From 701567f5e5e0c0bfb76744e535b55f863323859a Mon Sep 17 00:00:00 2001 From: brettp Date: Sat, 30 Jan 2010 22:44:04 +0000 Subject: Fixes #1425, Fixes #1341: Upgraded htmlawed to latest. Altered the htmlawed attribute filtering function to return for proper linking in parse_urls(). Added background-color as a non-filtered style attribute. git-svn-id: http://code.elgg.org/elgg/trunk@3862 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/htmlawed/vendors/htmLawed/htmLawed.php | 14 +-- mod/htmlawed/vendors/htmLawed/htmLawedTest.php | 25 ++--- mod/htmlawed/vendors/htmLawed/htmLawed_README.htm | 105 +++++++++++++++++++-- mod/htmlawed/vendors/htmLawed/htmLawed_README.txt | 67 +++++++++++-- .../vendors/htmLawed/htmLawed_TESTCASE.txt | 5 +- 5 files changed, 176 insertions(+), 40 deletions(-) (limited to 'mod/htmlawed/vendors') diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed.php b/mod/htmlawed/vendors/htmLawed/htmLawed.php index 7f9a43a92..2556fdcf2 100644 --- a/mod/htmlawed/vendors/htmLawed/htmLawed.php +++ b/mod/htmlawed/vendors/htmLawed/htmLawed.php @@ -1,7 +1,7 @@ 1, 'onchange'=>1, 'onclick'=>1, 'ondblclick'=>1, 'onfocus'=>1, 'onkeydown'=>1, 'onkeypress'=>1, 'onkeyup'=>1, 'onmousedown'=>1, 'onmousemove'=>1, 'onmouseout'=>1, 'onmouseover'=>1, 'onmouseup'=>1, 'onreset'=>1, 'onselect'=>1, 'onsubmit'=>1); @@ -419,10 +419,7 @@ if(!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)){ return (($C['keep_bad']%2) ? str_replace(array('<', '>'), array('<', '>'), $t) : ''); } // attr string -$a = str_replace(array("\xad", "\n", "\r", "\t"), ' ', trim($m[3])); -if(strpos($a, '&') !== false){ - str_replace(array('­', '­', '­'), ' ', $a); -} +$a = str_replace(array("\n", "\r", "\t"), ' ', trim($m[3])); // tag transform static $eD = array('applet'=>1, 'center'=>1, 'dir'=>1, 'embed'=>1, 'font'=>1, 'isindex'=>1, 'menu'=>1, 's'=>1, 'strike'=>1, 'u'=>1); // Deprecated if($C['make_tag_strict'] && isset($eD[$e])){ @@ -506,6 +503,7 @@ foreach($aA as $k=>$v){ $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; }elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){ + $v = str_replace("\xad", ' ', (strpos($v, '&') !== false ? str_replace(array('­', '­', '­'), ' ', $v) : $v)); $v = hl_prot($v, $k); if($k == 'href'){ // X-spam if($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0){ @@ -690,7 +688,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array( function hl_version(){ // rel -return '1.1.8'; +return '1.1.9'; // eof } @@ -702,8 +700,6 @@ foreach($h as $k=>$v){ $C['cdata'] = $C['comment'] = $C['make_tag_strict'] = $C['no_deprecated_attr'] = $C['unique_ids'] = 0; $C['keep_bad'] = 1; $C['elements'] = count($h) ? strtolower(implode(',', array_keys($h))) : '-*'; -print_r($C['elements']); -exit; $C['hook'] = 'kses_hook'; $C['schemes'] = '*:'. implode(',', $p); return htmLawed($t, $C, $h); diff --git a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php index c2caaff50..160bd012d 100644 --- a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php +++ b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php @@ -1,8 +1,8 @@ - +