tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

vendor: Upgrade HTMLPurifier to v4.16.0

Browse Source
This commit is contained in:
Johannes Meyer 2022-12-07 14:52:32 +01:00
parent 0096f43e0d
commit 7df5045420
49 changed files with 406 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
library/vendor/HTMLPurifier.autoload.php vendored
View File

@ -17,6 +17,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php'; require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php';
} }
// phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.zend_ze1_compatibility_modeRemoved
if (ini_get('zend.ze1_compatibility_mode')) { if (ini_get('zend.ze1_compatibility_mode')) {
trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR); trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
} }

17
library/vendor/HTMLPurifier.php vendored
View File

@ -19,7 +19,7 @@
*/ */
/* /*
HTML Purifier 4.10.0 - Standards Compliant HTML Filtering HTML Purifier 4.15.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
@ -58,12 +58,12 @@ class HTMLPurifier
* Version of HTML Purifier. * Version of HTML Purifier.
* @type string * @type string
*/ */
public $version = '4.10.0'; public $version = '4.15.0';
/** /**
* Constant with version of HTML Purifier. * Constant with version of HTML Purifier.
*/ */
const VERSION = '4.10.0'; const VERSION = '4.15.0';
/** /**
* Global configuration object. * Global configuration object.
@ -240,12 +240,17 @@ class HTMLPurifier
public function purifyArray($array_of_html, $config = null) public function purifyArray($array_of_html, $config = null)
{ {
$context_array = array(); $context_array = array();
foreach ($array_of_html as $key => $html) { $array = array();
$array_of_html[$key] = $this->purify($html, $config); foreach($array_of_html as $key=>$value){
if (is_array($value)) {
$array[$key] = $this->purifyArray($value, $config);
} else {
$array[$key] = $this->purify($value, $config);
}
$context_array[$key] = $this->context; $context_array[$key] = $this->context;
} }
$this->context = $context_array; $this->context = $context_array;
return $array_of_html; return $array;
} }
/** /**

2
library/vendor/HTMLPurifier/AttrDef/CSS/Background.php vendored
View File

@ -25,6 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$this->info['background-repeat'] = $def->info['background-repeat']; $this->info['background-repeat'] = $def->info['background-repeat'];
$this->info['background-attachment'] = $def->info['background-attachment']; $this->info['background-attachment'] = $def->info['background-attachment'];
$this->info['background-position'] = $def->info['background-position']; $this->info['background-position'] = $def->info['background-position'];
$this->info['background-size'] = $def->info['background-size'];
} }
/** /**
@ -53,6 +54,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
$caught['repeat'] = false; $caught['repeat'] = false;
$caught['attachment'] = false; $caught['attachment'] = false;
$caught['position'] = false; $caught['position'] = false;
$caught['size'] = false;
$i = 0; // number of catches $i = 0; // number of catches

6
library/vendor/HTMLPurifier/AttrDef/CSS/Number.php vendored
View File

@ -69,7 +69,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
return false; return false;
} }
// Remove leading zeros until positive number or a zero stays left
if (ltrim($left, '0') != '') {
$left = ltrim($left, '0'); $left = ltrim($left, '0');
} else {
$left = '0';
}
$right = rtrim($right, '0'); $right = rtrim($right, '0');
if ($right === '') { if ($right === '') {

4
library/vendor/HTMLPurifier/AttrDef/HTML/Bool.php vendored
View File

@ -7,7 +7,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
{ {
/** /**
* @type bool * @type string
*/ */
protected $name; protected $name;
@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
public $minimized = true; public $minimized = true;
/** /**
* @param bool $name * @param bool|string $name
*/ */
public function __construct($name = false) public function __construct($name = false)
{ {

16
library/vendor/HTMLPurifier/AttrDef/HTML/ContentEditable.php vendored Normal file
View File

@ -0,0 +1,16 @@
<?php
class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
{
public function validate($string, $config, $context)
{
$allowed = array('false');
if ($config->get('HTML.Trusted')) {
$allowed = array('', 'true', 'false');
}
$enum = new HTMLPurifier_AttrDef_Enum($allowed);
return $enum->validate($string, $config, $context);
}
}

4
library/vendor/HTMLPurifier/AttrDef/URI/Host.php vendored
View File

@ -97,7 +97,11 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
// PHP 5.3 and later support this functionality natively // PHP 5.3 and later support this functionality natively
if (function_exists('idn_to_ascii')) { if (function_exists('idn_to_ascii')) {
if (defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46')) {
$string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46); $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
} else {
$string = idn_to_ascii($string);
}
// If we have Net_IDNA2 support, we can support IRIs by // If we have Net_IDNA2 support, we can support IRIs by
// punycoding them. (This is the most portable thing to do, // punycoding them. (This is the most portable thing to do,

5
library/vendor/HTMLPurifier/AttrTransform/NameSync.php vendored
View File

@ -8,6 +8,11 @@
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
{ {
/**
* @type HTMLPurifier_AttrDef_HTML_ID
*/
public $idDef;
public function __construct() public function __construct()
{ {
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();

5
library/vendor/HTMLPurifier/AttrTransform/SafeParam.php vendored
View File

@ -24,6 +24,11 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
*/ */
private $uri; private $uri;
/**
* @type HTMLPurifier_AttrDef_Enum
*/
public $wmode;
public function __construct() public function __construct()
{ {
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded

1
library/vendor/HTMLPurifier/AttrTypes.php vendored
View File

@ -41,6 +41,7 @@ class HTMLPurifier_AttrTypes
$this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right'); $this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right');
$this->info['LAlign'] = self::makeEnum('top,bottom,left,right'); $this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget(); $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
$this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable();
// unimplemented aliases // unimplemented aliases
$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text(); $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();

68
library/vendor/HTMLPurifier/CSSDefinition.php vendored
View File

@ -109,6 +109,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
); );
$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
$this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_Enum(
array(
'auto',
'cover',
'contain',
'initial',
'inherit',
)
),
new HTMLPurifier_AttrDef_CSS_Percentage(),
new HTMLPurifier_AttrDef_CSS_Length()
)
);
$border_color = $border_color =
$this->info['border-top-color'] = $this->info['border-top-color'] =
$this->info['border-bottom-color'] = $this->info['border-bottom-color'] =
@ -220,15 +236,25 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
array( array(
new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true), new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('auto')) new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit'))
)
);
$trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
)
);
$trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
) )
); );
$max = $config->get('CSS.MaxImgLength'); $max = $config->get('CSS.MaxImgLength');
$this->info['min-width'] =
$this->info['max-width'] =
$this->info['min-height'] =
$this->info['max-height'] =
$this->info['width'] = $this->info['width'] =
$this->info['height'] = $this->info['height'] =
$max === null ? $max === null ?
@ -245,6 +271,38 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// For everyone else: // For everyone else:
$trusted_wh $trusted_wh
); );
$this->info['min-width'] =
$this->info['min-height'] =
$max === null ?
$trusted_min_wh :
new HTMLPurifier_AttrDef_Switch(
'img',
// For img tags:
new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
)
),
// For everyone else:
$trusted_min_wh
);
$this->info['max-width'] =
$this->info['max-height'] =
$max === null ?
$trusted_max_wh :
new HTMLPurifier_AttrDef_Switch(
'img',
// For img tags:
new HTMLPurifier_AttrDef_CSS_Composite(
array(
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
)
),
// For everyone else:
$trusted_max_wh
);
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();

2
library/vendor/HTMLPurifier/ChildDef/List.php vendored
View File

@ -22,6 +22,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
// XXX: This whole business with 'wrap' is all a bit unsatisfactory // XXX: This whole business with 'wrap' is all a bit unsatisfactory
public $elements = array('li' => true, 'ul' => true, 'ol' => true); public $elements = array('li' => true, 'ul' => true, 'ol' => true);
public $whitespace;
/** /**
* @param array $children * @param array $children
* @param HTMLPurifier_Config $config * @param HTMLPurifier_Config $config

2
library/vendor/HTMLPurifier/ChildDef/Table.php vendored
View File

@ -164,7 +164,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
} }
} }
if (empty($content)) { if (empty($content) && $thead === false && $tfoot === false) {
return false; return false;
} }

20
library/vendor/HTMLPurifier/Config.php vendored
View File

@ -21,7 +21,7 @@ class HTMLPurifier_Config
* HTML Purifier's version * HTML Purifier's version
* @type string * @type string
*/ */
public $version = '4.10.0'; public $version = '4.15.0';
/** /**
* Whether or not to automatically finalize * Whether or not to automatically finalize
@ -408,7 +408,7 @@ class HTMLPurifier_Config
* maybeGetRawHTMLDefinition, which is more explicitly * maybeGetRawHTMLDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_HTMLDefinition * @return HTMLPurifier_HTMLDefinition|null
*/ */
public function getHTMLDefinition($raw = false, $optimized = false) public function getHTMLDefinition($raw = false, $optimized = false)
{ {
@ -427,7 +427,7 @@ class HTMLPurifier_Config
* maybeGetRawCSSDefinition, which is more explicitly * maybeGetRawCSSDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_CSSDefinition * @return HTMLPurifier_CSSDefinition|null
*/ */
public function getCSSDefinition($raw = false, $optimized = false) public function getCSSDefinition($raw = false, $optimized = false)
{ {
@ -446,7 +446,7 @@ class HTMLPurifier_Config
* maybeGetRawURIDefinition, which is more explicitly * maybeGetRawURIDefinition, which is more explicitly
* named, instead. * named, instead.
* *
* @return HTMLPurifier_URIDefinition * @return HTMLPurifier_URIDefinition|null
*/ */
public function getURIDefinition($raw = false, $optimized = false) public function getURIDefinition($raw = false, $optimized = false)
{ {
@ -468,7 +468,7 @@ class HTMLPurifier_Config
* maybe semantics is the "right thing to do." * maybe semantics is the "right thing to do."
* *
* @throws HTMLPurifier_Exception * @throws HTMLPurifier_Exception
* @return HTMLPurifier_Definition * @return HTMLPurifier_Definition|null
*/ */
public function getDefinition($type, $raw = false, $optimized = false) public function getDefinition($type, $raw = false, $optimized = false)
{ {
@ -647,7 +647,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_HTMLDefinition * @return HTMLPurifier_HTMLDefinition|null
*/ */
public function maybeGetRawHTMLDefinition() public function maybeGetRawHTMLDefinition()
{ {
@ -655,7 +655,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_CSSDefinition * @return HTMLPurifier_CSSDefinition|null
*/ */
public function maybeGetRawCSSDefinition() public function maybeGetRawCSSDefinition()
{ {
@ -663,7 +663,7 @@ class HTMLPurifier_Config
} }
/** /**
* @return HTMLPurifier_URIDefinition * @return HTMLPurifier_URIDefinition|null
*/ */
public function maybeGetRawURIDefinition() public function maybeGetRawURIDefinition()
{ {
@ -803,7 +803,7 @@ class HTMLPurifier_Config
if ($index !== false) { if ($index !== false) {
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
} }
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
$ret = array(); $ret = array();
@ -890,7 +890,7 @@ class HTMLPurifier_Config
// zip(tail(trace), trace) -- but PHP is not Haskell har har // zip(tail(trace), trace) -- but PHP is not Haskell har har
for ($i = 0, $c = count($trace); $i < $c - 1; $i++) { for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
// XXX this is not correct on some versions of HTML Purifier // XXX this is not correct on some versions of HTML Purifier
if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') { if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
continue; continue;
} }
$frame = $trace[$i]; $frame = $trace[$i];

2
library/vendor/HTMLPurifier/ConfigSchema.php vendored
View File

@ -100,7 +100,7 @@ class HTMLPurifier_ConfigSchema
* @param string $key Name of directive * @param string $key Name of directive
* @param mixed $default Default value of directive * @param mixed $default Default value of directive
* @param string $type Allowed type of the directive. See * @param string $type Allowed type of the directive. See
* HTMLPurifier_DirectiveDef::$type for allowed values * HTMLPurifier_VarParser::$types for allowed values
* @param bool $allow_null Whether or not to allow null values * @param bool $allow_null Whether or not to allow null values
*/ */
public function add($key, $default, $type, $allow_null) public function add($key, $default, $type, $allow_null)

BIN
library/vendor/HTMLPurifier/ConfigSchema/schema.ser vendored
View File

Binary file not shown.

2
library/vendor/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt vendored
View File

@ -6,7 +6,7 @@ DEFAULT: false
<p> <p>
When enabled, HTML Purifier will treat any elements that contain only When enabled, HTML Purifier will treat any elements that contain only
non-breaking spaces as well as regular whitespace as empty, and remove non-breaking spaces as well as regular whitespace as empty, and remove
them when %AutoForamt.RemoveEmpty is enabled. them when %AutoFormat.RemoveEmpty is enabled.
</p> </p>
<p> <p>
See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements

12
library/vendor/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt vendored Normal file
View File

@ -0,0 +1,12 @@
Core.AllowParseManyTags
TYPE: bool
DEFAULT: false
VERSION: 4.10.1
--DESCRIPTION--
<p>
This directive allows parsing of many nested tags.
If you set true, relaxes any hardcoded limit from the parser.
However, in that case it may cause a Dos attack.
Be careful when enabling it.
</p>
--# vim: et sw=4 sts=4

159
library/vendor/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt vendored
View File

