether or not we're validating an ID in a CSS
20 * selector context.
21 * @type bool
22 */
23 protected $selector;
24
25 /**
26 * @param bool $selector
27 */
28 public function __construct($selector = false)
29 {
30 $this->selector = $selector;
31 }
32
33 /**
34 * @param string $id
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return bool|string
38 */
39 public function validate($id, $config, $context)
40 {
41 if (!$this->selector && !$config->get('Attr.EnableID')) {
42 return false;
43 }
44
45 $id = trim($id); // trim it first
46
47 if ($id === '') {
48 return false;
49 }
50
51 $prefix = $config->get('Attr.IDPrefix');
52 if ($prefix !== '') {
53 $prefix .= $config->get('Attr.IDPrefixLocal');
54 // prevent re-appending the prefix
55 if (strpos($id, $prefix) !== 0) {
56 $id = $prefix . $id;
57 }
58 } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
59 trigger_error(
60 '%Attr.IDPrefixLocal cannot be used unless ' .
61 '%Attr.IDPrefix is set',
62 E_USER_WARNING
63 );
64 }
65
66 if (!$this->selector) {
67 $id_accumulator =& $context->get('IDAccumulator');
68 if (isset($id_accumulator->ids[$id])) {
69 return false;
70 }
71 }
72
73 // we purposely avoid using regex, hopefully this is faster
74
75 if (ctype_alpha($id)) {
76 $result = true;
77 } else {
78 if (!ctype_alpha(@$id[0])) {
79 return false;
80 }
81 // primitive style of regexps, I suppose
82 $trim = trim(
83 $id,
84 'A..Za..z0..9:-._'
85 );
86 $result = ($trim === '');
87 }
88
89 $regexp = $config->get('Attr.IDBlacklistRegexp');
90 if ($regexp && preg_match($regexp, $id)) {
91 return false;
92 }
93
94 if (!$this->selector && $result) {
95 $id_accumulator->add($id);
96 }
97
98 // if no change was made to the ID, return the result
99 // else, return the new id if stripping whitespace made it
100 // valid, or return false.
101 return $result ? $id : false;
102 }
103}
104
105// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
new file mode 100644
index 00000000..c8f51886
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Validates the HTML type length (not to be confused with CSS's length).
5 *
6 * This accepts integer pixels or percentages as lengths for certain
7 * HTML attributes.
8 */
9
10class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
11{
12
13 /**
14 * @param string $string
15 * @param HTMLPurifier_Config $config
16 * @param HTMLPurifier_Context $context
17 * @return bool|string
18 */
19 public function validate($string, $config, $context)
20 {
21 $string = trim($string);
22 if ($string === '') {
23 return false;
24 }
25
26 $parent_result = parent::validate($string, $config, $context);
27 if ($parent_result !== false) {
28 return $parent_result;
29 }
30
31 $length = strlen($string);
32 $last_char = $string[$length - 1];
33
34 if ($last_char !== '%') {
35 return false;
36 }
37
38 $points = substr($string, 0, $length - 1);
39
40 if (!is_numeric($points)) {
41 return false;
42 }
43
44 $points = (int)$points;
45
46 if ($points < 0) {
47 return '0%';
48 }
49 if ($points > 100) {
50 return '100%';
51 }
52 return ((string)$points) . '%';
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
new file mode 100644
index 00000000..3f56934f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
@@ -0,0 +1,72 @@
1<?php
2
3/**
4 * Validates a rel/rev link attribute against a directive of allowed values
5 * @note We cannot use Enum because link types allow multiple
6 * values.
7 * @note Assumes link types are ASCII text
8 */
9class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
10{
11
12 /**
13 * Name config attribute to pull.
14 * @type string
15 */
16 protected $name;
17
18 /**
19 * @param string $name
20 */
21 public function __construct($name)
22 {
23 $configLookup = array(
24 'rel' => 'AllowedRel',
25 'rev' => 'AllowedRev'
26 );
27 if (!isset($configLookup[$name])) {
28 trigger_error(
29 'Unrecognized attribute name for link ' .
30 'relationship.',
31 E_USER_ERROR
32 );
33 return;
34 }
35 $this->name = $configLookup[$name];
36 }
37
38 /**
39 * @param string $string
40 * @param HTMLPurifier_Config $config
41 * @param HTMLPurifier_Context $context
42 * @return bool|string
43 */
44 public function validate($string, $config, $context)
45 {
46 $allowed = $config->get('Attr.' . $this->name);
47 if (empty($allowed)) {
48 return false;
49 }
50
51 $string = $this->parseCDATA($string);
52 $parts = explode(' ', $string);
53
54 // lookup to prevent duplicates
55 $ret_lookup = array();
56 foreach ($parts as $part) {
57 $part = strtolower(trim($part));
58 if (!isset($allowed[$part])) {
59 continue;
60 }
61 $ret_lookup[$part] = true;
62 }
63
64 if (empty($ret_lookup)) {
65 return false;
66 }
67 $string = implode(' ', array_keys($ret_lookup));
68 return $string;
69 }
70}
71
72// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
new file mode 100644
index 00000000..eb713e15
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
@@ -0,0 +1,60 @@
1<?php
2
3/**
4 * Validates a MultiLength as defined by the HTML spec.
5 *
6 * A multilength is either a integer (pixel count), a percentage, or
7 * a relative number.
8 */
9class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
10{
11
12 /**
13 * @param string $string
14 * @param HTMLPurifier_Config $config
15 * @param HTMLPurifier_Context $context
16 * @return bool|string
17 */
18 public function validate($string, $config, $context)
19 {
20 $string = trim($string);
21 if ($string === '') {
22 return false;
23 }
24
25 $parent_result = parent::validate($string, $config, $context);
26 if ($parent_result !== false) {
27 return $parent_result;
28 }
29
30 $length = strlen($string);
31 $last_char = $string[$length - 1];
32
33 if ($last_char !== '*') {
34 return false;
35 }
36
37 $int = substr($string, 0, $length - 1);
38
39 if ($int == '') {
40 return '*';
41 }
42 if (!is_numeric($int)) {
43 return false;
44 }
45
46 $int = (int)$int;
47 if ($int < 0) {
48 return false;
49 }
50 if ($int == 0) {
51 return '0';
52 }
53 if ($int == 1) {
54 return '*';
55 }
56 return ((string)$int) . '*';
57 }
58}
59
60// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
new file mode 100644
index 00000000..ecb070c3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
@@ -0,0 +1,70 @@
1<?php
2
3/**
4 * Validates contents based on NMTOKENS attribute type.
5 */
6class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @param string $string
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return bool|string
14 */
15 public function validate($string, $config, $context)
16 {
17 $string = trim($string);
18
19 // early abort: '' and '0' (strings that convert to false) are invalid
20 if (!$string) {
21 return false;
22 }
23
24 $tokens = $this->split($string, $config, $context);
25 $tokens = $this->filter($tokens, $config, $context);
26 if (empty($tokens)) {
27 return false;
28 }
29 return implode(' ', $tokens);
30 }
31
32 /**
33 * Splits a space separated list of tokens into its constituent parts.
34 * @param string $string
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return array
38 */
39 protected function split($string, $config, $context)
40 {
41 // OPTIMIZABLE!
42 // do the preg_match, capture all subpatterns for reformulation
43
44 // we don't support U+00A1 and up codepoints or
45 // escaping because I don't know how to do that with regexps
46 // and plus it would complicate optimization efforts (you never
47 // see that anyway).
48 $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start
49 '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' .
50 '(?:(?=\s)|\z)/'; // look ahead for space or string end
51 preg_match_all($pattern, $string, $matches);
52 return $matches[1];
53 }
54
55 /**
56 * Template method for removing certain tokens based on arbitrary criteria.
57 * @note If we wanted to be really functional, we'd do an array_filter
58 * with a callback. But... we're not.
59 * @param array $tokens
60 * @param HTMLPurifier_Config $config
61 * @param HTMLPurifier_Context $context
62 * @return array
63 */
64 protected function filter($tokens, $config, $context)
65 {
66 return $tokens;
67 }
68}
69
70// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
new file mode 100644
index 00000000..1a68f238
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
@@ -0,0 +1,76 @@
1<?php
2
3/**
4 * Validates an integer representation of pixels according to the HTML spec.
5 */
6class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @type int
11 */
12 protected $max;
13
14 /**
15 * @param int $max
16 */
17 public function __construct($max = null)
18 {
19 $this->max = $max;
20 }
21
22 /**
23 * @param string $string
24 * @param HTMLPurifier_Config $config
25 * @param HTMLPurifier_Context $context
26 * @return bool|string
27 */
28 public function validate($string, $config, $context)
29 {
30 $string = trim($string);
31 if ($string === '0') {
32 return $string;
33 }
34 if ($string === '') {
35 return false;
36 }
37 $length = strlen($string);
38 if (substr($string, $length - 2) == 'px') {
39 $string = substr($string, 0, $length - 2);
40 }
41 if (!is_numeric($string)) {
42 return false;
43 }
44 $int = (int)$string;
45
46 if ($int < 0) {
47 return '0';
48 }
49
50 // upper-bound value, extremely high values can
51 // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
52 // WARNING, above link WILL crash you if you're using Windows
53
54 if ($this->max !== null && $int > $this->max) {
55 return (string)$this->max;
56 }
57 return (string)$int;
58 }
59
60 /**
61 * @param string $string
62 * @return HTMLPurifier_AttrDef
63 */
64 public function make($string)
65 {
66 if ($string === '') {
67 $max = null;
68 } else {
69 $max = (int)$string;
70 }
71 $class = get_class($this);
72 return new $class($max);
73 }
74}
75
76// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Integer.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
new file mode 100644
index 00000000..c98376d7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
@@ -0,0 +1,91 @@
1<?php
2
3/**
4 * Validates an integer.
5 * @note While this class was modeled off the CSS definition, no currently
6 * allowed CSS uses this type. The properties that do are: widows,
7 * orphans, z-index, counter-increment, counter-reset. Some of the
8 * HTML attributes, however, find use for a non-negative version of this.
9 */
10class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
11{
12
13 /**
14 * Whether or not negative values are allowed.
15 * @type bool
16 */
17 protected $negative = true;
18
19 /**
20 * Whether or not zero is allowed.
21 * @type bool
22 */
23 protected $zero = true;
24
25 /**
26 * Whether or not positive values are allowed.
27 * @type bool
28 */
29 protected $positive = true;
30
31 /**
32 * @param $negative Bool indicating whether or not negative values are allowed
33 * @param $zero Bool indicating whether or not zero is allowed
34 * @param $positive Bool indicating whether or not positive values are allowed
35 */
36 public function __construct($negative = true, $zero = true, $positive = true)
37 {
38 $this->negative = $negative;
39 $this->zero = $zero;
40 $this->positive = $positive;
41 }
42
43 /**
44 * @param string $integer
45 * @param HTMLPurifier_Config $config
46 * @param HTMLPurifier_Context $context
47 * @return bool|string
48 */
49 public function validate($integer, $config, $context)
50 {
51 $integer = $this->parseCDATA($integer);
52 if ($integer === '') {
53 return false;
54 }
55
56 // we could possibly simply typecast it to integer, but there are
57 // certain fringe cases that must not return an integer.
58
59 // clip leading sign
60 if ($this->negative && $integer[0] === '-') {
61 $digits = substr($integer, 1);
62 if ($digits === '0') {
63 $integer = '0';
64 } // rm minus sign for zero
65 } elseif ($this->positive && $integer[0] === '+') {
66 $digits = $integer = substr($integer, 1); // rm unnecessary plus
67 } else {
68 $digits = $integer;
69 }
70
71 // test if it's numeric
72 if (!ctype_digit($digits)) {
73 return false;
74 }
75
76 // perform scope tests
77 if (!$this->zero && $integer == 0) {
78 return false;
79 }
80 if (!$this->positive && $integer > 0) {
81 return false;
82 }
83 if (!$this->negative && $integer < 0) {
84 return false;
85 }
86
87 return $integer;
88 }
89}
90
91// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Lang.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
new file mode 100644
index 00000000..6ad0f799
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
@@ -0,0 +1,86 @@
1<?php
2
3/**
4 * Validates the HTML attribute lang, effectively a language code.
5 * @note Built according to RFC 3066, which obsoleted RFC 1766
6 */
7class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
8{
9
10 /**
11 * @param string $string
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return bool|string
15 */
16 public function validate($string, $config, $context)
17 {
18 $string = trim($string);
19 if (!$string) {
20 return false;
21 }
22
23 $subtags = explode('-', $string);
24 $num_subtags = count($subtags);
25
26 if ($num_subtags == 0) { // sanity check
27 return false;
28 }
29
30 // process primary subtag : $subtags[0]
31 $length = strlen($subtags[0]);
32 switch ($length) {
33 case 0:
34 return false;
35 case 1:
36 if (!($subtags[0] == 'x' || $subtags[0] == 'i')) {
37 return false;
38 }
39 break;
40 case 2:
41 case 3:
42 if (!ctype_alpha($subtags[0])) {
43 return false;
44 } elseif (!ctype_lower($subtags[0])) {
45 $subtags[0] = strtolower($subtags[0]);
46 }
47 break;
48 default:
49 return false;
50 }
51
52 $new_string = $subtags[0];
53 if ($num_subtags == 1) {
54 return $new_string;
55 }
56
57 // process second subtag : $subtags[1]
58 $length = strlen($subtags[1]);
59 if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) {
60 return $new_string;
61 }
62 if (!ctype_lower($subtags[1])) {
63 $subtags[1] = strtolower($subtags[1]);
64 }
65
66 $new_string .= '-' . $subtags[1];
67 if ($num_subtags == 2) {
68 return $new_string;
69 }
70
71 // process all other subtags, index 2 and up
72 for ($i = 2; $i < $num_subtags; $i++) {
73 $length = strlen($subtags[$i]);
74 if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) {
75 return $new_string;
76 }
77 if (!ctype_lower($subtags[$i])) {
78 $subtags[$i] = strtolower($subtags[$i]);
79 }
80 $new_string .= '-' . $subtags[$i];
81 }
82 return $new_string;
83 }
84}
85
86// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Switch.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
new file mode 100644
index 00000000..078291f5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
@@ -0,0 +1,53 @@
1<?php
2
3/**
4 * Decorator that, depending on a token, switches between two definitions.
5 */
6class HTMLPurifier_AttrDef_Switch
7{
8
9 /**
10 * @type string
11 */
12 protected $tag;
13
14 /**
15 * @type HTMLPurifier_AttrDef
16 */
17 protected $withTag;
18
19 /**
20 * @type HTMLPurifier_AttrDef
21 */
22 protected $withoutTag;
23
24 /**
25 * @param string $tag Tag name to switch upon
26 * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
27 * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
28 */
29 public function __construct($tag, $with_tag, $without_tag)
30 {
31 $this->tag = $tag;
32 $this->withTag = $with_tag;
33 $this->withoutTag = $without_tag;
34 }
35
36 /**
37 * @param string $string
38 * @param HTMLPurifier_Config $config
39 * @param HTMLPurifier_Context $context
40 * @return bool|string
41 */
42 public function validate($string, $config, $context)
43 {
44 $token = $context->get('CurrentToken', true);
45 if (!$token || $token->name !== $this->tag) {
46 return $this->withoutTag->validate($string, $config, $context);
47 } else {
48 return $this->withTag->validate($string, $config, $context);
49 }
50 }
51}
52
53// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Text.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Text.php
new file mode 100644
index 00000000..9f23bac4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/Text.php
@@ -0,0 +1,21 @@
1<?php
2
3/**
4 * Validates arbitrary text according to the HTML spec.
5 */
6class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * @param string $string
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return bool|string
14 */
15 public function validate($string, $config, $context)
16 {
17 return $this->parseCDATA($string);
18 }
19}
20
21// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI.php
new file mode 100644
index 00000000..a1097cd9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI.php
@@ -0,0 +1,111 @@
1<?php
2
3/**
4 * Validates a URI as defined by RFC 3986.
5 * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
6 */
7class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
8{
9
10 /**
11 * @type HTMLPurifier_URIParser
12 */
13 protected $parser;
14
15 /**
16 * @type bool
17 */
18 protected $embedsResource;
19
20 /**
21 * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
22 */
23 public function __construct($embeds_resource = false)
24 {
25 $this->parser = new HTMLPurifier_URIParser();
26 $this->embedsResource = (bool)$embeds_resource;
27 }
28
29 /**
30 * @param string $string
31 * @return HTMLPurifier_AttrDef_URI
32 */
33 public function make($string)
34 {
35 $embeds = ($string === 'embedded');
36 return new HTMLPurifier_AttrDef_URI($embeds);
37 }
38
39 /**
40 * @param string $uri
41 * @param HTMLPurifier_Config $config
42 * @param HTMLPurifier_Context $context
43 * @return bool|string
44 */
45 public function validate($uri, $config, $context)
46 {
47 if ($config->get('URI.Disable')) {
48 return false;
49 }
50
51 $uri = $this->parseCDATA($uri);
52
53 // parse the URI
54 $uri = $this->parser->parse($uri);
55 if ($uri === false) {
56 return false;
57 }
58
59 // add embedded flag to context for validators
60 $context->register('EmbeddedURI', $this->embedsResource);
61
62 $ok = false;
63 do {
64
65 // generic validation
66 $result = $uri->validate($config, $context);
67 if (!$result) {
68 break;
69 }
70
71 // chained filtering
72 $uri_def = $config->getDefinition('URI');
73 $result = $uri_def->filter($uri, $config, $context);
74 if (!$result) {
75 break;
76 }
77
78 // scheme-specific validation
79 $scheme_obj = $uri->getSchemeObj($config, $context);
80 if (!$scheme_obj) {
81 break;
82 }
83 if ($this->embedsResource && !$scheme_obj->browsable) {
84 break;
85 }
86 $result = $scheme_obj->validate($uri, $config, $context);
87 if (!$result) {
88 break;
89 }
90
91 // Post chained filtering
92 $result = $uri_def->postFilter($uri, $config, $context);
93 if (!$result) {
94 break;
95 }
96
97 // survived gauntlet
98 $ok = true;
99
100 } while (false);
101
102 $context->destroy('EmbeddedURI');
103 if (!$ok) {
104 return false;
105 }
106 // back to string
107 return $uri->toString();
108 }
109}
110
111// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
new file mode 100644
index 00000000..846d3881
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
@@ -0,0 +1,20 @@
1<?php
2
3abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
4{
5
6 /**
7 * Unpacks a mailbox into its display-name and address
8 * @param string $string
9 * @return mixed
10 */
11 public function unpack($string)
12 {
13 // needs to be implemented
14 }
15
16}
17
18// sub-implementations
19
20// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
new file mode 100644
index 00000000..3b041ce8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
@@ -0,0 +1,29 @@
1<?php
2
3/**
4 * Primitive email validation class based on the regexp found at
5 * http://www.regular-expressions.info/email.html
6 */
7class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
8{
9
10 /**
11 * @param string $string
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return bool|string
15 */
16 public function validate($string, $config, $context)
17 {
18 // no support for named mailboxes i.e. "Bob <bob@example.com>"
19 // that needs more percent encoding to be done
20 if ($string == '') {
21 return false;
22 }
23 $string = trim($string);
24 $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string);
25 return $result ? $string : false;
26 }
27}
28
29// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
new file mode 100644
index 00000000..01457785
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
@@ -0,0 +1,128 @@
1<?php
2
3/**
4 * Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
5 */
6class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
7{
8
9 /**
10 * IPv4 sub-validator.
11 * @type HTMLPurifier_AttrDef_URI_IPv4
12 */
13 protected $ipv4;
14
15 /**
16 * IPv6 sub-validator.
17 * @type HTMLPurifier_AttrDef_URI_IPv6
18 */
19 protected $ipv6;
20
21 public function __construct()
22 {
23 $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
24 $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
25 }
26
27 /**
28 * @param string $string
29 * @param HTMLPurifier_Config $config
30 * @param HTMLPurifier_Context $context
31 * @return bool|string
32 */
33 public function validate($string, $config, $context)
34 {
35 $length = strlen($string);
36 // empty hostname is OK; it's usually semantically equivalent:
37 // the default host as defined by a URI scheme is used:
38 //
39 // If the URI scheme defines a default for host, then that
40 // default applies when the host subcomponent is undefined
41 // or when the registered name is empty (zero length).
42 if ($string === '') {
43 return '';
44 }
45 if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') {
46 //IPv6
47 $ip = substr($string, 1, $length - 2);
48 $valid = $this->ipv6->validate($ip, $config, $context);
49 if ($valid === false) {
50 return false;
51 }
52 return '[' . $valid . ']';
53 }
54
55 // need to do checks on unusual encodings too
56 $ipv4 = $this->ipv4->validate($string, $config, $context);
57 if ($ipv4 !== false) {
58 return $ipv4;
59 }
60
61 // A regular domain name.
62
63 // This doesn't match I18N domain names, but we don't have proper IRI support,
64 // so force users to insert Punycode.
65
66 // There is not a good sense in which underscores should be
67 // allowed, since it's technically not! (And if you go as
68 // far to allow everything as specified by the DNS spec...
69 // well, that's literally everything, modulo some space limits
70 // for the components and the overall name (which, by the way,
71 // we are NOT checking!). So we (arbitrarily) decide this:
72 // let's allow underscores wherever we would have allowed
73 // hyphens, if they are enabled. This is a pretty good match
74 // for browser behavior, for example, a large number of browsers
75 // cannot handle foo_.example.com, but foo_bar.example.com is
76 // fairly well supported.
77 $underscore = $config->get('Core.AllowHostnameUnderscore') ? '_' : '';
78
79 // The productions describing this are:
80 $a = '[a-z]'; // alpha
81 $an = '[a-z0-9]'; // alphanum
82 $and = "[a-z0-9-$underscore]"; // alphanum | "-"
83 // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
84 $domainlabel = "$an($and*$an)?";
85 // toplabel = alpha | alpha *( alphanum | "-" ) alphanum
86 $toplabel = "$a($and*$an)?";
87 // hostname = *( domainlabel "." ) toplabel [ "." ]
88 if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
89 return $string;
90 }
91
92 // If we have Net_IDNA2 support, we can support IRIs by
93 // punycoding them. (This is the most portable thing to do,
94 // since otherwise we have to assume browsers support
95
96 if ($config->get('Core.EnableIDNA')) {
97 $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true));
98 // we need to encode each period separately
99 $parts = explode('.', $string);
100 try {
101 $new_parts = array();
102 foreach ($parts as $part) {
103 $encodable = false;
104 for ($i = 0, $c = strlen($part); $i < $c; $i++) {
105 if (ord($part[$i]) > 0x7a) {
106 $encodable = true;
107 break;
108 }
109 }
110 if (!$encodable) {
111 $new_parts[] = $part;
112 } else {
113 $new_parts[] = $idna->encode($part);
114 }
115 }
116 $string = implode('.', $new_parts);
117 if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
118 return $string;
119 }
120 } catch (Exception $e) {
121 // XXX error reporting
122 }
123 }
124 return false;
125 }
126}
127
128// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
new file mode 100644
index 00000000..bbc8a77e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
@@ -0,0 +1,45 @@
1<?php
2
3/**
4 * Validates an IPv4 address
5 * @author Feyd @ forums.devnetwork.net (public domain)
6 */
7class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
8{
9
10 /**
11 * IPv4 regex, protected so that IPv6 can reuse it.
12 * @type string
13 */
14 protected $ip4;
15
16 /**
17 * @param string $aIP
18 * @param HTMLPurifier_Config $config
19 * @param HTMLPurifier_Context $context
20 * @return bool|string
21 */
22 public function validate($aIP, $config, $context)
23 {
24 if (!$this->ip4) {
25 $this->_loadRegex();
26 }
27
28 if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) {
29 return $aIP;
30 }
31 return false;
32 }
33
34 /**
35 * Lazy load function to prevent regex from being stuffed in
36 * cache.
37 */
38 protected function _loadRegex()
39 {
40 $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
41 $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
new file mode 100644
index 00000000..67f148bd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
@@ -0,0 +1,89 @@
1<?php
2
3/**
4 * Validates an IPv6 address.
5 * @author Feyd @ forums.devnetwork.net (public domain)
6 * @note This function requires brackets to have been removed from address
7 * in URI.
8 */
9class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
10{
11
12 /**
13 * @param string $aIP
14 * @param HTMLPurifier_Config $config
15 * @param HTMLPurifier_Context $context
16 * @return bool|string
17 */
18 public function validate($aIP, $config, $context)
19 {
20 if (!$this->ip4) {
21 $this->_loadRegex();
22 }
23
24 $original = $aIP;
25
26 $hex = '[0-9a-fA-F]';
27 $blk = '(?:' . $hex . '{1,4})';
28 $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
29
30 // prefix check
31 if (strpos($aIP, '/') !== false) {
32 if (preg_match('#' . $pre . '$#s', $aIP, $find)) {
33 $aIP = substr($aIP, 0, 0 - strlen($find[0]));
34 unset($find);
35 } else {
36 return false;
37 }
38 }
39
40 // IPv4-compatiblity check
41 if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) {
42 $aIP = substr($aIP, 0, 0 - strlen($find[0]));
43 $ip = explode('.', $find[0]);
44 $ip = array_map('dechex', $ip);
45 $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
46 unset($find, $ip);
47 }
48
49 // compression check
50 $aIP = explode('::', $aIP);
51 $c = count($aIP);
52 if ($c > 2) {
53 return false;
54 } elseif ($c == 2) {
55 list($first, $second) = $aIP;
56 $first = explode(':', $first);
57 $second = explode(':', $second);
58
59 if (count($first) + count($second) > 8) {
60 return false;
61 }
62
63 while (count($first) < 8) {
64 array_push($first, '0');
65 }
66
67 array_splice($first, 8 - count($second), 8, $second);
68 $aIP = $first;
69 unset($first, $second);
70 } else {
71 $aIP = explode(':', $aIP[0]);
72 }
73 $c = count($aIP);
74
75 if ($c != 8) {
76 return false;
77 }
78
79 // All the pieces should be 16-bit hex strings. Are they?
80 foreach ($aIP as $piece) {
81 if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) {
82 return false;
83 }
84 }
85 return $original;
86 }
87}
88
89// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform.php
new file mode 100644
index 00000000..d9baaf39
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform.php
@@ -0,0 +1,60 @@
1<?php
2
3/**
4 * Processes an entire attribute array for corrections needing multiple values.
5 *
6 * Occasionally, a certain attribute will need to be removed and popped onto
7 * another value. Instead of creating a complex return syntax for
8 * HTMLPurifier_AttrDef, we just pass the whole attribute array to a
9 * specialized object and have that do the special work. That is the
10 * family of HTMLPurifier_AttrTransform.
11 *
12 * An attribute transformation can be assigned to run before or after
13 * HTMLPurifier_AttrDef validation. See HTMLPurifier_HTMLDefinition for
14 * more details.
15 */
16
17abstract class HTMLPurifier_AttrTransform
18{
19
20 /**
21 * Abstract: makes changes to the attributes dependent on multiple values.
22 *
23 * @param array $attr Assoc array of attributes, usually from
24 * HTMLPurifier_Token_Tag::$attr
25 * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
26 * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object
27 * @return array Processed attribute array.
28 */
29 abstract public function transform($attr, $config, $context);
30
31 /**
32 * Prepends CSS properties to the style attribute, creating the
33 * attribute if it doesn't exist.
34 * @param array &$attr Attribute array to process (passed by reference)
35 * @param string $css CSS to prepend
36 */
37 public function prependCSS(&$attr, $css)
38 {
39 $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
40 $attr['style'] = $css . $attr['style'];
41 }
42
43 /**
44 * Retrieves and removes an attribute
45 * @param array &$attr Attribute array to process (passed by reference)
46 * @param mixed $key Key of attribute to confiscate
47 * @return mixed
48 */
49 public function confiscateAttr(&$attr, $key)
50 {
51 if (!isset($attr[$key])) {
52 return null;
53 }
54 $value = $attr[$key];
55 unset($attr[$key]);
56 return $value;
57 }
58}
59
60// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
new file mode 100644
index 00000000..f0f00068
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Pre-transform that changes proprietary background attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['background'])) {
17 return $attr;
18 }
19
20 $background = $this->confiscateAttr($attr, 'background');
21 // some validation should happen here
22
23 $this->prependCSS($attr, "background-image:url($background);");
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
new file mode 100644
index 00000000..86dcb17e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
@@ -0,0 +1,27 @@
1<?php
2
3// this MUST be placed in post, as it assumes that any value in dir is valid
4
5/**
6 * Post-trasnform that ensures that bdo tags have the dir attribute set.
7 */
8class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
9{
10
11 /**
12 * @param array $attr
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return array
16 */
17 public function transform($attr, $config, $context)
18 {
19 if (isset($attr['dir'])) {
20 return $attr;
21 }
22 $attr['dir'] = $config->get('Attr.DefaultTextDir');
23 return $attr;
24 }
25}
26
27// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
new file mode 100644
index 00000000..e45e9ba3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated bgcolor attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['bgcolor'])) {
17 return $attr;
18 }
19
20 $bgcolor = $this->confiscateAttr($attr, 'bgcolor');
21 // some validation should happen here
22
23 $this->prependCSS($attr, "background-color:$bgcolor;");
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
new file mode 100644
index 00000000..29d7ff26
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
@@ -0,0 +1,47 @@
1<?php
2
3/**
4 * Pre-transform that changes converts a boolean attribute to fixed CSS
5 */
6class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform
7{
8 /**
9 * Name of boolean attribute that is trigger.
10 * @type string
11 */
12 protected $attr;
13
14 /**
15 * CSS declarations to add to style, needs trailing semicolon.
16 * @type string
17 */
18 protected $css;
19
20 /**
21 * @param string $attr attribute name to convert from
22 * @param string $css CSS declarations to add to style (needs semicolon)
23 */
24 public function __construct($attr, $css)
25 {
26 $this->attr = $attr;
27 $this->css = $css;
28 }
29
30 /**
31 * @param array $attr
32 * @param HTMLPurifier_Config $config
33 * @param HTMLPurifier_Context $context
34 * @return array
35 */
36 public function transform($attr, $config, $context)
37 {
38 if (!isset($attr[$this->attr])) {
39 return $attr;
40 }
41 unset($attr[$this->attr]);
42 $this->prependCSS($attr, $this->css);
43 return $attr;
44 }
45}
46
47// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
new file mode 100644
index 00000000..90a8dea8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
@@ -0,0 +1,26 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated border attribute to CSS.
5 */
6class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['border'])) {
17 return $attr;
18 }
19 $border_width = $this->confiscateAttr($attr, 'border');
20 // some validation should happen here
21 $this->prependCSS($attr, "border:{$border_width}px solid;");
22 return $attr;
23 }
24}
25
26// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
new file mode 100644
index 00000000..e2bfbf00
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
@@ -0,0 +1,68 @@
1<?php
2
3/**
4 * Generic pre-transform that converts an attribute with a fixed number of
5 * values (enumerated) to CSS.
6 */
7class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform
8{
9 /**
10 * Name of attribute to transform from.
11 * @type string
12 */
13 protected $attr;
14
15 /**
16 * Lookup array of attribute values to CSS.
17 * @type array
18 */
19 protected $enumToCSS = array();
20
21 /**
22 * Case sensitivity of the matching.
23 * @type bool
24 * @warning Currently can only be guaranteed to work with ASCII
25 * values.
26 */
27 protected $caseSensitive = false;
28
29 /**
30 * @param string $attr Attribute name to transform from
31 * @param array $enum_to_css Lookup array of attribute values to CSS
32 * @param bool $case_sensitive Case sensitivity indicator, default false
33 */
34 public function __construct($attr, $enum_to_css, $case_sensitive = false)
35 {
36 $this->attr = $attr;
37 $this->enumToCSS = $enum_to_css;
38 $this->caseSensitive = (bool)$case_sensitive;
39 }
40
41 /**
42 * @param array $attr
43 * @param HTMLPurifier_Config $config
44 * @param HTMLPurifier_Context $context
45 * @return array
46 */
47 public function transform($attr, $config, $context)
48 {
49 if (!isset($attr[$this->attr])) {
50 return $attr;
51 }
52
53 $value = trim($attr[$this->attr]);
54 unset($attr[$this->attr]);
55
56 if (!$this->caseSensitive) {
57 $value = strtolower($value);
58 }
59
60 if (!isset($this->enumToCSS[$value])) {
61 return $attr;
62 }
63 $this->prependCSS($attr, $this->enumToCSS[$value]);
64 return $attr;
65 }
66}
67
68// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
new file mode 100644
index 00000000..561b4d9d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -0,0 +1,48 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Transform that supplies default values for the src and alt attributes
7 * in img tags, as well as prevents the img tag from being removed
8 * because of a missing alt tag. This needs to be registered as both
9 * a pre and post attribute transform.
10 */
11class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
12{
13
14 /**
15 * @param array $attr
16 * @param HTMLPurifier_Config $config
17 * @param HTMLPurifier_Context $context
18 * @return array
19 */
20 public function transform($attr, $config, $context)
21 {
22 $src = true;
23 if (!isset($attr['src'])) {
24 if ($config->get('Core.RemoveInvalidImg')) {
25 return $attr;
26 }
27 $attr['src'] = $config->get('Attr.DefaultInvalidImage');
28 $src = false;
29 }
30
31 if (!isset($attr['alt'])) {
32 if ($src) {
33 $alt = $config->get('Attr.DefaultImageAlt');
34 if ($alt === null) {
35 // truncate if the alt is too long
36 $attr['alt'] = substr(basename($attr['src']), 0, 40);
37 } else {
38 $attr['alt'] = $alt;
39 }
40 } else {
41 $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
42 }
43 }
44 return $attr;
45 }
46}
47
48// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
new file mode 100644
index 00000000..aec42aea
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
@@ -0,0 +1,61 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated hspace and vspace attributes to CSS
5 */
6class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @type string
10 */
11 protected $attr;
12
13 /**
14 * @type array
15 */
16 protected $css = array(
17 'hspace' => array('left', 'right'),
18 'vspace' => array('top', 'bottom')
19 );
20
21 /**
22 * @param string $attr
23 */
24 public function __construct($attr)
25 {
26 $this->attr = $attr;
27 if (!isset($this->css[$attr])) {
28 trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
29 }
30 }
31
32 /**
33 * @param array $attr
34 * @param HTMLPurifier_Config $config
35 * @param HTMLPurifier_Context $context
36 * @return array
37 */
38 public function transform($attr, $config, $context)
39 {
40 if (!isset($attr[$this->attr])) {
41 return $attr;
42 }
43
44 $width = $this->confiscateAttr($attr, $this->attr);
45 // some validation could happen here
46
47 if (!isset($this->css[$this->attr])) {
48 return $attr;
49 }
50
51 $style = '';
52 foreach ($this->css[$this->attr] as $suffix) {
53 $property = "margin-$suffix";
54 $style .= "$property:{$width}px;";
55 }
56 $this->prependCSS($attr, $style);
57 return $attr;
58 }
59}
60
61// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
new file mode 100644
index 00000000..17a2ce4c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Performs miscellaneous cross attribute validation and filtering for
5 * input elements. This is meant to be a post-transform.
6 */
7class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform
8{
9 /**
10 * @type HTMLPurifier_AttrDef_HTML_Pixels
11 */
12 protected $pixels;
13
14 public function __construct()
15 {
16 $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
17 }
18
19 /**
20 * @param array $attr
21 * @param HTMLPurifier_Config $config
22 * @param HTMLPurifier_Context $context
23 * @return array
24 */
25 public function transform($attr, $config, $context)
26 {
27 if (!isset($attr['type'])) {
28 $t = 'text';
29 } else {
30 $t = strtolower($attr['type']);
31 }
32 if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
33 unset($attr['checked']);
34 }
35 if (isset($attr['maxlength']) && $t !== 'text' && $t !== 'password') {
36 unset($attr['maxlength']);
37 }
38 if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
39 $result = $this->pixels->validate($attr['size'], $config, $context);
40 if ($result === false) {
41 unset($attr['size']);
42 } else {
43 $attr['size'] = $result;
44 }
45 }
46 if (isset($attr['src']) && $t !== 'image') {
47 unset($attr['src']);
48 }
49 if (!isset($attr['value']) && ($t === 'radio' || $t === 'checkbox')) {
50 $attr['value'] = '';
51 }
52 return $attr;
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
new file mode 100644
index 00000000..591b8ca7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
@@ -0,0 +1,31 @@
1<?php
2
3/**
4 * Post-transform that copies lang's value to xml:lang (and vice-versa)
5 * @note Theoretically speaking, this could be a pre-transform, but putting
6 * post is more efficient.
7 */
8class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
9{
10
11 /**
12 * @param array $attr
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return array
16 */
17 public function transform($attr, $config, $context)
18 {
19 $lang = isset($attr['lang']) ? $attr['lang'] : false;
20 $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
21
22 if ($lang !== false && $xml_lang === false) {
23 $attr['xml:lang'] = $lang;
24 } elseif ($xml_lang !== false) {
25 $attr['lang'] = $xml_lang;
26 }
27 return $attr;
28 }
29}
30
31// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
new file mode 100644
index 00000000..c4bfd976
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
@@ -0,0 +1,45 @@
1<?php
2
3/**
4 * Class for handling width/height length attribute transformations to CSS
5 */
6class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
7{
8
9 /**
10 * @type string
11 */
12 protected $name;
13
14 /**
15 * @type string
16 */
17 protected $cssName;
18
19 public function __construct($name, $css_name = null)
20 {
21 $this->name = $name;
22 $this->cssName = $css_name ? $css_name : $name;
23 }
24
25 /**
26 * @param array $attr
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return array
30 */
31 public function transform($attr, $config, $context)
32 {
33 if (!isset($attr[$this->name])) {
34 return $attr;
35 }
36 $length = $this->confiscateAttr($attr, $this->name);
37 if (ctype_digit($length)) {
38 $length .= 'px';
39 }
40 $this->prependCSS($attr, $this->cssName . ":$length;");
41 return $attr;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
new file mode 100644
index 00000000..a874d0f7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
@@ -0,0 +1,33 @@
1<?php
2
3/**
4 * Pre-transform that changes deprecated name attribute to ID if necessary
5 */
6class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
7{
8
9 /**
10 * @param array $attr
11 * @param HTMLPurifier_Config $config
12 * @param HTMLPurifier_Context $context
13 * @return array
14 */
15 public function transform($attr, $config, $context)
16 {
17 // Abort early if we're using relaxed definition of name
18 if ($config->get('HTML.Attr.Name.UseCDATA')) {
19 return $attr;
20 }
21 if (!isset($attr['name'])) {
22 return $attr;
23 }
24 $id = $this->confiscateAttr($attr, 'name');
25 if (isset($attr['id'])) {
26 return $attr;
27 }
28 $attr['id'] = $id;
29 return $attr;
30 }
31}
32
33// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
new file mode 100644
index 00000000..457f8110
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
@@ -0,0 +1,41 @@
1<?php
2
3/**
4 * Post-transform that performs validation to the name attribute; if
5 * it is present with an equivalent id attribute, it is passed through;
6 * otherwise validation is performed.
7 */
8class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
9{
10
11 public function __construct()
12 {
13 $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
14 }
15
16 /**
17 * @param array $attr
18 * @param HTMLPurifier_Config $config
19 * @param HTMLPurifier_Context $context
20 * @return array
21 */
22 public function transform($attr, $config, $context)
23 {
24 if (!isset($attr['name'])) {
25 return $attr;
26 }
27 $name = $attr['name'];
28 if (isset($attr['id']) && $attr['id'] === $name) {
29 return $attr;
30 }
31 $result = $this->idDef->validate($name, $config, $context);
32 if ($result === false) {
33 unset($attr['name']);
34 } else {
35 $attr['name'] = $result;
36 }
37 return $attr;
38 }
39}
40
41// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
new file mode 100644
index 00000000..25173c21
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
@@ -0,0 +1,52 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Adds rel="nofollow" to all outbound links. This transform is
7 * only attached if Attr.Nofollow is TRUE.
8 */
9class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
10{
11 /**
12 * @type HTMLPurifier_URIParser
13 */
14 private $parser;
15
16 public function __construct()
17 {
18 $this->parser = new HTMLPurifier_URIParser();
19 }
20
21 /**
22 * @param array $attr
23 * @param HTMLPurifier_Config $config
24 * @param HTMLPurifier_Context $context
25 * @return array
26 */
27 public function transform($attr, $config, $context)
28 {
29 if (!isset($attr['href'])) {
30 return $attr;
31 }
32
33 // XXX Kind of inefficient
34 $url = $this->parser->parse($attr['href']);
35 $scheme = $url->getSchemeObj($config, $context);
36
37 if ($scheme->browsable && !$url->isLocal($config, $context)) {
38 if (isset($attr['rel'])) {
39 $rels = explode(' ', $attr['rel']);
40 if (!in_array('nofollow', $rels)) {
41 $rels[] = 'nofollow';
42 }
43 $attr['rel'] = implode(' ', $rels);
44 } else {
45 $attr['rel'] = 'nofollow';
46 }
47 }
48 return $attr;
49 }
50}
51
52// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
new file mode 100644
index 00000000..98ebf49b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
@@ -0,0 +1,25 @@
1<?php
2
3class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
4{
5 /**
6 * @type string
7 */
8 public $name = "SafeEmbed";
9
10 /**
11 * @param array $attr
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return array
15 */
16 public function transform($attr, $config, $context)
17 {
18 $attr['allowscriptaccess'] = 'never';
19 $attr['allownetworking'] = 'internal';
20 $attr['type'] = 'application/x-shockwave-flash';
21 return $attr;
22 }
23}
24
25// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
new file mode 100644
index 00000000..b71a8f9a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * Writes default type for all objects. Currently only supports flash.
5 */
6class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @type string
10 */
11 public $name = "SafeObject";
12
13 /**
14 * @param array $attr
15 * @param HTMLPurifier_Config $config
16 * @param HTMLPurifier_Context $context
17 * @return array
18 */
19 public function transform($attr, $config, $context)
20 {
21 if (!isset($attr['type'])) {
22 $attr['type'] = 'application/x-shockwave-flash';
23 }
24 return $attr;
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
new file mode 100644
index 00000000..20664414
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
@@ -0,0 +1,79 @@
1<?php
2
3/**
4 * Validates name/value pairs in param tags to be used in safe objects. This
5 * will only allow name values it recognizes, and pre-fill certain attributes
6 * with required values.
7 *
8 * @note
9 * This class only supports Flash. In the future, Quicktime support
10 * may be added.
11 *
12 * @warning
13 * This class expects an injector to add the necessary parameters tags.
14 */
15class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
16{
17 /**
18 * @type string
19 */
20 public $name = "SafeParam";
21
22 /**
23 * @type HTMLPurifier_AttrDef_URI
24 */
25 private $uri;
26
27 public function __construct()
28 {
29 $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
30 $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
31 }
32
33 /**
34 * @param array $attr
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return array
38 */
39 public function transform($attr, $config, $context)
40 {
41 // If we add support for other objects, we'll need to alter the
42 // transforms.
43 switch ($attr['name']) {
44 // application/x-shockwave-flash
45 // Keep this synchronized with Injector/SafeObject.php
46 case 'allowScriptAccess':
47 $attr['value'] = 'never';
48 break;
49 case 'allowNetworking':
50 $attr['value'] = 'internal';
51 break;
52 case 'allowFullScreen':
53 if ($config->get('HTML.FlashAllowFullScreen')) {
54 $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
55 } else {
56 $attr['value'] = 'false';
57 }
58 break;
59 case 'wmode':
60 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
61 break;
62 case 'movie':
63 case 'src':
64 $attr['name'] = "movie";
65 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
66 break;
67 case 'flashvars':
68 // we're going to allow arbitrary inputs to the SWF, on
69 // the reasoning that it could only hack the SWF, not us.
70 break;
71 // add other cases to support other param name/value pairs
72 default:
73 $attr['name'] = $attr['value'] = null;
74 }
75 return $attr;
76 }
77}
78
79// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
new file mode 100644
index 00000000..49445b43
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
@@ -0,0 +1,23 @@
1<?php
2
3/**
4 * Implements required attribute stipulation for <script>
5 */
6class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 if (!isset($attr['type'])) {
17 $attr['type'] = 'text/javascript';
18 }
19 return $attr;
20 }
21}
22
23// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
new file mode 100644
index 00000000..f66dcf8c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/TargetBlank.php
@@ -0,0 +1,45 @@
1<?php
2
3// must be called POST validation
4
5/**
6 * Adds target="blank" to all outbound links. This transform is
7 * only attached if Attr.TargetBlank is TRUE. This works regardless
8 * of whether or not Attr.AllowedFrameTargets
9 */
10class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
11{
12 /**
13 * @type HTMLPurifier_URIParser
14 */
15 private $parser;
16
17 public function __construct()
18 {
19 $this->parser = new HTMLPurifier_URIParser();
20 }
21
22 /**
23 * @param array $attr
24 * @param HTMLPurifier_Config $config
25 * @param HTMLPurifier_Context $context
26 * @return array
27 */
28 public function transform($attr, $config, $context)
29 {
30 if (!isset($attr['href'])) {
31 return $attr;
32 }
33
34 // XXX Kind of inefficient
35 $url = $this->parser->parse($attr['href']);
36 $scheme = $url->getSchemeObj($config, $context);
37
38 if ($scheme->browsable && !$url->isBenign($config, $context)) {
39 $attr['target'] = '_blank';
40 }
41 return $attr;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
new file mode 100644
index 00000000..182fdda7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
@@ -0,0 +1,27 @@
1<?php
2
3/**
4 * Sets height/width defaults for <textarea>
5 */
6class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
7{
8 /**
9 * @param array $attr
10 * @param HTMLPurifier_Config $config
11 * @param HTMLPurifier_Context $context
12 * @return array
13 */
14 public function transform($attr, $config, $context)
15 {
16 // Calculated from Firefox
17 if (!isset($attr['cols'])) {
18 $attr['cols'] = '22';
19 }
20 if (!isset($attr['rows'])) {
21 $attr['rows'] = '3';
22 }
23 return $attr;
24 }
25}
26
27// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTypes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTypes.php
new file mode 100644
index 00000000..7e8019bd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTypes.php
@@ -0,0 +1,96 @@
1<?php
2
3/**
4 * Provides lookup array of attribute types to HTMLPurifier_AttrDef objects
5 */
6class HTMLPurifier_AttrTypes
7{
8 /**
9 * Lookup array of attribute string identifiers to concrete implementations.
10 * @type HTMLPurifier_AttrDef[]
11 */
12 protected $info = array();
13
14 /**
15 * Constructs the info array, supplying default implementations for attribute
16 * types.
17 */
18 public function __construct()
19 {
20 // XXX This is kind of poor, since we don't actually /clone/
21 // instances; instead, we use the supplied make() attribute. So,
22 // the underlying class must know how to deal with arguments.
23 // With the old implementation of Enum, that ignored its
24 // arguments when handling a make dispatch, the IAlign
25 // definition wouldn't work.
26
27 // pseudo-types, must be instantiated via shorthand
28 $this->info['Enum'] = new HTMLPurifier_AttrDef_Enum();
29 $this->info['Bool'] = new HTMLPurifier_AttrDef_HTML_Bool();
30
31 $this->info['CDATA'] = new HTMLPurifier_AttrDef_Text();
32 $this->info['ID'] = new HTMLPurifier_AttrDef_HTML_ID();
33 $this->info['Length'] = new HTMLPurifier_AttrDef_HTML_Length();
34 $this->info['MultiLength'] = new HTMLPurifier_AttrDef_HTML_MultiLength();
35 $this->info['NMTOKENS'] = new HTMLPurifier_AttrDef_HTML_Nmtokens();
36 $this->info['Pixels'] = new HTMLPurifier_AttrDef_HTML_Pixels();
37 $this->info['Text'] = new HTMLPurifier_AttrDef_Text();
38 $this->info['URI'] = new HTMLPurifier_AttrDef_URI();
39 $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
40 $this->info['Color'] = new HTMLPurifier_AttrDef_HTML_Color();
41 $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right');
42 $this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
43 $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
44
45 // unimplemented aliases
46 $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
47 $this->info['ContentTypes'] = new HTMLPurifier_AttrDef_Text();
48 $this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
49 $this->info['Character'] = new HTMLPurifier_AttrDef_Text();
50
51 // "proprietary" types
52 $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
53
54 // number is really a positive integer (one or more digits)
55 // FIXME: ^^ not always, see start and value of list items
56 $this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
57 }
58
59 private static function makeEnum($in)
60 {
61 return new HTMLPurifier_AttrDef_Clone(new HTMLPurifier_AttrDef_Enum(explode(',', $in)));
62 }
63
64 /**
65 * Retrieves a type
66 * @param string $type String type name
67 * @return HTMLPurifier_AttrDef Object AttrDef for type
68 */
69 public function get($type)
70 {
71 // determine if there is any extra info tacked on
72 if (strpos($type, '#') !== false) {
73 list($type, $string) = explode('#', $type, 2);
74 } else {
75 $string = '';
76 }
77
78 if (!isset($this->info[$type])) {
79 trigger_error('Cannot retrieve undefined attribute type ' . $type, E_USER_ERROR);
80 return;
81 }
82 return $this->info[$type]->make($string);
83 }
84
85 /**
86 * Sets a new implementation for a type
87 * @param string $type String type name
88 * @param HTMLPurifier_AttrDef $impl Object AttrDef for type
89 */
90 public function set($type, $impl)
91 {
92 $this->info[$type] = $impl;
93 }
94}
95
96// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
new file mode 100644
index 00000000..1a2b0b67
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php
@@ -0,0 +1,178 @@
1<?php
2
3/**
4 * Validates the attributes of a token. Doesn't manage required attributes
5 * very well. The only reason we factored this out was because RemoveForeignElements
6 * also needed it besides ValidateAttributes.
7 */
8class HTMLPurifier_AttrValidator
9{
10
11 /**
12 * Validates the attributes of a token, mutating it as necessary.
13 * that has valid tokens
14 * @param HTMLPurifier_Token $token Token to validate.
15 * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
16 * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
17 */
18 public function validateToken($token, $config, $context)
19 {
20 $definition = $config->getHTMLDefinition();
21 $e =& $context->get('ErrorCollector', true);
22
23 // initialize IDAccumulator if necessary
24 $ok =& $context->get('IDAccumulator', true);
25 if (!$ok) {
26 $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
27 $context->register('IDAccumulator', $id_accumulator);
28 }
29
30 // initialize CurrentToken if necessary
31 $current_token =& $context->get('CurrentToken', true);
32 if (!$current_token) {
33 $context->register('CurrentToken', $token);
34 }
35
36 if (!$token instanceof HTMLPurifier_Token_Start &&
37 !$token instanceof HTMLPurifier_Token_Empty
38 ) {
39 return;
40 }
41
42 // create alias to global definition array, see also $defs
43 // DEFINITION CALL
44 $d_defs = $definition->info_global_attr;
45
46 // don't update token until the very end, to ensure an atomic update
47 $attr = $token->attr;
48
49 // do global transformations (pre)
50 // nothing currently utilizes this
51 foreach ($definition->info_attr_transform_pre as $transform) {
52 $attr = $transform->transform($o = $attr, $config, $context);
53 if ($e) {
54 if ($attr != $o) {
55 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
56 }
57 }
58 }
59
60 // do local transformations only applicable to this element (pre)
61 // ex. <p align="right"> to <p style="text-align:right;">
62 foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
63 $attr = $transform->transform($o = $attr, $config, $context);
64 if ($e) {
65 if ($attr != $o) {
66 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
67 }
68 }
69 }
70
71 // create alias to this element's attribute definition array, see
72 // also $d_defs (global attribute definition array)
73 // DEFINITION CALL
74 $defs = $definition->info[$token->name]->attr;
75
76 $attr_key = false;
77 $context->register('CurrentAttr', $attr_key);
78
79 // iterate through all the attribute keypairs
80 // Watch out for name collisions: $key has previously been used
81 foreach ($attr as $attr_key => $value) {
82
83 // call the definition
84 if (isset($defs[$attr_key])) {
85 // there is a local definition defined
86 if ($defs[$attr_key] === false) {
87 // We've explicitly been told not to allow this element.
88 // This is usually when there's a global definition
89 // that must be overridden.
90 // Theoretically speaking, we could have a
91 // AttrDef_DenyAll, but this is faster!
92 $result = false;
93 } else {
94 // validate according to the element's definition
95 $result = $defs[$attr_key]->validate(
96 $value,
97 $config,
98 $context
99 );
100 }
101 } elseif (isset($d_defs[$attr_key])) {
102 // there is a global definition defined, validate according
103 // to the global definition
104 $result = $d_defs[$attr_key]->validate(
105 $value,
106 $config,
107 $context
108 );
109 } else {
110 // system never heard of the attribute? DELETE!
111 $result = false;
112 }
113
114 // put the results into effect
115 if ($result === false || $result === null) {
116 // this is a generic error message that should replaced
117 // with more specific ones when possible
118 if ($e) {
119 $e->send(E_ERROR, 'AttrValidator: Attribute removed');
120 }
121
122 // remove the attribute
123 unset($attr[$attr_key]);
124 } elseif (is_string($result)) {
125 // generally, if a substitution is happening, there
126 // was some sort of implicit correction going on. We'll
127 // delegate it to the attribute classes to say exactly what.
128
129 // simple substitution
130 $attr[$attr_key] = $result;
131 } else {
132 // nothing happens
133 }
134
135 // we'd also want slightly more complicated substitution
136 // involving an array as the return value,
137 // although we're not sure how colliding attributes would
138 // resolve (certain ones would be completely overriden,
139 // others would prepend themselves).
140 }
141
142 $context->destroy('CurrentAttr');
143
144 // post transforms
145
146 // global (error reporting untested)
147 foreach ($definition->info_attr_transform_post as $transform) {
148 $attr = $transform->transform($o = $attr, $config, $context);
149 if ($e) {
150 if ($attr != $o) {
151 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
152 }
153 }
154 }
155
156 // local (error reporting untested)
157 foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
158 $attr = $transform->transform($o = $attr, $config, $context);
159 if ($e) {
160 if ($attr != $o) {
161 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
162 }
163 }
164 }
165
166 $token->attr = $attr;
167
168 // destroy CurrentToken if we made it ourselves
169 if (!$current_token) {
170 $context->destroy('CurrentToken');
171 }
172
173 }
174
175
176}
177
178// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Bootstrap.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Bootstrap.php
new file mode 100644
index 00000000..0ab0e341
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Bootstrap.php
@@ -0,0 +1,124 @@
1<?php
2
3// constants are slow, so we use as few as possible
4if (!defined('HTMLPURIFIER_PREFIX')) {
5 define('HTMLPURIFIER_PREFIX', realpath(dirname(__FILE__) . '/..'));
6}
7
8// accomodations for versions earlier than 5.0.2
9// borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
10if (!defined('PHP_EOL')) {
11 switch (strtoupper(substr(PHP_OS, 0, 3))) {
12 case 'WIN':
13 define('PHP_EOL', "\r\n");
14 break;
15 case 'DAR':
16 define('PHP_EOL', "\r");
17 break;
18 default:
19 define('PHP_EOL', "\n");
20 }
21}
22
23/**
24 * Bootstrap class that contains meta-functionality for HTML Purifier such as
25 * the autoload function.
26 *
27 * @note
28 * This class may be used without any other files from HTML Purifier.
29 */
30class HTMLPurifier_Bootstrap
31{
32
33 /**
34 * Autoload function for HTML Purifier
35 * @param string $class Class to load
36 * @return bool
37 */
38 public static function autoload($class)
39 {
40 $file = HTMLPurifier_Bootstrap::getPath($class);
41 if (!$file) {
42 return false;
43 }
44 // Technically speaking, it should be ok and more efficient to
45 // just do 'require', but Antonio Parraga reports that with
46 // Zend extensions such as Zend debugger and APC, this invariant
47 // may be broken. Since we have efficient alternatives, pay
48 // the cost here and avoid the bug.
49 require_once HTMLPURIFIER_PREFIX . '/' . $file;
50 return true;
51 }
52
53 /**
54 * Returns the path for a specific class.
55 * @param string $class Class path to get
56 * @return string
57 */
58 public static function getPath($class)
59 {
60 if (strncmp('HTMLPurifier', $class, 12) !== 0) {
61 return false;
62 }
63 // Custom implementations
64 if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
65 $code = str_replace('_', '-', substr($class, 22));
66 $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
67 } else {
68 $file = str_replace('_', '/', $class) . '.php';
69 }
70 if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) {
71 return false;
72 }
73 return $file;
74 }
75
76 /**
77 * "Pre-registers" our autoloader on the SPL stack.
78 */
79 public static function registerAutoload()
80 {
81 $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
82 if (($funcs = spl_autoload_functions()) === false) {
83 spl_autoload_register($autoload);
84 } elseif (function_exists('spl_autoload_unregister')) {
85 if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
86 // prepend flag exists, no need for shenanigans
87 spl_autoload_register($autoload, true, true);
88 } else {
89 $buggy = version_compare(PHP_VERSION, '5.2.11', '<');
90 $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
91 version_compare(PHP_VERSION, '5.1.0', '>=');
92 foreach ($funcs as $func) {
93 if ($buggy && is_array($func)) {
94 // :TRICKY: There are some compatibility issues and some
95 // places where we need to error out
96 $reflector = new ReflectionMethod($func[0], $func[1]);
97 if (!$reflector->isStatic()) {
98 throw new Exception(
99 'HTML Purifier autoloader registrar is not compatible
100 with non-static object methods due to PHP Bug #44144;
101 Please do not use HTMLPurifier.autoload.php (or any
102 file that includes this file); instead, place the code:
103 spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
104 after your own autoloaders.'
105 );
106 }
107 // Suprisingly, spl_autoload_register supports the
108 // Class::staticMethod callback format, although call_user_func doesn't
109 if ($compat) {
110 $func = implode('::', $func);
111 }
112 }
113 spl_autoload_unregister($func);
114 }
115 spl_autoload_register($autoload);
116 foreach ($funcs as $func) {
117 spl_autoload_register($func);
118 }
119 }
120 }
121 }
122}
123
124// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/CSSDefinition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/CSSDefinition.php
new file mode 100644
index 00000000..18b05f3e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/CSSDefinition.php
@@ -0,0 +1,474 @@
1<?php
2
3/**
4 * Defines allowed CSS attributes and what their values are.
5 * @see HTMLPurifier_HTMLDefinition
6 */
7class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
8{
9
10 public $type = 'CSS';
11
12 /**
13 * Assoc array of attribute name to definition object.
14 * @type HTMLPurifier_AttrDef[]
15 */
16 public $info = array();
17
18 /**
19 * Constructs the info array. The meat of this class.
20 * @param HTMLPurifier_Config $config
21 */
22 protected function doSetup($config)
23 {
24 $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
25 array('left', 'right', 'center', 'justify'),
26 false
27 );
28
29 $border_style =
30 $this->info['border-bottom-style'] =
31 $this->info['border-right-style'] =
32 $this->info['border-left-style'] =
33 $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
34 array(
35 'none',
36 'hidden',
37 'dotted',
38 'dashed',
39 'solid',
40 'double',
41 'groove',
42 'ridge',
43 'inset',
44 'outset'
45 ),
46 false
47 );
48
49 $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
50
51 $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
52 array('none', 'left', 'right', 'both'),
53 false
54 );
55 $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
56 array('none', 'left', 'right'),
57 false
58 );
59 $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
60 array('normal', 'italic', 'oblique'),
61 false
62 );
63 $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
64 array('normal', 'small-caps'),
65 false
66 );
67
68 $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
69 array(
70 new HTMLPurifier_AttrDef_Enum(array('none')),
71 new HTMLPurifier_AttrDef_CSS_URI()
72 )
73 );
74
75 $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
76 array('inside', 'outside'),
77 false
78 );
79 $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
80 array(
81 'disc',
82 'circle',
83 'square',
84 'decimal',
85 'lower-roman',
86 'upper-roman',
87 'lower-alpha',
88 'upper-alpha',
89 'none'
90 ),
91 false
92 );
93 $this->info['list-style-image'] = $uri_or_none;
94
95 $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
96
97 $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
98 array('capitalize', 'uppercase', 'lowercase', 'none'),
99 false
100 );
101 $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
102
103 $this->info['background-image'] = $uri_or_none;
104 $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
105 array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
106 );
107 $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
108 array('scroll', 'fixed')
109 );
110 $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
111
112 $border_color =
113 $this->info['border-top-color'] =
114 $this->info['border-bottom-color'] =
115 $this->info['border-left-color'] =
116 $this->info['border-right-color'] =
117 $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(
118 array(
119 new HTMLPurifier_AttrDef_Enum(array('transparent')),
120 new HTMLPurifier_AttrDef_CSS_Color()
121 )
122 );
123
124 $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
125
126 $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
127
128 $border_width =
129 $this->info['border-top-width'] =
130 $this->info['border-bottom-width'] =
131 $this->info['border-left-width'] =
132 $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(
133 array(
134 new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
135 new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
136 )
137 );
138
139 $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
140
141 $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
142 array(
143 new HTMLPurifier_AttrDef_Enum(array('normal')),
144 new HTMLPurifier_AttrDef_CSS_Length()
145 )
146 );
147
148 $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
149 array(
150 new HTMLPurifier_AttrDef_Enum(array('normal')),
151 new HTMLPurifier_AttrDef_CSS_Length()
152 )
153 );
154
155 $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
156 array(
157 new HTMLPurifier_AttrDef_Enum(
158 array(
159 'xx-small',
160 'x-small',
161 'small',
162 'medium',
163 'large',
164 'x-large',
165 'xx-large',
166 'larger',
167 'smaller'
168 )
169 ),
170 new HTMLPurifier_AttrDef_CSS_Percentage(),
171 new HTMLPurifier_AttrDef_CSS_Length()
172 )
173 );
174
175 $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(
176 array(
177 new HTMLPurifier_AttrDef_Enum(array('normal')),
178 new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
179 new HTMLPurifier_AttrDef_CSS_Length('0'),
180 new HTMLPurifier_AttrDef_CSS_Percentage(true)
181 )
182 );
183
184 $margin =
185 $this->info['margin-top'] =
186 $this->info['margin-bottom'] =
187 $this->info['margin-left'] =
188 $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
189 array(
190 new HTMLPurifier_AttrDef_CSS_Length(),
191 new HTMLPurifier_AttrDef_CSS_Percentage(),
192 new HTMLPurifier_AttrDef_Enum(array('auto'))
193 )
194 );
195
196 $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
197
198 // non-negative
199 $padding =
200 $this->info['padding-top'] =
201 $this->info['padding-bottom'] =
202 $this->info['padding-left'] =
203 $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
204 array(
205 new HTMLPurifier_AttrDef_CSS_Length('0'),
206 new HTMLPurifier_AttrDef_CSS_Percentage(true)
207 )
208 );
209
210 $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
211
212 $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(
213 array(
214 new HTMLPurifier_AttrDef_CSS_Length(),
215 new HTMLPurifier_AttrDef_CSS_Percentage()
216 )
217 );
218
219 $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(
220 array(
221 new HTMLPurifier_AttrDef_CSS_Length('0'),
222 new HTMLPurifier_AttrDef_CSS_Percentage(true),
223 new HTMLPurifier_AttrDef_Enum(array('auto'))
224 )
225 );
226 $max = $config->get('CSS.MaxImgLength');
227
228 $this->info['width'] =
229 $this->info['height'] =
230 $max === null ?
231 $trusted_wh :
232 new HTMLPurifier_AttrDef_Switch(
233 'img',
234 // For img tags:
235 new HTMLPurifier_AttrDef_CSS_Composite(
236 array(
237 new HTMLPurifier_AttrDef_CSS_Length('0', $max),
238 new HTMLPurifier_AttrDef_Enum(array('auto'))
239 )
240 ),
241 // For everyone else:
242 $trusted_wh
243 );
244
245 $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
246
247 $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
248
249 // this could use specialized code
250 $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
251 array(
252 'normal',
253 'bold',
254 'bolder',
255 'lighter',
256 '100',
257 '200',
258 '300',
259 '400',
260 '500',
261 '600',
262 '700',
263 '800',
264 '900'
265 ),
266 false
267 );
268
269 // MUST be called after other font properties, as it references
270 // a CSSDefinition object
271 $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
272
273 // same here
274 $this->info['border'] =
275 $this->info['border-bottom'] =
276 $this->info['border-top'] =
277 $this->info['border-left'] =
278 $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
279
280 $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(
281 array('collapse', 'separate')
282 );
283
284 $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(
285 array('top', 'bottom')
286 );
287
288 $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(
289 array('auto', 'fixed')
290 );
291
292 $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(
293 array(
294 new HTMLPurifier_AttrDef_Enum(
295 array(
296 'baseline',
297 'sub',
298 'super',
299 'top',
300 'text-top',
301 'middle',
302 'bottom',
303 'text-bottom'
304 )
305 ),
306 new HTMLPurifier_AttrDef_CSS_Length(),
307 new HTMLPurifier_AttrDef_CSS_Percentage()
308 )
309 );
310
311 $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
312
313 // These CSS properties don't work on many browsers, but we live
314 // in THE FUTURE!
315 $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(
316 array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')
317 );
318
319 if ($config->get('CSS.Proprietary')) {
320 $this->doSetupProprietary($config);
321 }
322
323 if ($config->get('CSS.AllowTricky')) {
324 $this->doSetupTricky($config);
325 }
326
327 if ($config->get('CSS.Trusted')) {
328 $this->doSetupTrusted($config);
329 }
330
331 $allow_important = $config->get('CSS.AllowImportant');
332 // wrap all attr-defs with decorator that handles !important
333 foreach ($this->info as $k => $v) {
334 $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
335 }
336
337 $this->setupConfigStuff($config);
338 }
339
340 /**
341 * @param HTMLPurifier_Config $config
342 */
343 protected function doSetupProprietary($config)
344 {
345 // Internet Explorer only scrollbar colors
346 $this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
347 $this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color();
348 $this->info['scrollbar-darkshadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
349 $this->info['scrollbar-face-color'] = new HTMLPurifier_AttrDef_CSS_Color();
350 $this->info['scrollbar-highlight-color'] = new HTMLPurifier_AttrDef_CSS_Color();
351 $this->info['scrollbar-shadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
352
353 // technically not proprietary, but CSS3, and no one supports it
354 $this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
355 $this->info['-moz-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
356 $this->info['-khtml-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
357
358 // only opacity, for now
359 $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
360
361 // more CSS3
362 $this->info['page-break-after'] =
363 $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(
364 array(
365 'auto',
366 'always',
367 'avoid',
368 'left',
369 'right'
370 )
371 );
372 $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid'));
373
374 }
375
376 /**
377 * @param HTMLPurifier_Config $config
378 */
379 protected function doSetupTricky($config)
380 {
381 $this->info['display'] = new HTMLPurifier_AttrDef_Enum(
382 array(
383 'inline',
384 'block',
385 'list-item',
386 'run-in',
387 'compact',
388 'marker',
389 'table',
390 'inline-block',
391 'inline-table',
392 'table-row-group',
393 'table-header-group',
394 'table-footer-group',
395 'table-row',
396 'table-column-group',
397 'table-column',
398 'table-cell',
399 'table-caption',
400 'none'
401 )
402 );
403 $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(
404 array('visible', 'hidden', 'collapse')
405 );
406 $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
407 }
408
409 /**
410 * @param HTMLPurifier_Config $config
411 */
412 protected function doSetupTrusted($config)
413 {
414 $this->info['position'] = new HTMLPurifier_AttrDef_Enum(
415 array('static', 'relative', 'absolute', 'fixed')
416 );
417 $this->info['top'] =
418 $this->info['left'] =
419 $this->info['right'] =
420 $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(
421 array(
422 new HTMLPurifier_AttrDef_CSS_Length(),
423 new HTMLPurifier_AttrDef_CSS_Percentage(),
424 new HTMLPurifier_AttrDef_Enum(array('auto')),
425 )
426 );
427 $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(
428 array(
429 new HTMLPurifier_AttrDef_Integer(),
430 new HTMLPurifier_AttrDef_Enum(array('auto')),
431 )
432 );
433 }
434
435 /**
436 * Performs extra config-based processing. Based off of
437 * HTMLPurifier_HTMLDefinition.
438 * @param HTMLPurifier_Config $config
439 * @todo Refactor duplicate elements into common class (probably using
440 * composition, not inheritance).
441 */
442 protected function setupConfigStuff($config)
443 {
444 // setup allowed elements
445 $support = "(for information on implementing this, see the " .
446 "support forums) ";
447 $allowed_properties = $config->get('CSS.AllowedProperties');
448 if ($allowed_properties !== null) {
449 foreach ($this->info as $name => $d) {
450 if (!isset($allowed_properties[$name])) {
451 unset($this->info[$name]);
452 }
453 unset($allowed_properties[$name]);
454 }
455 // emit errors
456 foreach ($allowed_properties as $name => $d) {
457 // :TODO: Is this htmlspecialchars() call really necessary?
458 $name = htmlspecialchars($name);
459 trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
460 }
461 }
462
463 $forbidden_properties = $config->get('CSS.ForbiddenProperties');
464 if ($forbidden_properties !== null) {
465 foreach ($this->info as $name => $d) {
466 if (isset($forbidden_properties[$name])) {
467 unset($this->info[$name]);
468 }
469 }
470 }
471 }
472}
473
474// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef.php
new file mode 100644
index 00000000..5d64cd41
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef.php
@@ -0,0 +1,52 @@
1<?php
2
3/**
4 * Defines allowed child nodes and validates nodes against it.
5 */
6abstract class HTMLPurifier_ChildDef
7{
8 /**
9 * Type of child definition, usually right-most part of class name lowercase.
10 * Used occasionally in terms of context.
11 * @type string
12 */
13 public $type;
14
15 /**
16 * Indicates whether or not an empty array of children is okay.
17 *
18 * This is necessary for redundant checking when changes affecting
19 * a child node may cause a parent node to now be disallowed.
20 * @type bool
21 */
22 public $allow_empty;
23
24 /**
25 * Lookup array of all elements that this definition could possibly allow.
26 * @type array
27 */
28 public $elements = array();
29
30 /**
31 * Get lookup of tag names that should not close this element automatically.
32 * All other elements will do so.
33 * @param HTMLPurifier_Config $config HTMLPurifier_Config object
34 * @return array
35 */
36 public function getAllowedElements($config)
37 {
38 return $this->elements;
39 }
40
41 /**
42 * Validates nodes according to definition and returns modification.
43 *
44 * @param HTMLPurifier_Node[] $children Array of HTMLPurifier_Node
45 * @param HTMLPurifier_Config $config HTMLPurifier_Config object
46 * @param HTMLPurifier_Context $context HTMLPurifier_Context object
47 * @return bool|array true to leave nodes as is, false to remove parent node, array of replacement children
48 */
49 abstract public function validateChildren($children, $config, $context);
50}
51
52// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
new file mode 100644
index 00000000..f6b2f22e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
@@ -0,0 +1,67 @@
1<?php
2
3/**
4 * Definition that uses different definitions depending on context.
5 *
6 * The del and ins tags are notable because they allow different types of
7 * elements depending on whether or not they're in a block or inline context.
8 * Chameleon allows this behavior to happen by using two different
9 * definitions depending on context. While this somewhat generalized,
10 * it is specifically intended for those two tags.
11 */
12class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
13{
14
15 /**
16 * Instance of the definition object to use when inline. Usually stricter.
17 * @type HTMLPurifier_ChildDef_Optional
18 */
19 public $inline;
20
21 /**
22 * Instance of the definition object to use when block.
23 * @type HTMLPurifier_ChildDef_Optional
24 */
25 public $block;
26
27 /**
28 * @type string
29 */
30 public $type = 'chameleon';
31
32 /**
33 * @param array $inline List of elements to allow when inline.
34 * @param array $block List of elements to allow when block.
35 */
36 public function __construct($inline, $block)
37 {
38 $this->inline = new HTMLPurifier_ChildDef_Optional($inline);
39 $this->block = new HTMLPurifier_ChildDef_Optional($block);
40 $this->elements = $this->block->elements;
41 }
42
43 /**
44 * @param HTMLPurifier_Node[] $children
45 * @param HTMLPurifier_Config $config
46 * @param HTMLPurifier_Context $context
47 * @return bool
48 */
49 public function validateChildren($children, $config, $context)
50 {
51 if ($context->get('IsInline') === false) {
52 return $this->block->validateChildren(
53 $children,
54 $config,
55 $context
56 );
57 } else {
58 return $this->inline->validateChildren(
59 $children,
60 $config,
61 $context
62 );
63 }
64 }
65}
66
67// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Custom.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
new file mode 100644
index 00000000..1047cd8e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
@@ -0,0 +1,102 @@
1<?php
2
3/**
4 * Custom validation class, accepts DTD child definitions
5 *
6 * @warning Currently this class is an all or nothing proposition, that is,
7 * it will only give a bool return value.
8 */
9class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
10{
11 /**
12 * @type string
13 */
14 public $type = 'custom';
15
16 /**
17 * @type bool
18 */
19 public $allow_empty = false;
20
21 /**
22 * Allowed child pattern as defined by the DTD.
23 * @type string
24 */
25 public $dtd_regex;
26
27 /**
28 * PCRE regex derived from $dtd_regex.
29 * @type string
30 */
31 private $_pcre_regex;
32
33 /**
34 * @param $dtd_regex Allowed child pattern from the DTD
35 */
36 public function __construct($dtd_regex)
37 {
38 $this->dtd_regex = $dtd_regex;
39 $this->_compileRegex();
40 }
41
42 /**
43 * Compiles the PCRE regex from a DTD regex ($dtd_regex to $_pcre_regex)
44 */
45 protected function _compileRegex()
46 {
47 $raw = str_replace(' ', '', $this->dtd_regex);
48 if ($raw{0} != '(') {
49 $raw = "($raw)";
50 }
51 $el = '[#a-zA-Z0-9_.-]+';
52 $reg = $raw;
53
54 // COMPLICATED! AND MIGHT BE BUGGY! I HAVE NO CLUE WHAT I'M
55 // DOING! Seriously: if there's problems, please report them.
56
57 // collect all elements into the $elements array
58 preg_match_all("/$el/", $reg, $matches);
59 foreach ($matches[0] as $match) {
60 $this->elements[$match] = true;
61 }
62
63 // setup all elements as parentheticals with leading commas
64 $reg = preg_replace("/$el/", '(,\\0)', $reg);
65
66 // remove commas when they were not solicited
67 $reg = preg_replace("/([^,(|]\(+),/", '\\1', $reg);
68
69 // remove all non-paranthetical commas: they are handled by first regex
70 $reg = preg_replace("/,\(/", '(', $reg);
71
72 $this->_pcre_regex = $reg;
73 }
74
75 /**
76 * @param HTMLPurifier_Node[] $children
77 * @param HTMLPurifier_Config $config
78 * @param HTMLPurifier_Context $context
79 * @return bool
80 */
81 public function validateChildren($children, $config, $context)
82 {
83 $list_of_children = '';
84 $nesting = 0; // depth into the nest
85 foreach ($children as $node) {
86 if (!empty($node->is_whitespace)) {
87 continue;
88 }
89 $list_of_children .= $node->name . ',';
90 }
91 // add leading comma to deal with stray comma declarations
92 $list_of_children = ',' . rtrim($list_of_children, ',');
93 $okay =
94 preg_match(
95 '/^,?' . $this->_pcre_regex . '$/',
96 $list_of_children
97 );
98 return (bool)$okay;
99 }
100}
101
102// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Empty.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
new file mode 100644
index 00000000..bbcde56e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
@@ -0,0 +1,38 @@
1<?php
2
3/**
4 * Definition that disallows all elements.
5 * @warning validateChildren() in this class is actually never called, because
6 * empty elements are corrected in HTMLPurifier_Strategy_MakeWellFormed
7 * before child definitions are parsed in earnest by
8 * HTMLPurifier_Strategy_FixNesting.
9 */
10class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
11{
12 /**
13 * @type bool
14 */
15 public $allow_empty = true;
16
17 /**
18 * @type string
19 */
20 public $type = 'empty';
21
22 public function __construct()
23 {
24 }
25
26 /**
27 * @param HTMLPurifier_Node[] $children
28 * @param HTMLPurifier_Config $config
29 * @param HTMLPurifier_Context $context
30 * @return array
31 */
32 public function validateChildren($children, $config, $context)
33 {
34 return array();
35 }
36}
37
38// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/List.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/List.php
new file mode 100644
index 00000000..5cd76a1a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/List.php
@@ -0,0 +1,86 @@
1<?php
2
3/**
4 * Definition for list containers ul and ol.
5 *
6 * What does this do? The big thing is to handle ol/ul at the top
7 * level of list nodes, which should be handled specially by /folding/
8 * them into the previous list node. We generally shouldn't ever
9 * see other disallowed elements, because the autoclose behavior
10 * in MakeWellFormed handles it.
11 */
12class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
13{
14 /**
15 * @type string
16 */
17 public $type = 'list';
18 /**
19 * @type array
20 */
21 // lying a little bit, so that we can handle ul and ol ourselves
22 // XXX: This whole business with 'wrap' is all a bit unsatisfactory
23 public $elements = array('li' => true, 'ul' => true, 'ol' => true);
24
25 /**
26 * @param array $children
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return array
30 */
31 public function validateChildren($children, $config, $context)
32 {
33 // Flag for subclasses
34 $this->whitespace = false;
35
36 // if there are no tokens, delete parent node
37 if (empty($children)) {
38 return false;
39 }
40
41 // the new set of children
42 $result = array();
43
44 // a little sanity check to make sure it's not ALL whitespace
45 $all_whitespace = true;
46
47 $current_li = false;
48
49 foreach ($children as $node) {
50 if (!empty($node->is_whitespace)) {
51 $result[] = $node;
52 continue;
53 }
54 $all_whitespace = false; // phew, we're not talking about whitespace
55
56 if ($node->name === 'li') {
57 // good
58 $current_li = $node;
59 $result[] = $node;
60 } else {
61 // we want to tuck this into the previous li
62 // Invariant: we expect the node to be ol/ul
63 // ToDo: Make this more robust in the case of not ol/ul
64 // by distinguishing between existing li and li created
65 // to handle non-list elements; non-list elements should
66 // not be appended to an existing li; only li created
67 // for non-list. This distinction is not currently made.
68 if ($current_li === false) {
69 $current_li = new HTMLPurifier_Node_Element('li');
70 $result[] = $current_li;
71 }
72 $current_li->children[] = $node;
73 $current_li->empty = false; // XXX fascinating! Check for this error elsewhere ToDo
74 }
75 }
76 if (empty($result)) {
77 return false;
78 }
79 if ($all_whitespace) {
80 return false;
81 }
82 return $result;
83 }
84}
85
86// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Optional.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
new file mode 100644
index 00000000..1db864d9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
@@ -0,0 +1,45 @@
1<?php
2
3/**
4 * Definition that allows a set of elements, and allows no children.
5 * @note This is a hack to reuse code from HTMLPurifier_ChildDef_Required,
6 * really, one shouldn't inherit from the other. Only altered behavior
7 * is to overload a returned false with an array. Thus, it will never
8 * return false.
9 */
10class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
11{
12 /**
13 * @type bool
14 */
15 public $allow_empty = true;
16
17 /**
18 * @type string
19 */
20 public $type = 'optional';
21
22 /**
23 * @param array $children
24 * @param HTMLPurifier_Config $config
25 * @param HTMLPurifier_Context $context
26 * @return array
27 */
28 public function validateChildren($children, $config, $context)
29 {
30 $result = parent::validateChildren($children, $config, $context);
31 // we assume that $children is not modified
32 if ($result === false) {
33 if (empty($children)) {
34 return true;
35 } elseif ($this->whitespace) {
36 return $children;
37 } else {
38 return array();
39 }
40 }
41 return $result;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Required.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Required.php
new file mode 100644
index 00000000..f6b8e8a2
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Required.php
@@ -0,0 +1,118 @@
1<?php
2
3/**
4 * Definition that allows a set of elements, but disallows empty children.
5 */
6class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
7{
8 /**
9 * Lookup table of allowed elements.
10 * @type array
11 */
12 public $elements = array();
13
14 /**
15 * Whether or not the last passed node was all whitespace.
16 * @type bool
17 */
18 protected $whitespace = false;
19
20 /**
21 * @param array|string $elements List of allowed element names (lowercase).
22 */
23 public function __construct($elements)
24 {
25 if (is_string($elements)) {
26 $elements = str_replace(' ', '', $elements);
27 $elements = explode('|', $elements);
28 }
29 $keys = array_keys($elements);
30 if ($keys == array_keys($keys)) {
31 $elements = array_flip($elements);
32 foreach ($elements as $i => $x) {
33 $elements[$i] = true;
34 if (empty($i)) {
35 unset($elements[$i]);
36 } // remove blank
37 }
38 }
39 $this->elements = $elements;
40 }
41
42 /**
43 * @type bool
44 */
45 public $allow_empty = false;
46
47 /**
48 * @type string
49 */
50 public $type = 'required';
51
52 /**
53 * @param array $children
54 * @param HTMLPurifier_Config $config
55 * @param HTMLPurifier_Context $context
56 * @return array
57 */
58 public function validateChildren($children, $config, $context)
59 {
60 // Flag for subclasses
61 $this->whitespace = false;
62
63 // if there are no tokens, delete parent node
64 if (empty($children)) {
65 return false;
66 }
67
68 // the new set of children
69 $result = array();
70
71 // whether or not parsed character data is allowed
72 // this controls whether or not we silently drop a tag
73 // or generate escaped HTML from it
74 $pcdata_allowed = isset($this->elements['#PCDATA']);
75
76 // a little sanity check to make sure it's not ALL whitespace
77 $all_whitespace = true;
78
79 $stack = array_reverse($children);
80 while (!empty($stack)) {
81 $node = array_pop($stack);
82 if (!empty($node->is_whitespace)) {
83 $result[] = $node;
84 continue;
85 }
86 $all_whitespace = false; // phew, we're not talking about whitespace
87
88 if (!isset($this->elements[$node->name])) {
89 // special case text
90 // XXX One of these ought to be redundant or something
91 if ($pcdata_allowed && $node instanceof HTMLPurifier_Node_Text) {
92 $result[] = $node;
93 continue;
94 }
95 // spill the child contents in
96 // ToDo: Make configurable
97 if ($node instanceof HTMLPurifier_Node_Element) {
98 for ($i = count($node->children) - 1; $i >= 0; $i--) {
99 $stack[] = $node->children[$i];
100 }
101 continue;
102 }
103 continue;
104 }
105 $result[] = $node;
106 }
107 if (empty($result)) {
108 return false;
109 }
110 if ($all_whitespace) {
111 $this->whitespace = true;
112 return false;
113 }
114 return $result;
115 }
116}
117
118// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php
new file mode 100644
index 00000000..38bf9533
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php
@@ -0,0 +1,110 @@
1<?php
2
3/**
4 * Takes the contents of blockquote when in strict and reformats for validation.
5 */
6class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Required
7{
8 /**
9 * @type array
10 */
11 protected $real_elements;
12
13 /**
14 * @type array
15 */
16 protected $fake_elements;
17
18 /**
19 * @type bool
20 */
21 public $allow_empty = true;
22
23 /**
24 * @type string
25 */
26 public $type = 'strictblockquote';
27
28 /**
29 * @type bool
30 */
31 protected $init = false;
32
33 /**
34 * @param HTMLPurifier_Config $config
35 * @return array
36 * @note We don't want MakeWellFormed to auto-close inline elements since
37 * they might be allowed.
38 */
39 public function getAllowedElements($config)
40 {
41 $this->init($config);
42 return $this->fake_elements;
43 }
44
45 /**
46 * @param array $children
47 * @param HTMLPurifier_Config $config
48 * @param HTMLPurifier_Context $context
49 * @return array
50 */
51 public function validateChildren($children, $config, $context)
52 {
53 $this->init($config);
54
55 // trick the parent class into thinking it allows more
56 $this->elements = $this->fake_elements;
57 $result = parent::validateChildren($children, $config, $context);
58 $this->elements = $this->real_elements;
59
60 if ($result === false) {
61 return array();
62 }
63 if ($result === true) {
64 $result = $children;
65 }
66
67 $def = $config->getHTMLDefinition();
68 $block_wrap_name = $def->info_block_wrapper;
69 $block_wrap = false;
70 $ret = array();
71
72 foreach ($result as $node) {
73 if ($block_wrap === false) {
74 if (($node instanceof HTMLPurifier_Node_Text && !$node->is_whitespace) ||
75 ($node instanceof HTMLPurifier_Node_Element && !isset($this->elements[$node->name]))) {
76 $block_wrap = new HTMLPurifier_Node_Element($def->info_block_wrapper);
77 $ret[] = $block_wrap;
78 }
79 } else {
80 if ($node instanceof HTMLPurifier_Node_Element && isset($this->elements[$node->name])) {
81 $block_wrap = false;
82
83 }
84 }
85 if ($block_wrap) {
86 $block_wrap->children[] = $node;
87 } else {
88 $ret[] = $node;
89 }
90 }
91 return $ret;
92 }
93
94 /**
95 * @param HTMLPurifier_Config $config
96 */
97 private function init($config)
98 {
99 if (!$this->init) {
100 $def = $config->getHTMLDefinition();
101 // allow all inline elements
102 $this->real_elements = $this->elements;
103 $this->fake_elements = $def->info_content_sets['Flow'];
104 $this->fake_elements['#PCDATA'] = true;
105 $this->init = true;
106 }
107 }
108}
109
110// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Table.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Table.php
new file mode 100644
index 00000000..0570c8b8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ChildDef/Table.php
@@ -0,0 +1,224 @@
1<?php
2
3/**
4 * Definition for tables. The general idea is to extract out all of the
5 * essential bits, and then reconstruct it later.
6 *
7 * This is a bit confusing, because the DTDs and the W3C
8 * validators seem to disagree on the appropriate definition. The
9 * DTD claims:
10 *
11 * (CAPTION?, (COL*|COLGROUP*), THEAD?, TFOOT?, TBODY+)
12 *
13 * But actually, the HTML4 spec then has this to say:
14 *
15 * The TBODY start tag is always required except when the table
16 * contains only one table body and no table head or foot sections.
17 * The TBODY end tag may always be safely omitted.
18 *
19 * So the DTD is kind of wrong. The validator is, unfortunately, kind
20 * of on crack.
21 *
22 * The definition changed again in XHTML1.1; and in my opinion, this
23 * formulation makes the most sense.
24 *
25 * caption?, ( col* | colgroup* ), (( thead?, tfoot?, tbody+ ) | ( tr+ ))
26 *
27 * Essentially, we have two modes: thead/tfoot/tbody mode, and tr mode.
28 * If we encounter a thead, tfoot or tbody, we are placed in the former
29 * mode, and we *must* wrap any stray tr segments with a tbody. But if
30 * we don't run into any of them, just have tr tags is OK.
31 */
32class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
33{
34 /**
35 * @type bool
36 */
37 public $allow_empty = false;
38
39 /**
40 * @type string
41 */
42 public $type = 'table';
43
44 /**
45 * @type array
46 */
47 public $elements = array(
48 'tr' => true,
49 'tbody' => true,
50 'thead' => true,
51 'tfoot' => true,
52 'caption' => true,
53 'colgroup' => true,
54 'col' => true
55 );
56
57 public function __construct()
58 {
59 }
60
61 /**
62 * @param array $children
63 * @param HTMLPurifier_Config $config
64 * @param HTMLPurifier_Context $context
65 * @return array
66 */
67 public function validateChildren($children, $config, $context)
68 {
69 if (empty($children)) {
70 return false;
71 }
72
73 // only one of these elements is allowed in a table
74 $caption = false;
75 $thead = false;
76 $tfoot = false;
77
78 // whitespace
79 $initial_ws = array();
80 $after_caption_ws = array();
81 $after_thead_ws = array();
82 $after_tfoot_ws = array();
83
84 // as many of these as you want
85 $cols = array();
86 $content = array();
87
88 $tbody_mode = false; // if true, then we need to wrap any stray
89 // <tr>s with a <tbody>.
90
91 $ws_accum =& $initial_ws;
92
93 foreach ($children as $node) {
94 if ($node instanceof HTMLPurifier_Node_Comment) {
95 $ws_accum[] = $node;
96 continue;
97 }
98 switch ($node->name) {
99 case 'tbody':
100 $tbody_mode = true;
101 // fall through
102 case 'tr':
103 $content[] = $node;
104 $ws_accum =& $content;
105 break;
106 case 'caption':
107 // there can only be one caption!
108 if ($caption !== false) break;
109 $caption = $node;
110 $ws_accum =& $after_caption_ws;
111 break;
112 case 'thead':
113 $tbody_mode = true;
114 // XXX This breaks rendering properties with
115 // Firefox, which never floats a <thead> to
116 // the top. Ever. (Our scheme will float the
117 // first <thead> to the top.) So maybe
118 // <thead>s that are not first should be
119 // turned into <tbody>? Very tricky, indeed.
120 if ($thead === false) {
121 $thead = $node;
122 $ws_accum =& $after_thead_ws;
123 } else {
124 // Oops, there's a second one! What
125 // should we do? Current behavior is to
126 // transmutate the first and last entries into
127 // tbody tags, and then put into content.
128 // Maybe a better idea is to *attach
129 // it* to the existing thead or tfoot?
130 // We don't do this, because Firefox
131 // doesn't float an extra tfoot to the
132 // bottom like it does for the first one.
133 $node->name = 'tbody';
134 $content[] = $node;
135 $ws_accum =& $content;
136 }
137 break;
138 case 'tfoot':
139 // see above for some aveats
140 $tbody_mode = true;
141 if ($tfoot === false) {
142 $tfoot = $node;
143 $ws_accum =& $after_tfoot_ws;
144 } else {
145 $node->name = 'tbody';
146 $content[] = $node;
147 $ws_accum =& $content;
148 }
149 break;
150 case 'colgroup':
151 case 'col':
152 $cols[] = $node;
153 $ws_accum =& $cols;
154 break;
155 case '#PCDATA':
156 // How is whitespace handled? We treat is as sticky to
157 // the *end* of the previous element. So all of the
158 // nonsense we have worked on is to keep things
159 // together.
160 if (!empty($node->is_whitespace)) {
161 $ws_accum[] = $node;
162 }
163 break;
164 }
165 }
166
167 if (empty($content)) {
168 return false;
169 }
170
171 $ret = $initial_ws;
172 if ($caption !== false) {
173 $ret[] = $caption;
174 $ret = array_merge($ret, $after_caption_ws);
175 }
176 if ($cols !== false) {
177 $ret = array_merge($ret, $cols);
178 }
179 if ($thead !== false) {
180 $ret[] = $thead;
181 $ret = array_merge($ret, $after_thead_ws);
182 }
183 if ($tfoot !== false) {
184 $ret[] = $tfoot;
185 $ret = array_merge($ret, $after_tfoot_ws);
186 }
187
188 if ($tbody_mode) {
189 // we have to shuffle tr into tbody
190 $current_tr_tbody = null;
191
192 foreach($content as $node) {
193 switch ($node->name) {
194 case 'tbody':
195 $current_tr_tbody = null;
196 $ret[] = $node;
197 break;
198 case 'tr':
199 if ($current_tr_tbody === null) {
200 $current_tr_tbody = new HTMLPurifier_Node_Element('tbody');
201 $ret[] = $current_tr_tbody;
202 }
203 $current_tr_tbody->children[] = $node;
204 break;
205 case '#PCDATA':
206 assert($node->is_whitespace);
207 if ($current_tr_tbody === null) {
208 $ret[] = $node;
209 } else {
210 $current_tr_tbody->children[] = $node;
211 }
212 break;
213 }
214 }
215 } else {
216 $ret = array_merge($ret, $content);
217 }
218
219 return $ret;
220
221 }
222}
223
224// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Config.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Config.php
new file mode 100644
index 00000000..a0ef546c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Config.php
@@ -0,0 +1,911 @@
1<?php
2
3/**
4 * Configuration object that triggers customizable behavior.
5 *
6 * @warning This class is strongly defined: that means that the class
7 * will fail if an undefined directive is retrieved or set.
8 *
9 * @note Many classes that could (although many times don't) use the
10 * configuration object make it a mandatory parameter. This is
11 * because a configuration object should always be forwarded,
12 * otherwise, you run the risk of missing a parameter and then
13 * being stumped when a configuration directive doesn't work.
14 *
15 * @todo Reconsider some of the public member variables
16 */
17class HTMLPurifier_Config
18{
19
20 /**
21 * HTML Purifier's version
22 * @type string
23 */
24 public $version = '4.6.0';
25
26 /**
27 * Whether or not to automatically finalize
28 * the object if a read operation is done.
29 * @type bool
30 */
31 public $autoFinalize = true;
32
33 // protected member variables
34
35 /**
36 * Namespace indexed array of serials for specific namespaces.
37 * @see getSerial() for more info.
38 * @type string[]
39 */
40 protected $serials = array();
41
42 /**
43 * Serial for entire configuration object.
44 * @type string
45 */
46 protected $serial;
47
48 /**
49 * Parser for variables.
50 * @type HTMLPurifier_VarParser_Flexible
51 */
52 protected $parser = null;
53
54 /**
55 * Reference HTMLPurifier_ConfigSchema for value checking.
56 * @type HTMLPurifier_ConfigSchema
57 * @note This is public for introspective purposes. Please don't
58 * abuse!
59 */
60 public $def;
61
62 /**
63 * Indexed array of definitions.
64 * @type HTMLPurifier_Definition[]
65 */
66 protected $definitions;
67
68 /**
69 * Whether or not config is finalized.
70 * @type bool
71 */
72 protected $finalized = false;
73
74 /**
75 * Property list containing configuration directives.
76 * @type array
77 */
78 protected $plist;
79
80 /**
81 * Whether or not a set is taking place due to an alias lookup.
82 * @type bool
83 */
84 private $aliasMode;
85
86 /**
87 * Set to false if you do not want line and file numbers in errors.
88 * (useful when unit testing). This will also compress some errors
89 * and exceptions.
90 * @type bool
91 */
92 public $chatty = true;
93
94 /**
95 * Current lock; only gets to this namespace are allowed.
96 * @type string
97 */
98 private $lock;
99
100 /**
101 * Constructor
102 * @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines
103 * what directives are allowed.
104 * @param HTMLPurifier_PropertyList $parent
105 */
106 public function __construct($definition, $parent = null)
107 {
108 $parent = $parent ? $parent : $definition->defaultPlist;
109 $this->plist = new HTMLPurifier_PropertyList($parent);
110 $this->def = $definition; // keep a copy around for checking
111 $this->parser = new HTMLPurifier_VarParser_Flexible();
112 }
113
114 /**
115 * Convenience constructor that creates a config object based on a mixed var
116 * @param mixed $config Variable that defines the state of the config
117 * object. Can be: a HTMLPurifier_Config() object,
118 * an array of directives based on loadArray(),
119 * or a string filename of an ini file.
120 * @param HTMLPurifier_ConfigSchema $schema Schema object
121 * @return HTMLPurifier_Config Configured object
122 */
123 public static function create($config, $schema = null)
124 {
125 if ($config instanceof HTMLPurifier_Config) {
126 // pass-through
127 return $config;
128 }
129 if (!$schema) {
130 $ret = HTMLPurifier_Config::createDefault();
131 } else {
132 $ret = new HTMLPurifier_Config($schema);
133 }
134 if (is_string($config)) {
135 $ret->loadIni($config);
136 } elseif (is_array($config)) $ret->loadArray($config);
137 return $ret;
138 }
139
140 /**
141 * Creates a new config object that inherits from a previous one.
142 * @param HTMLPurifier_Config $config Configuration object to inherit from.
143 * @return HTMLPurifier_Config object with $config as its parent.
144 */
145 public static function inherit(HTMLPurifier_Config $config)
146 {
147 return new HTMLPurifier_Config($config->def, $config->plist);
148 }
149
150 /**
151 * Convenience constructor that creates a default configuration object.
152 * @return HTMLPurifier_Config default object.
153 */
154 public static function createDefault()
155 {
156 $definition = HTMLPurifier_ConfigSchema::instance();
157 $config = new HTMLPurifier_Config($definition);
158 return $config;
159 }
160
161 /**
162 * Retrieves a value from the configuration.
163 *
164 * @param string $key String key
165 * @param mixed $a
166 *
167 * @return mixed
168 */
169 public function get($key, $a = null)
170 {
171 if ($a !== null) {
172 $this->triggerError(
173 "Using deprecated API: use \$config->get('$key.$a') instead",
174 E_USER_WARNING
175 );
176 $key = "$key.$a";
177 }
178 if (!$this->finalized) {
179 $this->autoFinalize();
180 }
181 if (!isset($this->def->info[$key])) {
182 // can't add % due to SimpleTest bug
183 $this->triggerError(
184 'Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
185 E_USER_WARNING
186 );
187 return;
188 }
189 if (isset($this->def->info[$key]->isAlias)) {
190 $d = $this->def->info[$key];
191 $this->triggerError(
192 'Cannot get value from aliased directive, use real name ' . $d->key,
193 E_USER_ERROR
194 );
195 return;
196 }
197 if ($this->lock) {
198 list($ns) = explode('.', $key);
199 if ($ns !== $this->lock) {
200 $this->triggerError(
201 'Cannot get value of namespace ' . $ns . ' when lock for ' .
202 $this->lock .
203 ' is active, this probably indicates a Definition setup method ' .
204 'is accessing directives that are not within its namespace',
205 E_USER_ERROR
206 );
207 return;
208 }
209 }
210 return $this->plist->get($key);
211 }
212
213 /**
214 * Retrieves an array of directives to values from a given namespace
215 *
216 * @param string $namespace String namespace
217 *
218 * @return array
219 */
220 public function getBatch($namespace)
221 {
222 if (!$this->finalized) {
223 $this->autoFinalize();
224 }
225 $full = $this->getAll();
226 if (!isset($full[$namespace])) {
227 $this->triggerError(
228 'Cannot retrieve undefined namespace ' .
229 htmlspecialchars($namespace),
230 E_USER_WARNING
231 );
232 return;
233 }
234 return $full[$namespace];
235 }
236
237 /**
238 * Returns a SHA-1 signature of a segment of the configuration object
239 * that uniquely identifies that particular configuration
240 *
241 * @param string $namespace Namespace to get serial for
242 *
243 * @return string
244 * @note Revision is handled specially and is removed from the batch
245 * before processing!
246 */
247 public function getBatchSerial($namespace)
248 {
249 if (empty($this->serials[$namespace])) {
250 $batch = $this->getBatch($namespace);
251 unset($batch['DefinitionRev']);
252 $this->serials[$namespace] = sha1(serialize($batch));
253 }
254 return $this->serials[$namespace];
255 }
256
257 /**
258 * Returns a SHA-1 signature for the entire configuration object
259 * that uniquely identifies that particular configuration
260 *
261 * @return string
262 */
263 public function getSerial()
264 {
265 if (empty($this->serial)) {
266 $this->serial = sha1(serialize($this->getAll()));
267 }
268 return $this->serial;
269 }
270
271 /**
272 * Retrieves all directives, organized by namespace
273 *
274 * @warning This is a pretty inefficient function, avoid if you can
275 */
276 public function getAll()
277 {
278 if (!$this->finalized) {
279 $this->autoFinalize();
280 }
281 $ret = array();
282 foreach ($this->plist->squash() as $name => $value) {
283 list($ns, $key) = explode('.', $name, 2);
284 $ret[$ns][$key] = $value;
285 }
286 return $ret;
287 }
288
289 /**
290 * Sets a value to configuration.
291 *
292 * @param string $key key
293 * @param mixed $value value
294 * @param mixed $a
295 */
296 public function set($key, $value, $a = null)
297 {
298 if (strpos($key, '.') === false) {
299 $namespace = $key;
300 $directive = $value;
301 $value = $a;
302 $key = "$key.$directive";
303 $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
304 } else {
305 list($namespace) = explode('.', $key);
306 }
307 if ($this->isFinalized('Cannot set directive after finalization')) {
308 return;
309 }
310 if (!isset($this->def->info[$key])) {
311 $this->triggerError(
312 'Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
313 E_USER_WARNING
314 );
315 return;
316 }
317 $def = $this->def->info[$key];
318
319 if (isset($def->isAlias)) {
320 if ($this->aliasMode) {
321 $this->triggerError(
322 'Double-aliases not allowed, please fix '.
323 'ConfigSchema bug with' . $key,
324 E_USER_ERROR
325 );
326 return;
327 }
328 $this->aliasMode = true;
329 $this->set($def->key, $value);
330 $this->aliasMode = false;
331 $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
332 return;
333 }
334
335 // Raw type might be negative when using the fully optimized form
336 // of stdclass, which indicates allow_null == true
337 $rtype = is_int($def) ? $def : $def->type;
338 if ($rtype < 0) {
339 $type = -$rtype;
340 $allow_null = true;
341 } else {
342 $type = $rtype;
343 $allow_null = isset($def->allow_null);
344 }
345
346 try {
347 $value = $this->parser->parse($value, $type, $allow_null);
348 } catch (HTMLPurifier_VarParserException $e) {
349 $this->triggerError(
350 'Value for ' . $key . ' is of invalid type, should be ' .
351 HTMLPurifier_VarParser::getTypeName($type),
352 E_USER_WARNING
353 );
354 return;
355 }
356 if (is_string($value) && is_object($def)) {
357 // resolve value alias if defined
358 if (isset($def->aliases[$value])) {
359 $value = $def->aliases[$value];
360 }
361 // check to see if the value is allowed
362 if (isset($def->allowed) && !isset($def->allowed[$value])) {
363 $this->triggerError(
364 'Value not supported, valid values are: ' .
365 $this->_listify($def->allowed),
366 E_USER_WARNING
367 );
368 return;
369 }
370 }
371 $this->plist->set($key, $value);
372
373 // reset definitions if the directives they depend on changed
374 // this is a very costly process, so it's discouraged
375 // with finalization
376 if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
377 $this->definitions[$namespace] = null;
378 }
379
380 $this->serials[$namespace] = false;
381 }
382
383 /**
384 * Convenience function for error reporting
385 *
386 * @param array $lookup
387 *
388 * @return string
389 */
390 private function _listify($lookup)
391 {
392 $list = array();
393 foreach ($lookup as $name => $b) {
394 $list[] = $name;
395 }
396 return implode(', ', $list);
397 }
398
399 /**
400 * Retrieves object reference to the HTML definition.
401 *
402 * @param bool $raw Return a copy that has not been setup yet. Must be
403 * called before it's been setup, otherwise won't work.
404 * @param bool $optimized If true, this method may return null, to
405 * indicate that a cached version of the modified
406 * definition object is available and no further edits
407 * are necessary. Consider using
408 * maybeGetRawHTMLDefinition, which is more explicitly
409 * named, instead.
410 *
411 * @return HTMLPurifier_HTMLDefinition
412 */
413 public function getHTMLDefinition($raw = false, $optimized = false)
414 {
415 return $this->getDefinition('HTML', $raw, $optimized);
416 }
417
418 /**
419 * Retrieves object reference to the CSS definition
420 *
421 * @param bool $raw Return a copy that has not been setup yet. Must be
422 * called before it's been setup, otherwise won't work.
423 * @param bool $optimized If true, this method may return null, to
424 * indicate that a cached version of the modified
425 * definition object is available and no further edits
426 * are necessary. Consider using
427 * maybeGetRawCSSDefinition, which is more explicitly
428 * named, instead.
429 *
430 * @return HTMLPurifier_CSSDefinition
431 */
432 public function getCSSDefinition($raw = false, $optimized = false)
433 {
434 return $this->getDefinition('CSS', $raw, $optimized);
435 }
436
437 /**
438 * Retrieves object reference to the URI definition
439 *
440 * @param bool $raw Return a copy that has not been setup yet. Must be
441 * called before it's been setup, otherwise won't work.
442 * @param bool $optimized If true, this method may return null, to
443 * indicate that a cached version of the modified
444 * definition object is available and no further edits
445 * are necessary. Consider using
446 * maybeGetRawURIDefinition, which is more explicitly
447 * named, instead.
448 *
449 * @return HTMLPurifier_URIDefinition
450 */
451 public function getURIDefinition($raw = false, $optimized = false)
452 {
453 return $this->getDefinition('URI', $raw, $optimized);
454 }
455
456 /**
457 * Retrieves a definition
458 *
459 * @param string $type Type of definition: HTML, CSS, etc
460 * @param bool $raw Whether or not definition should be returned raw
461 * @param bool $optimized Only has an effect when $raw is true. Whether
462 * or not to return null if the result is already present in
463 * the cache. This is off by default for backwards
464 * compatibility reasons, but you need to do things this
465 * way in order to ensure that caching is done properly.
466 * Check out enduser-customize.html for more details.
467 * We probably won't ever change this default, as much as the
468 * maybe semantics is the "right thing to do."
