ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e
HTMLPurifier_Config Class Reference

Configuration object that triggers customizable behavior. More...

+ Collaboration diagram for HTMLPurifier_Config:

Public Member Functions

 __construct ($definition, $parent=null)
 Constructor. More...
 
 get ($key, $a=null)
 Retrieves a value from the configuration. More...
 
 getBatch ($namespace)
 Retrieves an array of directives to values from a given namespace. More...
 
 getBatchSerial ($namespace)
 Returns a SHA-1 signature of a segment of the configuration object that uniquely identifies that particular configuration. More...
 
 getSerial ()
 Returns a SHA-1 signature for the entire configuration object that uniquely identifies that particular configuration. More...
 
 getAll ()
 Retrieves all directives, organized by namespace. More...
 
 set ($key, $value, $a=null)
 Sets a value to configuration. More...
 
 getHTMLDefinition ($raw=false, $optimized=false)
 Retrieves object reference to the HTML definition. More...
 
 getCSSDefinition ($raw=false, $optimized=false)
 Retrieves object reference to the CSS definition. More...
 
 getURIDefinition ($raw=false, $optimized=false)
 Retrieves object reference to the URI definition. More...
 
 getDefinition ($type, $raw=false, $optimized=false)
 Retrieves a definition. More...
 
 maybeGetRawDefinition ($name)
 
 maybeGetRawHTMLDefinition ()
 
 maybeGetRawCSSDefinition ()
 
 maybeGetRawURIDefinition ()
 
 loadArray ($config_array)
 Loads configuration values from an array with the following structure: Namespace.Directive => Value. More...
 
 mergeArrayFromForm ($array, $index=false, $allowed=true, $mq_fix=true)
 Merges in configuration values from $_GET/$_POST to object. More...
 
 loadIni ($filename)
 Loads configuration values from an ini file. More...
 
 isFinalized ($error=false)
 Checks whether or not the configuration object is finalized. More...
 
 autoFinalize ()
 Finalizes configuration only if auto finalize is on and not already finalized. More...
 
 finalize ()
 Finalizes a configuration object, prohibiting further change. More...
 
 serialize ()
 Returns a serialized form of the configuration object that can be reconstituted. More...
 

Static Public Member Functions

static create ($config, $schema=null)
 Convenience constructor that creates a config object based on a mixed var. More...
 
static inherit (HTMLPurifier_Config $config)
 Creates a new config object that inherits from a previous one. More...
 
static createDefault ()
 Convenience constructor that creates a default configuration object. More...
 
static getAllowedDirectivesForForm ($allowed, $schema=null)
 Returns a list of array(namespace, directive) for all directives that are allowed in a web-form context as per an allowed namespaces/directives list. More...
 
static loadArrayFromForm ($array, $index=false, $allowed=true, $mq_fix=true, $schema=null)
 Loads configuration values from $_GET/$_POST that were posted via ConfigForm. More...
 
static prepareArrayFromForm ($array, $index=false, $allowed=true, $mq_fix=true, $schema=null)
 Prepares an array from a form into something usable for the more strict parts of HTMLPurifier_Config. More...
 

Data Fields

 $version = '4.13.0'
 HTML Purifier's version string. More...
 
 $autoFinalize = true
 Whether or not to automatically finalize the object if a read operation is done. More...
 
 $def
 Reference HTMLPurifier_ConfigSchema for value checking. More...
 
 $chatty = true
 Set to false if you do not want line and file numbers in errors. More...
 

Protected Member Functions

 triggerError ($msg, $no)
 Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPurifier_Config. More...
 

Protected Attributes

 $serials = array()
 Namespace indexed array of serials for specific namespaces. More...
 
 $serial
 Serial for entire configuration object. More...
 
 $parser = null
 Parser for variables. More...
 
 $definitions
 Indexed array of definitions. More...
 
 $finalized = false
 Whether or not config is finalized. More...
 
 $plist
 Property list containing configuration directives. More...
 

Private Member Functions

 _listify ($lookup)
 Convenience function for error reporting. More...
 
 initDefinition ($type)
 Initialise definition. More...
 

Private Attributes

 $aliasMode
 Whether or not a set is taking place due to an alias lookup. More...
 
 $lock
 Current lock; only gets to this namespace are allowed. More...
 

Detailed Description

Configuration object that triggers customizable behavior.

Warning
This class is strongly defined: that means that the class will fail if an undefined directive is retrieved or set.
Note
Many classes that could (although many times don't) use the configuration object make it a mandatory parameter. This is because a configuration object should always be forwarded, otherwise, you run the risk of missing a parameter and then being stumped when a configuration directive doesn't work.
Todo:
Reconsider some of the public member variables

Definition at line 17 of file Config.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier_Config::__construct (   $definition,
  $parent = null 
)

Constructor.

Parameters
HTMLPurifier_ConfigSchema$definitionConfigSchema that defines what directives are allowed.
HTMLPurifier_PropertyList$parent

Definition at line 106 of file Config.php.

107  {
108  $parent = $parent ? $parent : $definition->defaultPlist;
109  $this->plist = new HTMLPurifier_PropertyList($parent);
110  $this->def = $definition; // keep a copy around for checking
111  $this->parser = new HTMLPurifier_VarParser_Flexible();
112  }
Performs safe variable parsing based on types which can be used by users.
Definition: Flexible.php:8
Generic property list implementation.
Definition: PropertyList.php:6

Member Function Documentation

◆ _listify()

HTMLPurifier_Config::_listify (   $lookup)
private

Convenience function for error reporting.

Parameters
array$lookup
Returns
string

Definition at line 390 of file Config.php.

References $list, and $name.

Referenced by set().

391  {
392  $list = array();
393  foreach ($lookup as $name => $b) {
394  $list[] = $name;
395  }
396  return implode(', ', $list);
397  }
if(isset($_REQUEST['delete'])) $list
Definition: registry.php:41
+ Here is the caller graph for this function:

◆ autoFinalize()

HTMLPurifier_Config::autoFinalize ( )

Finalizes configuration only if auto finalize is on and not already finalized.

Definition at line 859 of file Config.php.

References finalize().

Referenced by get(), getAll(), getBatch(), and getDefinition().

860  {
861  if ($this->autoFinalize) {
862  $this->finalize();
863  } else {
864  $this->plist->squash(true);
865  }
866  }
autoFinalize()
Finalizes configuration only if auto finalize is on and not already finalized.
Definition: Config.php:859
finalize()
Finalizes a configuration object, prohibiting further change.
Definition: Config.php:871
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create()

static HTMLPurifier_Config::create (   $config,
  $schema = null 
)
static

Convenience constructor that creates a config object based on a mixed var.

Parameters
mixed$configVariable that defines the state of the config object. Can be: a HTMLPurifier_Config() object, an array of directives based on loadArray(), or a string filename of an ini file.
HTMLPurifier_ConfigSchema$schemaSchema object
Returns
HTMLPurifier_Config Configured object

Definition at line 123 of file Config.php.

References $config, $ret, and createDefault().

Referenced by HTMLPurifier\__construct(), loadArrayFromForm(), and HTMLPurifier\purify().

124  {
125  if ($config instanceof HTMLPurifier_Config) {
126  // pass-through
127  return $config;
128  }
129  if (!$schema) {
131  } else {
132  $ret = new HTMLPurifier_Config($schema);
133  }
134  if (is_string($config)) {
135  $ret->loadIni($config);
136  } elseif (is_array($config)) $ret->loadArray($config);
137  return $ret;
138  }
$config
Definition: bootstrap.php:15
static createDefault()
Convenience constructor that creates a default configuration object.
Definition: Config.php:154
Configuration object that triggers customizable behavior.
Definition: Config.php:17
$ret
Definition: parser.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createDefault()

static HTMLPurifier_Config::createDefault ( )
static

Convenience constructor that creates a default configuration object.

Returns
HTMLPurifier_Config default object.

Definition at line 154 of file Config.php.

References $config, and HTMLPurifier_ConfigSchema\instance().

Referenced by create(), ilAssHtmlPurifier\getPurifierConfigInstance(), ilTermsOfServiceDocumentHtmlPurifier\getPurifierConfigInstance(), ilHtmlForumPostPurifier\getPurifierConfigInstance(), HTMLPurifier_URISchemeRegistry\getScheme(), and kses().

155  {
156  $definition = HTMLPurifier_ConfigSchema::instance();
157  $config = new HTMLPurifier_Config($definition);
158  return $config;
159  }
$config
Definition: bootstrap.php:15
Configuration object that triggers customizable behavior.
Definition: Config.php:17
static instance($prototype=null)
Retrieves an instance of the application-wide configuration definition.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ finalize()

HTMLPurifier_Config::finalize ( )

Finalizes a configuration object, prohibiting further change.

Definition at line 871 of file Config.php.

Referenced by autoFinalize().

872  {
873  $this->finalized = true;
874  $this->parser = null;
875  }
+ Here is the caller graph for this function:

◆ get()

HTMLPurifier_Config::get (   $key,
  $a = null 
)

Retrieves a value from the configuration.

Parameters
string$keyString key
mixed$a
Returns
mixed

Definition at line 169 of file Config.php.

References $d, $key, autoFinalize(), and triggerError().

170  {
171  if ($a !== null) {
172  $this->triggerError(
173  "Using deprecated API: use \$config->get('$key.$a') instead",
174  E_USER_WARNING
175  );
176  $key = "$key.$a";
177  }
178  if (!$this->finalized) {
179  $this->autoFinalize();
180  }
181  if (!isset($this->def->info[$key])) {
182  // can't add % due to SimpleTest bug
183  $this->triggerError(
184  'Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
185  E_USER_WARNING
186  );
187  return;
188  }
189  if (isset($this->def->info[$key]->isAlias)) {
190  $d = $this->def->info[$key];
191  $this->triggerError(
192  'Cannot get value from aliased directive, use real name ' . $d->key,
193  E_USER_ERROR
194  );
195  return;
196  }
197  if ($this->lock) {
198  list($ns) = explode('.', $key);
199  if ($ns !== $this->lock) {
200  $this->triggerError(
201  'Cannot get value of namespace ' . $ns . ' when lock for ' .
202  $this->lock .
203  ' is active, this probably indicates a Definition setup method ' .
204  'is accessing directives that are not within its namespace',
205  E_USER_ERROR
206  );
207  return;
208  }
209  }
210  return $this->plist->get($key);
211  }
autoFinalize()
Finalizes configuration only if auto finalize is on and not already finalized.
Definition: Config.php:859
triggerError($msg, $no)
Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPur...
Definition: Config.php:884
$key
Definition: croninfo.php:18
for($i=6; $i< 13; $i++) for($i=1; $i< 13; $i++) $d
Definition: date.php:296
+ Here is the call graph for this function:

◆ getAll()

HTMLPurifier_Config::getAll ( )

Retrieves all directives, organized by namespace.

Warning
This is a pretty inefficient function, avoid if you can

Definition at line 276 of file Config.php.

References $key, $name, $ret, and autoFinalize().

Referenced by getBatch(), and getSerial().

277  {
278  if (!$this->finalized) {
279  $this->autoFinalize();
280  }
281  $ret = array();
282  foreach ($this->plist->squash() as $name => $value) {
283  list($ns, $key) = explode('.', $name, 2);
284  $ret[$ns][$key] = $value;
285  }
286  return $ret;
287  }
autoFinalize()
Finalizes configuration only if auto finalize is on and not already finalized.
Definition: Config.php:859
$ret
Definition: parser.php:6
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAllowedDirectivesForForm()

static HTMLPurifier_Config::getAllowedDirectivesForForm (   $allowed,
  $schema = null 
)
static

Returns a list of array(namespace, directive) for all directives that are allowed in a web-form context as per an allowed namespaces/directives list.

Parameters
array$allowedList of allowed namespaces/directives
HTMLPurifier_ConfigSchema$schemaSchema to use, if not global copy
Returns
array

Definition at line 708 of file Config.php.

References $def, $key, $ret, and HTMLPurifier_ConfigSchema\instance().

Referenced by prepareArrayFromForm(), and HTMLPurifier_Printer_ConfigForm\render().

709  {
710  if (!$schema) {
712  }
713  if ($allowed !== true) {
714  if (is_string($allowed)) {
715  $allowed = array($allowed);
716  }
717  $allowed_ns = array();
718  $allowed_directives = array();
719  $blacklisted_directives = array();
720  foreach ($allowed as $ns_or_directive) {
721  if (strpos($ns_or_directive, '.') !== false) {
722  // directive
723  if ($ns_or_directive[0] == '-') {
724  $blacklisted_directives[substr($ns_or_directive, 1)] = true;
725  } else {
726  $allowed_directives[$ns_or_directive] = true;
727  }
728  } else {
729  // namespace
730  $allowed_ns[$ns_or_directive] = true;
731  }
732  }
733  }
734  $ret = array();
735  foreach ($schema->info as $key => $def) {
736  list($ns, $directive) = explode('.', $key, 2);
737  if ($allowed !== true) {
738  if (isset($blacklisted_directives["$ns.$directive"])) {
739  continue;
740  }
741  if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) {
742  continue;
743  }
744  }
745  if (isset($def->isAlias)) {
746  continue;
747  }
748  if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') {
749  continue;
750  }
751  $ret[] = array($ns, $directive);
752  }
753  return $ret;
754  }
$def
Reference HTMLPurifier_ConfigSchema for value checking.
Definition: Config.php:60
static instance($prototype=null)
Retrieves an instance of the application-wide configuration definition.
$ret
Definition: parser.php:6
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getBatch()

HTMLPurifier_Config::getBatch (   $namespace)

Retrieves an array of directives to values from a given namespace.

Parameters
string$namespaceString namespace
Returns
array

Definition at line 220 of file Config.php.

References $namespace, autoFinalize(), getAll(), and triggerError().

Referenced by getBatchSerial().

221  {
222  if (!$this->finalized) {
223  $this->autoFinalize();
224  }
225  $full = $this->getAll();
226  if (!isset($full[$namespace])) {
227  $this->triggerError(
228  'Cannot retrieve undefined namespace ' .
229  htmlspecialchars($namespace),
230  E_USER_WARNING
231  );
232  return;
233  }
234  return $full[$namespace];
235  }
if($err=$client->getError()) $namespace
autoFinalize()
Finalizes configuration only if auto finalize is on and not already finalized.
Definition: Config.php:859
triggerError($msg, $no)
Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPur...
Definition: Config.php:884
getAll()
Retrieves all directives, organized by namespace.
Definition: Config.php:276
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getBatchSerial()

HTMLPurifier_Config::getBatchSerial (   $namespace)

Returns a SHA-1 signature of a segment of the configuration object that uniquely identifies that particular configuration.

Parameters
string$namespaceNamespace to get serial for
Returns
string
Note
Revision is handled specially and is removed from the batch before processing!

Definition at line 247 of file Config.php.

References $namespace, getBatch(), and serialize().

248  {
249  if (empty($this->serials[$namespace])) {
250  $batch = $this->getBatch($namespace);
251  unset($batch['DefinitionRev']);
252  $this->serials[$namespace] = sha1(serialize($batch));
253  }
254  return $this->serials[$namespace];
255  }
if($err=$client->getError()) $namespace
getBatch($namespace)
Retrieves an array of directives to values from a given namespace.
Definition: Config.php:220
serialize()
Returns a serialized form of the configuration object that can be reconstituted.
Definition: Config.php:910
+ Here is the call graph for this function:

◆ getCSSDefinition()

HTMLPurifier_Config::getCSSDefinition (   $raw = false,
  $optimized = false 
)

Retrieves object reference to the CSS definition.

Parameters
bool$rawReturn a copy that has not been setup yet. Must be called before it's been setup, otherwise won't work.
bool$optimizedIf true, this method may return null, to indicate that a cached version of the modified definition object is available and no further edits are necessary. Consider using maybeGetRawCSSDefinition, which is more explicitly named, instead.
Returns
HTMLPurifier_CSSDefinition|null

Definition at line 432 of file Config.php.

References getDefinition().

433  {
434  return $this->getDefinition('CSS', $raw, $optimized);
435  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ getDefinition()

HTMLPurifier_Config::getDefinition (   $type,
  $raw = false,
  $optimized = false 
)

Retrieves a definition.

Parameters
string$typeType of definition: HTML, CSS, etc
bool$rawWhether or not definition should be returned raw
bool$optimizedOnly has an effect when $raw is true. Whether or not to return null if the result is already present in the cache. This is off by default for backwards compatibility reasons, but you need to do things this way in order to ensure that caching is done properly. Check out enduser-customize.html for more details. We probably won't ever change this default, as much as the maybe semantics is the "right thing to do."
Exceptions
HTMLPurifier_Exception
Returns
HTMLPurifier_Definition|null

Definition at line 473 of file Config.php.

References $def, $factory, $lock, $type, autoFinalize(), initDefinition(), HTMLPurifier_DefinitionCacheFactory\instance(), and triggerError().

Referenced by getCSSDefinition(), getHTMLDefinition(), getURIDefinition(), maybeGetRawCSSDefinition(), maybeGetRawDefinition(), maybeGetRawHTMLDefinition(), maybeGetRawURIDefinition(), and serialize().

474  {
475  if ($optimized && !$raw) {
476  throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
477  }
478  if (!$this->finalized) {
479  $this->autoFinalize();
480  }
481  // temporarily suspend locks, so we can handle recursive definition calls
482  $lock = $this->lock;
483  $this->lock = null;
485  $cache = $factory->create($type, $this);
486  $this->lock = $lock;
487  if (!$raw) {
488  // full definition
489  // ---------------
490  // check if definition is in memory
491  if (!empty($this->definitions[$type])) {
492  $def = $this->definitions[$type];
493  // check if the definition is setup
494  if ($def->setup) {
495  return $def;
496  } else {
497  $def->setup($this);
498  if ($def->optimized) {
499  $cache->add($def, $this);
500  }
501  return $def;
502  }
503  }
504  // check if definition is in cache
505  $def = $cache->get($this);
506  if ($def) {
507  // definition in cache, save to memory and return it
508  $this->definitions[$type] = $def;
509  return $def;
510  }
511  // initialize it
512  $def = $this->initDefinition($type);
513  // set it up
514  $this->lock = $type;
515  $def->setup($this);
516  $this->lock = null;
517  // save in cache
518  $cache->add($def, $this);
519  // return it
520  return $def;
521  } else {
522  // raw definition
523  // --------------
524  // check preconditions
525  $def = null;
526  if ($optimized) {
527  if (is_null($this->get($type . '.DefinitionID'))) {
528  // fatally error out if definition ID not set
529  throw new HTMLPurifier_Exception(
530  "Cannot retrieve raw version without specifying %$type.DefinitionID"
531  );
532  }
533  }
534  if (!empty($this->definitions[$type])) {
535  $def = $this->definitions[$type];
536  if ($def->setup && !$optimized) {
537  $extra = $this->chatty ?
538  " (try moving this code block earlier in your initialization)" :
539  "";
540  throw new HTMLPurifier_Exception(
541  "Cannot retrieve raw definition after it has already been setup" .
542  $extra
543  );
544  }
545  if ($def->optimized === null) {
546  $extra = $this->chatty ? " (try flushing your cache)" : "";
547  throw new HTMLPurifier_Exception(
548  "Optimization status of definition is unknown" . $extra
549  );
550  }
551  if ($def->optimized !== $optimized) {
552  $msg = $optimized ? "optimized" : "unoptimized";
553  $extra = $this->chatty ?
554  " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)"
555  : "";
556  throw new HTMLPurifier_Exception(
557  "Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra
558  );
559  }
560  }
561  // check if definition was in memory
562  if ($def) {
563  if ($def->setup) {
564  // invariant: $optimized === true (checked above)
565  return null;
566  } else {
567  return $def;
568  }
569  }
570  // if optimized, check if definition was in cache
571  // (because we do the memory check first, this formulation
572  // is prone to cache slamming, but I think
573  // guaranteeing that either /all/ of the raw
574  // setup code or /none/ of it is run is more important.)
575  if ($optimized) {
576  // This code path only gets run once; once we put
577  // something in $definitions (which is guaranteed by the
578  // trailing code), we always short-circuit above.
579  $def = $cache->get($this);
580  if ($def) {
581  // save the full definition for later, but don't
582  // return it yet
583  $this->definitions[$type] = $def;
584  return null;
585  }
586  }
587  // check invariants for creation
588  if (!$optimized) {
589  if (!is_null($this->get($type . '.DefinitionID'))) {
590  if ($this->chatty) {
591  $this->triggerError(
592  'Due to a documentation error in previous version of HTML Purifier, your ' .
593  'definitions are not being cached. If this is OK, you can remove the ' .
594  '%$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, ' .
595  'modify your code to use maybeGetRawDefinition, and test if the returned ' .
596  'value is null before making any edits (if it is null, that means that a ' .
597  'cached version is available, and no raw operations are necessary). See ' .
598  '<a href="http://htmlpurifier.org/docs/enduser-customize.html#optimized">' .
599  'Customize</a> for more details',
600  E_USER_WARNING
601  );
602  } else {
603  $this->triggerError(
604  "Useless DefinitionID declaration",
605  E_USER_WARNING
606  );
607  }
608  }
609  }
610  // initialize it
611  $def = $this->initDefinition($type);
612  $def->optimized = $optimized;
613  return $def;
614  }
615  throw new HTMLPurifier_Exception("The impossible happened!");
616  }
$type
$factory
Definition: metadata.php:43
$lock
Current lock; only gets to this namespace are allowed.
Definition: Config.php:98
static instance($prototype=null)
Retrieves an instance of global definition cache factory.
autoFinalize()
Finalizes configuration only if auto finalize is on and not already finalized.
Definition: Config.php:859
$def
Reference HTMLPurifier_ConfigSchema for value checking.
Definition: Config.php:60
triggerError($msg, $no)
Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPur...
Definition: Config.php:884
initDefinition($type)
Initialise definition.
Definition: Config.php:626
Global exception class for HTML Purifier; any exceptions we throw are from here.
Definition: Exception.php:7
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getHTMLDefinition()

HTMLPurifier_Config::getHTMLDefinition (   $raw = false,
  $optimized = false 
)

Retrieves object reference to the HTML definition.

Parameters
bool$rawReturn a copy that has not been setup yet. Must be called before it's been setup, otherwise won't work.
bool$optimizedIf true, this method may return null, to indicate that a cached version of the modified definition object is available and no further edits are necessary. Consider using maybeGetRawHTMLDefinition, which is more explicitly named, instead.
Returns
HTMLPurifier_HTMLDefinition|null

Definition at line 413 of file Config.php.

References getDefinition().

414  {
415  return $this->getDefinition('HTML', $raw, $optimized);
416  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ getSerial()

HTMLPurifier_Config::getSerial ( )

Returns a SHA-1 signature for the entire configuration object that uniquely identifies that particular configuration.

Returns
string

Definition at line 263 of file Config.php.

References $serial, getAll(), and serialize().

264  {
265  if (empty($this->serial)) {
266  $this->serial = sha1(serialize($this->getAll()));
267  }
268  return $this->serial;
269  }
$serial
Serial for entire configuration object.
Definition: Config.php:46
getAll()
Retrieves all directives, organized by namespace.
Definition: Config.php:276
serialize()
Returns a serialized form of the configuration object that can be reconstituted.
Definition: Config.php:910
+ Here is the call graph for this function:

◆ getURIDefinition()

HTMLPurifier_Config::getURIDefinition (   $raw = false,
  $optimized = false 
)

Retrieves object reference to the URI definition.

Parameters
bool$rawReturn a copy that has not been setup yet. Must be called before it's been setup, otherwise won't work.
bool$optimizedIf true, this method may return null, to indicate that a cached version of the modified definition object is available and no further edits are necessary. Consider using maybeGetRawURIDefinition, which is more explicitly named, instead.
Returns
HTMLPurifier_URIDefinition|null

Definition at line 451 of file Config.php.

References getDefinition().

452  {
453  return $this->getDefinition('URI', $raw, $optimized);
454  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ inherit()

static HTMLPurifier_Config::inherit ( HTMLPurifier_Config  $config)
static

Creates a new config object that inherits from a previous one.

Parameters
HTMLPurifier_Config$configConfiguration object to inherit from.
Returns
HTMLPurifier_Config object with $config as its parent.

Definition at line 145 of file Config.php.

146  {
147  return new HTMLPurifier_Config($config->def, $config->plist);
148  }
Configuration object that triggers customizable behavior.
Definition: Config.php:17

◆ initDefinition()

HTMLPurifier_Config::initDefinition (   $type)
private

Initialise definition.

Parameters
string$typeWhat type of definition to create
Returns
HTMLPurifier_CSSDefinition|HTMLPurifier_HTMLDefinition|HTMLPurifier_URIDefinition
Exceptions
HTMLPurifier_Exception

Definition at line 626 of file Config.php.

References $def, and $type.

Referenced by getDefinition().

627  {
628  // quick checks failed, let's create the object
629  if ($type == 'HTML') {
631  } elseif ($type == 'CSS') {
633  } elseif ($type == 'URI') {
635  } else {
636  throw new HTMLPurifier_Exception(
637  "Definition of $type type not supported"
638  );
639  }
640  $this->definitions[$type] = $def;
641  return $def;
642  }
Definition of the purified HTML that describes allowed children, attributes, and many other things...
$type
$def
Reference HTMLPurifier_ConfigSchema for value checking.
Definition: Config.php:60
Global exception class for HTML Purifier; any exceptions we throw are from here.
Definition: Exception.php:7
Defines allowed CSS attributes and what their values are.
+ Here is the caller graph for this function:

◆ isFinalized()

HTMLPurifier_Config::isFinalized (   $error = false)

Checks whether or not the configuration object is finalized.

Parameters
string | bool$errorString error message, or false for no error
Returns
bool

Definition at line 847 of file Config.php.

References $finalized, and triggerError().

Referenced by loadArray(), loadIni(), and set().

848  {
849  if ($this->finalized && $error) {
850  $this->triggerError($error, E_USER_ERROR);
851  }
852  return $this->finalized;
853  }
$finalized
Whether or not config is finalized.
Definition: Config.php:72
triggerError($msg, $no)
Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPur...
Definition: Config.php:884
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadArray()

HTMLPurifier_Config::loadArray (   $config_array)

Loads configuration values from an array with the following structure: Namespace.Directive => Value.

Parameters
array$config_arrayConfiguration associative array

Definition at line 679 of file Config.php.

References $key, $namespace, and isFinalized().

Referenced by loadIni(), and mergeArrayFromForm().

680  {
681  if ($this->isFinalized('Cannot load directives after finalization')) {
682  return;
683  }
684  foreach ($config_array as $key => $value) {
685  $key = str_replace('_', '.', $key);
686  if (strpos($key, '.') !== false) {
687  $this->set($key, $value);
688  } else {
689  $namespace = $key;
690  $namespace_values = $value;
691  foreach ($namespace_values as $directive => $value2) {
692  $this->set($namespace .'.'. $directive, $value2);
693  }
694  }
695  }
696  }
if($err=$client->getError()) $namespace
isFinalized($error=false)
Checks whether or not the configuration object is finalized.
Definition: Config.php:847
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadArrayFromForm()

static HTMLPurifier_Config::loadArrayFromForm (   $array,
  $index = false,
  $allowed = true,
  $mq_fix = true,
  $schema = null 
)
static

Loads configuration values from $_GET/$_POST that were posted via ConfigForm.

Parameters
array$array$_GET or $_POST array to import
string | bool$indexIndex/name that the config variables are in
array | bool$allowedList of allowed namespaces/directives
bool$mq_fixBoolean whether or not to enable magic quotes fix
HTMLPurifier_ConfigSchema$schemaSchema to use, if not global copy
Returns
mixed

Definition at line 768 of file Config.php.

References $config, $index, $ret, create(), and prepareArrayFromForm().

769  {
770  $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
772  return $config;
773  }
static prepareArrayFromForm($array, $index=false, $allowed=true, $mq_fix=true, $schema=null)
Prepares an array from a form into something usable for the more strict parts of HTMLPurifier_Config...
Definition: Config.php:801
$config
Definition: bootstrap.php:15
$index
Definition: metadata.php:60
static create($config, $schema=null)
Convenience constructor that creates a config object based on a mixed var.
Definition: Config.php:123
$ret
Definition: parser.php:6
+ Here is the call graph for this function:

◆ loadIni()

HTMLPurifier_Config::loadIni (   $filename)

Loads configuration values from an ini file.

Parameters
string$filenameName of ini file

Definition at line 831 of file Config.php.

References $filename, isFinalized(), and loadArray().

832  {
833  if ($this->isFinalized('Cannot load directives after finalization')) {
834  return;
835  }
836  $array = parse_ini_file($filename, true);
837  $this->loadArray($array);
838  }
isFinalized($error=false)
Checks whether or not the configuration object is finalized.
Definition: Config.php:847
loadArray($config_array)
Loads configuration values from an array with the following structure: Namespace.Directive => Value...
Definition: Config.php:679
$filename
Definition: buildRTE.php:89
+ Here is the call graph for this function:

◆ maybeGetRawCSSDefinition()

HTMLPurifier_Config::maybeGetRawCSSDefinition ( )
Returns
HTMLPurifier_CSSDefinition|null

Definition at line 660 of file Config.php.

References getDefinition().

661  {
662  return $this->getDefinition('CSS', true, true);
663  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ maybeGetRawDefinition()

HTMLPurifier_Config::maybeGetRawDefinition (   $name)

Definition at line 644 of file Config.php.

References $name, and getDefinition().

645  {
646  return $this->getDefinition($name, true, true);
647  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ maybeGetRawHTMLDefinition()

HTMLPurifier_Config::maybeGetRawHTMLDefinition ( )
Returns
HTMLPurifier_HTMLDefinition|null

Definition at line 652 of file Config.php.

References getDefinition().

653  {
654  return $this->getDefinition('HTML', true, true);
655  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ maybeGetRawURIDefinition()

HTMLPurifier_Config::maybeGetRawURIDefinition ( )
Returns
HTMLPurifier_URIDefinition|null

Definition at line 668 of file Config.php.

References getDefinition().

669  {
670  return $this->getDefinition('URI', true, true);
671  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
+ Here is the call graph for this function:

◆ mergeArrayFromForm()

HTMLPurifier_Config::mergeArrayFromForm (   $array,
  $index = false,
  $allowed = true,
  $mq_fix = true 
)

Merges in configuration values from $_GET/$_POST to object.

NOT STATIC.

Parameters
array$array$_GET or $_POST array to import
string | bool$indexIndex/name that the config variables are in
array | bool$allowedList of allowed namespaces/directives
bool$mq_fixBoolean whether or not to enable magic quotes fix

Definition at line 783 of file Config.php.

References $index, $ret, loadArray(), and prepareArrayFromForm().

784  {
785  $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
786  $this->loadArray($ret);
787  }
static prepareArrayFromForm($array, $index=false, $allowed=true, $mq_fix=true, $schema=null)
Prepares an array from a form into something usable for the more strict parts of HTMLPurifier_Config...
Definition: Config.php:801
$index
Definition: metadata.php:60
loadArray($config_array)
Loads configuration values from an array with the following structure: Namespace.Directive => Value...
Definition: Config.php:679
$ret
Definition: parser.php:6
+ Here is the call graph for this function:

◆ prepareArrayFromForm()

static HTMLPurifier_Config::prepareArrayFromForm (   $array,
  $index = false,
  $allowed = true,
  $mq_fix = true,
  $schema = null 
)
static

Prepares an array from a form into something usable for the more strict parts of HTMLPurifier_Config.

Parameters
array$array$_GET or $_POST array to import
string | bool$indexIndex/name that the config variables are in
array | bool$allowedList of allowed namespaces/directives
bool$mq_fixBoolean whether or not to enable magic quotes fix
HTMLPurifier_ConfigSchema$schemaSchema to use, if not global copy
Returns
array

Definition at line 801 of file Config.php.

References $index, $key, $ret, and getAllowedDirectivesForForm().

Referenced by loadArrayFromForm(), and mergeArrayFromForm().

802  {
803  if ($index !== false) {
804  $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
805  }
806  $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
807 
808  $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
809  $ret = array();
810  foreach ($allowed as $key) {
811  list($ns, $directive) = $key;
812  $skey = "$ns.$directive";
813  if (!empty($array["Null_$skey"])) {
814  $ret[$ns][$directive] = null;
815  continue;
816  }
817  if (!isset($array[$skey])) {
818  continue;
819  }
820  $value = $mq ? stripslashes($array[$skey]) : $array[$skey];
821  $ret[$ns][$directive] = $value;
822  }
823  return $ret;
824  }
$index
Definition: metadata.php:60
$ret
Definition: parser.php:6
static getAllowedDirectivesForForm($allowed, $schema=null)
Returns a list of array(namespace, directive) for all directives that are allowed in a web-form conte...
Definition: Config.php:708
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ serialize()

HTMLPurifier_Config::serialize ( )

Returns a serialized form of the configuration object that can be reconstituted.

Returns
string

Definition at line 910 of file Config.php.

References getDefinition().

Referenced by getBatchSerial(), and getSerial().

911  {
912  $this->getDefinition('HTML');
913  $this->getDefinition('CSS');
914  $this->getDefinition('URI');
915  return serialize($this);
916  }
getDefinition($type, $raw=false, $optimized=false)
Retrieves a definition.
Definition: Config.php:473
serialize()
Returns a serialized form of the configuration object that can be reconstituted.
Definition: Config.php:910
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ set()

HTMLPurifier_Config::set (   $key,
  $value,
  $a = null 
)

Sets a value to configuration.

Parameters
string$keykey
mixed$valuevalue
mixed$a

Definition at line 296 of file Config.php.

References $def, $key, $namespace, $type, _listify(), HTMLPurifier_VarParser\getTypeName(), isFinalized(), and triggerError().

297  {
298  if (strpos($key, '.') === false) {
299  $namespace = $key;
300  $directive = $value;
301  $value = $a;
302  $key = "$key.$directive";
303  $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
304  } else {
305  list($namespace) = explode('.', $key);
306  }
307  if ($this->isFinalized('Cannot set directive after finalization')) {
308  return;
309  }
310  if (!isset($this->def->info[$key])) {
311  $this->triggerError(
312  'Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
313  E_USER_WARNING
314  );
315  return;
316  }
317  $def = $this->def->info[$key];
318 
319  if (isset($def->isAlias)) {
320  if ($this->aliasMode) {
321  $this->triggerError(
322  'Double-aliases not allowed, please fix '.
323  'ConfigSchema bug with' . $key,
324  E_USER_ERROR
325  );
326  return;
327  }
328  $this->aliasMode = true;
329  $this->set($def->key, $value);
330  $this->aliasMode = false;
331  $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
332  return;
333  }
334 
335  // Raw type might be negative when using the fully optimized form
336  // of stdClass, which indicates allow_null == true
337  $rtype = is_int($def) ? $def : $def->type;
338  if ($rtype < 0) {
339  $type = -$rtype;
340  $allow_null = true;
341  } else {
342  $type = $rtype;
343  $allow_null = isset($def->allow_null);
344  }
345 
346  try {
347  $value = $this->parser->parse($value, $type, $allow_null);
348  } catch (HTMLPurifier_VarParserException $e) {
349  $this->triggerError(
350  'Value for ' . $key . ' is of invalid type, should be ' .
352  E_USER_WARNING
353  );
354  return;
355  }
356  if (is_string($value) && is_object($def)) {
357  // resolve value alias if defined
358  if (isset($def->aliases[$value])) {
359  $value = $def->aliases[$value];
360  }
361  // check to see if the value is allowed
362  if (isset($def->allowed) && !isset($def->allowed[$value])) {
363  $this->triggerError(
364  'Value not supported, valid values are: ' .
365  $this->_listify($def->allowed),
366  E_USER_WARNING
367  );
368  return;
369  }
370  }
371  $this->plist->set($key, $value);
372 
373  // reset definitions if the directives they depend on changed
374  // this is a very costly process, so it's discouraged
375  // with finalization
376  if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
377  $this->definitions[$namespace] = null;
378  }
379 
380  $this->serials[$namespace] = false;
381  }
if($err=$client->getError()) $namespace
isFinalized($error=false)
Checks whether or not the configuration object is finalized.
Definition: Config.php:847
$type
Exception type for HTMLPurifier_VarParser.
_listify($lookup)
Convenience function for error reporting.
Definition: Config.php:390
$def
Reference HTMLPurifier_ConfigSchema for value checking.
Definition: Config.php:60
triggerError($msg, $no)
Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPur...
Definition: Config.php:884
$key
Definition: croninfo.php:18
static getTypeName($type)
Definition: VarParser.php:184
+ Here is the call graph for this function:

◆ triggerError()

HTMLPurifier_Config::triggerError (   $msg,
  $no 
)
protected

Produces a nicely formatted error message by supplying the stack frame information OUTSIDE of HTMLPurifier_Config.

Parameters
string$msgAn error message
int$noAn error number

Definition at line 884 of file Config.php.

References $c, and $i.

Referenced by get(), getBatch(), getDefinition(), isFinalized(), and set().

885  {
886  // determine previous stack frame
887  $extra = '';
888  if ($this->chatty) {
889  $trace = debug_backtrace();
890  // zip(tail(trace), trace) -- but PHP is not Haskell har har
891  for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
892  // XXX this is not correct on some versions of HTML Purifier
893  if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
894  continue;
895  }
896  $frame = $trace[$i];
897  $extra = " invoked on line {$frame['line']} in file {$frame['file']}";
898  break;
899  }
900  }
901  trigger_error($msg . $extra, $no);
902  }
$i
Definition: disco.tpl.php:19
+ Here is the caller graph for this function:

Field Documentation

◆ $aliasMode

HTMLPurifier_Config::$aliasMode
private

Whether or not a set is taking place due to an alias lookup.

bool

Definition at line 84 of file Config.php.

◆ $autoFinalize

HTMLPurifier_Config::$autoFinalize = true

Whether or not to automatically finalize the object if a read operation is done.

bool

Definition at line 31 of file Config.php.

◆ $chatty

HTMLPurifier_Config::$chatty = true

Set to false if you do not want line and file numbers in errors.

(useful when unit testing). This will also compress some errors and exceptions. bool

Definition at line 92 of file Config.php.

◆ $def

HTMLPurifier_Config::$def

Reference HTMLPurifier_ConfigSchema for value checking.

HTMLPurifier_ConfigSchema

Note
This is public for introspective purposes. Please don't abuse!

Definition at line 60 of file Config.php.

Referenced by getAllowedDirectivesForForm(), getDefinition(), initDefinition(), and set().

◆ $definitions

HTMLPurifier_Config::$definitions
protected

Indexed array of definitions.

HTMLPurifier_Definition[]

Definition at line 66 of file Config.php.

◆ $finalized

HTMLPurifier_Config::$finalized = false
protected

Whether or not config is finalized.

bool

Definition at line 72 of file Config.php.

Referenced by isFinalized().

◆ $lock

HTMLPurifier_Config::$lock
private

Current lock; only gets to this namespace are allowed.

string

Definition at line 98 of file Config.php.

Referenced by getDefinition().

◆ $parser

HTMLPurifier_Config::$parser = null
protected

Parser for variables.

HTMLPurifier_VarParser_Flexible

Definition at line 52 of file Config.php.

◆ $plist

HTMLPurifier_Config::$plist
protected

Property list containing configuration directives.

array

Definition at line 78 of file Config.php.

◆ $serial

HTMLPurifier_Config::$serial
protected

Serial for entire configuration object.

string

Definition at line 46 of file Config.php.

Referenced by getSerial().

◆ $serials

HTMLPurifier_Config::$serials = array()
protected

Namespace indexed array of serials for specific namespaces.

See also
getSerial() for more info. string[]

Definition at line 40 of file Config.php.

◆ $version

HTMLPurifier_Config::$version = '4.13.0'

HTML Purifier's version string.

Definition at line 24 of file Config.php.


The documentation for this class was generated from the following file: