1 files changed, 0 insertions, 314 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php
deleted file mode 100644
index c4256b95..00000000
--- a/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php
+++ /dev/null
@@ -1,314 +0,0 @@
-<?php
-/**
- * HTML Purifier's internal representation of a URI.
- * @note
- *      Internal data-structures are completely escaped. If the data needs
- *      to be used in a non-URI context (which is very unlikely), be sure
- *      to decode it first. The URI may not necessarily be well-formed until
- *      validate() is called.
- */
-class HTMLPurifier_URI
-{
-    /**
-     * @type string
-     */
-    public $scheme;
-    /**
-     * @type string
-     */
-    public $userinfo;
-    /**
-     * @type string
-     */
-    public $host;
-    /**
-     * @type int
-     */
-    public $port;
-    /**
-     * @type string
-     */
-    public $path;
-    /**
-     * @type string
-     */
-    public $query;
-    /**
-     * @type string
-     */
-    public $fragment;
-    /**
-     * @param string $scheme
-     * @param string $userinfo
-     * @param string $host
-     * @param int $port
-     * @param string $path
-     * @param string $query
-     * @param string $fragment
-     * @note Automatically normalizes scheme and port
-     */
-    public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
-    {
-        $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
-        $this->userinfo = $userinfo;
-        $this->host = $host;
-        $this->port = is_null($port) ? $port : (int)$port;
-        $this->path = $path;
-        $this->query = $query;
-        $this->fragment = $fragment;
-    }
-    /**
-     * Retrieves a scheme object corresponding to the URI's scheme/default
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
-     */
-    public function getSchemeObj($config, $context)
-    {
-        $registry = HTMLPurifier_URISchemeRegistry::instance();
-        if ($this->scheme !== null) {
-            $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
-            if (!$scheme_obj) {
-                return false;
-            } // invalid scheme, clean it out
-        } else {
-            // no scheme: retrieve the default one
-            $def = $config->getDefinition('URI');
-            $scheme_obj = $def->getDefaultScheme($config, $context);
-            if (!$scheme_obj) {
-                // something funky happened to the default scheme object
-                trigger_error(
-                    'Default scheme object "' . $def->defaultScheme . '" was not readable',
-                    E_USER_WARNING
-                );
-                return false;
-            }
-        }
-        return $scheme_obj;
-    }
-    /**
-     * Generic validation method applicable for all schemes. May modify
-     * this URI in order to get it into a compliant form.
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return bool True if validation/filtering succeeds, false if failure
-     */
-    public function validate($config, $context)
-    {
-        // ABNF definitions from RFC 3986
-        $chars_sub_delims = '!$&\'()*+,;=';
-        $chars_gen_delims = ':/?#[]@';
-        $chars_pchar = $chars_sub_delims . ':@';
-        // validate host
-        if (!is_null($this->host)) {
-            $host_def = new HTMLPurifier_AttrDef_URI_Host();
-            $this->host = $host_def->validate($this->host, $config, $context);
-            if ($this->host === false) {
-                $this->host = null;
-            }
-        }
-        // validate scheme
-        // NOTE: It's not appropriate to check whether or not this
-        // scheme is in our registry, since a URIFilter may convert a
-        // URI that we don't allow into one we do.  So instead, we just
-        // check if the scheme can be dropped because there is no host
-        // and it is our default scheme.
-        if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
-            // support for relative paths is pretty abysmal when the
-            // scheme is present, so axe it when possible
-            $def = $config->getDefinition('URI');
-            if ($def->defaultScheme === $this->scheme) {
-                $this->scheme = null;
-            }
-        }
-        // validate username
-        if (!is_null($this->userinfo)) {
-            $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
-            $this->userinfo = $encoder->encode($this->userinfo);
-        }
-        // validate port
-        if (!is_null($this->port)) {
-            if ($this->port < 1 || $this->port > 65535) {
-                $this->port = null;
-            }
-        }
-        // validate path
-        $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
-        if (!is_null($this->host)) { // this catches $this->host === ''
-            // path-abempty (hier and relative)
-            // http://www.example.com/my/path
-            // //www.example.com/my/path (looks odd, but works, and
-            //                            recognized by most browsers)
-            // (this set is valid or invalid on a scheme by scheme
-            // basis, so we'll deal with it later)
-            // file:///my/path
-            // ///my/path
-            $this->path = $segments_encoder->encode($this->path);
-        } elseif ($this->path !== '') {
-            if ($this->path[0] === '/') {
-                // path-absolute (hier and relative)
-                // http:/my/path
-                // /my/path
-                if (strlen($this->path) >= 2 && $this->path[1] === '/') {
-                    // This could happen if both the host gets stripped
-                    // out
-                    // http://my/path
-                    // //my/path
-                    $this->path = '';
-                } else {
-                    $this->path = $segments_encoder->encode($this->path);
-                }
-            } elseif (!is_null($this->scheme)) {
-                // path-rootless (hier)
-                // http:my/path
-                // Short circuit evaluation means we don't need to check nz
-                $this->path = $segments_encoder->encode($this->path);
-            } else {
-                // path-noscheme (relative)
-                // my/path
-                // (once again, not checking nz)
-                $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
-                $c = strpos($this->path, '/');
-                if ($c !== false) {
-                    $this->path =
-                        $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
-                        $segments_encoder->encode(substr($this->path, $c));
-                } else {
-                    $this->path = $segment_nc_encoder->encode($this->path);
-                }
-            }
-        } else {
-            // path-empty (hier and relative)
-            $this->path = ''; // just to be safe
-        }
-        // qf = query and fragment
-        $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
-        if (!is_null($this->query)) {
-            $this->query = $qf_encoder->encode($this->query);
-        }
-        if (!is_null($this->fragment)) {
-            $this->fragment = $qf_encoder->encode($this->fragment);
-        }
-        return true;
-    }
-    /**
-     * Convert URI back to string
-     * @return string URI appropriate for output
-     */
-    public function toString()
-    {
-        // reconstruct authority
-        $authority = null;
-        // there is a rendering difference between a null authority
-        // (http:foo-bar) and an empty string authority
-        // (http:///foo-bar).
-        if (!is_null($this->host)) {
-            $authority = '';
-            if (!is_null($this->userinfo)) {
-                $authority .= $this->userinfo . '@';
-            }
-            $authority .= $this->host;
-            if (!is_null($this->port)) {
-                $authority .= ':' . $this->port;
-            }
-        }
-        // Reconstruct the result
-        // One might wonder about parsing quirks from browsers after
-        // this reconstruction.  Unfortunately, parsing behavior depends
-        // on what *scheme* was employed (file:///foo is handled *very*
-        // differently than http:///foo), so unfortunately we have to
-        // defer to the schemes to do the right thing.
-        $result = '';
-        if (!is_null($this->scheme)) {
-            $result .= $this->scheme . ':';
-        }
-        if (!is_null($authority)) {
-            $result .= '//' . $authority;
-        }
-        $result .= $this->path;
-        if (!is_null($this->query)) {
-            $result .= '?' . $this->query;
-        }
-        if (!is_null($this->fragment)) {
-            $result .= '#' . $this->fragment;
-        }
-        return $result;
-    }
-    /**
-     * Returns true if this URL might be considered a 'local' URL given
-     * the current context.  This is true when the host is null, or
-     * when it matches the host supplied to the configuration.
-     *
-     * Note that this does not do any scheme checking, so it is mostly
-     * only appropriate for metadata that doesn't care about protocol
-     * security.  isBenign is probably what you actually want.
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return bool
-     */
-    public function isLocal($config, $context)
-    {
-        if ($this->host === null) {
-            return true;
-        }
-        $uri_def = $config->getDefinition('URI');
-        if ($uri_def->host === $this->host) {
-            return true;
-        }
-        return false;
-    }
-    /**
-     * Returns true if this URL should be considered a 'benign' URL,
-     * that is:
-     *
-     *      - It is a local URL (isLocal), and
-     *      - It has a equal or better level of security
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return bool
-     */
-    public function isBenign($config, $context)
-    {
-        if (!$this->isLocal($config, $context)) {
-            return false;
-        }
-        $scheme_obj = $this->getSchemeObj($config, $context);
-        if (!$scheme_obj) {
-            return false;
-        } // conservative approach
-        $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
-        if ($current_scheme_obj->secure) {
-            if (!$scheme_obj->secure) {
-                return false;
-            }
-        }
-        return true;
-    }
-}
-// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php deleted file mode 100644 index c4256b95..00000000 --- a/inc/3rdparty/htmlpurifier/HTMLPurifier/URI.php +++ /dev/null
@@ -1,314 +0,0 @@
1	<?php
2
3	/**
4	* HTML Purifier's internal representation of a URI.
5	* @note
6	* Internal data-structures are completely escaped. If the data needs
7	* to be used in a non-URI context (which is very unlikely), be sure
8	* to decode it first. The URI may not necessarily be well-formed until
9	* validate() is called.
10	*/
11	class HTMLPurifier_URI
12	{
13	/**
14	* @type string
15	*/
16	public $scheme;
17
18	/**
19	* @type string
20	*/
21	public $userinfo;
22
23	/**
24	* @type string
25	*/
26	public $host;
27
28	/**
29	* @type int
30	*/
31	public $port;
32
33	/**
34	* @type string
35	*/
36	public $path;
37
38	/**
39	* @type string
40	*/
41	public $query;
42
43	/**
44	* @type string
45	*/
46	public $fragment;
47
48	/**
49	* @param string $scheme
50	* @param string $userinfo
51	* @param string $host
52	* @param int $port
53	* @param string $path
54	* @param string $query
55	* @param string $fragment
56	* @note Automatically normalizes scheme and port
57	*/
58	public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
59	{
60	$this->scheme = is_null($scheme) \|\| ctype_lower($scheme) ? $scheme : strtolower($scheme);
61	$this->userinfo = $userinfo;
62	$this->host = $host;
63	$this->port = is_null($port) ? $port : (int)$port;
64	$this->path = $path;
65	$this->query = $query;
66	$this->fragment = $fragment;
67	}
68
69	/**
70	* Retrieves a scheme object corresponding to the URI's scheme/default
71	* @param HTMLPurifier_Config $config
72	* @param HTMLPurifier_Context $context
73	* @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
74	*/
75	public function getSchemeObj($config, $context)
76	{
77	$registry = HTMLPurifier_URISchemeRegistry::instance();
78	if ($this->scheme !== null) {
79	$scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80	if (!$scheme_obj) {
81	return false;
82	} // invalid scheme, clean it out
83	} else {
84	// no scheme: retrieve the default one
85	$def = $config->getDefinition('URI');
86	$scheme_obj = $def->getDefaultScheme($config, $context);
87	if (!$scheme_obj) {
88	// something funky happened to the default scheme object
89	trigger_error(
90	'Default scheme object "' . $def->defaultScheme . '" was not readable',
91	E_USER_WARNING
92	);
93	return false;
94	}
95	}
96	return $scheme_obj;
97	}
98
99	/**
100	* Generic validation method applicable for all schemes. May modify
101	* this URI in order to get it into a compliant form.
102	* @param HTMLPurifier_Config $config
103	* @param HTMLPurifier_Context $context
104	* @return bool True if validation/filtering succeeds, false if failure
105	*/
106	public function validate($config, $context)
107	{
108	// ABNF definitions from RFC 3986
109	$chars_sub_delims = '!$&\'()*+,;=';
110	$chars_gen_delims = ':/?#[]@';
111	$chars_pchar = $chars_sub_delims . ':@';
112
113	// validate host
114	if (!is_null($this->host)) {
115	$host_def = new HTMLPurifier_AttrDef_URI_Host();
116	$this->host = $host_def->validate($this->host, $config, $context);
117	if ($this->host === false) {
118	$this->host = null;
119	}
120	}
121
122	// validate scheme
123	// NOTE: It's not appropriate to check whether or not this
124	// scheme is in our registry, since a URIFilter may convert a
125	// URI that we don't allow into one we do. So instead, we just
126	// check if the scheme can be dropped because there is no host
127	// and it is our default scheme.
128	if (!is_null($this->scheme) && is_null($this->host) \|\| $this->host === '') {
129	// support for relative paths is pretty abysmal when the
130	// scheme is present, so axe it when possible
131	$def = $config->getDefinition('URI');
132	if ($def->defaultScheme === $this->scheme) {
133	$this->scheme = null;
134	}
135	}
136
137	// validate username
138	if (!is_null($this->userinfo)) {
139	$encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
140	$this->userinfo = $encoder->encode($this->userinfo);
141	}
142
143	// validate port
144	if (!is_null($this->port)) {
145	if ($this->port < 1 \|\| $this->port > 65535) {
146	$this->port = null;
147	}
148	}
149
150	// validate path
151	$segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
152	if (!is_null($this->host)) { // this catches $this->host === ''
153	// path-abempty (hier and relative)
154	// http://www.example.com/my/path
155	// //www.example.com/my/path (looks odd, but works, and
156	// recognized by most browsers)
157	// (this set is valid or invalid on a scheme by scheme
158	// basis, so we'll deal with it later)
159	// file:///my/path
160	// ///my/path
161	$this->path = $segments_encoder->encode($this->path);
162	} elseif ($this->path !== '') {
163	if ($this->path[0] === '/') {
164	// path-absolute (hier and relative)
165	// http:/my/path
166	// /my/path
167	if (strlen($this->path) >= 2 && $this->path[1] === '/') {
168	// This could happen if both the host gets stripped
169	// out
170	// http://my/path
171	// //my/path
172	$this->path = '';
173	} else {
174	$this->path = $segments_encoder->encode($this->path);
175	}
176	} elseif (!is_null($this->scheme)) {
177	// path-rootless (hier)
178	// http:my/path
179	// Short circuit evaluation means we don't need to check nz
180	$this->path = $segments_encoder->encode($this->path);
181	} else {
182	// path-noscheme (relative)
183	// my/path
184	// (once again, not checking nz)
185	$segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
186	$c = strpos($this->path, '/');
187	if ($c !== false) {
188	$this->path =
189	$segment_nc_encoder->encode(substr($this->path, 0, $c)) .