@ -3,23 +3,154 @@ TYPE: hash
VERSION: 2.0.0 VERSION: 2.0.0
--DEFAULT-- --DEFAULT--
array ( array (
'maroon' => '#800000', 'aliceblue' => '#F0F8FF',
'red' => '#FF0000', 'antiquewhite' => '#FAEBD7',
'orange' => '#FFA500',
'yellow' => '#FFFF00',
'olive' => '#808000',
'purple' => '#800080',
'fuchsia' => '#FF00FF',
'white' => '#FFFFFF',
'lime' => '#00FF00',
'green' => '#008000',
'navy' => '#000080',
'blue' => '#0000FF',
'aqua' => '#00FFFF', 'aqua' => '#00FFFF',
'teal' => '#008080', 'aquamarine' => '#7FFFD4',
'azure' => '#F0FFFF',
'beige' => '#F5F5DC',
'bisque' => '#FFE4C4',
'black' => '#000000', 'black' => '#000000',
'silver' => '#C0C0C0', 'blanchedalmond' => '#FFEBCD',
'blue' => '#0000FF',
'blueviolet' => '#8A2BE2',
'brown' => '#A52A2A',
'burlywood' => '#DEB887',
'cadetblue' => '#5F9EA0',
'chartreuse' => '#7FFF00',
'chocolate' => '#D2691E',
'coral' => '#FF7F50',
'cornflowerblue' => '#6495ED',
'cornsilk' => '#FFF8DC',
'crimson' => '#DC143C',
'cyan' => '#00FFFF',
'darkblue' => '#00008B',
'darkcyan' => '#008B8B',
'darkgoldenrod' => '#B8860B',
'darkgray' => '#A9A9A9',
'darkgrey' => '#A9A9A9',
'darkgreen' => '#006400',
'darkkhaki' => '#BDB76B',
'darkmagenta' => '#8B008B',
'darkolivegreen' => '#556B2F',
'darkorange' => '#FF8C00',
'darkorchid' => '#9932CC',
'darkred' => '#8B0000',
'darksalmon' => '#E9967A',
'darkseagreen' => '#8FBC8F',
'darkslateblue' => '#483D8B',
'darkslategray' => '#2F4F4F',
'darkslategrey' => '#2F4F4F',
'darkturquoise' => '#00CED1',
'darkviolet' => '#9400D3',
'deeppink' => '#FF1493',
'deepskyblue' => '#00BFFF',
'dimgray' => '#696969',
'dimgrey' => '#696969',
'dodgerblue' => '#1E90FF',
'firebrick' => '#B22222',
'floralwhite' => '#FFFAF0',
'forestgreen' => '#228B22',
'fuchsia' => '#FF00FF',
'gainsboro' => '#DCDCDC',
'ghostwhite' => '#F8F8FF',
'gold' => '#FFD700',
'goldenrod' => '#DAA520',
'gray' => '#808080', 'gray' => '#808080',
'grey' => '#808080',
'green' => '#008000',
'greenyellow' => '#ADFF2F',
'honeydew' => '#F0FFF0',
'hotpink' => '#FF69B4',
'indianred' => '#CD5C5C',
'indigo' => '#4B0082',
'ivory' => '#FFFFF0',
'khaki' => '#F0E68C',
'lavender' => '#E6E6FA',
'lavenderblush' => '#FFF0F5',
'lawngreen' => '#7CFC00',
'lemonchiffon' => '#FFFACD',
'lightblue' => '#ADD8E6',
'lightcoral' => '#F08080',
'lightcyan' => '#E0FFFF',
'lightgoldenrodyellow' => '#FAFAD2',
'lightgray' => '#D3D3D3',
'lightgrey' => '#D3D3D3',
'lightgreen' => '#90EE90',
'lightpink' => '#FFB6C1',
'lightsalmon' => '#FFA07A',
'lightseagreen' => '#20B2AA',
'lightskyblue' => '#87CEFA',
'lightslategray' => '#778899',
'lightslategrey' => '#778899',
'lightsteelblue' => '#B0C4DE',
'lightyellow' => '#FFFFE0',
'lime' => '#00FF00',
'limegreen' => '#32CD32',
'linen' => '#FAF0E6',
'magenta' => '#FF00FF',
'maroon' => '#800000',
'mediumaquamarine' => '#66CDAA',
'mediumblue' => '#0000CD',
'mediumorchid' => '#BA55D3',
'mediumpurple' => '#9370DB',
'mediumseagreen' => '#3CB371',
'mediumslateblue' => '#7B68EE',
'mediumspringgreen' => '#00FA9A',
'mediumturquoise' => '#48D1CC',
'mediumvioletred' => '#C71585',
'midnightblue' => '#191970',
'mintcream' => '#F5FFFA',
'mistyrose' => '#FFE4E1',
'moccasin' => '#FFE4B5',
'navajowhite' => '#FFDEAD',
'navy' => '#000080',
'oldlace' => '#FDF5E6',
'olive' => '#808000',
'olivedrab' => '#6B8E23',
'orange' => '#FFA500',
'orangered' => '#FF4500',
'orchid' => '#DA70D6',
'palegoldenrod' => '#EEE8AA',
'palegreen' => '#98FB98',
'paleturquoise' => '#AFEEEE',
'palevioletred' => '#DB7093',
'papayawhip' => '#FFEFD5',
'peachpuff' => '#FFDAB9',
'peru' => '#CD853F',
'pink' => '#FFC0CB',
'plum' => '#DDA0DD',
'powderblue' => '#B0E0E6',
'purple' => '#800080',
'rebeccapurple' => '#663399',
'red' => '#FF0000',
'rosybrown' => '#BC8F8F',
'royalblue' => '#4169E1',
'saddlebrown' => '#8B4513',
'salmon' => '#FA8072',
'sandybrown' => '#F4A460',
'seagreen' => '#2E8B57',
'seashell' => '#FFF5EE',
'sienna' => '#A0522D',
'silver' => '#C0C0C0',
'skyblue' => '#87CEEB',
'slateblue' => '#6A5ACD',
'slategray' => '#708090',
'slategrey' => '#708090',
'snow' => '#FFFAFA',
'springgreen' => '#00FF7F',
'steelblue' => '#4682B4',
'tan' => '#D2B48C',
'teal' => '#008080',
'thistle' => '#D8BFD8',
'tomato' => '#FF6347',
'turquoise' => '#40E0D0',
'violet' => '#EE82EE',
'wheat' => '#F5DEB3',
'white' => '#FFFFFF',
'whitesmoke' => '#F5F5F5',
'yellow' => '#FFFF00',
'yellowgreen' => '#9ACD32'
) )
--DESCRIPTION-- --DESCRIPTION--

11
library/vendor/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt vendored Normal file
View File

@ -0,0 +1,11 @@
HTML.Forms
TYPE: bool
VERSION: 4.13.0
DEFAULT: false
--DESCRIPTION--
<p>
Whether or not to permit form elements in the user input, regardless of
%HTML.Trusted value. Please be very careful when using this functionality, as
enabling forms in untrusted documents may allow for phishing attacks.
</p>
--# vim: et sw=4 sts=4

0
library/vendor/HTMLPurifier/DefinitionCache/Serializer/README vendored Normal file → Executable file
View File

2
library/vendor/HTMLPurifier/ElementDef.php vendored
View File

@ -176,7 +176,7 @@ class HTMLPurifier_ElementDef
if (!empty($def->content_model)) { if (!empty($def->content_model)) {
$this->content_model = $this->content_model =
str_replace("#SUPER", $this->content_model, $def->content_model); str_replace("#SUPER", (string)$this->content_model, $def->content_model);
$this->child = false; $this->child = false;
} }
if (!empty($def->content_model_type)) { if (!empty($def->content_model_type)) {

8
library/vendor/HTMLPurifier/Encoder.php vendored
View File

@ -398,8 +398,8 @@ class HTMLPurifier_Encoder
// characters to their true byte-wise ASCII/UTF-8 equivalents. // characters to their true byte-wise ASCII/UTF-8 equivalents.
$str = strtr($str, self::testEncodingSupportsASCII($encoding)); $str = strtr($str, self::testEncodingSupportsASCII($encoding));
return $str; return $str;
} elseif ($encoding === 'iso-8859-1') { } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
$str = utf8_encode($str); $str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
return $str; return $str;
} }
$bug = HTMLPurifier_Encoder::testIconvTruncateBug(); $bug = HTMLPurifier_Encoder::testIconvTruncateBug();
@ -450,8 +450,8 @@ class HTMLPurifier_Encoder
// Normal stuff // Normal stuff
$str = self::iconv('utf-8', $encoding . '//IGNORE', $str); $str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
return $str; return $str;
} elseif ($encoding === 'iso-8859-1') { } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
$str = utf8_decode($str); $str = mb_convert_encoding($str, 'ISO-8859-1', 'UTF-8');
return $str; return $str;
} }
trigger_error('Encoding not supported', E_USER_ERROR); trigger_error('Encoding not supported', E_USER_ERROR);

2
library/vendor/HTMLPurifier/EntityParser.php vendored
View File

@ -118,7 +118,7 @@ class HTMLPurifier_EntityParser
$entity = $matches[0]; $entity = $matches[0];
$hex_part = @$matches[1]; $hex_part = @$matches[1];
$dec_part = @$matches[2]; $dec_part = @$matches[2];
$named_part = empty($matches[3]) ? @$matches[4] : $matches[3]; $named_part = empty($matches[3]) ? (empty($matches[4]) ? "" : $matches[4]) : $matches[3];
if ($hex_part !== NULL && $hex_part !== "") { if ($hex_part !== NULL && $hex_part !== "") {
return HTMLPurifier_Encoder::unichr(hexdec($hex_part)); return HTMLPurifier_Encoder::unichr(hexdec($hex_part));
} elseif ($dec_part !== NULL && $dec_part !== "") { } elseif ($dec_part !== NULL && $dec_part !== "") {

7
library/vendor/HTMLPurifier/HTMLModule.php vendored
View File

@ -132,9 +132,9 @@ class HTMLPurifier_HTMLModule
* @param string $element Name of element to add * @param string $element Name of element to add
* @param string|bool $type What content set should element be registered to? * @param string|bool $type What content set should element be registered to?
* Set as false to skip this step. * Set as false to skip this step.
* @param string $contents Allowed children in form of: * @param string|HTMLPurifier_ChildDef $contents Allowed children in form of:
* "$content_model_type: $content_model" * "$content_model_type: $content_model"
* @param array $attr_includes What attribute collections to register to * @param array|string $attr_includes What attribute collections to register to
* element? * element?
* @param array $attr What unique attributes does the element define? * @param array $attr What unique attributes does the element define?
* @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters. * @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters.
@ -257,8 +257,9 @@ class HTMLPurifier_HTMLModule
*/ */
public function makeLookup($list) public function makeLookup($list)
{ {
$args = func_get_args();
if (is_string($list)) { if (is_string($list)) {
$list = func_get_args(); $list = $args;
} }
$ret = array(); $ret = array();
foreach ($list as $value) { foreach ($list as $value) {

1
library/vendor/HTMLPurifier/HTMLModule/CommonAttributes.php vendored
View File

@ -17,6 +17,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
'class' => 'Class', 'class' => 'Class',
'id' => 'ID', 'id' => 'ID',
'title' => 'CDATA', 'title' => 'CDATA',
'contenteditable' => 'ContentEditable',
), ),
'Lang' => array(), 'Lang' => array(),
'I18N' => array( 'I18N' => array(

4
library/vendor/HTMLPurifier/HTMLModule/Forms.php vendored
View File

@ -28,6 +28,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
*/ */
public function setup($config) public function setup($config)
{ {
if ($config->get('HTML.Forms')) {
$this->safe = true;
}
$form = $this->addElement( $form = $this->addElement(
'form', 'form',
'Form', 'Form',

4
library/vendor/HTMLPurifier/HTMLModule/SafeScripting.php vendored
View File

@ -23,13 +23,13 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
$script = $this->addElement( $script = $this->addElement(
'script', 'script',
'Inline', 'Inline',
'Empty', 'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html
null, null,
array( array(
// While technically not required by the spec, we're forcing // While technically not required by the spec, we're forcing
// it to this value. // it to this value.
'type' => 'Enum#text/javascript', 'type' => 'Enum#text/javascript',
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed)) 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
) )
); );
$script->attr_transform_pre[] = $script->attr_transform_pre[] =

5
library/vendor/HTMLPurifier/HTMLModule/Tidy.php vendored
View File

@ -146,10 +146,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
$type = "info_$type"; $type = "info_$type";
$e = $this; $e = $this;
} }
// PHP does some weird parsing when I do $e->{$type}[$attr] = $fix;
// $e->$type[$attr], so I have to assign a ref.
$f =& $e->$type;
$f[$attr] = $fix;
break; break;
case 'tag_transform': case 'tag_transform':
$this->info_tag_transform[$params['element']] = $fix; $this->info_tag_transform[$params['element']] = $fix;

5
library/vendor/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php vendored
View File

@ -96,6 +96,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @bgcolor for table, tr, td, th --------------------------------- // @bgcolor for table, tr, td, th ---------------------------------
$r['table@bgcolor'] = $r['table@bgcolor'] =
$r['tr@bgcolor'] =
$r['td@bgcolor'] = $r['td@bgcolor'] =
$r['th@bgcolor'] = $r['th@bgcolor'] =
new HTMLPurifier_AttrTransform_BgColor(); new HTMLPurifier_AttrTransform_BgColor();
@ -167,9 +168,11 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @vspace for img ------------------------------------------------ // @vspace for img ------------------------------------------------
$r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace'); $r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace');
// @width for hr, td, th ------------------------------------------ // @width for table, hr, td, th, col ------------------------------------------
$r['table@width'] =
$r['td@width'] = $r['td@width'] =
$r['th@width'] = $r['th@width'] =
$r['col@width'] =
$r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width'); $r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width');
return $r; return $r;

3
library/vendor/HTMLPurifier/Injector/Linkify.php vendored
View File

@ -40,6 +40,9 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
'/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu', '/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu',
$token->data, -1, PREG_SPLIT_DELIM_CAPTURE); $token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
if ($bits === false) {
return;
}
$token = array(); $token = array();

