From 2cab677427f7fd462f35432d4a83fe89a26d7595 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 9 Jul 2008 09:55:42 +0000
Subject: Elgg 1.0, meet kses. Kses, Elgg 1.0.

git-svn-id: https://code.elgg.org/elgg/trunk@1344 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 vendors/kses/oop/oop.kses.changelog.txt |  204 ++++++
 vendors/kses/oop/oop.simple.api.txt     |   58 ++
 vendors/kses/oop/php4.class.kses.php    | 1162 ++++++++++++++++++++++++++++++
 vendors/kses/oop/php5.class.kses.php    | 1172 +++++++++++++++++++++++++++++++
 vendors/kses/oop/test.oop.kses.php      |  507 +++++++++++++
 5 files changed, 3103 insertions(+)
 create mode 100644 vendors/kses/oop/oop.kses.changelog.txt
 create mode 100644 vendors/kses/oop/oop.simple.api.txt
 create mode 100644 vendors/kses/oop/php4.class.kses.php
 create mode 100644 vendors/kses/oop/php5.class.kses.php
 create mode 100644 vendors/kses/oop/test.oop.kses.php

(limited to 'vendors/kses/oop')

diff --git a/vendors/kses/oop/oop.kses.changelog.txt b/vendors/kses/oop/oop.kses.changelog.txt
new file mode 100644
index 000000000..a82daf4fe
--- /dev/null
+++ b/vendors/kses/oop/oop.kses.changelog.txt
@@ -0,0 +1,204 @@
+kses ChangeLog
+==============
+
+KSES5
+	* 1.0.2
+KSES4
+	* 0.2.2
+	- Folded in code from kses 0.2.2.
+
+KSES5
+	* 1.0.1rc
+KSES4
+	* 0.2.2rc
+	- Added SetProtocols() to make protocol replacement a single step
+	  to fully answer concerns in bug #892477
+	  
+KSES5
+	* 1.0.0
+	- Turned many methods private
+	
+	- Now using __construct default constructor
+	
+	- Only runs in PHP5 or better
+	
+	- All method names changed to reflect verb status
+	
+	- Folded sinlge line functions into calling methods
+	
+	- Deprecated _hook(), Protocols()
+	
+	- Added AddProtocols() to replace Protocols()
+	
+	- Added filterKsesTextHook() to replace _hook()
+	
+	- Added RemoveProtocol() and RemoveProtocols() to remove protocols
+	  singly, or batch.  This should clear bug #892477
+
+	- Version number is 1.0.0
+
+KSES4
+	* 0.2.1
+	- Synced version number to procedural code
+	
+	- Deprecated _hook(), Protocols()
+	
+	- Added AddProtocols() to replace Protocols()
+	
+	- Added filterKsesTextHook() to replace _hook()
+	
+	- Added RemoveProtocol() and RemoveProtocols() to remove protocols singly,
+	  or batch.  This should clear bug #892477
+
+OOP
+	- Forked code into PHP4 and PHP5 versions.  Use '$myKses = new kses[45]'
+	  from now on.
+	
+	- Modified code to run in E_STRICT.  This should clear bug #918493
+	
+	- Added phpDoc commenting
+
+OOP
+	* 0.0.2
+	- Fixed a bug in AddProtocol that wasn't adding new protocols to
+	  $this->allowed_protocols
+
+	- Modified internal methods to correspond to kses 0.2.1 modifications.
+
+	- Created a basic test suite that can be run via web or CLI.
+
+	- Started CVSing the code.
+
+OOP
+	* 0.0.1
+	- Turned all the kses_function_name functions to _function_name methods.
+
+	- Added a couple of properties (allowed_protocols, allowed_html) with
+	  $this->allowed_protocols defaulting to the lion's share of usual
+	  protocols.
+
+	- Modified the applicable use of preg_replace() functions to point to
+	  internal class methods.
+
+	- Reduced the parameter list of some methods since internal properties
+	  are now being used.
+
+	- Added "public" methods to set up the allowed protocols and HTML.
+
+Procedural
+	* 0.2.1
+
+	0.2.1 was released on the 29th of September 2003.
+	It has the following changes:
+
+	- There is now an additional version of kses, using the object-oriented
+	  paradigm. Thanks a lot to Richard R. Vasquez, Jr., who created it!
+	  Anyone who wants to make functional programming, logical programming or
+	  spaghetti programming versions of kses as well (or any other programming
+	  paradigm that you like), go ahead! All the people who like old
+	  procedural programming for web applications shouldn't despair, though,
+	  as both versions will be maintained with each release.
+
+	- kses now has some new attribute value checks: minlen, minval and
+	  valueless.  See docs/attribute-value-checks for an explanation.
+
+	- For some reason, the Opera developers decided to make chr(173) a
+	  whitespace character in URL protocols, both when it occurs raw and in an
+	  entity. kses now handles this.
+
+	- The URL protocol whitelisting system now decodes entities before
+	  removing NULLs and whitespaces.
+
+Procedural
+	* 0.2.0
+
+	0.2.0 was released on the 25th of July 2003.
+	It has the following changes:
+
+	- kses now supports checking of attribute values, and not just element
+	  names and attribute names. The attribute value checks that exist so far
+	  are 'maxlen' (checks how long attribute values are, to avoid Buffer
+	  Overflows) and 'maxval' (checks how big an integer value is, to avoid
+	  Denial of Service attacks).
+
+	  Buffer Overflows could both be a problem for WWW clients and different
+	  servers on the Internet that an HTML document links to. One example is
+	  <frame src="ftp://ftp.v1ct1m.com/AAAAAA..thousands_of_A's...">.
+
+	  Denial of Service attacks can take the form of too big sizes of iframes
+	  or other things. One example is <iframe src="http://some.web.server/"
+	  width="20000" height="2000">, which makes some client machines
+	  completely overloaded.
+
+	- kses' old feature of removing "javascript:" from attribute values has
+	  been improved. It now has a whole system for white listing of URL
+	  protocols, so you can specify that it's acceptable with http:, https:,
+	  ftp: and gopher:, but no other protocols in attribute values. The system
+	  tries pretty hard to do the right thing with whitespace, upper/lower
+	  case, HTML entities ("jav&#97;script:") and repeated entries
+	  ("javascript:javascript:alert(57)").
+
+	- kses now supports both HTML and XHTML code, by allowing " /" at the end
+	  of tags.
+
+	- kses now removes Netscape 4's JavaScript entities, having the form
+	  "&{alert(57)};". They don't even seem to work on all versions of
+	  Netscape 4, but for completeness' sake it seemed like a good feature to
+	  add.
+
+	- A bug with NULLs in javascript: URLs was fixed.
+	  (Reported by Simon Cornelius P. Umacob - thanks!)
+
+	- As a nice side effect of the white listing of URL protocols, kses now
+	  also normalizes all HTML entities in documents. It will change HTML code
+	  with bad entities to the right form, for example "AT&T" will be
+	  converted to "AT&amp;T" and "<a href='lyrics.php?band=ladytron&lyrics=
+	  playgirl'>" will be converted to "<a href='lyrics.php?band=
+	  ladytron&amp;lyrics=playgirl'>". "&#000058;" will be converted to
+	  "&#58;", "&#XYZZY;" will be converted to "&amp;#XYZZY;", "&auml!;" will
+	  be converted to "&amp;auml!;" and so on.
+
+	  As shown above, it will process HTML entities that it doesn't
+	  understand.  It will also deal with too big numbers in numeric HTML
+	  entities, which is helpful as many browsers seem to wrap them around at
+	  2 ** 32, so the characters 58, 58 + (2 ** 32), 58 + (2 ** 64) etcetera
+	  are all colons to the web browser.
+
+	- You can now use upper case letters in your $allowed_html array, in
+	  element names, attribute names and attribute value check names. Version
+	  0.1.0 required everything in that array to be in lower case, but that's
+	  not necessary any more. You can also use upper case letters in
+	  $allowed_protocols.
+
+	- The "Really malformed thing" bug from the TODO file was fixed.
+	  It used to convert this string:
+	  x > 5 <a href="blah">
+	  to:
+	  x &gt; 5 &lt;a href=&quot;blah&quot;&gt;
+	  and now it converts it to:
+	  x &gt; 5 <a href="blah">
+
+	- The "Weird malformed thing" bug from the TODO file was fixed.
+	  It used to convert this string:
+	  <a href="5 href=6>
+	  to:
+	  <a href="6">
+	  because of the way kses restarts after a parse error in kses_hair().
+	  Now it converts it to:
+	  <a>
+
+	- A problem with slashes in HTML tags was fixed.
+
+	- examples/filter.php used to use $SCRIPT_NAME, which doesn't work on
+	  Windows.
+	  (Reported by Simon Cornelius P. Umacob - thanks!)
+
+	- kses now allows dashes in attribute names, for things like
+	  <meta http-equiv=..>.
+
+Procedural
+	* 0.1.0, first public version
+
+	0.1.0 was released on the 9th of June 2003.
+	It was announced on three security related mailing lists on Friday the
+	13th of June (nothing bad happened to it though).
diff --git a/vendors/kses/oop/oop.simple.api.txt b/vendors/kses/oop/oop.simple.api.txt
new file mode 100644
index 000000000..144308a93
--- /dev/null
+++ b/vendors/kses/oop/oop.simple.api.txt
@@ -0,0 +1,58 @@
+Parse($string = "")
+	The basic function of kses.  Give it a $string, and it will strip
+	out the unwanted HTML and attributes.
+
+AddProtocols()
+	Add a protocol or list of protocols to the kses object to be
+	considered valid during a Parse().  The parameter can be a string
+	containing a single protocol, or an array of strings, each
+	containing a single protocol.
+
+Protocols()
+	Deprecated.  Use AddProtocols()
+
+AddProtocol($protocol = "")
+	Adds a single protocol to the kses object that will be considered
+	valid during a Parse().
+
+SetProtocols()
+	This is a straight setting/overwrite of existing protocols in the
+	kses object.  All existing protocols are removed, and the parameter
+	is used to determine what protocol(s) the kses object will consider
+	valid.  The parameter can be a string containing a single protocol,
+	or an array of strings, each constaining a single protocol.
+
+DumpProtocols()
+	This returns an indexed array of the valid protocols contained in
+	the kses object.
+
+DumpElements()
+	This returns an associative array of the valid (X)HTML elements in
+	the kses object along with attributes for each element, and tests
+	that will be performed on each attribute.
+
+AddHTML($tag = "", $attribs = array())
+	This allows the end user to add a single (X)HTML element to the
+	kses object along with the (if any) attributes that the specific
+	(X)HTML element is allowed to have.
+	
+	See the file 'attribute-value-checks' for more information as to
+	the format of the data to be provided to this method.
+
+RemoveProtocol($protocol = "")
+	This allows for the removal of a single protocol from the list of
+	valid protocols in the kses object.
+
+RemoveProtocols()
+	This allows for the single or batch removal of protocols from the
+	kses object.  The parameter is either a string containing a
+	protocol to be removed, or an array of strings that each contain
+	a protocol.
+
+filterKsesTextHook($string)
+	For the OOP version of kses, this is an additional hook that allows
+	the end user to perform additional postprocessing of a string
+	that's being run through Parse().
+
+_hook()
+	Deprecated.  Use filterKsesTextHook().
\ No newline at end of file
diff --git a/vendors/kses/oop/php4.class.kses.php b/vendors/kses/oop/php4.class.kses.php
new file mode 100644
index 000000000..acb06cc59
--- /dev/null
+++ b/vendors/kses/oop/php4.class.kses.php
@@ -0,0 +1,1162 @@
+<?php
+	/*
+	 * ==========================================================================================
+	 *
+	 * This program is free software and open source software; you can redistribute
+	 * it and/or modify it under the terms of the GNU General Public License as
+	 * published by the Free Software Foundation; either version 2 of the License,
+	 * or (at your option) any later version.
+	 *
+	 * This program is distributed in the hope that it will be useful, but WITHOUT
+	 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+	 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+	 * more details.
+	 *
+	 * You should have received a copy of the GNU General Public License along
+	 * with this program; if not, write to the Free Software Foundation, Inc.,
+	 * 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  or visit
+	 * http://www.gnu.org/licenses/gpl.html
+	 *
+	 * ==========================================================================================
+	 */
+
+	/**
+	*	Class file for PHP4 OOP version of kses
+	*
+	*	This is an updated version of kses to work with PHP4 that works under E_STRICT.
+	*
+	*	This upgrade provides the following:
+	*	+ Version number synced to procedural version number
+	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
+	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
+	*	+ Kses4 now works in E_STRICT
+	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol() and RemoveProtocols()
+	*	+ Deprecated _hook(), Protocols()
+	*	+ Integrated code from kses 0.2.2 into class.
+	*	+ Added methods DumpProtocols(), DumpMethods()
+	*
+	*	@package    kses
+	*	@subpackage kses4
+	*/
+
+	if(substr(phpversion(), 0, 1) < 4)
+	{
+		die("Class kses requires PHP 4 or higher.");
+	}
+
+	/**
+	*	Only install KSES4 once
+	*/
+	if(!defined('KSES_CLASS_PHP4'))
+	{
+		define('KSES_CLASS_PHP4', true);
+
+	/**
+	*	Kses strips evil scripts!
+	*
+	*	This class provides the capability for removing unwanted HTML/XHTML, attributes from
+	*	tags, and protocols contained in links.  The net result is a much more powerful tool
+	*	than the PHP internal strip_tags()
+	*
+	*	This is a fork of a slick piece of procedural code called 'kses' written by Ulf Harnhammar
+	*	The entire set of functions was wrapped in a PHP object with some internal modifications
+	*	by Richard Vasquez (http://www.chaos.org/) 7/25/2003
+	*
+	*	This upgrade provides the following:
+	*	+ Version number synced to procedural version number
+	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
+	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
+	*	+ Kses4 now works in E_STRICT
+	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol(), RemoveProtocols() and SetProtocols()
+	*	+ Deprecated _hook(), Protocols()
+	*	+ Integrated code from kses 0.2.2 into class.
+	*
+	*	@author     Richard R. Vásquez, Jr. (Original procedural code by Ulf Härnhammar)
+	*	@link       http://sourceforge.net/projects/kses/ Home Page for Kses
+	*	@link       http://chaos.org/contact/ Contact page with current email address for Richard Vasquez
+	*	@copyright  Richard R. Vásquez, Jr. 2003-2005
+	*	@version    PHP4 OOP 0.2.2
+	*	@license    http://www.gnu.org/licenses/gpl.html GNU Public License
+	*	@package    kses
+	*/
+		class kses4
+		{
+			/**#@+
+			 *	@access private
+			 *	@var array
+			 */
+			var $allowed_protocols = array();
+			var $allowed_html      = array();
+			/**#@-*/
+
+			/**
+			 *	Constructor for kses.
+			 *
+			 *	This sets a default collection of protocols allowed in links, and creates an
+			 *	empty set of allowed HTML tags.
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function kses4()
+			{
+				/**
+				 *	You could add protocols such as ftp, new, gopher, mailto, irc, etc.
+				 *
+				 *	The base values the original kses provided were:
+				 *		'http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'gopher', 'mailto'
+				 */
+				$this->allowed_protocols = array('http', 'ftp', 'mailto');
+				$this->allowed_html      = array();
+			}
+
+			/**
+			 *	Basic task of kses - parses $string and strips it as required.
+			 *
+			 *	This method strips all the disallowed (X)HTML tags, attributes
+			 *	and protocols from the input $string.
+			 *
+			 *	@access public
+			 *	@param string $string String to be stripped of 'evil scripts'
+			 *	@return string The stripped string
+			 *	@since PHP4 OOP 0.2.1
+			 */
+			function Parse($string = "")
+			{
+				if (get_magic_quotes_gpc())
+				{
+					$string = stripslashes($string);
+				}
+				$string = $this->_no_null($string);
+				$string = $this->_js_entities($string);
+				$string = $this->_normalize_entities($string);
+				$string = $this->filterKsesTextHook($string);
+				return    $this->_split($string);
+			}
+
+			/**
+			 *	Allows for single/batch addition of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	The argument will be processed, and each string will be added
+			 *	via AddProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be added to the internal list of allowed protocols.
+			 *	@return bool Status of adding valid protocols.
+			 *	@see AddProtocol()
+			 *	@since PHP4 OOP 0.2.1
+			 */
+			function AddProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses4::AddProtocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					foreach($protocol_data as $protocol)
+					{
+						$this->AddProtocol($protocol);
+					}
+					return true;
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->AddProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses4::AddProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	Allows for single/batch addition of protocols
+			 *
+			 *	@deprecated Use AddProtocols()
+			 *	@see AddProtocols()
+			 *	@return bool
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function Protocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses4::Protocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				return $this->AddProtocols(func_get_arg(0));
+			}
+
+			/**
+			 *	Adds a single protocol to $this->allowed_protocols.
+			 *
+			 *	This method accepts a string argument and adds it to
+			 *	the list of allowed protocols to keep when performing
+			 *	Parse().
+			 *
+			 *	@access public
+			 *	@param string $protocol The name of the protocol to be added.
+			 *	@return bool Status of adding valid protocol.
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function AddProtocol($protocol = "")
+			{
+				if(!is_string($protocol))
+				{
+					trigger_error("kses4::AddProtocol() requires a string.", E_USER_WARNING);
+					return false;
+				}
+
+				$protocol = strtolower(trim($protocol));
+				if($protocol == "")
+				{
+					trigger_error("kses4::AddProtocol() tried to add an empty/NULL protocol.", E_USER_WARNING);
+					return false;
+				}
+
+				// Remove any inadvertent ':' at the end of the protocol.
+				if(substr($protocol, strlen($protocol) - 1, 1) == ":")
+				{
+					$protocol = substr($protocol, 0, strlen($protocol) - 1);
+				}
+
+				if(!in_array($protocol, $this->allowed_protocols))
+				{
+					array_push($this->allowed_protocols, $protocol);
+					sort($this->allowed_protocols);
+				}
+				return true;
+			}
+
+			/**
+			 *	Allows for single/batch replacement of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	Existing protocols will be removed, then the argument will be
+			 *	processed, and each string will be added via AddProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be the new internal list of allowed protocols.
+			 *	@return bool Status of replacing valid protocols.
+			 *	@since PHP4 OOP 0.2.2
+			 *	@see AddProtocol()
+			 */
+			function SetProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses4::SetProtocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					$this->allowed_protocols = array();
+					foreach($protocol_data as $protocol)
+					{
+						$this->AddProtocol($protocol);
+					}
+					return true;
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->allowed_protocols = array();
+					$this->AddProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses4::SetProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	Raw dump of allowed protocols
+			 *
+			 *	This returns an indexed array of allowed protocols for a particular KSES
+			 *	instantiation.
+			 *
+			 *	@access public
+			 *	@return array The list of allowed protocols.
+			 *	@since PHP4 OOP 0.2.2
+			 */
+			function DumpProtocols()
+			{
+				return $this->allowed_protocols;
+			}
+
+			/**
+			 *	Raw dump of allowed (X)HTML elements
+			 *
+			 *	This returns an indexed array of allowed (X)HTML elements and attributes
+			 *	for a particular KSES instantiation.
+			 *
+			 *	@access public
+			 *	@return array The list of allowed elements.
+			 *	@since PHP4 OOP 0.2.2
+			 */
+			function DumpElements()
+			{
+				return $this->allowed_html;
+			}
+
+			/**
+			 *	Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'.
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	@access public
+			 *	@param string $tag (X)HTML tag that will be allowed after stripping text.
+			 *	@param array $attribs Associative array of allowed attributes - key => attribute name - value => attribute parameter
+			 *	@return bool Status of Adding (X)HTML and attributes.
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function AddHTML($tag = "", $attribs = array())
+			{
+				if(!is_string($tag))
+				{
+					trigger_error("kses4::AddHTML() requires the tag to be a string", E_USER_WARNING);
+					return false;
+				}
+
+				$tag = strtolower(trim($tag));
+				if($tag == "")
+				{
+					trigger_error("kses4::AddHTML() tried to add an empty/NULL tag", E_USER_WARNING);
+					return false;
+				}
+
+				if(!is_array($attribs))
+				{
+					trigger_error("kses4::AddHTML() requires an array (even an empty one) of attributes for '$tag'", E_USER_WARNING);
+					return false;
+				}
+
+				$new_attribs = array();
+				if(is_array($attribs) && count($attribs) > 0)
+				{
+					foreach($attribs as $idx1 => $val1)
+					{
+						$new_idx1 = strtolower($idx1);
+						$new_val1 = $attribs[$idx1];
+
+						if(is_array($new_val1) && count($new_val1) > 0)
+						{
+							$tmp_val = array();
+							foreach($new_val1 as $idx2 => $val2)
+							{
+								$new_idx2 = strtolower($idx2);
+								$tmp_val[$new_idx2] = $val2;
+							}
+							$new_val1 = $tmp_val;
+						}
+
+						$new_attribs[$new_idx1] = $new_val1;
+					}
+				}
+
+				$this->allowed_html[$tag] = $new_attribs;
+				return true;
+			}
+
+			/**
+			 *	Removes a single protocol from $this->allowed_protocols.
+			 *
+			 *	This method accepts a string argument and removes it from
+			 *	the list of allowed protocols to keep when performing
+			 *	Parse().
+			 *
+			 *	@access public
+			 *	@param string $protocol The name of the protocol to be removed.
+			 *	@return bool Status of removing valid protocol.
+			 *	@since PHP4 OOP 0.2.1
+			 */
+			function RemoveProtocol($protocol = "")
+			{
+				if(!is_string($protocol))
+				{
+					trigger_error("kses4::RemoveProtocol() requires a string.", E_USER_WARNING);
+					return false;
+				}
+
+				// Remove any inadvertent ':' at the end of the protocol.
+				if(substr($protocol, strlen($protocol) - 1, 1) == ":")
+				{
+					$protocol = substr($protocol, 0, strlen($protocol) - 1);
+				}
+
+				$protocol = strtolower(trim($protocol));
+				if($protocol == "")
+				{
+					trigger_error("kses4::RemoveProtocol() tried to remove an empty/NULL protocol.", E_USER_WARNING);
+					return false;
+				}
+
+				//	Ensures that the protocol exists before removing it.
+				if(in_array($protocol, $this->allowed_protocols))
+				{
+					$this->allowed_protocols = array_diff($this->allowed_protocols, array($protocol));
+					sort($this->allowed_protocols);
+				}
+
+				return true;
+			}
+
+			/**
+			 *	Allows for single/batch removal of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	The argument will be processed, and each string will be removed
+			 *	via RemoveProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be removed from the internal list of allowed protocols.
+			 *	@return bool Status of removing valid protocols.
+			 *	@see RemoveProtocol()
+			 *	@since PHP5 OOP 0.2.1
+			 */
+			function RemoveProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					foreach($protocol_data as $protocol)
+					{
+						$this->RemoveProtocol($protocol);
+					}
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->RemoveProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses4::RemoveProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	This method removes any NULL or characters in $string.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string String without any NULL/chr(173)
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _no_null($string)
+			{
+				$string = preg_replace('/\0+/', '', $string);
+				$string = preg_replace('/(\\\\0)+/', '', $string);
+				return $string;
+			}
+
+			/**
+			 *	This function removes the HTML JavaScript entities found in early versions of
+			 *	Netscape 4.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string String without any NULL/chr(173)
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _js_entities($string)
+			{
+			  return preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string);
+			}
+
+			/**
+			 *	Normalizes HTML entities
+			 *
+			 *	This function normalizes HTML entities. It will convert "AT&T" to the correct
+			 *	"AT&amp;T", "&#00058;" to "&#58;", "&#XYZZY;" to "&amp;#XYZZY;" and so on.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string String with normalized entities
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _normalize_entities($string)
+			{
+				# Disarm all entities by converting & to &amp;
+			  $string = str_replace('&', '&amp;', $string);
+
+				# Change back the allowed entities in our entity white list
+
+			  $string = preg_replace('/&amp;([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
+			  $string = preg_replace('/&amp;#0*([0-9]{1,5});/e', '\$this->_normalize_entities2("\\1")', $string);
+			  $string = preg_replace('/&amp;#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', '&#\\1\\2;', $string);
+
+			  return $string;
+			}
+
+			/**
+			 *	Helper method used by normalizeEntites()
+			 *
+			 *	This method helps normalizeEntities() to only accept 16 bit values
+			 *	and nothing more for &#number; entities.
+			 *
+			 *	This method helps normalize_entities() during a preg_replace()
+			 *	where a &#(0)*XXXXX; occurs.  The '(0)*XXXXXX' value is converted to
+			 *	a number and the result is returned as a numeric entity if the number
+			 *	is less than 65536.  Otherwise, the value is returned 'as is'.
+			 *
+			 *	@access private
+			 *	@param string $i
+			 *	@return string Normalized numeric entity
+			 *	@see _normalize_entities()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _normalize_entities2($i)
+			{
+			  return (($i > 65535) ? "&amp;#$i;" : "&#$i;");
+			}
+
+			/**
+			 *	Allows for additional user defined modifications to text.
+			 *
+			 *	@deprecated use filterKsesTextHook()
+			 *	@param string $string
+			 *	@see filterKsesTextHook()
+			 *	@return string
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _hook($string)
+			{
+			  return $this->filterKsesTextHook($string);
+			}
+
+			/**
+			 *	Allows for additional user defined modifications to text.
+			 *
+			 *	This method allows for additional modifications to be performed on
+			 *	a string that's being run through Parse().  Currently, it returns the
+			 *	input string 'as is'.
+			 *
+			 *	This method is provided for users to extend the kses class for their own
+			 *	requirements.
+			 *
+			 *	@access public
+			 *	@param string $string String to perfrom additional modifications on.
+			 *	@return string User modified string.
+			 *	@see Parse()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			function filterKsesTextHook($string)
+			{
+			  return $string;
+			}
+
+			/**
+			 *	This method goes through an array, and changes the keys to all lower case.
+			 *
+			 *	@access private
+			 *	@param array $in_array Associative array
+			 *	@return array Modified array
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _array_lc($inarray)
+			{
+			  $outarray = array();
+
+				if(is_array($inarray) && count($inarray) > 0)
+				{
+					foreach ($inarray as $inkey => $inval)
+					{
+						$outkey = strtolower($inkey);
+						$outarray[$outkey] = array();
+
+						if(is_array($inval) && count($inval) > 0)
+						{
+							foreach ($inval as $inkey2 => $inval2)
+							{
+								$outkey2 = strtolower($inkey2);
+								$outarray[$outkey][$outkey2] = $inval2;
+							}
+						}
+					}
+				}
+
+			  return $outarray;
+			}
+
+			/**
+			 *	This method searched for HTML tags, no matter how malformed.  It also
+			 *	matches stray ">" characters.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string HTML tags
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _split($string)
+			{
+				return preg_replace(
+					'%(<'.   # EITHER: <
+					'[^>]*'. # things that aren't >
+					'(>|$)'. # > or end of string
+					'|>)%e', # OR: just a >
+					"\$this->_split2('\\1')",
+					$string);
+			}
+
+			/**
+			 *	This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes.
+			 *
+			 *	This method does a lot of work. It rejects some very malformed things
+			 *	like <:::>. It returns an empty string if the element isn't allowed (look
+			 *	ma, no strip_tags()!). Otherwise it splits the tag into an element and an
+			 *	allowed attribute list.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string Modified string minus disallowed/mangled (X)HTML and attributes
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _split2($string)
+			{
+				$string = $this->_stripslashes($string);
+
+				if (substr($string, 0, 1) != '<')
+				{
+					# It matched a ">" character
+					return '&gt;';
+				}
+
+				if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
+				{
+					# It's seriously malformed
+					return '';
+				}
+
+				$slash    = trim($matches[1]);
+				$elem     = $matches[2];
+				$attrlist = $matches[3];
+
+				if (
+					!isset($this->allowed_html[strtolower($elem)]) ||
+					!is_array($this->allowed_html[strtolower($elem)])
+				)
+				{
+					# They are using a not allowed HTML element
+					return '';
+				}
+
+				if ($slash != '')
+				{
+					return "<$slash$elem>";
+				}
+				# No attributes are allowed for closing elements
+
+				return $this->_attr("$slash$elem", $attrlist);
+			}
+
+			/**
+			 *	This method strips out disallowed attributes for (X)HTML tags.
+			 *
+			 *	This method removes all attributes if none are allowed for this element.
+			 *	If some are allowed it calls $this->_hair() to split them further, and then it
+			 *	builds up new HTML code from the data that $this->_hair() returns. It also
+			 *	removes "<" and ">" characters, if there are any left. One more thing it
+			 *	does is to check if the tag has a closing XHTML slash, and if it does,
+			 *	it puts one in the returned code as well.
+			 *
+			 *	@access private
+			 *	@param string $element (X)HTML tag to check
+			 *	@param string $attr Text containing attributes to check for validity.
+			 *	@return string Resulting valid (X)HTML or ''
+			 *	@see _hair()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _attr($element, $attr)
+			{
+				# Is there a closing XHTML slash at the end of the attributes?
+				$xhtml_slash = '';
+				if (preg_match('%\s/\s*$%', $attr))
+				{
+					$xhtml_slash = ' /';
+				}
+
+				# Are any attributes allowed at all for this element?
+				if (
+					!isset($this->allowed_html[strtolower($element)]) ||
+					count($this->allowed_html[strtolower($element)]) == 0
+				)
+				{
+					return "<$element$xhtml_slash>";
+				}
+
+				# Split it
+				$attrarr = $this->_hair($attr);
+
+				# Go through $attrarr, and save the allowed attributes for this element
+				# in $attr2
+				$attr2 = '';
+				if(is_array($attrarr) && count($attrarr) > 0)
+				{
+					foreach ($attrarr as $arreach)
+					{
+						if(!isset($this->allowed_html[strtolower($element)][strtolower($arreach['name'])]))
+						{
+							continue;
+						}
+
+						$current = $this->allowed_html[strtolower($element)][strtolower($arreach['name'])];
+						if ($current == '')
+						{
+							# the attribute is not allowed
+							continue;
+						}
+
+						if (!is_array($current))
+						{
+							# there are no checks
+							$attr2 .= ' '.$arreach['whole'];
+						}
+						else
+						{
+							# there are some checks
+							$ok = true;
+							if(is_array($current) && count($current) > 0)
+							{
+								foreach ($current as $currkey => $currval)
+								{
+									if (!$this->_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval))
+									{
+										$ok = false;
+										break;
+									}
+								}
+
+								if ($ok)
+								{
+									# it passed them
+									$attr2 .= ' '.$arreach['whole'];
+								}
+							}
+						}
+					}
+				}
+
+				# Remove any "<" or ">" characters
+				$attr2 = preg_replace('/[<>]/', '', $attr2);
+				return "<$element$attr2$xhtml_slash>";
+			}
+
+			/**
+			 *	This method combs through an attribute list string and returns an associative array of attributes and values.
+			 *
+			 *	This method does a lot of work. It parses an attribute list into an array
+			 *	with attribute data, and tries to do the right thing even if it gets weird
+			 *	input. It will add quotes around attribute values that don't have any quotes
+			 *	or apostrophes around them, to make it easier to produce HTML code that will
+			 *	conform to W3C's HTML specification. It will also remove bad URL protocols
+			 *	from attribute values.
+			 *
+			 *	@access private
+			 *	@param string $attr Text containing tag attributes for parsing
+			 *	@return array Associative array containing data on attribute and value
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _hair($attr)
+			{
+				$attrarr  = array();
+				$mode     = 0;
+				$attrname = '';
+
+				# Loop through the whole attribute list
+
+				while (strlen($attr) != 0)
+				{
+					# Was the last operation successful?
+					$working = 0;
+
+					switch ($mode)
+					{
+						case 0:	# attribute name, href for instance
+							if (preg_match('/^([-a-zA-Z]+)/', $attr, $match))
+							{
+								$attrname = $match[1];
+								$working = $mode = 1;
+								$attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
+							}
+							break;
+						case 1:	# equals sign or valueless ("selected")
+							if (preg_match('/^\s*=\s*/', $attr)) # equals sign
+							{
+								$working = 1;
+								$mode    = 2;
+								$attr    = preg_replace('/^\s*=\s*/', '', $attr);
+								break;
+							}
+							if (preg_match('/^\s+/', $attr)) # valueless
+							{
+								$working   = 1;
+								$mode      = 0;
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => '',
+									'whole' => $attrname,
+									'vless' => 'y'
+								);
+								$attr      = preg_replace('/^\s+/', '', $attr);
+							}
+							break;
+						case 2: # attribute value, a URL after href= for instance
+							if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) # "value"
+							{
+								$thisval   = $this->_bad_protocol($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => "$attrname=\"$thisval\"",
+									'vless' => 'n'
+								);
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr);
+								break;
+							}
+							if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match)) # 'value'
+							{
+								$thisval   = $this->_bad_protocol($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => "$attrname='$thisval'",
+									'vless' => 'n'
+								);
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace("/^'[^']*'(\s+|$)/", '', $attr);
+								break;
+							}
+							if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match)) # value
+							{
+								$thisval   = $this->_bad_protocol($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => "$attrname=\"$thisval\"",
+									'vless' => 'n'
+								);
+								# We add quotes to conform to W3C's HTML spec.
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace("%^[^\s\"']+(\s+|$)%", '', $attr);
+							}
+							break;
+					}
+
+					if ($working == 0) # not well formed, remove and try again
+					{
+						$attr = $this->_html_error($attr);
+						$mode = 0;
+					}
+				}
+
+				# special case, for when the attribute list ends with a valueless
+				# attribute like "selected"
+				if ($mode == 1)
+				{
+					$attrarr[] = array(
+						'name'  => $attrname,
+						'value' => '',
+						'whole' => $attrname,
+						'vless' => 'y'
+					);
+				}
+
+				return $attrarr;
+			}
+
+			/**
+			 *	This method removes disallowed protocols.
+			 *
+			 *	This method removes all non-allowed protocols from the beginning of
+			 *	$string. It ignores whitespace and the case of the letters, and it does
+			 *	understand HTML entities. It does its work in a while loop, so it won't be
+			 *	fooled by a string like "javascript:javascript:alert(57)".
+			 *
+			 *	@access private
+			 *	@param string $string String to check for protocols
+			 *	@return string String with removed protocols
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _bad_protocol($string)
+			{
+				$string  = $this->_no_null($string);
+				$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
+				$string2 = $string.'a';
+
+				while ($string != $string2)
+				{
+					$string2 = $string;
+					$string  = $this->_bad_protocol_once($string);
+				} # while
+
+				return $string;
+			}
+
+			/**
+			 *	Helper method used by _bad_protocol()
+			 *
+			 *	This function searches for URL protocols at the beginning of $string, while
+			 *	handling whitespace and HTML entities.
+			 *
+			 *	@access private
+			 *	@param string $string String to check for protocols
+			 *	@return string String with removed protocols
+			 *	@see _bad_protocol()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _bad_protocol_once($string)
+			{
+				return preg_replace(
+					'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
+					'(:|&#58;|&#[Xx]3[Aa];)\s*/e',
+					'\$this->_bad_protocol_once2("\\1")',
+					$string
+				);
+			}
+
+			/**
+			 *	Helper method used by _bad_protocol_once() regex
+			 *
+			 *	This function processes URL protocols, checks to see if they're in the white-
+			 *	list or not, and returns different data depending on the answer.
+			 *
+			 *	@access private
+			 *	@param string $string String to check for protocols
+			 *	@return string String with removed protocols
+			 *	@see _bad_protocol()
+			 *	@see _bad_protocol_once()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _bad_protocol_once2($string)
+			{
+				$string = $this->_decode_entities($string);
+				$string = preg_replace('/\s/', '', $string);
+				$string = $this->_no_null($string);
+				$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
+				$string = strtolower($string);
+
+				$allowed = false;
+				if(is_array($this->allowed_protocols) && count($this->allowed_protocols) > 0)
+				{
+					foreach ($this->allowed_protocols as $one_protocol)
+					{
+						if (strtolower($one_protocol) == $string)
+						{
+							$allowed = true;
+							break;
+						}
+					}
+				}
+
+				if ($allowed)
+				{
+					return "$string:";
+				}
+				else
+				{
+					return '';
+				}
+			}
+
+			/**
+			 *	This function performs different checks for attribute values.
+			 *
+			 *	The currently implemented checks are "maxlen", "minlen", "maxval",
+			 *	"minval" and "valueless" with even more checks to come soon.
+			 *
+			 *	@access private
+			 *	@param string $value The value of the attribute to be checked.
+			 *	@param string $vless Indicates whether the the value is supposed to be valueless
+			 *	@param string $checkname The check to be performed
+			 *	@param string $checkvalue The value that is to be checked against
+			 *	@return bool Indicates whether the check passed or not
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _check_attr_val($value, $vless, $checkname, $checkvalue)
+			{
+				$ok = true;
+
+				switch (strtolower($checkname))
+				{
+					/**
+					*	The maxlen check makes sure that the attribute value has a length not
+					*	greater than the given value. This can be used to avoid Buffer Overflows
+					*	in WWW clients and various Internet servers.
+					*/
+					case 'maxlen':
+						if (strlen($value) > $checkvalue)
+						{
+							$ok = false;
+						}
+						break;
+
+					/**
+					*	The minlen check makes sure that the attribute value has a length not
+					*	smaller than the given value.
+					*/
+					case 'minlen':
+						if (strlen($value) < $checkvalue)
+						{
+							$ok = false;
+						}
+						break;
+
+					/**
+					*	The maxval check does two things: it checks that the attribute value is
+					*	an integer from 0 and up, without an excessive amount of zeroes or
+					*	whitespace (to avoid Buffer Overflows). It also checks that the attribute
+					*	value is not greater than the given value.
+					*	This check can be used to avoid Denial of Service attacks.
+					*/
+					case 'maxval':
+						if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
+						{
+							$ok = false;
+						}
+						if ($value > $checkvalue)
+						{
+							$ok = false;
+						}
+						break;
+
+					/**
+					*	The minval check checks that the attribute value is a positive integer,
+					*	and that it is not smaller than the given value.
+					*/
+					case 'minval':
+						if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
+						{
+							$ok = false;
+						}
+						if ($value < $checkvalue)
+						{
+							$ok = false;
+						}
+						break;
+
+					/**
+					*	The valueless check checks if the attribute has a value
+					*	(like <a href="blah">) or not (<option selected>). If the given value
+					*	is a "y" or a "Y", the attribute must not have a value.
+					*	If the given value is an "n" or an "N", the attribute must have one.
+					*/
+					case 'valueless':
+					if (strtolower($checkvalue) != $vless)
+					{
+						$ok = false;
+					}
+					break;
+
+				}
+
+				return $ok;
+			}
+
+			/**
+			 *	Changes \" to "
+			 *
+			 *	This function changes the character sequence  \"  to just  "
+			 *	It leaves all other slashes alone. It's really weird, but the quoting from
+			 *	preg_replace(//e) seems to require this.
+			 *
+			 *	@access private
+			 *	@param string $string The string to be stripped.
+			 *	@return string string stripped of \"
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _stripslashes($string)
+			{
+				return preg_replace('%\\\\"%', '"', $string);
+			}
+
+			/**
+			 *	helper method for _hair()
+			 *
+			 *	This function deals with parsing errors in _hair(). The general plan is
+			 *	to remove everything to and including some whitespace, but it deals with
+			 *	quotes and apostrophes as well.
+			 *
+			 *	@access private
+			 *	@param string $string The string to be stripped.
+			 *	@return string string stripped of whitespace
+			 *	@see _hair()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _html_error($string)
+			{
+				return preg_replace('/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $string);
+			}
+
+			/**
+			 *	Decodes numeric HTML entities
+			 *
+			 *	This method decodes numeric HTML entities (&#65; and &#x41;). It doesn't
+			 *	do anything with other entities like &auml;, but we don't need them in the
+			 *	URL protocol white listing system anyway.
+			 *
+			 *	@access private
+			 *	@param string $value The entitiy to be decoded.
+			 *	@return string Decoded entity
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _decode_entities($string)
+			{
+				$string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string);
+				$string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string);
+				return $string;
+			}
+
+			/**
+			 *	Returns PHP4 OOP version # of kses.
+			 *
+			 *	Since this class has been refactored and documented and proven to work,
+			 *	I'm syncing the version number to procedural kses.
+			 *
+			 *	@access public
+			 *	@return string Version number
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			function _version()
+			{
+				return 'PHP4 0.2.2 (OOP fork of procedural kses 0.2.2)';
+			}
+		}
+
+
+
+	}
+?>
\ No newline at end of file
diff --git a/vendors/kses/oop/php5.class.kses.php b/vendors/kses/oop/php5.class.kses.php
new file mode 100644
index 000000000..541f1bd1e
--- /dev/null
+++ b/vendors/kses/oop/php5.class.kses.php
@@ -0,0 +1,1172 @@
+<?php
+
+	/*
+	 * ==========================================================================================
+	 *
+	 * This program is free software and open source software; you can redistribute
+	 * it and/or modify it under the terms of the GNU General Public License as
+	 * published by the Free Software Foundation; either version 2 of the License,
+	 * or (at your option) any later version.
+	 *
+	 * This program is distributed in the hope that it will be useful, but WITHOUT
+	 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+	 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+	 * more details.
+	 *
+	 * You should have received a copy of the GNU General Public License along
+	 * with this program; if not, write to the Free Software Foundation, Inc.,
+	 * 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  or visit
+	 * http://www.gnu.org/licenses/gpl.html
+	 *
+	 * ==========================================================================================
+	 */
+
+	/**
+	*	Class file for PHP5 OOP version of kses
+	*
+	*	This is an updated version of kses to work with PHP5 that works under E_STRICT.
+	*
+	*	This version is a bit of a rewrite to match my own coding style and use some of the
+	*	capabilities allowed in PHP5.  Since this was a significant rewrite, but it still
+	*	maintains backward compatibility syntax-wise, the version number is now 1.0.0.  Any
+	*	minor changes that do not break compatibility will be indicated in the second or third
+	*	digits.  Anything that breaks compatibility will change the major version number.
+	*
+	*	PHP5 specific changes:
+	*	+ Private methods are now in place
+	*	+ __construct() is now used rather then the standard class name 'kses()'
+	*	+ Kses will not load in any version less that PHP5
+	*	Other modifications:
+	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
+	*	+ Method names have been changed to reflect status as verbs
+	*	+ One line methods have been folded into the code
+	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
+	*	+ Kses5 now works in E_STRICT
+	*	+ Version number is 1.0.0 to reflect serious code changes
+	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol(), RemoveProtocols() and SetProtocols()
+	*	+ Deprecated _hook(), Protocols()
+	*
+	*	@package    kses
+	*	@subpackage kses5
+	*/
+
+	if(substr(phpversion(), 0, 1) < 5)
+	{
+		die("Class kses requires PHP 5 or higher.");
+	}
+
+	/**
+	*	Only install KSES5 once
+	*/
+	if(!defined('KSES_CLASS_PHP5'))
+	{
+		define('KSES_CLASS_PHP5', true);
+
+	/**
+	*	Kses strips evil scripts!
+	*
+	*	This class provides the capability for removing unwanted HTML/XHTML, attributes from
+	*	tags, and protocols contained in links.  The net result is a much more powerful tool
+	*	than the PHP internal strip_tags()
+	*
+	*	This is a fork of a slick piece of procedural code called 'kses' written by Ulf Harnhammar.
+	*
+	*	The original class for PHP4 was basically a wrapper around all of the functions in
+	*	the procedural code written by Ulf, and was released 7/25/2003.
+	*
+	*	This version is a bit of a rewrite to match my own coding style and use some of the
+	*	capabilities allowed in PHP5.  Since this was a significant rewrite, but it still
+	*	maintains backward compatibility syntax-wise, the version number is now 1.0.0.  Any
+	*	minor changes that do not break compatibility will be indicated in the second or third
+	*	digits.  Anything that breaks compatibility will change the major version number.
+	*
+	*	PHP5 specific changes:
+	*	+ Private methods are now in place
+	*	+ __construct() is now used rather then the standard class name 'kses()'
+	*	+ Kses5 will not load in any version less that PHP5
+	*	Other modifications:
+	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
+	*	+ Method names have been changed to reflect status as verbs
+	*	+ One line methods have been folded into the code
+	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
+	*	+ Kses now works in E_STRICT
+	*	+ Initial Version number set to 1.0.0 to reflect serious code changes
+	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol(), RemoveProtocols() and SetProtocols()
+	*	+ Deprecated _hook(), Protocols()
+	*	+ Integrated code from kses 0.2.2 into class.
+	*	+ Added methods DumpProtocols(), DumpMethods()
+	*
+	*	@author     Richard R. Vásquez, Jr. (Original procedural code by Ulf Härnhammar)
+	*	@link       http://sourceforge.net/projects/kses/ Home Page for Kses
+	*	@link       http://chaos.org/contact/ Contact page with current email address for Richard Vasquez
+	*	@copyright  Richard R. Vásquez, Jr. 2005
+	*	@version    PHP5 OOP 1.0.2
+	*	@license    http://www.gnu.org/licenses/gpl.html GNU Public License
+	*	@package    kses
+	*/
+		class kses5
+		{
+			/**#@+
+			 *	@access private
+			 *	@var array
+			 */
+			private $allowed_protocols;
+			private $allowed_html;
+			/**#@-*/
+
+			/**
+			 *	Constructor for kses.
+			 *
+			 *	This sets a default collection of protocols allowed in links, and creates an
+			 *	empty set of allowed HTML tags.
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			public function __construct()
+			{
+				/**
+				 *	You could add protocols such as ftp, new, gopher, mailto, irc, etc.
+				 *
+				 *	The base values the original kses provided were:
+				 *		'http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'gopher', 'mailto'
+				 */
+				$this->allowed_protocols = array('http', 'ftp', 'mailto');
+				$this->allowed_html      = array();
+			}
+
+			/**
+			 *	Basic task of kses - parses $string and strips it as required.
+			 *
+			 *	This method strips all the disallowed (X)HTML tags, attributes
+			 *	and protocols from the input $string.
+			 *
+			 *	@access public
+			 *	@param string $string String to be stripped of 'evil scripts'
+			 *	@return string The stripped string
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			public function Parse($string = "")
+			{
+				if (get_magic_quotes_gpc())
+				{
+					$string = stripslashes($string);
+				}
+				$string = $this->removeNulls($string);
+				//	Remove JavaScript entities from early Netscape 4 versions
+				$string = preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string);
+				$string = $this->normalizeEntities($string);
+				$string = $this->filterKsesTextHook($string);
+				$string = preg_replace('%(<' . '[^>]*' . '(>|$)' . '|>)%e', "\$this->stripTags('\\1')", $string);
+				return $string;
+			}
+
+			/**
+			 *	Allows for single/batch addition of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	The argument will be processed, and each string will be added
+			 *	via AddProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be added to the internal list of allowed protocols.
+			 *	@return bool Status of adding valid protocols.
+			 *	@see AddProtocol()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			public function AddProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses5::AddProtocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					foreach($protocol_data as $protocol)
+					{
+						$this->AddProtocol($protocol);
+					}
+					return true;
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->AddProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses5::AddProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	Allows for single/batch addition of protocols
+			 *
+			 *	@deprecated Use AddProtocols()
+			 *	@see AddProtocols()
+			 *	@return bool
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			public function Protocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses5::Protocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				return $this->AddProtocols(func_get_arg(0));
+			}
+
+			/**
+			 *	Adds a single protocol to $this->allowed_protocols.
+			 *
+			 *	This method accepts a string argument and adds it to
+			 *	the list of allowed protocols to keep when performing
+			 *	Parse().
+			 *
+			 *	@access public
+			 *	@param string $protocol The name of the protocol to be added.
+			 *	@return bool Status of adding valid protocol.
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			public function AddProtocol($protocol = "")
+			{
+				if(!is_string($protocol))
+				{
+					trigger_error("kses5::AddProtocol() requires a string.", E_USER_WARNING);
+					return false;
+				}
+
+				// Remove any inadvertent ':' at the end of the protocol.
+				if(substr($protocol, strlen($protocol) - 1, 1) == ":")
+				{
+					$protocol = substr($protocol, 0, strlen($protocol) - 1);
+				}
+
+				$protocol = strtolower(trim($protocol));
+				if($protocol == "")
+				{
+					trigger_error("kses5::AddProtocol() tried to add an empty/NULL protocol.", E_USER_WARNING);
+					return false;
+				}
+
+				//	prevent duplicate protocols from being added.
+				if(!in_array($protocol, $this->allowed_protocols))
+				{
+					array_push($this->allowed_protocols, $protocol);
+					sort($this->allowed_protocols);
+				}
+				return true;
+			}
+
+			/**
+			 *	Removes a single protocol from $this->allowed_protocols.
+			 *
+			 *	This method accepts a string argument and removes it from
+			 *	the list of allowed protocols to keep when performing
+			 *	Parse().
+			 *
+			 *	@access public
+			 *	@param string $protocol The name of the protocol to be removed.
+			 *	@return bool Status of removing valid protocol.
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			public function RemoveProtocol($protocol = "")
+			{
+				if(!is_string($protocol))
+				{
+					trigger_error("kses5::RemoveProtocol() requires a string.", E_USER_WARNING);
+					return false;
+				}
+
+				// Remove any inadvertent ':' at the end of the protocol.
+				if(substr($protocol, strlen($protocol) - 1, 1) == ":")
+				{
+					$protocol = substr($protocol, 0, strlen($protocol) - 1);
+				}
+
+				$protocol = strtolower(trim($protocol));
+				if($protocol == "")
+				{
+					trigger_error("kses5::RemoveProtocol() tried to remove an empty/NULL protocol.", E_USER_WARNING);
+					return false;
+				}
+
+				//	Ensures that the protocol exists before removing it.
+				if(in_array($protocol, $this->allowed_protocols))
+				{
+					$this->allowed_protocols = array_diff($this->allowed_protocols, array($protocol));
+					sort($this->allowed_protocols);
+				}
+
+				return true;
+			}
+
+			/**
+			 *	Allows for single/batch removal of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	The argument will be processed, and each string will be removed
+			 *	via RemoveProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be removed from the internal list of allowed protocols.
+			 *	@return bool Status of removing valid protocols.
+			 *	@see RemoveProtocol()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			public function RemoveProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					foreach($protocol_data as $protocol)
+					{
+						$this->RemoveProtocol($protocol);
+					}
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->RemoveProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses5::RemoveProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	Allows for single/batch replacement of protocols
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	Existing protocols will be removed, then the argument will be
+			 *	processed, and each string will be added via AddProtocol().
+			 *
+			 *	@access public
+			 *	@param mixed , A string or array of protocols that will be the new internal list of allowed protocols.
+			 *	@return bool Status of replacing valid protocols.
+			 *	@since PHP5 OOP 1.0.1
+			 *	@see AddProtocol()
+			 */
+			public function SetProtocols()
+			{
+				$c_args = func_num_args();
+				if($c_args != 1)
+				{
+					trigger_error("kses5::SetProtocols() did not receive an argument.", E_USER_WARNING);
+					return false;
+				}
+
+				$protocol_data = func_get_arg(0);
+
+				if(is_array($protocol_data) && count($protocol_data) > 0)
+				{
+					$this->allowed_protocols = array();
+					foreach($protocol_data as $protocol)
+					{
+						$this->AddProtocol($protocol);
+					}
+					return true;
+				}
+				elseif(is_string($protocol_data))
+				{
+					$this->allowed_protocols = array();
+					$this->AddProtocol($protocol_data);
+					return true;
+				}
+				else
+				{
+					trigger_error("kses5::SetProtocols() did not receive a string or an array.", E_USER_WARNING);
+					return false;
+				}
+			}
+
+			/**
+			 *	Raw dump of allowed protocols
+			 *
+			 *	This returns an indexed array of allowed protocols for a particular KSES
+			 *	instantiation.
+			 *
+			 *	@access public
+			 *	@return array The list of allowed protocols.
+			 *	@since PHP5 OOP 1.0.2
+			 */
+			public function DumpProtocols()
+			{
+				return $this->allowed_protocols;
+			}
+
+			/**
+			 *	Raw dump of allowed (X)HTML elements
+			 *
+			 *	This returns an indexed array of allowed (X)HTML elements and attributes
+			 *	for a particular KSES instantiation.
+			 *
+			 *	@access public
+			 *	@return array The list of allowed elements.
+			 *	@since PHP5 OOP 1.0.2
+			 */
+			public function DumpElements()
+			{
+				return $this->allowed_html;
+			}
+
+
+			/**
+			 *	Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'.
+			 *
+			 *	This method accepts one argument that can be either a string
+			 *	or an array of strings.  Invalid data will be ignored.
+			 *
+			 *	@access public
+			 *	@param string $tag (X)HTML tag that will be allowed after stripping text.
+			 *	@param array $attribs Associative array of allowed attributes - key => attribute name - value => attribute parameter
+			 *	@return bool Status of Adding (X)HTML and attributes.
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			public function AddHTML($tag = "", $attribs = array())
+			{
+				if(!is_string($tag))
+				{
+					trigger_error("kses5::AddHTML() requires the tag to be a string", E_USER_WARNING);
+					return false;
+				}
+
+				$tag = strtolower(trim($tag));
+				if($tag == "")
+				{
+					trigger_error("kses5::AddHTML() tried to add an empty/NULL tag", E_USER_WARNING);
+					return false;
+				}
+
+				if(!is_array($attribs))
+				{
+					trigger_error("kses5::AddHTML() requires an array (even an empty one) of attributes for '$tag'", E_USER_WARNING);
+					return false;
+				}
+
+				$new_attribs = array();
+				if(is_array($attribs) && count($attribs) > 0)
+				{
+					foreach($attribs as $idx1 => $val1)
+					{
+						$new_idx1 = strtolower($idx1);
+						$new_val1 = $attribs[$idx1];
+
+						if(is_array($new_val1) && count($attribs) > 0)
+						{
+							$tmp_val = array();
+							foreach($new_val1 as $idx2 => $val2)
+							{
+								$new_idx2 = strtolower($idx2);
+								$tmp_val[$new_idx2] = $val2;
+							}
+							$new_val1 = $tmp_val;
+						}
+
+						$new_attribs[$new_idx1] = $new_val1;
+					}
+				}
+
+				$this->allowed_html[$tag] = $new_attribs;
+				return true;
+			}
+
+			/**
+			 *	This method removes any NULL characters in $string.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string String without any NULL/chr(173)
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function removeNulls($string)
+			{
+				$string = preg_replace('/\0+/', '', $string);
+				$string = preg_replace('/(\\\\0)+/', '', $string);
+				return $string;
+			}
+
+			/**
+			 *	Normalizes HTML entities
+			 *
+			 *	This function normalizes HTML entities. It will convert "AT&T" to the correct
+			 *	"AT&amp;T", "&#00058;" to "&#58;", "&#XYZZY;" to "&amp;#XYZZY;" and so on.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string String with normalized entities
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function normalizeEntities($string)
+			{
+				# Disarm all entities by converting & to &amp;
+				$string = str_replace('&', '&amp;', $string);
+
+				#	TODO: Change back (Keep?) the allowed entities in our entity white list
+
+				#	Keeps entities that start with [A-Za-z]
+				$string = preg_replace(
+					'/&amp;([A-Za-z][A-Za-z0-9]{0,19});/',
+					'&\\1;',
+					$string
+				);
+
+				#	Change numeric entities to valid 16 bit values
+
+				$string = preg_replace(
+					'/&amp;#0*([0-9]{1,5});/e',
+					'\$this->normalizeEntities16bit("\\1")',
+					$string
+				);
+
+				#	Change &XHHHHHHH (Hex digits) to 16 bit hex values
+				$string = preg_replace(
+					'/&amp;#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/',
+					'&#\\1\\2;',
+					$string
+				);
+
+				return $string;
+			}
+
+			/**
+			 *	Helper method used by normalizeEntites()
+			 *
+			 *	This method helps normalizeEntities() to only accept 16 bit values
+			 *	and nothing more for &#number; entities.
+			 *
+			 *	This method helps normalize_entities() during a preg_replace()
+			 *	where a &#(0)*XXXXX; occurs.  The '(0)*XXXXXX' value is converted to
+			 *	a number and the result is returned as a numeric entity if the number
+			 *	is less than 65536.  Otherwise, the value is returned 'as is'.
+			 *
+			 *	@access private
+			 *	@param string $i
+			 *	@return string Normalized numeric entity
+			 *	@see normalizeEntities()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function normalizeEntities16bit($i)
+			{
+			  return (($i > 65535) ? "&amp;#$i;" : "&#$i;");
+			}
+
+			/**
+			 *	Allows for additional user defined modifications to text.
+			 *
+			 *	This method allows for additional modifications to be performed on
+			 *	a string that's being run through Parse().  Currently, it returns the
+			 *	input string 'as is'.
+			 *
+			 *	This method is provided for users to extend the kses class for their own
+			 *	requirements.
+			 *
+			 *	@access public
+			 *	@param string $string String to perfrom additional modifications on.
+			 *	@return string User modified string.
+			 *	@see Parse()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function filterKsesTextHook($string)
+			{
+			  return $string;
+			}
+
+			/**
+			 *	Allows for additional user defined modifications to text.
+			 *
+			 *	@deprecated use filterKsesTextHook()
+			 *	@param string $string
+			 *	@return string
+			 *	@see filterKsesTextHook()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function _hook($string)
+			{
+				return $this->filterKsesTextHook($string);
+			}
+
+			/**
+			 *	This method goes through an array, and changes the keys to all lower case.
+			 *
+			 *	@access private
+			 *	@param array $in_array Associative array
+			 *	@return array Modified array
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function makeArrayKeysLowerCase($in_array)
+			{
+				$out_array = array();
+
+				if(is_array($in_array) && count($in_array) > 0)
+				{
+					foreach ($in_array as $in_key => $in_val)
+					{
+						$out_key = strtolower($in_key);
+						$out_array[$out_key] = array();
+
+						if(is_array($in_val) && count($in_val) > 0)
+						{
+							foreach ($in_val as $in_key2 => $in_val2)
+							{
+								$out_key2 = strtolower($in_key2);
+								$out_array[$out_key][$out_key2] = $in_val2;
+							}
+						}
+					}
+				}
+
+				return $out_array;
+			}
+
+			/**
+			 *	This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes.
+			 *
+			 *	This method does a lot of work. It rejects some very malformed things
+			 *	like <:::>. It returns an empty string if the element isn't allowed (look
+			 *	ma, no strip_tags()!). Otherwise it splits the tag into an element and an
+			 *	allowed attribute list.
+			 *
+			 *	@access private
+			 *	@param string $string
+			 *	@return string Modified string minus disallowed/mangled (X)HTML and attributes
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function stripTags($string)
+			{
+				$string = preg_replace('%\\\\"%', '"', $string);
+
+				if (substr($string, 0, 1) != '<')
+				{
+					# It matched a ">" character
+					return '&gt;';
+				}
+
+				if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
+				{
+					# It's seriously malformed
+					return '';
+				}
+
+				$slash    = trim($matches[1]);
+				$elem     = $matches[2];
+				$attrlist = $matches[3];
+
+				if (
+					!isset($this->allowed_html[strtolower($elem)]) ||
+					!is_array($this->allowed_html[strtolower($elem)]))
+				{
+					#	Found an HTML element not in the white list
+					return '';
+				}
+
+				if ($slash != '')
+				{
+					return "<$slash$elem>";
+				}
+				# No attributes are allowed for closing elements
+
+				return $this->stripAttributes("$slash$elem", $attrlist);
+			}
+
+			/**
+			 *	This method strips out disallowed attributes for (X)HTML tags.
+			 *
+			 *	This method removes all attributes if none are allowed for this element.
+			 *	If some are allowed it calls combAttributes() to split them further, and then it
+			 *	builds up new HTML code from the data that combAttributes() returns. It also
+			 *	removes "<" and ">" characters, if there are any left. One more thing it
+			 *	does is to check if the tag has a closing XHTML slash, and if it does,
+			 *	it puts one in the returned code as well.
+			 *
+			 *	@access private
+			 *	@param string $element (X)HTML tag to check
+			 *	@param string $attr Text containing attributes to check for validity.
+			 *	@return string Resulting valid (X)HTML or ''
+			 *	@see combAttributes()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function stripAttributes($element, $attr)
+			{
+				# Is there a closing XHTML slash at the end of the attributes?
+				$xhtml_slash = '';
+				if (preg_match('%\s/\s*$%', $attr))
+				{
+					$xhtml_slash = ' /';
+				}
+
+				# Are any attributes allowed at all for this element?
+				if (
+					!isset($this->allowed_html[strtolower($element)]) ||
+					count($this->allowed_html[strtolower($element)]) == 0
+				)
+				{
+					return "<$element$xhtml_slash>";
+				}
+
+				# Split it
+				$attrarr = $this->combAttributes($attr);
+
+				# Go through $attrarr, and save the allowed attributes for this element
+				# in $attr2
+				$attr2 = '';
+				if(is_array($attrarr) && count($attrarr) > 0)
+				{
+					foreach ($attrarr as $arreach)
+					{
+						if(!isset($this->allowed_html[strtolower($element)][strtolower($arreach['name'])]))
+						{
+							continue;
+						}
+
+						$current = $this->allowed_html[strtolower($element)][strtolower($arreach['name'])];
+
+						if (!is_array($current))
+						{
+							# there are no checks
+							$attr2 .= ' '.$arreach['whole'];
+						}
+						else
+						{
+							# there are some checks
+							$ok = true;
+							if(is_array($current) && count($current) > 0)
+							{
+								foreach ($current as $currkey => $currval)
+								{
+									if (!$this->checkAttributeValue($arreach['value'], $arreach['vless'], $currkey, $currval))
+									{
+										$ok = false;
+										break;
+									}
+								}
+							}
+
+							if ($ok)
+							{
+								# it passed them
+								$attr2 .= ' '.$arreach['whole'];
+							}
+						}
+					}
+				}
+
+				# Remove any "<" or ">" characters
+				$attr2 = preg_replace('/[<>]/', '', $attr2);
+				return "<$element$attr2$xhtml_slash>";
+			}
+
+			/**
+			 *	This method combs through an attribute list string and returns an associative array of attributes and values.
+			 *
+			 *	This method does a lot of work. It parses an attribute list into an array
+			 *	with attribute data, and tries to do the right thing even if it gets weird
+			 *	input. It will add quotes around attribute values that don't have any quotes
+			 *	or apostrophes around them, to make it easier to produce HTML code that will
+			 *	conform to W3C's HTML specification. It will also remove bad URL protocols
+			 *	from attribute values.
+			 *
+			 *	@access private
+			 *	@param string $attr Text containing tag attributes for parsing
+			 *	@return array Associative array containing data on attribute and value
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function combAttributes($attr)
+			{
+				$attrarr  = array();
+				$mode     = 0;
+				$attrname = '';
+
+				# Loop through the whole attribute list
+
+				while (strlen($attr) != 0)
+				{
+					# Was the last operation successful?
+					$working = 0;
+
+					switch ($mode)
+					{
+						case 0:	# attribute name, href for instance
+							if (preg_match('/^([-a-zA-Z]+)/', $attr, $match))
+							{
+								$attrname = $match[1];
+								$working = $mode = 1;
+								$attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
+							}
+							break;
+						case 1:	# equals sign or valueless ("selected")
+							if (preg_match('/^\s*=\s*/', $attr)) # equals sign
+							{
+								$working = 1;
+								$mode    = 2;
+								$attr    = preg_replace('/^\s*=\s*/', '', $attr);
+								break;
+							}
+							if (preg_match('/^\s+/', $attr)) # valueless
+							{
+								$working   = 1;
+								$mode      = 0;
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => '',
+									'whole' => $attrname,
+									'vless' => 'y'
+								);
+								$attr      = preg_replace('/^\s+/', '', $attr);
+							}
+							break;
+						case 2: # attribute value, a URL after href= for instance
+							if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) # "value"
+							{
+								$thisval   = $this->removeBadProtocols($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => $attrname . '="' . $thisval . '"',
+									'vless' => 'n'
+								);
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr);
+								break;
+							}
+							if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match)) # 'value'
+							{
+								$thisval   = $this->removeBadProtocols($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => "$attrname='$thisval'",
+									'vless' => 'n'
+								);
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace("/^'[^']*'(\s+|$)/", '', $attr);
+								break;
+							}
+							if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match)) # value
+							{
+								$thisval   = $this->removeBadProtocols($match[1]);
+								$attrarr[] = array(
+									'name'  => $attrname,
+									'value' => $thisval,
+									'whole' => $attrname . '="' . $thisval . '"',
+									'vless' => 'n'
+								);
+								# We add quotes to conform to W3C's HTML spec.
+								$working   = 1;
+								$mode      = 0;
+								$attr      = preg_replace("%^[^\s\"']+(\s+|$)%", '', $attr);
+							}
+							break;
+					}
+
+					if ($working == 0) # not well formed, remove and try again
+					{
+						$attr = preg_replace('/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $attr);
+						$mode = 0;
+					}
+				}
+
+				# special case, for when the attribute list ends with a valueless
+				# attribute like "selected"
+				if ($mode == 1)
+				{
+					$attrarr[] = array(
+						'name'  => $attrname,
+						'value' => '',
+						'whole' => $attrname,
+						'vless' => 'y'
+					);
+				}
+
+				return $attrarr;
+			}
+
+			/**
+			 *	This method removes disallowed protocols.
+			 *
+			 *	This method removes all non-allowed protocols from the beginning of
+			 *	$string. It ignores whitespace and the case of the letters, and it does
+			 *	understand HTML entities. It does its work in a while loop, so it won't be
+			 *	fooled by a string like "javascript:javascript:alert(57)".
+			 *
+			 *	@access private
+			 *	@param string $string String to check for protocols
+			 *	@return string String with removed protocols
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function removeBadProtocols($string)
+			{
+				$string  = $this->RemoveNulls($string);
+				$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
+				$string2 = $string . 'a';
+
+				while ($string != $string2)
+				{
+					$string2 = $string;
+					$string  =  preg_replace(
+										'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
+										'(:|&#58;|&#[Xx]3[Aa];)\s*/e',
+										'\$this->filterProtocols("\\1")',
+										$string
+									);
+				}
+
+				return $string;
+			}
+
+			/**
+			 *	Helper method used by removeBadProtocols()
+			 *
+			 *	This function processes URL protocols, checks to see if they're in the white-
+			 *	list or not, and returns different data depending on the answer.
+			 *
+			 *	@access private
+			 *	@param string $string String to check for protocols
+			 *	@return string String with removed protocols
+			 *	@see removeBadProtocols()
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function filterProtocols($string)
+			{
+				$string = $this->decodeEntities($string);
+				$string = preg_replace('/\s/', '', $string);
+				$string = $this->removeNulls($string);
+				$string = preg_replace('/\xad+/', '', $string2); # deals with Opera "feature"
+				$string = strtolower($string);
+
+				if(is_array($this->allowed_protocols) && count($this->allowed_protocols) > 0)
+				{
+					foreach ($this->allowed_protocols as $one_protocol)
+					{
+						if (strtolower($one_protocol) == $string)
+						{
+							return "$string:";
+						}
+					}
+				}
+
+				return '';
+			}
+
+			/**
+			 *	Controller method for performing checks on attribute values.
+			 *
+			 *	This method calls the appropriate method as specified by $checkname with
+			 *	the parameters $value, $vless, and $checkvalue, and returns the result
+			 *	of the call.
+			 *
+			 *	This method's functionality can be expanded by creating new methods
+			 *	that would match checkAttributeValue[$checkname].
+			 *
+			 *	Current checks implemented are: "maxlen", "minlen", "maxval", "minval" and "valueless"
+			 *
+			 *	@access private
+			 *	@param string $value The value of the attribute to be checked.
+			 *	@param string $vless Indicates whether the the value is supposed to be valueless
+			 *	@param string $checkname The check to be performed
+			 *	@param string $checkvalue The value that is to be checked against
+			 *	@return bool Indicates whether the check passed or not
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValue($value, $vless, $checkname, $checkvalue)
+			{
+				$ok = true;
+				$check_attribute_method_name  = 'checkAttributeValue' . ucfirst(strtolower($checkname));
+				if(method_exists($this, $check_attribute_method_name))
+				{
+					$ok = $this->$check_attribute_method_name($value, $checkvalue, $vless);
+				}
+
+				return $ok;
+			}
+
+			/**
+			 *	Helper method invoked by checkAttributeValue().
+			 *
+			 *	The maxlen check makes sure that the attribute value has a length not
+			 *	greater than the given value. This can be used to avoid Buffer Overflows
+			 *	in WWW clients and various Internet servers.
+			 *
+			 *	@access private
+			 *	@param string $value The value of the attribute to be checked.
+			 *	@param int $checkvalue The maximum value allowed
+			 *	@return bool Indicates whether the check passed or not
+			 *	@see checkAttributeValue()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValueMaxlen($value, $checkvalue)
+			{
+				if (strlen($value) > intval($checkvalue))
+				{
+					return false;
+				}
+				return true;
+			}
+
+			/**
+			 *	Helper method invoked by checkAttributeValue().
+			 *
+			 *	The minlen check makes sure that the attribute value has a length not
+			 *	smaller than the given value.
+			 *
+			 *	@access private
+			 *	@param string $value The value of the attribute to be checked.
+			 *	@param int $checkvalue The minimum value allowed
+			 *	@return bool Indicates whether the check passed or not
+			 *	@see checkAttributeValue()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValueMinlen($value, $checkvalue)
+			{
+				if (strlen($value) < intval($checkvalue))
+				{
+					return false;
+				}
+				return true;
+			}
+
+			/**
+			 *	Helper method invoked by checkAttributeValue().
+			 *
+			 *	The maxval check does two things: it checks that the attribute value is
+			 *	an integer from 0 and up, without an excessive amount of zeroes or
+			 *	whitespace (to avoid Buffer Overflows). It also checks that the attribute
+			 *	value is not greater than the given value.
+			 *
+			 *	This check can be used to avoid Denial of Service attacks.
+			 *
+			 *	@access private
+			 *	@param int $value The value of the attribute to be checked.
+			 *	@param int $checkvalue The maximum numeric value allowed
+			 *	@return bool Indicates whether the check passed or not
+			 *	@see checkAttributeValue()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValueMaxval($value, $checkvalue)
+			{
+				if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
+				{
+					return false;
+				}
+				if (intval($value) > intval($checkvalue))
+				{
+					return false;
+				}
+				return true;
+			}
+
+			/**
+			 *	Helper method invoked by checkAttributeValue().
+			 *
+			 *	The minval check checks that the attribute value is a positive integer,
+			 *	and that it is not smaller than the given value.
+			 *
+			 *	@access private
+			 *	@param int $value The value of the attribute to be checked.
+			 *	@param int $checkvalue The minimum numeric value allowed
+			 *	@return bool Indicates whether the check passed or not
+			 *	@see checkAttributeValue()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValueMinval($value, $checkvalue)
+			{
+				if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
+				{
+					return false;
+				}
+				if (intval($value) < ($checkvalue))
+				{
+					return false;
+				}
+				return true;
+			}
+
+			/**
+			 *	Helper method invoked by checkAttributeValue().
+			 *
+			 *	The valueless check checks if the attribute has a value
+			 *	(like <a href="blah">) or not (<option selected>). If the given value
+			 *	is a "y" or a "Y", the attribute must not have a value.
+			 *
+			 *	If the given value is an "n" or an "N", the attribute must have one.
+			 *
+			 *	@access private
+			 *	@param int $value The value of the attribute to be checked.
+			 *	@param mixed $checkvalue This variable is ignored for this test
+			 *	@param string $vless Flag indicating if this attribute is not supposed to have an attribute
+			 *	@return bool Indicates whether the check passed or not
+			 *	@see checkAttributeValue()
+			 *	@since PHP5 OOP 1.0.0
+			 */
+			private function checkAttributeValueValueless($value, $checkvalue, $vless)
+			{
+				if (strtolower($checkvalue) != $vless)
+				{
+					return false;
+				}
+				return true;
+			}
+
+			/**
+			 *	Decodes numeric HTML entities
+			 *
+			 *	This method decodes numeric HTML entities (&#65; and &#x41;). It doesn't
+			 *	do anything with other entities like &auml;, but we don't need them in the
+			 *	URL protocol white listing system anyway.
+			 *
+			 *	@access private
+			 *	@param string $value The entitiy to be decoded.
+			 *	@return string Decoded entity
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			private function decodeEntities($string)
+			{
+				$string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string);
+				$string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string);
+				return $string;
+			}
+
+			/**
+			 *	Returns PHP5 OOP version # of kses.
+			 *
+			 *	Since this class has been refactored and documented and proven to work,
+			 *	I'm fixing the version number at 1.0.0.
+			 *
+			 *	This version is syntax compatible with the PHP4 OOP version 0.0.2.  Future
+			 *	versions may not be syntax compatible.
+			 *
+			 *	@access public
+			 *	@return string Version number
+			 *	@since PHP4 OOP 0.0.1
+			 */
+			public function Version()
+			{
+				return 'PHP5 OOP 1.0.2';
+			}
+		}
+	}
+?>
\ No newline at end of file
diff --git a/vendors/kses/oop/test.oop.kses.php b/vendors/kses/oop/test.oop.kses.php
new file mode 100644
index 000000000..8c6e885d8
--- /dev/null
+++ b/vendors/kses/oop/test.oop.kses.php
@@ -0,0 +1,507 @@
+<?php
+
+	//	This is a q&d program that shows some of the results of
+	//	running KSES.  If you have further questions, check the
+	//	current valid email address at http://chaos.org/contact/
+
+	//	Make sure we're in a usable PHP environment
+	if(substr(phpversion(), 0, 1) < 4)
+	{
+		define('KSESTEST_VER', 0);
+	}
+	elseif(substr(phpversion(), 0, 1) >= 5)
+	{
+		define('KSESTEST_VER', 5);
+	}
+	else
+	{
+		define('KSESTEST_VER', 4);
+	}
+
+	//	See if we're in command line or web
+	if($_SERVER["DOCUMENT_ROOT"] == "")
+	{
+		define('KSESTEST_ENV', 'CLI');
+	}
+	else
+	{
+		define('KSESTEST_ENV', 'WEB');
+	}
+
+	if(KSESTEST_VER == 0)
+	{
+		$message = array(
+			"Error: Not using a current version of PHP!",
+			"You are using PHP version " . phpversion() . ".",
+			"KSES Class version requires PHP4 or better.",
+			"KSES test program ending."
+			);
+
+		displayPage(
+			array("title" => "Error running KSES test", "message" => $message)
+		);
+
+		exit();
+	}
+
+	$include_file = "php" . KSESTEST_VER . ".class.kses.php";
+	if(file_exists($include_file) && is_readable($include_file))
+	{
+		include_once($include_file);
+	}
+	else
+	{
+		$message = array(
+			"Error:  Unable to find '" . $include_file . "'.",
+			"Please check your include path and make sure the file is available.",
+			"Path: " . ini_get('include_path')
+		);
+
+		displayPage(
+			array('title' => 'Unable to include ' . $include_file, 'message' => $message)
+		);
+
+		exit();
+	}
+
+	$kses_type = "kses" . KSESTEST_VER;
+	$myKses = new $kses_type;
+
+	$test_text = array();
+	$test_text = test1_protocols($myKses);
+	$test_text = array_merge($test_text, test1_html($myKses));
+	$test_text = array_merge($test_text, test1_kses($myKses));
+
+	displayPage(
+		array('title' => 'New Test', 'message' => $test_text)
+	);
+
+	function test1_kses(&$myKses)
+	{
+		$out = array(output_hr(), "Testing current configuration");
+
+		$test_tags = array(
+			'<a href="http://www.chaos.org/">www.chaos.org</a>',
+			'<a name="X">Short \'a name\' tag</a>',
+			'<td colspan="3" rowspan="5">Foo</td>',
+			'<td rowspan="2" class="mugwump" style="background-color: rgb(255, 204 204);">Bar</td>',
+			'<td nowrap>Very Long String running to 1000 characters...</td>',
+			'<td bgcolor="#00ff00" nowrap>Very Long String with a blue background</td>',
+			'<a href="proto1://www.foo.com">New protocol test</a>',
+			'<img src="proto2://www.foo.com" />',
+			'<a href="javascript:javascript:javascript:javascript:javascript:alert(\'Boo!\');">bleep</a>',
+			'<a href="proto4://abc.xyz.foo.com">Another new protocol</a>',
+			'<a href="proto9://foo.foo.foo.foo.foo.org/">Test of "proto9"</a>',
+			'<td width="75">Bar!</td>',
+			'<td width="200">Long Cell</td>'
+		);
+
+		$out_li = array();
+		// Keep only allowed HTML from the presumed 'form'.
+		foreach($test_tags as $tag)
+		{
+			$temp  = $myKses->Parse($tag);
+			$check = ($temp == $tag) ? true : false;
+			$text  = ($temp == $tag) ? 'pass' : 'fail';
+
+			$li_text  = output_testresult($check, $text) . output_newline();
+			$li_text .= "Input: &nbsp;" . output_translate($tag) . output_newline();
+			$li_text .= "Output: " . output_translate($temp);
+			if(KSESTEST_ENV == 'CLI')
+			{
+				$li_text .= output_newline();
+			}
+
+			array_push($out_li, output_code_wrap($li_text));
+		}
+
+		$out = array_merge($out, array(output_ul($out_li)));
+		array_push($out, output_hr());
+		array_push($out, "Testing is now finished.");
+		return $out;
+	}
+
+	function output_code_wrap($text)
+	{
+		if(KSESTEST_ENV == 'CLI')
+		{
+			return $text;
+		}
+		else
+		{
+			return "<code>\n$text<code>\n";
+		}
+	}
+
+	function output_translate($text)
+	{
+		if(KSESTEST_ENV == 'CLI')
+		{
+			return $text;
+		}
+		else
+		{
+			return htmlentities($text);
+		}
+	}
+
+	function output_testresult($pass = false, $text = "")
+	{
+		if(KSESTEST_ENV == 'CLI')
+		{
+			return '[' . $text . ']';
+		}
+		else
+		{
+			if($pass == true)
+			{
+				return '<span style="color: green;">[' . $text . ']</span>';
+			}
+			else
+			{
+				return '<span style="color: red;">[' . $text . ']</span>';
+			}
+		}
+	}
+
+	function output_spaces()
+	{
+		if(KSESTEST_ENV == 'WEB')
+		{
+			$out = "&nbsp;&nbsp;&nbsp;";
+		}
+		else
+		{
+			$out = "   ";
+		}
+
+		return $out;
+	}
+
+	function output_newline()
+	{
+		if(KSESTEST_ENV == 'WEB')
+		{
+			$out = "<br />\n";
+		}
+		else
+		{
+			$out = "\n";
+		}
+
+		return $out;
+	}
+
+	function displayPage($data = array())
+	{
+		$title   = ($data['title'] == '') ? 'No title' : $data['title'];
+		$message = ($data['message'] == '') ? array('No message') : $data['message'];
+
+		$out = "";
+
+		foreach($message as $text)
+		{
+			if(KSESTEST_ENV == 'WEB')
+			{
+				$header = "\t\t<h1>$title</h1>\n\t\t<hr />\n";
+				$out .= "\t\t<p>\n";
+				$out .= "\t\t\t$text\n";
+				$out .= "\t\t</p>\n";
+			}
+			else
+			{
+				$header = "$title\n" . str_repeat('-', 60) . "\n\n";
+				$out .= "\t$text\n\n";
+			}
+		}
+
+		if(KSESTEST_ENV == 'WEB')
+		{
+			echo "<html>\n";
+			echo "\t<head>\n";
+			echo "\t\t<title>$title</title>\n";
+			echo "\t</head>\n";
+			echo "\t<body>\n";
+			echo $header;
+			echo $out;
+			echo "\t</body>\n";
+			echo "</html>\n";
+		}
+		else
+		{
+			echo $header;
+			echo $out;
+		}
+	}
+
+	function output_hr()
+	{
+		if(KSESTEST_ENV == 'WEB')
+		{
+			return "\t\t\t<hr />\n";
+		}
+		else
+		{
+			return str_repeat(60, '-') . "\n";
+		}
+	}
+
+	function output_ul($data = array(), $padding = "")
+	{
+		if(!is_array($data) || count($data) < 1)
+		{
+			return "";
+		}
+
+		$text = "";
+		if(KSESTEST_ENV == 'WEB')
+		{
+			$text = "\t\t\t<ul>\n";
+			foreach($data as $li)
+			{
+				$text .= "\t\t\t\t<li>$li</li>\n";
+			}
+			$text .= "\t\t\t</ul>\n";
+		}
+		else
+		{
+			foreach($data as $li)
+			{
+				$text .= $padding . "   * $li\n";
+			}
+		}
+
+		return $text;
+	}
+
+	function test1_protocols(&$myKses)
+	{
+		$default_prots = $myKses->dumpProtocols();
+		$out_text = array();
+		if(count($default_prots) > 0)
+		{
+			array_push($out_text, "Initial protocols from KSES" . KSESTEST_VER . ":");
+			array_push($out_text, output_ul($default_prots));
+			array_push($out_text, output_hr());
+		}
+
+		$myKses->AddProtocols(array("proto1", "proto2:", "proto3"));   // Add a list of protocols
+		$myKses->AddProtocols("proto4:");  // Add a single protocol (Note ':' is optional at end)
+		$myKses->AddProtocol("proto9", "mystery:", "anarchy");
+		$myKses->AddProtocol("alpha", "beta", "gamma:");
+
+		$add_protocol  = "\t\t\t<ol>\n";
+		$add_protocol .= "\t\t\t\t" . '<li>$myKses->AddProtocols(array("proto1", "proto2:", "proto3"));</li>' . "\n";
+		$add_protocol .= "\t\t\t\t" . '<li>$myKses->AddProtocols("proto4:");</li>' . "\n";
+		$add_protocol .= "\t\t\t\t" . '<li>$myKses->AddProtocols("proto4:");</li>' . "\n";
+		$add_protocol .= "\t\t\t\t" . '<li>$myKses->AddProtocol("proto9", "mystery:", "anarchy");</li>' . "\n";
+		$add_protocol .= "\t\t\t\t" . '<li>$myKses->AddProtocol("alpha", "beta", "gamma:");</li>' . "\n";
+		$add_protocol .= "\t\t\t</ol>\n";
+
+		array_push($out_text, $add_protocol);
+
+		$new_prots = $myKses->dumpProtocols();
+		if(count($new_prots) > 0)
+		{
+			array_push($out_text, "New protocols from KSES" . KSESTEST_VER . " after using AddProtocol(s):");
+			array_push($out_text, output_ul($new_prots));
+			array_push($out_text, output_hr());
+		}
+
+		$myKses->RemoveProtocols(array("mystery", "anarchy:"));
+		$myKses->RemoveProtocols("alpha:");
+		$myKses->RemoveProtocol("beta:");
+		$myKses->RemoveProtocol("gamma");
+
+		$remove_protocol  = "\t\t\t<ol>\n";
+		$remove_protocol .= "\t\t\t\t" . '<li>$myKses->RemoveProtocols(array("mystery", "anarchy:"));</li>' . "\n";
+		$remove_protocol .= "\t\t\t\t" . '<li>$myKses->RemoveProtocols("alpha:");</li>' . "\n";
+		$remove_protocol .= "\t\t\t\t" . '<li>$myKses->RemoveProtocol("beta:");</li>' . "\n";
+		$remove_protocol .= "\t\t\t\t" . '<li>$myKses->RemoveProtocol("gamma");</li>' . "\n";
+		$remove_protocol .= "\t\t\t</ol>\n";
+		array_push($out_text, $remove_protocol);
+
+		$new_prots = $myKses->dumpProtocols();
+		if(count($new_prots) > 0)
+		{
+			array_push($out_text, "Resulting protocols from KSES" . KSESTEST_VER . " after using RemoveProtocol(s):");
+			array_push($out_text, output_ul($new_prots));
+			array_push($out_text, output_hr());
+		}
+
+		$myKses->SetProtocols(array("https", "gopher", "news"));
+		$set_protocol  = "\t\t\t<ol>\n";
+		$set_protocol .= "\t\t\t\t" . '<li>$myKses->SetProtocols(array("https", "gopher", "news"));</li>' . "\n";
+		$set_protocol .= "\t\t\t</ol>\n";
+		array_push($out_text, $set_protocol);
+
+		$new_prots = $myKses->dumpProtocols();
+		if(count($new_prots) > 0)
+		{
+			array_push($out_text, "Resulting protocols from KSES" . KSESTEST_VER . " after using SetProtocols:");
+			array_push($out_text, output_ul($new_prots));
+			array_push($out_text, output_hr());
+		}
+
+		//	Invisible reset
+		$myKses->SetProtocols(array("http", "proto1", "proto2", "proto9"));
+
+		return $out_text;
+	}
+
+	function test1_html(&$myKses)
+	{
+		$out = array();
+
+		//	Allows <p>|</p> tag
+		$myKses->AddHTML("p");
+
+		//	Allows 'a' tag with href|name attributes,
+		//	href has minlen of 10 chars, and maxlen of 25 chars
+		//	name has minlen of  2 chars
+		$myKses->AddHTML(
+			"a",
+			array(
+				"href" => array('maxlen' => 25, 'minlen' => 10),
+				"name" => array('minlen' => 2)
+			)
+		);
+
+		//	Allows 'td' tag with colspan|rowspan|class|style|width|nowrap attributes,
+		//		colspan has minval of   2       and maxval of 5
+		//		rowspan has minval of   3       and maxval of 6
+		//		class   has minlen of   1 char  and maxlen of   10 chars
+		//		style   has minlen of  10 chars and maxlen of 100 chars
+		//		width   has maxval of 100
+		//		nowrap  is valueless
+		$myKses->AddHTML(
+			"td",
+			array(
+				"colspan" => array('minval' =>   2, 'maxval' =>   5),
+				"rowspan" => array('minval' =>   3, 'maxval' =>   6),
+				"class"   => array("minlen" =>   1, 'maxlen' =>  10),
+				"width"   => array("maxval" => 100),
+				"style"   => array('minlen' =>  10, 'maxlen' => 100),
+				"nowrap"  => array('valueless' => 'y')
+			)
+		);
+
+		array_push($out, "Modifying HTML Tests:");
+		$code_text  = "<pre>\n";
+		$code_text .= "      //   Allows &lt;p&gt;|&lt;/p&gt; tag\n";
+		$code_text .= "      \$myKses-&gt;AddHTML(\"p\");\n";
+		$code_text .= "\n";
+		$code_text .= "      //   Allows 'a' tag with href|name attributes,\n";
+		$code_text .= "      //   href has minlen of 10 chars, and maxlen of 25 chars\n";
+		$code_text .= "      //   name has minlen of  2 chars\n";
+		$code_text .= "      \$myKses-&gt;AddHTML(\n";
+		$code_text .= "         \"a\",\n";
+		$code_text .= "         array(\n";
+		$code_text .= "            \"href\" =&gt; array('maxlen' =&gt; 25, 'minlen' =&gt; 10),\n";
+		$code_text .= "            \"name\" =&gt; array('minlen' =&gt; 2)\n";
+		$code_text .= "         )\n";
+		$code_text .= "      );\n";
+		$code_text .= "\n";
+		$code_text .= "      //   Allows 'td' tag with colspan|rowspan|class|style|width|nowrap attributes,\n";
+		$code_text .= "      //      colspan has minval of   2       and maxval of 5\n";
+		$code_text .= "      //      rowspan has minval of   3       and maxval of 6\n";
+		$code_text .= "      //      class   has minlen of   1 char  and maxlen of   10 chars\n";
+		$code_text .= "      //      style   has minlen of  10 chars and maxlen of 100 chars\n";
+		$code_text .= "      //      width   has maxval of 100\n";
+		$code_text .= "      //      nowrap  is valueless\n";
+		$code_text .= "      \$myKses-&gt;AddHTML(\n";
+		$code_text .= "         \"td\",\n";
+		$code_text .= "         array(\n";
+		$code_text .= "            \"colspan\" =&gt; array('minval' =&gt;   2, 'maxval' =&gt;   5),\n";
+		$code_text .= "            \"rowspan\" =&gt; array('minval' =&gt;   3, 'maxval' =&gt;   6),\n";
+		$code_text .= "            \"class\"   =&gt; array(\"minlen\" =&gt;   1, 'maxlen' =&gt;  10),\n";
+		$code_text .= "            \"width\"   =&gt; array(\"maxval\" =&gt; 100),\n";
+		$code_text .= "            \"style\"   =&gt; array('minlen' =&gt;  10, 'maxlen' =&gt; 100),\n";
+		$code_text .= "            \"nowrap\"  =&gt; array('valueless' =&gt; 'y')\n";
+		$code_text .= "         )\n";
+		$code_text .= "      );\n";
+		$code_text .= "</pre>\n";
+
+		array_push($out, $code_text);
+		array_push($out, output_hr());
+		array_push($out, "Net results:");
+
+		$out_elems = $myKses->DumpElements();
+		if(count($out_elems) > 0)
+		{
+			//array_push($out, "\t\t\t<ul>\n");
+			foreach($out_elems as $tag => $attr_data)
+			{
+				$out_li_elems = array();
+				$elem_text = "(X)HTML element $tag";
+				$allow = "";
+				if(isset($attr_data) && is_array($attr_data) && count($attr_data) > 0)
+				{
+					$allow = " allows attribute";
+					if(count($attr_data) > 1)
+					{
+						$allow .= "s";
+					}
+					$allow .= ":\n";
+				}
+
+				array_push($out_li_elems, "$elem_text$allow");
+
+				$attr_test_li = array();
+				if(isset($attr_data) && is_array($attr_data) && count($attr_data) > 0)
+				{
+					foreach($attr_data as $attr_name => $attr_tests)
+					{
+						$li_text = $attr_name;
+						if(isset($attr_tests) && count($attr_tests) > 0)
+						{
+							foreach($attr_tests as $test_name => $test_val)
+							{
+								switch($test_name)
+								{
+									case "maxlen":
+										$li_text .= " - maximum length of '" . $test_val . "' characters";
+										break;
+									case "minlen":
+										$li_text .= " - minimum length of '" . $test_val . "' characters";
+										break;
+									case "minval":
+										$li_text .= " - minimum value of '" . $test_val . "'";
+										break;
+									case "maxval":
+										$li_text .= " - maximum value of '" . $test_val . "'";
+										break;
+									case "valueless":
+										switch(strtolower($test_val))
+										{
+											case 'n':
+												$li_text .= " - must not be valueless";
+												break;
+											case 'y':
+												$li_text .= " - must be valueless";
+												break;
+											default:
+												break;
+										}
+										break;
+									default:
+										break;
+								}
+							}
+						}
+						array_push($attr_test_li, $li_text);
+					}
+					if(count($attr_test_li) > 0)
+					{
+						$attr_test_li = output_ul($attr_test_li, "   ");
+						$out_li_elems = array("$elem_text$allow$attr_test_li");
+					}
+				}
+				$out = array_merge($out, $out_li_elems);
+			}
+		}
+
+		return $out;
+	}
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3