SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php5-pear-htmlpurifier-4.9.2-15.1.noarch.rpm :
Sat Aug 5 14:00:00 2017 jweberhoferAATTweberhofer.at
- Upgraded to version 4.9.2
- Fixes PHP 5.3 compatibility
- Fix breakage when decoding decimal entities. Thanks AATTrybakit (#129)
- 4.9.1
! %URI.DefaultScheme can now be set to null, in which case
all relative paths are removed.
! New CSS properties: min-width, max-width, min-height, max-height (#94)
! Transparency (rgba) and hsl/hsla supported where color CSS is present.
Thanks AATTfxbt for contributing the patch. (#118)
- When idn_to_ascii is defined, we might accept malformed
hostnames. Apply validation to the result in such cases.
- Close directory when done in Serializer DefinitionCache (#100)
- Deleted some asserts to avoid linters from choking (#97)
- Rework Serializer cache behavior to avoid chmod\'ing if possible (#32)
- Embedded semicolons in strings in CSS are now handled correctly!
- We accidentally dropped certain Unicode characters if there was
one or more invalid characters. This has been fixed, thanks
to mpyw
- Fix for \"Don\'t truncate upon encountering
when using DOMLex\"
caused a regression with HTML 4.01 Strict parsing with libxml 2.9.1
(and maybe later versions, but known OK with libxml 2.9.4). The
fix is to go about handling truncation a bit more cleverly so that
we can wrap with divs (sidestepping the bug) but slurping out the
rest of the text in case it ran off the end. (#78)
- Fix PREG_BACKTRACK_LIMIT_ERROR in HTMLPurifier_Filter_ExtractStyle.
Thanks AATTbreathbath for contributing the report and fix (#120)
- Fix entity decoding algorithm to be more conservative about
decoding entities that are missing trailing semicolon.
To get old behavior, set %Core.LegacyEntityDecoder to true.
(#119)
- Workaround libxml bug when HTML tags are embedded inside
script tags. To disable workaround set %Core.AggressivelyRemoveScript
to false. (#83)
[#] By default, when a link has a target attribute associated
with it, we now also add rel=\"noopener\" in order to
prevent the new window from being able to overwrite
the original frame. To disable this protection,
set %HTML.TargetNoopener to FALSE.

Sun Sep 18 14:00:00 2016 jweberhoferAATTweberhofer.at
- Upgraded to version 4.8.0
[#] By default, when a link has a target attribute associated
with it, we now also add rel=\"noreferrer\" in order to
prevent the new window from being able to overwrite
the original frame. To disable this protection,
set %HTML.TargetNoreferrer to FALSE.
! Full PHP 7 compatibility, the test suite is ALL GO.
! %CSS.AllowDuplicates permits duplicate CSS properties.
! Support for \'tel\' URIs.
! Partial support for \'border-radius\' properties when %CSS.AllowProprietary is true.
The slash syntax, i.e., \'border-radius: 2em 1em 4em / 0.5em 3em\' is not
yet supported.
! %Attr.ID.HTML5 turns on HTML5-style ID handling.
- alt truncation could result in malformed UTF-8 sequence. Don\'t
truncate. Thanks Brandon Farber for reporting.
- Linkify regex is smarter, based off of Gruber\'s regex.
- IDNA supported natively on PHP 5.3 and later.
- Non all-numeric top-level names (e.g., foo.1f, 1f) are now
allowed.
- Minor bounds error fix to squash a PHP 7 notice.
- Support non-/tmp temporary directories for data:// validation
- Give a better error message when a user attempts to allow
ul/ol without allowing li.
- On some versions of PHP, the Serializer DefinitionCache could
infinite loop when the directory exists but is not listable. (#49)
- Don\'t match for inside comments with
%Core.ConvertDocumentToFragment. (#67)
- SafeObject is now less case sensitive. (#57)
- AutoFormat.RemoveEmpty.Predicate now correctly renders in
web form. (#85)

Tue May 17 14:00:00 2016 jweberhoferAATTweberhofer.at
- Upgraded to Version 4.7.0

* opacity is now considered a \"tricky\" CSS property rather than a
proprietary one.

* %AutoFormat.RemoveEmpty.Predicate for specifying exactly when
an element should be considered \"empty\" (maybe preserve if it
has attributes), and modify iframe support so that the iframe
is removed if it is missing a src attribute. Thanks meeva for
reporting.

* Don\'t truncate upon encountering when using DOMLex.
Thanks Myrto Christina for finally convincing me to fix this.

* Update YouTube filter for new code.

* Fix parsing of rgb() values with spaces in them for \'border\'
attribute.

* Don\'t remove foo=\"\" attributes if foo is a boolean attribute.
Thanks valME for reporting.
- cleaned up spec file

Fri Jan 10 13:00:00 2014 jweberhoferAATTweberhofer.at
- Upgraded to Version 4.6.0

* Secure URI munge hashing algorithm has changed to hash_hmac(\"sha256\", $url,
$secret). Please update any verification scripts you may have.

* URI parsing algorithm was made more strict, so only prefixes which
looks like schemes will actually be schemes. Thanks Michael Gusev
for fixing.

* %Core.EscapeInvalidChildren is no longer supported, and no longer does
anything.

* New directive %Core.AllowHostnameUnderscore which allows underscores
in hostnames.

* Eliminate quadratic behavior in DOMLex by using a proper queue.
Thanks Ole Laursen for noticing this.

* Rewritten MakeWellFormed/FixNesting implementation eliminates quadratic
behavior in the rest of the purificaiton pipeline. Thanks Chedburn
Networks for sponsoring this work.

* Made Linkify URL parser a bit less permissive, so that non-breaking
spaces and commas are not included as part of URL. Thanks nAS for fixing.

* Fix some bad interactions with %HTML.Allowed and injectors. Thanks
David Hirtz for reporting.

* Fix infinite loop in DirectLex. Thanks Ashar Javed (AATTsoaj1664ashar)
for reporting.

Mon Apr 29 14:00:00 2013 jweberhoferAATTweberhofer.at
- Fixed a wrong channel dependency

Mon Apr 29 14:00:00 2013 jweberhoferAATTweberhofer.at
- Upgraded to Version 4.5.0

* Fix bug where stacked attribute transforms clobber each other; this also
means it\'s no longer possible to override attribute transforms in later
modules. No internal code was using this but this may break some clients.

* We now use SHA-1 to identify cached definitions, instead of MD5.

* Support display:inline-block

* Support for more white-space CSS values.

* Permit underscores in font families

* Support for page-break-
* CSS3 properties when proprietary properties
are enabled.

* New directive %Core.DisableExcludes; can be set to \'true\' to turn off
SGML excludes checking. If HTML Purifier is removing too much text
and you don\'t care about full standards compliance, try setting this to
\'true\'.

* Use prepend for SPL autoloading on PHP 5.3 and later.

* Fix bug with nofollow transform when pre-existing rel exists.

* Fix bug where background:url() always gets lower-cased
(but not background-image:url())

* Fix bug with non lower-case color names in HTML

* Fix bug where data URI validation doesn\'t remove temporary files.
Thanks Javier Marín Ros for reporting.

* Don\'t remove certain empty tags on RemoveEmpty.
- improved spec

Sat Apr 14 14:00:00 2012 jweberhoferAATTweberhofer.at
- fix requirements for non opensuse based distributions

Wed Mar 7 13:00:00 2012 jweberhoferAATTweberhofer.at
- Version 4.4.0
- Removed PEARSax3 handler.
- URI.Munge now munges URIs inside the same host that go from https
to http. Reported by Neike Taika-Tessaro.
- Core.EscapeNonASCIICharacters now always transforms entities to
entities, even if target encoding is UTF-8.
- Tighten up selector validation in ExtractStyleBlocks.
Non-syntactically valid selectors are now rejected, along with
some of the more obscure ones such as attribute selectors, the
:lang pseudoselector, and anything not in CSS2.1. Furthermore,
ID and class selectors now work properly with the relevant
configuration attributes. Also, mute errors when parsing CSS
with CSS Tidy.
- Added support for \'scope\' attribute on tables.
- Added %HTML.TargetBlank, which adds target=\"blank\" to all outgoing links.
- Properly handle sub-lists directly nested inside of lists in
a standards compliant way, by moving them into the preceding

  • - Added %HTML.AllowedComments and %HTML.AllowedCommentsRegexp for
    limited allowed comments in untrusted situations.
    - Implement iframes, and allow them to be used in untrusted mode with
    %HTML.SafeIframe and %URI.SafeIframeRegexp. Thanks Bradley M. Froehle
    for submitting an initial version of the patch.
    - The Forms module now works properly for transitional doctypes.
    - Added support for internationalized domain names. You need the PEAR
    Net_IDNA2 module to be in your path; if it is installed, ensure the
    class can be loaded and then set %Core.EnableIDNA to true.
    - Color keywords are now case insensitive. Thanks Yzmir Ramirez
    for reporting.
    - Explicitly initialize anonModule variable to null.
    - Do not duplicate nofollow if already present. Thanks 178
    for reporting.
    - Do not add nofollow if hostname matches our current host. Thanks 178
    for reporting, and Neike Taika-Tessaro for helping diagnose.
    - Do not unset parser variable; this fixes intermittent serialization
    problems. Thanks Neike Taika-Tessaro for reporting, bill
    <10010tigerAATTgmail.com> for diagnosing.
    - Fix iconv truncation bug, where non-UTF-8 target encodings see
    output truncated after around 8000 characters. Thanks Jörg Ludwig
    for reporting.
    - Fix broken table content model for XHTML1.1 (and also earlier
    versions, although the W3C validator doesn\'t catch those violations).
    Thanks GlitchMr for reporting.

    Tue May 24 14:00:00 2011 opendevelAATTweberhofer.at
    - corrected project homepage

    Fri May 20 14:00:00 2011 opendevelAATTweberhofer.at
    - package version 4.3.0
    - fixed some dependency issues


    		•   
    ICM