10 files changed, 627 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
new file mode 100644
index 00000000..1463c647
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Validates a boolean attribute
+ */
+class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
+{
+    /**
+     * @type bool
+     */
+    protected $name;
+    /**
+     * @type bool
+     */
+    public $minimized = true;
+    /**
+     * @param bool $name
+     */
+    public function __construct($name = false)
+    {
+        $this->name = $name;
+    }
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        if (empty($string)) {
+            return false;
+        }
+        return $this->name;
+    }
+    /**
+     * @param string $string Name of attribute
+     * @return HTMLPurifier_AttrDef_HTML_Bool
+     */
+    public function make($string)
+    {
+        return new HTMLPurifier_AttrDef_HTML_Bool($string);
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
new file mode 100644
index 00000000..b874c7e1
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * Implements special behavior for class attribute (normally NMTOKENS)
+ */
+class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    protected function split($string, $config, $context)
+    {
+        // really, this twiddle should be lazy loaded
+        $name = $config->getDefinition('HTML')->doctype->name;
+        if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
+            return parent::split($string, $config, $context);
+        } else {
+            return preg_split('/\s+/', $string);
+        }
+    }
+    /**
+     * @param array $tokens
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return array
+     */
+    protected function filter($tokens, $config, $context)
+    {
+        $allowed = $config->get('Attr.AllowedClasses');
+        $forbidden = $config->get('Attr.ForbiddenClasses');
+        $ret = array();
+        foreach ($tokens as $token) {
+            if (($allowed === null || isset($allowed[$token])) &&
+                !isset($forbidden[$token]) &&
+                // We need this O(n) check because of PHP's array
+                // implementation that casts -0 to 0.
+                !in_array($token, $ret, true)
+            ) {
+                $ret[] = $token;
+            }
+        }
+        return $ret;
+    }
+}
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
new file mode 100644
index 00000000..25c93fc6
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Validates a color according to the HTML spec.
+ */
+class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        static $colors = null;
+        if ($colors === null) {
+            $colors = $config->get('Core.ColorKeywords');
+        }
+        $string = trim($string);
+        if (empty($string)) {
+            return false;
+        }
+        $lower = strtolower($string);
+        if (isset($colors[$lower])) {
+            return $colors[$lower];
+        }
+        if ($string[0] === '#') {
+            $hex = substr($string, 1);
+        } else {
+            $hex = $string;
+        }
+        $length = strlen($hex);
+        if ($length !== 3 && $length !== 6) {
+            return false;
+        }
+        if (!ctype_xdigit($hex)) {
+            return false;
+        }
+        if ($length === 3) {
+            $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
+        }
+        return "#$hex";
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
new file mode 100644
index 00000000..7446b6da
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * Special-case enum attribute definition that lazy loads allowed frame targets
+ */
+class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
+{
+    /**
+     * @type array
+     */
+    public $valid_values = false; // uninitialized value
+    /**
+     * @type bool
+     */
+    protected $case_sensitive = false;
+    public function __construct()
+    {
+    }
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        if ($this->valid_values === false) {
+            $this->valid_values = $config->get('Attr.AllowedFrameTargets');
+        }
+        return parent::validate($string, $config, $context);
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
new file mode 100644
index 00000000..ccd4a24a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
@@ -0,0 +1,105 @@
+<?php
+/**
+ * Validates the HTML attribute ID.
+ * @warning Even though this is the id processor, it
+ *          will ignore the directive Attr:IDBlacklist, since it will only
+ *          go according to the ID accumulator. Since the accumulator is
+ *          automatically generated, it will have already absorbed the
+ *          blacklist. If you're hacking around, make sure you use load()!
+ */
+class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
+{
+    // selector is NOT a valid thing to use for IDREFs, because IDREFs
+    // *must* target IDs that exist, whereas selector #ids do not.
+    /**
+     * Determines whether or not we're validating an ID in a CSS
+     * selector context.
+     * @type bool
+     */
+    protected $selector;
+    /**
+     * @param bool $selector
+     */
+    public function __construct($selector = false)
+    {
+        $this->selector = $selector;
+    }
+    /**
+     * @param string $id
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($id, $config, $context)
+    {
+        if (!$this->selector && !$config->get('Attr.EnableID')) {
+            return false;
+        }
+        $id = trim($id); // trim it first
+        if ($id === '') {
+            return false;
+        }
+        $prefix = $config->get('Attr.IDPrefix');
+        if ($prefix !== '') {
+            $prefix .= $config->get('Attr.IDPrefixLocal');
+            // prevent re-appending the prefix
+            if (strpos($id, $prefix) !== 0) {
+                $id = $prefix . $id;
+            }
+        } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
+            trigger_error(
+                '%Attr.IDPrefixLocal cannot be used unless ' .
+                '%Attr.IDPrefix is set',
+                E_USER_WARNING
+            );
+        }
+        if (!$this->selector) {
+            $id_accumulator =& $context->get('IDAccumulator');
+            if (isset($id_accumulator->ids[$id])) {
+                return false;
+            }
+        }
+        // we purposely avoid using regex, hopefully this is faster
+        if (ctype_alpha($id)) {
+            $result = true;
+        } else {
+            if (!ctype_alpha(@$id[0])) {
+                return false;
+            }
+            // primitive style of regexps, I suppose
+            $trim = trim(
+                $id,
+                'A..Za..z0..9:-._'
+            );
+            $result = ($trim === '');
+        }
+        $regexp = $config->get('Attr.IDBlacklistRegexp');
+        if ($regexp && preg_match($regexp, $id)) {
+            return false;
+        }
+        if (!$this->selector && $result) {
+            $id_accumulator->add($id);
+        }
+        // if no change was made to the ID, return the result
+        // else, return the new id if stripping whitespace made it
+        //     valid, or return false.
+        return $result ? $id : false;
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
new file mode 100644
index 00000000..c8f51886
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Validates the HTML type length (not to be confused with CSS's length).
+ *
+ * This accepts integer pixels or percentages as lengths for certain
+ * HTML attributes.
+ */
+class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $string = trim($string);
+        if ($string === '') {
+            return false;
+        }
+        $parent_result = parent::validate($string, $config, $context);
+        if ($parent_result !== false) {
+            return $parent_result;
+        }
+        $length = strlen($string);
+        $last_char = $string[$length - 1];
+        if ($last_char !== '%') {
+            return false;
+        }
+        $points = substr($string, 0, $length - 1);
+        if (!is_numeric($points)) {
+            return false;
+        }
+        $points = (int)$points;
+        if ($points < 0) {
+            return '0%';
+        }
+        if ($points > 100) {
+            return '100%';
+        }
+        return ((string)$points) . '%';
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
new file mode 100644
index 00000000..3f56934f
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * Validates a rel/rev link attribute against a directive of allowed values
+ * @note We cannot use Enum because link types allow multiple
+ *       values.
+ * @note Assumes link types are ASCII text
+ */
+class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
+{
+    /**
+     * Name config attribute to pull.
+     * @type string
+     */
+    protected $name;
+    /**
+     * @param string $name
+     */
+    public function __construct($name)
+    {
+        $configLookup = array(
+            'rel' => 'AllowedRel',
+            'rev' => 'AllowedRev'
+        );
+        if (!isset($configLookup[$name])) {
+            trigger_error(
+                'Unrecognized attribute name for link ' .
+                'relationship.',
+                E_USER_ERROR
+            );
+            return;
+        }
+        $this->name = $configLookup[$name];
+    }
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $allowed = $config->get('Attr.' . $this->name);
+        if (empty($allowed)) {
+            return false;
+        }
+        $string = $this->parseCDATA($string);
+        $parts = explode(' ', $string);
+        // lookup to prevent duplicates
+        $ret_lookup = array();
+        foreach ($parts as $part) {
+            $part = strtolower(trim($part));
+            if (!isset($allowed[$part])) {
+                continue;
+            }
+            $ret_lookup[$part] = true;
+        }
+        if (empty($ret_lookup)) {
+            return false;
+        }
+        $string = implode(' ', array_keys($ret_lookup));
+        return $string;
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
new file mode 100644
index 00000000..eb713e15
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
@@ -0,0 +1,60 @@
+<?php
+/**
+ * Validates a MultiLength as defined by the HTML spec.
+ *
+ * A multilength is either a integer (pixel count), a percentage, or
+ * a relative number.
+ */
+class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $string = trim($string);
+        if ($string === '') {
+            return false;
+        }
+        $parent_result = parent::validate($string, $config, $context);
+        if ($parent_result !== false) {
+            return $parent_result;
+        }
+        $length = strlen($string);
+        $last_char = $string[$length - 1];
+        if ($last_char !== '*') {
+            return false;
+        }
+        $int = substr($string, 0, $length - 1);
+        if ($int == '') {
+            return '*';
+        }
+        if (!is_numeric($int)) {
+            return false;
+        }
+        $int = (int)$int;
+        if ($int < 0) {
+            return false;
+        }
+        if ($int == 0) {
+            return '0';
+        }
+        if ($int == 1) {
+            return '*';
+        }
+        return ((string)$int) . '*';
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
new file mode 100644
index 00000000..ecb070c3
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * Validates contents based on NMTOKENS attribute type.
+ */
+class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $string = trim($string);
+        // early abort: '' and '0' (strings that convert to false) are invalid
+        if (!$string) {
+            return false;
+        }
+        $tokens = $this->split($string, $config, $context);
+        $tokens = $this->filter($tokens, $config, $context);
+        if (empty($tokens)) {
+            return false;
+        }
+        return implode(' ', $tokens);
+    }
+    /**
+     * Splits a space separated list of tokens into its constituent parts.
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return array
+     */
+    protected function split($string, $config, $context)
+    {
+        // OPTIMIZABLE!
+        // do the preg_match, capture all subpatterns for reformulation
+        // we don't support U+00A1 and up codepoints or
+        // escaping because I don't know how to do that with regexps
+        // and plus it would complicate optimization efforts (you never
+        // see that anyway).
+        $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start
+            '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' .
+            '(?:(?=\s)|\z)/'; // look ahead for space or string end
+        preg_match_all($pattern, $string, $matches);
+        return $matches[1];
+    }
+    /**
+     * Template method for removing certain tokens based on arbitrary criteria.
+     * @note If we wanted to be really functional, we'd do an array_filter
+     *       with a callback. But... we're not.
+     * @param array $tokens
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return array
+     */
+    protected function filter($tokens, $config, $context)
+    {
+        return $tokens;
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
new file mode 100644
index 00000000..1a68f238
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
@@ -0,0 +1,76 @@
+<?php
+/**
+ * Validates an integer representation of pixels according to the HTML spec.
+ */
+class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
+{
+    /**
+     * @type int
+     */
+    protected $max;
+    /**
+     * @param int $max
+     */
+    public function __construct($max = null)
+    {
+        $this->max = $max;
+    }
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $string = trim($string);
+        if ($string === '0') {
+            return $string;
+        }
+        if ($string === '') {
+            return false;
+        }
+        $length = strlen($string);
+        if (substr($string, $length - 2) == 'px') {
+            $string = substr($string, 0, $length - 2);
+        }
+        if (!is_numeric($string)) {
+            return false;
+        }
+        $int = (int)$string;
+        if ($int < 0) {
+            return '0';
+        }
+        // upper-bound value, extremely high values can
+        // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
+        // WARNING, above link WILL crash you if you're using Windows
+        if ($this->max !== null && $int > $this->max) {
+            return (string)$this->max;
+        }
+        return (string)$int;
+    }
+    /**
+     * @param string $string
+     * @return HTMLPurifier_AttrDef
+     */
+    public function make($string)
+    {
+        if ($string === '') {
+            $max = null;
+        } else {
+            $max = (int)$string;
+        }
+        $class = get_class($this);
+        return new $class($max);
+    }
+}
+// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php new file mode 100644 index 00000000..1463c647 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
@@ -0,0 +1,51 @@
	1	<?php
	2
	3	/**
	4	* Validates a boolean attribute
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
	7	{
	8
	9	/**
	10	* @type bool
	11	*/
	12	protected $name;
	13
	14	/**
	15	* @type bool
	16	*/
	17	public $minimized = true;
	18
	19	/**
	20	* @param bool $name
	21	*/
	22	public function __construct($name = false)
	23	{
	24	$this->name = $name;
	25	}
	26
	27	/**
	28	* @param string $string
	29	* @param HTMLPurifier_Config $config
	30	* @param HTMLPurifier_Context $context
	31	* @return bool\|string
	32	*/
	33	public function validate($string, $config, $context)
	34	{
	35	if (empty($string)) {
	36	return false;
	37	}
	38	return $this->name;
	39	}
	40
	41	/**
	42	* @param string $string Name of attribute
	43	* @return HTMLPurifier_AttrDef_HTML_Bool
	44	*/
	45	public function make($string)
	46	{
	47	return new HTMLPurifier_AttrDef_HTML_Bool($string);
	48	}
	49	}
	50
	51	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php new file mode 100644 index 00000000..b874c7e1 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,48 @@
	1	<?php
	2
	3	/**
	4	* Implements special behavior for class attribute (normally NMTOKENS)
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
	7	{
	8	/**
	9	* @param string $string
	10	* @param HTMLPurifier_Config $config
	11	* @param HTMLPurifier_Context $context
	12	* @return bool\|string
	13	*/
	14	protected function split($string, $config, $context)
	15	{
	16	// really, this twiddle should be lazy loaded
	17	$name = $config->getDefinition('HTML')->doctype->name;
	18	if ($name == "XHTML 1.1" \|\| $name == "XHTML 2.0") {
	19	return parent::split($string, $config, $context);
	20	} else {
	21	return preg_split('/\s+/', $string);
	22	}
	23	}
	24
	25	/**
	26	* @param array $tokens
	27	* @param HTMLPurifier_Config $config
	28	* @param HTMLPurifier_Context $context
	29	* @return array
	30	*/
	31	protected function filter($tokens, $config, $context)
	32	{
	33	$allowed = $config->get('Attr.AllowedClasses');
	34	$forbidden = $config->get('Attr.ForbiddenClasses');
	35	$ret = array();
	36	foreach ($tokens as $token) {
	37	if (($allowed === null \|\| isset($allowed[$token])) &&
	38	!isset($forbidden[$token]) &&
	39	// We need this O(n) check because of PHP's array
	40	// implementation that casts -0 to 0.
	41	!in_array($token, $ret, true)
	42	) {
	43	$ret[] = $token;
	44	}
	45	}
	46	return $ret;
	47	}
	48	}


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php new file mode 100644 index 00000000..25c93fc6 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
@@ -0,0 +1,51 @@
	1	<?php
	2
	3	/**
	4	* Validates a color according to the HTML spec.
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
	7	{
	8
	9	/**
	10	* @param string $string
	11	* @param HTMLPurifier_Config $config
	12	* @param HTMLPurifier_Context $context
	13	* @return bool\|string
	14	*/
	15	public function validate($string, $config, $context)
	16	{
	17	static $colors = null;
	18	if ($colors === null) {
	19	$colors = $config->get('Core.ColorKeywords');
	20	}
	21
	22	$string = trim($string);
	23
	24	if (empty($string)) {
	25	return false;
	26	}
	27	$lower = strtolower($string);
	28	if (isset($colors[$lower])) {
	29	return $colors[$lower];
	30	}
	31	if ($string[0] === '#') {
	32	$hex = substr($string, 1);
	33	} else {
	34	$hex = $string;
	35	}
	36
	37	$length = strlen($hex);
	38	if ($length !== 3 && $length !== 6) {
	39	return false;
	40	}
	41	if (!ctype_xdigit($hex)) {
	42	return false;
	43	}
	44	if ($length === 3) {
	45	$hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
	46	}
	47	return "#$hex";
	48	}
	49	}
	50
	51	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php new file mode 100644 index 00000000..7446b6da --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
@@ -0,0 +1,38 @@
	1	<?php
	2
	3	/**
	4	* Special-case enum attribute definition that lazy loads allowed frame targets
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
	7	{
	8
	9	/**
	10	* @type array
	11	*/
	12	public $valid_values = false; // uninitialized value
	13
	14	/**
	15	* @type bool
	16	*/
	17	protected $case_sensitive = false;
	18
	19	public function __construct()
	20	{
	21	}
	22
	23	/**
	24	* @param string $string
	25	* @param HTMLPurifier_Config $config
	26	* @param HTMLPurifier_Context $context
	27	* @return bool\|string
	28	*/
	29	public function validate($string, $config, $context)
	30	{
	31	if ($this->valid_values === false) {
	32	$this->valid_values = $config->get('Attr.AllowedFrameTargets');
	33	}
	34	return parent::validate($string, $config, $context);
	35	}
	36	}
	37
	38	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php new file mode 100644 index 00000000..ccd4a24a --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
@@ -0,0 +1,105 @@
	1	<?php
	2
	3	/**
	4	* Validates the HTML attribute ID.
	5	* @warning Even though this is the id processor, it
	6	* will ignore the directive Attr:IDBlacklist, since it will only
	7	* go according to the ID accumulator. Since the accumulator is
	8	* automatically generated, it will have already absorbed the
	9	* blacklist. If you're hacking around, make sure you use load()!
	10	*/
	11
	12	class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
	13	{
	14
	15	// selector is NOT a valid thing to use for IDREFs, because IDREFs
	16	// must target IDs that exist, whereas selector #ids do not.
	17
	18	/**
	19	* Determines whether or not we're validating an ID in a CSS
	20	* selector context.
	21	* @type bool
	22	*/
	23	protected $selector;
	24
	25	/**
	26	* @param bool $selector
	27	*/
	28	public function __construct($selector = false)
	29	{
	30	$this->selector = $selector;
	31	}
	32
	33	/**
	34	* @param string $id
	35	* @param HTMLPurifier_Config $config
	36	* @param HTMLPurifier_Context $context
	37	* @return bool\|string
	38	*/
	39	public function validate($id, $config, $context)
	40	{
	41	if (!$this->selector && !$config->get('Attr.EnableID')) {
	42	return false;
	43	}
	44
	45	$id = trim($id); // trim it first
	46
	47	if ($id === '') {
	48	return false;
	49	}
	50
	51	$prefix = $config->get('Attr.IDPrefix');
	52	if ($prefix !== '') {
	53	$prefix .= $config->get('Attr.IDPrefixLocal');
	54	// prevent re-appending the prefix
	55	if (strpos($id, $prefix) !== 0) {
	56	$id = $prefix . $id;
	57	}
	58	} elseif ($config->get('Attr.IDPrefixLocal') !== '') {
	59	trigger_error(
	60	'%Attr.IDPrefixLocal cannot be used unless ' .
	61	'%Attr.IDPrefix is set',
	62	E_USER_WARNING
	63	);
	64	}
	65
	66	if (!$this->selector) {
	67	$id_accumulator =& $context->get('IDAccumulator');
	68	if (isset($id_accumulator->ids[$id])) {
	69	return false;
	70	}
	71	}
	72
	73	// we purposely avoid using regex, hopefully this is faster
	74
	75	if (ctype_alpha($id)) {
	76	$result = true;
	77	} else {
	78	if (!ctype_alpha(@$id[0])) {
	79	return false;
	80	}
	81	// primitive style of regexps, I suppose
	82	$trim = trim(
	83	$id,
	84	'A..Za..z0..9:-._'
	85	);
	86	$result = ($trim === '');
	87	}
	88
	89	$regexp = $config->get('Attr.IDBlacklistRegexp');
	90	if ($regexp && preg_match($regexp, $id)) {
	91	return false;
	92	}
	93
	94	if (!$this->selector && $result) {
	95	$id_accumulator->add($id);
	96	}
	97
	98	// if no change was made to the ID, return the result
	99	// else, return the new id if stripping whitespace made it
	100	// valid, or return false.
	101	return $result ? $id : false;
	102	}
	103	}
	104
	105	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php new file mode 100644 index 00000000..c8f51886 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
@@ -0,0 +1,56 @@
	1	<?php
	2
	3	/**
	4	* Validates the HTML type length (not to be confused with CSS's length).
	5	*
	6	* This accepts integer pixels or percentages as lengths for certain
	7	* HTML attributes.
	8	*/
	9
	10	class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
	11	{
	12
	13	/**
	14	* @param string $string
	15	* @param HTMLPurifier_Config $config
	16	* @param HTMLPurifier_Context $context
	17	* @return bool\|string
	18	*/
	19	public function validate($string, $config, $context)
	20	{
	21	$string = trim($string);
	22	if ($string === '') {
	23	return false;
	24	}
	25
	26	$parent_result = parent::validate($string, $config, $context);
	27	if ($parent_result !== false) {
	28	return $parent_result;
	29	}
	30
	31	$length = strlen($string);
	32	$last_char = $string[$length - 1];
	33
	34	if ($last_char !== '%') {
	35	return false;
	36	}
	37
	38	$points = substr($string, 0, $length - 1);
	39
	40	if (!is_numeric($points)) {
	41	return false;
	42	}
	43
	44	$points = (int)$points;
	45
	46	if ($points < 0) {
	47	return '0%';
	48	}
	49	if ($points > 100) {
	50	return '100%';
	51	}
	52	return ((string)$points) . '%';
	53	}
	54	}
	55
	56	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php new file mode 100644 index 00000000..3f56934f --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
@@ -0,0 +1,72 @@
	1	<?php
	2
	3	/**
	4	* Validates a rel/rev link attribute against a directive of allowed values
	5	* @note We cannot use Enum because link types allow multiple
	6	* values.
	7	* @note Assumes link types are ASCII text
	8	*/
	9	class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
	10	{
	11
	12	/**
	13	* Name config attribute to pull.
	14	* @type string
	15	*/
	16	protected $name;
	17
	18	/**
	19	* @param string $name
	20	*/
	21	public function __construct($name)
	22	{
	23	$configLookup = array(
	24	'rel' => 'AllowedRel',
	25	'rev' => 'AllowedRev'
	26	);
	27	if (!isset($configLookup[$name])) {
	28	trigger_error(
	29	'Unrecognized attribute name for link ' .
	30	'relationship.',
	31	E_USER_ERROR
	32	);
	33	return;
	34	}
	35	$this->name = $configLookup[$name];
	36	}
	37
	38	/**
	39	* @param string $string
	40	* @param HTMLPurifier_Config $config
	41	* @param HTMLPurifier_Context $context
	42	* @return bool\|string
	43	*/
	44	public function validate($string, $config, $context)
	45	{
	46	$allowed = $config->get('Attr.' . $this->name);
	47	if (empty($allowed)) {
	48	return false;
	49	}
	50
	51	$string = $this->parseCDATA($string);
	52	$parts = explode(' ', $string);
	53
	54	// lookup to prevent duplicates
	55	$ret_lookup = array();
	56	foreach ($parts as $part) {
	57	$part = strtolower(trim($part));
	58	if (!isset($allowed[$part])) {
	59	continue;
	60	}
	61	$ret_lookup[$part] = true;
	62	}
	63
	64	if (empty($ret_lookup)) {
	65	return false;
	66	}
	67	$string = implode(' ', array_keys($ret_lookup));
	68	return $string;
	69	}
	70	}
	71
	72	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php new file mode 100644 index 00000000..eb713e15 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
@@ -0,0 +1,60 @@
	1	<?php
	2
	3	/**
	4	* Validates a MultiLength as defined by the HTML spec.
	5	*
	6	* A multilength is either a integer (pixel count), a percentage, or
	7	* a relative number.
	8	*/
	9	class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
	10	{
	11
	12	/**
	13	* @param string $string
	14	* @param HTMLPurifier_Config $config
	15	* @param HTMLPurifier_Context $context
	16	* @return bool\|string
	17	*/
	18	public function validate($string, $config, $context)
	19	{
	20	$string = trim($string);
	21	if ($string === '') {
	22	return false;
	23	}
	24
	25	$parent_result = parent::validate($string, $config, $context);
	26	if ($parent_result !== false) {
	27	return $parent_result;
	28	}
	29
	30	$length = strlen($string);
	31	$last_char = $string[$length - 1];
	32
	33	if ($last_char !== '*') {
	34	return false;
	35	}
	36
	37	$int = substr($string, 0, $length - 1);
	38
	39	if ($int == '') {
	40	return '*';
	41	}
	42	if (!is_numeric($int)) {
	43	return false;
	44	}
	45
	46	$int = (int)$int;
	47	if ($int < 0) {
	48	return false;
	49	}
	50	if ($int == 0) {
	51	return '0';
	52	}
	53	if ($int == 1) {
	54	return '*';
	55	}
	56	return ((string)$int) . '*';
	57	}
	58	}
	59
	60	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php new file mode 100644 index 00000000..ecb070c3 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
@@ -0,0 +1,70 @@
	1	<?php
	2
	3	/**
	4	* Validates contents based on NMTOKENS attribute type.
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
	7	{
	8
	9	/**
	10	* @param string $string
	11	* @param HTMLPurifier_Config $config
	12	* @param HTMLPurifier_Context $context
	13	* @return bool\|string
	14	*/
	15	public function validate($string, $config, $context)
	16	{
	17	$string = trim($string);
	18
	19	// early abort: '' and '0' (strings that convert to false) are invalid
	20	if (!$string) {
	21	return false;
	22	}
	23
	24	$tokens = $this->split($string, $config, $context);
	25	$tokens = $this->filter($tokens, $config, $context);
	26	if (empty($tokens)) {
	27	return false;
	28	}
	29	return implode(' ', $tokens);
	30	}
	31
	32	/**
	33	* Splits a space separated list of tokens into its constituent parts.
	34	* @param string $string
	35	* @param HTMLPurifier_Config $config
	36	* @param HTMLPurifier_Context $context
	37	* @return array
	38	*/
	39	protected function split($string, $config, $context)
	40	{
	41	// OPTIMIZABLE!
	42	// do the preg_match, capture all subpatterns for reformulation
	43
	44	// we don't support U+00A1 and up codepoints or
	45	// escaping because I don't know how to do that with regexps
	46	// and plus it would complicate optimization efforts (you never
	47	// see that anyway).
	48	$pattern = '/(?:(?<=\s)\|\A)' . // look behind for space or string start
	49	'((?:--\|-?[A-Za-z_])[A-Za-z_\-0-9]*)' .
	50	'(?:(?=\s)\|\z)/'; // look ahead for space or string end
	51	preg_match_all($pattern, $string, $matches);
	52	return $matches[1];
	53	}
	54
	55	/**
	56	* Template method for removing certain tokens based on arbitrary criteria.
	57	* @note If we wanted to be really functional, we'd do an array_filter
	58	* with a callback. But... we're not.
	59	* @param array $tokens
	60	* @param HTMLPurifier_Config $config
	61	* @param HTMLPurifier_Context $context
	62	* @return array
	63	*/
	64	protected function filter($tokens, $config, $context)
	65	{
	66	return $tokens;
	67	}
	68	}
	69
	70	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php new file mode 100644 index 00000000..1a68f238 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
@@ -0,0 +1,76 @@
	1	<?php
	2
	3	/**
	4	* Validates an integer representation of pixels according to the HTML spec.
	5	*/
	6	class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
	7	{
	8
	9	/**
	10	* @type int
	11	*/
	12	protected $max;
	13
	14	/**
	15	* @param int $max
	16	*/
	17	public function __construct($max = null)
	18	{
	19	$this->max = $max;
	20	}
	21
	22	/**
	23	* @param string $string
	24	* @param HTMLPurifier_Config $config
	25	* @param HTMLPurifier_Context $context
	26	* @return bool\|string
	27	*/
	28	public function validate($string, $config, $context)
	29	{
	30	$string = trim($string);
	31	if ($string === '0') {
	32	return $string;
	33	}
	34	if ($string === '') {
	35	return false;
	36	}
	37	$length = strlen($string);
	38	if (substr($string, $length - 2) == 'px') {
	39	$string = substr($string, 0, $length - 2);
	40	}
	41	if (!is_numeric($string)) {
	42	return false;
	43	}
	44	$int = (int)$string;
	45
	46	if ($int < 0) {
	47	return '0';
	48	}
	49
	50	// upper-bound value, extremely high values can
	51	// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
	52	// WARNING, above link WILL crash you if you're using Windows
	53
	54	if ($this->max !== null && $int > $this->max) {
	55	return (string)$this->max;
	56	}
	57	return (string)$int;
	58	}
	59
	60	/**
	61	* @param string $string
	62	* @return HTMLPurifier_AttrDef
	63	*/
	64	public function make($string)
	65	{
	66	if ($string === '') {
	67	$max = null;
	68	} else {
	69	$max = (int)$string;
	70	}
	71	$class = get_class($this);
	72	return new $class($max);
	73	}
	74	}
	75
	76	// vim: et sw=4 sts=4