From 73e1bd66260e93e0c8804fcd449a87e295737aa7 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sun, 18 May 2008 18:41:54 +0000 Subject: [PATCH] Release 3.1.0 git-svn-id: http://htmlpurifier.org/svnroot@1735 48356398-32a2-884e-a903-53898d9a118a --- .htaccess.in | 2 +- current-hashes.txt | 12 +- current.ent | 4 +- news.xhtml | 33 +++ news/2008/3.1.0-released.css | 1 + news/2008/3.1.0-released.xhtml | 307 ++++++++++++++++++++++ news/2008/3.1.0rc1-released.xhtml | 4 +- release.txt | 2 - releases/htmlpurifier-3.1.0-lite.tar.gz.sig | Bin 0 -> 65 bytes releases/htmlpurifier-3.1.0-lite.zip.sig | Bin 0 -> 65 bytes releases/htmlpurifier-3.1.0-standalone.tar.gz.sig | Bin 0 -> 65 bytes releases/htmlpurifier-3.1.0-standalone.zip.sig | Bin 0 -> 65 bytes releases/htmlpurifier-3.1.0.tar.gz.sig | Bin 0 -> 65 bytes releases/htmlpurifier-3.1.0.zip.sig | Bin 0 -> 65 bytes xhtml-compiler/common.php | 3 +- xhtml-compiler/functions.php | 3 +- 16 files changed, 356 insertions(+), 15 deletions(-) rewrite current-hashes.txt (100%) create mode 100644 news/2008/3.1.0-released.css create mode 100644 news/2008/3.1.0-released.xhtml create mode 100644 releases/htmlpurifier-3.1.0-lite.tar.gz.sig create mode 100644 releases/htmlpurifier-3.1.0-lite.zip.sig create mode 100644 releases/htmlpurifier-3.1.0-standalone.tar.gz.sig create mode 100644 releases/htmlpurifier-3.1.0-standalone.zip.sig create mode 100644 releases/htmlpurifier-3.1.0.tar.gz.sig create mode 100644 releases/htmlpurifier-3.1.0.zip.sig diff --git a/.htaccess.in b/.htaccess.in index 3c1763b..94143cd 100644 --- a/.htaccess.in +++ b/.htaccess.in @@ -2,7 +2,7 @@ # Old release warning rewrites RewriteCond %{REQUEST_METHOD} !=POST -RewriteCond %{REQUEST_URI} !/htmlpurifier-3\.1\.0rc1(\.|-standalone|-lite) +RewriteCond %{REQUEST_URI} !/htmlpurifier-3\.1\.0(\.|-standalone|-lite) RewriteCond %{REQUEST_URI} !/htmlpurifier-2\.1\.3(\.|-standalone|-lite|-strict) RewriteCond %{REQUEST_URI} !/phorum-htmlpurifier-3\.0\.0\. RewriteCond %{REQUEST_URI} !\.sig$ diff --git a/current-hashes.txt b/current-hashes.txt dissimilarity index 100% index 3488d22..356fb2a 100644 --- a/current-hashes.txt +++ b/current-hashes.txt @@ -1,6 +1,6 @@ -332119141df181aefed928246e14c801a53b667d htmlpurifier-3.1.0rc1-lite.tar.gz -cfdb8b8cf58815aeab9bf2520ae98386428d7890 htmlpurifier-3.1.0rc1-lite.zip -ecea1dee9e9378120e258cae7df8bc8ecc193720 htmlpurifier-3.1.0rc1-standalone.tar.gz -0a909cb4fe62ddca182694312cf2849b1bde65f6 htmlpurifier-3.1.0rc1-standalone.zip -9b5c8cfc1e631457102d0d72a8fbfc871c9bc6ed htmlpurifier-3.1.0rc1.tar.gz -7a152a3d1828ab9f7a1a9b1fd24bddc08b266301 htmlpurifier-3.1.0rc1.zip +29c06e13b960364a11154c44fe81b5a61db88803 htmlpurifier-3.1.0-lite.tar.gz +30c952b4b07d768774fa5e8b4cd3291a7be7287f htmlpurifier-3.1.0-lite.zip +64fa7234188222dd5f3af33f7c5287bcdadc404e htmlpurifier-3.1.0-standalone.tar.gz +f8c1d5378d52e7b90542f136fbfbd9cf418eb241 htmlpurifier-3.1.0-standalone.zip +d532e67154add4e960ab12ebe44bea2aa0217e14 htmlpurifier-3.1.0.tar.gz +e06ce2cae54cca1f830548d2066e580bcfa1c9e0 htmlpurifier-3.1.0.zip diff --git a/current.ent b/current.ent index 6bfbf02..0593990 100644 --- a/current.ent +++ b/current.ent @@ -1,5 +1,5 @@ - - + + diff --git a/news.xhtml b/news.xhtml index 80f7c46..6774073 100644 --- a/news.xhtml +++ b/news.xhtml @@ -32,6 +32,39 @@
+
+

HTML Purifier 3.1.0 released

+
Sun, 08 May 2008 14:04:00 EST
+ +
+

+ HTML Purifier 3.1.0 is the first offical stable release for 3.1 release. + It improves HTML Purifier's integration with PHP 5, mainly + through the new use of autoloading. + It also includes support for the !important CSS modifier, + display and visibility CSS properties with %CSS.AllowTricky, marquee with + %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper, + %CSS.AllowedProperties, %HTML.ForbiddenAttributes and + %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the + release candidate, there have also been a number of stability fixes such as + improved URI escaping, a change in serializer ID format, and a relaxed + format for %HTML.Allowed. And as always, numerous bugfixes. +

+

+ Important: HTML Purifier 3.1.0 also fixes a + security vulnerability. Please upgrade your libraries as quickly as + possible. The vulnerability was discovered internally, and no known + exploits have been found in the wild. +

+

+ For a detailed migration guide, please see the + 3.1.0 release page. If + you had been using the release candidate, you do not need to worry + about this. +

+
+
+

HTML Purifier 3.1.0 release candidate

Tue, 22 Apr 2008 02:51:00 EST
diff --git a/news/2008/3.1.0-released.css b/news/2008/3.1.0-released.css new file mode 100644 index 0000000..12f2be5 --- /dev/null +++ b/news/2008/3.1.0-released.css @@ -0,0 +1 @@ +#download-box {margin-left:10%; margin-right: 10%;} \ No newline at end of file diff --git a/news/2008/3.1.0-released.xhtml b/news/2008/3.1.0-released.xhtml new file mode 100644 index 0000000..60ac84c --- /dev/null +++ b/news/2008/3.1.0-released.xhtml @@ -0,0 +1,307 @@ + + + + + HTML Purifier 3.1.0 released - News - HTML Purifier + + + + + + + +

HTML Purifier 3.1.0 released

+ +
+ +

+ HTML Purifier 3.1 represents a major shift from a PHP 4 + centric codebase to a PHP 5, whereas HTML Purifier 3.0 + was merely done for E_STRICT compliance. As such, it + poses some migration concerns that should be addressed, most + prominently HTML Purifier's new usage of the autoload system. +

+ + + +

Autoloading

+ +

+ Autoloading is singularly the largest architectural change in HTML + Purifier, and under certain circumstances, can give you a hefty performance + boost too (not using the autoloader, but hold onto that thought for a moment). + Previously, HTML Purifier loaded everything it needed from HTMLPurifier.php. + Things have changed a little. I've investigated this thoroughly, and the + following cases will require some + user intervention: +

+ +

You're a PEAR user

+ +

+ Previously, I told you to use this code: +

+ +
require_once 'HTMLPurifier.php';
+ +

+ This will no longer be sufficient, because it doesn't register HTML Purifier's + autoloader. Replace the line with: +

+ +
require_once 'HTMLPurifier.auto.php';
+ +

You included HTMLPurifier.php directly

+ +

+ Follow the same instructions as a PEAR user. +

+ +

You are already using autoloading, and are on a version of PHP earlier than 5.1.2

+ +

+ In early versions of PHP 5, there was no way to register multiple autoload + handlers (with spl_autoload_register). You will need to + manually modify your autoloader to get HTML Purifier to play nice with it. +

+ +

Suppose your autoload function looks like this:

+ +
function __autoload($class) {
+  require str_replace('_', '/', $class) . '.php';
+  return true;
+}
+ +

A modified version with HTML Purifier would look like this:

+ +
function __autoload($class) {
+  if (HTMLPurifier_Bootstrap::autoload($class)) return true;
+  require str_replace('_', '/', $class) . '.php';
+  return true;
+}
+ +

+ Make sure you call HTMLPurifier_Bootstrap::autoload() first, + because it will ignore class names that aren't prefixed with HTMLPurifier. +

+ +

You are already using autoloading, and are on PHP 5.1.2+

+ +

+ Congratulations; you probably won't need to make any modifications. + However, it's worth taking a look whether or not you are using + __autoload or spl_autoload_register. If it's the + former, you may want to consider adding this line of code to your + application: +

+ +
spl_autoload_register('__autoload');
+ +

+ This is a good idea because spl_autoload_register overrides + any __autoload function, so if a misbehaving library (not HTML Purifier, + of course!) registers its + own autoloader function, yours will mysteriously stop working. You are + required to do this if your autoloader is defined after + HTML Purifier's autoloader is called. +

+ +

Some extra notes

+ +

+ With those modifications, your HTML Purifier installation should not be + fatally error'ing out. If it is, please post + in the Support forums and I'll try to help and figure it out. +

+ +

+ If you've got things working, and would like to try some of the newest features + out, check out the following files: +

+ +
+
HTMLPurifier.includes.php
+
This is the performance-friendly file I was talking about earlier. If you + use this, you don't need the autoloader at all—just swap 'auto' with + 'includes'. The downside is that if you are using any non-standard classes, + you'll need to include them manually.
+ +
HTMLPurifier.kses.php
+
On the prompting of Lukasz Pilorz, I wrote a little wrapper for + HTML Purifier using the kses interface. It's pretty neat and works with + kses's configuration parameters, so check it out if you've got some + legacy code you want to migrate.
+ +
HTMLPurifier.safe-includes.php
+
This is the not-so-performance-friendly counterpart of + HTMLPurifier.includes.php. On the plus side, however, it doesn't need + autoload, and it can be included from anywhere with impunity.
+
+ +

Filters

+ +

+ The interface for registering filters changed slightly. You may have noticed + some E_USER_WARNINGs emitting from code that looks like: +

+ +
addFilter(new HTMLPurifier_Filter_YouTube());]]>
+ +

+ We've replaced addFilter() with some new configuration directives. + Combined with autoloading, the above code turns into: +

+ +
set('Filter', 'YouTube', true);
+$purifier = new HTMLPurifier($config);]]>
+ +

+ If you're using a custom filter, you'll need some slightly different code: +

+ +
set('Filter', 'Custom', array(
+    new YourCustomFilter()
+));
+$purifier = new HTMLPurifier($config);]]>
+ +

Everything else...

+ +

Configuration aliases

+ +

+ There may be a few miscellaneous warnings left. If your error-reporting + level includes notices, you might see HTML Purifier complaining about + the usage of deprecated aliases. Don't worry: I'm not going to remove + those aliases, but from a performance standpoint it's a good idea to + convert the old directive to the new directive. +

+ +

tag.attr to tag@attr

+ +

+ If you were using %HTML.AllowedAttributes, it is recommended that you upgrade your syntax + from tag.attr to tag@attr. While the two are functionally equivalent, + and the dot-syntax will not be deprecated any time soon, this modification + is made with an eye towards future compatibility with XML: XML permits + tag names to have periods. %HTML.ForbiddenAttributes will only + allow the at-sign-syntax, and will output an informative error message + if you do otherwise. +

+ +

HTMLPurifier_HTMLModule->addElement()

+ +

+ From there, it gets highly internal. If you've been making custom modules + for yourself, please note that the signature of + HTMLPurifier_HTMLModule->addElement() has changed; there is + no more $safe parameter. However, there was no + $safe parameter to begin with in + HTMLPurifier_HTMLDefinition->addElement(), so users of that + method don't have to worry about this change. For the curious, this change + is indicative of the shift from element-based safety to module-based + safety. Once I implement more elements and attributes for trusted mode, + there will be more documentation for this. +

