ILIAS  release_4-4 Revision
Public Member Functions | Data Fields
HTMLPurifier_HTMLModuleManager Class Reference
+ Collaboration diagram for HTMLPurifier_HTMLModuleManager:

Public Member Functions

 __construct ()
 
 registerModule ($module, $overload=false)
 Registers a module to the recognized module list, useful for overloading pre-existing modules. More...
 
 addModule ($module)
 Adds a module to the current doctype by first registering it, and then tacking it on to the active doctype. More...
 
 addPrefix ($prefix)
 Adds a class prefix that registerModule() will use to resolve a string name to a concrete class. More...
 
 setup ($config)
 Performs processing on modules, after being called you may use getElement() and getElements() More...
 
 processModule ($module)
 Takes a module and adds it to the active module collection, registering it if necessary. More...
 
 getElements ()
 Retrieves merged element definitions. More...
 
 getElement ($name, $trusted=null)
 Retrieves a single merged element definition. More...
 

Data Fields

 $doctypes
 Instance of HTMLPurifier_DoctypeRegistry. More...
 
 $doctype
 Instance of current doctype. More...
 
 $attrTypes
 Instance of HTMLPurifier_AttrTypes. More...
 
 $modules = array()
 Active instances of modules for the specified doctype are indexed, by name, in this array. More...
 
 $registeredModules = array()
 Array of recognized HTMLPurifier_Module instances, indexed by module's class name. More...
 
 $userModules = array()
 List of extra modules that were added by the user using addModule(). More...
 
 $elementLookup = array()
 Associative array of element name to list of modules that have definitions for the element; this array is dynamically filled. More...
 
 $prefixes = array('HTMLPurifier_HTMLModule_')
 List of prefixes we should use for registering small names. More...
 
 $contentSets
 Instance of HTMLPurifier_ContentSets. More...
 
 $attrCollections
 Instance of HTMLPurifier_AttrCollections. More...
 
 $trusted = false
 If set to true, unsafe elements and attributes will be allowed. More...
 

Detailed Description

Definition at line 3 of file HTMLModuleManager.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier_HTMLModuleManager::__construct ( )

Definition at line 56 of file HTMLModuleManager.php.

56  {
57 
58  // editable internal objects
59  $this->attrTypes = new HTMLPurifier_AttrTypes();
60  $this->doctypes = new HTMLPurifier_DoctypeRegistry();
61 
62  // setup basic modules
63  $common = array(
64  'CommonAttributes', 'Text', 'Hypertext', 'List',
65  'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
66  'StyleAttribute',
67  // Unsafe:
68  'Scripting', 'Object', 'Forms',
69  // Sorta legacy, but present in strict:
70  'Name',
71  );
72  $transitional = array('Legacy', 'Target', 'Iframe');
73  $xml = array('XMLCommonAttributes');
74  $non_xml = array('NonXMLCommonAttributes');
75 
76  // setup basic doctypes
77  $this->doctypes->register(
78  'HTML 4.01 Transitional', false,
79  array_merge($common, $transitional, $non_xml),
80  array('Tidy_Transitional', 'Tidy_Proprietary'),
81  array(),
82  '-//W3C//DTD HTML 4.01 Transitional//EN',
83  'http://www.w3.org/TR/html4/loose.dtd'
84  );
85 
86  $this->doctypes->register(
87  'HTML 4.01 Strict', false,
88  array_merge($common, $non_xml),
89  array('Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
90  array(),
91  '-//W3C//DTD HTML 4.01//EN',
92  'http://www.w3.org/TR/html4/strict.dtd'
93  );
94 
95  $this->doctypes->register(
96  'XHTML 1.0 Transitional', true,
97  array_merge($common, $transitional, $xml, $non_xml),
98  array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Name'),
99  array(),
100  '-//W3C//DTD XHTML 1.0 Transitional//EN',
101  'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
102  );
103 
104  $this->doctypes->register(
105  'XHTML 1.0 Strict', true,
106  array_merge($common, $xml, $non_xml),
107  array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
108  array(),
109  '-//W3C//DTD XHTML 1.0 Strict//EN',
110  'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'
111  );
112 
113  $this->doctypes->register(
114  'XHTML 1.1', true,
115  // Iframe is a real XHTML 1.1 module, despite being
116  // "transitional"!
117  array_merge($common, $xml, array('Ruby', 'Iframe')),
118  array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict', 'Tidy_Name'), // Tidy_XHTML1_1
119  array(),
120  '-//W3C//DTD XHTML 1.1//EN',
121  'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'
122  );
123 
124  }
HTMLPurifier_DoctypeRegistry
Definition: DoctypeRegistry.php:3
HTMLPurifier_AttrTypes
Provides lookup array of attribute types to HTMLPurifier_AttrDef objects.
Definition: AttrTypes.php:6

Member Function Documentation

◆ addModule()

HTMLPurifier_HTMLModuleManager::addModule (   $module)

Adds a module to the current doctype by first registering it, and then tacking it on to the active doctype.

Definition at line 183 of file HTMLModuleManager.php.

References registerModule().

183  {
184  $this->registerModule($module);
185  if (is_object($module)) $module = $module->name;
186  $this->userModules[] = $module;
187  }
HTMLPurifier_HTMLModuleManager\registerModule
registerModule($module, $overload=false)
Registers a module to the recognized module list, useful for overloading pre-existing modules...
Definition: HTMLModuleManager.php:147
+ Here is the call graph for this function:

◆ addPrefix()

HTMLPurifier_HTMLModuleManager::addPrefix (   $prefix)

Adds a class prefix that registerModule() will use to resolve a string name to a concrete class.

Definition at line 193 of file HTMLModuleManager.php.

193  {
194  $this->prefixes[] = $prefix;
195  }

◆ getElement()

HTMLPurifier_HTMLModuleManager::getElement (   $name,
  $trusted = null 
)

Retrieves a single merged element definition.

Parameters
$nameName of element
$trustedBoolean trusted overriding parameter: set to true if you want the full version of an element
Returns
Merged HTMLPurifier_ElementDef
Note
You may notice that modules are getting iterated over twice (once in getElements() and once here). This is because

Definition at line 338 of file HTMLModuleManager.php.

References $trusted.

Referenced by getElements().

338  {
339 
340  if (!isset($this->elementLookup[$name])) {
341  return false;
342  }
343 
344  // setup global state variables
345  $def = false;
346  if ($trusted === null) $trusted = $this->trusted;
347 
348  // iterate through each module that has registered itself to this
349  // element
350  foreach($this->elementLookup[$name] as $module_name) {
351 
352  $module = $this->modules[$module_name];
353 
354  // refuse to create/merge from a module that is deemed unsafe--
355  // pretend the module doesn't exist--when trusted mode is not on.
356  if (!$trusted && !$module->safe) {
357  continue;
358  }
359 
360  // clone is used because, ideally speaking, the original
361  // definition should not be modified. Usually, this will
362  // make no difference, but for consistency's sake
363  $new_def = clone $module->info[$name];
364 
365  if (!$def && $new_def->standalone) {
366  $def = $new_def;
367  } elseif ($def) {
368  // This will occur even if $new_def is standalone. In practice,
369  // this will usually result in a full replacement.
370  $def->mergeIn($new_def);
371  } else {
372  // :TODO:
373  // non-standalone definitions that don't have a standalone
374  // to merge into could be deferred to the end
375  // HOWEVER, it is perfectly valid for a non-standalone
376  // definition to lack a standalone definition, even
377  // after all processing: this allows us to safely
378  // specify extra attributes for elements that may not be
379  // enabled all in one place. In particular, this might
380  // be the case for trusted elements. WARNING: care must
381  // be taken that the /extra/ definitions are all safe.
382  continue;
383  }
384 
385  // attribute value expansions
386  $this->attrCollections->performInclusions($def->attr);
387  $this->attrCollections->expandIdentifiers($def->attr, $this->attrTypes);
388 
389  // descendants_are_inline, for ChildDef_Chameleon
390  if (is_string($def->content_model) &&
391  strpos($def->content_model, 'Inline') !== false) {
392  if ($name != 'del' && $name != 'ins') {
393  // this is for you, ins/del
394  $def->descendants_are_inline = true;
395  }
396  }
397 
398  $this->contentSets->generateChildDef($def, $module);
399  }
400 
401  // This can occur if there is a blank definition, but no base to
402  // mix it in with
403  if (!$def) return false;
404 
405  // add information on required attributes
406  foreach ($def->attr as $attr_name => $attr_def) {
407  if ($attr_def->required) {
408  $def->required_attr[] = $attr_name;
409  }
410  }
411 
412  return $def;
413 
414  }
HTMLPurifier_HTMLModuleManager\$trusted
$trusted
If set to true, unsafe elements and attributes will be allowed.
Definition: HTMLModuleManager.php:54
+ Here is the caller graph for this function:

◆ getElements()

HTMLPurifier_HTMLModuleManager::getElements ( )

Retrieves merged element definitions.

Returns
Array of HTMLPurifier_ElementDef

Definition at line 307 of file HTMLModuleManager.php.

References $n, and getElement().

307  {
308 
309  $elements = array();
310  foreach ($this->modules as $module) {
311  if (!$this->trusted && !$module->safe) continue;
312  foreach ($module->info as $name => $v) {
313  if (isset($elements[$name])) continue;
314  $elements[$name] = $this->getElement($name);
315  }
316  }
317 
318  // remove dud elements, this happens when an element that
319  // appeared to be safe actually wasn't
320  foreach ($elements as $n => $v) {
321  if ($v === false) unset($elements[$n]);
322  }
323 
324  return $elements;
325 
326  }
HTMLPurifier_HTMLModuleManager\getElement
getElement($name, $trusted=null)
Retrieves a single merged element definition.
Definition: HTMLModuleManager.php:338
$n
$n
Definition: RandomTest.php:80
+ Here is the call graph for this function:

◆ processModule()

HTMLPurifier_HTMLModuleManager::processModule (   $module)

Takes a module and adds it to the active module collection, registering it if necessary.

Definition at line 296 of file HTMLModuleManager.php.

References registerModule().

Referenced by setup().

296  {
297  if (!isset($this->registeredModules[$module]) || is_object($module)) {
298  $this->registerModule($module);
299  }
300  $this->modules[$module] = $this->registeredModules[$module];
301  }
HTMLPurifier_HTMLModuleManager\registerModule
registerModule($module, $overload=false)
Registers a module to the recognized module list, useful for overloading pre-existing modules...
Definition: HTMLModuleManager.php:147
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ registerModule()

HTMLPurifier_HTMLModuleManager::registerModule (   $module,
  $overload = false 
)

Registers a module to the recognized module list, useful for overloading pre-existing modules.

Parameters
$moduleMixed: string module name, with or without HTMLPurifier_HTMLModule prefix, or instance of subclass of HTMLPurifier_HTMLModule.
$overloadBoolean whether or not to overload previous modules. If this is not set, and you do overload a module, HTML Purifier will complain with a warning.
Note
This function will not call autoload, you must instantiate (and thus invoke) autoload outside the method.
If a string is passed as a module name, different variants will be tested in this order:
  • Check for HTMLPurifier_HTMLModule_$name
  • Check all prefixes with $name in order they were added
  • Check for literal object name
  • Throw fatal error If your object name collides with an internal class, specify your module manually. All modules must have been included externally: registerModule will not perform inclusions for you!

Definition at line 147 of file HTMLModuleManager.php.

References $ok.

Referenced by addModule(), and processModule().

147  {
148  if (is_string($module)) {
149  // attempt to load the module
150  $original_module = $module;
151  $ok = false;
152  foreach ($this->prefixes as $prefix) {
153  $module = $prefix . $original_module;
154  if (class_exists($module)) {
155  $ok = true;
156  break;
157  }
158  }
159  if (!$ok) {
160  $module = $original_module;
161  if (!class_exists($module)) {
162  trigger_error($original_module . ' module does not exist',
163  E_USER_ERROR);
164  return;
165  }
166  }
167  $module = new $module();
168  }
169  if (empty($module->name)) {
170  trigger_error('Module instance of ' . get_class($module) . ' must have name');
171  return;
172  }
173  if (!$overload && isset($this->registeredModules[$module->name])) {
174  trigger_error('Overloading ' . $module->name . ' without explicit overload parameter', E_USER_WARNING);
175  }
176  $this->registeredModules[$module->name] = $module;
177  }
+ Here is the caller graph for this function:

◆ setup()

HTMLPurifier_HTMLModuleManager::setup (   $config)

Performs processing on modules, after being called you may use getElement() and getElements()

Parameters
$configInstance of HTMLPurifier_Config

Definition at line 202 of file HTMLModuleManager.php.

References $modules, $n, and processModule().

202  {
203 
204  $this->trusted = $config->get('HTML.Trusted');
205 
206  // generate
207  $this->doctype = $this->doctypes->make($config);
208  $modules = $this->doctype->modules;
209 
210  // take out the default modules that aren't allowed
211  $lookup = $config->get('HTML.AllowedModules');
212  $special_cases = $config->get('HTML.CoreModules');
213 
214  if (is_array($lookup)) {
215  foreach ($modules as $k => $m) {
216  if (isset($special_cases[$m])) continue;
217  if (!isset($lookup[$m])) unset($modules[$k]);
218  }
219  }
220 
221  // custom modules
222  if ($config->get('HTML.Proprietary')) {
223  $modules[] = 'Proprietary';
224  }
225  if ($config->get('HTML.SafeObject')) {
226  $modules[] = 'SafeObject';
227  }
228  if ($config->get('HTML.SafeEmbed')) {
229  $modules[] = 'SafeEmbed';
230  }
231  if ($config->get('HTML.SafeScripting') !== array()) {
232  $modules[] = 'SafeScripting';
233  }
234  if ($config->get('HTML.Nofollow')) {
235  $modules[] = 'Nofollow';
236  }
237  if ($config->get('HTML.TargetBlank')) {
238  $modules[] = 'TargetBlank';
239  }
240 
241  // merge in custom modules
242  $modules = array_merge($modules, $this->userModules);
243 
244  foreach ($modules as $module) {
245  $this->processModule($module);
246  $this->modules[$module]->setup($config);
247  }
248 
249  foreach ($this->doctype->tidyModules as $module) {
250  $this->processModule($module);
251  $this->modules[$module]->setup($config);
252  }
253 
254  // prepare any injectors
255  foreach ($this->modules as $module) {
256  $n = array();
257  foreach ($module->info_injector as $i => $injector) {
258  if (!is_object($injector)) {
259  $class = "HTMLPurifier_Injector_$injector";
260  $injector = new $class;
261  }
262  $n[$injector->name] = $injector;
263  }
264  $module->info_injector = $n;
265  }
266 
267  // setup lookup table based on all valid modules
268  foreach ($this->modules as $module) {
269  foreach ($module->info as $name => $def) {
270  if (!isset($this->elementLookup[$name])) {
271  $this->elementLookup[$name] = array();
272  }
273  $this->elementLookup[$name][] = $module->name;
274  }
275  }
276 
277  // note the different choice
278  $this->contentSets = new HTMLPurifier_ContentSets(
279  // content set assembly deals with all possible modules,
280  // not just ones deemed to be "safe"
281  $this->modules
282  );
283  $this->attrCollections = new HTMLPurifier_AttrCollections(
284  $this->attrTypes,
285  // there is no way to directly disable a global attribute,
286  // but using AllowedAttributes or simply not including
287  // the module in your custom doctype should be sufficient
288  $this->modules
289  );
290  }
HTMLPurifier_HTMLModuleManager\processModule
processModule($module)
Takes a module and adds it to the active module collection, registering it if necessary.
Definition: HTMLModuleManager.php:296
HTMLPurifier_HTMLModuleManager\$modules
$modules
Active instances of modules for the specified doctype are indexed, by name, in this array...
Definition: HTMLModuleManager.php:25
$n
$n
Definition: RandomTest.php:80
HTMLPurifier_AttrCollections
Defines common attribute collections that modules reference.
Definition: AttrCollections.php:7
HTMLPurifier_ContentSets
Definition: ContentSets.php:6
+ Here is the call graph for this function:

Field Documentation

◆ $attrCollections

HTMLPurifier_HTMLModuleManager::$attrCollections

Instance of HTMLPurifier_AttrCollections.

Definition at line 51 of file HTMLModuleManager.php.

◆ $attrTypes

HTMLPurifier_HTMLModuleManager::$attrTypes

Instance of HTMLPurifier_AttrTypes.

Definition at line 19 of file HTMLModuleManager.php.

◆ $contentSets

HTMLPurifier_HTMLModuleManager::$contentSets

Instance of HTMLPurifier_ContentSets.

Definition at line 50 of file HTMLModuleManager.php.

◆ $doctype

HTMLPurifier_HTMLModuleManager::$doctype

Instance of current doctype.

Definition at line 14 of file HTMLModuleManager.php.

◆ $doctypes

HTMLPurifier_HTMLModuleManager::$doctypes

Instance of HTMLPurifier_DoctypeRegistry.

Definition at line 9 of file HTMLModuleManager.php.

◆ $elementLookup

HTMLPurifier_HTMLModuleManager::$elementLookup = array()

Associative array of element name to list of modules that have definitions for the element; this array is dynamically filled.

Definition at line 45 of file HTMLModuleManager.php.

◆ $modules

HTMLPurifier_HTMLModuleManager::$modules = array()

Active instances of modules for the specified doctype are indexed, by name, in this array.

Definition at line 25 of file HTMLModuleManager.php.

Referenced by setup().

◆ $prefixes

HTMLPurifier_HTMLModuleManager::$prefixes = array('HTMLPurifier_HTMLModule_')

List of prefixes we should use for registering small names.

Definition at line 48 of file HTMLModuleManager.php.

◆ $registeredModules

HTMLPurifier_HTMLModuleManager::$registeredModules = array()

Array of recognized HTMLPurifier_Module instances, indexed by module's class name.

This array is usually lazy loaded, but a user can overload a module by pre-emptively registering it.

Definition at line 32 of file HTMLModuleManager.php.

◆ $trusted

HTMLPurifier_HTMLModuleManager::$trusted = false

If set to true, unsafe elements and attributes will be allowed.

Definition at line 54 of file HTMLModuleManager.php.

Referenced by getElement().

◆ $userModules

HTMLPurifier_HTMLModuleManager::$userModules = array()

List of extra modules that were added by the user using addModule().

These get unconditionally merged into the current doctype, whatever it may be.

Definition at line 39 of file HTMLModuleManager.php.

The documentation for this class was generated from the following file: