Commit db0e231b authored by Robert Lyon's avatar Robert Lyon

Bug 1866720: update htmlpurifier to 4.1.12

Change-Id: I066b12fda2a41e42839671b6b82f412f9c631ef2
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 1048c9b8
......@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run.
*
* @version 4.11.0
* @version 4.12.0
*
* @warning
* You must *not* include any other HTML Purifier files before this file,
......
......@@ -19,7 +19,7 @@
*/
/*
HTML Purifier 4.11.0 - Standards Compliant HTML Filtering
HTML Purifier 4.12.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
......@@ -58,12 +58,12 @@ class HTMLPurifier
* Version of HTML Purifier.
* @type string
*/
public $version = '4.11.0';
public $version = '4.12.0';
/**
* Constant with version of HTML Purifier.
*/
const VERSION = '4.11.0';
const VERSION = '4.12.0';
/**
* Global configuration object.
......@@ -240,6 +240,7 @@ class HTMLPurifier
public function purifyArray($array_of_html, $config = null)
{
$context_array = array();
$array = array();
foreach($array_of_html as $key=>$value){
if (is_array($value)) {
$array[$key] = $this->purifyArray($value, $config);
......
......@@ -69,7 +69,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
return false;
}
$left = ltrim($left, '0');
// Remove leading zeros until positive number or a zero stays left
if (ltrim($left, '0') != '') {
$left = ltrim($left, '0');
} else {
$left = '0';
}
$right = rtrim($right, '0');
if ($right === '') {
......
......@@ -7,7 +7,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
{
/**
* @type bool
* @type string
*/
protected $name;
......@@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
public $minimized = true;
/**
* @param bool $name
* @param bool|string $name
*/
public function __construct($name = false)
{
......
......@@ -45,7 +45,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
protected function _compileRegex()
{
$raw = str_replace(' ', '', $this->dtd_regex);
if ($raw{0} != '(') {
if ($raw[0] != '(') {
$raw = "($raw)";
}
$el = '[#a-zA-Z0-9_.-]+';
......
......@@ -21,7 +21,7 @@ class HTMLPurifier_Config
* HTML Purifier's version
* @type string
*/
public $version = '4.11.0';
public $version = '4.12.0';
/**
* Whether or not to automatically finalize
......@@ -408,7 +408,7 @@ class HTMLPurifier_Config
* maybeGetRawHTMLDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_HTMLDefinition
* @return HTMLPurifier_HTMLDefinition|null
*/
public function getHTMLDefinition($raw = false, $optimized = false)
{
......@@ -427,7 +427,7 @@ class HTMLPurifier_Config
* maybeGetRawCSSDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_CSSDefinition
* @return HTMLPurifier_CSSDefinition|null
*/
public function getCSSDefinition($raw = false, $optimized = false)
{
......@@ -446,7 +446,7 @@ class HTMLPurifier_Config
* maybeGetRawURIDefinition, which is more explicitly
* named, instead.
*
* @return HTMLPurifier_URIDefinition
* @return HTMLPurifier_URIDefinition|null
*/
public function getURIDefinition($raw = false, $optimized = false)
{
......@@ -468,7 +468,7 @@ class HTMLPurifier_Config
* maybe semantics is the "right thing to do."
*
* @throws HTMLPurifier_Exception
* @return HTMLPurifier_Definition
* @return HTMLPurifier_Definition|null
*/
public function getDefinition($type, $raw = false, $optimized = false)
{
......@@ -647,7 +647,7 @@ class HTMLPurifier_Config
}
/**
* @return HTMLPurifier_HTMLDefinition
* @return HTMLPurifier_HTMLDefinition|null
*/
public function maybeGetRawHTMLDefinition()
{
......@@ -655,7 +655,7 @@ class HTMLPurifier_Config
}
/**
* @return HTMLPurifier_CSSDefinition
* @return HTMLPurifier_CSSDefinition|null
*/
public function maybeGetRawCSSDefinition()
{
......@@ -663,7 +663,7 @@ class HTMLPurifier_Config
}
/**
* @return HTMLPurifier_URIDefinition
* @return HTMLPurifier_URIDefinition|null
*/
public function maybeGetRawURIDefinition()
{
......
......@@ -159,7 +159,7 @@ class HTMLPurifier_Encoder
$len = strlen($str);
for ($i = 0; $i < $len; $i++) {
$in = ord($str{$i});
$in = ord($str[$i]);
$char .= $str[$i]; // append byte to char
if (0 == $mState) {
// When mState is zero we expect either a US-ASCII character
......
......@@ -132,9 +132,9 @@ class HTMLPurifier_HTMLModule
* @param string $element Name of element to add
* @param string|bool $type What content set should element be registered to?
* Set as false to skip this step.
* @param string $contents Allowed children in form of:
* @param string|HTMLPurifier_ChildDef $contents Allowed children in form of:
* "$content_model_type: $content_model"
* @param array $attr_includes What attribute collections to register to
* @param array|string $attr_includes What attribute collections to register to
* element?
* @param array $attr What unique attributes does the element define?
* @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters.
......
......@@ -96,6 +96,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @bgcolor for table, tr, td, th ---------------------------------
$r['table@bgcolor'] =
$r['tr@bgcolor'] =
$r['td@bgcolor'] =
$r['th@bgcolor'] =
new HTMLPurifier_AttrTransform_BgColor();
......
......@@ -74,7 +74,12 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
}
set_error_handler(array($this, 'muteErrorHandler'));
$doc->loadHTML($html, $options);
// loadHTML() fails on PHP 5.3 when second parameter is given
if ($options) {
$doc->loadHTML($html, $options);
} else {
$doc->loadHTML($html);
}
restore_error_handler();
$body = $doc->getElementsByTagName('html')->item(0)-> // <html>
......
......@@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
$ret .= $this->element('caption', 'Doctype');
$ret .= $this->row('Name', $doctype->name);
$ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
$ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
$ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
$ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
$ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
$ret .= $this->end('table');
return $ret;
}
......
......@@ -75,7 +75,7 @@ class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform
if (isset($attr['size'])) {
// normalize large numbers
if ($attr['size'] !== '') {
if ($attr['size']{0} == '+' || $attr['size']{0} == '-') {
if ($attr['size'][0] == '+' || $attr['size'][0] == '-') {
$size = (int)$attr['size'];
if ($size < -2) {
$attr['size'] = '-2';
......
......@@ -2,7 +2,7 @@ HTMLPurifier in Mahara
======================
Website: http://www.htmlpurifier.org/
Version: 4.11.0
Version: 4.12.0
This library is used by clean_html, to strip malicious HTML from user-generated
content.
......@@ -10,9 +10,19 @@ content.
Changes:
We only use the /library/HTMLPurifier folder from the download, however the configuration change below requires a script that depends on some other code to be run, so for a start grab /extras, /library and /maintenence from the download.
* Add the configuration directive Filter.ExtractStyleBlocks.PreserveCSS to allow the comments while cleaning CSS (commit: 859478ef6e3f05dbdedb0df0d1d2a922bdc16b0e)
Note the change to clean_css in HTMLPurifier/Filter/ExtractStyleBlocks.php
Run /maintenence/generate-schema-cache.php to update HTMLPurifier/ConfigSchema/schema.ser
Once that file is updated, you can delete /maintenence, /extras and everything except the HTMLPurifier folder from /library
Steps to update:
- Download latest .zip file and extract somewhere locally (not in mahara directory)
* Altered SafeIframe.php so that an HTTPS site will rewrite HTTP iframes to protocol-relative
- Add the change to HTMLPurifier/Filter/ExtractStyleBlocks.php (from commit: a485b22c302f862e1bfd4254320a837418c24511)
Add in the HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.PreserveCSS.txt
Allows CSS comments to not be stripped out.
Used in custom skins.
- Add the change to HTMLPurifier/URIFilter/SafeIframe.php (from commit: f11abcae0b426b1eb5023f8fc21b0f9a1a9dcb4b)
To allow protocol relative urls
Prevents HTTP iframes on HTTPS sites
- Go into maintenence/generate-schema-cache.php directory and run
php generate-schema-cache.php
- Copy all the content from library/ to htdocs/lib/htmlpurifier/
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment