From 2cab677427f7fd462f35432d4a83fe89a26d7595 Mon Sep 17 00:00:00 2001 From: ben Date: Wed, 9 Jul 2008 09:55:42 +0000 Subject: Elgg 1.0, meet kses. Kses, Elgg 1.0. git-svn-id: https://code.elgg.org/elgg/trunk@1344 36083f99-b078-4883-b0ff-0f9b5a30f544 --- vendors/kses/oop/oop.kses.changelog.txt | 204 ++++++ vendors/kses/oop/oop.simple.api.txt | 58 ++ vendors/kses/oop/php4.class.kses.php | 1162 ++++++++++++++++++++++++++++++ vendors/kses/oop/php5.class.kses.php | 1172 +++++++++++++++++++++++++++++++ vendors/kses/oop/test.oop.kses.php | 507 +++++++++++++ 5 files changed, 3103 insertions(+) create mode 100644 vendors/kses/oop/oop.kses.changelog.txt create mode 100644 vendors/kses/oop/oop.simple.api.txt create mode 100644 vendors/kses/oop/php4.class.kses.php create mode 100644 vendors/kses/oop/php5.class.kses.php create mode 100644 vendors/kses/oop/test.oop.kses.php (limited to 'vendors/kses/oop') diff --git a/vendors/kses/oop/oop.kses.changelog.txt b/vendors/kses/oop/oop.kses.changelog.txt new file mode 100644 index 000000000..a82daf4fe --- /dev/null +++ b/vendors/kses/oop/oop.kses.changelog.txt @@ -0,0 +1,204 @@ +kses ChangeLog +============== + +KSES5 + * 1.0.2 +KSES4 + * 0.2.2 + - Folded in code from kses 0.2.2. + +KSES5 + * 1.0.1rc +KSES4 + * 0.2.2rc + - Added SetProtocols() to make protocol replacement a single step + to fully answer concerns in bug #892477 + +KSES5 + * 1.0.0 + - Turned many methods private + + - Now using __construct default constructor + + - Only runs in PHP5 or better + + - All method names changed to reflect verb status + + - Folded sinlge line functions into calling methods + + - Deprecated _hook(), Protocols() + + - Added AddProtocols() to replace Protocols() + + - Added filterKsesTextHook() to replace _hook() + + - Added RemoveProtocol() and RemoveProtocols() to remove protocols + singly, or batch. This should clear bug #892477 + + - Version number is 1.0.0 + +KSES4 + * 0.2.1 + - Synced version number to procedural code + + - Deprecated _hook(), Protocols() + + - Added AddProtocols() to replace Protocols() + + - Added filterKsesTextHook() to replace _hook() + + - Added RemoveProtocol() and RemoveProtocols() to remove protocols singly, + or batch. This should clear bug #892477 + +OOP + - Forked code into PHP4 and PHP5 versions. Use '$myKses = new kses[45]' + from now on. + + - Modified code to run in E_STRICT. This should clear bug #918493 + + - Added phpDoc commenting + +OOP + * 0.0.2 + - Fixed a bug in AddProtocol that wasn't adding new protocols to + $this->allowed_protocols + + - Modified internal methods to correspond to kses 0.2.1 modifications. + + - Created a basic test suite that can be run via web or CLI. + + - Started CVSing the code. + +OOP + * 0.0.1 + - Turned all the kses_function_name functions to _function_name methods. + + - Added a couple of properties (allowed_protocols, allowed_html) with + $this->allowed_protocols defaulting to the lion's share of usual + protocols. + + - Modified the applicable use of preg_replace() functions to point to + internal class methods. + + - Reduced the parameter list of some methods since internal properties + are now being used. + + - Added "public" methods to set up the allowed protocols and HTML. + +Procedural + * 0.2.1 + + 0.2.1 was released on the 29th of September 2003. + It has the following changes: + + - There is now an additional version of kses, using the object-oriented + paradigm. Thanks a lot to Richard R. Vasquez, Jr., who created it! + Anyone who wants to make functional programming, logical programming or + spaghetti programming versions of kses as well (or any other programming + paradigm that you like), go ahead! All the people who like old + procedural programming for web applications shouldn't despair, though, + as both versions will be maintained with each release. + + - kses now has some new attribute value checks: minlen, minval and + valueless. See docs/attribute-value-checks for an explanation. + + - For some reason, the Opera developers decided to make chr(173) a + whitespace character in URL protocols, both when it occurs raw and in an + entity. kses now handles this. + + - The URL protocol whitelisting system now decodes entities before + removing NULLs and whitespaces. + +Procedural + * 0.2.0 + + 0.2.0 was released on the 25th of July 2003. + It has the following changes: + + - kses now supports checking of attribute values, and not just element + names and attribute names. The attribute value checks that exist so far + are 'maxlen' (checks how long attribute values are, to avoid Buffer + Overflows) and 'maxval' (checks how big an integer value is, to avoid + Denial of Service attacks). + + Buffer Overflows could both be a problem for WWW clients and different + servers on the Internet that an HTML document links to. One example is + . + + Denial of Service attacks can take the form of too big sizes of iframes + or other things. One example is