Context Navigation

HTMLDefinition.php @ 21

Revision 21, 15.4 kB (checked in by admin, 18 years ago)

Rev	Line
[21]	1	<?php
	2
	3	/**
	4	* Definition of the purified HTML that describes allowed children,
	5	* attributes, and many other things.
	6	*
	7	* Conventions:
	8	*
	9	* All member variables that are prefixed with info
	10	* (including the main $info array) are used by HTML Purifier internals
	11	* and should not be directly edited when customizing the HTMLDefinition.
	12	* They can usually be set via configuration directives or custom
	13	* modules.
	14	*
	15	* On the other hand, member variables without the info prefix are used
	16	* internally by the HTMLDefinition and MUST NOT be used by other HTML
	17	* Purifier internals. Many of them, however, are public, and may be
	18	* edited by userspace code to tweak the behavior of HTMLDefinition.
	19	*
	20	* @note This class is inspected by Printer_HTMLDefinition; please
	21	* update that class if things here change.
	22	*
	23	* @warning Directives that change this object's structure must be in
	24	* the HTML or Attr namespace!
	25	*/
	26	class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
	27	{
	28
	29	// FULLY-PUBLIC VARIABLES ---------------------------------------------
	30
	31	/**
	32	* Associative array of element names to HTMLPurifier_ElementDef
	33	*/
	34	public $info = array();
	35
	36	/**
	37	* Associative array of global attribute name to attribute definition.
	38	*/
	39	public $info_global_attr = array();
	40
	41	/**
	42	* String name of parent element HTML will be going into.
	43	*/
	44	public $info_parent = 'div';
	45
	46	/**
	47	* Definition for parent element, allows parent element to be a
	48	* tag that's not allowed inside the HTML fragment.
	49	*/
	50	public $info_parent_def;
	51
	52	/**
	53	* String name of element used to wrap inline elements in block context
	54	* @note This is rarely used except for BLOCKQUOTEs in strict mode
	55	*/
	56	public $info_block_wrapper = 'p';
	57
	58	/**
	59	* Associative array of deprecated tag name to HTMLPurifier_TagTransform
	60	*/
	61	public $info_tag_transform = array();
	62
	63	/**
	64	* Indexed list of HTMLPurifier_AttrTransform to be performed before validation.
	65	*/
	66	public $info_attr_transform_pre = array();
	67
	68	/**
	69	* Indexed list of HTMLPurifier_AttrTransform to be performed after validation.
	70	*/
	71	public $info_attr_transform_post = array();
	72
	73	/**
	74	* Nested lookup array of content set name (Block, Inline) to
	75	* element name to whether or not it belongs in that content set.
	76	*/
	77	public $info_content_sets = array();
	78
	79	/**
	80	* Doctype object
	81	*/
	82	public $doctype;
	83
	84
	85
	86	// RAW CUSTOMIZATION STUFF --------------------------------------------
	87
	88	/**
	89	* Adds a custom attribute to a pre-existing element
	90	* @note This is strictly convenience, and does not have a corresponding
	91	* method in HTMLPurifier_HTMLModule
	92	* @param $element_name String element name to add attribute to
	93	* @param $attr_name String name of attribute
	94	* @param $def Attribute definition, can be string or object, see
	95	* HTMLPurifier_AttrTypes for details
	96	*/
	97	public function addAttribute($element_name, $attr_name, $def) {
	98	$module = $this->getAnonymousModule();
	99	if (!isset($module->info[$element_name])) {
	100	$element = $module->addBlankElement($element_name);
	101	} else {
	102	$element = $module->info[$element_name];
	103	}
	104	$element->attr[$attr_name] = $def;
	105	}
	106
	107	/**
	108	* Adds a custom element to your HTML definition
	109	* @note See HTMLPurifier_HTMLModule::addElement for detailed
	110	* parameter and return value descriptions.
	111	*/
	112	public function addElement($element_name, $type, $contents, $attr_collections, $attributes) {
	113	$module = $this->getAnonymousModule();
	114	// assume that if the user is calling this, the element
	115	// is safe. This may not be a good idea
	116	$element = $module->addElement($element_name, $type, $contents, $attr_collections, $attributes);
	117	return $element;
	118	}
	119
	120	/**
	121	* Adds a blank element to your HTML definition, for overriding
	122	* existing behavior
	123	* @note See HTMLPurifier_HTMLModule::addBlankElement for detailed
	124	* parameter and return value descriptions.
	125	*/
	126	public function addBlankElement($element_name) {
	127	$module = $this->getAnonymousModule();
	128	$element = $module->addBlankElement($element_name);
	129	return $element;
	130	}
	131
	132	/**
