From 10831dd274ff65d4852b47dbc398adae61845206 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Sat, 4 May 2013 00:15:41 +0200
Subject: use html purifier for sanitation

---
 .../library/HTMLPurifier/AttrDef/CSS/Multiple.php  | 58 ++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 3rdparty/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php

(limited to '3rdparty/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php')

diff --git a/3rdparty/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php b/3rdparty/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
new file mode 100644
index 000000000..1298e8ba2
--- /dev/null
+++ b/3rdparty/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Framework class for strings that involve multiple values.
+ *
+ * Certain CSS properties such as border-width and margin allow multiple
+ * lengths to be specified.  This class can take a vanilla border-width
+ * definition and multiply it, usually into a max of four.
+ *
+ * @note Even though the CSS specification isn't clear about it, inherit
+ *       can only be used alone: it will never manifest as part of a multi
+ *       shorthand declaration.  Thus, this class does not allow inherit.
+ */
+class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Instance of component definition to defer validation to.
+     * @todo Make protected
+     */
+    public $single;
+
+    /**
+     * Max number of values allowed.
+     * @todo Make protected
+     */
+    public $max;
+
+    /**
+     * @param $single HTMLPurifier_AttrDef to multiply
+     * @param $max Max number of values allowed (usually four)
+     */
+    public function __construct($single, $max = 4) {
+        $this->single = $single;
+        $this->max = $max;
+    }
+
+    public function validate($string, $config, $context) {
+        $string = $this->parseCDATA($string);
+        if ($string === '') return false;
+        $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
+        $length = count($parts);
+        $final = '';
+        for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) {
+            if (ctype_space($parts[$i])) continue;
+            $result = $this->single->validate($parts[$i], $config, $context);
+            if ($result !== false) {
+                $final .= $result . ' ';
+                $num++;
+            }
+        }
+        if ($final === '') return false;
+        return rtrim($final);
+    }
+
+}
+
+// vim: et sw=4 sts=4
-- 
cgit v1.2.3