********* Updated question **************
So I have tried to implement my own AttrDef to HTMLPurifier but it doesn't "take", and I can't debug using die() either.
Here's what I have:
I created Transform.php in the HTMLPurifier/AttrDef/CSS/ directory. The only contents so far is this (I'm only trying to hook it in for now, I will add validating logics once I see that it is in the loop and thus can test it):
<?php
/**
* Validates Transform as defined by CSS.
*/
class HTMLPurifier_AttrDef_CSS_Transform extends HTMLPurifier_AttrDef
{
//basing this off of the color definition so the var is $color for now, may change it to $transform later
public function validate($color, $config, $context) {
return $color;
}
}
I added my file to library/HTMLPurifier.includes.php like this:
require 'HTMLPurifier/AttrDef/CSS/Transform.php';
and to the library/HTMLPurifier.safe-includes.php
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Transform.php';
(not sure about the difference between these two include files above but all AttrDef files seemed to be in both so I added my file to both as well).
Then I try to make use of this new definition by adding this to library/HTMLPurifier/CSSDefinition.php:
// transform
$this->info['transform'] = new HTMLPurifier_AttrDef_CSS_Transform();
It is as if all of my additions were never made, and I can't debug it by putting a die() in my own file either, nothing happens.
So any advice on where I went wrong or how I can debug this is very much appreciated.
*********** addition *******
I also tried a simple bypass by applying the Color-AttrDef to any transform property, in the CSSDefinition.php:
$this->info['transform'] = new HTMLPurifier_AttrDef_CSS_Color();
And I hacked the original Color definition like this:
//TODO: testing ways to bypass
if (strpos($color, 'rotate(') !== false) {
return $color;
}
Not working. Please advice on what I am missing.
