[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  // if want to implement error collecting here, we'll need to use some sort
   4  // of global data (probably trigger_error) because it's impossible to pass
   5  // $config or $context to the callback functions.
   6  
   7  /**
   8   * Handles referencing and derefencing character entities
   9   */
  10  class HTMLPurifier_EntityParser
  11  {
  12  
  13      /**
  14       * Reference to entity lookup table.
  15       * @type HTMLPurifier_EntityLookup
  16       */
  17      protected $_entity_lookup;
  18  
  19      /**
  20       * Callback regex string for parsing entities.
  21       * @type string
  22       */
  23      protected $_substituteEntitiesRegex =
  24          '/&(?:[#]x([a-fA-F0-9]+)|[#]0*(\d+)|([A-Za-z_:][A-Za-z0-9.\-_:]*));?/';
  25          //     1. hex             2. dec      3. string (XML style)
  26  
  27      /**
  28       * Decimal to parsed string conversion table for special entities.
  29       * @type array
  30       */
  31      protected $_special_dec2str =
  32              array(
  33                      34 => '"',
  34                      38 => '&',
  35                      39 => "'",
  36                      60 => '<',
  37                      62 => '>'
  38              );
  39  
  40      /**
  41       * Stripped entity names to decimal conversion table for special entities.
  42       * @type array
  43       */
  44      protected $_special_ent2dec =
  45              array(
  46                      'quot' => 34,
  47                      'amp'  => 38,
  48                      'lt'   => 60,
  49                      'gt'   => 62
  50              );
  51  
  52      /**
  53       * Substitutes non-special entities with their parsed equivalents. Since
  54       * running this whenever you have parsed character is t3h 5uck, we run
  55       * it before everything else.
  56       *
  57       * @param string $string String to have non-special entities parsed.
  58       * @return string Parsed string.
  59       */
  60      public function substituteNonSpecialEntities($string)
  61      {
  62          // it will try to detect missing semicolons, but don't rely on it
  63          return preg_replace_callback(
  64              $this->_substituteEntitiesRegex,
  65              array($this, 'nonSpecialEntityCallback'),
  66              $string
  67          );
  68      }
  69  
  70      /**
  71       * Callback function for substituteNonSpecialEntities() that does the work.
  72       *
  73       * @param array $matches  PCRE matches array, with 0 the entire match, and
  74       *                  either index 1, 2 or 3 set with a hex value, dec value,
  75       *                  or string (respectively).
  76       * @return string Replacement string.
  77       */
  78  
  79      protected function nonSpecialEntityCallback($matches)
  80      {
  81          // replaces all but big five
  82          $entity = $matches[0];
  83          $is_num = (@$matches[0][1] === '#');
  84          if ($is_num) {
  85              $is_hex = (@$entity[2] === 'x');
  86              $code = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
  87              // abort for special characters
  88              if (isset($this->_special_dec2str[$code])) {
  89                  return $entity;
  90              }
  91              return HTMLPurifier_Encoder::unichr($code);
  92          } else {
  93              if (isset($this->_special_ent2dec[$matches[3]])) {
  94                  return $entity;
  95              }
  96              if (!$this->_entity_lookup) {
  97                  $this->_entity_lookup = HTMLPurifier_EntityLookup::instance();
  98              }
  99              if (isset($this->_entity_lookup->table[$matches[3]])) {
 100                  return $this->_entity_lookup->table[$matches[3]];
 101              } else {
 102                  return $entity;
 103              }
 104          }
 105      }
 106  
 107      /**
 108       * Substitutes only special entities with their parsed equivalents.
 109       *
 110       * @notice We try to avoid calling this function because otherwise, it
 111       * would have to be called a lot (for every parsed section).
 112       *
 113       * @param string $string String to have non-special entities parsed.
 114       * @return string Parsed string.
 115       */
 116      public function substituteSpecialEntities($string)
 117      {
 118          return preg_replace_callback(
 119              $this->_substituteEntitiesRegex,
 120              array($this, 'specialEntityCallback'),
 121              $string
 122          );
 123      }
 124  
 125      /**
 126       * Callback function for substituteSpecialEntities() that does the work.
 127       *
 128       * This callback has same syntax as nonSpecialEntityCallback().
 129       *
 130       * @param array $matches  PCRE-style matches array, with 0 the entire match, and
 131       *                  either index 1, 2 or 3 set with a hex value, dec value,
 132       *                  or string (respectively).
 133       * @return string Replacement string.
 134       */
 135      protected function specialEntityCallback($matches)
 136      {
 137          $entity = $matches[0];
 138          $is_num = (@$matches[0][1] === '#');
 139          if ($is_num) {
 140              $is_hex = (@$entity[2] === 'x');
 141              $int = $is_hex ? hexdec($matches[1]) : (int) $matches[2];
 142              return isset($this->_special_dec2str[$int]) ?
 143                  $this->_special_dec2str[$int] :
 144                  $entity;
 145          } else {
 146              return isset($this->_special_ent2dec[$matches[3]]) ?
 147                  $this->_special_ent2dec[$matches[3]] :
 148                  $entity;
 149          }
 150      }
 151  }
 152  
 153  // vim: et sw=4 sts=4