Merge "Require ext-iconv and suggest ext-intl in composer.json"

[lhc/web/wiklou.git] / includes / Sanitizer.php

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 6942ac0..f215f5f 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -39,6 +39,12 @@ class Sanitizer {
                 |&\#[xX]([0-9A-Fa-f]+);
                 |(&)/x';
 
+       /**
+        * Acceptable tag name charset from HTML5 parsing spec
+        * http://www.w3.org/TR/html5/syntax.html#tag-open-state
+        */
+       const ELEMENT_BITS_REGEX = '!^(/?)([A-Za-z][^\t\n\v />\0]*+)([^>]*?)(/?>)([^<]*)$!';
+
        /**
         * Blacklist for evil uris like javascript:
         * WARNING: DO NOT use this in any place that actually requires blacklisting
@@ -355,7 +361,6 @@ class Sanitizer {
        /**
         * Cleans up HTML, removes dangerous tags and attributes, and
         * removes HTML comments
-        * @private
         * @param string $text
         * @param callable $processCallback Callback to do any variable or parameter
         *   replacements in HTML attribute values
@@ -364,7 +369,7 @@ class Sanitizer {
         * @param array $removetags For any tags (default or extra) to exclude
         * @return string
         */
-       static function removeHTMLtags( $text, $processCallback = null,
+       public static function removeHTMLtags( $text, $processCallback = null,
                $args = array(), $extratags = array(), $removetags = array()
        ) {
                global $wgUseTidy, $wgAllowMicrodataAttributes, $wgAllowImageTag;
@@ -445,7 +450,7 @@ class Sanitizer {
                                # $params: String between element name and >
                                # $brace: Ending '>' or '/>'
                                # $rest: Everything until the next element of $bits
-                               if ( preg_match( '!^(/?)([^\\s/>]+)([^>]*?)(/{0,1}>)([^<]*)$!', $x, $regs ) ) {
+                               if ( preg_match( self::ELEMENT_BITS_REGEX, $x, $regs ) ) {
                                        list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
                                } else {
                                        $slash = $t = $params = $brace = $rest = null;
@@ -568,11 +573,7 @@ class Sanitizer {
                } else {
                        # this might be possible using tidy itself
                        foreach ( $bits as $x ) {
-                               preg_match(
-                                       '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
-                                       $x,
-                                       $regs
-                               );
+                               preg_match( self::ELEMENT_BITS_REGEX, $x, $regs );
 
                                wfSuppressWarnings();
                                list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
@@ -607,11 +608,10 @@ class Sanitizer {
         * and followed by a newline (ignoring spaces), trim leading and
         * trailing spaces and one of the newlines.
         *
-        * @private
         * @param string $text
         * @return string
         */
-       static function removeHTMLcomments( $text ) {
+       public static function removeHTMLcomments( $text ) {
                while ( ( $start = strpos( $text, '<!--' ) ) !== false ) {
                        $end = strpos( $text, '-->', $start + 4 );
                        if ( $end === false ) {