The word was: word; ?>.
4 | 5 | 6 | -------------------------------------------------------------------------------- /demos/hangman/protected/views/game/win.php: -------------------------------------------------------------------------------- 1 |The word was: word; ?>.
4 | 5 | 6 | -------------------------------------------------------------------------------- /framework/gii/generators/controller/ControllerGenerator.php: -------------------------------------------------------------------------------- 1 | breadcrumbs=array( 3 | 'Create Post', 4 | ); 5 | ?> 6 |This is the "about" page for my blog site.
-------------------------------------------------------------------------------- /demos/blog/protected/tests/unit/LookupTest.php: -------------------------------------------------------------------------------- 1 | 'Lookup', 7 | ); 8 | 9 | public function testCreate() 10 | { 11 | 12 | } 13 | } -------------------------------------------------------------------------------- /demos/blog/protected/views/layouts/column1.php: -------------------------------------------------------------------------------- 1 | beginContent('/layouts/main'); ?> 2 |8 | Whether or not to allow safe, proprietary CSS values. 9 |
10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt: -------------------------------------------------------------------------------- 1 | Test.ForceNoIconv 2 | TYPE: bool 3 | DEFAULT: false 4 | --DESCRIPTION-- 5 | When set to true, HTMLPurifier_Encoder will act as if iconv does not exist 6 | and use only pure PHP implementations. 7 | --# vim: et sw=4 sts=4 8 | -------------------------------------------------------------------------------- /demos/hangman/protected/config/main.php: -------------------------------------------------------------------------------- 1 | 'Hangman Game', 5 | 'defaultController'=>'game', 6 | 'components'=>array( 7 | 'urlManager'=>array( 8 | 'urlFormat'=>'path', 9 | 'rules'=>array( 10 | 'game/guess/8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | URI.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.1.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedClasses 2 | TYPE: lookup/null 3 | VERSION: 4.0.0 4 | DEFAULT: null 5 | --DESCRIPTION-- 6 | List of allowed class values in the class attribute. By default, this is null, 7 | which means all classes are allowed. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /demos/blog/protected/tests/fixtures/tbl_lookup.php: -------------------------------------------------------------------------------- 1 | array( 6 | 'name' => '', 7 | 'code' => '', 8 | 'type' => '', 9 | 'position' => '', 10 | ), 11 | 'sample2'=>array( 12 | 'name' => '', 13 | 'code' => '', 14 | 'type' => '', 15 | 'position' => '', 16 | ), 17 | */ 18 | ); 19 | -------------------------------------------------------------------------------- /framework/gii/views/common/diff.php: -------------------------------------------------------------------------------- 1 | 2 |8 | Unique identifier for a custom-built URI definition. If you want 9 | to add custom URIFilters, you must specify this value. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt: -------------------------------------------------------------------------------- 1 | Attr.AllowedRev 2 | TYPE: lookup 3 | VERSION: 1.6.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of allowed reverse document relationships in the rev attribute. This 7 | attribute is a bit of an edge-case; if you don't know what it is for, stay 8 | away. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt: -------------------------------------------------------------------------------- 1 | Attr.ForbiddenClasses 2 | TYPE: lookup 3 | VERSION: 4.0.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 | List of forbidden class values in the class attribute. By default, this is 7 | empty, which means that no classes are forbidden. See also %Attr.AllowedClasses. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /framework/cli/views/webapp/protected/views/site/pages/about.php: -------------------------------------------------------------------------------- 1 | pageTitle=Yii::app()->name . ' - About'; 5 | $this->breadcrumbs=array( 6 | 'About', 7 | ); 8 | ?> 9 |This is a "static" page. You may change the content of this page
12 | by updating the file .
Please enter your password
4 | 5 | passwordField($model,'password'); ?> 6 | error($model,'password'); ?> 7 | 8 | 9 | 10 | endWidget(); ?> 11 |7 | Whether or not to permit script tags to external scripts in documents. 8 | Inline scripting is not allowed, and the script must match an explicit whitelist. 9 |
10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt: -------------------------------------------------------------------------------- 1 | Output.FlashCompat 2 | TYPE: bool 3 | VERSION: 4.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | If true, HTML Purifier will generate Internet Explorer compatibility 8 | code for all object code. This is highly recommended if you enable 9 | %HTML.SafeObject. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /demos/blog/protected/tests/phpunit.xml: -------------------------------------------------------------------------------- 1 |4 | You may use the following generators to quickly build up your Yii application: 5 |
6 |
8 | This directive turns on linkification, auto-linking http, ftp and
9 | https URLs. a tags with the href attribute
10 | must be allowed.
