8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedClasses 2 | TYPE: lookup/null 3 | VERSION: 4.0.0 4 | DEFAULT: null 5 | --DESCRIPTION-- 6 | List of allowed class values in the class attribute. By default, this is null, 7 | which means all classes are allowed. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier.path.php: -------------------------------------------------------------------------------- 1 | 'HTML Purifier XNone' 10 | ); 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier.auto.php: -------------------------------------------------------------------------------- 1 | 7 | Defines through what scheme the output will be served, in order to 8 | select the proper object validator when no scheme information is present. 9 | 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt: -------------------------------------------------------------------------------- 1 | URI.DefinitionID 2 | TYPE: string/null 3 | VERSION: 2.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | Unique identifier for a custom-built URI definition. If you want 9 | to add custom URIFilters, you must specify this value. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedRev 2 | TYPE: lookup 3 | VERSION: 1.6.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of allowed reverse document relationships in the rev attribute. This 7 | attribute is a bit of an edge-case; if you don't know what it is for, stay 8 | away. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt: -------------------------------------------------------------------------------- 1 | Attr.ForbiddenClasses 2 | TYPE: lookup 3 | VERSION: 4.0.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of forbidden class values in the class attribute. By default, this is 7 | empty, which means that no classes are forbidden. See also %Attr.AllowedClasses. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/tmp/URI/4.1.1,05c766101e813c246917b022f97b5e6e,1.ser: -------------------------------------------------------------------------------- 1 | O:26:"HTMLPurifier_URIDefinition":7:{s:4:"type";s:3:"URI";s:10:"�*�filters";a:1:{s:13:"HostBlacklist";O:36:"HTMLPurifier_URIFilter_HostBlacklist":3:{s:4:"name";s:13:"HostBlacklist";s:12:"�*�blacklist";a:0:{}s:4:"post";b:0;}}s:14:"�*�postFilters";a:0:{}s:4:"base";N;s:4:"host";N;s:13:"defaultScheme";s:4:"http";s:5:"setup";b:1;} -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Text.php: -------------------------------------------------------------------------------- 1 | parseCDATA($string); 11 | } 12 | 13 | } 14 | 15 | // vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt: -------------------------------------------------------------------------------- 1 | Output.FlashCompat 2 | TYPE: bool 3 | VERSION: 4.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | If true, HTML Purifier will generate Internet Explorer compatibility 8 | code for all object code. This is highly recommended if you enable 9 | %HTML.SafeObject. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedRel 2 | TYPE: lookup 3 | VERSION: 1.6.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of allowed forward document relationships in the rel attribute. Common 7 | values may be nofollow or print. By default, this is empty, meaning that no 8 | document relationships are allowed. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.Linkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | This directive turns on linkification, auto-linking http, ftp and
9 | https URLs. a tags with the href attribute
10 | must be allowed.
11 |
8 | Disables all URIs in all forms. Not sure why you'd want to do that 9 | (after all, the Internet's founded on the notion of a hyperlink). 10 |
11 | 12 | --ALIASES-- 13 | Attr.DisableURI 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/Printer/ConfigForm.css: -------------------------------------------------------------------------------- 1 | 2 | .hp-config {} 3 | 4 | .hp-config tbody th {text-align:right; padding-right:0.5em;} 5 | .hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;} 6 | .hp-config .namespace th {text-align:center;} 7 | .hp-config .verbose {display:none;} 8 | .hp-config .controls {text-align:center;} 9 | 10 | /* vim: et sw=4 sts=4 */ 11 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt: -------------------------------------------------------------------------------- 1 | Core.Language 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'en' 5 | --DESCRIPTION-- 6 | 7 | ISO 639 language code for localizable things in HTML Purifier to use, 8 | which is mainly error reporting. There is currently only an English (en) 9 | translation, so this directive is currently useless. 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImageAlt 2 | TYPE: string 3 | DEFAULT: 'Invalid image' 4 | --DESCRIPTION-- 5 | This is the content of the alt tag of an invalid image if the user had not 6 | previously specified an alt attribute. It has no effect when the image is 7 | valid but there was no alt attribute present. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultTextDir 2 | TYPE: string 3 | DEFAULT: 'ltr' 4 | --DESCRIPTION-- 5 | Defines the default text direction (ltr or rtl) of the document being 6 | parsed. This generally is the same as the value of the dir attribute in 7 | HTML, or ltr if that is not specified. 8 | --ALLOWED-- 9 | 'ltr', 'rtl' 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 'xml:lang' => 'LanguageCode', 10 | ) 11 | ); 12 | } 13 | 14 | // vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php: -------------------------------------------------------------------------------- 1 | 9 | This directive enables HTML Purifier to remove not only script tags 10 | but all of their contents. 11 | 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 'lang' => 'LanguageCode', 10 | ) 11 | ); 12 | } 13 | 14 | // vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt: -------------------------------------------------------------------------------- 1 | URI.HostBlacklist 2 | TYPE: list 3 | VERSION: 1.3.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of strings that are forbidden in the host of any URI. Use it to kill 7 | domain names of spam, etc. Note that it will catch anything in the domain, 8 | so moo.com will catch moo.com.example.com. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.Custom 2 | TYPE: list 3 | VERSION: 2.0.1 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | 7 |8 | This directive can be used to add custom auto-format injectors. 9 | Specify an array of injector names (class name minus the prefix) 10 | or concrete implementations. Injector class must exist. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt: -------------------------------------------------------------------------------- 1 | Filter.Custom 2 | TYPE: list 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |
7 | This directive can be used to add custom filters; it is nearly the
8 | equivalent of the now deprecated HTMLPurifier->addFilter()
9 | method. Specify an array of concrete implementations.
10 |
8 | String name of element that HTML fragment passed to library will be 9 | inserted in. An interesting variation would be using span as the 10 | parent element, meaning that only inline tags would be allowed. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImage 2 | TYPE: string 3 | DEFAULT: '' 4 | --DESCRIPTION-- 5 | This is the default image an img tag will be pointed to if it does not have 6 | a valid src attribute. In future versions, we may allow the image tag to 7 | be removed completely, but due to design issues, this is not possible right 8 | now. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveSpansWithoutAttributes 2 | TYPE: bool 3 | VERSION: 4.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | This directive causes span tags without any attributes
8 | to be removed. It will also remove spans that had all attributes
9 | removed during processing.
10 |
8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.DisplayLinkURI 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | This directive turns on the in-text display of URIs in <a> tags, and disables 8 | those links. For example, example becomes 9 | example (http://example.com). 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.PurifierLinkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | Internal auto-formatter that converts configuration directives in
9 | syntax %Namespace.Directive to links. a tags
10 | with the href attribute must be allowed.
11 |
7 | Whether or not to allow proprietary elements and attributes in your
8 | documents, as per HTMLPurifier_HTMLModule_Proprietary.
9 | Warning: This can cause your documents to stop
10 | validating!