+ +

HTMLPurifier_ConfigSchema::method

+ +

+ The static methods in HTMLPurifier_ConfigSchema + were deprecated. They probably still work, although they're not being + actively tested now. If you need to add custom configuration to HTML + Purifier, retrieve a copy of the schema using + HTMLPurifier_ConfigSchema::instance() and then operating + on it using the add*() methods. Some of the method + signatures have changed, most notably there's an extra + $allowsNull parameter after $type in + add(). Extensible configuration + is somewhat an unknown, so if you have definitive use-cases you'd like to + share with me and influence the architecture of this, please say so. + Please do not add your own files to the schema/ + directory unless you plan on submitting your changes for incorporation + with the core. For information on how this subsystem works, check out + the documentation + on Config Schema. +

+ +

Return by reference

+ +

+ A number of methods that returned explict references to objects + now merely return objects. Due to PHP 5's new object system, objects are + passed automatically by reference, making an ampersand unnecessary. + If you have code that does this: +

+ +
getHTMLDefinition();]]>
+ +

+ ...it will throw an E_STRICT error. The fix is: +

+ +
getHTMLDefinition();]]>
+ +

HTMLPurifier_Printer_ConfigForm::get*()

+ +

+ HTMLPurifier_Printer_ConfigForm::getCSS() and + HTMLPurifier_Printer_ConfigForm::getJavascript() should be called statically, + not from an instance variable. Change: +

+ +
getCSS();]]>
+ +

+ ...to: +

+ +
+ +

New features!

+ +

+ Thanks for putting up with all that backwards-compatibility documentation! + Now we get to the fun stuff: new features. The new features are mostly + all configuration directives: +

+ + + +

+ HTML Purifier 3.1.0 also boasts a far more robust URI handling system. + URIs such as http://zh.wikipedia.org/wiki/首頁 are converted into + http://zh.wikipedia.org/wiki/%E9%A6%96%E9%A1%B5 (previously, they + were incorrectly left in IRI form.) +

+ +

+ As usual, see the NEWS for a full list of enhancements + and bugfixes. +

+ +
+ + + diff --git a/news/2008/3.1.0rc1-released.xhtml b/news/2008/3.1.0rc1-released.xhtml index e238137..286a01c 100644 --- a/news/2008/3.1.0rc1-released.xhtml +++ b/news/2008/3.1.0rc1-released.xhtml @@ -59,7 +59,7 @@ user intervention:

-

You're a PEAR user

+

You're a PEAR user

Previously, I told you to use this code: @@ -77,7 +77,7 @@

You included HTMLPurifier.php directly

- Follow the same instructions as a PEAR user. + Follow the same instructions as a PEAR user.

You are already using autoloading, and are on a version of PHP earlier than 5.1.2

