From 903ae8a581fac1e6917fc3e31d2ad8fb91df80c3 Mon Sep 17 00:00:00 2001 From: ctrlaltca <> Date: Thu, 12 Jul 2012 11:21:01 +0000 Subject: standardize the use of unix eol; use svn properties to enforce native eol --- framework/3rdParty/SafeHtml/HTMLSax3.php | 1388 ++++++++++---------- .../3rdParty/SafeHtml/HTMLSax3/Decorators.php | 724 +++++----- framework/3rdParty/SafeHtml/HTMLSax3/States.php | 574 ++++---- framework/3rdParty/SafeHtml/TSafeHtmlParser.php | 1344 +++++++++---------- 4 files changed, 2015 insertions(+), 2015 deletions(-) (limited to 'framework/3rdParty/SafeHtml') diff --git a/framework/3rdParty/SafeHtml/HTMLSax3.php b/framework/3rdParty/SafeHtml/HTMLSax3.php index 1be7aede..80d166e9 100644 --- a/framework/3rdParty/SafeHtml/HTMLSax3.php +++ b/framework/3rdParty/SafeHtml/HTMLSax3.php @@ -1,695 +1,695 @@ - Original port from Python | -// | Authors: Harry Fuecks Port to PEAR + more | -// | Authors: Many @ Sitepointforums Advanced PHP Forums | -// +----------------------------------------------------------------------+ -// -// $Id$ -// -/** -* Main parser components -* @package System.Security.SafeHtml -* @version $Id$ -*/ -/** -* Required classes -*/ - -require_once(dirname(__FILE__).'/HTMLSax3/States.php'); -require_once(dirname(__FILE__).'/HTMLSax3/Decorators.php'); - -/** -* Base State Parser -* @package System.Security.SafeHtml -* @access protected -* @abstract -*/ -class TSax3_StateParser { - /** - * Instance of user front end class to be passed to callbacks - * @var TSax3 - * @access private - */ - public $htmlsax; - /** - * User defined object for handling elements - * @var object - * @access private - */ - public $handler_object_element; - /** - * User defined open tag handler method - * @var string - * @access private - */ - public $handler_method_opening; - /** - * User defined close tag handler method - * @var string - * @access private - */ - public $handler_method_closing; - /** - * User defined object for handling data in elements - * @var object - * @access private - */ - public $handler_object_data; - /** - * User defined data handler method - * @var string - * @access private - */ - public $handler_method_data; - /** - * User defined object for handling processing instructions - * @var object - * @access private - */ - public $handler_object_pi; - /** - * User defined processing instruction handler method - * @var string - * @access private - */ - public $handler_method_pi; - /** - * User defined object for handling JSP/ASP tags - * @var object - * @access private - */ - public $handler_object_jasp; - /** - * User defined JSP/ASP handler method - * @var string - * @access private - */ - public $handler_method_jasp; - /** - * User defined object for handling XML escapes - * @var object - * @access private - */ - public $handler_object_escape; - /** - * User defined XML escape handler method - * @var string - * @access private - */ - public $handler_method_escape; - /** - * User defined handler object or NullHandler - * @var object - * @access private - */ - public $handler_default; - /** - * Parser options determining parsing behavior - * @var array - * @access private - */ - protected $parser_options = array(); - /** - * XML document being parsed - * @var string - * @access private - */ - protected $rawtext; - /** - * Position in XML document relative to start (0) - * @var int - * @access private - */ - protected $position; - /** - * Length of the XML document in characters - * @var int - * @access private - */ - protected $length; - /** - * Array of state objects - * @var array - * @access private - */ - protected $State = array(); - - const TSAX3_STATE_STOP = 0; - const TSAX3_STATE_START = 1; - const TSAX3_STATE_TAG = 2; - const TSAX3_STATE_OPENING_TAG = 3; - const TSAX3_STATE_CLOSING_TAG = 4; - const TSAX3_STATE_ESCAPE = 6; - const TSAX3_STATE_JASP = 7; - const TSAX3_STATE_PI = 8; - - /** - * Constructs TSax3_StateParser setting up states - * @var TSax3 instance of user front end class - * @access protected - */ - protected function __construct($htmlsax) { - $this->htmlsax = $htmlsax; - $this->State[self::TSAX3_STATE_START] = new TSax3_StartingState(); - - $this->State[self::TSAX3_STATE_CLOSING_TAG] = new TSax3_ClosingTagState(); - $this->State[self::TSAX3_STATE_TAG] = new TSax3_TagState(); - $this->State[self::TSAX3_STATE_OPENING_TAG] = new TSax3_OpeningTagState(); - - $this->State[self::TSAX3_STATE_PI] = new TSax3_PiState(); - $this->State[self::TSAX3_STATE_JASP] = new TSax3_JaspState(); - $this->State[self::TSAX3_STATE_ESCAPE] = new TSax3_EscapeState(); - } - - /** - * Moves the position back one character - * @access protected - * @return void - */ - function unscanCharacter() { - $this->position -= 1; - } - - /** - * Moves the position forward one character - * @access protected - * @return void - */ - function ignoreCharacter() { - $this->position += 1; - } - - /** - * Returns the next character from the XML document or void if at end - * @access protected - * @return mixed - */ - function scanCharacter() { - if ($this->position < $this->length) { - return $this->rawtext{$this->position++}; - } - } - - /** - * Returns a string from the current position to the next occurance - * of the supplied string - * @param string string to search until - * @access protected - * @return string - */ - function scanUntilString($string) { - $start = $this->position; - $this->position = strpos($this->rawtext, $string, $start); - if ($this->position === FALSE) { - $this->position = $this->length; - } - return substr($this->rawtext, $start, $this->position - $start); - } - - /** - * Returns a string from the current position until the first instance of - * one of the characters in the supplied string argument - * @param string string to search until - * @access protected - * @return string - * @abstract - */ - function scanUntilCharacters($string) {} - - /** - * Moves the position forward past any whitespace characters - * @access protected - * @return void - * @abstract - */ - function ignoreWhitespace() {} - - /** - * Begins the parsing operation, setting up any decorators, depending on - * parse options invoking _parse() to execute parsing - * @param string XML document to parse - * @access protected - * @return void - */ - function parse($data) { - if ($this->parser_options['XML_OPTION_TRIM_DATA_NODES']==1) { - $decorator = new TSax3_Trim( - $this->handler_object_data, - $this->handler_method_data); - $this->handler_object_data =& $decorator; - $this->handler_method_data = 'trimData'; - } - if ($this->parser_options['XML_OPTION_CASE_FOLDING']==1) { - $open_decor = new TSax3_CaseFolding( - $this->handler_object_element, - $this->handler_method_opening, - $this->handler_method_closing); - $this->handler_object_element =& $open_decor; - $this->handler_method_opening ='foldOpen'; - $this->handler_method_closing ='foldClose'; - } - if ($this->parser_options['XML_OPTION_LINEFEED_BREAK']==1) { - $decorator = new TSax3_Linefeed( - $this->handler_object_data, - $this->handler_method_data); - $this->handler_object_data =& $decorator; - $this->handler_method_data = 'breakData'; - } - if ($this->parser_options['XML_OPTION_TAB_BREAK']==1) { - $decorator = new TSax3_Tab( - $this->handler_object_data, - $this->handler_method_data); - $this->handler_object_data =& $decorator; - $this->handler_method_data = 'breakData'; - } - if ($this->parser_options['XML_OPTION_ENTITIES_UNPARSED']==1) { - $decorator = new TSax3_Entities_Unparsed( - $this->handler_object_data, - $this->handler_method_data); - $this->handler_object_data =& $decorator; - $this->handler_method_data = 'breakData'; - } - if ($this->parser_options['XML_OPTION_ENTITIES_PARSED']==1) { - $decorator = new TSax3_Entities_Parsed( - $this->handler_object_data, - $this->handler_method_data); - $this->handler_object_data =& $decorator; - $this->handler_method_data = 'breakData'; - } - // Note switched on by default - if ($this->parser_options['XML_OPTION_STRIP_ESCAPES']==1) { - $decorator = new TSax3_Escape_Stripper( - $this->handler_object_escape, - $this->handler_method_escape); - $this->handler_object_escape =& $decorator; - $this->handler_method_escape = 'strip'; - } - $this->rawtext = $data; - $this->length = strlen($data); - $this->position = 0; - $this->_parse(); - } - - /** - * Performs the parsing itself, delegating calls to a specific parser - * state - * @param constant state object to parse with - * @access protected - * @return void - */ - function _parse($state = self::TSAX3_STATE_START) { - do { - $state = $this->State[$state]->parse($this); - } while ($state != self::TSAX3_STATE_STOP && - $this->position < $this->length); - } -} - -/** -* Parser for PHP Versions below 4.3.0. Uses a slower parsing mechanism than -* the equivalent PHP 4.3.0+ subclass of StateParser -* @package System.Security.SafeHtml -* @access protected -* @see TSax3_StateParser_Gtet430 -*/ -class TSax3_StateParser_Lt430 extends TSax3_StateParser { - /** - * Constructs TSax3_StateParser_Lt430 defining available - * parser options - * @var TSax3 instance of user front end class - * @access protected - */ - function __construct(& $htmlsax) { - parent::__construct($htmlsax); - $this->parser_options['XML_OPTION_TRIM_DATA_NODES'] = 0; - $this->parser_options['XML_OPTION_CASE_FOLDING'] = 0; - $this->parser_options['XML_OPTION_LINEFEED_BREAK'] = 0; - $this->parser_options['XML_OPTION_TAB_BREAK'] = 0; - $this->parser_options['XML_OPTION_ENTITIES_PARSED'] = 0; - $this->parser_options['XML_OPTION_ENTITIES_UNPARSED'] = 0; - $this->parser_options['XML_OPTION_STRIP_ESCAPES'] = 0; - //var_dump($this->parser_options); - } - - /** - * Returns a string from the current position until the first instance of - * one of the characters in the supplied string argument - * @param string string to search until - * @access protected - * @return string - */ - function scanUntilCharacters($string) { - $startpos = $this->position; - while ($this->position < $this->length && strpos($string, $this->rawtext{$this->position}) === FALSE) { - $this->position++; - } - return substr($this->rawtext, $startpos, $this->position - $startpos); - } - - /** - * Moves the position forward past any whitespace characters - * @access protected - * @return void - */ - function ignoreWhitespace() { - while ($this->position < $this->length && - strpos(" \n\r\t", $this->rawtext{$this->position}) !== FALSE) { - $this->position++; - } - } - - /** - * Begins the parsing operation, setting up the unparsed XML entities - * decorator if necessary then delegating further work to parent - * @param string XML document to parse - * @access protected - * @return void - */ - function parse($data) { - parent::parse($data); - } -} - -/** -* Parser for PHP Versions equal to or greater than 4.3.0. Uses a faster -* parsing mechanism than the equivalent PHP < 4.3.0 subclass of StateParser -* @package System.Security.SafeHtml -* @access protected -* @see TSax3_StateParser_Lt430 -*/ -class TSax3_StateParser_Gtet430 extends TSax3_StateParser { - /** - * Constructs TSax3_StateParser_Gtet430 defining available - * parser options - * @var TSax3 instance of user front end class - * @access protected - */ - function __construct(& $htmlsax) { - parent::__construct($htmlsax); - $this->parser_options['XML_OPTION_TRIM_DATA_NODES'] = 0; - $this->parser_options['XML_OPTION_CASE_FOLDING'] = 0; - $this->parser_options['XML_OPTION_LINEFEED_BREAK'] = 0; - $this->parser_options['XML_OPTION_TAB_BREAK'] = 0; - $this->parser_options['XML_OPTION_ENTITIES_PARSED'] = 0; - $this->parser_options['XML_OPTION_ENTITIES_UNPARSED'] = 0; - $this->parser_options['XML_OPTION_STRIP_ESCAPES'] = 0; - } - /** - * Returns a string from the current position until the first instance of - * one of the characters in the supplied string argument. - * @param string string to search until - * @access protected - * @return string - */ - function scanUntilCharacters($string) { - $startpos = $this->position; - $length = strcspn($this->rawtext, $string, $startpos); - $this->position += $length; - return substr($this->rawtext, $startpos, $length); - } - - /** - * Moves the position forward past any whitespace characters - * @access protected - * @return void - */ - function ignoreWhitespace() { - $this->position += strspn($this->rawtext, " \n\r\t", $this->position); - } - - /** - * Begins the parsing operation, setting up the parsed and unparsed - * XML entity decorators if necessary then delegating further work - * to parent - * @param string XML document to parse - * @access protected - * @return void - */ - function parse($data) { - parent::parse($data); - } -} - -/** -* Default NullHandler for methods which were not set by user -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_NullHandler { - /** - * Generic handler method which does nothing - * @access protected - * @return void - */ - function DoNothing() { - } -} - -/** -* User interface class. All user calls should only be made to this class -* @package System.Security.SafeHtml -* @access public -*/ -class TSax3 { - /** - * Instance of concrete subclass of TSax3_StateParser - * @var TSax3_StateParser - * @access private - */ - private $state_parser; - - /** - * Constructs TSax3 selecting concrete StateParser subclass - * depending on PHP version being used as well as setting the default - * NullHandler for all callbacks
- * Example: - * 
-    * $myHandler = & new MyHandler();
-    * $parser = new TSax3();
-    * $parser->set_object($myHandler);
-    * $parser->set_option('XML_OPTION_CASE_FOLDING');
-    * $parser->set_element_handler('myOpenHandler','myCloseHandler');
-    * $parser->set_data_handler('myDataHandler');
-    * $parser->parser($xml);
-    *
- * @access public - */ - function __construct() { - if (version_compare(phpversion(), '4.3', 'ge')) { - $this->state_parser = new TSax3_StateParser_Gtet430($this); - } else { - $this->state_parser = new TSax3_StateParser_Lt430($this); - } - $nullhandler = new TSax3_NullHandler(); - $this->set_object($nullhandler); - $this->set_element_handler('DoNothing', 'DoNothing'); - $this->set_data_handler('DoNothing'); - $this->set_pi_handler('DoNothing'); - $this->set_jasp_handler('DoNothing'); - $this->set_escape_handler('DoNothing'); - } - - /** - * Sets the user defined handler object. Returns a PEAR Error - * if supplied argument is not an object. - * @param object handler object containing SAX callback methods - * @access public - * @return mixed - */ - function set_object(&$object) { - if ( is_object($object) ) { - $this->state_parser->handler_default =& $object; - return true; - } else { - require_once('PEAR.php'); - PEAR::raiseError('TSax3::set_object requires '. - 'an object instance'); - } - } - - /** - * Sets a parser option. By default all options are switched off. - * Returns a PEAR Error if option is invalid
- * Available options: - * - * To get HTMLSax to behave in the same way as the native PHP SAX parser, - * using it's default state, you need to switch on XML_OPTION_LINEFEED_BREAK, - * XML_OPTION_ENTITIES_PARSED and XML_OPTION_CASE_FOLDING - * @param string name of parser option - * @param int (optional) 1 to switch on, 0 for off - * @access public - * @return boolean - */ - function set_option($name, $value=1) { - if ( array_key_exists($name,$this->state_parser->parser_options) ) { - $this->state_parser->parser_options[$name] = $value; - return true; - } else { - require_once('PEAR.php'); - PEAR::raiseError('TSax3::set_option('.$name.') illegal'); - } - } - - /** - * Sets the data handler method which deals with the contents of XML - * elements.
- * The handler method must accept two arguments, the first being an - * instance of TSax3 and the second being the contents of an - * XML element e.g. - * 
-    * function myDataHander(& $parser,$data){}
-    *
- * @param string name of method - * @access public - * @return void - * @see set_object - */ - function set_data_handler($data_method) { - $this->state_parser->handler_object_data =& $this->state_parser->handler_default; - $this->state_parser->handler_method_data = $data_method; - } - - /** - * Sets the open and close tag handlers - *
The open handler method must accept three arguments; the parser, - * the tag name and an array of attributes e.g. - * 
-    * function myOpenHander(& $parser,$tagname,$attrs=array()){}
-    *
- * The close handler method must accept two arguments; the parser and - * the tag name e.g. - * 
-    * function myCloseHander(& $parser,$tagname){}
-    *
- * @param string name of open method - * @param string name of close method - * @access public - * @return void - * @see set_object - */ - function set_element_handler($opening_method, $closing_method) { - $this->state_parser->handler_object_element =& $this->state_parser->handler_default; - $this->state_parser->handler_method_opening = $opening_method; - $this->state_parser->handler_method_closing = $closing_method; - } - - /** - * Sets the processing instruction handler method e.g. for PHP open - * and close tags
- * The handler method must accept three arguments; the parser, the - * PI target and data inside the PI - * 
-    * function myPIHander(& $parser,$target, $data){}
-    *
- * @param string name of method - * @access public - * @return void - * @see set_object - */ - function set_pi_handler($pi_method) { - $this->state_parser->handler_object_pi =& $this->state_parser->handler_default; - $this->state_parser->handler_method_pi = $pi_method; - } - - /** - * Sets the XML escape handler method e.g. for comments and doctype - * declarations
- * The handler method must accept two arguments; the parser and the - * contents of the escaped section - * 
-    * function myEscapeHander(& $parser, $data){}
-    *
- * @param string name of method - * @access public - * @return void - * @see set_object - */ - function set_escape_handler($escape_method) { - $this->state_parser->handler_object_escape =& $this->state_parser->handler_default; - $this->state_parser->handler_method_escape = $escape_method; - } - - /** - * Sets the JSP/ASP markup handler
- * The handler method must accept two arguments; the parser and - * body of the JASP tag - * 
-    * function myJaspHander(& $parser, $data){}
-    *
- * @param string name of method - * @access public - * @return void - * @see set_object - */ - function set_jasp_handler ($jasp_method) { - $this->state_parser->handler_object_jasp =& $this->state_parser->handler_default; - $this->state_parser->handler_method_jasp = $jasp_method; - } - - /** - * Returns the current string position of the "cursor" inside the XML - * document - *
Intended for use from within a user defined handler called - * via the $parser reference e.g. - * 
-    * function myDataHandler(& $parser,$data) {
-    *     echo( 'Current position: '.$parser->get_current_position() );
-    * }
-    *
- * @access public - * @return int - * @see get_length - */ - function get_current_position() { - return $this->state_parser->position; - } - - /** - * Returns the string length of the XML document being parsed - * @access public - * @return int - */ - function get_length() { - return $this->state_parser->length; - } - - /** - * Start parsing some XML - * @param string XML document - * @access public - * @return void - */ - function parse($data) { - $this->state_parser->parse($data); - } -} + Original port from Python | +// | Authors: Harry Fuecks Port to PEAR + more | +// | Authors: Many @ Sitepointforums Advanced PHP Forums | +// +----------------------------------------------------------------------+ +// +// $Id$ +// +/** +* Main parser components +* @package System.Security.SafeHtml +* @version $Id$ +*/ +/** +* Required classes +*/ + +require_once(dirname(__FILE__).'/HTMLSax3/States.php'); +require_once(dirname(__FILE__).'/HTMLSax3/Decorators.php'); + +/** +* Base State Parser +* @package System.Security.SafeHtml +* @access protected +* @abstract +*/ +class TSax3_StateParser { + /** + * Instance of user front end class to be passed to callbacks + * @var TSax3 + * @access private + */ + public $htmlsax; + /** + * User defined object for handling elements + * @var object + * @access private + */ + public $handler_object_element; + /** + * User defined open tag handler method + * @var string + * @access private + */ + public $handler_method_opening; + /** + * User defined close tag handler method + * @var string + * @access private + */ + public $handler_method_closing; + /** + * User defined object for handling data in elements + * @var object + * @access private + */ + public $handler_object_data; + /** + * User defined data handler method + * @var string + * @access private + */ + public $handler_method_data; + /** + * User defined object for handling processing instructions + * @var object + * @access private + */ + public $handler_object_pi; + /** + * User defined processing instruction handler method + * @var string + * @access private + */ + public $handler_method_pi; + /** + * User defined object for handling JSP/ASP tags + * @var object + * @access private + */ + public $handler_object_jasp; + /** + * User defined JSP/ASP handler method + * @var string + * @access private + */ + public $handler_method_jasp; + /** + * User defined object for handling XML escapes + * @var object + * @access private + */ + public $handler_object_escape; + /** + * User defined XML escape handler method + * @var string + * @access private + */ + public $handler_method_escape; + /** + * User defined handler object or NullHandler + * @var object + * @access private + */ + public $handler_default; + /** + * Parser options determining parsing behavior + * @var array + * @access private + */ + protected $parser_options = array(); + /** + * XML document being parsed + * @var string + * @access private + */ + protected $rawtext; + /** + * Position in XML document relative to start (0) + * @var int + * @access private + */ + protected $position; + /** + * Length of the XML document in characters + * @var int + * @access private + */ + protected $length; + /** + * Array of state objects + * @var array + * @access private + */ + protected $State = array(); + + const TSAX3_STATE_STOP = 0; + const TSAX3_STATE_START = 1; + const TSAX3_STATE_TAG = 2; + const TSAX3_STATE_OPENING_TAG = 3; + const TSAX3_STATE_CLOSING_TAG = 4; + const TSAX3_STATE_ESCAPE = 6; + const TSAX3_STATE_JASP = 7; + const TSAX3_STATE_PI = 8; + + /** + * Constructs TSax3_StateParser setting up states + * @var TSax3 instance of user front end class + * @access protected + */ + protected function __construct($htmlsax) { + $this->htmlsax = $htmlsax; + $this->State[self::TSAX3_STATE_START] = new TSax3_StartingState(); + + $this->State[self::TSAX3_STATE_CLOSING_TAG] = new TSax3_ClosingTagState(); + $this->State[self::TSAX3_STATE_TAG] = new TSax3_TagState(); + $this->State[self::TSAX3_STATE_OPENING_TAG] = new TSax3_OpeningTagState(); + + $this->State[self::TSAX3_STATE_PI] = new TSax3_PiState(); + $this->State[self::TSAX3_STATE_JASP] = new TSax3_JaspState(); + $this->State[self::TSAX3_STATE_ESCAPE] = new TSax3_EscapeState(); + } + + /** + * Moves the position back one character + * @access protected + * @return void + */ + function unscanCharacter() { + $this->position -= 1; + } + + /** + * Moves the position forward one character + * @access protected + * @return void + */ + function ignoreCharacter() { + $this->position += 1; + } + + /** + * Returns the next character from the XML document or void if at end + * @access protected + * @return mixed + */ + function scanCharacter() { + if ($this->position < $this->length) { + return $this->rawtext{$this->position++}; + } + } + + /** + * Returns a string from the current position to the next occurance + * of the supplied string + * @param string string to search until + * @access protected + * @return string + */ + function scanUntilString($string) { + $start = $this->position; + $this->position = strpos($this->rawtext, $string, $start); + if ($this->position === FALSE) { + $this->position = $this->length; + } + return substr($this->rawtext, $start, $this->position - $start); + } + + /** + * Returns a string from the current position until the first instance of + * one of the characters in the supplied string argument + * @param string string to search until + * @access protected + * @return string + * @abstract + */ + function scanUntilCharacters($string) {} + + /** + * Moves the position forward past any whitespace characters + * @access protected + * @return void + * @abstract + */ + function ignoreWhitespace() {} + + /** + * Begins the parsing operation, setting up any decorators, depending on + * parse options invoking _parse() to execute parsing + * @param string XML document to parse + * @access protected + * @return void + */ + function parse($data) { + if ($this->parser_options['XML_OPTION_TRIM_DATA_NODES']==1) { + $decorator = new TSax3_Trim( + $this->handler_object_data, + $this->handler_method_data); + $this->handler_object_data =& $decorator; + $this->handler_method_data = 'trimData'; + } + if ($this->parser_options['XML_OPTION_CASE_FOLDING']==1) { + $open_decor = new TSax3_CaseFolding( + $this->handler_object_element, + $this->handler_method_opening, + $this->handler_method_closing); + $this->handler_object_element =& $open_decor; + $this->handler_method_opening ='foldOpen'; + $this->handler_method_closing ='foldClose'; + } + if ($this->parser_options['XML_OPTION_LINEFEED_BREAK']==1) { + $decorator = new TSax3_Linefeed( + $this->handler_object_data, + $this->handler_method_data); + $this->handler_object_data =& $decorator; + $this->handler_method_data = 'breakData'; + } + if ($this->parser_options['XML_OPTION_TAB_BREAK']==1) { + $decorator = new TSax3_Tab( + $this->handler_object_data, + $this->handler_method_data); + $this->handler_object_data =& $decorator; + $this->handler_method_data = 'breakData'; + } + if ($this->parser_options['XML_OPTION_ENTITIES_UNPARSED']==1) { + $decorator = new TSax3_Entities_Unparsed( + $this->handler_object_data, + $this->handler_method_data); + $this->handler_object_data =& $decorator; + $this->handler_method_data = 'breakData'; + } + if ($this->parser_options['XML_OPTION_ENTITIES_PARSED']==1) { + $decorator = new TSax3_Entities_Parsed( + $this->handler_object_data, + $this->handler_method_data); + $this->handler_object_data =& $decorator; + $this->handler_method_data = 'breakData'; + } + // Note switched on by default + if ($this->parser_options['XML_OPTION_STRIP_ESCAPES']==1) { + $decorator = new TSax3_Escape_Stripper( + $this->handler_object_escape, + $this->handler_method_escape); + $this->handler_object_escape =& $decorator; + $this->handler_method_escape = 'strip'; + } + $this->rawtext = $data; + $this->length = strlen($data); + $this->position = 0; + $this->_parse(); + } + + /** + * Performs the parsing itself, delegating calls to a specific parser + * state + * @param constant state object to parse with + * @access protected + * @return void + */ + function _parse($state = self::TSAX3_STATE_START) { + do { + $state = $this->State[$state]->parse($this); + } while ($state != self::TSAX3_STATE_STOP && + $this->position < $this->length); + } +} + +/** +* Parser for PHP Versions below 4.3.0. Uses a slower parsing mechanism than +* the equivalent PHP 4.3.0+ subclass of StateParser +* @package System.Security.SafeHtml +* @access protected +* @see TSax3_StateParser_Gtet430 +*/ +class TSax3_StateParser_Lt430 extends TSax3_StateParser { + /** + * Constructs TSax3_StateParser_Lt430 defining available + * parser options + * @var TSax3 instance of user front end class + * @access protected + */ + function __construct(& $htmlsax) { + parent::__construct($htmlsax); + $this->parser_options['XML_OPTION_TRIM_DATA_NODES'] = 0; + $this->parser_options['XML_OPTION_CASE_FOLDING'] = 0; + $this->parser_options['XML_OPTION_LINEFEED_BREAK'] = 0; + $this->parser_options['XML_OPTION_TAB_BREAK'] = 0; + $this->parser_options['XML_OPTION_ENTITIES_PARSED'] = 0; + $this->parser_options['XML_OPTION_ENTITIES_UNPARSED'] = 0; + $this->parser_options['XML_OPTION_STRIP_ESCAPES'] = 0; + //var_dump($this->parser_options); + } + + /** + * Returns a string from the current position until the first instance of + * one of the characters in the supplied string argument + * @param string string to search until + * @access protected + * @return string + */ + function scanUntilCharacters($string) { + $startpos = $this->position; + while ($this->position < $this->length && strpos($string, $this->rawtext{$this->position}) === FALSE) { + $this->position++; + } + return substr($this->rawtext, $startpos, $this->position - $startpos); + } + + /** + * Moves the position forward past any whitespace characters + * @access protected + * @return void + */ + function ignoreWhitespace() { + while ($this->position < $this->length && + strpos(" \n\r\t", $this->rawtext{$this->position}) !== FALSE) { + $this->position++; + } + } + + /** + * Begins the parsing operation, setting up the unparsed XML entities + * decorator if necessary then delegating further work to parent + * @param string XML document to parse + * @access protected + * @return void + */ + function parse($data) { + parent::parse($data); + } +} + +/** +* Parser for PHP Versions equal to or greater than 4.3.0. Uses a faster +* parsing mechanism than the equivalent PHP < 4.3.0 subclass of StateParser +* @package System.Security.SafeHtml +* @access protected +* @see TSax3_StateParser_Lt430 +*/ +class TSax3_StateParser_Gtet430 extends TSax3_StateParser { + /** + * Constructs TSax3_StateParser_Gtet430 defining available + * parser options + * @var TSax3 instance of user front end class + * @access protected + */ + function __construct(& $htmlsax) { + parent::__construct($htmlsax); + $this->parser_options['XML_OPTION_TRIM_DATA_NODES'] = 0; + $this->parser_options['XML_OPTION_CASE_FOLDING'] = 0; + $this->parser_options['XML_OPTION_LINEFEED_BREAK'] = 0; + $this->parser_options['XML_OPTION_TAB_BREAK'] = 0; + $this->parser_options['XML_OPTION_ENTITIES_PARSED'] = 0; + $this->parser_options['XML_OPTION_ENTITIES_UNPARSED'] = 0; + $this->parser_options['XML_OPTION_STRIP_ESCAPES'] = 0; + } + /** + * Returns a string from the current position until the first instance of + * one of the characters in the supplied string argument. + * @param string string to search until + * @access protected + * @return string + */ + function scanUntilCharacters($string) { + $startpos = $this->position; + $length = strcspn($this->rawtext, $string, $startpos); + $this->position += $length; + return substr($this->rawtext, $startpos, $length); + } + + /** + * Moves the position forward past any whitespace characters + * @access protected + * @return void + */ + function ignoreWhitespace() { + $this->position += strspn($this->rawtext, " \n\r\t", $this->position); + } + + /** + * Begins the parsing operation, setting up the parsed and unparsed + * XML entity decorators if necessary then delegating further work + * to parent + * @param string XML document to parse + * @access protected + * @return void + */ + function parse($data) { + parent::parse($data); + } +} + +/** +* Default NullHandler for methods which were not set by user +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_NullHandler { + /** + * Generic handler method which does nothing + * @access protected + * @return void + */ + function DoNothing() { + } +} + +/** +* User interface class. All user calls should only be made to this class +* @package System.Security.SafeHtml +* @access public +*/ +class TSax3 { + /** + * Instance of concrete subclass of TSax3_StateParser + * @var TSax3_StateParser + * @access private + */ + private $state_parser; + + /** + * Constructs TSax3 selecting concrete StateParser subclass + * depending on PHP version being used as well as setting the default + * NullHandler for all callbacks
+ * Example: + * 
+    * $myHandler = & new MyHandler();
+    * $parser = new TSax3();
+    * $parser->set_object($myHandler);
+    * $parser->set_option('XML_OPTION_CASE_FOLDING');
+    * $parser->set_element_handler('myOpenHandler','myCloseHandler');
+    * $parser->set_data_handler('myDataHandler');
+    * $parser->parser($xml);
+    *
+ * @access public + */ + function __construct() { + if (version_compare(phpversion(), '4.3', 'ge')) { + $this->state_parser = new TSax3_StateParser_Gtet430($this); + } else { + $this->state_parser = new TSax3_StateParser_Lt430($this); + } + $nullhandler = new TSax3_NullHandler(); + $this->set_object($nullhandler); + $this->set_element_handler('DoNothing', 'DoNothing'); + $this->set_data_handler('DoNothing'); + $this->set_pi_handler('DoNothing'); + $this->set_jasp_handler('DoNothing'); + $this->set_escape_handler('DoNothing'); + } + + /** + * Sets the user defined handler object. Returns a PEAR Error + * if supplied argument is not an object. + * @param object handler object containing SAX callback methods + * @access public + * @return mixed + */ + function set_object(&$object) { + if ( is_object($object) ) { + $this->state_parser->handler_default =& $object; + return true; + } else { + require_once('PEAR.php'); + PEAR::raiseError('TSax3::set_object requires '. + 'an object instance'); + } + } + + /** + * Sets a parser option. By default all options are switched off. + * Returns a PEAR Error if option is invalid
+ * Available options: + * + * To get HTMLSax to behave in the same way as the native PHP SAX parser, + * using it's default state, you need to switch on XML_OPTION_LINEFEED_BREAK, + * XML_OPTION_ENTITIES_PARSED and XML_OPTION_CASE_FOLDING + * @param string name of parser option + * @param int (optional) 1 to switch on, 0 for off + * @access public + * @return boolean + */ + function set_option($name, $value=1) { + if ( array_key_exists($name,$this->state_parser->parser_options) ) { + $this->state_parser->parser_options[$name] = $value; + return true; + } else { + require_once('PEAR.php'); + PEAR::raiseError('TSax3::set_option('.$name.') illegal'); + } + } + + /** + * Sets the data handler method which deals with the contents of XML + * elements.
+ * The handler method must accept two arguments, the first being an + * instance of TSax3 and the second being the contents of an + * XML element e.g. + * 
+    * function myDataHander(& $parser,$data){}
+    *
+ * @param string name of method + * @access public + * @return void + * @see set_object + */ + function set_data_handler($data_method) { + $this->state_parser->handler_object_data =& $this->state_parser->handler_default; + $this->state_parser->handler_method_data = $data_method; + } + + /** + * Sets the open and close tag handlers + *
The open handler method must accept three arguments; the parser, + * the tag name and an array of attributes e.g. + * 
+    * function myOpenHander(& $parser,$tagname,$attrs=array()){}
+    *
+ * The close handler method must accept two arguments; the parser and + * the tag name e.g. + * 
+    * function myCloseHander(& $parser,$tagname){}
+    *
+ * @param string name of open method + * @param string name of close method + * @access public + * @return void + * @see set_object + */ + function set_element_handler($opening_method, $closing_method) { + $this->state_parser->handler_object_element =& $this->state_parser->handler_default; + $this->state_parser->handler_method_opening = $opening_method; + $this->state_parser->handler_method_closing = $closing_method; + } + + /** + * Sets the processing instruction handler method e.g. for PHP open + * and close tags
+ * The handler method must accept three arguments; the parser, the + * PI target and data inside the PI + * 
+    * function myPIHander(& $parser,$target, $data){}
+    *
+ * @param string name of method + * @access public + * @return void + * @see set_object + */ + function set_pi_handler($pi_method) { + $this->state_parser->handler_object_pi =& $this->state_parser->handler_default; + $this->state_parser->handler_method_pi = $pi_method; + } + + /** + * Sets the XML escape handler method e.g. for comments and doctype + * declarations
+ * The handler method must accept two arguments; the parser and the + * contents of the escaped section + * 
+    * function myEscapeHander(& $parser, $data){}
+    *
+ * @param string name of method + * @access public + * @return void + * @see set_object + */ + function set_escape_handler($escape_method) { + $this->state_parser->handler_object_escape =& $this->state_parser->handler_default; + $this->state_parser->handler_method_escape = $escape_method; + } + + /** + * Sets the JSP/ASP markup handler
+ * The handler method must accept two arguments; the parser and + * body of the JASP tag + * 
+    * function myJaspHander(& $parser, $data){}
+    *
+ * @param string name of method + * @access public + * @return void + * @see set_object + */ + function set_jasp_handler ($jasp_method) { + $this->state_parser->handler_object_jasp =& $this->state_parser->handler_default; + $this->state_parser->handler_method_jasp = $jasp_method; + } + + /** + * Returns the current string position of the "cursor" inside the XML + * document + *
Intended for use from within a user defined handler called + * via the $parser reference e.g. + * 
+    * function myDataHandler(& $parser,$data) {
+    *     echo( 'Current position: '.$parser->get_current_position() );
+    * }
+    *
+ * @access public + * @return int + * @see get_length + */ + function get_current_position() { + return $this->state_parser->position; + } + + /** + * Returns the string length of the XML document being parsed + * @access public + * @return int + */ + function get_length() { + return $this->state_parser->length; + } + + /** + * Start parsing some XML + * @param string XML document + * @access public + * @return void + */ + function parse($data) { + $this->state_parser->parse($data); + } +} ?> \ No newline at end of file diff --git a/framework/3rdParty/SafeHtml/HTMLSax3/Decorators.php b/framework/3rdParty/SafeHtml/HTMLSax3/Decorators.php index ac82d073..2e2b6590 100644 --- a/framework/3rdParty/SafeHtml/HTMLSax3/Decorators.php +++ b/framework/3rdParty/SafeHtml/HTMLSax3/Decorators.php @@ -1,363 +1,363 @@ - Original port from Python | -// | Authors: Harry Fuecks Port to PEAR + more | -// | Authors: Many @ Sitepointforums Advanced PHP Forums | -// +----------------------------------------------------------------------+ -// -// $Id$ -// -/** -* Decorators for dealing with parser options -* @package System.Security.SafeHtml -* @version $Id$ -* @see TSax3::set_option -*/ -/** -* Trims the contents of element data from whitespace at start and end -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Trim { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_Trim - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Trims the data - * @param TSax3 - * @param string element data - * @access protected - */ - function trimData(&$parser, $data) { - $data = trim($data); - if ($data != '') { - $this->orig_obj->{$this->orig_method}($parser, $data); - } - } -} -/** -* Coverts tag names to upper case -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_CaseFolding { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original open handler method - * @var string - * @access private - */ - private $orig_open_method; - /** - * Original close handler method - * @var string - * @access private - */ - private $orig_close_method; - /** - * Constructs TSax3_CaseFolding - * @param object handler object being decorated - * @param string original open handler method - * @param string original close handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_open_method, $orig_close_method) { - $this->orig_obj =& $orig_obj; - $this->orig_open_method = $orig_open_method; - $this->orig_close_method = $orig_close_method; - } - /** - * Folds up open tag callbacks - * @param TSax3 - * @param string tag name - * @param array tag attributes - * @access protected - */ - function foldOpen(&$parser, $tag, $attrs=array(), $empty = FALSE) { - $this->orig_obj->{$this->orig_open_method}($parser, strtoupper($tag), $attrs, $empty); - } - /** - * Folds up close tag callbacks - * @param TSax3 - * @param string tag name - * @access protected - */ - function foldClose(&$parser, $tag, $empty = FALSE) { - $this->orig_obj->{$this->orig_close_method}($parser, strtoupper($tag), $empty); - } -} -/** -* Breaks up data by linefeed characters, resulting in additional -* calls to the data handler -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Linefeed { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_LineFeed - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Breaks the data up by linefeeds - * @param TSax3 - * @param string element data - * @access protected - */ - function breakData(&$parser, $data) { - $data = explode("\n",$data); - foreach ( $data as $chunk ) { - $this->orig_obj->{$this->orig_method}($parser, $chunk); - } - } -} -/** -* Breaks up data by tab characters, resulting in additional -* calls to the data handler -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Tab { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_Tab - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Breaks the data up by linefeeds - * @param TSax3 - * @param string element data - * @access protected - */ - function breakData(&$parser, $data) { - $data = explode("\t",$data); - foreach ( $data as $chunk ) { - $this->orig_obj->{$this->orig_method}($this, $chunk); - } - } -} -/** -* Breaks up data by XML entities and parses them with html_entity_decode(), -* resulting in additional calls to the data handler
-* Requires PHP 4.3.0+ -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Entities_Parsed { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_Entities_Parsed - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Breaks the data up by XML entities - * @param TSax3 - * @param string element data - * @access protected - */ - function breakData(&$parser, $data) { - $data = preg_split('/(&.+?;)/',$data,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); - foreach ( $data as $chunk ) { - $chunk = html_entity_decode($chunk,ENT_NOQUOTES); - $this->orig_obj->{$this->orig_method}($this, $chunk); - } - } -} -/** -* Compatibility with older PHP versions -*/ -if (version_compare(phpversion(), '4.3', '<') && !function_exists('html_entity_decode') ) { - function html_entity_decode($str, $style=ENT_NOQUOTES) { - return strtr($str, - array_flip(get_html_translation_table(HTML_ENTITIES,$style))); - } -} -/** -* Breaks up data by XML entities but leaves them unparsed, -* resulting in additional calls to the data handler
-* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Entities_Unparsed { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_Entities_Unparsed - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Breaks the data up by XML entities - * @param TSax3 - * @param string element data - * @access protected - */ - function breakData(&$parser, $data) { - $data = preg_split('/(&.+?;)/',$data,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); - foreach ( $data as $chunk ) { - $this->orig_obj->{$this->orig_method}($this, $chunk); - } - } -} - -/** -* Strips the HTML comment markers or CDATA sections from an escape. -* If XML_OPTIONS_FULL_ESCAPES is on, this decorator is not used.
-* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_Escape_Stripper { - /** - * Original handler object - * @var object - * @access private - */ - private $orig_obj; - /** - * Original handler method - * @var string - * @access private - */ - private $orig_method; - /** - * Constructs TSax3_Entities_Unparsed - * @param object handler object being decorated - * @param string original handler method - * @access protected - */ - function __construct(&$orig_obj, $orig_method) { - $this->orig_obj =& $orig_obj; - $this->orig_method = $orig_method; - } - /** - * Breaks the data up by XML entities - * @param TSax3 - * @param string element data - * @access protected - */ - function strip(&$parser, $data) { - // Check for HTML comments first - if ( substr($data,0,2) == '--' ) { - $patterns = array( - '/^\-\-/', // Opening comment: -- - '/\-\-$/', // Closing comment: -- - ); - $data = preg_replace($patterns,'',$data); - - // Check for XML CDATA sections (note: don't do both!) - } else if ( substr($data,0,1) == '[' ) { - $patterns = array( - '/^\[.*CDATA.*\[/s', // Opening CDATA - '/\].*\]$/s', // Closing CDATA - ); - $data = preg_replace($patterns,'',$data); - } - - $this->orig_obj->{$this->orig_method}($this, $data); - } -} + Original port from Python | +// | Authors: Harry Fuecks Port to PEAR + more | +// | Authors: Many @ Sitepointforums Advanced PHP Forums | +// +----------------------------------------------------------------------+ +// +// $Id$ +// +/** +* Decorators for dealing with parser options +* @package System.Security.SafeHtml +* @version $Id$ +* @see TSax3::set_option +*/ +/** +* Trims the contents of element data from whitespace at start and end +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Trim { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_Trim + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Trims the data + * @param TSax3 + * @param string element data + * @access protected + */ + function trimData(&$parser, $data) { + $data = trim($data); + if ($data != '') { + $this->orig_obj->{$this->orig_method}($parser, $data); + } + } +} +/** +* Coverts tag names to upper case +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_CaseFolding { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original open handler method + * @var string + * @access private + */ + private $orig_open_method; + /** + * Original close handler method + * @var string + * @access private + */ + private $orig_close_method; + /** + * Constructs TSax3_CaseFolding + * @param object handler object being decorated + * @param string original open handler method + * @param string original close handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_open_method, $orig_close_method) { + $this->orig_obj =& $orig_obj; + $this->orig_open_method = $orig_open_method; + $this->orig_close_method = $orig_close_method; + } + /** + * Folds up open tag callbacks + * @param TSax3 + * @param string tag name + * @param array tag attributes + * @access protected + */ + function foldOpen(&$parser, $tag, $attrs=array(), $empty = FALSE) { + $this->orig_obj->{$this->orig_open_method}($parser, strtoupper($tag), $attrs, $empty); + } + /** + * Folds up close tag callbacks + * @param TSax3 + * @param string tag name + * @access protected + */ + function foldClose(&$parser, $tag, $empty = FALSE) { + $this->orig_obj->{$this->orig_close_method}($parser, strtoupper($tag), $empty); + } +} +/** +* Breaks up data by linefeed characters, resulting in additional +* calls to the data handler +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Linefeed { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_LineFeed + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Breaks the data up by linefeeds + * @param TSax3 + * @param string element data + * @access protected + */ + function breakData(&$parser, $data) { + $data = explode("\n",$data); + foreach ( $data as $chunk ) { + $this->orig_obj->{$this->orig_method}($parser, $chunk); + } + } +} +/** +* Breaks up data by tab characters, resulting in additional +* calls to the data handler +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Tab { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_Tab + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Breaks the data up by linefeeds + * @param TSax3 + * @param string element data + * @access protected + */ + function breakData(&$parser, $data) { + $data = explode("\t",$data); + foreach ( $data as $chunk ) { + $this->orig_obj->{$this->orig_method}($this, $chunk); + } + } +} +/** +* Breaks up data by XML entities and parses them with html_entity_decode(), +* resulting in additional calls to the data handler
+* Requires PHP 4.3.0+ +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Entities_Parsed { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_Entities_Parsed + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Breaks the data up by XML entities + * @param TSax3 + * @param string element data + * @access protected + */ + function breakData(&$parser, $data) { + $data = preg_split('/(&.+?;)/',$data,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); + foreach ( $data as $chunk ) { + $chunk = html_entity_decode($chunk,ENT_NOQUOTES); + $this->orig_obj->{$this->orig_method}($this, $chunk); + } + } +} +/** +* Compatibility with older PHP versions +*/ +if (version_compare(phpversion(), '4.3', '<') && !function_exists('html_entity_decode') ) { + function html_entity_decode($str, $style=ENT_NOQUOTES) { + return strtr($str, + array_flip(get_html_translation_table(HTML_ENTITIES,$style))); + } +} +/** +* Breaks up data by XML entities but leaves them unparsed, +* resulting in additional calls to the data handler
+* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Entities_Unparsed { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_Entities_Unparsed + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Breaks the data up by XML entities + * @param TSax3 + * @param string element data + * @access protected + */ + function breakData(&$parser, $data) { + $data = preg_split('/(&.+?;)/',$data,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); + foreach ( $data as $chunk ) { + $this->orig_obj->{$this->orig_method}($this, $chunk); + } + } +} + +/** +* Strips the HTML comment markers or CDATA sections from an escape. +* If XML_OPTIONS_FULL_ESCAPES is on, this decorator is not used.
+* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_Escape_Stripper { + /** + * Original handler object + * @var object + * @access private + */ + private $orig_obj; + /** + * Original handler method + * @var string + * @access private + */ + private $orig_method; + /** + * Constructs TSax3_Entities_Unparsed + * @param object handler object being decorated + * @param string original handler method + * @access protected + */ + function __construct(&$orig_obj, $orig_method) { + $this->orig_obj =& $orig_obj; + $this->orig_method = $orig_method; + } + /** + * Breaks the data up by XML entities + * @param TSax3 + * @param string element data + * @access protected + */ + function strip(&$parser, $data) { + // Check for HTML comments first + if ( substr($data,0,2) == '--' ) { + $patterns = array( + '/^\-\-/', // Opening comment: -- + '/\-\-$/', // Closing comment: -- + ); + $data = preg_replace($patterns,'',$data); + + // Check for XML CDATA sections (note: don't do both!) + } else if ( substr($data,0,1) == '[' ) { + $patterns = array( + '/^\[.*CDATA.*\[/s', // Opening CDATA + '/\].*\]$/s', // Closing CDATA + ); + $data = preg_replace($patterns,'',$data); + } + + $this->orig_obj->{$this->orig_method}($this, $data); + } +} ?> \ No newline at end of file diff --git a/framework/3rdParty/SafeHtml/HTMLSax3/States.php b/framework/3rdParty/SafeHtml/HTMLSax3/States.php index 6dfead17..7d7b9b34 100644 --- a/framework/3rdParty/SafeHtml/HTMLSax3/States.php +++ b/framework/3rdParty/SafeHtml/HTMLSax3/States.php @@ -1,288 +1,288 @@ - Original port from Python | -// | Authors: Harry Fuecks Port to PEAR + more | -// | Authors: Many @ Sitepointforums Advanced PHP Forums | -// +----------------------------------------------------------------------+ -// -// $Id$ -// -/** -* Parsing states. -* @package System.Security.SafeHtml -* @version $Id$ -*/ -/** -* Define parser states -*/ -/*define('TSAX3_STATE_STOP', 0); -define('TSAX3_STATE_START', 1); -define('TSAX3_STATE_TAG', 2); -define('TSAX3_STATE_OPENING_TAG', 3); -define('TSAX3_STATE_CLOSING_TAG', 4); -define('TSAX3_STATE_ESCAPE', 6); -define('TSAX3_STATE_JASP', 7); -define('TSAX3_STATE_PI', 8); -*/ -/** -* StartingState searches for the start of any XML tag -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_StartingState { - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_TAG - * @access protected - */ - function parse(&$context) { - $data = $context->scanUntilString('<'); - if ($data != '') { - $context->handler_object_data-> - {$context->handler_method_data}($context->htmlsax, $data); - } - $context->IgnoreCharacter(); - return TSax3_StateParser::TSAX3_STATE_TAG; - } -} -/** -* Decides which state to move one from after StartingState -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_TagState { - /** - * @param TSax3_StateParser subclass - * @return constant the next state to move into - * @access protected - */ - function parse(&$context) { - switch($context->ScanCharacter()) { - case '/': - return TSax3_StateParser::TSAX3_STATE_CLOSING_TAG; - break; - case '?': - return TSax3_StateParser::TSAX3_STATE_PI; - break; - case '%': - return TSax3_StateParser::TSAX3_STATE_JASP; - break; - case '!': - return TSax3_StateParser::TSAX3_STATE_ESCAPE; - break; - default: - $context->unscanCharacter(); - return TSax3_StateParser::TSAX3_STATE_OPENING_TAG; - } - } -} -/** -* Dealing with closing XML tags -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_ClosingTagState { - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_START - * @access protected - */ - function parse(&$context) { - $tag = $context->scanUntilCharacters('/>'); - if ($tag != '') { - $char = $context->scanCharacter(); - if ($char == '/') { - $char = $context->scanCharacter(); - if ($char != '>') { - $context->unscanCharacter(); - } - } - $context->handler_object_element-> - {$context->handler_method_closing}($context->htmlsax, $tag, FALSE); - } - return TSax3_StateParser::TSAX3_STATE_START; - } -} -/** -* Dealing with opening XML tags -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_OpeningTagState { - /** - * Handles attributes - * @param string attribute name - * @param string attribute value - * @return void - * @access protected - * @see TSax3_AttributeStartState - */ - function parseAttributes(&$context) { - $Attributes = array(); - - $context->ignoreWhitespace(); - $attributename = $context->scanUntilCharacters("=/> \n\r\t"); - while ($attributename != '') { - $attributevalue = NULL; - $context->ignoreWhitespace(); - $char = $context->scanCharacter(); - if ($char == '=') { - $context->ignoreWhitespace(); - $char = $context->ScanCharacter(); - if ($char == '"') { - $attributevalue= $context->scanUntilString('"'); - $context->IgnoreCharacter(); - } else if ($char == "'") { - $attributevalue = $context->scanUntilString("'"); - $context->IgnoreCharacter(); - } else { - $context->unscanCharacter(); - $attributevalue = - $context->scanUntilCharacters("> \n\r\t"); - } - } else if ($char !== NULL) { - $attributevalue = NULL; - $context->unscanCharacter(); - } - $Attributes[$attributename] = $attributevalue; - - $context->ignoreWhitespace(); - $attributename = $context->scanUntilCharacters("=/> \n\r\t"); - } - return $Attributes; - } - - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_START - * @access protected - */ - function parse(&$context) { - $tag = $context->scanUntilCharacters("/> \n\r\t"); - if ($tag != '') { - $this->attrs = array(); - $Attributes = $this->parseAttributes($context); - $char = $context->scanCharacter(); - if ($char == '/') { - $char = $context->scanCharacter(); - if ($char != '>') { - $context->unscanCharacter(); - } - $context->handler_object_element-> - {$context->handler_method_opening}($context->htmlsax, $tag, - $Attributes, TRUE); - $context->handler_object_element-> - {$context->handler_method_closing}($context->htmlsax, $tag, - TRUE); - } else { - $context->handler_object_element-> - {$context->handler_method_opening}($context->htmlsax, $tag, - $Attributes, FALSE); - } - } - return TSax3_StateParser::TSAX3_STATE_START; - } -} - -/** -* Deals with XML escapes handling comments and CDATA correctly -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_EscapeState { - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_START - * @access protected - */ - function parse(&$context) { - $char = $context->ScanCharacter(); - if ($char == '-') { - $char = $context->ScanCharacter(); - if ($char == '-') { - $context->unscanCharacter(); - $context->unscanCharacter(); - $text = $context->scanUntilString('-->'); - $text .= $context->scanCharacter(); - $text .= $context->scanCharacter(); - } else { - $context->unscanCharacter(); - $text = $context->scanUntilString('>'); - } - } else if ( $char == '[') { - $context->unscanCharacter(); - $text = $context->scanUntilString(']>'); - $text.= $context->scanCharacter(); - } else { - $context->unscanCharacter(); - $text = $context->scanUntilString('>'); - } - - $context->IgnoreCharacter(); - if ($text != '') { - $context->handler_object_escape-> - {$context->handler_method_escape}($context->htmlsax, $text); - } - return TSax3_StateParser::TSAX3_STATE_START; - } -} -/** -* Deals with JASP/ASP markup -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_JaspState { - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_START - * @access protected - */ - function parse(&$context) { - $text = $context->scanUntilString('%>'); - if ($text != '') { - $context->handler_object_jasp-> - {$context->handler_method_jasp}($context->htmlsax, $text); - } - $context->IgnoreCharacter(); - $context->IgnoreCharacter(); - return TSax3_StateParser::TSAX3_STATE_START; - } -} -/** -* Deals with XML processing instructions -* @package System.Security.SafeHtml -* @access protected -*/ -class TSax3_PiState { - /** - * @param TSax3_StateParser subclass - * @return constant TSAX3_STATE_START - * @access protected - */ - function parse(&$context) { - $target = $context->scanUntilCharacters(" \n\r\t"); - $data = $context->scanUntilString('?>'); - if ($data != '') { - $context->handler_object_pi-> - {$context->handler_method_pi}($context->htmlsax, $target, $data); - } - $context->IgnoreCharacter(); - $context->IgnoreCharacter(); - return TSax3_StateParser::TSAX3_STATE_START; - } -} + Original port from Python | +// | Authors: Harry Fuecks Port to PEAR + more | +// | Authors: Many @ Sitepointforums Advanced PHP Forums | +// +----------------------------------------------------------------------+ +// +// $Id$ +// +/** +* Parsing states. +* @package System.Security.SafeHtml +* @version $Id$ +*/ +/** +* Define parser states +*/ +/*define('TSAX3_STATE_STOP', 0); +define('TSAX3_STATE_START', 1); +define('TSAX3_STATE_TAG', 2); +define('TSAX3_STATE_OPENING_TAG', 3); +define('TSAX3_STATE_CLOSING_TAG', 4); +define('TSAX3_STATE_ESCAPE', 6); +define('TSAX3_STATE_JASP', 7); +define('TSAX3_STATE_PI', 8); +*/ +/** +* StartingState searches for the start of any XML tag +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_StartingState { + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_TAG + * @access protected + */ + function parse(&$context) { + $data = $context->scanUntilString('<'); + if ($data != '') { + $context->handler_object_data-> + {$context->handler_method_data}($context->htmlsax, $data); + } + $context->IgnoreCharacter(); + return TSax3_StateParser::TSAX3_STATE_TAG; + } +} +/** +* Decides which state to move one from after StartingState +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_TagState { + /** + * @param TSax3_StateParser subclass + * @return constant the next state to move into + * @access protected + */ + function parse(&$context) { + switch($context->ScanCharacter()) { + case '/': + return TSax3_StateParser::TSAX3_STATE_CLOSING_TAG; + break; + case '?': + return TSax3_StateParser::TSAX3_STATE_PI; + break; + case '%': + return TSax3_StateParser::TSAX3_STATE_JASP; + break; + case '!': + return TSax3_StateParser::TSAX3_STATE_ESCAPE; + break; + default: + $context->unscanCharacter(); + return TSax3_StateParser::TSAX3_STATE_OPENING_TAG; + } + } +} +/** +* Dealing with closing XML tags +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_ClosingTagState { + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_START + * @access protected + */ + function parse(&$context) { + $tag = $context->scanUntilCharacters('/>'); + if ($tag != '') { + $char = $context->scanCharacter(); + if ($char == '/') { + $char = $context->scanCharacter(); + if ($char != '>') { + $context->unscanCharacter(); + } + } + $context->handler_object_element-> + {$context->handler_method_closing}($context->htmlsax, $tag, FALSE); + } + return TSax3_StateParser::TSAX3_STATE_START; + } +} +/** +* Dealing with opening XML tags +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_OpeningTagState { + /** + * Handles attributes + * @param string attribute name + * @param string attribute value + * @return void + * @access protected + * @see TSax3_AttributeStartState + */ + function parseAttributes(&$context) { + $Attributes = array(); + + $context->ignoreWhitespace(); + $attributename = $context->scanUntilCharacters("=/> \n\r\t"); + while ($attributename != '') { + $attributevalue = NULL; + $context->ignoreWhitespace(); + $char = $context->scanCharacter(); + if ($char == '=') { + $context->ignoreWhitespace(); + $char = $context->ScanCharacter(); + if ($char == '"') { + $attributevalue= $context->scanUntilString('"'); + $context->IgnoreCharacter(); + } else if ($char == "'") { + $attributevalue = $context->scanUntilString("'"); + $context->IgnoreCharacter(); + } else { + $context->unscanCharacter(); + $attributevalue = + $context->scanUntilCharacters("> \n\r\t"); + } + } else if ($char !== NULL) { + $attributevalue = NULL; + $context->unscanCharacter(); + } + $Attributes[$attributename] = $attributevalue; + + $context->ignoreWhitespace(); + $attributename = $context->scanUntilCharacters("=/> \n\r\t"); + } + return $Attributes; + } + + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_START + * @access protected + */ + function parse(&$context) { + $tag = $context->scanUntilCharacters("/> \n\r\t"); + if ($tag != '') { + $this->attrs = array(); + $Attributes = $this->parseAttributes($context); + $char = $context->scanCharacter(); + if ($char == '/') { + $char = $context->scanCharacter(); + if ($char != '>') { + $context->unscanCharacter(); + } + $context->handler_object_element-> + {$context->handler_method_opening}($context->htmlsax, $tag, + $Attributes, TRUE); + $context->handler_object_element-> + {$context->handler_method_closing}($context->htmlsax, $tag, + TRUE); + } else { + $context->handler_object_element-> + {$context->handler_method_opening}($context->htmlsax, $tag, + $Attributes, FALSE); + } + } + return TSax3_StateParser::TSAX3_STATE_START; + } +} + +/** +* Deals with XML escapes handling comments and CDATA correctly +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_EscapeState { + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_START + * @access protected + */ + function parse(&$context) { + $char = $context->ScanCharacter(); + if ($char == '-') { + $char = $context->ScanCharacter(); + if ($char == '-') { + $context->unscanCharacter(); + $context->unscanCharacter(); + $text = $context->scanUntilString('-->'); + $text .= $context->scanCharacter(); + $text .= $context->scanCharacter(); + } else { + $context->unscanCharacter(); + $text = $context->scanUntilString('>'); + } + } else if ( $char == '[') { + $context->unscanCharacter(); + $text = $context->scanUntilString(']>'); + $text.= $context->scanCharacter(); + } else { + $context->unscanCharacter(); + $text = $context->scanUntilString('>'); + } + + $context->IgnoreCharacter(); + if ($text != '') { + $context->handler_object_escape-> + {$context->handler_method_escape}($context->htmlsax, $text); + } + return TSax3_StateParser::TSAX3_STATE_START; + } +} +/** +* Deals with JASP/ASP markup +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_JaspState { + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_START + * @access protected + */ + function parse(&$context) { + $text = $context->scanUntilString('%>'); + if ($text != '') { + $context->handler_object_jasp-> + {$context->handler_method_jasp}($context->htmlsax, $text); + } + $context->IgnoreCharacter(); + $context->IgnoreCharacter(); + return TSax3_StateParser::TSAX3_STATE_START; + } +} +/** +* Deals with XML processing instructions +* @package System.Security.SafeHtml +* @access protected +*/ +class TSax3_PiState { + /** + * @param TSax3_StateParser subclass + * @return constant TSAX3_STATE_START + * @access protected + */ + function parse(&$context) { + $target = $context->scanUntilCharacters(" \n\r\t"); + $data = $context->scanUntilString('?>'); + if ($data != '') { + $context->handler_object_pi-> + {$context->handler_method_pi}($context->htmlsax, $target, $data); + } + $context->IgnoreCharacter(); + $context->IgnoreCharacter(); + return TSax3_StateParser::TSAX3_STATE_START; + } +} ?> \ No newline at end of file diff --git a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php index b80f31a6..ad14baf9 100644 --- a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php +++ b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php @@ -1,673 +1,673 @@ - - * @copyright 2004-2005 Roman Ivanov - * @license http://www.debian.org/misc/bsd.license BSD License (3 Clause) - * @version 1.3.7 - * @link http://pixel-apes.com/safehtml/ - */ - - -/** - * This package requires HTMLSax3 package - */ -Prado::using('System.3rdParty.SafeHtml.HTMLSax3'); - - -/** - * - * TSafeHtmlParser - * - * This parser strips down all potentially dangerous content within HTML: - *
    - *
  • opening tag without its closing tag
    • - *
  • closing tag without its opening tag
    • - *
  • any of these tags: "base", "basefont", "head", "html", "body", "applet", - * "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", - * "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
    • - *
  • any of these attributes: on*, data*, dynsrc
    • - *
  • javascript:/vbscript:/about: etc. protocols
    • - *
  • expression/behavior etc. in styles
    • - *
  • any other active content
    • - *
- * It also tries to convert code to XHTML valid, but htmltidy is far better - * solution for this task. - * - * Example: - * 
- * $parser = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser');
- * $result = $parser->parse($doc);
- *
- * - * @category HTML - * @package System.Security - * @author Roman Ivanov - * @copyright 1997-2005 Roman Ivanov - * @license http://www.debian.org/misc/bsd.license BSD License (3 Clause) - * @version Release: @package_version@ - * @link http://pear.php.net/package/SafeHTML - */ -class TSafeHtmlParser -{ - /** - * Storage for resulting HTML output - * - * @var string - * @access private - */ - private $_xhtml = ''; - - /** - * Array of counters for each tag - * - * @var array - * @access private - */ - private $_counter = array(); - - /** - * Stack of unclosed tags - * - * @var array - * @access private - */ - private $_stack = array(); - - /** - * Array of counters for tags that must be deleted with all content - * - * @var array - * @access private - */ - private $_dcCounter = array(); - - /** - * Stack of unclosed tags that must be deleted with all content - * - * @var array - * @access private - */ - private $_dcStack = array(); - - /** - * Stores level of list (ol/ul) nesting - * - * @var int - * @access private - */ - private $_listScope = 0; - - /** - * Stack of unclosed list tags - * - * @var array - * @access private - */ - private $_liStack = array(); - - /** - * Array of prepared regular expressions for protocols (schemas) matching - * - * @var array - * @access private - */ - private $_protoRegexps = array(); - - /** - * Array of prepared regular expressions for CSS matching - * - * @var array - * @access private - */ - private $_cssRegexps = array(); - - /** - * List of single tags ("") - * - * @var array - * @access public - */ - public $singleTags = array('area', 'br', 'img', 'input', 'hr', 'wbr', ); - - /** - * List of dangerous tags (such tags will be deleted) - * - * @var array - * @access public - */ - public $deleteTags = array( - 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body', - 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer', - 'iframe', 'layer', 'link', 'meta', 'object', 'style', - 'title', 'script', - ); - - /** - * List of dangerous tags (such tags will be deleted, and all content - * inside this tags will be also removed) - * - * @var array - * @access public - */ - public $deleteTagsContent = array('script', 'style', 'title', 'xml', ); - - /** - * Type of protocols filtering ('white' or 'black') - * - * @var string - * @access public - */ - public $protocolFiltering = 'white'; - - /** - * List of "dangerous" protocols (used for blacklist-filtering) - * - * @var array - * @access public - */ - public $blackProtocols = array( - 'about', 'chrome', 'data', 'disk', 'hcp', - 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec', - 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera', - 'res', 'resource', 'shell', 'vbscript', 'view-source', - 'vnd.ms.radio', 'wysiwyg', - ); - - /** - * List of "safe" protocols (used for whitelist-filtering) - * - * @var array - * @access public - */ - public $whiteProtocols = array( - 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https', - 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal', - 'xmpp', 'callto', - ); - - /** - * List of attributes that can contain protocols - * - * @var array - * @access public - */ - public $protocolAttributes = array( - 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', - ); - - /** - * List of dangerous CSS keywords - * - * Whole style="" attribute will be removed, if parser will find one of - * these keywords - * - * @var array - * @access public - */ - public $cssKeywords = array( - 'absolute', 'behavior', 'behaviour', 'content', 'expression', - 'fixed', 'include-source', 'moz-binding', - ); - - /** - * List of tags that can have no "closing tag" - * - * @var array - * @access public - * @deprecated XHTML does not allow such tags - */ - public $noClose = array(); - - /** - * List of block-level tags that terminates paragraph - * - * Paragraph will be closed when this tags opened - * - * @var array - * @access public - */ - public $closeParagraph = array( - 'address', 'blockquote', 'center', 'dd', 'dir', 'div', - 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', - 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', - 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', - 'table', 'ul', 'xmp', - ); - - /** - * List of table tags, all table tags outside a table will be removed - * - * @var array - * @access public - */ - public $tableTags = array( - 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', - 'thead', 'tr', - ); - - /** - * List of list tags - * - * @var array - * @access public - */ - public $listTags = array('dir', 'menu', 'ol', 'ul', 'dl', ); - - /** - * List of dangerous attributes - * - * @var array - * @access public - */ - public $attributes = array('dynsrc'); - //public $attributes = array('dynsrc', 'id', 'name', ); //id and name are dangerous? - - /** - * List of allowed "namespaced" attributes - * - * @var array - * @access public - */ - public $attributesNS = array('xml:lang', ); - - /** - * Constructs class - * - * @access public - */ - public function __construct() - { - //making regular expressions based on Proto & CSS arrays - foreach ($this->blackProtocols as $proto) { - $preg = "/[\s\x01-\x1F]*"; - for ($i=0; $i_protoRegexps[] = $preg; - } - - foreach ($this->cssKeywords as $css) { - $this->_cssRegexps[] = '/' . $css . '/i'; - } - return true; - } - - /** - * Handles the writing of attributes - called from $this->_openHandler() - * - * @param array $attrs array of attributes $name => $value - * @return boolean - * @access private - */ - private function _writeAttrs ($attrs) - { - if (is_array($attrs)) { - foreach ($attrs as $name => $value) { - - $name = strtolower($name); - - if (strpos($name, 'on') === 0) { - continue; - } - if (strpos($name, 'data') === 0) { - continue; - } - if (in_array($name, $this->attributes)) { - continue; - } - if (!preg_match("/^[a-z0-9]+$/i", $name)) { - if (!in_array($name, $this->attributesNS)) - { - continue; - } - } - - if (($value === TRUE) || (is_null($value))) { - $value = $name; - } - - if ($name == 'style') { - - // removes insignificant backslahes - $value = str_replace("\\", '', $value); - - // removes CSS comments - while (1) - { - $_value = preg_replace("!/\*.*?\*/!s", '', $value); - if ($_value == $value) break; - $value = $_value; - } - - // replace all & to & - $value = str_replace('&', '&', $value); - $value = str_replace('&', '&', $value); - - foreach ($this->_cssRegexps as $css) { - if (preg_match($css, $value)) { - continue 2; - } - } - foreach ($this->_protoRegexps as $proto) { - if (preg_match($proto, $value)) { - continue 2; - } - } - } - - $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' - $tempval = preg_replace('/&#x([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval); - - if ((in_array($name, $this->protocolAttributes)) && - (strpos($tempval, ':') !== false)) - { - if ($this->protocolFiltering == 'black') { - foreach ($this->_protoRegexps as $proto) { - if (preg_match($proto, $tempval)) continue 2; - } - } else { - $_tempval = explode(':', $tempval); - $proto = $_tempval[0]; - if (!in_array($proto, $this->whiteProtocols)) { - continue; - } - } - } - - $value = str_replace("\"", """, $value); - $this->_xhtml .= ' ' . $name . '="' . $value . '"'; - } - } - return true; - } - - /** - * Opening tag handler - called from HTMLSax - * - * @param object $parser HTML Parser - * @param string $name tag name - * @param array $attrs tag attributes - * @return boolean - * @access private - */ - public function _openHandler(&$parser, $name, $attrs) - { - $name = strtolower($name); - - if (in_array($name, $this->deleteTagsContent)) { - array_push($this->_dcStack, $name); - $this->_dcCounter[$name] = isset($this->_dcCounter[$name]) ? $this->_dcCounter[$name]+1 : 1; - } - if (count($this->_dcStack) != 0) { - return true; - } - - if (in_array($name, $this->deleteTags)) { - return true; - } - - if (!preg_match("/^[a-z0-9]+$/i", $name)) { - if (preg_match("!(?:\@|://)!i", $name)) { - $this->_xhtml .= '<' . $name . '>'; - } - return true; - } - - if (in_array($name, $this->singleTags)) { - $this->_xhtml .= '<' . $name; - $this->_writeAttrs($attrs); - $this->_xhtml .= ' />'; - return true; - } - - // TABLES: cannot open table elements when we are not inside table - if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0) - && (in_array($name, $this->tableTags))) - { - return true; - } - - // PARAGRAPHS: close paragraph when closeParagraph tags opening - if ((in_array($name, $this->closeParagraph)) && (in_array('p', $this->_stack))) { - $this->_closeHandler($parser, 'p'); - } - - // LISTS: we should close
  • if
  • of the same level opening - if ($name == 'li' && count($this->_liStack) && - $this->_listScope == $this->_liStack[count($this->_liStack)-1]) - { - $this->_closeHandler($parser, 'li'); - } - - // LISTS: we want to know on what nesting level of lists we are - if (in_array($name, $this->listTags)) { - $this->_listScope++; - } - if ($name == 'li') { - array_push($this->_liStack, $this->_listScope); - } - - $this->_xhtml .= '<' . $name; - $this->_writeAttrs($attrs); - $this->_xhtml .= '>'; - array_push($this->_stack,$name); - $this->_counter[$name] = isset($this->_counter[$name]) ? $this->_counter[$name]+1 : 1; - return true; - } - - /** - * Closing tag handler - called from HTMLSax - * - * @param object $parsers HTML parser - * @param string $name tag name - * @return boolean - * @access private - */ - public function _closeHandler(&$parser, $name) - { - - $name = strtolower($name); - - if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) && - (in_array($name, $this->deleteTagsContent))) - { - while ($name != ($tag = array_pop($this->_dcStack))) { - $this->_dcCounter[$tag]--; - } - - $this->_dcCounter[$name]--; - } - - if (count($this->_dcStack) != 0) { - return true; - } - - if ((isset($this->_counter[$name])) && ($this->_counter[$name] > 0)) { - while ($name != ($tag = array_pop($this->_stack))) { - $this->_closeTag($tag); - } - - $this->_closeTag($name); - } - return true; - } - - /** - * Closes tag - * - * @param string $tag tag name - * @return boolean - * @access private - */ - public function _closeTag($tag) - { - if (!in_array($tag, $this->noClose)) { - $this->_xhtml .= ''; - } - - $this->_counter[$tag]--; - - if (in_array($tag, $this->listTags)) { - $this->_listScope--; - } - - if ($tag == 'li') { - array_pop($this->_liStack); - } - return true; - } - - /** - * Character data handler - called from HTMLSax - * - * @param object $parser HTML parser - * @param string $data textual data - * @return boolean - * @access private - */ - public function _dataHandler(&$parser, $data) - { - if (count($this->_dcStack) == 0) { - $this->_xhtml .= $data; - } - return true; - } - - /** - * Escape handler - called from HTMLSax - * - * @param object $parser HTML parser - * @param string $data comments or other type of data - * @return boolean - * @access private - */ - public function _escapeHandler(&$parser, $data) - { - return true; - } - - /** - * Returns the XHTML document - * - * @return string Processed (X)HTML document - * @access public - */ - public function getXHTML () - { - while ($tag = array_pop($this->_stack)) { - $this->_closeTag($tag); - } - - return $this->_xhtml; - } - - /** - * Clears current document data - * - * @return boolean - * @access public - */ - public function clear() - { - $this->_xhtml = ''; - return true; - } - - /** - * Main parsing fuction - * - * @param string $doc HTML document for processing - * @return string Processed (X)HTML document - * @access public - */ - public function parse($doc, $isUTF7=false) - { - $this->clear(); - - // Save all '<' symbols - $doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '<', (string)$doc); - - // Web documents shouldn't contains \x00 symbol - $doc = str_replace("\x00", '', $doc); - - // Opera6 bug workaround - $doc = str_replace("\xC0\xBC", '<', $doc); - - // UTF-7 encoding ASCII decode - if($isUTF7) - $doc = $this->repackUTF7($doc); - - // Instantiate the parser - $parser= new TSax3(); - - // Set up the parser - $parser->set_object($this); - - $parser->set_element_handler('_openHandler','_closeHandler'); - $parser->set_data_handler('_dataHandler'); - $parser->set_escape_handler('_escapeHandler'); - - $parser->parse($doc); - - return $this->getXHTML(); - - } - - - /** - * UTF-7 decoding fuction - * - * @param string $str HTML document for recode ASCII part of UTF-7 back to ASCII - * @return string Decoded document - * @access private - */ - private function repackUTF7($str) - { - return preg_replace_callback('!\+([0-9a-zA-Z/]+)\-!', array($this, 'repackUTF7Callback'), $str); - } - - /** - * Additional UTF-7 decoding fuction - * - * @param string $str String for recode ASCII part of UTF-7 back to ASCII - * @return string Recoded string - * @access private - */ - private function repackUTF7Callback($str) - { - $str = base64_decode($str[1]); - $str = preg_replace_callback('/^((?:\x00.)*)((?:[^\x00].)+)/', array($this, 'repackUTF7Back'), $str); - return preg_replace('/\x00(.)/', '$1', $str); - } - - /** - * Additional UTF-7 encoding fuction - * - * @param string $str String for recode ASCII part of UTF-7 back to ASCII - * @return string Recoded string - * @access private - */ - private function repackUTF7Back($str) - { - return $str[1].'+'.rtrim(base64_encode($str[2]), '=').'-'; - } -} - -/* - * Local variables: - * tab-width: 4 - * c-basic-offset: 4 - * c-hanging-comment-ender-p: nil - * End: - */ - + + * @copyright 2004-2005 Roman Ivanov + * @license http://www.debian.org/misc/bsd.license BSD License (3 Clause) + * @version 1.3.7 + * @link http://pixel-apes.com/safehtml/ + */ + + +/** + * This package requires HTMLSax3 package + */ +Prado::using('System.3rdParty.SafeHtml.HTMLSax3'); + + +/** + * + * TSafeHtmlParser + * + * This parser strips down all potentially dangerous content within HTML: + *
      + *
    • opening tag without its closing tag
      • + *
    • closing tag without its opening tag
      • + *
    • any of these tags: "base", "basefont", "head", "html", "body", "applet", + * "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", + * "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
      • + *
    • any of these attributes: on*, data*, dynsrc
      • + *
    • javascript:/vbscript:/about: etc. protocols
      • + *
    • expression/behavior etc. in styles
      • + *
    • any other active content
      • + *
    + * It also tries to convert code to XHTML valid, but htmltidy is far better + * solution for this task. + * + * Example: + * 
    + * $parser = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser');
+ * $result = $parser->parse($doc);
+ *
    + * + * @category HTML + * @package System.Security + * @author Roman Ivanov + * @copyright 1997-2005 Roman Ivanov + * @license http://www.debian.org/misc/bsd.license BSD License (3 Clause) + * @version Release: @package_version@ + * @link http://pear.php.net/package/SafeHTML + */ +class TSafeHtmlParser +{ + /** + * Storage for resulting HTML output + * + * @var string + * @access private + */ + private $_xhtml = ''; + + /** + * Array of counters for each tag + * + * @var array + * @access private + */ + private $_counter = array(); + + /** + * Stack of unclosed tags + * + * @var array + * @access private + */ + private $_stack = array(); + + /** + * Array of counters for tags that must be deleted with all content + * + * @var array + * @access private + */ + private $_dcCounter = array(); + + /** + * Stack of unclosed tags that must be deleted with all content + * + * @var array + * @access private + */ + private $_dcStack = array(); + + /** + * Stores level of list (ol/ul) nesting + * + * @var int + * @access private + */ + private $_listScope = 0; + + /** + * Stack of unclosed list tags + * + * @var array + * @access private + */ + private $_liStack = array(); + + /** + * Array of prepared regular expressions for protocols (schemas) matching + * + * @var array + * @access private + */ + private $_protoRegexps = array(); + + /** + * Array of prepared regular expressions for CSS matching + * + * @var array + * @access private + */ + private $_cssRegexps = array(); + + /** + * List of single tags ("") + * + * @var array + * @access public + */ + public $singleTags = array('area', 'br', 'img', 'input', 'hr', 'wbr', ); + + /** + * List of dangerous tags (such tags will be deleted) + * + * @var array + * @access public + */ + public $deleteTags = array( + 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body', + 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer', + 'iframe', 'layer', 'link', 'meta', 'object', 'style', + 'title', 'script', + ); + + /** + * List of dangerous tags (such tags will be deleted, and all content + * inside this tags will be also removed) + * + * @var array + * @access public + */ + public $deleteTagsContent = array('script', 'style', 'title', 'xml', ); + + /** + * Type of protocols filtering ('white' or 'black') + * + * @var string + * @access public + */ + public $protocolFiltering = 'white'; + + /** + * List of "dangerous" protocols (used for blacklist-filtering) + * + * @var array + * @access public + */ + public $blackProtocols = array( + 'about', 'chrome', 'data', 'disk', 'hcp', + 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec', + 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera', + 'res', 'resource', 'shell', 'vbscript', 'view-source', + 'vnd.ms.radio', 'wysiwyg', + ); + + /** + * List of "safe" protocols (used for whitelist-filtering) + * + * @var array + * @access public + */ + public $whiteProtocols = array( + 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https', + 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal', + 'xmpp', 'callto', + ); + + /** + * List of attributes that can contain protocols + * + * @var array + * @access public + */ + public $protocolAttributes = array( + 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', + ); + + /** + * List of dangerous CSS keywords + * + * Whole style="" attribute will be removed, if parser will find one of + * these keywords + * + * @var array + * @access public + */ + public $cssKeywords = array( + 'absolute', 'behavior', 'behaviour', 'content', 'expression', + 'fixed', 'include-source', 'moz-binding', + ); + + /** + * List of tags that can have no "closing tag" + * + * @var array + * @access public + * @deprecated XHTML does not allow such tags + */ + public $noClose = array(); + + /** + * List of block-level tags that terminates paragraph + * + * Paragraph will be closed when this tags opened + * + * @var array + * @access public + */ + public $closeParagraph = array( + 'address', 'blockquote', 'center', 'dd', 'dir', 'div', + 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', + 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', + 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', + 'table', 'ul', 'xmp', + ); + + /** + * List of table tags, all table tags outside a table will be removed + * + * @var array + * @access public + */ + public $tableTags = array( + 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', + 'thead', 'tr', + ); + + /** + * List of list tags + * + * @var array + * @access public + */ + public $listTags = array('dir', 'menu', 'ol', 'ul', 'dl', ); + + /** + * List of dangerous attributes + * + * @var array + * @access public + */ + public $attributes = array('dynsrc'); + //public $attributes = array('dynsrc', 'id', 'name', ); //id and name are dangerous? + + /** + * List of allowed "namespaced" attributes + * + * @var array + * @access public + */ + public $attributesNS = array('xml:lang', ); + + /** + * Constructs class + * + * @access public + */ + public function __construct() + { + //making regular expressions based on Proto & CSS arrays + foreach ($this->blackProtocols as $proto) { + $preg = "/[\s\x01-\x1F]*"; + for ($i=0; $i_protoRegexps[] = $preg; + } + + foreach ($this->cssKeywords as $css) { + $this->_cssRegexps[] = '/' . $css . '/i'; + } + return true; + } + + /** + * Handles the writing of attributes - called from $this->_openHandler() + * + * @param array $attrs array of attributes $name => $value + * @return boolean + * @access private + */ + private function _writeAttrs ($attrs) + { + if (is_array($attrs)) { + foreach ($attrs as $name => $value) { + + $name = strtolower($name); + + if (strpos($name, 'on') === 0) { + continue; + } + if (strpos($name, 'data') === 0) { + continue; + } + if (in_array($name, $this->attributes)) { + continue; + } + if (!preg_match("/^[a-z0-9]+$/i", $name)) { + if (!in_array($name, $this->attributesNS)) + { + continue; + } + } + + if (($value === TRUE) || (is_null($value))) { + $value = $name; + } + + if ($name == 'style') { + + // removes insignificant backslahes + $value = str_replace("\\", '', $value); + + // removes CSS comments + while (1) + { + $_value = preg_replace("!/\*.*?\*/!s", '', $value); + if ($_value == $value) break; + $value = $_value; + } + + // replace all & to & + $value = str_replace('&', '&', $value); + $value = str_replace('&', '&', $value); + + foreach ($this->_cssRegexps as $css) { + if (preg_match($css, $value)) { + continue 2; + } + } + foreach ($this->_protoRegexps as $proto) { + if (preg_match($proto, $value)) { + continue 2; + } + } + } + + $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' + $tempval = preg_replace('/&#x([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval); + + if ((in_array($name, $this->protocolAttributes)) && + (strpos($tempval, ':') !== false)) + { + if ($this->protocolFiltering == 'black') { + foreach ($this->_protoRegexps as $proto) { + if (preg_match($proto, $tempval)) continue 2; + } + } else { + $_tempval = explode(':', $tempval); + $proto = $_tempval[0]; + if (!in_array($proto, $this->whiteProtocols)) { + continue; + } + } + } + + $value = str_replace("\"", """, $value); + $this->_xhtml .= ' ' . $name . '="' . $value . '"'; + } + } + return true; + } + + /** + * Opening tag handler - called from HTMLSax + * + * @param object $parser HTML Parser + * @param string $name tag name + * @param array $attrs tag attributes + * @return boolean + * @access private + */ + public function _openHandler(&$parser, $name, $attrs) + { + $name = strtolower($name); + + if (in_array($name, $this->deleteTagsContent)) { + array_push($this->_dcStack, $name); + $this->_dcCounter[$name] = isset($this->_dcCounter[$name]) ? $this->_dcCounter[$name]+1 : 1; + } + if (count($this->_dcStack) != 0) { + return true; + } + + if (in_array($name, $this->deleteTags)) { + return true; + } + + if (!preg_match("/^[a-z0-9]+$/i", $name)) { + if (preg_match("!(?:\@|://)!i", $name)) { + $this->_xhtml .= '<' . $name . '>'; + } + return true; + } + + if (in_array($name, $this->singleTags)) { + $this->_xhtml .= '<' . $name; + $this->_writeAttrs($attrs); + $this->_xhtml .= ' />'; + return true; + } + + // TABLES: cannot open table elements when we are not inside table + if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0) + && (in_array($name, $this->tableTags))) + { + return true; + } + + // PARAGRAPHS: close paragraph when closeParagraph tags opening + if ((in_array($name, $this->closeParagraph)) && (in_array('p', $this->_stack))) { + $this->_closeHandler($parser, 'p'); + } + + // LISTS: we should close
  • if
  • of the same level opening + if ($name == 'li' && count($this->_liStack) && + $this->_listScope == $this->_liStack[count($this->_liStack)-1]) + { + $this->_closeHandler($parser, 'li'); + } + + // LISTS: we want to know on what nesting level of lists we are + if (in_array($name, $this->listTags)) { + $this->_listScope++; + } + if ($name == 'li') { + array_push($this->_liStack, $this->_listScope); + } + + $this->_xhtml .= '<' . $name; + $this->_writeAttrs($attrs); + $this->_xhtml .= '>'; + array_push($this->_stack,$name); + $this->_counter[$name] = isset($this->_counter[$name]) ? $this->_counter[$name]+1 : 1; + return true; + } + + /** + * Closing tag handler - called from HTMLSax + * + * @param object $parsers HTML parser + * @param string $name tag name + * @return boolean + * @access private + */ + public function _closeHandler(&$parser, $name) + { + + $name = strtolower($name); + + if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) && + (in_array($name, $this->deleteTagsContent))) + { + while ($name != ($tag = array_pop($this->_dcStack))) { + $this->_dcCounter[$tag]--; + } + + $this->_dcCounter[$name]--; + } + + if (count($this->_dcStack) != 0) { + return true; + } + + if ((isset($this->_counter[$name])) && ($this->_counter[$name] > 0)) { + while ($name != ($tag = array_pop($this->_stack))) { + $this->_closeTag($tag); + } + + $this->_closeTag($name); + } + return true; + } + + /** + * Closes tag + * + * @param string $tag tag name + * @return boolean + * @access private + */ + public function _closeTag($tag) + { + if (!in_array($tag, $this->noClose)) { + $this->_xhtml .= ''; + } + + $this->_counter[$tag]--; + + if (in_array($tag, $this->listTags)) { + $this->_listScope--; + } + + if ($tag == 'li') { + array_pop($this->_liStack); + } + return true; + } + + /** + * Character data handler - called from HTMLSax + * + * @param object $parser HTML parser + * @param string $data textual data + * @return boolean + * @access private + */ + public function _dataHandler(&$parser, $data) + { + if (count($this->_dcStack) == 0) { + $this->_xhtml .= $data; + } + return true; + } + + /** + * Escape handler - called from HTMLSax + * + * @param object $parser HTML parser + * @param string $data comments or other type of data + * @return boolean + * @access private + */ + public function _escapeHandler(&$parser, $data) + { + return true; + } + + /** + * Returns the XHTML document + * + * @return string Processed (X)HTML document + * @access public + */ + public function getXHTML () + { + while ($tag = array_pop($this->_stack)) { + $this->_closeTag($tag); + } + + return $this->_xhtml; + } + + /** + * Clears current document data + * + * @return boolean + * @access public + */ + public function clear() + { + $this->_xhtml = ''; + return true; + } + + /** + * Main parsing fuction + * + * @param string $doc HTML document for processing + * @return string Processed (X)HTML document + * @access public + */ + public function parse($doc, $isUTF7=false) + { + $this->clear(); + + // Save all '<' symbols + $doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '<', (string)$doc); + + // Web documents shouldn't contains \x00 symbol + $doc = str_replace("\x00", '', $doc); + + // Opera6 bug workaround + $doc = str_replace("\xC0\xBC", '<', $doc); + + // UTF-7 encoding ASCII decode + if($isUTF7) + $doc = $this->repackUTF7($doc); + + // Instantiate the parser + $parser= new TSax3(); + + // Set up the parser + $parser->set_object($this); + + $parser->set_element_handler('_openHandler','_closeHandler'); + $parser->set_data_handler('_dataHandler'); + $parser->set_escape_handler('_escapeHandler'); + + $parser->parse($doc); + + return $this->getXHTML(); + + } + + + /** + * UTF-7 decoding fuction + * + * @param string $str HTML document for recode ASCII part of UTF-7 back to ASCII + * @return string Decoded document + * @access private + */ + private function repackUTF7($str) + { + return preg_replace_callback('!\+([0-9a-zA-Z/]+)\-!', array($this, 'repackUTF7Callback'), $str); + } + + /** + * Additional UTF-7 decoding fuction + * + * @param string $str String for recode ASCII part of UTF-7 back to ASCII + * @return string Recoded string + * @access private + */ + private function repackUTF7Callback($str) + { + $str = base64_decode($str[1]); + $str = preg_replace_callback('/^((?:\x00.)*)((?:[^\x00].)+)/', array($this, 'repackUTF7Back'), $str); + return preg_replace('/\x00(.)/', '$1', $str); + } + + /** + * Additional UTF-7 encoding fuction + * + * @param string $str String for recode ASCII part of UTF-7 back to ASCII + * @return string Recoded string + * @access private + */ + private function repackUTF7Back($str) + { + return $str[1].'+'.rtrim(base64_encode($str[2]), '=').'-'; + } +} + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * c-hanging-comment-ender-p: nil + * End: + */ + ?> \ No newline at end of file -- cgit v1.2.3