Updated HTMLPurifier to 4.10.0

Source: http://htmlpurifier.org/releases/htmlpurifier-4.10.0-lite.zip
Release date: 2018-02-22
This commit is contained in:
Diogo Cordeiro 2019-04-16 01:11:54 +01:00
parent f89c052cf8
commit 1d529c021a
12 changed files with 92 additions and 34 deletions

View File

@ -0,0 +1,15 @@
<?php
/**
* @file
* Legacy autoloader for systems lacking spl_autoload_register
*
* Must be separate to prevent deprecation warning on PHP 7.2
*/
function __autoload($class)
{
return HTMLPurifier_Bootstrap::autoload($class);
}
// vim: et sw=4 sts=4

View File

@ -14,10 +14,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
spl_autoload_register('__autoload'); spl_autoload_register('__autoload');
} }
} elseif (!function_exists('__autoload')) { } elseif (!function_exists('__autoload')) {
function __autoload($class) require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php';
{
return HTMLPurifier_Bootstrap::autoload($class);
}
} }
if (ini_get('zend.ze1_compatibility_mode')) { if (ini_get('zend.ze1_compatibility_mode')) {

View File

@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run. * FILE, changes will be overwritten the next time the script is run.
* *
* @version 4.9.3 * @version 4.10.0
* *
* @warning * @warning
* You must *not* include any other HTML Purifier files before this file, * You must *not* include any other HTML Purifier files before this file,

View File

@ -19,7 +19,7 @@
*/ */
/* /*
HTML Purifier 4.9.3 - Standards Compliant HTML Filtering HTML Purifier 4.10.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
@ -58,12 +58,12 @@ class HTMLPurifier
* Version of HTML Purifier. * Version of HTML Purifier.
* @type string * @type string
*/ */
public $version = '4.9.3'; public $version = '4.10.0';
/** /**
* Constant with version of HTML Purifier. * Constant with version of HTML Purifier.
*/ */
const VERSION = '4.9.3'; const VERSION = '4.10.0';
/** /**
* Global configuration object. * Global configuration object.

View File

@ -97,7 +97,7 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
// PHP 5.3 and later support this functionality natively // PHP 5.3 and later support this functionality natively
if (function_exists('idn_to_ascii')) { if (function_exists('idn_to_ascii')) {
$string = idn_to_ascii($string); $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
// If we have Net_IDNA2 support, we can support IRIs by // If we have Net_IDNA2 support, we can support IRIs by
// punycoding them. (This is the most portable thing to do, // punycoding them. (This is the most portable thing to do,

View File

@ -21,7 +21,7 @@ class HTMLPurifier_Config
* HTML Purifier's version * HTML Purifier's version
* @type string * @type string
*/ */
public $version = '4.9.3'; public $version = '4.10.0';
/** /**
* Whether or not to automatically finalize * Whether or not to automatically finalize

View File

@ -217,9 +217,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
$directory = $this->generateDirectoryPath($config); $directory = $this->generateDirectoryPath($config);
$chmod = $config->get('Cache.SerializerPermissions'); $chmod = $config->get('Cache.SerializerPermissions');
if ($chmod === null) { if ($chmod === null) {
// TODO: This races if (!@mkdir($directory) && !is_dir($directory)) {
if (is_dir($directory)) return true; trigger_error(
return mkdir($directory); 'Could not create directory ' . $directory . '',
E_USER_WARNING
);
return false;
}
return true;
} }
if (!is_dir($directory)) { if (!is_dir($directory)) {
$base = $this->generateBaseDirectoryPath($config); $base = $this->generateBaseDirectoryPath($config);
@ -233,7 +238,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
} elseif (!$this->_testPermissions($base, $chmod)) { } elseif (!$this->_testPermissions($base, $chmod)) {
return false; return false;
} }
if (!mkdir($directory, $chmod)) { if (!@mkdir($directory, $chmod) && !is_dir($directory)) {
trigger_error( trigger_error(
'Could not create directory ' . $directory . '', 'Could not create directory ' . $directory . '',
E_USER_WARNING E_USER_WARNING

View File

@ -157,11 +157,13 @@ abstract class HTMLPurifier_Injector
return false; return false;
} }
// check for exclusion // check for exclusion
for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) { if (!empty($this->currentNesting)) {
$node = $this->currentNesting[$i]; for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
$def = $this->htmlDefinition->info[$node->name]; $node = $this->currentNesting[$i];
if (isset($def->excludes[$name])) { $def = $this->htmlDefinition->info[$node->name];
return false; if (isset($def->excludes[$name])) {
return false;
}
} }
} }
return true; return true;

