Config.php 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920
  1. <?php
  2. /**
  3. * Configuration object that triggers customizable behavior.
  4. *
  5. * @warning This class is strongly defined: that means that the class
  6. * will fail if an undefined directive is retrieved or set.
  7. *
  8. * @note Many classes that could (although many times don't) use the
  9. * configuration object make it a mandatory parameter. This is
  10. * because a configuration object should always be forwarded,
  11. * otherwise, you run the risk of missing a parameter and then
  12. * being stumped when a configuration directive doesn't work.
  13. *
  14. * @todo Reconsider some of the public member variables
  15. */
  16. class HTMLPurifier_Config
  17. {
  18. /**
  19. * HTML Purifier's version
  20. * @type string
  21. */
  22. public $version = '4.17.0';
  23. /**
  24. * Whether or not to automatically finalize
  25. * the object if a read operation is done.
  26. * @type bool
  27. */
  28. public $autoFinalize = true;
  29. // protected member variables
  30. /**
  31. * Namespace indexed array of serials for specific namespaces.
  32. * @see getSerial() for more info.
  33. * @type string[]
  34. */
  35. protected $serials = array();
  36. /**
  37. * Serial for entire configuration object.
  38. * @type string
  39. */
  40. protected $serial;
  41. /**
  42. * Parser for variables.
  43. * @type HTMLPurifier_VarParser_Flexible
  44. */
  45. protected $parser = null;
  46. /**
  47. * Reference HTMLPurifier_ConfigSchema for value checking.
  48. * @type HTMLPurifier_ConfigSchema
  49. * @note This is public for introspective purposes. Please don't
  50. * abuse!
  51. */
  52. public $def;
  53. /**
  54. * Indexed array of definitions.
  55. * @type HTMLPurifier_Definition[]
  56. */
  57. protected $definitions;
  58. /**
  59. * Whether or not config is finalized.
  60. * @type bool
  61. */
  62. protected $finalized = false;
  63. /**
  64. * Property list containing configuration directives.
  65. * @type array
  66. */
  67. protected $plist;
  68. /**
  69. * Whether or not a set is taking place due to an alias lookup.
  70. * @type bool
  71. */
  72. private $aliasMode;
  73. /**
  74. * Set to false if you do not want line and file numbers in errors.
  75. * (useful when unit testing). This will also compress some errors
  76. * and exceptions.
  77. * @type bool
  78. */
  79. public $chatty = true;
  80. /**
  81. * Current lock; only gets to this namespace are allowed.
  82. * @type string
  83. */
  84. private $lock;
  85. /**
  86. * Constructor
  87. * @param HTMLPurifier_ConfigSchema $definition ConfigSchema that defines
  88. * what directives are allowed.
  89. * @param HTMLPurifier_PropertyList $parent
  90. */
  91. public function __construct($definition, $parent = null)
  92. {
  93. $parent = $parent ? $parent : $definition->defaultPlist;
  94. $this->plist = new HTMLPurifier_PropertyList($parent);
  95. $this->def = $definition; // keep a copy around for checking
  96. $this->parser = new HTMLPurifier_VarParser_Flexible();
  97. }
  98. /**
  99. * Convenience constructor that creates a config object based on a mixed var
  100. * @param mixed $config Variable that defines the state of the config
  101. * object. Can be: a HTMLPurifier_Config() object,
  102. * an array of directives based on loadArray(),
  103. * or a string filename of an ini file.
  104. * @param HTMLPurifier_ConfigSchema $schema Schema object
  105. * @return HTMLPurifier_Config Configured object
  106. */
  107. public static function create($config, $schema = null)
  108. {
  109. if ($config instanceof HTMLPurifier_Config) {
  110. // pass-through
  111. return $config;
  112. }
  113. if (!$schema) {
  114. $ret = HTMLPurifier_Config::createDefault();
  115. } else {
  116. $ret = new HTMLPurifier_Config($schema);
  117. }
  118. if (is_string($config)) {
  119. $ret->loadIni($config);
  120. } elseif (is_array($config)) $ret->loadArray($config);
  121. return $ret;
  122. }
  123. /**
  124. * Creates a new config object that inherits from a previous one.
  125. * @param HTMLPurifier_Config $config Configuration object to inherit from.
  126. * @return HTMLPurifier_Config object with $config as its parent.
  127. */
  128. public static function inherit(HTMLPurifier_Config $config)
  129. {
  130. return new HTMLPurifier_Config($config->def, $config->plist);
  131. }
  132. /**
  133. * Convenience constructor that creates a default configuration object.
  134. * @return HTMLPurifier_Config default object.
  135. */
  136. public static function createDefault()
  137. {
  138. $definition = HTMLPurifier_ConfigSchema::instance();
  139. $config = new HTMLPurifier_Config($definition);
  140. return $config;
  141. }
  142. /**
  143. * Retrieves a value from the configuration.
  144. *
  145. * @param string $key String key
  146. * @param mixed $a
  147. *
  148. * @return mixed
  149. */
  150. public function get($key, $a = null)
  151. {
  152. if ($a !== null) {
  153. $this->triggerError(
  154. "Using deprecated API: use \$config->get('$key.$a') instead",
  155. E_USER_WARNING
  156. );
  157. $key = "$key.$a";
  158. }
  159. if (!$this->finalized) {
  160. $this->autoFinalize();
  161. }
  162. if (!isset($this->def->info[$key])) {
  163. // can't add % due to SimpleTest bug
  164. $this->triggerError(
  165. 'Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
  166. E_USER_WARNING
  167. );
  168. return;
  169. }
  170. if (isset($this->def->info[$key]->isAlias)) {
  171. $d = $this->def->info[$key];
  172. $this->triggerError(
  173. 'Cannot get value from aliased directive, use real name ' . $d->key,
  174. E_USER_ERROR
  175. );
  176. return;
  177. }
  178. if ($this->lock) {
  179. list($ns) = explode('.', $key);
  180. if ($ns !== $this->lock) {
  181. $this->triggerError(
  182. 'Cannot get value of namespace ' . $ns . ' when lock for ' .
  183. $this->lock .
  184. ' is active, this probably indicates a Definition setup method ' .
  185. 'is accessing directives that are not within its namespace',
  186. E_USER_ERROR
  187. );
  188. return;
  189. }
  190. }
  191. return $this->plist->get($key);
  192. }
  193. /**
  194. * Retrieves an array of directives to values from a given namespace
  195. *
  196. * @param string $namespace String namespace
  197. *
  198. * @return array
  199. */
  200. public function getBatch($namespace)
  201. {
  202. if (!$this->finalized) {
  203. $this->autoFinalize();
  204. }
  205. $full = $this->getAll();
  206. if (!isset($full[$namespace])) {
  207. $this->triggerError(
  208. 'Cannot retrieve undefined namespace ' .
  209. htmlspecialchars($namespace),
  210. E_USER_WARNING
  211. );
  212. return;
  213. }
  214. return $full[$namespace];
  215. }
  216. /**
  217. * Returns a SHA-1 signature of a segment of the configuration object
  218. * that uniquely identifies that particular configuration
  219. *
  220. * @param string $namespace Namespace to get serial for
  221. *
  222. * @return string
  223. * @note Revision is handled specially and is removed from the batch
  224. * before processing!
  225. */
  226. public function getBatchSerial($namespace)
  227. {
  228. if (empty($this->serials[$namespace])) {
  229. $batch = $this->getBatch($namespace);
  230. unset($batch['DefinitionRev']);
  231. $this->serials[$namespace] = sha1(serialize($batch));
  232. }
  233. return $this->serials[$namespace];
  234. }
  235. /**
  236. * Returns a SHA-1 signature for the entire configuration object
  237. * that uniquely identifies that particular configuration
  238. *
  239. * @return string
  240. */
  241. public function getSerial()
  242. {
  243. if (empty($this->serial)) {
  244. $this->serial = sha1(serialize($this->getAll()));
  245. }
  246. return $this->serial;
  247. }
  248. /**
  249. * Retrieves all directives, organized by namespace
  250. *
  251. * @warning This is a pretty inefficient function, avoid if you can
  252. */
  253. public function getAll()
  254. {
  255. if (!$this->finalized) {
  256. $this->autoFinalize();
  257. }
  258. $ret = array();
  259. foreach ($this->plist->squash() as $name => $value) {
  260. list($ns, $key) = explode('.', $name, 2);
  261. $ret[$ns][$key] = $value;
  262. }
  263. return $ret;
  264. }
  265. /**
  266. * Sets a value to configuration.
  267. *
  268. * @param string $key key
  269. * @param mixed $value value
  270. * @param mixed $a
  271. */
  272. public function set($key, $value, $a = null)
  273. {
  274. if (strpos($key, '.') === false) {
  275. $namespace = $key;
  276. $directive = $value;
  277. $value = $a;
  278. $key = "$key.$directive";
  279. $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
  280. } else {
  281. list($namespace) = explode('.', $key);
  282. }
  283. if ($this->isFinalized('Cannot set directive after finalization')) {
  284. return;
  285. }
  286. if (!isset($this->def->info[$key])) {
  287. $this->triggerError(
  288. 'Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
  289. E_USER_WARNING
  290. );
  291. return;
  292. }
  293. $def = $this->def->info[$key];
  294. if (isset($def->isAlias)) {
  295. if ($this->aliasMode) {
  296. $this->triggerError(
  297. 'Double-aliases not allowed, please fix '.
  298. 'ConfigSchema bug with' . $key,
  299. E_USER_ERROR
  300. );
  301. return;
  302. }
  303. $this->aliasMode = true;
  304. $this->set($def->key, $value);
  305. $this->aliasMode = false;
  306. $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
  307. return;
  308. }
  309. // Raw type might be negative when using the fully optimized form
  310. // of stdClass, which indicates allow_null == true
  311. $rtype = is_int($def) ? $def : $def->type;
  312. if ($rtype < 0) {
  313. $type = -$rtype;
  314. $allow_null = true;
  315. } else {
  316. $type = $rtype;
  317. $allow_null = isset($def->allow_null);
  318. }
  319. try {
  320. $value = $this->parser->parse($value, $type, $allow_null);
  321. } catch (HTMLPurifier_VarParserException $e) {
  322. $this->triggerError(
  323. 'Value for ' . $key . ' is of invalid type, should be ' .
  324. HTMLPurifier_VarParser::getTypeName($type),
  325. E_USER_WARNING
  326. );
  327. return;
  328. }
  329. if (is_string($value) && is_object($def)) {
  330. // resolve value alias if defined
  331. if (isset($def->aliases[$value])) {
  332. $value = $def->aliases[$value];
  333. }
  334. // check to see if the value is allowed
  335. if (isset($def->allowed) && !isset($def->allowed[$value])) {
  336. $this->triggerError(
  337. 'Value not supported, valid values are: ' .
  338. $this->_listify($def->allowed),
  339. E_USER_WARNING
  340. );
  341. return;
  342. }
  343. }
  344. $this->plist->set($key, $value);
  345. // reset definitions if the directives they depend on changed
  346. // this is a very costly process, so it's discouraged
  347. // with finalization
  348. if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
  349. $this->definitions[$namespace] = null;
  350. }
  351. $this->serials[$namespace] = false;
  352. }
  353. /**
  354. * Convenience function for error reporting
  355. *
  356. * @param array $lookup
  357. *
  358. * @return string
  359. */
  360. private function _listify($lookup)
  361. {
  362. $list = array();
  363. foreach ($lookup as $name => $b) {
  364. $list[] = $name;
  365. }
  366. return implode(', ', $list);
  367. }
  368. /**
  369. * Retrieves object reference to the HTML definition.
  370. *
  371. * @param bool $raw Return a copy that has not been setup yet. Must be
  372. * called before it's been setup, otherwise won't work.
  373. * @param bool $optimized If true, this method may return null, to
  374. * indicate that a cached version of the modified
  375. * definition object is available and no further edits
  376. * are necessary. Consider using
  377. * maybeGetRawHTMLDefinition, which is more explicitly
  378. * named, instead.
  379. *
  380. * @return HTMLPurifier_HTMLDefinition|null
  381. */
  382. public function getHTMLDefinition($raw = false, $optimized = false)
  383. {
  384. return $this->getDefinition('HTML', $raw, $optimized);
  385. }
  386. /**
  387. * Retrieves object reference to the CSS definition
  388. *
  389. * @param bool $raw Return a copy that has not been setup yet. Must be
  390. * called before it's been setup, otherwise won't work.
  391. * @param bool $optimized If true, this method may return null, to
  392. * indicate that a cached version of the modified
  393. * definition object is available and no further edits
  394. * are necessary. Consider using
  395. * maybeGetRawCSSDefinition, which is more explicitly
  396. * named, instead.
  397. *
  398. * @return HTMLPurifier_CSSDefinition|null
  399. */
  400. public function getCSSDefinition($raw = false, $optimized = false)
  401. {
  402. return $this->getDefinition('CSS', $raw, $optimized);
  403. }
  404. /**
  405. * Retrieves object reference to the URI definition
  406. *
  407. * @param bool $raw Return a copy that has not been setup yet. Must be
  408. * called before it's been setup, otherwise won't work.
  409. * @param bool $optimized If true, this method may return null, to
  410. * indicate that a cached version of the modified
  411. * definition object is available and no further edits
  412. * are necessary. Consider using
  413. * maybeGetRawURIDefinition, which is more explicitly
  414. * named, instead.
  415. *
  416. * @return HTMLPurifier_URIDefinition|null
  417. */
  418. public function getURIDefinition($raw = false, $optimized = false)
  419. {
  420. return $this->getDefinition('URI', $raw, $optimized);
  421. }
  422. /**
  423. * Retrieves a definition
  424. *
  425. * @param string $type Type of definition: HTML, CSS, etc
  426. * @param bool $raw Whether or not definition should be returned raw
  427. * @param bool $optimized Only has an effect when $raw is true. Whether
  428. * or not to return null if the result is already present in
  429. * the cache. This is off by default for backwards
  430. * compatibility reasons, but you need to do things this
  431. * way in order to ensure that caching is done properly.
  432. * Check out enduser-customize.html for more details.
  433. * We probably won't ever change this default, as much as the
  434. * maybe semantics is the "right thing to do."
  435. *
  436. * @throws HTMLPurifier_Exception
  437. * @return HTMLPurifier_Definition|null
  438. */
  439. public function getDefinition($type, $raw = false, $optimized = false)
  440. {
  441. if ($optimized && !$raw) {
  442. throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
  443. }
  444. if (!$this->finalized) {
  445. $this->autoFinalize();
  446. }
  447. // temporarily suspend locks, so we can handle recursive definition calls
  448. $lock = $this->lock;
  449. $this->lock = null;
  450. $factory = HTMLPurifier_DefinitionCacheFactory::instance();
  451. $cache = $factory->create($type, $this);
  452. $this->lock = $lock;
  453. if (!$raw) {
  454. // full definition
  455. // ---------------
  456. // check if definition is in memory
  457. if (!empty($this->definitions[$type])) {
  458. $def = $this->definitions[$type];
  459. // check if the definition is setup
  460. if ($def->setup) {
  461. return $def;
  462. } else {
  463. $def->setup($this);
  464. if ($def->optimized) {
  465. $cache->add($def, $this);
  466. }
  467. return $def;
  468. }
  469. }
  470. // check if definition is in cache
  471. $def = $cache->get($this);
  472. if ($def) {
  473. // definition in cache, save to memory and return it
  474. $this->definitions[$type] = $def;
  475. return $def;
  476. }
  477. // initialize it
  478. $def = $this->initDefinition($type);
  479. // set it up
  480. $this->lock = $type;
  481. $def->setup($this);
  482. $this->lock = null;
  483. // save in cache
  484. $cache->add($def, $this);
  485. // return it
  486. return $def;
  487. } else {
  488. // raw definition
  489. // --------------
  490. // check preconditions
  491. $def = null;
  492. if ($optimized) {
  493. if (is_null($this->get($type . '.DefinitionID'))) {
  494. // fatally error out if definition ID not set
  495. throw new HTMLPurifier_Exception(
  496. "Cannot retrieve raw version without specifying %$type.DefinitionID"
  497. );
  498. }
  499. }
  500. if (!empty($this->definitions[$type])) {
  501. $def = $this->definitions[$type];
  502. if ($def->setup && !$optimized) {
  503. $extra = $this->chatty ?
  504. " (try moving this code block earlier in your initialization)" :
  505. "";
  506. throw new HTMLPurifier_Exception(
  507. "Cannot retrieve raw definition after it has already been setup" .
  508. $extra
  509. );
  510. }
  511. if ($def->optimized === null) {
  512. $extra = $this->chatty ? " (try flushing your cache)" : "";
  513. throw new HTMLPurifier_Exception(
  514. "Optimization status of definition is unknown" . $extra
  515. );
  516. }
  517. if ($def->optimized !== $optimized) {
  518. $msg = $optimized ? "optimized" : "unoptimized";
  519. $extra = $this->chatty ?
  520. " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)"
  521. : "";
  522. throw new HTMLPurifier_Exception(
  523. "Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra
  524. );
  525. }
  526. }
  527. // check if definition was in memory
  528. if ($def) {
  529. if ($def->setup) {
  530. // invariant: $optimized === true (checked above)
  531. return null;
  532. } else {
  533. return $def;
  534. }
  535. }
  536. // if optimized, check if definition was in cache
  537. // (because we do the memory check first, this formulation
  538. // is prone to cache slamming, but I think
  539. // guaranteeing that either /all/ of the raw
  540. // setup code or /none/ of it is run is more important.)
  541. if ($optimized) {
  542. // This code path only gets run once; once we put
  543. // something in $definitions (which is guaranteed by the
  544. // trailing code), we always short-circuit above.
  545. $def = $cache->get($this);
  546. if ($def) {
  547. // save the full definition for later, but don't
  548. // return it yet
  549. $this->definitions[$type] = $def;
  550. return null;
  551. }
  552. }
  553. // check invariants for creation
  554. if (!$optimized) {
  555. if (!is_null($this->get($type . '.DefinitionID'))) {
  556. if ($this->chatty) {
  557. $this->triggerError(
  558. 'Due to a documentation error in previous version of HTML Purifier, your ' .
  559. 'definitions are not being cached. If this is OK, you can remove the ' .
  560. '%$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, ' .
  561. 'modify your code to use maybeGetRawDefinition, and test if the returned ' .
  562. 'value is null before making any edits (if it is null, that means that a ' .
  563. 'cached version is available, and no raw operations are necessary). See ' .
  564. '<a href="http://htmlpurifier.org/docs/enduser-customize.html#optimized">' .
  565. 'Customize</a> for more details',
  566. E_USER_WARNING
  567. );
  568. } else {
  569. $this->triggerError(
  570. "Useless DefinitionID declaration",
  571. E_USER_WARNING
  572. );
  573. }
  574. }
  575. }
  576. // initialize it
  577. $def = $this->initDefinition($type);
  578. $def->optimized = $optimized;
  579. return $def;
  580. }
  581. throw new HTMLPurifier_Exception("The impossible happened!");
  582. }
  583. /**
  584. * Initialise definition
  585. *
  586. * @param string $type What type of definition to create
  587. *
  588. * @return HTMLPurifier_CSSDefinition|HTMLPurifier_HTMLDefinition|HTMLPurifier_URIDefinition
  589. * @throws HTMLPurifier_Exception
  590. */
  591. private function initDefinition($type)
  592. {
  593. // quick checks failed, let's create the object
  594. if ($type == 'HTML') {
  595. $def = new HTMLPurifier_HTMLDefinition();
  596. } elseif ($type == 'CSS') {
  597. $def = new HTMLPurifier_CSSDefinition();
  598. } elseif ($type == 'URI') {
  599. $def = new HTMLPurifier_URIDefinition();
  600. } else {
  601. throw new HTMLPurifier_Exception(
  602. "Definition of $type type not supported"
  603. );
  604. }
  605. $this->definitions[$type] = $def;
  606. return $def;
  607. }
  608. public function maybeGetRawDefinition($name)
  609. {
  610. return $this->getDefinition($name, true, true);
  611. }
  612. /**
  613. * @return HTMLPurifier_HTMLDefinition|null
  614. */
  615. public function maybeGetRawHTMLDefinition()
  616. {
  617. return $this->getDefinition('HTML', true, true);
  618. }
