Merge branch 'master' of git://github.com/gallery/gallery3-contrib
This commit is contained in:
Chad Kieffer
commit
a76be86d5c
|
|
@ -0,0 +1,76 @@
|
|||
<?php defined("SYSPATH") or die("No direct script access.");
|
||||
/**
|
||||
* Gallery - a web based photo album viewer and editor
|
||||
* Copyright (C) 2000-2010 Bharat Mediratta
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or (at
|
||||
* your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
class about_this_album_block_Core {
|
||||
|
||||
static function get_site_list() {
|
||||
return array("aboutthisalbum" => t("About This Album"));
|
||||
}
|
||||
|
||||
static function get($block_id, $theme) {
|
||||
switch ($block_id) {
|
||||
case "aboutthisalbum":
|
||||
$item = $theme->item;
|
||||
if ((!$item) or (!$theme->item->is_album())) {
|
||||
return "";
|
||||
}
|
||||
if ($theme->item->is_album()) {
|
||||
$block = new Block();
|
||||
$block->css_id = "g-about-this-album";
|
||||
$block->content = new View("about_this_album.html");
|
||||
|
||||
if ($theme->item()->id == item::root()->id) {
|
||||
$block->title = t("About this Site");
|
||||
$block->content->album_count = ORM::factory("item")->where("type", "=", "album")->where("id", "<>", 1)->count_all();
|
||||
$block->content->photo_count = ORM::factory("item")->where("type", "=", "photo")->count_all();
|
||||
$block->content->vcount = Database::instance()->query("SELECT SUM({items}.view_count) as c FROM {items} WHERE type=\"photo\"")->current()->c;
|
||||
} Else {
|
||||
$block->title = t("About this Album");
|
||||
$block->content->album_count = $item->descendants_count(array(array("type", "=", "album")));
|
||||
$block->content->photo_count = $item->descendants_count(array(array("type", "=", "photo")));
|
||||
// $block->content->vcount= $theme->item()->view_count;
|
||||
$descds = $item->descendants();
|
||||
$descds_view = 0;
|
||||
foreach ($descds as $descd) {
|
||||
if ($descd->is_photo()) {
|
||||
$descds_view += $descd->view_count;
|
||||
}
|
||||
}
|
||||
$block->content->vcount = $descds_view;
|
||||
if ($item->description) {
|
||||
$block->content->description = html::clean($item->description);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$all_tags = ORM::factory("tag")
|
||||
->join("items_tags", "items_tags.tag_id", "tags.id")
|
||||
->join("items", "items.id", "items_tags.item_id", "LEFT")
|
||||
->where("items.parent_id", "=", $item->id)
|
||||
->order_by("tags.id", "ASC")
|
||||
->find_all();
|
||||
if (count($all_tags) > 0) {
|
||||
$block->content->all_tags = $all_tags;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
return $block;
|
||||
}
|
||||
}
|
||||
3
3.0/modules/about_this_album/module.info
Normal file
3
3.0/modules/about_this_album/module.info
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
name = "About this Album"
|
||||
description = "Show some simple, specific and useful info about a given album"
|
||||
version = 1
|
||||
68
3.0/modules/about_this_album/views/about_this_album.html.php
Normal file
68
3.0/modules/about_this_album/views/about_this_album.html.php
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
<?php defined("SYSPATH") or die("No direct script access.") ?>
|
||||
<? date_default_timezone_set('Australia/ACT'); ?>
|
||||
<div class="g-metadata">
|
||||
<span class="g-about-this">
|
||||
<table cellspacing="0" cellpadding="0" border="0">
|
||||
<? if ($album_count > 0): ?>
|
||||
<tr>
|
||||
<td><strong class="caption"><?= t("Albums: ") ?></strong></td>
|
||||
<td><?= $album_count ?></td>
|
||||
</tr>
|
||||
<? endif ?>
|
||||
<tr>
|
||||
<td><strong class="caption"><?= t("Images: ") ?></strong></td>
|
||||
<td><?= $photo_count ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong class="caption"><?= t("Views: ") ?></strong></td>
|
||||
<td><?= $vcount ?></td>
|
||||
</tr>
|
||||
</table>
|
||||
<span >
|
||||
|
||||
<!--This Div will insert a margin either side of the desciption if there are tags to display-->
|
||||
<? if (count($all_tags) > 0): ?>
|
||||
<div style="margin-top: 10px; margin-bottom: 10px;">
|
||||
<? endif ?>
|
||||
|
||||
<? if ($description <> ""): ?>
|
||||
<strong class="caption"><?= t("Details: ") ?></strong>
|
||||
<?= $description ?>
|
||||
</span ><br>
|
||||
<? endif ?>
|
||||
|
||||
<? if (count($all_tags) > 0): ?>
|
||||
</div>
|
||||
<span >
|
||||
<strong class=="caption"><?= t("Tags: ") ?></strong>
|
||||
</span >
|
||||
<?