View File

@ -26,12 +26,14 @@ class HTMLPurifier_Length
protected $isValid; protected $isValid;
/** /**
* Array Lookup array of units recognized by CSS 2.1 * Array Lookup array of units recognized by CSS 3
* @type array * @type array
*/ */
protected static $allowedUnits = array( protected static $allowedUnits = array(
'em' => true, 'ex' => true, 'px' => true, 'in' => true, 'em' => true, 'ex' => true, 'px' => true, 'in' => true,
'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true,
'ch' => true, 'rem' => true, 'vw' => true, 'vh' => true,
'vmin' => true, 'vmax' => true
); );
/** /**

View File

@ -126,6 +126,41 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
} while ($level > 0); } while ($level > 0);
} }
/**
* Portably retrieve the tag name of a node; deals with older versions
* of libxml like 2.7.6
* @param DOMNode $node
*/
protected function getTagName($node)
{
if (property_exists($node, 'tagName')) {
return $node->tagName;
} else if (property_exists($node, 'nodeName')) {
return $node->nodeName;
} else if (property_exists($node, 'localName')) {
return $node->localName;
}
return null;
}
/**
* Portably retrieve the data of a node; deals with older versions
* of libxml like 2.7.6
* @param DOMNode $node
*/
protected function getData($node)
{
if (property_exists($node, 'data')) {
return $node->data;
} else if (property_exists($node, 'nodeValue')) {
return $node->nodeValue;
} else if (property_exists($node, 'textContent')) {
return $node->textContent;
}
return null;
}
/** /**
* @param DOMNode $node DOMNode to be tokenized. * @param DOMNode $node DOMNode to be tokenized.
* @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens.
@ -141,7 +176,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
// but we're not getting the character reference nodes because // but we're not getting the character reference nodes because
// those should have been preprocessed // those should have been preprocessed
if ($node->nodeType === XML_TEXT_NODE) { if ($node->nodeType === XML_TEXT_NODE) {
$tokens[] = $this->factory->createText($node->data); $data = $this->getData($node); // Handle variable data property
if ($data !== null) {
$tokens[] = $this->factory->createText($data);
}
return false; return false;
} elseif ($node->nodeType === XML_CDATA_SECTION_NODE) { } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) {
// undo libxml's special treatment of <script> and <style> tags // undo libxml's special treatment of <script> and <style> tags
@ -171,21 +209,20 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
// not-well tested: there may be other nodes we have to grab // not-well tested: there may be other nodes we have to grab
return false; return false;
} }
$attr = $node->hasAttributes() ? $this->transformAttrToAssoc($node->attributes) : array(); $attr = $node->hasAttributes() ? $this->transformAttrToAssoc($node->attributes) : array();
$tag_name = $this->getTagName($node); // Handle variable tagName property
if (empty($tag_name)) {
return (bool) $node->childNodes->length;
}
// We still have to make sure that the element actually IS empty // We still have to make sure that the element actually IS empty
if (!$node->childNodes->length) { if (!$node->childNodes->length) {
if ($collect) { if ($collect) {
$tokens[] = $this->factory->createEmpty($node->tagName, $attr); $tokens[] = $this->factory->createEmpty($tag_name, $attr);
} }
return false; return false;
} else { } else {
if ($collect) { if ($collect) {
$tokens[] = $this->factory->createStart( $tokens[] = $this->factory->createStart($tag_name, $attr);
$tag_name = $node->tagName, // somehow, it get's dropped
$attr
);
} }
return true; return true;
} }
@ -197,10 +234,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
*/ */
protected function createEndNode($node, &$tokens) protected function createEndNode($node, &$tokens)
{ {
$tokens[] = $this->factory->createEnd($node->tagName); $tag_name = $this->getTagName($node); // Handle variable tagName property
$tokens[] = $this->factory->createEnd($tag_name);
} }
/** /**
* Converts a DOMNamedNodeMap of DOMAttr objects into an assoc array. * Converts a DOMNamedNodeMap of DOMAttr objects into an assoc array.
* *

View File

@ -1507,7 +1507,7 @@ class HTML5
$entity = $this->character($start, $this->char); $entity = $this->character($start, $this->char);
$cond = strlen($e_name) > 0; $cond = strlen($e_name) > 0;
// The rest of the parsing happens bellow. // The rest of the parsing happens below.
break; break;
// Anything else // Anything else
@ -1535,7 +1535,7 @@ class HTML5
} }
$cond = isset($entity); $cond = isset($entity);
// The rest of the parsing happens bellow. // The rest of the parsing happens below.
break; break;
} }

View File

@ -1 +1 @@
4.9.3 4.10.0