PageRenderTime 44ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/common/libraries/plugin/htmlpurifier/library/HTMLPurifier/HTMLModuleManager.php

https://bitbucket.org/chamilo/chamilo-dev/
PHP | 417 lines | 240 code | 58 blank | 119 comment | 37 complexity | e038c4d7cf008b8b33e49c88519a7cc5 MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause, LGPL-2.1, LGPL-3.0, GPL-3.0, MIT 
    

  1. <?php

    2. 

  2. 

    3. 

  3. class HTMLPurifier_HTMLModuleManager

    4. 

  4. {

    5. 

  5.     

    6. 

  6.     /**

    7. 

  7.      * Instance of HTMLPurifier_DoctypeRegistry

    8. 

  8.      */

    9. 

  9.     public $doctypes;

    10. 

  10.     

    11. 

  11.     /**

    12. 

  12.      * Instance of current doctype

    13. 

  13.      */

    14. 

  14.     public $doctype;

    15. 

  15.     

    16. 

  16.     /**

    17. 

  17.      * Instance of HTMLPurifier_AttrTypes

    18. 

  18.      */

    19. 

  19.     public $attrTypes;

    20. 

  20.     

    21. 

  21.     /**

    22. 

  22.      * Active instances of modules for the specified doctype are

    23. 

  23.      * indexed, by name, in this array.

    24. 

  24.      */

    25. 

  25.     public $modules = array();

    26. 

  26.     

    27. 

  27.     /**

    28. 

  28.      * Array of recognized HTMLPurifier_Module instances, indexed by

    29. 

  29.      * module's class name. This array is usually lazy loaded, but a

    30. 

  30.      * user can overload a module by pre-emptively registering it.

    31. 

  31.      */

    32. 

  32.     public $registeredModules = array();

    33. 

  33.     

    34. 

  34.     /**

    35. 

  35.      * List of extra modules that were added by the user using addModule().

    36. 

  36.      * These get unconditionally merged into the current doctype, whatever

    37. 

  37.      * it may be.

    38. 

  38.      */

    39. 

  39.     public $userModules = array();

    40. 

  40.     

    41. 

  41.     /**

    42. 

  42.      * Associative array of element name to list of modules that have

    43. 

  43.      * definitions for the element; this array is dynamically filled.

    44. 

  44.      */

    45. 

  45.     public $elementLookup = array();

    46. 

  46.     

    47. 

  47.     /** List of prefixes we should use for registering small names */

    48. 

  48.     public $prefixes = array('HTMLPurifier_HTMLModule_');

    49. 

  49.     

    50. 

  50.     public $contentSets;

    51. 

  51.     /**< Instance of HTMLPurifier_ContentSets */

    52. 

  52.     public $attrCollections;

    53. 

  53.     /**< Instance of HTMLPurifier_AttrCollections */

    54. 

  54.     

    55. 

  55.     /** If set to true, unsafe elements and attributes will be allowed */

    56. 

  56.     public $trusted = false;

    57. 

  57. 

    58. 

  58.     public function __construct()

    59. 

  59.     {

    60. 

  60.         

    61. 

  61.         // editable internal objects

    62. 

  62.         $this->attrTypes = new HTMLPurifier_AttrTypes();

    63. 

  63.         $this->doctypes = new HTMLPurifier_DoctypeRegistry();

    64. 

  64.         

    65. 

  65.         // setup basic modules

    66. 

  66.         $common = array('CommonAttributes', 'Text', 'Hypertext', 'List', 'Presentation', 'Edit', 'Bdo', 

    67. 

  67.                 'Tables', 'Image', 'StyleAttribute', // Unsafe:

    68. 

  68.                 'Scripting', 'Object', 'Forms', // Sorta legacy, but present in strict:

    69. 

  69.                 'Name');

    70. 

  70.         $transitional = array('Legacy', 'Target');

    71. 

  71.         $xml = array('XMLCommonAttributes');

    72. 

  72.         $non_xml = array('NonXMLCommonAttributes');

    73. 

  73.         

    74. 

  74.         // setup basic doctypes

    75. 

  75.         $this->doctypes->register('HTML 4.01 Transitional', false, array_merge($common, $transitional, $non_xml), array(

    76. 

  76.                 'Tidy_Transitional', 'Tidy_Proprietary'), array(), '-//W3C//DTD HTML 4.01 Transitional//EN', 'http://www.w3.org/TR/html4/loose.dtd');

    77. 

  77.         

    78. 

  78.         $this->doctypes->register('HTML 4.01 Strict', false, array_merge($common, $non_xml), array('Tidy_Strict', 

    79. 

  79.                 'Tidy_Proprietary', 'Tidy_Name'), array(), '-//W3C//DTD HTML 4.01//EN', 'http://www.w3.org/TR/html4/strict.dtd');

    80. 

  80.         

    81. 

  81.         $this->doctypes->register('XHTML 1.0 Transitional', true, array_merge($common, $transitional, $xml, $non_xml), array(

    82. 

  82.                 'Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Name'), array(), '-//W3C//DTD XHTML 1.0 Transitional//EN', 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd');

    83. 

  83.         

    84. 

  84.         $this->doctypes->register('XHTML 1.0 Strict', true, array_merge($common, $xml, $non_xml), array('Tidy_Strict', 

    85. 

  85.                 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'), array(), '-//W3C//DTD XHTML 1.0 Strict//EN', 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd');

    86. 

  86.         

    87. 

  87.         $this->doctypes->register('XHTML 1.1', true, array_merge($common, $xml, array('Ruby')), array('Tidy_Strict', 

    88. 

  88.                 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict', 'Tidy_Name'), // Tidy_XHTML1_1

    89. 

  89. array(), '-//W3C//DTD XHTML 1.1//EN', 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd');

    90. 

  90.     

    91. 

  91.     }

    92. 

  92. 

    93. 

  93.     /**

    94. 

  94.      * Registers a module to the recognized module list, useful for

    95. 

  95.      * overloading pre-existing modules.

    96. 

  96.      * @param $module Mixed: string module name, with or without

    97. 

  97.      * HTMLPurifier_HTMLModule prefix, or instance of

    98. 

  98.      * subclass of HTMLPurifier_HTMLModule.

    99. 

  99.      * @param $overload Boolean whether or not to overload previous modules.

    100. 

  100.      * If this is not set, and you do overload a module,

    101. 

  101.      * HTML Purifier will complain with a warning.

    102. 

  102.      * @note This function will not call autoload, you must instantiate

    103. 

  103.      * (and thus invoke) autoload outside the method.

    104. 

  104.      * @note If a string is passed as a module name, different variants

    105. 

  105.      * will be tested in this order:

    106. 

  106.      * - Check for HTMLPurifier_HTMLModule_$name

    107. 

  107.      * - Check all prefixes with $name in order they were added

    108. 

  108.      * - Check for literal object name

    109. 

  109.      * - Throw fatal error

    110. 

  110.      * If your object name collides with an internal class, specify

    111. 

  111.      * your module manually. All modules must have been included

    112. 

  112.      * externally: registerModule will not perform inclusions for you!

    113. 

  113.      */

    114. 

  114.     public function registerModule($module, $overload = false)

    115. 

  115.     {

    116. 

  116.         if (is_string($module))

    117. 

  117.         {

    118. 

  118.             // attempt to load the module

    119. 

  119.             $original_module = $module;

    120. 

  120.             $ok = false;

    121. 

  121.             foreach ($this->prefixes as $prefix)

    122. 

  122.             {

    123. 

  123.                 $module = $prefix . $original_module;

    124. 

  124.                 if (class_exists($module))

    125. 

  125.                 {

    126. 

  126.                     $ok = true;

    127. 

  127.                     break;

    128. 

  128.                 }

    129. 

  129.             }

    130. 

  130.             if (! $ok)

    131. 

  131.             {

    132. 

  132.                 $module = $original_module;

    133. 

  133.                 if (! class_exists($module))

    134. 

  134.                 {

    135. 

  135.                     trigger_error($original_module . ' module does not exist', E_USER_ERROR);

    136. 

  136.                     return;

    137. 

  137.                 }

    138. 

  138.             }

    139. 

  139.             $module = new $module();

    140. 

  140.         }

    141. 

  141.         if (empty($module->name))

    142. 

  142.         {

    143. 

  143.             trigger_error('Module instance of ' . get_class($module) . ' must have name');

    144. 

  144.             return;

    145. 

  145.         }

    146. 

  146.         if (! $overload && isset($this->registeredModules[$module->name]))

    147. 

  147.         {

    148. 

  148.             trigger_error('Overloading ' . $module->name . ' without explicit overload parameter', E_USER_WARNING);

    149. 

  149.         }

    150. 

  150.         $this->registeredModules[$module->name] = $module;

    151. 

  151.     }

    152. 

  152. 

    153. 

  153.     /**

    154. 

  154.      * Adds a module to the current doctype by first registering it,

    155. 

  155.      * and then tacking it on to the active doctype

    156. 

  156.      */

    157. 

  157.     public function addModule($module)

    158. 

  158.     {

    159. 

  159.         $this->registerModule($module);

    160. 

  160.         if (is_object($module))

    161. 

  161.             $module = $module->name;

    162. 

  162.         $this->userModules[] = $module;

    163. 

  163.     }

    164. 

  164. 

    165. 

  165.     /**

    166. 

  166.      * Adds a class prefix that registerModule() will use to resolve a

    167. 

  167.      * string name to a concrete class

    168. 

  168.      */

    169. 

  169.     public function addPrefix($prefix)

    170. 

  170.     {

    171. 

  171.         $this->prefixes[] = $prefix;

    172. 

  172.     }

    173. 

  173. 

    174. 

  174.     /**

    175. 

  175.      * Performs processing on modules, after being called you may

    176. 

  176.      * use getElement() and getElements()

    177. 

  177.      * @param $config Instance of HTMLPurifier_Config

    178. 

  178.      */

    179. 

  179.     public function setup($config)

    180. 

  180.     {

    181. 

  181.         

    182. 

  182.         $this->trusted = $config->get('HTML.Trusted');

    183. 

  183.         

    184. 

  184.         // generate

    185. 

  185.         $this->doctype = $this->doctypes->make($config);

    186. 

  186.         $modules = $this->doctype->modules;

    187. 

  187.         

    188. 

  188.         // take out the default modules that aren't allowed

    189. 

  189.         $lookup = $config->get('HTML.AllowedModules');

    190. 

  190.         $special_cases = $config->get('HTML.CoreModules');

    191. 

  191.         

    192. 

  192.         if (is_array($lookup))

    193. 

  193.         {

    194. 

  194.             foreach ($modules as $k => $m)

    195. 

  195.             {

    196. 

  196.                 if (isset($special_cases[$m]))

    197. 

  197.                     continue;

    198. 

  198.                 if (! isset($lookup[$m]))

    199. 

  199.                     unset($modules[$k]);

    200. 

  200.             }

    201. 

  201.         }

    202. 

  202.         

    203. 

  203.         // custom modules

    204. 

  204.         if ($config->get('HTML.Proprietary'))

    205. 

  205.         {

    206. 

  206.             $modules[] = 'Proprietary';

    207. 

  207.         }

    208. 

  208.         if ($config->get('HTML.SafeObject'))

    209. 

  209.         {

    210. 

  210.             $modules[] = 'SafeObject';

    211. 

  211.         }

    212. 

  212.         if ($config->get('HTML.SafeEmbed'))

    213. 

  213.         {

    214. 

  214.             $modules[] = 'SafeEmbed';

    215. 

  215.         }

    216. 

  216.         if ($config->get('HTML.Nofollow'))

    217. 

  217.         {

    218. 

  218.             $modules[] = 'Nofollow';

    219. 

  219.         }

    220. 

  220.         

    221. 

  221.         // merge in custom modules

    222. 

  222.         $modules = array_merge($modules, $this->userModules);

    223. 

  223.         

    224. 

  224.         foreach ($modules as $module)

    225. 

  225.         {

    226. 

  226.             $this->processModule($module);

    227. 

  227.             $this->modules[$module]->setup($config);

    228. 

  228.         }

    229. 

  229.         

    230. 

  230.         foreach ($this->doctype->tidyModules as $module)

    231. 

  231.         {

    232. 

  232.             $this->processModule($module);

    233. 

  233.             $this->modules[$module]->setup($config);

    234. 

  234.         }

    235. 

  235.         

    236. 

  236.         // prepare any injectors

    237. 

  237.         foreach ($this->modules as $module)

    238. 

  238.         {

    239. 

  239.             $n = array();

    240. 

  240.             foreach ($module->info_injector as $i => $injector)

    241. 

  241.             {

    242. 

  242.                 if (! is_object($injector))

    243. 

  243.                 {

    244. 

  244.                     $class = "HTMLPurifier_Injector_$injector";

    245. 

  245.                     $injector = new $class();

    246. 

  246.                 }

    247. 

  247.                 $n[$injector->name] = $injector;

    248. 

  248.             }

    249. 

  249.             $module->info_injector = $n;

    250. 

  250.         }

    251. 

  251.         

    252. 

  252.         // setup lookup table based on all valid modules

    253. 

  253.         foreach ($this->modules as $module)

    254. 

  254.         {

    255. 

  255.             foreach ($module->info as $name => $def)

    256. 

  256.             {

    257. 

  257.                 if (! isset($this->elementLookup[$name]))

    258. 

  258.                 {

    259. 

  259.                     $this->elementLookup[$name] = array();

    260. 

  260.                 }

    261. 

  261.                 $this->elementLookup[$name][] = $module->name;

    262. 

  262.             }

    263. 

  263.         }

    264. 

  264.         

    265. 

  265.         // note the different choice

    266. 

  266.         $this->contentSets = new HTMLPurifier_ContentSets(// content set assembly deals with all possible modules,

    267. 

  267.         // not just ones deemed to be "safe"

    268. 

  268.         $this->modules);

    269. 

  269.         $this->attrCollections = new HTMLPurifier_AttrCollections($this->attrTypes, // there is no way to directly disable a global attribute,

    270. 

  270.         // but using AllowedAttributes or simply not including

    271. 

  271.         // the module in your custom doctype should be sufficient

    272. 

  272.         $this->modules);

    273. 

  273.     }

    274. 

  274. 

    275. 

  275.     /**

    276. 

  276.      * Takes a module and adds it to the active module collection,

    277. 

  277.      * registering it if necessary.

    278. 

  278.      */

    279. 

  279.     public function processModule($module)

    280. 

  280.     {

    281. 

  281.         if (! isset($this->registeredModules[$module]) || is_object($module))

    282. 

  282.         {

    283. 

  283.             $this->registerModule($module);

    284. 

  284.         }

    285. 

  285.         $this->modules[$module] = $this->registeredModules[$module];

    286. 

  286.     }

    287. 

  287. 

    288. 

  288.     /**

    289. 

  289.      * Retrieves merged element definitions.

    290. 

  290.      * @return Array of HTMLPurifier_ElementDef

    291. 

  291.      */

    292. 

  292.     public function getElements()

    293. 

  293.     {

    294. 

  294.         

    295. 

  295.         $elements = array();

    296. 

  296.         foreach ($this->modules as $module)

    297. 

  297.         {

    298. 

  298.             if (! $this->trusted && ! $module->safe)

    299. 

  299.                 continue;

    300. 

  300.             foreach ($module->info as $name => $v)

    301. 

  301.             {

    302. 

  302.                 if (isset($elements[$name]))

    303. 

  303.                     continue;

    304. 

  304.                 $elements[$name] = $this->getElement($name);

    305. 

  305.             }

    306. 

  306.         }

    307. 

  307.         

    308. 

  308.         // remove dud elements, this happens when an element that

    309. 

  309.         // appeared to be safe actually wasn't

    310. 

  310.         foreach ($elements as $n => $v)

    311. 

  311.         {

    312. 

  312.             if ($v === false)

    313. 

  313.                 unset($elements[$n]);

    314. 

  314.         }

    315. 

  315.         

    316. 

  316.         return $elements;

    317. 

  317.     

    318. 

  318.     }

    319. 

  319. 

    320. 

  320.     /**

    321. 

  321.      * Retrieves a single merged element definition

    322. 

  322.      * @param $name Name of element

    323. 

  323.      * @param $trusted Boolean trusted overriding parameter: set to true

    324. 

  324.      * if you want the full version of an element

    325. 

  325.      * @return Merged HTMLPurifier_ElementDef

    326. 

  326.      * @note You may notice that modules are getting iterated over twice (once

    327. 

  327.      * in getElements() and once here). This

    328. 

  328.      * is because

    329. 

  329.      */

    330. 

  330.     public function getElement($name, $trusted = null)

    331. 

  331.     {

    332. 

  332.         

    333. 

  333.         if (! isset($this->elementLookup[$name]))

    334. 

  334.         {

    335. 

  335.             return false;

    336. 

  336.         }

    337. 

  337.         

    338. 

  338.         // setup global state variables

    339. 

  339.         $def = false;

    340. 

  340.         if ($trusted === null)

    341. 

  341.             $trusted = $this->trusted;

    342. 

  342.         

    343. 

  343.      // iterate through each module that has registered itself to this

    344. 

  344.         // element

    345. 

  345.         foreach ($this->elementLookup[$name] as $module_name)

    346. 

  346.         {

    347. 

  347.             

    348. 

  348.             $module = $this->modules[$module_name];

    349. 

  349.             

    350. 

  350.             // refuse to create/merge from a module that is deemed unsafe--

    351. 

  351.             // pretend the module doesn't exist--when trusted mode is not on.

    352. 

  352.             if (! $trusted && ! $module->safe)

    353. 

  353.             {

    354. 

  354.                 continue;

    355. 

  355.             }

    356. 

  356.             

    357. 

  357.             // clone is used because, ideally speaking, the original

    358. 

  358.             // definition should not be modified. Usually, this will

    359. 

  359.             // make no difference, but for consistency's sake

    360. 

  360.             $new_def = clone $module->info[$name];

    361. 

  361.             

    362. 

  362.             if (! $def && $new_def->standalone)

    363. 

  363.             {

    364. 

  364.                 $def = $new_def;

    365. 

  365.             }

    366. 

  366.             elseif ($def)

    367. 

  367.             {

    368. 

  368.                 // This will occur even if $new_def is standalone. In practice,

    369. 

  369.                 // this will usually result in a full replacement.

    370. 

  370.                 $def->mergeIn($new_def);

    371. 

  371.             }

    372. 

  372.             else

    373. 

  373.             {

    374. 

  374.                 // :TODO:

    375. 

  375.                 // non-standalone definitions that don't have a standalone

    376. 

  376.                 // to merge into could be deferred to the end

    377. 

  377.                 continue;

    378. 

  378.             }

    379. 

  379.             

    380. 

  380.             // attribute value expansions

    381. 

  381.             $this->attrCollections->performInclusions($def->attr);

    382. 

  382.             $this->attrCollections->expandIdentifiers($def->attr, $this->attrTypes);

    383. 

  383.             

    384. 

  384.             // descendants_are_inline, for ChildDef_Chameleon

    385. 

  385.             if (is_string($def->content_model) && strpos($def->content_model, 'Inline') !== false)

    386. 

  386.             {

    387. 

  387.                 if ($name != 'del' && $name != 'ins')

    388. 

  388.                 {

    389. 

  389.                     // this is for you, ins/del

    390. 

  390.                     $def->descendants_are_inline = true;

    391. 

  391.                 }

    392. 

  392.             }

    393. 

  393.             

    394. 

  394.             $this->contentSets->generateChildDef($def, $module);

    395. 

  395.         }

    396. 

  396.         

    397. 

  397.         // This can occur if there is a blank definition, but no base to

    398. 

  398.         // mix it in with

    399. 

  399.         if (! $def)

    400. 

  400.             return false;

    401. 

  401.         

    402. 

  402.      // add information on required attributes

    403. 

  403.         foreach ($def->attr as $attr_name => $attr_def)

    404. 

  404.         {

    405. 

  405.             if ($attr_def->required)

    406. 

  406.             {

    407. 

  407.                 $def->required_attr[] = $attr_name;

    408. 

  408.             }

    409. 

  409.         }

    410. 

  410.         

    411. 

  411.         return $def;

    412. 

  412.     

    413. 

  413.     }

    414. 

  414. 

    415. 

  415. }

    416. 

  416. 

    417. 

  417. // vim: et sw=4 sts=4

    418. 

  418.