File xoops_lib\modules\protector\library\HTMLPurifier\Lexer\DirectLex.php

1:	<?php
2:
3:	/**
4:	* Our in-house implementation of a parser.
5:	*
6:	* A pure PHP parser, DirectLex has absolutely no dependencies, making
7:	* it a reasonably good default for PHP4. Written with efficiency in mind,
8:	* it can be four times faster than HTMLPurifier_Lexer_PEARSax3, although it
9:	* pales in comparison to HTMLPurifier_Lexer_DOMLex.
10:	*
11:	* @todo Reread XML spec and document differences.
12:	*/
13:	class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
14:	{
15:	/**
16:	* @type bool
17:	*/
18:	public $tracksLineNumbers = true;
19:
20:	/**
21:	* Whitespace characters for str(c)spn.
22:	* @type string
23:	*/
24:	protected $_whitespace = "\x20\x09\x0D\x0A";
25:
26:	/**
27:	* Callback function for script CDATA fudge
28:	* @param array $matches, in form of array(opening tag, contents, closing tag)
29:	* @return string
30:	*/
31:	protected function scriptCallback($matches)
32:	{
33:	return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
34:	}
35:
36:	/**
37:	* @param String $html
38:	* @param HTMLPurifier_Config $config
39:	* @param HTMLPurifier_Context $context
40:	* @return array\|HTMLPurifier_Token[]
41:	*/
42:	public function tokenizeHTML($html, $config, $context)
43:	{
44:	// special normalization for script tags without any armor
45:	// our "armor" heurstic is a < sign any number of whitespaces after
46:	// the first script tag
47:	if ($config->get('HTML.Trusted')) {
48:	$html = preg_replace_callback(
49:	'#(<script[^>]>)(\s[^<].+?)(</script>)#si',
50:	array($this, 'scriptCallback'),
51:	$html
52:	);
53:	}
54:
55:	$html = $this->normalize($html, $config, $context);
56:
57:	$cursor = 0; // our location in the text
58:	$inside_tag = false; // whether or not we're parsing the inside of a tag
59:	$array = array(); // result array
60:
61:	// This is also treated to mean maintain column numbers too
62:	$maintain_line_numbers = $config->get('Core.MaintainLineNumbers');
63:
64:	if ($maintain_line_numbers === null) {
65:	// automatically determine line numbering by checking
66:	// if error collection is on
67:	$maintain_line_numbers = $config->get('Core.CollectErrors');
68:	}
69:
70:	if ($maintain_line_numbers) {
71:	$current_line = 1;
72:	$current_col = 0;
73:	$length = strlen($html);
74:	} else {
75:	$current_line = false;
76:	$current_col = false;
77:	$length = false;
78:	}
79:	$context->register('CurrentLine', $current_line);
80:	$context->register('CurrentCol', $current_col);
81:	$nl = "\n";
82:	// how often to manually recalculate. This will ALWAYS be right,
83:	// but it's pretty wasteful. Set to 0 to turn off
84:	$synchronize_interval = $config->get('Core.DirectLexLineNumberSyncInterval');
85:
86:	$e = false;
87:	if ($config->get('Core.CollectErrors')) {
88:	$e =& $context->get('ErrorCollector');
89:	}
90:
91:	// for testing synchronization
92:	$loops = 0;
93:
94:	while (++$loops) {
95:	// $cursor is either at the start of a token, or inside of
96:	// a tag (i.e. there was a < immediately before it), as indicated
97:	// by $inside_tag
98:
99:	if ($maintain_line_numbers) {
100:	// $rcursor, however, is always at the start of a token.
101:	$rcursor = $cursor - (int)$inside_tag;
102:
103:	// Column number is cheap, so we calculate it every round.
104:	// We're interested at the end of the newline string, so
105:	// we need to add strlen($nl) == 1 to $nl_pos before subtracting it
106:	// from our "rcursor" position.
107:	$nl_pos = strrpos($html, $nl, $rcursor - $length);
108:	$current_col = $rcursor - (is_bool($nl_pos) ? 0 : $nl_pos + 1);
109:
110:	// recalculate lines
111:	if ($synchronize_interval && // synchronization is on
112:	$cursor > 0 && // cursor is further than zero
113:	$loops % $synchronize_interval === 0) { // time to synchronize!
114:	$current_line = 1 + $this->substrCount($html, $nl, 0, $cursor);
115:	}
116:	}
117:
118:	$position_next_lt = strpos($html, '<', $cursor);
119:	$position_next_gt = strpos($html, '>', $cursor);
120:
121:	// triggers on "<b>asdf</b>" but not "asdf <b></b>"
122:	// special case to set up context
123:	if ($position_next_lt === $cursor) {
124:	$inside_tag = true;
125:	$cursor++;
126:	}
127:
128:	if (!$inside_tag && $position_next_lt !== false) {
129:	// We are not inside tag and there still is another tag to parse
130:	$token = new
131:	HTMLPurifier_Token_Text(
132:	$this->parseText(
133:	substr(
134:	$html,
135:	$cursor,
136:	$position_next_lt - $cursor
137:	), $config
138:	)
139:	);
140:	if ($maintain_line_numbers) {
141:	$token->rawPosition($current_line, $current_col);
142:	$current_line += $this->substrCount($html, $nl, $cursor, $position_next_lt - $cursor);
143:	}
144:	$array[] = $token;
145:	$cursor = $position_next_lt + 1;
146:	$inside_tag = true;
147:	continue;
148:	} elseif (!$inside_tag) {
149:	// We are not inside tag but there are no more tags
150:	// If we're already at the end, break
151:	if ($cursor === strlen($html)) {
152:	break;
153:	}
154:	// Create Text of rest of string
155:	$token = new
156:	HTMLPurifier_Token_Text(
157:	$this->parseText(
158:	substr(
159:	$html,
160:	$cursor
161:	), $config
162:	)
163:	);
164:	if ($maintain_line_numbers) {
165:	$token->rawPosition($current_line, $current_col);
166:	}
167:	$array[] = $token;
168:	break;
169:	} elseif ($inside_tag && $position_next_gt !== false) {
170:	// We are in tag and it is well formed
171:	// Grab the internals of the tag
172:	$strlen_segment = $position_next_gt - $cursor;
173:
174:	if ($strlen_segment < 1) {
175:	// there's nothing to process!
176:	$token = new HTMLPurifier_Token_Text('<');
177:	$cursor++;
178:	continue;
179:	}
180:
181:	$segment = substr($html, $cursor, $strlen_segment);
182:
183:	if ($segment === false) {
184:	// somehow, we attempted to access beyond the end of
185:	// the string, defense-in-depth, reported by Nate Abele
186:	break;
187:	}
188:
189:	// Check if it's a comment
190:	if (substr($segment, 0, 3) === '!--') {
191:	// re-determine segment length, looking for -->
192:	$position_comment_end = strpos($html, '-->', $cursor);
193:	if ($position_comment_end === false) {
194:	// uh oh, we have a comment that extends to
195:	// infinity. Can't be helped: set comment
196:	// end position to end of string
197:	if ($e) {
198:	$e->send(E_WARNING, 'Lexer: Unclosed comment');
199:	}
200:	$position_comment_end = strlen($html);
201:	$end = true;
202:	} else {
203:	$end = false;
204:	}
205:	$strlen_segment = $position_comment_end - $cursor;
206:	$segment = substr($html, $cursor, $strlen_segment);
207:	$token = new
208:	HTMLPurifier_Token_Comment(
209:	substr(
210:	$segment,
211:	3,
212:	$strlen_segment - 3
213:	)
214:	);
215:	if ($maintain_line_numbers) {
216:	$token->rawPosition($current_line, $current_col);
217:	$current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment);
218:	}
219:	$array[] = $token;
220:	$cursor = $end ? $position_comment_end : $position_comment_end + 3;
221:	$inside_tag = false;
222:	continue;
223:	}
224:
225:	// Check if it's an end tag
226:	$is_end_tag = (strpos($segment, '/') === 0);
227:	if ($is_end_tag) {
228:	$type = substr($segment, 1);
229:	$token = new HTMLPurifier_Token_End($type);
230:	if ($maintain_line_numbers) {
231:	$token->rawPosition($current_line, $current_col);
232:	$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
233:	}
234:	$array[] = $token;
235:	$inside_tag = false;
236:	$cursor = $position_next_gt + 1;
237:	continue;
238:	}
239:
240:	// Check leading character is alnum, if not, we may
241:	// have accidently grabbed an emoticon. Translate into
242:	// text and go our merry way
243:	if (!ctype_alpha($segment[0])) {
244:	// XML: $segment[0] !== '_' && $segment[0] !== ':'
245:	if ($e) {
246:	$e->send(E_NOTICE, 'Lexer: Unescaped lt');
247:	}
248:	$token = new HTMLPurifier_Token_Text('<');
249:	if ($maintain_line_numbers) {
250:	$token->rawPosition($current_line, $current_col);
251:	$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
252:	}
253:	$array[] = $token;
254:	$inside_tag = false;
255:	continue;
256:	}
257:
258:	// Check if it is explicitly self closing, if so, remove
259:	// trailing slash. Remember, we could have a tag like <br>, so
260:	// any later token processing scripts must convert improperly
261:	// classified EmptyTags from StartTags.
262:	$is_self_closing = (strrpos($segment, '/') === $strlen_segment - 1);
263:	if ($is_self_closing) {
264:	$strlen_segment--;
265:	$segment = substr($segment, 0, $strlen_segment);
266:	}
267:
268:	// Check if there are any attributes
269:	$position_first_space = strcspn($segment, $this->_whitespace);
270:
271:	if ($position_first_space >= $strlen_segment) {
272:	if ($is_self_closing) {
273:	$token = new HTMLPurifier_Token_Empty($segment);
274:	} else {
275:	$token = new HTMLPurifier_Token_Start($segment);
276:	}
277:	if ($maintain_line_numbers) {
278:	$token->rawPosition($current_line, $current_col);
279:	$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
280:	}
281:	$array[] = $token;
282:	$inside_tag = false;
283:	$cursor = $position_next_gt + 1;
284:	continue;
285:	}
286:
287:	// Grab out all the data
288:	$type = substr($segment, 0, $position_first_space);
289:	$attribute_string =
290:	trim(
291:	substr(
292:	$segment,
293:	$position_first_space
294:	)
295:	);
296:	if ($attribute_string) {
297:	$attr = $this->parseAttributeString(
298:	$attribute_string,
299:	$config,
300:	$context
301:	);
302:	} else {
303:	$attr = array();
304:	}
305:
306:	if ($is_self_closing) {
307:	$token = new HTMLPurifier_Token_Empty($type, $attr);
308:	} else {
309:	$token = new HTMLPurifier_Token_Start($type, $attr);
310:	}
311:	if ($maintain_line_numbers) {
312:	$token->rawPosition($current_line, $current_col);
313:	$current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
314:	}
315:	$array[] = $token;
316:	$cursor = $position_next_gt + 1;
317:	$inside_tag = false;
318:	continue;
319:	} else {
320:	// inside tag, but there's no ending > sign
321:	if ($e) {
322:	$e->send(E_WARNING, 'Lexer: Missing gt');
323:	}
324:	$token = new
325:	HTMLPurifier_Token_Text(
326:	'<' .
327:	$this->parseText(
328:	substr($html, $cursor), $config
329:	)
330:	);
331:	if ($maintain_line_numbers) {
332:	$token->rawPosition($current_line, $current_col);
333:	}
334:	// no cursor scroll? Hmm...
335:	$array[] = $token;
336:	break;
337:	}
338:	break;
339:	}
340:
341:	$context->destroy('CurrentLine');
342:	$context->destroy('CurrentCol');
343:	return $array;
344:	}
345:
346:	/**
347:	* PHP 5.0.x compatible substr_count that implements offset and length
348:	* @param string $haystack
349:	* @param string $needle
350:	* @param int $offset
351:	* @param int $length
352:	* @return int
353:	*/
354:	protected function substrCount($haystack, $needle, $offset, $length)
355:	{
356:	static $oldVersion;
357:	if ($oldVersion === null) {
358:	$oldVersion = version_compare(PHP_VERSION, '5.1', '<');
359:	}
360:	if ($oldVersion) {
361:	$haystack = substr($haystack, $offset, $length);
362:	return substr_count($haystack, $needle);
363:	} else {
364:	return substr_count($haystack, $needle, $offset, $length);
365:	}
366:	}
367:
368:	/**
369:	* Takes the inside of an HTML tag and makes an assoc array of attributes.
370:	*
371:	* @param string $string Inside of tag excluding name.
372:	* @param HTMLPurifier_Config $config
373:	* @param HTMLPurifier_Context $context
374:	* @return array Assoc array of attributes.
375:	*/
376:	public function parseAttributeString($string, $config, $context)
377:	{
378:	$string = (string)$string; // quick typecast
379:
380:	if ($string == '') {
381:	return array();
382:	} // no attributes
383:
384:	$e = false;
385:	if ($config->get('Core.CollectErrors')) {
386:	$e =& $context->get('ErrorCollector');
387:	}
388:
389:	// let's see if we can abort as quickly as possible
390:	// one equal sign, no spaces => one attribute
391:	$num_equal = substr_count($string, '=');
392:	$has_space = strpos($string, ' ');
393:	if ($num_equal === 0 && !$has_space) {
394:	// bool attribute
395:	return array($string => $string);
396:	} elseif ($num_equal === 1 && !$has_space) {
397:	// only one attribute
398:	list($key, $quoted_value) = explode('=', $string);
399:	$quoted_value = trim($quoted_value);
400:	if (!$key) {
401:	if ($e) {
402:	$e->send(E_ERROR, 'Lexer: Missing attribute key');
403:	}
404:	return array();
405:	}
406:	if (!$quoted_value) {
407:	return array($key => '');
408:	}
409:	$first_char = @$quoted_value[0];
410:	$last_char = @$quoted_value[strlen($quoted_value) - 1];
411:
412:	$same_quote = ($first_char == $last_char);
413:	$open_quote = ($first_char == '"' \|\| $first_char == "'");
414:
415:	if ($same_quote && $open_quote) {
416:	// well behaved
417:	$value = substr($quoted_value, 1, strlen($quoted_value) - 2);
418:	} else {
419:	// not well behaved
420:	if ($open_quote) {
421:	if ($e) {
422:	$e->send(E_ERROR, 'Lexer: Missing end quote');
423:	}
424:	$value = substr($quoted_value, 1);
425:	} else {
426:	$value = $quoted_value;
427:	}
428:	}
429:	if ($value === false) {
430:	$value = '';
431:	}
432:	return array($key => $this->parseAttr($value, $config));
433:	}
434:
435:	// setup loop environment
436:	$array = array(); // return assoc array of attributes
437:	$cursor = 0; // current position in string (moves forward)
438:	$size = strlen($string); // size of the string (stays the same)
439:
440:	// if we have unquoted attributes, the parser expects a terminating
441:	// space, so let's guarantee that there's always a terminating space.
442:	$string .= ' ';
443:
444:	$old_cursor = -1;
445:	while ($cursor < $size) {
446:	if ($old_cursor >= $cursor) {
447:	throw new Exception("Infinite loop detected");
448:	}
449:	$old_cursor = $cursor;
450:
451:	$cursor += ($value = strspn($string, $this->_whitespace, $cursor));
452:	// grab the key
453:
454:	$key_begin = $cursor; //we're currently at the start of the key
455:
456:	// scroll past all characters that are the key (not whitespace or =)
457:	$cursor += strcspn($string, $this->_whitespace . '=', $cursor);
458:
459:	$key_end = $cursor; // now at the end of the key
460:
461:	$key = substr($string, $key_begin, $key_end - $key_begin);
462:
463:	if (!$key) {
464:	if ($e) {
465:	$e->send(E_ERROR, 'Lexer: Missing attribute key');
466:	}
467:	$cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
468:	continue; // empty key
469:	}
470:
471:	// scroll past all whitespace
472:	$cursor += strspn($string, $this->_whitespace, $cursor);
473:
474:	if ($cursor >= $size) {
475:	$array[$key] = $key;
476:	break;
477:	}
478:
479:	// if the next character is an equal sign, we've got a regular
480:	// pair, otherwise, it's a bool attribute
481:	$first_char = @$string[$cursor];
482:
483:	if ($first_char == '=') {
484:	// key="value"
485:
486:	$cursor++;
487:	$cursor += strspn($string, $this->_whitespace, $cursor);
488:
489:	if ($cursor === false) {
490:	$array[$key] = '';
491:	break;
492:	}
493:
494:	// we might be in front of a quote right now
495:
496:	$char = @$string[$cursor];
497:
498:	if ($char == '"' \|\| $char == "'") {
499:	// it's quoted, end bound is $char
500:	$cursor++;
501:	$value_begin = $cursor;
502:	$cursor = strpos($string, $char, $cursor);
503:	$value_end = $cursor;
504:	} else {
505:	// it's not quoted, end bound is whitespace
506:	$value_begin = $cursor;
507:	$cursor += strcspn($string, $this->_whitespace, $cursor);
508:	$value_end = $cursor;
509:	}
510:
511:	// we reached a premature end
512:	if ($cursor === false) {
513:	$cursor = $size;
514:	$value_end = $cursor;
515:	}
516:
517:	$value = substr($string, $value_begin, $value_end - $value_begin);
518:	if ($value === false) {
519:	$value = '';
520:	}
521:	$array[$key] = $this->parseAttr($value, $config);
522:	$cursor++;
523:	} else {
524:	// boolattr
525:	if ($key !== '') {
526:	$array[$key] = $key;
527:	} else {
528:	// purely theoretical
529:	if ($e) {
530:	$e->send(E_ERROR, 'Lexer: Missing attribute key');
531:	}
532:	}
533:	}
534:	}
535:	return $array;
536:	}
537:	}
538:
539:	// vim: et sw=4 sts=4
540:

Namespaces

Classes

Interfaces

Exceptions

Functions