Update html purifier to 4.10.0

Bug #1759367 reported by Cecilia Vela Gurovic on 2018-03-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Cecilia Vela Gurovic
18.04
High
Cecilia Vela Gurovic
18.10
High
Cecilia Vela Gurovic

Bug Description

We need to upgrade HTML purifier to 4.10.0

http://repo.or.cz/w/htmlpurifier.git/blob/v4.10.0:/NEWS

no longer affects: mahara/18.10
no longer affects: mahara/18.04
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8739

Reviewed: https://reviews.mahara.org/8738
Committed: https://git.mahara.org/mahara/mahara/commit/63d7fa3ea5a4588fd19ba2879253a25f7f2e8b96
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 63d7fa3ea5a4588fd19ba2879253a25f7f2e8b96
Author: Son Nguyen <email address hidden>
Date: Wed Sep 24 16:01:14 2014 +1200

Bug 1759367: Cherry-pick for Allow CSS comments in customised skins.

Cherry pick of Bug 1369830 for the upgrade of html purifier to 4.10.0

As we add a new configuration option to HTML Purifier,
we have to update HTMLPurifier/ConfigSchema/schema.ser
1. Download and unzip HTMLPurifier package
2. Copy Filter.ExtractStyleBlocks.PreserveCSS.txt
from mahara to the unzip folder
3. Run php maintenance/generate-schema-cache.php in
unzup folder
4. Copy over lib/HTMLPurifier/ConfigSchema/schema.ser
from unzip folder to mahara

behatnotneeded

Change-Id: I42618f0998425d20f7732843af8a700260c8d96e

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8737
Committed: https://git.mahara.org/mahara/mahara/commit/031b0671a8fa1678d93c44a796d11a28a8a29083
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 031b0671a8fa1678d93c44a796d11a28a8a29083
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed Mar 28 11:08:10 2018 +1300

Bug 1759367: Upgrade htmlpurifier to 4.10.0

behatnotneeded

Change-Id: I7d63bac5106db51a0ac7409f415fe44e0de50b07

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8739
Committed: https://git.mahara.org/mahara/mahara/commit/ca09675611efac6b0f153871e8a7ee35ca3e6562
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit ca09675611efac6b0f153871e8a7ee35ca3e6562
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed Mar 28 11:19:01 2018 +1300

Bug 1759367: remove customization for color formats, not needed

Customization: Add more legal color formats such as rgba, hsl, and hsla
(Bug 1264098)
The library added support for the color formats in file
htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php

behatnotneeded

Change-Id: I60a59b25e54a6ad584518a1629450fdf37fbbaab

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8740
Committed: https://git.mahara.org/mahara/mahara/commit/7175f91e1295b7db52bc1302fda3c08305dc113d
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 7175f91e1295b7db52bc1302fda3c08305dc113d
Author: Aaron Wells <email address hidden>
Date: Wed Jun 10 12:33:49 2015 +1200

Bug 1759367: Cherry-pick for Prevent HTTP iframes on an HTTPS site

Cherry pick of Bug 1463629 for the upgrade of html purifier to 4.10.0

behatnotneeded

Change-Id: I0c89f64f567d55b8a9ffd3772bdc23563103a93d

Mahara Bot (dev-mahara) wrote :

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8760

Mahara Bot (dev-mahara) wrote :

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8762

Reviewed: https://reviews.mahara.org/8759
Committed: https://git.mahara.org/mahara/mahara/commit/8a99df746f15742830a471ff39aba5c9343fe74d
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 8a99df746f15742830a471ff39aba5c9343fe74d
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed Mar 28 11:08:10 2018 +1300

Bug 1759367: Upgrade htmlpurifier to 4.10.0

behatnotneeded

Change-Id: I7d63bac5106db51a0ac7409f415fe44e0de50b07

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8760
Committed: https://git.mahara.org/mahara/mahara/commit/ee33c18129082b1317373119b1c5777eabc44445
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit ee33c18129082b1317373119b1c5777eabc44445
Author: Son Nguyen <email address hidden>
Date: Wed Sep 24 16:01:14 2014 +1200

Bug 1759367: Cherry-pick for Allow CSS comments in customised skins.

Cherry pick of Bug 1369830 for the upgrade of html purifier to 4.10.0

As we add a new configuration option to HTML Purifier,
we have to update HTMLPurifier/ConfigSchema/schema.ser
1. Download and unzip HTMLPurifier package
2. Copy Filter.ExtractStyleBlocks.PreserveCSS.txt
from mahara to the unzip folder
3. Run php maintenance/generate-schema-cache.php in
unzup folder
4. Copy over lib/HTMLPurifier/ConfigSchema/schema.ser
from unzip folder to mahara

behatnotneeded

Change-Id: I42618f0998425d20f7732843af8a700260c8d96e

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8761
Committed: https://git.mahara.org/mahara/mahara/commit/1094e48814f0850aa3fba3bbefa9405dc7acece2
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 1094e48814f0850aa3fba3bbefa9405dc7acece2
Author: Cecilia Vela Gurovic <email address hidden>
Date: Wed Mar 28 11:19:01 2018 +1300

Bug 1759367: remove customization for color formats, not needed

Customization: Add more legal color formats such as rgba, hsl, and hsla
(Bug 1264098)
The library added support for the color formats in file
htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php

behatnotneeded

Change-Id: I60a59b25e54a6ad584518a1629450fdf37fbbaab

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8762
Committed: https://git.mahara.org/mahara/mahara/commit/2cb03d04c810a5963c81324267259096154a0d79
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 2cb03d04c810a5963c81324267259096154a0d79
Author: Aaron Wells <email address hidden>
Date: Wed Jun 10 12:33:49 2015 +1200

Bug 1759367: Cherry-pick for Prevent HTTP iframes on an HTTPS site

Cherry pick of Bug 1463629 for the upgrade of html purifier to 4.10.0

behatnotneeded

Change-Id: I0c89f64f567d55b8a9ffd3772bdc23563103a93d

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers