BenoitCier
/
Opendistrib
複製自 Laclic/Souke
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
316 提交
2 分支
目錄樹: 095d1cd221
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '095d1cd221'
${ noResults }
Opendistrib/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModuleManager.php

465 line
15KB
原始文件 Blame 歷史記錄 

  1. <?php

  2. 

  3. class HTMLPurifier_HTMLModuleManager

  4. {

  5. 

  6.     /**

  7.      * @type HTMLPurifier_DoctypeRegistry

  8.      */

  9.     public $doctypes;

  10. 

  11.     /**

  12.      * Instance of current doctype.

  13.      * @type string

  14.      */

  15.     public $doctype;

  16. 

  17.     /**

  18.      * @type HTMLPurifier_AttrTypes

  19.      */

  20.     public $attrTypes;

  21. 

  22.     /**

  23.      * Active instances of modules for the specified doctype are

  24.      * indexed, by name, in this array.

  25.      * @type HTMLPurifier_HTMLModule[]

  26.      */

  27.     public $modules = array();

  28. 

  29.     /**

  30.      * Array of recognized HTMLPurifier_HTMLModule instances,

  31.      * indexed by module's class name. This array is usually lazy loaded, but a

  32.      * user can overload a module by pre-emptively registering it.

  33.      * @type HTMLPurifier_HTMLModule[]

  34.      */

  35.     public $registeredModules = array();

  36. 

  37.     /**

  38.      * List of extra modules that were added by the user

  39.      * using addModule(). These get unconditionally merged into the current doctype, whatever

  40.      * it may be.

  41.      * @type HTMLPurifier_HTMLModule[]

  42.      */

  43.     public $userModules = array();

  44. 

  45.     /**

  46.      * Associative array of element name to list of modules that have

  47.      * definitions for the element; this array is dynamically filled.

  48.      * @type array

  49.      */

  50.     public $elementLookup = array();

  51. 

  52.     /**

  53.      * List of prefixes we should use for registering small names.

  54.      * @type array

  55.      */

  56.     public $prefixes = array('HTMLPurifier_HTMLModule_');

  57. 

  58.     /**

  59.      * @type HTMLPurifier_ContentSets

  60.      */

  61.     public $contentSets;

  62. 

  63.     /**

  64.      * @type HTMLPurifier_AttrCollections

  65.      */

  66.     public $attrCollections;

  67. 

  68.     /**

  69.      * If set to true, unsafe elements and attributes will be allowed.

  70.      * @type bool

  71.      */

  72.     public $trusted = false;

  73. 

  74.     public function __construct()

  75.     {

  76.         // editable internal objects

  77.         $this->attrTypes = new HTMLPurifier_AttrTypes();

  78.         $this->doctypes  = new HTMLPurifier_DoctypeRegistry();

  79. 

  80.         // setup basic modules

  81.         $common = array(

  82.             'CommonAttributes', 'Text', 'Hypertext', 'List',

  83.             'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',

  84.             'StyleAttribute',

  85.             // Unsafe:

  86.             'Scripting', 'Object', 'Forms',

  87.             // Sorta legacy, but present in strict:

  88.             'Name',

  89.         );

  90.         $transitional = array('Legacy', 'Target', 'Iframe');

  91.         $xml = array('XMLCommonAttributes');

  92.         $non_xml = array('NonXMLCommonAttributes');

  93. 

  94.         // setup basic doctypes

  95.         $this->doctypes->register(

  96.             'HTML 4.01 Transitional',

  97.             false,

  98.             array_merge($common, $transitional, $non_xml),

  99.             array('Tidy_Transitional', 'Tidy_Proprietary'),

  100.             array(),

  101.             '-//W3C//DTD HTML 4.01 Transitional//EN',

  102.             'http://www.w3.org/TR/html4/loose.dtd'

  103.         );

  104. 

  105.         $this->doctypes->register(

  106.             'HTML 4.01 Strict',

  107.             false,

  108.             array_merge($common, $non_xml),

  109.             array('Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),

  110.             array(),

  111.             '-//W3C//DTD HTML 4.01//EN',

  112.             'http://www.w3.org/TR/html4/strict.dtd'

  113.         );

  114. 

  115.         $this->doctypes->register(

  116.             'XHTML 1.0 Transitional',

  117.             true,

  118.             array_merge($common, $transitional, $xml, $non_xml),

  119.             array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Name'),

  120.             array(),

  121.             '-//W3C//DTD XHTML 1.0 Transitional//EN',

  122.             'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'

  123.         );

  124. 

  125.         $this->doctypes->register(

  126.             'XHTML 1.0 Strict',

  127.             true,

  128.             array_merge($common, $xml, $non_xml),

  129.             array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),

  130.             array(),

  131.             '-//W3C//DTD XHTML 1.0 Strict//EN',

  132.             'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'

  133.         );

  134. 

  135.         $this->doctypes->register(

  136.             'XHTML 1.1',

  137.             true,

  138.             // Iframe is a real XHTML 1.1 module, despite being

  139.             // "transitional"!

  140.             array_merge($common, $xml, array('Ruby', 'Iframe')),

  141.             array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict', 'Tidy_Name'), // Tidy_XHTML1_1

  142.             array(),

  143.             '-//W3C//DTD XHTML 1.1//EN',

  144.             'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'

  145.         );

  146. 

  147.     }

  148. 

  149.     /**

  150.      * Registers a module to the recognized module list, useful for

  151.      * overloading pre-existing modules.

  152.      * @param $module Mixed: string module name, with or without

  153.      *                HTMLPurifier_HTMLModule prefix, or instance of

  154.      *                subclass of HTMLPurifier_HTMLModule.

  155.      * @param $overload Boolean whether or not to overload previous modules.

  156.      *                  If this is not set, and you do overload a module,

  157.      *                  HTML Purifier will complain with a warning.

  158.      * @note This function will not call autoload, you must instantiate

  159.      *       (and thus invoke) autoload outside the method.

  160.      * @note If a string is passed as a module name, different variants

  161.      *       will be tested in this order:

  162.      *          - Check for HTMLPurifier_HTMLModule_$name

  163.      *          - Check all prefixes with $name in order they were added

  164.      *          - Check for literal object name

  165.      *          - Throw fatal error

  166.      *       If your object name collides with an internal class, specify

  167.      *       your module manually. All modules must have been included

  168.      *       externally: registerModule will not perform inclusions for you!

  169.      */

  170.     public function registerModule($module, $overload = false)

  171.     {

  172.         if (is_string($module)) {

  173.             // attempt to load the module

  174.             $original_module = $module;

  175.             $ok = false;

  176.             foreach ($this->prefixes as $prefix) {

  177.                 $module = $prefix . $original_module;

  178.                 if (class_exists($module)) {

  179.                     $ok = true;

  180.                     break;

  181.                 }

  182.             }

  183.             if (!$ok) {

  184.                 $module = $original_module;

  185.                 if (!class_exists($module)) {

  186.                     trigger_error(

  187.                         $original_module . ' module does not exist',

  188.                         E_USER_ERROR

  189.                     );

  190.                     return;

  191.                 }

  192.             }

  193.             $module = new $module();

  194.         }

  195.         if (empty($module->name)) {

  196.             trigger_error('Module instance of ' . get_class($module) . ' must have name');

  197.             return;

  198.         }

  199.         if (!$overload && isset($this->registeredModules[$module->name])) {

  200.             trigger_error('Overloading ' . $module->name . ' without explicit overload parameter', E_USER_WARNING);

  201.         }

  202.         $this->registeredModules[$module->name] = $module;

  203.     }

  204. 

  205.     /**

  206.      * Adds a module to the current doctype by first registering it,

  207.      * and then tacking it on to the active doctype

  208.      */

  209.     public function addModule($module)

  210.     {

  211.         $this->registerModule($module);

  212.         if (is_object($module)) {

  213.             $module = $module->name;

  214.         }

  215.         $this->userModules[] = $module;

  216.     }

  217. 

  218.     /**

  219.      * Adds a class prefix that registerModule() will use to resolve a

  220.      * string name to a concrete class

  221.      */

  222.     public function addPrefix($prefix)

  223.     {

  224.         $this->prefixes[] = $prefix;

  225.     }

  226. 

  227.     /**

  228.      * Performs processing on modules, after being called you may

  229.      * use getElement() and getElements()

  230.      * @param HTMLPurifier_Config $config

  231.      */

  232.     public function setup($config)

  233.     {

  234.         $this->trusted = $config->get('HTML.Trusted');

  235. 

  236.         // generate

  237.         $this->doctype = $this->doctypes->make($config);

  238.         $modules = $this->doctype->modules;

  239. 

  240.         // take out the default modules that aren't allowed

  241.         $lookup = $config->get('HTML.AllowedModules');

  242.         $special_cases = $config->get('HTML.CoreModules');

  243. 

  244.         if (is_array($lookup)) {

  245.             foreach ($modules as $k => $m) {

  246.                 if (isset($special_cases[$m])) {

  247.                     continue;

  248.                 }

  249.                 if (!isset($lookup[$m])) {

  250.                     unset($modules[$k]);

  251.                 }

  252.             }

  253.         }

  254. 

  255.         // custom modules

  256.         if ($config->get('HTML.Proprietary')) {

  257.             $modules[] = 'Proprietary';

  258.         }

  259.         if ($config->get('HTML.SafeObject')) {

  260.             $modules[] = 'SafeObject';

  261.         }

  262.         if ($config->get('HTML.SafeEmbed')) {

  263.             $modules[] = 'SafeEmbed';

  264.         }

  265.         if ($config->get('HTML.SafeScripting') !== array()) {

  266.             $modules[] = 'SafeScripting';

  267.         }

  268.         if ($config->get('HTML.Nofollow')) {

  269.             $modules[] = 'Nofollow';

  270.         }

  271.         if ($config->get('HTML.TargetBlank')) {

  272.             $modules[] = 'TargetBlank';

  273.         }

  274.         // NB: HTML.TargetNoreferrer must be AFTER HTML.TargetBlank

  275.         // so that its post-attr-transform gets run afterwards.

  276.         if ($config->get('HTML.TargetNoreferrer')) {

  277.             $modules[] = 'TargetNoreferrer';

  278.         }

  279. 

  280.         // merge in custom modules

  281.         $modules = array_merge($modules, $this->userModules);

  282. 

  283.         foreach ($modules as $module) {

  284.             $this->processModule($module);

  285.             $this->modules[$module]->setup($config);

  286.         }

  287. 

  288.         foreach ($this->doctype->tidyModules as $module) {

  289.             $this->processModule($module);

  290.             $this->modules[$module]->setup($config);

  291.         }

  292. 

  293.         // prepare any injectors

  294.         foreach ($this->modules as $module) {

  295.             $n = array();

  296.             foreach ($module->info_injector as $injector) {

  297.                 if (!is_object($injector)) {

  298.                     $class = "HTMLPurifier_Injector_$injector";

  299.                     $injector = new $class;

  300.                 }

  301.                 $n[$injector->name] = $injector;

  302.             }

  303.             $module->info_injector = $n;

  304.         }

  305. 

  306.         // setup lookup table based on all valid modules

  307.         foreach ($this->modules as $module) {

  308.             foreach ($module->info as $name => $def) {

  309.                 if (!isset($this->elementLookup[$name])) {

  310.                     $this->elementLookup[$name] = array();

  311.                 }

  312.                 $this->elementLookup[$name][] = $module->name;

  313.             }

  314.         }

  315. 

  316.         // note the different choice

  317.         $this->contentSets = new HTMLPurifier_ContentSets(

  318.             // content set assembly deals with all possible modules,

  319.             // not just ones deemed to be "safe"

  320.             $this->modules

  321.         );

  322.         $this->attrCollections = new HTMLPurifier_AttrCollections(

  323.             $this->attrTypes,

  324.             // there is no way to directly disable a global attribute,

  325.             // but using AllowedAttributes or simply not including

  326.             // the module in your custom doctype should be sufficient

  327.             $this->modules

  328.         );

  329.     }

  330. 

  331.     /**

  332.      * Takes a module and adds it to the active module collection,

  333.      * registering it if necessary.

  334.      */

  335.     public function processModule($module)

  336.     {

  337.         if (!isset($this->registeredModules[$module]) || is_object($module)) {

  338.             $this->registerModule($module);

  339.         }

  340.         $this->modules[$module] = $this->registeredModules[$module];

  341.     }

  342. 

  343.     /**

  344.      * Retrieves merged element definitions.

  345.      * @return Array of HTMLPurifier_ElementDef

  346.      */

  347.     public function getElements()

  348.     {

  349.         $elements = array();

  350.         foreach ($this->modules as $module) {

  351.             if (!$this->trusted && !$module->safe) {

  352.                 continue;

  353.             }

  354.             foreach ($module->info as $name => $v) {

  355.                 if (isset($elements[$name])) {

  356.                     continue;

  357.                 }

  358.                 $elements[$name] = $this->getElement($name);

  359.             }

  360.         }

  361. 

  362.         // remove dud elements, this happens when an element that

  363.         // appeared to be safe actually wasn't

  364.         foreach ($elements as $n => $v) {

  365.             if ($v === false) {

  366.                 unset($elements[$n]);

  367.             }

  368.         }

  369. 

  370.         return $elements;

  371. 

  372.     }

  373. 

  374.     /**

  375.      * Retrieves a single merged element definition

  376.      * @param string $name Name of element

  377.      * @param bool $trusted Boolean trusted overriding parameter: set to true

  378.      *                 if you want the full version of an element

  379.      * @return HTMLPurifier_ElementDef Merged HTMLPurifier_ElementDef

  380.      * @note You may notice that modules are getting iterated over twice (once

  381.      *       in getElements() and once here). This

  382.      *       is because

  383.      */

  384.     public function getElement($name, $trusted = null)

  385.     {

  386.         if (!isset($this->elementLookup[$name])) {

  387.             return false;

  388.         }

  389. 

  390.         // setup global state variables

  391.         $def = false;

  392.         if ($trusted === null) {

  393.             $trusted = $this->trusted;

  394.         }

  395. 

  396.         // iterate through each module that has registered itself to this

  397.         // element

  398.         foreach ($this->elementLookup[$name] as $module_name) {

  399.             $module = $this->modules[$module_name];

  400. 

  401.             // refuse to create/merge from a module that is deemed unsafe--

  402.             // pretend the module doesn't exist--when trusted mode is not on.

  403.             if (!$trusted && !$module->safe) {

  404.                 continue;

  405.             }

  406. 

  407.             // clone is used because, ideally speaking, the original

  408.             // definition should not be modified. Usually, this will

  409.             // make no difference, but for consistency's sake

  410.             $new_def = clone $module->info[$name];

  411. 

  412.             if (!$def && $new_def->standalone) {

  413.                 $def = $new_def;

  414.             } elseif ($def) {

  415.                 // This will occur even if $new_def is standalone. In practice,

  416.                 // this will usually result in a full replacement.

  417.                 $def->mergeIn($new_def);

  418.             } else {

  419.                 // :TODO:

  420.                 // non-standalone definitions that don't have a standalone

  421.                 // to merge into could be deferred to the end

  422.                 // HOWEVER, it is perfectly valid for a non-standalone

  423.                 // definition to lack a standalone definition, even

  424.                 // after all processing: this allows us to safely

  425.                 // specify extra attributes for elements that may not be

  426.                 // enabled all in one place.  In particular, this might

  427.                 // be the case for trusted elements.  WARNING: care must

  428.                 // be taken that the /extra/ definitions are all safe.

  429.                 continue;

  430.             }

  431. 

  432.             // attribute value expansions

  433.             $this->attrCollections->performInclusions($def->attr);

  434.             $this->attrCollections->expandIdentifiers($def->attr, $this->attrTypes);

  435. 

  436.             // descendants_are_inline, for ChildDef_Chameleon

  437.             if (is_string($def->content_model) &&

  438.                 strpos($def->content_model, 'Inline') !== false) {

  439.                 if ($name != 'del' && $name != 'ins') {

  440.                     // this is for you, ins/del

  441.                     $def->descendants_are_inline = true;

  442.                 }

  443.             }

  444. 

  445.             $this->contentSets->generateChildDef($def, $module);

  446.         }

  447. 

  448.         // This can occur if there is a blank definition, but no base to

  449.         // mix it in with

  450.         if (!$def) {

  451.             return false;

  452.         }

  453. 

  454.         // add information on required attributes

  455.         foreach ($def->attr as $attr_name => $attr_def) {

  456.             if ($attr_def->required) {

  457.                 $def->required_attr[] = $attr_name;

  458.             }

  459.         }

  460.         return $def;

  461.     }

  462. }

  463. 

  464. // vim: et sw=4 sts=4