From 64dcaf4e8ac4e815c76fe6987e433758f1392909 Mon Sep 17 00:00:00 2001 From: "C. Scott Ananian" Date: Tue, 16 Jul 2013 14:36:01 -0400 Subject: [PATCH] Code style cleanups to Sanitizer.php. Fix warnings and errors from the PHP code style checker. Note that phpcs is complaining about the constant '-1' -- it says: 'Expected 1 space after "-"; 0 found'. That's ridiculous, so I didn't "fix" that issue. Change-Id: I87a50bbc5a4387ffbca9f55d07f66b6cf860a8ac --- includes/Sanitizer.php | 48 +++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index fa883fc6b8..f3a5281845 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -56,7 +56,7 @@ class Sanitizer { * As well as ' which is only defined starting in XHTML1. * @private */ - static $htmlEntities = array( + private static $htmlEntities = array( 'Aacute' => 193, 'aacute' => 225, 'Acirc' => 194, @@ -315,15 +315,16 @@ class Sanitizer { /** * Character entity aliases accepted by MediaWiki */ - static $htmlEntityAliases = array( + private static $htmlEntityAliases = array( 'רלמ' => 'rlm', 'رلم' => 'rlm', ); /** * Lazy-initialised attributes regex, see getAttribsRegex() + * @private */ - static $attribsRegex; + private static $attribsRegex; /** * Regular expression to match HTML/XML attribute pairs within a tag. @@ -357,13 +358,16 @@ class Sanitizer { * removes HTML comments * @private * @param $text String - * @param $processCallback Callback to do any variable or parameter replacements in HTML attribute values + * @param $processCallback Callback to do any variable or parameter + * replacements in HTML attribute values * @param array $args for the processing callback * @param array $extratags for any extra tags to include * @param array $removetags for any tags (default or extra) to exclude * @return string */ - static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) { + static function removeHTMLtags( $text, $processCallback = null, + $args = array(), $extratags = array(), $removetags = array() + ) { global $wgUseTidy, $wgAllowMicrodataAttributes, $wgAllowImageTag; static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags, @@ -624,7 +628,8 @@ class Sanitizer { while ( substr( $text, $spaceStart + $spaceLen, 1 ) === ' ' ) { $spaceLen++; } - if ( substr( $text, $spaceStart, 1 ) === "\n" and substr( $text, $spaceStart + $spaceLen, 1 ) === "\n" ) { + if ( substr( $text, $spaceStart, 1 ) === "\n" + && substr( $text, $spaceStart + $spaceLen, 1 ) === "\n" ) { # Remove the comment, leading and trailing # spaces, and leave only one newline. $text = substr_replace( $text, "\n", $spaceStart, $spaceLen + 1 ); @@ -748,13 +753,18 @@ class Sanitizer { continue; } - //RDFa and microdata properties allow URLs, URIs and/or CURIs. check them for sanity - if ( $attribute === 'rel' || $attribute === 'rev' || - $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' || #RDFa - $attribute === 'datatype' || $attribute === 'typeof' || #RDFa - $attribute === 'itemid' || $attribute === 'itemprop' || $attribute === 'itemref' || #HTML5 microdata - $attribute === 'itemscope' || $attribute === 'itemtype' ) { #HTML5 microdata - + // RDFa and microdata properties allow URLs, URIs and/or CURIs. + // Check them for sanity. + if ( $attribute === 'rel' || $attribute === 'rev' + # RDFa + || $attribute === 'about' || $attribute === 'property' + || $attribute === 'resource' || $attribute === 'datatype' + || $attribute === 'typeof' + # HTML5 microdata + || $attribute === 'itemid' || $attribute === 'itemprop' + || $attribute === 'itemref' || $attribute === 'itemscope' + || $attribute === 'itemtype' + ) { //Paranoia. Allow "simple" values but suppress javascript if ( preg_match( self::EVIL_URI_PATTERN, $value ) ) { continue; @@ -766,7 +776,7 @@ class Sanitizer { if ( $attribute === 'href' || $attribute === 'src' ) { if ( !preg_match( $hrefExp, $value ) ) { continue; //drop any href or src attributes not using an allowed protocol. - //NOTE: this also drops all relative URLs + // NOTE: this also drops all relative URLs } } @@ -1460,14 +1470,16 @@ class Sanitizer { ); if ( $wgAllowRdfaAttributes ) { - #RDFa attributes as specified in section 9 of http://www.w3.org/TR/2008/REC-rdfa-syntax-20081014 + # RDFa attributes as specified in section 9 of + # http://www.w3.org/TR/2008/REC-rdfa-syntax-20081014 $common = array_merge( $common, array( 'about', 'property', 'resource', 'datatype', 'typeof', ) ); } if ( $wgAllowMicrodataAttributes ) { - # add HTML5 microdata tags as specified by http://www.whatwg.org/html/microdata.html#the-microdata-model + # add HTML5 microdata tags as specified by + # http://www.whatwg.org/html/microdata.html#the-microdata-model $common = array_merge( $common, array( 'itemid', 'itemprop', 'itemref', 'itemscope', 'itemtype' ) ); @@ -1579,7 +1591,9 @@ class Sanitizer { 'td' => array_merge( $common, $tablecell, $tablealign ), 'th' => array_merge( $common, $tablecell, $tablealign ), - # 12.2 # NOTE: is not allowed directly, but the attrib whitelist is used from the Parser object + # 12.2 + # NOTE: is not allowed directly, but the attrib + # whitelist is used from the Parser object 'a' => array_merge( $common, array( 'href', 'rel', 'rev' ) ), # rel/rev esp. for RDFa # 13.2 -- 2.20.1