5 files changed, 311 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
new file mode 100644
index 00000000..846d3881
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
@@ -0,0 +1,20 @@
+<?php
+abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
+{
+    /**
+     * Unpacks a mailbox into its display-name and address
+     * @param string $string
+     * @return mixed
+     */
+    public function unpack($string)
+    {
+        // needs to be implemented
+    }
+}
+// sub-implementations
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
new file mode 100644
index 00000000..3b041ce8
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
@@ -0,0 +1,29 @@
+<?php
+/**
+ * Primitive email validation class based on the regexp found at
+ * http://www.regular-expressions.info/email.html
+ */
+class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        // no support for named mailboxes i.e. "Bob <bob@example.com>"
+        // that needs more percent encoding to be done
+        if ($string == '') {
+            return false;
+        }
+        $string = trim($string);
+        $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string);
+        return $result ? $string : false;
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
new file mode 100644
index 00000000..01457785
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
@@ -0,0 +1,128 @@
+<?php
+/**
+ * Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
+ */
+class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
+{
+    /**
+     * IPv4 sub-validator.
+     * @type HTMLPurifier_AttrDef_URI_IPv4
+     */
+    protected $ipv4;
+    /**
+     * IPv6 sub-validator.
+     * @type HTMLPurifier_AttrDef_URI_IPv6
+     */
+    protected $ipv6;
+    public function __construct()
+    {
+        $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
+        $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
+    }
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($string, $config, $context)
+    {
+        $length = strlen($string);
+        // empty hostname is OK; it's usually semantically equivalent:
+        // the default host as defined by a URI scheme is used:
+        //
+        //      If the URI scheme defines a default for host, then that
+        //      default applies when the host subcomponent is undefined
+        //      or when the registered name is empty (zero length).
+        if ($string === '') {
+            return '';
+        }
+        if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') {
+            //IPv6
+            $ip = substr($string, 1, $length - 2);
+            $valid = $this->ipv6->validate($ip, $config, $context);
+            if ($valid === false) {
+                return false;
+            }
+            return '[' . $valid . ']';
+        }
+        // need to do checks on unusual encodings too
+        $ipv4 = $this->ipv4->validate($string, $config, $context);
+        if ($ipv4 !== false) {
+            return $ipv4;
+        }
+        // A regular domain name.
+        // This doesn't match I18N domain names, but we don't have proper IRI support,
+        // so force users to insert Punycode.
+        // There is not a good sense in which underscores should be
+        // allowed, since it's technically not! (And if you go as
+        // far to allow everything as specified by the DNS spec...
+        // well, that's literally everything, modulo some space limits
+        // for the components and the overall name (which, by the way,
+        // we are NOT checking!).  So we (arbitrarily) decide this:
+        // let's allow underscores wherever we would have allowed
+        // hyphens, if they are enabled.  This is a pretty good match
+        // for browser behavior, for example, a large number of browsers
+        // cannot handle foo_.example.com, but foo_bar.example.com is
+        // fairly well supported.
+        $underscore = $config->get('Core.AllowHostnameUnderscore') ? '_' : '';
+        // The productions describing this are:
+        $a   = '[a-z]';     // alpha
+        $an  = '[a-z0-9]';  // alphanum
+        $and = "[a-z0-9-$underscore]"; // alphanum | "-"
+        // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
+        $domainlabel = "$an($and*$an)?";
+        // toplabel    = alpha | alpha *( alphanum | "-" ) alphanum
+        $toplabel = "$a($and*$an)?";
+        // hostname    = *( domainlabel "." ) toplabel [ "." ]
+        if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
+            return $string;
+        }
+        // If we have Net_IDNA2 support, we can support IRIs by
+        // punycoding them. (This is the most portable thing to do,
+        // since otherwise we have to assume browsers support
+        if ($config->get('Core.EnableIDNA')) {
+            $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true));
+            // we need to encode each period separately
+            $parts = explode('.', $string);
+            try {
+                $new_parts = array();
+                foreach ($parts as $part) {
+                    $encodable = false;
+                    for ($i = 0, $c = strlen($part); $i < $c; $i++) {
+                        if (ord($part[$i]) > 0x7a) {
+                            $encodable = true;
+                            break;
+                        }
+                    }
+                    if (!$encodable) {
+                        $new_parts[] = $part;
+                    } else {
+                        $new_parts[] = $idna->encode($part);
+                    }
+                }
+                $string = implode('.', $new_parts);
+                if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
+                    return $string;
+                }
+            } catch (Exception $e) {
+                // XXX error reporting
+            }
+        }
+        return false;
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
new file mode 100644
index 00000000..bbc8a77e
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Validates an IPv4 address
+ * @author Feyd @ forums.devnetwork.net (public domain)
+ */
+class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
+{
+    /**
+     * IPv4 regex, protected so that IPv6 can reuse it.
