From c119961f3140a053e2fb7120a9009dc401917b31 Mon Sep 17 00:00:00 2001 From: Alexandre Emsenhuber Date: Tue, 27 Jan 2009 15:09:19 +0000 Subject: [PATCH] Per Brion's comment on http://www.mediawiki.org/wiki/Special:Code/MediaWiki/46145#c1445 : * Refactored Tidy function in a new class, MWTidy * Only added Parser::tidy() for b/c, Parser::internalTidy() and Parser::externalTidy() were marked as private and are unused in core and extensions * Added RELEASE-NOTES entry --- RELEASE-NOTES | 10 ++- includes/OutputHandler.php | 48 ++--------- includes/parser/Parser.php | 128 ++-------------------------- includes/parser/Tidy.php | 170 +++++++++++++++++++++++++++++++++++++ 4 files changed, 189 insertions(+), 167 deletions(-) create mode 100644 includes/parser/Tidy.php diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d0124ffe48..d6276e1f78 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,4 +1,4 @@ -= MediaWiki release notes = + = MediaWiki release notes = Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can. @@ -92,10 +92,12 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 14423) Check block flag validity for block logging * DB transaction and slave-lag avoidance tweaks for Email Notifications * (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions -* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at "user contributions" +* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at + "user contributions" * Rollback links on new pages removed from "user contributions" -* (bug 15811) Re-upload form tweaks: license fields removed, destination locked, comment - label uses better message +* (bug 15811) Re-upload form tweaks: license fields removed, destination locked, + comment label uses better message +* Whole HTML validation ($wgValidateAllHtml) now works with external tidy == API changes in 1.15 == * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php index 3d123c34ab..1f4798b7cc 100644 --- a/includes/OutputHandler.php +++ b/includes/OutputHandler.php @@ -123,48 +123,10 @@ function wfDoContentLength( $length ) { * Replace the output with an error if the HTML is not valid */ function wfHtmlValidationHandler( $s ) { - global $IP, $wgTidyInternal, $wgTidyConf; - if ( $wgTidyInternal ) { - $tidy = new tidy; - - $tidy->parseString( $s, $wgTidyConf, 'utf8' ); - if ( $tidy->getStatus() == 0 ) { - return $s; - } - - $errors = $tidy->errorBuffer; - } else { - // Copied from Parser::externalTidy(); - global $wgTidyBin, $wgTidyOpts; - - $cleansource = ''; - $opts = ' -utf8'; - $descriptorspec = array( - 0 => array( 'pipe', 'r' ), - 1 => array( 'file', wfGetNull(), 'a' ), - 2 => array( 'pipe', 'w' ) - ); - $pipes = array(); - if( function_exists( 'proc_open' ) ) { - $process = proc_open("$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes ); - if ( is_resource( $process ) ) { - fwrite( $pipes[0], $s ); - fclose( $pipes[0] ); - while( !feof( $pipes[2] ) ) { - $errors .= fgets( $pipes[2], 1024 ); - } - fclose( $pipes[2] ); - $ret = proc_close( $process ); - if( ( $ret < 0 && $errors == '' ) || $ret == 0 ) - return $s; - } else { - return $s; - } - - } else { - return $s; - } + $errors = ''; + if ( MWTidy::checkErrors( $s, $errors ) ) { + return $s; } header( 'Cache-Control: no-cache' ); @@ -197,7 +159,7 @@ EOT; $out .= ''; $out .= '
' . htmlspecialchars( $errors ) . '
'; - $out .= '
    '; + $out .= "
      \n"; $line = strtok( $s, "\n" ); $i = 1; while ( $line !== false ) { @@ -206,7 +168,7 @@ EOT; } else { $out .= '
    1. '; } - $out .= htmlspecialchars( $line ) . '
      2. '; + $out .= htmlspecialchars( $line ) . "\n"; $line = strtok( "\n" ); $i++; } diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index e79f8cf4a4..13cec38633 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -374,8 +374,8 @@ class Parser $text = Sanitizer::normalizeCharReferences( $text ); - if (($wgUseTidy and $this->mOptions->mTidy) or $wgAlwaysUseTidy) { - $text = self::tidy($text); + if ( ( $wgUseTidy && $this->mOptions->mTidy ) || $wgAlwaysUseTidy ) { + $text = MWTidy::tidy( $text ); } else { # attempt to sanitize at least some nesting problems # (bug #2702 and quite a few others) @@ -648,126 +648,14 @@ class Parser $this->mStripState->general->setPair( $rnd, $text ); return $rnd; } - - /** - * Interface with html tidy, used if $wgUseTidy = true. - * If tidy isn't able to correct the markup, the original will be - * returned in all its glory with a warning comment appended. - * - * Either the external tidy program or the in-process tidy extension - * will be used depending on availability. Override the default - * $wgTidyInternal setting to disable the internal if it's not working. - * - * @param string $text Hideous HTML input - * @return string Corrected HTML output - * @public - * @static - */ - function tidy( $text ) { - global $wgTidyInternal; - - $wrappedtext = ''. -'test'.$text.''; - - # Tidy is known to clobber tabs; convert 'em to entities - $wrappedtext = str_replace("\t", ' ', $wrappedtext); - - if( $wgTidyInternal ) { - $correctedtext = self::internalTidy( $wrappedtext ); - } else { - $correctedtext = self::externalTidy( $wrappedtext ); - } - if( is_null( $correctedtext ) ) { - wfDebug( "Tidy error detected!\n" ); - return $text . "\n\n"; - } - - # Convert the tabs back from entities - $correctedtext = str_replace(' ', "\t", $correctedtext); - - return $correctedtext; - } - - /** - * Spawn an external HTML tidy process and get corrected markup back from it. - * - * @private - * @static - */ - function externalTidy( $text ) { - global $wgTidyConf, $wgTidyBin, $wgTidyOpts; - wfProfileIn( __METHOD__ ); - - $cleansource = ''; - $opts = ' -utf8'; - - $descriptorspec = array( - 0 => array('pipe', 'r'), - 1 => array('pipe', 'w'), - 2 => array('file', wfGetNull(), 'a') - ); - $pipes = array(); - if( function_exists('proc_open') ) { - $process = proc_open("$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes); - if (is_resource($process)) { - // Theoretically, this style of communication could cause a deadlock - // here. If the stdout buffer fills up, then writes to stdin could - // block. This doesn't appear to happen with tidy, because tidy only - // writes to stdout after it's finished reading from stdin. Search - // for tidyParseStdin and tidySaveStdout in console/tidy.c - fwrite($pipes[0], $text); - fclose($pipes[0]); - while (!feof($pipes[1])) { - $cleansource .= fgets($pipes[1], 1024); - } - fclose($pipes[1]); - proc_close($process); - } - } - - wfProfileOut( __METHOD__ ); - - if( $cleansource == '' && $text != '') { - // Some kind of error happened, so we couldn't get the corrected text. - // Just give up; we'll use the source text and append a warning. - return null; - } else { - return $cleansource; - } - } - + /** - * Use the HTML tidy PECL extension to use the tidy library in-process, - * saving the overhead of spawning a new process. - * - * 'pear install tidy' should be able to compile the extension module. - * - * @private - * @static + * Interface with html tidy + * @deprecated Use MWTidy::tidy() */ - function internalTidy( $text ) { - global $wgTidyConf, $IP, $wgDebugTidy; - wfProfileIn( __METHOD__ ); - - $tidy = new tidy; - $tidy->parseString( $text, $wgTidyConf, 'utf8' ); - $tidy->cleanRepair(); - if( $tidy->getStatus() == 2 ) { - // 2 is magic number for fatal error - // http://www.php.net/manual/en/function.tidy-get-status.php - $cleansource = null; - } else { - $cleansource = tidy_get_output( $tidy ); - } - if ( $wgDebugTidy && $tidy->getStatus() > 0 ) { - $cleansource .= "', '-->', $tidy->errorBuffer ) . - "\n-->"; - } - - wfProfileOut( __METHOD__ ); - return $cleansource; + public static function tidy( $text ) { + wfDeprecated( __METHOD__ ); + return MWTidy::tidy( $text ); } /** diff --git a/includes/parser/Tidy.php b/includes/parser/Tidy.php new file mode 100644 index 0000000000..95f83621af --- /dev/null +++ b/includes/parser/Tidy.php @@ -0,0 +1,170 @@ +'. +'test'.$text.''; + + # Tidy is known to clobber tabs; convert them to entities + $wrappedtext = str_replace( "\t", ' ', $wrappedtext ); + + if( $wgTidyInternal ) { + $correctedtext = self::execInternalTidy( $wrappedtext ); + } else { + $correctedtext = self::execExternalTidy( $wrappedtext ); + } + if( is_null( $correctedtext ) ) { + wfDebug( "Tidy error detected!\n" ); + return $text . "\n\n"; + } + + # Convert the tabs back from entities + $correctedtext = str_replace( ' ', "\t", $correctedtext ); + + return $correctedtext; + } + + /** + * Check HTML for errors, used if $wgValidateAllHtml = true. + * + * @param $text String + * @param &$errorStr String: return the error string + * @return Boolean: whether the HTML is valid + */ + public static function checkErrors( $text, &$errorStr = null ) { + global $wgTidyInternal; + + $retval = 0; + if( $wgTidyInternal ) { + $errorStr = self::execInternalTidy( $text, true, $retval ); + } else { + $errorStr = self::execExternalTidy( $text, true, $retval ); + } + return ( $retval < 0 && $errorStr == '' ) || $retval == 0; + } + + /** + * Spawn an external HTML tidy process and get corrected markup back from it. + * Also called in OutputHandler.php for full page validation + * + * @param $text String: HTML to check + * @param $stderr Boolean: Whether to read from STDERR rather than STDOUT + * @param &$retval Exit code (-1 on internal error) + * @retrun mixed String or null + */ + private static function execExternalTidy( $text, $stderr = false, &$retval = null ) { + global $wgTidyConf, $wgTidyBin, $wgTidyOpts; + wfProfileIn( __METHOD__ ); + + $cleansource = ''; + $opts = ' -utf8'; + + if( $stderr ) { + $descriptorspec = array( + 0 => array( 'pipe', 'r' ), + 1 => array( 'file', wfGetNull(), 'a' ), + 2 => array( 'pipe', 'w' ) + ); + } else { + $descriptorspec = array( + 0 => array( 'pipe', 'r' ), + 1 => array( 'pipe', 'w' ), + 2 => array( 'file', wfGetNull(), 'a' ) + ); + } + + $readpipe = $stderr ? 2 : 1; + $pipes = array(); + + if( function_exists( 'proc_open' ) ) { + $process = proc_open( "$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes ); + if ( is_resource( $process ) ) { + // Theoretically, this style of communication could cause a deadlock + // here. If the stdout buffer fills up, then writes to stdin could + // block. This doesn't appear to happen with tidy, because tidy only + // writes to stdout after it's finished reading from stdin. Search + // for tidyParseStdin and tidySaveStdout in console/tidy.c + fwrite( $pipes[0], $text ); + fclose( $pipes[0] ); + while ( !feof( $pipes[$readpipe] ) ) { + $cleansource .= fgets( $pipes[$readpipe], 1024 ); + } + fclose( $pipes[$readpipe] ); + $retval = proc_close( $process ); + } else { + $retval = -1; + } + } else { + $retval = -1; + } + + wfProfileOut( __METHOD__ ); + + if( !$stderr && $cleansource == '' && $text != '' ) { + // Some kind of error happened, so we couldn't get the corrected text. + // Just give up; we'll use the source text and append a warning. + return null; + } else { + return $cleansource; + } + } + + /** + * Use the HTML tidy PECL extension to use the tidy library in-process, + * saving the overhead of spawning a new process. + * + * 'pear install tidy' should be able to compile the extension module. + */ + private static function execInternalTidy( $text, $stderr = false, &$retval = null ) { + global $wgTidyConf, $IP, $wgDebugTidy; + wfProfileIn( __METHOD__ ); + + $tidy = new tidy; + $tidy->parseString( $text, $wgTidyConf, 'utf8' ); + + if( $stderr ) { + $retval = $tidy->getStatus(); + return $tidy->errorBuffer; + } else { + $tidy->cleanRepair(); + $retval = $tidy->getStatus(); + if( $retval == 2 ) { + // 2 is magic number for fatal error + // http://www.php.net/manual/en/function.tidy-get-status.php + $cleansource = null; + } else { + $cleansource = tidy_get_output( $tidy ); + } + if ( $wgDebugTidy && $retval > 0 ) { + $cleansource .= "', '-->', $tidy->errorBuffer ) . + "\n-->"; + } + + wfProfileOut( __METHOD__ ); + return $cleansource; + } + } + +} -- 2.20.1