X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSanitizer.php;h=4fc32099020423d7caa435d567897d339dbd1d16;hb=20b7696494572b6ce8b7bd70d63cdc186484d5af;hp=8179905640d5a65aad367ab991f77636825b881e;hpb=cdc391b16db021e71e6ca9c00f2b7d341c1ca5f8;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 8179905640..4fc3209902 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -454,15 +454,13 @@ class Sanitizer { public static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) { - global $wgUseTidy; - extract( self::getRecognizedTagData( $extratags, $removetags ) ); # Remove HTML comments $text = Sanitizer::removeHTMLcomments( $text ); $bits = explode( '<', $text ); $text = str_replace( '>', '>', array_shift( $bits ) ); - if ( !$wgUseTidy ) { + if ( !MWTidy::isEnabled() ) { $tagstack = $tablestack = array(); foreach ( $bits as $x ) { $regs = array(); @@ -478,7 +476,8 @@ class Sanitizer { } $badtag = false; - if ( isset( $htmlelements[$t = strtolower( $t )] ) ) { + $t = strtolower( $t ); + if ( isset( $htmlelements[$t] ) ) { # Check our stack if ( $slash && isset( $htmlsingleonly[$t] ) ) { $badtag = true; @@ -538,7 +537,7 @@ class Sanitizer { $badtag = true; } elseif ( in_array( $t, $tagstack ) && !isset( $htmlnest[$t] ) ) { $badtag = true; - # Is it a self closed htmlpair ? (bug 5487) + #  Is it a self closed htmlpair ? (bug 5487) } elseif ( $brace == '/>' && isset( $htmlpairs[$t] ) ) { $badtag = true; } elseif ( isset( $htmlsingleonly[$t] ) ) { @@ -598,7 +597,8 @@ class Sanitizer { list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs; $badtag = false; - if ( isset( $htmlelements[$t = strtolower( $t )] ) ) { + $t = strtolower( $t ); + if ( isset( $htmlelements[$t] ) ) { if ( is_callable( $processCallback ) ) { call_user_func_array( $processCallback, array( &$params, $args ) ); } @@ -740,7 +740,7 @@ class Sanitizer { $out = array(); foreach ( $attribs as $attribute => $value ) { - #allow XML namespace declaration if RDFa is enabled + # allow XML namespace declaration if RDFa is enabled if ( $wgAllowRdfaAttributes && preg_match( self::XMLNS_ATTRIBUTE_PATTERN, $attribute ) ) { if ( !preg_match( self::EVIL_URI_PATTERN, $value ) ) { $out[$attribute] = $value; @@ -786,7 +786,7 @@ class Sanitizer { || $attribute === 'itemref' || $attribute === 'itemscope' || $attribute === 'itemtype' ) { - //Paranoia. Allow "simple" values but suppress javascript + // Paranoia. Allow "simple" values but suppress javascript if ( preg_match( self::EVIL_URI_PATTERN, $value ) ) { continue; } @@ -796,7 +796,7 @@ class Sanitizer { # validation code that can be used by tag hook handlers, etc if ( $attribute === 'href' || $attribute === 'src' ) { if ( !preg_match( $hrefExp, $value ) ) { - continue; //drop any href or src attributes not using an allowed protocol. + continue; // drop any href or src attributes not using an allowed protocol. // NOTE: this also drops all relative URLs } } @@ -1631,7 +1631,7 @@ class Sanitizer { # 10.2 'ul' => array_merge( $common, array( 'type' ) ), - 'ol' => array_merge( $common, array( 'type', 'start' ) ), + 'ol' => array_merge( $common, array( 'type', 'start', 'reversed' ) ), 'li' => array_merge( $common, array( 'type', 'value' ) ), # 10.3 @@ -1699,7 +1699,7 @@ class Sanitizer { # rbc 'rb' => $common, 'rp' => $common, - 'rt' => $common, #array_merge( $common, array( 'rbspan' ) ), + 'rt' => $common, # array_merge( $common, array( 'rbspan' ) ), 'rtc' => $common, # MathML root element, where used for extensions @@ -1809,7 +1809,9 @@ class Sanitizer { $host = preg_replace( $strip, '', $host ); // IPv6 host names are bracketed with []. Url-decode these. - if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B([0-9A-Fa-f:.]+)%5D((:\d+)?)$!', $host, $matches ) ) { + if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && + preg_match( '!^//%5B([0-9A-Fa-f:.]+)%5D((:\d+)?)$!', $host, $matches ) + ) { $host = '//[' . $matches[1] . ']' . $matches[2]; }