diff options
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php new file mode 100644 index 00000000..1a2b0b67 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrValidator.php | |||
@@ -0,0 +1,178 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates the attributes of a token. Doesn't manage required attributes | ||
5 | * very well. The only reason we factored this out was because RemoveForeignElements | ||
6 | * also needed it besides ValidateAttributes. | ||
7 | */ | ||
8 | class HTMLPurifier_AttrValidator | ||
9 | { | ||
10 | |||
11 | /** | ||
12 | * Validates the attributes of a token, mutating it as necessary. | ||
13 | * that has valid tokens | ||
14 | * @param HTMLPurifier_Token $token Token to validate. | ||
15 | * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config | ||
16 | * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context | ||
17 | */ | ||
18 | public function validateToken($token, $config, $context) | ||
19 | { | ||
20 | $definition = $config->getHTMLDefinition(); | ||
21 | $e =& $context->get('ErrorCollector', true); | ||
22 | |||
23 | // initialize IDAccumulator if necessary | ||
24 | $ok =& $context->get('IDAccumulator', true); | ||
25 | if (!$ok) { | ||
26 | $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context); | ||
27 | $context->register('IDAccumulator', $id_accumulator); | ||
28 | } | ||
29 | |||
30 | // initialize CurrentToken if necessary | ||
31 | $current_token =& $context->get('CurrentToken', true); | ||
32 | if (!$current_token) { | ||
33 | $context->register('CurrentToken', $token); | ||
34 | } | ||
35 | |||
36 | if (!$token instanceof HTMLPurifier_Token_Start && | ||
37 | !$token instanceof HTMLPurifier_Token_Empty | ||
38 | ) { | ||
39 | return; | ||
40 | } | ||
41 | |||
42 | // create alias to global definition array, see also $defs | ||
43 | // DEFINITION CALL | ||
44 | $d_defs = $definition->info_global_attr; | ||
45 | |||
46 | // don't update token until the very end, to ensure an atomic update | ||
47 | $attr = $token->attr; | ||
48 | |||
49 | // do global transformations (pre) | ||
50 | // nothing currently utilizes this | ||
51 | foreach ($definition->info_attr_transform_pre as $transform) { | ||
52 | $attr = $transform->transform($o = $attr, $config, $context); | ||
53 | if ($e) { | ||
54 | if ($attr != $o) { | ||
55 | $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||
56 | } | ||
57 | } | ||
58 | } | ||
59 | |||
60 | // do local transformations only applicable to this element (pre) | ||
61 | // ex. <p align="right"> to <p style="text-align:right;"> | ||
62 | foreach ($definition->info[$token->name]->attr_transform_pre as $transform) { | ||
63 | $attr = $transform->transform($o = $attr, $config, $context); | ||
64 | if ($e) { | ||
65 | if ($attr != $o) { | ||
66 | $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||
67 | } | ||
68 | } | ||
69 | } | ||
70 | |||
71 | // create alias to this element's attribute definition array, see | ||
72 | // also $d_defs (global attribute definition array) | ||
73 | // DEFINITION CALL | ||
74 | $defs = $definition->info[$token->name]->attr; | ||
75 | |||
76 | $attr_key = false; | ||
77 | $context->register('CurrentAttr', $attr_key); | ||
78 | |||
79 | // iterate through all the attribute keypairs | ||
80 | // Watch out for name collisions: $key has previously been used | ||
81 | foreach ($attr as $attr_key => $value) { | ||
82 | |||
83 | // call the definition | ||
84 | if (isset($defs[$attr_key])) { | ||
85 | // there is a local definition defined | ||
86 | if ($defs[$attr_key] === false) { | ||
87 | // We've explicitly been told not to allow this element. | ||
88 | // This is usually when there's a global definition | ||
89 | // that must be overridden. | ||
90 | // Theoretically speaking, we could have a | ||
91 | // AttrDef_DenyAll, but this is faster! | ||
92 | $result = false; | ||
93 | } else { | ||
94 | // validate according to the element's definition | ||
95 | $result = $defs[$attr_key]->validate( | ||
96 | $value, | ||
97 | $config, | ||
98 | $context | ||
99 | ); | ||
100 | } | ||
101 | } elseif (isset($d_defs[$attr_key])) { | ||
102 | // there is a global definition defined, validate according | ||
103 | // to the global definition | ||
104 | $result = $d_defs[$attr_key]->validate( | ||
105 | $value, | ||
106 | $config, | ||
107 | $context | ||
108 | ); | ||
109 | } else { | ||
110 | // system never heard of the attribute? DELETE! | ||
111 | $result = false; | ||
112 | } | ||
113 | |||
114 | // put the results into effect | ||
115 | if ($result === false || $result === null) { | ||
116 | // this is a generic error message that should replaced | ||
117 | // with more specific ones when possible | ||
118 | if ($e) { | ||
119 | $e->send(E_ERROR, 'AttrValidator: Attribute removed'); | ||
120 | } | ||
121 | |||
122 | // remove the attribute | ||
123 | unset($attr[$attr_key]); | ||
124 | } elseif (is_string($result)) { | ||
125 | // generally, if a substitution is happening, there | ||
126 | // was some sort of implicit correction going on. We'll | ||
127 | // delegate it to the attribute classes to say exactly what. | ||
128 | |||
129 | // simple substitution | ||
130 | $attr[$attr_key] = $result; | ||
131 | } else { | ||
132 | // nothing happens | ||
133 | } | ||
134 | |||
135 | // we'd also want slightly more complicated substitution | ||
136 | // involving an array as the return value, | ||
137 | // although we're not sure how colliding attributes would | ||
138 | // resolve (certain ones would be completely overriden, | ||
139 | // others would prepend themselves). | ||
140 | } | ||
141 | |||
142 | $context->destroy('CurrentAttr'); | ||
143 | |||
144 | // post transforms | ||
145 | |||
146 | // global (error reporting untested) | ||
147 | foreach ($definition->info_attr_transform_post as $transform) { | ||
148 | $attr = $transform->transform($o = $attr, $config, $context); | ||
149 | if ($e) { | ||
150 | if ($attr != $o) { | ||
151 | $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||
152 | } | ||
153 | } | ||
154 | } | ||
155 | |||
156 | // local (error reporting untested) | ||
157 | foreach ($definition->info[$token->name]->attr_transform_post as $transform) { | ||
158 | $attr = $transform->transform($o = $attr, $config, $context); | ||
159 | if ($e) { | ||
160 | if ($attr != $o) { | ||
161 | $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); | ||
162 | } | ||
163 | } | ||
164 | } | ||
165 | |||
166 | $token->attr = $attr; | ||
167 | |||
168 | // destroy CurrentToken if we made it ourselves | ||
169 | if (!$current_token) { | ||
170 | $context->destroy('CurrentToken'); | ||
171 | } | ||
172 | |||
173 | } | ||
174 | |||
175 | |||
176 | } | ||
177 | |||
178 | // vim: et sw=4 sts=4 | ||