Changeset 3165234
- Timestamp:
- 10/08/2024 08:08:06 PM (18 months ago)
- Location:
- svgplus/trunk
- Files:
-
- 20 edited
-
readme.txt (modified) (3 diffs)
-
svgplus.php (modified) (1 diff)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/ClassLoader.php (modified) (24 diffs)
-
vendor/composer/InstalledVersions.php (modified) (1 diff)
-
vendor/composer/autoload_classmap.php (modified) (1 diff)
-
vendor/composer/autoload_namespaces.php (modified) (1 diff)
-
vendor/composer/autoload_psr4.php (modified) (1 diff)
-
vendor/composer/autoload_real.php (modified) (2 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
-
vendor/composer/installed.json (modified) (3 diffs)
-
vendor/composer/installed.php (modified) (1 diff)
-
vendor/composer/platform_check.php (modified) (1 diff)
-
vendor/enshrined/svg-sanitize/README.md (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/composer.json (modified) (2 diffs)
-
vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php (modified) (2 diffs)
-
vendor/enshrined/svg-sanitize/src/Sanitizer.php (modified) (15 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AllowedTags.php (modified) (3 diffs)
-
vendor/enshrined/svg-sanitize/src/data/AttributeInterface.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
svgplus/trunk/readme.txt
r3165222 r3165234 4 4 Requires at least: 5.0 5 5 Tested up to: 6.6 6 Stable tag: 1.0.1 16 Stable tag: 1.0.12 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 72 72 ## Changelog 73 73 74 = 1.0.1 1=74 = 1.0.12 = 75 75 76 76 - Switched to using the `enshrined/svg-sanitize` library for SVG sanitization. … … 116 116 == Upgrade Notice == 117 117 118 = 1.0.1 1=118 = 1.0.12 = 119 119 120 120 Please update to this version to benefit from improved SVG sanitization and functionality enhancements. -
svgplus/trunk/svgplus.php
r3165222 r3165234 3 3 * Plugin Name: SVGPlus 4 4 * Description: Upload, sanitize, and display SVG files securely in WordPress. 5 * Version: 1.0.1 15 * Version: 1.0.12 6 6 * Author: Rizonepress 7 7 * License: GPL2 -
svgplus/trunk/vendor/autoload.php
r3165222 r3165234 3 3 // autoload.php @generated by Composer 4 4 5 if (PHP_VERSION_ID < 50600) { 6 if (!headers_sent()) { 7 header('HTTP/1.1 500 Internal Server Error'); 8 } 9 $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL; 10 if (!ini_get('display_errors')) { 11 if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { 12 fwrite(STDERR, $err); 13 } elseif (!headers_sent()) { 14 echo $err; 15 } 16 } 17 trigger_error( 18 $err, 19 E_USER_ERROR 20 ); 21 } 22 5 23 require_once __DIR__ . '/composer/autoload_real.php'; 6 24 7 return ComposerAutoloaderInit 61c7f72a5d76a6a96ee3c8825ef2f87a::getLoader();25 return ComposerAutoloaderInit278afc54527d5abefe91adfc89b3adbf::getLoader(); -
svgplus/trunk/vendor/composer/ClassLoader.php
r3165222 r3165234 43 43 class ClassLoader 44 44 { 45 /** @var \Closure(string):void */ 46 private static $includeFile; 47 48 /** @var string|null */ 49 private $vendorDir; 50 45 51 // PSR-4 52 /** 53 * @var array<string, array<string, int>> 54 */ 46 55 private $prefixLengthsPsr4 = array(); 56 /** 57 * @var array<string, list<string>> 58 */ 47 59 private $prefixDirsPsr4 = array(); 60 /** 61 * @var list<string> 62 */ 48 63 private $fallbackDirsPsr4 = array(); 49 64 50 65 // PSR-0 66 /** 67 * List of PSR-0 prefixes 68 * 69 * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) 70 * 71 * @var array<string, array<string, list<string>>> 72 */ 51 73 private $prefixesPsr0 = array(); 74 /** 75 * @var list<string> 76 */ 52 77 private $fallbackDirsPsr0 = array(); 53 78 79 /** @var bool */ 54 80 private $useIncludePath = false; 81 82 /** 83 * @var array<string, string> 84 */ 55 85 private $classMap = array(); 86 87 /** @var bool */ 56 88 private $classMapAuthoritative = false; 89 90 /** 91 * @var array<string, bool> 92 */ 57 93 private $missingClasses = array(); 94 95 /** @var string|null */ 58 96 private $apcuPrefix; 59 97 98 /** 99 * @var array<string, self> 100 */ 101 private static $registeredLoaders = array(); 102 103 /** 104 * @param string|null $vendorDir 105 */ 106 public function __construct($vendorDir = null) 107 { 108 $this->vendorDir = $vendorDir; 109 self::initializeIncludeClosure(); 110 } 111 112 /** 113 * @return array<string, list<string>> 114 */ 60 115 public function getPrefixes() 61 116 { … … 67 122 } 68 123 124 /** 125 * @return array<string, list<string>> 126 */ 69 127 public function getPrefixesPsr4() 70 128 { … … 72 130 } 73 131 132 /** 133 * @return list<string> 134 */ 74 135 public function getFallbackDirs() 75 136 { … … 77 138 } 78 139 140 /** 141 * @return list<string> 142 */ 79 143 public function getFallbackDirsPsr4() 80 144 { … … 82 146 } 83 147 148 /** 149 * @return array<string, string> Array of classname => path 150 */ 84 151 public function getClassMap() 85 152 { … … 88 155 89 156 /** 90 * @param array $classMap Class to filename map 157 * @param array<string, string> $classMap Class to filename map 158 * 159 * @return void 91 160 */ 92 161 public function addClassMap(array $classMap) … … 103 172 * appending or prepending to the ones previously set for this prefix. 104 173 * 105 * @param string $prefix The prefix 106 * @param array|string $paths The PSR-0 root directories 107 * @param bool $prepend Whether to prepend the directories 174 * @param string $prefix The prefix 175 * @param list<string>|string $paths The PSR-0 root directories 176 * @param bool $prepend Whether to prepend the directories 177 * 178 * @return void 108 179 */ 109 180 public function add($prefix, $paths, $prepend = false) 110 181 { 182 $paths = (array) $paths; 111 183 if (!$prefix) { 112 184 if ($prepend) { 113 185 $this->fallbackDirsPsr0 = array_merge( 114 (array)$paths,186 $paths, 115 187 $this->fallbackDirsPsr0 116 188 ); … … 118 190 $this->fallbackDirsPsr0 = array_merge( 119 191 $this->fallbackDirsPsr0, 120 (array)$paths192 $paths 121 193 ); 122 194 } … … 127 199 $first = $prefix[0]; 128 200 if (!isset($this->prefixesPsr0[$first][$prefix])) { 129 $this->prefixesPsr0[$first][$prefix] = (array)$paths;201 $this->prefixesPsr0[$first][$prefix] = $paths; 130 202 131 203 return; … … 133 205 if ($prepend) { 134 206 $this->prefixesPsr0[$first][$prefix] = array_merge( 135 (array)$paths,207 $paths, 136 208 $this->prefixesPsr0[$first][$prefix] 137 209 ); … … 139 211 $this->prefixesPsr0[$first][$prefix] = array_merge( 140 212 $this->prefixesPsr0[$first][$prefix], 141 (array)$paths213 $paths 142 214 ); 143 215 } … … 148 220 * appending or prepending to the ones previously set for this namespace. 149 221 * 150 * @param string $prefix The prefix/namespace, with trailing '\\'151 * @param array|string $paths The PSR-4 base directories152 * @param bool $prepend Whether to prepend the directories222 * @param string $prefix The prefix/namespace, with trailing '\\' 223 * @param list<string>|string $paths The PSR-4 base directories 224 * @param bool $prepend Whether to prepend the directories 153 225 * 154 226 * @throws \InvalidArgumentException 227 * 228 * @return void 155 229 */ 156 230 public function addPsr4($prefix, $paths, $prepend = false) 157 231 { 232 $paths = (array) $paths; 158 233 if (!$prefix) { 159 234 // Register directories for the root namespace. 160 235 if ($prepend) { 161 236 $this->fallbackDirsPsr4 = array_merge( 162 (array)$paths,237 $paths, 163 238 $this->fallbackDirsPsr4 164 239 ); … … 166 241 $this->fallbackDirsPsr4 = array_merge( 167 242 $this->fallbackDirsPsr4, 168 (array)$paths243 $paths 169 244 ); 170 245 } … … 176 251 } 177 252 $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; 178 $this->prefixDirsPsr4[$prefix] = (array)$paths;253 $this->prefixDirsPsr4[$prefix] = $paths; 179 254 } elseif ($prepend) { 180 255 // Prepend directories for an already registered namespace. 181 256 $this->prefixDirsPsr4[$prefix] = array_merge( 182 (array)$paths,257 $paths, 183 258 $this->prefixDirsPsr4[$prefix] 184 259 ); … … 187 262 $this->prefixDirsPsr4[$prefix] = array_merge( 188 263 $this->prefixDirsPsr4[$prefix], 189 (array)$paths264 $paths 190 265 ); 191 266 } … … 196 271 * replacing any others previously set for this prefix. 197 272 * 198 * @param string $prefix The prefix 199 * @param array|string $paths The PSR-0 base directories 273 * @param string $prefix The prefix 274 * @param list<string>|string $paths The PSR-0 base directories 275 * 276 * @return void 200 277 */ 201 278 public function set($prefix, $paths) … … 212 289 * replacing any others previously set for this namespace. 213 290 * 214 * @param string $prefix The prefix/namespace, with trailing '\\'215 * @param array|string $paths The PSR-4 base directories291 * @param string $prefix The prefix/namespace, with trailing '\\' 292 * @param list<string>|string $paths The PSR-4 base directories 216 293 * 217 294 * @throws \InvalidArgumentException 295 * 296 * @return void 218 297 */ 219 298 public function setPsr4($prefix, $paths) … … 235 314 * 236 315 * @param bool $useIncludePath 316 * 317 * @return void 237 318 */ 238 319 public function setUseIncludePath($useIncludePath) … … 257 338 * 258 339 * @param bool $classMapAuthoritative 340 * 341 * @return void 259 342 */ 260 343 public function setClassMapAuthoritative($classMapAuthoritative) … … 277 360 * 278 361 * @param string|null $apcuPrefix 362 * 363 * @return void 279 364 */ 280 365 public function setApcuPrefix($apcuPrefix) … … 297 382 * 298 383 * @param bool $prepend Whether to prepend the autoloader or not 384 * 385 * @return void 299 386 */ 300 387 public function register($prepend = false) 301 388 { 302 389 spl_autoload_register(array($this, 'loadClass'), true, $prepend); 390 391 if (null === $this->vendorDir) { 392 return; 393 } 394 395 if ($prepend) { 396 self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; 397 } else { 398 unset(self::$registeredLoaders[$this->vendorDir]); 399 self::$registeredLoaders[$this->vendorDir] = $this; 400 } 303 401 } 304 402 305 403 /** 306 404 * Unregisters this instance as an autoloader. 405 * 406 * @return void 307 407 */ 308 408 public function unregister() 309 409 { 310 410 spl_autoload_unregister(array($this, 'loadClass')); 411 412 if (null !== $this->vendorDir) { 413 unset(self::$registeredLoaders[$this->vendorDir]); 414 } 311 415 } 312 416 … … 315 419 * 316 420 * @param string $class The name of the class 317 * @return bool|null True if loaded, null otherwise421 * @return true|null True if loaded, null otherwise 318 422 */ 319 423 public function loadClass($class) 320 424 { 321 425 if ($file = $this->findFile($class)) { 322 includeFile($file); 426 $includeFile = self::$includeFile; 427 $includeFile($file); 323 428 324 429 return true; 325 430 } 431 432 return null; 326 433 } 327 434 … … 368 475 } 369 476 477 /** 478 * Returns the currently registered loaders keyed by their corresponding vendor directories. 479 * 480 * @return array<string, self> 481 */ 482 public static function getRegisteredLoaders() 483 { 484 return self::$registeredLoaders; 485 } 486 487 /** 488 * @param string $class 489 * @param string $ext 490 * @return string|false 491 */ 370 492 private function findFileWithExtension($class, $ext) 371 493 { … … 433 555 return false; 434 556 } 557 558 /** 559 * @return void 560 */ 561 private static function initializeIncludeClosure() 562 { 563 if (self::$includeFile !== null) { 564 return; 565 } 566 567 /** 568 * Scope isolated include. 569 * 570 * Prevents access to $this/self from included files. 571 * 572 * @param string $file 573 * @return void 574 */ 575 self::$includeFile = \Closure::bind(static function($file) { 576 include $file; 577 }, null, null); 578 } 435 579 } 436 437 /**438 * Scope isolated include.439 *440 * Prevents access to $this/self from included files.441 */442 function includeFile($file)443 {444 include $file;445 } -
