ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: home / lab2454c / tripvare.com / vendor / ezyang / htmlpurifier / library / HTMLPurifier

<?php

/**
 * Validates the attributes of a token. Doesn't manage required attributes
 * very well. The only reason we factored this out was because RemoveForeignElements
 * also needed it besides ValidateAttributes.
 */
class HTMLPurifier_AttrValidator
{

/**
     * Validates the attributes of a token, mutating it as necessary.
     * that has valid tokens
     * @param HTMLPurifier_Token $token Token to validate.
     * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
     * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
     */
    public function validateToken($token, $config, $context)
    {
        $definition = $config->getHTMLDefinition();
        $e =& $context->get('ErrorCollector', true);

// initialize IDAccumulator if necessary
        $ok =& $context->get('IDAccumulator', true);
        if (!$ok) {
            $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
            $context->register('IDAccumulator', $id_accumulator);
        }

// initialize CurrentToken if necessary
        $current_token =& $context->get('CurrentToken', true);
        if (!$current_token) {
            $context->register('CurrentToken', $token);
        }

if (!$token instanceof HTMLPurifier_Token_Start &&
            !$token instanceof HTMLPurifier_Token_Empty
        ) {
            return;
        }

// create alias to global definition array, see also $defs
        // DEFINITION CALL
        $d_defs = $definition->info_global_attr;

// don't update token until the very end, to ensure an atomic update
        $attr = $token->attr;

// do global transformations (pre)
        // nothing currently utilizes this
        foreach ($definition->info_attr_transform_pre as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// do local transformations only applicable to this element (pre)
        // ex. <p align="right"> to <p style="text-align:right;">
        foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// create alias to this element's attribute definition array, see
        // also $d_defs (global attribute definition array)
        // DEFINITION CALL
        $defs = $definition->info[$token->name]->attr;

$attr_key = false;
        $context->register('CurrentAttr', $attr_key);

// iterate through all the attribute keypairs
        // Watch out for name collisions: $key has previously been used
        foreach ($attr as $attr_key => $value) {

// call the definition
            if (isset($defs[$attr_key])) {
                // there is a local definition defined
                if ($defs[$attr_key] === false) {
                    // We've explicitly been told not to allow this element.
                    // This is usually when there's a global definition
                    // that must be overridden.
                    // Theoretically speaking, we could have a
                    // AttrDef_DenyAll, but this is faster!
                    $result = false;
                } else {
                    // validate according to the element's definition
                    $result = $defs[$attr_key]->validate(
                        $value,
                        $config,
                        $context
                    );
                }
            } elseif (isset($d_defs[$attr_key])) {
                // there is a global definition defined, validate according
                // to the global definition
                $result = $d_defs[$attr_key]->validate(
                    $value,
                    $config,
                    $context
                );
            } else {
                // system never heard of the attribute? DELETE!
                $result = false;
            }

// put the results into effect
            if ($result === false || $result === null) {
                // this is a generic error message that should replaced
                // with more specific ones when possible
                if ($e) {
                    $e->send(E_ERROR, 'AttrValidator: Attribute removed');
                }

// remove the attribute
                unset($attr[$attr_key]);
            } elseif (is_string($result)) {
                // generally, if a substitution is happening, there
                // was some sort of implicit correction going on. We'll
                // delegate it to the attribute classes to say exactly what.

// simple substitution
                $attr[$attr_key] = $result;
            } else {
                // nothing happens
            }

// we'd also want slightly more complicated substitution
            // involving an array as the return value,
            // although we're not sure how colliding attributes would
            // resolve (certain ones would be completely overriden,
            // others would prepend themselves).
        }

$context->destroy('CurrentAttr');

// post transforms

// global (error reporting untested)
        foreach ($definition->info_attr_transform_post as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// local (error reporting untested)
        foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

$token->attr = $attr;

// destroy CurrentToken if we made it ourselves
        if (!$current_token) {
            $context->destroy('CurrentToken');
        }

}

// vim: et sw=4 sts=4

[+] Injector
[-] CSSDefinition.php [edit]
[+] URIScheme
[-] TagTransform.php [edit]
[+] DefinitionCache
[+] HTMLModule
[-] Filter.php [edit]
[-] Language.php [edit]
[+] VarParser
[-] ChildDef.php [edit]
[-] TokenFactory.php [edit]
[-] Printer.php [edit]
[+] Lexer
[-] Context.php [edit]
[+] ..
[+] URIFilter
[-] Encoder.php [edit]
[+] Strategy
[-] Config.php [edit]
[-] DefinitionCacheFactory.php [edit]
[-] Definition.php [edit]
[-] PropertyList.php [edit]
[-] AttrCollections.php [edit]
[-] EntityLookup.php [edit]
[-] LanguageFactory.php [edit]
[-] UnitConverter.php [edit]
[-] Bootstrap.php [edit]
[+] ChildDef
[-] Node.php [edit]
[-] URIDefinition.php [edit]
[-] Length.php [edit]
[+] AttrDef
[-] ElementDef.php [edit]
[-] Injector.php [edit]
[+] ConfigSchema
[-] EntityParser.php [edit]
[-] Token.php [edit]
[-] StringHash.php [edit]
[-] AttrDef.php [edit]
[+] Filter
[-] IDAccumulator.php [edit]
[-] ErrorStruct.php [edit]
[-] HTMLDefinition.php [edit]
[-] StringHashParser.php [edit]
[-] Queue.php [edit]
[-] ErrorCollector.php [edit]
[-] URIParser.php [edit]
[-] URI.php [edit]
[-] ConfigSchema.php [edit]
[-] ContentSets.php [edit]
[-] Doctype.php [edit]
[-] AttrValidator.php [edit]
[-] URIScheme.php [edit]
[-] PropertyListIterator.php [edit]
[-] HTMLModuleManager.php [edit]
[-] Strategy.php [edit]
[-] DefinitionCache.php [edit]
[-] Generator.php [edit]
[-] PercentEncoder.php [edit]
[+] Printer
[-] AttrTransform.php [edit]
[-] Exception.php [edit]
[-] URIFilter.php [edit]
[-] VarParserException.php [edit]
[-] AttrTypes.php [edit]
[+] Token
[+] TagTransform
[+] Language
[+] EntityLookup
[-] Arborize.php [edit]
[-] Lexer.php [edit]
[-] DoctypeRegistry.php [edit]
[+] AttrTransform
[+] Node
[-] URISchemeRegistry.php [edit]
[-] VarParser.php [edit]
[-] HTMLModule.php [edit]
[-] Zipper.php [edit]