Updated htmLawed to v1.2.4.2

Geeklog-Core · Aug 18, 2019 · 4afe012 · 4afe012
1 parent 6a68441
commit 4afe012
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 32 deletions.
diff --git a/system/classes/gltext.class.php b/system/classes/gltext.class.php
@@ -8,7 +8,7 @@
 // |                                                                           |
 // | Geeklog Text Abstraction.                                                 |
 // +---------------------------------------------------------------------------+
-// | Copyright (C) 2006-2013 by the following authors:                         |
+// | Copyright (C) 2006-2019 by the following authors:                         |
 // |                                                                           |
 // | Authors: Michael Jervis, mike AT fuckingbrit DOT com                      |
 // +---------------------------------------------------------------------------+
@@ -150,7 +150,7 @@ public static function getDisplayText($text, $postMode, $version, $type = NULL,
     /**
      * Apply HTML filter to the text
      *
-     * @param   string $text        Text to prepare for store to databese
+     * @param   string $text        Text to prepare for store to database
      * @param   string $postMode    Indicates if text is html, adveditor, wikitext or plaintext
      * @param   string $permissions comma-separated list of rights which identify the current user as an "Admin"
      * @param   int    $version     version of GLText engine
@@ -199,7 +199,7 @@ public static function applyHTMLFilter($text, $postMode, $permissions, $version)
     /**
      * Returns text ready for preview.
      *
-     * @param   string $text        Text to prepare for store to databese
+     * @param   string $text        Text to prepare for store to database
      * @param   string $postMode    Indicates if text is html, adveditor, wikitext or plaintext
      * @param   string $permissions comma-separated list of rights which identify the current user as an "Admin"
      * @param   int    $version     version of GLText engine
@@ -226,7 +226,7 @@ public static function getPreviewText($text, $postMode, $permissions, $version,
      */
     public static function checkHTML($str, $permissions = 'story.edit')
     {
-        global $_CONF, $_USER;
+        global $_CONF;
 
         //        $str = COM_stripslashes($str); // it should not be here
 
@@ -294,34 +294,47 @@ private static function _htmLawed($str, $permissions)
     {
         global $_CONF, $_USER;
 
-        // Sets config options for htmLawed.  See http://www.bioinformatics.org/
-        // phplabware/internal_utilities/htmLawed/htmLawed_README.htm
+        // Sets config options for htmLawed.
+        // See http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm
         $config = array(
-            'balance'        => 1, // Balance tags for well-formedness and proper nesting
-            'comment'        => 3, // Allow HTML comment
-            'css_expression' => 1, // Allow dynamic CSS expression in "style" attributes
-            //            'keep_bad'       => 1, // Neutralize both tags and element content
-            'keep_bad'       => 0, // Neutralize both tags and element content
-            'tidy'           => 0, // Don't beautify or compact HTML code
-            'unique_ids'     => 1, // Remove duplicate and/or invalid ids
-            'valid_xhtml'    => 1, // Magic parameter to make input the most valid XHTML
+            'abs_url'            => 0, // No action
+            'anti_link_spam'     => 0, // No measure taken
+            'anti_mail_spam'     => 0, // No measure taken
+            'balance'            => 1, // Balance tags for well-formedness and proper nesting
+            'cdata'              => 3, // Allow CDATA sections
+            'clean_ms_char'      => 0, // Don't replace discouraged characters introduced by Microsoft Word, etc.
+            'comment'            => 3, // Allow HTML comment
+            'css_expression'     => 1, // Allow dynamic CSS expression in "style" attributes
+            'deny_attribute'     => 0, // No denied HTML attributes
+            'direct_nest_list'   => 0, // Don' allow direct nesting of a list within another without requiring it to be a list item
+            'hexdec_entity'      => 1, // Allow hexadecimal numeric entities
+            'hook'               => 0, // No hook function
+            'hook_tag'           => 0, // No hook function
+            'keep_bad'           => 1, // Neutralize both tags and element content
+            'lc_std_val'         => 1, // Yes
+            'make_tag_strict'    => 0, // No
+            'named_entity'       => 1, // Allow non-universal named HTML entities
+            'no_deprecated_attr' => 1, // Transform deprecated attributes, but name attributes for a and map are retained
+            'safe'               => 0, // No
+            'style_pass'         => 0, // Don't ignore style attribute values
+            'tidy'               => 0, // Don't beautify or compact HTML code
+            'unique_ids'         => 1, // Remove duplicate and/or invalid ids
+            'valid_xhtml'        => 1, // Magic parameter to make input the most valid XHTML
+            'xml:lang'           => 0, // Don't auto-add xml:lang attribute
         );
 
-        if (isset($_CONF['allowed_protocols']) &&
-            is_array($_CONF['allowed_protocols']) &&
+        if (isset($_CONF['allowed_protocols']) && is_array($_CONF['allowed_protocols']) &&
             (count($_CONF['allowed_protocols']) > 0)
         ) {
             $schemes = $_CONF['allowed_protocols'];
         } else {
-            $schemes = array('http:', 'https:', 'ftp:');
+            $schemes = array('http:', 'https:', 'ftp:', 'ftps:');
         }
 
         $schemes = str_replace(':', '', implode(', ', $schemes));
         $config['schemes'] = 'href: ' . $schemes . '; *: ' . $schemes;
 
-        if (empty($permissions) || !SEC_hasRights($permissions) ||
-            empty($_CONF['admin_html'])
-        ) {
+        if (empty($permissions) || !SEC_hasRights($permissions) || empty($_CONF['admin_html'])) {
             $html = $_CONF['user_html'];
         } else {
             if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
@@ -395,7 +408,7 @@ private static function _editUnescape($in, $postMode)
 
         // Raw and code blocks need entity decoding. Other areas do not.
         // otherwise, annoyingly, &lt; will end up as < on preview 1, on
-        // preview 2 it'll be stripped by KSES. Can't beleive I missed that
+        // preview 2 it'll be stripped by KSES. Can't believe I missed that
         // in rewrite phase 1.
         //
         // First, raw
@@ -604,7 +617,7 @@ public static function protectJavascript($text)
                 }
 
                 $part = substr($text, 0, $posEnd);
-                $marker = sprintf(self::SCRIPT_MARKER, self::_getUnqiueStr());
+                $marker = sprintf(self::SCRIPT_MARKER, self::_getUniqueStr());
                 $marker = str_replace('.', '', $marker);
                 $markers[] = array(
                     'text'   => $part,
@@ -654,12 +667,12 @@ public static function stripTags($var)
     }
 
     /**
-     * Generate unqiue string
+     * Generate unique string
      *
      * @param  int  $length length of string to generate
      * @return string
      */
-    private static function _getUnqiueStr($length = 8)
+    private static function _getUniqueStr($length = 8)
     {
         static $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJLKMNOPQRSTUVWXYZ0123456789';
         $str = '';

diff --git a/system/classes/htmLawed/htmLawed.php b/system/classes/htmLawed/htmLawed.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-htmLawed 1.2.4.1, 12 September 2017
+htmLawed 1.2.4.2, 16 May 2019
 Copyright Santosh Patnaik
 Dual licensed with LGPL 3 and GPL 2+
 A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed
@@ -43,7 +43,7 @@ function htmLawed($t, $C=1, $S=array()){
 // config URLs
 $x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, tel, telnet'. (empty($C['safe']) ? ', app, javascript; *: data, javascript, ' : '; *:'). 'file, http, https';
 $C['schemes'] = array();
-foreach(explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v){
+foreach(explode(';', trim(str_replace(array(' ', "\t", "\r", "\n"), '', $x), ';')) as $v){
  $x = $x2 = null; list($x, $x2) = explode(':', $v, 2);
  if($x2){$C['schemes'][$x] = array_flip(explode(',', $x2));}
 }
@@ -725,5 +725,5 @@ function hl_tidy($t, $w, $p){
 
 function hl_version(){
 // version
-return '1.2.4.1';
+return '1.2.4.2';
 }
diff --git a/system/classes/htmLawed/htmLawed_README.htm b/system/classes/htmLawed/htmLawed_README.htm
@@ -111,8 +111,8 @@ <h1><a id="peak" name="peak"></a>htmLawed documentation</h1>
 
 <div id="body">
 <br />
-<div class="comment">htmLawed_README.txt, 21 January 2019<br />
-htmLawed 1.2.4.1, 12 September 2017<br />
+<div class="comment">htmLawed_README.txt, 16 May 2019<br />
+htmLawed 1.2.4.2, 16 May 2019<br />
 Copyright Santosh Patnaik<br />
 Dual licensed with LGPL 3 and GPL 2+<br />
 A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a>&#160;</div>
@@ -1827,6 +1827,8 @@ <h1><a id="peak" name="peak"></a>htmLawed documentation</h1>
 <br />
 &#160; <em>Version number - Release date. Notes</em><br />
 <br />
+&#160; 1.2.4.2 - 16 May 2019. Corrects a PHP notice if a semi-colon is present in <span class="term">$config["schemes"]</span><br />
+<br />
 &#160; 1.2.4.1 - 12 September 2017. Corrects a function re-declaration bug introduced in version 1.2.4<br />
 <br />
 &#160; 1.2.4 - 31 August 2017. Removes use of PHP <span class="term">create_function</span>&#160;function and <span class="term">$php_errormsg</span>&#160;reserved variable (deprecated in PHP 7.2)<br />
@@ -2278,7 +2280,7 @@ <h1><a id="peak" name="peak"></a>htmLawed documentation</h1>
 </div>
 </div>
 <br />
-<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 22 Jan, 2019 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span>
+<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 16 May, 2019 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span>
 </div><!-- ended div body -->
 </div><!-- ended div top -->
 </body>

diff --git a/system/classes/htmLawed/htmLawed_README.txt b/system/classes/htmLawed/htmLawed_README.txt
@@ -1,6 +1,6 @@
 /*
-htmLawed_README.txt, 21 January 2019
-htmLawed 1.2.4.1, 12 September 2017
+htmLawed_README.txt, 16 May 2019
+htmLawed 1.2.4.2, 16 May 2019
 Copyright Santosh Patnaik
 Dual licensed with LGPL 3 and GPL 2+
 A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
@@ -1370,6 +1370,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
 
   `Version number - Release date. Notes`
 
+  1.2.4.2 - 16 May 2019. Corrects a PHP notice if a semi-colon is present in '$config["schemes"]' 
+
   1.2.4.1 - 12 September 2017. Corrects a function re-declaration bug introduced in version 1.2.4
 
   1.2.4 - 31 August 2017. Removes use of PHP 'create_function' function and '$php_errormsg' reserved variable (deprecated in PHP 7.2)