	133	* Retrieves a reference to the anonymous module, so you can
	134	* bust out advanced features without having to make your own
	135	* module.
	136	*/
	137	public function getAnonymousModule() {
	138	if (!$this->_anonModule) {
	139	$this->_anonModule = new HTMLPurifier_HTMLModule();
	140	$this->_anonModule->name = 'Anonymous';
	141	}
	142	return $this->_anonModule;
	143	}
	144
	145	private $_anonModule;
	146
	147
	148	// PUBLIC BUT INTERNAL VARIABLES --------------------------------------
	149
	150	public $type = 'HTML';
	151	public $manager; /*< Instance of HTMLPurifier_HTMLModuleManager /
	152
	153	/**
	154	* Performs low-cost, preliminary initialization.
	155	*/
	156	public function __construct() {
	157	$this->manager = new HTMLPurifier_HTMLModuleManager();
	158	}
	159
	160	protected function doSetup($config) {
	161	$this->processModules($config);
	162	$this->setupConfigStuff($config);
	163	unset($this->manager);
	164
	165	// cleanup some of the element definitions
	166	foreach ($this->info as $k => $v) {
	167	unset($this->info[$k]->content_model);
	168	unset($this->info[$k]->content_model_type);
	169	}
	170	}
	171
	172	/**
	173	* Extract out the information from the manager
	174	*/
	175	protected function processModules($config) {
	176
	177	if ($this->_anonModule) {
	178	// for user specific changes
	179	// this is late-loaded so we don't have to deal with PHP4
	180	// reference wonky-ness
	181	$this->manager->addModule($this->_anonModule);
	182	unset($this->_anonModule);
	183	}
	184
	185	$this->manager->setup($config);
	186	$this->doctype = $this->manager->doctype;
	187
	188	foreach ($this->manager->modules as $module) {
	189	foreach($module->info_tag_transform as $k => $v) {
	190	if ($v === false) unset($this->info_tag_transform[$k]);
	191	else $this->info_tag_transform[$k] = $v;
	192	}
	193	foreach($module->info_attr_transform_pre as $k => $v) {
	194	if ($v === false) unset($this->info_attr_transform_pre[$k]);
	195	else $this->info_attr_transform_pre[$k] = $v;
	196	}
	197	foreach($module->info_attr_transform_post as $k => $v) {
	198	if ($v === false) unset($this->info_attr_transform_post[$k]);
	199	else $this->info_attr_transform_post[$k] = $v;
	200	}
	201	}
	202
	203	$this->info = $this->manager->getElements();
	204	$this->info_content_sets = $this->manager->contentSets->lookup;
	205
	206	}
	207
	208	/**
	209	* Sets up stuff based on config. We need a better way of doing this.
	210	*/
	211	protected function setupConfigStuff($config) {
	212
	213	$block_wrapper = $config->get('HTML', 'BlockWrapper');
	214	if (isset($this->info_content_sets['Block'][$block_wrapper])) {
	215	$this->info_block_wrapper = $block_wrapper;
	216	} else {
	217	trigger_error('Cannot use non-block element as block wrapper',
	218	E_USER_ERROR);
	219	}
	220
	221	$parent = $config->get('HTML', 'Parent');
	222	$def = $this->manager->getElement($parent, true);
	223	if ($def) {
	224	$this->info_parent = $parent;
	225	$this->info_parent_def = $def;
	226	} else {
	227	trigger_error('Cannot use unrecognized element as parent',
	228	E_USER_ERROR);
	229	$this->info_parent_def = $this->manager->getElement($this->info_parent, true);
	230	}
	231
	232	// support template text
	233	$support = "(for information on implementing this, see the ".
	234	"support forums) ";
	235
	236	// setup allowed elements -----------------------------------------
	237
	238	$allowed_elements = $config->get('HTML', 'AllowedElements');
	239	$allowed_attributes = $config->get('HTML', 'AllowedAttributes'); // retrieve early
	240
	241	if (!is_array($allowed_elements) && !is_array($allowed_attributes)) {
	242	$allowed = $config->get('HTML', 'Allowed');
	243	if (is_string($allowed)) {
	244	list($allowed_elements, $allowed_attributes) = $this->parseTinyMCEAllowedList($allowed);
	245	}
	246	}
	247
	248	if (is_array($allowed_elements)) {
	249	foreach ($this->info as $name => $d) {
	250	if(!isset($allowed_elements[$name])) unset($this->info[$name]);
	251	unset($allowed_elements[$name]);
	252	}
	253	// emit errors
	254	foreach ($allowed_elements as $element => $d) {
	255	$element = htmlspecialchars($element); // PHP doesn't escape errors, be careful!
	256	trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
	257	}
	258	}
	259
	260	// setup allowed attributes ---------------------------------------
	261
	262	$allowed_attributes_mutable = $allowed_attributes; // by copy!
	263	if (is_array($allowed_attributes)) {
	264
	265	// This actually doesn't do anything, since we went away from
	266	// global attributes. It's possible that userland code uses
