search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[2.1.5] [MFH] Percent encode query and hash, and lazy update with attr validator
[htmlpurifier/rdancer.git] / library / HTMLPurifier / AttrValidator.php
blobf020e0080e595c80446214e301652677793a1614
1 <?php
2
3 /**
4 * Validates the attributes of a token. Doesn't manage required attributes
5 * very well. The only reason we factored this out was because RemoveForeignElements
6 * also needed it besides ValidateAttributes.
7 */
8 class HTMLPurifier_AttrValidator
9 {
10
11 /**
12 * Validates the attributes of a token, returning a modified token
13 * that has valid tokens
14 * @param $token Reference to token to validate. We require a reference
15 * because the operation this class performs on the token are
16 * not atomic, so the context CurrentToken to be updated
17 * throughout
18 * @param $config Instance of HTMLPurifier_Config
19 * @param $context Instance of HTMLPurifier_Context
20 */
21 function validateToken(&$token, &$config, &$context) {
22
23 $definition = $config->getHTMLDefinition();
24 $e =& $context->get('ErrorCollector', true);
25
26 // initialize IDAccumulator if necessary
27 $ok =& $context->get('IDAccumulator', true);
28 if (!$ok) {
29 $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
30 $context->register('IDAccumulator', $id_accumulator);
31 }
32
33 // initialize CurrentToken if necessary
34 $current_token =& $context->get('CurrentToken', true);
35 if (!$current_token) $context->register('CurrentToken', $token);
36
37 if ($token->type !== 'start' && $token->type !== 'empty') return $token;
38
39 // create alias to global definition array, see also $defs
40 // DEFINITION CALL
41 $d_defs = $definition->info_global_attr;
42
43 // don't update token until the very end, to ensure an atomic update
44 $attr = $token->attr;
45
46 // do global transformations (pre)
47 // nothing currently utilizes this
48 foreach ($definition->info_attr_transform_pre as $transform) {
49 $attr = $transform->transform($o = $attr, $config, $context);
50 if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
51 }
52
53 // do local transformations only applicable to this element (pre)
54 // ex. <p align="right"> to <p style="text-align:right;">
55 foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
56 $attr = $transform->transform($o = $attr, $config, $context);
57 if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
58 }
59
60 // create alias to this element's attribute definition array, see
61 // also $d_defs (global attribute definition array)
62 // DEFINITION CALL
63 $defs = $definition->info[$token->name]->attr;
64
65 $attr_key = false;
66 $context->register('CurrentAttr', $attr_key);
67
68 // iterate through all the attribute keypairs
69 // Watch out for name collisions: $key has previously been used
70 foreach ($attr as $attr_key => $value) {
71
72 // call the definition
73 if ( isset($defs[$attr_key]) ) {
74 // there is a local definition defined
75 if ($defs[$attr_key] === false) {
76 // We've explicitly been told not to allow this element.
77 // This is usually when there's a global definition
78 // that must be overridden.
79 // Theoretically speaking, we could have a
80 // AttrDef_DenyAll, but this is faster!
81 $result = false;
82 } else {
83 // validate according to the element's definition
84 $result = $defs[$attr_key]->validate(
85 $value, $config, $context
86 );
87 }
88 } elseif ( isset($d_defs[$attr_key]) ) {
89 // there is a global definition defined, validate according
90 // to the global definition
91 $result = $d_defs[$attr_key]->validate(
92 $value, $config, $context
93 );
94 } else {
95 // system never heard of the attribute? DELETE!
96 $result = false;
97 }
98
99 // put the results into effect
100 if ($result === false || $result === null) {
101 // this is a generic error message that should replaced
102 // with more specific ones when possible
103 if ($e) $e->send(E_ERROR, 'AttrValidator: Attribute removed');
104
105 // remove the attribute
106 unset($attr[$attr_key]);
107 } elseif (is_string($result)) {
108 // generally, if a substitution is happening, there
109 // was some sort of implicit correction going on. We'll
110 // delegate it to the attribute classes to say exactly what.
111
112 // simple substitution
113 $attr[$attr_key] = $result;
114 }
115
116 // we'd also want slightly more complicated substitution
117 // involving an array as the return value,
118 // although we're not sure how colliding attributes would
119 // resolve (certain ones would be completely overriden,
120 // others would prepend themselves).
121 }
122
123 $context->destroy('CurrentAttr');
124
125 // post transforms
126
127 // global (error reporting untested)
128 foreach ($definition->info_attr_transform_post as $transform) {
129 $attr = $transform->transform($o = $attr, $config, $context);
130 if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
131 }
132
133 // local (error reporting untested)
134 foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
135 $attr = $transform->transform($o = $attr, $config, $context);
136 if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
137 }
138
139 $token->attr = $attr;
140
141 // destroy CurrentToken if we made it ourselves
142 if (!$current_token) $context->destroy('CurrentToken');
143
144 }
145
146
147 }
148
Lightweight fork of HTML Purifier