15
library/vendor/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php vendored
View File

@ -31,6 +31,16 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
*/ */
private $context; private $context;
/**
* @type SplObjectStorage
*/
private $markForDeletion;
public function __construct()
{
$this->markForDeletion = new SplObjectStorage();
}
public function prepare($config, $context) public function prepare($config, $context)
{ {
$this->attrValidator = new HTMLPurifier_AttrValidator(); $this->attrValidator = new HTMLPurifier_AttrValidator();
@ -64,7 +74,7 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') { if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
// Mark closing span tag for deletion // Mark closing span tag for deletion
$current->markForDeletion = true; $this->markForDeletion->attach($current);
// Delete open span tag // Delete open span tag
$token = false; $token = false;
} }
@ -75,7 +85,8 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
*/ */
public function handleEnd(&$token) public function handleEnd(&$token)
{ {
if ($token->markForDeletion) { if ($this->markForDeletion->contains($token)) {
$this->markForDeletion->detach($token);
$token = false; $token = false;
} }
} }

9
library/vendor/HTMLPurifier/Language/classes/en-x-test.php vendored
View File

@ -1,9 +0,0 @@
<?php
// private class for unit testing
class HTMLPurifier_Language_en_x_test extends HTMLPurifier_Language
{
}
// vim: et sw=4 sts=4

11
library/vendor/HTMLPurifier/Language/messages/en-x-test.php vendored
View File

@ -1,11 +0,0 @@
<?php
// private language message file for unit testing purposes
$fallback = 'en';
$messages = array(
'HTMLPurifier' => 'HTML Purifier X'
);
// vim: et sw=4 sts=4

12
library/vendor/HTMLPurifier/Language/messages/en-x-testmini.php vendored
View File

@ -1,12 +0,0 @@
<?php
// private language message file for unit testing purposes
// this language file has no class associated with it
$fallback = 'en';
$messages = array(
'HTMLPurifier' => 'HTML Purifier XNone'
);
// vim: et sw=4 sts=4

2
library/vendor/HTMLPurifier/Length.php vendored
View File

@ -78,7 +78,7 @@ class HTMLPurifier_Length
if ($this->n === '0' && $this->unit === false) { if ($this->n === '0' && $this->unit === false) {
return true; return true;
} }
if (!ctype_lower($this->unit)) { if ($this->unit === false || !ctype_lower($this->unit)) {
$this->unit = strtolower($this->unit); $this->unit = strtolower($this->unit);
} }
if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) { if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {

9
library/vendor/HTMLPurifier/Lexer.php vendored
View File

@ -48,6 +48,11 @@ class HTMLPurifier_Lexer
*/ */
public $tracksLineNumbers = false; public $tracksLineNumbers = false;
/**
* @type HTMLPurifier_EntityParser
*/
private $_entity_parser;
// -- STATIC ---------------------------------------------------------- // -- STATIC ----------------------------------------------------------
/** /**
@ -306,8 +311,8 @@ class HTMLPurifier_Lexer
{ {
// normalize newlines to \n // normalize newlines to \n
if ($config->get('Core.NormalizeNewlines')) { if ($config->get('Core.NormalizeNewlines')) {
$html = str_replace("\r\n", "\n", $html); $html = str_replace("\r\n", "\n", (string)$html);
$html = str_replace("\r", "\n", $html); $html = str_replace("\r", "\n", (string)$html);
} }
if ($config->get('HTML.Trusted')) { if ($config->get('HTML.Trusted')) {

22
library/vendor/HTMLPurifier/Lexer/DOMLex.php vendored
View File

@ -68,8 +68,18 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
$doc = new DOMDocument(); $doc = new DOMDocument();
$doc->encoding = 'UTF-8'; // theoretically, the above has this covered $doc->encoding = 'UTF-8'; // theoretically, the above has this covered
$options = 0;
if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
$options |= LIBXML_PARSEHUGE;
}
set_error_handler(array($this, 'muteErrorHandler')); set_error_handler(array($this, 'muteErrorHandler'));
// loadHTML() fails on PHP 5.3 when second parameter is given
if ($options) {
$doc->loadHTML($html, $options);
} else {
$doc->loadHTML($html); $doc->loadHTML($html);
}
restore_error_handler(); restore_error_handler();
$body = $doc->getElementsByTagName('html')->item(0)-> // <html> $body = $doc->getElementsByTagName('html')->item(0)-> // <html>
@ -133,11 +143,11 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
*/ */
protected function getTagName($node) protected function getTagName($node)
{ {
if (property_exists($node, 'tagName')) { if (isset($node->tagName)) {
return $node->tagName; return $node->tagName;
} else if (property_exists($node, 'nodeName')) { } else if (isset($node->nodeName)) {
return $node->nodeName; return $node->nodeName;
} else if (property_exists($node, 'localName')) { } else if (isset($node->localName)) {
return $node->localName; return $node->localName;
} }
return null; return null;
@ -150,11 +160,11 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
*/ */
protected function getData($node) protected function getData($node)
{ {
if (property_exists($node, 'data')) { if (isset($node->data)) {
return $node->data; return $node->data;
} else if (property_exists($node, 'nodeValue')) { } else if (isset($node->nodeValue)) {
return $node->nodeValue; return $node->nodeValue;
} else if (property_exists($node, 'textContent')) { } else if (isset($node->textContent)) {
return $node->textContent; return $node->textContent;
} }
return null; return null;

2
library/vendor/HTMLPurifier/Lexer/PH5P.php vendored
View File

@ -4410,7 +4410,7 @@ class HTML5TreeConstructer
foreach ($token['attr'] as $attr) { foreach ($token['attr'] as $attr) {
if (!$el->hasAttribute($attr['name'])) { if (!$el->hasAttribute($attr['name'])) {
$el->setAttribute($attr['name'], $attr['value']); $el->setAttribute($attr['name'], (string)$attr['value']);
} }
} }

4
library/vendor/HTMLPurifier/Printer/ConfigForm.php vendored
View File

@ -48,7 +48,7 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
$this->compress = $compress; $this->compress = $compress;
// initialize sub-printers // initialize sub-printers
$this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default(); $this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default();
$this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool(); $this->fields[HTMLPurifier_VarParser::C_BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
} }
/** /**
@ -339,7 +339,7 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer
$value = ''; $value = '';
} }
} }
if ($type === HTMLPurifier_VarParser::MIXED) { if ($type === HTMLPurifier_VarParser::C_MIXED) {
return 'Not supported'; return 'Not supported';
$value = serialize($value); $value = serialize($value);
} }

4
library/vendor/HTMLPurifier/Printer/HTMLDefinition.php vendored
View File

@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
$ret .= $this->element('caption', 'Doctype'); $ret .= $this->element('caption', 'Doctype');
$ret .= $this->row('Name', $doctype->name); $ret .= $this->row('Name', $doctype->name);
$ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No'); $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
$ret .= $this->row('Default Modules', implode($doctype->modules, ', ')); $ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
$ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', ')); $ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
$ret .= $this->end('table'); $ret .= $this->end('table');
return $ret; return $ret;
} }

1
library/vendor/HTMLPurifier/PropertyListIterator.php vendored
View File

@ -29,6 +29,7 @@ class HTMLPurifier_PropertyListIterator extends FilterIterator
/** /**
* @return bool * @return bool
*/ */
#[\ReturnTypeWillChange]
public function accept() public function accept()
{ {
$key = $this->getInnerIterator()->key(); $key = $this->getInnerIterator()->key();

14
library/vendor/HTMLPurifier/SOURCE vendored
View File

@ -1,10 +1,10 @@
GLOBIGNORE=$0; rm -rf * GLOBIGNORE=$0; rm -rf *
rm ../HTMLPurifier*.php rm ../HTMLPurifier*.php
curl https://codeload.github.com/ezyang/htmlpurifier/tar.gz/v4.10.0 -o htmlpurifier-4.10.0.tar.gz curl https://codeload.github.com/ezyang/htmlpurifier/tar.gz/v4.16.0 -o htmlpurifier-4.16.0.tar.gz
tar xzf htmlpurifier-4.10.0.tar.gz --strip-components 1 htmlpurifier-4.10.0/LICENSE tar xzf htmlpurifier-4.16.0.tar.gz --strip-components 1 htmlpurifier-4.16.0/LICENSE
tar xzf htmlpurifier-4.10.0.tar.gz --strip-components 1 htmlpurifier-4.10.0/VERSION tar xzf htmlpurifier-4.16.0.tar.gz --strip-components 1 htmlpurifier-4.16.0/VERSION
tar xzf htmlpurifier-4.10.0.tar.gz -C ../ --strip-components 2 htmlpurifier-4.10.0/library/HTMLPurifier.php tar xzf htmlpurifier-4.16.0.tar.gz -C ../ --strip-components 2 htmlpurifier-4.16.0/library/HTMLPurifier.php
tar xzf htmlpurifier-4.10.0.tar.gz -C ../ --strip-components 2 htmlpurifier-4.10.0/library/HTMLPurifier.autoload.php tar xzf htmlpurifier-4.16.0.tar.gz -C ../ --strip-components 2 htmlpurifier-4.16.0/library/HTMLPurifier.autoload.php
tar xzf htmlpurifier-4.10.0.tar.gz --strip-components 3 htmlpurifier-4.10.0/library/HTMLPurifier/* tar xzf htmlpurifier-4.16.0.tar.gz --wildcards --strip-components 3 htmlpurifier-4.16.0/library/HTMLPurifier/*
rm htmlpurifier-4.10.0.tar.gz rm htmlpurifier-4.16.0.tar.gz

1
library/vendor/HTMLPurifier/StringHash.php vendored
View File

@ -20,6 +20,7 @@ class HTMLPurifier_StringHash extends ArrayObject
* @param mixed $index * @param mixed $index
* @return mixed * @return mixed
*/ */
#[\ReturnTypeWillChange]
public function offsetGet($index) public function offsetGet($index)
{ {
$this->accessed[$index] = true; $this->accessed[$index] = true;

2
library/vendor/HTMLPurifier/URIFilter/HostBlacklist.php vendored
View File

@ -35,7 +35,7 @@ class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
public function filter(&$uri, $config, $context) public function filter(&$uri, $config, $context)
{ {
foreach ($this->blacklist as $blacklisted_host_fragment) { foreach ($this->blacklist as $blacklisted_host_fragment) {
if (strpos($uri->host, $blacklisted_host_fragment) !== false) { if ($uri->host !== null && strpos($uri->host, $blacklisted_host_fragment) !== false) {
return false; return false;
} }
} }

10
library/vendor/HTMLPurifier/URIFilter/Munge.php vendored
View File

@ -100,11 +100,11 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
$string = $uri->toString(); $string = $uri->toString();
// always available // always available
$this->replace['%s'] = $string; $this->replace['%s'] = $string;
$this->replace['%r'] = $context->get('EmbeddedURI', true); $this->replace['%r'] = $context->get('EmbeddedURI', true) ?: '';
$token = $context->get('CurrentToken', true); $token = $context->get('CurrentToken', true) ?: '';
$this->replace['%n'] = $token ? $token->name : null; $this->replace['%n'] = $token ? $token->name : '';
$this->replace['%m'] = $context->get('CurrentAttr', true); $this->replace['%m'] = $context->get('CurrentAttr', true) ?: '';
$this->replace['%p'] = $context->get('CurrentCSSProperty', true); $this->replace['%p'] = $context->get('CurrentCSSProperty', true) ?: '';
// not always available // not always available
if ($this->secretKey) { if ($this->secretKey) {
$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey); $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);

2
library/vendor/HTMLPurifier/VERSION vendored
View File

@ -1 +1 @@
4.10.0 4.15.0

32
library/vendor/HTMLPurifier/VarParser.php vendored
View File

@ -7,34 +7,34 @@
class HTMLPurifier_VarParser class HTMLPurifier_VarParser
{ {
const STRING = 1; const C_STRING = 1;
const ISTRING = 2; const ISTRING = 2;
const TEXT = 3; const TEXT = 3;
const ITEXT = 4; const ITEXT = 4;
const INT = 5; const C_INT = 5;
const FLOAT = 6; const C_FLOAT = 6;
const BOOL = 7; const C_BOOL = 7;
const LOOKUP = 8; const LOOKUP = 8;
const ALIST = 9; const ALIST = 9;
const HASH = 10; const HASH = 10;
const MIXED = 11; const C_MIXED = 11;
/** /**
* Lookup table of allowed types. Mainly for backwards compatibility, but * Lookup table of allowed types. Mainly for backwards compatibility, but
* also convenient for transforming string type names to the integer constants. * also convenient for transforming string type names to the integer constants.
*/ */
public static $types = array( public static $types = array(
'string' => self::STRING, 'string' => self::C_STRING,
'istring' => self::ISTRING, 'istring' => self::ISTRING,
'text' => self::TEXT, 'text' => self::TEXT,
'itext' => self::ITEXT, 'itext' => self::ITEXT,
'int' => self::INT, 'int' => self::C_INT,
'float' => self::FLOAT, 'float' => self::C_FLOAT,
'bool' => self::BOOL, 'bool' => self::C_BOOL,
'lookup' => self::LOOKUP, 'lookup' => self::LOOKUP,
'list' => self::ALIST, 'list' => self::ALIST,
'hash' => self::HASH, 'hash' => self::HASH,
'mixed' => self::MIXED 'mixed' => self::C_MIXED
); );
/** /**
@ -42,7 +42,7 @@ class HTMLPurifier_VarParser
* allowed value lists. * allowed value lists.
*/ */
public static $stringTypes = array( public static $stringTypes = array(
self::STRING => true, self::C_STRING => true,
self::ISTRING => true, self::ISTRING => true,
self::TEXT => true, self::TEXT => true,
self::ITEXT => true, self::ITEXT => true,
@ -74,7 +74,7 @@ class HTMLPurifier_VarParser
// These are basic checks, to make sure nothing horribly wrong // These are basic checks, to make sure nothing horribly wrong
// happened in our implementations. // happened in our implementations.
switch ($type) { switch ($type) {
case (self::STRING): case (self::C_STRING):
case (self::ISTRING): case (self::ISTRING):
case (self::TEXT): case (self::TEXT):
case (self::ITEXT): case (self::ITEXT):
@ -85,17 +85,17 @@ class HTMLPurifier_VarParser
$var = strtolower($var); $var = strtolower($var);
} }
return $var; return $var;
case (self::INT): case (self::C_INT):
if (!is_int($var)) { if (!is_int($var)) {
break; break;
} }
return $var; return $var;
case (self::FLOAT): case (self::C_FLOAT):
if (!is_float($var)) { if (!is_float($var)) {
break; break;
} }
return $var; return $var;
case (self::BOOL): case (self::C_BOOL):
if (!is_bool($var)) { if (!is_bool($var)) {
break; break;
} }
@ -119,7 +119,7 @@ class HTMLPurifier_VarParser
} }
} }
return $var; return $var;
case (self::MIXED): case (self::C_MIXED):
return $var; return $var;
default: default:
$this->errorInconsistent(get_class($this), $type); $this->errorInconsistent(get_class($this), $type);

10
library/vendor/HTMLPurifier/VarParser/Flexible.php vendored
View File

@ -23,23 +23,23 @@ class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
// Note: if code "breaks" from the switch, it triggers a generic // Note: if code "breaks" from the switch, it triggers a generic
// exception to be thrown. Specific errors can be specifically // exception to be thrown. Specific errors can be specifically
// done here. // done here.
case self::MIXED: case self::C_MIXED:
case self::ISTRING: case self::ISTRING:
case self::STRING: case self::C_STRING:
case self::TEXT: case self::TEXT:
case self::ITEXT: case self::ITEXT:
return $var; return $var;
case self::INT: case self::C_INT:
if (is_string($var) && ctype_digit($var)) { if (is_string($var) && ctype_digit($var)) {
$var = (int)$var; $var = (int)$var;
} }
return $var; return $var;
case self::FLOAT: case self::C_FLOAT:
if ((is_string($var) && is_numeric($var)) || is_int($var)) { if ((is_string($var) && is_numeric($var)) || is_int($var)) {
$var = (float)$var; $var = (float)$var;
} }
return $var; return $var;
case self::BOOL: case self::C_BOOL:
if (is_int($var) && ($var === 0 || $var === 1)) { if (is_int($var) && ($var === 0 || $var === 1)) {
$var = (bool)$var; $var = (bool)$var;
} elseif (is_string($var)) { } elseif (is_string($var)) {