pluf2

pluf2 Commit Details


Date:2009-09-30 10:38:32 (16 years 1 month ago)
Author:Mehdi Kabab
Branch:master
Commit:da8f39b1e20ce1e99fbc685eb7a0cb162402bc7e
Parents: a1560823a2425f97e54a7b644791d989a174c99b
Message:Fixed issue 225, hexadecimal HTML entities are escaped twice.
Changes:

File differences

src/Pluf/Text/HTML/Filter.php
106106
107107
108108
109
109
110
111
112
113
114
110115
111116
112117
118
119
120
121
122
123
124
125
126
127
113128
114129
115130
......
117132
118133
119134
120
121135
122136
123137
......
311325
312326
313327
314
315
316
317
318
328
329
330
331
319332
320333
321334
322335
336
337
338
339
340
341
323342
324343
325
326
327
344
345
346
347
348
349
350
351
352
353
354
355
356
328357
329
330358
331
332
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
333376
334
377
335378
336379
337380
......
360403
361404
362405
363
406
364407
365408
366409
public $always_make_tags = 0;
/**
* entity control options
* Allows decimal entities.
*
* An entity has to decimal format <code>&#32</code>.
* For example, the entity <code>&#64;</code> is the <code>@</code> character.
*
* @var int
*/
public $allow_numbered_entities = 1;
/**
* Allows hexadecimal entities.
*
* An entity has to decimal format <code>&#x20</code>.
* For example, the entity <code>&#x40;</code> is the <code>@</code> character.
*
* @var int
*/
public $allow_hexadecimal_entities = 1;
public $allowed_entities = array(
'amp',
'gt',
'quot',
);
function go($data)
{
$this->tag_counts = array();
function check_entity($preamble, $term)
{
if ($term != ';') {
return '&amp;'.$preamble;
}
if ($this->is_valid_entity($preamble)) {
return '&'.$preamble;
if (';' === $term) {
if ($this->is_valid_entity($preamble)) {
return '&'.$preamble;
}
}
return '&amp;'.$preamble;
}
/**
* Determines if the string provided is a valid entity.
*
* @param string $entity String to test against.
* @return boolean
*/
function is_valid_entity($entity)
{
if (preg_match('!^#([0-9]+)$!i', $entity, $m)) {
if ($m[1] > 127) {
return 1;
if (preg_match('#^\#([0-9]{2,}|x[0-9a-f]{2,})$#i', $entity, $m)) {
if (0 === strpos($m[1], 'x')) {
// hexadecimal entity
if ($this->allow_hexadecimal_entities && $this->not_control_caracter($m[1])) {
return true;
}
return false;
} else {
// decimal entity
if ($this->allow_numbered_entities && $this->not_control_caracter($m[1])) {
return true;
}
return false;
}
return $this->allow_numbered_entities;
}
if (in_array($entity, $this->allowed_entities)){
return 1;
// HTML 4.0 character entity
return in_array($entity, $this->allowed_entities);
}
/**
* Determines if the data provided is not a control character.
*
* @param string|int $data Data to test against like "64" or "x40".
* @return boolean
*/
function not_control_caracter($data)
{
if (0 === strpos($data, 'x')) {
$data = substr($data, 1);
$data = hexdec($data);
} else {
$data = intval($data);
}
return 0;
return (31 < $data && (127 > $data || 159 < $data));
}
// within attributes, we want to convert all hex/dec/url escape
{
if ($d < 0) { $d = 32; } // space
// don't mess with huigh chars
if ($d > 127) {
if ($this->not_control_caracter($d)) {
if ($orig_type == '%') { return '%'.dechex($d); }
if ($orig_type == '&') { return "&#$d;"; }
}

Archive Download the corresponding diff file

Branches

Number of commits:
Page rendered in 0.24761s using 14 queries.