Merge branch '2.0'

.editorconfig

@@ -0,0 +1,28 @@
+; This file is for unifying the coding style for different editors and IDEs.
+; More information at http://editorconfig.org
+
+root = true
+
+[*]
+indent_style = spaces
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
+
+[*.js]
+indent_style = tabs
+indent_size = 4
+
+[*.css]
+indent_style = tabs
+indent_size = 4
+
+[*.bat]
+indent_style = tabs
+indent_size = 4
+end_of_line = crlf
+
+[*.yml]
+indent_style = tabs
+indent_size = 4

README.md

@@ -1,15 +1,15 @@
 CakePHP HTML Purifier Plugin
 ----------------------------
 
-[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.txt) 
-[![Build Status](https://img.shields.io/travis/burzum/cakephp-html-purifier/master.svg?style=flat-square)](https://travis-ci.org/burzum/cakephp-html-purifier) 
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.txt)
+[![Build Status](https://img.shields.io/travis/burzum/cakephp-html-purifier/master.svg?style=flat-square)](https://travis-ci.org/burzum/cakephp-html-purifier)
 [![Build Status](https://img.shields.io/coveralls/burzum/cakephp-html-purifier/master.svg?style=flat-square)](https://coveralls.io/r/burzum/cakephp-html-purifier)
 
-This is a CakePHP wrapper for the HTML Purifier lib. http://htmlpurifier.org/
+This is a CakePHP wrapper for [the HTML Purifier lib](http://htmlpurifier.org/).
 
 HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
 
-The plugin includes a Helper, Behavior and a Shell to clean your markup wherever you like, in the view or in Model::beforeMarshall().
+The plugin includes a trait, a view helper, a behavior and a shell to clean your markup wherever you like, in the view or in the model layer or clean any table and field using the shell.
 
 ---
 
@@ -43,6 +43,6 @@ Please feel free to contribute to the plugin with new issues, requests, unit tes
 License
 -------
 
-Copyright 2013 - 2015 Florian Krämer
+Copyright 2012 - 2016 Florian Krämer
 
 Licensed under the [MIT](http://www.opensource.org/licenses/mit-license.php) License. Redistributions of the source code included in this repository must retain the copyright notice found in each file.

docs/Configuration.md

@@ -0,0 +1,64 @@
+# Configuration
+
+## Purifier Filter Configuration
+
+Important: Before you start declaring a configuration you should lookup how HTML Purifier can be configured. http://htmlpurifier.org/docs
+
+In `config/boostrap.php` you can either set the purifier config as an array or pass a native config object.
+
+The array style would look like this:
+
+```php
+Purifier::config('ConfigName', array(
+		'HTML.AllowedElements' => 'a, em, blockquote, p, strong, pre, code, span,ul,ol,li,img',
+		'HTML.AllowedAttributes' => 'a.href, a.title, img.src, img.alt'
+	)
+);
+```
+
+The plugin will construct a HTML Purifier config from that and instantiate the purifier.
+
+A pure HTML Purifier config might look like this one:
+
+```php
+$config = HTMLPurifier_Config::createDefault();
+$config->set('HTML.AllowedElements', 'a, em, blockquote, p, strong, pre, code, span,ul,ol,li,img');
+$config->set('HTML.AllowedAttributes', 'a.href, a.title, img.src, img.alt');
+$config->set('HTML.AllowedAttributes', "*.style");
+$config->set('CSS.AllowedProperties', 'text-decoration');
+$config->set('HTML.TidyLevel', 'heavy');
+$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
+```
+
+Simply assign it to a config:
+
+```php
+Purifier::config('ConfigName', $config);
+```
+
+Now that you have a configured instance of HTML Purifier ready you can use it directly and get you an instance of the purifier
+
+```php
+Purifier::config('ConfigName');
+```
+
+or clean some dirty HTML directly by calling
+
+```php
+Purifier::clean($markup, 'ConfigName');
+```
+
+For some automatization you can also use the Behavior or Helper.
+
+## Caching ###
+
+It is recommended to change the path of the purifier libs cache to your `tmp` folder. For example:
+
+```php
+Purifier::config('ConfigName', array(
+		'Cache.SerializerPath' => ROOT . DS . 'tmp' . DS . 'purifier',
+	)
+);
+```
+
+See this page as well [http://htmlpurifier.org/live/configdoc/plain.html#Cache](http://htmlpurifier.org/live/configdoc/plain.html#Cache).

docs/Home.md

@@ -1,12 +1,20 @@
-Home
-====
+CakePHP HTML Purifier Plugin
+----------------------------
 
-The **Html Purifier** plugin
+This is a CakePHP wrapper for [the HTML Purifier lib](http://htmlpurifier.org/).
 
-Documentation
--------------
+HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
 
-* [Installation](Documentation/Installation.md)
-* [Configuration](Documentation/Configuration.md)
-* [If you use APC](Documentation/If-you-use-APC.md)
+The plugin includes a trait, a view helper, a behavior and a shell to clean your markup wherever you like, in the view or in the model layer or clean any table and field using the shell.
 
+* [Installation](Installation.md)
+* [Configuration](Configuration.md)
+* [Read this if you are using APC](If-you-are-using-APC.md)
+* [Usage](Usage.md)
+
+License
+-------
+
+Copyright 2012 - 2016 Florian Krämer
+
+Licensed under the [MIT](http://www.opensource.org/licenses/mit-license.php) License. Redistributions of the source code included in this repository must retain the copyright notice found in each file.

docs/If-you-are-using-APC.md

@@ -0,0 +1,15 @@
+# If you are using APC ...
+
+...and get this error message
+
+	Fatal error: Cannot override final method HTMLPurifier_VarParser::parse()
+
+you can fix this by adding
+
+```php
+Configure::write('HtmlPurifier.standalone', true);
+```
+
+to your bootstrap.php *before* you load this plugin.
+
+This line will use a compacted one file version of Html Purifier. This is an official and know issue and workaround, see http://htmlpurifier.org/phorum/read.php?3,4099,6680.

docs/Usage.md

@@ -0,0 +1,54 @@
+# Usage
+
+## The Behavior
+
+Set a config you want to use and the fields you want to sanitize.
+
+```php
+public $actsAs = array(
+	'Burzum/HtmlPurifier.HtmlPurifier' => array(
+		'config' => 'ConfigName',
+		'fields' => array(
+			'body', 'excerpt'
+		)
+	)
+);
+```
+
+## The Helper
+
+In your controller load the helper and set a default config if you want.
+
+```php
+public $helpers = array(
+	'Burzum/HtmlPurifier.HtmlPurifier' => array(
+		'config' => 'ConfigName'
+	)
+);
+```
+
+In the views you can then use the helper like this:
+
+```php
+$this->HtmlPurifier->clean($markup, 'ConfigName');
+```
+
+## The Shell
+
+Using the shell is very easy and self-explaining:
+
+```sh
+cake purify <table> <fields>
+```
+
+You can specify a purifier config to use as well:
+
+```sh
+cake purify <table> <fields> --config myconfig
+```
+
+## The Trait
+
+Where ever you need the purifier you can simply add it to your class by using the [PurifierTrait](../src/Lib/PurifierTrait.php).
+
+[See the official php documentation](http://php.net/manual/en/language.oop5.traits.php) for traits if you don't know how to use it.

src/Lib/Purifier.php

@@ -3,7 +3,7 @@
  * Purifier
  *
  * @author Florian Krämer
- * @copyright 2012 - 2015 Florian Krämer
+ * @copyright 2012 - 2016 Florian Krämer
  * @license MIT
  */
 namespace Burzum\HtmlPurifier\Lib;
@@ -77,7 +77,7 @@ public static function config($configName, $config = null)
      * @param string $configName
      * @return HTMLPurifier
      */
-    public static function getPurifierInstance($configName = null)
+    public static function getPurifierInstance($configName = 'default')
     {
         $_this = Purifier::getInstance();
 
@@ -97,7 +97,7 @@ public static function getPurifierInstance($configName = null)
      * @param string $markup
      * @param string $configName
      */
-    public static function clean($markup, $configName = null)
+    public static function clean($markup, $configName = 'default')
     {
         $_this = Purifier::getInstance();
 

src/Lib/PurifierTrait.php

@@ -3,7 +3,7 @@
  * Purifier
  *
  * @author Florian Krämer
- * @copyright 2012 - 2015 Florian Krämer
+ * @copyright 2012 - 2016 Florian Krämer
  * @license MIT
  */
 namespace Burzum\HtmlPurifier\Lib;
@@ -16,7 +16,7 @@ trait PurifierTrait {
      * @param string $markup
      * @param string $config
      */
-    public function purifyHtml($markup, $config = '')
+    public function purifyHtml($markup, $config = 'default')
     {
         return Purifier::clean($markup, $config);
     }

src/Model/Behavior/HtmlPurifierBehavior.php

@@ -3,7 +3,7 @@
  * Purifier
  *
  * @author Florian Krämer
- * @copyright 2012 - 2015 Florian Krämer
+ * @copyright 2012 - 2016 Florian Krämer
  * @license MIT
  */
 namespace Burzum\HtmlPurifier\Model\Behavior;