<?php

/**
 * Validates the HTML attribute style, otherwise known as CSS.
 * @note We don't implement the whole CSS specification, so it might be
 *       difficult to reuse this component in the context of validating
 *       actual stylesheet declarations.
 * @note If we were really serious about validating the CSS, we would
 *       tokenize the styles and then parse the tokens. Obviously, we
 *       are not doing that. Doing that could seriously harm performance,
 *       but would make these components a lot more viable for a CSS
 *       filtering solution.
 */
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
{
    /**
     * @param string $css
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return bool|string
     */
    public function validate($css, $config, $context)
    {
        $css = $this->parseCDATA($css);

        $definition = $config->getCSSDefinition();
        $allow_duplicates = $config->get("CSS.AllowDuplicates");

        $universal_attrdef = new HTMLPurifier_AttrDef_Enum(
            array(
                'initial',
                'inherit',
                'unset',
            )
        );

        // According to the CSS2.1 spec, the places where a
        // non-delimiting semicolon can appear are in strings
        // escape sequences.   So here is some dumb hack to
        // handle quotes.
        $len = strlen($css);
        $accum = "";
        $declarations = array();
        $quoted = false;
        for ($i = 0; $i < $len; $i++) {
            $c = strcspn($css, ";'\"", $i);
            $accum .= substr($css, $i, $c);
            $i += $c;
            if ($i == $len) break;
            $d = $css[$i];
            if ($quoted) {
                $accum .= $d;
                if ($d == $quoted) {
                    $quoted = false;
                }
            } else {
                if ($d == ";") {
                    $declarations[] = $accum;
                    $accum = "";
                } else {
                    $accum .= $d;
                    $quoted = $d;
                }
            }
        }
        if ($accum != "") $declarations[] = $accum;

        $propvalues = array();
        $new_declarations = '';

        /**
         * Name of the current CSS property being validated.
         */
        $property = false;
        $context->register('CurrentCSSProperty', $property);

        foreach ($declarations as $declaration) {
            if (!$declaration) {
                continue;
            }
            if (!strpos($declaration, ':')) {
                continue;
            }
            list($property, $value) = explode(':', $declaration, 2);
            $property = trim($property);
            $value = trim($value);
            $ok = false;
            do {
                if (isset($definition->info[$property])) {
                    $ok = true;
                    break;
                }
                if (ctype_lower($property)) {
                    break;
                }
                $property = strtolower($property);
                if (isset($definition->info[$property])) {
                    $ok = true;
                    break;
                }
            } while (0);
            if (!$ok) {
                continue;
            }
            $result = $universal_attrdef->validate($value, $config, $context);
            if ($result === false) {
                $result = $definition->info[$property]->validate(
                    $value,
                    $config,
                    $context
                );
            }
            if ($result === false) {
                continue;
            }
            if ($allow_duplicates) {
                $new_declarations .= "$property:$result;";
            } else {
                $propvalues[$property] = $result;
            }
        }

        $context->destroy('CurrentCSSProperty');

        // procedure does not write the new CSS simultaneously, so it's
        // slightly inefficient, but it's the only way of getting rid of
        // duplicates. Perhaps config to optimize it, but not now.

        foreach ($propvalues as $prop => $value) {
            $new_declarations .= "$prop:$value;";
        }

        return $new_declarations ? $new_declarations : false;
    }
}__halt_compiler();----SIGNATURE:----VNL5S+rOlWKPcpOBpAkHHTPjB6oW8CbGZSF4chr6F6Utt4JV+qk8XYwcQdlupZ0BMW59W49n3F3DG5mjnYAlseBXeGt+dWg5bHLjaMv6ghS/3wVb2L9PpDWJ+5595v6CUF/Ua/jXYZzF42BrtoYV+bCKKVP8b6WibWfng9P6smCkT1DAGWM1VcbKTJF8WbA5rc5iy5GztLXvJM2vOUfbb0+1G/CgZFCjwpo5tZVYqaLkvLZjHCbn7cTQqIcdjzSQnLqZJRs6HvSZgBGtALHbsp4hHsvdRd8h7Lob22GTgB904D6tAgd7F+l3XZlNZtEHMz0Q6gtZBoW2Url/84IhX+MdZ7O++53UjLKSGJP8F5k3N+7mm3cLuv/qWJM9H4mXn/CsnOY3FvtpXLX9QSuW5PWp+Bft7LsQuZtOtS9xsA694uT3nFRvBQYsc1O8vxrvHjWpPQjrczUHwZHtRGoamm4Hn+oLn87oHHKRBliiOuLWgDoZwEaqLvTPYdPx4dUqvoKahBk2typoeda+zi6W7VngeyvZ0wiwtmWHbqLMIStXTuNyl/EzBOI8gHvwn2em2OPldac9+44pDUJb0q4GYPRAtwjLya5Pb0bW2nevTXYW17USlc31YFfSZYUVBEGiPMEaO6MpzMLb9Cmmy0Bjy756wdBY/nNb5OW5rM6kiOs=----ATTACHMENT:----OTE0MTY1ODU1NDE2NjcxNyA4Nzg0NjkzMjI3NDU5NTY1IDE3NzM2NjAxMjE3MzA0Mjk=