svgplus/trunk/vendor/composer/InstalledVersions.php
r3165222 r3165234 1 1 <?php 2 2 3 4 5 6 7 8 9 10 11 3 /* 4 * This file is part of Composer. 5 * 6 * (c) Nils Adermann <naderman@naderman.de> 7 * Jordi Boggiano <j.boggiano@seld.be> 8 * 9 * For the full copyright and license information, please view the LICENSE 10 * file that was distributed with this source code. 11 */ 12 12 13 13 namespace Composer; 14 14 15 use Composer\Autoload\ClassLoader; 15 16 use Composer\Semver\VersionParser; 16 17 17 18 19 20 21 18 /** 19 * This class is copied in every Composer installed project and available to all 20 * 21 * See also https://getcomposer.org/doc/07-runtime.md#installed-versions 22 * 23 * To require its presence, you can require `composer-runtime-api ^2.0` 24 * 25 * @final 26 */ 22 27 class InstalledVersions 23 28 { 24 private static $installed = array ( 25 'root' => 26 array ( 27 'pretty_version' => '1.0.0+no-version-set', 28 'version' => '1.0.0.0', 29 'aliases' => 30 array ( 31 ), 32 'reference' => NULL, 33 'name' => '__root__', 34 ), 35 'versions' => 36 array ( 37 '__root__' => 38 array ( 39 'pretty_version' => '1.0.0+no-version-set', 40 'version' => '1.0.0.0', 41 'aliases' => 42 array ( 43 ), 44 'reference' => NULL, 45 ), 46 'enshrined/svg-sanitize' => 47 array ( 48 'pretty_version' => '0.14.1', 49 'version' => '0.14.1.0', 50 'aliases' => 51 array ( 52 ), 53 'reference' => '307b42066fb0b76b5119f5e1f0826e18fefabe95', 54 ), 55 ), 56 ); 57 58 59 60 61 62 63 64 public static function getInstalledPackages() 65 { 66 return array_keys(self::$installed['versions']); 29 /** 30 * @var mixed[]|null 31 * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null 32 */ 33 private static $installed; 34 35 /** 36 * @var bool|null 37 */ 38 private static $canGetVendors; 39 40 /** 41 * @var array[] 42 * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 43 */ 44 private static $installedByVendor = array(); 45 46 /** 47 * Returns a list of all package names which are present, either by being installed, replaced or provided 48 * 49 * @return string[] 50 * @psalm-return list<string> 51 */ 52 public static function getInstalledPackages() 53 { 54 $packages = array(); 55 foreach (self::getInstalled() as $installed) { 56 $packages[] = array_keys($installed['versions']); 57 } 58 59 if (1 === \count($packages)) { 60 return $packages[0]; 61 } 62 63 return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); 64 } 65 66 /** 67 * Returns a list of all package names with a specific type e.g. 'library' 68 * 69 * @param string $type 70 * @return string[] 71 * @psalm-return list<string> 72 */ 73 public static function getInstalledPackagesByType($type) 74 { 75 $packagesByType = array(); 76 77 foreach (self::getInstalled() as $installed) { 78 foreach ($installed['versions'] as $name => $package) { 79 if (isset($package['type']) && $package['type'] === $type) { 80 $packagesByType[] = $name; 81 } 82 } 83 } 84 85 return $packagesByType; 86 } 87 88 /** 89 * Checks whether the given package is installed 90 * 91 * This also returns true if the package name is provided or replaced by another package 92 * 93 * @param string $packageName 94 * @param bool $includeDevRequirements 95 * @return bool 96 */ 97 public static function isInstalled($packageName, $includeDevRequirements = true) 98 { 99 foreach (self::getInstalled() as $installed) { 100 if (isset($installed['versions'][$packageName])) { 101 return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; 102 } 103 } 104 105 return false; 106 } 107 108 /** 109 * Checks whether the given package satisfies a version constraint 110 * 111 * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: 112 * 113 * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') 114 * 115 * @param VersionParser $parser Install composer/semver to have access to this class and functionality 116 * @param string $packageName 117 * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package 118 * @return bool 119 */ 120 public static function satisfies(VersionParser $parser, $packageName, $constraint) 121 { 122 $constraint = $parser->parseConstraints((string) $constraint); 123 $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); 124 125 return $provided->matches($constraint); 126 } 127 128 /** 129 * Returns a version constraint representing all the range(s) which are installed for a given package 130 * 131 * It is easier to use this via isInstalled() with the $constraint argument if you need to check 132 * whether a given version of a package is installed, and not just whether it exists 133 * 134 * @param string $packageName 135 * @return string Version constraint usable with composer/semver 136 */ 137 public static function getVersionRanges($packageName) 138 { 139 foreach (self::getInstalled() as $installed) { 140 if (!isset($installed['versions'][$packageName])) { 141 continue; 142 } 143 144 $ranges = array(); 145 if (isset($installed['versions'][$packageName]['pretty_version'])) { 146 $ranges[] = $installed['versions'][$packageName]['pretty_version']; 147 } 148 if (array_key_exists('aliases', $installed['versions'][$packageName])) { 149 $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); 150 } 151 if (array_key_exists('replaced', $installed['versions'][$packageName])) { 152 $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); 153 } 154 if (array_key_exists('provided', $installed['versions'][$packageName])) { 155 $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); 156 } 157 158 return implode(' || ', $ranges); 159 } 160 161 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 162 } 163 164 /** 165 * @param string $packageName 166 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present 167 */ 168 public static function getVersion($packageName) 169 { 170 foreach (self::getInstalled() as $installed) { 171 if (!isset($installed['versions'][$packageName])) { 172 continue; 173 } 174 175 if (!isset($installed['versions'][$packageName]['version'])) { 176 return null; 177 } 178 179 return $installed['versions'][$packageName]['version']; 180 } 181 182 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 183 } 184 185 /** 186 * @param string $packageName 187 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present 188 */ 189 public static function getPrettyVersion($packageName) 190 { 191 foreach (self::getInstalled() as $installed) { 192 if (!isset($installed['versions'][$packageName])) { 193 continue; 194 } 195 196 if (!isset($installed['versions'][$packageName]['pretty_version'])) { 197 return null; 198 } 199 200 return $installed['versions'][$packageName]['pretty_version']; 201 } 202 203 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 204 } 205 206 /** 207 * @param string $packageName 208 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference 209 */ 210 public static function getReference($packageName) 211 { 212 foreach (self::getInstalled() as $installed) { 213 if (!isset($installed['versions'][$packageName])) { 214 continue; 215 } 216 217 if (!isset($installed['versions'][$packageName]['reference'])) { 218 return null; 219 } 220 221 return $installed['versions'][$packageName]['reference']; 222 } 223 224 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 225 } 226 227 /** 228 * @param string $packageName 229 * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. 230 */ 231 public static function getInstallPath($packageName) 232 { 233 foreach (self::getInstalled() as $installed) { 234 if (!isset($installed['versions'][$packageName])) { 235 continue; 236 } 237 238 return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; 239 } 240 241 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); 242 } 243 244 /** 245 * @return array 246 * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool} 247 */ 248 public static function getRootPackage() 249 { 250 $installed = self::getInstalled(); 251 252 return $installed[0]['root']; 253 } 254 255 /** 256 * Returns the raw installed.php data for custom implementations 257 * 258 * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. 259 * @return array[] 260 * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} 261 */ 262 public static function getRawData() 263 { 264 @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); 265 266 if (null === self::$installed) { 267 // only require the installed.php file if this file is loaded from its dumped location, 268 // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 269 if (substr(__DIR__, -8, 1) !== 'C') { 270 self::$installed = include __DIR__ . '/installed.php'; 271 } else { 272 self::$installed = array(); 273 } 274 } 275 276 return self::$installed; 277 } 278 279 /** 280 * Returns the raw data of all installed.php which are currently loaded for custom implementations 281 * 282 * @return array[] 283 * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 284 */ 285 public static function getAllRawData() 286 { 287 return self::getInstalled(); 288 } 289 290 /** 291 * Lets you reload the static array from another file 292 * 293 * This is only useful for complex integrations in which a project needs to use 294 * this class but then also needs to execute another project's autoloader in process, 295 * and wants to ensure both projects have access to their version of installed.php. 296 * 297 * A typical case would be PHPUnit, where it would need to make sure it reads all 298 * the data it needs from this class, then call reload() with 299 * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure 300 * the project in which it runs can then also use this class safely, without 301 * interference between PHPUnit's dependencies and the project's dependencies. 302 * 303 * @param array[] $data A vendor/composer/installed.php data set 304 * @return void 305 * 306 * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data 307 */ 308 public static function reload($data) 309 { 310 self::$installed = $data; 311 self::$installedByVendor = array(); 312 } 313 314 /** 315 * @return array[] 316 * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> 317 */ 318 private static function getInstalled() 319 { 320 if (null === self::$canGetVendors) { 321 self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); 322 } 323 324 $installed = array(); 325 326 if (self::$canGetVendors) { 327 foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { 328 if (isset(self::$installedByVendor[$vendorDir])) { 329 $installed[] = self::$installedByVendor[$vendorDir]; 330 } elseif (is_file($vendorDir.'/composer/installed.php')) { 331 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 332 $required = require $vendorDir.'/composer/installed.php'; 333 $installed[] = self::$installedByVendor[$vendorDir] = $required; 334 if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { 335 self::$installed = $installed[count($installed) - 1]; 336 } 337 } 338 } 339 } 340 341 if (null === self::$installed) { 342 // only require the installed.php file if this file is loaded from its dumped location, 343 // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 344 if (substr(__DIR__, -8, 1) !== 'C') { 345 /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ 346 $required = require __DIR__ . '/installed.php'; 347 self::$installed = $required; 348 } else { 349 self::$installed = array(); 350 } 351 } 352 353 if (self::$installed !== array()) { 354 $installed[] = self::$installed; 355 } 356 357 return $installed; 358 } 67 359 } 68 69 70 71 72 73 74 75 76 77 public static function isInstalled($packageName)78 {79 return isset(self::$installed['versions'][$packageName]);80 }81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 public static function satisfies(VersionParser $parser, $packageName, $constraint)96 {97 $constraint = $parser->parseConstraints($constraint);98 $provided = $parser->parseConstraints(self::getVersionRanges($packageName));99 100 return $provided->matches($constraint);101 }102 103 104 105 106 107 108 109 110 111 112 public static function getVersionRanges($packageName)113 {114 if (!isset(self::$installed['versions'][$packageName])) {115 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');116 }117 118 $ranges = array();119 if (isset(self::$installed['versions'][$packageName]['pretty_version'])) {120 $ranges[] = self::$installed['versions'][$packageName]['pretty_version'];121 }122 if (array_key_exists('aliases', self::$installed['versions'][$packageName])) {123 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['aliases']);124 }125 if (array_key_exists('replaced', self::$installed['versions'][$packageName])) {126 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['replaced']);127 }128 if (array_key_exists('provided', self::$installed['versions'][$packageName])) {129 $ranges = array_merge($ranges, self::$installed['versions'][$packageName]['provided']);130 }131 132 return implode(' || ', $ranges);133 }134 135 136 137 138 139 public static function getVersion($packageName)140 {141 if (!isset(self::$installed['versions'][$packageName])) {142 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');143 }144 145 if (!isset(self::$installed['versions'][$packageName]['version'])) {146 return null;147 }148 149 return self::$installed['versions'][$packageName]['version'];150 }151 152 153 154 155 156 public static function getPrettyVersion($packageName)157 {158 if (!isset(self::$installed['versions'][$packageName])) {159 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');160 }161 162 if (!isset(self::$installed['versions'][$packageName]['pretty_version'])) {163 return null;164 }165 166 return self::$installed['versions'][$packageName]['pretty_version'];167 }168 169 170 171 172 173 public static function getReference($packageName)174 {175 if (!isset(self::$installed['versions'][$packageName])) {176 throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');177 }178 179 if (!isset(self::$installed['versions'][$packageName]['reference'])) {180 return null;181 }182 183 return self::$installed['versions'][$packageName]['reference'];184 }185 186 187 188 189 190 public static function getRootPackage()191 {192 return self::$installed['root'];193 }194 195 196 197 198 199 200 201 public static function getRawData()202 {203 return self::$installed;204 }205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 public static function reload($data)225 {226 self::$installed = $data;227 }228 } -
svgplus/trunk/vendor/composer/autoload_classmap.php
r3165222 r3165234 3 3 // autoload_classmap.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_namespaces.php
r3165222 r3165234 3 3 // autoload_namespaces.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_psr4.php
r3165222 r3165234 3 3 // autoload_psr4.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 -
svgplus/trunk/vendor/composer/autoload_real.php
r3165222 r3165234 3 3 // autoload_real.php @generated by Composer 4 4 5 class ComposerAutoloaderInit 61c7f72a5d76a6a96ee3c8825ef2f87a5 class ComposerAutoloaderInit278afc54527d5abefe91adfc89b3adbf 6 6 { 7 7 private static $loader; … … 25 25 require __DIR__ . '/platform_check.php'; 26 26 27 spl_autoload_register(array('ComposerAutoloaderInit 61c7f72a5d76a6a96ee3c8825ef2f87a', 'loadClassLoader'), true, true);28 self::$loader = $loader = new \Composer\Autoload\ClassLoader( );29 spl_autoload_unregister(array('ComposerAutoloaderInit 61c7f72a5d76a6a96ee3c8825ef2f87a', 'loadClassLoader'));27 spl_autoload_register(array('ComposerAutoloaderInit278afc54527d5abefe91adfc89b3adbf', 'loadClassLoader'), true, true); 28 self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__)); 29 spl_autoload_unregister(array('ComposerAutoloaderInit278afc54527d5abefe91adfc89b3adbf', 'loadClassLoader')); 30 30 31 $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); 32 if ($useStaticLoader) { 33 require __DIR__ . '/autoload_static.php'; 34 35 call_user_func(\Composer\Autoload\ComposerStaticInit61c7f72a5d76a6a96ee3c8825ef2f87a::getInitializer($loader)); 36 } else { 37 $map = require __DIR__ . '/autoload_namespaces.php'; 38 foreach ($map as $namespace => $path) { 39 $loader->set($namespace, $path); 40 } 41 42 $map = require __DIR__ . '/autoload_psr4.php'; 43 foreach ($map as $namespace => $path) { 44 $loader->setPsr4($namespace, $path); 45 } 46 47 $classMap = require __DIR__ . '/autoload_classmap.php'; 48 if ($classMap) { 49 $loader->addClassMap($classMap); 50 } 51 } 31 require __DIR__ . '/autoload_static.php'; 32 call_user_func(\Composer\Autoload\ComposerStaticInit278afc54527d5abefe91adfc89b3adbf::getInitializer($loader)); 52 33 53 34 $loader->register(true); -
svgplus/trunk/vendor/composer/autoload_static.php
r3165222 r3165234 5 5 namespace Composer\Autoload; 6 6 7 class ComposerStaticInit 61c7f72a5d76a6a96ee3c8825ef2f87a7 class ComposerStaticInit278afc54527d5abefe91adfc89b3adbf 8 8 { 9 9 public static $prefixLengthsPsr4 = array ( … … 28 28 { 29 29 return \Closure::bind(function () use ($loader) { 30 $loader->prefixLengthsPsr4 = ComposerStaticInit 61c7f72a5d76a6a96ee3c8825ef2f87a::$prefixLengthsPsr4;31 $loader->prefixDirsPsr4 = ComposerStaticInit 61c7f72a5d76a6a96ee3c8825ef2f87a::$prefixDirsPsr4;32 $loader->classMap = ComposerStaticInit 61c7f72a5d76a6a96ee3c8825ef2f87a::$classMap;30 $loader->prefixLengthsPsr4 = ComposerStaticInit278afc54527d5abefe91adfc89b3adbf::$prefixLengthsPsr4; 31 $loader->prefixDirsPsr4 = ComposerStaticInit278afc54527d5abefe91adfc89b3adbf::$prefixDirsPsr4; 32 $loader->classMap = ComposerStaticInit278afc54527d5abefe91adfc89b3adbf::$classMap; 33 33 34 34 }, null, ClassLoader::class); -
svgplus/trunk/vendor/composer/installed.json
r3165222 r3165234 3 3 { 4 4 "name": "enshrined/svg-sanitize", 5 "version": "0. 14.1",6 "version_normalized": "0. 14.1.0",5 "version": "0.20.0", 6 "version_normalized": "0.20.0.0", 7 7 "source": { 8 8 "type": "git", 9 9 "url": "https://github.com/darylldoyle/svg-sanitizer.git", 10 "reference": " 307b42066fb0b76b5119f5e1f0826e18fefabe95"10 "reference": "068d9fcf912c88a0471d101d95a2caa87c50aee7" 11 11 }, 12 12 "dist": { 13 13 "type": "zip", 14 "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/ 307b42066fb0b76b5119f5e1f0826e18fefabe95",15 "reference": " 307b42066fb0b76b5119f5e1f0826e18fefabe95",14 "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/068d9fcf912c88a0471d101d95a2caa87c50aee7", 15 "reference": "068d9fcf912c88a0471d101d95a2caa87c50aee7", 16 16 "shasum": "" 17 17 }, … … 19 19 "ext-dom": "*", 20 20 "ext-libxml": "*", 21 "php": "^7. 0|| ^8.0"21 "php": "^7.1 || ^8.0" 22 22 }, 23 23 "require-dev": { 24 "codeclimate/php-test-reporter": "^0.1.2",25 24 "phpunit/phpunit": "^6.5 || ^8.5" 26 25 }, 27 "time": "202 1-08-09T23:46:54+00:00",26 "time": "2024-09-05T10:18:12+00:00", 28 27 "type": "library", 29 28 "installation-source": "dist", … … 46 45 "support": { 47 46 "issues": "https://github.com/darylldoyle/svg-sanitizer/issues", 48 "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0. 14.1"47 "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.20.0" 49 48 }, 50 49 "install-path": "../enshrined/svg-sanitize" -
svgplus/trunk/vendor/composer/installed.php
r3165222 r3165234 1 <?php return array ( 2 'root' => 3 array ( 4 'pretty_version' => '1.0.0+no-version-set', 5 'version' => '1.0.0.0', 6 'aliases' => 7 array ( 1 <?php return array( 2 'root' => array( 3 'name' => 'derickpayne/svgplus', 4 'pretty_version' => '1.0.0+no-version-set', 5 'version' => '1.0.0.0', 6 'reference' => null, 7 'type' => 'library', 8 'install_path' => __DIR__ . '/../../', 9 'aliases' => array(), 10 'dev' => true, 8 11 ), 9 'reference' => NULL, 10 'name' => '__root__', 11 ), 12 'versions' => 13 array ( 14 '__root__' => 15 array ( 16 'pretty_version' => '1.0.0+no-version-set', 17 'version' => '1.0.0.0', 18 'aliases' => 19 array ( 20 ), 21 'reference' => NULL, 12 'versions' => array( 13 'derickpayne/svgplus' => array( 14 'pretty_version' => '1.0.0+no-version-set', 15 'version' => '1.0.0.0', 16 'reference' => null, 17 'type' => 'library', 18 'install_path' => __DIR__ . '/../../', 19 'aliases' => array(), 20 'dev_requirement' => false, 21 ), 22 'enshrined/svg-sanitize' => array( 23 'pretty_version' => '0.20.0', 24 'version' => '0.20.0.0', 25 'reference' => '068d9fcf912c88a0471d101d95a2caa87c50aee7', 26 'type' => 'library', 27 'install_path' => __DIR__ . '/../enshrined/svg-sanitize', 28 'aliases' => array(), 29 'dev_requirement' => false, 30 ), 22 31 ), 23 'enshrined/svg-sanitize' =>24 array (25 'pretty_version' => '0.14.1',26 'version' => '0.14.1.0',27 'aliases' =>28 array (29 ),30 'reference' => '307b42066fb0b76b5119f5e1f0826e18fefabe95',31 ),32 ),33 32 ); -
svgplus/trunk/vendor/composer/platform_check.php
r3165222 r3165234 5 5 $issues = array(); 6 6 7 if (!(PHP_VERSION_ID >= 50600)) {8 $issues[] = 'Your Composer dependencies require a PHP version ">= 5.6.0". You are running ' . PHP_VERSION . '.';7 if (!(PHP_VERSION_ID >= 70100)) { 8 $issues[] = 'Your Composer dependencies require a PHP version ">= 7.1.0". You are running ' . PHP_VERSION . '.'; 9 9 } 10 10 -
svgplus/trunk/vendor/enshrined/svg-sanitize/README.md
r3165222 r3165234 1 1 # svg-sanitizer 2 2 3 [](https://travis-ci.org/darylldoyle/svg-sanitizer) [](https://codeclimate.com/github/darylldoyle/svg-sanitizer/coverage)3 [](https://travis-ci.org/darylldoyle/svg-sanitizer) [](https://codeclimate.com/github/darylldoyle/svg-sanitizer/coverage) 4 4 5 This is my attempt at building a decent SVG sanitizer in PHP. The work is lar egely borrowed from [DOMPurify](https://github.com/cure53/DOMPurify).5 This is my attempt at building a decent SVG sanitizer in PHP. The work is largely borrowed from [DOMPurify](https://github.com/cure53/DOMPurify). 6 6 7 7 ## Installation … … 41 41 These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`. 42 42 43 ## Remove remote references 43 ## Remove remote references 44 44 45 45 You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitizer. … … 74 74 ## TYPO3 75 75 76 An integration for TYPO3 CMS of this library is available as composer package `t3g/svg-sanitizer` at [https://github.com/TYPO3GmbH/svg_sanitizer](https://github.com/TYPO3GmbH/svg_sanitizer) 76 This SVG sanitizer library is used per default in the core of TYPO3 v9 and later versions. 77 See [corresponding changelog entry](https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/9.5.x/Important-94492-IntroduceSVGSanitizer.html) for more details. 77 78 78 79 ## Tests -
svgplus/trunk/vendor/enshrined/svg-sanitize/composer.json
r3165222 r3165234 10 10 ], 11 11 "scripts": { 12 "test": "phpunit --no-coverage" 12 "test": "phpunit --no-coverage", 13 "test:coverage": "phpunit" 13 14 }, 14 15 "autoload": { … … 25 26 "ext-dom": "*", 26 27 "ext-libxml": "*", 27 "php": "^7. 0|| ^8.0"28 "php": "^7.1 || ^8.0" 28 29 }, 29 30 "require-dev": { 30 "phpunit/phpunit": "^6.5 || ^8.5", 31 "codeclimate/php-test-reporter": "^0.1.2" 31 "phpunit/phpunit": "^6.5 || ^8.5" 32 32 } 33 33 } -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php
r3165222 r3165234 1 1 <?php 2 3 4 2 namespace enshrined\svgSanitize\Exceptions; 5 6 3 7 4 use Exception; … … 22 19 * @param \DOMElement|null $element 23 20 */ 24 public function __construct($message = "", $code = 0, Exception $previous = null,\DOMElement $element = null)21 public function __construct($message = "", $code = 0, ?Exception $previous = null, ?\DOMElement $element = null) 25 22 { 26 23 $this->element = $element; -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/Sanitizer.php
r3165222 r3165234 1 1 <?php 2 3 2 namespace enshrined\svgSanitize; 4 3 … … 9 8 use enshrined\svgSanitize\data\XPath; 10 9 use enshrined\svgSanitize\ElementReference\Resolver; 11 use enshrined\svgSanitize\ElementReference\Subject;12 10 13 11 /** … … 42 40 * @var bool 43 41 */ 42 protected $xmlErrorHandlerPreviousValue; 43 44 /** 45 * @var bool 46 */ 44 47 protected $minifyXML = false; 45 48 … … 78 81 */ 79 82 protected $useNestingLimit = 15; 83 84 /** 85 * @var bool 86 */ 87 protected $allowHugeFiles = false; 80 88 81 89 /** … … 181 189 } 182 190 191 /** 192 * Can we allow huge files? 193 * 194 * @return bool 195 */ 196 public function getAllowHugeFiles() { 197 return $this->allowHugeFiles; 198 } 199 200 /** 201 * Set whether we can allow huge files. 202 * 203 * @param bool $allowHugeFiles 204 */ 205 public function setAllowHugeFiles( $allowHugeFiles ) { 206 $this->allowHugeFiles = $allowHugeFiles; 207 } 208 183 209 184 210 /** … … 186 212 * 187 213 * @param string $dirty 188 * @return string 214 * @return string|false 189 215 */ 190 216 public function sanitize($dirty) … … 195 221 } 196 222 197 // Strip php tags 198 $dirty = preg_replace('/<\?(=|php)(.+?)\?>/i', '', $dirty); 223 do { 224 /* 225 * recursively remove php tags because they can be hidden inside tags 226 * i.e. <?p<?php test?>hp echo . ' danger! ';?> 227 */ 228 $dirty = preg_replace('/<\?(=|php)(.+?)\?>/i', '', $dirty); 229 } while (preg_match('/<\?(=|php)(.+?)\?>/i', $dirty) != 0); 199 230 200 231 $this->resetInternal(); 201 232 $this->setUpBefore(); 202 233 203 $loaded = $this->xmlDocument->loadXML($dirty );234 $loaded = $this->xmlDocument->loadXML($dirty, $this->getAllowHugeFiles() ? LIBXML_PARSEHUGE : 0); 204 235 205 236 // If we couldn't parse the XML then we go no further. Reset and return false 206 237 if (!$loaded) { 238 $this->xmlIssues = self::getXmlErrors(); 207 239 $this->resetAfter(); 208 240 return false; … … 215 247 $elementsToRemove = $this->elementReferenceResolver->getElementsToRemove(); 216 248 217 // Grab all the elements 218 $allElements = $this->xmlDocument->getElementsByTagName("*"); 219 220 // remove doctype after node elements have been analyzed 221 $this->removeDoctype(); 222 // Start the cleaning proccess 223 $this->startClean($allElements, $elementsToRemove); 249 // Start the cleaning process 250 $this->startClean($this->xmlDocument->childNodes, $elementsToRemove); 224 251 225 252 // Save cleaned XML to a variable … … 253 280 } 254 281 255 // Suppress the errors because we don't really have to worry about formation before cleansing 256 libxml_use_internal_errors(true); 282 // Suppress the errors because we don't really have to worry about formation before cleansing. 283 // See reset in resetAfter(). 284 $this->xmlErrorHandlerPreviousValue = libxml_use_internal_errors(true); 257 285 258 286 // Reset array of altered XML … … 271 299 libxml_disable_entity_loader($this->xmlLoaderValue); 272 300 } 273 } 274 275 /** 276 * Remove the XML Doctype 277 * It may be caught later on output but that seems to be buggy, so we need to make sure it's gone 278 */ 279 protected function removeDoctype() 280 { 281 foreach ($this->xmlDocument->childNodes as $child) { 282 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { 283 $child->parentNode->removeChild($child); 284 } 285 } 301 302 libxml_clear_errors(); 303 libxml_use_internal_errors($this->xmlErrorHandlerPreviousValue); 286 304 } 287 305 … … 317 335 } 318 336 319 // If the tag isn't in the whitelist, remove it and continue with next iteration 320 if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) { 321 $currentElement->parentNode->removeChild($currentElement); 322 $this->xmlIssues[] = array( 323 'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'', 324 'line' => $currentElement->getLineNo(), 325 ); 326 continue; 327 } 328 329 $this->cleanHrefs($currentElement); 330 331 $this->cleanXlinkHrefs($currentElement); 332 333 $this->cleanAttributesOnWhitelist($currentElement); 334 335 if (strtolower($currentElement->tagName) === 'use') { 336 if ($this->isUseTagDirty($currentElement) 337 || $this->isUseTagExceedingThreshold($currentElement) 338 ) { 337 if ($currentElement instanceof \DOMElement) { 338 // If the tag isn't in the whitelist, remove it and continue with next iteration 339 if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) { 339 340 $currentElement->parentNode->removeChild($currentElement); 340 341 $this->xmlIssues[] = array( 341 'message' => 'Suspicious \'' . $currentElement->tagName . '\'',342 'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'', 342 343 'line' => $currentElement->getLineNo(), 343 344 ); 344 345 continue; 345 346 } 347 348 $this->cleanHrefs( $currentElement ); 349 350 $this->cleanXlinkHrefs( $currentElement ); 351 352 $this->cleanAttributesOnWhitelist($currentElement); 353 354 if (strtolower($currentElement->tagName) === 'use') { 355 if ($this->isUseTagDirty($currentElement) 356 || $this->isUseTagExceedingThreshold($currentElement) 357 ) { 358 $currentElement->parentNode->removeChild($currentElement); 359 $this->xmlIssues[] = array( 360 'message' => 'Suspicious \'' . $currentElement->tagName . '\'', 361 'line' => $currentElement->getLineNo(), 362 ); 363 continue; 364 } 365 } 366 367 // Strip out font elements that will break out of foreign content. 368 if (strtolower($currentElement->tagName) === 'font') { 369 $breaksOutOfForeignContent = false; 370 for ($x = $currentElement->attributes->length - 1; $x >= 0; $x--) { 371 // get attribute name 372 $attrName = $currentElement->attributes->item( $x )->nodeName; 373 374 if (in_array(strtolower($attrName), ['face', 'color', 'size'])) { 375 $breaksOutOfForeignContent = true; 376 } 377 } 378 379 if ($breaksOutOfForeignContent) { 380 $currentElement->parentNode->removeChild($currentElement); 381 $this->xmlIssues[] = array( 382 'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'', 383 'line' => $currentElement->getLineNo(), 384 ); 385 continue; 386 } 387 } 388 } 389 390 $this->cleanUnsafeNodes($currentElement); 391 392 if ($currentElement->hasChildNodes()) { 393 $this->startClean($currentElement->childNodes, $elementsToRemove); 346 394 } 347 395 } … … 357 405 for ($x = $element->attributes->length - 1; $x >= 0; $x--) { 358 406 // get attribute name 359 $attrName = $element->attributes->item($x)->n ame;407 $attrName = $element->attributes->item($x)->nodeName; 360 408 361 409 // Remove attribute if not in whitelist … … 433 481 } 434 482 435 /**436 * Only allow whitelisted starts to be within the href.437 *438 * This will stop scripts etc from being passed through, with or without attempting to hide bypasses.439 * This stops the need for us to use a complicated script regex.440 *441 * @param $value442 * @return bool443 */483 /** 484 * Only allow whitelisted starts to be within the href. 485 * 486 * This will stop scripts etc from being passed through, with or without attempting to hide bypasses. 487 * This stops the need for us to use a complicated script regex. 488 * 489 * @param $value 490 * @return bool 491 */ 444 492 protected function isHrefSafeValue($value) { 445 493 … … 477 525 'data:image/pjp', // PJPEG 478 526 ))) { 479 return true;527 return true; 480 528 } 481 529 … … 628 676 $this->useNestingLimit = (int) $limit; 629 677 } 678 679 /** 680 * Remove nodes that are either invalid or malformed. 681 * 682 * @param \DOMNode $currentElement The current element. 683 */ 684 protected function cleanUnsafeNodes(\DOMNode $currentElement) { 685 // Replace CDATA node with encoded text node 686 if ($currentElement instanceof \DOMCdataSection) { 687 $textNode = $currentElement->ownerDocument->createTextNode($currentElement->nodeValue); 688 $currentElement->parentNode->replaceChild($textNode, $currentElement); 689 // If the element doesn't have a tagname, remove it and continue with next iteration 690 } elseif (!$currentElement instanceof \DOMElement && !$currentElement instanceof \DOMText) { 691 $currentElement->parentNode->removeChild($currentElement); 692 $this->xmlIssues[] = array( 693 'message' => 'Suspicious node \'' . $currentElement->nodeName . '\'', 694 'line' => $currentElement->getLineNo(), 695 ); 696 return; 697 } 698 699 if ( $currentElement->childNodes && $currentElement->childNodes->length > 0 ) { 700 for ($j = $currentElement->childNodes->length - 1; $j >= 0; $j--) { 701 /** @var \DOMElement $childElement */ 702 $childElement = $currentElement->childNodes->item($j); 703 $this->cleanUnsafeNodes($childElement); 704 } 705 } 706 } 707 708 /** 709 * Retrieve array of errors 710 * @return array 711 */ 712 private static function getXmlErrors() 713 { 714 $errors = []; 715 foreach (libxml_get_errors() as $error) { 716 $errors[] = [ 717 'message' => trim($error->message), 718 'line' => $error->line, 719 ]; 720 } 721 722 return $errors; 723 } 630 724 } -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AllowedAttributes.php
r3165222 r3165234 1 1 <?php 2 3 4 2 namespace enshrined\svgSanitize\data; 5 6 3 7 4 /** … … 155 152 'fill-rule', 156 153 'filter', 154 'filterUnits', 157 155 'flood-color', 158 156 'flood-opacity', … … 273 271 'viewbox', 274 272 'visibility', 273 'vector-effect', 275 274 'vert-adv-y', 276 275 'vert-origin-x', -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AllowedTags.php
r3165222 r3165234 1 1 <?php 2 3 4 2 namespace enshrined\svgSanitize\data; 5 6 3 7 4 /** … … 23 20 // HTML 24 21 'a', 25 'abbr',26 'acronym',27 'address',28 'area',29 'article',30 'aside',31 'audio',32 'b',33 'bdi',34 'bdo',35 'big',36 'blink',37 'blockquote',38 'body',39 'br',40 'button',41 'canvas',42 'caption',43 'center',44 'cite',45 'code',46 'col',47 'colgroup',48 'content',49 'data',50 'datalist',51 'dd',52 'decorator',53 'del',54 'details',55 'dfn',56 'dir',57 'div',58 'dl',59 'dt',60 'element',61 'em',62 'fieldset',63 'figcaption',64 'figure',65 22 'font', 66 'footer',67 'form',68 'h1',69 'h2',70 'h3',71 'h4',72 'h5',73 'h6',74 'head',75 'header',76 'hgroup',77 'hr',78 'html',79 'i',80 23 'image', 81 'img',82 'input',83 'ins',84 'kbd',85 'label',86 'legend',87 'li',88 'main',89 'map',90 'mark',91 'marquee',92 'menu',93 'menuitem',94 'meter',95 'nav',96 'nobr',97 'ol',98 'optgroup',99 'option',100 'output',101 'p',102 'pre',103 'progress',104 'q',105 'rp',106 'rt',107 'ruby',108 's',109 'samp',110 'section',111 'select',112 'shadow',113 'small',114 'source',115 'spacer',116 'span',117 'strike',118 'strong',119 24 'style', 120 'sub',121 'summary',122 'sup',123 'table',124 'tbody',125 'td',126 'template',127 'textarea',128 'tfoot',129 'th',130 'thead',131 'time',132 'tr',133 'track',134 'tt',135 'u',136 'ul',137 'var',138 'video',139 'wbr',140 25 141 26 // SVG … … 208 93 'feTurbulence', 209 94 210 //MathML211 'math',212 'menclose',213 'merror',214 'mfenced',215 'mfrac',216 'mglyph',217 'mi',218 'mlabeledtr',219 'mmuliscripts',220 'mn',221 'mo',222 'mover',223 'mpadded',224 'mphantom',225 'mroot',226 'mrow',227 'ms',228 'mpspace',229 'msqrt',230 'mystyle',231 'msub',232 'msup',233 'msubsup',234 'mtable',235 'mtd',236 'mtext',237 'mtr',238 'munder',239 'munderover',240 241 95 //text 242 96 '#text' -
svgplus/trunk/vendor/enshrined/svg-sanitize/src/data/AttributeInterface.php
r3165222 r3165234 1 1 <?php 2 2 namespace enshrined\svgSanitize\data; 3 4 3 5 4 /**
Note: See TracChangeset
for help on using the changeset viewer.