search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Release 2.1.3.
[htmlpurifier/bfroehle.git] / library / HTMLPurifier / Config.php
blob203542f0aa7c296b4f1481994ce33ccec1684fda
1 <?php
2
3 require_once 'HTMLPurifier/ConfigSchema.php';
4
5 // member variables
6 require_once 'HTMLPurifier/HTMLDefinition.php';
7 require_once 'HTMLPurifier/CSSDefinition.php';
8 require_once 'HTMLPurifier/URIDefinition.php';
9 require_once 'HTMLPurifier/Doctype.php';
10 require_once 'HTMLPurifier/DefinitionCacheFactory.php';
11
12 // accomodations for versions earlier than 4.3.10 and 5.0.2
13 // borrowed from PHP_Compat, LGPL licensed, by Aidan Lister <aidan@php.net>
14 if (!defined('PHP_EOL')) {
15 switch (strtoupper(substr(PHP_OS, 0, 3))) {
16 case 'WIN':
17 define('PHP_EOL', "\r\n");
18 break;
19 case 'DAR':
20 define('PHP_EOL', "\r");
21 break;
22 default:
23 define('PHP_EOL', "\n");
24 }
25 }
26
27 /**
28 * Configuration object that triggers customizable behavior.
29 *
30 * @warning This class is strongly defined: that means that the class
31 * will fail if an undefined directive is retrieved or set.
32 *
33 * @note Many classes that could (although many times don't) use the
34 * configuration object make it a mandatory parameter. This is
35 * because a configuration object should always be forwarded,
36 * otherwise, you run the risk of missing a parameter and then
37 * being stumped when a configuration directive doesn't work.
38 */
39 class HTMLPurifier_Config
40 {
41
42 /**
43 * HTML Purifier's version
44 */
45 var $version = '2.1.3';
46
47 /**
48 * Two-level associative array of configuration directives
49 */
50 var $conf;
51
52 /**
53 * Reference HTMLPurifier_ConfigSchema for value checking
54 */
55 var $def;
56
57 /**
58 * Indexed array of definitions
59 */
60 var $definitions;
61
62 /**
63 * Bool indicator whether or not config is finalized
64 */
65 var $finalized = false;
66
67 /**
68 * Bool indicator whether or not to automatically finalize
69 * the object if a read operation is done
70 */
71 var $autoFinalize = true;
72
73 /**
74 * Namespace indexed array of serials for specific namespaces (see
75 * getSerial for more info).
76 */
77 var $serials = array();
78
79 /**
80 * Serial for entire configuration object
81 */
82 var $serial;
83
84 /**
85 * @param $definition HTMLPurifier_ConfigSchema that defines what directives
86 * are allowed.
87 */
88 function HTMLPurifier_Config(&$definition) {
89 $this->conf = $definition->defaults; // set up, copy in defaults
90 $this->def = $definition; // keep a copy around for checking
91 }
92
93 /**
94 * Convenience constructor that creates a config object based on a mixed var
95 * @static
96 * @param mixed $config Variable that defines the state of the config
97 * object. Can be: a HTMLPurifier_Config() object,
98 * an array of directives based on loadArray(),
99 * or a string filename of an ini file.
100 * @return Configured HTMLPurifier_Config object
101 */
102 function create($config) {
103 if (is_a($config, 'HTMLPurifier_Config')) {
104 // pass-through
105 return $config;
106 }
107 $ret = HTMLPurifier_Config::createDefault();
108 if (is_string($config)) $ret->loadIni($config);
109 elseif (is_array($config)) $ret->loadArray($config);
110 return $ret;
111 }
112
113 /**
114 * Convenience constructor that creates a default configuration object.
115 * @static
116 * @return Default HTMLPurifier_Config object.
117 */
118 function createDefault() {
119 $definition =& HTMLPurifier_ConfigSchema::instance();
120 $config = new HTMLPurifier_Config($definition);
121 return $config;
122 }
123
124 /**
125 * Retreives a value from the configuration.
126 * @param $namespace String namespace
127 * @param $key String key
128 */
129 function get($namespace, $key, $from_alias = false) {
130 if (!$this->finalized && $this->autoFinalize) $this->finalize();
131 if (!isset($this->def->info[$namespace][$key])) {
132 // can't add % due to SimpleTest bug
133 trigger_error('Cannot retrieve value of undefined directive ' . htmlspecialchars("$namespace.$key"),
134 E_USER_WARNING);
135 return;
136 }
137 if ($this->def->info[$namespace][$key]->class == 'alias') {
138 $d = $this->def->info[$namespace][$key];
139 trigger_error('Cannot get value from aliased directive, use real name ' . $d->namespace . '.' . $d->name,
140 E_USER_ERROR);
141 return;
142 }
143 return $this->conf[$namespace][$key];
144 }
145
146 /**
147 * Retreives an array of directives to values from a given namespace
148 * @param $namespace String namespace
149 */
150 function getBatch($namespace) {
151 if (!$this->finalized && $this->autoFinalize) $this->finalize();
152 if (!isset($this->def->info[$namespace])) {
153 trigger_error('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
154 E_USER_WARNING);
155 return;
156 }
157 return $this->conf[$namespace];
158 }
159
160 /**
161 * Returns a md5 signature of a segment of the configuration object
162 * that uniquely identifies that particular configuration
163 * @note Revision is handled specially and is removed from the batch
164 * before processing!
165 * @param $namespace Namespace to get serial for
166 */
167 function getBatchSerial($namespace) {
168 if (empty($this->serials[$namespace])) {
169 $batch = $this->getBatch($namespace);
170 unset($batch['DefinitionRev']);
171 $this->serials[$namespace] = md5(serialize($batch));
172 }
173 return $this->serials[$namespace];
174 }
175
176 /**
177 * Returns a md5 signature for the entire configuration object
178 * that uniquely identifies that particular configuration
179 */
180 function getSerial() {
181 if (empty($this->serial)) {
182 $this->serial = md5(serialize($this->getAll()));
183 }
184 return $this->serial;
185 }
186
187 /**
188 * Retrieves all directives, organized by namespace
189 */
190 function getAll() {
191 if (!$this->finalized && $this->autoFinalize) $this->finalize();
192 return $this->conf;
193 }
194
195 /**
196 * Sets a value to configuration.
197 * @param $namespace String namespace
198 * @param $key String key
199 * @param $value Mixed value
200 */
201 function set($namespace, $key, $value, $from_alias = false) {
202 if ($this->isFinalized('Cannot set directive after finalization')) return;
203 if (!isset($this->def->info[$namespace][$key])) {
204 trigger_error('Cannot set undefined directive ' . htmlspecialchars("$namespace.$key") . ' to value',
205 E_USER_WARNING);
206 return;
207 }
208 if ($this->def->info[$namespace][$key]->class == 'alias') {
209 if ($from_alias) {
210 trigger_error('Double-aliases not allowed, please fix '.
211 'ConfigSchema bug with' . "$namespace.$key");
212 }
213 $this->set($this->def->info[$namespace][$key]->namespace,
214 $this->def->info[$namespace][$key]->name,
215 $value, true);
216 return;
217 }
218 $value = $this->def->validate(
219 $value,
220 $type = $this->def->info[$namespace][$key]->type,
221 $this->def->info[$namespace][$key]->allow_null
222 );
223 if (is_string($value)) {
224 // resolve value alias if defined
225 if (isset($this->def->info[$namespace][$key]->aliases[$value])) {
226 $value = $this->def->info[$namespace][$key]->aliases[$value];
227 }
228 if ($this->def->info[$namespace][$key]->allowed !== true) {
229 // check to see if the value is allowed
230 if (!isset($this->def->info[$namespace][$key]->allowed[$value])) {
231 trigger_error('Value not supported, valid values are: ' .