11 |
8 | This directive enables pre-emptive URI checking in img
9 | tags, as the attribute validation strategy is not authorized to
10 | remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
11 |
8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Namespace.php: -------------------------------------------------------------------------------- 1 | 8 | Newline string to format final output with. If left null, HTML Purifier 9 | will auto-detect the default newline type of the system and use that; 10 | you can manually override it here. Remember, \r\n is Windows, \r 11 | is Mac, and \n is Unix. 12 | 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php: -------------------------------------------------------------------------------- 1 | get('EmbeddedURI', true)) return true; 8 | return parent::filter($uri, $config, $context); 9 | } 10 | } 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform 7 | { 8 | public function transform($attr, $config, $context) { 9 | if (!isset($attr['type'])) { 10 | $attr['type'] = 'text/javascript'; 11 | } 12 | return $attr; 13 | } 14 | } 15 | 16 | // vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php: -------------------------------------------------------------------------------- 1 | true, 'th' => true) 5 | --DESCRIPTION-- 6 |7 | When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp 8 | are enabled, this directive defines what HTML elements should not be 9 | removede if they have only a non-breaking space in them. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt: -------------------------------------------------------------------------------- 1 | Cache.DefinitionImpl 2 | TYPE: string/null 3 | VERSION: 2.0.0 4 | DEFAULT: 'Serializer' 5 | --DESCRIPTION-- 6 | 7 | This directive defines which method to use when caching definitions, 8 | the complex data-type that makes HTML Purifier tick. Set to null 9 | to disable caching (not recommended, as you will see a definite 10 | performance degradation). 11 | 12 | --ALIASES-- 13 | Core.DefinitionCache 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php: -------------------------------------------------------------------------------- 1 | 8 | Converts all URIs into absolute forms. This is useful when the HTML 9 | being filtered assumes a specific base path, but will actually be 10 | viewed in a different context (and setting an alternate base URI is 11 | not possible). %URI.Base must be set for this directive to work. 12 | 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform 7 | { 8 | 9 | public function transform($attr, $config, $context) { 10 | // Calculated from Firefox 11 | if (!isset($attr['cols'])) $attr['cols'] = '22'; 12 | if (!isset($attr['rows'])) $attr['rows'] = '3'; 13 | return $attr; 14 | } 15 | 16 | } 17 | 18 | // vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt: -------------------------------------------------------------------------------- 1 | Core.CollectErrors 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 | Whether or not to collect errors found while filtering the document. This 8 | is a useful way to give feedback to your users. Warning: 9 | Currently this feature is very patchy and experimental, with lots of 10 | possible error messages not yet implemented. It will not cause any 11 | problems, but it may not help your users either. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids_intrusions.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE IF NOT EXISTS `phpids_intrusions` ( 2 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT, 3 | `name` varchar(128) NOT NULL, 4 | `value` text NOT NULL, 5 | `page` varchar(255) NOT NULL, 6 | `userid` int(11) unsigned NOT NULL, 7 | `session` varchar(32) NOT NULL, 8 | `ip` varchar(15) NOT NULL, 9 | `reaction` tinyint(3) unsigned NOT NULL COMMENT '0 = log; 1 = mail; 2 = warn; 3 = kill;', 10 | `impact` int(11) unsigned NOT NULL, 11 | `created` datetime NOT NULL, 12 | `tags` varchar(50) NOT NULL, 13 | PRIMARY KEY (`id`) 14 | ) 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt: -------------------------------------------------------------------------------- 1 | URI.DisableExternal 2 | TYPE: bool 3 | VERSION: 1.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Disables links to external websites. This is a highly effective anti-spam 7 | and anti-pagerank-leech measure, but comes at a hefty price: nolinks or 8 | images outside of your domain will be allowed. Non-linkified URIs will 9 | still be preserved. If you want to be able to link to subdomains or use 10 | absolute URIs, specify %URI.Host for your website. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeObject 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit object tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to object tags. You should also enable 10 | %Output.FlashCompat in order to generate Internet Explorer 11 | compatibility code for your object tags. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableResources 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Disables embedding resources, essentially meaning no pictures. You can 8 | still link to them though. See %URI.DisableExternalResources for why 9 | this might be a good idea. 10 |
11 |12 | Note: While this directive has been available since 1.3.0, 13 | it didn't actually start doing anything until 4.2.0. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/Token/End.php: -------------------------------------------------------------------------------- 1 | display:none; is considered a tricky property that 10 | will only be allowed if this directive is set to true. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt: -------------------------------------------------------------------------------- 1 | Core.ConvertDocumentToFragment 2 | TYPE: bool 3 | DEFAULT: true 4 | --DESCRIPTION-- 5 | 6 | This parameter determines whether or not the filter should convert 7 | input that is a full document with html and body tags to a fragment 8 | of just the contents of a body tag. This parameter is simply something 9 | HTML Purifier can do during an edge-case: for most inputs, this 10 | processing is not necessary. 11 | 12 | --ALIASES-- 13 | Core.AcceptFullDocuments 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/URIScheme/http.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 15 | return true; 16 | } 17 | 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt: -------------------------------------------------------------------------------- 1 | HTML.Doctype 2 | TYPE: string/null 3 | DEFAULT: NULL 4 | --DESCRIPTION-- 5 | Doctype to use during filtering. Technically speaking this is not actually 6 | a doctype (as it does not identify a corresponding DTD), but we are using 7 | this name for sake of simplicity. When non-blank, this will override any 8 | older directives like %HTML.XHTML or %HTML.Strict. 9 | --ALLOWED-- 10 | 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1' 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefix 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | String to prefix to IDs. If you have no idea what IDs your pages may use, 7 | you may opt to simply add a prefix to all user-submitted ID attributes so 8 | that they are still usable, but will not conflict with core page IDs. 9 | Example: setting the directive to 'user_' will result in a user submitted 10 | 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true 11 | before using this. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/URIScheme/nntp.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 14 | $uri->query = null; 15 | return true; 16 | } 17 | 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt: -------------------------------------------------------------------------------- 1 | HTML.Attr.Name.UseCDATA 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.0.0 5 | --DESCRIPTION-- 6 | The W3C specification DTD defines the name attribute to be CDATA, not ID, due 7 | to limitations of DTD. In certain documents, this relaxed behavior is desired, 8 | whether it is to specify duplicate names, or to specify names that would be 9 | illegal IDs (for example, names that begin with a digit.) Set this configuration 10 | directive to true to use the relaxed parsing rules. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php: -------------------------------------------------------------------------------- 1 | get('Attr.DefaultTextDir'); 14 | return $attr; 15 | } 16 | 17 | } 18 | 19 | // vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultImageAlt 2 | TYPE: string/null 3 | DEFAULT: null 4 | VERSION: 3.2.0 5 | --DESCRIPTION-- 6 | This is the content of the alt tag of an image if the user had not 7 | previously specified an alt attribute. This applies to all images without 8 | a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which 9 | only applies to invalid images, and overrides in the case of an invalid image. 10 | Default behavior with null is to use the basename of the src tag for the alt. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp 2 | TYPE: bool 3 | VERSION: 4.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | When enabled, HTML Purifier will treat any elements that contain only 8 | non-breaking spaces as well as regular whitespace as empty, and remove 9 | them when %AutoForamt.RemoveEmpty is enabled. 10 |
11 |12 | See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements 13 | that don't have this behavior applied to them. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeEmbed 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit embed tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to embed tags. Embed is a proprietary 10 | element and will cause your website to stop validating; you should 11 | see if you can use %Output.FlashCompat with %HTML.SafeObject instead 12 | first.
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksEscaping.txt: -------------------------------------------------------------------------------- 1 | FilterParam.ExtractStyleBlocksEscaping 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: true 5 | ALIASES: Filter.ExtractStyleBlocksEscaping 6 | --DESCRIPTION-- 7 | 8 |9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |
14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.AllowedSchemes 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'http' => true, 6 | 'https' => true, 7 | 'mailto' => true, 8 | 'ftp' => true, 9 | 'nntp' => true, 10 | 'news' => true, 11 | ) 12 | --DESCRIPTION-- 13 | Whitelist that defines the schemes that a URI is allowed to have. This 14 | prevents XSS attacks from using pseudo-schemes like javascript or mocha. 15 | There is also support for thedata and file
16 | URI schemes, but they are not enabled by default.
17 | --# vim: et sw=4 sts=4
18 |
--------------------------------------------------------------------------------
/phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt:
--------------------------------------------------------------------------------
1 | HTML.MaxImgLength
2 | TYPE: int/null
3 | DEFAULT: 1200
4 | VERSION: 3.1.1
5 | --DESCRIPTION--
6 |
7 | This directive controls the maximum number of pixels in the width and
8 | height attributes in img tags. This is
9 | in place to prevent imagecrash attacks, disable with null at your own risk.
10 | This directive is similar to %CSS.MaxImgLength, and both should be
11 | concurrently edited, although there are
12 | subtle differences in the input format (the HTML max is an integer).
13 |
9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |
14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt: -------------------------------------------------------------------------------- 1 | Filter.YouTube 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Warning: Deprecated in favor of %HTML.SafeObject and 8 | %Output.FlashCompat (turn both on to allow YouTube videos and other 9 | Flash content). 10 |
11 |12 | This directive enables YouTube video embedding in HTML Purifier. Check 13 | this document 14 | on embedding videos for more information on what this filter does. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt: -------------------------------------------------------------------------------- 1 | Output.SortAttr 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will sort attributes by name before writing them back
8 | to the document, converting a tag like: <el b="" a="" c="" />
9 | to <el a="" b="" c="" />. This is a workaround for
10 | a bug in FCKeditor which causes it to swap attributes order, adding noise
11 | to text diffs. If you're not seeing this bug, chances are, you don't need
12 | this directive.
13 |
8 | Revision identifier for your custom definition specified in 9 | %HTML.DefinitionID. This serves the same purpose: uniquely identifying 10 | your custom definition, but this one does so in a chronological 11 | context: revision 3 is more up-to-date then revision 2. Thus, when 12 | this gets incremented, the cache handling is smart enough to clean 13 | up any older revisions of your definition as well as flush the 14 | cache. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Background.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'background'); 13 | // some validation should happen here 14 | 15 | $this->prependCSS($attr, "background-image:url($background);"); 16 | 17 | return $attr; 18 | 19 | } 20 | 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableExternalResources 2 | TYPE: bool 3 | VERSION: 1.3.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Disables the embedding of external resources, preventing users from 7 | embedding things like images from other hosts. This prevents access 8 | tracking (good for email viewers), bandwidth leeching, cross-site request 9 | forging, goatse.cx posting, and other nasties, but also results in a loss 10 | of end-user functionality (they can't directly post a pic they posted from 11 | Flickr anymore). Use it if you don't have a robust user-content moderation 12 | team. 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier.func.php: -------------------------------------------------------------------------------- 1 | purify($html, $config); 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedFrameTargets 2 | TYPE: lookup 3 | DEFAULT: array() 4 | --DESCRIPTION-- 5 | Lookup table of all allowed link frame targets. Some commonly used link 6 | targets include _blank, _self, _parent and _top. Values should be 7 | lowercase, as validation will be done in a case-sensitive manner despite 8 | W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute 9 | so this directive will have no effect in that doctype. XHTML 1.1 does not 10 | enable the Target module by default, you will have to manually enable it 11 | (see the module documentation for more details.) 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt: -------------------------------------------------------------------------------- 1 | Core.EscapeNonASCIICharacters 2 | TYPE: bool 3 | VERSION: 1.4.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | This directive overcomes a deficiency in %Core.Encoding by blindly 7 | converting all non-ASCII characters into decimal numeric entities before 8 | converting it to its native encoding. This means that even characters that 9 | can be expressed in the non-UTF-8 encoding will be entity-ized, which can 10 | be a real downer for encodings like Big5. It also assumes that the ASCII 11 | repetoire is available, although this is the case for almost all encodings. 12 | Anyway, use UTF-8! 13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt: -------------------------------------------------------------------------------- 1 | Core.MaintainLineNumbers 2 | TYPE: bool/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | If true, HTML Purifier will add line number information to all tokens. 9 | This is useful when error reporting is turned on, but can result in 10 | significant performance degradation and should not be used when 11 | unnecessary. This directive must be used with the DirectLex lexer, 12 | as the DOMLex lexer does not (yet) support this functionality. 13 | If the value is null, an appropriate value will be selected based 14 | on other configuration. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksTidyImpl.txt: -------------------------------------------------------------------------------- 1 | FilterParam.ExtractStyleBlocksTidyImpl 2 | TYPE: mixed/null 3 | VERSION: 3.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |
7 | If left NULL, HTML Purifier will attempt to instantiate a csstidy
8 | class to use for internal cleaning. This will usually be good enough.
9 |
11 | However, for trusted user input, you can set this to false to
12 | disable cleaning. In addition, you can supply your own concrete implementation
13 | of Tidy's interface to use, although I don't know why you'd want to do that.
14 |
8 | String name of element to wrap inline elements that are inside a block 9 | context. This only occurs in the children of blockquote in strict mode. 10 |
11 |
12 | Example: by default value,
13 | <blockquote>Foo</blockquote> would become
14 | <blockquote><p>Foo</p></blockquote>.
15 | The <p> tags can be replaced with whatever you desire,
16 | as long as it is a block level element.
17 |
11 | This directive is a lookup array of elements which should have their
12 | contents removed when they are not allowed by the HTML definition.
13 | For example, the contents of a script tag are not
14 | normally shown in a document, so if script tags are to be removed,
15 | their contents should be removed to. This is opposed to a b
16 | tag, which defines some presentational changes but does not hide its
17 | contents.
18 |
8 | If left NULL, HTML Purifier will attempt to instantiate a csstidy
9 | class to use for internal cleaning. This will usually be good enough.
10 |
12 | However, for trusted user input, you can set this to false to
13 | disable cleaning. In addition, you can supply your own concrete implementation
14 | of Tidy's interface to use, although I don't know why you'd want to do that.
15 |
<img src="">.
9 | Be careful enabling this directive if you have a redirector script
10 | that does not use the Location HTTP header; all of your images
11 | and other embedded resources will break.
12 |
13 | 14 | Warning: It is strongly advised you use this in conjunction 15 | %URI.MungeSecretKey to mitigate the security risk of an open redirector. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier.autoload.php: -------------------------------------------------------------------------------- 1 | 8 | If HTML Purifier's style attributes set is unsatisfactory for your needs, 9 | you can overload it with your own list of tags to allow. Note that this 10 | method is subtractive: it does its job by taking away from HTML Purifier 11 | usual feature set, so you cannot add an attribute that HTML Purifier never 12 | supported in the first place. 13 | 14 |15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | CSS.MaxImgLength 2 | TYPE: string/null 3 | DEFAULT: '1200px' 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |
7 | This parameter sets the maximum allowed length on img tags,
8 | effectively the width and height properties.
9 | Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
10 | in place to prevent imagecrash attacks, disable with null at your own risk.
11 | This directive is similar to %HTML.MaxImgLength, and both should be
12 | concurrently edited, although there are
13 | subtle differences in the input format (the CSS max is a number with
14 | a unit).
15 |
8 | If HTML Purifier's attribute set is unsatisfactory, overload it! 9 | The syntax is "tag.attr" or "*.attr" for the global attributes 10 | (style, id, class, dir, lang, xml:lang). 11 |
12 |13 | Warning: If another directive conflicts with the 14 | elements here, that directive will win and override. For 15 | example, %HTML.EnableAttrID will take precedence over *.id in this 16 | directive. You must set that directive to true before you can use 17 | IDs at all. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt: -------------------------------------------------------------------------------- 1 | Attr.EnableID 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 1.2.0 5 | --DESCRIPTION-- 6 | Allows the ID attribute in HTML. This is disabled by default due to the 7 | fact that without proper configuration user input can easily break the 8 | validation of a webpage by specifying an ID that is already on the 9 | surrounding HTML. If you don't mind throwing caution to the wind, enable 10 | this directive, but I strongly recommend you also consider blacklisting IDs 11 | you use (%Attr.IDBlacklist) or prefixing all user supplied IDs 12 | (%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of 13 | pre-1.2.0 versions. 14 | --ALIASES-- 15 | HTML.EnableAttrID 16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 9 | 0 => array('Style'), 10 | // 'xml:space' => false, 11 | 'class' => 'Class', 12 | 'id' => 'ID', 13 | 'title' => 'CDATA', 14 | ), 15 | 'Lang' => array(), 16 | 'I18N' => array( 17 | 0 => array('Lang'), // proprietary, for xml:lang/lang 18 | ), 19 | 'Common' => array( 20 | 0 => array('Core', 'I18N') 21 | ) 22 | ); 23 | 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefixLocal 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you 7 | need to allow multiple sets of user content on web page, you may need to 8 | have a seperate prefix that changes with each iteration. This way, 9 | seperately submitted user content displayed on the same page doesn't 10 | clobber each other. Ideal values are unique identifiers for the content it 11 | represents (i.e. the id of the row in the database). Be sure to add a 12 | seperator (like an underscore) at the end. Warning: this directive will 13 | not work unless %Attr.IDPrefix is set to a non-empty value! 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt: -------------------------------------------------------------------------------- 1 | URI.Base 2 | TYPE: string/null 3 | VERSION: 2.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | The base URI is the URI of the document this purified HTML will be 9 | inserted into. This information is important if HTML Purifier needs 10 | to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute 11 | is on. You may use a non-absolute URI for this value, but behavior 12 | may vary (%URI.MakeAbsolute deals nicely with both absolute and 13 | relative paths, but forwards-compatibility is not guaranteed). 14 | Warning: If set, the scheme on this URI 15 | overrides the one specified by %URI.DefaultScheme. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php: -------------------------------------------------------------------------------- 1 | " 12 | // that needs more percent encoding to be done 13 | if ($string == '') return false; 14 | $string = trim($string); 15 | $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); 16 | return $result ? $string : false; 17 | } 18 | 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt: -------------------------------------------------------------------------------- 1 | Core.DirectLexLineNumberSyncInterval 2 | TYPE: int 3 | VERSION: 2.0.0 4 | DEFAULT: 0 5 | --DESCRIPTION-- 6 | 7 |8 | Specifies the number of tokens the DirectLex line number tracking 9 | implementations should process before attempting to resyncronize the 10 | current line count by manually counting all previous new-lines. When 11 | at 0, this functionality is disabled. Lower values will decrease 12 | performance, and this is only strictly necessary if the counting 13 | algorithm is buggy (in which case you should report it as a bug). 14 | This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is 15 | not being used. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt: -------------------------------------------------------------------------------- 1 | HTML.CoreModules 2 | TYPE: lookup 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'Structure' => true, 7 | 'Text' => true, 8 | 'Hypertext' => true, 9 | 'List' => true, 10 | 'NonXMLCommonAttributes' => true, 11 | 'XMLCommonAttributes' => true, 12 | 'CommonAttributes' => true, 13 | ) 14 | --DESCRIPTION-- 15 | 16 |17 | Certain modularized doctypes (XHTML, namely), have certain modules 18 | that must be included for the doctype to be an conforming document 19 | type: put those modules here. By default, XHTML's core modules 20 | are used. You can set this to a blank array to disable core module 21 | protection, but this is not recommended. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt: -------------------------------------------------------------------------------- 1 | HTML.TidyLevel 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'medium' 5 | --DESCRIPTION-- 6 | 7 |General level of cleanliness the Tidy module should enforce. 8 | There are four allowed values:
9 |7 | This directive enables aggressive pre-filter fixes HTML Purifier can 8 | perform in order to ensure that open angled-brackets do not get killed 9 | during parsing stage. Enabling this will result in two preg_replace_callback 10 | calls and at least two preg_replace calls for every HTML document parsed; 11 | if your users make very well-formed HTML, you can set this directive false. 12 | This has no effect when DirectLex is used. 13 |
14 |15 | Notice: This directive's default turned from false to true 16 | in HTML Purifier 3.2.0. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/Strategy.php: -------------------------------------------------------------------------------- 1 | evalExpression($var); 13 | } 14 | 15 | protected function evalExpression($expr) { 16 | $var = null; 17 | $result = eval("\$var = $expr;"); 18 | if ($result === false) { 19 | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); 20 | } 21 | return $var; 22 | } 23 | 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt: -------------------------------------------------------------------------------- 1 | Core.ColorKeywords 2 | TYPE: hash 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'maroon' => '#800000', 7 | 'red' => '#FF0000', 8 | 'orange' => '#FFA500', 9 | 'yellow' => '#FFFF00', 10 | 'olive' => '#808000', 11 | 'purple' => '#800080', 12 | 'fuchsia' => '#FF00FF', 13 | 'white' => '#FFFFFF', 14 | 'lime' => '#00FF00', 15 | 'green' => '#008000', 16 | 'navy' => '#000080', 17 | 'blue' => '#0000FF', 18 | 'aqua' => '#00FFFF', 19 | 'teal' => '#008080', 20 | 'black' => '#000000', 21 | 'silver' => '#C0C0C0', 22 | 'gray' => '#808080', 23 | ) 24 | --DESCRIPTION-- 25 | 26 | Lookup array of color names to six digit hexadecimal number corresponding 27 | to color, with preceding hash mark. Used when parsing colors. 28 | --# vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/URIScheme/mailto.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 19 | $uri->host = null; 20 | $uri->port = null; 21 | // we need to validate path against RFC 2368's addr-spec 22 | return true; 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php: -------------------------------------------------------------------------------- 1 | start->attr['href'])){ 17 | $url = $token->start->attr['href']; 18 | unset($token->start->attr['href']); 19 | $token = array($token, new HTMLPurifier_Token_Text(" ($url)")); 20 | } else { 21 | // nothing to display 22 | } 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Length.php: -------------------------------------------------------------------------------- 1 | name = $name; 14 | $this->cssName = $css_name ? $css_name : $name; 15 | } 16 | 17 | public function transform($attr, $config, $context) { 18 | if (!isset($attr[$this->name])) return $attr; 19 | $length = $this->confiscateAttr($attr, $this->name); 20 | if(ctype_digit($length)) $length .= 'px'; 21 | $this->prependCSS($attr, $this->cssName . ":$length;"); 22 | return $attr; 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedModules 2 | TYPE: lookup/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | A doctype comes with a set of usual modules to use. Without having 9 | to mucking about with the doctypes, you can quickly activate or 10 | disable these modules by specifying which modules you wish to allow 11 | with this directive. This is most useful for unit testing specific 12 | modules, although end users may find it useful for their own ends. 13 |
14 |15 | If you specify a module that does not exist, the manager will silently 16 | fail to use it, so be careful! User-defined modules are not affected 17 | by this directive. Modules defined in %HTML.CoreModules are not 18 | affected by this directive. 19 |
20 | --# vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php: -------------------------------------------------------------------------------- 1 | feature that automatically resolves all 11 | entities), making it pretty useless for anything except the most I18N-blind 12 | applications, although %Core.EscapeNonASCIICharacters offers fixes this 13 | trouble with another tradeoff. This directive only accepts ISO-8859-1 if 14 | iconv is not enabled. 15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenElements 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |7 | This was, perhaps, the most requested feature ever in HTML 8 | Purifier. Please don't abuse it! This is the logical inverse of 9 | %HTML.AllowedElements, and it will override that directive, or any 10 | other directive. 11 |
12 |
13 | If possible, %HTML.Allowed is recommended over this directive, because it
14 | can sometimes be difficult to tell whether or not you've forbidden all of
15 | the behavior you would like to disallow. If you forbid img
16 | with the expectation of preventing images on your site, you'll be in for
17 | a nasty surprise when people start using the background-image
18 | CSS property.
19 |
8 | Defines the domain name of the server, so we can determine whether or 9 | an absolute URI is from your website or not. Not strictly necessary, 10 | as users should be using relative URIs to reference resources on your 11 | website. It will, however, let you use absolute URIs to link to 12 | subdomains of the domain you post here: i.e. example.com will allow 13 | sub.example.com. However, higher up domains will still be excluded: 14 | if you set %URI.Host to sub.example.com, example.com will be blocked. 15 | Note: This directive overrides %URI.Base because 16 | a given page may be on a sub-domain, but you wish HTML Purifier to be 17 | more relaxed and allow some of the parent domains too. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php: -------------------------------------------------------------------------------- 1 | def = $def; 16 | $this->element = $element; 17 | } 18 | /** 19 | * Checks if CurrentToken is set and equal to $this->element 20 | */ 21 | public function validate($string, $config, $context) { 22 | $token = $context->get('CurrentToken', true); 23 | if ($token && $token->name == $this->element) return false; 24 | return $this->def->validate($string, $config, $context); 25 | } 26 | } 27 | 28 | // vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php: -------------------------------------------------------------------------------- 1 | idDef = new HTMLPurifier_AttrDef_HTML_ID(); 13 | } 14 | 15 | public function transform($attr, $config, $context) { 16 | if (!isset($attr['name'])) return $attr; 17 | $name = $attr['name']; 18 | if (isset($attr['id']) && $attr['id'] === $name) return $attr; 19 | $result = $this->idDef->validate($name, $config, $context); 20 | if ($result === false) unset($attr['name']); 21 | else $attr['name'] = $result; 22 | return $attr; 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/URIFilter/DisableExternal.php: -------------------------------------------------------------------------------- 1 | getDefinition('URI')->host; 9 | if ($our_host !== null) $this->ourHostParts = array_reverse(explode('.', $our_host)); 10 | } 11 | public function filter(&$uri, $config, $context) { 12 | if (is_null($uri->host)) return true; 13 | if ($this->ourHostParts === false) return false; 14 | $host_parts = array_reverse(explode('.', $uri->host)); 15 | foreach ($this->ourHostParts as $i => $x) { 16 | if (!isset($host_parts[$i])) return false; 17 | if ($host_parts[$i] != $this->ourHostParts[$i]) return false; 18 | } 19 | return true; 20 | } 21 | } 22 | 23 | // vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php: -------------------------------------------------------------------------------- 1 | get('Core.ColorKeywords'); 13 | 14 | $string = trim($string); 15 | 16 | if (empty($string)) return false; 17 | if (isset($colors[$string])) return $colors[$string]; 18 | if ($string[0] === '#') $hex = substr($string, 1); 19 | else $hex = $string; 20 | 21 | $length = strlen($hex); 22 | if ($length !== 3 && $length !== 6) return false; 23 | if (!ctype_xdigit($hex)) return false; 24 | if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2]; 25 | 26 | return "#$hex"; 27 | 28 | } 29 | 30 | } 31 | 32 | // vim: et sw=4 sts=4 33 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php: -------------------------------------------------------------------------------- 1 | key = $key; 13 | } 14 | 15 | /** 16 | * @warning This is NOT magic, to ensure that people don't abuse SPL and 17 | * cause problems for PHP 5.0 support. 18 | */ 19 | public function toString() { 20 | return $this->key; 21 | } 22 | 23 | public function getRootNamespace() { 24 | return substr($this->key, 0, strpos($this->key, ".")); 25 | } 26 | 27 | public function getDirective() { 28 | return substr($this->key, strpos($this->key, ".") + 1); 29 | } 30 | 31 | public static function make($id) { 32 | return new HTMLPurifier_ConfigSchema_Interchange_Id($id); 33 | } 34 | 35 | } 36 | 37 | // vim: et sw=4 sts=4 38 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt: -------------------------------------------------------------------------------- 1 | Output.TidyFormat 2 | TYPE: bool 3 | VERSION: 1.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Determines whether or not to run Tidy on the final output for pretty 8 | formatting reasons, such as indentation and wrap. 9 |
10 |11 | This can greatly improve readability for editors who are hand-editing 12 | the HTML, but is by no means necessary as HTML Purifier has already 13 | fixed all major errors the HTML may have had. Tidy is a non-default 14 | extension, and this directive will silently fail if Tidy is not 15 | available. 16 |
17 |18 | If you are looking to make the overall look of your page's source 19 | better, I recommend running Tidy on the entire page rather than just 20 | user-content (after all, the indentation relative to the containing 21 | blocks will be incorrect). 22 |
23 | --ALIASES-- 24 | Core.TidyFormat 25 | --# vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenAttributes 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |
7 | While this directive is similar to %HTML.AllowedAttributes, for
8 | forwards-compatibility with XML, this attribute has a different syntax. Instead of
9 | tag.attr, use tag@attr. To disallow href
10 | attributes in a tags, set this directive to
11 | a@href. You can also disallow an attribute globally with
12 | attr or *@attr (either syntax is fine; the latter
13 | is provided for consistency with %HTML.AllowedAttributes).
14 |
16 | Warning: This directive complements %HTML.ForbiddenElements, 17 | accordingly, check 18 | out that directive for a discussion of why you 19 | should think twice before using this directive. 20 |
21 | --# vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php: -------------------------------------------------------------------------------- 1 | ip4) $this->_loadRegex(); 18 | 19 | if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) 20 | { 21 | return $aIP; 22 | } 23 | 24 | return false; 25 | 26 | } 27 | 28 | /** 29 | * Lazy load function to prevent regex from being stuffed in 30 | * cache. 31 | */ 32 | protected function _loadRegex() { 33 | $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 34 | $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; 35 | } 36 | 37 | } 38 | 39 | // vim: et sw=4 sts=4 40 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/Definition.php: -------------------------------------------------------------------------------- 1 | setup) return; 33 | $this->setup = true; 34 | $this->doSetup($config); 35 | } 36 | 37 | } 38 | 39 | // vim: et sw=4 sts=4 40 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedElements 2 | TYPE: lookup/null 3 | VERSION: 1.3.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |7 | If HTML Purifier's tag set is unsatisfactory for your needs, you can 8 | overload it with your own list of tags to allow. If you change 9 | this, you probably also want to change %HTML.AllowedAttributes; see 10 | also %HTML.Allowed which lets you set allowed elements and 11 | attributes at the same time. 12 |
13 |14 | If you attempt to allow an element that HTML Purifier does not know 15 | about, HTML Purifier will raise an error. You will need to manually 16 | tell HTML Purifier about this element by using the 17 | advanced customization features. 18 |
19 |20 | Warning: If another directive conflicts with the 21 | elements here, that directive will win and override. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php: -------------------------------------------------------------------------------- 1 | addElement( 13 | 'a', 'Inline', 'Inline', 'Common', 14 | array( 15 | // 'accesskey' => 'Character', 16 | // 'charset' => 'Charset', 17 | 'href' => 'URI', 18 | // 'hreflang' => 'LanguageCode', 19 | 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'), 20 | 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'), 21 | // 'tabindex' => 'Number', 22 | // 'type' => 'ContentType', 23 | ) 24 | ); 25 | $a->formatting = true; 26 | $a->excludes = array('a' => true); 27 | } 28 | 29 | } 30 | 31 | // vim: et sw=4 sts=4 32 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php: -------------------------------------------------------------------------------- 1 | array('dir' => false) 13 | ); 14 | 15 | public function setup($config) { 16 | $bdo = $this->addElement( 17 | 'bdo', 'Inline', 'Inline', array('Core', 'Lang'), 18 | array( 19 | 'dir' => 'Enum#ltr,rtl', // required 20 | // The Abstract Module specification has the attribute 21 | // inclusions wrong for bdo: bdo allows Lang 22 | ) 23 | ); 24 | $bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir(); 25 | 26 | $this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl'; 27 | } 28 | 29 | } 30 | 31 | // vim: et sw=4 sts=4 32 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php: -------------------------------------------------------------------------------- 1 | addElement('marquee', 'Inline', 'Flow', 'Common', 15 | array( 16 | 'direction' => 'Enum#left,right,up,down', 17 | 'behavior' => 'Enum#alternate', 18 | 'width' => 'Length', 19 | 'height' => 'Length', 20 | 'scrolldelay' => 'Number', 21 | 'scrollamount' => 'Number', 22 | 'loop' => 'Number', 23 | 'bgcolor' => 'Color', 24 | 'hspace' => 'Pixels', 25 | 'vspace' => 'Pixels', 26 | ) 27 | ); 28 | 29 | } 30 | 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php: -------------------------------------------------------------------------------- 1 | attr = $attr; 24 | $this->css = $css; 25 | } 26 | 27 | public function transform($attr, $config, $context) { 28 | if (!isset($attr[$this->attr])) return $attr; 29 | unset($attr[$this->attr]); 30 | $this->prependCSS($attr, $this->css); 31 | return $attr; 32 | } 33 | 34 | } 35 | 36 | // vim: et sw=4 sts=4 37 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php: -------------------------------------------------------------------------------- 1 | addElement('ruby', 'Inline', 14 | 'Custom: ((rb, (rt | (rp, rt, rp))) | (rbc, rtc, rtc?))', 15 | 'Common'); 16 | $this->addElement('rbc', false, 'Required: rb', 'Common'); 17 | $this->addElement('rtc', false, 'Required: rt', 'Common'); 18 | $rb = $this->addElement('rb', false, 'Inline', 'Common'); 19 | $rb->excludes = array('ruby' => true); 20 | $rt = $this->addElement('rt', false, 'Inline', 'Common', array('rbspan' => 'Number')); 21 | $rt->excludes = array('ruby' => true); 22 | $this->addElement('rp', false, 'Optional: #PCDATA', 'Common'); 23 | } 24 | 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Optional.php: -------------------------------------------------------------------------------- 1 | whitespace) return $tokens_of_children; 20 | else return array(); 21 | } 22 | return $result; 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier.kses.php: -------------------------------------------------------------------------------- 1 | $attributes) { 15 | $allowed_elements[$element] = true; 16 | foreach ($attributes as $attribute => $x) { 17 | $allowed_attributes["$element.$attribute"] = true; 18 | } 19 | } 20 | $config->set('HTML.AllowedElements', $allowed_elements); 21 | $config->set('HTML.AllowedAttributes', $allowed_attributes); 22 | $allowed_schemes = array(); 23 | if ($allowed_protocols !== null) { 24 | $config->set('URI.AllowedSchemes', $allowed_protocols); 25 | } 26 | $purifier = new HTMLPurifier($config); 27 | return $purifier->purify($string); 28 | } 29 | 30 | // vim: et sw=4 sts=4 31 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php: -------------------------------------------------------------------------------- 1 | get('HTML.MaxImgLength'); 14 | $embed = $this->addElement( 15 | 'embed', 'Inline', 'Empty', 'Common', 16 | array( 17 | 'src*' => 'URI#embedded', 18 | 'type' => 'Enum#application/x-shockwave-flash', 19 | 'width' => 'Pixels#' . $max, 20 | 'height' => 'Pixels#' . $max, 21 | 'allowscriptaccess' => 'Enum#never', 22 | 'allownetworking' => 'Enum#internal', 23 | 'flashvars' => 'Text', 24 | 'wmode' => 'Enum#window', 25 | 'name' => 'ID', 26 | ) 27 | ); 28 | $embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeEmbed(); 29 | 30 | } 31 | 32 | } 33 | 34 | // vim: et sw=4 sts=4 35 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/TagTransform/Simple.php: -------------------------------------------------------------------------------- 1 | transform_to = $transform_to; 19 | $this->style = $style; 20 | } 21 | 22 | public function transform($tag, $config, $context) { 23 | $new_tag = clone $tag; 24 | $new_tag->name = $this->transform_to; 25 | if (!is_null($this->style) && 26 | ($new_tag instanceof HTMLPurifier_Token_Start || $new_tag instanceof HTMLPurifier_Token_Empty) 27 | ) { 28 | $this->prependCSS($new_tag->attr, $this->style); 29 | } 30 | return $new_tag; 31 | } 32 | 33 | } 34 | 35 | // vim: et sw=4 sts=4 36 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt: -------------------------------------------------------------------------------- 1 | HTML.Allowed 2 | TYPE: itext/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |
8 | This is a preferred convenience directive that combines
9 | %HTML.AllowedElements and %HTML.AllowedAttributes.
10 | Specify elements and attributes that are allowed using:
11 | element1[attr1|attr2],element2.... For example,
12 | if you would like to only allow paragraphs and links, specify
13 | a[href],p. You can specify attributes that apply
14 | to all elements using an asterisk, e.g. *[lang].
15 | You can also use newlines instead of commas to separate elements.
16 |
18 | Warning:
19 | All of the constraints on the component directives are still enforced.
20 | The syntax is a subset of TinyMCE's valid_elements
21 | whitelist: directly copy-pasting it here will probably result in
22 | broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
23 | are set, this directive has no effect.
24 |
7 | This directive enables secure checksum generation along with %URI.Munge. 8 | It should be set to a secure key that is not shared with anyone else. 9 | The checksum can be placed in the URI using %t. Use of this checksum 10 | affords an additional level of protection by allowing a redirector 11 | to check if a URI has passed through HTML Purifier with this line: 12 |
13 | 14 |$checksum === sha1($secret_key . ':' . $url)15 | 16 |
17 | If the output is TRUE, the redirector script should accept the URI. 18 |
19 | 20 |21 | Please note that it would still be possible for an attacker to procure 22 | secure hashes en-mass by abusing your website's Preview feature or the 23 | like, but this service affords an additional level of protection 24 | that should be combined with website blacklisting. 25 |
26 | 27 |28 | Remember this has no effect if %URI.Munge is not on. 29 |
30 | --# vim: et sw=4 sts=4 31 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php: -------------------------------------------------------------------------------- 1 | true, 15 | 'overline' => true, 16 | 'underline' => true, 17 | ); 18 | 19 | $string = strtolower($this->parseCDATA($string)); 20 | 21 | if ($string === 'none') return $string; 22 | 23 | $parts = explode(' ', $string); 24 | $final = ''; 25 | foreach ($parts as $part) { 26 | if (isset($allowed_values[$part])) { 27 | $final .= $part . ' '; 28 | } 29 | } 30 | $final = rtrim($final); 31 | if ($final === '') return false; 32 | return $final; 33 | 34 | } 35 | 36 | } 37 | 38 | // vim: et sw=4 sts=4 39 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php: -------------------------------------------------------------------------------- 1 | 100) return '100%'; 34 | 35 | return ((string) $points) . '%'; 36 | 37 | } 38 | 39 | } 40 | 41 | // vim: et sw=4 sts=4 42 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/StringHash.php: -------------------------------------------------------------------------------- 1 | accessed[$index] = true; 20 | return parent::offsetGet($index); 21 | } 22 | 23 | /** 24 | * Returns a lookup array of all array indexes that have been accessed. 25 | * @return Array in form array($index => true). 26 | */ 27 | public function getAccessed() { 28 | return $this->accessed; 29 | } 30 | 31 | /** 32 | * Resets the access array. 33 | */ 34 | public function resetAccessed() { 35 | $this->accessed = array(); 36 | } 37 | } 38 | 39 | // vim: et sw=4 sts=4 40 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/TagTransform.php: -------------------------------------------------------------------------------- 1 | data = $data; 26 | $this->is_whitespace = ctype_space($data); 27 | $this->line = $line; 28 | $this->col = $col; 29 | } 30 | 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php: -------------------------------------------------------------------------------- 1 | number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); 19 | } 20 | 21 | public function validate($string, $config, $context) { 22 | 23 | $string = $this->parseCDATA($string); 24 | 25 | if ($string === '') return false; 26 | $length = strlen($string); 27 | if ($length === 1) return false; 28 | if ($string[$length - 1] !== '%') return false; 29 | 30 | $number = substr($string, 0, $length - 1); 31 | $number = $this->number_def->validate($number, $config, $context); 32 | 33 | if ($number === false) return false; 34 | return "$number%"; 35 | 36 | } 37 | 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt: -------------------------------------------------------------------------------- 1 | Core.LexerImpl 2 | TYPE: mixed/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | This parameter determines what lexer implementation can be used. The 9 | valid values are: 10 |
11 |HTMLPurifier_Lexer.
30 | I may remove this option simply because I don't expect anyone
31 | to use it.
32 | 8 | This directive turns on auto-paragraphing, where double newlines are 9 | converted in to paragraphs whenever possible. Auto-paragraphing: 10 |
11 |
18 | p tags must be allowed for this directive to take effect.
19 | We do not use br tags for paragraphing, as that is
20 | semantically incorrect.
21 |
23 | To prevent auto-paragraphing as a content-producer, refrain from using
24 | double-newlines except to specify a new paragraph or in contexts where
25 | it has special meaning (whitespace usually has no meaning except in
26 | tags like pre, so this should not be difficult.) To prevent
27 | the paragraphing of inline text adjacent to block elements, wrap them
28 | in div tags (the behavior is slightly different outside of
29 | the root node.)
30 |
9 | If you would like users to be able to define external stylesheets, but
10 | only allow them to specify CSS declarations for a specific node and
11 | prevent them from fiddling with other elements, use this directive.
12 | It accepts any valid CSS selector, and will prepend this to any
13 | CSS declaration extracted from the document. For example, if this
14 | directive is set to #user-content and a user uses the
15 | selector a:hover, the final selector will be
16 | #user-content a:hover.
17 |
19 | The comma shorthand may be used; consider the above example, with
20 | #user-content, #user-content2, the final selector will
21 | be #user-content a:hover, #user-content2 a:hover.
22 |
24 | Warning: It is possible for users to bypass this measure 25 | using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML 26 | Purifier, and I am working to get it fixed. Until then, HTML Purifier 27 | performs a basic check to prevent this. 28 |
29 | --# vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksScope.txt: -------------------------------------------------------------------------------- 1 | FilterParam.ExtractStyleBlocksScope 2 | TYPE: string/null 3 | VERSION: 3.0.0 4 | DEFAULT: NULL 5 | ALIASES: Filter.ExtractStyleBlocksScope 6 | --DESCRIPTION-- 7 | 8 |
9 | If you would like users to be able to define external stylesheets, but
10 | only allow them to specify CSS declarations for a specific node and
11 | prevent them from fiddling with other elements, use this directive.
12 | It accepts any valid CSS selector, and will prepend this to any
13 | CSS declaration extracted from the document. For example, if this
14 | directive is set to #user-content and a user uses the
15 | selector a:hover, the final selector will be
16 | #user-content a:hover.
17 |
19 | The comma shorthand may be used; consider the above example, with
20 | #user-content, #user-content2, the final selector will
21 | be #user-content a:hover, #user-content2 a:hover.
22 |
24 | Warning: It is possible for users to bypass this measure 25 | using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML 26 | Purifier, and I am working to get it fixed. Until then, HTML Purifier 27 | performs a basic check to prevent this. 28 |
29 | --# vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php: -------------------------------------------------------------------------------- 1 | directives as $d) { 13 | $schema->add( 14 | $d->id->key, 15 | $d->default, 16 | $d->type, 17 | $d->typeAllowsNull 18 | ); 19 | if ($d->allowed !== null) { 20 | $schema->addAllowedValues( 21 | $d->id->key, 22 | $d->allowed 23 | ); 24 | } 25 | foreach ($d->aliases as $alias) { 26 | $schema->addAlias( 27 | $alias->key, 28 | $d->id->key 29 | ); 30 | } 31 | if ($d->valueAliases !== null) { 32 | $schema->addValueAliases( 33 | $d->id->key, 34 | $d->valueAliases 35 | ); 36 | } 37 | } 38 | $schema->postProcess(); 39 | return $schema; 40 | } 41 | 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt: -------------------------------------------------------------------------------- 1 | HTML.DefinitionID 2 | TYPE: string/null 3 | DEFAULT: NULL 4 | VERSION: 2.0.0 5 | --DESCRIPTION-- 6 | 7 |8 | Unique identifier for a custom-built HTML definition. If you edit 9 | the raw version of the HTMLDefinition, introducing changes that the 10 | configuration object does not reflect, you must specify this variable. 11 | If you change your custom edits, you should change this directive, or 12 | clear your cache. Example: 13 |
14 |
15 | $config = HTMLPurifier_Config::createDefault();
16 | $config->set('HTML', 'DefinitionID', '1');
17 | $def = $config->getHTMLDefinition();
18 | $def->addAttribute('a', 'tabindex', 'Number');
19 |
20 | 21 | In the above example, the configuration is still at the defaults, but 22 | using the advanced API, an extra attribute has been added. The 23 | configuration object normally has no way of knowing that this change 24 | has taken place, so it needs an extra directive: %HTML.DefinitionID. 25 | If someone else attempts to use the default configuration, these two 26 | pieces of code will not clobber each other in the cache, since one has 27 | an extra directive attached to it. 28 |
29 |30 | You must specify a value to this directive to use the 31 | advanced API features. 32 |
33 | --# vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php: -------------------------------------------------------------------------------- 1 | get('Core.RemoveInvalidImg')) return $attr; 19 | $attr['src'] = $config->get('Attr.DefaultInvalidImage'); 20 | $src = false; 21 | } 22 | 23 | if (!isset($attr['alt'])) { 24 | if ($src) { 25 | $alt = $config->get('Attr.DefaultImageAlt'); 26 | if ($alt === null) { 27 | // truncate if the alt is too long 28 | $attr['alt'] = substr(basename($attr['src']),0,40); 29 | } else { 30 | $attr['alt'] = $alt; 31 | } 32 | } else { 33 | $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); 34 | } 35 | } 36 | 37 | return $attr; 38 | 39 | } 40 | 41 | } 42 | 43 | // vim: et sw=4 sts=4 44 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Image.php: -------------------------------------------------------------------------------- 1 | get('HTML.MaxImgLength'); 15 | $img = $this->addElement( 16 | 'img', 'Inline', 'Empty', 'Common', 17 | array( 18 | 'alt*' => 'Text', 19 | // According to the spec, it's Length, but percents can 20 | // be abused, so we allow only Pixels. 21 | 'height' => 'Pixels#' . $max, 22 | 'width' => 'Pixels#' . $max, 23 | 'longdesc' => 'URI', 24 | 'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded 25 | ) 26 | ); 27 | if ($max === null || $config->get('HTML.Trusted')) { 28 | $img->attr['height'] = 29 | $img->attr['width'] = 'Length'; 30 | } 31 | 32 | // kind of strange, but splitting things up would be inefficient 33 | $img->attr_transform_pre[] = 34 | $img->attr_transform_post[] = 35 | new HTMLPurifier_AttrTransform_ImgRequired(); 36 | } 37 | 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | PHPIDS plugin for CakePHP 2 | ------------------------------ 3 | PHPIDS (PHP-Intrusion Detection System) is a state-of-the-art security layer for your PHP based web application written by Mario Heiderich. 4 | 5 | The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. PHPIDS is by far the best open source Intrusion Detection System for PHP right now. Don't forget to read its documentation to take full advantage of its power.(*) 6 | 7 | (*) Description from http://php-ids.org 8 | 9 | Official website: http://www.phpids.org/ 10 | 11 | 12 | INSTALLATION 13 | ------------------------------ 14 | 1. Copy the phpids plugin folder into your Cakephp plugins folder (app/plugins/) 15 | 2. Set up the database table where the intrusion alerts will be stored (Check phpids_intrusions.sql) 16 | 3. Configure your PHPIDS settings (phpids/config/Config.ini.php) 17 | 4. Add the following line to the actions you wish the IDS to monitor: 18 | 19 | $this->requestAction("/phpids/phpids_intrusions/detect"); 20 | 21 | to the actions you wish the IDS to monitor 22 | 23 | 24 | PHPIDS DOCUMENTATION 25 | ------------------------------ 26 | For additional documentation on PHPIDS visit [http://www.phpids.org] 27 | 28 | 29 | SUGGESTIONS 30 | ------------------------------ 31 | Feel free to contribute code to this plugin via Github: 32 | http://github.com/cldrn/cakephpids 33 | 34 | paulino@calderonpale.com 35 | -------------------------------------------------------------------------------- /phpids/vendors/phpids/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php: -------------------------------------------------------------------------------- 1 | max = $max; 13 | } 14 | 15 | public function validate($string, $config, $context) { 16 | 17 | $string = trim($string); 18 | if ($string === '0') return $string; 19 | if ($string === '') return false; 20 | $length = strlen($string); 21 | if (substr($string, $length - 2) == 'px') { 22 | $string = substr($string, 0, $length - 2); 23 | } 24 | if (!is_numeric($string)) return false; 25 | $int = (int) $string; 26 | 27 | if ($int < 0) return '0'; 28 | 29 | // upper-bound value, extremely high values can 30 | // crash operating systems, see