	267	// it, but HTMLModuleManager doesn't!
	268	foreach ($this->info_global_attr as $attr => $x) {
	269	$keys = array($attr, "@$attr", ".$attr");
	270	$delete = true;
	271	foreach ($keys as $key) {
	272	if ($delete && isset($allowed_attributes[$key])) {
	273	$delete = false;
	274	}
	275	if (isset($allowed_attributes_mutable[$key])) {
	276	unset($allowed_attributes_mutable[$key]);
	277	}
	278	}
	279	if ($delete) unset($this->info_global_attr[$attr]);
	280	}
	281
	282	foreach ($this->info as $tag => $info) {
	283	foreach ($info->attr as $attr => $x) {
	284	$keys = array("$tag@$attr", $attr, "@$attr", "$tag.$attr", ".$attr");
	285	$delete = true;
	286	foreach ($keys as $key) {
	287	if ($delete && isset($allowed_attributes[$key])) {
	288	$delete = false;
	289	}
	290	if (isset($allowed_attributes_mutable[$key])) {
	291	unset($allowed_attributes_mutable[$key]);
	292	}
	293	}
	294	if ($delete) unset($this->info[$tag]->attr[$attr]);
	295	}
	296	}
	297	// emit errors
	298	foreach ($allowed_attributes_mutable as $elattr => $d) {
	299	$bits = preg_split('/[.@]/', $elattr, 2);
	300	$c = count($bits);
	301	switch ($c) {
	302	case 2:
	303	if ($bits[0] !== '*') {
	304	$element = htmlspecialchars($bits[0]);
	305	$attribute = htmlspecialchars($bits[1]);
	306	if (!isset($this->info[$element])) {
	307	trigger_error("Cannot allow attribute '$attribute' if element '$element' is not allowed/supported $support");
	308	} else {
	309	trigger_error("Attribute '$attribute' in element '$element' not supported $support",
	310	E_USER_WARNING);
	311	}
	312	break;
	313	}
	314	// otherwise fall through
	315	case 1:
	316	$attribute = htmlspecialchars($bits[0]);
	317	trigger_error("Global attribute '$attribute' is not ".
	318	"supported in any elements $support",
	319	E_USER_WARNING);
	320	break;
	321	}
	322	}
	323
	324	}
	325
	326	// setup forbidden elements ---------------------------------------
	327
	328	$forbidden_elements = $config->get('HTML', 'ForbiddenElements');
	329	$forbidden_attributes = $config->get('HTML', 'ForbiddenAttributes');
	330
	331	foreach ($this->info as $tag => $info) {
	332	if (isset($forbidden_elements[$tag])) {
	333	unset($this->info[$tag]);
	334	continue;
	335	}
	336	foreach ($info->attr as $attr => $x) {
	337	if (
	338	isset($forbidden_attributes["$tag@$attr"]) \|\|
	339	isset($forbidden_attributes["*@$attr"]) \|\|
	340	isset($forbidden_attributes[$attr])
	341	) {
	342	unset($this->info[$tag]->attr[$attr]);
	343	continue;
	344	} // this segment might get removed eventually
	345	elseif (isset($forbidden_attributes["$tag.$attr"])) {
	346	// $tag.$attr are not user supplied, so no worries!
	347	trigger_error("Error with $tag.$attr: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead", E_USER_WARNING);
	348	}
	349	}
	350	}
	351	foreach ($forbidden_attributes as $key => $v) {
	352	if (strlen($key) < 2) continue;
	353	if ($key[0] != '*') continue;
	354	if ($key[1] == '.') {
	355	trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
	356	}
	357	}
	358
	359	}
	360
	361	/**
	362	* Parses a TinyMCE-flavored Allowed Elements and Attributes list into
	363	* separate lists for processing. Format is element[attr1\|attr2],element2...
	364	* @warning Although it's largely drawn from TinyMCE's implementation,
	365	* it is different, and you'll probably have to modify your lists
	366	* @param $list String list to parse
	367	* @param array($allowed_elements, $allowed_attributes)
	368	* @todo Give this its own class, probably static interface
	369	*/
	370	public function parseTinyMCEAllowedList($list) {
	371
	372	$list = str_replace(array(' ', "\t"), '', $list);
	373
	374	$elements = array();
	375	$attributes = array();
	376
	377	$chunks = preg_split('/(,\|[\n\r]+)/', $list);
	378	foreach ($chunks as $chunk) {
	379	if (empty($chunk)) continue;
	380	// remove TinyMCE element control characters
	381	if (!strpos($chunk, '[')) {
	382	$element = $chunk;
	383	$attr = false;
	384	} else {
	385	list($element, $attr) = explode('[', $chunk);
	386	}
	387	if ($element !== '*') $elements[$element] = true;
	388	if (!$attr) continue;
	389	$attr = substr($attr, 0, strlen($attr) - 1); // remove trailing ]
	390	$attr = explode('\|', $attr);
	391	foreach ($attr as $key) {
	392	$attributes["$element.$key"] = true;
	393	}
	394	}
	395
	396	return array($elements, $attributes);
	397
	398	}
	399
	400
	401	}
	402
	403

Note: See TracBrowser for help on using the browser.

Context Navigation

root/afridex/plugins/Flutter/purifier_lib/HTMLPurifier/HTMLDefinition.php @ 21

Download in other formats: