| author | Dan |
| Sat, 23 Jun 2007 10:16:53 -0400 | |
| changeset 16 | 64e0d3d4cf14 |
| parent 1 | fe660c52c48f |
| child 21 | 663fcf528726 |
| permissions | -rw-r--r-- |
| 1 | 1 |
<?php |
2 |
||
3 |
/** |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
1
diff
changeset
|
5 |
* Version 1.0 release candidate 3 (Druid) |
| 1 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
* |
|
14 |
* This script contains code originally found in MediaWiki (http://www.mediawiki.org). MediaWiki is also licensed under |
|
15 |
* the GPLv2; see the file GPL included with this package for details. |
|
16 |
* |
|
17 |
* We're using the MW parser because the Text_Wiki version simply refused to work under PHP 5.2.0. Porting this was |
|
18 |
* _not_ easy. <leaves to get cup of coffee> |
|
19 |
*/ |
|
20 |
||
21 |
global $mStripState, $wgRandomKey; |
|
22 |
$mStripState = Array(); |
|
23 |
||
24 |
$attrib = '[a-zA-Z0-9]'; |
|
25 |
$space = '[\x09\x0a\x0d\x20]'; |
|
26 |
||
27 |
define( 'MW_CHAR_REFS_REGEX', |
|
28 |
'/&([A-Za-z0-9]+); |
|
29 |
|&\#([0-9]+); |
|
30 |
|&\#x([0-9A-Za-z]+); |
|
31 |
|&\#X([0-9A-Za-z]+); |
|
32 |
|(&)/x' ); |
|
33 |
||
34 |
define( 'MW_ATTRIBS_REGEX', |
|
35 |
"/(?:^|$space)($attrib+) |
|
36 |
($space*=$space* |
|
37 |
(?: |
|
38 |
# The attribute value: quoted or alone |
|
39 |
".'"'."([^<".'"'."]*)".'"'." |
|
40 |
| '([^<']*)' |
|
41 |
| ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
|
|
42 |
| (\#[0-9a-fA-F]+) # Technically wrong, but lots of |
|
43 |
# colors are specified like this. |
|
44 |
# We'll be normalizing it. |
|
45 |
) |
|
46 |
)?(?=$space|\$)/sx" ); |
|
47 |
||
48 |
/** |
|
49 |
* emulate mediawiki parser, including stripping, etc. |
|
50 |
* |
|
51 |
* @param string $text the text to parse |
|
52 |
* @return string |
|
53 |
* @access public |
|
54 |
*/ |
|
55 |
||
56 |
function process_tables( $text ) |
|
57 |
{
|
|
58 |
// include some globals, do some parser stuff that would normally be done in the parent parser function |
|
59 |
global $mStripState; |
|
60 |
$x =& $mStripState; |
|
61 |
//$text = mwStrip( $text, $x ); |
|
62 |
||
63 |
// parse the text |
|
64 |
$text = doTableStuff($text); |
|
65 |
||
66 |
// Unstrip it |
|
67 |
// $text = unstrip( $text, $mStripState ); |
|
68 |
// $text = unstripNoWiki( $text, $mStripState ); |
|
69 |
//die('<pre>'.print_r($mStripState, true).'</pre>');
|
|
70 |
return $text; |
|
71 |
} |
|
72 |
||
73 |
/** |
|
74 |
* parse the wiki syntax used to render tables |
|
75 |
* |
|
76 |
* @param string $t the text to parse |
|
77 |
* @return string |
|
78 |
* @access private |
|
79 |
*/ |
|
80 |
function doTableStuff( $t ) {
|
|
81 |
||
82 |
$t = explode ( "\n" , $t ) ; |
|
83 |
$td = array () ; # Is currently a td tag open? |
|
84 |
$ltd = array () ; # Was it TD or TH? |
|
85 |
$tr = array () ; # Is currently a tr tag open? |
|
86 |
$ltr = array () ; # tr attributes |
|
87 |
$has_opened_tr = array(); # Did this table open a <tr> element? |
|
88 |
$indent_level = 0; # indent level of the table |
|
89 |
foreach ( $t AS $k => $x ) |
|
90 |
{
|
|
91 |
$x = trim ( $x ) ; |
|
92 |
$fc = substr ( $x , 0 , 1 ) ; |
|
93 |
if ( preg_match( '/^(:*)\{\|(.*)$/', $x, $matches ) ) {
|
|
94 |
$indent_level = strlen( $matches[1] ); |
|
95 |
||
96 |
$attributes = unstripForHTML( $matches[2] ); |
|
97 |
||
98 |
$t[$k] = str_repeat( '<dl><dd>', $indent_level ) . |
|
99 |
'<nowiki><table' . fixTagAttributes( $attributes, 'table' ) . '></nowiki>' ; |
|
100 |
array_push ( $td , false ) ; |
|
101 |
array_push ( $ltd , '' ) ; |
|
102 |
array_push ( $tr , false ) ; |
|
103 |
array_push ( $ltr , '' ) ; |
|
104 |
array_push ( $has_opened_tr, false ); |
|
105 |
} |
|
106 |
else if ( count ( $td ) == 0 ) { } # Don't do any of the following
|
|
107 |
else if ( '|}' == substr ( $x , 0 , 2 ) ) {
|
|
108 |
$z = "<nowiki></table></nowiki>" . substr ( $x , 2); |
|
109 |
$l = array_pop ( $ltd ) ; |
|
110 |
if ( !array_pop ( $has_opened_tr ) ) $z = "<nowiki><tr><td></td></tr></nowiki>" . $z ; |
|
111 |
if ( array_pop ( $tr ) ) $z = '<nowiki></tr></nowiki>' . $z ; |
|
112 |
if ( array_pop ( $td ) ) $z = '<nowiki></'.$l.'></nowiki>' . $z ; |
|
113 |
array_pop ( $ltr ) ; |
|
114 |
$t[$k] = $z . str_repeat( '<nowiki></dd></dl></nowiki>', $indent_level ); |
|
115 |
} |
|
116 |
else if ( '|-' == substr ( $x , 0 , 2 ) ) { # Allows for |---------------
|
|
117 |
$x = substr ( $x , 1 ) ; |
|
118 |
while ( $x != '' && substr ( $x , 0 , 1 ) == '-' ) $x = substr ( $x , 1 ) ; |
|
119 |
$z = '' ; |
|
120 |
$l = array_pop ( $ltd ) ; |
|
121 |
array_pop ( $has_opened_tr ); |
|
122 |
array_push ( $has_opened_tr , true ) ; |
|
123 |
if ( array_pop ( $tr ) ) $z = '<nowiki></tr></nowiki>' . $z ; |
|
124 |
if ( array_pop ( $td ) ) $z = '<nowiki></'.$l.'></nowiki>' . $z ; |
|
125 |
array_pop ( $ltr ) ; |
|
126 |
$t[$k] = $z ; |
|
127 |
array_push ( $tr , false ) ; |
|
128 |
array_push ( $td , false ) ; |
|
129 |
array_push ( $ltd , '' ) ; |
|
130 |
$attributes = unstripForHTML( $x ); |
|
131 |
array_push ( $ltr , fixTagAttributes( $attributes, 'tr' ) ) ; |
|
132 |
} |
|
133 |
else if ( '|' == $fc || '!' == $fc || '|+' == substr ( $x , 0 , 2 ) ) { # Caption
|
|
134 |
# $x is a table row |
|
135 |
if ( '|+' == substr ( $x , 0 , 2 ) ) {
|
|
136 |
$fc = '+' ; |
|
137 |
$x = substr ( $x , 1 ) ; |
|
138 |
} |
|
139 |
$after = substr ( $x , 1 ) ; |
|
140 |
if ( $fc == '!' ) $after = str_replace ( '!!' , '||' , $after ) ; |
|
141 |
||
142 |
// Split up multiple cells on the same line. |
|
143 |
// FIXME: This can result in improper nesting of tags processed |
|
144 |
// by earlier parser steps, but should avoid splitting up eg |
|
145 |
// attribute values containing literal "||". |
|
146 |
$after = wfExplodeMarkup( '||', $after ); |
|
147 |
||
148 |
$t[$k] = '' ; |
|
149 |
||
150 |
# Loop through each table cell |
|
151 |
foreach ( $after AS $theline ) |
|
152 |
{
|
|
153 |
$z = '' ; |
|
154 |
if ( $fc != '+' ) |
|
155 |
{
|
|
156 |
$tra = array_pop ( $ltr ) ; |
|
157 |
if ( !array_pop ( $tr ) ) $z = '<nowiki><tr'.$tra."></nowiki>\n" ; |
|
158 |
array_push ( $tr , true ) ; |
|
159 |
array_push ( $ltr , '' ) ; |
|
160 |
array_pop ( $has_opened_tr ); |
|
161 |
array_push ( $has_opened_tr , true ) ; |
|
162 |
} |
|
163 |
||
164 |
$l = array_pop ( $ltd ) ; |
|
165 |
if ( array_pop ( $td ) ) $z = '<nowiki></'.$l.'></nowiki>' . $z ; |
|
166 |
if ( $fc == '|' ) $l = 'td' ; |
|
167 |
else if ( $fc == '!' ) $l = 'th' ; |
|
168 |
else if ( $fc == '+' ) $l = 'caption' ; |
|
169 |
else $l = '' ; |
|
170 |
array_push ( $ltd , $l ) ; |
|
171 |
||
172 |
# Cell parameters |
|
173 |
$y = explode ( '|' , $theline , 2 ) ; |
|
174 |
# Note that a '|' inside an invalid link should not |
|
175 |
# be mistaken as delimiting cell parameters |
|
176 |
if ( strpos( $y[0], '[[' ) !== false ) {
|
|
177 |
$y = array ($theline); |
|
178 |
} |
|
179 |
if ( count ( $y ) == 1 ) |
|
180 |
$y = "{$z}<nowiki><{$l}></nowiki>{$y[0]}" ;
|
|
181 |
else {
|
|
182 |
$attributes = unstripForHTML( $y[0] ); |
|
183 |
$y = "{$z}<nowiki><{$l}".fixTagAttributes($attributes, $l)."></nowiki>{$y[1]}" ;
|
|
184 |
} |
|
185 |
$t[$k] .= $y ; |
|
186 |
array_push ( $td , true ) ; |
|
187 |
} |
|
188 |
} |
|
189 |
} |
|
190 |
||
191 |
# Closing open td, tr && table |
|
192 |
while ( count ( $td ) > 0 ) |
|
193 |
{
|
|
194 |
$l = array_pop ( $ltd ) ; |
|
195 |
if ( array_pop ( $td ) ) $t[] = '<nowiki></td></nowiki>' ; |
|
196 |
if ( array_pop ( $tr ) ) $t[] = '<nowiki></tr></nowiki>' ; |
|
197 |
if ( !array_pop ( $has_opened_tr ) ) $t[] = "<nowiki><tr><td></td></tr></nowiki>" ; |
|
198 |
$t[] = '<nowiki></table></nowiki>' ; |
|
199 |
} |
|
200 |
||
201 |
$t = implode ( "\n" , $t ) ; |
|
202 |
||
203 |
# special case: don't return empty table |
|
204 |
if($t == "<nowiki><table></nowiki>\n<nowiki><tr><td></td></tr></nowiki>\n<nowiki></table></nowiki>") |
|
205 |
$t = ''; |
|
206 |
return $t ; |
|
207 |
} |
|
208 |
||
209 |
/** |
|
210 |
* Take a tag soup fragment listing an HTML element's attributes |
|
211 |
* and normalize it to well-formed XML, discarding unwanted attributes. |
|
212 |
* Output is safe for further wikitext processing, with escaping of |
|
213 |
* values that could trigger problems. |
|
214 |
* |
|
215 |
* - Normalizes attribute names to lowercase |
|
216 |
* - Discards attributes not on a whitelist for the given element |
|
217 |
* - Turns broken or invalid entities into plaintext |
|
218 |
* - Double-quotes all attribute values |
|
219 |
* - Attributes without values are given the name as attribute |
|
220 |
* - Double attributes are discarded |
|
221 |
* - Unsafe style attributes are discarded |
|
222 |
* - Prepends space if there are attributes. |
|
223 |
* |
|
224 |
* @param string $text |
|
225 |
* @param string $element |
|
226 |
* @return string |
|
227 |
*/ |
|
228 |
function fixTagAttributes( $text, $element ) {
|
|
229 |
if( trim( $text ) == '' ) {
|
|
230 |
return ''; |
|
231 |
} |
|
232 |
||
233 |
$stripped = validateTagAttributes( |
|
234 |
decodeTagAttributes( $text ), $element ); |
|
235 |
||
236 |
$attribs = array(); |
|
237 |
foreach( $stripped as $attribute => $value ) {
|
|
238 |
$encAttribute = htmlspecialchars( $attribute ); |
|
239 |
$encValue = safeEncodeAttribute( $value ); |
|
240 |
||
241 |
$attribs[] = "$encAttribute=".'"'."$encValue".'"'.""; // " |
|
242 |
} |
|
243 |
return count( $attribs ) ? ' ' . implode( ' ', $attribs ) : ''; |
|
244 |
} |
|
245 |
||
246 |
/** |
|
247 |
* Encode an attribute value for HTML tags, with extra armoring |
|
248 |
* against further wiki processing. |
|
249 |
* @param $text |
|
250 |
* @return HTML-encoded text fragment |
|
251 |
*/ |
|
252 |
function safeEncodeAttribute( $text ) {
|
|
253 |
$encValue= encodeAttribute( $text ); |
|
254 |
||
255 |
# Templates and links may be expanded in later parsing, |
|
256 |
# creating invalid or dangerous output. Suppress this. |
|
257 |
$encValue = strtr( $encValue, array( |
|
258 |
'<' => '<', // This should never happen, |
|
259 |
'>' => '>', // we've received invalid input |
|
260 |
'"' => '"', // which should have been escaped. |
|
261 |
'{' => '{',
|
|
262 |
'[' => '[', |
|
263 |
"''" => '''', |
|
264 |
'ISBN' => 'ISBN', |
|
265 |
'RFC' => 'RFC', |
|
266 |
'PMID' => 'PMID', |
|
267 |
'|' => '|', |
|
268 |
'__' => '__', |
|
269 |
) ); |
|
270 |
||
271 |
return $encValue; |
|
272 |
} |
|
273 |
||
274 |
/** |
|
275 |
* Encode an attribute value for HTML output. |
|
276 |
* @param $text |
|
277 |
* @return HTML-encoded text fragment |
|
278 |
*/ |
|
279 |
function encodeAttribute( $text ) {
|
|
280 |
$encValue = htmlspecialchars( $text ); |
|
281 |
||
282 |
// Whitespace is normalized during attribute decoding, |
|
283 |
// so if we've been passed non-spaces we must encode them |
|
284 |
// ahead of time or they won't be preserved. |
|
285 |
$encValue = strtr( $encValue, array( |
|
286 |
"\n" => ' ', |
|
287 |
"\r" => ' ', |
|
288 |
"\t" => '	', |
|
289 |
) ); |
|
290 |
||
291 |
return $encValue; |
|
292 |
} |
|
293 |
||
294 |
function unstripForHTML( $text ) {
|
|
295 |
global $mStripState; |
|
296 |
$text = unstrip( $text, $mStripState ); |
|
297 |
$text = unstripNoWiki( $text, $mStripState ); |
|
298 |
return $text; |
|
299 |
} |
|
300 |
||
301 |
/** |
|
302 |
* Always call this after unstrip() to preserve the order |
|
303 |
* |
|
304 |
* @private |
|
305 |
*/ |
|
306 |
function unstripNoWiki( $text, &$state ) {
|
|
307 |
if ( !isset( $state['nowiki'] ) ) {
|
|
308 |
return $text; |
|
309 |
} |
|
310 |
||
311 |
# TODO: good candidate for FSS |
|
312 |
$text = strtr( $text, $state['nowiki'] ); |
|
313 |
||
314 |
return $text; |
|
315 |
} |
|
316 |
||
317 |
/** |
|
318 |
* Take an array of attribute names and values and normalize or discard |
|
319 |
* illegal values for the given element type. |
|
320 |
* |
|
321 |
* - Discards attributes not on a whitelist for the given element |
|
322 |
* - Unsafe style attributes are discarded |
|
323 |
* |
|
324 |
* @param array $attribs |
|
325 |
* @param string $element |
|
326 |
* @return array |
|
327 |
* |
|
328 |
* @todo Check for legal values where the DTD limits things. |
|
329 |
* @todo Check for unique id attribute :P |
|
330 |
*/ |
|
331 |
function validateTagAttributes( $attribs, $element ) {
|
|
332 |
$whitelist = array_flip( attributeWhitelist( $element ) ); |
|
333 |
$out = array(); |
|
334 |
foreach( $attribs as $attribute => $value ) {
|
|
335 |
if( !isset( $whitelist[$attribute] ) ) {
|
|
336 |
continue; |
|
337 |
} |
|
338 |
# Strip javascript "expression" from stylesheets. |
|
339 |
# http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp |
|
340 |
if( $attribute == 'style' ) {
|
|
341 |
$value = checkCss( $value ); |
|
342 |
if( $value === false ) {
|
|
343 |
# haxx0r |
|
344 |
continue; |
|
345 |
} |
|
346 |
} |
|
347 |
||
348 |
if ( $attribute === 'id' ) |
|
349 |
$value = escapeId( $value ); |
|
350 |
||
351 |
// If this attribute was previously set, override it. |
|
352 |
// Output should only have one attribute of each name. |
|
353 |
$out[$attribute] = $value; |
|
354 |
} |
|
355 |
return $out; |
|
356 |
} |
|
357 |
||
358 |
/** |
|
359 |
* Pick apart some CSS and check it for forbidden or unsafe structures. |
|
360 |
* Returns a sanitized string, or false if it was just too evil. |
|
361 |
* |
|
362 |
* Currently URL references, 'expression', 'tps' are forbidden. |
|
363 |
* |
|
364 |
* @param string $value |
|
365 |
* @return mixed |
|
366 |
*/ |
|
367 |
function checkCss( $value ) {
|
|
368 |
$stripped = decodeCharReferences( $value ); |
|
369 |
||
370 |
// Remove any comments; IE gets token splitting wrong |
|
371 |
$stripped = preg_replace( '!/\\*.*?\\*/!S', '', $stripped ); |
|
372 |
$value = $stripped; |
|
373 |
||
374 |
// ... and continue checks |
|
375 |
$stripped = preg_replace( '!\\\\([0-9A-Fa-f]{1,6})[ \\n\\r\\t\\f]?!e',
|
|
376 |
'codepointToUtf8(hexdec("$1"))', $stripped );
|
|
377 |
$stripped = str_replace( '\\', '', $stripped ); |
|
378 |
if( preg_match( '/(expression|tps*:\/\/|url\\s*\().*/is', |
|
379 |
$stripped ) ) {
|
|
380 |
# haxx0r |
|
381 |
return false; |
|
382 |
} |
|
383 |
||
384 |
return $value; |
|
385 |
} |
|
386 |
||
387 |
/** |
|
388 |
* Decode any character references, numeric or named entities, |
|
389 |
* in the text and return a UTF-8 string. |
|
390 |
* |
|
391 |
* @param string $text |
|
392 |
* @return string |
|
393 |
* @access public |
|
394 |
* @static |
|
395 |
*/ |
|
396 |
function decodeCharReferences( $text ) {
|
|
397 |
return preg_replace_callback( |
|
398 |
MW_CHAR_REFS_REGEX, |
|
399 |
'decodeCharReferencesCallback', |
|
400 |
$text ); |
|
401 |
} |
|
402 |
||
403 |
/** |
|
404 |
* Fetch the whitelist of acceptable attributes for a given |
|
405 |
* element name. |
|
406 |
* |
|
407 |
* @param string $element |
|
408 |
* @return array |
|
409 |
*/ |
|
410 |
function attributeWhitelist( $element ) {
|
|
411 |
static $list; |
|
412 |
if( !isset( $list ) ) {
|
|
413 |
$list = setupAttributeWhitelist(); |
|
414 |
} |
|
415 |
return isset( $list[$element] ) |
|
416 |
? $list[$element] |
|
417 |
: array(); |
|
418 |
} |
|
419 |
||
420 |
/** |
|
421 |
* @todo Document it a bit |
|
422 |
* @return array |
|
423 |
*/ |
|
424 |
function setupAttributeWhitelist() {
|
|
425 |
$common = array( 'id', 'class', 'lang', 'dir', 'title', 'style' ); |
|
426 |
$block = array_merge( $common, array( 'align' ) ); |
|
427 |
$tablealign = array( 'align', 'char', 'charoff', 'valign' ); |
|
428 |
$tablecell = array( 'abbr', |
|
429 |
'axis', |
|
430 |
'headers', |
|
431 |
'scope', |
|
432 |
'rowspan', |
|
433 |
'colspan', |
|
434 |
'nowrap', # deprecated |
|
435 |
'width', # deprecated |
|
436 |
'height', # deprecated |
|
437 |
'bgcolor' # deprecated |
|
438 |
); |
|
439 |
||
440 |
# Numbers refer to sections in HTML 4.01 standard describing the element. |
|
441 |
# See: http://www.w3.org/TR/html4/ |
|
442 |
$whitelist = array ( |
|
443 |
# 7.5.4 |
|
444 |
'div' => $block, |
|
445 |
'center' => $common, # deprecated |
|
446 |
'span' => $block, # ?? |
|
447 |
||
448 |
# 7.5.5 |
|
449 |
'h1' => $block, |
|
450 |
'h2' => $block, |
|
451 |
'h3' => $block, |
|
452 |
'h4' => $block, |
|
453 |
'h5' => $block, |
|
454 |
'h6' => $block, |
|
455 |
||
456 |
# 7.5.6 |
|
457 |
# address |
|
458 |
||
459 |
# 8.2.4 |
|
460 |
# bdo |
|
461 |
||
462 |
# 9.2.1 |
|
463 |
'em' => $common, |
|
464 |
'strong' => $common, |
|
465 |
'cite' => $common, |
|
466 |
# dfn |
|
467 |
'code' => $common, |
|
468 |
# samp |
|
469 |
# kbd |
|
470 |
'var' => $common, |
|
471 |
# abbr |
|
472 |
# acronym |
|
473 |
||
474 |
# 9.2.2 |
|
475 |
'blockquote' => array_merge( $common, array( 'cite' ) ), |
|
476 |
# q |
|
477 |
||
478 |
# 9.2.3 |
|
479 |
'sub' => $common, |
|
480 |
'sup' => $common, |
|
481 |
||
482 |
# 9.3.1 |
|
483 |
'p' => $block, |
|
484 |
||
485 |
# 9.3.2 |
|
486 |
'br' => array( 'id', 'class', 'title', 'style', 'clear' ), |
|
487 |
||
488 |
# 9.3.4 |
|
489 |
'pre' => array_merge( $common, array( 'width' ) ), |
|
490 |
||
491 |
# 9.4 |
|
492 |
'ins' => array_merge( $common, array( 'cite', 'datetime' ) ), |
|
493 |
'del' => array_merge( $common, array( 'cite', 'datetime' ) ), |
|
494 |
||
495 |
# 10.2 |
|
496 |
'ul' => array_merge( $common, array( 'type' ) ), |
|
497 |
'ol' => array_merge( $common, array( 'type', 'start' ) ), |
|
498 |
'li' => array_merge( $common, array( 'type', 'value' ) ), |
|
499 |
||
500 |
# 10.3 |
|
501 |
'dl' => $common, |
|
502 |
'dd' => $common, |
|
503 |
'dt' => $common, |
|
504 |
||
505 |
# 11.2.1 |
|
506 |
'table' => array_merge( $common, |
|
507 |
array( 'summary', 'width', 'border', 'frame', |
|
508 |
'rules', 'cellspacing', 'cellpadding', |
|
509 |
'align', 'bgcolor', |
|
510 |
) ), |
|
511 |
||
512 |
# 11.2.2 |
|
513 |
'caption' => array_merge( $common, array( 'align' ) ), |
|
514 |
||
515 |
# 11.2.3 |
|
516 |
'thead' => array_merge( $common, $tablealign ), |
|
517 |
'tfoot' => array_merge( $common, $tablealign ), |
|
518 |
'tbody' => array_merge( $common, $tablealign ), |
|
519 |
||
520 |
# 11.2.4 |
|
521 |
'colgroup' => array_merge( $common, array( 'span', 'width' ), $tablealign ), |
|
522 |
'col' => array_merge( $common, array( 'span', 'width' ), $tablealign ), |
|
523 |
||
524 |
# 11.2.5 |
|
525 |
'tr' => array_merge( $common, array( 'bgcolor' ), $tablealign ), |
|
526 |
||
527 |
# 11.2.6 |
|
528 |
'td' => array_merge( $common, $tablecell, $tablealign ), |
|
529 |
'th' => array_merge( $common, $tablecell, $tablealign ), |
|
530 |
||
531 |
# 12.2 |
|
532 |
# added by dan |
|
533 |
'a' => array_merge( $common, array( 'href', 'name' ) ), |
|
534 |
||
535 |
# 13.2 |
|
536 |
# added by dan |
|
537 |
'img' => array_merge( $common, array( 'src', 'width', 'height', 'alt' ) ), |
|
538 |
||
539 |
# 15.2.1 |
|
540 |
'tt' => $common, |
|
541 |
'b' => $common, |
|
542 |
'i' => $common, |
|
543 |
'big' => $common, |
|
544 |
'small' => $common, |
|
545 |
'strike' => $common, |
|
546 |
's' => $common, |
|
547 |
'u' => $common, |
|
548 |
||
549 |
# 15.2.2 |
|
550 |
'font' => array_merge( $common, array( 'size', 'color', 'face' ) ), |
|
551 |
# basefont |
|
552 |
||
553 |
# 15.3 |
|
554 |
'hr' => array_merge( $common, array( 'noshade', 'size', 'width' ) ), |
|
555 |
||
556 |
# XHTML Ruby annotation text module, simple ruby only. |
|
557 |
# http://www.w3c.org/TR/ruby/ |
|
558 |
'ruby' => $common, |
|
559 |
# rbc |
|
560 |
# rtc |
|
561 |
'rb' => $common, |
|
562 |
'rt' => $common, #array_merge( $common, array( 'rbspan' ) ), |
|
563 |
'rp' => $common, |
|
564 |
||
565 |
# For compatibility with the XHTML parser. |
|
566 |
'nowiki' => array(), |
|
567 |
'noinclude' => array(), |
|
568 |
'nodisplay' => array(), |
|
569 |
||
570 |
# XHTML stuff |
|
571 |
'acronym' => $common |
|
572 |
); |
|
573 |
return $whitelist; |
|
574 |
} |
|
575 |
||
576 |
/** |
|
577 |
* Given a value escape it so that it can be used in an id attribute and |
|
578 |
* return it, this does not validate the value however (see first link) |
|
579 |
* |
|
580 |
* @link http://www.w3.org/TR/html401/types.html#type-name Valid characters |
|
581 |
* in the id and |
|
582 |
* name attributes |
|
583 |
* @link http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute |
|
584 |
* |
|
585 |
* @bug 4461 |
|
586 |
* |
|
587 |
* @static |
|
588 |
* |
|
589 |
* @param string $id |
|
590 |
* @return string |
|
591 |
*/ |
|
592 |
function escapeId( $id ) {
|
|
593 |
static $replace = array( |
|
594 |
'%3A' => ':', |
|
595 |
'%' => '.' |
|
596 |
); |
|
597 |
||
598 |
$id = urlencode( decodeCharReferences( strtr( $id, ' ', '_' ) ) ); |
|
599 |
||
600 |
return str_replace( array_keys( $replace ), array_values( $replace ), $id ); |
|
601 |
} |
|
602 |
||
603 |
/** |
|
604 |
* More or less "markup-safe" explode() |
|
605 |
* Ignores any instances of the separator inside <...> |
|
606 |
* @param string $separator |
|
607 |
* @param string $text |
|
608 |
* @return array |
|
609 |
*/ |
|
610 |
function wfExplodeMarkup( $separator, $text ) {
|
|
611 |
$placeholder = "\x00"; |
|
612 |
||
613 |
// Just in case... |
|
614 |
$text = str_replace( $placeholder, '', $text ); |
|
615 |
||
616 |
// Trim stuff |
|
617 |
$replacer = new ReplacerCallback( $separator, $placeholder ); |
|
618 |
$cleaned = preg_replace_callback( '/(<.*?>)/', array( $replacer, 'go' ), $text ); |
|
619 |
||
620 |
$items = explode( $separator, $cleaned ); |
|
621 |
foreach( $items as $i => $str ) {
|
|
622 |
$items[$i] = str_replace( $placeholder, $separator, $str ); |
|
623 |
} |
|
624 |
||
625 |
return $items; |
|
626 |
} |
|
627 |
||
628 |
class ReplacerCallback {
|
|
629 |
function ReplacerCallback( $from, $to ) {
|
|
630 |
$this->from = $from; |
|
631 |
$this->to = $to; |
|
632 |
} |
|
633 |
||
634 |
function go( $matches ) {
|
|
635 |
return str_replace( $this->from, $this->to, $matches[1] ); |
|
636 |
} |
|
637 |
} |
|
638 |
||
639 |
/** |
|
640 |
* Return an associative array of attribute names and values from |
|
641 |
* a partial tag string. Attribute names are forces to lowercase, |
|
642 |
* character references are decoded to UTF-8 text. |
|
643 |
* |
|
644 |
* @param string |
|
645 |
* @return array |
|
646 |
*/ |
|
647 |
function decodeTagAttributes( $text ) {
|
|
648 |
$attribs = array(); |
|
649 |
||
650 |
if( trim( $text ) == '' ) {
|
|
651 |
return $attribs; |
|
652 |
} |
|
653 |
||
654 |
$pairs = array(); |
|
655 |
if( !preg_match_all( |
|
656 |
MW_ATTRIBS_REGEX, |
|
657 |
$text, |
|
658 |
$pairs, |
|
659 |
PREG_SET_ORDER ) ) {
|
|
660 |
return $attribs; |
|
661 |
} |
|
662 |
||
663 |
foreach( $pairs as $set ) {
|
|
664 |
$attribute = strtolower( $set[1] ); |
|
665 |
$value = getTagAttributeCallback( $set ); |
|
666 |
||
667 |
// Normalize whitespace |
|
668 |
$value = preg_replace( '/[\t\r\n ]+/', ' ', $value ); |
|
669 |
$value = trim( $value ); |
|
670 |
||
671 |
// Decode character references |
|
672 |
$attribs[$attribute] = decodeCharReferences( $value ); |
|
673 |
} |
|
674 |
return $attribs; |
|
675 |
} |
|
676 |
||
677 |
/** |
|
678 |
* Pick the appropriate attribute value from a match set from the |
|
679 |
* MW_ATTRIBS_REGEX matches. |
|
680 |
* |
|
681 |
* @param array $set |
|
682 |
* @return string |
|
683 |
* @access private |
|
684 |
*/ |
|
685 |
function getTagAttributeCallback( $set ) {
|
|
686 |
if( isset( $set[6] ) ) {
|
|
687 |
# Illegal #XXXXXX color with no quotes. |
|
688 |
return $set[6]; |
|
689 |
} elseif( isset( $set[5] ) ) {
|
|
690 |
# No quotes. |
|
691 |
return $set[5]; |
|
692 |
} elseif( isset( $set[4] ) ) {
|
|
693 |
# Single-quoted |
|
694 |
return $set[4]; |
|
695 |
} elseif( isset( $set[3] ) ) {
|
|
696 |
# Double-quoted |
|
697 |
return $set[3]; |
|
698 |
} elseif( !isset( $set[2] ) ) {
|
|
699 |
# In XHTML, attributes must have a value. |
|
700 |
# For 'reduced' form, return explicitly the attribute name here. |
|
701 |
return $set[1]; |
|
702 |
} else {
|
|
703 |
die_friendly('Parser error', "<p>Tag conditions not met. This should never happen and is a bug.</p>" );
|
|
704 |
} |
|
705 |
} |
|
706 |
||
707 |
/** |
|
708 |
* Strips and renders nowiki, pre, math, hiero |
|
709 |
* If $render is set, performs necessary rendering operations on plugins |
|
710 |
* Returns the text, and fills an array with data needed in unstrip() |
|
711 |
* If the $state is already a valid strip state, it adds to the state |
|
712 |
* |
|
713 |
* @param bool $stripcomments when set, HTML comments <!-- like this --> |
|
714 |
* will be stripped in addition to other tags. This is important |
|
715 |
* for section editing, where these comments cause confusion when |
|
716 |
* counting the sections in the wikisource |
|
717 |
* |
|
718 |
* @param array dontstrip contains tags which should not be stripped; |
|
719 |
* used to prevent stipping of <gallery> when saving (fixes bug 2700) |
|
720 |
* |
|
721 |
* @access private |
|
722 |
*/ |
|
723 |
function mwStrip( $text, &$state, $stripcomments = false , $dontstrip = array () ) {
|
|
724 |
global $wgRandomKey; |
|
725 |
$render = true; |
|
726 |
||
727 |
$wgRandomKey = "\x07UNIQ" . dechex(mt_rand(0, 0x7fffffff)) . dechex(mt_rand(0, 0x7fffffff)); |
|
728 |
$uniq_prefix =& $wgRandomKey; |
|
729 |
$commentState = array(); |
|
730 |
||
731 |
$elements = array( 'nowiki', 'gallery' ); |
|
732 |
||
733 |
# Removing $dontstrip tags from $elements list (currently only 'gallery', fixing bug 2700) |
|
734 |
foreach ( $elements AS $k => $v ) {
|
|
735 |
if ( !in_array ( $v , $dontstrip ) ) continue; |
|
736 |
unset ( $elements[$k] ); |
|
737 |
} |
|
738 |
||
739 |
$matches = array(); |
|
740 |
$text = extractTagsAndParams( $elements, $text, $matches, $uniq_prefix ); |
|
741 |
||
742 |
foreach( $matches as $marker => $data ) {
|
|
743 |
list( $element, $content, $params, $tag ) = $data; |
|
744 |
if( $render ) {
|
|
745 |
$tagName = strtolower( $element ); |
|
746 |
switch( $tagName ) {
|
|
747 |
case '!--': |
|
748 |
// Comment |
|
749 |
if( substr( $tag, -3 ) == '-->' ) {
|
|
750 |
$output = $tag; |
|
751 |
} else {
|
|
752 |
// Unclosed comment in input. |
|
753 |
// Close it so later stripping can remove it |
|
754 |
$output = "$tag-->"; |
|
755 |
} |
|
756 |
break; |
|
757 |
case 'html': |
|
758 |
if( $wgRawHtml ) {
|
|
759 |
$output = $content; |
|
760 |
break; |
|
761 |
} |
|
762 |
// Shouldn't happen otherwise. :) |
|
763 |
case 'nowiki': |
|
764 |
$output = wfEscapeHTMLTagsOnly( $content ); |
|
765 |
break; |
|
766 |
default: |
|
767 |
} |
|
768 |
} else {
|
|
769 |
// Just stripping tags; keep the source |
|
770 |
$output = $tag; |
|
771 |
} |
|
772 |
||
773 |
// Unstrip the output, because unstrip() is no longer recursive so |
|
774 |
// it won't do it itself |
|
775 |
$output = unstrip( $output, $state ); |
|
776 |
||
777 |
if( !$stripcomments && $element == '!--' ) {
|
|
778 |
$commentState[$marker] = $output; |
|
779 |
} elseif ( $element == 'html' || $element == 'nowiki' ) {
|
|
780 |
$state['nowiki'][$marker] = $output; |
|
781 |
} else {
|
|
782 |
$state['general'][$marker] = $output; |
|
783 |
} |
|
784 |
} |
|
785 |
||
786 |
# Unstrip comments unless explicitly told otherwise. |
|
787 |
# (The comments are always stripped prior to this point, so as to |
|
788 |
# not invoke any extension tags / parser hooks contained within |
|
789 |
# a comment.) |
|
790 |
if ( !$stripcomments ) {
|
|
791 |
// Put them all back and forget them |
|
792 |
$text = strtr( $text, $commentState ); |
|
793 |
} |
|
794 |
||
795 |
return $text; |
|
796 |
} |
|
797 |
||
798 |
/** |
|
799 |
* Replaces all occurrences of HTML-style comments and the given tags |
|
800 |
* in the text with a random marker and returns teh next text. The output |
|
801 |
* parameter $matches will be an associative array filled with data in |
|
802 |
* the form: |
|
803 |
* 'UNIQ-xxxxx' => array( |
|
804 |
* 'element', |
|
805 |
* 'tag content', |
|
806 |
* array( 'param' => 'x' ), |
|
807 |
* '<element param="x">tag content</element>' ) ) |
|
808 |
* |
|
809 |
* @param $elements list of element names. Comments are always extracted. |
|
810 |
* @param $text Source text string. |
|
811 |
* @param $uniq_prefix |
|
812 |
* |
|
813 |
* @access private |
|
814 |
* @static |
|
815 |
*/ |
|
816 |
function extractTagsAndParams($elements, $text, &$matches, $uniq_prefix = ''){
|
|
817 |
static $n = 1; |
|
818 |
$stripped = ''; |
|
819 |
$matches = array(); |
|
820 |
||
821 |
$taglist = implode( '|', $elements ); |
|
822 |
$start = "/<($taglist)(\\s+[^>]*?|\\s*?)(\/?>)|<(!--)/i"; |
|
823 |
||
824 |
while ( '' != $text ) {
|
|
825 |
$p = preg_split( $start, $text, 2, PREG_SPLIT_DELIM_CAPTURE ); |
|
826 |
$stripped .= $p[0]; |
|
827 |
if( count( $p ) < 5 ) {
|
|
828 |
break; |
|
829 |
} |
|
830 |
if( count( $p ) > 5 ) {
|
|
831 |
// comment |
|
832 |
$element = $p[4]; |
|
833 |
$attributes = ''; |
|
834 |
$close = ''; |
|
835 |
$inside = $p[5]; |
|
836 |
} else {
|
|
837 |
// tag |
|
838 |
$element = $p[1]; |
|
839 |
$attributes = $p[2]; |
|
840 |
$close = $p[3]; |
|
841 |
$inside = $p[4]; |
|
842 |
} |
|
843 |
||
844 |
$marker = "$uniq_prefix-$element-" . sprintf('%08X', $n++) . '-QINU';
|
|
845 |
$stripped .= $marker; |
|
846 |
||
847 |
if ( $close === '/>' ) {
|
|
848 |
// Empty element tag, <tag /> |
|
849 |
$content = null; |
|
850 |
$text = $inside; |
|
851 |
$tail = null; |
|
852 |
} else {
|
|
853 |
if( $element == '!--' ) {
|
|
854 |
$end = '/(-->)/'; |
|
855 |
} else {
|
|
856 |
$end = "/(<\\/$element\\s*>)/i"; |
|
857 |
} |
|
858 |
$q = preg_split( $end, $inside, 2, PREG_SPLIT_DELIM_CAPTURE ); |
|
859 |
$content = $q[0]; |
|
860 |
if( count( $q ) < 3 ) {
|
|
861 |
# No end tag -- let it run out to the end of the text. |
|
862 |
$tail = ''; |
|
863 |
$text = ''; |
|
864 |
} else {
|
|
865 |
$tail = $q[1]; |
|
866 |
$text = $q[2]; |
|
867 |
} |
|
868 |
} |
|
869 |
||
870 |
$matches[$marker] = array( $element, |
|
871 |
$content, |
|
872 |
decodeTagAttributes( $attributes ), |
|
873 |
"<$element$attributes$close$content$tail" ); |
|
874 |
} |
|
875 |
return $stripped; |
|
876 |
} |
|
877 |
||
878 |
/** |
|
879 |
* Escape html tags |
|
880 |
* Basically replacing " > and < with HTML entities ( ", >, <) |
|
881 |
* |
|
882 |
* @param $in String: text that might contain HTML tags. |
|
883 |
* @return string Escaped string |
|
884 |
*/ |
|
885 |
function wfEscapeHTMLTagsOnly( $in ) {
|
|
886 |
return str_replace( |
|
887 |
array( '"', '>', '<' ), |
|
888 |
array( '"', '>', '<' ), |
|
889 |
$in ); |
|
890 |
} |
|
891 |
||
892 |
/** |
|
893 |
* Restores pre, math, and other extensions removed by strip() |
|
894 |
* |
|
895 |
* always call unstripNoWiki() after this one |
|
896 |
* @private |
|
897 |
*/ |
|
898 |
function unstrip( $text, &$state ) {
|
|
899 |
if ( !isset( $state['general'] ) ) {
|
|
900 |
return $text; |
|
901 |
} |
|
902 |
||
903 |
# TODO: good candidate for FSS |
|
904 |
$text = strtr( $text, $state['general'] ); |
|
905 |
||
906 |
return $text; |
|
907 |
} |
|
908 |
||
909 |
/** |
|
910 |
* Return UTF-8 string for a codepoint if that is a valid |
|
911 |
* character reference, otherwise U+FFFD REPLACEMENT CHARACTER. |
|
912 |
* @param int $codepoint |
|
913 |
* @return string |
|
914 |
* @private |
|
915 |
*/ |
|
916 |
function decodeChar( $codepoint ) {
|
|
917 |
if( validateCodepoint( $codepoint ) ) {
|
|
918 |
return codepointToUtf8( $codepoint ); |
|
919 |
} else {
|
|
920 |
return UTF8_REPLACEMENT; |
|
921 |
} |
|
922 |
} |
|
923 |
||
924 |
/** |
|
925 |
* If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, |
|
926 |
* return the UTF-8 encoding of that character. Otherwise, returns |
|
927 |
* pseudo-entity source (eg &foo;) |
|
928 |
* |
|
929 |
* @param string $name |
|
930 |
* @return string |
|
931 |
*/ |
|
932 |
function decodeEntity( $name ) {
|
|
933 |
global $wgHtmlEntities; |
|
934 |
if( isset( $wgHtmlEntities[$name] ) ) {
|
|
935 |
return codepointToUtf8( $wgHtmlEntities[$name] ); |
|
936 |
} else {
|
|
937 |
return "&$name;"; |
|
938 |
} |
|
939 |
} |
|
940 |
||
941 |
/** |
|
942 |
* Returns true if a given Unicode codepoint is a valid character in XML. |
|
943 |
* @param int $codepoint |
|
944 |
* @return bool |
|
945 |
*/ |
|
946 |
function validateCodepoint( $codepoint ) {
|
|
947 |
return ($codepoint == 0x09) |
|
948 |
|| ($codepoint == 0x0a) |
|
949 |
|| ($codepoint == 0x0d) |
|
950 |
|| ($codepoint >= 0x20 && $codepoint <= 0xd7ff) |
|
951 |
|| ($codepoint >= 0xe000 && $codepoint <= 0xfffd) |
|
952 |
|| ($codepoint >= 0x10000 && $codepoint <= 0x10ffff); |
|
953 |
} |
|
954 |
||
955 |
/** |
|
956 |
* Return UTF-8 sequence for a given Unicode code point. |
|
957 |
* May die if fed out of range data. |
|
958 |
* |
|
959 |
* @param $codepoint Integer: |
|
960 |
* @return String |
|
961 |
* @public |
|
962 |
*/ |
|
963 |
function codepointToUtf8( $codepoint ) {
|
|
964 |
if($codepoint < 0x80) return chr($codepoint); |
|
965 |
if($codepoint < 0x800) return chr($codepoint >> 6 & 0x3f | 0xc0) . |
|
966 |
chr($codepoint & 0x3f | 0x80); |
|
967 |
if($codepoint < 0x10000) return chr($codepoint >> 12 & 0x0f | 0xe0) . |
|
968 |
chr($codepoint >> 6 & 0x3f | 0x80) . |
|
969 |
chr($codepoint & 0x3f | 0x80); |
|
970 |
if($codepoint < 0x110000) return chr($codepoint >> 18 & 0x07 | 0xf0) . |
|
971 |
chr($codepoint >> 12 & 0x3f | 0x80) . |
|
972 |
chr($codepoint >> 6 & 0x3f | 0x80) . |
|
973 |
chr($codepoint & 0x3f | 0x80); |
|
974 |
||
975 |
echo "Asked for code outside of range ($codepoint)\n"; |
|
976 |
die( -1 ); |
|
977 |
} |
|
978 |
||
979 |
/** |
|
980 |
* @param string $matches |
|
981 |
* @return string |
|
982 |
*/ |
|
983 |
function decodeCharReferencesCallback( $matches ) {
|
|
984 |
if( $matches[1] != '' ) {
|
|
985 |
return Sanitizer::decodeEntity( $matches[1] ); |
|
986 |
} elseif( $matches[2] != '' ) {
|
|
987 |
return Sanitizer::decodeChar( intval( $matches[2] ) ); |
|
988 |
} elseif( $matches[3] != '' ) {
|
|
989 |
return Sanitizer::decodeChar( hexdec( $matches[3] ) ); |
|
990 |
} elseif( $matches[4] != '' ) {
|
|
991 |
return Sanitizer::decodeChar( hexdec( $matches[4] ) ); |
|
992 |
} |
|
993 |
# Last case should be an ampersand by itself |
|
994 |
return $matches[0]; |
|
995 |
} |
|
996 |
||
997 |
?> |