2 files changed, 168 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
new file mode 100644
index 00000000..b2ed860a
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
@@ -0,0 +1,130 @@
+<?php
+/**
+ * Performs safe variable parsing based on types which can be used by
+ * users. This may not be able to represent all possible data inputs,
+ * however.
+ */
+class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
+{
+    /**
+     * @param mixed $var
+     * @param int $type
+     * @param bool $allow_null
+     * @return array|bool|float|int|mixed|null|string
+     * @throws HTMLPurifier_VarParserException
+     */
+    protected function parseImplementation($var, $type, $allow_null)
+    {
+        if ($allow_null && $var === null) {
+            return null;
+        }
+        switch ($type) {
+            // Note: if code "breaks" from the switch, it triggers a generic
+            // exception to be thrown. Specific errors can be specifically
+            // done here.
+            case self::MIXED:
+            case self::ISTRING:
+            case self::STRING:
+            case self::TEXT:
+            case self::ITEXT:
+                return $var;
+            case self::INT:
+                if (is_string($var) && ctype_digit($var)) {
+                    $var = (int)$var;
+                }
+                return $var;
+            case self::FLOAT:
+                if ((is_string($var) && is_numeric($var)) || is_int($var)) {
+                    $var = (float)$var;
+                }
+                return $var;
+            case self::BOOL:
+                if (is_int($var) && ($var === 0 || $var === 1)) {
+                    $var = (bool)$var;
+                } elseif (is_string($var)) {
+                    if ($var == 'on' || $var == 'true' || $var == '1') {
+                        $var = true;
+                    } elseif ($var == 'off' || $var == 'false' || $var == '0') {
+                        $var = false;
+                    } else {
+                        throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
+                    }
+                }
+                return $var;
+            case self::ALIST:
+            case self::HASH:
+            case self::LOOKUP:
+                if (is_string($var)) {
+                    // special case: technically, this is an array with
+                    // a single empty string item, but having an empty
+                    // array is more intuitive
+                    if ($var == '') {
+                        return array();
+                    }
+                    if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
+                        // simplistic string to array method that only works
+                        // for simple lists of tag names or alphanumeric characters
+                        $var = explode(',', $var);
+                    } else {
+                        $var = preg_split('/(,|[\n\r]+)/', $var);
+                    }
+                    // remove spaces
+                    foreach ($var as $i => $j) {
+                        $var[$i] = trim($j);
+                    }
+                    if ($type === self::HASH) {
+                        // key:value,key2:value2
+                        $nvar = array();
+                        foreach ($var as $keypair) {
+                            $c = explode(':', $keypair, 2);
+                            if (!isset($c[1])) {
+                                continue;
+                            }
+                            $nvar[trim($c[0])] = trim($c[1]);
+                        }
+                        $var = $nvar;
+                    }
+                }
+                if (!is_array($var)) {
+                    break;
+                }
+                $keys = array_keys($var);
+                if ($keys === array_keys($keys)) {
+                    if ($type == self::ALIST) {
+                        return $var;
+                    } elseif ($type == self::LOOKUP) {
+                        $new = array();
+                        foreach ($var as $key) {
+                            $new[$key] = true;
+                        }
+                        return $new;
+                    } else {
+                        break;
+                    }
+                }
+                if ($type === self::ALIST) {
+                    trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING);
+                    return array_values($var);
+                }
+                if ($type === self::LOOKUP) {
+                    foreach ($var as $key => $value) {
+                        if ($value !== true) {
+                            trigger_error(
+                                "Lookup array has non-true value at key '$key'; " .
+                                "maybe your input array was not indexed numerically",
+                                E_USER_WARNING
+                            );
+                        }
+                        $var[$key] = true;
+                    }
+                }
+                return $var;
+            default:
+                $this->errorInconsistent(__CLASS__, $type);
+        }
+        $this->errorGeneric($var, $type);
+    }
+}
+// vim: et sw=4 sts=4
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php
new file mode 100644
index 00000000..c28055b5
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * This variable parser uses PHP's internal code engine. Because it does
+ * this, it can represent all inputs; however, it is dangerous and cannot
+ * be used by users.
+ */
+class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
+{
+    /**
+     * @param mixed $var
+     * @param int $type
+     * @param bool $allow_null
+     * @return null|string
+     */
+    protected function parseImplementation($var, $type, $allow_null)
+    {
+        return $this->evalExpression($var);
+    }
+    /**
+     * @param string $expr
+     * @return mixed
+     * @throws HTMLPurifier_VarParserException
+     */
+    protected function evalExpression($expr)
+    {
+        $var = null;
+        $result = eval("\$var = $expr;");
+        if ($result === false) {
+            throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
+        }
+        return $var;
+    }
+}
+// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php new file mode 100644 index 00000000..b2ed860a --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Flexible.php
@@ -0,0 +1,130 @@
	1	<?php
	2
	3	/**
	4	* Performs safe variable parsing based on types which can be used by
	5	* users. This may not be able to represent all possible data inputs,
	6	* however.
	7	*/
	8	class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
	9	{
	10	/**
	11	* @param mixed $var
	12	* @param int $type
	13	* @param bool $allow_null
	14	* @return array\|bool\|float\|int\|mixed\|null\|string
	15	* @throws HTMLPurifier_VarParserException
	16	*/
	17	protected function parseImplementation($var, $type, $allow_null)
	18	{
	19	if ($allow_null && $var === null) {
	20	return null;
	21	}
	22	switch ($type) {
	23	// Note: if code "breaks" from the switch, it triggers a generic
	24	// exception to be thrown. Specific errors can be specifically
	25	// done here.
	26	case self::MIXED:
	27	case self::ISTRING:
	28	case self::STRING:
	29	case self::TEXT:
	30	case self::ITEXT:
	31	return $var;
	32	case self::INT:
	33	if (is_string($var) && ctype_digit($var)) {
	34	$var = (int)$var;
	35	}
	36	return $var;
	37	case self::FLOAT:
	38	if ((is_string($var) && is_numeric($var)) \|\| is_int($var)) {
	39	$var = (float)$var;
	40	}
	41	return $var;
	42	case self::BOOL:
	43	if (is_int($var) && ($var === 0 \|\| $var === 1)) {
	44	$var = (bool)$var;
	45	} elseif (is_string($var)) {
	46	if ($var == 'on' \|\| $var == 'true' \|\| $var == '1') {
	47	$var = true;
	48	} elseif ($var == 'off' \|\| $var == 'false' \|\| $var == '0') {
	49	$var = false;
	50	} else {
	51	throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
	52	}
	53	}
	54	return $var;
	55	case self::ALIST:
	56	case self::HASH:
	57	case self::LOOKUP:
	58	if (is_string($var)) {
	59	// special case: technically, this is an array with
	60	// a single empty string item, but having an empty
	61	// array is more intuitive
	62	if ($var == '') {
	63	return array();
	64	}
	65	if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
	66	// simplistic string to array method that only works
	67	// for simple lists of tag names or alphanumeric characters
	68	$var = explode(',', $var);
	69	} else {
	70	$var = preg_split('/(,\|[\n\r]+)/', $var);
	71	}
	72	// remove spaces
	73	foreach ($var as $i => $j) {
	74	$var[$i] = trim($j);
	75	}
	76	if ($type === self::HASH) {
	77	// key:value,key2:value2
	78	$nvar = array();
	79	foreach ($var as $keypair) {
	80	$c = explode(':', $keypair, 2);
	81	if (!isset($c[1])) {
	82	continue;
	83	}
	84	$nvar[trim($c[0])] = trim($c[1]);
	85	}
	86	$var = $nvar;
	87	}
	88	}
	89	if (!is_array($var)) {
	90	break;
	91	}
	92	$keys = array_keys($var);
	93	if ($keys === array_keys($keys)) {
	94	if ($type == self::ALIST) {
	95	return $var;
	96	} elseif ($type == self::LOOKUP) {
	97	$new = array();
	98	foreach ($var as $key) {
	99	$new[$key] = true;
	100	}
	101	return $new;
	102	} else {
	103	break;
	104	}
	105	}
	106	if ($type === self::ALIST) {
	107	trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING);
	108	return array_values($var);
	109	}
	110	if ($type === self::LOOKUP) {
	111	foreach ($var as $key => $value) {
	112	if ($value !== true) {
	113	trigger_error(
	114	"Lookup array has non-true value at key '$key'; " .
	115	"maybe your input array was not indexed numerically",
	116	E_USER_WARNING
	117	);
	118	}
	119	$var[$key] = true;
	120	}
	121	}
	122	return $var;
	123	default:
	124	$this->errorInconsistent(__CLASS__, $type);
	125	}
	126	$this->errorGeneric($var, $type);
	127	}
	128	}
	129
	130	// vim: et sw=4 sts=4


diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php new file mode 100644 index 00000000..c28055b5 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/VarParser/Native.php
@@ -0,0 +1,38 @@
	1	<?php
	2
	3	/**
	4	* This variable parser uses PHP's internal code engine. Because it does
	5	* this, it can represent all inputs; however, it is dangerous and cannot
	6	* be used by users.
	7	*/
	8	class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
	9	{
	10
	11	/**
	12	* @param mixed $var
	13	* @param int $type
	14	* @param bool $allow_null
	15	* @return null\|string
	16	*/
	17	protected function parseImplementation($var, $type, $allow_null)
	18	{
	19	return $this->evalExpression($var);
	20	}
	21
	22	/**
	23	* @param string $expr
	24	* @return mixed
	25	* @throws HTMLPurifier_VarParserException
	26	*/
	27	protected function evalExpression($expr)
	28	{
	29	$var = null;
	30	$result = eval("\$var = $expr;");
	31	if ($result === false) {
	32	throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
	33	}
	34	return $var;
	35	}
	36	}
	37
	38	// vim: et sw=4 sts=4