|
||||
// Create an array to store the tag names and urls in.
|
||||
$display_tags = array();
|
||||
|
||||
// Loop through all tags in the album, copying their
|
||||
// names and urls into the array and skipping duplicates.
|
||||
$last_tagid = "";
|
||||
foreach ($all_tags as $one_tag) {
|
||||
if ($last_tagid != $one_tag->id) {
|
||||
$tag = ORM::factory("tag", $one_tag->id);
|
||||
$display_tags[] = array(html::clean($tag->name), $tag->url());
|
||||
$last_tagid = $one_tag->id;
|
||||
}
|
||||
}
|
||||
|
||||
// Sort the array.
|
||||
asort($display_tags);
|
||||
|
||||
// Print out the list of tags as clickable links.
|
||||
$not_first = 0;
|
||||
foreach ($display_tags as $one_tag) {
|
||||
if ($not_first++ > 0) {
|
||||
print ", ";
|
||||
}
|
||||
print "<a href=\"" . $one_tag[1] . "\">" . $one_tag[0] . "</a>";
|
||||
}
|
||||
?>
|
||||
<? endif ?>
|
||||
</span>
|
||||
</div>
|
||||
|
|
@ -54,7 +54,7 @@ class about_this_photo_block_Core {
|
|||
$record = ORM::factory("iptc_record")->where("item_id", "=", $theme->item()->id)->find();
|
||||
if ($record->loaded()) {
|
||||
$record = unserialize($record->data);
|
||||
$block->content->source = $record["Source"];
|
||||
$block->content->name = $record["ObjectName"];
|
||||
$block->content->caption = $record["Caption"];
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
name = "About this Photo"
|
||||
description = "Show some simple, specific and useful info about a given photo"
|
||||
version = 2
|
||||
version = 3
|
||||
|
|
|
|||
|
|
@ -16,14 +16,14 @@
|
|||
<td><?= $vcount ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong class="caption"><?= t("Image ID: ") ?></strong></td>
|
||||
<td><?= $source ?></td>
|
||||
<td><strong class="caption"><?= t("Name: ") ?></strong></td>
|
||||
<td><?= $name ?></td>
|
||||
</tr>
|
||||
</table>
|
||||
<span >
|
||||
<div style="margin-top: 10px; margin-bottom: 10px;">
|
||||
<strong class="caption"><?= t("Caption: ") ?></strong>
|
||||
<?= $caption ?>
|
||||
</span ><br>
|
||||
</div >
|
||||
<span >
|
||||
<strong class=="caption"><?= t("Tags: ") ?></strong>
|
||||
<? foreach ($tags as $tag): ?>
|
||||
|
|
|
|||
|
|
@ -34,5 +34,5 @@
|
|||
<? endif ?>
|
||||
<? endwhile ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ class ecard_block_Core {
|
|||
case "ecard":
|
||||
if ($theme->item() && $theme->item()->is_photo() && module::get_var("ecard", "location") == "sidebar") {
|
||||
$block = new Block();
|
||||
$block->css_id = "g-send-ecard";
|
||||
$block->css_id = "g-sendecard";
|
||||
$block->title = t("eCard");
|
||||
$block->content = new View("ecard_block.html");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,6 @@ class ecard_installer {
|
|||
"Click the image to be taken to the gallery.");
|
||||
module::set_var("ecard", "bcc", "");
|
||||
module::set_var("ecard", "access_permissions", "everybody");
|
||||
module::set_version("ecard", 4);
|
||||
module::set_version("ecard", 5);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
name = "E-Card"
|
||||
description = "Send a photo as a postcard"
|
||||
version = 4
|
||||
version = 5
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php defined("SYSPATH") or die("No direct script access.") ?>
|
||||
<a href="<?= url::site("ecard/form_send/{$item->id}") ?>" id="g-send-ecard"
|
||||
<a href="<?= url::site("ecard/form_send/{$item->id}") ?>"
|
||||
class="g-dialog-link g-button ui-state-default ui-corner-all">
|
||||
<span class="ui-icon-ecard"></span>
|
||||
<span class="ui-icon-ecard" id="g-send-ecard"></span>
|
||||
<?= t("Send as eCard") ?>
|
||||
</a>
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class purifier {
|
|||
|
||||
static function purify($dirty_html) {
|
||||
if (!isset(self::$_purifier)) {
|
||||
require_once(MODPATH . "purifier/lib/HTMLPurifier/HTMLPurifier.auto.php");
|
||||
require_once(MODPATH . "purifier/vendor/HTMLPurifier/HTMLPurifier.auto.php");
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
foreach (Kohana::config("purifier") as $category => $key_value) {
|
||||
foreach ($key_value as $key => $value) {
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -1,18 +0,0 @@
|
|||
HTML.AllowedElements
|
||||
TYPE: lookup/null
|
||||
VERSION: 1.3.0
|
||||
DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
If HTML Purifier's tag set is unsatisfactory for your needs, you
|
||||
can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add a tag that HTML Purifier never
|
||||
supported in the first place (like embed, form or head). If you
|
||||
change this, you probably also want to change %HTML.AllowedAttributes.
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
HTML.SafeObject
|
||||
TYPE: bool
|
||||
VERSION: 3.1.1
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
Whether or not to permit object tags in documents, with a number of extra
|
||||
security features added to prevent script execution. This is similar to
|
||||
what websites like MySpace do to object tags. You may also want to
|
||||
enable %HTML.SafeEmbed for maximum interoperability with Internet Explorer,
|
||||
although embed tags will cause your website to stop validating.
|
||||
<strong>Highly experimental.</strong>
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
name = "HTML Purifier"
|
||||
description = "Enable XSS protection using HTMLPurifier"
|
||||
version = 1
|
||||
version = 2
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
|
||||
* FILE, changes will be overwritten the next time the script is run.
|
||||
*
|
||||
* @version 4.0.0
|
||||
* @version 4.2.0
|
||||
*
|
||||
* @warning
|
||||
* You must *not* include any other HTML Purifier files before this file,
|
||||
|
|
@ -176,6 +176,7 @@ require 'HTMLPurifier/Injector/DisplayLinkURI.php';
|
|||
require 'HTMLPurifier/Injector/Linkify.php';
|
||||
require 'HTMLPurifier/Injector/PurifierLinkify.php';
|
||||
require 'HTMLPurifier/Injector/RemoveEmpty.php';
|
||||
require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
|
||||
require 'HTMLPurifier/Injector/SafeObject.php';
|
||||
require 'HTMLPurifier/Lexer/DOMLex.php';
|
||||
require 'HTMLPurifier/Lexer/DirectLex.php';
|
||||
|
|
@ -195,9 +196,12 @@ require 'HTMLPurifier/Token/Start.php';
|
|||
require 'HTMLPurifier/Token/Text.php';
|
||||
require 'HTMLPurifier/URIFilter/DisableExternal.php';
|
||||
require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
|
||||
require 'HTMLPurifier/URIFilter/DisableResources.php';
|
||||
require 'HTMLPurifier/URIFilter/HostBlacklist.php';
|
||||
require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
|
||||
require 'HTMLPurifier/URIFilter/Munge.php';
|
||||
require 'HTMLPurifier/URIScheme/data.php';
|
||||
require 'HTMLPurifier/URIScheme/file.php';
|
||||
require 'HTMLPurifier/URIScheme/ftp.php';
|
||||
require 'HTMLPurifier/URIScheme/http.php';
|
||||
require 'HTMLPurifier/URIScheme/https.php';
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
*/
|
||||
|
||||
/*
|
||||
HTML Purifier 4.0.0 - Standards Compliant HTML Filtering
|
||||
HTML Purifier 4.2.0 - Standards Compliant HTML Filtering
|
||||
Copyright (C) 2006-2008 Edward Z. Yang
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
|
|
@ -55,10 +55,10 @@ class HTMLPurifier
|
|||
{
|
||||
|
||||
/** Version of HTML Purifier */
|
||||
public $version = '4.0.0';
|
||||
public $version = '4.2.0';
|
||||
|
||||
/** Constant with version of HTML Purifier */
|
||||
const VERSION = '4.0.0';
|
||||
const VERSION = '4.2.0';
|
||||
|
||||
/** Global configuration object */
|
||||
public $config;
|
||||
|
|
@ -170,6 +170,7 @@ require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
|
|||
require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
|
||||
require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
|
||||
require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';
|
||||
require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
|
||||
require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
|
||||
require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
|
||||
require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
|
||||
|
|
@ -189,9 +190,12 @@ require_once $__dir . '/HTMLPurifier/Token/Start.php';
|
|||
require_once $__dir . '/HTMLPurifier/Token/Text.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/DisableResources.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIScheme/data.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIScheme/file.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIScheme/http.php';
|
||||
require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
|
||||
|
|
@ -82,6 +82,42 @@ abstract class HTMLPurifier_AttrDef
|
|||
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses a possibly escaped CSS string and returns the "pure"
|
||||
* version of it.
|
||||
*/
|
||||
protected function expandCSSEscape($string) {
|
||||
// flexibly parse it
|
||||
$ret = '';
|
||||
for ($i = 0, $c = strlen($string); $i < $c; $i++) {
|
||||
if ($string[$i] === '\\') {
|
||||
$i++;
|
||||
if ($i >= $c) {
|
||||
$ret .= '\\';
|
||||
break;
|
||||
}
|
||||
if (ctype_xdigit($string[$i])) {
|
||||
$code = $string[$i];
|
||||
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
|
||||
if (!ctype_xdigit($string[$i])) break;
|
||||
$code .= $string[$i];
|
||||
}
|
||||
// We have to be extremely careful when adding
|
||||
// new characters, to make sure we're not breaking
|
||||
// the encoding.
|
||||
$char = HTMLPurifier_Encoder::unichr(hexdec($code));
|
||||
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
|
||||
$ret .= $char;
|
||||
if ($i < $c && trim($string[$i]) !== '') $i--;
|
||||
continue;
|
||||
}
|
||||
if ($string[$i] === "\n") continue;
|
||||
}
|
||||
$ret .= $string[$i];
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
|
@ -59,7 +59,8 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
|
|||
$keywords = array();
|
||||
$keywords['h'] = false; // left, right
|
||||
$keywords['v'] = false; // top, bottom
|
||||
$keywords['c'] = false; // center
|
||||
$keywords['ch'] = false; // center (first word)
|
||||
$keywords['cv'] = false; // center (second word)
|
||||
$measures = array();
|
||||
|
||||
$i = 0;
|
||||
|
|
@ -79,6 +80,13 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
|
|||
$lbit = ctype_lower($bit) ? $bit : strtolower($bit);
|
||||
if (isset($lookup[$lbit])) {
|
||||
$status = $lookup[$lbit];
|
||||
if ($status == 'c') {
|
||||
if ($i == 0) {
|
||||
$status = 'ch';
|
||||
} else {
|
||||
$status = 'cv';
|
||||
}
|
||||
}
|
||||
$keywords[$status] = $lbit;
|
||||
$i++;
|
||||
}
|
||||
|
|
@ -101,20 +109,19 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
|
|||
|
||||
if (!$i) return false; // no valid values were caught
|
||||
|
||||
|
||||
$ret = array();
|
||||
|
||||
// first keyword
|
||||
if ($keywords['h']) $ret[] = $keywords['h'];
|
||||
elseif (count($measures)) $ret[] = array_shift($measures);
|
||||
elseif ($keywords['c']) {
|
||||
$ret[] = $keywords['c'];
|
||||
$keywords['c'] = false; // prevent re-use: center = center center
|
||||
elseif ($keywords['ch']) {
|
||||
$ret[] = $keywords['ch'];
|
||||
$keywords['cv'] = false; // prevent re-use: center = center center
|
||||
}
|
||||
elseif (count($measures)) $ret[] = array_shift($measures);
|
||||
|
||||
if ($keywords['v']) $ret[] = $keywords['v'];
|
||||
elseif ($keywords['cv']) $ret[] = $keywords['cv'];
|
||||
elseif (count($measures)) $ret[] = array_shift($measures);
|
||||
elseif ($keywords['c']) $ret[] = $keywords['c'];
|
||||
|
||||
if (empty($ret)) return false;
|
||||
return implode(' ', $ret);
|
||||
|
|
@ -34,37 +34,10 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
|||
$quote = $font[0];
|
||||
if ($font[$length - 1] !== $quote) continue;
|
||||
$font = substr($font, 1, $length - 2);
|
||||
|
||||
$new_font = '';
|
||||
for ($i = 0, $c = strlen($font); $i < $c; $i++) {
|
||||
if ($font[$i] === '\\') {
|
||||
$i++;
|
||||
if ($i >= $c) {
|
||||
$new_font .= '\\';
|
||||
break;
|
||||
}
|
||||
if (ctype_xdigit($font[$i])) {
|
||||
$code = $font[$i];
|
||||
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
|
||||
if (!ctype_xdigit($font[$i])) break;
|
||||
$code .= $font[$i];
|
||||
}
|
||||
// We have to be extremely careful when adding
|
||||
// new characters, to make sure we're not breaking
|
||||
// the encoding.
|
||||
$char = HTMLPurifier_Encoder::unichr(hexdec($code));
|
||||
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
|
||||
$new_font .= $char;
|
||||
if ($i < $c && trim($font[$i]) !== '') $i--;
|
||||
continue;
|
||||
}
|
||||
if ($font[$i] === "\n") continue;
|
||||
}
|
||||
$new_font .= $font[$i];
|
||||
}
|
||||
|
||||
$font = $new_font;
|
||||
}
|
||||
|
||||
$font = $this->expandCSSEscape($font);
|
||||
|
||||
// $font is a pure representation of the font name
|
||||
|
||||
if (ctype_alnum($font) && $font !== '') {
|
||||
|
|
@ -73,12 +46,21 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
|
|||
continue;
|
||||
}
|
||||
|
||||
// complicated font, requires quoting
|
||||
// bugger out on whitespace. form feed (0C) really
|
||||
// shouldn't show up regardless
|
||||
$font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font);
|
||||
|
||||
// armor single quotes and new lines
|
||||
$font = str_replace("\\", "\\\\", $font);
|
||||
$font = str_replace("'", "\\'", $font);
|
||||
$final .= "'$font', ";
|
||||
// These ugly transforms don't pose a security
|
||||
// risk (as \\ and \" might). We could try to be clever and
|
||||
// use single-quote wrapping when there is a double quote
|
||||
// present, but I have choosen not to implement that.
|
||||
// (warning: this code relies on the selection of quotation
|
||||
// mark below)
|
||||
$font = str_replace('\\', '\\5C ', $font);
|
||||
$font = str_replace('"', '\\22 ', $font);
|
||||
|
||||
// complicated font, requires quoting
|
||||
$final .= "\"$font\", "; // note that this will later get turned into "
|
||||
}
|
||||
$final = rtrim($final, ', ');
|
||||
if ($final === '') return false;
|
||||
|
|
@ -34,20 +34,16 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
|
|||
$uri = substr($uri, 1, $new_length - 1);
|
||||
}
|
||||
|
||||
$keys = array( '(', ')', ',', ' ', '"', "'");
|
||||
$values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
|
||||
$uri = str_replace($values, $keys, $uri);
|
||||
$uri = $this->expandCSSEscape($uri);
|
||||
|
||||
$result = parent::validate($uri, $config, $context);
|
||||
|
||||
if ($result === false) return false;
|
||||
|
||||
// escape necessary characters according to CSS spec
|
||||
// except for the comma, none of these should appear in the
|
||||
// URI at all
|
||||
$result = str_replace($keys, $values, $result);
|
||||
// extra sanity check; should have been done by URI
|
||||
$result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
|
||||
|
||||
return "url($result)";
|
||||
return "url(\"$result\")";
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -24,7 +24,8 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
|||
if ($src) {
|
||||
$alt = $config->get('Attr.DefaultImageAlt');
|
||||
if ($alt === null) {
|
||||
$attr['alt'] = basename($attr['src']);
|
||||
// truncate if the alt is too long
|
||||
$attr['alt'] = substr(basename($attr['src']),0,40);
|
||||
} else {
|
||||
$attr['alt'] = $alt;
|
||||
}
|
||||
|
|
@ -33,12 +33,25 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
|||
case 'allowNetworking':
|
||||
$attr['value'] = 'internal';
|
||||
break;
|
||||
case 'allowFullScreen':
|
||||
if ($config->get('HTML.FlashAllowFullScreen')) {
|
||||
$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
|
||||
} else {
|
||||
$attr['value'] = 'false';
|
||||
}
|
||||
break;
|
||||
case 'wmode':
|
||||
$attr['value'] = 'window';
|
||||
break;
|
||||
case 'movie':
|
||||
case 'src':
|
||||
$attr['name'] = "movie";
|
||||
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
|
||||
break;
|
||||
case 'flashvars':
|
||||
// we're going to allow arbitrary inputs to the SWF, on
|
||||
// the reasoning that it could only hack the SWF, not us.
|
||||
break;
|
||||
// add other cases to support other param name/value pairs
|
||||
default:
|
||||
$attr['name'] = $attr['value'] = null;
|
||||
|
|
@ -272,20 +272,29 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||
// setup allowed elements
|
||||
$support = "(for information on implementing this, see the ".
|
||||
"support forums) ";
|
||||
$allowed_attributes = $config->get('CSS.AllowedProperties');
|
||||
if ($allowed_attributes !== null) {
|
||||
$allowed_properties = $config->get('CSS.AllowedProperties');
|
||||
if ($allowed_properties !== null) {
|
||||
foreach ($this->info as $name => $d) {
|
||||
if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
|
||||
unset($allowed_attributes[$name]);
|
||||
if(!isset($allowed_properties[$name])) unset($this->info[$name]);
|
||||
unset($allowed_properties[$name]);
|
||||
}
|
||||
// emit errors
|
||||
foreach ($allowed_attributes as $name => $d) {
|
||||
foreach ($allowed_properties as $name => $d) {
|
||||
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||
$name = htmlspecialchars($name);
|
||||
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
||||
$forbidden_properties = $config->get('CSS.ForbiddenProperties');
|
||||
if ($forbidden_properties !== null) {
|
||||
foreach ($this->info as $name => $d) {
|
||||
if (isset($forbidden_properties[$name])) {
|
||||
unset($this->info[$name]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -20,7 +20,7 @@ class HTMLPurifier_Config
|
|||
/**
|
||||
* HTML Purifier's version
|
||||
*/
|
||||
public $version = '4.0.0';
|
||||
public $version = '4.2.0';
|
||||
|
||||
/**
|
||||
* Bool indicator whether or not to automatically finalize
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user