From 7df504542019fceff5d8d69ae37a51b49b010cc5 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Wed, 7 Dec 2022 14:52:32 +0100 Subject: [PATCH] vendor: Upgrade HTMLPurifier to v4.16.0 --- library/vendor/HTMLPurifier.autoload.php | 1 + library/vendor/HTMLPurifier.php | 17 +- .../HTMLPurifier/AttrDef/CSS/Background.php | 2 + .../HTMLPurifier/AttrDef/CSS/Number.php | 8 +- .../vendor/HTMLPurifier/AttrDef/HTML/Bool.php | 4 +- .../AttrDef/HTML/ContentEditable.php | 16 ++ .../vendor/HTMLPurifier/AttrDef/URI/Host.php | 6 +- .../HTMLPurifier/AttrTransform/NameSync.php | 5 + .../HTMLPurifier/AttrTransform/SafeParam.php | 5 + library/vendor/HTMLPurifier/AttrTypes.php | 1 + library/vendor/HTMLPurifier/CSSDefinition.php | 68 +++++++- library/vendor/HTMLPurifier/ChildDef/List.php | 2 + .../vendor/HTMLPurifier/ChildDef/Table.php | 2 +- library/vendor/HTMLPurifier/Config.php | 20 +-- library/vendor/HTMLPurifier/ConfigSchema.php | 2 +- .../HTMLPurifier/ConfigSchema/schema.ser | Bin 15923 -> 24190 bytes .../AutoFormat.RemoveEmpty.RemoveNbsp.txt | 2 +- .../schema/Core.AllowParseManyTags.txt | 12 ++ .../schema/Core.ColorKeywords.txt | 159 ++++++++++++++++-- .../ConfigSchema/schema/HTML.Forms.txt | 11 ++ .../DefinitionCache/Serializer/README | 0 library/vendor/HTMLPurifier/ElementDef.php | 2 +- library/vendor/HTMLPurifier/Encoder.php | 8 +- library/vendor/HTMLPurifier/EntityParser.php | 2 +- library/vendor/HTMLPurifier/HTMLModule.php | 7 +- .../HTMLModule/CommonAttributes.php | 1 + .../vendor/HTMLPurifier/HTMLModule/Forms.php | 4 + .../HTMLPurifier/HTMLModule/SafeScripting.php | 4 +- .../vendor/HTMLPurifier/HTMLModule/Tidy.php | 5 +- .../HTMLModule/Tidy/XHTMLAndHTML4.php | 5 +- .../vendor/HTMLPurifier/Injector/Linkify.php | 3 + .../Injector/RemoveSpansWithoutAttributes.php | 15 +- .../Language/classes/en-x-test.php | 9 - .../Language/messages/en-x-test.php | 11 -- .../Language/messages/en-x-testmini.php | 12 -- library/vendor/HTMLPurifier/Length.php | 2 +- library/vendor/HTMLPurifier/Lexer.php | 9 +- library/vendor/HTMLPurifier/Lexer/DOMLex.php | 24 ++- library/vendor/HTMLPurifier/Lexer/PH5P.php | 2 +- .../HTMLPurifier/Printer/ConfigForm.php | 4 +- .../HTMLPurifier/Printer/HTMLDefinition.php | 4 +- .../HTMLPurifier/PropertyListIterator.php | 1 + library/vendor/HTMLPurifier/SOURCE | 14 +- library/vendor/HTMLPurifier/StringHash.php | 1 + .../HTMLPurifier/URIFilter/HostBlacklist.php | 2 +- .../vendor/HTMLPurifier/URIFilter/Munge.php | 10 +- library/vendor/HTMLPurifier/VERSION | 2 +- library/vendor/HTMLPurifier/VarParser.php | 32 ++-- .../HTMLPurifier/VarParser/Flexible.php | 10 +- 49 files changed, 406 insertions(+), 142 deletions(-) create mode 100644 library/vendor/HTMLPurifier/AttrDef/HTML/ContentEditable.php create mode 100644 library/vendor/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt create mode 100644 library/vendor/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt mode change 100644 => 100755 library/vendor/HTMLPurifier/DefinitionCache/Serializer/README delete mode 100644 library/vendor/HTMLPurifier/Language/classes/en-x-test.php delete mode 100644 library/vendor/HTMLPurifier/Language/messages/en-x-test.php delete mode 100644 library/vendor/HTMLPurifier/Language/messages/en-x-testmini.php diff --git a/library/vendor/HTMLPurifier.autoload.php b/library/vendor/HTMLPurifier.autoload.php index 9d8d29926..7a691132f 100644 --- a/library/vendor/HTMLPurifier.autoload.php +++ b/library/vendor/HTMLPurifier.autoload.php @@ -17,6 +17,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php'; } +// phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.zend_ze1_compatibility_modeRemoved if (ini_get('zend.ze1_compatibility_mode')) { trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR); } diff --git a/library/vendor/HTMLPurifier.php b/library/vendor/HTMLPurifier.php index bada5188b..26f061276 100644 --- a/library/vendor/HTMLPurifier.php +++ b/library/vendor/HTMLPurifier.php @@ -19,7 +19,7 @@ */ /* - HTML Purifier 4.10.0 - Standards Compliant HTML Filtering + HTML Purifier 4.15.0 - Standards Compliant HTML Filtering Copyright (C) 2006-2008 Edward Z. Yang This library is free software; you can redistribute it and/or @@ -58,12 +58,12 @@ class HTMLPurifier * Version of HTML Purifier. * @type string */ - public $version = '4.10.0'; + public $version = '4.15.0'; /** * Constant with version of HTML Purifier. */ - const VERSION = '4.10.0'; + const VERSION = '4.15.0'; /** * Global configuration object. @@ -240,12 +240,17 @@ class HTMLPurifier public function purifyArray($array_of_html, $config = null) { $context_array = array(); - foreach ($array_of_html as $key => $html) { - $array_of_html[$key] = $this->purify($html, $config); + $array = array(); + foreach($array_of_html as $key=>$value){ + if (is_array($value)) { + $array[$key] = $this->purifyArray($value, $config); + } else { + $array[$key] = $this->purify($value, $config); + } $context_array[$key] = $this->context; } $this->context = $context_array; - return $array_of_html; + return $array; } /** diff --git a/library/vendor/HTMLPurifier/AttrDef/CSS/Background.php b/library/vendor/HTMLPurifier/AttrDef/CSS/Background.php index 7f1ea3b0f..28c49883a 100644 --- a/library/vendor/HTMLPurifier/AttrDef/CSS/Background.php +++ b/library/vendor/HTMLPurifier/AttrDef/CSS/Background.php @@ -25,6 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $this->info['background-repeat'] = $def->info['background-repeat']; $this->info['background-attachment'] = $def->info['background-attachment']; $this->info['background-position'] = $def->info['background-position']; + $this->info['background-size'] = $def->info['background-size']; } /** @@ -53,6 +54,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $caught['repeat'] = false; $caught['attachment'] = false; $caught['position'] = false; + $caught['size'] = false; $i = 0; // number of catches diff --git a/library/vendor/HTMLPurifier/AttrDef/CSS/Number.php b/library/vendor/HTMLPurifier/AttrDef/CSS/Number.php index 8edc159e7..ef49d20fd 100644 --- a/library/vendor/HTMLPurifier/AttrDef/CSS/Number.php +++ b/library/vendor/HTMLPurifier/AttrDef/CSS/Number.php @@ -69,7 +69,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef return false; } - $left = ltrim($left, '0'); + // Remove leading zeros until positive number or a zero stays left + if (ltrim($left, '0') != '') { + $left = ltrim($left, '0'); + } else { + $left = '0'; + } + $right = rtrim($right, '0'); if ($right === '') { diff --git a/library/vendor/HTMLPurifier/AttrDef/HTML/Bool.php b/library/vendor/HTMLPurifier/AttrDef/HTML/Bool.php index dea15d2cd..be3bbc8dc 100644 --- a/library/vendor/HTMLPurifier/AttrDef/HTML/Bool.php +++ b/library/vendor/HTMLPurifier/AttrDef/HTML/Bool.php @@ -7,7 +7,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef { /** - * @type bool + * @type string */ protected $name; @@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef public $minimized = true; /** - * @param bool $name + * @param bool|string $name */ public function __construct($name = false) { diff --git a/library/vendor/HTMLPurifier/AttrDef/HTML/ContentEditable.php b/library/vendor/HTMLPurifier/AttrDef/HTML/ContentEditable.php new file mode 100644 index 000000000..5b03d3e37 --- /dev/null +++ b/library/vendor/HTMLPurifier/AttrDef/HTML/ContentEditable.php @@ -0,0 +1,16 @@ +get('HTML.Trusted')) { + $allowed = array('', 'true', 'false'); + } + + $enum = new HTMLPurifier_AttrDef_Enum($allowed); + + return $enum->validate($string, $config, $context); + } +} diff --git a/library/vendor/HTMLPurifier/AttrDef/URI/Host.php b/library/vendor/HTMLPurifier/AttrDef/URI/Host.php index e54a3344a..1beeaa5d2 100644 --- a/library/vendor/HTMLPurifier/AttrDef/URI/Host.php +++ b/library/vendor/HTMLPurifier/AttrDef/URI/Host.php @@ -97,7 +97,11 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef // PHP 5.3 and later support this functionality natively if (function_exists('idn_to_ascii')) { - $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46); + if (defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46')) { + $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46); + } else { + $string = idn_to_ascii($string); + } // If we have Net_IDNA2 support, we can support IRIs by // punycoding them. (This