diff options
| author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-30 22:44:04 +0000 |
|---|---|---|
| committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-30 22:44:04 +0000 |
| commit | 701567f5e5e0c0bfb76744e535b55f863323859a (patch) | |
| tree | 9e426c11203d1433de892b03b08d31dccbed3e7c /mod/htmlawed/vendors/htmLawed/htmLawed.php | |
| parent | 0068d7f46452188f807e413f6cbd32cd765e6530 (diff) | |
| download | elgg-701567f5e5e0c0bfb76744e535b55f863323859a.tar.gz elgg-701567f5e5e0c0bfb76744e535b55f863323859a.tar.bz2 | |
Fixes #1425, Fixes #1341: Upgraded htmlawed to latest. Altered the htmlawed attribute filtering function to return <attr="val"> for proper linking in parse_urls(). Added background-color as a non-filtered style attribute.
git-svn-id: http://code.elgg.org/elgg/trunk@3862 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/htmlawed/vendors/htmLawed/htmLawed.php')
| -rw-r--r-- | mod/htmlawed/vendors/htmLawed/htmLawed.php | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed.php b/mod/htmlawed/vendors/htmLawed/htmLawed.php index 7f9a43a92..2556fdcf2 100644 --- a/mod/htmlawed/vendors/htmLawed/htmLawed.php +++ b/mod/htmlawed/vendors/htmLawed/htmLawed.php @@ -1,7 +1,7 @@ <?php /* -htmLawed 1.1.8, 23 April 2009 +htmLawed 1.1.9, 22 December 2009 Copyright Santosh Patnaik GPL v3 license A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed @@ -37,7 +37,7 @@ else{ $C['elements'] =& $e; // config attrs $x = !empty($C['deny_attribute']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['deny_attribute']) : ''; -$x = array_flip((isset($x[0]) && $x[0] == '*') ? explode('-', $x) : explode(',', $x. ($C['safe'] == 1 ? ',on*' : ''))); +$x = array_flip((isset($x[0]) && $x[0] == '*') ? explode('-', $x) : explode(',', $x. (!empty($C['safe']) ? ',on*' : ''))); if(isset($x['on*'])){ unset($x['on*']); $x += array('onblur'=>1, 'onchange'=>1, 'onclick'=>1, 'ondblclick'=>1, 'onfocus'=>1, 'onkeydown'=>1, 'onkeypress'=>1, 'onkeyup'=>1, 'onmousedown'=>1, 'onmousemove'=>1, 'onmouseout'=>1, 'onmouseover'=>1, 'onmouseup'=>1, 'onreset'=>1, 'onselect'=>1, 'onsubmit'=>1); @@ -419,10 +419,7 @@ if(!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)){ return (($C['keep_bad']%2) ? str_replace(array('<', '>'), array('<', '>'), $t) : ''); } // attr string -$a = str_replace(array("\xad", "\n", "\r", "\t"), ' ', trim($m[3])); -if(strpos($a, '&') !== false){ - str_replace(array('­', '­', '­'), ' ', $a); -} +$a = str_replace(array("\n", "\r", "\t"), ' ', trim($m[3])); // tag transform static $eD = array('applet'=>1, 'center'=>1, 'dir'=>1, 'embed'=>1, 'font'=>1, 'isindex'=>1, 'menu'=>1, 's'=>1, 'strike'=>1, 'u'=>1); // Deprecated if($C['make_tag_strict'] && isset($eD[$e])){ @@ -506,6 +503,7 @@ foreach($aA as $k=>$v){ $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; }elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){ + $v = str_replace("\xad", ' ', (strpos($v, '&') !== false ? str_replace(array('­', '­', '­'), ' ', $v) : $v)); $v = hl_prot($v, $k); if($k == 'href'){ // X-spam if($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0){ @@ -690,7 +688,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array( function hl_version(){ // rel -return '1.1.8'; +return '1.1.9'; // eof } @@ -702,8 +700,6 @@ foreach($h as $k=>$v){ $C['cdata'] = $C['comment'] = $C['make_tag_strict'] = $C['no_deprecated_attr'] = $C['unique_ids'] = 0; $C['keep_bad'] = 1; $C['elements'] = count($h) ? strtolower(implode(',', array_keys($h))) : '-*'; -print_r($C['elements']); -exit; $C['hook'] = 'kses_hook'; $C['schemes'] = '*:'. implode(',', $p); return htmLawed($t, $C, $h); |