From 0a14d63eefbf30b361e555434df838e4d357a26d Mon Sep 17 00:00:00 2001 From: mambax7 Date: Sun, 9 Jun 2024 15:03:39 -0400 Subject: [PATCH] HTML Purifier 4.17 --- docs/changelog.250.txt | 3 + .../library/HTMLPurifier.includes.php | 2 +- .../protector/library/HTMLPurifier.php | 6 +- .../HTMLPurifier/AttrDef/CSS/FontFamily.php | 32 +-- .../library/HTMLPurifier/AttrDef/URI/Host.php | 2 +- .../AttrTransform/TargetBlank.php | 6 +- .../library/HTMLPurifier/Bootstrap.php | 37 +-- .../library/HTMLPurifier/CSSDefinition.php | 258 ++++++++++-------- .../protector/library/HTMLPurifier/Config.php | 3 +- .../DefinitionCache/Serializer.php | 11 +- .../HTMLPurifier/DefinitionCacheFactory.php | 2 +- .../Filter/ExtractStyleBlocks.php | 4 + .../library/HTMLPurifier/HTMLModule/Bdo.php | 1 + .../library/HTMLPurifier/HTMLModule/Tidy.php | 5 +- .../HTMLModule/Tidy/XHTMLAndHTML4.php | 1 + .../library/HTMLPurifier/LanguageFactory.php | 2 +- .../protector/library/HTMLPurifier/Lexer.php | 2 +- .../library/HTMLPurifier/Lexer/DOMLex.php | 1 - .../HTMLPurifier/Printer/ConfigForm.php | 5 + .../library/HTMLPurifier/URIScheme/tel.php | 6 +- .../library/HTMLPurifier/UnitConverter.php | 6 +- .../modules/protector/library/VERSION | 2 +- 22 files changed, 200 insertions(+), 197 deletions(-) diff --git a/docs/changelog.250.txt b/docs/changelog.250.txt index 25158ca85..fbe730a25 100644 --- a/docs/changelog.250.txt +++ b/docs/changelog.250.txt @@ -7,6 +7,9 @@ XOOPS 2.5.x Changelog (Language changes: see: /docs/lang_diff.txt) - added in Admin Composer packages info (mamba) - added new Admin theme (ForMuss) +Updated libraries and assets: +- HTML Purifier to 4.17 (mamba) + =================================== 2.5.11 Final 2023/12/24 =================================== diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.includes.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.includes.php index 47ee0133d..77ebf2de7 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.includes.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.includes.php @@ -7,7 +7,7 @@ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * FILE, changes will be overwritten the next time the script is run. * - * @version 4.15.0 + * @version 4.17.0 * * @warning * You must *not* include any other HTML Purifier files before this file, diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.php index ece72090a..b828a2973 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier.php @@ -19,7 +19,7 @@ */ /* - HTML Purifier 4.15.0 - Standards Compliant HTML Filtering + HTML Purifier 4.17.0 - Standards Compliant HTML Filtering Copyright (C) 2006-2008 Edward Z. Yang This library is free software; you can redistribute it and/or @@ -57,12 +57,12 @@ class HTMLPurifier * Version of HTML Purifier. * @type string */ - public $version = '4.15.0'; + public $version = '4.17.0'; /** * Constant with version of HTML Purifier. */ - public const VERSION = '4.15.0'; + public const VERSION = '4.17.0'; /** * Global configuration object. diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/CSS/FontFamily.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/CSS/FontFamily.php index 4ec71b012..85e846220 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/CSS/FontFamily.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/CSS/FontFamily.php @@ -9,23 +9,21 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef public function __construct() { - $this->mask = '_- '; - for ($c = 'a'; $c <= 'z'; $c++) { - $this->mask .= $c; - } - for ($c = 'A'; $c <= 'Z'; $c++) { - $this->mask .= $c; - } - for ($c = '0'; $c <= '9'; $c++) { - $this->mask .= $c; - } // cast-y, but should be fine - // special bytes used by UTF-8 - for ($i = 0x80; $i <= 0xFF; $i++) { - // We don't bother excluding invalid bytes in this range, - // because the our restriction of well-formed UTF-8 will - // prevent these from ever occurring. - $this->mask .= chr($i); - } + // Lowercase letters + $l = range('a', 'z'); + // Uppercase letters + $u = range('A', 'Z'); + // Digits + $d = range('0', '9'); + // Special bytes used by UTF-8 + $b = array_map('chr', range(0x80, 0xFF)); + // All valid characters for the mask + $c = array_merge($l, $u, $d, $b); + // Concatenate all valid characters into a string + // Use '_- ' as an initial value + $this->mask = array_reduce($c, function ($carry, $value) { + return $carry . $value; + }, '_- '); /* PHP's internal strcspn implementation is diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/URI/Host.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/URI/Host.php index 1beeaa5d2..ddc5dfbea 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/URI/Host.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrDef/URI/Host.php @@ -106,7 +106,7 @@ public function validate($string, $config, $context) // If we have Net_IDNA2 support, we can support IRIs by // punycoding them. (This is the most portable thing to do, // since otherwise we have to assume browsers support - } elseif ($config->get('Core.EnableIDNA')) { + } elseif ($config->get('Core.EnableIDNA') && class_exists('Net_IDNA2')) { $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true)); // we need to encode each period separately $parts = explode('.', $string); diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrTransform/TargetBlank.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrTransform/TargetBlank.php index dd63ea89c..cc30ab8c3 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrTransform/TargetBlank.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/AttrTransform/TargetBlank.php @@ -33,7 +33,11 @@ public function transform($attr, $config, $context) // XXX Kind of inefficient $url = $this->parser->parse($attr['href']); - $scheme = $url->getSchemeObj($config, $context); + + // Ignore invalid schemes (e.g. `javascript:`) + if (!($scheme = $url->getSchemeObj($config, $context))) { + return $attr; + } if ($scheme->browsable && !$url->isBenign($config, $context)) { $attr['target'] = '_blank'; diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Bootstrap.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Bootstrap.php index 511387f34..eab8d5533 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Bootstrap.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Bootstrap.php @@ -78,44 +78,11 @@ public static function getPath($class) public static function registerAutoload() { $autoload = array('HTMLPurifier_Bootstrap', 'autoload'); - if (($funcs = spl_autoload_functions()) === false) { + if (spl_autoload_functions() === false) { spl_autoload_register($autoload); - } elseif (function_exists('spl_autoload_unregister')) { - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { + } else { // prepend flag exists, no need for shenanigans spl_autoload_register($autoload, true, true); - } else { - $buggy = version_compare(PHP_VERSION, '5.2.11', '<'); - $compat = version_compare(PHP_VERSION, '5.1.2', '<=') && - version_compare(PHP_VERSION, '5.1.0', '>='); - foreach ($funcs as $func) { - if ($buggy && is_array($func)) { - // :TRICKY: There are some compatibility issues and some - // places where we need to error out - $reflector = new ReflectionMethod($func[0], $func[1]); - if (!$reflector->isStatic()) { - throw new Exception( - 'HTML Purifier autoloader registrar is not compatible - with non-static object methods due to PHP Bug #44144; - Please do not use HTMLPurifier.autoload.php (or any - file that includes this file); instead, place the code: - spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\')) - after your own autoloaders.', - ); - } - // Suprisingly, spl_autoload_register supports the - // Class::staticMethod callback format, although call_user_func doesn't - if ($compat) { - $func = implode('::', $func); - } - } - spl_autoload_unregister($func); - } - spl_autoload_register($autoload); - foreach ($funcs as $func) { - spl_autoload_register($func); - } - } } } } diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/CSSDefinition.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/CSSDefinition.php index ecdccc7cc..06e83a0d2 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/CSSDefinition.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/CSSDefinition.php @@ -12,7 +12,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition * Assoc array of attribute name to definition object. * @type HTMLPurifier_AttrDef[] */ - public $info = array(); + public $info = []; /** * Constructs the info array. The meat of this class. @@ -21,7 +21,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition protected function doSetup($config) { $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum( - array('left', 'right', 'center', 'justify'), + ['left', 'right', 'center', 'justify'], false, ); @@ -30,7 +30,7 @@ protected function doSetup($config) $this->info['border-right-style'] = $this->info['border-left-style'] = $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum( - array( + [ 'none', 'hidden', 'dotted', @@ -41,42 +41,42 @@ protected function doSetup($config) 'ridge', 'inset', 'outset', - ), + ], false, ); $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style); $this->info['clear'] = new HTMLPurifier_AttrDef_Enum( - array('none', 'left', 'right', 'both'), - false, + ['none', 'left', 'right', 'both'], + false ); $this->info['float'] = new HTMLPurifier_AttrDef_Enum( - array('none', 'left', 'right'), - false, + ['none', 'left', 'right'], + false ); $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum( - array('normal', 'italic', 'oblique'), - false, + ['normal', 'italic', 'oblique'], + false ); $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum( - array('normal', 'small-caps'), - false, + ['normal', 'small-caps'], + false ); $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('none')), - new