[SPIP] ~maj 3.0.10 --> 3.0.14

[lhc/web/www.git] / www / plugins-dist / safehtml / lib / safehtml / classes / safehtml.php

diff --git a/www/plugins-dist/safehtml/lib/safehtml/classes/safehtml.php b/www/plugins-dist/safehtml/lib/safehtml/classes/safehtml.php
index 837f013..e2d4026 100755 (executable)
--- a/www/plugins-dist/safehtml/lib/safehtml/classes/safehtml.php
+++ b/www/plugins-dist/safehtml/lib/safehtml/classes/safehtml.php
@@ -109,7 +109,7 @@ class SafeHTML
   return true;
  }
 
- function _writeAttrs ($attrs) 
+ function _writeAttrs ($attrs,$tag=null) 
  {
   if (is_array($attrs)) {
    foreach ($attrs as $name => $value) {
@@ -122,7 +122,7 @@ class SafeHTML
     if (strpos($name, 'data') === 0) {
      continue;
     }
-    if (in_array($name, $this->attributes)) {
+    if ($tag !='a' AND in_array($name, $this->attributes)) {
      continue;
     }
     if (!preg_match("/^[a-z0-9-]+$/i", $name)) {
@@ -165,8 +165,8 @@ class SafeHTML
        }
     }
 
-    $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"'
-    $tempval = preg_replace('/&#x([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval);
+    $tempval = preg_replace_callback('/&#(\d+);?/m', create_function('$m', 'return chr($m[1]);'), $value); 
+    $tempval = preg_replace_callback('/&#x([0-9a-f]+);?/mi', create_function('$m', 'return chr(hexdec($m[1]));'), $tempval);
 
     if ((in_array($name, $this->protocolAttributes)) && 
      (strpos($tempval, ':') !== false)) 
@@ -249,7 +249,7 @@ class SafeHTML
   }
    
   $this->_xhtml .= '<' . $name;
-  $this->_writeAttrs($attrs);
+  $this->_writeAttrs($attrs,$name);
   $this->_xhtml .= '>';
   array_push($this->_stack,$name);
   $this->_counter[$name] = isset($this->_counter[$name]) ? $this->_counter[$name]+1 : 1;