232 $this->_listify($this->def->info[$namespace][$key]->allowed), E_USER_WARNING);
233 return;
234 }
235 }
236 }
237 if ($this->def->isError($value)) {
238 trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . $type, E_USER_WARNING);
239 return;
240 }
241 $this->conf[$namespace][$key] = $value;
242
243 // reset definitions if the directives they depend on changed
244 // this is a very costly process, so it's discouraged
245 // with finalization
246 if ($namespace == 'HTML' || $namespace == 'CSS') {
247 $this->definitions[$namespace] = null;
248 }
249
250 $this->serials[$namespace] = false;
251 }
252
253 /**
254 * Convenience function for error reporting
255 * @private
256 */
257 function _listify($lookup) {
258 $list = array();
259 foreach ($lookup as $name => $b) $list[] = $name;
260 return implode(', ', $list);
261 }
262
263 /**
264 * Retrieves reference to the HTML definition.
265 * @param $raw Return a copy that has not been setup yet. Must be
266 * called before it's been setup, otherwise won't work.
267 */
268 function &getHTMLDefinition($raw = false) {
269 $def =& $this->getDefinition('HTML', $raw);
270 return $def; // prevent PHP 4.4.0 from complaining
271 }
272
273 /**
274 * Retrieves reference to the CSS definition
275 */
276 function &getCSSDefinition($raw = false) {
277 $def =& $this->getDefinition('CSS', $raw);
278 return $def;
279 }
280
281 /**
282 * Retrieves a definition
283 * @param $type Type of definition: HTML, CSS, etc
284 * @param $raw Whether or not definition should be returned raw
285 */
286 function &getDefinition($type, $raw = false) {
287 if (!$this->finalized && $this->autoFinalize) $this->finalize();
288 $factory = HTMLPurifier_DefinitionCacheFactory::instance();
289 $cache = $factory->create($type, $this);
290 if (!$raw) {
291 // see if we can quickly supply a definition
292 if (!empty($this->definitions[$type])) {
293 if (!$this->definitions[$type]->setup) {
294 $this->definitions[$type]->setup($this);
295 $cache->set($this->definitions[$type], $this);
296 }
297 return $this->definitions[$type];
298 }
299 // memory check missed, try cache
300 $this->definitions[$type] = $cache->get($this);
301 if ($this->definitions[$type]) {
302 // definition in cache, return it
303 return $this->definitions[$type];
304 }
305 } elseif (
306 !empty($this->definitions[$type]) &&
307 !$this->definitions[$type]->setup
308 ) {
309 // raw requested, raw in memory, quick return
310 return $this->definitions[$type];
311 }
312 // quick checks failed, let's create the object
313 if ($type == 'HTML') {
314 $this->definitions[$type] = new HTMLPurifier_HTMLDefinition();
315 } elseif ($type == 'CSS') {
316 $this->definitions[$type] = new HTMLPurifier_CSSDefinition();
317 } elseif ($type == 'URI') {
318 $this->definitions[$type] = new HTMLPurifier_URIDefinition();
319 } else {
320 trigger_error("Definition of $type type not supported");
321 $false = false;
322 return $false;
323 }
324 // quick abort if raw
325 if ($raw) {
326 if (is_null($this->get($type, 'DefinitionID'))) {
327 // fatally error out if definition ID not set
328 trigger_error("Cannot retrieve raw version without specifying %$type.DefinitionID", E_USER_ERROR);
329 $false = new HTMLPurifier_Error();
330 return $false;
331 }
332 return $this->definitions[$type];
333 }
334 // set it up
335 $this->definitions[$type]->setup($this);
336 // save in cache
337 $cache->set($this->definitions[$type], $this);
338 return $this->definitions[$type];
339 }
340
341 /**
342 * Loads configuration values from an array with the following structure:
343 * Namespace.Directive => Value
344 * @param $config_array Configuration associative array
345 */
346 function loadArray($config_array) {
347 if ($this->isFinalized('Cannot load directives after finalization')) return;
348 foreach ($config_array as $key => $value) {
349 $key = str_replace('_', '.', $key);
350 if (strpos($key, '.') !== false) {
351 // condensed form
352 list($namespace, $directive) = explode('.', $key);
353 $this->set($namespace, $directive, $value);
354 } else {
355 $namespace = $key;
356 $namespace_values = $value;
357 foreach ($namespace_values as $directive => $value) {
358 $this->set($namespace, $directive, $value);
359 }
360 }
361 }
362 }
363
364 /**
365 * Returns a list of array(namespace, directive) for all directives
366 * that are allowed in a web-form context as per an allowed
367 * namespaces/directives list.
368 * @param $allowed List of allowed namespaces/directives
369 * @static
370 */
371 function getAllowedDirectivesForForm($allowed) {
372 $schema = HTMLPurifier_ConfigSchema::instance();
373 if ($allowed !== true) {
374 if (is_string($allowed)) $allowed = array($allowed);
375 $allowed_ns = array();
376 $allowed_directives = array();
377 $blacklisted_directives = array();
378 foreach ($allowed as $ns_or_directive) {
379 if (strpos($ns_or_directive, '.') !== false) {
380 // directive
381 if ($ns_or_directive[0] == '-') {
382 $blacklisted_directives[substr($ns_or_directive, 1)] = true;
383 } else {
384 $allowed_directives[$ns_or_directive] = true;
385 }
386 } else {
387 // namespace
388 $allowed_ns[$ns_or_directive] = true;
389 }
390 }
391 }
392 $ret = array();
393 foreach ($schema->info as $ns => $keypairs) {
394 foreach ($keypairs as $directive => $def) {
395 if ($allowed !== true) {
396 if (isset($blacklisted_directives["$ns.$directive"])) continue;
397 if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
398 }
399 if ($def->class == 'alias') continue;
400 if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
401 $ret[] = array($ns, $directive);
402 }
403 }
404 return $ret;
405 }
406
407 /**
408 * Loads configuration values from $_GET/$_POST that were posted
409 * via ConfigForm
410 * @param $array $_GET or $_POST array to import
411 * @param $index Index/name that the config variables are in
412 * @param $allowed List of allowed namespaces/directives
413 * @param $mq_fix Boolean whether or not to enable magic quotes fix
414 * @static
415 */
416 function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
417 $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
418 $config = HTMLPurifier_Config::create($ret);
419 return $config;
420 }
421
422 /**
423 * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
424 * @note Same parameters as loadArrayFromForm
425 */
426 function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
427 $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
428 $this->loadArray($ret);
429 }
430
431 /**
432 * Prepares an array from a form into something usable for the more
433 * strict parts of HTMLPurifier_Config
434 * @static
435 */
436 function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
437 $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
438 $mq = get_magic_quotes_gpc() && $mq_fix;
439
440 $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed);
441 $ret = array();
442 foreach ($allowed as $key) {
443 list($ns, $directive) = $key;
444 $skey = "$ns.$directive";
445 if (!empty($array["Null_$skey"])) {
446 $ret[$ns][$directive] = null;
447 continue;
448 }
449 if (!isset($array[$skey])) continue;
450 $value = $mq ? stripslashes($array[$skey]) : $array[$skey];
451 $ret[$ns][$directive] = $value;
452 }
453 return $ret;
454 }
455
456 /**
457 * Loads configuration values from an ini file
458 * @param $filename Name of ini file
459 */
460 function loadIni($filename) {
461 if ($this->isFinalized('Cannot load directives after finalization')) return;
462 $array = parse_ini_file($filename, true);
463 $this->loadArray($array);
464 }
465
466 /**
467 * Checks whether or not the configuration object is finalized.
468 * @param $error String error message, or false for no error
469 */
470 function isFinalized($error = false) {
471 if ($this->finalized && $error) {
472 trigger_error($error, E_USER_ERROR);
473 }
474 return $this->finalized;
475 }
476
477 /**
478 * Finalizes configuration only if auto finalize is on and not
479 * already finalized
480 */
481 function autoFinalize() {
482 if (!$this->finalized && $this->autoFinalize) $this->finalize();
483 }
484
485 /**
486 * Finalizes a configuration object, prohibiting further change
487 */
488 function finalize() {
489 $this->finalized = true;
490 }
491
492 }
493
494
HTMLPurifier with iframe extension