diff options
269 files changed, 17331 insertions, 2304 deletions
diff --git a/.gitignore b/.gitignore index f4c2bba5f..5394f5eac 100644 --- a/.gitignore +++ b/.gitignore @@ -23,4 +23,4 @@ config-*.php good-config.php lac08.log php.log -config.php.* + @@ -134,7 +134,7 @@ Prerequisites The following software packages are *required* for this software to run correctly. -- PHP 5.2.x. It may be possible to run this software on earlier +- PHP 5.2.3+. It may be possible to run this software on earlier versions of PHP, but many of the functions used are only available in PHP 5.2 or above. - MySQL 5.x. The Laconica database is stored, by default, in a MySQL @@ -262,13 +262,16 @@ especially if you've previously installed PHP/MySQL packages. that user's default group instead. As a last resort, you can create a new group like "mublog" and add the Web server's user to the group. -4. You should also take this moment to make your avatar subdirectory - writeable by the Web server. An insecure way to do this is: +4. You should also take this moment to make your avatar, background, and + file subdirectories writeable by the Web server. An insecure way to do + this is: chmod a+w /var/www/mublog/avatar + chmod a+w /var/www/mublog/background + chmod a+w /var/www/mublog/file - You can also make the avatar directory writeable by the Web server - group, as noted above. + You can also make the avatar, background, and file directories + writeable by the Web server group, as noted above. 5. Create a database to hold your microblog data. Something like this should work: @@ -937,6 +940,8 @@ closed: If set to 'true', will disallow registration on your site. the service, *then* set this variable to 'true'. inviteonly: If set to 'true', will only allow registration if the user was invited by an existing user. +openidonly: If set to 'true', will only allow registrations and logins + through OpenID. private: If set to 'true', anonymous users will be redirected to the 'login' page. Also, API methods that normally require no authentication will require it. Note that this does not turn @@ -1225,6 +1230,30 @@ enabled: Set to true to enable. Default false. server: a string with the hostname of the sphinx server. port: an integer with the port number of the sphinx server. +emailpost +--------- + +For post-by-email. + +enabled: Whether to enable post-by-email. Defaults to true. You will + also need to set up maildaemon.php. + +sms +--- + +For SMS integration. + +enabled: Whether to enable SMS integration. Defaults to true. Queues + should also be enabled. + +twitter +------- + +For Twitter integration + +enabled: Whether to enable Twitter integration. Defaults to true. + Queues should also be enabled. + integration ----------- diff --git a/actions/all.php b/actions/all.php index f06ead2a8..5db09a0e6 100644 --- a/actions/all.php +++ b/actions/all.php @@ -88,7 +88,9 @@ class AllAction extends ProfileAction } } else { - $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and then nudge %s or post a notice to his or her attention.'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin', + $this->user->nickname); } $this->elementStart('div', 'guide'); diff --git a/actions/allrss.php b/actions/allrss.php index 885a67f61..260667090 100644 --- a/actions/allrss.php +++ b/actions/allrss.php @@ -115,8 +115,8 @@ class AllrssAction extends Rss10Action 'link' => common_local_url('all', array('nickname' => $user->nickname)), - 'description' => sprintf(_('Feed for friends of %s'), - $user->nickname)); + 'description' => sprintf(_('Updates from %1$s and friends on %2$s!'), + $user->nickname, common_config('site', 'name'))); return $c; } diff --git a/actions/api.php b/actions/api.php index 452ed8e82..6d226af7e 100644 --- a/actions/api.php +++ b/actions/api.php @@ -129,6 +129,10 @@ class ApiAction extends Action 'laconica/config', 'laconica/wadl', 'tags/timeline', + 'oembed/oembed', + 'groups/show', + 'groups/timeline', + 'groups/list_all', 'groups/timeline'); static $bareauth = array('statuses/user_timeline', @@ -138,7 +142,8 @@ class ApiAction extends Action 'statuses/mentions', 'statuses/followers', 'favorites/favorites', - 'friendships/show'); + 'friendships/show', + 'groups/list_groups'); $fullname = "$this->api_action/$this->api_method"; diff --git a/actions/attachment.php b/actions/attachment.php index ee4cd9640..c6a5d0d52 100644 --- a/actions/attachment.php +++ b/actions/attachment.php @@ -98,6 +98,28 @@ class AttachmentAction extends Action return $a->title(); } + function extraHead() + { + $this->element('link',array('rel'=>'alternate', + 'type'=>'application/json+oembed', + 'href'=>common_local_url( + 'api', + array('apiaction'=>'oembed','method'=>'oembed.json'), + array('url'=> + common_local_url('attachment', + array('attachment' => $this->attachment->id)))), + 'title'=>'oEmbed'),null); + $this->element('link',array('rel'=>'alternate', + 'type'=>'text/xml+oembed', + 'href'=>common_local_url( + 'api', + array('apiaction'=>'oembed','method'=>'oembed.xml'), + array('url'=> + common_local_url('attachment', + array('attachment' => $this->attachment->id)))), + 'title'=>'oEmbed'),null); + } + /** * Handle input * diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php index c2bb35a39..38e3103f4 100644 --- a/actions/avatarsettings.php +++ b/actions/avatarsettings.php @@ -382,13 +382,7 @@ class AvatarsettingsAction extends AccountSettingsAction function showStylesheets() { parent::showStylesheets(); - $jcropStyle = - common_path('theme/base/css/jquery.Jcrop.css?version='.LACONICA_VERSION); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => $jcropStyle, - 'media' => 'screen, projection, tv')); + $this->cssLink('css/jquery.Jcrop.css','base','screen, projection, tv'); } /** @@ -402,13 +396,8 @@ class AvatarsettingsAction extends AccountSettingsAction parent::showScripts(); if ($this->mode == 'crop') { - $jcropPack = common_path('js/jcrop/jquery.Jcrop.pack.js'); - $jcropGo = common_path('js/jcrop/jquery.Jcrop.go.js'); - - $this->element('script', array('type' => 'text/javascript', - 'src' => $jcropPack)); - $this->element('script', array('type' => 'text/javascript', - 'src' => $jcropGo)); + $this->script('js/jcrop/jquery.Jcrop.pack.js'); + $this->script('js/jcrop/jquery.Jcrop.go.js'); } } } diff --git a/actions/confirmaddress.php b/actions/confirmaddress.php index 725c1f1e3..3c41a5c70 100644 --- a/actions/confirmaddress.php +++ b/actions/confirmaddress.php @@ -67,7 +67,11 @@ class ConfirmaddressAction extends Action parent::handle($args); if (!common_logged_in()) { common_set_returnto($this->selfUrl()); - common_redirect(common_local_url('login')); + if (!common_config('site', 'openidonly')) { + common_redirect(common_local_url('login')); + } else { + common_redirect(common_local_url('openidlogin')); + } return; } $code = $this->trimmed('code'); diff --git a/actions/conversation.php b/actions/conversation.php index c8755ba6e..6b5d8d54d 100644 --- a/actions/conversation.php +++ b/actions/conversation.php @@ -167,6 +167,8 @@ class ConversationTree extends NoticeList function _buildTree() { + $cnt = 0; + $this->tree = array(); $this->table = array(); diff --git a/actions/emailsettings.php b/actions/emailsettings.php index 634388fdd..cdd092829 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -122,7 +122,7 @@ class EmailsettingsAction extends AccountSettingsAction } $this->elementEnd('fieldset'); - if ($user->email) { + if (common_config('emailpost', 'enabled') && $user->email) { $this->elementStart('fieldset', array('id' => 'settings_email_incoming')); $this->element('legend',_('Incoming email')); if ($user->incomingemail) { @@ -173,11 +173,13 @@ class EmailsettingsAction extends AccountSettingsAction _('Allow friends to nudge me and send me an email.'), $user->emailnotifynudge); $this->elementEnd('li'); - $this->elementStart('li'); - $this->checkbox('emailpost', - _('I want to post notices by email.'), - $user->emailpost); - $this->elementEnd('li'); + if (common_config('emailpost', 'enabled')) { + $this->elementStart('li'); + $this->checkbox('emailpost', + _('I want to post notices by email.'), + $user->emailpost); + $this->elementEnd('li'); + } $this->elementStart('li'); $this->checkbox('emailmicroid', _('Publish a MicroID for my email address.'), diff --git a/actions/favorited.php b/actions/favorited.php index 156c7a700..a3d1a5e20 100644 --- a/actions/favorited.php +++ b/actions/favorited.php @@ -153,7 +153,8 @@ class FavoritedAction extends Action $message .= _('Be the first to add a notice to your favorites by clicking the fave button next to any notice you like.'); } else { - $message .= _('Why not [register an account](%%action.register%%) and be the first to add a notice to your favorites!'); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and be the first to add a notice to your favorites!'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } $this->elementStart('div', 'guide'); diff --git a/actions/favoritesrss.php b/actions/favoritesrss.php index c439a9a62..5dc09e5e8 100644 --- a/actions/favoritesrss.php +++ b/actions/favoritesrss.php @@ -111,8 +111,8 @@ class FavoritesrssAction extends Rss10Action 'link' => common_local_url('showfavorites', array('nickname' => $user->nickname)), - 'description' => sprintf(_('Feed of favorite notices of %s'), - $user->nickname)); + 'description' => sprintf(_('Updates favored by %1$s on %2$s!'), + $user->nickname, common_config('site', 'name'))); return $c; } diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php index e9f7c746b..ba1e933e3 100644 --- a/actions/finishopenidlogin.php +++ b/actions/finishopenidlogin.php @@ -83,7 +83,7 @@ class FinishopenidloginAction extends Action function showContent() { if (!empty($this->message_text)) { - $this->element('p', null, $this->message); + $this->element('div', array('class' => 'error'), $this->message_text); return; } @@ -217,7 +217,7 @@ class FinishopenidloginAction extends Action if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { $this->showForm(_('Nickname must have only lowercase letters and numbers and no spaces.')); return; } @@ -389,7 +389,7 @@ class FinishopenidloginAction extends Action { if (!Validate::string($str, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { return false; } if (!User::allowed_nickname($str)) { diff --git a/actions/grouplogo.php b/actions/grouplogo.php index 8f6158dac..5edb10cf8 100644 --- a/actions/grouplogo.php +++ b/actions/grouplogo.php @@ -428,13 +428,7 @@ class GrouplogoAction extends GroupDesignAction function showStylesheets() { parent::showStylesheets(); - $jcropStyle = - common_path('theme/base/css/jquery.Jcrop.css?version='.LACONICA_VERSION); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => $jcropStyle, - 'media' => 'screen, projection, tv')); + $this->cssLink('css/jquery.Jcrop.css','base','screen, projection, tv'); } /** @@ -448,13 +442,8 @@ class GrouplogoAction extends GroupDesignAction parent::showScripts(); if ($this->mode == 'crop') { - $jcropPack = common_path('js/jcrop/jquery.Jcrop.pack.js'); - $jcropGo = common_path('js/jcrop/jquery.Jcrop.go.js'); - - $this->element('script', array('type' => 'text/javascript', - 'src' => $jcropPack)); - $this->element('script', array('type' => 'text/javascript', - 'src' => $jcropGo)); + $this->script('js/jcrop/jquery.Jcrop.pack.js'); + $this->script('js/jcrop/jquery.Jcrop.go.js'); } } diff --git a/actions/grouprss.php b/actions/grouprss.php index 2bdcaafb2..e1e2d2018 100644 --- a/actions/grouprss.php +++ b/actions/grouprss.php @@ -132,9 +132,10 @@ class groupRssAction extends Rss10Action $c = array('url' => common_local_url('grouprss', array('nickname' => $group->nickname)), - 'title' => $group->nickname, + 'title' => sprintf(_('%s timeline'), $group->nickname), 'link' => common_local_url('showgroup', array('nickname' => $group->nickname)), - 'description' => sprintf(_('Microblog by %s group'), $group->nickname)); + 'description' => sprintf(_('Updates from members of %1$s on %2$s!'), + $group->nickname, common_config('site', 'name'))); return $c; } diff --git a/actions/groupsearch.php b/actions/groupsearch.php index c50466ce6..7437166e6 100644 --- a/actions/groupsearch.php +++ b/actions/groupsearch.php @@ -82,7 +82,8 @@ class GroupsearchAction extends SearchAction $message = _('If you can\'t find the group you\'re looking for, you can [create it](%%action.newgroup%%) yourself.'); } else { - $message = _('Why not [register an account](%%action.register%%) and [create the group](%%action.newgroup%%) yourself!'); + $message = sprintf(_('Why not [register an account](%%%%action.%s%%%%) and [create the group](%%%%action.newgroup%%%%) yourself!'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } $this->elementStart('div', 'guide'); $this->raw(common_markup_to_html($message)); diff --git a/actions/imsettings.php b/actions/imsettings.php index e0f5ede3a..70a6f37d4 100644 --- a/actions/imsettings.php +++ b/actions/imsettings.php @@ -84,6 +84,12 @@ class ImsettingsAction extends ConnectSettingsAction function showContent() { + if (!common_config('xmpp', 'enabled')) { + $this->element('div', array('class' => 'error'), + _('IM is not available.')); + return; + } + $user = common_current_user(); $this->elementStart('form', array('method' => 'post', 'id' => 'form_settings_im', diff --git a/actions/invite.php b/actions/invite.php index bdea4807d..bdc0d34cb 100644 --- a/actions/invite.php +++ b/actions/invite.php @@ -216,7 +216,7 @@ class InviteAction extends CurrentUserDesignAction $recipients = array($email); $headers['From'] = mail_notify_from(); - $headers['To'] = $email; + $headers['To'] = trim($email); $headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename); $body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n". @@ -235,7 +235,7 @@ class InviteAction extends CurrentUserDesignAction common_root_url(), $personal, common_local_url('showstream', array('nickname' => $user->nickname)), - common_local_url('register', array('code' => $invite->code))); + common_local_url((!common_config('site', 'openidonly')) ? 'register' : 'openidlogin', array('code' => $invite->code))); mail_send($recipients, $headers, $body); } diff --git a/actions/login.php b/actions/login.php index 50de83f6f..c20854f15 100644 --- a/actions/login.php +++ b/actions/login.php @@ -65,6 +65,8 @@ class LoginAction extends Action * * Switches on request method; either shows the form or handles its input. * + * Checks if only OpenID is allowed and redirects to openidlogin if so. + * * @param array $args $_REQUEST data * * @return void @@ -73,7 +75,9 @@ class LoginAction extends Action function handle($args) { parent::handle($args); - if (common_is_real_login()) { + if (common_config('site', 'openidonly')) { + common_redirect(common_local_url('openidlogin')); + } else if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 49b473d9e..90b3309cf 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -121,7 +121,9 @@ class NoticesearchAction extends SearchAction $message = sprintf(_('Be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), urlencode($q)); } else { - $message = sprintf(_('Why not [register an account](%%%%action.register%%%%) and be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), urlencode($q)); + $message = sprintf(_('Why not [register an account](%%%%action.%s%%%%) and be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin', + urlencode($q)); } $this->elementStart('div', 'guide'); diff --git a/actions/noticesearchrss.php b/actions/noticesearchrss.php index 2a4b2060d..045531c5a 100644 --- a/actions/noticesearchrss.php +++ b/actions/noticesearchrss.php @@ -86,9 +86,10 @@ class NoticesearchrssAction extends Rss10Action { $q = $this->trimmed('q'); $c = array('url' => common_local_url('noticesearchrss', array('q' => $q)), - 'title' => common_config('site', 'name') . sprintf(_(' Search Stream for "%s"'), $q), + 'title' => sprintf(_('Updates with "%s"'), $q), 'link' => common_local_url('noticesearch', array('q' => $q)), - 'description' => sprintf(_('All updates matching search term "%s"'), $q)); + 'description' => sprintf(_('Updates matching search term "%1$s" on %2$s!'), + $q, common_config('site', 'name'))); return $c; } diff --git a/actions/profilesettings.php b/actions/profilesettings.php index fb847680b..d8fb2c9bb 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -189,7 +189,7 @@ class ProfilesettingsAction extends AccountSettingsAction // Some validation if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { $this->showForm(_('Nickname must have only lowercase letters and numbers and no spaces.')); return; } else if (!User::allowed_nickname($nickname)) { diff --git a/actions/public.php b/actions/public.php index d0317ac70..dd128925b 100644 --- a/actions/public.php +++ b/actions/public.php @@ -183,7 +183,8 @@ class PublicAction extends Action } else { if (! (common_config('site','closed') || common_config('site','inviteonly'))) { - $message .= _('Why not [register an account](%%action.register%%) and be the first to post!'); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and be the first to post!'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } } @@ -238,9 +239,11 @@ class PublicAction extends Action function showAnonymousMessage() { if (! (common_config('site','closed') || common_config('site','inviteonly'))) { - $m = _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . - 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . - '[Join now](%%action.register%%) to share notices about yourself with friends, family, and colleagues! ([Read more](%%doc.help%%))'); + $m = sprintf(_('This is %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . + 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . + '[Join now](%%%%action.%s%%%%) to share notices about yourself with friends, family, and colleagues! ' . + '([Read more](%%%%doc.help%%%%))'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } else { $m = _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . 'based on the Free Software [Laconica](http://laconi.ca/) tool.'); diff --git a/actions/publicrss.php b/actions/publicrss.php index 7e8df9625..5c08de641 100644 --- a/actions/publicrss.php +++ b/actions/publicrss.php @@ -86,9 +86,9 @@ class PublicrssAction extends Rss10Action { $c = array( 'url' => common_local_url('publicrss') - , 'title' => sprintf(_('%s Public Stream'), common_config('site', 'name')) + , 'title' => sprintf(_('%s public timeline'), common_config('site', 'name')) , 'link' => common_local_url('public') - , 'description' => sprintf(_('All updates for %s'), common_config('site', 'name'))); + , 'description' => sprintf(_('%s updates from everyone!'), common_config('site', 'name'))); return $c; } diff --git a/actions/publictagcloud.php b/actions/publictagcloud.php index e9f33d58b..a2772869d 100644 --- a/actions/publictagcloud.php +++ b/actions/publictagcloud.php @@ -72,7 +72,8 @@ class PublictagcloudAction extends Action $message .= _('Be the first to post one!'); } else { - $message .= _('Why not [register an account](%%action.register%%) and be the first to post one!'); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and be the first to post one!'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } $this->elementStart('div', 'guide'); diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index 2afd052a7..721edea7f 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -194,6 +194,9 @@ class RecoverpasswordAction extends Action 'or your registered email address.')); $this->elementEnd('li'); $this->elementEnd('ul'); + $this->element('input', array('name' => 'recover', + 'type' => 'hidden', + 'value' => _('Recover'))); $this->submit('recover', _('Recover')); $this->elementEnd('fieldset'); $this->elementEnd('form'); diff --git a/actions/register.php b/actions/register.php index dcbbbdb6a..046a76b80 100644 --- a/actions/register.php +++ b/actions/register.php @@ -116,6 +116,8 @@ class RegisterAction extends Action * * Checks if registration is closed and shows an error if so. * + * Checks if only OpenID is allowed and redirects to openidlogin if so. + * * @param array $args $_REQUEST data * * @return void @@ -127,6 +129,8 @@ class RegisterAction extends Action if (common_config('site', 'closed')) { $this->clientError(_('Registration not allowed.')); + } else if (common_config('site', 'openidonly')) { + common_redirect(common_local_url('openidlogin')); } else if (common_logged_in()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index e658f8d37..7323103fc 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -71,11 +71,13 @@ class RemotesubscribeAction extends Action if ($this->err) { $this->element('div', 'error', $this->err); } else { - $inst = _('To subscribe, you can [login](%%action.login%%),' . - ' or [register](%%action.register%%) a new ' . - ' account. If you already have an account ' . - ' on a [compatible microblogging site](%%doc.openmublog%%), ' . - ' enter your profile URL below.'); + $inst = sprintf(_('To subscribe, you can [login](%%%%action.%s%%%%),' . + ' or [register](%%%%action.%s%%%%) a new ' . + ' account. If you already have an account ' . + ' on a [compatible microblogging site](%%doc.openmublog%%), ' . + ' enter your profile URL below.'), + (!common_config('site','openidonly')) ? 'login' : 'openidlogin', + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); $output = common_markup_to_html($inst); $this->elementStart('div', 'instructions'); $this->raw($output); diff --git a/actions/replies.php b/actions/replies.php index d7ed440e9..f14383d33 100644 --- a/actions/replies.php +++ b/actions/replies.php @@ -187,7 +187,9 @@ class RepliesAction extends OwnerDesignAction } } else { - $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and then nudge %s or post a notice to his or her attention.'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin', + $this->user->nickname); } $this->elementStart('div', 'guide'); diff --git a/actions/repliesrss.php b/actions/repliesrss.php index a87e2870d..580bb91f7 100644 --- a/actions/repliesrss.php +++ b/actions/repliesrss.php @@ -68,7 +68,8 @@ class RepliesrssAction extends Rss10Action 'link' => common_local_url('replies', array('nickname' => $user->nickname)), - 'description' => sprintf(_('Feed for replies to %s'), $user->nickname)); + 'description' => sprintf(_('Replies to %1$s on %2$s!'), + $user->nickname, common_config('site', 'name'))); return $c; } diff --git a/actions/showfavorites.php b/actions/showfavorites.php index 8efe9d30a..9f549baf2 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -173,7 +173,9 @@ class ShowfavoritesAction extends OwnerDesignAction } } else { - $message = sprintf(_('%s hasn\'t added any notices to his favorites yet. Why not [register an account](%%%%action.register%%%%) and then post something interesting they would add to thier favorites :)'), $this->user->nickname); + $message = sprintf(_('%s hasn\'t added any notices to his favorites yet. Why not [register an account](%%%%action.%s%%%%) and then post something interesting they would add to their favorites :)'), + $this->user->nickname, + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } $this->elementStart('div', 'guide'); diff --git a/actions/showgroup.php b/actions/showgroup.php index 32ec674a9..4d8ba5fa8 100644 --- a/actions/showgroup.php +++ b/actions/showgroup.php @@ -440,8 +440,9 @@ class ShowgroupAction extends GroupDesignAction $m = sprintf(_('**%s** is a user group on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . 'based on the Free Software [Laconica](http://laconi.ca/) tool. Its members share ' . 'short messages about their life and interests. '. - '[Join now](%%%%action.register%%%%) to become part of this group and many more! ([Read more](%%%%doc.help%%%%))'), - $this->group->nickname); + '[Join now](%%%%action.%s%%%%) to become part of this group and many more! ([Read more](%%%%doc.help%%%%))'), + $this->group->nickname, + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } else { $m = sprintf(_('**%s** is a user group on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . 'based on the Free Software [Laconica](http://laconi.ca/) tool. Its members share ' . diff --git a/actions/shownotice.php b/actions/shownotice.php index 1ec38a76b..4b179bc72 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -97,8 +97,8 @@ class ShownoticeAction extends OwnerDesignAction $this->user = User::staticGet('id', $this->profile->id); - if (empty($this->user)) { - $this->serverError(_('Not a local notice'), 500); + if (! $this->notice->is_local) { + common_redirect($this->notice->uri); return false; } @@ -275,6 +275,20 @@ class ShownoticeAction extends OwnerDesignAction $this->element('meta', array('name' => 'microid', 'content' => $id->toString())); } + $this->element('link',array('rel'=>'alternate', + 'type'=>'application/json+oembed', + 'href'=>common_local_url( + 'api', + array('apiaction'=>'oembed','method'=>'oembed.json'), + array('url'=>$this->notice->uri)), + 'title'=>'oEmbed'),null); + $this->element('link',array('rel'=>'alternate', + 'type'=>'text/xml+oembed', + 'href'=>common_local_url( + 'api', + array('apiaction'=>'oembed','method'=>'oembed.xml'), + array('url'=>$this->notice->uri)), + 'title'=>'oEmbed'),null); } } diff --git a/actions/showstream.php b/actions/showstream.php index cd5d4bb70..3f603d64f 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -358,7 +358,9 @@ class ShowstreamAction extends ProfileAction } } else { - $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname); + $message .= sprintf(_('Why not [register an account](%%%%action.%s%%%%) and then nudge %s or post a notice to his or her attention.'), + (!common_config('site','openidonly')) ? 'register' : 'openidlogin', + $this->user->nickname); } $this->elementStart('div', 'guide'); @@ -387,8 +389,10 @@ class ShowstreamAction extends ProfileAction if (!(common_config('site','closed') || common_config('site','inviteonly'))) { $m = sprintf(_('**%s** has an account on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . - '[Join now](%%%%action.register%%%%) to follow **%s**\'s notices and many more! ([Read more](%%%%doc.help%%%%))'), - $this->user->nickname, $this->user->nickname); + '[Join now](%%%%action.%s%%%%) to follow **%s**\'s notices and many more! ([Read more](%%%%doc.help%%%%))'), + $this->user->nickname, + (!common_config('site','openidonly')) ? 'register' : 'openidlogin', + $this->user->nickname); } else { $m = sprintf(_('**%s** has an account on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . 'based on the Free Software [Laconica](http://laconi.ca/) tool. '), diff --git a/actions/smssettings.php b/actions/smssettings.php index 922bab9a4..33b54abf6 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -80,6 +80,12 @@ class SmssettingsAction extends ConnectSettingsAction function showContent() { + if (!common_config('sms', 'enabled')) { + $this->element('div', array('class' => 'error'), + _('SMS is not available.')); + return; + } + $user = common_current_user(); $this->elementStart('form', array('method' => 'post', diff --git a/actions/subscribers.php b/actions/subscribers.php index 66ac00fb1..404738012 100644 --- a/actions/subscribers.php +++ b/actions/subscribers.php @@ -111,7 +111,9 @@ class SubscribersAction extends GalleryAction } } else { - $message = sprintf(_('%s has no subscribers. Why not [register an account](%%%%action.register%%%%) and be the first?'), $this->user->nickname); + $message = sprintf(_('%s has no subscribers. Why not [register an account](%%%%action.%s%%%%) and be the first?'), + $this->user->nickname, + (!common_config('site','openidonly')) ? 'register' : 'openidlogin'); } $this->elementStart('div', 'guide'); diff --git a/actions/subscriptions.php b/actions/subscriptions.php index 42bdae10f..0724471ff 100644 --- a/actions/subscriptions.php +++ b/actions/subscriptions.php @@ -174,14 +174,26 @@ class SubscriptionsListItem extends SubscriptionListItem return; } + if (!common_config('xmpp', 'enabled') && !common_config('sms', 'enabled')) { + return; + } + $this->out->elementStart('form', array('id' => 'subedit-' . $this->profile->id, 'method' => 'post', 'class' => 'form_subscription_edit', 'action' => common_local_url('subedit'))); $this->out->hidden('token', common_session_token()); $this->out->hidden('profile', $this->profile->id); - $this->out->checkbox('jabber', _('Jabber'), $sub->jabber); - $this->out->checkbox('sms', _('SMS'), $sub->sms); + if (common_config('xmpp', 'enabled')) { + $this->out->checkbox('jabber', _('Jabber'), $sub->jabber); + } else { + $this->out->hidden('jabber', $sub->jabber); + } + if (common_config('sms', 'enabled')) { + $this->out->checkbox('sms', _('SMS'), $sub->sms); + } else { + $this->out->hidden('sms', $sub->sms); + } $this->out->submit('save', _('Save')); $this->out->elementEnd('form'); return; diff --git a/actions/tagrss.php b/actions/tagrss.php index f69374fca..c3c03b9cd 100644 --- a/actions/tagrss.php +++ b/actions/tagrss.php @@ -61,7 +61,8 @@ class TagrssAction extends Rss10Action $c = array('url' => common_local_url('tagrss', array('tag' => $tagname)), 'title' => $tagname, 'link' => common_local_url('tagrss', array('tag' => $tagname)), - 'description' => sprintf(_('Microblog tagged with %s'), $tagname)); + 'description' => sprintf(_('Updates tagged with %1$s on %2$s!'), + $tagname, common_config('site', 'name'))); return $c; } diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php index 8256668f3..6f9361065 100644 --- a/actions/twitapifavorites.php +++ b/actions/twitapifavorites.php @@ -207,32 +207,10 @@ class TwitapifavoritesAction extends TwitterapiAction $other = User::staticGet('id', $notice->profile_id); if ($other && $other->id != $user->id) { if ($other->email && $other->emailnotifyfav) { - $this->notify_mail($other, $user, $notice); + mail_notify_fave($other, $user, $notice); } # XXX: notify by IM # XXX: notify by SMS } } - - function notify_mail($other, $user, $notice) - { - $profile = $user->getProfile(); - $bestname = $profile->getBestName(); - $subject = sprintf(_('%s added your notice as a favorite'), $bestname); - $body = sprintf(_("%1\$s just added your notice from %2\$s as one of their favorites.\n\n" . - "In case you forgot, you can see the text of your notice here:\n\n" . - "%3\$s\n\n" . - "You can see the list of %1\$s's favorites here:\n\n" . - "%4\$s\n\n" . - "Faithfully yours,\n" . - "%5\$s\n"), - $bestname, - common_exact_date($notice->created), - common_local_url('shownotice', array('notice' => $notice->id)), - common_local_url('showfavorites', array('nickname' => $user->nickname)), - common_config('site', 'name')); - - mail_to_user($other, $subject, $body); - } - -}
\ No newline at end of file +} diff --git a/actions/twitapigroups.php b/actions/twitapigroups.php index 71a0776f4..bebc07fa1 100644 --- a/actions/twitapigroups.php +++ b/actions/twitapigroups.php @@ -51,6 +51,129 @@ require_once INSTALLDIR.'/lib/twitterapi.php'; class TwitapigroupsAction extends TwitterapiAction { + function list_groups($args, $apidata) + { + parent::handle($args); + + common_debug("in groups api action"); + + $this->auth_user = $apidata['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (empty($user)) { + $this->clientError('Not Found', 404, $apidata['content-type']); + return; + } + + $page = (int)$this->arg('page', 1); + $count = (int)$this->arg('count', 20); + $max_id = (int)$this->arg('max_id', 0); + $since_id = (int)$this->arg('since_id', 0); + $since = $this->arg('since'); + $group = $user->getGroups(($page-1)*$count, + $count, $since_id, $max_id, $since); + + $sitename = common_config('site', 'name'); + $title = sprintf(_("%s's groups"), $user->nickname); + $taguribase = common_config('integration', 'taguri'); + $id = "tag:$taguribase:Groups"; + $link = common_root_url(); + $subtitle = sprintf(_("groups %s is a member of on %s"), $user->nickname, $sitename); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_groups($group); + break; + case 'rss': + $this->show_rss_groups($group, $title, $link, $subtitle); + break; + case 'atom': + $selfuri = common_root_url() . 'api/laconica/groups/list/' . $user->id . '.atom'; + $this->show_atom_groups($group, $title, $id, $link, + $subtitle, $selfuri); + break; + case 'json': + $this->show_json_groups($group); + break; + default: + $this->clientError(_('API method not found!'), $code = 404); + break; + } + } + + function list_all($args, $apidata) + { + parent::handle($args); + + common_debug("in groups api action"); + + $page = (int)$this->arg('page', 1); + $count = (int)$this->arg('count', 20); + $max_id = (int)$this->arg('max_id', 0); + $since_id = (int)$this->arg('since_id', 0); + $since = $this->arg('since'); + + /* TODO: + Use the $page, $count, $max_id, $since_id, and $since parameters + */ + $group = new User_group(); + $group->orderBy('created DESC'); + $group->find(); + + $sitename = common_config('site', 'name'); + $title = sprintf(_("%s groups"), $sitename); + $taguribase = common_config('integration', 'taguri'); + $id = "tag:$taguribase:Groups"; + $link = common_root_url(); + $subtitle = sprintf(_("groups on %s"), $sitename); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_groups($group); + break; + case 'rss': + $this->show_rss_groups($group, $title, $link, $subtitle); + break; + case 'atom': + $selfuri = common_root_url() . 'api/laconica/groups/list_all.atom'; + $this->show_atom_groups($group, $title, $id, $link, + $subtitle, $selfuri); + break; + case 'json': + $this->show_json_groups($group); + break; + default: + $this->clientError(_('API method not found!'), $code = 404); + break; + } + } + + function show($args, $apidata) + { + parent::handle($args); + + common_debug("in groups api action"); + + $this->auth_user = $apidata['user']; + $group = $this->get_group($apidata['api_arg'], $apidata); + + if (empty($group)) { + $this->clientError('Not Found', 404, $apidata['content-type']); + return; + } + + switch($apidata['content-type']) { + case 'xml': + $this->show_single_xml_group($group); + break; + case 'json': + $this->show_single_json_group($group); + break; + default: + $this->clientError(_('API method not found!'), $code = 404); + } + } + function timeline($args, $apidata) { parent::handle($args); @@ -88,8 +211,7 @@ require_once INSTALLDIR.'/lib/twitterapi.php'; $this->show_xml_timeline($notice); break; case 'rss': - $this->show_rss_timeline($notice, $title, $link, - $subtitle, $suplink); + $this->show_rss_timeline($notice, $title, $link, $subtitle); break; case 'atom': if (isset($apidata['api_arg'])) { @@ -101,7 +223,7 @@ require_once INSTALLDIR.'/lib/twitterapi.php'; 'api/laconica/groups/timeline.atom'; } $this->show_atom_timeline($notice, $title, $id, $link, - $subtitle, $suplink, $selfuri); + $subtitle, null, $selfuri); break; case 'json': $this->show_json_timeline($notice); diff --git a/actions/twitapilaconica.php b/actions/twitapilaconica.php index 8cd7a64b9..442fdbcef 100644 --- a/actions/twitapilaconica.php +++ b/actions/twitapilaconica.php @@ -171,4 +171,5 @@ class TwitapilaconicaAction extends TwitterapiAction parent::handle($args); $this->serverError(_('API method under construction.'), 501); } + } diff --git a/actions/twitapioembed.php b/actions/twitapioembed.php new file mode 100644 index 000000000..3019e5878 --- /dev/null +++ b/actions/twitapioembed.php @@ -0,0 +1,173 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Laconica-only extensions to the Twitter-like API + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Twitter + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @copyright 2008 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/twitterapi.php'; + +/** + * Oembed provider implementation + * + * This class handles all /main/oembed(.xml|.json)/ requests. + * + * @category oEmbed + * @package Laconica + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2008 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +class TwitapioembedAction extends TwitterapiAction +{ + + function oembed($args, $apidata) + { + parent::handle($args); + + common_debug("in oembed api action"); + + $this->auth_user = $apidata['user']; + + $url = $args['url']; + if( substr(strtolower($url),0,strlen(common_root_url())) == strtolower(common_root_url()) ){ + $path = substr($url,strlen(common_root_url())); + + $r = Router::get(); + + $proxy_args = $r->map($path); + + if (!$proxy_args) { + $this->serverError(_("$path not found"), 404); + } + $oembed=array(); + $oembed['version']='1.0'; + $oembed['provider_name']=common_config('site', 'name'); + $oembed['provider_url']=common_root_url(); + switch($proxy_args['action']){ + case 'shownotice': + $oembed['type']='link'; + $id = $proxy_args['notice']; + $notice = Notice::staticGet($id); + if(empty($notice)){ + $this->serverError(_("notice $id not found"), 404); + } + $profile = $notice->getProfile(); + if (empty($profile)) { + $this->serverError(_('Notice has no profile'), 500); + } + if (!empty($profile->fullname)) { + $authorname = $profile->fullname . ' (' . $profile->nickname . ')'; + } else { + $authorname = $profile->nickname; + } + $oembed['title'] = sprintf(_('%1$s\'s status on %2$s'), + $authorname, + common_exact_date($notice->created)); + $oembed['author_name']=$authorname; + $oembed['author_url']=$profile->profileurl; + $oembed['url']=($notice->url?$notice->url:$notice->uri); + $oembed['html']=$notice->rendered; + break; + case 'attachment': + $id = $proxy_args['attachment']; + $attachment = File::staticGet($id); + if(empty($attachment)){ + $this->serverError(_("attachment $id not found"), 404); + } + if(empty($attachment->filename) && $file_oembed = File_oembed::staticGet('file_id', $attachment->id)){ + // Proxy the existing oembed information + $oembed['type']=$file_oembed->type; + $oembed['provider']=$file_oembed->provider; + $oembed['provider_url']=$file_oembed->provider_url; + $oembed['width']=$file_oembed->width; + $oembed['height']=$file_oembed->height; + $oembed['html']=$file_oembed->html; + $oembed['title']=$file_oembed->title; + $oembed['author_name']=$file_oembed->author_name; + $oembed['author_url']=$file_oembed->author_url; + $oembed['url']=$file_oembed->url; + }else if(substr($attachment->mimetype,0,strlen('image/'))=='image/'){ + $oembed['type']='photo'; + //TODO set width and height + //$oembed['width']= + //$oembed['height']= + $oembed['url']=$attachment->url; + }else{ + $oembed['type']='link'; + $oembed['url']=common_local_url('attachment', + array('attachment' => $attachment->id)); + } + if($attachment->title) $oembed['title']=$attachment->title; + break; + default: + $this->serverError(_("$path not supported for oembed requests"), 501); + } + + switch($apidata['content-type']){ + case 'xml': + $this->init_document('xml'); + $this->elementStart('oembed'); + $this->element('version',null,$oembed['version']); + $this->element('type',null,$oembed['type']); + if($oembed['provider_name']) $this->element('provider_name',null,$oembed['provider_name']); + if($oembed['provider_url']) $this->element('provider_url',null,$oembed['provider_url']); + if($oembed['title']) $this->element('title',null,$oembed['title']); + if($oembed['author_name']) $this->element('author_name',null,$oembed['author_name']); + if($oembed['author_url']) $this->element('author_url',null,$oembed['author_url']); + if($oembed['url']) $this->element('url',null,$oembed['url']); + if($oembed['html']) $this->element('html',null,$oembed['html']); + if($oembed['width']) $this->element('width',null,$oembed['width']); + if($oembed['height']) $this->element('height',null,$oembed['height']); + if($oembed['cache_age']) $this->element('cache_age',null,$oembed['cache_age']); + if($oembed['thumbnail_url']) $this->element('thumbnail_url',null,$oembed['thumbnail_url']); + if($oembed['thumbnail_width']) $this->element('thumbnail_width',null,$oembed['thumbnail_width']); + if($oembed['thumbnail_height']) $this->element('thumbnail_height',null,$oembed['thumbnail_height']); + + + $this->elementEnd('oembed'); + $this->end_document('xml'); + break; + case 'json': + $this->init_document('json'); + print(json_encode($oembed)); + $this->end_document('json'); + break; + default: + $this->serverError(_('content type ' . $apidata['content-type'] . ' not supported'), 501); + } + + }else{ + $this->serverError(_('Only ' . common_root_url() . ' urls over plain http please'), 404); + } + } +} + diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index c9943698d..185129d5e 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -449,7 +449,8 @@ class TwitapistatusesAction extends TwitterapiAction function friends($args, $apidata) { parent::handle($args); - return $this->subscriptions($apidata, 'subscribed', 'subscriber'); + $includeStatuses=! (boolean) $args['lite']; + return $this->subscriptions($apidata, 'subscribed', 'subscriber', false, $includeStatuses); } function friendsIDs($args, $apidata) @@ -461,7 +462,8 @@ class TwitapistatusesAction extends TwitterapiAction function followers($args, $apidata) { parent::handle($args); - return $this->subscriptions($apidata, 'subscriber', 'subscribed'); + $includeStatuses=! (boolean) $args['lite']; + return $this->subscriptions($apidata, 'subscriber', 'subscribed', false, $includeStatuses); } function followersIDs($args, $apidata) @@ -470,7 +472,7 @@ class TwitapistatusesAction extends TwitterapiAction return $this->subscriptions($apidata, 'subscriber', 'subscribed', true); } - function subscriptions($apidata, $other_attr, $user_attr, $onlyIDs=false) + function subscriptions($apidata, $other_attr, $user_attr, $onlyIDs=false, $includeStatuses=true) { $this->auth_user = $apidata['user']; $user = $this->get_user($apidata['api_arg'], $apidata); @@ -526,26 +528,26 @@ class TwitapistatusesAction extends TwitterapiAction if ($onlyIDs) { $this->showIDs($others, $type); } else { - $this->show_profiles($others, $type); + $this->show_profiles($others, $type, $includeStatuses); } $this->end_document($type); } - function show_profiles($profiles, $type) + function show_profiles($profiles, $type, $includeStatuses) { switch ($type) { case 'xml': $this->elementStart('users', array('type' => 'array')); foreach ($profiles as $profile) { - $this->show_profile($profile); + $this->show_profile($profile,$type,null,$includeStatuses); } $this->elementEnd('users'); break; case 'json': $arrays = array(); foreach ($profiles as $profile) { - $arrays[] = $this->twitter_user_array($profile, true); + $arrays[] = $this->twitter_user_array($profile, $includeStatuses); } print json_encode($arrays); break; diff --git a/actions/twitapitags.php b/actions/twitapitags.php index 5c8527530..e19e1b1ed 100644 --- a/actions/twitapitags.php +++ b/actions/twitapitags.php @@ -88,8 +88,7 @@ require_once INSTALLDIR.'/lib/twitterapi.php'; $this->show_xml_timeline($notice); break; case 'rss': - $this->show_rss_timeline($notice, $title, $link, - $subtitle, $suplink); + $this->show_rss_timeline($notice, $title, $link, $subtitle); break; case 'atom': if (isset($apidata['api_arg'])) { @@ -101,7 +100,7 @@ require_once INSTALLDIR.'/lib/twitterapi.php'; 'api/laconica/tags/timeline.atom'; } $this->show_atom_timeline($notice, $title, $id, $link, - $subtitle, $suplink, $selfuri); + $subtitle, null, $selfuri); break; case 'json': $this->show_json_timeline($notice); diff --git a/actions/twitterauthorization.php b/actions/twitterauthorization.php new file mode 100644 index 000000000..b04f35327 --- /dev/null +++ b/actions/twitterauthorization.php @@ -0,0 +1,222 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Class for doing OAuth authentication against Twitter + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Twitter + * @package Laconica + * @author Zach Copely <zach@controlyourself.ca> + * @copyright 2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +/** + * Class for doing OAuth authentication against Twitter + * + * Peforms the OAuth "dance" between Laconica and Twitter -- requests a token, + * authorizes it, and exchanges it for an access token. It also creates a link + * (Foreign_link) between the Laconica user and Twitter user and stores the + * access token and secret in the link. + * + * @category Twitter + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + * + */ +class TwitterauthorizationAction extends Action +{ + /** + * Initialize class members. Looks for 'oauth_token' parameter. + * + * @param array $args misc. arguments + * + * @return boolean true + */ + function prepare($args) + { + parent::prepare($args); + + $this->oauth_token = $this->arg('oauth_token'); + + return true; + } + + /** + * Handler method + * + * @param array $args is ignored since it's now passed in in prepare() + * + * @return nothing + */ + function handle($args) + { + parent::handle($args); + + if (!common_logged_in()) { + $this->clientError(_('Not logged in.'), 403); + } + + $user = common_current_user(); + $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE); + + // If there's already a foreign link record, it means we already + // have an access token, and this is unecessary. So go back. + + if (isset($flink)) { + common_redirect(common_local_url('twittersettings')); + } + + // $this->oauth_token is only populated once Twitter authorizes our + // request token. If it's empty we're at the beginning of the auth + // process + + if (empty($this->oauth_token)) { + $this->authorizeRequestToken(); + } else { + $this->saveAccessToken(); + } + } + + /** + * Asks Twitter for a request token, and then redirects to Twitter + * to authorize it. + * + * @return nothing + */ + function authorizeRequestToken() + { + try { + + // Get a new request token and authorize it + + $client = new TwitterOAuthClient(); + $req_tok = + $client->getRequestToken(TwitterOAuthClient::$requestTokenURL); + + // Sock the request token away in the session temporarily + + $_SESSION['twitter_request_token'] = $req_tok->key; + $_SESSION['twitter_request_token_secret'] = $req_tok->secret; + + $auth_link = $client->getAuthorizeLink($req_tok); + + } catch (TwitterOAuthClientException $e) { + $msg = sprintf('OAuth client cURL error - code: %1s, msg: %2s', + $e->getCode(), $e->getMessage()); + $this->serverError(_('Couldn\'t link your Twitter account.')); + } + + common_redirect($auth_link); + } + + /** + * Called when Twitter returns an authorized request token. Exchanges + * it for an access token and stores it. + * + * @return nothing + */ + function saveAccessToken() + { + + // Check to make sure Twitter returned the same request + // token we sent them + + if ($_SESSION['twitter_request_token'] != $this->oauth_token) { + $this->serverError(_('Couldn\'t link your Twitter account.')); + } + + try { + + $client = new TwitterOAuthClient($_SESSION['twitter_request_token'], + $_SESSION['twitter_request_token_secret']); + + // Exchange the request token for an access token + + $atok = $client->getAccessToken(TwitterOAuthClient::$accessTokenURL); + + // Test the access token and get the user's Twitter info + + $client = new TwitterOAuthClient($atok->key, $atok->secret); + $twitter_user = $client->verifyCredentials(); + + } catch (OAuthClientException $e) { + $msg = sprintf('OAuth client cURL error - code: %1$s, msg: %2$s', + $e->getCode(), $e->getMessage()); + $this->serverError(_('Couldn\'t link your Twitter account.')); + } + + // Save the access token and Twitter user info + + $this->saveForeignLink($atok, $twitter_user); + + // Clean up the the mess we made in the session + + unset($_SESSION['twitter_request_token']); + unset($_SESSION['twitter_request_token_secret']); + + common_redirect(common_local_url('twittersettings')); + } + + /** + * Saves a Foreign_link between Twitter user and local user, + * which includes the access token and secret. + * + * @param OAuthToken $access_token the access token to save + * @param mixed $twitter_user twitter API user object + * + * @return nothing + */ + function saveForeignLink($access_token, $twitter_user) + { + $user = common_current_user(); + + $flink = new Foreign_link(); + + $flink->user_id = $user->id; + $flink->foreign_id = $twitter_user->id; + $flink->service = TWITTER_SERVICE; + + $creds = TwitterOAuthClient::packToken($access_token); + + $flink->credentials = $creds; + $flink->created = common_sql_now(); + + // Defaults: noticesync on, everything else off + + $flink->set_flags(true, false, false, false); + + $flink_id = $flink->insert(); + + if (empty($flink_id)) { + common_log_db_error($flink, 'INSERT', __FILE__); + $this->serverError(_('Couldn\'t link your Twitter account.')); + } + + save_twitter_user($twitter_user->id, $twitter_user->screen_name); + } + +} + diff --git a/actions/twittersettings.php b/actions/twittersettings.php index 2b742788e..0859ab9d3 100644 --- a/actions/twittersettings.php +++ b/actions/twittersettings.php @@ -34,8 +34,6 @@ if (!defined('LACONICA')) { require_once INSTALLDIR.'/lib/connectsettingsaction.php'; require_once INSTALLDIR.'/lib/twitter.php'; -define('SUBSCRIPTIONS', 80); - /** * Settings for Twitter integration * @@ -69,9 +67,8 @@ class TwittersettingsAction extends ConnectSettingsAction function getInstructions() { - return _('Add your Twitter account to automatically send '. - ' your notices to Twitter, ' . - 'and subscribe to Twitter friends already here.'); + return _('Connect your Twitter account to share your updates ' . + 'with your Twitter friends and vice-versa.'); } /** @@ -85,6 +82,12 @@ class TwittersettingsAction extends ConnectSettingsAction function showContent() { + if (!common_config('twitter', 'enabled')) { + $this->element('div', array('class' => 'error'), + _('Twitter is not available.')); + return; + } + $user = common_current_user(); $profile = $user->getProfile(); @@ -93,7 +96,7 @@ class TwittersettingsAction extends ConnectSettingsAction $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE); - if ($flink) { + if (!empty($flink)) { $fuser = $flink->getForeignUser(); } @@ -102,192 +105,86 @@ class TwittersettingsAction extends ConnectSettingsAction 'class' => 'form_settings', 'action' => common_local_url('twittersettings'))); - $this->elementStart('fieldset', array('id' => 'settings_twitter_account')); - $this->element('legend', null, _('Twitter Account')); + $this->hidden('token', common_session_token()); - if ($fuser) { + + $this->elementStart('fieldset', array('id' => 'settings_twitter_account')); + + if (empty($fuser)) { $this->elementStart('ul', 'form_data'); - $this->elementStart('li', array('id' => 'settings_twitter_remove')); - $this->element('span', 'twitter_user', $fuser->nickname); - $this->element('a', array('href' => $fuser->uri), $fuser->uri); - $this->element('p', 'form_note', - _('Current verified Twitter account.')); - $this->hidden('flink_foreign_id', $flink->foreign_id); + $this->elementStart('li', array('id' => 'settings_twitter_login_button')); + $this->element('a', array('href' => common_local_url('twitterauthorization')), + 'Connect my Twitter account'); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('remove', _('Remove')); + + $this->elementEnd('fieldset'); } else { + $this->element('legend', null, _('Twitter account')); + $this->elementStart('p', array('id' => 'form_confirmed')); + $this->element('a', array('href' => $fuser->uri), $fuser->nickname); + $this->elementEnd('p'); + $this->element('p', 'form_note', + _('Connected Twitter account')); + + $this->submit('remove', _('Remove')); + + $this->elementEnd('fieldset'); + + $this->elementStart('fieldset', array('id' => 'settings_twitter_preferences')); + + $this->element('legend', null, _('Preferences')); $this->elementStart('ul', 'form_data'); - $this->elementStart('li', array('id' => 'settings_twitter_login')); - $this->input('twitter_username', _('Twitter user name'), - ($this->arg('twitter_username')) ? - $this->arg('twitter_username') : - $profile->nickname, - _('No spaces, please.')); // hey, it's what Twitter says + $this->elementStart('li'); + $this->checkbox('noticesend', + _('Automatically send my notices to Twitter.'), + ($flink) ? + ($flink->noticesync & FOREIGN_NOTICE_SEND) : + true); $this->elementEnd('li'); $this->elementStart('li'); - $this->password('twitter_password', _('Twitter password')); - $this->elementend('li'); - $this->elementEnd('ul'); - } - $this->elementEnd('fieldset'); - - $this->elementStart('fieldset', - array('id' => 'settings_twitter_preferences')); - $this->element('legend', null, _('Preferences')); - - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->checkbox('noticesend', - _('Automatically send my notices to Twitter.'), - ($flink) ? - ($flink->noticesync & FOREIGN_NOTICE_SEND) : - true); - $this->elementEnd('li'); - $this->elementStart('li'); - $this->checkbox('replysync', - _('Send local "@" replies to Twitter.'), - ($flink) ? - ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) : - true); - $this->elementEnd('li'); - $this->elementStart('li'); - $this->checkbox('friendsync', - _('Subscribe to my Twitter friends here.'), - ($flink) ? - ($flink->friendsync & FOREIGN_FRIEND_RECV) : - false); - $this->elementEnd('li'); - - if (common_config('twitterbridge','enabled')) { + $this->checkbox('replysync', + _('Send local "@" replies to Twitter.'), + ($flink) ? + ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) : + true); + $this->elementEnd('li'); $this->elementStart('li'); - $this->checkbox('noticerecv', - _('Import my Friends Timeline.'), + $this->checkbox('friendsync', + _('Subscribe to my Twitter friends here.'), ($flink) ? - ($flink->noticesync & FOREIGN_NOTICE_RECV) : + ($flink->friendsync & FOREIGN_FRIEND_RECV) : false); $this->elementEnd('li'); - } else { - // preserve setting even if bidrection bridge toggled off - if ($flink && ($flink->noticesync & FOREIGN_NOTICE_RECV)) { - $this->hidden('noticerecv', true, 'noticerecv'); - } - } - - $this->elementEnd('ul'); - - if ($flink) { - $this->submit('save', _('Save')); - } else { - $this->submit('add', _('Add')); - } - $this->elementEnd('fieldset'); - - $this->showTwitterSubscriptions(); - - $this->elementEnd('form'); - } - - /** - * Gets some of the user's Twitter friends - * - * Gets the number of Twitter friends that are on this - * instance of Laconica. - * - * @return array array of User objects - */ - - function subscribedTwitterUsers() - { - - $current_user = common_current_user(); - - $qry = 'SELECT "user".* ' . - 'FROM subscription ' . - 'JOIN "user" ON subscription.subscribed = "user".id ' . - 'JOIN foreign_link ON foreign_link.user_id = "user".id ' . - 'WHERE subscriber = %d ' . - 'ORDER BY "user".nickname'; - - $user = new User(); - - $user->query(sprintf($qry, $current_user->id)); - - $users = array(); - - while ($user->fetch()) { - - // Don't include the user's own self-subscription - if ($user->id != $current_user->id) { - $users[] = clone($user); - } - } - - return $users; - } - - /** - * Show user's Twitter friends - * - * Gets the number of Twitter friends that are on this - * instance of Laconica, and shows their mini-avatars. - * - * @return void - */ - - function showTwitterSubscriptions() - { - - $friends = $this->subscribedTwitterUsers(); - - $friends_count = count($friends); - if ($friends_count > 0) { - $this->elementStart('div', array('id' => 'entity_subscriptions', - 'class' => 'section')); - $this->element('h2', null, _('Twitter Friends')); - $this->elementStart('ul', 'entities users xoxo'); - - for ($i = 0; $i < min($friends_count, SUBSCRIPTIONS); $i++) { + if (common_config('twitterbridge','enabled')) { + $this->elementStart('li'); + $this->checkbox('noticerecv', + _('Import my Friends Timeline.'), + ($flink) ? + ($flink->noticesync & FOREIGN_NOTICE_RECV) : + false); + $this->elementEnd('li'); - $other = Profile::staticGet($friends[$i]->id); + // preserve setting even if bidrection bridge toggled off - if (!$other) { - common_log_db_error($subs, 'SELECT', __FILE__); - continue; + if ($flink && ($flink->noticesync & FOREIGN_NOTICE_RECV)) { + $this->hidden('noticerecv', true, 'noticerecv'); } - - $this->elementStart('li', 'vcard'); - $this->elementStart('a', array('title' => ($other->fullname) ? - $other->fullname : - $other->nickname, - 'href' => $other->profileurl, - 'class' => 'url')); - - $avatar = $other->getAvatar(AVATAR_MINI_SIZE); - - $avatar_url = ($avatar) ? - $avatar->displayUrl() : - Avatar::defaultImage(AVATAR_MINI_SIZE); - - $this->element('img', array('src' => $avatar_url, - 'width' => AVATAR_MINI_SIZE, - 'height' => AVATAR_MINI_SIZE, - 'class' => 'avatar photo', - 'alt' => ($other->fullname) ? - $other->fullname : - $other->nickname)); - - $this->element('span', 'fn nickname', $other->nickname); - $this->elementEnd('a'); - $this->elementEnd('li'); - } $this->elementEnd('ul'); - $this->elementEnd('div'); + if ($flink) { + $this->submit('save', _('Save')); + } else { + $this->submit('add', _('Add')); + } + + $this->elementEnd('fieldset'); } + + $this->elementEnd('form'); } /** @@ -303,7 +200,6 @@ class TwittersettingsAction extends ConnectSettingsAction function handlePost() { - // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { @@ -314,8 +210,6 @@ class TwittersettingsAction extends ConnectSettingsAction if ($this->arg('save')) { $this->savePreferences(); - } else if ($this->arg('add')) { - $this->addTwitterAccount(); } else if ($this->arg('remove')) { $this->removeTwitterAccount(); } else { @@ -324,82 +218,6 @@ class TwittersettingsAction extends ConnectSettingsAction } /** - * Associate a Twitter account with the user's account - * - * Validates post input; verifies it against Twitter; and if - * successful stores in the database. - * - * @return void - */ - - function addTwitterAccount() - { - $screen_name = $this->trimmed('twitter_username'); - $password = $this->trimmed('twitter_password'); - $noticesend = $this->boolean('noticesend'); - $noticerecv = $this->boolean('noticerecv'); - $replysync = $this->boolean('replysync'); - $friendsync = $this->boolean('friendsync'); - - if (!Validate::string($screen_name, - array('min_length' => 1, - 'max_length' => 15, - 'format' => VALIDATE_NUM.VALIDATE_ALPHA.'_'))) { - $this->showForm(_('Username must have only numbers, '. - 'upper- and lowercase letters, '. - 'and underscore (_). 15 chars max.')); - return; - } - - if (!$this->verifyCredentials($screen_name, $password)) { - $this->showForm(_('Could not verify your Twitter credentials!')); - return; - } - - $twit_user = twitter_user_info($screen_name, $password); - - if (!$twit_user) { - $this->showForm(sprintf(_('Unable to retrieve account information '. - 'For "%s" from Twitter.'), - $screen_name)); - return; - } - - if (!save_twitter_user($twit_user->id, $screen_name)) { - $this->showForm(_('Unable to save your Twitter settings!')); - return; - } - - $user = common_current_user(); - - $flink = new Foreign_link(); - - $flink->user_id = $user->id; - $flink->foreign_id = $twit_user->id; - $flink->service = TWITTER_SERVICE; - $flink->credentials = $password; - $flink->created = common_sql_now(); - - $flink->set_flags($noticesend, $noticerecv, $replysync, $friendsync); - - $flink_id = $flink->insert(); - - if (!$flink_id) { - common_log_db_error($flink, 'INSERT', __FILE__); - $this->showForm(_('Unable to save your Twitter settings!')); - return; - } - - if ($friendsync) { - save_twitter_friends($user, $twit_user->id, $screen_name, $password); - $flink->last_friendsync = common_sql_now(); - $flink->update(); - } - - $this->showForm(_('Twitter settings saved.'), true); - } - - /** * Disassociate an existing Twitter account from this account * * @return void @@ -408,20 +226,11 @@ class TwittersettingsAction extends ConnectSettingsAction function removeTwitterAccount() { $user = common_current_user(); - - $flink = Foreign_link::getByUserID($user->id, 1); - - $flink_foreign_id = $this->arg('flink_foreign_id'); - - // Maybe an old tab open...? - if ($flink->foreign_id != $flink_foreign_id) { - $this->showForm(_('That is not your Twitter account.')); - return; - } + $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE); $result = $flink->delete(); - if (!$result) { + if (empty($result)) { common_log_db_error($flink, 'DELETE', __FILE__); $this->serverError(_('Couldn\'t remove Twitter user.')); return; @@ -444,32 +253,16 @@ class TwittersettingsAction extends ConnectSettingsAction $replysync = $this->boolean('replysync'); $user = common_current_user(); + $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE); - $flink = Foreign_link::getByUserID($user->id, 1); - - if (!$flink) { + if (empty($flink)) { common_log_db_error($flink, 'SELECT', __FILE__); $this->showForm(_('Couldn\'t save Twitter preferences.')); return; } - $twitter_id = $flink->foreign_id; - $password = $flink->credentials; - - $fuser = $flink->getForeignUser(); - - if (!$fuser) { - common_log_db_error($fuser, 'SELECT', __FILE__); - $this->showForm(_('Couldn\'t save Twitter preferences.')); - return; - } - - $screen_name = $fuser->nickname; - $original = clone($flink); - $flink->set_flags($noticesend, $noticerecv, $replysync, $friendsync); - $result = $flink->update($original); if ($result === false) { @@ -478,45 +271,7 @@ class TwittersettingsAction extends ConnectSettingsAction return; } - if ($friendsync) { - save_twitter_friends($user, $flink->foreign_id, $screen_name, $password); - } - $this->showForm(_('Twitter preferences saved.'), true); } - /** - * Verifies a username and password against Twitter's API - * - * @param string $screen_name Twitter user name - * @param string $password Twitter password - * - * @return boolean success flag - */ - - function verifyCredentials($screen_name, $password) - { - $uri = 'http://twitter.com/account/verify_credentials.json'; - - $data = get_twitter_data($uri, $screen_name, $password); - - if (!$data) { - return false; - } - - $user = json_decode($data); - - if (!$user) { - return false; - } - - $twitter_id = $user->id; - - if ($twitter_id) { - return $twitter_id; - } - - return false; - } - } diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php index 19275041a..46fbcf657 100644 --- a/actions/unsubscribe.php +++ b/actions/unsubscribe.php @@ -1,5 +1,16 @@ <?php -/* +/** + * Unsubscribe handler + * + * PHP version 5 + * + * @category Action + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @author Robin Millette <millette@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://laconi.ca/ + * * Laconica - a distributed open-source microblogging tool * Copyright (C) 2008, 2009, Control Yourself, Inc. * @@ -17,6 +28,20 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +if (!defined('LACONICA')) { + exit(1); +} + +/** + * Unsubscribe handler + * + * @category Action + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @author Robin Millette <millette@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://laconi.ca/ + */ class UnsubscribeAction extends Action { @@ -31,16 +56,18 @@ class UnsubscribeAction extends Action $user = common_current_user(); if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + common_redirect(common_local_url('subscriptions', + array('nickname' => $user->nickname))); return; } - # CSRF protection + /* Use a session token for CSRF protection. */ $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); + $this->clientError(_('There was a problem with your session token. ' . + 'Try again, please.')); return; } @@ -53,7 +80,7 @@ class UnsubscribeAction extends Action $other = Profile::staticGet('id', $other_id); - if (!$other_id) { + if (!$other) { $this->clientError(_('No profile with that id.')); return; } @@ -76,8 +103,8 @@ class UnsubscribeAction extends Action $this->elementEnd('body'); $this->elementEnd('html'); } else { - common_redirect(common_local_url('subscriptions', array('nickname' => - $user->nickname)), + common_redirect(common_local_url('subscriptions', + array('nickname' => $user->nickname)), 303); } } diff --git a/actions/updateprofile.php b/actions/updateprofile.php index d8b62fb09..f6cb277aa 100644 --- a/actions/updateprofile.php +++ b/actions/updateprofile.php @@ -79,7 +79,7 @@ class UpdateprofileAction extends Action $nickname = $req->get_parameter('omb_listenee_nickname'); if ($nickname && !Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { $this->clientError(_('Nickname must have only lowercase letters and numbers and no spaces.')); return false; } diff --git a/actions/userauthorization.php b/actions/userauthorization.php index 8dc2c808d..7e397e888 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -47,7 +47,11 @@ class UserauthorizationAction extends Action # Go log in, and then come back common_set_returnto($_SERVER['REQUEST_URI']); - common_redirect(common_local_url('login')); + if (!common_config('site', 'openidonly')) { + common_redirect(common_local_url('login')); + } else { + common_redirect(common_local_url('openidlogin')); + } return; } @@ -481,7 +485,7 @@ class UserauthorizationAction extends Action $nickname = $_GET['omb_listenee_nickname']; if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { throw new OAuthException('Nickname must have only letters and numbers and no spaces.'); } $profile = $_GET['omb_listenee_profile']; diff --git a/actions/userrss.php b/actions/userrss.php index 8a940865f..a9f3fd5f8 100644 --- a/actions/userrss.php +++ b/actions/userrss.php @@ -88,9 +88,10 @@ class UserrssAction extends Rss10Action $c = array('url' => common_local_url('userrss', array('nickname' => $user->nickname)), - 'title' => $user->nickname, + 'title' => sprintf(_('%s timeline'), $user->nickname), 'link' => $profile->profileurl, - 'description' => sprintf(_('Microblog by %s'), $user->nickname)); + 'description' => sprintf(_('Updates from %1$s on %2$s!'), + $user->nickname, common_config('site', 'name'))); return $c; } diff --git a/classes/Design.php b/classes/Design.php index dc1712aff..19c9e0292 100644 --- a/classes/Design.php +++ b/classes/Design.php @@ -107,7 +107,7 @@ class Design extends Memcached_DataObject static function toWebColor($color) { - if (is_null($color)) { + if ($color == null) { return null; } @@ -204,7 +204,10 @@ class Design extends Memcached_DataObject 'disposition'); foreach ($attrs as $attr) { - $siteDesign->$attr = common_config('design', $attr); + $val = common_config('design', $attr); + if ($val !== false) { + $siteDesign->$attr = $val; + } } } diff --git a/classes/Fave.php b/classes/Fave.php index d1e3b01b3..11e876ff1 100644 --- a/classes/Fave.php +++ b/classes/Fave.php @@ -79,7 +79,7 @@ class Fave extends Memcached_DataObject $qry .= 'ORDER BY modified DESC '; if (!is_null($offset)) { - $qry .= "LIMIT $offset, $limit"; + $qry .= "LIMIT $limit OFFSET $offset"; } $fav->query($qry); diff --git a/classes/File.php b/classes/File.php index 56d9f9827..959301eda 100644 --- a/classes/File.php +++ b/classes/File.php @@ -79,9 +79,8 @@ class File extends Memcached_DataObject if (isset($redir_data['type']) && ('text/html' === substr($redir_data['type'], 0, 9)) - && ($oembed_data = File_oembed::_getOembed($given_url)) - && isset($oembed_data['json'])) { - File_oembed::saveNew($oembed_data['json'], $file_id); + && ($oembed_data = File_oembed::_getOembed($given_url))) { + File_oembed::saveNew($oembed_data, $file_id); } return $x; } @@ -94,7 +93,6 @@ class File extends Memcached_DataObject if (empty($file)) { $file_redir = File_redirection::staticGet('url', $given_url); if (empty($file_redir)) { - common_debug("processNew() '$given_url' not a known redirect.\n"); $redir_data = File_redirection::where($given_url); $redir_url = $redir_data['url']; if ($redir_url === $given_url) { @@ -115,7 +113,9 @@ class File extends Memcached_DataObject if (empty($x)) { $x = File::staticGet($file_id); - if (empty($x)) die('Impossible!'); + if (empty($x)) { + throw new ServerException("Robin thinks something is impossible."); + } } File_to_post::processNew($file_id, $notice_id); @@ -123,6 +123,7 @@ class File extends Memcached_DataObject } function isRespectsQuota($user,$fileSize) { + if ($fileSize > common_config('attachments', 'file_quota')) { return sprintf(_('No file may be larger than %d bytes ' . 'and the file you sent was %d bytes. Try to upload a smaller version.'), @@ -136,8 +137,7 @@ class File extends Memcached_DataObject if ($total > common_config('attachments', 'user_quota')) { return sprintf(_('A file this large would exceed your user quota of %d bytes.'), common_config('attachments', 'user_quota')); } - - $query .= ' month(modified) = month(now()) and year(modified) = year(now())'; + $query .= ' AND EXTRACT(month FROM file.modified) = EXTRACT(month FROM now()) and EXTRACT(year FROM file.modified) = EXTRACT(year FROM now())'; $this->query($query); $this->fetch(); $total = $this->total + $fileSize; diff --git a/classes/File_oembed.php b/classes/File_oembed.php index 69230e4a4..bbf112729 100644 --- a/classes/File_oembed.php +++ b/classes/File_oembed.php @@ -56,33 +56,46 @@ class File_oembed extends Memcached_DataObject return array(false, false, false); } - function _getOembed($url, $maxwidth = 500, $maxheight = 400, $format = 'json') { - $cmd = common_config('oohembed', 'endpoint') . '?url=' . urlencode($url); - if (is_int($maxwidth)) $cmd .= "&maxwidth=$maxwidth"; - if (is_int($maxheight)) $cmd .= "&maxheight=$maxheight"; - if (is_string($format)) $cmd .= "&format=$format"; - $oe = @file_get_contents($cmd); - if (false === $oe) return false; - return array($format => (('json' === $format) ? json_decode($oe, true) : $oe)); + function _getOembed($url, $maxwidth = 500, $maxheight = 400) { + require_once INSTALLDIR.'/extlib/Services/oEmbed.php'; + $parameters = array( + 'maxwidth'=>$maxwidth, + 'maxheight'=>$maxheight, + ); + try{ + $oEmbed = new Services_oEmbed($url); + $object = $oEmbed->getObject($parameters); + return $object; + }catch(Exception $e){ + try{ + $oEmbed = new Services_oEmbed($url, array( + Services_oEmbed::OPTION_API => common_config('oohembed', 'endpoint') + )); + $object = $oEmbed->getObject($parameters); + return $object; + }catch(Exception $ex){ + return false; + } + } } function saveNew($data, $file_id) { $file_oembed = new File_oembed; $file_oembed->file_id = $file_id; - $file_oembed->version = $data['version']; - $file_oembed->type = $data['type']; - if (!empty($data['provider_name'])) $file_oembed->provider = $data['provider_name']; - if (!isset($file_oembed->provider) && !empty($data['provide'])) $file_oembed->provider = $data['provider']; - if (!empty($data['provide_url'])) $file_oembed->provider_url = $data['provider_url']; - if (!empty($data['width'])) $file_oembed->width = intval($data['width']); - if (!empty($data['height'])) $file_oembed->height = intval($data['height']); - if (!empty($data['html'])) $file_oembed->html = $data['html']; - if (!empty($data['title'])) $file_oembed->title = $data['title']; - if (!empty($data['author_name'])) $file_oembed->author_name = $data['author_name']; - if (!empty($data['author_url'])) $file_oembed->author_url = $data['author_url']; - if (!empty($data['url'])) $file_oembed->url = $data['url']; + $file_oembed->version = $data->version; + $file_oembed->type = $data->type; + if (!empty($data->provider_name)) $file_oembed->provider = $data->provider_name; + if (!empty($data->provider)) $file_oembed->provider = $data->provider; + if (!empty($data->provide_url)) $file_oembed->provider_url = $data->provider_url; + if (!empty($data->width)) $file_oembed->width = intval($data->width); + if (!empty($data->height)) $file_oembed->height = intval($data->height); + if (!empty($data->html)) $file_oembed->html = $data->html; + if (!empty($data->title)) $file_oembed->title = $data->title; + if (!empty($data->author_name)) $file_oembed->author_name = $data->author_name; + if (!empty($data->author_url)) $file_oembed->author_url = $data->author_url; + if (!empty($data->url)) $file_oembed->url = $data->url; $file_oembed->insert(); - if (!empty($data['thumbnail_url'])) { + if (!empty($data->thumbnail_url)) { File_thumbnail::saveNew($data, $file_id); } } diff --git a/classes/File_thumbnail.php b/classes/File_thumbnail.php index 44b92a2fa..0b09c6af8 100644 --- a/classes/File_thumbnail.php +++ b/classes/File_thumbnail.php @@ -51,9 +51,9 @@ class File_thumbnail extends Memcached_DataObject function saveNew($data, $file_id) { $tn = new File_thumbnail; $tn->file_id = $file_id; - $tn->url = $data['thumbnail_url']; - $tn->width = intval($data['thumbnail_width']); - $tn->height = intval($data['thumbnail_height']); + $tn->url = $data->thumbnail_url; + $tn->width = intval($data->thumbnail_width); + $tn->height = intval($data->thumbnail_height); $tn->insert(); } } diff --git a/classes/Notice.php b/classes/Notice.php index 4b9a866b0..ebd5e1efd 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -98,13 +98,20 @@ class Notice extends Memcached_DataObject function saveTags() { /* extract all #hastags */ - $count = preg_match_all('/(?:^|\s)#([A-Za-z0-9_\-\.]{1,64})/', strtolower($this->content), $match); + $count = preg_match_all('/(?:^|\s)#([\pL\pN_\-\.]{1,64})/', strtolower($this->content), $match); if (!$count) { return true; } + //turn each into their canonical tag + //this is needed to remove dupes before saving e.g. #hash.tag = #hashtag + $hashtags = array(); + for($i=0; $i<count($match[1]); $i++) { + $hashtags[] = common_canonical_tag($match[1][$i]); + } + /* Add them to the database */ - foreach(array_unique($match[1]) as $hashtag) { + foreach(array_unique($hashtags) as $hashtag) { /* elide characters we don't want in the tag */ $this->saveTag($hashtag); } @@ -113,8 +120,6 @@ class Notice extends Memcached_DataObject function saveTag($hashtag) { - $hashtag = common_canonical_tag($hashtag); - $tag = new Notice_tag(); $tag->notice_id = $this->id; $tag->tag = $hashtag; @@ -177,29 +182,30 @@ class Notice extends Memcached_DataObject $notice->is_local = $is_local; } - $notice->query('BEGIN'); - - $notice->reply_to = $reply_to; if (!empty($created)) { $notice->created = $created; } else { $notice->created = common_sql_now(); } + $notice->content = $final; $notice->rendered = common_render_content($final, $notice); $notice->source = $source; $notice->uri = $uri; - if (!empty($reply_to)) { - $reply_notice = Notice::staticGet('id', $reply_to); - if (!empty($reply_notice)) { - $notice->reply_to = $reply_to; - $notice->conversation = $reply_notice->conversation; - } + $notice->reply_to = self::getReplyTo($reply_to, $profile_id, $source, $final); + + if (!empty($notice->reply_to)) { + $reply = Notice::staticGet('id', $notice->reply_to); + $notice->conversation = $reply->conversation; } if (Event::handle('StartNoticeSave', array(&$notice))) { + // XXX: some of these functions write to the DB + + $notice->query('BEGIN'); + $id = $notice->insert(); if (!$id) { @@ -207,18 +213,33 @@ class Notice extends Memcached_DataObject return _('Problem saving notice.'); } - # Update the URI after the notice is in the database - if (!$uri) { - $orig = clone($notice); + // Update ID-dependent columns: URI, conversation + + $orig = clone($notice); + + $changed = false; + + if (empty($uri)) { $notice->uri = common_notice_uri($notice); + $changed = true; + } + // If it's not part of a conversation, it's + // the beginning of a new conversation. + + if (empty($notice->conversation)) { + $notice->conversation = $notice->id; + $changed = true; + } + + if ($changed) { if (!$notice->update($orig)) { common_log_db_error($notice, 'UPDATE', __FILE__); return _('Problem saving notice.'); } } - # XXX: do we need to change this for remote users? + // XXX: do we need to change this for remote users? $notice->saveReplies(); $notice->saveTags(); @@ -226,8 +247,13 @@ class Notice extends Memcached_DataObject $notice->addToInboxes(); $notice->saveUrls(); + + // FIXME: why do we have to re-render the content? + // Remove this if it's not necessary. + $orig2 = clone($notice); - $notice->rendered = common_render_content($final, $notice); + + $notice->rendered = common_render_content($final, $notice); if (!$notice->update($orig2)) { common_log_db_error($notice, 'UPDATE', __FILE__); return _('Problem saving notice.'); @@ -284,9 +310,9 @@ class Notice extends Memcached_DataObject $notice->profile_id = $profile_id; $notice->content = $content; if (common_config('db','type') == 'pgsql') - $notice->whereAdd('extract(epoch from now() - created) < ' . common_config('site', 'dupelimit')); + $notice->whereAdd('extract(epoch from now() - created) < ' . common_config('site', 'dupelimit')); else - $notice->whereAdd('now() - created < ' . common_config('site', 'dupelimit')); + $notice->whereAdd('now() - created < ' . common_config('site', 'dupelimit')); $cnt = $notice->count(); return ($cnt == 0); @@ -874,8 +900,11 @@ class Notice extends Memcached_DataObject if ($cnt > 0) { $qry .= ', '; } - $qry .= '('.$id.', '.$this->id.', '.$source.', "'.$this->created.'") '; + $qry .= '('.$id.', '.$this->id.', '.$source.", '".$this->created. "') "; $cnt++; + if (rand() % NOTICE_INBOX_SOFT_LIMIT == 0) { + Notice_inbox::gc($id); + } if ($cnt >= MAX_BOXCARS) { $inbox = new Notice_inbox(); $inbox->query($qry); @@ -897,10 +926,14 @@ class Notice extends Memcached_DataObject { $user = new User(); + if(common_config('db','quote_identifiers')) + $user_table = '"user"'; + else $user_table = 'user'; + $qry = 'SELECT id ' . - 'FROM user JOIN subscription '. - 'ON user.id = subscription.subscriber ' . + 'FROM '. $user_table .' JOIN subscription '. + 'ON '. $user_table .'.id = subscription.subscriber ' . 'WHERE subscription.subscribed = %d '; $user->query(sprintf($qry, $this->profile_id)); @@ -1018,16 +1051,6 @@ class Notice extends Memcached_DataObject if (!$recipient) { continue; } - if ($i == 0 && ($recipient->id != $sender->id) && !$this->reply_to) { // Don't save reply to self - $reply_for = $recipient; - $recipient_notice = $reply_for->getCurrentNotice(); - if ($recipient_notice) { - $orig = clone($this); - $this->reply_to = $recipient_notice->id; - $this->conversation = $recipient_notice->conversation; - $this->update($orig); - } - } // Don't save replies from blocked profile to local user $recipient_user = User::staticGet('id', $recipient->id); if ($recipient_user && $recipient_user->hasBlocked($sender)) { @@ -1074,14 +1097,6 @@ class Notice extends Memcached_DataObject } } - // If it's not a reply, make it the root of a new conversation - - if (empty($this->conversation)) { - $orig = clone($this); - $this->conversation = $this->id; - $this->update($orig); - } - foreach (array_keys($replied) as $recipient) { $user = User::staticGet('id', $recipient); if ($user) { @@ -1253,4 +1268,76 @@ class Notice extends Memcached_DataObject return $ids; } + + /** + * Determine which notice, if any, a new notice is in reply to. + * + * For conversation tracking, we try to see where this notice fits + * in the tree. Rough algorithm is: + * + * if (reply_to is set and valid) { + * return reply_to; + * } else if ((source not API or Web) and (content starts with "T NAME" or "@name ")) { + * return ID of last notice by initial @name in content; + * } + * + * Note that all @nickname instances will still be used to save "reply" records, + * so the notice shows up in the mentioned users' "replies" tab. + * + * @param integer $reply_to ID passed in by Web or API + * @param integer $profile_id ID of author + * @param string $source Source tag, like 'web' or 'gwibber' + * @param string $content Final notice content + * + * @return integer ID of replied-to notice, or null for not a reply. + */ + + static function getReplyTo($reply_to, $profile_id, $source, $content) + { + static $lb = array('xmpp', 'mail', 'sms', 'omb'); + + // If $reply_to is specified, we check that it exists, and then + // return it if it does + + if (!empty($reply_to)) { + $reply_notice = Notice::staticGet('id', $reply_to); + if (!empty($reply_notice)) { + return $reply_to; + } + } + + // If it's not a "low bandwidth" source (one where you can't set + // a reply_to argument), we return. This is mostly web and API + // clients. + + if (!in_array($source, $lb)) { + return null; + } + + // Is there an initial @ or T? + + if (preg_match('/^T ([A-Z0-9]{1,64}) /', $content, $match) || + preg_match('/^@([a-z0-9]{1,64})\s+/', $content, $match)) { + $nickname = common_canonical_nickname($match[1]); + } else { + return null; + } + + // Figure out who that is. + + $sender = Profile::staticGet('id', $profile_id); + $recipient = common_relative_profile($sender, $nickname, common_sql_now()); + + if (empty($recipient)) { + return null; + } + + // Get their last notice + + $last = $recipient->getCurrentNotice(); + + if (!empty($last)) { + return $last->id; + } + } } diff --git a/classes/Notice_inbox.php b/classes/Notice_inbox.php index 940381f84..2af34b1a4 100644 --- a/classes/Notice_inbox.php +++ b/classes/Notice_inbox.php @@ -24,6 +24,10 @@ require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; // We keep 5 pages of inbox notices in memcache, +1 for pagination check define('INBOX_CACHE_WINDOW', 101); +define('NOTICE_INBOX_GC_BOXCAR', 128); +define('NOTICE_INBOX_GC_MAX', 12800); +define('NOTICE_INBOX_LIMIT', 1000); +define('NOTICE_INBOX_SOFT_LIMIT', 1000); define('NOTICE_INBOX_SOURCE_SUB', 1); define('NOTICE_INBOX_SOURCE_GROUP', 2); @@ -100,4 +104,41 @@ class Notice_inbox extends Memcached_DataObject { return Memcached_DataObject::pkeyGet('Notice_inbox', $kv); } + + static function gc($user_id) + { + $entry = new Notice_inbox(); + $entry->user_id = $user_id; + $entry->orderBy('created DESC'); + $entry->limit(NOTICE_INBOX_LIMIT - 1, NOTICE_INBOX_GC_MAX); + + $total = $entry->find(); + + if ($total > 0) { + $notices = array(); + $cnt = 0; + while ($entry->fetch()) { + $notices[] = $entry->notice_id; + $cnt++; + if ($cnt >= NOTICE_INBOX_GC_BOXCAR) { + self::deleteMatching($user_id, $notices); + $notices = array(); + $cnt = 0; + } + } + + if ($cnt > 0) { + self::deleteMatching($user_id, $notices); + $notices = array(); + } + } + } + + static function deleteMatching($user_id, $notices) + { + $entry = new Notice_inbox(); + return $entry->query('DELETE FROM notice_inbox '. + 'WHERE user_id = ' . $user_id . ' ' . + 'AND notice_id in ('.implode(',', $notices).')'); + } } diff --git a/classes/Profile.php b/classes/Profile.php index 224b61bd2..f926b2cef 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -199,7 +199,7 @@ class Profile extends Memcached_DataObject $query .= ' order by id DESC'; if (!is_null($offset)) { - $query .= " limit $offset, $limit"; + $query .= " LIMIT $limit OFFSET $offset"; } $notice->query($query); @@ -360,7 +360,6 @@ class Profile extends Memcached_DataObject $c->set(common_cache_key('profile:subscription_count:'.$this->id), $cnt); } - common_debug("subscriptionCount == $cnt"); return $cnt; } @@ -385,7 +384,6 @@ class Profile extends Memcached_DataObject $c->set(common_cache_key('profile:subscriber_count:'.$this->id), $cnt); } - common_debug("subscriberCount == $cnt"); return $cnt; } @@ -407,7 +405,6 @@ class Profile extends Memcached_DataObject $c->set(common_cache_key('profile:fave_count:'.$this->id), $cnt); } - common_debug("faveCount == $cnt"); return $cnt; } @@ -430,7 +427,6 @@ class Profile extends Memcached_DataObject $c->set(common_cache_key('profile:notice_count:'.$this->id), $cnt); } - common_debug("noticeCount == $cnt"); return $cnt; } diff --git a/classes/User_group.php b/classes/User_group.php index 27b444705..ea19cbb97 100644 --- a/classes/User_group.php +++ b/classes/User_group.php @@ -275,11 +275,14 @@ class User_group extends Memcached_DataObject // XXX: cache this $user = new User(); + if(common_config('db','quote_identifiers')) + $user_table = '"user"'; + else $user_table = 'user'; $qry = 'SELECT id ' . - 'FROM user JOIN group_member '. - 'ON user.id = group_member.profile_id ' . + 'FROM '. $user_table .' JOIN group_member '. + 'ON '. $user_table .'.id = group_member.profile_id ' . 'WHERE group_member.group_id = %d '; $user->query(sprintf($qry, $this->id)); @@ -294,4 +297,45 @@ class User_group extends Memcached_DataObject return $ids; } + + function asAtomEntry($namespace=false, $source=false) + { + $xs = new XMLStringer(true); + + if ($namespace) { + $attrs = array('xmlns' => 'http://www.w3.org/2005/Atom', + 'xmlns:thr' => 'http://purl.org/syndication/thread/1.0'); + } else { + $attrs = array(); + } + + $xs->elementStart('entry', $attrs); + + if ($source) { + $xs->elementStart('source'); + $xs->element('title', null, $profile->nickname . " - " . common_config('site', 'name')); + $xs->element('link', array('href' => $this->permalink())); + } + + if ($source) { + $xs->elementEnd('source'); + } + + $xs->element('title', null, $this->nickname); + $xs->element('summary', null, $this->description); + + $xs->element('link', array('rel' => 'alternate', + 'href' => $this->permalink())); + + $xs->element('id', null, $this->permalink()); + + $xs->element('published', null, common_date_w3dtf($this->created)); + $xs->element('updated', null, common_date_w3dtf($this->modified)); + + $xs->element('content', array('type' => 'html'), $this->description); + + $xs->elementEnd('entry'); + + return $xs->getString(); + } } diff --git a/config.php.sample b/config.php.sample index c27645ff8..8b4b777f2 100644 --- a/config.php.sample +++ b/config.php.sample @@ -38,6 +38,8 @@ $config['site']['path'] = 'laconica'; // $config['site']['closed'] = true; // Only allow registration for people invited by another user // $config['site']['inviteonly'] = true; +// Only allow registrations and logins through OpenID +// $config['site']['openidonly'] = true; // Make the site invisible to non-logged-in users // $config['site']['private'] = true; @@ -164,6 +166,15 @@ $config['sphinx']['port'] = 3312; // $config['memcached']['server'] = 'localhost'; // $config['memcached']['port'] = 11211; +// Disable post-by-email +// $config['emailpost']['enabled'] = false; + +// Disable SMS +// $config['sms']['enabled'] = false; + +// Disable Twitter integration +// $config['twitter']['enabled'] = false; + // Twitter integration source attribute. Note: default is Laconica // $config['integration']['source'] = 'Laconica'; @@ -173,6 +184,10 @@ $config['sphinx']['port'] = 3312; // // $config['twitterbridge']['enabled'] = true; +// Twitter OAuth settings +// $config['twitter']['consumer_key'] = 'YOURKEY'; +// $config['twitter']['consumer_secret'] = 'YOURSECRET'; + // Edit throttling. Off by default. If turned on, you can only post 20 notices // every 10 minutes. Admins may want to play with the settings to minimize inconvenience for // real users without getting uncontrollable floods from spammers or runaway bots. diff --git a/db/074to080_pg.sql b/db/074to080_pg.sql new file mode 100644 index 000000000..0a7171ae5 --- /dev/null +++ b/db/074to080_pg.sql @@ -0,0 +1,108 @@ +BEGIN; +create sequence design_seq; +create table design ( + id bigint default nextval('design_seq') /* comment 'design ID'*/, + backgroundcolor integer /* comment 'main background color'*/ , + contentcolor integer /*comment 'content area background color'*/ , + sidebarcolor integer /*comment 'sidebar background color'*/ , + textcolor integer /*comment 'text color'*/ , + linkcolor integer /*comment 'link color'*/, + backgroundimage varchar(255) /*comment 'background image, if any'*/, + disposition int default 1 /*comment 'bit 1 = hide background image, bit 2 = display background image, bit 4 = tile background image'*/, + primary key (id) +); +alter table "user" + add column design_id integer references design(id); +alter table "user" + add column viewdesigns integer default 1; + +alter table notice add column + conversation integer references notice (id); + +create index notice_conversation_idx on notice(conversation); + +alter table foreign_user + alter column id TYPE bigint; + +alter table foreign_user alter column id set not null; + +alter table foreign_link + alter column foreign_id TYPE bigint; + +alter table user_group + add column design_id integer; + +/*attachments and URLs stuff */ +create sequence file_seq; +create table file ( + id bigint default nextval('file_seq') primary key /* comment 'unique identifier' */, + url varchar(255) unique, + mimetype varchar(50), + size integer, + title varchar(255), + date integer, + protected integer, + filename text /* comment 'if a local file, name of the file' */, + modified timestamp default CURRENT_TIMESTAMP /* comment 'date this record was modified'*/ +); + +create sequence file_oembed_seq; +create table file_oembed ( + file_id bigint default nextval('file_oembed_seq') primary key /* comment 'unique identifier' */, + version varchar(20), + type varchar(20), + provider varchar(50), + provider_url varchar(255), + width integer, + height integer, + html text, + title varchar(255), + author_name varchar(50), + author_url varchar(255), + url varchar(255) +); + +create sequence file_redirection_seq; +create table file_redirection ( + url varchar(255) primary key, + file_id bigint, + redirections integer, + httpcode integer +); + +create sequence file_thumbnail_seq; +create table file_thumbnail ( + file_id bigint primary key, + url varchar(255) unique, + width integer, + height integer +); +create sequence file_to_post_seq; +create table file_to_post ( + file_id bigint, + post_id bigint, + + primary key (file_id, post_id) +); + + +create table group_block ( + group_id integer not null /* comment 'group profile is blocked from' */ references user_group (id), + blocked integer not null /* comment 'profile that is blocked' */references profile (id), + blocker integer not null /* comment 'user making the block'*/ references "user" (id), + modified timestamp /* comment 'date of blocking'*/ , + + primary key (group_id, blocked) +); + +create table group_alias ( + + alias varchar(64) /* comment 'additional nickname for the group'*/ , + group_id integer not null /* comment 'group profile is blocked from'*/ references user_group (id), + modified timestamp /* comment 'date alias was created'*/, + primary key (alias) + +); +create index group_alias_group_id_idx on group_alias (group_id); + +COMMIT;
\ No newline at end of file diff --git a/db/laconica_pg.sql b/db/laconica_pg.sql index dae8b8faf..ad34720a2 100644 --- a/db/laconica_pg.sql +++ b/db/laconica_pg.sql @@ -1,508 +1,539 @@ -/* local and remote users have profiles */
-
-create sequence profile_seq;
-create table profile (
- id bigint default nextval('profile_seq') primary key /* comment 'unique identifier' */,
- nickname varchar(64) not null /* comment 'nickname or username' */,
- fullname varchar(255) /* comment 'display name' */,
- profileurl varchar(255) /* comment 'URL, cached so we dont regenerate' */,
- homepage varchar(255) /* comment 'identifying URL' */,
- bio varchar(140) /* comment 'descriptive biography' */,
- location varchar(255) /* comment 'physical location' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- textsearch tsvector
-);
-create index profile_nickname_idx on profile using btree(nickname);
-
-create table avatar (
- profile_id integer not null /* comment 'foreign key to profile table' */ references profile (id) ,
- original integer default 0 /* comment 'uploaded by user or generated?' */,
- width integer not null /* comment 'image width' */,
- height integer not null /* comment 'image height' */,
- mediatype varchar(32) not null /* comment 'file type' */,
- filename varchar(255) null /* comment 'local filename, if local' */,
- url varchar(255) unique /* comment 'avatar location' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key(profile_id, width, height)
-);
-create index avatar_profile_id_idx on avatar using btree(profile_id);
-
-create sequence sms_carrier_seq;
-create table sms_carrier (
- id bigint default nextval('sms_carrier_seq') primary key /* comment 'primary key for SMS carrier' */,
- name varchar(64) unique /* comment 'name of the carrier' */,
- email_pattern varchar(255) not null /* comment 'sprintf pattern for making an email address from a phone number' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified ' */
-);
-
-/* local users */
-
-create table "user" (
- id integer primary key /* comment 'foreign key to profile table' */ references profile (id) ,
- nickname varchar(64) unique /* comment 'nickname or username, duped in profile' */,
- password varchar(255) /* comment 'salted password, can be null for OpenID users' */,
- email varchar(255) unique /* comment 'email address for password recovery etc.' */,
- incomingemail varchar(255) unique /* comment 'email address for post-by-email' */,
- emailnotifysub integer default 1 /* comment 'Notify by email of subscriptions' */,
- emailnotifyfav integer default 1 /* comment 'Notify by email of favorites' */,
- emailnotifynudge integer default 1 /* comment 'Notify by email of nudges' */,
- emailnotifymsg integer default 1 /* comment 'Notify by email of direct messages' */,
- emailnotifyattn integer default 1 /* command 'Notify by email of @-replies' */,
- emailmicroid integer default 1 /* comment 'whether to publish email microid' */,
- language varchar(50) /* comment 'preferred language' */,
- timezone varchar(50) /* comment 'timezone' */,
- emailpost integer default 1 /* comment 'Post by email' */,
- jabber varchar(255) unique /* comment 'jabber ID for notices' */,
- jabbernotify integer default 0 /* comment 'whether to send notices to jabber' */,
- jabberreplies integer default 0 /* comment 'whether to send notices to jabber on replies' */,
- jabbermicroid integer default 1 /* comment 'whether to publish xmpp microid' */,
- updatefrompresence integer default 0 /* comment 'whether to record updates from Jabber presence notices' */,
- sms varchar(64) unique /* comment 'sms phone number' */,
- carrier integer /* comment 'foreign key to sms_carrier' */ references sms_carrier (id) ,
- smsnotify integer default 0 /* comment 'whether to send notices to SMS' */,
- smsreplies integer default 0 /* comment 'whether to send notices to SMS on replies' */,
- smsemail varchar(255) /* comment 'built from sms and carrier' */,
- uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */,
- autosubscribe integer default 0 /* comment 'automatically subscribe to users who subscribe to us' */,
- urlshorteningservice varchar(50) default 'ur1.ca' /* comment 'service to use for auto-shortening URLs' */,
- inboxed integer default 0 /* comment 'has an inbox been created for this user?' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-
-);
-create index user_smsemail_idx on "user" using btree(smsemail);
-
-/* remote people */
-
-create table remote_profile (
- id integer primary key /* comment 'foreign key to profile table' */ references profile (id) ,
- uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */,
- postnoticeurl varchar(255) /* comment 'URL we use for posting notices' */,
- updateprofileurl varchar(255) /* comment 'URL we use for updates to this profile' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table subscription (
- subscriber integer not null /* comment 'profile listening' */,
- subscribed integer not null /* comment 'profile being listened to' */,
- jabber integer default 1 /* comment 'deliver jabber messages' */,
- sms integer default 1 /* comment 'deliver sms messages' */,
- token varchar(255) /* comment 'authorization token' */,
- secret varchar(255) /* comment 'token secret' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (subscriber, subscribed)
-);
-create index subscription_subscriber_idx on subscription using btree(subscriber);
-create index subscription_subscribed_idx on subscription using btree(subscribed);
-
-create sequence notice_seq;
-create table notice (
-
- id bigint default nextval('notice_seq') primary key /* comment 'unique identifier' */,
- profile_id integer not null /* comment 'who made the update' */ references profile (id) ,
- uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */,
- content varchar(140) /* comment 'update content' */,
- rendered text /* comment 'HTML version of the content' */,
- url varchar(255) /* comment 'URL of any attachment (image, video, bookmark, whatever)' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
- reply_to integer /* comment 'notice replied to (usually a guess)' */ references notice (id) ,
- is_local integer default 0 /* comment 'notice was generated by a user' */,
- source varchar(32) /* comment 'source of comment, like "web", "im", or "clientname"' */,
- conversation integer /*id of root notice in this conversation' */ references notice (id)
-
-
-/* FULLTEXT(content) */
-);
-create index notice_profile_id_idx on notice using btree(profile_id);
-create index notice_created_idx on notice using btree(created);
-
-create table notice_source (
- code varchar(32) primary key not null /* comment 'source code' */,
- name varchar(255) not null /* comment 'name of the source' */,
- url varchar(255) not null /* comment 'url to link to' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table reply (
-
- notice_id integer not null /* comment 'notice that is the reply' */ references notice (id) ,
- profile_id integer not null /* comment 'profile replied to' */ references profile (id) ,
- modified timestamp /* comment 'date this record was modified' */,
- replied_id integer /* comment 'notice replied to (not used, see notice.reply_to)' */,
-
- primary key (notice_id, profile_id)
-
-);
-create index reply_notice_id_idx on reply using btree(notice_id);
-create index reply_profile_id_idx on reply using btree(profile_id);
-create index reply_replied_id_idx on reply using btree(replied_id);
-
-create table fave (
-
- notice_id integer not null /* comment 'notice that is the favorite' */ references notice (id),
- user_id integer not null /* comment 'user who likes this notice' */ references "user" (id) ,
- modified timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was modified' */,
- primary key (notice_id, user_id)
-
-);
-create index fave_notice_id_idx on fave using btree(notice_id);
-create index fave_user_id_idx on fave using btree(user_id);
-create index fave_modified_idx on fave using btree(modified);
-
-/* tables for OAuth */
-
-create table consumer (
- consumer_key varchar(255) primary key /* comment 'unique identifier, root URL' */,
- seed char(32) not null /* comment 'seed for new tokens by this consumer' */,
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table token (
- consumer_key varchar(255) not null /* comment 'unique identifier, root URL' */ references consumer (consumer_key),
- tok char(32) not null /* comment 'identifying value' */,
- secret char(32) not null /* comment 'secret value' */,
- type integer not null default 0 /* comment 'request or access' */,
- state integer default 0 /* comment 'for requests 0 = initial, 1 = authorized, 2 = used' */,
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (consumer_key, tok)
-);
-
-create table nonce (
- consumer_key varchar(255) not null /* comment 'unique identifier, root URL' */,
- tok char(32) not null /* comment 'identifying value' */,
- nonce char(32) null /* comment 'buggy old value, ignored */,
- ts integer not null /* comment 'timestamp sent' values are epoch, and only used internally */,
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (consumer_key, ts, nonce)
-);
-
-/* One-to-many relationship of user to openid_url */
-
-create table user_openid (
- canonical varchar(255) primary key /* comment 'Canonical true URL' */,
- display varchar(255) not null unique /* comment 'URL for viewing, may be different from canonical' */,
- user_id integer not null /* comment 'user owning this URL' */ references "user" (id) ,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-
-);
-create index user_openid_user_id_idx on user_openid using btree(user_id);
-
-/* These are used by JanRain OpenID library */
-
-create table oid_associations (
- server_url varchar(2047),
- handle varchar(255),
- secret bytea,
- issued integer,
- lifetime integer,
- assoc_type varchar(64),
- primary key (server_url, handle)
-);
-
-create table oid_nonces (
- server_url varchar(2047),
- "timestamp" integer,
- salt character(40),
- unique (server_url, "timestamp", salt)
-);
-
-create table confirm_address (
- code varchar(32) not null primary key /* comment 'good random code' */,
- user_id integer not null /* comment 'user who requested confirmation' */ references "user" (id),
- address varchar(255) not null /* comment 'address (email, Jabber, SMS, etc.)' */,
- address_extra varchar(255) not null default '' /* comment 'carrier ID, for SMS' */,
- address_type varchar(8) not null /* comment 'address type ("email", "jabber", "sms")' */,
- claimed timestamp /* comment 'date this was claimed for queueing' */,
- sent timestamp /* comment 'date this was sent for queueing' */,
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table remember_me (
- code varchar(32) not null primary key /* comment 'good random code' */,
- user_id integer not null /* comment 'user who is logged in' */ references "user" (id),
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table queue_item (
-
- notice_id integer not null /* comment 'notice queued' */ references notice (id) ,
- transport varchar(8) not null /* comment 'queue for what? "email", "jabber", "sms", "irc", ...' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- claimed timestamp /* comment 'date this item was claimed' */,
-
- primary key (notice_id, transport)
-
-);
-create index queue_item_created_idx on queue_item using btree(created);
-
-/* Hash tags */
-create table notice_tag (
- tag varchar( 64 ) not null /* comment 'hash tag associated with this notice' */,
- notice_id integer not null /* comment 'notice tagged' */ references notice (id) ,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
-
- primary key (tag, notice_id)
-);
-create index notice_tag_created_idx on notice_tag using btree(created);
-
-/* Synching with foreign services */
-
-create table foreign_service (
- id int not null primary key /* comment 'numeric key for service' */,
- name varchar(32) not null unique /* comment 'name of the service' */,
- description varchar(255) /* comment 'description' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-);
-
-create table foreign_user (
- id int not null unique /* comment 'unique numeric key on foreign service' */,
- service int not null /* comment 'foreign key to service' */ references foreign_service(id) ,
- uri varchar(255) not null unique /* comment 'identifying URI' */,
- nickname varchar(255) /* comment 'nickname on foreign service' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (id, service)
-);
-
-create table foreign_link (
- user_id int /* comment 'link to user on this system, if exists' */ references "user" (id),
- foreign_id int /* comment 'link' */ references foreign_user (id),
- service int not null /* comment 'foreign key to service' */ references foreign_service (id),
- credentials varchar(255) /* comment 'authc credentials, typically a password' */,
- noticesync int not null default 1 /* comment 'notice synchronisation, bit 1 = sync outgoing, bit 2 = sync incoming, bit 3 = filter local replies' */,
- friendsync int not null default 2 /* comment 'friend synchronisation, bit 1 = sync outgoing, bit 2 = sync incoming */,
- profilesync int not null default 1 /* comment 'profile synchronization, bit 1 = sync outgoing, bit 2 = sync incoming' */,
- last_noticesync timestamp default null /* comment 'last time notices were imported' */,
- last_friendsync timestamp default null /* comment 'last time friends were imported' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (user_id,foreign_id,service)
-);
-create index foreign_user_user_id_idx on foreign_link using btree(user_id);
-
-create table foreign_subscription (
- service int not null /* comment 'service where relationship happens' */ references foreign_service(id) ,
- subscriber int not null /* comment 'subscriber on foreign service' */ ,
- subscribed int not null /* comment 'subscribed user' */ ,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
-
- primary key (service, subscriber, subscribed)
-);
-create index foreign_subscription_subscriber_idx on foreign_subscription using btree(subscriber);
-create index foreign_subscription_subscribed_idx on foreign_subscription using btree(subscribed);
-
-create table invitation (
- code varchar(32) not null primary key /* comment 'random code for an invitation' */,
- user_id int not null /* comment 'who sent the invitation' */ references "user" (id),
- address varchar(255) not null /* comment 'invitation sent to' */,
- address_type varchar(8) not null /* comment 'address type ("email", "jabber", "sms") '*/,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */
-
-);
-create index invitation_address_idx on invitation using btree(address,address_type);
-create index invitation_user_id_idx on invitation using btree(user_id);
-
-create sequence message_seq;
-create table message (
-
- id bigint default nextval('message_seq') primary key /* comment 'unique identifier' */,
- uri varchar(255) unique /* comment 'universally unique identifier' */,
- from_profile integer not null /* comment 'who the message is from' */ references profile (id),
- to_profile integer not null /* comment 'who the message is to' */ references profile (id),
- content varchar(140) /* comment 'message content' */,
- rendered text /* comment 'HTML version of the content' */,
- url varchar(255) /* comment 'URL of any attachment (image, video, bookmark, whatever)' */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
- source varchar(32) /* comment 'source of comment, like "web", "im", or "clientname"' */
-
-);
-create index message_from_idx on message using btree(from_profile);
-create index message_to_idx on message using btree(to_profile);
-create index message_created_idx on message using btree(created);
-
-create table notice_inbox (
-
- user_id integer not null /* comment 'user receiving the message' */ references "user" (id),
- notice_id integer not null /* comment 'notice received' */ references notice (id),
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date the notice was created' */,
- source integer default 1 /* comment 'reason it is in the inbox: 1=subscription' */,
-
- primary key (user_id, notice_id)
-);
-create index notice_inbox_notice_id_idx on notice_inbox using btree(notice_id);
-
-create table profile_tag (
- tagger integer not null /* comment 'user making the tag' */ references "user" (id),
- tagged integer not null /* comment 'profile tagged' */ references profile (id),
- tag varchar(64) not null /* comment 'hash tag associated with this notice' */,
- modified timestamp /* comment 'date the tag was added' */,
-
- primary key (tagger, tagged, tag)
-);
-create index profile_tag_modified_idx on profile_tag using btree(modified);
-create index profile_tag_tagger_tag_idx on profile_tag using btree(tagger,tag);
-
-create table profile_block (
-
- blocker integer not null /* comment 'user making the block' */ references "user" (id),
- blocked integer not null /* comment 'profile that is blocked' */ references profile (id),
- modified timestamp /* comment 'date of blocking' */,
-
- primary key (blocker, blocked)
-
-);
-
-create sequence user_group_seq;
-create table user_group (
-
- id bigint default nextval('user_group_seq') primary key /* comment 'unique identifier' */,
-
- nickname varchar(64) unique /* comment 'nickname for addressing' */,
- fullname varchar(255) /* comment 'display name' */,
- homepage varchar(255) /* comment 'URL, cached so we dont regenerate' */,
- description varchar(140) /* comment 'descriptive biography' */,
- location varchar(255) /* comment 'related physical location, if any' */,
-
- original_logo varchar(255) /* comment 'original size logo' */,
- homepage_logo varchar(255) /* comment 'homepage (profile) size logo' */,
- stream_logo varchar(255) /* comment 'stream-sized logo' */,
- mini_logo varchar(255) /* comment 'mini logo' */,
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */
-
-);
-create index user_group_nickname_idx on user_group using btree(nickname);
-
-create table group_member (
-
- group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id),
- profile_id integer not null /* comment 'foreign key to profile table' */ references profile (id),
- is_admin integer default 0 /* comment 'is this user an admin?' */,
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
- modified timestamp /* comment 'date this record was modified' */,
-
- primary key (group_id, profile_id)
-);
-
-create table related_group (
-
- group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id) ,
- related_group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id),
-
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */,
-
- primary key (group_id, related_group_id)
-
-);
-
-create table group_inbox (
- group_id integer not null /* comment 'group receiving the message' references user_group (id) */,
- notice_id integer not null /* comment 'notice received' references notice (id) */,
- created timestamp not null default CURRENT_TIMESTAMP /* comment 'date the notice was created' */,
-
- primary key (group_id, notice_id)
-);
-create index group_inbox_created_idx on group_inbox using btree(created);
-
-
-/*attachments and URLs stuff */
-create sequence file_seq;
-create table file (
- id bigint default nextval('file_seq') primary key /* comment 'unique identifier' */,
- url varchar(255) unique,
- mimetype varchar(50),
- size integer,
- title varchar(255),
- date integer,
- protected integer
-);
-
-create sequence file_oembed_seq;
-create table file_oembed (
- id bigint default nextval('file_oembed_seq') primary key /* comment 'unique identifier' */,
- file_id bigint unique,
- version varchar(20),
- type varchar(20),
- provider varchar(50),
- provider_url varchar(255),
- width integer,
- height integer,
- html text,
- title varchar(255),
- author_name varchar(50),
- author_url varchar(255),
- url varchar(255)
-);
-
-create sequence file_redirection_seq;
-create table file_redirection (
- id bigint default nextval('file_redirection_seq') primary key /* comment 'unique identifier' */,
- url varchar(255) unique,
- file_id bigint,
- redirections integer,
- httpcode integer
-);
-
-create sequence file_thumbnail_seq;
-create table file_thumbnail (
- id bigint default nextval('file_thumbnail_seq') primary key /* comment 'unique identifier' */,
- file_id bigint unique,
- url varchar(255) unique,
- width integer,
- height integer
-);
-
-create sequence file_to_post_seq;
-create table file_to_post (
- id bigint default nextval('file_to_post_seq') primary key /* comment 'unique identifier' */,
- file_id bigint,
- post_id bigint,
-
- unique(file_id, post_id)
-);
-
-create sequence design_seq;
-create table design (
- id bigint default nextval('design_seq') /* comment 'design ID'*/,
- backgroundcolor integer /* comment 'main background color'*/ ,
- contentcolor integer /*comment 'content area background color'*/ ,
- sidebarcolor integer /*comment 'sidebar background color'*/ ,
- textcolor integer /*comment 'text color'*/ ,
- linkcolor integer /*comment 'link color'*/,
- backgroundimage varchar(255) /*comment 'background image, if any'*/,
- disposition int default 1 /*comment 'bit 1 = hide background image, bit 2 = display background image, bit 4 = tile background image'*/,
- primary key (id)
-);
-
-/* Textsearch stuff */
-
-create index textsearch_idx on profile using gist(textsearch);
-create index noticecontent_idx on notice using gist(to_tsvector('english',content));
-create trigger textsearchupdate before insert or update on profile for each row
-execute procedure tsvector_update_trigger(textsearch, 'pg_catalog.english', nickname, fullname, location, bio, homepage);
-
+/* local and remote users have profiles */ + +create sequence profile_seq; +create table profile ( + id bigint default nextval('profile_seq') primary key /* comment 'unique identifier' */, + nickname varchar(64) not null /* comment 'nickname or username' */, + fullname varchar(255) /* comment 'display name' */, + profileurl varchar(255) /* comment 'URL, cached so we dont regenerate' */, + homepage varchar(255) /* comment 'identifying URL' */, + bio varchar(140) /* comment 'descriptive biography' */, + location varchar(255) /* comment 'physical location' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + textsearch tsvector +); +create index profile_nickname_idx on profile using btree(nickname); + +create table avatar ( + profile_id integer not null /* comment 'foreign key to profile table' */ references profile (id) , + original integer default 0 /* comment 'uploaded by user or generated?' */, + width integer not null /* comment 'image width' */, + height integer not null /* comment 'image height' */, + mediatype varchar(32) not null /* comment 'file type' */, + filename varchar(255) null /* comment 'local filename, if local' */, + url varchar(255) unique /* comment 'avatar location' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key(profile_id, width, height) +); +create index avatar_profile_id_idx on avatar using btree(profile_id); + +create sequence sms_carrier_seq; +create table sms_carrier ( + id bigint default nextval('sms_carrier_seq') primary key /* comment 'primary key for SMS carrier' */, + name varchar(64) unique /* comment 'name of the carrier' */, + email_pattern varchar(255) not null /* comment 'sprintf pattern for making an email address from a phone number' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified ' */ +); + +create sequence design_seq; +create table design ( + id bigint default nextval('design_seq') /* comment 'design ID'*/, + backgroundcolor integer /* comment 'main background color'*/ , + contentcolor integer /*comment 'content area background color'*/ , + sidebarcolor integer /*comment 'sidebar background color'*/ , + textcolor integer /*comment 'text color'*/ , + linkcolor integer /*comment 'link color'*/, + backgroundimage varchar(255) /*comment 'background image, if any'*/, + disposition int default 1 /*comment 'bit 1 = hide background image, bit 2 = display background image, bit 4 = tile background image'*/, + primary key (id) +); + +/* local users */ + +create table "user" ( + id integer primary key /* comment 'foreign key to profile table' */ references profile (id) , + nickname varchar(64) unique /* comment 'nickname or username, duped in profile' */, + password varchar(255) /* comment 'salted password, can be null for OpenID users' */, + email varchar(255) unique /* comment 'email address for password recovery etc.' */, + incomingemail varchar(255) unique /* comment 'email address for post-by-email' */, + emailnotifysub integer default 1 /* comment 'Notify by email of subscriptions' */, + emailnotifyfav integer default 1 /* comment 'Notify by email of favorites' */, + emailnotifynudge integer default 1 /* comment 'Notify by email of nudges' */, + emailnotifymsg integer default 1 /* comment 'Notify by email of direct messages' */, + emailnotifyattn integer default 1 /* command 'Notify by email of @-replies' */, + emailmicroid integer default 1 /* comment 'whether to publish email microid' */, + language varchar(50) /* comment 'preferred language' */, + timezone varchar(50) /* comment 'timezone' */, + emailpost integer default 1 /* comment 'Post by email' */, + jabber varchar(255) unique /* comment 'jabber ID for notices' */, + jabbernotify integer default 0 /* comment 'whether to send notices to jabber' */, + jabberreplies integer default 0 /* comment 'whether to send notices to jabber on replies' */, + jabbermicroid integer default 1 /* comment 'whether to publish xmpp microid' */, + updatefrompresence integer default 0 /* comment 'whether to record updates from Jabber presence notices' */, + sms varchar(64) unique /* comment 'sms phone number' */, + carrier integer /* comment 'foreign key to sms_carrier' */ references sms_carrier (id) , + smsnotify integer default 0 /* comment 'whether to send notices to SMS' */, + smsreplies integer default 0 /* comment 'whether to send notices to SMS on replies' */, + smsemail varchar(255) /* comment 'built from sms and carrier' */, + uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */, + autosubscribe integer default 0 /* comment 'automatically subscribe to users who subscribe to us' */, + urlshorteningservice varchar(50) default 'ur1.ca' /* comment 'service to use for auto-shortening URLs' */, + inboxed integer default 0 /* comment 'has an inbox been created for this user?' */, + design_id integer /* comment 'id of a design' */references design(id), + viewdesigns integer default 1 /* comment 'whether to view user-provided designs'*/, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ + +); +create index user_smsemail_idx on "user" using btree(smsemail); + +/* remote people */ + +create table remote_profile ( + id integer primary key /* comment 'foreign key to profile table' */ references profile (id) , + uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */, + postnoticeurl varchar(255) /* comment 'URL we use for posting notices' */, + updateprofileurl varchar(255) /* comment 'URL we use for updates to this profile' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ +); + +create table subscription ( + subscriber integer not null /* comment 'profile listening' */, + subscribed integer not null /* comment 'profile being listened to' */, + jabber integer default 1 /* comment 'deliver jabber messages' */, + sms integer default 1 /* comment 'deliver sms messages' */, + token varchar(255) /* comment 'authorization token' */, + secret varchar(255) /* comment 'token secret' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (subscriber, subscribed) +); +create index subscription_subscriber_idx on subscription using btree(subscriber); +create index subscription_subscribed_idx on subscription using btree(subscribed); + +create sequence notice_seq; +create table notice ( + + id bigint default nextval('notice_seq') primary key /* comment 'unique identifier' */, + profile_id integer not null /* comment 'who made the update' */ references profile (id) , + uri varchar(255) unique /* comment 'universally unique identifier, usually a tag URI' */, + content varchar(140) /* comment 'update content' */, + rendered text /* comment 'HTML version of the content' */, + url varchar(255) /* comment 'URL of any attachment (image, video, bookmark, whatever)' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + reply_to integer /* comment 'notice replied to (usually a guess)' */ references notice (id) , + is_local integer default 0 /* comment 'notice was generated by a user' */, + source varchar(32) /* comment 'source of comment, like "web", "im", or "clientname"' */, + conversation integer /*id of root notice in this conversation' */ references notice (id) + + +/* FULLTEXT(content) */ +); +create index notice_profile_id_idx on notice using btree(profile_id); +create index notice_created_idx on notice using btree(created); + +create table notice_source ( + code varchar(32) primary key not null /* comment 'source code' */, + name varchar(255) not null /* comment 'name of the source' */, + url varchar(255) not null /* comment 'url to link to' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ +); + +create table reply ( + + notice_id integer not null /* comment 'notice that is the reply' */ references notice (id) , + profile_id integer not null /* comment 'profile replied to' */ references profile (id) , + modified timestamp /* comment 'date this record was modified' */, + replied_id integer /* comment 'notice replied to (not used, see notice.reply_to)' */, + + primary key (notice_id, profile_id) + +); +create index reply_notice_id_idx on reply using btree(notice_id); +create index reply_profile_id_idx on reply using btree(profile_id); +create index reply_replied_id_idx on reply using btree(replied_id); + +create table fave ( + + notice_id integer not null /* comment 'notice that is the favorite' */ references notice (id), + user_id integer not null /* comment 'user who likes this notice' */ references "user" (id) , + modified timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was modified' */, + primary key (notice_id, user_id) + +); +create index fave_notice_id_idx on fave using btree(notice_id); +create index fave_user_id_idx on fave using btree(user_id); +create index fave_modified_idx on fave using btree(modified); + +/* tables for OAuth */ + +create table consumer ( + consumer_key varchar(255) primary key /* comment 'unique identifier, root URL' */, + seed char(32) not null /* comment 'seed for new tokens by this consumer' */, + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ +); + +create table token ( + consumer_key varchar(255) not null /* comment 'unique identifier, root URL' */ references consumer (consumer_key), + tok char(32) not null /* comment 'identifying value' */, + secret char(32) not null /* comment 'secret value' */, + type integer not null default 0 /* comment 'request or access' */, + state integer default 0 /* comment 'for requests 0 = initial, 1 = authorized, 2 = used' */, + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (consumer_key, tok) +); + +create table nonce ( + consumer_key varchar(255) not null /* comment 'unique identifier, root URL' */, + tok char(32) /* comment 'buggy old value, ignored' */, + nonce char(32) null /* comment 'buggy old value, ignored */, + ts integer not null /* comment 'timestamp sent' values are epoch, and only used internally */, + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (consumer_key, ts, nonce) +); + +/* One-to-many relationship of user to openid_url */ + +create table user_openid ( + canonical varchar(255) primary key /* comment 'Canonical true URL' */, + display varchar(255) not null unique /* comment 'URL for viewing, may be different from canonical' */, + user_id integer not null /* comment 'user owning this URL' */ references "user" (id) , + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ + +); +create index user_openid_user_id_idx on user_openid using btree(user_id); + +/* These are used by JanRain OpenID library */ + +create table oid_associations ( + server_url varchar(2047), + handle varchar(255), + secret bytea, + issued integer, + lifetime integer, + assoc_type varchar(64), + primary key (server_url, handle) +); + +create table oid_nonces ( + server_url varchar(2047), + "timestamp" integer, + salt character(40), + unique (server_url, "timestamp", salt) +); + +create table confirm_address ( + code varchar(32) not null primary key /* comment 'good random code' */, + user_id integer not null /* comment 'user who requested confirmation' */ references "user" (id), + address varchar(255) not null /* comment 'address (email, Jabber, SMS, etc.)' */, + address_extra varchar(255) not null default '' /* comment 'carrier ID, for SMS' */, + address_type varchar(8) not null /* comment 'address type ("email", "jabber", "sms")' */, + claimed timestamp /* comment 'date this was claimed for queueing' */, + sent timestamp /* comment 'date this was sent for queueing' */, + modified timestamp /* comment 'date this record was modified' */ +); + +create table remember_me ( + code varchar(32) not null primary key /* comment 'good random code' */, + user_id integer not null /* comment 'user who is logged in' */ references "user" (id), + modified timestamp /* comment 'date this record was modified' */ +); + +create table queue_item ( + + notice_id integer not null /* comment 'notice queued' */ references notice (id) , + transport varchar(8) not null /* comment 'queue for what? "email", "jabber", "sms", "irc", ...' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + claimed timestamp /* comment 'date this item was claimed' */, + + primary key (notice_id, transport) + +); +create index queue_item_created_idx on queue_item using btree(created); + +/* Hash tags */ +create table notice_tag ( + tag varchar( 64 ) not null /* comment 'hash tag associated with this notice' */, + notice_id integer not null /* comment 'notice tagged' */ references notice (id) , + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + + primary key (tag, notice_id) +); +create index notice_tag_created_idx on notice_tag using btree(created); + +/* Synching with foreign services */ + +create table foreign_service ( + id int not null primary key /* comment 'numeric key for service' */, + name varchar(32) not null unique /* comment 'name of the service' */, + description varchar(255) /* comment 'description' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ +); + +create table foreign_user ( + id int not null unique /* comment 'unique numeric key on foreign service' */, + service int not null /* comment 'foreign key to service' */ references foreign_service(id) , + uri varchar(255) not null unique /* comment 'identifying URI' */, + nickname varchar(255) /* comment 'nickname on foreign service' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (id, service) +); + +create table foreign_link ( + user_id int /* comment 'link to user on this system, if exists' */ references "user" (id), + foreign_id int /* comment 'link' */ references foreign_user (id), + service int not null /* comment 'foreign key to service' */ references foreign_service (id), + credentials varchar(255) /* comment 'authc credentials, typically a password' */, + noticesync int not null default 1 /* comment 'notice synchronisation, bit 1 = sync outgoing, bit 2 = sync incoming, bit 3 = filter local replies' */, + friendsync int not null default 2 /* comment 'friend synchronisation, bit 1 = sync outgoing, bit 2 = sync incoming */, + profilesync int not null default 1 /* comment 'profile synchronization, bit 1 = sync outgoing, bit 2 = sync incoming' */, + last_noticesync timestamp default null /* comment 'last time notices were imported' */, + last_friendsync timestamp default null /* comment 'last time friends were imported' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (user_id,foreign_id,service) +); +create index foreign_user_user_id_idx on foreign_link using btree(user_id); + +create table foreign_subscription ( + service int not null /* comment 'service where relationship happens' */ references foreign_service(id) , + subscriber int not null /* comment 'subscriber on foreign service' */ , + subscribed int not null /* comment 'subscribed user' */ , + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + + primary key (service, subscriber, subscribed) +); +create index foreign_subscription_subscriber_idx on foreign_subscription using btree(subscriber); +create index foreign_subscription_subscribed_idx on foreign_subscription using btree(subscribed); + +create table invitation ( + code varchar(32) not null primary key /* comment 'random code for an invitation' */, + user_id int not null /* comment 'who sent the invitation' */ references "user" (id), + address varchar(255) not null /* comment 'invitation sent to' */, + address_type varchar(8) not null /* comment 'address type ("email", "jabber", "sms") '*/, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */ + +); +create index invitation_address_idx on invitation using btree(address,address_type); +create index invitation_user_id_idx on invitation using btree(user_id); + +create sequence message_seq; +create table message ( + + id bigint default nextval('message_seq') primary key /* comment 'unique identifier' */, + uri varchar(255) unique /* comment 'universally unique identifier' */, + from_profile integer not null /* comment 'who the message is from' */ references profile (id), + to_profile integer not null /* comment 'who the message is to' */ references profile (id), + content varchar(140) /* comment 'message content' */, + rendered text /* comment 'HTML version of the content' */, + url varchar(255) /* comment 'URL of any attachment (image, video, bookmark, whatever)' */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + source varchar(32) /* comment 'source of comment, like "web", "im", or "clientname"' */ + +); +create index message_from_idx on message using btree(from_profile); +create index message_to_idx on message using btree(to_profile); +create index message_created_idx on message using btree(created); + +create table notice_inbox ( + + user_id integer not null /* comment 'user receiving the message' */ references "user" (id), + notice_id integer not null /* comment 'notice received' */ references notice (id), + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date the notice was created' */, + source integer default 1 /* comment 'reason it is in the inbox: 1=subscription' */, + + primary key (user_id, notice_id) +); +create index notice_inbox_notice_id_idx on notice_inbox using btree(notice_id); + +create table profile_tag ( + tagger integer not null /* comment 'user making the tag' */ references "user" (id), + tagged integer not null /* comment 'profile tagged' */ references profile (id), + tag varchar(64) not null /* comment 'hash tag associated with this notice' */, + modified timestamp /* comment 'date the tag was added' */, + + primary key (tagger, tagged, tag) +); +create index profile_tag_modified_idx on profile_tag using btree(modified); +create index profile_tag_tagger_tag_idx on profile_tag using btree(tagger,tag); + +create table profile_block ( + + blocker integer not null /* comment 'user making the block' */ references "user" (id), + blocked integer not null /* comment 'profile that is blocked' */ references profile (id), + modified timestamp /* comment 'date of blocking' */, + + primary key (blocker, blocked) + +); + +create sequence user_group_seq; +create table user_group ( + + id bigint default nextval('user_group_seq') primary key /* comment 'unique identifier' */, + + nickname varchar(64) unique /* comment 'nickname for addressing' */, + fullname varchar(255) /* comment 'display name' */, + homepage varchar(255) /* comment 'URL, cached so we dont regenerate' */, + description varchar(140) /* comment 'descriptive biography' */, + location varchar(255) /* comment 'related physical location, if any' */, + + original_logo varchar(255) /* comment 'original size logo' */, + homepage_logo varchar(255) /* comment 'homepage (profile) size logo' */, + stream_logo varchar(255) /* comment 'stream-sized logo' */, + mini_logo varchar(255) /* comment 'mini logo' */, + design_id integer /*comment 'id of a design' */ references design(id), + + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */ + +); +create index user_group_nickname_idx on user_group using btree(nickname); + +create table group_member ( + + group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id), + profile_id integer not null /* comment 'foreign key to profile table' */ references profile (id), + is_admin integer default 0 /* comment 'is this user an admin?' */, + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + modified timestamp /* comment 'date this record was modified' */, + + primary key (group_id, profile_id) +); + +create table related_group ( + + group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id) , + related_group_id integer not null /* comment 'foreign key to user_group' */ references user_group (id), + + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date this record was created' */, + + primary key (group_id, related_group_id) + +); + +create table group_inbox ( + group_id integer not null /* comment 'group receiving the message' references user_group (id) */, + notice_id integer not null /* comment 'notice received' references notice (id) */, + created timestamp not null default CURRENT_TIMESTAMP /* comment 'date the notice was created' */, + primary key (group_id, notice_id) +); +create index group_inbox_created_idx on group_inbox using btree(created); + + +/*attachments and URLs stuff */ +create sequence file_seq; +create table file ( + id bigint default nextval('file_seq') primary key /* comment 'unique identifier' */, + url varchar(255) unique, + mimetype varchar(50), + size integer, + title varchar(255), + date integer, + protected integer, + filename text /* comment 'if a local file, name of the file' */, + modified timestamp default CURRENT_TIMESTAMP /* comment 'date this record was modified'*/ +); + +create sequence file_oembed_seq; +create table file_oembed ( + file_id bigint default nextval('file_oembed_seq') primary key /* comment 'unique identifier' */, + version varchar(20), + type varchar(20), + provider varchar(50), + provider_url varchar(255), + width integer, + height integer, + html text, + title varchar(255), + author_name varchar(50), + author_url varchar(255), + url varchar(255) +); + +create sequence file_redirection_seq; +create table file_redirection ( + url varchar(255) primary key, + file_id bigint, + redirections integer, + httpcode integer +); + +create sequence file_thumbnail_seq; +create table file_thumbnail ( + file_id bigint primary key, + url varchar(255) unique, + width integer, + height integer +); + +create sequence file_to_post_seq; +create table file_to_post ( + file_id bigint, + post_id bigint, + + primary key (file_id, post_id) +); + +create table group_block ( + group_id integer not null /* comment 'group profile is blocked from' */ references user_group (id), + blocked integer not null /* comment 'profile that is blocked' */references profile (id), + blocker integer not null /* comment 'user making the block'*/ references "user" (id), + modified timestamp /* comment 'date of blocking'*/ , + + primary key (group_id, blocked) +); + +create table group_alias ( + + alias varchar(64) /* comment 'additional nickname for the group'*/ , + group_id integer not null /* comment 'group profile is blocked from'*/ references user_group (id), + modified timestamp /* comment 'date alias was created'*/, + primary key (alias) + +); +create index group_alias_group_id_idx on group_alias (group_id); + +create table session ( + + id varchar(32) primary key /* comment 'session ID'*/, + session_data text /* comment 'session data'*/, + created timestamp not null DEFAULT CURRENT_TIMESTAMP /* comment 'date this record was created'*/, + modified integer DEFAULT extract(epoch from CURRENT_TIMESTAMP) /* comment 'date this record was modified'*/ +); + +create index session_modified_idx on session (modified); + + +/* Textsearch stuff */ + +create index textsearch_idx on profile using gist(textsearch); +create index noticecontent_idx on notice using gist(to_tsvector('english',content)); +create trigger textsearchupdate before insert or update on profile for each row +execute procedure tsvector_update_trigger(textsearch, 'pg_catalog.english', nickname, fullname, location, bio, homepage); + diff --git a/db/notice_source.sql b/db/notice_source.sql index 983ea9150..f590d1b97 100644 --- a/db/notice_source.sql +++ b/db/notice_source.sql @@ -22,6 +22,8 @@ VALUES ('IdentiFox','IdentiFox','http://www.bitbucket.org/uncryptic/identifox/', now()), ('identitwitch','IdentiTwitch','http://richfish.org/identitwitch/', now()), ('LaTwit','LaTwit','http://latwit.mac65.com/', now()), + ('LiveTweeter', 'LiveTweeter', 'http://addons.songbirdnest.com/addon/1204', now()), + ('livetweeter', 'livetweeter', 'http://addons.songbirdnest.com/addon/1204', now()), ('maisha', 'Maisha', 'http://maisha.grango.org/', now()), ('mbpidgin','mbpidgin','http://code.google.com/p/microblog-purple/', now()), ('Mobidentica', 'Mobidentica', 'http://www.substanceofcode.com/software/mobidentica/', now()), @@ -34,6 +36,7 @@ VALUES ('pocketwit','PockeTwit','http://code.google.com/p/pocketwit/', now()), ('posty','Posty','http://spreadingfunkyness.com/posty/', now()), ('qtwitter','qTwitter','http://qtwitter.ayoy.net/', now()), + ('qwit', 'Qwit', 'http://code.google.com/p/qwit/', now()), ('royalewithcheese','Royale With Cheese','http://p.hellyeah.org/', now()), ('rssdent','rssdent','http://github.com/zcopley/rssdent/tree/master', now()), ('rygh.no','rygh.no','http://rygh.no/', now()), diff --git a/db/sms_carrier.sql b/db/sms_carrier.sql index 6879f2089..055606f58 100644 --- a/db/sms_carrier.sql +++ b/db/sms_carrier.sql @@ -60,4 +60,5 @@ VALUES (100112, 'Cincinnati Bell Wireless', '%s@gocbw.com', now()), (100113, 'T-Mobile Germany', '%s@t-mobile-sms.de', now()), (100114, 'Vodafone Germany', '%s@vodafone-sms.de', now()), - (100115, 'E-Plus', '%s@smsmail.eplus.de', now()); + (100115, 'E-Plus', '%s@smsmail.eplus.de', now()), + (100116, 'Cellular South', '%s@csouth1.com', now()); diff --git a/doc-src/im b/doc-src/im index da07f9fe7..c722a4e2c 100644 --- a/doc-src/im +++ b/doc-src/im @@ -32,4 +32,15 @@ currently-implemented commands: you subscribe to. * **off**: Turn off notifications. You'll no longer receive Jabber notifications. - +* **stop**: Same as 'off' +* **quit**: Same as 'off' +* **help**: Show this help. List available Jabber/XMPP commands +* **follow <nickname>**: Subscribe to <nickname> +* **sub <nickname>**: Same as follow +* **leave <nickname>**: Subscribe to <nickname> +* **unsub <nickname>**: Same as leave +* **d <nickname> <text>**: Send direct message to <nickname> with message body <text> +* **get <nickname>**: Get last notice from <nickname> +* **last <nickname>**: Same as 'get' +* **whois <nickname>**: Get Profile info on <nickname> +* **fav <nickname>**: Add user's last notice as a favorite
\ No newline at end of file diff --git a/doc-src/sms b/doc-src/sms index 1beb49786..1a3064318 100644 --- a/doc-src/sms +++ b/doc-src/sms @@ -44,24 +44,24 @@ You can use the following commands with %%site.name%%. * on - turn on notifications * off - turn off notifications * help - show this help -* follow <nickname> - subscribe to user -* leave <nickname> - unsubscribe from user -* d <nickname> <text> - direct message to user -* get <nickname> - get last notice from user -* whois <nickname> - get profile info on user -* fav <nickname> - add user's last notice as a 'fave' +* follow <nickname> - subscribe to user +* leave <nickname> - unsubscribe from user +* d <nickname> <text> - direct message to user +* get <nickname> - get last notice from user +* whois <nickname> - get profile info on user +* fav <nickname> - add user's last notice as a 'fave' * stats - get your stats * stop - same as 'off' * quit - same as 'off' -* sub <nickname> - same as 'follow' -* unsub <nickname> - same as 'leave' -* last <nickname> - same as 'get' -* on <nickname> - not yet implemented. -* off <nickname> - not yet implemented. -* nudge <nickname> - not yet implemented. -* invite <phone number> - not yet implemented. -* track <word> - not yet implemented. -* untrack <word> - not yet implemented. +* sub <nickname> - same as 'follow' +* unsub <nickname> - same as 'leave' +* last <nickname> - same as 'get' +* on <nickname> - not yet implemented. +* off <nickname> - not yet implemented. +* nudge <nickname> - not yet implemented. +* invite <phone number> - not yet implemented. +* track <word> - not yet implemented. +* untrack <word> - not yet implemented. * track off - not yet implemented. * untrack all - not yet implemented. * tracks - not yet implemented. diff --git a/extlib/DB/DataObject.php b/extlib/DB/DataObject.php index 0c6a13dc2..8e226b8fa 100644 --- a/extlib/DB/DataObject.php +++ b/extlib/DB/DataObject.php @@ -2,11 +2,11 @@ /** * Object Based Database Query Builder and data store * - * PHP versions 4 and 5 + * For PHP versions 4,5 and 6 * - * LICENSE: This source file is subject to version 3.0 of the PHP license + * LICENSE: This source file is subject to version 3.01 of the PHP license * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of + * http://www.php.net/license/3_01.txt. If you did not receive a copy of * the PHP License and are unable to obtain it through the web, please * send a note to license@php.net so we can mail you a copy immediately. * @@ -14,8 +14,8 @@ * @package DB_DataObject * @author Alan Knowles <alan@akbkhome.com> * @copyright 1997-2006 The PHP Group - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: DataObject.php,v 1.439 2008/01/30 02:14:06 alan_k Exp $ + * @license http://www.php.net/license/3_01.txt PHP License 3.01 + * @version CVS: $Id: DataObject.php 284150 2009-07-15 23:27:59Z alan_k $ * @link http://pear.php.net/package/DB_DataObject */ @@ -235,7 +235,7 @@ class DB_DataObject extends DB_DataObject_Overload * @access private * @var string */ - var $_DB_DataObject_version = "1.8.8"; + var $_DB_DataObject_version = "1.8.11"; /** * The Database table (used by table extends) @@ -1027,7 +1027,13 @@ class DB_DataObject extends DB_DataObject_Overload if ($leftq || $useNative) { $table = ($quoteIdentifiers ? $DB->quoteIdentifier($this->__table) : $this->__table); - $r = $this->_query("INSERT INTO {$table} ($leftq) VALUES ($rightq) "); + + if (($dbtype == 'pgsql') && empty($leftq)) { + $r = $this->_query("INSERT INTO {$table} DEFAULT VALUES"); + } else { + $r = $this->_query("INSERT INTO {$table} ($leftq) VALUES ($rightq) "); + } + @@ -1339,7 +1345,7 @@ class DB_DataObject extends DB_DataObject_Overload * build the condition only using the object parameters. * * @access public - * @return mixed True on success, false on failure, 0 on no data affected + * @return mixed Int (No. of rows affected) on success, false on failure, 0 on no data affected */ function delete($useWhere = false) { @@ -1369,7 +1375,13 @@ class DB_DataObject extends DB_DataObject_Overload if (($this->_query !== false) && $this->_query['condition']) { $table = ($quoteIdentifiers ? $DB->quoteIdentifier($this->__table) : $this->__table); - $sql = "DELETE FROM {$table} {$this->_query['condition']}{$extra_cond}"; + $sql = "DELETE "; + // using a joined delete. - with useWhere.. + $sql .= (!empty($this->_join) && $useWhere) ? + "{$table} FROM {$table} {$this->_join} " : + "FROM {$table} "; + + $sql .= $this->_query['condition']. $extra_cond; // add limit.. @@ -1521,15 +1533,15 @@ class DB_DataObject extends DB_DataObject_Overload } $keys = $this->keys(); - if (!$keys[0] && !is_string($countWhat)) { + if (empty($keys[0]) && (!is_string($countWhat) || (strtoupper($countWhat) == 'DISTINCT'))) { $this->raiseError( - "You cannot do run count without keys - use \$do->keys('id');", + "You cannot do run count without keys - use \$do->count('id'), or use \$do->count('distinct id')';", DB_DATAOBJECT_ERROR_INVALIDARGS,PEAR_ERROR_DIE); return false; } $table = ($quoteIdentifiers ? $DB->quoteIdentifier($this->__table) : $this->__table); - $key_col = ($quoteIdentifiers ? $DB->quoteIdentifier($keys[0]) : $keys[0]); + $key_col = empty($keys[0]) ? '' : (($quoteIdentifiers ? $DB->quoteIdentifier($keys[0]) : $keys[0])); $as = ($quoteIdentifiers ? $DB->quoteIdentifier('DATAOBJECT_NUM') : 'DATAOBJECT_NUM'); // support distinct on default keys. @@ -2044,7 +2056,7 @@ class DB_DataObject extends DB_DataObject_Overload // technically postgres native here... // we need to get the new improved tabledata sorted out first. - if ( in_array($dbtype , array('psql', 'mysql', 'mysqli', 'mssql', 'ifx')) && + if ( in_array($dbtype , array('pgsql', 'mysql', 'mysqli', 'mssql', 'ifx')) && ($table[$usekey] & DB_DATAOBJECT_INT) && isset($realkeys[$usekey]) && ($realkeys[$usekey] == 'N') ) { @@ -2125,10 +2137,13 @@ class DB_DataObject extends DB_DataObject_Overload $this->_loadConfig(); } // Set database driver for reference - $db_driver = empty($_DB_DATAOBJECT['CONFIG']['db_driver']) ? 'DB' : $_DB_DATAOBJECT['CONFIG']['db_driver']; - // is it already connected ? - + $db_driver = empty($_DB_DATAOBJECT['CONFIG']['db_driver']) ? + 'DB' : $_DB_DATAOBJECT['CONFIG']['db_driver']; + + // is it already connected ? if ($this->_database_dsn_md5 && !empty($_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5])) { + + // connection is an error... if (PEAR::isError($_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5])) { return $this->raiseError( $_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5]->message, @@ -2137,7 +2152,7 @@ class DB_DataObject extends DB_DataObject_Overload } - if (!$this->_database) { + if (empty($this->_database)) { $this->_database = $_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5]->dsn['database']; $hasGetDatabase = method_exists($_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5], 'getDatabase'); @@ -2166,6 +2181,7 @@ class DB_DataObject extends DB_DataObject_Overload // try and work out what to use for the dsn ! $options= &$_DB_DATAOBJECT['CONFIG']; + // if the databse dsn dis defined in the object.. $dsn = isset($this->_database_dsn) ? $this->_database_dsn : null; if (!$dsn) { @@ -2173,14 +2189,14 @@ class DB_DataObject extends DB_DataObject_Overload $this->_database = isset($options["table_{$this->__table}"]) ? $options["table_{$this->__table}"] : null; } if (!empty($_DB_DATAOBJECT['CONFIG']['debug'])) { - $this->debug("Checking for database database_{$this->_database} in options","CONNECT"); + $this->debug("Checking for database specific ini ('{$this->_database}') : database_{$this->_database} in options","CONNECT"); } if ($this->_database && !empty($options["database_{$this->_database}"])) { - $dsn = $options["database_{$this->_database}"]; } else if (!empty($options['database'])) { $dsn = $options['database']; + } } @@ -2205,6 +2221,9 @@ class DB_DataObject extends DB_DataObject_Overload if (!empty($_DB_DATAOBJECT['CONFIG']['debug'])) { $this->debug("USING CACHED CONNECTION", "CONNECT",3); } + + + if (!$this->_database) { $hasGetDatabase = method_exists($_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5], 'getDatabase'); @@ -2221,7 +2240,7 @@ class DB_DataObject extends DB_DataObject_Overload return true; } if (!empty($_DB_DATAOBJECT['CONFIG']['debug'])) { - $this->debug("NEW CONNECTION", "CONNECT",3); + $this->debug("NEW CONNECTION TP DATABASE :" .$this->_database , "CONNECT",3); /* actualy make a connection */ $this->debug(print_r($dsn,true) ." {$this->_database_dsn_md5}", "CONNECT",3); } @@ -2265,8 +2284,8 @@ class DB_DataObject extends DB_DataObject_Overload ); } - - if (!$this->_database) { + + if (empty($this->_database)) { $hasGetDatabase = method_exists($_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5], 'getDatabase'); $this->_database = ($db_driver != 'DB' && $hasGetDatabase) @@ -2357,38 +2376,38 @@ class DB_DataObject extends DB_DataObject_Overload $t= explode(' ',microtime()); $_DB_DATAOBJECT['QUERYENDTIME'] = $time = $t[0]+$t[1]; - - do { - if ($_DB_driver == 'DB') { - $result = $DB->query($string); - } else { - switch (strtolower(substr(trim($string),0,6))) { + for ($tries = 0;$tries < 3;$tries++) { - case 'insert': - case 'update': - case 'delete': - $result = $DB->exec($string); - break; - - default: - $result = $DB->query($string); - break; + if ($_DB_driver == 'DB') { + + $result = $DB->query($string); + } else { + switch (strtolower(substr(trim($string),0,6))) { + + case 'insert': + case 'update': + case 'delete': + $result = $DB->exec($string); + break; + + default: + $result = $DB->query($string); + break; + } } + + // see if we got a failure.. - try again a few times.. + if (!is_a($result,'PEAR_Error')) { + break; + } + if ($result->getCode() != -14) { // *DB_ERROR_NODBSELECTED + break; // not a connection error.. + } + sleep(1); // wait before retyring.. + $DB->connect($DB->dsn); } - - // try to reconnect, at most 3 times - $again = false; - if (is_a($result, 'PEAR_Error') - AND $result->getCode() == DB_ERROR_NODBSELECTED - AND $cpt++<3) { - $DB->disconnect(); - sleep(1); - $DB->connect($DB->dsn); - $again = true; - } - - } while ($again); + if (is_a($result,'PEAR_Error')) { if (!empty($_DB_DATAOBJECT['CONFIG']['debug'])) { @@ -2556,11 +2575,13 @@ class DB_DataObject extends DB_DataObject_Overload * use @ to silence it (if you are sure it is acceptable) * eg. $do = @DB_DataObject::factory('person') * - * table name will eventually be databasename/table + * table name can bedatabasename/table * - and allow modular dataobjects to be written.. * (this also helps proxy creation) * - * + * Experimental Support for Multi-Database factory eg. mydatabase.mytable + * + * * @param string $table tablename (use blank to create a new instance of the same class.) * @access private * @return DataObject|PEAR_Error @@ -2570,9 +2591,27 @@ class DB_DataObject extends DB_DataObject_Overload function factory($table = '') { global $_DB_DATAOBJECT; + + + // multi-database support.. - experimental. + $database = ''; + + if (strpos( $table,'/') !== false ) { + list($database,$table) = explode('.',$table, 2); + + } + if (empty($_DB_DATAOBJECT['CONFIG'])) { DB_DataObject::_loadConfig(); } + // no configuration available for database + if (!empty($database) && empty($_DB_DATAOBJECT['CONFIG']['database_'.$database])) { + return DB_DataObject::raiseError( + "unable to find database_{$database} in Configuration, It is required for factory with database" + , 0, PEAR_ERROR_DIE ); + } + + if ($table === '') { if (is_a($this,'DB_DataObject') && strlen($this->__table)) { @@ -2584,17 +2623,22 @@ class DB_DataObject extends DB_DataObject_Overload } } - + // does this need multi db support?? $p = isset($_DB_DATAOBJECT['CONFIG']['class_prefix']) ? $_DB_DATAOBJECT['CONFIG']['class_prefix'] : ''; $class = $p . preg_replace('/[^A-Z0-9]/i','_',ucfirst($table)); - $ce = substr(phpversion(),0,1) > 4 ? class_exists($class,false) : class_exists($class); + $class = $ce ? $class : DB_DataObject::_autoloadClass($class); // proxy = full|light if (!$class && isset($_DB_DATAOBJECT['CONFIG']['proxy'])) { + + DB_DataObject::debug("FAILED TO Autoload $database.$table - using proxy.","FACTORY",1); + + $proxyMethod = 'getProxy'.$_DB_DATAOBJECT['CONFIG']['proxy']; + // if you have loaded (some other way) - dont try and load it again.. class_exists('DB_DataObject_Generator') ? '' : require_once 'DB/DataObject/Generator.php'; @@ -2614,8 +2658,12 @@ class DB_DataObject extends DB_DataObject_Overload "factory could not find class $class from $table", DB_DATAOBJECT_ERROR_INVALIDCONFIG); } - - return new $class; + $ret = new $class; + if (!empty($database)) { + DB_DataObject::debug("Setting database to $database","FACTORY",1); + $ret->database($database); + } + return $ret; } /** * autoload Class @@ -3079,7 +3127,7 @@ class DB_DataObject extends DB_DataObject_Overload return; } - + //echo '<PRE>'; print_r(func_get_args()); $useWhereAsOn = false; // support for 2nd argument as an array of options if (is_array($joinType)) { @@ -3119,8 +3167,39 @@ class DB_DataObject extends DB_DataObject_Overload $DB = &$_DB_DATAOBJECT['CONNECTIONS'][$this->_database_dsn_md5]; + /// CHANGED 26 JUN 2009 - we prefer links from our local table over the remote one. - + /* otherwise see if there are any links from this table to the obj. */ + //print_r($this->links()); + if (($ofield === false) && ($links = $this->links())) { + foreach ($links as $k => $v) { + /* link contains {this column} = {linked table}:{linked column} */ + $ar = explode(':', $v); + // Feature Request #4266 - Allow joins with multiple keys + if (strpos($k, ',') !== false) { + $k = explode(',', $k); + } + if (strpos($ar[1], ',') !== false) { + $ar[1] = explode(',', $ar[1]); + } + + if ($ar[0] == $obj->__table) { + if ($joinCol !== false) { + if ($k == $joinCol) { + $tfield = $k; + $ofield = $ar[1]; + break; + } else { + continue; + } + } else { + $tfield = $k; + $ofield = $ar[1]; + break; + } + } + } + } /* look up the links for obj table */ //print_r($obj->links()); if (!$ofield && ($olinks = $obj->links())) { @@ -3164,37 +3243,6 @@ class DB_DataObject extends DB_DataObject_Overload } } - /* otherwise see if there are any links from this table to the obj. */ - //print_r($this->links()); - if (($ofield === false) && ($links = $this->links())) { - foreach ($links as $k => $v) { - /* link contains {this column} = {linked table}:{linked column} */ - $ar = explode(':', $v); - // Feature Request #4266 - Allow joins with multiple keys - if (strpos($k, ',') !== false) { - $k = explode(',', $k); - } - if (strpos($ar[1], ',') !== false) { - $ar[1] = explode(',', $ar[1]); - } - - if ($ar[0] == $obj->__table) { - if ($joinCol !== false) { - if ($k == $joinCol) { - $tfield = $k; - $ofield = $ar[1]; - break; - } else { - continue; - } - } else { - $tfield = $k; - $ofield = $ar[1]; - break; - } - } - } - } // finally if these two table have column names that match do a join by default on them if (($ofield === false) && $joinCol) { @@ -3383,22 +3431,25 @@ class DB_DataObject extends DB_DataObject_Overload case 'RIGHT': // others??? .. cross, left outer, right outer, natural..? // Feature Request #4266 - Allow joins with multiple keys - $this->_join .= "\n {$joinType} JOIN {$objTable} {$fullJoinAs}"; + $jadd = "\n {$joinType} JOIN {$objTable} {$fullJoinAs}"; + //$this->_join .= "\n {$joinType} JOIN {$objTable} {$fullJoinAs}"; if (is_array($ofield)) { $key_count = count($ofield); for($i = 0; $i < $key_count; $i++) { if ($i == 0) { - $this->_join .= " ON ({$joinAs}.{$ofield[$i]}={$table}.{$tfield[$i]}) "; + $jadd .= " ON ({$joinAs}.{$ofield[$i]}={$table}.{$tfield[$i]}) "; } else { - $this->_join .= " AND {$joinAs}.{$ofield[$i]}={$table}.{$tfield[$i]} "; + $jadd .= " AND {$joinAs}.{$ofield[$i]}={$table}.{$tfield[$i]} "; } } - $this->_join .= ' ' . $appendJoin . ' '; + $jadd .= ' ' . $appendJoin . ' '; } else { - $this->_join .= " ON ({$joinAs}.{$ofield}={$table}.{$tfield}) {$appendJoin} "; + $jadd .= " ON ({$joinAs}.{$ofield}={$table}.{$tfield}) {$appendJoin} "; } - + // jadd avaliable for debugging join build. + //echo $jadd ."\n"; + $this->_join .= $jadd; break; case '': // this is just a standard multitable select.. @@ -3459,7 +3510,7 @@ class DB_DataObject extends DB_DataObject_Overload continue; } - if (empty($from[$k]) && $skipEmpty) { + if (empty($from[sprintf($format,$k)]) && $skipEmpty) { continue; } diff --git a/extlib/DB/DataObject/Cast.php b/extlib/DB/DataObject/Cast.php index 616abb55e..095d2a4d2 100644 --- a/extlib/DB/DataObject/Cast.php +++ b/extlib/DB/DataObject/Cast.php @@ -15,9 +15,9 @@ * @category Database * @package DB_DataObject * @author Alan Knowles <alan@akbkhome.com> - * @copyright 1997-2006 The PHP Group + * @copyright 1997-2008 The PHP Group * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: Cast.php,v 1.15 2005/07/07 05:30:53 alan_k Exp $ + * @version CVS: $Id: Cast.php 264148 2008-08-04 03:44:59Z alan_k $ * @link http://pear.php.net/package/DB_DataObject */ @@ -391,7 +391,10 @@ class DB_DataObject_Cast { // this is funny - the parameter order is reversed ;) return "'".mysqli_real_escape_string($db->connection, $this->value)."'"; - + case 'sqlite': + // this is funny - the parameter order is reversed ;) + return "'".sqlite_escape_string($this->value)."'"; + default: return PEAR::raiseError("DB_DataObject_Cast cant handle blobs for Database:{$db->dsn['phptype']} Yet"); diff --git a/extlib/DB/DataObject/Error.php b/extlib/DB/DataObject/Error.php index 05a741408..382115453 100644 --- a/extlib/DB/DataObject/Error.php +++ b/extlib/DB/DataObject/Error.php @@ -18,7 +18,7 @@ * @author Alan Knowles <alan@akbkhome.com> * @copyright 1997-2006 The PHP Group * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: Error.php,v 1.3 2005/03/23 02:35:35 alan_k Exp $ + * @version CVS: $Id: Error.php 277015 2009-03-12 05:51:03Z alan_k $ * @link http://pear.php.net/package/DB_DataObject */ diff --git a/extlib/DB/DataObject/Generator.php b/extlib/DB/DataObject/Generator.php index de16af692..ff6e42c7d 100644 --- a/extlib/DB/DataObject/Generator.php +++ b/extlib/DB/DataObject/Generator.php @@ -4,9 +4,9 @@ * * PHP versions 4 and 5 * - * LICENSE: This source file is subject to version 3.0 of the PHP license + * LICENSE: This source file is subject to version 3.01 of the PHP license * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of + * http://www.php.net/license/3_01.txt. If you did not receive a copy of * the PHP License and are unable to obtain it through the web, please * send a note to license@php.net so we can mail you a copy immediately. * @@ -14,8 +14,8 @@ * @package DB_DataObject * @author Alan Knowles <alan@akbkhome.com> * @copyright 1997-2006 The PHP Group - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: Generator.php,v 1.141 2008/01/30 02:29:39 alan_k Exp $ + * @license http://www.php.net/license/3_01.txt PHP License 3.01 + * @version CVS: $Id: Generator.php 284150 2009-07-15 23:27:59Z alan_k $ * @link http://pear.php.net/package/DB_DataObject */ @@ -193,7 +193,11 @@ class DB_DataObject_Generator extends DB_DataObject /** * set portability and some modules to fetch the informations */ - $__DB->setOption('portability', MDB2_PORTABILITY_ALL ^ MDB2_PORTABILITY_FIX_CASE); + $db_options = PEAR::getStaticProperty('MDB2','options'); + if (empty($db_options)) { + $__DB->setOption('portability', MDB2_PORTABILITY_ALL ^ MDB2_PORTABILITY_FIX_CASE); + } + $__DB->loadModule('Manager'); $__DB->loadModule('Reverse'); } @@ -265,12 +269,7 @@ class DB_DataObject_Generator extends DB_DataObject } else { $defs = $__DB->reverse->tableInfo($quotedTable); // rename the length value, so it matches db's return. - foreach ($defs as $k => $v) { - if (!isset($defs[$k]['length'])) { - continue; - } - $defs[$k]['len'] = $defs[$k]['length']; - } + } if (is_a($defs,'PEAR_Error')) { @@ -286,7 +285,10 @@ class DB_DataObject_Generator extends DB_DataObject if (!is_array($def)) { continue; } - + // rename the length value, so it matches db's return. + if (isset($def['length']) && !isset($def['len'])) { + $def['len'] = $def['length']; + } $this->_definitions[$table][] = (object) $def; } @@ -391,7 +393,10 @@ class DB_DataObject_Generator extends DB_DataObject $fk = array(); foreach($this->tables as $this->table) { - $res =& $DB->query('SHOW CREATE TABLE ' . $this->table); + $quotedTable = !empty($options['quote_identifiers_tableinfo']) ? $DB->quoteIdentifier($table) : $this->table; + + $res =& $DB->query('SHOW CREATE TABLE ' . $quotedTable ); + if (PEAR::isError($res)) { die($res->getMessage()); } @@ -467,7 +472,7 @@ class DB_DataObject_Generator extends DB_DataObject function _generateDefinitionsTable() { global $_DB_DATAOBJECT; - + $options = PEAR::getStaticProperty('DB_DataObject','options'); $defs = $this->_definitions[$this->table]; $this->_newConfig .= "\n[{$this->table}]\n"; $keys_out = "\n[{$this->table}__keys]\n"; @@ -551,6 +556,9 @@ class DB_DataObject_Generator extends DB_DataObject case 'ENUM': case 'SET': // not really but oh well + + case 'POINT': // mysql geometry stuff - not really string - but will do.. + case 'TIMESTAMPTZ': // postgres case 'BPCHAR': // postgres case 'INTERVAL': // postgres (eg. '12 days') @@ -594,14 +602,18 @@ class DB_DataObject_Generator extends DB_DataObject DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME; break; - - case 'TINYBLOB': + case 'BLOB': /// these should really be ignored!!!??? + case 'TINYBLOB': case 'MEDIUMBLOB': case 'LONGBLOB': + + case 'CLOB': // oracle character lob support + case 'BYTEA': // postgres blob support.. $type = DB_DATAOBJECT_STR + DB_DATAOBJECT_BLOB; break; + default: echo "*****************************************************************\n". "** WARNING UNKNOWN TYPE **\n". @@ -653,7 +665,9 @@ class DB_DataObject_Generator extends DB_DataObject // only use primary key or nextval(), cause the setFrom blocks you setting all key items... // if no keys exist fall back to using unique //echo "\n{$t->name} => {$t->flags}\n"; - if (preg_match("/(auto_increment|nextval\()/i",rawurldecode($t->flags)) + $secondary_key_match = isset($options['generator_secondary_key_match']) ? $options['generator_secondary_key_match'] : 'primary|unique'; + + if (preg_match('/(auto_increment|nextval\()/i',rawurldecode($t->flags)) || (isset($t->autoincrement) && ($t->autoincrement === true))) { // native sequences = 2 @@ -662,7 +676,7 @@ class DB_DataObject_Generator extends DB_DataObject } $ret_keys_primary[$t->name] = 'N'; - } else if (preg_match("/(primary|unique)/i",$t->flags)) { + } else if ($secondary_key_match && preg_match('/('.$secondary_key_match.')/i',$t->flags)) { // keys.. = 1 $key_type = 'K'; if (!preg_match("/(primary)/i",$t->flags)) { @@ -868,10 +882,13 @@ class DB_DataObject_Generator extends DB_DataObject // then we should add var $_database = here // as database names may not always match.. + if (empty($GLOBALS['_DB_DATAOBJECT']['CONFIG'])) { + DB_DataObject::_loadConfig(); + } + + // Only include the $_database property if the omit_database_var is unset or false - - - if (isset($options["database_{$this->_database}"])) { + if (isset($options["database_{$this->_database}"]) && empty($GLOBALS['_DB_DATAOBJECT']['CONFIG']['generator_omit_database_var'])) { $body .= " {$var} \$_database = '{$this->_database}'; {$p}// database name (used with database_{*} config)\n"; } @@ -904,9 +921,10 @@ class DB_DataObject_Generator extends DB_DataObject $padding = (30 - strlen($t->name)); if ($padding < 2) $padding =2; $p = str_repeat(' ',$padding) ; - - $body .=" {$var} \${$t->name}; {$p}// {$t->type}({$t->len}) {$t->flags}\n"; - + + $length = empty($t->len) ? '' : '('.$t->len.')'; + $body .=" {$var} \${$t->name}; {$p}// {$t->type}$length {$t->flags}\n"; + // can not do set as PEAR::DB table info doesnt support it. //if (substr($t->Type,0,3) == "set") // $sets[$t->Field] = "array".substr($t->Type,3); @@ -1185,7 +1203,7 @@ class DB_DataObject_Generator extends DB_DataObject $__DB->loadModule('Manager'); $__DB->loadModule('Reverse'); } - $quotedTable = !empty($options['quote_identifiers']) ? + $quotedTable = !empty($options['quote_identifiers_tableinfo']) ? $__DB->quoteIdentifier($table) : $table; if (!$is_MDB2) { diff --git a/extlib/DB/DataObject/createTables.php b/extlib/DB/DataObject/createTables.php index c0659574e..d54d28c24 100755..100644 --- a/extlib/DB/DataObject/createTables.php +++ b/extlib/DB/DataObject/createTables.php @@ -16,7 +16,7 @@ // | Author: Alan Knowles <alan@akbkhome.com> // +----------------------------------------------------------------------+ // -// $Id: createTables.php,v 1.24 2006/01/13 01:27:55 alan_k Exp $ +// $Id: createTables.php 277015 2009-03-12 05:51:03Z alan_k $ // // since this version doesnt use overload, diff --git a/extlib/Services/oEmbed.php b/extlib/Services/oEmbed.php index 5d38ed883..7d507b6f6 100644 --- a/extlib/Services/oEmbed.php +++ b/extlib/Services/oEmbed.php @@ -162,7 +162,7 @@ class Services_oEmbed } if ($this->options[self::OPTION_API] === null) { - $this->options[self::OPTION_API] = $this->discover(); + $this->options[self::OPTION_API] = $this->discover($url); } } @@ -319,7 +319,7 @@ class Services_oEmbed } } - return (isset($ret['json']) ? $ret['json'] : array_pop($ret)); + return (isset($ret['application/json']) ? $ret['application/json'] : array_pop($ret)); } /** diff --git a/extlib/htmLawed/htmLawed.php b/extlib/htmLawed/htmLawed.php new file mode 100644 index 000000000..17f6e98ca --- /dev/null +++ b/extlib/htmLawed/htmLawed.php @@ -0,0 +1,715 @@ +<?php + +/* +htmLawed 1.1.8.1, 16 July 2009 +Copyright Santosh Patnaik +GPL v3 license +A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed + +See htmLawed_README.txt/htm +*/ + +function htmLawed($t, $C=1, $S=array()){ +$C = is_array($C) ? $C : array(); +if(!empty($C['valid_xhtml'])){ + $C['elements'] = empty($C['elements']) ? '*-center-dir-font-isindex-menu-s-strike-u' : $C['elements']; + $C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 2; + $C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 2; +} +// config eles +$e = array('a'=>1, 'abbr'=>1, 'acronym'=>1, 'address'=>1, 'applet'=>1, 'area'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'blockquote'=>1, 'br'=>1, 'button'=>1, 'caption'=>1, 'center'=>1, 'cite'=>1, 'code'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'del'=>1, 'dfn'=>1, 'dir'=>1, 'div'=>1, 'dl'=>1, 'dt'=>1, 'em'=>1, 'embed'=>1, 'fieldset'=>1, 'font'=>1, 'form'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'isindex'=>1, 'kbd'=>1, 'label'=>1, 'legend'=>1, 'li'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'object'=>1, 'ol'=>1, 'optgroup'=>1, 'option'=>1, 'p'=>1, 'param'=>1, 'pre'=>1, 'q'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'script'=>1, 'select'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'table'=>1, 'tbody'=>1, 'td'=>1, 'textarea'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1, 'tt'=>1, 'u'=>1, 'ul'=>1, 'var'=>1); // 86/deprecated+embed+ruby +if(!empty($C['safe'])){ + unset($e['applet'], $e['embed'], $e['iframe'], $e['object'], $e['script']); +} +$x = !empty($C['elements']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['elements']) : '*'; +if($x == '-*'){$e = array();} +elseif(strpos($x, '*') === false){$e = array_flip(explode(',', $x));} +else{ + if(isset($x[1])){ + preg_match_all('`(?:^|-|\+)[^\-+]+?(?=-|\+|$)`', $x, $m, PREG_SET_ORDER); + for($i=count($m); --$i>=0;){$m[$i] = $m[$i][0];} + foreach($m as $v){ + if($v[0] == '+'){$e[substr($v, 1)] = 1;} + if($v[0] == '-' && isset($e[($v = substr($v, 1))]) && !in_array('+'. $v, $m)){unset($e[$v]);} + } + } +} +$C['elements'] =& $e; +// config attrs +$x = !empty($C['deny_attribute']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['deny_attribute']) : ''; +$x = array_flip((isset($x[0]) && $x[0] == '*') ? explode('-', $x) : explode(',', $x. (!empty($C['safe']) ? ',on*' : ''))); +if(isset($x['on*'])){ + unset($x['on*']); + $x += array('onblur'=>1, 'onchange'=>1, 'onclick'=>1, 'ondblclick'=>1, 'onfocus'=>1, 'onkeydown'=>1, 'onkeypress'=>1, 'onkeyup'=>1, 'onmousedown'=>1, 'onmousemove'=>1, 'onmouseout'=>1, 'onmouseover'=>1, 'onmouseup'=>1, 'onreset'=>1, 'onselect'=>1, 'onsubmit'=>1); +} +$C['deny_attribute'] = $x; +// config URL +$x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https'; +$C['schemes'] = array(); +foreach(explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v){ + $x = $x2 = null; list($x, $x2) = explode(':', $v, 2); + if($x2){$C['schemes'][$x] = array_flip(explode(',', $x2));} +} +if(!isset($C['schemes']['*'])){$C['schemes']['*'] = array('file'=>1, 'http'=>1, 'https'=>1,);} +if(!empty($C['safe']) && empty($C['schemes']['style'])){$C['schemes']['style'] = array('nil'=>1);} +$C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0; +if(!isset($C['base_url']) or !preg_match('`^[a-zA-Z\d.+\-]+://[^/]+/(.+?/)?$`', $C['base_url'])){ + $C['base_url'] = $C['abs_url'] = 0; +} +// config rest +$C['and_mark'] = empty($C['and_mark']) ? 0 : 1; +$C['anti_link_spam'] = (isset($C['anti_link_spam']) && is_array($C['anti_link_spam']) && count($C['anti_link_spam']) == 2 && (empty($C['anti_link_spam'][0]) or hl_regex($C['anti_link_spam'][0])) && (empty($C['anti_link_spam'][1]) or hl_regex($C['anti_link_spam'][1]))) ? $C['anti_link_spam'] : 0; +$C['anti_mail_spam'] = isset($C['anti_mail_spam']) ? $C['anti_mail_spam'] : 0; +$C['balance'] = isset($C['balance']) ? (bool)$C['balance'] : 1; +$C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0); +$C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char']; +$C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0); +$C['css_expression'] = empty($C['css_expression']) ? 0 : 1; +$C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1; +$C['hook'] = (!empty($C['hook']) && function_exists($C['hook'])) ? $C['hook'] : 0; +$C['hook_tag'] = (!empty($C['hook_tag']) && function_exists($C['hook_tag'])) ? $C['hook_tag'] : 0; +$C['keep_bad'] = isset($C['keep_bad']) ? $C['keep_bad'] : 6; +$C['lc_std_val'] = isset($C['lc_std_val']) ? (bool)$C['lc_std_val'] : 1; +$C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 1; +$C['named_entity'] = isset($C['named_entity']) ? (bool)$C['named_entity'] : 1; +$C['no_deprecated_attr'] = isset($C['no_deprecated_attr']) ? $C['no_deprecated_attr'] : 1; +$C['parent'] = isset($C['parent'][0]) ? strtolower($C['parent']) : 'body'; +$C['show_setting'] = !empty($C['show_setting']) ? $C['show_setting'] : 0; +$C['style_pass'] = empty($C['style_pass']) ? 0 : 1; +$C['tidy'] = empty($C['tidy']) ? 0 : $C['tidy']; +$C['unique_ids'] = isset($C['unique_ids']) ? $C['unique_ids'] : 1; +$C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 0; + +if(isset($GLOBALS['C'])){$reC = $GLOBALS['C'];} +$GLOBALS['C'] = $C; +$S = is_array($S) ? $S : hl_spec($S); +if(isset($GLOBALS['S'])){$reS = $GLOBALS['S'];} +$GLOBALS['S'] = $S; + +$t = preg_replace('`[\x00-\x08\x0b-\x0c\x0e-\x1f]`', '', $t); +if($C['clean_ms_char']){ + $x = array("\x7f"=>'', "\x80"=>'€', "\x81"=>'', "\x83"=>'ƒ', "\x85"=>'…', "\x86"=>'†', "\x87"=>'‡', "\x88"=>'ˆ', "\x89"=>'‰', "\x8a"=>'Š', "\x8b"=>'‹', "\x8c"=>'Œ', "\x8d"=>'', "\x8e"=>'Ž', "\x8f"=>'', "\x90"=>'', "\x95"=>'•', "\x96"=>'–', "\x97"=>'—', "\x98"=>'˜', "\x99"=>'™', "\x9a"=>'š', "\x9b"=>'›', "\x9c"=>'œ', "\x9d"=>'', "\x9e"=>'ž', "\x9f"=>'Ÿ'); + $x = $x + ($C['clean_ms_char'] == 1 ? array("\x82"=>'‚', "\x84"=>'„', "\x91"=>'‘', "\x92"=>'’', "\x93"=>'“', "\x94"=>'”') : array("\x82"=>'\'', "\x84"=>'"', "\x91"=>'\'', "\x92"=>'\'', "\x93"=>'"', "\x94"=>'"')); + $t = strtr($t, $x); +} +if($C['cdata'] or $C['comment']){$t = preg_replace_callback('`<!(?:(?:--.*?--)|(?:\[CDATA\[.*?\]\]))>`sm', 'hl_cmtcd', $t);} +$t = preg_replace_callback('`&([A-Za-z][A-Za-z0-9]{1,30}|#(?:[0-9]{1,8}|[Xx][0-9A-Fa-f]{1,7}));`', 'hl_ent', str_replace('&', '&', $t)); +if($C['unique_ids'] && !isset($GLOBALS['hl_Ids'])){$GLOBALS['hl_Ids'] = array();} +if($C['hook']){$t = $C['hook']($t, $C, $S);} +if($C['show_setting'] && preg_match('`^[a-z][a-z0-9_]*$`i', $C['show_setting'])){ + $GLOBALS[$C['show_setting']] = array('config'=>$C, 'spec'=>$S, 'time'=>microtime()); +} +// main +$t = preg_replace_callback('`<(?:(?:\s|$)|(?:[^>]*(?:>|$)))|>`m', 'hl_tag', $t); +$t = $C['balance'] ? hl_bal($t, $C['keep_bad'], $C['parent']) : $t; +$t = (($C['cdata'] or $C['comment']) && strpos($t, "\x01") !== false) ? str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05"), array('', '', '&', '<', '>'), $t) : $t; +$t = $C['tidy'] ? hl_tidy($t, $C['tidy'], $C['parent']) : $t; +unset($C, $e); +if(isset($reC)){$GLOBALS['C'] = $reC;} +if(isset($reS)){$GLOBALS['S'] = $reS;} +return $t; +// eof +} + +function hl_attrval($t, $p){ +// check attr val against $S +$o = 1; $l = strlen($t); +foreach($p as $k=>$v){ + switch($k){ + case 'maxlen':if($l > $v){$o = 0;} + break; case 'minlen': if($l < $v){$o = 0;} + break; case 'maxval': if((float)($t) > $v){$o = 0;} + break; case 'minval': if((float)($t) < $v){$o = 0;} + break; case 'match': if(!preg_match($v, $t)){$o = 0;} + break; case 'nomatch': if(preg_match($v, $t)){$o = 0;} + break; case 'oneof': + $m = 0; + foreach(explode('|', $v) as $n){if($t == $n){$m = 1; break;}} + $o = $m; + break; case 'noneof': + $m = 1; + foreach(explode('|', $v) as $n){if($t == $n){$m = 0; break;}} + $o = $m; + break; default: + break; + } + if(!$o){break;} +} +return ($o ? $t : (isset($p['default']) ? $p['default'] : 0)); +// eof +} + +function hl_bal($t, $do=1, $in='div'){ +// balance tags +// by content +$cB = array('blockquote'=>1, 'form'=>1, 'map'=>1, 'noscript'=>1); // Block +$cE = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1); // Empty +$cF = array('button'=>1, 'del'=>1, 'div'=>1, 'dd'=>1, 'fieldset'=>1, 'iframe'=>1, 'ins'=>1, 'li'=>1, 'noscript'=>1, 'object'=>1, 'td'=>1, 'th'=>1); // Flow; later context-wise dynamic move of ins & del to $cI +$cI = array('a'=>1, 'abbr'=>1, 'acronym'=>1, 'address'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'caption'=>1, 'cite'=>1, 'code'=>1, 'dfn'=>1, 'dt'=>1, 'em'=>1, 'font'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'i'=>1, 'kbd'=>1, 'label'=>1, 'legend'=>1, 'p'=>1, 'pre'=>1, 'q'=>1, 'rb'=>1, 'rt'=>1, 's'=>1, 'samp'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'tt'=>1, 'u'=>1, 'var'=>1); // Inline +$cN = array('a'=>array('a'=>1), 'button'=>array('a'=>1, 'button'=>1, 'fieldset'=>1, 'form'=>1, 'iframe'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'fieldset'=>array('fieldset'=>1), 'form'=>array('form'=>1), 'label'=>array('label'=>1), 'noscript'=>array('script'=>1), 'pre'=>array('big'=>1, 'font'=>1, 'img'=>1, 'object'=>1, 'script'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1), 'rb'=>array('ruby'=>1), 'rt'=>array('ruby'=>1)); // Illegal +$cN2 = array_keys($cN); +$cR = array('blockquote'=>1, 'dir'=>1, 'dl'=>1, 'form'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'select'=>1, 'table'=>1, 'tbody'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1); +$cS = array('colgroup'=>array('col'=>1), 'dir'=>array('li'), 'dl'=>array('dd'=>1, 'dt'=>1), 'menu'=>array('li'=>1), 'ol'=>array('li'=>1), 'optgroup'=>array('option'=>1), 'option'=>array('#pcdata'=>1), 'rbc'=>array('rb'=>1), 'rp'=>array('#pcdata'=>1), 'rtc'=>array('rt'=>1), 'ruby'=>array('rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1), 'select'=>array('optgroup'=>1, 'option'=>1), 'script'=>array('#pcdata'=>1), 'table'=>array('caption'=>1, 'col'=>1, 'colgroup'=>1, 'tfoot'=>1, 'tbody'=>1, 'tr'=>1, 'thead'=>1), 'tbody'=>array('tr'=>1), 'tfoot'=>array('tr'=>1), 'textarea'=>array('#pcdata'=>1), 'thead'=>array('tr'=>1), 'tr'=>array('td'=>1, 'th'=>1), 'ul'=>array('li'=>1)); // Specific - immediate parent-child +$cO = array('address'=>array('p'=>1), 'applet'=>array('param'=>1), 'blockquote'=>array('script'=>1), 'fieldset'=>array('legend'=>1, '#pcdata'=>1), 'form'=>array('script'=>1), 'map'=>array('area'=>1), 'object'=>array('param'=>1, 'embed'=>1)); // Other +$cT = array('colgroup'=>1, 'dd'=>1, 'dt'=>1, 'li'=>1, 'option'=>1, 'p'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1); // Omitable closing +// block/inline type; ins & del both type; #pcdata: text +$eB = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'del'=>1, 'dir'=>1, 'dl'=>1, 'div'=>1, 'fieldset'=>1, 'form'=>1, 'ins'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'isindex'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'p'=>1, 'pre'=>1, 'table'=>1, 'ul'=>1); +$eI = array('#pcdata'=>1, 'a'=>1, 'abbr'=>1, 'acronym'=>1, 'applet'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'br'=>1, 'button'=>1, 'cite'=>1, 'code'=>1, 'del'=>1, 'dfn'=>1, 'em'=>1, 'embed'=>1, 'font'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'kbd'=>1, 'label'=>1, 'map'=>1, 'object'=>1, 'param'=>1, 'q'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'select'=>1, 'script'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1, 'tt'=>1, 'u'=>1, 'var'=>1); +$eN = array('a'=>1, 'big'=>1, 'button'=>1, 'fieldset'=>1, 'font'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'label'=>1, 'object'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1); // Exclude from specific ele; $cN values +$eO = array('area'=>1, 'caption'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'dt'=>1, 'legend'=>1, 'li'=>1, 'optgroup'=>1, 'option'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'script'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'thead'=>1, 'th'=>1, 'tr'=>1); // Missing in $eB & $eI +$eF = $eB + $eI; + +// $in sets allowed child +$in = ((isset($eF[$in]) && $in != '#pcdata') or isset($eO[$in])) ? $in : 'div'; +if(isset($cE[$in])){ + return (!$do ? '' : str_replace(array('<', '>'), array('<', '>'), $t)); +} +if(isset($cS[$in])){$inOk = $cS[$in];} +elseif(isset($cI[$in])){$inOk = $eI; $cI['del'] = 1; $cI['ins'] = 1;} +elseif(isset($cF[$in])){$inOk = $eF; unset($cI['del'], $cI['ins']);} +elseif(isset($cB[$in])){$inOk = $eB; unset($cI['del'], $cI['ins']);} +if(isset($cO[$in])){$inOk = $inOk + $cO[$in];} +if(isset($cN[$in])){$inOk = array_diff_assoc($inOk, $cN[$in]);} + +$t = explode('<', $t); +$ok = $q = array(); // $q seq list of open non-empty ele +ob_start(); + +for($i=-1, $ci=count($t); ++$i<$ci;){ + // allowed $ok in parent $p + if($ql = count($q)){ + $p = array_pop($q); + $q[] = $p; + if(isset($cS[$p])){$ok = $cS[$p];} + elseif(isset($cI[$p])){$ok = $eI; $cI['del'] = 1; $cI['ins'] = 1;} + elseif(isset($cF[$p])){$ok = $eF; unset($cI['del'], $cI['ins']);} + elseif(isset($cB[$p])){$ok = $eB; unset($cI['del'], $cI['ins']);} + if(isset($cO[$p])){$ok = $ok + $cO[$p];} + if(isset($cN[$p])){$ok = array_diff_assoc($ok, $cN[$p]);} + }else{$ok = $inOk; unset($cI['del'], $cI['ins']);} + // bad tags, & ele content + if(isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))){ + echo '<', $s, $e, $a, '>'; + } + if(isset($x[0])){ + if($do < 3 or isset($ok['#pcdata'])){echo $x;} + elseif(strpos($x, "\x02\x04")){ + foreach(preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v){ + echo (substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : '')); + } + }elseif($do > 4){echo preg_replace('`\S`', '', $x);} + } + // get markup + if(!preg_match('`^(/?)([a-zA-Z1-6]+)([^>]*)>(.*)`sm', $t[$i], $r)){$x = $t[$i]; continue;} + $s = null; $e = null; $a = null; $x = null; list($all, $s, $e, $a, $x) = $r; + // close tag + if($s){ + if(isset($cE[$e]) or !in_array($e, $q)){continue;} // Empty/unopen + if($p == $e){array_pop($q); echo '</', $e, '>'; unset($e); continue;} // Last open + $add = ''; // Nesting - close open tags that need to be + for($j=-1, $cj=count($q); ++$j<$cj;){ + if(($d = array_pop($q)) == $e){break;} + else{$add .= "</{$d}>";} + } + echo $add, '</', $e, '>'; unset($e); continue; + } + // open tag + // $cB ele needs $eB ele as child + if(isset($cB[$e]) && strlen(trim($x))){ + $t[$i] = "{$e}{$a}>"; + array_splice($t, $i+1, 0, 'div>'. $x); unset($e, $x); ++$ci; --$i; continue; + } + if((($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql)) && !isset($eB[$e]) && !isset($ok[$e])){ + array_splice($t, $i, 0, 'div>'); unset($e, $x); ++$ci; --$i; continue; + } + // if no open ele, $in = parent; mostly immediate parent-child relation should hold + if(!$ql or !isset($eN[$e]) or !array_intersect($q, $cN2)){ + if(!isset($ok[$e])){ + if($ql && isset($cT[$p])){echo '</', array_pop($q), '>'; unset($e, $x); --$i;} + continue; + } + if(!isset($cE[$e])){$q[] = $e;} + echo '<', $e, $a, '>'; unset($e); continue; + } + // specific parent-child + if(isset($cS[$p][$e])){ + if(!isset($cE[$e])){$q[] = $e;} + echo '<', $e, $a, '>'; unset($e); continue; + } + // nesting + $add = ''; + $q2 = array(); + for($k=-1, $kc=count($q); ++$k<$kc;){ + $d = $q[$k]; + $ok2 = array(); + if(isset($cS[$d])){$q2[] = $d; continue;} + $ok2 = isset($cI[$d]) ? $eI : $eF; + if(isset($cO[$d])){$ok2 = $ok2 + $cO[$d];} + if(isset($cN[$d])){$ok2 = array_diff_assoc($ok2, $cN[$d]);} + if(!isset($ok2[$e])){ + if(!$k && !isset($inOk[$e])){continue 2;} + $add = "</{$d}>"; + for(;++$k<$kc;){$add = "</{$q[$k]}>{$add}";} + break; + } + else{$q2[] = $d;} + } + $q = $q2; + if(!isset($cE[$e])){$q[] = $e;} + echo $add, '<', $e, $a, '>'; unset($e); continue; +} + +// end +if($ql = count($q)){ + $p = array_pop($q); + $q[] = $p; + if(isset($cS[$p])){$ok = $cS[$p];} + elseif(isset($cI[$p])){$ok = $eI; $cI['del'] = 1; $cI['ins'] = 1;} + elseif(isset($cF[$p])){$ok = $eF; unset($cI['del'], $cI['ins']);} + elseif(isset($cB[$p])){$ok = $eB; unset($cI['del'], $cI['ins']);} + if(isset($cO[$p])){$ok = $ok + $cO[$p];} + if(isset($cN[$p])){$ok = array_diff_assoc($ok, $cN[$p]);} +}else{$ok = $inOk; unset($cI['del'], $cI['ins']);} +if(isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))){ + echo '<', $s, $e, $a, '>'; +} +if(isset($x[0])){ + if(strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))){ + echo '<div>', $x, '</div>'; + } + elseif($do < 3 or isset($ok['#pcdata'])){echo $x;} + elseif(strpos($x, "\x02\x04")){ + foreach(preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v){ + echo (substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : '')); + } + }elseif($do > 4){echo preg_replace('`\S`', '', $x);} +} +while(!empty($q) && ($e = array_pop($q))){echo '</', $e, '>';} +$o = ob_get_contents(); +ob_end_clean(); +return $o; +// eof +} + +function hl_cmtcd($t){ +// comment/CDATA sec handler +$t = $t[0]; +global $C; +if($t[3] == '-'){ + if(!$C['comment']){return $t;} + if($C['comment'] == 1){return '';} + if(substr(($t = preg_replace('`--+`', '-', substr($t, 4, -3))), -1) != ' '){$t .= ' ';} + $t = $C['comment'] == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; + $t = "\x01\x02\x04!--$t--\x05\x02\x01"; +}else{ // CDATA + if(!$C['cdata']){return $t;} + if($C['cdata'] == 1){return '';} + $t = substr($t, 1, -1); + $t = $C['cdata'] == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; + $t = "\x01\x01\x04$t\x05\x01\x01"; +} +return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), $t); +// eof +} + +function hl_ent($t){ +// entitity handler +global $C; +$t = $t[1]; +static $U = array('quot'=>1,'amp'=>1,'lt'=>1,'gt'=>1); +static $N = array('fnof'=>'402', 'Alpha'=>'913', 'Beta'=>'914', 'Gamma'=>'915', 'Delta'=>'916', 'Epsilon'=>'917', 'Zeta'=>'918', 'Eta'=>'919', 'Theta'=>'920', 'Iota'=>'921', 'Kappa'=>'922', 'Lambda'=>'923', 'Mu'=>'924', 'Nu'=>'925', 'Xi'=>'926', 'Omicron'=>'927', 'Pi'=>'928', 'Rho'=>'929', 'Sigma'=>'931', 'Tau'=>'932', 'Upsilon'=>'933', 'Phi'=>'934', 'Chi'=>'935', 'Psi'=>'936', 'Omega'=>'937', 'alpha'=>'945', 'beta'=>'946', 'gamma'=>'947', 'delta'=>'948', 'epsilon'=>'949', 'zeta'=>'950', 'eta'=>'951', 'theta'=>'952', 'iota'=>'953', 'kappa'=>'954', 'lambda'=>'955', 'mu'=>'956', 'nu'=>'957', 'xi'=>'958', 'omicron'=>'959', 'pi'=>'960', 'rho'=>'961', 'sigmaf'=>'962', 'sigma'=>'963', 'tau'=>'964', 'upsilon'=>'965', 'phi'=>'966', 'chi'=>'967', 'psi'=>'968', 'omega'=>'969', 'thetasym'=>'977', 'upsih'=>'978', 'piv'=>'982', 'bull'=>'8226', 'hellip'=>'8230', 'prime'=>'8242', 'Prime'=>'8243', 'oline'=>'8254', 'frasl'=>'8260', 'weierp'=>'8472', 'image'=>'8465', 'real'=>'8476', 'trade'=>'8482', 'alefsym'=>'8501', 'larr'=>'8592', 'uarr'=>'8593', 'rarr'=>'8594', 'darr'=>'8595', 'harr'=>'8596', 'crarr'=>'8629', 'lArr'=>'8656', 'uArr'=>'8657', 'rArr'=>'8658', 'dArr'=>'8659', 'hArr'=>'8660', 'forall'=>'8704', 'part'=>'8706', 'exist'=>'8707', 'empty'=>'8709', 'nabla'=>'8711', 'isin'=>'8712', 'notin'=>'8713', 'ni'=>'8715', 'prod'=>'8719', 'sum'=>'8721', 'minus'=>'8722', 'lowast'=>'8727', 'radic'=>'8730', 'prop'=>'8733', 'infin'=>'8734', 'ang'=>'8736', 'and'=>'8743', 'or'=>'8744', 'cap'=>'8745', 'cup'=>'8746', 'int'=>'8747', 'there4'=>'8756', 'sim'=>'8764', 'cong'=>'8773', 'asymp'=>'8776', 'ne'=>'8800', 'equiv'=>'8801', 'le'=>'8804', 'ge'=>'8805', 'sub'=>'8834', 'sup'=>'8835', 'nsub'=>'8836', 'sube'=>'8838', 'supe'=>'8839', 'oplus'=>'8853', 'otimes'=>'8855', 'perp'=>'8869', 'sdot'=>'8901', 'lceil'=>'8968', 'rceil'=>'8969', 'lfloor'=>'8970', 'rfloor'=>'8971', 'lang'=>'9001', 'rang'=>'9002', 'loz'=>'9674', 'spades'=>'9824', 'clubs'=>'9827', 'hearts'=>'9829', 'diams'=>'9830', 'apos'=>'39', 'OElig'=>'338', 'oelig'=>'339', 'Scaron'=>'352', 'scaron'=>'353', 'Yuml'=>'376', 'circ'=>'710', 'tilde'=>'732', 'ensp'=>'8194', 'emsp'=>'8195', 'thinsp'=>'8201', 'zwnj'=>'8204', 'zwj'=>'8205', 'lrm'=>'8206', 'rlm'=>'8207', 'ndash'=>'8211', 'mdash'=>'8212', 'lsquo'=>'8216', 'rsquo'=>'8217', 'sbquo'=>'8218', 'ldquo'=>'8220', 'rdquo'=>'8221', 'bdquo'=>'8222', 'dagger'=>'8224', 'Dagger'=>'8225', 'permil'=>'8240', 'lsaquo'=>'8249', 'rsaquo'=>'8250', 'euro'=>'8364', 'nbsp'=>'160', 'iexcl'=>'161', 'cent'=>'162', 'pound'=>'163', 'curren'=>'164', 'yen'=>'165', 'brvbar'=>'166', 'sect'=>'167', 'uml'=>'168', 'copy'=>'169', 'ordf'=>'170', 'laquo'=>'171', 'not'=>'172', 'shy'=>'173', 'reg'=>'174', 'macr'=>'175', 'deg'=>'176', 'plusmn'=>'177', 'sup2'=>'178', 'sup3'=>'179', 'acute'=>'180', 'micro'=>'181', 'para'=>'182', 'middot'=>'183', 'cedil'=>'184', 'sup1'=>'185', 'ordm'=>'186', 'raquo'=>'187', 'frac14'=>'188', 'frac12'=>'189', 'frac34'=>'190', 'iquest'=>'191', 'Agrave'=>'192', 'Aacute'=>'193', 'Acirc'=>'194', 'Atilde'=>'195', 'Auml'=>'196', 'Aring'=>'197', 'AElig'=>'198', 'Ccedil'=>'199', 'Egrave'=>'200', 'Eacute'=>'201', 'Ecirc'=>'202', 'Euml'=>'203', 'Igrave'=>'204', 'Iacute'=>'205', 'Icirc'=>'206', 'Iuml'=>'207', 'ETH'=>'208', 'Ntilde'=>'209', 'Ograve'=>'210', 'Oacute'=>'211', 'Ocirc'=>'212', 'Otilde'=>'213', 'Ouml'=>'214', 'times'=>'215', 'Oslash'=>'216', 'Ugrave'=>'217', 'Uacute'=>'218', 'Ucirc'=>'219', 'Uuml'=>'220', 'Yacute'=>'221', 'THORN'=>'222', 'szlig'=>'223', 'agrave'=>'224', 'aacute'=>'225', 'acirc'=>'226', 'atilde'=>'227', 'auml'=>'228', 'aring'=>'229', 'aelig'=>'230', 'ccedil'=>'231', 'egrave'=>'232', 'eacute'=>'233', 'ecirc'=>'234', 'euml'=>'235', 'igrave'=>'236', 'iacute'=>'237', 'icirc'=>'238', 'iuml'=>'239', 'eth'=>'240', 'ntilde'=>'241', 'ograve'=>'242', 'oacute'=>'243', 'ocirc'=>'244', 'otilde'=>'245', 'ouml'=>'246', 'divide'=>'247', 'oslash'=>'248', 'ugrave'=>'249', 'uacute'=>'250', 'ucirc'=>'251', 'uuml'=>'252', 'yacute'=>'253', 'thorn'=>'254', 'yuml'=>'255'); +if($t[0] != '#'){ + return ($C['and_mark'] ? "\x06" : '&'). (isset($U[$t]) ? $t : (isset($N[$t]) ? (!$C['named_entity'] ? '#'. ($C['hexdec_entity'] > 1 ? 'x'. dechex($N[$t]) : $N[$t]) : $t) : 'amp;'. $t)). ';'; +} +if(($n = ctype_digit($t = substr($t, 1)) ? intval($t) : hexdec(substr($t, 1))) < 9 or ($n > 13 && $n < 32) or $n == 11 or $n == 12 or ($n > 126 && $n < 160 && $n != 133) or ($n > 55295 && ($n < 57344 or ($n > 64975 && $n < 64992) or $n == 65534 or $n == 65535 or $n > 1114111))){ + return ($C['and_mark'] ? "\x06" : '&'). "amp;#{$t};"; +} +return ($C['and_mark'] ? "\x06" : '&'). '#'. (((ctype_digit($t) && $C['hexdec_entity'] < 2) or !$C['hexdec_entity']) ? $n : 'x'. dechex($n)). ';'; +// eof +} + +function hl_prot($p, $c=null){ +// check URL scheme +global $C; +$b = $a = ''; +if($c == null){$c = 'style'; $b = $p[1]; $a = $p[3]; $p = trim($p[2]);} +$c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*']; +if(isset($c['*']) or !strcspn($p, '#?;')){return "{$b}{$p}{$a}";} // All ok, frag, query, param +if(preg_match('`^([a-z\d\-+.&#; ]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])){ // Denied prot + return "{$b}denied:{$p}{$a}"; +} +if($C['abs_url']){ + if($C['abs_url'] == -1 && strpos($p, $C['base_url']) === 0){ // Make url rel + $p = substr($p, strlen($C['base_url'])); + }elseif(empty($m[1])){ // Make URL abs + if(substr($p, 0, 2) == '//'){$p = substr($C['base_url'], 0, strpos($C['base_url'], ':')+1). $p;} + elseif($p[0] == '/'){$p = preg_replace('`(^.+?://[^/]+)(.*)`', '$1', $C['base_url']). $p;} + elseif(strcspn($p, './')){$p = $C['base_url']. $p;} + else{ + preg_match('`^([a-zA-Z\d\-+.]+://[^/]+)(.*)`', $C['base_url'], $m); + $p = preg_replace('`(?<=/)\./`', '', $m[2]. $p); + while(preg_match('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', $p)){ + $p = preg_replace('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', '', $p); + } + $p = $m[1]. $p; + } + } +} +return "{$b}{$p}{$a}"; +// eof +} + +function hl_regex($p){ +// ?regex +if(empty($p)){return 0;} +if($t = ini_get('track_errors')){$o = isset($php_errormsg) ? $php_errormsg : null;} +else{ini_set('track_errors', 1);} +unset($php_errormsg); +if(($d = ini_get('display_errors'))){ini_set('display_errors', 0);} +preg_match($p, ''); +if($d){ini_set('display_errors', 1);} +$r = isset($php_errormsg) ? 0 : 1; +if($t){$php_errormsg = isset($o) ? $o : null;} +else{ini_set('track_errors', 0);} +return $r; +// eof +} + +function hl_spec($t){ +// final $spec +$s = array(); +$t = str_replace(array("\t", "\r", "\n", ' '), '', preg_replace('/"(?>(`.|[^"])*)"/sme', 'substr(str_replace(array(";", "|", "~", " ", ",", "/", "(", ")", \'`"\'), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", "\""), "$0"), 1, -1)', trim($t))); +for($i = count(($t = explode(';', $t))); --$i>=0;){ + $w = $t[$i]; + if(empty($w) or ($e = strpos($w, '=')) === false or !strlen(($a = substr($w, $e+1)))){continue;} + $y = $n = array(); + foreach(explode(',', $a) as $v){ + if(!preg_match('`^([a-z:\-\*]+)(?:\((.*?)\))?`i', $v, $m)){continue;} + if(($x = strtolower($m[1])) == '-*'){$n['*'] = 1; continue;} + if($x[0] == '-'){$n[substr($x, 1)] = 1; continue;} + if(!isset($m[2])){$y[$x] = 1; continue;} + foreach(explode('/', $m[2]) as $m){ + if(empty($m) or ($p = strpos($m, '=')) == 0 or $p < 5){$y[$x] = 1; continue;} + $y[$x][strtolower(substr($m, 0, $p))] = str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08"), array(";", "|", "~", " ", ",", "/", "(", ")"), substr($m, $p+1)); + } + if(isset($y[$x]['match']) && !hl_regex($y[$x]['match'])){unset($y[$x]['match']);} + if(isset($y[$x]['nomatch']) && !hl_regex($y[$x]['nomatch'])){unset($y[$x]['nomatch']);} + } + if(!count($y) && !count($n)){continue;} + foreach(explode(',', substr($w, 0, $e)) as $v){ + if(!strlen(($v = strtolower($v)))){continue;} + if(count($y)){$s[$v] = $y;} + if(count($n)){$s[$v]['n'] = $n;} + } +} +return $s; +// eof +} + +function hl_tag($t){ +// tag/attribute handler +global $C; +$t = $t[0]; +// invalid < > +if($t == '< '){return '< ';} +if($t == '>'){return '>';} +if(!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)){ + return str_replace(array('<', '>'), array('<', '>'), $t); +}elseif(!isset($C['elements'][($e = strtolower($m[2]))])){ + return (($C['keep_bad']%2) ? str_replace(array('<', '>'), array('<', '>'), $t) : ''); +} +// attr string +$a = str_replace(array("\xad", "\n", "\r", "\t"), ' ', trim($m[3])); +if(strpos($a, '&') !== false){ + str_replace(array('­', '­', '­'), ' ', $a); +} +// tag transform +static $eD = array('applet'=>1, 'center'=>1, 'dir'=>1, 'embed'=>1, 'font'=>1, 'isindex'=>1, 'menu'=>1, 's'=>1, 'strike'=>1, 'u'=>1); // Deprecated +if($C['make_tag_strict'] && isset($eD[$e])){ + $trt = hl_tag2($e, $a, $C['make_tag_strict']); + if(!$e){return (($C['keep_bad']%2) ? str_replace(array('<', '>'), array('<', '>'), $t) : '');} +} +// close tag +static $eE = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1); // Empty ele +if(!empty($m[1])){ + return (!isset($eE[$e]) ? "</$e>" : (($C['keep_bad'])%2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '')); +} + +// open tag & attr +static $aN = array('abbr'=>array('td'=>1, 'th'=>1), 'accept-charset'=>array('form'=>1), 'accept'=>array('form'=>1, 'input'=>1), 'accesskey'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'legend'=>1, 'textarea'=>1), 'action'=>array('form'=>1), 'align'=>array('caption'=>1, 'embed'=>1, 'applet'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'legend'=>1, 'table'=>1, 'hr'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'alt'=>array('applet'=>1, 'area'=>1, 'img'=>1, 'input'=>1), 'archive'=>array('applet'=>1, 'object'=>1), 'axis'=>array('td'=>1, 'th'=>1), 'bgcolor'=>array('embed'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'th'=>1), 'border'=>array('table'=>1, 'img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'cellpadding'=>array('table'=>1), 'cellspacing'=>array('table'=>1), 'char'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charoff'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charset'=>array('a'=>1, 'script'=>1), 'checked'=>array('input'=>1), 'cite'=>array('blockquote'=>1, 'q'=>1, 'del'=>1, 'ins'=>1), 'classid'=>array('object'=>1), 'clear'=>array('br'=>1), 'code'=>array('applet'=>1), 'codebase'=>array('object'=>1, 'applet'=>1), 'codetype'=>array('object'=>1), 'color'=>array('font'=>1), 'cols'=>array('textarea'=>1), 'colspan'=>array('td'=>1, 'th'=>1), 'compact'=>array('dir'=>1, 'dl'=>1, 'menu'=>1, 'ol'=>1, 'ul'=>1), 'coords'=>array('area'=>1, 'a'=>1), 'data'=>array('object'=>1), 'datetime'=>array('del'=>1, 'ins'=>1), 'declare'=>array('object'=>1), 'defer'=>array('script'=>1), 'dir'=>array('bdo'=>1), 'disabled'=>array('button'=>1, 'input'=>1, 'optgroup'=>1, 'option'=>1, 'select'=>1, 'textarea'=>1), 'enctype'=>array('form'=>1), 'face'=>array('font'=>1), 'for'=>array('label'=>1), 'frame'=>array('table'=>1), 'frameborder'=>array('iframe'=>1), 'headers'=>array('td'=>1, 'th'=>1), 'height'=>array('embed'=>1, 'iframe'=>1, 'td'=>1, 'th'=>1, 'img'=>1, 'object'=>1, 'applet'=>1), 'href'=>array('a'=>1, 'area'=>1), 'hreflang'=>array('a'=>1), 'hspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'ismap'=>array('img'=>1, 'input'=>1), 'label'=>array('option'=>1, 'optgroup'=>1), 'language'=>array('script'=>1), 'longdesc'=>array('img'=>1, 'iframe'=>1), 'marginheight'=>array('iframe'=>1), 'marginwidth'=>array('iframe'=>1), 'maxlength'=>array('input'=>1), 'method'=>array('form'=>1), 'model'=>array('embed'=>1), 'multiple'=>array('select'=>1), 'name'=>array('button'=>1, 'embed'=>1, 'textarea'=>1, 'applet'=>1, 'select'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'a'=>1, 'input'=>1, 'object'=>1, 'map'=>1, 'param'=>1), 'nohref'=>array('area'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'object'=>array('applet'=>1), 'onblur'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onchange'=>array('input'=>1, 'select'=>1, 'textarea'=>1), 'onfocus'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onreset'=>array('form'=>1), 'onselect'=>array('input'=>1, 'textarea'=>1), 'onsubmit'=>array('form'=>1), 'pluginspage'=>array('embed'=>1), 'pluginurl'=>array('embed'=>1), 'prompt'=>array('isindex'=>1), 'readonly'=>array('textarea'=>1, 'input'=>1), 'rel'=>array('a'=>1), 'rev'=>array('a'=>1), 'rows'=>array('textarea'=>1), 'rowspan'=>array('td'=>1, 'th'=>1), 'rules'=>array('table'=>1), 'scope'=>array('td'=>1, 'th'=>1), 'scrolling'=>array('iframe'=>1), 'selected'=>array('option'=>1), 'shape'=>array('area'=>1, 'a'=>1), 'size'=>array('hr'=>1, 'font'=>1, 'input'=>1, 'select'=>1), 'span'=>array('col'=>1, 'colgroup'=>1), 'src'=>array('embed'=>1, 'script'=>1, 'input'=>1, 'iframe'=>1, 'img'=>1), 'standby'=>array('object'=>1), 'start'=>array('ol'=>1), 'summary'=>array('table'=>1), 'tabindex'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'object'=>1, 'select'=>1, 'textarea'=>1), 'target'=>array('a'=>1, 'area'=>1, 'form'=>1), 'type'=>array('a'=>1, 'embed'=>1, 'object'=>1, 'param'=>1, 'script'=>1, 'input'=>1, 'li'=>1, 'ol'=>1, 'ul'=>1, 'button'=>1), 'usemap'=>array('img'=>1, 'input'=>1, 'object'=>1), 'valign'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'value'=>array('input'=>1, 'option'=>1, 'param'=>1, 'button'=>1, 'li'=>1), 'valuetype'=>array('param'=>1), 'vspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'width'=>array('embed'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'object'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'applet'=>1, 'col'=>1, 'colgroup'=>1, 'pre'=>1), 'wmode'=>array('embed'=>1), 'xml:space'=>array('pre'=>1, 'script'=>1, 'style'=>1)); // Ele-specific +static $aNE = array('checked'=>1, 'compact'=>1, 'declare'=>1, 'defer'=>1, 'disabled'=>1, 'ismap'=>1, 'multiple'=>1, 'nohref'=>1, 'noresize'=>1, 'noshade'=>1, 'nowrap'=>1, 'readonly'=>1, 'selected'=>1); // Empty +static $aNP = array('action'=>1, 'cite'=>1, 'classid'=>1, 'codebase'=>1, 'data'=>1, 'href'=>1, 'longdesc'=>1, 'model'=>1, 'pluginspage'=>1, 'pluginurl'=>1, 'usemap'=>1); // Need scheme check; excludes style, on* & src +static $aNU = array('class'=>array('param'=>1, 'script'=>1), 'dir'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'id'=>array('script'=>1), 'lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'xml:lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'onclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'ondblclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeydown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeypress'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeyup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousedown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousemove'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseout'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseover'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'style'=>array('param'=>1, 'script'=>1), 'title'=>array('param'=>1, 'script'=>1)); // Univ & exceptions + +if($C['lc_std_val']){ + // predef attr vals for $eAL & $aNE ele + static $aNL = array('all'=>1, 'baseline'=>1, 'bottom'=>1, 'button'=>1, 'center'=>1, 'char'=>1, 'checkbox'=>1, 'circle'=>1, 'col'=>1, 'colgroup'=>1, 'cols'=>1, 'data'=>1, 'default'=>1, 'file'=>1, 'get'=>1, 'groups'=>1, 'hidden'=>1, 'image'=>1, 'justify'=>1, 'left'=>1, 'ltr'=>1, 'middle'=>1, 'none'=>1, 'object'=>1, 'password'=>1, 'poly'=>1, 'post'=>1, 'preserve'=>1, 'radio'=>1, 'rect'=>1, 'ref'=>1, 'reset'=>1, 'right'=>1, 'row'=>1, 'rowgroup'=>1, 'rows'=>1, 'rtl'=>1, 'submit'=>1, 'text'=>1, 'top'=>1); + static $eAL = array('a'=>1, 'area'=>1, 'bdo'=>1, 'button'=>1, 'col'=>1, 'form'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'optgroup'=>1, 'option'=>1, 'param'=>1, 'script'=>1, 'select'=>1, 'table'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1, 'xml:space'=>1); + $lcase = isset($eAL[$e]) ? 1 : 0; +} + +$depTr = 0; +if($C['no_deprecated_attr']){ + // dep attr:applicable ele + static $aND = array('align'=>array('caption'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'legend'=>1, 'object'=>1, 'p'=>1, 'table'=>1), 'bgcolor'=>array('table'=>1, 'td'=>1, 'th'=>1, 'tr'=>1), 'border'=>array('img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'clear'=>array('br'=>1), 'compact'=>array('dl'=>1, 'ol'=>1, 'ul'=>1), 'height'=>array('td'=>1, 'th'=>1), 'hspace'=>array('img'=>1, 'object'=>1), 'language'=>array('script'=>1), 'name'=>array('a'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'map'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'size'=>array('hr'=>1), 'start'=>array('ol'=>1), 'type'=>array('li'=>1, 'ol'=>1, 'ul'=>1), 'value'=>array('li'=>1), 'vspace'=>array('img'=>1, 'object'=>1), 'width'=>array('hr'=>1, 'pre'=>1, 'td'=>1, 'th'=>1)); + static $eAD = array('a'=>1, 'br'=>1, 'caption'=>1, 'div'=>1, 'dl'=>1, 'form'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'legend'=>1, 'li'=>1, 'map'=>1, 'object'=>1, 'ol'=>1, 'p'=>1, 'pre'=>1, 'script'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'tr'=>1, 'ul'=>1); + $depTr = isset($eAD[$e]) ? 1 : 0; +} + +// attr name-vals +if(strpos($a, "\x01") !== false){$a = preg_replace('`\x01[^\x01]*\x01`', '', $a);} // No comment/CDATA sec +$mode = 0; $a = trim($a, ' /'); $aA = array(); +while(strlen($a)){ + $w = 0; + switch($mode){ + case 0: // Name + if(preg_match('`^[a-zA-Z][\-a-zA-Z:]+`', $a, $m)){ + $nm = strtolower($m[0]); + $w = $mode = 1; $a = ltrim(substr_replace($a, '', 0, strlen($m[0]))); + } + break; case 1: + if($a[0] == '='){ // = + $w = 1; $mode = 2; $a = ltrim($a, '= '); + }else{ // No val + $w = 1; $mode = 0; $a = ltrim($a); + $aA[$nm] = ''; + } + break; case 2: // Val + if(preg_match('`^"[^"]*"`', $a, $m) or preg_match("`^'[^']*'`", $a, $m) or preg_match("`^\s*[^\s\"']+`", $a, $m)){ + $m = $m[0]; $w = 1; $mode = 0; $a = ltrim(substr_replace($a, '', 0, strlen($m))); + $aA[$nm] = trim(($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m); + } + break; + } + if($w == 0){ // Parse errs, deal with space, " & ' + $a = preg_replace('`^(?:"[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*`', '', $a); + $mode = 0; + } +} +if($mode == 1){$aA[$nm] = '';} + +// clean attrs +global $S; +$rl = isset($S[$e]) ? $S[$e] : array(); +$a = array(); $nfr = 0; +foreach($aA as $k=>$v){ + if(((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k])) or isset($rl[$k])) && ((!isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])) && (isset($aN[$k][$e]) or (isset($aNU[$k]) && !isset($aNU[$k][$e])))){ + if(isset($aNE[$k])){$v = $k;} + elseif(!empty($lcase) && (($e != 'button' or $e != 'input') or $k == 'type')){ // Rather loose but ?not cause issues + $v = (isset($aNL[($v2 = strtolower($v))])) ? $v2 : $v; + } + if($k == 'style' && !$C['style_pass']){ + if(false !== strpos($v, '&#')){ + static $sC = array(' '=>' ', ' '=>' ', 'E'=>'e', 'E'=>'e', 'e'=>'e', 'e'=>'e', 'X'=>'x', 'X'=>'x', 'x'=>'x', 'x'=>'x', 'P'=>'p', 'P'=>'p', 'p'=>'p', 'p'=>'p', 'S'=>'s', 'S'=>'s', 's'=>'s', 's'=>'s', 'I'=>'i', 'I'=>'i', 'i'=>'i', 'i'=>'i', 'O'=>'o', 'O'=>'o', 'o'=>'o', 'o'=>'o', 'N'=>'n', 'N'=>'n', 'n'=>'n', 'n'=>'n', 'U'=>'u', 'U'=>'u', 'u'=>'u', 'u'=>'u', 'R'=>'r', 'R'=>'r', 'r'=>'r', 'r'=>'r', 'L'=>'l', 'L'=>'l', 'l'=>'l', 'l'=>'l', '('=>'(', '('=>'(', ')'=>')', ')'=>')', ' '=>':', ' '=>':', '"'=>'"', '"'=>'"', '''=>"'", '''=>"'", '/'=>'/', '/'=>'/', '*'=>'*', '*'=>'*', '\'=>'\\', '\'=>'\\'); + $v = strtr($v, $sC); + } + $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); + $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; + }elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){ + $v = hl_prot($v, $k); + if($k == 'href'){ // X-spam + if($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0){ + $v = str_replace('@', htmlspecialchars($C['anti_mail_spam']), $v); + }elseif($C['anti_link_spam']){ + $r1 = $C['anti_link_spam'][1]; + if(!empty($r1) && preg_match($r1, $v)){continue;} + $r0 = $C['anti_link_spam'][0]; + if(!empty($r0) && preg_match($r0, $v)){ + if(isset($a['rel'])){ + if(!preg_match('`\bnofollow\b`i', $a['rel'])){$a['rel'] .= ' nofollow';} + }elseif(isset($aA['rel'])){ + if(!preg_match('`\bnofollow\b`i', $aA['rel'])){$nfr = 1;} + }else{$a['rel'] = 'nofollow';} + } + } + } + } + if(isset($rl[$k]) && is_array($rl[$k]) && ($v = hl_attrval($v, $rl[$k])) === 0){continue;} + $a[$k] = str_replace('"', '"', $v); + } +} +if($nfr){$a['rel'] = isset($a['rel']) ? $a['rel']. ' nofollow' : 'nofollow';} + +// rqd attr +static $eAR = array('area'=>array('alt'=>'area'), 'bdo'=>array('dir'=>'ltr'), 'form'=>array('action'=>''), 'img'=>array('src'=>'', 'alt'=>'image'), 'map'=>array('name'=>''), 'optgroup'=>array('label'=>''), 'param'=>array('name'=>''), 'script'=>array('type'=>'text/javascript'), 'textarea'=>array('rows'=>'10', 'cols'=>'50')); +if(isset($eAR[$e])){ + foreach($eAR[$e] as $k=>$v){ + if(!isset($a[$k])){$a[$k] = isset($v[0]) ? $v : $k;} + } +} + +// depr attrs +if($depTr){ + $c = array(); + foreach($a as $k=>$v){ + if($k == 'style' or !isset($aND[$k][$e])){continue;} + if($k == 'align'){ + unset($a['align']); + if($e == 'img' && ($v == 'left' or $v == 'right')){$c[] = 'float: '. $v;} + elseif(($e == 'div' or $e == 'table') && $v == 'center'){$c[] = 'margin: auto';} + else{$c[] = 'text-align: '. $v;} + }elseif($k == 'bgcolor'){ + unset($a['bgcolor']); + $c[] = 'background-color: '. $v; + }elseif($k == 'border'){ + unset($a['border']); $c[] = "border: {$v}px"; + }elseif($k == 'bordercolor'){ + unset($a['bordercolor']); $c[] = 'border-color: '. $v; + }elseif($k == 'clear'){ + unset($a['clear']); $c[] = 'clear: '. ($v != 'all' ? $v : 'both'); + }elseif($k == 'compact'){ + unset($a['compact']); $c[] = 'font-size: 85%'; + }elseif($k == 'height' or $k == 'width'){ + unset($a[$k]); $c[] = $k. ': '. ($v[0] != '*' ? $v. (ctype_digit($v) ? 'px' : '') : 'auto'); + }elseif($k == 'hspace'){ + unset($a['hspace']); $c[] = "margin-left: {$v}px; margin-right: {$v}px"; + }elseif($k == 'language' && !isset($a['type'])){ + unset($a['language']); + $a['type'] = 'text/'. strtolower($v); + }elseif($k == 'name'){ + if($C['no_deprecated_attr'] == 2 or ($e != 'a' && $e != 'map')){unset($a['name']);} + if(!isset($a['id']) && preg_match('`[a-zA-Z][a-zA-Z\d.:_\-]*`', $v)){$a['id'] = $v;} + }elseif($k == 'noshade'){ + unset($a['noshade']); $c[] = 'border-style: none; border: 0; background-color: gray; color: gray'; + }elseif($k == 'nowrap'){ + unset($a['nowrap']); $c[] = 'white-space: nowrap'; + }elseif($k == 'size'){ + unset($a['size']); $c[] = 'size: '. $v. 'px'; + }elseif($k == 'start' or $k == 'value'){ + unset($a[$k]); + }elseif($k == 'type'){ + unset($a['type']); + static $ol_type = array('i'=>'lower-roman', 'I'=>'upper-roman', 'a'=>'lower-latin', 'A'=>'upper-latin', '1'=>'decimal'); + $c[] = 'list-style-type: '. (isset($ol_type[$v]) ? $ol_type[$v] : 'decimal'); + }elseif($k == 'vspace'){ + unset($a['vspace']); $c[] = "margin-top: {$v}px; margin-bottom: {$v}px"; + } + } + if(count($c)){ + $c = implode('; ', $c); + $a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;'). '; '. $c. ';': $c. ';'; + } +} +// unique ID +if($C['unique_ids'] && isset($a['id'])){ + if(!preg_match('`^[A-Za-z][A-Za-z0-9_\-.:]*$`', ($id = $a['id'])) or (isset($GLOBALS['hl_Ids'][$id]) && $C['unique_ids'] == 1)){unset($a['id']); + }else{ + while(isset($GLOBALS['hl_Ids'][$id])){$id = $C['unique_ids']. $id;} + $GLOBALS['hl_Ids'][($a['id'] = $id)] = 1; + } +} +// xml:lang +if($C['xml:lang'] && isset($a['lang'])){ + $a['xml:lang'] = isset($a['xml:lang']) ? $a['xml:lang'] : $a['lang']; + if($C['xml:lang'] == 2){unset($a['lang']);} +} +// for transformed tag +if(!empty($trt)){ + $a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;'). '; '. $trt : $trt; +} +// return with empty ele / +if(empty($C['hook_tag'])){ + $aA = ''; + foreach($a as $k=>$v){$aA .= " {$k}=\"{$v}\"";} + return "<{$e}{$aA}". (isset($eE[$e]) ? ' /' : ''). '>'; +} +else{return $C['hook_tag']($e, $a);} +// eof +} + +function hl_tag2(&$e, &$a, $t=1){ +// transform tag +if($e == 'center'){$e = 'div'; return 'text-align: center;';} +if($e == 'dir' or $e == 'menu'){$e = 'ul'; return '';} +if($e == 's' or $e == 'strike'){$e = 'span'; return 'text-decoration: line-through;';} +if($e == 'u'){$e = 'span'; return 'text-decoration: underline;';} +static $fs = array('0'=>'xx-small', '1'=>'xx-small', '2'=>'small', '3'=>'medium', '4'=>'large', '5'=>'x-large', '6'=>'xx-large', '7'=>'300%', '-1'=>'smaller', '-2'=>'60%', '+1'=>'larger', '+2'=>'150%', '+3'=>'200%', '+4'=>'300%'); +if($e == 'font'){ + $a2 = ''; + if(preg_match('`face\s*=\s*(\'|")([^=]+?)\\1`i', $a, $m) or preg_match('`face\s*=\s*([^"])(\S+)`i', $a, $m)){ + $a2 .= ' font-family: '. str_replace('"', '\'', trim($m[2])). ';'; + } + if(preg_match('`color\s*=\s*(\'|")?(.+?)(\\1|\s|$)`i', $a, $m)){ + $a2 .= ' color: '. trim($m[2]). ';'; + } + if(preg_match('`size\s*=\s*(\'|")?(.+?)(\\1|\s|$)`i', $a, $m) && isset($fs[($m = trim($m[2]))])){ + $a2 .= ' font-size: '. $fs[$m]. ';'; + } + $e = 'span'; return ltrim($a2); +} +if($t == 2){$e = 0; return 0;} +return ''; +// eof +} + +function hl_tidy($t, $w, $p){ +// Tidy/compact HTM +if(strpos(' pre,script,textarea', "$p,")){return $t;} +$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea).*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t))); +if(($w = strtolower($w)) == -1){ + return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t); +} +$s = strpos(" $w", 't') ? "\t" : ' '; +$s = preg_match('`\d`', $w, $m) ? str_repeat($s, $m[0]) : str_repeat($s, ($s == "\t" ? 1 : 2)); +$n = preg_match('`[ts]([1-9])`', $w, $m) ? $m[1] : 0; +$a = array('br'=>1); +$b = array('button'=>1, 'input'=>1, 'option'=>1); +$c = array('caption'=>1, 'dd'=>1, 'dt'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'isindex'=>1, 'label'=>1, 'legend'=>1, 'li'=>1, 'object'=>1, 'p'=>1, 'pre'=>1, 'td'=>1, 'textarea'=>1, 'th'=>1); +$d = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'colgroup'=>1, 'dir'=>1, 'div'=>1, 'dl'=>1, 'fieldset'=>1, 'form'=>1, 'hr'=>1, 'iframe'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'table'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1); +ob_start(); +if(isset($d[$p])){echo str_repeat($s, ++$n);} +$t = explode('<', $t); +echo ltrim(array_shift($t)); +for($i=-1, $j=count($t); ++$i<$j;){ + $r = ''; list($e, $r) = explode('>', $t[$i]); + $x = $e[0] == '/' ? 0 : (substr($e, -1) == '/' ? 1 : ($e[0] != '!' ? 2 : -1)); + $y = !$x ? ltrim($e, '/') : ($x > 0 ? substr($e, 0, strcspn($e, ' ')) : 0); + $e = "<$e>"; + if(isset($d[$y])){ + if(!$x){echo "\n", str_repeat($s, --$n), "$e\n", str_repeat($s, $n);} + else{echo "\n", str_repeat($s, $n), "$e\n", str_repeat($s, ($x != 1 ? ++$n : $n));} + echo ltrim($r); continue; + } + $f = "\n". str_repeat($s, $n); + if(isset($c[$y])){ + if(!$x){echo $e, $f, ltrim($r);} + else{echo $f, $e, $r;} + }elseif(isset($b[$y])){echo $f, $e, $r; + }elseif(isset($a[$y])){echo $e, $f, ltrim($r); + }elseif(!$y){echo $f, $e, $f, ltrim($r); + }else{echo $e, $r;} +} +$t = preg_replace('`[\n]\s*?[\n]+`', "\n", ob_get_contents()); +ob_end_clean(); +if(($l = strpos(" $w", 'r') ? (strpos(" $w", 'n') ? "\r\n" : "\r") : 0)){ + $t = str_replace("\n", $l, $t); +} +return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t); +// eof +} + +function hl_version(){ +// rel +return '1.1.8.1'; +// eof +} + +function kses($t, $h, $p=array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'gopher', 'mailto')){ +// kses compat +foreach($h as $k=>$v){ + $h[$k]['n']['*'] = 1; +} +$C['cdata'] = $C['comment'] = $C['make_tag_strict'] = $C['no_deprecated_attr'] = $C['unique_ids'] = 0; +$C['keep_bad'] = 1; +$C['elements'] = count($h) ? strtolower(implode(',', array_keys($h))) : '-*'; +$C['hook'] = 'kses_hook'; +$C['schemes'] = '*:'. implode(',', $p); +return htmLawed($t, $C, $h); +// eof +} + +function kses_hook($t, &$C, &$S){ +// kses compat +return $t; +// eof +}
\ No newline at end of file diff --git a/extlib/htmLawed/htmLawedTest.php b/extlib/htmLawed/htmLawedTest.php new file mode 100644 index 000000000..776828699 --- /dev/null +++ b/extlib/htmLawed/htmLawedTest.php @@ -0,0 +1,592 @@ +<?php + +/* +htmLawedTest.php, 16 July 2009 +htmLawed 1.1.8.1, 16 July 2009 +Copyright Santosh Patnaik +GPL v3 license +A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed + +Test htmLawed; user provides text input; input and processed input are shown as highlighted code and rendered HTML; also shown are execution time and peak memory usage +*/ + +// config +$_errs = 0; // display PHP errors +$_limit = 8000; // input character limit + +// more config +$_hlimit = 1000; // input character limit for showing hexdumps +$_hilite = 1; // 0 turns off slow Javascript-based code-highlighting, e.g., if $_limit is high +$_w3c_validate = 1; // 1 to show buttons to send input/output to w3c validator +$_sid = 'sid'; // session name; alphanum. +$_slife = 30; // session life in min. + +// errors +error_reporting(E_ALL | (defined('E_STRICT') ? E_STRICT : 1)); +ini_set('display_errors', $_errs); + +// session +session_name($_sid); +session_cache_limiter('private'); +session_cache_expire($_slife); +ini_set('session.gc_maxlifetime', $_slife * 60); +ini_set('session.use_only_cookies', 1); +ini_set('session.cookie_lifetime', 0); +session_start(); +if(!isset($_SESSION['token'])){ + $_SESSION['token'] = md5(uniqid(rand(), 1)); +} + +// slashes +if(get_magic_quotes_gpc()){ + foreach($_POST as $k => $v){ + $_POST[$k] = stripslashes($v); + } + ini_set('magic_quotes_gpc', 0); +} +set_magic_quotes_runtime(0); + +$_POST['enc'] = (isset($_POST['enc']) and preg_match('`^[-\w]+$`', $_POST['enc'])) ? $_POST['enc'] : 'utf-8'; + +// token for anti-CSRF +if(count($_POST)){ + if((empty($_GET['pre']) and ((!empty($_POST['token']) and !empty($_SESSION['token']) and $_POST['token'] != $_SESSION['token']) or empty($_POST[$_sid]) or $_POST[$_sid] != session_id() or empty($_COOKIE[$_sid]) or $_COOKIE[$_sid] != session_id())) or ($_POST[$_sid] != session_id())){ + $_POST = array('enc'=>'utf-8'); + } +} +if(empty($_GET['pre'])){ + $_SESSION['token'] = md5(uniqid(rand(), 1)); + $token = $_SESSION['token']; + session_regenerate_id(1); +} + +// compress +if(function_exists('gzencode') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && preg_match('`gzip|deflate`i', $_SERVER['HTTP_ACCEPT_ENCODING']) && !ini_get('zlib.output_compression')){ + ob_start('ob_gzhandler'); +} + +// HTM for unprocessed +if(isset($_POST['inputH'])){ + echo '<html><head><title>htmLawed test: HTML view of unprocessed input</title></head><body style="margin:0; padding: 0;"><p style="background-color: black; color: white; padding: 2px;"> Rendering of unprocessed input without an HTML doctype or charset declaration <small><a style="color: white; text-decoration: none;" href="1" onclick="javascript:window.close(this); return false;">close window</a> | <a style="color: white; text-decoration: none;" href="htmLawedTest.php" onclick="javascript: window.open(\'htmLawedTest.php\', \'hlmain\'); window.close(this); return false;">htmLawed test page</a></small></p><div>', $_POST['inputH'], '</div></body></html>'; + exit; +} + +// main +$_POST['text'] = isset($_POST['text']) ? $_POST['text'] : 'text to process; < '. $_limit. ' characters'. ($_hlimit ? ' (for binary hexdump view, < '. $_hlimit. ')' : ''); +$do = (!empty($_POST[$_sid]) && isset($_POST['text'][0]) && !isset($_POST['text'][$_limit])) ? 1 : 0; +$limit_exceeded = isset($_POST['text'][$_limit]) ? 1 : 0; +$pre_mem = memory_get_usage(); +$validation = (!empty($_POST[$_sid]) and isset($_POST['w3c_validate'][0])) ? 1 : 0; +include './htmLawed.php'; + +function format($t){ + $t = "\n". str_replace(array("\t", "\r\n", "\r", '&', '<', '>', "\n"), array(' ', "\n", "\n", '&', '<', '>', "<span class=\"newline\">¬</span><br />\n"), $t); + return str_replace(array('<br />', "\n ", ' '), array("\n<br />\n", "\n ", ' '), $t); +} + +function hexdump($d){ +// Mainly by Aidan Lister <aidan@php.net>, Peter Waller <iridum@php.net> + $hexi = ''; + $ascii = ''; + ob_start(); + echo '<pre>'; + $offset = 0; + $len = strlen($d); + for($i=$j=0; $i<$len; $i++) + { + // Convert to hexidecimal + $hexi .= sprintf("%02X ", ord($d[$i])); + // Replace non-viewable bytes with '.' + if(ord($d[$i]) >= 32){ + $ascii .= htmlspecialchars($d[$i]); + }else{ + $ascii .= '.'; + } + // Add extra column spacing + if($j == 7){ + $hexi .= ' '; + $ascii .= ' '; + } + // Add row + if(++$j == 16 || $i == $len-1){ + // Join the hexi / ascii output + echo sprintf("%04X %-49s %s", $offset, $hexi, $ascii); + // Reset vars + $hexi = $ascii = ''; + $offset += 16; + $j = 0; + // Add newline + if ($i !== $len-1){ + echo "\n"; + } + } + } + echo '</pre>'; + $o = ob_get_contents(); + ob_end_clean(); + return $o; +} +?> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html lang="en" xml:lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=<?php echo htmlspecialchars($_POST['enc']); ?>" /> +<meta name="description" content="htmLawed <?php echo hl_version();?> test page" /> +<style type="text/css"><!--/*--><![CDATA[/*><!--*/ +a, a.resizer{text-decoration:none;} +a:hover, a.resizer:hover{color:red;} +a.resizer{color:green; float:right;} +body{background-color:#efefef;} +body, button, div, html, input, p{font-size:13px; font-family:'Lucida grande', Verdana, Arial, Helvetica, sans-serif;} +button, input{font-size: 85%;} +div.help{border-top: 1px dotted gray; margin-top: 15px; padding-top: 15px; color:#999999;} +#inputC, #inputD, #inputF, #inputR, #outputD, #outputF, #outputH, #outputR, #settingF{display:block;} +#inputC, #settingF{background-color:white; border:1px gray solid; padding:3px;} +#inputC li{margin: 0; padding: 0;} +#inputC ul{margin: 0; padding: 0; margin-left: 14px;} +#inputC input{margin: 0; margin-left: 2px; margin-right: 2px; padding: 1px; vertical-align: middle;} +#inputD{overflow:auto; background-color:#ffff99; border:1px #cc9966 solid; padding:3px;} +#inputR{overflow:auto; background-color:#ffffcc; border:1px #ffcc99 solid; padding:3px;} +#inputC, #settingF, #inputD, #inputR, #outputD, #outputR, textarea{font-size:100%; font-family:'Bitstream vera sans mono', 'courier new', 'courier', monospace;} +#outputD{overflow:auto; background-color: #99ffcc; border:1px #66cc99 solid; padding:3px;} +#outputH{overflow:auto; background-color:white; padding:3px; border:1px #dcdcdc solid;} +#outputR{overflow:auto; background-color: #ccffcc; border:1px #99cc99 solid; padding:3px;} +span.cmtcdata{color: orange;} +span.ctag{color:red;} +span.ent{border-bottom:1px dotted #999999;} +span.etag{color:purple;} +span.help{color:#999999;} +span.newline{color:#dcdcdc;} +span.notice{color:green;} +span.otag{color:blue;} +#topmost{margin:auto; width:98%;} +/*]]>*/--></style> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +window.name = 'hlmain'; +function hl(i){ + <?php if(!$_hilite){echo 'return;'; }?> + var e = document.getElementById(i); + if(!e){return;} + run(e, '</[a-z1-6]+>', 'ctag'); + run(e, '<[a-z]+(?:[^>]*)/>', 'etag'); + run(e, '<[a-z1-6]+(?:[^>]*)>', 'otag'); + run(e, '&[#a-z0-9]+;', 'ent'); + run(e, '<!(?:(?:--(?:.|\n)*?--)|(?:\\[CDATA\\[(?:.|\n)*?\\]\\]))>', 'cmtcdata'); +} +function sndProc(){ + var f = document.getElementById('testform'); + if(!f){return;} + var e = document.createElement('input'); + e.type = 'hidden'; + e.name = '<?php echo htmlspecialchars($_sid); ?>'; + e.id = '<?php echo htmlspecialchars($_sid); ?>'; + e.value = readCookie('<?php echo htmlspecialchars($_sid); ?>'); + f.appendChild(e); + f.submit(); +} +function readCookie(n){ + var ne = n + '='; + var ca = document.cookie.split(';'); + for(var i=0;i < ca.length;i++){ + var c = ca[i]; + while(c.charAt(0)==' '){ + c = c.substring(1,c.length); + } + if(c.indexOf(ne) == 0){ + return c.substring(ne.length,c.length); + } + } + return null; +} +function run(e, q, c){ + var q = new RegExp(q); + if(e.firstChild == null){ + var m = q.exec(e.data); + if(m){ + var v = m[0]; + var k2 = e.splitText(m.index); + var k3 = k2.splitText(v.length); + var s = e.ownerDocument.createElement('span'); + e.parentNode.replaceChild(s, k2); + s.className = c; s.appendChild(k2); + } + } + for(var k = e.firstChild; k != null; k = k.nextSibling){ + if(k.nodeType == 3){ + var m = q.exec(k.data); + if(m){ + var v = m[0]; + var k2 = k.splitText(m.index); + var k3 = k2.splitText(v.length); + var s = k.ownerDocument.createElement('span'); + k.parentNode.replaceChild(s, k2); + s.className = c; s.appendChild(k2); + } + } + else if(c == 'ent' && k.nodeType == 1){ + var d = k.firstChild; + if(d){ + var m = q.exec(d.data); + if(m){ + var v = m[0]; + var d2 = d.splitText(m.index); + var d3 = d2.splitText(v.length); + var s = d.ownerDocument.createElement('span'); + d.parentNode.replaceChild(s, d2); + s.className = c; s.appendChild(d2); + } + } + } + } +} +function toggle(i){ + var e = document.getElementById(i); + if(!e){return;} + if(e.style){ + var a = e.style.display; + if(a == 'block'){e.style.display = 'none'; return;} + if(a == 'none'){e.style.display = 'block';} + else{e.style.display = 'none';} + return; + } + var a = e.visibility; + if(a == 'hidden'){e.visibility = 'show'; return;} + if(a == 'show'){e.visibility = 'hidden';} +} +function sndUnproc(){ + var i = document.getElementById('text'); + if(!i){return;} + i = i.value; + i = i.replace(/>/g, '>'); + i = i.replace(/</g, '<'); + i = i.replace(/"/g, '"'); + var w = window.open('htmLawedTest.php?pre=1', 'hlprehtm'); + var f = document.createElement('form'); + f.enctype = 'application/x-www-form-urlencoded'; + f.method = 'post'; + f.acceptCharset = '<?php echo htmlspecialchars($_POST['enc']); ?>'; + if(f.style){f.style.display = 'none';} + else{f.visibility = 'hidden';} + f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="token" id="token" value="<?php echo $token; ?>" /><input style="display:none;" type="hidden" name="<?php echo htmlspecialchars($_sid); ?>" id="<?php echo htmlspecialchars($_sid); ?>" value="' + readCookie('<?php echo htmlspecialchars($_sid); ?>') + '" /><input style="display:none;" type="hidden" name="inputH" id="inputH" value="'+ i+ '" /></p>'; + f.action = 'htmLawedTest.php?pre=1'; + f.target = 'hlprehtm'; + f.method = 'post'; + var b = document.getElementsByTagName('body')[0]; + b.appendChild(f); + f.submit(); + w.focus; +} +function sndValidn(id, type){ + var i = document.getElementById(id); + if(!i){return;} + i = i.value; + i = i.replace(/>/g, '>'); + i = i.replace(/</g, '<'); + i = i.replace(/"/g, '"'); + var w = window.open('http://validator.w3.org/check', 'validate'+id+type); + var f = document.createElement('form'); + f.enctype = 'application/x-www-form-urlencoded'; + f.method = 'post'; + f.acceptCharset = '<?php echo htmlspecialchars($_POST['enc']); ?>'; + if(f.style){f.style.display = 'none';} + else{f.visibility = 'hidden';} + f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="fragment" id="fragment" value="'+ i+ '" /><input style="display:none;" type="hidden" name="prefill" id="prefill" value="1" /><input style="display:none;" type="hidden" name="prefill_doctype" id="prefill_doctype" value="'+ type+ '" /><input style="display:none;" type="hidden" name="group" id="group" value="1" /><input type="hidden" name="ss" id="ss" value="1" /></p>'; + f.action = 'http://validator.w3.org/check'; + f.target = 'validate'+id+type; + var b = document.getElementsByTagName('body')[0]; + b.appendChild(f); + f.submit(); + w.focus; +} +tRs = { + formEl: null, + resizeClass: 'textarea', + adEv: function(t,ev,fn){ + if(typeof document.addEventListener != 'undefined'){ + t.addEventListener(ev,fn,false); + }else{ + t.attachEvent('on' + ev, fn); + } + }, + rmEv: function(t,ev,fn){ + if(typeof document.removeEventListener != 'undefined'){ + t.removeEventListener(ev,fn,false); + }else + { + t.detachEvent('on' + ev, fn); + } + }, + adBtn: function(){ + var textareas = document.getElementsByTagName('textarea'); + for(var i = 0; i < textareas.length; i++){ + var txtclass=textareas[i].className; + if(txtclass.substring(0,tRs.resizeClass.length)==tRs.resizeClass || + txtclass.substring(txtclass.length -tRs.resizeClass.length)==tRs.resizeClass){ + var a = document.createElement('a'); + a.appendChild(document.createTextNode("\u2195")); + a.style.cursor = 'n-resize'; + a.className= 'resizer'; + a.title = 'click-drag to resize' + tRs.adEv(a, 'mousedown', tRs.initResize); + textareas[i].parentNode.appendChild(a); + } + } + }, + initResize: function(event){ + if(typeof event == 'undefined'){ + event = window.event; + } + if(event.srcElement){ + var target = event.srcElement.previousSibling; + }else{ + var target = event.target.previousSibling; + } + if(target.nodeName.toLowerCase() == 'textarea' || (target.nodeName.toLowerCase() == 'input' && target.type == 'text')){ + tRs.formEl = target; + tRs.formEl.startHeight = tRs.formEl.clientHeight; + tRs.formEl.startY = event.clientY; + tRs.adEv(document, 'mousemove', tRs.resize); + tRs.adEv(document, 'mouseup', tRs.stopResize); + tRs.formEl.parentNode.style.cursor = 'n-resize'; + tRs.formEl.style.cursor = 'n-resize'; + try{ + event.preventDefault(); + }catch(e){ + } + } + }, + resize: function(event){ + if(typeof event == 'undefined'){ + event = window.event; + } + if(tRs.formEl.nodeName.toLowerCase() == 'textarea'){ + tRs.formEl.style.height = event.clientY - tRs.formEl.startY + tRs.formEl.startHeight + 'px'; + } + }, + stopResize: function(event){ + tRs.rmEv(document, 'mousedown', tRs.initResize); + tRs.rmEv(document, 'mousemove', tRs.resize); + tRs.formEl.style.cursor = 'text'; + tRs.formEl.parentNode.style.cursor = 'auto'; + return false; + } +}; +tRs.adEv(window, 'load', tRs.adBtn); +//--><!]]></script> +<title>htmLawed (<?php echo hl_version();?>) test</title> +</head> +<body> +<div id="topmost"> + +<h5 style="float: left; display: inline; margin-top: 0; margin-bottom: 5px;"><a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php" title="htmLawed home">HTM<big><big>L</big></big>AWED</a> <?php echo hl_version();?> <a href="htmLawedTest.php" title="test home">TEST</a></h5> +<span style="float: right;" class="help"><a href="htmLawed_README.htm"><span class="notice">htm</span></a> / <a href="htmLawed_README.txt"><span class="notice">txt</span></a> documentation</span><br style="clear:both;" /> + +<a href="htmLawedTest.php" title="[toggle visibility] type or copy-paste" onclick="javascript:toggle('inputF'); return false;"><span class="notice">Input »</span> <span class="help" title="limit lower with multibyte characters<?php echo (($_hlimit < $_limit && $_hlimit)? '; limit is '. $_hlimit. ' for viewing binaries' : ''); ?>"><small>(max. <?php echo htmlspecialchars($_limit);?> chars)</small></span></a> + +<form id="testform" name="testform" action="htmLawedTest.php" method="post" accept-charset="<?php echo htmlspecialchars($_POST['enc']); ?>" style="padding:0; margin: 0; display:inline;"> + +<div id="inputF" style="display: block;"> + +<input type="hidden" name="token" id="token" value="<?php echo $token; ?>" /> +<div><textarea id="text" class="textarea" name="text" rows="5" cols="100" style="width: 100%;"><?php echo htmlspecialchars($_POST['text']);?></textarea></div> +<input type="submit" id="submitF" name="submitF" value="Process" style="float:left;" title="filter using htmLawed" onclick="javascript: sndProc(); return false;" onkeypress="javascript: sndProc(); return false;" /> + +<?php +if($do){ + if($validation){ + echo '<input type="hidden" value="1" name="w3c_validate" id="w3c_validate" />'; + } +?> + +<button type="button" title="rendered as web-page without a doctype or charset declaration" style="float: right;" onclick="javascript: sndUnproc(); return false;" onkeypress="javascript: sndUnproc(); return false;">View unprocessed</button> +<button type="button" onclick="javascript:document.getElementById('text').focus();document.getElementById('text').select()" title="select all to copy" style="float:right;">Select all</button> + +<?php +if($_w3c_validate && $validation){ +?> + +<button type="button" title="HTML 4.01 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text', 'html401'); return false;" onkeypress="javascript: sndValidn('text', 'html401'); return false;">Check HTML</button> +<button type="button" title="XHTML 1.1 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text', 'xhtml110'); return false;" onkeypress="javascript: sndValidn('text', 'xhtml110'); return false;">Check XHTML</button> + +<?php + } +} +else{ + if($_w3c_validate){ + echo '<span style="float: right;" class="help" title="for direct submission of input or output code to W3C validator for (X)HTML validation"><span style="font-size: 85%;"> Validator tools: </span><input type="checkbox" value="1" name="w3c_validate" id="w3c_validate" style="vertical-align: middle;"', ($validation ? ' checked="checked"' : ''), ' /></span>'; + } +} +?> + +<span style="float:right;" class="help"><span style="font-size: 85%;">Encoding: </span><input type="text" size="8" id="enc" name="enc" style="vertical-align: middle;" value="<?php echo htmlspecialchars($_POST['enc']); ?>" title="IANA-recognized name of the input character-set; can be multiple ;- or space-separated values; may not work in some browsers" /></span> + +</div> +<br style="clear:both;" /> + +<?php +if($limit_exceeded){ + echo '<br /><strong>Input text is too long!</strong><br />'; +} +?> + +<br /> + +<a href="htmLawedTest.php" title="[toggle visibility] htmLawed configuration" onclick="javascript:toggle('inputC'); return false;"><span class="notice">Settings »</span></a> + +<div id="inputC" style="display: none;"> +<table summary="none"> +<tr> +<td><span class="help" title="$config argument">Config:</span></td> +<td><ul> + +<?php +$cfg = array( +'abs_url'=>array('3', '0', 'absolute/relative URL conversion', '-1'), +'and_mark'=>array('2', '0', 'mark original <em>&</em> chars', '0', 'd'=>1), // 'd' to disable +'anti_link_spam'=>array('1', '0', 'modify <em>href</em> values as an anti-link spam measure', '0', array(array('30', '1', '', 'regex for extra <em>rel</em>'), array('30', '2', '', 'regex for no <em>href</em>'))), +'anti_mail_spam'=>array('1', '0', 'replace <em>@</em> in <em>mailto:</em> URLs', '0', '8', 'NO@SPAM', 'replacement'), +'balance'=>array('2', '1', 'fix nestings and balance tags', '0'), +'base_url'=>array('', '', 'base URL', '25'), +'cdata'=>array('4', 'nil', 'allow <em>CDATA</em> sections', 'nil'), +'clean_ms_char'=>array('3', '0', 'replace bad characters introduced by Microsoft apps. like <em>Word</em>', '0'), +'comment'=>array('4', 'nil', 'allow HTML comments', 'nil'), +'css_expression'=>array('2', 'nil', 'allow dynamic expressions in CSS style properties', 'nil'), +'deny_attribute'=>array('1', '0', 'denied attributes', '0', '50', '', 'these'), +'elements'=>array('', '', 'allowed elements', '50'), +'hexdec_entity'=>array('3', '1', 'convert hexadecimal numeric entities to decimal ones, or vice versa', '0'), +'hook'=>array('', '', 'name of hook function', '25'), +'hook_tag'=>array('', '', 'name of custom function to further check attribute values', '25'), +'keep_bad'=>array('7', '6', 'keep, or remove <em>bad</em> tag content', '0'), +'lc_std_val'=>array('2', '1', 'lower-case std. attribute values like <em>radio</em>', '0'), +'make_tag_strict'=>array('3', 'nil', 'transform deprecated elements', 'nil'), +'named_entity'=>array('2', '1', 'allow named entities, or convert numeric ones', '0'), +'no_deprecated_attr'=>array('3', '1', 'allow deprecated attributes, or transform them', '0'), +'parent'=>array('', 'div', 'name of parent element', '25'), +'safe'=>array('2', '0', 'for most <em>safe</em> HTML', '0'), +'schemes'=>array('', 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https', 'allowed URL protocols', '50'), +'show_setting'=>array('', 'htmLawed_setting', 'variable name to record <em>finalized</em> htmLawed settings', '25', 'd'=>1), +'style_pass'=>array('2', 'nil', 'do not look at <em>style</em> attribute values', 'nil'), +'tidy'=>array('3', '0', 'beautify/compact', '-1', '8', '1t1', 'format'), +'unique_ids'=>array('2', '1', 'unique <em>id</em> values', '0', '8', 'my_', 'prefix'), +'valid_xhtml'=>array('2', 'nil', 'auto-set various parameters for most valid XHTML', 'nil'), +'xml:lang'=>array('3', 'nil', 'auto-add <em>xml:lang</em> attribute', '0'), +); +foreach($cfg as $k=>$v){ + echo '<li>', $k, ': '; + if(!empty($v[0])){ // input radio + $j = $v[3]; + for($i = $j-1; ++$i < $v[0]+$v[3];++$j){ + echo '<input type="radio" name="h', $k, '" value="', $i, '"', (!isset($_POST['h'. $k]) ? ($v[1] == $i ? ' checked="checked"' : '') : ($_POST['h'. $k] == $i ? ' checked="checked"' : '')), (isset($v['d']) ? ' disabled="disabled"' : ''), ' />', $i, ' '; + } + if($v[1] == 'nil'){ + echo '<input type="radio" name="h', $k, '" value="nil"', ((!isset($_POST['h'. $k]) or $_POST['h'. $k] == 'nil') ? ' checked="checked"' : ''), (isset($v['d']) ? ' disabled="disabled"' : ''), ' />not set '; + } + if(!empty($v[4])){ // + input text box + echo '<input type="radio" name="h', $k, '" value="', $j, '"', (((isset($_POST['h'. $k]) && $_POST['h'. $k] == $j) or (!isset($_POST['h'. $k]) && $j == $v[1])) ? ' checked="checked"' : ''), (isset($v['d']) ? ' disabled="disabled"' : ''), ' />'; + if(!is_array($v[4])){ + echo $v[6], ': <input type="text" size="', $v[4], '" name="h', $k. $j, '" value="', htmlspecialchars(isset($_POST['h'. $k. $j][0]) ? $_POST['h'. $k. $j] : $v[5]), '"', (isset($v['d']) ? ' disabled="disabled"' : ''), ' />'; + } + else{ + foreach($v[4] as $z){ + echo ' ', $z[3], ': <input type="text" size="', $z[0], '" name="h', $k. $j. $z[1], '" value="', htmlspecialchars(isset($_POST['h'. $k. $j. $z[1]][0]) ? $_POST['h'. $k. $j. $z[1]] : $z[2]), '"', (isset($v['d']) ? ' disabled="disabled"' : ''), ' />'; + } + } + } + } + elseif(ctype_digit($v[3])){ // input text + echo '<input type="text" size="', $v[3], '" name="h', $k, '" value="', htmlspecialchars(isset($_POST['h'. $k][0]) ? $_POST['h'. $k] : $v[1]), '"', (isset($v['d']) ? ' disabled="disabled"' : ''), ' />'; + } + else{} // text-area + echo ' <span class="help">', $v[2], '</span></li>'; +} +echo '</ul></td></tr><tr><td><span style="vertical-align: top;" class="help" title="$spec argument: element-specific attribute rules">Spec:</span></td><td><textarea name="spec" id="spec" cols="70" rows="3" style="width:80%;">', htmlspecialchars((isset($_POST['spec']) ? $_POST['spec'] : '')), '</textarea></td></tr></table>'; +?> + +</div> +</form> + +<?php +if($do){ + $cfg = array(); + foreach($_POST as $k=>$v){ + if($k[0] == 'h' && $v != 'nil'){ + $cfg[substr($k, 1)] = $v; + } + } + + if($cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){ + $cfg['anti_link_spam'] = array($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); + } + unset($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); + if($cfg['anti_mail_spam'] == 1){ + $cfg['anti_mail_spam'] = isset($cfg['anti_mail_spam1'][0]) ? $cfg['anti_mail_spam1'] : 0; + } + unset($cfg['anti_mail_spam11']); + if($cfg['deny_attribute'] == 1){ + $cfg['deny_attribute'] = isset($cfg['deny_attribute1'][0]) ? $cfg['deny_attribute1'] : 0; + } + unset($cfg['deny_attribute1']); + if($cfg['tidy'] == 2){ + $cfg['tidy'] = isset($cfg['tidy2'][0]) ? $cfg['tidy2'] : 0; + } + unset($cfg['tidy2']); + if($cfg['unique_ids'] == 2){ + $cfg['unique_ids'] = isset($cfg['unique_ids2'][0]) ? $cfg['unique_ids2'] : 1; + } + unset($cfg['unique_ids2']); + unset($cfg['and_mark']); // disabling and_mark + + $cfg['show_setting'] = 'hlcfg'; + $st = microtime(); + $out = htmLawed($_POST['text'], $cfg, str_replace(array('$', '{'), '', $_POST['spec'])); + $et = microtime(); + echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code »</span></a> <span class="help" title="tags estimated as half of total > and < chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2), '</big> tags</small> </span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary » </span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings » </span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', ' ', ' '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output »</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>'; + if($_w3c_validate && $validation) + { +?> + +<button type="button" title="HTML 4.01 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text2', 'html401'); return false;" onkeypress="javascript: sndValidn('text2', 'html401'); return false;">Check HTML</button> +<button type="button" title="XHTML 1.1 W3C online validation" style="float: right;" onclick="javascript: sndValidn('text2', 'xhtml110'); return false;" onkeypress="javascript: sndValidn('text2', 'xhtml110'); return false;">Check XHTML</button> + +<?php + } + echo '</div><br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'outputR\'); return false;"><span class="notice">Output code »</span></a><div id="outputR" style="display: block;">', format($out), '</div><script type="text/javascript">hl(\'outputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? '<br /><a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'outputD\'); return false;"><span class="notice">Output binary »</span></a><div id="outputD" style="display: none;">'. hexdump($out). '</div>' : ''), '<br /><a href="htmLawedTest.php" title="[toggle visibility] XHTML 1 Transitional doctype" onclick="javascript:toggle(\'outputH\'); return false;"><span class="notice">Output rendered »</span></a><div id="outputH" style="display: block;">', $out, '</div>'; +} +else{ +?> + +<br /> + +<div class="help">Use with a Javascript- and cookie-enabled, relatively new version of a common browser. <em>Submitted input will also be HTML-rendered (XHTML 1) after htmLawed-filtering.</em> + +<?php echo (file_exists('./htmLawed_TESTCASE.txt') ? '<br /><br />You can use text from <a href="htmLawed_TESTCASE.txt"><span class="notice">this collection of test-cases</span></a> in the input. Set the character encoding of the browser to Unicode/utf-8 before copying.' : ''); ?> + +<br /><br />For anti-XSS tests, try the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawedSafeModeTest.php"><span class="notice">special test-page</span></a> or see <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm"><span class="notice">these results</span></a>. + +<br /><br /><small>Change <em>Encoding</em> to reflect the character encoding of the input text. Even then, it may not work or some characters may not display properly because of variable browser support and because of the form interface. Developers can write some PHP code to capture the filtered input to a file if this is important. +<br /><br />Refer to the htmLawed documentation (<a href="htmLawed_README.htm"><span class="notice">htm</span></a>/<a href="htmLawed_README.txt"><span class="notice">txt</span></a>) for details about <em>Settings</em>, and htmLawed's behavior and limitations. For <em>Settings</em>, incorrectly-specified values like regular expressions are silently ignored. One or more settings form-fields may have been disabled. Some characters are not allowed in the <em>Spec</em> field. + + +<br /><br />Hovering the mouse over some of the text can provide additional information in some browsers.</small> + +<?php +if($_w3c_validate){ +?> + +<small><br /><br />Because of character-encoding issues, the W3C validator (anyway not perfect) may reject validation requests or invalidate otherwise-valid code, esp. if text was copy-pasted in the input box. Local applications like the <em>HTML Validator</em> Firefox browser add-on may be useful in such cases.</small> + +<?php +} +?> + +</div> + +<?php +} +?> + +</div> +</body> +</html>
\ No newline at end of file diff --git a/extlib/htmLawed/htmLawed_README.htm b/extlib/htmLawed/htmLawed_README.htm new file mode 100644 index 000000000..e560e2eb2 --- /dev/null +++ b/extlib/htmLawed/htmLawed_README.htm @@ -0,0 +1,1979 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<meta http-equiv="Content-Language" content="en" /> +<meta name="description" content="htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter - htmLawed_README.txt - presented with rTxt2htm, a PHP Labware utility" /> +<meta name="keywords" content="htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements, htmLawed_README.txt, rTxt2htm, PHP Labware" /> +<style type="text/css" media="all"> +<!--/*--><![CDATA[/*><!--*/ +a {text-decoration:none; color: blue;} +a:hover {color: red;} +a:visited {color: blue;} +body {margin: 0; padding: 0;} +body, div, html, p {font-family: Georgia, 'Times new roman', Times;} +code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} +div.comment {padding: 5px; color: #999999; font-size: 80%;} +div.comment a {color: #6699cc;} +div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */ +div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */ +div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */ +div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} +div.sub-section {padding-left: 15px;} +div.sub-sub-section {padding-left: 30px;} +h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;} +h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;} +h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;} +h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;} +hr {margin-top: 15px; margin-bottom: 5px;} +input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} +p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;} +p.subtle a, p.subtle a:visited {color: #6699cc;} +span.item-no {color: black;} +span.subtle {color: gray; margin: 0; padding:0;} +span.subtle a, span.subtle a:visited {color: #6699cc;} +span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} +span.toc-item {color: black;} +span.totop {float: right; margin-top: 15px; margin-bottom: 5px;} +span.totop a, span.totop a:visited {color: #6699cc;} +@media screen { /* fixes for old IE */ + * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;} + * html div#body {height: 100%; overflow-y: auto; position: relative;} + * html div#toc {position: absolute;} +} +/*]]>*/--> +</style> +<title>htmLawed documentation | htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter</title> +</head> +<body> +<div id="top"> +<h1><a id="peak" name="peak"></a>htmLawed documentation</h1> + +<div id="toc"><span class="toc-item"><a href="#s1"><span class="item-no">1</span>  About htmLawed</a></span><br /> +  <span class="toc-item"><a href="#s1.1"><span class="item-no">1.1</span>  Example uses</a></span><br /> +  <span class="toc-item"><a href="#s1.2"><span class="item-no">1.2</span>  Features</a></span><br /> +  <span class="toc-item"><a href="#s1.3"><span class="item-no">1.3</span>  History</a></span><br /> +  <span class="toc-item"><a href="#s1.4"><span class="item-no">1.4</span>  License & copyright</a></span><br /> +  <span class="toc-item"><a href="#s1.5"><span class="item-no">1.5</span>  Terms used here</a></span><br /> +<span class="toc-item"><a href="#s2"><span class="item-no">2</span>  Usage</a></span><br /> +  <span class="toc-item"><a href="#s2.1"><span class="item-no">2.1</span>  Simple</a></span><br /> +  <span class="toc-item"><a href="#s2.2"><span class="item-no">2.2</span>  Configuring htmLawed using the <span class="term">$config</span> parameter</a></span><br /> +  <span class="toc-item"><a href="#s2.3"><span class="item-no">2.3</span>  Extra HTML specifications using the <span class="term">$spec</span> parameter</a></span><br /> +  <span class="toc-item"><a href="#s2.4"><span class="item-no">2.4</span>  Performance time & memory usage</a></span><br /> +  <span class="toc-item"><a href="#s2.5"><span class="item-no">2.5</span>  Some security risks to keep in mind</a></span><br /> +  <span class="toc-item"><a href="#s2.6"><span class="item-no">2.6</span>  Use without modifying old <span class="term">kses()</span> code</a></span><br /> +  <span class="toc-item"><a href="#s2.7"><span class="item-no">2.7</span>  Tolerance for ill-written HTML</a></span><br /> +  <span class="toc-item"><a href="#s2.8"><span class="item-no">2.8</span>  Limitations & work-arounds</a></span><br /> +  <span class="toc-item"><a href="#s2.9"><span class="item-no">2.9</span>  Examples</a></span><br /> +<span class="toc-item"><a href="#s3"><span class="item-no">3</span>  Details</a></span><br /> +  <span class="toc-item"><a href="#s3.1"><span class="item-no">3.1</span>  Invalid/dangerous characters</a></span><br /> +  <span class="toc-item"><a href="#s3.2"><span class="item-no">3.2</span>  Character references/entities</a></span><br /> +  <span class="toc-item"><a href="#s3.3"><span class="item-no">3.3</span>  HTML elements</a></span><br /> +    <span class="toc-item"><a href="#s3.3.1"><span class="item-no">3.3.1</span>  HTML comments and <span class="term">CDATA</span> sections</a></span><br /> +    <span class="toc-item"><a href="#s3.3.2"><span class="item-no">3.3.2</span>  Tag-transformation for better XHTML-Strict</a></span><br /> +    <span class="toc-item"><a href="#s3.3.3"><span class="item-no">3.3.3</span>  Tag balancing and proper nesting</a></span><br /> +    <span class="toc-item"><a href="#s3.3.4"><span class="item-no">3.3.4</span>  Elements requiring child elements</a></span><br /> +    <span class="toc-item"><a href="#s3.3.5"><span class="item-no">3.3.5</span>  Beautify or compact HTML</a></span><br /> +  <span class="toc-item"><a href="#s3.4"><span class="item-no">3.4</span>  Attributes</a></span><br /> +    <span class="toc-item"><a href="#s3.4.1"><span class="item-no">3.4.1</span>  Auto-addition of XHTML-required attributes</a></span><br /> +    <span class="toc-item"><a href="#s3.4.2"><span class="item-no">3.4.2</span>  Duplicate/invalid <span class="term">id</span> values</a></span><br /> +    <span class="toc-item"><a href="#s3.4.3"><span class="item-no">3.4.3</span>  URL schemes (protocols) and scripts in attribute values</a></span><br /> +    <span class="toc-item"><a href="#s3.4.4"><span class="item-no">3.4.4</span>  Absolute & relative URLs</a></span><br /> +    <span class="toc-item"><a href="#s3.4.5"><span class="item-no">3.4.5</span>  Lower-cased, standard attribute values</a></span><br /> +    <span class="toc-item"><a href="#s3.4.6"><span class="item-no">3.4.6</span>  Transformation of deprecated attributes</a></span><br /> +    <span class="toc-item"><a href="#s3.4.7"><span class="item-no">3.4.7</span>  Anti-spam & <span class="term">href</span></a></span><br /> +    <span class="toc-item"><a href="#s3.4.8"><span class="item-no">3.4.8</span>  Inline style properties</a></span><br /> +    <span class="toc-item"><a href="#s3.4.9"><span class="item-no">3.4.9</span>  Hook function for tag content</a></span><br /> +  <span class="toc-item"><a href="#s3.5"><span class="item-no">3.5</span>  Simple configuration directive for most valid XHTML</a></span><br /> +  <span class="toc-item"><a href="#s3.6"><span class="item-no">3.6</span>  Simple configuration directive for most <em>safe</em> HTML</a></span><br /> +  <span class="toc-item"><a href="#s3.7"><span class="item-no">3.7</span>  Using a hook function</a></span><br /> +  <span class="toc-item"><a href="#s3.8"><span class="item-no">3.8</span>  Obtaining <em>finalized</em> parameter values</a></span><br /> +  <span class="toc-item"><a href="#s3.9"><span class="item-no">3.9</span>  Retaining non-HTML tags in input with mixed markup</a></span><br /> +<span class="toc-item"><a href="#s4"><span class="item-no">4</span>  Other</a></span><br /> +  <span class="toc-item"><a href="#s4.1"><span class="item-no">4.1</span>  Support</a></span><br /> +  <span class="toc-item"><a href="#s4.2"><span class="item-no">4.2</span>  Known issues</a></span><br /> +  <span class="toc-item"><a href="#s4.3"><span class="item-no">4.3</span>  Change-log</a></span><br /> +  <span class="toc-item"><a href="#s4.4"><span class="item-no">4.4</span>  Testing</a></span><br /> +  <span class="toc-item"><a href="#s4.5"><span class="item-no">4.5</span>  Upgrade, & old versions</a></span><br /> +  <span class="toc-item"><a href="#s4.6"><span class="item-no">4.6</span>  Comparison with <span class="term">HTMLPurifier</span></a></span><br /> +  <span class="toc-item"><a href="#s4.7"><span class="item-no">4.7</span>  Use through application plug-ins/modules</a></span><br /> +  <span class="toc-item"><a href="#s4.8"><span class="item-no">4.8</span>  Use in non-PHP applications</a></span><br /> +  <span class="toc-item"><a href="#s4.9"><span class="item-no">4.9</span>  Donate</a></span><br /> +  <span class="toc-item"><a href="#s4.10"><span class="item-no">4.10</span>  Acknowledgements</a></span><br /> +<span class="toc-item"><a href="#s5"><span class="item-no">5</span>  Appendices</a></span><br /> +  <span class="toc-item"><a href="#s5.1"><span class="item-no">5.1</span>  Characters discouraged in HTML</a></span><br /> +  <span class="toc-item"><a href="#s5.2"><span class="item-no">5.2</span>  Valid attribute-element combinations</a></span><br /> +  <span class="toc-item"><a href="#s5.3"><span class="item-no">5.3</span>  CSS 2.1 properties accepting URLs</a></span><br /> +  <span class="toc-item"><a href="#s5.4"><span class="item-no">5.4</span>  Microsoft Windows 1252 character replacements</a></span><br /> +  <span class="toc-item"><a href="#s5.5"><span class="item-no">5.5</span>  URL format</a></span><br /> +  <span class="toc-item"><a href="#s5.6"><span class="item-no">5.6</span>  Brief on htmLawed code</a></span></div><!-- ended div toc --> + +<div id="body"> +<br /> +<div class="comment">htmLawed_README.txt, 16 July 2009<br /> +htmLawed 1.1.8.1, 16 July 2009 <br /> +Copyright Santosh Patnaik<br /> +GPL v3 license<br /> +A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a> </div> +<br /> + +<div class="section"><h2> +<a name="s1" id="s1"></a><span class="item-no">1</span>  About htmLawed +</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed is a highly customizable single-file PHP script to make text secure, and standard- and admin policy-compliant for use in the body of HTML 4, XHTML 1 or 1.1, or generic XML documents. It is thus a configurable input (X)HTML filter, processor, purifier, sanitizer, beautifier, etc., and an alternative to the <a href="http://tidy.sourceforge.net">HTMLTidy</a> application.<br /> +<br /> +  The <em>lawing in</em> of input text is needed to ensure that HTML code in the text is standard-compliant, does not introduce security vulnerabilities, and does not break the aesthetics, design or layout of web-pages. htmLawed tries to do this by, for example, making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting (<span class="term">XSS</span>) attacks, and allowing only specified HTML elements/tags and attributes.<br /> + +<div class="sub-section"><h3> +<a name="s1.1" id="s1.1"></a><span class="item-no">1.1</span>  Example uses +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  *  Filtering of text submitted as comments on blogs to allow only certain HTML elements<br /> +<br /> +  *  Making RSS/Atom newsfeed item-content standard-compliant: often one uses an excerpt from an HTML document for the content, and with unbalanced tags, non-numerical entities, etc., such excerpts may not be XML-compliant<br /> +<br /> +  *  Text processing for stricter XML standard-compliance: e.g., to have lowercased <span class="term">x</span> in hexadecimal numeric entities becomes necessary if an XHTML document with MathML content needs to be served as <span class="term">application/xml</span><br /> +<br /> +  *  Scraping text or data from web-pages<br /> +<br /> +  *  Pretty-printing HTML code<br /> + +</div> +<div class="sub-section"><h3> +<a name="s1.2" id="s1.2"></a><span class="item-no">1.2</span>  Features +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Key: <span class="term">*</span> security feature, <span class="term">^</span> standard compliance, <span class="term">~</span> requires setting right options, <span class="term">`</span> different from <span class="term">Kses</span><br /> +<br /> +  *  make input more <strong>secure</strong> and <strong>standard-compliant</strong><br /> +  *  use for HTML 4, XHTML 1.0 or 1.1, or even generic <strong>XML</strong> documents  ^~`<br /> +<br /> +  *  <strong>beautify</strong> or <strong>compact</strong> HTML  ^~`<br /> +<br /> +  *  <strong>restrict elements</strong>  ^~`<br /> +  *  proper closure of empty elements like <span class="term">img</span>  ^`<br /> +  *  <strong>transform deprecated elements</strong> like <span class="term">u</span>  ^~`<br /> +  *  HTML <strong>comments</strong> and <span class="term">CDATA</span> sections can be permitted  ^~`<br /> +  *  elements like <span class="term">script</span>, <span class="term">object</span> and <span class="term">form</span> can be permitted  ~<br /> +<br /> +  *  <strong>restrict attributes</strong>, including <strong>element-specifically</strong>  ^~`<br /> +  *  remove <strong>invalid attributes</strong>  ^`<br /> +  *  element and attribute names are <strong>lower-cased</strong>  ^<br /> +  *  provide <strong>required attributes</strong>, like <span class="term">alt</span> for <span class="term">image</span>  ^`<br /> +  *  <strong>transform deprecated attributes</strong>  ^~`<br /> +  *  attributes <strong>declared only once</strong>  ^`<br /> +<br /> +  *  <strong>restrict attribute values</strong>, including <strong>element-specifically</strong>  ^~`<br /> +  *  a value is declared for <em>empty</em> (<em>minimized</em>) attributes like <span class="term">checked</span>  ^<br /> +  *  check for potentially dangerous attribute values  *~<br /> +  *  ensure <strong>unique</strong> <span class="term">id</span> attribute values  ^~`<br /> +  *  <strong>double-quote</strong> attribute values  ^<br /> +  *  lower-case <strong>standard attribute values</strong> like <span class="term">password</span>  ^`<br /> +<br /> +  *  <strong>attribute-specific URL protocol/scheme restriction</strong>  *~`<br /> +  *  disable <strong>dynamic expressions</strong> in <span class="term">style</span> values  *~`<br /> +<br /> +  *  neutralize invalid named character entities  ^`<br /> +  *  <strong>convert</strong> hexadecimal numeric entities to decimal ones, or vice versa  ^~`<br /> +  *  convert named entities to numeric ones for generic XML use  ^~`<br /> +<br /> +  *  remove <strong>null</strong> characters  *<br /> +  *  neutralize potentially dangerous proprietary Netscape <strong>Javascript entities</strong>  *<br /> +  *  replace potentially dangerous <strong>soft-hyphen</strong> character in attribute values with spaces  *<br /> +<br /> +  *  remove common <strong>invalid characters</strong> not allowed in HTML or XML  ^`<br /> +  *  replace <strong>characters from Microsoft applications</strong> like <span class="term">Word</span> that are discouraged in HTML or XML  ^~`<br /> +  *  neutralize entities for characters invalid or discouraged in HTML or XML  ^`<br /> +  *  appropriately neutralize <span class="term"><</span>, <span class="term">&</span>, <span class="term">"</span>, and <span class="term">></span> characters  ^*`<br /> +<br /> +  *  understands improperly spaced tag content (like, spread over more than a line) and properly spaces them  `<br /> +  *  attempts to <strong>balance tags</strong> for well-formedness  ^~`<br /> +  *  understands when <strong>omitable closing tags</strong> like <span class="term"></p></span> (allowed in HTML 4, transitional, e.g.) are missing  ^~`<br /> +  *  attempts to permit only <strong>validly nested tags</strong>  ^~`<br /> +  *  option to <strong>remove or neutralize bad content</strong> ^~`<br /> +  *  attempts to <strong>rectify common errors of plain-text misplacement</strong> (e.g., directly inside <span class="term">blockquote</span>) ^~`<br /> +<br /> +  *  fast, <strong>non-OOP</strong> code of ~45 kb incurring peak basal memory usage of ~0.5 MB<br /> +  *  <strong>compatible</strong> with pre-existing code using <span class="term">Kses</span> (the filter used by <span class="term">WordPress</span>)<br /> +<br /> +  *  optional <strong>anti-spam</strong> measures such as addition of <span class="term">rel="nofollow"</span> and link-disabling  ~`<br /> +  *  optionally makes <strong>relative URLs absolute</strong>, and vice versa  ~`<br /> +<br /> +  *  optionally mark <span class="term">&</span> to identify the entities for <span class="term">&</span>, <span class="term"><</span> and <span class="term">></span> introduced by htmLawed  ~`<br /> +<br /> +  *  allows deployment of powerful <strong>hook functions</strong> to <strong>inject</strong> HTML, <strong>consolidate</strong> <span class="term">style</span> attributes to <span class="term">class</span>, finely check attribute values, etc.  ~`<br /> +<br /> +  *  <strong>independent of character encoding</strong> of input and does not affect it<br /> +<br /> +  *  <strong>tolerance for ill-written HTML</strong> to a certain degree<br /> + +</div> +<div class="sub-section"><h3> +<a name="s1.3" id="s1.3"></a><span class="item-no">1.3</span>  History +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed was developed for use with <span class="term">LabWiki</span>, a wiki software developed at PHP Labware, as a suitable software could not be found. Existing PHP software like <span class="term">Kses</span> and <span class="term">HTMLPurifier</span> were deemed inadequate, slow, resource-intensive, or dependent on external applications like <span class="term">HTML Tidy</span>.<br /> +<br /> +  htmLawed started as a modification of Ulf Harnhammar's <span class="term">Kses</span> (version 0.2.2) software, and is compatible with code that uses <span class="term">Kses</span>; see <a href="#s2.6">section 2.6</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s1.4" id="s1.4"></a><span class="item-no">1.4</span>  License & copyright +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed is free and open-source software licensed under GPL license version <a href="http://www.gnu.org/licenses/gpl-3.0.txt">3</a>, and copyrighted by Santosh Patnaik, MD, PhD.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s1.5" id="s1.5"></a><span class="item-no">1.5</span>  Terms used here +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  *  <em>administrator</em> - or admin; person setting up the code to pass input through htmLawed; also, <em>user</em><br /> +  *  <em>attributes</em> - name-value pairs like <span class="term">href="http://x.com"</span> in opening tags<br /> +  *  <em>author</em> - <em>writer</em><br /> +  *  <em>character</em> - atomic unit of text; internally represented by a numeric <em>code-point</em> as specified by the <em>encoding</em> or <em>charset</em> in use<br /> +  *  <em>entity</em> - markup like <span class="term">&gt;</span> and <span class="term">&#160;</span> used to refer to a character<br /> +  *  <em>element</em> - HTML element like <span class="term">a</span> and <span class="term">img</span><br /> +  *  <em>element content</em> -  content between the opening and closing tags of an element, like <span class="term">click</span> of <span class="term"><a href="x">click</a></span><br /> +  *  <em>HTML</em> - implies XHTML unless specified otherwise<br /> +  *  <em>input</em> - text string given to htmLawed to process<br /> +  *  <em>processing</em> - involves filtering, correction, etc., of input<br /> +  *  <em>safe</em> - absence or reduction of certain characters and HTML elements and attributes in the input that can otherwise potentially and circumstantially expose web-site users to security vulnerabilities like cross-site scripting attacks (XSS)<br /> +  *  <em>scheme</em> - URL protocol like <span class="term">http</span> and <span class="term">ftp</span><br /> +  *  <em>specs</em> - standard specifications<br /> +  *  <em>style property</em> - terms like <span class="term">border</span> and <span class="term">height</span> for which declarations are made in values for the <span class="term">style</span> attribute of elements<br /> +  *  <em>tag</em> - markers like <span class="term"><a href="x"></span> and <span class="term"></a></span> delineating element content; the opening tag can contain attributes<br /> +  *  <em>tag content</em> - consists of tag markers <span class="term"><</span> and <span class="term">></span>, element names like <span class="term">div</span>, and possibly attributes<br /> +  *  <em>user</em> - administrator<br /> +  *  <em>writer</em> - end-user like a blog commenter providing the input that is to be processed; also, <em>author</em><br /> + +</div> +</div> +<div class="section"><h2> +<a name="s2" id="s2"></a><span class="item-no">2</span>  Usage +</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed should work with PHP 4.3 and higher. Either <span class="term">include()</span> the <span class="term">htmLawed.php</span> file or copy-paste the entire code.<br /> +<br /> +  To easily <strong>test</strong> htmLawed using a form-based interface, use the provided <a href="htmLawedTest.php">demo</a> (<span class="term">htmLawed.php</span> and <span class="term">htmLawedTest.php</span> should be in the same directory on the web-server).<br /> + +<div class="sub-section"><h3> +<a name="s2.1" id="s2.1"></a><span class="item-no">2.1</span>  Simple +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  The input text to be processed, <span class="term">$text</span>, is passed as an argument of type string; <span class="term">htmLawed()</span> returns the processed string:<br /> +<br /> + +<code class="code">    $processed = htmLawed($text);</code> +<br /> +<br /> +  <strong>Note</strong>: If input is from a <span class="term">$_GET</span> or <span class="term">$_POST</span> value, and <span class="term">magic quotes</span> are enabled on the PHP setup, run <span class="term">stripslashes()</span> on the input before passing to htmLawed.<br /> +<br /> +  By default, htmLawed will process the text allowing all valid HTML elements/tags, secure URL scheme/CSS style properties, etc. It will allow <span class="term">CDATA</span> sections and HTML comments, balance tags, and ensure proper nesting of elements. Such actions can be configured using two other optional arguments -- <span class="term">$config</span> and <span class="term">$spec</span>:<br /> +<br /> + +<code class="code">    $processed = htmLawed($text, $config, $spec);</code> +<br /> +<br /> +  These extra parameters are detailed below. Some examples are shown in <a href="#s2.9">section 2.9</a>.<br /> +<br /> +  <strong>Note</strong>: For maximum protection against <span class="term">XSS</span> and other scripting attacks (e.g., by disallowing Javascript code), consider using the <span class="term">safe</span> parameter; see <a href="#s3.6">section 3.6</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.2" id="s2.2"></a><span class="item-no">2.2</span>  Configuring htmLawed using the <span class="term">$config</span> parameter +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  <span class="term">$config</span> instructs htmLawed on how to tackle certain tasks. When <span class="term">$config</span> is not specified, or not set as an array (e.g., <span class="term">$config = 1</span>), htmLawed will take default actions. One or many of the task-action or value-specification pairs can be specified in <span class="term">$config</span> as array key-value pairs. If a parameter is not specified, htmLawed will use the default value/action indicated further below.<br /> +<br /> + +<code class="code">    $config = array('comment'=>0, 'cdata'=>1);</code> +<br /> + +<code class="code">    $processed = htmLawed($text, $config);</code> +<br /> +<br /> +  Or,<br /> +<br /> + +<code class="code">    $processed = htmLawed($text, array('comment'=>0, 'cdata'=>1));</code> +<br /> +<br /> +  Below are the possible value-specification combinations. In PHP code, values that are integers should not be quoted and should be used as numeric types (unless meant as string/text).<br /> +<br /> +  Key: <span class="term">*</span> default, <span class="term">^</span> different default when htmLawed is used in the Kses-compatible mode (see <a href="#s2.6">section 2.6</a>), <span class="term">~</span> different default when <span class="term">valid_xhtml</span> is set to <span class="term">1</span> (see <a href="#s3.5">section 3.5</a>), <span class="term">"</span> different default when <span class="term">safe</span> is set to <span class="term">1</span> (see <a href="#s3.6">section 3.6</a>)<br /> +<br /> +  <strong>abs_url</strong><br /> +  Make URLs absolute or relative; <span class="term">$config["base_url"]</span> needs to be set; see <a href="#s3.4.4">section 3.4.4</a><br /> +<br /> +  <span class="term">-1</span> - make relative<br /> +  <span class="term">0</span> - no action  *<br /> +  <span class="term">1</span> - make absolute<br /> +<br /> +  <strong>and_mark</strong><br /> +  Mark <span class="term">&</span> characters in the original input; see <a href="#s3.2">section 3.2</a><br /> +<br /> +  <strong>anti_link_spam</strong><br /> +  Anti-link-spam measure; see <a href="#s3.4.7">section 3.4.7</a><br /> +<br /> +  <span class="term">0</span> - no measure taken  *<br /> +  <span class="term">array("regex1", "regex2")</span> - will ensure a <span class="term">rel</span> attribute with <span class="term">nofollow</span> in its value in case the <span class="term">href</span> attribute value matches the regular expression pattern <span class="term">regex1</span>, and/or will remove <span class="term">href</span> if its value matches the regular expression pattern <span class="term">regex2</span>. E.g., <span class="term">array("/./", "/://\W*(?!(abc\.com|xyz\.org))/")</span>; see <a href="#s3.4.7">section 3.4.7</a> for more.<br /> +<br /> +  <strong>anti_mail_spam</strong><br /> +  Anti-mail-spam measure; see <a href="#s3.4.7">section 3.4.7</a><br /> +<br /> +  <span class="term">0</span> - no measure taken  *<br /> +  <span class="term">word</span> - <span class="term">@</span> in mail address in <span class="term">href</span> attribute value is replaced with specified <span class="term">word</span><br /> +<br /> +  <strong>balance</strong><br /> +  Balance tags for well-formedness and proper nesting; see <a href="#s3.3.3">section 3.3.3</a><br /> +<br /> +  <span class="term">0</span> - no<br /> +  <span class="term">1</span> - yes  *<br /> +<br /> +  <strong>base_url</strong><br /> +  Base URL value that needs to be set if <span class="term">$config["abs_url"]</span> is not <span class="term">0</span>; see <a href="#s3.4.4">section 3.4.4</a><br /> +<br /> +  <strong>cdata</strong><br /> +  Handling of <span class="term">CDATA</span> sections; see <a href="#s3.3.1">section 3.3.1</a><br /> +<br /> +  <span class="term">0</span> - don't consider <span class="term">CDATA</span> sections as markup and proceed as if plain text  ^"<br /> +  <span class="term">1</span> - remove<br /> +  <span class="term">2</span> - allow, but neutralize any <span class="term"><</span>, <span class="term">></span>, and <span class="term">&</span> inside by converting them to named entities<br /> +  <span class="term">3</span> - allow  *<br /> +<br /> +  <strong>clean_ms_char</strong><br /> +  Replace discouraged characters introduced by Microsoft Word, etc.; see <a href="#s3.1">section 3.1</a><br /> +<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> - yes<br /> +  <span class="term">2</span> - yes, but replace special single & double quotes with ordinary ones<br /> +<br /> +  <strong>comment</strong><br /> +  Handling of HTML comments; see <a href="#s3.3.1">section 3.3.1</a><br /> +<br /> +  <span class="term">0</span> - don't consider comments as markup and proceed as if plain text  ^"<br /> +  <span class="term">1</span> - remove<br /> +  <span class="term">2</span> - allow, but neutralize any <span class="term"><</span>, <span class="term">></span>, and <span class="term">&</span> inside by converting to named entities<br /> +  <span class="term">3</span> - allow  *<br /> +<br /> +  <strong>css_expression</strong><br /> +  Allow dynamic CSS expression by not removing the expression from CSS property values in <span class="term">style</span> attributes; see <a href="#s3.4.8">section 3.4.8</a><br /> +<br /> +  <span class="term">0</span> - remove  *<br /> +  <span class="term">1</span> - allow<br /> +<br /> +  <strong>deny_attribute</strong><br /> +  Denied HTML attributes; see <a href="#s3.4">section 3.4</a><br /> +<br /> +  <span class="term">0</span> - none  *<br /> +  <span class="term">string</span> - dictated by values in <span class="term">string</span><br /> +  <span class="term">on*</span> (like <span class="term">onfocus</span>) attributes not allowed - "<br /> +<br /> +  <strong>elements</strong><br /> +  Allowed HTML elements; see <a href="#s3.3">section 3.3</a><br /> +<br /> +  <span class="term">* -center -dir -font -isindex -menu -s -strike -u</span> -  ~<br /> +  <span class="term">applet, embed, iframe, object, script</span> not allowed - "<br /> +<br /> +  <strong>hexdec_entity</strong><br /> +  Allow hexadecimal numeric entities and do not convert to the more widely accepted decimal ones, or convert decimal to hexadecimal ones; see <a href="#s3.2">section 3.2</a><br /> +<br /> +  <span class="term">0</span> - no<br /> +  <span class="term">1</span> - yes  *<br /> +  <span class="term">2</span> - convert decimal to hexadecimal ones<br /> +<br /> +  <strong>hook</strong><br /> +  Name of an optional hook function to alter the input string, <span class="term">$config</span> or <span class="term">$spec</span> before htmLawed starts its main work; see <a href="#s3.7">section 3.7</a><br /> +<br /> +  <span class="term">0</span> - no hook function  *<br /> +  <span class="term">name</span> - <span class="term">name</span> is name of the hook function (<span class="term">kses_hook</span>  ^)<br /> +<br /> +  <strong>hook_tag</strong><br /> +  Name of an optional hook function to alter tag content finalized by htmLawed; see <a href="#s3.4.9">section 3.4.9</a><br /> +<br /> +  <span class="term">0</span> - no hook function  *<br /> +  <span class="term">name</span> - <span class="term">name</span> is name of the hook function<br /> +<br /> +  <strong>keep_bad</strong><br /> +  Neutralize bad tags by converting <span class="term"><</span> and <span class="term">></span> to entities, or remove them; see <a href="#s3.3.3">section 3.3.3</a><br /> +<br /> +  <span class="term">0</span> - remove  ^<br /> +  <span class="term">1</span> - neutralize both tags and element content<br /> +  <span class="term">2</span> - remove tags but neutralize element content<br /> +  <span class="term">3</span> and <span class="term">4</span> - like <span class="term">1</span> and <span class="term">2</span> but remove if text (<span class="term">pcdata</span>) is invalid in parent element<br /> +  <span class="term">5</span> and <span class="term">6</span> * -  like <span class="term">3</span> and <span class="term">4</span> but line-breaks, tabs and spaces are left<br /> +<br /> +  <strong>lc_std_val</strong><br /> +  For XHTML compliance, predefined, standard attribute values, like <span class="term">get</span> for the <span class="term">method</span> attribute of <span class="term">form</span>, must be lowercased; see <a href="#s3.4.5">section 3.4.5</a><br /> +<br /> +  <span class="term">0</span> - no<br /> +  <span class="term">1</span> - yes  *<br /> +<br /> +  <strong>make_tag_strict</strong><br /> +  Transform/remove these non-strict XHTML elements, even if they are allowed by the admin: <span class="term">applet</span> <span class="term">center</span> <span class="term">dir</span> <span class="term">embed</span> <span class="term">font</span> <span class="term">isindex</span> <span class="term">menu</span> <span class="term">s</span> <span class="term">strike</span> <span class="term">u</span>; see <a href="#s3.3.2">section 3.3.2</a><br /> +<br /> +  <span class="term">0</span> - no  ^<br /> +  <span class="term">1</span> - yes, but leave <span class="term">applet</span>, <span class="term">embed</span> and <span class="term">isindex</span> elements that currently can't be transformed  *<br /> +  <span class="term">2</span> - yes, removing <span class="term">applet</span>, <span class="term">embed</span> and <span class="term">isindex</span> elements and their contents (nested elements remain)  ~<br /> +<br /> +  <strong>named_entity</strong><br /> +  Allow non-universal named HTML entities, or convert to numeric ones; see <a href="#s3.2">section 3.2</a><br /> +<br /> +  <span class="term">0</span> - convert<br /> +  <span class="term">1</span> - allow  *<br /> +<br /> +  <strong>no_deprecated_attr</strong><br /> +  Allow deprecated attributes or transform them; see <a href="#s3.4.6">section 3.4.6</a><br /> +<br /> +  <span class="term">0</span> - allow  ^<br /> +  <span class="term">1</span> - transform, but <span class="term">name</span> attributes for <span class="term">a</span> and <span class="term">map</span> are retained  *<br /> +  <span class="term">2</span> - transform<br /> +<br /> +  <strong>parent</strong><br /> +  Name of the parent element, possibly imagined, that will hold the input; see <a href="#s3.3">section 3.3</a><br /> +<br /> +  <strong>safe</strong><br /> +  Magic parameter to make input the most secure against XSS without needing to specify other relevant <span class="term">$config</span> parameters; see <a href="#s3.6">section 3.6</a><br /> +<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> - will auto-adjust other relevant <span class="term">$config</span> parameters (indicated by <span class="term">"</span> in this list)<br /> +<br /> +  <strong>schemes</strong><br /> +  Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; <span class="term">*</span> covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br /> +<br /> +  <span class="term">href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https</span>  *<br /> +  <span class="term">*: ftp, gopher, http, https, mailto, news, nntp, telnet</span>  ^<br /> +  <span class="term">href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https</span>  "<br /> +<br /> +  <strong>show_setting</strong><br /> +  Name of a PHP variable to assign the <em>finalized</em> <span class="term">$config</span> and <span class="term">$spec</span> values; see <a href="#s3.8">section 3.8</a><br /> +<br /> +  <strong>style_pass</strong><br /> +  Do not look at <span class="term">style</span> attribute values, letting them through without any alteration<br /> +<br /> +  <span class="term">0</span> - no *<br /> +  <span class="term">1</span> - htmLawed will let through any <span class="term">style</span> value; see <a href="#s3.4.8">section 3.4.8</a><br /> +<br /> +  <strong>tidy</strong><br /> +  Beautify or compact HTML code; see <a href="#s3.3.5">section 3.3.5</a><br /> +<br /> +  <span class="term">-1</span> - compact<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> or <span class="term">string</span> - beautify (custom format specified by <span class="term">string</span>)<br /> +<br /> +  <strong>unique_ids</strong><br /> +  <span class="term">id</span> attribute value checks; see <a href="#s3.4.2">section 3.4.2</a><br /> +<br /> +  <span class="term">0</span> - no  ^<br /> +  <span class="term">1</span> - remove duplicate and/or invalid ones  *<br /> +  <span class="term">word</span> - remove invalid ones and replace duplicate ones with new and unique ones based on the <span class="term">word</span>; the admin-specified <span class="term">word</span>, like <span class="term">my_</span>, should begin with a letter (a-z) and can contain letters, digits, <span class="term">.</span>, <span class="term">_</span>, <span class="term">-</span>, and <span class="term">:</span>.<br /> +<br /> +  <strong>valid_xhtml</strong><br /> +  Magic parameter to make input the most valid XHTML without needing to specify other relevant <span class="term">$config</span> parameters; see <a href="#s3.5">section 3.5</a><br /> +<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> - will auto-adjust other relevant <span class="term">$config</span> parameters (indicated by <span class="term">~</span> in this list)<br /> +<br /> +  <strong>xml:lang</strong><br /> +  Auto-adding <span class="term">xml:lang</span> attribute; see <a href="#s3.4.1">section 3.4.1</a><br /> +<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> - add if <span class="term">lang</span> attribute is present<br /> +  <span class="term">2</span> - add if <span class="term">lang</span> attribute is present, and remove <span class="term">lang</span>  ~<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.3" id="s2.3"></a><span class="item-no">2.3</span>  Extra HTML specifications using the $spec parameter +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  The <span class="term">$spec</span> argument can be used to disallow an otherwise legal attribute for an element, or to restrict the attribute's values. This can also be helpful as a security measure (e.g., in certain versions of browsers, certain values can cause buffer overflows and denial of service attacks), or in enforcing admin policy compliance. <span class="term">$spec</span> is specified as a string of text containing one or more <em>rules</em>, with multiple rules separated from each other by a semi-colon (<span class="term">;</span>). E.g.,<br /> +<br /> + +<code class="code">    $spec = 'i=-*; td, tr=style, id, -*; a=id(match="/[a-z][a-z\d.:\-`"]*/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt';</code> +<br /> + +<code class="code">    $processed = htmLawed($text, $config, $spec);</code> +<br /> +<br /> +  Or,<br /> +<br /> + +<code class="code">    $processed = htmLawed($text, $config, 'i=-*; td, tr=style, id, -*; a=id(match="/[a-z][a-z\d.:\-`"]*/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt');</code> +<br /> +<br /> +  A rule begins with an HTML <strong>element</strong> name(s) (<em>rule-element</em>), for which the rule applies, followed by an equal (<span class="term">=</span>) sign. A rule-element may represent multiple elements if comma (,)-separated element names are used. E.g., <span class="term">th,td,tr=</span>.<br /> +<br /> +  Rest of the rule consists of comma-separated HTML <strong>attribute names</strong>. A minus (<span class="term">-</span>) character before an attribute means that the attribute is not permitted inside the rule-element. E.g., <span class="term">-width</span>. To deny all attributes, <span class="term">-*</span> can be used.<br /> +<br /> +  Following shows examples of rule excerpts with rule-element <span class="term">a</span> and the attributes that are being permitted:<br /> +<br /> +  *  <span class="term">a=</span> - all<br /> +  *  <span class="term">a=id</span> - all<br /> +  *  <span class="term">a=href, title, -id, -onclick</span> - all except <span class="term">id</span> and <span class="term">onclick</span><br /> +  *  <span class="term">a=*, id, -id</span> - all except <span class="term">id</span><br /> +  *  <span class="term">a=-*</span> - none<br /> +  *  <span class="term">a=-*, href, title</span> - none except <span class="term">href</span> and <span class="term">title</span><br /> +  *  <span class="term">a=-*, -id, href, title</span> - none except <span class="term">href</span> and <span class="term">title</span><br /> +<br /> +  Rules regarding <strong>attribute values</strong> are optionally specified inside round brackets after attribute names in slash ('/')-separated <em>parameter = value</em> pairs. E.g., <span class="term">title(maxlen=30/minlen=5)</span>. None, or one or more of the following parameters may be specified:<br /> +<br /> +  *  <span class="term">oneof</span> - one or more choices separated by <span class="term">|</span> that the value should match; if only one choice is provided, then the value must match that choice<br /> +<br /> +  *  <span class="term">noneof</span> - one or more choices separated by <span class="term">|</span> that the value should not match<br /> +<br /> +  *  <span class="term">maxlen</span> and <span class="term">minlen</span> - upper and lower limits for the number of characters in the attribute value; specified in numbers<br /> +<br /> +  *  <span class="term">maxval</span> and <span class="term">minval</span> - upper and lower limits for the numerical value specified in the attribute value; specified in numbers<br /> +<br /> +  *  <span class="term">match</span> and <span class="term">nomatch</span> - pattern that the attribute value should or should not match; specified as PHP/PCRE-compatible regular expressions with delimiters and possibly modifiers<br /> +<br /> +  *  <span class="term">default</span> - a value to force on the attribute if the value provided by the writer does not fit any of the specified parameters<br /> +<br /> +  If <span class="term">default</span> is not set and the attribute value does not satisfy any of the specified parameters, then the attribute is removed. The <span class="term">default</span> value can also be used to force all attribute declarations to take the same value (by getting the values declared illegal by setting, e.g., <span class="term">maxlen</span> to <span class="term">-1</span>).<br /> +<br /> +  Examples with <em>input</em> <span class="term"><input title="WIDTH" value="10em" /><input title="length" value="5" /></span> are shown below.<br /> +<br /> +  <em>Rule</em>: <span class="term">input=title(maxlen=60/minlen=6), value</span><br /> +  <em>Output</em>: <span class="term"><input value="10em" /><input title="length" value="5" /></span><br /> +<br /> +  <em>Rule</em>: <span class="term">input=title(), value(maxval=8/default=6)</span><br /> +  <em>Output</em>: <span class="term"><input title="WIDTH" value="6" /><input title="length" value="5" /></span><br /> +<br /> +  <em>Rule</em>: <span class="term">input=title(nomatch=$w.d$i), value(match=$em$/default=6em)</span><br /> +  <em>Output</em>: <span class="term"><input value="10em" /><input title="length" value="6em" /></span><br /> +<br /> +  <em>Rule</em>: <span class="term">input=title(oneof=height|depth/default=depth), value(noneof=5|6)</span><br /> +  <em>Output</em>: <span class="term"><input title="depth" value="10em" /><input title="depth" /></span><br /> +<br /> +  <strong>Special characters</strong>: The characters <span class="term">;</span>, <span class="term">,</span>, <span class="term">/</span>, <span class="term">(</span>, <span class="term">)</span>, <span class="term">|</span>, <span class="term">~</span> and space have special meanings in the rules. Words in the rules that use such characters, or the characters themselves, should be <em>escaped</em> by enclosing in pairs of double-quotes (<span class="term">"</span>). A back-tick (<span class="term">`</span>) can be used to escape a literal <span class="term">"</span>. An example rule illustrating this is <span class="term">input=value(maxlen=30/match="/^\w/"/default="your `"ID`"")</span>.<br /> +<br /> +  <strong>Note</strong>: To deny an attribute for all elements for which it is legal, <span class="term">$config["deny_attribute"]</span> (see <a href="#s3.4">section 3.4</a>) can be used instead of <span class="term">$spec</span>. Also, attributes can be allowed element-specifically through <span class="term">$spec</span> while being denied globally through <span class="term">$config["deny_attribute"]</span>. The <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>) can also be used to implement the <span class="term">$spec</span> functionality.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.4" id="s2.4"></a><span class="item-no">2.4</span>  Performance time & memory usage +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  The time and memory used by htmLawed depends on its configuration and the size of the input, and the amount, nestedness and well-formedness of the HTML markup within it. In particular, tag balancing and beautification each can increase the processing time by about a quarter.<br /> +<br /> +  The htmLawed <a href="htmLawedTest.php">demo</a> can be used to evaluate the performance and effects of different types of input and <span class="term">$config</span>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.5" id="s2.5"></a><span class="item-no">2.5</span>  Some security risks to keep in mind +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em> HTML code. (This may not be a problem if the authors are trusted.)<br /> +<br /> +  For example, following increase security risks:<br /> +<br /> +  *  Allowing <span class="term">script</span>, <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span> or <span class="term">object</span> elements, or certain of their attributes like <span class="term">allowscriptaccess</span><br /> +<br /> +  *  Allowing HTML comments (some Internet Explorer versions are vulnerable with, e.g., <span class="term"><!--[if gte IE 4]><script>alert("xss");</script><![endif]--></span><br /> +<br /> +  *  Allowing dynamic CSS expressions (a feature of the IE browser)<br /> +<br /> +  <em>Unsafe</em> HTML can be removed by setting <span class="term">$config</span> appropriately. E.g., <span class="term">$config["elements"] = "* -script"</span> (<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span> (<a href="#s3.6">section 3.6</a>), etc.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.6" id="s2.6"></a><span class="item-no">2.6</span>  Use without modifying old <span class="term">kses()</span> code +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  The <span class="term">Kses</span> PHP script is used by many applications (like <span class="term">WordPress</span>). It is possible to have such applications use htmLawed instead, since it is compatible with code that calls the <span class="term">kses()</span> function declared in the <span class="term">Kses</span> file (usually named <span class="term">kses.php</span>). E.g., application code like this will continue to work after replacing <span class="term">Kses</span> with htmLawed:<br /> +<br /> + +<code class="code">    $comment_filtered = kses($comment_input, array('a'=>array(), 'b'=>array(), 'i'=>array()));</code> +<br /> +<br /> +  For some of the <span class="term">$config</span> parameters, htmLawed will use values other than the default ones. These are indicated by <span class="term">^</span> in <a href="#s2.2">section 2.2</a>. To force htmLawed to use other values, function <span class="term">kses()</span> in the htmLawed code should be edited -- a few configurable parameters/variables need to be changed.<br /> +<br /> +  If the application uses a <span class="term">Kses</span> file that has the <span class="term">kses()</span> function declared, then, to have the application use htmLawed instead of <span class="term">Kses</span>, simply rename <span class="term">htmLawed.php</span> (to <span class="term">kses.php</span>, e.g.) and replace the <span class="term">Kses</span> file (or just replace the code in the <span class="term">Kses</span> file with the htmLawed code). If the <span class="term">kses()</span> function in the <span class="term">Kses</span> file had been renamed by the application developer (e.g., in <span class="term">WordPress</span>, it is named <span class="term">wp_kses()</span>), then appropriately rename the <span class="term">kses()</span> function in the htmLawed code.<br /> +<br /> +  If the <span class="term">Kses</span> file used by the application has been highly altered by the application developers, then one may need a different approach. E.g., with <span class="term">WordPress</span>, it is best to copy the htmLawed code to <span class="term">wp_includes/kses.php</span>, rename the newly added function <span class="term">kses()</span> to <span class="term">wp_kses()</span>, and delete the code for the original <span class="term">wp_kses()</span> function.<br /> +<br /> +  If the <span class="term">Kses</span> code has a non-empty hook function (e.g., <span class="term">wp_kses_hook()</span> in case of <span class="term">WordPress</span>), then the code for htmLawed's <span class="term">kses_hook()</span> function should be appropriately edited. However, the requirement of the hook function should be re-evaluated considering that htmLawed has extra capabilities. With <span class="term">WordPress</span>, the hook function is an essential one. The following code is suggested for the htmLawed <span class="term">kses_hook()</span> in case of <span class="term">WordPress</span>:<br /> +<br /> + +<code class="code">    function kses_hook($string, &$cf, &$spec){</code> +<br /> + +<code class="code">    // kses compatibility</code> +<br /> + +<code class="code">    $allowed_html = $spec;</code> +<br /> + +<code class="code">    $allowed_protocols = array();</code> +<br /> + +<code class="code">    foreach($cf['schemes'] as $v){</code> +<br /> + +<code class="code">     foreach($v as $k2=>$v2){</code> +<br /> + +<code class="code">      if(!in_array($k2, $allowed_protocols)){</code> +<br /> + +<code class="code">       $allowed_protocols[] = $k2;</code> +<br /> + +<code class="code">      }</code> +<br /> + +<code class="code">     }</code> +<br /> + +<code class="code">    }</code> +<br /> + +<code class="code">    return wp_kses_hook($string, $allowed_html, $allowed_protocols);</code> +<br /> + +<code class="code">    // eof</code> +<br /> + +<code class="code">    }</code> +<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.7" id="s2.7"></a><span class="item-no">2.7</span>  Tolerance for ill-written HTML +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed can work with ill-written HTML code in the input. However, HTML that is too ill-written may not be <em>read</em> as HTML, and be considered mere plain text instead. Following statements indicate the degree of <em>looseness</em> that htmLawed can work with, and can be provided in instructions to writers:<br /> +<br /> +  *  Tags must be flanked by <span class="term"><</span> and <span class="term">></span> with no <span class="term">></span> inside -- any needed <span class="term">></span> should be put in as <span class="term">&gt;</span>. It is possible for tag content (element name and attributes) to be spread over many lines instead of being on one. A space may be present between the tag content and <span class="term">></span>, like <span class="term"><div ></span> and <span class="term"><img / ></span>, but not after the <span class="term"><</span>.<br /> +<br /> +  *  Element and attribute names need not be lower-cased.<br /> +<br /> +  *  Attribute string of elements may be liberally spaced with tabs, line-breaks, etc.<br /> +<br /> +  *  Attribute values may not be double-quoted, or may be single-quoted.<br /> +<br /> +  *  Left-padding of numeric entities (like, <span class="term">&#0160;</span>, <span class="term">&x07ff;</span>) with <span class="term">0</span> is okay as long as the number of characters between between the <span class="term">&</span> and the <span class="term">;</span> does not exceed 8. All entities must end with <span class="term">;</span> though.<br /> +<br /> +  *  Named character entities must be properly cased. E.g., <span class="term">&Lt;</span> or <span class="term">&TILDE;</span> will not be let through without modification.<br /> +<br /> +  *  HTML comments should not be inside element tags (okay between tags), and should begin with <span class="term"><!--</span> and end with <span class="term">--></span>. Characters like <span class="term"><</span>, <span class="term">></span>, and <span class="term">&</span> may be allowed inside depending on <span class="term">$config</span>, but any <span class="term">--></span> inside should be put in as <span class="term">--&gt;</span>. Any <span class="term">--</span> inside will be automatically converted to <span class="term">-</span>, and a space will be added before the comment delimiter <span class="term">--></span>.<br /> +<br /> +  *  <span class="term">CDATA</span> sections should not be inside element tags, and can be in element content only if plain text is allowed for that element. They should begin with <span class="term"><[CDATA[</span> and end with <span class="term">]]></span>. Characters like <span class="term"><</span>, <span class="term">></span>, and <span class="term">&</span> may be allowed inside depending on <span class="term">$config</span>, but any <span class="term">]]></span> inside should be put in as <span class="term">]]&gt;</span>.<br /> +<br /> +  *  For attribute values, character entities <span class="term">&lt;</span>, <span class="term">&gt;</span> and <span class="term">&amp;</span> should be used instead of characters <span class="term"><</span> and <span class="term">></span>, and <span class="term">&</span> (when <span class="term">&</span> is not part of a character entity). This applies even for Javascript code in values of attributes like <span class="term">onclick</span>.<br /> +<br /> +  *  Characters <span class="term"><</span>, <span class="term">></span>, <span class="term">&</span> and <span class="term">"</span> that are part of actual Javascript, etc., code in <span class="term">script</span> elements should be used as such and not be put in as entities like <span class="term">&gt;</span>. Otherwise, though the HTML will be valid, the code may fail to work. Further, if such characters have to be used, then they should be put inside <span class="term">CDATA</span> sections.<br /> +<br /> +  *  Simple instructions like "an opening tag cannot be present between two closing tags" and "nested elements should be closed in the reverse order of how they were opened" can help authors write balanced HTML. If tags are imbalanced, htmLawed will try to balance them, but in the process, depending on <span class="term">$config["keep_bad"]</span>, some code/text may be lost.<br /> +<br /> +  *  Input authors should be notified of admin-specified allowed elements, attributes, configuration values (like conversion of named entities to numeric ones), etc.<br /> +<br /> +  *  With <span class="term">$config["unique_ids"]</span> not <span class="term">0</span> and the <span class="term">id</span> attribute being permitted, writers should carefully avoid using duplicate or invalid <span class="term">id</span> values as even though htmLawed will correct/remove the values, the final output may not be the one desired. E.g., when <span class="term"><a id="home"></a><input id="home" /><label for="home"></label></span> is processed into<br /> +<span class="term"><a id="home"></a><input id="prefix_home" /><label for="home"></label></span>.<br /> +<br /> +  *  Note that even if intended HTML is lost in a highly ill-written input, the processed output will be more secure and standard-compliant.<br /> +<br /> +  *  For URLs, unless <span class="term">$config["scheme"]</span> is appropriately set, writers should avoid using escape characters or entities in schemes. E.g., <span class="term">htt&#112;</span> (which many browsers will read as the harmless <span class="term">http</span>) may be considered bad by htmLawed.<br /> +<br /> +  *  htmLawed will attempt to put plain text present directly inside <span class="term">blockquote</span>, <span class="term">form</span>, <span class="term">map</span> and <span class="term">noscript</span> elements (illegal as per the specs) inside auto-generated <span class="term">div</span> elements.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.8" id="s2.8"></a><span class="item-no">2.8</span>  Limitations & work-arounds +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed's main objective is to make the input text <em>more</em> standard-compliant, secure for web-page readers, and free of HTML elements and attributes considered undesirable by the administrator. Some of its current limitations, regardless of this objective, are noted below along with work-arounds.<br /> +<br /> +  It should be borne in mind that no browser application is 100% standard-compliant, and that some of the standard specs (like asking for normalization of white-spacing within <span class="term">textarea</span> elements) are clearly wrong. Regarding security, note that <em>unsafe</em> HTML code is not necessarily legally invalid.<br /> +<br /> +  *  htmLawed is meant for input that goes into the <span class="term">body</span> of HTML documents. HTML's head-level elements are not supported, nor are the frameset elements <span class="term">frameset</span>, <span class="term">frame</span> and <span class="term">noframes</span>.<br /> +<br /> +  *  It cannot transform the non-standard <span class="term">embed</span> elements to the standard-compliant <span class="term">object</span> elements. Yet, it can allow <span class="term">embed</span> elements if permitted (<span class="term">embed</span> is widely used and supported). Admins can certainly use the <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>) to deploy a custom embed-to-object converter function.<br /> +<br /> +  *  The only non-standard element that may be permitted is <span class="term">embed</span>; others like <span class="term">noembed</span> and <span class="term">nobr</span> cannot be permitted without modifying the htmLawed code.<br /> +<br /> +  *  It cannot handle input that has non-HTML code like <span class="term">SVG</span> and <span class="term">MathML</span>. One way around is to break the input into pieces and passing only those without non-HTML code to htmLawed. Another is described in <a href="#s3.9">section 3.9</a>. A third way may be to some how take advantage of the <span class="term">$config["and_mark"]</span> parameter (see <a href="#s3.2">section 3.2</a>).<br /> +<br /> +  *  By default, htmLawed won't check many attribute values for standard compliance. E.g., <span class="term">width="20m"</span> with the dimension in non-standard <span class="term">m</span> is let through. Implementing universal and strict attribute value checks can make htmLawed slow and resource-intensive. Admins should look at the <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>) or <span class="term">$spec</span> to enforce finer checks.<br /> +<br /> +  *  The attributes, deprecated (which can be transformed too) or not, that it supports are largely those that are in the specs. Only a few of the proprietary attributes are supported.<br /> +<br /> +  *  Except for contained URLs and dynamic expressions (also optional), htmLawed does not check CSS style property values. Admins should look at using the <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>) or <span class="term">$spec</span> for finer checks. Perhaps the best option is to disallow <span class="term">style</span> but allow <span class="term">class</span> attributes with the right <span class="term">oneof</span> or <span class="term">match</span> values for <span class="term">class</span>, and have the various class style properties in <span class="term">.css</span> CSS stylesheet files.<br /> +<br /> +  *  htmLawed does not parse emoticons, decode <em>BBcode</em>, or <em>wikify</em>, auto-converting text to proper HTML. Similarly, it won't convert line-breaks to <span class="term">br</span> elements. Such functions are beyond its purview. Admins should use other code to pre- or post-process the input for such purposes.<br /> +<br /> +  *  htmLawed cannot be used to have links force-opened in new windows (by auto-adding appropriate <span class="term">target</span> and <span class="term">onclick</span> attributes to <span class="term">a</span>). Admins should look at Javascript-based DOM-modifying solutions for this. Admins may also be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span> parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  *  Nesting-based checks are not possible. E.g., one cannot disallow <span class="term">p</span> elements specifically inside <span class="term">td</span> while permitting it elsewhere. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span> parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  *  Except for optionally converting absolute or relative URLs to the other type, htmLawed will not alter URLs (e.g., to change the value of query strings or to convert <span class="term">http</span> to <span class="term">https</span>. Having absolute URLs may be a standard-requirement, e.g., when HTML is embedded in email messages, whereas altering URLs for other purposes is beyond htmLawed's goals. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span> parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  *  Pairs of opening and closing tags that do not enclose any content (like <span class="term"><em></em></span>) are not removed. This may be against the standard specs for certain elements (e.g., <span class="term">table</span>). However, presence of such standard-incompliant code will not break the display or layout of content. Admins can also use simple regex-based code to filter out such code.<br /> +<br /> +  *  htmLawed does not check for certain element orderings described in the standard specs (e.g., in a <span class="term">table</span>, <span class="term">tbody</span> is allowed before <span class="term">tfoot</span>). Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span> parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  *  htmLawed does not check the number of nested elements. E.g., it will allow two <span class="term">caption</span> elements in a <span class="term">table</span> element, illegal as per the specs. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span> parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  *  htmLawed might convert certain entities to actual characters and remove backslashes and CSS comment-markers (<span class="term">/*</span>) in <span class="term">style</span> attribute values in order to detect malicious HTML like crafted IE-specific dynamic expressions like <span class="term">&#101;xpression...</span>. If this is too harsh, admins can allow CSS expressions through htmLawed core but then use a custom function through the <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>) to more specifically identify CSS expressions in the <span class="term">style</span> attribute values. Also, using <span class="term">$config["style_pass"]</span>, it is possible to have htmLawed pass <span class="term">style</span> attribute values without even looking at them (<a href="#s3.4.8">section 3.4.8</a>).<br /> +<br /> +  *  htmLawed does not correct certain possible attribute-based security vulnerabilities (e.g., <span class="term"><a href="http://x%22+style=%22background-image:xss">x</a></span>). These arise when browsers mis-identify markup in <em>escaped</em> text, defeating the very purpose of escaping text (a bad browser will read the given example as <span class="term"><a href="http://x" style="background-image:xss">x</a></span>).<br /> +<br /> +  *  Because of poor Unicode support in PHP, htmLawed does not remove the <em>high value</em> HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see <a href="#s3.1">section 3.1</a>).<br /> +<br /> +  *  Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s2.9" id="s2.9"></a><span class="item-no">2.9</span>  Examples +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  <strong>1.</strong> A blog administrator wants to allow only <span class="term">a</span>, <span class="term">em</span>, <span class="term">strike</span>, <span class="term">strong</span> and <span class="term">u</span> in comments, but needs <span class="term">strike</span> and <span class="term">u</span> transformed to <span class="term">span</span> for better XHTML 1-strict compliance, and, he wants the <span class="term">a</span> links to be to <span class="term">http</span> or <span class="term">https</span> resources:<br /> +<br /> + +<code class="code">    $processed = htmLawed($in, array('elements'=>'a, em, strike, strong, u', 'make_tag_strict'=>1, 'safe'=>1, 'schemes'=>'*:http, https'), 'a=href');</code> +<br /> +<br /> +  <strong>2.</strong> An author uses a custom-made web application to load content on his web-site. He is the only one using that application and the content he generates has all types of HTML, including scripts. The web application uses htmLawed primarily as a tool to correct errors that creep in while writing HTML and to take care of the occasional <em>bad</em> characters in copy-paste text introduced by Microsoft Office. The web application provides a preview before submitted input is added to the content. For the previewing process, htmLawed is set up as follows:<br /> +<br /> + +<code class="code">    $processed = htmLawed($in, array('css_expression'=>1, 'keep_bad'=>1, 'make_tag_strict'=>1, 'schemes'=>'*:*', 'valid_xhtml'=>1));</code> +<br /> +<br /> +  For the final submission process, <span class="term">keep_bad</span> is set to <span class="term">6</span>. A value of <span class="term">1</span> for the preview process allows the author to note and correct any HTML mistake without losing any of the typed text.<br /> +<br /> +  <strong>3.</strong> A data-miner is scraping information in a specific table of similar web-pages and is collating the data rows, and uses htmLawed to reduce unnecessary markup and white-spaces:<br /> +<br /> + +<code class="code">    $processed = htmLawed($in, array('elements'=>'tr, td', 'tidy'=>-1), 'tr, td =');</code> +<br /> + +</div> +</div> +<div class="section"><h2> +<a name="s3" id="s3"></a><span class="item-no">3</span>  Details +</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<div class="sub-section"><h3> +<a name="s3.1" id="s3.1"></a><span class="item-no">3.1</span>  Invalid/dangerous characters +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Valid characters (more correctly, their code-points) in HTML or XML are, hexadecimally, <span class="term">9</span>, <span class="term">a</span>, <span class="term">d</span>, <span class="term">20</span> to <span class="term">d7ff</span>, and <span class="term">e000</span> to <span class="term">10ffff</span>, except <span class="term">fffe</span> and <span class="term">ffff</span> (decimally, <span class="term">9</span>, <span class="term">10</span>, <span class="term">13</span>, <span class="term">32</span> to <span class="term">55295</span>, and <span class="term">57344</span> to <span class="term">1114111</span>, except <span class="term">65534</span> and <span class="term">65535</span>). htmLawed removes the invalid characters <span class="term">0</span> to <span class="term">8</span>, <span class="term">b</span>, <span class="term">c</span>, and <span class="term">e</span> to <span class="term">1f</span>.<br /> +<br /> +  Because of PHP's poor native support for multi-byte characters, htmLawed cannot check for the remaining invalid code-points. However, for various reasons, it is very unlikely for any of those characters to be in the input.<br /> +<br /> +  Characters that are discouraged (see <a href="#s5.1">section 5.1</a>) but not invalid are not removed by htmLawed.<br /> +<br /> +  It (function <span class="term">hl_tag()</span>) also replaces the potentially dangerous (in some Mozilla [Firefox] and Opera browsers) soft-hyphen character (code-point, hexadecimally, <span class="term">ad</span>, or decimally, <span class="term">173</span>) in attribute values with spaces. Where required, the characters <span class="term"><</span>, <span class="term">></span>, <span class="term">&</span>, and <span class="term">"</span> are converted to entities.<br /> +<br /> +  With <span class="term">$config["clean_ms_char"]</span> set as <span class="term">1</span> or <span class="term">2</span>, many of the discouraged characters (decimal code-points <span class="term">127</span> to <span class="term">159</span> except <span class="term">133</span>) that many Microsoft applications incorrectly use (as per the <span class="term">Windows 1252</span> [<span class="term">Cp-1252</span>] or a similar encoding system), and the character for decimal code-point <span class="term">133</span>, are converted to appropriate decimal numerical entities (or removed for a few cases)-- see appendix in <a href="#s5.4">section 5.4</a>. This can help avoid some display issues arising from copying-pasting of content.<br /> +<br /> +  With <span class="term">$config["clean_ms_char"]</span> set as <span class="term">2</span>, characters for the hexadecimal code-points <span class="term">82</span>, <span class="term">91</span>, and <span class="term">92</span> (for special single-quotes), and <span class="term">84</span>, <span class="term">93</span>, and <span class="term">94</span> (for special double-quotes) are converted to ordinary single and double quotes respectively and not to entities.<br /> +<br /> +  The character values are replaced with entities/characters and not character values referred to by the entities/characters to keep this task independent of the character-encoding of input text.<br /> +<br /> +  The <span class="term">$config["clean_ms_char"]</span> parameter need not be used if authors do not copy-paste Microsoft-created text or if the input text is not believed to use the <span class="term">Windows 1252</span> or a similar encoding. Further, the input form and the web-pages displaying it or its content should have the character encoding appropriately marked-up.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.2" id="s3.2"></a><span class="item-no">3.2</span>  Character references/entities +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Valid character entities take the form <span class="term">&*;</span> where <span class="term">*</span> is <span class="term">#x</span> followed by a hexadecimal number (hexadecimal numeric entity; like <span class="term">&#xA0;</span> for non-breaking space), or alphanumeric like <span class="term">gt</span> (external or named entity; like <span class="term">&nbsp;</span> for non-breaking space), or <span class="term">#</span> followed by a number (decimal numeric entity; like <span class="term">&#160;</span> for non-breaking space). Character entities referring to the soft-hyphen character (the <span class="term">&shy;</span> or <span class="term">\xad</span> character; hexadecimal code-point <span class="term">ad</span> [decimal <span class="term">173</span>]) in attribute values are always replaced with spaces; soft-hyphens in attribute values introduce vulnerabilities in some older versions of the Opera and Mozilla [Firefox] browsers.<br /> +<br /> +  htmLawed (function <span class="term">hl_ent()</span>):<br /> +<br /> +  *  Neutralizes entities with multiple leading zeroes or missing semi-colons (potentially dangerous)<br /> +<br /> +  *  Lowercases the <span class="term">X</span> (for XML-compliance) and <span class="term">A-F</span> of hexadecimal numeric entities<br /> +<br /> +  *  Neutralizes entities referring to characters that are HTML-invalid (see <a href="#s3.1">section 3.1</a>)<br /> +<br /> +  *  Neutralizes entities referring to characters that are HTML-discouraged (code-points, hexadecimally, <span class="term">7f</span> to <span class="term">84</span>, <span class="term">86</span> to <span class="term">9f</span>, and <span class="term">fdd0</span> to <span class="term">fddf</span>, or decimally, <span class="term">127</span> to <span class="term">132</span>, <span class="term">134</span> to <span class="term">159</span>, and <span class="term">64991</span> to <span class="term">64976</span>). Entities referring to the remaining discouraged characters (see <a href="#s5.1">section 5.1</a> for a full list) are let through.<br /> +<br /> +  *  Neutralizes named entities that are not in the specs.<br /> +<br /> +  *  Optionally converts valid HTML-specific named entities except <span class="term">&gt;</span>, <span class="term">&lt;</span>, <span class="term">&quot;</span>, and <span class="term">&amp;</span> to decimal numeric ones (hexadecimal if $config["hexdec_entity"] is <span class="term">2</span>) for generic XML-compliance. For this, <span class="term">$config["named_entity"]</span> should be <span class="term">1</span>.<br /> +<br /> +  *  Optionally converts hexadecimal numeric entities to the more widely supported decimal ones. For this, <span class="term">$config["hexdec_entity"]</span> should be <span class="term">0</span>.<br /> +<br /> +  *  Optionally converts decimal numeric entities to the hexadecimal ones. For this, <span class="term">$config["hexdec_entity"]</span> should be <span class="term">2</span>.<br /> +<br /> +  <em>Neutralization</em> refers to the <em>entitification</em> of <span class="term">&</span> to <span class="term">&amp;</span>.<br /> +<br /> +  <strong>Note</strong>: htmLawed does not convert entities to the actual characters represented by them; one can pass the htmLawed output through PHP's <span class="term">html_entity_decode</span> <a href="http://www.php.net/html_entity_decode">function</a> for that.<br /> +<br /> +  <strong>Note</strong>: If <span class="term">$config["and_mark"]</span> is set, and set to a value other than <span class="term">0</span>, then the <span class="term">&</span> characters in the original input are replaced with the control character for the hexadecimal code-point <span class="term">6</span> (<span class="term">\x06</span>; <span class="term">&</span> characters introduced by htmLawed, e.g., after converting <span class="term"><</span> to <span class="term">&lt;</span>, are not affected). This allows one to distinguish, say, an <span class="term">&gt;</span> introduced by htmLawed and an <span class="term">&gt;</span> put in by the input writer, and can be helpful in further processing of the htmLawed-processed text (e.g., to identify the character sequence <span class="term">o(><)o</span> to generate an emoticon image). When this feature is active, admins should ensure that the htmLawed output is not directly used in web pages or XML documents as the presence of the <span class="term">\x06</span> can break documents. Before use in such documents, and preferably before any storage, any remaining <span class="term">\x06</span> should be changed back to <span class="term">&</span>, e.g., with:<br /> +<br /> + +<code class="code">    $final = str_replace("\x06", '&', $prelim);</code> +<br /> +<br /> +  Also, see <a href="#s3.9">section 3.9</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.3" id="s3.3"></a><span class="item-no">3.3</span>  HTML elements +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed can be configured to allow only certain HTML elements (tags) in the input. Disallowed elements (just tag-content, and not element-content), based on <span class="term">$config["keep_bad"]</span>, are either <em>neutralized</em> (converted to plain text by entitification of <span class="term"><</span> and <span class="term">></span>) or removed.<br /> +<br /> +  E.g., with only <span class="term">em</span> permitted:<br /> +<br /> +  Input:<br /> +<br /> + +<code class="code">      <em>My</em> website is <a href="http://a.com>a.com</a>.</code> +<br /> +<br /> +  Output, with <span class="term">$config["keep_bad"] = 0</span>:<br /> +<br /> + +<code class="code">      <em>My</em> website is a.com.</code> +<br /> +<br /> +  Output, with <span class="term">$config["keep_bad"]</span> not <span class="term">0</span>:<br /> +<br /> + +<code class="code">      <em>My</em> website is &lt;a href=""&gt;a.com&lt;/a&gt;.</code> +<br /> +<br /> +  See <a href="#s3.3.3">section 3.3.3</a> for differences between the various non-zero <span class="term">$config["keep_bad"]</span> values.<br /> +<br /> +  htmLawed by default permits these 86 elements:<br /> +<br /> + +<code class="code">    a, abbr, acronym, address, applet, area, b, bdo, big, blockquote, br, button, caption, center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, embed, fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, iframe, img, input, ins, isindex, kbd, label, legend, li, map, menu, noscript, object, ol, optgroup, option, p, param, pre, q, rb, rbc, rp, rt, rtc, ruby, s, samp, script, select, small, span, strike, strong, sub, sup, table, tbody, td, textarea, tfoot, th, thead, tr, tt, u, ul, var</code> +<br /> +<br /> +  Except for <span class="term">embed</span> (included because of its wide-spread use) and the Ruby elements (<span class="term">rb</span>, <span class="term">rbc</span>, <span class="term">rp</span>, <span class="term">rt</span>, <span class="term">rtc</span>, <span class="term">ruby</span>; part of XHTML 1.1), these are all the elements in the HTML 4/XHTML 1 specs. Strict-specific specs. exclude <span class="term">center</span>, <span class="term">dir</span>, <span class="term">font</span>, <span class="term">isindex</span>, <span class="term">menu</span>, <span class="term">s</span>, <span class="term">strike</span>, and <span class="term">u</span>.<br /> +<br /> +  With <span class="term">$config["safe"] = 1</span>, the default set will exclude <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span> and <span class="term">script</span>; see <a href="#s3.6">section 3.6</a>.<br /> +<br /> +  When <span class="term">$config["elements"]</span>, which specifies allowed elements, is <em>properly</em> defined, and neither empty nor set to <span class="term">0</span> or <span class="term">*</span>, the default set is not used. To have elements added to or removed from the default set, a <span class="term">+/-</span> notation is used. E.g., <span class="term">*-script-object</span> implies that only <span class="term">script</span> and <span class="term">object</span> are disallowed, whereas <span class="term">*+embed</span> means that <span class="term">noembed</span> is also allowed. Elements can also be specified as comma separated names. E.g., <span class="term">a, b, i</span> means only <span class="term">a</span>, <span class="term">b</span> and <span class="term">i</span> are permitted. In this notation, <span class="term">*</span>, <span class="term">+</span> and <span class="term">-</span> have no significance and can actually cause a mis-reading.<br /> +<br /> +  Some more examples of <span class="term">$config["elements"]</span> values indicating permitted elements (note that empty spaces are liberally allowed for clarity):<br /> +<br /> +  *  <span class="term">a, blockquote, code, em, strong</span> -- only <span class="term">a</span>, <span class="term">blockquote</span>, <span class="term">code</span>, <span class="term">em</span>, and <span class="term">strong</span><br /> +  *  <span class="term">*-script</span> -- all excluding <span class="term">script</span><br /> +  *  <span class="term">* -center -dir -font -isindex -menu -s -strike -u</span> -- only XHTML-Strict elements<br /> +  *  <span class="term">*+noembed-script</span> -- all including <span class="term">noembed</span> excluding <span class="term">script</span><br /> +<br /> +  Some mis-usages (and the resulting permitted elements) that can be avoided:<br /> +<br /> +  *  <span class="term">-*</span> -- none; instead of htmLawed, one might just use, e.g., the <span class="term">htmlspecialchars()</span> PHP function<br /> +  *  <span class="term">*, -script</span> -- all except <span class="term">script</span>; admin probably meant <span class="term">*-script</span><br /> +  *  <span class="term">-*, a, em, strong</span> -- all; admin probably meant <span class="term">a, em, strong</span><br /> +  *  <span class="term">*</span> -- all; admin need not have set <span class="term">elements</span><br /> +  *  <span class="term">*-form+form</span> -- all; a <span class="term">+</span> will always over-ride any <span class="term">-</span><br /> +  *  <span class="term">*, noembed</span> -- only <span class="term">noembed</span>; admin probably meant <span class="term">*+noembed</span><br /> +  *  <span class="term">a, +b, i</span> -- only <span class="term">a</span> and <span class="term">i</span>; admin probably meant <span class="term">a, b, i</span><br /> +<br /> +  Basically, when using the <span class="term">+/-</span> notation, commas (<span class="term">,</span>) should not be used, and vice versa, and <span class="term">*</span> should be used with the former but not the latter.<br /> +<br /> +  <strong>Note</strong>: Even if an element that is not in the default set is allowed through <span class="term">$config["elements"]</span>, like <span class="term">noembed</span> in the last example, it will eventually be removed during tag balancing unless such balancing is turned off (<span class="term">$config["balance"]</span> set to <span class="term">0</span>). Currently, the only way around this, which actually is simple, is to edit the various arrays in the function <span class="term">hl_bal()</span> to accommodate the element and its nesting properties.<br /> +<br /> +  <strong>A possibly second way to specify allowed elements</strong> is to set <span class="term">$config["parent"]</span> to an element name that supposedly will hold the input, and to set <span class="term">$config["balance"]</span> to <span class="term">1</span>. During tag balancing (see <a href="#s3.3.3">section 3.3.3</a>), all elements that cannot legally nest inside the parent element will be removed. The parent element is auto-reset to <span class="term">div</span> if <span class="term">$config["parent"]</span> is empty, <span class="term">body</span>, or an element not in htmLawed's default set of 86 elements.<br /> +<br /> +  <em>Tag transformation</em> is possible for improving XHTML-Strict compliance -- most of the deprecated elements are removed or converted to valid XHTML-Strict ones; see <a href="#s3.3.2">section 3.3.2</a>.<br /> + +<div class="sub-sub-section"><h4> +<a name="s3.3.1" id="s3.3.1"></a><span class="item-no">3.3.1</span>  Handling of comments and CDATA sections +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  <span class="term">CDATA</span> sections have the format <span class="term"><![CDATA[...anything but not "]]>"...]]></span>, and HTML comments, <span class="term"><!--...anything but not "-->"... --></span>. Neither HTML comments nor <span class="term">CDATA</span> sections can reside inside tags. HTML comments can exist anywhere else, but <span class="term">CDATA</span> sections can exist only where plain text is allowed (e.g., immediately inside <span class="term">td</span> element content but not immediately inside <span class="term">tr</span> element content).<br /> +<br /> +  htmLawed (function <span class="term">hl_cmtcd()</span>) handles HTML comments or <span class="term">CDATA</span> sections depending on the values of <span class="term">$config["comment"]</span> or <span class="term">$config["cdata"]</span>. If <span class="term">0</span>, such markup is not looked for and the text is processed like plain text. If <span class="term">1</span>, it is removed completely. If <span class="term">2</span>, it is preserved but any <span class="term"><</span>, <span class="term">></span> and <span class="term">&</span> inside are changed to entities. If <span class="term">3</span>, they are left as such.<br /> +<br /> +  Note that for the last two cases, HTML comments and <span class="term">CDATA</span> sections will always be removed from tag content (function <span class="term">hl_tag()</span>).<br /> +<br /> +  Examples:<br /> +<br /> +  Input:<br /> + +<code class="code">    <!-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a></code> +<br /> +  Output (<span class="term">$config["comment"] = 0, $config["cdata"] = 2</span>):<br /> + +<code class="code">    &lt;-- home link --&gt;<a href="home.htm"><![CDATA[x=&amp;y]]>Home</a></code> +<br /> +  Output (<span class="term">$config["comment"] = 1, $config["cdata"] = 2</span>):<br /> + +<code class="code">    <a href="home.htm"><![CDATA[x=&amp;y]]>Home</a></code> +<br /> +  Output (<span class="term">$config["comment"] = 2, $config["cdata"] = 2</span>):<br /> + +<code class="code">    <!-- home link --><a href="home.htm"><![CDATA[x=&amp;y]]>Home</a></code> +<br /> +  Output (<span class="term">$config["comment"] = 2, $config["cdata"] = 1</span>):<br /> + +<code class="code">    <!-- home link --><a href="home.htm">Home</a></code> +<br /> +  Output (<span class="term">$config["comment"] = 3, $config["cdata"] = 3</span>):<br /> + +<code class="code">    <!-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a></code> +<br /> +<br /> +  For standard-compliance, comments are given the form <span class="term"><!--comment --></span>, and any <span class="term">--</span> in the content is made <span class="term">-</span>.<br /> +<br /> +  When <span class="term">$config["safe"] = 1</span>, CDATA sections and comments are considered plain text unless <span class="term">$config["comment"]</span> or <span class="term">$config["cdata"]</span> is explicitly specified; see <a href="#s3.6">section 3.6</a>.<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.3.2" id="s3.3.2"></a><span class="item-no">3.3.2</span>  Tag-transformation for better XHTML-Strict +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["make_tag_strict"]</span> is set and not <span class="term">0</span>, following non-XHTML-Strict elements (and attributes), even if admin-permitted, are mutated as indicated (element content remains intact; function <span class="term">hl_tag2()</span>):<br /> +<br /> +  *  applet - (based on <span class="term">$config["make_tag_strict"]</span>, unchanged (<span class="term">1</span>) or removed (<span class="term">2</span>))<br /> +  *  center - <span class="term">div style="text-align: center;"</span><br /> +  *  dir - <span class="term">ul</span><br /> +  *  embed - (based on <span class="term">$config["make_tag_strict"]</span>, unchanged (<span class="term">1</span>) or removed (<span class="term">2</span>))<br /> +  *  font (face, size, color) -    <span class="term">span style="font-family: ; font-size: ; color: ;"</span> (size transformation <a href="http://style.cleverchimp.com/font_size_intervals/altintervals.html">reference</a>)<br /> +  *  isindex - (based on <span class="term">$config["make_tag_strict"]</span>, unchanged (<span class="term">1</span>) or removed (<span class="term">2</span>))<br /> +  *  menu - <span class="term">ul</span><br /> +  *  s - <span class="term">span style="text-decoration: line-through;"</span><br /> +  *  strike - <span class="term">span style="text-decoration: line-through;"</span><br /> +  *  u - <span class="term">span style="text-decoration: underline;"</span><br /> +<br /> +  For an element with a pre-existing <span class="term">style</span> attribute value, the extra style properties are appended.<br /> +<br /> +  Example input:<br /> +<br /> + +<code class="code">    <center></code> +<br /> + +<code class="code">     The PHP <s>software</s> script used for this <strike>web-page</strike> web-page is <font style="font-weight: bold " face=arial size='+3' color   =  "red  ">htmLawedTest.php</font>, from <u style= 'color:green'>PHP Labware</u>.</code> +<br /> + +<code class="code">    </center></code> +<br /> +<br /> +  The output:<br /> +<br /> + +<code class="code">    <div style="text-align: center;"></code> +<br /> + +<code class="code">     The PHP <span style="text-decoration: line-through;">software</span> script used for this <span style="text-decoration: line-through;">web-page</span> web-page is <span style="font-weight: bold; font-family: arial; color: red; font-size: 200%;">htmLawedTest.php</span>, from <span style="color:green; text-decoration: underline;">PHP Labware</span>.</code> +<br /> + +<code class="code">    </div></code> +<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.3.3" id="s3.3.3"></a><span class="item-no">3.3.3</span>  Tag balancing and proper nesting +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["balance"]</span> is set to <span class="term">1</span>, htmLawed (function <span class="term">hl_bal()</span>) checks and corrects the input to have properly balanced tags and legal element content (i.e., any element nesting should be valid, and plain text may be present only in the content of elements that allow them).<br /> +<br /> +  Depending on the value of <span class="term">$config["keep_bad"]</span> (see <a href="#s2.2">section 2.2</a> and <a href="#s3.3">section 3.3</a>), illegal content may be removed or neutralized to plain text by converting < and > to entities:<br /> +<br /> +  <span class="term">0</span> - remove; this option is available only to maintain Kses-compatibility and should not be used otherwise (see <a href="#s2.6">section 2.6</a>)<br /> +  <span class="term">1</span> - neutralize tags and keep element content<br /> +  <span class="term">2</span> - remove tags but keep element content<br /> +  <span class="term">3</span> and <span class="term">4</span> - like <span class="term">1</span> and <span class="term">2</span>, but keep element content only if text (<span class="term">pcdata</span>) is valid in parent element as per specs<br /> +  <span class="term">5</span> and <span class="term">6</span> -  like <span class="term">3</span> and <span class="term">4</span>, but line-breaks, tabs and spaces are left<br /> +<br /> +  Example input (disallowing the <span class="term">p</span> element):<br /> +<br /> + +<code class="code">    <*> Pseudo-tags <*></code> +<br /> + +<code class="code">    <xml>Non-HTML tag xml</xml></code> +<br /> + +<code class="code">    <p></code> +<br /> + +<code class="code">    Disallowed tag p</code> +<br /> + +<code class="code">    </p></code> +<br /> + +<code class="code">    <ul>Bad<li>OK</li></ul></code> +<br /> +<br /> +  The output with <span class="term">$config["keep_bad"] = 1</span>:<br /> +<br /> + +<code class="code">    &lt;*&gt; Pseudo-tags &lt;*&gt;</code> +<br /> + +<code class="code">    &lt;xml&gt;Non-HTML tag xml&lt;/xml&gt;</code> +<br /> + +<code class="code">    &lt;p&gt;</code> +<br /> + +<code class="code">    Disallowed tag p</code> +<br /> + +<code class="code">    &lt;/p&gt;</code> +<br /> + +<code class="code">    <ul>Bad<li>OK</li></ul></code> +<br /> +<br /> +  The output with <span class="term">$config["keep_bad"] = 3</span>:<br /> +<br /> + +<code class="code">    &lt;*&gt; Pseudo-tags &lt;*&gt;</code> +<br /> + +<code class="code">    &lt;xml&gt;Non-HTML tag xml&lt;/xml&gt;</code> +<br /> + +<code class="code">    &lt;p&gt;</code> +<br /> + +<code class="code">    Disallowed tag p</code> +<br /> + +<code class="code">    &lt;/p&gt;</code> +<br /> + +<code class="code">    <ul><li>OK</li></ul></code> +<br /> +<br /> +  The output with <span class="term">$config["keep_bad"] = 6</span>:<br /> +<br /> + +<code class="code">    &lt;*&gt; Pseudo-tags &lt;*&gt;</code> +<br /> + +<code class="code">    Non-HTML tag xml</code> +<br /> +<br /> + +<code class="code">    Disallowed tag p</code> +<br /> +<br /> + +<code class="code">    <ul><li>OK</li></ul></code> +<br /> +<br /> +  An option like <span class="term">1</span> is useful, e.g., when a writer previews his submission, whereas one like <span class="term">3</span> is useful before content is finalized and made available to all.<br /> +<br /> +  <strong>Note:</strong> In the example above, unlike <span class="term"><*></span>, <span class="term"><xml></span> gets considered as a tag (even though there is no HTML element named <span class="term">xml</span>). In general, text matching the regular expression pattern <span class="term"><(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?></span> is considered a tag (phrase enclosed by the angled brackets <span class="term"><</span> and <span class="term">></span>, and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...).<br /> +<br /> +  Nesting/content rules for each of the 86 elements in htmLawed's default set (see <a href="#s3.3">section 3.3</a>) are defined in function <span class="term">hl_bal()</span>. This means that if a non-standard element besides <span class="term">embed</span> is being permitted through <span class="term">$config["elements"]</span>, the element's tag content will end up getting removed if <span class="term">$config["balance"]</span> is set to <span class="term">1</span>.<br /> +<br /> +  Plain text and/or certain elements nested inside <span class="term">blockquote</span>, <span class="term">form</span>, <span class="term">map</span> and <span class="term">noscript</span> need to be in block-level elements. This point is often missed during manual writing of HTML code. htmLawed attempts to address this during balancing. E.g., if the parent container is set as <span class="term">form</span>, the input <span class="term">B:<input type="text" value="b" />C:<input type="text" value="c" /></span> is converted to <span class="term"><div>B:<input type="text" value="b" />C:<input type="text" value="c" /></div></span>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.3.4" id="s3.3.4"></a><span class="item-no">3.3.4</span>  Elements requiring child elements +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  As per specs, the following elements require legal child elements nested inside them:<br /> +<br /> + +<code class="code">    blockquote, dir, dl, form, map, menu, noscript, ol, optgroup, rbc, rtc, ruby, select, table, tbody, tfoot, thead, tr, ul</code> +<br /> +<br /> +  In some cases, the specs stipulate the number and/or the ordering of the child elements. A <span class="term">table</span> can have 0 or 1 <span class="term">caption</span>, <span class="term">tbody</span>, <span class="term">tfoot</span>, and <span class="term">thead</span>, but they must be in this order: <span class="term">caption</span>, <span class="term">thead</span>, <span class="term">tfoot</span>, <span class="term">tbody</span>.<br /> +<br /> +  htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.3.5" id="s3.3.5"></a><span class="item-no">3.3.5</span>  Beautify or compact HTML +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  By default, htmLawed will neither <em>beautify</em> HTML code by formatting it with indentations, etc., nor will it make it compact by removing un-needed white-space.(It does always properly white-space tag content.)<br /> +<br /> +  As per the HTML standards, spaces, tabs and line-breaks in web-pages (except those inside <span class="term">pre</span> elements) are all considered equivalent, and referred to as <em>white-spaces</em>. Browser applications are supposed to consider contiguous white-spaces as just a single space, and to disregard white-spaces trailing opening tags or preceding closing tags. This white-space <em>normalization</em> allows the use of text/code beautifully formatted with indentations and line-spacings for readability. Such <em>pretty</em> HTML can, however, increase the size of web-pages, or make the extraction or scraping of plain text cumbersome.<br /> +<br /> +  With the <span class="term">$config</span> parameter <span class="term">tidy</span>, htmLawed can be used to beautify or compact the input text. Input with just plain text and no HTML markup is also subject to this. Besides <span class="term">pre</span>, the <span class="term">script</span> and <span class="term">textarea</span> elements, CDATA sections, and HTML comments are not subjected to the tidying process.<br /> +<br /> +  To <em>compact</em>, use <span class="term">$config["tidy"] = -1</span>; single instances or runs of white-spaces are replaced with a single space, and white-spaces trailing and leading open and closing tags, respectively, are removed.<br /> +<br /> +  To <em>beautify</em>, <span class="term">$config["tidy"]</span> is set as <span class="term">1</span>, or for customized tidying, as a string like <span class="term">2s2n</span>. The <span class="term">s</span> or <span class="term">t</span> character specifies the use of spaces or tabs for indentation. The first and third characters, any of the digits 0-9, specify the number of spaces or tabs per indentation, and any parental lead spacing (extra indenting of the whole block of input text). The <span class="term">r</span> and <span class="term">n</span> characters are used to specify line-break characters: <span class="term">n</span> for <span class="term">\n</span> (Unix/Mac OS X line-breaks), <span class="term">rn</span> or <span class="term">nr</span> for <span class="term">\r\n</span> (Windows/DOS line-breaks), or <span class="term">r</span> for <span class="term">\r</span>.<br /> +<br /> +  The <span class="term">$config["tidy"]</span> value of <span class="term">1</span> is equivalent to <span class="term">2s0n</span>. Other <span class="term">$config["tidy"]</span> values are read loosely: a value of <span class="term">4</span> is equivalent to <span class="term">4s0n</span>; <span class="term">t2</span>, to <span class="term">1t2n</span>; <span class="term">s</span>, to <span class="term">2s0n</span>; <span class="term">2TR</span>, to <span class="term">2t0r</span>; <span class="term">T1</span>, to <span class="term">1t1n</span>; <span class="term">nr3</span>, to <span class="term">3s0nr</span>, and so on. Except in the indentations and line-spacings, runs of white-spaces are replaced with a single space during beautification.<br /> +<br /> +  Input formatting using <span class="term">$config["tidy"]</span> is not recommended when input text has mixed markup (like HTML + PHP).<br /> + +</div> +</div> +<div class="sub-section"><h3> +<a name="s3.4" id="s3.4"></a><span class="item-no">3.4</span>  Attributes +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the <span class="term">embed</span> element (the non-standard <span class="term">embed</span> element is supported in htmLawed because of its widespread use), and the the <span class="term">xml:space</span> attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in <a href="#s5.2">section 5.2</a>.<br /> +<br /> +  When <span class="term">$config["deny_attribute"]</span> is not set, or set to <span class="term">0</span>, or empty (<span class="term">""</span>), all the 111 attributes are permitted. Otherwise, <span class="term">$config["deny_attribute"]</span> can be set as a list of comma-separated names of the denied attributes. <span class="term">on*</span> can be used to refer to the group of potentially dangerous, script-accepting attributes: <span class="term">onblur</span>, <span class="term">onchange</span>, <span class="term">onclick</span>, <span class="term">ondblclick</span>, <span class="term">onfocus</span>, <span class="term">onkeydown</span>, <span class="term">onkeypress</span>, <span class="term">onkeyup</span>, <span class="term">onmousedown</span>, <span class="term">onmousemove</span>, <span class="term">onmouseout</span>, <span class="term">onmouseover</span>, <span class="term">onmouseup</span>, <span class="term">onreset</span>, <span class="term">onselect</span> and <span class="term">onsubmit</span>.<br /> +<br /> +  Note that attributes specified in <span class="term">$config["deny_attribute"]</span> are denied globally, for all elements. To deny attributes for only specific elements, <span class="term">$spec</span> (see <a href="#s2.3">section 2.3</a>) can be used. <span class="term">$spec</span> can also be used to element-specifically permit an attribute otherwise denied through <span class="term">$config["deny_attribute"]</span>.<br /> +<br /> +  With <span class="term">$config["safe"] = 1</span> (<a href="#s3.6">section 3.6</a>), the <span class="term">on*</span> attributes are automatically disallowed.<br /> +<br /> +  <strong>Note</strong>: To deny all but a few attributes globally, a simpler way to specify <span class="term">$config["deny_attribute"]</span> would be to use the notation <span class="term">* -attribute1 -attribute2 ...</span>. Thus, a value of <span class="term">* -title -href</span> implies that except <span class="term">href</span> and <span class="term">title</span> (where allowed as per standards) all other attributes are to be removed. With this notation, the value for the parameter <span class="term">safe</span> (<a href="#s3.6">section 3.6</a>) will have no effect on <span class="term">deny_attribute</span>.<br /> +<br /> +  htmLawed (function <span class="term">hl_tag()</span>) also:<br /> +<br /> +  *  Lower-cases attribute names<br /> +  *  Removes duplicate attributes (last one stays)<br /> +  *  Gives attributes the form <span class="term">name="value"</span> and single-spaces them, removing unnecessary white-spacing<br /> +  *  Provides <em>required</em> attributes (see <a href="#s3.4.1">section 3.4.1</a>)<br /> +  *  Double-quotes values and escapes any <span class="term">"</span> inside them<br /> +  *  Replaces the possibly dangerous soft-hyphen characters (hexadecimal code-point <span class="term">ad</span>) in the values with spaces<br /> +  *  Allows custom function to additionally filter/modify attribute values (see <a href="#s3.4.9">section 3.4.9</a>)<br /> + +<div class="sub-sub-section"><h4> +<a name="s3.4.1" id="s3.4.1"></a><span class="item-no">3.4.1</span>  Auto-addition of XHTML-required attributes +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If indicated attributes for the following elements are found missing, htmLawed (function <span class="term">hl_tag()</span>) will add them (with values same as attribute names unless indicated otherwise below):<br /> +<br /> +  *  area - alt (<span class="term">area</span>)<br /> +  *  area, img - src, alt (<span class="term">image</span>)<br /> +  *  bdo - dir (<span class="term">ltr</span>)<br /> +  *  form - action<br /> +  *  map - name<br /> +  *  optgroup - label<br /> +  *  param - name<br /> +  *  script - type (<span class="term">text/javascript</span>)<br /> +  *  textarea - rows (<span class="term">10</span>), cols (<span class="term">50</span>)<br /> +<br /> +  Additionally, with <span class="term">$config["xml:lang"]</span> set to <span class="term">1</span> or <span class="term">2</span>, if the <span class="term">lang</span> but not the <span class="term">xml:lang</span> attribute is declared, then the latter is added too, with a value copied from that of <span class="term">lang</span>. This is for better standard-compliance. With <span class="term">$config["xml:lang"]</span> set to <span class="term">2</span>, the <span class="term">lang</span> attribute is removed (XHTML 1.1 specs).<br /> +<br /> +  Note that the <span class="term">name</span> attribute for <span class="term">map</span>, invalid in XHTML 1.1, is also transformed if required -- see <a href="#s3.4.6">section 3.4.6</a>.<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.4.2" id="s3.4.2"></a><span class="item-no">3.4.2</span>  Duplicate/invalid <span class="term">id</span> values +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["unique_ids"]</span> is <span class="term">1</span>, htmLawed (function <span class="term">hl_tag()</span>) removes <span class="term">id</span> attributes with values that are not XHTML-compliant (must begin with a letter and can contain letters, digits, <span class="term">:</span>, <span class="term">.</span>, <span class="term">-</span> and <span class="term">_</span>) or duplicate. If <span class="term">$config["unique_ids"]</span> is a word, any duplicate but otherwise valid value will be appropriately prefixed with the word to ensure its uniqueness. The word should begin with a letter and should contain only letters, numbers, <span class="term">:</span>, <span class="term">.</span>, <span class="term">_</span> and <span class="term">-</span>.<br /> +<br /> +  Even if multiple inputs need to be filtered (through multiple calls to htmLawed), htmLawed ensures uniqueness of <span class="term">id</span> values as it uses a global variable (<span class="term">$GLOBALS["hl_Ids"]</span> array). Further, an admin can restrict the use of certain <span class="term">id</span> values by presetting this variable before htmLawed is called into use. E.g.:<br /> +<br /> + +<code class="code">    $GLOBALS['hl_Ids'] = array('top'=>1, 'bottom'=>1, 'myform'=>1); // id values not allowed in input</code> +<br /> + +<code class="code">    $processed = htmLawed($text); // filter input</code> +<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.4.3" id="s3.4.3"></a><span class="item-no">3.4.3</span>  URL schemes (protocols) and scripts in attribute values +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed edits attributes that take URLs as values if they are found to contain un-permitted schemes. E.g., if the <span class="term">afp</span> scheme is not permitted, then <span class="term"><a href="afp://domain.org"></span> becomes <span class="term"><a href="denied:afp://domain.org"></span>, and if Javascript is not permitted <span class="term"><a onclick="javascript:xss();"></span> becomes <span class="term"><a onclick="denied:javascript:xss();"></span>.<br /> +<br /> +  By default htmLawed permits these schemes in URLs for the <span class="term">href</span> attribute:<br /> +<br /> + +<code class="code">    aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet</code> +<br /> +<br /> +  Also, only <span class="term">file</span>, <span class="term">http</span> and <span class="term">https</span> are permitted in attributes whose names start with <span class="term">o</span> (like <span class="term">onmouseover</span>), and in these attributes that accept URLs:<br /> +<br /> + +<code class="code">    action, cite, classid, codebase, data, href, longdesc, model, pluginspage, pluginurl, src, style, usemap</code> +<br /> +<br /> +  These default sets are used when <span class="term">$config["schemes"]</span> is not set (see <a href="#s2.2">section 2.2</a>). To over-ride the defaults, <span class="term">$config["schemes"]</span> is defined as a string of semi-colon-separated sub-strings of type <span class="term">attribute: comma-separated schemes</span>. E.g., <span class="term">href: mailto, http, https; onclick: javascript; src: http, https</span>. For unspecified attributes, <span class="term">file</span>, <span class="term">http</span> and <span class="term">https</span> are permitted. This can be changed by passing schemes for <span class="term">*</span> in <span class="term">$config["schemes"]</span>. E.g., <span class="term">href: mailto, http, https; *: https, https</span>.<br /> +<br /> +  <span class="term">*</span> can be put in the list of schemes to permit all protocols. E.g., <span class="term">style: *; img: http, https</span> results in protocols not being checked in <span class="term">style</span> attribute values. However, in such cases, any relative-to-absolute URL conversion, or vice versa, (<a href="#s3.4.4">section 3.4.4</a>) is not done.<br /> +<br /> +  Thus, <em>to allow Javascript</em>, one can set <span class="term">$config["schemes"]</span> as <span class="term">href: mailto, http, https; *: http, https, javascript</span>, or <span class="term">href: mailto, http, https, javascript; *: http, https, javascript</span>, or <span class="term">*: *</span>, and so on.<br /> +<br /> +  As a side-note, one may find <span class="term">style: *</span> useful as URLs in <span class="term">style</span> attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text.<br /> +<br /> +  <strong>Note</strong>: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string <span class="term">src</span> (e.g., <span class="term">dynsrc</span>) or starts with <span class="term">o</span> (e.g., <span class="term">onbeforecopy</span>).<br /> +<br /> +  With <span class="term">$config["safe"] = 1</span>, all URLs are disallowed in the <span class="term">style</span> attribute values.<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.4.4" id="s3.4.4"></a><span class="item-no">3.4.4</span>  Absolute & relative URLs in attribute values +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed can make absolute URLs in attributes like <span class="term">href</span> relative (<span class="term">$config["abs_url"]</span> is <span class="term">-1</span>), and vice versa (<span class="term">$config["abs_url"]</span> is <span class="term">1</span>). URLs in scripts are not considered for this, and so are URLs like <span class="term">#section_6</span> (fragment), <span class="term">?name=Tim#show</span> (starting with query string), and <span class="term">;var=1?name=Tim#show</span> (starting with parameters). Further, this requires that <span class="term">$config["base_url"]</span> be set properly, with the <span class="term">://</span> and a trailing slash (<span class="term">/</span>), with no query string, etc. E.g., <span class="term">file:///D:/page/</span>, <span class="term">https://abc.com/x/y/</span>, or <span class="term">http://localhost/demo/</span> are okay, but <span class="term">file:///D:/page/?help=1</span>, <span class="term">abc.com/x/y/</span> and <span class="term">http://localhost/demo/index.htm</span> are not.<br /> +<br /> +  For making absolute URLs relative, only those URLs that have the <span class="term">$config["base_url"]</span> string at the beginning are converted. E.g., with <span class="term">$config["base_url"] = "https://abc.com/x/y/"</span>, <span class="term">https://abc.com/x/y/a.gif</span> and <span class="term">https://abc.com/x/y/z/b.gif</span> become <span class="term">a.gif</span> and <span class="term">z/b.gif</span> respectively, while <span class="term">https://abc.com/x/c.gif</span> is not changed.<br /> +<br /> +  When making relative URLs absolute, only values for scheme, network location (host-name) and path values in the base URL are inherited. See <a href="#s5.5">section 5.5</a> for more about the URL specification as per RFC <a href="http://www.ietf.org/rfc/rfc1808.txt">1808</a>.<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.4.5" id="s3.4.5"></a><span class="item-no">3.4.5</span>  Lower-cased, standard attribute values +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Optionally, for standard-compliance, htmLawed (function <span class="term">hl_tag()</span>) lower-cases standard attribute values to give, e.g., <span class="term">input type="password"</span> instead of <span class="term">input type="Password"</span>, if <span class="term">$config["lc_std_val"]</span> is <span class="term">1</span>. Attribute values matching those listed below for any of the elements (plus those for the <span class="term">type</span> attribute of <span class="term">button</span> or <span class="term">input</span>) are lower-cased:<br /> +<br /> + +<code class="code">    all, baseline, bottom, button, center, char, checkbox, circle, col, colgroup, cols, data, default, file, get, groups, hidden, image, justify, left, ltr, middle, none, object, password, poly, post, preserve, radio, rect, ref, reset, right, row, rowgroup, rows, rtl, submit, text, top</code> +<br /> +<br /> + +<code class="code">    a, area, bdo, button, col, form, img, input, object, option, optgroup, param, script, select, table, td, tfoot, th, thead, tr, xml:space</code> +<br /> +<br /> +  The following <em>empty</em> (<em>minimized</em>) attributes are always assigned lower-cased values (same as the names):<br /> +<br /> + +<code class="code">    checked, compact, declare, defer, disabled, ismap, multiple, nohref, noresize, noshade, nowrap, readonly, selected</code> +<br /> + +</div> +<div class="sub-sub-section"><h4> +<a name="s3.4.6" id="s3.4.6"></a><span class="item-no">3.4.6</span>  Transformation of deprecated attributes +</h4><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["no_deprecated_attr"]</span> is <span class="term">0</span>, then deprecated attributes (see appendix in <a href="#s5.2">section 5.2</a>) are removed and, in most cases, their values are transformed to CSS style properties and added to the <span class="term">style</span> attributes (function <span class="term">hl_tag()</span>). Except for <span class="term">bordercolor</span> for <span class="term">table</span>, <span class="term">tr</span> and <span class="term">td</span>, the scores of proprietary attributes that were never part of any cross-browser standard are not supported.<br /> +<br /> +  <strong>Note</strong>: The attribute <span class="term">target</span> for <span class="term">a</span> is allowed even though it is not in XHTML 1.0 specs. This is because of the attribute's wide-spread use and browser-support, and because the attribute is valid in XHTML 1.1 onwards.<br /> +<br /> +  *  align - for <span class="term">img</span> with value of <span class="term">left</span> or <span class="term">right</span>, becomes, e.g., <span class="term">float: left</span>; for <span class="term">div</span> and <span class="term">table</span> with value <span class="term">center</span>, becomes <span class="term">margin: auto</span>; all others become, e.g., <span class="term">text-align: right</span><br /> +<br /> +  *  bgcolor - E.g., <span class="term">bgcolor="#ffffff"</span> becomes <span class="term">background-color: #ffffff</span><br /> +  *  border - E.g., <span class="term">height= "10"</span> becomes <span class="term">height: 10px</span><br /> +  *  bordercolor - E.g., <span class="term">bordercolor=#999999</span> becomes <span class="term">border-color: #999999;</span><br /> +  *  compact - <span class="term">font-size: 85%</span><br /> +  *  clear - E.g., 'clear="all" becomes <span class="term">clear: both</span><br /> +<br /> +  *  height - E.g., <span class="term">height= "10"</span> becomes <span class="term">height: 10px</span> and <span class="term">height="*"</span> becomes <span class="term">height: auto</span><br /> +<br /> +  *  hspace - E.g., <span class="term">hspace="10"</span> becomes <span class="term">margin-left: 10px; margin-right: 10px</span><br /> +  *  language - <span class="term">language="VBScript"</span> becomes <span class="term">type="text/vbscript"</span><br /> +  *  name - E.g., <span class="term">name="xx"</span> becomes <span class="term">id="xx"</span><br /> +  *  noshade - <span class="term">border-style: none; border: 0; background-color: gray; color: gray</span><br /> +  *  nowrap - <span class="term">white-space: nowrap</span><br /> +  *  size - E.g., <span class="term">size="10"</span> becomes <span class="term">height: 10px</span><br /> +  *  start - removed<br /> +  *  type - E.g., <span class="term">type="i"</span> becomes <span class="term">list-style-type: lower-roman</span><br /> +  *  value - removed<br /> +  *  vspace - E.g., <span class="term">vspace="10"</span> becomes <span class="term">margin-top: 10px; margin-bottom: 10px</span><br /> +  *  width - like <span class="term">height</span><br /> +<br /> +  Example input:<br /> +<br /> + +<code class="code">    <img src="j.gif" alt="image" name="dad's" /><img src="k.gif" alt="image" id="dad_off" name="dad" /></code> +<br /> + +<code class="code">    <br clear="left" /></code> +<br /> + +<code class="code">    <hr noshade size="1" /></code> +<br /> + +<code class="code">    <img name="img" src="i.gif" align="left" alt="image" hspace="10" vspace="10" width="10em" height="20" border="1" style="padding:5px;" /></code> +<br /> + +<code class="code">    <table width="50em" align="center" bgcolor="red"></code> +<br /> + +<code class="code">     <tr></code> +<br /> + +<code class="code">      <td width="20%"></code> +<br /> + +<code class="code">       <div align="center"></code> +<br /> + +<code class="code">        <h3 align="right">Section</h3></code> +<br /> + +<code class="code">        <p align="right">Para</p></code> +<br /> + +<code class="code">        <ol type="a" start="e"><li value="x">First item</li></ol></code> +<br /> + +<code class="code">       </div></code> +<br /> + +<code class="code">      </td></code> +<br /> + +<code class="code">      <td width="*"></code> +<br /> + +<code class="code">       <ol type="1"><li>First item</li></ol></code> +<br /> + +<code class="code">      </td></code> +<br /> + +<code class="code">     </tr></code> +<br /> + +<code class="code">    </table></code> +<br /> + +<code class="code">    <br clear="all" /></code> +<br /> +<br /> +  And the output with <span class="term">$config["no_deprecated_attr"] = 1</span>:<br /> +<br /> + +<code class="code">    <img src="j.gif" alt="image" /><img src="k.gif" alt="image" id="dad_off" /></code> +<br /> + +<code class="code">    <br style="clear: left;" /></code> +<br /> + +<code class="code">    <hr style="border-style: none; border: 0; background-color: gray; color: gray; size: 1px;" /></code> +<br /> + +<code class="code">    <img src="i.gif" alt="image" width="10em" height="20" style="padding:5px; float: left; margin-left: 10px; margin-right: 10px; margin-top: 10px; margin-bottom: 10px; border: 1px;" id="img" /></code> +<br /> + +<code class="code">    <table width="50em" style="margin: auto; background-color: red;"></code> +<br /> + +<code class="code">     <tr></code> +<br /> + +<code class="code">      <td style="width: 20%;"></code> +<br /> + +<code class="code">       <div style="margin: auto;"></code> +<br /> + +<code class="code">        <h3 style="text-align: right;">Section</h3></code> +<br /> + +<code class="code">        <p style="text-align: right;">Para</p></code> +<br /> + +<code class="code">        <ol style="list-style-type: lower-latin;"><li>First item</li></ol></code> +<br /> + +<code class="code">       </div></code> +<br /> + +<code class="code">      </td></code> +<br /> + +<code class="code">      <td style="width: auto;"></code> +<br /> + +<code class="code">       <ol style="list-style-type: decimal;"><li>First item</li></ol></code> +<br /> + +<code class="code">      </td></code> +<br /> + +<code class="code">     </tr></code> +<br /> + +<code class="code">    </table></code> +<br /> + +<code class="code">    <br style="clear: both;" /></code> +<br /> +<br /> +  For <span class="term">lang</span>, deprecated in XHTML 1.1, transformation is taken care of through <span class="term">$config["xml:lang"]</span>; see <a href="#s3.4.1">section 3.4.1</a>.<br /> +<br /> +  The attribute <span class="term">name</span> is deprecated in <span class="term">form</span>, <span class="term">iframe</span>, and <span class="term">img</span>, and is replaced with <span class="term">id</span> if an <span class="term">id</span> attribute doesn't exist and if the <span class="term">name</span> value is appropriate for <span class="term">id</span>. For such replacements for <span class="term">a</span> and <span class="term">map</span>, for which the <span class="term">name</span> attribute is deprecated in XHTML 1.1, <span class="term">$config["no_deprecated_attr"]</span> should be set to <span class="term">2</span> (when set to <span class="term">1</span>, for these two elements, the <span class="term">name</span> attribute is retained).<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.4.7" id="s3.4.7"></a><span class="item-no">3.4.7</span>  Anti-spam & <span class="term">href</span> +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed (function <span class="term">hl_tag()</span>) can check the <span class="term">href</span> attribute values (link addresses) as an anti-spam (email or link spam) measure.<br /> +<br /> +  If <span class="term">$config["anti_mail_spam"]</span> is not <span class="term">0</span>, the <span class="term">@</span> of email addresses in <span class="term">href</span> values like <span class="term">mailto:a@b.com</span> is replaced with text specified by <span class="term">$config["anti_mail_spam"]</span>. The text should be of a form that makes it clear to others that the address needs to be edited before a mail is sent; e.g., <span class="term"><remove_this_antispam>@</span> (makes the example address <span class="term">a<remove_this_antispam>@b.com</span>).<br /> +<br /> +  For regular links, one can choose to have a <span class="term">rel</span> attribute with <span class="term">nofollow</span> in its value (which tells some search engines to not follow a link). This can discourage link spammers. Additionally, or as an alternative, one can choose to empty the <span class="term">href</span> value altogether (disable the link).<br /> +<br /> +  For use of these options, <span class="term">$config["anti_link_spam"]</span> should be set as an array with values <span class="term">regex1</span> and <span class="term">regex2</span>, both or one of which can be empty (like <span class="term">array("", "regex2")</span>) to indicate that that option is not to be used. Otherwise, <span class="term">regex1</span> or <span class="term">regex2</span> should be PHP- and PCRE-compatible regular expression patterns: <span class="term">href</span> values will be matched against them and those matching the pattern will accordingly be treated.<br /> +<br /> +  Note that the regular expressions should have <em>delimiters</em>, and be well-formed and preferably fast. Absolute efficiency/accuracy is often not needed.<br /> +<br /> +  An example, to have a <span class="term">rel</span> attribute with <span class="term">nofollow</span> for all links, and to disable links that do not point to domains <span class="term">abc.com</span> and <span class="term">xyz.org</span>:<br /> +<br /> + +<code class="code">    $config["anti_link_spam"] = array('`.`', '`://\W*(?!(abc\.com|xyz\.org))`');</code> +<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.4.8" id="s3.4.8"></a><span class="item-no">3.4.8</span>  Inline style properties +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the <span class="term">style</span> attributes. (CSS properties like <span class="term">background-image</span> that accept URLs in their values are noted in <a href="#s5.3">section 5.3</a>.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting <span class="term">$config["css_expression"]</span> to <span class="term">1</span> (default setting).<br /> +<br /> +  <strong>Note</strong>: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the <span class="term">style</span> attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off (<span class="term">$config["schemes"] = "...style:*..."</span>, see <a href="#s3.4.3">section 3.4.3</a>, and <span class="term">$config["css_expression"] = 0</span>). Alternately, admins can use their own custom function for finer handling of <span class="term">style</span> values through the <span class="term">hook_tag</span> parameter (see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  It is also possible to have htmLawed let through any <span class="term">style</span> value by setting <span class="term">$config["style_pass"]</span> to <span class="term">1</span>.<br /> +<br /> +  As such, it is better to set up a CSS file with class declarations, disallow the <span class="term">style</span> attribute, set a <span class="term">$spec</span> rule (see <a href="#s2.3">section 2.3</a>) for <span class="term">class</span> for the <span class="term">oneof</span> or <span class="term">match</span> parameter, and ask writers to make use of the <span class="term">class</span> attribute.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.4.9" id="s3.4.9"></a><span class="item-no">3.4.9</span>  Hook function for tag content +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.).<br /> +<br /> +  When <span class="term">$config</span> parameter <span class="term">hook_tag</span> is set to the name of a function, htmLawed (function <span class="term">hl_tag()</span>) will pass on the element name, and the <em>finalized</em> attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like <span class="term"><element_name attribute_1_name="attribute_1_value"...></span> (for empty elements like <span class="term">img</span> and <span class="term">input</span>, the element-closing slash <span class="term">/</span> should also be included).<br /> +<br /> +  This is a <strong>powerful functionality</strong> that can be exploited for various objectives: consolidate-and-convert inline <span class="term">style</span> attributes to <span class="term">class</span>, convert <span class="term">embed</span> elements to <span class="term">object</span>, permit only one <span class="term">caption</span> element in a <span class="term">table</span> element, disallow embedding of certain types of media, <strong>inject HTML</strong>, use <a href="http://csstidy.sourceforge.net">CSSTidy</a> to sanitize <span class="term">style</span> attribute values, etc.<br /> +<br /> +  As an example, the custom hook code below can be used to force a series of specifically ordered <span class="term">id</span> attributes on all elements, and a specific <span class="term">param</span> element inside all <span class="term">object</span> elements:<br /> +<br /> + +<code class="code">    function my_tag_function($element, $attribute_array){</code> +<br /> + +<code class="code">      static $id = 0;</code> +<br /> + +<code class="code">      // Remove any duplicate element</code> +<br /> + +<code class="code">      if($element == 'param' && isset($attribute_array['allowscriptaccess'])){</code> +<br /> + +<code class="code">        return '';</code> +<br /> + +<code class="code">      }</code> +<br /> +<br /> + +<code class="code">      $new_element = '';</code> +<br /> +<br /> + +<code class="code">      // Force a serialized ID number</code> +<br /> + +<code class="code">      $attribute_array['id'] = 'my_'. $id;</code> +<br /> + +<code class="code">      ++$id;</code> +<br /> +<br /> + +<code class="code">      // Inject param for allowscriptaccess</code> +<br /> + +<code class="code">      if($element == 'object'){</code> +<br /> + +<code class="code">        $new_element = '<param id='my_'. $id; allowscriptaccess="never" />';</code> +<br /> + +<code class="code">        ++$id;</code> +<br /> + +<code class="code">      }</code> +<br /> +<br /> + +<code class="code">      $string = '';</code> +<br /> + +<code class="code">      foreach($attribute_array as $k=>$v){</code> +<br /> + +<code class="code">        $string .= " {$k}=\"{$v}\"";</code> +<br /> + +<code class="code">      }</code> +<br /> + +<code class="code">      return "<{$element}{$string}". (isset($in_array($element, $empty_elements) ? ' /' : ''). '>'. $new_element;</code> +<br /> + +<code class="code">    }</code> +<br /> +<br /> +  The <span class="term">hook_tag</span> parameter is different from the <span class="term">hook</span> parameter (<a href="#s3.7">section 3.7</a>).<br /> +<br /> +  Snippets of hook function code developed by others may be available on the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">htmLawed</a> website.<br /> + +</div> +</div> +<div class="sub-section"><h3> +<a name="s3.5" id="s3.5"></a><span class="item-no">3.5</span>  Simple configuration directive for most valid XHTML +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["valid_xhtml"]</span> is set to <span class="term">1</span>, some relevant <span class="term">$config</span> parameters (indicated by <span class="term">~</span> in <a href="#s2.2">section 2.2</a>) are auto-adjusted. This allows one to pass the <span class="term">$config</span> argument with a simpler value. If a value for a parameter auto-set through <span class="term">valid_xhtml</span> is still manually provided, then that value will over-ride the auto-set value.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.6" id="s3.6"></a><span class="item-no">3.6</span>  Simple configuration directive for most <em>safe</em> HTML +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  <em>Safe</em> HTML refers to HTML that is restricted to reduce the vulnerability for scripting attacks (such as XSS) based on HTML code which otherwise may still be legal and compliant with the HTML standard specs. When elements such as <span class="term">script</span> and <span class="term">object</span>, and attributes such as <span class="term">onmouseover</span> and <span class="term">style</span> are allowed in the input text, an input writer can introduce malevolent HTML code. Note that what is considered <span class="term">safe</span> depends on the nature of the web application and the trust-level accorded to its users.<br /> +<br /> +  htmLawed allows an admin to use <span class="term">$config["safe"]</span> to auto-adjust multiple <span class="term">$config</span> parameters (such as <span class="term">elements</span> which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by <span class="term">"</span> in <a href="#s2.2">section 2.2</a>). Thus, one can pass the <span class="term">$config</span> argument with a simpler value.<br /> +<br /> +  With the value of <span class="term">1</span>, htmLawed considers <span class="term">CDATA</span> sections and HTML comments as plain text, and prohibits the <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span> and <span class="term">script</span> elements, and the <span class="term">on*</span> attributes like <span class="term">onclick</span>. ( There are <span class="term">$config</span> parameters like <span class="term">css_expression</span> that are not affected by the value set for <span class="term">safe</span> but whose default values still contribute towards a more <em>safe</em> output.) Further, URLs with schemes (see <a href="#s3.4.3">section 3.4.3</a>) are neutralized so that, e.g., <span class="term">style="moz-binding:url(http://danger)"</span> becomes <span class="term">style="moz-binding:url(denied:http://danger)"</span> while <span class="term">style="moz-binding:url(ok)"</span> remains intact.<br /> +<br /> +  Admins, however, may still want to completely deny the <span class="term">style</span> attribute, e.g., with code like<br /> +<br /> + +<code class="code">    $processed = htmLawed($text, array('safe'=>1, 'deny_attribute'=>'style'));</code> +<br /> +<br /> +  If a value for a parameter auto-set through <span class="term">safe</span> is still manually provided, then that value can over-ride the auto-set value. E.g., with <span class="term">$config["safe"] = 1</span> and <span class="term">$config["elements"] = "*+script"</span>, <span class="term">script</span>, but not <span class="term">applet</span>, is allowed.<br /> +<br /> +  A page illustrating the efficacy of htmLawed's anti-XSS abilities with <span class="term">safe</span> set to <span class="term">1</span> against XSS vectors listed by <a href="http://ha.ckers.org/xss.html">RSnake</a> may be available <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm">here</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.7" id="s3.7"></a><span class="item-no">3.7</span>  Using a hook function +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  If <span class="term">$config["hook"]</span> is not set to <span class="term">0</span>, then htmLawed will allow preliminarily processed input to be altered by a hook function named by <span class="term">$config["hook"]</span> before starting the main work (but after handling of characters, entities, HTML comments and <span class="term">CDATA</span> sections -- see code for function <span class="term">htmLawed()</span>).<br /> +<br /> +  The hook function also allows one to alter the <em>finalized</em> values of <span class="term">$config</span> and <span class="term">$spec</span>.<br /> +<br /> +  Note that the <span class="term">hook</span> parameter is different from the <span class="term">hook_tag</span> parameter (<a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  Snippets of hook function code developed by others may be available on the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">htmLawed</a> website.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.8" id="s3.8"></a><span class="item-no">3.8</span>  Obtaining <em>finalized</em> parameter values +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed can assign the <em>finalized</em> <span class="term">$config</span> and <span class="term">$spec</span> values to a variable named by <span class="term">$config["show_setting"]</span>. The variable, made global by htmLawed, is set as an array with three keys: <span class="term">config</span>, with the <span class="term">$config</span> value, <span class="term">spec</span>, with the <span class="term">$spec</span> value, and <span class="term">time</span>, with a value that is the Unix time (the output of PHP's <span class="term">microtime()</span> function) when the value was assigned. Admins should use a PHP-compliant variable name (e.g., one that does not begin with a numerical digit) that does not conflict with variable names in their non-htmLawed code.<br /> +<br /> +  The values, which are also post-hook function (if any), can be used to auto-generate information (on, e.g., the elements that are permitted) for input writers.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s3.9" id="s3.9"></a><span class="item-no">3.9</span>  Retaining non-HTML tags in input with mixed markup +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  htmLawed does not remove certain characters that though invalid are nevertheless discouraged in HTML documents as per the specs (see <a href="#s5.1">section 5.1</a>). This can be utilized to deal with input that contains mixed markup. Input that may have HTML markup as well as some other markup that is based on the <span class="term"><</span>, <span class="term">></span> and <span class="term">&</span> characters is considered to have mixed markup. The non-HTML markup can be rather proprietary (like markup for emoticons/smileys), or standard (like MathML or SVG). Or it can be programming code meant for execution/evaluation (such as embedded PHP code).<br /> +<br /> +  To deal with such mixed markup, the input text can be pre-processed to hide the non-HTML markup by specifically replacing the <span class="term"><</span>, <span class="term">></span> and <span class="term">&</span> characters with some of the HTML-discouraged characters (see <a href="#s3.1.2">section 3.1.2</a>). Post-htmLawed processing, the replacements are reverted.<br /> +<br /> +  An example (mixed HTML and PHP code in input text):<br /> +<br /> + +<code class="code">    $text = preg_replace('`<\?php(.+?)\?>`sm', "\x83?php\\1?\x84", $text);</code> +<br /> + +<code class="code">    $processed = htmLawed($text);</code> +<br /> + +<code class="code">    $processed = preg_replace('`\x83\?php(.+?)\?\x84`sm', '<?php$1?>', $processed);</code> +<br /> +<br /> +  This code will not work if <span class="term">$config["clean_ms_char"]</span> is set to <span class="term">1</span> (<a href="#s3.1">section 3.1</a>), in which case one should instead deploy a hook function (<a href="#s3.7">section 3.7</a>). (htmLawed internally uses certain control characters, code-points <span class="term">1</span> to <span class="term">7</span>, and use of these characters as markers in the logic of hook functions may cause issues.)<br /> +<br /> +  Admins may also be able to use <span class="term">$config["and_mark"]</span> to deal with such mixed markup; see <a href="#s3.2">section 3.2</a>.<br /> + +</div> +</div> +<div class="section"><h2> +<a name="s4" id="s4"></a><span class="item-no">4</span>  Other +</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<div class="sub-section"><h3> +<a name="s4.1" id="s4.1"></a><span class="item-no">4.1</span>  Support +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  A careful re-reading of this documentation will very likely answer your questions.<br /> +<br /> +  Software updates and forum-based community-support may be found at <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a>. For general PHP issues (not htmLawed-specific), support may be found through internet searches and at <a href="http://php.net">http://php.net</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.2" id="s4.2"></a><span class="item-no">4.2</span>  Known issues +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  See <a href="#s2.8">section 2.8</a>.<br /> +<br /> +  Readers are advised to cross-check information given in this document.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.3" id="s4.3"></a><span class="item-no">4.3</span>  Change-log +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  (The release date for the downloadable package of files containing documentation, demo script, test-cases, etc., besides the <span class="term">htmLawed.php</span> file may be updated independently if the secondary files are revised.)<br /> +<br /> +  <em>Version number - Release date. Notes</em><br /> +<br /> +  1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice<br /> +<br /> +  1.1.8 - 23 April 2009. Parameter <span class="term">deny_attribute</span> now accepts the wild-card <span class="term">*</span>, making it simpler to specify its value when all but a few attributes are being denied; fixed a bug in interpreting <span class="term">$spec</span><br /> +<br /> +  1.1.7 - 11-12 March 2009. Attributes globally denied through <span class="term">deny_attribute</span> can be allowed element-specifically through <span class="term">$spec</span>; <span class="term">$config["style_pass"]</span> allowing letting through any <span class="term">style</span> value introduced; altered logic to catch certain types of dynamic crafted CSS expressions<br /> +<br /> +  1.1.3-6 - 28-31 January - 4 February 2009. Altered logic to catch certain types of dynamic crafted CSS expressions<br /> +<br /> +  1.1.2 - 22 January 2009. Fixed bug in parsing of <span class="term">font</span> attributes during tag transformation<br /> +<br /> +  1.1.1 - 27 September 2008. Better nesting correction when omitable closing tags are absent<br /> +<br /> +  1.1 - 29 June 2008. <span class="term">$config["hook_tag"]</span> and <span class="term">$config["format"]</span> introduced for custom tag/attribute check/modification/injection and output compaction/beautification; fixed a regex-in-$spec parsing bug<br /> +<br /> +  1.0.9 - 11 June 2008. Fixed bug in invalid HTML code-point entity check<br /> +<br /> +  1.0.8 - 15 May 2008. <span class="term">bordercolor</span> attribute for <span class="term">table</span>, <span class="term">td</span> and <span class="term">tr</span><br /> +<br /> +  1.0.7 - 1 May 2008. Support for <span class="term">wmode</span> attribute for <span class="term">embed</span>; <span class="term">$config["show_setting"]</span> introduced; improved <span class="term">$config["elements"]</span> evaluation<br /> +<br /> +  1.0.6 - 20 April 2008. <span class="term">$config["and_mark"]</span> introduced<br /> +<br /> +  1.0.5 - 12 March 2008. <span class="term">style</span> URL schemes essentially disallowed when $config <span class="term">safe</span> is on; improved regex for CSS expression search<br /> +<br /> +  1.0.4 - 10 March 2008. Improved corrections for <span class="term">blockquote</span>, <span class="term">form</span>, <span class="term">map</span> and <span class="term">noscript</span><br /> +<br /> +  1.0.3 - 3 March 2008. Character entities for soft-hyphens are now replaced with spaces (instead of being removed); a bug allowing <span class="term">td</span> directly inside <span class="term">table</span> fixed; <span class="term">safe</span> <span class="term">$config</span> parameter added<br /> +<br /> +  1.0.2 - 13 February 2008. Improved implementation of <span class="term">$config["keep_bad"]</span><br /> +<br /> +  1.0.1 - 7 November 2007. Improved regex for identifying URLs, protocols and dynamic expressions (<span class="term">hl_tag()</span> and <span class="term">hl_prot()</span>); no error display with <span class="term">hl_regex()</span><br /> +<br /> +  1.0 - 2 November 2007. First release<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.4" id="s4.4"></a><span class="item-no">4.4</span>  Testing +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  To test htmLawed using a form interface, a <a href="htmLawedTest.php">demo</a> web-page is provided with the htmLawed distribution (<span class="term">htmLawed.php</span> and <span class="term">htmLawedTest.php</span> should be in the same directory on the web-server). A file with <a href="htmLawed_TESTCASE.txt">test-cases</a> is also provided.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.5" id="s4.5"></a><span class="item-no">4.5</span>  Upgrade, & old versions +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Upgrading is as simple as replacing the previous version of <span class="term">htmLawed.php</span> (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content.<br /> +<br /> +  Old versions of htmLawed may be available online. E.g., for version 1.0, check <a href="http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip">http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip</a>, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.6" id="s4.6"></a><span class="item-no">4.6</span>  Comparison with <span class="term">HTMLPurifier</span> +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  The HTMLPurifier PHP library by Edward Yang is a very good HTML filtering script that uses object oriented PHP code. Compared to htmLawed, it:<br /> +<br /> +  *  does not support PHP versions older than 5.0 (HTMLPurifier dropped PHP 4 support after version 2)<br /> +<br /> +  *  is 15-20 times bigger (scores of files totalling more than 750 kb)<br /> +<br /> +  *  consumes 10-15 times more RAM memory (just including the HTMLPurifier files without calling the filter requires a few MBs of memory)<br /> +<br /> +  *  is expectedly slower<br /> +<br /> +  *  does not allow admins to fully allow all valid HTML (because of incomplete HTML support, it always considers elements like <span class="term">script</span> illegal)<br /> +<br /> +  *  lacks many of the extra features of htmLawed (like entity conversions and code compaction/beautification)<br /> +<br /> +  *  has poor documentation<br /> +<br /> +  However, HTMLPurifier has finer checks for character encodings and attribute values, and can log warnings and errors. Visit the HTMLPurifier <a href="http://htmlpurifier.org">website</a> for updated information.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.7" id="s4.7"></a><span class="item-no">4.7</span>  Use through application plug-ins/modules +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Plug-ins/modules to implement htmLawed in applications such as Drupal and DokuWiki may have been developed. Please check the application websites and the forum on the htmLawed <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">site</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.8" id="s4.8"></a><span class="item-no">4.8</span>  Use in non-PHP applications +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Non-PHP applications written in Python, Ruby, etc., may be able to use htmLawed through system calls to the PHP engine. Such code may have been documented on the internet. Also check the forum on the htmLawed <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">site</a>.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.9" id="s4.9"></a><span class="item-no">4.9</span>  Donate +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  A donation in any currency and amount to appreciate or support this software can be sent by <a href="http://paypal.com">PayPal</a> to this email address: drpatnaik at yahoo dot com.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s4.10" id="s4.10"></a><span class="item-no">4.10</span>  Acknowledgements +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.<br /> +<br /> +  Thank you!<br /> + +</div> +</div> +<div class="section"><h2> +<a name="s5" id="s5"></a><span class="item-no">5</span>  Appendices +</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<div class="sub-section"><h3> +<a name="s5.1" id="s5.1"></a><span class="item-no">5.1</span>  Characters discouraged in XHTML +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Characters represented by the following hexadecimal code-points are <em>not</em> invalid, even though some validators may issue messages stating otherwise.<br /> +<br /> +  <span class="term">7f</span> to <span class="term">84</span>, <span class="term">86</span> to <span class="term">9f</span>, <span class="term">fdd0</span> to <span class="term">fddf</span>, <span class="term">1fffe</span>, <span class="term">1ffff</span>, <span class="term">2fffe</span>, <span class="term">2ffff</span>, <span class="term">3fffe</span>, <span class="term">3ffff</span>, <span class="term">4fffe</span>, <span class="term">4ffff</span>, <span class="term">5fffe</span>, <span class="term">5ffff</span>, <span class="term">6fffe</span>, <span class="term">6ffff</span>, <span class="term">7fffe</span>, <span class="term">7ffff</span>, <span class="term">8fffe</span>, <span class="term">8ffff</span>, <span class="term">9fffe</span>, <span class="term">9ffff</span>, <span class="term">afffe</span>, <span class="term">affff</span>, <span class="term">bfffe</span>, <span class="term">bffff</span>, <span class="term">cfffe</span>, <span class="term">cffff</span>, <span class="term">dfffe</span>, <span class="term">dffff</span>, <span class="term">efffe</span>, <span class="term">effff</span>, <span class="term">ffffe</span>, <span class="term">fffff</span>, <span class="term">10fffe</span> and <span class="term">10ffff</span><br /> + +</div> +<div class="sub-section"><h3> +<a name="s5.2" id="s5.2"></a><span class="item-no">5.2</span>  Valid attribute-element combinations +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Valid attribute-element combinations as per W3C specs.<br /> +<br /> +  *  includes deprecated attributes (marked <span class="term">^</span>), attributes for the non-standard <span class="term">embed</span> element (marked <span class="term">*</span>), and the proprietary <span class="term">bordercolor</span> (marked <span class="term">~</span>)<br /> +  *  only non-frameset, HTML body elements<br /> +  *  <span class="term">name</span> for <span class="term">a</span> and <span class="term">map</span>, and <span class="term">lang</span> are invalid in XHTML 1.1<br /> +  *  <span class="term">target</span> is valid for <span class="term">a</span> in XHTML 1.1 and higher<br /> +  *  <span class="term">xml:space</span> is only for XHTML 1.1<br /> +<br /> +  abbr - td, th<br /> +  accept - form, input<br /> +  accept-charset - form<br /> +  accesskey - a, area, button, input, label, legend, textarea<br /> +  action - form<br /> +  align - caption^, embed, applet, iframe, img^, input^, object^, legend^, table^, hr^, div^, h1^, h2^, h3^, h4^, h5^, h6^, p^, col, colgroup, tbody, td, tfoot, th, thead, tr<br /> +  alt - applet, area, img, input<br /> +  archive - applet, object<br /> +  axis - td, th<br /> +  bgcolor - embed, table^, tr^, td^, th^<br /> +  border - table, img^, object^<br /> +  bordercolor~ - table, td, tr<br /> +  cellpadding - table<br /> +  cellspacing - table<br /> +  char - col, colgroup, tbody, td, tfoot, th, thead, tr<br /> +  charoff - col, colgroup, tbody, td, tfoot, th, thead, tr<br /> +  charset - a, script<br /> +  checked - input<br /> +  cite - blockquote, q, del, ins<br /> +  classid - object<br /> +  clear - br^<br /> +  code - applet<br /> +  codebase - object, applet<br /> +  codetype - object<br /> +  color - font<br /> +  cols - textarea<br /> +  colspan - td, th<br /> +  compact - dir, dl^, menu, ol^, ul^<br /> +  coords - area, a<br /> +  data - object<br /> +  datetime - del, ins<br /> +  declare - object<br /> +  defer - script<br /> +  dir - bdo<br /> +  disabled - button, input, optgroup, option, select, textarea<br /> +  enctype - form<br /> +  face - font<br /> +  for - label<br /> +  frame - table<br /> +  frameborder - iframe<br /> +  headers - td, th<br /> +  height - embed, iframe, td^, th^, img, object, applet<br /> +  href - a, area<br /> +  hreflang - a<br /> +  hspace - applet, img^, object^<br /> +  ismap - img, input<br /> +  label - option, optgroup<br /> +  language - script^<br /> +  longdesc - img, iframe<br /> +  marginheight - iframe<br /> +  marginwidth - iframe<br /> +  maxlength - input<br /> +  method - form<br /> +  model* - embed<br /> +  multiple - select<br /> +  name - button, embed, textarea, applet^, select, form^, iframe^, img^, a^, input, object, map^, param<br /> +  nohref - area<br /> +  noshade - hr^<br /> +  nowrap - td^, th^<br /> +  object - applet<br /> +  onblur - a, area, button, input, label, select, textarea<br /> +  onchange - input, select, textarea<br /> +  onfocus - a, area, button, input, label, select, textarea<br /> +  onreset - form<br /> +  onselect - input, textarea<br /> +  onsubmit - form<br /> +  pluginspage* - embed<br /> +  pluginurl* - embed<br /> +  prompt - isindex<br /> +  readonly - textarea, input<br /> +  rel - a<br /> +  rev - a<br /> +  rows - textarea<br /> +  rowspan - td, th<br /> +  rules - table<br /> +  scope - td, th<br /> +  scrolling - iframe<br /> +  selected - option<br /> +  shape - area, a<br /> +  size - hr^, font, input, select<br /> +  span - col, colgroup<br /> +  src - embed, script, input, iframe, img<br /> +  standby - object<br /> +  start - ol^<br /> +  summary - table<br /> +  tabindex - a, area, button, input, object, select, textarea<br /> +  target - a^, area, form<br /> +  type - a, embed, object, param, script, input, li^, ol^, ul^, button<br /> +  usemap - img, input, object<br /> +  valign - col, colgroup, tbody, td, tfoot, th, thead, tr<br /> +  value - input, option, param, button, li^<br /> +  valuetype - param<br /> +  vspace - applet, img^, object^<br /> +  width - embed, hr^, iframe, img, object, table, td^, th^, applet, col, colgroup, pre^<br /> +  wmode - embed<br /> +  xml:space - pre, script, style<br /> +<br /> +  These are allowed in all but the shown elements:<br /> +<br /> +  class - param, script<br /> +  dir - applet, bdo, br, iframe, param, script<br /> +  id - script<br /> +  lang - applet, br, iframe, param, script<br /> +  onclick - applet, bdo, br, font, iframe, isindex, param, script<br /> +  ondblclick - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onkeydown - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onkeypress - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onkeyup - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onmousedown - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onmousemove - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onmouseout - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onmouseover - applet, bdo, br, font, iframe, isindex, param, script<br /> +  onmouseup - applet, bdo, br, font, iframe, isindex, param, script<br /> +  style - param, script<br /> +  title - param, script<br /> +  xml:lang - applet, br, iframe, param, script<br /> + +</div> +<div class="sub-section"><h3> +<a name="s5.3" id="s5.3"></a><span class="item-no">5.3</span>  CSS 2.1 properties accepting URLs +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  background<br /> +  background-image<br /> +  content<br /> +  cue-after<br /> +  cue-before<br /> +  cursor<br /> +  list-style<br /> +  list-style-image<br /> +  play-during<br /> + +</div> +<div class="sub-section"><h3> +<a name="s5.4" id="s5.4"></a><span class="item-no">5.4</span>  Microsoft Windows 1252 character replacements +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Key: <span class="term">d</span> double, <span class="term">l</span> left, <span class="term">q</span> quote, <span class="term">r</span> right, <span class="term">s.</span> single<br /> +<br /> +  Code-point (decimal) - hexadecimal value - replacement entity - represented character<br /> +<br /> +  127 - 7f - (removed) - (not used)<br /> +  128 - 80 - &#8364; - euro<br /> +  129 - 81 - (removed) - (not used)<br /> +  130 - 82 - &#8218; - baseline s. q<br /> +  131 - 83 - &#402; - florin<br /> +  132 - 84 - &#8222; - baseline d q<br /> +  133 - 85 - &#8230; - ellipsis<br /> +  134 - 86 - &#8224; - dagger<br /> +  135 - 87 - &#8225; - d dagger<br /> +  136 - 88 - &#710; - circumflex accent<br /> +  137 - 89 - &#8240; - permile<br /> +  138 - 8a - &#352; - S Hacek<br /> +  139 - 8b - &#8249; - l s. guillemet<br /> +  140 - 8c - &#338; - OE ligature<br /> +  141 - 8d - (removed) - (not used)<br /> +  142 - 8e - &#381; - Z dieresis<br /> +  143 - 8f - (removed) - (not used)<br /> +  144 - 90 - (removed) - (not used)<br /> +  145 - 91 - &#8216; - l s. q<br /> +  146 - 92 - &#8217; - r s. q<br /> +  147 - 93 - &#8220; - l d q<br /> +  148 - 94 - &#8221; - r d q<br /> +  149 - 95 - &#8226; - bullet<br /> +  150 - 96 - &#8211; - en dash<br /> +  151 - 97 - &#8212; - em dash<br /> +  152 - 98 - &#732; - tilde accent<br /> +  153 - 99 - &#8482; - trademark<br /> +  154 - 9a - &#353; - s Hacek<br /> +  155 - 9b - &#8250; - r s. guillemet<br /> +  156 - 9c - &#339; - oe ligature<br /> +  157 - 9d - (removed) - (not used)<br /> +  158 - 9e - &#382; - z dieresis<br /> +  159 - 9f - &#376; - Y dieresis<br /> + +</div> +<div class="sub-section"><h3> +<a name="s5.5" id="s5.5"></a><span class="item-no">5.5</span>  URL format +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  An <em>absolute</em> URL has a <span class="term">protocol</span> or <span class="term">scheme</span>, a <span class="term">network location</span> or <span class="term">hostname</span>, and, optional <span class="term">path</span>, <span class="term">parameters</span>, <span class="term">query</span> and <span class="term">fragment</span> segments. Thus, an absolute URL has this generic structure:<br /> +<br /> + +<code class="code">    (scheme) : (//network location) /(path) ;(parameters) ?(query) #(fragment)</code> +<br /> +<br /> +  The schemes can only contain letters, digits, <span class="term">+</span>, <span class="term">.</span> and <span class="term">-</span>. Hostname is the portion after the <span class="term">//</span> and up to the first <span class="term">/</span> (if any; else, up to the end) when <span class="term">:</span> is followed by a <span class="term">//</span> (e.g., <span class="term">abc.com</span> in <span class="term">ftp://abc.com/def</span>); otherwise, it consists of everything after the <span class="term">:</span> (e.g., <span class="term">def@abc.com</span> in mailto:def@abc.com').<br /> +<br /> +  <em>Relative</em> URLs do not have explicit schemes and network locations; such values are inherited from a <em>base</em> URL.<br /> + +</div> +<div class="sub-section"><h3> +<a name="s5.6" id="s5.6"></a><span class="item-no">5.6</span>  Brief on htmLawed code +</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> +<br /> +  Much of the code's logic and reasoning can be understood from the documentation above.<br /> +<br /> +  The <strong>output</strong> of htmLawed is a text string containing the processed input. There is no custom error tracking.<br /> +<br /> +  <strong>Function arguments</strong> for htmLawed are:<br /> +<br /> +  *  <span class="term">$in</span> - 1st argument; a text string; the <strong>input text</strong> to be processed. Any extraneous slashes added by PHP when <em>magic quotes</em> are enabled should be removed beforehand using PHP's <span class="term">stripslashes()</span> function.<br /> +<br /> +  *  <span class="term">$config</span> - 2nd argument; an associative array; optional (named <span class="term">$C</span> in htmLawed code). The array has keys with names like <span class="term">balance</span> and <span class="term">keep_bad</span>, and the values, which can be boolean, string, or array, depending on the key, are read to accordingly set the <strong>configurable parameters</strong> (indicated by the keys). All configurable parameters receive some default value if the value to be used is not specified by the user through <span class="term">$config</span>. <em>Finalized</em> <span class="term">$config</span> is thus a filtered and possibly larger array.<br /> +<br /> +  *  <span class="term">$spec</span> - 3rd argument; a text string; optional. The string has rules, written in an htmLawed-designated format, <strong>specifying</strong> element-specific attribute and attribute value restrictions. Function <span class="term">hl_spec()</span> is used to convert the string to an associative-array for internal use. <em>Finalized</em> <span class="term">$spec</span> is thus an array.<br /> +<br /> +  <em>Finalized</em> <span class="term">$config</span> and <span class="term">$spec</span> are made <strong>global variables</strong> while htmLawed is at work. Values of any pre-existing global variables with same names are noted, and their values are restored after htmLawed finishes processing the input (to capture the <em>finalized</em> values, the <span class="term">show_settings</span> parameter of <span class="term">$config</span> should be used). Depending on <span class="term">$config</span>, another global variable <span class="term">hl_Ids</span>, to track <span class="term">id</span> attribute values for uniqueness, may be set. Unlike the other two variables, this one is not reset (or unset) post-processing.<br /> +<br /> +  Except for the main function <span class="term">htmLawed()</span> and the functions <span class="term">kses()</span> and <span class="term">kses_hook()</span>, htmLawed's functions are <strong>name-spaced</strong> using the <span class="term">hl_</span> prefix. The <strong>functions</strong> and their roles are:<br /> +<br /> +  *  <span class="term">hl_attrval</span> - checking attribute values against $spec<br /> +  *  <span class="term">hl_bal</span> - tag balancing<br /> +  *  <span class="term">hl_cmtcd</span> - handling CDATA sections and HTML comments<br /> +  *  <span class="term">hl_ent</span> - entity handling<br /> +  *  <span class="term">hl_prot</span> - checking a URL scheme/protocol<br /> +  *  <span class="term">hl_regex</span> - checking syntax of a regular expression<br /> +  *  <span class="term">hl_spec</span> - converting user-supplied $spec value to one used by htmLawed internally<br /> +  *  <span class="term">hl_tag</span> - handling tags<br /> +  *  <span class="term">hl_tag2</span> - transforming tags<br /> +  *  <span class="term">hl_tidy</span> - compact/beautify HTML<br /> +  *  <span class="term">hl_version</span> - reporting htmLawed version<br /> +  *  <span class="term">htmLawed</span> - main function<br /> +  *  <span class="term">kses</span> - main function of <span class="term">kses</span><br /> +  *  <span class="term">kses_hook</span> - hook function of <span class="term">kses</span><br /> +<br /> +  The last two are for compatibility with pre-existing code using the <span class="term">kses</span> script. htmLawed's <span class="term">kses()</span> basically passes on the filtering task to <span class="term">htmLawed()</span> function after deciphering <span class="term">$config</span> and <span class="term">$spec</span> from the argument values supplied to it. <span class="term">kses_hook()</span> is an empty function and is meant for being filled with custom code if the <span class="term">kses</span> script users were using one.<br /> +<br /> +  <span class="term">htmLawed()</span> finalizes <span class="term">$spec</span> (with the help of <span class="term">hl_spec()</span>) and <span class="term">$config</span>, and globalizes them. Finalization of <span class="term">$config</span> involves setting default values if an inappropriate or invalid one is supplied. This includes calling <span class="term">hl_regex()</span> to check well-formedness of regular expression patterns if such expressions are user-supplied through <span class="term">$config</span>. <span class="term">htmLawed()</span> then removes invalid characters like nulls and <span class="term">x01</span> and appropriately handles entities using <span class="term">hl_ent()</span>. HTML comments and CDATA sections are identified and treated as per <span class="term">$config</span> with the help of <span class="term">hl_cmtcd()</span>. When retained, the <span class="term"><</span> and <span class="term">></span> characters identifying them, and the <span class="term"><</span>, <span class="term">></span> and <span class="term">&</span> characters inside them, are replaced with control characters (code-points <span class="term">1</span> to <span class="term">5</span>) till any tag balancing is completed.<br /> +<br /> +  After this <em>initial processing</em> <span class="term">htmLawed()</span> identifies tags using regex and processes them with the help of <span class="term">hl_tag()</span> --  a large function that analyzes tag content, filtering it as per HTML standards, <span class="term">$config</span> and <span class="term">$spec</span>. Among other things, <span class="term">hl_tag()</span> transforms deprecated elements using <span class="term">hl_tag2()</span>, removes attributes from closing tags, checks attribute values as per <span class="term">$spec</span> rules using <span class="term">hl_attrval()</span>, and checks URL protocols using <span class="term">hl_prot()</span>. <span class="term">htmLawed()</span> performs tag balancing and nesting checks with a call to <span class="term">hl_bal()</span>, and optionally compacts/beautifies the output with proper white-spacing with a call to <span class="term">hl_tidy()</span>. The latter temporarily replaces white-space, and <span class="term"><</span>, <span class="term">></span> and <span class="term">&</span> characters inside <span class="term">pre</span>, <span class="term">script</span> and <span class="term">textarea</span> elements, and HTML comments and CDATA sections with control characters (code-points <span class="term">1</span> to <span class="term">5</span>, and <span class="term">7</span>).<br /> +<br /> +  htmLawed permits the use of custom code or <strong>hook functions</strong> at two stages. The first, called inside <span class="term">htmLawed()</span>, allows the input text as well as the finalized $config and $spec values to be altered right after the initial processing (see <a href="#s3.7">section 3.7</a>). The second is called by <span class="term">hl_tag()</span> once the tag content is finalized (see <a href="#s3.4.9">section 3.4.9</a>).<br /> +<br /> +  Being dictated by the external and stable HTML standard, htmLawed's objective is very clear-cut and less concerned with tweakability. The code is only minimally annotated with comments -- it is not meant to instruct; PHP developers familiar with the HTML specs will see the logic, and others can always refer to the htmLawed documentation. The compact structuring of the statements is meant to aid in quickly grasping the logic, at least when viewed with code syntax highlighted. +</div> +</div> +<br /> +<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 23 Apr, 2009 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span> +</div><!-- ended div body --> +</div><!-- ended div top --> +</body> +</html>
\ No newline at end of file diff --git a/extlib/htmLawed/htmLawed_README.txt b/extlib/htmLawed/htmLawed_README.txt new file mode 100644 index 000000000..3ce4b9ac1 --- /dev/null +++ b/extlib/htmLawed/htmLawed_README.txt @@ -0,0 +1,1600 @@ +/* +htmLawed_README.txt, 16 July 2009 +htmLawed 1.1.8.1, 16 July 2009 +Copyright Santosh Patnaik +GPL v3 license +A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed +*/ + + +== Content ========================================================== + + +1 About htmLawed + 1.1 Example uses + 1.2 Features + 1.3 History + 1.4 License & copyright + 1.5 Terms used here +2 Usage + 2.1 Simple + 2.2 Configuring htmLawed using the '$config' parameter + 2.3 Extra HTML specifications using the '$spec' parameter + 2.4 Performance time & memory usage + 2.5 Some security risks to keep in mind + 2.6 Use without modifying old 'kses()' code + 2.7 Tolerance for ill-written HTML + 2.8 Limitations & work-arounds + 2.9 Examples +3 Details + 3.1 Invalid/dangerous characters + 3.2 Character references/entities + 3.3 HTML elements + 3.3.1 HTML comments and 'CDATA' sections + 3.3.2 Tag-transformation for better XHTML-Strict + 3.3.3 Tag balancing and proper nesting + 3.3.4 Elements requiring child elements + 3.3.5 Beautify or compact HTML + 3.4 Attributes + 3.4.1 Auto-addition of XHTML-required attributes + 3.4.2 Duplicate/invalid 'id' values + 3.4.3 URL schemes (protocols) and scripts in attribute values + 3.4.4 Absolute & relative URLs + 3.4.5 Lower-cased, standard attribute values + 3.4.6 Transformation of deprecated attributes + 3.4.7 Anti-spam & 'href' + 3.4.8 Inline style properties + 3.4.9 Hook function for tag content + 3.5 Simple configuration directive for most valid XHTML + 3.6 Simple configuration directive for most `safe` HTML + 3.7 Using a hook function + 3.8 Obtaining `finalized` parameter values + 3.9 Retaining non-HTML tags in input with mixed markup +4 Other + 4.1 Support + 4.2 Known issues + 4.3 Change-log + 4.4 Testing + 4.5 Upgrade, & old versions + 4.6 Comparison with 'HTMLPurifier' + 4.7 Use through application plug-ins/modules + 4.8 Use in non-PHP applications + 4.9 Donate + 4.10 Acknowledgements +5 Appendices + 5.1 Characters discouraged in HTML + 5.2 Valid attribute-element combinations + 5.3 CSS 2.1 properties accepting URLs + 5.4 Microsoft Windows 1252 character replacements + 5.5 URL format + 5.6 Brief on htmLawed code + + +== 1 About htmLawed ================================================ + + + htmLawed is a highly customizable single-file PHP script to make text secure, and standard- and admin policy-compliant for use in the body of HTML 4, XHTML 1 or 1.1, or generic XML documents. It is thus a configurable input (X)HTML filter, processor, purifier, sanitizer, beautifier, etc., and an alternative to the HTMLTidy:- http://tidy.sourceforge.net application. + + The `lawing in` of input text is needed to ensure that HTML code in the text is standard-compliant, does not introduce security vulnerabilities, and does not break the aesthetics, design or layout of web-pages. htmLawed tries to do this by, for example, making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting ('XSS') attacks, and allowing only specified HTML elements/tags and attributes. + + +-- 1.1 Example uses ------------------------------------------------ + + + * Filtering of text submitted as comments on blogs to allow only certain HTML elements + + * Making RSS/Atom newsfeed item-content standard-compliant: often one uses an excerpt from an HTML document for the content, and with unbalanced tags, non-numerical entities, etc., such excerpts may not be XML-compliant + + * Text processing for stricter XML standard-compliance: e.g., to have lowercased 'x' in hexadecimal numeric entities becomes necessary if an XHTML document with MathML content needs to be served as 'application/xml' + + * Scraping text or data from web-pages + + * Pretty-printing HTML code + + +-- 1.2 Features ---------------------------------------------------o + + + Key: '*' security feature, '^' standard compliance, '~' requires setting right options, '`' different from 'Kses' + + * make input more *secure* and *standard-compliant* + * use for HTML 4, XHTML 1.0 or 1.1, or even generic *XML* documents ^~` + + * *beautify* or *compact* HTML ^~` + + * *restrict elements* ^~` + * proper closure of empty elements like 'img' ^` + * *transform deprecated elements* like 'u' ^~` + * HTML *comments* and 'CDATA' sections can be permitted ^~` + * elements like 'script', 'object' and 'form' can be permitted ~ + + * *restrict attributes*, including *element-specifically* ^~` + * remove *invalid attributes* ^` + * element and attribute names are *lower-cased* ^ + * provide *required attributes*, like 'alt' for 'image' ^` + * *transform deprecated attributes* ^~` + * attributes *declared only once* ^` + + * *restrict attribute values*, including *element-specifically* ^~` + * a value is declared for `empty` (`minimized`) attributes like 'checked' ^ + * check for potentially dangerous attribute values *~ + * ensure *unique* 'id' attribute values ^~` + * *double-quote* attribute values ^ + * lower-case *standard attribute values* like 'password' ^` + + * *attribute-specific URL protocol/scheme restriction* *~` + * disable *dynamic expressions* in 'style' values *~` + + * neutralize invalid named character entities ^` + * *convert* hexadecimal numeric entities to decimal ones, or vice versa ^~` + * convert named entities to numeric ones for generic XML use ^~` + + * remove *null* characters * + * neutralize potentially dangerous proprietary Netscape *Javascript entities* * + * replace potentially dangerous *soft-hyphen* character in attribute values with spaces * + + * remove common *invalid characters* not allowed in HTML or XML ^` + * replace *characters from Microsoft applications* like 'Word' that are discouraged in HTML or XML ^~` + * neutralize entities for characters invalid or discouraged in HTML or XML ^` + * appropriately neutralize '<', '&', '"', and '>' characters ^*` + + * understands improperly spaced tag content (like, spread over more than a line) and properly spaces them ` + * attempts to *balance tags* for well-formedness ^~` + * understands when *omitable closing tags* like '</p>' (allowed in HTML 4, transitional, e.g.) are missing ^~` + * attempts to permit only *validly nested tags* ^~` + * option to *remove or neutralize bad content* ^~` + * attempts to *rectify common errors of plain-text misplacement* (e.g., directly inside 'blockquote') ^~` + + * fast, *non-OOP* code of ~45 kb incurring peak basal memory usage of ~0.5 MB + * *compatible* with pre-existing code using 'Kses' (the filter used by 'WordPress') + + * optional *anti-spam* measures such as addition of 'rel="nofollow"' and link-disabling ~` + * optionally makes *relative URLs absolute*, and vice versa ~` + + * optionally mark '&' to identify the entities for '&', '<' and '>' introduced by htmLawed ~` + + * allows deployment of powerful *hook functions* to *inject* HTML, *consolidate* 'style' attributes to 'class', finely check attribute values, etc. ~` + + * *independent of character encoding* of input and does not affect it + + * *tolerance for ill-written HTML* to a certain degree + + +-- 1.3 History ----------------------------------------------------o + + + htmLawed was developed for use with 'LabWiki', a wiki software developed at PHP Labware, as a suitable software could not be found. Existing PHP software like 'Kses' and 'HTMLPurifier' were deemed inadequate, slow, resource-intensive, or dependent on external applications like 'HTML Tidy'. + + htmLawed started as a modification of Ulf Harnhammar's 'Kses' (version 0.2.2) software, and is compatible with code that uses 'Kses'; see section:- #2.6. + + +-- 1.4 License & copyright ----------------------------------------o + + + htmLawed is free and open-source software licensed under GPL license version 3:- http://www.gnu.org/licenses/gpl-3.0.txt, and copyrighted by Santosh Patnaik, MD, PhD. + + +-- 1.5 Terms used here --------------------------------------------o + + + * `administrator` - or admin; person setting up the code to pass input through htmLawed; also, `user` + * `attributes` - name-value pairs like 'href="http://x.com"' in opening tags + * `author` - `writer` + * `character` - atomic unit of text; internally represented by a numeric `code-point` as specified by the `encoding` or `charset` in use + * `entity` - markup like '>' and ' ' used to refer to a character + * `element` - HTML element like 'a' and 'img' + * `element content` - content between the opening and closing tags of an element, like 'click' of '<a href="x">click</a>' + * `HTML` - implies XHTML unless specified otherwise + * `input` - text string given to htmLawed to process + * `processing` - involves filtering, correction, etc., of input + * `safe` - absence or reduction of certain characters and HTML elements and attributes in the input that can otherwise potentially and circumstantially expose web-site users to security vulnerabilities like cross-site scripting attacks (XSS) + * `scheme` - URL protocol like 'http' and 'ftp' + * `specs` - standard specifications + * `style property` - terms like 'border' and 'height' for which declarations are made in values for the 'style' attribute of elements + * `tag` - markers like '<a href="x">' and '</a>' delineating element content; the opening tag can contain attributes + * `tag content` - consists of tag markers '<' and '>', element names like 'div', and possibly attributes + * `user` - administrator + * `writer` - end-user like a blog commenter providing the input that is to be processed; also, `author` + + +== 2 Usage ========================================================oo + + + htmLawed should work with PHP 4.3 and higher. Either 'include()' the 'htmLawed.php' file or copy-paste the entire code. + + To easily *test* htmLawed using a form-based interface, use the provided demo:- htmLawedTest.php ('htmLawed.php' and 'htmLawedTest.php' should be in the same directory on the web-server). + + +-- 2.1 Simple ------------------------------------------------------ + + + The input text to be processed, '$text', is passed as an argument of type string; 'htmLawed()' returns the processed string: + + $processed = htmLawed($text); + + *Note*: If input is from a '$_GET' or '$_POST' value, and 'magic quotes' are enabled on the PHP setup, run 'stripslashes()' on the input before passing to htmLawed. + + By default, htmLawed will process the text allowing all valid HTML elements/tags, secure URL scheme/CSS style properties, etc. It will allow 'CDATA' sections and HTML comments, balance tags, and ensure proper nesting of elements. Such actions can be configured using two other optional arguments -- '$config' and '$spec': + + $processed = htmLawed($text, $config, $spec); + + These extra parameters are detailed below. Some examples are shown in section:- #2.9. + + *Note*: For maximum protection against 'XSS' and other scripting attacks (e.g., by disallowing Javascript code), consider using the 'safe' parameter; see section:- #3.6. + + +-- 2.2 Configuring htmLawed using the '$config' parameter ---------o + + + '$config' instructs htmLawed on how to tackle certain tasks. When '$config' is not specified, or not set as an array (e.g., '$config = 1'), htmLawed will take default actions. One or many of the task-action or value-specification pairs can be specified in '$config' as array key-value pairs. If a parameter is not specified, htmLawed will use the default value/action indicated further below. + + $config = array('comment'=>0, 'cdata'=>1); + $processed = htmLawed($text, $config); + + Or, + + $processed = htmLawed($text, array('comment'=>0, 'cdata'=>1)); + + Below are the possible value-specification combinations. In PHP code, values that are integers should not be quoted and should be used as numeric types (unless meant as string/text). + + Key: '*' default, '^' different default when htmLawed is used in the Kses-compatible mode (see section:- #2.6), '~' different default when 'valid_xhtml' is set to '1' (see section:- #3.5), '"' different default when 'safe' is set to '1' (see section:- #3.6) + + *abs_url* + Make URLs absolute or relative; '$config["base_url"]' needs to be set; see section:- #3.4.4 + + '-1' - make relative + '0' - no action * + '1' - make absolute + + *and_mark* + Mark '&' characters in the original input; see section:- #3.2 + + *anti_link_spam* + Anti-link-spam measure; see section:- #3.4.7 + + '0' - no measure taken * + 'array("regex1", "regex2")' - will ensure a 'rel' attribute with 'nofollow' in its value in case the 'href' attribute value matches the regular expression pattern 'regex1', and/or will remove 'href' if its value matches the regular expression pattern 'regex2'. E.g., 'array("/./", "/://\W*(?!(abc\.com|xyz\.org))/")'; see section:- #3.4.7 for more. + + *anti_mail_spam* + Anti-mail-spam measure; see section:- #3.4.7 + + '0' - no measure taken * + 'word' - '@' in mail address in 'href' attribute value is replaced with specified 'word' + + *balance* + Balance tags for well-formedness and proper nesting; see section:- #3.3.3 + + '0' - no + '1' - yes * + + *base_url* + Base URL value that needs to be set if '$config["abs_url"]' is not '0'; see section:- #3.4.4 + + *cdata* + Handling of 'CDATA' sections; see section:- #3.3.1 + + '0' - don't consider 'CDATA' sections as markup and proceed as if plain text ^" + '1' - remove + '2' - allow, but neutralize any '<', '>', and '&' inside by converting them to named entities + '3' - allow * + + *clean_ms_char* + Replace discouraged characters introduced by Microsoft Word, etc.; see section:- #3.1 + + '0' - no * + '1' - yes + '2' - yes, but replace special single & double quotes with ordinary ones + + *comment* + Handling of HTML comments; see section:- #3.3.1 + + '0' - don't consider comments as markup and proceed as if plain text ^" + '1' - remove + '2' - allow, but neutralize any '<', '>', and '&' inside by converting to named entities + '3' - allow * + + *css_expression* + Allow dynamic CSS expression by not removing the expression from CSS property values in 'style' attributes; see section:- #3.4.8 + + '0' - remove * + '1' - allow + + *deny_attribute* + Denied HTML attributes; see section:- #3.4 + + '0' - none * + 'string' - dictated by values in 'string' + 'on*' (like 'onfocus') attributes not allowed - " + + *elements* + Allowed HTML elements; see section:- #3.3 + + '* -center -dir -font -isindex -menu -s -strike -u' - ~ + 'applet, embed, iframe, object, script' not allowed - " + + *hexdec_entity* + Allow hexadecimal numeric entities and do not convert to the more widely accepted decimal ones, or convert decimal to hexadecimal ones; see section:- #3.2 + + '0' - no + '1' - yes * + '2' - convert decimal to hexadecimal ones + + *hook* + Name of an optional hook function to alter the input string, '$config' or '$spec' before htmLawed starts its main work; see section:- #3.7 + + '0' - no hook function * + 'name' - 'name' is name of the hook function ('kses_hook' ^) + + *hook_tag* + Name of an optional hook function to alter tag content finalized by htmLawed; see section:- #3.4.9 + + '0' - no hook function * + 'name' - 'name' is name of the hook function + + *keep_bad* + Neutralize bad tags by converting '<' and '>' to entities, or remove them; see section:- #3.3.3 + + '0' - remove ^ + '1' - neutralize both tags and element content + '2' - remove tags but neutralize element content + '3' and '4' - like '1' and '2' but remove if text ('pcdata') is invalid in parent element + '5' and '6' * - like '3' and '4' but line-breaks, tabs and spaces are left + + *lc_std_val* + For XHTML compliance, predefined, standard attribute values, like 'get' for the 'method' attribute of 'form', must be lowercased; see section:- #3.4.5 + + '0' - no + '1' - yes * + + *make_tag_strict* + Transform/remove these non-strict XHTML elements, even if they are allowed by the admin: 'applet' 'center' 'dir' 'embed' 'font' 'isindex' 'menu' 's' 'strike' 'u'; see section:- #3.3.2 + + '0' - no ^ + '1' - yes, but leave 'applet', 'embed' and 'isindex' elements that currently can't be transformed * + '2' - yes, removing 'applet', 'embed' and 'isindex' elements and their contents (nested elements remain) ~ + + *named_entity* + Allow non-universal named HTML entities, or convert to numeric ones; see section:- #3.2 + + '0' - convert + '1' - allow * + + *no_deprecated_attr* + Allow deprecated attributes or transform them; see section:- #3.4.6 + + '0' - allow ^ + '1' - transform, but 'name' attributes for 'a' and 'map' are retained * + '2' - transform + + *parent* + Name of the parent element, possibly imagined, that will hold the input; see section:- #3.3 + + *safe* + Magic parameter to make input the most secure against XSS without needing to specify other relevant '$config' parameters; see section:- #3.6 + + '0' - no * + '1' - will auto-adjust other relevant '$config' parameters (indicated by '"' in this list) + + *schemes* + Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; '*' covers all unspecified attributes; see section:- #3.4.3 + + 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https' * + '*: ftp, gopher, http, https, mailto, news, nntp, telnet' ^ + 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' " + + *show_setting* + Name of a PHP variable to assign the `finalized` '$config' and '$spec' values; see section:- #3.8 + + *style_pass* + Do not look at 'style' attribute values, letting them through without any alteration + + '0' - no * + '1' - htmLawed will let through any 'style' value; see section:- #3.4.8 + + *tidy* + Beautify or compact HTML code; see section:- #3.3.5 + + '-1' - compact + '0' - no * + '1' or 'string' - beautify (custom format specified by 'string') + + *unique_ids* + 'id' attribute value checks; see section:- #3.4.2 + + '0' - no ^ + '1' - remove duplicate and/or invalid ones * + 'word' - remove invalid ones and replace duplicate ones with new and unique ones based on the 'word'; the admin-specified 'word', like 'my_', should begin with a letter (a-z) and can contain letters, digits, '.', '_', '-', and ':'. + + *valid_xhtml* + Magic parameter to make input the most valid XHTML without needing to specify other relevant '$config' parameters; see section:- #3.5 + + '0' - no * + '1' - will auto-adjust other relevant '$config' parameters (indicated by '~' in this list) + + *xml:lang* + Auto-adding 'xml:lang' attribute; see section:- #3.4.1 + + '0' - no * + '1' - add if 'lang' attribute is present + '2' - add if 'lang' attribute is present, and remove 'lang' ~ + + +-- 2.3 Extra HTML specifications using the $spec parameter --------o + + + The '$spec' argument can be used to disallow an otherwise legal attribute for an element, or to restrict the attribute's values. This can also be helpful as a security measure (e.g., in certain versions of browsers, certain values can cause buffer overflows and denial of service attacks), or in enforcing admin policy compliance. '$spec' is specified as a string of text containing one or more `rules`, with multiple rules separated from each other by a semi-colon (';'). E.g., + + $spec = 'i=-*; td, tr=style, id, -*; a=id(match="/[a-z][a-z\d.:\-`"]*/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt'; + $processed = htmLawed($text, $config, $spec); + + Or, + + $processed = htmLawed($text, $config, 'i=-*; td, tr=style, id, -*; a=id(match="/[a-z][a-z\d.:\-`"]*/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt'); + + A rule begins with an HTML *element* name(s) (`rule-element`), for which the rule applies, followed by an equal ('=') sign. A rule-element may represent multiple elements if comma (,)-separated element names are used. E.g., 'th,td,tr='. + + Rest of the rule consists of comma-separated HTML *attribute names*. A minus ('-') character before an attribute means that the attribute is not permitted inside the rule-element. E.g., '-width'. To deny all attributes, '-*' can be used. + + Following shows examples of rule excerpts with rule-element 'a' and the attributes that are being permitted: + + * 'a=' - all + * 'a=id' - all + * 'a=href, title, -id, -onclick' - all except 'id' and 'onclick' + * 'a=*, id, -id' - all except 'id' + * 'a=-*' - none + * 'a=-*, href, title' - none except 'href' and 'title' + * 'a=-*, -id, href, title' - none except 'href' and 'title' + + Rules regarding *attribute values* are optionally specified inside round brackets after attribute names in slash ('/')-separated `parameter = value` pairs. E.g., 'title(maxlen=30/minlen=5)'. None, or one or more of the following parameters may be specified: + + * 'oneof' - one or more choices separated by '|' that the value should match; if only one choice is provided, then the value must match that choice + + * 'noneof' - one or more choices separated by '|' that the value should not match + + * 'maxlen' and 'minlen' - upper and lower limits for the number of characters in the attribute value; specified in numbers + + * 'maxval' and 'minval' - upper and lower limits for the numerical value specified in the attribute value; specified in numbers + + * 'match' and 'nomatch' - pattern that the attribute value should or should not match; specified as PHP/PCRE-compatible regular expressions with delimiters and possibly modifiers + + * 'default' - a value to force on the attribute if the value provided by the writer does not fit any of the specified parameters + + If 'default' is not set and the attribute value does not satisfy any of the specified parameters, then the attribute is removed. The 'default' value can also be used to force all attribute declarations to take the same value (by getting the values declared illegal by setting, e.g., 'maxlen' to '-1'). + + Examples with `input` '<input title="WIDTH" value="10em" /><input title="length" value="5" />' are shown below. + + `Rule`: 'input=title(maxlen=60/minlen=6), value' + `Output`: '<input value="10em" /><input title="length" value="5" />' + + `Rule`: 'input=title(), value(maxval=8/default=6)' + `Output`: '<input title="WIDTH" value="6" /><input title="length" value="5" />' + + `Rule`: 'input=title(nomatch=$w.d$i), value(match=$em$/default=6em)' + `Output`: '<input value="10em" /><input title="length" value="6em" />' + + `Rule`: 'input=title(oneof=height|depth/default=depth), value(noneof=5|6)' + `Output`: '<input title="depth" value="10em" /><input title="depth" />' + + *Special characters*: The characters ';', ',', '/', '(', ')', '|', '~' and space have special meanings in the rules. Words in the rules that use such characters, or the characters themselves, should be `escaped` by enclosing in pairs of double-quotes ('"'). A back-tick ('`') can be used to escape a literal '"'. An example rule illustrating this is 'input=value(maxlen=30/match="/^\w/"/default="your `"ID`"")'. + + *Note*: To deny an attribute for all elements for which it is legal, '$config["deny_attribute"]' (see section:- #3.4) can be used instead of '$spec'. Also, attributes can be allowed element-specifically through '$spec' while being denied globally through '$config["deny_attribute"]'. The 'hook_tag' parameter (section:- #3.4.9) can also be used to implement the '$spec' functionality. + + +-- 2.4 Performance time & memory usage ----------------------------o + + + The time and memory used by htmLawed depends on its configuration and the size of the input, and the amount, nestedness and well-formedness of the HTML markup within it. In particular, tag balancing and beautification each can increase the processing time by about a quarter. + + The htmLawed demo:- htmLawedTest.php can be used to evaluate the performance and effects of different types of input and '$config'. + + +-- 2.5 Some security risks to keep in mind ------------------------o + + + When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially `dangerous` HTML code. (This may not be a problem if the authors are trusted.) + + For example, following increase security risks: + + * Allowing 'script', 'applet', 'embed', 'iframe' or 'object' elements, or certain of their attributes like 'allowscriptaccess' + + * Allowing HTML comments (some Internet Explorer versions are vulnerable with, e.g., '<!--[if gte IE 4]><script>alert("xss");</script><![endif]-->' + + * Allowing dynamic CSS expressions (a feature of the IE browser) + + `Unsafe` HTML can be removed by setting '$config' appropriately. E.g., '$config["elements"] = "* -script"' (section:- #3.3), '$config["safe"] = 1' (section:- #3.6), etc. + + +-- 2.6 Use without modifying old 'kses()' code --------------------o + + + The 'Kses' PHP script is used by many applications (like 'WordPress'). It is possible to have such applications use htmLawed instead, since it is compatible with code that calls the 'kses()' function declared in the 'Kses' file (usually named 'kses.php'). E.g., application code like this will continue to work after replacing 'Kses' with htmLawed: + + $comment_filtered = kses($comment_input, array('a'=>array(), 'b'=>array(), 'i'=>array())); + + For some of the '$config' parameters, htmLawed will use values other than the default ones. These are indicated by '^' in section:- #2.2. To force htmLawed to use other values, function 'kses()' in the htmLawed code should be edited -- a few configurable parameters/variables need to be changed. + + If the application uses a 'Kses' file that has the 'kses()' function declared, then, to have the application use htmLawed instead of 'Kses', simply rename 'htmLawed.php' (to 'kses.php', e.g.) and replace the 'Kses' file (or just replace the code in the 'Kses' file with the htmLawed code). If the 'kses()' function in the 'Kses' file had been renamed by the application developer (e.g., in 'WordPress', it is named 'wp_kses()'), then appropriately rename the 'kses()' function in the htmLawed code. + + If the 'Kses' file used by the application has been highly altered by the application developers, then one may need a different approach. E.g., with 'WordPress', it is best to copy the htmLawed code to 'wp_includes/kses.php', rename the newly added function 'kses()' to 'wp_kses()', and delete the code for the original 'wp_kses()' function. + + If the 'Kses' code has a non-empty hook function (e.g., 'wp_kses_hook()' in case of 'WordPress'), then the code for htmLawed's 'kses_hook()' function should be appropriately edited. However, the requirement of the hook function should be re-evaluated considering that htmLawed has extra capabilities. With 'WordPress', the hook function is an essential one. The following code is suggested for the htmLawed 'kses_hook()' in case of 'WordPress': + + function kses_hook($string, &$cf, &$spec){ + // kses compatibility + $allowed_html = $spec; + $allowed_protocols = array(); + foreach($cf['schemes'] as $v){ + foreach($v as $k2=>$v2){ + if(!in_array($k2, $allowed_protocols)){ + $allowed_protocols[] = $k2; + } + } + } + return wp_kses_hook($string, $allowed_html, $allowed_protocols); + // eof + } + + +-- 2.7 Tolerance for ill-written HTML -----------------------------o + + + htmLawed can work with ill-written HTML code in the input. However, HTML that is too ill-written may not be `read` as HTML, and be considered mere plain text instead. Following statements indicate the degree of `looseness` that htmLawed can work with, and can be provided in instructions to writers: + + * Tags must be flanked by '<' and '>' with no '>' inside -- any needed '>' should be put in as '>'. It is possible for tag content (element name and attributes) to be spread over many lines instead of being on one. A space may be present between the tag content and '>', like '<div >' and '<img / >', but not after the '<'. + + * Element and attribute names need not be lower-cased. + + * Attribute string of elements may be liberally spaced with tabs, line-breaks, etc. + + * Attribute values may not be double-quoted, or may be single-quoted. + + * Left-padding of numeric entities (like, ' ', '&x07ff;') with '0' is okay as long as the number of characters between between the '&' and the ';' does not exceed 8. All entities must end with ';' though. + + * Named character entities must be properly cased. E.g., '≪' or '&TILDE;' will not be let through without modification. + + * HTML comments should not be inside element tags (okay between tags), and should begin with '<!--' and end with '-->'. Characters like '<', '>', and '&' may be allowed inside depending on '$config', but any '-->' inside should be put in as '-->'. Any '--' inside will be automatically converted to '-', and a space will be added before the comment delimiter '-->'. + + * 'CDATA' sections should not be inside element tags, and can be in element content only if plain text is allowed for that element. They should begin with '<[CDATA[' and end with ']]>'. Characters like '<', '>', and '&' may be allowed inside depending on '$config', but any ']]>' inside should be put in as ']]>'. + + * For attribute values, character entities '<', '>' and '&' should be used instead of characters '<' and '>', and '&' (when '&' is not part of a character entity). This applies even for Javascript code in values of attributes like 'onclick'. + + * Characters '<', '>', '&' and '"' that are part of actual Javascript, etc., code in 'script' elements should be used as such and not be put in as entities like '>'. Otherwise, though the HTML will be valid, the code may fail to work. Further, if such characters have to be used, then they should be put inside 'CDATA' sections. + + * Simple instructions like "an opening tag cannot be present between two closing tags" and "nested elements should be closed in the reverse order of how they were opened" can help authors write balanced HTML. If tags are imbalanced, htmLawed will try to balance them, but in the process, depending on '$config["keep_bad"]', some code/text may be lost. + + * Input authors should be notified of admin-specified allowed elements, attributes, configuration values (like conversion of named entities to numeric ones), etc. + + * With '$config["unique_ids"]' not '0' and the 'id' attribute being permitted, writers should carefully avoid using duplicate or invalid 'id' values as even though htmLawed will correct/remove the values, the final output may not be the one desired. E.g., when '<a id="home"></a><input id="home" /><label for="home"></label>' is processed into +'<a id="home"></a><input id="prefix_home" /><label for="home"></label>'. + + * Note that even if intended HTML is lost in a highly ill-written input, the processed output will be more secure and standard-compliant. + + * For URLs, unless '$config["scheme"]' is appropriately set, writers should avoid using escape characters or entities in schemes. E.g., 'http' (which many browsers will read as the harmless 'http') may be considered bad by htmLawed. + + * htmLawed will attempt to put plain text present directly inside 'blockquote', 'form', 'map' and 'noscript' elements (illegal as per the specs) inside auto-generated 'div' elements. + + +-- 2.8 Limitations & work-arounds ---------------------------------o + + + htmLawed's main objective is to make the input text `more` standard-compliant, secure for web-page readers, and free of HTML elements and attributes considered undesirable by the administrator. Some of its current limitations, regardless of this objective, are noted below along with work-arounds. + + It should be borne in mind that no browser application is 100% standard-compliant, and that some of the standard specs (like asking for normalization of white-spacing within 'textarea' elements) are clearly wrong. Regarding security, note that `unsafe` HTML code is not necessarily legally invalid. + + * htmLawed is meant for input that goes into the 'body' of HTML documents. HTML's head-level elements are not supported, nor are the frameset elements 'frameset', 'frame' and 'noframes'. + + * It cannot transform the non-standard 'embed' elements to the standard-compliant 'object' elements. Yet, it can allow 'embed' elements if permitted ('embed' is widely used and supported). Admins can certainly use the 'hook_tag' parameter (section:- #3.4.9) to deploy a custom embed-to-object converter function. + + * The only non-standard element that may be permitted is 'embed'; others like 'noembed' and 'nobr' cannot be permitted without modifying the htmLawed code. + + * It cannot handle input that has non-HTML code like 'SVG' and 'MathML'. One way around is to break the input into pieces and passing only those without non-HTML code to htmLawed. Another is described in section:- #3.9. A third way may be to some how take advantage of the '$config["and_mark"]' parameter (see section:- #3.2). + + * By default, htmLawed won't check many attribute values for standard compliance. E.g., 'width="20m"' with the dimension in non-standard 'm' is let through. Implementing universal and strict attribute value checks can make htmLawed slow and resource-intensive. Admins should look at the 'hook_tag' parameter (section:- #3.4.9) or '$spec' to enforce finer checks. + + * The attributes, deprecated (which can be transformed too) or not, that it supports are largely those that are in the specs. Only a few of the proprietary attributes are supported. + + * Except for contained URLs and dynamic expressions (also optional), htmLawed does not check CSS style property values. Admins should look at using the 'hook_tag' parameter (section:- #3.4.9) or '$spec' for finer checks. Perhaps the best option is to disallow 'style' but allow 'class' attributes with the right 'oneof' or 'match' values for 'class', and have the various class style properties in '.css' CSS stylesheet files. + + * htmLawed does not parse emoticons, decode `BBcode`, or `wikify`, auto-converting text to proper HTML. Similarly, it won't convert line-breaks to 'br' elements. Such functions are beyond its purview. Admins should use other code to pre- or post-process the input for such purposes. + + * htmLawed cannot be used to have links force-opened in new windows (by auto-adding appropriate 'target' and 'onclick' attributes to 'a'). Admins should look at Javascript-based DOM-modifying solutions for this. Admins may also be able to use a custom hook function to enforce such checks ('hook_tag' parameter; see section:- #3.4.9). + + * Nesting-based checks are not possible. E.g., one cannot disallow 'p' elements specifically inside 'td' while permitting it elsewhere. Admins may be able to use a custom hook function to enforce such checks ('hook_tag' parameter; see section:- #3.4.9). + + * Except for optionally converting absolute or relative URLs to the other type, htmLawed will not alter URLs (e.g., to change the value of query strings or to convert 'http' to 'https'. Having absolute URLs may be a standard-requirement, e.g., when HTML is embedded in email messages, whereas altering URLs for other purposes is beyond htmLawed's goals. Admins may be able to use a custom hook function to enforce such checks ('hook_tag' parameter; see section:- #3.4.9). + + * Pairs of opening and closing tags that do not enclose any content (like '<em></em>') are not removed. This may be against the standard specs for certain elements (e.g., 'table'). However, presence of such standard-incompliant code will not break the display or layout of content. Admins can also use simple regex-based code to filter out such code. + + * htmLawed does not check for certain element orderings described in the standard specs (e.g., in a 'table', 'tbody' is allowed before 'tfoot'). Admins may be able to use a custom hook function to enforce such checks ('hook_tag' parameter; see section:- #3.4.9). + + * htmLawed does not check the number of nested elements. E.g., it will allow two 'caption' elements in a 'table' element, illegal as per the specs. Admins may be able to use a custom hook function to enforce such checks ('hook_tag' parameter; see section:- #3.4.9). + + * htmLawed might convert certain entities to actual characters and remove backslashes and CSS comment-markers ('/*') in 'style' attribute values in order to detect malicious HTML like crafted IE-specific dynamic expressions like 'expression...'. If this is too harsh, admins can allow CSS expressions through htmLawed core but then use a custom function through the 'hook_tag' parameter (section:- #3.4.9) to more specifically identify CSS expressions in the 'style' attribute values. Also, using '$config["style_pass"]', it is possible to have htmLawed pass 'style' attribute values without even looking at them (section:- #3.4.8). + + * htmLawed does not correct certain possible attribute-based security vulnerabilities (e.g., '<a href="http://x%22+style=%22background-image:xss">x</a>'). These arise when browsers mis-identify markup in `escaped` text, defeating the very purpose of escaping text (a bad browser will read the given example as '<a href="http://x" style="background-image:xss">x</a>'). + + * Because of poor Unicode support in PHP, htmLawed does not remove the `high value` HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see section:- #3.1). + + * Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts. + + +-- 2.9 Examples ---------------------------------------------------o + + + *1.* A blog administrator wants to allow only 'a', 'em', 'strike', 'strong' and 'u' in comments, but needs 'strike' and 'u' transformed to 'span' for better XHTML 1-strict compliance, and, he wants the 'a' links to be to 'http' or 'https' resources: + + $processed = htmLawed($in, array('elements'=>'a, em, strike, strong, u', 'make_tag_strict'=>1, 'safe'=>1, 'schemes'=>'*:http, https'), 'a=href'); + + *2.* An author uses a custom-made web application to load content on his web-site. He is the only one using that application and the content he generates has all types of HTML, including scripts. The web application uses htmLawed primarily as a tool to correct errors that creep in while writing HTML and to take care of the occasional `bad` characters in copy-paste text introduced by Microsoft Office. The web application provides a preview before submitted input is added to the content. For the previewing process, htmLawed is set up as follows: + + $processed = htmLawed($in, array('css_expression'=>1, 'keep_bad'=>1, 'make_tag_strict'=>1, 'schemes'=>'*:*', 'valid_xhtml'=>1)); + + For the final submission process, 'keep_bad' is set to '6'. A value of '1' for the preview process allows the author to note and correct any HTML mistake without losing any of the typed text. + + *3.* A data-miner is scraping information in a specific table of similar web-pages and is collating the data rows, and uses htmLawed to reduce unnecessary markup and white-spaces: + + $processed = htmLawed($in, array('elements'=>'tr, td', 'tidy'=>-1), 'tr, td ='); + + +== 3 Details =====================================================oo + + +-- 3.1 Invalid/dangerous characters -------------------------------- + + + Valid characters (more correctly, their code-points) in HTML or XML are, hexadecimally, '9', 'a', 'd', '20' to 'd7ff', and 'e000' to '10ffff', except 'fffe' and 'ffff' (decimally, '9', '10', '13', '32' to '55295', and '57344' to '1114111', except '65534' and '65535'). htmLawed removes the invalid characters '0' to '8', 'b', 'c', and 'e' to '1f'. + + Because of PHP's poor native support for multi-byte characters, htmLawed cannot check for the remaining invalid code-points. However, for various reasons, it is very unlikely for any of those characters to be in the input. + + Characters that are discouraged (see section:- #5.1) but not invalid are not removed by htmLawed. + + It (function 'hl_tag()') also replaces the potentially dangerous (in some Mozilla [Firefox] and Opera browsers) soft-hyphen character (code-point, hexadecimally, 'ad', or decimally, '173') in attribute values with spaces. Where required, the characters '<', '>', '&', and '"' are converted to entities. + + With '$config["clean_ms_char"]' set as '1' or '2', many of the discouraged characters (decimal code-points '127' to '159' except '133') that many Microsoft applications incorrectly use (as per the 'Windows 1252' ['Cp-1252'] or a similar encoding system), and the character for decimal code-point '133', are converted to appropriate decimal numerical entities (or removed for a few cases)-- see appendix in section:- #5.4. This can help avoid some display issues arising from copying-pasting of content. + + With '$config["clean_ms_char"]' set as '2', characters for the hexadecimal code-points '82', '91', and '92' (for special single-quotes), and '84', '93', and '94' (for special double-quotes) are converted to ordinary single and double quotes respectively and not to entities. + + The character values are replaced with entities/characters and not character values referred to by the entities/characters to keep this task independent of the character-encoding of input text. + + The '$config["clean_ms_char"]' parameter need not be used if authors do not copy-paste Microsoft-created text or if the input text is not believed to use the 'Windows 1252' or a similar encoding. Further, the input form and the web-pages displaying it or its content should have the character encoding appropriately marked-up. + + +-- 3.2 Character references/entities ------------------------------o + + + Valid character entities take the form '&*;' where '*' is '#x' followed by a hexadecimal number (hexadecimal numeric entity; like ' ' for non-breaking space), or alphanumeric like 'gt' (external or named entity; like ' ' for non-breaking space), or '#' followed by a number (decimal numeric entity; like ' ' for non-breaking space). Character entities referring to the soft-hyphen character (the '­' or '\xad' character; hexadecimal code-point 'ad' [decimal '173']) in attribute values are always replaced with spaces; soft-hyphens in attribute values introduce vulnerabilities in some older versions of the Opera and Mozilla [Firefox] browsers. + + htmLawed (function 'hl_ent()'): + + * Neutralizes entities with multiple leading zeroes or missing semi-colons (potentially dangerous) + + * Lowercases the 'X' (for XML-compliance) and 'A-F' of hexadecimal numeric entities + + * Neutralizes entities referring to characters that are HTML-invalid (see section:- #3.1) + + * Neutralizes entities referring to characters that are HTML-discouraged (code-points, hexadecimally, '7f' to '84', '86' to '9f', and 'fdd0' to 'fddf', or decimally, '127' to '132', '134' to '159', and '64991' to '64976'). Entities referring to the remaining discouraged characters (see section:- #5.1 for a full list) are let through. + + * Neutralizes named entities that are not in the specs. + + * Optionally converts valid HTML-specific named entities except '>', '<', '"', and '&' to decimal numeric ones (hexadecimal if $config["hexdec_entity"] is '2') for generic XML-compliance. For this, '$config["named_entity"]' should be '1'. + + * Optionally converts hexadecimal numeric entities to the more widely supported decimal ones. For this, '$config["hexdec_entity"]' should be '0'. + + * Optionally converts decimal numeric entities to the hexadecimal ones. For this, '$config["hexdec_entity"]' should be '2'. + + `Neutralization` refers to the `entitification` of '&' to '&'. + + *Note*: htmLawed does not convert entities to the actual characters represented by them; one can pass the htmLawed output through PHP's 'html_entity_decode' function:- http://www.php.net/html_entity_decode for that. + + *Note*: If '$config["and_mark"]' is set, and set to a value other than '0', then the '&' characters in the original input are replaced with the control character for the hexadecimal code-point '6' ('\x06'; '&' characters introduced by htmLawed, e.g., after converting '<' to '<', are not affected). This allows one to distinguish, say, an '>' introduced by htmLawed and an '>' put in by the input writer, and can be helpful in further processing of the htmLawed-processed text (e.g., to identify the character sequence 'o(><)o' to generate an emoticon image). When this feature is active, admins should ensure that the htmLawed output is not directly used in web pages or XML documents as the presence of the '\x06' can break documents. Before use in such documents, and preferably before any storage, any remaining '\x06' should be changed back to '&', e.g., with: + + $final = str_replace("\x06", '&', $prelim); + + Also, see section:- #3.9. + + +-- 3.3 HTML elements ----------------------------------------------o + + + htmLawed can be configured to allow only certain HTML elements (tags) in the input. Disallowed elements (just tag-content, and not element-content), based on '$config["keep_bad"]', are either `neutralized` (converted to plain text by entitification of '<' and '>') or removed. + + E.g., with only 'em' permitted: + + Input: + + <em>My</em> website is <a href="http://a.com>a.com</a>. + + Output, with '$config["keep_bad"] = 0': + + <em>My</em> website is a.com. + + Output, with '$config["keep_bad"]' not '0': + + <em>My</em> website is <a href="">a.com</a>. + + See section:- #3.3.3 for differences between the various non-zero '$config["keep_bad"]' values. + + htmLawed by default permits these 86 elements: + + a, abbr, acronym, address, applet, area, b, bdo, big, blockquote, br, button, caption, center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, embed, fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, iframe, img, input, ins, isindex, kbd, label, legend, li, map, menu, noscript, object, ol, optgroup, option, p, param, pre, q, rb, rbc, rp, rt, rtc, ruby, s, samp, script, select, small, span, strike, strong, sub, sup, table, tbody, td, textarea, tfoot, th, thead, tr, tt, u, ul, var + + Except for 'embed' (included because of its wide-spread use) and the Ruby elements ('rb', 'rbc', 'rp', 'rt', 'rtc', 'ruby'; part of XHTML 1.1), these are all the elements in the HTML 4/XHTML 1 specs. Strict-specific specs. exclude 'center', 'dir', 'font', 'isindex', 'menu', 's', 'strike', and 'u'. + + With '$config["safe"] = 1', the default set will exclude 'applet', 'embed', 'iframe', 'object' and 'script'; see section:- #3.6. + + When '$config["elements"]', which specifies allowed elements, is `properly` defined, and neither empty nor set to '0' or '*', the default set is not used. To have elements added to or removed from the default set, a '+/-' notation is used. E.g., '*-script-object' implies that only 'script' and 'object' are disallowed, whereas '*+embed' means that 'noembed' is also allowed. Elements can also be specified as comma separated names. E.g., 'a, b, i' means only 'a', 'b' and 'i' are permitted. In this notation, '*', '+' and '-' have no significance and can actually cause a mis-reading. + + Some more examples of '$config["elements"]' values indicating permitted elements (note that empty spaces are liberally allowed for clarity): + + * 'a, blockquote, code, em, strong' -- only 'a', 'blockquote', 'code', 'em', and 'strong' + * '*-script' -- all excluding 'script' + * '* -center -dir -font -isindex -menu -s -strike -u' -- only XHTML-Strict elements + * '*+noembed-script' -- all including 'noembed' excluding 'script' + + Some mis-usages (and the resulting permitted elements) that can be avoided: + + * '-*' -- none; instead of htmLawed, one might just use, e.g., the 'htmlspecialchars()' PHP function + * '*, -script' -- all except 'script'; admin probably meant '*-script' + * '-*, a, em, strong' -- all; admin probably meant 'a, em, strong' + * '*' -- all; admin need not have set 'elements' + * '*-form+form' -- all; a '+' will always over-ride any '-' + * '*, noembed' -- only 'noembed'; admin probably meant '*+noembed' + * 'a, +b, i' -- only 'a' and 'i'; admin probably meant 'a, b, i' + + Basically, when using the '+/-' notation, commas (',') should not be used, and vice versa, and '*' should be used with the former but not the latter. + + *Note*: Even if an element that is not in the default set is allowed through '$config["elements"]', like 'noembed' in the last example, it will eventually be removed during tag balancing unless such balancing is turned off ('$config["balance"]' set to '0'). Currently, the only way around this, which actually is simple, is to edit the various arrays in the function 'hl_bal()' to accommodate the element and its nesting properties. + + *A possibly second way to specify allowed elements* is to set '$config["parent"]' to an element name that supposedly will hold the input, and to set '$config["balance"]' to '1'. During tag balancing (see section:- #3.3.3), all elements that cannot legally nest inside the parent element will be removed. The parent element is auto-reset to 'div' if '$config["parent"]' is empty, 'body', or an element not in htmLawed's default set of 86 elements. + + `Tag transformation` is possible for improving XHTML-Strict compliance -- most of the deprecated elements are removed or converted to valid XHTML-Strict ones; see section:- #3.3.2. + + +.. 3.3.1 Handling of comments and CDATA sections ................... + + + 'CDATA' sections have the format '<![CDATA[...anything but not "]]>"...]]>', and HTML comments, '<!--...anything but not "-->"... -->'. Neither HTML comments nor 'CDATA' sections can reside inside tags. HTML comments can exist anywhere else, but 'CDATA' sections can exist only where plain text is allowed (e.g., immediately inside 'td' element content but not immediately inside 'tr' element content). + + htmLawed (function 'hl_cmtcd()') handles HTML comments or 'CDATA' sections depending on the values of '$config["comment"]' or '$config["cdata"]'. If '0', such markup is not looked for and the text is processed like plain text. If '1', it is removed completely. If '2', it is preserved but any '<', '>' and '&' inside are changed to entities. If '3', they are left as such. + + Note that for the last two cases, HTML comments and 'CDATA' sections will always be removed from tag content (function 'hl_tag()'). + + Examples: + + Input: + <!-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a> + Output ('$config["comment"] = 0, $config["cdata"] = 2'): + <-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a> + Output ('$config["comment"] = 1, $config["cdata"] = 2'): + <a href="home.htm"><![CDATA[x=&y]]>Home</a> + Output ('$config["comment"] = 2, $config["cdata"] = 2'): + <!-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a> + Output ('$config["comment"] = 2, $config["cdata"] = 1'): + <!-- home link --><a href="home.htm">Home</a> + Output ('$config["comment"] = 3, $config["cdata"] = 3'): + <!-- home link --><a href="home.htm"><![CDATA[x=&y]]>Home</a> + + For standard-compliance, comments are given the form '<!--comment -->', and any '--' in the content is made '-'. + + When '$config["safe"] = 1', CDATA sections and comments are considered plain text unless '$config["comment"]' or '$config["cdata"]' is explicitly specified; see section:- #3.6. + + +.. 3.3.2 Tag-transformation for better XHTML-Strict ................o + + + If '$config["make_tag_strict"]' is set and not '0', following non-XHTML-Strict elements (and attributes), even if admin-permitted, are mutated as indicated (element content remains intact; function 'hl_tag2()'): + + * applet - (based on '$config["make_tag_strict"]', unchanged ('1') or removed ('2')) + * center - 'div style="text-align: center;"' + * dir - 'ul' + * embed - (based on '$config["make_tag_strict"]', unchanged ('1') or removed ('2')) + * font (face, size, color) - 'span style="font-family: ; font-size: ; color: ;"' (size transformation reference:- http://style.cleverchimp.com/font_size_intervals/altintervals.html) + * isindex - (based on '$config["make_tag_strict"]', unchanged ('1') or removed ('2')) + * menu - 'ul' + * s - 'span style="text-decoration: line-through;"' + * strike - 'span style="text-decoration: line-through;"' + * u - 'span style="text-decoration: underline;"' + + For an element with a pre-existing 'style' attribute value, the extra style properties are appended. + + Example input: + + <center> + The PHP <s>software</s> script used for this <strike>web-page</strike> web-page is <font style="font-weight: bold " face=arial size='+3' color = "red ">htmLawedTest.php</font>, from <u style= 'color:green'>PHP Labware</u>. + </center> + + The output: + + <div style="text-align: center;"> + The PHP <span style="text-decoration: line-through;">software</span> script used for this <span style="text-decoration: line-through;">web-page</span> web-page is <span style="font-weight: bold; font-family: arial; color: red; font-size: 200%;">htmLawedTest.php</span>, from <span style="color:green; text-decoration: underline;">PHP Labware</span>. + </div> + + +-- 3.3.3 Tag balancing and proper nesting -------------------------o + + + If '$config["balance"]' is set to '1', htmLawed (function 'hl_bal()') checks and corrects the input to have properly balanced tags and legal element content (i.e., any element nesting should be valid, and plain text may be present only in the content of elements that allow them). + + Depending on the value of '$config["keep_bad"]' (see section:- #2.2 and section:- #3.3), illegal content may be removed or neutralized to plain text by converting < and > to entities: + + '0' - remove; this option is available only to maintain Kses-compatibility and should not be used otherwise (see section:- #2.6) + '1' - neutralize tags and keep element content + '2' - remove tags but keep element content + '3' and '4' - like '1' and '2', but keep element content only if text ('pcdata') is valid in parent element as per specs + '5' and '6' - like '3' and '4', but line-breaks, tabs and spaces are left + + Example input (disallowing the 'p' element): + + <*> Pseudo-tags <*> + <xml>Non-HTML tag xml</xml> + <p> + Disallowed tag p + </p> + <ul>Bad<li>OK</li></ul> + + The output with '$config["keep_bad"] = 1': + + <*> Pseudo-tags <*> + <xml>Non-HTML tag xml</xml> + <p> + Disallowed tag p + </p> + <ul>Bad<li>OK</li></ul> + + The output with '$config["keep_bad"] = 3': + + <*> Pseudo-tags <*> + <xml>Non-HTML tag xml</xml> + <p> + Disallowed tag p + </p> + <ul><li>OK</li></ul> + + The output with '$config["keep_bad"] = 6': + + <*> Pseudo-tags <*> + Non-HTML tag xml + + Disallowed tag p + + <ul><li>OK</li></ul> + + An option like '1' is useful, e.g., when a writer previews his submission, whereas one like '3' is useful before content is finalized and made available to all. + + *Note:* In the example above, unlike '<*>', '<xml>' gets considered as a tag (even though there is no HTML element named 'xml'). In general, text matching the regular expression pattern '<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>' is considered a tag (phrase enclosed by the angled brackets '<' and '>', and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...). + + Nesting/content rules for each of the 86 elements in htmLawed's default set (see section:- #3.3) are defined in function 'hl_bal()'. This means that if a non-standard element besides 'embed' is being permitted through '$config["elements"]', the element's tag content will end up getting removed if '$config["balance"]' is set to '1'. + + Plain text and/or certain elements nested inside 'blockquote', 'form', 'map' and 'noscript' need to be in block-level elements. This point is often missed during manual writing of HTML code. htmLawed attempts to address this during balancing. E.g., if the parent container is set as 'form', the input 'B:<input type="text" value="b" />C:<input type="text" value="c" />' is converted to '<div>B:<input type="text" value="b" />C:<input type="text" value="c" /></div>'. + + +-- 3.3.4 Elements requiring child elements ------------------------o + + + As per specs, the following elements require legal child elements nested inside them: + + blockquote, dir, dl, form, map, menu, noscript, ol, optgroup, rbc, rtc, ruby, select, table, tbody, tfoot, thead, tr, ul + + In some cases, the specs stipulate the number and/or the ordering of the child elements. A 'table' can have 0 or 1 'caption', 'tbody', 'tfoot', and 'thead', but they must be in this order: 'caption', 'thead', 'tfoot', 'tbody'. + + htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages. + + +-- 3.3.5 Beautify or compact HTML ---------------------------------o + + + By default, htmLawed will neither `beautify` HTML code by formatting it with indentations, etc., nor will it make it compact by removing un-needed white-space.(It does always properly white-space tag content.) + + As per the HTML standards, spaces, tabs and line-breaks in web-pages (except those inside 'pre' elements) are all considered equivalent, and referred to as `white-spaces`. Browser applications are supposed to consider contiguous white-spaces as just a single space, and to disregard white-spaces trailing opening tags or preceding closing tags. This white-space `normalization` allows the use of text/code beautifully formatted with indentations and line-spacings for readability. Such `pretty` HTML can, however, increase the size of web-pages, or make the extraction or scraping of plain text cumbersome. + + With the '$config' parameter 'tidy', htmLawed can be used to beautify or compact the input text. Input with just plain text and no HTML markup is also subject to this. Besides 'pre', the 'script' and 'textarea' elements, CDATA sections, and HTML comments are not subjected to the tidying process. + + To `compact`, use '$config["tidy"] = -1'; single instances or runs of white-spaces are replaced with a single space, and white-spaces trailing and leading open and closing tags, respectively, are removed. + + To `beautify`, '$config["tidy"]' is set as '1', or for customized tidying, as a string like '2s2n'. The 's' or 't' character specifies the use of spaces or tabs for indentation. The first and third characters, any of the digits 0-9, specify the number of spaces or tabs per indentation, and any parental lead spacing (extra indenting of the whole block of input text). The 'r' and 'n' characters are used to specify line-break characters: 'n' for '\n' (Unix/Mac OS X line-breaks), 'rn' or 'nr' for '\r\n' (Windows/DOS line-breaks), or 'r' for '\r'. + + The '$config["tidy"]' value of '1' is equivalent to '2s0n'. Other '$config["tidy"]' values are read loosely: a value of '4' is equivalent to '4s0n'; 't2', to '1t2n'; 's', to '2s0n'; '2TR', to '2t0r'; 'T1', to '1t1n'; 'nr3', to '3s0nr', and so on. Except in the indentations and line-spacings, runs of white-spaces are replaced with a single space during beautification. + + Input formatting using '$config["tidy"]' is not recommended when input text has mixed markup (like HTML + PHP). + + +-- 3.4 Attributes ------------------------------------------------oo + + + htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the 'embed' element (the non-standard 'embed' element is supported in htmLawed because of its widespread use), and the the 'xml:space' attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in section:- #5.2. + + When '$config["deny_attribute"]' is not set, or set to '0', or empty ('""'), all the 111 attributes are permitted. Otherwise, '$config["deny_attribute"]' can be set as a list of comma-separated names of the denied attributes. 'on*' can be used to refer to the group of potentially dangerous, script-accepting attributes: 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onreset', 'onselect' and 'onsubmit'. + + Note that attributes specified in '$config["deny_attribute"]' are denied globally, for all elements. To deny attributes for only specific elements, '$spec' (see section:- #2.3) can be used. '$spec' can also be used to element-specifically permit an attribute otherwise denied through '$config["deny_attribute"]'. + + With '$config["safe"] = 1' (section:- #3.6), the 'on*' attributes are automatically disallowed. + + *Note*: To deny all but a few attributes globally, a simpler way to specify '$config["deny_attribute"]' would be to use the notation '* -attribute1 -attribute2 ...'. Thus, a value of '* -title -href' implies that except 'href' and 'title' (where allowed as per standards) all other attributes are to be removed. With this notation, the value for the parameter 'safe' (section:- #3.6) will have no effect on 'deny_attribute'. + + htmLawed (function 'hl_tag()') also: + + * Lower-cases attribute names + * Removes duplicate attributes (last one stays) + * Gives attributes the form 'name="value"' and single-spaces them, removing unnecessary white-spacing + * Provides `required` attributes (see section:- #3.4.1) + * Double-quotes values and escapes any '"' inside them + * Replaces the possibly dangerous soft-hyphen characters (hexadecimal code-point 'ad') in the values with spaces + * Allows custom function to additionally filter/modify attribute values (see section:- #3.4.9) + + +.. 3.4.1 Auto-addition of XHTML-required attributes ................ + + + If indicated attributes for the following elements are found missing, htmLawed (function 'hl_tag()') will add them (with values same as attribute names unless indicated otherwise below): + + * area - alt ('area') + * area, img - src, alt ('image') + * bdo - dir ('ltr') + * form - action + * map - name + * optgroup - label + * param - name + * script - type ('text/javascript') + * textarea - rows ('10'), cols ('50') + + Additionally, with '$config["xml:lang"]' set to '1' or '2', if the 'lang' but not the 'xml:lang' attribute is declared, then the latter is added too, with a value copied from that of 'lang'. This is for better standard-compliance. With '$config["xml:lang"]' set to '2', the 'lang' attribute is removed (XHTML 1.1 specs). + + Note that the 'name' attribute for 'map', invalid in XHTML 1.1, is also transformed if required -- see section:- #3.4.6. + + +.. 3.4.2 Duplicate/invalid 'id' values ............................o + + + If '$config["unique_ids"]' is '1', htmLawed (function 'hl_tag()') removes 'id' attributes with values that are not XHTML-compliant (must begin with a letter and can contain letters, digits, ':', '.', '-' and '_') or duplicate. If '$config["unique_ids"]' is a word, any duplicate but otherwise valid value will be appropriately prefixed with the word to ensure its uniqueness. The word should begin with a letter and should contain only letters, numbers, ':', '.', '_' and '-'. + + Even if multiple inputs need to be filtered (through multiple calls to htmLawed), htmLawed ensures uniqueness of 'id' values as it uses a global variable ('$GLOBALS["hl_Ids"]' array). Further, an admin can restrict the use of certain 'id' values by presetting this variable before htmLawed is called into use. E.g.: + + $GLOBALS['hl_Ids'] = array('top'=>1, 'bottom'=>1, 'myform'=>1); // id values not allowed in input + $processed = htmLawed($text); // filter input + + +.. 3.4.3 URL schemes (protocols) and scripts in attribute values ............o + + + htmLawed edits attributes that take URLs as values if they are found to contain un-permitted schemes. E.g., if the 'afp' scheme is not permitted, then '<a href="afp://domain.org">' becomes '<a href="denied:afp://domain.org">', and if Javascript is not permitted '<a onclick="javascript:xss();">' becomes '<a onclick="denied:javascript:xss();">'. + + By default htmLawed permits these schemes in URLs for the 'href' attribute: + + aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet + + Also, only 'file', 'http' and 'https' are permitted in attributes whose names start with 'o' (like 'onmouseover'), and in these attributes that accept URLs: + + action, cite, classid, codebase, data, href, longdesc, model, pluginspage, pluginurl, src, style, usemap + + These default sets are used when '$config["schemes"]' is not set (see section:- #2.2). To over-ride the defaults, '$config["schemes"]' is defined as a string of semi-colon-separated sub-strings of type 'attribute: comma-separated schemes'. E.g., 'href: mailto, http, https; onclick: javascript; src: http, https'. For unspecified attributes, 'file', 'http' and 'https' are permitted. This can be changed by passing schemes for '*' in '$config["schemes"]'. E.g., 'href: mailto, http, https; *: https, https'. + + '*' can be put in the list of schemes to permit all protocols. E.g., 'style: *; img: http, https' results in protocols not being checked in 'style' attribute values. However, in such cases, any relative-to-absolute URL conversion, or vice versa, (section:- #3.4.4) is not done. + + Thus, `to allow Javascript`, one can set '$config["schemes"]' as 'href: mailto, http, https; *: http, https, javascript', or 'href: mailto, http, https, javascript; *: http, https, javascript', or '*: *', and so on. + + As a side-note, one may find 'style: *' useful as URLs in 'style' attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text. + + *Note*: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string 'src' (e.g., 'dynsrc') or starts with 'o' (e.g., 'onbeforecopy'). + + With '$config["safe"] = 1', all URLs are disallowed in the 'style' attribute values. + + +.. 3.4.4 Absolute & relative URLs in attribute values .............o + + + htmLawed can make absolute URLs in attributes like 'href' relative ('$config["abs_url"]' is '-1'), and vice versa ('$config["abs_url"]' is '1'). URLs in scripts are not considered for this, and so are URLs like '#section_6' (fragment), '?name=Tim#show' (starting with query string), and ';var=1?name=Tim#show' (starting with parameters). Further, this requires that '$config["base_url"]' be set properly, with the '://' and a trailing slash ('/'), with no query string, etc. E.g., 'file:///D:/page/', 'https://abc.com/x/y/', or 'http://localhost/demo/' are okay, but 'file:///D:/page/?help=1', 'abc.com/x/y/' and 'http://localhost/demo/index.htm' are not. + + For making absolute URLs relative, only those URLs that have the '$config["base_url"]' string at the beginning are converted. E.g., with '$config["base_url"] = "https://abc.com/x/y/"', 'https://abc.com/x/y/a.gif' and 'https://abc.com/x/y/z/b.gif' become 'a.gif' and 'z/b.gif' respectively, while 'https://abc.com/x/c.gif' is not changed. + + When making relative URLs absolute, only values for scheme, network location (host-name) and path values in the base URL are inherited. See section:- #5.5 for more about the URL specification as per RFC 1808:- http://www.ietf.org/rfc/rfc1808.txt. + + +.. 3.4.5 Lower-cased, standard attribute values ....................o + + + Optionally, for standard-compliance, htmLawed (function 'hl_tag()') lower-cases standard attribute values to give, e.g., 'input type="password"' instead of 'input type="Password"', if '$config["lc_std_val"]' is '1'. Attribute values matching those listed below for any of the elements (plus those for the 'type' attribute of 'button' or 'input') are lower-cased: + + all, baseline, bottom, button, center, char, checkbox, circle, col, colgroup, cols, data, default, file, get, groups, hidden, image, justify, left, ltr, middle, none, object, password, poly, post, preserve, radio, rect, ref, reset, right, row, rowgroup, rows, rtl, submit, text, top + + a, area, bdo, button, col, form, img, input, object, option, optgroup, param, script, select, table, td, tfoot, th, thead, tr, xml:space + + The following `empty` (`minimized`) attributes are always assigned lower-cased values (same as the names): + + checked, compact, declare, defer, disabled, ismap, multiple, nohref, noresize, noshade, nowrap, readonly, selected + + +.. 3.4.6 Transformation of deprecated attributes ..................o + + + If '$config["no_deprecated_attr"]' is '0', then deprecated attributes (see appendix in section:- #5.2) are removed and, in most cases, their values are transformed to CSS style properties and added to the 'style' attributes (function 'hl_tag()'). Except for 'bordercolor' for 'table', 'tr' and 'td', the scores of proprietary attributes that were never part of any cross-browser standard are not supported. + + *Note*: The attribute 'target' for 'a' is allowed even though it is not in XHTML 1.0 specs. This is because of the attribute's wide-spread use and browser-support, and because the attribute is valid in XHTML 1.1 onwards. + + * align - for 'img' with value of 'left' or 'right', becomes, e.g., 'float: left'; for 'div' and 'table' with value 'center', becomes 'margin: auto'; all others become, e.g., 'text-align: right' + + * bgcolor - E.g., 'bgcolor="#ffffff"' becomes 'background-color: #ffffff' + * border - E.g., 'height= "10"' becomes 'height: 10px' + * bordercolor - E.g., 'bordercolor=#999999' becomes 'border-color: #999999;' + * compact - 'font-size: 85%' + * clear - E.g., 'clear="all" becomes 'clear: both' + + * height - E.g., 'height= "10"' becomes 'height: 10px' and 'height="*"' becomes 'height: auto' + + * hspace - E.g., 'hspace="10"' becomes 'margin-left: 10px; margin-right: 10px' + * language - 'language="VBScript"' becomes 'type="text/vbscript"' + * name - E.g., 'name="xx"' becomes 'id="xx"' + * noshade - 'border-style: none; border: 0; background-color: gray; color: gray' + * nowrap - 'white-space: nowrap' + * size - E.g., 'size="10"' becomes 'height: 10px' + * start - removed + * type - E.g., 'type="i"' becomes 'list-style-type: lower-roman' + * value - removed + * vspace - E.g., 'vspace="10"' becomes 'margin-top: 10px; margin-bottom: 10px' + * width - like 'height' + + Example input: + + <img src="j.gif" alt="image" name="dad's" /><img src="k.gif" alt="image" id="dad_off" name="dad" /> + <br clear="left" /> + <hr noshade size="1" /> + <img name="img" src="i.gif" align="left" alt="image" hspace="10" vspace="10" width="10em" height="20" border="1" style="padding:5px;" /> + <table width="50em" align="center" bgcolor="red"> + <tr> + <td width="20%"> + <div align="center"> + <h3 align="right">Section</h3> + <p align="right">Para</p> + <ol type="a" start="e"><li value="x">First item</li></ol> + </div> + </td> + <td width="*"> + <ol type="1"><li>First item</li></ol> + </td> + </tr> + </table> + <br clear="all" /> + + And the output with '$config["no_deprecated_attr"] = 1': + + <img src="j.gif" alt="image" /><img src="k.gif" alt="image" id="dad_off" /> + <br style="clear: left;" /> + <hr style="border-style: none; border: 0; background-color: gray; color: gray; size: 1px;" /> + <img src="i.gif" alt="image" width="10em" height="20" style="padding:5px; float: left; margin-left: 10px; margin-right: 10px; margin-top: 10px; margin-bottom: 10px; border: 1px;" id="img" /> + <table width="50em" style="margin: auto; background-color: red;"> + <tr> + <td style="width: 20%;"> + <div style="margin: auto;"> + <h3 style="text-align: right;">Section</h3> + <p style="text-align: right;">Para</p> + <ol style="list-style-type: lower-latin;"><li>First item</li></ol> + </div> + </td> + <td style="width: auto;"> + <ol style="list-style-type: decimal;"><li>First item</li></ol> + </td> + </tr> + </table> + <br style="clear: both;" /> + + For 'lang', deprecated in XHTML 1.1, transformation is taken care of through '$config["xml:lang"]'; see section:- #3.4.1. + + The attribute 'name' is deprecated in 'form', 'iframe', and 'img', and is replaced with 'id' if an 'id' attribute doesn't exist and if the 'name' value is appropriate for 'id'. For such replacements for 'a' and 'map', for which the 'name' attribute is deprecated in XHTML 1.1, '$config["no_deprecated_attr"]' should be set to '2' (when set to '1', for these two elements, the 'name' attribute is retained). + + +-- 3.4.7 Anti-spam & 'href' ---------------------------------------o + + + htmLawed (function 'hl_tag()') can check the 'href' attribute values (link addresses) as an anti-spam (email or link spam) measure. + + If '$config["anti_mail_spam"]' is not '0', the '@' of email addresses in 'href' values like 'mailto:a@b.com' is replaced with text specified by '$config["anti_mail_spam"]'. The text should be of a form that makes it clear to others that the address needs to be edited before a mail is sent; e.g., '<remove_this_antispam>@' (makes the example address 'a<remove_this_antispam>@b.com'). + + For regular links, one can choose to have a 'rel' attribute with 'nofollow' in its value (which tells some search engines to not follow a link). This can discourage link spammers. Additionally, or as an alternative, one can choose to empty the 'href' value altogether (disable the link). + + For use of these options, '$config["anti_link_spam"]' should be set as an array with values 'regex1' and 'regex2', both or one of which can be empty (like 'array("", "regex2")') to indicate that that option is not to be used. Otherwise, 'regex1' or 'regex2' should be PHP- and PCRE-compatible regular expression patterns: 'href' values will be matched against them and those matching the pattern will accordingly be treated. + + Note that the regular expressions should have `delimiters`, and be well-formed and preferably fast. Absolute efficiency/accuracy is often not needed. + + An example, to have a 'rel' attribute with 'nofollow' for all links, and to disable links that do not point to domains 'abc.com' and 'xyz.org': + + $config["anti_link_spam"] = array('`.`', '`://\W*(?!(abc\.com|xyz\.org))`'); + + +-- 3.4.8 Inline style properties ----------------------------------o + + + htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the 'style' attributes. (CSS properties like 'background-image' that accept URLs in their values are noted in section:- #5.3.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting '$config["css_expression"]' to '1' (default setting). + + *Note*: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the 'style' attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off ('$config["schemes"] = "...style:*..."', see section:- #3.4.3, and '$config["css_expression"] = 0'). Alternately, admins can use their own custom function for finer handling of 'style' values through the 'hook_tag' parameter (see section:- #3.4.9). + + It is also possible to have htmLawed let through any 'style' value by setting '$config["style_pass"]' to '1'. + + As such, it is better to set up a CSS file with class declarations, disallow the 'style' attribute, set a '$spec' rule (see section:- #2.3) for 'class' for the 'oneof' or 'match' parameter, and ask writers to make use of the 'class' attribute. + + +-- 3.4.9 Hook function for tag content ----------------------------o + + + It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.). + + When '$config' parameter 'hook_tag' is set to the name of a function, htmLawed (function 'hl_tag()') will pass on the element name, and the `finalized` attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like '<element_name attribute_1_name="attribute_1_value"...>' (for empty elements like 'img' and 'input', the element-closing slash '/' should also be included). + + This is a *powerful functionality* that can be exploited for various objectives: consolidate-and-convert inline 'style' attributes to 'class', convert 'embed' elements to 'object', permit only one 'caption' element in a 'table' element, disallow embedding of certain types of media, *inject HTML*, use CSSTidy:- http://csstidy.sourceforge.net to sanitize 'style' attribute values, etc. + + As an example, the custom hook code below can be used to force a series of specifically ordered 'id' attributes on all elements, and a specific 'param' element inside all 'object' elements: + + function my_tag_function($element, $attribute_array){ + static $id = 0; + // Remove any duplicate element + if($element == 'param' && isset($attribute_array['allowscriptaccess'])){ + return ''; + } + + $new_element = ''; + + // Force a serialized ID number + $attribute_array['id'] = 'my_'. $id; + ++$id; + + // Inject param for allowscriptaccess + if($element == 'object'){ + $new_element = '<param id='my_'. $id; allowscriptaccess="never" />'; + ++$id; + } + + $string = ''; + foreach($attribute_array as $k=>$v){ + $string .= " {$k}=\"{$v}\""; + } + return "<{$element}{$string}". (isset($in_array($element, $empty_elements) ? ' /' : ''). '>'. $new_element; + } + + The 'hook_tag' parameter is different from the 'hook' parameter (section:- #3.7). + + Snippets of hook function code developed by others may be available on the htmLawed:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed website. + + +-- 3.5 Simple configuration directive for most valid XHTML -------oo + + + If '$config["valid_xhtml"]' is set to '1', some relevant '$config' parameters (indicated by '~' in section:- #2.2) are auto-adjusted. This allows one to pass the '$config' argument with a simpler value. If a value for a parameter auto-set through 'valid_xhtml' is still manually provided, then that value will over-ride the auto-set value. + + +-- 3.6 Simple configuration directive for most `safe` HTML --------o + + + `Safe` HTML refers to HTML that is restricted to reduce the vulnerability for scripting attacks (such as XSS) based on HTML code which otherwise may still be legal and compliant with the HTML standard specs. When elements such as 'script' and 'object', and attributes such as 'onmouseover' and 'style' are allowed in the input text, an input writer can introduce malevolent HTML code. Note that what is considered 'safe' depends on the nature of the web application and the trust-level accorded to its users. + + htmLawed allows an admin to use '$config["safe"]' to auto-adjust multiple '$config' parameters (such as 'elements' which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by '"' in section:- #2.2). Thus, one can pass the '$config' argument with a simpler value. + + With the value of '1', htmLawed considers 'CDATA' sections and HTML comments as plain text, and prohibits the 'applet', 'embed', 'iframe', 'object' and 'script' elements, and the 'on*' attributes like 'onclick'. ( There are '$config' parameters like 'css_expression' that are not affected by the value set for 'safe' but whose default values still contribute towards a more `safe` output.) Further, URLs with schemes (see section:- #3.4.3) are neutralized so that, e.g., 'style="moz-binding:url(http://danger)"' becomes 'style="moz-binding:url(denied:http://danger)"' while 'style="moz-binding:url(ok)"' remains intact. + + Admins, however, may still want to completely deny the 'style' attribute, e.g., with code like + + $processed = htmLawed($text, array('safe'=>1, 'deny_attribute'=>'style')); + + If a value for a parameter auto-set through 'safe' is still manually provided, then that value can over-ride the auto-set value. E.g., with '$config["safe"] = 1' and '$config["elements"] = "*+script"', 'script', but not 'applet', is allowed. + + A page illustrating the efficacy of htmLawed's anti-XSS abilities with 'safe' set to '1' against XSS vectors listed by RSnake:- http://ha.ckers.org/xss.html may be available here:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm. + + +-- 3.7 Using a hook function --------------------------------------o + + + If '$config["hook"]' is not set to '0', then htmLawed will allow preliminarily processed input to be altered by a hook function named by '$config["hook"]' before starting the main work (but after handling of characters, entities, HTML comments and 'CDATA' sections -- see code for function 'htmLawed()'). + + The hook function also allows one to alter the `finalized` values of '$config' and '$spec'. + + Note that the 'hook' parameter is different from the 'hook_tag' parameter (section:- #3.4.9). + + Snippets of hook function code developed by others may be available on the htmLawed:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed website. + + +-- 3.8 Obtaining `finalized` parameter values ---------------------o + + + htmLawed can assign the `finalized` '$config' and '$spec' values to a variable named by '$config["show_setting"]'. The variable, made global by htmLawed, is set as an array with three keys: 'config', with the '$config' value, 'spec', with the '$spec' value, and 'time', with a value that is the Unix time (the output of PHP's 'microtime()' function) when the value was assigned. Admins should use a PHP-compliant variable name (e.g., one that does not begin with a numerical digit) that does not conflict with variable names in their non-htmLawed code. + + The values, which are also post-hook function (if any), can be used to auto-generate information (on, e.g., the elements that are permitted) for input writers. + + +-- 3.9 Retaining non-HTML tags in input with mixed markup ---------o + + + htmLawed does not remove certain characters that though invalid are nevertheless discouraged in HTML documents as per the specs (see section:- #5.1). This can be utilized to deal with input that contains mixed markup. Input that may have HTML markup as well as some other markup that is based on the '<', '>' and '&' characters is considered to have mixed markup. The non-HTML markup can be rather proprietary (like markup for emoticons/smileys), or standard (like MathML or SVG). Or it can be programming code meant for execution/evaluation (such as embedded PHP code). + + To deal with such mixed markup, the input text can be pre-processed to hide the non-HTML markup by specifically replacing the '<', '>' and '&' characters with some of the HTML-discouraged characters (see section:- #3.1.2). Post-htmLawed processing, the replacements are reverted. + + An example (mixed HTML and PHP code in input text): + + $text = preg_replace('`<\?php(.+?)\?>`sm', "\x83?php\\1?\x84", $text); + $processed = htmLawed($text); + $processed = preg_replace('`\x83\?php(.+?)\?\x84`sm', '<?php$1?>', $processed); + + This code will not work if '$config["clean_ms_char"]' is set to '1' (section:- #3.1), in which case one should instead deploy a hook function (section:- #3.7). (htmLawed internally uses certain control characters, code-points '1' to '7', and use of these characters as markers in the logic of hook functions may cause issues.) + + Admins may also be able to use '$config["and_mark"]' to deal with such mixed markup; see section:- #3.2. + + +== 4 Other =======================================================oo + + +-- 4.1 Support ----------------------------------------------------- + + + A careful re-reading of this documentation will very likely answer your questions. + + Software updates and forum-based community-support may be found at http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed. For general PHP issues (not htmLawed-specific), support may be found through internet searches and at http://php.net. + + +-- 4.2 Known issues -----------------------------------------------o + + + See section:- #2.8. + + Readers are advised to cross-check information given in this document. + + +-- 4.3 Change-log -------------------------------------------------o + + + (The release date for the downloadable package of files containing documentation, demo script, test-cases, etc., besides the 'htmLawed.php' file may be updated independently if the secondary files are revised.) + + `Version number - Release date. Notes` + + 1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice + + 1.1.8 - 23 April 2009. Parameter 'deny_attribute' now accepts the wild-card '*', making it simpler to specify its value when all but a few attributes are being denied; fixed a bug in interpreting '$spec' + + 1.1.7 - 11-12 March 2009. Attributes globally denied through 'deny_attribute' can be allowed element-specifically through '$spec'; '$config["style_pass"]' allowing letting through any 'style' value introduced; altered logic to catch certain types of dynamic crafted CSS expressions + + 1.1.3-6 - 28-31 January - 4 February 2009. Altered logic to catch certain types of dynamic crafted CSS expressions + + 1.1.2 - 22 January 2009. Fixed bug in parsing of 'font' attributes during tag transformation + + 1.1.1 - 27 September 2008. Better nesting correction when omitable closing tags are absent + + 1.1 - 29 June 2008. '$config["hook_tag"]' and '$config["format"]' introduced for custom tag/attribute check/modification/injection and output compaction/beautification; fixed a regex-in-$spec parsing bug + + 1.0.9 - 11 June 2008. Fixed bug in invalid HTML code-point entity check + + 1.0.8 - 15 May 2008. 'bordercolor' attribute for 'table', 'td' and 'tr' + + 1.0.7 - 1 May 2008. Support for 'wmode' attribute for 'embed'; '$config["show_setting"]' introduced; improved '$config["elements"]' evaluation + + 1.0.6 - 20 April 2008. '$config["and_mark"]' introduced + + 1.0.5 - 12 March 2008. 'style' URL schemes essentially disallowed when $config 'safe' is on; improved regex for CSS expression search + + 1.0.4 - 10 March 2008. Improved corrections for 'blockquote', 'form', 'map' and 'noscript' + + 1.0.3 - 3 March 2008. Character entities for soft-hyphens are now replaced with spaces (instead of being removed); a bug allowing 'td' directly inside 'table' fixed; 'safe' '$config' parameter added + + 1.0.2 - 13 February 2008. Improved implementation of '$config["keep_bad"]' + + 1.0.1 - 7 November 2007. Improved regex for identifying URLs, protocols and dynamic expressions ('hl_tag()' and 'hl_prot()'); no error display with 'hl_regex()' + + 1.0 - 2 November 2007. First release + + +-- 4.4 Testing ----------------------------------------------------o + + + To test htmLawed using a form interface, a demo:- htmLawedTest.php web-page is provided with the htmLawed distribution ('htmLawed.php' and 'htmLawedTest.php' should be in the same directory on the web-server). A file with test-cases:- htmLawed_TESTCASE.txt is also provided. + + +-- 4.5 Upgrade, & old versions ------------------------------------o + + + Upgrading is as simple as replacing the previous version of 'htmLawed.php' (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content. + + Old versions of htmLawed may be available online. E.g., for version 1.0, check http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip. + + +-- 4.6 Comparison with 'HTMLPurifier' -----------------------------o + + + The HTMLPurifier PHP library by Edward Yang is a very good HTML filtering script that uses object oriented PHP code. Compared to htmLawed, it: + + * does not support PHP versions older than 5.0 (HTMLPurifier dropped PHP 4 support after version 2) + + * is 15-20 times bigger (scores of files totalling more than 750 kb) + + * consumes 10-15 times more RAM memory (just including the HTMLPurifier files without calling the filter requires a few MBs of memory) + + * is expectedly slower + + * does not allow admins to fully allow all valid HTML (because of incomplete HTML support, it always considers elements like 'script' illegal) + + * lacks many of the extra features of htmLawed (like entity conversions and code compaction/beautification) + + * has poor documentation + + However, HTMLPurifier has finer checks for character encodings and attribute values, and can log warnings and errors. Visit the HTMLPurifier website:- http://htmlpurifier.org for updated information. + + +-- 4.7 Use through application plug-ins/modules -------------------o + + + Plug-ins/modules to implement htmLawed in applications such as Drupal and DokuWiki may have been developed. Please check the application websites and the forum on the htmLawed site:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed. + + +-- 4.8 Use in non-PHP applications --------------------------------o + + + Non-PHP applications written in Python, Ruby, etc., may be able to use htmLawed through system calls to the PHP engine. Such code may have been documented on the internet. Also check the forum on the htmLawed site:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed. + + +-- 4.9 Donate -----------------------------------------------------o + + + A donation in any currency and amount to appreciate or support this software can be sent by PayPal:- http://paypal.com to this email address: drpatnaik at yahoo dot com. + + +-- 4.10 Acknowledgements ------------------------------------------o + + + Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users. + + Thank you! + + +== 5 Appendices ==================================================oo + + +-- 5.1 Characters discouraged in XHTML ----------------------------- + + + Characters represented by the following hexadecimal code-points are `not` invalid, even though some validators may issue messages stating otherwise. + + '7f' to '84', '86' to '9f', 'fdd0' to 'fddf', '1fffe', '1ffff', '2fffe', '2ffff', '3fffe', '3ffff', '4fffe', '4ffff', '5fffe', '5ffff', '6fffe', '6ffff', '7fffe', '7ffff', '8fffe', '8ffff', '9fffe', '9ffff', 'afffe', 'affff', 'bfffe', 'bffff', 'cfffe', 'cffff', 'dfffe', 'dffff', 'efffe', 'effff', 'ffffe', 'fffff', '10fffe' and '10ffff' + + +-- 5.2 Valid attribute-element combinations -----------------------o + + + Valid attribute-element combinations as per W3C specs. + + * includes deprecated attributes (marked '^'), attributes for the non-standard 'embed' element (marked '*'), and the proprietary 'bordercolor' (marked '~') + * only non-frameset, HTML body elements + * 'name' for 'a' and 'map', and 'lang' are invalid in XHTML 1.1 + * 'target' is valid for 'a' in XHTML 1.1 and higher + * 'xml:space' is only for XHTML 1.1 + + abbr - td, th + accept - form, input + accept-charset - form + accesskey - a, area, button, input, label, legend, textarea + action - form + align - caption^, embed, applet, iframe, img^, input^, object^, legend^, table^, hr^, div^, h1^, h2^, h3^, h4^, h5^, h6^, p^, col, colgroup, tbody, td, tfoot, th, thead, tr + alt - applet, area, img, input + archive - applet, object + axis - td, th + bgcolor - embed, table^, tr^, td^, th^ + border - table, img^, object^ + bordercolor~ - table, td, tr + cellpadding - table + cellspacing - table + char - col, colgroup, tbody, td, tfoot, th, thead, tr + charoff - col, colgroup, tbody, td, tfoot, th, thead, tr + charset - a, script + checked - input + cite - blockquote, q, del, ins + classid - object + clear - br^ + code - applet + codebase - object, applet + codetype - object + color - font + cols - textarea + colspan - td, th + compact - dir, dl^, menu, ol^, ul^ + coords - area, a + data - object + datetime - del, ins + declare - object + defer - script + dir - bdo + disabled - button, input, optgroup, option, select, textarea + enctype - form + face - font + for - label + frame - table + frameborder - iframe + headers - td, th + height - embed, iframe, td^, th^, img, object, applet + href - a, area + hreflang - a + hspace - applet, img^, object^ + ismap - img, input + label - option, optgroup + language - script^ + longdesc - img, iframe + marginheight - iframe + marginwidth - iframe + maxlength - input + method - form + model* - embed + multiple - select + name - button, embed, textarea, applet^, select, form^, iframe^, img^, a^, input, object, map^, param + nohref - area + noshade - hr^ + nowrap - td^, th^ + object - applet + onblur - a, area, button, input, label, select, textarea + onchange - input, select, textarea + onfocus - a, area, button, input, label, select, textarea + onreset - form + onselect - input, textarea + onsubmit - form + pluginspage* - embed + pluginurl* - embed + prompt - isindex + readonly - textarea, input + rel - a + rev - a + rows - textarea + rowspan - td, th + rules - table + scope - td, th + scrolling - iframe + selected - option + shape - area, a + size - hr^, font, input, select + span - col, colgroup + src - embed, script, input, iframe, img + standby - object + start - ol^ + summary - table + tabindex - a, area, button, input, object, select, textarea + target - a^, area, form + type - a, embed, object, param, script, input, li^, ol^, ul^, button + usemap - img, input, object + valign - col, colgroup, tbody, td, tfoot, th, thead, tr + value - input, option, param, button, li^ + valuetype - param + vspace - applet, img^, object^ + width - embed, hr^, iframe, img, object, table, td^, th^, applet, col, colgroup, pre^ + wmode - embed + xml:space - pre, script, style + + These are allowed in all but the shown elements: + + class - param, script + dir - applet, bdo, br, iframe, param, script + id - script + lang - applet, br, iframe, param, script + onclick - applet, bdo, br, font, iframe, isindex, param, script + ondblclick - applet, bdo, br, font, iframe, isindex, param, script + onkeydown - applet, bdo, br, font, iframe, isindex, param, script + onkeypress - applet, bdo, br, font, iframe, isindex, param, script + onkeyup - applet, bdo, br, font, iframe, isindex, param, script + onmousedown - applet, bdo, br, font, iframe, isindex, param, script + onmousemove - applet, bdo, br, font, iframe, isindex, param, script + onmouseout - applet, bdo, br, font, iframe, isindex, param, script + onmouseover - applet, bdo, br, font, iframe, isindex, param, script + onmouseup - applet, bdo, br, font, iframe, isindex, param, script + style - param, script + title - param, script + xml:lang - applet, br, iframe, param, script + + +-- 5.3 CSS 2.1 properties accepting URLs ------------------------o + + + background + background-image + content + cue-after + cue-before + cursor + list-style + list-style-image + play-during + + +-- 5.4 Microsoft Windows 1252 character replacements --------------o + + + Key: 'd' double, 'l' left, 'q' quote, 'r' right, 's.' single + + Code-point (decimal) - hexadecimal value - replacement entity - represented character + + 127 - 7f - (removed) - (not used) + 128 - 80 - € - euro + 129 - 81 - (removed) - (not used) + 130 - 82 - ‚ - baseline s. q + 131 - 83 - ƒ - florin + 132 - 84 - „ - baseline d q + 133 - 85 - … - ellipsis + 134 - 86 - † - dagger + 135 - 87 - ‡ - d dagger + 136 - 88 - ˆ - circumflex accent + 137 - 89 - ‰ - permile + 138 - 8a - Š - S Hacek + 139 - 8b - ‹ - l s. guillemet + 140 - 8c - Œ - OE ligature + 141 - 8d - (removed) - (not used) + 142 - 8e - Ž - Z dieresis + 143 - 8f - (removed) - (not used) + 144 - 90 - (removed) - (not used) + 145 - 91 - ‘ - l s. q + 146 - 92 - ’ - r s. q + 147 - 93 - “ - l d q + 148 - 94 - ” - r d q + 149 - 95 - • - bullet + 150 - 96 - – - en dash + 151 - 97 - — - em dash + 152 - 98 - ˜ - tilde accent + 153 - 99 - ™ - trademark + 154 - 9a - š - s Hacek + 155 - 9b - › - r s. guillemet + 156 - 9c - œ - oe ligature + 157 - 9d - (removed) - (not used) + 158 - 9e - ž - z dieresis + 159 - 9f - Ÿ - Y dieresis + + +-- 5.5 URL format -------------------------------------------------o + + + An `absolute` URL has a 'protocol' or 'scheme', a 'network location' or 'hostname', and, optional 'path', 'parameters', 'query' and 'fragment' segments. Thus, an absolute URL has this generic structure: + + (scheme) : (//network location) /(path) ;(parameters) ?(query) #(fragment) + + The schemes can only contain letters, digits, '+', '.' and '-'. Hostname is the portion after the '//' and up to the first '/' (if any; else, up to the end) when ':' is followed by a '//' (e.g., 'abc.com' in 'ftp://abc.com/def'); otherwise, it consists of everything after the ':' (e.g., 'def@abc.com' in mailto:def@abc.com'). + + `Relative` URLs do not have explicit schemes and network locations; such values are inherited from a `base` URL. + + +-- 5.6 Brief on htmLawed code -------------------------------------o + + + Much of the code's logic and reasoning can be understood from the documentation above. + + The *output* of htmLawed is a text string containing the processed input. There is no custom error tracking. + + *Function arguments* for htmLawed are: + + * '$in' - 1st argument; a text string; the *input text* to be processed. Any extraneous slashes added by PHP when `magic quotes` are enabled should be removed beforehand using PHP's 'stripslashes()' function. + + * '$config' - 2nd argument; an associative array; optional (named '$C' in htmLawed code). The array has keys with names like 'balance' and 'keep_bad', and the values, which can be boolean, string, or array, depending on the key, are read to accordingly set the *configurable parameters* (indicated by the keys). All configurable parameters receive some default value if the value to be used is not specified by the user through '$config'. `Finalized` '$config' is thus a filtered and possibly larger array. + + * '$spec' - 3rd argument; a text string; optional. The string has rules, written in an htmLawed-designated format, *specifying* element-specific attribute and attribute value restrictions. Function 'hl_spec()' is used to convert the string to an associative-array for internal use. `Finalized` '$spec' is thus an array. + + `Finalized` '$config' and '$spec' are made *global variables* while htmLawed is at work. Values of any pre-existing global variables with same names are noted, and their values are restored after htmLawed finishes processing the input (to capture the `finalized` values, the 'show_settings' parameter of '$config' should be used). Depending on '$config', another global variable 'hl_Ids', to track 'id' attribute values for uniqueness, may be set. Unlike the other two variables, this one is not reset (or unset) post-processing. + + Except for the main function 'htmLawed()' and the functions 'kses()' and 'kses_hook()', htmLawed's functions are *name-spaced* using the 'hl_' prefix. The *functions* and their roles are: + + * 'hl_attrval' - checking attribute values against $spec + * 'hl_bal' - tag balancing + * 'hl_cmtcd' - handling CDATA sections and HTML comments + * 'hl_ent' - entity handling + * 'hl_prot' - checking a URL scheme/protocol + * 'hl_regex' - checking syntax of a regular expression + * 'hl_spec' - converting user-supplied $spec value to one used by htmLawed internally + * 'hl_tag' - handling tags + * 'hl_tag2' - transforming tags + * 'hl_tidy' - compact/beautify HTML + * 'hl_version' - reporting htmLawed version + * 'htmLawed' - main function + * 'kses' - main function of 'kses' + * 'kses_hook' - hook function of 'kses' + + The last two are for compatibility with pre-existing code using the 'kses' script. htmLawed's 'kses()' basically passes on the filtering task to 'htmLawed()' function after deciphering '$config' and '$spec' from the argument values supplied to it. 'kses_hook()' is an empty function and is meant for being filled with custom code if the 'kses' script users were using one. + + 'htmLawed()' finalizes '$spec' (with the help of 'hl_spec()') and '$config', and globalizes them. Finalization of '$config' involves setting default values if an inappropriate or invalid one is supplied. This includes calling 'hl_regex()' to check well-formedness of regular expression patterns if such expressions are user-supplied through '$config'. 'htmLawed()' then removes invalid characters like nulls and 'x01' and appropriately handles entities using 'hl_ent()'. HTML comments and CDATA sections are identified and treated as per '$config' with the help of 'hl_cmtcd()'. When retained, the '<' and '>' characters identifying them, and the '<', '>' and '&' characters inside them, are replaced with control characters (code-points '1' to '5') till any tag balancing is completed. + + After this `initial processing` 'htmLawed()' identifies tags using regex and processes them with the help of 'hl_tag()' -- a large function that analyzes tag content, filtering it as per HTML standards, '$config' and '$spec'. Among other things, 'hl_tag()' transforms deprecated elements using 'hl_tag2()', removes attributes from closing tags, checks attribute values as per '$spec' rules using 'hl_attrval()', and checks URL protocols using 'hl_prot()'. 'htmLawed()' performs tag balancing and nesting checks with a call to 'hl_bal()', and optionally compacts/beautifies the output with proper white-spacing with a call to 'hl_tidy()'. The latter temporarily replaces white-space, and '<', '>' and '&' characters inside 'pre', 'script' and 'textarea' elements, and HTML comments and CDATA sections with control characters (code-points '1' to '5', and '7'). + + htmLawed permits the use of custom code or *hook functions* at two stages. The first, called inside 'htmLawed()', allows the input text as well as the finalized $config and $spec values to be altered right after the initial processing (see section:- #3.7). The second is called by 'hl_tag()' once the tag content is finalized (see section:- #3.4.9). + + Being dictated by the external and stable HTML standard, htmLawed's objective is very clear-cut and less concerned with tweakability. The code is only minimally annotated with comments -- it is not meant to instruct; PHP developers familiar with the HTML specs will see the logic, and others can always refer to the htmLawed documentation. The compact structuring of the statements is meant to aid in quickly grasping the logic, at least when viewed with code syntax highlighted. + +___________________________________________________________________oo + + +@@description: htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter +@@encoding: utf-8 +@@keywords: htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements +@@language: en +@@title: htmLawed documentation
\ No newline at end of file diff --git a/extlib/htmLawed/htmLawed_TESTCASE.txt b/extlib/htmLawed/htmLawed_TESTCASE.txt new file mode 100644 index 000000000..366465ce3 --- /dev/null +++ b/extlib/htmLawed/htmLawed_TESTCASE.txt @@ -0,0 +1,370 @@ +/* +htmLawed_TESTCASE.txt, 23 April 2009 +htmLawed 1.1.8.1, 16 July 2009 +Copyright Santosh Patnaik +GPL v3 license +A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed +*/ + +This file has UTF-8-encoded text with both correct and incorrect/malformed HTML/XHTML code snippets to test htmLawed (test cases/samples). The entire text may also be used as a unit. + +************************************************ +when viewing this file in a web browser, set the +character encoding to Unicode/UTF-8 +************************************************ + +--------------------- start -------------------- + +<em>Try different $config and $spec values. Some text even when filtered in will not be displayed in a rendered web-page</em><br /> + +<h6>Attributes</h6> + +<strong>Xml:lang:</strong><a lang="en" xml:lang="en"></a>, <a lang="en"></a>, <a xml:lang="en"></a><br /> +<strong>Standard, predefined value, or empty attribute:</strong> <input type="text" disabled />, <input type="text" disabled="DISABLED" />, <input type="text" disabled="1" /><br /> +<strong>Required:</strong> <img />, <img alt="image" /><br /> +<strong>Quote & space variation:</strong> <a id=id1 name=xy>a</a>, <a id='id2' name="xy">a</a>, <a id=' id3 ' name = "n" >a</a><br /> +<strong>Invalid:</strong> <a id="id4" src="s">a</a><br /> +<strong>Duplicated:</strong> <a id="id5" id="id6">a</a><br /> +<strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr noshade="noshade" /><br /> +<strong>Casing:</strong> <a HREF=""></a><br /> +<strong>Admin-restricted?:</strong> <a href="x" onclick="alert();"></a> + +<h6>Attribute values</h6> + +<strong>Duplicate ID value:</strong><a id="id8"></a>, <a id="my_id8"></a>, <a id="id8"></a><br /> +(try 'my_' for prefix)<br /> +<strong>Double-quotes in value:</strong><a title=ab"c"></a>, <a title="ab"c"></a>, <a title='ab"c'></a><br /> +(try filter for CSS expression)<br /> +<strong>CSS expression</strong>: <div style="prop:expression();"></div><div style="prop:expression()"></div><div style="prop: expression();"></div><div style="prop : expression()"></div><div style="prop:expression(js);"></div><div style="prop:expression(js;)"></div><div style="prop: expression('js');"></div><div style="prop : expr ession('js':)"></div><div style="prop:expression( 'js@ );"></div><br /> +<strong>Other:</strong> <input size="50" class="my" value="an input an input an input" />, <input size="5" class="your" value="an input" /><br /> +(try 'maxlen', 'maxval', etc., for 'input' in '$spec') + +<h6>Blockquotes</h6> + +<blockquote>abc</blockquote><br /> +<blockquote>abc<div>def</div></blockquote><br /> +<blockquote><div>abc</div>def</blockquote><br /> +<blockquote>abc<div>def</div>ghi</blockquote><br /> +abc<div>def</div>ghi<br /> +(try with blockquote parent) + +<h6>CDATA sections</h6> + +<strong>Special characters inside:</strong> <![CDATA[ ]]> ]]>, <![CDATA[ 3 < 4 > 3.5, & 4 > 4 ]]><br /> +<strong>Normal:</strong> <![CDATA[ check ]]>, <em>CDATA follows:<![CDATA[ check ]]></em><br /> +<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, <![CDATA check ]]>, < ![CDATA check ] ]><br /> +<strong>Invalid:</strong> <em <![CDATA[ check ]]>>CDATA in tag content</em>, <table><![CDATA[ check ]]><tr><td>text not allowed</td></tr></table> + +<h6>Complex-1: deprecated elements</h6> + +<center> +The PHP <s>software</s> script used for this <strike>web-page</strike> webpage is <font style="font-weight: bold " face=arial size='+3' color = "red ">htmLawedTest.php</font>, from <u style= 'color:green'>PHP Labware</u>. +</center> + +<h6>Complex-2: deprecated attributes</h6> + +<img src="s" alt="a" name="n" /><img src="s" alt="a" id="id9" name="n" /> +<br clear="left" /> +<hr noshade size="1" /> +<img name="id10" src="s" align="left" alt="image" hspace="10" vspace="10" width="10em" height="20" border="1" style="padding:5px;" /> +<table width="50em" align="center" bgcolor="red"> + <tr> + <td width="20%"> + <div align="center"> + <h3 align="right">Section</h3> + <p align="right">Para</p> + <ol type="a" start="e"><li value="x"><a name="x">First</a> <a name="x" id="id11">item</a></li></ol> + </div> + </td> + <td width="*"> + <ol type="1"><li>First item</li></ol> + </td> + </tr> + </table> +<br clear="all" /> + +<h6>Complex-3: embed, object, area</h6> + +<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/ls7gi1VwdIQ"></param><embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed></object><br /> + +<embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed><br /> + +<object data="1.gif" type="image/gif" usemap="#map1"><map name="map1"> +<p>navigate the site: <a href="1" shape="REct" coOrds="0,0,118,28">1</a> | <a href="3" shape="circle" coords="184,200,60">3</a> | <a href="4" shape="poly" coords="276,0,276,28,100,200,50,50,276,0">4</a></p> +<area href="5" shape="Rect" coords="0,0,118,28"> +</map></object> + +<h6>Complex-4: nested and other tables</h6> + +<table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br /> +<strong>PCDATA wrong:</strong> <table>Well<caption>Hello</caption></table><br /> +<strong>Missing tr:</strong> <table><td>Well</td></table><br /> + +<h6>Complex-5: pseudo, disallowed or non-HTML tags</h6> + +(Try different 'keep_bad' values) +<*> Pseudotags <*> +<xml>Non-HTML tag xml</xml> +<p> +Disallowed tag p +</p> +<ul>Bad<li>OK</li></ul> + +<h6>Elements</h6> + +<strong>Unbalanced:</strong> <a href="h"><em>check</a></em><br /> +<strong>Non-XHTML:</strong> <div><center><dir></dir></center></div><br /> +<strong>Malformed:</strong> < a href=""></a>, <a href="" ></a>, <a href="" ></a>, <a href="" +></a>, <a href="">< /a>, < a href=""></a >, <img src="s" alt="a" />, <img src="s" alt="a"/ >, <imgsrc="s" alt="a" /><br /> +<strong>Invalid:</strong> <image src="s" alt="a" /><br /> +<strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a"></img>, <img src="s" alt="a">text</img><br /> +<strong>Content invalid:</strong> <a href="h">1<a>2</a></a><br /> +<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent) +<strong>Casing:</strong> <A href=""></a> + +<h6>Entities</h6> + +<strong>Special:</strong> & 3 < 2 & 5>4 and j >i >a & i<j>a<br /> +<strong>Padding:</strong> B B f f  <br /> +<strong>Malformed:</strong> & #x27;, &x27;, ' &TILDE;, &tilde<br /> +<strong>Invalid:</strong> , �, , �, , &bad;<br /> +<strong>Discouraged characters:</strong> , „, , <br /> +<strong>Context:</strong> '>', <?<br /> +<strong>Casing:</strong> ', ', &TILDE;, ˜ +<br /> +(also check named-to-numeric and hexdec-to-decimal, and vice versa, conversions) + +<h6>Format</h6> + +<strong>Valid but ill-formatted:</strong> text <!-- comment --> +text <!-- +A c o m m e n t --> +<script> + <![CDATA[ + code + ]]> +</script><!-- comment --><![CDATA[ cdata ]]> <a>text</b> text<pre id="none">p r e</pre> +<textarea>text</textarea> <textarea> + text text +</textarea> text text <br /><hr /> +text <img src="none" alt="none" /> t<em class="none">e<strong>x</strong>t</em> +text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b> + <a href="a"> text <img src="none" alt="none" /> <b>t <em> e <strong> x </strong> t</em></b> + </a> +<span style="background-color: yellow;">text <img src="none" alt="none" /> <b> <em> t e <strong> x </strong> t</em></b></span> +<script>script</script> +<div> + <pre id="none">p <a>r</a> e <!-- comment --> </pre> + <pre> + pre + </pre> +</div> +<div><div><table border="1" style="background-color: red;"><tr><td>Cell</td><td colspan="2" rowspan="2"><table border="1" style="background-color: green;"><tr><td>Cell</td><td colspan="2" rowspan="2"></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></div></div> +(try to compact or beautify) + +<h6>Forms</h6> + +(note nesting of 'form', missing required attributes, etc.)<br /> +<form> +<script type="text/javascript">s</script> +<fieldset><legend>p</legend>l <input name="personal_lastname" type="text" tabindex="1"></fieldset> +<input name="h" type="checkbox" value="h" tabindex="20"> h +<textarea name="t">t</textarea> +<form action="a" method="get"></form></form><br /> +<form action="b" method="get"><p><input type="text" value="i" /></form><br /> +<form>B:<input type="text" value="b" />C:<input type="text" value="c" /></form><br /> +(try each of these lines separately)<br /> +<form action="a">what<br /> +<form action="a">what +(try with container as div and as form)<br /> +<form>c <a>a</a> <b>b</b><input /><script>s</script> + +<h6>HTML comments (also CDATA)</h6> + +Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> +Normal: <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> +Malformed: <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> +Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> + +<h6>Ins-Del</h6> + +(depending on context, these elements can be of either block or inline type)<br /> +<p><ins datetime="d" cite="c"><div>block</div></ins></p><br /> +<p><del>d</del></p><br /> +<p><ins><del>d</del></ins></p><div><ins><p><del><div>d</div></del></p></ins></div><ins><div>d</div></ins> + +<h6>Lists</h6> + +<strong>Invalid character data</strong>: <ul><li>(item</li>)</ul><br /> +<strong>Definition list</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b</dt><dd>second</dd></dl><br /> +<strong>Definition list, close-tags omitted</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b<dd>second</dl><br /> +<strong>Definition lists, nested</strong>: <dl> + <dt>T1</dt> + <dd>D1</dd> + <dt>T2</dt> + <dd>D2<dl><dt>t1</dt><dd>d1</dd><dt>t2</dt><dd>d2</dd></dl></dd> + <dt>T3</dt> + <dd>D3</dd> + <dt>T4</dt> + <dd>D4<dl><dt>t1</dt><dd>d1</dd></dl></dd> +</dl><br /> +<strong>Definition lists, nested, close-tags omitted</strong>: <dl> + <dt>T1 + <dd>D1</dd> + <dt>T2</dt> + <dd>D2<dl><dt>t1<dd>d1<dt>t2</dt><dd>d2</dd></dl></dd> + <dt>T3 + <dd>D3 + <dt>T4 + <dd>D4<dl><dt>t1<dd>d1</dl></dd> +</dl><br /> +<strong>Nested</strong>: <ul> + <li>l1</li> + <li>l2<ol><li>lo1</li><li>lo2</li></ol></li> + <li>l3</li> + <li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li> +</ul><br /> +<strong>Nested, close-tags omitted</strong>: <ul> + <li>l1</li> + <li>l2<ol><li>lo1<li>lo2</ol> + <li>l3 + <li>l4<ol><li>lo3<li>lo4<ol><li>lo5</ol></ol> +</ul><br /> +<strong>Complex</strong>: +<ol><script></script><li><table><tr><td> +<ul><li id="search" class="widget widget_search"> <form id="searchform" method="get" action="http://kohei.us"> + <div> + + <input type="text" name="s" id="s" size="15" /><br /> + <input type="submit" value="Search" /> + </div> + </form> + </li></ul> +</td></tr></table></li></ol> + +<h6>Non-English text-1</h6> + +Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br /> +გთხოვთ ახლავე გაიაროთ რეგისტრაცია<br /> +večjezično računalništvo<br /> +<a title="הירשמו +כעת לכנס ">Зарегистрируйтесь сейчас +на Десятую Международную Конференцию по</a><br /> +(this file should have utf-8 encoding; some characters may not be displayed because of missing fonts, etc.) + +<h6>Non-English text-2: entities</h6> + +用统一码<br /> +გთხოვთ<br /> +Inscreva-se agora para a Décima Conferência Internacional Sobre O Unicode, realizada entre os dias 10 e 12 de março de 1997 em Mainz +na Alemanha. + +<h6>Ruby</h6> + +(need compatible browser)<br /> +<ruby xml:lang="ja"> + <rbc> + <rb>斎</rb> + <rb>藤</rb> + <rb>信</rb> + <rb>男</rb> + </rbc> + <rtc class="reading"> + <rt>さい</rt> + <rt>とう</rt> + <rt>のぶ</rt> + <rt>お</rt> + </rtc> + <rtc class="annotation"> + <rt rbspan="4" xml:lang="en">W3C Associate Chairman</rt> + </rtc> +</ruby><br /> +<ruby> + <rb>WWW</rb> + <rp>(</rp><rt>World Wide Web</rt><rp>)</rp> +</ruby><br /> +<ruby> + A + <rp>(</rp><rt>aaa</rt><rp>)</rp> +</ruby> + +<h6>Tables</h6> + +<strong>Omitted closing tags:</strong> <table> +<colgroup><col style="x" /><col style="y" /> +<thead> +<tr><th>h1c1<th>h1c2 +<tbody> +<tr><td>r1c1<td>r1c2 +<tr><td>r2c1<td>r2c2 +</table><br /> +<strong>Nested, omitted closing tags:</strong> <table> +<colgroup><col style="x" /><col style="y" /> +<thead> +<tr><th>h1c1<th>h1c2 +<tbody> +<tr><td>r1c1<td>r1c2<table> +<colgroup><col style="x" /><col style="y" /> +<thead> +<tr><th>h1c1<th>h1c2 +<tbody> +<tr><td>r1c1<td>r1c2 +<tr><td>r2c1<td>r2c2 +</table> +<tr><td>r2c1<td>r2c2 +</table><br /> + +<h6>URLs</h6> + +<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br /> +(try base URL value of 'http://a.com/b/')<br /> +<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL("a.gif");"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: url('js:xss')"></div><br /> +<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f"></a><br /> + +<h6>XSS</h6> + +'';!--"<xss>=&{()}<br /> +<img src="javascript%3Aalert('xss');" /><br /> +<img src="javascript:alert('xss');" /><br /> +<img src="java script:alert('xss');" /><br /> +<img +src=javascript:alert('XSS') /><br /> +<div style="javascript:alert('xss');"></div><br /> +<div style="background-image:url(javascript:alert('xss'));"></div><br /> +<div style="background-image:url("javascript:alert('xss')" );"></div><br /> +<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br /> +<script a=">" src="http://ha.ckers.org/xss.js"></script><br /> +<div style="background-image: url('js:xss')"></div><br /> +<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br /> +<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert +%28%27xss%3f%29%29">x</a><br /> +<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/* */ression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: exp /* */ression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background:/* x */expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="xxx" style="background:/* */ */expression(alert('xss'));">xxx</a><br /> +<strong>Bad IE7:</strong> <a href="x" style="width: /****/**;;;;;;*/expression/**/(alert('xss'));">x</a><br /> +<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background:/**/expression(alert('xss'));">x</a><br /> +<strong>Bad IE7:</strong> <a href="x" style="background: huh /* */ */expression(alert('xss'));">x</a><br /> +<strong>Bad IE7:</strong> <a href="x" style="background:/**/expression(alert('xss'));background:/**/expression(alert('xss'));">x</a><br /> +<strong>Bad IE7:</strong> exp/*<a style='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>x</a><br /> +<strong>Bad IE7:</strong> <a style="background:Expre\ssion(alert('xss'));">hi</a><br /> +<strong>Bad IE7:</strong> <a style="background:expre\ssion(alert('xss'));">hi</a><br /> +<strong>Bad IE7:</strong> <a style="color: \0065 \0078 \0070 \0072 \0065 \0073 \0073 \0069 \006f \006e \0028 \0061 \006c \0065 \0072 \0074 \0028 \0031 \0029 \0029">test</a><br /> +<strong>Bad IE7:</strong> <a style="xss:e\0078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br /> +<strong>Bad IE7:</strong> <a style="background:url('java +script:eval(document.all.mycode.expr)')">hi</a><br /> + +<h6>Other</h6> + +3 < 4 <br /> +3 > 4 <br /> + > 3 <br />
\ No newline at end of file diff --git a/htaccess.sample b/htaccess.sample index 634900dbf..942e98334 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -1,12 +1,14 @@ -RewriteEngine On +<IfModule mod_rewrite.c> + RewriteEngine On -# NOTE: change this to your actual Laconica path; may be "/". + # NOTE: change this to your actual Laconica path; may be "/". -RewriteBase /mublog/ + RewriteBase /mublog/ -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d -RewriteRule (.*) index.php?p=$1 [L,QSA] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule (.*) index.php?p=$1 [L,QSA] +</IfModule> <FilesMatch "\.(ini)"> Order allow,deny @@ -107,8 +107,27 @@ function checkMirror($action_obj, $args) function main() { + // fake HTTP redirects using lighttpd's 404 redirects + if (strpos($_SERVER['SERVER_SOFTWARE'], 'lighttpd') !== false) { + $_lighty_url = $base_url.$_SERVER['REQUEST_URI']; + $_lighty_url = @parse_url($_lighty_url); + + if ($_lighty_url['path'] != '/index.php' && $_lighty_url['path'] != '/') { + $_lighty_path = preg_replace('/^'.preg_quote(common_config('site','path')).'\//', '', substr($_lighty_url['path'], 1)); + $_SERVER['QUERY_STRING'] = 'p='.$_lighty_path; + if ($_lighty_url['query']) + $_SERVER['QUERY_STRING'] .= '&'.$_lighty_url['query']; + parse_str($_lighty_url['query'], $_lighty_query); + foreach ($_lighty_query as $key => $val) { + $_GET[$key] = $_REQUEST[$key] = $val; + } + $_GET['p'] = $_REQUEST['p'] = $_lighty_path; + } + } + $_SERVER['REDIRECT_URL'] = preg_replace("/\?.+$/", "", $_SERVER['REQUEST_URI']); + // quick check for fancy URL auto-detection support in installer. - if (isset($_SERVER['REDIRECT_URL']) && ((dirname($_SERVER['REQUEST_URI']) . '/check-fancy') === $_SERVER['REDIRECT_URL'])) { + if (isset($_SERVER['REDIRECT_URL']) && (preg_replace("/^\/$/","",(dirname($_SERVER['REQUEST_URI']))) . '/check-fancy') === $_SERVER['REDIRECT_URL']) { die("Fancy URL support detection succeeded. We suggest you enable this to get fancy (pretty) URLs."); } global $user, $action; @@ -163,11 +182,20 @@ function main() // If the site is private, and they're not on one of the "public" // parts of the site, redirect to login - if (!$user && common_config('site', 'private') && - !in_array($action, array('login', 'openidlogin', 'finishopenidlogin', - 'recoverpassword', 'api', 'doc', 'register'))) { - common_redirect(common_local_url('login')); - return; + if (!$user && common_config('site', 'private')) { + $public_actions = array('openidlogin', 'finishopenidlogin', + 'recoverpassword', 'api', 'doc'); + $login_action = 'openidlogin'; + if (!common_config('site', 'openidonly')) { + $public_actions[] = 'login'; + $public_actions[] = 'register'; + $login_action = 'login'; + } + if (!in_array($action, $public_actions) && + !preg_match('/rss$/', $action)) { + common_redirect(common_local_url($login_action)); + return; + } } $action_class = ucfirst($action).'Action'; diff --git a/install.php b/install.php index 570b08edf..9bcee275f 100644 --- a/install.php +++ b/install.php @@ -43,12 +43,12 @@ function checkPrereqs() $pass = false; } - if (version_compare(PHP_VERSION, '5.0.0', '<')) { - ?><p class="error">Require PHP version 5 or greater.</p><?php + if (version_compare(PHP_VERSION, '5.2.3', '<')) { + ?><p class="error">Require PHP version 5.2.3 or greater.</p><?php $pass = false; } - $reqs = array('gd', 'mysql', 'curl', + $reqs = array('gd', 'curl', 'xmlwriter', 'mbstring', 'gettext'); @@ -58,6 +58,10 @@ function checkPrereqs() $pass = false; } } + if (!checkExtension('pgsql') && !checkExtension('mysql')) { + ?><p class="error">Cannot find mysql or pgsql extension. You need one or the other: <code><?php echo $req; ?></code></p><?php + $pass = false; + } if (!is_writable(INSTALLDIR)) { ?><p class="error">Cannot write config file to: <code><?php echo INSTALLDIR; ?></code></p> @@ -66,17 +70,16 @@ function checkPrereqs() $pass = false; } - if (!is_writable(INSTALLDIR.'/avatar/')) { - ?><p class="error">Cannot write avatar directory: <code><?php echo INSTALLDIR; ?>/avatar/</code></p> - <p>On your server, try this command: <code>chmod a+w <?php echo INSTALLDIR; ?>/avatar/</code></p> - <? - $pass = false; - } - if (!is_writable(INSTALLDIR.'/background/')) { - ?><p class="error">Cannot write background directory: <code><?php echo INSTALLDIR; ?>/background/</code></p> - <p>On your server, try this command: <code>chmod a+w <?php echo INSTALLDIR; ?>/background/</code></p> - <? - $pass = false; + // Check the subdirs used for file uploads + $fileSubdirs = array('avatar', 'background', 'file'); + foreach ($fileSubdirs as $fileSubdir) { + $fileFullPath = INSTALLDIR."/$fileSubdir/"; + if (!is_writable($fileFullPath)) { + ?><p class="error">Cannot write <?php echo $fileSubdir; ?> directory: <code><?php echo $fileFullPath; ?></code></p> + <p>On your server, try this command: <code>chmod a+w <?php echo $fileFullPath; ?></code></p> + <?php + $pass = false; + } } return $pass; @@ -127,7 +130,15 @@ function showForm() <p class="form_guide">Database hostname</p> </li> <li> - <label for="host">Database</label> + + <label for="dbtype">Type</label> + <input type="radio" name="dbtype" id="fancy-mysql" value="mysql" checked='checked' /> MySQL<br /> + <input type="radio" name="dbtype" id="dbtype-pgsql" value="pgsql" /> PostgreSQL<br /> + <p class="form_guide">Database type</p> + </li> + + <li> + <label for="database">Name</label> <input type="text" id="database" name="database" /> <p class="form_guide">Database name</p> </li> @@ -139,7 +150,7 @@ function showForm() <li> <label for="password">Password</label> <input type="password" id="password" name="password" /> - <p class="form_guide">Database password</p> + <p class="form_guide">Database password (optional)</p> </li> </ul> <input type="submit" name="submit" class="submit" value="Submit" /> @@ -152,7 +163,7 @@ E_O_T; function updateStatus($status, $error=false) { ?> - <li <?php echo ($error) ? 'class="error"': ''; ?>><?print $status;?></li> + <li <?php echo ($error) ? 'class="error"': ''; ?>><?php echo $status;?></li> <?php } @@ -163,11 +174,15 @@ function handlePost() <?php $host = $_POST['host']; + $dbtype = $_POST['dbtype']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $sitename = $_POST['sitename']; $fancy = !empty($_POST['fancy']); + $server = $_SERVER['HTTP_HOST']; + $path = substr(dirname($_SERVER['PHP_SELF']), 1); + ?> <dl class="system_notice"> <dt>Page notice</dt> @@ -191,84 +206,189 @@ function handlePost() $fail = true; } - if (empty($password)) { - updateStatus("No password specified.", true); - $fail = true; - } +// if (empty($password)) { +// updateStatus("No password specified.", true); +// $fail = true; +// } if (empty($sitename)) { updateStatus("No sitename specified.", true); $fail = true; } - if($fail){ - showForm(); - return; - } - - updateStatus("Starting installation..."); - updateStatus("Checking database..."); - $conn = mysql_connect($host, $username, $password); - if (!$conn) { - updateStatus("Can't connect to server '$host' as '$username'.", true); - showForm(); + if($fail){ + showForm(); return; } - updateStatus("Changing to database..."); - $res = mysql_select_db($database, $conn); - if (!$res) { - updateStatus("Can't change to database.", true); - showForm(); - return; + + switch($dbtype) { + case 'mysql': + $db = mysql_db_installer($host, $database, $username, $password); + break; + case 'pgsql': + $db = pgsql_db_installer($host, $database, $username, $password); + break; + default: } - updateStatus("Running database script..."); - $res = runDbScript(INSTALLDIR.'/db/laconica.sql', $conn); - if ($res === false) { - updateStatus("Can't run database script.", true); - showForm(); - return; - } - foreach (array('sms_carrier' => 'SMS carrier', - 'notice_source' => 'notice source', - 'foreign_services' => 'foreign service') - as $scr => $name) { - updateStatus(sprintf("Adding %s data to database...", $name)); - $res = runDbScript(INSTALLDIR.'/db/'.$scr.'.sql', $conn); - if ($res === false) { - updateStatus(sprintf("Can't run %d script.", $name), true); - showForm(); - return; - } + + if (!$db) { + // database connection failed, do not move on to create config file. + return false; } + updateStatus("Writing config file..."); - $sqlUrl = "mysqli://$username:$password@$host/$database"; - $res = writeConf($sitename, $sqlUrl, $fancy); + $res = writeConf($sitename, $server, $path, $fancy, $db); + if (!$res) { updateStatus("Can't write config file.", true); showForm(); return; } - updateStatus("Done!"); - if ($path) $path .= '/'; - updateStatus("You can visit your <a href='/$path'>new Laconica site</a>."); + + /* + TODO https needs to be considered + */ + $link = "http://".$server.'/'.$path; + + updateStatus("Laconica has been installed at $link"); + updateStatus("You can visit your <a href='$link'>new Laconica site</a>."); ?> <?php } -function writeConf($sitename, $sqlUrl, $fancy) +function pgsql_db_installer($host, $database, $username, $password) { + $connstring = "dbname=$database host=$host user=$username"; + + //No password would mean trust authentication used. + if (!empty($password)) { + $connstring .= " password=$password"; + } + updateStatus("Starting installation..."); + updateStatus("Checking database..."); + $conn = pg_connect($connstring); + + if ($conn ===false) { + updateStatus("Failed to connect to database: $connstring"); + showForm(); + return false; + } + + //ensure database encoding is UTF8 + $record = pg_fetch_object(pg_query($conn, 'SHOW server_encoding')); + if ($record->server_encoding != 'UTF8') { + updateStatus("Laconica requires UTF8 character encoding. Your database is ". htmlentities($record->server_encoding)); + showForm(); + return false; + } + + updateStatus("Running database script..."); + //wrap in transaction; + pg_query($conn, 'BEGIN'); + $res = runDbScript(INSTALLDIR.'/db/laconica_pg.sql', $conn, 'pgsql'); + + if ($res === false) { + updateStatus("Can't run database script.", true); + showForm(); + return false; + } + foreach (array('sms_carrier' => 'SMS carrier', + 'notice_source' => 'notice source', + 'foreign_services' => 'foreign service') + as $scr => $name) { + updateStatus(sprintf("Adding %s data to database...", $name)); + $res = runDbScript(INSTALLDIR.'/db/'.$scr.'.sql', $conn, 'pgsql'); + if ($res === false) { + updateStatus(sprintf("Can't run %d script.", $name), true); + showForm(); + return false; + } + } + pg_query($conn, 'COMMIT'); + + if (empty($password)) { + $sqlUrl = "pgsql://$username@$host/$database"; + } + else { + $sqlUrl = "pgsql://$username:$password@$host/$database"; + } + + $db = array('type' => 'pgsql', 'database' => $sqlUrl); + + return $db; +} + +function mysql_db_installer($host, $database, $username, $password) { + updateStatus("Starting installation..."); + updateStatus("Checking database..."); + + $conn = mysql_connect($host, $username, $password); + if (!$conn) { + updateStatus("Can't connect to server '$host' as '$username'.", true); + showForm(); + return false; + } + updateStatus("Changing to database..."); + $res = mysql_select_db($database, $conn); + if (!$res) { + updateStatus("Can't change to database.", true); + showForm(); + return false; + } + updateStatus("Running database script..."); + $res = runDbScript(INSTALLDIR.'/db/laconica.sql', $conn); + if ($res === false) { + updateStatus("Can't run database script.", true); + showForm(); + return false; + } + foreach (array('sms_carrier' => 'SMS carrier', + 'notice_source' => 'notice source', + 'foreign_services' => 'foreign service') + as $scr => $name) { + updateStatus(sprintf("Adding %s data to database...", $name)); + $res = runDbScript(INSTALLDIR.'/db/'.$scr.'.sql', $conn); + if ($res === false) { + updateStatus(sprintf("Can't run %d script.", $name), true); + showForm(); + return false; + } + } + + $sqlUrl = "mysqli://$username:$password@$host/$database"; + $db = array('type' => 'mysql', 'database' => $sqlUrl); + return $db; +} + +function writeConf($sitename, $server, $path, $fancy, $db) { - $res = file_put_contents(INSTALLDIR.'/config.php', - "<?php\n". - "if (!defined('LACONICA')) { exit(1); }\n\n". - "\$config['site']['name'] = \"$sitename\";\n\n". - ($fancy ? "\$config['site']['fancy'] = true;\n\n":''). - "\$config['db']['database'] = \"$sqlUrl\";\n\n". - "?>"); + // assemble configuration file in a string + $cfg = "<?php\n". + "if (!defined('LACONICA')) { exit(1); }\n\n". + + // site name + "\$config['site']['name'] = '$sitename';\n\n". + + // site location + "\$config['site']['server'] = '$server';\n". + "\$config['site']['path'] = '$path'; \n\n". + + // checks if fancy URLs are enabled + ($fancy ? "\$config['site']['fancy'] = true;\n\n":''). + + // database + "\$config['db']['database'] = '{$db['database']}';\n\n". + ($db['type'] == 'pgsql' ? "\$config['db']['quote_identifiers'] = true;\n\n":''). + "\$config['db']['type'] = '{$db['type']}';\n\n". + + "?>"; + // write configuration file out to install directory + $res = file_put_contents(INSTALLDIR.'/config.php', $cfg); + return $res; } -function runDbScript($filename, $conn) +function runDbScript($filename, $conn, $type = 'mysql') { $sql = trim(file_get_contents($filename)); $stmts = explode(';', $sql); @@ -277,8 +397,18 @@ function runDbScript($filename, $conn) if (!mb_strlen($stmt)) { continue; } - $res = mysql_query($stmt, $conn); + switch ($type) { + case 'mysql': + $res = mysql_query($stmt, $conn); + break; + case 'pgsql': + $res = pg_query($conn, $stmt); + break; + default: + updateStatus("runDbScript() error: unknown database type ". $type ." provided."); + } if ($res === false) { + updateStatus("FAILED SQL: $stmt"); return $res; } } @@ -287,9 +417,7 @@ function runDbScript($filename, $conn) ?> <?php echo"<?"; ?> xml version="1.0" encoding="UTF-8" <?php echo "?>"; ?> -<!DOCTYPE html -PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US"> <head> <title>Install Laconica</title> diff --git a/js/userdesign.go.js b/js/userdesign.go.js index 70dd9c7de..c53569bea 100644 --- a/js/userdesign.go.js +++ b/js/userdesign.go.js @@ -27,13 +27,14 @@ $(document).ready(function() { } } + /* rgb2hex written by R0bb13 <robertorebollo@gmail.com> */ function rgb2hex(rgb) { rgb = rgb.match(/^rgb\((\d+),\s*(\d+),\s*(\d+)\)$/); - function hex(x) { - hexDigits = new Array("0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F"); - return isNaN(x) ? "00" : hexDigits[(x - x % 16) / 16] + hexDigits[x % 16]; - } - return "#" + hex(rgb[1]) + hex(rgb[2]) + hex(rgb[3]); + return '#' + dec2hex(rgb[1]) + dec2hex(rgb[2]) + dec2hex(rgb[3]); + } + function dec2hex(x) { + hexDigits = new Array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); + return isNaN(x) ? '00' : hexDigits[(x - x % 16) / 16] + hexDigits[x % 16]; } function UpdateColors(S) { diff --git a/js/util.js b/js/util.js index f3ed918cf..e5f117df0 100644 --- a/js/util.js +++ b/js/util.js @@ -17,26 +17,51 @@ */ $(document).ready(function(){ + var counterBlackout = false; + // count character on keyup function counter(event){ var maxLength = 140; var currentLength = $("#notice_data-text").val().length; var remaining = maxLength - currentLength; var counter = $("#notice_text-count"); - counter.text(remaining); + + if (remaining.toString() != counter.text()) { + if (!counterBlackout || remaining == 0) { + if (counter.text() != String(remaining)) { + counter.text(remaining); + } - if (remaining <= 0) { - $("#form_notice").addClass("warning"); - } else { - $("#form_notice").removeClass("warning"); - } + if (remaining < 0) { + $("#form_notice").addClass("warning"); + } else { + $("#form_notice").removeClass("warning"); + } + // Skip updates for the next 500ms. + // On slower hardware, updating on every keypress is unpleasant. + if (!counterBlackout) { + counterBlackout = true; + window.setTimeout(clearCounterBlackout, 500); + } + } + } + } + + function clearCounterBlackout() { + // Allow keyup events to poke the counter again + counterBlackout = false; + // Check if the string changed since we last looked + counter(null); } function submitonreturn(event) { - if (event.keyCode == 13) { + if (event.keyCode == 13 || event.keyCode == 10) { + // iPhone sends \n not \r for 'return' $("#form_notice").submit(); event.preventDefault(); event.stopPropagation(); + $("#notice_data-text").blur(); + $("body").focus(); return false; } return true; @@ -244,7 +269,7 @@ function NoticeReply() { $('#content .notice').each(function() { var notice = $(this)[0]; $($('.notice_reply', notice)[0]).click(function() { - var nickname = ($('.author .nickname', notice).length > 0) ? $($('.author .nickname', notice)[0]) : $('.author .nickname'); + var nickname = ($('.author .nickname', notice).length > 0) ? $($('.author .nickname', notice)[0]) : $('.author .nickname.uid'); NoticeReplySet(nickname.text(), $($('.notice_id', notice)[0]).text()); return false; }); @@ -255,11 +280,16 @@ function NoticeReply() { function NoticeReplySet(nick,id) { rgx_username = /^[0-9a-zA-Z\-_.]*$/; if (nick.match(rgx_username)) { - replyto = "@" + nick + " "; - if ($("#notice_data-text").length) { - $("#notice_data-text").val(replyto); + var text = $("#notice_data-text"); + if (text.length) { + replyto = "@" + nick + " "; + text.val(replyto + text.val().replace(RegExp(replyto, 'i'), '')); $("#form_notice input#notice_in-reply-to").val(id); - $("#notice_data-text").focus(); + if (text.get(0).setSelectionRange) { + var len = text.val().length; + text.get(0).setSelectionRange(len,len); + text.get(0).focus(); + } return false; } } diff --git a/lib/action.php b/lib/action.php index a5244371a..6da9adab5 100644 --- a/lib/action.php +++ b/lib/action.php @@ -193,21 +193,12 @@ class Action extends HTMLOutputter // lawsuit if (Event::handle('StartShowStyles', array($this))) { if (Event::handle('StartShowLaconicaStyles', array($this))) { - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/display.css', null) . '?version=' . LACONICA_VERSION, - 'media' => 'screen, projection, tv')); + $this->cssLink('css/display.css',null,'screen, projection, tv'); if (common_config('site', 'mobile')) { - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/mobile.css', 'base') . '?version=' . LACONICA_VERSION, - // TODO: "handheld" CSS for other mobile devices - 'media' => 'only screen and (max-device-width: 480px)')); // Mobile WebKit + // TODO: "handheld" CSS for other mobile devices + $this->cssLink('css/mobile.css','base','only screen and (max-device-width: 480px)'); // Mobile WebKit } - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/print.css', 'base') . '?version=' . LACONICA_VERSION, - 'media' => 'print')); + $this->cssLink('css/print.css','base','print'); Event::handle('EndShowLaconicaStyles', array($this)); } @@ -253,26 +244,14 @@ class Action extends HTMLOutputter // lawsuit { if (Event::handle('StartShowScripts', array($this))) { if (Event::handle('StartShowJQueryScripts', array($this))) { - $this->element('script', array('type' => 'text/javascript', - 'src' => common_path('js/jquery.min.js')), - ' '); - $this->element('script', array('type' => 'text/javascript', - 'src' => common_path('js/jquery.form.js')), - ' '); - - $this->element('script', array('type' => 'text/javascript', - 'src' => common_path('js/jquery.joverlay.min.js')), - ' '); - + $this->script('js/jquery.min.js'); + $this->script('js/jquery.form.js'); + $this->script('js/jquery.joverlay.min.js'); Event::handle('EndShowJQueryScripts', array($this)); } if (Event::handle('StartShowLaconicaScripts', array($this))) { - $this->element('script', array('type' => 'text/javascript', - 'src' => common_path('js/xbImportNode.js')), - ' '); - $this->element('script', array('type' => 'text/javascript', - 'src' => common_path('js/util.js?version='.LACONICA_VERSION)), - ' '); + $this->script('js/xbImportNode.js'); + $this->script('js/util.js'); // Frame-busting code to avoid clickjacking attacks. $this->element('script', array('type' => 'text/javascript'), 'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }'); @@ -423,6 +402,14 @@ class Action extends HTMLOutputter // lawsuit function showPrimaryNav() { $user = common_current_user(); + $connect = ''; + if (common_config('xmpp', 'enabled')) { + $connect = 'imsettings'; + } else if (common_config('sms', 'enabled')) { + $connect = 'smssettings'; + } else if (common_config('twitter', 'enabled')) { + $connect = 'twittersettings'; + } $this->elementStart('dl', array('id' => 'site_nav_global_primary')); $this->element('dt', null, _('Primary site navigation')); @@ -434,12 +421,9 @@ class Action extends HTMLOutputter // lawsuit _('Home'), _('Personal profile and friends timeline'), false, 'nav_home'); $this->menuItem(common_local_url('profilesettings'), _('Account'), _('Change your email, avatar, password, profile'), false, 'nav_account'); - if (common_config('xmpp', 'enabled')) { - $this->menuItem(common_local_url('imsettings'), - _('Connect'), _('Connect to IM, SMS, Twitter'), false, 'nav_connect'); - } else { - $this->menuItem(common_local_url('smssettings'), - _('Connect'), _('Connect to SMS, Twitter'), false, 'nav_connect'); + if ($connect) { + $this->menuItem(common_local_url($connect), + _('Connect'), _('Connect to services'), false, 'nav_connect'); } if (common_config('invite', 'enabled')) { $this->menuItem(common_local_url('invite'), @@ -452,12 +436,17 @@ class Action extends HTMLOutputter // lawsuit _('Logout'), _('Logout from the site'), false, 'nav_logout'); } else { - if (!common_config('site', 'closed')) { - $this->menuItem(common_local_url('register'), - _('Register'), _('Create an account'), false, 'nav_register'); + if (!common_config('site', 'openidonly')) { + if (!common_config('site', 'closed')) { + $this->menuItem(common_local_url('register'), + _('Register'), _('Create an account'), false, 'nav_register'); + } + $this->menuItem(common_local_url('login'), + _('Login'), _('Login to the site'), false, 'nav_login'); + } else { + $this->menuItem(common_local_url('openidlogin'), + _('OpenID'), _('Login with OpenID'), false, 'nav_openid'); } - $this->menuItem(common_local_url('login'), - _('Login'), _('Login to the site'), false, 'nav_login'); } $this->menuItem(common_local_url('doc', array('title' => 'help')), _('Help'), _('Help me!'), false, 'nav_help'); diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php index f6a1b59d0..41d03f8e2 100644 --- a/lib/attachmentlist.php +++ b/lib/attachmentlist.php @@ -340,7 +340,12 @@ class Attachment extends AttachmentListItem case 'video': case 'link': if (!empty($this->oembed->html)) { - $this->out->raw($this->oembed->html); + require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; + $config = array( + 'safe'=>1, + 'elements'=>'*+object+embed'); + $this->out->raw(htmLawed($this->oembed->html,$config)); + //$this->out->raw($this->oembed->html); } break; diff --git a/lib/common.php b/lib/common.php index 507a2a281..f26155e70 100644 --- a/lib/common.php +++ b/lib/common.php @@ -19,7 +19,7 @@ if (!defined('LACONICA')) { exit(1); } -define('LACONICA_VERSION', '0.8.0'); +define('LACONICA_VERSION', '0.8.1dev'); define('AVATAR_PROFILE_SIZE', 96); define('AVATAR_STREAM_SIZE', 48); @@ -109,6 +109,7 @@ $config = 'broughtbyurl' => null, 'closed' => false, 'inviteonly' => false, + 'openidonly' => false, 'private' => false, 'ssl' => 'never', 'sslserver' => null, @@ -183,11 +184,20 @@ $config = array('piddir' => '/var/run', 'user' => false, 'group' => false), + 'emailpost' => + array('enabled' => true), + 'sms' => + array('enabled' => true), + 'twitter' => + array('enabled' => true), 'twitterbridge' => array('enabled' => false), 'integration' => array('source' => 'Laconica', # source attribute for Twitter 'taguri' => $_server.',2009'), # base for tag URIs + 'twitter' => + array('consumer_key' => null, + 'consumer_secret' => null), 'memcached' => array('enabled' => false, 'server' => 'localhost', diff --git a/lib/connectsettingsaction.php b/lib/connectsettingsaction.php index 30629680e..02c468a35 100644 --- a/lib/connectsettingsaction.php +++ b/lib/connectsettingsaction.php @@ -99,25 +99,27 @@ class ConnectSettingsNav extends Widget function show() { # action => array('prompt', 'title') - $menu = - array('imsettings' => - array(_('IM'), - _('Updates by instant messenger (IM)')), - 'smssettings' => - array(_('SMS'), - _('Updates by SMS')), - 'twittersettings' => - array(_('Twitter'), - _('Twitter integration options'))); + $menu = array(); + if (common_config('xmpp', 'enabled')) { + $menu['imsettings'] = + array(_('IM'), + _('Updates by instant messenger (IM)')); + } + if (common_config('sms', 'enabled')) { + $menu['smssettings'] = + array(_('SMS'), + _('Updates by SMS')); + } + if (common_config('twitter', 'enabled')) { + $menu['twittersettings'] = + array(_('Twitter'), + _('Twitter integration options')); + } $action_name = $this->action->trimmed('action'); $this->action->elementStart('ul', array('class' => 'nav')); foreach ($menu as $menuaction => $menudesc) { - if ($menuaction == 'imsettings' && - !common_config('xmpp', 'enabled')) { - continue; - } $this->action->menuItem(common_local_url($menuaction), $menudesc[0], $menudesc[1], diff --git a/lib/daemon.php b/lib/daemon.php index 9d89c63e7..231f5414e 100644 --- a/lib/daemon.php +++ b/lib/daemon.php @@ -24,6 +24,7 @@ if (!defined('LACONICA')) { class Daemon { var $daemonize = true; + var $_id = 'generic'; function __construct($daemonize = true) { @@ -35,6 +36,16 @@ class Daemon return null; } + function get_id() + { + return $this->_id; + } + + function set_id($id) + { + $this->_id = $id; + } + function background() { $pid = pcntl_fork(); diff --git a/lib/dbqueuemanager.php b/lib/dbqueuemanager.php index a37a8ffdf..19aa9f3ae 100644 --- a/lib/dbqueuemanager.php +++ b/lib/dbqueuemanager.php @@ -22,7 +22,6 @@ * @category QueueManager * @package Laconica * @author Evan Prodromou <evan@controlyourself.ca> - * @author Sarven Capadisli <csarven@controlyourself.ca> * @copyright 2009 Control Yourself, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://laconi.ca/ @@ -86,9 +85,15 @@ class DBQueueManager extends QueueManager $start = time(); $result = null; + $sleeptime = 1; + do { $qi = Queue_item::top($queue); - if (!empty($qi)) { + if (empty($qi)) { + $this->_log(LOG_DEBUG, "No new queue items, sleeping $sleeptime seconds."); + sleep($sleeptime); + $sleeptime *= 2; + } else { $notice = Notice::staticGet('id', $qi->notice_id); if (!empty($notice)) { $result = $notice; @@ -98,6 +103,7 @@ class DBQueueManager extends QueueManager $qi->free(); $qi = null; } + $sleeptime = 1; } } while (empty($result) && (is_null($timeout) || (time() - $start) < $timeout)); @@ -118,7 +124,7 @@ class DBQueueManager extends QueueManager } else { if (empty($qi->claimed)) { $this->_log(LOG_WARNING, 'Reluctantly releasing unclaimed queue item '. - 'for '.$notice->id.', queue '.$queue); + 'for '.$notice->id.', queue '.$queue); } $qi->delete(); $qi->free(); @@ -145,7 +151,7 @@ class DBQueueManager extends QueueManager } else { if (empty($qi->claimed)) { $this->_log(LOG_WARNING, 'Ignoring failure for unclaimed queue item '. - 'for '.$notice->id.', queue '.$queue); + 'for '.$notice->id.', queue '.$queue); } else { $orig = clone($qi); $qi->claimed = null; diff --git a/lib/designsettings.php b/lib/designsettings.php index 1b0e62166..a48ec9d22 100644 --- a/lib/designsettings.php +++ b/lib/designsettings.php @@ -311,13 +311,7 @@ class DesignSettingsAction extends AccountSettingsAction function showStylesheets() { parent::showStylesheets(); - $farbtasticStyle = - common_path('theme/base/css/farbtastic.css?version='.LACONICA_VERSION); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => $farbtasticStyle, - 'media' => 'screen, projection, tv')); + $this->cssLink('css/farbtastic.css','base','screen, projection, tv'); } /** @@ -330,13 +324,8 @@ class DesignSettingsAction extends AccountSettingsAction { parent::showScripts(); - $farbtasticPack = common_path('js/farbtastic/farbtastic.js'); - $userDesignGo = common_path('js/userdesign.go.js'); - - $this->element('script', array('type' => 'text/javascript', - 'src' => $farbtasticPack)); - $this->element('script', array('type' => 'text/javascript', - 'src' => $userDesignGo)); + $this->script('js/farbtastic/farbtastic.js'); + $this->script('js/farbtastic/farbtastic.go.js'); } /** diff --git a/lib/facebookaction.php b/lib/facebookaction.php index 5be2f2fe6..289e702c6 100644 --- a/lib/facebookaction.php +++ b/lib/facebookaction.php @@ -95,34 +95,13 @@ class FacebookAction extends Action function showStylesheets() { - // Add a timestamp to the file so Facebook cache wont ignore our changes - $ts = filemtime(INSTALLDIR.'/theme/base/css/display.css'); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/display.css', 'base') . '?ts=' . $ts)); - - $theme = common_config('site', 'theme'); - - $ts = filemtime(INSTALLDIR. '/theme/' . $theme .'/css/display.css'); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/display.css', null) . '?ts=' . $ts)); - - $ts = filemtime(INSTALLDIR.'/theme/base/css/facebookapp.css'); - - $this->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => theme_path('css/facebookapp.css', 'base') . '?ts=' . $ts)); + $this->cssLink('css/display.css', 'base'); + $this->cssLink('css/facebookapp.css', 'base'); } function showScripts() { - // Add a timestamp to the file so Facebook cache wont ignore our changes - $ts = filemtime(INSTALLDIR.'/js/facebookapp.js'); - - $this->element('script', array('src' => common_path('js/facebookapp.js') . '?ts=' . $ts)); + $this->script('js/facebookapp.js'); } /** @@ -277,8 +256,13 @@ class FacebookAction extends Action $this->elementStart('dd'); $this->elementStart('p'); $this->text(sprintf($loginmsg_part1, common_config('site', 'name'))); - $this->element('a', - array('href' => common_local_url('register')), _('Register')); + if (!common_config('site', 'openidonly')) { + $this->element('a', + array('href' => common_local_url('register')), _('Register')); + } else { + $this->element('a', + array('href' => common_local_url('openidlogin')), _('Register')); + } $this->text($loginmsg_part2); $this->elementEnd('p'); $this->elementEnd('dd'); diff --git a/lib/groupsbymemberssection.php b/lib/groupsbymemberssection.php index 963e21f15..ad4884bf8 100644 --- a/lib/groupsbymemberssection.php +++ b/lib/groupsbymemberssection.php @@ -48,7 +48,7 @@ class GroupsByMembersSection extends GroupSection $qry = 'SELECT user_group.*, count(*) as value ' . 'FROM user_group JOIN group_member '. 'ON user_group.id = group_member.group_id ' . - 'GROUP BY user_group.id,user_group.nickname,user_group.fullname,user_group.homepage,user_group.description,user_group.location,user_group.original_logo,user_group.homepage_logo,user_group.stream_logo,user_group.mini_logo,user_group.created,user_group.modified ' . + 'GROUP BY user_group.id,user_group.nickname,user_group.fullname,user_group.homepage,user_group.description,user_group.location,user_group.original_logo,user_group.homepage_logo,user_group.stream_logo,user_group.mini_logo,user_group.created,user_group.modified,user_group.design_id ' . 'ORDER BY value DESC '; $limit = GROUPS_PER_SECTION; diff --git a/lib/groupsbypostssection.php b/lib/groupsbypostssection.php index 325b4033f..dc7925d5e 100644 --- a/lib/groupsbypostssection.php +++ b/lib/groupsbypostssection.php @@ -48,7 +48,7 @@ class GroupsByPostsSection extends GroupSection $qry = 'SELECT user_group.*, count(*) as value ' . 'FROM user_group JOIN group_inbox '. 'ON user_group.id = group_inbox.group_id ' . - 'GROUP BY user_group.id,user_group.nickname,user_group.fullname,user_group.homepage,user_group.description,user_group.location,user_group.original_logo,user_group.homepage_logo,user_group.stream_logo,user_group.mini_logo,user_group.created,user_group.modified ' . + 'GROUP BY user_group.id,user_group.nickname,user_group.fullname,user_group.homepage,user_group.description,user_group.location,user_group.original_logo,user_group.homepage_logo,user_group.stream_logo,user_group.mini_logo,user_group.created,user_group.modified,user_group.design_id ' . 'ORDER BY value DESC '; $limit = GROUPS_PER_SECTION; diff --git a/lib/grouptagcloudsection.php b/lib/grouptagcloudsection.php index 9b7a10f6b..0e0cbdd63 100644 --- a/lib/grouptagcloudsection.php +++ b/lib/grouptagcloudsection.php @@ -73,7 +73,7 @@ class GroupTagCloudSection extends TagCloudSection $quoted = array(); foreach ($names as $name) { - $quoted[] = "\"$name\""; + $quoted[] = "'$name'"; } $namestring = implode(',', $quoted); diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index 06603ac05..683a5e0b7 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -109,10 +109,11 @@ class HTMLOutputter extends XMLOutputter header('Content-Type: '.$type); $this->extraHeaders(); - - $this->startXML('html', - '-//W3C//DTD XHTML 1.0 Strict//EN', - 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'); + if( ! substr($type,0,strlen('text/html'))=='text/html' ){ + // Browsers don't like it when <?xml it output for non-xhtml documents + $this->xw->startDocument('1.0', 'UTF-8'); + } + $this->xw->writeDTD('html'); $language = $this->getLanguage(); @@ -339,6 +340,52 @@ class HTMLOutputter extends XMLOutputter } /** + * output a script (almost always javascript) tag + * + * @param string $src relative or absolute script path + * @param string $type 'type' attribute value of the tag + * + * @return void + */ + function script($src, $type='text/javascript') + { + $url = parse_url($src); + if( empty($url->scheme) && empty($url->host) && empty($url->query) && empty($url->fragment)) + { + $src = common_path($src) . '?version=' . LACONICA_VERSION; + } + $this->element('script', array('type' => $type, + 'src' => $src), + ' '); + } + + /** + * output a css link + * + * @param string $src relative path within the theme directory, or an absolute path + * @param string $theme 'theme' that contains the stylesheet + * @param string media 'media' attribute of the tag + * + * @return void + */ + function cssLink($src,$theme=null,$media=null) + { + $url = parse_url($src); + if( empty($url->scheme) && empty($url->host) && empty($url->query) && empty($url->fragment)) + { + if(file_exists(theme_file($src,$theme))){ + $src = theme_path($src, $theme) . '?version=' . LACONICA_VERSION; + }else{ + $src = common_path($src); + } + } + $this->element('link', array('rel' => 'stylesheet', + 'type' => 'text/css', + 'href' => $src, + 'media' => $media)); + } + + /** * output an HTML textarea and associated elements * * @param string $id element ID, must be unique on page diff --git a/lib/jsonsearchresultslist.php b/lib/jsonsearchresultslist.php index 7beea9328..34a3d530e 100644 --- a/lib/jsonsearchresultslist.php +++ b/lib/jsonsearchresultslist.php @@ -207,7 +207,7 @@ class ResultItem $replier_profile = null; if ($this->notice->reply_to) { - $reply = Notice::staticGet(intval($notice->reply_to)); + $reply = Notice::staticGet(intval($this->notice->reply_to)); if ($reply) { $replier_profile = $reply->getProfile(); } @@ -224,7 +224,7 @@ class ResultItem $user = User::staticGet('id', $this->profile->id); - $this->iso_language_code = $this->user->language; + $this->iso_language_code = $user->language; $this->source = $this->getSourceLink($this->notice->source); diff --git a/lib/language.php b/lib/language.php index 3ea3dd2aa..9ad2d31bd 100644 --- a/lib/language.php +++ b/lib/language.php @@ -53,7 +53,7 @@ function client_prefered_language($httplang) if (!empty($httplang[2][$i])) { // if no q default to 1.0 $client_langs[$httplang[2][$i]] = - ($httplang[6][$i]? (float) $httplang[6][$i] : 1.0); + ($httplang[6][$i]? (float) $httplang[6][$i] : 1.0 - ($i*0.01)); } if (!empty($httplang[3][$i]) && empty($client_langs[$httplang[3][$i]])) { // if a catchall default 0.01 lower diff --git a/lib/logingroupnav.php b/lib/logingroupnav.php index f23985f3a..919fd3db9 100644 --- a/lib/logingroupnav.php +++ b/lib/logingroupnav.php @@ -72,11 +72,13 @@ class LoginGroupNav extends Widget // action => array('prompt', 'title') $menu = array(); - $menu['login'] = array(_('Login'), - _('Login with a username and password')); - if (!(common_config('site','closed') || common_config('site','inviteonly'))) { - $menu['register'] = array(_('Register'), - _('Sign up for a new account')); + if (!common_config('site','openidonly')) { + $menu['login'] = array(_('Login'), + _('Login with a username and password')); + if (!(common_config('site','closed') || common_config('site','inviteonly'))) { + $menu['register'] = array(_('Register'), + _('Sign up for a new account')); + } } $menu['openidlogin'] = array(_('OpenID'), _('Login or register with OpenID')); diff --git a/lib/mail.php b/lib/mail.php index 781a7541b..2e471fd6d 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -121,7 +121,7 @@ function mail_notify_from() $domain = mail_domain(); - $notifyfrom = common_config('site', 'name') .' <noreply@'.$domain.'>'; + $notifyfrom = '"'.common_config('site', 'name') .'" <noreply@'.$domain.'>'; } return $notifyfrom; @@ -596,32 +596,44 @@ function mail_notify_attn($user, $notice) $bestname = $sender->getBestName(); common_init_locale($user->language); - + + if ($notice->conversation != $notice->id) { + $conversationEmailText = "The full conversation can be read here:\n\n". + "\t%5\$s\n\n "; + $conversationUrl = common_local_url('conversation', + array('id' => $notice->conversation)).'#notice-'.$notice->id; + } else { + $conversationEmailText = "%5\$s"; + $conversationUrl = null; + } + $subject = sprintf(_('%s sent a notice to your attention'), $bestname); - - $body = sprintf(_("%1\$s just sent a notice to your attention (an '@-reply') on %2\$s.\n\n". + + $body = sprintf(_("%1\$s just sent a notice to your attention (an '@-reply') on %2\$s.\n\n". "The notice is here:\n\n". "\t%3\$s\n\n" . "It reads:\n\n". "\t%4\$s\n\n" . + $conversationEmailText . "You can reply back here:\n\n". - "\t%5\$s\n\n" . + "\t%6\$s\n\n" . "The list of all @-replies for you here:\n\n" . - "%6\$s\n\n" . + "%7\$s\n\n" . "Faithfully yours,\n" . "%2\$s\n\n" . - "P.S. You can turn off these email notifications here: %7\$s\n"), - $bestname, - common_config('site', 'name'), + "P.S. You can turn off these email notifications here: %8\$s\n"), + $bestname,//%1 + common_config('site', 'name'),//%2 common_local_url('shownotice', - array('notice' => $notice->id)), - $notice->content, + array('notice' => $notice->id)),//%3 + $notice->content,//%4 + $conversationUrl,//%5 common_local_url('newnotice', - array('replyto' => $sender->nickname)), + array('replyto' => $sender->nickname)),//%6 common_local_url('replies', - array('nickname' => $user->nickname)), - common_local_url('emailsettings')); - + array('nickname' => $user->nickname)),//%7 + common_local_url('emailsettings'));//%8 + common_init_locale(); mail_to_user($user, $subject, $body); } @@ -645,13 +657,14 @@ function mail_twitter_bridge_removed($user) $subject = sprintf(_('Your Twitter bridge has been disabled.')); - $body = sprintf(_("Hi, %1\$s. We're sorry to inform you that your " . - 'link to Twitter has been disabled. Your Twitter credentials ' . - 'have either changed (did you recently change your Twitter ' . - 'password?) or you have otherwise revoked our access to your ' . - "Twitter account.\n\n" . - 'You can re-enable your Twitter bridge by visiting your ' . - "Twitter settings page:\n\n\t%2\$s\n\n" . + $site_name = common_config('site', 'name'); + + $body = sprintf(_('Hi, %1$s. We\'re sorry to inform you that your ' . + 'link to Twitter has been disabled. We no longer seem to have ' . + 'permission to update your Twitter status. (Did you revoke ' . + '%3$s\'s access?)' . "\n\n" . + 'You can re-enable your Twitter bridge by visiting your ' . + "Twitter settings page:\n\n\t%2\$s\n\n" . "Regards,\n%3\$s\n"), $profile->getBestName(), common_local_url('twittersettings'), diff --git a/lib/messageform.php b/lib/messageform.php index b8878ec1f..8ea2b36c2 100644 --- a/lib/messageform.php +++ b/lib/messageform.php @@ -140,6 +140,12 @@ class MessageForm extends Form 'rows' => 4, 'name' => 'content'), ($this->content) ? $this->content : ''); + $this->out->elementStart('dl', 'form_note'); + $this->out->element('dt', null, _('Available characters')); + $this->out->element('dd', array('id' => 'notice_text-count'), + '140'); + $this->out->elementEnd('dl'); + } /** diff --git a/lib/noticelist.php b/lib/noticelist.php index 44726a17b..5429d943f 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -350,26 +350,20 @@ class NoticeListItem extends Widget function showNoticeLink() { - $noticeurl = common_local_url('shownotice', + if($this->notice->is_local){ + $noticeurl = common_local_url('shownotice', array('notice' => $this->notice->id)); - // XXX: we need to figure this out better. Is this right? - if (strcmp($this->notice->uri, $noticeurl) != 0 && - preg_match('/^http/', $this->notice->uri)) { + }else{ $noticeurl = $this->notice->uri; } - $this->out->elementStart('dl', 'timestamp'); - $this->out->element('dt', null, _('Published')); - $this->out->elementStart('dd', null); $this->out->elementStart('a', array('rel' => 'bookmark', + 'class' => 'timestamp', 'href' => $noticeurl)); $dt = common_date_iso8601($this->notice->created); $this->out->element('abbr', array('class' => 'published', 'title' => $dt), common_date_string($this->notice->created)); - $this->out->elementEnd('a'); - $this->out->elementEnd('dd'); - $this->out->elementEnd('dl'); } /** @@ -384,8 +378,8 @@ class NoticeListItem extends Widget function showNoticeSource() { if ($this->notice->source) { - $this->out->elementStart('dl', 'device'); - $this->out->element('dt', null, _('From')); + $this->out->elementStart('span', 'source'); + $this->out->text(_('from')); $source_name = _($this->notice->source); switch ($this->notice->source) { case 'web': @@ -394,22 +388,22 @@ class NoticeListItem extends Widget case 'omb': case 'system': case 'api': - $this->out->element('dd', null, $source_name); + $this->out->element('span', 'device', $source_name); break; default: $ns = Notice_source::staticGet($this->notice->source); if ($ns) { - $this->out->elementStart('dd', null); + $this->out->elementStart('span', 'device'); $this->out->element('a', array('href' => $ns->url, 'rel' => 'external'), $ns->name); - $this->out->elementEnd('dd'); + $this->out->elementEnd('span'); } else { - $this->out->element('dd', null, $source_name); + $this->out->element('span', 'device', $source_name); } break; } - $this->out->elementEnd('dl'); + $this->out->elementEnd('span'); } } @@ -429,13 +423,9 @@ class NoticeListItem extends Widget && $this->notice->conversation != $this->notice->id) { $convurl = common_local_url('conversation', array('id' => $this->notice->conversation)); - $this->out->elementStart('dl', 'response'); - $this->out->element('dt', null, _('To')); - $this->out->elementStart('dd'); - $this->out->element('a', array('href' => $convurl.'#notice-'.$this->notice->id), + $this->out->element('a', array('href' => $convurl.'#notice-'.$this->notice->id, + 'class' => 'response'), _('in context')); - $this->out->elementEnd('dd'); - $this->out->elementEnd('dl'); } } @@ -453,17 +443,12 @@ class NoticeListItem extends Widget if (common_logged_in()) { $reply_url = common_local_url('newnotice', array('replyto' => $this->profile->nickname)); - - $this->out->elementStart('dl', 'notice_reply'); - $this->out->element('dt', null, _('Reply to this notice')); - $this->out->elementStart('dd'); $this->out->elementStart('a', array('href' => $reply_url, + 'class' => 'notice_reply', 'title' => _('Reply to this notice'))); $this->out->text(_('Reply')); $this->out->element('span', 'notice_id', $this->notice->id); $this->out->elementEnd('a'); - $this->out->elementEnd('dd'); - $this->out->elementEnd('dl'); } } @@ -479,13 +464,9 @@ class NoticeListItem extends Widget if ($user && $this->notice->profile_id == $user->id) { $deleteurl = common_local_url('deletenotice', array('notice' => $this->notice->id)); - $this->out->elementStart('dl', 'notice_delete'); - $this->out->element('dt', null, _('Delete this notice')); - $this->out->elementStart('dd'); $this->out->element('a', array('href' => $deleteurl, + 'class' => 'notice_delete', 'title' => _('Delete this notice')), _('Delete')); - $this->out->elementEnd('dd'); - $this->out->elementEnd('dl'); } } diff --git a/lib/oauthclient.php b/lib/oauthclient.php new file mode 100644 index 000000000..b66a24be4 --- /dev/null +++ b/lib/oauthclient.php @@ -0,0 +1,225 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Base class for doing OAuth calls as a consumer + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @copyright 2008 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once 'OAuth.php'; + +/** + * Exception wrapper for cURL errors + * + * @category Integration + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + * + */ +class OAuthClientCurlException extends Exception +{ +} + +/** + * Base class for doing OAuth calls as a consumer + * + * @category Integration + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + * + */ +class OAuthClient +{ + var $consumer; + var $token; + + /** + * Constructor + * + * Can be initialized with just consumer key and secret for requesting new + * tokens or with additional request token or access token + * + * @param string $consumer_key consumer key + * @param string $consumer_secret consumer secret + * @param string $oauth_token user's token + * @param string $oauth_token_secret user's secret + * + * @return nothing + */ + function __construct($consumer_key, $consumer_secret, + $oauth_token = null, $oauth_token_secret = null) + { + $this->sha1_method = new OAuthSignatureMethod_HMAC_SHA1(); + $this->consumer = new OAuthConsumer($consumer_key, $consumer_secret); + $this->token = null; + + if (isset($oauth_token) && isset($oauth_token_secret)) { + $this->token = new OAuthToken($oauth_token, $oauth_token_secret); + } + } + + /** + * Gets a request token from the given url + * + * @param string $url OAuth endpoint for grabbing request tokens + * + * @return OAuthToken $token the request token + */ + function getRequestToken($url) + { + $response = $this->oAuthGet($url); + parse_str($response); + $token = new OAuthToken($oauth_token, $oauth_token_secret); + return $token; + } + + /** + * Builds a link that can be redirected to in order to + * authorize a request token. + * + * @param string $url endpoint for authorizing request tokens + * @param OAuthToken $request_token the request token to be authorized + * @param string $oauth_callback optional callback url + * + * @return string $authorize_url the url to redirect to + */ + function getAuthorizeLink($url, $request_token, $oauth_callback = null) + { + $authorize_url = $url . '?oauth_token=' . + $request_token->key; + + if (isset($oauth_callback)) { + $authorize_url .= '&oauth_callback=' . urlencode($oauth_callback); + } + + return $authorize_url; + } + + /** + * Fetches an access token + * + * @param string $url OAuth endpoint for exchanging authorized request tokens + * for access tokens + * + * @return OAuthToken $token the access token + */ + function getAccessToken($url) + { + $response = $this->oAuthPost($url); + parse_str($response); + $token = new OAuthToken($oauth_token, $oauth_token_secret); + return $token; + } + + /** + * Use HTTP GET to make a signed OAuth request + * + * @param string $url OAuth endpoint + * + * @return mixed the request + */ + function oAuthGet($url) + { + $request = OAuthRequest::from_consumer_and_token($this->consumer, + $this->token, 'GET', $url, null); + $request->sign_request($this->sha1_method, + $this->consumer, $this->token); + + return $this->httpRequest($request->to_url()); + } + + /** + * Use HTTP POST to make a signed OAuth request + * + * @param string $url OAuth endpoint + * @param array $params additional post parameters + * + * @return mixed the request + */ + function oAuthPost($url, $params = null) + { + $request = OAuthRequest::from_consumer_and_token($this->consumer, + $this->token, 'POST', $url, $params); + $request->sign_request($this->sha1_method, + $this->consumer, $this->token); + + return $this->httpRequest($request->get_normalized_http_url(), + $request->to_postdata()); + } + + /** + * Make a HTTP request using cURL. + * + * @param string $url Where to make the + * @param array $params post parameters + * + * @return mixed the request + */ + function httpRequest($url, $params = null) + { + $options = array( + CURLOPT_RETURNTRANSFER => true, + CURLOPT_FAILONERROR => true, + CURLOPT_HEADER => false, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_USERAGENT => 'Laconica', + CURLOPT_CONNECTTIMEOUT => 120, + CURLOPT_TIMEOUT => 120, + CURLOPT_HTTPAUTH => CURLAUTH_ANY, + CURLOPT_SSL_VERIFYPEER => false, + + // Twitter is strict about accepting invalid "Expect" headers + + CURLOPT_HTTPHEADER => array('Expect:') + ); + + if (isset($params)) { + $options[CURLOPT_POST] = true; + $options[CURLOPT_POSTFIELDS] = $params; + } + + $ch = curl_init($url); + curl_setopt_array($ch, $options); + $response = curl_exec($ch); + + if ($response === false) { + $msg = curl_error($ch); + $code = curl_errno($ch); + throw new OAuthClientCurlException($msg, $code); + } + + curl_close($ch); + + return $response; + } + +} diff --git a/lib/parallelizingdaemon.php b/lib/parallelizingdaemon.php new file mode 100644 index 000000000..dc28b5643 --- /dev/null +++ b/lib/parallelizingdaemon.php @@ -0,0 +1,229 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Base class for making daemons that can do several tasks in parallel. + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Daemon + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @author Evan Prodromou <evan@controlyourself.ca> + * @copyright 2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +declare(ticks = 1); + +/** + * Daemon able to spawn multiple child processes to do work in parallel + * + * @category Daemon + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @author Evan Prodromou <evan@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +class ParallelizingDaemon extends Daemon +{ + private $_children = array(); + private $_interval = 0; // seconds + private $_max_children = 0; // maximum number of children + private $_debug = false; + + /** + * Constructor + * + * @param string $id the name/id of this daemon + * @param int $interval sleep this long before doing everything again + * @param int $max_children maximum number of child processes at a time + * @param boolean $debug debug output flag + * + * @return void + * + **/ + + function __construct($id = null, $interval = 60, $max_children = 2, + $debug = null) + { + parent::__construct(true); // daemonize + + $this->_interval = $interval; + $this->_max_children = $max_children; + $this->_debug = $debug; + + if (isset($id)) { + $this->set_id($id); + } + } + + /** + * Run the daemon + * + * @return void + */ + + function run() + { + if (isset($this->_debug)) { + echo $this->name() . " - Debugging output enabled.\n"; + } + + do { + + $objects = $this->getObjects(); + + foreach ($objects as $o) { + + // Fork a child for each object + + $pid = pcntl_fork(); + + if ($pid == -1) { + die ($this->name() . ' - Couldn\'t fork!'); + } + + if ($pid) { + + // Parent + + if (isset($this->_debug)) { + echo $this->name() . + " - Forked new child - pid $pid.\n"; + + } + + $this->_children[] = $pid; + + } else { + + // Child + + // Do something with each object + + $this->childTask($o); + + exit(); + } + + // Remove child from ps list as it finishes + + while (($c = pcntl_wait($status, WNOHANG OR WUNTRACED)) > 0) { + + if (isset($this->_debug)) { + echo $this->name() . " - Child $c finished.\n"; + } + + $this->removePs($this->_children, $c); + } + + // Wait! We have too many damn kids. + + if (sizeof($this->_children) >= $this->_max_children) { + + if (isset($this->_debug)) { + echo $this->name() . " - Too many children. Waiting...\n"; + } + + if (($c = pcntl_wait($status, WUNTRACED)) > 0) { + + if (isset($this->_debug)) { + echo $this->name() . + " - Finished waiting for child $c.\n"; + } + + $this->removePs($this->_children, $c); + } + } + } + + // Remove all children from the process list before restarting + while (($c = pcntl_wait($status, WUNTRACED)) > 0) { + + if (isset($this->_debug)) { + echo $this->name() . " - Child $c finished.\n"; + } + + $this->removePs($this->_children, $c); + } + + // Rest for a bit + + if (isset($this->_debug)) { + echo $this->name() . ' - Waiting ' . $this->_interval . + " secs before running again.\n"; + } + + if ($this->_interval > 0) { + sleep($this->_interval); + } + + } while (true); + } + + /** + * Remove a child process from the list of children + * + * @param array &$plist array of processes + * @param int $ps process id + * + * @return void + */ + + function removePs(&$plist, $ps) + { + for ($i = 0; $i < sizeof($plist); $i++) { + if ($plist[$i] == $ps) { + unset($plist[$i]); + $plist = array_values($plist); + break; + } + } + } + + /** + * Get a list of objects to work on in parallel + * + * @return array An array of objects to work on + */ + + function getObjects() + { + die('Implement ParallelizingDaemon::getObjects().'); + } + + /** + * Do something with each object in parallel + * + * @param mixed $object data to work on + * + * @return void + */ + + function childTask($object) + { + die("Implement ParallelizingDaemon::childTask($object)."); + } + +}
\ No newline at end of file diff --git a/lib/popularnoticesection.php b/lib/popularnoticesection.php index e47c9b385..167a6ff8d 100644 --- a/lib/popularnoticesection.php +++ b/lib/popularnoticesection.php @@ -74,11 +74,7 @@ class PopularNoticeSection extends NoticeSection $offset = 0; $limit = NOTICES_PER_SECTION + 1; - if (common_config('db', 'type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; - } + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; $notice = Memcached_DataObject::cachedQuery('Notice', sprintf($qry, common_config('popular', 'dropoff')), diff --git a/lib/profilesection.php b/lib/profilesection.php index 9ff243fb5..d463a07b0 100644 --- a/lib/profilesection.php +++ b/lib/profilesection.php @@ -97,7 +97,7 @@ class ProfileSection extends Section $this->out->elementEnd('a'); $this->out->elementEnd('span'); $this->out->elementEnd('td'); - if ($profile->value) { + if (isset($profile->value)) { $this->out->element('td', 'value', $profile->value); } diff --git a/lib/queuehandler.php b/lib/queuehandler.php index c2ff10f32..f11e5bd90 100644 --- a/lib/queuehandler.php +++ b/lib/queuehandler.php @@ -29,7 +29,6 @@ define('QUEUE_HANDLER_HIT_IDLE', 0); class QueueHandler extends Daemon { - var $_id = 'generic'; function __construct($id=null, $daemonize=true) { @@ -55,16 +54,6 @@ class QueueHandler extends Daemon return strtolower($this->class_name().'.'.$this->get_id()); } - function get_id() - { - return $this->_id; - } - - function set_id($id) - { - $this->_id = $id; - } - function transport() { return null; diff --git a/lib/router.php b/lib/router.php index e12138637..f03cfcf6d 100644 --- a/lib/router.php +++ b/lib/router.php @@ -88,6 +88,10 @@ class Router $m->connect('doc/:title', array('action' => 'doc')); + // Twitter + + $m->connect('twitter/authorization', array('action' => 'twitterauthorization')); + // facebook $m->connect('facebook', array('action' => 'facebookhome')); @@ -113,6 +117,16 @@ class Router $m->connect('main/tagother/:id', array('action' => 'tagother')); + $m->connect('main/oembed.xml', + array('action' => 'api', + 'method' => 'oembed.xml', + 'apiaction' => 'oembed')); + + $m->connect('main/oembed.json', + array('action' => 'api', + 'method' => 'oembed.json', + 'apiaction' => 'oembed')); + // these take a code foreach (array('register', 'confirmaddress', 'recoverpassword') as $c) { @@ -206,7 +220,7 @@ class Router array('tag' => '[a-zA-Z0-9]+')); $m->connect('tag/:tag', array('action' => 'tag'), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect('peopletag/:tag', array('action' => 'peopletag'), @@ -394,7 +408,33 @@ class Router array('action' => 'api', 'apiaction' => 'laconica')); + $m->connect('api/laconica/:method', + array('action' => 'api', + 'apiaction' => 'laconica')); + // Groups + //'list' has to be handled differently, as php will not allow a method to be named 'list' + $m->connect('api/laconica/groups/list/:argument', + array('action' => 'api', + 'method' => 'list_groups', + 'apiaction' => 'groups')); + foreach (array('xml', 'json', 'rss', 'atom') as $e) { + $m->connect('api/laconica/groups/list.' . $e, + array('action' => 'api', + 'method' => 'list_groups.' . $e, + 'apiaction' => 'groups')); + } + + $m->connect('api/laconica/groups/:method', + array('action' => 'api', + 'apiaction' => 'statuses'), + array('method' => '(list_all|)(\.(atom|rss|xml|json))?')); + + $m->connect('api/statuses/:method/:argument', + array('action' => 'api', + 'apiaction' => 'statuses'), + array('method' => '(|user_timeline|friends_timeline|replies|mentions|show|destroy|friends|followers)')); + $m->connect('api/laconica/groups/:method/:argument', array('action' => 'api', 'apiaction' => 'groups')); diff --git a/lib/rssaction.php b/lib/rssaction.php index 3b9f0fb47..0aca96566 100644 --- a/lib/rssaction.php +++ b/lib/rssaction.php @@ -39,6 +39,7 @@ class Rss10Action extends Action var $creators = array(); var $limit = DEFAULT_RSS_LIMIT; var $notices = null; + var $tags_already_output = array(); /** * Constructor @@ -96,11 +97,48 @@ class Rss10Action extends Action { // Parent handling, including cache check parent::handle($args); + + if (common_config('site', 'private')) { + if (!isset($_SERVER['PHP_AUTH_USER'])) { + + # This header makes basic auth go + header('WWW-Authenticate: Basic realm="Laconica RSS"'); + + # If the user hits cancel -- bam! + $this->show_basic_auth_error(); + return; + } else { + $nickname = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + + if (!common_check_user($nickname, $password)) { + # basic authentication failed + list($proxy, $ip) = common_client_ip(); + + common_log(LOG_WARNING, "Failed RSS auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); + $this->show_basic_auth_error(); + return; + } + } + } + // Get the list of notices $this->notices = $this->getNotices($this->limit); $this->showRss(); } + function show_basic_auth_error() + { + header('HTTP/1.1 401 Unauthorized'); + header('Content-Type: application/xml; charset=utf-8'); + $this->startXML(); + $this->elementStart('hash'); + $this->element('error', null, 'Could not authenticate you.'); + $this->element('request', null, $_SERVER['REQUEST_URI']); + $this->elementEnd('hash'); + $this->endXML(); + } + /** * Get the notices to output in this stream * @@ -188,24 +226,6 @@ class Rss10Action extends Action } } - // XXX: Surely there should be a common function to do this? - function extract_tags ($string) - { - $count = preg_match_all('/(?:^|\s)#([A-Za-z0-9_\-\.]{1,64})/', strtolower($string), $match); - if (!count) - { - return array(); - } - - $rv = array(); - foreach ($match[1] as $tag) - { - $rv[] = common_canonical_tag($tag); - } - - return array_unique($rv); - } - function showItem($notice) { $profile = Profile::staticGet($notice->profile_id); @@ -230,6 +250,11 @@ class Rss10Action extends Action $replyurl = common_local_url('shownotice', array('notice' => $notice->reply_to)); $this->element('sioc:reply_of', array('rdf:resource' => $replyurl)); } + if (!empty($notice->conversation)) { + $conversationurl = common_local_url('conversation', + array('id' => $notice->conversation)); + $this->element('sioc:has_discussion', array('rdf:resource' => $conversationurl)); + } $attachments = $notice->attachments(); if($attachments){ foreach($attachments as $attachment){ @@ -259,18 +284,28 @@ class Rss10Action extends Action $this->element('sioc:links_to', array('rdf:resource'=>$attachment->url)); } } - $tags = $this->extract_tags($notice->content); - if (!empty($tags)) { - foreach ($tags as $tag) - { - $tagpage = common_local_url('tag', array('tag' => $tag)); - $tagrss = common_local_url('tagrss', array('tag' => $tag)); + + $tag = new Notice_tag(); + $tag->notice_id = $notice->id; + if ($tag->find()) { + $entry['tags']=array(); + while ($tag->fetch()) { + $tagpage = common_local_url('tag', array('tag' => $tag->tag)); + + if ( in_array($tag, $this->tags_already_output) ) { + $this->element('ctag:tagged', array('rdf:resource'=>$tagpage.'#concept')); + continue; + } + + $tagrss = common_local_url('tagrss', array('tag' => $tag->tag)); $this->elementStart('ctag:tagged'); - $this->elementStart('ctag:Tag', array('rdf:about'=>$tagpage.'#concept', 'ctag:label'=>$tag)); + $this->elementStart('ctag:Tag', array('rdf:about'=>$tagpage.'#concept', 'ctag:label'=>$tag->tag)); $this->element('foaf:page', array('rdf:resource'=>$tagpage)); $this->element('rdfs:seeAlso', array('rdf:resource'=>$tagrss)); $this->elementEnd('ctag:Tag'); $this->elementEnd('ctag:tagged'); + + $this->tags_already_output[] = $tag->tag; } } $this->elementEnd('item'); diff --git a/lib/twitter.php b/lib/twitter.php index 47af32e61..280cdb0a3 100644 --- a/lib/twitter.php +++ b/lib/twitter.php @@ -17,83 +17,20 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -if (!defined('LACONICA')) { exit(1); } - -define('TWITTER_SERVICE', 1); // Twitter is foreign_service ID 1 - -function get_twitter_data($uri, $screen_name, $password) -{ - - $options = array( - CURLOPT_USERPWD => sprintf("%s:%s", $screen_name, $password), - CURLOPT_RETURNTRANSFER => true, - CURLOPT_FAILONERROR => true, - CURLOPT_HEADER => false, - CURLOPT_FOLLOWLOCATION => true, - CURLOPT_USERAGENT => "Laconica", - CURLOPT_CONNECTTIMEOUT => 120, - CURLOPT_TIMEOUT => 120, - # Twitter is strict about accepting invalid "Expect" headers - CURLOPT_HTTPHEADER => array('Expect:') - ); - - $ch = curl_init($uri); - curl_setopt_array($ch, $options); - $data = curl_exec($ch); - $errmsg = curl_error($ch); - - if ($errmsg) { - common_debug("Twitter bridge - cURL error: $errmsg - trying to load: $uri with user $screen_name.", - __FILE__); - - if (defined('SCRIPT_DEBUG')) { - print "cURL error: $errmsg - trying to load: $uri with user $screen_name.\n"; - } - } - - curl_close($ch); - - return $data; -} - -function twitter_json_data($uri, $screen_name, $password) -{ - $json_data = get_twitter_data($uri, $screen_name, $password); - - if (!$json_data) { - return false; - } - - $data = json_decode($json_data); - - if (!$data) { - return false; - } - - return $data; -} - -function twitter_user_info($screen_name, $password) -{ - $uri = "http://twitter.com/users/show/$screen_name.json"; - return twitter_json_data($uri, $screen_name, $password); +if (!defined('LACONICA')) { + exit(1); } -function twitter_friends_ids($screen_name, $password) -{ - $uri = "http://twitter.com/friends/ids/$screen_name.json"; - return twitter_json_data($uri, $screen_name, $password); -} +define('TWITTER_SERVICE', 1); // Twitter is foreign_service ID 1 function update_twitter_user($twitter_id, $screen_name) { $uri = 'http://twitter.com/' . $screen_name; - $fuser = new Foreign_user(); $fuser->query('BEGIN'); - // Dropping down to SQL because regular db_object udpate stuff doesn't seem + // Dropping down to SQL because regular DB_DataObject udpate stuff doesn't seem // to work so good with tables that have multiple column primary keys // Any time we update the uri for a forein user we have to make sure there @@ -102,35 +39,14 @@ function update_twitter_user($twitter_id, $screen_name) $qry = 'UPDATE foreign_user set uri = \'\' WHERE uri = '; $qry .= '\'' . $uri . '\'' . ' AND service = ' . TWITTER_SERVICE; - $result = $fuser->query($qry); - - if ($result) { - common_debug("Removed uri ($uri) from another foreign_user who was squatting on it."); - if (defined('SCRIPT_DEBUG')) { - print("Removed uri ($uri) from another Twitter user who was squatting on it.\n"); - } - } + $fuser->query($qry); // Update the user + $qry = 'UPDATE foreign_user SET nickname = '; $qry .= '\'' . $screen_name . '\'' . ', uri = \'' . $uri . '\' '; $qry .= 'WHERE id = ' . $twitter_id . ' AND service = ' . TWITTER_SERVICE; - $result = $fuser->query($qry); - - if (!$result) { - common_log(LOG_WARNING, - "Couldn't update foreign_user data for Twitter user: $screen_name"); - common_log_db_error($fuser, 'UPDATE', __FILE__); - if (defined('SCRIPT_DEBUG')) { - print "UPDATE failed: for Twitter user: $twitter_id - $screen_name. - "; - print common_log_objstring($fuser) . "\n"; - $error = &PEAR::getStaticProperty('DB_DataObject','lastError'); - print "DB_DataObject Error: " . $error->getMessage() . "\n"; - } - return false; - } - $fuser->query('COMMIT'); $fuser->free(); @@ -147,23 +63,22 @@ function add_twitter_user($twitter_id, $screen_name) // Clear out any bad old foreign_users with the new user's legit URL // This can happen when users move around or fakester accounts get // repoed, and things like that. + $luser = new Foreign_user(); $luser->uri = $new_uri; $luser->service = TWITTER_SERVICE; $result = $luser->delete(); - if ($result) { + if (empty($result)) { common_log(LOG_WARNING, "Twitter bridge - removed invalid Twitter user squatting on uri: $new_uri"); - if (defined('SCRIPT_DEBUG')) { - print "Removed invalid Twitter user squatting on uri: $new_uri\n"; - } } $luser->free(); unset($luser); // Otherwise, create a new Twitter user + $fuser = new Foreign_user(); $fuser->nickname = $screen_name; @@ -173,21 +88,12 @@ function add_twitter_user($twitter_id, $screen_name) $fuser->created = common_sql_now(); $result = $fuser->insert(); - if (!$result) { + if (empty($result)) { common_log(LOG_WARNING, "Twitter bridge - failed to add new Twitter user: $twitter_id - $screen_name."); common_log_db_error($fuser, 'INSERT', __FILE__); - if (defined('SCRIPT_DEBUG')) { - print "INSERT failed: could not add new Twitter user: $twitter_id - $screen_name. - "; - print common_log_objstring($fuser) . "\n"; - $error = &PEAR::getStaticProperty('DB_DataObject','lastError'); - print "DB_DataObject Error: " . $error->getMessage() . "\n"; - } } else { common_debug("Twitter bridge - Added new Twitter user: $screen_name ($twitter_id)."); - if (defined('SCRIPT_DEBUG')) { - print "Added new Twitter user: $screen_name ($twitter_id).\n"; - } } return $result; @@ -199,23 +105,20 @@ function save_twitter_user($twitter_id, $screen_name) // Check to see whether the Twitter user is already in the system, // and update its screen name and uri if so. + $fuser = Foreign_user::getForeignUser($twitter_id, TWITTER_SERVICE); - if ($fuser) { + if (!empty($fuser)) { $result = true; // Only update if Twitter screen name has changed + if ($fuser->nickname != $screen_name) { $result = update_twitter_user($twitter_id, $screen_name); common_debug('Twitter bridge - Updated nickname (and URI) for Twitter user ' . "$fuser->id to $screen_name, was $fuser->nickname"); - - if (defined('SCRIPT_DEBUG')) { - print 'Updated nickname (and URI) for Twitter user ' . - "$fuser->id to $screen_name, was $fuser->nickname\n"; - } } return $result; @@ -230,119 +133,6 @@ function save_twitter_user($twitter_id, $screen_name) return true; } -function retreive_twitter_friends($twitter_id, $screen_name, $password) -{ - $friends = array(); - - $uri = "http://twitter.com/statuses/friends/$twitter_id.json?page="; - $friends_ids = twitter_friends_ids($screen_name, $password); - - if (!$friends_ids) { - return $friends; - } - - if (defined('SCRIPT_DEBUG')) { - print "Twitter 'social graph' ids method says $screen_name has " . - count($friends_ids) . " friends.\n"; - } - - // Calculate how many pages to get... - $pages = ceil(count($friends_ids) / 100); - - if ($pages == 0) { - common_log(LOG_WARNING, - "Twitter bridge - $screen_name seems to have no friends."); - if (defined('SCRIPT_DEBUG')) { - print "$screen_name seems to have no friends.\n"; - } - } - - for ($i = 1; $i <= $pages; $i++) { - - $data = get_twitter_data($uri . $i, $screen_name, $password); - - if (!$data) { - common_log(LOG_WARNING, - "Twitter bridge - Couldn't retrieve page $i of $screen_name's friends."); - if (defined('SCRIPT_DEBUG')) { - print "Couldn't retrieve page $i of $screen_name's friends.\n"; - } - continue; - } - - $more_friends = json_decode($data); - - if (!$more_friends) { - - common_log(LOG_WARNING, - "Twitter bridge - No data for page $i of $screen_name's friends."); - if (defined('SCRIPT_DEBUG')) { - print "No data for page $i of $screen_name's friends.\n"; - } - continue; - } - - $friends = array_merge($friends, $more_friends); - } - - return $friends; -} - -function save_twitter_friends($user, $twitter_id, $screen_name, $password) -{ - - $friends = retreive_twitter_friends($twitter_id, $screen_name, $password); - - if (empty($friends)) { - common_debug("Twitter bridge - Couldn't get friends data from Twitter for $screen_name."); - if (defined('SCRIPT_DEBUG')) { - print "Couldn't get friends data from Twitter for $screen_name.\n"; - } - return false; - } - - foreach ($friends as $friend) { - - $friend_name = $friend->screen_name; - $friend_id = (int) $friend->id; - - // Update or create the Foreign_user record - if (!save_twitter_user($friend_id, $friend_name)) { - common_log(LOG_WARNING, - "Twitter bridge - couldn't save $screen_name's friend, $friend_name."); - if (defined('SCRIPT_DEBUG')) { - print "Couldn't save $screen_name's friend, $friend_name.\n"; - } - continue; - } - - // Check to see if there's a related local user - $flink = Foreign_link::getByForeignID($friend_id, 1); - - if ($flink) { - - // Get associated user and subscribe her - $friend_user = User::staticGet('id', $flink->user_id); - if (!empty($friend_user)) { - $result = subs_subscribe_to($user, $friend_user); - - if ($result === true) { - common_debug("Twitter bridge - subscribed $friend_user->nickname to $user->nickname."); - if (defined('SCRIPT_DEBUG')) { - print("Subscribed $friend_user->nickname to $user->nickname.\n"); - } - } else { - if (defined('SCRIPT_DEBUG')) { - print "$result ($friend_user->nickname to $user->nickname)\n"; - } - } - } - } - } - - return true; -} - function is_twitter_bound($notice, $flink) { // Check to see if notice should go to Twitter @@ -351,7 +141,7 @@ function is_twitter_bound($notice, $flink) { // If it's not a Twitter-style reply, or if the user WANTS to send replies. if (!preg_match('/^@[a-zA-Z0-9_]{1,15}\b/u', $notice->content) || ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY)) { - return true; + return true; } } @@ -360,104 +150,73 @@ function is_twitter_bound($notice, $flink) { function broadcast_twitter($notice) { - $flink = Foreign_link::getByUserID($notice->profile_id, - TWITTER_SERVICE); + TWITTER_SERVICE); if (is_twitter_bound($notice, $flink)) { - $fuser = $flink->getForeignUser(); - $twitter_user = $fuser->nickname; - $twitter_password = $flink->credentials; - $uri = 'http://www.twitter.com/statuses/update.json'; + $user = $flink->getUser(); // XXX: Hack to get around PHP cURL's use of @ being a a meta character $statustxt = preg_replace('/^@/', ' @', $notice->content); - $options = array( - CURLOPT_USERPWD => "$twitter_user:$twitter_password", - CURLOPT_POST => true, - CURLOPT_POSTFIELDS => - array( - 'status' => $statustxt, - 'source' => common_config('integration', 'source') - ), - CURLOPT_RETURNTRANSFER => true, - CURLOPT_FAILONERROR => true, - CURLOPT_HEADER => false, - CURLOPT_FOLLOWLOCATION => true, - CURLOPT_USERAGENT => "Laconica", - CURLOPT_CONNECTTIMEOUT => 120, // XXX: How long should this be? - CURLOPT_TIMEOUT => 120, - - # Twitter is strict about accepting invalid "Expect" headers - CURLOPT_HTTPHEADER => array('Expect:') - ); - - $ch = curl_init($uri); - curl_setopt_array($ch, $options); - $data = curl_exec($ch); - $errmsg = curl_error($ch); - $errno = curl_errno($ch); - - if (!empty($errmsg)) { - common_debug("cURL error ($errno): $errmsg - " . - "trying to send notice for $twitter_user.", - __FILE__); - - $user = $flink->getUser(); - - if ($errmsg == 'The requested URL returned error: 401') { - common_debug(sprintf('User %s (user id: %s) ' . - 'has bad Twitter credentials!', - $user->nickname, $user->id)); - - // Bad credentials we need to delete the foreign_link - // to Twitter and inform the user. - - remove_twitter_link($flink); - - return true; + $token = TwitterOAuthClient::unpackToken($flink->credentials); - } else { + $client = new TwitterOAuthClient($token->key, $token->secret); - // Some other error happened, so we should try to - // send again later + $status = null; - return false; - } + try { + $status = $client->statusesUpdate($statustxt); + } catch (OAuthClientCurlException $e) { - } - - curl_close($ch); + if ($e->getMessage() == 'The requested URL returned error: 401') { - if (empty($data)) { - common_debug("No data returned by Twitter's " . - "API trying to send update for $twitter_user", - __FILE__); + $errmsg = sprintf('User %1$s (user id: %2$s) has an invalid ' . + 'Twitter OAuth access token.', + $user->nickname, $user->id); + common_log(LOG_WARNING, $errmsg); - // XXX: Not sure this represents a failure to send, but it - // probably does + // Bad auth token! We need to delete the foreign_link + // to Twitter and inform the user. - return false; - - } else { + remove_twitter_link($flink); + return true; - // Twitter should return a status - $status = json_decode($data); + } else { - if (empty($status)) { - common_debug("Unexpected data returned by Twitter " . - " API trying to send update for $twitter_user", - __FILE__); + // Some other error happened, so we should probably + // try to send again later. - // XXX: Again, this could represent a failure posting - // or the Twitter API might just be behaving flakey. - // We're treating it as a failure to post. + $errmsg = sprintf('cURL error trying to send notice to Twitter ' . + 'for user %1$s (user id: %2$s) - ' . + 'code: %3$s message: $4$s.', + $user->nickname, $user->id, + $e->getCode(), $e->getMessage()); + common_log(LOG_WARNING, $errmsg); return false; } } + + if (empty($status)) { + + // This could represent a failure posting, + // or the Twitter API might just be behaving flakey. + + $errmsg = sprint('No data returned by Twitter API when ' . + 'trying to send update for %1$s (user id %2$s).', + $user->nickname, $user->id); + common_log(LOG_WARNING, $errmsg); + + return false; + } + + // Notice crossed the great divide + + $msg = sprintf('Twitter bridge posted notice %s to Twitter.', + $notice->id); + common_log(LOG_INFO, $msg); } return true; @@ -474,22 +233,25 @@ function remove_twitter_link($flink) if (empty($result)) { common_log(LOG_ERR, 'Could not remove Twitter bridge ' . - "Foreign_link for $user->nickname (user id: $user->id)!"); + "Foreign_link for $user->nickname (user id: $user->id)!"); common_log_db_error($flink, 'DELETE', __FILE__); } // Notify the user that her Twitter bridge is down - $result = mail_twitter_bridge_removed($user); + if (isset($user->email)) { + + $result = mail_twitter_bridge_removed($user); - if (!$result) { + if (!$result) { - $msg = 'Unable to send email to notify ' . - "$user->nickname (user id: $user->id) " . - 'that their Twitter bridge link was ' . - 'removed!'; + $msg = 'Unable to send email to notify ' . + "$user->nickname (user id: $user->id) " . + 'that their Twitter bridge link was ' . + 'removed!'; - common_log(LOG_WARNING, $msg); + common_log(LOG_WARNING, $msg); + } } } diff --git a/lib/twitterapi.php b/lib/twitterapi.php index ab6c0d62c..583007208 100644 --- a/lib/twitterapi.php +++ b/lib/twitterapi.php @@ -186,7 +186,7 @@ class TwitterapiAction extends Action $twitter_status['favorited'] = false; } - # Enclosures + // Enclosures $attachments = $notice->attachments(); if (!empty($attachments)) { @@ -213,12 +213,50 @@ class TwitterapiAction extends Action return $twitter_status; } + function twitter_group_array($group) + { + $twitter_group=array(); + $twitter_group['id']=$group->id; + $twitter_group['url']=$group->permalink(); + $twitter_group['nickname']=$group->nickname; + $twitter_group['fullname']=$group->fullname; + $twitter_group['homepage_url']=$group->homepage_url; + $twitter_group['original_logo']=$group->original_logo; + $twitter_group['homepage_logo']=$group->homepage_logo; + $twitter_group['stream_logo']=$group->stream_logo; + $twitter_group['mini_logo']=$group->mini_logo; + $twitter_group['homepage']=$group->homepage; + $twitter_group['description']=$group->description; + $twitter_group['location']=$group->location; + $twitter_group['created']=$this->date_twitter($group->created); + $twitter_group['modified']=$this->date_twitter($group->modified); + return $twitter_group; + } + + function twitter_rss_group_array($group) + { + $entry = array(); + $entry['content']=$group->description; + $entry['title']=$group->nickname; + $entry['link']=$group->permalink(); + $entry['published']=common_date_iso8601($group->created); + $entry['updated']==common_date_iso8601($group->modified); + $taguribase = common_config('integration', 'groupuri'); + $entry['id'] = "group:$groupuribase:$entry[link]"; + + $entry['description'] = $entry['content']; + $entry['pubDate'] = common_date_rfc2822($group->created); + $entry['guid'] = $entry['link']; + + return $entry; + } + function twitter_rss_entry_array($notice) { $profile = $notice->getProfile(); $entry = array(); - # We trim() to avoid extraneous whitespace in the output + // We trim() to avoid extraneous whitespace in the output $entry['content'] = common_xml_safe_str(trim($notice->rendered)); $entry['title'] = $profile->nickname . ': ' . common_xml_safe_str(trim($notice->content)); @@ -231,7 +269,26 @@ class TwitterapiAction extends Action $entry['updated'] = $entry['published']; $entry['author'] = $profile->getBestName(); - # Enclosure + // Enclosures + $attachments = $notice->attachments(); + $enclosures = array(); + + foreach ($attachments as $attachment) { + if ($attachment->isEnclosure()) { + $enclosure = array(); + $enclosure['url'] = $attachment->url; + $enclosure['mimetype'] = $attachment->mimetype; + $enclosure['size'] = $attachment->size; + $enclosures[] = $enclosure; + } + } + + if (!empty($enclosures)) { + $entry['enclosures'] = $enclosures; + } + +/* + // Enclosure $attachments = $notice->attachments(); if($attachments){ $entry['enclosures']=array(); @@ -245,8 +302,20 @@ class TwitterapiAction extends Action } } } +*/ + + // Tags/Categories + $tag = new Notice_tag(); + $tag->notice_id = $notice->id; + if ($tag->find()) { + $entry['tags']=array(); + while ($tag->fetch()) { + $entry['tags'][]=$tag->tag; + } + } + $tag->free(); - # RSS Item specific + // RSS Item specific $entry['description'] = $entry['content']; $entry['pubDate'] = common_date_rfc2822($notice->created); $entry['guid'] = $entry['link']; @@ -382,6 +451,15 @@ class TwitterapiAction extends Action $this->elementEnd('status'); } + function show_twitter_xml_group($twitter_group) + { + $this->elementStart('group'); + foreach($twitter_group as $element => $value) { + $this->element($element, null, $value); + } + $this->elementEnd('group'); + } + function show_twitter_xml_user($twitter_user, $role='user') { $this->elementStart($role); @@ -419,10 +497,16 @@ class TwitterapiAction extends Action $this->element('link', null, $entry['link']); # RSS only supports 1 enclosure per item - if($entry['enclosures']){ + if(array_key_exists('enclosures', $entry) and !empty($entry['enclosures'])){ $enclosure = $entry['enclosures'][0]; $this->element('enclosure', array('url'=>$enclosure['url'],'type'=>$enclosure['mimetype'],'length'=>$enclosure['size']), null); } + + if(array_key_exists('tags', $entry)){ + foreach($entry['tags'] as $tag){ + $this->element('category', null,$tag); + } + } $this->elementEnd('item'); } @@ -578,6 +662,65 @@ class TwitterapiAction extends Action } + function show_rss_groups($group, $title, $link, $subtitle) + { + + $this->init_document('rss'); + + $this->elementStart('channel'); + $this->element('title', null, $title); + $this->element('link', null, $link); + $this->element('description', null, $subtitle); + $this->element('language', null, 'en-us'); + $this->element('ttl', null, '40'); + + if (is_array($group)) { + foreach ($group as $g) { + $twitter_group = $this->twitter_rss_group_array($g); + $this->show_twitter_rss_item($twitter_group); + } + } else { + while ($group->fetch()) { + $twitter_group = $this->twitter_rss_group_array($group); + $this->show_twitter_rss_item($twitter_group); + } + } + + $this->elementEnd('channel'); + $this->end_twitter_rss(); + } + + function show_atom_groups($group, $title, $id, $link, $subtitle=null, $selfuri=null) + { + + $this->init_document('atom'); + + $this->element('title', null, $title); + $this->element('id', null, $id); + $this->element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), null); + + if (!is_null($selfuri)) { + $this->element('link', array('href' => $selfuri, + 'rel' => 'self', 'type' => 'application/atom+xml'), null); + } + + $this->element('updated', null, common_date_iso8601('now')); + $this->element('subtitle', null, $subtitle); + + if (is_array($group)) { + foreach ($group as $g) { + $this->raw($g->asAtomEntry()); + } + } else { + while ($group->fetch()) { + $this->raw($group->asAtomEntry()); + } + } + + $this->end_document('atom'); + + } + function show_json_timeline($notice) { @@ -602,6 +745,68 @@ class TwitterapiAction extends Action $this->end_document('json'); } + function show_json_groups($group) + { + + $this->init_document('json'); + + $groups = array(); + + if (is_array($group)) { + foreach ($group as $g) { + $twitter_group = $this->twitter_group_array($g); + array_push($groups, $twitter_group); + } + } else { + while ($group->fetch()) { + $twitter_group = $this->twitter_group_array($group); + array_push($groups, $twitter_group); + } + } + + $this->show_json_objects($groups); + + $this->end_document('json'); + } + + function show_xml_groups($group) + { + + $this->init_document('xml'); + $this->elementStart('groups', array('type' => 'array')); + + if (is_array($group)) { + foreach ($group as $g) { + $twitter_group = $this->twitter_group_array($g); + $this->show_twitter_xml_group($twitter_group); + } + } else { + while ($group->fetch()) { + $twitter_group = $this->twitter_group_array($group); + $this->show_twitter_xml_group($twitter_group); + } + } + + $this->elementEnd('groups'); + $this->end_document('xml'); + } + + function show_single_json_group($group) + { + $this->init_document('json'); + $twitter_group = $this->twitter_group_array($group); + $this->show_json_objects($twitter_group); + $this->end_document('json'); + } + + function show_single_xml_group($group) + { + $this->init_document('xml'); + $twitter_group = $this->twitter_group_array($group); + $this->show_twitter_xml_group($twitter_group); + $this->end_document('xml'); + } + // Anyone know what date format this is? // Twitter's dates look like this: "Mon Jul 14 23:52:38 +0000 2008" -- Zach function date_twitter($dt) @@ -762,9 +967,9 @@ class TwitterapiAction extends Action $this->endXML(); } - function show_profile($profile, $content_type='xml', $notice=null) + function show_profile($profile, $content_type='xml', $notice=null, $includeStatuses=true) { - $profile_array = $this->twitter_user_array($profile, true); + $profile_array = $this->twitter_user_array($profile, $includeStatuses); switch ($content_type) { case 'xml': $this->show_twitter_xml_user($profile_array); diff --git a/lib/twitteroauthclient.php b/lib/twitteroauthclient.php new file mode 100644 index 000000000..b7dc4a80c --- /dev/null +++ b/lib/twitteroauthclient.php @@ -0,0 +1,220 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Class for doing OAuth calls against Twitter + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Integration + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @copyright 2008 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +/** + * Class for talking to the Twitter API with OAuth. + * + * @category Integration + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + * + */ +class TwitterOAuthClient extends OAuthClient +{ + public static $requestTokenURL = 'https://twitter.com/oauth/request_token'; + public static $authorizeURL = 'https://twitter.com/oauth/authorize'; + public static $accessTokenURL = 'https://twitter.com/oauth/access_token'; + + /** + * Constructor + * + * @param string $oauth_token the user's token + * @param string $oauth_token_secret the user's token secret + * + * @return nothing + */ + function __construct($oauth_token = null, $oauth_token_secret = null) + { + $consumer_key = common_config('twitter', 'consumer_key'); + $consumer_secret = common_config('twitter', 'consumer_secret'); + + parent::__construct($consumer_key, $consumer_secret, + $oauth_token, $oauth_token_secret); + } + + // XXX: the following two functions are to support the horrible hack + // of using the credentils field in Foreign_link to store both + // the access token and token secret. This hack should go away with + // 0.9, in which we can make DB changes and add a new column for the + // token itself. + + static function packToken($token) + { + return implode(chr(0), array($token->key, $token->secret)); + } + + static function unpackToken($str) + { + $vals = explode(chr(0), $str); + return new OAuthToken($vals[0], $vals[1]); + } + + /** + * Builds a link to Twitter's endpoint for authorizing a request token + * + * @param OAuthToken $request_token token to authorize + * + * @return the link + */ + function getAuthorizeLink($request_token) + { + return parent::getAuthorizeLink(self::$authorizeURL, + $request_token, + common_local_url('twitterauthorization')); + } + + /** + * Calls Twitter's /account/verify_credentials API method + * + * @return mixed the Twitter user + */ + function verifyCredentials() + { + $url = 'https://twitter.com/account/verify_credentials.json'; + $response = $this->oAuthGet($url); + $twitter_user = json_decode($response); + return $twitter_user; + } + + /** + * Calls Twitter's /stutuses/update API method + * + * @param string $status text of the status + * @param int $in_reply_to_status_id optional id of the status it's + * a reply to + * + * @return mixed the status + */ + function statusesUpdate($status, $in_reply_to_status_id = null) + { + $url = 'https://twitter.com/statuses/update.json'; + $params = array('status' => $status, + 'in_reply_to_status_id' => $in_reply_to_status_id); + $response = $this->oAuthPost($url, $params); + $status = json_decode($response); + return $status; + } + + /** + * Calls Twitter's /stutuses/friends_timeline API method + * + * @param int $since_id show statuses after this id + * @param int $max_id show statuses before this id + * @param int $cnt number of statuses to show + * @param int $page page number + * + * @return mixed an array of statuses + */ + function statusesFriendsTimeline($since_id = null, $max_id = null, + $cnt = null, $page = null) + { + + $url = 'https://twitter.com/statuses/friends_timeline.json'; + $params = array('since_id' => $since_id, + 'max_id' => $max_id, + 'count' => $cnt, + 'page' => $page); + $qry = http_build_query($params); + + if (!empty($qry)) { + $url .= "?$qry"; + } + + $response = $this->oAuthGet($url); + $statuses = json_decode($response); + return $statuses; + } + + /** + * Calls Twitter's /stutuses/friends API method + * + * @param int $id id of the user whom you wish to see friends of + * @param int $user_id numerical user id + * @param int $screen_name screen name + * @param int $page page number + * + * @return mixed an array of twitter users and their latest status + */ + function statusesFriends($id = null, $user_id = null, $screen_name = null, + $page = null) + { + $url = "https://twitter.com/statuses/friends.json"; + + $params = array('id' => $id, + 'user_id' => $user_id, + 'screen_name' => $screen_name, + 'page' => $page); + $qry = http_build_query($params); + + if (!empty($qry)) { + $url .= "?$qry"; + } + + $response = $this->oAuthGet($url); + $friends = json_decode($response); + return $friends; + } + + /** + * Calls Twitter's /stutuses/friends/ids API method + * + * @param int $id id of the user whom you wish to see friends of + * @param int $user_id numerical user id + * @param int $screen_name screen name + * @param int $page page number + * + * @return mixed a list of ids, 100 per page + */ + function friendsIds($id = null, $user_id = null, $screen_name = null, + $page = null) + { + $url = "https://twitter.com/friends/ids.json"; + + $params = array('id' => $id, + 'user_id' => $user_id, + 'screen_name' => $screen_name, + 'page' => $page); + $qry = http_build_query($params); + + if (!empty($qry)) { + $url .= "?$qry"; + } + + $response = $this->oAuthGet($url); + $ids = json_decode($response); + return $ids; + } + +} diff --git a/lib/util.php b/lib/util.php index 9e8ec41d2..c8e318efe 100644 --- a/lib/util.php +++ b/lib/util.php @@ -140,7 +140,7 @@ function common_have_session() function common_ensure_session() { $c = null; - if (array_key_exists(session_name, $_COOKIE)) { + if (array_key_exists(session_name(), $_COOKIE)) { $c = $_COOKIE[session_name()]; } if (!common_have_session()) { @@ -404,7 +404,7 @@ function common_render_text($text) $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r); $r = common_replace_urls_callback($r, 'common_linkify'); - $r = preg_replace('/(^|\(|\[|\s+)#([A-Za-z0-9_\-\.]{1,64})/e', "'\\1#'.common_tag_link('\\2')", $r); + $r = preg_replace('/(^|\(|\[|\s+)#([\pL\pN_\-\.]{1,64})/e', "'\\1#'.common_tag_link('\\2')", $r); // XXX: machine tags return $r; } @@ -414,9 +414,9 @@ function common_replace_urls_callback($text, $callback, $notice_id = null) { $regex = '#'. '(?:'. '(?:'. - '(?:https?|ftps?|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|xmpp|irc)://'. + '(?:https?|ftps?|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|irc)://'. '|'. - '(?:mailto|aim|tel):'. + '(?:mailto|aim|tel|xmpp):'. ')'. '[^.\s]+\.[^\s]+'. '|'. @@ -595,7 +595,8 @@ function common_tag_link($tag) function common_canonical_tag($tag) { - return strtolower(str_replace(array('-', '_', '.'), '', $tag)); + $tag = mb_convert_case($tag, MB_CASE_LOWER, "UTF-8"); + return str_replace(array('-', '_', '.'), '', $tag); } function common_valid_profile_tag($str) @@ -1409,20 +1410,21 @@ function common_client_ip() return null; } - if ($_SERVER['HTTP_X_FORWARDED_FOR']) { - if ($_SERVER['HTTP_CLIENT_IP']) { + if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { + if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) { $proxy = $_SERVER['HTTP_CLIENT_IP']; } else { $proxy = $_SERVER['REMOTE_ADDR']; } $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { - if ($_SERVER['HTTP_CLIENT_IP']) { + $proxy = null; + if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) { $ip = $_SERVER['HTTP_CLIENT_IP']; } else { $ip = $_SERVER['REMOTE_ADDR']; } } - return array($ip, $proxy); + return array($proxy, $ip); } diff --git a/lighttpd.conf.example b/lighttpd.conf.example new file mode 100644 index 000000000..b8baafc9e --- /dev/null +++ b/lighttpd.conf.example @@ -0,0 +1,2 @@ +# Add this line to lighttpd.conf to enable pseudo-rewrites using 404s +server.error-handler-404 = "/index.php" diff --git a/plugins/Autocomplete/Autocomplete.js b/plugins/Autocomplete/Autocomplete.js new file mode 100644 index 000000000..e799c11e5 --- /dev/null +++ b/plugins/Autocomplete/Autocomplete.js @@ -0,0 +1,38 @@ +$(document).ready(function(){ + $.getJSON($('address .url')[0].href+'/api/statuses/friends.json?user_id=' + current_user['id'] + '&lite=true&callback=?', + function(friends){ + $('#notice_data-text').autocomplete(friends, { + multiple: true, + multipleSeparator: " ", + minChars: 1, + formatItem: function(row, i, max){ + return '@' + row.screen_name + ' (' + row.name + ')'; + }, + formatMatch: function(row, i, max){ + return '@' + row.screen_name; + }, + formatResult: function(row){ + return '@' + row.screen_name; + } + }); + } + ); + $.getJSON($('address .url')[0].href+'/api/laconica/groups/list.json?user_id=' + current_user['id'] + '&callback=?', + function(groups){ + $('#notice_data-text').autocomplete(groups, { + multiple: true, + multipleSeparator: " ", + minChars: 1, + formatItem: function(row, i, max){ + return '!' + row.nickname + ' (' + row.fullname + ')'; + }, + formatMatch: function(row, i, max){ + return '!' + row.nickname; + }, + formatResult: function(row){ + return '!' + row.nickname; + } + }); + } + ); +}); diff --git a/plugins/Autocomplete/AutocompletePlugin.php b/plugins/Autocomplete/AutocompletePlugin.php new file mode 100644 index 000000000..58b6a84ca --- /dev/null +++ b/plugins/Autocomplete/AutocompletePlugin.php @@ -0,0 +1,63 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Plugin to enable nickname completion in the enter status box + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package Laconica + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +class AutocompletePlugin extends Plugin +{ + function __construct() + { + parent::__construct(); + } + + function onEndShowScripts($action){ + if (common_logged_in()) { + $current_user = common_current_user(); + $js_string = <<<EOT +<script type="text/javascript"> +var current_user = { id: '$current_user->id' }; +</script> +EOT; + $action->raw($js_string); + $action->script('plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.pack.js'); + $action->script('plugins/Autocomplete/Autocomplete.js'); + } + } + + function onEndShowLaconicaStyles($action) + { + if (common_logged_in()) { + $action->cssLink('plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.css'); + } + } + +} +?> diff --git a/plugins/Autocomplete/jquery-autocomplete/changelog.txt b/plugins/Autocomplete/jquery-autocomplete/changelog.txt new file mode 100644 index 000000000..94cb5ccde --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/changelog.txt @@ -0,0 +1,20 @@ +1.0.2 +----- +* Fixed missing semicolon + +1.0.1 +----- +* Fixed element creation (<ul> to <ul/> and <li> to </li>) +* Fixed ac_even class (was ac_event) +* Fixed bgiframe usage: now its really optional +* Removed the blur-on-return workaround, added a less obtrusive one only for Opera +* Fixed hold cursor keys: Opera needs keypress, everyone else keydown to scroll through result list when holding cursor key +* Updated package to jQuery 1.2.5, removing dimensions +* Fixed multiple-mustMatch: Remove only the last term when no match is found +* Fixed multiple without mustMatch: Don't select the last active when no match is found (on tab/return) +* Fixed multiple cursor position: Put cursor at end of input after selecting a value + +1.0 +--- + +* First release.
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/bg.gif b/plugins/Autocomplete/jquery-autocomplete/demo/bg.gif Binary files differnew file mode 100644 index 000000000..846add071 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/bg.gif diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/emails.php b/plugins/Autocomplete/jquery-autocomplete/demo/emails.php new file mode 100644 index 000000000..f79b10e4a --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/emails.php @@ -0,0 +1,23 @@ +<?php +$q = strtolower($_GET["q"]); +if (!$q) return; +$items = array( + "Peter Pan"=>"peter@pan.de", + "Molly"=>"molly@yahoo.com", + "Forneria Marconi"=>"live@japan.jp", + "Master Sync"=>"205bw@samsung.com", + "Dr. Tech de Log"=>"g15@logitech.com", + "Don Corleone"=>"don@vegas.com", + "Mc Chick"=>"info@donalds.org", + "Donnie Darko"=>"dd@timeshift.info", + "Quake The Net"=>"webmaster@quakenet.org", + "Dr. Write"=>"write@writable.com" +); + +echo "["; +foreach ($items as $key=>$value) { + if (strpos(strtolower($key), $q) !== false) { + echo "{ name: \"$key\", to: \"$value\" }, "; + } +} +echo "]";
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/emails.phps b/plugins/Autocomplete/jquery-autocomplete/demo/emails.phps new file mode 100644 index 000000000..f79b10e4a --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/emails.phps @@ -0,0 +1,23 @@ +<?php +$q = strtolower($_GET["q"]); +if (!$q) return; +$items = array( + "Peter Pan"=>"peter@pan.de", + "Molly"=>"molly@yahoo.com", + "Forneria Marconi"=>"live@japan.jp", + "Master Sync"=>"205bw@samsung.com", + "Dr. Tech de Log"=>"g15@logitech.com", + "Don Corleone"=>"don@vegas.com", + "Mc Chick"=>"info@donalds.org", + "Donnie Darko"=>"dd@timeshift.info", + "Quake The Net"=>"webmaster@quakenet.org", + "Dr. Write"=>"write@writable.com" +); + +echo "["; +foreach ($items as $key=>$value) { + if (strpos(strtolower($key), $q) !== false) { + echo "{ name: \"$key\", to: \"$value\" }, "; + } +} +echo "]";
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images.php b/plugins/Autocomplete/jquery-autocomplete/demo/images.php new file mode 100644 index 000000000..407645c06 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images.php @@ -0,0 +1,9 @@ +<?php +$term = $_REQUEST['q']; +$images = array_slice(scandir("images"), 2); +foreach($images as $value) { + if( strpos(strtolower($value), $term) === 0 ) { + echo $value . "\n"; + } +} +?> diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam Van-Gogh Museum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam Van-Gogh Museum.jpg Binary files differnew file mode 100644 index 000000000..025328c7d --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam Van-Gogh Museum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam.jpg Binary files differnew file mode 100644 index 000000000..5f019bdfd --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Amsterdam.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen Rubenshaus.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen Rubenshaus.jpg Binary files differnew file mode 100644 index 000000000..7f5d01f71 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen Rubenshaus.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen.jpg Binary files differnew file mode 100644 index 000000000..46f74a3d1 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Antwerpen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Appenzell.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Appenzell.jpg Binary files differnew file mode 100644 index 000000000..1691ed954 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Appenzell.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Arnhem Historisches Museum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Arnhem Historisches Museum.jpg Binary files differnew file mode 100644 index 000000000..276f88a31 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Arnhem Historisches Museum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled.jpg Binary files differnew file mode 100644 index 000000000..bdcae3184 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled_Die Burg von Bled.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled_Die Burg von Bled.jpg Binary files differnew file mode 100644 index 000000000..355108409 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bled_Die Burg von Bled.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bogojina_Die Pfarrkirche.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bogojina_Die Pfarrkirche.jpg Binary files differnew file mode 100644 index 000000000..3e0cd5099 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bogojina_Die Pfarrkirche.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaBasilicadiSanPetronio.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaBasilicadiSanPetronio.jpg Binary files differnew file mode 100644 index 000000000..ef2153593 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaBasilicadiSanPetronio.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaFontanadelNettuno.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaFontanadelNettuno.jpg Binary files differnew file mode 100644 index 000000000..0f5b576d5 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaFontanadelNettuno.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaPiazzaMaggiore.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaPiazzaMaggiore.jpg Binary files differnew file mode 100644 index 000000000..48449cf1e --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BolognaPiazzaMaggiore.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Martinikerk.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Martinikerk.jpg Binary files differnew file mode 100644 index 000000000..6df035af4 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Martinikerk.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Stadhuis.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Stadhuis.jpg Binary files differnew file mode 100644 index 000000000..7c141012d --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward Stadhuis.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward.jpg Binary files differnew file mode 100644 index 000000000..84dd775af --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bolsward.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxND.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxND.jpg Binary files differnew file mode 100644 index 000000000..242ecefc3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxND.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxPlaceB.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxPlaceB.jpg Binary files differnew file mode 100644 index 000000000..026b4014d --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BordeauxPlaceB.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/BotanischerGartenZuerich.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/BotanischerGartenZuerich.jpg Binary files differnew file mode 100644 index 000000000..5ee9535ef --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/BotanischerGartenZuerich.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Bouillon.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bouillon.jpg Binary files differnew file mode 100644 index 000000000..72638cfd8 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Bouillon.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent Hotel de Ville2.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent Hotel de Ville2.jpg Binary files differnew file mode 100644 index 000000000..9084f6f47 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent Hotel de Ville2.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent.jpg Binary files differnew file mode 100644 index 000000000..ebbd6df49 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gent.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuaStrand.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuaStrand.jpg Binary files differnew file mode 100644 index 000000000..d52af3c79 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuaStrand.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuabeiNacht.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuabeiNacht.jpg Binary files differnew file mode 100644 index 000000000..f2a371036 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/GenuabeiNacht.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Giessbachfaelle Brienz.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Giessbachfaelle Brienz.jpg Binary files differnew file mode 100644 index 000000000..096319267 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Giessbachfaelle Brienz.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Giethoorn.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Giethoorn.jpg Binary files differnew file mode 100644 index 000000000..a6f7b0f4c --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Giethoorn.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Gnesen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gnesen.jpg Binary files differnew file mode 100644 index 000000000..e8825a846 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gnesen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Gornij Grad_KATHEDRALE.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gornij Grad_KATHEDRALE.jpg Binary files differnew file mode 100644 index 000000000..47cce10d3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gornij Grad_KATHEDRALE.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Gossensass.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gossensass.jpg Binary files differnew file mode 100644 index 000000000..6aba6d373 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Gossensass.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Grad_Burg Grad2.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Grad_Burg Grad2.jpg Binary files differnew file mode 100644 index 000000000..5bf35ad85 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Grad_Burg Grad2.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/GrandDixence.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrandDixence.jpg Binary files differnew file mode 100644 index 000000000..09464d7ce --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrandDixence.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/GrenoblePanorama.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrenoblePanorama.jpg Binary files differnew file mode 100644 index 000000000..d4d0d1bb3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrenoblePanorama.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Groningen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Groningen.jpg Binary files differnew file mode 100644 index 000000000..0068a86f3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Groningen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/GrottenvonReclere.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrottenvonReclere.jpg Binary files differnew file mode 100644 index 000000000..74d6b3d3f --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/GrottenvonReclere.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Guebwiller.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Guebwiller.jpg Binary files differnew file mode 100644 index 000000000..e31f924c4 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Guebwiller.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Kamnik_Die Franziskaner Bibliothek.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Kamnik_Die Franziskaner Bibliothek.jpg Binary files differnew file mode 100644 index 000000000..1de470593 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Kamnik_Die Franziskaner Bibliothek.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Karlsbad Muehlbrunnkolonnade.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Karlsbad Muehlbrunnkolonnade.jpg Binary files differnew file mode 100644 index 000000000..86caa2049 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Karlsbad Muehlbrunnkolonnade.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Kazimierz.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Kazimierz.jpg Binary files differnew file mode 100644 index 000000000..62c265074 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Kazimierz.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/KirchbergAltesRathaus1.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/KirchbergAltesRathaus1.jpg Binary files differnew file mode 100644 index 000000000..6f4d018c4 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/KirchbergAltesRathaus1.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/KlagenfurtDom.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/KlagenfurtDom.jpg Binary files differnew file mode 100644 index 000000000..ac9faad2f --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/KlagenfurtDom.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/KleineMeerjungfreu.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/KleineMeerjungfreu.jpg Binary files differnew file mode 100644 index 000000000..b5b13c193 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/KleineMeerjungfreu.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/LazienkiparkWarschau.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/LazienkiparkWarschau.jpg Binary files differnew file mode 100644 index 000000000..c0b114483 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/LazienkiparkWarschau.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/LeHavreHafen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/LeHavreHafen.jpg Binary files differnew file mode 100644 index 000000000..9fc38d016 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/LeHavreHafen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/LeMans.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/LeMans.jpg Binary files differnew file mode 100644 index 000000000..d919de7da --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/LeMans.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Lednice.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lednice.jpg Binary files differnew file mode 100644 index 000000000..726248044 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lednice.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden Fries Museum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden Fries Museum.jpg Binary files differnew file mode 100644 index 000000000..6d93e3478 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden Fries Museum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden.jpg Binary files differnew file mode 100644 index 000000000..c0f78c0cf --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leeuwarden.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Lelystad.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lelystad.jpg Binary files differnew file mode 100644 index 000000000..be794f3cd --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lelystad.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Lemmer.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lemmer.jpg Binary files differnew file mode 100644 index 000000000..41d8996b2 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lemmer.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Leper Halles aux draps.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leper Halles aux draps.jpg Binary files differnew file mode 100644 index 000000000..cb3138d65 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leper Halles aux draps.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven Museum fuer Kirchenkunst.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven Museum fuer Kirchenkunst.jpg Binary files differnew file mode 100644 index 000000000..235869079 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven Museum fuer Kirchenkunst.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven.jpg Binary files differnew file mode 100644 index 000000000..3e4d5f3b3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Leuven.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Luxemburg.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Luxemburg.jpg Binary files differnew file mode 100644 index 000000000..3aaafc9cb --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Luxemburg.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernAltstadt.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernAltstadt.jpg Binary files differnew file mode 100644 index 000000000..47ebd5d1e --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernAltstadt.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernPicassoMuseum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernPicassoMuseum.jpg Binary files differnew file mode 100644 index 000000000..08fbb5a0e --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/LuzernPicassoMuseum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Lyon.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lyon.jpg Binary files differnew file mode 100644 index 000000000..7a3eda9d0 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Lyon.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Onze Lieve Vrou...jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Onze Lieve Vrou...jpg Binary files differnew file mode 100644 index 000000000..1474bb092 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Onze Lieve Vrou...jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht St Servaasbasiliek.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht St Servaasbasiliek.jpg Binary files differnew file mode 100644 index 000000000..c41e1aa17 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht St Servaasbasiliek.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Walmuur.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Walmuur.jpg Binary files differnew file mode 100644 index 000000000..75fb02750 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht Walmuur.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht.jpg Binary files differnew file mode 100644 index 000000000..4dcb6d5d1 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Maastricht.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/MagiatalMaggia.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/MagiatalMaggia.jpg Binary files differnew file mode 100644 index 000000000..42ff384d9 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/MagiatalMaggia.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Mailand3.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Mailand3.jpg Binary files differnew file mode 100644 index 000000000..863e198f2 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Mailand3.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Metlika_Bela Krajina Museum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Metlika_Bela Krajina Museum.jpg Binary files differnew file mode 100644 index 000000000..47d24d70b --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Metlika_Bela Krajina Museum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoCastelloSforzesco.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoCastelloSforzesco.jpg Binary files differnew file mode 100644 index 000000000..b430de520 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoCastelloSforzesco.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoDom.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoDom.jpg Binary files differnew file mode 100644 index 000000000..0a5eef4a4 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilanoDom.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/MilazzoBurg.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilazzoBurg.jpg Binary files differnew file mode 100644 index 000000000..01226a323 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/MilazzoBurg.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Novo Mesto_Das Museum.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Novo Mesto_Das Museum.jpg Binary files differnew file mode 100644 index 000000000..452076124 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Novo Mesto_Das Museum.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/ObervellachBurgFalkenstein.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/ObervellachBurgFalkenstein.jpg Binary files differnew file mode 100644 index 000000000..d502ff483 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/ObervellachBurgFalkenstein.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/OdenseeAndersen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/OdenseeAndersen.jpg Binary files differnew file mode 100644 index 000000000..f131b7608 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/OdenseeAndersen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Olimje_Kirche und Apotheke in Olimje.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Olimje_Kirche und Apotheke in Olimje.jpg Binary files differnew file mode 100644 index 000000000..16ea33fb3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Olimje_Kirche und Apotheke in Olimje.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Olomouc.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Olomouc.jpg Binary files differnew file mode 100644 index 000000000..d9a7641f3 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Olomouc.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/OlympischesMuseumLausanne.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/OlympischesMuseumLausanne.jpg Binary files differnew file mode 100644 index 000000000..37a267ae5 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/OlympischesMuseumLausanne.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansMaisonJeannedArc.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansMaisonJeannedArc.jpg Binary files differnew file mode 100644 index 000000000..220ad08fa --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansMaisonJeannedArc.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansParcFloraldelaSource.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansParcFloraldelaSource.jpg Binary files differnew file mode 100644 index 000000000..171e56de8 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/OrleansParcFloraldelaSource.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/OstiaAntica.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/OstiaAntica.jpg Binary files differnew file mode 100644 index 000000000..b505ec7fd --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/OstiaAntica.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Ostrow Tumski.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Ostrow Tumski.jpg Binary files differnew file mode 100644 index 000000000..91cae01be --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Ostrow Tumski.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/PoertschachSchlossLeonstain.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/PoertschachSchlossLeonstain.jpg Binary files differnew file mode 100644 index 000000000..9e958b7df --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/PoertschachSchlossLeonstain.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Portoroz.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Portoroz.jpg Binary files differnew file mode 100644 index 000000000..bbad5aa81 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Portoroz.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Posen.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Posen.jpg Binary files differnew file mode 100644 index 000000000..791c46f2a --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Posen.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Postojna.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Postojna.jpg Binary files differnew file mode 100644 index 000000000..ec2a6be8f --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Postojna.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Altstaedter Ring.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Altstaedter Ring.jpg Binary files differnew file mode 100644 index 000000000..9f13fd367 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Altstaedter Ring.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Waldsteinpalais.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Waldsteinpalais.jpg Binary files differnew file mode 100644 index 000000000..718b4e8d9 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Prag Waldsteinpalais.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/RouenNotreDame.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/RouenNotreDame.jpg Binary files differnew file mode 100644 index 000000000..4e0845342 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/RouenNotreDame.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/Salzbergwerk Bex.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/Salzbergwerk Bex.jpg Binary files differnew file mode 100644 index 000000000..29bdfe029 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/Salzbergwerk Bex.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzbergwerkWieliczka.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzbergwerkWieliczka.jpg Binary files differnew file mode 100644 index 000000000..745b18501 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzbergwerkWieliczka.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgFestungHohensalzburg.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgFestungHohensalzburg.jpg Binary files differnew file mode 100644 index 000000000..c3e9f7428 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgFestungHohensalzburg.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgResidenz.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgResidenz.jpg Binary files differnew file mode 100644 index 000000000..eca7e6022 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/SalzburgResidenz.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMuseumsQuartier.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMuseumsQuartier.jpg Binary files differnew file mode 100644 index 000000000..4e2262cac --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMuseumsQuartier.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMusikverein.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMusikverein.jpg Binary files differnew file mode 100644 index 000000000..477bafceb --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienMusikverein.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRiesenrad.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRiesenrad.jpg Binary files differnew file mode 100644 index 000000000..0013657e7 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRiesenrad.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRingstrasse.jpg b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRingstrasse.jpg Binary files differnew file mode 100644 index 000000000..9543af9b9 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/images/WienRingstrasse.jpg diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/index.html b/plugins/Autocomplete/jquery-autocomplete/demo/index.html new file mode 100644 index 000000000..977483e04 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/index.html @@ -0,0 +1,272 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + +<title>jQuery Autocomplete Plugin</title> +<script type="text/javascript" src="../lib/jquery.js"></script> +<script type='text/javascript' src='../lib/jquery.bgiframe.min.js'></script> +<script type='text/javascript' src='../lib/jquery.ajaxQueue.js'></script> +<script type='text/javascript' src='../lib/thickbox-compressed.js'></script> +<script type='text/javascript' src='../jquery.autocomplete.js'></script>
+<script type='text/javascript' src='localdata.js'></script> +<link rel="stylesheet" type="text/css" href="main.css" /> +<link rel="stylesheet" type="text/css" href="../jquery.autocomplete.css" /> +<link rel="stylesheet" type="text/css" href="../lib/thickbox.css" /> + +<script type="text/javascript"> +$().ready(function() { + + function findValueCallback(event, data, formatted) {
+ $("<li>").html( !data ? "No match!" : "Selected: " + formatted).appendTo("#result"); + } + + function formatItem(row) { + return row[0] + " (<strong>id: " + row[1] + "</strong>)"; + } + function formatResult(row) { + return row[0].replace(/(<.+?>)/gi, ''); + } + + $("#suggest1").autocomplete(cities); + $("#month").autocomplete(months, { + minChars: 0, + max: 12, + autoFill: true, + mustMatch: true, + matchContains: false, + scrollHeight: 220, + formatItem: function(data, i, total) { + // don't show the current month in the list of values (for whatever reason) + if ( data[0] == months[new Date().getMonth()] ) + return false; + return data[0]; + } + }); + $("#suggest13").autocomplete(emails, { + minChars: 0, + width: 310,
+ matchContains: true, + autoFill: false, + formatItem: function(row, i, max) { + return i + "/" + max + ": \"" + row.name + "\" [" + row.to + "]"; + }, + formatMatch: function(row, i, max) { + return row.name + " " + row.to; + }, + formatResult: function(row) { + return row.to; + } + });
+ $("#singleBirdRemote").autocomplete("search.php", {
+ width: 260,
+ selectFirst: false
+ });
+ $("#suggest14").autocomplete(cities, { + matchContains: true, + minChars: 0 + }); + $("#suggest3").autocomplete(cities, { + multiple: true, + mustMatch: true, + autoFill: true + }); + $("#suggest4").autocomplete('search.php', { + width: 300, + multiple: true, + matchContains: true, + formatItem: formatItem, + formatResult: formatResult
+ }); + $("#imageSearch").autocomplete("images.php", { + width: 320, + max: 4, + highlight: false, + scroll: true, + scrollHeight: 300, + formatItem: function(data, i, n, value) { + return "<img src='images/" + value + "'/> " + value.split(".")[0]; + }, + formatResult: function(data, value) { + return value.split(".")[0]; + } + }); + $("#tags").autocomplete(["c++", "java", "php", "coldfusion", "javascript", "asp"], { + width: 320, + max: 4, + highlight: false, + multiple: true, + multipleSeparator: " ", + scroll: true, + scrollHeight: 300 + }); + + + $(":text, textarea").result(findValueCallback).next().click(function() {
+ $(this).prev().search();
+ }); + $("#singleBirdRemote").result(function(event, data, formatted) { + if (data) + $(this).parent().next().find("input").val(data[1]); + }); + $("#suggest4").result(function(event, data, formatted) { + var hidden = $(this).parent().next().find(">:input"); + hidden.val( (hidden.val() ? hidden.val() + ";" : hidden.val()) + data[1]); + }); + $("#suggest15").autocomplete(cities, { scroll: true } ); + $("#scrollChange").click(changeScrollHeight); + + $("#thickboxEmail").autocomplete(emails, { + minChars: 0, + width: 310, + matchContains: true, + highlightItem: false, + formatItem: function(row, i, max, term) { + return row.name.replace(new RegExp("(" + term + ")", "gi"), "<strong>$1</strong>") + "<br><span style='font-size: 80%;'>Email: <" + row.to + "></span>"; + }, + formatResult: function(row) { + return row.to; + } + }); + + $("#clear").click(function() { + $(":input").unautocomplete(); + }); +}); + +function changeOptions(){ + var max = parseInt(window.prompt('Please type number of items to display:', jQuery.Autocompleter.defaults.max)); + if (max > 0) { + $("#suggest1").setOptions({ + max: max + }); + } +} + +function changeScrollHeight() { + var h = parseInt(window.prompt('Please type new scroll height (number in pixels):', jQuery.Autocompleter.defaults.scrollHeight)); + if(h > 0) { + $("#suggest1").setOptions({ + scrollHeight: h + }); + } +} + +function changeToMonths(){ + $("#suggest1") + // clear existing data + .val("") + // change the local data to months + .setOptions({data: months}) + // get the label tag + .prev() + // update the label tag + .text("Month (local):"); +} +</script> + +</head> + +<body> + +<h1 id="banner"><a href="http://bassistance.de/jquery-plugins/jquery-plugin-autocomplete/">jQuery Autocomplete Plugin</a> Demo</h1> + +<div id="content"> + + <form autocomplete="off"> + <p> + <label>Single City (local):</label> + <input type="text" id="suggest1" /> + <input type="button" value="Get Value" /> + <input type="button" value="Change Max Items" onclick="changeOptions();" /> + <input type="button" value="Change to Month Data" onclick="changeToMonths();" /> + <input type="button" value="Change scroll height" id="scrollChange" /> + </p> + <p> + <label>Month (local):</label> + <input type="text" id="month" /> + <input type="button" value="Get Value" /> + (Current month is excluded from list) + </p> + <p> + <label>E-Mail (local):</label> + <input type="text" id="suggest13" /> + <input type="button" value="Get Value" /> + </p> + <p> + <label>Single Bird (remote):</label> + <input type="text" id="singleBirdRemote" /> + <input type="button" value="Get Value" /> + </p> + <p> + <label>Hidden input</label> + <input /> + </p> + <p> + <label>Single City (contains):</label> + <input type="text" id="suggest14" /> + <input type="button" value="Get Value" /> + </p> + <p>
+ <label>Multiple Cities (local):</label>
+ <textarea id='suggest3' cols='40' rows='3'></textarea>
+ <input type="button" value="Get Value" />
+ </p>
+ <p> + <label>Multiple Birds (remote):</label> + <textarea id='suggest4'></textarea>
+ <input type="button" value="Get Value" /> + </p> + <p> + <label>Hidden input</label> + <textarea></textarea> + </p> + <p> + <label>Image search (remote):</label> + <input type="text" id='imageSearch' /> + <input type="button" value="Get Value" /> + </p> + <p> + <label>Tags (local):</label> + <input type="text" id='tags' /> + <input type="button" value="Get Value" /> + </p> + <p> + <label>Some dropdown (<3 IE):</label> + <select> + <option value="">Item 12334455</option> + <option value="2">Item 2</option> + <option value="3">Item 3</option> + <option value="4">Item 4</option> + </select> + </p> + + <input type="submit" value="Submit" /> + </form> + + <p> + <a href="#TB_inline?height=155&width=400&inlineId=modalWindow" class="thickbox">Click here for an autocomplete inside a thickbox window.</a> (this should work even if it is beyond the fold) + </p> + + <div id="modalWindow" style="display: none;"> + <p> + <label>E-Mail (local):</label> + <input type="text" id="thickboxEmail" /> + <input type="button" value="Get Value" /> + </p> + </div> + + <button id="clear">Remove all autocompletes</button> + + <a href="search.phps">PHP script used to for remote autocomplete</a> + + <h3>Result:</h3> <ol id="result"></ol> + +</div> +<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> +</script> +<script type="text/javascript"> +_uacct = "UA-2623402-1"; +urchinTracker(); +</script> +</body> +</html> diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/indicator.gif b/plugins/Autocomplete/jquery-autocomplete/demo/indicator.gif Binary files differnew file mode 100644 index 000000000..085ccaeca --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/indicator.gif diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/json.html b/plugins/Autocomplete/jquery-autocomplete/demo/json.html new file mode 100644 index 000000000..9ed974faf --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/json.html @@ -0,0 +1,68 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + +<title>jQuery Autocomplete Plugin</title> +<script type="text/javascript" src="../lib/jquery.js"></script> +<script type='text/javascript' src='../lib/jquery.bgiframe.min.js'></script> +<script type='text/javascript' src='../lib/jquery.ajaxQueue.js'></script> +<script type='text/javascript' src='../lib/thickbox-compressed.js'></script> +<script type='text/javascript' src='../jquery.autocomplete.js'></script>
+<script type='text/javascript' src='localdata.js'></script> +<link rel="stylesheet" type="text/css" href="main.css" /> +<link rel="stylesheet" type="text/css" href="../jquery.autocomplete.css" /> +<link rel="stylesheet" type="text/css" href="../lib/thickbox.css" /> + +<script type="text/javascript"> +$(function() { + function format(mail) { + return mail.name + " <" + mail.to + ">"; + } + $("#email").autocomplete('emails.php', { + multiple: true, + parse: function(data) { + return $.map(eval(data), function(row) { + return { + data: row, + value: row.name, + result: row.name + " <" + row.to + ">" + } + }); + }, + formatItem: function(item) { + return format(item); + } + }).result(function(e, item) { + $("#content").append("<p>selected " + format(item) + "</p>"); + }); +}); +</script> + +</head> + +<body> + +<h1 id="banner"><a href="http://bassistance.de/jquery-plugins/jquery-plugin-autocomplete/">jQuery Autocomplete Plugin</a> Demo</h1> + +<div id="content"> + + <form autocomplete="off"> + <p> + <label>E-Mail (remote json):</label> + <textarea cols="120" id="email"></textarea> + </p> + + <input type="submit" value="Submit" /> + </form> + + <a href="emails.phps">Server-side script creating the JSON data</a> + +</div> +<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> +</script> +<script type="text/javascript"> +_uacct = "UA-2623402-1"; +urchinTracker(); +</script> +</body> +</html> diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/localdata.js b/plugins/Autocomplete/jquery-autocomplete/demo/localdata.js new file mode 100644 index 000000000..6015f7c82 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/localdata.js @@ -0,0 +1,216 @@ +var months = ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'];
+var emails = [
+ { name: "Peter Pan", to: "peter@pan.de" },
+ { name: "Molly", to: "molly@yahoo.com" },
+ { name: "Forneria Marconi", to: "live@japan.jp" },
+ { name: "Master <em>Sync</em>", to: "205bw@samsung.com" },
+ { name: "Dr. <strong>Tech</strong> de Log", to: "g15@logitech.com" },
+ { name: "Don Corleone", to: "don@vegas.com" },
+ { name: "Mc Chick", to: "info@donalds.org" },
+ { name: "Donnie Darko", to: "dd@timeshift.info" },
+ { name: "Quake The Net", to: "webmaster@quakenet.org" },
+ { name: "Dr. Write", to: "write@writable.com" }
+];
+var cities = [
+ "Aberdeen", "Ada", "Adamsville", "Addyston", "Adelphi", "Adena", "Adrian", "Akron",
+ "Albany", "Alexandria", "Alger", "Alledonia", "Alliance", "Alpha", "Alvada",
+ "Alvordton", "Amanda", "Amelia", "Amesville", "Amherst", "Amlin", "Amsden",
+ "Amsterdam", "Andover", "Anna", "Ansonia", "Antwerp", "Apple Creek", "Arcadia",
+ "Arcanum", "Archbold", "Arlington", "Ashland", "Ashley", "Ashtabula", "Ashville",
+ "Athens", "Attica", "Atwater", "Augusta", "Aurora", "Austinburg", "Ava", "Avon",
+ "Avon Lake", "Bainbridge", "Bakersville", "Baltic", "Baltimore", "Bannock",
+ "Barberton", "Barlow", "Barnesville", "Bartlett", "Barton", "Bascom", "Batavia",
+ "Bath", "Bay Village", "Beach City", "Beachwood", "Beallsville", "Beaver",
+ "Beaverdam", "Bedford", "Bellaire", "Bellbrook", "Belle Center", "Belle Valley",
+ "Bellefontaine", "Bellevue", "Bellville", "Belmont", "Belmore", "Beloit", "Belpre",
+ "Benton Ridge", "Bentonville", "Berea", "Bergholz", "Berkey", "Berlin",
+ "Berlin Center", "Berlin Heights", "Bethel", "Bethesda", "Bettsville", "Beverly",
+ "Bidwell", "Big Prairie", "Birmingham", "Blacklick", "Bladensburg", "Blaine",
+ "Blakeslee", "Blanchester", "Blissfield", "Bloomdale", "Bloomingburg",
+ "Bloomingdale", "Bloomville", "Blue Creek", "Blue Rock", "Bluffton",
+ "Bolivar", "Botkins", "Bourneville", "Bowerston", "Bowersville",
+ "Bowling Green", "Bradford", "Bradner", "Brady Lake", "Brecksville",
+ "Bremen", "Brewster", "Brice", "Bridgeport", "Brilliant", "Brinkhaven",
+ "Bristolville", "Broadview Heights", "Broadway", "Brookfield", "Brookpark",
+ "Brookville", "Brownsville", "Brunswick", "Bryan", "Buchtel", "Buckeye Lake",
+ "Buckland", "Bucyrus", "Buffalo", "Buford", "Burbank", "Burghill", "Burgoon",
+ "Burkettsville", "Burton", "Butler", "Byesville", "Cable", "Cadiz", "Cairo",
+ "Caldwell", "Caledonia", "Cambridge", "Camden", "Cameron", "Camp Dennison",
+ "Campbell", "Canal Fulton", "Canal Winchester", "Canfield", "Canton", "Carbon Hill",
+ "Carbondale", "Cardington", "Carey", "Carroll", "Carrollton", "Casstown",
+ "Castalia", "Catawba", "Cecil", "Cedarville", "Celina", "Centerburg",
+ "Chagrin Falls", "Chandlersville", "Chardon", "Charm", "Chatfield", "Chauncey",
+ "Cherry Fork", "Chesapeake", "Cheshire", "Chester", "Chesterhill", "Chesterland",
+ "Chesterville", "Chickasaw", "Chillicothe", "Chilo", "Chippewa Lake",
+ "Christiansburg", "Cincinnati", "Circleville", "Clarington", "Clarksburg",
+ "Clarksville", "Clay Center", "Clayton", "Cleveland", "Cleves", "Clifton",
+ "Clinton", "Cloverdale", "Clyde", "Coal Run", "Coalton", "Coldwater", "Colerain",
+ "College Corner", "Collins", "Collinsville", "Colton", "Columbia Station",
+ "Columbiana", "Columbus", "Columbus Grove", "Commercial Point", "Conesville",
+ "Conneaut", "Conover", "Continental", "Convoy", "Coolville", "Corning", "Cortland",
+ "Coshocton", "Covington", "Creola", "Crestline", "Creston", "Crooksville",
+ "Croton", "Crown City", "Cuba", "Cumberland", "Curtice", "Custar", "Cutler",
+ "Cuyahoga Falls", "Cygnet", "Cynthiana", "Dalton", "Damascus", "Danville",
+ "Dayton", "De Graff", "Decatur", "Deerfield", "Deersville", "Defiance",
+ "Delaware", "Dellroy", "Delphos", "Delta", "Dennison", "Derby", "Derwent",
+ "Deshler", "Dexter City", "Diamond", "Dillonvale", "Dola", "Donnelsville",
+ "Dorset", "Dover", "Doylestown", "Dresden", "Dublin", "Dunbridge", "Duncan Falls",
+ "Dundee", "Dunkirk", "Dupont", "East Claridon", "East Fultonham",
+ "East Liberty", "East Liverpool", "East Palestine", "East Rochester",
+ "East Sparta", "East Springfield", "Eastlake", "Eaton", "Edgerton", "Edison",
+ "Edon", "Eldorado", "Elgin", "Elkton", "Ellsworth", "Elmore", "Elyria",
+ "Empire", "Englewood", "Enon", "Etna", "Euclid", "Evansport", "Fairborn",
+ "Fairfield", "Fairpoint", "Fairview", "Farmdale", "Farmer", "Farmersville",
+ "Fayette", "Fayetteville", "Feesburg", "Felicity", "Findlay", "Flat Rock",
+ "Fleming", "Fletcher", "Flushing", "Forest", "Fort Jennings", "Fort Loramie",
+ "Fort Recovery", "Fostoria", "Fowler", "Frankfort", "Franklin",
+ "Franklin Furnace", "Frazeysburg", "Fredericksburg", "Fredericktown",
+ "Freeport", "Fremont", "Fresno", "Friendship", "Fulton", "Fultonham",
+ "Galena", "Galion", "Gallipolis", "Galloway", "Gambier", "Garrettsville",
+ "Gates Mills", "Geneva", "Genoa", "Georgetown", "Germantown", "Gettysburg",
+ "Gibsonburg", "Girard", "Glandorf", "Glencoe", "Glenford", "Glenmont",
+ "Glouster", "Gnadenhutten", "Gomer", "Goshen", "Grafton", "Grand Rapids",
+ "Grand River", "Granville", "Gratiot", "Gratis", "Graysville", "Graytown",
+ "Green", "Green Camp", "Green Springs", "Greenfield", "Greenford",
+ "Greentown", "Greenville", "Greenwich", "Grelton", "Grove City",
+ "Groveport", "Grover Hill", "Guysville", "Gypsum", "Hallsville",
+ "Hamden", "Hamersville", "Hamilton", "Hamler", "Hammondsville",
+ "Hannibal", "Hanoverton", "Harbor View", "Harlem Springs", "Harpster",
+ "Harrisburg", "Harrison", "Harrisville", "Harrod", "Hartford", "Hartville",
+ "Harveysburg", "Haskins", "Haverhill", "Haviland", "Haydenville", "Hayesville",
+ "Heath", "Hebron", "Helena", "Hicksville", "Higginsport", "Highland", "Hilliard",
+ "Hillsboro", "Hinckley", "Hiram", "Hockingport", "Holgate", "Holland",
+ "Hollansburg", "Holloway", "Holmesville", "Homer", "Homerville", "Homeworth",
+ "Hooven", "Hopedale", "Hopewell", "Houston", "Howard", "Hoytville", "Hubbard",
+ "Hudson", "Huntsburg", "Huntsville", "Huron", "Iberia", "Independence",
+ "Irondale", "Ironton", "Irwin", "Isle Saint George", "Jackson", "Jackson Center",
+ "Jacksontown", "Jacksonville", "Jacobsburg", "Jamestown", "Jasper",
+ "Jefferson", "Jeffersonville", "Jenera", "Jeromesville", "Jerry City",
+ "Jerusalem", "Jewell", "Jewett", "Johnstown", "Junction City", "Kalida",
+ "Kansas", "Keene", "Kelleys Island", "Kensington", "Kent", "Kenton",
+ "Kerr", "Kettlersville", "Kidron", "Kilbourne", "Killbuck", "Kimbolton",
+ "Kings Mills", "Kingston", "Kingsville", "Kinsman", "Kipling", "Kipton",
+ "Kirby", "Kirkersville", "Kitts Hill", "Kunkle", "La Rue", "Lacarne",
+ "Lafayette", "Lafferty", "Lagrange", "Laings", "Lake Milton", "Lakemore",
+ "Lakeside Marblehead", "Lakeview", "Lakeville", "Lakewood", "Lancaster",
+ "Langsville", "Lansing", "Latham", "Latty", "Laura", "Laurelville",
+ "Leavittsburg", "Lebanon", "Lees Creek", "Leesburg", "Leesville",
+ "Leetonia", "Leipsic", "Lemoyne", "Lewis Center", "Lewisburg",
+ "Lewistown", "Lewisville", "Liberty Center", "Lima", "Limaville",
+ "Lindsey", "Lisbon", "Litchfield", "Lithopolis", "Little Hocking",
+ "Lockbourne", "Lodi", "Logan", "London", "Londonderry",
+ "Long Bottom", "Lorain", "Lore City", "Loudonville", "Louisville",
+ "Loveland", "Lowell", "Lowellville", "Lower Salem", "Lucas",
+ "Lucasville", "Luckey", "Ludlow Falls", "Lynchburg", "Lynx",
+ "Lyons", "Macedonia", "Macksburg", "Madison", "Magnetic Springs",
+ "Magnolia", "Maineville", "Malaga", "Malinta", "Malta", "Malvern",
+ "Manchester", "Mansfield", "Mantua", "Maple Heights", "Maplewood",
+ "Marathon", "Marengo", "Maria Stein", "Marietta", "Marion",
+ "Mark Center", "Marshallville", "Martel", "Martin", "Martins Ferry",
+ "Martinsburg", "Martinsville", "Marysville", "Mason", "Massillon",
+ "Masury", "Maumee", "Maximo", "Maynard", "Mc Arthur", "Mc Clure",
+ "Mc Comb", "Mc Connelsville", "Mc Cutchenville", "Mc Dermott",
+ "Mc Donald", "Mc Guffey", "Mechanicsburg", "Mechanicstown",
+ "Medina", "Medway", "Melmore", "Melrose", "Mendon", "Mentor",
+ "Mesopotamia", "Metamora", "Miamisburg", "Miamitown", "Miamiville",
+ "Middle Bass", "Middle Point", "Middlebranch", "Middleburg",
+ "Middlefield", "Middleport", "Middletown", "Midland", "Midvale",
+ "Milan", "Milford", "Milford Center", "Millbury", "Milledgeville",
+ "Miller City", "Millersburg", "Millersport", "Millfield",
+ "Milton Center", "Mineral City", "Mineral Ridge", "Minerva",
+ "Minford", "Mingo", "Mingo Junction", "Minster", "Mogadore",
+ "Monclova", "Monroe", "Monroeville", "Montezuma", "Montpelier",
+ "Montville", "Morral", "Morristown", "Morrow", "Moscow",
+ "Mount Blanchard", "Mount Cory", "Mount Eaton", "Mount Gilead",
+ "Mount Hope", "Mount Liberty", "Mount Orab", "Mount Perry",
+ "Mount Pleasant", "Mount Saint Joseph", "Mount Sterling",
+ "Mount Vernon", "Mount Victory", "Mowrystown", "Moxahala",
+ "Munroe Falls", "Murray City", "Nankin", "Napoleon", "Nashport",
+ "Nashville", "Navarre", "Neapolis", "Neffs", "Negley",
+ "Nelsonville", "Nevada", "Neville", "New Albany", "New Athens",
+ "New Bavaria", "New Bloomington", "New Bremen", "New Carlisle",
+ "New Concord", "New Hampshire", "New Haven", "New Holland",
+ "New Knoxville", "New Lebanon", "New Lexington", "New London",
+ "New Madison", "New Marshfield", "New Matamoras", "New Middletown",
+ "New Paris", "New Philadelphia", "New Plymouth", "New Richmond",
+ "New Riegel", "New Rumley", "New Springfield", "New Straitsville",
+ "New Vienna", "New Washington", "New Waterford", "New Weston",
+ "Newark", "Newbury", "Newcomerstown", "Newport", "Newton Falls",
+ "Newtonsville", "Ney", "Niles", "North Baltimore", "North Bend",
+ "North Benton", "North Bloomfield", "North Fairfield",
+ "North Georgetown", "North Hampton", "North Jackson",
+ "North Kingsville", "North Lawrence", "North Lewisburg",
+ "North Lima", "North Olmsted", "North Ridgeville", "North Robinson",
+ "North Royalton", "North Star", "Northfield", "Northwood", "Norwalk",
+ "Norwich", "Nova", "Novelty", "Oak Harbor", "Oak Hill", "Oakwood",
+ "Oberlin", "Oceola", "Ohio City", "Okeana", "Okolona", "Old Fort",
+ "Old Washington", "Olmsted Falls", "Ontario", "Orangeville",
+ "Oregon", "Oregonia", "Orient", "Orrville", "Orwell", "Osgood",
+ "Ostrander", "Ottawa", "Ottoville", "Otway", "Overpeck",
+ "Owensville", "Oxford", "Painesville", "Palestine", "Pandora",
+ "Paris", "Parkman", "Pataskala", "Patriot", "Paulding", "Payne",
+ "Pedro", "Peebles", "Pemberton", "Pemberville", "Peninsula",
+ "Perry", "Perrysburg", "Perrysville", "Petersburg", "Pettisville",
+ "Phillipsburg", "Philo", "Pickerington", "Piedmont", "Pierpont",
+ "Piketon", "Piney Fork", "Pioneer", "Piqua", "Pitsburg",
+ "Plain City", "Plainfield", "Pleasant City", "Pleasant Hill",
+ "Pleasant Plain", "Pleasantville", "Plymouth", "Polk",
+ "Pomeroy", "Port Clinton", "Port Jefferson", "Port Washington",
+ "Port William", "Portage", "Portland", "Portsmouth", "Potsdam",
+ "Powell", "Powhatan Point", "Proctorville", "Prospect", "Put in Bay",
+ "Quaker City", "Quincy", "Racine", "Radnor", "Randolph", "Rarden",
+ "Ravenna", "Rawson", "Ray", "Rayland", "Raymond", "Reedsville",
+ "Reesville", "Reno", "Republic", "Reynoldsburg", "Richfield",
+ "Richmond", "Richmond Dale", "Richwood", "Ridgeville Corners",
+ "Ridgeway", "Rio Grande", "Ripley", "Risingsun", "Rittman",
+ "Robertsville", "Rock Camp", "Rock Creek", "Rockbridge", "Rockford",
+ "Rocky Ridge", "Rocky River", "Rogers", "Rome", "Rootstown", "Roseville",
+ "Rosewood", "Ross", "Rossburg", "Rossford", "Roundhead", "Rudolph",
+ "Rushsylvania", "Rushville", "Russells Point", "Russellville", "Russia",
+ "Rutland", "Sabina", "Saint Clairsville", "Saint Henry", "Saint Johns",
+ "Saint Louisville", "Saint Marys", "Saint Paris", "Salem", "Salesville",
+ "Salineville", "Sandusky", "Sandyville", "Sarahsville", "Sardinia",
+ "Sardis", "Savannah", "Scio", "Scioto Furnace", "Scott", "Scottown",
+ "Seaman", "Sebring", "Sedalia", "Senecaville", "Seven Mile", "Seville",
+ "Shade", "Shadyside", "Shandon", "Sharon Center", "Sharpsburg",
+ "Shauck", "Shawnee", "Sheffield Lake", "Shelby", "Sherrodsville",
+ "Sherwood", "Shiloh", "Short Creek", "Shreve", "Sidney", "Sinking Spring",
+ "Smithfield", "Smithville", "Solon", "Somerdale", "Somerset",
+ "Somerville", "South Bloomingville", "South Charleston", "South Lebanon",
+ "South Point", "South Salem", "South Solon", "South Vienna",
+ "South Webster", "Southington", "Sparta", "Spencer", "Spencerville",
+ "Spring Valley", "Springboro", "Springfield", "Stafford", "Sterling",
+ "Steubenville", "Stewart", "Stillwater", "Stockdale", "Stockport",
+ "Stone Creek", "Stony Ridge", "Stout", "Stoutsville", "Stow", "Strasburg",
+ "Stratton", "Streetsboro", "Strongsville", "Struthers", "Stryker",
+ "Sugar Grove", "Sugarcreek", "Sullivan", "Sulphur Springs", "Summerfield",
+ "Summit Station", "Summitville", "Sunbury", "Swanton", "Sycamore",
+ "Sycamore Valley", "Sylvania", "Syracuse", "Tallmadge", "Tarlton",
+ "Terrace Park", "The Plains", "Thompson", "Thornville", "Thurman",
+ "Thurston", "Tiffin", "Tiltonsville", "Tipp City", "Tippecanoe", "Tiro",
+ "Toledo", "Tontogany", "Torch", "Toronto", "Tremont City", "Trenton",
+ "Trimble", "Trinway", "Troy", "Tuppers Plains", "Tuscarawas", "Twinsburg",
+ "Uhrichsville", "Union City", "Union Furnace", "Unionport", "Uniontown",
+ "Unionville", "Unionville Center", "Uniopolis", "Upper Sandusky", "Urbana",
+ "Utica", "Valley City", "Van Buren", "Van Wert", "Vandalia", "Vanlue",
+ "Vaughnsville", "Venedocia", "Vermilion", "Verona", "Versailles",
+ "Vickery", "Vienna", "Vincent", "Vinton", "Wadsworth", "Wakefield",
+ "Wakeman", "Walbridge", "Waldo", "Walhonding", "Walnut Creek", "Wapakoneta",
+ "Warnock", "Warren", "Warsaw", "Washington Court House",
+ "Washingtonville", "Waterford", "Waterloo", "Watertown", "Waterville",
+ "Wauseon", "Waverly", "Wayland", "Wayne", "Waynesburg", "Waynesfield",
+ "Waynesville", "Wellington", "Wellston", "Wellsville", "West Alexandria",
+ "West Chester", "West Elkton", "West Farmington", "West Jefferson",
+ "West Lafayette", "West Liberty", "West Manchester", "West Mansfield",
+ "West Millgrove", "West Milton", "West Point", "West Portsmouth",
+ "West Rushville", "West Salem", "West Union", "West Unity", "Westerville",
+ "Westfield Center", "Westlake", "Weston", "Westville", "Wharton",
+ "Wheelersburg", "Whipple", "White Cottage", "Whitehouse", "Wickliffe",
+ "Wilberforce", "Wilkesville", "Willard", "Williamsburg", "Williamsfield",
+ "Williamsport", "Williamstown", "Williston", "Willoughby", "Willow Wood",
+ "Willshire", "Wilmington", "Wilmot", "Winchester", "Windham", "Windsor",
+ "Winesburg", "Wingett Run", "Winona", "Wolf Run", "Woodsfield",
+ "Woodstock", "Woodville", "Wooster", "Wren", "Xenia", "Yellow Springs",
+ "Yorkshire", "Yorkville", "Youngstown", "Zaleski", "Zanesfield", "Zanesville",
+ "Zoar"
+];
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/main.css b/plugins/Autocomplete/jquery-autocomplete/demo/main.css new file mode 100644 index 000000000..b502a8a1a --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/main.css @@ -0,0 +1,53 @@ +body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0} +table{border-collapse:collapse;border-spacing:0} +fieldset,img{border:0} +address,caption,cite,code,dfn,th,var{font-style:normal;font-weight:normal} +ol,ul{list-style:none} +caption,th{text-align:left} +h1,h2,h3,h4,h5,h6{font-size:100%;font-style:normal;font-weight:normal} +q:before,q:after{content:''} +body{font:13px arial,helvetica,clean,sans-serif;font-size:small;} +select,input,textarea{font:99% arial,helvetica,clean,sans-serif} +pre,code{font:115% monospace;font-size:100%} +body * {line-height:1.22em} +body { + color: #202020; +} + +h1 { + color: #fff; + background: #06b; + padding: 10px; + font-size: 200%; +} + +h2 { + color: #000; + font-size: 150%; + padding: 10px 0; +} + +h3 { + color: #000; + font-size: 120%; + padding: 10px 0; +} + +ul { + list-style: disc inside; + margin-left: 1em; +} + +#content { + padding: 10px; +} + +label { + float: left; + width: 12em; +} +input[type=text] { width: 15em; }
+
+#banner { padding: 15px; background-color: #06b; color: white; font-size: large; border-bottom: 1px solid #ccc;
+ background: url(bg.gif) repeat-x; text-align: center }
+#banner a { color: white; }
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/search.php b/plugins/Autocomplete/jquery-autocomplete/demo/search.php new file mode 100644 index 000000000..03c0c0eab --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/search.php @@ -0,0 +1,578 @@ +<?php + +$q = strtolower($_GET["q"]); +if (!$q) return; +$items = array( +"Great <em>Bittern</em>"=>"Botaurus stellaris", +"Little <em>Grebe</em>"=>"Tachybaptus ruficollis", +"Black-necked Grebe"=>"Podiceps nigricollis", +"Little Bittern"=>"Ixobrychus minutus", +"Black-crowned Night Heron"=>"Nycticorax nycticorax", +"Purple Heron"=>"Ardea purpurea", +"White Stork"=>"Ciconia ciconia", +"Spoonbill"=>"Platalea leucorodia", +"Red-crested Pochard"=>"Netta rufina", +"Common Eider"=>"Somateria mollissima", +"Red Kite"=>"Milvus milvus", +"Hen Harrier"=>"Circus cyaneus", +"Montagu`s Harrier"=>"Circus pygargus", +"Black Grouse"=>"Tetrao tetrix", +"Grey Partridge"=>"Perdix perdix", +"Spotted Crake"=>"Porzana porzana", +"Corncrake"=>"Crex crex", +"Common Crane"=>"Grus grus", +"Avocet"=>"Recurvirostra avosetta", +"Stone Curlew"=>"Burhinus oedicnemus", +"Common Ringed Plover"=>"Charadrius hiaticula", +"Kentish Plover"=>"Charadrius alexandrinus", +"Ruff"=>"Philomachus pugnax", +"Common Snipe"=>"Gallinago gallinago", +"Black-tailed Godwit"=>"Limosa limosa", +"Common Redshank"=>"Tringa totanus", +"Sandwich Tern"=>"Sterna sandvicensis", +"Common Tern"=>"Sterna hirundo", +"Arctic Tern"=>"Sterna paradisaea", +"Little Tern"=>"Sternula albifrons", +"Black Tern"=>"Chlidonias niger", +"Barn Owl"=>"Tyto alba", +"Little Owl"=>"Athene noctua", +"Short-eared Owl"=>"Asio flammeus", +"European Nightjar"=>"Caprimulgus europaeus", +"Common Kingfisher"=>"Alcedo atthis", +"Eurasian Hoopoe"=>"Upupa epops", +"Eurasian Wryneck"=>"Jynx torquilla", +"European Green Woodpecker"=>"Picus viridis", +"Crested Lark"=>"Galerida cristata", +"White-headed Duck"=>"Oxyura leucocephala", +"Pale-bellied Brent Goose"=>"Branta hrota", +"Tawny Pipit"=>"Anthus campestris", +"Whinchat"=>"Saxicola rubetra", +"European Stonechat"=>"Saxicola rubicola", +"Northern Wheatear"=>"Oenanthe oenanthe", +"Savi`s Warbler"=>"Locustella luscinioides", +"Sedge Warbler"=>"Acrocephalus schoenobaenus", +"Great Reed Warbler"=>"Acrocephalus arundinaceus", +"Bearded Reedling"=>"Panurus biarmicus", +"Red-backed Shrike"=>"Lanius collurio", +"Great Grey Shrike"=>"Lanius excubitor", +"Woodchat Shrike"=>"Lanius senator", +"Common Raven"=>"Corvus corax", +"Yellowhammer"=>"Emberiza citrinella", +"Ortolan Bunting"=>"Emberiza hortulana", +"Corn Bunting"=>"Emberiza calandra", +"Great Cormorant"=>"Phalacrocorax carbo", +"Hawfinch"=>"Coccothraustes coccothraustes", +"Common Shelduck"=>"Tadorna tadorna", +"Bluethroat"=>"Luscinia svecica", +"Grey Heron"=>"Ardea cinerea", +"Barn Swallow"=>"Hirundo rustica", +"Hooded Crow"=>"Corvus cornix", +"Dunlin"=>"Calidris alpina", +"Eurasian Pied Flycatcher"=>"Ficedula hypoleuca", +"Eurasian Nuthatch"=>"Sitta europaea", +"Short-toed Tree Creeper"=>"Certhia brachydactyla", +"Wood Lark"=>"Lullula arborea", +"Tree Pipit"=>"Anthus trivialis", +"Eurasian Hobby"=>"Falco subbuteo", +"Marsh Warbler"=>"Acrocephalus palustris", +"Wood Sandpiper"=>"Tringa glareola", +"Tawny Owl"=>"Strix aluco", +"Lesser Whitethroat"=>"Sylvia curruca", +"Barnacle Goose"=>"Branta leucopsis", +"Common Goldeneye"=>"Bucephala clangula", +"Western Marsh Harrier"=>"Circus aeruginosus", +"Common Buzzard"=>"Buteo buteo", +"Sanderling"=>"Calidris alba", +"Little Gull"=>"Larus minutus", +"Eurasian Magpie"=>"Pica pica", +"Willow Warbler"=>"Phylloscopus trochilus", +"Wood Warbler"=>"Phylloscopus sibilatrix", +"Great Crested Grebe"=>"Podiceps cristatus", +"Eurasian Jay"=>"Garrulus glandarius", +"Common Redstart"=>"Phoenicurus phoenicurus", +"Blue-headed Wagtail"=>"Motacilla flava", +"Common Swift"=>"Apus apus", +"Marsh Tit"=>"Poecile palustris", +"Goldcrest"=>"Regulus regulus", +"European Golden Plover"=>"Pluvialis apricaria", +"Eurasian Bullfinch"=>"Pyrrhula pyrrhula", +"Common Whitethroat"=>"Sylvia communis", +"Meadow Pipit"=>"Anthus pratensis", +"Greylag Goose"=>"Anser anser", +"Spotted Flycatcher"=>"Muscicapa striata", +"European Greenfinch"=>"Carduelis chloris", +"Common Greenshank"=>"Tringa nebularia", +"Great Spotted Woodpecker"=>"Dendrocopos major", +"Greater Canada Goose"=>"Branta canadensis", +"Mistle Thrush"=>"Turdus viscivorus", +"Great Black-backed Gull"=>"Larus marinus", +"Goosander"=>"Mergus merganser", +"Great Egret"=>"Casmerodius albus", +"Northern Goshawk"=>"Accipiter gentilis", +"Dunnock"=>"Prunella modularis", +"Stock Dove"=>"Columba oenas", +"Common Wood Pigeon"=>"Columba palumbus", +"Eurasian Woodcock"=>"Scolopax rusticola", +"House Sparrow"=>"Passer domesticus", +"Common House Martin"=>"Delichon urbicum", +"Red Knot"=>"Calidris canutus", +"Western Jackdaw"=>"Corvus monedula", +"Brambling"=>"Fringilla montifringilla", +"Northern Lapwing"=>"Vanellus vanellus", +"European Reed Warbler"=>"Acrocephalus scirpaceus", +"Lesser Black-backed Gull"=>"Larus fuscus", +"Little Egret"=>"Egretta garzetta", +"Little Stint"=>"Calidris minuta", +"Common Linnet"=>"Carduelis cannabina", +"Mute Swan"=>"Cygnus olor", +"Common Cuckoo"=>"Cuculus canorus", +"Black-headed Gull"=>"Larus ridibundus", +"Greater White-fronted Goose"=>"Anser albifrons", +"Great Tit"=>"Parus major", +"Redwing"=>"Turdus iliacus", +"Gadwall"=>"Anas strepera", +"Fieldfare"=>"Turdus pilaris", +"Tufted Duck"=>"Aythya fuligula", +"Crested Tit"=>"Lophophanes cristatus", +"Willow Tit"=>"Poecile montanus", +"Eurasian Coot"=>"Fulica atra", +"Common Blackbird"=>"Turdus merula", +"Smew"=>"Mergus albellus", +"Common Sandpiper"=>"Actitis hypoleucos", +"Sand Martin"=>"Riparia riparia", +"Purple Sandpiper"=>"Calidris maritima", +"Northern Pintail"=>"Anas acuta", +"Blue Tit"=>"Cyanistes caeruleus", +"European Goldfinch"=>"Carduelis carduelis", +"Eurasian Whimbrel"=>"Numenius phaeopus", +"Common Reed Bunting"=>"Emberiza schoeniclus", +"Eurasian Tree Sparrow"=>"Passer montanus", +"Rook"=>"Corvus frugilegus", +"European Robin"=>"Erithacus rubecula", +"Bar-tailed Godwit"=>"Limosa lapponica", +"Dark-bellied Brent Goose"=>"Branta bernicla", +"Eurasian Oystercatcher"=>"Haematopus ostralegus", +"Eurasian Siskin"=>"Carduelis spinus", +"Northern Shoveler"=>"Anas clypeata", +"Eurasian Wigeon"=>"Anas penelope", +"Eurasian Sparrow Hawk"=>"Accipiter nisus", +"Icterine Warbler"=>"Hippolais icterina", +"Common Starling"=>"Sturnus vulgaris", +"Long-tailed Tit"=>"Aegithalos caudatus", +"Ruddy Turnstone"=>"Arenaria interpres", +"Mew Gull"=>"Larus canus", +"Common Pochard"=>"Aythya ferina", +"Common Chiffchaff"=>"Phylloscopus collybita", +"Greater Scaup"=>"Aythya marila", +"Common Kestrel"=>"Falco tinnunculus", +"Garden Warbler"=>"Sylvia borin", +"Eurasian Collared Dove"=>"Streptopelia decaocto", +"Eurasian Skylark"=>"Alauda arvensis", +"Common Chaffinch"=>"Fringilla coelebs", +"Common Moorhen"=>"Gallinula chloropus", +"Water Pipit"=>"Anthus spinoletta", +"Mallard"=>"Anas platyrhynchos", +"Winter Wren"=>"Troglodytes troglodytes", +"Common Teal"=>"Anas crecca", +"Green Sandpiper"=>"Tringa ochropus", +"White Wagtail"=>"Motacilla alba", +"Eurasian Curlew"=>"Numenius arquata", +"Song Thrush"=>"Turdus philomelos", +"European Herring Gull"=>"Larus argentatus", +"Grey Plover"=>"Pluvialis squatarola", +"Carrion Crow"=>"Corvus corone", +"Coal Tit"=>"Periparus ater", +"Spotted Redshank"=>"Tringa erythropus", +"Blackcap"=>"Sylvia atricapilla", +"Egyptian Vulture"=>"Neophron percnopterus", +"Razorbill"=>"Alca torda", +"Alpine Swift"=>"Apus melba", +"Long-legged Buzzard"=>"Buteo rufinus", +"Audouin`s Gull"=>"Larus audouinii", +"Balearic Shearwater"=>"Puffinus mauretanicus", +"Upland Sandpiper"=>"Bartramia longicauda", +"Greater Spotted Eagle"=>"Aquila clanga", +"Ring Ouzel"=>"Turdus torquatus", +"Yellow-browed Warbler"=>"Phylloscopus inornatus", +"Blue Rock Thrush"=>"Monticola solitarius", +"Buff-breasted Sandpiper"=>"Tryngites subruficollis", +"Jack Snipe"=>"Lymnocryptes minimus", +"White-rumped Sandpiper"=>"Calidris fuscicollis", +"Ruddy Shelduck"=>"Tadorna ferruginea", +"Cetti's Warbler"=>"Cettia cetti", +"Citrine Wagtail"=>"Motacilla citreola", +"Roseate Tern"=>"Sterna dougallii", +"Black-legged Kittiwake"=>"Rissa tridactyla", +"Pygmy Cormorant"=>"Phalacrocorax pygmeus", +"Booted Eagle"=>"Aquila pennata", +"Lesser White-fronted Goose"=>"Anser erythropus", +"Little Bunting"=>"Emberiza pusilla", +"Eleonora's Falcon"=>"Falco eleonorae", +"European Serin"=>"Serinus serinus", +"Twite"=>"Carduelis flavirostris", +"Yellow-legged Gull"=>"Larus michahellis", +"Gyr Falcon"=>"Falco rusticolus", +"Greenish Warbler"=>"Phylloscopus trochiloides", +"Red-necked Phalarope"=>"Phalaropus lobatus", +"Mealy Redpoll"=>"Carduelis flammea", +"Glaucous Gull"=>"Larus hyperboreus", +"Great Skua"=>"Stercorarius skua", +"Great Bustard"=>"Otis tarda", +"Velvet Scoter"=>"Melanitta fusca", +"Pine Grosbeak"=>"Pinicola enucleator", +"House Crow"=>"Corvus splendens", +"Hume`s Leaf Warbler"=>"Phylloscopus humei", +"Great Northern Loon"=>"Gavia immer", +"Long-tailed Duck"=>"Clangula hyemalis", +"Lapland Longspur"=>"Calcarius lapponicus", +"Northern Gannet"=>"Morus bassanus", +"Eastern Imperial Eagle"=>"Aquila heliaca", +"Little Auk"=>"Alle alle", +"Lesser Spotted Woodpecker"=>"Dendrocopos minor", +"Iceland Gull"=>"Larus glaucoides", +"Parasitic Jaeger"=>"Stercorarius parasiticus", +"Bewick`s Swan"=>"Cygnus bewickii", +"Little Bustard"=>"Tetrax tetrax", +"Little Crake"=>"Porzana parva", +"Baillon`s Crake"=>"Porzana pusilla", +"Long-tailed Jaeger"=>"Stercorarius longicaudus", +"King Eider"=>"Somateria spectabilis", +"Greater Short-toed Lark"=>"Calandrella brachydactyla", +"Houbara Bustard"=>"Chlamydotis undulata", +"Curlew Sandpiper"=>"Calidris ferruginea", +"Common Crossbill"=>"Loxia curvirostra", +"European Shag"=>"Phalacrocorax aristotelis", +"Horned Grebe"=>"Podiceps auritus", +"Common Quail"=>"Coturnix coturnix", +"Bearded Vulture"=>"Gypaetus barbatus", +"Lanner Falcon"=>"Falco biarmicus", +"Middle Spotted Woodpecker"=>"Dendrocopos medius", +"Pomarine Jaeger"=>"Stercorarius pomarinus", +"Red-breasted Merganser"=>"Mergus serrator", +"Eurasian Black Vulture"=>"Aegypius monachus", +"Eurasian Dotterel"=>"Charadrius morinellus", +"Common Nightingale"=>"Luscinia megarhynchos", +"Northern willow warbler"=>"Phylloscopus trochilus acredula", +"Manx Shearwater"=>"Puffinus puffinus", +"Northern Fulmar"=>"Fulmarus glacialis", +"Eurasian Eagle Owl"=>"Bubo bubo", +"Orphean Warbler"=>"Sylvia hortensis", +"Melodious Warbler"=>"Hippolais polyglotta", +"Pallas's Leaf Warbler"=>"Phylloscopus proregulus", +"Atlantic Puffin"=>"Fratercula arctica", +"Black-throated Loon"=>"Gavia arctica", +"Bohemian Waxwing"=>"Bombycilla garrulus", +"Marsh Sandpiper"=>"Tringa stagnatilis", +"Great Snipe"=>"Gallinago media", +"Squacco Heron"=>"Ardeola ralloides", +"Long-eared Owl"=>"Asio otus", +"Caspian Tern"=>"Hydroprogne caspia", +"Red-breasted Goose"=>"Branta ruficollis", +"Red-throated Loon"=>"Gavia stellata", +"Common Rosefinch"=>"Carpodacus erythrinus", +"Red-footed Falcon"=>"Falco vespertinus", +"Ross's Goose"=>"Anser rossii", +"Red Phalarope"=>"Phalaropus fulicarius", +"Pied Wagtail"=>"Motacilla yarrellii", +"Rose-coloured Starling"=>"Sturnus roseus", +"Rough-legged Buzzard"=>"Buteo lagopus", +"Saker Falcon"=>"Falco cherrug", +"European Roller"=>"Coracias garrulus", +"Short-toed Eagle"=>"Circaetus gallicus", +"Peregrine Falcon"=>"Falco peregrinus", +"Merlin"=>"Falco columbarius", +"Snow Goose"=>"Anser caerulescens", +"Snowy Owl"=>"Bubo scandiacus", +"Snow Bunting"=>"Plectrophenax nivalis", +"Common Grasshopper Warbler"=>"Locustella naevia", +"Golden Eagle"=>"Aquila chrysaetos", +"Black-winged Stilt"=>"Himantopus himantopus", +"Steppe Eagle"=>"Aquila nipalensis", +"Pallid Harrier"=>"Circus macrourus", +"European Storm-petrel"=>"Hydrobates pelagicus", +"Horned Lark"=>"Eremophila alpestris", +"Eurasian Treecreeper"=>"Certhia familiaris", +"Taiga Bean Goose"=>"Anser fabalis", +"Temminck`s Stint"=>"Calidris temminckii", +"Terek Sandpiper"=>"Xenus cinereus", +"Tundra Bean Goose"=>"Anser serrirostris", +"European Turtle Dove"=>"Streptopelia turtur", +"Leach`s Storm-petrel"=>"Oceanodroma leucorhoa", +"Eurasian Griffon Vulture"=>"Gyps fulvus", +"Paddyfield Warbler"=>"Acrocephalus agricola", +"Osprey"=>"Pandion haliaetus", +"Firecrest"=>"Regulus ignicapilla", +"Water Rail"=>"Rallus aquaticus", +"European Honey Buzzard"=>"Pernis apivorus", +"Eurasian Golden Oriole"=>"Oriolus oriolus", +"Whooper Swan"=>"Cygnus cygnus", +"Two-barred Crossbill"=>"Loxia leucoptera", +"White-tailed Eagle"=>"Haliaeetus albicilla", +"Atlantic Murre"=>"Uria aalge", +"Garganey"=>"Anas querquedula", +"Black Redstart"=>"Phoenicurus ochruros", +"Common Scoter"=>"Melanitta nigra", +"Rock Pipit"=>"Anthus petrosus", +"Lesser Spotted Eagle"=>"Aquila pomarina", +"Cattle Egret"=>"Bubulcus ibis", +"White-winged Black Tern"=>"Chlidonias leucopterus", +"Black Stork"=>"Ciconia nigra", +"Mediterranean Gull"=>"Larus melanocephalus", +"Black Kite"=>"Milvus migrans", +"Yellow Wagtail"=>"Motacilla flavissima", +"Red-necked Grebe"=>"Podiceps grisegena", +"Gull-billed Tern"=>"Gelochelidon nilotica", +"Pectoral Sandpiper"=>"Calidris melanotos", +"Barred Warbler"=>"Sylvia nisoria", +"Red-throated Pipit"=>"Anthus cervinus", +"Grey Wagtail"=>"Motacilla cinerea", +"Richard`s Pipit"=>"Anthus richardi", +"Black Woodpecker"=>"Dryocopus martius", +"Little Ringed Plover"=>"Charadrius dubius", +"Whiskered Tern"=>"Chlidonias hybrida", +"Lesser Redpoll"=>"Carduelis cabaret", +"Pallas' Bunting"=>"Emberiza pallasi", +"Ferruginous Duck"=>"Aythya nyroca", +"Whistling Swan"=>"Cygnus columbianus", +"Black Brant"=>"Branta nigricans", +"Marbled Teal"=>"Marmaronetta angustirostris", +"Canvasback"=>"Aythya valisineria", +"Redhead"=>"Aythya americana", +"Lesser Scaup"=>"Aythya affinis", +"Steller`s Eider"=>"Polysticta stelleri", +"Spectacled Eider"=>"Somateria fischeri", +"Harlequin Duck"=>"Histronicus histrionicus", +"Black Scoter"=>"Melanitta americana", +"Surf Scoter"=>"Melanitta perspicillata", +"Barrow`s Goldeneye"=>"Bucephala islandica", +"Falcated Duck"=>"Anas falcata", +"American Wigeon"=>"Anas americana", +"Blue-winged Teal"=>"Anas discors", +"American Black Duck"=>"Anas rubripes", +"Baikal Teal"=>"Anas formosa", +"Green-Winged Teal"=>"Anas carolinensis", +"Hazel Grouse"=>"Bonasa bonasia", +"Rock Partridge"=>"Alectoris graeca", +"Red-legged Partridge"=>"Alectoris rufa", +"Yellow-billed Loon"=>"Gavia adamsii", +"Cory`s Shearwater"=>"Calonectris borealis", +"Madeiran Storm-Petrel"=>"Oceanodroma castro", +"Great White Pelican"=>"Pelecanus onocrotalus", +"Dalmatian Pelican"=>"Pelecanus crispus", +"American Bittern"=>"Botaurus lentiginosus", +"Glossy Ibis"=>"Plegadis falcinellus", +"Spanish Imperial Eagle"=>"Aquila adalberti", +"Lesser Kestrel"=>"Falco naumanni", +"Houbara Bustard"=>"Chlamydotis undulata", +"Crab-Plover"=>"Dromas ardeola", +"Cream-coloured Courser"=>"Cursorius cursor", +"Collared Pratincole"=>"Glareola pratincola", +"Black-winged Pratincole"=>"Glareola nordmanni", +"Killdeer"=>"Charadrius vociferus", +"Lesser Sand Plover"=>"Charadrius mongolus", +"Greater Sand Plover"=>"Charadrius leschenaultii", +"Caspian Plover"=>"Charadrius asiaticus", +"American Golden Plover"=>"Pluvialis dominica", +"Pacific Golden Plover"=>"Pluvialis fulva", +"Sharp-tailed Sandpiper"=>"Calidris acuminata", +"Broad-billed Sandpiper"=>"Limicola falcinellus", +"Spoon-Billed Sandpiper"=>"Eurynorhynchus pygmaeus", +"Short-Billed Dowitcher"=>"Limnodromus griseus", +"Long-billed Dowitcher"=>"Limnodromus scolopaceus", +"Hudsonian Godwit"=>"Limosa haemastica", +"Little Curlew"=>"Numenius minutus", +"Lesser Yellowlegs"=>"Tringa flavipes", +"Wilson`s Phalarope"=>"Phalaropus tricolor", +"Pallas`s Gull"=>"Larus ichthyaetus", +"Laughing Gull"=>"Larus atricilla", +"Franklin`s Gull"=>"Larus pipixcan", +"Bonaparte`s Gull"=>"Larus philadelphia", +"Ring-billed Gull"=>"Larus delawarensis", +"American Herring Gull"=>"Larus smithsonianus", +"Caspian Gull"=>"Larus cachinnans", +"Ivory Gull"=>"Pagophila eburnea", +"Royal Tern"=>"Sterna maxima", +"Brünnich`s Murre"=>"Uria lomvia", +"Crested Auklet"=>"Aethia cristatella", +"Parakeet Auklet"=>"Cyclorrhynchus psittacula", +"Tufted Puffin"=>"Lunda cirrhata", +"Laughing Dove"=>"Streptopelia senegalensis", +"Great Spotted Cuckoo"=>"Clamator glandarius", +"Great Grey Owl"=>"Strix nebulosa", +"Tengmalm`s Owl"=>"Aegolius funereus", +"Red-Necked Nightjar"=>"Caprimulgus ruficollis", +"Chimney Swift"=>"Chaetura pelagica", +"Green Bea-Eater"=>"Merops orientalis", +"Grey-headed Woodpecker"=>"Picus canus", +"Lesser Short-Toed Lark"=>"Calandrella rufescens", +"Eurasian Crag Martin"=>"Hirundo rupestris", +"Red-rumped Swallow"=>"Cecropis daurica", +"Blyth`s Pipit"=>"Anthus godlewskii", +"Pechora Pipit"=>"Anthus gustavi", +"Grey-headed Wagtail"=>"Motacilla thunbergi", +"Yellow-Headed Wagtail"=>"Motacilla lutea", +"White-throated Dipper"=>"Cinclus cinclus", +"Rufous-Tailed Scrub Robin"=>"Cercotrichas galactotes", +"Thrush Nightingale"=>"Luscinia luscinia", +"White-throated Robin"=>"Irania gutturalis", +"Caspian Stonechat"=>"Saxicola maura variegata", +"Western Black-eared Wheatear"=>"Oenanthe hispanica", +"Rufous-tailed Rock Thrush"=>"Monticola saxatilis", +"Red-throated Thrush/Black-throated"=>"Turdus ruficollis", +"American Robin"=>"Turdus migratorius", +"Zitting Cisticola"=>"Cisticola juncidis", +"Lanceolated Warbler"=>"Locustella lanceolata", +"River Warbler"=>"Locustella fluviatilis", +"Blyth`s Reed Warbler"=>"Acrocephalus dumetorum", +"Caspian Reed Warbler"=>"Acrocephalus fuscus", +"Aquatic Warbler"=>"Acrocephalus paludicola", +"Booted Warbler"=>"Acrocephalus caligatus", +"Marmora's Warbler"=>"Sylvia sarda", +"Dartford Warbler"=>"Sylvia undata", +"Subalpine Warbler"=>"Sylvia cantillans", +"Ménétries's Warbler"=>"Sylvia mystacea", +"Rüppel's Warbler"=>"Sylvia rueppelli", +"Asian Desert Warbler"=>"Sylvia nana", +"Western Orphean Warbler"=>"Sylvia hortensis hortensis", +"Arctic Warbler"=>"Phylloscopus borealis", +"Radde`s Warbler"=>"Phylloscopus schwarzi", +"Western Bonelli`s Warbler"=>"Phylloscopus bonelli", +"Red-breasted Flycatcher"=>"Ficedula parva", +"Eurasian Penduline Tit"=>"Remiz pendulinus", +"Daurian Shrike"=>"Lanius isabellinus", +"Long-Tailed Shrike"=>"Lanius schach", +"Lesser Grey Shrike"=>"Lanius minor", +"Southern Grey Shrike"=>"Lanius meridionalis", +"Masked Shrike"=>"Lanius nubicus", +"Spotted Nutcracker"=>"Nucifraga caryocatactes", +"Daurian Jackdaw"=>"Corvus dauuricus", +"Purple-Backed Starling"=>"Sturnus sturninus", +"Red-Fronted Serin"=>"Serinus pusillus", +"Arctic Redpoll"=>"Carduelis hornemanni", +"Scottish Crossbill"=>"Loxia scotica", +"Parrot Crossbill"=>"Loxia pytyopsittacus", +"Black-faced Bunting"=>"Emberiza spodocephala", +"Pink-footed Goose"=>"Anser brachyrhynchus", +"Black-winged Kite"=>"Elanus caeruleus", +"European Bee-eater"=>"Merops apiaster", +"Sabine`s Gull"=>"Larus sabini", +"Sooty Shearwater"=>"Puffinus griseus", +"Lesser Canada Goose"=>"Branta hutchinsii", +"Ring-necked Duck"=>"Aythya collaris", +"Greater Flamingo"=>"Phoenicopterus roseus", +"Iberian Chiffchaff"=>"Phylloscopus ibericus", +"Ashy-headed Wagtail"=>"Motacilla cinereocapilla", +"Stilt Sandpiper"=>"Calidris himantopus", +"Siberian Stonechat"=>"Saxicola maurus", +"Greater Yellowlegs"=>"Tringa melanoleuca", +"Forster`s Tern"=>"Sterna forsteri", +"Dusky Warbler"=>"Phylloscopus fuscatus", +"Cirl Bunting"=>"Emberiza cirlus", +"Olive-backed Pipit"=>"Anthus hodgsoni", +"Sociable Lapwing"=>"Vanellus gregarius", +"Spotted Sandpiper"=>"Actitis macularius", +"Baird`s Sandpiper"=>"Calidris bairdii", +"Rustic Bunting"=>"Emberiza rustica", +"Yellow-browed Bunting"=>"Emberiza chrysophrys", +"Great Shearwater"=>"Puffinus gravis", +"Bonelli`s Eagle"=>"Aquila fasciata", +"Calandra Lark"=>"Melanocorypha calandra", +"Sardinian Warbler"=>"Sylvia melanocephala", +"Ross's Gull"=>"Larus roseus", +"Yellow-Breasted Bunting"=>"Emberiza aureola", +"Pine Bunting"=>"Emberiza leucocephalos", +"Black Guillemot"=>"Cepphus grylle", +"Pied-billed Grebe"=>"Podilymbus podiceps", +"Soft-plumaged Petrel"=>"Pterodroma mollis", +"Bulwer's Petrel"=>"Bulweria bulwerii", +"White-Faced Storm-Petrel"=>"Pelagodroma marina", +"Pallas’s Fish Eagle"=>"Haliaeetus leucoryphus", +"Sandhill Crane"=>"Grus canadensis", +"Macqueen’s Bustard"=>"Chlamydotis macqueenii", +"White-tailed Lapwing"=>"Vanellus leucurus", +"Great Knot"=>"Calidris tenuirostris", +"Semipalmated Sandpiper"=>"Calidris pusilla", +"Red-necked Stint"=>"Calidris ruficollis", +"Slender-billed Curlew"=>"Numenius tenuirostris", +"Bridled Tern"=>"Onychoprion anaethetus", +"Pallas’s Sandgrouse"=>"Syrrhaptes paradoxus", +"European Scops Owl"=>"Otus scops", +"Northern Hawk Owl"=>"Surnia ulula", +"White-Throated Needletail"=>"Hirundapus caudacutus", +"Belted Kingfisher"=>"Ceryle alcyon", +"Blue-cheeked Bee-eater"=>"Merops persicus", +"Black-headed Wagtail"=>"Motacilla feldegg", +"Northern Mockingbird"=>"Mimus polyglottos", +"Alpine Accentor"=>"Prunella collaris", +"Red-flanked Bluetail"=>"Tarsiger cyanurus", +"Isabelline Wheatear"=>"Oenanthe isabellina", +"Pied Wheatear"=>"Oenanthe pleschanka", +"Eastern Black-eared Wheatear"=>"Oenanthe melanoleuca", +"Desert Wheatear"=>"Oenanthe deserti", +"White`s Thrush"=>"Zoothera aurea", +"Siberian Thrush"=>"Zoothera sibirica", +"Eyebrowed Thrush"=>"Turdus obscurus", +"Dusky Thrush"=>"Turdus eunomus", +"Black-throated Thrush"=>"Turdus atrogularis", +"Pallas`s Grasshopper Warbler"=>"Locustella certhiola", +"Spectacled Warbler"=>"Sylvia conspicillata", +"Two-barred Warbler"=>"Phylloscopus plumbeitarsus", +"Eastern Bonelli’s Warbler"=>"Phylloscopus orientalis", +"Collared Flycatcher"=>"Ficedula albicollis", +"Wallcreeper"=>"Tichodroma muraria", +"Turkestan Shrike"=>"Lanius phoenicuroides", +"Steppe Grey Shrike"=>"Lanius pallidirostris", +"Spanish Sparrow"=>"Passer hispaniolensis", +"Red-eyed Vireo"=>"Vireo olivaceus", +"Myrtle Warbler"=>"Dendroica coronata", +"White-crowned Sparrow"=>"Zonotrichia leucophrys", +"White-throated Sparrow"=>"Zonotrichia albicollis", +"Cretzschmar`s Bunting"=>"Emberiza caesia", +"Chestnut Bunting"=>"Emberiza rutila", +"Red-headed Bunting"=>"Emberiza bruniceps", +"Black-headed Bunting"=>"Emberiza melanocephala", +"Indigo Bunting"=>"Passerina cyanea", +"Balearic Woodchat Shrike"=>"Lanius senator badius", +"Demoiselle Crane"=>"Grus virgo", +"Chough"=>"Pyrrhocorax pyrrhocorax", +"Red-Billed Chough"=>"Pyrrhocorax graculus", +"Elegant Tern"=>"Sterna elegans", +"Chukar"=>"Alectoris chukar", +"Yellow-Billed Cuckoo"=>"Coccyzus americanus", +"American Sandwich Tern"=>"Sterna sandvicensis acuflavida", +"Olive-Tree Warbler"=>"Hippolais olivetorum", +"Eastern Olivaceous Warbler"=>"Acrocephalus pallidus", +"Indian Cormorant"=>"Phalacrocorax fuscicollis", +"Spur-Winged Lapwing"=>"Vanellus spinosus", +"Yelkouan Shearwater"=>"Puffinus yelkouan", +"Trumpeter Finch"=>"Bucanetes githagineus", +"Red Grouse"=>"Lagopus scoticus", +"Rock Ptarmigan"=>"Lagopus mutus", +"Long-Tailed Cormorant"=>"Phalacrocorax africanus", +"Double-crested Cormorant"=>"Phalacrocorax auritus", +"Magnificent Frigatebird"=>"Fregata magnificens", +"Naumann's Thrush"=>"Turdus naumanni", +"Oriental Pratincole"=>"Glareola maldivarum", +"Bufflehead"=>"Bucephala albeola", +"Snowfinch"=>"Montifrigilla nivalis", +"Ural owl"=>"Strix uralensis", +"Spanish Wagtail"=>"Motacilla iberiae", +"Song Sparrow"=>"Melospiza melodia", +"Rock Bunting"=>"Emberiza cia", +"Siberian Rubythroat"=>"Luscinia calliope", +"Pallid Swift"=>"Apus pallidus", +"Eurasian Pygmy Owl"=>"Glaucidium passerinum", +"Madeira Little Shearwater"=>"Puffinus baroli", +"House Finch"=>"Carpodacus mexicanus", +"Green Heron"=>"Butorides virescens", +"Solitary Sandpiper"=>"Tringa solitaria", +"Heuglin's Gull"=>"Larus heuglini" +); + +foreach ($items as $key=>$value) { + if (strpos(strtolower($key), $q) !== false) { + echo "$key|$value\n"; + } +} + +?>
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/demo/search.phps b/plugins/Autocomplete/jquery-autocomplete/demo/search.phps new file mode 100644 index 000000000..03c0c0eab --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/demo/search.phps @@ -0,0 +1,578 @@ +<?php + +$q = strtolower($_GET["q"]); +if (!$q) return; +$items = array( +"Great <em>Bittern</em>"=>"Botaurus stellaris", +"Little <em>Grebe</em>"=>"Tachybaptus ruficollis", +"Black-necked Grebe"=>"Podiceps nigricollis", +"Little Bittern"=>"Ixobrychus minutus", +"Black-crowned Night Heron"=>"Nycticorax nycticorax", +"Purple Heron"=>"Ardea purpurea", +"White Stork"=>"Ciconia ciconia", +"Spoonbill"=>"Platalea leucorodia", +"Red-crested Pochard"=>"Netta rufina", +"Common Eider"=>"Somateria mollissima", +"Red Kite"=>"Milvus milvus", +"Hen Harrier"=>"Circus cyaneus", +"Montagu`s Harrier"=>"Circus pygargus", +"Black Grouse"=>"Tetrao tetrix", +"Grey Partridge"=>"Perdix perdix", +"Spotted Crake"=>"Porzana porzana", +"Corncrake"=>"Crex crex", +"Common Crane"=>"Grus grus", +"Avocet"=>"Recurvirostra avosetta", +"Stone Curlew"=>"Burhinus oedicnemus", +"Common Ringed Plover"=>"Charadrius hiaticula", +"Kentish Plover"=>"Charadrius alexandrinus", +"Ruff"=>"Philomachus pugnax", +"Common Snipe"=>"Gallinago gallinago", +"Black-tailed Godwit"=>"Limosa limosa", +"Common Redshank"=>"Tringa totanus", +"Sandwich Tern"=>"Sterna sandvicensis", +"Common Tern"=>"Sterna hirundo", +"Arctic Tern"=>"Sterna paradisaea", +"Little Tern"=>"Sternula albifrons", +"Black Tern"=>"Chlidonias niger", +"Barn Owl"=>"Tyto alba", +"Little Owl"=>"Athene noctua", +"Short-eared Owl"=>"Asio flammeus", +"European Nightjar"=>"Caprimulgus europaeus", +"Common Kingfisher"=>"Alcedo atthis", +"Eurasian Hoopoe"=>"Upupa epops", +"Eurasian Wryneck"=>"Jynx torquilla", +"European Green Woodpecker"=>"Picus viridis", +"Crested Lark"=>"Galerida cristata", +"White-headed Duck"=>"Oxyura leucocephala", +"Pale-bellied Brent Goose"=>"Branta hrota", +"Tawny Pipit"=>"Anthus campestris", +"Whinchat"=>"Saxicola rubetra", +"European Stonechat"=>"Saxicola rubicola", +"Northern Wheatear"=>"Oenanthe oenanthe", +"Savi`s Warbler"=>"Locustella luscinioides", +"Sedge Warbler"=>"Acrocephalus schoenobaenus", +"Great Reed Warbler"=>"Acrocephalus arundinaceus", +"Bearded Reedling"=>"Panurus biarmicus", +"Red-backed Shrike"=>"Lanius collurio", +"Great Grey Shrike"=>"Lanius excubitor", +"Woodchat Shrike"=>"Lanius senator", +"Common Raven"=>"Corvus corax", +"Yellowhammer"=>"Emberiza citrinella", +"Ortolan Bunting"=>"Emberiza hortulana", +"Corn Bunting"=>"Emberiza calandra", +"Great Cormorant"=>"Phalacrocorax carbo", +"Hawfinch"=>"Coccothraustes coccothraustes", +"Common Shelduck"=>"Tadorna tadorna", +"Bluethroat"=>"Luscinia svecica", +"Grey Heron"=>"Ardea cinerea", +"Barn Swallow"=>"Hirundo rustica", +"Hooded Crow"=>"Corvus cornix", +"Dunlin"=>"Calidris alpina", +"Eurasian Pied Flycatcher"=>"Ficedula hypoleuca", +"Eurasian Nuthatch"=>"Sitta europaea", +"Short-toed Tree Creeper"=>"Certhia brachydactyla", +"Wood Lark"=>"Lullula arborea", +"Tree Pipit"=>"Anthus trivialis", +"Eurasian Hobby"=>"Falco subbuteo", +"Marsh Warbler"=>"Acrocephalus palustris", +"Wood Sandpiper"=>"Tringa glareola", +"Tawny Owl"=>"Strix aluco", +"Lesser Whitethroat"=>"Sylvia curruca", +"Barnacle Goose"=>"Branta leucopsis", +"Common Goldeneye"=>"Bucephala clangula", +"Western Marsh Harrier"=>"Circus aeruginosus", +"Common Buzzard"=>"Buteo buteo", +"Sanderling"=>"Calidris alba", +"Little Gull"=>"Larus minutus", +"Eurasian Magpie"=>"Pica pica", +"Willow Warbler"=>"Phylloscopus trochilus", +"Wood Warbler"=>"Phylloscopus sibilatrix", +"Great Crested Grebe"=>"Podiceps cristatus", +"Eurasian Jay"=>"Garrulus glandarius", +"Common Redstart"=>"Phoenicurus phoenicurus", +"Blue-headed Wagtail"=>"Motacilla flava", +"Common Swift"=>"Apus apus", +"Marsh Tit"=>"Poecile palustris", +"Goldcrest"=>"Regulus regulus", +"European Golden Plover"=>"Pluvialis apricaria", +"Eurasian Bullfinch"=>"Pyrrhula pyrrhula", +"Common Whitethroat"=>"Sylvia communis", +"Meadow Pipit"=>"Anthus pratensis", +"Greylag Goose"=>"Anser anser", +"Spotted Flycatcher"=>"Muscicapa striata", +"European Greenfinch"=>"Carduelis chloris", +"Common Greenshank"=>"Tringa nebularia", +"Great Spotted Woodpecker"=>"Dendrocopos major", +"Greater Canada Goose"=>"Branta canadensis", +"Mistle Thrush"=>"Turdus viscivorus", +"Great Black-backed Gull"=>"Larus marinus", +"Goosander"=>"Mergus merganser", +"Great Egret"=>"Casmerodius albus", +"Northern Goshawk"=>"Accipiter gentilis", +"Dunnock"=>"Prunella modularis", +"Stock Dove"=>"Columba oenas", +"Common Wood Pigeon"=>"Columba palumbus", +"Eurasian Woodcock"=>"Scolopax rusticola", +"House Sparrow"=>"Passer domesticus", +"Common House Martin"=>"Delichon urbicum", +"Red Knot"=>"Calidris canutus", +"Western Jackdaw"=>"Corvus monedula", +"Brambling"=>"Fringilla montifringilla", +"Northern Lapwing"=>"Vanellus vanellus", +"European Reed Warbler"=>"Acrocephalus scirpaceus", +"Lesser Black-backed Gull"=>"Larus fuscus", +"Little Egret"=>"Egretta garzetta", +"Little Stint"=>"Calidris minuta", +"Common Linnet"=>"Carduelis cannabina", +"Mute Swan"=>"Cygnus olor", +"Common Cuckoo"=>"Cuculus canorus", +"Black-headed Gull"=>"Larus ridibundus", +"Greater White-fronted Goose"=>"Anser albifrons", +"Great Tit"=>"Parus major", +"Redwing"=>"Turdus iliacus", +"Gadwall"=>"Anas strepera", +"Fieldfare"=>"Turdus pilaris", +"Tufted Duck"=>"Aythya fuligula", +"Crested Tit"=>"Lophophanes cristatus", +"Willow Tit"=>"Poecile montanus", +"Eurasian Coot"=>"Fulica atra", +"Common Blackbird"=>"Turdus merula", +"Smew"=>"Mergus albellus", +"Common Sandpiper"=>"Actitis hypoleucos", +"Sand Martin"=>"Riparia riparia", +"Purple Sandpiper"=>"Calidris maritima", +"Northern Pintail"=>"Anas acuta", +"Blue Tit"=>"Cyanistes caeruleus", +"European Goldfinch"=>"Carduelis carduelis", +"Eurasian Whimbrel"=>"Numenius phaeopus", +"Common Reed Bunting"=>"Emberiza schoeniclus", +"Eurasian Tree Sparrow"=>"Passer montanus", +"Rook"=>"Corvus frugilegus", +"European Robin"=>"Erithacus rubecula", +"Bar-tailed Godwit"=>"Limosa lapponica", +"Dark-bellied Brent Goose"=>"Branta bernicla", +"Eurasian Oystercatcher"=>"Haematopus ostralegus", +"Eurasian Siskin"=>"Carduelis spinus", +"Northern Shoveler"=>"Anas clypeata", +"Eurasian Wigeon"=>"Anas penelope", +"Eurasian Sparrow Hawk"=>"Accipiter nisus", +"Icterine Warbler"=>"Hippolais icterina", +"Common Starling"=>"Sturnus vulgaris", +"Long-tailed Tit"=>"Aegithalos caudatus", +"Ruddy Turnstone"=>"Arenaria interpres", +"Mew Gull"=>"Larus canus", +"Common Pochard"=>"Aythya ferina", +"Common Chiffchaff"=>"Phylloscopus collybita", +"Greater Scaup"=>"Aythya marila", +"Common Kestrel"=>"Falco tinnunculus", +"Garden Warbler"=>"Sylvia borin", +"Eurasian Collared Dove"=>"Streptopelia decaocto", +"Eurasian Skylark"=>"Alauda arvensis", +"Common Chaffinch"=>"Fringilla coelebs", +"Common Moorhen"=>"Gallinula chloropus", +"Water Pipit"=>"Anthus spinoletta", +"Mallard"=>"Anas platyrhynchos", +"Winter Wren"=>"Troglodytes troglodytes", +"Common Teal"=>"Anas crecca", +"Green Sandpiper"=>"Tringa ochropus", +"White Wagtail"=>"Motacilla alba", +"Eurasian Curlew"=>"Numenius arquata", +"Song Thrush"=>"Turdus philomelos", +"European Herring Gull"=>"Larus argentatus", +"Grey Plover"=>"Pluvialis squatarola", +"Carrion Crow"=>"Corvus corone", +"Coal Tit"=>"Periparus ater", +"Spotted Redshank"=>"Tringa erythropus", +"Blackcap"=>"Sylvia atricapilla", +"Egyptian Vulture"=>"Neophron percnopterus", +"Razorbill"=>"Alca torda", +"Alpine Swift"=>"Apus melba", +"Long-legged Buzzard"=>"Buteo rufinus", +"Audouin`s Gull"=>"Larus audouinii", +"Balearic Shearwater"=>"Puffinus mauretanicus", +"Upland Sandpiper"=>"Bartramia longicauda", +"Greater Spotted Eagle"=>"Aquila clanga", +"Ring Ouzel"=>"Turdus torquatus", +"Yellow-browed Warbler"=>"Phylloscopus inornatus", +"Blue Rock Thrush"=>"Monticola solitarius", +"Buff-breasted Sandpiper"=>"Tryngites subruficollis", +"Jack Snipe"=>"Lymnocryptes minimus", +"White-rumped Sandpiper"=>"Calidris fuscicollis", +"Ruddy Shelduck"=>"Tadorna ferruginea", +"Cetti's Warbler"=>"Cettia cetti", +"Citrine Wagtail"=>"Motacilla citreola", +"Roseate Tern"=>"Sterna dougallii", +"Black-legged Kittiwake"=>"Rissa tridactyla", +"Pygmy Cormorant"=>"Phalacrocorax pygmeus", +"Booted Eagle"=>"Aquila pennata", +"Lesser White-fronted Goose"=>"Anser erythropus", +"Little Bunting"=>"Emberiza pusilla", +"Eleonora's Falcon"=>"Falco eleonorae", +"European Serin"=>"Serinus serinus", +"Twite"=>"Carduelis flavirostris", +"Yellow-legged Gull"=>"Larus michahellis", +"Gyr Falcon"=>"Falco rusticolus", +"Greenish Warbler"=>"Phylloscopus trochiloides", +"Red-necked Phalarope"=>"Phalaropus lobatus", +"Mealy Redpoll"=>"Carduelis flammea", +"Glaucous Gull"=>"Larus hyperboreus", +"Great Skua"=>"Stercorarius skua", +"Great Bustard"=>"Otis tarda", +"Velvet Scoter"=>"Melanitta fusca", +"Pine Grosbeak"=>"Pinicola enucleator", +"House Crow"=>"Corvus splendens", +"Hume`s Leaf Warbler"=>"Phylloscopus humei", +"Great Northern Loon"=>"Gavia immer", +"Long-tailed Duck"=>"Clangula hyemalis", +"Lapland Longspur"=>"Calcarius lapponicus", +"Northern Gannet"=>"Morus bassanus", +"Eastern Imperial Eagle"=>"Aquila heliaca", +"Little Auk"=>"Alle alle", +"Lesser Spotted Woodpecker"=>"Dendrocopos minor", +"Iceland Gull"=>"Larus glaucoides", +"Parasitic Jaeger"=>"Stercorarius parasiticus", +"Bewick`s Swan"=>"Cygnus bewickii", +"Little Bustard"=>"Tetrax tetrax", +"Little Crake"=>"Porzana parva", +"Baillon`s Crake"=>"Porzana pusilla", +"Long-tailed Jaeger"=>"Stercorarius longicaudus", +"King Eider"=>"Somateria spectabilis", +"Greater Short-toed Lark"=>"Calandrella brachydactyla", +"Houbara Bustard"=>"Chlamydotis undulata", +"Curlew Sandpiper"=>"Calidris ferruginea", +"Common Crossbill"=>"Loxia curvirostra", +"European Shag"=>"Phalacrocorax aristotelis", +"Horned Grebe"=>"Podiceps auritus", +"Common Quail"=>"Coturnix coturnix", +"Bearded Vulture"=>"Gypaetus barbatus", +"Lanner Falcon"=>"Falco biarmicus", +"Middle Spotted Woodpecker"=>"Dendrocopos medius", +"Pomarine Jaeger"=>"Stercorarius pomarinus", +"Red-breasted Merganser"=>"Mergus serrator", +"Eurasian Black Vulture"=>"Aegypius monachus", +"Eurasian Dotterel"=>"Charadrius morinellus", +"Common Nightingale"=>"Luscinia megarhynchos", +"Northern willow warbler"=>"Phylloscopus trochilus acredula", +"Manx Shearwater"=>"Puffinus puffinus", +"Northern Fulmar"=>"Fulmarus glacialis", +"Eurasian Eagle Owl"=>"Bubo bubo", +"Orphean Warbler"=>"Sylvia hortensis", +"Melodious Warbler"=>"Hippolais polyglotta", +"Pallas's Leaf Warbler"=>"Phylloscopus proregulus", +"Atlantic Puffin"=>"Fratercula arctica", +"Black-throated Loon"=>"Gavia arctica", +"Bohemian Waxwing"=>"Bombycilla garrulus", +"Marsh Sandpiper"=>"Tringa stagnatilis", +"Great Snipe"=>"Gallinago media", +"Squacco Heron"=>"Ardeola ralloides", +"Long-eared Owl"=>"Asio otus", +"Caspian Tern"=>"Hydroprogne caspia", +"Red-breasted Goose"=>"Branta ruficollis", +"Red-throated Loon"=>"Gavia stellata", +"Common Rosefinch"=>"Carpodacus erythrinus", +"Red-footed Falcon"=>"Falco vespertinus", +"Ross's Goose"=>"Anser rossii", +"Red Phalarope"=>"Phalaropus fulicarius", +"Pied Wagtail"=>"Motacilla yarrellii", +"Rose-coloured Starling"=>"Sturnus roseus", +"Rough-legged Buzzard"=>"Buteo lagopus", +"Saker Falcon"=>"Falco cherrug", +"European Roller"=>"Coracias garrulus", +"Short-toed Eagle"=>"Circaetus gallicus", +"Peregrine Falcon"=>"Falco peregrinus", +"Merlin"=>"Falco columbarius", +"Snow Goose"=>"Anser caerulescens", +"Snowy Owl"=>"Bubo scandiacus", +"Snow Bunting"=>"Plectrophenax nivalis", +"Common Grasshopper Warbler"=>"Locustella naevia", +"Golden Eagle"=>"Aquila chrysaetos", +"Black-winged Stilt"=>"Himantopus himantopus", +"Steppe Eagle"=>"Aquila nipalensis", +"Pallid Harrier"=>"Circus macrourus", +"European Storm-petrel"=>"Hydrobates pelagicus", +"Horned Lark"=>"Eremophila alpestris", +"Eurasian Treecreeper"=>"Certhia familiaris", +"Taiga Bean Goose"=>"Anser fabalis", +"Temminck`s Stint"=>"Calidris temminckii", +"Terek Sandpiper"=>"Xenus cinereus", +"Tundra Bean Goose"=>"Anser serrirostris", +"European Turtle Dove"=>"Streptopelia turtur", +"Leach`s Storm-petrel"=>"Oceanodroma leucorhoa", +"Eurasian Griffon Vulture"=>"Gyps fulvus", +"Paddyfield Warbler"=>"Acrocephalus agricola", +"Osprey"=>"Pandion haliaetus", +"Firecrest"=>"Regulus ignicapilla", +"Water Rail"=>"Rallus aquaticus", +"European Honey Buzzard"=>"Pernis apivorus", +"Eurasian Golden Oriole"=>"Oriolus oriolus", +"Whooper Swan"=>"Cygnus cygnus", +"Two-barred Crossbill"=>"Loxia leucoptera", +"White-tailed Eagle"=>"Haliaeetus albicilla", +"Atlantic Murre"=>"Uria aalge", +"Garganey"=>"Anas querquedula", +"Black Redstart"=>"Phoenicurus ochruros", +"Common Scoter"=>"Melanitta nigra", +"Rock Pipit"=>"Anthus petrosus", +"Lesser Spotted Eagle"=>"Aquila pomarina", +"Cattle Egret"=>"Bubulcus ibis", +"White-winged Black Tern"=>"Chlidonias leucopterus", +"Black Stork"=>"Ciconia nigra", +"Mediterranean Gull"=>"Larus melanocephalus", +"Black Kite"=>"Milvus migrans", +"Yellow Wagtail"=>"Motacilla flavissima", +"Red-necked Grebe"=>"Podiceps grisegena", +"Gull-billed Tern"=>"Gelochelidon nilotica", +"Pectoral Sandpiper"=>"Calidris melanotos", +"Barred Warbler"=>"Sylvia nisoria", +"Red-throated Pipit"=>"Anthus cervinus", +"Grey Wagtail"=>"Motacilla cinerea", +"Richard`s Pipit"=>"Anthus richardi", +"Black Woodpecker"=>"Dryocopus martius", +"Little Ringed Plover"=>"Charadrius dubius", +"Whiskered Tern"=>"Chlidonias hybrida", +"Lesser Redpoll"=>"Carduelis cabaret", +"Pallas' Bunting"=>"Emberiza pallasi", +"Ferruginous Duck"=>"Aythya nyroca", +"Whistling Swan"=>"Cygnus columbianus", +"Black Brant"=>"Branta nigricans", +"Marbled Teal"=>"Marmaronetta angustirostris", +"Canvasback"=>"Aythya valisineria", +"Redhead"=>"Aythya americana", +"Lesser Scaup"=>"Aythya affinis", +"Steller`s Eider"=>"Polysticta stelleri", +"Spectacled Eider"=>"Somateria fischeri", +"Harlequin Duck"=>"Histronicus histrionicus", +"Black Scoter"=>"Melanitta americana", +"Surf Scoter"=>"Melanitta perspicillata", +"Barrow`s Goldeneye"=>"Bucephala islandica", +"Falcated Duck"=>"Anas falcata", +"American Wigeon"=>"Anas americana", +"Blue-winged Teal"=>"Anas discors", +"American Black Duck"=>"Anas rubripes", +"Baikal Teal"=>"Anas formosa", +"Green-Winged Teal"=>"Anas carolinensis", +"Hazel Grouse"=>"Bonasa bonasia", +"Rock Partridge"=>"Alectoris graeca", +"Red-legged Partridge"=>"Alectoris rufa", +"Yellow-billed Loon"=>"Gavia adamsii", +"Cory`s Shearwater"=>"Calonectris borealis", +"Madeiran Storm-Petrel"=>"Oceanodroma castro", +"Great White Pelican"=>"Pelecanus onocrotalus", +"Dalmatian Pelican"=>"Pelecanus crispus", +"American Bittern"=>"Botaurus lentiginosus", +"Glossy Ibis"=>"Plegadis falcinellus", +"Spanish Imperial Eagle"=>"Aquila adalberti", +"Lesser Kestrel"=>"Falco naumanni", +"Houbara Bustard"=>"Chlamydotis undulata", +"Crab-Plover"=>"Dromas ardeola", +"Cream-coloured Courser"=>"Cursorius cursor", +"Collared Pratincole"=>"Glareola pratincola", +"Black-winged Pratincole"=>"Glareola nordmanni", +"Killdeer"=>"Charadrius vociferus", +"Lesser Sand Plover"=>"Charadrius mongolus", +"Greater Sand Plover"=>"Charadrius leschenaultii", +"Caspian Plover"=>"Charadrius asiaticus", +"American Golden Plover"=>"Pluvialis dominica", +"Pacific Golden Plover"=>"Pluvialis fulva", +"Sharp-tailed Sandpiper"=>"Calidris acuminata", +"Broad-billed Sandpiper"=>"Limicola falcinellus", +"Spoon-Billed Sandpiper"=>"Eurynorhynchus pygmaeus", +"Short-Billed Dowitcher"=>"Limnodromus griseus", +"Long-billed Dowitcher"=>"Limnodromus scolopaceus", +"Hudsonian Godwit"=>"Limosa haemastica", +"Little Curlew"=>"Numenius minutus", +"Lesser Yellowlegs"=>"Tringa flavipes", +"Wilson`s Phalarope"=>"Phalaropus tricolor", +"Pallas`s Gull"=>"Larus ichthyaetus", +"Laughing Gull"=>"Larus atricilla", +"Franklin`s Gull"=>"Larus pipixcan", +"Bonaparte`s Gull"=>"Larus philadelphia", +"Ring-billed Gull"=>"Larus delawarensis", +"American Herring Gull"=>"Larus smithsonianus", +"Caspian Gull"=>"Larus cachinnans", +"Ivory Gull"=>"Pagophila eburnea", +"Royal Tern"=>"Sterna maxima", +"Brünnich`s Murre"=>"Uria lomvia", +"Crested Auklet"=>"Aethia cristatella", +"Parakeet Auklet"=>"Cyclorrhynchus psittacula", +"Tufted Puffin"=>"Lunda cirrhata", +"Laughing Dove"=>"Streptopelia senegalensis", +"Great Spotted Cuckoo"=>"Clamator glandarius", +"Great Grey Owl"=>"Strix nebulosa", +"Tengmalm`s Owl"=>"Aegolius funereus", +"Red-Necked Nightjar"=>"Caprimulgus ruficollis", +"Chimney Swift"=>"Chaetura pelagica", +"Green Bea-Eater"=>"Merops orientalis", +"Grey-headed Woodpecker"=>"Picus canus", +"Lesser Short-Toed Lark"=>"Calandrella rufescens", +"Eurasian Crag Martin"=>"Hirundo rupestris", +"Red-rumped Swallow"=>"Cecropis daurica", +"Blyth`s Pipit"=>"Anthus godlewskii", +"Pechora Pipit"=>"Anthus gustavi", +"Grey-headed Wagtail"=>"Motacilla thunbergi", +"Yellow-Headed Wagtail"=>"Motacilla lutea", +"White-throated Dipper"=>"Cinclus cinclus", +"Rufous-Tailed Scrub Robin"=>"Cercotrichas galactotes", +"Thrush Nightingale"=>"Luscinia luscinia", +"White-throated Robin"=>"Irania gutturalis", +"Caspian Stonechat"=>"Saxicola maura variegata", +"Western Black-eared Wheatear"=>"Oenanthe hispanica", +"Rufous-tailed Rock Thrush"=>"Monticola saxatilis", +"Red-throated Thrush/Black-throated"=>"Turdus ruficollis", +"American Robin"=>"Turdus migratorius", +"Zitting Cisticola"=>"Cisticola juncidis", +"Lanceolated Warbler"=>"Locustella lanceolata", +"River Warbler"=>"Locustella fluviatilis", +"Blyth`s Reed Warbler"=>"Acrocephalus dumetorum", +"Caspian Reed Warbler"=>"Acrocephalus fuscus", +"Aquatic Warbler"=>"Acrocephalus paludicola", +"Booted Warbler"=>"Acrocephalus caligatus", +"Marmora's Warbler"=>"Sylvia sarda", +"Dartford Warbler"=>"Sylvia undata", +"Subalpine Warbler"=>"Sylvia cantillans", +"Ménétries's Warbler"=>"Sylvia mystacea", +"Rüppel's Warbler"=>"Sylvia rueppelli", +"Asian Desert Warbler"=>"Sylvia nana", +"Western Orphean Warbler"=>"Sylvia hortensis hortensis", +"Arctic Warbler"=>"Phylloscopus borealis", +"Radde`s Warbler"=>"Phylloscopus schwarzi", +"Western Bonelli`s Warbler"=>"Phylloscopus bonelli", +"Red-breasted Flycatcher"=>"Ficedula parva", +"Eurasian Penduline Tit"=>"Remiz pendulinus", +"Daurian Shrike"=>"Lanius isabellinus", +"Long-Tailed Shrike"=>"Lanius schach", +"Lesser Grey Shrike"=>"Lanius minor", +"Southern Grey Shrike"=>"Lanius meridionalis", +"Masked Shrike"=>"Lanius nubicus", +"Spotted Nutcracker"=>"Nucifraga caryocatactes", +"Daurian Jackdaw"=>"Corvus dauuricus", +"Purple-Backed Starling"=>"Sturnus sturninus", +"Red-Fronted Serin"=>"Serinus pusillus", +"Arctic Redpoll"=>"Carduelis hornemanni", +"Scottish Crossbill"=>"Loxia scotica", +"Parrot Crossbill"=>"Loxia pytyopsittacus", +"Black-faced Bunting"=>"Emberiza spodocephala", +"Pink-footed Goose"=>"Anser brachyrhynchus", +"Black-winged Kite"=>"Elanus caeruleus", +"European Bee-eater"=>"Merops apiaster", +"Sabine`s Gull"=>"Larus sabini", +"Sooty Shearwater"=>"Puffinus griseus", +"Lesser Canada Goose"=>"Branta hutchinsii", +"Ring-necked Duck"=>"Aythya collaris", +"Greater Flamingo"=>"Phoenicopterus roseus", +"Iberian Chiffchaff"=>"Phylloscopus ibericus", +"Ashy-headed Wagtail"=>"Motacilla cinereocapilla", +"Stilt Sandpiper"=>"Calidris himantopus", +"Siberian Stonechat"=>"Saxicola maurus", +"Greater Yellowlegs"=>"Tringa melanoleuca", +"Forster`s Tern"=>"Sterna forsteri", +"Dusky Warbler"=>"Phylloscopus fuscatus", +"Cirl Bunting"=>"Emberiza cirlus", +"Olive-backed Pipit"=>"Anthus hodgsoni", +"Sociable Lapwing"=>"Vanellus gregarius", +"Spotted Sandpiper"=>"Actitis macularius", +"Baird`s Sandpiper"=>"Calidris bairdii", +"Rustic Bunting"=>"Emberiza rustica", +"Yellow-browed Bunting"=>"Emberiza chrysophrys", +"Great Shearwater"=>"Puffinus gravis", +"Bonelli`s Eagle"=>"Aquila fasciata", +"Calandra Lark"=>"Melanocorypha calandra", +"Sardinian Warbler"=>"Sylvia melanocephala", +"Ross's Gull"=>"Larus roseus", +"Yellow-Breasted Bunting"=>"Emberiza aureola", +"Pine Bunting"=>"Emberiza leucocephalos", +"Black Guillemot"=>"Cepphus grylle", +"Pied-billed Grebe"=>"Podilymbus podiceps", +"Soft-plumaged Petrel"=>"Pterodroma mollis", +"Bulwer's Petrel"=>"Bulweria bulwerii", +"White-Faced Storm-Petrel"=>"Pelagodroma marina", +"Pallas’s Fish Eagle"=>"Haliaeetus leucoryphus", +"Sandhill Crane"=>"Grus canadensis", +"Macqueen’s Bustard"=>"Chlamydotis macqueenii", +"White-tailed Lapwing"=>"Vanellus leucurus", +"Great Knot"=>"Calidris tenuirostris", +"Semipalmated Sandpiper"=>"Calidris pusilla", +"Red-necked Stint"=>"Calidris ruficollis", +"Slender-billed Curlew"=>"Numenius tenuirostris", +"Bridled Tern"=>"Onychoprion anaethetus", +"Pallas’s Sandgrouse"=>"Syrrhaptes paradoxus", +"European Scops Owl"=>"Otus scops", +"Northern Hawk Owl"=>"Surnia ulula", +"White-Throated Needletail"=>"Hirundapus caudacutus", +"Belted Kingfisher"=>"Ceryle alcyon", +"Blue-cheeked Bee-eater"=>"Merops persicus", +"Black-headed Wagtail"=>"Motacilla feldegg", +"Northern Mockingbird"=>"Mimus polyglottos", +"Alpine Accentor"=>"Prunella collaris", +"Red-flanked Bluetail"=>"Tarsiger cyanurus", +"Isabelline Wheatear"=>"Oenanthe isabellina", +"Pied Wheatear"=>"Oenanthe pleschanka", +"Eastern Black-eared Wheatear"=>"Oenanthe melanoleuca", +"Desert Wheatear"=>"Oenanthe deserti", +"White`s Thrush"=>"Zoothera aurea", +"Siberian Thrush"=>"Zoothera sibirica", +"Eyebrowed Thrush"=>"Turdus obscurus", +"Dusky Thrush"=>"Turdus eunomus", +"Black-throated Thrush"=>"Turdus atrogularis", +"Pallas`s Grasshopper Warbler"=>"Locustella certhiola", +"Spectacled Warbler"=>"Sylvia conspicillata", +"Two-barred Warbler"=>"Phylloscopus plumbeitarsus", +"Eastern Bonelli’s Warbler"=>"Phylloscopus orientalis", +"Collared Flycatcher"=>"Ficedula albicollis", +"Wallcreeper"=>"Tichodroma muraria", +"Turkestan Shrike"=>"Lanius phoenicuroides", +"Steppe Grey Shrike"=>"Lanius pallidirostris", +"Spanish Sparrow"=>"Passer hispaniolensis", +"Red-eyed Vireo"=>"Vireo olivaceus", +"Myrtle Warbler"=>"Dendroica coronata", +"White-crowned Sparrow"=>"Zonotrichia leucophrys", +"White-throated Sparrow"=>"Zonotrichia albicollis", +"Cretzschmar`s Bunting"=>"Emberiza caesia", +"Chestnut Bunting"=>"Emberiza rutila", +"Red-headed Bunting"=>"Emberiza bruniceps", +"Black-headed Bunting"=>"Emberiza melanocephala", +"Indigo Bunting"=>"Passerina cyanea", +"Balearic Woodchat Shrike"=>"Lanius senator badius", +"Demoiselle Crane"=>"Grus virgo", +"Chough"=>"Pyrrhocorax pyrrhocorax", +"Red-Billed Chough"=>"Pyrrhocorax graculus", +"Elegant Tern"=>"Sterna elegans", +"Chukar"=>"Alectoris chukar", +"Yellow-Billed Cuckoo"=>"Coccyzus americanus", +"American Sandwich Tern"=>"Sterna sandvicensis acuflavida", +"Olive-Tree Warbler"=>"Hippolais olivetorum", +"Eastern Olivaceous Warbler"=>"Acrocephalus pallidus", +"Indian Cormorant"=>"Phalacrocorax fuscicollis", +"Spur-Winged Lapwing"=>"Vanellus spinosus", +"Yelkouan Shearwater"=>"Puffinus yelkouan", +"Trumpeter Finch"=>"Bucanetes githagineus", +"Red Grouse"=>"Lagopus scoticus", +"Rock Ptarmigan"=>"Lagopus mutus", +"Long-Tailed Cormorant"=>"Phalacrocorax africanus", +"Double-crested Cormorant"=>"Phalacrocorax auritus", +"Magnificent Frigatebird"=>"Fregata magnificens", +"Naumann's Thrush"=>"Turdus naumanni", +"Oriental Pratincole"=>"Glareola maldivarum", +"Bufflehead"=>"Bucephala albeola", +"Snowfinch"=>"Montifrigilla nivalis", +"Ural owl"=>"Strix uralensis", +"Spanish Wagtail"=>"Motacilla iberiae", +"Song Sparrow"=>"Melospiza melodia", +"Rock Bunting"=>"Emberiza cia", +"Siberian Rubythroat"=>"Luscinia calliope", +"Pallid Swift"=>"Apus pallidus", +"Eurasian Pygmy Owl"=>"Glaucidium passerinum", +"Madeira Little Shearwater"=>"Puffinus baroli", +"House Finch"=>"Carpodacus mexicanus", +"Green Heron"=>"Butorides virescens", +"Solitary Sandpiper"=>"Tringa solitaria", +"Heuglin's Gull"=>"Larus heuglini" +); + +foreach ($items as $key=>$value) { + if (strpos(strtolower($key), $q) !== false) { + echo "$key|$value\n"; + } +} + +?>
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.css b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.css new file mode 100644 index 000000000..91b622833 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.css @@ -0,0 +1,48 @@ +.ac_results { + padding: 0px; + border: 1px solid black; + background-color: white; + overflow: hidden; + z-index: 99999; +} + +.ac_results ul { + width: 100%; + list-style-position: outside; + list-style: none; + padding: 0; + margin: 0; +} + +.ac_results li { + margin: 0px; + padding: 2px 5px; + cursor: default; + display: block; + /* + if width will be 100% horizontal scrollbar will apear + when scroll mode will be used + */ + /*width: 100%;*/ + font: menu; + font-size: 12px; + /* + it is very important, if line-height not setted or setted + in relative units scroll will be broken in firefox + */ + line-height: 16px; + overflow: hidden; +} + +.ac_loading { + background: white url('indicator.gif') right center no-repeat; +} + +.ac_odd { + background-color: #eee; +} + +.ac_over { + background-color: #0A246A; + color: white; +} diff --git a/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.js b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.js new file mode 100644 index 000000000..5ad9178f8 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.js @@ -0,0 +1,759 @@ +/* + * Autocomplete - jQuery plugin 1.0.2 + * + * Copyright (c) 2007 Dylan Verheul, Dan G. Switzer, Anjesh Tuladhar, Jörn Zaefferer + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + * Revision: $Id: jquery.autocomplete.js 5747 2008-06-25 18:30:55Z joern.zaefferer $ + * + */ + +;(function($) { + +$.fn.extend({ + autocomplete: function(urlOrData, options) { + var isUrl = typeof urlOrData == "string"; + options = $.extend({}, $.Autocompleter.defaults, { + url: isUrl ? urlOrData : null, + data: isUrl ? null : urlOrData, + delay: isUrl ? $.Autocompleter.defaults.delay : 10, + max: options && !options.scroll ? 10 : 150 + }, options); + + // if highlight is set to false, replace it with a do-nothing function + options.highlight = options.highlight || function(value) { return value; }; + + // if the formatMatch option is not specified, then use formatItem for backwards compatibility + options.formatMatch = options.formatMatch || options.formatItem; + + return this.each(function() { + new $.Autocompleter(this, options); + }); + }, + result: function(handler) { + return this.bind("result", handler); + }, + search: function(handler) { + return this.trigger("search", [handler]); + }, + flushCache: function() { + return this.trigger("flushCache"); + }, + setOptions: function(options){ + return this.trigger("setOptions", [options]); + }, + unautocomplete: function() { + return this.trigger("unautocomplete"); + } +}); + +$.Autocompleter = function(input, options) { + + var KEY = { + UP: 38, + DOWN: 40, + DEL: 46, + TAB: 9, + RETURN: 13, + ESC: 27, + COMMA: 188, + PAGEUP: 33, + PAGEDOWN: 34, + BACKSPACE: 8 + }; + + // Create $ object for input element + var $input = $(input).attr("autocomplete", "off").addClass(options.inputClass); + + var timeout; + var previousValue = ""; + var cache = $.Autocompleter.Cache(options); + var hasFocus = 0; + var lastKeyPressCode; + var config = { + mouseDownOnSelect: false + }; + var select = $.Autocompleter.Select(options, input, selectCurrent, config); + + var blockSubmit; + + // prevent form submit in opera when selecting with return key + $.browser.opera && $(input.form).bind("submit.autocomplete", function() { + if (blockSubmit) { + blockSubmit = false; + return false; + } + }); + + // only opera doesn't trigger keydown multiple times while pressed, others don't work with keypress at all + $input.bind(($.browser.opera ? "keypress" : "keydown") + ".autocomplete", function(event) { + // track last key pressed + lastKeyPressCode = event.keyCode; + switch(event.keyCode) { + + case KEY.UP: + event.preventDefault(); + if ( select.visible() ) { + select.prev(); + } else { + onChange(0, true); + } + break; + + case KEY.DOWN: + event.preventDefault(); + if ( select.visible() ) { + select.next(); + } else { + onChange(0, true); + } + break; + + case KEY.PAGEUP: + event.preventDefault(); + if ( select.visible() ) { + select.pageUp(); + } else { + onChange(0, true); + } + break; + + case KEY.PAGEDOWN: + event.preventDefault(); + if ( select.visible() ) { + select.pageDown(); + } else { + onChange(0, true); + } + break; + + // matches also semicolon + case options.multiple && $.trim(options.multipleSeparator) == "," && KEY.COMMA: + case KEY.TAB: + case KEY.RETURN: + if( selectCurrent() ) { + // stop default to prevent a form submit, Opera needs special handling + event.preventDefault(); + blockSubmit = true; + return false; + } + break; + + case KEY.ESC: + select.hide(); + break; + + default: + clearTimeout(timeout); + timeout = setTimeout(onChange, options.delay); + break; + } + }).focus(function(){ + // track whether the field has focus, we shouldn't process any + // results if the field no longer has focus + hasFocus++; + }).blur(function() { + hasFocus = 0; + if (!config.mouseDownOnSelect) { + hideResults(); + } + }).click(function() { + // show select when clicking in a focused field + if ( hasFocus++ > 1 && !select.visible() ) { + onChange(0, true); + } + }).bind("search", function() { + // TODO why not just specifying both arguments? + var fn = (arguments.length > 1) ? arguments[1] : null; + function findValueCallback(q, data) { + var result; + if( data && data.length ) { + for (var i=0; i < data.length; i++) { + if( data[i].result.toLowerCase() == q.toLowerCase() ) { + result = data[i]; + break; + } + } + } + if( typeof fn == "function" ) fn(result); + else $input.trigger("result", result && [result.data, result.value]); + } + $.each(trimWords($input.val()), function(i, value) { + request(value, findValueCallback, findValueCallback); + }); + }).bind("flushCache", function() { + cache.flush(); + }).bind("setOptions", function() { + $.extend(options, arguments[1]); + // if we've updated the data, repopulate + if ( "data" in arguments[1] ) + cache.populate(); + }).bind("unautocomplete", function() { + select.unbind(); + $input.unbind(); + $(input.form).unbind(".autocomplete"); + }); + + + function selectCurrent() { + var selected = select.selected(); + if( !selected ) + return false; + + var v = selected.result; + previousValue = v; + + if ( options.multiple ) { + var words = trimWords($input.val()); + if ( words.length > 1 ) { + v = words.slice(0, words.length - 1).join( options.multipleSeparator ) + options.multipleSeparator + v; + } + v += options.multipleSeparator; + } + + $input.val(v); + hideResultsNow(); + $input.trigger("result", [selected.data, selected.value]); + return true; + } + + function onChange(crap, skipPrevCheck) { + if( lastKeyPressCode == KEY.DEL ) { + select.hide(); + return; + } + + var currentValue = $input.val(); + + if ( !skipPrevCheck && currentValue == previousValue ) + return; + + previousValue = currentValue; + + currentValue = lastWord(currentValue); + if ( currentValue.length >= options.minChars) { + $input.addClass(options.loadingClass); + if (!options.matchCase) + currentValue = currentValue.toLowerCase(); + request(currentValue, receiveData, hideResultsNow); + } else { + stopLoading(); + select.hide(); + } + }; + + function trimWords(value) { + if ( !value ) { + return [""]; + } + var words = value.split( options.multipleSeparator ); + var result = []; + $.each(words, function(i, value) { + if ( $.trim(value) ) + result[i] = $.trim(value); + }); + return result; + } + + function lastWord(value) { + if ( !options.multiple ) + return value; + var words = trimWords(value); + return words[words.length - 1]; + } + + // fills in the input box w/the first match (assumed to be the best match) + // q: the term entered + // sValue: the first matching result + function autoFill(q, sValue){ + // autofill in the complete box w/the first match as long as the user hasn't entered in more data + // if the last user key pressed was backspace, don't autofill + if( options.autoFill && (lastWord($input.val()).toLowerCase() == q.toLowerCase()) && lastKeyPressCode != KEY.BACKSPACE ) { + // fill in the value (keep the case the user has typed) + $input.val($input.val() + sValue.substring(lastWord(previousValue).length)); + // select the portion of the value not typed by the user (so the next character will erase) + $.Autocompleter.Selection(input, previousValue.length, previousValue.length + sValue.length); + } + }; + + function hideResults() { + clearTimeout(timeout); + timeout = setTimeout(hideResultsNow, 200); + }; + + function hideResultsNow() { + var wasVisible = select.visible(); + select.hide(); + clearTimeout(timeout); + stopLoading(); + if (options.mustMatch) { + // call search and run callback + $input.search( + function (result){ + // if no value found, clear the input box + if( !result ) { + if (options.multiple) { + var words = trimWords($input.val()).slice(0, -1); + $input.val( words.join(options.multipleSeparator) + (words.length ? options.multipleSeparator : "") ); + } + else + $input.val( "" ); + } + } + ); + } + if (wasVisible) + // position cursor at end of input field + $.Autocompleter.Selection(input, input.value.length, input.value.length); + }; + + function receiveData(q, data) { + if ( data && data.length && hasFocus ) { + stopLoading(); + select.display(data, q); + autoFill(q, data[0].value); + select.show(); + } else { + hideResultsNow(); + } + }; + + function request(term, success, failure) { + if (!options.matchCase) + term = term.toLowerCase(); + var data = cache.load(term); + // recieve the cached data + if (data && data.length) { + success(term, data); + // if an AJAX url has been supplied, try loading the data now + } else if( (typeof options.url == "string") && (options.url.length > 0) ){ + + var extraParams = { + timestamp: +new Date() + }; + $.each(options.extraParams, function(key, param) { + extraParams[key] = typeof param == "function" ? param() : param; + }); + + $.ajax({ + // try to leverage ajaxQueue plugin to abort previous requests + mode: "abort", + // limit abortion to this input + port: "autocomplete" + input.name, + dataType: options.dataType, + url: options.url, + data: $.extend({ + q: lastWord(term), + limit: options.max + }, extraParams), + success: function(data) { + var parsed = options.parse && options.parse(data) || parse(data); + cache.add(term, parsed); + success(term, parsed); + } + }); + } else { + // if we have a failure, we need to empty the list -- this prevents the the [TAB] key from selecting the last successful match + select.emptyList(); + failure(term); + } + }; + + function parse(data) { + var parsed = []; + var rows = data.split("\n"); + for (var i=0; i < rows.length; i++) { + var row = $.trim(rows[i]); + if (row) { + row = row.split("|"); + parsed[parsed.length] = { + data: row, + value: row[0], + result: options.formatResult && options.formatResult(row, row[0]) || row[0] + }; + } + } + return parsed; + }; + + function stopLoading() { + $input.removeClass(options.loadingClass); + }; + +}; + +$.Autocompleter.defaults = { + inputClass: "ac_input", + resultsClass: "ac_results", + loadingClass: "ac_loading", + minChars: 1, + delay: 400, + matchCase: false, + matchSubset: true, + matchContains: false, + cacheLength: 10, + max: 100, + mustMatch: false, + extraParams: {}, + selectFirst: true, + formatItem: function(row) { return row[0]; }, + formatMatch: null, + autoFill: false, + width: 0, + multiple: false, + multipleSeparator: ", ", + highlight: function(value, term) { + return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term.replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi, "\\$1") + ")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>"); + }, + scroll: true, + scrollHeight: 180 +}; + +$.Autocompleter.Cache = function(options) { + + var data = {}; + var length = 0; + + function matchSubset(s, sub) { + if (!options.matchCase) + s = s.toLowerCase(); + var i = s.indexOf(sub); + if (i == -1) return false; + return i == 0 || options.matchContains; + }; + + function add(q, value) { + if (length > options.cacheLength){ + flush(); + } + if (!data[q]){ + length++; + } + data[q] = value; + } + + function populate(){ + if( !options.data ) return false; + // track the matches + var stMatchSets = {}, + nullData = 0; + + // no url was specified, we need to adjust the cache length to make sure it fits the local data store + if( !options.url ) options.cacheLength = 1; + + // track all options for minChars = 0 + stMatchSets[""] = []; + + // loop through the array and create a lookup structure + for ( var i = 0, ol = options.data.length; i < ol; i++ ) { + var rawValue = options.data[i]; + // if rawValue is a string, make an array otherwise just reference the array + rawValue = (typeof rawValue == "string") ? [rawValue] : rawValue; + + var value = options.formatMatch(rawValue, i+1, options.data.length); + if ( value === false ) + continue; + + var firstChar = value.charAt(0).toLowerCase(); + // if no lookup array for this character exists, look it up now + if( !stMatchSets[firstChar] ) + stMatchSets[firstChar] = []; + + // if the match is a string + var row = { + value: value, + data: rawValue, + result: options.formatResult && options.formatResult(rawValue) || value + }; + + // push the current match into the set list + stMatchSets[firstChar].push(row); + + // keep track of minChars zero items + if ( nullData++ < options.max ) { + stMatchSets[""].push(row); + } + }; + + // add the data items to the cache + $.each(stMatchSets, function(i, value) { + // increase the cache size + options.cacheLength++; + // add to the cache + add(i, value); + }); + } + + // populate any existing data + setTimeout(populate, 25); + + function flush(){ + data = {}; + length = 0; + } + + return { + flush: flush, + add: add, + populate: populate, + load: function(q) { + if (!options.cacheLength || !length) + return null; + /* + * if dealing w/local data and matchContains than we must make sure + * to loop through all the data collections looking for matches + */ + if( !options.url && options.matchContains ){ + // track all matches + var csub = []; + // loop through all the data grids for matches + for( var k in data ){ + // don't search through the stMatchSets[""] (minChars: 0) cache + // this prevents duplicates + if( k.length > 0 ){ + var c = data[k]; + $.each(c, function(i, x) { + // if we've got a match, add it to the array + if (matchSubset(x.value, q)) { + csub.push(x); + } + }); + } + } + return csub; + } else + // if the exact item exists, use it + if (data[q]){ + return data[q]; + } else + if (options.matchSubset) { + for (var i = q.length - 1; i >= options.minChars; i--) { + var c = data[q.substr(0, i)]; + if (c) { + var csub = []; + $.each(c, function(i, x) { + if (matchSubset(x.value, q)) { + csub[csub.length] = x; + } + }); + return csub; + } + } + } + return null; + } + }; +}; + +$.Autocompleter.Select = function (options, input, select, config) { + var CLASSES = { + ACTIVE: "ac_over" + }; + + var listItems, + active = -1, + data, + term = "", + needsInit = true, + element, + list; + + // Create results + function init() { + if (!needsInit) + return; + element = $("<div/>") + .hide() + .addClass(options.resultsClass) + .css("position", "absolute") + .appendTo(document.body); + + list = $("<ul/>").appendTo(element).mouseover( function(event) { + if(target(event).nodeName && target(event).nodeName.toUpperCase() == 'LI') { + active = $("li", list).removeClass(CLASSES.ACTIVE).index(target(event)); + $(target(event)).addClass(CLASSES.ACTIVE); + } + }).click(function(event) { + $(target(event)).addClass(CLASSES.ACTIVE); + select(); + // TODO provide option to avoid setting focus again after selection? useful for cleanup-on-focus + input.focus(); + return false; + }).mousedown(function() { + config.mouseDownOnSelect = true; + }).mouseup(function() { + config.mouseDownOnSelect = false; + }); + + if( options.width > 0 ) + element.css("width", options.width); + + needsInit = false; + } + + function target(event) { + var element = event.target; + while(element && element.tagName != "LI") + element = element.parentNode; + // more fun with IE, sometimes event.target is empty, just ignore it then + if(!element) + return []; + return element; + } + + function moveSelect(step) { + listItems.slice(active, active + 1).removeClass(CLASSES.ACTIVE); + movePosition(step); + var activeItem = listItems.slice(active, active + 1).addClass(CLASSES.ACTIVE); + if(options.scroll) { + var offset = 0; + listItems.slice(0, active).each(function() { + offset += this.offsetHeight; + }); + if((offset + activeItem[0].offsetHeight - list.scrollTop()) > list[0].clientHeight) { + list.scrollTop(offset + activeItem[0].offsetHeight - list.innerHeight()); + } else if(offset < list.scrollTop()) { + list.scrollTop(offset); + } + } + }; + + function movePosition(step) { + active += step; + if (active < 0) { + active = listItems.size() - 1; + } else if (active >= listItems.size()) { + active = 0; + } + } + + function limitNumberOfItems(available) { + return options.max && options.max < available + ? options.max + : available; + } + + function fillList() { + list.empty(); + var max = limitNumberOfItems(data.length); + for (var i=0; i < max; i++) { + if (!data[i]) + continue; + var formatted = options.formatItem(data[i].data, i+1, max, data[i].value, term); + if ( formatted === false ) + continue; + var li = $("<li/>").html( options.highlight(formatted, term) ).addClass(i%2 == 0 ? "ac_even" : "ac_odd").appendTo(list)[0]; + $.data(li, "ac_data", data[i]); + } + listItems = list.find("li"); + if ( options.selectFirst ) { + listItems.slice(0, 1).addClass(CLASSES.ACTIVE); + active = 0; + } + // apply bgiframe if available + if ( $.fn.bgiframe ) + list.bgiframe(); + } + + return { + display: function(d, q) { + init(); + data = d; + term = q; + fillList(); + }, + next: function() { + moveSelect(1); + }, + prev: function() { + moveSelect(-1); + }, + pageUp: function() { + if (active != 0 && active - 8 < 0) { + moveSelect( -active ); + } else { + moveSelect(-8); + } + }, + pageDown: function() { + if (active != listItems.size() - 1 && active + 8 > listItems.size()) { + moveSelect( listItems.size() - 1 - active ); + } else { + moveSelect(8); + } + }, + hide: function() { + element && element.hide(); + listItems && listItems.removeClass(CLASSES.ACTIVE); + active = -1; + }, + visible : function() { + return element && element.is(":visible"); + }, + current: function() { + return this.visible() && (listItems.filter("." + CLASSES.ACTIVE)[0] || options.selectFirst && listItems[0]); + }, + show: function() { + var offset = $(input).offset(); + element.css({ + width: typeof options.width == "string" || options.width > 0 ? options.width : $(input).width(), + top: offset.top + input.offsetHeight, + left: offset.left + }).show(); + if(options.scroll) { + list.scrollTop(0); + list.css({ + maxHeight: options.scrollHeight, + overflow: 'auto' + }); + + if($.browser.msie && typeof document.body.style.maxHeight === "undefined") { + var listHeight = 0; + listItems.each(function() { + listHeight += this.offsetHeight; + }); + var scrollbarsVisible = listHeight > options.scrollHeight; + list.css('height', scrollbarsVisible ? options.scrollHeight : listHeight ); + if (!scrollbarsVisible) { + // IE doesn't recalculate width when scrollbar disappears + listItems.width( list.width() - parseInt(listItems.css("padding-left")) - parseInt(listItems.css("padding-right")) ); + } + } + + } + }, + selected: function() { + var selected = listItems && listItems.filter("." + CLASSES.ACTIVE).removeClass(CLASSES.ACTIVE); + return selected && selected.length && $.data(selected[0], "ac_data"); + }, + emptyList: function (){ + list && list.empty(); + }, + unbind: function() { + element && element.remove(); + } + }; +}; + +$.Autocompleter.Selection = function(field, start, end) { + if( field.createTextRange ){ + var selRange = field.createTextRange(); + selRange.collapse(true); + selRange.moveStart("character", start); + selRange.moveEnd("character", end); + selRange.select(); + } else if( field.setSelectionRange ){ + field.setSelectionRange(start, end); + } else { + if( field.selectionStart ){ + field.selectionStart = start; + field.selectionEnd = end; + } + } + field.focus(); +}; + +})(jQuery);
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.min.js b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.min.js new file mode 100644 index 000000000..c9ddfb220 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.min.js @@ -0,0 +1,15 @@ +/* + * Autocomplete - jQuery plugin 1.0.2 + * + * Copyright (c) 2007 Dylan Verheul, Dan G. Switzer, Anjesh Tuladhar, Jörn Zaefferer + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + * Revision: $Id: jquery.autocomplete.js 5747 2008-06-25 18:30:55Z joern.zaefferer $ + * + */;(function($){$.fn.extend({autocomplete:function(urlOrData,options){var isUrl=typeof urlOrData=="string";options=$.extend({},$.Autocompleter.defaults,{url:isUrl?urlOrData:null,data:isUrl?null:urlOrData,delay:isUrl?$.Autocompleter.defaults.delay:10,max:options&&!options.scroll?10:150},options);options.highlight=options.highlight||function(value){return value;};options.formatMatch=options.formatMatch||options.formatItem;return this.each(function(){new $.Autocompleter(this,options);});},result:function(handler){return this.bind("result",handler);},search:function(handler){return this.trigger("search",[handler]);},flushCache:function(){return this.trigger("flushCache");},setOptions:function(options){return this.trigger("setOptions",[options]);},unautocomplete:function(){return this.trigger("unautocomplete");}});$.Autocompleter=function(input,options){var KEY={UP:38,DOWN:40,DEL:46,TAB:9,RETURN:13,ESC:27,COMMA:188,PAGEUP:33,PAGEDOWN:34,BACKSPACE:8};var $input=$(input).attr("autocomplete","off").addClass(options.inputClass);var timeout;var previousValue="";var cache=$.Autocompleter.Cache(options);var hasFocus=0;var lastKeyPressCode;var config={mouseDownOnSelect:false};var select=$.Autocompleter.Select(options,input,selectCurrent,config);var blockSubmit;$.browser.opera&&$(input.form).bind("submit.autocomplete",function(){if(blockSubmit){blockSubmit=false;return false;}});$input.bind(($.browser.opera?"keypress":"keydown")+".autocomplete",function(event){lastKeyPressCode=event.keyCode;switch(event.keyCode){case KEY.UP:event.preventDefault();if(select.visible()){select.prev();}else{onChange(0,true);}break;case KEY.DOWN:event.preventDefault();if(select.visible()){select.next();}else{onChange(0,true);}break;case KEY.PAGEUP:event.preventDefault();if(select.visible()){select.pageUp();}else{onChange(0,true);}break;case KEY.PAGEDOWN:event.preventDefault();if(select.visible()){select.pageDown();}else{onChange(0,true);}break;case options.multiple&&$.trim(options.multipleSeparator)==","&&KEY.COMMA:case KEY.TAB:case KEY.RETURN:if(selectCurrent()){event.preventDefault();blockSubmit=true;return false;}break;case KEY.ESC:select.hide();break;default:clearTimeout(timeout);timeout=setTimeout(onChange,options.delay);break;}}).focus(function(){hasFocus++;}).blur(function(){hasFocus=0;if(!config.mouseDownOnSelect){hideResults();}}).click(function(){if(hasFocus++>1&&!select.visible()){onChange(0,true);}}).bind("search",function(){var fn=(arguments.length>1)?arguments[1]:null;function findValueCallback(q,data){var result;if(data&&data.length){for(var i=0;i<data.length;i++){if(data[i].result.toLowerCase()==q.toLowerCase()){result=data[i];break;}}}if(typeof fn=="function")fn(result);else $input.trigger("result",result&&[result.data,result.value]);}$.each(trimWords($input.val()),function(i,value){request(value,findValueCallback,findValueCallback);});}).bind("flushCache",function(){cache.flush();}).bind("setOptions",function(){$.extend(options,arguments[1]);if("data"in arguments[1])cache.populate();}).bind("unautocomplete",function(){select.unbind();$input.unbind();$(input.form).unbind(".autocomplete");});function selectCurrent(){var selected=select.selected();if(!selected)return false;var v=selected.result;previousValue=v;if(options.multiple){var words=trimWords($input.val());if(words.length>1){v=words.slice(0,words.length-1).join(options.multipleSeparator)+options.multipleSeparator+v;}v+=options.multipleSeparator;}$input.val(v);hideResultsNow();$input.trigger("result",[selected.data,selected.value]);return true;}function onChange(crap,skipPrevCheck){if(lastKeyPressCode==KEY.DEL){select.hide();return;}var currentValue=$input.val();if(!skipPrevCheck&¤tValue==previousValue)return;previousValue=currentValue;currentValue=lastWord(currentValue);if(currentValue.length>=options.minChars){$input.addClass(options.loadingClass);if(!options.matchCase)currentValue=currentValue.toLowerCase();request(currentValue,receiveData,hideResultsNow);}else{stopLoading();select.hide();}};function trimWords(value){if(!value){return[""];}var words=value.split(options.multipleSeparator);var result=[];$.each(words,function(i,value){if($.trim(value))result[i]=$.trim(value);});return result;}function lastWord(value){if(!options.multiple)return value;var words=trimWords(value);return words[words.length-1];}function autoFill(q,sValue){if(options.autoFill&&(lastWord($input.val()).toLowerCase()==q.toLowerCase())&&lastKeyPressCode!=KEY.BACKSPACE){$input.val($input.val()+sValue.substring(lastWord(previousValue).length));$.Autocompleter.Selection(input,previousValue.length,previousValue.length+sValue.length);}};function hideResults(){clearTimeout(timeout);timeout=setTimeout(hideResultsNow,200);};function hideResultsNow(){var wasVisible=select.visible();select.hide();clearTimeout(timeout);stopLoading();if(options.mustMatch){$input.search(function(result){if(!result){if(options.multiple){var words=trimWords($input.val()).slice(0,-1);$input.val(words.join(options.multipleSeparator)+(words.length?options.multipleSeparator:""));}else +$input.val("");}});}if(wasVisible)$.Autocompleter.Selection(input,input.value.length,input.value.length);};function receiveData(q,data){if(data&&data.length&&hasFocus){stopLoading();select.display(data,q);autoFill(q,data[0].value);select.show();}else{hideResultsNow();}};function request(term,success,failure){if(!options.matchCase)term=term.toLowerCase();var data=cache.load(term);if(data&&data.length){success(term,data);}else if((typeof options.url=="string")&&(options.url.length>0)){var extraParams={timestamp:+new Date()};$.each(options.extraParams,function(key,param){extraParams[key]=typeof param=="function"?param():param;});$.ajax({mode:"abort",port:"autocomplete"+input.name,dataType:options.dataType,url:options.url,data:$.extend({q:lastWord(term),limit:options.max},extraParams),success:function(data){var parsed=options.parse&&options.parse(data)||parse(data);cache.add(term,parsed);success(term,parsed);}});}else{select.emptyList();failure(term);}};function parse(data){var parsed=[];var rows=data.split("\n");for(var i=0;i<rows.length;i++){var row=$.trim(rows[i]);if(row){row=row.split("|");parsed[parsed.length]={data:row,value:row[0],result:options.formatResult&&options.formatResult(row,row[0])||row[0]};}}return parsed;};function stopLoading(){$input.removeClass(options.loadingClass);};};$.Autocompleter.defaults={inputClass:"ac_input",resultsClass:"ac_results",loadingClass:"ac_loading",minChars:1,delay:400,matchCase:false,matchSubset:true,matchContains:false,cacheLength:10,max:100,mustMatch:false,extraParams:{},selectFirst:true,formatItem:function(row){return row[0];},formatMatch:null,autoFill:false,width:0,multiple:false,multipleSeparator:", ",highlight:function(value,term){return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)("+term.replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi,"\\$1")+")(?![^<>]*>)(?![^&;]+;)","gi"),"<strong>$1</strong>");},scroll:true,scrollHeight:180};$.Autocompleter.Cache=function(options){var data={};var length=0;function matchSubset(s,sub){if(!options.matchCase)s=s.toLowerCase();var i=s.indexOf(sub);if(i==-1)return false;return i==0||options.matchContains;};function add(q,value){if(length>options.cacheLength){flush();}if(!data[q]){length++;}data[q]=value;}function populate(){if(!options.data)return false;var stMatchSets={},nullData=0;if(!options.url)options.cacheLength=1;stMatchSets[""]=[];for(var i=0,ol=options.data.length;i<ol;i++){var rawValue=options.data[i];rawValue=(typeof rawValue=="string")?[rawValue]:rawValue;var value=options.formatMatch(rawValue,i+1,options.data.length);if(value===false)continue;var firstChar=value.charAt(0).toLowerCase();if(!stMatchSets[firstChar])stMatchSets[firstChar]=[];var row={value:value,data:rawValue,result:options.formatResult&&options.formatResult(rawValue)||value};stMatchSets[firstChar].push(row);if(nullData++<options.max){stMatchSets[""].push(row);}};$.each(stMatchSets,function(i,value){options.cacheLength++;add(i,value);});}setTimeout(populate,25);function flush(){data={};length=0;}return{flush:flush,add:add,populate:populate,load:function(q){if(!options.cacheLength||!length)return null;if(!options.url&&options.matchContains){var csub=[];for(var k in data){if(k.length>0){var c=data[k];$.each(c,function(i,x){if(matchSubset(x.value,q)){csub.push(x);}});}}return csub;}else +if(data[q]){return data[q];}else +if(options.matchSubset){for(var i=q.length-1;i>=options.minChars;i--){var c=data[q.substr(0,i)];if(c){var csub=[];$.each(c,function(i,x){if(matchSubset(x.value,q)){csub[csub.length]=x;}});return csub;}}}return null;}};};$.Autocompleter.Select=function(options,input,select,config){var CLASSES={ACTIVE:"ac_over"};var listItems,active=-1,data,term="",needsInit=true,element,list;function init(){if(!needsInit)return;element=$("<div/>").hide().addClass(options.resultsClass).css("position","absolute").appendTo(document.body);list=$("<ul/>").appendTo(element).mouseover(function(event){if(target(event).nodeName&&target(event).nodeName.toUpperCase()=='LI'){active=$("li",list).removeClass(CLASSES.ACTIVE).index(target(event));$(target(event)).addClass(CLASSES.ACTIVE);}}).click(function(event){$(target(event)).addClass(CLASSES.ACTIVE);select();input.focus();return false;}).mousedown(function(){config.mouseDownOnSelect=true;}).mouseup(function(){config.mouseDownOnSelect=false;});if(options.width>0)element.css("width",options.width);needsInit=false;}function target(event){var element=event.target;while(element&&element.tagName!="LI")element=element.parentNode;if(!element)return[];return element;}function moveSelect(step){listItems.slice(active,active+1).removeClass(CLASSES.ACTIVE);movePosition(step);var activeItem=listItems.slice(active,active+1).addClass(CLASSES.ACTIVE);if(options.scroll){var offset=0;listItems.slice(0,active).each(function(){offset+=this.offsetHeight;});if((offset+activeItem[0].offsetHeight-list.scrollTop())>list[0].clientHeight){list.scrollTop(offset+activeItem[0].offsetHeight-list.innerHeight());}else if(offset<list.scrollTop()){list.scrollTop(offset);}}};function movePosition(step){active+=step;if(active<0){active=listItems.size()-1;}else if(active>=listItems.size()){active=0;}}function limitNumberOfItems(available){return options.max&&options.max<available?options.max:available;}function fillList(){list.empty();var max=limitNumberOfItems(data.length);for(var i=0;i<max;i++){if(!data[i])continue;var formatted=options.formatItem(data[i].data,i+1,max,data[i].value,term);if(formatted===false)continue;var li=$("<li/>").html(options.highlight(formatted,term)).addClass(i%2==0?"ac_even":"ac_odd").appendTo(list)[0];$.data(li,"ac_data",data[i]);}listItems=list.find("li");if(options.selectFirst){listItems.slice(0,1).addClass(CLASSES.ACTIVE);active=0;}if($.fn.bgiframe)list.bgiframe();}return{display:function(d,q){init();data=d;term=q;fillList();},next:function(){moveSelect(1);},prev:function(){moveSelect(-1);},pageUp:function(){if(active!=0&&active-8<0){moveSelect(-active);}else{moveSelect(-8);}},pageDown:function(){if(active!=listItems.size()-1&&active+8>listItems.size()){moveSelect(listItems.size()-1-active);}else{moveSelect(8);}},hide:function(){element&&element.hide();listItems&&listItems.removeClass(CLASSES.ACTIVE);active=-1;},visible:function(){return element&&element.is(":visible");},current:function(){return this.visible()&&(listItems.filter("."+CLASSES.ACTIVE)[0]||options.selectFirst&&listItems[0]);},show:function(){var offset=$(input).offset();element.css({width:typeof options.width=="string"||options.width>0?options.width:$(input).width(),top:offset.top+input.offsetHeight,left:offset.left}).show();if(options.scroll){list.scrollTop(0);list.css({maxHeight:options.scrollHeight,overflow:'auto'});if($.browser.msie&&typeof document.body.style.maxHeight==="undefined"){var listHeight=0;listItems.each(function(){listHeight+=this.offsetHeight;});var scrollbarsVisible=listHeight>options.scrollHeight;list.css('height',scrollbarsVisible?options.scrollHeight:listHeight);if(!scrollbarsVisible){listItems.width(list.width()-parseInt(listItems.css("padding-left"))-parseInt(listItems.css("padding-right")));}}}},selected:function(){var selected=listItems&&listItems.filter("."+CLASSES.ACTIVE).removeClass(CLASSES.ACTIVE);return selected&&selected.length&&$.data(selected[0],"ac_data");},emptyList:function(){list&&list.empty();},unbind:function(){element&&element.remove();}};};$.Autocompleter.Selection=function(field,start,end){if(field.createTextRange){var selRange=field.createTextRange();selRange.collapse(true);selRange.moveStart("character",start);selRange.moveEnd("character",end);selRange.select();}else if(field.setSelectionRange){field.setSelectionRange(start,end);}else{if(field.selectionStart){field.selectionStart=start;field.selectionEnd=end;}}field.focus();};})(jQuery);
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.pack.js b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.pack.js new file mode 100644 index 000000000..271014a2b --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.pack.js @@ -0,0 +1,13 @@ +/* + * Autocomplete - jQuery plugin 1.0.2 + * + * Copyright (c) 2007 Dylan Verheul, Dan G. Switzer, Anjesh Tuladhar, Jörn Zaefferer + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + * Revision: $Id: jquery.autocomplete.js 5747 2008-06-25 18:30:55Z joern.zaefferer $ + * + */ +eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(3($){$.31.1o({12:3(b,d){5 c=Y b=="1w";d=$.1o({},$.D.1L,{11:c?b:14,w:c?14:b,1D:c?$.D.1L.1D:10,Z:d&&!d.1x?10:3U},d);d.1t=d.1t||3(a){6 a};d.1q=d.1q||d.1K;6 I.K(3(){1E $.D(I,d)})},M:3(a){6 I.X("M",a)},1y:3(a){6 I.15("1y",[a])},20:3(){6 I.15("20")},1Y:3(a){6 I.15("1Y",[a])},1X:3(){6 I.15("1X")}});$.D=3(o,r){5 t={2N:38,2I:40,2D:46,2x:9,2v:13,2q:27,2d:3x,2j:33,2o:34,2e:8};5 u=$(o).3f("12","3c").P(r.24);5 p;5 m="";5 n=$.D.2W(r);5 s=0;5 k;5 h={1z:B};5 l=$.D.2Q(r,o,1U,h);5 j;$.1T.2L&&$(o.2K).X("3S.12",3(){4(j){j=B;6 B}});u.X(($.1T.2L?"3Q":"3N")+".12",3(a){k=a.2F;3L(a.2F){Q t.2N:a.1d();4(l.L()){l.2y()}A{W(0,C)}N;Q t.2I:a.1d();4(l.L()){l.2u()}A{W(0,C)}N;Q t.2j:a.1d();4(l.L()){l.2t()}A{W(0,C)}N;Q t.2o:a.1d();4(l.L()){l.2s()}A{W(0,C)}N;Q r.19&&$.1p(r.R)==","&&t.2d:Q t.2x:Q t.2v:4(1U()){a.1d();j=C;6 B}N;Q t.2q:l.U();N;3A:1I(p);p=1H(W,r.1D);N}}).1G(3(){s++}).3v(3(){s=0;4(!h.1z){2k()}}).2i(3(){4(s++>1&&!l.L()){W(0,C)}}).X("1y",3(){5 c=(1n.7>1)?1n[1]:14;3 23(q,a){5 b;4(a&&a.7){16(5 i=0;i<a.7;i++){4(a[i].M.O()==q.O()){b=a[i];N}}}4(Y c=="3")c(b);A u.15("M",b&&[b.w,b.H])}$.K(1g(u.J()),3(i,a){1R(a,23,23)})}).X("20",3(){n.18()}).X("1Y",3(){$.1o(r,1n[1]);4("w"2G 1n[1])n.1f()}).X("1X",3(){l.1u();u.1u();$(o.2K).1u(".12")});3 1U(){5 b=l.26();4(!b)6 B;5 v=b.M;m=v;4(r.19){5 a=1g(u.J());4(a.7>1){v=a.17(0,a.7-1).2Z(r.R)+r.R+v}v+=r.R}u.J(v);1l();u.15("M",[b.w,b.H]);6 C}3 W(b,c){4(k==t.2D){l.U();6}5 a=u.J();4(!c&&a==m)6;m=a;a=1k(a);4(a.7>=r.22){u.P(r.21);4(!r.1C)a=a.O();1R(a,2V,1l)}A{1B();l.U()}};3 1g(b){4(!b){6[""]}5 d=b.1Z(r.R);5 c=[];$.K(d,3(i,a){4($.1p(a))c[i]=$.1p(a)});6 c}3 1k(a){4(!r.19)6 a;5 b=1g(a);6 b[b.7-1]}3 1A(q,a){4(r.1A&&(1k(u.J()).O()==q.O())&&k!=t.2e){u.J(u.J()+a.48(1k(m).7));$.D.1N(o,m.7,m.7+a.7)}};3 2k(){1I(p);p=1H(1l,47)};3 1l(){5 c=l.L();l.U();1I(p);1B();4(r.2U){u.1y(3(a){4(!a){4(r.19){5 b=1g(u.J()).17(0,-1);u.J(b.2Z(r.R)+(b.7?r.R:""))}A u.J("")}})}4(c)$.D.1N(o,o.H.7,o.H.7)};3 2V(q,a){4(a&&a.7&&s){1B();l.2T(a,q);1A(q,a[0].H);l.1W()}A{1l()}};3 1R(f,d,g){4(!r.1C)f=f.O();5 e=n.2S(f);4(e&&e.7){d(f,e)}A 4((Y r.11=="1w")&&(r.11.7>0)){5 c={45:+1E 44()};$.K(r.2R,3(a,b){c[a]=Y b=="3"?b():b});$.43({42:"41",3Z:"12"+o.3Y,2M:r.2M,11:r.11,w:$.1o({q:1k(f),3X:r.Z},c),3W:3(a){5 b=r.1r&&r.1r(a)||1r(a);n.1h(f,b);d(f,b)}})}A{l.2J();g(f)}};3 1r(c){5 d=[];5 b=c.1Z("\\n");16(5 i=0;i<b.7;i++){5 a=$.1p(b[i]);4(a){a=a.1Z("|");d[d.7]={w:a,H:a[0],M:r.1v&&r.1v(a,a[0])||a[0]}}}6 d};3 1B(){u.1e(r.21)}};$.D.1L={24:"3R",2H:"3P",21:"3O",22:1,1D:3M,1C:B,1a:C,1V:B,1j:10,Z:3K,2U:B,2R:{},1S:C,1K:3(a){6 a[0]},1q:14,1A:B,E:0,19:B,R:", ",1t:3(b,a){6 b.2C(1E 3J("(?![^&;]+;)(?!<[^<>]*)("+a.2C(/([\\^\\$\\(\\)\\[\\]\\{\\}\\*\\.\\+\\?\\|\\\\])/2A,"\\\\$1")+")(?![^<>]*>)(?![^&;]+;)","2A"),"<2z>$1</2z>")},1x:C,1s:3I};$.D.2W=3(g){5 h={};5 j=0;3 1a(s,a){4(!g.1C)s=s.O();5 i=s.3H(a);4(i==-1)6 B;6 i==0||g.1V};3 1h(q,a){4(j>g.1j){18()}4(!h[q]){j++}h[q]=a}3 1f(){4(!g.w)6 B;5 f={},2w=0;4(!g.11)g.1j=1;f[""]=[];16(5 i=0,30=g.w.7;i<30;i++){5 c=g.w[i];c=(Y c=="1w")?[c]:c;5 d=g.1q(c,i+1,g.w.7);4(d===B)1P;5 e=d.3G(0).O();4(!f[e])f[e]=[];5 b={H:d,w:c,M:g.1v&&g.1v(c)||d};f[e].1O(b);4(2w++<g.Z){f[""].1O(b)}};$.K(f,3(i,a){g.1j++;1h(i,a)})}1H(1f,25);3 18(){h={};j=0}6{18:18,1h:1h,1f:1f,2S:3(q){4(!g.1j||!j)6 14;4(!g.11&&g.1V){5 a=[];16(5 k 2G h){4(k.7>0){5 c=h[k];$.K(c,3(i,x){4(1a(x.H,q)){a.1O(x)}})}}6 a}A 4(h[q]){6 h[q]}A 4(g.1a){16(5 i=q.7-1;i>=g.22;i--){5 c=h[q.3F(0,i)];4(c){5 a=[];$.K(c,3(i,x){4(1a(x.H,q)){a[a.7]=x}});6 a}}}6 14}}};$.D.2Q=3(e,g,f,k){5 h={G:"3E"};5 j,y=-1,w,1m="",1M=C,F,z;3 2r(){4(!1M)6;F=$("<3D/>").U().P(e.2H).T("3C","3B").1J(2p.2n);z=$("<3z/>").1J(F).3y(3(a){4(V(a).2m&&V(a).2m.3w()==\'2l\'){y=$("1F",z).1e(h.G).3u(V(a));$(V(a)).P(h.G)}}).2i(3(a){$(V(a)).P(h.G);f();g.1G();6 B}).3t(3(){k.1z=C}).3s(3(){k.1z=B});4(e.E>0)F.T("E",e.E);1M=B}3 V(a){5 b=a.V;3r(b&&b.3q!="2l")b=b.3p;4(!b)6[];6 b}3 S(b){j.17(y,y+1).1e(h.G);2h(b);5 a=j.17(y,y+1).P(h.G);4(e.1x){5 c=0;j.17(0,y).K(3(){c+=I.1i});4((c+a[0].1i-z.1c())>z[0].3o){z.1c(c+a[0].1i-z.3n())}A 4(c<z.1c()){z.1c(c)}}};3 2h(a){y+=a;4(y<0){y=j.1b()-1}A 4(y>=j.1b()){y=0}}3 2g(a){6 e.Z&&e.Z<a?e.Z:a}3 2f(){z.2B();5 b=2g(w.7);16(5 i=0;i<b;i++){4(!w[i])1P;5 a=e.1K(w[i].w,i+1,b,w[i].H,1m);4(a===B)1P;5 c=$("<1F/>").3m(e.1t(a,1m)).P(i%2==0?"3l":"3k").1J(z)[0];$.w(c,"2c",w[i])}j=z.3j("1F");4(e.1S){j.17(0,1).P(h.G);y=0}4($.31.2b)z.2b()}6{2T:3(d,q){2r();w=d;1m=q;2f()},2u:3(){S(1)},2y:3(){S(-1)},2t:3(){4(y!=0&&y-8<0){S(-y)}A{S(-8)}},2s:3(){4(y!=j.1b()-1&&y+8>j.1b()){S(j.1b()-1-y)}A{S(8)}},U:3(){F&&F.U();j&&j.1e(h.G);y=-1},L:3(){6 F&&F.3i(":L")},3h:3(){6 I.L()&&(j.2a("."+h.G)[0]||e.1S&&j[0])},1W:3(){5 a=$(g).3g();F.T({E:Y e.E=="1w"||e.E>0?e.E:$(g).E(),2E:a.2E+g.1i,1Q:a.1Q}).1W();4(e.1x){z.1c(0);z.T({29:e.1s,3e:\'3d\'});4($.1T.3b&&Y 2p.2n.3T.29==="3a"){5 c=0;j.K(3(){c+=I.1i});5 b=c>e.1s;z.T(\'3V\',b?e.1s:c);4(!b){j.E(z.E()-28(j.T("32-1Q"))-28(j.T("32-39")))}}}},26:3(){5 a=j&&j.2a("."+h.G).1e(h.G);6 a&&a.7&&$.w(a[0],"2c")},2J:3(){z&&z.2B()},1u:3(){F&&F.37()}}};$.D.1N=3(b,a,c){4(b.2O){5 d=b.2O();d.36(C);d.35("2P",a);d.4c("2P",c);d.4b()}A 4(b.2Y){b.2Y(a,c)}A{4(b.2X){b.2X=a;b.4a=c}}b.1G()}})(49);',62,261,'|||function|if|var|return|length|||||||||||||||||||||||||data||active|list|else|false|true|Autocompleter|width|element|ACTIVE|value|this|val|each|visible|result|break|toLowerCase|addClass|case|multipleSeparator|moveSelect|css|hide|target|onChange|bind|typeof|max||url|autocomplete||null|trigger|for|slice|flush|multiple|matchSubset|size|scrollTop|preventDefault|removeClass|populate|trimWords|add|offsetHeight|cacheLength|lastWord|hideResultsNow|term|arguments|extend|trim|formatMatch|parse|scrollHeight|highlight|unbind|formatResult|string|scroll|search|mouseDownOnSelect|autoFill|stopLoading|matchCase|delay|new|li|focus|setTimeout|clearTimeout|appendTo|formatItem|defaults|needsInit|Selection|push|continue|left|request|selectFirst|browser|selectCurrent|matchContains|show|unautocomplete|setOptions|split|flushCache|loadingClass|minChars|findValueCallback|inputClass||selected||parseInt|maxHeight|filter|bgiframe|ac_data|COMMA|BACKSPACE|fillList|limitNumberOfItems|movePosition|click|PAGEUP|hideResults|LI|nodeName|body|PAGEDOWN|document|ESC|init|pageDown|pageUp|next|RETURN|nullData|TAB|prev|strong|gi|empty|replace|DEL|top|keyCode|in|resultsClass|DOWN|emptyList|form|opera|dataType|UP|createTextRange|character|Select|extraParams|load|display|mustMatch|receiveData|Cache|selectionStart|setSelectionRange|join|ol|fn|padding|||moveStart|collapse|remove||right|undefined|msie|off|auto|overflow|attr|offset|current|is|find|ac_odd|ac_even|html|innerHeight|clientHeight|parentNode|tagName|while|mouseup|mousedown|index|blur|toUpperCase|188|mouseover|ul|default|absolute|position|div|ac_over|substr|charAt|indexOf|180|RegExp|100|switch|400|keydown|ac_loading|ac_results|keypress|ac_input|submit|style|150|height|success|limit|name|port||abort|mode|ajax|Date|timestamp||200|substring|jQuery|selectionEnd|select|moveEnd'.split('|'),0,{}))
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/lib/jquery.ajaxQueue.js b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.ajaxQueue.js new file mode 100644 index 000000000..bdd2e4f82 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.ajaxQueue.js @@ -0,0 +1,116 @@ +/**
+ * Ajax Queue Plugin
+ *
+ * Homepage: http://jquery.com/plugins/project/ajaxqueue
+ * Documentation: http://docs.jquery.com/AjaxQueue
+ */
+
+/**
+
+<script>
+$(function(){
+ jQuery.ajaxQueue({
+ url: "test.php",
+ success: function(html){ jQuery("ul").append(html); }
+ });
+ jQuery.ajaxQueue({
+ url: "test.php",
+ success: function(html){ jQuery("ul").append(html); }
+ });
+ jQuery.ajaxSync({
+ url: "test.php",
+ success: function(html){ jQuery("ul").append("<b>"+html+"</b>"); }
+ });
+ jQuery.ajaxSync({
+ url: "test.php",
+ success: function(html){ jQuery("ul").append("<b>"+html+"</b>"); }
+ });
+});
+</script>
+<ul style="position: absolute; top: 5px; right: 5px;"></ul>
+
+ */
+/*
+ * Queued Ajax requests.
+ * A new Ajax request won't be started until the previous queued
+ * request has finished.
+ */
+
+/*
+ * Synced Ajax requests.
+ * The Ajax request will happen as soon as you call this method, but
+ * the callbacks (success/error/complete) won't fire until all previous
+ * synced requests have been completed.
+ */
+
+
+(function($) {
+
+ var ajax = $.ajax;
+
+ var pendingRequests = {};
+
+ var synced = [];
+ var syncedData = [];
+
+ $.ajax = function(settings) {
+ // create settings for compatibility with ajaxSetup
+ settings = jQuery.extend(settings, jQuery.extend({}, jQuery.ajaxSettings, settings));
+
+ var port = settings.port;
+
+ switch(settings.mode) {
+ case "abort":
+ if ( pendingRequests[port] ) {
+ pendingRequests[port].abort();
+ }
+ return pendingRequests[port] = ajax.apply(this, arguments);
+ case "queue":
+ var _old = settings.complete;
+ settings.complete = function(){
+ if ( _old )
+ _old.apply( this, arguments );
+ jQuery([ajax]).dequeue("ajax" + port );;
+ };
+
+ jQuery([ ajax ]).queue("ajax" + port, function(){
+ ajax( settings );
+ });
+ return;
+ case "sync":
+ var pos = synced.length;
+
+ synced[ pos ] = {
+ error: settings.error,
+ success: settings.success,
+ complete: settings.complete,
+ done: false
+ };
+
+ syncedData[ pos ] = {
+ error: [],
+ success: [],
+ complete: []
+ };
+
+ settings.error = function(){ syncedData[ pos ].error = arguments; };
+ settings.success = function(){ syncedData[ pos ].success = arguments; };
+ settings.complete = function(){
+ syncedData[ pos ].complete = arguments;
+ synced[ pos ].done = true;
+
+ if ( pos == 0 || !synced[ pos-1 ] )
+ for ( var i = pos; i < synced.length && synced[i].done; i++ ) {
+ if ( synced[i].error ) synced[i].error.apply( jQuery, syncedData[i].error );
+ if ( synced[i].success ) synced[i].success.apply( jQuery, syncedData[i].success );
+ if ( synced[i].complete ) synced[i].complete.apply( jQuery, syncedData[i].complete );
+
+ synced[i] = null;
+ syncedData[i] = null;
+ }
+ };
+ }
+ return ajax.apply(this, arguments);
+ };
+
+})(jQuery);
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/lib/jquery.bgiframe.min.js b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.bgiframe.min.js new file mode 100644 index 000000000..7faef4b33 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.bgiframe.min.js @@ -0,0 +1,10 @@ +/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net) + * Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) + * and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses. + * + * $LastChangedDate: 2007-07-22 01:45:56 +0200 (Son, 22 Jul 2007) $ + * $Rev: 2447 $ + * + * Version 2.1.1 + */ +(function($){$.fn.bgIframe=$.fn.bgiframe=function(s){if($.browser.msie&&/6.0/.test(navigator.userAgent)){s=$.extend({top:'auto',left:'auto',width:'auto',height:'auto',opacity:true,src:'javascript:false;'},s||{});var prop=function(n){return n&&n.constructor==Number?n+'px':n;},html='<iframe class="bgiframe"frameborder="0"tabindex="-1"src="'+s.src+'"'+'style="display:block;position:absolute;z-index:-1;'+(s.opacity!==false?'filter:Alpha(Opacity=\'0\');':'')+'top:'+(s.top=='auto'?'expression(((parseInt(this.parentNode.currentStyle.borderTopWidth)||0)*-1)+\'px\')':prop(s.top))+';'+'left:'+(s.left=='auto'?'expression(((parseInt(this.parentNode.currentStyle.borderLeftWidth)||0)*-1)+\'px\')':prop(s.left))+';'+'width:'+(s.width=='auto'?'expression(this.parentNode.offsetWidth+\'px\')':prop(s.width))+';'+'height:'+(s.height=='auto'?'expression(this.parentNode.offsetHeight+\'px\')':prop(s.height))+';'+'"/>';return this.each(function(){if($('> iframe.bgiframe',this).length==0)this.insertBefore(document.createElement(html),this.firstChild);});}return this;};})(jQuery);
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/lib/jquery.js b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.js new file mode 100644 index 000000000..400531a2d --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/lib/jquery.js @@ -0,0 +1,3558 @@ +(function(){ +/* + * jQuery 1.2.6 - New Wave Javascript + * + * Copyright (c) 2008 John Resig (jquery.com) + * Dual licensed under the MIT (MIT-LICENSE.txt) + * and GPL (GPL-LICENSE.txt) licenses. + * + * $Date: 2008-05-27 21:17:26 +0200 (Di, 27 Mai 2008) $ + * $Rev: 5700 $ + */ + +// Map over jQuery in case of overwrite +var _jQuery = window.jQuery, +// Map over the $ in case of overwrite + _$ = window.$; + +var jQuery = window.jQuery = window.$ = function( selector, context ) { + // The jQuery object is actually just the init constructor 'enhanced' + return new jQuery.fn.init( selector, context ); +}; + +// A simple way to check for HTML strings or ID strings +// (both of which we optimize for) +var quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/, + +// Is it a simple selector + isSimple = /^.[^:#\[\.]*$/, + +// Will speed up references to undefined, and allows munging its name. + undefined; + +jQuery.fn = jQuery.prototype = { + init: function( selector, context ) { + // Make sure that a selection was provided + selector = selector || document; + + // Handle $(DOMElement) + if ( selector.nodeType ) { + this[0] = selector; + this.length = 1; + return this; + } + // Handle HTML strings + if ( typeof selector == "string" ) { + // Are we dealing with HTML string or an ID? + var match = quickExpr.exec( selector ); + + // Verify a match, and that no context was specified for #id + if ( match && (match[1] || !context) ) { + + // HANDLE: $(html) -> $(array) + if ( match[1] ) + selector = jQuery.clean( [ match[1] ], context ); + + // HANDLE: $("#id") + else { + var elem = document.getElementById( match[3] ); + + // Make sure an element was located + if ( elem ){ + // Handle the case where IE and Opera return items + // by name instead of ID + if ( elem.id != match[3] ) + return jQuery().find( selector ); + + // Otherwise, we inject the element directly into the jQuery object + return jQuery( elem ); + } + selector = []; + } + + // HANDLE: $(expr, [context]) + // (which is just equivalent to: $(content).find(expr) + } else + return jQuery( context ).find( selector ); + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( jQuery.isFunction( selector ) ) + return jQuery( document )[ jQuery.fn.ready ? "ready" : "load" ]( selector ); + + return this.setArray(jQuery.makeArray(selector)); + }, + + // The current version of jQuery being used + jquery: "1.2.6", + + // The number of elements contained in the matched element set + size: function() { + return this.length; + }, + + // The number of elements contained in the matched element set + length: 0, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + return num == undefined ? + + // Return a 'clean' array + jQuery.makeArray( this ) : + + // Return just the object + this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + // Build a new jQuery matched element set + var ret = jQuery( elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Force the current matched set of elements to become + // the specified array of elements (destroying the stack in the process) + // You should use pushStack() in order to do this, but maintain the stack + setArray: function( elems ) { + // Resetting the length to 0, then using the native Array push + // is a super-fast way to populate an object with array-like properties + this.length = 0; + Array.prototype.push.apply( this, elems ); + + return this; + }, + + // Execute a callback for every element in the matched set. + // (You can seed the arguments with an array of args, but this is + // only used internally.) + each: function( callback, args ) { + return jQuery.each( this, callback, args ); + }, + + // Determine the position of an element within + // the matched set of elements + index: function( elem ) { + var ret = -1; + + // Locate the position of the desired element + return jQuery.inArray( + // If it receives a jQuery object, the first element is used + elem && elem.jquery ? elem[0] : elem + , this ); + }, + + attr: function( name, value, type ) { + var options = name; + + // Look for the case where we're accessing a style value + if ( name.constructor == String ) + if ( value === undefined ) + return this[0] && jQuery[ type || "attr" ]( this[0], name ); + + else { + options = {}; + options[ name ] = value; + } + + // Check to see if we're setting style values + return this.each(function(i){ + // Set all the styles + for ( name in options ) + jQuery.attr( + type ? + this.style : + this, + name, jQuery.prop( this, options[ name ], type, i, name ) + ); + }); + }, + + css: function( key, value ) { + // ignore negative width and height values + if ( (key == 'width' || key == 'height') && parseFloat(value) < 0 ) + value = undefined; + return this.attr( key, value, "curCSS" ); + }, + + text: function( text ) { + if ( typeof text != "object" && text != null ) + return this.empty().append( (this[0] && this[0].ownerDocument || document).createTextNode( text ) ); + + var ret = ""; + + jQuery.each( text || this, function(){ + jQuery.each( this.childNodes, function(){ + if ( this.nodeType != 8 ) + ret += this.nodeType != 1 ? + this.nodeValue : + jQuery.fn.text( [ this ] ); + }); + }); + + return ret; + }, + + wrapAll: function( html ) { + if ( this[0] ) + // The elements to wrap the target around + jQuery( html, this[0].ownerDocument ) + .clone() + .insertBefore( this[0] ) + .map(function(){ + var elem = this; + + while ( elem.firstChild ) + elem = elem.firstChild; + + return elem; + }) + .append(this); + + return this; + }, + + wrapInner: function( html ) { + return this.each(function(){ + jQuery( this ).contents().wrapAll( html ); + }); + }, + + wrap: function( html ) { + return this.each(function(){ + jQuery( this ).wrapAll( html ); + }); + }, + + append: function() { + return this.domManip(arguments, true, false, function(elem){ + if (this.nodeType == 1) + this.appendChild( elem ); + }); + }, + + prepend: function() { + return this.domManip(arguments, true, true, function(elem){ + if (this.nodeType == 1) + this.insertBefore( elem, this.firstChild ); + }); + }, + + before: function() { + return this.domManip(arguments, false, false, function(elem){ + this.parentNode.insertBefore( elem, this ); + }); + }, + + after: function() { + return this.domManip(arguments, false, true, function(elem){ + this.parentNode.insertBefore( elem, this.nextSibling ); + }); + }, + + end: function() { + return this.prevObject || jQuery( [] ); + }, + + find: function( selector ) { + var elems = jQuery.map(this, function(elem){ + return jQuery.find( selector, elem ); + }); + + return this.pushStack( /[^+>] [^+>]/.test( selector ) || selector.indexOf("..") > -1 ? + jQuery.unique( elems ) : + elems ); + }, + + clone: function( events ) { + // Do the clone + var ret = this.map(function(){ + if ( jQuery.browser.msie && !jQuery.isXMLDoc(this) ) { + // IE copies events bound via attachEvent when + // using cloneNode. Calling detachEvent on the + // clone will also remove the events from the orignal + // In order to get around this, we use innerHTML. + // Unfortunately, this means some modifications to + // attributes in IE that are actually only stored + // as properties will not be copied (such as the + // the name attribute on an input). + var clone = this.cloneNode(true), + container = document.createElement("div"); + container.appendChild(clone); + return jQuery.clean([container.innerHTML])[0]; + } else + return this.cloneNode(true); + }); + + // Need to set the expando to null on the cloned set if it exists + // removeData doesn't work here, IE removes it from the original as well + // this is primarily for IE but the data expando shouldn't be copied over in any browser + var clone = ret.find("*").andSelf().each(function(){ + if ( this[ expando ] != undefined ) + this[ expando ] = null; + }); + + // Copy the events from the original to the clone + if ( events === true ) + this.find("*").andSelf().each(function(i){ + if (this.nodeType == 3) + return; + var events = jQuery.data( this, "events" ); + + for ( var type in events ) + for ( var handler in events[ type ] ) + jQuery.event.add( clone[ i ], type, events[ type ][ handler ], events[ type ][ handler ].data ); + }); + + // Return the cloned set + return ret; + }, + + filter: function( selector ) { + return this.pushStack( + jQuery.isFunction( selector ) && + jQuery.grep(this, function(elem, i){ + return selector.call( elem, i ); + }) || + + jQuery.multiFilter( selector, this ) ); + }, + + not: function( selector ) { + if ( selector.constructor == String ) + // test special case where just one selector is passed in + if ( isSimple.test( selector ) ) + return this.pushStack( jQuery.multiFilter( selector, this, true ) ); + else + selector = jQuery.multiFilter( selector, this ); + + var isArrayLike = selector.length && selector[selector.length - 1] !== undefined && !selector.nodeType; + return this.filter(function() { + return isArrayLike ? jQuery.inArray( this, selector ) < 0 : this != selector; + }); + }, + + add: function( selector ) { + return this.pushStack( jQuery.unique( jQuery.merge( + this.get(), + typeof selector == 'string' ? + jQuery( selector ) : + jQuery.makeArray( selector ) + ))); + }, + + is: function( selector ) { + return !!selector && jQuery.multiFilter( selector, this ).length > 0; + }, + + hasClass: function( selector ) { + return this.is( "." + selector ); + }, + + val: function( value ) { + if ( value == undefined ) { + + if ( this.length ) { + var elem = this[0]; + + // We need to handle select boxes special + if ( jQuery.nodeName( elem, "select" ) ) { + var index = elem.selectedIndex, + values = [], + options = elem.options, + one = elem.type == "select-one"; + + // Nothing was selected + if ( index < 0 ) + return null; + + // Loop through all the selected options + for ( var i = one ? index : 0, max = one ? index + 1 : options.length; i < max; i++ ) { + var option = options[ i ]; + + if ( option.selected ) { + // Get the specifc value for the option + value = jQuery.browser.msie && !option.attributes.value.specified ? option.text : option.value; + + // We don't need an array for one selects + if ( one ) + return value; + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + + // Everything else, we just grab the value + } else + return (this[0].value || "").replace(/\r/g, ""); + + } + + return undefined; + } + + if( value.constructor == Number ) + value += ''; + + return this.each(function(){ + if ( this.nodeType != 1 ) + return; + + if ( value.constructor == Array && /radio|checkbox/.test( this.type ) ) + this.checked = (jQuery.inArray(this.value, value) >= 0 || + jQuery.inArray(this.name, value) >= 0); + + else if ( jQuery.nodeName( this, "select" ) ) { + var values = jQuery.makeArray(value); + + jQuery( "option", this ).each(function(){ + this.selected = (jQuery.inArray( this.value, values ) >= 0 || + jQuery.inArray( this.text, values ) >= 0); + }); + + if ( !values.length ) + this.selectedIndex = -1; + + } else + this.value = value; + }); + }, + + html: function( value ) { + return value == undefined ? + (this[0] ? + this[0].innerHTML : + null) : + this.empty().append( value ); + }, + + replaceWith: function( value ) { + return this.after( value ).remove(); + }, + + eq: function( i ) { + return this.slice( i, i + 1 ); + }, + + slice: function() { + return this.pushStack( Array.prototype.slice.apply( this, arguments ) ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map(this, function(elem, i){ + return callback.call( elem, i, elem ); + })); + }, + + andSelf: function() { + return this.add( this.prevObject ); + }, + + data: function( key, value ){ + var parts = key.split("."); + parts[1] = parts[1] ? "." + parts[1] : ""; + + if ( value === undefined ) { + var data = this.triggerHandler("getData" + parts[1] + "!", [parts[0]]); + + if ( data === undefined && this.length ) + data = jQuery.data( this[0], key ); + + return data === undefined && parts[1] ? + this.data( parts[0] ) : + data; + } else + return this.trigger("setData" + parts[1] + "!", [parts[0], value]).each(function(){ + jQuery.data( this, key, value ); + }); + }, + + removeData: function( key ){ + return this.each(function(){ + jQuery.removeData( this, key ); + }); + }, + + domManip: function( args, table, reverse, callback ) { + var clone = this.length > 1, elems; + + return this.each(function(){ + if ( !elems ) { + elems = jQuery.clean( args, this.ownerDocument ); + + if ( reverse ) + elems.reverse(); + } + + var obj = this; + + if ( table && jQuery.nodeName( this, "table" ) && jQuery.nodeName( elems[0], "tr" ) ) + obj = this.getElementsByTagName("tbody")[0] || this.appendChild( this.ownerDocument.createElement("tbody") ); + + var scripts = jQuery( [] ); + + jQuery.each(elems, function(){ + var elem = clone ? + jQuery( this ).clone( true )[0] : + this; + + // execute all scripts after the elements have been injected + if ( jQuery.nodeName( elem, "script" ) ) + scripts = scripts.add( elem ); + else { + // Remove any inner scripts for later evaluation + if ( elem.nodeType == 1 ) + scripts = scripts.add( jQuery( "script", elem ).remove() ); + + // Inject the elements into the document + callback.call( obj, elem ); + } + }); + + scripts.each( evalScript ); + }); + } +}; + +// Give the init function the jQuery prototype for later instantiation +jQuery.fn.init.prototype = jQuery.fn; + +function evalScript( i, elem ) { + if ( elem.src ) + jQuery.ajax({ + url: elem.src, + async: false, + dataType: "script" + }); + + else + jQuery.globalEval( elem.text || elem.textContent || elem.innerHTML || "" ); + + if ( elem.parentNode ) + elem.parentNode.removeChild( elem ); +} + +function now(){ + return +new Date; +} + +jQuery.extend = jQuery.fn.extend = function() { + // copy reference to target object + var target = arguments[0] || {}, i = 1, length = arguments.length, deep = false, options; + + // Handle a deep copy situation + if ( target.constructor == Boolean ) { + deep = target; + target = arguments[1] || {}; + // skip the boolean and the target + i = 2; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target != "object" && typeof target != "function" ) + target = {}; + + // extend jQuery itself if only one argument is passed + if ( length == i ) { + target = this; + --i; + } + + for ( ; i < length; i++ ) + // Only deal with non-null/undefined values + if ( (options = arguments[ i ]) != null ) + // Extend the base object + for ( var name in options ) { + var src = target[ name ], copy = options[ name ]; + + // Prevent never-ending loop + if ( target === copy ) + continue; + + // Recurse if we're merging object values + if ( deep && copy && typeof copy == "object" && !copy.nodeType ) + target[ name ] = jQuery.extend( deep, + // Never move original objects, clone them + src || ( copy.length != null ? [ ] : { } ) + , copy ); + + // Don't bring in undefined values + else if ( copy !== undefined ) + target[ name ] = copy; + + } + + // Return the modified object + return target; +}; + +var expando = "jQuery" + now(), uuid = 0, windowData = {}, + // exclude the following css properties to add px + exclude = /z-?index|font-?weight|opacity|zoom|line-?height/i, + // cache defaultView + defaultView = document.defaultView || {}; + +jQuery.extend({ + noConflict: function( deep ) { + window.$ = _$; + + if ( deep ) + window.jQuery = _jQuery; + + return jQuery; + }, + + // See test/unit/core.js for details concerning this function. + isFunction: function( fn ) { + return !!fn && typeof fn != "string" && !fn.nodeName && + fn.constructor != Array && /^[\s[]?function/.test( fn + "" ); + }, + + // check if an element is in a (or is an) XML document + isXMLDoc: function( elem ) { + return elem.documentElement && !elem.body || + elem.tagName && elem.ownerDocument && !elem.ownerDocument.body; + }, + + // Evalulates a script in a global context + globalEval: function( data ) { + data = jQuery.trim( data ); + + if ( data ) { + // Inspired by code by Andrea Giammarchi + // http://webreflection.blogspot.com/2007/08/global-scope-evaluation-and-dom.html + var head = document.getElementsByTagName("head")[0] || document.documentElement, + script = document.createElement("script"); + + script.type = "text/javascript"; + if ( jQuery.browser.msie ) + script.text = data; + else + script.appendChild( document.createTextNode( data ) ); + + // Use insertBefore instead of appendChild to circumvent an IE6 bug. + // This arises when a base node is used (#2709). + head.insertBefore( script, head.firstChild ); + head.removeChild( script ); + } + }, + + nodeName: function( elem, name ) { + return elem.nodeName && elem.nodeName.toUpperCase() == name.toUpperCase(); + }, + + cache: {}, + + data: function( elem, name, data ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // Compute a unique ID for the element + if ( !id ) + id = elem[ expando ] = ++uuid; + + // Only generate the data cache if we're + // trying to access or manipulate it + if ( name && !jQuery.cache[ id ] ) + jQuery.cache[ id ] = {}; + + // Prevent overriding the named cache with undefined values + if ( data !== undefined ) + jQuery.cache[ id ][ name ] = data; + + // Return the named cache data, or the ID for the element + return name ? + jQuery.cache[ id ][ name ] : + id; + }, + + removeData: function( elem, name ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // If we want to remove a specific section of the element's data + if ( name ) { + if ( jQuery.cache[ id ] ) { + // Remove the section of cache data + delete jQuery.cache[ id ][ name ]; + + // If we've removed all the data, remove the element's cache + name = ""; + + for ( name in jQuery.cache[ id ] ) + break; + + if ( !name ) + jQuery.removeData( elem ); + } + + // Otherwise, we want to remove all of the element's data + } else { + // Clean up the element expando + try { + delete elem[ expando ]; + } catch(e){ + // IE has trouble directly removing the expando + // but it's ok with using removeAttribute + if ( elem.removeAttribute ) + elem.removeAttribute( expando ); + } + + // Completely remove the data cache + delete jQuery.cache[ id ]; + } + }, + + // args is for internal usage only + each: function( object, callback, args ) { + var name, i = 0, length = object.length; + + if ( args ) { + if ( length == undefined ) { + for ( name in object ) + if ( callback.apply( object[ name ], args ) === false ) + break; + } else + for ( ; i < length; ) + if ( callback.apply( object[ i++ ], args ) === false ) + break; + + // A special, fast, case for the most common use of each + } else { + if ( length == undefined ) { + for ( name in object ) + if ( callback.call( object[ name ], name, object[ name ] ) === false ) + break; + } else + for ( var value = object[0]; + i < length && callback.call( value, i, value ) !== false; value = object[++i] ){} + } + + return object; + }, + + prop: function( elem, value, type, i, name ) { + // Handle executable functions + if ( jQuery.isFunction( value ) ) + value = value.call( elem, i ); + + // Handle passing in a number to a CSS property + return value && value.constructor == Number && type == "curCSS" && !exclude.test( name ) ? + value + "px" : + value; + }, + + className: { + // internal only, use addClass("class") + add: function( elem, classNames ) { + jQuery.each((classNames || "").split(/\s+/), function(i, className){ + if ( elem.nodeType == 1 && !jQuery.className.has( elem.className, className ) ) + elem.className += (elem.className ? " " : "") + className; + }); + }, + + // internal only, use removeClass("class") + remove: function( elem, classNames ) { + if (elem.nodeType == 1) + elem.className = classNames != undefined ? + jQuery.grep(elem.className.split(/\s+/), function(className){ + return !jQuery.className.has( classNames, className ); + }).join(" ") : + ""; + }, + + // internal only, use hasClass("class") + has: function( elem, className ) { + return jQuery.inArray( className, (elem.className || elem).toString().split(/\s+/) ) > -1; + } + }, + + // A method for quickly swapping in/out CSS properties to get correct calculations + swap: function( elem, options, callback ) { + var old = {}; + // Remember the old values, and insert the new ones + for ( var name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + callback.call( elem ); + + // Revert the old values + for ( var name in options ) + elem.style[ name ] = old[ name ]; + }, + + css: function( elem, name, force ) { + if ( name == "width" || name == "height" ) { + var val, props = { position: "absolute", visibility: "hidden", display:"block" }, which = name == "width" ? [ "Left", "Right" ] : [ "Top", "Bottom" ]; + + function getWH() { + val = name == "width" ? elem.offsetWidth : elem.offsetHeight; + var padding = 0, border = 0; + jQuery.each( which, function() { + padding += parseFloat(jQuery.curCSS( elem, "padding" + this, true)) || 0; + border += parseFloat(jQuery.curCSS( elem, "border" + this + "Width", true)) || 0; + }); + val -= Math.round(padding + border); + } + + if ( jQuery(elem).is(":visible") ) + getWH(); + else + jQuery.swap( elem, props, getWH ); + + return Math.max(0, val); + } + + return jQuery.curCSS( elem, name, force ); + }, + + curCSS: function( elem, name, force ) { + var ret, style = elem.style; + + // A helper method for determining if an element's values are broken + function color( elem ) { + if ( !jQuery.browser.safari ) + return false; + + // defaultView is cached + var ret = defaultView.getComputedStyle( elem, null ); + return !ret || ret.getPropertyValue("color") == ""; + } + + // We need to handle opacity special in IE + if ( name == "opacity" && jQuery.browser.msie ) { + ret = jQuery.attr( style, "opacity" ); + + return ret == "" ? + "1" : + ret; + } + // Opera sometimes will give the wrong display answer, this fixes it, see #2037 + if ( jQuery.browser.opera && name == "display" ) { + var save = style.outline; + style.outline = "0 solid black"; + style.outline = save; + } + + // Make sure we're using the right name for getting the float value + if ( name.match( /float/i ) ) + name = styleFloat; + + if ( !force && style && style[ name ] ) + ret = style[ name ]; + + else if ( defaultView.getComputedStyle ) { + + // Only "float" is needed here + if ( name.match( /float/i ) ) + name = "float"; + + name = name.replace( /([A-Z])/g, "-$1" ).toLowerCase(); + + var computedStyle = defaultView.getComputedStyle( elem, null ); + + if ( computedStyle && !color( elem ) ) + ret = computedStyle.getPropertyValue( name ); + + // If the element isn't reporting its values properly in Safari + // then some display: none elements are involved + else { + var swap = [], stack = [], a = elem, i = 0; + + // Locate all of the parent display: none elements + for ( ; a && color(a); a = a.parentNode ) + stack.unshift(a); + + // Go through and make them visible, but in reverse + // (It would be better if we knew the exact display type that they had) + for ( ; i < stack.length; i++ ) + if ( color( stack[ i ] ) ) { + swap[ i ] = stack[ i ].style.display; + stack[ i ].style.display = "block"; + } + + // Since we flip the display style, we have to handle that + // one special, otherwise get the value + ret = name == "display" && swap[ stack.length - 1 ] != null ? + "none" : + ( computedStyle && computedStyle.getPropertyValue( name ) ) || ""; + + // Finally, revert the display styles back + for ( i = 0; i < swap.length; i++ ) + if ( swap[ i ] != null ) + stack[ i ].style.display = swap[ i ]; + } + + // We should always get a number back from opacity + if ( name == "opacity" && ret == "" ) + ret = "1"; + + } else if ( elem.currentStyle ) { + var camelCase = name.replace(/\-(\w)/g, function(all, letter){ + return letter.toUpperCase(); + }); + + ret = elem.currentStyle[ name ] || elem.currentStyle[ camelCase ]; + + // From the awesome hack by Dean Edwards + // http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 + + // If we're not dealing with a regular pixel number + // but a number that has a weird ending, we need to convert it to pixels + if ( !/^\d+(px)?$/i.test( ret ) && /^\d/.test( ret ) ) { + // Remember the original values + var left = style.left, rsLeft = elem.runtimeStyle.left; + + // Put in the new values to get a computed value out + elem.runtimeStyle.left = elem.currentStyle.left; + style.left = ret || 0; + ret = style.pixelLeft + "px"; + + // Revert the changed values + style.left = left; + elem.runtimeStyle.left = rsLeft; + } + } + + return ret; + }, + + clean: function( elems, context ) { + var ret = []; + context = context || document; + // !context.createElement fails in IE with an error but returns typeof 'object' + if (typeof context.createElement == 'undefined') + context = context.ownerDocument || context[0] && context[0].ownerDocument || document; + + jQuery.each(elems, function(i, elem){ + if ( !elem ) + return; + + if ( elem.constructor == Number ) + elem += ''; + + // Convert html string into DOM nodes + if ( typeof elem == "string" ) { + // Fix "XHTML"-style tags in all browsers + elem = elem.replace(/(<(\w+)[^>]*?)\/>/g, function(all, front, tag){ + return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i) ? + all : + front + "></" + tag + ">"; + }); + + // Trim whitespace, otherwise indexOf won't work as expected + var tags = jQuery.trim( elem ).toLowerCase(), div = context.createElement("div"); + + var wrap = + // option or optgroup + !tags.indexOf("<opt") && + [ 1, "<select multiple='multiple'>", "</select>" ] || + + !tags.indexOf("<leg") && + [ 1, "<fieldset>", "</fieldset>" ] || + + tags.match(/^<(thead|tbody|tfoot|colg|cap)/) && + [ 1, "<table>", "</table>" ] || + + !tags.indexOf("<tr") && + [ 2, "<table><tbody>", "</tbody></table>" ] || + + // <thead> matched above + (!tags.indexOf("<td") || !tags.indexOf("<th")) && + [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ] || + + !tags.indexOf("<col") && + [ 2, "<table><tbody></tbody><colgroup>", "</colgroup></table>" ] || + + // IE can't serialize <link> and <script> tags normally + jQuery.browser.msie && + [ 1, "div<div>", "</div>" ] || + + [ 0, "", "" ]; + + // Go to html and back, then peel off extra wrappers + div.innerHTML = wrap[1] + elem + wrap[2]; + + // Move to the right depth + while ( wrap[0]-- ) + div = div.lastChild; + + // Remove IE's autoinserted <tbody> from table fragments + if ( jQuery.browser.msie ) { + + // String was a <table>, *may* have spurious <tbody> + var tbody = !tags.indexOf("<table") && tags.indexOf("<tbody") < 0 ? + div.firstChild && div.firstChild.childNodes : + + // String was a bare <thead> or <tfoot> + wrap[1] == "<table>" && tags.indexOf("<tbody") < 0 ? + div.childNodes : + []; + + for ( var j = tbody.length - 1; j >= 0 ; --j ) + if ( jQuery.nodeName( tbody[ j ], "tbody" ) && !tbody[ j ].childNodes.length ) + tbody[ j ].parentNode.removeChild( tbody[ j ] ); + + // IE completely kills leading whitespace when innerHTML is used + if ( /^\s/.test( elem ) ) + div.insertBefore( context.createTextNode( elem.match(/^\s*/)[0] ), div.firstChild ); + + } + + elem = jQuery.makeArray( div.childNodes ); + } + + if ( elem.length === 0 && (!jQuery.nodeName( elem, "form" ) && !jQuery.nodeName( elem, "select" )) ) + return; + + if ( elem[0] == undefined || jQuery.nodeName( elem, "form" ) || elem.options ) + ret.push( elem ); + + else + ret = jQuery.merge( ret, elem ); + + }); + + return ret; + }, + + attr: function( elem, name, value ) { + // don't set attributes on text and comment nodes + if (!elem || elem.nodeType == 3 || elem.nodeType == 8) + return undefined; + + var notxml = !jQuery.isXMLDoc( elem ), + // Whether we are setting (or getting) + set = value !== undefined, + msie = jQuery.browser.msie; + + // Try to normalize/fix the name + name = notxml && jQuery.props[ name ] || name; + + // Only do all the following if this is a node (faster for style) + // IE elem.getAttribute passes even for style + if ( elem.tagName ) { + + // These attributes require special treatment + var special = /href|src|style/.test( name ); + + // Safari mis-reports the default selected property of a hidden option + // Accessing the parent's selectedIndex property fixes it + if ( name == "selected" && jQuery.browser.safari ) + elem.parentNode.selectedIndex; + + // If applicable, access the attribute via the DOM 0 way + if ( name in elem && notxml && !special ) { + if ( set ){ + // We can't allow the type property to be changed (since it causes problems in IE) + if ( name == "type" && jQuery.nodeName( elem, "input" ) && elem.parentNode ) + throw "type property can't be changed"; + + elem[ name ] = value; + } + + // browsers index elements by id/name on forms, give priority to attributes. + if( jQuery.nodeName( elem, "form" ) && elem.getAttributeNode(name) ) + return elem.getAttributeNode( name ).nodeValue; + + return elem[ name ]; + } + + if ( msie && notxml && name == "style" ) + return jQuery.attr( elem.style, "cssText", value ); + + if ( set ) + // convert the value to a string (all browsers do this but IE) see #1070 + elem.setAttribute( name, "" + value ); + + var attr = msie && notxml && special + // Some attributes require a special call on IE + ? elem.getAttribute( name, 2 ) + : elem.getAttribute( name ); + + // Non-existent attributes return null, we normalize to undefined + return attr === null ? undefined : attr; + } + + // elem is actually elem.style ... set the style + + // IE uses filters for opacity + if ( msie && name == "opacity" ) { + if ( set ) { + // IE has trouble with opacity if it does not have layout + // Force it by setting the zoom level + elem.zoom = 1; + + // Set the alpha filter to set the opacity + elem.filter = (elem.filter || "").replace( /alpha\([^)]*\)/, "" ) + + (parseInt( value ) + '' == "NaN" ? "" : "alpha(opacity=" + value * 100 + ")"); + } + + return elem.filter && elem.filter.indexOf("opacity=") >= 0 ? + (parseFloat( elem.filter.match(/opacity=([^)]*)/)[1] ) / 100) + '': + ""; + } + + name = name.replace(/-([a-z])/ig, function(all, letter){ + return letter.toUpperCase(); + }); + + if ( set ) + elem[ name ] = value; + + return elem[ name ]; + }, + + trim: function( text ) { + return (text || "").replace( /^\s+|\s+$/g, "" ); + }, + + makeArray: function( array ) { + var ret = []; + + if( array != null ){ + var i = array.length; + //the window, strings and functions also have 'length' + if( i == null || array.split || array.setInterval || array.call ) + ret[0] = array; + else + while( i ) + ret[--i] = array[i]; + } + + return ret; + }, + + inArray: function( elem, array ) { + for ( var i = 0, length = array.length; i < length; i++ ) + // Use === because on IE, window == document + if ( array[ i ] === elem ) + return i; + + return -1; + }, + + merge: function( first, second ) { + // We have to loop this way because IE & Opera overwrite the length + // expando of getElementsByTagName + var i = 0, elem, pos = first.length; + // Also, we need to make sure that the correct elements are being returned + // (IE returns comment nodes in a '*' query) + if ( jQuery.browser.msie ) { + while ( elem = second[ i++ ] ) + if ( elem.nodeType != 8 ) + first[ pos++ ] = elem; + + } else + while ( elem = second[ i++ ] ) + first[ pos++ ] = elem; + + return first; + }, + + unique: function( array ) { + var ret = [], done = {}; + + try { + + for ( var i = 0, length = array.length; i < length; i++ ) { + var id = jQuery.data( array[ i ] ); + + if ( !done[ id ] ) { + done[ id ] = true; + ret.push( array[ i ] ); + } + } + + } catch( e ) { + ret = array; + } + + return ret; + }, + + grep: function( elems, callback, inv ) { + var ret = []; + + // Go through the array, only saving the items + // that pass the validator function + for ( var i = 0, length = elems.length; i < length; i++ ) + if ( !inv != !callback( elems[ i ], i ) ) + ret.push( elems[ i ] ); + + return ret; + }, + + map: function( elems, callback ) { + var ret = []; + + // Go through the array, translating each of the items to their + // new value (or values). + for ( var i = 0, length = elems.length; i < length; i++ ) { + var value = callback( elems[ i ], i ); + + if ( value != null ) + ret[ ret.length ] = value; + } + + return ret.concat.apply( [], ret ); + } +}); + +var userAgent = navigator.userAgent.toLowerCase(); + +// Figure out what browser is being used +jQuery.browser = { + version: (userAgent.match( /.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/ ) || [])[1], + safari: /webkit/.test( userAgent ), + opera: /opera/.test( userAgent ), + msie: /msie/.test( userAgent ) && !/opera/.test( userAgent ), + mozilla: /mozilla/.test( userAgent ) && !/(compatible|webkit)/.test( userAgent ) +}; + +var styleFloat = jQuery.browser.msie ? + "styleFloat" : + "cssFloat"; + +jQuery.extend({ + // Check to see if the W3C box model is being used + boxModel: !jQuery.browser.msie || document.compatMode == "CSS1Compat", + + props: { + "for": "htmlFor", + "class": "className", + "float": styleFloat, + cssFloat: styleFloat, + styleFloat: styleFloat, + readonly: "readOnly", + maxlength: "maxLength", + cellspacing: "cellSpacing", + rowspan: "rowSpan" + } +}); + +jQuery.each({ + parent: function(elem){return elem.parentNode;}, + parents: function(elem){return jQuery.dir(elem,"parentNode");}, + next: function(elem){return jQuery.nth(elem,2,"nextSibling");}, + prev: function(elem){return jQuery.nth(elem,2,"previousSibling");}, + nextAll: function(elem){return jQuery.dir(elem,"nextSibling");}, + prevAll: function(elem){return jQuery.dir(elem,"previousSibling");}, + siblings: function(elem){return jQuery.sibling(elem.parentNode.firstChild,elem);}, + children: function(elem){return jQuery.sibling(elem.firstChild);}, + contents: function(elem){return jQuery.nodeName(elem,"iframe")?elem.contentDocument||elem.contentWindow.document:jQuery.makeArray(elem.childNodes);} +}, function(name, fn){ + jQuery.fn[ name ] = function( selector ) { + var ret = jQuery.map( this, fn ); + + if ( selector && typeof selector == "string" ) + ret = jQuery.multiFilter( selector, ret ); + + return this.pushStack( jQuery.unique( ret ) ); + }; +}); + +jQuery.each({ + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function(name, original){ + jQuery.fn[ name ] = function() { + var args = arguments; + + return this.each(function(){ + for ( var i = 0, length = args.length; i < length; i++ ) + jQuery( args[ i ] )[ original ]( this ); + }); + }; +}); + +jQuery.each({ + removeAttr: function( name ) { + jQuery.attr( this, name, "" ); + if (this.nodeType == 1) + this.removeAttribute( name ); + }, + + addClass: function( classNames ) { + jQuery.className.add( this, classNames ); + }, + + removeClass: function( classNames ) { + jQuery.className.remove( this, classNames ); + }, + + toggleClass: function( classNames ) { + jQuery.className[ jQuery.className.has( this, classNames ) ? "remove" : "add" ]( this, classNames ); + }, + + remove: function( selector ) { + if ( !selector || jQuery.filter( selector, [ this ] ).r.length ) { + // Prevent memory leaks + jQuery( "*", this ).add(this).each(function(){ + jQuery.event.remove(this); + jQuery.removeData(this); + }); + if (this.parentNode) + this.parentNode.removeChild( this ); + } + }, + + empty: function() { + // Remove element nodes and prevent memory leaks + jQuery( ">*", this ).remove(); + + // Remove any remaining nodes + while ( this.firstChild ) + this.removeChild( this.firstChild ); + } +}, function(name, fn){ + jQuery.fn[ name ] = function(){ + return this.each( fn, arguments ); + }; +}); + +jQuery.each([ "Height", "Width" ], function(i, name){ + var type = name.toLowerCase(); + + jQuery.fn[ type ] = function( size ) { + // Get window width or height + return this[0] == window ? + // Opera reports document.body.client[Width/Height] properly in both quirks and standards + jQuery.browser.opera && document.body[ "client" + name ] || + + // Safari reports inner[Width/Height] just fine (Mozilla and Opera include scroll bar widths) + jQuery.browser.safari && window[ "inner" + name ] || + + // Everyone else use document.documentElement or document.body depending on Quirks vs Standards mode + document.compatMode == "CSS1Compat" && document.documentElement[ "client" + name ] || document.body[ "client" + name ] : + + // Get document width or height + this[0] == document ? + // Either scroll[Width/Height] or offset[Width/Height], whichever is greater + Math.max( + Math.max(document.body["scroll" + name], document.documentElement["scroll" + name]), + Math.max(document.body["offset" + name], document.documentElement["offset" + name]) + ) : + + // Get or set width or height on the element + size == undefined ? + // Get width or height on the element + (this.length ? jQuery.css( this[0], type ) : null) : + + // Set the width or height on the element (default to pixels if value is unitless) + this.css( type, size.constructor == String ? size : size + "px" ); + }; +}); + +// Helper function used by the dimensions and offset modules +function num(elem, prop) { + return elem[0] && parseInt( jQuery.curCSS(elem[0], prop, true), 10 ) || 0; +}var chars = jQuery.browser.safari && parseInt(jQuery.browser.version) < 417 ? + "(?:[\\w*_-]|\\\\.)" : + "(?:[\\w\u0128-\uFFFF*_-]|\\\\.)", + quickChild = new RegExp("^>\\s*(" + chars + "+)"), + quickID = new RegExp("^(" + chars + "+)(#)(" + chars + "+)"), + quickClass = new RegExp("^([#.]?)(" + chars + "*)"); + +jQuery.extend({ + expr: { + "": function(a,i,m){return m[2]=="*"||jQuery.nodeName(a,m[2]);}, + "#": function(a,i,m){return a.getAttribute("id")==m[2];}, + ":": { + // Position Checks + lt: function(a,i,m){return i<m[3]-0;}, + gt: function(a,i,m){return i>m[3]-0;}, + nth: function(a,i,m){return m[3]-0==i;}, + eq: function(a,i,m){return m[3]-0==i;}, + first: function(a,i){return i==0;}, + last: function(a,i,m,r){return i==r.length-1;}, + even: function(a,i){return i%2==0;}, + odd: function(a,i){return i%2;}, + + // Child Checks + "first-child": function(a){return a.parentNode.getElementsByTagName("*")[0]==a;}, + "last-child": function(a){return jQuery.nth(a.parentNode.lastChild,1,"previousSibling")==a;}, + "only-child": function(a){return !jQuery.nth(a.parentNode.lastChild,2,"previousSibling");}, + + // Parent Checks + parent: function(a){return a.firstChild;}, + empty: function(a){return !a.firstChild;}, + + // Text Check + contains: function(a,i,m){return (a.textContent||a.innerText||jQuery(a).text()||"").indexOf(m[3])>=0;}, + + // Visibility + visible: function(a){return "hidden"!=a.type&&jQuery.css(a,"display")!="none"&&jQuery.css(a,"visibility")!="hidden";}, + hidden: function(a){return "hidden"==a.type||jQuery.css(a,"display")=="none"||jQuery.css(a,"visibility")=="hidden";}, + + // Form attributes + enabled: function(a){return !a.disabled;}, + disabled: function(a){return a.disabled;}, + checked: function(a){return a.checked;}, + selected: function(a){return a.selected||jQuery.attr(a,"selected");}, + + // Form elements + text: function(a){return "text"==a.type;}, + radio: function(a){return "radio"==a.type;}, + checkbox: function(a){return "checkbox"==a.type;}, + file: function(a){return "file"==a.type;}, + password: function(a){return "password"==a.type;}, + submit: function(a){return "submit"==a.type;}, + image: function(a){return "image"==a.type;}, + reset: function(a){return "reset"==a.type;}, + button: function(a){return "button"==a.type||jQuery.nodeName(a,"button");}, + input: function(a){return /input|select|textarea|button/i.test(a.nodeName);}, + + // :has() + has: function(a,i,m){return jQuery.find(m[3],a).length;}, + + // :header + header: function(a){return /h\d/i.test(a.nodeName);}, + + // :animated + animated: function(a){return jQuery.grep(jQuery.timers,function(fn){return a==fn.elem;}).length;} + } + }, + + // The regular expressions that power the parsing engine + parse: [ + // Match: [@value='test'], [@foo] + /^(\[) *@?([\w-]+) *([!*$^~=]*) *('?"?)(.*?)\4 *\]/, + + // Match: :contains('foo') + /^(:)([\w-]+)\("?'?(.*?(\(.*?\))?[^(]*?)"?'?\)/, + + // Match: :even, :last-child, #id, .class + new RegExp("^([:.#]*)(" + chars + "+)") + ], + + multiFilter: function( expr, elems, not ) { + var old, cur = []; + + while ( expr && expr != old ) { + old = expr; + var f = jQuery.filter( expr, elems, not ); + expr = f.t.replace(/^\s*,\s*/, "" ); + cur = not ? elems = f.r : jQuery.merge( cur, f.r ); + } + + return cur; + }, + + find: function( t, context ) { + // Quickly handle non-string expressions + if ( typeof t != "string" ) + return [ t ]; + + // check to make sure context is a DOM element or a document + if ( context && context.nodeType != 1 && context.nodeType != 9) + return [ ]; + + // Set the correct context (if none is provided) + context = context || document; + + // Initialize the search + var ret = [context], done = [], last, nodeName; + + // Continue while a selector expression exists, and while + // we're no longer looping upon ourselves + while ( t && last != t ) { + var r = []; + last = t; + + t = jQuery.trim(t); + + var foundToken = false, + + // An attempt at speeding up child selectors that + // point to a specific element tag + re = quickChild, + + m = re.exec(t); + + if ( m ) { + nodeName = m[1].toUpperCase(); + + // Perform our own iteration and filter + for ( var i = 0; ret[i]; i++ ) + for ( var c = ret[i].firstChild; c; c = c.nextSibling ) + if ( c.nodeType == 1 && (nodeName == "*" || c.nodeName.toUpperCase() == nodeName) ) + r.push( c ); + + ret = r; + t = t.replace( re, "" ); + if ( t.indexOf(" ") == 0 ) continue; + foundToken = true; + } else { + re = /^([>+~])\s*(\w*)/i; + + if ( (m = re.exec(t)) != null ) { + r = []; + + var merge = {}; + nodeName = m[2].toUpperCase(); + m = m[1]; + + for ( var j = 0, rl = ret.length; j < rl; j++ ) { + var n = m == "~" || m == "+" ? ret[j].nextSibling : ret[j].firstChild; + for ( ; n; n = n.nextSibling ) + if ( n.nodeType == 1 ) { + var id = jQuery.data(n); + + if ( m == "~" && merge[id] ) break; + + if (!nodeName || n.nodeName.toUpperCase() == nodeName ) { + if ( m == "~" ) merge[id] = true; + r.push( n ); + } + + if ( m == "+" ) break; + } + } + + ret = r; + + // And remove the token + t = jQuery.trim( t.replace( re, "" ) ); + foundToken = true; + } + } + + // See if there's still an expression, and that we haven't already + // matched a token + if ( t && !foundToken ) { + // Handle multiple expressions + if ( !t.indexOf(",") ) { + // Clean the result set + if ( context == ret[0] ) ret.shift(); + + // Merge the result sets + done = jQuery.merge( done, ret ); + + // Reset the context + r = ret = [context]; + + // Touch up the selector string + t = " " + t.substr(1,t.length); + + } else { + // Optimize for the case nodeName#idName + var re2 = quickID; + var m = re2.exec(t); + + // Re-organize the results, so that they're consistent + if ( m ) { + m = [ 0, m[2], m[3], m[1] ]; + + } else { + // Otherwise, do a traditional filter check for + // ID, class, and element selectors + re2 = quickClass; + m = re2.exec(t); + } + + m[2] = m[2].replace(/\\/g, ""); + + var elem = ret[ret.length-1]; + + // Try to do a global search by ID, where we can + if ( m[1] == "#" && elem && elem.getElementById && !jQuery.isXMLDoc(elem) ) { + // Optimization for HTML document case + var oid = elem.getElementById(m[2]); + + // Do a quick check for the existence of the actual ID attribute + // to avoid selecting by the name attribute in IE + // also check to insure id is a string to avoid selecting an element with the name of 'id' inside a form + if ( (jQuery.browser.msie||jQuery.browser.opera) && oid && typeof oid.id == "string" && oid.id != m[2] ) + oid = jQuery('[@id="'+m[2]+'"]', elem)[0]; + + // Do a quick check for node name (where applicable) so + // that div#foo searches will be really fast + ret = r = oid && (!m[3] || jQuery.nodeName(oid, m[3])) ? [oid] : []; + } else { + // We need to find all descendant elements + for ( var i = 0; ret[i]; i++ ) { + // Grab the tag name being searched for + var tag = m[1] == "#" && m[3] ? m[3] : m[1] != "" || m[0] == "" ? "*" : m[2]; + + // Handle IE7 being really dumb about <object>s + if ( tag == "*" && ret[i].nodeName.toLowerCase() == "object" ) + tag = "param"; + + r = jQuery.merge( r, ret[i].getElementsByTagName( tag )); + } + + // It's faster to filter by class and be done with it + if ( m[1] == "." ) + r = jQuery.classFilter( r, m[2] ); + + // Same with ID filtering + if ( m[1] == "#" ) { + var tmp = []; + + // Try to find the element with the ID + for ( var i = 0; r[i]; i++ ) + if ( r[i].getAttribute("id") == m[2] ) { + tmp = [ r[i] ]; + break; + } + + r = tmp; + } + + ret = r; + } + + t = t.replace( re2, "" ); + } + + } + + // If a selector string still exists + if ( t ) { + // Attempt to filter it + var val = jQuery.filter(t,r); + ret = r = val.r; + t = jQuery.trim(val.t); + } + } + + // An error occurred with the selector; + // just return an empty set instead + if ( t ) + ret = []; + + // Remove the root context + if ( ret && context == ret[0] ) + ret.shift(); + + // And combine the results + done = jQuery.merge( done, ret ); + + return done; + }, + + classFilter: function(r,m,not){ + m = " " + m + " "; + var tmp = []; + for ( var i = 0; r[i]; i++ ) { + var pass = (" " + r[i].className + " ").indexOf( m ) >= 0; + if ( !not && pass || not && !pass ) + tmp.push( r[i] ); + } + return tmp; + }, + + filter: function(t,r,not) { + var last; + + // Look for common filter expressions + while ( t && t != last ) { + last = t; + + var p = jQuery.parse, m; + + for ( var i = 0; p[i]; i++ ) { + m = p[i].exec( t ); + + if ( m ) { + // Remove what we just matched + t = t.substring( m[0].length ); + + m[2] = m[2].replace(/\\/g, ""); + break; + } + } + + if ( !m ) + break; + + // :not() is a special case that can be optimized by + // keeping it out of the expression list + if ( m[1] == ":" && m[2] == "not" ) + // optimize if only one selector found (most common case) + r = isSimple.test( m[3] ) ? + jQuery.filter(m[3], r, true).r : + jQuery( r ).not( m[3] ); + + // We can get a big speed boost by filtering by class here + else if ( m[1] == "." ) + r = jQuery.classFilter(r, m[2], not); + + else if ( m[1] == "[" ) { + var tmp = [], type = m[3]; + + for ( var i = 0, rl = r.length; i < rl; i++ ) { + var a = r[i], z = a[ jQuery.props[m[2]] || m[2] ]; + + if ( z == null || /href|src|selected/.test(m[2]) ) + z = jQuery.attr(a,m[2]) || ''; + + if ( (type == "" && !!z || + type == "=" && z == m[5] || + type == "!=" && z != m[5] || + type == "^=" && z && !z.indexOf(m[5]) || + type == "$=" && z.substr(z.length - m[5].length) == m[5] || + (type == "*=" || type == "~=") && z.indexOf(m[5]) >= 0) ^ not ) + tmp.push( a ); + } + + r = tmp; + + // We can get a speed boost by handling nth-child here + } else if ( m[1] == ":" && m[2] == "nth-child" ) { + var merge = {}, tmp = [], + // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' + test = /(-?)(\d*)n((?:\+|-)?\d*)/.exec( + m[3] == "even" && "2n" || m[3] == "odd" && "2n+1" || + !/\D/.test(m[3]) && "0n+" + m[3] || m[3]), + // calculate the numbers (first)n+(last) including if they are negative + first = (test[1] + (test[2] || 1)) - 0, last = test[3] - 0; + + // loop through all the elements left in the jQuery object + for ( var i = 0, rl = r.length; i < rl; i++ ) { + var node = r[i], parentNode = node.parentNode, id = jQuery.data(parentNode); + + if ( !merge[id] ) { + var c = 1; + + for ( var n = parentNode.firstChild; n; n = n.nextSibling ) + if ( n.nodeType == 1 ) + n.nodeIndex = c++; + + merge[id] = true; + } + + var add = false; + + if ( first == 0 ) { + if ( node.nodeIndex == last ) + add = true; + } else if ( (node.nodeIndex - last) % first == 0 && (node.nodeIndex - last) / first >= 0 ) + add = true; + + if ( add ^ not ) + tmp.push( node ); + } + + r = tmp; + + // Otherwise, find the expression to execute + } else { + var fn = jQuery.expr[ m[1] ]; + if ( typeof fn == "object" ) + fn = fn[ m[2] ]; + + if ( typeof fn == "string" ) + fn = eval("false||function(a,i){return " + fn + ";}"); + + // Execute it against the current filter + r = jQuery.grep( r, function(elem, i){ + return fn(elem, i, m, r); + }, not ); + } + } + + // Return an array of filtered elements (r) + // and the modified expression string (t) + return { r: r, t: t }; + }, + + dir: function( elem, dir ){ + var matched = [], + cur = elem[dir]; + while ( cur && cur != document ) { + if ( cur.nodeType == 1 ) + matched.push( cur ); + cur = cur[dir]; + } + return matched; + }, + + nth: function(cur,result,dir,elem){ + result = result || 1; + var num = 0; + + for ( ; cur; cur = cur[dir] ) + if ( cur.nodeType == 1 && ++num == result ) + break; + + return cur; + }, + + sibling: function( n, elem ) { + var r = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType == 1 && n != elem ) + r.push( n ); + } + + return r; + } +}); +/* + * A number of helper functions used for managing events. + * Many of the ideas behind this code orignated from + * Dean Edwards' addEvent library. + */ +jQuery.event = { + + // Bind an event to an element + // Original by Dean Edwards + add: function(elem, types, handler, data) { + if ( elem.nodeType == 3 || elem.nodeType == 8 ) + return; + + // For whatever reason, IE has trouble passing the window object + // around, causing it to be cloned in the process + if ( jQuery.browser.msie && elem.setInterval ) + elem = window; + + // Make sure that the function being executed has a unique ID + if ( !handler.guid ) + handler.guid = this.guid++; + + // if data is passed, bind to handler + if( data != undefined ) { + // Create temporary function pointer to original handler + var fn = handler; + + // Create unique handler function, wrapped around original handler + handler = this.proxy( fn, function() { + // Pass arguments and context to original handler + return fn.apply(this, arguments); + }); + + // Store data in unique handler + handler.data = data; + } + + // Init the element's event structure + var events = jQuery.data(elem, "events") || jQuery.data(elem, "events", {}), + handle = jQuery.data(elem, "handle") || jQuery.data(elem, "handle", function(){ + // Handle the second event of a trigger and when + // an event is called after a page has unloaded + if ( typeof jQuery != "undefined" && !jQuery.event.triggered ) + return jQuery.event.handle.apply(arguments.callee.elem, arguments); + }); + // Add elem as a property of the handle function + // This is to prevent a memory leak with non-native + // event in IE. + handle.elem = elem; + + // Handle multiple events separated by a space + // jQuery(...).bind("mouseover mouseout", fn); + jQuery.each(types.split(/\s+/), function(index, type) { + // Namespaced event handlers + var parts = type.split("."); + type = parts[0]; + handler.type = parts[1]; + + // Get the current list of functions bound to this event + var handlers = events[type]; + + // Init the event handler queue + if (!handlers) { + handlers = events[type] = {}; + + // Check for a special event handler + // Only use addEventListener/attachEvent if the special + // events handler returns false + if ( !jQuery.event.special[type] || jQuery.event.special[type].setup.call(elem) === false ) { + // Bind the global event handler to the element + if (elem.addEventListener) + elem.addEventListener(type, handle, false); + else if (elem.attachEvent) + elem.attachEvent("on" + type, handle); + } + } + + // Add the function to the element's handler list + handlers[handler.guid] = handler; + + // Keep track of which events have been used, for global triggering + jQuery.event.global[type] = true; + }); + + // Nullify elem to prevent memory leaks in IE + elem = null; + }, + + guid: 1, + global: {}, + + // Detach an event or set of events from an element + remove: function(elem, types, handler) { + // don't do events on text and comment nodes + if ( elem.nodeType == 3 || elem.nodeType == 8 ) + return; + + var events = jQuery.data(elem, "events"), ret, index; + + if ( events ) { + // Unbind all events for the element + if ( types == undefined || (typeof types == "string" && types.charAt(0) == ".") ) + for ( var type in events ) + this.remove( elem, type + (types || "") ); + else { + // types is actually an event object here + if ( types.type ) { + handler = types.handler; + types = types.type; + } + + // Handle multiple events seperated by a space + // jQuery(...).unbind("mouseover mouseout", fn); + jQuery.each(types.split(/\s+/), function(index, type){ + // Namespaced event handlers + var parts = type.split("."); + type = parts[0]; + + if ( events[type] ) { + // remove the given handler for the given type + if ( handler ) + delete events[type][handler.guid]; + + // remove all handlers for the given type + else + for ( handler in events[type] ) + // Handle the removal of namespaced events + if ( !parts[1] || events[type][handler].type == parts[1] ) + delete events[type][handler]; + + // remove generic event handler if no more handlers exist + for ( ret in events[type] ) break; + if ( !ret ) { + if ( !jQuery.event.special[type] || jQuery.event.special[type].teardown.call(elem) === false ) { + if (elem.removeEventListener) + elem.removeEventListener(type, jQuery.data(elem, "handle"), false); + else if (elem.detachEvent) + elem.detachEvent("on" + type, jQuery.data(elem, "handle")); + } + ret = null; + delete events[type]; + } + } + }); + } + + // Remove the expando if it's no longer used + for ( ret in events ) break; + if ( !ret ) { + var handle = jQuery.data( elem, "handle" ); + if ( handle ) handle.elem = null; + jQuery.removeData( elem, "events" ); + jQuery.removeData( elem, "handle" ); + } + } + }, + + trigger: function(type, data, elem, donative, extra) { + // Clone the incoming data, if any + data = jQuery.makeArray(data); + + if ( type.indexOf("!") >= 0 ) { + type = type.slice(0, -1); + var exclusive = true; + } + + // Handle a global trigger + if ( !elem ) { + // Only trigger if we've ever bound an event for it + if ( this.global[type] ) + jQuery("*").add([window, document]).trigger(type, data); + + // Handle triggering a single element + } else { + // don't do events on text and comment nodes + if ( elem.nodeType == 3 || elem.nodeType == 8 ) + return undefined; + + var val, ret, fn = jQuery.isFunction( elem[ type ] || null ), + // Check to see if we need to provide a fake event, or not + event = !data[0] || !data[0].preventDefault; + + // Pass along a fake event + if ( event ) { + data.unshift({ + type: type, + target: elem, + preventDefault: function(){}, + stopPropagation: function(){}, + timeStamp: now() + }); + data[0][expando] = true; // no need to fix fake event + } + + // Enforce the right trigger type + data[0].type = type; + if ( exclusive ) + data[0].exclusive = true; + + // Trigger the event, it is assumed that "handle" is a function + var handle = jQuery.data(elem, "handle"); + if ( handle ) + val = handle.apply( elem, data ); + + // Handle triggering native .onfoo handlers (and on links since we don't call .click() for links) + if ( (!fn || (jQuery.nodeName(elem, 'a') && type == "click")) && elem["on"+type] && elem["on"+type].apply( elem, data ) === false ) + val = false; + + // Extra functions don't get the custom event object + if ( event ) + data.shift(); + + // Handle triggering of extra function + if ( extra && jQuery.isFunction( extra ) ) { + // call the extra function and tack the current return value on the end for possible inspection + ret = extra.apply( elem, val == null ? data : data.concat( val ) ); + // if anything is returned, give it precedence and have it overwrite the previous value + if (ret !== undefined) + val = ret; + } + + // Trigger the native events (except for clicks on links) + if ( fn && donative !== false && val !== false && !(jQuery.nodeName(elem, 'a') && type == "click") ) { + this.triggered = true; + try { + elem[ type ](); + // prevent IE from throwing an error for some hidden elements + } catch (e) {} + } + + this.triggered = false; + } + + return val; + }, + + handle: function(event) { + // returned undefined or false + var val, ret, namespace, all, handlers; + + event = arguments[0] = jQuery.event.fix( event || window.event ); + + // Namespaced event handlers + namespace = event.type.split("."); + event.type = namespace[0]; + namespace = namespace[1]; + // Cache this now, all = true means, any handler + all = !namespace && !event.exclusive; + + handlers = ( jQuery.data(this, "events") || {} )[event.type]; + + for ( var j in handlers ) { + var handler = handlers[j]; + + // Filter the functions by class + if ( all || handler.type == namespace ) { + // Pass in a reference to the handler function itself + // So that we can later remove it + event.handler = handler; + event.data = handler.data; + + ret = handler.apply( this, arguments ); + + if ( val !== false ) + val = ret; + + if ( ret === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + + return val; + }, + + props: "altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode metaKey newValue originalTarget pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target timeStamp toElement type view wheelDelta which".split(" "), + + fix: function(event) { + if ( event[expando] == true ) + return event; + + // store a copy of the original event object + // and "clone" to set read-only properties + var originalEvent = event; + event = { originalEvent: originalEvent }; + + for ( var i = this.props.length, prop; i; ){ + prop = this.props[ --i ]; + event[ prop ] = originalEvent[ prop ]; + } + + // Mark it as fixed + event[expando] = true; + + // add preventDefault and stopPropagation since + // they will not work on the clone + event.preventDefault = function() { + // if preventDefault exists run it on the original event + if (originalEvent.preventDefault) + originalEvent.preventDefault(); + // otherwise set the returnValue property of the original event to false (IE) + originalEvent.returnValue = false; + }; + event.stopPropagation = function() { + // if stopPropagation exists run it on the original event + if (originalEvent.stopPropagation) + originalEvent.stopPropagation(); + // otherwise set the cancelBubble property of the original event to true (IE) + originalEvent.cancelBubble = true; + }; + + // Fix timeStamp + event.timeStamp = event.timeStamp || now(); + + // Fix target property, if necessary + if ( !event.target ) + event.target = event.srcElement || document; // Fixes #1925 where srcElement might not be defined either + + // check if target is a textnode (safari) + if ( event.target.nodeType == 3 ) + event.target = event.target.parentNode; + + // Add relatedTarget, if necessary + if ( !event.relatedTarget && event.fromElement ) + event.relatedTarget = event.fromElement == event.target ? event.toElement : event.fromElement; + + // Calculate pageX/Y if missing and clientX/Y available + if ( event.pageX == null && event.clientX != null ) { + var doc = document.documentElement, body = document.body; + event.pageX = event.clientX + (doc && doc.scrollLeft || body && body.scrollLeft || 0) - (doc.clientLeft || 0); + event.pageY = event.clientY + (doc && doc.scrollTop || body && body.scrollTop || 0) - (doc.clientTop || 0); + } + + // Add which for key events + if ( !event.which && ((event.charCode || event.charCode === 0) ? event.charCode : event.keyCode) ) + event.which = event.charCode || event.keyCode; + + // Add metaKey to non-Mac browsers (use ctrl for PC's and Meta for Macs) + if ( !event.metaKey && event.ctrlKey ) + event.metaKey = event.ctrlKey; + + // Add which for click: 1 == left; 2 == middle; 3 == right + // Note: button is not normalized, so don't use it + if ( !event.which && event.button ) + event.which = (event.button & 1 ? 1 : ( event.button & 2 ? 3 : ( event.button & 4 ? 2 : 0 ) )); + + return event; + }, + + proxy: function( fn, proxy ){ + // Set the guid of unique handler to the same of original handler, so it can be removed + proxy.guid = fn.guid = fn.guid || proxy.guid || this.guid++; + // So proxy can be declared as an argument + return proxy; + }, + + special: { + ready: { + setup: function() { + // Make sure the ready event is setup + bindReady(); + return; + }, + + teardown: function() { return; } + }, + + mouseenter: { + setup: function() { + if ( jQuery.browser.msie ) return false; + jQuery(this).bind("mouseover", jQuery.event.special.mouseenter.handler); + return true; + }, + + teardown: function() { + if ( jQuery.browser.msie ) return false; + jQuery(this).unbind("mouseover", jQuery.event.special.mouseenter.handler); + return true; + }, + + handler: function(event) { + // If we actually just moused on to a sub-element, ignore it + if ( withinElement(event, this) ) return true; + // Execute the right handlers by setting the event type to mouseenter + event.type = "mouseenter"; + return jQuery.event.handle.apply(this, arguments); + } + }, + + mouseleave: { + setup: function() { + if ( jQuery.browser.msie ) return false; + jQuery(this).bind("mouseout", jQuery.event.special.mouseleave.handler); + return true; + }, + + teardown: function() { + if ( jQuery.browser.msie ) return false; + jQuery(this).unbind("mouseout", jQuery.event.special.mouseleave.handler); + return true; + }, + + handler: function(event) { + // If we actually just moused on to a sub-element, ignore it + if ( withinElement(event, this) ) return true; + // Execute the right handlers by setting the event type to mouseleave + event.type = "mouseleave"; + return jQuery.event.handle.apply(this, arguments); + } + } + } +}; + +jQuery.fn.extend({ + bind: function( type, data, fn ) { + return type == "unload" ? this.one(type, data, fn) : this.each(function(){ + jQuery.event.add( this, type, fn || data, fn && data ); + }); + }, + + one: function( type, data, fn ) { + var one = jQuery.event.proxy( fn || data, function(event) { + jQuery(this).unbind(event, one); + return (fn || data).apply( this, arguments ); + }); + return this.each(function(){ + jQuery.event.add( this, type, one, fn && data); + }); + }, + + unbind: function( type, fn ) { + return this.each(function(){ + jQuery.event.remove( this, type, fn ); + }); + }, + + trigger: function( type, data, fn ) { + return this.each(function(){ + jQuery.event.trigger( type, data, this, true, fn ); + }); + }, + + triggerHandler: function( type, data, fn ) { + return this[0] && jQuery.event.trigger( type, data, this[0], false, fn ); + }, + + toggle: function( fn ) { + // Save reference to arguments for access in closure + var args = arguments, i = 1; + + // link all the functions, so any of them can unbind this click handler + while( i < args.length ) + jQuery.event.proxy( fn, args[i++] ); + + return this.click( jQuery.event.proxy( fn, function(event) { + // Figure out which function to execute + this.lastToggle = ( this.lastToggle || 0 ) % i; + + // Make sure that clicks stop + event.preventDefault(); + + // and execute the function + return args[ this.lastToggle++ ].apply( this, arguments ) || false; + })); + }, + + hover: function(fnOver, fnOut) { + return this.bind('mouseenter', fnOver).bind('mouseleave', fnOut); + }, + + ready: function(fn) { + // Attach the listeners + bindReady(); + + // If the DOM is already ready + if ( jQuery.isReady ) + // Execute the function immediately + fn.call( document, jQuery ); + + // Otherwise, remember the function for later + else + // Add the function to the wait list + jQuery.readyList.push( function() { return fn.call(this, jQuery); } ); + + return this; + } +}); + +jQuery.extend({ + isReady: false, + readyList: [], + // Handle when the DOM is ready + ready: function() { + // Make sure that the DOM is not already loaded + if ( !jQuery.isReady ) { + // Remember that the DOM is ready + jQuery.isReady = true; + + // If there are functions bound, to execute + if ( jQuery.readyList ) { + // Execute all of them + jQuery.each( jQuery.readyList, function(){ + this.call( document ); + }); + + // Reset the list of functions + jQuery.readyList = null; + } + + // Trigger any bound ready events + jQuery(document).triggerHandler("ready"); + } + } +}); + +var readyBound = false; + +function bindReady(){ + if ( readyBound ) return; + readyBound = true; + + // Mozilla, Opera (see further below for it) and webkit nightlies currently support this event + if ( document.addEventListener && !jQuery.browser.opera) + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", jQuery.ready, false ); + + // If IE is used and is not in a frame + // Continually check to see if the document is ready + if ( jQuery.browser.msie && window == top ) (function(){ + if (jQuery.isReady) return; + try { + // If IE is used, use the trick by Diego Perini + // http://javascript.nwbox.com/IEContentLoaded/ + document.documentElement.doScroll("left"); + } catch( error ) { + setTimeout( arguments.callee, 0 ); + return; + } + // and execute any waiting functions + jQuery.ready(); + })(); + + if ( jQuery.browser.opera ) + document.addEventListener( "DOMContentLoaded", function () { + if (jQuery.isReady) return; + for (var i = 0; i < document.styleSheets.length; i++) + if (document.styleSheets[i].disabled) { + setTimeout( arguments.callee, 0 ); + return; + } + // and execute any waiting functions + jQuery.ready(); + }, false); + + if ( jQuery.browser.safari ) { + var numStyles; + (function(){ + if (jQuery.isReady) return; + if ( document.readyState != "loaded" && document.readyState != "complete" ) { + setTimeout( arguments.callee, 0 ); + return; + } + if ( numStyles === undefined ) + numStyles = jQuery("style, link[rel=stylesheet]").length; + if ( document.styleSheets.length != numStyles ) { + setTimeout( arguments.callee, 0 ); + return; + } + // and execute any waiting functions + jQuery.ready(); + })(); + } + + // A fallback to window.onload, that will always work + jQuery.event.add( window, "load", jQuery.ready ); +} + +jQuery.each( ("blur,focus,load,resize,scroll,unload,click,dblclick," + + "mousedown,mouseup,mousemove,mouseover,mouseout,change,select," + + "submit,keydown,keypress,keyup,error").split(","), function(i, name){ + + // Handle event binding + jQuery.fn[name] = function(fn){ + return fn ? this.bind(name, fn) : this.trigger(name); + }; +}); + +// Checks if an event happened on an element within another element +// Used in jQuery.event.special.mouseenter and mouseleave handlers +var withinElement = function(event, elem) { + // Check if mouse(over|out) are still within the same parent element + var parent = event.relatedTarget; + // Traverse up the tree + while ( parent && parent != elem ) try { parent = parent.parentNode; } catch(error) { parent = elem; } + // Return true if we actually just moused on to a sub-element + return parent == elem; +}; + +// Prevent memory leaks in IE +// And prevent errors on refresh with events like mouseover in other browsers +// Window isn't included so as not to unbind existing unload events +jQuery(window).bind("unload", function() { + jQuery("*").add(document).unbind(); +}); +jQuery.fn.extend({ + // Keep a copy of the old load + _load: jQuery.fn.load, + + load: function( url, params, callback ) { + if ( typeof url != 'string' ) + return this._load( url ); + + var off = url.indexOf(" "); + if ( off >= 0 ) { + var selector = url.slice(off, url.length); + url = url.slice(0, off); + } + + callback = callback || function(){}; + + // Default to a GET request + var type = "GET"; + + // If the second parameter was provided + if ( params ) + // If it's a function + if ( jQuery.isFunction( params ) ) { + // We assume that it's the callback + callback = params; + params = null; + + // Otherwise, build a param string + } else if( typeof params == 'object' ) { + params = jQuery.param( params ); + type = "POST"; + } + + var self = this; + + // Request the remote document + jQuery.ajax({ + url: url, + type: type, + dataType: "html", + data: params, + complete: function(res, status){ + // If successful, inject the HTML into all the matched elements + if ( status == "success" || status == "notmodified" ) + // See if a selector was specified + self.html( selector ? + // Create a dummy div to hold the results + jQuery("<div/>") + // inject the contents of the document in, removing the scripts + // to avoid any 'Permission Denied' errors in IE + .append(res.responseText.replace(/<script(.|\s)*?\/script>/g, "")) + + // Locate the specified elements + .find(selector) : + + // If not, just inject the full result + res.responseText ); + + self.each( callback, [res.responseText, status, res] ); + } + }); + return this; + }, + + serialize: function() { + return jQuery.param(this.serializeArray()); + }, + serializeArray: function() { + return this.map(function(){ + return jQuery.nodeName(this, "form") ? + jQuery.makeArray(this.elements) : this; + }) + .filter(function(){ + return this.name && !this.disabled && + (this.checked || /select|textarea/i.test(this.nodeName) || + /text|hidden|password/i.test(this.type)); + }) + .map(function(i, elem){ + var val = jQuery(this).val(); + return val == null ? null : + val.constructor == Array ? + jQuery.map( val, function(val, i){ + return {name: elem.name, value: val}; + }) : + {name: elem.name, value: val}; + }).get(); + } +}); + +// Attach a bunch of functions for handling common AJAX events +jQuery.each( "ajaxStart,ajaxStop,ajaxComplete,ajaxError,ajaxSuccess,ajaxSend".split(","), function(i,o){ + jQuery.fn[o] = function(f){ + return this.bind(o, f); + }; +}); + +var jsc = now(); + +jQuery.extend({ + get: function( url, data, callback, type ) { + // shift arguments if data argument was ommited + if ( jQuery.isFunction( data ) ) { + callback = data; + data = null; + } + + return jQuery.ajax({ + type: "GET", + url: url, + data: data, + success: callback, + dataType: type + }); + }, + + getScript: function( url, callback ) { + return jQuery.get(url, null, callback, "script"); + }, + + getJSON: function( url, data, callback ) { + return jQuery.get(url, data, callback, "json"); + }, + + post: function( url, data, callback, type ) { + if ( jQuery.isFunction( data ) ) { + callback = data; + data = {}; + } + + return jQuery.ajax({ + type: "POST", + url: url, + data: data, + success: callback, + dataType: type + }); + }, + + ajaxSetup: function( settings ) { + jQuery.extend( jQuery.ajaxSettings, settings ); + }, + + ajaxSettings: { + url: location.href, + global: true, + type: "GET", + timeout: 0, + contentType: "application/x-www-form-urlencoded", + processData: true, + async: true, + data: null, + username: null, + password: null, + accepts: { + xml: "application/xml, text/xml", + html: "text/html", + script: "text/javascript, application/javascript", + json: "application/json, text/javascript", + text: "text/plain", + _default: "*/*" + } + }, + + // Last-Modified header cache for next request + lastModified: {}, + + ajax: function( s ) { + // Extend the settings, but re-extend 's' so that it can be + // checked again later (in the test suite, specifically) + s = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s)); + + var jsonp, jsre = /=\?(&|$)/g, status, data, + type = s.type.toUpperCase(); + + // convert data if not already a string + if ( s.data && s.processData && typeof s.data != "string" ) + s.data = jQuery.param(s.data); + + // Handle JSONP Parameter Callbacks + if ( s.dataType == "jsonp" ) { + if ( type == "GET" ) { + if ( !s.url.match(jsre) ) + s.url += (s.url.match(/\?/) ? "&" : "?") + (s.jsonp || "callback") + "=?"; + } else if ( !s.data || !s.data.match(jsre) ) + s.data = (s.data ? s.data + "&" : "") + (s.jsonp || "callback") + "=?"; + s.dataType = "json"; + } + + // Build temporary JSONP function + if ( s.dataType == "json" && (s.data && s.data.match(jsre) || s.url.match(jsre)) ) { + jsonp = "jsonp" + jsc++; + + // Replace the =? sequence both in the query string and the data + if ( s.data ) + s.data = (s.data + "").replace(jsre, "=" + jsonp + "$1"); + s.url = s.url.replace(jsre, "=" + jsonp + "$1"); + + // We need to make sure + // that a JSONP style response is executed properly + s.dataType = "script"; + + // Handle JSONP-style loading + window[ jsonp ] = function(tmp){ + data = tmp; + success(); + complete(); + // Garbage collect + window[ jsonp ] = undefined; + try{ delete window[ jsonp ]; } catch(e){} + if ( head ) + head.removeChild( script ); + }; + } + + if ( s.dataType == "script" && s.cache == null ) + s.cache = false; + + if ( s.cache === false && type == "GET" ) { + var ts = now(); + // try replacing _= if it is there + var ret = s.url.replace(/(\?|&)_=.*?(&|$)/, "$1_=" + ts + "$2"); + // if nothing was replaced, add timestamp to the end + s.url = ret + ((ret == s.url) ? (s.url.match(/\?/) ? "&" : "?") + "_=" + ts : ""); + } + + // If data is available, append data to url for get requests + if ( s.data && type == "GET" ) { + s.url += (s.url.match(/\?/) ? "&" : "?") + s.data; + + // IE likes to send both get and post data, prevent this + s.data = null; + } + + // Watch for a new set of requests + if ( s.global && ! jQuery.active++ ) + jQuery.event.trigger( "ajaxStart" ); + + // Matches an absolute URL, and saves the domain + var remote = /^(?:\w+:)?\/\/([^\/?#]+)/; + + // If we're requesting a remote document + // and trying to load JSON or Script with a GET + if ( s.dataType == "script" && type == "GET" + && remote.test(s.url) && remote.exec(s.url)[1] != location.host ){ + var head = document.getElementsByTagName("head")[0]; + var script = document.createElement("script"); + script.src = s.url; + if (s.scriptCharset) + script.charset = s.scriptCharset; + + // Handle Script loading + if ( !jsonp ) { + var done = false; + + // Attach handlers for all browsers + script.onload = script.onreadystatechange = function(){ + if ( !done && (!this.readyState || + this.readyState == "loaded" || this.readyState == "complete") ) { + done = true; + success(); + complete(); + head.removeChild( script ); + } + }; + } + + head.appendChild(script); + + // We handle everything using the script element injection + return undefined; + } + + var requestDone = false; + + // Create the request object; Microsoft failed to properly + // implement the XMLHttpRequest in IE7, so we use the ActiveXObject when it is available + var xhr = window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest(); + + // Open the socket + // Passing null username, generates a login popup on Opera (#2865) + if( s.username ) + xhr.open(type, s.url, s.async, s.username, s.password); + else + xhr.open(type, s.url, s.async); + + // Need an extra try/catch for cross domain requests in Firefox 3 + try { + // Set the correct header, if data is being sent + if ( s.data ) + xhr.setRequestHeader("Content-Type", s.contentType); + + // Set the If-Modified-Since header, if ifModified mode. + if ( s.ifModified ) + xhr.setRequestHeader("If-Modified-Since", + jQuery.lastModified[s.url] || "Thu, 01 Jan 1970 00:00:00 GMT" ); + + // Set header so the called script knows that it's an XMLHttpRequest + xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); + + // Set the Accepts header for the server, depending on the dataType + xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ? + s.accepts[ s.dataType ] + ", */*" : + s.accepts._default ); + } catch(e){} + + // Allow custom headers/mimetypes + if ( s.beforeSend && s.beforeSend(xhr, s) === false ) { + // cleanup active request counter + s.global && jQuery.active--; + // close opended socket + xhr.abort(); + return false; + } + + if ( s.global ) + jQuery.event.trigger("ajaxSend", [xhr, s]); + + // Wait for a response to come back + var onreadystatechange = function(isTimeout){ + // The transfer is complete and the data is available, or the request timed out + if ( !requestDone && xhr && (xhr.readyState == 4 || isTimeout == "timeout") ) { + requestDone = true; + + // clear poll interval + if (ival) { + clearInterval(ival); + ival = null; + } + + status = isTimeout == "timeout" ? "timeout" : + !jQuery.httpSuccess( xhr ) ? "error" : + s.ifModified && jQuery.httpNotModified( xhr, s.url ) ? "notmodified" : + "success"; + + if ( status == "success" ) { + // Watch for, and catch, XML document parse errors + try { + // process the data (runs the xml through httpData regardless of callback) + data = jQuery.httpData( xhr, s.dataType, s.dataFilter ); + } catch(e) { + status = "parsererror"; + } + } + + // Make sure that the request was successful or notmodified + if ( status == "success" ) { + // Cache Last-Modified header, if ifModified mode. + var modRes; + try { + modRes = xhr.getResponseHeader("Last-Modified"); + } catch(e) {} // swallow exception thrown by FF if header is not available + + if ( s.ifModified && modRes ) + jQuery.lastModified[s.url] = modRes; + + // JSONP handles its own success callback + if ( !jsonp ) + success(); + } else + jQuery.handleError(s, xhr, status); + + // Fire the complete handlers + complete(); + + // Stop memory leaks + if ( s.async ) + xhr = null; + } + }; + + if ( s.async ) { + // don't attach the handler to the request, just poll it instead + var ival = setInterval(onreadystatechange, 13); + + // Timeout checker + if ( s.timeout > 0 ) + setTimeout(function(){ + // Check to see if the request is still happening + if ( xhr ) { + // Cancel the request + xhr.abort(); + + if( !requestDone ) + onreadystatechange( "timeout" ); + } + }, s.timeout); + } + + // Send the data + try { + xhr.send(s.data); + } catch(e) { + jQuery.handleError(s, xhr, null, e); + } + + // firefox 1.5 doesn't fire statechange for sync requests + if ( !s.async ) + onreadystatechange(); + + function success(){ + // If a local callback was specified, fire it and pass it the data + if ( s.success ) + s.success( data, status ); + + // Fire the global callback + if ( s.global ) + jQuery.event.trigger( "ajaxSuccess", [xhr, s] ); + } + + function complete(){ + // Process result + if ( s.complete ) + s.complete(xhr, status); + + // The request was completed + if ( s.global ) + jQuery.event.trigger( "ajaxComplete", [xhr, s] ); + + // Handle the global AJAX counter + if ( s.global && ! --jQuery.active ) + jQuery.event.trigger( "ajaxStop" ); + } + + // return XMLHttpRequest to allow aborting the request etc. + return xhr; + }, + + handleError: function( s, xhr, status, e ) { + // If a local callback was specified, fire it + if ( s.error ) s.error( xhr, status, e ); + + // Fire the global callback + if ( s.global ) + jQuery.event.trigger( "ajaxError", [xhr, s, e] ); + }, + + // Counter for holding the number of active queries + active: 0, + + // Determines if an XMLHttpRequest was successful or not + httpSuccess: function( xhr ) { + try { + // IE error sometimes returns 1223 when it should be 204 so treat it as success, see #1450 + return !xhr.status && location.protocol == "file:" || + ( xhr.status >= 200 && xhr.status < 300 ) || xhr.status == 304 || xhr.status == 1223 || + jQuery.browser.safari && xhr.status == undefined; + } catch(e){} + return false; + }, + + // Determines if an XMLHttpRequest returns NotModified + httpNotModified: function( xhr, url ) { + try { + var xhrRes = xhr.getResponseHeader("Last-Modified"); + + // Firefox always returns 200. check Last-Modified date + return xhr.status == 304 || xhrRes == jQuery.lastModified[url] || + jQuery.browser.safari && xhr.status == undefined; + } catch(e){} + return false; + }, + + httpData: function( xhr, type, filter ) { + var ct = xhr.getResponseHeader("content-type"), + xml = type == "xml" || !type && ct && ct.indexOf("xml") >= 0, + data = xml ? xhr.responseXML : xhr.responseText; + + if ( xml && data.documentElement.tagName == "parsererror" ) + throw "parsererror"; + + // Allow a pre-filtering function to sanitize the response + if( filter ) + data = filter( data, type ); + + // If the type is "script", eval it in global context + if ( type == "script" ) + jQuery.globalEval( data ); + + // Get the JavaScript object, if JSON is used. + if ( type == "json" ) + data = eval("(" + data + ")"); + + return data; + }, + + // Serialize an array of form elements or a set of + // key/values into a query string + param: function( a ) { + var s = [ ]; + + function add( key, value ){ + s[ s.length ] = encodeURIComponent(key) + '=' + encodeURIComponent(value); + }; + + // If an array was passed in, assume that it is an array + // of form elements + if ( a.constructor == Array || a.jquery ) + // Serialize the form elements + jQuery.each( a, function(){ + add( this.name, this.value ); + }); + + // Otherwise, assume that it's an object of key/value pairs + else + // Serialize the key/values + for ( var j in a ) + // If the value is an array then the key names need to be repeated + if ( a[j] && a[j].constructor == Array ) + jQuery.each( a[j], function(){ + add( j, this ); + }); + else + add( j, jQuery.isFunction(a[j]) ? a[j]() : a[j] ); + + // Return the resulting serialization + return s.join("&").replace(/%20/g, "+"); + } + +}); +jQuery.fn.extend({ + show: function(speed,callback){ + return speed ? + this.animate({ + height: "show", width: "show", opacity: "show" + }, speed, callback) : + + this.filter(":hidden").each(function(){ + this.style.display = this.oldblock || ""; + if ( jQuery.css(this,"display") == "none" ) { + var elem = jQuery("<" + this.tagName + " />").appendTo("body"); + this.style.display = elem.css("display"); + // handle an edge condition where css is - div { display:none; } or similar + if (this.style.display == "none") + this.style.display = "block"; + elem.remove(); + } + }).end(); + }, + + hide: function(speed,callback){ + return speed ? + this.animate({ + height: "hide", width: "hide", opacity: "hide" + }, speed, callback) : + + this.filter(":visible").each(function(){ + this.oldblock = this.oldblock || jQuery.css(this,"display"); + this.style.display = "none"; + }).end(); + }, + + // Save the old toggle function + _toggle: jQuery.fn.toggle, + + toggle: function( fn, fn2 ){ + return jQuery.isFunction(fn) && jQuery.isFunction(fn2) ? + this._toggle.apply( this, arguments ) : + fn ? + this.animate({ + height: "toggle", width: "toggle", opacity: "toggle" + }, fn, fn2) : + this.each(function(){ + jQuery(this)[ jQuery(this).is(":hidden") ? "show" : "hide" ](); + }); + }, + + slideDown: function(speed,callback){ + return this.animate({height: "show"}, speed, callback); + }, + + slideUp: function(speed,callback){ + return this.animate({height: "hide"}, speed, callback); + }, + + slideToggle: function(speed, callback){ + return this.animate({height: "toggle"}, speed, callback); + }, + + fadeIn: function(speed, callback){ + return this.animate({opacity: "show"}, speed, callback); + }, + + fadeOut: function(speed, callback){ + return this.animate({opacity: "hide"}, speed, callback); + }, + + fadeTo: function(speed,to,callback){ + return this.animate({opacity: to}, speed, callback); + }, + + animate: function( prop, speed, easing, callback ) { + var optall = jQuery.speed(speed, easing, callback); + + return this[ optall.queue === false ? "each" : "queue" ](function(){ + if ( this.nodeType != 1) + return false; + + var opt = jQuery.extend({}, optall), p, + hidden = jQuery(this).is(":hidden"), self = this; + + for ( p in prop ) { + if ( prop[p] == "hide" && hidden || prop[p] == "show" && !hidden ) + return opt.complete.call(this); + + if ( p == "height" || p == "width" ) { + // Store display property + opt.display = jQuery.css(this, "display"); + + // Make sure that nothing sneaks out + opt.overflow = this.style.overflow; + } + } + + if ( opt.overflow != null ) + this.style.overflow = "hidden"; + + opt.curAnim = jQuery.extend({}, prop); + + jQuery.each( prop, function(name, val){ + var e = new jQuery.fx( self, opt, name ); + + if ( /toggle|show|hide/.test(val) ) + e[ val == "toggle" ? hidden ? "show" : "hide" : val ]( prop ); + else { + var parts = val.toString().match(/^([+-]=)?([\d+-.]+)(.*)$/), + start = e.cur(true) || 0; + + if ( parts ) { + var end = parseFloat(parts[2]), + unit = parts[3] || "px"; + + // We need to compute starting value + if ( unit != "px" ) { + self.style[ name ] = (end || 1) + unit; + start = ((end || 1) / e.cur(true)) * start; + self.style[ name ] = start + unit; + } + + // If a +=/-= token was provided, we're doing a relative animation + if ( parts[1] ) + end = ((parts[1] == "-=" ? -1 : 1) * end) + start; + + e.custom( start, end, unit ); + } else + e.custom( start, val, "" ); + } + }); + + // For JS strict compliance + return true; + }); + }, + + queue: function(type, fn){ + if ( jQuery.isFunction(type) || ( type && type.constructor == Array )) { + fn = type; + type = "fx"; + } + + if ( !type || (typeof type == "string" && !fn) ) + return queue( this[0], type ); + + return this.each(function(){ + if ( fn.constructor == Array ) + queue(this, type, fn); + else { + queue(this, type).push( fn ); + + if ( queue(this, type).length == 1 ) + fn.call(this); + } + }); + }, + + stop: function(clearQueue, gotoEnd){ + var timers = jQuery.timers; + + if (clearQueue) + this.queue([]); + + this.each(function(){ + // go in reverse order so anything added to the queue during the loop is ignored + for ( var i = timers.length - 1; i >= 0; i-- ) + if ( timers[i].elem == this ) { + if (gotoEnd) + // force the next step to be the last + timers[i](true); + timers.splice(i, 1); + } + }); + + // start the next in the queue if the last step wasn't forced + if (!gotoEnd) + this.dequeue(); + + return this; + } + +}); + +var queue = function( elem, type, array ) { + if ( elem ){ + + type = type || "fx"; + + var q = jQuery.data( elem, type + "queue" ); + + if ( !q || array ) + q = jQuery.data( elem, type + "queue", jQuery.makeArray(array) ); + + } + return q; +}; + +jQuery.fn.dequeue = function(type){ + type = type || "fx"; + + return this.each(function(){ + var q = queue(this, type); + + q.shift(); + + if ( q.length ) + q[0].call( this ); + }); +}; + +jQuery.extend({ + + speed: function(speed, easing, fn) { + var opt = speed && speed.constructor == Object ? speed : { + complete: fn || !fn && easing || + jQuery.isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && easing.constructor != Function && easing + }; + + opt.duration = (opt.duration && opt.duration.constructor == Number ? + opt.duration : + jQuery.fx.speeds[opt.duration]) || jQuery.fx.speeds.def; + + // Queueing + opt.old = opt.complete; + opt.complete = function(){ + if ( opt.queue !== false ) + jQuery(this).dequeue(); + if ( jQuery.isFunction( opt.old ) ) + opt.old.call( this ); + }; + + return opt; + }, + + easing: { + linear: function( p, n, firstNum, diff ) { + return firstNum + diff * p; + }, + swing: function( p, n, firstNum, diff ) { + return ((-Math.cos(p*Math.PI)/2) + 0.5) * diff + firstNum; + } + }, + + timers: [], + timerId: null, + + fx: function( elem, options, prop ){ + this.options = options; + this.elem = elem; + this.prop = prop; + + if ( !options.orig ) + options.orig = {}; + } + +}); + +jQuery.fx.prototype = { + + // Simple function for setting a style value + update: function(){ + if ( this.options.step ) + this.options.step.call( this.elem, this.now, this ); + + (jQuery.fx.step[this.prop] || jQuery.fx.step._default)( this ); + + // Set display property to block for height/width animations + if ( this.prop == "height" || this.prop == "width" ) + this.elem.style.display = "block"; + }, + + // Get the current size + cur: function(force){ + if ( this.elem[this.prop] != null && this.elem.style[this.prop] == null ) + return this.elem[ this.prop ]; + + var r = parseFloat(jQuery.css(this.elem, this.prop, force)); + return r && r > -10000 ? r : parseFloat(jQuery.curCSS(this.elem, this.prop)) || 0; + }, + + // Start an animation from one number to another + custom: function(from, to, unit){ + this.startTime = now(); + this.start = from; + this.end = to; + this.unit = unit || this.unit || "px"; + this.now = this.start; + this.pos = this.state = 0; + this.update(); + + var self = this; + function t(gotoEnd){ + return self.step(gotoEnd); + } + + t.elem = this.elem; + + jQuery.timers.push(t); + + if ( jQuery.timerId == null ) { + jQuery.timerId = setInterval(function(){ + var timers = jQuery.timers; + + for ( var i = 0; i < timers.length; i++ ) + if ( !timers[i]() ) + timers.splice(i--, 1); + + if ( !timers.length ) { + clearInterval( jQuery.timerId ); + jQuery.timerId = null; + } + }, 13); + } + }, + + // Simple 'show' function + show: function(){ + // Remember where we started, so that we can go back to it later + this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); + this.options.show = true; + + // Begin the animation + this.custom(0, this.cur()); + + // Make sure that we start at a small width/height to avoid any + // flash of content + if ( this.prop == "width" || this.prop == "height" ) + this.elem.style[this.prop] = "1px"; + + // Start by showing the element + jQuery(this.elem).show(); + }, + + // Simple 'hide' function + hide: function(){ + // Remember where we started, so that we can go back to it later + this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); + this.options.hide = true; + + // Begin the animation + this.custom(this.cur(), 0); + }, + + // Each step of an animation + step: function(gotoEnd){ + var t = now(); + + if ( gotoEnd || t > this.options.duration + this.startTime ) { + this.now = this.end; + this.pos = this.state = 1; + this.update(); + + this.options.curAnim[ this.prop ] = true; + + var done = true; + for ( var i in this.options.curAnim ) + if ( this.options.curAnim[i] !== true ) + done = false; + + if ( done ) { + if ( this.options.display != null ) { + // Reset the overflow + this.elem.style.overflow = this.options.overflow; + + // Reset the display + this.elem.style.display = this.options.display; + if ( jQuery.css(this.elem, "display") == "none" ) + this.elem.style.display = "block"; + } + + // Hide the element if the "hide" operation was done + if ( this.options.hide ) + this.elem.style.display = "none"; + + // Reset the properties, if the item has been hidden or shown + if ( this.options.hide || this.options.show ) + for ( var p in this.options.curAnim ) + jQuery.attr(this.elem.style, p, this.options.orig[p]); + } + + if ( done ) + // Execute the complete function + this.options.complete.call( this.elem ); + + return false; + } else { + var n = t - this.startTime; + this.state = n / this.options.duration; + + // Perform the easing function, defaults to swing + this.pos = jQuery.easing[this.options.easing || (jQuery.easing.swing ? "swing" : "linear")](this.state, n, 0, 1, this.options.duration); + this.now = this.start + ((this.end - this.start) * this.pos); + + // Perform the next step of the animation + this.update(); + } + + return true; + } + +}; + +jQuery.extend( jQuery.fx, { + speeds:{ + slow: 600, + fast: 200, + // Default speed + def: 400 + }, + step: { + scrollLeft: function(fx){ + fx.elem.scrollLeft = fx.now; + }, + + scrollTop: function(fx){ + fx.elem.scrollTop = fx.now; + }, + + opacity: function(fx){ + jQuery.attr(fx.elem.style, "opacity", fx.now); + }, + + _default: function(fx){ + fx.elem.style[ fx.prop ] = fx.now + fx.unit; + } + } +}); +// The Offset Method +// Originally By Brandon Aaron, part of the Dimension Plugin +// http://jquery.com/plugins/project/dimensions +jQuery.fn.offset = function() { + var left = 0, top = 0, elem = this[0], results; + + if ( elem ) with ( jQuery.browser ) { + var parent = elem.parentNode, + offsetChild = elem, + offsetParent = elem.offsetParent, + doc = elem.ownerDocument, + safari2 = safari && parseInt(version) < 522 && !/adobeair/i.test(userAgent), + css = jQuery.curCSS, + fixed = css(elem, "position") == "fixed"; + + // Use getBoundingClientRect if available + if ( !(mozilla && elem == document.body) && elem.getBoundingClientRect ) { + var box = elem.getBoundingClientRect(); + + // Add the document scroll offsets + add(box.left + Math.max(doc.documentElement.scrollLeft, doc.body.scrollLeft), + box.top + Math.max(doc.documentElement.scrollTop, doc.body.scrollTop)); + + // IE adds the HTML element's border, by default it is medium which is 2px + // IE 6 and 7 quirks mode the border width is overwritable by the following css html { border: 0; } + // IE 7 standards mode, the border is always 2px + // This border/offset is typically represented by the clientLeft and clientTop properties + // However, in IE6 and 7 quirks mode the clientLeft and clientTop properties are not updated when overwriting it via CSS + // Therefore this method will be off by 2px in IE while in quirksmode + add( -doc.documentElement.clientLeft, -doc.documentElement.clientTop ); + + // Otherwise loop through the offsetParents and parentNodes + } else { + + // Initial element offsets + add( elem.offsetLeft, elem.offsetTop ); + + // Get parent offsets + while ( offsetParent ) { + // Add offsetParent offsets + add( offsetParent.offsetLeft, offsetParent.offsetTop ); + + // Mozilla and Safari > 2 does not include the border on offset parents + // However Mozilla adds the border for table or table cells + if ( mozilla && !/^t(able|d|h)$/i.test(offsetParent.tagName) || safari && !safari2 ) + border( offsetParent ); + + // Add the document scroll offsets if position is fixed on any offsetParent + if ( !fixed && css(offsetParent, "position") == "fixed" ) + fixed = true; + + // Set offsetChild to previous offsetParent unless it is the body element + offsetChild = /^body$/i.test(offsetParent.tagName) ? offsetChild : offsetParent; + // Get next offsetParent + offsetParent = offsetParent.offsetParent; + } + + // Get parent scroll offsets + while ( parent && parent.tagName && !/^body|html$/i.test(parent.tagName) ) { + // Remove parent scroll UNLESS that parent is inline or a table to work around Opera inline/table scrollLeft/Top bug + if ( !/^inline|table.*$/i.test(css(parent, "display")) ) + // Subtract parent scroll offsets + add( -parent.scrollLeft, -parent.scrollTop ); + + // Mozilla does not add the border for a parent that has overflow != visible + if ( mozilla && css(parent, "overflow") != "visible" ) + border( parent ); + + // Get next parent + parent = parent.parentNode; + } + + // Safari <= 2 doubles body offsets with a fixed position element/offsetParent or absolutely positioned offsetChild + // Mozilla doubles body offsets with a non-absolutely positioned offsetChild + if ( (safari2 && (fixed || css(offsetChild, "position") == "absolute")) || + (mozilla && css(offsetChild, "position") != "absolute") ) + add( -doc.body.offsetLeft, -doc.body.offsetTop ); + + // Add the document scroll offsets if position is fixed + if ( fixed ) + add(Math.max(doc.documentElement.scrollLeft, doc.body.scrollLeft), + Math.max(doc.documentElement.scrollTop, doc.body.scrollTop)); + } + + // Return an object with top and left properties + results = { top: top, left: left }; + } + + function border(elem) { + add( jQuery.curCSS(elem, "borderLeftWidth", true), jQuery.curCSS(elem, "borderTopWidth", true) ); + } + + function add(l, t) { + left += parseInt(l, 10) || 0; + top += parseInt(t, 10) || 0; + } + + return results; +}; + + +jQuery.fn.extend({ + position: function() { + var left = 0, top = 0, results; + + if ( this[0] ) { + // Get *real* offsetParent + var offsetParent = this.offsetParent(), + + // Get correct offsets + offset = this.offset(), + parentOffset = /^body|html$/i.test(offsetParent[0].tagName) ? { top: 0, left: 0 } : offsetParent.offset(); + + // Subtract element margins + // note: when an element has margin: auto the offsetLeft and marginLeft + // are the same in Safari causing offset.left to incorrectly be 0 + offset.top -= num( this, 'marginTop' ); + offset.left -= num( this, 'marginLeft' ); + + // Add offsetParent borders + parentOffset.top += num( offsetParent, 'borderTopWidth' ); + parentOffset.left += num( offsetParent, 'borderLeftWidth' ); + + // Subtract the two offsets + results = { + top: offset.top - parentOffset.top, + left: offset.left - parentOffset.left + }; + } + + return results; + }, + + offsetParent: function() { + var offsetParent = this[0].offsetParent; + while ( offsetParent && (!/^body|html$/i.test(offsetParent.tagName) && jQuery.css(offsetParent, 'position') == 'static') ) + offsetParent = offsetParent.offsetParent; + return jQuery(offsetParent); + } +}); + + +// Create scrollLeft and scrollTop methods +jQuery.each( ['Left', 'Top'], function(i, name) { + var method = 'scroll' + name; + + jQuery.fn[ method ] = function(val) { + if (!this[0]) return; + + return val != undefined ? + + // Set the scroll offset + this.each(function() { + this == window || this == document ? + window.scrollTo( + !i ? val : jQuery(window).scrollLeft(), + i ? val : jQuery(window).scrollTop() + ) : + this[ method ] = val; + }) : + + // Return the scroll offset + this[0] == window || this[0] == document ? + self[ i ? 'pageYOffset' : 'pageXOffset' ] || + jQuery.boxModel && document.documentElement[ method ] || + document.body[ method ] : + this[0][ method ]; + }; +}); +// Create innerHeight, innerWidth, outerHeight and outerWidth methods +jQuery.each([ "Height", "Width" ], function(i, name){ + + var tl = i ? "Left" : "Top", // top or left + br = i ? "Right" : "Bottom"; // bottom or right + + // innerHeight and innerWidth + jQuery.fn["inner" + name] = function(){ + return this[ name.toLowerCase() ]() + + num(this, "padding" + tl) + + num(this, "padding" + br); + }; + + // outerHeight and outerWidth + jQuery.fn["outer" + name] = function(margin) { + return this["inner" + name]() + + num(this, "border" + tl + "Width") + + num(this, "border" + br + "Width") + + (margin ? + num(this, "margin" + tl) + num(this, "margin" + br) : 0); + }; + +});})(); diff --git a/plugins/Autocomplete/jquery-autocomplete/lib/thickbox-compressed.js b/plugins/Autocomplete/jquery-autocomplete/lib/thickbox-compressed.js new file mode 100644 index 000000000..28364be77 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/lib/thickbox-compressed.js @@ -0,0 +1,10 @@ +/* + * Thickbox 3 - One Box To Rule Them All. + * By Cody Lindley (http://www.codylindley.com) + * Copyright (c) 2007 cody lindley + * Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php +*/ + +var tb_pathToImage = "images/loadingAnimation.gif"; + +eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(o).2S(9(){1u(\'a.18, 3n.18, 3i.18\');1w=1p 1t();1w.L=2H});9 1u(b){$(b).s(9(){6 t=X.Q||X.1v||M;6 a=X.u||X.23;6 g=X.1N||P;19(t,a,g);X.2E();H P})}9 19(d,f,g){3m{3(2t o.v.J.2i==="2g"){$("v","11").r({A:"28%",z:"28%"});$("11").r("22","2Z");3(o.1Y("1F")===M){$("v").q("<U 5=\'1F\'></U><4 5=\'B\'></4><4 5=\'8\'></4>");$("#B").s(G)}}n{3(o.1Y("B")===M){$("v").q("<4 5=\'B\'></4><4 5=\'8\'></4>");$("#B").s(G)}}3(1K()){$("#B").1J("2B")}n{$("#B").1J("2z")}3(d===M){d=""}$("v").q("<4 5=\'K\'><1I L=\'"+1w.L+"\' /></4>");$(\'#K\').2y();6 h;3(f.O("?")!==-1){h=f.3l(0,f.O("?"))}n{h=f}6 i=/\\.2s$|\\.2q$|\\.2m$|\\.2l$|\\.2k$/;6 j=h.1C().2h(i);3(j==\'.2s\'||j==\'.2q\'||j==\'.2m\'||j==\'.2l\'||j==\'.2k\'){1D="";1G="";14="";1z="";1x="";R="";1n="";1r=P;3(g){E=$("a[@1N="+g+"]").36();25(D=0;((D<E.1c)&&(R===""));D++){6 k=E[D].u.1C().2h(i);3(!(E[D].u==f)){3(1r){1z=E[D].Q;1x=E[D].u;R="<1e 5=\'1X\'>&1d;&1d;<a u=\'#\'>2T &2R;</a></1e>"}n{1D=E[D].Q;1G=E[D].u;14="<1e 5=\'1U\'>&1d;&1d;<a u=\'#\'>&2O; 2N</a></1e>"}}n{1r=1b;1n="1t "+(D+1)+" 2L "+(E.1c)}}}S=1p 1t();S.1g=9(){S.1g=M;6 a=2x();6 x=a[0]-1M;6 y=a[1]-1M;6 b=S.z;6 c=S.A;3(b>x){c=c*(x/b);b=x;3(c>y){b=b*(y/c);c=y}}n 3(c>y){b=b*(y/c);c=y;3(b>x){c=c*(x/b);b=x}}13=b+30;1a=c+2G;$("#8").q("<a u=\'\' 5=\'1L\' Q=\'1o\'><1I 5=\'2F\' L=\'"+f+"\' z=\'"+b+"\' A=\'"+c+"\' 23=\'"+d+"\'/></a>"+"<4 5=\'2D\'>"+d+"<4 5=\'2C\'>"+1n+14+R+"</4></4><4 5=\'2A\'><a u=\'#\' 5=\'Z\' Q=\'1o\'>1l</a> 1k 1j 1s</4>");$("#Z").s(G);3(!(14==="")){9 12(){3($(o).N("s",12)){$(o).N("s",12)}$("#8").C();$("v").q("<4 5=\'8\'></4>");19(1D,1G,g);H P}$("#1U").s(12)}3(!(R==="")){9 1i(){$("#8").C();$("v").q("<4 5=\'8\'></4>");19(1z,1x,g);H P}$("#1X").s(1i)}o.1h=9(e){3(e==M){I=2w.2v}n{I=e.2u}3(I==27){G()}n 3(I==3k){3(!(R=="")){o.1h="";1i()}}n 3(I==3j){3(!(14=="")){o.1h="";12()}}};16();$("#K").C();$("#1L").s(G);$("#8").r({Y:"T"})};S.L=f}n{6 l=f.2r(/^[^\\?]+\\??/,\'\');6 m=2p(l);13=(m[\'z\']*1)+30||3h;1a=(m[\'A\']*1)+3g||3f;W=13-30;V=1a-3e;3(f.O(\'2j\')!=-1){1E=f.1B(\'3d\');$("#15").C();3(m[\'1A\']!="1b"){$("#8").q("<4 5=\'2f\'><4 5=\'1H\'>"+d+"</4><4 5=\'2e\'><a u=\'#\' 5=\'Z\' Q=\'1o\'>1l</a> 1k 1j 1s</4></4><U 1W=\'0\' 2d=\'0\' L=\'"+1E[0]+"\' 5=\'15\' 1v=\'15"+1f.2c(1f.1y()*2b)+"\' 1g=\'1m()\' J=\'z:"+(W+29)+"p;A:"+(V+17)+"p;\' > </U>")}n{$("#B").N();$("#8").q("<U 1W=\'0\' 2d=\'0\' L=\'"+1E[0]+"\' 5=\'15\' 1v=\'15"+1f.2c(1f.1y()*2b)+"\' 1g=\'1m()\' J=\'z:"+(W+29)+"p;A:"+(V+17)+"p;\'> </U>")}}n{3($("#8").r("Y")!="T"){3(m[\'1A\']!="1b"){$("#8").q("<4 5=\'2f\'><4 5=\'1H\'>"+d+"</4><4 5=\'2e\'><a u=\'#\' 5=\'Z\'>1l</a> 1k 1j 1s</4></4><4 5=\'F\' J=\'z:"+W+"p;A:"+V+"p\'></4>")}n{$("#B").N();$("#8").q("<4 5=\'F\' 3c=\'3b\' J=\'z:"+W+"p;A:"+V+"p;\'></4>")}}n{$("#F")[0].J.z=W+"p";$("#F")[0].J.A=V+"p";$("#F")[0].3a=0;$("#1H").11(d)}}$("#Z").s(G);3(f.O(\'37\')!=-1){$("#F").q($(\'#\'+m[\'26\']).1T());$("#8").24(9(){$(\'#\'+m[\'26\']).q($("#F").1T())});16();$("#K").C();$("#8").r({Y:"T"})}n 3(f.O(\'2j\')!=-1){16();3($.1q.35){$("#K").C();$("#8").r({Y:"T"})}}n{$("#F").34(f+="&1y="+(1p 33().32()),9(){16();$("#K").C();1u("#F a.18");$("#8").r({Y:"T"})})}}3(!m[\'1A\']){o.21=9(e){3(e==M){I=2w.2v}n{I=e.2u}3(I==27){G()}}}}31(e){}}9 1m(){$("#K").C();$("#8").r({Y:"T"})}9 G(){$("#2Y").N("s");$("#Z").N("s");$("#8").2X("2W",9(){$(\'#8,#B,#1F\').2V("24").N().C()});$("#K").C();3(2t o.v.J.2i=="2g"){$("v","11").r({A:"1Z",z:"1Z"});$("11").r("22","")}o.1h="";o.21="";H P}9 16(){$("#8").r({2U:\'-\'+20((13/2),10)+\'p\',z:13+\'p\'});3(!(1V.1q.2Q&&1V.1q.2P<7)){$("#8").r({38:\'-\'+20((1a/2),10)+\'p\'})}}9 2p(a){6 b={};3(!a){H b}6 c=a.1B(/[;&]/);25(6 i=0;i<c.1c;i++){6 d=c[i].1B(\'=\');3(!d||d.1c!=2){39}6 e=2a(d[0]);6 f=2a(d[1]);f=f.2r(/\\+/g,\' \');b[e]=f}H b}9 2x(){6 a=o.2M;6 w=1S.2o||1R.2o||(a&&a.1Q)||o.v.1Q;6 h=1S.1P||1R.1P||(a&&a.2n)||o.v.2n;1O=[w,h];H 1O}9 1K(){6 a=2K.2J.1C();3(a.O(\'2I\')!=-1&&a.O(\'3o\')!=-1){H 1b}}',62,211,'|||if|div|id|var||TB_window|function||||||||||||||else|document|px|append|css|click||href|body||||width|height|TB_overlay|remove|TB_Counter|TB_TempArray|TB_ajaxContent|tb_remove|return|keycode|style|TB_load|src|null|unbind|indexOf|false|title|TB_NextHTML|imgPreloader|block|iframe|ajaxContentH|ajaxContentW|this|display|TB_closeWindowButton||html|goPrev|TB_WIDTH|TB_PrevHTML|TB_iframeContent|tb_position||thickbox|tb_show|TB_HEIGHT|true|length|nbsp|span|Math|onload|onkeydown|goNext|Esc|or|close|tb_showIframe|TB_imageCount|Close|new|browser|TB_FoundURL|Key|Image|tb_init|name|imgLoader|TB_NextURL|random|TB_NextCaption|modal|split|toLowerCase|TB_PrevCaption|urlNoQuery|TB_HideSelect|TB_PrevURL|TB_ajaxWindowTitle|img|addClass|tb_detectMacXFF|TB_ImageOff|150|rel|arrayPageSize|innerHeight|clientWidth|self|window|children|TB_prev|jQuery|frameborder|TB_next|getElementById|auto|parseInt|onkeyup|overflow|alt|unload|for|inlineId||100||unescape|1000|round|hspace|TB_closeAjaxWindow|TB_title|undefined|match|maxHeight|TB_iframe|bmp|gif|png|clientHeight|innerWidth|tb_parseQuery|jpeg|replace|jpg|typeof|which|keyCode|event|tb_getPageSize|show|TB_overlayBG|TB_closeWindow|TB_overlayMacFFBGHack|TB_secondLine|TB_caption|blur|TB_Image|60|tb_pathToImage|mac|userAgent|navigator|of|documentElement|Prev|lt|version|msie|gt|ready|Next|marginLeft|trigger|fast|fadeOut|TB_imageOff|hidden||catch|getTime|Date|load|safari|get|TB_inline|marginTop|continue|scrollTop|TB_modal|class|TB_|45|440|40|630|input|188|190|substr|try|area|firefox'.split('|'),0,{}))
\ No newline at end of file diff --git a/plugins/Autocomplete/jquery-autocomplete/lib/thickbox.css b/plugins/Autocomplete/jquery-autocomplete/lib/thickbox.css new file mode 100644 index 000000000..d24b9bedf --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/lib/thickbox.css @@ -0,0 +1,163 @@ +/* ----------------------------------------------------------------------------------------------------------------*/ +/* ---------->>> global settings needed for thickbox <<<-----------------------------------------------------------*/ +/* ----------------------------------------------------------------------------------------------------------------*/ +*{padding: 0; margin: 0;} + +/* ----------------------------------------------------------------------------------------------------------------*/ +/* ---------->>> thickbox specific link and font settings <<<------------------------------------------------------*/ +/* ----------------------------------------------------------------------------------------------------------------*/ +#TB_window { + font: 12px Arial, Helvetica, sans-serif; + color: #333333; +} + +#TB_secondLine { + font: 10px Arial, Helvetica, sans-serif; + color:#666666; +} + +#TB_window a:link {color: #666666;} +#TB_window a:visited {color: #666666;} +#TB_window a:hover {color: #000;} +#TB_window a:active {color: #666666;} +#TB_window a:focus{color: #666666;} + +/* ----------------------------------------------------------------------------------------------------------------*/ +/* ---------->>> thickbox settings <<<-----------------------------------------------------------------------------*/ +/* ----------------------------------------------------------------------------------------------------------------*/ +#TB_overlay { + position: fixed; + z-index:100; + top: 0px; + left: 0px; + height:100%; + width:100%; +} + +.TB_overlayMacFFBGHack {background: url(macFFBgHack.png) repeat;} +.TB_overlayBG { + background-color:#000; + filter:alpha(opacity=75); + -moz-opacity: 0.75; + opacity: 0.75; +} + +* html #TB_overlay { /* ie6 hack */ + position: absolute; + height: expression(document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px'); +} + +#TB_window { + position: fixed; + background: #ffffff; + z-index: 102; + color:#000000; + display:none; + border: 4px solid #525252; + text-align:left; + top:50%; + left:50%; +} + +* html #TB_window { /* ie6 hack */ +position: absolute; +margin-top: expression(0 - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px'); +} + +#TB_window img#TB_Image { + display:block; + margin: 15px 0 0 15px; + border-right: 1px solid #ccc; + border-bottom: 1px solid #ccc; + border-top: 1px solid #666; + border-left: 1px solid #666; +} + +#TB_caption{ + height:25px; + padding:7px 30px 10px 25px; + float:left; +} + +#TB_closeWindow{ + height:25px; + padding:11px 25px 10px 0; + float:right; +} + +#TB_closeAjaxWindow{ + padding:7px 10px 5px 0; + margin-bottom:1px; + text-align:right; + float:right; +} + +#TB_ajaxWindowTitle{ + float:left; + padding:7px 0 5px 10px; + margin-bottom:1px; +} + +#TB_title{ + background-color:#e8e8e8; + height:27px; +} + +#TB_ajaxContent{ + clear:both; + padding:2px 15px 15px 15px; + overflow:auto; + text-align:left; + line-height:1.4em; +} + +#TB_ajaxContent.TB_modal{ + padding:15px; +} + +#TB_ajaxContent p{ + padding:5px 0px 5px 0px; +} + +#TB_load{ + position: fixed; + display:none; + height:13px; + width:208px; + z-index:103; + top: 50%; + left: 50%; + margin: -6px 0 0 -104px; /* -height/2 0 0 -width/2 */ +} + +* html #TB_load { /* ie6 hack */ +position: absolute; +margin-top: expression(0 - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px'); +} + +#TB_HideSelect{ + z-index:99; + position:fixed; + top: 0; + left: 0; + background-color:#fff; + border:none; + filter:alpha(opacity=0); + -moz-opacity: 0; + opacity: 0; + height:100%; + width:100%; +} + +* html #TB_HideSelect { /* ie6 hack */ + position: absolute; + height: expression(document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px'); +} + +#TB_iframeContent{ + clear:both; + border:none; + margin-bottom:-1px; + margin-top:1px; + _margin-bottom:1px; +} diff --git a/plugins/Autocomplete/jquery-autocomplete/todo b/plugins/Autocomplete/jquery-autocomplete/todo new file mode 100644 index 000000000..a8f03afc9 --- /dev/null +++ b/plugins/Autocomplete/jquery-autocomplete/todo @@ -0,0 +1,166 @@ +TODO
+
+- test formatItem implementation that returns (clickable) anchors
+- bug: handle del key; eg. type a letter, remove it using del, type same letter again: nothing happens
+- handle up/down keys in textarea (prevent default while select is open?)
+- docs: max:0 works, too, "removing" it(??)
+- fix ac_loading/options.loadingClass
+- support/enable request urls like foo/bar/10 instead of foo/q=10
+- urlencode request term before passing to $.ajax/data; evaluate why $.ajax doesn't handle that itself, if at all; try with umlauts, russian/danish/chinese characeters (see validate)
+- test what happens when an element gets focused programmatically (maybe even before then autcomplete is applied)
+- check if blur on selecting can be removed
+- fix keyhandling to ignore metakeys, eg. shift; especially important for chinese characters that need more then one key
+- enhance mustMatch: provide event/callback when a value gets deleted
+- handle tab key different then enter, eg. don't blur field or prevent default, just let it move on; in any case, no need to blur the field when selecting a value via tab, unlike return
+- prevent redundant requests on
+ - superstring returned no result, no need to query again for substring, eg. pete returned nothing, peter won't either
+ - previous query mustn't be requested again, eg. pete returns 10 lines, peter nothing, backspace to pete should get the 10 lines from cache (may need TimeToLive setting for cache to invalidate it)
+- incorporate improvements and suggestions by Hector: http://beta.winserver.com/public/test/MultiSuggestTest.wct
+- json support: An optional JSON format, that assumes a certain JSON format as default and just looks for a dataType "json" to be activated; [records], where each record is { id:String, label:String, moreOptionalValues... }
+- accept callback as first argument to let users implement their own dynamic data (no caching) - consider async API
+- allow users to keep their incomplete value when pressing tab, just mimic the default-browser-autocomplete: tab doesn't select any proposed value -> tab closes the select and works normal otherwise
+- small bug in your autocomplete, When setting autoFill:true I would expect formatResult to be called on autofill, it seems not to be the case.
+- add a callback to allow decoding the response
+- allow modification of not-last value in multiple-fields
+@option Number size Limit the number of items to show at once. Default:
+@option Function parse - TEST AND DOCUMENT ME
+- add option to display selectbox on focus
+
+$input.bind("show", function() {
+ if ( !select.visible() ) {
+ onChange(0, true);
+ }
+});
+
+- reference: http://capxous.com/
+ - add "try ..." hints to demo
+ - check out demos
+- reference: http://createwebapp.com/demo/
+
+- add option to hide selectbox when no match is found - see comment by Ian on plugin page (14. Juli 2007 04:31)
+- add example for reinitializing an autocomplete using unbind()
+
+- Add option to pass through additional arguments to $.ajax, like type to use POST instead of GET
+
+ - I found out that the problem with UTF-8 not being correctly sent can be solved on the server side by applying (PHP) rawurldecode() function, which decodes the Unicode characters sent by GET method and therefore URL-encoded.
+-> add that hint to docs and examples
+
+But I am trying this with these three values: “foo bar”, “foo foo”, and “foo far”, and if I enter “b” (or “ba”) nothing matches, if I enter “f” all three do match, and if I enter “fa” the last one matches.
+The problem seems to be that the cache is implemented with a first-character hashtable, so only after matching the first character, the latter ones are searched for.
+
+xml example:
+<script type="text/javascript">
+ function parseXML(data) {
+ var results = [];
+ var branches = $(data).find('item');
+ $(branches).each(function() {
+ var text = $.trim($(this).find('text').text());
+ var value = $.trim($(this).find('value').text());
+ //console.log(text);
+ //console.log(value);
+ results[results.length] = {'data': this, 'result': value, 'value': text};
+ });
+ $(results).each(function() {
+ //console.log('value', this.value);
+ //console.log('text', this.text);
+ });
+ //console.log(results);
+ return results;
+ };
+ $(YourOojHere).autocomplete(SERVER_AJAX_URL, {parse: parseXML});
+ </script>
+<?xml version="1.0"?>
+<ajaxresponse>
+ <item>
+ <text>
+ <![CDATA[<b>FreeNode:</b> irc.freenode.net:6667]]>
+ </text>
+ <value><![CDATA[irc.freenode.net:6667]]></value>
+ </item><item>
+ <text>
+ <![CDATA[<b>irc.oftc.net</b>:6667]]>
+ </text>
+ <value><![CDATA[irc.oftc.net:6667]]></value>
+ </item><item>
+ <text>
+ <![CDATA[<b>irc.undernet.org</b>:6667]]>
+ </text>
+ <value><![CDATA[irc.undernet.org:6667]]></value>
+ </item>
+</ajaxresponse>
+
+
+
+Hi all,
+
+I use Autocomplete 1.0 Alpha mostly for form inputs bound to foreign
+key columns. For instance I have a user_position table with two
+columns: user_id and position_id. On new appointment form I have two
+autocomplete text inputs with the following code:
+
+ <input type="text" id="user_id" class="ac_input" tabindex="1" />
+ <input type="text" id="position_id" class="ac_input" tabindex="2" />
+
+As you can see the inputs do not have a name attribute, and when the
+form is submitted their values are not sent, which is all right since
+they will contain strings like:
+
+ 'John Doe'
+ 'Sales Manager'
+
+whereas our backend expects something like:
+
+ 23
+ 14
+
+which are the user_id for John Doe and position_id for Sales Manager.
+To send these values I have two hidden inputs in the form like this:
+
+ <input type="hidden" name="user_id" value="">
+ <input type="hidden" name="position_id" value="">
+
+Also I have the following code in the $().ready function:
+
+ $("#user_id").result(function(event, data, formatted) {
+ $("input[@name=user_id]").val(data[1]);
+ });
+ $("#position_id").result(function(event, data, formatted) {
+ $("input[@name=position_id]").val(data[1]);
+ });
+
+As could be seen these functions stuff user_id and position_id values
+(in our example 23 and 14) into the hidden inputs, and when the form
+is submitted these values are sent:
+
+ user_id = 23
+ position_id = 14
+
+The backend script then takes care of adding a record to our
+user_position table containing those values.
+
+I wonder how could the plugin code be modified to simplify the setup
+by taking care of adding hidden inputs and updating the value of
+hidden inputs as default behavior. I have successfully attempted a
+simpler solution - writing a wrapper to perform these additional tasks
+and invoke autocomplete as well. I hope my intention is clear enough,
+if not, this is exactly the expected outcome:
+
+Before:
+
+ <script type="text/javascript"
+ src="jquery.autocomplete-modified.js"></script>
+ <input type="text" name="user_id" class="ac_input" tabindex="1" />
+
+After:
+
+ <input type="text" id="user_id" class="ac_input" tabindex="1" />
+ <input type="hidden" name="user_id" value="23">
+
+
+Last word, I know this looks like a tall order, and I do not hope
+someone will make a complete working mod for me, but rather would very
+much appreciate helpful advise and directions.
+
+Many thanks in advance
+Majid
+
diff --git a/plugins/Autocomplete/readme.txt b/plugins/Autocomplete/readme.txt new file mode 100644 index 000000000..3272aa1ee --- /dev/null +++ b/plugins/Autocomplete/readme.txt @@ -0,0 +1,6 @@ +Autocomplete allows users to autocomplete screen names in @ replies. When an "@" is typed into the notice text area, an autocomplete box is displayed populated with the user's friends' screen names. + +Installation +============ +Add "addPlugin('Autocomplete');" to the bottom of your config.php +That's it! diff --git a/plugins/FBConnect/FBC_XDReceiver.php b/plugins/FBConnect/FBC_XDReceiver.php index 57c98b4f1..19251cca4 100644 --- a/plugins/FBConnect/FBC_XDReceiver.php +++ b/plugins/FBConnect/FBC_XDReceiver.php @@ -47,9 +47,7 @@ class FBC_XDReceiverAction extends Action header('Expires:'); header('Pragma:'); - $this->startXML('html', - '-//W3C//DTD XHTML 1.0 Strict//EN', - 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'); + $this->startXML('html'); $language = $this->getLanguage(); @@ -58,10 +56,7 @@ class FBC_XDReceiverAction extends Action 'lang' => $language)); $this->elementStart('head'); $this->element('title', null, 'cross domain receiver page'); - $this->element('script', - array('src' => - 'http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js', - 'type' => 'text/javascript'), ''); + $this->script('http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.debug.js'); $this->elementEnd('head'); $this->elementStart('body'); $this->elementEnd('body'); diff --git a/plugins/FBConnect/FBConnectAuth.php b/plugins/FBConnect/FBConnectAuth.php index 3cf9fefc1..a3e2cdadc 100644 --- a/plugins/FBConnect/FBConnectAuth.php +++ b/plugins/FBConnect/FBConnectAuth.php @@ -238,7 +238,7 @@ class FBConnectauthAction extends Action if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { $this->showForm(_('Nickname must have only lowercase letters and numbers and no spaces.')); return; } @@ -418,7 +418,7 @@ class FBConnectauthAction extends Action { if (!Validate::string($str, array('min_length' => 1, 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + 'format' => NICKNAME_FMT))) { return false; } if (!User::allowed_nickname($str)) { diff --git a/plugins/FBConnect/FBConnectPlugin.php b/plugins/FBConnect/FBConnectPlugin.php index 6788793b2..fd16d2bf1 100644 --- a/plugins/FBConnect/FBConnectPlugin.php +++ b/plugins/FBConnect/FBConnectPlugin.php @@ -82,9 +82,7 @@ class FBConnectPlugin extends Plugin $action->extraHeaders(); - $action->startXML('html', - '-//W3C//DTD XHTML 1.0 Strict//EN', - 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'); + $action->startXML('html'); $language = $action->getLanguage(); @@ -118,13 +116,13 @@ class FBConnectPlugin extends Plugin // but we actually do, for IE and Safari. Gar. $html = sprintf('<script type="text/javascript"> - window.onload = function () { + $(document).ready(function () { FB_RequireFeatures( ["XFBML"], function() { FB.init("%s", "../xd_receiver.html"); } - ); } + ); }); function goto_login() { window.location = "%s"; @@ -146,11 +144,7 @@ class FBConnectPlugin extends Plugin function onEndShowFooter($action) { if ($this->reqFbScripts($action)) { - - $action->element('script', - array('type' => 'text/javascript', - 'src' => 'http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php'), - ''); + $action->script('http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php'); } } @@ -158,10 +152,7 @@ class FBConnectPlugin extends Plugin { if ($this->reqFbScripts($action)) { - - $action->element('link', array('rel' => 'stylesheet', - 'type' => 'text/css', - 'href' => common_path('plugins/FBConnect/FBConnectPlugin.css'))); + $action->cssLink('plugins/FBConnect/FBConnectPlugin.css'); } } diff --git a/plugins/FBConnect/README b/plugins/FBConnect/README new file mode 100644 index 000000000..11e5ce453 --- /dev/null +++ b/plugins/FBConnect/README @@ -0,0 +1,76 @@ +This plugin allows you to utilize Facebook Connect with Laconica. +Supported Facebook Connect features: + +- Authenticate (register/login/logout -- works similar to OpenID) +- Associate an existing Laconica account with a Facebook account +- Disconnect a Facebook account from a Laconica account + +Future planned functionality: + +- Invite Facebook friends to use your Laconica installation +- Auto-subscribe Facebook friends already using Laconica +- Share Laconica favorite notices to your Facebook stream + +To use the plugin you will need to configure a Facebook application +to point to your Laconica installation (see the Installation section +below). + +Installation +============ + +If you don't already have the built-in Facebook application configured, +you'll need to log into Facebook and create/configure a new application. +Please follow the instructions in the section titled, "Setting Up Your +Application and Getting an API Key," on the following page of the +Facebook developer wiki: + + http://wiki.developers.facebook.com/index.php/Connect/Setting_Up_Your_Site + +If you already are using the build-in Laconica Facebook application, +you can modify your existing application's configuration using the +Facebook Developer Application on Facebook. Use it to edit your +application settings, and under the 'Connect' tab, change the 'Connect +URL' to be the main URL for your Laconica site. E.g.: + + http://SITE/PATH_TO_LACONICA/ + +After you application is created and configured, you'll need to add its +API key and secret to your Laconica config.php file: + + $config['facebook']['apikey'] = 'APIKEY'; + $config['facebook']['secret'] = 'SECRET'; + +Finally, to enable the plugin, add the following stanza to your +config.php: + + addPlugin('FBConnect'); + +To try out the plugin, fire up your browser and connect to: + + http://SITE/PATH_TO_LACONICA/main/facebooklogin + +or, if you do not have fancy URLs turned on: + + http://SITE/PATH_TO_LACONICA/index.php/main/facebooklogin + +You should see a page with a blue button that says: "Connect with +Facebook". + +Connect/Disconnect existing account +=================================== + +If the Facebook Connect plugin is enabled, there will be a new Facebook +Connect Settings tab under each user's Connect menu. Users can connect +and disconnect to their Facebook accounts from it. Note: Before a user +can disconnect from Facebook, she must set a normal Laconica password. +Otherwise, she might not be able to login in to her account in the +future. This is usually only required for users who have used Facebook +Connect to register their Laconica account, and therefore haven't +already set a local password. + +Helpful links +============= + +Facebook Connect Homepage: +http://developers.facebook.com/connect.php + diff --git a/plugins/InfiniteScroll/InfiniteScrollPlugin.php b/plugins/InfiniteScroll/InfiniteScrollPlugin.php new file mode 100644 index 000000000..1e4a03e4f --- /dev/null +++ b/plugins/InfiniteScroll/InfiniteScrollPlugin.php @@ -0,0 +1,46 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Plugin to enable Infinite Scrolling + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package Laconica + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +class InfiniteScrollPlugin extends Plugin +{ + function __construct() + { + parent::__construct(); + } + + function onEndShowScripts($action) + { + $action->script('plugins/InfiniteScroll/jquery.infinitescroll.min.js'); + $action->script('plugins/InfiniteScroll/infinitescroll.js'); + } +} diff --git a/plugins/InfiniteScroll/ajax-loader.gif b/plugins/InfiniteScroll/ajax-loader.gif Binary files differnew file mode 100644 index 000000000..a576ecd5e --- /dev/null +++ b/plugins/InfiniteScroll/ajax-loader.gif diff --git a/plugins/InfiniteScroll/infinitescroll.js b/plugins/InfiniteScroll/infinitescroll.js new file mode 100644 index 000000000..b80bd4ec5 --- /dev/null +++ b/plugins/InfiniteScroll/infinitescroll.js @@ -0,0 +1,12 @@ +jQuery(document).ready(function($){ + $('notices_primary').infinitescroll({ + nextSelector : "li.nav_next a", + loadingImg : $('address .url')[0].href+'plugins/InfiniteScroll/ajax-loader.gif', + text : "<em>Loading the next set of posts...</em>", + donetext : "<em>Congratulations, you\'ve reached the end of the Internet.</em>", + navSelector : "div.pagination", + contentSelector : "#notices_primary", + itemSelector : "ol.notices" + }); +}); + diff --git a/plugins/InfiniteScroll/jquery.infinitescroll.js b/plugins/InfiniteScroll/jquery.infinitescroll.js new file mode 100644 index 000000000..670686b0e --- /dev/null +++ b/plugins/InfiniteScroll/jquery.infinitescroll.js @@ -0,0 +1,251 @@ + +/*! +// Infinite Scroll jQuery plugin +// copyright Paul Irish, licensed GPL & MIT +// version 1.2.090804 + +// home and docs: http://www.infinite-scroll.com +*/ + +// todo: add preloading option. + +;(function($){ + + $.fn.infinitescroll = function(options,callback){ + + // console log wrapper. + function debug(){ + if (opts.debug) { window.console && console.log.call(console,arguments)} + } + + // grab each selector option and see if any fail. + function areSelectorsValid(opts){ + for (var key in opts){ + if (key.indexOf && key.indexOf('Selector') && $(opts[key]).length === 0){ + debug('Your ' + key + ' found no elements.'); + return false; + } + return true; + } + } + + + // find the number to increment in the path. + function determinePath(path){ + + path.match(relurl) ? path.match(relurl)[2] : path; + + // there is a 2 in the url surrounded by slashes, e.g. /page/2/ + if ( path.match(/^(.*?)\b2\b(.*?$)/) ){ + path = path.match(/^(.*?)\b2\b(.*?$)/).slice(1); + } else + // if there is any 2 in the url at all. + if (path.match(/^(.*?)2(.*?$)/)){ + debug('Trying backup next selector parse technique. Treacherous waters here, matey.'); + path = path.match(/^(.*?)2(.*?$)/).slice(1); + } else { + debug('Sorry, we couldn\'t parse your Next (Previous Posts) URL. Verify your the css selector points to the correct A tag. If you still get this error: yell, scream, and kindly ask for help at infinite-scroll.com.'); + props.isInvalidPage = true; //prevent it from running on this page. + } + + return path; + } + + + // 'document' means the full document usually, but sometimes the content of the overflow'd div in local mode + function getDocumentHeight(){ + // weird doubletouch of scrollheight because http://soulpass.com/2006/07/24/ie-and-scrollheight/ + return opts.localMode ? ($(props.container)[0].scrollHeight && $(props.container)[0].scrollHeight) + // needs to be document's height. (not props.container's) html's height is wrong in IE. + : $(document).height() + } + + + + function isNearBottom(opts,props){ + + // distance remaining in the scroll + // computed as: document height - distance already scroll - viewport height - buffer + var pixelsFromWindowBottomToBottom = getDocumentHeight() - + (opts.localMode ? $(props.container).scrollTop() : + // have to do this bs because safari doesnt report a scrollTop on the html element + ($(props.container).scrollTop() || $(props.container.ownerDocument.body).scrollTop())) - + $(opts.localMode ? props.container : window).height(); + + debug('math:',pixelsFromWindowBottomToBottom, props.pixelsFromNavToBottom); + + // if distance remaining in the scroll (including buffer) is less than the orignal nav to bottom.... + return (pixelsFromWindowBottomToBottom - opts.bufferPx < props.pixelsFromNavToBottom); + } + + function showDoneMsg(){ + props.loadingMsg + .find('img').hide() + .parent() + .find('div').html(opts.donetext).animate({opacity: 1},2000).fadeOut('normal'); + + // user provided callback when done + opts.errorCallback(); + } + + function infscrSetup(path,opts,props,callback){ + + if (props.isDuringAjax || props.isInvalidPage || props.isDone) return; + + if ( !isNearBottom(opts,props) ) return; + + // we dont want to fire the ajax multiple times + props.isDuringAjax = true; + + // show the loading message and hide the previous/next links + props.loadingMsg.appendTo( opts.contentSelector ).show(); + $( opts.navSelector ).hide(); + + // increment the URL bit. e.g. /page/3/ + props.currPage++; + + debug('heading into ajax',path); + + // if we're dealing with a table we can't use DIVs + var box = $(opts.contentSelector).is('table') ? $('<tbody/>') : $('<div/>'); + + box + .attr('id','infscr-page-'+props.currPage) + .addClass('infscr-pages') + .appendTo( opts.contentSelector ) + .load( path.join( props.currPage ) + ' ' + opts.itemSelector,null,function(){ + + // if we've hit the last page... + if (props.isDone){ + showDoneMsg(); + return false; + + } else { + + // if it didn't return anything + if (box.children().length == 0){ + // fake an ajaxError so we can quit. + $.event.trigger( "ajaxError", [{status:404}] ); + } + + // fadeout currently makes the <em>'d text ugly in IE6 + props.loadingMsg.fadeOut('normal' ); + + // smooth scroll to ease in the new content + if (opts.animate){ + var scrollTo = $(window).scrollTop() + $('#infscr-loading').height() + opts.extraScrollPx + 'px'; + $('html,body').animate({scrollTop: scrollTo}, 800,function(){ props.isDuringAjax = false; }); + } + + // pass in the new DOM element as context for the callback + callback.call( box[0] ); + + if (!opts.animate) props.isDuringAjax = false; // once the call is done, we can allow it again. + } + }); // end of load() + + + } // end of infscrSetup() + + + + + // lets get started. + + var opts = $.extend({}, $.infinitescroll.defaults, options); + var props = $.infinitescroll; // shorthand + callback = callback || function(){}; + + if (!areSelectorsValid(opts)){ return false; } + + // we doing this on an overflow:auto div? + props.container = opts.localMode ? this : document.documentElement; + + // contentSelector we'll use for our .load() + opts.contentSelector = opts.contentSelector || this; + + + // get the relative URL - everything past the domain name. + var relurl = /(.*?\/\/).*?(\/.*)/; + var path = $(opts.nextSelector).attr('href'); + + + if (!path) { debug('Navigation selector not found'); return; } + + // set the path to be a relative URL from root. + path = determinePath(path); + + + // reset scrollTop in case of page refresh: + if (opts.localMode) $(props.container)[0].scrollTop = 0; + + // distance from nav links to bottom + // computed as: height of the document + top offset of container - top offset of nav link + props.pixelsFromNavToBottom = getDocumentHeight() + + $(props.container).offset().top - + $(opts.navSelector).offset().top; + + // define loading msg + props.loadingMsg = $('<div id="infscr-loading" style="text-align: center;"><img alt="Loading..." src="'+ + opts.loadingImg+'" /><div>'+opts.loadingText+'</div></div>'); + // preload the image + (new Image()).src = opts.loadingImg; + + + + // set up our bindings + $(document).ajaxError(function(e,xhr,opt){ + debug('Page not found. Self-destructing...'); + + // die if we're out of pages. + if (xhr.status == 404){ + showDoneMsg(); + props.isDone = true; + $(opts.localMode ? this : window).unbind('scroll.infscr'); + } + }); + + // bind scroll handler to element (if its a local scroll) or window + $(opts.localMode ? this : window) + .bind('scroll.infscr', function(){ infscrSetup(path,opts,props,callback); } ) + .trigger('scroll.infscr'); // trigger the event, in case it's a short page + + + return this; + + } // end of $.fn.infinitescroll() + + + + // options and read-only properties object + + $.infinitescroll = { + defaults : { + debug : false, + preload : false, + nextSelector : "div.navigation a:first", + loadingImg : "http://www.infinite-scroll.com/loading.gif", + loadingText : "<em>Loading the next set of posts...</em>", + donetext : "<em>Congratulations, you've reached the end of the internet.</em>", + navSelector : "div.navigation", + contentSelector : null, // not really a selector. :) it's whatever the method was called on.. + extraScrollPx : 150, + itemSelector : "div.post", + animate : false, + localMode : false, + bufferPx : 40, + errorCallback : function(){} + }, + loadingImg : undefined, + loadingMsg : undefined, + container : undefined, + currPage : 1, + currDOMChunk : null, // defined in setup()'s load() + isDuringAjax : false, + isInvalidPage : false, + isDone : false // for when it goes all the way through the archive. + }; + + + +})(jQuery); diff --git a/plugins/InfiniteScroll/jquery.infinitescroll.min.js b/plugins/InfiniteScroll/jquery.infinitescroll.min.js new file mode 100644 index 000000000..04c75c456 --- /dev/null +++ b/plugins/InfiniteScroll/jquery.infinitescroll.min.js @@ -0,0 +1,8 @@ +/* +// Infinite Scroll jQuery plugin +// copyright Paul Irish, licensed GPL & MIT +// version 1.2.090804 + +// home and docs: http://www.infinite-scroll.com +*/ +(function(A){A.fn.infinitescroll=function(N,L){function E(){if(B.debug){window.console&&console.log.call(console,arguments)}}function G(P){for(var O in P){if(O.indexOf&&O.indexOf("Selector")&&A(P[O]).length===0){E("Your "+O+" found no elements.");return false}return true}}function K(O){O.match(C)?O.match(C)[2]:O;if(O.match(/^(.*?)\b2\b(.*?$)/)){O=O.match(/^(.*?)\b2\b(.*?$)/).slice(1)}else{if(O.match(/^(.*?)2(.*?$)/)){E("Trying backup next selector parse technique. Treacherous waters here, matey.");O=O.match(/^(.*?)2(.*?$)/).slice(1)}else{E("Sorry, we couldn't parse your Next (Previous Posts) URL. Verify your the css selector points to the correct A tag. If you still get this error: yell, scream, and kindly ask for help at infinite-scroll.com.");H.isInvalidPage=true}}return O}function I(){return B.localMode?(A(H.container)[0].scrollHeight&&A(H.container)[0].scrollHeight):A(document).height()}function F(Q,P){var O=I()-(Q.localMode?A(P.container).scrollTop():(A(P.container).scrollTop()||A(P.container.ownerDocument.body).scrollTop()))-A(Q.localMode?P.container:window).height();E("math:",O,P.pixelsFromNavToBottom);return(O-Q.bufferPx<P.pixelsFromNavToBottom)}function J(){H.loadingMsg.find("img").hide().parent().find("div").html(B.donetext).animate({opacity:1},2000).fadeOut("normal");B.errorCallback()}function D(R,Q,O,S){if(O.isDuringAjax||O.isInvalidPage||O.isDone){return }if(!F(Q,O)){return }O.isDuringAjax=true;O.loadingMsg.appendTo(Q.contentSelector).show();A(Q.navSelector).hide();O.currPage++;E("heading into ajax",R);var P=A(Q.contentSelector).is("table")?A("<tbody/>"):A("<div/>");P.attr("id","infscr-page-"+O.currPage).addClass("infscr-pages").appendTo(Q.contentSelector).load(R.join(O.currPage)+" "+Q.itemSelector,null,function(){if(O.isDone){J();return false}else{if(P.children().length==0){A.event.trigger("ajaxError",[{status:404}])}O.loadingMsg.fadeOut("normal");if(Q.animate){var T=A(window).scrollTop()+A("#infscr-loading").height()+Q.extraScrollPx+"px";A("html,body").animate({scrollTop:T},800,function(){O.isDuringAjax=false})}S.call(P[0]);if(!Q.animate){O.isDuringAjax=false}}})}var B=A.extend({},A.infinitescroll.defaults,N);var H=A.infinitescroll;L=L||function(){};if(!G(B)){return false}H.container=B.localMode?this:document.documentElement;B.contentSelector=B.contentSelector||this;var C=/(.*?\/\/).*?(\/.*)/;var M=A(B.nextSelector).attr("href");if(!M){E("Navigation selector not found");return }M=K(M);if(B.localMode){A(H.container)[0].scrollTop=0}H.pixelsFromNavToBottom=I()+A(H.container).offset().top-A(B.navSelector).offset().top;H.loadingMsg=A('<div id="infscr-loading" style="text-align: center;"><img alt="Loading..." src="'+B.loadingImg+'" /><div>'+B.loadingText+"</div></div>");(new Image()).src=B.loadingImg;A(document).ajaxError(function(P,Q,O){E("Page not found. Self-destructing...");if(Q.status==404){J();H.isDone=true;A(B.localMode?this:window).unbind("scroll.infscr")}});A(B.localMode?this:window).bind("scroll.infscr",function(){D(M,B,H,L)}).trigger("scroll.infscr");return this};A.infinitescroll={defaults:{debug:false,preload:false,nextSelector:"div.navigation a:first",loadingImg:"http://www.infinite-scroll.com/loading.gif",loadingText:"<em>Loading the next set of posts...</em>",donetext:"<em>Congratulations, you've reached the end of the internet.</em>",navSelector:"div.navigation",contentSelector:null,extraScrollPx:150,itemSelector:"div.post",animate:false,localMode:false,bufferPx:40,errorCallback:function(){}},loadingImg:undefined,loadingMsg:undefined,container:undefined,currPage:1,currDOMChunk:null,isDuringAjax:false,isInvalidPage:false,isDone:false}})(jQuery);
\ No newline at end of file diff --git a/plugins/InfiniteScroll/readme.txt b/plugins/InfiniteScroll/readme.txt new file mode 100644 index 000000000..3ce3b7fd2 --- /dev/null +++ b/plugins/InfiniteScroll/readme.txt @@ -0,0 +1,6 @@ +Infinite Scroll adds the following functionality to your Laconica installation: When a user scrolls towards the bottom of the page, the next page of notices is automatically retrieved and appended. This means they never need to click "Next Page", which dramatically increases stickiness. + +Installation +============ +Add "addPlugin('InfiniteScroll');" to the bottom of your config.php +That's it! diff --git a/plugins/Realtime/RealtimePlugin.php b/plugins/Realtime/RealtimePlugin.php index 507f0194d..75bb8a91e 100644 --- a/plugins/Realtime/RealtimePlugin.php +++ b/plugins/Realtime/RealtimePlugin.php @@ -84,9 +84,7 @@ class RealtimePlugin extends Plugin $scripts = $this->_getScripts(); foreach ($scripts as $script) { - $action->element('script', array('type' => 'text/javascript', - 'src' => $script), - ' '); + $action->script($script); } $user = common_current_user(); @@ -201,8 +199,8 @@ class RealtimePlugin extends Plugin function _getScripts() { - return array(common_path('plugins/Realtime/realtimeupdate.js'), - common_path('plugins/Realtime/json2.js')); + return array('plugins/Realtime/realtimeupdate.js', + 'plugins/Realtime/json2.js'); } function _updateInitialize($timeline, $user_id) diff --git a/plugins/recaptcha/LICENSE b/plugins/recaptcha/LICENSE new file mode 100644 index 000000000..b612f71f0 --- /dev/null +++ b/plugins/recaptcha/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net +AUTHORS: + Mike Crawford + Ben Maurer + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/plugins/recaptcha/README b/plugins/recaptcha/README new file mode 100644 index 000000000..3100f697e --- /dev/null +++ b/plugins/recaptcha/README @@ -0,0 +1,23 @@ +Laconica reCAPTCHA plugin 0.2 8/3/09 +==================================== +Adds a captcha to your registration page to reduce automated spam bots registering. + +Use: +1. Get an API key from http://recaptcha.net + +2. In config.php add: +include_once('plugins/recaptcha.php'); +$captcha = new recaptcha(publickey, privatekey, showErrors); + +Changelog +========= +0.1 initial release +0.2 Work around for webkit browsers + +reCAPTCHA README +================ + +The reCAPTCHA PHP Lirary helps you use the reCAPTCHA API. Documentation +for this library can be found at + + http://recaptcha.net/plugins/php diff --git a/plugins/recaptcha/recaptcha.php b/plugins/recaptcha/recaptcha.php new file mode 100644 index 000000000..38a860fc7 --- /dev/null +++ b/plugins/recaptcha/recaptcha.php @@ -0,0 +1,104 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Plugin to show reCaptcha when a user registers + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package Laconica + * @author Eric Helgeson <erichelgeson@gmail.com> + * @copyright 2009 + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +define('RECAPTCHA', '0.2'); + +class recaptcha extends Plugin +{ + var $private_key; + var $public_key; + var $display_errors; + var $failed; + var $ssl; + + function __construct($public_key, $private_key, $display_errors=false) + { + parent::__construct(); + require_once(INSTALLDIR.'/plugins/recaptcha/recaptchalib.php'); + $this->public_key = $public_key; + $this->private_key = $private_key; + $this->display_errors = $display_errors; + } + + function checkssl(){ + if(common_config('site', 'ssl') === 'sometimes' || common_config('site', 'ssl') === 'always') { + return true; + } + return false; + } + + function onStartShowHTML($action) + { + //XXX: Horrible hack to make Safari, FF2, and Chrome work with + //reChapcha. reChapcha beaks xhtml strict + header('Content-Type: text/html'); + + $action->extraHeaders(); + + $action->startXML('html'); + + $action->raw('<style type="text/css">#recaptcha_area{float:left;}</style>'); + return false; + } + + function onEndRegistrationFormData($action) + { + $action->elementStart('li'); + $action->raw('<label for="recaptcha_area">Captcha</label>'); + if($this->checkssl() === true){ + $action->raw(recaptcha_get_html($this->public_key), null, true); + } else { + $action->raw(recaptcha_get_html($this->public_key)); + } + $action->elementEnd('li'); + return true; + } + + function onStartRegistrationTry($action) + { + $resp = recaptcha_check_answer ($this->private_key, + $_SERVER["REMOTE_ADDR"], + $action->trimmed('recaptcha_challenge_field'), + $action->trimmed('recaptcha_response_field')); + + if (!$resp->is_valid) + { + if($this->display_errors) + { + $action->showForm ("(reCAPTCHA said: " . $resp->error . ")"); + } + $action->showForm("Captcha does not match!"); + return false; + } + } +} diff --git a/plugins/recaptcha/recaptchalib.php b/plugins/recaptcha/recaptchalib.php new file mode 100644 index 000000000..897c50981 --- /dev/null +++ b/plugins/recaptcha/recaptchalib.php @@ -0,0 +1,277 @@ +<?php +/* + * This is a PHP library that handles calling reCAPTCHA. + * - Documentation and latest version + * http://recaptcha.net/plugins/php/ + * - Get a reCAPTCHA API Key + * http://recaptcha.net/api/getkey + * - Discussion group + * http://groups.google.com/group/recaptcha + * + * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net + * AUTHORS: + * Mike Crawford + * Ben Maurer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * The reCAPTCHA server URL's + */ +define("RECAPTCHA_API_SERVER", "http://api.recaptcha.net"); +define("RECAPTCHA_API_SECURE_SERVER", "https://api-secure.recaptcha.net"); +define("RECAPTCHA_VERIFY_SERVER", "api-verify.recaptcha.net"); + +/** + * Encodes the given data into a query string format + * @param $data - array of string elements to be encoded + * @return string - encoded request + */ +function _recaptcha_qsencode ($data) { + $req = ""; + foreach ( $data as $key => $value ) + $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + + // Cut the last '&' + $req=substr($req,0,strlen($req)-1); + return $req; +} + + + +/** + * Submits an HTTP POST to a reCAPTCHA server + * @param string $host + * @param string $path + * @param array $data + * @param int port + * @return array response + */ +function _recaptcha_http_post($host, $path, $data, $port = 80) { + + $req = _recaptcha_qsencode ($data); + + $http_request = "POST $path HTTP/1.0\r\n"; + $http_request .= "Host: $host\r\n"; + $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; + $http_request .= "Content-Length: " . strlen($req) . "\r\n"; + $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; + $http_request .= "\r\n"; + $http_request .= $req; + + $response = ''; + if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { + die ('Could not open socket'); + } + + fwrite($fs, $http_request); + + while ( !feof($fs) ) + $response .= fgets($fs, 1160); // One TCP-IP packet + fclose($fs); + $response = explode("\r\n\r\n", $response, 2); + + return $response; +} + + + +/** + * Gets the challenge HTML (javascript and non-javascript version). + * This is called from the browser, and the resulting reCAPTCHA HTML widget + * is embedded within the HTML form it was called from. + * @param string $pubkey A public key for reCAPTCHA + * @param string $error The error given by reCAPTCHA (optional, default is null) + * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) + + * @return string - The HTML to be embedded in the user's form. + */ +function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) +{ + if ($pubkey == null || $pubkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($use_ssl) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ($error) { + $errorpart = "&error=" . $error; + } + return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> + + <noscript> + <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> + <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> + <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> + </noscript>'; +} + + + + +/** + * A ReCaptchaResponse is returned from recaptcha_check_answer() + */ +class ReCaptchaResponse { + var $is_valid; + var $error; +} + + +/** + * Calls an HTTP POST function to verify if the user's guess was correct + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * @return ReCaptchaResponse + */ +function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) +{ + if ($privkey == null || $privkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($remoteip == null || $remoteip == '') { + die ("For security reasons, you must pass the remote ip to reCAPTCHA"); + } + + + + //discard spam submissions + if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { + $recaptcha_response = new ReCaptchaResponse(); + $recaptcha_response->is_valid = false; + $recaptcha_response->error = 'incorrect-captcha-sol'; + return $recaptcha_response; + } + + $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify", + array ( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + + $answers = explode ("\n", $response [1]); + $recaptcha_response = new ReCaptchaResponse(); + + if (trim ($answers [0]) == 'true') { + $recaptcha_response->is_valid = true; + } + else { + $recaptcha_response->is_valid = false; + $recaptcha_response->error = $answers [1]; + } + return $recaptcha_response; + +} + +/** + * gets a URL where the user can sign up for reCAPTCHA. If your application + * has a configuration page where you enter a key, you should provide a link + * using this function. + * @param string $domain The domain where the page is hosted + * @param string $appname The name of your application + */ +function recaptcha_get_signup_url ($domain = null, $appname = null) { + return "http://recaptcha.net/api/getkey?" . _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname)); +} + +function _recaptcha_aes_pad($val) { + $block_size = 16; + $numpad = $block_size - (strlen ($val) % $block_size); + return str_pad($val, strlen ($val) + $numpad, chr($numpad)); +} + +/* Mailhide related code */ + +function _recaptcha_aes_encrypt($val,$ky) { + if (! function_exists ("mcrypt_encrypt")) { + die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); + } + $mode=MCRYPT_MODE_CBC; + $enc=MCRYPT_RIJNDAEL_128; + $val=_recaptcha_aes_pad($val); + return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +} + + +function _recaptcha_mailhide_urlbase64 ($x) { + return strtr(base64_encode ($x), '+/', '-_'); +} + +/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ +function recaptcha_mailhide_url($pubkey, $privkey, $email) { + if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { + die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . + "you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>"); + } + + + $ky = pack('H*', $privkey); + $cryptmail = _recaptcha_aes_encrypt ($email, $ky); + + return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); +} + +/** + * gets the parts of the email to expose to the user. + * eg, given johndoe@example,com return ["john", "example.com"]. + * the email is then displayed as john...@example.com + */ +function _recaptcha_mailhide_email_parts ($email) { + $arr = preg_split("/@/", $email ); + + if (strlen ($arr[0]) <= 4) { + $arr[0] = substr ($arr[0], 0, 1); + } else if (strlen ($arr[0]) <= 6) { + $arr[0] = substr ($arr[0], 0, 3); + } else { + $arr[0] = substr ($arr[0], 0, 4); + } + return $arr; +} + +/** + * Gets html to display an email address given a public an private key. + * to get a key, go to: + * + * http://mailhide.recaptcha.net/apikey + */ +function recaptcha_mailhide_html($pubkey, $privkey, $email) { + $emailparts = _recaptcha_mailhide_email_parts ($email); + $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); + + return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) . + "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]); + +} + + +?> diff --git a/scripts/createsim.php b/scripts/createsim.php new file mode 100644 index 000000000..71827ba5b --- /dev/null +++ b/scripts/createsim.php @@ -0,0 +1,142 @@ +#!/usr/bin/env php +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, 2009, Control Yourself, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); + +$shortoptions = 'u:n:b:t:x:'; +$longoptions = array('users=', 'notices=', 'subscriptions=', 'tags=', 'prefix='); + +$helptext = <<<END_OF_CREATESIM_HELP +Creates a lot of test users and notices to (loosely) simulate a real server. + + -u --users Number of users (default 100) + -n --notices Average notices per user (default 100) + -b --subscriptions Average subscriptions per user (default no. users/20) + -t --tags Number of distinct hash tags (default 10000) + -x --prefix User name prefix (default 'testuser') + +END_OF_CREATESIM_HELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +// XXX: make these command-line options + +function newUser($i) +{ + global $userprefix; + User::register(array('nickname' => sprintf('%s%d', $userprefix, $i), + 'password' => sprintf('password%d', $i), + 'fullname' => sprintf('Test User %d', $i))); +} + +function newNotice($i, $tagmax) +{ + global $userprefix; + + $n = rand(0, $i - 1); + $user = User::staticGet('nickname', sprintf('%s%d', $userprefix, $n)); + + $is_reply = rand(0, 4); + + $content = 'Test notice content'; + + if ($is_reply == 0) { + $n = rand(0, $i - 1); + $content = "@$userprefix$n " . $content; + } + + $has_hash = rand(0, 2); + + if ($has_hash == 0) { + $hashcount = rand(0, 2); + for ($j = 0; $j < $hashcount; $j++) { + $h = rand(0, $tagmax); + $content .= " #tag{$h}"; + } + } + + $notice = Notice::saveNew($user->id, $content, 'system'); +} + +function newSub($i) +{ + global $userprefix; + $f = rand(0, $i - 1); + + $fromnick = sprintf('%s%d', $userprefix, $f); + + $from = User::staticGet('nickname', $fromnick); + + if (empty($from)) { + throw new Exception("Can't find user '$fromnick'."); + } + + $t = rand(0, $i - 1); + + if ($t == $f) { + $t++; + if ($t > $i - 1) { + $t = 0; + } + } + + $tunic = sprintf('%s%d', $userprefix, $t); + + $to = User::staticGet('nickname', $tunic); + + if (empty($from)) { + throw new Exception("Can't find user '$tunic'."); + } + + subs_subscribe_to($from, $to); +} + +function main($usercount, $noticeavg, $subsavg, $tagmax) +{ + $n = 1; + + newUser(0); + + // # registrations + # notices + # subs + + $events = $usercount + ($usercount * ($noticeavg + $subsavg)); + + for ($i = 0; $i < $events; $i++) + { + $e = rand(0, 1 + $noticeavg + $subsavg); + + if ($e == 0) { + newUser($n); + $n++; + } else if ($e < $noticeavg + 1) { + newNotice($n, $tagmax); + } else { + newSub($n); + } + } +} + +$usercount = (have_option('u', 'users')) ? get_option_value('u', 'users') : 100; +$noticeavg = (have_option('n', 'notices')) ? get_option_value('n', 'notices') : 100; +$subsavg = (have_option('b', 'subscriptions')) ? get_option_value('b', 'subscriptions') : max($usercount/20, 10); +$tagmax = (have_option('t', 'tags')) ? get_option_value('t', 'tags') : 10000; +$userprefix = (have_option('x', 'prefix')) ? get_option_value('x', 'prefix') : 'testuser'; + +main($usercount, $noticeavg, $subsavg, $tagmax); diff --git a/scripts/getvaliddaemons.php b/scripts/getvaliddaemons.php index 97c230784..f1d8d8116 100755 --- a/scripts/getvaliddaemons.php +++ b/scripts/getvaliddaemons.php @@ -28,7 +28,8 @@ define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); $helptext = <<<ENDOFHELP -getvaliddaemons.php - print out the currently configured PID directory +getvaliddaemons.php - print out a list of valid daemons that should be started +by the startdaemons script ENDOFHELP; @@ -42,7 +43,12 @@ if(common_config('twitterbridge','enabled')) { echo "twitterstatusfetcher.php "; } echo "ombqueuehandler.php "; -echo "twitterqueuehandler.php "; +if (common_config('twitter', 'enabled')) { + echo "twitterqueuehandler.php "; + echo "synctwitterfriends.php "; +} echo "facebookqueuehandler.php "; echo "pingqueuehandler.php "; -echo "smsqueuehandler.php "; +if (common_config('sms', 'enabled')) { + echo "smsqueuehandler.php "; +} diff --git a/scripts/maildaemon.php b/scripts/maildaemon.php index 11ddf06b7..91c257adb 100755 --- a/scripts/maildaemon.php +++ b/scripts/maildaemon.php @@ -299,25 +299,43 @@ class MailerDaemon $attachments = array(); + $this->extract_part($parsed,$msg,$attachments); + + return array($from, $to, $msg, $attachments); + } + + function extract_part($parsed,&$msg,&$attachments){ if ($parsed->ctype_primary == 'multipart') { - foreach ($parsed->parts as $part) { - if ($part->ctype_primary == 'text' && - $part->ctype_secondary == 'plain') { - $msg = $part->body; - }else{ - if ($part->body) { - $attachment = tmpfile(); - fwrite($attachment, $part->body); - $attachments[] = $attachment; - } + if($parsed->ctype_secondary == 'alternative'){ + $altmsg = $this->extract_msg_from_multipart_alternative_part($parsed); + if(!empty($altmsg)) $msg = $altmsg; + }else{ + foreach($parsed->parts as $part){ + $this->extract_part($part,$msg,$attachments); } } - } else if ($type == 'text/plain') { + } else if ($parsed->ctype_primary == 'text' + && $parsed->ctype_secondary=='plain') { $msg = $parsed->body; - } else { - $this->unsupported_type($type); + if(strtolower($parsed->ctype_parameters['charset']) != "utf-8"){ + $msg = utf8_encode($msg); + } + }else if(!empty($parsed->body)){ + if(common_config('attachments', 'uploads')){ + //only save attachments if uploads are enabled + $attachment = tmpfile(); + fwrite($attachment, $parsed->body); + $attachments[] = $attachment; + } } - return array($from, $to, $msg, $attachments); + } + + function extract_msg_from_multipart_alternative_part($parsed){ + foreach ($parsed->parts as $part) { + $this->extract_part($part,$msg,$attachments); + } + //we don't want any attachments that are a result of this parsing + return $msg; } function unsupported_type($type) @@ -367,5 +385,7 @@ class MailerDaemon } } -$md = new MailerDaemon(); -$md->handle_message('php://stdin'); +if (common_config('emailpost', 'enabled')) { + $md = new MailerDaemon(); + $md->handle_message('php://stdin'); +} diff --git a/scripts/stopdaemons.sh b/scripts/stopdaemons.sh index 60ffd83ad..894e5aaff 100755 --- a/scripts/stopdaemons.sh +++ b/scripts/stopdaemons.sh @@ -25,7 +25,7 @@ DIR=`php $SDIR/getpiddir.php` for f in jabberhandler ombhandler publichandler smshandler pinghandler \ xmppconfirmhandler xmppdaemon twitterhandler facebookhandler \ - twitterstatusfetcher; do + twitterstatusfetcher synctwitterfriends; do FILES="$DIR/$f.*.pid" for ff in "$FILES" ; do diff --git a/scripts/synctwitterfriends.php b/scripts/synctwitterfriends.php index fe53ff44d..2de464bcc 100755 --- a/scripts/synctwitterfriends.php +++ b/scripts/synctwitterfriends.php @@ -20,85 +20,260 @@ define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); -// Uncomment this to get useful console output +$shortoptions = 'di::'; +$longoptions = array('id::', 'debug'); + +$helptext = <<<END_OF_TRIM_HELP +Batch script for synching local friends with Twitter friends. + -i --id Identity (default 'generic') + -d --debug Debug (lots of log output) + +END_OF_TRIM_HELP; + +require_once INSTALLDIR . '/scripts/commandline.inc'; +require_once INSTALLDIR . '/lib/parallelizingdaemon.php'; + +/** + * Daemon to sync local friends with Twitter friends + * + * @category Twitter + * @package Laconica + * @author Zach Copley <zach@controlyourself.ca> + * @author Evan Prodromou <evan@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ $helptext = <<<END_OF_TWITTER_HELP Batch script for synching local friends with Twitter friends. END_OF_TWITTER_HELP; -require_once INSTALLDIR.'/scripts/commandline.inc'; +require_once INSTALLDIR . '/scripts/commandline.inc'; +require_once INSTALLDIR . '/lib/parallelizingdaemon.php'; -// Make a lockfile -$lockfilename = lockFilename(); -if (!($lockfile = @fopen($lockfilename, "w"))) { - print "Already running... exiting.\n"; - exit(1); -} +class SyncTwitterFriendsDaemon extends ParallelizingDaemon +{ + /** + * Constructor + * + * @param string $id the name/id of this daemon + * @param int $interval sleep this long before doing everything again + * @param int $max_children maximum number of child processes at a time + * @param boolean $debug debug output flag + * + * @return void + * + **/ -// Obtain an exlcusive lock on file (will fail if script is already going) -if (!@flock( $lockfile, LOCK_EX | LOCK_NB, &$wouldblock) || $wouldblock) { - // Script already running - abort - @fclose($lockfile); - print "Already running... exiting.\n"; - exit(1); -} + function __construct($id = null, $interval = 60, + $max_children = 2, $debug = null) + { + parent::__construct($id, $interval, $max_children, $debug); + } -$flink = new Foreign_link(); -$flink->service = 1; // Twitter -$flink->orderBy('last_friendsync'); -$flink->limit(25); // sync this many users during this run -$cnt = $flink->find(); + /** + * Name of this daemon + * + * @return string Name of the daemon. + */ -print "Updating Twitter friends subscriptions for $cnt users.\n"; + function name() + { + return ('synctwitterfriends.' . $this->_id); + } -while ($flink->fetch()) { + /** + * Find all the Twitter foreign links for users who have requested + * automatically subscribing to their Twitter friends locally. + * + * @return array flinks an array of Foreign_link objects + */ + function getObjects() + { + $flinks = array(); + $flink = new Foreign_link(); - if (($flink->friendsync & FOREIGN_FRIEND_RECV) == FOREIGN_FRIEND_RECV) { + $conn = &$flink->getDatabaseConnection(); - $user = User::staticGet($flink->user_id); + $flink->service = TWITTER_SERVICE; + $flink->orderBy('last_friendsync'); + $flink->limit(25); // sync this many users during this run + $flink->find(); - if (empty($user)) { - common_log(LOG_WARNING, "Unmatched user for ID " . $flink->user_id); - print "Unmatched user for ID $flink->user_id\n"; - continue; + while ($flink->fetch()) { + if (($flink->friendsync & FOREIGN_FRIEND_RECV) == FOREIGN_FRIEND_RECV) { + $flinks[] = clone($flink); + } } - print "Updating Twitter friends for $user->nickname (Laconica ID: $user->id)... "; + $conn->disconnect(); - $fuser = $flink->getForeignUser(); + global $_DB_DATAOBJECT; + unset($_DB_DATAOBJECT['CONNECTIONS']); - if (empty($fuser)) { - common_log(LOG_WARNING, "Unmatched user for ID " . $flink->user_id); - print "Unmatched user for ID $flink->user_id\n"; - continue; - } + return $flinks; + } + + function childTask($flink) { - save_twitter_friends($user, $fuser->id, $fuser->nickname, $flink->credentials); + // Each child ps needs its own DB connection + + // Note: DataObject::getDatabaseConnection() creates + // a new connection if there isn't one already + + $conn = &$flink->getDatabaseConnection(); + + $this->subscribeTwitterFriends($flink); $flink->last_friendsync = common_sql_now(); $flink->update(); - if (defined('SCRIPT_DEBUG')) { - print "\nDONE\n"; - } else { - print "DONE\n"; + $conn->disconnect(); + + // XXX: Couldn't find a less brutal way to blow + // away a cached connection + + global $_DB_DATAOBJECT; + unset($_DB_DATAOBJECT['CONNECTIONS']); + } + + function fetchTwitterFriends($flink) + { + $friends = array(); + + $token = TwitterOAuthClient::unpackToken($flink->credentials); + + $client = new TwitterOAuthClient($token->key, $token->secret); + + try { + $friends_ids = $client->friendsIds(); + } catch (OAuthCurlException $e) { + common_log(LOG_WARNING, $this->name() . + ' - cURL error getting friend ids ' . + $e->getCode() . ' - ' . $e->getMessage()); + return $friends; + } + + if (empty($friends_ids)) { + common_debug($this->name() . + " - Twitter user $flink->foreign_id " . + 'doesn\'t have any friends!'); + return $friends; + } + + common_debug($this->name() . ' - Twitter\'s API says Twitter user id ' . + "$flink->foreign_id has " . + count($friends_ids) . ' friends.'); + + // Calculate how many pages to get... + $pages = ceil(count($friends_ids) / 100); + + if ($pages == 0) { + common_debug($this->name() . " - $user seems to have no friends."); + } + + for ($i = 1; $i <= $pages; $i++) { + + try { + $more_friends = $client->statusesFriends(null, null, null, $i); + } catch (OAuthCurlException $e) { + common_log(LOG_WARNING, $this->name() . + ' - cURL error getting Twitter statuses/friends ' . + "page $i - " . $e->getCode() . ' - ' . + $e->getMessage()); } + + if (empty($more_friends)) { + common_log(LOG_WARNING, $this->name() . + " - Couldn't retrieve page $i " . + "of Twitter user $flink->foreign_id friends."); + continue; + } else { + $friends = array_merge($friends, $more_friends); + } + } + + return $friends; } -} -function lockFilename() -{ - $piddir = common_config('daemon', 'piddir'); - if (!$piddir) { - $piddir = '/var/run'; + function subscribeTwitterFriends($flink) + { + $friends = $this->fetchTwitterFriends($flink); + + if (empty($friends)) { + common_debug($this->name() . + ' - Couldn\'t get friends from Twitter for ' . + "Twitter user $flink->foreign_id."); + return false; + } + + $user = $flink->getUser(); + + foreach ($friends as $friend) { + + $friend_name = $friend->screen_name; + $friend_id = (int) $friend->id; + + // Update or create the Foreign_user record for each + // Twitter friend + + if (!save_twitter_user($friend_id, $friend_name)) { + common_log(LOG_WARNING, $this-name() . + " - Couldn't save $screen_name's friend, $friend_name."); + continue; + } + + // Check to see if there's a related local user + + $friend_flink = Foreign_link::getByForeignID($friend_id, + TWITTER_SERVICE); + + if (!empty($friend_flink)) { + + // Get associated user and subscribe her + + $friend_user = User::staticGet('id', $friend_flink->user_id); + + if (!empty($friend_user)) { + $result = subs_subscribe_to($user, $friend_user); + + if ($result === true) { + common_log(LOG_INFO, + $this->name() . ' - Subscribed ' . + "$friend_user->nickname to $user->nickname."); + } else { + common_debug($this->name() . + ' - Tried subscribing ' . + "$friend_user->nickname to $user->nickname - " . + $result); + } + } + } + } + + return true; } - return $piddir . '/synctwitterfriends.lock'; } -// Cleanup -fclose($lockfile); -unlink($lockfilename); +$id = null; +$debug = null; + +if (have_option('i')) { + $id = get_option_value('i'); +} else if (have_option('--id')) { + $id = get_option_value('--id'); +} else if (count($args) > 0) { + $id = $args[0]; +} else { + $id = null; +} + +if (have_option('d') || have_option('debug')) { + $debug = true; +} + +$syncer = new SyncTwitterFriendsDaemon($id, 60, 2, $debug); +$syncer->runOnce(); -exit(0); diff --git a/scripts/triminboxes.php b/scripts/triminboxes.php index b2135d682..27e200fef 100644 --- a/scripts/triminboxes.php +++ b/scripts/triminboxes.php @@ -52,43 +52,5 @@ if (!empty($id)) { $cnt = $user->find(); while ($user->fetch()) { - - $inbox_entry = new Notice_inbox(); - $inbox_entry->user_id = $user->id; - $inbox_entry->orderBy('created DESC'); - $inbox_entry->limit(1000, 1); - - $id = null; - - if ($inbox_entry->find(true)) { - $id = $inbox_entry->notice_id; - } - - $inbox_entry->free(); - unset($inbox_entry); - - if (is_null($id)) { - continue; - } - - $start = microtime(true); - - $old_inbox = new Notice_inbox(); - $cnt = $old_inbox->query('DELETE from notice_inbox WHERE user_id = ' . $user->id . ' AND notice_id < ' . $id); - $old_inbox->free(); - unset($old_inbox); - - print "Deleted $cnt notices for $user->nickname ($user->id).\n"; - - $finish = microtime(true); - - $delay = 3.0 * ($finish - $start); - - print "Delaying $delay seconds..."; - - // Wait to let slaves catch up - - usleep($delay * 1000000); - - print "DONE.\n"; + Notice_inbox::gc($user->id); } diff --git a/scripts/twitterstatusfetcher.php b/scripts/twitterstatusfetcher.php index 4a1ed8977..f5289c5f4 100755 --- a/scripts/twitterstatusfetcher.php +++ b/scripts/twitterstatusfetcher.php @@ -25,19 +25,18 @@ define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); define('MAXCHILDREN', 2); define('POLL_INTERVAL', 60); // in seconds -$shortoptions = 'i::'; -$longoptions = array('id::'); +$shortoptions = 'di::'; +$longoptions = array('id::', 'debug'); $helptext = <<<END_OF_TRIM_HELP Batch script for retrieving Twitter messages from foreign service. - -i --id Identity (default 'generic') + -i --id Identity (default 'generic') + -d --debug Debug (lots of log output) END_OF_TRIM_HELP; -require_once INSTALLDIR.'/scripts/commandline.inc'; - -require_once INSTALLDIR . '/lib/common.php'; +require_once INSTALLDIR .'/scripts/commandline.inc'; require_once INSTALLDIR . '/lib/daemon.php'; /** @@ -57,9 +56,24 @@ require_once INSTALLDIR . '/lib/daemon.php'; // NOTE: an Avatar path MUST be set in config.php for this // script to work: e.g.: $config['avatar']['path'] = '/laconica/avatar'; -class TwitterStatusFetcher extends Daemon +class TwitterStatusFetcher extends ParallelizingDaemon { - private $_children = array(); + /** + * Constructor + * + * @param string $id the name/id of this daemon + * @param int $interval sleep this long before doing everything again + * @param int $max_children maximum number of child processes at a time + * @param boolean $debug debug output flag + * + * @return void + * + **/ + function __construct($id = null, $interval = 60, + $max_children = 2, $debug = null) + { + parent::__construct($id, $interval, $max_children, $debug); + } /** * Name of this daemon @@ -73,121 +87,22 @@ class TwitterStatusFetcher extends Daemon } /** - * Run the daemon + * Find all the Twitter foreign links for users who have requested + * importing of their friends' timelines * - * @return void + * @return array flinks an array of Foreign_link objects */ - function run() + function getObjects() { - do { - - $flinks = $this->refreshFlinks(); - - foreach ($flinks as $f) { - - // We have to disconnect from the DB before forking so - // each sub-process will open its own connection and - // avoid stomping on the others - - $conn = &$f->getDatabaseConnection(); - $conn->disconnect(); - - $pid = pcntl_fork(); - - if ($pid == -1) { - die ("Couldn't fork!"); - } - - if ($pid) { - - // Parent - if (defined('SCRIPT_DEBUG')) { - common_debug("Parent: forked new status ". - " fetcher process " . $pid); - } - - $this->_children[] = $pid; - - } else { - - // Child - $this->getTimeline($f); - exit(); - } - - // Remove child from ps list as it finishes - while (($c = pcntl_wait($status, WNOHANG OR WUNTRACED)) > 0) { - - if (defined('SCRIPT_DEBUG')) { - common_debug("Child $c finished."); - } - - $this->removePs($this->_children, $c); - } + global $_DB_DATAOBJECT; - // Wait! We have too many damn kids. - if (sizeof($this->_children) > MAXCHILDREN) { - - if (defined('SCRIPT_DEBUG')) { - common_debug('Too many children. Waiting...'); - } - - if (($c = pcntl_wait($status, WUNTRACED)) > 0) { - - if (defined('SCRIPT_DEBUG')) { - common_debug("Finished waiting for $c"); - } - - $this->removePs($this->_children, $c); - } - } - } - - // Remove all children from the process list before restarting - while (($c = pcntl_wait($status, WUNTRACED)) > 0) { - - if (defined('SCRIPT_DEBUG')) { - common_debug("Child $c finished."); - } - - $this->removePs($this->_children, $c); - } - - // Rest for a bit before we fetch more statuses - - if (defined('SCRIPT_DEBUG')) { - common_debug('Waiting ' . POLL_INTERVAL . - ' secs before hitting Twitter again.'); - } - - if (POLL_INTERVAL > 0) { - sleep(POLL_INTERVAL); - } - - } while (true); - } - - /** - * Refresh the foreign links for this user - * - * @return void - */ - - function refreshFlinks() - { $flink = new Foreign_link(); + $conn = &$flink->getDatabaseConnection(); - $flink->service = 1; // Twitter - + $flink->service = TWITTER_SERVICE; $flink->orderBy('last_noticesync'); - - $cnt = $flink->find(); - - if (defined('SCRIPT_DEBUG')) { - common_debug('Updating Twitter friends subscriptions' . - " for $cnt users."); - } + $flink->find(); $flinks = array(); @@ -202,78 +117,81 @@ class TwitterStatusFetcher extends Daemon $flink->free(); unset($flink); + $conn->disconnect(); + unset($_DB_DATAOBJECT['CONNECTIONS']); + return $flinks; } - /** - * Unknown - * - * @param array &$plist unknown. - * @param string $ps unknown. - * - * @return unknown - * @todo document - */ + function childTask($flink) { - function removePs(&$plist, $ps) - { - for ($i = 0; $i < sizeof($plist); $i++) { - if ($plist[$i] == $ps) { - unset($plist[$i]); - $plist = array_values($plist); - break; - } - } + // Each child ps needs its own DB connection + + // Note: DataObject::getDatabaseConnection() creates + // a new connection if there isn't one already + + $conn = &$flink->getDatabaseConnection(); + + $this->getTimeline($flink); + + $flink->last_friendsync = common_sql_now(); + $flink->update(); + + $conn->disconnect(); + + // XXX: Couldn't find a less brutal way to blow + // away a cached connection + + global $_DB_DATAOBJECT; + unset($_DB_DATAOBJECT['CONNECTIONS']); } function getTimeline($flink) { - if (empty($flink)) { - common_log(LOG_WARNING, - "Can't retrieve Foreign_link for foreign ID $fid"); + if (empty($flink)) { + common_log(LOG_WARNING, $this->name() . + " - Can't retrieve Foreign_link for foreign ID $fid"); return; } - $fuser = $flink->getForeignUser(); - - if (empty($fuser)) { - common_log(LOG_WARNING, "Unmatched user for ID " . - $flink->user_id); - return; - } - - if (defined('SCRIPT_DEBUG')) { - common_debug('Trying to get timeline for Twitter user ' . - "$fuser->nickname ($flink->foreign_id)."); - } + common_debug($this->name() . ' - Trying to get timeline for Twitter user ' . + $flink->foreign_id); // XXX: Biggest remaining issue - How do we know at which status // to start importing? How many statuses? Right now I'm going // with the default last 20. - $url = 'http://twitter.com/statuses/friends_timeline.json'; + $token = TwitterOAuthClient::unpackToken($flink->credentials); - $timeline_json = get_twitter_data($url, $fuser->nickname, - $flink->credentials); + $client = new TwitterOAuthClient($token->key, $token->secret); - $timeline = json_decode($timeline_json); + $timeline = null; + + try { + $timeline = $client->statusesFriendsTimeline(); + } catch (OAuthClientCurlException $e) { + common_log(LOG_WARNING, $this->name() . + ' - OAuth client unable to get friends timeline for user ' . + $flink->user_id . ' - code: ' . + $e->getCode() . 'msg: ' . $e->getMessage()); + } if (empty($timeline)) { - common_log(LOG_WARNING, "Empty timeline."); + common_log(LOG_WARNING, $this->name() . " - Empty timeline."); return; } // Reverse to preserve order + foreach (array_reverse($timeline) as $status) { // Hacktastic: filter out stuff coming from this Laconica + $source = mb_strtolower(common_config('integration', 'source')); if (preg_match("/$source/", mb_strtolower($status->source))) { - if (defined('SCRIPT_DEBUG')) { - common_debug('Skipping import of status ' . $status->id . - ' with source ' . $source); - } + common_debug($this->name() . ' - Skipping import of status ' . + $status->id . ' with source ' . $source); continue; } @@ -281,6 +199,7 @@ class TwitterStatusFetcher extends Daemon } // Okay, record the time we synced with Twitter for posterity + $flink->last_noticesync = common_sql_now(); $flink->update(); } @@ -288,11 +207,12 @@ class TwitterStatusFetcher extends Daemon function saveStatus($status, $flink) { $id = $this->ensureProfile($status->user); + $profile = Profile::staticGet($id); - if (!$profile) { - common_log(LOG_ERR, - 'Problem saving notice. No associated Profile.'); + if (empty($profile)) { + common_log(LOG_ERR, $this->name() . + ' - Problem saving notice. No associated Profile.'); return null; } @@ -305,7 +225,7 @@ class TwitterStatusFetcher extends Daemon // check to see if we've already imported the status - if (!$notice) { + if (empty($notice)) { $notice = new Notice(); @@ -316,7 +236,7 @@ class TwitterStatusFetcher extends Daemon $notice->content = common_shorten_links($status->text); // XXX $notice->rendered = common_render_content($notice->content, $notice); $notice->source = 'twitter'; - $notice->reply_to = null; // XXX lookup reply + $notice->reply_to = null; // XXX: lookup reply $notice->is_local = Notice::GATEWAY; if (Event::handle('StartNoticeSave', array(&$notice))) { @@ -342,24 +262,22 @@ class TwitterStatusFetcher extends Daemon function ensureProfile($user) { // check to see if there's already a profile for this user + $profileurl = 'http://twitter.com/' . $user->screen_name; $profile = Profile::staticGet('profileurl', $profileurl); - if ($profile) { - if (defined('SCRIPT_DEBUG')) { - common_debug("Profile for $profile->nickname found."); - } + if (!empty($profile)) { + common_debug($this->name() . + " - Profile for $profile->nickname found."); // Check to see if the user's Avatar has changed - $this->checkAvatar($user, $profile); + $this->checkAvatar($user, $profile); return $profile->id; } else { - if (defined('SCRIPT_DEBUG')) { - common_debug('Adding profile and remote profile ' . - "for Twitter user: $profileurl"); - } + common_debug($this->name() . ' - Adding profile and remote profile ' . + "for Twitter user: $profileurl."); $profile = new Profile(); $profile->query("BEGIN"); @@ -381,9 +299,10 @@ class TwitterStatusFetcher extends Daemon } // check for remote profile + $remote_pro = Remote_profile::staticGet('uri', $profileurl); - if (!$remote_pro) { + if (empty($remote_pro)) { $remote_pro = new Remote_profile(); @@ -420,23 +339,18 @@ class TwitterStatusFetcher extends Daemon $oldname = $profile->getAvatar(48)->filename; if ($newname != $oldname) { - - if (defined('SCRIPT_DEBUG')) { - common_debug('Avatar for Twitter user ' . - "$profile->nickname has changed."); - common_debug("old: $oldname new: $newname"); - } + common_debug($this->name() . ' - Avatar for Twitter user ' . + "$profile->nickname has changed."); + common_debug($this->name() . " - old: $oldname new: $newname"); $this->updateAvatars($twitter_user, $profile); } if ($this->missingAvatarFile($profile)) { - - if (defined('SCRIPT_DEBUG')) { - common_debug('Twitter user ' . $profile->nickname . - ' is missing one or more local avatars.'); - common_debug("old: $oldname new: $newname"); - } + common_debug($this->name() . ' - Twitter user ' . + $profile->nickname . + ' is missing one or more local avatars.'); + common_debug($this->name() ." - old: $oldname new: $newname"); $this->updateAvatars($twitter_user, $profile); } @@ -516,23 +430,20 @@ class TwitterStatusFetcher extends Daemon if ($this->fetchAvatar($url, $filename)) { $this->newAvatar($id, $size, $mediatype, $filename); } else { - common_log(LOG_WARNING, "Problem fetching Avatar: $url", __FILE__); + common_log(LOG_WARNING, $this->id() . + " - Problem fetching Avatar: $url"); } } } function updateAvatar($profile_id, $size, $mediatype, $filename) { - if (defined('SCRIPT_DEBUG')) { - common_debug("Updating avatar: $size"); - } + common_debug($this->name() . " - Updating avatar: $size"); $profile = Profile::staticGet($profile_id); if (empty($profile)) { - if (defined('SCRIPT_DEBUG')) { - common_debug("Couldn't get profile: $profile_id!"); - } + common_debug($this->name() . " - Couldn't get profile: $profile_id!"); return; } @@ -540,6 +451,7 @@ class TwitterStatusFetcher extends Daemon $avatar = $profile->getAvatar($sizes[$size]); // Delete the avatar, if present + if ($avatar) { $avatar->delete(); } @@ -577,9 +489,7 @@ class TwitterStatusFetcher extends Daemon $avatar->filename = $filename; $avatar->url = Avatar::url($filename); - if (defined('SCRIPT_DEBUG')) { - common_debug("new filename: $avatar->url"); - } + common_debug($this->name() . " - New filename: $avatar->url"); $avatar->created = common_sql_now(); @@ -590,9 +500,8 @@ class TwitterStatusFetcher extends Daemon return null; } - if (defined('SCRIPT_DEBUG')) { - common_debug("Saved new $size avatar for $profile_id."); - } + common_debug($this->name() . + " - Saved new $size avatar for $profile_id."); return $id; } @@ -605,13 +514,12 @@ class TwitterStatusFetcher extends Daemon $out = fopen($avatarfile, 'wb'); if (!$out) { - common_log(LOG_WARNING, "Couldn't open file $filename", __FILE__); + common_log(LOG_WARNING, $this->name() . + " - Couldn't open file $filename"); return false; } - if (defined('SCRIPT_DEBUG')) { - common_debug("Fetching avatar: $url"); - } + common_debug($this->name() . " - Fetching Twitter avatar: $url"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); @@ -628,7 +536,8 @@ class TwitterStatusFetcher extends Daemon } } -declare(ticks = 1); +$id = null; +$debug = null; if (have_option('i')) { $id = get_option_value('i'); @@ -640,6 +549,10 @@ if (have_option('i')) { $id = null; } -$fetcher = new TwitterStatusFetcher($id); +if (have_option('d') || have_option('debug')) { + $debug = true; +} + +$fetcher = new TwitterStatusFetcher($id, 60, 2, $debug); $fetcher->runOnce(); diff --git a/scripts/xmppdaemon.php b/scripts/xmppdaemon.php index 488b4b514..69512f243 100755 --- a/scripts/xmppdaemon.php +++ b/scripts/xmppdaemon.php @@ -175,6 +175,10 @@ class XMPPDaemon extends Daemon $user = $this->get_user($from); + // For common_current_user to work + global $_cur; + $_cur = $user; + if (!$user) { $this->from_site($from, 'Unknown user; go to ' . common_local_url('imsettings') . @@ -211,6 +215,7 @@ class XMPPDaemon extends Daemon $user->free(); unset($user); + unset($_cur); unset($pl['xml']); $pl['xml'] = null; diff --git a/theme/base/css/display.css b/theme/base/css/display.css index 3604f193a..364ea0b62 100644 --- a/theme/base/css/display.css +++ b/theme/base/css/display.css @@ -482,7 +482,7 @@ height:16px; } #form_notice .form_note { position:absolute; -top:99px; +bottom:2px; right:98px; z-index:9; } @@ -863,7 +863,7 @@ clear:left; float:left; font-size:0.95em; margin-left:59px; -width:60%; +width:50%; } #showstream .notice div.entry-content, #shownotice .notice div.entry-content { @@ -876,22 +876,9 @@ float:left; font-size:1.025em; } -.notice div.entry-content dl, -.notice div.entry-content dt, -.notice div.entry-content dd { -display:inline; -} - -.notice div.entry-content .timestamp dt, -.notice div.entry-content .response dt { -display:none; -} -.notice div.entry-content .timestamp a { +.notice div.entry-content .timestamp { display:inline-block; } -.notice div.entry-content .device dt { -text-transform:lowercase; -} .notice-options { position:relative; @@ -921,38 +908,28 @@ left:29px; .notice-options .notice_delete { right:0; } -.notice-options .notice_reply dt { -display:none; -} - .notice-options input, .notice-options a { text-indent:-9999px; outline:none; } - -.notice-options .notice_reply a, .notice-options input.submit { display:block; border:0; } -.notice-options .notice_reply a, -.notice-options .notice_delete a { +.notice-options .notice_reply, +.notice-options .notice_delete { text-decoration:none; padding-left:16px; } - .notice-options form input.submit { width:16px; padding:2px 0; } - -.notice-options .notice_delete dt, .notice-options .form_favor legend, .notice-options .form_disfavor legend { display:none; } -.notice-options .notice_delete fieldset, .notice-options .form_favor fieldset, .notice-options .form_disfavor fieldset { border:0; diff --git a/theme/base/css/ie6.css b/theme/base/css/ie6.css index dde4d6fc7..edc49478f 100644 --- a/theme/base/css/ie6.css +++ b/theme/base/css/ie6.css @@ -12,7 +12,7 @@ margin:0 auto; } #content { -width:70%; +width:69%; } #aside_primary { padding:5%; @@ -35,3 +35,6 @@ width:20%; width:50%; margin-left:30px; } +.notice-options a { +width:16px; +}
\ No newline at end of file diff --git a/theme/base/images/icons/icon_atom.png b/theme/base/images/icons/icon_atom.png Binary files differindex 6a001f11a..de63f1577 100644 --- a/theme/base/images/icons/icon_atom.png +++ b/theme/base/images/icons/icon_atom.png diff --git a/theme/base/images/icons/icon_rss.png b/theme/base/images/icons/icon_rss.png Binary files differindex 0ccd1ce25..e75778a9e 100644 --- a/theme/base/images/icons/icon_rss.png +++ b/theme/base/images/icons/icon_rss.png diff --git a/theme/cloudy/css/display.css b/theme/cloudy/css/display.css index 12f186a56..e3c5c3cc0 100644 --- a/theme/cloudy/css/display.css +++ b/theme/cloudy/css/display.css @@ -12,12 +12,12 @@ img { display:block; border:0; } a abbr { cursor: pointer; border-bottom:0; } table { border-collapse:collapse; } ol { list-style-position:inside; } -html { font-size: 100%; background-color:#fff; } +html { font-size: 87.5%; } body { background-color:#fff; color:#000; font-family:sans-serif; -font-size:0.75em; +font-size:1em; line-height:normal; position:relative; height:100%; @@ -414,9 +414,12 @@ width:518px; min-height:322px; padding:20px; float:left; -border-radius-topleft:4px; --moz-border-radius-topleft:4px; --webkit-border-top-left-radius:4px; +border-radius:4px; +-moz-border-radius:4px; +-webkit-border-radius:4px; +border-radius-topright:0; +-moz-border-radius-topright:0; +-webkit-border-top-right-radius:0; border-style:solid; border-width:1px; } @@ -471,6 +474,24 @@ margin-bottom:7px; #form_notice #notice_submit label { display:none; } +#form_notice label[for=notice_data-attach], +#form_notice #notice_data-attach { +position:absolute; +top:87px; +cursor:pointer; +} +#form_notice label[for=notice_data-attach] { +text-indent:-9999px; +left:82%; +width:16px; +height:16px; +} +#form_notice #notice_data-attach { +left:40%; +padding:0; +height:16px; +} + #form_notice .form_note { position:absolute; top:-10px; @@ -488,6 +509,7 @@ font-weight:bold; line-height:1.15; padding:1px 2px; } + #form_notice #notice_action-submit { width:14%; height:35px; @@ -505,6 +527,29 @@ margin-bottom:7px; margin-left:18px; float:left; } +#form_notice .error, +#form_notice .success { +float:left; +clear:both; +width:83.5%; +margin-bottom:0; +line-height:1.618; +position:absolute; +top:87px; +left:0; +} +#form_notice #notice_data-attach_selected code { +float:left; +width:90%; +display:block; +font-size:1.1em; +line-height:1.8; +overflow:auto; +} +#form_notice #notice_data-attach_selected button { +float:right; +font-size:0.8em; +} /* entity_profile */ @@ -746,17 +791,18 @@ float:left; width:100%; border-top-width:1px; border-top-style:dotted; -font-size:1.2em; } .notices li { list-style-type:none; line-height:1.1; -width:94%; -padding-right:5%; -padding-left:1%; min-height:47px; } - +.notices .notices { +margin-top:7px; +margin-left:2%; +width:98%; +float:left; +} /* NOTICES */ #notices_primary { @@ -805,13 +851,17 @@ text-decoration:underline; .notice .entry-title { float:none; -display:inline; -width:100%; overflow:hidden; +display:inline; } #shownotice .notice .entry-title { font-size:2.2em; } +#conversation .notice .entry-title { +display:block; +width:90%; +} + .notice p.entry-content { display:inline; @@ -887,13 +937,11 @@ outline:none; .notice-options { padding-left:2%; float:left; -width:50%; font-size:0.95em; -width:12.5%; +width:16px; float:right; -display:none; } -.notices li.hover div.notice-options { +.notices li:hover div.notice-options { display:block; } @@ -917,7 +965,7 @@ top:30px; right:7px; } .notice-options .notice_delete { -bottom:7px; +top:47px; right:7px; } .notice-options .notice_reply dt { @@ -941,6 +989,10 @@ text-decoration:none; padding-left:16px; } +.notice-options .notice_reply .notice_id { +display:none; +} + .notice-options form input.submit { width:16px; padding:2px 0; @@ -958,6 +1010,97 @@ border:0; padding:0; } +.notice .attachment { +position:relative; +padding-left:16px; +} +#attachments .attachment { +padding-left:0; +} +.notice .attachment img { +position:absolute; +top:18px; +left:0; +z-index:99; +} +#shownotice .notice .attachment img { +position:static; +} + +#attachments { +clear:both; +float:left; +width:100%; +margin-top:18px; +} +#attachments dt { +font-weight:bold; +font-size:1.3em; +margin-bottom:4px; +} + +#attachments ol li { +margin-bottom:18px; +list-style-type:decimal; +float:left; +clear:both; +} + +#jOverlayContent, +#jOverlayContent #content, +#jOverlayContent #content_inner { +width: auto !important; +margin-bottom:0; +} +#jOverlayContent #content { +padding:11px; +min-height:auto; +} +#jOverlayContent .external span { +display:block; +margin-bottom:11px; +} +#jOverlayContent button { +position:absolute; +top:0; +right:0; +width:29px; +height:29px; +text-align:center; +font-weight:bold; +padding:0; +} +#jOverlayContent h1 { +max-width:425px; +} +#jOverlayContent #content { +border-radius:7px; +-moz-border-radius:7px; +-webkit-border-radius:7px; +} +#jOverlayLoading { +top:5%; +left:40%; +} +#attachment_view img { +max-width:480px; +max-height:480px; +} +#attachment_view #oembed_info { +margin-top:11px; +} +#attachment_view #oembed_info dt, +#attachment_view #oembed_info dd { +float:left; +} +#attachment_view #oembed_info dt { +clear:left; +margin-right:11px; +font-weight:bold; +} +#attachment_view #oembed_info dt:after { +content: ":"; +} #usergroups #new_group { float: left; @@ -1218,7 +1361,8 @@ clear:both; #outbox.user_in #content, #subscriptions.user_in #content, #subscribers.user_in #content, -#showgroup.user_in #content { +#showgroup.user_in #content, +#conversation.user_in #content { padding-top:160px; } @@ -1243,6 +1387,14 @@ padding-top:160px; display:none; } +#jOverlayContent #core #content { +padding-top:11px; +} +#jOverlayContent #core { +background:none; +padding-top:0; +} + html, body, @@ -1311,24 +1463,23 @@ border-top-color:#87B4C8; } -#content .notice p.entry-content a:visited { -background-color:#fcfcfc; -} -#content .notice p.entry-content .vcard a { -background-color:#fcfffc; -} - #aside_primary { background-color:#DDFFCC; } - #notice_text-count { -color:#333; +color:#000000; } #form_notice.warning #notice_text-count { -color:#000; +color:#000000; +} +#form_notice label[for=notice_data-attach] { +background:transparent url(../../base/images/icons/twotone/green/clip-01.gif) no-repeat 0 45%; } +#form_notice #notice_data-attach { +opacity:0; +} + #form_notice.processing #notice_action-submit { background:#fff url(../../base/images/icons/icon_processing.gif) no-repeat 47% 47%; cursor:wait; @@ -1426,8 +1577,11 @@ background-image:url(../images/icons/twotone/green/shield.gif); /* NOTICES */ -.notices li.over { -background-color:#fcfcfc; +.notice .attachment { +background:transparent url(../../base/images/icons/twotone/green/clip-02.gif) no-repeat 0 45%; +} +#attachments .attachment { +background:none; } .notice-options .notice_reply a, @@ -1451,10 +1605,24 @@ background:transparent url(../images/icons/icon_trash.gif) no-repeat 0 45%; .notices div.notice-options { opacity:0.4; } -.notices li.hover div.entry-content, -.notices li.hover div.notice-options { +.notices li:hover div.entry-content, +.notices li:hover div.notice-options { opacity:1; } +.notices .notices { +background-color:rgba(200, 200, 200, 0.01); +} +.notices .notices .notices { +background-color:rgba(200, 200, 200, 0.02); +} +.notices .notices .notices .notices { +background-color:rgba(200, 200, 200, 0.03); +} +.notices .notices .notices .notices .notices { +background-color:rgba(200, 200, 200, 0.04); +} + + div.entry-content { color:#333; } @@ -1462,8 +1630,11 @@ div.notice-options a, div.notice-options input { font-family:sans-serif; } -.notices li.hover { -background-color:#fcfcfc; +#content .notices li:hover { +background-color:rgba(240, 240, 240, 0.2); +} +#conversation .notices li:hover { +background-color:transparent; } /*END: NOTICES */ diff --git a/theme/cloudy/css/ie.css b/theme/cloudy/css/ie.css index 095122100..a698676fb 100644 --- a/theme/cloudy/css/ie.css +++ b/theme/cloudy/css/ie.css @@ -8,13 +8,41 @@ color:#fff; background-color:#ddffcc; } +#form_notice { +width:525px; +} +#form_notice .form_note { +top:-5px; +right:0; +} +#form_notice textarea { +width:97.75%; +} +#form_notice .form_note + label { +position:absolute; +top:87px; +left:77%; +text-indent:-9999px; +height:16px; +width:16px; +display:block; +} +#form_notice #notice_data-attach { +filter: alpha(opacity = 0); +left:33.5%; +} + +#form_notice #notice_action-submit { +right:0; +} + #aside_primary { width:181px; } #form_notice, #anon_notice { -top:158px; +top:190px; } #public #content, @@ -32,3 +60,13 @@ top:158px; #subscribers #content { padding-top:138px; } + +.notice { +z-index:1; +} +.notice:hover { +z-index:9999; +} +.notice .thumbnail img { +z-index:9999; +} diff --git a/theme/default/css/display.css b/theme/default/css/display.css index 251d6706b..646fb0445 100644 --- a/theme/default/css/display.css +++ b/theme/default/css/display.css @@ -66,7 +66,7 @@ div.notice-options input, .entity_nudge p, .form_settings input.form_action-primary, .form_make_admin input.submit { -color:#002E6E; +color:#002FA7; } .notice, @@ -214,11 +214,7 @@ background:transparent url(../../base/images/icons/twotone/green/clip-02.gif) no #attachments .attachment { background:none; } -.notice-options .notice_reply a, -.notice-options form input.submit { -background-color:transparent; -} -.notice-options .notice_reply a { +.notice-options .notice_reply { background:transparent url(../../base/images/icons/twotone/green/reply.gif) no-repeat 0 45%; } .notice-options form.form_favor input.submit { @@ -227,7 +223,7 @@ background:transparent url(../../base/images/icons/twotone/green/favourite.gif) .notice-options form.form_disfavor input.submit { background:transparent url(../../base/images/icons/twotone/green/disfavourite.gif) no-repeat 0 45%; } -.notice-options .notice_delete a { +.notice-options .notice_delete { background:transparent url(../../base/images/icons/twotone/green/trash.gif) no-repeat 0 45%; } @@ -239,9 +235,6 @@ opacity:0.4; .notices li:hover div.notice-options { opacity:1; } -div.entry-content { -color:#333333; -} div.notice-options a, div.notice-options input { font-family:sans-serif; diff --git a/theme/default/default-avatar-mini.png b/theme/default/default-avatar-mini.png Binary files differindex 38b8692b4..6c7808616 100644 --- a/theme/default/default-avatar-mini.png +++ b/theme/default/default-avatar-mini.png diff --git a/theme/default/default-avatar-profile.png b/theme/default/default-avatar-profile.png Binary files differindex f8357d4fc..08ce4e48e 100644 --- a/theme/default/default-avatar-profile.png +++ b/theme/default/default-avatar-profile.png diff --git a/theme/default/default-avatar-stream.png b/theme/default/default-avatar-stream.png Binary files differindex 6b63baa70..f18994d75 100644 --- a/theme/default/default-avatar-stream.png +++ b/theme/default/default-avatar-stream.png diff --git a/theme/default/logo.png b/theme/default/logo.png Binary files differindex fdead6c4a..322cbe903 100644 --- a/theme/default/logo.png +++ b/theme/default/logo.png diff --git a/theme/identica/css/display.css b/theme/identica/css/display.css index 42a4573a7..0688db425 100644 --- a/theme/identica/css/display.css +++ b/theme/identica/css/display.css @@ -66,7 +66,7 @@ div.notice-options input, .entity_nudge p, .form_settings input.form_action-primary, .form_make_admin input.submit { -color:#002E6E; +color:#002FA7; } .notice, @@ -214,11 +214,7 @@ background:transparent url(../../base/images/icons/twotone/green/clip-02.gif) no #attachments .attachment { background:none; } -.notice-options .notice_reply a, -.notice-options form input.submit { -background-color:transparent; -} -.notice-options .notice_reply a { +.notice-options .notice_reply { background:transparent url(../../base/images/icons/twotone/green/reply.gif) no-repeat 0 45%; } .notice-options form.form_favor input.submit { @@ -227,7 +223,7 @@ background:transparent url(../../base/images/icons/twotone/green/favourite.gif) .notice-options form.form_disfavor input.submit { background:transparent url(../../base/images/icons/twotone/green/disfavourite.gif) no-repeat 0 45%; } -.notice-options .notice_delete a { +.notice-options .notice_delete { background:transparent url(../../base/images/icons/twotone/green/trash.gif) no-repeat 0 45%; } @@ -239,9 +235,6 @@ opacity:0.4; .notices li:hover div.notice-options { opacity:1; } -div.entry-content { -color:#333333; -} div.notice-options a, div.notice-options input { font-family:sans-serif; diff --git a/theme/identica/default-avatar-mini.png b/theme/identica/default-avatar-mini.png Binary files differindex 38b8692b4..6c7808616 100644 --- a/theme/identica/default-avatar-mini.png +++ b/theme/identica/default-avatar-mini.png diff --git a/theme/identica/default-avatar-profile.png b/theme/identica/default-avatar-profile.png Binary files differindex f8357d4fc..08ce4e48e 100644 --- a/theme/identica/default-avatar-profile.png +++ b/theme/identica/default-avatar-profile.png diff --git a/theme/identica/default-avatar-stream.png b/theme/identica/default-avatar-stream.png Binary files differindex 6b63baa70..f18994d75 100644 --- a/theme/identica/default-avatar-stream.png +++ b/theme/identica/default-avatar-stream.png diff --git a/theme/identica/logo.png b/theme/identica/logo.png Binary files differindex 7c68b34f6..b32c6f951 100644 --- a/theme/identica/logo.png +++ b/theme/identica/logo.png diff --git a/theme/pigeonthoughts/css/base.css b/theme/pigeonthoughts/css/base.css index 9866e2d2c..980d7ddd7 100644 --- a/theme/pigeonthoughts/css/base.css +++ b/theme/pigeonthoughts/css/base.css @@ -383,7 +383,7 @@ margin-bottom:1em; } #content { -width:49.009%; +width:50%; min-height:259px; float:left; padding:0 18px; @@ -402,7 +402,7 @@ float:left; width:45.917%; min-height:259px; float:left; -margin-left:1.385%; +margin-left:0.25%; padding-bottom:47px; } @@ -736,11 +736,10 @@ margin-right:11px; .notice, .profile { position:relative; -padding-top:11px; -padding-bottom:11px; +padding:11px 2%; clear:both; float:left; -width:96.41%; +width:95.7%; border-width:1px; border-style:solid; margin-bottom:11px; @@ -848,23 +847,9 @@ margin-left:0; float:left; font-size:1.025em; } - -.notice div.entry-content dl, -.notice div.entry-content dt, -.notice div.entry-content dd { -display:inline; -} - -.notice div.entry-content .timestamp dt, -.notice div.entry-content .response dt { -display:none; -} -.notice div.entry-content .timestamp a { +.notice div.entry-content .timestamp { display:inline-block; } -.notice div.entry-content .device dt { -text-transform:lowercase; -} .notice-options { position:relative; @@ -894,38 +879,28 @@ left:29px; .notice-options .notice_delete { right:0; } -.notice-options .notice_reply dt { -display:none; -} - .notice-options input, .notice-options a { text-indent:-9999px; outline:none; } - -.notice-options .notice_reply a, .notice-options input.submit { display:block; border:0; } -.notice-options .notice_reply a, -.notice-options .notice_delete a { +.notice-options .notice_reply, +.notice-options .notice_delete { text-decoration:none; padding-left:16px; } - .notice-options form input.submit { width:16px; padding:2px 0; } - -.notice-options .notice_delete dt, .notice-options .form_favor legend, .notice-options .form_disfavor legend { display:none; } -.notice-options .notice_delete fieldset, .notice-options .form_favor fieldset, .notice-options .form_disfavor fieldset { border:0; @@ -993,13 +968,36 @@ font-weight:bold; padding:0; } #jOverlayContent h1 { -max-width:475px; +max-width:425px; } #jOverlayContent #content { border-radius:7px; -moz-border-radius:7px; -webkit-border-radius:7px; } +#jOverlayLoading { +top:5%; +left:40%; +} +#attachment_view img { +max-width:480px; +max-height:480px; +} +#attachment_view #oembed_info { +margin-top:11px; +} +#attachment_view #oembed_info dt, +#attachment_view #oembed_info dd { +float:left; +} +#attachment_view #oembed_info dt { +clear:left; +margin-right:11px; +font-weight:bold; +} +#attachment_view #oembed_info dt:after { +content: ":"; +} #usergroups #new_group { float: left; @@ -1058,8 +1056,6 @@ top:3px; left:3px; } - - .pagination { float:left; clear:both; @@ -1105,7 +1101,6 @@ padding-right:30px; } /* END: NOTICE */ - .hentry .entry-content p { margin-bottom:18px; } @@ -1122,7 +1117,6 @@ margin-bottom:18px; margin-left:18px; } - /* TOP_POSTERS */ .section tbody td { padding-right:11px; @@ -1150,7 +1144,6 @@ margin-right:0; display:none; } - /* tagcloud */ .tag-cloud { list-style-type:none; @@ -1233,6 +1226,11 @@ clear:both; margin-bottom:0; } +#form_settings_design #settings_design_background-image img { +max-width:480px; +max-height:480px; +} + #form_settings_design #settings_design_color .form_data, #form_settings_design #color-picker { float:left; diff --git a/theme/pigeonthoughts/css/display.css b/theme/pigeonthoughts/css/display.css index 01af500bf..1bf37bf73 100644 --- a/theme/pigeonthoughts/css/display.css +++ b/theme/pigeonthoughts/css/display.css @@ -14,7 +14,8 @@ background:url(../images/illustrations/illu_pigeons-01.png) no-repeat 0 100%; } body, -a:active { +a:active, +#content { background-color:#AEA187; } body { @@ -268,11 +269,7 @@ background:transparent url(../../base/images/icons/twotone/green/clip-02.gif) no #attachments .attachment { background:none; } -.notice-options .notice_reply a, -.notice-options form input.submit { -background-color:transparent; -} -.notice-options .notice_reply a { +.notice-options .notice_reply { background:transparent url(../../base/images/icons/twotone/green/reply.gif) no-repeat 0 45%; } .notice-options form.form_favor input.submit { @@ -281,7 +278,7 @@ background:transparent url(../../base/images/icons/twotone/green/favourite.gif) .notice-options form.form_disfavor input.submit { background:transparent url(../../base/images/icons/twotone/green/disfavourite.gif) no-repeat 0 45%; } -.notice-options .notice_delete a { +.notice-options .notice_delete { background:transparent url(../../base/images/icons/twotone/green/trash.gif) no-repeat 0 45%; } diff --git a/tpl/index.php b/tpl/index.php index 5f1ed8439..be375e75a 100644 --- a/tpl/index.php +++ b/tpl/index.php @@ -1,6 +1,4 @@ -<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html -PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title><?php echo section('title'); ?></title> @@ -44,4 +42,4 @@ PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" </div> </div> </body> - </html>
\ No newline at end of file + </html> |