HTMLPurifier_AttrDef_CSS_URI(), - ), + [ + new HTMLPurifier_AttrDef_Enum(['none']), + new HTMLPurifier_AttrDef_CSS_URI() + ] ); $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum( - array('inside', 'outside'), - false, + ['inside', 'outside'], + false ); $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum( - array( + [ 'disc', 'circle', 'square', @@ -85,43 +85,43 @@ protected function doSetup($config) 'upper-roman', 'lower-alpha', 'upper-alpha', - 'none', - ), - false, + 'none' + ], + false ); $this->info['list-style-image'] = $uri_or_none; $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config); $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum( - array('capitalize', 'uppercase', 'lowercase', 'none'), - false, + ['capitalize', 'uppercase', 'lowercase', 'none'], + false ); $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color(); $this->info['background-image'] = $uri_or_none; $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum( - array('repeat', 'repeat-x', 'repeat-y', 'no-repeat'), + ['repeat', 'repeat-x', 'repeat-y', 'no-repeat'] ); $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum( - array('scroll', 'fixed'), + ['scroll', 'fixed'] ); $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); $this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_Enum( - array( + [ 'auto', 'cover', 'contain', 'initial', 'inherit', - ), + ] ), new HTMLPurifier_AttrDef_CSS_Percentage(), - new HTMLPurifier_AttrDef_CSS_Length(), - ), + new HTMLPurifier_AttrDef_CSS_Length() + ] ); $border_color = @@ -130,10 +130,10 @@ protected function doSetup($config) $this->info['border-left-color'] = $this->info['border-right-color'] = $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('transparent')), - new HTMLPurifier_AttrDef_CSS_Color(), - ), + [ + new HTMLPurifier_AttrDef_Enum(['transparent']), + new HTMLPurifier_AttrDef_CSS_Color() + ] ); $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config); @@ -145,32 +145,32 @@ protected function doSetup($config) $this->info['border-bottom-width'] = $this->info['border-left-width'] = $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')), - new HTMLPurifier_AttrDef_CSS_Length('0'), //disallow negative - ), + [ + new HTMLPurifier_AttrDef_Enum(['thin', 'medium', 'thick']), + new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative + ] ); $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width); $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('normal')), - new HTMLPurifier_AttrDef_CSS_Length(), - ), + [ + new HTMLPurifier_AttrDef_Enum(['normal']), + new HTMLPurifier_AttrDef_CSS_Length() + ] ); $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('normal')), - new HTMLPurifier_AttrDef_CSS_Length(), - ), + [ + new HTMLPurifier_AttrDef_Enum(['normal']), + new HTMLPurifier_AttrDef_CSS_Length() + ] ); $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_Enum( - array( + [ 'xx-small', 'x-small', 'small', @@ -179,21 +179,21 @@ protected function doSetup($config) 'x-large', 'xx-large', 'larger', - 'smaller', - ), + 'smaller' + ] ), new HTMLPurifier_AttrDef_CSS_Percentage(), - new HTMLPurifier_AttrDef_CSS_Length(), - ), + new HTMLPurifier_AttrDef_CSS_Length() + ] ); $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( - new HTMLPurifier_AttrDef_Enum(array('normal')), + [ + new HTMLPurifier_AttrDef_Enum(['normal']), new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives new HTMLPurifier_AttrDef_CSS_Length('0'), - new HTMLPurifier_AttrDef_CSS_Percentage(true), - ), + new HTMLPurifier_AttrDef_CSS_Percentage(true) + ] ); $margin = @@ -201,11 +201,11 @@ protected function doSetup($config) $this->info['margin-bottom'] = $this->info['margin-left'] = $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Percentage(), - new HTMLPurifier_AttrDef_Enum(array('auto')), - ), + new HTMLPurifier_AttrDef_Enum(['auto']) + ] ); $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin); @@ -216,41 +216,41 @@ protected function doSetup($config) $this->info['padding-bottom'] = $this->info['padding-left'] = $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0'), - new HTMLPurifier_AttrDef_CSS_Percentage(true), - ), + new HTMLPurifier_AttrDef_CSS_Percentage(true) + ] ); $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding); $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length(), - new HTMLPurifier_AttrDef_CSS_Percentage(), - ), + new HTMLPurifier_AttrDef_CSS_Percentage() + ] ); $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Percentage(true), - new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit')), - ), + new HTMLPurifier_AttrDef_Enum(['auto', 'initial', 'inherit']) + ] ); $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Percentage(true), - new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit')), - ), + new HTMLPurifier_AttrDef_Enum(['initial', 'inherit']) + ] ); $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0'), new HTMLPurifier_AttrDef_CSS_Percentage(true), - new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit')), - ), + new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit']) + ] ); $max = $config->get('CSS.MaxImgLength'); @@ -262,13 +262,13 @@ protected function doSetup($config) 'img', // For img tags: new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0', $max), - new HTMLPurifier_AttrDef_Enum(array('auto')), - ), + new HTMLPurifier_AttrDef_Enum(['auto']) + ] ), // For everyone else: - $trusted_wh, + $trusted_wh ); $this->info['min-width'] = $this->info['min-height'] = @@ -278,13 +278,13 @@ protected function doSetup($config) 'img', // For img tags: new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0', $max), - new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit')), - ), + new HTMLPurifier_AttrDef_Enum(['initial', 'inherit']) + ] ), // For everyone else: - $trusted_min_wh, + $trusted_min_wh ); $this->info['max-width'] = $this->info['max-height'] = @@ -294,22 +294,39 @@ protected function doSetup($config) 'img', // For img tags: new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length('0', $max), - new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit')), - ), + new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit']) + ] ), // For everyone else: - $trusted_max_wh, + $trusted_max_wh ); + // text-decoration and related shorthands $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); + $this->info['text-decoration-line'] = new HTMLPurifier_AttrDef_Enum( + ['none', 'underline', 'overline', 'line-through', 'initial', 'inherit'] + ); + + $this->info['text-decoration-style'] = new HTMLPurifier_AttrDef_Enum( + ['solid', 'double', 'dotted', 'dashed', 'wavy', 'initial', 'inherit'] + ); + + $this->info['text-decoration-color'] = new HTMLPurifier_AttrDef_CSS_Color(); + + $this->info['text-decoration-thickness'] = new HTMLPurifier_AttrDef_CSS_Composite([ + new HTMLPurifier_AttrDef_CSS_Length(), + new HTMLPurifier_AttrDef_CSS_Percentage(), + new HTMLPurifier_AttrDef_Enum(['auto', 'from-font', 'initial', 'inherit']) + ]); + $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily(); // this could use specialized code $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum( - array( + [ 'normal', 'bold', 'bolder', @@ -322,9 +339,9 @@ protected function doSetup($config) '600', '700', '800', - '900', - ), - false, + '900' + ], + false ); // MUST be called after other font properties, as it references @@ -339,21 +356,21 @@ protected function doSetup($config) $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config); $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum( - array('collapse', 'separate'), + ['collapse', 'separate'] ); $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum( - array('top', 'bottom'), + ['top', 'bottom'] ); $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum( - array('auto', 'fixed'), + ['auto', 'fixed'] ); $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_Enum( - array( + [ 'baseline', 'sub', 'super', @@ -361,12 +378,12 @@ protected function doSetup($config) 'text-top', 'middle', 'bottom', - 'text-bottom', - ), + 'text-bottom' + ] ), new HTMLPurifier_AttrDef_CSS_Length(), - new HTMLPurifier_AttrDef_CSS_Percentage(), - ), + new HTMLPurifier_AttrDef_CSS_Percentage() + ] ); $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2); @@ -374,7 +391,7 @@ protected function doSetup($config) // These CSS properties don't work on many browsers, but we live // in THE FUTURE! $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum( - array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line'), + ['nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line'] ); if ($config->get('CSS.Proprietary')) { @@ -421,22 +438,21 @@ protected function doSetupProprietary($config) // more CSS3 $this->info['page-break-after'] = $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum( - array( + [ 'auto', 'always', 'avoid', 'left', - 'right', - ), + 'right' + ] ); - $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid')); + $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(['auto', 'avoid']); $border_radius = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Percentage(true), // disallow negative - new HTMLPurifier_AttrDef_CSS_Length('0'), // disallow negative - ), - ); + new HTMLPurifier_AttrDef_CSS_Length('0') // disallow negative + ]); $this->info['border-top-left-radius'] = $this->info['border-top-right-radius'] = @@ -453,7 +469,7 @@ protected function doSetupProprietary($config) protected function doSetupTricky($config) { $this->info['display'] = new HTMLPurifier_AttrDef_Enum( - array( + [ 'inline', 'block', 'list-item', @@ -471,13 +487,13 @@ protected function doSetupTricky($config) 'table-column', 'table-cell', 'table-caption', - 'none', - ), + 'none' + ] ); $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum( - array('visible', 'hidden', 'collapse'), + ['visible', 'hidden', 'collapse'] ); - $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll')); + $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(['visible', 'hidden', 'auto', 'scroll']); $this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue(); } @@ -487,23 +503,23 @@ protected function doSetupTricky($config) protected function doSetupTrusted($config) { $this->info['position'] = new HTMLPurifier_AttrDef_Enum( - array('static', 'relative', 'absolute', 'fixed'), + ['static', 'relative', 'absolute', 'fixed'] ); $this->info['top'] = $this->info['left'] = $this->info['right'] = $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Percentage(), - new HTMLPurifier_AttrDef_Enum(array('auto')), - ), + new HTMLPurifier_AttrDef_Enum(['auto']), + ] ); $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite( - array( + [ new HTMLPurifier_AttrDef_Integer(), - new HTMLPurifier_AttrDef_Enum(array('auto')), - ), + new HTMLPurifier_AttrDef_Enum(['auto']), + ] ); } diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Config.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Config.php index 09b0a9c1c..7cf12f573 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Config.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Config.php @@ -16,11 +16,12 @@ */ class HTMLPurifier_Config { + /** * HTML Purifier's version * @type string */ - public $version = '4.15.0'; + public $version = '4.17.0'; /** * Whether or not to automatically finalize diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCache/Serializer.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCache/Serializer.php index 31fd152e8..d92c95c2e 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCache/Serializer.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCache/Serializer.php @@ -286,13 +286,14 @@ private function _testPermissions($dir, $chmod) } elseif (filegroup($dir) === posix_getgid()) { $chmod = $chmod | 0070; } else { - // PHP's probably running as nobody, so we'll - // need to give global permissions - $chmod = $chmod | 0777; + // PHP's probably running as nobody, it is + // not obvious how to fix this (777 is probably + // bad if you are multi-user), let the user figure it out + $chmod = null; } trigger_error( - 'Directory ' . $dir . ' not writable, ' . - 'please chmod to ' . decoct($chmod), + 'Directory ' . $dir . ' not writable. ' . + ($chmod === null ? '' : 'Please chmod to ' . decoct($chmod)), E_USER_WARNING, ); } else { diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCacheFactory.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCacheFactory.php index 6b98b12a6..b3f8fe5a5 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCacheFactory.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/DefinitionCacheFactory.php @@ -71,7 +71,7 @@ public function create($type, $config) return $this->caches[$method][$type]; } if (isset($this->implementations[$method]) && - class_exists($class = $this->implementations[$method], false)) { + class_exists($class = $this->implementations[$method])) { $cache = new $class($type); } else { if ($method != 'Serializer') { diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Filter/ExtractStyleBlocks.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Filter/ExtractStyleBlocks.php index 062174602..b34e08381 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Filter/ExtractStyleBlocks.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Filter/ExtractStyleBlocks.php @@ -144,6 +144,7 @@ public function cleanCSS($css, $config, $context) foreach ($this->_tidy->css as $k => $decls) { // $decls are all CSS declarations inside an @ selector $new_decls = array(); + if (is_array($decls)) { foreach ($decls as $selector => $style) { $selector = trim($selector); if ($selector === '') { @@ -313,6 +314,9 @@ public function cleanCSS($css, $config, $context) } } $new_decls[$selector] = $style; + } + } else { + continue; } $new_css[$k] = $new_decls; } diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Bdo.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Bdo.php index bb0a13eab..03c79fe20 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Bdo.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Bdo.php @@ -6,6 +6,7 @@ */ class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule { + /** * @type string */ diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy.php index 50ae3add0..80ca1983a 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy.php @@ -219,7 +219,10 @@ public function getFixType($name) * associative array of fix name to fix implementation. * @return array */ - public function makeFixes() {} + public function makeFixes() + { + return array(); + } } // vim: et sw=4 sts=4 diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php index 6392e2f26..6abb30ba6 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php @@ -2,6 +2,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule_Tidy { + /** * @return array */ diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/LanguageFactory.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/LanguageFactory.php index 2a2eeb67a..47b97b4e3 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/LanguageFactory.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/LanguageFactory.php @@ -108,7 +108,7 @@ public function create($config, $context, $code = false) } else { $class = 'HTMLPurifier_Language_' . $pcode; $file = $this->dir . '/Language/classes/' . $code . '.php'; - if (file_exists($file) || class_exists($class, false)) { + if (file_exists($file) || class_exists($class)) { $lang = new $class($config, $context); } else { // Go fallback diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer.php index 539c42d3b..ad7f4a1d9 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer.php @@ -100,7 +100,7 @@ public static function create($config) break; } - if (class_exists('DOMDocument', false) && + if (class_exists('DOMDocument') && method_exists('DOMDocument', 'loadHTML') && !extension_loaded('domxml') ) { diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer/DOMLex.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer/DOMLex.php index 56e3c32dc..5e65a0a83 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer/DOMLex.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Lexer/DOMLex.php @@ -103,7 +103,6 @@ public function tokenizeHTML($html, $config, $context) * To iterate is human, to recurse divine - L. Peter Deutsch * @param DOMNode $node DOMNode to be tokenized. * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. - * @return HTMLPurifier_Token of node appended to previously passed tokens. */ protected function tokenizeDOM($node, &$tokens, $config) { diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Printer/ConfigForm.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Printer/ConfigForm.php index 60e79d6fb..a54d381c6 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Printer/ConfigForm.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/Printer/ConfigForm.php @@ -31,6 +31,11 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer */ protected $compress = false; + /** + * @var HTMLPurifier_Config + */ + protected $genConfig; + /** * @param string $name Form element name for directives to be stuffed into * @param string $doc_url String documentation URL, will have fragment tagged on diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/URIScheme/tel.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/URIScheme/tel.php index aae601d06..6c9660616 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/URIScheme/tel.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/URIScheme/tel.php @@ -33,13 +33,13 @@ public function doValidate(&$uri, $config, $context) $uri->host = null; $uri->port = null; - // Delete all non-numeric characters, non-x characters + // Delete all non-numeric characters, commas, and non-x characters // from phone number, EXCEPT for a leading plus sign. $uri->path = preg_replace( - '/(?!^\+)[^\dx]/', + '/(?!^\+)[^\dx,]/', '', // Normalize e(x)tension to lower-case - str_replace('X', 'x', $uri->path), + str_replace('X', 'x', rawurldecode($uri->path)) ); return true; diff --git a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/UnitConverter.php b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/UnitConverter.php index c50ecc790..81e7366fc 100644 --- a/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/UnitConverter.php +++ b/htdocs/xoops_lib/modules/protector/library/HTMLPurifier/UnitConverter.php @@ -260,7 +260,7 @@ private function div($s1, $s2, $scale) */ private function round($n, $sigfigs) { - $new_log = (int) floor(log(abs($n), 10)); // Number of digits left of decimal - 1 + $new_log = (int)floor(log(abs((float)$n), 10)); // Number of digits left of decimal - 1 $rp = $sigfigs - $new_log - 1; // Number of decimal places needed $neg = $n < 0 ? '-' : ''; // Negative sign if ($this->bcmath) { @@ -275,7 +275,7 @@ private function round($n, $sigfigs) } return $n; } else { - return $this->scale(round($n, $sigfigs - $new_log - 1), $rp + 1); + return $this->scale(round((float)$n, $sigfigs - $new_log - 1), $rp + 1); } } @@ -299,7 +299,7 @@ private function scale($r, $scale) // Now we return it, truncating the zero that was rounded off. return substr($precise, 0, -1) . str_repeat('0', -$scale + 1); } - return sprintf('%.' . $scale . 'f', (float) $r); + return number_format((float)$r, $scale, '.', ''); } } diff --git a/htdocs/xoops_lib/modules/protector/library/VERSION b/htdocs/xoops_lib/modules/protector/library/VERSION index f029ee574..8643e7227 100644 --- a/htdocs/xoops_lib/modules/protector/library/VERSION +++ b/htdocs/xoops_lib/modules/protector/library/VERSION @@ -1 +1 @@ -4.15.0 \ No newline at end of file +4.17.0 \ No newline at end of file