Accueil Explorer Aide
Connexion
bianjunhui
/
raffle
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 68223bad16
Branches Tags
raffle
/
vendor
/
ezyang
/
htmlpurifier
/
library
/
HTMLPurifier
/
AttrDef.php

AttrDef.php 5.1 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Base class for all validating attribute definitions.
    5. 

  5.  *
    6. 

  6.  * This family of classes forms the core for not only HTML attribute validation,
    7. 

  7.  * but also any sort of string that needs to be validated or cleaned (which
    8. 

  8.  * means CSS properties and composite definitions are defined here too).
    9. 

  9.  * Besides defining (through code) what precisely makes the string valid,
    10. 

  10.  * subclasses are also responsible for cleaning the code if possible.
    11. 

  11.  */
    12. 

  12. 

  13. abstract class HTMLPurifier_AttrDef
    14. 

  14. {
    15. 

  15. 

  16.     /**
    17. 

  17.      * Tells us whether or not an HTML attribute is minimized.
    18. 

  18.      * Has no meaning in other contexts.
    19. 

  19.      * @type bool
    20. 

  20.      */
    21. 

  21.     public $minimized = false;
    22. 

  22. 

  23.     /**
    24. 

  24.      * Tells us whether or not an HTML attribute is required.
    25. 

  25.      * Has no meaning in other contexts
    26. 

  26.      * @type bool
    27. 

  27.      */
    28. 

  28.     public $required = false;
    29. 

  29. 

  30.     /**
    31. 

  31.      * Validates and cleans passed string according to a definition.
    32. 

  32.      *
    33. 

  33.      * @param string $string String to be validated and cleaned.
    34. 

  34.      * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
    35. 

  35.      * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.
    36. 

  36.      */
    37. 

  37.     abstract public function validate($string, $config, $context);
    38. 

  38. 

  39.     /**
    40. 

  40.      * Convenience method that parses a string as if it were CDATA.
    41. 

  41.      *
    42. 

  42.      * This method process a string in the manner specified at
    43. 

  43.      * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
    44. 

  44.      * leading and trailing whitespace, ignoring line feeds, and replacing
    45. 

  45.      * carriage returns and tabs with spaces.  While most useful for HTML
    46. 

  46.      * attributes specified as CDATA, it can also be applied to most CSS
    47. 

  47.      * values.
    48. 

  48.      *
    49. 

  49.      * @note This method is not entirely standards compliant, as trim() removes
    50. 

  50.      *       more types of whitespace than specified in the spec. In practice,
    51. 

  51.      *       this is rarely a problem, as those extra characters usually have
    52. 

  52.      *       already been removed by HTMLPurifier_Encoder.
    53. 

  53.      *
    54. 

  54.      * @warning This processing is inconsistent with XML's whitespace handling
    55. 

  55.      *          as specified by section 3.3.3 and referenced XHTML 1.0 section
    56. 

  56.      *          4.7.  However, note that we are NOT necessarily
    57. 

  57.      *          parsing XML, thus, this behavior may still be correct. We
    58. 

  58.      *          assume that newlines have been normalized.
    59. 

  59.      */
    60. 

  60.     public function parseCDATA($string)
    61. 

  61.     {
    62. 

  62.         $string = trim($string);
    63. 

  63.         $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
    64. 

  64.         return $string;
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * Factory method for creating this class from a string.
    69. 

  69.      * @param string $string String construction info
    70. 

  70.      * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string
    71. 

  71.      */
    72. 

  72.     public function make($string)
    73. 

  73.     {
    74. 

  74.         // default implementation, return a flyweight of this object.
    75. 

  75.         // If $string has an effect on the returned object (i.e. you
    76. 

  76.         // need to overload this method), it is best
    77. 

  77.         // to clone or instantiate new copies. (Instantiation is safer.)
    78. 

  78.         return $this;
    79. 

  79.     }
    80. 

  80. 

  81.     /**
    82. 

  82.      * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
    83. 

  83.      * properly. THIS IS A HACK!
    84. 

  84.      * @param string $string a CSS colour definition
    85. 

  85.      * @return string
    86. 

  86.      */
    87. 

  87.     protected function mungeRgb($string)
    88. 

  88.     {
    89. 

  89.         $p = '\s*(\d+(\.\d+)?([%]?))\s*';
    90. 

  90. 

  91.         if (preg_match('/(rgba|hsla)\(/', $string)) {
    92. 

  92.             return preg_replace('/(rgba|hsla)\('.$p.','.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8,\11)', $string);
    93. 

  93.         }
    94. 

  94. 

  95.         return preg_replace('/(rgb|hsl)\('.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8)', $string);
    96. 

  96.     }
    97. 

  97. 

  98.     /**
    99. 

  99.      * Parses a possibly escaped CSS string and returns the "pure"
    100. 

  100.      * version of it.
    101. 

  101.      */
    102. 

  102.     protected function expandCSSEscape($string)
    103. 

  103.     {
    104. 

  104.         // flexibly parse it
    105. 

  105.         $ret = '';
    106. 

  106.         for ($i = 0, $c = strlen($string); $i < $c; $i++) {
    107. 

  107.             if ($string[$i] === '\\') {
    108. 

  108.                 $i++;
    109. 

  109.                 if ($i >= $c) {
    110. 

  110.                     $ret .= '\\';
    111. 

  111.                     break;
    112. 

  112.                 }
    113. 

  113.                 if (ctype_xdigit($string[$i])) {
    114. 

  114.                     $code = $string[$i];
    115. 

  115.                     for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
    116. 

  116.                         if (!ctype_xdigit($string[$i])) {
    117. 

  117.                             break;
    118. 

  118.                         }
    119. 

  119.                         $code .= $string[$i];
    120. 

  120.                     }
    121. 

  121.                     // We have to be extremely careful when adding
    122. 

  122.                     // new characters, to make sure we're not breaking
    123. 

  123.                     // the encoding.
    124. 

  124.                     $char = HTMLPurifier_Encoder::unichr(hexdec($code));
    125. 

  125.                     if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
    126. 

  126.                         continue;
    127. 

  127.                     }
    128. 

  128.                     $ret .= $char;
    129. 

  129.                     if ($i < $c && trim($string[$i]) !== '') {
    130. 

  130.                         $i--;
    131. 

  131.                     }
    132. 

  132.                     continue;
    133. 

  133.                 }
    134. 

  134.                 if ($string[$i] === "\n") {
    135. 

  135.                     continue;
    136. 

  136.                 }
    137. 

  137.             }
    138. 

  138.             $ret .= $string[$i];
    139. 

  139.         }
    140. 

  140.         return $ret;
    141. 

  141.     }
    142. 

  142. }
    143. 

  143. 

  144. // vim: et sw=4 sts=4
    145.