htmLawed extlib updated from 1.1.16 to 1.1.19

This commit is contained in:
Mikael Nordfeldth 2015-02-12 21:50:21 +01:00
parent f5bb0431da
commit 35a9c65e4a
5 changed files with 3897 additions and 3883 deletions

View File

@ -1,7 +1,7 @@
<?php <?php
/* /*
htmLawed 1.1.16, 29 August 2013 htmLawed 1.1.19, 19 January 2015
Copyright Santosh Patnaik Copyright Santosh Patnaik
Dual licensed with LGPL 3 and GPL 2+ Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed
@ -379,7 +379,7 @@ return $r;
function hl_spec($t){ function hl_spec($t){
// final $spec // final $spec
$s = array(); $s = array();
$t = str_replace(array("\t", "\r", "\n", ' '), '', preg_replace('/"(?>(`.|[^"])*)"/sme', 'substr(str_replace(array(";", "|", "~", " ", ",", "/", "(", ")", \'`"\'), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", "\""), "$0"), 1, -1)', trim($t))); $t = str_replace(array("\t", "\r", "\n", ' '), '', preg_replace_callback('/"(?>(`.|[^"])*)"/sm', create_function('$m', 'return substr(str_replace(array(";", "|", "~", " ", ",", "/", "(", ")", \'`"\'), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", "\""), $m[0]), 1, -1);'), trim($t)));
for($i = count(($t = explode(';', $t))); --$i>=0;){ for($i = count(($t = explode(';', $t))); --$i>=0;){
$w = $t[$i]; $w = $t[$i];
if(empty($w) or ($e = strpos($w, '=')) === false or !strlen(($a = substr($w, $e+1)))){continue;} if(empty($w) or ($e = strpos($w, '=')) === false or !strlen(($a = substr($w, $e+1)))){continue;}
@ -475,7 +475,7 @@ while(strlen($a)){
break; case 2: // Val break; case 2: // Val
if(preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)){ if(preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)){
$a = ltrim($m[2]); $m = $m[1]; $w = 1; $mode = 0; $a = ltrim($m[2]); $m = $m[1]; $w = 1; $mode = 0;
$aA[$nm] = trim(($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m); $aA[$nm] = trim(str_replace('<', '&lt;', ($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m));
} }
break; break;
} }
@ -504,7 +504,7 @@ foreach($aA as $k=>$v){
$v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v);
$v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v;
}elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){ }elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){
$v = str_replace("\xad", ' ', (strpos($v, '&') !== false ? str_replace(array('&#xad;', '&#173;', '&shy;'), ' ', $v) : $v)); $v = str_replace("­", ' ', (strpos($v, '&') !== false ? str_replace(array('&#xad;', '&#173;', '&shy;'), ' ', $v) : $v)); # double-quoted char is soft-hyphen; appears here as "­" or hyphen or something else depending on viewing software
$v = hl_prot($v, $k); $v = hl_prot($v, $k);
if($k == 'href'){ // X-spam if($k == 'href'){ // X-spam
if($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0){ if($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0){
@ -698,7 +698,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array(
function hl_version(){ function hl_version(){
// rel // rel
return '1.1.16'; return '1.1.19';
// eof // eof
} }

View File

@ -2,7 +2,7 @@
/* /*
htmLawedTest.php, 28 May 2013 htmLawedTest.php, 28 May 2013
htmLawed 1.1.16, 29 August 2013 htmLawed 1.1.19, 19 January 2015
Copyright Santosh Patnaik Copyright Santosh Patnaik
Dual licensed with LGPL 3 and GPL 2+ Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
/* /*
htmLawed_TESTCASE.txt, 27 August 2013 htmLawed_TESTCASE.txt, 19 January 2015
htmLawed 1.1.16, 29 August 2013 htmLawed 1.1.19, 19 January 2015
Copyright Santosh Patnaik Copyright Santosh Patnaik
Dual licensed with LGPL 3 and GPL 2+ Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
@ -384,9 +384,11 @@ na Alemanha.
<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br /> <strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br />
<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br /> <strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br />
<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br /> <strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br />
<strong>Soft-hyphen:</strong> <a href="http://q=ídis­c">ídis­c</a>
<h6>XSS</h6> <h6>XSS</h6>
<img alt="<img onmouseover=confirm(1)//"<"">
'';!--"<xss>=&{()}<br /> '';!--"<xss>=&{()}<br />
<img src="javascript%3Aalert('xss');" /><br /> <img src="javascript%3Aalert('xss');" /><br />
<img src="javascript:alert('xss');" /><br /> <img src="javascript:alert('xss');" /><br />