190	$segments_encoder->encode(substr($this->path, $c));
191	} else {
192	$this->path = $segment_nc_encoder->encode($this->path);
193	}
194	}
195	} else {
196	// path-empty (hier and relative)
197	$this->path = ''; // just to be safe
198	}
199
200	// qf = query and fragment
201	$qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
202
203	if (!is_null($this->query)) {
204	$this->query = $qf_encoder->encode($this->query);
205	}
206
207	if (!is_null($this->fragment)) {
208	$this->fragment = $qf_encoder->encode($this->fragment);
209	}
210	return true;
211	}
212
213	/**
214	* Convert URI back to string
215	* @return string URI appropriate for output
216	*/
217	public function toString()
218	{
219	// reconstruct authority
220	$authority = null;
221	// there is a rendering difference between a null authority
222	// (http:foo-bar) and an empty string authority
223	// (http:///foo-bar).
224	if (!is_null($this->host)) {
225	$authority = '';
226	if (!is_null($this->userinfo)) {
227	$authority .= $this->userinfo . '@';
228	}
229	$authority .= $this->host;
230	if (!is_null($this->port)) {
231	$authority .= ':' . $this->port;
232	}
233	}
234
235	// Reconstruct the result
236	// One might wonder about parsing quirks from browsers after
237	// this reconstruction. Unfortunately, parsing behavior depends
238	// on what scheme was employed (file:///foo is handled very
239	// differently than http:///foo), so unfortunately we have to
240	// defer to the schemes to do the right thing.
241	$result = '';
242	if (!is_null($this->scheme)) {
243	$result .= $this->scheme . ':';
244	}
245	if (!is_null($authority)) {
246	$result .= '//' . $authority;
247	}
248	$result .= $this->path;
249	if (!is_null($this->query)) {
250	$result .= '?' . $this->query;
251	}
252	if (!is_null($this->fragment)) {
253	$result .= '#' . $this->fragment;
254	}
255
256	return $result;
257	}
258
259	/**
260	* Returns true if this URL might be considered a 'local' URL given
261	* the current context. This is true when the host is null, or
262	* when it matches the host supplied to the configuration.
263	*
264	* Note that this does not do any scheme checking, so it is mostly
265	* only appropriate for metadata that doesn't care about protocol
266	* security. isBenign is probably what you actually want.
267	* @param HTMLPurifier_Config $config
268	* @param HTMLPurifier_Context $context
269	* @return bool
270	*/
271	public function isLocal($config, $context)
272	{
273	if ($this->host === null) {
274	return true;
275	}
276	$uri_def = $config->getDefinition('URI');
277	if ($uri_def->host === $this->host) {
278	return true;
279	}
280	return false;
281	}
282
283	/**
284	* Returns true if this URL should be considered a 'benign' URL,
285	* that is:
286	*
287	* - It is a local URL (isLocal), and
288	* - It has a equal or better level of security
289	* @param HTMLPurifier_Config $config
290	* @param HTMLPurifier_Context $context
291	* @return bool
292	*/
293	public function isBenign($config, $context)
294	{
295	if (!$this->isLocal($config, $context)) {
296	return false;
297	}
298
299	$scheme_obj = $this->getSchemeObj($config, $context);
300	if (!$scheme_obj) {
301	return false;
302	} // conservative approach
303
304	$current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
305	if ($current_scheme_obj->secure) {
306	if (!$scheme_obj->secure) {
307	return false;
308	}
309	}
310	return true;
311	}
312	}
313
314	// vim: et sw=4 sts=4