diff --git a/release.txt b/release.txt index 2fa01c2..4f11aaf 100644 --- a/release.txt +++ b/release.txt @@ -33,7 +33,6 @@ if ( need to deprecate old branch ) { # [@] Build the zip and tar.gz files: - Run `./build.sh $VERSION` on the server, download with 'download.bat' - Run build.bat on Windows computer, upload the files -# Clear the Serializer cache (flush-definition-cache.bat) # [@] Build the PEAR release using package_pear.bat (package.php and `pear package`) # [@] Run sum-all.bat (generates sha1 checksums) # [@] Run sign-all.bat, enter password when prompted (signs releases) @@ -46,7 +45,6 @@ if ( need to deprecate old branch ) { - Update .htaccess.in # Update (svn update) # Commit (svn commit) -# Run http://htmlpurifier.org/xhtml-compiler/htaccess.php == Post-procedures == diff --git a/releases/htmlpurifier-3.1.0-lite.tar.gz.sig b/releases/htmlpurifier-3.1.0-lite.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000..e4012e5c4e90a44b4319738bdba83be086c31ed0 GIT binary patch literal 65 zcwPZP0KWf-KLZ5-NHA||sWZNPhMY*+5dzzz0G>N0L%`|4o;?7{c~<4h0+~E literal 0 HcwPel00001 diff --git a/releases/htmlpurifier-3.1.0-lite.zip.sig b/releases/htmlpurifier-3.1.0-lite.zip.sig new file mode 100644 index 0000000000000000000000000000000000000000..09a8bfd930773e214e10d600f28b3584fdb41a16 GIT binary patch literal 65 zcwPZP0KWf-KLZ5-NHA|}sWZNPhMY*+5d!pG0G=_mHRf)4I0&8DQum{F@fvg~jbQ+u XIlb(Q2K4w9*}=f#Z*k(yU2iU4gA5)@ literal 0 HcwPel00001 diff --git a/releases/htmlpurifier-3.1.0-standalone.tar.gz.sig b/releases/htmlpurifier-3.1.0-standalone.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000..6268febd44bdee859e73e91fcd9f3abdd5388807 GIT binary patch literal 65 zcwPZP0KWf-KLZ5-NHA|}sWZNPhMY*+5dr}V0Gtg~w6hicofIxx0BFQrS7))?V?Y3( Xb05yU=lm^z1Ni{tNsm%&SEC?05(^pF literal 0 HcwPel00001 diff --git a/releases/htmlpurifier-3.1.0-standalone.zip.sig b/releases/htmlpurifier-3.1.0-standalone.zip.sig new file mode 100644 index 0000000000000000000000000000000000000000..b885a82dbdafd08190e91a84efc041cf63178211 GIT binary patch literal 65 zcwPZP0KWf-KLZ5-NHA|~sWZNPhMY*+5dw<)0G=W`zxwj?6=>i|m0lhe=>fg0RK)L6117#X(gGJvPrMpm89cWoijV-F XKBMVO-(3lo*YAh;(R5{_ENOk?3Zoka literal 0 HcwPel00001 diff --git a/releases/htmlpurifier-3.1.0.zip.sig b/releases/htmlpurifier-3.1.0.zip.sig new file mode 100644 index 0000000000000000000000000000000000000000..cb10c994b55ef229ef409a7c4262b335b636faa8 GIT binary patch literal 65 zcwPZP0KWf-KLZ5-NHA|}sWZNPhMY*+5dsR_0G~`g`Y()w#Me?BJ=lD)->XBV7#IMc Xh_TjVn0K3H#mBR~LOIC`#wtKAZvPyP literal 0 HcwPel00001 diff --git a/xhtml-compiler/common.php b/xhtml-compiler/common.php index dfc75c9..f3a6c7e 100644 --- a/xhtml-compiler/common.php +++ b/xhtml-compiler/common.php @@ -34,6 +34,7 @@ require_once 'XHTMLCompiler/TextFilter.php'; require_once 'XHTMLCompiler/DOMFilter.php'; set_exception_handler('xhtmlcompiler_exception_handler'); -XHTMLCompiler::getInstance(); // invoke the super-object +$xc = XHTMLCompiler::getInstance(); // invoke the super-object check_errors(); register_shutdown_function('check_errors'); +if($xc->getConf('debug')) ini_set('display_errors', true); diff --git a/xhtml-compiler/functions.php b/xhtml-compiler/functions.php index 5123fba..b56e03a 100644 --- a/xhtml-compiler/functions.php +++ b/xhtml-compiler/functions.php @@ -195,11 +195,12 @@ function check_errors() { $error_mute = $xc->getConf('error_mute'); if (file_exists($error_log) && filesize($error_log) > 0) { if (file_exists($error_mute) && filesize($error_mute) == 0) { + $error_text = wordwrap(file_get_contents($error_log), 70, "\r\n"); mail($xc->getConf('admin_email'), 'Errors in XHTML Compiler', "Some errors occurred in the log. No further messages\r\n". "will be sent until the mute file [1] is deleted. The\r\n". "error log file [2] will be blanked after resolving any\r\n". - "issues.\r\n\r\n[1] $error_mute\r\n[2] $error_log\r\n"); + "issues.\r\n\r\n[1] $error_mute\r\n[2] $error_log\r\n\r\n$error_text\r\n"); file_put_contents($error_mute, '1'); } elseif (!file_exists($error_mute) && file_exists($error_log)) { $tentative_new_name = "$error_log." . date('Ymd'); -- 2.11.4.GIT