is the most portable thing to do, diff --git a/library/vendor/HTMLPurifier/AttrTransform/NameSync.php b/library/vendor/HTMLPurifier/AttrTransform/NameSync.php index 36079b786..5a1fdbbfc 100644 --- a/library/vendor/HTMLPurifier/AttrTransform/NameSync.php +++ b/library/vendor/HTMLPurifier/AttrTransform/NameSync.php @@ -8,6 +8,11 @@ class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform { + /** + * @type HTMLPurifier_AttrDef_HTML_ID + */ + public $idDef; + public function __construct() { $this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); diff --git a/library/vendor/HTMLPurifier/AttrTransform/SafeParam.php b/library/vendor/HTMLPurifier/AttrTransform/SafeParam.php index 1143b4b49..1033106b3 100644 --- a/library/vendor/HTMLPurifier/AttrTransform/SafeParam.php +++ b/library/vendor/HTMLPurifier/AttrTransform/SafeParam.php @@ -24,6 +24,11 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform */ private $uri; + /** + * @type HTMLPurifier_AttrDef_Enum + */ + public $wmode; + public function __construct() { $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded diff --git a/library/vendor/HTMLPurifier/AttrTypes.php b/library/vendor/HTMLPurifier/AttrTypes.php index 3b70520b6..e4429e86d 100644 --- a/library/vendor/HTMLPurifier/AttrTypes.php +++ b/library/vendor/HTMLPurifier/AttrTypes.php @@ -41,6 +41,7 @@ class HTMLPurifier_AttrTypes $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); $this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); + $this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable(); // unimplemented aliases $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); diff --git a/library/vendor/HTMLPurifier/CSSDefinition.php b/library/vendor/HTMLPurifier/CSSDefinition.php index 47dfd1f66..3f08b81c5 100644 --- a/library/vendor/HTMLPurifier/CSSDefinition.php +++ b/library/vendor/HTMLPurifier/CSSDefinition.php @@ -109,6 +109,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition ); $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); + $this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_Enum( + array( + 'auto', + 'cover', + 'contain', + 'initial', + 'inherit', + ) + ), + new HTMLPurifier_AttrDef_CSS_Percentage(), + new HTMLPurifier_AttrDef_CSS_Length() + ) + ); + $border_color = $this->info['border-top-color'] = $this->info['border-bottom-color'] = @@ -220,15 +236,25 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition array( new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Percentage(true), - new HTMLPurifier_AttrDef_Enum(array('auto')) + new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit')) + ) + ); + $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_CSS_Length('0'), + new HTMLPurifier_AttrDef_CSS_Percentage(true), + new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit')) + ) + ); + $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_CSS_Length('0'), + new HTMLPurifier_AttrDef_CSS_Percentage(true), + new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit')) ) ); $max = $config->get('CSS.MaxImgLength'); - $this->info['min-width'] = - $this->info['max-width'] = - $this->info['min-height'] = - $this->info['max-height'] = $this->info['width'] = $this->info['height'] = $max === null ? @@ -245,6 +271,38 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition // For everyone else: $trusted_wh ); + $this->info['min-width'] = + $this->info['min-height'] = + $max === null ? + $trusted_min_wh : + new HTMLPurifier_AttrDef_Switch( + 'img', + // For img tags: + new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_CSS_Length('0', $max), + new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit')) + ) + ), + // For everyone else: + $trusted_min_wh + ); + $this->info['max-width'] = + $this->info['max-height'] = + $max === null ? + $trusted_max_wh : + new HTMLPurifier_AttrDef_Switch( + 'img', + // For img tags: + new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_CSS_Length('0', $max), + new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit')) + ) + ), + // For everyone else: + $trusted_max_wh + ); $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); diff --git a/library/vendor/HTMLPurifier/ChildDef/List.php b/library/vendor/HTMLPurifier/ChildDef/List.php index 4fc70e0ef..3d584e727 100644 --- a/library/vendor/HTMLPurifier/ChildDef/List.php +++ b/library/vendor/HTMLPurifier/ChildDef/List.php @@ -22,6 +22,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef // XXX: This whole business with 'wrap' is all a bit unsatisfactory public $elements = array('li' => true, 'ul' => true, 'ol' => true); + public $whitespace; + /** * @param array $children * @param HTMLPurifier_Config $config diff --git a/library/vendor/HTMLPurifier/ChildDef/Table.php b/library/vendor/HTMLPurifier/ChildDef/Table.php index cb6b3e6cd..67c7e9535 100644 --- a/library/vendor/HTMLPurifier/ChildDef/Table.php +++ b/library/vendor/HTMLPurifier/ChildDef/Table.php @@ -164,7 +164,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef } } - if (empty($content)) { + if (empty($content) && $thead === false && $tfoot === false) { return false; } diff --git a/library/vendor/HTMLPurifier/Config.php b/library/vendor/HTMLPurifier/Config.php index f37cf3713..797d26877 100644 --- a/library/vendor/HTMLPurifier/Config.php +++ b/library/vendor/HTMLPurifier/Config.php @@ -21,7 +21,7 @@ class HTMLPurifier_Config * HTML Purifier's version * @type string */ - public $version = '4.10.0'; + public $version = '4.15.0'; /** * Whether or not to automatically finalize @@ -408,7 +408,7 @@ class HTMLPurifier_Config * maybeGetRawHTMLDefinition, which is more explicitly * named, instead. * - * @return HTMLPurifier_HTMLDefinition + * @return HTMLPurifier_HTMLDefinition|null */ public function getHTMLDefinition($raw = false, $optimized = false) { @@ -427,7 +427,7 @@ class HTMLPurifier_Config * maybeGetRawCSSDefinition, which is more explicitly * named, instead. * - * @return HTMLPurifier_CSSDefinition + * @return HTMLPurifier_CSSDefinition|null */ public function getCSSDefinition($raw = false, $optimized = false) { @@ -446,7 +446,7 @@ class HTMLPurifier_Config * maybeGetRawURIDefinition, which is more explicitly * named, instead. * - * @return HTMLPurifier_URIDefinition + * @return HTMLPurifier_URIDefinition|null */ public function getURIDefinition($raw = false, $optimized = false) { @@ -468,7 +468,7 @@ class HTMLPurifier_Config * maybe semantics is the "right thing to do." * * @throws HTMLPurifier_Exception - * @return HTMLPurifier_Definition + * @return HTMLPurifier_Definition|null */ public function getDefinition($type, $raw = false, $optimized = false) { @@ -647,7 +647,7 @@ class HTMLPurifier_Config } /** - * @return HTMLPurifier_HTMLDefinition + * @return HTMLPurifier_HTMLDefinition|null */ public function maybeGetRawHTMLDefinition() { @@ -655,7 +655,7 @@ class HTMLPurifier_Config } /** - * @return HTMLPurifier_CSSDefinition + * @return HTMLPurifier_CSSDefinition|null */ public function maybeGetRawCSSDefinition() { @@ -663,7 +663,7 @@ class HTMLPurifier_Config } /** - * @return HTMLPurifier_URIDefinition + * @return HTMLPurifier_URIDefinition|null */ public function maybeGetRawURIDefinition() { @@ -803,7 +803,7 @@ class HTMLPurifier_Config if ($index !== false) { $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); } - $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); + $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $ret = array(); @@ -890,7 +890,7 @@ class HTMLPurifier_Config // zip(tail(trace), trace) -- but PHP is not Haskell har har for ($i = 0, $c = count($trace); $i < $c - 1; $i++) { // XXX this is not correct on some versions of HTML Purifier - if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') { + if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') { continue; } $frame = $trace[$i]; diff --git a/library/vendor/HTMLPurifier/ConfigSchema.php b/library/vendor/HTMLPurifier/ConfigSchema.php index 655c0e97a..c3fe8cd4a 100644 --- a/library/vendor/HTMLPurifier/ConfigSchema.php +++ b/library/vendor/HTMLPurifier/ConfigSchema.php @@ -100,7 +100,7 @@ class HTMLPurifier_ConfigSchema * @param string $key Name of directive * @param mixed $default Default value of directive * @param string $type Allowed type of the directive. See - * HTMLPurifier_DirectiveDef::$type for allowed values + * HTMLPurifier_VarParser::$types for allowed values * @param bool $allow_null Whether or not to allow null values */ public function add($key, $default, $type, $allow_null) diff --git a/library/vendor/HTMLPurifier/ConfigSchema/schema.ser b/library/vendor/HTMLPurifier/ConfigSchema/schema.ser index 371e948f1c76d99bacea65b4735454656858edbf..a5426c7366587b46c84cf4b485c73f012c7361b5 100644 GIT binary patch literal 24190 zcmeHPOK;;ylAfQ^aAPkEw4t{p^+^&%w6QK%q3p)Yo(8m(mN}+KHA&g!DfEBeFCrr{ zlM-cDA9fE5mC$HQ5t$ho&wNDW=V@;^z4-0^)6JKCnLehb{O6*`AJfg<>d9=Ai)nxQ zy_$}v7i;sF?6bPM_%)e!dsp;pcQU=0)pdC}%d+CttQT2QRR$QhzgE-Upb3o2WNYq| za${^Co$2>K(FFz%yZCA{8sHT0B>;jZZpowmUYSKSyPwI}9f3ub=<98=F|({bpiH6p zOOmB)M!EpyXiWdZ9PI!tXxta5?@uqTZR?*>8iU$7u1LFk^R153l0ZPuYW|B_GWE+m zdC1Ilbn)xMv_qqI1rQhIL%Lp@+;P>hMcZCSmn68MomO`wEw7__maLw$w8Dh7QLlFl z{c1Mm+fG{hPQR4qG5r>BqN}XFjx6k^SS65?XBEkMUl*Wxo79)|=a-~RHf6GV(usA6 zogQbguj*nO&_{~k!BJZ6vgGY1&7Xh&dhPlkLOc>d)5kZ3_GtP7qi^%>bFbqW1X&&8j??@12L6Vk!{Li56(L7PcLe4 zBK*4cUqM9rNajI5b*JA`)&$I^Dpwc3{s}V~G#MOHVE?{-sCJjjZ!5E_(;{ah?GZJg zyv9fm(=N@{QbAwP=K;Ig`&1UN`n0k@G5X{T4l(X_NnZUut)Gg0P3oRL>}zrmR@cc= z7I$~neMI|R#+>wENZWz0x4WXOlN>57jiE3OdS9liXQv2c2@Yh|agmeDVW$M^3Lsy~ zVrR-aRi8yVN?=%Sny19cuLdqBwcLY12jp+6TlW$1w)f5zUd!5dX z&5E2J^+X+%si~9FlP(0_m#`1Rl4Gv`pR`Eekpt4e5w^iDV0WfW;luuI*tzr^w*UQ0 zLWD36Xp-Dl05#<{ttzWJ>2xsZle$1(7DZ_;XPZrF0DUppTbzEoVHvPOkpK@dtRmg5 z%5>)uNtBF8k>aP0TA7Dz&)yo$_&M&x<2WWUbune=So+7_ygsF5)zy?S zX3KeWMc-hE$shYf0i8~af7}#IC&)G_)7&+@0yG*B95PS-y{D;4m#!rs4<@z2g9jVN z!)QTx(3*#|0x_;pyc{gFy9e^}3hD4a`ql-B0Oin@b&_q199kqp#>@F4qHm1iyQQ{% z7Q~vDw8#v^XB&=Zz4@|7--y<-c+C|u8}?>BL|ta=!@kVG@WKrkE$8Dgvkh!tC2LcM zY#+vx<*Y+(NrhKWNm-X>U%AN=?>Y>p)=vf8Dmz+BQ`8$xx=W!6I%ES9^Dn-NhqhnL z6QKN&mM3L6_GmB}E}0e3OhT#B%<&TAj;#RD9rSox6>h@OqC4obaH#LM!~wh}pvQGm zK8M2*gU53sR)EcxN1d=eLMwcR<-}}4pP+MCYYPxeXr$tIf2t@`jf${wi!{KP&a~8rl zWs(Ql9*-B61kwTvUp=KxhbEJLZ@~c&9)V5yuz20$>@r;lMI_0R|cz+ zfVy!!UyLnv!uyJpER@|~+>e^#VU$n;y?B5Rjj9q96fcKklzLzOu`g1u@14$K8FjfA z;Y8C4ClFQCCpamQF}oesKRVSo?!s$xW0Do1)$?08jZSASo{IRGZbSM<6Z%M34D*D0 z7|W+vZU4q>NF&l<V|}Ry)inG z{vP+Mrz&;&NB+V3EsVWM(!6>o%0kDE7WCnin^%}qsg2j1z3~j>omy&!&yYb#ZW^GK{t+T1F~uL_32ANYZDD0Ivl3aa1?Q8 zIT~|!pfXEd3V&8ZSrGJ83Y3oAJWQOW4AANnVa~e zf7OX>v2Aa(x}e zw81#)+UQN29^03VYN0o}>JGbJ7+VHJ8ZSn{0VoVLYkl~k#hI)HOKH1sS_UXp(m%^(p+%NZ{e!BoJV#gfRZw+E9D zJg^vdqKKn-Xmtsb<|UDmN}<4MCqvd{@}SVse7x+jkAN;AR5q4Lv!QRupn!vMJP;^1 z3>7DuK`pHJgX!;*%sBU@!!DQ0vDHpEF2)GuJi!`iGA3MF+z|Lk%Ci_kNB6 zW-)`Z7rz*QQ1B7NgB2>pmnDk~TsT^Wk7h$3miI+8^1Lr{c%pCeuAs={u`T&IAS{k z*KjtP)NV}{$D{s0_t8hzH-N@Q%u_UMZW&qI4Dan1UoIP5i=$bA%$N$euO?Q>^V*j1*vg7yWe7Sd0*hB zU_*b=p%9%i^)U`(;uIYRJ~!qYj&#lKe*0j`ySIFGo!6$s5k4K%xx+H*8HdPpxQ=7d zY`+eU9Wi6>PtV?O5j*5i5popJs#qi9kwk&MuOEM5(a?dhMW|rZ zB#E<1h+2a3)7W<_94%WWyx;A8x_%2-iV2+TG?a%R{dcjy-#@UhN%d*{L{~z3Bj=?M z{u-Xdvy@KW1Z zMz;aMZ$P=>TQu8(4#Z)p|M+x69D>O`x>vOGhpmhgu)=&=%{ ziwTDLn+duyWX5VU4+<_VoI*6Z(<|T07&o?0e0v-3vkYhUyuKG(!t8lWci|DvS1&w> zCrvCbcg3NlhvIC#XVW<~?@Dmlf{PO3r7Fd3@ra{-3fiIy5IJ{;`vDFUa1wN+g_|0* zQZ;D1T+tcbC6Bnjd+_%wv^n7}334rWaWYy6`uy-OL?B0qvYuMm3lH`WZr(~LbT18> zDT($re2%kvoR`UHY9K|*+{$c?^`|37Cr^+YgS#AJ z7f7+2GUlC5l~Ak)4ce=q53Z)1aQ{JssWtV$n$P=sx36(e!`{U5$NOSyQe-fKhnuDA z9CHo3A)8PzsVe%~(HcgWg((SC!ity#<{`h|;nI-Q)-{3B35X_XFRVl0J<2Cx|*&(pdy(?4w6V>pX9M zHLtEQaBC75wS=P(LgoqWaoGi6Qbd|099YswppGbO7lI>Ko6dpw*2kBgwBz7rb}8kU z0kH)?BU+j=rxlpx6-mDZ{MA&&9-MV9fI>!qcLbMi=)SNyQ~CvVbC~2n#!vlyN}kQ^ zp(--mHY-g+@uxj+s?~EcHvM!oHmRP2-Wj;Y8rO-I3<`$?`;3KanXZvqLKjSHrxRAh zIy>)Ee7Gck4})6U{FE;?SL5?>E{@zWBM|~Du(>!8*Wdp0Z|j7vVa};IHm%1-i*qUt zF709SK^g}Ac}~SSr{cVrb1Kd`6^ECQh-#j*K6a^i($+c_2IoQfm6Pf8d$ zx-2=T;($9?gPv1y`n1J@H$A7~kPkhl;+#`)SP#yrIOkNHb1Kd`6$dAt=Tw|V4%ayq z=bVbe_bfQ}KBwZ~pz@rGgN@YB=TsbXc}~T#NB4X(cXLj~c|T|7oQmU9d^B0d-z`Fu zG~q%nCVfiAITc6l-?>n?HH+t*ilb%A=Tw|VuFW|W=bVajPR05En2LkkAf(jnB%P3A zB#!m*%Zi>!pp+lP1Z-E*{1N$E^ppUyVv%x!W|Ui|DPiuRmUQ~d7=66|0!}(5oYwbm zPJxh%CLoZB_x!^O<;9)%H=K3!AKtVQo&UZHo~Sn>j^X<#cw~7r&6>lH|%-6W=H<1I#q(c7Yf| zGj{p07C<eO?;e|BZg9pIF$9SX%QbIop za{ujPJQjNJy3DD^cr3wv(lyr=67Ns!%^=EsmLLE#a9K`-j&;2MxtVgXBDaK!Vnn#2S-{v0537_WivUlL%X&!+> zeH>Ju<`EE>>_F~m9;iDzOeC8IK*@dN*Leivy%?{Yz%J7FN=j;_* zpXCvY=0(4+x{$%7%(GnDUy3pi19yiO{Y6;|?hl!1lu@e}wzm)xncL$I$S} zAF;t7sWTHw;5IEKD|$zZDk8Kf4Z+|8$3qgJSs=mvR5e?x=>AG^8%szBIx21xZjkK} zAsQm7xJ^LH>1D3PZRxZ}hC^1tZQ6_4ggvSoeEOoLZ?>pSFjO}zMq5#vP@;&3MQuKw zGCjUx%?CCMXgeX3zEz5-6VzfgvI1TAaQoJRHDK}TN$1&8vnKN-Z$SLAdLP!TSp@Rm z0RsF`Yt5SUrVtL*^$HPO(WBAUXX?pVV7*Vu$Hl3w#GR~F6?S;q z*^)sT*QyE>f|HrKT2*z2kdc6VxvI2+1_+3xrRAyuL_20e2zr0!MYS6{V3;zTBNE_2vndg@xnK4R;aRnf=zNutx)yM;nOwQ zCjsT7J={^PYdc%uB7*UJ>8l<0(Th9%3r1NM-{NmNqVQ=SmXTp=l=jZB`Dbd delta 268 zcmeyjhjDYw1an5yjTT{Slb85OOg_n`$ZT#^Jy};!cJdPoiOEXl(vxi@q$kG$9HItm&s4Y3!fL(HOytw3KXKks;abnV<2 IOGFhL0QW*sxc~qF diff --git a/library/vendor/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt b/library/vendor/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt index ca17eb1dc..9228dee22 100644 --- a/library/vendor/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt +++ b/library/vendor/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt @@ -6,7 +6,7 @@ DEFAULT: false

When enabled, HTML Purifier will treat any elements that contain only non-breaking spaces as well as regular whitespace as empty, and remove - them when %AutoForamt.RemoveEmpty is enabled. + them when %AutoFormat.RemoveEmpty is enabled.

See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements diff --git a/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt b/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt new file mode 100644 index 000000000..06278f82a --- /dev/null +++ b/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt @@ -0,0 +1,12 @@ +Core.AllowParseManyTags +TYPE: bool +DEFAULT: false +VERSION: 4.10.1 +--DESCRIPTION-- +

+ This directive allows parsing of many nested tags. + If you set true, relaxes any hardcoded limit from the parser. + However, in that case it may cause a Dos attack. + Be careful when enabling it. +

+--# vim: et sw=4 sts=4 diff --git a/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt b/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt index c572c14ec..a75844cd5 100644 --- a/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt +++ b/library/vendor/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt @@ -3,23 +3,154 @@ TYPE: hash VERSION: 2.0.0 --DEFAULT-- array ( - 'maroon' => '#800000', - 'red' => '#FF0000', - 'orange' => '#FFA500', - 'yellow' => '#FFFF00', - 'olive' => '#808000', - 'purple' => '#800080', - 'fuchsia' => '#FF00FF', - 'white' => '#FFFFFF', - 'lime' => '#00FF00', - 'green' => '#008000', - 'navy' => '#000080', - 'blue' => '#0000FF', + 'aliceblue' => '#F0F8FF', + 'antiquewhite' => '#FAEBD7', 'aqua' => '#00FFFF', - 'teal' => '#008080', + 'aquamarine' => '#7FFFD4', + 'azure' => '#F0FFFF', + 'beige' => '#F5F5DC', + 'bisque' => '#FFE4C4', 'black' => '#000000', - 'silver' => '#C0C0C0', + 'blanchedalmond' => '#FFEBCD', + 'blue' => '#0000FF', + 'blueviolet' => '#8A2BE2', + 'brown' => '#A52A2A', + 'burlywood' => '#DEB887', + 'cadetblue' => '#5F9EA0', + 'chartreuse' => '#7FFF00', + 'chocolate' => '#D2691E', + 'coral' => '#FF7F50', + 'cornflowerblue' => '#6495ED', + 'cornsilk' => '#FFF8DC', + 'crimson' => '#DC143C', + 'cyan' => '#00FFFF', + 'darkblue' => '#00008B', + 'darkcyan' => '#008B8B', + 'darkgoldenrod' => '#B8860B', + 'darkgray' => '#A9A9A9', + 'darkgrey' => '#A9A9A9', + 'darkgreen' => '#006400', + 'darkkhaki' => '#BDB76B', + 'darkmagenta' => '#8B008B', + 'darkolivegreen' => '#556B2F', + 'darkorange' => '#FF8C00', + 'darkorchid' => '#9932CC', + 'darkred' => '#8B0000', + 'darksalmon' => '#E9967A', + 'darkseagreen' => '#8FBC8F', + 'darkslateblue' => '#483D8B', + 'darkslategray' => '#2F4F4F', + 'darkslategrey' => '#2F4F4F', + 'darkturquoise' => '#00CED1', + 'darkviolet' => '#9400D3', + 'deeppink' => '#FF1493', + 'deepskyblue' => '#00BFFF', + 'dimgray' => '#696969', + 'dimgrey' => '#696969', + 'dodgerblue' => '#1E90FF', + 'firebrick' => '#B22222', + 'floralwhite' => '#FFFAF0', + 'forestgreen' => '#228B22', + 'fuchsia' => '#FF00FF', + 'gainsboro' => '#DCDCDC', + 'ghostwhite' => '#F8F8FF', + 'gold' => '#FFD700', + 'goldenrod' => '#DAA520', 'gray' => '#808080', + 'grey' => '#808080', + 'green' => '#008000', + 'greenyellow' => '#ADFF2F', + 'honeydew' => '#F0FFF0', + 'hotpink' => '#FF69B4', + 'indianred' => '#CD5C5C', + 'indigo' => '#4B0082', + 'ivory' => '#FFFFF0', + 'khaki' => '#F0E68C', + 'lavender' => '#E6E6FA', + 'lavenderblush' => '#FFF0F5', + 'lawngreen' => '#7CFC00', + 'lemonchiffon' => '#FFFACD', + 'lightblue' => '#ADD8E6', + 'lightcoral' => '#F08080', + 'lightcyan' => '#E0FFFF', + 'lightgoldenrodyellow' => '#FAFAD2', + 'lightgray' => '#D3D3D3', + 'lightgrey' => '#D3D3D3', + 'lightgreen' => '#90EE90', + 'lightpink' => '#FFB6C1', + 'lightsalmon' => '#FFA07A', + 'lightseagreen' => '#20B2AA', + 'lightskyblue' => '#87CEFA', + 'lightslategray' => '#778899', + 'lightslategrey' => '#778899', + 'lightsteelblue' => '#B0C4DE', + 'lightyellow' => '#FFFFE0', + 'lime' => '#00FF00', + 'limegreen' => '#32CD32', + 'linen' => '#FAF0E6', + 'magenta' => '#FF00FF', + 'maroon' => '#800000', + 'mediumaquamarine' => '#66CDAA', + 'mediumblue' => '#0000CD', + 'mediumorchid' => '#BA55D3', + 'mediumpurple' => '#9370DB', + 'mediumseagreen' => '#3CB371', + 'mediumslateblue' => '#7B68EE', + 'mediumspringgreen' => '#00FA9A', + 'mediumturquoise' => '#48D1CC', + 'mediumvioletred' => '#C71585', + 'midnightblue' => '#191970', + 'mintcream' => '#F5FFFA', + 'mistyrose' => '#FFE4E1', + 'moccasin' => '#FFE4B5', + 'navajowhite' => '#FFDEAD', + 'navy' => '#000080', + 'oldlace' => '#FDF5E6', + 'olive' => '#808000', + 'olivedrab' => '#6B8E23', + 'orange' => '#FFA500', + 'orangered' => '#FF4500', + 'orchid' => '#DA70D6', + 'palegoldenrod' => '#EEE8AA', + 'palegreen' => '#98FB98', + 'paleturquoise' => '#AFEEEE', + 'palevioletred' => '#DB7093', + 'papayawhip' => '#FFEFD5', + 'peachpuff' => '#FFDAB9', + 'peru' => '#CD853F', + 'pink' => '#FFC0CB', + 'plum' => '#DDA0DD', + 'powderblue' => '#B0E0E6', + 'purple' => '#800080', + 'rebeccapurple' => '#663399', + 'red' => '#FF0000', + 'rosybrown' => '#BC8F8F', + 'royalblue' => '#4169E1', + 'saddlebrown' => '#8B4513', + 'salmon' => '#FA8072', + 'sandybrown' => '#F4A460', + 'seagreen' => '#2E8B57', + 'seashell' => '#FFF5EE', + 'sienna' => '#A0522D', + 'silver' => '#C0C0C0', + 'skyblue' => '#87CEEB', + 'slateblue' => '#6A5ACD', + 'slategray' => '#708090', + 'slategrey' => '#708090', + 'snow' => '#FFFAFA', + 'springgreen' => '#00FF7F', + 'steelblue' => '#4682B4', + 'tan' => '#D2B48C', + 'teal' => '#008080', + 'thistle' => '#D8BFD8', + 'tomato' => '#FF6347', + 'turquoise' => '#40E0D0', + 'violet' => '#EE82EE', + 'wheat' => '#F5DEB3', + 'white' => '#FFFFFF', + 'whitesmoke' => '#F5F5F5', + 'yellow' => '#FFFF00', + 'yellowgreen' => '#9ACD32' ) --DESCRIPTION-- diff --git a/library/vendor/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt b/library/vendor/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt new file mode 100644 index 000000000..4a432d89b --- /dev/null +++ b/library/vendor/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt @@ -0,0 +1,11 @@ +HTML.Forms +TYPE: bool +VERSION: 4.13.0 +DEFAULT: false +--DESCRIPTION-- +

+ Whether or not to permit form elements in the user input, regardless of + %HTML.Trusted value. Please be very careful when using this functionality, as + enabling forms in untrusted documents may allow for phishing attacks. +

+--# vim: et sw=4 sts=4 diff --git a/library/vendor/HTMLPurifier/DefinitionCache/Serializer/README b/library/vendor/HTMLPurifier/DefinitionCache/Serializer/README old mode 100644 new mode 100755 diff --git a/library/vendor/HTMLPurifier/ElementDef.php b/library/vendor/HTMLPurifier/ElementDef.php index d5311cedc..57cfd2bb0 100644 --- a/library/vendor/HTMLPurifier/ElementDef.php +++ b/library/vendor/HTMLPurifier/ElementDef.php @@ -176,7 +176,7 @@ class HTMLPurifier_ElementDef if (!empty($def->content_model)) { $this->content_model = - str_replace("#SUPER", $this->content_model, $def->content_model); + str_replace("#SUPER", (string)$this->content_model, $def->content_model); $this->child = false; } if (!empty($def->content_model_type)) { diff --git a/library/vendor/HTMLPurifier/Encoder.php b/library/vendor/HTMLPurifier/Encoder.php index 40a24266a..d4791cc1b 100644 --- a/library/vendor/HTMLPurifier/Encoder.php +++ b/library/vendor/HTMLPurifier/Encoder.php @@ -398,8 +398,8 @@ class HTMLPurifier_Encoder // characters to their true byte-wise ASCII/UTF-8 equivalents. $str = strtr($str, self::testEncodingSupportsASCII($encoding)); return $str; - } elseif ($encoding === 'iso-8859-1') { - $str = utf8_encode($str); + } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) { + $str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1'); return $str; } $bug = HTMLPurifier_Encoder::testIconvTruncateBug(); @@ -450,8 +450,8 @@ class HTMLPurifier_Encoder // Normal stuff $str = self::iconv('utf-8', $encoding . '//IGNORE', $str); return $str; - } elseif ($encoding === 'iso-8859-1') { - $str = utf8_decode($str); + } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) { + $str = mb_convert_encoding($str, 'ISO-8859-1', 'UTF-8'); return $str; } trigger_error('Encoding not supported', E_USER_ERROR); diff --git a/library/vendor/HTMLPurifier/EntityParser.php b/library/vendor/HTMLPurifier/EntityParser.php index c372b5a6a..3ef2d09ec 100644 --- a/library/vendor/HTMLPurifier/EntityParser.php +++ b/library/vendor/HTMLPurifier/EntityParser.php @@ -118,7 +118,7 @@ class HTMLPurifier_EntityParser $entity = $matches[0]; $hex_part = @$matches[1]; $dec_part = @$matches[2]; - $named_part = empty($matches[3]) ? @$matches[4] : $matches[3]; + $named_part = empty($matches[3]) ? (empty($matches[4]) ? "" : $matches[4]) : $matches[3]; if ($hex_part !== NULL && $hex_part !== "") { return HTMLPurifier_Encoder::unichr(hexdec($hex_part)); } elseif ($dec_part !== NULL && $dec_part !== "") { diff --git a/library/vendor/HTMLPurifier/HTMLModule.php b/library/vendor/HTMLPurifier/HTMLModule.php index bb3a9230b..9dbb98729 100644 --- a/library/vendor/HTMLPurifier/HTMLModule.php +++ b/library/vendor/HTMLPurifier/HTMLModule.php @@ -132,9 +132,9 @@ class HTMLPurifier_HTMLModule * @param string $element Name of element to add * @param string|bool $type What content set should element be registered to? * Set as false to skip this step. - * @param string $contents Allowed children in form of: + * @param string|HTMLPurifier_ChildDef $contents Allowed children in form of: * "$content_model_type: $content_model" - * @param array $attr_includes What attribute collections to register to + * @param array|string $attr_includes What attribute collections to register to * element? * @param array $attr What unique attributes does the element define? * @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters. @@ -257,8 +257,9 @@ class HTMLPurifier_HTMLModule */ public function makeLookup($list) { + $args = func_get_args(); if (is_string($list)) { - $list = func_get_args(); + $list = $args; } $ret = array(); foreach ($list as $value) { diff --git a/library/vendor/HTMLPurifier/HTMLModule/CommonAttributes.php b/library/vendor/HTMLPurifier/HTMLModule/CommonAttributes.php index a96ab1bef..7220c14cc 100644 --- a/library/vendor/HTMLPurifier/HTMLModule/CommonAttributes.php +++ b/library/vendor/HTMLPurifier/HTMLModule/CommonAttributes.php @@ -17,6 +17,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule 'class' => 'Class', 'id' => 'ID', 'title' => 'CDATA', + 'contenteditable' => 'ContentEditable', ), 'Lang' => array(), 'I18N' => array( diff --git a/library/vendor/HTMLPurifier/HTMLModule/Forms.php b/library/vendor/HTMLPurifier/HTMLModule/Forms.php index 6f7ddbc05..eb0edcffd 100644 --- a/library/vendor/HTMLPurifier/HTMLModule/Forms.php +++ b/library/vendor/HTMLPurifier/HTMLModule/Forms.php @@ -28,6 +28,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule */ public function setup($config) { + if ($config->get('HTML.Forms')) { + $this->safe = true; + } + $form = $this->addElement( 'form', 'Form', diff --git a/library/vendor/HTMLPurifier/HTMLModule/SafeScripting.php b/library/vendor/HTMLPurifier/HTMLModule/SafeScripting.php index 0330cd97f..aea7584c3 100644 --- a/library/vendor/HTMLPurifier/HTMLModule/SafeScripting.php +++ b/library/vendor/HTMLPurifier/HTMLModule/SafeScripting.php @@ -23,13 +23,13 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule $script = $this->addElement( 'script', 'Inline', - 'Empty', + 'Optional:', // Not `Empty` to not allow to autoclose the