1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16:
17: class HTMLPurifier_Config
18: {
19:
20: 21: 22:
23: public $version = '4.3.0';
24:
25: 26: 27: 28:
29: public $autoFinalize = true;
30:
31:
32:
33: 34: 35: 36:
37: protected $serials = array();
38:
39: 40: 41:
42: protected $serial;
43:
44: 45: 46:
47: protected $parser;
48:
49: 50: 51: 52: 53:
54: public $def;
55:
56: 57: 58:
59: protected $definitions;
60:
61: 62: 63:
64: protected $finalized = false;
65:
66: 67: 68:
69: protected $plist;
70:
71: 72: 73: 74:
75: private $aliasMode;
76:
77: 78: 79: 80: 81:
82: public $chatty = true;
83:
84: 85: 86:
87: private $lock;
88:
89: 90: 91: 92:
93: public function __construct($definition, $parent = null) {
94: $parent = $parent ? $parent : $definition->defaultPlist;
95: $this->plist = new HTMLPurifier_PropertyList($parent);
96: $this->def = $definition;
97: $this->parser = new HTMLPurifier_VarParser_Flexible();
98: }
99:
100: 101: 102: 103: 104: 105: 106: 107: 108:
109: public static function create($config, $schema = null) {
110: if ($config instanceof HTMLPurifier_Config) {
111:
112: return $config;
113: }
114: if (!$schema) {
115: $ret = HTMLPurifier_Config::createDefault();
116: } else {
117: $ret = new HTMLPurifier_Config($schema);
118: }
119: if (is_string($config)) $ret->loadIni($config);
120: elseif (is_array($config)) $ret->loadArray($config);
121: return $ret;
122: }
123:
124: 125: 126: 127: 128: 129:
130: public static function inherit(HTMLPurifier_Config $config) {
131: return new HTMLPurifier_Config($config->def, $config->plist);
132: }
133:
134: 135: 136: 137:
138: public static function createDefault() {
139: $definition = HTMLPurifier_ConfigSchema::instance();
140: $config = new HTMLPurifier_Config($definition);
141: return $config;
142: }
143:
144: 145: 146: 147:
148: public function get($key, $a = null) {
149: if ($a !== null) {
150: $this->triggerError("Using deprecated API: use \$config->get('$key.$a') instead", E_USER_WARNING);
151: $key = "$key.$a";
152: }
153: if (!$this->finalized) $this->autoFinalize();
154: if (!isset($this->def->info[$key])) {
155:
156: $this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
157: E_USER_WARNING);
158: return;
159: }
160: if (isset($this->def->info[$key]->isAlias)) {
161: $d = $this->def->info[$key];
162: $this->triggerError('Cannot get value from aliased directive, use real name ' . $d->key,
163: E_USER_ERROR);
164: return;
165: }
166: if ($this->lock) {
167: list($ns) = explode('.', $key);
168: if ($ns !== $this->lock) {
169: $this->triggerError('Cannot get value of namespace ' . $ns . ' when lock for ' . $this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', E_USER_ERROR);
170: return;
171: }
172: }
173: return $this->plist->get($key);
174: }
175:
176: 177: 178: 179:
180: public function getBatch($namespace) {
181: if (!$this->finalized) $this->autoFinalize();
182: $full = $this->getAll();
183: if (!isset($full[$namespace])) {
184: $this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
185: E_USER_WARNING);
186: return;
187: }
188: return $full[$namespace];
189: }
190:
191: 192: 193: 194: 195: 196: 197:
198: public function getBatchSerial($namespace) {
199: if (empty($this->serials[$namespace])) {
200: $batch = $this->getBatch($namespace);
201: unset($batch['DefinitionRev']);
202: $this->serials[$namespace] = md5(serialize($batch));
203: }
204: return $this->serials[$namespace];
205: }
206:
207: 208: 209: 210:
211: public function getSerial() {
212: if (empty($this->serial)) {
213: $this->serial = md5(serialize($this->getAll()));
214: }
215: return $this->serial;
216: }
217:
218: 219: 220: 221:
222: public function getAll() {
223: if (!$this->finalized) $this->autoFinalize();
224: $ret = array();
225: foreach ($this->plist->squash() as $name => $value) {
226: list($ns, $key) = explode('.', $name, 2);
227: $ret[$ns][$key] = $value;
228: }
229: return $ret;
230: }
231:
232: 233: 234: 235: 236:
237: public function set($key, $value, $a = null) {
238: if (strpos($key, '.') === false) {
239: $namespace = $key;
240: $directive = $value;
241: $value = $a;
242: $key = "$key.$directive";
243: $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
244: } else {
245: list($namespace) = explode('.', $key);
246: }
247: if ($this->isFinalized('Cannot set directive after finalization')) return;
248: if (!isset($this->def->info[$key])) {
249: $this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
250: E_USER_WARNING);
251: return;
252: }
253: $def = $this->def->info[$key];
254:
255: if (isset($def->isAlias)) {
256: if ($this->aliasMode) {
257: $this->triggerError('Double-aliases not allowed, please fix '.
258: 'ConfigSchema bug with' . $key, E_USER_ERROR);
259: return;
260: }
261: $this->aliasMode = true;
262: $this->set($def->key, $value);
263: $this->aliasMode = false;
264: $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
265: return;
266: }
267:
268:
269:
270: $rtype = is_int($def) ? $def : $def->type;
271: if ($rtype < 0) {
272: $type = -$rtype;
273: $allow_null = true;
274: } else {
275: $type = $rtype;
276: $allow_null = isset($def->allow_null);
277: }
278:
279: try {
280: $value = $this->parser->parse($value, $type, $allow_null);
281: } catch (HTMLPurifier_VarParserException $e) {
282: $this->triggerError('Value for ' . $key . ' is of invalid type, should be ' . HTMLPurifier_VarParser::getTypeName($type), E_USER_WARNING);
283: return;
284: }
285: if (is_string($value) && is_object($def)) {
286:
287: if (isset($def->aliases[$value])) {
288: $value = $def->aliases[$value];
289: }
290:
291: if (isset($def->allowed) && !isset($def->allowed[$value])) {
292: $this->triggerError('Value not supported, valid values are: ' .
293: $this->_listify($def->allowed), E_USER_WARNING);
294: return;
295: }
296: }
297: $this->plist->set($key, $value);
298:
299:
300:
301:
302: if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
303: $this->definitions[$namespace] = null;
304: }
305:
306: $this->serials[$namespace] = false;
307: }
308:
309: 310: 311:
312: private function _listify($lookup) {
313: $list = array();
314: foreach ($lookup as $name => $b) $list[] = $name;
315: return implode(', ', $list);
316: }
317:
318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328:
329: public function getHTMLDefinition($raw = false, $optimized = false) {
330: return $this->getDefinition('HTML', $raw, $optimized);
331: }
332:
333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343:
344: public function getCSSDefinition($raw = false, $optimized = false) {
345: return $this->getDefinition('CSS', $raw, $optimized);
346: }
347:
348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358:
359: public function getURIDefinition($raw = false, $optimized = false) {
360: return $this->getDefinition('URI', $raw, $optimized);
361: }
362:
363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375:
376: public function getDefinition($type, $raw = false, $optimized = false) {
377: if ($optimized && !$raw) {
378: throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
379: }
380: if (!$this->finalized) $this->autoFinalize();
381:
382: $lock = $this->lock;
383: $this->lock = null;
384: $factory = HTMLPurifier_DefinitionCacheFactory::instance();
385: $cache = $factory->create($type, $this);
386: $this->lock = $lock;
387: if (!$raw) {
388:
389:
390:
391: if (!empty($this->definitions[$type])) {
392: $def = $this->definitions[$type];
393:
394: if ($def->setup) {
395: return $def;
396: } else {
397: $def->setup($this);
398: if ($def->optimized) $cache->add($def, $this);
399: return $def;
400: }
401: }
402:
403: $def = $cache->get($this);
404: if ($def) {
405:
406: $this->definitions[$type] = $def;
407: return $def;
408: }
409:
410: $def = $this->initDefinition($type);
411:
412: $this->lock = $type;
413: $def->setup($this);
414: $this->lock = null;
415:
416: $cache->add($def, $this);
417:
418: return $def;
419: } else {
420:
421:
422:
423: $def = null;
424: if ($optimized) {
425: if (is_null($this->get($type . '.DefinitionID'))) {
426:
427: throw new HTMLPurifier_Exception("Cannot retrieve raw version without specifying %$type.DefinitionID");
428: }
429: }
430: if (!empty($this->definitions[$type])) {
431: $def = $this->definitions[$type];
432: if ($def->setup && !$optimized) {
433: $extra = $this->chatty ? " (try moving this code block earlier in your initialization)" : "";
434: throw new HTMLPurifier_Exception("Cannot retrieve raw definition after it has already been setup" . $extra);
435: }
436: if ($def->optimized === null) {
437: $extra = $this->chatty ? " (try flushing your cache)" : "";
438: throw new HTMLPurifier_Exception("Optimization status of definition is unknown" . $extra);
439: }
440: if ($def->optimized !== $optimized) {
441: $msg = $optimized ? "optimized" : "unoptimized";
442: $extra = $this->chatty ? " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)" : "";
443: throw new HTMLPurifier_Exception("Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra);
444: }
445: }
446:
447: if ($def) {
448: if ($def->setup) {
449:
450: return null;
451: } else {
452: return $def;
453: }
454: }
455:
456:
457:
458:
459:
460: if ($optimized) {
461:
462:
463:
464: $def = $cache->get($this);
465: if ($def) {
466:
467:
468: $this->definitions[$type] = $def;
469: return null;
470: }
471: }
472:
473: if (!$optimized) {
474: if (!is_null($this->get($type . '.DefinitionID'))) {
475: if ($this->chatty) {
476: $this->triggerError("Due to a documentation error in previous version of HTML Purifier, your definitions are not being cached. If this is OK, you can remove the %$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, modify your code to use maybeGetRawDefinition, and test if the returned value is null before making any edits (if it is null, that means that a cached version is available, and no raw operations are necessary). See <a href='http://htmlpurifier.org/docs/enduser-customize.html#optimized'>Customize</a> for more details", E_USER_WARNING);
477: } else {
478: $this->triggerError("Useless DefinitionID declaration", E_USER_WARNING);
479: }
480: }
481: }
482:
483: $def = $this->initDefinition($type);
484: $def->optimized = $optimized;
485: return $def;
486: }
487: throw new HTMLPurifier_Exception("The impossible happened!");
488: }
489:
490: private function initDefinition($type) {
491:
492: if ($type == 'HTML') {
493: $def = new HTMLPurifier_HTMLDefinition();
494: } elseif ($type == 'CSS') {
495: $def = new HTMLPurifier_CSSDefinition();
496: } elseif ($type == 'URI') {
497: $def = new HTMLPurifier_URIDefinition();
498: } else {
499: throw new HTMLPurifier_Exception("Definition of $type type not supported");
500: }
501: $this->definitions[$type] = $def;
502: return $def;
503: }
504:
505: public function maybeGetRawDefinition($name) {
506: return $this->getDefinition($name, true, true);
507: }
508:
509: public function maybeGetRawHTMLDefinition() {
510: return $this->getDefinition('HTML', true, true);
511: }
512:
513: public function maybeGetRawCSSDefinition() {
514: return $this->getDefinition('CSS', true, true);
515: }
516:
517: public function maybeGetRawURIDefinition() {
518: return $this->getDefinition('URI', true, true);
519: }
520:
521: 522: 523: 524: 525:
526: public function loadArray($config_array) {
527: if ($this->isFinalized('Cannot load directives after finalization')) return;
528: foreach ($config_array as $key => $value) {
529: $key = str_replace('_', '.', $key);
530: if (strpos($key, '.') !== false) {
531: $this->set($key, $value);
532: } else {
533: $namespace = $key;
534: $namespace_values = $value;
535: foreach ($namespace_values as $directive => $value) {
536: $this->set($namespace .'.'. $directive, $value);
537: }
538: }
539: }
540: }
541:
542: 543: 544: 545: 546: 547:
548: public static function getAllowedDirectivesForForm($allowed, $schema = null) {
549: if (!$schema) {
550: $schema = HTMLPurifier_ConfigSchema::instance();
551: }
552: if ($allowed !== true) {
553: if (is_string($allowed)) $allowed = array($allowed);
554: $allowed_ns = array();
555: $allowed_directives = array();
556: $blacklisted_directives = array();
557: foreach ($allowed as $ns_or_directive) {
558: if (strpos($ns_or_directive, '.') !== false) {
559:
560: if ($ns_or_directive[0] == '-') {
561: $blacklisted_directives[substr($ns_or_directive, 1)] = true;
562: } else {
563: $allowed_directives[$ns_or_directive] = true;
564: }
565: } else {
566:
567: $allowed_ns[$ns_or_directive] = true;
568: }
569: }
570: }
571: $ret = array();
572: foreach ($schema->info as $key => $def) {
573: list($ns, $directive) = explode('.', $key, 2);
574: if ($allowed !== true) {
575: if (isset($blacklisted_directives["$ns.$directive"])) continue;
576: if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
577: }
578: if (isset($def->isAlias)) continue;
579: if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
580: $ret[] = array($ns, $directive);
581: }
582: return $ret;
583: }
584:
585: 586: 587: 588: 589: 590: 591: 592: 593:
594: public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) {
595: $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
596: $config = HTMLPurifier_Config::create($ret, $schema);
597: return $config;
598: }
599:
600: 601: 602: 603:
604: public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true) {
605: $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
606: $this->loadArray($ret);
607: }
608:
609: 610: 611: 612:
613: public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) {
614: if ($index !== false) $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
615: $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
616:
617: $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
618: $ret = array();
619: foreach ($allowed as $key) {
620: list($ns, $directive) = $key;
621: $skey = "$ns.$directive";
622: if (!empty($array["Null_$skey"])) {
623: $ret[$ns][$directive] = null;
624: continue;
625: }
626: if (!isset($array[$skey])) continue;
627: $value = $mq ? stripslashes($array[$skey]) : $array[$skey];
628: $ret[$ns][$directive] = $value;
629: }
630: return $ret;
631: }
632:
633: 634: 635: 636:
637: public function loadIni($filename) {
638: if ($this->isFinalized('Cannot load directives after finalization')) return;
639: $array = parse_ini_file($filename, true);
640: $this->loadArray($array);
641: }
642:
643: 644: 645: 646:
647: public function isFinalized($error = false) {
648: if ($this->finalized && $error) {
649: $this->triggerError($error, E_USER_ERROR);
650: }
651: return $this->finalized;
652: }
653:
654: 655: 656: 657:
658: public function autoFinalize() {
659: if ($this->autoFinalize) {
660: $this->finalize();
661: } else {
662: $this->plist->squash(true);
663: }
664: }
665:
666: 667: 668:
669: public function finalize() {
670: $this->finalized = true;
671: unset($this->parser);
672: }
673:
674: 675: 676: 677:
678: protected function triggerError($msg, $no) {
679:
680: $extra = '';
681: if ($this->chatty) {
682: $trace = debug_backtrace();
683:
684: for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
685: if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
686: continue;
687: }
688: $frame = $trace[$i];
689: $extra = " invoked on line {$frame['line']} in file {$frame['file']}";
690: break;
691: }
692: }
693: trigger_error($msg . $extra, $no);
694: }
695:
696: 697: 698: 699:
700: public function serialize() {
701: $this->getDefinition('HTML');
702: $this->getDefinition('CSS');
703: $this->getDefinition('URI');
704: return serialize($this);
705: }
706:
707: }
708:
709:
710: