1 files changed, 106 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
new file mode 100644
index 00000000..81afcf96
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
@@ -0,0 +1,106 @@
+<?php
+/**
+ * Validates the HTML attribute style, otherwise known as CSS.
+ * @note We don't implement the whole CSS specification, so it might be
+ *       difficult to reuse this component in the context of validating
+ *       actual stylesheet declarations.
+ * @note If we were really serious about validating the CSS, we would
+ *       tokenize the styles and then parse the tokens. Obviously, we
+ *       are not doing that. Doing that could seriously harm performance,
+ *       but would make these components a lot more viable for a CSS
+ *       filtering solution.
+ */
+class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
+{
+    /**
+     * @param string $css
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($css, $config, $context)
+    {
+        $css = $this->parseCDATA($css);
+        $definition = $config->getCSSDefinition();
+        // we're going to break the spec and explode by semicolons.
+        // This is because semicolon rarely appears in escaped form
+        // Doing this is generally flaky but fast
+        // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
+        // for details
+        $declarations = explode(';', $css);
+        $propvalues = array();
+        /**
+         * Name of the current CSS property being validated.
+         */
+        $property = false;
+        $context->register('CurrentCSSProperty', $property);
+        foreach ($declarations as $declaration) {
+            if (!$declaration) {
+                continue;
+            }
+            if (!strpos($declaration, ':')) {
+                continue;
+            }
+            list($property, $value) = explode(':', $declaration, 2);
+            $property = trim($property);
+            $value = trim($value);
+            $ok = false;
+            do {
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+                if (ctype_lower($property)) {
+                    break;
+                }
+                $property = strtolower($property);
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+            } while (0);
+            if (!$ok) {
+                continue;
+            }
+            // inefficient call, since the validator will do this again
+            if (strtolower(trim($value)) !== 'inherit') {
+                // inherit works for everything (but only on the base property)
+                $result = $definition->info[$property]->validate(
+                    $value,
+                    $config,
+                    $context
+                );
+            } else {
+                $result = 'inherit';
+            }
+            if ($result === false) {
+                continue;
+            }
+            $propvalues[$property] = $result;
+        }
+        $context->destroy('CurrentCSSProperty');
+        // procedure does not write the new CSS simultaneously, so it's
+        // slightly inefficient, but it's the only way of getting rid of
+        // duplicates. Perhaps config to optimize it, but not now.
+        $new_declarations = '';
+        foreach ($propvalues as $prop => $value) {
+            $new_declarations .= "$prop:$value;";
+        }
+        return $new_declarations ? $new_declarations : false;
+    }
+}
+// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php new file mode 100644 index 00000000..81afcf96 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
@@ -0,0 +1,106 @@
	1	<?php
	2
	3	/**
	4	* Validates the HTML attribute style, otherwise known as CSS.
	5	* @note We don't implement the whole CSS specification, so it might be
	6	* difficult to reuse this component in the context of validating
	7	* actual stylesheet declarations.
	8	* @note If we were really serious about validating the CSS, we would
	9	* tokenize the styles and then parse the tokens. Obviously, we
	10	* are not doing that. Doing that could seriously harm performance,
	11	* but would make these components a lot more viable for a CSS
	12	* filtering solution.
	13	*/
	14	class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
	15	{
	16
	17	/**
	18	* @param string $css
	19	* @param HTMLPurifier_Config $config
	20	* @param HTMLPurifier_Context $context
	21	* @return bool\|string
	22	*/
	23	public function validate($css, $config, $context)
	24	{
	25	$css = $this->parseCDATA($css);
	26
	27	$definition = $config->getCSSDefinition();
	28
	29	// we're going to break the spec and explode by semicolons.
	30	// This is because semicolon rarely appears in escaped form
	31	// Doing this is generally flaky but fast
	32	// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
	33	// for details
	34
	35	$declarations = explode(';', $css);
	36	$propvalues = array();
	37
	38	/**
	39	* Name of the current CSS property being validated.
	40	*/
	41	$property = false;
	42	$context->register('CurrentCSSProperty', $property);
	43
	44	foreach ($declarations as $declaration) {
	45	if (!$declaration) {
	46	continue;
	47	}
	48	if (!strpos($declaration, ':')) {
	49	continue;
	50	}
	51	list($property, $value) = explode(':', $declaration, 2);
	52	$property = trim($property);
	53	$value = trim($value);
	54	$ok = false;
	55	do {
	56	if (isset($definition->info[$property])) {
	57	$ok = true;
	58	break;
	59	}
	60	if (ctype_lower($property)) {
	61	break;
	62	}
	63	$property = strtolower($property);
	64	if (isset($definition->info[$property])) {
	65	$ok = true;
	66	break;
	67	}
	68	} while (0);
	69	if (!$ok) {
	70	continue;
	71	}
	72	// inefficient call, since the validator will do this again
	73	if (strtolower(trim($value)) !== 'inherit') {
	74	// inherit works for everything (but only on the base property)
	75	$result = $definition->info[$property]->validate(
	76	$value,
	77	$config,
	78	$context
	79	);
	80	} else {
	81	$result = 'inherit';
	82	}
	83	if ($result === false) {
	84	continue;
	85	}
	86	$propvalues[$property] = $result;
	87	}
	88
	89	$context->destroy('CurrentCSSProperty');
	90
	91	// procedure does not write the new CSS simultaneously, so it's
	92	// slightly inefficient, but it's the only way of getting rid of
	93	// duplicates. Perhaps config to optimize it, but not now.
	94
	95	$new_declarations = '';
	96	foreach ($propvalues as $prop => $value) {
	97	$new_declarations .= "$prop:$value;";
	98	}
	99
	100	return $new_declarations ? $new_declarations : false;
	101
	102	}
	103
	104	}
	105
	106	// vim: et sw=4 sts=4