469 *
470 * @throws HTMLPurifier_Exception
471 * @return HTMLPurifier_Definition
472 */
473 public function getDefinition($type, $raw = false, $optimized = false)
474 {
475 if ($optimized && !$raw) {
476 throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
477 }
478 if (!$this->finalized) {
479 $this->autoFinalize();
480 }
481 // temporarily suspend locks, so we can handle recursive definition calls
482 $lock = $this->lock;
483 $this->lock = null;
484 $factory = HTMLPurifier_DefinitionCacheFactory::instance();
485 $cache = $factory->create($type, $this);
486 $this->lock = $lock;
487 if (!$raw) {
488 // full definition
489 // ---------------
490 // check if definition is in memory
491 if (!empty($this->definitions[$type])) {
492 $def = $this->definitions[$type];
493 // check if the definition is setup
494 if ($def->setup) {
495 return $def;
496 } else {
497 $def->setup($this);
498 if ($def->optimized) {
499 $cache->add($def, $this);
500 }
501 return $def;
502 }
503 }
504 // check if definition is in cache
505 $def = $cache->get($this);
506 if ($def) {
507 // definition in cache, save to memory and return it
508 $this->definitions[$type] = $def;
509 return $def;
510 }
511 // initialize it
512 $def = $this->initDefinition($type);
513 // set it up
514 $this->lock = $type;
515 $def->setup($this);
516 $this->lock = null;
517 // save in cache
518 $cache->add($def, $this);
519 // return it
520 return $def;
521 } else {
522 // raw definition
523 // --------------
524 // check preconditions
525 $def = null;
526 if ($optimized) {
527 if (is_null($this->get($type . '.DefinitionID'))) {
528 // fatally error out if definition ID not set
529 throw new HTMLPurifier_Exception(
530 "Cannot retrieve raw version without specifying %$type.DefinitionID"
531 );
532 }
533 }
534 if (!empty($this->definitions[$type])) {
535 $def = $this->definitions[$type];
536 if ($def->setup && !$optimized) {
537 $extra = $this->chatty ?
538 " (try moving this code block earlier in your initialization)" :
539 "";
540 throw new HTMLPurifier_Exception(
541 "Cannot retrieve raw definition after it has already been setup" .
542 $extra
543 );
544 }
545 if ($def->optimized === null) {
546 $extra = $this->chatty ? " (try flushing your cache)" : "";
547 throw new HTMLPurifier_Exception(
548 "Optimization status of definition is unknown" . $extra
549 );
550 }
551 if ($def->optimized !== $optimized) {
552 $msg = $optimized ? "optimized" : "unoptimized";
553 $extra = $this->chatty ?
554 " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)"
555 : "";
556 throw new HTMLPurifier_Exception(
557 "Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra
558 );
559 }
560 }
561 // check if definition was in memory
562 if ($def) {
563 if ($def->setup) {
564 // invariant: $optimized === true (checked above)
565 return null;
566 } else {
567 return $def;
568 }
569 }
570 // if optimized, check if definition was in cache
571 // (because we do the memory check first, this formulation
572 // is prone to cache slamming, but I think
573 // guaranteeing that either /all/ of the raw
574 // setup code or /none/ of it is run is more important.)
575 if ($optimized) {
576 // This code path only gets run once; once we put
577 // something in $definitions (which is guaranteed by the
578 // trailing code), we always short-circuit above.
579 $def = $cache->get($this);
580 if ($def) {
581 // save the full definition for later, but don't
582 // return it yet
583 $this->definitions[$type] = $def;
584 return null;
585 }
586 }
587 // check invariants for creation
588 if (!$optimized) {
589 if (!is_null($this->get($type . '.DefinitionID'))) {
590 if ($this->chatty) {
591 $this->triggerError(
592 'Due to a documentation error in previous version of HTML Purifier, your ' .
593 'definitions are not being cached. If this is OK, you can remove the ' .
594 '%$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, ' .
595 'modify your code to use maybeGetRawDefinition, and test if the returned ' .
596 'value is null before making any edits (if it is null, that means that a ' .
597 'cached version is available, and no raw operations are necessary). See ' .
598 '<a href="http://htmlpurifier.org/docs/enduser-customize.html#optimized">' .
599 'Customize</a> for more details',
600 E_USER_WARNING
601 );
602 } else {
603 $this->triggerError(
604 "Useless DefinitionID declaration",
605 E_USER_WARNING
606 );
607 }
608 }
609 }
610 // initialize it
611 $def = $this->initDefinition($type);
612 $def->optimized = $optimized;
613 return $def;
614 }
615 throw new HTMLPurifier_Exception("The impossible happened!");
616 }
617
618 /**
619 * Initialise definition
620 *
621 * @param string $type What type of definition to create
622 *
623 * @return HTMLPurifier_CSSDefinition|HTMLPurifier_HTMLDefinition|HTMLPurifier_URIDefinition
624 * @throws HTMLPurifier_Exception
625 */
626 private function initDefinition($type)
627 {
628 // quick checks failed, let's create the object
629 if ($type == 'HTML') {
630 $def = new HTMLPurifier_HTMLDefinition();
631 } elseif ($type == 'CSS') {
632 $def = new HTMLPurifier_CSSDefinition();
633 } elseif ($type == 'URI') {
634 $def = new HTMLPurifier_URIDefinition();
635 } else {
636 throw new HTMLPurifier_Exception(
637 "Definition of $type type not supported"
638 );
639 }
640 $this->definitions[$type] = $def;
641 return $def;
642 }
643
644 public function maybeGetRawDefinition($name)
645 {
646 return $this->getDefinition($name, true, true);
647 }
648
649 public function maybeGetRawHTMLDefinition()
650 {
651 return $this->getDefinition('HTML', true, true);
652 }
653
654 public function maybeGetRawCSSDefinition()
655 {
656 return $this->getDefinition('CSS', true, true);
657 }
658
659 public function maybeGetRawURIDefinition()
660 {
661 return $this->getDefinition('URI', true, true);
662 }
663
664 /**
665 * Loads configuration values from an array with the following structure:
666 * Namespace.Directive => Value
667 *
668 * @param array $config_array Configuration associative array
669 */
670 public function loadArray($config_array)
671 {
672 if ($this->isFinalized('Cannot load directives after finalization')) {
673 return;
674 }
675 foreach ($config_array as $key => $value) {
676 $key = str_replace('_', '.', $key);
677 if (strpos($key, '.') !== false) {
678 $this->set($key, $value);
679 } else {
680 $namespace = $key;
681 $namespace_values = $value;
682 foreach ($namespace_values as $directive => $value2) {
683 $this->set($namespace .'.'. $directive, $value2);
684 }
685 }
686 }
687 }
688
689 /**
690 * Returns a list of array(namespace, directive) for all directives
691 * that are allowed in a web-form context as per an allowed
692 * namespaces/directives list.
693 *
694 * @param array $allowed List of allowed namespaces/directives
695 * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
696 *
697 * @return array
698 */
699 public static function getAllowedDirectivesForForm($allowed, $schema = null)
700 {
701 if (!$schema) {
702 $schema = HTMLPurifier_ConfigSchema::instance();
703 }
704 if ($allowed !== true) {
705 if (is_string($allowed)) {
706 $allowed = array($allowed);
707 }
708 $allowed_ns = array();
709 $allowed_directives = array();
710 $blacklisted_directives = array();
711 foreach ($allowed as $ns_or_directive) {
712 if (strpos($ns_or_directive, '.') !== false) {
713 // directive
714 if ($ns_or_directive[0] == '-') {
715 $blacklisted_directives[substr($ns_or_directive, 1)] = true;
716 } else {
717 $allowed_directives[$ns_or_directive] = true;
718 }
719 } else {
720 // namespace
721 $allowed_ns[$ns_or_directive] = true;
722 }
723 }
724 }
725 $ret = array();
726 foreach ($schema->info as $key => $def) {
727 list($ns, $directive) = explode('.', $key, 2);
728 if ($allowed !== true) {
729 if (isset($blacklisted_directives["$ns.$directive"])) {
730 continue;
731 }
732 if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) {
733 continue;
734 }
735 }
736 if (isset($def->isAlias)) {
737 continue;
738 }
739 if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') {
740 continue;
741 }
742 $ret[] = array($ns, $directive);
743 }
744 return $ret;
745 }
746
747 /**
748 * Loads configuration values from $_GET/$_POST that were posted
749 * via ConfigForm
750 *
751 * @param array $array $_GET or $_POST array to import
752 * @param string|bool $index Index/name that the config variables are in
753 * @param array|bool $allowed List of allowed namespaces/directives
754 * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
755 * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
756 *
757 * @return mixed
758 */
759 public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
760 {
761 $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
762 $config = HTMLPurifier_Config::create($ret, $schema);
763 return $config;
764 }
765
766 /**
767 * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
768 *
769 * @param array $array $_GET or $_POST array to import
770 * @param string|bool $index Index/name that the config variables are in
771 * @param array|bool $allowed List of allowed namespaces/directives
772 * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
773 */
774 public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true)
775 {
776 $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
777 $this->loadArray($ret);
778 }
779
780 /**
781 * Prepares an array from a form into something usable for the more
782 * strict parts of HTMLPurifier_Config
783 *
784 * @param array $array $_GET or $_POST array to import
785 * @param string|bool $index Index/name that the config variables are in
786 * @param array|bool $allowed List of allowed namespaces/directives
787 * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
788 * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
789 *
790 * @return array
791 */
792 public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
793 {
794 if ($index !== false) {
795 $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
796 }
797 $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
798
799 $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
800 $ret = array();
801 foreach ($allowed as $key) {
802 list($ns, $directive) = $key;
803 $skey = "$ns.$directive";
804 if (!empty($array["Null_$skey"])) {
805 $ret[$ns][$directive] = null;
806 continue;
807 }
808 if (!isset($array[$skey])) {
809 continue;
810 }
811 $value = $mq ? stripslashes($array[$skey]) : $array[$skey];
812 $ret[$ns][$directive] = $value;
813 }
814 return $ret;
815 }
816
817 /**
818 * Loads configuration values from an ini file
819 *
820 * @param string $filename Name of ini file
821 */
822 public function loadIni($filename)
823 {
824 if ($this->isFinalized('Cannot load directives after finalization')) {
825 return;
826 }
827 $array = parse_ini_file($filename, true);
828 $this->loadArray($array);
829 }
830
831 /**
832 * Checks whether or not the configuration object is finalized.
833 *
834 * @param string|bool $error String error message, or false for no error
835 *
836 * @return bool
837 */
838 public function isFinalized($error = false)
839 {
840 if ($this->finalized && $error) {
841 $this->triggerError($error, E_USER_ERROR);
842 }
843 return $this->finalized;
844 }
845
846 /**
847 * Finalizes configuration only if auto finalize is on and not
848 * already finalized
849 */
850 public function autoFinalize()
851 {
852 if ($this->autoFinalize) {
853 $this->finalize();
854 } else {
855 $this->plist->squash(true);
856 }
857 }
858
859 /**
860 * Finalizes a configuration object, prohibiting further change
861 */
862 public function finalize()
863 {
864 $this->finalized = true;
865 $this->parser = null;
866 }
867
868 /**
869 * Produces a nicely formatted error message by supplying the
870 * stack frame information OUTSIDE of HTMLPurifier_Config.
871 *
872 * @param string $msg An error message
873 * @param int $no An error number
874 */
875 protected function triggerError($msg, $no)
876 {
877 // determine previous stack frame
878 $extra = '';
879 if ($this->chatty) {
880 $trace = debug_backtrace();
881 // zip(tail(trace), trace) -- but PHP is not Haskell har har
882 for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
883 // XXX this is not correct on some versions of HTML Purifier
884 if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
885 continue;
886 }
887 $frame = $trace[$i];
888 $extra = " invoked on line {$frame['line']} in file {$frame['file']}";
889 break;
890 }
891 }
892 trigger_error($msg . $extra, $no);
893 }
894
895 /**
896 * Returns a serialized form of the configuration object that can
897 * be reconstituted.
898 *
899 * @return string
900 */
901 public function serialize()
902 {
903 $this->getDefinition('HTML');
904 $this->getDefinition('CSS');
905 $this->getDefinition('URI');
906 return serialize($this);
907 }
908
909}
910
911// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema.php
new file mode 100644
index 00000000..ab7e7c0b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema.php
@@ -0,0 +1,176 @@
1<?php
2
3/**
4 * Configuration definition, defines directives and their defaults.
5 */
6class HTMLPurifier_ConfigSchema
7{
8 /**
9 * Defaults of the directives and namespaces.
10 * @type array
11 * @note This shares the exact same structure as HTMLPurifier_Config::$conf
12 */
13 public $defaults = array();
14
15 /**
16 * The default property list. Do not edit this property list.
17 * @type array
18 */
19 public $defaultPlist;
20
21 /**
22 * Definition of the directives.
23 * The structure of this is:
24 *
25 * array(
26 * 'Namespace' => array(
27 * 'Directive' => new stdclass(),
28 * )
29 * )
30 *
31 * The stdclass may have the following properties:
32 *
33 * - If isAlias isn't set:
34 * - type: Integer type of directive, see HTMLPurifier_VarParser for definitions
35 * - allow_null: If set, this directive allows null values
36 * - aliases: If set, an associative array of value aliases to real values
37 * - allowed: If set, a lookup array of allowed (string) values
38 * - If isAlias is set:
39 * - namespace: Namespace this directive aliases to
40 * - name: Directive name this directive aliases to
41 *
42 * In certain degenerate cases, stdclass will actually be an integer. In
43 * that case, the value is equivalent to an stdclass with the type
44 * property set to the integer. If the integer is negative, type is
45 * equal to the absolute value of integer, and allow_null is true.
46 *
47 * This class is friendly with HTMLPurifier_Config. If you need introspection
48 * about the schema, you're better of using the ConfigSchema_Interchange,
49 * which uses more memory but has much richer information.
50 * @type array
51 */
52 public $info = array();
53
54 /**
55 * Application-wide singleton
56 * @type HTMLPurifier_ConfigSchema
57 */
58 protected static $singleton;
59
60 public function __construct()
61 {
62 $this->defaultPlist = new HTMLPurifier_PropertyList();
63 }
64
65 /**
66 * Unserializes the default ConfigSchema.
67 * @return HTMLPurifier_ConfigSchema
68 */
69 public static function makeFromSerial()
70 {
71 $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser');
72 $r = unserialize($contents);
73 if (!$r) {
74 $hash = sha1($contents);
75 trigger_error("Unserialization of configuration schema failed, sha1 of file was $hash", E_USER_ERROR);
76 }
77 return $r;
78 }
79
80 /**
81 * Retrieves an instance of the application-wide configuration definition.
82 * @param HTMLPurifier_ConfigSchema $prototype
83 * @return HTMLPurifier_ConfigSchema
84 */
85 public static function instance($prototype = null)
86 {
87 if ($prototype !== null) {
88 HTMLPurifier_ConfigSchema::$singleton = $prototype;
89 } elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) {
90 HTMLPurifier_ConfigSchema::$singleton = HTMLPurifier_ConfigSchema::makeFromSerial();
91 }
92 return HTMLPurifier_ConfigSchema::$singleton;
93 }
94
95 /**
96 * Defines a directive for configuration
97 * @warning Will fail of directive's namespace is defined.
98 * @warning This method's signature is slightly different from the legacy
99 * define() static method! Beware!
100 * @param string $key Name of directive
101 * @param mixed $default Default value of directive
102 * @param string $type Allowed type of the directive. See
103 * HTMLPurifier_DirectiveDef::$type for allowed values
104 * @param bool $allow_null Whether or not to allow null values
105 */
106 public function add($key, $default, $type, $allow_null)
107 {
108 $obj = new stdclass();
109 $obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type];
110 if ($allow_null) {
111 $obj->allow_null = true;
112 }
113 $this->info[$key] = $obj;
114 $this->defaults[$key] = $default;
115 $this->defaultPlist->set($key, $default);
116 }
117
118 /**
119 * Defines a directive value alias.
120 *
121 * Directive value aliases are convenient for developers because it lets
122 * them set a directive to several values and get the same result.
123 * @param string $key Name of Directive
124 * @param array $aliases Hash of aliased values to the real alias
125 */
126 public function addValueAliases($key, $aliases)
127 {
128 if (!isset($this->info[$key]->aliases)) {
129 $this->info[$key]->aliases = array();
130 }
131 foreach ($aliases as $alias => $real) {
132 $this->info[$key]->aliases[$alias] = $real;
133 }
134 }
135
136 /**
137 * Defines a set of allowed values for a directive.
138 * @warning This is slightly different from the corresponding static
139 * method definition.
140 * @param string $key Name of directive
141 * @param array $allowed Lookup array of allowed values
142 */
143 public function addAllowedValues($key, $allowed)
144 {
145 $this->info[$key]->allowed = $allowed;
146 }
147
148 /**
149 * Defines a directive alias for backwards compatibility
150 * @param string $key Directive that will be aliased
151 * @param string $new_key Directive that the alias will be to
152 */
153 public function addAlias($key, $new_key)
154 {
155 $obj = new stdclass;
156 $obj->key = $new_key;
157 $obj->isAlias = true;
158 $this->info[$key] = $obj;
159 }
160
161 /**
162 * Replaces any stdclass that only has the type property with type integer.
163 */
164 public function postProcess()
165 {
166 foreach ($this->info as $key => $v) {
167 if (count((array) $v) == 1) {
168 $this->info[$key] = $v->type;
169 } elseif (count((array) $v) == 2 && isset($v->allow_null)) {
170 $this->info[$key] = -$v->type;
171 }
172 }
173 }
174}
175
176// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
new file mode 100644
index 00000000..1174575e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
@@ -0,0 +1,48 @@
1<?php
2
3/**
4 * Converts HTMLPurifier_ConfigSchema_Interchange to our runtime
5 * representation used to perform checks on user configuration.
6 */
7class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
8{
9
10 /**
11 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
12 * @return HTMLPurifier_ConfigSchema
13 */
14 public function build($interchange)
15 {
16 $schema = new HTMLPurifier_ConfigSchema();
17 foreach ($interchange->directives as $d) {
18 $schema->add(
19 $d->id->key,
20 $d->default,
21 $d->type,
22 $d->typeAllowsNull
23 );
24 if ($d->allowed !== null) {
25 $schema->addAllowedValues(
26 $d->id->key,
27 $d->allowed
28 );
29 }
30 foreach ($d->aliases as $alias) {
31 $schema->addAlias(
32 $alias->key,
33 $d->id->key
34 );
35 }
36 if ($d->valueAliases !== null) {
37 $schema->addValueAliases(
38 $d->id->key,
39 $d->valueAliases
40 );
41 }
42 }
43 $schema->postProcess();
44 return $schema;
45 }
46}
47
48// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php
new file mode 100644
index 00000000..0d00bf1d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php
@@ -0,0 +1,144 @@
1<?php
2
3/**
4 * Converts HTMLPurifier_ConfigSchema_Interchange to an XML format,
5 * which can be further processed to generate documentation.
6 */
7class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
8{
9
10 /**
11 * @type HTMLPurifier_ConfigSchema_Interchange
12 */
13 protected $interchange;
14
15 /**
16 * @type string
17 */
18 private $namespace;
19
20 /**
21 * @param string $html
22 */
23 protected function writeHTMLDiv($html)
24 {
25 $this->startElement('div');
26
27 $purifier = HTMLPurifier::getInstance();
28 $html = $purifier->purify($html);
29 $this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
30 $this->writeRaw($html);
31
32 $this->endElement(); // div
33 }
34
35 /**
36 * @param mixed $var
37 * @return string
38 */
39 protected function export($var)
40 {
41 if ($var === array()) {
42 return 'array()';
43 }
44 return var_export($var, true);
45 }
46
47 /**
48 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
49 */
50 public function build($interchange)
51 {
52 // global access, only use as last resort
53 $this->interchange = $interchange;
54
55 $this->setIndent(true);
56 $this->startDocument('1.0', 'UTF-8');
57 $this->startElement('configdoc');
58 $this->writeElement('title', $interchange->name);
59
60 foreach ($interchange->directives as $directive) {
61 $this->buildDirective($directive);
62 }
63
64 if ($this->namespace) {
65 $this->endElement();
66 } // namespace
67
68 $this->endElement(); // configdoc
69 $this->flush();
70 }
71
72 /**
73 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
74 */
75 public function buildDirective($directive)
76 {
77 // Kludge, although I suppose having a notion of a "root namespace"
78 // certainly makes things look nicer when documentation is built.
79 // Depends on things being sorted.
80 if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
81 if ($this->namespace) {
82 $this->endElement();
83 } // namespace
84 $this->namespace = $directive->id->getRootNamespace();
85 $this->startElement('namespace');
86 $this->writeAttribute('id', $this->namespace);
87 $this->writeElement('name', $this->namespace);
88 }
89
90 $this->startElement('directive');
91 $this->writeAttribute('id', $directive->id->toString());
92
93 $this->writeElement('name', $directive->id->getDirective());
94
95 $this->startElement('aliases');
96 foreach ($directive->aliases as $alias) {
97 $this->writeElement('alias', $alias->toString());
98 }
99 $this->endElement(); // aliases
100
101 $this->startElement('constraints');
102 if ($directive->version) {
103 $this->writeElement('version', $directive->version);
104 }
105 $this->startElement('type');
106 if ($directive->typeAllowsNull) {
107 $this->writeAttribute('allow-null', 'yes');
108 }
109 $this->text($directive->type);
110 $this->endElement(); // type
111 if ($directive->allowed) {
112 $this->startElement('allowed');
113 foreach ($directive->allowed as $value => $x) {
114 $this->writeElement('value', $value);
115 }
116 $this->endElement(); // allowed
117 }
118 $this->writeElement('default', $this->export($directive->default));
119 $this->writeAttribute('xml:space', 'preserve');
120 if ($directive->external) {
121 $this->startElement('external');
122 foreach ($directive->external as $project) {
123 $this->writeElement('project', $project);
124 }
125 $this->endElement();
126 }
127 $this->endElement(); // constraints
128
129 if ($directive->deprecatedVersion) {
130 $this->startElement('deprecated');
131 $this->writeElement('version', $directive->deprecatedVersion);
132 $this->writeElement('use', $directive->deprecatedUse->toString());
133 $this->endElement(); // deprecated
134 }
135
136 $this->startElement('description');
137 $this->writeHTMLDiv($directive->description);
138 $this->endElement(); // description
139
140 $this->endElement(); // directive
141 }
142}
143
144// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php
new file mode 100644
index 00000000..1abdcfc0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php
@@ -0,0 +1,11 @@
1<?php
2
3/**
4 * Exceptions related to configuration schema
5 */
6class HTMLPurifier_ConfigSchema_Exception extends HTMLPurifier_Exception
7{
8
9}
10
11// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php
new file mode 100644
index 00000000..c094fa0b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php
@@ -0,0 +1,47 @@
1<?php
2
3/**
4 * Generic schema interchange format that can be converted to a runtime
5 * representation (HTMLPurifier_ConfigSchema) or HTML documentation. Members
6 * are completely validated.
7 */
8class HTMLPurifier_ConfigSchema_Interchange
9{
10
11 /**
12 * Name of the application this schema is describing.
13 * @type string
14 */
15 public $name;
16
17 /**
18 * Array of Directive ID => array(directive info)
19 * @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
20 */
21 public $directives = array();
22
23 /**
24 * Adds a directive array to $directives
25 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
26 * @throws HTMLPurifier_ConfigSchema_Exception
27 */
28 public function addDirective($directive)
29 {
30 if (isset($this->directives[$i = $directive->id->toString()])) {
31 throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
32 }
33 $this->directives[$i] = $directive;
34 }
35
36 /**
37 * Convenience function to perform standard validation. Throws exception
38 * on failed validation.
39 */
40 public function validate()
41 {
42 $validator = new HTMLPurifier_ConfigSchema_Validator();
43 return $validator->validate($this);
44 }
45}
46
47// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php
new file mode 100644
index 00000000..4c39c5c6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php
@@ -0,0 +1,89 @@
1<?php
2
3/**
4 * Interchange component class describing configuration directives.
5 */
6class HTMLPurifier_ConfigSchema_Interchange_Directive
7{
8
9 /**
10 * ID of directive.
11 * @type HTMLPurifier_ConfigSchema_Interchange_Id
12 */
13 public $id;
14
15 /**
16 * Type, e.g. 'integer' or 'istring'.
17 * @type string
18 */
19 public $type;
20
21 /**
22 * Default value, e.g. 3 or 'DefaultVal'.
23 * @type mixed
24 */
25 public $default;
26
27 /**
28 * HTML description.
29 * @type string
30 */
31 public $description;
32
33 /**
34 * Whether or not null is allowed as a value.
35 * @type bool
36 */
37 public $typeAllowsNull = false;
38
39 /**
40 * Lookup table of allowed scalar values.
41 * e.g. array('allowed' => true).
42 * Null if all values are allowed.
43 * @type array
44 */
45 public $allowed;
46
47 /**
48 * List of aliases for the directive.
49 * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
50 * @type HTMLPurifier_ConfigSchema_Interchange_Id[]
51 */
52 public $aliases = array();
53
54 /**
55 * Hash of value aliases, e.g. array('alt' => 'real'). Null if value
56 * aliasing is disabled (necessary for non-scalar types).
57 * @type array
58 */
59 public $valueAliases;
60
61 /**
62 * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
63 * Null if the directive has always existed.
64 * @type string
65 */
66 public $version;
67
68 /**
69 * ID of directive that supercedes this old directive.
70 * Null if not deprecated.
71 * @type HTMLPurifier_ConfigSchema_Interchange_Id
72 */
73 public $deprecatedUse;
74
75 /**
76 * Version of HTML Purifier this directive was deprecated. Null if not
77 * deprecated.
78 * @type string
79 */
80 public $deprecatedVersion;
81
82 /**
83 * List of external projects this directive depends on, e.g. array('CSSTidy').
84 * @type array
85 */
86 public $external = array();
87}
88
89// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php
new file mode 100644
index 00000000..3ee81711
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php
@@ -0,0 +1,58 @@
1<?php
2
3/**
4 * Represents a directive ID in the interchange format.
5 */
6class HTMLPurifier_ConfigSchema_Interchange_Id
7{
8
9 /**
10 * @type string
11 */
12 public $key;
13
14 /**
15 * @param string $key
16 */
17 public function __construct($key)
18 {
19 $this->key = $key;
20 }
21
22 /**
23 * @return string
24 * @warning This is NOT magic, to ensure that people don't abuse SPL and
25 * cause problems for PHP 5.0 support.
26 */
27 public function toString()
28 {
29 return $this->key;
30 }
31
32 /**
33 * @return string
34 */
35 public function getRootNamespace()
36 {
37 return substr($this->key, 0, strpos($this->key, "."));
38 }
39
40 /**
41 * @return string
42 */
43 public function getDirective()
44 {
45 return substr($this->key, strpos($this->key, ".") + 1);
46 }
47
48 /**
49 * @param string $id
50 * @return HTMLPurifier_ConfigSchema_Interchange_Id
51 */
52 public static function make($id)
53 {
54 return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
55 }
56}
57
58// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
new file mode 100644
index 00000000..fe9b3268
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
@@ -0,0 +1,226 @@
1<?php
2
3class HTMLPurifier_ConfigSchema_InterchangeBuilder
4{
5
6 /**
7 * Used for processing DEFAULT, nothing else.
8 * @type HTMLPurifier_VarParser
9 */
10 protected $varParser;
11
12 /**
13 * @param HTMLPurifier_VarParser $varParser
14 */
15 public function __construct($varParser = null)
16 {
17 $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
18 }
19
20 /**
21 * @param string $dir
22 * @return HTMLPurifier_ConfigSchema_Interchange
23 */
24 public static function buildFromDirectory($dir = null)
25 {
26 $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
27 $interchange = new HTMLPurifier_ConfigSchema_Interchange();
28 return $builder->buildDir($interchange, $dir);
29 }
30
31 /**
32 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
33 * @param string $dir
34 * @return HTMLPurifier_ConfigSchema_Interchange
35 */
36 public function buildDir($interchange, $dir = null)
37 {
38 if (!$dir) {
39 $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
40 }
41 if (file_exists($dir . '/info.ini')) {
42 $info = parse_ini_file($dir . '/info.ini');
43 $interchange->name = $info['name'];
44 }
45
46 $files = array();
47 $dh = opendir($dir);
48 while (false !== ($file = readdir($dh))) {
49 if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
50 continue;
51 }
52 $files[] = $file;
53 }
54 closedir($dh);
55
56 sort($files);
57 foreach ($files as $file) {
58 $this->buildFile($interchange, $dir . '/' . $file);
59 }
60 return $interchange;
61 }
62
63 /**
64 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
65 * @param string $file
66 */
67 public function buildFile($interchange, $file)
68 {
69 $parser = new HTMLPurifier_StringHashParser();
70 $this->build(
71 $interchange,
72 new HTMLPurifier_StringHash($parser->parseFile($file))
73 );
74 }
75
76 /**
77 * Builds an interchange object based on a hash.
78 * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
79 * @param HTMLPurifier_StringHash $hash source data
80 * @throws HTMLPurifier_ConfigSchema_Exception
81 */
82 public function build($interchange, $hash)
83 {
84 if (!$hash instanceof HTMLPurifier_StringHash) {
85 $hash = new HTMLPurifier_StringHash($hash);
86 }
87 if (!isset($hash['ID'])) {
88 throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
89 }
90 if (strpos($hash['ID'], '.') === false) {
91 if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
92 $hash->offsetGet('DESCRIPTION'); // prevent complaining
93 } else {
94 throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
95 }
96 } else {
97 $this->buildDirective($interchange, $hash);
98 }
99 $this->_findUnused($hash);
100 }
101
102 /**
103 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
104 * @param HTMLPurifier_StringHash $hash
105 * @throws HTMLPurifier_ConfigSchema_Exception
106 */
107 public function buildDirective($interchange, $hash)
108 {
109 $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
110
111 // These are required elements:
112 $directive->id = $this->id($hash->offsetGet('ID'));
113 $id = $directive->id->toString(); // convenience
114
115 if (isset($hash['TYPE'])) {
116 $type = explode('/', $hash->offsetGet('TYPE'));
117 if (isset($type[1])) {
118 $directive->typeAllowsNull = true;
119 }
120 $directive->type = $type[0];
121 } else {
122 throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
123 }
124
125 if (isset($hash['DEFAULT'])) {
126 try {
127 $directive->default = $this->varParser->parse(
128 $hash->offsetGet('DEFAULT'),
129 $directive->type,
130 $directive->typeAllowsNull
131 );
132 } catch (HTMLPurifier_VarParserException $e) {
133 throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
134 }
135 }
136
137 if (isset($hash['DESCRIPTION'])) {
138 $directive->description = $hash->offsetGet('DESCRIPTION');
139 }
140
141 if (isset($hash['ALLOWED'])) {
142 $directive->allowed = $this->lookup($this->evalArray($hash->offsetGet('ALLOWED')));
143 }
144
145 if (isset($hash['VALUE-ALIASES'])) {
146 $directive->valueAliases = $this->evalArray($hash->offsetGet('VALUE-ALIASES'));
147 }
148
149 if (isset($hash['ALIASES'])) {
150 $raw_aliases = trim($hash->offsetGet('ALIASES'));
151 $aliases = preg_split('/\s*,\s*/', $raw_aliases);
152 foreach ($aliases as $alias) {
153 $directive->aliases[] = $this->id($alias);
154 }
155 }
156
157 if (isset($hash['VERSION'])) {
158 $directive->version = $hash->offsetGet('VERSION');
159 }
160
161 if (isset($hash['DEPRECATED-USE'])) {
162 $directive->deprecatedUse = $this->id($hash->offsetGet('DEPRECATED-USE'));
163 }
164
165 if (isset($hash['DEPRECATED-VERSION'])) {
166 $directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
167 }
168
169 if (isset($hash['EXTERNAL'])) {
170 $directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
171 }
172
173 $interchange->addDirective($directive);
174 }
175
176 /**
177 * Evaluates an array PHP code string without array() wrapper
178 * @param string $contents
179 */
180 protected function evalArray($contents)
181 {
182 return eval('return array(' . $contents . ');');
183 }
184
185 /**
186 * Converts an array list into a lookup array.
187 * @param array $array
188 * @return array
189 */
190 protected function lookup($array)
191 {
192 $ret = array();
193 foreach ($array as $val) {
194 $ret[$val] = true;
195 }
196 return $ret;
197 }
198
199 /**
200 * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
201 * object based on a string Id.
202 * @param string $id
203 * @return HTMLPurifier_ConfigSchema_Interchange_Id
204 */
205 protected function id($id)
206 {
207 return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
208 }
209
210 /**
211 * Triggers errors for any unused keys passed in the hash; such keys
212 * may indicate typos, missing values, etc.
213 * @param HTMLPurifier_StringHash $hash Hash to check.
214 */
215 protected function _findUnused($hash)
216 {
217 $accessed = $hash->getAccessed();
218 foreach ($hash as $k => $v) {
219 if (!isset($accessed[$k])) {
220 trigger_error("String hash key '$k' not used by builder", E_USER_NOTICE);
221 }
222 }
223 }
224}
225
226// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php
new file mode 100644
index 00000000..9f14444f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php
@@ -0,0 +1,248 @@
1<?php
2
3/**
4 * Performs validations on HTMLPurifier_ConfigSchema_Interchange
5 *
6 * @note If you see '// handled by InterchangeBuilder', that means a
7 * design decision in that class would prevent this validation from
8 * ever being necessary. We have them anyway, however, for
9 * redundancy.
10 */
11class HTMLPurifier_ConfigSchema_Validator
12{
13
14 /**
15 * @type HTMLPurifier_ConfigSchema_Interchange
16 */
17 protected $interchange;
18
19 /**
20 * @type array
21 */
22 protected $aliases;
23
24 /**
25 * Context-stack to provide easy to read error messages.
26 * @type array
27 */
28 protected $context = array();
29
30 /**
31 * to test default's type.
32 * @type HTMLPurifier_VarParser
33 */
34 protected $parser;
35
36 public function __construct()
37 {
38 $this->parser = new HTMLPurifier_VarParser();
39 }
40
41 /**
42 * Validates a fully-formed interchange object.
43 * @param HTMLPurifier_ConfigSchema_Interchange $interchange
44 * @return bool
45 */
46 public function validate($interchange)
47 {
48 $this->interchange = $interchange;
49 $this->aliases = array();
50 // PHP is a bit lax with integer <=> string conversions in
51 // arrays, so we don't use the identical !== comparison
52 foreach ($interchange->directives as $i => $directive) {
53 $id = $directive->id->toString();
54 if ($i != $id) {
55 $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
56 }
57 $this->validateDirective($directive);
58 }
59 return true;
60 }
61
62 /**
63 * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
64 * @param HTMLPurifier_ConfigSchema_Interchange_Id $id
65 */
66 public function validateId($id)
67 {
68 $id_string = $id->toString();
69 $this->context[] = "id '$id_string'";
70 if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
71 // handled by InterchangeBuilder
72 $this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
73 }
74 // keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
75 // we probably should check that it has at least one namespace
76 $this->with($id, 'key')
77 ->assertNotEmpty()
78 ->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
79 array_pop($this->context);
80 }
81
82 /**
83 * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
84 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
85 */
86 public function validateDirective($d)
87 {
88 $id = $d->id->toString();
89 $this->context[] = "directive '$id'";
90 $this->validateId($d->id);
91
92 $this->with($d, 'description')
93 ->assertNotEmpty();
94
95 // BEGIN - handled by InterchangeBuilder
96 $this->with($d, 'type')
97 ->assertNotEmpty();
98 $this->with($d, 'typeAllowsNull')
99 ->assertIsBool();
100 try {
101 // This also tests validity of $d->type
102 $this->parser->parse($d->default, $d->type, $d->typeAllowsNull);
103 } catch (HTMLPurifier_VarParserException $e) {
104 $this->error('default', 'had error: ' . $e->getMessage());
105 }
106 // END - handled by InterchangeBuilder
107
108 if (!is_null($d->allowed) || !empty($d->valueAliases)) {
109 // allowed and valueAliases require that we be dealing with
110 // strings, so check for that early.
111 $d_int = HTMLPurifier_VarParser::$types[$d->type];
112 if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
113 $this->error('type', 'must be a string type when used with allowed or value aliases');
114 }
115 }
116
117 $this->validateDirectiveAllowed($d);
118 $this->validateDirectiveValueAliases($d);
119 $this->validateDirectiveAliases($d);
120
121 array_pop($this->context);
122 }
123
124 /**
125 * Extra validation if $allowed member variable of
126 * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
127 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
128 */
129 public function validateDirectiveAllowed($d)
130 {
131 if (is_null($d->allowed)) {
132 return;
133 }
134 $this->with($d, 'allowed')
135 ->assertNotEmpty()
136 ->assertIsLookup(); // handled by InterchangeBuilder
137 if (is_string($d->default) && !isset($d->allowed[$d->default])) {
138 $this->error('default', 'must be an allowed value');
139 }
140 $this->context[] = 'allowed';
141 foreach ($d->allowed as $val => $x) {
142 if (!is_string($val)) {
143 $this->error("value $val", 'must be a string');
144 }
145 }
146 array_pop($this->context);
147 }
148
149 /**
150 * Extra validation if $valueAliases member variable of
151 * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
152 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
153 */
154 public function validateDirectiveValueAliases($d)
155 {
156 if (is_null($d->valueAliases)) {
157 return;
158 }
159 $this->with($d, 'valueAliases')
160 ->assertIsArray(); // handled by InterchangeBuilder
161 $this->context[] = 'valueAliases';
162 foreach ($d->valueAliases as $alias => $real) {
163 if (!is_string($alias)) {
164 $this->error("alias $alias", 'must be a string');
165 }
166 if (!is_string($real)) {
167 $this->error("alias target $real from alias '$alias'", 'must be a string');
168 }
169 if ($alias === $real) {
170 $this->error("alias '$alias'", "must not be an alias to itself");
171 }
172 }
173 if (!is_null($d->allowed)) {
174 foreach ($d->valueAliases as $alias => $real) {
175 if (isset($d->allowed[$alias])) {
176 $this->error("alias '$alias'", 'must not be an allowed value');
177 } elseif (!isset($d->allowed[$real])) {
178 $this->error("alias '$alias'", 'must be an alias to an allowed value');
179 }
180 }
181 }
182 array_pop($this->context);
183 }
184
185 /**
186 * Extra validation if $aliases member variable of
187 * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
188 * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
189 */
190 public function validateDirectiveAliases($d)
191 {
192 $this->with($d, 'aliases')
193 ->assertIsArray(); // handled by InterchangeBuilder
194 $this->context[] = 'aliases';
195 foreach ($d->aliases as $alias) {
196 $this->validateId($alias);
197 $s = $alias->toString();
198 if (isset($this->interchange->directives[$s])) {
199 $this->error("alias '$s'", 'collides with another directive');
200 }
201 if (isset($this->aliases[$s])) {
202 $other_directive = $this->aliases[$s];
203 $this->error("alias '$s'", "collides with alias for directive '$other_directive'");
204 }
205 $this->aliases[$s] = $d->id->toString();
206 }
207 array_pop($this->context);
208 }
209
210 // protected helper functions
211
212 /**
213 * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
214 * for validating simple member variables of objects.
215 * @param $obj
216 * @param $member
217 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
218 */
219 protected function with($obj, $member)
220 {
221 return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
222 }
223
224 /**
225 * Emits an error, providing helpful context.
226 * @throws HTMLPurifier_ConfigSchema_Exception
227 */
228 protected function error($target, $msg)
229 {
230 if ($target !== false) {
231 $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
232 } else {
233 $prefix = ucfirst($this->getFormattedContext());
234 }
235 throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
236 }
237
238 /**
239 * Returns a formatted context string.
240 * @return string
241 */
242 protected function getFormattedContext()
243 {
244 return implode(' in ', array_reverse($this->context));
245 }
246}
247
248// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php
new file mode 100644
index 00000000..a2e0b4a1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php
@@ -0,0 +1,130 @@
1<?php
2
3/**
4 * Fluent interface for validating the contents of member variables.
5 * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for
6 * use-cases. We name this an 'atom' because it's ONLY for validations that
7 * are independent and usually scalar.
8 */
9class HTMLPurifier_ConfigSchema_ValidatorAtom
10{
11 /**
12 * @type string
13 */
14 protected $context;
15
16 /**
17 * @type object
18 */
19 protected $obj;
20
21 /**
22 * @type string
23 */
24 protected $member;
25
26 /**
27 * @type mixed
28 */
29 protected $contents;
30
31 public function __construct($context, $obj, $member)
32 {
33 $this->context = $context;
34 $this->obj = $obj;
35 $this->member = $member;
36 $this->contents =& $obj->$member;
37 }
38
39 /**
40 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
41 */
42 public function assertIsString()
43 {
44 if (!is_string($this->contents)) {
45 $this->error('must be a string');
46 }
47 return $this;
48 }
49
50 /**
51 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
52 */
53 public function assertIsBool()
54 {
55 if (!is_bool($this->contents)) {
56 $this->error('must be a boolean');
57 }
58 return $this;
59 }
60
61 /**
62 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
63 */
64 public function assertIsArray()
65 {
66 if (!is_array($this->contents)) {
67 $this->error('must be an array');
68 }
69 return $this;
70 }
71
72 /**
73 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
74 */
75 public function assertNotNull()
76 {
77 if ($this->contents === null) {
78 $this->error('must not be null');
79 }
80 return $this;
81 }
82
83 /**
84 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
85 */
86 public function assertAlnum()
87 {
88 $this->assertIsString();
89 if (!ctype_alnum($this->contents)) {
90 $this->error('must be alphanumeric');
91 }
92 return $this;
93 }
94
95 /**
96 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
97 */
98 public function assertNotEmpty()
99 {
100 if (empty($this->contents)) {
101 $this->error('must not be empty');
102 }
103 return $this;
104 }
105
106 /**
107 * @return HTMLPurifier_ConfigSchema_ValidatorAtom
108 */
109 public function assertIsLookup()
110 {
111 $this->assertIsArray();
112 foreach ($this->contents as $v) {
113 if ($v !== true) {
114 $this->error('must be a lookup array');
115 }
116 }
117 return $this;
118 }
119
120 /**
121 * @param string $msg
122 * @throws HTMLPurifier_ConfigSchema_Exception
123 */
124 protected function error($msg)
125 {
126 throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
127 }
128}
129
130// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser
new file mode 100644
index 00000000..22ea3218
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser
Binary files differ
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
new file mode 100644
index 00000000..4a42382e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
@@ -0,0 +1,8 @@
1Attr.AllowedClasses
2TYPE: lookup/null
3VERSION: 4.0.0
4DEFAULT: null
5--DESCRIPTION--
6List of allowed class values in the class attribute. By default, this is null,
7which means all classes are allowed.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
new file mode 100644
index 00000000..b033eb51
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
@@ -0,0 +1,12 @@
1Attr.AllowedFrameTargets
2TYPE: lookup
3DEFAULT: array()
4--DESCRIPTION--
5Lookup table of all allowed link frame targets. Some commonly used link
6targets include _blank, _self, _parent and _top. Values should be
7lowercase, as validation will be done in a case-sensitive manner despite
8W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
9so this directive will have no effect in that doctype. XHTML 1.1 does not
10enable the Target module by default, you will have to manually enable it
11(see the module documentation for more details.)
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
new file mode 100644
index 00000000..ed72a9d5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
@@ -0,0 +1,9 @@
1Attr.AllowedRel
2TYPE: lookup
3VERSION: 1.6.0
4DEFAULT: array()
5--DESCRIPTION--
6List of allowed forward document relationships in the rel attribute. Common
7values may be nofollow or print. By default, this is empty, meaning that no
8document relationships are allowed.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
new file mode 100644
index 00000000..1ae672d0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
@@ -0,0 +1,9 @@
1Attr.AllowedRev
2TYPE: lookup
3VERSION: 1.6.0
4DEFAULT: array()
5--DESCRIPTION--
6List of allowed reverse document relationships in the rev attribute. This
7attribute is a bit of an edge-case; if you don't know what it is for, stay
8away.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
new file mode 100644
index 00000000..119a9d2c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
@@ -0,0 +1,19 @@
1Attr.ClassUseCDATA
2TYPE: bool/null
3DEFAULT: null
4VERSION: 4.0.0
5--DESCRIPTION--
6If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
7XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
8it will use a relaxed CDATA definition. If true, the relaxed CDATA definition
9is forced; if false, the NMTOKENS definition is forced. To get behavior
10of HTML Purifier prior to 4.0.0, set this directive to false.
11
12Some rational behind the auto-detection:
13in previous versions of HTML Purifier, it was assumed that the form of
14class was NMTOKENS, as specified by the XHTML Modularization (representing
15XHTML 1.1 and XHTML 2.0). The DTDs for HTML 4.01 and XHTML 1.0, however
16specify class as CDATA. HTML 5 effectively defines it as CDATA, but
17with the additional constraint that each name should be unique (this is not
18explicitly outlined in previous specifications).
19--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
new file mode 100644
index 00000000..80b1431c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
@@ -0,0 +1,11 @@
1Attr.DefaultImageAlt
2TYPE: string/null
3DEFAULT: null
4VERSION: 3.2.0
5--DESCRIPTION--
6This is the content of the alt tag of an image if the user had not
7previously specified an alt attribute. This applies to all images without
8a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which
9only applies to invalid images, and overrides in the case of an invalid image.
10Default behavior with null is to use the basename of the src tag for the alt.
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
new file mode 100644
index 00000000..c51000d1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
@@ -0,0 +1,9 @@
1Attr.DefaultInvalidImage
2TYPE: string
3DEFAULT: ''
4--DESCRIPTION--
5This is the default image an img tag will be pointed to if it does not have
6a valid src attribute. In future versions, we may allow the image tag to
7be removed completely, but due to design issues, this is not possible right
8now.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
new file mode 100644
index 00000000..c1ec4b03
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
@@ -0,0 +1,8 @@
1Attr.DefaultInvalidImageAlt
2TYPE: string
3DEFAULT: 'Invalid image'
4--DESCRIPTION--
5This is the content of the alt tag of an invalid image if the user had not
6previously specified an alt attribute. It has no effect when the image is
7valid but there was no alt attribute present.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
new file mode 100644
index 00000000..f57dcc40
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
@@ -0,0 +1,10 @@
1Attr.DefaultTextDir
2TYPE: string
3DEFAULT: 'ltr'
4--DESCRIPTION--
5Defines the default text direction (ltr or rtl) of the document being
6parsed. This generally is the same as the value of the dir attribute in
7HTML, or ltr if that is not specified.
8--ALLOWED--
9'ltr', 'rtl'
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
new file mode 100644
index 00000000..9b93a557
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
@@ -0,0 +1,16 @@
1Attr.EnableID
2TYPE: bool
3DEFAULT: false
4VERSION: 1.2.0
5--DESCRIPTION--
6Allows the ID attribute in HTML. This is disabled by default due to the
7fact that without proper configuration user input can easily break the
8validation of a webpage by specifying an ID that is already on the
9surrounding HTML. If you don't mind throwing caution to the wind, enable
10this directive, but I strongly recommend you also consider blacklisting IDs
11you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
12(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
13pre-1.2.0 versions.
14--ALIASES--
15HTML.EnableAttrID
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
new file mode 100644
index 00000000..fed8954c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
@@ -0,0 +1,8 @@
1Attr.ForbiddenClasses
2TYPE: lookup
3VERSION: 4.0.0
4DEFAULT: array()
5--DESCRIPTION--
6List of forbidden class values in the class attribute. By default, this is
7empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
new file mode 100644
index 00000000..52168bb5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
@@ -0,0 +1,5 @@
1Attr.IDBlacklist
2TYPE: list
3DEFAULT: array()
4DESCRIPTION: Array of IDs not allowed in the document.
5--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
new file mode 100644
index 00000000..7b850430
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
@@ -0,0 +1,9 @@
1Attr.IDBlacklistRegexp
2TYPE: string/null
3VERSION: 1.6.0
4DEFAULT: NULL
5--DESCRIPTION--
6PCRE regular expression to be matched against all IDs. If the expression is
7matches, the ID is rejected. Use this with care: may cause significant
8degradation. ID matching is done after all other validation.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
new file mode 100644
index 00000000..57813827
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
@@ -0,0 +1,12 @@
1Attr.IDPrefix
2TYPE: string
3VERSION: 1.2.0
4DEFAULT: ''
5--DESCRIPTION--
6String to prefix to IDs. If you have no idea what IDs your pages may use,
7you may opt to simply add a prefix to all user-submitted ID attributes so
8that they are still usable, but will not conflict with core page IDs.
9Example: setting the directive to 'user_' will result in a user submitted
10'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
11before using this.
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
new file mode 100644
index 00000000..f91fcd60
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
@@ -0,0 +1,14 @@
1Attr.IDPrefixLocal
2TYPE: string
3VERSION: 1.2.0
4DEFAULT: ''
5--DESCRIPTION--
6Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you
7need to allow multiple sets of user content on web page, you may need to
8have a seperate prefix that changes with each iteration. This way,
9seperately submitted user content displayed on the same page doesn't
10clobber each other. Ideal values are unique identifiers for the content it
11represents (i.e. the id of the row in the database). Be sure to add a
12seperator (like an underscore) at the end. Warning: this directive will
13not work unless %Attr.IDPrefix is set to a non-empty value!
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
new file mode 100644
index 00000000..2d7f94e0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
@@ -0,0 +1,31 @@
1AutoFormat.AutoParagraph
2TYPE: bool
3VERSION: 2.0.1
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 This directive turns on auto-paragraphing, where double newlines are
9 converted in to paragraphs whenever possible. Auto-paragraphing:
10</p>
11<ul>
12 <li>Always applies to inline elements or text in the root node,</li>
13 <li>Applies to inline elements or text with double newlines in nodes
14 that allow paragraph tags,</li>
15 <li>Applies to double newlines in paragraph tags</li>
16</ul>
17<p>
18 <code>p</code> tags must be allowed for this directive to take effect.
19 We do not use <code>br</code> tags for paragraphing, as that is
20 semantically incorrect.
21</p>
22<p>
23 To prevent auto-paragraphing as a content-producer, refrain from using
24 double-newlines except to specify a new paragraph or in contexts where
25 it has special meaning (whitespace usually has no meaning except in
26 tags like <code>pre</code>, so this should not be difficult.) To prevent
27 the paragraphing of inline text adjacent to block elements, wrap them
28 in <code>div</code> tags (the behavior is slightly different outside of
29 the root node.)
30</p>
31--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
new file mode 100644
index 00000000..2eb1974f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
@@ -0,0 +1,12 @@
1AutoFormat.Custom
2TYPE: list
3VERSION: 2.0.1
4DEFAULT: array()
5--DESCRIPTION--
6
7<p>
8 This directive can be used to add custom auto-format injectors.
9 Specify an array of injector names (class name minus the prefix)
10 or concrete implementations. Injector class must exist.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
new file mode 100644
index 00000000..c955de7f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
@@ -0,0 +1,11 @@
1AutoFormat.DisplayLinkURI
2TYPE: bool
3VERSION: 3.2.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 This directive turns on the in-text display of URIs in &lt;a&gt; tags, and disables
8 those links. For example, <a href="http://example.com">example</a> becomes
9 example (<a>http://example.com</a>).
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
new file mode 100644
index 00000000..328b2b2b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
@@ -0,0 +1,12 @@
1AutoFormat.Linkify
2TYPE: bool
3VERSION: 2.0.1
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 This directive turns on linkification, auto-linking http, ftp and
9 https URLs. <code>a</code> tags with the <code>href</code> attribute
10 must be allowed.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
new file mode 100644
index 00000000..d0532b6b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
@@ -0,0 +1,12 @@
1AutoFormat.PurifierLinkify.DocURL
2TYPE: string
3VERSION: 2.0.1
4DEFAULT: '#%s'
5ALIASES: AutoFormatParam.PurifierLinkifyDocURL
6--DESCRIPTION--
7<p>
8 Location of configuration documentation to link to, let %s substitute
9 into the configuration's namespace and directive names sans the percent
10 sign.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
new file mode 100644
index 00000000..f3ab259a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
@@ -0,0 +1,12 @@
1AutoFormat.PurifierLinkify
2TYPE: bool
3VERSION: 2.0.1
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 Internal auto-formatter that converts configuration directives in
9 syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
10 with the <code>href</code> attribute must be allowed.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
new file mode 100644
index 00000000..219d04ac
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
@@ -0,0 +1,11 @@
1AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
2TYPE: lookup
3VERSION: 4.0.0
4DEFAULT: array('td' => true, 'th' => true)
5--DESCRIPTION--
6<p>
7 When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
8 are enabled, this directive defines what HTML elements should not be
9 removede if they have only a non-breaking space in them.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
new file mode 100644
index 00000000..5f355d66
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
@@ -0,0 +1,15 @@
1AutoFormat.RemoveEmpty.RemoveNbsp
2TYPE: bool
3VERSION: 4.0.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 When enabled, HTML Purifier will treat any elements that contain only
8 non-breaking spaces as well as regular whitespace as empty, and remove
9 them when %AutoForamt.RemoveEmpty is enabled.
10</p>
11<p>
12 See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements
13 that don't have this behavior applied to them.
14</p>
15--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
new file mode 100644
index 00000000..6b5a7a5c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
@@ -0,0 +1,46 @@
1AutoFormat.RemoveEmpty
2TYPE: bool
3VERSION: 3.2.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 When enabled, HTML Purifier will attempt to remove empty elements that
8 contribute no semantic information to the document. The following types
9 of nodes will be removed:
10</p>
11<ul><li>
12 Tags with no attributes and no content, and that are not empty
13 elements (remove <code>&lt;a&gt;&lt;/a&gt;</code> but not
14 <code>&lt;br /&gt;</code>), and
15 </li>
16 <li>
17 Tags with no content, except for:<ul>
18 <li>The <code>colgroup</code> element, or</li>
19 <li>
20 Elements with the <code>id</code> or <code>name</code> attribute,
21 when those attributes are permitted on those elements.
22 </li>
23 </ul></li>
24</ul>
25<p>
26 Please be very careful when using this functionality; while it may not
27 seem that empty elements contain useful information, they can alter the
28 layout of a document given appropriate styling. This directive is most
29 useful when you are processing machine-generated HTML, please avoid using
30 it on regular user HTML.
31</p>
32<p>
33 Elements that contain only whitespace will be treated as empty. Non-breaking
34 spaces, however, do not count as whitespace. See
35 %AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
36</p>
37<p>
38 This algorithm is not perfect; you may still notice some empty tags,
39 particularly if a node had elements, but those elements were later removed
40 because they were not permitted in that context, or tags that, after
41 being auto-closed by another tag, where empty. This is for safety reasons
42 to prevent clever code from breaking validation. The general rule of thumb:
43 if a tag looked empty on the way in, it will get removed; if HTML Purifier
44 made it empty, it will stay.
45</p>
46--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
new file mode 100644
index 00000000..a448770e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
@@ -0,0 +1,11 @@
1AutoFormat.RemoveSpansWithoutAttributes
2TYPE: bool
3VERSION: 4.0.1
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 This directive causes <code>span</code> tags without any attributes
8 to be removed. It will also remove spans that had all attributes
9 removed during processing.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
new file mode 100644
index 00000000..8096eb01
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
@@ -0,0 +1,8 @@
1CSS.AllowImportant
2TYPE: bool
3DEFAULT: false
4VERSION: 3.1.0
5--DESCRIPTION--
6This parameter determines whether or not !important cascade modifiers should
7be allowed in user CSS. If false, !important will stripped.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
new file mode 100644
index 00000000..9d34debc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
@@ -0,0 +1,11 @@
1CSS.AllowTricky
2TYPE: bool
3DEFAULT: false
4VERSION: 3.1.0
5--DESCRIPTION--
6This parameter determines whether or not to allow "tricky" CSS properties and
7values. Tricky CSS properties/values can drastically modify page layout or
8be used for deceptive practices but do not directly constitute a security risk.
9For example, <code>display:none;</code> is considered a tricky property that
10will only be allowed if this directive is set to true.
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
new file mode 100644
index 00000000..7c2b5476
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
@@ -0,0 +1,12 @@
1CSS.AllowedFonts
2TYPE: lookup/null
3VERSION: 4.3.0
4DEFAULT: NULL
5--DESCRIPTION--
6<p>
7 Allows you to manually specify a set of allowed fonts. If
8 <code>NULL</code>, all fonts are allowed. This directive
9 affects generic names (serif, sans-serif, monospace, cursive,
10 fantasy) as well as specific font families.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
new file mode 100644
index 00000000..f1ba513c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
@@ -0,0 +1,18 @@
1CSS.AllowedProperties
2TYPE: lookup/null
3VERSION: 3.1.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 If HTML Purifier's style attributes set is unsatisfactory for your needs,
9 you can overload it with your own list of tags to allow. Note that this
10 method is subtractive: it does its job by taking away from HTML Purifier
11 usual feature set, so you cannot add an attribute that HTML Purifier never
12 supported in the first place.
13</p>
14<p>
15 <strong>Warning:</strong> If another directive conflicts with the
16 elements here, <em>that</em> directive will win and override.
17</p>
18--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
new file mode 100644
index 00000000..96b41082
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
@@ -0,0 +1,11 @@
1CSS.DefinitionRev
2TYPE: int
3VERSION: 2.0.0
4DEFAULT: 1
5--DESCRIPTION--
6
7<p>
8 Revision identifier for your custom definition. See
9 %HTML.DefinitionRev for details.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
new file mode 100644
index 00000000..923e8e99
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
@@ -0,0 +1,13 @@
1CSS.ForbiddenProperties
2TYPE: lookup
3VERSION: 4.2.0
4DEFAULT: array()
5--DESCRIPTION--
6<p>
7 This is the logical inverse of %CSS.AllowedProperties, and it will
8 override that directive or any other directive. If possible,
9 %CSS.AllowedProperties is recommended over this directive,
10 because it can sometimes be difficult to tell whether or not you've
11 forbidden all of the CSS properties you truly would like to disallow.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
new file mode 100644
index 00000000..3808581e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
@@ -0,0 +1,16 @@
1CSS.MaxImgLength
2TYPE: string/null
3DEFAULT: '1200px'
4VERSION: 3.1.1
5--DESCRIPTION--
6<p>
7 This parameter sets the maximum allowed length on <code>img</code> tags,
8 effectively the <code>width</code> and <code>height</code> properties.
9 Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
10 in place to prevent imagecrash attacks, disable with null at your own risk.
11 This directive is similar to %HTML.MaxImgLength, and both should be
12 concurrently edited, although there are
13 subtle differences in the input format (the CSS max is a number with
14 a unit).
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
new file mode 100644
index 00000000..8a26f228
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
@@ -0,0 +1,10 @@
1CSS.Proprietary
2TYPE: bool
3VERSION: 3.0.0
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 Whether or not to allow safe, proprietary CSS values.
9</p>
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
new file mode 100644
index 00000000..917ec42b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
@@ -0,0 +1,9 @@
1CSS.Trusted
2TYPE: bool
3VERSION: 4.2.1
4DEFAULT: false
5--DESCRIPTION--
6Indicates whether or not the user's CSS input is trusted or not. If the
7input is trusted, a more expansive set of allowed properties. See
8also %HTML.Trusted.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
new file mode 100644
index 00000000..afc6a87a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
@@ -0,0 +1,14 @@
1Cache.DefinitionImpl
2TYPE: string/null
3VERSION: 2.0.0
4DEFAULT: 'Serializer'
5--DESCRIPTION--
6
7This directive defines which method to use when caching definitions,
8the complex data-type that makes HTML Purifier tick. Set to null
9to disable caching (not recommended, as you will see a definite
10performance degradation).
11
12--ALIASES--
13Core.DefinitionCache
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
new file mode 100644
index 00000000..668f248a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
@@ -0,0 +1,13 @@
1Cache.SerializerPath
2TYPE: string/null
3VERSION: 2.0.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 Absolute path with no trailing slash to store serialized definitions in.
9 Default is within the
10 HTML Purifier library inside DefinitionCache/Serializer. This
11 path must be writable by the webserver.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
new file mode 100644
index 00000000..9c27b0ac
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
@@ -0,0 +1,11 @@
1Cache.SerializerPermissions
2TYPE: int
3VERSION: 4.3.0
4DEFAULT: 0755
5--DESCRIPTION--
6
7<p>
8 Directory permissions of the files and directories created inside
9 the DefinitionCache/Serializer or other custom serializer path.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
new file mode 100644
index 00000000..e0fa378e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
@@ -0,0 +1,18 @@
1Core.AggressivelyFixLt
2TYPE: bool
3VERSION: 2.1.0
4DEFAULT: true
5--DESCRIPTION--
6<p>
7 This directive enables aggressive pre-filter fixes HTML Purifier can
8 perform in order to ensure that open angled-brackets do not get killed
9 during parsing stage. Enabling this will result in two preg_replace_callback
10 calls and at least two preg_replace calls for every HTML document parsed;
11 if your users make very well-formed HTML, you can set this directive false.
12 This has no effect when DirectLex is used.
13</p>
14<p>
15 <strong>Notice:</strong> This directive's default turned from false to true
16 in HTML Purifier 3.2.0.
17</p>
18--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
new file mode 100644
index 00000000..405d36f1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
@@ -0,0 +1,16 @@
1Core.AllowHostnameUnderscore
2TYPE: bool
3VERSION: 4.6.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 By RFC 1123, underscores are not permitted in host names.
8 (This is in contrast to the specification for DNS, RFC
9 2181, which allows underscores.)
10 However, most browsers do the right thing when faced with
11 an underscore in the host name, and so some poorly written
12 websites are written with the expectation this should work.
13 Setting this parameter to true relaxes our allowed character
14 check so that underscores are permitted.
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
new file mode 100644
index 00000000..c6ea0699
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
@@ -0,0 +1,12 @@
1Core.CollectErrors
2TYPE: bool
3VERSION: 2.0.0
4DEFAULT: false
5--DESCRIPTION--
6
7Whether or not to collect errors found while filtering the document. This
8is a useful way to give feedback to your users. <strong>Warning:</strong>
9Currently this feature is very patchy and experimental, with lots of
10possible error messages not yet implemented. It will not cause any
11problems, but it may not help your users either.
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
new file mode 100644
index 00000000..f7823982
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
@@ -0,0 +1,29 @@
1Core.ColorKeywords
2TYPE: hash
3VERSION: 2.0.0
4--DEFAULT--
5array (
6 'maroon' => '#800000',
7 'red' => '#FF0000',
8 'orange' => '#FFA500',
9 'yellow' => '#FFFF00',
10 'olive' => '#808000',
11 'purple' => '#800080',
12 'fuchsia' => '#FF00FF',
13 'white' => '#FFFFFF',
14 'lime' => '#00FF00',
15 'green' => '#008000',
16 'navy' => '#000080',
17 'blue' => '#0000FF',
18 'aqua' => '#00FFFF',
19 'teal' => '#008080',
20 'black' => '#000000',
21 'silver' => '#C0C0C0',
22 'gray' => '#808080',
23)
24--DESCRIPTION--
25
26Lookup array of color names to six digit hexadecimal number corresponding
27to color, with preceding hash mark. Used when parsing colors. The lookup
28is done in a case-insensitive manner.
29--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
new file mode 100644
index 00000000..656d3783
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
@@ -0,0 +1,14 @@
1Core.ConvertDocumentToFragment
2TYPE: bool
3DEFAULT: true
4--DESCRIPTION--
5
6This parameter determines whether or not the filter should convert
7input that is a full document with html and body tags to a fragment
8of just the contents of a body tag. This parameter is simply something
9HTML Purifier can do during an edge-case: for most inputs, this
10processing is not necessary.
11
12--ALIASES--
13Core.AcceptFullDocuments
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
new file mode 100644
index 00000000..2f54e462
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
@@ -0,0 +1,17 @@
1Core.DirectLexLineNumberSyncInterval
2TYPE: int
3VERSION: 2.0.0
4DEFAULT: 0
5--DESCRIPTION--
6
7<p>
8 Specifies the number of tokens the DirectLex line number tracking
9 implementations should process before attempting to resyncronize the
10 current line count by manually counting all previous new-lines. When
11 at 0, this functionality is disabled. Lower values will decrease
12 performance, and this is only strictly necessary if the counting
13 algorithm is buggy (in which case you should report it as a bug).
14 This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
15 not being used.
16</p>
17--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
new file mode 100644
index 00000000..3c63c923
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
@@ -0,0 +1,14 @@
1Core.DisableExcludes
2TYPE: bool
3DEFAULT: false
4VERSION: 4.5.0
5--DESCRIPTION--
6<p>
7 This directive disables SGML-style exclusions, e.g. the exclusion of
8 <code>&lt;object&gt;</code> in any descendant of a
9 <code>&lt;pre&gt;</code> tag. Disabling excludes will allow some
10 invalid documents to pass through HTML Purifier, but HTML Purifier
11 will also be less likely to accidentally remove large documents during
12 processing.
13</p>
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
new file mode 100644
index 00000000..7f498e7e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
@@ -0,0 +1,9 @@
1Core.EnableIDNA
2TYPE: bool
3DEFAULT: false
4VERSION: 4.4.0
5--DESCRIPTION--
6Allows international domain names in URLs. This configuration option
7requires the PEAR Net_IDNA2 module to be installed. It operates by
8punycoding any internationalized host names for maximum portability.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
new file mode 100644
index 00000000..89e2ae34
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
@@ -0,0 +1,15 @@
1Core.Encoding
2TYPE: istring
3DEFAULT: 'utf-8'
4--DESCRIPTION--
5If for some reason you are unable to convert all webpages to UTF-8, you can
6use this directive as a stop-gap compatibility change to let HTML Purifier
7deal with non UTF-8 input. This technique has notable deficiencies:
8absolutely no characters outside of the selected character encoding will be
9preserved, not even the ones that have been ampersand escaped (this is due
10to a UTF-8 specific <em>feature</em> that automatically resolves all
11entities), making it pretty useless for anything except the most I18N-blind
12applications, although %Core.EscapeNonASCIICharacters offers fixes this
13trouble with another tradeoff. This directive only accepts ISO-8859-1 if
14iconv is not enabled.
15--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
new file mode 100644
index 00000000..1cc3fcda
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
@@ -0,0 +1,12 @@
1Core.EscapeInvalidChildren
2TYPE: bool
3DEFAULT: false
4--DESCRIPTION--
5<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
6
7<p>When true, a child is found that is not allowed in the context of the
8parent element will be transformed into text as if it were ASCII. When
9false, that element and all internal tags will be dropped, though text will
10be preserved. There is no option for dropping the element but preserving
11child nodes.</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
new file mode 100644
index 00000000..299775fa
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
@@ -0,0 +1,7 @@
1Core.EscapeInvalidTags
2TYPE: bool
3DEFAULT: false
4--DESCRIPTION--
5When true, invalid tags will be written back to the document as plain text.
6Otherwise, they are silently dropped.
7--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
new file mode 100644
index 00000000..f50db2f9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
@@ -0,0 +1,13 @@
1Core.EscapeNonASCIICharacters
2TYPE: bool
3VERSION: 1.4.0
4DEFAULT: false
5--DESCRIPTION--
6This directive overcomes a deficiency in %Core.Encoding by blindly
7converting all non-ASCII characters into decimal numeric entities before
8converting it to its native encoding. This means that even characters that
9can be expressed in the non-UTF-8 encoding will be entity-ized, which can
10be a real downer for encodings like Big5. It also assumes that the ASCII
11repetoire is available, although this is the case for almost all encodings.
12Anyway, use UTF-8!
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
new file mode 100644
index 00000000..c337e47f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
@@ -0,0 +1,19 @@
1Core.HiddenElements
2TYPE: lookup
3--DEFAULT--
4array (
5 'script' => true,
6 'style' => true,
7)
8--DESCRIPTION--
9
10<p>
11 This directive is a lookup array of elements which should have their
12 contents removed when they are not allowed by the HTML definition.
13 For example, the contents of a <code>script</code> tag are not
14 normally shown in a document, so if script tags are to be removed,
15 their contents should be removed to. This is opposed to a <code>b</code>
16 tag, which defines some presentational changes but does not hide its
17 contents.
18</p>
19--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
new file mode 100644
index 00000000..ed1f39b5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
@@ -0,0 +1,10 @@
1Core.Language
2TYPE: string
3VERSION: 2.0.0
4DEFAULT: 'en'
5--DESCRIPTION--
6
7ISO 639 language code for localizable things in HTML Purifier to use,
8which is mainly error reporting. There is currently only an English (en)
9translation, so this directive is currently useless.
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
new file mode 100644
index 00000000..e11c0152
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
@@ -0,0 +1,34 @@
1Core.LexerImpl
2TYPE: mixed/null
3VERSION: 2.0.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 This parameter determines what lexer implementation can be used. The
9 valid values are:
10</p>
11<dl>
12 <dt><em>null</em></dt>
13 <dd>
14 Recommended, the lexer implementation will be auto-detected based on
15 your PHP-version and configuration.
16 </dd>
17 <dt><em>string</em> lexer identifier</dt>
18 <dd>
19 This is a slim way of manually overridding the implementation.
20 Currently recognized values are: DOMLex (the default PHP5
21implementation)
22 and DirectLex (the default PHP4 implementation). Only use this if
23 you know what you are doing: usually, the auto-detection will
24 manage things for cases you aren't even aware of.
25 </dd>
26 <dt><em>object</em> lexer instance</dt>
27 <dd>
28 Super-advanced: you can specify your own, custom, implementation that
29 implements the interface defined by <code>HTMLPurifier_Lexer</code>.
30 I may remove this option simply because I don't expect anyone
31 to use it.
32 </dd>
33</dl>
34--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
new file mode 100644
index 00000000..838f10f6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
@@ -0,0 +1,16 @@
1Core.MaintainLineNumbers
2TYPE: bool/null
3VERSION: 2.0.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 If true, HTML Purifier will add line number information to all tokens.
9 This is useful when error reporting is turned on, but can result in
10 significant performance degradation and should not be used when
11 unnecessary. This directive must be used with the DirectLex lexer,
12 as the DOMLex lexer does not (yet) support this functionality.
13 If the value is null, an appropriate value will be selected based
14 on other configuration.
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
new file mode 100644
index 00000000..94a88600
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
@@ -0,0 +1,11 @@
1Core.NormalizeNewlines
2TYPE: bool
3VERSION: 4.2.0
4DEFAULT: true
5--DESCRIPTION--
6<p>
7 Whether or not to normalize newlines to the operating
8 system default. When <code>false</code>, HTML Purifier
9 will attempt to preserve mixed newline files.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
new file mode 100644
index 00000000..704ac56c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
@@ -0,0 +1,12 @@
1Core.RemoveInvalidImg
2TYPE: bool
3DEFAULT: true
4VERSION: 1.3.0
5--DESCRIPTION--
6
7<p>
8 This directive enables pre-emptive URI checking in <code>img</code>
9 tags, as the attribute validation strategy is not authorized to
10 remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
new file mode 100644
index 00000000..ed6f1342
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
@@ -0,0 +1,11 @@
1Core.RemoveProcessingInstructions
2TYPE: bool
3VERSION: 4.2.0
4DEFAULT: false
5--DESCRIPTION--
6Instead of escaping processing instructions in the form <code>&lt;? ...
7?&gt;</code>, remove it out-right. This may be useful if the HTML
8you are validating contains XML processing instruction gunk, however,
9it can also be user-unfriendly for people attempting to post PHP
10snippets.
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
new file mode 100644
index 00000000..efbe994c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
@@ -0,0 +1,12 @@
1Core.RemoveScriptContents
2TYPE: bool/null
3DEFAULT: NULL
4VERSION: 2.0.0
5DEPRECATED-VERSION: 2.1.0
6DEPRECATED-USE: Core.HiddenElements
7--DESCRIPTION--
8<p>
9 This directive enables HTML Purifier to remove not only script tags
10 but all of their contents.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
new file mode 100644
index 00000000..861ae66c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
@@ -0,0 +1,11 @@
1Filter.Custom
2TYPE: list
3VERSION: 3.1.0
4DEFAULT: array()
5--DESCRIPTION--
6<p>
7 This directive can be used to add custom filters; it is nearly the
8 equivalent of the now deprecated <code>HTMLPurifier-&gt;addFilter()</code>
9 method. Specify an array of concrete implementations.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
new file mode 100644
index 00000000..69602635
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
@@ -0,0 +1,14 @@
1Filter.ExtractStyleBlocks.Escaping
2TYPE: bool
3VERSION: 3.0.0
4DEFAULT: true
5ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
6--DESCRIPTION--
7
8<p>
9 Whether or not to escape the dangerous characters &lt;, &gt; and &amp;
10 as \3C, \3E and \26, respectively. This is can be safely set to false
11 if the contents of StyleBlocks will be placed in an external stylesheet,
12 where there is no risk of it being interpreted as HTML.
13</p>
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
new file mode 100644
index 00000000..baa81ae0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
@@ -0,0 +1,29 @@
1Filter.ExtractStyleBlocks.Scope
2TYPE: string/null
3VERSION: 3.0.0
4DEFAULT: NULL
5ALIASES: Filter.ExtractStyleBlocksScope, FilterParam.ExtractStyleBlocksScope
6--DESCRIPTION--
7
8<p>
9 If you would like users to be able to define external stylesheets, but
10 only allow them to specify CSS declarations for a specific node and
11 prevent them from fiddling with other elements, use this directive.
12 It accepts any valid CSS selector, and will prepend this to any
13 CSS declaration extracted from the document. For example, if this
14 directive is set to <code>#user-content</code> and a user uses the
15 selector <code>a:hover</code>, the final selector will be
16 <code>#user-content a:hover</code>.
17</p>
18<p>
19 The comma shorthand may be used; consider the above example, with
20 <code>#user-content, #user-content2</code>, the final selector will
21 be <code>#user-content a:hover, #user-content2 a:hover</code>.
22</p>
23<p>
24 <strong>Warning:</strong> It is possible for users to bypass this measure
25 using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
26 Purifier, and I am working to get it fixed. Until then, HTML Purifier
27 performs a basic check to prevent this.
28</p>
29--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
new file mode 100644
index 00000000..3b701891
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
@@ -0,0 +1,16 @@
1Filter.ExtractStyleBlocks.TidyImpl
2TYPE: mixed/null
3VERSION: 3.1.0
4DEFAULT: NULL
5ALIASES: FilterParam.ExtractStyleBlocksTidyImpl
6--DESCRIPTION--
7<p>
8 If left NULL, HTML Purifier will attempt to instantiate a <code>csstidy</code>
9 class to use for internal cleaning. This will usually be good enough.
10</p>
11<p>
12 However, for trusted user input, you can set this to <code>false</code> to
13 disable cleaning. In addition, you can supply your own concrete implementation
14 of Tidy's interface to use, although I don't know why you'd want to do that.
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
new file mode 100644
index 00000000..be0177d4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
@@ -0,0 +1,74 @@
1Filter.ExtractStyleBlocks
2TYPE: bool
3VERSION: 3.1.0
4DEFAULT: false
5EXTERNAL: CSSTidy
6--DESCRIPTION--
7<p>
8 This directive turns on the style block extraction filter, which removes
9 <code>style</code> blocks from input HTML, cleans them up with CSSTidy,
10 and places them in the <code>StyleBlocks</code> context variable, for further
11 use by you, usually to be placed in an external stylesheet, or a
12 <code>style</code> block in the <code>head</code> of your document.
13</p>
14<p>
15 Sample usage:
16</p>
17<pre><![CDATA[
18<?php
19 header('Content-type: text/html; charset=utf-8');
20 echo '<?xml version="1.0" encoding="UTF-8"?>';
21?>
22<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
23 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
24<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
25<head>
26 <title>Filter.ExtractStyleBlocks</title>
27<?php
28 require_once '/path/to/library/HTMLPurifier.auto.php';
29 require_once '/path/to/csstidy.class.php';
30
31 $dirty = '<style>body {color:#F00;}</style> Some text';
32
33 $config = HTMLPurifier_Config::createDefault();
34 $config->set('Filter', 'ExtractStyleBlocks', true);
35 $purifier = new HTMLPurifier($config);
36
37 $html = $purifier->purify($dirty);
38
39 // This implementation writes the stylesheets to the styles/ directory.
40 // You can also echo the styles inside the document, but it's a bit
41 // more difficult to make sure they get interpreted properly by
42 // browsers; try the usual CSS armoring techniques.
43 $styles = $purifier->context->get('StyleBlocks');
44 $dir = 'styles/';
45 if (!is_dir($dir)) mkdir($dir);
46 $hash = sha1($_GET['html']);
47 foreach ($styles as $i => $style) {
48 file_put_contents($name = $dir . $hash . "_$i");
49 echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />';
50 }
51?>
52</head>
53<body>
54 <div>
55 <?php echo $html; ?>
56 </div>
57</b]]><![CDATA[ody>
58</html>
59]]></pre>
60<p>
61 <strong>Warning:</strong> It is possible for a user to mount an
62 imagecrash attack using this CSS. Counter-measures are difficult;
63 it is not simply enough to limit the range of CSS lengths (using
64 relative lengths with many nesting levels allows for large values
65 to be attained without actually specifying them in the stylesheet),
66 and the flexible nature of selectors makes it difficult to selectively
67 disable lengths on image tags (HTML Purifier, however, does disable
68 CSS width and height in inline styling). There are probably two effective
69 counter measures: an explicit width and height set to auto in all
70 images in your document (unlikely) or the disabling of width and
71 height (somewhat reasonable). Whether or not these measures should be
72 used is left to the reader.
73</p>
74--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
new file mode 100644
index 00000000..88221866
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
@@ -0,0 +1,16 @@
1Filter.YouTube
2TYPE: bool
3VERSION: 3.1.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 <strong>Warning:</strong> Deprecated in favor of %HTML.SafeObject and
8 %Output.FlashCompat (turn both on to allow YouTube videos and other
9 Flash content).
10</p>
11<p>
12 This directive enables YouTube video embedding in HTML Purifier. Check
13 <a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
14 on embedding videos</a> for more information on what this filter does.
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
new file mode 100644
index 00000000..afd48a0d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
@@ -0,0 +1,25 @@
1HTML.Allowed
2TYPE: itext/null
3VERSION: 2.0.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 This is a preferred convenience directive that combines
9 %HTML.AllowedElements and %HTML.AllowedAttributes.
10 Specify elements and attributes that are allowed using:
11 <code>element1[attr1|attr2],element2...</code>. For example,
12 if you would like to only allow paragraphs and links, specify
13 <code>a[href],p</code>. You can specify attributes that apply
14 to all elements using an asterisk, e.g. <code>*[lang]</code>.
15 You can also use newlines instead of commas to separate elements.
16</p>
17<p>
18 <strong>Warning</strong>:
19 All of the constraints on the component directives are still enforced.
20 The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
21 whitelist: directly copy-pasting it here will probably result in
22 broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
23 are set, this directive has no effect.
24</p>
25--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
new file mode 100644
index 00000000..0e6ec54f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
@@ -0,0 +1,19 @@
1HTML.AllowedAttributes
2TYPE: lookup/null
3VERSION: 1.3.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 If HTML Purifier's attribute set is unsatisfactory, overload it!
9 The syntax is "tag.attr" or "*.attr" for the global attributes
10 (style, id, class, dir, lang, xml:lang).
11</p>
12<p>
13 <strong>Warning:</strong> If another directive conflicts with the
14 elements here, <em>that</em> directive will win and override. For
15 example, %HTML.EnableAttrID will take precedence over *.id in this
16 directive. You must set that directive to true before you can use
17 IDs at all.
18</p>
19--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
new file mode 100644
index 00000000..8440bc39
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
@@ -0,0 +1,10 @@
1HTML.AllowedComments
2TYPE: lookup
3VERSION: 4.4.0
4DEFAULT: array()
5--DESCRIPTION--
6A whitelist which indicates what explicit comment bodies should be
7allowed, modulo leading and trailing whitespace. See also %HTML.AllowedCommentsRegexp
8(these directives are union'ed together, so a comment is considered
9valid if any directive deems it valid.)
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
new file mode 100644
index 00000000..b1e65beb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
@@ -0,0 +1,15 @@
1HTML.AllowedCommentsRegexp
2TYPE: string/null
3VERSION: 4.4.0
4DEFAULT: NULL
5--DESCRIPTION--
6A regexp, which if it matches the body of a comment, indicates that
7it should be allowed. Trailing and leading spaces are removed prior
8to running this regular expression.
9<strong>Warning:</strong> Make sure you specify
10correct anchor metacharacters <code>^regex$</code>, otherwise you may accept
11comments that you did not mean to! In particular, the regex <code>/foo|bar/</code>
12is probably not sufficiently strict, since it also allows <code>foobar</code>.
13See also %HTML.AllowedComments (these directives are union'ed together,
14so a comment is considered valid if any directive deems it valid.)
15--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
new file mode 100644
index 00000000..ca3c13dd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
@@ -0,0 +1,23 @@
1HTML.AllowedElements
2TYPE: lookup/null
3VERSION: 1.3.0
4DEFAULT: NULL
5--DESCRIPTION--
6<p>
7 If HTML Purifier's tag set is unsatisfactory for your needs, you can
8 overload it with your own list of tags to allow. If you change
9 this, you probably also want to change %HTML.AllowedAttributes; see
10 also %HTML.Allowed which lets you set allowed elements and
11 attributes at the same time.
12</p>
13<p>
14 If you attempt to allow an element that HTML Purifier does not know
15 about, HTML Purifier will raise an error. You will need to manually
16 tell HTML Purifier about this element by using the
17 <a href="http://htmlpurifier.org/docs/enduser-customize.html">advanced customization features.</a>
18</p>
19<p>
20 <strong>Warning:</strong> If another directive conflicts with the
21 elements here, <em>that</em> directive will win and override.
22</p>
23--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
new file mode 100644
index 00000000..e373791a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
@@ -0,0 +1,20 @@
1HTML.AllowedModules
2TYPE: lookup/null
3VERSION: 2.0.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 A doctype comes with a set of usual modules to use. Without having
9 to mucking about with the doctypes, you can quickly activate or
10 disable these modules by specifying which modules you wish to allow
11 with this directive. This is most useful for unit testing specific
12 modules, although end users may find it useful for their own ends.
13</p>
14<p>
15 If you specify a module that does not exist, the manager will silently
16 fail to use it, so be careful! User-defined modules are not affected
17 by this directive. Modules defined in %HTML.CoreModules are not
18 affected by this directive.
19</p>
20--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
new file mode 100644
index 00000000..75d680ee
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
@@ -0,0 +1,11 @@
1HTML.Attr.Name.UseCDATA
2TYPE: bool
3DEFAULT: false
4VERSION: 4.0.0
5--DESCRIPTION--
6The W3C specification DTD defines the name attribute to be CDATA, not ID, due
7to limitations of DTD. In certain documents, this relaxed behavior is desired,
8whether it is to specify duplicate names, or to specify names that would be
9illegal IDs (for example, names that begin with a digit.) Set this configuration
10directive to true to use the relaxed parsing rules.
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
new file mode 100644
index 00000000..f32b802c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
@@ -0,0 +1,18 @@
1HTML.BlockWrapper
2TYPE: string
3VERSION: 1.3.0
4DEFAULT: 'p'
5--DESCRIPTION--
6
7<p>
8 String name of element to wrap inline elements that are inside a block
9 context. This only occurs in the children of blockquote in strict mode.
10</p>
11<p>
12 Example: by default value,
13 <code>&lt;blockquote&gt;Foo&lt;/blockquote&gt;</code> would become
14 <code>&lt;blockquote&gt;&lt;p&gt;Foo&lt;/p&gt;&lt;/blockquote&gt;</code>.
15 The <code>&lt;p&gt;</code> tags can be replaced with whatever you desire,
16 as long as it is a block level element.
17</p>
18--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
new file mode 100644
index 00000000..fc8e4020
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
@@ -0,0 +1,23 @@
1HTML.CoreModules
2TYPE: lookup
3VERSION: 2.0.0
4--DEFAULT--
5array (
6 'Structure' => true,
7 'Text' => true,
8 'Hypertext' => true,
9 'List' => true,
10 'NonXMLCommonAttributes' => true,
11 'XMLCommonAttributes' => true,
12 'CommonAttributes' => true,
13)
14--DESCRIPTION--
15
16<p>
17 Certain modularized doctypes (XHTML, namely), have certain modules
18 that must be included for the doctype to be an conforming document
19 type: put those modules here. By default, XHTML's core modules
20 are used. You can set this to a blank array to disable core module
21 protection, but this is not recommended.
22</p>
23--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
new file mode 100644
index 00000000..a2bde5dc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
@@ -0,0 +1,9 @@
1HTML.CustomDoctype
2TYPE: string/null
3VERSION: 2.0.1
4DEFAULT: NULL
5--DESCRIPTION--
6
7A custom doctype for power-users who defined there own document
8type. This directive only applies when %HTML.Doctype is blank.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
new file mode 100644
index 00000000..f5433e3f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
@@ -0,0 +1,33 @@
1HTML.DefinitionID
2TYPE: string/null
3DEFAULT: NULL
4VERSION: 2.0.0
5--DESCRIPTION--
6
7<p>
8 Unique identifier for a custom-built HTML definition. If you edit
9 the raw version of the HTMLDefinition, introducing changes that the
10 configuration object does not reflect, you must specify this variable.
11 If you change your custom edits, you should change this directive, or
12 clear your cache. Example:
13</p>
14<pre>
15$config = HTMLPurifier_Config::createDefault();
16$config->set('HTML', 'DefinitionID', '1');
17$def = $config->getHTMLDefinition();
18$def->addAttribute('a', 'tabindex', 'Number');
19</pre>
20<p>
21 In the above example, the configuration is still at the defaults, but
22 using the advanced API, an extra attribute has been added. The
23 configuration object normally has no way of knowing that this change
24 has taken place, so it needs an extra directive: %HTML.DefinitionID.
25 If someone else attempts to use the default configuration, these two
26 pieces of code will not clobber each other in the cache, since one has
27 an extra directive attached to it.
28</p>
29<p>
30 You <em>must</em> specify a value to this directive to use the
31 advanced API features.
32</p>
33--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
new file mode 100644
index 00000000..0bb5a718
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
@@ -0,0 +1,16 @@
1HTML.DefinitionRev
2TYPE: int
3VERSION: 2.0.0
4DEFAULT: 1
5--DESCRIPTION--
6
7<p>
8 Revision identifier for your custom definition specified in
9 %HTML.DefinitionID. This serves the same purpose: uniquely identifying
10 your custom definition, but this one does so in a chronological
11 context: revision 3 is more up-to-date then revision 2. Thus, when
12 this gets incremented, the cache handling is smart enough to clean
13 up any older revisions of your definition as well as flush the
14 cache.
15</p>
16--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
new file mode 100644
index 00000000..a6969b99
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
@@ -0,0 +1,11 @@
1HTML.Doctype
2TYPE: string/null
3DEFAULT: NULL
4--DESCRIPTION--
5Doctype to use during filtering. Technically speaking this is not actually
6a doctype (as it does not identify a corresponding DTD), but we are using
7this name for sake of simplicity. When non-blank, this will override any
8older directives like %HTML.XHTML or %HTML.Strict.
9--ALLOWED--
10'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
new file mode 100644
index 00000000..08d641f9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
@@ -0,0 +1,11 @@
1HTML.FlashAllowFullScreen
2TYPE: bool
3VERSION: 4.2.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Whether or not to permit embedded Flash content from
8 %HTML.SafeObject to expand to the full screen. Corresponds to
9 the <code>allowFullScreen</code> parameter.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
new file mode 100644
index 00000000..2b8df97c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
@@ -0,0 +1,21 @@
1HTML.ForbiddenAttributes
2TYPE: lookup
3VERSION: 3.1.0
4DEFAULT: array()
5--DESCRIPTION--
6<p>
7 While this directive is similar to %HTML.AllowedAttributes, for
8 forwards-compatibility with XML, this attribute has a different syntax. Instead of
9 <code>tag.attr</code>, use <code>tag@attr</code>. To disallow <code>href</code>
10 attributes in <code>a</code> tags, set this directive to
11 <code>a@href</code>. You can also disallow an attribute globally with
12 <code>attr</code> or <code>*@attr</code> (either syntax is fine; the latter
13 is provided for consistency with %HTML.AllowedAttributes).
14</p>
15<p>
16 <strong>Warning:</strong> This directive complements %HTML.ForbiddenElements,
17 accordingly, check
18 out that directive for a discussion of why you
19 should think twice before using this directive.
20</p>
21--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
new file mode 100644
index 00000000..40466c46
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
@@ -0,0 +1,20 @@
1HTML.ForbiddenElements
2TYPE: lookup
3VERSION: 3.1.0
4DEFAULT: array()
5--DESCRIPTION--
6<p>
7 This was, perhaps, the most requested feature ever in HTML
8 Purifier. Please don't abuse it! This is the logical inverse of
9 %HTML.AllowedElements, and it will override that directive, or any
10 other directive.
11</p>
12<p>
13 If possible, %HTML.Allowed is recommended over this directive, because it
14 can sometimes be difficult to tell whether or not you've forbidden all of
15 the behavior you would like to disallow. If you forbid <code>img</code>
16 with the expectation of preventing images on your site, you'll be in for
17 a nasty surprise when people start using the <code>background-image</code>
18 CSS property.
19</p>
20--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
new file mode 100644
index 00000000..31974795
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
@@ -0,0 +1,14 @@
1HTML.MaxImgLength
2TYPE: int/null
3DEFAULT: 1200
4VERSION: 3.1.1
5--DESCRIPTION--
6<p>
7 This directive controls the maximum number of pixels in the width and
8 height attributes in <code>img</code> tags. This is
9 in place to prevent imagecrash attacks, disable with null at your own risk.
10 This directive is similar to %CSS.MaxImgLength, and both should be
11 concurrently edited, although there are
12 subtle differences in the input format (the HTML max is an integer).
13</p>
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
new file mode 100644
index 00000000..7aa35635
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
@@ -0,0 +1,7 @@
1HTML.Nofollow
2TYPE: bool
3VERSION: 4.3.0
4DEFAULT: FALSE
5--DESCRIPTION--
6If enabled, nofollow rel attributes are added to all outgoing links.
7--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
new file mode 100644
index 00000000..2d2fbd11
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
@@ -0,0 +1,12 @@
1HTML.Parent
2TYPE: string
3VERSION: 1.3.0
4DEFAULT: 'div'
5--DESCRIPTION--
6
7<p>
8 String name of element that HTML fragment passed to library will be
9 inserted in. An interesting variation would be using span as the
10 parent element, meaning that only inline tags would be allowed.
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
new file mode 100644
index 00000000..b3c45e19
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
@@ -0,0 +1,12 @@
1HTML.Proprietary
2TYPE: bool
3VERSION: 3.1.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Whether or not to allow proprietary elements and attributes in your
8 documents, as per <code>HTMLPurifier_HTMLModule_Proprietary</code>.
9 <strong>Warning:</strong> This can cause your documents to stop
10 validating!
11</p>
12--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
new file mode 100644
index 00000000..556fa674
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
@@ -0,0 +1,13 @@
1HTML.SafeEmbed
2TYPE: bool
3VERSION: 3.1.1
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Whether or not to permit embed tags in documents, with a number of extra
8 security features added to prevent script execution. This is similar to
9 what websites like MySpace do to embed tags. Embed is a proprietary
10 element and will cause your website to stop validating; you should
11 see if you can use %Output.FlashCompat with %HTML.SafeObject instead
12 first.</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
new file mode 100644
index 00000000..295a8cf6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
@@ -0,0 +1,13 @@
1HTML.SafeIframe
2TYPE: bool
3VERSION: 4.4.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Whether or not to permit iframe tags in untrusted documents. This
8 directive must be accompanied by a whitelist of permitted iframes,
9 such as %URI.SafeIframeRegexp, otherwise it will fatally error.
10 This directive has no effect on strict doctypes, as iframes are not
11 valid.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
new file mode 100644
index 00000000..07f6e536
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
@@ -0,0 +1,13 @@
1HTML.SafeObject
2TYPE: bool
3VERSION: 3.1.1
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Whether or not to permit object tags in documents, with a number of extra
8 security features added to prevent script execution. This is similar to
9 what websites like MySpace do to object tags. You should also enable
10 %Output.FlashCompat in order to generate Internet Explorer
11 compatibility code for your object tags.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
new file mode 100644
index 00000000..641b4a8d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
@@ -0,0 +1,10 @@
1HTML.SafeScripting
2TYPE: lookup
3VERSION: 4.5.0
4DEFAULT: array()
5--DESCRIPTION--
6<p>
7 Whether or not to permit script tags to external scripts in documents.
8 Inline scripting is not allowed, and the script must match an explicit whitelist.
9</p>
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
new file mode 100644
index 00000000..d99663a5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
@@ -0,0 +1,9 @@
1HTML.Strict
2TYPE: bool
3VERSION: 1.3.0
4DEFAULT: false
5DEPRECATED-VERSION: 1.7.0
6DEPRECATED-USE: HTML.Doctype
7--DESCRIPTION--
8Determines whether or not to use Transitional (loose) or Strict rulesets.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
new file mode 100644
index 00000000..d65f0d04
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
@@ -0,0 +1,8 @@
1HTML.TargetBlank
2TYPE: bool
3VERSION: 4.4.0
4DEFAULT: FALSE
5--DESCRIPTION--
6If enabled, <code>target=blank</code> attributes are added to all outgoing links.
7(This includes links from an HTTPS version of a page to an HTTP version.)
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
new file mode 100644
index 00000000..602453f6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
@@ -0,0 +1,8 @@
1HTML.TidyAdd
2TYPE: lookup
3VERSION: 2.0.0
4DEFAULT: array()
5--DESCRIPTION--
6
7Fixes to add to the default set of Tidy fixes as per your level.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
new file mode 100644
index 00000000..bf943e8f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
@@ -0,0 +1,24 @@
1HTML.TidyLevel
2TYPE: string
3VERSION: 2.0.0
4DEFAULT: 'medium'
5--DESCRIPTION--
6
7<p>General level of cleanliness the Tidy module should enforce.
8There are four allowed values:</p>
9<dl>
10 <dt>none</dt>
11 <dd>No extra tidying should be done</dd>
12 <dt>light</dt>
13 <dd>Only fix elements that would be discarded otherwise due to
14 lack of support in doctype</dd>
15 <dt>medium</dt>
16 <dd>Enforce best practices</dd>
17 <dt>heavy</dt>
18 <dd>Transform all deprecated elements and attributes to standards
19 compliant equivalents</dd>
20</dl>
21
22--ALLOWED--
23'none', 'light', 'medium', 'heavy'
24--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
new file mode 100644
index 00000000..92cca2a4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
@@ -0,0 +1,8 @@
1HTML.TidyRemove
2TYPE: lookup
3VERSION: 2.0.0
4DEFAULT: array()
5--DESCRIPTION--
6
7Fixes to remove from the default set of Tidy fixes as per your level.
8--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
new file mode 100644
index 00000000..bc8e6549
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
@@ -0,0 +1,9 @@
1HTML.Trusted
2TYPE: bool
3VERSION: 2.0.0
4DEFAULT: false
5--DESCRIPTION--
6Indicates whether or not the user input is trusted or not. If the input is
7trusted, a more expansive set of allowed tags and attributes will be used.
8See also %CSS.Trusted.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
new file mode 100644
index 00000000..a3c2f42c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
@@ -0,0 +1,11 @@
1HTML.XHTML
2TYPE: bool
3DEFAULT: true
4VERSION: 1.1.0
5DEPRECATED-VERSION: 1.7.0
6DEPRECATED-USE: HTML.Doctype
7--DESCRIPTION--
8Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor.
9--ALIASES--
10Core.XHTML
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
new file mode 100644
index 00000000..2a137047
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
@@ -0,0 +1,10 @@
1Output.CommentScriptContents
2TYPE: bool
3VERSION: 2.0.0
4DEFAULT: true
5--DESCRIPTION--
6Determines whether or not HTML Purifier should attempt to fix up the
7contents of script tags for legacy browsers with comments.
8--ALIASES--
9Core.CommentScriptContents
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
new file mode 100644
index 00000000..d215ba2d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
@@ -0,0 +1,15 @@
1Output.FixInnerHTML
2TYPE: bool
3VERSION: 4.3.0
4DEFAULT: true
5--DESCRIPTION--
6<p>
7 If true, HTML Purifier will protect against Internet Explorer's
8 mishandling of the <code>innerHTML</code> attribute by appending
9 a space to any attribute that does not contain angled brackets, spaces
10 or quotes, but contains a backtick. This slightly changes the
11 semantics of any given attribute, so if this is unacceptable and
12 you do not use <code>innerHTML</code> on any of your pages, you can
13 turn this directive off.
14</p>
15--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
new file mode 100644
index 00000000..e58f91aa
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
@@ -0,0 +1,11 @@
1Output.FlashCompat
2TYPE: bool
3VERSION: 4.1.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 If true, HTML Purifier will generate Internet Explorer compatibility
8 code for all object code. This is highly recommended if you enable
9 %HTML.SafeObject.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
new file mode 100644
index 00000000..4bb90252
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
@@ -0,0 +1,13 @@
1Output.Newline
2TYPE: string/null
3VERSION: 2.0.1
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 Newline string to format final output with. If left null, HTML Purifier
9 will auto-detect the default newline type of the system and use that;
10 you can manually override it here. Remember, \r\n is Windows, \r
11 is Mac, and \n is Unix.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
new file mode 100644
index 00000000..32231065
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
@@ -0,0 +1,14 @@
1Output.SortAttr
2TYPE: bool
3VERSION: 3.2.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 If true, HTML Purifier will sort attributes by name before writing them back
8 to the document, converting a tag like: <code>&lt;el b="" a="" c="" /&gt;</code>
9 to <code>&lt;el a="" b="" c="" /&gt;</code>. This is a workaround for
10 a bug in FCKeditor which causes it to swap attributes order, adding noise
11 to text diffs. If you're not seeing this bug, chances are, you don't need
12 this directive.
13</p>
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
new file mode 100644
index 00000000..23dd4d3d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
@@ -0,0 +1,25 @@
1Output.TidyFormat
2TYPE: bool
3VERSION: 1.1.1
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Determines whether or not to run Tidy on the final output for pretty
8 formatting reasons, such as indentation and wrap.
9</p>
10<p>
11 This can greatly improve readability for editors who are hand-editing
12 the HTML, but is by no means necessary as HTML Purifier has already
13 fixed all major errors the HTML may have had. Tidy is a non-default
14 extension, and this directive will silently fail if Tidy is not
15 available.
16</p>
17<p>
18 If you are looking to make the overall look of your page's source
19 better, I recommend running Tidy on the entire page rather than just
20 user-content (after all, the indentation relative to the containing
21 blocks will be incorrect).
22</p>
23--ALIASES--
24Core.TidyFormat
25--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
new file mode 100644
index 00000000..d1820cdb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
@@ -0,0 +1,7 @@
1Test.ForceNoIconv
2TYPE: bool
3DEFAULT: false
4--DESCRIPTION--
5When set to true, HTMLPurifier_Encoder will act as if iconv does not exist
6and use only pure PHP implementations.
7--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
new file mode 100644
index 00000000..47714f5d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@@ -0,0 +1,17 @@
1URI.AllowedSchemes
2TYPE: lookup
3--DEFAULT--
4array (
5 'http' => true,
6 'https' => true,
7 'mailto' => true,
8 'ftp' => true,
9 'nntp' => true,
10 'news' => true,
11)
12--DESCRIPTION--
13Whitelist that defines the schemes that a URI is allowed to have. This
14prevents XSS attacks from using pseudo-schemes like javascript or mocha.
15There is also support for the <code>data</code> and <code>file</code>
16URI schemes, but they are not enabled by default.
17--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
new file mode 100644
index 00000000..ba473080
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
@@ -0,0 +1,17 @@
1URI.Base
2TYPE: string/null
3VERSION: 2.1.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 The base URI is the URI of the document this purified HTML will be
9 inserted into. This information is important if HTML Purifier needs
10 to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
11 is on. You may use a non-absolute URI for this value, but behavior
12 may vary (%URI.MakeAbsolute deals nicely with both absolute and
13 relative paths, but forwards-compatibility is not guaranteed).
14 <strong>Warning:</strong> If set, the scheme on this URI
15 overrides the one specified by %URI.DefaultScheme.
16</p>
17--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
new file mode 100644
index 00000000..0700e0b1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
@@ -0,0 +1,10 @@
1URI.DefaultScheme
2TYPE: string
3DEFAULT: 'http'
4--DESCRIPTION--
5
6<p>
7 Defines through what scheme the output will be served, in order to
8 select the proper object validator when no scheme information is present.
9</p>
10--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
new file mode 100644
index 00000000..523204c0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
@@ -0,0 +1,11 @@
1URI.DefinitionID
2TYPE: string/null
3VERSION: 2.1.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 Unique identifier for a custom-built URI definition. If you want
9 to add custom URIFilters, you must specify this value.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
new file mode 100644
index 00000000..a9c07b1a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
@@ -0,0 +1,11 @@
1URI.DefinitionRev
2TYPE: int
3VERSION: 2.1.0
4DEFAULT: 1
5--DESCRIPTION--
6
7<p>
8 Revision identifier for your custom definition. See
9 %HTML.DefinitionRev for details.
10</p>
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
new file mode 100644
index 00000000..b19ca1d5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
@@ -0,0 +1,14 @@
1URI.Disable
2TYPE: bool
3VERSION: 1.3.0
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 Disables all URIs in all forms. Not sure why you'd want to do that
9 (after all, the Internet's founded on the notion of a hyperlink).
10</p>
11
12--ALIASES--
13Attr.DisableURI
14--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
new file mode 100644
index 00000000..9132ea4f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
@@ -0,0 +1,11 @@
1URI.DisableExternal
2TYPE: bool
3VERSION: 1.2.0
4DEFAULT: false
5--DESCRIPTION--
6Disables links to external websites. This is a highly effective anti-spam
7and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
8images outside of your domain will be allowed. Non-linkified URIs will
9still be preserved. If you want to be able to link to subdomains or use
10absolute URIs, specify %URI.Host for your website.
11--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
new file mode 100644
index 00000000..d74bc1e3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
@@ -0,0 +1,13 @@
1URI.DisableExternalResources
2TYPE: bool
3VERSION: 1.3.0
4DEFAULT: false
5--DESCRIPTION--
6Disables the embedding of external resources, preventing users from
7embedding things like images from other hosts. This prevents access
8tracking (good for email viewers), bandwidth leeching, cross-site request
9forging, goatse.cx posting, and other nasties, but also results in a loss
10of end-user functionality (they can't directly post a pic they posted from
11Flickr anymore). Use it if you don't have a robust user-content moderation
12team.
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
new file mode 100644
index 00000000..6c106144
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
@@ -0,0 +1,15 @@
1URI.DisableResources
2TYPE: bool
3VERSION: 4.2.0
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 Disables embedding resources, essentially meaning no pictures. You can
8 still link to them though. See %URI.DisableExternalResources for why
9 this might be a good idea.
10</p>
11<p>
12 <em>Note:</em> While this directive has been available since 1.3.0,
13 it didn't actually start doing anything until 4.2.0.
14</p>
15--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
new file mode 100644
index 00000000..ba0e6bce
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
@@ -0,0 +1,19 @@
1URI.Host
2TYPE: string/null
3VERSION: 1.2.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 Defines the domain name of the server, so we can determine whether or
9 an absolute URI is from your website or not. Not strictly necessary,
10 as users should be using relative URIs to reference resources on your
11 website. It will, however, let you use absolute URIs to link to
12 subdomains of the domain you post here: i.e. example.com will allow
13 sub.example.com. However, higher up domains will still be excluded:
14 if you set %URI.Host to sub.example.com, example.com will be blocked.
15 <strong>Note:</strong> This directive overrides %URI.Base because
16 a given page may be on a sub-domain, but you wish HTML Purifier to be
17 more relaxed and allow some of the parent domains too.
18</p>
19--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
new file mode 100644
index 00000000..825fef27
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
@@ -0,0 +1,9 @@
1URI.HostBlacklist
2TYPE: list
3VERSION: 1.3.0
4DEFAULT: array()
5--DESCRIPTION--
6List of strings that are forbidden in the host of any URI. Use it to kill
7domain names of spam, etc. Note that it will catch anything in the domain,
8so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
new file mode 100644
index 00000000..eb58c7f1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
@@ -0,0 +1,13 @@
1URI.MakeAbsolute
2TYPE: bool
3VERSION: 2.1.0
4DEFAULT: false
5--DESCRIPTION--
6
7<p>
8 Converts all URIs into absolute forms. This is useful when the HTML
9 being filtered assumes a specific base path, but will actually be
10 viewed in a different context (and setting an alternate base URI is
11 not possible). %URI.Base must be set for this directive to work.
12</p>
13--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
new file mode 100644
index 00000000..bedd610d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
@@ -0,0 +1,83 @@
1URI.Munge
2TYPE: string/null
3VERSION: 1.3.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8 Munges all browsable (usually http, https and ftp)
9 absolute URIs into another URI, usually a URI redirection service.
10 This directive accepts a URI, formatted with a <code>%s</code> where
11 the url-encoded original URI should be inserted (sample:
12 <code>http://www.google.com/url?q=%s</code>).
13</p>
14<p>
15 Uses for this directive:
16</p>
17<ul>
18 <li>
19 Prevent PageRank leaks, while being fairly transparent
20 to users (you may also want to add some client side JavaScript to
21 override the text in the statusbar). <strong>Notice</strong>:
22 Many security experts believe that this form of protection does not deter spam-bots.
23 </li>
24 <li>
25 Redirect users to a splash page telling them they are leaving your
26 website. While this is poor usability practice, it is often mandated
27 in corporate environments.
28 </li>
29</ul>
30<p>
31 Prior to HTML Purifier 3.1.1, this directive also enabled the munging
32 of browsable external resources, which could break things if your redirection
33 script was a splash page or used <code>meta</code> tags. To revert to
34 previous behavior, please use %URI.MungeResources.
35</p>
36<p>
37 You may want to also use %URI.MungeSecretKey along with this directive
38 in order to enforce what URIs your redirector script allows. Open
39 redirector scripts can be a security risk and negatively affect the
40 reputation of your domain name.
41</p>
42<p>
43 Starting with HTML Purifier 3.1.1, there is also these substitutions:
44</p>
45<table>
46 <thead>
47 <tr>
48 <th>Key</th>
49 <th>Description</th>
50 <th>Example <code>&lt;a href=""&gt;</code></th>
51 </tr>
52 </thead>
53 <tbody>
54 <tr>
55 <td>%r</td>
56 <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
57 <td></td>
58 </tr>
59 <tr>
60 <td>%n</td>
61 <td>The name of the tag this URI came from</td>
62 <td>a</td>
63 </tr>
64 <tr>
65 <td>%m</td>
66 <td>The name of the attribute this URI came from</td>
67 <td>href</td>
68 </tr>
69 <tr>
70 <td>%p</td>
71 <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
72 <td></td>
73 </tr>
74 </tbody>
75</table>
76<p>
77 Admittedly, these letters are somewhat arbitrary; the only stipulation
78 was that they couldn't be a through f. r is for resource (I would have preferred
79 e, but you take what you can get), n is for name, m
80 was picked because it came after n (and I couldn't use a), p is for
81 property.
82</p>
83--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
new file mode 100644
index 00000000..ed4b5b0d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
@@ -0,0 +1,17 @@
1URI.MungeResources
2TYPE: bool
3VERSION: 3.1.1
4DEFAULT: false
5--DESCRIPTION--
6<p>
7 If true, any URI munging directives like %URI.Munge
8 will also apply to embedded resources, such as <code>&lt;img src=""&gt;</code>.
9 Be careful enabling this directive if you have a redirector script
10 that does not use the <code>Location</code> HTTP header; all of your images
11 and other embedded resources will break.
12</p>
13<p>
14 <strong>Warning:</strong> It is strongly advised you use this in conjunction
15 %URI.MungeSecretKey to mitigate the security risk of an open redirector.
16</p>
17--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
new file mode 100644
index 00000000..123b6e26
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
@@ -0,0 +1,30 @@
1URI.MungeSecretKey
2TYPE: string/null
3VERSION: 3.1.1
4DEFAULT: NULL
5--DESCRIPTION--
6<p>
7 This directive enables secure checksum generation along with %URI.Munge.
8 It should be set to a secure key that is not shared with anyone else.
9 The checksum can be placed in the URI using %t. Use of this checksum
10 affords an additional level of protection by allowing a redirector
11 to check if a URI has passed through HTML Purifier with this line:
12</p>
13
14<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
15
16<p>
17 If the output is TRUE, the redirector script should accept the URI.
18</p>
19
20<p>
21 Please note that it would still be possible for an attacker to procure
22 secure hashes en-mass by abusing your website's Preview feature or the
23 like, but this service affords an additional level of protection
24 that should be combined with website blacklisting.
25</p>
26
27<p>
28 Remember this has no effect if %URI.Munge is not on.
29</p>
30--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
new file mode 100644
index 00000000..8b387dea
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
@@ -0,0 +1,9 @@
1URI.OverrideAllowedSchemes
2TYPE: bool
3DEFAULT: true
4--DESCRIPTION--
5If this is set to true (which it is by default), you can override
6%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the
7registry. If false, you will also have to update that directive in order
8to add more schemes.
9--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
new file mode 100644
index 00000000..7e1f227f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
@@ -0,0 +1,22 @@
1URI.SafeIframeRegexp
2TYPE: string/null
3VERSION: 4.4.0
4DEFAULT: NULL
5--DESCRIPTION--
6<p>
7 A PCRE regular expression that will be matched against an iframe URI. This is
8 a relatively inflexible scheme, but works well enough for the most common
9 use-case of iframes: embedded video. This directive only has an effect if
10 %HTML.SafeIframe is enabled. Here are some example values:
11</p>
12<ul>
13 <li><code>%^http://www.youtube.com/embed/%</code> - Allow YouTube videos</li>
14 <li><code>%^http://player.vimeo.com/video/%</code> - Allow Vimeo videos</li>
15 <li><code>%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%</code> - Allow both</li>
16</ul>
17<p>
18 Note that this directive does not give you enough granularity to, say, disable
19 all <code>autoplay</code> videos. Pipe up on the HTML Purifier forums if this
20 is a capability you want.
21</p>
22--# vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini
new file mode 100644
index 00000000..58e0ce4a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini
@@ -0,0 +1,3 @@
1name = "HTML Purifier"
2
3; vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ContentSets.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ContentSets.php
new file mode 100644
index 00000000..f68b1963
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ContentSets.php
@@ -0,0 +1,170 @@
1<?php
2
3/**
4 * @todo Unit test
5 */
6class HTMLPurifier_ContentSets
7{
8
9 /**
10 * List of content set strings (pipe separators) indexed by name.
11 * @type array
12 */
13 public $info = array();
14
15 /**
16 * List of content set lookups (element => true) indexed by name.
17 * @type array
18 * @note This is in HTMLPurifier_HTMLDefinition->info_content_sets
19 */
20 public $lookup = array();
21
22 /**
23 * Synchronized list of defined content sets (keys of info).
24 * @type array
25 */
26 protected $keys = array();
27 /**
28 * Synchronized list of defined content values (values of info).
29 * @type array
30 */
31 protected $values = array();
32
33 /**
34 * Merges in module's content sets, expands identifiers in the content
35 * sets and populates the keys, values and lookup member variables.
36 * @param HTMLPurifier_HTMLModule[] $modules List of HTMLPurifier_HTMLModule
37 */
38 public function __construct($modules)
39 {
40 if (!is_array($modules)) {
41 $modules = array($modules);
42 }
43 // populate content_sets based on module hints
44 // sorry, no way of overloading
45 foreach ($modules as $module) {
46 foreach ($module->content_sets as $key => $value) {
47 $temp = $this->convertToLookup($value);
48 if (isset($this->lookup[$key])) {
49 // add it into the existing content set
50 $this->lookup[$key] = array_merge($this->lookup[$key], $temp);
51 } else {
52 $this->lookup[$key] = $temp;
53 }
54 }
55 }
56 $old_lookup = false;
57 while ($old_lookup !== $this->lookup) {
58 $old_lookup = $this->lookup;
59 foreach ($this->lookup as $i => $set) {
60 $add = array();
61 foreach ($set as $element => $x) {
62 if (isset($this->lookup[$element])) {
63 $add += $this->lookup[$element];
64 unset($this->lookup[$i][$element]);
65 }
66 }
67 $this->lookup[$i] += $add;
68 }
69 }
70
71 foreach ($this->lookup as $key => $lookup) {
72 $this->info[$key] = implode(' | ', array_keys($lookup));
73 }
74 $this->keys = array_keys($this->info);
75 $this->values = array_values($this->info);
76 }
77
78 /**
79 * Accepts a definition; generates and assigns a ChildDef for it
80 * @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef reference
81 * @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
82 */
83 public function generateChildDef(&$def, $module)
84 {
85 if (!empty($def->child)) { // already done!
86 return;
87 }
88 $content_model = $def->content_model;
89 if (is_string($content_model)) {
90 // Assume that $this->keys is alphanumeric
91 $def->content_model = preg_replace_callback(
92 '/\b(' . implode('|', $this->keys) . ')\b/',
93 array($this, 'generateChildDefCallback'),
94 $content_model
95 );
96 //$def->content_model = str_replace(
97 // $this->keys, $this->values, $content_model);
98 }
99 $def->child = $this->getChildDef($def, $module);
100 }
101
102 public function generateChildDefCallback($matches)
103 {
104 return $this->info[$matches[0]];
105 }
106
107 /**
108 * Instantiates a ChildDef based on content_model and content_model_type
109 * member variables in HTMLPurifier_ElementDef
110 * @note This will also defer to modules for custom HTMLPurifier_ChildDef
111 * subclasses that need content set expansion
112 * @param HTMLPurifier_ElementDef $def HTMLPurifier_ElementDef to have ChildDef extracted
113 * @param HTMLPurifier_HTMLModule $module Module that defined the ElementDef
114 * @return HTMLPurifier_ChildDef corresponding to ElementDef
115 */
116 public function getChildDef($def, $module)
117 {
118 $value = $def->content_model;
119 if (is_object($value)) {
120 trigger_error(
121 'Literal object child definitions should be stored in '.
122 'ElementDef->child not ElementDef->content_model',
123 E_USER_NOTICE
124 );
125 return $value;
126 }
127 switch ($def->content_model_type) {
128 case 'required':
129 return new HTMLPurifier_ChildDef_Required($value);
130 case 'optional':
131 return new HTMLPurifier_ChildDef_Optional($value);
132 case 'empty':
133 return new HTMLPurifier_ChildDef_Empty();
134 case 'custom':
135 return new HTMLPurifier_ChildDef_Custom($value);
136 }
137 // defer to its module
138 $return = false;
139 if ($module->defines_child_def) { // save a func call
140 $return = $module->getChildDef($def);
141 }
142 if ($return !== false) {
143 return $return;
144 }
145 // error-out
146 trigger_error(
147 'Could not determine which ChildDef class to instantiate',
148 E_USER_ERROR
149 );
150 return false;
151 }
152
153 /**
154 * Converts a string list of elements separated by pipes into
155 * a lookup array.
156 * @param string $string List of elements
157 * @return array Lookup array of elements
158 */
159 protected function convertToLookup($string)
160 {
161 $array = explode('|', str_replace(' ', '', $string));
162 $ret = array();
163 foreach ($array as $k) {
164 $ret[$k] = true;
165 }
166 return $ret;
167 }
168}
169
170// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Context.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Context.php
new file mode 100644
index 00000000..5ad536d5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Context.php
@@ -0,0 +1,95 @@
1<?php
2
3/**
4 * Registry object that contains information about the current context.
5 * @warning Is a bit buggy when variables are set to null: it thinks
6 * they don't exist! So use false instead, please.
7 * @note Since the variables Context deals with may not be objects,
8 * references are very important here! Do not remove!
9 */
10class HTMLPurifier_Context
11{
12
13 /**
14 * Private array that stores the references.
15 * @type array
16 */
17 private $_storage = array();
18
19 /**
20 * Registers a variable into the context.
21 * @param string $name String name
22 * @param mixed $ref Reference to variable to be registered
23 */
24 public function register($name, &$ref)
25 {
26 if (array_key_exists($name, $this->_storage)) {
27 trigger_error(
28 "Name $name produces collision, cannot re-register",
29 E_USER_ERROR
30 );
31 return;
32 }
33 $this->_storage[$name] =& $ref;
34 }
35
36 /**
37 * Retrieves a variable reference from the context.
38 * @param string $name String name
39 * @param bool $ignore_error Boolean whether or not to ignore error
40 * @return mixed
41 */
42 public function &get($name, $ignore_error = false)
43 {
44 if (!array_key_exists($name, $this->_storage)) {
45 if (!$ignore_error) {
46 trigger_error(
47 "Attempted to retrieve non-existent variable $name",
48 E_USER_ERROR
49 );
50 }
51 $var = null; // so we can return by reference
52 return $var;
53 }
54 return $this->_storage[$name];
55 }
56
57 /**
58 * Destroys a variable in the context.
59 * @param string $name String name
60 */
61 public function destroy($name)
62 {
63 if (!array_key_exists($name, $this->_storage)) {
64 trigger_error(
65 "Attempted to destroy non-existent variable $name",
66 E_USER_ERROR
67 );
68 return;
69 }
70 unset($this->_storage[$name]);
71 }
72
73 /**
74 * Checks whether or not the variable exists.
75 * @param string $name String name
76 * @return bool
77 */
78 public function exists($name)
79 {
80 return array_key_exists($name, $this->_storage);
81 }
82
83 /**
84 * Loads a series of variables from an associative array
85 * @param array $context_array Assoc array of variables to load
86 */
87 public function loadArray($context_array)
88 {
89 foreach ($context_array as $key => $discard) {
90 $this->register($key, $context_array[$key]);
91 }
92 }
93}
94
95// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Definition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Definition.php
new file mode 100644
index 00000000..f987e603
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Definition.php
@@ -0,0 +1,55 @@
1<?php
2
3/**
4 * Super-class for definition datatype objects, implements serialization
5 * functions for the class.
6 */
7abstract class HTMLPurifier_Definition
8{
9
10 /**
11 * Has setup() been called yet?
12 * @type bool
13 */
14 public $setup = false;
15
16 /**
17 * If true, write out the final definition object to the cache after
18 * setup. This will be true only if all invocations to get a raw
19 * definition object are also optimized. This does not cause file
20 * system thrashing because on subsequent calls the cached object
21 * is used and any writes to the raw definition object are short
22 * circuited. See enduser-customize.html for the high-level
23 * picture.
24 * @type bool
25 */
26 public $optimized = null;
27
28 /**
29 * What type of definition is it?
30 * @type string
31 */
32 public $type;
33
34 /**
35 * Sets up the definition object into the final form, something
36 * not done by the constructor
37 * @param HTMLPurifier_Config $config
38 */
39 abstract protected function doSetup($config);
40
41 /**
42 * Setup function that aborts if already setup
43 * @param HTMLPurifier_Config $config
44 */
45 public function setup($config)
46 {
47 if ($this->setup) {
48 return;
49 }
50 $this->setup = true;
51 $this->doSetup($config);
52 }
53}
54
55// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache.php
new file mode 100644
index 00000000..d7f0bb1c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache.php
@@ -0,0 +1,129 @@
1<?php
2
3/**
4 * Abstract class representing Definition cache managers that implements
5 * useful common methods and is a factory.
6 * @todo Create a separate maintenance file advanced users can use to
7 * cache their custom HTMLDefinition, which can be loaded
8 * via a configuration directive
9 * @todo Implement memcached
10 */
11abstract class HTMLPurifier_DefinitionCache
12{
13 /**
14 * @type string
15 */
16 public $type;
17
18 /**
19 * @param string $type Type of definition objects this instance of the
20 * cache will handle.
21 */
22 public function __construct($type)
23 {
24 $this->type = $type;
25 }
26
27 /**
28 * Generates a unique identifier for a particular configuration
29 * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
30 * @return string
31 */
32 public function generateKey($config)
33 {
34 return $config->version . ',' . // possibly replace with function calls
35 $config->getBatchSerial($this->type) . ',' .
36 $config->get($this->type . '.DefinitionRev');
37 }
38
39 /**
40 * Tests whether or not a key is old with respect to the configuration's
41 * version and revision number.
42 * @param string $key Key to test
43 * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config to test against
44 * @return bool
45 */
46 public function isOld($key, $config)
47 {
48 if (substr_count($key, ',') < 2) {
49 return true;
50 }
51 list($version, $hash, $revision) = explode(',', $key, 3);
52 $compare = version_compare($version, $config->version);
53 // version mismatch, is always old
54 if ($compare != 0) {
55 return true;
56 }
57 // versions match, ids match, check revision number
58 if ($hash == $config->getBatchSerial($this->type) &&
59 $revision < $config->get($this->type . '.DefinitionRev')) {
60 return true;
61 }
62 return false;
63 }
64
65 /**
66 * Checks if a definition's type jives with the cache's type
67 * @note Throws an error on failure
68 * @param HTMLPurifier_Definition $def Definition object to check
69 * @return bool true if good, false if not
70 */
71 public function checkDefType($def)
72 {
73 if ($def->type !== $this->type) {
74 trigger_error("Cannot use definition of type {$def->type} in cache for {$this->type}");
75 return false;
76 }
77 return true;
78 }
79
80 /**
81 * Adds a definition object to the cache
82 * @param HTMLPurifier_Definition $def
83 * @param HTMLPurifier_Config $config
84 */
85 abstract public function add($def, $config);
86
87 /**
88 * Unconditionally saves a definition object to the cache
89 * @param HTMLPurifier_Definition $def
90 * @param HTMLPurifier_Config $config
91 */
92 abstract public function set($def, $config);
93
94 /**
95 * Replace an object in the cache
96 * @param HTMLPurifier_Definition $def
97 * @param HTMLPurifier_Config $config
98 */
99 abstract public function replace($def, $config);
100
101 /**
102 * Retrieves a definition object from the cache
103 * @param HTMLPurifier_Config $config
104 */
105 abstract public function get($config);
106
107 /**
108 * Removes a definition object to the cache
109 * @param HTMLPurifier_Config $config
110 */
111 abstract public function remove($config);
112
113 /**
114 * Clears all objects from cache
115 * @param HTMLPurifier_Config $config
116 */
117 abstract public function flush($config);
118
119 /**
120 * Clears all expired (older version or revision) objects from cache
121 * @note Be carefuly implementing this method as flush. Flush must
122 * not interfere with other Definition types, and cleanup()
123 * should not be repeatedly called by userland code.
124 * @param HTMLPurifier_Config $config
125 */
126 abstract public function cleanup($config);
127}
128
129// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php
new file mode 100644
index 00000000..09cdc1c8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php
@@ -0,0 +1,112 @@
1<?php
2
3class HTMLPurifier_DefinitionCache_Decorator extends HTMLPurifier_DefinitionCache
4{
5
6 /**
7 * Cache object we are decorating
8 * @type HTMLPurifier_DefinitionCache
9 */
10 public $cache;
11
12 /**
13 * The name of the decorator
14 * @var string
15 */
16 public $name;
17
18 public function __construct()
19 {
20 }
21
22 /**
23 * Lazy decorator function
24 * @param HTMLPurifier_DefinitionCache $cache Reference to cache object to decorate
25 * @return HTMLPurifier_DefinitionCache_Decorator
26 */
27 public function decorate(&$cache)
28 {
29 $decorator = $this->copy();
30 // reference is necessary for mocks in PHP 4
31 $decorator->cache =& $cache;
32 $decorator->type = $cache->type;
33 return $decorator;
34 }
35
36 /**
37 * Cross-compatible clone substitute
38 * @return HTMLPurifier_DefinitionCache_Decorator
39 */
40 public function copy()
41 {
42 return new HTMLPurifier_DefinitionCache_Decorator();
43 }
44
45 /**
46 * @param HTMLPurifier_Definition $def
47 * @param HTMLPurifier_Config $config
48 * @return mixed
49 */
50 public function add($def, $config)
51 {
52 return $this->cache->add($def, $config);
53 }
54
55 /**
56 * @param HTMLPurifier_Definition $def
57 * @param HTMLPurifier_Config $config
58 * @return mixed
59 */
60 public function set($def, $config)
61 {
62 return $this->cache->set($def, $config);
63 }
64
65 /**
66 * @param HTMLPurifier_Definition $def
67 * @param HTMLPurifier_Config $config
68 * @return mixed
69 */
70 public function replace($def, $config)
71 {
72 return $this->cache->replace($def, $config);
73 }
74
75 /**
76 * @param HTMLPurifier_Config $config
77 * @return mixed
78 */
79 public function get($config)
80 {
81 return $this->cache->get($config);
82 }
83
84 /**
85 * @param HTMLPurifier_Config $config
86 * @return mixed
87 */
88 public function remove($config)
89 {
90 return $this->cache->remove($config);
91 }
92
93 /**
94 * @param HTMLPurifier_Config $config
95 * @return mixed
96 */
97 public function flush($config)
98 {
99 return $this->cache->flush($config);
100 }
101
102 /**
103 * @param HTMLPurifier_Config $config
104 * @return mixed
105 */
106 public function cleanup($config)
107 {
108 return $this->cache->cleanup($config);
109 }
110}
111
112// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
new file mode 100644
index 00000000..53dca67d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
@@ -0,0 +1,78 @@
1<?php
2
3/**
4 * Definition cache decorator class that cleans up the cache
5 * whenever there is a cache miss.
6 */
7class HTMLPurifier_DefinitionCache_Decorator_Cleanup extends HTMLPurifier_DefinitionCache_Decorator
8{
9 /**
10 * @type string
11 */
12 public $name = 'Cleanup';
13
14 /**
15 * @return HTMLPurifier_DefinitionCache_Decorator_Cleanup
16 */
17 public function copy()
18 {
19 return new HTMLPurifier_DefinitionCache_Decorator_Cleanup();
20 }
21
22 /**
23 * @param HTMLPurifier_Definition $def
24 * @param HTMLPurifier_Config $config
25 * @return mixed
26 */
27 public function add($def, $config)
28 {
29 $status = parent::add($def, $config);
30 if (!$status) {
31 parent::cleanup($config);
32 }
33 return $status;
34 }
35
36 /**
37 * @param HTMLPurifier_Definition $def
38 * @param HTMLPurifier_Config $config
39 * @return mixed
40 */
41 public function set($def, $config)
42 {
43 $status = parent::set($def, $config);
44 if (!$status) {
45 parent::cleanup($config);
46 }
47 return $status;
48 }
49
50 /**
51 * @param HTMLPurifier_Definition $def
52 * @param HTMLPurifier_Config $config
53 * @return mixed
54 */
55 public function replace($def, $config)
56 {
57 $status = parent::replace($def, $config);
58 if (!$status) {
59 parent::cleanup($config);
60 }
61 return $status;
62 }
63
64 /**
65 * @param HTMLPurifier_Config $config
66 * @return mixed
67 */
68 public function get($config)
69 {
70 $ret = parent::get($config);
71 if (!$ret) {
72 parent::cleanup($config);
73 }
74 return $ret;
75 }
76}
77
78// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php
new file mode 100644
index 00000000..1725d830
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php
@@ -0,0 +1,85 @@
1<?php
2
3/**
4 * Definition cache decorator class that saves all cache retrievals
5 * to PHP's memory; good for unit tests or circumstances where
6 * there are lots of configuration objects floating around.
7 */
8class HTMLPurifier_DefinitionCache_Decorator_Memory extends HTMLPurifier_DefinitionCache_Decorator
9{
10 /**
11 * @type array
12 */
13 protected $definitions;
14
15 /**
16 * @type string
17 */
18 public $name = 'Memory';
19
20 /**
21 * @return HTMLPurifier_DefinitionCache_Decorator_Memory
22 */
23 public function copy()
24 {
25 return new HTMLPurifier_DefinitionCache_Decorator_Memory();
26 }
27
28 /**
29 * @param HTMLPurifier_Definition $def
30 * @param HTMLPurifier_Config $config
31 * @return mixed
32 */
33 public function add($def, $config)
34 {
35 $status = parent::add($def, $config);
36 if ($status) {
37 $this->definitions[$this->generateKey($config)] = $def;
38 }
39 return $status;
40 }
41
42 /**
43 * @param HTMLPurifier_Definition $def
44 * @param HTMLPurifier_Config $config
45 * @return mixed
46 */
47 public function set($def, $config)
48 {
49 $status = parent::set($def, $config);
50 if ($status) {
51 $this->definitions[$this->generateKey($config)] = $def;
52 }
53 return $status;
54 }
55
56 /**
57 * @param HTMLPurifier_Definition $def
58 * @param HTMLPurifier_Config $config
59 * @return mixed
60 */
61 public function replace($def, $config)
62 {
63 $status = parent::replace($def, $config);
64 if ($status) {
65 $this->definitions[$this->generateKey($config)] = $def;
66 }
67 return $status;
68 }
69
70 /**
71 * @param HTMLPurifier_Config $config
72 * @return mixed
73 */
74 public function get($config)
75 {
76 $key = $this->generateKey($config);
77 if (isset($this->definitions[$key])) {
78 return $this->definitions[$key];
79 }
80 $this->definitions[$key] = parent::get($config);
81 return $this->definitions[$key];
82 }
83}
84
85// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
new file mode 100644
index 00000000..c586890f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
@@ -0,0 +1,82 @@
1<?php
2
3require_once 'HTMLPurifier/DefinitionCache/Decorator.php';
4
5/**
6 * Definition cache decorator template.
7 */
8class HTMLPurifier_DefinitionCache_Decorator_Template extends HTMLPurifier_DefinitionCache_Decorator
9{
10
11 /**
12 * @type string
13 */
14 public $name = 'Template'; // replace this
15
16 public function copy()
17 {
18 // replace class name with yours
19 return new HTMLPurifier_DefinitionCache_Decorator_Template();
20 }
21
22 // remove methods you don't need
23
24 /**
25 * @param HTMLPurifier_Definition $def
26 * @param HTMLPurifier_Config $config
27 * @return mixed
28 */
29 public function add($def, $config)
30 {
31 return parent::add($def, $config);
32 }
33
34 /**
35 * @param HTMLPurifier_Definition $def
36 * @param HTMLPurifier_Config $config
37 * @return mixed
38 */
39 public function set($def, $config)
40 {
41 return parent::set($def, $config);
42 }
43
44 /**
45 * @param HTMLPurifier_Definition $def
46 * @param HTMLPurifier_Config $config
47 * @return mixed
48 */
49 public function replace($def, $config)
50 {
51 return parent::replace($def, $config);
52 }
53
54 /**
55 * @param HTMLPurifier_Config $config
56 * @return mixed
57 */
58 public function get($config)
59 {
60 return parent::get($config);
61 }
62
63 /**
64 * @param HTMLPurifier_Config $config
65 * @return mixed
66 */
67 public function flush($config)
68 {
69 return parent::flush($config);
70 }
71
72 /**
73 * @param HTMLPurifier_Config $config
74 * @return mixed
75 */
76 public function cleanup($config)
77 {
78 return parent::cleanup($config);
79 }
80}
81
82// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php
new file mode 100644
index 00000000..55eff9e0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php
@@ -0,0 +1,76 @@
1<?php
2
3/**
4 * Null cache object to use when no caching is on.
5 */
6class HTMLPurifier_DefinitionCache_Null extends HTMLPurifier_DefinitionCache
7{
8
9 /**
10 * @param HTMLPurifier_Definition $def
11 * @param HTMLPurifier_Config $config
12 * @return bool
13 */
14 public function add($def, $config)
15 {
16 return false;
17 }
18
19 /**
20 * @param HTMLPurifier_Definition $def
21 * @param HTMLPurifier_Config $config
22 * @return bool
23 */
24 public function set($def, $config)
25 {
26 return false;
27 }
28
29 /**
30 * @param HTMLPurifier_Definition $def
31 * @param HTMLPurifier_Config $config
32 * @return bool
33 */
34 public function replace($def, $config)
35 {
36 return false;
37 }
38
39 /**
40 * @param HTMLPurifier_Config $config
41 * @return bool
42 */
43 public function remove($config)
44 {
45 return false;
46 }
47
48 /**
49 * @param HTMLPurifier_Config $config
50 * @return bool
51 */
52 public function get($config)
53 {
54 return false;
55 }
56
57 /**
58 * @param HTMLPurifier_Config $config
59 * @return bool
60 */
61 public function flush($config)
62 {
63 return false;
64 }
65
66 /**
67 * @param HTMLPurifier_Config $config
68 * @return bool
69 */
70 public function cleanup($config)
71 {
72 return false;
73 }
74}
75
76// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php
new file mode 100644
index 00000000..7e8539ad
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php
@@ -0,0 +1,285 @@
1<?php
2
3class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCache
4{
5
6 /**
7 * @param HTMLPurifier_Definition $def
8 * @param HTMLPurifier_Config $config
9 * @return int|bool
10 */
11 public function add($def, $config)
12 {
13 if (!$this->checkDefType($def)) {
14 return;
15 }
16 $file = $this->generateFilePath($config);
17 if (file_exists($file)) {
18 return false;
19 }
20 if (!$this->_prepareDir($config)) {
21 return false;
22 }
23 return $this->_write($file, serialize($def), $config);
24 }
25
26 /**
27 * @param HTMLPurifier_Definition $def
28 * @param HTMLPurifier_Config $config
29 * @return int|bool
30 */
31 public function set($def, $config)
32 {
33 if (!$this->checkDefType($def)) {
34 return;
35 }
36 $file = $this->generateFilePath($config);
37 if (!$this->_prepareDir($config)) {
38 return false;
39 }
40 return $this->_write($file, serialize($def), $config);
41 }
42
43 /**
44 * @param HTMLPurifier_Definition $def
45 * @param HTMLPurifier_Config $config
46 * @return int|bool
47 */
48 public function replace($def, $config)
49 {
50 if (!$this->checkDefType($def)) {
51 return;
52 }
53 $file = $this->generateFilePath($config);
54 if (!file_exists($file)) {
55 return false;
56 }
57 if (!$this->_prepareDir($config)) {
58 return false;
59 }
60 return $this->_write($file, serialize($def), $config);
61 }
62
63 /**
64 * @param HTMLPurifier_Config $config
65 * @return bool|HTMLPurifier_Config
66 */
67 public function get($config)
68 {
69 $file = $this->generateFilePath($config);
70 if (!file_exists($file)) {
71 return false;
72 }
73 return unserialize(file_get_contents($file));
74 }
75
76 /**
77 * @param HTMLPurifier_Config $config
78 * @return bool
79 */
80 public function remove($config)
81 {
82 $file = $this->generateFilePath($config);
83 if (!file_exists($file)) {
84 return false;
85 }
86 return unlink($file);
87 }
88
89 /**
90 * @param HTMLPurifier_Config $config
91 * @return bool
92 */
93 public function flush($config)
94 {
95 if (!$this->_prepareDir($config)) {
96 return false;
97 }
98 $dir = $this->generateDirectoryPath($config);
99 $dh = opendir($dir);
100 while (false !== ($filename = readdir($dh))) {
101 if (empty($filename)) {
102 continue;
103 }
104 if ($filename[0] === '.') {
105 continue;
106 }
107 unlink($dir . '/' . $filename);
108 }
109 }
110
111 /**
112 * @param HTMLPurifier_Config $config
113 * @return bool
114 */
115 public function cleanup($config)
116 {
117 if (!$this->_prepareDir($config)) {
118 return false;
119 }
120 $dir = $this->generateDirectoryPath($config);
121 $dh = opendir($dir);
122 while (false !== ($filename = readdir($dh))) {
123 if (empty($filename)) {
124 continue;
125 }
126 if ($filename[0] === '.') {
127 continue;
128 }
129 $key = substr($filename, 0, strlen($filename) - 4);
130 if ($this->isOld($key, $config)) {
131 unlink($dir . '/' . $filename);
132 }
133 }
134 }
135
136 /**
137 * Generates the file path to the serial file corresponding to
138 * the configuration and definition name
139 * @param HTMLPurifier_Config $config
140 * @return string
141 * @todo Make protected
142 */
143 public function generateFilePath($config)
144 {
145 $key = $this->generateKey($config);
146 return $this->generateDirectoryPath($config) . '/' . $key . '.ser';
147 }
148
149 /**
150 * Generates the path to the directory contain this cache's serial files
151 * @param HTMLPurifier_Config $config
152 * @return string
153 * @note No trailing slash
154 * @todo Make protected
155 */
156 public function generateDirectoryPath($config)
157 {
158 $base = $this->generateBaseDirectoryPath($config);
159 return $base . '/' . $this->type;
160 }
161
162 /**
163 * Generates path to base directory that contains all definition type
164 * serials
165 * @param HTMLPurifier_Config $config
166 * @return mixed|string
167 * @todo Make protected
168 */
169 public function generateBaseDirectoryPath($config)
170 {
171 $base = $config->get('Cache.SerializerPath');
172 $base = is_null($base) ? HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer' : $base;
173 return $base;
174 }
175
176 /**
177 * Convenience wrapper function for file_put_contents
178 * @param string $file File name to write to
179 * @param string $data Data to write into file
180 * @param HTMLPurifier_Config $config
181 * @return int|bool Number of bytes written if success, or false if failure.
182 */
183 private function _write($file, $data, $config)
184 {
185 $result = file_put_contents($file, $data);
186 if ($result !== false) {
187 // set permissions of the new file (no execute)
188 $chmod = $config->get('Cache.SerializerPermissions');
189 if (!$chmod) {
190 $chmod = 0644; // invalid config or simpletest
191 }
192 $chmod = $chmod & 0666;
193 chmod($file, $chmod);
194 }
195 return $result;
196 }
197
198 /**
199 * Prepares the directory that this type stores the serials in
200 * @param HTMLPurifier_Config $config
201 * @return bool True if successful
202 */
203 private function _prepareDir($config)
204 {
205 $directory = $this->generateDirectoryPath($config);
206 $chmod = $config->get('Cache.SerializerPermissions');
207 if (!$chmod) {
208 $chmod = 0755; // invalid config or simpletest
209 }
210 if (!is_dir($directory)) {
211 $base = $this->generateBaseDirectoryPath($config);
212 if (!is_dir($base)) {
213 trigger_error(
214 'Base directory ' . $base . ' does not exist,
215 please create or change using %Cache.SerializerPath',
216 E_USER_WARNING
217 );
218 return false;
219 } elseif (!$this->_testPermissions($base, $chmod)) {
220 return false;
221 }
222 $old = umask(0000);
223 mkdir($directory, $chmod);
224 umask($old);
225 } elseif (!$this->_testPermissions($directory, $chmod)) {
226 return false;
227 }
228 return true;
229 }
230
231 /**
232 * Tests permissions on a directory and throws out friendly
233 * error messages and attempts to chmod it itself if possible
234 * @param string $dir Directory path
235 * @param int $chmod Permissions
236 * @return bool True if directory is writable
237 */
238 private function _testPermissions($dir, $chmod)
239 {
240 // early abort, if it is writable, everything is hunky-dory
241 if (is_writable($dir)) {
242 return true;
243 }
244 if (!is_dir($dir)) {
245 // generally, you'll want to handle this beforehand
246 // so a more specific error message can be given
247 trigger_error(
248 'Directory ' . $dir . ' does not exist',
249 E_USER_WARNING
250 );
251 return false;
252 }
253 if (function_exists('posix_getuid')) {
254 // POSIX system, we can give more specific advice
255 if (fileowner($dir) === posix_getuid()) {
256 // we can chmod it ourselves
257 $chmod = $chmod | 0700;
258 if (chmod($dir, $chmod)) {
259 return true;
260 }
261 } elseif (filegroup($dir) === posix_getgid()) {
262 $chmod = $chmod | 0070;
263 } else {
264 // PHP's probably running as nobody, so we'll
265 // need to give global permissions
266 $chmod = $chmod | 0777;
267 }
268 trigger_error(
269 'Directory ' . $dir . ' not writable, ' .
270 'please chmod to ' . decoct($chmod),
271 E_USER_WARNING
272 );
273 } else {
274 // generic error message
275 trigger_error(
276 'Directory ' . $dir . ' not writable, ' .
277 'please alter file permissions',
278 E_USER_WARNING
279 );
280 }
281 return false;
282 }
283}
284
285// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
new file mode 100755
index 00000000..ba005de7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
@@ -0,0 +1,3 @@
1This is a dummy file to prevent Git from ignoring this empty directory.
2
3 vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php
new file mode 100644
index 00000000..737b8bb3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php
@@ -0,0 +1,106 @@
1<?php
2
3/**
4 * Responsible for creating definition caches.
5 */
6class HTMLPurifier_DefinitionCacheFactory
7{
8 /**
9 * @type array
10 */
11 protected $caches = array('Serializer' => array());
12
13 /**
14 * @type array
15 */
16 protected $implementations = array();
17
18 /**
19 * @type HTMLPurifier_DefinitionCache_Decorator[]
20 */
21 protected $decorators = array();
22
23 /**
24 * Initialize default decorators
25 */
26 public function setup()
27 {
28 $this->addDecorator('Cleanup');
29 }
30
31 /**
32 * Retrieves an instance of global definition cache factory.
33 * @param HTMLPurifier_DefinitionCacheFactory $prototype
34 * @return HTMLPurifier_DefinitionCacheFactory
35 */
36 public static function instance($prototype = null)
37 {
38 static $instance;
39 if ($prototype !== null) {
40 $instance = $prototype;
41 } elseif ($instance === null || $prototype === true) {
42 $instance = new HTMLPurifier_DefinitionCacheFactory();
43 $instance->setup();
44 }
45 return $instance;
46 }
47
48 /**
49 * Registers a new definition cache object
50 * @param string $short Short name of cache object, for reference
51 * @param string $long Full class name of cache object, for construction
52 */
53 public function register($short, $long)
54 {
55 $this->implementations[$short] = $long;
56 }
57
58 /**
59 * Factory method that creates a cache object based on configuration
60 * @param string $type Name of definitions handled by cache
61 * @param HTMLPurifier_Config $config Config instance
62 * @return mixed
63 */
64 public function create($type, $config)
65 {
66 $method = $config->get('Cache.DefinitionImpl');
67 if ($method === null) {
68 return new HTMLPurifier_DefinitionCache_Null($type);
69 }
70 if (!empty($this->caches[$method][$type])) {
71 return $this->caches[$method][$type];
72 }
73 if (isset($this->implementations[$method]) &&
74 class_exists($class = $this->implementations[$method], false)) {
75 $cache = new $class($type);
76 } else {
77 if ($method != 'Serializer') {
78 trigger_error("Unrecognized DefinitionCache $method, using Serializer instead", E_USER_WARNING);
79 }
80 $cache = new HTMLPurifier_DefinitionCache_Serializer($type);
81 }
82 foreach ($this->decorators as $decorator) {
83 $new_cache = $decorator->decorate($cache);
84 // prevent infinite recursion in PHP 4
85 unset($cache);
86 $cache = $new_cache;
87 }
88 $this->caches[$method][$type] = $cache;
89 return $this->caches[$method][$type];
90 }
91
92 /**
93 * Registers a decorator to add to all new cache objects
94 * @param HTMLPurifier_DefinitionCache_Decorator|string $decorator An instance or the name of a decorator
95 */
96 public function addDecorator($decorator)
97 {
98 if (is_string($decorator)) {
99 $class = "HTMLPurifier_DefinitionCache_Decorator_$decorator";
100 $decorator = new $class;
101 }
102 $this->decorators[$decorator->name] = $decorator;
103 }
104}
105
106// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Doctype.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Doctype.php
new file mode 100644
index 00000000..4d723129
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Doctype.php
@@ -0,0 +1,73 @@
1<?php
2
3/**
4 * Represents a document type, contains information on which modules
5 * need to be loaded.
6 * @note This class is inspected by Printer_HTMLDefinition->renderDoctype.
7 * If structure changes, please update that function.
8 */
9class HTMLPurifier_Doctype
10{
11 /**
12 * Full name of doctype
13 * @type string
14 */
15 public $name;
16
17 /**
18 * List of standard modules (string identifiers or literal objects)
19 * that this doctype uses
20 * @type array
21 */
22 public $modules = array();
23
24 /**
25 * List of modules to use for tidying up code
26 * @type array
27 */
28 public $tidyModules = array();
29
30 /**
31 * Is the language derived from XML (i.e. XHTML)?
32 * @type bool
33 */
34 public $xml = true;
35
36 /**
37 * List of aliases for this doctype
38 * @type array
39 */
40 public $aliases = array();
41
42 /**
43 * Public DTD identifier
44 * @type string
45 */
46 public $dtdPublic;
47
48 /**
49 * System DTD identifier
50 * @type string
51 */
52 public $dtdSystem;
53
54 public function __construct(
55 $name = null,
56 $xml = true,
57 $modules = array(),
58 $tidyModules = array(),
59 $aliases = array(),
60 $dtd_public = null,
61 $dtd_system = null
62 ) {
63 $this->name = $name;
64 $this->xml = $xml;
65 $this->modules = $modules;
66 $this->tidyModules = $tidyModules;
67 $this->aliases = $aliases;
68 $this->dtdPublic = $dtd_public;
69 $this->dtdSystem = $dtd_system;
70 }
71}
72
73// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/DoctypeRegistry.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/DoctypeRegistry.php
new file mode 100644
index 00000000..cab9dc53
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/DoctypeRegistry.php
@@ -0,0 +1,142 @@
1<?php
2
3class HTMLPurifier_DoctypeRegistry
4{
5
6 /**
7 * Hash of doctype names to doctype objects.
8 * @type array
9 */
10 protected $doctypes;
11
12 /**
13 * Lookup table of aliases to real doctype names.
14 * @type array
15 */
16 protected $aliases;
17
18 /**
19 * Registers a doctype to the registry
20 * @note Accepts a fully-formed doctype object, or the
21 * parameters for constructing a doctype object
22 * @param string $doctype Name of doctype or literal doctype object
23 * @param bool $xml
24 * @param array $modules Modules doctype will load
25 * @param array $tidy_modules Modules doctype will load for certain modes
26 * @param array $aliases Alias names for doctype
27 * @param string $dtd_public
28 * @param string $dtd_system
29 * @return HTMLPurifier_Doctype Editable registered doctype
30 */
31 public function register(
32 $doctype,
33 $xml = true,
34 $modules = array(),
35 $tidy_modules = array(),
36 $aliases = array(),
37 $dtd_public = null,
38 $dtd_system = null
39 ) {
40 if (!is_array($modules)) {
41 $modules = array($modules);
42 }
43 if (!is_array($tidy_modules)) {
44 $tidy_modules = array($tidy_modules);
45 }
46 if (!is_array($aliases)) {
47 $aliases = array($aliases);
48 }
49 if (!is_object($doctype)) {
50 $doctype = new HTMLPurifier_Doctype(
51 $doctype,
52 $xml,
53 $modules,
54 $tidy_modules,
55 $aliases,
56 $dtd_public,
57 $dtd_system
58 );
59 }
60 $this->doctypes[$doctype->name] = $doctype;
61 $name = $doctype->name;
62 // hookup aliases
63 foreach ($doctype->aliases as $alias) {
64 if (isset($this->doctypes[$alias])) {
65 continue;
66 }
67 $this->aliases[$alias] = $name;
68 }
69 // remove old aliases
70 if (isset($this->aliases[$name])) {
71 unset($this->aliases[$name]);
72 }
73 return $doctype;
74 }
75
76 /**
77 * Retrieves reference to a doctype of a certain name
78 * @note This function resolves aliases
79 * @note When possible, use the more fully-featured make()
80 * @param string $doctype Name of doctype
81 * @return HTMLPurifier_Doctype Editable doctype object
82 */
83 public function get($doctype)
84 {
85 if (isset($this->aliases[$doctype])) {
86 $doctype = $this->aliases[$doctype];
87 }
88 if (!isset($this->doctypes[$doctype])) {
89 trigger_error('Doctype ' . htmlspecialchars($doctype) . ' does not exist', E_USER_ERROR);
90 $anon = new HTMLPurifier_Doctype($doctype);
91 return $anon;
92 }
93 return $this->doctypes[$doctype];
94 }
95
96 /**
97 * Creates a doctype based on a configuration object,
98 * will perform initialization on the doctype
99 * @note Use this function to get a copy of doctype that config
100 * can hold on to (this is necessary in order to tell
101 * Generator whether or not the current document is XML
102 * based or not).
103 * @param HTMLPurifier_Config $config
104 * @return HTMLPurifier_Doctype
105 */
106 public function make($config)
107 {
108 return clone $this->get($this->getDoctypeFromConfig($config));
109 }
110
111 /**
112 * Retrieves the doctype from the configuration object
113 * @param HTMLPurifier_Config $config
114 * @return string
115 */
116 public function getDoctypeFromConfig($config)
117 {
118 // recommended test
119 $doctype = $config->get('HTML.Doctype');
120 if (!empty($doctype)) {
121 return $doctype;
122 }
123 $doctype = $config->get('HTML.CustomDoctype');
124 if (!empty($doctype)) {
125 return $doctype;
126 }
127 // backwards-compatibility
128 if ($config->get('HTML.XHTML')) {
129 $doctype = 'XHTML 1.0';
130 } else {
131 $doctype = 'HTML 4.01';
132 }
133 if ($config->get('HTML.Strict')) {
134 $doctype .= ' Strict';
135 } else {
136 $doctype .= ' Transitional';
137 }
138 return $doctype;
139 }
140}
141
142// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ElementDef.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ElementDef.php
new file mode 100644
index 00000000..089f7efe
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ElementDef.php
@@ -0,0 +1,216 @@
1<?php
2
3/**
4 * Structure that stores an HTML element definition. Used by
5 * HTMLPurifier_HTMLDefinition and HTMLPurifier_HTMLModule.
6 * @note This class is inspected by HTMLPurifier_Printer_HTMLDefinition.
7 * Please update that class too.
8 * @warning If you add new properties to this class, you MUST update
9 * the mergeIn() method.
10 */
11class HTMLPurifier_ElementDef
12{
13 /**
14 * Does the definition work by itself, or is it created solely
15 * for the purpose of merging into another definition?
16 * @type bool
17 */
18 public $standalone = true;
19
20 /**
21 * Associative array of attribute name to HTMLPurifier_AttrDef.
22 * @type array
23 * @note Before being processed by HTMLPurifier_AttrCollections
24 * when modules are finalized during
25 * HTMLPurifier_HTMLDefinition->setup(), this array may also
26 * contain an array at index 0 that indicates which attribute
27 * collections to load into the full array. It may also
28 * contain string indentifiers in lieu of HTMLPurifier_AttrDef,
29 * see HTMLPurifier_AttrTypes on how they are expanded during
30 * HTMLPurifier_HTMLDefinition->setup() processing.
31 */
32 public $attr = array();
33
34 // XXX: Design note: currently, it's not possible to override
35 // previously defined AttrTransforms without messing around with
36 // the final generated config. This is by design; a previous version
37 // used an associated list of attr_transform, but it was extremely
38 // easy to accidentally override other attribute transforms by
39 // forgetting to specify an index (and just using 0.) While we
40 // could check this by checking the index number and complaining,
41 // there is a second problem which is that it is not at all easy to
42 // tell when something is getting overridden. Combine this with a
43 // codebase where this isn't really being used, and it's perfect for
44 // nuking.
45
46 /**
47 * List of tags HTMLPurifier_AttrTransform to be done before validation.
48 * @type array
49 */
50 public $attr_transform_pre = array();
51
52 /**
53 * List of tags HTMLPurifier_AttrTransform to be done after validation.
54 * @type array
55 */
56 public $attr_transform_post = array();
57
58 /**
59 * HTMLPurifier_ChildDef of this tag.
60 * @type HTMLPurifier_ChildDef
61 */
62 public $child;
63
64 /**
65 * Abstract string representation of internal ChildDef rules.
66 * @see HTMLPurifier_ContentSets for how this is parsed and then transformed
67 * into an HTMLPurifier_ChildDef.
68 * @warning This is a temporary variable that is not available after
69 * being processed by HTMLDefinition
70 * @type string
71 */
72 public $content_model;
73
74 /**
75 * Value of $child->type, used to determine which ChildDef to use,
76 * used in combination with $content_model.
77 * @warning This must be lowercase
78 * @warning This is a temporary variable that is not available after
79 * being processed by HTMLDefinition
80 * @type string
81 */
82 public $content_model_type;
83
84 /**
85 * Does the element have a content model (#PCDATA | Inline)*? This
86 * is important for chameleon ins and del processing in
87 * HTMLPurifier_ChildDef_Chameleon. Dynamically set: modules don't
88 * have to worry about this one.
89 * @type bool
90 */
91 public $descendants_are_inline = false;
92
93 /**
94 * List of the names of required attributes this element has.
95 * Dynamically populated by HTMLPurifier_HTMLDefinition::getElement()
96 * @type array
97 */
98 public $required_attr = array();
99
100 /**
101 * Lookup table of tags excluded from all descendants of this tag.
102 * @type array
103 * @note SGML permits exclusions for all descendants, but this is
104 * not possible with DTDs or XML Schemas. W3C has elected to
105 * use complicated compositions of content_models to simulate
106 * exclusion for children, but we go the simpler, SGML-style
107 * route of flat-out exclusions, which correctly apply to
108 * all descendants and not just children. Note that the XHTML
109 * Modularization Abstract Modules are blithely unaware of such
110 * distinctions.
111 */
112 public $excludes = array();
113
114 /**
115 * This tag is explicitly auto-closed by the following tags.
116 * @type array
117 */
118 public $autoclose = array();
119
120 /**
121 * If a foreign element is found in this element, test if it is
122 * allowed by this sub-element; if it is, instead of closing the
123 * current element, place it inside this element.
124 * @type string
125 */
126 public $wrap;
127
128 /**
129 * Whether or not this is a formatting element affected by the
130 * "Active Formatting Elements" algorithm.
131 * @type bool
132 */
133 public $formatting;
134
135 /**
136 * Low-level factory constructor for creating new standalone element defs
137 */
138 public static function create($content_model, $content_model_type, $attr)
139 {
140 $def = new HTMLPurifier_ElementDef();
141 $def->content_model = $content_model;
142 $def->content_model_type = $content_model_type;
143 $def->attr = $attr;
144 return $def;
145 }
146
147 /**
148 * Merges the values of another element definition into this one.
149 * Values from the new element def take precedence if a value is
150 * not mergeable.
151 * @param HTMLPurifier_ElementDef $def
152 */
153 public function mergeIn($def)
154 {
155 // later keys takes precedence
156 foreach ($def->attr as $k => $v) {
157 if ($k === 0) {
158 // merge in the includes
159 // sorry, no way to override an include
160 foreach ($v as $v2) {
161 $this->attr[0][] = $v2;
162 }
163 continue;
164 }
165 if ($v === false) {
166 if (isset($this->attr[$k])) {
167 unset($this->attr[$k]);
168 }
169 continue;
170 }
171 $this->attr[$k] = $v;
172 }
173 $this->_mergeAssocArray($this->excludes, $def->excludes);
174 $this->attr_transform_pre = array_merge($this->attr_transform_pre, $def->attr_transform_pre);
175 $this->attr_transform_post = array_merge($this->attr_transform_post, $def->attr_transform_post);
176
177 if (!empty($def->content_model)) {
178 $this->content_model =
179 str_replace("#SUPER", $this->content_model, $def->content_model);
180 $this->child = false;
181 }
182 if (!empty($def->content_model_type)) {
183 $this->content_model_type = $def->content_model_type;
184 $this->child = false;
185 }
186 if (!is_null($def->child)) {
187 $this->child = $def->child;
188 }
189 if (!is_null($def->formatting)) {
190 $this->formatting = $def->formatting;
191 }
192 if ($def->descendants_are_inline) {
193 $this->descendants_are_inline = $def->descendants_are_inline;
194 }
195 }
196
197 /**
198 * Merges one array into another, removes values which equal false
199 * @param $a1 Array by reference that is merged into
200 * @param $a2 Array that merges into $a1
201 */
202 private function _mergeAssocArray(&$a1, $a2)
203 {
204 foreach ($a2 as $k => $v) {
205 if ($v === false) {
206 if (isset($a1[$k])) {
207 unset($a1[$k]);
208 }
209 continue;
210 }
211 $a1[$k] = $v;
212 }
213 }
214}
215
216// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Encoder.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Encoder.php
new file mode 100644
index 00000000..3aa00ca5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Encoder.php
@@ -0,0 +1,611 @@
1<?php
2
3/**
4 * A UTF-8 specific character encoder that handles cleaning and transforming.
5 * @note All functions in this class should be static.
6 */
7class HTMLPurifier_Encoder
8{
9
10 /**
11 * Constructor throws fatal error if you attempt to instantiate class
12 */
13 private function __construct()
14 {
15 trigger_error('Cannot instantiate encoder, call methods statically', E_USER_ERROR);
16 }
17
18 /**
19 * Error-handler that mutes errors, alternative to shut-up operator.
20 */
21 public static function muteErrorHandler()
22 {
23 }
24
25 /**
26 * iconv wrapper which mutes errors, but doesn't work around bugs.
27 * @param string $in Input encoding
28 * @param string $out Output encoding
29 * @param string $text The text to convert
30 * @return string
31 */
32 public static function unsafeIconv($in, $out, $text)
33 {
34 set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
35 $r = iconv($in, $out, $text);
36 restore_error_handler();
37 return $r;
38 }
39
40 /**
41 * iconv wrapper which mutes errors and works around bugs.
42 * @param string $in Input encoding
43 * @param string $out Output encoding
44 * @param string $text The text to convert
45 * @param int $max_chunk_size
46 * @return string
47 */
48 public static function iconv($in, $out, $text, $max_chunk_size = 8000)
49 {
50 $code = self::testIconvTruncateBug();
51 if ($code == self::ICONV_OK) {
52 return self::unsafeIconv($in, $out, $text);
53 } elseif ($code == self::ICONV_TRUNCATES) {
54 // we can only work around this if the input character set
55 // is utf-8
56 if ($in == 'utf-8') {
57 if ($max_chunk_size < 4) {
58 trigger_error('max_chunk_size is too small', E_USER_WARNING);
59 return false;
60 }
61 // split into 8000 byte chunks, but be careful to handle
62 // multibyte boundaries properly
63 if (($c = strlen($text)) <= $max_chunk_size) {
64 return self::unsafeIconv($in, $out, $text);
65 }
66 $r = '';
67 $i = 0;
68 while (true) {
69 if ($i + $max_chunk_size >= $c) {
70 $r .= self::unsafeIconv($in, $out, substr($text, $i));
71 break;
72 }
73 // wibble the boundary
74 if (0x80 != (0xC0 & ord($text[$i + $max_chunk_size]))) {
75 $chunk_size = $max_chunk_size;
76 } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 1]))) {
77 $chunk_size = $max_chunk_size - 1;
78 } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 2]))) {
79 $chunk_size = $max_chunk_size - 2;
80 } elseif (0x80 != (0xC0 & ord($text[$i + $max_chunk_size - 3]))) {
81 $chunk_size = $max_chunk_size - 3;
82 } else {
83 return false; // rather confusing UTF-8...
84 }
85 $chunk = substr($text, $i, $chunk_size); // substr doesn't mind overlong lengths
86 $r .= self::unsafeIconv($in, $out, $chunk);
87 $i += $chunk_size;
88 }
89 return $r;
90 } else {
91 return false;
92 }
93 } else {
94 return false;
95 }
96 }
97
98 /**
99 * Cleans a UTF-8 string for well-formedness and SGML validity
100 *
101 * It will parse according to UTF-8 and return a valid UTF8 string, with
102 * non-SGML codepoints excluded.
103 *
104 * @param string $str The string to clean
105 * @param bool $force_php
106 * @return string
107 *
108 * @note Just for reference, the non-SGML code points are 0 to 31 and
109 * 127 to 159, inclusive. However, we allow code points 9, 10
110 * and 13, which are the tab, line feed and carriage return
111 * respectively. 128 and above the code points map to multibyte
112 * UTF-8 representations.
113 *
114 * @note Fallback code adapted from utf8ToUnicode by Henri Sivonen and
115 * hsivonen@iki.fi at <http://iki.fi/hsivonen/php-utf8/> under the
116 * LGPL license. Notes on what changed are inside, but in general,
117 * the original code transformed UTF-8 text into an array of integer
118 * Unicode codepoints. Understandably, transforming that back to
119 * a string would be somewhat expensive, so the function was modded to
120 * directly operate on the string. However, this discourages code
121 * reuse, and the logic enumerated here would be useful for any
122 * function that needs to be able to understand UTF-8 characters.
123 * As of right now, only smart lossless character encoding converters
124 * would need that, and I'm probably not going to implement them.
125 * Once again, PHP 6 should solve all our problems.
126 */
127 public static function cleanUTF8($str, $force_php = false)
128 {
129 // UTF-8 validity is checked since PHP 4.3.5
130 // This is an optimization: if the string is already valid UTF-8, no
131 // need to do PHP stuff. 99% of the time, this will be the case.
132 // The regexp matches the XML char production, as well as well as excluding
133 // non-SGML codepoints U+007F to U+009F
134 if (preg_match(
135 '/^[\x{9}\x{A}\x{D}\x{20}-\x{7E}\x{A0}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]*$/Du',
136 $str
137 )) {
138 return $str;
139 }
140
141 $mState = 0; // cached expected number of octets after the current octet
142 // until the beginning of the next UTF8 character sequence
143 $mUcs4 = 0; // cached Unicode character
144 $mBytes = 1; // cached expected number of octets in the current sequence
145
146 // original code involved an $out that was an array of Unicode
147 // codepoints. Instead of having to convert back into UTF-8, we've
148 // decided to directly append valid UTF-8 characters onto a string
149 // $out once they're done. $char accumulates raw bytes, while $mUcs4
150 // turns into the Unicode code point, so there's some redundancy.
151
152 $out = '';
153 $char = '';
154
155 $len = strlen($str);
156 for ($i = 0; $i < $len; $i++) {
157 $in = ord($str{$i});
158 $char .= $str[$i]; // append byte to char
159 if (0 == $mState) {
160 // When mState is zero we expect either a US-ASCII character
161 // or a multi-octet sequence.
162 if (0 == (0x80 & ($in))) {
163 // US-ASCII, pass straight through.
164 if (($in <= 31 || $in == 127) &&
165 !($in == 9 || $in == 13 || $in == 10) // save \r\t\n
166 ) {
167 // control characters, remove
168 } else {
169 $out .= $char;
170 }
171 // reset
172 $char = '';
173 $mBytes = 1;
174 } elseif (0xC0 == (0xE0 & ($in))) {
175 // First octet of 2 octet sequence
176 $mUcs4 = ($in);
177 $mUcs4 = ($mUcs4 & 0x1F) << 6;
178 $mState = 1;
179 $mBytes = 2;
180 } elseif (0xE0 == (0xF0 & ($in))) {
181 // First octet of 3 octet sequence
182 $mUcs4 = ($in);
183 $mUcs4 = ($mUcs4 & 0x0F) << 12;
184 $mState = 2;
185 $mBytes = 3;
186 } elseif (0xF0 == (0xF8 & ($in))) {
187 // First octet of 4 octet sequence
188 $mUcs4 = ($in);
189 $mUcs4 = ($mUcs4 & 0x07) << 18;
190 $mState = 3;
191 $mBytes = 4;
192 } elseif (0xF8 == (0xFC & ($in))) {
193 // First octet of 5 octet sequence.
194 //
195 // This is illegal because the encoded codepoint must be
196 // either:
197 // (a) not the shortest form or
198 // (b) outside the Unicode range of 0-0x10FFFF.
199 // Rather than trying to resynchronize, we will carry on
200 // until the end of the sequence and let the later error
201 // handling code catch it.
202 $mUcs4 = ($in);
203 $mUcs4 = ($mUcs4 & 0x03) << 24;
204 $mState = 4;
205 $mBytes = 5;
206 } elseif (0xFC == (0xFE & ($in))) {
207 // First octet of 6 octet sequence, see comments for 5
208 // octet sequence.
209 $mUcs4 = ($in);
210 $mUcs4 = ($mUcs4 & 1) << 30;
211 $mState = 5;
212 $mBytes = 6;
213 } else {
214 // Current octet is neither in the US-ASCII range nor a
215 // legal first octet of a multi-octet sequence.
216 $mState = 0;
217 $mUcs4 = 0;
218 $mBytes = 1;
219 $char = '';
220 }
221 } else {
222 // When mState is non-zero, we expect a continuation of the
223 // multi-octet sequence
224 if (0x80 == (0xC0 & ($in))) {
225 // Legal continuation.
226 $shift = ($mState - 1) * 6;
227 $tmp = $in;
228 $tmp = ($tmp & 0x0000003F) << $shift;
229 $mUcs4 |= $tmp;
230
231 if (0 == --$mState) {
232 // End of the multi-octet sequence. mUcs4 now contains
233 // the final Unicode codepoint to be output
234
235 // Check for illegal sequences and codepoints.
236
237 // From Unicode 3.1, non-shortest form is illegal
238 if (((2 == $mBytes) && ($mUcs4 < 0x0080)) ||
239 ((3 == $mBytes) && ($mUcs4 < 0x0800)) ||
240 ((4 == $mBytes) && ($mUcs4 < 0x10000)) ||
241 (4 < $mBytes) ||
242 // From Unicode 3.2, surrogate characters = illegal
243 (($mUcs4 & 0xFFFFF800) == 0xD800) ||
244 // Codepoints outside the Unicode range are illegal
245 ($mUcs4 > 0x10FFFF)
246 ) {
247
248 } elseif (0xFEFF != $mUcs4 && // omit BOM
249 // check for valid Char unicode codepoints
250 (
251 0x9 == $mUcs4 ||
252 0xA == $mUcs4 ||
253 0xD == $mUcs4 ||
254 (0x20 <= $mUcs4 && 0x7E >= $mUcs4) ||
255 // 7F-9F is not strictly prohibited by XML,
256 // but it is non-SGML, and thus we don't allow it
257 (0xA0 <= $mUcs4 && 0xD7FF >= $mUcs4) ||
258 (0x10000 <= $mUcs4 && 0x10FFFF >= $mUcs4)
259 )
260 ) {
261 $out .= $char;
262 }
263 // initialize UTF8 cache (reset)
264 $mState = 0;
265 $mUcs4 = 0;
266 $mBytes = 1;
267 $char = '';
268 }
269 } else {
270 // ((0xC0 & (*in) != 0x80) && (mState != 0))
271 // Incomplete multi-octet sequence.
272 // used to result in complete fail, but we'll reset
273 $mState = 0;
274 $mUcs4 = 0;
275 $mBytes = 1;
276 $char ='';
277 }
278 }
279 }
280 return $out;
281 }
282
283 /**
284 * Translates a Unicode codepoint into its corresponding UTF-8 character.
285 * @note Based on Feyd's function at
286 * <http://forums.devnetwork.net/viewtopic.php?p=191404#191404>,
287 * which is in public domain.
288 * @note While we're going to do code point parsing anyway, a good
289 * optimization would be to refuse to translate code points that
290 * are non-SGML characters. However, this could lead to duplication.
291 * @note This is very similar to the unichr function in
292 * maintenance/generate-entity-file.php (although this is superior,
293 * due to its sanity checks).
294 */
295
296 // +----------+----------+----------+----------+
297 // | 33222222 | 22221111 | 111111 | |
298 // | 10987654 | 32109876 | 54321098 | 76543210 | bit
299 // +----------+----------+----------+----------+
300 // | | | | 0xxxxxxx | 1 byte 0x00000000..0x0000007F
301 // | | | 110yyyyy | 10xxxxxx | 2 byte 0x00000080..0x000007FF
302 // | | 1110zzzz | 10yyyyyy | 10xxxxxx | 3 byte 0x00000800..0x0000FFFF
303 // | 11110www | 10wwzzzz | 10yyyyyy | 10xxxxxx | 4 byte 0x00010000..0x0010FFFF
304 // +----------+----------+----------+----------+
305 // | 00000000 | 00011111 | 11111111 | 11111111 | Theoretical upper limit of legal scalars: 2097151 (0x001FFFFF)
306 // | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
307 // +----------+----------+----------+----------+
308
309 public static function unichr($code)
310 {
311 if ($code > 1114111 or $code < 0 or
312 ($code >= 55296 and $code <= 57343) ) {
313 // bits are set outside the "valid" range as defined
314 // by UNICODE 4.1.0
315 return '';
316 }
317
318 $x = $y = $z = $w = 0;
319 if ($code < 128) {
320 // regular ASCII character
321 $x = $code;
322 } else {
323 // set up bits for UTF-8
324 $x = ($code & 63) | 128;
325 if ($code < 2048) {
326 $y = (($code & 2047) >> 6) | 192;
327 } else {
328 $y = (($code & 4032) >> 6) | 128;
329 if ($code < 65536) {
330 $z = (($code >> 12) & 15) | 224;
331 } else {
332 $z = (($code >> 12) & 63) | 128;
333 $w = (($code >> 18) & 7) | 240;
334 }
335 }
336 }
337 // set up the actual character
338 $ret = '';
339 if ($w) {
340 $ret .= chr($w);
341 }
342 if ($z) {
343 $ret .= chr($z);
344 }
345 if ($y) {
346 $ret .= chr($y);
347 }
348 $ret .= chr($x);
349
350 return $ret;
351 }
352
353 /**
354 * @return bool
355 */
356 public static function iconvAvailable()
357 {
358 static $iconv = null;
359 if ($iconv === null) {
360 $iconv = function_exists('iconv') && self::testIconvTruncateBug() != self::ICONV_UNUSABLE;
361 }
362 return $iconv;
363 }
364
365 /**
366 * Convert a string to UTF-8 based on configuration.
367 * @param string $str The string to convert
368 * @param HTMLPurifier_Config $config
369 * @param HTMLPurifier_Context $context
370 * @return string
371 */
372 public static function convertToUTF8($str, $config, $context)
373 {
374 $encoding = $config->get('Core.Encoding');
375 if ($encoding === 'utf-8') {
376 return $str;
377 }
378 static $iconv = null;
379 if ($iconv === null) {
380 $iconv = self::iconvAvailable();
381 }
382 if ($iconv && !$config->get('Test.ForceNoIconv')) {
383 // unaffected by bugs, since UTF-8 support all characters
384 $str = self::unsafeIconv($encoding, 'utf-8//IGNORE', $str);
385 if ($str === false) {
386 // $encoding is not a valid encoding
387 trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
388 return '';
389 }
390 // If the string is bjorked by Shift_JIS or a similar encoding
391 // that doesn't support all of ASCII, convert the naughty
392 // characters to their true byte-wise ASCII/UTF-8 equivalents.
393 $str = strtr($str, self::testEncodingSupportsASCII($encoding));
394 return $str;
395 } elseif ($encoding === 'iso-8859-1') {
396 $str = utf8_encode($str);
397 return $str;
398 }
399 $bug = HTMLPurifier_Encoder::testIconvTruncateBug();
400 if ($bug == self::ICONV_OK) {
401 trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
402 } else {
403 trigger_error(
404 'You have a buggy version of iconv, see https://bugs.php.net/bug.php?id=48147 ' .
405 'and http://sourceware.org/bugzilla/show_bug.cgi?id=13541',
406 E_USER_ERROR
407 );
408 }
409 }
410
411 /**
412 * Converts a string from UTF-8 based on configuration.
413 * @param string $str The string to convert
414 * @param HTMLPurifier_Config $config
415 * @param HTMLPurifier_Context $context
416 * @return string
417 * @note Currently, this is a lossy conversion, with unexpressable
418 * characters being omitted.
419 */
420 public static function convertFromUTF8($str, $config, $context)
421 {
422 $encoding = $config->get('Core.Encoding');
423 if ($escape = $config->get('Core.EscapeNonASCIICharacters')) {
424 $str = self::convertToASCIIDumbLossless($str);
425 }
426 if ($encoding === 'utf-8') {
427 return $str;
428 }
429 static $iconv = null;
430 if ($iconv === null) {
431 $iconv = self::iconvAvailable();
432 }
433 if ($iconv && !$config->get('Test.ForceNoIconv')) {
434 // Undo our previous fix in convertToUTF8, otherwise iconv will barf
435 $ascii_fix = self::testEncodingSupportsASCII($encoding);
436 if (!$escape && !empty($ascii_fix)) {
437 $clear_fix = array();
438 foreach ($ascii_fix as $utf8 => $native) {
439 $clear_fix[$utf8] = '';
440 }
441 $str = strtr($str, $clear_fix);
442 }
443 $str = strtr($str, array_flip($ascii_fix));
444 // Normal stuff
445 $str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
446 return $str;
447 } elseif ($encoding === 'iso-8859-1') {
448 $str = utf8_decode($str);
449 return $str;
450 }
451 trigger_error('Encoding not supported', E_USER_ERROR);
452 // You might be tempted to assume that the ASCII representation
453 // might be OK, however, this is *not* universally true over all
454 // encodings. So we take the conservative route here, rather
455 // than forcibly turn on %Core.EscapeNonASCIICharacters
456 }
457
458 /**
459 * Lossless (character-wise) conversion of HTML to ASCII
460 * @param string $str UTF-8 string to be converted to ASCII
461 * @return string ASCII encoded string with non-ASCII character entity-ized
462 * @warning Adapted from MediaWiki, claiming fair use: this is a common
463 * algorithm. If you disagree with this license fudgery,
464 * implement it yourself.
465 * @note Uses decimal numeric entities since they are best supported.
466 * @note This is a DUMB function: it has no concept of keeping
467 * character entities that the projected character encoding
468 * can allow. We could possibly implement a smart version
469 * but that would require it to also know which Unicode
470 * codepoints the charset supported (not an easy task).
471 * @note Sort of with cleanUTF8() but it assumes that $str is
472 * well-formed UTF-8
473 */
474 public static function convertToASCIIDumbLossless($str)
475 {
476 $bytesleft = 0;
477 $result = '';
478 $working = 0;
479 $len = strlen($str);
480 for ($i = 0; $i < $len; $i++) {
481 $bytevalue = ord($str[$i]);
482 if ($bytevalue <= 0x7F) { //0xxx xxxx
483 $result .= chr($bytevalue);
484 $bytesleft = 0;
485 } elseif ($bytevalue <= 0xBF) { //10xx xxxx
486 $working = $working << 6;
487 $working += ($bytevalue & 0x3F);
488 $bytesleft--;
489 if ($bytesleft <= 0) {
490 $result .= "&#" . $working . ";";
491 }
492 } elseif ($bytevalue <= 0xDF) { //110x xxxx
493 $working = $bytevalue & 0x1F;
494 $bytesleft = 1;
495 } elseif ($bytevalue <= 0xEF) { //1110 xxxx
496 $working = $bytevalue & 0x0F;
497 $bytesleft = 2;
498 } else { //1111 0xxx
499 $working = $bytevalue & 0x07;
500 $bytesleft = 3;
501 }
502 }
503 return $result;
504 }
505
506 /** No bugs detected in iconv. */
507 const ICONV_OK = 0;
508
509 /** Iconv truncates output if converting from UTF-8 to another
510 * character set with //IGNORE, and a non-encodable character is found */
511 const ICONV_TRUNCATES = 1;
512
513 /** Iconv does not support //IGNORE, making it unusable for
514 * transcoding purposes */
515 const ICONV_UNUSABLE = 2;
516
517 /**
518 * glibc iconv has a known bug where it doesn't handle the magic
519 * //IGNORE stanza correctly. In particular, rather than ignore
520 * characters, it will return an EILSEQ after consuming some number
521 * of characters, and expect you to restart iconv as if it were
522 * an E2BIG. Old versions of PHP did not respect the errno, and
523 * returned the fragment, so as a result you would see iconv
524 * mysteriously truncating output. We can work around this by
525 * manually chopping our input into segments of about 8000
526 * characters, as long as PHP ignores the error code. If PHP starts
527 * paying attention to the error code, iconv becomes unusable.
528 *
529 * @return int Error code indicating severity of bug.
530 */
531 public static function testIconvTruncateBug()
532 {
533 static $code = null;
534 if ($code === null) {
535 // better not use iconv, otherwise infinite loop!
536 $r = self::unsafeIconv('utf-8', 'ascii//IGNORE', "\xCE\xB1" . str_repeat('a', 9000));
537 if ($r === false) {
538 $code = self::ICONV_UNUSABLE;
539 } elseif (($c = strlen($r)) < 9000) {
540 $code = self::ICONV_TRUNCATES;
541 } elseif ($c > 9000) {
542 trigger_error(
543 'Your copy of iconv is extremely buggy. Please notify HTML Purifier maintainers: ' .
544 'include your iconv version as per phpversion()',
545 E_USER_ERROR
546 );
547 } else {
548 $code = self::ICONV_OK;
549 }
550 }
551 return $code;
552 }
553
554 /**
555 * This expensive function tests whether or not a given character
556 * encoding supports ASCII. 7/8-bit encodings like Shift_JIS will
557 * fail this test, and require special processing. Variable width
558 * encodings shouldn't ever fail.
559 *
560 * @param string $encoding Encoding name to test, as per iconv format
561 * @param bool $bypass Whether or not to bypass the precompiled arrays.
562 * @return Array of UTF-8 characters to their corresponding ASCII,
563 * which can be used to "undo" any overzealous iconv action.
564 */
565 public static function testEncodingSupportsASCII($encoding, $bypass = false)
566 {
567 // All calls to iconv here are unsafe, proof by case analysis:
568 // If ICONV_OK, no difference.
569 // If ICONV_TRUNCATE, all calls involve one character inputs,
570 // so bug is not triggered.
571 // If ICONV_UNUSABLE, this call is irrelevant
572 static $encodings = array();
573 if (!$bypass) {
574 if (isset($encodings[$encoding])) {
575 return $encodings[$encoding];
576 }
577 $lenc = strtolower($encoding);
578 switch ($lenc) {
579 case 'shift_jis':
580 return array("\xC2\xA5" => '\\', "\xE2\x80\xBE" => '~');
581 case 'johab':
582 return array("\xE2\x82\xA9" => '\\');
583 }
584 if (strpos($lenc, 'iso-8859-') === 0) {
585 return array();
586 }
587 }
588 $ret = array();
589 if (self::unsafeIconv('UTF-8', $encoding, 'a') === false) {
590 return false;
591 }
592 for ($i = 0x20; $i <= 0x7E; $i++) { // all printable ASCII chars
593 $c = chr($i); // UTF-8 char
594 $r = self::unsafeIconv('UTF-8', "$encoding//IGNORE", $c); // initial conversion
595 if ($r === '' ||
596 // This line is needed for iconv implementations that do not
597 // omit characters that do not exist in the target character set
598 ($r === $c && self::unsafeIconv($encoding, 'UTF-8//IGNORE', $r) !== $c)
599 ) {
600 // Reverse engineer: what's the UTF-8 equiv of this byte
601 // sequence? This assumes that there's no variable width
602 // encoding that doesn't support ASCII.
603 $ret[self::unsafeIconv($encoding, 'UTF-8//IGNORE', $c)] = $c;
604 }
605 }
606 $encodings[$encoding] = $ret;
607 return $ret;
608 }
609}
610
611// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup.php
new file mode 100644
index 00000000..cb3474e3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup.php
@@ -0,0 +1,48 @@
1<?php
2
3/**
4 * Object that provides entity lookup table from entity name to character
5 */
6class HTMLPurifier_EntityLookup
7{
8 /**
9 * Assoc array of entity name to character represented.
10 * @type array
11 */
12 public $table;
13
14 /**
15 * Sets up the entity lookup table from the serialized file contents.
16 * @param bool $file
17 * @note The serialized contents are versioned, but were generated
18 * using the maintenance script generate_entity_file.php
19 * @warning This is not in constructor to help enforce the Singleton
20 */
21 public function setup($file = false)
22 {
23 if (!$file) {
24 $file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
25 }
26 $this->table = unserialize(file_get_contents($file));
27 }
28
29 /**
30 * Retrieves sole instance of the object.
31 * @param bool|HTMLPurifier_EntityLookup $prototype Optional prototype of custom lookup table to overload with.
32 * @return HTMLPurifier_EntityLookup
33 */
34 public static function instance($prototype = false)
35 {
36 // no references, since PHP doesn't copy unless modified
37 static $instance = null;
38 if ($prototype) {
39 $instance = $prototype;
40 } elseif (!$instance) {
41 $instance = new HTMLPurifier_EntityLookup();
42 $instance->setup();
43 }
44 return $instance;
45 }
46}
47
48// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser
new file mode 100644
index 00000000..e8b08128
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser
@@ -0,0 +1 @@
a:253:{s:4:"fnof";s:2:"ƒ";s:5:"Alpha";s:2:"Α";s:4:"Beta";s:2:"Β";s:5:"Gamma";s:2:"Γ";s:5:"Delta";s:2:"Δ";s:7:"Epsilon";s:2:"Ε";s:4:"Zeta";s:2:"Ζ";s:3:"Eta";s:2:"Η";s:5:"Theta";s:2:"Θ";s:4:"Iota";s:2:"Ι";s:5:"Kappa";s:2:"Κ";s:6:"Lambda";s:2:"Λ";s:2:"Mu";s:2:"Μ";s:2:"Nu";s:2:"Ν";s:2:"Xi";s:2:"Ξ";s:7:"Omicron";s:2:"Ο";s:2:"Pi";s:2:"Π";s:3:"Rho";s:2:"Ρ";s:5:"Sigma";s:2:"Σ";s:3:"Tau";s:2:"Τ";s:7:"Upsilon";s:2:"Υ";s:3:"Phi";s:2:"Φ";s:3:"Chi";s:2:"Χ";s:3:"Psi";s:2:"Ψ";s:5:"Omega";s:2:"Ω";s:5:"alpha";s:2:"α";s:4:"beta";s:2:"β";s:5:"gamma";s:2:"γ";s:5:"delta";s:2:"δ";s:7:"epsilon";s:2:"ε";s:4:"zeta";s:2:"ζ";s:3:"eta";s:2:"η";s:5:"theta";s:2:"θ";s:4:"iota";s:2:"ι";s:5:"kappa";s:2:"κ";s:6:"lambda";s:2:"λ";s:2:"mu";s:2:"μ";s:2:"nu";s:2:"ν";s:2:"xi";s:2:"ξ";s:7:"omicron";s:2:"ο";s:2:"pi";s:2:"π";s:3:"rho";s:2:"ρ";s:6:"sigmaf";s:2:"ς";s:5:"sigma";s:2:"σ";s:3:"tau";s:2:"τ";s:7:"upsilon";s:2:"υ";s:3:"phi";s:2:"φ";s:3:"chi";s:2:"χ";s:3:"psi";s:2:"ψ";s:5:"omega";s:2:"ω";s:8:"thetasym";s:2:"ϑ";s:5:"upsih";s:2:"ϒ";s:3:"piv";s:2:"ϖ";s:4:"bull";s:3:"•";s:6:"hellip";s:3:"…";s:5:"prime";s:3:"′";s:5:"Prime";s:3:"″";s:5:"oline";s:3:"‾";s:5:"frasl";s:3:"⁄";s:6:"weierp";s:3:"℘";s:5:"image";s:3:"ℑ";s:4:"real";s:3:"ℜ";s:5:"trade";s:3:"™";s:7:"alefsym";s:3:"ℵ";s:4:"larr";s:3:"←";s:4:"uarr";s:3:"↑";s:4:"rarr";s:3:"→";s:4:"darr";s:3:"↓";s:4:"harr";s:3:"↔";s:5:"crarr";s:3:"↵";s:4:"lArr";s:3:"⇐";s:4:"uArr";s:3:"⇑";s:4:"rArr";s:3:"⇒";s:4:"dArr";s:3:"⇓";s:4:"hArr";s:3:"⇔";s:6:"forall";s:3:"∀";s:4:"part";s:3:"∂";s:5:"exist";s:3:"∃";s:5:"empty";s:3:"∅";s:5:"nabla";s:3:"∇";s:4:"isin";s:3:"∈";s:5:"notin";s:3:"∉";s:2:"ni";s:3:"∋";s:4:"prod";s:3:"∏";s:3:"sum";s:3:"∑";s:5:"minus";s:3:"−";s:6:"lowast";s:3:"∗";s:5:"radic";s:3:"√";s:4:"prop";s:3:"∝";s:5:"infin";s:3:"∞";s:3:"ang";s:3:"∠";s:3:"and";s:3:"∧";s:2:"or";s:3:"∨";s:3:"cap";s:3:"∩";s:3:"cup";s:3:"∪";s:3:"int";s:3:"∫";s:6:"there4";s:3:"∴";s:3:"sim";s:3:"∼";s:4:"cong";s:3:"≅";s:5:"asymp";s:3:"≈";s:2:"ne";s:3:"≠";s:5:"equiv";s:3:"≡";s:2:"le";s:3:"≤";s:2:"ge";s:3:"≥";s:3:"sub";s:3:"⊂";s:3:"sup";s:3:"⊃";s:4:"nsub";s:3:"⊄";s:4:"sube";s:3:"⊆";s:4:"supe";s:3:"⊇";s:5:"oplus";s:3:"⊕";s:6:"otimes";s:3:"⊗";s:4:"perp";s:3:"⊥";s:4:"sdot";s:3:"⋅";s:5:"lceil";s:3:"⌈";s:5:"rceil";s:3:"⌉";s:6:"lfloor";s:3:"⌊";s:6:"rfloor";s:3:"⌋";s:4:"lang";s:3:"〈";s:4:"rang";s:3:"〉";s:3:"loz";s:3:"◊";s:6:"spades";s:3:"♠";s:5:"clubs";s:3:"♣";s:6:"hearts";s:3:"♥";s:5:"diams";s:3:"♦";s:4:"quot";s:1:""";s:3:"amp";s:1:"&";s:2:"lt";s:1:"<";s:2:"gt";s:1:">";s:4:"apos";s:1:"'";s:5:"OElig";s:2:"Œ";s:5:"oelig";s:2:"œ";s:6:"Scaron";s:2:"Š";s:6:"scaron";s:2:"š";s:4:"Yuml";s:2:"Ÿ";s:4:"circ";s:2:"ˆ";s:5:"tilde";s:2:"˜";s:4:"ensp";s:3:" ";s:4:"emsp";s:3:" ";s:6:"thinsp";s:3:" ";s:4:"zwnj";s:3:"‌";s:3:"zwj";s:3:"‍";s:3:"lrm";s:3:"‎";s:3:"rlm";s:3:"‏";s:5:"ndash";s:3:"–";s:5:"mdash";s:3:"—";s:5:"lsquo";s:3:"‘";s:5:"rsquo";s:3:"’";s:5:"sbquo";s:3:"‚";s:5:"ldquo";s:3:"“";s:5:"rdquo";s:3:"”";s:5:"bdquo";s:3:"„";s:6:"dagger";s:3:"†";s:6:"Dagger";s:3:"‡";s:6:"permil";s:3:"‰";s:6:"lsaquo";s:3:"‹";s:6:"rsaquo";s:3:"›";s:4:"euro";s:3:"€";s:4:"nbsp";s:2:" ";s:5:"iexcl";s:2:"¡";s:4:"cent";s:2:"¢";s:5:"pound";s:2:"£";s:6:"curren";s:2:"¤";s:3:"yen";s:2:"¥";s:6:"brvbar";s:2:"¦";s:4:"sect";s:2:"§";s:3:"uml";s:2:"¨";s:4:"copy";s:2:"©";s:4:"ordf";s:2:"ª";s:5:"laquo";s:2:"«";s:3:"not";s:2:"¬";s:3:"shy";s:2:"­";s:3:"reg";s:2:"®";s:4:"macr";s:2:"¯";s:3:"deg";s:2:"°";s:6:"plusmn";s:2:"±";s:4:"sup2";s:2:"²";s:4:"sup3";s:2:"³";s:5:"acute";s:2:"´";s:5:"micro";s:2:"µ";s:4:"para";s:2:"¶";s:6:"middot";s:2:"·";s:5:"cedil";s:2:"¸";s:4:"sup1";s:2:"¹";s:4:"ordm";s:2:"º";s:5:"raquo";s:2:"»";s:6:"frac14";s:2:"¼";s:6:"frac12";s:2:"½";s:6:"frac34";s:2:"¾";s:6:"iquest";s:2:"¿";s:6:"Agrave";s:2:"À";s:6:"Aacute";s:2:"Á";s:5:"Acirc";s:2:"Â";s:6:"Atilde";s:2:"Ã";s:4:"Auml";s:2:"Ä";s:5:"Aring";s:2:"Å";s:5:"AElig";s:2:"Æ";s:6:"Ccedil";s:2:"Ç";s:6:"Egrave";s:2:"È";s:6:"Eacute";s:2:"É";s:5:"Ecirc";s:2:"Ê";s:4:"Euml";s:2:"Ë";s:6:"Igrave";s:2:"Ì";s:6:"Iacute";s:2:"Í";s:5:"Icirc";s:2:"Î";s:4:"Iuml";s:2:"Ï";s:3:"ETH";s:2:"Ð";s:6:"Ntilde";s:2:"Ñ";s:6:"Ograve";s:2:"Ò";s:6:"Oacute";s:2:"Ó";s:5:"Ocirc";s:2:"Ô";s:6:"Otilde";s:2:"Õ";s:4:"Ouml";s:2:"Ö";s:5:"times";s:2:"×";s:6:"Oslash";s:2:"Ø";s:6:"Ugrave";s:2:"Ù";s:6:"Uacute";s:2:"Ú";s:5:"Ucirc";s:2:"Û";s:4:"Uuml";s:2:"Ü";s:6:"Yacute";s:2:"Ý";s:5:"THORN";s:2:"Þ";s:5:"szlig";s:2:"ß";s:6:"agrave";s:2:"à";s:6:"aacute";s:2:"á";s:5:"acirc";s:2:"â";s:6:"atilde";s:2:"ã";s:4:"auml";s:2:"ä";s:5:"aring";s:2:"å";s:5:"aelig";s:2:"æ";s:6:"ccedil";s:2:"ç";s:6:"egrave";s:2:"è";s:6:"eacute";s:2:"é";s:5:"ecirc";s:2:"ê";s:4:"euml";s:2:"ë";s:6:"igrave";s:2:"ì";s:6:"iacute";s:2:"í";s:5:"icirc";s:2:"î";s:4:"iuml";s:2:"ï";s:3:"eth";s:2:"ð";s:6:"ntilde";s:2:"ñ";s:6:"ograve";s:2:"ò";s:6:"oacute";s:2:"ó";s:5:"ocirc";s:2:"ô";s:6:"otilde";s:2:"õ";s:4:"ouml";s:2:"ö";s:6:"divide";s:2:"÷";s:6:"oslash";s:2:"ø";s:6:"ugrave";s:2:"ù";s:6:"uacute";s:2:"ú";s:5:"ucirc";s:2:"û";s:4:"uuml";s:2:"ü";s:6:"yacute";s:2:"ý";s:5:"thorn";s:2:"þ";s:4:"yuml";s:2:"ÿ";} \ No newline at end of file
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityParser.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityParser.php
new file mode 100644
index 00000000..432a4f9c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/EntityParser.php
@@ -0,0 +1,153 @@
1<?php
2
3// if want to implement error collecting here, we'll need to use some sort
4// of global data (probably trigger_error) because it's impossible to pass
5// $config or $context to the callback functions.
6
7/**
8 * Handles referencing and derefencing character entities
9 */
10class HTMLPurifier_EntityParser
11{
12
13 /**
14 * Reference to entity lookup table.
15 * @type HTMLPurifier_EntityLookup
16 */
17 protected $_entity_lookup;
18
19 /**
20 * Callback regex string for parsing entities.
21 * @type string
22 */
23 protected $_substituteEntitiesRegex =
24 '/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
25 // 1. hex 2. dec 3. string (XML style)
26
27 /**
28 * Decimal to parsed string conversion table for special entities.
29 * @type array
30 */
31 protected $_special_dec2str =
32 array(
33 34 => '"',
34 38 => '&',
35 39 => "'",
36 60 => '<',
37 62 => '>'
38 );
39
40 /**
41 * Stripped entity names to decimal conversion table for special entities.
42 * @type array
43 */
44 protected $_special_ent2dec =
45 array(
46 'quot' => 34,
47 'amp' => 38,
48 'lt' => 60,
49 'gt' => 62
50 );
51
52 /**
53 * Substitutes non-special entities with their parsed equivalents. Since
54 * running this whenever you have parsed character is t3h 5uck, we run
55 * it before everything else.
56 *
57 * @param string $string String to have non-special entities parsed.
58 * @return string Parsed string.
59 */
60 public function substituteNonSpecialEntities($string)
61 {
62 // it will try to detect missing semicolons, but don't rely on it
63 return preg_replace_callback(
64 $this->_substituteEntitiesRegex,
65 array($this, 'nonSpecialEntityCallback'),
66 $string
67 );
68 }
69
70 /**
71 * Callback function for substituteNonSpecialEntities() that does the work.
72 *
73 * @param array $matches PCRE matches array, with 0 the entire match, and
74 * either index 1, 2 or 3 set with a hex value, dec value,
75 * or string (respectively).
76 * @return string Replacement string.
77 */
78
79 protected function nonSpecialEntityCallback($matches)
80 {
81 // replaces all but big five
82 $entity = $matches[0];
83 $is_num = (@$matches[0][1] === '#');
84 if ($is_num) {
85 $is_hex = (@$entity[2] === 'x');
86 $code = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
87 // abort for special characters
88 if (isset($this->_special_dec2str[$code])) {
89 return $entity;
90 }
91 return HTMLPurifier_Encoder::unichr($code);
92 } else {
93 if (isset($this->_special_ent2dec[$matches[3]])) {
94 return $entity;
95 }
96 if (!$this->_entity_lookup) {
97 $this->_entity_lookup = HTMLPurifier_EntityLookup::instance();
98 }
99 if (isset($this->_entity_lookup->table[$matches[3]])) {
100 return $this->_entity_lookup->table[$matches[3]];
101 } else {
102 return $entity;
103 }
104 }
105 }
106
107 /**
108 * Substitutes only special entities with their parsed equivalents.
109 *
110 * @notice We try to avoid calling this function because otherwise, it
111 * would have to be called a lot (for every parsed section).
112 *
113 * @param string $string String to have non-special entities parsed.
114 * @return string Parsed string.
115 */
116 public function substituteSpecialEntities($string)
117 {
118 return preg_replace_callback(
119 $this->_substituteEntitiesRegex,
120 array($this, 'specialEntityCallback'),
121 $string
122 );
123 }
124
125 /**
126 * Callback function for substituteSpecialEntities() that does the work.
127 *
128 * This callback has same syntax as nonSpecialEntityCallback().
129 *
130 * @param array $matches PCRE-style matches array, with 0 the entire match, and
131 * either index 1, 2 or 3 set with a hex value, dec value,
132 * or string (respectively).
133 * @return string Replacement string.
134 */
135 protected function specialEntityCallback($matches)
136 {
137 $entity = $matches[0];
138 $is_num = (@$matches[0][1] === '#');
139 if ($is_num) {
140 $is_hex = (@$entity[2] === 'x');
141 $int = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
142 return isset($this->_special_dec2str[$int]) ?
143 $this->_special_dec2str[$int] :
144 $entity;
145 } else {
146 return isset($this->_special_ent2dec[$matches[3]]) ?
147 $this->_special_ent2dec[$matches[3]] :
148 $entity;
149 }
150 }
151}
152
153// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorCollector.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorCollector.php
new file mode 100644
index 00000000..a6cbcaa0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorCollector.php
@@ -0,0 +1,244 @@
1<?php
2
3/**
4 * Error collection class that enables HTML Purifier to report HTML
5 * problems back to the user
6 */
7class HTMLPurifier_ErrorCollector
8{
9
10 /**
11 * Identifiers for the returned error array. These are purposely numeric
12 * so list() can be used.
13 */
14 const LINENO = 0;
15 const SEVERITY = 1;
16 const MESSAGE = 2;
17 const CHILDREN = 3;
18
19 /**
20 * @type array
21 */
22 protected $errors;
23
24 /**
25 * @type array
26 */
27 protected $_current;
28
29 /**
30 * @type array
31 */
32 protected $_stacks = array(array());
33
34 /**
35 * @type HTMLPurifier_Language
36 */
37 protected $locale;
38
39 /**
40 * @type HTMLPurifier_Generator
41 */
42 protected $generator;
43
44 /**
45 * @type HTMLPurifier_Context
46 */
47 protected $context;
48
49 /**
50 * @type array
51 */
52 protected $lines = array();
53
54 /**
55 * @param HTMLPurifier_Context $context
56 */
57 public function __construct($context)
58 {
59 $this->locale =& $context->get('Locale');
60 $this->context = $context;
61 $this->_current =& $this->_stacks[0];
62 $this->errors =& $this->_stacks[0];
63 }
64
65 /**
66 * Sends an error message to the collector for later use
67 * @param int $severity Error severity, PHP error style (don't use E_USER_)
68 * @param string $msg Error message text
69 */
70 public function send($severity, $msg)
71 {
72 $args = array();
73 if (func_num_args() > 2) {
74 $args = func_get_args();
75 array_shift($args);
76 unset($args[0]);
77 }
78
79 $token = $this->context->get('CurrentToken', true);
80 $line = $token ? $token->line : $this->context->get('CurrentLine', true);
81 $col = $token ? $token->col : $this->context->get('CurrentCol', true);
82 $attr = $this->context->get('CurrentAttr', true);
83
84 // perform special substitutions, also add custom parameters
85 $subst = array();
86 if (!is_null($token)) {
87 $args['CurrentToken'] = $token;
88 }
89 if (!is_null($attr)) {
90 $subst['$CurrentAttr.Name'] = $attr;
91 if (isset($token->attr[$attr])) {
92 $subst['$CurrentAttr.Value'] = $token->attr[$attr];
93 }
94 }
95
96 if (empty($args)) {
97 $msg = $this->locale->getMessage($msg);
98 } else {
99 $msg = $this->locale->formatMessage($msg, $args);
100 }
101
102 if (!empty($subst)) {
103 $msg = strtr($msg, $subst);
104 }
105
106 // (numerically indexed)
107 $error = array(
108 self::LINENO => $line,
109 self::SEVERITY => $severity,
110 self::MESSAGE => $msg,
111 self::CHILDREN => array()
112 );
113 $this->_current[] = $error;
114
115 // NEW CODE BELOW ...
116 // Top-level errors are either:
117 // TOKEN type, if $value is set appropriately, or
118 // "syntax" type, if $value is null
119 $new_struct = new HTMLPurifier_ErrorStruct();
120 $new_struct->type = HTMLPurifier_ErrorStruct::TOKEN;
121 if ($token) {
122 $new_struct->value = clone $token;
123 }
124 if (is_int($line) && is_int($col)) {
125 if (isset($this->lines[$line][$col])) {
126 $struct = $this->lines[$line][$col];
127 } else {
128 $struct = $this->lines[$line][$col] = $new_struct;
129 }
130 // These ksorts may present a performance problem
131 ksort($this->lines[$line], SORT_NUMERIC);
132 } else {
133 if (isset($this->lines[-1])) {
134 $struct = $this->lines[-1];
135 } else {
136 $struct = $this->lines[-1] = $new_struct;
137 }
138 }
139 ksort($this->lines, SORT_NUMERIC);
140
141 // Now, check if we need to operate on a lower structure
142 if (!empty($attr)) {
143 $struct = $struct->getChild(HTMLPurifier_ErrorStruct::ATTR, $attr);
144 if (!$struct->value) {
145 $struct->value = array($attr, 'PUT VALUE HERE');
146 }
147 }
148 if (!empty($cssprop)) {
149 $struct = $struct->getChild(HTMLPurifier_ErrorStruct::CSSPROP, $cssprop);
150 if (!$struct->value) {
151 // if we tokenize CSS this might be a little more difficult to do
152 $struct->value = array($cssprop, 'PUT VALUE HERE');
153 }
154 }
155
156 // Ok, structs are all setup, now time to register the error
157 $struct->addError($severity, $msg);
158 }
159
160 /**
161 * Retrieves raw error data for custom formatter to use
162 */
163 public function getRaw()
164 {
165 return $this->errors;
166 }
167
168 /**
169 * Default HTML formatting implementation for error messages
170 * @param HTMLPurifier_Config $config Configuration, vital for HTML output nature
171 * @param array $errors Errors array to display; used for recursion.
172 * @return string
173 */
174 public function getHTMLFormatted($config, $errors = null)
175 {
176 $ret = array();
177
178 $this->generator = new HTMLPurifier_Generator($config, $this->context);
179 if ($errors === null) {
180 $errors = $this->errors;
181 }
182
183 // 'At line' message needs to be removed
184
185 // generation code for new structure goes here. It needs to be recursive.
186 foreach ($this->lines as $line => $col_array) {
187 if ($line == -1) {
188 continue;
189 }
190 foreach ($col_array as $col => $struct) {
191 $this->_renderStruct($ret, $struct, $line, $col);
192 }
193 }
194 if (isset($this->lines[-1])) {
195 $this->_renderStruct($ret, $this->lines[-1]);
196 }
197
198 if (empty($errors)) {
199 return '<p>' . $this->locale->getMessage('ErrorCollector: No errors') . '</p>';
200 } else {
201 return '<ul><li>' . implode('</li><li>', $ret) . '</li></ul>';
202 }
203
204 }
205
206 private function _renderStruct(&$ret, $struct, $line = null, $col = null)
207 {
208 $stack = array($struct);
209 $context_stack = array(array());
210 while ($current = array_pop($stack)) {
211 $context = array_pop($context_stack);
212 foreach ($current->errors as $error) {
213 list($severity, $msg) = $error;
214 $string = '';
215 $string .= '<div>';
216 // W3C uses an icon to indicate the severity of the error.
217 $error = $this->locale->getErrorName($severity);
218 $string .= "<span class=\"error e$severity\"><strong>$error</strong></span> ";
219 if (!is_null($line) && !is_null($col)) {
220 $string .= "<em class=\"location\">Line $line, Column $col: </em> ";
221 } else {
222 $string .= '<em class="location">End of Document: </em> ';
223 }
224 $string .= '<strong class="description">' . $this->generator->escape($msg) . '</strong> ';
225 $string .= '</div>';
226 // Here, have a marker for the character on the column appropriate.
227 // Be sure to clip extremely long lines.
228 //$string .= '<pre>';
229 //$string .= '';
230 //$string .= '</pre>';
231 $ret[] = $string;
232 }
233 foreach ($current->children as $array) {
234 $context[] = $current;
235 $stack = array_merge($stack, array_reverse($array, true));
236 for ($i = count($array); $i > 0; $i--) {
237 $context_stack[] = $context;
238 }
239 }
240 }
241 }
242}
243
244// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorStruct.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorStruct.php
new file mode 100644
index 00000000..a6c0da29
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/ErrorStruct.php
@@ -0,0 +1,74 @@
1<?php
2
3/**
4 * Records errors for particular segments of an HTML document such as tokens,
5 * attributes or CSS properties. They can contain error structs (which apply
6 * to components of what they represent), but their main purpose is to hold
7 * errors applying to whatever struct is being used.
8 */
9class HTMLPurifier_ErrorStruct
10{
11
12 /**
13 * Possible values for $children first-key. Note that top-level structures
14 * are automatically token-level.
15 */
16 const TOKEN = 0;
17 const ATTR = 1;
18 const CSSPROP = 2;
19
20 /**
21 * Type of this struct.
22 * @type string
23 */
24 public $type;
25
26 /**
27 * Value of the struct we are recording errors for. There are various
28 * values for this:
29 * - TOKEN: Instance of HTMLPurifier_Token
30 * - ATTR: array('attr-name', 'value')
31 * - CSSPROP: array('prop-name', 'value')
32 * @type mixed
33 */
34 public $value;
35
36 /**
37 * Errors registered for this structure.
38 * @type array
39 */
40 public $errors = array();
41
42 /**
43 * Child ErrorStructs that are from this structure. For example, a TOKEN
44 * ErrorStruct would contain ATTR ErrorStructs. This is a multi-dimensional
45 * array in structure: [TYPE]['identifier']
46 * @type array
47 */
48 public $children = array();
49
50 /**
51 * @param string $type
52 * @param string $id
53 * @return mixed
54 */
55 public function getChild($type, $id)
56 {
57 if (!isset($this->children[$type][$id])) {
58 $this->children[$type][$id] = new HTMLPurifier_ErrorStruct();
59 $this->children[$type][$id]->type = $type;
60 }
61 return $this->children[$type][$id];
62 }
63
64 /**
65 * @param int $severity
66 * @param string $message
67 */
68 public function addError($severity, $message)
69 {
70 $this->errors[] = array($severity, $message);
71 }
72}
73
74// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Exception.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Exception.php
new file mode 100644
index 00000000..defe157e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Exception.php
@@ -0,0 +1,12 @@
1<?php
2
3/**
4 * Global exception class for HTML Purifier; any exceptions we throw
5 * are from here.
6 */
7class HTMLPurifier_Exception extends Exception
8{
9
10}
11
12// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter.php
new file mode 100644
index 00000000..2f85b93f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * Represents a pre or post processing filter on HTML Purifier's output
5 *
6 * Sometimes, a little ad-hoc fixing of HTML has to be done before
7 * it gets sent through HTML Purifier: you can use filters to acheive
8 * this effect. For instance, YouTube videos can be preserved using
9 * this manner. You could have used a decorator for this task, but
10 * PHP's support for them is not terribly robust, so we're going
11 * to just loop through the filters.
12 *
13 * Filters should be exited first in, last out. If there are three filters,
14 * named 1, 2 and 3, the order of execution should go 1->preFilter,
15 * 2->preFilter, 3->preFilter, purify, 3->postFilter, 2->postFilter,
16 * 1->postFilter.
17 *
18 * @note Methods are not declared abstract as it is perfectly legitimate
19 * for an implementation not to want anything to happen on a step
20 */
21
22class HTMLPurifier_Filter
23{
24
25 /**
26 * Name of the filter for identification purposes.
27 * @type string
28 */
29 public $name;
30
31 /**
32 * Pre-processor function, handles HTML before HTML Purifier
33 * @param string $html
34 * @param HTMLPurifier_Config $config
35 * @param HTMLPurifier_Context $context
36 * @return string
37 */
38 public function preFilter($html, $config, $context)
39 {
40 return $html;
41 }
42
43 /**
44 * Post-processor function, handles HTML after HTML Purifier
45 * @param string $html
46 * @param HTMLPurifier_Config $config
47 * @param HTMLPurifier_Context $context
48 * @return string
49 */
50 public function postFilter($html, $config, $context)
51 {
52 return $html;
53 }
54}
55
56// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php
new file mode 100644
index 00000000..9a115d86
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php
@@ -0,0 +1,338 @@
1<?php
2
3// why is this a top level function? Because PHP 5.2.0 doesn't seem to
4// understand how to interpret this filter if it's a static method.
5// It's all really silly, but if we go this route it might be reasonable
6// to coalesce all of these methods into one.
7function htmlpurifier_filter_extractstyleblocks_muteerrorhandler()
8{
9}
10
11/**
12 * This filter extracts <style> blocks from input HTML, cleans them up
13 * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')
14 * so they can be used elsewhere in the document.
15 *
16 * @note
17 * See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for
18 * sample usage.
19 *
20 * @note
21 * This filter can also be used on stylesheets not included in the
22 * document--something purists would probably prefer. Just directly
23 * call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()
24 */
25class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
26{
27 /**
28 * @type string
29 */
30 public $name = 'ExtractStyleBlocks';
31
32 /**
33 * @type array
34 */
35 private $_styleMatches = array();
36
37 /**
38 * @type csstidy
39 */
40 private $_tidy;
41
42 /**
43 * @type HTMLPurifier_AttrDef_HTML_ID
44 */
45 private $_id_attrdef;
46
47 /**
48 * @type HTMLPurifier_AttrDef_CSS_Ident
49 */
50 private $_class_attrdef;
51
52 /**
53 * @type HTMLPurifier_AttrDef_Enum
54 */
55 private $_enum_attrdef;
56
57 public function __construct()
58 {
59 $this->_tidy = new csstidy();
60 $this->_tidy->set_cfg('lowercase_s', false);
61 $this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);
62 $this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();
63 $this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(
64 array(
65 'first-child',
66 'link',
67 'visited',
68 'active',
69 'hover',
70 'focus'
71 )
72 );
73 }
74
75 /**
76 * Save the contents of CSS blocks to style matches
77 * @param array $matches preg_replace style $matches array
78 */
79 protected function styleCallback($matches)
80 {
81 $this->_styleMatches[] = $matches[1];
82 }
83
84 /**
85 * Removes inline <style> tags from HTML, saves them for later use
86 * @param string $html
87 * @param HTMLPurifier_Config $config
88 * @param HTMLPurifier_Context $context
89 * @return string
90 * @todo Extend to indicate non-text/css style blocks
91 */
92 public function preFilter($html, $config, $context)
93 {
94 $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');
95 if ($tidy !== null) {
96 $this->_tidy = $tidy;
97 }
98 $html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);
99 $style_blocks = $this->_styleMatches;
100 $this->_styleMatches = array(); // reset
101 $context->register('StyleBlocks', $style_blocks); // $context must not be reused
102 if ($this->_tidy) {
103 foreach ($style_blocks as &$style) {
104 $style = $this->cleanCSS($style, $config, $context);
105 }
106 }
107 return $html;
108 }
109
110 /**
111 * Takes CSS (the stuff found in <style>) and cleans it.
112 * @warning Requires CSSTidy <http://csstidy.sourceforge.net/>
113 * @param string $css CSS styling to clean
114 * @param HTMLPurifier_Config $config
115 * @param HTMLPurifier_Context $context
116 * @throws HTMLPurifier_Exception
117 * @return string Cleaned CSS
118 */
119 public function cleanCSS($css, $config, $context)
120 {
121 // prepare scope
122 $scope = $config->get('Filter.ExtractStyleBlocks.Scope');
123 if ($scope !== null) {
124 $scopes = array_map('trim', explode(',', $scope));
125 } else {
126 $scopes = array();
127 }
128 // remove comments from CSS
129 $css = trim($css);
130 if (strncmp('<!--', $css, 4) === 0) {
131 $css = substr($css, 4);
132 }
133 if (strlen($css) > 3 && substr($css, -3) == '-->') {
134 $css = substr($css, 0, -3);
135 }
136 $css = trim($css);
137 set_error_handler('htmlpurifier_filter_extractstyleblocks_muteerrorhandler');
138 $this->_tidy->parse($css);
139 restore_error_handler();
140 $css_definition = $config->getDefinition('CSS');
141 $html_definition = $config->getDefinition('HTML');
142 $new_css = array();
143 foreach ($this->_tidy->css as $k => $decls) {
144 // $decls are all CSS declarations inside an @ selector
145 $new_decls = array();
146 foreach ($decls as $selector => $style) {
147 $selector = trim($selector);
148 if ($selector === '') {
149 continue;
150 } // should not happen
151 // Parse the selector
152 // Here is the relevant part of the CSS grammar:
153 //
154 // ruleset
155 // : selector [ ',' S* selector ]* '{' ...
156 // selector
157 // : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?
158 // combinator
159 // : '+' S*
160 // : '>' S*
161 // simple_selector
162 // : element_name [ HASH | class | attrib | pseudo ]*
163 // | [ HASH | class | attrib | pseudo ]+
164 // element_name
165 // : IDENT | '*'
166 // ;
167 // class
168 // : '.' IDENT
169 // ;
170 // attrib
171 // : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*
172 // [ IDENT | STRING ] S* ]? ']'
173 // ;
174 // pseudo
175 // : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]
176 // ;
177 //
178 // For reference, here are the relevant tokens:
179 //
180 // HASH #{name}
181 // IDENT {ident}
182 // INCLUDES ==
183 // DASHMATCH |=
184 // STRING {string}
185 // FUNCTION {ident}\(
186 //
187 // And the lexical scanner tokens
188 //
189 // name {nmchar}+
190 // nmchar [_a-z0-9-]|{nonascii}|{escape}
191 // nonascii [\240-\377]
192 // escape {unicode}|\\[^\r\n\f0-9a-f]
193 // unicode \\{h}}{1,6}(\r\n|[ \t\r\n\f])?
194 // ident -?{nmstart}{nmchar*}
195 // nmstart [_a-z]|{nonascii}|{escape}
196 // string {string1}|{string2}
197 // string1 \"([^\n\r\f\\"]|\\{nl}|{escape})*\"
198 // string2 \'([^\n\r\f\\"]|\\{nl}|{escape})*\'
199 //
200 // We'll implement a subset (in order to reduce attack
201 // surface); in particular:
202 //
203 // - No Unicode support
204 // - No escapes support
205 // - No string support (by proxy no attrib support)
206 // - element_name is matched against allowed
207 // elements (some people might find this
208 // annoying...)
209 // - Pseudo-elements one of :first-child, :link,
210 // :visited, :active, :hover, :focus
211
212 // handle ruleset
213 $selectors = array_map('trim', explode(',', $selector));
214 $new_selectors = array();
215 foreach ($selectors as $sel) {
216 // split on +, > and spaces
217 $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);
218 // even indices are chunks, odd indices are
219 // delimiters
220 $nsel = null;
221 $delim = null; // guaranteed to be non-null after
222 // two loop iterations
223 for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {
224 $x = $basic_selectors[$i];
225 if ($i % 2) {
226 // delimiter
227 if ($x === ' ') {
228 $delim = ' ';
229 } else {
230 $delim = ' ' . $x . ' ';
231 }
232 } else {
233 // simple selector
234 $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);
235 $sdelim = null;
236 $nx = null;
237 for ($j = 0, $cc = count($components); $j < $cc; $j++) {
238 $y = $components[$j];
239 if ($j === 0) {
240 if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {
241 $nx = $y;
242 } else {
243 // $nx stays null; this matters
244 // if we don't manage to find
245 // any valid selector content,
246 // in which case we ignore the
247 // outer $delim
248 }
249 } elseif ($j % 2) {
250 // set delimiter
251 $sdelim = $y;
252 } else {
253 $attrdef = null;
254 if ($sdelim === '#') {
255 $attrdef = $this->_id_attrdef;
256 } elseif ($sdelim === '.') {
257 $attrdef = $this->_class_attrdef;
258 } elseif ($sdelim === ':') {
259 $attrdef = $this->_enum_attrdef;
260 } else {
261 throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');
262 }
263 $r = $attrdef->validate($y, $config, $context);
264 if ($r !== false) {
265 if ($r !== true) {
266 $y = $r;
267 }
268 if ($nx === null) {
269 $nx = '';
270 }
271 $nx .= $sdelim . $y;
272 }
273 }
274 }
275 if ($nx !== null) {
276 if ($nsel === null) {
277 $nsel = $nx;
278 } else {
279 $nsel .= $delim . $nx;
280 }
281 } else {
282 // delimiters to the left of invalid
283 // basic selector ignored
284 }
285 }
286 }
287 if ($nsel !== null) {
288 if (!empty($scopes)) {
289 foreach ($scopes as $s) {
290 $new_selectors[] = "$s $nsel";
291 }
292 } else {
293 $new_selectors[] = $nsel;
294 }
295 }
296 }
297 if (empty($new_selectors)) {
298 continue;
299 }
300 $selector = implode(', ', $new_selectors);
301 foreach ($style as $name => $value) {
302 if (!isset($css_definition->info[$name])) {
303 unset($style[$name]);
304 continue;
305 }
306 $def = $css_definition->info[$name];
307 $ret = $def->validate($value, $config, $context);
308 if ($ret === false) {
309 unset($style[$name]);
310 } else {
311 $style[$name] = $ret;
312 }
313 }
314 $new_decls[$selector] = $style;
315 }
316 $new_css[$k] = $new_decls;
317 }
318 // remove stuff that shouldn't be used, could be reenabled
319 // after security risks are analyzed
320 $this->_tidy->css = $new_css;
321 $this->_tidy->import = array();
322 $this->_tidy->charset = null;
323 $this->_tidy->namespace = null;
324 $css = $this->_tidy->print->plain();
325 // we are going to escape any special characters <>& to ensure
326 // that no funny business occurs (i.e. </style> in a font-family prop).
327 if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {
328 $css = str_replace(
329 array('<', '>', '&'),
330 array('\3C ', '\3E ', '\26 '),
331 $css
332 );
333 }
334 return $css;
335 }
336}
337
338// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/YouTube.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/YouTube.php
new file mode 100644
index 00000000..9200802a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Filter/YouTube.php
@@ -0,0 +1,65 @@
1<?php
2
3class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
4{
5
6 /**
7 * @type string
8 */
9 public $name = 'YouTube';
10
11 /**
12 * @param string $html
13 * @param HTMLPurifier_Config $config
14 * @param HTMLPurifier_Context $context
15 * @return string
16 */
17 public function preFilter($html, $config, $context)
18 {
19 $pre_regex = '#<object[^>]+>.+?' .
20 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s';
21 $pre_replace = '<span class="youtube-embed">\1</span>';
22 return preg_replace($pre_regex, $pre_replace, $html);
23 }
24
25 /**
26 * @param string $html
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return string
30 */
31 public function postFilter($html, $config, $context)
32 {
33 $post_regex = '#<span class="youtube-embed">((?:v|cp)/[A-Za-z0-9\-_=]+)</span>#';
34 return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
35 }
36
37 /**
38 * @param $url
39 * @return string
40 */
41 protected function armorUrl($url)
42 {
43 return str_replace('--', '-&#45;', $url);
44 }
45
46 /**
47 * @param array $matches
48 * @return string
49 */
50 protected function postFilterCallback($matches)
51 {
52 $url = $this->armorUrl($matches[1]);
53 return '<object width="425" height="350" type="application/x-shockwave-flash" ' .
54 'data="http://www.youtube.com/' . $url . '">' .
55 '<param name="movie" value="http://www.youtube.com/' . $url . '"></param>' .
56 '<!--[if IE]>' .
57 '<embed src="http://www.youtube.com/' . $url . '"' .
58 'type="application/x-shockwave-flash"' .
59 'wmode="transparent" width="425" height="350" />' .
60 '<![endif]-->' .
61 '</object>';
62 }
63}
64
65// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Generator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Generator.php
new file mode 100644
index 00000000..ca76ba6c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Generator.php
@@ -0,0 +1,286 @@
1<?php
2
3/**
4 * Generates HTML from tokens.
5 * @todo Refactor interface so that configuration/context is determined
6 * upon instantiation, no need for messy generateFromTokens() calls
7 * @todo Make some of the more internal functions protected, and have
8 * unit tests work around that
9 */
10class HTMLPurifier_Generator
11{
12
13 /**
14 * Whether or not generator should produce XML output.
15 * @type bool
16 */
17 private $_xhtml = true;
18
19 /**
20 * :HACK: Whether or not generator should comment the insides of <script> tags.
21 * @type bool
22 */
23 private $_scriptFix = false;
24
25 /**
26 * Cache of HTMLDefinition during HTML output to determine whether or
27 * not attributes should be minimized.
28 * @type HTMLPurifier_HTMLDefinition
29 */
30 private $_def;
31
32 /**
33 * Cache of %Output.SortAttr.
34 * @type bool
35 */
36 private $_sortAttr;
37
38 /**
39 * Cache of %Output.FlashCompat.
40 * @type bool
41 */
42 private $_flashCompat;
43
44 /**
45 * Cache of %Output.FixInnerHTML.
46 * @type bool
47 */
48 private $_innerHTMLFix;
49
50 /**
51 * Stack for keeping track of object information when outputting IE
52 * compatibility code.
53 * @type array
54 */
55 private $_flashStack = array();
56
57 /**
58 * Configuration for the generator
59 * @type HTMLPurifier_Config
60 */
61 protected $config;
62
63 /**
64 * @param HTMLPurifier_Config $config
65 * @param HTMLPurifier_Context $context
66 */
67 public function __construct($config, $context)
68 {
69 $this->config = $config;
70 $this->_scriptFix = $config->get('Output.CommentScriptContents');
71 $this->_innerHTMLFix = $config->get('Output.FixInnerHTML');
72 $this->_sortAttr = $config->get('Output.SortAttr');
73 $this->_flashCompat = $config->get('Output.FlashCompat');
74 $this->_def = $config->getHTMLDefinition();
75 $this->_xhtml = $this->_def->doctype->xml;
76 }
77
78 /**
79 * Generates HTML from an array of tokens.
80 * @param HTMLPurifier_Token[] $tokens Array of HTMLPurifier_Token
81 * @return string Generated HTML
82 */
83 public function generateFromTokens($tokens)
84 {
85 if (!$tokens) {
86 return '';
87 }
88
89 // Basic algorithm
90 $html = '';
91 for ($i = 0, $size = count($tokens); $i < $size; $i++) {
92 if ($this->_scriptFix && $tokens[$i]->name === 'script'
93 && $i + 2 < $size && $tokens[$i+2] instanceof HTMLPurifier_Token_End) {
94 // script special case
95 // the contents of the script block must be ONE token
96 // for this to work.
97 $html .= $this->generateFromToken($tokens[$i++]);
98 $html .= $this->generateScriptFromToken($tokens[$i++]);
99 }
100 $html .= $this->generateFromToken($tokens[$i]);
101 }
102
103 // Tidy cleanup
104 if (extension_loaded('tidy') && $this->config->get('Output.TidyFormat')) {
105 $tidy = new Tidy;
106 $tidy->parseString(
107 $html,
108 array(
109 'indent'=> true,
110 'output-xhtml' => $this->_xhtml,
111 'show-body-only' => true,
112 'indent-spaces' => 2,
113 'wrap' => 68,
114 ),
115 'utf8'
116 );
117 $tidy->cleanRepair();
118 $html = (string) $tidy; // explicit cast necessary
119 }
120
121 // Normalize newlines to system defined value
122 if ($this->config->get('Core.NormalizeNewlines')) {
123 $nl = $this->config->get('Output.Newline');
124 if ($nl === null) {
125 $nl = PHP_EOL;
126 }
127 if ($nl !== "\n") {
128 $html = str_replace("\n", $nl, $html);
129 }
130 }
131 return $html;
132 }
133
134 /**
135 * Generates HTML from a single token.
136 * @param HTMLPurifier_Token $token HTMLPurifier_Token object.
137 * @return string Generated HTML
138 */
139 public function generateFromToken($token)
140 {
141 if (!$token instanceof HTMLPurifier_Token) {
142 trigger_error('Cannot generate HTML from non-HTMLPurifier_Token object', E_USER_WARNING);
143 return '';
144
145 } elseif ($token instanceof HTMLPurifier_Token_Start) {
146 $attr = $this->generateAttributes($token->attr, $token->name);
147 if ($this->_flashCompat) {
148 if ($token->name == "object") {
149 $flash = new stdclass();
150 $flash->attr = $token->attr;
151 $flash->param = array();
152 $this->_flashStack[] = $flash;
153 }
154 }
155 return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
156
157 } elseif ($token instanceof HTMLPurifier_Token_End) {
158 $_extra = '';
159 if ($this->_flashCompat) {
160 if ($token->name == "object" && !empty($this->_flashStack)) {
161 // doesn't do anything for now
162 }
163 }
164 return $_extra . '</' . $token->name . '>';
165
166 } elseif ($token instanceof HTMLPurifier_Token_Empty) {
167 if ($this->_flashCompat && $token->name == "param" && !empty($this->_flashStack)) {
168 $this->_flashStack[count($this->_flashStack)-1]->param[$token->attr['name']] = $token->attr['value'];
169 }
170 $attr = $this->generateAttributes($token->attr, $token->name);
171 return '<' . $token->name . ($attr ? ' ' : '') . $attr .
172 ( $this->_xhtml ? ' /': '' ) // <br /> v. <br>
173 . '>';
174
175 } elseif ($token instanceof HTMLPurifier_Token_Text) {
176 return $this->escape($token->data, ENT_NOQUOTES);
177
178 } elseif ($token instanceof HTMLPurifier_Token_Comment) {
179 return '<!--' . $token->data . '-->';
180 } else {
181 return '';
182
183 }
184 }
185
186 /**
187 * Special case processor for the contents of script tags
188 * @param HTMLPurifier_Token $token HTMLPurifier_Token object.
189 * @return string
190 * @warning This runs into problems if there's already a literal
191 * --> somewhere inside the script contents.
192 */
193 public function generateScriptFromToken($token)
194 {
195 if (!$token instanceof HTMLPurifier_Token_Text) {
196 return $this->generateFromToken($token);
197 }
198 // Thanks <http://lachy.id.au/log/2005/05/script-comments>
199 $data = preg_replace('#//\s*$#', '', $token->data);
200 return '<!--//--><![CDATA[//><!--' . "\n" . trim($data) . "\n" . '//--><!]]>';
201 }
202
203 /**
204 * Generates attribute declarations from attribute array.
205 * @note This does not include the leading or trailing space.
206 * @param array $assoc_array_of_attributes Attribute array
207 * @param string $element Name of element attributes are for, used to check
208 * attribute minimization.
209 * @return string Generated HTML fragment for insertion.
210 */
211 public function generateAttributes($assoc_array_of_attributes, $element = '')
212 {
213 $html = '';
214 if ($this->_sortAttr) {
215 ksort($assoc_array_of_attributes);
216 }
217 foreach ($assoc_array_of_attributes as $key => $value) {
218 if (!$this->_xhtml) {
219 // Remove namespaced attributes
220 if (strpos($key, ':') !== false) {
221 continue;
222 }
223 // Check if we should minimize the attribute: val="val" -> val
224 if ($element && !empty($this->_def->info[$element]->attr[$key]->minimized)) {
225 $html .= $key . ' ';
226 continue;
227 }
228 }
229 // Workaround for Internet Explorer innerHTML bug.
230 // Essentially, Internet Explorer, when calculating
231 // innerHTML, omits quotes if there are no instances of
232 // angled brackets, quotes or spaces. However, when parsing
233 // HTML (for example, when you assign to innerHTML), it
234 // treats backticks as quotes. Thus,
235 // <img alt="``" />
236 // becomes
237 // <img alt=`` />
238 // becomes
239 // <img alt='' />
240 // Fortunately, all we need to do is trigger an appropriate
241 // quoting style, which we do by adding an extra space.
242 // This also is consistent with the W3C spec, which states
243 // that user agents may ignore leading or trailing
244 // whitespace (in fact, most don't, at least for attributes
245 // like alt, but an extra space at the end is barely
246 // noticeable). Still, we have a configuration knob for
247 // this, since this transformation is not necesary if you
248 // don't process user input with innerHTML or you don't plan
249 // on supporting Internet Explorer.
250 if ($this->_innerHTMLFix) {
251 if (strpos($value, '`') !== false) {
252 // check if correct quoting style would not already be
253 // triggered
254 if (strcspn($value, '"\' <>') === strlen($value)) {
255 // protect!
256 $value .= ' ';
257 }
258 }
259 }
260 $html .= $key.'="'.$this->escape($value).'" ';
261 }
262 return rtrim($html);
263 }
264
265 /**
266 * Escapes raw text data.
267 * @todo This really ought to be protected, but until we have a facility
268 * for properly generating HTML here w/o using tokens, it stays
269 * public.
270 * @param string $string String data to escape for HTML.
271 * @param int $quote Quoting style, like htmlspecialchars. ENT_NOQUOTES is
272 * permissible for non-attribute output.
273 * @return string escaped data.
274 */
275 public function escape($string, $quote = null)
276 {
277 // Workaround for APC bug on Mac Leopard reported by sidepodcast
278 // http://htmlpurifier.org/phorum/read.php?3,4823,4846
279 if ($quote === null) {
280 $quote = ENT_COMPAT;
281 }
282 return htmlspecialchars($string, $quote, 'UTF-8');
283 }
284}
285
286// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLDefinition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLDefinition.php
new file mode 100644
index 00000000..027c85d5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLDefinition.php
@@ -0,0 +1,493 @@
1<?php
2
3/**
4 * Definition of the purified HTML that describes allowed children,
5 * attributes, and many other things.
6 *
7 * Conventions:
8 *
9 * All member variables that are prefixed with info
10 * (including the main $info array) are used by HTML Purifier internals
11 * and should not be directly edited when customizing the HTMLDefinition.
12 * They can usually be set via configuration directives or custom
13 * modules.
14 *
15 * On the other hand, member variables without the info prefix are used
16 * internally by the HTMLDefinition and MUST NOT be used by other HTML
17 * Purifier internals. Many of them, however, are public, and may be
18 * edited by userspace code to tweak the behavior of HTMLDefinition.
19 *
20 * @note This class is inspected by Printer_HTMLDefinition; please
21 * update that class if things here change.
22 *
23 * @warning Directives that change this object's structure must be in
24 * the HTML or Attr namespace!
25 */
26class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
27{
28
29 // FULLY-PUBLIC VARIABLES ---------------------------------------------
30
31 /**
32 * Associative array of element names to HTMLPurifier_ElementDef.
33 * @type HTMLPurifier_ElementDef[]
34 */
35 public $info = array();
36
37 /**
38 * Associative array of global attribute name to attribute definition.
39 * @type array
40 */
41 public $info_global_attr = array();
42
43 /**
44 * String name of parent element HTML will be going into.
45 * @type string
46 */
47 public $info_parent = 'div';
48
49 /**
50 * Definition for parent element, allows parent element to be a
51 * tag that's not allowed inside the HTML fragment.
52 * @type HTMLPurifier_ElementDef
53 */
54 public $info_parent_def;
55
56 /**
57 * String name of element used to wrap inline elements in block context.
58 * @type string
59 * @note This is rarely used except for BLOCKQUOTEs in strict mode
60 */
61 public $info_block_wrapper = 'p';
62
63 /**
64 * Associative array of deprecated tag name to HTMLPurifier_TagTransform.
65 * @type array
66 */
67 public $info_tag_transform = array();
68
69 /**
70 * Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
71 * @type HTMLPurifier_AttrTransform[]
72 */
73 public $info_attr_transform_pre = array();
74
75 /**
76 * Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
77 * @type HTMLPurifier_AttrTransform[]
78 */
79 public $info_attr_transform_post = array();
80
81 /**
82 * Nested lookup array of content set name (Block, Inline) to
83 * element name to whether or not it belongs in that content set.
84 * @type array
85 */
86 public $info_content_sets = array();
87
88 /**
89 * Indexed list of HTMLPurifier_Injector to be used.
90 * @type HTMLPurifier_Injector[]
91 */
92 public $info_injector = array();
93
94 /**
95 * Doctype object
96 * @type HTMLPurifier_Doctype
97 */
98 public $doctype;
99
100
101
102 // RAW CUSTOMIZATION STUFF --------------------------------------------
103
104 /**
105 * Adds a custom attribute to a pre-existing element
106 * @note This is strictly convenience, and does not have a corresponding
107 * method in HTMLPurifier_HTMLModule
108 * @param string $element_name Element name to add attribute to
109 * @param string $attr_name Name of attribute
110 * @param mixed $def Attribute definition, can be string or object, see
111 * HTMLPurifier_AttrTypes for details
112 */
113 public function addAttribute($element_name, $attr_name, $def)
114 {
115 $module = $this->getAnonymousModule();
116 if (!isset($module->info[$element_name])) {
117 $element = $module->addBlankElement($element_name);
118 } else {
119 $element = $module->info[$element_name];
120 }
121 $element->attr[$attr_name] = $def;
122 }
123
124 /**
125 * Adds a custom element to your HTML definition
126 * @see HTMLPurifier_HTMLModule::addElement() for detailed
127 * parameter and return value descriptions.
128 */
129 public function addElement($element_name, $type, $contents, $attr_collections, $attributes = array())
130 {
131 $module = $this->getAnonymousModule();
132 // assume that if the user is calling this, the element
133 // is safe. This may not be a good idea
134 $element = $module->addElement($element_name, $type, $contents, $attr_collections, $attributes);
135 return $element;
136 }
137
138 /**
139 * Adds a blank element to your HTML definition, for overriding
140 * existing behavior
141 * @param string $element_name
142 * @return HTMLPurifier_ElementDef
143 * @see HTMLPurifier_HTMLModule::addBlankElement() for detailed
144 * parameter and return value descriptions.
145 */
146 public function addBlankElement($element_name)
147 {
148 $module = $this->getAnonymousModule();
149 $element = $module->addBlankElement($element_name);
150 return $element;
151 }
152
153 /**
154 * Retrieves a reference to the anonymous module, so you can
155 * bust out advanced features without having to make your own
156 * module.
157 * @return HTMLPurifier_HTMLModule
158 */
159 public function getAnonymousModule()
160 {
161 if (!$this->_anonModule) {
162 $this->_anonModule = new HTMLPurifier_HTMLModule();
163 $this->_anonModule->name = 'Anonymous';
164 }
165 return $this->_anonModule;
166 }
167
168 private $_anonModule = null;
169
170 // PUBLIC BUT INTERNAL VARIABLES --------------------------------------
171
172 /**
173 * @type string
174 */
175 public $type = 'HTML';
176
177 /**
178 * @type HTMLPurifier_HTMLModuleManager
179 */
180 public $manager;
181
182 /**
183 * Performs low-cost, preliminary initialization.
184 */
185 public function __construct()
186 {
187 $this->manager = new HTMLPurifier_HTMLModuleManager();
188 }
189
190 /**
191 * @param HTMLPurifier_Config $config
192 */
193 protected function doSetup($config)
194 {
195 $this->processModules($config);
196 $this->setupConfigStuff($config);
197 unset($this->manager);
198
199 // cleanup some of the element definitions
200 foreach ($this->info as $k => $v) {
201 unset($this->info[$k]->content_model);
202 unset($this->info[$k]->content_model_type);
203 }
204 }
205
206 /**
207 * Extract out the information from the manager
208 * @param HTMLPurifier_Config $config
209 */
210 protected function processModules($config)
211 {
212 if ($this->_anonModule) {
213 // for user specific changes
214 // this is late-loaded so we don't have to deal with PHP4
215 // reference wonky-ness
216 $this->manager->addModule($this->_anonModule);
217 unset($this->_anonModule);
218 }
219
220 $this->manager->setup($config);
221 $this->doctype = $this->manager->doctype;
222
223 foreach ($this->manager->modules as $module) {
224 foreach ($module->info_tag_transform as $k => $v) {
225 if ($v === false) {
226 unset($this->info_tag_transform[$k]);
227 } else {
228 $this->info_tag_transform[$k] = $v;
229 }
230 }
231 foreach ($module->info_attr_transform_pre as $k => $v) {
232 if ($v === false) {
233 unset($this->info_attr_transform_pre[$k]);
234 } else {
235 $this->info_attr_transform_pre[$k] = $v;
236 }
237 }
238 foreach ($module->info_attr_transform_post as $k => $v) {
239 if ($v === false) {
240 unset($this->info_attr_transform_post[$k]);
241 } else {
242 $this->info_attr_transform_post[$k] = $v;
243 }
244 }
245 foreach ($module->info_injector as $k => $v) {
246 if ($v === false) {
247 unset($this->info_injector[$k]);
248 } else {
249 $this->info_injector[$k] = $v;
250 }
251 }
252 }
253 $this->info = $this->manager->getElements();
254 $this->info_content_sets = $this->manager->contentSets->lookup;
255 }
256
257 /**
258 * Sets up stuff based on config. We need a better way of doing this.
259 * @param HTMLPurifier_Config $config
260 */
261 protected function setupConfigStuff($config)
262 {
263 $block_wrapper = $config->get('HTML.BlockWrapper');
264 if (isset($this->info_content_sets['Block'][$block_wrapper])) {
265 $this->info_block_wrapper = $block_wrapper;
266 } else {
267 trigger_error(
268 'Cannot use non-block element as block wrapper',
269 E_USER_ERROR
270 );
271 }
272
273 $parent = $config->get('HTML.Parent');
274 $def = $this->manager->getElement($parent, true);
275 if ($def) {
276 $this->info_parent = $parent;
277 $this->info_parent_def = $def;
278 } else {
279 trigger_error(
280 'Cannot use unrecognized element as parent',
281 E_USER_ERROR
282 );
283 $this->info_parent_def = $this->manager->getElement($this->info_parent, true);
284 }
285
286 // support template text
287 $support = "(for information on implementing this, see the support forums) ";
288
289 // setup allowed elements -----------------------------------------
290
291 $allowed_elements = $config->get('HTML.AllowedElements');
292 $allowed_attributes = $config->get('HTML.AllowedAttributes'); // retrieve early
293
294 if (!is_array($allowed_elements) && !is_array($allowed_attributes)) {
295 $allowed = $config->get('HTML.Allowed');
296 if (is_string($allowed)) {
297 list($allowed_elements, $allowed_attributes) = $this->parseTinyMCEAllowedList($allowed);
298 }
299 }
300
301 if (is_array($allowed_elements)) {
302 foreach ($this->info as $name => $d) {
303 if (!isset($allowed_elements[$name])) {
304 unset($this->info[$name]);
305 }
306 unset($allowed_elements[$name]);
307 }
308 // emit errors
309 foreach ($allowed_elements as $element => $d) {
310 $element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
311 trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
312 }
313 }
314
315 // setup allowed attributes ---------------------------------------
316
317 $allowed_attributes_mutable = $allowed_attributes; // by copy!
318 if (is_array($allowed_attributes)) {
319 // This actually doesn't do anything, since we went away from
320 // global attributes. It's possible that userland code uses
321 // it, but HTMLModuleManager doesn't!
322 foreach ($this->info_global_attr as $attr => $x) {
323 $keys = array($attr, "*@$attr", "*.$attr");
324 $delete = true;
325 foreach ($keys as $key) {
326 if ($delete && isset($allowed_attributes[$key])) {
327 $delete = false;
328 }
329 if (isset($allowed_attributes_mutable[$key])) {
330 unset($allowed_attributes_mutable[$key]);
331 }
332 }
333 if ($delete) {
334 unset($this->info_global_attr[$attr]);
335 }
336 }
337
338 foreach ($this->info as $tag => $info) {
339 foreach ($info->attr as $attr => $x) {
340 $keys = array("$tag@$attr", $attr, "*@$attr", "$tag.$attr", "*.$attr");
341 $delete = true;
342 foreach ($keys as $key) {
343 if ($delete && isset($allowed_attributes[$key])) {
344 $delete = false;
345 }
346 if (isset($allowed_attributes_mutable[$key])) {
347 unset($allowed_attributes_mutable[$key]);
348 }
349 }
350 if ($delete) {
351 if ($this->info[$tag]->attr[$attr]->required) {
352 trigger_error(
353 "Required attribute '$attr' in element '$tag' " .
354 "was not allowed, which means '$tag' will not be allowed either",
355 E_USER_WARNING
356 );
357 }
358 unset($this->info[$tag]->attr[$attr]);
359 }
360 }
361 }
362 // emit errors
363 foreach ($allowed_attributes_mutable as $elattr => $d) {
364 $bits = preg_split('/[.@]/', $elattr, 2);
365 $c = count($bits);
366 switch ($c) {
367 case 2:
368 if ($bits[0] !== '*') {
369 $element = htmlspecialchars($bits[0]);
370 $attribute = htmlspecialchars($bits[1]);
371 if (!isset($this->info[$element])) {
372 trigger_error(
373 "Cannot allow attribute '$attribute' if element " .
374 "'$element' is not allowed/supported $support"
375 );
376 } else {
377 trigger_error(
378 "Attribute '$attribute' in element '$element' not supported $support",
379 E_USER_WARNING
380 );
381 }
382 break;
383 }
384 // otherwise fall through
385 case 1:
386 $attribute = htmlspecialchars($bits[0]);
387 trigger_error(
388 "Global attribute '$attribute' is not ".
389 "supported in any elements $support",
390 E_USER_WARNING
391 );
392 break;
393 }
394 }
395 }
396
397 // setup forbidden elements ---------------------------------------
398
399 $forbidden_elements = $config->get('HTML.ForbiddenElements');
400 $forbidden_attributes = $config->get('HTML.ForbiddenAttributes');
401
402 foreach ($this->info as $tag => $info) {
403 if (isset($forbidden_elements[$tag])) {
404 unset($this->info[$tag]);
405 continue;
406 }
407 foreach ($info->attr as $attr => $x) {
408 if (isset($forbidden_attributes["$tag@$attr"]) ||
409 isset($forbidden_attributes["*@$attr"]) ||
410 isset($forbidden_attributes[$attr])
411 ) {
412 unset($this->info[$tag]->attr[$attr]);
413 continue;
414 } elseif (isset($forbidden_attributes["$tag.$attr"])) { // this segment might get removed eventually
415 // $tag.$attr are not user supplied, so no worries!
416 trigger_error(
417 "Error with $tag.$attr: tag.attr syntax not supported for " .
418 "HTML.ForbiddenAttributes; use tag@attr instead",
419 E_USER_WARNING
420 );
421 }
422 }
423 }
424 foreach ($forbidden_attributes as $key => $v) {
425 if (strlen($key) < 2) {
426 continue;
427 }
428 if ($key[0] != '*') {
429 continue;
430 }
431 if ($key[1] == '.') {
432 trigger_error(
433 "Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead",
434 E_USER_WARNING
435 );
436 }
437 }
438
439 // setup injectors -----------------------------------------------------
440 foreach ($this->info_injector as $i => $injector) {
441 if ($injector->checkNeeded($config) !== false) {
442 // remove injector that does not have it's required
443 // elements/attributes present, and is thus not needed.
444 unset($this->info_injector[$i]);
445 }
446 }
447 }
448
449 /**
450 * Parses a TinyMCE-flavored Allowed Elements and Attributes list into
451 * separate lists for processing. Format is element[attr1|attr2],element2...
452 * @warning Although it's largely drawn from TinyMCE's implementation,
453 * it is different, and you'll probably have to modify your lists
454 * @param array $list String list to parse
455 * @return array
456 * @todo Give this its own class, probably static interface
457 */
458 public function parseTinyMCEAllowedList($list)
459 {
460 $list = str_replace(array(' ', "\t"), '', $list);
461
462 $elements = array();
463 $attributes = array();
464
465 $chunks = preg_split('/(,|[\n\r]+)/', $list);
466 foreach ($chunks as $chunk) {
467 if (empty($chunk)) {
468 continue;
469 }
470 // remove TinyMCE element control characters
471 if (!strpos($chunk, '[')) {
472 $element = $chunk;
473 $attr = false;
474 } else {
475 list($element, $attr) = explode('[', $chunk);
476 }
477 if ($element !== '*') {
478 $elements[$element] = true;
479 }
480 if (!$attr) {
481 continue;
482 }
483 $attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ]
484 $attr = explode('|', $attr);
485 foreach ($attr as $key) {
486 $attributes["$element.$key"] = true;
487 }
488 }
489 return array($elements, $attributes);
490 }
491}
492
493// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule.php
new file mode 100644
index 00000000..9877f9ef
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule.php
@@ -0,0 +1,284 @@
1<?php
2
3/**
4 * Represents an XHTML 1.1 module, with information on elements, tags
5 * and attributes.
6 * @note Even though this is technically XHTML 1.1, it is also used for
7 * regular HTML parsing. We are using modulization as a convenient
8 * way to represent the internals of HTMLDefinition, and our
9 * implementation is by no means conforming and does not directly
10 * use the normative DTDs or XML schemas.
11 * @note The public variables in a module should almost directly
12 * correspond to the variables in HTMLPurifier_HTMLDefinition.
13 * However, the prefix info carries no special meaning in these
14 * objects (include it anyway if that's the correspondence though).
15 * @todo Consider making some member functions protected
16 */
17
18class HTMLPurifier_HTMLModule
19{
20
21 // -- Overloadable ----------------------------------------------------
22
23 /**
24 * Short unique string identifier of the module.
25 * @type string
26 */
27 public $name;
28
29 /**
30 * Informally, a list of elements this module changes.
31 * Not used in any significant way.
32 * @type array
33 */
34 public $elements = array();
35
36 /**
37 * Associative array of element names to element definitions.
38 * Some definitions may be incomplete, to be merged in later
39 * with the full definition.
40 * @type array
41 */
42 public $info = array();
43
44 /**
45 * Associative array of content set names to content set additions.
46 * This is commonly used to, say, add an A element to the Inline
47 * content set. This corresponds to an internal variable $content_sets
48 * and NOT info_content_sets member variable of HTMLDefinition.
49 * @type array
50 */
51 public $content_sets = array();
52
53 /**
54 * Associative array of attribute collection names to attribute
55 * collection additions. More rarely used for adding attributes to
56 * the global collections. Example is the StyleAttribute module adding
57 * the style attribute to the Core. Corresponds to HTMLDefinition's
58 * attr_collections->info, since the object's data is only info,
59 * with extra behavior associated with it.
60 * @type array
61 */
62 public $attr_collections = array();
63
64 /**
65 * Associative array of deprecated tag name to HTMLPurifier_TagTransform.
66 * @type array
67 */
68 public $info_tag_transform = array();
69
70 /**
71 * List of HTMLPurifier_AttrTransform to be performed before validation.
72 * @type array
73 */
74 public $info_attr_transform_pre = array();
75
76 /**
77 * List of HTMLPurifier_AttrTransform to be performed after validation.
78 * @type array
79 */
80 public $info_attr_transform_post = array();
81
82 /**
83 * List of HTMLPurifier_Injector to be performed during well-formedness fixing.
84 * An injector will only be invoked if all of it's pre-requisites are met;
85 * if an injector fails setup, there will be no error; it will simply be
86 * silently disabled.
87 * @type array
88 */
89 public $info_injector = array();
90
91 /**
92 * Boolean flag that indicates whether or not getChildDef is implemented.
93 * For optimization reasons: may save a call to a function. Be sure
94 * to set it if you do implement getChildDef(), otherwise it will have
95 * no effect!
96 * @type bool
97 */
98 public $defines_child_def = false;
99
100 /**
101 * Boolean flag whether or not this module is safe. If it is not safe, all
102 * of its members are unsafe. Modules are safe by default (this might be
103 * slightly dangerous, but it doesn't make much sense to force HTML Purifier,
104 * which is based off of safe HTML, to explicitly say, "This is safe," even
105 * though there are modules which are "unsafe")
106 *
107 * @type bool
108 * @note Previously, safety could be applied at an element level granularity.
109 * We've removed this ability, so in order to add "unsafe" elements
110 * or attributes, a dedicated module with this property set to false
111 * must be used.
112 */
113 public $safe = true;
114
115 /**
116 * Retrieves a proper HTMLPurifier_ChildDef subclass based on
117 * content_model and content_model_type member variables of
118 * the HTMLPurifier_ElementDef class. There is a similar function
119 * in HTMLPurifier_HTMLDefinition.
120 * @param HTMLPurifier_ElementDef $def
121 * @return HTMLPurifier_ChildDef subclass
122 */
123 public function getChildDef($def)
124 {
125 return false;
126 }
127
128 // -- Convenience -----------------------------------------------------
129
130 /**
131 * Convenience function that sets up a new element
132 * @param string $element Name of element to add
133 * @param string|bool $type What content set should element be registered to?
134 * Set as false to skip this step.
135 * @param string $contents Allowed children in form of:
136 * "$content_model_type: $content_model"
137 * @param array $attr_includes What attribute collections to register to
138 * element?
139 * @param array $attr What unique attributes does the element define?
140 * @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters.
141 * @return HTMLPurifier_ElementDef Created element definition object, so you
142 * can set advanced parameters
143 */
144 public function addElement($element, $type, $contents, $attr_includes = array(), $attr = array())
145 {
146 $this->elements[] = $element;
147 // parse content_model
148 list($content_model_type, $content_model) = $this->parseContents($contents);
149 // merge in attribute inclusions
150 $this->mergeInAttrIncludes($attr, $attr_includes);
151 // add element to content sets
152 if ($type) {
153 $this->addElementToContentSet($element, $type);
154 }
155 // create element
156 $this->info[$element] = HTMLPurifier_ElementDef::create(
157 $content_model,
158 $content_model_type,
159 $attr
160 );
161 // literal object $contents means direct child manipulation
162 if (!is_string($contents)) {
163 $this->info[$element]->child = $contents;
164 }
165 return $this->info[$element];
166 }
167
168 /**
169 * Convenience function that creates a totally blank, non-standalone
170 * element.
171 * @param string $element Name of element to create
172 * @return HTMLPurifier_ElementDef Created element
173 */
174 public function addBlankElement($element)
175 {
176 if (!isset($this->info[$element])) {
177 $this->elements[] = $element;
178 $this->info[$element] = new HTMLPurifier_ElementDef();
179 $this->info[$element]->standalone = false;
180 } else {
181 trigger_error("Definition for $element already exists in module, cannot redefine");
182 }
183 return $this->info[$element];
184 }
185
186 /**
187 * Convenience function that registers an element to a content set
188 * @param string $element Element to register
189 * @param string $type Name content set (warning: case sensitive, usually upper-case
190 * first letter)
191 */
192 public function addElementToContentSet($element, $type)
193 {
194 if (!isset($this->content_sets[$type])) {
195 $this->content_sets[$type] = '';
196 } else {
197 $this->content_sets[$type] .= ' | ';
198 }
199 $this->content_sets[$type] .= $element;
200 }
201
202 /**
203 * Convenience function that transforms single-string contents
204 * into separate content model and content model type
205 * @param string $contents Allowed children in form of:
206 * "$content_model_type: $content_model"
207 * @return array
208 * @note If contents is an object, an array of two nulls will be
209 * returned, and the callee needs to take the original $contents
210 * and use it directly.
211 */
212 public function parseContents($contents)
213 {
214 if (!is_string($contents)) {
215 return array(null, null);
216 } // defer
217 switch ($contents) {
218 // check for shorthand content model forms
219 case 'Empty':
220 return array('empty', '');
221 case 'Inline':
222 return array('optional', 'Inline | #PCDATA');
223 case 'Flow':
224 return array('optional', 'Flow | #PCDATA');
225 }
226 list($content_model_type, $content_model) = explode(':', $contents);
227 $content_model_type = strtolower(trim($content_model_type));
228 $content_model = trim($content_model);
229 return array($content_model_type, $content_model);
230 }
231
232 /**
233 * Convenience function that merges a list of attribute includes into
234 * an attribute array.
235 * @param array $attr Reference to attr array to modify
236 * @param array $attr_includes Array of includes / string include to merge in
237 */
238 public function mergeInAttrIncludes(&$attr, $attr_includes)
239 {
240 if (!is_array($attr_includes)) {
241 if (empty($attr_includes)) {
242 $attr_includes = array();
243 } else {
244 $attr_includes = array($attr_includes);
245 }
246 }
247 $attr[0] = $attr_includes;
248 }
249
250 /**
251 * Convenience function that generates a lookup table with boolean
252 * true as value.
253 * @param string $list List of values to turn into a lookup
254 * @note You can also pass an arbitrary number of arguments in
255 * place of the regular argument
256 * @return array array equivalent of list
257 */
258 public function makeLookup($list)
259 {
260 if (is_string($list)) {
261 $list = func_get_args();
262 }
263 $ret = array();
264 foreach ($list as $value) {
265 if (is_null($value)) {
266 continue;
267 }
268 $ret[$value] = true;
269 }
270 return $ret;
271 }
272
273 /**
274 * Lazy load construction of the module after determining whether
275 * or not it's needed, and also when a finalized configuration object
276 * is available.
277 * @param HTMLPurifier_Config $config
278 */
279 public function setup($config)
280 {
281 }
282}
283
284// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php
new file mode 100644
index 00000000..191a78d1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php
@@ -0,0 +1,44 @@
1<?php
2
3/**
4 * XHTML 1.1 Bi-directional Text Module, defines elements that
5 * declare directionality of content. Text Extension Module.
6 */
7class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule
8{
9
10 /**
11 * @type string
12 */
13 public $name = 'Bdo';
14
15 /**
16 * @type array
17 */
18 public $attr_collections = array(
19 'I18N' => array('dir' => false)
20 );
21
22 /**
23 * @param HTMLPurifier_Config $config
24 */
25 public function setup($config)
26 {
27 $bdo = $this->addElement(
28 'bdo',
29 'Inline',
30 'Inline',
31 array('Core', 'Lang'),
32 array(
33 'dir' => 'Enum#ltr,rtl', // required
34 // The Abstract Module specification has the attribute
35 // inclusions wrong for bdo: bdo allows Lang
36 )
37 );
38 $bdo->attr_transform_post[] = new HTMLPurifier_AttrTransform_BdoDir();
39
40 $this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl';
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php
new file mode 100644
index 00000000..e2fe53fc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php
@@ -0,0 +1,31 @@
1<?php
2
3class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
4{
5 /**
6 * @type string
7 */
8 public $name = 'CommonAttributes';
9
10 /**
11 * @type array
12 */
13 public $attr_collections = array(
14 'Core' => array(
15 0 => array('Style'),
16 // 'xml:space' => false,
17 'class' => 'Class',
18 'id' => 'ID',
19 'title' => 'CDATA',
20 ),
21 'Lang' => array(),
22 'I18N' => array(
23 0 => array('Lang'), // proprietary, for xml:lang/lang
24 ),
25 'Common' => array(
26 0 => array('Core', 'I18N')
27 )
28 );
29}
30
31// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php
new file mode 100644
index 00000000..b8288368
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php
@@ -0,0 +1,55 @@
1<?php
2
3/**
4 * XHTML 1.1 Edit Module, defines editing-related elements. Text Extension
5 * Module.
6 */
7class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
8{
9
10 /**
11 * @type string
12 */
13 public $name = 'Edit';
14
15 /**
16 * @param HTMLPurifier_Config $config
17 */
18 public function setup($config)
19 {
20 $contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow';
21 $attr = array(
22 'cite' => 'URI',
23 // 'datetime' => 'Datetime', // not implemented
24 );
25 $this->addElement('del', 'Inline', $contents, 'Common', $attr);
26 $this->addElement('ins', 'Inline', $contents, 'Common', $attr);
27 }
28
29 // HTML 4.01 specifies that ins/del must not contain block
30 // elements when used in an inline context, chameleon is
31 // a complicated workaround to acheive this effect
32
33 // Inline context ! Block context (exclamation mark is
34 // separator, see getChildDef for parsing)
35
36 /**
37 * @type bool
38 */
39 public $defines_child_def = true;
40
41 /**
42 * @param HTMLPurifier_ElementDef $def
43 * @return HTMLPurifier_ChildDef_Chameleon
44 */
45 public function getChildDef($def)
46 {
47 if ($def->content_model_type != 'chameleon') {
48 return false;
49 }
50 $value = explode('!', $def->content_model);
51 return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);
52 }
53}
54
55// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php
new file mode 100644
index 00000000..13ce6ad5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php
@@ -0,0 +1,190 @@
1<?php
2
3/**
4 * XHTML 1.1 Forms module, defines all form-related elements found in HTML 4.
5 */
6class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
7{
8 /**
9 * @type string
10 */
11 public $name = 'Forms';
12
13 /**
14 * @type bool
15 */
16 public $safe = false;
17
18 /**
19 * @type array
20 */
21 public $content_sets = array(
22 'Block' => 'Form',
23 'Inline' => 'Formctrl',
24 );
25
26 /**
27 * @param HTMLPurifier_Config $config
28 */
29 public function setup($config)
30 {
31 $form = $this->addElement(
32 'form',
33 'Form',
34 'Required: Heading | List | Block | fieldset',
35 'Common',
36 array(
37 'accept' => 'ContentTypes',
38 'accept-charset' => 'Charsets',
39 'action*' => 'URI',
40 'method' => 'Enum#get,post',
41 // really ContentType, but these two are the only ones used today
42 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
43 )
44 );
45 $form->excludes = array('form' => true);
46
47 $input = $this->addElement(
48 'input',
49 'Formctrl',
50 'Empty',
51 'Common',
52 array(
53 'accept' => 'ContentTypes',
54 'accesskey' => 'Character',
55 'alt' => 'Text',
56 'checked' => 'Bool#checked',
57 'disabled' => 'Bool#disabled',
58 'maxlength' => 'Number',
59 'name' => 'CDATA',
60 'readonly' => 'Bool#readonly',
61 'size' => 'Number',
62 'src' => 'URI#embedded',
63 'tabindex' => 'Number',
64 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
65 'value' => 'CDATA',
66 )
67 );
68 $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();
69
70 $this->addElement(
71 'select',
72 'Formctrl',
73 'Required: optgroup | option',
74 'Common',
75 array(
76 'disabled' => 'Bool#disabled',
77 'multiple' => 'Bool#multiple',
78 'name' => 'CDATA',
79 'size' => 'Number',
80 'tabindex' => 'Number',
81 )
82 );
83
84 $this->addElement(
85 'option',
86 false,
87 'Optional: #PCDATA',
88 'Common',
89 array(
90 'disabled' => 'Bool#disabled',
91 'label' => 'Text',
92 'selected' => 'Bool#selected',
93 'value' => 'CDATA',
94 )
95 );
96 // It's illegal for there to be more than one selected, but not
97 // be multiple. Also, no selected means undefined behavior. This might
98 // be difficult to implement; perhaps an injector, or a context variable.
99
100 $textarea = $this->addElement(
101 'textarea',
102 'Formctrl',
103 'Optional: #PCDATA',
104 'Common',
105 array(
106 'accesskey' => 'Character',
107 'cols*' => 'Number',
108 'disabled' => 'Bool#disabled',
109 'name' => 'CDATA',
110 'readonly' => 'Bool#readonly',
111 'rows*' => 'Number',
112 'tabindex' => 'Number',
113 )
114 );
115 $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();
116
117 $button = $this->addElement(
118 'button',
119 'Formctrl',
120 'Optional: #PCDATA | Heading | List | Block | Inline',
121 'Common',
122 array(
123 'accesskey' => 'Character',
124 'disabled' => 'Bool#disabled',
125 'name' => 'CDATA',
126 'tabindex' => 'Number',
127 'type' => 'Enum#button,submit,reset',
128 'value' => 'CDATA',
129 )
130 );
131
132 // For exclusions, ideally we'd specify content sets, not literal elements
133 $button->excludes = $this->makeLookup(
134 'form',
135 'fieldset', // Form
136 'input',
137 'select',
138 'textarea',
139 'label',
140 'button', // Formctrl
141 'a', // as per HTML 4.01 spec, this is omitted by modularization
142 'isindex',
143 'iframe' // legacy items
144 );
145
146 // Extra exclusion: img usemap="" is not permitted within this element.
147 // We'll omit this for now, since we don't have any good way of
148 // indicating it yet.
149
150 // This is HIGHLY user-unfriendly; we need a custom child-def for this
151 $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
152
153 $label = $this->addElement(
154 'label',
155 'Formctrl',
156 'Optional: #PCDATA | Inline',
157 'Common',
158 array(
159 'accesskey' => 'Character',
160 // 'for' => 'IDREF', // IDREF not implemented, cannot allow
161 )
162 );
163 $label->excludes = array('label' => true);
164
165 $this->addElement(
166 'legend',
167 false,
168 'Optional: #PCDATA | Inline',
169 'Common',
170 array(
171 'accesskey' => 'Character',
172 )
173 );
174
175 $this->addElement(
176 'optgroup',
177 false,
178 'Required: option',
179 'Common',
180 array(
181 'disabled' => 'Bool#disabled',
182 'label*' => 'Text',
183 )
184 );
185 // Don't forget an injector for <isindex>. This one's a little complex
186 // because it maps to multiple elements.
187 }
188}
189
190// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php
new file mode 100644
index 00000000..968c07e9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php
@@ -0,0 +1,40 @@
1<?php
2
3/**
4 * XHTML 1.1 Hypertext Module, defines hypertext links. Core Module.
5 */
6class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule
7{
8
9 /**
10 * @type string
11 */
12 public $name = 'Hypertext';
13
14 /**
15 * @param HTMLPurifier_Config $config
16 */
17 public function setup($config)
18 {
19 $a = $this->addElement(
20 'a',
21 'Inline',
22 'Inline',
23 'Common',
24 array(
25 // 'accesskey' => 'Character',
26 // 'charset' => 'Charset',
27 'href' => 'URI',
28 // 'hreflang' => 'LanguageCode',
29 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'),
30 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'),
31 // 'tabindex' => 'Number',
32 // 'type' => 'ContentType',
33 )
34 );
35 $a->formatting = true;
36 $a->excludes = array('a' => true);
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
new file mode 100644
index 00000000..2c9bdc58
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
@@ -0,0 +1,51 @@
1<?php
2
3/**
4 * XHTML 1.1 Iframe Module provides inline frames.
5 *
6 * @note This module is not considered safe unless an Iframe
7 * whitelisting mechanism is specified. Currently, the only
8 * such mechanism is %URL.SafeIframeRegexp
9 */
10class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule
11{
12
13 /**
14 * @type string
15 */
16 public $name = 'Iframe';
17
18 /**
19 * @type bool
20 */
21 public $safe = false;
22
23 /**
24 * @param HTMLPurifier_Config $config
25 */
26 public function setup($config)
27 {
28 if ($config->get('HTML.SafeIframe')) {
29 $this->safe = true;
30 }
31 $this->addElement(
32 'iframe',
33 'Inline',
34 'Flow',
35 'Common',
36 array(
37 'src' => 'URI#embedded',
38 'width' => 'Length',
39 'height' => 'Length',
40 'name' => 'ID',
41 'scrolling' => 'Enum#yes,no,auto',
42 'frameborder' => 'Enum#0,1',
43 'longdesc' => 'URI',
44 'marginheight' => 'Pixels',
45 'marginwidth' => 'Pixels',
46 )
47 );
48 }
49}
50
51// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Image.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Image.php
new file mode 100644
index 00000000..0ed7411e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Image.php
@@ -0,0 +1,49 @@
1<?php
2
3/**
4 * XHTML 1.1 Image Module provides basic image embedding.
5 * @note There is specialized code for removing empty images in
6 * HTMLPurifier_Strategy_RemoveForeignElements
7 */
8class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
9{
10
11 /**
12 * @type string
13 */
14 public $name = 'Image';
15
16 /**
17 * @param HTMLPurifier_Config $config
18 */
19 public function setup($config)
20 {
21 $max = $config->get('HTML.MaxImgLength');
22 $img = $this->addElement(
23 'img',
24 'Inline',
25 'Empty',
26 'Common',
27 array(
28 'alt*' => 'Text',
29 // According to the spec, it's Length, but percents can
30 // be abused, so we allow only Pixels.
31 'height' => 'Pixels#' . $max,
32 'width' => 'Pixels#' . $max,
33 'longdesc' => 'URI',
34 'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
35 )
36 );
37 if ($max === null || $config->get('HTML.Trusted')) {
38 $img->attr['height'] =
39 $img->attr['width'] = 'Length';
40 }
41
42 // kind of strange, but splitting things up would be inefficient
43 $img->attr_transform_pre[] =
44 $img->attr_transform_post[] =
45 new HTMLPurifier_AttrTransform_ImgRequired();
46 }
47}
48
49// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php
new file mode 100644
index 00000000..9ca1cb37
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php
@@ -0,0 +1,186 @@
1<?php
2
3/**
4 * XHTML 1.1 Legacy module defines elements that were previously
5 * deprecated.
6 *
7 * @note Not all legacy elements have been implemented yet, which
8 * is a bit of a reverse problem as compared to browsers! In
9 * addition, this legacy module may implement a bit more than
10 * mandated by XHTML 1.1.
11 *
12 * This module can be used in combination with TransformToStrict in order
13 * to transform as many deprecated elements as possible, but retain
14 * questionably deprecated elements that do not have good alternatives
15 * as well as transform elements that don't have an implementation.
16 * See docs/ref-strictness.txt for more details.
17 */
18
19class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
20{
21 /**
22 * @type string
23 */
24 public $name = 'Legacy';
25
26 /**
27 * @param HTMLPurifier_Config $config
28 */
29 public function setup($config)
30 {
31 $this->addElement(
32 'basefont',
33 'Inline',
34 'Empty',
35 null,
36 array(
37 'color' => 'Color',
38 'face' => 'Text', // extremely broad, we should
39 'size' => 'Text', // tighten it
40 'id' => 'ID'
41 )
42 );
43 $this->addElement('center', 'Block', 'Flow', 'Common');
44 $this->addElement(
45 'dir',
46 'Block',
47 'Required: li',
48 'Common',
49 array(
50 'compact' => 'Bool#compact'
51 )
52 );
53 $this->addElement(
54 'font',
55 'Inline',
56 'Inline',
57 array('Core', 'I18N'),
58 array(
59 'color' => 'Color',
60 'face' => 'Text', // extremely broad, we should
61 'size' => 'Text', // tighten it
62 )
63 );
64 $this->addElement(
65 'menu',
66 'Block',
67 'Required: li',
68 'Common',
69 array(
70 'compact' => 'Bool#compact'
71 )
72 );
73
74 $s = $this->addElement('s', 'Inline', 'Inline', 'Common');
75 $s->formatting = true;
76
77 $strike = $this->addElement('strike', 'Inline', 'Inline', 'Common');
78 $strike->formatting = true;
79
80 $u = $this->addElement('u', 'Inline', 'Inline', 'Common');
81 $u->formatting = true;
82
83 // setup modifications to old elements
84
85 $align = 'Enum#left,right,center,justify';
86
87 $address = $this->addBlankElement('address');
88 $address->content_model = 'Inline | #PCDATA | p';
89 $address->content_model_type = 'optional';
90 $address->child = false;
91
92 $blockquote = $this->addBlankElement('blockquote');
93 $blockquote->content_model = 'Flow | #PCDATA';
94 $blockquote->content_model_type = 'optional';
95 $blockquote->child = false;
96
97 $br = $this->addBlankElement('br');
98 $br->attr['clear'] = 'Enum#left,all,right,none';
99
100 $caption = $this->addBlankElement('caption');
101 $caption->attr['align'] = 'Enum#top,bottom,left,right';
102
103 $div = $this->addBlankElement('div');
104 $div->attr['align'] = $align;
105
106 $dl = $this->addBlankElement('dl');
107 $dl->attr['compact'] = 'Bool#compact';
108
109 for ($i = 1; $i <= 6; $i++) {
110 $h = $this->addBlankElement("h$i");
111 $h->attr['align'] = $align;
112 }
113
114 $hr = $this->addBlankElement('hr');
115 $hr->attr['align'] = $align;
116 $hr->attr['noshade'] = 'Bool#noshade';
117 $hr->attr['size'] = 'Pixels';
118 $hr->attr['width'] = 'Length';
119
120 $img = $this->addBlankElement('img');
121 $img->attr['align'] = 'IAlign';
122 $img->attr['border'] = 'Pixels';
123 $img->attr['hspace'] = 'Pixels';
124 $img->attr['vspace'] = 'Pixels';
125
126 // figure out this integer business
127
128 $li = $this->addBlankElement('li');
129 $li->attr['value'] = new HTMLPurifier_AttrDef_Integer();
130 $li->attr['type'] = 'Enum#s:1,i,I,a,A,disc,square,circle';
131
132 $ol = $this->addBlankElement('ol');
133 $ol->attr['compact'] = 'Bool#compact';
134 $ol->attr['start'] = new HTMLPurifier_AttrDef_Integer();
135 $ol->attr['type'] = 'Enum#s:1,i,I,a,A';
136
137 $p = $this->addBlankElement('p');
138 $p->attr['align'] = $align;
139
140 $pre = $this->addBlankElement('pre');
141 $pre->attr['width'] = 'Number';
142
143 // script omitted
144
145 $table = $this->addBlankElement('table');
146 $table->attr['align'] = 'Enum#left,center,right';
147 $table->attr['bgcolor'] = 'Color';
148
149 $tr = $this->addBlankElement('tr');
150 $tr->attr['bgcolor'] = 'Color';
151
152 $th = $this->addBlankElement('th');
153 $th->attr['bgcolor'] = 'Color';
154 $th->attr['height'] = 'Length';
155 $th->attr['nowrap'] = 'Bool#nowrap';
156 $th->attr['width'] = 'Length';
157
158 $td = $this->addBlankElement('td');
159 $td->attr['bgcolor'] = 'Color';
160 $td->attr['height'] = 'Length';
161 $td->attr['nowrap'] = 'Bool#nowrap';
162 $td->attr['width'] = 'Length';
163
164 $ul = $this->addBlankElement('ul');
165 $ul->attr['compact'] = 'Bool#compact';
166 $ul->attr['type'] = 'Enum#square,disc,circle';
167
168 // "safe" modifications to "unsafe" elements
169 // WARNING: If you want to add support for an unsafe, legacy
170 // attribute, make a new TrustedLegacy module with the trusted
171 // bit set appropriately
172
173 $form = $this->addBlankElement('form');
174 $form->content_model = 'Flow | #PCDATA';
175 $form->content_model_type = 'optional';
176 $form->attr['target'] = 'FrameTarget';
177
178 $input = $this->addBlankElement('input');
179 $input->attr['align'] = 'IAlign';
180
181 $legend = $this->addBlankElement('legend');
182 $legend->attr['align'] = 'LAlign';
183 }
184}
185
186// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/List.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/List.php
new file mode 100644
index 00000000..605e37c9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/List.php
@@ -0,0 +1,51 @@
1<?php
2
3/**
4 * XHTML 1.1 List Module, defines list-oriented elements. Core Module.
5 */
6class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
7{
8 /**
9 * @type string
10 */
11 public $name = 'List';
12
13 // According to the abstract schema, the List content set is a fully formed
14 // one or more expr, but it invariably occurs in an optional declaration
15 // so we're not going to do that subtlety. It might cause trouble
16 // if a user defines "List" and expects that multiple lists are
17 // allowed to be specified, but then again, that's not very intuitive.
18 // Furthermore, the actual XML Schema may disagree. Regardless,
19 // we don't have support for such nested expressions without using
20 // the incredibly inefficient and draconic Custom ChildDef.
21
22 /**
23 * @type array
24 */
25 public $content_sets = array('Flow' => 'List');
26
27 /**
28 * @param HTMLPurifier_Config $config
29 */
30 public function setup($config)
31 {
32 $ol = $this->addElement('ol', 'List', new HTMLPurifier_ChildDef_List(), 'Common');
33 $ul = $this->addElement('ul', 'List', new HTMLPurifier_ChildDef_List(), 'Common');
34 // XXX The wrap attribute is handled by MakeWellFormed. This is all
35 // quite unsatisfactory, because we generated this
36 // *specifically* for lists, and now a big chunk of the handling
37 // is done properly by the List ChildDef. So actually, we just
38 // want enough information to make autoclosing work properly,
39 // and then hand off the tricky stuff to the ChildDef.
40 $ol->wrap = 'li';
41 $ul->wrap = 'li';
42 $this->addElement('dl', 'List', 'Required: dt | dd', 'Common');
43
44 $this->addElement('li', false, 'Flow', 'Common');
45
46 $this->addElement('dd', false, 'Flow', 'Common');
47 $this->addElement('dt', false, 'Inline', 'Common');
48 }
49}
50
51// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Name.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Name.php
new file mode 100644
index 00000000..315e22a8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Name.php
@@ -0,0 +1,26 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
4{
5 /**
6 * @type string
7 */
8 public $name = 'Name';
9
10 /**
11 * @param HTMLPurifier_Config $config
12 */
13 public function setup($config)
14 {
15 $elements = array('a', 'applet', 'form', 'frame', 'iframe', 'img', 'map');
16 foreach ($elements as $name) {
17 $element = $this->addBlankElement($name);
18 $element->attr['name'] = 'CDATA';
19 if (!$config->get('HTML.Attr.Name.UseCDATA')) {
20 $element->attr_transform_post[] = new HTMLPurifier_AttrTransform_NameSync();
21 }
22 }
23 }
24}
25
26// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php
new file mode 100644
index 00000000..c145e8e9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php
@@ -0,0 +1,25 @@
1<?php
2
3/**
4 * Module adds the nofollow attribute transformation to a tags. It
5 * is enabled by HTML.Nofollow
6 */
7class HTMLPurifier_HTMLModule_Nofollow extends HTMLPurifier_HTMLModule
8{
9
10 /**
11 * @type string
12 */
13 public $name = 'Nofollow';
14
15 /**
16 * @param HTMLPurifier_Config $config
17 */
18 public function setup($config)
19 {
20 $a = $this->addBlankElement('a');
21 $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Nofollow();
22 }
23}
24
25// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
new file mode 100644
index 00000000..7d66e114
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
@@ -0,0 +1,20 @@
1<?php
2
3class HTMLPurifier_HTMLModule_NonXMLCommonAttributes extends HTMLPurifier_HTMLModule
4{
5 /**
6 * @type string
7 */
8 public $name = 'NonXMLCommonAttributes';
9
10 /**
11 * @type array
12 */
13 public $attr_collections = array(
14 'Lang' => array(
15 'lang' => 'LanguageCode',
16 )
17 );
18}
19
20// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Object.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Object.php
new file mode 100644
index 00000000..d388b24c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Object.php
@@ -0,0 +1,62 @@
1<?php
2
3/**
4 * XHTML 1.1 Object Module, defines elements for generic object inclusion
5 * @warning Users will commonly use <embed> to cater to legacy browsers: this
6 * module does not allow this sort of behavior
7 */
8class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
9{
10 /**
11 * @type string
12 */
13 public $name = 'Object';
14
15 /**
16 * @type bool
17 */
18 public $safe = false;
19
20 /**
21 * @param HTMLPurifier_Config $config
22 */
23 public function setup($config)
24 {
25 $this->addElement(
26 'object',
27 'Inline',
28 'Optional: #PCDATA | Flow | param',
29 'Common',
30 array(
31 'archive' => 'URI',
32 'classid' => 'URI',
33 'codebase' => 'URI',
34 'codetype' => 'Text',
35 'data' => 'URI',
36 'declare' => 'Bool#declare',
37 'height' => 'Length',
38 'name' => 'CDATA',
39 'standby' => 'Text',
40 'tabindex' => 'Number',
41 'type' => 'ContentType',
42 'width' => 'Length'
43 )
44 );
45
46 $this->addElement(
47 'param',
48 false,
49 'Empty',
50 null,
51 array(
52 'id' => 'ID',
53 'name*' => 'Text',
54 'type' => 'Text',
55 'value' => 'Text',
56 'valuetype' => 'Enum#data,ref,object'
57 )
58 );
59 }
60}
61
62// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php
new file mode 100644
index 00000000..831db4cf
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php
@@ -0,0 +1,42 @@
1<?php
2
3/**
4 * XHTML 1.1 Presentation Module, defines simple presentation-related
5 * markup. Text Extension Module.
6 * @note The official XML Schema and DTD specs further divide this into
7 * two modules:
8 * - Block Presentation (hr)
9 * - Inline Presentation (b, big, i, small, sub, sup, tt)
10 * We have chosen not to heed this distinction, as content_sets
11 * provides satisfactory disambiguation.
12 */
13class HTMLPurifier_HTMLModule_Presentation extends HTMLPurifier_HTMLModule
14{
15
16 /**
17 * @type string
18 */
19 public $name = 'Presentation';
20
21 /**
22 * @param HTMLPurifier_Config $config
23 */
24 public function setup($config)
25 {
26 $this->addElement('hr', 'Block', 'Empty', 'Common');
27 $this->addElement('sub', 'Inline', 'Inline', 'Common');
28 $this->addElement('sup', 'Inline', 'Inline', 'Common');
29 $b = $this->addElement('b', 'Inline', 'Inline', 'Common');
30 $b->formatting = true;
31 $big = $this->addElement('big', 'Inline', 'Inline', 'Common');
32 $big->formatting = true;
33 $i = $this->addElement('i', 'Inline', 'Inline', 'Common');
34 $i->formatting = true;
35 $small = $this->addElement('small', 'Inline', 'Inline', 'Common');
36 $small->formatting = true;
37 $tt = $this->addElement('tt', 'Inline', 'Inline', 'Common');
38 $tt->formatting = true;
39 }
40}
41
42// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php
new file mode 100644
index 00000000..4593fc40
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php
@@ -0,0 +1,40 @@
1<?php
2
3/**
4 * Module defines proprietary tags and attributes in HTML.
5 * @warning If this module is enabled, standards-compliance is off!
6 */
7class HTMLPurifier_HTMLModule_Proprietary extends HTMLPurifier_HTMLModule
8{
9 /**
10 * @type string
11 */
12 public $name = 'Proprietary';
13
14 /**
15 * @param HTMLPurifier_Config $config
16 */
17 public function setup($config)
18 {
19 $this->addElement(
20 'marquee',
21 'Inline',
22 'Flow',
23 'Common',
24 array(
25 'direction' => 'Enum#left,right,up,down',
26 'behavior' => 'Enum#alternate',
27 'width' => 'Length',
28 'height' => 'Length',
29 'scrolldelay' => 'Number',
30 'scrollamount' => 'Number',
31 'loop' => 'Number',
32 'bgcolor' => 'Color',
33 'hspace' => 'Pixels',
34 'vspace' => 'Pixels',
35 )
36 );
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php
new file mode 100644
index 00000000..9a261729
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php
@@ -0,0 +1,36 @@
1<?php
2
3/**
4 * XHTML 1.1 Ruby Annotation Module, defines elements that indicate
5 * short runs of text alongside base text for annotation or pronounciation.
6 */
7class HTMLPurifier_HTMLModule_Ruby extends HTMLPurifier_HTMLModule
8{
9
10 /**
11 * @type string
12 */
13 public $name = 'Ruby';
14
15 /**
16 * @param HTMLPurifier_Config $config
17 */
18 public function setup($config)
19 {
20 $this->addElement(
21 'ruby',
22 'Inline',
23 'Custom: ((rb, (rt | (rp, rt, rp))) | (rbc, rtc, rtc?))',
24 'Common'
25 );
26 $this->addElement('rbc', false, 'Required: rb', 'Common');
27 $this->addElement('rtc', false, 'Required: rt', 'Common');
28 $rb = $this->addElement('rb', false, 'Inline', 'Common');
29 $rb->excludes = array('ruby' => true);
30 $rt = $this->addElement('rt', false, 'Inline', 'Common', array('rbspan' => 'Number'));
31 $rt->excludes = array('ruby' => true);
32 $this->addElement('rp', false, 'Optional: #PCDATA', 'Common');
33 }
34}
35
36// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php
new file mode 100644
index 00000000..11572887
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php
@@ -0,0 +1,40 @@
1<?php
2
3/**
4 * A "safe" embed module. See SafeObject. This is a proprietary element.
5 */
6class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
7{
8 /**
9 * @type string
10 */
11 public $name = 'SafeEmbed';
12
13 /**
14 * @param HTMLPurifier_Config $config
15 */
16 public function setup($config)
17 {
18 $max = $config->get('HTML.MaxImgLength');
19 $embed = $this->addElement(
20 'embed',
21 'Inline',
22 'Empty',
23 'Common',
24 array(
25 'src*' => 'URI#embedded',
26 'type' => 'Enum#application/x-shockwave-flash',
27 'width' => 'Pixels#' . $max,
28 'height' => 'Pixels#' . $max,
29 'allowscriptaccess' => 'Enum#never',
30 'allownetworking' => 'Enum#internal',
31 'flashvars' => 'Text',
32 'wmode' => 'Enum#window,transparent,opaque',
33 'name' => 'ID',
34 )
35 );
36 $embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeEmbed();
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php
new file mode 100644
index 00000000..a061cec1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php
@@ -0,0 +1,62 @@
1<?php
2
3/**
4 * A "safe" object module. In theory, objects permitted by this module will
5 * be safe, and untrusted users can be allowed to embed arbitrary flash objects
6 * (maybe other types too, but only Flash is supported as of right now).
7 * Highly experimental.
8 */
9class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
10{
11 /**
12 * @type string
13 */
14 public $name = 'SafeObject';
15
16 /**
17 * @param HTMLPurifier_Config $config
18 */
19 public function setup($config)
20 {
21 // These definitions are not intrinsically safe: the attribute transforms
22 // are a vital part of ensuring safety.
23
24 $max = $config->get('HTML.MaxImgLength');
25 $object = $this->addElement(
26 'object',
27 'Inline',
28 'Optional: param | Flow | #PCDATA',
29 'Common',
30 array(
31 // While technically not required by the spec, we're forcing
32 // it to this value.
33 'type' => 'Enum#application/x-shockwave-flash',
34 'width' => 'Pixels#' . $max,
35 'height' => 'Pixels#' . $max,
36 'data' => 'URI#embedded',
37 'codebase' => new HTMLPurifier_AttrDef_Enum(
38 array(
39 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
40 )
41 ),
42 )
43 );
44 $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
45
46 $param = $this->addElement(
47 'param',
48 false,
49 'Empty',
50 false,
51 array(
52 'id' => 'ID',
53 'name*' => 'Text',
54 'value' => 'Text'
55 )
56 );
57 $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
58 $this->info_injector[] = 'SafeObject';
59 }
60}
61
62// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
new file mode 100644
index 00000000..6e9113cb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
1<?php
2
3/**
4 * A "safe" script module. No inline JS is allowed, and pointed to JS
5 * files must match whitelist.
6 */
7class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
8{
9 /**
10 * @type string
11 */
12 public $name = 'SafeScripting';
13
14 /**
15 * @param HTMLPurifier_Config $config
16 */
17 public function setup($config)
18 {
19 // These definitions are not intrinsically safe: the attribute transforms
20 // are a vital part of ensuring safety.
21
22 $allowed = $config->get('HTML.SafeScripting');
23 $script = $this->addElement(
24 'script',
25 'Inline',
26 'Empty',
27 null,
28 array(
29 // While technically not required by the spec, we're forcing
30 // it to this value.
31 'type' => 'Enum#text/javascript',
32 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
33 )
34 );
35 $script->attr_transform_pre[] =
36 $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php
new file mode 100644
index 00000000..18785372
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php
@@ -0,0 +1,73 @@
1<?php
2
3/*
4
5WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
6INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
7
8*/
9
10/**
11 * XHTML 1.1 Scripting module, defines elements that are used to contain
12 * information pertaining to executable scripts or the lack of support
13 * for executable scripts.
14 * @note This module does not contain inline scripting elements
15 */
16class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
17{
18 /**
19 * @type string
20 */
21 public $name = 'Scripting';
22
23 /**
24 * @type array
25 */
26 public $elements = array('script', 'noscript');
27
28 /**
29 * @type array
30 */
31 public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
32
33 /**
34 * @type bool
35 */
36 public $safe = false;
37
38 /**
39 * @param HTMLPurifier_Config $config
40 */
41 public function setup($config)
42 {
43 // TODO: create custom child-definition for noscript that
44 // auto-wraps stray #PCDATA in a similar manner to
45 // blockquote's custom definition (we would use it but
46 // blockquote's contents are optional while noscript's contents
47 // are required)
48
49 // TODO: convert this to new syntax, main problem is getting
50 // both content sets working
51
52 // In theory, this could be safe, but I don't see any reason to
53 // allow it.
54 $this->info['noscript'] = new HTMLPurifier_ElementDef();
55 $this->info['noscript']->attr = array(0 => array('Common'));
56 $this->info['noscript']->content_model = 'Heading | List | Block';
57 $this->info['noscript']->content_model_type = 'required';
58
59 $this->info['script'] = new HTMLPurifier_ElementDef();
60 $this->info['script']->attr = array(
61 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
62 'src' => new HTMLPurifier_AttrDef_URI(true),
63 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
64 );
65 $this->info['script']->content_model = '#PCDATA';
66 $this->info['script']->content_model_type = 'optional';
67 $this->info['script']->attr_transform_pre[] =
68 $this->info['script']->attr_transform_post[] =
69 new HTMLPurifier_AttrTransform_ScriptRequired();
70 }
71}
72
73// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php
new file mode 100644
index 00000000..f192780a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php
@@ -0,0 +1,33 @@
1<?php
2
3/**
4 * XHTML 1.1 Edit Module, defines editing-related elements. Text Extension
5 * Module.
6 */
7class HTMLPurifier_HTMLModule_StyleAttribute extends HTMLPurifier_HTMLModule
8{
9 /**
10 * @type string
11 */
12 public $name = 'StyleAttribute';
13
14 /**
15 * @type array
16 */
17 public $attr_collections = array(
18 // The inclusion routine differs from the Abstract Modules but
19 // is in line with the DTD and XML Schemas.
20 'Style' => array('style' => false), // see constructor
21 'Core' => array(0 => array('Style'))
22 );
23
24 /**
25 * @param HTMLPurifier_Config $config
26 */
27 public function setup($config)
28 {
29 $this->attr_collections['Style']['style'] = new HTMLPurifier_AttrDef_CSS();
30 }
31}
32
33// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php
new file mode 100644
index 00000000..f993e3ca
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php
@@ -0,0 +1,75 @@
1<?php
2
3/**
4 * XHTML 1.1 Tables Module, fully defines accessible table elements.
5 */
6class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
7{
8 /**
9 * @type string
10 */
11 public $name = 'Tables';
12
13 /**
14 * @param HTMLPurifier_Config $config
15 */
16 public function setup($config)
17 {
18 $this->addElement('caption', false, 'Inline', 'Common');
19
20 $this->addElement(
21 'table',
22 'Block',
23 new HTMLPurifier_ChildDef_Table(),
24 'Common',
25 array(
26 'border' => 'Pixels',
27 'cellpadding' => 'Length',
28 'cellspacing' => 'Length',
29 'frame' => 'Enum#void,above,below,hsides,lhs,rhs,vsides,box,border',
30 'rules' => 'Enum#none,groups,rows,cols,all',
31 'summary' => 'Text',
32 'width' => 'Length'
33 )
34 );
35
36 // common attributes
37 $cell_align = array(
38 'align' => 'Enum#left,center,right,justify,char',
39 'charoff' => 'Length',
40 'valign' => 'Enum#top,middle,bottom,baseline',
41 );
42
43 $cell_t = array_merge(
44 array(
45 'abbr' => 'Text',
46 'colspan' => 'Number',
47 'rowspan' => 'Number',
48 // Apparently, as of HTML5 this attribute only applies
49 // to 'th' elements.
50 'scope' => 'Enum#row,col,rowgroup,colgroup',
51 ),
52 $cell_align
53 );
54 $this->addElement('td', false, 'Flow', 'Common', $cell_t);
55 $this->addElement('th', false, 'Flow', 'Common', $cell_t);
56
57 $this->addElement('tr', false, 'Required: td | th', 'Common', $cell_align);
58
59 $cell_col = array_merge(
60 array(
61 'span' => 'Number',
62 'width' => 'MultiLength',
63 ),
64 $cell_align
65 );
66 $this->addElement('col', false, 'Empty', 'Common', $cell_col);
67 $this->addElement('colgroup', false, 'Optional: col', 'Common', $cell_col);
68
69 $this->addElement('tbody', false, 'Required: tr', 'Common', $cell_align);
70 $this->addElement('thead', false, 'Required: tr', 'Common', $cell_align);
71 $this->addElement('tfoot', false, 'Required: tr', 'Common', $cell_align);
72 }
73}
74
75// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Target.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Target.php
new file mode 100644
index 00000000..f3af0486
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Target.php
@@ -0,0 +1,28 @@
1<?php
2
3/**
4 * XHTML 1.1 Target Module, defines target attribute in link elements.
5 */
6class HTMLPurifier_HTMLModule_Target extends HTMLPurifier_HTMLModule
7{
8 /**
9 * @type string
10 */
11 public $name = 'Target';
12
13 /**
14 * @param HTMLPurifier_Config $config
15 */
16 public function setup($config)
17 {
18 $elements = array('a');
19 foreach ($elements as $name) {
20 $e = $this->addBlankElement($name);
21 $e->attr = array(
22 'target' => new HTMLPurifier_AttrDef_HTML_FrameTarget()
23 );
24 }
25 }
26}
27
28// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/TargetBlank.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/TargetBlank.php
new file mode 100644
index 00000000..757cddcd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/TargetBlank.php
@@ -0,0 +1,24 @@
1<?php
2
3/**
4 * Module adds the target=blank attribute transformation to a tags. It
5 * is enabled by HTML.TargetBlank
6 */
7class HTMLPurifier_HTMLModule_TargetBlank extends HTMLPurifier_HTMLModule
8{
9 /**
10 * @type string
11 */
12 public $name = 'TargetBlank';
13
14 /**
15 * @param HTMLPurifier_Config $config
16 */
17 public function setup($config)
18 {
19 $a = $this->addBlankElement('a');
20 $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_TargetBlank();
21 }
22}
23
24// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Text.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Text.php
new file mode 100644
index 00000000..11fdd8bd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Text.php
@@ -0,0 +1,87 @@
1<?php
2
3/**
4 * XHTML 1.1 Text Module, defines basic text containers. Core Module.
5 * @note In the normative XML Schema specification, this module
6 * is further abstracted into the following modules:
7 * - Block Phrasal (address, blockquote, pre, h1, h2, h3, h4, h5, h6)
8 * - Block Structural (div, p)
9 * - Inline Phrasal (abbr, acronym, cite, code, dfn, em, kbd, q, samp, strong, var)
10 * - Inline Structural (br, span)
11 * This module, functionally, does not distinguish between these
12 * sub-modules, but the code is internally structured to reflect
13 * these distinctions.
14 */
15class HTMLPurifier_HTMLModule_Text extends HTMLPurifier_HTMLModule
16{
17 /**
18 * @type string
19 */
20 public $name = 'Text';
21
22 /**
23 * @type array
24 */
25 public $content_sets = array(
26 'Flow' => 'Heading | Block | Inline'
27 );
28
29 /**
30 * @param HTMLPurifier_Config $config
31 */
32 public function setup($config)
33 {
34 // Inline Phrasal -------------------------------------------------
35 $this->addElement('abbr', 'Inline', 'Inline', 'Common');
36 $this->addElement('acronym', 'Inline', 'Inline', 'Common');
37 $this->addElement('cite', 'Inline', 'Inline', 'Common');
38 $this->addElement('dfn', 'Inline', 'Inline', 'Common');
39 $this->addElement('kbd', 'Inline', 'Inline', 'Common');
40 $this->addElement('q', 'Inline', 'Inline', 'Common', array('cite' => 'URI'));
41 $this->addElement('samp', 'Inline', 'Inline', 'Common');
42 $this->addElement('var', 'Inline', 'Inline', 'Common');
43
44 $em = $this->addElement('em', 'Inline', 'Inline', 'Common');
45 $em->formatting = true;
46
47 $strong = $this->addElement('strong', 'Inline', 'Inline', 'Common');
48 $strong->formatting = true;
49
50 $code = $this->addElement('code', 'Inline', 'Inline', 'Common');
51 $code->formatting = true;
52
53 // Inline Structural ----------------------------------------------
54 $this->addElement('span', 'Inline', 'Inline', 'Common');
55 $this->addElement('br', 'Inline', 'Empty', 'Core');
56
57 // Block Phrasal --------------------------------------------------
58 $this->addElement('address', 'Block', 'Inline', 'Common');
59 $this->addElement('blockquote', 'Block', 'Optional: Heading | Block | List', 'Common', array('cite' => 'URI'));
60 $pre = $this->addElement('pre', 'Block', 'Inline', 'Common');
61 $pre->excludes = $this->makeLookup(
62 'img',
63 'big',
64 'small',
65 'object',
66 'applet',
67 'font',
68 'basefont'
69 );
70 $this->addElement('h1', 'Heading', 'Inline', 'Common');
71 $this->addElement('h2', 'Heading', 'Inline', 'Common');
72 $this->addElement('h3', 'Heading', 'Inline', 'Common');
73 $this->addElement('h4', 'Heading', 'Inline', 'Common');
74 $this->addElement('h5', 'Heading', 'Inline', 'Common');
75 $this->addElement('h6', 'Heading', 'Inline', 'Common');
76
77 // Block Structural -----------------------------------------------
78 $p = $this->addElement('p', 'Block', 'Inline', 'Common');
79 $p->autoclose = array_flip(
80 array("address", "blockquote", "center", "dir", "div", "dl", "fieldset", "ol", "p", "ul")
81 );
82
83 $this->addElement('div', 'Block', 'Flow', 'Common');
84 }
85}
86
87// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php
new file mode 100644
index 00000000..f482a374
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php
@@ -0,0 +1,230 @@
1<?php
2
3/**
4 * Abstract class for a set of proprietary modules that clean up (tidy)
5 * poorly written HTML.
6 * @todo Figure out how to protect some of these methods/properties
7 */
8class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
9{
10 /**
11 * List of supported levels.
12 * Index zero is a special case "no fixes" level.
13 * @type array
14 */
15 public $levels = array(0 => 'none', 'light', 'medium', 'heavy');
16
17 /**
18 * Default level to place all fixes in.
19 * Disabled by default.
20 * @type string
21 */
22 public $defaultLevel = null;
23
24 /**
25 * Lists of fixes used by getFixesForLevel().
26 * Format is:
27 * HTMLModule_Tidy->fixesForLevel[$level] = array('fix-1', 'fix-2');
28 * @type array
29 */
30 public $fixesForLevel = array(
31 'light' => array(),
32 'medium' => array(),
33 'heavy' => array()
34 );
35
36 /**
37 * Lazy load constructs the module by determining the necessary
38 * fixes to create and then delegating to the populate() function.
39 * @param HTMLPurifier_Config $config
40 * @todo Wildcard matching and error reporting when an added or
41 * subtracted fix has no effect.
42 */
43 public function setup($config)
44 {
45 // create fixes, initialize fixesForLevel
46 $fixes = $this->makeFixes();
47 $this->makeFixesForLevel($fixes);
48
49 // figure out which fixes to use
50 $level = $config->get('HTML.TidyLevel');
51 $fixes_lookup = $this->getFixesForLevel($level);
52
53 // get custom fix declarations: these need namespace processing
54 $add_fixes = $config->get('HTML.TidyAdd');
55 $remove_fixes = $config->get('HTML.TidyRemove');
56
57 foreach ($fixes as $name => $fix) {
58 // needs to be refactored a little to implement globbing
59 if (isset($remove_fixes[$name]) ||
60 (!isset($add_fixes[$name]) && !isset($fixes_lookup[$name]))) {
61 unset($fixes[$name]);
62 }
63 }
64
65 // populate this module with necessary fixes
66 $this->populate($fixes);
67 }
68
69 /**
70 * Retrieves all fixes per a level, returning fixes for that specific
71 * level as well as all levels below it.
72 * @param string $level level identifier, see $levels for valid values
73 * @return array Lookup up table of fixes
74 */
75 public function getFixesForLevel($level)
76 {
77 if ($level == $this->levels[0]) {
78 return array();
79 }
80 $activated_levels = array();
81 for ($i = 1, $c = count($this->levels); $i < $c; $i++) {
82 $activated_levels[] = $this->levels[$i];
83 if ($this->levels[$i] == $level) {
84 break;
85 }
86 }
87 if ($i == $c) {
88 trigger_error(
89 'Tidy level ' . htmlspecialchars($level) . ' not recognized',
90 E_USER_WARNING
91 );
92 return array();
93 }
94 $ret = array();
95 foreach ($activated_levels as $level) {
96 foreach ($this->fixesForLevel[$level] as $fix) {
97 $ret[$fix] = true;
98 }
99 }
100 return $ret;
101 }
102
103 /**
104 * Dynamically populates the $fixesForLevel member variable using
105 * the fixes array. It may be custom overloaded, used in conjunction
106 * with $defaultLevel, or not used at all.
107 * @param array $fixes
108 */
109 public function makeFixesForLevel($fixes)
110 {
111 if (!isset($this->defaultLevel)) {
112 return;
113 }
114 if (!isset($this->fixesForLevel[$this->defaultLevel])) {
115 trigger_error(
116 'Default level ' . $this->defaultLevel . ' does not exist',
117 E_USER_ERROR
118 );
119 return;
120 }
121 $this->fixesForLevel[$this->defaultLevel] = array_keys($fixes);
122 }
123
124 /**
125 * Populates the module with transforms and other special-case code
126 * based on a list of fixes passed to it
127 * @param array $fixes Lookup table of fixes to activate
128 */
129 public function populate($fixes)
130 {
131 foreach ($fixes as $name => $fix) {
132 // determine what the fix is for
133 list($type, $params) = $this->getFixType($name);
134 switch ($type) {
135 case 'attr_transform_pre':
136 case 'attr_transform_post':
137 $attr = $params['attr'];
138 if (isset($params['element'])) {
139 $element = $params['element'];
140 if (empty($this->info[$element])) {
141 $e = $this->addBlankElement($element);
142 } else {
143 $e = $this->info[$element];
144 }
145 } else {
146 $type = "info_$type";
147 $e = $this;
148 }
149 // PHP does some weird parsing when I do
150 // $e->$type[$attr], so I have to assign a ref.
151 $f =& $e->$type;
152 $f[$attr] = $fix;
153 break;
154 case 'tag_transform':
155 $this->info_tag_transform[$params['element']] = $fix;
156 break;
157 case 'child':
158 case 'content_model_type':
159 $element = $params['element'];
160 if (empty($this->info[$element])) {
161 $e = $this->addBlankElement($element);
162 } else {
163 $e = $this->info[$element];
164 }
165 $e->$type = $fix;
166 break;
167 default:
168 trigger_error("Fix type $type not supported", E_USER_ERROR);
169 break;
170 }
171 }
172 }
173
174 /**
175 * Parses a fix name and determines what kind of fix it is, as well
176 * as other information defined by the fix
177 * @param $name String name of fix
178 * @return array(string $fix_type, array $fix_parameters)
179 * @note $fix_parameters is type dependant, see populate() for usage
180 * of these parameters
181 */
182 public function getFixType($name)
183 {
184 // parse it
185 $property = $attr = null;
186 if (strpos($name, '#') !== false) {
187 list($name, $property) = explode('#', $name);
188 }
189 if (strpos($name, '@') !== false) {
190 list($name, $attr) = explode('@', $name);
191 }
192
193 // figure out the parameters
194 $params = array();
195 if ($name !== '') {
196 $params['element'] = $name;
197 }
198 if (!is_null($attr)) {
199 $params['attr'] = $attr;
200 }
201
202 // special case: attribute transform
203 if (!is_null($attr)) {
204 if (is_null($property)) {
205 $property = 'pre';
206 }
207 $type = 'attr_transform_' . $property;
208 return array($type, $params);
209 }
210
211 // special case: tag transform
212 if (is_null($property)) {
213 return array('tag_transform', $params);
214 }
215
216 return array($property, $params);
217
218 }
219
220 /**
221 * Defines all fixes the module will perform in a compact
222 * associative array of fix name to fix implementation.
223 * @return array
224 */
225 public function makeFixes()
226 {
227 }
228}
229
230// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php
new file mode 100644
index 00000000..bb47bafd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php
@@ -0,0 +1,33 @@
1<?php
2
3/**
4 * Name is deprecated, but allowed in strict doctypes, so onl
5 */
6class HTMLPurifier_HTMLModule_Tidy_Name extends HTMLPurifier_HTMLModule_Tidy
7{
8 /**
9 * @type string
10 */
11 public $name = 'Tidy_Name';
12
13 /**
14 * @type string
15 */
16 public $defaultLevel = 'heavy';
17
18 /**
19 * @return array
20 */
21 public function makeFixes()
22 {
23 $r = array();
24 // @name for img, a -----------------------------------------------
25 // Technically, it's allowed even on strict, so we allow authors to use
26 // it. However, it's deprecated in future versions of XHTML.
27 $r['img@name'] =
28 $r['a@name'] = new HTMLPurifier_AttrTransform_Name();
29 return $r;
30 }
31}
32
33// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php
new file mode 100644
index 00000000..638cb541
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php
@@ -0,0 +1,34 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Tidy_Proprietary extends HTMLPurifier_HTMLModule_Tidy
4{
5
6 /**
7 * @type string
8 */
9 public $name = 'Tidy_Proprietary';
10
11 /**
12 * @type string
13 */
14 public $defaultLevel = 'light';
15
16 /**
17 * @return array
18 */
19 public function makeFixes()
20 {
21 $r = array();
22 $r['table@background'] = new HTMLPurifier_AttrTransform_Background();
23 $r['td@background'] = new HTMLPurifier_AttrTransform_Background();
24 $r['th@background'] = new HTMLPurifier_AttrTransform_Background();
25 $r['tr@background'] = new HTMLPurifier_AttrTransform_Background();
26 $r['thead@background'] = new HTMLPurifier_AttrTransform_Background();
27 $r['tfoot@background'] = new HTMLPurifier_AttrTransform_Background();
28 $r['tbody@background'] = new HTMLPurifier_AttrTransform_Background();
29 $r['table@height'] = new HTMLPurifier_AttrTransform_Length('height');
30 return $r;
31 }
32}
33
34// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php
new file mode 100644
index 00000000..ba3260e6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php
@@ -0,0 +1,43 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Tidy_Strict extends HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4
4{
5 /**
6 * @type string
7 */
8 public $name = 'Tidy_Strict';
9
10 /**
11 * @type string
12 */
13 public $defaultLevel = 'light';
14
15 /**
16 * @return array
17 */
18 public function makeFixes()
19 {
20 $r = parent::makeFixes();
21 $r['blockquote#content_model_type'] = 'strictblockquote';
22 return $r;
23 }
24
25 /**
26 * @type bool
27 */
28 public $defines_child_def = true;
29
30 /**
31 * @param HTMLPurifier_ElementDef $def
32 * @return HTMLPurifier_ChildDef_StrictBlockquote
33 */
34 public function getChildDef($def)
35 {
36 if ($def->content_model_type != 'strictblockquote') {
37 return parent::getChildDef($def);
38 }
39 return new HTMLPurifier_ChildDef_StrictBlockquote($def->content_model);
40 }
41}
42
43// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php
new file mode 100644
index 00000000..79411d25
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php
@@ -0,0 +1,16 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Tidy_Transitional extends HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4
4{
5 /**
6 * @type string
7 */
8 public $name = 'Tidy_Transitional';
9
10 /**
11 * @type string
12 */
13 public $defaultLevel = 'heavy';
14}
15
16// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php
new file mode 100644
index 00000000..935ad7f5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php
@@ -0,0 +1,26 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Tidy_XHTML extends HTMLPurifier_HTMLModule_Tidy
4{
5 /**
6 * @type string
7 */
8 public $name = 'Tidy_XHTML';
9
10 /**
11 * @type string
12 */
13 public $defaultLevel = 'medium';
14
15 /**
16 * @return array
17 */
18 public function makeFixes()
19 {
20 $r = array();
21 $r['@lang'] = new HTMLPurifier_AttrTransform_Lang();
22 return $r;
23 }
24}
25
26// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php
new file mode 100644
index 00000000..17164fb6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php
@@ -0,0 +1,179 @@
1<?php
2
3class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule_Tidy
4{
5
6 /**
7 * @return array
8 */
9 public function makeFixes()
10 {
11 $r = array();
12
13 // == deprecated tag transforms ===================================
14
15 $r['font'] = new HTMLPurifier_TagTransform_Font();
16 $r['menu'] = new HTMLPurifier_TagTransform_Simple('ul');
17 $r['dir'] = new HTMLPurifier_TagTransform_Simple('ul');
18 $r['center'] = new HTMLPurifier_TagTransform_Simple('div', 'text-align:center;');
19 $r['u'] = new HTMLPurifier_TagTransform_Simple('span', 'text-decoration:underline;');
20 $r['s'] = new HTMLPurifier_TagTransform_Simple('span', 'text-decoration:line-through;');
21 $r['strike'] = new HTMLPurifier_TagTransform_Simple('span', 'text-decoration:line-through;');
22
23 // == deprecated attribute transforms =============================
24
25 $r['caption@align'] =
26 new HTMLPurifier_AttrTransform_EnumToCSS(
27 'align',
28 array(
29 // we're following IE's behavior, not Firefox's, due
30 // to the fact that no one supports caption-side:right,
31 // W3C included (with CSS 2.1). This is a slightly
32 // unreasonable attribute!
33 'left' => 'text-align:left;',
34 'right' => 'text-align:right;',
35 'top' => 'caption-side:top;',
36 'bottom' => 'caption-side:bottom;' // not supported by IE
37 )
38 );
39
40 // @align for img -------------------------------------------------
41 $r['img@align'] =
42 new HTMLPurifier_AttrTransform_EnumToCSS(
43 'align',
44 array(
45 'left' => 'float:left;',
46 'right' => 'float:right;',
47 'top' => 'vertical-align:top;',
48 'middle' => 'vertical-align:middle;',
49 'bottom' => 'vertical-align:baseline;',
50 )
51 );
52
53 // @align for table -----------------------------------------------
54 $r['table@align'] =
55 new HTMLPurifier_AttrTransform_EnumToCSS(
56 'align',
57 array(
58 'left' => 'float:left;',
59 'center' => 'margin-left:auto;margin-right:auto;',
60 'right' => 'float:right;'
61 )
62 );
63
64 // @align for hr -----------------------------------------------
65 $r['hr@align'] =
66 new HTMLPurifier_AttrTransform_EnumToCSS(
67 'align',
68 array(
69 // we use both text-align and margin because these work
70 // for different browsers (IE and Firefox, respectively)
71 // and the melange makes for a pretty cross-compatible
72 // solution
73 'left' => 'margin-left:0;margin-right:auto;text-align:left;',
74 'center' => 'margin-left:auto;margin-right:auto;text-align:center;',
75 'right' => 'margin-left:auto;margin-right:0;text-align:right;'
76 )
77 );
78
79 // @align for h1, h2, h3, h4, h5, h6, p, div ----------------------
80 // {{{
81 $align_lookup = array();
82 $align_values = array('left', 'right', 'center', 'justify');
83 foreach ($align_values as $v) {
84 $align_lookup[$v] = "text-align:$v;";
85 }
86 // }}}
87 $r['h1@align'] =
88 $r['h2@align'] =
89 $r['h3@align'] =
90 $r['h4@align'] =
91 $r['h5@align'] =
92 $r['h6@align'] =
93 $r['p@align'] =
94 $r['div@align'] =
95 new HTMLPurifier_AttrTransform_EnumToCSS('align', $align_lookup);
96
97 // @bgcolor for table, tr, td, th ---------------------------------
98 $r['table@bgcolor'] =
99 $r['td@bgcolor'] =
100 $r['th@bgcolor'] =
101 new HTMLPurifier_AttrTransform_BgColor();
102
103 // @border for img ------------------------------------------------
104 $r['img@border'] = new HTMLPurifier_AttrTransform_Border();
105
106 // @clear for br --------------------------------------------------
107 $r['br@clear'] =
108 new HTMLPurifier_AttrTransform_EnumToCSS(
109 'clear',
110 array(
111 'left' => 'clear:left;',
112 'right' => 'clear:right;',
113 'all' => 'clear:both;',
114 'none' => 'clear:none;',
115 )
116 );
117
118 // @height for td, th ---------------------------------------------
119 $r['td@height'] =
120 $r['th@height'] =
121 new HTMLPurifier_AttrTransform_Length('height');
122
123 // @hspace for img ------------------------------------------------
124 $r['img@hspace'] = new HTMLPurifier_AttrTransform_ImgSpace('hspace');
125
126 // @noshade for hr ------------------------------------------------
127 // this transformation is not precise but often good enough.
128 // different browsers use different styles to designate noshade
129 $r['hr@noshade'] =
130 new HTMLPurifier_AttrTransform_BoolToCSS(
131 'noshade',
132 'color:#808080;background-color:#808080;border:0;'
133 );
134
135 // @nowrap for td, th ---------------------------------------------
136 $r['td@nowrap'] =
137 $r['th@nowrap'] =
138 new HTMLPurifier_AttrTransform_BoolToCSS(
139 'nowrap',
140 'white-space:nowrap;'
141 );
142
143 // @size for hr --------------------------------------------------
144 $r['hr@size'] = new HTMLPurifier_AttrTransform_Length('size', 'height');
145
146 // @type for li, ol, ul -------------------------------------------
147 // {{{
148 $ul_types = array(
149 'disc' => 'list-style-type:disc;',
150 'square' => 'list-style-type:square;',
151 'circle' => 'list-style-type:circle;'
152 );
153 $ol_types = array(
154 '1' => 'list-style-type:decimal;',
155 'i' => 'list-style-type:lower-roman;',
156 'I' => 'list-style-type:upper-roman;',
157 'a' => 'list-style-type:lower-alpha;',
158 'A' => 'list-style-type:upper-alpha;'
159 );
160 $li_types = $ul_types + $ol_types;
161 // }}}
162
163 $r['ul@type'] = new HTMLPurifier_AttrTransform_EnumToCSS('type', $ul_types);
164 $r['ol@type'] = new HTMLPurifier_AttrTransform_EnumToCSS('type', $ol_types, true);
165 $r['li@type'] = new HTMLPurifier_AttrTransform_EnumToCSS('type', $li_types, true);
166
167 // @vspace for img ------------------------------------------------
168 $r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace');
169
170 // @width for hr, td, th ------------------------------------------
171 $r['td@width'] =
172 $r['th@width'] =
173 $r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width');
174
175 return $r;
176 }
177}
178
179// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php
new file mode 100644
index 00000000..27a353db
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php
@@ -0,0 +1,20 @@
1<?php
2
3class HTMLPurifier_HTMLModule_XMLCommonAttributes extends HTMLPurifier_HTMLModule
4{
5 /**
6 * @type string
7 */
8 public $name = 'XMLCommonAttributes';
9
10 /**
11 * @type array
12 */
13 public $attr_collections = array(
14 'Lang' => array(
15 'xml:lang' => 'LanguageCode',
16 )
17 );
18}
19
20// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModuleManager.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModuleManager.php
new file mode 100644
index 00000000..c684961b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModuleManager.php
@@ -0,0 +1,459 @@
1<?php
2
3class HTMLPurifier_HTMLModuleManager
4{
5
6 /**
7 * @type HTMLPurifier_DoctypeRegistry
8 */
9 public $doctypes;
10
11 /**
12 * Instance of current doctype.
13 * @type string
14 */
15 public $doctype;
16
17 /**
18 * @type HTMLPurifier_AttrTypes
19 */
20 public $attrTypes;
21
22 /**
23 * Active instances of modules for the specified doctype are
24 * indexed, by name, in this array.
25 * @type HTMLPurifier_HTMLModule[]
26 */
27 public $modules = array();
28
29 /**
30 * Array of recognized HTMLPurifier_HTMLModule instances,
31 * indexed by module's class name. This array is usually lazy loaded, but a
32 * user can overload a module by pre-emptively registering it.
33 * @type HTMLPurifier_HTMLModule[]
34 */
35 public $registeredModules = array();
36
37 /**
38 * List of extra modules that were added by the user
39 * using addModule(). These get unconditionally merged into the current doctype, whatever
40 * it may be.
41 * @type HTMLPurifier_HTMLModule[]
42 */
43 public $userModules = array();
44
45 /**
46 * Associative array of element name to list of modules that have
47 * definitions for the element; this array is dynamically filled.
48 * @type array
49 */
50 public $elementLookup = array();
51
52 /**
53 * List of prefixes we should use for registering small names.
54 * @type array
55 */
56 public $prefixes = array('HTMLPurifier_HTMLModule_');
57
58 /**
59 * @type HTMLPurifier_ContentSets
60 */
61 public $contentSets;
62
63 /**
64 * @type HTMLPurifier_AttrCollections
65 */
66 public $attrCollections;
67
68 /**
69 * If set to true, unsafe elements and attributes will be allowed.
70 * @type bool
71 */
72 public $trusted = false;
73
74 public function __construct()
75 {
76 // editable internal objects
77 $this->attrTypes = new HTMLPurifier_AttrTypes();
78 $this->doctypes = new HTMLPurifier_DoctypeRegistry();
79
80 // setup basic modules
81 $common = array(
82 'CommonAttributes', 'Text', 'Hypertext', 'List',
83 'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
84 'StyleAttribute',
85 // Unsafe:
86 'Scripting', 'Object', 'Forms',
87 // Sorta legacy, but present in strict:
88 'Name',
89 );
90 $transitional = array('Legacy', 'Target', 'Iframe');
91 $xml = array('XMLCommonAttributes');
92 $non_xml = array('NonXMLCommonAttributes');
93
94 // setup basic doctypes
95 $this->doctypes->register(
96 'HTML 4.01 Transitional',
97 false,
98 array_merge($common, $transitional, $non_xml),
99 array('Tidy_Transitional', 'Tidy_Proprietary'),
100 array(),
101 '-//W3C//DTD HTML 4.01 Transitional//EN',
102 'http://www.w3.org/TR/html4/loose.dtd'
103 );
104
105 $this->doctypes->register(
106 'HTML 4.01 Strict',
107 false,
108 array_merge($common, $non_xml),
109 array('Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
110 array(),
111 '-//W3C//DTD HTML 4.01//EN',
112 'http://www.w3.org/TR/html4/strict.dtd'
113 );
114
115 $this->doctypes->register(
116 'XHTML 1.0 Transitional',
117 true,
118 array_merge($common, $transitional, $xml, $non_xml),
119 array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Name'),
120 array(),
121 '-//W3C//DTD XHTML 1.0 Transitional//EN',
122 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
123 );
124
125 $this->doctypes->register(
126 'XHTML 1.0 Strict',
127 true,
128 array_merge($common, $xml, $non_xml),
129 array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
130 array(),
131 '-//W3C//DTD XHTML 1.0 Strict//EN',
132 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'
133 );
134
135 $this->doctypes->register(
136 'XHTML 1.1',
137 true,
138 // Iframe is a real XHTML 1.1 module, despite being
139 // "transitional"!
140 array_merge($common, $xml, array('Ruby', 'Iframe')),
141 array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict', 'Tidy_Name'), // Tidy_XHTML1_1
142 array(),
143 '-//W3C//DTD XHTML 1.1//EN',
144 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'
145 );
146
147 }
148
149 /**
150 * Registers a module to the recognized module list, useful for
151 * overloading pre-existing modules.
152 * @param $module Mixed: string module name, with or without
153 * HTMLPurifier_HTMLModule prefix, or instance of
154 * subclass of HTMLPurifier_HTMLModule.
155 * @param $overload Boolean whether or not to overload previous modules.
156 * If this is not set, and you do overload a module,
157 * HTML Purifier will complain with a warning.
158 * @note This function will not call autoload, you must instantiate
159 * (and thus invoke) autoload outside the method.
160 * @note If a string is passed as a module name, different variants
161 * will be tested in this order:
162 * - Check for HTMLPurifier_HTMLModule_$name
163 * - Check all prefixes with $name in order they were added
164 * - Check for literal object name
165 * - Throw fatal error
166 * If your object name collides with an internal class, specify
167 * your module manually. All modules must have been included
168 * externally: registerModule will not perform inclusions for you!
169 */
170 public function registerModule($module, $overload = false)
171 {
172 if (is_string($module)) {
173 // attempt to load the module
174 $original_module = $module;
175 $ok = false;
176 foreach ($this->prefixes as $prefix) {
177 $module = $prefix . $original_module;
178 if (class_exists($module)) {
179 $ok = true;
180 break;
181 }
182 }
183 if (!$ok) {
184 $module = $original_module;
185 if (!class_exists($module)) {
186 trigger_error(
187 $original_module . ' module does not exist',
188 E_USER_ERROR
189 );
190 return;
191 }
192 }
193 $module = new $module();
194 }
195 if (empty($module->name)) {
196 trigger_error('Module instance of ' . get_class($module) . ' must have name');
197 return;
198 }
199 if (!$overload && isset($this->registeredModules[$module->name])) {
200 trigger_error('Overloading ' . $module->name . ' without explicit overload parameter', E_USER_WARNING);
201 }
202 $this->registeredModules[$module->name] = $module;
203 }
204
205 /**
206 * Adds a module to the current doctype by first registering it,
207 * and then tacking it on to the active doctype
208 */
209 public function addModule($module)
210 {
211 $this->registerModule($module);
212 if (is_object($module)) {
213 $module = $module->name;
214 }
215 $this->userModules[] = $module;
216 }
217
218 /**
219 * Adds a class prefix that registerModule() will use to resolve a
220 * string name to a concrete class
221 */
222 public function addPrefix($prefix)
223 {
224 $this->prefixes[] = $prefix;
225 }
226
227 /**
228 * Performs processing on modules, after being called you may
229 * use getElement() and getElements()
230 * @param HTMLPurifier_Config $config
231 */
232 public function setup($config)
233 {
234 $this->trusted = $config->get('HTML.Trusted');
235
236 // generate
237 $this->doctype = $this->doctypes->make($config);
238 $modules = $this->doctype->modules;
239
240 // take out the default modules that aren't allowed
241 $lookup = $config->get('HTML.AllowedModules');
242 $special_cases = $config->get('HTML.CoreModules');
243
244 if (is_array($lookup)) {
245 foreach ($modules as $k => $m) {
246 if (isset($special_cases[$m])) {
247 continue;
248 }
249 if (!isset($lookup[$m])) {
250 unset($modules[$k]);
251 }
252 }
253 }
254
255 // custom modules
256 if ($config->get('HTML.Proprietary')) {
257 $modules[] = 'Proprietary';
258 }
259 if ($config->get('HTML.SafeObject')) {
260 $modules[] = 'SafeObject';
261 }
262 if ($config->get('HTML.SafeEmbed')) {
263 $modules[] = 'SafeEmbed';
264 }
265 if ($config->get('HTML.SafeScripting') !== array()) {
266 $modules[] = 'SafeScripting';
267 }
268 if ($config->get('HTML.Nofollow')) {
269 $modules[] = 'Nofollow';
270 }
271 if ($config->get('HTML.TargetBlank')) {
272 $modules[] = 'TargetBlank';
273 }
274
275 // merge in custom modules
276 $modules = array_merge($modules, $this->userModules);
277
278 foreach ($modules as $module) {
279 $this->processModule($module);
280 $this->modules[$module]->setup($config);
281 }
282
283 foreach ($this->doctype->tidyModules as $module) {
284 $this->processModule($module);
285 $this->modules[$module]->setup($config);
286 }
287
288 // prepare any injectors
289 foreach ($this->modules as $module) {
290 $n = array();
291 foreach ($module->info_injector as $injector) {
292 if (!is_object($injector)) {
293 $class = "HTMLPurifier_Injector_$injector";
294 $injector = new $class;
295 }
296 $n[$injector->name] = $injector;
297 }
298 $module->info_injector = $n;
299 }
300
301 // setup lookup table based on all valid modules
302 foreach ($this->modules as $module) {
303 foreach ($module->info as $name => $def) {
304 if (!isset($this->elementLookup[$name])) {
305 $this->elementLookup[$name] = array();
306 }
307 $this->elementLookup[$name][] = $module->name;
308 }
309 }
310
311 // note the different choice
312 $this->contentSets = new HTMLPurifier_ContentSets(
313 // content set assembly deals with all possible modules,
314 // not just ones deemed to be "safe"
315 $this->modules
316 );
317 $this->attrCollections = new HTMLPurifier_AttrCollections(
318 $this->attrTypes,
319 // there is no way to directly disable a global attribute,
320 // but using AllowedAttributes or simply not including
321 // the module in your custom doctype should be sufficient
322 $this->modules
323 );
324 }
325
326 /**
327 * Takes a module and adds it to the active module collection,
328 * registering it if necessary.
329 */
330 public function processModule($module)
331 {
332 if (!isset($this->registeredModules[$module]) || is_object($module)) {
333 $this->registerModule($module);
334 }
335 $this->modules[$module] = $this->registeredModules[$module];
336 }
337
338 /**
339 * Retrieves merged element definitions.
340 * @return Array of HTMLPurifier_ElementDef
341 */
342 public function getElements()
343 {
344 $elements = array();
345 foreach ($this->modules as $module) {
346 if (!$this->trusted && !$module->safe) {
347 continue;
348 }
349 foreach ($module->info as $name => $v) {
350 if (isset($elements[$name])) {
351 continue;
352 }
353 $elements[$name] = $this->getElement($name);
354 }
355 }
356
357 // remove dud elements, this happens when an element that
358 // appeared to be safe actually wasn't
359 foreach ($elements as $n => $v) {
360 if ($v === false) {
361 unset($elements[$n]);
362 }
363 }
364
365 return $elements;
366
367 }
368
369 /**
370 * Retrieves a single merged element definition
371 * @param string $name Name of element
372 * @param bool $trusted Boolean trusted overriding parameter: set to true
373 * if you want the full version of an element
374 * @return HTMLPurifier_ElementDef Merged HTMLPurifier_ElementDef
375 * @note You may notice that modules are getting iterated over twice (once
376 * in getElements() and once here). This
377 * is because
378 */
379 public function getElement($name, $trusted = null)
380 {
381 if (!isset($this->elementLookup[$name])) {
382 return false;
383 }
384
385 // setup global state variables
386 $def = false;
387 if ($trusted === null) {
388 $trusted = $this->trusted;
389 }
390
391 // iterate through each module that has registered itself to this
392 // element
393 foreach ($this->elementLookup[$name] as $module_name) {
394 $module = $this->modules[$module_name];
395
396 // refuse to create/merge from a module that is deemed unsafe--
397 // pretend the module doesn't exist--when trusted mode is not on.
398 if (!$trusted && !$module->safe) {
399 continue;
400 }
401
402 // clone is used because, ideally speaking, the original
403 // definition should not be modified. Usually, this will
404 // make no difference, but for consistency's sake
405 $new_def = clone $module->info[$name];
406
407 if (!$def && $new_def->standalone) {
408 $def = $new_def;
409 } elseif ($def) {
410 // This will occur even if $new_def is standalone. In practice,
411 // this will usually result in a full replacement.
412 $def->mergeIn($new_def);
413 } else {
414 // :TODO:
415 // non-standalone definitions that don't have a standalone
416 // to merge into could be deferred to the end
417 // HOWEVER, it is perfectly valid for a non-standalone
418 // definition to lack a standalone definition, even
419 // after all processing: this allows us to safely
420 // specify extra attributes for elements that may not be
421 // enabled all in one place. In particular, this might
422 // be the case for trusted elements. WARNING: care must
423 // be taken that the /extra/ definitions are all safe.
424 continue;
425 }
426
427 // attribute value expansions
428 $this->attrCollections->performInclusions($def->attr);
429 $this->attrCollections->expandIdentifiers($def->attr, $this->attrTypes);
430
431 // descendants_are_inline, for ChildDef_Chameleon
432 if (is_string($def->content_model) &&
433 strpos($def->content_model, 'Inline') !== false) {
434 if ($name != 'del' && $name != 'ins') {
435 // this is for you, ins/del
436 $def->descendants_are_inline = true;
437 }
438 }
439
440 $this->contentSets->generateChildDef($def, $module);
441 }
442
443 // This can occur if there is a blank definition, but no base to
444 // mix it in with
445 if (!$def) {
446 return false;
447 }
448
449 // add information on required attributes
450 foreach ($def->attr as $attr_name => $attr_def) {
451 if ($attr_def->required) {
452 $def->required_attr[] = $attr_name;
453 }
454 }
455 return $def;
456 }
457}
458
459// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/IDAccumulator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/IDAccumulator.php
new file mode 100644
index 00000000..bf399af4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/IDAccumulator.php
@@ -0,0 +1,57 @@
1<?php
2
3/**
4 * Component of HTMLPurifier_AttrContext that accumulates IDs to prevent dupes
5 * @note In Slashdot-speak, dupe means duplicate.
6 * @note The default constructor does not accept $config or $context objects:
7 * use must use the static build() factory method to perform initialization.
8 */
9class HTMLPurifier_IDAccumulator
10{
11
12 /**
13 * Lookup table of IDs we've accumulated.
14 * @public
15 */
16 public $ids = array();
17
18 /**
19 * Builds an IDAccumulator, also initializing the default blacklist
20 * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
21 * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
22 * @return HTMLPurifier_IDAccumulator Fully initialized HTMLPurifier_IDAccumulator
23 */
24 public static function build($config, $context)
25 {
26 $id_accumulator = new HTMLPurifier_IDAccumulator();
27 $id_accumulator->load($config->get('Attr.IDBlacklist'));
28 return $id_accumulator;
29 }
30
31 /**
32 * Add an ID to the lookup table.
33 * @param string $id ID to be added.
34 * @return bool status, true if success, false if there's a dupe
35 */
36 public function add($id)
37 {
38 if (isset($this->ids[$id])) {
39 return false;
40 }
41 return $this->ids[$id] = true;
42 }
43
44 /**
45 * Load a list of IDs into the lookup table
46 * @param $array_of_ids Array of IDs to load
47 * @note This function doesn't care about duplicates
48 */
49 public function load($array_of_ids)
50 {
51 foreach ($array_of_ids as $id) {
52 $this->ids[$id] = true;
53 }
54 }
55}
56
57// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector.php
new file mode 100644
index 00000000..f1a74a4a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector.php
@@ -0,0 +1,281 @@
1<?php
2
3/**
4 * Injects tokens into the document while parsing for well-formedness.
5 * This enables "formatter-like" functionality such as auto-paragraphing,
6 * smiley-ification and linkification to take place.
7 *
8 * A note on how handlers create changes; this is done by assigning a new
9 * value to the $token reference. These values can take a variety of forms and
10 * are best described HTMLPurifier_Strategy_MakeWellFormed->processToken()
11 * documentation.
12 *
13 * @todo Allow injectors to request a re-run on their output. This
14 * would help if an operation is recursive.
15 */
16abstract class HTMLPurifier_Injector
17{
18
19 /**
20 * Advisory name of injector, this is for friendly error messages.
21 * @type string
22 */
23 public $name;
24
25 /**
26 * @type HTMLPurifier_HTMLDefinition
27 */
28 protected $htmlDefinition;
29
30 /**
31 * Reference to CurrentNesting variable in Context. This is an array
32 * list of tokens that we are currently "inside"
33 * @type array
34 */
35 protected $currentNesting;
36
37 /**
38 * Reference to current token.
39 * @type HTMLPurifier_Token
40 */
41 protected $currentToken;
42
43 /**
44 * Reference to InputZipper variable in Context.
45 * @type HTMLPurifier_Zipper
46 */
47 protected $inputZipper;
48
49 /**
50 * Array of elements and attributes this injector creates and therefore
51 * need to be allowed by the definition. Takes form of
52 * array('element' => array('attr', 'attr2'), 'element2')
53 * @type array
54 */
55 public $needed = array();
56
57 /**
58 * Number of elements to rewind backwards (relative).
59 * @type bool|int
60 */
61 protected $rewindOffset = false;
62
63 /**
64 * Rewind to a spot to re-perform processing. This is useful if you
65 * deleted a node, and now need to see if this change affected any
66 * earlier nodes. Rewinding does not affect other injectors, and can
67 * result in infinite loops if not used carefully.
68 * @param bool|int $offset
69 * @warning HTML Purifier will prevent you from fast-forwarding with this
70 * function.
71 */
72 public function rewindOffset($offset)
73 {
74 $this->rewindOffset = $offset;
75 }
76
77 /**
78 * Retrieves rewind offset, and then unsets it.
79 * @return bool|int
80 */
81 public function getRewindOffset()
82 {
83 $r = $this->rewindOffset;
84 $this->rewindOffset = false;
85 return $r;
86 }
87
88 /**
89 * Prepares the injector by giving it the config and context objects:
90 * this allows references to important variables to be made within
91 * the injector. This function also checks if the HTML environment
92 * will work with the Injector (see checkNeeded()).
93 * @param HTMLPurifier_Config $config
94 * @param HTMLPurifier_Context $context
95 * @return bool|string Boolean false if success, string of missing needed element/attribute if failure
96 */
97 public function prepare($config, $context)
98 {
99 $this->htmlDefinition = $config->getHTMLDefinition();
100 // Even though this might fail, some unit tests ignore this and
101 // still test checkNeeded, so be careful. Maybe get rid of that
102 // dependency.
103 $result = $this->checkNeeded($config);
104 if ($result !== false) {
105 return $result;
106 }
107 $this->currentNesting =& $context->get('CurrentNesting');
108 $this->currentToken =& $context->get('CurrentToken');
109 $this->inputZipper =& $context->get('InputZipper');
110 return false;
111 }
112
113 /**
114 * This function checks if the HTML environment
115 * will work with the Injector: if p tags are not allowed, the
116 * Auto-Paragraphing injector should not be enabled.
117 * @param HTMLPurifier_Config $config
118 * @return bool|string Boolean false if success, string of missing needed element/attribute if failure
119 */
120 public function checkNeeded($config)
121 {
122 $def = $config->getHTMLDefinition();
123 foreach ($this->needed as $element => $attributes) {
124 if (is_int($element)) {
125 $element = $attributes;
126 }
127 if (!isset($def->info[$element])) {
128 return $element;
129 }
130 if (!is_array($attributes)) {
131 continue;
132 }
133 foreach ($attributes as $name) {
134 if (!isset($def->info[$element]->attr[$name])) {
135 return "$element.$name";
136 }
137 }
138 }
139 return false;
140 }
141
142 /**
143 * Tests if the context node allows a certain element
144 * @param string $name Name of element to test for
145 * @return bool True if element is allowed, false if it is not
146 */
147 public function allowsElement($name)
148 {
149 if (!empty($this->currentNesting)) {
150 $parent_token = array_pop($this->currentNesting);
151 $this->currentNesting[] = $parent_token;
152 $parent = $this->htmlDefinition->info[$parent_token->name];
153 } else {
154 $parent = $this->htmlDefinition->info_parent_def;
155 }
156 if (!isset($parent->child->elements[$name]) || isset($parent->excludes[$name])) {
157 return false;
158 }
159 // check for exclusion
160 for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
161 $node = $this->currentNesting[$i];
162 $def = $this->htmlDefinition->info[$node->name];
163 if (isset($def->excludes[$name])) {
164 return false;
165 }
166 }
167 return true;
168 }
169
170 /**
171 * Iterator function, which starts with the next token and continues until
172 * you reach the end of the input tokens.
173 * @warning Please prevent previous references from interfering with this
174 * functions by setting $i = null beforehand!
175 * @param int $i Current integer index variable for inputTokens
176 * @param HTMLPurifier_Token $current Current token variable.
177 * Do NOT use $token, as that variable is also a reference
178 * @return bool
179 */
180 protected function forward(&$i, &$current)
181 {
182 if ($i === null) {
183 $i = count($this->inputZipper->back) - 1;
184 } else {
185 $i--;
186 }
187 if ($i < 0) {
188 return false;
189 }
190 $current = $this->inputZipper->back[$i];
191 return true;
192 }
193
194 /**
195 * Similar to _forward, but accepts a third parameter $nesting (which
196 * should be initialized at 0) and stops when we hit the end tag
197 * for the node $this->inputIndex starts in.
198 * @param int $i Current integer index variable for inputTokens
199 * @param HTMLPurifier_Token $current Current token variable.
200 * Do NOT use $token, as that variable is also a reference
201 * @param int $nesting
202 * @return bool
203 */
204 protected function forwardUntilEndToken(&$i, &$current, &$nesting)
205 {
206 $result = $this->forward($i, $current);
207 if (!$result) {
208 return false;
209 }
210 if ($nesting === null) {
211 $nesting = 0;
212 }
213 if ($current instanceof HTMLPurifier_Token_Start) {
214 $nesting++;
215 } elseif ($current instanceof HTMLPurifier_Token_End) {
216 if ($nesting <= 0) {
217 return false;
218 }
219 $nesting--;
220 }
221 return true;
222 }
223
224 /**
225 * Iterator function, starts with the previous token and continues until
226 * you reach the beginning of input tokens.
227 * @warning Please prevent previous references from interfering with this
228 * functions by setting $i = null beforehand!
229 * @param int $i Current integer index variable for inputTokens
230 * @param HTMLPurifier_Token $current Current token variable.
231 * Do NOT use $token, as that variable is also a reference
232 * @return bool
233 */
234 protected function backward(&$i, &$current)
235 {
236 if ($i === null) {
237 $i = count($this->inputZipper->front) - 1;
238 } else {
239 $i--;
240 }
241 if ($i < 0) {
242 return false;
243 }
244 $current = $this->inputZipper->front[$i];
245 return true;
246 }
247
248 /**
249 * Handler that is called when a text token is processed
250 */
251 public function handleText(&$token)
252 {
253 }
254
255 /**
256 * Handler that is called when a start or empty token is processed
257 */
258 public function handleElement(&$token)
259 {
260 }
261
262 /**
263 * Handler that is called when an end token is processed
264 */
265 public function handleEnd(&$token)
266 {
267 $this->notifyEnd($token);
268 }
269
270 /**
271 * Notifier that is called when an end token is processed
272 * @param HTMLPurifier_Token $token Current token variable.
273 * @note This differs from handlers in that the token is read-only
274 * @deprecated
275 */
276 public function notifyEnd($token)
277 {
278 }
279}
280
281// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php
new file mode 100644
index 00000000..d3ec44f1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php
@@ -0,0 +1,356 @@
1<?php
2
3/**
4 * Injector that auto paragraphs text in the root node based on
5 * double-spacing.
6 * @todo Ensure all states are unit tested, including variations as well.
7 * @todo Make a graph of the flow control for this Injector.
8 */
9class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector
10{
11 /**
12 * @type string
13 */
14 public $name = 'AutoParagraph';
15
16 /**
17 * @type array
18 */
19 public $needed = array('p');
20
21 /**
22 * @return HTMLPurifier_Token_Start
23 */
24 private function _pStart()
25 {
26 $par = new HTMLPurifier_Token_Start('p');
27 $par->armor['MakeWellFormed_TagClosedError'] = true;
28 return $par;
29 }
30
31 /**
32 * @param HTMLPurifier_Token_Text $token
33 */
34 public function handleText(&$token)
35 {
36 $text = $token->data;
37 // Does the current parent allow <p> tags?
38 if ($this->allowsElement('p')) {
39 if (empty($this->currentNesting) || strpos($text, "\n\n") !== false) {
40 // Note that we have differing behavior when dealing with text
41 // in the anonymous root node, or a node inside the document.
42 // If the text as a double-newline, the treatment is the same;
43 // if it doesn't, see the next if-block if you're in the document.
44
45 $i = $nesting = null;
46 if (!$this->forwardUntilEndToken($i, $current, $nesting) && $token->is_whitespace) {
47 // State 1.1: ... ^ (whitespace, then document end)
48 // ----
49 // This is a degenerate case
50 } else {
51 if (!$token->is_whitespace || $this->_isInline($current)) {
52 // State 1.2: PAR1
53 // ----
54
55 // State 1.3: PAR1\n\nPAR2
56 // ------------
57
58 // State 1.4: <div>PAR1\n\nPAR2 (see State 2)
59 // ------------
60 $token = array($this->_pStart());
61 $this->_splitText($text, $token);
62 } else {
63 // State 1.5: \n<hr />
64 // --
65 }
66 }
67 } else {
68 // State 2: <div>PAR1... (similar to 1.4)
69 // ----
70
71 // We're in an element that allows paragraph tags, but we're not
72 // sure if we're going to need them.
73 if ($this->_pLookAhead()) {
74 // State 2.1: <div>PAR1<b>PAR1\n\nPAR2
75 // ----
76 // Note: This will always be the first child, since any
77 // previous inline element would have triggered this very
78 // same routine, and found the double newline. One possible
79 // exception would be a comment.
80 $token = array($this->_pStart(), $token);
81 } else {
82 // State 2.2.1: <div>PAR1<div>
83 // ----
84
85 // State 2.2.2: <div>PAR1<b>PAR1</b></div>
86 // ----
87 }
88 }
89 // Is the current parent a <p> tag?
90 } elseif (!empty($this->currentNesting) &&
91 $this->currentNesting[count($this->currentNesting) - 1]->name == 'p') {
92 // State 3.1: ...<p>PAR1
93 // ----
94
95 // State 3.2: ...<p>PAR1\n\nPAR2
96 // ------------
97 $token = array();
98 $this->_splitText($text, $token);
99 // Abort!
100 } else {
101 // State 4.1: ...<b>PAR1
102 // ----
103
104 // State 4.2: ...<b>PAR1\n\nPAR2
105 // ------------
106 }
107 }
108
109 /**
110 * @param HTMLPurifier_Token $token
111 */
112 public function handleElement(&$token)
113 {
114 // We don't have to check if we're already in a <p> tag for block
115 // tokens, because the tag would have been autoclosed by MakeWellFormed.
116 if ($this->allowsElement('p')) {
117 if (!empty($this->currentNesting)) {
118 if ($this->_isInline($token)) {
119 // State 1: <div>...<b>
120 // ---
121 // Check if this token is adjacent to the parent token
122 // (seek backwards until token isn't whitespace)
123 $i = null;
124 $this->backward($i, $prev);
125
126 if (!$prev instanceof HTMLPurifier_Token_Start) {
127 // Token wasn't adjacent
128 if ($prev instanceof HTMLPurifier_Token_Text &&
129 substr($prev->data, -2) === "\n\n"
130 ) {
131 // State 1.1.4: <div><p>PAR1</p>\n\n<b>
132 // ---
133 // Quite frankly, this should be handled by splitText
134 $token = array($this->_pStart(), $token);
135 } else {
136 // State 1.1.1: <div><p>PAR1</p><b>
137 // ---
138 // State 1.1.2: <div><br /><b>
139 // ---
140 // State 1.1.3: <div>PAR<b>
141 // ---
142 }
143 } else {
144 // State 1.2.1: <div><b>
145 // ---
146 // Lookahead to see if <p> is needed.
147 if ($this->_pLookAhead()) {
148 // State 1.3.1: <div><b>PAR1\n\nPAR2
149 // ---
150 $token = array($this->_pStart(), $token);
151 } else {
152 // State 1.3.2: <div><b>PAR1</b></div>
153 // ---
154
155 // State 1.3.3: <div><b>PAR1</b><div></div>\n\n</div>
156 // ---
157 }
158 }
159 } else {
160 // State 2.3: ...<div>
161 // -----
162 }
163 } else {
164 if ($this->_isInline($token)) {
165 // State 3.1: <b>
166 // ---
167 // This is where the {p} tag is inserted, not reflected in
168 // inputTokens yet, however.
169 $token = array($this->_pStart(), $token);
170 } else {
171 // State 3.2: <div>
172 // -----
173 }
174
175 $i = null;
176 if ($this->backward($i, $prev)) {
177 if (!$prev instanceof HTMLPurifier_Token_Text) {
178 // State 3.1.1: ...</p>{p}<b>
179 // ---
180 // State 3.2.1: ...</p><div>
181 // -----
182 if (!is_array($token)) {
183 $token = array($token);
184 }
185 array_unshift($token, new HTMLPurifier_Token_Text("\n\n"));
186 } else {
187 // State 3.1.2: ...</p>\n\n{p}<b>
188 // ---
189 // State 3.2.2: ...</p>\n\n<div>
190 // -----
191 // Note: PAR<ELEM> cannot occur because PAR would have been
192 // wrapped in <p> tags.
193 }
194 }
195 }
196 } else {
197 // State 2.2: <ul><li>
198 // ----
199 // State 2.4: <p><b>
200 // ---
201 }
202 }
203
204 /**
205 * Splits up a text in paragraph tokens and appends them
206 * to the result stream that will replace the original
207 * @param string $data String text data that will be processed
208 * into paragraphs
209 * @param HTMLPurifier_Token[] $result Reference to array of tokens that the
210 * tags will be appended onto
211 */
212 private function _splitText($data, &$result)
213 {
214 $raw_paragraphs = explode("\n\n", $data);
215 $paragraphs = array(); // without empty paragraphs
216 $needs_start = false;
217 $needs_end = false;
218
219 $c = count($raw_paragraphs);
220 if ($c == 1) {
221 // There were no double-newlines, abort quickly. In theory this
222 // should never happen.
223 $result[] = new HTMLPurifier_Token_Text($data);
224 return;
225 }
226 for ($i = 0; $i < $c; $i++) {
227 $par = $raw_paragraphs[$i];
228 if (trim($par) !== '') {
229 $paragraphs[] = $par;
230 } else {
231 if ($i == 0) {
232 // Double newline at the front
233 if (empty($result)) {
234 // The empty result indicates that the AutoParagraph
235 // injector did not add any start paragraph tokens.
236 // This means that we have been in a paragraph for
237 // a while, and the newline means we should start a new one.
238 $result[] = new HTMLPurifier_Token_End('p');
239 $result[] = new HTMLPurifier_Token_Text("\n\n");
240 // However, the start token should only be added if
241 // there is more processing to be done (i.e. there are
242 // real paragraphs in here). If there are none, the
243 // next start paragraph tag will be handled by the
244 // next call to the injector
245 $needs_start = true;
246 } else {
247 // We just started a new paragraph!
248 // Reinstate a double-newline for presentation's sake, since
249 // it was in the source code.
250 array_unshift($result, new HTMLPurifier_Token_Text("\n\n"));
251 }
252 } elseif ($i + 1 == $c) {
253 // Double newline at the end
254 // There should be a trailing </p> when we're finally done.
255 $needs_end = true;
256 }
257 }
258 }
259
260 // Check if this was just a giant blob of whitespace. Move this earlier,
261 // perhaps?
262 if (empty($paragraphs)) {
263 return;
264 }
265
266 // Add the start tag indicated by \n\n at the beginning of $data
267 if ($needs_start) {
268 $result[] = $this->_pStart();
269 }
270
271 // Append the paragraphs onto the result
272 foreach ($paragraphs as $par) {
273 $result[] = new HTMLPurifier_Token_Text($par);
274 $result[] = new HTMLPurifier_Token_End('p');
275 $result[] = new HTMLPurifier_Token_Text("\n\n");
276 $result[] = $this->_pStart();
277 }
278
279 // Remove trailing start token; Injector will handle this later if
280 // it was indeed needed. This prevents from needing to do a lookahead,
281 // at the cost of a lookbehind later.
282 array_pop($result);
283
284 // If there is no need for an end tag, remove all of it and let
285 // MakeWellFormed close it later.
286 if (!$needs_end) {
287 array_pop($result); // removes \n\n
288 array_pop($result); // removes </p>
289 }
290 }
291
292 /**
293 * Returns true if passed token is inline (and, ergo, allowed in
294 * paragraph tags)
295 * @param HTMLPurifier_Token $token
296 * @return bool
297 */
298 private function _isInline($token)
299 {
300 return isset($this->htmlDefinition->info['p']->child->elements[$token->name]);
301 }
302
303 /**
304 * Looks ahead in the token list and determines whether or not we need
305 * to insert a <p> tag.
306 * @return bool
307 */
308 private function _pLookAhead()
309 {
310 if ($this->currentToken instanceof HTMLPurifier_Token_Start) {
311 $nesting = 1;
312 } else {
313 $nesting = 0;
314 }
315 $ok = false;
316 $i = null;
317 while ($this->forwardUntilEndToken($i, $current, $nesting)) {
318 $result = $this->_checkNeedsP($current);
319 if ($result !== null) {
320 $ok = $result;
321 break;
322 }
323 }
324 return $ok;
325 }
326
327 /**
328 * Determines if a particular token requires an earlier inline token
329 * to get a paragraph. This should be used with _forwardUntilEndToken
330 * @param HTMLPurifier_Token $current
331 * @return bool
332 */
333 private function _checkNeedsP($current)
334 {
335 if ($current instanceof HTMLPurifier_Token_Start) {
336 if (!$this->_isInline($current)) {
337 // <div>PAR1<div>
338 // ----
339 // Terminate early, since we hit a block element
340 return false;
341 }
342 } elseif ($current instanceof HTMLPurifier_Token_Text) {
343 if (strpos($current->data, "\n\n") !== false) {
344 // <div>PAR1<b>PAR1\n\nPAR2
345 // ----
346 return true;
347 } else {
348 // <div>PAR1<b>PAR1...
349 // ----
350 }
351 }
352 return null;
353 }
354}
355
356// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php
new file mode 100644
index 00000000..9f904482
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php
@@ -0,0 +1,40 @@
1<?php
2
3/**
4 * Injector that displays the URL of an anchor instead of linking to it, in addition to showing the text of the link.
5 */
6class HTMLPurifier_Injector_DisplayLinkURI extends HTMLPurifier_Injector
7{
8 /**
9 * @type string
10 */
11 public $name = 'DisplayLinkURI';
12
13 /**
14 * @type array
15 */
16 public $needed = array('a');
17
18 /**
19 * @param $token
20 */
21 public function handleElement(&$token)
22 {
23 }
24
25 /**
26 * @param HTMLPurifier_Token $token
27 */
28 public function handleEnd(&$token)
29 {
30 if (isset($token->start->attr['href'])) {
31 $url = $token->start->attr['href'];
32 unset($token->start->attr['href']);
33 $token = array($token, new HTMLPurifier_Token_Text(" ($url)"));
34 } else {
35 // nothing to display
36 }
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/Linkify.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/Linkify.php
new file mode 100644
index 00000000..5eed3c12
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/Linkify.php
@@ -0,0 +1,59 @@
1<?php
2
3/**
4 * Injector that converts http, https and ftp text URLs to actual links.
5 */
6class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
7{
8 /**
9 * @type string
10 */
11 public $name = 'Linkify';
12
13 /**
14 * @type array
15 */
16 public $needed = array('a' => array('href'));
17
18 /**
19 * @param HTMLPurifier_Token $token
20 */
21 public function handleText(&$token)
22 {
23 if (!$this->allowsElement('a')) {
24 return;
25 }
26
27 if (strpos($token->data, '://') === false) {
28 // our really quick heuristic failed, abort
29 // this may not work so well if we want to match things like
30 // "google.com", but then again, most people don't
31 return;
32 }
33
34 // there is/are URL(s). Let's split the string:
35 // Note: this regex is extremely permissive
36 $bits = preg_split('#((?:https?|ftp)://[^\s\'",<>()]+)#Su', $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
37
38
39 $token = array();
40
41 // $i = index
42 // $c = count
43 // $l = is link
44 for ($i = 0, $c = count($bits), $l = false; $i < $c; $i++, $l = !$l) {
45 if (!$l) {
46 if ($bits[$i] === '') {
47 continue;
48 }
49 $token[] = new HTMLPurifier_Token_Text($bits[$i]);
50 } else {
51 $token[] = new HTMLPurifier_Token_Start('a', array('href' => $bits[$i]));
52 $token[] = new HTMLPurifier_Token_Text($bits[$i]);
53 $token[] = new HTMLPurifier_Token_End('a');
54 }
55 }
56 }
57}
58
59// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php
new file mode 100644
index 00000000..d7dd7d97
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php
@@ -0,0 +1,71 @@
1<?php
2
3/**
4 * Injector that converts configuration directive syntax %Namespace.Directive
5 * to links
6 */
7class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector
8{
9 /**
10 * @type string
11 */
12 public $name = 'PurifierLinkify';
13
14 /**
15 * @type string
16 */
17 public $docURL;
18
19 /**
20 * @type array
21 */
22 public $needed = array('a' => array('href'));
23
24 /**
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return string
28 */
29 public function prepare($config, $context)
30 {
31 $this->docURL = $config->get('AutoFormat.PurifierLinkify.DocURL');
32 return parent::prepare($config, $context);
33 }
34
35 /**
36 * @param HTMLPurifier_Token $token
37 */
38 public function handleText(&$token)
39 {
40 if (!$this->allowsElement('a')) {
41 return;
42 }
43 if (strpos($token->data, '%') === false) {
44 return;
45 }
46
47 $bits = preg_split('#%([a-z0-9]+\.[a-z0-9]+)#Si', $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
48 $token = array();
49
50 // $i = index
51 // $c = count
52 // $l = is link
53 for ($i = 0, $c = count($bits), $l = false; $i < $c; $i++, $l = !$l) {
54 if (!$l) {
55 if ($bits[$i] === '') {
56 continue;
57 }
58 $token[] = new HTMLPurifier_Token_Text($bits[$i]);
59 } else {
60 $token[] = new HTMLPurifier_Token_Start(
61 'a',
62 array('href' => str_replace('%s', $bits[$i], $this->docURL))
63 );
64 $token[] = new HTMLPurifier_Token_Text('%' . $bits[$i]);
65 $token[] = new HTMLPurifier_Token_End('a');
66 }
67 }
68 }
69}
70
71// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php
new file mode 100644
index 00000000..55669d1c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php
@@ -0,0 +1,101 @@
1<?php
2
3class HTMLPurifier_Injector_RemoveEmpty extends HTMLPurifier_Injector
4{
5 /**
6 * @type HTMLPurifier_Context
7 */
8 private $context;
9
10 /**
11 * @type HTMLPurifier_Config
12 */
13 private $config;
14
15 /**
16 * @type HTMLPurifier_AttrValidator
17 */
18 private $attrValidator;
19
20 /**
21 * @type bool
22 */
23 private $removeNbsp;
24
25 /**
26 * @type bool
27 */
28 private $removeNbspExceptions;
29
30 /**
31 * @type array
32 * TODO: make me configurable
33 */
34 private $_exclude = array('colgroup' => 1, 'th' => 1, 'td' => 1, 'iframe' => 1);
35
36 /**
37 * @param HTMLPurifier_Config $config
38 * @param HTMLPurifier_Context $context
39 * @return void
40 */
41 public function prepare($config, $context)
42 {
43 parent::prepare($config, $context);
44 $this->config = $config;
45 $this->context = $context;
46 $this->removeNbsp = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp');
47 $this->removeNbspExceptions = $config->get('AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions');
48 $this->attrValidator = new HTMLPurifier_AttrValidator();
49 }
50
51 /**
52 * @param HTMLPurifier_Token $token
53 */
54 public function handleElement(&$token)
55 {
56 if (!$token instanceof HTMLPurifier_Token_Start) {
57 return;
58 }
59 $next = false;
60 $deleted = 1; // the current tag
61 for ($i = count($this->inputZipper->back) - 1; $i >= 0; $i--, $deleted++) {
62 $next = $this->inputZipper->back[$i];
63 if ($next instanceof HTMLPurifier_Token_Text) {
64 if ($next->is_whitespace) {
65 continue;
66 }
67 if ($this->removeNbsp && !isset($this->removeNbspExceptions[$token->name])) {
68 $plain = str_replace("\xC2\xA0", "", $next->data);
69 $isWsOrNbsp = $plain === '' || ctype_space($plain);
70 if ($isWsOrNbsp) {
71 continue;
72 }
73 }
74 }
75 break;
76 }
77 if (!$next || ($next instanceof HTMLPurifier_Token_End && $next->name == $token->name)) {
78 if (isset($this->_exclude[$token->name])) {
79 return;
80 }
81 $this->attrValidator->validateToken($token, $this->config, $this->context);
82 $token->armor['ValidateAttributes'] = true;
83 if (isset($token->attr['id']) || isset($token->attr['name'])) {
84 return;
85 }
86 $token = $deleted + 1;
87 for ($b = 0, $c = count($this->inputZipper->front); $b < $c; $b++) {
88 $prev = $this->inputZipper->front[$b];
89 if ($prev instanceof HTMLPurifier_Token_Text && $prev->is_whitespace) {
90 continue;
91 }
92 break;
93 }
94 // This is safe because we removed the token that triggered this.
95 $this->rewindOffset($b+$deleted);
96 return;
97 }
98 }
99}
100
101// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
new file mode 100644
index 00000000..270b7f82
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
@@ -0,0 +1,84 @@
1<?php
2
3/**
4 * Injector that removes spans with no attributes
5 */
6class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_Injector
7{
8 /**
9 * @type string
10 */
11 public $name = 'RemoveSpansWithoutAttributes';
12
13 /**
14 * @type array
15 */
16 public $needed = array('span');
17
18 /**
19 * @type HTMLPurifier_AttrValidator
20 */
21 private $attrValidator;
22
23 /**
24 * Used by AttrValidator.
25 * @type HTMLPurifier_Config
26 */
27 private $config;
28
29 /**
30 * @type HTMLPurifier_Context
31 */
32 private $context;
33
34 public function prepare($config, $context)
35 {
36 $this->attrValidator = new HTMLPurifier_AttrValidator();
37 $this->config = $config;
38 $this->context = $context;
39 return parent::prepare($config, $context);
40 }
41
42 /**
43 * @param HTMLPurifier_Token $token
44 */
45 public function handleElement(&$token)
46 {
47 if ($token->name !== 'span' || !$token instanceof HTMLPurifier_Token_Start) {
48 return;
49 }
50
51 // We need to validate the attributes now since this doesn't normally
52 // happen until after MakeWellFormed. If all the attributes are removed
53 // the span needs to be removed too.
54 $this->attrValidator->validateToken($token, $this->config, $this->context);
55 $token->armor['ValidateAttributes'] = true;
56
57 if (!empty($token->attr)) {
58 return;
59 }
60
61 $nesting = 0;
62 while ($this->forwardUntilEndToken($i, $current, $nesting)) {
63 }
64
65 if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
66 // Mark closing span tag for deletion
67 $current->markForDeletion = true;
68 // Delete open span tag
69 $token = false;
70 }
71 }
72
73 /**
74 * @param HTMLPurifier_Token $token
75 */
76 public function handleEnd(&$token)
77 {
78 if ($token->markForDeletion) {
79 $token = false;
80 }
81 }
82}
83
84// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
new file mode 100644
index 00000000..8450948c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
@@ -0,0 +1,121 @@
1<?php
2
3/**
4 * Adds important param elements to inside of object in order to make
5 * things safe.
6 */
7class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
8{
9 /**
10 * @type string
11 */
12 public $name = 'SafeObject';
13
14 /**
15 * @type array
16 */
17 public $needed = array('object', 'param');
18
19 /**
20 * @type array
21 */
22 protected $objectStack = array();
23
24 /**
25 * @type array
26 */
27 protected $paramStack = array();
28
29 /**
30 * Keep this synchronized with AttrTransform/SafeParam.php.
31 * @type array
32 */
33 protected $addParam = array(
34 'allowScriptAccess' => 'never',
35 'allowNetworking' => 'internal',
36 );
37
38 /**
39 * @type array
40 */
41 protected $allowedParam = array(
42 'wmode' => true,
43 'movie' => true,
44 'flashvars' => true,
45 'src' => true,
46 'allowFullScreen' => true, // if omitted, assume to be 'false'
47 );
48
49 /**
50 * @param HTMLPurifier_Config $config
51 * @param HTMLPurifier_Context $context
52 * @return void
53 */
54 public function prepare($config, $context)
55 {
56 parent::prepare($config, $context);
57 }
58
59 /**
60 * @param HTMLPurifier_Token $token
61 */
62 public function handleElement(&$token)
63 {
64 if ($token->name == 'object') {
65 $this->objectStack[] = $token;
66 $this->paramStack[] = array();
67 $new = array($token);
68 foreach ($this->addParam as $name => $value) {
69 $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
70 }
71 $token = $new;
72 } elseif ($token->name == 'param') {
73 $nest = count($this->currentNesting) - 1;
74 if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
75 $i = count($this->objectStack) - 1;
76 if (!isset($token->attr['name'])) {
77 $token = false;
78 return;
79 }
80 $n = $token->attr['name'];
81 // We need this fix because YouTube doesn't supply a data
82 // attribute, which we need if a type is specified. This is
83 // *very* Flash specific.
84 if (!isset($this->objectStack[$i]->attr['data']) &&
85 ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
86 ) {
87 $this->objectStack[$i]->attr['data'] = $token->attr['value'];
88 }
89 // Check if the parameter is the correct value but has not
90 // already been added
91 if (!isset($this->paramStack[$i][$n]) &&
92 isset($this->addParam[$n]) &&
93 $token->attr['name'] === $this->addParam[$n]) {
94 // keep token, and add to param stack
95 $this->paramStack[$i][$n] = true;
96 } elseif (isset($this->allowedParam[$n])) {
97 // keep token, don't do anything to it
98 // (could possibly check for duplicates here)
99 } else {
100 $token = false;
101 }
102 } else {
103 // not directly inside an object, DENY!
104 $token = false;
105 }
106 }
107 }
108
109 public function handleEnd(&$token)
110 {
111 // This is the WRONG way of handling the object and param stacks;
112 // we should be inserting them directly on the relevant object tokens
113 // so that the global stack handling handles it.
114 if ($token->name == 'object') {
115 array_pop($this->objectStack);
116 array_pop($this->paramStack);
117 }
118 }
119}
120
121// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Language.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language.php
new file mode 100644
index 00000000..35a13f78
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language.php
@@ -0,0 +1,204 @@
1<?php
2
3/**
4 * Represents a language and defines localizable string formatting and
5 * other functions, as well as the localized messages for HTML Purifier.
6 */
7class HTMLPurifier_Language
8{
9
10 /**
11 * ISO 639 language code of language. Prefers shortest possible version.
12 * @type string
13 */
14 public $code = 'en';
15
16 /**
17 * Fallback language code.
18 * @type bool|string
19 */
20 public $fallback = false;
21
22 /**
23 * Array of localizable messages.
24 * @type array
25 */
26 public $messages = array();
27
28 /**
29 * Array of localizable error codes.
30 * @type array
31 */
32 public $errorNames = array();
33
34 /**
35 * True if no message file was found for this language, so English
36 * is being used instead. Check this if you'd like to notify the
37 * user that they've used a non-supported language.
38 * @type bool
39 */
40 public $error = false;
41
42 /**
43 * Has the language object been loaded yet?
44 * @type bool
45 * @todo Make it private, fix usage in HTMLPurifier_LanguageTest
46 */
47 public $_loaded = false;
48
49 /**
50 * @type HTMLPurifier_Config
51 */
52 protected $config;
53
54 /**
55 * @type HTMLPurifier_Context
56 */
57 protected $context;
58
59 /**
60 * @param HTMLPurifier_Config $config
61 * @param HTMLPurifier_Context $context
62 */
63 public function __construct($config, $context)
64 {
65 $this->config = $config;
66 $this->context = $context;
67 }
68
69 /**
70 * Loads language object with necessary info from factory cache
71 * @note This is a lazy loader
72 */
73 public function load()
74 {
75 if ($this->_loaded) {
76 return;
77 }
78 $factory = HTMLPurifier_LanguageFactory::instance();
79 $factory->loadLanguage($this->code);
80 foreach ($factory->keys as $key) {
81 $this->$key = $factory->cache[$this->code][$key];
82 }
83 $this->_loaded = true;
84 }
85
86 /**
87 * Retrieves a localised message.
88 * @param string $key string identifier of message
89 * @return string localised message
90 */
91 public function getMessage($key)
92 {
93 if (!$this->_loaded) {
94 $this->load();
95 }
96 if (!isset($this->messages[$key])) {
97 return "[$key]";
98 }
99 return $this->messages[$key];
100 }
101
102 /**
103 * Retrieves a localised error name.
104 * @param int $int error number, corresponding to PHP's error reporting
105 * @return string localised message
106 */
107 public function getErrorName($int)
108 {
109 if (!$this->_loaded) {
110 $this->load();
111 }
112 if (!isset($this->errorNames[$int])) {
113 return "[Error: $int]";
114 }
115 return $this->errorNames[$int];
116 }
117
118 /**
119 * Converts an array list into a string readable representation
120 * @param array $array
121 * @return string
122 */
123 public function listify($array)
124 {
125 $sep = $this->getMessage('Item separator');
126 $sep_last = $this->getMessage('Item separator last');
127 $ret = '';
128 for ($i = 0, $c = count($array); $i < $c; $i++) {
129 if ($i == 0) {
130 } elseif ($i + 1 < $c) {
131 $ret .= $sep;
132 } else {
133 $ret .= $sep_last;
134 }
135 $ret .= $array[$i];
136 }
137 return $ret;
138 }
139
140 /**
141 * Formats a localised message with passed parameters
142 * @param string $key string identifier of message
143 * @param array $args Parameters to substitute in
144 * @return string localised message
145 * @todo Implement conditionals? Right now, some messages make
146 * reference to line numbers, but those aren't always available
147 */
148 public function formatMessage($key, $args = array())
149 {
150 if (!$this->_loaded) {
151 $this->load();
152 }
153 if (!isset($this->messages[$key])) {
154 return "[$key]";
155 }
156 $raw = $this->messages[$key];
157 $subst = array();
158 $generator = false;
159 foreach ($args as $i => $value) {
160 if (is_object($value)) {
161 if ($value instanceof HTMLPurifier_Token) {
162 // factor this out some time
163 if (!$generator) {
164 $generator = $this->context->get('Generator');
165 }
166 if (isset($value->name)) {
167 $subst['$'.$i.'.Name'] = $value->name;
168 }
169 if (isset($value->data)) {
170 $subst['$'.$i.'.Data'] = $value->data;
171 }
172 $subst['$'.$i.'.Compact'] =
173 $subst['$'.$i.'.Serialized'] = $generator->generateFromToken($value);
174 // a more complex algorithm for compact representation
175 // could be introduced for all types of tokens. This
176 // may need to be factored out into a dedicated class
177 if (!empty($value->attr)) {
178 $stripped_token = clone $value;
179 $stripped_token->attr = array();
180 $subst['$'.$i.'.Compact'] = $generator->generateFromToken($stripped_token);
181 }
182 $subst['$'.$i.'.Line'] = $value->line ? $value->line : 'unknown';
183 }
184 continue;
185 } elseif (is_array($value)) {
186 $keys = array_keys($value);
187 if (array_keys($keys) === $keys) {
188 // list
189 $subst['$'.$i] = $this->listify($value);
190 } else {
191 // associative array
192 // no $i implementation yet, sorry
193 $subst['$'.$i.'.Keys'] = $this->listify($keys);
194 $subst['$'.$i.'.Values'] = $this->listify(array_values($value));
195 }
196 continue;
197 }
198 $subst['$' . $i] = $value;
199 }
200 return strtr($raw, $subst);
201 }
202}
203
204// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php
new file mode 100644
index 00000000..a6f8d163
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php
@@ -0,0 +1,9 @@
1<?php
2
3// private class for unit testing
4
5class HTMLPurifier_Language_en_x_test extends HTMLPurifier_Language
6{
7}
8
9// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php
new file mode 100644
index 00000000..e6a174a0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php
@@ -0,0 +1,11 @@
1<?php
2
3// private language message file for unit testing purposes
4
5$fallback = 'en';
6
7$messages = array(
8 'HTMLPurifier' => 'HTML Purifier X'
9);
10
11// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php
new file mode 100644
index 00000000..ed8560fd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php
@@ -0,0 +1,12 @@
1<?php
2
3// private language message file for unit testing purposes
4// this language file has no class associated with it
5
6$fallback = 'en';
7
8$messages = array(
9 'HTMLPurifier' => 'HTML Purifier XNone'
10);
11
12// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en.php
new file mode 100644
index 00000000..1fa30bdf
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Language/messages/en.php
@@ -0,0 +1,55 @@
1<?php
2
3$fallback = false;
4
5$messages = array(
6
7 'HTMLPurifier' => 'HTML Purifier',
8// for unit testing purposes
9 'LanguageFactoryTest: Pizza' => 'Pizza',
10 'LanguageTest: List' => '$1',
11 'LanguageTest: Hash' => '$1.Keys; $1.Values',
12 'Item separator' => ', ',
13 'Item separator last' => ' and ', // non-Harvard style
14
15 'ErrorCollector: No errors' => 'No errors detected. However, because error reporting is still incomplete, there may have been errors that the error collector was not notified of; please inspect the output HTML carefully.',
16 'ErrorCollector: At line' => ' at line $line',
17 'ErrorCollector: Incidental errors' => 'Incidental errors',
18 'Lexer: Unclosed comment' => 'Unclosed comment',
19 'Lexer: Unescaped lt' => 'Unescaped less-than sign (<) should be &lt;',
20 'Lexer: Missing gt' => 'Missing greater-than sign (>), previous less-than sign (<) should be escaped',
21 'Lexer: Missing attribute key' => 'Attribute declaration has no key',
22 'Lexer: Missing end quote' => 'Attribute declaration has no end quote',
23 'Lexer: Extracted body' => 'Removed document metadata tags',
24 'Strategy_RemoveForeignElements: Tag transform' => '<$1> element transformed into $CurrentToken.Serialized',
25 'Strategy_RemoveForeignElements: Missing required attribute' => '$CurrentToken.Compact element missing required attribute $1',
26 'Strategy_RemoveForeignElements: Foreign element to text' => 'Unrecognized $CurrentToken.Serialized tag converted to text',
27 'Strategy_RemoveForeignElements: Foreign element removed' => 'Unrecognized $CurrentToken.Serialized tag removed',
28 'Strategy_RemoveForeignElements: Comment removed' => 'Comment containing "$CurrentToken.Data" removed',
29 'Strategy_RemoveForeignElements: Foreign meta element removed' => 'Unrecognized $CurrentToken.Serialized meta tag and all descendants removed',
30 'Strategy_RemoveForeignElements: Token removed to end' => 'Tags and text starting from $1 element where removed to end',
31 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed' => 'Trailing hyphen(s) in comment removed',
32 'Strategy_RemoveForeignElements: Hyphens in comment collapsed' => 'Double hyphens in comments are not allowed, and were collapsed into single hyphens',
33 'Strategy_MakeWellFormed: Unnecessary end tag removed' => 'Unnecessary $CurrentToken.Serialized tag removed',
34 'Strategy_MakeWellFormed: Unnecessary end tag to text' => 'Unnecessary $CurrentToken.Serialized tag converted to text',
35 'Strategy_MakeWellFormed: Tag auto closed' => '$1.Compact started on line $1.Line auto-closed by $CurrentToken.Compact',
36 'Strategy_MakeWellFormed: Tag carryover' => '$1.Compact started on line $1.Line auto-continued into $CurrentToken.Compact',
37 'Strategy_MakeWellFormed: Stray end tag removed' => 'Stray $CurrentToken.Serialized tag removed',
38 'Strategy_MakeWellFormed: Stray end tag to text' => 'Stray $CurrentToken.Serialized tag converted to text',
39 'Strategy_MakeWellFormed: Tag closed by element end' => '$1.Compact tag started on line $1.Line closed by end of $CurrentToken.Serialized',
40 'Strategy_MakeWellFormed: Tag closed by document end' => '$1.Compact tag started on line $1.Line closed by end of document',
41 'Strategy_FixNesting: Node removed' => '$CurrentToken.Compact node removed',
42 'Strategy_FixNesting: Node excluded' => '$CurrentToken.Compact node removed due to descendant exclusion by ancestor element',
43 'Strategy_FixNesting: Node reorganized' => 'Contents of $CurrentToken.Compact node reorganized to enforce its content model',
44 'Strategy_FixNesting: Node contents removed' => 'Contents of $CurrentToken.Compact node removed',
45 'AttrValidator: Attributes transformed' => 'Attributes on $CurrentToken.Compact transformed from $1.Keys to $2.Keys',
46 'AttrValidator: Attribute removed' => '$CurrentAttr.Name attribute on $CurrentToken.Compact removed',
47);
48
49$errorNames = array(
50 E_ERROR => 'Error',
51 E_WARNING => 'Warning',
52 E_NOTICE => 'Notice'
53);
54
55// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/LanguageFactory.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/LanguageFactory.php
new file mode 100644
index 00000000..e3e7a3b8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/LanguageFactory.php
@@ -0,0 +1,209 @@
1<?php
2
3/**
4 * Class responsible for generating HTMLPurifier_Language objects, managing
5 * caching and fallbacks.
6 * @note Thanks to MediaWiki for the general logic, although this version
7 * has been entirely rewritten
8 * @todo Serialized cache for languages
9 */
10class HTMLPurifier_LanguageFactory
11{
12
13 /**
14 * Cache of language code information used to load HTMLPurifier_Language objects.
15 * Structure is: $factory->cache[$language_code][$key] = $value
16 * @type array
17 */
18 public $cache;
19
20 /**
21 * Valid keys in the HTMLPurifier_Language object. Designates which
22 * variables to slurp out of a message file.
23 * @type array
24 */
25 public $keys = array('fallback', 'messages', 'errorNames');
26
27 /**
28 * Instance to validate language codes.
29 * @type HTMLPurifier_AttrDef_Lang
30 *
31 */
32 protected $validator;
33
34 /**
35 * Cached copy of dirname(__FILE__), directory of current file without
36 * trailing slash.
37 * @type string
38 */
39 protected $dir;
40
41 /**
42 * Keys whose contents are a hash map and can be merged.
43 * @type array
44 */
45 protected $mergeable_keys_map = array('messages' => true, 'errorNames' => true);
46
47 /**
48 * Keys whose contents are a list and can be merged.
49 * @value array lookup
50 */
51 protected $mergeable_keys_list = array();
52
53 /**
54 * Retrieve sole instance of the factory.
55 * @param HTMLPurifier_LanguageFactory $prototype Optional prototype to overload sole instance with,
56 * or bool true to reset to default factory.
57 * @return HTMLPurifier_LanguageFactory
58 */
59 public static function instance($prototype = null)
60 {
61 static $instance = null;
62 if ($prototype !== null) {
63 $instance = $prototype;
64 } elseif ($instance === null || $prototype == true) {
65 $instance = new HTMLPurifier_LanguageFactory();
66 $instance->setup();
67 }
68 return $instance;
69 }
70
71 /**
72 * Sets up the singleton, much like a constructor
73 * @note Prevents people from getting this outside of the singleton
74 */
75 public function setup()
76 {
77 $this->validator = new HTMLPurifier_AttrDef_Lang();
78 $this->dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier';
79 }
80
81 /**
82 * Creates a language object, handles class fallbacks
83 * @param HTMLPurifier_Config $config
84 * @param HTMLPurifier_Context $context
85 * @param bool|string $code Code to override configuration with. Private parameter.
86 * @return HTMLPurifier_Language
87 */
88 public function create($config, $context, $code = false)
89 {
90 // validate language code
91 if ($code === false) {
92 $code = $this->validator->validate(
93 $config->get('Core.Language'),
94 $config,
95 $context
96 );
97 } else {
98 $code = $this->validator->validate($code, $config, $context);
99 }
100 if ($code === false) {
101 $code = 'en'; // malformed code becomes English
102 }
103
104 $pcode = str_replace('-', '_', $code); // make valid PHP classname
105 static $depth = 0; // recursion protection
106
107 if ($code == 'en') {
108 $lang = new HTMLPurifier_Language($config, $context);
109 } else {
110 $class = 'HTMLPurifier_Language_' . $pcode;
111 $file = $this->dir . '/Language/classes/' . $code . '.php';
112 if (file_exists($file) || class_exists($class, false)) {
113 $lang = new $class($config, $context);
114 } else {
115 // Go fallback
116 $raw_fallback = $this->getFallbackFor($code);
117 $fallback = $raw_fallback ? $raw_fallback : 'en';
118 $depth++;
119 $lang = $this->create($config, $context, $fallback);
120 if (!$raw_fallback) {
121 $lang->error = true;
122 }
123 $depth--;
124 }
125 }
126 $lang->code = $code;
127 return $lang;
128 }
129
130 /**
131 * Returns the fallback language for language
132 * @note Loads the original language into cache
133 * @param string $code language code
134 * @return string|bool
135 */
136 public function getFallbackFor($code)
137 {
138 $this->loadLanguage($code);
139 return $this->cache[$code]['fallback'];
140 }
141
142 /**
143 * Loads language into the cache, handles message file and fallbacks
144 * @param string $code language code
145 */
146 public function loadLanguage($code)
147 {
148 static $languages_seen = array(); // recursion guard
149
150 // abort if we've already loaded it
151 if (isset($this->cache[$code])) {
152 return;
153 }
154
155 // generate filename
156 $filename = $this->dir . '/Language/messages/' . $code . '.php';
157
158 // default fallback : may be overwritten by the ensuing include
159 $fallback = ($code != 'en') ? 'en' : false;
160
161 // load primary localisation
162 if (!file_exists($filename)) {
163 // skip the include: will rely solely on fallback
164 $filename = $this->dir . '/Language/messages/en.php';
165 $cache = array();
166 } else {
167 include $filename;
168 $cache = compact($this->keys);
169 }
170
171 // load fallback localisation
172 if (!empty($fallback)) {
173
174 // infinite recursion guard
175 if (isset($languages_seen[$code])) {
176 trigger_error(
177 'Circular fallback reference in language ' .
178 $code,
179 E_USER_ERROR
180 );
181 $fallback = 'en';
182 }
183 $language_seen[$code] = true;
184
185 // load the fallback recursively
186 $this->loadLanguage($fallback);
187 $fallback_cache = $this->cache[$fallback];
188
189 // merge fallback with current language
190 foreach ($this->keys as $key) {
191 if (isset($cache[$key]) && isset($fallback_cache[$key])) {
192 if (isset($this->mergeable_keys_map[$key])) {
193 $cache[$key] = $cache[$key] + $fallback_cache[$key];
194 } elseif (isset($this->mergeable_keys_list[$key])) {
195 $cache[$key] = array_merge($fallback_cache[$key], $cache[$key]);
196 }
197 } else {
198 $cache[$key] = $fallback_cache[$key];
199 }
200 }
201 }
202
203 // save to cache for later retrieval
204 $this->cache[$code] = $cache;
205 return;
206 }
207}
208
209// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Length.php
new file mode 100644
index 00000000..149fcf4b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Length.php
@@ -0,0 +1,160 @@
1<?php
2
3/**
4 * Represents a measurable length, with a string numeric magnitude
5 * and a unit. This object is immutable.
6 */
7class HTMLPurifier_Length
8{
9
10 /**
11 * String numeric magnitude.
12 * @type string
13 */
14 protected $n;
15
16 /**
17 * String unit. False is permitted if $n = 0.
18 * @type string|bool
19 */
20 protected $unit;
21
22 /**
23 * Whether or not this length is valid. Null if not calculated yet.
24 * @type bool
25 */
26 protected $isValid;
27
28 /**
29 * Array Lookup array of units recognized by CSS 2.1
30 * @type array
31 */
32 protected static $allowedUnits = array(
33 'em' => true, 'ex' => true, 'px' => true, 'in' => true,
34 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
35 );
36
37 /**
38 * @param string $n Magnitude
39 * @param bool|string $u Unit
40 */
41 public function __construct($n = '0', $u = false)
42 {
43 $this->n = (string) $n;
44 $this->unit = $u !== false ? (string) $u : false;
45 }
46
47 /**
48 * @param string $s Unit string, like '2em' or '3.4in'
49 * @return HTMLPurifier_Length
50 * @warning Does not perform validation.
51 */
52 public static function make($s)
53 {
54 if ($s instanceof HTMLPurifier_Length) {
55 return $s;
56 }
57 $n_length = strspn($s, '1234567890.+-');
58 $n = substr($s, 0, $n_length);
59 $unit = substr($s, $n_length);
60 if ($unit === '') {
61 $unit = false;
62 }
63 return new HTMLPurifier_Length($n, $unit);
64 }
65
66 /**
67 * Validates the number and unit.
68 * @return bool
69 */
70 protected function validate()
71 {
72 // Special case:
73 if ($this->n === '+0' || $this->n === '-0') {
74 $this->n = '0';
75 }
76 if ($this->n === '0' && $this->unit === false) {
77 return true;
78 }
79 if (!ctype_lower($this->unit)) {
80 $this->unit = strtolower($this->unit);
81 }
82 if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {
83 return false;
84 }
85 // Hack:
86 $def = new HTMLPurifier_AttrDef_CSS_Number();
87 $result = $def->validate($this->n, false, false);
88 if ($result === false) {
89 return false;
90 }
91 $this->n = $result;
92 return true;
93 }
94
95 /**
96 * Returns string representation of number.
97 * @return string
98 */
99 public function toString()
100 {
101 if (!$this->isValid()) {
102 return false;
103 }
104 return $this->n . $this->unit;
105 }
106
107 /**
108 * Retrieves string numeric magnitude.
109 * @return string
110 */
111 public function getN()
112 {
113 return $this->n;
114 }
115
116 /**
117 * Retrieves string unit.
118 * @return string
119 */
120 public function getUnit()
121 {
122 return $this->unit;
123 }
124
125 /**
126 * Returns true if this length unit is valid.
127 * @return bool
128 */
129 public function isValid()
130 {
131 if ($this->isValid === null) {
132 $this->isValid = $this->validate();
133 }
134 return $this->isValid;
135 }
136
137 /**
138 * Compares two lengths, and returns 1 if greater, -1 if less and 0 if equal.
139 * @param HTMLPurifier_Length $l
140 * @return int
141 * @warning If both values are too large or small, this calculation will
142 * not work properly
143 */
144 public function compareTo($l)
145 {
146 if ($l === false) {
147 return false;
148 }
149 if ($l->unit !== $this->unit) {
150 $converter = new HTMLPurifier_UnitConverter();
151 $l = $converter->convert($l, $this->unit);
152 if ($l === false) {
153 return false;
154 }
155 }
156 return $this->n - $l->n;
157 }
158}
159
160// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer.php
new file mode 100644
index 00000000..2a9a9d62
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer.php
@@ -0,0 +1,357 @@
1<?php
2
3/**
4 * Forgivingly lexes HTML (SGML-style) markup into tokens.
5 *
6 * A lexer parses a string of SGML-style markup and converts them into
7 * corresponding tokens. It doesn't check for well-formedness, although its
8 * internal mechanism may make this automatic (such as the case of
9 * HTMLPurifier_Lexer_DOMLex). There are several implementations to choose
10 * from.
11 *
12 * A lexer is HTML-oriented: it might work with XML, but it's not
13 * recommended, as we adhere to a subset of the specification for optimization
14 * reasons. This might change in the future. Also, most tokenizers are not
15 * expected to handle DTDs or PIs.
16 *
17 * This class should not be directly instantiated, but you may use create() to
18 * retrieve a default copy of the lexer. Being a supertype, this class
19 * does not actually define any implementation, but offers commonly used
20 * convenience functions for subclasses.
21 *
22 * @note The unit tests will instantiate this class for testing purposes, as
23 * many of the utility functions require a class to be instantiated.
24 * This means that, even though this class is not runnable, it will
25 * not be declared abstract.
26 *
27 * @par
28 *
29 * @note
30 * We use tokens rather than create a DOM representation because DOM would:
31 *
32 * @par
33 * -# Require more processing and memory to create,
34 * -# Is not streamable, and
35 * -# Has the entire document structure (html and body not needed).
36 *
37 * @par
38 * However, DOM is helpful in that it makes it easy to move around nodes
39 * without a lot of lookaheads to see when a tag is closed. This is a
40 * limitation of the token system and some workarounds would be nice.
41 */
42class HTMLPurifier_Lexer
43{
44
45 /**
46 * Whether or not this lexer implements line-number/column-number tracking.
47 * If it does, set to true.
48 */
49 public $tracksLineNumbers = false;
50
51 // -- STATIC ----------------------------------------------------------
52
53 /**
54 * Retrieves or sets the default Lexer as a Prototype Factory.
55 *
56 * By default HTMLPurifier_Lexer_DOMLex will be returned. There are
57 * a few exceptions involving special features that only DirectLex
58 * implements.
59 *
60 * @note The behavior of this class has changed, rather than accepting
61 * a prototype object, it now accepts a configuration object.
62 * To specify your own prototype, set %Core.LexerImpl to it.
63 * This change in behavior de-singletonizes the lexer object.
64 *
65 * @param HTMLPurifier_Config $config
66 * @return HTMLPurifier_Lexer
67 * @throws HTMLPurifier_Exception
68 */
69 public static function create($config)
70 {
71 if (!($config instanceof HTMLPurifier_Config)) {
72 $lexer = $config;
73 trigger_error(
74 "Passing a prototype to
75 HTMLPurifier_Lexer::create() is deprecated, please instead
76 use %Core.LexerImpl",
77 E_USER_WARNING
78 );
79 } else {
80 $lexer = $config->get('Core.LexerImpl');
81 }
82
83 $needs_tracking =
84 $config->get('Core.MaintainLineNumbers') ||
85 $config->get('Core.CollectErrors');
86
87 $inst = null;
88 if (is_object($lexer)) {
89 $inst = $lexer;
90 } else {
91 if (is_null($lexer)) {
92 do {
93 // auto-detection algorithm
94 if ($needs_tracking) {
95 $lexer = 'DirectLex';
96 break;
97 }
98
99 if (class_exists('DOMDocument') &&
100 method_exists('DOMDocument', 'loadHTML') &&
101 !extension_loaded('domxml')
102 ) {
103 // check for DOM support, because while it's part of the
104 // core, it can be disabled compile time. Also, the PECL
105 // domxml extension overrides the default DOM, and is evil
106 // and nasty and we shan't bother to support it
107 $lexer = 'DOMLex';
108 } else {
109 $lexer = 'DirectLex';
110 }
111 } while (0);
112 } // do..while so we can break
113
114 // instantiate recognized string names
115 switch ($lexer) {
116 case 'DOMLex':
117 $inst = new HTMLPurifier_Lexer_DOMLex();
118 break;
119 case 'DirectLex':
120 $inst = new HTMLPurifier_Lexer_DirectLex();
121 break;
122 case 'PH5P':
123 $inst = new HTMLPurifier_Lexer_PH5P();
124 break;
125 default:
126 throw new HTMLPurifier_Exception(
127 "Cannot instantiate unrecognized Lexer type " .
128 htmlspecialchars($lexer)
129 );
130 }
131 }
132
133 if (!$inst) {
134 throw new HTMLPurifier_Exception('No lexer was instantiated');
135 }
136
137 // once PHP DOM implements native line numbers, or we
138 // hack out something using XSLT, remove this stipulation
139 if ($needs_tracking && !$inst->tracksLineNumbers) {
140 throw new HTMLPurifier_Exception(
141 'Cannot use lexer that does not support line numbers with ' .
142 'Core.MaintainLineNumbers or Core.CollectErrors (use DirectLex instead)'
143 );
144 }
145
146 return $inst;
147
148 }
149
150 // -- CONVENIENCE MEMBERS ---------------------------------------------
151
152 public function __construct()
153 {
154 $this->_entity_parser = new HTMLPurifier_EntityParser();
155 }
156
157 /**
158 * Most common entity to raw value conversion table for special entities.
159 * @type array
160 */
161 protected $_special_entity2str =
162 array(
163 '&quot;' => '"',
164 '&amp;' => '&',
165 '&lt;' => '<',
166 '&gt;' => '>',
167 '&#39;' => "'",
168 '&#039;' => "'",
169 '&#x27;' => "'"
170 );
171
172 /**
173 * Parses special entities into the proper characters.
174 *
175 * This string will translate escaped versions of the special characters
176 * into the correct ones.
177 *
178 * @warning
179 * You should be able to treat the output of this function as
180 * completely parsed, but that's only because all other entities should
181 * have been handled previously in substituteNonSpecialEntities()
182 *
183 * @param string $string String character data to be parsed.
184 * @return string Parsed character data.
185 */
186 public function parseData($string)
187 {
188 // following functions require at least one character
189 if ($string === '') {
190 return '';
191 }
192
193 // subtracts amps that cannot possibly be escaped
194 $num_amp = substr_count($string, '&') - substr_count($string, '& ') -
195 ($string[strlen($string) - 1] === '&' ? 1 : 0);
196
197 if (!$num_amp) {
198 return $string;
199 } // abort if no entities
200 $num_esc_amp = substr_count($string, '&amp;');
201 $string = strtr($string, $this->_special_entity2str);
202
203 // code duplication for sake of optimization, see above
204 $num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
205 ($string[strlen($string) - 1] === '&' ? 1 : 0);
206
207 if ($num_amp_2 <= $num_esc_amp) {
208 return $string;
209 }
210
211 // hmm... now we have some uncommon entities. Use the callback.
212 $string = $this->_entity_parser->substituteSpecialEntities($string);
213 return $string;
214 }
215
216 /**
217 * Lexes an HTML string into tokens.
218 * @param $string String HTML.
219 * @param HTMLPurifier_Config $config
220 * @param HTMLPurifier_Context $context
221 * @return HTMLPurifier_Token[] array representation of HTML.
222 */
223 public function tokenizeHTML($string, $config, $context)
224 {
225 trigger_error('Call to abstract class', E_USER_ERROR);
226 }
227
228 /**
229 * Translates CDATA sections into regular sections (through escaping).
230 * @param string $string HTML string to process.
231 * @return string HTML with CDATA sections escaped.
232 */
233 protected static function escapeCDATA($string)
234 {
235 return preg_replace_callback(
236 '/<!\[CDATA\[(.+?)\]\]>/s',
237 array('HTMLPurifier_Lexer', 'CDATACallback'),
238 $string
239 );
240 }
241
242 /**
243 * Special CDATA case that is especially convoluted for <script>
244 * @param string $string HTML string to process.
245 * @return string HTML with CDATA sections escaped.
246 */
247 protected static function escapeCommentedCDATA($string)
248 {
249 return preg_replace_callback(
250 '#<!--//--><!\[CDATA\[//><!--(.+?)//--><!\]\]>#s',
251 array('HTMLPurifier_Lexer', 'CDATACallback'),
252 $string
253 );
254 }
255
256 /**
257 * Special Internet Explorer conditional comments should be removed.
258 * @param string $string HTML string to process.
259 * @return string HTML with conditional comments removed.
260 */
261 protected static function removeIEConditional($string)
262 {
263 return preg_replace(
264 '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
265 '',
266 $string
267 );
268 }
269
270 /**
271 * Callback function for escapeCDATA() that does the work.
272 *
273 * @warning Though this is public in order to let the callback happen,
274 * calling it directly is not recommended.
275 * @param array $matches PCRE matches array, with index 0 the entire match
276 * and 1 the inside of the CDATA section.
277 * @return string Escaped internals of the CDATA section.
278 */
279 protected static function CDATACallback($matches)
280 {
281 // not exactly sure why the character set is needed, but whatever
282 return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
283 }
284
285 /**
286 * Takes a piece of HTML and normalizes it by converting entities, fixing
287 * encoding, extracting bits, and other good stuff.
288 * @param string $html HTML.
289 * @param HTMLPurifier_Config $config
290 * @param HTMLPurifier_Context $context
291 * @return string
292 * @todo Consider making protected
293 */
294 public function normalize($html, $config, $context)
295 {
296 // normalize newlines to \n
297 if ($config->get('Core.NormalizeNewlines')) {
298 $html = str_replace("\r\n", "\n", $html);
299 $html = str_replace("\r", "\n", $html);
300 }
301
302 if ($config->get('HTML.Trusted')) {
303 // escape convoluted CDATA
304 $html = $this->escapeCommentedCDATA($html);
305 }
306
307 // escape CDATA
308 $html = $this->escapeCDATA($html);
309
310 $html = $this->removeIEConditional($html);
311
312 // extract body from document if applicable
313 if ($config->get('Core.ConvertDocumentToFragment')) {
314 $e = false;
315 if ($config->get('Core.CollectErrors')) {
316 $e =& $context->get('ErrorCollector');
317 }
318 $new_html = $this->extractBody($html);
319 if ($e && $new_html != $html) {
320 $e->send(E_WARNING, 'Lexer: Extracted body');
321 }
322 $html = $new_html;
323 }
324
325 // expand entities that aren't the big five
326 $html = $this->_entity_parser->substituteNonSpecialEntities($html);
327
328 // clean into wellformed UTF-8 string for an SGML context: this has
329 // to be done after entity expansion because the entities sometimes
330 // represent non-SGML characters (horror, horror!)
331 $html = HTMLPurifier_Encoder::cleanUTF8($html);
332
333 // if processing instructions are to removed, remove them now
334 if ($config->get('Core.RemoveProcessingInstructions')) {
335 $html = preg_replace('#<\?.+?\?>#s', '', $html);
336 }
337
338 return $html;
339 }
340
341 /**
342 * Takes a string of HTML (fragment or document) and returns the content
343 * @todo Consider making protected
344 */
345 public function extractBody($html)
346 {
347 $matches = array();
348 $result = preg_match('!<body[^>]*>(.*)</body>!is', $html, $matches);
349 if ($result) {
350 return $matches[1];
351 } else {
352 return $html;
353 }
354 }
355}
356
357// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php
new file mode 100644
index 00000000..b13e6c55
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php
@@ -0,0 +1,280 @@
1<?php
2
3/**
4 * Parser that uses PHP 5's DOM extension (part of the core).
5 *
6 * In PHP 5, the DOM XML extension was revamped into DOM and added to the core.
7 * It gives us a forgiving HTML parser, which we use to transform the HTML
8 * into a DOM, and then into the tokens. It is blazingly fast (for large
9 * documents, it performs twenty times faster than
10 * HTMLPurifier_Lexer_DirectLex,and is the default choice for PHP 5.
11 *
12 * @note Any empty elements will have empty tokens associated with them, even if
13 * this is prohibited by the spec. This is cannot be fixed until the spec
14 * comes into play.
15 *
16 * @note PHP's DOM extension does not actually parse any entities, we use
17 * our own function to do that.
18 *
19 * @warning DOM tends to drop whitespace, which may wreak havoc on indenting.
20 * If this is a huge problem, due to the fact that HTML is hand
21 * edited and you are unable to get a parser cache that caches the
22 * the output of HTML Purifier while keeping the original HTML lying
23 * around, you may want to run Tidy on the resulting output or use
24 * HTMLPurifier_DirectLex
25 */
26
27class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
28{
29
30 /**
31 * @type HTMLPurifier_TokenFactory
32 */
33 private $factory;
34
35 public function __construct()
36 {
37 // setup the factory
38 parent::__construct();
39 $this->factory = new HTMLPurifier_TokenFactory();
40 }
41
42 /**
43 * @param string $html
44 * @param HTMLPurifier_Config $config
45 * @param HTMLPurifier_Context $context
46 * @return HTMLPurifier_Token[]
47 */
48 public function tokenizeHTML($html, $config, $context)
49 {
50 $html = $this->normalize($html, $config, $context);
51
52 // attempt to armor stray angled brackets that cannot possibly
53 // form tags and thus are probably being used as emoticons
54 if ($config->get('Core.AggressivelyFixLt')) {
55 $char = '[^a-z!\/]';
56 $comment = "/<!--(.*?)(-->|\z)/is";
57 $html = preg_replace_callback($comment, array($this, 'callbackArmorCommentEntities'), $html);
58 do {
59 $old = $html;
60 $html = preg_replace("/<($char)/i", '&lt;\\1', $html);
61 } while ($html !== $old);
62 $html = preg_replace_callback($comment, array($this, 'callbackUndoCommentSubst'), $html); // fix comments
63 }
64
65 // preprocess html, essential for UTF-8
66 $html = $this->wrapHTML($html, $config, $context);
67
68 $doc = new DOMDocument();
69 $doc->encoding = 'UTF-8'; // theoretically, the above has this covered
70
71 set_error_handler(array($this, 'muteErrorHandler'));
72 $doc->loadHTML($html);
73 restore_error_handler();
74
75 $tokens = array();
76 $this->tokenizeDOM(
77 $doc->getElementsByTagName('html')->item(0)-> // <html>
78 getElementsByTagName('body')->item(0)-> // <body>
79 getElementsByTagName('div')->item(0), // <div>
80 $tokens
81 );
82 return $tokens;
83 }
84
85 /**
86 * Iterative function that tokenizes a node, putting it into an accumulator.
87 * To iterate is human, to recurse divine - L. Peter Deutsch
88 * @param DOMNode $node DOMNode to be tokenized.
89 * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens.
90 * @return HTMLPurifier_Token of node appended to previously passed tokens.
91 */
92 protected function tokenizeDOM($node, &$tokens)
93 {
94 $level = 0;
95 $nodes = array($level => new HTMLPurifier_Queue(array($node)));
96 $closingNodes = array();
97 do {
98 while (!$nodes[$level]->isEmpty()) {
99 $node = $nodes[$level]->shift(); // FIFO
100 $collect = $level > 0 ? true : false;
101 $needEndingTag = $this->createStartNode($node, $tokens, $collect);
102 if ($needEndingTag) {
103 $closingNodes[$level][] = $node;
104 }
105 if ($node->childNodes && $node->childNodes->length) {
106 $level++;
107 $nodes[$level] = new HTMLPurifier_Queue();
108 foreach ($node->childNodes as $childNode) {
109 $nodes[$level]->push($childNode);
110 }
111 }
112 }
113 $level--;
114 if ($level && isset($closingNodes[$level])) {
115 while ($node = array_pop($closingNodes[$level])) {
116 $this->createEndNode($node, $tokens);
117 }
118 }
119 } while ($level > 0);
120 }
121
122 /**
123 * @param DOMNode $node DOMNode to be tokenized.
124 * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens.
125 * @param bool $collect Says whether or start and close are collected, set to
126 * false at first recursion because it's the implicit DIV
127 * tag you're dealing with.
128 * @return bool if the token needs an endtoken
129 * @todo data and tagName properties don't seem to exist in DOMNode?
130 */
131 protected function createStartNode($node, &$tokens, $collect)
132 {
133 // intercept non element nodes. WE MUST catch all of them,
134 // but we're not getting the character reference nodes because
135 // those should have been preprocessed
136 if ($node->nodeType === XML_TEXT_NODE) {
137 $tokens[] = $this->factory->createText($node->data);
138 return false;
139 } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) {
140 // undo libxml's special treatment of <script> and <style> tags
141 $last = end($tokens);
142 $data = $node->data;
143 // (note $node->tagname is already normalized)
144 if ($last instanceof HTMLPurifier_Token_Start && ($last->name == 'script' || $last->name == 'style')) {
145 $new_data = trim($data);
146 if (substr($new_data, 0, 4) === '<!--') {
147 $data = substr($new_data, 4);
148 if (substr($data, -3) === '-->') {
149 $data = substr($data, 0, -3);
150 } else {
151 // Highly suspicious! Not sure what to do...
152 }
153 }
154 }
155 $tokens[] = $this->factory->createText($this->parseData($data));
156 return false;
157 } elseif ($node->nodeType === XML_COMMENT_NODE) {
158 // this is code is only invoked for comments in script/style in versions
159 // of libxml pre-2.6.28 (regular comments, of course, are still
160 // handled regularly)
161 $tokens[] = $this->factory->createComment($node->data);
162 return false;
163 } elseif ($node->nodeType !== XML_ELEMENT_NODE) {
164 // not-well tested: there may be other nodes we have to grab
165 return false;
166 }
167
168 $attr = $node->hasAttributes() ? $this->transformAttrToAssoc($node->attributes) : array();
169
170 // We still have to make sure that the element actually IS empty
171 if (!$node->childNodes->length) {
172 if ($collect) {
173 $tokens[] = $this->factory->createEmpty($node->tagName, $attr);
174 }
175 return false;
176 } else {
177 if ($collect) {
178 $tokens[] = $this->factory->createStart(
179 $tag_name = $node->tagName, // somehow, it get's dropped
180 $attr
181 );
182 }
183 return true;
184 }
185 }
186
187 /**
188 * @param DOMNode $node
189 * @param HTMLPurifier_Token[] $tokens
190 */
191 protected function createEndNode($node, &$tokens)
192 {
193 $tokens[] = $this->factory->createEnd($node->tagName);
194 }
195
196
197 /**
198 * Converts a DOMNamedNodeMap of DOMAttr objects into an assoc array.
199 *
200 * @param DOMNamedNodeMap $node_map DOMNamedNodeMap of DOMAttr objects.
201 * @return array Associative array of attributes.
202 */
203 protected function transformAttrToAssoc($node_map)
204 {
205 // NamedNodeMap is documented very well, so we're using undocumented
206 // features, namely, the fact that it implements Iterator and
207 // has a ->length attribute
208 if ($node_map->length === 0) {
209 return array();
210 }
211 $array = array();
212 foreach ($node_map as $attr) {
213 $array[$attr->name] = $attr->value;
214 }
215 return $array;
216 }
217
218 /**
219 * An error handler that mutes all errors
220 * @param int $errno
221 * @param string $errstr
222 */
223 public function muteErrorHandler($errno, $errstr)
224 {
225 }
226
227 /**
228 * Callback function for undoing escaping of stray angled brackets
229 * in comments
230 * @param array $matches
231 * @return string
232 */
233 public function callbackUndoCommentSubst($matches)
234 {
235 return '<!--' . strtr($matches[1], array('&amp;' => '&', '&lt;' => '<')) . $matches[2];
236 }
237
238 /**
239 * Callback function that entity-izes ampersands in comments so that
240 * callbackUndoCommentSubst doesn't clobber them
241 * @param array $matches
242 * @return string
243 */
244 public function callbackArmorCommentEntities($matches)
245 {
246 return '<!--' . str_replace('&', '&amp;', $matches[1]) . $matches[2];
247 }
248
249 /**
250 * Wraps an HTML fragment in the necessary HTML
251 * @param string $html
252 * @param HTMLPurifier_Config $config
253 * @param HTMLPurifier_Context $context
254 * @return string
255 */
256 protected function wrapHTML($html, $config, $context)
257 {
258 $def = $config->getDefinition('HTML');
259 $ret = '';
260
261 if (!empty($def->doctype->dtdPublic) || !empty($def->doctype->dtdSystem)) {
262 $ret .= '<!DOCTYPE html ';
263 if (!empty($def->doctype->dtdPublic)) {
264 $ret .= 'PUBLIC "' . $def->doctype->dtdPublic . '" ';
265 }
266 if (!empty($def->doctype->dtdSystem)) {
267 $ret .= '"' . $def->doctype->dtdSystem . '" ';
268 }
269 $ret .= '>';
270 }
271
272 $ret .= '<html><head>';
273 $ret .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
274 // No protection if $html contains a stray </div>!
275 $ret .= '</head><body><div>' . $html . '</div></body></html>';
276 return $ret;
277 }
278}
279
280// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php
new file mode 100644
index 00000000..a07f4973
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php
@@ -0,0 +1,539 @@
1<?php
2
3/**
4 * Our in-house implementation of a parser.
5 *
6 * A pure PHP parser, DirectLex has absolutely no dependencies, making
7 * it a reasonably good default for PHP4. Written with efficiency in mind,
8 * it can be four times faster than HTMLPurifier_Lexer_PEARSax3, although it
9 * pales in comparison to HTMLPurifier_Lexer_DOMLex.
10 *
11 * @todo Reread XML spec and document differences.
12 */
13class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
14{
15 /**
16 * @type bool
17 */
18 public $tracksLineNumbers = true;
19
20 /**
21 * Whitespace characters for str(c)spn.
22 * @type string
23 */
24 protected $_whitespace = "\x20\x09\x0D\x0A";
25
26 /**
27 * Callback function for script CDATA fudge
28 * @param array $matches, in form of array(opening tag, contents, closing tag)
29 * @return string
30 */
31 protected function scriptCallback($matches)
32 {
33 return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
34 }
35
36 /**
37 * @param String $html
38 * @param HTMLPurifier_Config $config
39 * @param HTMLPurifier_Context $context
40 * @return array|HTMLPurifier_Token[]
41 */
42 public function tokenizeHTML($html, $config, $context)
43 {
44 // special normalization for script tags without any armor
45 // our "armor" heurstic is a < sign any number of whitespaces after
46 // the first script tag
47 if ($config->get('HTML.Trusted')) {
48 $html = preg_replace_callback(
49 '#(<script[^>]*>)(\s*[^<].+?)(</script>)#si',
50 array($this, 'scriptCallback'),
51 $html
52 );
53 }
54
55 $html = $this->normalize($html, $config, $context);
56
57 $cursor = 0; // our location in the text
58 $inside_tag = false; // whether or not we're parsing the inside of a tag
59 $array = array(); // result array
60
61 // This is also treated to mean maintain *column* numbers too
62 $maintain_line_numbers = $config->get('Core.MaintainLineNumbers');
63
64 if ($maintain_line_numbers === null) {
65 // automatically determine line numbering by checking
66 // if error collection is on
67 $maintain_line_numbers = $config->get('Core.CollectErrors');
68 }
69
70 if ($maintain_line_numbers) {
71 $current_line = 1;
72 $current_col = 0;
73 $length = strlen($html);
74 } else {
75 $current_line = false;
76 $current_col = false;
77 $length = false;
78 }
79 $context->register('CurrentLine', $current_line);
80 $context->register('CurrentCol', $current_col);
81 $nl = "\n";
82 // how often to manually recalculate. This will ALWAYS be right,
83 // but it's pretty wasteful. Set to 0 to turn off
84 $synchronize_interval = $config->get('Core.DirectLexLineNumberSyncInterval');
85
86 $e = false;
87 if ($config->get('Core.CollectErrors')) {
88 $e =& $context->get('ErrorCollector');
89 }
90
91 // for testing synchronization
92 $loops = 0;
93
94 while (++$loops) {
95 // $cursor is either at the start of a token, or inside of
96 // a tag (i.e. there was a < immediately before it), as indicated
97 // by $inside_tag
98
99 if ($maintain_line_numbers) {
100 // $rcursor, however, is always at the start of a token.
101 $rcursor = $cursor - (int)$inside_tag;
102
103 // Column number is cheap, so we calculate it every round.
104 // We're interested at the *end* of the newline string, so
105 // we need to add strlen($nl) == 1 to $nl_pos before subtracting it
106 // from our "rcursor" position.
107 $nl_pos = strrpos($html, $nl, $rcursor - $length);
108 $current_col = $rcursor - (is_bool($nl_pos) ? 0 : $nl_pos + 1);
109
110 // recalculate lines
111 if ($synchronize_interval && // synchronization is on
112 $cursor > 0 && // cursor is further than zero
113 $loops % $synchronize_interval === 0) { // time to synchronize!
114 $current_line = 1 + $this->substrCount($html, $nl, 0, $cursor);
115 }
116 }
117
118 $position_next_lt = strpos($html, '<', $cursor);
119 $position_next_gt = strpos($html, '>', $cursor);
120
121 // triggers on "<b>asdf</b>" but not "asdf <b></b>"
122 // special case to set up context
123 if ($position_next_lt === $cursor) {
124 $inside_tag = true;
125 $cursor++;
126 }
127
128 if (!$inside_tag && $position_next_lt !== false) {
129 // We are not inside tag and there still is another tag to parse
130 $token = new
131 HTMLPurifier_Token_Text(
132 $this->parseData(
133 substr(
134 $html,
135 $cursor,
136 $position_next_lt - $cursor
137 )
138 )
139 );
140 if ($maintain_line_numbers) {
141 $token->rawPosition($current_line, $current_col);
142 $current_line += $this->substrCount($html, $nl, $cursor, $position_next_lt - $cursor);
143 }
144 $array[] = $token;
145 $cursor = $position_next_lt + 1;
146 $inside_tag = true;
147 continue;
148 } elseif (!$inside_tag) {
149 // We are not inside tag but there are no more tags
150 // If we're already at the end, break
151 if ($cursor === strlen($html)) {
152 break;
153 }
154 // Create Text of rest of string
155 $token = new
156 HTMLPurifier_Token_Text(
157 $this->parseData(
158 substr(
159 $html,
160 $cursor
161 )
162 )
163 );
164 if ($maintain_line_numbers) {
165 $token->rawPosition($current_line, $current_col);
166 }
167 $array[] = $token;
168 break;
169 } elseif ($inside_tag && $position_next_gt !== false) {
170 // We are in tag and it is well formed
171 // Grab the internals of the tag
172 $strlen_segment = $position_next_gt - $cursor;
173
174 if ($strlen_segment < 1) {
175 // there's nothing to process!
176 $token = new HTMLPurifier_Token_Text('<');
177 $cursor++;
178 continue;
179 }
180
181 $segment = substr($html, $cursor, $strlen_segment);
182
183 if ($segment === false) {
184 // somehow, we attempted to access beyond the end of
185 // the string, defense-in-depth, reported by Nate Abele
186 break;
187 }
188
189 // Check if it's a comment
190 if (substr($segment, 0, 3) === '!--') {
191 // re-determine segment length, looking for -->
192 $position_comment_end = strpos($html, '-->', $cursor);
193 if ($position_comment_end === false) {
194 // uh oh, we have a comment that extends to
195 // infinity. Can't be helped: set comment
196 // end position to end of string
197 if ($e) {
198 $e->send(E_WARNING, 'Lexer: Unclosed comment');
199 }
200 $position_comment_end = strlen($html);
201 $end = true;
202 } else {
203 $end = false;
204 }
205 $strlen_segment = $position_comment_end - $cursor;
206 $segment = substr($html, $cursor, $strlen_segment);
207 $token = new
208 HTMLPurifier_Token_Comment(
209 substr(
210 $segment,
211 3,
212 $strlen_segment - 3
213 )
214 );
215 if ($maintain_line_numbers) {
216 $token->rawPosition($current_line, $current_col);
217 $current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment);
218 }
219 $array[] = $token;
220 $cursor = $end ? $position_comment_end : $position_comment_end + 3;
221 $inside_tag = false;
222 continue;
223 }
224
225 // Check if it's an end tag
226 $is_end_tag = (strpos($segment, '/') === 0);
227 if ($is_end_tag) {
228 $type = substr($segment, 1);
229 $token = new HTMLPurifier_Token_End($type);
230 if ($maintain_line_numbers) {
231 $token->rawPosition($current_line, $current_col);
232 $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
233 }
234 $array[] = $token;
235 $inside_tag = false;
236 $cursor = $position_next_gt + 1;
237 continue;
238 }
239
240 // Check leading character is alnum, if not, we may
241 // have accidently grabbed an emoticon. Translate into
242 // text and go our merry way
243 if (!ctype_alpha($segment[0])) {
244 // XML: $segment[0] !== '_' && $segment[0] !== ':'
245 if ($e) {
246 $e->send(E_NOTICE, 'Lexer: Unescaped lt');
247 }
248 $token = new HTMLPurifier_Token_Text('<');
249 if ($maintain_line_numbers) {
250 $token->rawPosition($current_line, $current_col);
251 $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
252 }
253 $array[] = $token;
254 $inside_tag = false;
255 continue;
256 }
257
258 // Check if it is explicitly self closing, if so, remove
259 // trailing slash. Remember, we could have a tag like <br>, so
260 // any later token processing scripts must convert improperly
261 // classified EmptyTags from StartTags.
262 $is_self_closing = (strrpos($segment, '/') === $strlen_segment - 1);
263 if ($is_self_closing) {
264 $strlen_segment--;
265 $segment = substr($segment, 0, $strlen_segment);
266 }
267
268 // Check if there are any attributes
269 $position_first_space = strcspn($segment, $this->_whitespace);
270
271 if ($position_first_space >= $strlen_segment) {
272 if ($is_self_closing) {
273 $token = new HTMLPurifier_Token_Empty($segment);
274 } else {
275 $token = new HTMLPurifier_Token_Start($segment);
276 }
277 if ($maintain_line_numbers) {
278 $token->rawPosition($current_line, $current_col);
279 $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
280 }
281 $array[] = $token;
282 $inside_tag = false;
283 $cursor = $position_next_gt + 1;
284 continue;
285 }
286
287 // Grab out all the data
288 $type = substr($segment, 0, $position_first_space);
289 $attribute_string =
290 trim(
291 substr(
292 $segment,
293 $position_first_space
294 )
295 );
296 if ($attribute_string) {
297 $attr = $this->parseAttributeString(
298 $attribute_string,
299 $config,
300 $context
301 );
302 } else {
303 $attr = array();
304 }
305
306 if ($is_self_closing) {
307 $token = new HTMLPurifier_Token_Empty($type, $attr);
308 } else {
309 $token = new HTMLPurifier_Token_Start($type, $attr);
310 }
311 if ($maintain_line_numbers) {
312 $token->rawPosition($current_line, $current_col);
313 $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
314 }
315 $array[] = $token;
316 $cursor = $position_next_gt + 1;
317 $inside_tag = false;
318 continue;
319 } else {
320 // inside tag, but there's no ending > sign
321 if ($e) {
322 $e->send(E_WARNING, 'Lexer: Missing gt');
323 }
324 $token = new
325 HTMLPurifier_Token_Text(
326 '<' .
327 $this->parseData(
328 substr($html, $cursor)
329 )
330 );
331 if ($maintain_line_numbers) {
332 $token->rawPosition($current_line, $current_col);
333 }
334 // no cursor scroll? Hmm...
335 $array[] = $token;
336 break;
337 }
338 break;
339 }
340
341 $context->destroy('CurrentLine');
342 $context->destroy('CurrentCol');
343 return $array;
344 }
345
346 /**
347 * PHP 5.0.x compatible substr_count that implements offset and length
348 * @param string $haystack
349 * @param string $needle
350 * @param int $offset
351 * @param int $length
352 * @return int
353 */
354 protected function substrCount($haystack, $needle, $offset, $length)
355 {
356 static $oldVersion;
357 if ($oldVersion === null) {
358 $oldVersion = version_compare(PHP_VERSION, '5.1', '<');
359 }
360 if ($oldVersion) {
361 $haystack = substr($haystack, $offset, $length);
362 return substr_count($haystack, $needle);
363 } else {
364 return substr_count($haystack, $needle, $offset, $length);
365 }
366 }
367
368 /**
369 * Takes the inside of an HTML tag and makes an assoc array of attributes.
370 *
371 * @param string $string Inside of tag excluding name.
372 * @param HTMLPurifier_Config $config
373 * @param HTMLPurifier_Context $context
374 * @return array Assoc array of attributes.
375 */
376 public function parseAttributeString($string, $config, $context)
377 {
378 $string = (string)$string; // quick typecast
379
380 if ($string == '') {
381 return array();
382 } // no attributes
383
384 $e = false;
385 if ($config->get('Core.CollectErrors')) {
386 $e =& $context->get('ErrorCollector');
387 }
388
389 // let's see if we can abort as quickly as possible
390 // one equal sign, no spaces => one attribute
391 $num_equal = substr_count($string, '=');
392 $has_space = strpos($string, ' ');
393 if ($num_equal === 0 && !$has_space) {
394 // bool attribute
395 return array($string => $string);
396 } elseif ($num_equal === 1 && !$has_space) {
397 // only one attribute
398 list($key, $quoted_value) = explode('=', $string);
399 $quoted_value = trim($quoted_value);
400 if (!$key) {
401 if ($e) {
402 $e->send(E_ERROR, 'Lexer: Missing attribute key');
403 }
404 return array();
405 }
406 if (!$quoted_value) {
407 return array($key => '');
408 }
409 $first_char = @$quoted_value[0];
410 $last_char = @$quoted_value[strlen($quoted_value) - 1];
411
412 $same_quote = ($first_char == $last_char);
413 $open_quote = ($first_char == '"' || $first_char == "'");
414
415 if ($same_quote && $open_quote) {
416 // well behaved
417 $value = substr($quoted_value, 1, strlen($quoted_value) - 2);
418 } else {
419 // not well behaved
420 if ($open_quote) {
421 if ($e) {
422 $e->send(E_ERROR, 'Lexer: Missing end quote');
423 }
424 $value = substr($quoted_value, 1);
425 } else {
426 $value = $quoted_value;
427 }
428 }
429 if ($value === false) {
430 $value = '';
431 }
432 return array($key => $this->parseData($value));
433 }
434
435 // setup loop environment
436 $array = array(); // return assoc array of attributes
437 $cursor = 0; // current position in string (moves forward)
438 $size = strlen($string); // size of the string (stays the same)
439
440 // if we have unquoted attributes, the parser expects a terminating
441 // space, so let's guarantee that there's always a terminating space.
442 $string .= ' ';
443
444 $old_cursor = -1;
445 while ($cursor < $size) {
446 if ($old_cursor >= $cursor) {
447 throw new Exception("Infinite loop detected");
448 }
449 $old_cursor = $cursor;
450
451 $cursor += ($value = strspn($string, $this->_whitespace, $cursor));
452 // grab the key
453
454 $key_begin = $cursor; //we're currently at the start of the key
455
456 // scroll past all characters that are the key (not whitespace or =)
457 $cursor += strcspn($string, $this->_whitespace . '=', $cursor);
458
459 $key_end = $cursor; // now at the end of the key
460
461 $key = substr($string, $key_begin, $key_end - $key_begin);
462
463 if (!$key) {
464 if ($e) {
465 $e->send(E_ERROR, 'Lexer: Missing attribute key');
466 }
467 $cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
468 continue; // empty key
469 }
470
471 // scroll past all whitespace
472 $cursor += strspn($string, $this->_whitespace, $cursor);
473
474 if ($cursor >= $size) {
475 $array[$key] = $key;
476 break;
477 }
478
479 // if the next character is an equal sign, we've got a regular
480 // pair, otherwise, it's a bool attribute
481 $first_char = @$string[$cursor];
482
483 if ($first_char == '=') {
484 // key="value"
485
486 $cursor++;
487 $cursor += strspn($string, $this->_whitespace, $cursor);
488
489 if ($cursor === false) {
490 $array[$key] = '';
491 break;
492 }
493
494 // we might be in front of a quote right now
495
496 $char = @$string[$cursor];
497
498 if ($char == '"' || $char == "'") {
499 // it's quoted, end bound is $char
500 $cursor++;
501 $value_begin = $cursor;
502 $cursor = strpos($string, $char, $cursor);
503 $value_end = $cursor;
504 } else {
505 // it's not quoted, end bound is whitespace
506 $value_begin = $cursor;
507 $cursor += strcspn($string, $this->_whitespace, $cursor);
508 $value_end = $cursor;
509 }
510
511 // we reached a premature end
512 if ($cursor === false) {
513 $cursor = $size;
514 $value_end = $cursor;
515 }
516
517 $value = substr($string, $value_begin, $value_end - $value_begin);
518 if ($value === false) {
519 $value = '';
520 }
521 $array[$key] = $this->parseData($value);
522 $cursor++;
523 } else {
524 // boolattr
525 if ($key !== '') {
526 $array[$key] = $key;
527 } else {
528 // purely theoretical
529 if ($e) {
530 $e->send(E_ERROR, 'Lexer: Missing attribute key');
531 }
532 }
533 }
534 }
535 return $array;
536 }
537}
538
539// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/PH5P.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/PH5P.php
new file mode 100644
index 00000000..48b5f9a6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Lexer/PH5P.php
@@ -0,0 +1,4788 @@
1<?php
2
3/**
4 * Experimental HTML5-based parser using Jeroen van der Meer's PH5P library.
5 * Occupies space in the HTML5 pseudo-namespace, which may cause conflicts.
6 *
7 * @note
8 * Recent changes to PHP's DOM extension have resulted in some fatal
9 * error conditions with the original version of PH5P. Pending changes,
10 * this lexer will punt to DirectLex if DOM throws an exception.
11 */
12
13class HTMLPurifier_Lexer_PH5P extends HTMLPurifier_Lexer_DOMLex
14{
15 /**
16 * @param string $html
17 * @param HTMLPurifier_Config $config
18 * @param HTMLPurifier_Context $context
19 * @return HTMLPurifier_Token[]
20 */
21 public function tokenizeHTML($html, $config, $context)
22 {
23 $new_html = $this->normalize($html, $config, $context);
24 $new_html = $this->wrapHTML($new_html, $config, $context);
25 try {
26 $parser = new HTML5($new_html);
27 $doc = $parser->save();
28 } catch (DOMException $e) {
29 // Uh oh, it failed. Punt to DirectLex.
30 $lexer = new HTMLPurifier_Lexer_DirectLex();
31 $context->register('PH5PError', $e); // save the error, so we can detect it
32 return $lexer->tokenizeHTML($html, $config, $context); // use original HTML
33 }
34 $tokens = array();
35 $this->tokenizeDOM(
36 $doc->getElementsByTagName('html')->item(0)-> // <html>
37 getElementsByTagName('body')->item(0)-> // <body>
38 getElementsByTagName('div')->item(0) // <div>
39 ,
40 $tokens
41 );
42 return $tokens;
43 }
44}
45
46/*
47
48Copyright 2007 Jeroen van der Meer <http://jero.net/>
49
50Permission is hereby granted, free of charge, to any person obtaining a
51copy of this software and associated documentation files (the
52"Software"), to deal in the Software without restriction, including
53without limitation the rights to use, copy, modify, merge, publish,
54distribute, sublicense, and/or sell copies of the Software, and to
55permit persons to whom the Software is furnished to do so, subject to
56the following conditions:
57
58The above copyright notice and this permission notice shall be included
59in all copies or substantial portions of the Software.
60
61THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
62OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
63MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
64IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
65CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
66TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
67SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
68
69*/
70
71class HTML5
72{
73 private $data;
74 private $char;
75 private $EOF;
76 private $state;
77 private $tree;
78 private $token;
79 private $content_model;
80 private $escape = false;
81 private $entities = array(
82 'AElig;',
83 'AElig',
84 'AMP;',
85 'AMP',
86 'Aacute;',
87 'Aacute',
88 'Acirc;',
89 'Acirc',
90 'Agrave;',
91 'Agrave',
92 'Alpha;',
93 'Aring;',
94 'Aring',
95 'Atilde;',
96 'Atilde',
97 'Auml;',
98 'Auml',
99 'Beta;',
100 'COPY;',
101 'COPY',
102 'Ccedil;',
103 'Ccedil',
104 'Chi;',
105 'Dagger;',
106 'Delta;',
107 'ETH;',
108 'ETH',
109 'Eacute;',
110 'Eacute',
111 'Ecirc;',
112 'Ecirc',
113 'Egrave;',
114 'Egrave',
115 'Epsilon;',
116 'Eta;',
117 'Euml;',
118 'Euml',
119 'GT;',
120 'GT',
121 'Gamma;',
122 'Iacute;',
123 'Iacute',
124 'Icirc;',
125 'Icirc',
126 'Igrave;',
127 'Igrave',
128 'Iota;',
129 'Iuml;',
130 'Iuml',
131 'Kappa;',
132 'LT;',
133 'LT',
134 'Lambda;',
135 'Mu;',
136 'Ntilde;',
137 'Ntilde',
138 'Nu;',
139 'OElig;',
140 'Oacute;',
141 'Oacute',
142 'Ocirc;',
143 'Ocirc',
144 'Ograve;',
145 'Ograve',
146 'Omega;',
147 'Omicron;',
148 'Oslash;',
149 'Oslash',
150 'Otilde;',
151 'Otilde',
152 'Ouml;',
153 'Ouml',
154 'Phi;',
155 'Pi;',
156 'Prime;',
157 'Psi;',
158 'QUOT;',
159 'QUOT',
160 'REG;',
161 'REG',
162 'Rho;',
163 'Scaron;',
164 'Sigma;',
165 'THORN;',
166 'THORN',
167 'TRADE;',
168 'Tau;',
169 'Theta;',
170 'Uacute;',
171 'Uacute',
172 'Ucirc;',
173 'Ucirc',
174 'Ugrave;',
175 'Ugrave',
176 'Upsilon;',
177 'Uuml;',
178 'Uuml',
179 'Xi;',
180 'Yacute;',
181 'Yacute',
182 'Yuml;',
183 'Zeta;',
184 'aacute;',
185 'aacute',
186 'acirc;',
187 'acirc',
188 'acute;',
189 'acute',
190 'aelig;',
191 'aelig',
192 'agrave;',
193 'agrave',
194 'alefsym;',
195 'alpha;',
196 'amp;',
197 'amp',
198 'and;',
199 'ang;',
200 'apos;',
201 'aring;',
202 'aring',
203 'asymp;',
204 'atilde;',
205 'atilde',
206 'auml;',
207 'auml',
208 'bdquo;',
209 'beta;',
210 'brvbar;',
211 'brvbar',
212 'bull;',
213 'cap;',
214 'ccedil;',
215 'ccedil',
216 'cedil;',
217 'cedil',
218 'cent;',
219 'cent',
220 'chi;',
221 'circ;',
222 'clubs;',
223 'cong;',
224 'copy;',
225 'copy',
226 'crarr;',
227 'cup;',
228 'curren;',
229 'curren',
230 'dArr;',
231 'dagger;',
232 'darr;',
233 'deg;',
234 'deg',
235 'delta;',
236 'diams;',
237 'divide;',
238 'divide',
239 'eacute;',
240 'eacute',
241 'ecirc;',
242 'ecirc',
243 'egrave;',
244 'egrave',
245 'empty;',
246 'emsp;',
247 'ensp;',
248 'epsilon;',
249 'equiv;',
250 'eta;',
251 'eth;',
252 'eth',
253 'euml;',
254 'euml',
255 'euro;',
256 'exist;',
257 'fnof;',
258 'forall;',
259 'frac12;',
260 'frac12',
261 'frac14;',
262 'frac14',
263 'frac34;',
264 'frac34',
265 'frasl;',
266 'gamma;',
267 'ge;',
268 'gt;',
269 'gt',
270 'hArr;',
271 'harr;',
272 'hearts;',
273 'hellip;',
274 'iacute;',
275 'iacute',
276 'icirc;',
277 'icirc',
278 'iexcl;',
279 'iexcl',
280 'igrave;',
281 'igrave',
282 'image;',
283 'infin;',
284 'int;',
285 'iota;',
286 'iquest;',
287 'iquest',
288 'isin;',
289 'iuml;',
290 'iuml',
291 'kappa;',
292 'lArr;',
293 'lambda;',
294 'lang;',
295 'laquo;',
296 'laquo',
297 'larr;',
298 'lceil;',
299 'ldquo;',
300 'le;',
301 'lfloor;',
302 'lowast;',
303 'loz;',
304 'lrm;',
305 'lsaquo;',
306 'lsquo;',
307 'lt;',
308 'lt',
309 'macr;',
310 'macr',
311 'mdash;',
312 'micro;',
313 'micro',
314 'middot;',
315 'middot',
316 'minus;',
317 'mu;',
318 'nabla;',
319 'nbsp;',
320 'nbsp',
321 'ndash;',
322 'ne;',
323 'ni;',
324 'not;',
325 'not',
326 'notin;',
327 'nsub;',
328 'ntilde;',
329 'ntilde',
330 'nu;',
331 'oacute;',
332 'oacute',
333 'ocirc;',
334 'ocirc',
335 'oelig;',
336 'ograve;',
337 'ograve',
338 'oline;',
339 'omega;',
340 'omicron;',
341 'oplus;',
342 'or;',
343 'ordf;',
344 'ordf',
345 'ordm;',
346 'ordm',
347 'oslash;',
348 'oslash',
349 'otilde;',
350 'otilde',
351 'otimes;',
352 'ouml;',
353 'ouml',
354 'para;',
355 'para',
356 'part;',
357 'permil;',
358 'perp;',
359 'phi;',
360 'pi;',
361 'piv;',
362 'plusmn;',
363 'plusmn',
364 'pound;',
365 'pound',
366 'prime;',
367 'prod;',
368 'prop;',
369 'psi;',
370 'quot;',
371 'quot',
372 'rArr;',
373 'radic;',
374 'rang;',
375 'raquo;',
376 'raquo',
377 'rarr;',
378 'rceil;',
379 'rdquo;',
380 'real;',
381 'reg;',
382 'reg',
383 'rfloor;',
384 'rho;',
385 'rlm;',
386 'rsaquo;',
387 'rsquo;',
388 'sbquo;',
389 'scaron;',
390 'sdot;',
391 'sect;',
392 'sect',
393 'shy;',
394 'shy',
395 'sigma;',
396 'sigmaf;',
397 'sim;',
398 'spades;',
399 'sub;',
400 'sube;',
401 'sum;',
402 'sup1;',
403 'sup1',
404 'sup2;',
405 'sup2',
406 'sup3;',
407 'sup3',
408 'sup;',
409 'supe;',
410 'szlig;',
411 'szlig',
412 'tau;',
413 'there4;',
414 'theta;',
415 'thetasym;',
416 'thinsp;',
417 'thorn;',
418 'thorn',
419 'tilde;',
420 'times;',
421 'times',
422 'trade;',
423 'uArr;',
424 'uacute;',
425 'uacute',
426 'uarr;',
427 'ucirc;',
428 'ucirc',
429 'ugrave;',
430 'ugrave',
431 'uml;',
432 'uml',
433 'upsih;',
434 'upsilon;',
435 'uuml;',
436 'uuml',
437 'weierp;',
438 'xi;',
439 'yacute;',
440 'yacute',
441 'yen;',
442 'yen',
443 'yuml;',
444 'yuml',
445 'zeta;',
446 'zwj;',
447 'zwnj;'
448 );
449
450 const PCDATA = 0;
451 const RCDATA = 1;
452 const CDATA = 2;
453 const PLAINTEXT = 3;
454
455 const DOCTYPE = 0;
456 const STARTTAG = 1;
457 const ENDTAG = 2;
458 const COMMENT = 3;
459 const CHARACTR = 4;
460 const EOF = 5;
461
462 public function __construct($data)
463 {
464 $this->data = $data;
465 $this->char = -1;
466 $this->EOF = strlen($data);
467 $this->tree = new HTML5TreeConstructer;
468 $this->content_model = self::PCDATA;
469
470 $this->state = 'data';
471
472 while ($this->state !== null) {
473 $this->{$this->state . 'State'}();
474 }
475 }
476
477 public function save()
478 {
479 return $this->tree->save();
480 }
481
482 private function char()
483 {
484 return ($this->char < $this->EOF)
485 ? $this->data[$this->char]
486 : false;
487 }
488
489 private function character($s, $l = 0)
490 {
491 if ($s + $l < $this->EOF) {
492 if ($l === 0) {
493 return $this->data[$s];
494 } else {
495 return substr($this->data, $s, $l);
496 }
497 }
498 }
499
500 private function characters($char_class, $start)
501 {
502 return preg_replace('#^([' . $char_class . ']+).*#s', '\\1', substr($this->data, $start));
503 }
504
505 private function dataState()
506 {
507 // Consume the next input character
508 $this->char++;
509 $char = $this->char();
510
511 if ($char === '&' && ($this->content_model === self::PCDATA || $this->content_model === self::RCDATA)) {
512 /* U+0026 AMPERSAND (&)
513 When the content model flag is set to one of the PCDATA or RCDATA
514 states: switch to the entity data state. Otherwise: treat it as per
515 the "anything else" entry below. */
516 $this->state = 'entityData';
517
518 } elseif ($char === '-') {
519 /* If the content model flag is set to either the RCDATA state or
520 the CDATA state, and the escape flag is false, and there are at
521 least three characters before this one in the input stream, and the
522 last four characters in the input stream, including this one, are
523 U+003C LESS-THAN SIGN, U+0021 EXCLAMATION MARK, U+002D HYPHEN-MINUS,
524 and U+002D HYPHEN-MINUS ("<!--"), then set the escape flag to true. */
525 if (($this->content_model === self::RCDATA || $this->content_model ===
526 self::CDATA) && $this->escape === false &&
527 $this->char >= 3 && $this->character($this->char - 4, 4) === '<!--'
528 ) {
529 $this->escape = true;
530 }
531
532 /* In any case, emit the input character as a character token. Stay
533 in the data state. */
534 $this->emitToken(
535 array(
536 'type' => self::CHARACTR,
537 'data' => $char
538 )
539 );
540
541 /* U+003C LESS-THAN SIGN (<) */
542 } elseif ($char === '<' && ($this->content_model === self::PCDATA ||
543 (($this->content_model === self::RCDATA ||
544 $this->content_model === self::CDATA) && $this->escape === false))
545 ) {
546 /* When the content model flag is set to the PCDATA state: switch
547 to the tag open state.
548
549 When the content model flag is set to either the RCDATA state or
550 the CDATA state and the escape flag is false: switch to the tag
551 open state.
552
553 Otherwise: treat it as per the "anything else" entry below. */
554 $this->state = 'tagOpen';
555
556 /* U+003E GREATER-THAN SIGN (>) */
557 } elseif ($char === '>') {
558 /* If the content model flag is set to either the RCDATA state or
559 the CDATA state, and the escape flag is true, and the last three
560 characters in the input stream including this one are U+002D
561 HYPHEN-MINUS, U+002D HYPHEN-MINUS, U+003E GREATER-THAN SIGN ("-->"),
562 set the escape flag to false. */
563 if (($this->content_model === self::RCDATA ||
564 $this->content_model === self::CDATA) && $this->escape === true &&
565 $this->character($this->char, 3) === '-->'
566 ) {
567 $this->escape = false;
568 }
569
570 /* In any case, emit the input character as a character token.
571 Stay in the data state. */
572 $this->emitToken(
573 array(
574 'type' => self::CHARACTR,
575 'data' => $char
576 )
577 );
578
579 } elseif ($this->char === $this->EOF) {
580 /* EOF
581 Emit an end-of-file token. */
582 $this->EOF();
583
584 } elseif ($this->content_model === self::PLAINTEXT) {
585 /* When the content model flag is set to the PLAINTEXT state
586 THIS DIFFERS GREATLY FROM THE SPEC: Get the remaining characters of
587 the text and emit it as a character token. */
588 $this->emitToken(
589 array(
590 'type' => self::CHARACTR,
591 'data' => substr($this->data, $this->char)
592 )
593 );
594
595 $this->EOF();
596
597 } else {
598 /* Anything else
599 THIS DIFFERS GREATLY FROM THE SPEC: Get as many character that
600 otherwise would also be treated as a character token and emit it
601 as a single character token. Stay in the data state. */
602 $len = strcspn($this->data, '<&', $this->char);
603 $char = substr($this->data, $this->char, $len);
604 $this->char += $len - 1;
605
606 $this->emitToken(
607 array(
608 'type' => self::CHARACTR,
609 'data' => $char
610 )
611 );
612
613 $this->state = 'data';
614 }
615 }
616
617 private function entityDataState()
618 {
619 // Attempt to consume an entity.
620 $entity = $this->entity();
621
622 // If nothing is returned, emit a U+0026 AMPERSAND character token.
623 // Otherwise, emit the character token that was returned.
624 $char = (!$entity) ? '&' : $entity;
625 $this->emitToken(
626 array(
627 'type' => self::CHARACTR,
628 'data' => $char
629 )
630 );
631
632 // Finally, switch to the data state.
633 $this->state = 'data';
634 }
635
636 private function tagOpenState()
637 {
638 switch ($this->content_model) {
639 case self::RCDATA:
640 case self::CDATA:
641 /* If the next input character is a U+002F SOLIDUS (/) character,
642 consume it and switch to the close tag open state. If the next
643 input character is not a U+002F SOLIDUS (/) character, emit a
644 U+003C LESS-THAN SIGN character token and switch to the data
645 state to process the next input character. */
646 if ($this->character($this->char + 1) === '/') {
647 $this->char++;
648 $this->state = 'closeTagOpen';
649
650 } else {
651 $this->emitToken(
652 array(
653 'type' => self::CHARACTR,
654 'data' => '<'
655 )
656 );
657
658 $this->state = 'data';
659 }
660 break;
661
662 case self::PCDATA:
663 // If the content model flag is set to the PCDATA state
664 // Consume the next input character:
665 $this->char++;
666 $char = $this->char();
667
668 if ($char === '!') {
669 /* U+0021 EXCLAMATION MARK (!)
670 Switch to the markup declaration open state. */
671 $this->state = 'markupDeclarationOpen';
672
673 } elseif ($char === '/') {
674 /* U+002F SOLIDUS (/)
675 Switch to the close tag open state. */
676 $this->state = 'closeTagOpen';
677
678 } elseif (preg_match('/^[A-Za-z]$/', $char)) {
679 /* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z
680 Create a new start tag token, set its tag name to the lowercase
681 version of the input character (add 0x0020 to the character's code
682 point), then switch to the tag name state. (Don't emit the token
683 yet; further details will be filled in before it is emitted.) */
684 $this->token = array(
685 'name' => strtolower($char),
686 'type' => self::STARTTAG,
687 'attr' => array()
688 );
689
690 $this->state = 'tagName';
691
692 } elseif ($char === '>') {
693 /* U+003E GREATER-THAN SIGN (>)
694 Parse error. Emit a U+003C LESS-THAN SIGN character token and a
695 U+003E GREATER-THAN SIGN character token. Switch to the data state. */
696 $this->emitToken(
697 array(
698 'type' => self::CHARACTR,
699 'data' => '<>'
700 )
701 );
702
703 $this->state = 'data';
704
705 } elseif ($char === '?') {
706 /* U+003F QUESTION MARK (?)
707 Parse error. Switch to the bogus comment state. */
708 $this->state = 'bogusComment';
709
710 } else {
711 /* Anything else
712 Parse error. Emit a U+003C LESS-THAN SIGN character token and
713 reconsume the current input character in the data state. */
714 $this->emitToken(
715 array(
716 'type' => self::CHARACTR,
717 'data' => '<'
718 )
719 );
720
721 $this->char--;
722 $this->state = 'data';
723 }
724 break;
725 }
726 }
727
728 private function closeTagOpenState()
729 {
730 $next_node = strtolower($this->characters('A-Za-z', $this->char + 1));
731 $the_same = count($this->tree->stack) > 0 && $next_node === end($this->tree->stack)->nodeName;
732
733 if (($this->content_model === self::RCDATA || $this->content_model === self::CDATA) &&
734 (!$the_same || ($the_same && (!preg_match(
735 '/[\t\n\x0b\x0c >\/]/',
736 $this->character($this->char + 1 + strlen($next_node))
737 ) || $this->EOF === $this->char)))
738 ) {
739 /* If the content model flag is set to the RCDATA or CDATA states then
740 examine the next few characters. If they do not match the tag name of
741 the last start tag token emitted (case insensitively), or if they do but
742 they are not immediately followed by one of the following characters:
743 * U+0009 CHARACTER TABULATION
744 * U+000A LINE FEED (LF)
745 * U+000B LINE TABULATION
746 * U+000C FORM FEED (FF)
747 * U+0020 SPACE
748 * U+003E GREATER-THAN SIGN (>)
749 * U+002F SOLIDUS (/)
750 * EOF
751 ...then there is a parse error. Emit a U+003C LESS-THAN SIGN character
752 token, a U+002F SOLIDUS character token, and switch to the data state
753 to process the next input character. */
754 $this->emitToken(
755 array(
756 'type' => self::CHARACTR,
757 'data' => '</'
758 )
759 );
760
761 $this->state = 'data';
762
763 } else {
764 /* Otherwise, if the content model flag is set to the PCDATA state,
765 or if the next few characters do match that tag name, consume the
766 next input character: */
767 $this->char++;
768 $char = $this->char();
769
770 if (preg_match('/^[A-Za-z]$/', $char)) {
771 /* U+0041 LATIN LETTER A through to U+005A LATIN LETTER Z
772 Create a new end tag token, set its tag name to the lowercase version
773 of the input character (add 0x0020 to the character's code point), then
774 switch to the tag name state. (Don't emit the token yet; further details
775 will be filled in before it is emitted.) */
776 $this->token = array(
777 'name' => strtolower($char),
778 'type' => self::ENDTAG
779 );
780
781 $this->state = 'tagName';
782
783 } elseif ($char === '>') {
784 /* U+003E GREATER-THAN SIGN (>)
785 Parse error. Switch to the data state. */
786 $this->state = 'data';
787
788 } elseif ($this->char === $this->EOF) {
789 /* EOF
790 Parse error. Emit a U+003C LESS-THAN SIGN character token and a U+002F
791 SOLIDUS character token. Reconsume the EOF character in the data state. */
792 $this->emitToken(
793 array(
794 'type' => self::CHARACTR,
795 'data' => '</'
796 )
797 );
798
799 $this->char--;
800 $this->state = 'data';
801
802 } else {
803 /* Parse error. Switch to the bogus comment state. */
804 $this->state = 'bogusComment';
805 }
806 }
807 }
808
809 private function tagNameState()
810 {
811 // Consume the next input character:
812 $this->char++;
813 $char = $this->character($this->char);
814
815 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
816 /* U+0009 CHARACTER TABULATION
817 U+000A LINE FEED (LF)
818 U+000B LINE TABULATION
819 U+000C FORM FEED (FF)
820 U+0020 SPACE
821 Switch to the before attribute name state. */
822 $this->state = 'beforeAttributeName';
823
824 } elseif ($char === '>') {
825 /* U+003E GREATER-THAN SIGN (>)
826 Emit the current tag token. Switch to the data state. */
827 $this->emitToken($this->token);
828 $this->state = 'data';
829
830 } elseif ($this->char === $this->EOF) {
831 /* EOF
832 Parse error. Emit the current tag token. Reconsume the EOF
833 character in the data state. */
834 $this->emitToken($this->token);
835
836 $this->char--;
837 $this->state = 'data';
838
839 } elseif ($char === '/') {
840 /* U+002F SOLIDUS (/)
841 Parse error unless this is a permitted slash. Switch to the before
842 attribute name state. */
843 $this->state = 'beforeAttributeName';
844
845 } else {
846 /* Anything else
847 Append the current input character to the current tag token's tag name.
848 Stay in the tag name state. */
849 $this->token['name'] .= strtolower($char);
850 $this->state = 'tagName';
851 }
852 }
853
854 private function beforeAttributeNameState()
855 {
856 // Consume the next input character:
857 $this->char++;
858 $char = $this->character($this->char);
859
860 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
861 /* U+0009 CHARACTER TABULATION
862 U+000A LINE FEED (LF)
863 U+000B LINE TABULATION
864 U+000C FORM FEED (FF)
865 U+0020 SPACE
866 Stay in the before attribute name state. */
867 $this->state = 'beforeAttributeName';
868
869 } elseif ($char === '>') {
870 /* U+003E GREATER-THAN SIGN (>)
871 Emit the current tag token. Switch to the data state. */
872 $this->emitToken($this->token);
873 $this->state = 'data';
874
875 } elseif ($char === '/') {
876 /* U+002F SOLIDUS (/)
877 Parse error unless this is a permitted slash. Stay in the before
878 attribute name state. */
879 $this->state = 'beforeAttributeName';
880
881 } elseif ($this->char === $this->EOF) {
882 /* EOF
883 Parse error. Emit the current tag token. Reconsume the EOF
884 character in the data state. */
885 $this->emitToken($this->token);
886
887 $this->char--;
888 $this->state = 'data';
889
890 } else {
891 /* Anything else
892 Start a new attribute in the current tag token. Set that attribute's
893 name to the current input character, and its value to the empty string.
894 Switch to the attribute name state. */
895 $this->token['attr'][] = array(
896 'name' => strtolower($char),
897 'value' => null
898 );
899
900 $this->state = 'attributeName';
901 }
902 }
903
904 private function attributeNameState()
905 {
906 // Consume the next input character:
907 $this->char++;
908 $char = $this->character($this->char);
909
910 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
911 /* U+0009 CHARACTER TABULATION
912 U+000A LINE FEED (LF)
913 U+000B LINE TABULATION
914 U+000C FORM FEED (FF)
915 U+0020 SPACE
916 Stay in the before attribute name state. */
917 $this->state = 'afterAttributeName';
918
919 } elseif ($char === '=') {
920 /* U+003D EQUALS SIGN (=)
921 Switch to the before attribute value state. */
922 $this->state = 'beforeAttributeValue';
923
924 } elseif ($char === '>') {
925 /* U+003E GREATER-THAN SIGN (>)
926 Emit the current tag token. Switch to the data state. */
927 $this->emitToken($this->token);
928 $this->state = 'data';
929
930 } elseif ($char === '/' && $this->character($this->char + 1) !== '>') {
931 /* U+002F SOLIDUS (/)
932 Parse error unless this is a permitted slash. Switch to the before
933 attribute name state. */
934 $this->state = 'beforeAttributeName';
935
936 } elseif ($this->char === $this->EOF) {
937 /* EOF
938 Parse error. Emit the current tag token. Reconsume the EOF
939 character in the data state. */
940 $this->emitToken($this->token);
941
942 $this->char--;
943 $this->state = 'data';
944
945 } else {
946 /* Anything else
947 Append the current input character to the current attribute's name.
948 Stay in the attribute name state. */
949 $last = count($this->token['attr']) - 1;
950 $this->token['attr'][$last]['name'] .= strtolower($char);
951
952 $this->state = 'attributeName';
953 }
954 }
955
956 private function afterAttributeNameState()
957 {
958 // Consume the next input character:
959 $this->char++;
960 $char = $this->character($this->char);
961
962 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
963 /* U+0009 CHARACTER TABULATION
964 U+000A LINE FEED (LF)
965 U+000B LINE TABULATION
966 U+000C FORM FEED (FF)
967 U+0020 SPACE
968 Stay in the after attribute name state. */
969 $this->state = 'afterAttributeName';
970
971 } elseif ($char === '=') {
972 /* U+003D EQUALS SIGN (=)
973 Switch to the before attribute value state. */
974 $this->state = 'beforeAttributeValue';
975
976 } elseif ($char === '>') {
977 /* U+003E GREATER-THAN SIGN (>)
978 Emit the current tag token. Switch to the data state. */
979 $this->emitToken($this->token);
980 $this->state = 'data';
981
982 } elseif ($char === '/' && $this->character($this->char + 1) !== '>') {
983 /* U+002F SOLIDUS (/)
984 Parse error unless this is a permitted slash. Switch to the
985 before attribute name state. */
986 $this->state = 'beforeAttributeName';
987
988 } elseif ($this->char === $this->EOF) {
989 /* EOF
990 Parse error. Emit the current tag token. Reconsume the EOF
991 character in the data state. */
992 $this->emitToken($this->token);
993
994 $this->char--;
995 $this->state = 'data';
996
997 } else {
998 /* Anything else
999 Start a new attribute in the current tag token. Set that attribute's
1000 name to the current input character, and its value to the empty string.
1001 Switch to the attribute name state. */
1002 $this->token['attr'][] = array(
1003 'name' => strtolower($char),
1004 'value' => null
1005 );
1006
1007 $this->state = 'attributeName';
1008 }
1009 }
1010
1011 private function beforeAttributeValueState()
1012 {
1013 // Consume the next input character:
1014 $this->char++;
1015 $char = $this->character($this->char);
1016
1017 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1018 /* U+0009 CHARACTER TABULATION
1019 U+000A LINE FEED (LF)
1020 U+000B LINE TABULATION
1021 U+000C FORM FEED (FF)
1022 U+0020 SPACE
1023 Stay in the before attribute value state. */
1024 $this->state = 'beforeAttributeValue';
1025
1026 } elseif ($char === '"') {
1027 /* U+0022 QUOTATION MARK (")
1028 Switch to the attribute value (double-quoted) state. */
1029 $this->state = 'attributeValueDoubleQuoted';
1030
1031 } elseif ($char === '&') {
1032 /* U+0026 AMPERSAND (&)
1033 Switch to the attribute value (unquoted) state and reconsume
1034 this input character. */
1035 $this->char--;
1036 $this->state = 'attributeValueUnquoted';
1037
1038 } elseif ($char === '\'') {
1039 /* U+0027 APOSTROPHE (')
1040 Switch to the attribute value (single-quoted) state. */
1041 $this->state = 'attributeValueSingleQuoted';
1042
1043 } elseif ($char === '>') {
1044 /* U+003E GREATER-THAN SIGN (>)
1045 Emit the current tag token. Switch to the data state. */
1046 $this->emitToken($this->token);
1047 $this->state = 'data';
1048
1049 } else {
1050 /* Anything else
1051 Append the current input character to the current attribute's value.
1052 Switch to the attribute value (unquoted) state. */
1053 $last = count($this->token['attr']) - 1;
1054 $this->token['attr'][$last]['value'] .= $char;
1055
1056 $this->state = 'attributeValueUnquoted';
1057 }
1058 }
1059
1060 private function attributeValueDoubleQuotedState()
1061 {
1062 // Consume the next input character:
1063 $this->char++;
1064 $char = $this->character($this->char);
1065
1066 if ($char === '"') {
1067 /* U+0022 QUOTATION MARK (")
1068 Switch to the before attribute name state. */
1069 $this->state = 'beforeAttributeName';
1070
1071 } elseif ($char === '&') {
1072 /* U+0026 AMPERSAND (&)
1073 Switch to the entity in attribute value state. */
1074 $this->entityInAttributeValueState('double');
1075
1076 } elseif ($this->char === $this->EOF) {
1077 /* EOF
1078 Parse error. Emit the current tag token. Reconsume the character
1079 in the data state. */
1080 $this->emitToken($this->token);
1081
1082 $this->char--;
1083 $this->state = 'data';
1084
1085 } else {
1086 /* Anything else
1087 Append the current input character to the current attribute's value.
1088 Stay in the attribute value (double-quoted) state. */
1089 $last = count($this->token['attr']) - 1;
1090 $this->token['attr'][$last]['value'] .= $char;
1091
1092 $this->state = 'attributeValueDoubleQuoted';
1093 }
1094 }
1095
1096 private function attributeValueSingleQuotedState()
1097 {
1098 // Consume the next input character:
1099 $this->char++;
1100 $char = $this->character($this->char);
1101
1102 if ($char === '\'') {
1103 /* U+0022 QUOTATION MARK (')
1104 Switch to the before attribute name state. */
1105 $this->state = 'beforeAttributeName';
1106
1107 } elseif ($char === '&') {
1108 /* U+0026 AMPERSAND (&)
1109 Switch to the entity in attribute value state. */
1110 $this->entityInAttributeValueState('single');
1111
1112 } elseif ($this->char === $this->EOF) {
1113 /* EOF
1114 Parse error. Emit the current tag token. Reconsume the character
1115 in the data state. */
1116 $this->emitToken($this->token);
1117
1118 $this->char--;
1119 $this->state = 'data';
1120
1121 } else {
1122 /* Anything else
1123 Append the current input character to the current attribute's value.
1124 Stay in the attribute value (single-quoted) state. */
1125 $last = count($this->token['attr']) - 1;
1126 $this->token['attr'][$last]['value'] .= $char;
1127
1128 $this->state = 'attributeValueSingleQuoted';
1129 }
1130 }
1131
1132 private function attributeValueUnquotedState()
1133 {
1134 // Consume the next input character:
1135 $this->char++;
1136 $char = $this->character($this->char);
1137
1138 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1139 /* U+0009 CHARACTER TABULATION
1140 U+000A LINE FEED (LF)
1141 U+000B LINE TABULATION
1142 U+000C FORM FEED (FF)
1143 U+0020 SPACE
1144 Switch to the before attribute name state. */
1145 $this->state = 'beforeAttributeName';
1146
1147 } elseif ($char === '&') {
1148 /* U+0026 AMPERSAND (&)
1149 Switch to the entity in attribute value state. */
1150 $this->entityInAttributeValueState();
1151
1152 } elseif ($char === '>') {
1153 /* U+003E GREATER-THAN SIGN (>)
1154 Emit the current tag token. Switch to the data state. */
1155 $this->emitToken($this->token);
1156 $this->state = 'data';
1157
1158 } else {
1159 /* Anything else
1160 Append the current input character to the current attribute's value.
1161 Stay in the attribute value (unquoted) state. */
1162 $last = count($this->token['attr']) - 1;
1163 $this->token['attr'][$last]['value'] .= $char;
1164
1165 $this->state = 'attributeValueUnquoted';
1166 }
1167 }
1168
1169 private function entityInAttributeValueState()
1170 {
1171 // Attempt to consume an entity.
1172 $entity = $this->entity();
1173
1174 // If nothing is returned, append a U+0026 AMPERSAND character to the
1175 // current attribute's value. Otherwise, emit the character token that
1176 // was returned.
1177 $char = (!$entity)
1178 ? '&'
1179 : $entity;
1180
1181 $last = count($this->token['attr']) - 1;
1182 $this->token['attr'][$last]['value'] .= $char;
1183 }
1184
1185 private function bogusCommentState()
1186 {
1187 /* Consume every character up to the first U+003E GREATER-THAN SIGN
1188 character (>) or the end of the file (EOF), whichever comes first. Emit
1189 a comment token whose data is the concatenation of all the characters
1190 starting from and including the character that caused the state machine
1191 to switch into the bogus comment state, up to and including the last
1192 consumed character before the U+003E character, if any, or up to the
1193 end of the file otherwise. (If the comment was started by the end of
1194 the file (EOF), the token is empty.) */
1195 $data = $this->characters('^>', $this->char);
1196 $this->emitToken(
1197 array(
1198 'data' => $data,
1199 'type' => self::COMMENT
1200 )
1201 );
1202
1203 $this->char += strlen($data);
1204
1205 /* Switch to the data state. */
1206 $this->state = 'data';
1207
1208 /* If the end of the file was reached, reconsume the EOF character. */
1209 if ($this->char === $this->EOF) {
1210 $this->char = $this->EOF - 1;
1211 }
1212 }
1213
1214 private function markupDeclarationOpenState()
1215 {
1216 /* If the next two characters are both U+002D HYPHEN-MINUS (-)
1217 characters, consume those two characters, create a comment token whose
1218 data is the empty string, and switch to the comment state. */
1219 if ($this->character($this->char + 1, 2) === '--') {
1220 $this->char += 2;
1221 $this->state = 'comment';
1222 $this->token = array(
1223 'data' => null,
1224 'type' => self::COMMENT
1225 );
1226
1227 /* Otherwise if the next seven chacacters are a case-insensitive match
1228 for the word "DOCTYPE", then consume those characters and switch to the
1229 DOCTYPE state. */
1230 } elseif (strtolower($this->character($this->char + 1, 7)) === 'doctype') {
1231 $this->char += 7;
1232 $this->state = 'doctype';
1233
1234 /* Otherwise, is is a parse error. Switch to the bogus comment state.
1235 The next character that is consumed, if any, is the first character
1236 that will be in the comment. */
1237 } else {
1238 $this->char++;
1239 $this->state = 'bogusComment';
1240 }
1241 }
1242
1243 private function commentState()
1244 {
1245 /* Consume the next input character: */
1246 $this->char++;
1247 $char = $this->char();
1248
1249 /* U+002D HYPHEN-MINUS (-) */
1250 if ($char === '-') {
1251 /* Switch to the comment dash state */
1252 $this->state = 'commentDash';
1253
1254 /* EOF */
1255 } elseif ($this->char === $this->EOF) {
1256 /* Parse error. Emit the comment token. Reconsume the EOF character
1257 in the data state. */
1258 $this->emitToken($this->token);
1259 $this->char--;
1260 $this->state = 'data';
1261
1262 /* Anything else */
1263 } else {
1264 /* Append the input character to the comment token's data. Stay in
1265 the comment state. */
1266 $this->token['data'] .= $char;
1267 }
1268 }
1269
1270 private function commentDashState()
1271 {
1272 /* Consume the next input character: */
1273 $this->char++;
1274 $char = $this->char();
1275
1276 /* U+002D HYPHEN-MINUS (-) */
1277 if ($char === '-') {
1278 /* Switch to the comment end state */
1279 $this->state = 'commentEnd';
1280
1281 /* EOF */
1282 } elseif ($this->char === $this->EOF) {
1283 /* Parse error. Emit the comment token. Reconsume the EOF character
1284 in the data state. */
1285 $this->emitToken($this->token);
1286 $this->char--;
1287 $this->state = 'data';
1288
1289 /* Anything else */
1290 } else {
1291 /* Append a U+002D HYPHEN-MINUS (-) character and the input
1292 character to the comment token's data. Switch to the comment state. */
1293 $this->token['data'] .= '-' . $char;
1294 $this->state = 'comment';
1295 }
1296 }
1297
1298 private function commentEndState()
1299 {
1300 /* Consume the next input character: */
1301 $this->char++;
1302 $char = $this->char();
1303
1304 if ($char === '>') {
1305 $this->emitToken($this->token);
1306 $this->state = 'data';
1307
1308 } elseif ($char === '-') {
1309 $this->token['data'] .= '-';
1310
1311 } elseif ($this->char === $this->EOF) {
1312 $this->emitToken($this->token);
1313 $this->char--;
1314 $this->state = 'data';
1315
1316 } else {
1317 $this->token['data'] .= '--' . $char;
1318 $this->state = 'comment';
1319 }
1320 }
1321
1322 private function doctypeState()
1323 {
1324 /* Consume the next input character: */
1325 $this->char++;
1326 $char = $this->char();
1327
1328 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1329 $this->state = 'beforeDoctypeName';
1330
1331 } else {
1332 $this->char--;
1333 $this->state = 'beforeDoctypeName';
1334 }
1335 }
1336
1337 private function beforeDoctypeNameState()
1338 {
1339 /* Consume the next input character: */
1340 $this->char++;
1341 $char = $this->char();
1342
1343 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1344 // Stay in the before DOCTYPE name state.
1345
1346 } elseif (preg_match('/^[a-z]$/', $char)) {
1347 $this->token = array(
1348 'name' => strtoupper($char),
1349 'type' => self::DOCTYPE,
1350 'error' => true
1351 );
1352
1353 $this->state = 'doctypeName';
1354
1355 } elseif ($char === '>') {
1356 $this->emitToken(
1357 array(
1358 'name' => null,
1359 'type' => self::DOCTYPE,
1360 'error' => true
1361 )
1362 );
1363
1364 $this->state = 'data';
1365
1366 } elseif ($this->char === $this->EOF) {
1367 $this->emitToken(
1368 array(
1369 'name' => null,
1370 'type' => self::DOCTYPE,
1371 'error' => true
1372 )
1373 );
1374
1375 $this->char--;
1376 $this->state = 'data';
1377
1378 } else {
1379 $this->token = array(
1380 'name' => $char,
1381 'type' => self::DOCTYPE,
1382 'error' => true
1383 );
1384
1385 $this->state = 'doctypeName';
1386 }
1387 }
1388
1389 private function doctypeNameState()
1390 {
1391 /* Consume the next input character: */
1392 $this->char++;
1393 $char = $this->char();
1394
1395 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1396 $this->state = 'AfterDoctypeName';
1397
1398 } elseif ($char === '>') {
1399 $this->emitToken($this->token);
1400 $this->state = 'data';
1401
1402 } elseif (preg_match('/^[a-z]$/', $char)) {
1403 $this->token['name'] .= strtoupper($char);
1404
1405 } elseif ($this->char === $this->EOF) {
1406 $this->emitToken($this->token);
1407 $this->char--;
1408 $this->state = 'data';
1409
1410 } else {
1411 $this->token['name'] .= $char;
1412 }
1413
1414 $this->token['error'] = ($this->token['name'] === 'HTML')
1415 ? false
1416 : true;
1417 }
1418
1419 private function afterDoctypeNameState()
1420 {
1421 /* Consume the next input character: */
1422 $this->char++;
1423 $char = $this->char();
1424
1425 if (preg_match('/^[\t\n\x0b\x0c ]$/', $char)) {
1426 // Stay in the DOCTYPE name state.
1427
1428 } elseif ($char === '>') {
1429 $this->emitToken($this->token);
1430 $this->state = 'data';
1431
1432 } elseif ($this->char === $this->EOF) {
1433 $this->emitToken($this->token);
1434 $this->char--;
1435 $this->state = 'data';
1436
1437 } else {
1438 $this->token['error'] = true;
1439 $this->state = 'bogusDoctype';
1440 }
1441 }
1442
1443 private function bogusDoctypeState()
1444 {
1445 /* Consume the next input character: */
1446 $this->char++;
1447 $char = $this->char();
1448
1449 if ($char === '>') {
1450 $this->emitToken($this->token);
1451 $this->state = 'data';
1452
1453 } elseif ($this->char === $this->EOF) {
1454 $this->emitToken($this->token);
1455 $this->char--;
1456 $this->state = 'data';
1457
1458 } else {
1459 // Stay in the bogus DOCTYPE state.
1460 }
1461 }
1462
1463 private function entity()
1464 {
1465 $start = $this->char;
1466
1467 // This section defines how to consume an entity. This definition is
1468 // used when parsing entities in text and in attributes.
1469
1470 // The behaviour depends on the identity of the next character (the
1471 // one immediately after the U+0026 AMPERSAND character):
1472
1473 switch ($this->character($this->char + 1)) {
1474 // U+0023 NUMBER SIGN (#)
1475 case '#':
1476
1477 // The behaviour further depends on the character after the
1478 // U+0023 NUMBER SIGN:
1479 switch ($this->character($this->char + 1)) {
1480 // U+0078 LATIN SMALL LETTER X
1481 // U+0058 LATIN CAPITAL LETTER X
1482 case 'x':
1483 case 'X':
1484 // Follow the steps below, but using the range of
1485 // characters U+0030 DIGIT ZERO through to U+0039 DIGIT
1486 // NINE, U+0061 LATIN SMALL LETTER A through to U+0066
1487 // LATIN SMALL LETTER F, and U+0041 LATIN CAPITAL LETTER
1488 // A, through to U+0046 LATIN CAPITAL LETTER F (in other
1489 // words, 0-9, A-F, a-f).
1490 $char = 1;
1491 $char_class = '0-9A-Fa-f';
1492 break;
1493
1494 // Anything else
1495 default:
1496 // Follow the steps below, but using the range of
1497 // characters U+0030 DIGIT ZERO through to U+0039 DIGIT
1498 // NINE (i.e. just 0-9).
1499 $char = 0;
1500 $char_class = '0-9';
1501 break;
1502 }
1503
1504 // Consume as many characters as match the range of characters
1505 // given above.
1506 $this->char++;
1507 $e_name = $this->characters($char_class, $this->char + $char + 1);
1508 $entity = $this->character($start, $this->char);
1509 $cond = strlen($e_name) > 0;
1510
1511 // The rest of the parsing happens bellow.
1512 break;
1513
1514 // Anything else
1515 default:
1516 // Consume the maximum number of characters possible, with the
1517 // consumed characters case-sensitively matching one of the
1518 // identifiers in the first column of the entities table.
1519 $e_name = $this->characters('0-9A-Za-z;', $this->char + 1);
1520 $len = strlen($e_name);
1521
1522 for ($c = 1; $c <= $len; $c++) {
1523 $id = substr($e_name, 0, $c);
1524 $this->char++;
1525
1526 if (in_array($id, $this->entities)) {
1527 if ($e_name[$c - 1] !== ';') {
1528 if ($c < $len && $e_name[$c] == ';') {
1529 $this->char++; // consume extra semicolon
1530 }
1531 }
1532 $entity = $id;
1533 break;
1534 }
1535 }
1536
1537 $cond = isset($entity);
1538 // The rest of the parsing happens bellow.
1539 break;
1540 }
1541
1542 if (!$cond) {
1543 // If no match can be made, then this is a parse error. No
1544 // characters are consumed, and nothing is returned.
1545 $this->char = $start;
1546 return false;
1547 }
1548
1549 // Return a character token for the character corresponding to the
1550 // entity name (as given by the second column of the entities table).
1551 return html_entity_decode('&' . $entity . ';', ENT_QUOTES, 'UTF-8');
1552 }
1553
1554 private function emitToken($token)
1555 {
1556 $emit = $this->tree->emitToken($token);
1557
1558 if (is_int($emit)) {
1559 $this->content_model = $emit;
1560
1561 } elseif ($token['type'] === self::ENDTAG) {
1562 $this->content_model = self::PCDATA;
1563 }
1564 }
1565
1566 private function EOF()
1567 {
1568 $this->state = null;
1569 $this->tree->emitToken(
1570 array(
1571 'type' => self::EOF
1572 )
1573 );
1574 }
1575}
1576
1577class HTML5TreeConstructer
1578{
1579 public $stack = array();
1580
1581 private $phase;
1582 private $mode;
1583 private $dom;
1584 private $foster_parent = null;
1585 private $a_formatting = array();
1586
1587 private $head_pointer = null;
1588 private $form_pointer = null;
1589
1590 private $scoping = array('button', 'caption', 'html', 'marquee', 'object', 'table', 'td', 'th');
1591 private $formatting = array(
1592 'a',
1593 'b',
1594 'big',
1595 'em',
1596 'font',
1597 'i',
1598 'nobr',
1599 's',
1600 'small',
1601 'strike',
1602 'strong',
1603 'tt',
1604 'u'
1605 );
1606 private $special = array(
1607 'address',
1608 'area',
1609 'base',
1610 'basefont',
1611 'bgsound',
1612 'blockquote',
1613 'body',
1614 'br',
1615 'center',
1616 'col',
1617 'colgroup',
1618 'dd',
1619 'dir',
1620 'div',
1621 'dl',
1622 'dt',
1623 'embed',
1624 'fieldset',
1625 'form',
1626 'frame',
1627 'frameset',
1628 'h1',
1629 'h2',
1630 'h3',
1631 'h4',
1632 'h5',
1633 'h6',
1634 'head',
1635 'hr',
1636 'iframe',
1637 'image',
1638 'img',
1639 'input',
1640 'isindex',
1641 'li',
1642 'link',
1643 'listing',
1644 'menu',
1645 'meta',
1646 'noembed',
1647 'noframes',
1648 'noscript',
1649 'ol',
1650 'optgroup',
1651 'option',
1652 'p',
1653 'param',
1654 'plaintext',
1655 'pre',
1656 'script',
1657 'select',
1658 'spacer',
1659 'style',
1660 'tbody',
1661 'textarea',
1662 'tfoot',
1663 'thead',
1664 'title',
1665 'tr',
1666 'ul',
1667 'wbr'
1668 );
1669
1670 // The different phases.
1671 const INIT_PHASE = 0;
1672 const ROOT_PHASE = 1;
1673 const MAIN_PHASE = 2;
1674 const END_PHASE = 3;
1675
1676 // The different insertion modes for the main phase.
1677 const BEFOR_HEAD = 0;
1678 const IN_HEAD = 1;
1679 const AFTER_HEAD = 2;
1680 const IN_BODY = 3;
1681 const IN_TABLE = 4;
1682 const IN_CAPTION = 5;
1683 const IN_CGROUP = 6;
1684 const IN_TBODY = 7;
1685 const IN_ROW = 8;
1686 const IN_CELL = 9;
1687 const IN_SELECT = 10;
1688 const AFTER_BODY = 11;
1689 const IN_FRAME = 12;
1690 const AFTR_FRAME = 13;
1691
1692 // The different types of elements.
1693 const SPECIAL = 0;
1694 const SCOPING = 1;
1695 const FORMATTING = 2;
1696 const PHRASING = 3;
1697
1698 const MARKER = 0;
1699
1700 public function __construct()
1701 {
1702 $this->phase = self::INIT_PHASE;
1703 $this->mode = self::BEFOR_HEAD;
1704 $this->dom = new DOMDocument;
1705
1706 $this->dom->encoding = 'UTF-8';
1707 $this->dom->preserveWhiteSpace = true;
1708 $this->dom->substituteEntities = true;
1709 $this->dom->strictErrorChecking = false;
1710 }
1711
1712 // Process tag tokens
1713 public function emitToken($token)
1714 {
1715 switch ($this->phase) {
1716 case self::INIT_PHASE:
1717 return $this->initPhase($token);
1718 break;
1719 case self::ROOT_PHASE:
1720 return $this->rootElementPhase($token);
1721 break;
1722 case self::MAIN_PHASE:
1723 return $this->mainPhase($token);
1724 break;
1725 case self::END_PHASE :
1726 return $this->trailingEndPhase($token);
1727 break;
1728 }
1729 }
1730
1731 private function initPhase($token)
1732 {
1733 /* Initially, the tree construction stage must handle each token
1734 emitted from the tokenisation stage as follows: */
1735
1736 /* A DOCTYPE token that is marked as being in error
1737 A comment token
1738 A start tag token
1739 An end tag token
1740 A character token that is not one of one of U+0009 CHARACTER TABULATION,
1741 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1742 or U+0020 SPACE
1743 An end-of-file token */
1744 if ((isset($token['error']) && $token['error']) ||
1745 $token['type'] === HTML5::COMMENT ||
1746 $token['type'] === HTML5::STARTTAG ||
1747 $token['type'] === HTML5::ENDTAG ||
1748 $token['type'] === HTML5::EOF ||
1749 ($token['type'] === HTML5::CHARACTR && isset($token['data']) &&
1750 !preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data']))
1751 ) {
1752 /* This specification does not define how to handle this case. In
1753 particular, user agents may ignore the entirety of this specification
1754 altogether for such documents, and instead invoke special parse modes
1755 with a greater emphasis on backwards compatibility. */
1756
1757 $this->phase = self::ROOT_PHASE;
1758 return $this->rootElementPhase($token);
1759
1760 /* A DOCTYPE token marked as being correct */
1761 } elseif (isset($token['error']) && !$token['error']) {
1762 /* Append a DocumentType node to the Document node, with the name
1763 attribute set to the name given in the DOCTYPE token (which will be
1764 "HTML"), and the other attributes specific to DocumentType objects
1765 set to null, empty lists, or the empty string as appropriate. */
1766 $doctype = new DOMDocumentType(null, null, 'HTML');
1767
1768 /* Then, switch to the root element phase of the tree construction
1769 stage. */
1770 $this->phase = self::ROOT_PHASE;
1771
1772 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
1773 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1774 or U+0020 SPACE */
1775 } elseif (isset($token['data']) && preg_match(
1776 '/^[\t\n\x0b\x0c ]+$/',
1777 $token['data']
1778 )
1779 ) {
1780 /* Append that character to the Document node. */
1781 $text = $this->dom->createTextNode($token['data']);
1782 $this->dom->appendChild($text);
1783 }
1784 }
1785
1786 private function rootElementPhase($token)
1787 {
1788 /* After the initial phase, as each token is emitted from the tokenisation
1789 stage, it must be processed as described in this section. */
1790
1791 /* A DOCTYPE token */
1792 if ($token['type'] === HTML5::DOCTYPE) {
1793 // Parse error. Ignore the token.
1794
1795 /* A comment token */
1796 } elseif ($token['type'] === HTML5::COMMENT) {
1797 /* Append a Comment node to the Document object with the data
1798 attribute set to the data given in the comment token. */
1799 $comment = $this->dom->createComment($token['data']);
1800 $this->dom->appendChild($comment);
1801
1802 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
1803 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1804 or U+0020 SPACE */
1805 } elseif ($token['type'] === HTML5::CHARACTR &&
1806 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
1807 ) {
1808 /* Append that character to the Document node. */
1809 $text = $this->dom->createTextNode($token['data']);
1810 $this->dom->appendChild($text);
1811
1812 /* A character token that is not one of U+0009 CHARACTER TABULATION,
1813 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED
1814 (FF), or U+0020 SPACE
1815 A start tag token
1816 An end tag token
1817 An end-of-file token */
1818 } elseif (($token['type'] === HTML5::CHARACTR &&
1819 !preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) ||
1820 $token['type'] === HTML5::STARTTAG ||
1821 $token['type'] === HTML5::ENDTAG ||
1822 $token['type'] === HTML5::EOF
1823 ) {
1824 /* Create an HTMLElement node with the tag name html, in the HTML
1825 namespace. Append it to the Document object. Switch to the main
1826 phase and reprocess the current token. */
1827 $html = $this->dom->createElement('html');
1828 $this->dom->appendChild($html);
1829 $this->stack[] = $html;
1830
1831 $this->phase = self::MAIN_PHASE;
1832 return $this->mainPhase($token);
1833 }
1834 }
1835
1836 private function mainPhase($token)
1837 {
1838 /* Tokens in the main phase must be handled as follows: */
1839
1840 /* A DOCTYPE token */
1841 if ($token['type'] === HTML5::DOCTYPE) {
1842 // Parse error. Ignore the token.
1843
1844 /* A start tag token with the tag name "html" */
1845 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'html') {
1846 /* If this start tag token was not the first start tag token, then
1847 it is a parse error. */
1848
1849 /* For each attribute on the token, check to see if the attribute
1850 is already present on the top element of the stack of open elements.
1851 If it is not, add the attribute and its corresponding value to that
1852 element. */
1853 foreach ($token['attr'] as $attr) {
1854 if (!$this->stack[0]->hasAttribute($attr['name'])) {
1855 $this->stack[0]->setAttribute($attr['name'], $attr['value']);
1856 }
1857 }
1858
1859 /* An end-of-file token */
1860 } elseif ($token['type'] === HTML5::EOF) {
1861 /* Generate implied end tags. */
1862 $this->generateImpliedEndTags();
1863
1864 /* Anything else. */
1865 } else {
1866 /* Depends on the insertion mode: */
1867 switch ($this->mode) {
1868 case self::BEFOR_HEAD:
1869 return $this->beforeHead($token);
1870 break;
1871 case self::IN_HEAD:
1872 return $this->inHead($token);
1873 break;
1874 case self::AFTER_HEAD:
1875 return $this->afterHead($token);
1876 break;
1877 case self::IN_BODY:
1878 return $this->inBody($token);
1879 break;
1880 case self::IN_TABLE:
1881 return $this->inTable($token);
1882 break;
1883 case self::IN_CAPTION:
1884 return $this->inCaption($token);
1885 break;
1886 case self::IN_CGROUP:
1887 return $this->inColumnGroup($token);
1888 break;
1889 case self::IN_TBODY:
1890 return $this->inTableBody($token);
1891 break;
1892 case self::IN_ROW:
1893 return $this->inRow($token);
1894 break;
1895 case self::IN_CELL:
1896 return $this->inCell($token);
1897 break;
1898 case self::IN_SELECT:
1899 return $this->inSelect($token);
1900 break;
1901 case self::AFTER_BODY:
1902 return $this->afterBody($token);
1903 break;
1904 case self::IN_FRAME:
1905 return $this->inFrameset($token);
1906 break;
1907 case self::AFTR_FRAME:
1908 return $this->afterFrameset($token);
1909 break;
1910 case self::END_PHASE:
1911 return $this->trailingEndPhase($token);
1912 break;
1913 }
1914 }
1915 }
1916
1917 private function beforeHead($token)
1918 {
1919 /* Handle the token as follows: */
1920
1921 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
1922 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1923 or U+0020 SPACE */
1924 if ($token['type'] === HTML5::CHARACTR &&
1925 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
1926 ) {
1927 /* Append the character to the current node. */
1928 $this->insertText($token['data']);
1929
1930 /* A comment token */
1931 } elseif ($token['type'] === HTML5::COMMENT) {
1932 /* Append a Comment node to the current node with the data attribute
1933 set to the data given in the comment token. */
1934 $this->insertComment($token['data']);
1935
1936 /* A start tag token with the tag name "head" */
1937 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') {
1938 /* Create an element for the token, append the new element to the
1939 current node and push it onto the stack of open elements. */
1940 $element = $this->insertElement($token);
1941
1942 /* Set the head element pointer to this new element node. */
1943 $this->head_pointer = $element;
1944
1945 /* Change the insertion mode to "in head". */
1946 $this->mode = self::IN_HEAD;
1947
1948 /* A start tag token whose tag name is one of: "base", "link", "meta",
1949 "script", "style", "title". Or an end tag with the tag name "html".
1950 Or a character token that is not one of U+0009 CHARACTER TABULATION,
1951 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1952 or U+0020 SPACE. Or any other start tag token */
1953 } elseif ($token['type'] === HTML5::STARTTAG ||
1954 ($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') ||
1955 ($token['type'] === HTML5::CHARACTR && !preg_match(
1956 '/^[\t\n\x0b\x0c ]$/',
1957 $token['data']
1958 ))
1959 ) {
1960 /* Act as if a start tag token with the tag name "head" and no
1961 attributes had been seen, then reprocess the current token. */
1962 $this->beforeHead(
1963 array(
1964 'name' => 'head',
1965 'type' => HTML5::STARTTAG,
1966 'attr' => array()
1967 )
1968 );
1969
1970 return $this->inHead($token);
1971
1972 /* Any other end tag */
1973 } elseif ($token['type'] === HTML5::ENDTAG) {
1974 /* Parse error. Ignore the token. */
1975 }
1976 }
1977
1978 private function inHead($token)
1979 {
1980 /* Handle the token as follows: */
1981
1982 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
1983 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
1984 or U+0020 SPACE.
1985
1986 THIS DIFFERS FROM THE SPEC: If the current node is either a title, style
1987 or script element, append the character to the current node regardless
1988 of its content. */
1989 if (($token['type'] === HTML5::CHARACTR &&
1990 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) || (
1991 $token['type'] === HTML5::CHARACTR && in_array(
1992 end($this->stack)->nodeName,
1993 array('title', 'style', 'script')
1994 ))
1995 ) {
1996 /* Append the character to the current node. */
1997 $this->insertText($token['data']);
1998
1999 /* A comment token */
2000 } elseif ($token['type'] === HTML5::COMMENT) {
2001 /* Append a Comment node to the current node with the data attribute
2002 set to the data given in the comment token. */
2003 $this->insertComment($token['data']);
2004
2005 } elseif ($token['type'] === HTML5::ENDTAG &&
2006 in_array($token['name'], array('title', 'style', 'script'))
2007 ) {
2008 array_pop($this->stack);
2009 return HTML5::PCDATA;
2010
2011 /* A start tag with the tag name "title" */
2012 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'title') {
2013 /* Create an element for the token and append the new element to the
2014 node pointed to by the head element pointer, or, if that is null
2015 (innerHTML case), to the current node. */
2016 if ($this->head_pointer !== null) {
2017 $element = $this->insertElement($token, false);
2018 $this->head_pointer->appendChild($element);
2019
2020 } else {
2021 $element = $this->insertElement($token);
2022 }
2023
2024 /* Switch the tokeniser's content model flag to the RCDATA state. */
2025 return HTML5::RCDATA;
2026
2027 /* A start tag with the tag name "style" */
2028 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'style') {
2029 /* Create an element for the token and append the new element to the
2030 node pointed to by the head element pointer, or, if that is null
2031 (innerHTML case), to the current node. */
2032 if ($this->head_pointer !== null) {
2033 $element = $this->insertElement($token, false);
2034 $this->head_pointer->appendChild($element);
2035
2036 } else {
2037 $this->insertElement($token);
2038 }
2039
2040 /* Switch the tokeniser's content model flag to the CDATA state. */
2041 return HTML5::CDATA;
2042
2043 /* A start tag with the tag name "script" */
2044 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'script') {
2045 /* Create an element for the token. */
2046 $element = $this->insertElement($token, false);
2047 $this->head_pointer->appendChild($element);
2048
2049 /* Switch the tokeniser's content model flag to the CDATA state. */
2050 return HTML5::CDATA;
2051
2052 /* A start tag with the tag name "base", "link", or "meta" */
2053 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
2054 $token['name'],
2055 array('base', 'link', 'meta')
2056 )
2057 ) {
2058 /* Create an element for the token and append the new element to the
2059 node pointed to by the head element pointer, or, if that is null
2060 (innerHTML case), to the current node. */
2061 if ($this->head_pointer !== null) {
2062 $element = $this->insertElement($token, false);
2063 $this->head_pointer->appendChild($element);
2064 array_pop($this->stack);
2065
2066 } else {
2067 $this->insertElement($token);
2068 }
2069
2070 /* An end tag with the tag name "head" */
2071 } elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'head') {
2072 /* If the current node is a head element, pop the current node off
2073 the stack of open elements. */
2074 if ($this->head_pointer->isSameNode(end($this->stack))) {
2075 array_pop($this->stack);
2076
2077 /* Otherwise, this is a parse error. */
2078 } else {
2079 // k
2080 }
2081
2082 /* Change the insertion mode to "after head". */
2083 $this->mode = self::AFTER_HEAD;
2084
2085 /* A start tag with the tag name "head" or an end tag except "html". */
2086 } elseif (($token['type'] === HTML5::STARTTAG && $token['name'] === 'head') ||
2087 ($token['type'] === HTML5::ENDTAG && $token['name'] !== 'html')
2088 ) {
2089 // Parse error. Ignore the token.
2090
2091 /* Anything else */
2092 } else {
2093 /* If the current node is a head element, act as if an end tag
2094 token with the tag name "head" had been seen. */
2095 if ($this->head_pointer->isSameNode(end($this->stack))) {
2096 $this->inHead(
2097 array(
2098 'name' => 'head',
2099 'type' => HTML5::ENDTAG
2100 )
2101 );
2102
2103 /* Otherwise, change the insertion mode to "after head". */
2104 } else {
2105 $this->mode = self::AFTER_HEAD;
2106 }
2107
2108 /* Then, reprocess the current token. */
2109 return $this->afterHead($token);
2110 }
2111 }
2112
2113 private function afterHead($token)
2114 {
2115 /* Handle the token as follows: */
2116
2117 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
2118 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
2119 or U+0020 SPACE */
2120 if ($token['type'] === HTML5::CHARACTR &&
2121 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
2122 ) {
2123 /* Append the character to the current node. */
2124 $this->insertText($token['data']);
2125
2126 /* A comment token */
2127 } elseif ($token['type'] === HTML5::COMMENT) {
2128 /* Append a Comment node to the current node with the data attribute
2129 set to the data given in the comment token. */
2130 $this->insertComment($token['data']);
2131
2132 /* A start tag token with the tag name "body" */
2133 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'body') {
2134 /* Insert a body element for the token. */
2135 $this->insertElement($token);
2136
2137 /* Change the insertion mode to "in body". */
2138 $this->mode = self::IN_BODY;
2139
2140 /* A start tag token with the tag name "frameset" */
2141 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'frameset') {
2142 /* Insert a frameset element for the token. */
2143 $this->insertElement($token);
2144
2145 /* Change the insertion mode to "in frameset". */
2146 $this->mode = self::IN_FRAME;
2147
2148 /* A start tag token whose tag name is one of: "base", "link", "meta",
2149 "script", "style", "title" */
2150 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
2151 $token['name'],
2152 array('base', 'link', 'meta', 'script', 'style', 'title')
2153 )
2154 ) {
2155 /* Parse error. Switch the insertion mode back to "in head" and
2156 reprocess the token. */
2157 $this->mode = self::IN_HEAD;
2158 return $this->inHead($token);
2159
2160 /* Anything else */
2161 } else {
2162 /* Act as if a start tag token with the tag name "body" and no
2163 attributes had been seen, and then reprocess the current token. */
2164 $this->afterHead(
2165 array(
2166 'name' => 'body',
2167 'type' => HTML5::STARTTAG,
2168 'attr' => array()
2169 )
2170 );
2171
2172 return $this->inBody($token);
2173 }
2174 }
2175
2176 private function inBody($token)
2177 {
2178 /* Handle the token as follows: */
2179
2180 switch ($token['type']) {
2181 /* A character token */
2182 case HTML5::CHARACTR:
2183 /* Reconstruct the active formatting elements, if any. */
2184 $this->reconstructActiveFormattingElements();
2185
2186 /* Append the token's character to the current node. */
2187 $this->insertText($token['data']);
2188 break;
2189
2190 /* A comment token */
2191 case HTML5::COMMENT:
2192 /* Append a Comment node to the current node with the data
2193 attribute set to the data given in the comment token. */
2194 $this->insertComment($token['data']);
2195 break;
2196
2197 case HTML5::STARTTAG:
2198 switch ($token['name']) {
2199 /* A start tag token whose tag name is one of: "script",
2200 "style" */
2201 case 'script':
2202 case 'style':
2203 /* Process the token as if the insertion mode had been "in
2204 head". */
2205 return $this->inHead($token);
2206 break;
2207
2208 /* A start tag token whose tag name is one of: "base", "link",
2209 "meta", "title" */
2210 case 'base':
2211 case 'link':
2212 case 'meta':
2213 case 'title':
2214 /* Parse error. Process the token as if the insertion mode
2215 had been "in head". */
2216 return $this->inHead($token);
2217 break;
2218
2219 /* A start tag token with the tag name "body" */
2220 case 'body':
2221 /* Parse error. If the second element on the stack of open
2222 elements is not a body element, or, if the stack of open
2223 elements has only one node on it, then ignore the token.
2224 (innerHTML case) */
2225 if (count($this->stack) === 1 || $this->stack[1]->nodeName !== 'body') {
2226 // Ignore
2227
2228 /* Otherwise, for each attribute on the token, check to see
2229 if the attribute is already present on the body element (the
2230 second element) on the stack of open elements. If it is not,
2231 add the attribute and its corresponding value to that
2232 element. */
2233 } else {
2234 foreach ($token['attr'] as $attr) {
2235 if (!$this->stack[1]->hasAttribute($attr['name'])) {
2236 $this->stack[1]->setAttribute($attr['name'], $attr['value']);
2237 }
2238 }
2239 }
2240 break;
2241
2242 /* A start tag whose tag name is one of: "address",
2243 "blockquote", "center", "dir", "div", "dl", "fieldset",
2244 "listing", "menu", "ol", "p", "ul" */
2245 case 'address':
2246 case 'blockquote':
2247 case 'center':
2248 case 'dir':
2249 case 'div':
2250 case 'dl':
2251 case 'fieldset':
2252 case 'listing':
2253 case 'menu':
2254 case 'ol':
2255 case 'p':
2256 case 'ul':
2257 /* If the stack of open elements has a p element in scope,
2258 then act as if an end tag with the tag name p had been
2259 seen. */
2260 if ($this->elementInScope('p')) {
2261 $this->emitToken(
2262 array(
2263 'name' => 'p',
2264 'type' => HTML5::ENDTAG
2265 )
2266 );
2267 }
2268
2269 /* Insert an HTML element for the token. */
2270 $this->insertElement($token);
2271 break;
2272
2273 /* A start tag whose tag name is "form" */
2274 case 'form':
2275 /* If the form element pointer is not null, ignore the
2276 token with a parse error. */
2277 if ($this->form_pointer !== null) {
2278 // Ignore.
2279
2280 /* Otherwise: */
2281 } else {
2282 /* If the stack of open elements has a p element in
2283 scope, then act as if an end tag with the tag name p
2284 had been seen. */
2285 if ($this->elementInScope('p')) {
2286 $this->emitToken(
2287 array(
2288 'name' => 'p',
2289 'type' => HTML5::ENDTAG
2290 )
2291 );
2292 }
2293
2294 /* Insert an HTML element for the token, and set the
2295 form element pointer to point to the element created. */
2296 $element = $this->insertElement($token);
2297 $this->form_pointer = $element;
2298 }
2299 break;
2300
2301 /* A start tag whose tag name is "li", "dd" or "dt" */
2302 case 'li':
2303 case 'dd':
2304 case 'dt':
2305 /* If the stack of open elements has a p element in scope,
2306 then act as if an end tag with the tag name p had been
2307 seen. */
2308 if ($this->elementInScope('p')) {
2309 $this->emitToken(
2310 array(
2311 'name' => 'p',
2312 'type' => HTML5::ENDTAG
2313 )
2314 );
2315 }
2316
2317 $stack_length = count($this->stack) - 1;
2318
2319 for ($n = $stack_length; 0 <= $n; $n--) {
2320 /* 1. Initialise node to be the current node (the
2321 bottommost node of the stack). */
2322 $stop = false;
2323 $node = $this->stack[$n];
2324 $cat = $this->getElementCategory($node->tagName);
2325
2326 /* 2. If node is an li, dd or dt element, then pop all
2327 the nodes from the current node up to node, including
2328 node, then stop this algorithm. */
2329 if ($token['name'] === $node->tagName || ($token['name'] !== 'li'
2330 && ($node->tagName === 'dd' || $node->tagName === 'dt'))
2331 ) {
2332 for ($x = $stack_length; $x >= $n; $x--) {
2333 array_pop($this->stack);
2334 }
2335
2336 break;
2337 }
2338
2339 /* 3. If node is not in the formatting category, and is
2340 not in the phrasing category, and is not an address or
2341 div element, then stop this algorithm. */
2342 if ($cat !== self::FORMATTING && $cat !== self::PHRASING &&
2343 $node->tagName !== 'address' && $node->tagName !== 'div'
2344 ) {
2345 break;
2346 }
2347 }
2348
2349 /* Finally, insert an HTML element with the same tag
2350 name as the token's. */
2351 $this->insertElement($token);
2352 break;
2353
2354 /* A start tag token whose tag name is "plaintext" */
2355 case 'plaintext':
2356 /* If the stack of open elements has a p element in scope,
2357 then act as if an end tag with the tag name p had been
2358 seen. */
2359 if ($this->elementInScope('p')) {
2360 $this->emitToken(
2361 array(
2362 'name' => 'p',
2363 'type' => HTML5::ENDTAG
2364 )
2365 );
2366 }
2367
2368 /* Insert an HTML element for the token. */
2369 $this->insertElement($token);
2370
2371 return HTML5::PLAINTEXT;
2372 break;
2373
2374 /* A start tag whose tag name is one of: "h1", "h2", "h3", "h4",
2375 "h5", "h6" */
2376 case 'h1':
2377 case 'h2':
2378 case 'h3':
2379 case 'h4':
2380 case 'h5':
2381 case 'h6':
2382 /* If the stack of open elements has a p element in scope,
2383 then act as if an end tag with the tag name p had been seen. */
2384 if ($this->elementInScope('p')) {
2385 $this->emitToken(
2386 array(
2387 'name' => 'p',
2388 'type' => HTML5::ENDTAG
2389 )
2390 );
2391 }
2392
2393 /* If the stack of open elements has in scope an element whose
2394 tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then
2395 this is a parse error; pop elements from the stack until an
2396 element with one of those tag names has been popped from the
2397 stack. */
2398 while ($this->elementInScope(array('h1', 'h2', 'h3', 'h4', 'h5', 'h6'))) {
2399 array_pop($this->stack);
2400 }
2401
2402 /* Insert an HTML element for the token. */
2403 $this->insertElement($token);
2404 break;
2405
2406 /* A start tag whose tag name is "a" */
2407 case 'a':
2408 /* If the list of active formatting elements contains
2409 an element whose tag name is "a" between the end of the
2410 list and the last marker on the list (or the start of
2411 the list if there is no marker on the list), then this
2412 is a parse error; act as if an end tag with the tag name
2413 "a" had been seen, then remove that element from the list
2414 of active formatting elements and the stack of open
2415 elements if the end tag didn't already remove it (it
2416 might not have if the element is not in table scope). */
2417 $leng = count($this->a_formatting);
2418
2419 for ($n = $leng - 1; $n >= 0; $n--) {
2420 if ($this->a_formatting[$n] === self::MARKER) {
2421 break;
2422
2423 } elseif ($this->a_formatting[$n]->nodeName === 'a') {
2424 $this->emitToken(
2425 array(
2426 'name' => 'a',
2427 'type' => HTML5::ENDTAG
2428 )
2429 );
2430 break;
2431 }
2432 }
2433
2434 /* Reconstruct the active formatting elements, if any. */
2435 $this->reconstructActiveFormattingElements();
2436
2437 /* Insert an HTML element for the token. */
2438 $el = $this->insertElement($token);
2439
2440 /* Add that element to the list of active formatting
2441 elements. */
2442 $this->a_formatting[] = $el;
2443 break;
2444
2445 /* A start tag whose tag name is one of: "b", "big", "em", "font",
2446 "i", "nobr", "s", "small", "strike", "strong", "tt", "u" */
2447 case 'b':
2448 case 'big':
2449 case 'em':
2450 case 'font':
2451 case 'i':
2452 case 'nobr':
2453 case 's':
2454 case 'small':
2455 case 'strike':
2456 case 'strong':
2457 case 'tt':
2458 case 'u':
2459 /* Reconstruct the active formatting elements, if any. */
2460 $this->reconstructActiveFormattingElements();
2461
2462 /* Insert an HTML element for the token. */
2463 $el = $this->insertElement($token);
2464
2465 /* Add that element to the list of active formatting
2466 elements. */
2467 $this->a_formatting[] = $el;
2468 break;
2469
2470 /* A start tag token whose tag name is "button" */
2471 case 'button':
2472 /* If the stack of open elements has a button element in scope,
2473 then this is a parse error; act as if an end tag with the tag
2474 name "button" had been seen, then reprocess the token. (We don't
2475 do that. Unnecessary.) */
2476 if ($this->elementInScope('button')) {
2477 $this->inBody(
2478 array(
2479 'name' => 'button',
2480 'type' => HTML5::ENDTAG
2481 )
2482 );
2483 }
2484
2485 /* Reconstruct the active formatting elements, if any. */
2486 $this->reconstructActiveFormattingElements();
2487
2488 /* Insert an HTML element for the token. */
2489 $this->insertElement($token);
2490
2491 /* Insert a marker at the end of the list of active
2492 formatting elements. */
2493 $this->a_formatting[] = self::MARKER;
2494 break;
2495
2496 /* A start tag token whose tag name is one of: "marquee", "object" */
2497 case 'marquee':
2498 case 'object':
2499 /* Reconstruct the active formatting elements, if any. */
2500 $this->reconstructActiveFormattingElements();
2501
2502 /* Insert an HTML element for the token. */
2503 $this->insertElement($token);
2504
2505 /* Insert a marker at the end of the list of active
2506 formatting elements. */
2507 $this->a_formatting[] = self::MARKER;
2508 break;
2509
2510 /* A start tag token whose tag name is "xmp" */
2511 case 'xmp':
2512 /* Reconstruct the active formatting elements, if any. */
2513 $this->reconstructActiveFormattingElements();
2514
2515 /* Insert an HTML element for the token. */
2516 $this->insertElement($token);
2517
2518 /* Switch the content model flag to the CDATA state. */
2519 return HTML5::CDATA;
2520 break;
2521
2522 /* A start tag whose tag name is "table" */
2523 case 'table':
2524 /* If the stack of open elements has a p element in scope,
2525 then act as if an end tag with the tag name p had been seen. */
2526 if ($this->elementInScope('p')) {
2527 $this->emitToken(
2528 array(
2529 'name' => 'p',
2530 'type' => HTML5::ENDTAG
2531 )
2532 );
2533 }
2534
2535 /* Insert an HTML element for the token. */
2536 $this->insertElement($token);
2537
2538 /* Change the insertion mode to "in table". */
2539 $this->mode = self::IN_TABLE;
2540 break;
2541
2542 /* A start tag whose tag name is one of: "area", "basefont",
2543 "bgsound", "br", "embed", "img", "param", "spacer", "wbr" */
2544 case 'area':
2545 case 'basefont':
2546 case 'bgsound':
2547 case 'br':
2548 case 'embed':
2549 case 'img':
2550 case 'param':
2551 case 'spacer':
2552 case 'wbr':
2553 /* Reconstruct the active formatting elements, if any. */
2554 $this->reconstructActiveFormattingElements();
2555
2556 /* Insert an HTML element for the token. */
2557 $this->insertElement($token);
2558
2559 /* Immediately pop the current node off the stack of open elements. */
2560 array_pop($this->stack);
2561 break;
2562
2563 /* A start tag whose tag name is "hr" */
2564 case 'hr':
2565 /* If the stack of open elements has a p element in scope,
2566 then act as if an end tag with the tag name p had been seen. */
2567 if ($this->elementInScope('p')) {
2568 $this->emitToken(
2569 array(
2570 'name' => 'p',
2571 'type' => HTML5::ENDTAG
2572 )
2573 );
2574 }
2575
2576 /* Insert an HTML element for the token. */
2577 $this->insertElement($token);
2578
2579 /* Immediately pop the current node off the stack of open elements. */
2580 array_pop($this->stack);
2581 break;
2582
2583 /* A start tag whose tag name is "image" */
2584 case 'image':
2585 /* Parse error. Change the token's tag name to "img" and
2586 reprocess it. (Don't ask.) */
2587 $token['name'] = 'img';
2588 return $this->inBody($token);
2589 break;
2590
2591 /* A start tag whose tag name is "input" */
2592 case 'input':
2593 /* Reconstruct the active formatting elements, if any. */
2594 $this->reconstructActiveFormattingElements();
2595
2596 /* Insert an input element for the token. */
2597 $element = $this->insertElement($token, false);
2598
2599 /* If the form element pointer is not null, then associate the
2600 input element with the form element pointed to by the form
2601 element pointer. */
2602 $this->form_pointer !== null
2603 ? $this->form_pointer->appendChild($element)
2604 : end($this->stack)->appendChild($element);
2605
2606 /* Pop that input element off the stack of open elements. */
2607 array_pop($this->stack);
2608 break;
2609
2610 /* A start tag whose tag name is "isindex" */
2611 case 'isindex':
2612 /* Parse error. */
2613 // w/e
2614
2615 /* If the form element pointer is not null,
2616 then ignore the token. */
2617 if ($this->form_pointer === null) {
2618 /* Act as if a start tag token with the tag name "form" had
2619 been seen. */
2620 $this->inBody(
2621 array(
2622 'name' => 'body',
2623 'type' => HTML5::STARTTAG,
2624 'attr' => array()
2625 )
2626 );
2627
2628 /* Act as if a start tag token with the tag name "hr" had
2629 been seen. */
2630 $this->inBody(
2631 array(
2632 'name' => 'hr',
2633 'type' => HTML5::STARTTAG,
2634 'attr' => array()
2635 )
2636 );
2637
2638 /* Act as if a start tag token with the tag name "p" had
2639 been seen. */
2640 $this->inBody(
2641 array(
2642 'name' => 'p',
2643 'type' => HTML5::STARTTAG,
2644 'attr' => array()
2645 )
2646 );
2647
2648 /* Act as if a start tag token with the tag name "label"
2649 had been seen. */
2650 $this->inBody(
2651 array(
2652 'name' => 'label',
2653 'type' => HTML5::STARTTAG,
2654 'attr' => array()
2655 )
2656 );
2657
2658 /* Act as if a stream of character tokens had been seen. */
2659 $this->insertText(
2660 'This is a searchable index. ' .
2661 'Insert your search keywords here: '
2662 );
2663
2664 /* Act as if a start tag token with the tag name "input"
2665 had been seen, with all the attributes from the "isindex"
2666 token, except with the "name" attribute set to the value
2667 "isindex" (ignoring any explicit "name" attribute). */
2668 $attr = $token['attr'];
2669 $attr[] = array('name' => 'name', 'value' => 'isindex');
2670
2671 $this->inBody(
2672 array(
2673 'name' => 'input',
2674 'type' => HTML5::STARTTAG,
2675 'attr' => $attr
2676 )
2677 );
2678
2679 /* Act as if a stream of character tokens had been seen
2680 (see below for what they should say). */
2681 $this->insertText(
2682 'This is a searchable index. ' .
2683 'Insert your search keywords here: '
2684 );
2685
2686 /* Act as if an end tag token with the tag name "label"
2687 had been seen. */
2688 $this->inBody(
2689 array(
2690 'name' => 'label',
2691 'type' => HTML5::ENDTAG
2692 )
2693 );
2694
2695 /* Act as if an end tag token with the tag name "p" had
2696 been seen. */
2697 $this->inBody(
2698 array(
2699 'name' => 'p',
2700 'type' => HTML5::ENDTAG
2701 )
2702 );
2703
2704 /* Act as if a start tag token with the tag name "hr" had
2705 been seen. */
2706 $this->inBody(
2707 array(
2708 'name' => 'hr',
2709 'type' => HTML5::ENDTAG
2710 )
2711 );
2712
2713 /* Act as if an end tag token with the tag name "form" had
2714 been seen. */
2715 $this->inBody(
2716 array(
2717 'name' => 'form',
2718 'type' => HTML5::ENDTAG
2719 )
2720 );
2721 }
2722 break;
2723
2724 /* A start tag whose tag name is "textarea" */
2725 case 'textarea':
2726 $this->insertElement($token);
2727
2728 /* Switch the tokeniser's content model flag to the
2729 RCDATA state. */
2730 return HTML5::RCDATA;
2731 break;
2732
2733 /* A start tag whose tag name is one of: "iframe", "noembed",
2734 "noframes" */
2735 case 'iframe':
2736 case 'noembed':
2737 case 'noframes':
2738 $this->insertElement($token);
2739
2740 /* Switch the tokeniser's content model flag to the CDATA state. */
2741 return HTML5::CDATA;
2742 break;
2743
2744 /* A start tag whose tag name is "select" */
2745 case 'select':
2746 /* Reconstruct the active formatting elements, if any. */
2747 $this->reconstructActiveFormattingElements();
2748
2749 /* Insert an HTML element for the token. */
2750 $this->insertElement($token);
2751
2752 /* Change the insertion mode to "in select". */
2753 $this->mode = self::IN_SELECT;
2754 break;
2755
2756 /* A start or end tag whose tag name is one of: "caption", "col",
2757 "colgroup", "frame", "frameset", "head", "option", "optgroup",
2758 "tbody", "td", "tfoot", "th", "thead", "tr". */
2759 case 'caption':
2760 case 'col':
2761 case 'colgroup':
2762 case 'frame':
2763 case 'frameset':
2764 case 'head':
2765 case 'option':
2766 case 'optgroup':
2767 case 'tbody':
2768 case 'td':
2769 case 'tfoot':
2770 case 'th':
2771 case 'thead':
2772 case 'tr':
2773 // Parse error. Ignore the token.
2774 break;
2775
2776 /* A start or end tag whose tag name is one of: "event-source",
2777 "section", "nav", "article", "aside", "header", "footer",
2778 "datagrid", "command" */
2779 case 'event-source':
2780 case 'section':
2781 case 'nav':
2782 case 'article':
2783 case 'aside':
2784 case 'header':
2785 case 'footer':
2786 case 'datagrid':
2787 case 'command':
2788 // Work in progress!
2789 break;
2790
2791 /* A start tag token not covered by the previous entries */
2792 default:
2793 /* Reconstruct the active formatting elements, if any. */
2794 $this->reconstructActiveFormattingElements();
2795
2796 $this->insertElement($token, true, true);
2797 break;
2798 }
2799 break;
2800
2801 case HTML5::ENDTAG:
2802 switch ($token['name']) {
2803 /* An end tag with the tag name "body" */
2804 case 'body':
2805 /* If the second element in the stack of open elements is
2806 not a body element, this is a parse error. Ignore the token.
2807 (innerHTML case) */
2808 if (count($this->stack) < 2 || $this->stack[1]->nodeName !== 'body') {
2809 // Ignore.
2810
2811 /* If the current node is not the body element, then this
2812 is a parse error. */
2813 } elseif (end($this->stack)->nodeName !== 'body') {
2814 // Parse error.
2815 }
2816
2817 /* Change the insertion mode to "after body". */
2818 $this->mode = self::AFTER_BODY;
2819 break;
2820
2821 /* An end tag with the tag name "html" */
2822 case 'html':
2823 /* Act as if an end tag with tag name "body" had been seen,
2824 then, if that token wasn't ignored, reprocess the current
2825 token. */
2826 $this->inBody(
2827 array(
2828 'name' => 'body',
2829 'type' => HTML5::ENDTAG
2830 )
2831 );
2832
2833 return $this->afterBody($token);
2834 break;
2835
2836 /* An end tag whose tag name is one of: "address", "blockquote",
2837 "center", "dir", "div", "dl", "fieldset", "listing", "menu",
2838 "ol", "pre", "ul" */
2839 case 'address':
2840 case 'blockquote':
2841 case 'center':
2842 case 'dir':
2843 case 'div':
2844 case 'dl':
2845 case 'fieldset':
2846 case 'listing':
2847 case 'menu':
2848 case 'ol':
2849 case 'pre':
2850 case 'ul':
2851 /* If the stack of open elements has an element in scope
2852 with the same tag name as that of the token, then generate
2853 implied end tags. */
2854 if ($this->elementInScope($token['name'])) {
2855 $this->generateImpliedEndTags();
2856
2857 /* Now, if the current node is not an element with
2858 the same tag name as that of the token, then this
2859 is a parse error. */
2860 // w/e
2861
2862 /* If the stack of open elements has an element in
2863 scope with the same tag name as that of the token,
2864 then pop elements from this stack until an element
2865 with that tag name has been popped from the stack. */
2866 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
2867 if ($this->stack[$n]->nodeName === $token['name']) {
2868 $n = -1;
2869 }
2870
2871 array_pop($this->stack);
2872 }
2873 }
2874 break;
2875
2876 /* An end tag whose tag name is "form" */
2877 case 'form':
2878 /* If the stack of open elements has an element in scope
2879 with the same tag name as that of the token, then generate
2880 implied end tags. */
2881 if ($this->elementInScope($token['name'])) {
2882 $this->generateImpliedEndTags();
2883
2884 }
2885
2886 if (end($this->stack)->nodeName !== $token['name']) {
2887 /* Now, if the current node is not an element with the
2888 same tag name as that of the token, then this is a parse
2889 error. */
2890 // w/e
2891
2892 } else {
2893 /* Otherwise, if the current node is an element with
2894 the same tag name as that of the token pop that element
2895 from the stack. */
2896 array_pop($this->stack);
2897 }
2898
2899 /* In any case, set the form element pointer to null. */
2900 $this->form_pointer = null;
2901 break;
2902
2903 /* An end tag whose tag name is "p" */
2904 case 'p':
2905 /* If the stack of open elements has a p element in scope,
2906 then generate implied end tags, except for p elements. */
2907 if ($this->elementInScope('p')) {
2908 $this->generateImpliedEndTags(array('p'));
2909
2910 /* If the current node is not a p element, then this is
2911 a parse error. */
2912 // k
2913
2914 /* If the stack of open elements has a p element in
2915 scope, then pop elements from this stack until the stack
2916 no longer has a p element in scope. */
2917 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
2918 if ($this->elementInScope('p')) {
2919 array_pop($this->stack);
2920
2921 } else {
2922 break;
2923 }
2924 }
2925 }
2926 break;
2927
2928 /* An end tag whose tag name is "dd", "dt", or "li" */
2929 case 'dd':
2930 case 'dt':
2931 case 'li':
2932 /* If the stack of open elements has an element in scope
2933 whose tag name matches the tag name of the token, then
2934 generate implied end tags, except for elements with the
2935 same tag name as the token. */
2936 if ($this->elementInScope($token['name'])) {
2937 $this->generateImpliedEndTags(array($token['name']));
2938
2939 /* If the current node is not an element with the same
2940 tag name as the token, then this is a parse error. */
2941 // w/e
2942
2943 /* If the stack of open elements has an element in scope
2944 whose tag name matches the tag name of the token, then
2945 pop elements from this stack until an element with that
2946 tag name has been popped from the stack. */
2947 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
2948 if ($this->stack[$n]->nodeName === $token['name']) {
2949 $n = -1;
2950 }
2951
2952 array_pop($this->stack);
2953 }
2954 }
2955 break;
2956
2957 /* An end tag whose tag name is one of: "h1", "h2", "h3", "h4",
2958 "h5", "h6" */
2959 case 'h1':
2960 case 'h2':
2961 case 'h3':
2962 case 'h4':
2963 case 'h5':
2964 case 'h6':
2965 $elements = array('h1', 'h2', 'h3', 'h4', 'h5', 'h6');
2966
2967 /* If the stack of open elements has in scope an element whose
2968 tag name is one of "h1", "h2", "h3", "h4", "h5", or "h6", then
2969 generate implied end tags. */
2970 if ($this->elementInScope($elements)) {
2971 $this->generateImpliedEndTags();
2972
2973 /* Now, if the current node is not an element with the same
2974 tag name as that of the token, then this is a parse error. */
2975 // w/e
2976
2977 /* If the stack of open elements has in scope an element
2978 whose tag name is one of "h1", "h2", "h3", "h4", "h5", or
2979 "h6", then pop elements from the stack until an element
2980 with one of those tag names has been popped from the stack. */
2981 while ($this->elementInScope($elements)) {
2982 array_pop($this->stack);
2983 }
2984 }
2985 break;
2986
2987 /* An end tag whose tag name is one of: "a", "b", "big", "em",
2988 "font", "i", "nobr", "s", "small", "strike", "strong", "tt", "u" */
2989 case 'a':
2990 case 'b':
2991 case 'big':
2992 case 'em':
2993 case 'font':
2994 case 'i':
2995 case 'nobr':
2996 case 's':
2997 case 'small':
2998 case 'strike':
2999 case 'strong':
3000 case 'tt':
3001 case 'u':
3002 /* 1. Let the formatting element be the last element in
3003 the list of active formatting elements that:
3004 * is between the end of the list and the last scope
3005 marker in the list, if any, or the start of the list
3006 otherwise, and
3007 * has the same tag name as the token.
3008 */
3009 while (true) {
3010 for ($a = count($this->a_formatting) - 1; $a >= 0; $a--) {
3011 if ($this->a_formatting[$a] === self::MARKER) {
3012 break;
3013
3014 } elseif ($this->a_formatting[$a]->tagName === $token['name']) {
3015 $formatting_element = $this->a_formatting[$a];
3016 $in_stack = in_array($formatting_element, $this->stack, true);
3017 $fe_af_pos = $a;
3018 break;
3019 }
3020 }
3021
3022 /* If there is no such node, or, if that node is
3023 also in the stack of open elements but the element
3024 is not in scope, then this is a parse error. Abort
3025 these steps. The token is ignored. */
3026 if (!isset($formatting_element) || ($in_stack &&
3027 !$this->elementInScope($token['name']))
3028 ) {
3029 break;
3030
3031 /* Otherwise, if there is such a node, but that node
3032 is not in the stack of open elements, then this is a
3033 parse error; remove the element from the list, and
3034 abort these steps. */
3035 } elseif (isset($formatting_element) && !$in_stack) {
3036 unset($this->a_formatting[$fe_af_pos]);
3037 $this->a_formatting = array_merge($this->a_formatting);
3038 break;
3039 }
3040
3041 /* 2. Let the furthest block be the topmost node in the
3042 stack of open elements that is lower in the stack
3043 than the formatting element, and is not an element in
3044 the phrasing or formatting categories. There might
3045 not be one. */
3046 $fe_s_pos = array_search($formatting_element, $this->stack, true);
3047 $length = count($this->stack);
3048
3049 for ($s = $fe_s_pos + 1; $s < $length; $s++) {
3050 $category = $this->getElementCategory($this->stack[$s]->nodeName);
3051
3052 if ($category !== self::PHRASING && $category !== self::FORMATTING) {
3053 $furthest_block = $this->stack[$s];
3054 }
3055 }
3056
3057 /* 3. If there is no furthest block, then the UA must
3058 skip the subsequent steps and instead just pop all
3059 the nodes from the bottom of the stack of open
3060 elements, from the current node up to the formatting
3061 element, and remove the formatting element from the
3062 list of active formatting elements. */
3063 if (!isset($furthest_block)) {
3064 for ($n = $length - 1; $n >= $fe_s_pos; $n--) {
3065 array_pop($this->stack);
3066 }
3067
3068 unset($this->a_formatting[$fe_af_pos]);
3069 $this->a_formatting = array_merge($this->a_formatting);
3070 break;
3071 }
3072
3073 /* 4. Let the common ancestor be the element
3074 immediately above the formatting element in the stack
3075 of open elements. */
3076 $common_ancestor = $this->stack[$fe_s_pos - 1];
3077
3078 /* 5. If the furthest block has a parent node, then
3079 remove the furthest block from its parent node. */
3080 if ($furthest_block->parentNode !== null) {
3081 $furthest_block->parentNode->removeChild($furthest_block);
3082 }
3083
3084 /* 6. Let a bookmark note the position of the
3085 formatting element in the list of active formatting
3086 elements relative to the elements on either side
3087 of it in the list. */
3088 $bookmark = $fe_af_pos;
3089
3090 /* 7. Let node and last node be the furthest block.
3091 Follow these steps: */
3092 $node = $furthest_block;
3093 $last_node = $furthest_block;
3094
3095 while (true) {
3096 for ($n = array_search($node, $this->stack, true) - 1; $n >= 0; $n--) {
3097 /* 7.1 Let node be the element immediately
3098 prior to node in the stack of open elements. */
3099 $node = $this->stack[$n];
3100
3101 /* 7.2 If node is not in the list of active
3102 formatting elements, then remove node from
3103 the stack of open elements and then go back
3104 to step 1. */
3105 if (!in_array($node, $this->a_formatting, true)) {
3106 unset($this->stack[$n]);
3107 $this->stack = array_merge($this->stack);
3108
3109 } else {
3110 break;
3111 }
3112 }
3113
3114 /* 7.3 Otherwise, if node is the formatting
3115 element, then go to the next step in the overall
3116 algorithm. */
3117 if ($node === $formatting_element) {
3118 break;
3119
3120 /* 7.4 Otherwise, if last node is the furthest
3121 block, then move the aforementioned bookmark to
3122 be immediately after the node in the list of
3123 active formatting elements. */
3124 } elseif ($last_node === $furthest_block) {
3125 $bookmark = array_search($node, $this->a_formatting, true) + 1;
3126 }
3127
3128 /* 7.5 If node has any children, perform a
3129 shallow clone of node, replace the entry for
3130 node in the list of active formatting elements
3131 with an entry for the clone, replace the entry
3132 for node in the stack of open elements with an
3133 entry for the clone, and let node be the clone. */
3134 if ($node->hasChildNodes()) {
3135 $clone = $node->cloneNode();
3136 $s_pos = array_search($node, $this->stack, true);
3137 $a_pos = array_search($node, $this->a_formatting, true);
3138
3139 $this->stack[$s_pos] = $clone;
3140 $this->a_formatting[$a_pos] = $clone;
3141 $node = $clone;
3142 }
3143
3144 /* 7.6 Insert last node into node, first removing
3145 it from its previous parent node if any. */
3146 if ($last_node->parentNode !== null) {
3147 $last_node->parentNode->removeChild($last_node);
3148 }
3149
3150 $node->appendChild($last_node);
3151
3152 /* 7.7 Let last node be node. */
3153 $last_node = $node;
3154 }
3155
3156 /* 8. Insert whatever last node ended up being in
3157 the previous step into the common ancestor node,
3158 first removing it from its previous parent node if
3159 any. */
3160 if ($last_node->parentNode !== null) {
3161 $last_node->parentNode->removeChild($last_node);
3162 }
3163
3164 $common_ancestor->appendChild($last_node);
3165
3166 /* 9. Perform a shallow clone of the formatting
3167 element. */
3168 $clone = $formatting_element->cloneNode();
3169
3170 /* 10. Take all of the child nodes of the furthest
3171 block and append them to the clone created in the
3172 last step. */
3173 while ($furthest_block->hasChildNodes()) {
3174 $child = $furthest_block->firstChild;
3175 $furthest_block->removeChild($child);
3176 $clone->appendChild($child);
3177 }
3178
3179 /* 11. Append that clone to the furthest block. */
3180 $furthest_block->appendChild($clone);
3181
3182 /* 12. Remove the formatting element from the list
3183 of active formatting elements, and insert the clone
3184 into the list of active formatting elements at the
3185 position of the aforementioned bookmark. */
3186 $fe_af_pos = array_search($formatting_element, $this->a_formatting, true);
3187 unset($this->a_formatting[$fe_af_pos]);
3188 $this->a_formatting = array_merge($this->a_formatting);
3189
3190 $af_part1 = array_slice($this->a_formatting, 0, $bookmark - 1);
3191 $af_part2 = array_slice($this->a_formatting, $bookmark, count($this->a_formatting));
3192 $this->a_formatting = array_merge($af_part1, array($clone), $af_part2);
3193
3194 /* 13. Remove the formatting element from the stack
3195 of open elements, and insert the clone into the stack
3196 of open elements immediately after (i.e. in a more
3197 deeply nested position than) the position of the
3198 furthest block in that stack. */
3199 $fe_s_pos = array_search($formatting_element, $this->stack, true);
3200 $fb_s_pos = array_search($furthest_block, $this->stack, true);
3201 unset($this->stack[$fe_s_pos]);
3202
3203 $s_part1 = array_slice($this->stack, 0, $fb_s_pos);
3204 $s_part2 = array_slice($this->stack, $fb_s_pos + 1, count($this->stack));
3205 $this->stack = array_merge($s_part1, array($clone), $s_part2);
3206
3207 /* 14. Jump back to step 1 in this series of steps. */
3208 unset($formatting_element, $fe_af_pos, $fe_s_pos, $furthest_block);
3209 }
3210 break;
3211
3212 /* An end tag token whose tag name is one of: "button",
3213 "marquee", "object" */
3214 case 'button':
3215 case 'marquee':
3216 case 'object':
3217 /* If the stack of open elements has an element in scope whose
3218 tag name matches the tag name of the token, then generate implied
3219 tags. */
3220 if ($this->elementInScope($token['name'])) {
3221 $this->generateImpliedEndTags();
3222
3223 /* Now, if the current node is not an element with the same
3224 tag name as the token, then this is a parse error. */
3225 // k
3226
3227 /* Now, if the stack of open elements has an element in scope
3228 whose tag name matches the tag name of the token, then pop
3229 elements from the stack until that element has been popped from
3230 the stack, and clear the list of active formatting elements up
3231 to the last marker. */
3232 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
3233 if ($this->stack[$n]->nodeName === $token['name']) {
3234 $n = -1;
3235 }
3236
3237 array_pop($this->stack);
3238 }
3239
3240 $marker = end(array_keys($this->a_formatting, self::MARKER, true));
3241
3242 for ($n = count($this->a_formatting) - 1; $n > $marker; $n--) {
3243 array_pop($this->a_formatting);
3244 }
3245 }
3246 break;
3247
3248 /* Or an end tag whose tag name is one of: "area", "basefont",
3249 "bgsound", "br", "embed", "hr", "iframe", "image", "img",
3250 "input", "isindex", "noembed", "noframes", "param", "select",
3251 "spacer", "table", "textarea", "wbr" */
3252 case 'area':
3253 case 'basefont':
3254 case 'bgsound':
3255 case 'br':
3256 case 'embed':
3257 case 'hr':
3258 case 'iframe':
3259 case 'image':
3260 case 'img':
3261 case 'input':
3262 case 'isindex':
3263 case 'noembed':
3264 case 'noframes':
3265 case 'param':
3266 case 'select':
3267 case 'spacer':
3268 case 'table':
3269 case 'textarea':
3270 case 'wbr':
3271 // Parse error. Ignore the token.
3272 break;
3273
3274 /* An end tag token not covered by the previous entries */
3275 default:
3276 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
3277 /* Initialise node to be the current node (the bottommost
3278 node of the stack). */
3279 $node = end($this->stack);
3280
3281 /* If node has the same tag name as the end tag token,
3282 then: */
3283 if ($token['name'] === $node->nodeName) {
3284 /* Generate implied end tags. */
3285 $this->generateImpliedEndTags();
3286
3287 /* If the tag name of the end tag token does not
3288 match the tag name of the current node, this is a
3289 parse error. */
3290 // k
3291
3292 /* Pop all the nodes from the current node up to
3293 node, including node, then stop this algorithm. */
3294 for ($x = count($this->stack) - $n; $x >= $n; $x--) {
3295 array_pop($this->stack);
3296 }
3297
3298 } else {
3299 $category = $this->getElementCategory($node);
3300
3301 if ($category !== self::SPECIAL && $category !== self::SCOPING) {
3302 /* Otherwise, if node is in neither the formatting
3303 category nor the phrasing category, then this is a
3304 parse error. Stop this algorithm. The end tag token
3305 is ignored. */
3306 return false;
3307 }
3308 }
3309 }
3310 break;
3311 }
3312 break;
3313 }
3314 }
3315
3316 private function inTable($token)
3317 {
3318 $clear = array('html', 'table');
3319
3320 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
3321 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
3322 or U+0020 SPACE */
3323 if ($token['type'] === HTML5::CHARACTR &&
3324 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
3325 ) {
3326 /* Append the character to the current node. */
3327 $text = $this->dom->createTextNode($token['data']);
3328 end($this->stack)->appendChild($text);
3329
3330 /* A comment token */
3331 } elseif ($token['type'] === HTML5::COMMENT) {
3332 /* Append a Comment node to the current node with the data
3333 attribute set to the data given in the comment token. */
3334 $comment = $this->dom->createComment($token['data']);
3335 end($this->stack)->appendChild($comment);
3336
3337 /* A start tag whose tag name is "caption" */
3338 } elseif ($token['type'] === HTML5::STARTTAG &&
3339 $token['name'] === 'caption'
3340 ) {
3341 /* Clear the stack back to a table context. */
3342 $this->clearStackToTableContext($clear);
3343
3344 /* Insert a marker at the end of the list of active
3345 formatting elements. */
3346 $this->a_formatting[] = self::MARKER;
3347
3348 /* Insert an HTML element for the token, then switch the
3349 insertion mode to "in caption". */
3350 $this->insertElement($token);
3351 $this->mode = self::IN_CAPTION;
3352
3353 /* A start tag whose tag name is "colgroup" */
3354 } elseif ($token['type'] === HTML5::STARTTAG &&
3355 $token['name'] === 'colgroup'
3356 ) {
3357 /* Clear the stack back to a table context. */
3358 $this->clearStackToTableContext($clear);
3359
3360 /* Insert an HTML element for the token, then switch the
3361 insertion mode to "in column group". */
3362 $this->insertElement($token);
3363 $this->mode = self::IN_CGROUP;
3364
3365 /* A start tag whose tag name is "col" */
3366 } elseif ($token['type'] === HTML5::STARTTAG &&
3367 $token['name'] === 'col'
3368 ) {
3369 $this->inTable(
3370 array(
3371 'name' => 'colgroup',
3372 'type' => HTML5::STARTTAG,
3373 'attr' => array()
3374 )
3375 );
3376
3377 $this->inColumnGroup($token);
3378
3379 /* A start tag whose tag name is one of: "tbody", "tfoot", "thead" */
3380 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
3381 $token['name'],
3382 array('tbody', 'tfoot', 'thead')
3383 )
3384 ) {
3385 /* Clear the stack back to a table context. */
3386 $this->clearStackToTableContext($clear);
3387
3388 /* Insert an HTML element for the token, then switch the insertion
3389 mode to "in table body". */
3390 $this->insertElement($token);
3391 $this->mode = self::IN_TBODY;
3392
3393 /* A start tag whose tag name is one of: "td", "th", "tr" */
3394 } elseif ($token['type'] === HTML5::STARTTAG &&
3395 in_array($token['name'], array('td', 'th', 'tr'))
3396 ) {
3397 /* Act as if a start tag token with the tag name "tbody" had been
3398 seen, then reprocess the current token. */
3399 $this->inTable(
3400 array(
3401 'name' => 'tbody',
3402 'type' => HTML5::STARTTAG,
3403 'attr' => array()
3404 )
3405 );
3406
3407 return $this->inTableBody($token);
3408
3409 /* A start tag whose tag name is "table" */
3410 } elseif ($token['type'] === HTML5::STARTTAG &&
3411 $token['name'] === 'table'
3412 ) {
3413 /* Parse error. Act as if an end tag token with the tag name "table"
3414 had been seen, then, if that token wasn't ignored, reprocess the
3415 current token. */
3416 $this->inTable(
3417 array(
3418 'name' => 'table',
3419 'type' => HTML5::ENDTAG
3420 )
3421 );
3422
3423 return $this->mainPhase($token);
3424
3425 /* An end tag whose tag name is "table" */
3426 } elseif ($token['type'] === HTML5::ENDTAG &&
3427 $token['name'] === 'table'
3428 ) {
3429 /* If the stack of open elements does not have an element in table
3430 scope with the same tag name as the token, this is a parse error.
3431 Ignore the token. (innerHTML case) */
3432 if (!$this->elementInScope($token['name'], true)) {
3433 return false;
3434
3435 /* Otherwise: */
3436 } else {
3437 /* Generate implied end tags. */
3438 $this->generateImpliedEndTags();
3439
3440 /* Now, if the current node is not a table element, then this
3441 is a parse error. */
3442 // w/e
3443
3444 /* Pop elements from this stack until a table element has been
3445 popped from the stack. */
3446 while (true) {
3447 $current = end($this->stack)->nodeName;
3448 array_pop($this->stack);
3449
3450 if ($current === 'table') {
3451 break;
3452 }
3453 }
3454
3455 /* Reset the insertion mode appropriately. */
3456 $this->resetInsertionMode();
3457 }
3458
3459 /* An end tag whose tag name is one of: "body", "caption", "col",
3460 "colgroup", "html", "tbody", "td", "tfoot", "th", "thead", "tr" */
3461 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3462 $token['name'],
3463 array(
3464 'body',
3465 'caption',
3466 'col',
3467 'colgroup',
3468 'html',
3469 'tbody',
3470 'td',
3471 'tfoot',
3472 'th',
3473 'thead',
3474 'tr'
3475 )
3476 )
3477 ) {
3478 // Parse error. Ignore the token.
3479
3480 /* Anything else */
3481 } else {
3482 /* Parse error. Process the token as if the insertion mode was "in
3483 body", with the following exception: */
3484
3485 /* If the current node is a table, tbody, tfoot, thead, or tr
3486 element, then, whenever a node would be inserted into the current
3487 node, it must instead be inserted into the foster parent element. */
3488 if (in_array(
3489 end($this->stack)->nodeName,
3490 array('table', 'tbody', 'tfoot', 'thead', 'tr')
3491 )
3492 ) {
3493 /* The foster parent element is the parent element of the last
3494 table element in the stack of open elements, if there is a
3495 table element and it has such a parent element. If there is no
3496 table element in the stack of open elements (innerHTML case),
3497 then the foster parent element is the first element in the
3498 stack of open elements (the html element). Otherwise, if there
3499 is a table element in the stack of open elements, but the last
3500 table element in the stack of open elements has no parent, or
3501 its parent node is not an element, then the foster parent
3502 element is the element before the last table element in the
3503 stack of open elements. */
3504 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
3505 if ($this->stack[$n]->nodeName === 'table') {
3506 $table = $this->stack[$n];
3507 break;
3508 }
3509 }
3510
3511 if (isset($table) && $table->parentNode !== null) {
3512 $this->foster_parent = $table->parentNode;
3513
3514 } elseif (!isset($table)) {
3515 $this->foster_parent = $this->stack[0];
3516
3517 } elseif (isset($table) && ($table->parentNode === null ||
3518 $table->parentNode->nodeType !== XML_ELEMENT_NODE)
3519 ) {
3520 $this->foster_parent = $this->stack[$n - 1];
3521 }
3522 }
3523
3524 $this->inBody($token);
3525 }
3526 }
3527
3528 private function inCaption($token)
3529 {
3530 /* An end tag whose tag name is "caption" */
3531 if ($token['type'] === HTML5::ENDTAG && $token['name'] === 'caption') {
3532 /* If the stack of open elements does not have an element in table
3533 scope with the same tag name as the token, this is a parse error.
3534 Ignore the token. (innerHTML case) */
3535 if (!$this->elementInScope($token['name'], true)) {
3536 // Ignore
3537
3538 /* Otherwise: */
3539 } else {
3540 /* Generate implied end tags. */
3541 $this->generateImpliedEndTags();
3542
3543 /* Now, if the current node is not a caption element, then this
3544 is a parse error. */
3545 // w/e
3546
3547 /* Pop elements from this stack until a caption element has
3548 been popped from the stack. */
3549 while (true) {
3550 $node = end($this->stack)->nodeName;
3551 array_pop($this->stack);
3552
3553 if ($node === 'caption') {
3554 break;
3555 }
3556 }
3557
3558 /* Clear the list of active formatting elements up to the last
3559 marker. */
3560 $this->clearTheActiveFormattingElementsUpToTheLastMarker();
3561
3562 /* Switch the insertion mode to "in table". */
3563 $this->mode = self::IN_TABLE;
3564 }
3565
3566 /* A start tag whose tag name is one of: "caption", "col", "colgroup",
3567 "tbody", "td", "tfoot", "th", "thead", "tr", or an end tag whose tag
3568 name is "table" */
3569 } elseif (($token['type'] === HTML5::STARTTAG && in_array(
3570 $token['name'],
3571 array(
3572 'caption',
3573 'col',
3574 'colgroup',
3575 'tbody',
3576 'td',
3577 'tfoot',
3578 'th',
3579 'thead',
3580 'tr'
3581 )
3582 )) || ($token['type'] === HTML5::ENDTAG &&
3583 $token['name'] === 'table')
3584 ) {
3585 /* Parse error. Act as if an end tag with the tag name "caption"
3586 had been seen, then, if that token wasn't ignored, reprocess the
3587 current token. */
3588 $this->inCaption(
3589 array(
3590 'name' => 'caption',
3591 'type' => HTML5::ENDTAG
3592 )
3593 );
3594
3595 return $this->inTable($token);
3596
3597 /* An end tag whose tag name is one of: "body", "col", "colgroup",
3598 "html", "tbody", "td", "tfoot", "th", "thead", "tr" */
3599 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3600 $token['name'],
3601 array(
3602 'body',
3603 'col',
3604 'colgroup',
3605 'html',
3606 'tbody',
3607 'tfoot',
3608 'th',
3609 'thead',
3610 'tr'
3611 )
3612 )
3613 ) {
3614 // Parse error. Ignore the token.
3615
3616 /* Anything else */
3617 } else {
3618 /* Process the token as if the insertion mode was "in body". */
3619 $this->inBody($token);
3620 }
3621 }
3622
3623 private function inColumnGroup($token)
3624 {
3625 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
3626 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
3627 or U+0020 SPACE */
3628 if ($token['type'] === HTML5::CHARACTR &&
3629 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
3630 ) {
3631 /* Append the character to the current node. */
3632 $text = $this->dom->createTextNode($token['data']);
3633 end($this->stack)->appendChild($text);
3634
3635 /* A comment token */
3636 } elseif ($token['type'] === HTML5::COMMENT) {
3637 /* Append a Comment node to the current node with the data
3638 attribute set to the data given in the comment token. */
3639 $comment = $this->dom->createComment($token['data']);
3640 end($this->stack)->appendChild($comment);
3641
3642 /* A start tag whose tag name is "col" */
3643 } elseif ($token['type'] === HTML5::STARTTAG && $token['name'] === 'col') {
3644 /* Insert a col element for the token. Immediately pop the current
3645 node off the stack of open elements. */
3646 $this->insertElement($token);
3647 array_pop($this->stack);
3648
3649 /* An end tag whose tag name is "colgroup" */
3650 } elseif ($token['type'] === HTML5::ENDTAG &&
3651 $token['name'] === 'colgroup'
3652 ) {
3653 /* If the current node is the root html element, then this is a
3654 parse error, ignore the token. (innerHTML case) */
3655 if (end($this->stack)->nodeName === 'html') {
3656 // Ignore
3657
3658 /* Otherwise, pop the current node (which will be a colgroup
3659 element) from the stack of open elements. Switch the insertion
3660 mode to "in table". */
3661 } else {
3662 array_pop($this->stack);
3663 $this->mode = self::IN_TABLE;
3664 }
3665
3666 /* An end tag whose tag name is "col" */
3667 } elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'col') {
3668 /* Parse error. Ignore the token. */
3669
3670 /* Anything else */
3671 } else {
3672 /* Act as if an end tag with the tag name "colgroup" had been seen,
3673 and then, if that token wasn't ignored, reprocess the current token. */
3674 $this->inColumnGroup(
3675 array(
3676 'name' => 'colgroup',
3677 'type' => HTML5::ENDTAG
3678 )
3679 );
3680
3681 return $this->inTable($token);
3682 }
3683 }
3684
3685 private function inTableBody($token)
3686 {
3687 $clear = array('tbody', 'tfoot', 'thead', 'html');
3688
3689 /* A start tag whose tag name is "tr" */
3690 if ($token['type'] === HTML5::STARTTAG && $token['name'] === 'tr') {
3691 /* Clear the stack back to a table body context. */
3692 $this->clearStackToTableContext($clear);
3693
3694 /* Insert a tr element for the token, then switch the insertion
3695 mode to "in row". */
3696 $this->insertElement($token);
3697 $this->mode = self::IN_ROW;
3698
3699 /* A start tag whose tag name is one of: "th", "td" */
3700 } elseif ($token['type'] === HTML5::STARTTAG &&
3701 ($token['name'] === 'th' || $token['name'] === 'td')
3702 ) {
3703 /* Parse error. Act as if a start tag with the tag name "tr" had
3704 been seen, then reprocess the current token. */
3705 $this->inTableBody(
3706 array(
3707 'name' => 'tr',
3708 'type' => HTML5::STARTTAG,
3709 'attr' => array()
3710 )
3711 );
3712
3713 return $this->inRow($token);
3714
3715 /* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */
3716 } elseif ($token['type'] === HTML5::ENDTAG &&
3717 in_array($token['name'], array('tbody', 'tfoot', 'thead'))
3718 ) {
3719 /* If the stack of open elements does not have an element in table
3720 scope with the same tag name as the token, this is a parse error.
3721 Ignore the token. */
3722 if (!$this->elementInScope($token['name'], true)) {
3723 // Ignore
3724
3725 /* Otherwise: */
3726 } else {
3727 /* Clear the stack back to a table body context. */
3728 $this->clearStackToTableContext($clear);
3729
3730 /* Pop the current node from the stack of open elements. Switch
3731 the insertion mode to "in table". */
3732 array_pop($this->stack);
3733 $this->mode = self::IN_TABLE;
3734 }
3735
3736 /* A start tag whose tag name is one of: "caption", "col", "colgroup",
3737 "tbody", "tfoot", "thead", or an end tag whose tag name is "table" */
3738 } elseif (($token['type'] === HTML5::STARTTAG && in_array(
3739 $token['name'],
3740 array('caption', 'col', 'colgroup', 'tbody', 'tfoor', 'thead')
3741 )) ||
3742 ($token['type'] === HTML5::STARTTAG && $token['name'] === 'table')
3743 ) {
3744 /* If the stack of open elements does not have a tbody, thead, or
3745 tfoot element in table scope, this is a parse error. Ignore the
3746 token. (innerHTML case) */
3747 if (!$this->elementInScope(array('tbody', 'thead', 'tfoot'), true)) {
3748 // Ignore.
3749
3750 /* Otherwise: */
3751 } else {
3752 /* Clear the stack back to a table body context. */
3753 $this->clearStackToTableContext($clear);
3754
3755 /* Act as if an end tag with the same tag name as the current
3756 node ("tbody", "tfoot", or "thead") had been seen, then
3757 reprocess the current token. */
3758 $this->inTableBody(
3759 array(
3760 'name' => end($this->stack)->nodeName,
3761 'type' => HTML5::ENDTAG
3762 )
3763 );
3764
3765 return $this->mainPhase($token);
3766 }
3767
3768 /* An end tag whose tag name is one of: "body", "caption", "col",
3769 "colgroup", "html", "td", "th", "tr" */
3770 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3771 $token['name'],
3772 array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr')
3773 )
3774 ) {
3775 /* Parse error. Ignore the token. */
3776
3777 /* Anything else */
3778 } else {
3779 /* Process the token as if the insertion mode was "in table". */
3780 $this->inTable($token);
3781 }
3782 }
3783
3784 private function inRow($token)
3785 {
3786 $clear = array('tr', 'html');
3787
3788 /* A start tag whose tag name is one of: "th", "td" */
3789 if ($token['type'] === HTML5::STARTTAG &&
3790 ($token['name'] === 'th' || $token['name'] === 'td')
3791 ) {
3792 /* Clear the stack back to a table row context. */
3793 $this->clearStackToTableContext($clear);
3794
3795 /* Insert an HTML element for the token, then switch the insertion
3796 mode to "in cell". */
3797 $this->insertElement($token);
3798 $this->mode = self::IN_CELL;
3799
3800 /* Insert a marker at the end of the list of active formatting
3801 elements. */
3802 $this->a_formatting[] = self::MARKER;
3803
3804 /* An end tag whose tag name is "tr" */
3805 } elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'tr') {
3806 /* If the stack of open elements does not have an element in table
3807 scope with the same tag name as the token, this is a parse error.
3808 Ignore the token. (innerHTML case) */
3809 if (!$this->elementInScope($token['name'], true)) {
3810 // Ignore.
3811
3812 /* Otherwise: */
3813 } else {
3814 /* Clear the stack back to a table row context. */
3815 $this->clearStackToTableContext($clear);
3816
3817 /* Pop the current node (which will be a tr element) from the
3818 stack of open elements. Switch the insertion mode to "in table
3819 body". */
3820 array_pop($this->stack);
3821 $this->mode = self::IN_TBODY;
3822 }
3823
3824 /* A start tag whose tag name is one of: "caption", "col", "colgroup",
3825 "tbody", "tfoot", "thead", "tr" or an end tag whose tag name is "table" */
3826 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
3827 $token['name'],
3828 array('caption', 'col', 'colgroup', 'tbody', 'tfoot', 'thead', 'tr')
3829 )
3830 ) {
3831 /* Act as if an end tag with the tag name "tr" had been seen, then,
3832 if that token wasn't ignored, reprocess the current token. */
3833 $this->inRow(
3834 array(
3835 'name' => 'tr',
3836 'type' => HTML5::ENDTAG
3837 )
3838 );
3839
3840 return $this->inCell($token);
3841
3842 /* An end tag whose tag name is one of: "tbody", "tfoot", "thead" */
3843 } elseif ($token['type'] === HTML5::ENDTAG &&
3844 in_array($token['name'], array('tbody', 'tfoot', 'thead'))
3845 ) {
3846 /* If the stack of open elements does not have an element in table
3847 scope with the same tag name as the token, this is a parse error.
3848 Ignore the token. */
3849 if (!$this->elementInScope($token['name'], true)) {
3850 // Ignore.
3851
3852 /* Otherwise: */
3853 } else {
3854 /* Otherwise, act as if an end tag with the tag name "tr" had
3855 been seen, then reprocess the current token. */
3856 $this->inRow(
3857 array(
3858 'name' => 'tr',
3859 'type' => HTML5::ENDTAG
3860 )
3861 );
3862
3863 return $this->inCell($token);
3864 }
3865
3866 /* An end tag whose tag name is one of: "body", "caption", "col",
3867 "colgroup", "html", "td", "th" */
3868 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3869 $token['name'],
3870 array('body', 'caption', 'col', 'colgroup', 'html', 'td', 'th', 'tr')
3871 )
3872 ) {
3873 /* Parse error. Ignore the token. */
3874
3875 /* Anything else */
3876 } else {
3877 /* Process the token as if the insertion mode was "in table". */
3878 $this->inTable($token);
3879 }
3880 }
3881
3882 private function inCell($token)
3883 {
3884 /* An end tag whose tag name is one of: "td", "th" */
3885 if ($token['type'] === HTML5::ENDTAG &&
3886 ($token['name'] === 'td' || $token['name'] === 'th')
3887 ) {
3888 /* If the stack of open elements does not have an element in table
3889 scope with the same tag name as that of the token, then this is a
3890 parse error and the token must be ignored. */
3891 if (!$this->elementInScope($token['name'], true)) {
3892 // Ignore.
3893
3894 /* Otherwise: */
3895 } else {
3896 /* Generate implied end tags, except for elements with the same
3897 tag name as the token. */
3898 $this->generateImpliedEndTags(array($token['name']));
3899
3900 /* Now, if the current node is not an element with the same tag
3901 name as the token, then this is a parse error. */
3902 // k
3903
3904 /* Pop elements from this stack until an element with the same
3905 tag name as the token has been popped from the stack. */
3906 while (true) {
3907 $node = end($this->stack)->nodeName;
3908 array_pop($this->stack);
3909
3910 if ($node === $token['name']) {
3911 break;
3912 }
3913 }
3914
3915 /* Clear the list of active formatting elements up to the last
3916 marker. */
3917 $this->clearTheActiveFormattingElementsUpToTheLastMarker();
3918
3919 /* Switch the insertion mode to "in row". (The current node
3920 will be a tr element at this point.) */
3921 $this->mode = self::IN_ROW;
3922 }
3923
3924 /* A start tag whose tag name is one of: "caption", "col", "colgroup",
3925 "tbody", "td", "tfoot", "th", "thead", "tr" */
3926 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
3927 $token['name'],
3928 array(
3929 'caption',
3930 'col',
3931 'colgroup',
3932 'tbody',
3933 'td',
3934 'tfoot',
3935 'th',
3936 'thead',
3937 'tr'
3938 )
3939 )
3940 ) {
3941 /* If the stack of open elements does not have a td or th element
3942 in table scope, then this is a parse error; ignore the token.
3943 (innerHTML case) */
3944 if (!$this->elementInScope(array('td', 'th'), true)) {
3945 // Ignore.
3946
3947 /* Otherwise, close the cell (see below) and reprocess the current
3948 token. */
3949 } else {
3950 $this->closeCell();
3951 return $this->inRow($token);
3952 }
3953
3954 /* A start tag whose tag name is one of: "caption", "col", "colgroup",
3955 "tbody", "td", "tfoot", "th", "thead", "tr" */
3956 } elseif ($token['type'] === HTML5::STARTTAG && in_array(
3957 $token['name'],
3958 array(
3959 'caption',
3960 'col',
3961 'colgroup',
3962 'tbody',
3963 'td',
3964 'tfoot',
3965 'th',
3966 'thead',
3967 'tr'
3968 )
3969 )
3970 ) {
3971 /* If the stack of open elements does not have a td or th element
3972 in table scope, then this is a parse error; ignore the token.
3973 (innerHTML case) */
3974 if (!$this->elementInScope(array('td', 'th'), true)) {
3975 // Ignore.
3976
3977 /* Otherwise, close the cell (see below) and reprocess the current
3978 token. */
3979 } else {
3980 $this->closeCell();
3981 return $this->inRow($token);
3982 }
3983
3984 /* An end tag whose tag name is one of: "body", "caption", "col",
3985 "colgroup", "html" */
3986 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3987 $token['name'],
3988 array('body', 'caption', 'col', 'colgroup', 'html')
3989 )
3990 ) {
3991 /* Parse error. Ignore the token. */
3992
3993 /* An end tag whose tag name is one of: "table", "tbody", "tfoot",
3994 "thead", "tr" */
3995 } elseif ($token['type'] === HTML5::ENDTAG && in_array(
3996 $token['name'],
3997 array('table', 'tbody', 'tfoot', 'thead', 'tr')
3998 )
3999 ) {
4000 /* If the stack of open elements does not have an element in table
4001 scope with the same tag name as that of the token (which can only
4002 happen for "tbody", "tfoot" and "thead", or, in the innerHTML case),
4003 then this is a parse error and the token must be ignored. */
4004 if (!$this->elementInScope($token['name'], true)) {
4005 // Ignore.
4006
4007 /* Otherwise, close the cell (see below) and reprocess the current
4008 token. */
4009 } else {
4010 $this->closeCell();
4011 return $this->inRow($token);
4012 }
4013
4014 /* Anything else */
4015 } else {
4016 /* Process the token as if the insertion mode was "in body". */
4017 $this->inBody($token);
4018 }
4019 }
4020
4021 private function inSelect($token)
4022 {
4023 /* Handle the token as follows: */
4024
4025 /* A character token */
4026 if ($token['type'] === HTML5::CHARACTR) {
4027 /* Append the token's character to the current node. */
4028 $this->insertText($token['data']);
4029
4030 /* A comment token */
4031 } elseif ($token['type'] === HTML5::COMMENT) {
4032 /* Append a Comment node to the current node with the data
4033 attribute set to the data given in the comment token. */
4034 $this->insertComment($token['data']);
4035
4036 /* A start tag token whose tag name is "option" */
4037 } elseif ($token['type'] === HTML5::STARTTAG &&
4038 $token['name'] === 'option'
4039 ) {
4040 /* If the current node is an option element, act as if an end tag
4041 with the tag name "option" had been seen. */
4042 if (end($this->stack)->nodeName === 'option') {
4043 $this->inSelect(
4044 array(
4045 'name' => 'option',
4046 'type' => HTML5::ENDTAG
4047 )
4048 );
4049 }
4050
4051 /* Insert an HTML element for the token. */
4052 $this->insertElement($token);
4053
4054 /* A start tag token whose tag name is "optgroup" */
4055 } elseif ($token['type'] === HTML5::STARTTAG &&
4056 $token['name'] === 'optgroup'
4057 ) {
4058 /* If the current node is an option element, act as if an end tag
4059 with the tag name "option" had been seen. */
4060 if (end($this->stack)->nodeName === 'option') {
4061 $this->inSelect(
4062 array(
4063 'name' => 'option',
4064 'type' => HTML5::ENDTAG
4065 )
4066 );
4067 }
4068
4069 /* If the current node is an optgroup element, act as if an end tag
4070 with the tag name "optgroup" had been seen. */
4071 if (end($this->stack)->nodeName === 'optgroup') {
4072 $this->inSelect(
4073 array(
4074 'name' => 'optgroup',
4075 'type' => HTML5::ENDTAG
4076 )
4077 );
4078 }
4079
4080 /* Insert an HTML element for the token. */
4081 $this->insertElement($token);
4082
4083 /* An end tag token whose tag name is "optgroup" */
4084 } elseif ($token['type'] === HTML5::ENDTAG &&
4085 $token['name'] === 'optgroup'
4086 ) {
4087 /* First, if the current node is an option element, and the node
4088 immediately before it in the stack of open elements is an optgroup
4089 element, then act as if an end tag with the tag name "option" had
4090 been seen. */
4091 $elements_in_stack = count($this->stack);
4092
4093 if ($this->stack[$elements_in_stack - 1]->nodeName === 'option' &&
4094 $this->stack[$elements_in_stack - 2]->nodeName === 'optgroup'
4095 ) {
4096 $this->inSelect(
4097 array(
4098 'name' => 'option',
4099 'type' => HTML5::ENDTAG
4100 )
4101 );
4102 }
4103
4104 /* If the current node is an optgroup element, then pop that node
4105 from the stack of open elements. Otherwise, this is a parse error,
4106 ignore the token. */
4107 if ($this->stack[$elements_in_stack - 1] === 'optgroup') {
4108 array_pop($this->stack);
4109 }
4110
4111 /* An end tag token whose tag name is "option" */
4112 } elseif ($token['type'] === HTML5::ENDTAG &&
4113 $token['name'] === 'option'
4114 ) {
4115 /* If the current node is an option element, then pop that node
4116 from the stack of open elements. Otherwise, this is a parse error,
4117 ignore the token. */
4118 if (end($this->stack)->nodeName === 'option') {
4119 array_pop($this->stack);
4120 }
4121
4122 /* An end tag whose tag name is "select" */
4123 } elseif ($token['type'] === HTML5::ENDTAG &&
4124 $token['name'] === 'select'
4125 ) {
4126 /* If the stack of open elements does not have an element in table
4127 scope with the same tag name as the token, this is a parse error.
4128 Ignore the token. (innerHTML case) */
4129 if (!$this->elementInScope($token['name'], true)) {
4130 // w/e
4131
4132 /* Otherwise: */
4133 } else {
4134 /* Pop elements from the stack of open elements until a select
4135 element has been popped from the stack. */
4136 while (true) {
4137 $current = end($this->stack)->nodeName;
4138 array_pop($this->stack);
4139
4140 if ($current === 'select') {
4141 break;
4142 }
4143 }
4144
4145 /* Reset the insertion mode appropriately. */
4146 $this->resetInsertionMode();
4147 }
4148
4149 /* A start tag whose tag name is "select" */
4150 } elseif ($token['name'] === 'select' &&
4151 $token['type'] === HTML5::STARTTAG
4152 ) {
4153 /* Parse error. Act as if the token had been an end tag with the
4154 tag name "select" instead. */
4155 $this->inSelect(
4156 array(
4157 'name' => 'select',
4158 'type' => HTML5::ENDTAG
4159 )
4160 );
4161
4162 /* An end tag whose tag name is one of: "caption", "table", "tbody",
4163 "tfoot", "thead", "tr", "td", "th" */
4164 } elseif (in_array(
4165 $token['name'],
4166 array(
4167 'caption',
4168 'table',
4169 'tbody',
4170 'tfoot',
4171 'thead',
4172 'tr',
4173 'td',
4174 'th'
4175 )
4176 ) && $token['type'] === HTML5::ENDTAG
4177 ) {
4178 /* Parse error. */
4179 // w/e
4180
4181 /* If the stack of open elements has an element in table scope with
4182 the same tag name as that of the token, then act as if an end tag
4183 with the tag name "select" had been seen, and reprocess the token.
4184 Otherwise, ignore the token. */
4185 if ($this->elementInScope($token['name'], true)) {
4186 $this->inSelect(
4187 array(
4188 'name' => 'select',
4189 'type' => HTML5::ENDTAG
4190 )
4191 );
4192
4193 $this->mainPhase($token);
4194 }
4195
4196 /* Anything else */
4197 } else {
4198 /* Parse error. Ignore the token. */
4199 }
4200 }
4201
4202 private function afterBody($token)
4203 {
4204 /* Handle the token as follows: */
4205
4206 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
4207 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
4208 or U+0020 SPACE */
4209 if ($token['type'] === HTML5::CHARACTR &&
4210 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
4211 ) {
4212 /* Process the token as it would be processed if the insertion mode
4213 was "in body". */
4214 $this->inBody($token);
4215
4216 /* A comment token */
4217 } elseif ($token['type'] === HTML5::COMMENT) {
4218 /* Append a Comment node to the first element in the stack of open
4219 elements (the html element), with the data attribute set to the
4220 data given in the comment token. */
4221 $comment = $this->dom->createComment($token['data']);
4222 $this->stack[0]->appendChild($comment);
4223
4224 /* An end tag with the tag name "html" */
4225 } elseif ($token['type'] === HTML5::ENDTAG && $token['name'] === 'html') {
4226 /* If the parser was originally created in order to handle the
4227 setting of an element's innerHTML attribute, this is a parse error;
4228 ignore the token. (The element will be an html element in this
4229 case.) (innerHTML case) */
4230
4231 /* Otherwise, switch to the trailing end phase. */
4232 $this->phase = self::END_PHASE;
4233
4234 /* Anything else */
4235 } else {
4236 /* Parse error. Set the insertion mode to "in body" and reprocess
4237 the token. */
4238 $this->mode = self::IN_BODY;
4239 return $this->inBody($token);
4240 }
4241 }
4242
4243 private function inFrameset($token)
4244 {
4245 /* Handle the token as follows: */
4246
4247 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
4248 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
4249 U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */
4250 if ($token['type'] === HTML5::CHARACTR &&
4251 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
4252 ) {
4253 /* Append the character to the current node. */
4254 $this->insertText($token['data']);
4255
4256 /* A comment token */
4257 } elseif ($token['type'] === HTML5::COMMENT) {
4258 /* Append a Comment node to the current node with the data
4259 attribute set to the data given in the comment token. */
4260 $this->insertComment($token['data']);
4261
4262 /* A start tag with the tag name "frameset" */
4263 } elseif ($token['name'] === 'frameset' &&
4264 $token['type'] === HTML5::STARTTAG
4265 ) {
4266 $this->insertElement($token);
4267
4268 /* An end tag with the tag name "frameset" */
4269 } elseif ($token['name'] === 'frameset' &&
4270 $token['type'] === HTML5::ENDTAG
4271 ) {
4272 /* If the current node is the root html element, then this is a
4273 parse error; ignore the token. (innerHTML case) */
4274 if (end($this->stack)->nodeName === 'html') {
4275 // Ignore
4276
4277 } else {
4278 /* Otherwise, pop the current node from the stack of open
4279 elements. */
4280 array_pop($this->stack);
4281
4282 /* If the parser was not originally created in order to handle
4283 the setting of an element's innerHTML attribute (innerHTML case),
4284 and the current node is no longer a frameset element, then change
4285 the insertion mode to "after frameset". */
4286 $this->mode = self::AFTR_FRAME;
4287 }
4288
4289 /* A start tag with the tag name "frame" */
4290 } elseif ($token['name'] === 'frame' &&
4291 $token['type'] === HTML5::STARTTAG
4292 ) {
4293 /* Insert an HTML element for the token. */
4294 $this->insertElement($token);
4295
4296 /* Immediately pop the current node off the stack of open elements. */
4297 array_pop($this->stack);
4298
4299 /* A start tag with the tag name "noframes" */
4300 } elseif ($token['name'] === 'noframes' &&
4301 $token['type'] === HTML5::STARTTAG
4302 ) {
4303 /* Process the token as if the insertion mode had been "in body". */
4304 $this->inBody($token);
4305
4306 /* Anything else */
4307 } else {
4308 /* Parse error. Ignore the token. */
4309 }
4310 }
4311
4312 private function afterFrameset($token)
4313 {
4314 /* Handle the token as follows: */
4315
4316 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
4317 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
4318 U+000D CARRIAGE RETURN (CR), or U+0020 SPACE */
4319 if ($token['type'] === HTML5::CHARACTR &&
4320 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
4321 ) {
4322 /* Append the character to the current node. */
4323 $this->insertText($token['data']);
4324
4325 /* A comment token */
4326 } elseif ($token['type'] === HTML5::COMMENT) {
4327 /* Append a Comment node to the current node with the data
4328 attribute set to the data given in the comment token. */
4329 $this->insertComment($token['data']);
4330
4331 /* An end tag with the tag name "html" */
4332 } elseif ($token['name'] === 'html' &&
4333 $token['type'] === HTML5::ENDTAG
4334 ) {
4335 /* Switch to the trailing end phase. */
4336 $this->phase = self::END_PHASE;
4337
4338 /* A start tag with the tag name "noframes" */
4339 } elseif ($token['name'] === 'noframes' &&
4340 $token['type'] === HTML5::STARTTAG
4341 ) {
4342 /* Process the token as if the insertion mode had been "in body". */
4343 $this->inBody($token);
4344
4345 /* Anything else */
4346 } else {
4347 /* Parse error. Ignore the token. */
4348 }
4349 }
4350
4351 private function trailingEndPhase($token)
4352 {
4353 /* After the main phase, as each token is emitted from the tokenisation
4354 stage, it must be processed as described in this section. */
4355
4356 /* A DOCTYPE token */
4357 if ($token['type'] === HTML5::DOCTYPE) {
4358 // Parse error. Ignore the token.
4359
4360 /* A comment token */
4361 } elseif ($token['type'] === HTML5::COMMENT) {
4362 /* Append a Comment node to the Document object with the data
4363 attribute set to the data given in the comment token. */
4364 $comment = $this->dom->createComment($token['data']);
4365 $this->dom->appendChild($comment);
4366
4367 /* A character token that is one of one of U+0009 CHARACTER TABULATION,
4368 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
4369 or U+0020 SPACE */
4370 } elseif ($token['type'] === HTML5::CHARACTR &&
4371 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])
4372 ) {
4373 /* Process the token as it would be processed in the main phase. */
4374 $this->mainPhase($token);
4375
4376 /* A character token that is not one of U+0009 CHARACTER TABULATION,
4377 U+000A LINE FEED (LF), U+000B LINE TABULATION, U+000C FORM FEED (FF),
4378 or U+0020 SPACE. Or a start tag token. Or an end tag token. */
4379 } elseif (($token['type'] === HTML5::CHARACTR &&
4380 preg_match('/^[\t\n\x0b\x0c ]+$/', $token['data'])) ||
4381 $token['type'] === HTML5::STARTTAG || $token['type'] === HTML5::ENDTAG
4382 ) {
4383 /* Parse error. Switch back to the main phase and reprocess the
4384 token. */
4385 $this->phase = self::MAIN_PHASE;
4386 return $this->mainPhase($token);
4387
4388 /* An end-of-file token */
4389 } elseif ($token['type'] === HTML5::EOF) {
4390 /* OMG DONE!! */
4391 }
4392 }
4393
4394 private function insertElement($token, $append = true, $check = false)
4395 {
4396 // Proprietary workaround for libxml2's limitations with tag names
4397 if ($check) {
4398 // Slightly modified HTML5 tag-name modification,
4399 // removing anything that's not an ASCII letter, digit, or hyphen
4400 $token['name'] = preg_replace('/[^a-z0-9-]/i', '', $token['name']);
4401 // Remove leading hyphens and numbers
4402 $token['name'] = ltrim($token['name'], '-0..9');
4403 // In theory, this should ever be needed, but just in case
4404 if ($token['name'] === '') {
4405 $token['name'] = 'span';
4406 } // arbitrary generic choice
4407 }
4408
4409 $el = $this->dom->createElement($token['name']);
4410
4411 foreach ($token['attr'] as $attr) {
4412 if (!$el->hasAttribute($attr['name'])) {
4413 $el->setAttribute($attr['name'], $attr['value']);
4414 }
4415 }
4416
4417 $this->appendToRealParent($el);
4418 $this->stack[] = $el;
4419
4420 return $el;
4421 }
4422
4423 private function insertText($data)
4424 {
4425 $text = $this->dom->createTextNode($data);
4426 $this->appendToRealParent($text);
4427 }
4428
4429 private function insertComment($data)
4430 {
4431 $comment = $this->dom->createComment($data);
4432 $this->appendToRealParent($comment);
4433 }
4434
4435 private function appendToRealParent($node)
4436 {
4437 if ($this->foster_parent === null) {
4438 end($this->stack)->appendChild($node);
4439
4440 } elseif ($this->foster_parent !== null) {
4441 /* If the foster parent element is the parent element of the
4442 last table element in the stack of open elements, then the new
4443 node must be inserted immediately before the last table element
4444 in the stack of open elements in the foster parent element;
4445 otherwise, the new node must be appended to the foster parent
4446 element. */
4447 for ($n = count($this->stack) - 1; $n >= 0; $n--) {
4448 if ($this->stack[$n]->nodeName === 'table' &&
4449 $this->stack[$n]->parentNode !== null
4450 ) {
4451 $table = $this->stack[$n];
4452 break;
4453 }
4454 }
4455
4456 if (isset($table) && $this->foster_parent->isSameNode($table->parentNode)) {
4457 $this->foster_parent->insertBefore($node, $table);
4458 } else {
4459 $this->foster_parent->appendChild($node);
4460 }
4461
4462 $this->foster_parent = null;
4463 }
4464 }
4465
4466 private function elementInScope($el, $table = false)
4467 {
4468 if (is_array($el)) {
4469 foreach ($el as $element) {
4470 if ($this->elementInScope($element, $table)) {
4471 return true;
4472 }
4473 }
4474
4475 return false;
4476 }
4477
4478 $leng = count($this->stack);
4479
4480 for ($n = 0; $n < $leng; $n++) {
4481 /* 1. Initialise node to be the current node (the bottommost node of
4482 the stack). */
4483 $node = $this->stack[$leng - 1 - $n];
4484
4485 if ($node->tagName === $el) {
4486 /* 2. If node is the target node, terminate in a match state. */
4487 return true;
4488
4489 } elseif ($node->tagName === 'table') {
4490 /* 3. Otherwise, if node is a table element, terminate in a failure
4491 state. */
4492 return false;
4493
4494 } elseif ($table === true && in_array(
4495 $node->tagName,
4496 array(
4497 'caption',
4498 'td',
4499 'th',
4500 'button',
4501 'marquee',
4502 'object'
4503 )
4504 )
4505 ) {
4506 /* 4. Otherwise, if the algorithm is the "has an element in scope"
4507 variant (rather than the "has an element in table scope" variant),
4508 and node is one of the following, terminate in a failure state. */
4509 return false;
4510
4511 } elseif ($node === $node->ownerDocument->documentElement) {
4512 /* 5. Otherwise, if node is an html element (root element), terminate
4513 in a failure state. (This can only happen if the node is the topmost
4514 node of the stack of open elements, and prevents the next step from
4515 being invoked if there are no more elements in the stack.) */
4516 return false;
4517 }
4518
4519 /* Otherwise, set node to the previous entry in the stack of open
4520 elements and return to step 2. (This will never fail, since the loop
4521 will always terminate in the previous step if the top of the stack
4522 is reached.) */
4523 }
4524 }
4525
4526 private function reconstructActiveFormattingElements()
4527 {
4528 /* 1. If there are no entries in the list of active formatting elements,
4529 then there is nothing to reconstruct; stop this algorithm. */
4530 $formatting_elements = count($this->a_formatting);
4531
4532 if ($formatting_elements === 0) {
4533 return false;
4534 }
4535
4536 /* 3. Let entry be the last (most recently added) element in the list
4537 of active formatting elements. */
4538 $entry = end($this->a_formatting);
4539
4540 /* 2. If the last (most recently added) entry in the list of active
4541 formatting elements is a marker, or if it is an element that is in the
4542 stack of open elements, then there is nothing to reconstruct; stop this
4543 algorithm. */
4544 if ($entry === self::MARKER || in_array($entry, $this->stack, true)) {
4545 return false;
4546 }
4547
4548 for ($a = $formatting_elements - 1; $a >= 0; true) {
4549 /* 4. If there are no entries before entry in the list of active
4550 formatting elements, then jump to step 8. */
4551 if ($a === 0) {
4552 $step_seven = false;
4553 break;
4554 }
4555
4556 /* 5. Let entry be the entry one earlier than entry in the list of
4557 active formatting elements. */
4558 $a--;
4559 $entry = $this->a_formatting[$a];
4560
4561 /* 6. If entry is neither a marker nor an element that is also in
4562 thetack of open elements, go to step 4. */
4563 if ($entry === self::MARKER || in_array($entry, $this->stack, true)) {
4564 break;
4565 }
4566 }
4567
4568 while (true) {
4569 /* 7. Let entry be the element one later than entry in the list of
4570 active formatting elements. */
4571 if (isset($step_seven) && $step_seven === true) {
4572 $a++;
4573 $entry = $this->a_formatting[$a];
4574 }
4575
4576 /* 8. Perform a shallow clone of the element entry to obtain clone. */
4577 $clone = $entry->cloneNode();
4578
4579 /* 9. Append clone to the current node and push it onto the stack
4580 of open elements so that it is the new current node. */
4581 end($this->stack)->appendChild($clone);
4582 $this->stack[] = $clone;
4583
4584 /* 10. Replace the entry for entry in the list with an entry for
4585 clone. */
4586 $this->a_formatting[$a] = $clone;
4587
4588 /* 11. If the entry for clone in the list of active formatting
4589 elements is not the last entry in the list, return to step 7. */
4590 if (end($this->a_formatting) !== $clone) {
4591 $step_seven = true;
4592 } else {
4593 break;
4594 }
4595 }
4596 }
4597
4598 private function clearTheActiveFormattingElementsUpToTheLastMarker()
4599 {
4600 /* When the steps below require the UA to clear the list of active
4601 formatting elements up to the last marker, the UA must perform the
4602 following steps: */
4603
4604 while (true) {
4605 /* 1. Let entry be the last (most recently added) entry in the list
4606 of active formatting elements. */
4607 $entry = end($this->a_formatting);
4608
4609 /* 2. Remove entry from the list of active formatting elements. */
4610 array_pop($this->a_formatting);
4611
4612 /* 3. If entry was a marker, then stop the algorithm at this point.
4613 The list has been cleared up to the last marker. */
4614 if ($entry === self::MARKER) {
4615 break;
4616 }
4617 }
4618 }
4619
4620 private function generateImpliedEndTags($exclude = array())
4621 {
4622 /* When the steps below require the UA to generate implied end tags,
4623 then, if the current node is a dd element, a dt element, an li element,
4624 a p element, a td element, a th element, or a tr element, the UA must
4625 act as if an end tag with the respective tag name had been seen and
4626 then generate implied end tags again. */
4627 $node = end($this->stack);
4628 $elements = array_diff(array('dd', 'dt', 'li', 'p', 'td', 'th', 'tr'), $exclude);
4629
4630 while (in_array(end($this->stack)->nodeName, $elements)) {
4631 array_pop($this->stack);
4632 }
4633 }
4634
4635 private function getElementCategory($node)
4636 {
4637 $name = $node->tagName;
4638 if (in_array($name, $this->special)) {
4639 return self::SPECIAL;
4640 } elseif (in_array($name, $this->scoping)) {
4641 return self::SCOPING;
4642 } elseif (in_array($name, $this->formatting)) {
4643 return self::FORMATTING;
4644 } else {
4645 return self::PHRASING;
4646 }
4647 }
4648
4649 private function clearStackToTableContext($elements)
4650 {
4651 /* When the steps above require the UA to clear the stack back to a
4652 table context, it means that the UA must, while the current node is not
4653 a table element or an html element, pop elements from the stack of open
4654 elements. If this causes any elements to be popped from the stack, then
4655 this is a parse error. */
4656 while (true) {
4657 $node = end($this->stack)->nodeName;
4658
4659 if (in_array($node, $elements)) {
4660 break;
4661 } else {
4662 array_pop($this->stack);
4663 }
4664 }
4665 }
4666
4667 private function resetInsertionMode()
4668 {
4669 /* 1. Let last be false. */
4670 $last = false;
4671 $leng = count($this->stack);
4672
4673 for ($n = $leng - 1; $n >= 0; $n--) {
4674 /* 2. Let node be the last node in the stack of open elements. */
4675 $node = $this->stack[$n];
4676
4677 /* 3. If node is the first node in the stack of open elements, then
4678 set last to true. If the element whose innerHTML attribute is being
4679 set is neither a td element nor a th element, then set node to the
4680 element whose innerHTML attribute is being set. (innerHTML case) */
4681 if ($this->stack[0]->isSameNode($node)) {
4682 $last = true;
4683 }
4684
4685 /* 4. If node is a select element, then switch the insertion mode to
4686 "in select" and abort these steps. (innerHTML case) */
4687 if ($node->nodeName === 'select') {
4688 $this->mode = self::IN_SELECT;
4689 break;
4690
4691 /* 5. If node is a td or th element, then switch the insertion mode
4692 to "in cell" and abort these steps. */
4693 } elseif ($node->nodeName === 'td' || $node->nodeName === 'th') {
4694 $this->mode = self::IN_CELL;
4695 break;
4696
4697 /* 6. If node is a tr element, then switch the insertion mode to
4698 "in row" and abort these steps. */
4699 } elseif ($node->nodeName === 'tr') {
4700 $this->mode = self::IN_ROW;
4701 break;
4702
4703 /* 7. If node is a tbody, thead, or tfoot element, then switch the
4704 insertion mode to "in table body" and abort these steps. */
4705 } elseif (in_array($node->nodeName, array('tbody', 'thead', 'tfoot'))) {
4706 $this->mode = self::IN_TBODY;
4707 break;
4708
4709 /* 8. If node is a caption element, then switch the insertion mode
4710 to "in caption" and abort these steps. */
4711 } elseif ($node->nodeName === 'caption') {
4712 $this->mode = self::IN_CAPTION;
4713 break;
4714
4715 /* 9. If node is a colgroup element, then switch the insertion mode
4716 to "in column group" and abort these steps. (innerHTML case) */
4717 } elseif ($node->nodeName === 'colgroup') {
4718 $this->mode = self::IN_CGROUP;
4719 break;
4720
4721 /* 10. If node is a table element, then switch the insertion mode
4722 to "in table" and abort these steps. */
4723 } elseif ($node->nodeName === 'table') {
4724 $this->mode = self::IN_TABLE;
4725 break;
4726
4727 /* 11. If node is a head element, then switch the insertion mode
4728 to "in body" ("in body"! not "in head"!) and abort these steps.
4729 (innerHTML case) */
4730 } elseif ($node->nodeName === 'head') {
4731 $this->mode = self::IN_BODY;
4732 break;
4733
4734 /* 12. If node is a body element, then switch the insertion mode to
4735 "in body" and abort these steps. */
4736 } elseif ($node->nodeName === 'body') {
4737 $this->mode = self::IN_BODY;
4738 break;
4739
4740 /* 13. If node is a frameset element, then switch the insertion
4741 mode to "in frameset" and abort these steps. (innerHTML case) */
4742 } elseif ($node->nodeName === 'frameset') {
4743 $this->mode = self::IN_FRAME;
4744 break;
4745
4746 /* 14. If node is an html element, then: if the head element
4747 pointer is null, switch the insertion mode to "before head",
4748 otherwise, switch the insertion mode to "after head". In either
4749 case, abort these steps. (innerHTML case) */
4750 } elseif ($node->nodeName === 'html') {
4751 $this->mode = ($this->head_pointer === null)
4752 ? self::BEFOR_HEAD
4753 : self::AFTER_HEAD;
4754
4755 break;
4756
4757 /* 15. If last is true, then set the insertion mode to "in body"
4758 and abort these steps. (innerHTML case) */
4759 } elseif ($last) {
4760 $this->mode = self::IN_BODY;
4761 break;
4762 }
4763 }
4764 }
4765
4766 private function closeCell()
4767 {
4768 /* If the stack of open elements has a td or th element in table scope,
4769 then act as if an end tag token with that tag name had been seen. */
4770 foreach (array('td', 'th') as $cell) {
4771 if ($this->elementInScope($cell, true)) {
4772 $this->inCell(
4773 array(
4774 'name' => $cell,
4775 'type' => HTML5::ENDTAG
4776 )
4777 );
4778
4779 break;
4780 }
4781 }
4782 }
4783
4784 public function save()
4785 {
4786 return $this->dom;
4787 }
4788}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Node.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node.php
new file mode 100644
index 00000000..d7dcf623
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node.php
@@ -0,0 +1,49 @@
1<?php
2
3/**
4 * Abstract base node class that all others inherit from.
5 *
6 * Why do we not use the DOM extension? (1) It is not always available,
7 * (2) it has funny constraints on the data it can represent,
8 * whereas we want a maximally flexible representation, and (3) its
9 * interface is a bit cumbersome.
10 */
11abstract class HTMLPurifier_Node
12{
13 /**
14 * Line number of the start token in the source document
15 * @type int
16 */
17 public $line;
18
19 /**
20 * Column number of the start token in the source document. Null if unknown.
21 * @type int
22 */
23 public $col;
24
25 /**
26 * Lookup array of processing that this token is exempt from.
27 * Currently, valid values are "ValidateAttributes".
28 * @type array
29 */
30 public $armor = array();
31
32 /**
33 * When true, this node should be ignored as non-existent.
34 *
35 * Who is responsible for ignoring dead nodes? FixNesting is
36 * responsible for removing them before passing on to child
37 * validators.
38 */
39 public $dead = false;
40
41 /**
42 * Returns a pair of start and end tokens, where the end token
43 * is null if it is not necessary. Does not include children.
44 * @type array
45 */
46 abstract public function toTokenPair();
47}
48
49// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Comment.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Comment.php
new file mode 100644
index 00000000..11f3245d
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Comment.php
@@ -0,0 +1,36 @@
1<?php
2
3/**
4 * Concrete comment node class.
5 */
6class HTMLPurifier_Node_Comment extends HTMLPurifier_Node
7{
8 /**
9 * Character data within comment.
10 * @type string
11 */
12 public $data;
13
14 /**
15 * @type bool
16 */
17 public $is_whitespace = true;
18
19 /**
20 * Transparent constructor.
21 *
22 * @param string $data String comment data.
23 * @param int $line
24 * @param int $col
25 */
26 public function __construct($data, $line = null, $col = null)
27 {
28 $this->data = $data;
29 $this->line = $line;
30 $this->col = $col;
31 }
32
33 public function toTokenPair() {
34 return array(new HTMLPurifier_Token_Comment($this->data, $this->line, $this->col), null);
35 }
36}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Element.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Element.php
new file mode 100644
index 00000000..7db4d025
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Element.php
@@ -0,0 +1,59 @@
1<?php
2
3/**
4 * Concrete element node class.
5 */
6class HTMLPurifier_Node_Element extends HTMLPurifier_Node
7{
8 /**
9 * The lower-case name of the tag, like 'a', 'b' or 'blockquote'.
10 *
11 * @note Strictly speaking, XML tags are case sensitive, so we shouldn't
12 * be lower-casing them, but these tokens cater to HTML tags, which are
13 * insensitive.
14 * @type string
15 */
16 public $name;
17
18 /**
19 * Associative array of the node's attributes.
20 * @type array
21 */
22 public $attr = array();
23
24 /**
25 * List of child elements.
26 * @type array
27 */
28 public $children = array();
29
30 /**
31 * Does this use the <a></a> form or the </a> form, i.e.
32 * is it a pair of start/end tokens or an empty token.
33 * @bool
34 */
35 public $empty = false;
36
37 public $endCol = null, $endLine = null, $endArmor = array();
38
39 public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array()) {
40 $this->name = $name;
41 $this->attr = $attr;
42 $this->line = $line;
43 $this->col = $col;
44 $this->armor = $armor;
45 }
46
47 public function toTokenPair() {
48 // XXX inefficiency here, normalization is not necessary
49 if ($this->empty) {
50 return array(new HTMLPurifier_Token_Empty($this->name, $this->attr, $this->line, $this->col, $this->armor), null);
51 } else {
52 $start = new HTMLPurifier_Token_Start($this->name, $this->attr, $this->line, $this->col, $this->armor);
53 $end = new HTMLPurifier_Token_End($this->name, array(), $this->endLine, $this->endCol, $this->endArmor);
54 //$end->start = $start;
55 return array($start, $end);
56 }
57 }
58}
59
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Text.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Text.php
new file mode 100644
index 00000000..f51d861a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Node/Text.php
@@ -0,0 +1,54 @@
1<?php
2
3/**
4 * Concrete text token class.
5 *
6 * Text tokens comprise of regular parsed character data (PCDATA) and raw
7 * character data (from the CDATA sections). Internally, their
8 * data is parsed with all entities expanded. Surprisingly, the text token
9 * does have a "tag name" called #PCDATA, which is how the DTD represents it
10 * in permissible child nodes.
11 */
12class HTMLPurifier_Node_Text extends HTMLPurifier_Node
13{
14
15 /**
16 * PCDATA tag name compatible with DTD, see
17 * HTMLPurifier_ChildDef_Custom for details.
18 * @type string
19 */
20 public $name = '#PCDATA';
21
22 /**
23 * @type string
24 */
25 public $data;
26 /**< Parsed character data of text. */
27
28 /**
29 * @type bool
30 */
31 public $is_whitespace;
32
33 /**< Bool indicating if node is whitespace. */
34
35 /**
36 * Constructor, accepts data and determines if it is whitespace.
37 * @param string $data String parsed character data.
38 * @param int $line
39 * @param int $col
40 */
41 public function __construct($data, $is_whitespace, $line = null, $col = null)
42 {
43 $this->data = $data;
44 $this->is_whitespace = $is_whitespace;
45 $this->line = $line;
46 $this->col = $col;
47 }
48
49 public function toTokenPair() {
50 return array(new HTMLPurifier_Token_Text($this->data, $this->line, $this->col), null);
51 }
52}
53
54// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/PercentEncoder.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/PercentEncoder.php
new file mode 100644
index 00000000..fb9fd1fc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/PercentEncoder.php
@@ -0,0 +1,111 @@
1<?php
2
3/**
4 * Class that handles operations involving percent-encoding in URIs.
5 *
6 * @warning
7 * Be careful when reusing instances of PercentEncoder. The object
8 * you use for normalize() SHOULD NOT be used for encode(), or
9 * vice-versa.
10 */
11class HTMLPurifier_PercentEncoder
12{
13
14 /**
15 * Reserved characters to preserve when using encode().
16 * @type array
17 */
18 protected $preserve = array();
19
20 /**
21 * String of characters that should be preserved while using encode().
22 * @param bool $preserve
23 */
24 public function __construct($preserve = false)
25 {
26 // unreserved letters, ought to const-ify
27 for ($i = 48; $i <= 57; $i++) { // digits
28 $this->preserve[$i] = true;
29 }
30 for ($i = 65; $i <= 90; $i++) { // upper-case
31 $this->preserve[$i] = true;
32 }
33 for ($i = 97; $i <= 122; $i++) { // lower-case
34 $this->preserve[$i] = true;
35 }
36 $this->preserve[45] = true; // Dash -
37 $this->preserve[46] = true; // Period .
38 $this->preserve[95] = true; // Underscore _
39 $this->preserve[126]= true; // Tilde ~
40
41 // extra letters not to escape
42 if ($preserve !== false) {
43 for ($i = 0, $c = strlen($preserve); $i < $c; $i++) {
44 $this->preserve[ord($preserve[$i])] = true;
45 }
46 }
47 }
48
49 /**
50 * Our replacement for urlencode, it encodes all non-reserved characters,
51 * as well as any extra characters that were instructed to be preserved.
52 * @note
53 * Assumes that the string has already been normalized, making any
54 * and all percent escape sequences valid. Percents will not be
55 * re-escaped, regardless of their status in $preserve
56 * @param string $string String to be encoded
57 * @return string Encoded string.
58 */
59 public function encode($string)
60 {
61 $ret = '';
62 for ($i = 0, $c = strlen($string); $i < $c; $i++) {
63 if ($string[$i] !== '%' && !isset($this->preserve[$int = ord($string[$i])])) {
64 $ret .= '%' . sprintf('%02X', $int);
65 } else {
66 $ret .= $string[$i];
67 }
68 }
69 return $ret;
70 }
71
72 /**
73 * Fix up percent-encoding by decoding unreserved characters and normalizing.
74 * @warning This function is affected by $preserve, even though the
75 * usual desired behavior is for this not to preserve those
76 * characters. Be careful when reusing instances of PercentEncoder!
77 * @param string $string String to normalize
78 * @return string
79 */
80 public function normalize($string)
81 {
82 if ($string == '') {
83 return '';
84 }
85 $parts = explode('%', $string);
86 $ret = array_shift($parts);
87 foreach ($parts as $part) {
88 $length = strlen($part);
89 if ($length < 2) {
90 $ret .= '%25' . $part;
91 continue;
92 }
93 $encoding = substr($part, 0, 2);
94 $text = substr($part, 2);
95 if (!ctype_xdigit($encoding)) {
96 $ret .= '%25' . $part;
97 continue;
98 }
99 $int = hexdec($encoding);
100 if (isset($this->preserve[$int])) {
101 $ret .= chr($int) . $text;
102 continue;
103 }
104 $encoding = strtoupper($encoding);
105 $ret .= '%' . $encoding . $text;
106 }
107 return $ret;
108 }
109}
110
111// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer.php
new file mode 100644
index 00000000..16acd415
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer.php
@@ -0,0 +1,218 @@
1<?php
2
3// OUT OF DATE, NEEDS UPDATING!
4// USE XMLWRITER!
5
6class HTMLPurifier_Printer
7{
8
9 /**
10 * For HTML generation convenience funcs.
11 * @type HTMLPurifier_Generator
12 */
13 protected $generator;
14
15 /**
16 * For easy access.
17 * @type HTMLPurifier_Config
18 */
19 protected $config;
20
21 /**
22 * Initialize $generator.
23 */
24 public function __construct()
25 {
26 }
27
28 /**
29 * Give generator necessary configuration if possible
30 * @param HTMLPurifier_Config $config
31 */
32 public function prepareGenerator($config)
33 {
34 $all = $config->getAll();
35 $context = new HTMLPurifier_Context();
36 $this->generator = new HTMLPurifier_Generator($config, $context);
37 }
38
39 /**
40 * Main function that renders object or aspect of that object
41 * @note Parameters vary depending on printer
42 */
43 // function render() {}
44
45 /**
46 * Returns a start tag
47 * @param string $tag Tag name
48 * @param array $attr Attribute array
49 * @return string
50 */
51 protected function start($tag, $attr = array())
52 {
53 return $this->generator->generateFromToken(
54 new HTMLPurifier_Token_Start($tag, $attr ? $attr : array())
55 );
56 }
57
58 /**
59 * Returns an end tag
60 * @param string $tag Tag name
61 * @return string
62 */
63 protected function end($tag)
64 {
65 return $this->generator->generateFromToken(
66 new HTMLPurifier_Token_End($tag)
67 );
68 }
69
70 /**
71 * Prints a complete element with content inside
72 * @param string $tag Tag name
73 * @param string $contents Element contents
74 * @param array $attr Tag attributes
75 * @param bool $escape whether or not to escape contents
76 * @return string
77 */
78 protected function element($tag, $contents, $attr = array(), $escape = true)
79 {
80 return $this->start($tag, $attr) .
81 ($escape ? $this->escape($contents) : $contents) .
82 $this->end($tag);
83 }
84
85 /**
86 * @param string $tag
87 * @param array $attr
88 * @return string
89 */
90 protected function elementEmpty($tag, $attr = array())
91 {
92 return $this->generator->generateFromToken(
93 new HTMLPurifier_Token_Empty($tag, $attr)
94 );
95 }
96
97 /**
98 * @param string $text
99 * @return string
100 */
101 protected function text($text)
102 {
103 return $this->generator->generateFromToken(
104 new HTMLPurifier_Token_Text($text)
105 );
106 }
107
108 /**
109 * Prints a simple key/value row in a table.
110 * @param string $name Key
111 * @param mixed $value Value
112 * @return string
113 */
114 protected function row($name, $value)
115 {
116 if (is_bool($value)) {
117 $value = $value ? 'On' : 'Off';
118 }
119 return
120 $this->start('tr') . "\n" .
121 $this->element('th', $name) . "\n" .
122 $this->element('td', $value) . "\n" .
123 $this->end('tr');
124 }
125
126 /**
127 * Escapes a string for HTML output.
128 * @param string $string String to escape
129 * @return string
130 */
131 protected function escape($string)
132 {
133 $string = HTMLPurifier_Encoder::cleanUTF8($string);
134 $string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
135 return $string;
136 }
137
138 /**
139 * Takes a list of strings and turns them into a single list
140 * @param string[] $array List of strings
141 * @param bool $polite Bool whether or not to add an end before the last
142 * @return string
143 */
144 protected function listify($array, $polite = false)
145 {
146 if (empty($array)) {
147 return 'None';
148 }
149 $ret = '';
150 $i = count($array);
151 foreach ($array as $value) {
152 $i--;
153 $ret .= $value;
154 if ($i > 0 && !($polite && $i == 1)) {
155 $ret .= ', ';
156 }
157 if ($polite && $i == 1) {
158 $ret .= 'and ';
159 }
160 }
161 return $ret;
162 }
163
164 /**
165 * Retrieves the class of an object without prefixes, as well as metadata
166 * @param object $obj Object to determine class of
167 * @param string $sec_prefix Further prefix to remove
168 * @return string
169 */
170 protected function getClass($obj, $sec_prefix = '')
171 {
172 static $five = null;
173 if ($five === null) {
174 $five = version_compare(PHP_VERSION, '5', '>=');
175 }
176 $prefix = 'HTMLPurifier_' . $sec_prefix;
177 if (!$five) {
178 $prefix = strtolower($prefix);
179 }
180 $class = str_replace($prefix, '', get_class($obj));
181 $lclass = strtolower($class);
182 $class .= '(';
183 switch ($lclass) {
184 case 'enum':
185 $values = array();
186 foreach ($obj->valid_values as $value => $bool) {
187 $values[] = $value;
188 }
189 $class .= implode(', ', $values);
190 break;
191 case 'css_composite':
192 $values = array();
193 foreach ($obj->defs as $def) {
194 $values[] = $this->getClass($def, $sec_prefix);
195 }
196 $class .= implode(', ', $values);
197 break;
198 case 'css_multiple':
199 $class .= $this->getClass($obj->single, $sec_prefix) . ', ';
200 $class .= $obj->max;
201 break;
202 case 'css_denyelementdecorator':
203 $class .= $this->getClass($obj->def, $sec_prefix) . ', ';
204 $class .= $obj->element;
205 break;
206 case 'css_importantdecorator':
207 $class .= $this->getClass($obj->def, $sec_prefix);
208 if ($obj->allow) {
209 $class .= ', !important';
210 }
211 break;
212 }
213 $class .= ')';
214 return $class;
215 }
216}
217
218// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/CSSDefinition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/CSSDefinition.php
new file mode 100644
index 00000000..afc8c18a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/CSSDefinition.php
@@ -0,0 +1,44 @@
1<?php
2
3class HTMLPurifier_Printer_CSSDefinition extends HTMLPurifier_Printer
4{
5 /**
6 * @type HTMLPurifier_CSSDefinition
7 */
8 protected $def;
9
10 /**
11 * @param HTMLPurifier_Config $config
12 * @return string
13 */
14 public function render($config)
15 {
16 $this->def = $config->getCSSDefinition();
17 $ret = '';
18
19 $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
20 $ret .= $this->start('table');
21
22 $ret .= $this->element('caption', 'Properties ($info)');
23
24 $ret .= $this->start('thead');
25 $ret .= $this->start('tr');
26 $ret .= $this->element('th', 'Property', array('class' => 'heavy'));
27 $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
28 $ret .= $this->end('tr');
29 $ret .= $this->end('thead');
30
31 ksort($this->def->info);
32 foreach ($this->def->info as $property => $obj) {
33 $name = $this->getClass($obj, 'AttrDef_');
34 $ret .= $this->row($property, $name);
35 }
36
37 $ret .= $this->end('table');
38 $ret .= $this->end('div');
39
40 return $ret;
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css
new file mode 100644
index 00000000..7af30fc3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css
@@ -0,0 +1,10 @@
1
2.hp-config {}
3
4.hp-config tbody th {text-align:right; padding-right:0.5em;}
5.hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;}
6.hp-config .namespace th {text-align:center;}
7.hp-config .verbose {display:none;}
8.hp-config .controls {text-align:center;}
9
10/* vim: et sw=4 sts=4 */
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js
new file mode 100644
index 00000000..83e06553
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.js
@@ -0,0 +1,5 @@
1function toggleWriteability(id_of_patient, checked) {
2 document.getElementById(id_of_patient).disabled = checked;
3}
4
5// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.php
new file mode 100644
index 00000000..660960f3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/ConfigForm.php
@@ -0,0 +1,447 @@
1<?php
2
3/**
4 * @todo Rewrite to use Interchange objects
5 */
6class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
7{
8
9 /**
10 * Printers for specific fields.
11 * @type HTMLPurifier_Printer[]
12 */
13 protected $fields = array();
14
15 /**
16 * Documentation URL, can have fragment tagged on end.
17 * @type string
18 */
19 protected $docURL;
20
21 /**
22 * Name of form element to stuff config in.
23 * @type string
24 */
25 protected $name;
26
27 /**
28 * Whether or not to compress directive names, clipping them off
29 * after a certain amount of letters. False to disable or integer letters
30 * before clipping.
31 * @type bool
32 */
33 protected $compress = false;
34
35 /**
36 * @param string $name Form element name for directives to be stuffed into
37 * @param string $doc_url String documentation URL, will have fragment tagged on
38 * @param bool $compress Integer max length before compressing a directive name, set to false to turn off
39 */
40 public function __construct(
41 $name,
42 $doc_url = null,
43 $compress = false
44 ) {
45 parent::__construct();
46 $this->docURL = $doc_url;
47 $this->name = $name;
48 $this->compress = $compress;
49 // initialize sub-printers
50 $this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default();
51 $this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
52 }
53
54 /**
55 * Sets default column and row size for textareas in sub-printers
56 * @param $cols Integer columns of textarea, null to use default
57 * @param $rows Integer rows of textarea, null to use default
58 */
59 public function setTextareaDimensions($cols = null, $rows = null)
60 {
61 if ($cols) {
62 $this->fields['default']->cols = $cols;
63 }
64 if ($rows) {
65 $this->fields['default']->rows = $rows;
66 }
67 }
68
69 /**
70 * Retrieves styling, in case it is not accessible by webserver
71 */
72 public static function getCSS()
73 {
74 return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.css');
75 }
76
77 /**
78 * Retrieves JavaScript, in case it is not accessible by webserver
79 */
80 public static function getJavaScript()
81 {
82 return file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/Printer/ConfigForm.js');
83 }
84
85 /**
86 * Returns HTML output for a configuration form
87 * @param HTMLPurifier_Config|array $config Configuration object of current form state, or an array
88 * where [0] has an HTML namespace and [1] is being rendered.
89 * @param array|bool $allowed Optional namespace(s) and directives to restrict form to.
90 * @param bool $render_controls
91 * @return string
92 */
93 public function render($config, $allowed = true, $render_controls = true)
94 {
95 if (is_array($config) && isset($config[0])) {
96 $gen_config = $config[0];
97 $config = $config[1];
98 } else {
99 $gen_config = $config;
100 }
101
102 $this->config = $config;
103 $this->genConfig = $gen_config;
104 $this->prepareGenerator($gen_config);
105
106 $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $config->def);
107 $all = array();
108 foreach ($allowed as $key) {
109 list($ns, $directive) = $key;
110 $all[$ns][$directive] = $config->get($ns . '.' . $directive);
111 }
112
113 $ret = '';
114 $ret .= $this->start('table', array('class' => 'hp-config'));
115 $ret .= $this->start('thead');
116 $ret .= $this->start('tr');
117 $ret .= $this->element('th', 'Directive', array('class' => 'hp-directive'));
118 $ret .= $this->element('th', 'Value', array('class' => 'hp-value'));
119 $ret .= $this->end('tr');
120 $ret .= $this->end('thead');
121 foreach ($all as $ns => $directives) {
122 $ret .= $this->renderNamespace($ns, $directives);
123 }
124 if ($render_controls) {
125 $ret .= $this->start('tbody');
126 $ret .= $this->start('tr');
127 $ret .= $this->start('td', array('colspan' => 2, 'class' => 'controls'));
128 $ret .= $this->elementEmpty('input', array('type' => 'submit', 'value' => 'Submit'));
129 $ret .= '[<a href="?">Reset</a>]';
130 $ret .= $this->end('td');
131 $ret .= $this->end('tr');
132 $ret .= $this->end('tbody');
133 }
134 $ret .= $this->end('table');
135 return $ret;
136 }
137
138 /**
139 * Renders a single namespace
140 * @param $ns String namespace name
141 * @param array $directives array of directives to values
142 * @return string
143 */
144 protected function renderNamespace($ns, $directives)
145 {
146 $ret = '';
147 $ret .= $this->start('tbody', array('class' => 'namespace'));
148 $ret .= $this->start('tr');
149 $ret .= $this->element('th', $ns, array('colspan' => 2));
150 $ret .= $this->end('tr');
151 $ret .= $this->end('tbody');
152 $ret .= $this->start('tbody');
153 foreach ($directives as $directive => $value) {
154 $ret .= $this->start('tr');
155 $ret .= $this->start('th');
156 if ($this->docURL) {
157 $url = str_replace('%s', urlencode("$ns.$directive"), $this->docURL);
158 $ret .= $this->start('a', array('href' => $url));
159 }
160 $attr = array('for' => "{$this->name}:$ns.$directive");
161
162 // crop directive name if it's too long
163 if (!$this->compress || (strlen($directive) < $this->compress)) {
164 $directive_disp = $directive;
165 } else {
166 $directive_disp = substr($directive, 0, $this->compress - 2) . '...';
167 $attr['title'] = $directive;
168 }
169
170 $ret .= $this->element(
171 'label',
172 $directive_disp,
173 // component printers must create an element with this id
174 $attr
175 );
176 if ($this->docURL) {
177 $ret .= $this->end('a');
178 }
179 $ret .= $this->end('th');
180
181 $ret .= $this->start('td');
182 $def = $this->config->def->info["$ns.$directive"];
183 if (is_int($def)) {
184 $allow_null = $def < 0;
185 $type = abs($def);
186 } else {
187 $type = $def->type;
188 $allow_null = isset($def->allow_null);
189 }
190 if (!isset($this->fields[$type])) {
191 $type = 0;
192 } // default
193 $type_obj = $this->fields[$type];
194 if ($allow_null) {
195 $type_obj = new HTMLPurifier_Printer_ConfigForm_NullDecorator($type_obj);
196 }
197 $ret .= $type_obj->render($ns, $directive, $value, $this->name, array($this->genConfig, $this->config));
198 $ret .= $this->end('td');
199 $ret .= $this->end('tr');
200 }
201 $ret .= $this->end('tbody');
202 return $ret;
203 }
204
205}
206
207/**
208 * Printer decorator for directives that accept null
209 */
210class HTMLPurifier_Printer_ConfigForm_NullDecorator extends HTMLPurifier_Printer
211{
212 /**
213 * Printer being decorated
214 * @type HTMLPurifier_Printer
215 */
216 protected $obj;
217
218 /**
219 * @param HTMLPurifier_Printer $obj Printer to decorate
220 */
221 public function __construct($obj)
222 {
223 parent::__construct();
224 $this->obj = $obj;
225 }
226
227 /**
228 * @param string $ns
229 * @param string $directive
230 * @param string $value
231 * @param string $name
232 * @param HTMLPurifier_Config|array $config
233 * @return string
234 */
235 public function render($ns, $directive, $value, $name, $config)
236 {
237 if (is_array($config) && isset($config[0])) {
238 $gen_config = $config[0];
239 $config = $config[1];
240 } else {
241 $gen_config = $config;
242 }
243 $this->prepareGenerator($gen_config);
244
245 $ret = '';
246 $ret .= $this->start('label', array('for' => "$name:Null_$ns.$directive"));
247 $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
248 $ret .= $this->text(' Null/Disabled');
249 $ret .= $this->end('label');
250 $attr = array(
251 'type' => 'checkbox',
252 'value' => '1',
253 'class' => 'null-toggle',
254 'name' => "$name" . "[Null_$ns.$directive]",
255 'id' => "$name:Null_$ns.$directive",
256 'onclick' => "toggleWriteability('$name:$ns.$directive',checked)" // INLINE JAVASCRIPT!!!!
257 );
258 if ($this->obj instanceof HTMLPurifier_Printer_ConfigForm_bool) {
259 // modify inline javascript slightly
260 $attr['onclick'] =
261 "toggleWriteability('$name:Yes_$ns.$directive',checked);" .
262 "toggleWriteability('$name:No_$ns.$directive',checked)";
263 }
264 if ($value === null) {
265 $attr['checked'] = 'checked';
266 }
267 $ret .= $this->elementEmpty('input', $attr);
268 $ret .= $this->text(' or ');
269 $ret .= $this->elementEmpty('br');
270 $ret .= $this->obj->render($ns, $directive, $value, $name, array($gen_config, $config));
271 return $ret;
272 }
273}
274
275/**
276 * Swiss-army knife configuration form field printer
277 */
278class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer
279{
280 /**
281 * @type int
282 */
283 public $cols = 18;
284
285 /**
286 * @type int
287 */
288 public $rows = 5;
289
290 /**
291 * @param string $ns
292 * @param string $directive
293 * @param string $value
294 * @param string $name
295 * @param HTMLPurifier_Config|array $config
296 * @return string
297 */
298 public function render($ns, $directive, $value, $name, $config)
299 {
300 if (is_array($config) && isset($config[0])) {
301 $gen_config = $config[0];
302 $config = $config[1];
303 } else {
304 $gen_config = $config;
305 }
306 $this->prepareGenerator($gen_config);
307 // this should probably be split up a little
308 $ret = '';
309 $def = $config->def->info["$ns.$directive"];
310 if (is_int($def)) {
311 $type = abs($def);
312 } else {
313 $type = $def->type;
314 }
315 if (is_array($value)) {
316 switch ($type) {
317 case HTMLPurifier_VarParser::LOOKUP:
318 $array = $value;
319 $value = array();
320 foreach ($array as $val => $b) {
321 $value[] = $val;
322 }
323 //TODO does this need a break?
324 case HTMLPurifier_VarParser::ALIST:
325 $value = implode(PHP_EOL, $value);
326 break;
327 case HTMLPurifier_VarParser::HASH:
328 $nvalue = '';
329 foreach ($value as $i => $v) {
330 $nvalue .= "$i:$v" . PHP_EOL;
331 }
332 $value = $nvalue;
333 break;
334 default:
335 $value = '';
336 }
337 }
338 if ($type === HTMLPurifier_VarParser::MIXED) {
339 return 'Not supported';
340 $value = serialize($value);
341 }
342 $attr = array(
343 'name' => "$name" . "[$ns.$directive]",
344 'id' => "$name:$ns.$directive"
345 );
346 if ($value === null) {
347 $attr['disabled'] = 'disabled';
348 }
349 if (isset($def->allowed)) {
350 $ret .= $this->start('select', $attr);
351 foreach ($def->allowed as $val => $b) {
352 $attr = array();
353 if ($value == $val) {
354 $attr['selected'] = 'selected';
355 }
356 $ret .= $this->element('option', $val, $attr);
357 }
358 $ret .= $this->end('select');
359 } elseif ($type === HTMLPurifier_VarParser::TEXT ||
360 $type === HTMLPurifier_VarParser::ITEXT ||
361 $type === HTMLPurifier_VarParser::ALIST ||
362 $type === HTMLPurifier_VarParser::HASH ||
363 $type === HTMLPurifier_VarParser::LOOKUP) {
364 $attr['cols'] = $this->cols;
365 $attr['rows'] = $this->rows;
366 $ret .= $this->start('textarea', $attr);
367 $ret .= $this->text($value);
368 $ret .= $this->end('textarea');
369 } else {
370 $attr['value'] = $value;
371 $attr['type'] = 'text';
372 $ret .= $this->elementEmpty('input', $attr);
373 }
374 return $ret;
375 }
376}
377
378/**
379 * Bool form field printer
380 */
381class HTMLPurifier_Printer_ConfigForm_bool extends HTMLPurifier_Printer
382{
383 /**
384 * @param string $ns
385 * @param string $directive
386 * @param string $value
387 * @param string $name
388 * @param HTMLPurifier_Config|array $config
389 * @return string
390 */
391 public function render($ns, $directive, $value, $name, $config)
392 {
393 if (is_array($config) && isset($config[0])) {
394 $gen_config = $config[0];
395 $config = $config[1];
396 } else {
397 $gen_config = $config;
398 }
399 $this->prepareGenerator($gen_config);
400 $ret = '';
401 $ret .= $this->start('div', array('id' => "$name:$ns.$directive"));
402
403 $ret .= $this->start('label', array('for' => "$name:Yes_$ns.$directive"));
404 $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
405 $ret .= $this->text(' Yes');
406 $ret .= $this->end('label');
407
408 $attr = array(
409 'type' => 'radio',
410 'name' => "$name" . "[$ns.$directive]",
411 'id' => "$name:Yes_$ns.$directive",
412 'value' => '1'
413 );
414 if ($value === true) {
415 $attr['checked'] = 'checked';
416 }
417 if ($value === null) {
418 $attr['disabled'] = 'disabled';
419 }
420 $ret .= $this->elementEmpty('input', $attr);
421
422 $ret .= $this->start('label', array('for' => "$name:No_$ns.$directive"));
423 $ret .= $this->element('span', "$ns.$directive:", array('class' => 'verbose'));
424 $ret .= $this->text(' No');
425 $ret .= $this->end('label');
426
427 $attr = array(
428 'type' => 'radio',
429 'name' => "$name" . "[$ns.$directive]",
430 'id' => "$name:No_$ns.$directive",
431 'value' => '0'
432 );
433 if ($value === false) {
434 $attr['checked'] = 'checked';
435 }
436 if ($value === null) {
437 $attr['disabled'] = 'disabled';
438 }
439 $ret .= $this->elementEmpty('input', $attr);
440
441 $ret .= $this->end('div');
442
443 return $ret;
444 }
445}
446
447// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/HTMLDefinition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/HTMLDefinition.php
new file mode 100644
index 00000000..679d19ba
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Printer/HTMLDefinition.php
@@ -0,0 +1,324 @@
1<?php
2
3class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
4{
5
6 /**
7 * @type HTMLPurifier_HTMLDefinition, for easy access
8 */
9 protected $def;
10
11 /**
12 * @param HTMLPurifier_Config $config
13 * @return string
14 */
15 public function render($config)
16 {
17 $ret = '';
18 $this->config =& $config;
19
20 $this->def = $config->getHTMLDefinition();
21
22 $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
23
24 $ret .= $this->renderDoctype();
25 $ret .= $this->renderEnvironment();
26 $ret .= $this->renderContentSets();
27 $ret .= $this->renderInfo();
28
29 $ret .= $this->end('div');
30
31 return $ret;
32 }
33
34 /**
35 * Renders the Doctype table
36 * @return string
37 */
38 protected function renderDoctype()
39 {
40 $doctype = $this->def->doctype;
41 $ret = '';
42 $ret .= $this->start('table');
43 $ret .= $this->element('caption', 'Doctype');
44 $ret .= $this->row('Name', $doctype->name);
45 $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
46 $ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
47 $ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
48 $ret .= $this->end('table');
49 return $ret;
50 }
51
52
53 /**
54 * Renders environment table, which is miscellaneous info
55 * @return string
56 */
57 protected function renderEnvironment()
58 {
59 $def = $this->def;
60
61 $ret = '';
62
63 $ret .= $this->start('table');
64 $ret .= $this->element('caption', 'Environment');
65
66 $ret .= $this->row('Parent of fragment', $def->info_parent);
67 $ret .= $this->renderChildren($def->info_parent_def->child);
68 $ret .= $this->row('Block wrap name', $def->info_block_wrapper);
69
70 $ret .= $this->start('tr');
71 $ret .= $this->element('th', 'Global attributes');
72 $ret .= $this->element('td', $this->listifyAttr($def->info_global_attr), null, 0);
73 $ret .= $this->end('tr');
74
75 $ret .= $this->start('tr');
76 $ret .= $this->element('th', 'Tag transforms');
77 $list = array();
78 foreach ($def->info_tag_transform as $old => $new) {
79 $new = $this->getClass($new, 'TagTransform_');
80 $list[] = "<$old> with $new";
81 }
82 $ret .= $this->element('td', $this->listify($list));
83 $ret .= $this->end('tr');
84
85 $ret .= $this->start('tr');
86 $ret .= $this->element('th', 'Pre-AttrTransform');
87 $ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_pre));
88 $ret .= $this->end('tr');
89
90 $ret .= $this->start('tr');
91 $ret .= $this->element('th', 'Post-AttrTransform');
92 $ret .= $this->element('td', $this->listifyObjectList($def->info_attr_transform_post));
93 $ret .= $this->end('tr');
94
95 $ret .= $this->end('table');
96 return $ret;
97 }
98
99 /**
100 * Renders the Content Sets table
101 * @return string
102 */
103 protected function renderContentSets()
104 {
105 $ret = '';
106 $ret .= $this->start('table');
107 $ret .= $this->element('caption', 'Content Sets');
108 foreach ($this->def->info_content_sets as $name => $lookup) {
109 $ret .= $this->heavyHeader($name);
110 $ret .= $this->start('tr');
111 $ret .= $this->element('td', $this->listifyTagLookup($lookup));
112 $ret .= $this->end('tr');
113 }
114 $ret .= $this->end('table');
115 return $ret;
116 }
117
118 /**
119 * Renders the Elements ($info) table
120 * @return string
121 */
122 protected function renderInfo()
123 {
124 $ret = '';
125 $ret .= $this->start('table');
126 $ret .= $this->element('caption', 'Elements ($info)');
127 ksort($this->def->info);
128 $ret .= $this->heavyHeader('Allowed tags', 2);
129 $ret .= $this->start('tr');
130 $ret .= $this->element('td', $this->listifyTagLookup($this->def->info), array('colspan' => 2));
131 $ret .= $this->end('tr');
132 foreach ($this->def->info as $name => $def) {
133 $ret .= $this->start('tr');
134 $ret .= $this->element('th', "<$name>", array('class' => 'heavy', 'colspan' => 2));
135 $ret .= $this->end('tr');
136 $ret .= $this->start('tr');
137 $ret .= $this->element('th', 'Inline content');
138 $ret .= $this->element('td', $def->descendants_are_inline ? 'Yes' : 'No');
139 $ret .= $this->end('tr');
140 if (!empty($def->excludes)) {
141 $ret .= $this->start('tr');
142 $ret .= $this->element('th', 'Excludes');
143 $ret .= $this->element('td', $this->listifyTagLookup($def->excludes));
144 $ret .= $this->end('tr');
145 }
146 if (!empty($def->attr_transform_pre)) {
147 $ret .= $this->start('tr');
148 $ret .= $this->element('th', 'Pre-AttrTransform');
149 $ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_pre));
150 $ret .= $this->end('tr');
151 }
152 if (!empty($def->attr_transform_post)) {
153 $ret .= $this->start('tr');
154 $ret .= $this->element('th', 'Post-AttrTransform');
155 $ret .= $this->element('td', $this->listifyObjectList($def->attr_transform_post));
156 $ret .= $this->end('tr');
157 }
158 if (!empty($def->auto_close)) {
159 $ret .= $this->start('tr');
160 $ret .= $this->element('th', 'Auto closed by');
161 $ret .= $this->element('td', $this->listifyTagLookup($def->auto_close));
162 $ret .= $this->end('tr');
163 }
164 $ret .= $this->start('tr');
165 $ret .= $this->element('th', 'Allowed attributes');
166 $ret .= $this->element('td', $this->listifyAttr($def->attr), array(), 0);
167 $ret .= $this->end('tr');
168
169 if (!empty($def->required_attr)) {
170 $ret .= $this->row('Required attributes', $this->listify($def->required_attr));
171 }
172
173 $ret .= $this->renderChildren($def->child);
174 }
175 $ret .= $this->end('table');
176 return $ret;
177 }
178
179 /**
180 * Renders a row describing the allowed children of an element
181 * @param HTMLPurifier_ChildDef $def HTMLPurifier_ChildDef of pertinent element
182 * @return string
183 */
184 protected function renderChildren($def)
185 {
186 $context = new HTMLPurifier_Context();
187 $ret = '';
188 $ret .= $this->start('tr');
189 $elements = array();
190 $attr = array();
191 if (isset($def->elements)) {
192 if ($def->type == 'strictblockquote') {
193 $def->validateChildren(array(), $this->config, $context);
194 }
195 $elements = $def->elements;
196 }
197 if ($def->type == 'chameleon') {
198 $attr['rowspan'] = 2;
199 } elseif ($def->type == 'empty') {
200 $elements = array();
201 } elseif ($def->type == 'table') {
202 $elements = array_flip(
203 array(
204 'col',
205 'caption',
206 'colgroup',
207 'thead',
208 'tfoot',
209 'tbody',
210 'tr'
211 )
212 );
213 }
214 $ret .= $this->element('th', 'Allowed children', $attr);
215
216 if ($def->type == 'chameleon') {
217
218 $ret .= $this->element(
219 'td',
220 '<em>Block</em>: ' .
221 $this->escape($this->listifyTagLookup($def->block->elements)),
222 null,
223 0
224 );
225 $ret .= $this->end('tr');
226 $ret .= $this->start('tr');
227 $ret .= $this->element(
228 'td',
229 '<em>Inline</em>: ' .
230 $this->escape($this->listifyTagLookup($def->inline->elements)),
231 null,
232 0
233 );
234
235 } elseif ($def->type == 'custom') {
236
237 $ret .= $this->element(
238 'td',
239 '<em>' . ucfirst($def->type) . '</em>: ' .
240 $def->dtd_regex
241 );
242
243 } else {
244 $ret .= $this->element(
245 'td',
246 '<em>' . ucfirst($def->type) . '</em>: ' .
247 $this->escape($this->listifyTagLookup($elements)),
248 null,
249 0
250 );
251 }
252 $ret .= $this->end('tr');
253 return $ret;
254 }
255
256 /**
257 * Listifies a tag lookup table.
258 * @param array $array Tag lookup array in form of array('tagname' => true)
259 * @return string
260 */
261 protected function listifyTagLookup($array)
262 {
263 ksort($array);
264 $list = array();
265 foreach ($array as $name => $discard) {
266 if ($name !== '#PCDATA' && !isset($this->def->info[$name])) {
267 continue;
268 }
269 $list[] = $name;
270 }
271 return $this->listify($list);
272 }
273
274 /**
275 * Listifies a list of objects by retrieving class names and internal state
276 * @param array $array List of objects
277 * @return string
278 * @todo Also add information about internal state
279 */
280 protected function listifyObjectList($array)
281 {
282 ksort($array);
283 $list = array();
284 foreach ($array as $obj) {
285 $list[] = $this->getClass($obj, 'AttrTransform_');
286 }
287 return $this->listify($list);
288 }
289
290 /**
291 * Listifies a hash of attributes to AttrDef classes
292 * @param array $array Array hash in form of array('attrname' => HTMLPurifier_AttrDef)
293 * @return string
294 */
295 protected function listifyAttr($array)
296 {
297 ksort($array);
298 $list = array();
299 foreach ($array as $name => $obj) {
300 if ($obj === false) {
301 continue;
302 }
303 $list[] = "$name&nbsp;=&nbsp;<i>" . $this->getClass($obj, 'AttrDef_') . '</i>';
304 }
305 return $this->listify($list);
306 }
307
308 /**
309 * Creates a heavy header row
310 * @param string $text
311 * @param int $num
312 * @return string
313 */
314 protected function heavyHeader($text, $num = 1)
315 {
316 $ret = '';
317 $ret .= $this->start('tr');
318 $ret .= $this->element('th', $text, array('colspan' => $num, 'class' => 'heavy'));
319 $ret .= $this->end('tr');
320 return $ret;
321 }
322}
323
324// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyList.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyList.php
new file mode 100644
index 00000000..d27fd53e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyList.php
@@ -0,0 +1,122 @@
1<?php
2
3/**
4 * Generic property list implementation
5 */
6class HTMLPurifier_PropertyList
7{
8 /**
9 * Internal data-structure for properties.
10 * @type array
11 */
12 protected $data = array();
13
14 /**
15 * Parent plist.
16 * @type HTMLPurifier_PropertyList
17 */
18 protected $parent;
19
20 /**
21 * Cache.
22 * @type array
23 */
24 protected $cache;
25
26 /**
27 * @param HTMLPurifier_PropertyList $parent Parent plist
28 */
29 public function __construct($parent = null)
30 {
31 $this->parent = $parent;
32 }
33
34 /**
35 * Recursively retrieves the value for a key
36 * @param string $name
37 * @throws HTMLPurifier_Exception
38 */
39 public function get($name)
40 {
41 if ($this->has($name)) {
42 return $this->data[$name];
43 }
44 // possible performance bottleneck, convert to iterative if necessary
45 if ($this->parent) {
46 return $this->parent->get($name);
47 }
48 throw new HTMLPurifier_Exception("Key '$name' not found");
49 }
50
51 /**
52 * Sets the value of a key, for this plist
53 * @param string $name
54 * @param mixed $value
55 */
56 public function set($name, $value)
57 {
58 $this->data[$name] = $value;
59 }
60
61 /**
62 * Returns true if a given key exists
63 * @param string $name
64 * @return bool
65 */
66 public function has($name)
67 {
68 return array_key_exists($name, $this->data);
69 }
70
71 /**
72 * Resets a value to the value of it's parent, usually the default. If
73 * no value is specified, the entire plist is reset.
74 * @param string $name
75 */
76 public function reset($name = null)
77 {
78 if ($name == null) {
79 $this->data = array();
80 } else {
81 unset($this->data[$name]);
82 }
83 }
84
85 /**
86 * Squashes this property list and all of its property lists into a single
87 * array, and returns the array. This value is cached by default.
88 * @param bool $force If true, ignores the cache and regenerates the array.
89 * @return array
90 */
91 public function squash($force = false)
92 {
93 if ($this->cache !== null && !$force) {
94 return $this->cache;
95 }
96 if ($this->parent) {
97 return $this->cache = array_merge($this->parent->squash($force), $this->data);
98 } else {
99 return $this->cache = $this->data;
100 }
101 }
102
103 /**
104 * Returns the parent plist.
105 * @return HTMLPurifier_PropertyList
106 */
107 public function getParent()
108 {
109 return $this->parent;
110 }
111
112 /**
113 * Sets the parent plist.
114 * @param HTMLPurifier_PropertyList $plist Parent plist
115 */
116 public function setParent($plist)
117 {
118 $this->parent = $plist;
119 }
120}
121
122// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyListIterator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyListIterator.php
new file mode 100644
index 00000000..1e707e2a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/PropertyListIterator.php
@@ -0,0 +1,42 @@
1<?php
2
3/**
4 * Property list iterator. Do not instantiate this class directly.
5 */
6class HTMLPurifier_PropertyListIterator extends FilterIterator
7{
8
9 /**
10 * @type int
11 */
12 protected $l;
13 /**
14 * @type string
15 */
16 protected $filter;
17
18 /**
19 * @param Iterator $iterator Array of data to iterate over
20 * @param string $filter Optional prefix to only allow values of
21 */
22 public function __construct(Iterator $iterator, $filter = null)
23 {
24 parent::__construct($iterator);
25 $this->l = strlen($filter);
26 $this->filter = $filter;
27 }
28
29 /**
30 * @return bool
31 */
32 public function accept()
33 {
34 $key = $this->getInnerIterator()->key();
35 if (strncmp($key, $this->filter, $this->l) !== 0) {
36 return false;
37 }
38 return true;
39 }
40}
41
42// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Queue.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Queue.php
new file mode 100644
index 00000000..a75894d4
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Queue.php
@@ -0,0 +1,56 @@
1<?php
2
3/**
4 * A simple array-backed queue, based off of the classic Okasaki
5 * persistent amortized queue. The basic idea is to maintain two
6 * stacks: an input stack and an output stack. When the output
7 * stack runs out, reverse the input stack and use it as the output
8 * stack.
9 *
10 * We don't use the SPL implementation because it's only supported
11 * on PHP 5.3 and later.
12 *
13 * Exercise: Prove that push/pop on this queue take amortized O(1) time.
14 *
15 * Exercise: Extend this queue to be a deque, while preserving amortized
16 * O(1) time. Some care must be taken on rebalancing to avoid quadratic
17 * behaviour caused by repeatedly shuffling data from the input stack
18 * to the output stack and back.
19 */
20class HTMLPurifier_Queue {
21 private $input;
22 private $output;
23
24 public function __construct($input = array()) {
25 $this->input = $input;
26 $this->output = array();
27 }
28
29 /**
30 * Shifts an element off the front of the queue.
31 */
32 public function shift() {
33 if (empty($this->output)) {
34 $this->output = array_reverse($this->input);
35 $this->input = array();
36 }
37 if (empty($this->output)) {
38 return NULL;
39 }
40 return array_pop($this->output);
41 }
42
43 /**
44 * Pushes an element onto the front of the queue.
45 */
46 public function push($x) {
47 array_push($this->input, $x);
48 }
49
50 /**
51 * Checks if it's empty.
52 */
53 public function isEmpty() {
54 return empty($this->input) && empty($this->output);
55 }
56}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy.php
new file mode 100644
index 00000000..291eb83c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy.php
@@ -0,0 +1,26 @@
1<?php
2
3/**
4 * Supertype for classes that define a strategy for modifying/purifying tokens.
5 *
6 * While HTMLPurifier's core purpose is fixing HTML into something proper,
7 * strategies provide plug points for extra configuration or even extra
8 * features, such as custom tags, custom parsing of text, etc.
9 */
10
11
12abstract class HTMLPurifier_Strategy
13{
14
15 /**
16 * Executes the strategy on the tokens.
17 *
18 * @param HTMLPurifier_Token[] $tokens Array of HTMLPurifier_Token objects to be operated on.
19 * @param HTMLPurifier_Config $config
20 * @param HTMLPurifier_Context $context
21 * @return HTMLPurifier_Token[] Processed array of token objects.
22 */
23 abstract public function execute($tokens, $config, $context);
24}
25
26// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Composite.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Composite.php
new file mode 100644
index 00000000..9de812df
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Composite.php
@@ -0,0 +1,30 @@
1<?php
2
3/**
4 * Composite strategy that runs multiple strategies on tokens.
5 */
6abstract class HTMLPurifier_Strategy_Composite extends HTMLPurifier_Strategy
7{
8
9 /**
10 * List of strategies to run tokens through.
11 * @type HTMLPurifier_Strategy[]
12 */
13 protected $strategies = array();
14
15 /**
16 * @param HTMLPurifier_Token[] $tokens
17 * @param HTMLPurifier_Config $config
18 * @param HTMLPurifier_Context $context
19 * @return HTMLPurifier_Token[]
20 */
21 public function execute($tokens, $config, $context)
22 {
23 foreach ($this->strategies as $strategy) {
24 $tokens = $strategy->execute($tokens, $config, $context);
25 }
26 return $tokens;
27 }
28}
29
30// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Core.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Core.php
new file mode 100644
index 00000000..07752152
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/Core.php
@@ -0,0 +1,17 @@
1<?php
2
3/**
4 * Core strategy composed of the big four strategies.
5 */
6class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
7{
8 public function __construct()
9 {
10 $this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
11 $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
12 $this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
13 $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
14 }
15}
16
17// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/FixNesting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/FixNesting.php
new file mode 100644
index 00000000..8b1eb20f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/FixNesting.php
@@ -0,0 +1,181 @@
1<?php
2
3/**
4 * Takes a well formed list of tokens and fixes their nesting.
5 *
6 * HTML elements dictate which elements are allowed to be their children,
7 * for example, you can't have a p tag in a span tag. Other elements have
8 * much more rigorous definitions: tables, for instance, require a specific
9 * order for their elements. There are also constraints not expressible by
10 * document type definitions, such as the chameleon nature of ins/del
11 * tags and global child exclusions.
12 *
13 * The first major objective of this strategy is to iterate through all
14 * the nodes and determine whether or not their children conform to the
15 * element's definition. If they do not, the child definition may
16 * optionally supply an amended list of elements that is valid or
17 * require that the entire node be deleted (and the previous node
18 * rescanned).
19 *
20 * The second objective is to ensure that explicitly excluded elements of
21 * an element do not appear in its children. Code that accomplishes this
22 * task is pervasive through the strategy, though the two are distinct tasks
23 * and could, theoretically, be seperated (although it's not recommended).
24 *
25 * @note Whether or not unrecognized children are silently dropped or
26 * translated into text depends on the child definitions.
27 *
28 * @todo Enable nodes to be bubbled out of the structure. This is
29 * easier with our new algorithm.
30 */
31
32class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
33{
34
35 /**
36 * @param HTMLPurifier_Token[] $tokens
37 * @param HTMLPurifier_Config $config
38 * @param HTMLPurifier_Context $context
39 * @return array|HTMLPurifier_Token[]
40 */
41 public function execute($tokens, $config, $context)
42 {
43
44 //####################################################################//
45 // Pre-processing
46
47 // O(n) pass to convert to a tree, so that we can efficiently
48 // refer to substrings
49 $top_node = HTMLPurifier_Arborize::arborize($tokens, $config, $context);
50
51 // get a copy of the HTML definition
52 $definition = $config->getHTMLDefinition();
53
54 $excludes_enabled = !$config->get('Core.DisableExcludes');
55
56 // setup the context variable 'IsInline', for chameleon processing
57 // is 'false' when we are not inline, 'true' when it must always
58 // be inline, and an integer when it is inline for a certain
59 // branch of the document tree
60 $is_inline = $definition->info_parent_def->descendants_are_inline;
61 $context->register('IsInline', $is_inline);
62
63 // setup error collector
64 $e =& $context->get('ErrorCollector', true);
65
66 //####################################################################//
67 // Loop initialization
68
69 // stack that contains all elements that are excluded
70 // it is organized by parent elements, similar to $stack,
71 // but it is only populated when an element with exclusions is
72 // processed, i.e. there won't be empty exclusions.
73 $exclude_stack = array($definition->info_parent_def->excludes);
74
75 // variable that contains the start token while we are processing
76 // nodes. This enables error reporting to do its job
77 $node = $top_node;
78 // dummy token
79 list($token, $d) = $node->toTokenPair();
80 $context->register('CurrentNode', $node);
81 $context->register('CurrentToken', $token);
82
83 //####################################################################//
84 // Loop
85
86 // We need to implement a post-order traversal iteratively, to
87 // avoid running into stack space limits. This is pretty tricky
88 // to reason about, so we just manually stack-ify the recursive
89 // variant:
90 //
91 // function f($node) {
92 // foreach ($node->children as $child) {
93 // f($child);
94 // }
95 // validate($node);
96 // }
97 //
98 // Thus, we will represent a stack frame as array($node,
99 // $is_inline, stack of children)
100 // e.g. array_reverse($node->children) - already processed
101 // children.
102
103 $parent_def = $definition->info_parent_def;
104 $stack = array(
105 array($top_node,
106 $parent_def->descendants_are_inline,
107 $parent_def->excludes, // exclusions
108 0)
109 );
110
111 while (!empty($stack)) {
112 list($node, $is_inline, $excludes, $ix) = array_pop($stack);
113 // recursive call
114 $go = false;
115 $def = empty($stack) ? $definition->info_parent_def : $definition->info[$node->name];
116 while (isset($node->children[$ix])) {
117 $child = $node->children[$ix++];
118 if ($child instanceof HTMLPurifier_Node_Element) {
119 $go = true;
120 $stack[] = array($node, $is_inline, $excludes, $ix);
121 $stack[] = array($child,
122 // ToDo: I don't think it matters if it's def or
123 // child_def, but double check this...
124 $is_inline || $def->descendants_are_inline,
125 empty($def->excludes) ? $excludes
126 : array_merge($excludes, $def->excludes),
127 0);
128 break;
129 }
130 };
131 if ($go) continue;
132 list($token, $d) = $node->toTokenPair();
133 // base case
134 if ($excludes_enabled && isset($excludes[$node->name])) {
135 $node->dead = true;
136 if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node excluded');
137 } else {
138 // XXX I suppose it would be slightly more efficient to
139 // avoid the allocation here and have children
140 // strategies handle it
141 $children = array();
142 foreach ($node->children as $child) {
143 if (!$child->dead) $children[] = $child;
144 }
145 $result = $def->child->validateChildren($children, $config, $context);
146 if ($result === true) {
147 // nop
148 $node->children = $children;
149 } elseif ($result === false) {
150 $node->dead = true;
151 if ($e) $e->send(E_ERROR, 'Strategy_FixNesting: Node removed');
152 } else {
153 $node->children = $result;
154 if ($e) {
155 // XXX This will miss mutations of internal nodes. Perhaps defer to the child validators
156 if (empty($result) && !empty($children)) {
157 $e->send(E_ERROR, 'Strategy_FixNesting: Node contents removed');
158 } else if ($result != $children) {
159 $e->send(E_WARNING, 'Strategy_FixNesting: Node reorganized');
160 }
161 }
162 }
163 }
164 }
165
166 //####################################################################//
167 // Post-processing
168
169 // remove context variables
170 $context->destroy('IsInline');
171 $context->destroy('CurrentNode');
172 $context->destroy('CurrentToken');
173
174 //####################################################################//
175 // Return
176
177 return HTMLPurifier_Arborize::flatten($node, $config, $context);
178 }
179}
180
181// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/MakeWellFormed.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/MakeWellFormed.php
new file mode 100644
index 00000000..2c792feb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/MakeWellFormed.php
@@ -0,0 +1,600 @@
1<?php
2
3/**
4 * Takes tokens makes them well-formed (balance end tags, etc.)
5 *
6 * Specification of the armor attributes this strategy uses:
7 *
8 * - MakeWellFormed_TagClosedError: This armor field is used to
9 * suppress tag closed errors for certain tokens [TagClosedSuppress],
10 * in particular, if a tag was generated automatically by HTML
11 * Purifier, we may rely on our infrastructure to close it for us
12 * and shouldn't report an error to the user [TagClosedAuto].
13 */
14class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
15{
16
17 /**
18 * Array stream of tokens being processed.
19 * @type HTMLPurifier_Token[]
20 */
21 protected $tokens;
22
23 /**
24 * Current token.
25 * @type HTMLPurifier_Token
26 */
27 protected $token;
28
29 /**
30 * Zipper managing the true state.
31 * @type HTMLPurifier_Zipper
32 */
33 protected $zipper;
34
35 /**
36 * Current nesting of elements.
37 * @type array
38 */
39 protected $stack;
40
41 /**
42 * Injectors active in this stream processing.
43 * @type HTMLPurifier_Injector[]
44 */
45 protected $injectors;
46
47 /**
48 * Current instance of HTMLPurifier_Config.
49 * @type HTMLPurifier_Config
50 */
51 protected $config;
52
53 /**
54 * Current instance of HTMLPurifier_Context.
55 * @type HTMLPurifier_Context
56 */
57 protected $context;
58
59 /**
60 * @param HTMLPurifier_Token[] $tokens
61 * @param HTMLPurifier_Config $config
62 * @param HTMLPurifier_Context $context
63 * @return HTMLPurifier_Token[]
64 * @throws HTMLPurifier_Exception
65 */
66 public function execute($tokens, $config, $context)
67 {
68 $definition = $config->getHTMLDefinition();
69
70 // local variables
71 $generator = new HTMLPurifier_Generator($config, $context);
72 $escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
73 // used for autoclose early abortion
74 $global_parent_allowed_elements = $definition->info_parent_def->child->getAllowedElements($config);
75 $e = $context->get('ErrorCollector', true);
76 $i = false; // injector index
77 list($zipper, $token) = HTMLPurifier_Zipper::fromArray($tokens);
78 if ($token === NULL) {
79 return array();
80 }
81 $reprocess = false; // whether or not to reprocess the same token
82 $stack = array();
83
84 // member variables
85 $this->stack =& $stack;
86 $this->tokens =& $tokens;
87 $this->token =& $token;
88 $this->zipper =& $zipper;
89 $this->config = $config;
90 $this->context = $context;
91
92 // context variables
93 $context->register('CurrentNesting', $stack);
94 $context->register('InputZipper', $zipper);
95 $context->register('CurrentToken', $token);
96
97 // -- begin INJECTOR --
98
99 $this->injectors = array();
100
101 $injectors = $config->getBatch('AutoFormat');
102 $def_injectors = $definition->info_injector;
103 $custom_injectors = $injectors['Custom'];
104 unset($injectors['Custom']); // special case
105 foreach ($injectors as $injector => $b) {
106 // XXX: Fix with a legitimate lookup table of enabled filters
107 if (strpos($injector, '.') !== false) {
108 continue;
109 }
110 $injector = "HTMLPurifier_Injector_$injector";
111 if (!$b) {
112 continue;
113 }
114 $this->injectors[] = new $injector;
115 }
116 foreach ($def_injectors as $injector) {
117 // assumed to be objects
118 $this->injectors[] = $injector;
119 }
120 foreach ($custom_injectors as $injector) {
121 if (!$injector) {
122 continue;
123 }
124 if (is_string($injector)) {
125 $injector = "HTMLPurifier_Injector_$injector";
126 $injector = new $injector;
127 }
128 $this->injectors[] = $injector;
129 }
130
131 // give the injectors references to the definition and context
132 // variables for performance reasons
133 foreach ($this->injectors as $ix => $injector) {
134 $error = $injector->prepare($config, $context);
135 if (!$error) {
136 continue;
137 }
138 array_splice($this->injectors, $ix, 1); // rm the injector
139 trigger_error("Cannot enable {$injector->name} injector because $error is not allowed", E_USER_WARNING);
140 }
141
142 // -- end INJECTOR --
143
144 // a note on reprocessing:
145 // In order to reduce code duplication, whenever some code needs
146 // to make HTML changes in order to make things "correct", the
147 // new HTML gets sent through the purifier, regardless of its
148 // status. This means that if we add a start token, because it
149 // was totally necessary, we don't have to update nesting; we just
150 // punt ($reprocess = true; continue;) and it does that for us.
151
152 // isset is in loop because $tokens size changes during loop exec
153 for (;;
154 // only increment if we don't need to reprocess
155 $reprocess ? $reprocess = false : $token = $zipper->next($token)) {
156
157 // check for a rewind
158 if (is_int($i)) {
159 // possibility: disable rewinding if the current token has a
160 // rewind set on it already. This would offer protection from
161 // infinite loop, but might hinder some advanced rewinding.
162 $rewind_offset = $this->injectors[$i]->getRewindOffset();
163 if (is_int($rewind_offset)) {
164 for ($j = 0; $j < $rewind_offset; $j++) {
165 if (empty($zipper->front)) break;
166 $token = $zipper->prev($token);
167 // indicate that other injectors should not process this token,
168 // but we need to reprocess it
169 unset($token->skip[$i]);
170 $token->rewind = $i;
171 if ($token instanceof HTMLPurifier_Token_Start) {
172 array_pop($this->stack);
173 } elseif ($token instanceof HTMLPurifier_Token_End) {
174 $this->stack[] = $token->start;
175 }
176 }
177 }
178 $i = false;
179 }
180
181 // handle case of document end
182 if ($token === NULL) {
183 // kill processing if stack is empty
184 if (empty($this->stack)) {
185 break;
186 }
187
188 // peek
189 $top_nesting = array_pop($this->stack);
190 $this->stack[] = $top_nesting;
191
192 // send error [TagClosedSuppress]
193 if ($e && !isset($top_nesting->armor['MakeWellFormed_TagClosedError'])) {
194 $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by document end', $top_nesting);
195 }
196
197 // append, don't splice, since this is the end
198 $token = new HTMLPurifier_Token_End($top_nesting->name);
199
200 // punt!
201 $reprocess = true;
202 continue;
203 }
204
205 //echo '<br>'; printZipper($zipper, $token);//printTokens($this->stack);
206 //flush();
207
208 // quick-check: if it's not a tag, no need to process
209 if (empty($token->is_tag)) {
210 if ($token instanceof HTMLPurifier_Token_Text) {
211 foreach ($this->injectors as $i => $injector) {
212 if (isset($token->skip[$i])) {
213 continue;
214 }
215 if ($token->rewind !== null && $token->rewind !== $i) {
216 continue;
217 }
218 // XXX fuckup
219 $r = $token;
220 $injector->handleText($r);
221 $token = $this->processToken($r, $i);
222 $reprocess = true;
223 break;
224 }
225 }
226 // another possibility is a comment
227 continue;
228 }
229
230 if (isset($definition->info[$token->name])) {
231 $type = $definition->info[$token->name]->child->type;
232 } else {
233 $type = false; // Type is unknown, treat accordingly
234 }
235
236 // quick tag checks: anything that's *not* an end tag
237 $ok = false;
238 if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) {
239 // claims to be a start tag but is empty
240 $token = new HTMLPurifier_Token_Empty(
241 $token->name,
242 $token->attr,
243 $token->line,
244 $token->col,
245 $token->armor
246 );
247 $ok = true;
248 } elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) {
249 // claims to be empty but really is a start tag
250 // NB: this assignment is required
251 $old_token = $token;
252 $token = new HTMLPurifier_Token_End($token->name);
253 $token = $this->insertBefore(
254 new HTMLPurifier_Token_Start($old_token->name, $old_token->attr, $old_token->line, $old_token->col, $old_token->armor)
255 );
256 // punt (since we had to modify the input stream in a non-trivial way)
257 $reprocess = true;
258 continue;
259 } elseif ($token instanceof HTMLPurifier_Token_Empty) {
260 // real empty token
261 $ok = true;
262 } elseif ($token instanceof HTMLPurifier_Token_Start) {
263 // start tag
264
265 // ...unless they also have to close their parent
266 if (!empty($this->stack)) {
267
268 // Performance note: you might think that it's rather
269 // inefficient, recalculating the autoclose information
270 // for every tag that a token closes (since when we
271 // do an autoclose, we push a new token into the
272 // stream and then /process/ that, before
273 // re-processing this token.) But this is
274 // necessary, because an injector can make an
275 // arbitrary transformations to the autoclosing
276 // tokens we introduce, so things may have changed
277 // in the meantime. Also, doing the inefficient thing is
278 // "easy" to reason about (for certain perverse definitions
279 // of "easy")
280
281 $parent = array_pop($this->stack);
282 $this->stack[] = $parent;
283
284 $parent_def = null;
285 $parent_elements = null;
286 $autoclose = false;
287 if (isset($definition->info[$parent->name])) {
288 $parent_def = $definition->info[$parent->name];
289 $parent_elements = $parent_def->child->getAllowedElements($config);
290 $autoclose = !isset($parent_elements[$token->name]);
291 }
292
293 if ($autoclose && $definition->info[$token->name]->wrap) {
294 // Check if an element can be wrapped by another
295 // element to make it valid in a context (for
296 // example, <ul><ul> needs a <li> in between)
297 $wrapname = $definition->info[$token->name]->wrap;
298 $wrapdef = $definition->info[$wrapname];
299 $elements = $wrapdef->child->getAllowedElements($config);
300 if (isset($elements[$token->name]) && isset($parent_elements[$wrapname])) {
301 $newtoken = new HTMLPurifier_Token_Start($wrapname);
302 $token = $this->insertBefore($newtoken);
303 $reprocess = true;
304 continue;
305 }
306 }
307
308 $carryover = false;
309 if ($autoclose && $parent_def->formatting) {
310 $carryover = true;
311 }
312
313 if ($autoclose) {
314 // check if this autoclose is doomed to fail
315 // (this rechecks $parent, which his harmless)
316 $autoclose_ok = isset($global_parent_allowed_elements[$token->name]);
317 if (!$autoclose_ok) {
318 foreach ($this->stack as $ancestor) {
319 $elements = $definition->info[$ancestor->name]->child->getAllowedElements($config);
320 if (isset($elements[$token->name])) {
321 $autoclose_ok = true;
322 break;
323 }
324 if ($definition->info[$token->name]->wrap) {
325 $wrapname = $definition->info[$token->name]->wrap;
326 $wrapdef = $definition->info[$wrapname];
327 $wrap_elements = $wrapdef->child->getAllowedElements($config);
328 if (isset($wrap_elements[$token->name]) && isset($elements[$wrapname])) {
329 $autoclose_ok = true;
330 break;
331 }
332 }
333 }
334 }
335 if ($autoclose_ok) {
336 // errors need to be updated
337 $new_token = new HTMLPurifier_Token_End($parent->name);
338 $new_token->start = $parent;
339 // [TagClosedSuppress]
340 if ($e && !isset($parent->armor['MakeWellFormed_TagClosedError'])) {
341 if (!$carryover) {
342 $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag auto closed', $parent);
343 } else {
344 $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag carryover', $parent);
345 }
346 }
347 if ($carryover) {
348 $element = clone $parent;
349 // [TagClosedAuto]
350 $element->armor['MakeWellFormed_TagClosedError'] = true;
351 $element->carryover = true;
352 $token = $this->processToken(array($new_token, $token, $element));
353 } else {
354 $token = $this->insertBefore($new_token);
355 }
356 } else {
357 $token = $this->remove();
358 }
359 $reprocess = true;
360 continue;
361 }
362
363 }
364 $ok = true;
365 }
366
367 if ($ok) {
368 foreach ($this->injectors as $i => $injector) {
369 if (isset($token->skip[$i])) {
370 continue;
371 }
372 if ($token->rewind !== null && $token->rewind !== $i) {
373 continue;
374 }
375 $r = $token;
376 $injector->handleElement($r);
377 $token = $this->processToken($r, $i);
378 $reprocess = true;
379 break;
380 }
381 if (!$reprocess) {
382 // ah, nothing interesting happened; do normal processing
383 if ($token instanceof HTMLPurifier_Token_Start) {
384 $this->stack[] = $token;
385 } elseif ($token instanceof HTMLPurifier_Token_End) {
386 throw new HTMLPurifier_Exception(
387 'Improper handling of end tag in start code; possible error in MakeWellFormed'
388 );
389 }
390 }
391 continue;
392 }
393
394 // sanity check: we should be dealing with a closing tag
395 if (!$token instanceof HTMLPurifier_Token_End) {
396 throw new HTMLPurifier_Exception('Unaccounted for tag token in input stream, bug in HTML Purifier');
397 }
398
399 // make sure that we have something open
400 if (empty($this->stack)) {
401 if ($escape_invalid_tags) {
402 if ($e) {
403 $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag to text');
404 }
405 $token = new HTMLPurifier_Token_Text($generator->generateFromToken($token));
406 } else {
407 if ($e) {
408 $e->send(E_WARNING, 'Strategy_MakeWellFormed: Unnecessary end tag removed');
409 }
410 $token = $this->remove();
411 }
412 $reprocess = true;
413 continue;
414 }
415
416 // first, check for the simplest case: everything closes neatly.
417 // Eventually, everything passes through here; if there are problems
418 // we modify the input stream accordingly and then punt, so that
419 // the tokens get processed again.
420 $current_parent = array_pop($this->stack);
421 if ($current_parent->name == $token->name) {
422 $token->start = $current_parent;
423 foreach ($this->injectors as $i => $injector) {
424 if (isset($token->skip[$i])) {
425 continue;
426 }
427 if ($token->rewind !== null && $token->rewind !== $i) {
428 continue;
429 }
430 $r = $token;
431 $injector->handleEnd($r);
432 $token = $this->processToken($r, $i);
433 $this->stack[] = $current_parent;
434 $reprocess = true;
435 break;
436 }
437 continue;
438 }
439
440 // okay, so we're trying to close the wrong tag
441
442 // undo the pop previous pop
443 $this->stack[] = $current_parent;
444
445 // scroll back the entire nest, trying to find our tag.
446 // (feature could be to specify how far you'd like to go)
447 $size = count($this->stack);
448 // -2 because -1 is the last element, but we already checked that
449 $skipped_tags = false;
450 for ($j = $size - 2; $j >= 0; $j--) {
451 if ($this->stack[$j]->name == $token->name) {
452 $skipped_tags = array_slice($this->stack, $j);
453 break;
454 }
455 }
456
457 // we didn't find the tag, so remove
458 if ($skipped_tags === false) {
459 if ($escape_invalid_tags) {
460 if ($e) {
461 $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag to text');
462 }
463 $token = new HTMLPurifier_Token_Text($generator->generateFromToken($token));
464 } else {
465 if ($e) {
466 $e->send(E_WARNING, 'Strategy_MakeWellFormed: Stray end tag removed');
467 }
468 $token = $this->remove();
469 }
470 $reprocess = true;
471 continue;
472 }
473
474 // do errors, in REVERSE $j order: a,b,c with </a></b></c>
475 $c = count($skipped_tags);
476 if ($e) {
477 for ($j = $c - 1; $j > 0; $j--) {
478 // notice we exclude $j == 0, i.e. the current ending tag, from
479 // the errors... [TagClosedSuppress]
480 if (!isset($skipped_tags[$j]->armor['MakeWellFormed_TagClosedError'])) {
481 $e->send(E_NOTICE, 'Strategy_MakeWellFormed: Tag closed by element end', $skipped_tags[$j]);
482 }
483 }
484 }
485
486 // insert tags, in FORWARD $j order: c,b,a with </a></b></c>
487 $replace = array($token);
488 for ($j = 1; $j < $c; $j++) {
489 // ...as well as from the insertions
490 $new_token = new HTMLPurifier_Token_End($skipped_tags[$j]->name);
491 $new_token->start = $skipped_tags[$j];
492 array_unshift($replace, $new_token);
493 if (isset($definition->info[$new_token->name]) && $definition->info[$new_token->name]->formatting) {
494 // [TagClosedAuto]
495 $element = clone $skipped_tags[$j];
496 $element->carryover = true;
497 $element->armor['MakeWellFormed_TagClosedError'] = true;
498 $replace[] = $element;
499 }
500 }
501 $token = $this->processToken($replace);
502 $reprocess = true;
503 continue;
504 }
505
506 $context->destroy('CurrentToken');
507 $context->destroy('CurrentNesting');
508 $context->destroy('InputZipper');
509
510 unset($this->injectors, $this->stack, $this->tokens);
511 return $zipper->toArray($token);
512 }
513
514 /**
515 * Processes arbitrary token values for complicated substitution patterns.
516 * In general:
517 *
518 * If $token is an array, it is a list of tokens to substitute for the
519 * current token. These tokens then get individually processed. If there
520 * is a leading integer in the list, that integer determines how many
521 * tokens from the stream should be removed.
522 *
523 * If $token is a regular token, it is swapped with the current token.
524 *
525 * If $token is false, the current token is deleted.
526 *
527 * If $token is an integer, that number of tokens (with the first token
528 * being the current one) will be deleted.
529 *
530 * @param HTMLPurifier_Token|array|int|bool $token Token substitution value
531 * @param HTMLPurifier_Injector|int $injector Injector that performed the substitution; default is if
532 * this is not an injector related operation.
533 * @throws HTMLPurifier_Exception
534 */
535 protected function processToken($token, $injector = -1)
536 {
537 // normalize forms of token
538 if (is_object($token)) {
539 $token = array(1, $token);
540 }
541 if (is_int($token)) {
542 $token = array($token);
543 }
544 if ($token === false) {
545 $token = array(1);
546 }
547 if (!is_array($token)) {
548 throw new HTMLPurifier_Exception('Invalid token type from injector');
549 }
550 if (!is_int($token[0])) {
551 array_unshift($token, 1);
552 }
553 if ($token[0] === 0) {
554 throw new HTMLPurifier_Exception('Deleting zero tokens is not valid');
555 }
556
557 // $token is now an array with the following form:
558 // array(number nodes to delete, new node 1, new node 2, ...)
559
560 $delete = array_shift($token);
561 list($old, $r) = $this->zipper->splice($this->token, $delete, $token);
562
563 if ($injector > -1) {
564 // determine appropriate skips
565 $oldskip = isset($old[0]) ? $old[0]->skip : array();
566 foreach ($token as $object) {
567 $object->skip = $oldskip;
568 $object->skip[$injector] = true;
569 }
570 }
571
572 return $r;
573
574 }
575
576 /**
577 * Inserts a token before the current token. Cursor now points to
578 * this token. You must reprocess after this.
579 * @param HTMLPurifier_Token $token
580 */
581 private function insertBefore($token)
582 {
583 // NB not $this->zipper->insertBefore(), due to positioning
584 // differences
585 $splice = $this->zipper->splice($this->token, 0, array($token));
586
587 return $splice[1];
588 }
589
590 /**
591 * Removes current token. Cursor now points to new token occupying previously
592 * occupied space. You must reprocess after this.
593 */
594 private function remove()
595 {
596 return $this->zipper->delete();
597 }
598}
599
600// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php
new file mode 100644
index 00000000..d1adf59f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php
@@ -0,0 +1,207 @@
1<?php
2
3/**
4 * Removes all unrecognized tags from the list of tokens.
5 *
6 * This strategy iterates through all the tokens and removes unrecognized
7 * tokens. If a token is not recognized but a TagTransform is defined for
8 * that element, the element will be transformed accordingly.
9 */
10
11class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
12{
13
14 /**
15 * @param HTMLPurifier_Token[] $tokens
16 * @param HTMLPurifier_Config $config
17 * @param HTMLPurifier_Context $context
18 * @return array|HTMLPurifier_Token[]
19 */
20 public function execute($tokens, $config, $context)
21 {
22 $definition = $config->getHTMLDefinition();
23 $generator = new HTMLPurifier_Generator($config, $context);
24 $result = array();
25
26 $escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
27 $remove_invalid_img = $config->get('Core.RemoveInvalidImg');
28
29 // currently only used to determine if comments should be kept
30 $trusted = $config->get('HTML.Trusted');
31 $comment_lookup = $config->get('HTML.AllowedComments');
32 $comment_regexp = $config->get('HTML.AllowedCommentsRegexp');
33 $check_comments = $comment_lookup !== array() || $comment_regexp !== null;
34
35 $remove_script_contents = $config->get('Core.RemoveScriptContents');
36 $hidden_elements = $config->get('Core.HiddenElements');
37
38 // remove script contents compatibility
39 if ($remove_script_contents === true) {
40 $hidden_elements['script'] = true;
41 } elseif ($remove_script_contents === false && isset($hidden_elements['script'])) {
42 unset($hidden_elements['script']);
43 }
44
45 $attr_validator = new HTMLPurifier_AttrValidator();
46
47 // removes tokens until it reaches a closing tag with its value
48 $remove_until = false;
49
50 // converts comments into text tokens when this is equal to a tag name
51 $textify_comments = false;
52
53 $token = false;
54 $context->register('CurrentToken', $token);
55
56 $e = false;
57 if ($config->get('Core.CollectErrors')) {
58 $e =& $context->get('ErrorCollector');
59 }
60
61 foreach ($tokens as $token) {
62 if ($remove_until) {
63 if (empty($token->is_tag) || $token->name !== $remove_until) {
64 continue;
65 }
66 }
67 if (!empty($token->is_tag)) {
68 // DEFINITION CALL
69
70 // before any processing, try to transform the element
71 if (isset($definition->info_tag_transform[$token->name])) {
72 $original_name = $token->name;
73 // there is a transformation for this tag
74 // DEFINITION CALL
75 $token = $definition->
76 info_tag_transform[$token->name]->transform($token, $config, $context);
77 if ($e) {
78 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
79 }
80 }
81
82 if (isset($definition->info[$token->name])) {
83 // mostly everything's good, but
84 // we need to make sure required attributes are in order
85 if (($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) &&
86 $definition->info[$token->name]->required_attr &&
87 ($token->name != 'img' || $remove_invalid_img) // ensure config option still works
88 ) {
89 $attr_validator->validateToken($token, $config, $context);
90 $ok = true;
91 foreach ($definition->info[$token->name]->required_attr as $name) {
92 if (!isset($token->attr[$name])) {
93 $ok = false;
94 break;
95 }
96 }
97 if (!$ok) {
98 if ($e) {
99 $e->send(
100 E_ERROR,
101 'Strategy_RemoveForeignElements: Missing required attribute',
102 $name
103 );
104 }
105 continue;
106 }
107 $token->armor['ValidateAttributes'] = true;
108 }
109
110 if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) {
111 $textify_comments = $token->name;
112 } elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) {
113 $textify_comments = false;
114 }
115
116 } elseif ($escape_invalid_tags) {
117 // invalid tag, generate HTML representation and insert in
118 if ($e) {
119 $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
120 }
121 $token = new HTMLPurifier_Token_Text(
122 $generator->generateFromToken($token)
123 );
124 } else {
125 // check if we need to destroy all of the tag's children
126 // CAN BE GENERICIZED
127 if (isset($hidden_elements[$token->name])) {
128 if ($token instanceof HTMLPurifier_Token_Start) {
129 $remove_until = $token->name;
130 } elseif ($token instanceof HTMLPurifier_Token_Empty) {
131 // do nothing: we're still looking
132 } else {
133 $remove_until = false;
134 }
135 if ($e) {
136 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
137 }
138 } else {
139 if ($e) {
140 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
141 }
142 }
143 continue;
144 }
145 } elseif ($token instanceof HTMLPurifier_Token_Comment) {
146 // textify comments in script tags when they are allowed
147 if ($textify_comments !== false) {
148 $data = $token->data;
149 $token = new HTMLPurifier_Token_Text($data);
150 } elseif ($trusted || $check_comments) {
151 // always cleanup comments
152 $trailing_hyphen = false;
153 if ($e) {
154 // perform check whether or not there's a trailing hyphen
155 if (substr($token->data, -1) == '-') {
156 $trailing_hyphen = true;
157 }
158 }
159 $token->data = rtrim($token->data, '-');
160 $found_double_hyphen = false;
161 while (strpos($token->data, '--') !== false) {
162 $found_double_hyphen = true;
163 $token->data = str_replace('--', '-', $token->data);
164 }
165 if ($trusted || !empty($comment_lookup[trim($token->data)]) ||
166 ($comment_regexp !== null && preg_match($comment_regexp, trim($token->data)))) {
167 // OK good
168 if ($e) {
169 if ($trailing_hyphen) {
170 $e->send(
171 E_NOTICE,
172 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed'
173 );
174 }
175 if ($found_double_hyphen) {
176 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed');
177 }
178 }
179 } else {
180 if ($e) {
181 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
182 }
183 continue;
184 }
185 } else {
186 // strip comments
187 if ($e) {
188 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
189 }
190 continue;
191 }
192 } elseif ($token instanceof HTMLPurifier_Token_Text) {
193 } else {
194 continue;
195 }
196 $result[] = $token;
197 }
198 if ($remove_until && $e) {
199 // we removed tokens until the end, throw error
200 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
201 }
202 $context->destroy('CurrentToken');
203 return $result;
204 }
205}
206
207// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php
new file mode 100644
index 00000000..428f975f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php
@@ -0,0 +1,45 @@
1<?php
2
3/**
4 * Validate all attributes in the tokens.
5 */
6
7class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
8{
9
10 /**
11 * @param HTMLPurifier_Token[] $tokens
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return HTMLPurifier_Token[]
15 */
16 public function execute($tokens, $config, $context)
17 {
18 // setup validator
19 $validator = new HTMLPurifier_AttrValidator();
20
21 $token = false;
22 $context->register('CurrentToken', $token);
23
24 foreach ($tokens as $key => $token) {
25
26 // only process tokens that have attributes,
27 // namely start and empty tags
28 if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) {
29 continue;
30 }
31
32 // skip tokens that are armored
33 if (!empty($token->armor['ValidateAttributes'])) {
34 continue;
35 }
36
37 // note that we have no facilities here for removing tokens
38 $validator->validateToken($token, $config, $context);
39 }
40 $context->destroy('CurrentToken');
41 return $tokens;
42 }
43}
44
45// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHash.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHash.php
new file mode 100644
index 00000000..8d0740cd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHash.php
@@ -0,0 +1,47 @@
1<?php
2
3/**
4 * This is in almost every respect equivalent to an array except
5 * that it keeps track of which keys were accessed.
6 *
7 * @warning For the sake of backwards compatibility with early versions
8 * of PHP 5, you must not use the $hash[$key] syntax; if you do
9 * our version of offsetGet is never called.
10 */
11class HTMLPurifier_StringHash extends ArrayObject
12{
13 /**
14 * @type array
15 */
16 protected $accessed = array();
17
18 /**
19 * Retrieves a value, and logs the access.
20 * @param mixed $index
21 * @return mixed
22 */
23 public function offsetGet($index)
24 {
25 $this->accessed[$index] = true;
26 return parent::offsetGet($index);
27 }
28
29 /**
30 * Returns a lookup array of all array indexes that have been accessed.
31 * @return array in form array($index => true).
32 */
33 public function getAccessed()
34 {
35 return $this->accessed;
36 }
37
38 /**
39 * Resets the access array.
40 */
41 public function resetAccessed()
42 {
43 $this->accessed = array();
44 }
45}
46
47// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHashParser.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHashParser.php
new file mode 100644
index 00000000..05abd837
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/StringHashParser.php
@@ -0,0 +1,136 @@
1<?php
2
3/**
4 * Parses string hash files. File format is as such:
5 *
6 * DefaultKeyValue
7 * KEY: Value
8 * KEY2: Value2
9 * --MULTILINE-KEY--
10 * Multiline
11 * value.
12 *
13 * Which would output something similar to:
14 *
15 * array(
16 * 'ID' => 'DefaultKeyValue',
17 * 'KEY' => 'Value',
18 * 'KEY2' => 'Value2',
19 * 'MULTILINE-KEY' => "Multiline\nvalue.\n",
20 * )
21 *
22 * We use this as an easy to use file-format for configuration schema
23 * files, but the class itself is usage agnostic.
24 *
25 * You can use ---- to forcibly terminate parsing of a single string-hash;
26 * this marker is used in multi string-hashes to delimit boundaries.
27 */
28class HTMLPurifier_StringHashParser
29{
30
31 /**
32 * @type string
33 */
34 public $default = 'ID';
35
36 /**
37 * Parses a file that contains a single string-hash.
38 * @param string $file
39 * @return array
40 */
41 public function parseFile($file)
42 {
43 if (!file_exists($file)) {
44 return false;
45 }
46 $fh = fopen($file, 'r');
47 if (!$fh) {
48 return false;
49 }
50 $ret = $this->parseHandle($fh);
51 fclose($fh);
52 return $ret;
53 }
54
55 /**
56 * Parses a file that contains multiple string-hashes delimited by '----'
57 * @param string $file
58 * @return array
59 */
60 public function parseMultiFile($file)
61 {
62 if (!file_exists($file)) {
63 return false;
64 }
65 $ret = array();
66 $fh = fopen($file, 'r');
67 if (!$fh) {
68 return false;
69 }
70 while (!feof($fh)) {
71 $ret[] = $this->parseHandle($fh);
72 }
73 fclose($fh);
74 return $ret;
75 }
76
77 /**
78 * Internal parser that acepts a file handle.
79 * @note While it's possible to simulate in-memory parsing by using
80 * custom stream wrappers, if such a use-case arises we should
81 * factor out the file handle into its own class.
82 * @param resource $fh File handle with pointer at start of valid string-hash
83 * block.
84 * @return array
85 */
86 protected function parseHandle($fh)
87 {
88 $state = false;
89 $single = false;
90 $ret = array();
91 do {
92 $line = fgets($fh);
93 if ($line === false) {
94 break;
95 }
96 $line = rtrim($line, "\n\r");
97 if (!$state && $line === '') {
98 continue;
99 }
100 if ($line === '----') {
101 break;
102 }
103 if (strncmp('--#', $line, 3) === 0) {
104 // Comment
105 continue;
106 } elseif (strncmp('--', $line, 2) === 0) {
107 // Multiline declaration
108 $state = trim($line, '- ');
109 if (!isset($ret[$state])) {
110 $ret[$state] = '';
111 }
112 continue;
113 } elseif (!$state) {
114 $single = true;
115 if (strpos($line, ':') !== false) {
116 // Single-line declaration
117 list($state, $line) = explode(':', $line, 2);
118 $line = trim($line);
119 } else {
120 // Use default declaration
121 $state = $this->default;
122 }
123 }
124 if ($single) {
125 $ret[$state] = $line;
126 $single = false;
127 $state = false;
128 } else {
129 $ret[$state] .= "$line\n";
130 }
131 } while (!feof($fh));
132 return $ret;
133 }
134}
135
136// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform.php
new file mode 100644
index 00000000..0f481bfd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform.php
@@ -0,0 +1,37 @@
1<?php
2
3/**
4 * Defines a mutation of an obsolete tag into a valid tag.
5 */
6abstract class HTMLPurifier_TagTransform
7{
8
9 /**
10 * Tag name to transform the tag to.
11 * @type string
12 */
13 public $transform_to;
14
15 /**
16 * Transforms the obsolete tag into the valid tag.
17 * @param HTMLPurifier_Token_Tag $tag Tag to be transformed.
18 * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object
19 * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object
20 */
21 abstract public function transform($tag, $config, $context);
22
23 /**
24 * Prepends CSS properties to the style attribute, creating the
25 * attribute if it doesn't exist.
26 * @warning Copied over from AttrTransform, be sure to keep in sync
27 * @param array $attr Attribute array to process (passed by reference)
28 * @param string $css CSS to prepend
29 */
30 protected function prependCSS(&$attr, $css)
31 {
32 $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
33 $attr['style'] = $css . $attr['style'];
34 }
35}
36
37// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Font.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Font.php
new file mode 100644
index 00000000..2a186515
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Font.php
@@ -0,0 +1,114 @@
1<?php
2
3/**
4 * Transforms FONT tags to the proper form (SPAN with CSS styling)
5 *
6 * This transformation takes the three proprietary attributes of FONT and
7 * transforms them into their corresponding CSS attributes. These are color,
8 * face, and size.
9 *
10 * @note Size is an interesting case because it doesn't map cleanly to CSS.
11 * Thanks to
12 * http://style.cleverchimp.com/font_size_intervals/altintervals.html
13 * for reasonable mappings.
14 * @warning This doesn't work completely correctly; specifically, this
15 * TagTransform operates before well-formedness is enforced, so
16 * the "active formatting elements" algorithm doesn't get applied.
17 */
18class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform
19{
20 /**
21 * @type string
22 */
23 public $transform_to = 'span';
24
25 /**
26 * @type array
27 */
28 protected $_size_lookup = array(
29 '0' => 'xx-small',
30 '1' => 'xx-small',
31 '2' => 'small',
32 '3' => 'medium',
33 '4' => 'large',
34 '5' => 'x-large',
35 '6' => 'xx-large',
36 '7' => '300%',
37 '-1' => 'smaller',
38 '-2' => '60%',
39 '+1' => 'larger',
40 '+2' => '150%',
41 '+3' => '200%',
42 '+4' => '300%'
43 );
44
45 /**
46 * @param HTMLPurifier_Token_Tag $tag
47 * @param HTMLPurifier_Config $config
48 * @param HTMLPurifier_Context $context
49 * @return HTMLPurifier_Token_End|string
50 */
51 public function transform($tag, $config, $context)
52 {
53 if ($tag instanceof HTMLPurifier_Token_End) {
54 $new_tag = clone $tag;
55 $new_tag->name = $this->transform_to;
56 return $new_tag;
57 }
58
59 $attr = $tag->attr;
60 $prepend_style = '';
61
62 // handle color transform
63 if (isset($attr['color'])) {
64 $prepend_style .= 'color:' . $attr['color'] . ';';
65 unset($attr['color']);
66 }
67
68 // handle face transform
69 if (isset($attr['face'])) {
70 $prepend_style .= 'font-family:' . $attr['face'] . ';';
71 unset($attr['face']);
72 }
73
74 // handle size transform
75 if (isset($attr['size'])) {
76 // normalize large numbers
77 if ($attr['size'] !== '') {
78 if ($attr['size']{0} == '+' || $attr['size']{0} == '-') {
79 $size = (int)$attr['size'];
80 if ($size < -2) {
81 $attr['size'] = '-2';
82 }
83 if ($size > 4) {
84 $attr['size'] = '+4';
85 }
86 } else {
87 $size = (int)$attr['size'];
88 if ($size > 7) {
89 $attr['size'] = '7';
90 }
91 }
92 }
93 if (isset($this->_size_lookup[$attr['size']])) {
94 $prepend_style .= 'font-size:' .
95 $this->_size_lookup[$attr['size']] . ';';
96 }
97 unset($attr['size']);
98 }
99
100 if ($prepend_style) {
101 $attr['style'] = isset($attr['style']) ?
102 $prepend_style . $attr['style'] :
103 $prepend_style;
104 }
105
106 $new_tag = clone $tag;
107 $new_tag->name = $this->transform_to;
108 $new_tag->attr = $attr;
109
110 return $new_tag;
111 }
112}
113
114// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Simple.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Simple.php
new file mode 100644
index 00000000..d21b634e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/TagTransform/Simple.php
@@ -0,0 +1,44 @@
1<?php
2
3/**
4 * Simple transformation, just change tag name to something else,
5 * and possibly add some styling. This will cover most of the deprecated
6 * tag cases.
7 */
8class HTMLPurifier_TagTransform_Simple extends HTMLPurifier_TagTransform
9{
10 /**
11 * @type string
12 */
13 protected $style;
14
15 /**
16 * @param string $transform_to Tag name to transform to.
17 * @param string $style CSS style to add to the tag
18 */
19 public function __construct($transform_to, $style = null)
20 {
21 $this->transform_to = $transform_to;
22 $this->style = $style;
23 }
24
25 /**
26 * @param HTMLPurifier_Token_Tag $tag
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return string
30 */
31 public function transform($tag, $config, $context)
32 {
33 $new_tag = clone $tag;
34 $new_tag->name = $this->transform_to;
35 if (!is_null($this->style) &&
36 ($new_tag instanceof HTMLPurifier_Token_Start || $new_tag instanceof HTMLPurifier_Token_Empty)
37 ) {
38 $this->prependCSS($new_tag->attr, $this->style);
39 }
40 return $new_tag;
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token.php
new file mode 100644
index 00000000..9bc19c6b
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token.php
@@ -0,0 +1,100 @@
1<?php
2
3/**
4 * Abstract base token class that all others inherit from.
5 */
6abstract class HTMLPurifier_Token
7{
8 /**
9 * Line number node was on in source document. Null if unknown.
10 * @type int
11 */
12 public $line;
13
14 /**
15 * Column of line node was on in source document. Null if unknown.
16 * @type int
17 */
18 public $col;
19
20 /**
21 * Lookup array of processing that this token is exempt from.
22 * Currently, valid values are "ValidateAttributes" and
23 * "MakeWellFormed_TagClosedError"
24 * @type array
25 */
26 public $armor = array();
27
28 /**
29 * Used during MakeWellFormed.
30 * @type
31 */
32 public $skip;
33
34 /**
35 * @type
36 */
37 public $rewind;
38
39 /**
40 * @type
41 */
42 public $carryover;
43
44 /**
45 * @param string $n
46 * @return null|string
47 */
48 public function __get($n)
49 {
50 if ($n === 'type') {
51 trigger_error('Deprecated type property called; use instanceof', E_USER_NOTICE);
52 switch (get_class($this)) {
53 case 'HTMLPurifier_Token_Start':
54 return 'start';
55 case 'HTMLPurifier_Token_Empty':
56 return 'empty';
57 case 'HTMLPurifier_Token_End':
58 return 'end';
59 case 'HTMLPurifier_Token_Text':
60 return 'text';
61 case 'HTMLPurifier_Token_Comment':
62 return 'comment';
63 default:
64 return null;
65 }
66 }
67 }
68
69 /**
70 * Sets the position of the token in the source document.
71 * @param int $l
72 * @param int $c
73 */
74 public function position($l = null, $c = null)
75 {
76 $this->line = $l;
77 $this->col = $c;
78 }
79
80 /**
81 * Convenience function for DirectLex settings line/col position.
82 * @param int $l
83 * @param int $c
84 */
85 public function rawPosition($l, $c)
86 {
87 if ($c === -1) {
88 $l++;
89 }
90 $this->line = $l;
91 $this->col = $c;
92 }
93
94 /**
95 * Converts a token into its corresponding node.
96 */
97 abstract public function toNode();
98}
99
100// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Comment.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Comment.php
new file mode 100644
index 00000000..3fd273b1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Comment.php
@@ -0,0 +1,38 @@
1<?php
2
3/**
4 * Concrete comment token class. Generally will be ignored.
5 */
6class HTMLPurifier_Token_Comment extends HTMLPurifier_Token
7{
8 /**
9 * Character data within comment.
10 * @type string
11 */
12 public $data;
13
14 /**
15 * @type bool
16 */
17 public $is_whitespace = true;
18
19 /**
20 * Transparent constructor.
21 *
22 * @param string $data String comment data.
23 * @param int $line
24 * @param int $col
25 */
26 public function __construct($data, $line = null, $col = null)
27 {
28 $this->data = $data;
29 $this->line = $line;
30 $this->col = $col;
31 }
32
33 public function toNode() {
34 return new HTMLPurifier_Node_Comment($this->data, $this->line, $this->col);
35 }
36}
37
38// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Empty.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Empty.php
new file mode 100644
index 00000000..bd35024a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Empty.php
@@ -0,0 +1,15 @@
1<?php
2
3/**
4 * Concrete empty token class.
5 */
6class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag
7{
8 public function toNode() {
9 $n = parent::toNode();
10 $n->empty = true;
11 return $n;
12 }
13}
14
15// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/End.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/End.php
new file mode 100644
index 00000000..99c34e75
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/End.php
@@ -0,0 +1,24 @@
1<?php
2
3/**
4 * Concrete end token class.
5 *
6 * @warning This class accepts attributes even though end tags cannot. This
7 * is for optimization reasons, as under normal circumstances, the Lexers
8 * do not pass attributes.
9 */
10class HTMLPurifier_Token_End extends HTMLPurifier_Token_Tag
11{
12 /**
13 * Token that started this node.
14 * Added by MakeWellFormed. Please do not edit this!
15 * @type HTMLPurifier_Token
16 */
17 public $start;
18
19 public function toNode() {
20 throw new Exception("HTMLPurifier_Token_End->toNode not supported!");
21 }
22}
23
24// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Start.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Start.php
new file mode 100644
index 00000000..574745b6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Start.php
@@ -0,0 +1,10 @@
1<?php
2
3/**
4 * Concrete start token class.
5 */
6class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag
7{
8}
9
10// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Tag.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Tag.php
new file mode 100644
index 00000000..284e32ee
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Tag.php
@@ -0,0 +1,68 @@
1<?php
2
3/**
4 * Abstract class of a tag token (start, end or empty), and its behavior.
5 */
6abstract class HTMLPurifier_Token_Tag extends HTMLPurifier_Token
7{
8 /**
9 * Static bool marker that indicates the class is a tag.
10 *
11 * This allows us to check objects with <tt>!empty($obj->is_tag)</tt>
12 * without having to use a function call <tt>is_a()</tt>.
13 * @type bool
14 */
15 public $is_tag = true;
16
17 /**
18 * The lower-case name of the tag, like 'a', 'b' or 'blockquote'.
19 *
20 * @note Strictly speaking, XML tags are case sensitive, so we shouldn't
21 * be lower-casing them, but these tokens cater to HTML tags, which are
22 * insensitive.
23 * @type string
24 */
25 public $name;
26
27 /**
28 * Associative array of the tag's attributes.
29 * @type array
30 */
31 public $attr = array();
32
33 /**
34 * Non-overloaded constructor, which lower-cases passed tag name.
35 *
36 * @param string $name String name.
37 * @param array $attr Associative array of attributes.
38 * @param int $line
39 * @param int $col
40 * @param array $armor
41 */
42 public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array())
43 {
44 $this->name = ctype_lower($name) ? $name : strtolower($name);
45 foreach ($attr as $key => $value) {
46 // normalization only necessary when key is not lowercase
47 if (!ctype_lower($key)) {
48 $new_key = strtolower($key);
49 if (!isset($attr[$new_key])) {
50 $attr[$new_key] = $attr[$key];
51 }
52 if ($new_key !== $key) {
53 unset($attr[$key]);
54 }
55 }
56 }
57 $this->attr = $attr;
58 $this->line = $line;
59 $this->col = $col;
60 $this->armor = $armor;
61 }
62
63 public function toNode() {
64 return new HTMLPurifier_Node_Element($this->name, $this->attr, $this->line, $this->col, $this->armor);
65 }
66}
67
68// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Text.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Text.php
new file mode 100644
index 00000000..ff45125a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Token/Text.php
@@ -0,0 +1,53 @@
1<?php
2
3/**
4 * Concrete text token class.
5 *
6 * Text tokens comprise of regular parsed character data (PCDATA) and raw
7 * character data (from the CDATA sections). Internally, their
8 * data is parsed with all entities expanded. Surprisingly, the text token
9 * does have a "tag name" called #PCDATA, which is how the DTD represents it
10 * in permissible child nodes.
11 */
12class HTMLPurifier_Token_Text extends HTMLPurifier_Token
13{
14
15 /**
16 * @type string
17 */
18 public $name = '#PCDATA';
19 /**< PCDATA tag name compatible with DTD. */
20
21 /**
22 * @type string
23 */
24 public $data;
25 /**< Parsed character data of text. */
26
27 /**
28 * @type bool
29 */
30 public $is_whitespace;
31
32 /**< Bool indicating if node is whitespace. */
33
34 /**
35 * Constructor, accepts data and determines if it is whitespace.
36 * @param string $data String parsed character data.
37 * @param int $line
38 * @param int $col
39 */
40 public function __construct($data, $line = null, $col = null)
41 {
42 $this->data = $data;
43 $this->is_whitespace = ctype_space($data);
44 $this->line = $line;
45 $this->col = $col;
46 }
47
48 public function toNode() {
49 return new HTMLPurifier_Node_Text($this->data, $this->is_whitespace, $this->line, $this->col);
50 }
51}
52
53// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/TokenFactory.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/TokenFactory.php
new file mode 100644
index 00000000..e016b80e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/TokenFactory.php
@@ -0,0 +1,118 @@
1<?php
2
3/**
4 * Factory for token generation.
5 *
6 * @note Doing some benchmarking indicates that the new operator is much
7 * slower than the clone operator (even discounting the cost of the
8 * constructor). This class is for that optimization.
9 * Other then that, there's not much point as we don't
10 * maintain parallel HTMLPurifier_Token hierarchies (the main reason why
11 * you'd want to use an abstract factory).
12 * @todo Port DirectLex to use this
13 */
14class HTMLPurifier_TokenFactory
15{
16 // p stands for prototype
17
18 /**
19 * @type HTMLPurifier_Token_Start
20 */
21 private $p_start;
22
23 /**
24 * @type HTMLPurifier_Token_End
25 */
26 private $p_end;
27
28 /**
29 * @type HTMLPurifier_Token_Empty
30 */
31 private $p_empty;
32
33 /**
34 * @type HTMLPurifier_Token_Text
35 */
36 private $p_text;
37
38 /**
39 * @type HTMLPurifier_Token_Comment
40 */
41 private $p_comment;
42
43 /**
44 * Generates blank prototypes for cloning.
45 */
46 public function __construct()
47 {
48 $this->p_start = new HTMLPurifier_Token_Start('', array());
49 $this->p_end = new HTMLPurifier_Token_End('');
50 $this->p_empty = new HTMLPurifier_Token_Empty('', array());
51 $this->p_text = new HTMLPurifier_Token_Text('');
52 $this->p_comment = new HTMLPurifier_Token_Comment('');
53 }
54
55 /**
56 * Creates a HTMLPurifier_Token_Start.
57 * @param string $name Tag name
58 * @param array $attr Associative array of attributes
59 * @return HTMLPurifier_Token_Start Generated HTMLPurifier_Token_Start
60 */
61 public function createStart($name, $attr = array())
62 {
63 $p = clone $this->p_start;
64 $p->__construct($name, $attr);
65 return $p;
66 }
67
68 /**
69 * Creates a HTMLPurifier_Token_End.
70 * @param string $name Tag name
71 * @return HTMLPurifier_Token_End Generated HTMLPurifier_Token_End
72 */
73 public function createEnd($name)
74 {
75 $p = clone $this->p_end;
76 $p->__construct($name);
77 return $p;
78 }
79
80 /**
81 * Creates a HTMLPurifier_Token_Empty.
82 * @param string $name Tag name
83 * @param array $attr Associative array of attributes
84 * @return HTMLPurifier_Token_Empty Generated HTMLPurifier_Token_Empty
85 */
86 public function createEmpty($name, $attr = array())
87 {
88 $p = clone $this->p_empty;
89 $p->__construct($name, $attr);
90 return $p;
91 }
92
93 /**
94 * Creates a HTMLPurifier_Token_Text.
95 * @param string $data Data of text token
96 * @return HTMLPurifier_Token_Text Generated HTMLPurifier_Token_Text
97 */
98 public function createText($data)
99 {
100 $p = clone $this->p_text;
101 $p->__construct($data);
102 return $p;
103 }
104
105 /**
106 * Creates a HTMLPurifier_Token_Comment.
107 * @param string $data Data of comment token
108 * @return HTMLPurifier_Token_Comment Generated HTMLPurifier_Token_Comment
109 */
110 public function createComment($data)
111 {
112 $p = clone $this->p_comment;
113 $p->__construct($data);
114 return $p;
115 }
116}
117
118// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php
new file mode 100644
index 00000000..c4256b95
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php
@@ -0,0 +1,314 @@
1<?php
2
3/**
4 * HTML Purifier's internal representation of a URI.
5 * @note
6 * Internal data-structures are completely escaped. If the data needs
7 * to be used in a non-URI context (which is very unlikely), be sure
8 * to decode it first. The URI may not necessarily be well-formed until
9 * validate() is called.
10 */
11class HTMLPurifier_URI
12{
13 /**
14 * @type string
15 */
16 public $scheme;
17
18 /**
19 * @type string
20 */
21 public $userinfo;
22
23 /**
24 * @type string
25 */
26 public $host;
27
28 /**
29 * @type int
30 */
31 public $port;
32
33 /**
34 * @type string
35 */
36 public $path;
37
38 /**
39 * @type string
40 */
41 public $query;
42
43 /**
44 * @type string
45 */
46 public $fragment;
47
48 /**
49 * @param string $scheme
50 * @param string $userinfo
51 * @param string $host
52 * @param int $port
53 * @param string $path
54 * @param string $query
55 * @param string $fragment
56 * @note Automatically normalizes scheme and port
57 */
58 public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
59 {
60 $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
61 $this->userinfo = $userinfo;
62 $this->host = $host;
63 $this->port = is_null($port) ? $port : (int)$port;
64 $this->path = $path;
65 $this->query = $query;
66 $this->fragment = $fragment;
67 }
68
69 /**
70 * Retrieves a scheme object corresponding to the URI's scheme/default
71 * @param HTMLPurifier_Config $config
72 * @param HTMLPurifier_Context $context
73 * @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
74 */
75 public function getSchemeObj($config, $context)
76 {
77 $registry = HTMLPurifier_URISchemeRegistry::instance();
78 if ($this->scheme !== null) {
79 $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80 if (!$scheme_obj) {
81 return false;
82 } // invalid scheme, clean it out
83 } else {
84 // no scheme: retrieve the default one
85 $def = $config->getDefinition('URI');
86 $scheme_obj = $def->getDefaultScheme($config, $context);
87 if (!$scheme_obj) {
88 // something funky happened to the default scheme object
89 trigger_error(
90 'Default scheme object "' . $def->defaultScheme . '" was not readable',
91 E_USER_WARNING
92 );
93 return false;
94 }
95 }
96 return $scheme_obj;
97 }
98
99 /**
100 * Generic validation method applicable for all schemes. May modify
101 * this URI in order to get it into a compliant form.
102 * @param HTMLPurifier_Config $config
103 * @param HTMLPurifier_Context $context
104 * @return bool True if validation/filtering succeeds, false if failure
105 */
106 public function validate($config, $context)
107 {
108 // ABNF definitions from RFC 3986
109 $chars_sub_delims = '!$&\'()*+,;=';
110 $chars_gen_delims = ':/?#[]@';
111 $chars_pchar = $chars_sub_delims . ':@';
112
113 // validate host
114 if (!is_null($this->host)) {
115 $host_def = new HTMLPurifier_AttrDef_URI_Host();
116 $this->host = $host_def->validate($this->host, $config, $context);
117 if ($this->host === false) {
118 $this->host = null;
119 }
120 }
121
122 // validate scheme
123 // NOTE: It's not appropriate to check whether or not this
124 // scheme is in our registry, since a URIFilter may convert a
125 // URI that we don't allow into one we do. So instead, we just
126 // check if the scheme can be dropped because there is no host
127 // and it is our default scheme.
128 if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
129 // support for relative paths is pretty abysmal when the
130 // scheme is present, so axe it when possible
131 $def = $config->getDefinition('URI');
132 if ($def->defaultScheme === $this->scheme) {
133 $this->scheme = null;
134 }
135 }
136
137 // validate username
138 if (!is_null($this->userinfo)) {
139 $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
140 $this->userinfo = $encoder->encode($this->userinfo);
141 }
142
143 // validate port
144 if (!is_null($this->port)) {
145 if ($this->port < 1 || $this->port > 65535) {
146 $this->port = null;
147 }
148 }
149
150 // validate path
151 $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
152 if (!is_null($this->host)) { // this catches $this->host === ''
153 // path-abempty (hier and relative)
154 // http://www.example.com/my/path
155 // //www.example.com/my/path (looks odd, but works, and
156 // recognized by most browsers)
157 // (this set is valid or invalid on a scheme by scheme
158 // basis, so we'll deal with it later)
159 // file:///my/path
160 // ///my/path
161 $this->path = $segments_encoder->encode($this->path);
162 } elseif ($this->path !== '') {
163 if ($this->path[0] === '/') {
164 // path-absolute (hier and relative)
165 // http:/my/path
166 // /my/path
167 if (strlen($this->path) >= 2 && $this->path[1] === '/') {
168 // This could happen if both the host gets stripped
169 // out
170 // http://my/path
171 // //my/path
172 $this->path = '';
173 } else {
174 $this->path = $segments_encoder->encode($this->path);
175 }
176 } elseif (!is_null($this->scheme)) {
177 // path-rootless (hier)
178 // http:my/path
179 // Short circuit evaluation means we don't need to check nz
180 $this->path = $segments_encoder->encode($this->path);
181 } else {
182 // path-noscheme (relative)
183 // my/path
184 // (once again, not checking nz)
185 $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
186 $c = strpos($this->path, '/');
187 if ($c !== false) {
188 $this->path =
189 $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
190 $segments_encoder->encode(substr($this->path, $c));
191 } else {
192 $this->path = $segment_nc_encoder->encode($this->path);
193 }
194 }
195 } else {
196 // path-empty (hier and relative)
197 $this->path = ''; // just to be safe
198 }
199
200 // qf = query and fragment
201 $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
202
203 if (!is_null($this->query)) {
204 $this->query = $qf_encoder->encode($this->query);
205 }
206
207 if (!is_null($this->fragment)) {
208 $this->fragment = $qf_encoder->encode($this->fragment);
209 }
210 return true;
211 }
212
213 /**
214 * Convert URI back to string
215 * @return string URI appropriate for output
216 */
217 public function toString()
218 {
219 // reconstruct authority
220 $authority = null;
221 // there is a rendering difference between a null authority
222 // (http:foo-bar) and an empty string authority
223 // (http:///foo-bar).
224 if (!is_null($this->host)) {
225 $authority = '';
226 if (!is_null($this->userinfo)) {
227 $authority .= $this->userinfo . '@';
228 }
229 $authority .= $this->host;
230 if (!is_null($this->port)) {
231 $authority .= ':' . $this->port;
232 }
233 }
234
235 // Reconstruct the result
236 // One might wonder about parsing quirks from browsers after
237 // this reconstruction. Unfortunately, parsing behavior depends
238 // on what *scheme* was employed (file:///foo is handled *very*
239 // differently than http:///foo), so unfortunately we have to
240 // defer to the schemes to do the right thing.
241 $result = '';
242 if (!is_null($this->scheme)) {
243 $result .= $this->scheme . ':';
244 }
245 if (!is_null($authority)) {
246 $result .= '//' . $authority;
247 }
248 $result .= $this->path;
249 if (!is_null($this->query)) {
250 $result .= '?' . $this->query;
251 }
252 if (!is_null($this->fragment)) {
253 $result .= '#' . $this->fragment;
254 }
255
256 return $result;
257 }
258
259 /**
260 * Returns true if this URL might be considered a 'local' URL given
261 * the current context. This is true when the host is null, or
262 * when it matches the host supplied to the configuration.
263 *
264 * Note that this does not do any scheme checking, so it is mostly
265 * only appropriate for metadata that doesn't care about protocol
266 * security. isBenign is probably what you actually want.
267 * @param HTMLPurifier_Config $config
268 * @param HTMLPurifier_Context $context
269 * @return bool
270 */
271 public function isLocal($config, $context)
272 {
273 if ($this->host === null) {
274 return true;
275 }
276 $uri_def = $config->getDefinition('URI');
277 if ($uri_def->host === $this->host) {
278 return true;
279 }
280 return false;
281 }
282
283 /**
284 * Returns true if this URL should be considered a 'benign' URL,
285 * that is:
286 *
287 * - It is a local URL (isLocal), and
288 * - It has a equal or better level of security
289 * @param HTMLPurifier_Config $config
290 * @param HTMLPurifier_Context $context
291 * @return bool
292 */
293 public function isBenign($config, $context)
294 {
295 if (!$this->isLocal($config, $context)) {
296 return false;
297 }
298
299 $scheme_obj = $this->getSchemeObj($config, $context);
300 if (!$scheme_obj) {
301 return false;
302 } // conservative approach
303
304 $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
305 if ($current_scheme_obj->secure) {
306 if (!$scheme_obj->secure) {
307 return false;
308 }
309 }
310 return true;
311 }
312}
313
314// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIDefinition.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIDefinition.php
new file mode 100644
index 00000000..dbc2a752
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIDefinition.php
@@ -0,0 +1,112 @@
1<?php
2
3class HTMLPurifier_URIDefinition extends HTMLPurifier_Definition
4{
5
6 public $type = 'URI';
7 protected $filters = array();
8 protected $postFilters = array();
9 protected $registeredFilters = array();
10
11 /**
12 * HTMLPurifier_URI object of the base specified at %URI.Base
13 */
14 public $base;
15
16 /**
17 * String host to consider "home" base, derived off of $base
18 */
19 public $host;
20
21 /**
22 * Name of default scheme based on %URI.DefaultScheme and %URI.Base
23 */
24 public $defaultScheme;
25
26 public function __construct()
27 {
28 $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternal());
29 $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternalResources());
30 $this->registerFilter(new HTMLPurifier_URIFilter_DisableResources());
31 $this->registerFilter(new HTMLPurifier_URIFilter_HostBlacklist());
32 $this->registerFilter(new HTMLPurifier_URIFilter_SafeIframe());
33 $this->registerFilter(new HTMLPurifier_URIFilter_MakeAbsolute());
34 $this->registerFilter(new HTMLPurifier_URIFilter_Munge());
35 }
36
37 public function registerFilter($filter)
38 {
39 $this->registeredFilters[$filter->name] = $filter;
40 }
41
42 public function addFilter($filter, $config)
43 {
44 $r = $filter->prepare($config);
45 if ($r === false) return; // null is ok, for backwards compat
46 if ($filter->post) {
47 $this->postFilters[$filter->name] = $filter;
48 } else {
49 $this->filters[$filter->name] = $filter;
50 }
51 }
52
53 protected function doSetup($config)
54 {
55 $this->setupMemberVariables($config);
56 $this->setupFilters($config);
57 }
58
59 protected function setupFilters($config)
60 {
61 foreach ($this->registeredFilters as $name => $filter) {
62 if ($filter->always_load) {
63 $this->addFilter($filter, $config);
64 } else {
65 $conf = $config->get('URI.' . $name);
66 if ($conf !== false && $conf !== null) {
67 $this->addFilter($filter, $config);
68 }
69 }
70 }
71 unset($this->registeredFilters);
72 }
73
74 protected function setupMemberVariables($config)
75 {
76 $this->host = $config->get('URI.Host');
77 $base_uri = $config->get('URI.Base');
78 if (!is_null($base_uri)) {
79 $parser = new HTMLPurifier_URIParser();
80 $this->base = $parser->parse($base_uri);
81 $this->defaultScheme = $this->base->scheme;
82 if (is_null($this->host)) $this->host = $this->base->host;
83 }
84 if (is_null($this->defaultScheme)) $this->defaultScheme = $config->get('URI.DefaultScheme');
85 }
86
87 public function getDefaultScheme($config, $context)
88 {
89 return HTMLPurifier_URISchemeRegistry::instance()->getScheme($this->defaultScheme, $config, $context);
90 }
91
92 public function filter(&$uri, $config, $context)
93 {
94 foreach ($this->filters as $name => $f) {
95 $result = $f->filter($uri, $config, $context);
96 if (!$result) return false;
97 }
98 return true;
99 }
100
101 public function postFilter(&$uri, $config, $context)
102 {
103 foreach ($this->postFilters as $name => $f) {
104 $result = $f->filter($uri, $config, $context);
105 if (!$result) return false;
106 }
107 return true;
108 }
109
110}
111
112// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter.php
new file mode 100644
index 00000000..0333ea34
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter.php
@@ -0,0 +1,74 @@
1<?php
2
3/**
4 * Chainable filters for custom URI processing.
5 *
6 * These filters can perform custom actions on a URI filter object,
7 * including transformation or blacklisting. A filter named Foo
8 * must have a corresponding configuration directive %URI.Foo,
9 * unless always_load is specified to be true.
10 *
11 * The following contexts may be available while URIFilters are being
12 * processed:
13 *
14 * - EmbeddedURI: true if URI is an embedded resource that will
15 * be loaded automatically on page load
16 * - CurrentToken: a reference to the token that is currently
17 * being processed
18 * - CurrentAttr: the name of the attribute that is currently being
19 * processed
20 * - CurrentCSSProperty: the name of the CSS property that is
21 * currently being processed (if applicable)
22 *
23 * @warning This filter is called before scheme object validation occurs.
24 * Make sure, if you require a specific scheme object, you
25 * you check that it exists. This allows filters to convert
26 * proprietary URI schemes into regular ones.
27 */
28abstract class HTMLPurifier_URIFilter
29{
30
31 /**
32 * Unique identifier of filter.
33 * @type string
34 */
35 public $name;
36
37 /**
38 * True if this filter should be run after scheme validation.
39 * @type bool
40 */
41 public $post = false;
42
43 /**
44 * True if this filter should always be loaded.
45 * This permits a filter to be named Foo without the corresponding
46 * %URI.Foo directive existing.
47 * @type bool
48 */
49 public $always_load = false;
50
51 /**
52 * Performs initialization for the filter. If the filter returns
53 * false, this means that it shouldn't be considered active.
54 * @param HTMLPurifier_Config $config
55 * @return bool
56 */
57 public function prepare($config)
58 {
59 return true;
60 }
61
62 /**
63 * Filter a URI object
64 * @param HTMLPurifier_URI $uri Reference to URI object variable
65 * @param HTMLPurifier_Config $config
66 * @param HTMLPurifier_Context $context
67 * @return bool Whether or not to continue processing: false indicates
68 * URL is no good, true indicates continue processing. Note that
69 * all changes are committed directly on the URI object
70 */
71 abstract public function filter(&$uri, $config, $context);
72}
73
74// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php
new file mode 100644
index 00000000..52e12977
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php
@@ -0,0 +1,54 @@
1<?php
2
3class HTMLPurifier_URIFilter_DisableExternal extends HTMLPurifier_URIFilter
4{
5 /**
6 * @type string
7 */
8 public $name = 'DisableExternal';
9
10 /**
11 * @type array
12 */
13 protected $ourHostParts = false;
14
15 /**
16 * @param HTMLPurifier_Config $config
17 * @return void
18 */
19 public function prepare($config)
20 {
21 $our_host = $config->getDefinition('URI')->host;
22 if ($our_host !== null) {
23 $this->ourHostParts = array_reverse(explode('.', $our_host));
24 }
25 }
26
27 /**
28 * @param HTMLPurifier_URI $uri Reference
29 * @param HTMLPurifier_Config $config
30 * @param HTMLPurifier_Context $context
31 * @return bool
32 */
33 public function filter(&$uri, $config, $context)
34 {
35 if (is_null($uri->host)) {
36 return true;
37 }
38 if ($this->ourHostParts === false) {
39 return false;
40 }
41 $host_parts = array_reverse(explode('.', $uri->host));
42 foreach ($this->ourHostParts as $i => $x) {
43 if (!isset($host_parts[$i])) {
44 return false;
45 }
46 if ($host_parts[$i] != $this->ourHostParts[$i]) {
47 return false;
48 }
49 }
50 return true;
51 }
52}
53
54// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php
new file mode 100644
index 00000000..22697d71
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php
@@ -0,0 +1,25 @@
1<?php
2
3class HTMLPurifier_URIFilter_DisableExternalResources extends HTMLPurifier_URIFilter_DisableExternal
4{
5 /**
6 * @type string
7 */
8 public $name = 'DisableExternalResources';
9
10 /**
11 * @param HTMLPurifier_URI $uri
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return bool
15 */
16 public function filter(&$uri, $config, $context)
17 {
18 if (!$context->get('EmbeddedURI', true)) {
19 return true;
20 }
21 return parent::filter($uri, $config, $context);
22 }
23}
24
25// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableResources.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableResources.php
new file mode 100644
index 00000000..bdae9552
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/DisableResources.php
@@ -0,0 +1,22 @@
1<?php
2
3class HTMLPurifier_URIFilter_DisableResources extends HTMLPurifier_URIFilter
4{
5 /**
6 * @type string
7 */
8 public $name = 'DisableResources';
9
10 /**
11 * @param HTMLPurifier_URI $uri
12 * @param HTMLPurifier_Config $config
13 * @param HTMLPurifier_Context $context
14 * @return bool
15 */
16 public function filter(&$uri, $config, $context)
17 {
18 return !$context->get('EmbeddedURI', true);
19 }
20}
21
22// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php
new file mode 100644
index 00000000..54980b6e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/HostBlacklist.php
@@ -0,0 +1,46 @@
1<?php
2
3// It's not clear to me whether or not Punycode means that hostnames
4// do not have canonical forms anymore. As far as I can tell, it's
5// not a problem (punycoding should be identity when no Unicode
6// points are involved), but I'm not 100% sure
7class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
8{
9 /**
10 * @type string
11 */
12 public $name = 'HostBlacklist';
13
14 /**
15 * @type array
16 */
17 protected $blacklist = array();
18
19 /**
20 * @param HTMLPurifier_Config $config
21 * @return bool
22 */
23 public function prepare($config)
24 {
25 $this->blacklist = $config->get('URI.HostBlacklist');
26 return true;
27 }
28
29 /**
30 * @param HTMLPurifier_URI $uri
31 * @param HTMLPurifier_Config $config
32 * @param HTMLPurifier_Context $context
33 * @return bool
34 */
35 public function filter(&$uri, $config, $context)
36 {
37 foreach ($this->blacklist as $blacklisted_host_fragment) {
38 if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
39 return false;
40 }
41 }
42 return true;
43 }
44}
45
46// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/MakeAbsolute.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/MakeAbsolute.php
new file mode 100644
index 00000000..c873bce9
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/MakeAbsolute.php
@@ -0,0 +1,158 @@
1<?php
2
3// does not support network paths
4
5class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
6{
7 /**
8 * @type string
9 */
10 public $name = 'MakeAbsolute';
11
12 /**
13 * @type
14 */
15 protected $base;
16
17 /**
18 * @type array
19 */
20 protected $basePathStack = array();
21
22 /**
23 * @param HTMLPurifier_Config $config
24 * @return bool
25 */
26 public function prepare($config)
27 {
28 $def = $config->getDefinition('URI');
29 $this->base = $def->base;
30 if (is_null($this->base)) {
31 trigger_error(
32 'URI.MakeAbsolute is being ignored due to lack of ' .
33 'value for URI.Base configuration',
34 E_USER_WARNING
35 );
36 return false;
37 }
38 $this->base->fragment = null; // fragment is invalid for base URI
39 $stack = explode('/', $this->base->path);
40 array_pop($stack); // discard last segment
41 $stack = $this->_collapseStack($stack); // do pre-parsing
42 $this->basePathStack = $stack;
43 return true;
44 }
45
46 /**
47 * @param HTMLPurifier_URI $uri
48 * @param HTMLPurifier_Config $config
49 * @param HTMLPurifier_Context $context
50 * @return bool
51 */
52 public function filter(&$uri, $config, $context)
53 {
54 if (is_null($this->base)) {
55 return true;
56 } // abort early
57 if ($uri->path === '' && is_null($uri->scheme) &&
58 is_null($uri->host) && is_null($uri->query) && is_null($uri->fragment)) {
59 // reference to current document
60 $uri = clone $this->base;
61 return true;
62 }
63 if (!is_null($uri->scheme)) {
64 // absolute URI already: don't change
65 if (!is_null($uri->host)) {
66 return true;
67 }
68 $scheme_obj = $uri->getSchemeObj($config, $context);
69 if (!$scheme_obj) {
70 // scheme not recognized
71 return false;
72 }
73 if (!$scheme_obj->hierarchical) {
74 // non-hierarchal URI with explicit scheme, don't change
75 return true;
76 }
77 // special case: had a scheme but always is hierarchical and had no authority
78 }
79 if (!is_null($uri->host)) {
80 // network path, don't bother
81 return true;
82 }
83 if ($uri->path === '') {
84 $uri->path = $this->base->path;
85 } elseif ($uri->path[0] !== '/') {
86 // relative path, needs more complicated processing
87 $stack = explode('/', $uri->path);
88 $new_stack = array_merge($this->basePathStack, $stack);
89 if ($new_stack[0] !== '' && !is_null($this->base->host)) {
90 array_unshift($new_stack, '');
91 }
92 $new_stack = $this->_collapseStack($new_stack);
93 $uri->path = implode('/', $new_stack);
94 } else {
95 // absolute path, but still we should collapse
96 $uri->path = implode('/', $this->_collapseStack(explode('/', $uri->path)));
97 }
98 // re-combine
99 $uri->scheme = $this->base->scheme;
100 if (is_null($uri->userinfo)) {
101 $uri->userinfo = $this->base->userinfo;
102 }
103 if (is_null($uri->host)) {
104 $uri->host = $this->base->host;
105 }
106 if (is_null($uri->port)) {
107 $uri->port = $this->base->port;
108 }
109 return true;
110 }
111
112 /**
113 * Resolve dots and double-dots in a path stack
114 * @param array $stack
115 * @return array
116 */
117 private function _collapseStack($stack)
118 {
119 $result = array();
120 $is_folder = false;
121 for ($i = 0; isset($stack[$i]); $i++) {
122 $is_folder = false;
123 // absorb an internally duplicated slash
124 if ($stack[$i] == '' && $i && isset($stack[$i + 1])) {
125 continue;
126 }
127 if ($stack[$i] == '..') {
128 if (!empty($result)) {
129 $segment = array_pop($result);
130 if ($segment === '' && empty($result)) {
131 // error case: attempted to back out too far:
132 // restore the leading slash
133 $result[] = '';
134 } elseif ($segment === '..') {
135 $result[] = '..'; // cannot remove .. with ..
136 }
137 } else {
138 // relative path, preserve the double-dots
139 $result[] = '..';
140 }
141 $is_folder = true;
142 continue;
143 }
144 if ($stack[$i] == '.') {
145 // silently absorb
146 $is_folder = true;
147 continue;
148 }
149 $result[] = $stack[$i];
150 }
151 if ($is_folder) {
152 $result[] = '';
153 }
154 return $result;
155 }
156}
157
158// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/Munge.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/Munge.php
new file mode 100644
index 00000000..4b4f0cf7
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/Munge.php
@@ -0,0 +1,115 @@
1<?php
2
3class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
4{
5 /**
6 * @type string
7 */
8 public $name = 'Munge';
9
10 /**
11 * @type bool
12 */
13 public $post = true;
14
15 /**
16 * @type string
17 */
18 private $target;
19
20 /**
21 * @type HTMLPurifier_URIParser
22 */
23 private $parser;
24
25 /**
26 * @type bool
27 */
28 private $doEmbed;
29
30 /**
31 * @type string
32 */
33 private $secretKey;
34
35 /**
36 * @type array
37 */
38 protected $replace = array();
39
40 /**
41 * @param HTMLPurifier_Config $config
42 * @return bool
43 */
44 public function prepare($config)
45 {
46 $this->target = $config->get('URI.' . $this->name);
47 $this->parser = new HTMLPurifier_URIParser();
48 $this->doEmbed = $config->get('URI.MungeResources');
49 $this->secretKey = $config->get('URI.MungeSecretKey');
50 if ($this->secretKey && !function_exists('hash_hmac')) {
51 throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
52 }
53 return true;
54 }
55
56 /**
57 * @param HTMLPurifier_URI $uri
58 * @param HTMLPurifier_Config $config
59 * @param HTMLPurifier_Context $context
60 * @return bool
61 */
62 public function filter(&$uri, $config, $context)
63 {
64 if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
65 return true;
66 }
67
68 $scheme_obj = $uri->getSchemeObj($config, $context);
69 if (!$scheme_obj) {
70 return true;
71 } // ignore unknown schemes, maybe another postfilter did it
72 if (!$scheme_obj->browsable) {
73 return true;
74 } // ignore non-browseable schemes, since we can't munge those in a reasonable way
75 if ($uri->isBenign($config, $context)) {
76 return true;
77 } // don't redirect if a benign URL
78
79 $this->makeReplace($uri, $config, $context);
80 $this->replace = array_map('rawurlencode', $this->replace);
81
82 $new_uri = strtr($this->target, $this->replace);
83 $new_uri = $this->parser->parse($new_uri);
84 // don't redirect if the target host is the same as the
85 // starting host
86 if ($uri->host === $new_uri->host) {
87 return true;
88 }
89 $uri = $new_uri; // overwrite
90 return true;
91 }
92
93 /**
94 * @param HTMLPurifier_URI $uri
95 * @param HTMLPurifier_Config $config
96 * @param HTMLPurifier_Context $context
97 */
98 protected function makeReplace($uri, $config, $context)
99 {
100 $string = $uri->toString();
101 // always available
102 $this->replace['%s'] = $string;
103 $this->replace['%r'] = $context->get('EmbeddedURI', true);
104 $token = $context->get('CurrentToken', true);
105 $this->replace['%n'] = $token ? $token->name : null;
106 $this->replace['%m'] = $context->get('CurrentAttr', true);
107 $this->replace['%p'] = $context->get('CurrentCSSProperty', true);
108 // not always available
109 if ($this->secretKey) {
110 $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
111 }
112 }
113}
114
115// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php
new file mode 100644
index 00000000..5ecb9567
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php
@@ -0,0 +1,68 @@
1<?php
2
3/**
4 * Implements safety checks for safe iframes.
5 *
6 * @warning This filter is *critical* for ensuring that %HTML.SafeIframe
7 * works safely.
8 */
9class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
10{
11 /**
12 * @type string
13 */
14 public $name = 'SafeIframe';
15
16 /**
17 * @type bool
18 */
19 public $always_load = true;
20
21 /**
22 * @type string
23 */
24 protected $regexp = null;
25
26 // XXX: The not so good bit about how this is all set up now is we
27 // can't check HTML.SafeIframe in the 'prepare' step: we have to
28 // defer till the actual filtering.
29 /**
30 * @param HTMLPurifier_Config $config
31 * @return bool
32 */
33 public function prepare($config)
34 {
35 $this->regexp = $config->get('URI.SafeIframeRegexp');
36 return true;
37 }
38
39 /**
40 * @param HTMLPurifier_URI $uri
41 * @param HTMLPurifier_Config $config
42 * @param HTMLPurifier_Context $context
43 * @return bool
44 */
45 public function filter(&$uri, $config, $context)
46 {
47 // check if filter not applicable
48 if (!$config->get('HTML.SafeIframe')) {
49 return true;
50 }
51 // check if the filter should actually trigger
52 if (!$context->get('EmbeddedURI', true)) {
53 return true;
54 }
55 $token = $context->get('CurrentToken', true);
56 if (!($token && $token->name == 'iframe')) {
57 return true;
58 }
59 // check if we actually have some whitelists enabled
60 if ($this->regexp === null) {
61 return false;
62 }
63 // actually check the whitelists
64 return preg_match($this->regexp, $uri->toString());
65 }
66}
67
68// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIParser.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIParser.php
new file mode 100644
index 00000000..699978dc
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIParser.php
@@ -0,0 +1,71 @@
1<?php
2
3/**
4 * Parses a URI into the components and fragment identifier as specified
5 * by RFC 3986.
6 */
7class HTMLPurifier_URIParser
8{
9
10 /**
11 * Instance of HTMLPurifier_PercentEncoder to do normalization with.
12 */
13 protected $percentEncoder;
14
15 public function __construct()
16 {
17 $this->percentEncoder = new HTMLPurifier_PercentEncoder();
18 }
19
20 /**
21 * Parses a URI.
22 * @param $uri string URI to parse
23 * @return HTMLPurifier_URI representation of URI. This representation has
24 * not been validated yet and may not conform to RFC.
25 */
26 public function parse($uri)
27 {
28 $uri = $this->percentEncoder->normalize($uri);
29
30 // Regexp is as per Appendix B.
31 // Note that ["<>] are an addition to the RFC's recommended
32 // characters, because they represent external delimeters.
33 $r_URI = '!'.
34 '(([a-zA-Z0-9\.\+\-]+):)?'. // 2. Scheme
35 '(//([^/?#"<>]*))?'. // 4. Authority
36 '([^?#"<>]*)'. // 5. Path
37 '(\?([^#"<>]*))?'. // 7. Query
38 '(#([^"<>]*))?'. // 8. Fragment
39 '!';
40
41 $matches = array();
42 $result = preg_match($r_URI, $uri, $matches);
43
44 if (!$result) return false; // *really* invalid URI
45
46 // seperate out parts
47 $scheme = !empty($matches[1]) ? $matches[2] : null;
48 $authority = !empty($matches[3]) ? $matches[4] : null;
49 $path = $matches[5]; // always present, can be empty
50 $query = !empty($matches[6]) ? $matches[7] : null;
51 $fragment = !empty($matches[8]) ? $matches[9] : null;
52
53 // further parse authority
54 if ($authority !== null) {
55 $r_authority = "/^((.+?)@)?(\[[^\]]+\]|[^:]*)(:(\d*))?/";
56 $matches = array();
57 preg_match($r_authority, $authority, $matches);
58 $userinfo = !empty($matches[1]) ? $matches[2] : null;
59 $host = !empty($matches[3]) ? $matches[3] : '';
60 $port = !empty($matches[4]) ? (int) $matches[5] : null;
61 } else {
62 $port = $host = $userinfo = null;
63 }
64
65 return new HTMLPurifier_URI(
66 $scheme, $userinfo, $host, $port, $path, $query, $fragment);
67 }
68
69}
70
71// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme.php
new file mode 100644
index 00000000..03602abe
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme.php
@@ -0,0 +1,102 @@
1<?php
2
3/**
4 * Validator for the components of a URI for a specific scheme
5 */
6abstract class HTMLPurifier_URIScheme
7{
8
9 /**
10 * Scheme's default port (integer). If an explicit port number is
11 * specified that coincides with the default port, it will be
12 * elided.
13 * @type int
14 */
15 public $default_port = null;
16
17 /**
18 * Whether or not URIs of this scheme are locatable by a browser
19 * http and ftp are accessible, while mailto and news are not.
20 * @type bool
21 */
22 public $browsable = false;
23
24 /**
25 * Whether or not data transmitted over this scheme is encrypted.
26 * https is secure, http is not.
27 * @type bool
28 */
29 public $secure = false;
30
31 /**
32 * Whether or not the URI always uses <hier_part>, resolves edge cases
33 * with making relative URIs absolute
34 * @type bool
35 */
36 public $hierarchical = false;
37
38 /**
39 * Whether or not the URI may omit a hostname when the scheme is
40 * explicitly specified, ala file:///path/to/file. As of writing,
41 * 'file' is the only scheme that browsers support his properly.
42 * @type bool
43 */
44 public $may_omit_host = false;
45
46 /**
47 * Validates the components of a URI for a specific scheme.
48 * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
49 * @param HTMLPurifier_Config $config
50 * @param HTMLPurifier_Context $context
51 * @return bool success or failure
52 */
53 abstract public function doValidate(&$uri, $config, $context);
54
55 /**
56 * Public interface for validating components of a URI. Performs a
57 * bunch of default actions. Don't overload this method.
58 * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
59 * @param HTMLPurifier_Config $config
60 * @param HTMLPurifier_Context $context
61 * @return bool success or failure
62 */
63 public function validate(&$uri, $config, $context)
64 {
65 if ($this->default_port == $uri->port) {
66 $uri->port = null;
67 }
68 // kludge: browsers do funny things when the scheme but not the
69 // authority is set
70 if (!$this->may_omit_host &&
71 // if the scheme is present, a missing host is always in error
72 (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
73 // if the scheme is not present, a *blank* host is in error,
74 // since this translates into '///path' which most browsers
75 // interpret as being 'http://path'.
76 (is_null($uri->scheme) && $uri->host === '')
77 ) {
78 do {
79 if (is_null($uri->scheme)) {
80 if (substr($uri->path, 0, 2) != '//') {
81 $uri->host = null;
82 break;
83 }
84 // URI is '////path', so we cannot nullify the
85 // host to preserve semantics. Try expanding the
86 // hostname instead (fall through)
87 }
88 // first see if we can manually insert a hostname
89 $host = $config->get('URI.Host');
90 if (!is_null($host)) {
91 $uri->host = $host;
92 } else {
93 // we can't do anything sensible, reject the URL.
94 return false;
95 }
96 } while (false);
97 }
98 return $this->doValidate($uri, $config, $context);
99 }
100}
101
102// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php
new file mode 100644
index 00000000..3bd93a8f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php
@@ -0,0 +1,127 @@
1<?php
2
3/**
4 * Implements data: URI for base64 encoded images supported by GD.
5 */
6class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
7{
8 /**
9 * @type bool
10 */
11 public $browsable = true;
12
13 /**
14 * @type array
15 */
16 public $allowed_types = array(
17 // you better write validation code for other types if you
18 // decide to allow them
19 'image/jpeg' => true,
20 'image/gif' => true,
21 'image/png' => true,
22 );
23 // this is actually irrelevant since we only write out the path
24 // component
25 /**
26 * @type bool
27 */
28 public $may_omit_host = true;
29
30 /**
31 * @param HTMLPurifier_URI $uri
32 * @param HTMLPurifier_Config $config
33 * @param HTMLPurifier_Context $context
34 * @return bool
35 */
36 public function doValidate(&$uri, $config, $context)
37 {
38 $result = explode(',', $uri->path, 2);
39 $is_base64 = false;
40 $charset = null;
41 $content_type = null;
42 if (count($result) == 2) {
43 list($metadata, $data) = $result;
44 // do some legwork on the metadata
45 $metas = explode(';', $metadata);
46 while (!empty($metas)) {
47 $cur = array_shift($metas);
48 if ($cur == 'base64') {
49 $is_base64 = true;
50 break;
51 }
52 if (substr($cur, 0, 8) == 'charset=') {
53 // doesn't match if there are arbitrary spaces, but
54 // whatever dude
55 if ($charset !== null) {
56 continue;
57 } // garbage
58 $charset = substr($cur, 8); // not used
59 } else {
60 if ($content_type !== null) {
61 continue;
62 } // garbage
63 $content_type = $cur;
64 }
65 }
66 } else {
67 $data = $result[0];
68 }
69 if ($content_type !== null && empty($this->allowed_types[$content_type])) {
70 return false;
71 }
72 if ($charset !== null) {
73 // error; we don't allow plaintext stuff
74 $charset = null;
75 }
76 $data = rawurldecode($data);
77 if ($is_base64) {
78 $raw_data = base64_decode($data);
79 } else {
80 $raw_data = $data;
81 }
82 // XXX probably want to refactor this into a general mechanism
83 // for filtering arbitrary content types
84 $file = tempnam("/tmp", "");
85 file_put_contents($file, $raw_data);
86 if (function_exists('exif_imagetype')) {
87 $image_code = exif_imagetype($file);
88 unlink($file);
89 } elseif (function_exists('getimagesize')) {
90 set_error_handler(array($this, 'muteErrorHandler'));
91 $info = getimagesize($file);
92 restore_error_handler();
93 unlink($file);
94 if ($info == false) {
95 return false;
96 }
97 $image_code = $info[2];
98 } else {
99 trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR);
100 }
101 $real_content_type = image_type_to_mime_type($image_code);
102 if ($real_content_type != $content_type) {
103 // we're nice guys; if the content type is something else we
104 // support, change it over
105 if (empty($this->allowed_types[$real_content_type])) {
106 return false;
107 }
108 $content_type = $real_content_type;
109 }
110 // ok, it's kosher, rewrite what we need
111 $uri->userinfo = null;
112 $uri->host = null;
113 $uri->port = null;
114 $uri->fragment = null;
115 $uri->query = null;
116 $uri->path = "$content_type;base64," . base64_encode($raw_data);
117 return true;
118 }
119
120 /**
121 * @param int $errno
122 * @param string $errstr
123 */
124 public function muteErrorHandler($errno, $errstr)
125 {
126 }
127}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php
new file mode 100644
index 00000000..a220a6ad
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php
@@ -0,0 +1,44 @@
1<?php
2
3/**
4 * Validates file as defined by RFC 1630 and RFC 1738.
5 */
6class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
7{
8 /**
9 * Generally file:// URLs are not accessible from most
10 * machines, so placing them as an img src is incorrect.
11 * @type bool
12 */
13 public $browsable = false;
14
15 /**
16 * Basically the *only* URI scheme for which this is true, since
17 * accessing files on the local machine is very common. In fact,
18 * browsers on some operating systems don't understand the
19 * authority, though I hear it is used on Windows to refer to
20 * network shares.
21 * @type bool
22 */
23 public $may_omit_host = true;
24
25 /**
26 * @param HTMLPurifier_URI $uri
27 * @param HTMLPurifier_Config $config
28 * @param HTMLPurifier_Context $context
29 * @return bool
30 */
31 public function doValidate(&$uri, $config, $context)
32 {
33 // Authentication method is not supported
34 $uri->userinfo = null;
35 // file:// makes no provisions for accessing the resource
36 $uri->port = null;
37 // While it seems to work on Firefox, the querystring has
38 // no possible effect and is thus stripped.
39 $uri->query = null;
40 return true;
41 }
42}
43
44// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php
new file mode 100644
index 00000000..8e7fb8c3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php
@@ -0,0 +1,58 @@
1<?php
2
3/**
4 * Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738.
5 */
6class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme
7{
8 /**
9 * @type int
10 */
11 public $default_port = 21;
12
13 /**
14 * @type bool
15 */
16 public $browsable = true; // usually
17
18 /**
19 * @type bool
20 */
21 public $hierarchical = true;
22
23 /**
24 * @param HTMLPurifier_URI $uri
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return bool
28 */
29 public function doValidate(&$uri, $config, $context)
30 {
31 $uri->query = null;
32
33 // typecode check
34 $semicolon_pos = strrpos($uri->path, ';'); // reverse
35 if ($semicolon_pos !== false) {
36 $type = substr($uri->path, $semicolon_pos + 1); // no semicolon
37 $uri->path = substr($uri->path, 0, $semicolon_pos);
38 $type_ret = '';
39 if (strpos($type, '=') !== false) {
40 // figure out whether or not the declaration is correct
41 list($key, $typecode) = explode('=', $type, 2);
42 if ($key !== 'type') {
43 // invalid key, tack it back on encoded
44 $uri->path .= '%3B' . $type;
45 } elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') {
46 $type_ret = ";type=$typecode";
47 }
48 } else {
49 $uri->path .= '%3B' . $type;
50 }
51 $uri->path = str_replace(';', '%3B', $uri->path);
52 $uri->path .= $type_ret;
53 }
54 return true;
55 }
56}
57
58// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php
new file mode 100644
index 00000000..63c8c928
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php
@@ -0,0 +1,36 @@
1<?php
2
3/**
4 * Validates http (HyperText Transfer Protocol) as defined by RFC 2616
5 */
6class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme
7{
8 /**
9 * @type int
10 */
11 public $default_port = 80;
12
13 /**
14 * @type bool
15 */
16 public $browsable = true;
17
18 /**
19 * @type bool
20 */
21 public $hierarchical = true;
22
23 /**
24 * @param HTMLPurifier_URI $uri
25 * @param HTMLPurifier_Config $config
26 * @param HTMLPurifier_Context $context
27 * @return bool
28 */
29 public function doValidate(&$uri, $config, $context)
30 {
31 $uri->userinfo = null;
32 return true;
33 }
34}
35
36// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php
new file mode 100644
index 00000000..4de39090
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php
@@ -0,0 +1,18 @@
1<?php
2
3/**
4 * Validates https (Secure HTTP) according to http scheme.
5 */
6class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http
7{
8 /**
9 * @type int
10 */
11 public $default_port = 443;
12 /**
13 * @type bool
14 */
15 public $secure = true;
16}
17
18// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php
new file mode 100644
index 00000000..b8a40d7e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php
@@ -0,0 +1,40 @@
1<?php
2
3// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
4// email is valid, but be careful!
5
6/**
7 * Validates mailto (for E-mail) according to RFC 2368
8 * @todo Validate the email address
9 * @todo Filter allowed query parameters
10 */
11
12class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme
13{
14 /**
15 * @type bool
16 */
17 public $browsable = false;
18
19 /**
20 * @type bool
21 */
22 public $may_omit_host = true;
23
24 /**
25 * @param HTMLPurifier_URI $uri
26 * @param HTMLPurifier_Config $config
27 * @param HTMLPurifier_Context $context
28 * @return bool
29 */
30 public function doValidate(&$uri, $config, $context)
31 {
32 $uri->userinfo = null;
33 $uri->host = null;
34 $uri->port = null;
35 // we need to validate path against RFC 2368's addr-spec
36 return true;
37 }
38}
39
40// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php
new file mode 100644
index 00000000..22c9ebc5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php
@@ -0,0 +1,35 @@
1<?php
2
3/**
4 * Validates news (Usenet) as defined by generic RFC 1738
5 */
6class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme
7{
8 /**
9 * @type bool
10 */
11 public $browsable = false;
12
13 /**
14 * @type bool
15 */
16 public $may_omit_host = true;
17
18 /**
19 * @param HTMLPurifier_URI $uri
20 * @param HTMLPurifier_Config $config
21 * @param HTMLPurifier_Context $context
22 * @return bool
23 */
24 public function doValidate(&$uri, $config, $context)
25 {
26 $uri->userinfo = null;
27 $uri->host = null;
28 $uri->port = null;
29 $uri->query = null;
30 // typecode check needed on path
31 return true;
32 }
33}
34
35// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php
new file mode 100644
index 00000000..803ed138
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php
@@ -0,0 +1,32 @@
1<?php
2
3/**
4 * Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738
5 */
6class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme
7{
8 /**
9 * @type int
10 */
11 public $default_port = 119;
12
13 /**
14 * @type bool
15 */
16 public $browsable = false;
17
18 /**
19 * @param HTMLPurifier_URI $uri
20 * @param HTMLPurifier_Config $config
21 * @param HTMLPurifier_Context $context
22 * @return bool
23 */
24 public function doValidate(&$uri, $config, $context)
25 {
26 $uri->userinfo = null;
27 $uri->query = null;
28 return true;
29 }
30}
31
32// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URISchemeRegistry.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URISchemeRegistry.php
new file mode 100644
index 00000000..24280638
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URISchemeRegistry.php
@@ -0,0 +1,81 @@
1<?php
2
3/**
4 * Registry for retrieving specific URI scheme validator objects.
5 */
6class HTMLPurifier_URISchemeRegistry
7{
8
9 /**
10 * Retrieve sole instance of the registry.
11 * @param HTMLPurifier_URISchemeRegistry $prototype Optional prototype to overload sole instance with,
12 * or bool true to reset to default registry.
13 * @return HTMLPurifier_URISchemeRegistry
14 * @note Pass a registry object $prototype with a compatible interface and
15 * the function will copy it and return it all further times.
16 */
17 public static function instance($prototype = null)
18 {
19 static $instance = null;
20 if ($prototype !== null) {
21 $instance = $prototype;
22 } elseif ($instance === null || $prototype == true) {
23 $instance = new HTMLPurifier_URISchemeRegistry();
24 }
25 return $instance;
26 }
27
28 /**
29 * Cache of retrieved schemes.
30 * @type HTMLPurifier_URIScheme[]
31 */
32 protected $schemes = array();
33
34 /**
35 * Retrieves a scheme validator object
36 * @param string $scheme String scheme name like http or mailto
37 * @param HTMLPurifier_Config $config
38 * @param HTMLPurifier_Context $context
39 * @return HTMLPurifier_URIScheme
40 */
41 public function getScheme($scheme, $config, $context)
42 {
43 if (!$config) {
44 $config = HTMLPurifier_Config::createDefault();
45 }
46
47 // important, otherwise attacker could include arbitrary file
48 $allowed_schemes = $config->get('URI.AllowedSchemes');
49 if (!$config->get('URI.OverrideAllowedSchemes') &&
50 !isset($allowed_schemes[$scheme])
51 ) {
52 return;
53 }
54
55 if (isset($this->schemes[$scheme])) {
56 return $this->schemes[$scheme];
57 }
58 if (!isset($allowed_schemes[$scheme])) {
59 return;
60 }
61
62 $class = 'HTMLPurifier_URIScheme_' . $scheme;
63 if (!class_exists($class)) {
64 return;
65 }
66 $this->schemes[$scheme] = new $class();
67 return $this->schemes[$scheme];
68 }
69
70 /**
71 * Registers a custom scheme to the cache, bypassing reflection.
72 * @param string $scheme Scheme name
73 * @param HTMLPurifier_URIScheme $scheme_obj
74 */
75 public function register($scheme, $scheme_obj)
76 {
77 $this->schemes[$scheme] = $scheme_obj;
78 }
79}
80
81// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/UnitConverter.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/UnitConverter.php
new file mode 100644
index 00000000..e663b327
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/UnitConverter.php
@@ -0,0 +1,307 @@
1<?php
2
3/**
4 * Class for converting between different unit-lengths as specified by
5 * CSS.
6 */
7class HTMLPurifier_UnitConverter
8{
9
10 const ENGLISH = 1;
11 const METRIC = 2;
12 const DIGITAL = 3;
13
14 /**
15 * Units information array. Units are grouped into measuring systems
16 * (English, Metric), and are assigned an integer representing
17 * the conversion factor between that unit and the smallest unit in
18 * the system. Numeric indexes are actually magical constants that
19 * encode conversion data from one system to the next, with a O(n^2)
20 * constraint on memory (this is generally not a problem, since
21 * the number of measuring systems is small.)
22 */
23 protected static $units = array(
24 self::ENGLISH => array(
25 'px' => 3, // This is as per CSS 2.1 and Firefox. Your mileage may vary
26 'pt' => 4,
27 'pc' => 48,
28 'in' => 288,
29 self::METRIC => array('pt', '0.352777778', 'mm'),
30 ),
31 self::METRIC => array(
32 'mm' => 1,
33 'cm' => 10,
34 self::ENGLISH => array('mm', '2.83464567', 'pt'),
35 ),
36 );
37
38 /**
39 * Minimum bcmath precision for output.
40 * @type int
41 */
42 protected $outputPrecision;
43
44 /**
45 * Bcmath precision for internal calculations.
46 * @type int
47 */
48 protected $internalPrecision;
49
50 /**
51 * Whether or not BCMath is available.
52 * @type bool
53 */
54 private $bcmath;
55
56 public function __construct($output_precision = 4, $internal_precision = 10, $force_no_bcmath = false)
57 {
58 $this->outputPrecision = $output_precision;
59 $this->internalPrecision = $internal_precision;
60 $this->bcmath = !$force_no_bcmath && function_exists('bcmul');
61 }
62
63 /**
64 * Converts a length object of one unit into another unit.
65 * @param HTMLPurifier_Length $length
66 * Instance of HTMLPurifier_Length to convert. You must validate()
67 * it before passing it here!
68 * @param string $to_unit
69 * Unit to convert to.
70 * @return HTMLPurifier_Length|bool
71 * @note
72 * About precision: This conversion function pays very special
73 * attention to the incoming precision of values and attempts
74 * to maintain a number of significant figure. Results are
75 * fairly accurate up to nine digits. Some caveats:
76 * - If a number is zero-padded as a result of this significant
77 * figure tracking, the zeroes will be eliminated.
78 * - If a number contains less than four sigfigs ($outputPrecision)
79 * and this causes some decimals to be excluded, those
80 * decimals will be added on.
81 */
82 public function convert($length, $to_unit)
83 {
84 if (!$length->isValid()) {
85 return false;
86 }
87
88 $n = $length->getN();
89 $unit = $length->getUnit();
90
91 if ($n === '0' || $unit === false) {
92 return new HTMLPurifier_Length('0', false);
93 }
94
95 $state = $dest_state = false;
96 foreach (self::$units as $k => $x) {
97 if (isset($x[$unit])) {
98 $state = $k;
99 }
100 if (isset($x[$to_unit])) {
101 $dest_state = $k;
102 }
103 }
104 if (!$state || !$dest_state) {
105 return false;
106 }
107
108 // Some calculations about the initial precision of the number;
109 // this will be useful when we need to do final rounding.
110 $sigfigs = $this->getSigFigs($n);
111 if ($sigfigs < $this->outputPrecision) {
112 $sigfigs = $this->outputPrecision;
113 }
114
115 // BCMath's internal precision deals only with decimals. Use
116 // our default if the initial number has no decimals, or increase
117 // it by how ever many decimals, thus, the number of guard digits
118 // will always be greater than or equal to internalPrecision.
119 $log = (int)floor(log(abs($n), 10));
120 $cp = ($log < 0) ? $this->internalPrecision - $log : $this->internalPrecision; // internal precision
121
122 for ($i = 0; $i < 2; $i++) {
123
124 // Determine what unit IN THIS SYSTEM we need to convert to
125 if ($dest_state === $state) {
126 // Simple conversion
127 $dest_unit = $to_unit;
128 } else {
129 // Convert to the smallest unit, pending a system shift
130 $dest_unit = self::$units[$state][$dest_state][0];
131 }
132
133 // Do the conversion if necessary
134 if ($dest_unit !== $unit) {
135 $factor = $this->div(self::$units[$state][$unit], self::$units[$state][$dest_unit], $cp);
136 $n = $this->mul($n, $factor, $cp);
137 $unit = $dest_unit;
138 }
139
140 // Output was zero, so bail out early. Shouldn't ever happen.
141 if ($n === '') {
142 $n = '0';
143 $unit = $to_unit;
144 break;
145 }
146
147 // It was a simple conversion, so bail out
148 if ($dest_state === $state) {
149 break;
150 }
151
152 if ($i !== 0) {
153 // Conversion failed! Apparently, the system we forwarded
154 // to didn't have this unit. This should never happen!
155 return false;
156 }
157
158 // Pre-condition: $i == 0
159
160 // Perform conversion to next system of units
161 $n = $this->mul($n, self::$units[$state][$dest_state][1], $cp);
162 $unit = self::$units[$state][$dest_state][2];
163 $state = $dest_state;
164
165 // One more loop around to convert the unit in the new system.
166
167 }
168
169 // Post-condition: $unit == $to_unit
170 if ($unit !== $to_unit) {
171 return false;
172 }
173
174 // Useful for debugging:
175 //echo "<pre>n";
176 //echo "$n\nsigfigs = $sigfigs\nnew_log = $new_log\nlog = $log\nrp = $rp\n</pre>\n";
177
178 $n = $this->round($n, $sigfigs);
179 if (strpos($n, '.') !== false) {
180 $n = rtrim($n, '0');
181 }
182 $n = rtrim($n, '.');
183
184 return new HTMLPurifier_Length($n, $unit);
185 }
186
187 /**
188 * Returns the number of significant figures in a string number.
189 * @param string $n Decimal number
190 * @return int number of sigfigs
191 */
192 public function getSigFigs($n)
193 {
194 $n = ltrim($n, '0+-');
195 $dp = strpos($n, '.'); // decimal position
196 if ($dp === false) {
197 $sigfigs = strlen(rtrim($n, '0'));
198 } else {
199 $sigfigs = strlen(ltrim($n, '0.')); // eliminate extra decimal character
200 if ($dp !== 0) {
201 $sigfigs--;
202 }
203 }
204 return $sigfigs;
205 }
206
207 /**
208 * Adds two numbers, using arbitrary precision when available.
209 * @param string $s1
210 * @param string $s2
211 * @param int $scale
212 * @return string
213 */
214 private function add($s1, $s2, $scale)
215 {
216 if ($this->bcmath) {
217 return bcadd($s1, $s2, $scale);
218 } else {
219 return $this->scale((float)$s1 + (float)$s2, $scale);
220 }
221 }
222
223 /**
224 * Multiples two numbers, using arbitrary precision when available.
225 * @param string $s1
226 * @param string $s2
227 * @param int $scale
228 * @return string
229 */
230 private function mul($s1, $s2, $scale)
231 {
232 if ($this->bcmath) {
233 return bcmul($s1, $s2, $scale);
234 } else {
235 return $this->scale((float)$s1 * (float)$s2, $scale);
236 }
237 }
238
239 /**
240 * Divides two numbers, using arbitrary precision when available.
241 * @param string $s1
242 * @param string $s2
243 * @param int $scale
244 * @return string
245 */
246 private function div($s1, $s2, $scale)
247 {
248 if ($this->bcmath) {
249 return bcdiv($s1, $s2, $scale);
250 } else {
251 return $this->scale((float)$s1 / (float)$s2, $scale);
252 }
253 }
254
255 /**
256 * Rounds a number according to the number of sigfigs it should have,
257 * using arbitrary precision when available.
258 * @param float $n
259 * @param int $sigfigs
260 * @return string
261 */
262 private function round($n, $sigfigs)
263 {
264 $new_log = (int)floor(log(abs($n), 10)); // Number of digits left of decimal - 1
265 $rp = $sigfigs - $new_log - 1; // Number of decimal places needed
266 $neg = $n < 0 ? '-' : ''; // Negative sign
267 if ($this->bcmath) {
268 if ($rp >= 0) {
269 $n = bcadd($n, $neg . '0.' . str_repeat('0', $rp) . '5', $rp + 1);
270 $n = bcdiv($n, '1', $rp);
271 } else {
272 // This algorithm partially depends on the standardized
273 // form of numbers that comes out of bcmath.
274 $n = bcadd($n, $neg . '5' . str_repeat('0', $new_log - $sigfigs), 0);
275 $n = substr($n, 0, $sigfigs + strlen($neg)) . str_repeat('0', $new_log - $sigfigs + 1);
276 }
277 return $n;
278 } else {
279 return $this->scale(round($n, $sigfigs - $new_log - 1), $rp + 1);
280 }
281 }
282
283 /**
284 * Scales a float to $scale digits right of decimal point, like BCMath.
285 * @param float $r
286 * @param int $scale
287 * @return string
288 */
289 private function scale($r, $scale)
290 {
291 if ($scale < 0) {
292 // The f sprintf type doesn't support negative numbers, so we
293 // need to cludge things manually. First get the string.
294 $r = sprintf('%.0f', (float)$r);
295 // Due to floating point precision loss, $r will more than likely
296 // look something like 4652999999999.9234. We grab one more digit
297 // than we need to precise from $r and then use that to round
298 // appropriately.
299 $precise = (string)round(substr($r, 0, strlen($r) + $scale), -1);
300 // Now we return it, truncating the zero that was rounded off.
301 return substr($precise, 0, -1) . str_repeat('0', -$scale + 1);
302 }
303 return sprintf('%.' . $scale . 'f', (float)$r);
304 }
305}
306
307// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser.php
new file mode 100644
index 00000000..4bf7771a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser.php
@@ -0,0 +1,198 @@
1<?php
2
3/**
4 * Parses string representations into their corresponding native PHP
5 * variable type. The base implementation does a simple type-check.
6 */
7class HTMLPurifier_VarParser
8{
9
10 const STRING = 1;
11 const ISTRING = 2;
12 const TEXT = 3;
13 const ITEXT = 4;
14 const INT = 5;
15 const FLOAT = 6;
16 const BOOL = 7;
17 const LOOKUP = 8;
18 const ALIST = 9;
19 const HASH = 10;
20 const MIXED = 11;
21
22 /**
23 * Lookup table of allowed types. Mainly for backwards compatibility, but
24 * also convenient for transforming string type names to the integer constants.
25 */
26 public static $types = array(
27 'string' => self::STRING,
28 'istring' => self::ISTRING,
29 'text' => self::TEXT,
30 'itext' => self::ITEXT,
31 'int' => self::INT,
32 'float' => self::FLOAT,
33 'bool' => self::BOOL,
34 'lookup' => self::LOOKUP,
35 'list' => self::ALIST,
36 'hash' => self::HASH,
37 'mixed' => self::MIXED
38 );
39
40 /**
41 * Lookup table of types that are string, and can have aliases or
42 * allowed value lists.
43 */
44 public static $stringTypes = array(
45 self::STRING => true,
46 self::ISTRING => true,
47 self::TEXT => true,
48 self::ITEXT => true,
49 );
50
51 /**
52 * Validate a variable according to type.
53 * It may return NULL as a valid type if $allow_null is true.
54 *
55 * @param mixed $var Variable to validate
56 * @param int $type Type of variable, see HTMLPurifier_VarParser->types
57 * @param bool $allow_null Whether or not to permit null as a value
58 * @return string Validated and type-coerced variable
59 * @throws HTMLPurifier_VarParserException
60 */
61 final public function parse($var, $type, $allow_null = false)
62 {
63 if (is_string($type)) {
64 if (!isset(HTMLPurifier_VarParser::$types[$type])) {
65 throw new HTMLPurifier_VarParserException("Invalid type '$type'");
66 } else {
67 $type = HTMLPurifier_VarParser::$types[$type];
68 }
69 }
70 $var = $this->parseImplementation($var, $type, $allow_null);
71 if ($allow_null && $var === null) {
72 return null;
73 }
74 // These are basic checks, to make sure nothing horribly wrong
75 // happened in our implementations.
76 switch ($type) {
77 case (self::STRING):
78 case (self::ISTRING):
79 case (self::TEXT):
80 case (self::ITEXT):
81 if (!is_string($var)) {
82 break;
83 }
84 if ($type == self::ISTRING || $type == self::ITEXT) {
85 $var = strtolower($var);
86 }
87 return $var;
88 case (self::INT):
89 if (!is_int($var)) {
90 break;
91 }
92 return $var;
93 case (self::FLOAT):
94 if (!is_float($var)) {
95 break;
96 }
97 return $var;
98 case (self::BOOL):
99 if (!is_bool($var)) {
100 break;
101 }
102 return $var;
103 case (self::LOOKUP):
104 case (self::ALIST):
105 case (self::HASH):
106 if (!is_array($var)) {
107 break;
108 }
109 if ($type === self::LOOKUP) {
110 foreach ($var as $k) {
111 if ($k !== true) {
112 $this->error('Lookup table contains value other than true');
113 }
114 }
115 } elseif ($type === self::ALIST) {
116 $keys = array_keys($var);
117 if (array_keys($keys) !== $keys) {
118 $this->error('Indices for list are not uniform');
119 }
120 }
121 return $var;
122 case (self::MIXED):
123 return $var;
124 default:
125 $this->errorInconsistent(get_class($this), $type);
126 }
127 $this->errorGeneric($var, $type);
128 }
129
130 /**
131 * Actually implements the parsing. Base implementation does not
132 * do anything to $var. Subclasses should overload this!
133 * @param mixed $var
134 * @param int $type
135 * @param bool $allow_null
136 * @return string
137 */
138 protected function parseImplementation($var, $type, $allow_null)
139 {
140 return $var;
141 }
142
143 /**
144 * Throws an exception.
145 * @throws HTMLPurifier_VarParserException
146 */
147 protected function error($msg)
148 {
149 throw new HTMLPurifier_VarParserException($msg);
150 }
151
152 /**
153 * Throws an inconsistency exception.
154 * @note This should not ever be called. It would be called if we
155 * extend the allowed values of HTMLPurifier_VarParser without
156 * updating subclasses.
157 * @param string $class
158 * @param int $type
159 * @throws HTMLPurifier_Exception
160 */
161 protected function errorInconsistent($class, $type)
162 {
163 throw new HTMLPurifier_Exception(
164 "Inconsistency in $class: " . HTMLPurifier_VarParser::getTypeName($type) .
165 " not implemented"
166 );
167 }
168
169 /**
170 * Generic error for if a type didn't work.
171 * @param mixed $var
172 * @param int $type
173 */
174 protected function errorGeneric($var, $type)
175 {
176 $vtype = gettype($var);
177 $this->error("Expected type " . HTMLPurifier_VarParser::getTypeName($type) . ", got $vtype");
178 }
179
180 /**
181 * @param int $type
182 * @return string
183 */
184 public static function getTypeName($type)
185 {
186 static $lookup;
187 if (!$lookup) {
188 // Lazy load the alternative lookup table
189 $lookup = array_flip(HTMLPurifier_VarParser::$types);
190 }
191 if (!isset($lookup[$type])) {
192 return 'unknown';
193 }
194 return $lookup[$type];
195 }
196}
197
198// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
new file mode 100644
index 00000000..b2ed860a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
@@ -0,0 +1,130 @@
1<?php
2
3/**
4 * Performs safe variable parsing based on types which can be used by
5 * users. This may not be able to represent all possible data inputs,
6 * however.
7 */
8class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
9{
10 /**
11 * @param mixed $var
12 * @param int $type
13 * @param bool $allow_null
14 * @return array|bool|float|int|mixed|null|string
15 * @throws HTMLPurifier_VarParserException
16 */
17 protected function parseImplementation($var, $type, $allow_null)
18 {
19 if ($allow_null && $var === null) {
20 return null;
21 }
22 switch ($type) {
23 // Note: if code "breaks" from the switch, it triggers a generic
24 // exception to be thrown. Specific errors can be specifically
25 // done here.
26 case self::MIXED:
27 case self::ISTRING:
28 case self::STRING:
29 case self::TEXT:
30 case self::ITEXT:
31 return $var;
32 case self::INT:
33 if (is_string($var) && ctype_digit($var)) {
34 $var = (int)$var;
35 }
36 return $var;
37 case self::FLOAT:
38 if ((is_string($var) && is_numeric($var)) || is_int($var)) {
39 $var = (float)$var;
40 }
41 return $var;
42 case self::BOOL:
43 if (is_int($var) && ($var === 0 || $var === 1)) {
44 $var = (bool)$var;
45 } elseif (is_string($var)) {
46 if ($var == 'on' || $var == 'true' || $var == '1') {
47 $var = true;
48 } elseif ($var == 'off' || $var == 'false' || $var == '0') {
49 $var = false;
50 } else {
51 throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
52 }
53 }
54 return $var;
55 case self::ALIST:
56 case self::HASH:
57 case self::LOOKUP:
58 if (is_string($var)) {
59 // special case: technically, this is an array with
60 // a single empty string item, but having an empty
61 // array is more intuitive
62 if ($var == '') {
63 return array();
64 }
65 if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
66 // simplistic string to array method that only works
67 // for simple lists of tag names or alphanumeric characters
68 $var = explode(',', $var);
69 } else {
70 $var = preg_split('/(,|[\n\r]+)/', $var);
71 }
72 // remove spaces
73 foreach ($var as $i => $j) {
74 $var[$i] = trim($j);
75 }
76 if ($type === self::HASH) {
77 // key:value,key2:value2
78 $nvar = array();
79 foreach ($var as $keypair) {
80 $c = explode(':', $keypair, 2);
81 if (!isset($c[1])) {
82 continue;
83 }
84 $nvar[trim($c[0])] = trim($c[1]);
85 }
86 $var = $nvar;
87 }
88 }
89 if (!is_array($var)) {
90 break;
91 }
92 $keys = array_keys($var);
93 if ($keys === array_keys($keys)) {
94 if ($type == self::ALIST) {
95 return $var;
96 } elseif ($type == self::LOOKUP) {
97 $new = array();
98 foreach ($var as $key) {
99 $new[$key] = true;
100 }
101 return $new;
102 } else {
103 break;
104 }
105 }
106 if ($type === self::ALIST) {
107 trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING);
108 return array_values($var);
109 }
110 if ($type === self::LOOKUP) {
111 foreach ($var as $key => $value) {
112 if ($value !== true) {
113 trigger_error(
114 "Lookup array has non-true value at key '$key'; " .
115 "maybe your input array was not indexed numerically",
116 E_USER_WARNING
117 );
118 }
119 $var[$key] = true;
120 }
121 }
122 return $var;
123 default:
124 $this->errorInconsistent(__CLASS__, $type);
125 }
126 $this->errorGeneric($var, $type);
127 }
128}
129
130// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php
new file mode 100644
index 00000000..c28055b5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php
@@ -0,0 +1,38 @@
1<?php
2
3/**
4 * This variable parser uses PHP's internal code engine. Because it does
5 * this, it can represent all inputs; however, it is dangerous and cannot
6 * be used by users.
7 */
8class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
9{
10
11 /**
12 * @param mixed $var
13 * @param int $type
14 * @param bool $allow_null
15 * @return null|string
16 */
17 protected function parseImplementation($var, $type, $allow_null)
18 {
19 return $this->evalExpression($var);
20 }
21
22 /**
23 * @param string $expr
24 * @return mixed
25 * @throws HTMLPurifier_VarParserException
26 */
27 protected function evalExpression($expr)
28 {
29 $var = null;
30 $result = eval("\$var = $expr;");
31 if ($result === false) {
32 throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
33 }
34 return $var;
35 }
36}
37
38// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParserException.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParserException.php
new file mode 100644
index 00000000..82e465d6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParserException.php
@@ -0,0 +1,11 @@
1<?php
2
3/**
4 * Exception type for HTMLPurifier_VarParser
5 */
6class HTMLPurifier_VarParserException extends HTMLPurifier_Exception
7{
8
9}
10
11// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Zipper.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Zipper.php
new file mode 100644
index 00000000..a358fff0
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Zipper.php
@@ -0,0 +1,157 @@
1<?php
2
3/**
4 * A zipper is a purely-functional data structure which contains
5 * a focus that can be efficiently manipulated. It is known as
6 * a "one-hole context". This mutable variant implements a zipper
7 * for a list as a pair of two arrays, laid out as follows:
8 *
9 * Base list: 1 2 3 4 [ ] 6 7 8 9
10 * Front list: 1 2 3 4
11 * Back list: 9 8 7 6
12 *
13 * User is expected to keep track of the "current element" and properly
14 * fill it back in as necessary. (ToDo: Maybe it's more user friendly
15 * to implicitly track the current element?)
16 *
17 * Nota bene: the current class gets confused if you try to store NULLs
18 * in the list.
19 */
20
21class HTMLPurifier_Zipper
22{
23 public $front, $back;
24
25 public function __construct($front, $back) {
26 $this->front = $front;
27 $this->back = $back;
28 }
29
30 /**
31 * Creates a zipper from an array, with a hole in the
32 * 0-index position.
33 * @param Array to zipper-ify.
34 * @return Tuple of zipper and element of first position.
35 */
36 static public function fromArray($array) {
37 $z = new self(array(), array_reverse($array));
38 $t = $z->delete(); // delete the "dummy hole"
39 return array($z, $t);
40 }
41
42 /**
43 * Convert zipper back into a normal array, optionally filling in
44 * the hole with a value. (Usually you should supply a $t, unless you
45 * are at the end of the array.)
46 */
47 public function toArray($t = NULL) {
48 $a = $this->front;
49 if ($t !== NULL) $a[] = $t;
50 for ($i = count($this->back)-1; $i >= 0; $i--) {
51 $a[] = $this->back[$i];
52 }
53 return $a;
54 }
55
56 /**
57 * Move hole to the next element.
58 * @param $t Element to fill hole with
59 * @return Original contents of new hole.
60 */
61 public function next($t) {
62 if ($t !== NULL) array_push($this->front, $t);
63 return empty($this->back) ? NULL : array_pop($this->back);
64 }
65
66 /**
67 * Iterated hole advancement.
68 * @param $t Element to fill hole with
69 * @param $i How many forward to advance hole
70 * @return Original contents of new hole, i away
71 */
72 public function advance($t, $n) {
73 for ($i = 0; $i < $n; $i++) {
74 $t = $this->next($t);
75 }
76 return $t;
77 }
78
79 /**
80 * Move hole to the previous element
81 * @param $t Element to fill hole with
82 * @return Original contents of new hole.
83 */
84 public function prev($t) {
85 if ($t !== NULL) array_push($this->back, $t);
86 return empty($this->front) ? NULL : array_pop($this->front);
87 }
88
89 /**
90 * Delete contents of current hole, shifting hole to
91 * next element.
92 * @return Original contents of new hole.
93 */
94 public function delete() {
95 return empty($this->back) ? NULL : array_pop($this->back);
96 }
97
98 /**
99 * Returns true if we are at the end of the list.
100 * @return bool
101 */
102 public function done() {
103 return empty($this->back);
104 }
105
106 /**
107 * Insert element before hole.
108 * @param Element to insert
109 */
110 public function insertBefore($t) {
111 if ($t !== NULL) array_push($this->front, $t);
112 }
113
114 /**
115 * Insert element after hole.
116 * @param Element to insert
117 */
118 public function insertAfter($t) {
119 if ($t !== NULL) array_push($this->back, $t);
120 }
121
122 /**
123 * Splice in multiple elements at hole. Functional specification
124 * in terms of array_splice:
125 *
126 * $arr1 = $arr;
127 * $old1 = array_splice($arr1, $i, $delete, $replacement);
128 *
129 * list($z, $t) = HTMLPurifier_Zipper::fromArray($arr);
130 * $t = $z->advance($t, $i);
131 * list($old2, $t) = $z->splice($t, $delete, $replacement);
132 * $arr2 = $z->toArray($t);
133 *
134 * assert($old1 === $old2);
135 * assert($arr1 === $arr2);
136 *
137 * NB: the absolute index location after this operation is
138 * *unchanged!*
139 *
140 * @param Current contents of hole.
141 */
142 public function splice($t, $delete, $replacement) {
143 // delete
144 $old = array();
145 $r = $t;
146 for ($i = $delete; $i > 0; $i--) {
147 $old[] = $r;
148 $r = $this->delete();
149 }
150 // insert
151 for ($i = count($replacement)-1; $i >= 0; $i--) {
152 $this->insertAfter($r);
153 $r = $replacement[$i];
154 }
155 return array($old, $r);
156 }
157}