123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540 |
- <?php
- /**
- * Our in-house implementation of a parser.
- *
- * A pure PHP parser, DirectLex has absolutely no dependencies, making
- * it a reasonably good default for PHP4. Written with efficiency in mind,
- * it can be four times faster than HTMLPurifier_Lexer_PEARSax3, although it
- * pales in comparison to HTMLPurifier_Lexer_DOMLex.
- *
- * @todo Reread XML spec and document differences.
- */
- class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
- {
- /**
- * @type bool
- */
- public $tracksLineNumbers = true;
- /**
- * Whitespace characters for str(c)spn.
- * @type string
- */
- protected $_whitespace = "\x20\x09\x0D\x0A";
- /**
- * Callback function for script CDATA fudge
- * @param array $matches, in form of array(opening tag, contents, closing tag)
- * @return string
- */
- protected function scriptCallback($matches)
- {
- return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
- }
- /**
- * @param String $html
- * @param HTMLPurifier_Config $config
- * @param HTMLPurifier_Context $context
- * @return array|HTMLPurifier_Token[]
- */
- public function tokenizeHTML($html, $config, $context)
- {
- // special normalization for script tags without any armor
- // our "armor" heurstic is a < sign any number of whitespaces after
- // the first script tag
- if ($config->get('HTML.Trusted')) {
- $html = preg_replace_callback(
- '#(<script[^>]*>)(\s*[^<].+?)(</script>)#si',
- array($this, 'scriptCallback'),
- $html
- );
- }
- $html = $this->normalize($html, $config, $context);
- $cursor = 0; // our location in the text
- $inside_tag = false; // whether or not we're parsing the inside of a tag
- $array = array(); // result array
- // This is also treated to mean maintain *column* numbers too
- $maintain_line_numbers = $config->get('Core.MaintainLineNumbers');
- if ($maintain_line_numbers === null) {
- // automatically determine line numbering by checking
- // if error collection is on
- $maintain_line_numbers = $config->get('Core.CollectErrors');
- }
- if ($maintain_line_numbers) {
- $current_line = 1;
- $current_col = 0;
- $length = strlen($html);
- } else {
- $current_line = false;
- $current_col = false;
- $length = false;
- }
- $context->register('CurrentLine', $current_line);
- $context->register('CurrentCol', $current_col);
- $nl = "\n";
- // how often to manually recalculate. This will ALWAYS be right,
- // but it's pretty wasteful. Set to 0 to turn off
- $synchronize_interval = $config->get('Core.DirectLexLineNumberSyncInterval');
- $e = false;
- if ($config->get('Core.CollectErrors')) {
- $e =& $context->get('ErrorCollector');
- }
- // for testing synchronization
- $loops = 0;
- while (++$loops) {
- // $cursor is either at the start of a token, or inside of
- // a tag (i.e. there was a < immediately before it), as indicated
- // by $inside_tag
- if ($maintain_line_numbers) {
- // $rcursor, however, is always at the start of a token.
- $rcursor = $cursor - (int)$inside_tag;
- // Column number is cheap, so we calculate it every round.
- // We're interested at the *end* of the newline string, so
- // we need to add strlen($nl) == 1 to $nl_pos before subtracting it
- // from our "rcursor" position.
- $nl_pos = strrpos($html, $nl, $rcursor - $length);
- $current_col = $rcursor - (is_bool($nl_pos) ? 0 : $nl_pos + 1);
- // recalculate lines
- if ($synchronize_interval && // synchronization is on
- $cursor > 0 && // cursor is further than zero
- $loops % $synchronize_interval === 0) { // time to synchronize!
- $current_line = 1 + $this->substrCount($html, $nl, 0, $cursor);
- }
- }
- $position_next_lt = strpos($html, '<', $cursor);
- $position_next_gt = strpos($html, '>', $cursor);
- // triggers on "<b>asdf</b>" but not "asdf <b></b>"
- // special case to set up context
- if ($position_next_lt === $cursor) {
- $inside_tag = true;
- $cursor++;
- }
- if (!$inside_tag && $position_next_lt !== false) {
- // We are not inside tag and there still is another tag to parse
- $token = new
- HTMLPurifier_Token_Text(
- $this->parseText(
- substr(
- $html,
- $cursor,
- $position_next_lt - $cursor
- ), $config
- )
- );
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $position_next_lt - $cursor);
- }
- $array[] = $token;
- $cursor = $position_next_lt + 1;
- $inside_tag = true;
- continue;
- } elseif (!$inside_tag) {
- // We are not inside tag but there are no more tags
- // If we're already at the end, break
- if ($cursor === strlen($html)) {
- break;
- }
- // Create Text of rest of string
- $token = new
- HTMLPurifier_Token_Text(
- $this->parseText(
- substr(
- $html,
- $cursor
- ), $config
- )
- );
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- }
- $array[] = $token;
- break;
- } elseif ($inside_tag && $position_next_gt !== false) {
- // We are in tag and it is well formed
- // Grab the internals of the tag
- $strlen_segment = $position_next_gt - $cursor;
- if ($strlen_segment < 1) {
- // there's nothing to process!
- $token = new HTMLPurifier_Token_Text('<');
- $cursor++;
- continue;
- }
- $segment = substr($html, $cursor, $strlen_segment);
- if ($segment === false) {
- // somehow, we attempted to access beyond the end of
- // the string, defense-in-depth, reported by Nate Abele
- break;
- }
- // Check if it's a comment
- if (substr($segment, 0, 3) === '!--') {
- // re-determine segment length, looking for -->
- $position_comment_end = strpos($html, '-->', $cursor);
- if ($position_comment_end === false) {
- // uh oh, we have a comment that extends to
- // infinity. Can't be helped: set comment
- // end position to end of string
- if ($e) {
- $e->send(E_WARNING, 'Lexer: Unclosed comment');
- }
- $position_comment_end = strlen($html);
- $end = true;
- } else {
- $end = false;
- }
- $strlen_segment = $position_comment_end - $cursor;
- $segment = substr($html, $cursor, $strlen_segment);
- $token = new
- HTMLPurifier_Token_Comment(
- substr(
- $segment,
- 3,
- $strlen_segment - 3
- )
- );
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment);
- }
- $array[] = $token;
- $cursor = $end ? $position_comment_end : $position_comment_end + 3;
- $inside_tag = false;
- continue;
- }
- // Check if it's an end tag
- $is_end_tag = (strpos($segment, '/') === 0);
- if ($is_end_tag) {
- $type = substr($segment, 1);
- $token = new HTMLPurifier_Token_End($type);
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
- }
- $array[] = $token;
- $inside_tag = false;
- $cursor = $position_next_gt + 1;
- continue;
- }
- // Check leading character is alnum, if not, we may
- // have accidently grabbed an emoticon. Translate into
- // text and go our merry way
- if (!ctype_alpha($segment[0])) {
- // XML: $segment[0] !== '_' && $segment[0] !== ':'
- if ($e) {
- $e->send(E_NOTICE, 'Lexer: Unescaped lt');
- }
- $token = new HTMLPurifier_Token_Text('<');
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
- }
- $array[] = $token;
- $inside_tag = false;
- continue;
- }
- // Check if it is explicitly self closing, if so, remove
- // trailing slash. Remember, we could have a tag like <br>, so
- // any later token processing scripts must convert improperly
- // classified EmptyTags from StartTags.
- $is_self_closing = (strrpos($segment, '/') === $strlen_segment - 1);
- if ($is_self_closing) {
- $strlen_segment--;
- $segment = substr($segment, 0, $strlen_segment);
- }
- // Check if there are any attributes
- $position_first_space = strcspn($segment, $this->_whitespace);
- if ($position_first_space >= $strlen_segment) {
- if ($is_self_closing) {
- $token = new HTMLPurifier_Token_Empty($segment);
- } else {
- $token = new HTMLPurifier_Token_Start($segment);
- }
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
- }
- $array[] = $token;
- $inside_tag = false;
- $cursor = $position_next_gt + 1;
- continue;
- }
- // Grab out all the data
- $type = substr($segment, 0, $position_first_space);
- $attribute_string =
- trim(
- substr(
- $segment,
- $position_first_space
- )
- );
- if ($attribute_string) {
- $attr = $this->parseAttributeString(
- $attribute_string,
- $config,
- $context
- );
- } else {
- $attr = array();
- }
- if ($is_self_closing) {
- $token = new HTMLPurifier_Token_Empty($type, $attr);
- } else {
- $token = new HTMLPurifier_Token_Start($type, $attr);
- }
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- $current_line += $this->substrCount($html, $nl, $cursor, $position_next_gt - $cursor);
- }
- $array[] = $token;
- $cursor = $position_next_gt + 1;
- $inside_tag = false;
- continue;
- } else {
- // inside tag, but there's no ending > sign
- if ($e) {
- $e->send(E_WARNING, 'Lexer: Missing gt');
- }
- $token = new
- HTMLPurifier_Token_Text(
- '<' .
- $this->parseText(
- substr($html, $cursor), $config
- )
- );
- if ($maintain_line_numbers) {
- $token->rawPosition($current_line, $current_col);
- }
- // no cursor scroll? Hmm...
- $array[] = $token;
- break;
- }
- break;
- }
- $context->destroy('CurrentLine');
- $context->destroy('CurrentCol');
- return $array;
- }
- /**
- * PHP 5.0.x compatible substr_count that implements offset and length
- * @param string $haystack
- * @param string $needle
- * @param int $offset
- * @param int $length
- * @return int
- */
- protected function substrCount($haystack, $needle, $offset, $length)
- {
- static $oldVersion;
- if ($oldVersion === null) {
- $oldVersion = version_compare(PHP_VERSION, '5.1', '<');
- }
- if ($oldVersion) {
- $haystack = substr($haystack, $offset, $length);
- return substr_count($haystack, $needle);
- } else {
- return substr_count($haystack, $needle, $offset, $length);
- }
- }
- /**
- * Takes the inside of an HTML tag and makes an assoc array of attributes.
- *
- * @param string $string Inside of tag excluding name.
- * @param HTMLPurifier_Config $config
- * @param HTMLPurifier_Context $context
- * @return array Assoc array of attributes.
- */
- public function parseAttributeString($string, $config, $context)
- {
- $string = (string)$string; // quick typecast
- if ($string == '') {
- return array();
- } // no attributes
- $e = false;
- if ($config->get('Core.CollectErrors')) {
- $e =& $context->get('ErrorCollector');
- }
- // let's see if we can abort as quickly as possible
- // one equal sign, no spaces => one attribute
- $num_equal = substr_count($string, '=');
- $has_space = strpos($string, ' ');
- if ($num_equal === 0 && !$has_space) {
- // bool attribute
- return array($string => $string);
- } elseif ($num_equal === 1 && !$has_space) {
- // only one attribute
- list($key, $quoted_value) = explode('=', $string);
- $quoted_value = trim($quoted_value);
- if (!$key) {
- if ($e) {
- $e->send(E_ERROR, 'Lexer: Missing attribute key');
- }
- return array();
- }
- if (!$quoted_value) {
- return array($key => '');
- }
- $first_char = @$quoted_value[0];
- $last_char = @$quoted_value[strlen($quoted_value) - 1];
- $same_quote = ($first_char == $last_char);
- $open_quote = ($first_char == '"' || $first_char == "'");
- if ($same_quote && $open_quote) {
- // well behaved
- $value = substr($quoted_value, 1, strlen($quoted_value) - 2);
- } else {
- // not well behaved
- if ($open_quote) {
- if ($e) {
- $e->send(E_ERROR, 'Lexer: Missing end quote');
- }
- $value = substr($quoted_value, 1);
- } else {
- $value = $quoted_value;
- }
- }
- if ($value === false) {
- $value = '';
- }
- return array($key => $this->parseAttr($value, $config));
- }
- // setup loop environment
- $array = array(); // return assoc array of attributes
- $cursor = 0; // current position in string (moves forward)
- $size = strlen($string); // size of the string (stays the same)
- // if we have unquoted attributes, the parser expects a terminating
- // space, so let's guarantee that there's always a terminating space.
- $string .= ' ';
- $old_cursor = -1;
- while ($cursor < $size) {
- if ($old_cursor >= $cursor) {
- throw new Exception("Infinite loop detected");
- }
- $old_cursor = $cursor;
- $cursor += ($value = strspn($string, $this->_whitespace, $cursor));
- // grab the key
- $key_begin = $cursor; //we're currently at the start of the key
- // scroll past all characters that are the key (not whitespace or =)
- $cursor += strcspn($string, $this->_whitespace . '=', $cursor);
- $key_end = $cursor; // now at the end of the key
- $key = substr($string, $key_begin, $key_end - $key_begin);
- if (!$key) {
- if ($e) {
- $e->send(E_ERROR, 'Lexer: Missing attribute key');
- }
- $cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
- continue; // empty key
- }
- // scroll past all whitespace
- $cursor += strspn($string, $this->_whitespace, $cursor);
- if ($cursor >= $size) {
- $array[$key] = $key;
- break;
- }
- // if the next character is an equal sign, we've got a regular
- // pair, otherwise, it's a bool attribute
- $first_char = @$string[$cursor];
- if ($first_char == '=') {
- // key="value"
- $cursor++;
- $cursor += strspn($string, $this->_whitespace, $cursor);
- if ($cursor === false) {
- $array[$key] = '';
- break;
- }
- // we might be in front of a quote right now
- $char = @$string[$cursor];
- if ($char == '"' || $char == "'") {
- // it's quoted, end bound is $char
- $cursor++;
- $value_begin = $cursor;
- $cursor = strpos($string, $char, $cursor);
- $value_end = $cursor;
- } else {
- // it's not quoted, end bound is whitespace
- $value_begin = $cursor;
- $cursor += strcspn($string, $this->_whitespace, $cursor);
- $value_end = $cursor;
- }
- // we reached a premature end
- if ($cursor === false) {
- $cursor = $size;
- $value_end = $cursor;
- }
- $value = substr($string, $value_begin, $value_end - $value_begin);
- if ($value === false) {
- $value = '';
- }
- $array[$key] = $this->parseAttr($value, $config);
- $cursor++;
- } else {
- // boolattr
- if ($key !== '') {
- $array[$key] = $key;
- } else {
- // purely theoretical
- if ($e) {
- $e->send(E_ERROR, 'Lexer: Missing attribute key');
- }
- }
- }
- }
- return $array;
- }
- }
- // vim: et sw=4 sts=4
|