+     * @type string
+     */
+    protected $ip4;
+    /**
+     * @param string $aIP
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($aIP, $config, $context)
+    {
+        if (!$this->ip4) {
+            $this->_loadRegex();
+        }
+        if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) {
+            return $aIP;
+        }
+        return false;
+    }
+    /**
+     * Lazy load function to prevent regex from being stuffed in
+     * cache.
+     */
+    protected function _loadRegex()
+    {
+        $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
+        $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
new file mode 100644
index 00000000..67f148bd
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Validates an IPv6 address.
+ * @author Feyd @ forums.devnetwork.net (public domain)
+ * @note This function requires brackets to have been removed from address
+ *       in URI.
+ */
+class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
+{
+    /**
+     * @param string $aIP
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool|string
+     */
+    public function validate($aIP, $config, $context)
+    {
+        if (!$this->ip4) {
+            $this->_loadRegex();
+        }
+        $original = $aIP;
+        $hex = '[0-9a-fA-F]';
+        $blk = '(?:' . $hex . '{1,4})';
+        $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
+        //      prefix check
+        if (strpos($aIP, '/') !== false) {
+            if (preg_match('#' . $pre . '$#s', $aIP, $find)) {
+                $aIP = substr($aIP, 0, 0 - strlen($find[0]));
+                unset($find);
+            } else {
+                return false;
+            }
+        }
+        //      IPv4-compatiblity check
+        if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) {
+            $aIP = substr($aIP, 0, 0 - strlen($find[0]));
+            $ip = explode('.', $find[0]);
+            $ip = array_map('dechex', $ip);
+            $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
+            unset($find, $ip);
+        }
+        //      compression check
+        $aIP = explode('::', $aIP);
+        $c = count($aIP);
+        if ($c > 2) {
+            return false;
+        } elseif ($c == 2) {
+            list($first, $second) = $aIP;
+            $first = explode(':', $first);
+            $second = explode(':', $second);
+            if (count($first) + count($second) > 8) {
+                return false;
+            }
+            while (count($first) < 8) {
+                array_push($first, '0');
+            }
+            array_splice($first, 8 - count($second), 8, $second);
+            $aIP = $first;
+            unset($first, $second);
+        } else {
+            $aIP = explode(':', $aIP[0]);
+        }
+        $c = count($aIP);
+        if ($c != 8) {
+            return false;
+        }
+        //      All the pieces should be 16-bit hex strings. Are they?
+        foreach ($aIP as $piece) {
+            if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) {
+                return false;
+            }
+        }
+        return $original;
+    }
+}
+// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php new file mode 100644 index 00000000..846d3881 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
@@ -0,0 +1,20 @@
	1	<?php
	2
	3	abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
	4	{
	5
	6	/**
	7	* Unpacks a mailbox into its display-name and address
	8	* @param string $string
	9	* @return mixed
	10	*/
	11	public function unpack($string)
	12	{
	13	// needs to be implemented
	14	}
	15
	16	}
	17
	18	// sub-implementations
	19
	20	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php new file mode 100644 index 00000000..3b041ce8 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
@@ -0,0 +1,29 @@
	1	<?php
	2
	3	/**
	4	* Primitive email validation class based on the regexp found at
	5	* http://www.regular-expressions.info/email.html
	6	*/
	7	class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
	8	{
	9
	10	/**
	11	* @param string $string
	12	* @param HTMLPurifier_Config $config
	13	* @param HTMLPurifier_Context $context
	14	* @return bool\|string
	15	*/
	16	public function validate($string, $config, $context)
	17	{
	18	// no support for named mailboxes i.e. "Bob <bob@example.com>"
	19	// that needs more percent encoding to be done
	20	if ($string == '') {
	21	return false;
	22	}
	23	$string = trim($string);
	24	$result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string);
	25	return $result ? $string : false;
	26	}
	27	}
	28
	29	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php new file mode 100644 index 00000000..01457785 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
@@ -0,0 +1,128 @@
	1	<?php
	2
	3	/**
	4	* Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
	5	*/
	6	class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
	7	{
	8
	9	/**
	10	* IPv4 sub-validator.
	11	* @type HTMLPurifier_AttrDef_URI_IPv4
	12	*/
	13	protected $ipv4;
	14
	15	/**
	16	* IPv6 sub-validator.
	17	* @type HTMLPurifier_AttrDef_URI_IPv6
	18	*/
	19	protected $ipv6;
	20
	21	public function __construct()
	22	{
	23	$this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
	24	$this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
	25	}
	26
	27	/**
	28	* @param string $string
	29	* @param HTMLPurifier_Config $config
	30	* @param HTMLPurifier_Context $context
	31	* @return bool\|string
	32	*/
	33	public function validate($string, $config, $context)
	34	{
	35	$length = strlen($string);
	36	// empty hostname is OK; it's usually semantically equivalent:
	37	// the default host as defined by a URI scheme is used:
	38	//
	39	// If the URI scheme defines a default for host, then that
	40	// default applies when the host subcomponent is undefined
	41	// or when the registered name is empty (zero length).
	42	if ($string === '') {
	43	return '';
	44	}
	45	if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') {
	46	//IPv6
	47	$ip = substr($string, 1, $length - 2);
	48	$valid = $this->ipv6->validate($ip, $config, $context);
	49	if ($valid === false) {
	50	return false;
	51	}
	52	return '[' . $valid . ']';
	53	}
	54
	55	// need to do checks on unusual encodings too
	56	$ipv4 = $this->ipv4->validate($string, $config, $context);
	57	if ($ipv4 !== false) {
	58	return $ipv4;
	59	}
	60
	61	// A regular domain name.
	62
	63	// This doesn't match I18N domain names, but we don't have proper IRI support,
	64	// so force users to insert Punycode.
	65
	66	// There is not a good sense in which underscores should be
	67	// allowed, since it's technically not! (And if you go as
	68	// far to allow everything as specified by the DNS spec...
	69	// well, that's literally everything, modulo some space limits
	70	// for the components and the overall name (which, by the way,
	71	// we are NOT checking!). So we (arbitrarily) decide this:
	72	// let's allow underscores wherever we would have allowed
	73	// hyphens, if they are enabled. This is a pretty good match
	74	// for browser behavior, for example, a large number of browsers
	75	// cannot handle foo_.example.com, but foo_bar.example.com is
	76	// fairly well supported.
	77	$underscore = $config->get('Core.AllowHostnameUnderscore') ? '_' : '';
	78
	79	// The productions describing this are:
	80	$a = '[a-z]'; // alpha
	81	$an = '[a-z0-9]'; // alphanum
	82	$and = "[a-z0-9-$underscore]"; // alphanum \| "-"
	83	// domainlabel = alphanum \| alphanum *( alphanum \| "-" ) alphanum
	84	$domainlabel = "$an($and*$an)?";
	85	// toplabel = alpha \| alpha *( alphanum \| "-" ) alphanum
	86	$toplabel = "$a($and*$an)?";
	87	// hostname = *( domainlabel "." ) toplabel [ "." ]
	88	if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
	89	return $string;
	90	}
	91
	92	// If we have Net_IDNA2 support, we can support IRIs by
	93	// punycoding them. (This is the most portable thing to do,
	94	// since otherwise we have to assume browsers support
	95
	96	if ($config->get('Core.EnableIDNA')) {
	97	$idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true));
	98	// we need to encode each period separately
	99	$parts = explode('.', $string);
	100	try {
	101	$new_parts = array();
	102	foreach ($parts as $part) {
	103	$encodable = false;
	104	for ($i = 0, $c = strlen($part); $i < $c; $i++) {
	105	if (ord($part[$i]) > 0x7a) {
	106	$encodable = true;
	107	break;
	108	}
	109	}
	110	if (!$encodable) {
	111	$new_parts[] = $part;
	112	} else {
	113	$new_parts[] = $idna->encode($part);
	114	}
	115	}
	116	$string = implode('.', $new_parts);
	117	if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) {
	118	return $string;
	119	}
	120	} catch (Exception $e) {
	121	// XXX error reporting
	122	}
	123	}
	124	return false;
	125	}
	126	}
	127
	128	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php new file mode 100644 index 00000000..bbc8a77e --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
@@ -0,0 +1,45 @@
	1	<?php
	2
	3	/**
	4	* Validates an IPv4 address
	5	* @author Feyd @ forums.devnetwork.net (public domain)
	6	*/
	7	class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
	8	{
	9
	10	/**
	11	* IPv4 regex, protected so that IPv6 can reuse it.
	12	* @type string
	13	*/
	14	protected $ip4;
	15
	16	/**
	17	* @param string $aIP
	18	* @param HTMLPurifier_Config $config
	19	* @param HTMLPurifier_Context $context
	20	* @return bool\|string
	21	*/
	22	public function validate($aIP, $config, $context)
	23	{
	24	if (!$this->ip4) {
	25	$this->_loadRegex();
	26	}
	27
	28	if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) {
	29	return $aIP;
	30	}
	31	return false;
	32	}
	33
	34	/**
	35	* Lazy load function to prevent regex from being stuffed in
	36	* cache.
	37	*/
	38	protected function _loadRegex()
	39	{
	40	$oct = '(?:25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9][0-9]\|[0-9])'; // 0-255
	41	$this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
	42	}
	43	}
	44
	45	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php new file mode 100644 index 00000000..67f148bd --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
@@ -0,0 +1,89 @@
	1	<?php
	2
	3	/**
	4	* Validates an IPv6 address.
	5	* @author Feyd @ forums.devnetwork.net (public domain)
	6	* @note This function requires brackets to have been removed from address
	7	* in URI.
	8	*/
	9	class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
	10	{
	11
	12	/**
	13	* @param string $aIP
	14	* @param HTMLPurifier_Config $config
	15	* @param HTMLPurifier_Context $context
	16	* @return bool\|string
	17	*/
	18	public function validate($aIP, $config, $context)
	19	{
	20	if (!$this->ip4) {
	21	$this->_loadRegex();
	22	}
	23
	24	$original = $aIP;
	25
	26	$hex = '[0-9a-fA-F]';
	27	$blk = '(?:' . $hex . '{1,4})';
	28	$pre = '(?:/(?:12[0-8]\|1[0-1][0-9]\|[1-9][0-9]\|[0-9]))'; // /0 - /128
	29
	30	// prefix check
	31	if (strpos($aIP, '/') !== false) {
	32	if (preg_match('#' . $pre . '$#s', $aIP, $find)) {
	33	$aIP = substr($aIP, 0, 0 - strlen($find[0]));
	34	unset($find);
	35	} else {
	36	return false;
	37	}
	38	}
	39
	40	// IPv4-compatiblity check
	41	if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) {
	42	$aIP = substr($aIP, 0, 0 - strlen($find[0]));
	43	$ip = explode('.', $find[0]);
	44	$ip = array_map('dechex', $ip);
	45	$aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
	46	unset($find, $ip);
	47	}
	48
	49	// compression check
	50	$aIP = explode('::', $aIP);
	51	$c = count($aIP);
	52	if ($c > 2) {
	53	return false;
	54	} elseif ($c == 2) {
	55	list($first, $second) = $aIP;
	56	$first = explode(':', $first);
	57	$second = explode(':', $second);
	58
	59	if (count($first) + count($second) > 8) {
	60	return false;
	61	}
	62
	63	while (count($first) < 8) {
	64	array_push($first, '0');
	65	}
	66
	67	array_splice($first, 8 - count($second), 8, $second);
	68	$aIP = $first;
	69	unset($first, $second);
	70	} else {
	71	$aIP = explode(':', $aIP[0]);
	72	}
	73	$c = count($aIP);
	74
	75	if ($c != 8) {
	76	return false;
	77	}
	78
	79	// All the pieces should be 16-bit hex strings. Are they?
	80	foreach ($aIP as $piece) {
	81	if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) {
	82	return false;
	83	}
	84	}
	85	return $original;
	86	}
	87	}
	88
	89	// vim: et sw=4 sts=4