From a15dccf1b4845c3e56a9201244cf8e4a60b51b62 Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 01:48:15 +0000 Subject: [PATCH 1/8] Improve image regex. Allow matches in tables or with trailing punctuation. --- classTextile.php | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/classTextile.php b/classTextile.php index 3ccc2cb9..cfc35d38 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1683,26 +1683,26 @@ function isRelURL($url) // ------------------------------------------------------------- function image($text) { - return preg_replace_callback("/ - (?:[[{])? # pre - \! # opening ! - (\<|\=|\>)? # optional alignment atts - ($this->c) # optional style,class atts - (?:\. )? # optional dot-space - ([^\s(!]+) # presume this is the src - \s? # optional space - (?:\(([^\)]+)\))? # optional title - \! # closing - (?::(\S+))? # optional href - (?:[\]}]|(?=\s|$|\))) # lookahead: space or end of string - /x", array(&$this, "fImage"), $text); + return preg_replace_callback('/ + (?:[[{])? # pre + \! # opening ! + (\<|\=|\>)? # optional alignment $algn + ('.$this->c.') # optional style,class atts $atts + (?:\. )? # optional dot-space + ([^\s(!]+) # presume this is the src $url + \s? # optional space + (?:\(([^\)]+)\))? # optional title $title + \! # closing + (?::(\S+)(?pba($atts , '' , 1 , $extras) . $align; - if(isset($m[4]) && '' !== $m[4]) { - $m[4] = htmlspecialchars($m[4]); - $atts .= ' title="' . $m[4] . '" alt="' . $m[4] . '"'; + if($title) { + $title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); + $atts .= ' title="' . $title . '" alt="' . $title . '"'; } else $atts .= ' alt=""'; @@ -1731,7 +1731,7 @@ function fImage($m) $size = @getimagesize(realpath($this->doc_root.ltrim($url, $this->ds))); if ($size) $atts .= " $size[3]"; - $href = (isset($m[5])) ? $this->shelveURL($m[5]) : ''; + $href = ($href) ? $this->shelveURL($href) : ''; $url = $this->shelveURL($url); $out = array( From 276074a481d418dba3325a62584685299da8dd60 Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 01:48:40 +0000 Subject: [PATCH 2/8] Use ENT_QUOTES and UTF-8 in htmlspecialchars() --- classTextile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classTextile.php b/classTextile.php index cfc35d38..e6e3f09d 100644 --- a/classTextile.php +++ b/classTextile.php @@ -745,7 +745,7 @@ function fTable($matches) { $tatts = $this->pba($matches[1], 'table'); - $sum = trim($matches[2]) ? ' summary="'.htmlspecialchars(trim($matches[2])).'"' : ''; + $sum = trim($matches[2]) ? ' summary="'.htmlspecialchars(trim($matches[2]), ENT_QUOTES, 'UTF-8').'"' : ''; $cap = ''; $colgrp = $last_rgrp = ''; $c_row = 1; From d7e010a95efe5fb0c0ac994548311f63a7023dff Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 01:56:03 +0000 Subject: [PATCH 3/8] Allow relative image links --- classTextile.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/classTextile.php b/classTextile.php index e6e3f09d..f0f0e64e 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1688,7 +1688,7 @@ function image($text) \! # opening ! (\<|\=|\>)? # optional alignment $algn ('.$this->c.') # optional style,class atts $atts - (?:\. )? # optional dot-space + (\. )? # optional dot-space $period ([^\s(!]+) # presume this is the src $url \s? # optional space (?:\(([^\)]+)\))? # optional title $title @@ -1701,7 +1701,9 @@ function image($text) // ------------------------------------------------------------- function fImage($m) { - list(, $algn, $atts, $url, $title, $href) = array_pad($m, 6, null); + list(, $algn, $atts, $period, $url, $title, $href) = array_pad($m, 7, null); + + if( '.' === $period ) $url = ".$url"; $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); $extras = $align = ''; From a88823676c101e87b06bd6bed6e0268b89277f8d Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 02:20:56 +0000 Subject: [PATCH 4/8] Use encode_html() rather than htmlspecialchars() in title and alt --- classTextile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classTextile.php b/classTextile.php index f0f0e64e..e4d574a9 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1722,7 +1722,7 @@ function fImage($m) $atts = $this->pba($atts , '' , 1 , $extras) . $align; if($title) { - $title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); + $title = $this->encode_html($title); $atts .= ' title="' . $title . '" alt="' . $title . '"'; } else From d950cb6069e2bb6c2a7e0f6a77a41cbd33f184ea Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 02:21:29 +0000 Subject: [PATCH 5/8] Hrefs not to eat closing ] --- classTextile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classTextile.php b/classTextile.php index e4d574a9..9dff0535 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1693,7 +1693,7 @@ function image($text) \s? # optional space (?:\(([^\)]+)\))? # optional title $title \! # closing - (?::(\S+)(? Date: Tue, 13 Nov 2012 02:43:04 +0000 Subject: [PATCH 6/8] Use correct whitespace marker. Use more restrictive atts sub-regex. --- classTextile.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/classTextile.php b/classTextile.php index 9dff0535..77d86d6e 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1687,13 +1687,13 @@ function image($text) (?:[[{])? # pre \! # opening ! (\<|\=|\>)? # optional alignment $algn - ('.$this->c.') # optional style,class atts $atts - (\. )? # optional dot-space $period + ('.$this->lc.') # optional style,class atts $atts + (\.\s)? # optional dot-space $period ([^\s(!]+) # presume this is the src $url \s? # optional space (?:\(([^\)]+)\))? # optional title $title \! # closing - (?::(\S+)(? Date: Tue, 13 Nov 2012 16:36:41 +0000 Subject: [PATCH 7/8] Simplify treatment of optional dot-space before image src --- classTextile.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/classTextile.php b/classTextile.php index 77d86d6e..68603a88 100644 --- a/classTextile.php +++ b/classTextile.php @@ -1688,7 +1688,7 @@ function image($text) \! # opening ! (\<|\=|\>)? # optional alignment $algn ('.$this->lc.') # optional style,class atts $atts - (\.\s)? # optional dot-space $period + (?:\.\s)? # optional dot-space ([^\s(!]+) # presume this is the src $url \s? # optional space (?:\(([^\)]+)\))? # optional title $title @@ -1701,9 +1701,8 @@ function image($text) // ------------------------------------------------------------- function fImage($m) { - list(, $algn, $atts, $period, $url, $title, $href) = array_pad($m, 7, null); + list(, $algn, $atts, $url, $title, $href) = array_pad($m, 6, null); - if( '.' === $period ) $url = ".$url"; $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); $extras = $align = ''; @@ -1723,7 +1722,7 @@ function fImage($m) if($title) { $title = $this->encode_html($title); - $atts .= ' title="' . $title . '" alt="' . $title . '"'; + $atts .= ' title="' . $title . '" alt="' . $title . '"'; } else $atts .= ' alt=""'; From 68581aa7835bda606dcad621b9f337bb3f93062b Mon Sep 17 00:00:00 2001 From: netcarver Date: Tue, 13 Nov 2012 16:52:04 +0000 Subject: [PATCH 8/8] Small cleanups --- classTextile.php | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/classTextile.php b/classTextile.php index 68603a88..db52dcea 100644 --- a/classTextile.php +++ b/classTextile.php @@ -414,6 +414,7 @@ function Textile( $doctype = 'xhtml' ) $this->syms = '¤§µ¶†‡•∗∴◊♠♣♥♦'; $pnc = '[[:punct:]]'; + $this->cmap = array( 0x0080, 0xffff, 0, 0xffff); $this->restricted_url_schemes = array('http','https','ftp','mailto'); $this->unrestricted_url_schemes = array('http','https','ftp','mailto','file','tel','callto','sftp'); @@ -736,8 +737,7 @@ function hasRawText($text) function table($text) { $text = $text . "\n\n"; - return preg_replace_callback("/^(?:table(_?{$this->s}{$this->a}{$this->c})\.(.*)?\n)?^({$this->a}{$this->c}\.? ?\|.*\|)[\s]*\n\n/smU", - array(&$this, "fTable"), $text); + return preg_replace_callback("/^(?:table(_?{$this->s}{$this->a}{$this->c})\.(.*)?\n)?^({$this->a}{$this->c}\.? ?\|.*\|)[\s]*\n\n/smU", array(&$this, "fTable"), $text); } // ------------------------------------------------------------- @@ -1291,15 +1291,13 @@ function retrieveTags($text) // ------------------------------------------------------------- function fRetrieveOpenTags($m) { - list(, $key ) = $m; - return $this->tagCache[$key]['open']; + return $this->tagCache[$m[1]]['open']; } // ------------------------------------------------------------- function fRetrieveCloseTags($m) { - list(, $key ) = $m; - return $this->tagCache[$key]['close']; + return $this->tagCache[$m[1]]['close']; } // ------------------------------------------------------------- @@ -1643,8 +1641,7 @@ function shelveURL($text) // ------------------------------------------------------------- function retrieveURLs($text) { - return preg_replace_callback('/urlref:(\w{32})/', - array(&$this, "retrieveURL"), $text); + return preg_replace_callback('/urlref:(\w{32})/', array(&$this, "retrieveURL"), $text); } // ------------------------------------------------------------- @@ -1808,8 +1805,7 @@ function encodeEntities($text) function fixEntities($text) { /* de-entify any remaining angle brackets or ampersands */ - return str_replace(array(">", "<", "&"), - array(">", "<", "&"), $text); + return str_replace(array(">", "<", "&"), array(">", "<", "&"), $text); } // ------------------------------------------------------------- @@ -1826,8 +1822,7 @@ function cleanWhiteSpace($text) // ------------------------------------------------------------- function doSpecial($text, $start, $end, $method='fSpecial') { - return preg_replace_callback('/(^|\s|[[({>])'.preg_quote($start, '/').'(.*?)'.preg_quote($end, '/').'(\s|$|[\])}])?/ms', - array(&$this, $method), $text); + return preg_replace_callback('/(^|\s|[[({>])'.preg_quote($start, '/').'(.*?)'.preg_quote($end, '/').'(\s|$|[\])}])?/ms', array(&$this, $method), $text); } // ------------------------------------------------------------- @@ -1857,8 +1852,7 @@ function fTextile($m) // ------------------------------------------------------------- function footnoteRef($text) { - return preg_replace('/(?<=\S)\[([0-9]+)([\!]?)\](\s)?/Ue', - '$this->footnoteID(\'\1\',\'\2\',\'\3\')', $text); + return preg_replace('/(?<=\S)\[([0-9]+)([\!]?)\](\s)?/Ue', '$this->footnoteID(\'\1\',\'\2\',\'\3\')', $text); } // ------------------------------------------------------------- @@ -1934,23 +1928,15 @@ function vAlign($in) } // ------------------------------------------------------------- -// NOTE: used in notelists function encode_high($text, $charset = "UTF-8") { - return mb_encode_numericentity($text, $this->cmap(), $charset); + return mb_encode_numericentity($text, $this->cmap, $charset); } // ------------------------------------------------------------- -// NOTE: used in notelists function decode_high($text, $charset = "UTF-8") { - return mb_decode_numericentity($text, $this->cmap(), $charset); - } - -// ------------------------------------------------------------- - function cmap() - { - return array( 0x0080, 0xffff, 0, 0xffff); + return mb_decode_numericentity($text, $this->cmap, $charset); } // ------------------------------------------------------------- @@ -2003,6 +1989,5 @@ function blockLite($text) return $this->block($text."\n\n"); } - } // end class