  619. /**
  620. * @return HTMLPurifier_CSSDefinition|null
  621. */
  622. public function maybeGetRawCSSDefinition()
  623. {
  624. return $this->getDefinition('CSS', true, true);
  625. }
  626. /**
  627. * @return HTMLPurifier_URIDefinition|null
  628. */
  629. public function maybeGetRawURIDefinition()
  630. {
  631. return $this->getDefinition('URI', true, true);
  632. }
  633. /**
  634. * Loads configuration values from an array with the following structure:
  635. * Namespace.Directive => Value
  636. *
  637. * @param array $config_array Configuration associative array
  638. */
  639. public function loadArray($config_array)
  640. {
  641. if ($this->isFinalized('Cannot load directives after finalization')) {
  642. return;
  643. }
  644. foreach ($config_array as $key => $value) {
  645. $key = str_replace('_', '.', $key);
  646. if (strpos($key, '.') !== false) {
  647. $this->set($key, $value);
  648. } else {
  649. $namespace = $key;
  650. $namespace_values = $value;
  651. foreach ($namespace_values as $directive => $value2) {
  652. $this->set($namespace .'.'. $directive, $value2);
  653. }
  654. }
  655. }
  656. }
  657. /**
  658. * Returns a list of array(namespace, directive) for all directives
  659. * that are allowed in a web-form context as per an allowed
  660. * namespaces/directives list.
  661. *
  662. * @param array $allowed List of allowed namespaces/directives
  663. * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
  664. *
  665. * @return array
  666. */
  667. public static function getAllowedDirectivesForForm($allowed, $schema = null)
  668. {
  669. if (!$schema) {
  670. $schema = HTMLPurifier_ConfigSchema::instance();
  671. }
  672. if ($allowed !== true) {
  673. if (is_string($allowed)) {
  674. $allowed = array($allowed);
  675. }
  676. $allowed_ns = array();
  677. $allowed_directives = array();
  678. $blacklisted_directives = array();
  679. foreach ($allowed as $ns_or_directive) {
  680. if (strpos($ns_or_directive, '.') !== false) {
  681. // directive
  682. if ($ns_or_directive[0] == '-') {
  683. $blacklisted_directives[substr($ns_or_directive, 1)] = true;
  684. } else {
  685. $allowed_directives[$ns_or_directive] = true;
  686. }
  687. } else {
  688. // namespace
  689. $allowed_ns[$ns_or_directive] = true;
  690. }
  691. }
  692. }
  693. $ret = array();
  694. foreach ($schema->info as $key => $def) {
  695. list($ns, $directive) = explode('.', $key, 2);
  696. if ($allowed !== true) {
  697. if (isset($blacklisted_directives["$ns.$directive"])) {
  698. continue;
  699. }
  700. if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) {
  701. continue;
  702. }
  703. }
  704. if (isset($def->isAlias)) {
  705. continue;
  706. }
  707. if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') {
  708. continue;
  709. }
  710. $ret[] = array($ns, $directive);
  711. }
  712. return $ret;
  713. }
  714. /**
  715. * Loads configuration values from $_GET/$_POST that were posted
  716. * via ConfigForm
  717. *
  718. * @param array $array $_GET or $_POST array to import
  719. * @param string|bool $index Index/name that the config variables are in
  720. * @param array|bool $allowed List of allowed namespaces/directives
  721. * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
  722. * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
  723. *
  724. * @return mixed
  725. */
  726. public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
  727. {
  728. $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
  729. $config = HTMLPurifier_Config::create($ret, $schema);
  730. return $config;
  731. }
  732. /**
  733. * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
  734. *
  735. * @param array $array $_GET or $_POST array to import
  736. * @param string|bool $index Index/name that the config variables are in
  737. * @param array|bool $allowed List of allowed namespaces/directives
  738. * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
  739. */
  740. public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true)
  741. {
  742. $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
  743. $this->loadArray($ret);
  744. }
  745. /**
  746. * Prepares an array from a form into something usable for the more
  747. * strict parts of HTMLPurifier_Config
  748. *
  749. * @param array $array $_GET or $_POST array to import
  750. * @param string|bool $index Index/name that the config variables are in
  751. * @param array|bool $allowed List of allowed namespaces/directives
  752. * @param bool $mq_fix Boolean whether or not to enable magic quotes fix
  753. * @param HTMLPurifier_ConfigSchema $schema Schema to use, if not global copy
  754. *
  755. * @return array
  756. */
  757. public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null)
  758. {
  759. if ($index !== false) {
  760. $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
  761. }
  762. $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
  763. $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
  764. $ret = array();
  765. foreach ($allowed as $key) {
  766. list($ns, $directive) = $key;
  767. $skey = "$ns.$directive";
  768. if (!empty($array["Null_$skey"])) {
  769. $ret[$ns][$directive] = null;
  770. continue;
  771. }
  772. if (!isset($array[$skey])) {
  773. continue;
  774. }
  775. $value = $mq ? stripslashes($array[$skey]) : $array[$skey];
  776. $ret[$ns][$directive] = $value;
  777. }
  778. return $ret;
  779. }
  780. /**
  781. * Loads configuration values from an ini file
  782. *
  783. * @param string $filename Name of ini file
  784. */
  785. public function loadIni($filename)
  786. {
  787. if ($this->isFinalized('Cannot load directives after finalization')) {
  788. return;
  789. }
  790. $array = parse_ini_file($filename, true);
  791. $this->loadArray($array);
  792. }
  793. /**
  794. * Checks whether or not the configuration object is finalized.
  795. *
  796. * @param string|bool $error String error message, or false for no error
  797. *
  798. * @return bool
  799. */
  800. public function isFinalized($error = false)
  801. {
  802. if ($this->finalized && $error) {
  803. $this->triggerError($error, E_USER_ERROR);
  804. }
  805. return $this->finalized;
  806. }
  807. /**
  808. * Finalizes configuration only if auto finalize is on and not
  809. * already finalized
  810. */
  811. public function autoFinalize()
  812. {
  813. if ($this->autoFinalize) {
  814. $this->finalize();
  815. } else {
  816. $this->plist->squash(true);
  817. }
  818. }
  819. /**
  820. * Finalizes a configuration object, prohibiting further change
  821. */
  822. public function finalize()
  823. {
  824. $this->finalized = true;
  825. $this->parser = null;
  826. }
  827. /**
  828. * Produces a nicely formatted error message by supplying the
  829. * stack frame information OUTSIDE of HTMLPurifier_Config.
  830. *
  831. * @param string $msg An error message
  832. * @param int $no An error number
  833. */
  834. protected function triggerError($msg, $no)
  835. {
  836. // determine previous stack frame
  837. $extra = '';
  838. if ($this->chatty) {
  839. $trace = debug_backtrace();
  840. // zip(tail(trace), trace) -- but PHP is not Haskell har har
  841. for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
  842. // XXX this is not correct on some versions of HTML Purifier
  843. if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
  844. continue;
  845. }
  846. $frame = $trace[$i];
  847. $extra = " invoked on line {$frame['line']} in file {$frame['file']}";
  848. break;
  849. }
  850. }
  851. trigger_error($msg . $extra, $no);
  852. }
  853. /**
  854. * Returns a serialized form of the configuration object that can
  855. * be reconstituted.
  856. *
  857. * @return string
  858. */
  859. public function serialize()
  860. {
  861. $this->getDefinition('HTML');
  862. $this->getDefinition('CSS');
  863. $this->getDefinition('URI');
  864. return serialize($this);
  865. }
  866. }
  867. // vim: et sw=4 sts=4