11 |
7 | By default, HTML Purifier removes duplicate CSS properties,
8 | like color:red; color:blue. If this is set to
9 | true, duplicate properties are allowed.
10 |
8 | Disables all URIs in all forms. Not sure why you'd want to do that 9 | (after all, the Internet's founded on the notion of a hyperlink). 10 |
11 | 12 | --ALIASES-- 13 | Attr.DisableURI 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css: -------------------------------------------------------------------------------- 1 | 2 | .hp-config {} 3 | 4 | .hp-config tbody th {text-align:right; padding-right:0.5em;} 5 | .hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;} 6 | .hp-config .namespace th {text-align:center;} 7 | .hp-config .verbose {display:none;} 8 | .hp-config .controls {text-align:center;} 9 | 10 | /* vim: et sw=4 sts=4 */ 11 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt: -------------------------------------------------------------------------------- 1 | Core.Language 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'en' 5 | --DESCRIPTION-- 6 | 7 | ISO 639 language code for localizable things in HTML Purifier to use, 8 | which is mainly error reporting. There is currently only an English (en) 9 | translation, so this directive is currently useless. 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt: -------------------------------------------------------------------------------- 1 | Core.NormalizeNewlines 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |
7 | Whether or not to normalize newlines to the operating
8 | system default. When false, HTML Purifier
9 | will attempt to preserve mixed newline files.
10 |
9 | This directive enables HTML Purifier to remove not only script tags 10 | but all of their contents. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt: -------------------------------------------------------------------------------- 1 | HTML.FlashAllowFullScreen 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | Whether or not to permit embedded Flash content from
8 | %HTML.SafeObject to expand to the full screen. Corresponds to
9 | the allowFullScreen parameter.
10 |
8 | This directive can be used to add custom auto-format injectors. 9 | Specify an array of injector names (class name minus the prefix) 10 | or concrete implementations. Injector class must exist. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt: -------------------------------------------------------------------------------- 1 | Filter.Custom 2 | TYPE: list 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |
7 | This directive can be used to add custom filters; it is nearly the
8 | equivalent of the now deprecated HTMLPurifier->addFilter()
9 | method. Specify an array of concrete implementations.
10 |
8 | String name of element that HTML fragment passed to library will be 9 | inserted in. An interesting variation would be using span as the 10 | parent element, meaning that only inline tags would be allowed. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/cli/views/webapp/protected/config/test.php: -------------------------------------------------------------------------------- 1 | array( 7 | 'fixture'=>array( 8 | 'class'=>'system.test.CDbFixtureManager', 9 | ), 10 | /* uncomment the following to provide test database connection 11 | 'db'=>array( 12 | 'connectionString'=>'DSN for test database', 13 | ), 14 | */ 15 | ), 16 | ) 17 | ); 18 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImage 2 | TYPE: string 3 | DEFAULT: '' 4 | --DESCRIPTION-- 5 | This is the default image an img tag will be pointed to if it does not have 6 | a valid src attribute. In future versions, we may allow the image tag to 7 | be removed completely, but due to design issues, this is not possible right 8 | now. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveSpansWithoutAttributes 2 | TYPE: bool 3 | VERSION: 4.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | This directive causes span tags without any attributes
8 | to be removed. It will also remove spans that had all attributes
9 | removed during processing.
10 |
7 | This directive turns on the in-text display of URIs in <a> tags, and disables 8 | those links. For example, example becomes 9 | example (http://example.com). 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.PurifierLinkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | Internal auto-formatter that converts configuration directives in
9 | syntax %Namespace.Directive to links. a tags
10 | with the href attribute must be allowed.
11 |
7 | Whether or not to permit form elements in the user input, regardless of 8 | %HTML.Trusted value. Please be very careful when using this functionality, as 9 | enabling forms in untrusted documents may allow for phishing attacks. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.OverrideAllowedSchemes 2 | TYPE: bool 3 | DEFAULT: true 4 | --DESCRIPTION-- 5 | If this is set to true (which it is by default), you can override 6 | %URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the 7 | registry. If false, you will also have to update that directive in order 8 | to add more schemes. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /demos/blog/protected/yiic.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem ------------------------------------------------------------- 4 | rem Yii command line script for Windows. 5 | rem This is the bootstrap script for running yiic on Windows. 6 | rem ------------------------------------------------------------- 7 | 8 | @setlocal 9 | 10 | set BIN_PATH=%~dp0 11 | 12 | if "%PHP_COMMAND%" == "" set PHP_COMMAND=php.exe 13 | 14 | %PHP_COMMAND% "%BIN_PATH%yiic.php" %* 15 | 16 | @endlocal -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt: -------------------------------------------------------------------------------- 1 | Core.AllowParseManyTags 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.10.1 5 | --DESCRIPTION-- 6 |7 | This directive allows parsing of many nested tags. 8 | If you set true, relaxes any hardcoded limit from the parser. 9 | However, in that case it may cause a Dos attack. 10 | Be careful when enabling it. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/cli/views/webapp/protected/config/database.php: -------------------------------------------------------------------------------- 1 | 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db', 6 | // uncomment the following lines to use a MySQL database 7 | /* 8 | 'connectionString' => 'mysql:host=localhost;dbname=testdrive', 9 | 'emulatePrepare' => true, 10 | 'username' => 'root', 11 | 'password' => '', 12 | 'charset' => 'utf8', 13 | */ 14 | ); -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt: -------------------------------------------------------------------------------- 1 | HTML.Proprietary 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | Whether or not to allow proprietary elements and attributes in your
8 | documents, as per HTMLPurifier_HTMLModule_Proprietary.
9 | Warning: This can cause your documents to stop
10 | validating!
11 |
8 | This directive enables pre-emptive URI checking in img
9 | tags, as the attribute validation strategy is not authorized to
10 | remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
11 |
8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /demos/blog/protected/tests/fixtures/tbl_comment.php: -------------------------------------------------------------------------------- 1 | array( 6 | 'content' => '', 7 | 'status' => '', 8 | 'create_time' => '', 9 | 'author' => '', 10 | 'email' => '', 11 | 'url' => '', 12 | 'post_id' => '', 13 | ), 14 | 'sample2'=>array( 15 | 'content' => '', 16 | 'status' => '', 17 | 'create_time' => '', 18 | 'author' => '', 19 | 'email' => '', 20 | 'url' => '', 21 | 'post_id' => '', 22 | ), 23 | */ 24 | ); 25 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedFonts 2 | TYPE: lookup/null 3 | VERSION: 4.3.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |
7 | Allows you to manually specify a set of allowed fonts. If
8 | NULL, all fonts are allowed. This directive
9 | affects generic names (serif, sans-serif, monospace, cursive,
10 | fantasy) as well as specific font families.
11 |
8 | Newline string to format final output with. If left null, HTML Purifier 9 | will auto-detect the default newline type of the system and use that; 10 | you can manually override it here. Remember, \r\n is Windows, \r 11 | is Mac, and \n is Unix. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/i18n/data/README.txt: -------------------------------------------------------------------------------- 1 | 2 | CLDR v23.1 (May 15, 2013) 3 | 4 | This directory contains the CLDR data files in form of PHP scripts. 5 | They are obtained by extracting the CLDR data (https://unicode.org/Public/cldr/23.1/) 6 | with the script "build/build cldr". 7 | 8 | Only the data relevant to date and number formatting are extracted. 9 | Each PHP file contains an array representing the data for a particular 10 | locale. Data inherited from parent locales are also in the array. 11 | -------------------------------------------------------------------------------- /framework/views/ru/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demos/hangman/protected/views/game/play.php: -------------------------------------------------------------------------------- 1 |This is the game of Hangman. You must guess a word, a letter at a time. 2 | If you make too many mistakes, you lose the game!
3 | 4 | 5 | 6 | 7 | 8 |9 | This is the view content for action "action->id; ?>". 10 | The action belongs to the controller "" in the "module->id; ?>" module. 11 |
12 |13 | You may customize this page by editing 14 |
-------------------------------------------------------------------------------- /framework/views/da/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/he/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/ja/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/no/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/zh_cn/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/ca/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/el/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/es/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/fr/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/id/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/ko/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/ro/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/sk/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/vi/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt: -------------------------------------------------------------------------------- 1 | Attr.ID.HTML5 2 | TYPE: bool/null 3 | DEFAULT: null 4 | VERSION: 4.8.0 5 | --DESCRIPTION-- 6 | In HTML5, restrictions on the format of the id attribute have been significantly 7 | relaxed, such that any string is valid so long as it contains no spaces and 8 | is at least one character. In lieu of a general HTML5 compatibility flag, 9 | set this configuration directive to true to use the relaxed rules. 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions 2 | TYPE: lookup 3 | VERSION: 4.0.0 4 | DEFAULT: array('td' => true, 'th' => true) 5 | --DESCRIPTION-- 6 |7 | When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp 8 | are enabled, this directive defines what HTML elements should not be 9 | removede if they have only a non-breaking space in them. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/views/ar/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/lt/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/zh_tw/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/base/CException.php: -------------------------------------------------------------------------------- 1 | 6 | * @link https://www.yiiframework.com/ 7 | * @copyright 2008-2013 Yii Software LLC 8 | * @license https://www.yiiframework.com/license/ 9 | */ 10 | 11 | /** 12 | * CException represents a generic exception for all purposes. 13 | * 14 | * @author Qiang Xue8 | Converts all URIs into absolute forms. This is useful when the HTML 9 | being filtered assumes a specific base path, but will actually be 10 | viewed in a different context (and setting an alternate base URI is 11 | not possible). %URI.Base must be set for this directive to work. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/views/bg/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | 20 | -------------------------------------------------------------------------------- /framework/views/hr/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/nl/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/pt_br/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeIframe 2 | TYPE: bool 3 | VERSION: 4.4.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit iframe tags in untrusted documents. This 8 | directive must be accompanied by a whitelist of permitted iframes, 9 | such as %URI.SafeIframeRegexp, otherwise it will fatally error. 10 | This directive has no effect on strict doctypes, as iframes are not 11 | valid. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/cli/views/webapp/index.php: -------------------------------------------------------------------------------- 1 | run(); 14 | -------------------------------------------------------------------------------- /framework/views/it/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveProcessingInstructions 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Instead of escaping processing instructions in the form<? ...
7 | ?>, remove it out-right. This may be useful if the HTML
8 | you are validating contains XML processing instruction gunk, however,
9 | it can also be user-unfriendly for people attempting to post PHP
10 | snippets.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/demos/blog/index-test.php:
--------------------------------------------------------------------------------
1 | run();
16 |
--------------------------------------------------------------------------------
/framework/cli/views/shell/model/test.php:
--------------------------------------------------------------------------------
1 |
9 |
10 |
11 | class Test extends CDbTestCase
12 | {
13 | public $fixtures=array(
14 | ''=>'',
15 | );
16 |
17 | public function testCreate()
18 | {
19 |
20 | }
21 | }
--------------------------------------------------------------------------------
/framework/views/lv/profile-callstack-firebug.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demos/phonebook/flex/.project:
--------------------------------------------------------------------------------
1 |
2 | 7 | Defines through what scheme the output will be served, in order to 8 | select the proper object validator when no scheme information is present. 9 |
10 | 11 |12 | Starting with HTML Purifier 4.9.0, the default scheme can be null, in 13 | which case we reject all URIs which do not have explicit schemes. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /framework/views/de/profile-callstack-firebug.php: -------------------------------------------------------------------------------- 1 | 20 | -------------------------------------------------------------------------------- /framework/cli/views/webapp/index-test.php: -------------------------------------------------------------------------------- 1 | run(); 16 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt: -------------------------------------------------------------------------------- 1 | Core.CollectErrors 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 | Whether or not to collect errors found while filtering the document. This 8 | is a useful way to give feedback to your users. Warning: 9 | Currently this feature is very patchy and experimental, with lots of 10 | possible error messages not yet implemented. It will not cause any 11 | problems, but it may not help your users either. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt: -------------------------------------------------------------------------------- 1 | Cache.SerializerPermissions 2 | TYPE: int/null 3 | VERSION: 4.3.0 4 | DEFAULT: 0755 5 | --DESCRIPTION-- 6 | 7 |8 | Directory permissions of the files and directories created inside 9 | the DefinitionCache/Serializer or other custom serializer path. 10 |
11 |
12 | In HTML Purifier 4.8.0, this also supports NULL,
13 | which means that no chmod'ing or directory creation shall
14 | occur.
15 |
7 | Whether or not to permit object tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to object tags. You should also enable 10 | %Output.FlashCompat in order to generate Internet Explorer 11 | compatibility code for your object tags. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableResources 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Disables embedding resources, essentially meaning no pictures. You can 8 | still link to them though. See %URI.DisableExternalResources for why 9 | this might be a good idea. 10 |
11 |12 | Note: While this directive has been available since 1.3.0, 13 | it didn't actually start doing anything until 4.2.0. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /demos/blog/protected/components/TagCloud.php: -------------------------------------------------------------------------------- 1 | findTagWeights($this->maxTags); 13 | 14 | foreach($tags as $tag=>$weight) 15 | { 16 | $link=CHtml::link(CHtml::encode($tag), array('post/index','tag'=>$tag)); 17 | echo CHtml::tag('span', array( 18 | 'class'=>'tag', 19 | 'style'=>"font-size:{$weight}pt", 20 | ), $link)."\n"; 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowTricky 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 3.1.0 5 | --DESCRIPTION-- 6 | This parameter determines whether or not to allow "tricky" CSS properties and 7 | values. Tricky CSS properties/values can drastically modify page layout or 8 | be used for deceptive practices but do not directly constitute a security risk. 9 | For example,display:none; is considered a tricky property that
10 | will only be allowed if this directive is set to true.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt:
--------------------------------------------------------------------------------
1 | Core.ConvertDocumentToFragment
2 | TYPE: bool
3 | DEFAULT: true
4 | --DESCRIPTION--
5 |
6 | This parameter determines whether or not the filter should convert
7 | input that is a full document with html and body tags to a fragment
8 | of just the contents of a body tag. This parameter is simply something
9 | HTML Purifier can do during an edge-case: for most inputs, this
10 | processing is not necessary.
11 |
12 | --ALIASES--
13 | Core.AcceptFullDocuments
14 | --# vim: et sw=4 sts=4
15 |
--------------------------------------------------------------------------------
/framework/web/widgets/captcha/SpicyRice.md:
--------------------------------------------------------------------------------
1 | ## Spicy Rice font
2 |
3 | * **Author:** Brian J. Bonislawsky, Astigmatic (AOETI, Astigmatic One Eye Typographic Institute)
4 | * **License:** SIL Open Font License (OFL), version 1.1, [notes and FAQ](https://scripts.sil.org/OFL)
5 |
6 | ## Links
7 |
8 | * [Astigmatic](http://www.astigmatic.com/)
9 | * [Google WebFonts](https://www.google.com/webfonts/specimen/Spicy+Rice)
10 | * [fontsquirrel.com](https://www.fontsquirrel.com/fonts/spicy-rice)
11 | * [fontspace.com](https://www.fontspace.com/astigmatic-one-eye-typographic-institute/spicy-rice)
12 |
--------------------------------------------------------------------------------
/framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt:
--------------------------------------------------------------------------------
1 | HTML.Doctype
2 | TYPE: string/null
3 | DEFAULT: NULL
4 | --DESCRIPTION--
5 | Doctype to use during filtering. Technically speaking this is not actually
6 | a doctype (as it does not identify a corresponding DTD), but we are using
7 | this name for sake of simplicity. When non-blank, this will override any
8 | older directives like %HTML.XHTML or %HTML.Strict.
9 | --ALLOWED--
10 | 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt:
--------------------------------------------------------------------------------
1 | Attr.IDPrefix
2 | TYPE: string
3 | VERSION: 1.2.0
4 | DEFAULT: ''
5 | --DESCRIPTION--
6 | String to prefix to IDs. If you have no idea what IDs your pages may use,
7 | you may opt to simply add a prefix to all user-submitted ID attributes so
8 | that they are still usable, but will not conflict with core page IDs.
9 | Example: setting the directive to 'user_' will result in a user submitted
10 | 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
11 | before using this.
12 | --# vim: et sw=4 sts=4
13 |
--------------------------------------------------------------------------------
/framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt:
--------------------------------------------------------------------------------
1 | Core.DisableExcludes
2 | TYPE: bool
3 | DEFAULT: false
4 | VERSION: 4.5.0
5 | --DESCRIPTION--
6 |
7 | This directive disables SGML-style exclusions, e.g. the exclusion of
8 | <object> in any descendant of a
9 | <pre> tag. Disabling excludes will allow some
10 | invalid documents to pass through HTML Purifier, but HTML Purifier
11 | will also be less likely to accidentally remove large documents during
12 | processing.
13 |
7 | This is the logical inverse of %CSS.AllowedProperties, and it will 8 | override that directive or any other directive. If possible, 9 | %CSS.AllowedProperties is recommended over this directive, 10 | because it can sometimes be difficult to tell whether or not you've 11 | forbidden all of the CSS properties you truly would like to disallow. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt: -------------------------------------------------------------------------------- 1 | HTML.Attr.Name.UseCDATA 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.0.0 5 | --DESCRIPTION-- 6 | The W3C specification DTD defines the name attribute to be CDATA, not ID, due 7 | to limitations of DTD. In certain documents, this relaxed behavior is desired, 8 | whether it is to specify duplicate names, or to specify names that would be 9 | illegal IDs (for example, names that begin with a digit.) Set this configuration 10 | directive to true to use the relaxed parsing rules. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /demos/phonebook/protected/config/main.php: -------------------------------------------------------------------------------- 1 | dirname(__FILE__).DIRECTORY_SEPARATOR.'..', 7 | 'name'=>'Yii Framework: Phone Book Demo', 8 | 9 | // autoloading model and component classes 10 | 'import'=>array( 11 | 'application.models.*', 12 | 'application.components.*', 13 | ), 14 | 15 | // application components 16 | 'components'=>array( 17 | 'db'=>array( 18 | 'connectionString'=>'sqlite:protected/data/phonebook.db', 19 | ), 20 | ), 21 | ); -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultImageAlt 2 | TYPE: string/null 3 | DEFAULT: null 4 | VERSION: 3.2.0 5 | --DESCRIPTION-- 6 | This is the content of the alt tag of an image if the user had not 7 | previously specified an alt attribute. This applies to all images without 8 | a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which 9 | only applies to invalid images, and overrides in the case of an invalid image. 10 | Default behavior with null is to use the basename of the src tag for the alt. 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp 2 | TYPE: bool 3 | VERSION: 4.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | When enabled, HTML Purifier will treat any elements that contain only 8 | non-breaking spaces as well as regular whitespace as empty, and remove 9 | them when %AutoFormat.RemoveEmpty is enabled. 10 |
11 |12 | See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements 13 | that don't have this behavior applied to them. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeEmbed 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit embed tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to embed tags. Embed is a proprietary 10 | element and will cause your website to stop validating; you should 11 | see if you can use %Output.FlashCompat with %HTML.SafeObject instead 12 | first.
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | HTML.MaxImgLength 2 | TYPE: int/null 3 | DEFAULT: 1200 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |
7 | This directive controls the maximum number of pixels in the width and
8 | height attributes in img tags. This is
9 | in place to prevent imagecrash attacks, disable with null at your own risk.
10 | This directive is similar to %CSS.MaxImgLength, and both should be
11 | concurrently edited, although there are
12 | subtle differences in the input format (the HTML max is an integer).
13 |
Warning: this configuration option is no longer does anything as of 4.6.0.
6 | 7 |When true, a child is found that is not allowed in the context of the 8 | parent element will be transformed into text as if it were ASCII. When 9 | false, that element and all internal tags will be dropped, though text will 10 | be preserved. There is no option for dropping the element but preserving 11 | child nodes.
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt: -------------------------------------------------------------------------------- 1 | Filter.ExtractStyleBlocks.Escaping 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: true 5 | ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping 6 | --DESCRIPTION-- 7 | 8 |9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |
14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt: -------------------------------------------------------------------------------- 1 | Filter.YouTube 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Warning: Deprecated in favor of %HTML.SafeObject and 8 | %Output.FlashCompat (turn both on to allow YouTube videos and other 9 | Flash content). 10 |
11 |12 | This directive enables YouTube video embedding in HTML Purifier. Check 13 | this document 14 | on embedding videos for more information on what this filter does. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.AllowedSchemes 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'http' => true, 6 | 'https' => true, 7 | 'mailto' => true, 8 | 'ftp' => true, 9 | 'nntp' => true, 10 | 'news' => true, 11 | 'tel' => true, 12 | ) 13 | --DESCRIPTION-- 14 | Whitelist that defines the schemes that a URI is allowed to have. This 15 | prevents XSS attacks from using pseudo-schemes like javascript or mocha. 16 | There is also support for thedata and file
17 | URI schemes, but they are not enabled by default.
18 | --# vim: et sw=4 sts=4
19 |
--------------------------------------------------------------------------------
/demos/hangman/protected/views/game/guess.php:
--------------------------------------------------------------------------------
1 | You have made misses; ?> bad guesses out of a maximum of level; ?>.
6 | 7 | 8 | 9 |Guess: 10 | isGuessed(chr($i))) 14 | echo "\n".CHtml::linkButton(chr($i),array('submit'=>array('guess','g'=>chr($i)))); 15 | } 16 | ?> 17 |
18 | 19 |array('giveup'))); ?>
20 | 21 | 22 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt: -------------------------------------------------------------------------------- 1 | Output.SortAttr 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will sort attributes by name before writing them back
8 | to the document, converting a tag like: <el b="" a="" c="" />
9 | to <el a="" b="" c="" />. This is a workaround for
10 | a bug in FCKeditor which causes it to swap attributes order, adding noise
11 | to text diffs. If you're not seeing this bug, chances are, you don't need
12 | this directive.
13 |
11 | This is the view content for action " echo $this->action->id; ?>". 12 | The action belongs to the controller " echo get_class($this); ?>" 13 | in the " echo $this->module->id; ?>" module. 14 |
15 |16 | You may customize this page by editing echo __FILE__; ?> 17 |
-------------------------------------------------------------------------------- /demos/blog/protected/config/test.php: -------------------------------------------------------------------------------- 1 | array( 7 | 'fixture'=>array( 8 | 'class'=>'system.test.CDbFixtureManager', 9 | ), 10 | 'db'=>array( 11 | 'connectionString'=>'sqlite:'.dirname(__FILE__).'/../data/blog-test.db', 12 | ), 13 | // uncomment the following to use a MySQL database 14 | /* 15 | 'db'=>array( 16 | 'connectionString' => 'mysql:host=localhost;dbname=blog-test', 17 | 'emulatePrepare' => true, 18 | 'username' => 'root', 19 | 'password' => '', 20 | 'charset' => 'utf8', 21 | ), 22 | */ 23 | ), 24 | ) 25 | ); 26 | -------------------------------------------------------------------------------- /framework/yiic.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem ------------------------------------------------------------- 4 | rem Yii command line script for Windows. 5 | rem 6 | rem This is the bootstrap script for running yiic on Windows. 7 | rem 8 | rem @author Qiang Xue8 | Revision identifier for your custom definition specified in 9 | %HTML.DefinitionID. This serves the same purpose: uniquely identifying 10 | your custom definition, but this one does so in a chronological 11 | context: revision 3 is more up-to-date then revision 2. Thus, when 12 | this gets incremented, the cache handling is smart enough to clean 13 | up any older revisions of your definition as well as flush the 14 | cache. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /framework/views/ja/log-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/zh_cn/log-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/zh_cn/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/views/zh_tw/log-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/gii/components/UserIdentity.php: -------------------------------------------------------------------------------- 1 | getController()->getModule()->password; 13 | if($password===null) 14 | throw new CException('Please configure the "password" property of the "gii" module.'); 15 | elseif($password===false || $password===$this->password) 16 | $this->errorCode=self::ERROR_NONE; 17 | else 18 | $this->errorCode=self::ERROR_UNKNOWN_IDENTITY; 19 | return !$this->errorCode; 20 | } 21 | } -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt: -------------------------------------------------------------------------------- 1 | Output.FixInnerHTML 2 | TYPE: bool 3 | VERSION: 4.3.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will protect against Internet Explorer's
8 | mishandling of the innerHTML attribute by appending
9 | a space to any attribute that does not contain angled brackets, spaces
10 | or quotes, but contains a backtick. This slightly changes the
11 | semantics of any given attribute, so if this is unacceptable and
12 | you do not use innerHTML on any of your pages, you can
13 | turn this directive off.
14 |
8 | If true, HTML Purifier will add line number information to all tokens. 9 | This is useful when error reporting is turned on, but can result in 10 | significant performance degradation and should not be used when 11 | unnecessary. This directive must be used with the DirectLex lexer, 12 | as the DOMLex lexer does not (yet) support this functionality. 13 | If the value is null, an appropriate value will be selected based 14 | on other configuration. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /framework/views/nl/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/pl/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/views/pt/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/views/pt_br/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/views/sv/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt: -------------------------------------------------------------------------------- 1 | HTML.BlockWrapper 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'p' 5 | --DESCRIPTION-- 6 | 7 |8 | String name of element to wrap inline elements that are inside a block 9 | context. This only occurs in the children of blockquote in strict mode. 10 |
11 |
12 | Example: by default value,
13 | <blockquote>Foo</blockquote> would become
14 | <blockquote><p>Foo</p></blockquote>.
15 | The <p> tags can be replaced with whatever you desire,
16 | as long as it is a block level element.
17 |
7 | This directive enables aggressive pre-filter removal of 8 | script tags. This is not necessary for security, 9 | but it can help work around a bug in libxml where embedded 10 | HTML elements inside script sections cause the parser to 11 | choke. To revert to pre-4.9.0 behavior, set this to false. 12 | This directive has no effect if %Core.Trusted is true, 13 | %Core.RemoveScriptContents is false, or %Core.HiddenElements 14 | does not contain script. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt: -------------------------------------------------------------------------------- 1 | Core.AllowHostnameUnderscore 2 | TYPE: bool 3 | VERSION: 4.6.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | By RFC 1123, underscores are not permitted in host names. 8 | (This is in contrast to the specification for DNS, RFC 9 | 2181, which allows underscores.) 10 | However, most browsers do the right thing when faced with 11 | an underscore in the host name, and so some poorly written 12 | websites are written with the expectation this should work. 13 | Setting this parameter to true relaxes our allowed character 14 | check so that underscores are permitted. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /framework/views/lv/log-firebug.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /framework/views/nl/log-firebug.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /framework/db/schema/oci/COciTableSchema.php: -------------------------------------------------------------------------------- 1 | 6 | * @link https://www.yiiframework.com/ 7 | * @copyright 2008-2013 Yii Software LLC 8 | * @license https://www.yiiframework.com/license/ 9 | */ 10 | 11 | /** 12 | * COciTableSchema represents the metadata for an Oracle table. 13 | * 14 | * @author Ricardo Grana
11 | This directive is a lookup array of elements which should have their
12 | contents removed when they are not allowed by the HTML definition.
13 | For example, the contents of a script tag are not
14 | normally shown in a document, so if script tags are to be removed,
15 | their contents should be removed to. This is opposed to a b
16 | tag, which defines some presentational changes but does not hide its
17 | contents.
18 |
8 | If left NULL, HTML Purifier will attempt to instantiate a csstidy
9 | class to use for internal cleaning. This will usually be good enough.
10 |
12 | However, for trusted user input, you can set this to false to
13 | disable cleaning. In addition, you can supply your own concrete implementation
14 | of Tidy's interface to use, although I don't know why you'd want to do that.
15 |
7 | If true, any URI munging directives like %URI.Munge
8 | will also apply to embedded resources, such as <img src="">.
9 | Be careful enabling this directive if you have a redirector script
10 | that does not use the Location HTTP header; all of your images
11 | and other embedded resources will break.
12 |
14 | Warning: It is strongly advised you use this in conjunction 15 | %URI.MungeSecretKey to mitigate the security risk of an open redirector. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedProperties 2 | TYPE: lookup/null 3 | VERSION: 3.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | If HTML Purifier's style attributes set is unsatisfactory for your needs, 9 | you can overload it with your own list of tags to allow. Note that this 10 | method is subtractive: it does its job by taking away from HTML Purifier 11 | usual feature set, so you cannot add an attribute that HTML Purifier never 12 | supported in the first place. 13 |
14 |15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /framework/vendors/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | CSS.MaxImgLength 2 | TYPE: string/null 3 | DEFAULT: '1200px' 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |
7 | This parameter sets the maximum allowed length on img tags,
8 | effectively the width and height properties.
9 | Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
10 | in place to prevent imagecrash attacks, disable with null at your own risk.
11 | This directive is similar to %HTML.MaxImgLength, and both should be
12 | concurrently edited, although there are
13 | subtle differences in the input format (the CSS max is a number with
14 | a unit).
15 |
8 | If HTML Purifier's attribute set is unsatisfactory, overload it! 9 | The syntax is "tag.attr" or "*.attr" for the global attributes 10 | (style, id, class, dir, lang, xml:lang). 11 |
12 |13 | Warning: If another directive conflicts with the 14 | elements here, that directive will win and override. For 15 | example, %HTML.EnableAttrID will take precedence over *.id in this 16 | directive. You must set that directive to true before you can use 17 | IDs at all. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /framework/views/de/profile-summary-firebug.php: -------------------------------------------------------------------------------- 1 | 24 | -------------------------------------------------------------------------------- /framework/db/schema/cubrid/CCubridTableSchema.php: -------------------------------------------------------------------------------- 1 | 6 | * @link https://www.yiiframework.com/ 7 | * @copyright 2008-2013 Yii Software LLC 8 | * @license https://www.yiiframework.com/license/ 9 | */ 10 | 11 | /** 12 | * CCubridTableSchema represents the metadata for a CUBRID database table. 13 | * 14 | * @author Esen Sagynov
7 | Given that an element has no contents, it will be removed by default, unless
8 | this predicate dictates otherwise. The predicate can either be an associative
9 | map from tag name to list of attributes that must be present for the element
10 | to be considered preserved: thus, the default always preserves colgroup,
11 | th and td, and also iframe if it
12 | has a src.
13 |