Development

Changeset 32955

You must first sign up to be able to contribute.

Changeset 32955

Show
Ignore:
Timestamp:
08/26/11 20:09:33 (3 years ago)
Author:
heristop
Message:

[sfXssSafePlugin] following htmlpurifier doc for migration

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • plugins/sfXssSafePlugin/trunk/LICENSE

    r32954 r32955  
    11Copyright (c) 2008-2011 Alexandre Mogère 
    22 
    3 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 
     3Permission is hereby granted, free of charge, to any person obtaining a copy 
     4of this software and associated documentation files (the "Software"), to deal 
     5in the Software without restriction, including without limitation the rights 
     6to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
     7copies of the Software, and to permit persons to whom the Software is furnished 
     8to do so, subject to the following conditions: 
    49 
    5 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 
     10The above copyright notice and this permission notice shall be included in all 
     11copies or substantial portions of the Software. 
    612 
    7 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
     13THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
     14IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
     15FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
     16AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
     17LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
     18OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
     19THE SOFTWARE. 
  • plugins/sfXssSafePlugin/trunk/lib/sfXssSafe.class.php

    r27745 r32955  
    11<?php 
     2 
     3/* 
     4 * This file is part of sfXssSafePlugin. 
     5 * 
     6 * (c) Alexandre Mogère 
     7 * 
     8 * This source file is subject to the MIT license that is bundled 
     9 * with this source code in the file LICENSE. 
     10 */ 
    211 
    312class sfXssSafe 
     
    2332      // sets configuration 
    2433      $config        = HTMLPurifier_Config::createDefault(); 
    25    
    2634      $definitions   = sfConfig::get('app_sfXssSafePlugin_definition'); 
     35     
    2736      if (!empty($definitions)) 
    2837      { 
     
    4150                } 
    4251                // customizable attributes 
    43                 else if($directive == 'Attribute') 
     52                else if ($directive == 'Attribute') 
    4453                { 
    4554                  $attributes = $values; 
     
    4958              else 
    5059              { 
    51                 if (($def == 'AutoFormat' && $directive == 'Custom') 
    52                     && 
     60                if ($def == 'AutoFormat' &&  
     61                 $directive == 'Custom' && 
    5362                  !class_exists("HTMLPurifier_Injector_$values")) 
    5463                { 
     
    6473   
    6574      // deactivated cache for dev environment 
    66       $env = sfConfig::get('sf_environment'); 
    67       if ($env == 'dev' || $env == 'test') 
     75      if (in_array(sfConfig::get('sf_environment'), array('dev', 'test'))) 
    6876      { 
    6977        // turns off cache 
     
    7886      if ($hasCustom) 
    7987      { 
    80         $def = $config->getHTMLDefinition(true); 
    81  
    82         // adds custom elements 
    83         if (!empty($elements)) 
    84         { 
    85           foreach ($elements as $name => $element) 
    86           { 
    87             $name = strtolower($name); 
    88             ${$name} = $def->addElement( 
    89               $name, 
    90               $element['type'], 
    91               $element['contents'], 
    92               $element['attr_includes'], 
    93               $element['attr'] 
    94             ); 
    95             $factory = 'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator'; 
    96             if (class_exists($factory)) 
    97             { 
    98               ${$name}->attr_transform_post[] = new $factory(); 
    99             } 
    100           } 
    101         } 
    102    
     88        if ($def = $config->maybeGetRawHTMLDefinition())  
     89        { 
     90          // adds custom elements 
     91          if (!empty($elements)) 
     92          { 
     93            foreach ($elements as $name => $element) 
     94            { 
     95              $name = strtolower($name); 
     96              ${$name} = $def->addElement( 
     97                $name, 
     98                $element['type'], 
     99                $element['contents'], 
     100                $element['attr_includes'], 
     101                $element['attr'] 
     102              ); 
     103               
     104              $factory = 'HTMLPurifier_AttrTransform_'.ucfirst($name).'Validator'; 
     105              if (class_exists($factory)) 
     106              { 
     107                ${$name}->attr_transform_post[] = new $factory(); 
     108              } 
     109            } 
     110          } 
     111        } 
     112         
    103113        // adds custom attributs 
    104114        if (!empty($attributes)) 
     
    106116          foreach ($attributes as $name => $attr) 
    107117          { 
    108             $name = strtolower($name); 
    109             ${$name} = $def->addAttribute( 
    110               $name, 
    111               $attr['attr_name'], 
    112               $attr['def'] 
    113             ); 
    114           } 
     118           $name = strtolower($name); 
     119           ${$name} = $def->addAttribute( 
     120             $name, 
     121             $attr['attr_name'], 
     122             $attr['def'] 
     123           ); 
     124         } 
    115125        } 
    116126      } 
  • plugins/sfXssSafePlugin/trunk/test/unit/XssSafeTest.php

    r27542 r32955  
    155155  'IMG Embedded commands 1' => array( 
    156156    'input'   => '<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">', 
    157     'output'  => '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciouscode" />' 
     157    'output'  => '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciousc" />' 
    158158  ), 
    159159  'IMG STYLE w/expression' => array(