* fix js error.

Conflicts:
	module/build/model.php
	module/release/model.php

COPYING

@@ -1,4 +1,4 @@
-Z PUBLIC LICENSE授权协议1.1
+Z PUBLIC LICENSE 1.2
 
 许可
 
@@ -8,7 +8,7 @@ Z PUBLIC LICENSE 由青岛易软天创网络科技有限公司（www.cnezsoft.co
 
 前言：
 
-禅道项目管理软件（以下简称该软件）由  青岛易软天创网络科技有限公司（www.cnezsoft.com）开发（以下简称我）。我依法拥有该软件的所有版权。
+禅道项目管理软件（以下简称该软件）由 青岛易软天创网络科技有限公司（www.cnezsoft.com）开发（以下简称我）。我依法拥有该软件的所有版权。
 本着共享开放的角度，我以开放源代码的形式发布该软件。您可以在遵守该协议的前提下使用该软件。
 自您安装该软件开始，您和我之间的合同关系自动成立。除非您停止使用该软件或与我有签署额外合同，
 您须认真遵循该授权协议约定的每一条款。
@@ -24,25 +24,25 @@ QQ：    1492153927
 
 下述条款中所指该软件的标志包括如下方面：
 
-该软件源代码及文档中关于该软件的版权提示、文字、图片和链接。
-该软件运行时界面上呈现出来的有关该软件的文字、图片和链接。
+    该软件源代码及文档中关于该软件的版权提示、文字、图片和链接。
+    该软件运行时界面上呈现出来的有关该软件的文字、图片和链接。
 
 不包括如下方面：
 
-该软件提供的演示数据中关于该软件的文字、图片和链接。
+    该软件提供的演示数据中关于该软件的文字、图片和链接。
 
 一、免责
 
 该软件是以开放源代码的方式发行，您使用该软件无需任何费用，因此在使用该软件前，您须知晓：
 
-1.1 我没有对该软件提供任何技术支持的义务，您可联系我购买商业的技术支持。
-1.2 我对因使用该软件而产生直接或间接的任何问题不负任何责任。
-1.3 开源不等于免费，开源不等于无版权，开源软件的发展需要您我共同的努力。
+  1.1 我没有对该软件提供任何技术支持的义务，您可联系我购买商业的技术支持。  
+  1.2 我对因使用该软件而产生直接或间接的任何问题不负任何责任。  
+  1.3 开源不等于免费，开源不等于无版权，开源软件的发展需要您我共同的努力。
 
 二、自用该软件
 
 2.1 您个人或您就职的公司（组织）可自由使用该软件，我不对您或您就职公司（组织）的性质做任何限制。
-2.2 您可以在您个人或您就职公司（组织）任意数量的电脑上运行该软件，我不对电脑的数量做任何限制。 
+2.2 您可以在您个人或您就职公司（组织）任意数量的电脑上运行该软件，我不对电脑的数量做任何限制。
 2.3 您可以对该软件源代码进行修改以适应您个人或您所在公司（组织）使用的要求，您做的改动无需对外发布。
 2.4 您个人或您就职公司（组织）使用该软件时，必须保留该软件的所有标志，不得以任何方式隐藏或遮掩任一标志。
 
@@ -72,19 +72,19 @@ QQ：    1492153927
 5.3 您在发布或者集成该软件的时候，不得对该软件源码做任何改动。
 5.4 您在发布或者集成该软件的时候，须保留该软件的所有标志。
 
-六、发布基于该软件的扩展
+六、发布基于该软件的衍生作品
 
-6.1 我欢迎并感谢您为该软件开发扩展。
-6.2 您开发的扩展中涉及到对该软件源代码改动的地方，须遵循如下条款：
+6.1 我欢迎并感谢您为该软件开发衍生作品。
+6.2 您开发的衍生作品中涉及到对该软件源代码改动的地方，须遵循如下条款：
 
-6.2.1 凡涉及到该软件源代码改动的地方，须提供源代码。
-6.2.2 凡涉及到该软件源代码改动的地方，须保留代码里面该软件原有的所有标志。
-6.2.3 您可以在代码中追加您自己的标志。
-6.2.4 第三方的用户可在遵循5.2所有条款下可继续在您开发的扩展基础上进行改动并发布。
-6.2.5 您可以对您开发的扩展进行收费。
+  6.2.1 如修改了该软件的源代码，须依据本协议发布修改后的源代码。 
+  6.2.2 如修改了该软件的源代码，须保留代码里面该软件原有的所有标志。 
+  6.2.3 您可以在代码中追加您自己的标志。 
+  6.2.4 您可以对您开发的衍生作品进行收费。  
+  6.2.5 第三方的用户可在遵循6.2所有条款下可继续在您开发的衍生作品基础上进行修改并发布。
 
-6.3 您开发的扩展中独立开发的代码，可以源代码或二进制的方式进行发布，可免费或收费发布。
-6.4 您开发的扩展不得以任何方式去除、隐藏或遮掩该软件的任一标志。
+6.3 您开发的衍生作品中独立于本软件开发的代码，可以源代码或二进制的方式进行发布，可免费或收费发布。
+6.4 您开发的衍生作品不得以任何方式去除、隐藏或遮掩该软件的任一标志。
 
 七、发布基于该软件API的应用
 
@@ -100,3 +100,106 @@ QQ：    1492153927
 九、合同约束
 
 9.1 如果您违反了该协议的任一条款，该授权协议将自动终止，我保留通过法律手段追究责任的权利。
+
+Z PUBLIC LICENSE 1.2
+
+Authorization
+
+Z PUBLIC LICENSE, also known as ZPL Agreement, is drafted by QingDao Nature Easy Soft Network Technology Co,LTD. (,www.cnezsoft.com).
+Anyone can use the agreement to publish open source software, and modify the blank underlined part of the following text of the agreement accordingly. 
+No other text of the agreement shall be changed. QingDao Nature Easy Soft Network Technology Co,LTD has the final authority to interpret the terms of the agreement.
+
+Preface
+
+ZenTaoPMS (Hereinafter referred to as "the software") developed by Nature EasySoft Network Tecnology Co.ltd, QingDao, China (www.cnezsoft.com) (hereinafter referred to I). I'm entitled to all copyright of the software. 
+The software is released as open source software. You are authorized to use the software as long as you are in compliance with this agreement. 
+By installation of the software, you agree that a contractual relationship between you and me is automatically established. 
+You are obliged to fully comply with all the terms of this agreement unless you choose to stop using the software or you have signed additional contracts with me.
+
+My Contact: 
+Contact: Mr. Xu
+Phone: 4006-8899-23
+Email: co@cnezsoft.com
+QQ:    1492153927
+Address:  Qingdao Development Zone, the Oriental Kenzo C 1106
+
+We agree: 
+
+Indications of the software include: 
+
+    Notes, texts, pictures and links showing copyright attribution of the software in the source code and related documentation.                                  
+    and texts, picture and links on the interface of the software when running.
+
+Excluding
+
+    texts, picture and links on the interface of the demo versions of the software.
+
+1. Disclaimer
+
+The software is an open-source software, so you are authorized to use the software without paying a fee. Before you start to use it, please note:
+
+  1.1 I do not have any obligation to provide technical support for the software. You can contact me to purchase technical support service.
+  1.2 I'm not responsible for any liability caused by your using the software directly or indirectly.
+  1.3 Open source software does not mean it's free of charge, neither does it mean the software does not enjoy copyright. 
+
+2. For personal use 
+
+2.1 You or your company/organization are authorized to use the software for your internal use for both commercial and non-commercial purposes..
+2.2 You or your company/organization are authorized to run the software on any number of computers.
+2.3 You or your company/organization are authorized to modify the source code of the software to meet your requirements. You do not need to release the modified codes.
+2.4 You or your company/organization must keep all the indications of the software when using it. None of the indications can be removed, hidden or obscured in any way.
+
+3. For customized software
+
+3.1 You are authorized to use the software to deploy various forms of application for your users in any way you like.
+3.2 You are authorized to use the software to deploy any number of applications for your users.
+3.3 You are authorized to modify the source code to meet your user's requirements without releasing the modified codes.
+3.4 You are authorized to provide the modified codes to your users in either source code form or binary. 
+3.5 You must keep all the indications of the software when providing applications to your users.
+3.6 None of the indications of the software may be removed, hidden or obscured in any way when you provide applications to your users. 
+
+4. Online service
+
+4.1 You are authorized to use the software to build your online service for your users in any way you like.
+4.2 You are authorized to use the software to build your online service for any number of your users.
+4.3 You are authorized to modify the source codes of the software to meet your user's requirements on online service without releasing the modified codes.
+4.4 You must notify your users clearly that your service is based on the software when you use it to build your online service.
+4.5 You must keep all the indications of the software when providing online service to your users.
+4.6 You must keep all the indications of the software in any application you make for your users. None of the indications can be hidden or obscured in any way.
+4.7 You are forbidden from assisting your users by providing tools for your users to remove, hide or obscure any indication of the software when you use the software to build your online service.
+
+5. Publish or integrate the software without modification 
+
+5.1 You are authorized to publish the software on your personal sites, corporate official website or other third-party sites.
+5.2 You are authorized to integrate the software  with other systems, such as cloud virtual machine images, operating system images and so on.
+5.3 Do not modify the source code of the software when you publish or integrate it.
+5.4 All indications of the software must be kept the same when you publish or integrate the software.
+
+6. Publish derived work based on the software
+
+6.1 You are authorized to develop derived work based on the software.
+6.2 The modified codes of the software in your derived work must follow the following terms:
+
+  6.2.1 The source codes must be released if you make any modification to the software.  
+  6.2.2 All indications of the software must be kept the same.  
+  6.2.3 You are entitled to add your indications to the modified codes.  
+  6.2.4 You are entitled to charge fees for the derived work you developed based on the software.  
+  6.2.5 You agree to authorize third party users to modify and release the derived work in compliance with 6.2.
+
+6.3 If the codes of the work are independently developed by yourself, You are authorized to release the work in either source code form or binary. You are entitled to charge your users or make it free.
+6.4 None of the indications of the software can be removed, hidden or obscured in any way in the derived work you developed.
+
+7. Publish applications based on API of the software
+
+7.1 You are authorized to develop your applications based on the API of the software, for example, client software.
+7.2 You are authorized to publish applications you developed based on the API in either source code form or binary.
+7.3 You are authorized to use your own license to release applications you developed based on the API. 
+7.4 You are entitled to release applications you developed based on the API either free or with a charge.
+
+8. Exceptions
+
+If the terms above do not meet your requirements when using the software, please contact me for a more flexible license.
+
+9. Termination
+
+9.1 Violation of any of the terms of the agreement will result in immediate termination of this license. I reserve all rights to take legal actions in case of dispute. 

README.md

@@ -1 +1,48 @@
-欢迎访问<a href='http://www.zentao.net' target='_blank'>禅道项目管理软件</a>主站，获得最新动态和文档支持。
+1. What is ZenTao for?
+=====================
+
+ZenTao, developed by Nature Easy Soft Network Technology Development Co. Ltd, is an open source project management software. Combining product management, project management, quality management, document project, organization management and todo management, ZenTao is professional R&D project management software, completely covering the core processes of R & D project. Results-oriented with perfect functions, easy operation, beautiful interface, powerful search functions, various statistical statements and complete API, ZenTao is reasonably structured and can be extended flexibly.
+
+ZenTao - focuses on R & D project management.
+
+2. Why are we called ZenTao?
+============================
+
+In Chinese, Zen(禅) and Tao(道) are two words that have rich meanings in both religion and culture. ZenTao Project Management Software is originated in the cultural meanings of Zen and Tao, expecting to convey our understanding and thinking on management. Inspired by two books The Tao of Programming and The Zen of Programming, we name our software ZenTao.
+
+3. Design philosophy of ZenTao Project Management Software
+==========================================================
+
+The main management theory of ZenTao Project Management Software is based on Scrum, an internationally popular agile management methodology. Results-oriented and operable, Scrum is very suitable for the fast sprint development of software development projects. However, Scrum only defines the core management framework. There are still many details and processes needing to be extended by the teams. On the basis of following the management methods of Scrum and with the consideration of the current domestic R&D status, ZenTao integrates the functions, such as bug management, test case management, release management and document management and completely covers the entire life cycle of software R&D projects. In ZenTao, the concepts of product, project and test are clearly defined. Product team, development team and testing team coordinate and check with each other while they are separated. With the interaction through requirements, tasks and bugs between the three teams, qualified products are ultimately made within the project.
+
+4. Why choose ZenTao Project Management Software
+===============================================
+
+* ZenTao is a professional R&D project management software, beyond comparison with any other simple project management software.
+* Precise and pragmatic management theory, which will help companies achieve fast and agile development.
+* Complete functions: you don’t need to integrate several systems together, like mantisbt + trac + testlink.
+* Open source codes and flexible extension mechanism, convenient for uses and secondary development of companies.
+* Underlying framework and front-end UI framework developed independently: robust and stable with beautiful interface and friendly interaction.
+* Perfect community mechanism:  you can get timely technical support and help.
+* Zero input: you have no risk for choosing ZenTao compared with other commercial software of tens of thousands of dollars.
+* Various deployments supported, either private deployment or cloud services.
+
+5. Function lists of ZenTao Project Management Software
+======================================================
+
+* Product management: including products, requirements, plans, releases and roadmaps;
+* Project management: including projects, tasks, teams, versions and burn-down charts;
+* Quality management: including bus, test cases, test tasks and test results;
+* Document management: including product document library, project document library and user-defined document library;
+* Affair management: including to-do management and personal affairs management like my tasks, my bugs, my requirement and my projects;
+* Organization management: including department, users, groups and authorities;
+* Statistics function: various statistical statements;
+* Search function: powerful search functions to help you find the data you need.
+* Extension mechanism:extensible nearly anywhere in ZenTao;
+* API mechanism, visible API: convenient for integration with other systems.
+
+6. Website
+==========
+
+Our website is: [www.zentao.pm](http://www.zentao.pm)
+

VERSION

@@ -1 +1 @@
-7.2.5
+8.0.stable

config/config.php

@@ -5,7 +5,7 @@
  * Don't modify this file directly, copy the item to my.php and change it.
  *
  * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
- * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @license     ZPL (http://zpl.pub/page/zplv12.html)
  * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
  * @package     config
  * @version     $Id: config.php 5068 2013-07-08 02:41:22Z wyd621@gmail.com $
@@ -17,7 +17,7 @@ if(!function_exists('getWebRoot')){function getWebRoot(){}}
 
 /* Basic settings. */
 $config = new config();
-$config->version      = '7.2.5';             // The version of zentaopms. Don't change it.
+$config->version      = '8.0';             // The version of zentaopms. Don't change it.
 $config->charset      = 'UTF-8';           // The charset of zentaopms.
 $config->cookieLife   = time() + 2592000;  // The cookie life time.
 $config->timezone     = 'Asia/Shanghai';   // The time zone setting, for more see http://www.php.net/manual/en/timezones.php
@@ -130,8 +130,10 @@ define('TABLE_TESTRESULT',    '`' . $config->db->prefix . 'testresult`');
 define('TABLE_USERTPL',       '`' . $config->db->prefix . 'usertpl`');
 
 define('TABLE_PRODUCT',       '`' . $config->db->prefix . 'product`');
+define('TABLE_BRANCH',        '`' . $config->db->prefix . 'branch`');
 define('TABLE_STORY',         '`' . $config->db->prefix . 'story`');
 define('TABLE_STORYSPEC',     '`' . $config->db->prefix . 'storyspec`');
+define('TABLE_STORYSTAGE',    '`' . $config->db->prefix . 'storystage`');
 define('TABLE_PRODUCTPLAN',   '`' . $config->db->prefix . 'productplan`');
 define('TABLE_RELEASE',       '`' . $config->db->prefix . 'release`');
 
@@ -173,6 +175,7 @@ $config->objectTables['doc']         = TABLE_DOC;
 $config->objectTables['doclib']      = TABLE_DOCLIB;
 $config->objectTables['todo']        = TABLE_TODO;
 $config->objectTables['custom']      = TABLE_LANG;
+$config->objectTables['branch']      = TABLE_BRANCH;
 
 /* Include extension config files. */
 $extConfigFiles = glob($configRoot . 'ext/*.php');

db/demo.sql

@@ -218,13 +218,13 @@ INSERT INTO `zt_module` (`id`, `root`, `name`, `parent`, `path`, `grade`, `order
 INSERT INTO `zt_module` (`id`, `root`, `name`, `parent`, `path`, `grade`, `order`, `type`, `owner`) VALUES(13, 1, '合作洽谈', 0, ',13,', 1, 60, 'bug', '');
 INSERT INTO `zt_module` (`id`, `root`, `name`, `parent`, `path`, `grade`, `order`, `type`, `owner`) VALUES(14, 1, '关于我们', 0, ',14,', 1, 70, 'bug', '');
 
-INSERT INTO `zt_product` (`id`, `name`, `code`, `status`, `desc`, `PO`, `QD`, `RD`, `acl`, `whitelist`, `createdBy`, `createdDate`, `order`, `deleted`) VALUES(1, '公司企业网站建设', 'companyWebsite', 'normal', '建立公司企业网站，可以更好对外展示。<br />', 'productManager', 'testManager', 'productManager', 'open', '', 'productManager', '2012-06-05 09:57:07', '1', '0');
-INSERT INTO `zt_product` (`id`, `name`, `code`, `status`, `desc`, `PO`, `QD`, `RD`, `acl`, `whitelist`, `createdBy`, `createdDate`, `order`, `createdVersion`, `deleted`) VALUES(2, '企业内部工时管理系统', 'workhourManage', 'normal', '', 'productManager', 'testManager', 'productManager', 'open', '', 'productManager', '2012-06-05 11:15:20', '2', '5.2.1', '0');
+INSERT INTO `zt_product` (`id`, `name`, `code`, `status`, `desc`, `PO`, `QD`, `RD`, `acl`, `whitelist`, `createdBy`, `createdDate`, `order`, `deleted`) VALUES(1, '公司企业网站建设', 'companyWebsite', 'normal', '建立公司企业网站，可以更好对外展示。<br />', 'productManager', 'testManager', 'productManager', 'open', '', 'productManager', '2012-06-05 09:57:07', '5', '0');
+INSERT INTO `zt_product` (`id`, `name`, `code`, `status`, `desc`, `PO`, `QD`, `RD`, `acl`, `whitelist`, `createdBy`, `createdDate`, `order`, `createdVersion`, `deleted`) VALUES(2, '企业内部工时管理系统', 'workhourManage', 'normal', '', 'productManager', 'testManager', 'productManager', 'open', '', 'productManager', '2012-06-05 11:15:20', '10', '5.2.1', '0');
 
 INSERT INTO `zt_productplan` (`id`, `product`, `title`, `desc`, `begin`, `end`, `deleted`) VALUES(1, 1, '1.0版本', '开发出企业网站1.0版本。<br />', '2000-01-01', '2015-01-01', '0');
 
-INSERT INTO `zt_project` (`id`, `isCat`, `catID`, `type`, `parent`, `name`, `code`, `begin`, `end`, `days`, `status`, `statge`, `pri`, `desc`, `openedBy`, `openedDate`, `closedBy`, `closedDate`, `canceledBy`, `canceledDate`, `PO`, `PM`, `QD`, `RD`, `team`, `acl`, `whitelist`, `order`, `deleted`) VALUES(1, '0', 0, 'sprint', 0, '企业网站第一期', 'coWeb1', '2012-06-05', '2012-12-04', 184, 'done', '1', '1', '开发企业网站的基本雏形。<br />', '', 0, '', 0, '', 0, 'productManager', 'projectManager', 'testManager', 'productManager', '公司开发团队', 'open', '', '1', '0');
-INSERT INTO `zt_project` (`id`, `isCat`, `catID`, `type`, `parent`, `name`, `code`, `begin`, `end`, `days`, `status`, `statge`, `pri`, `desc`, `openedBy`, `openedDate`, `closedBy`, `closedDate`, `canceledBy`, `canceledDate`, `PO`, `PM`, `QD`, `RD`, `team`, `acl`, `whitelist`, `order`, `deleted`) VALUES(2, '0', 0, 'sprint', 0, '企业网站第二期', 'coWebsite2', '2013-06-05', '2014-06-04', 365, 'wait', '1', '1', '', '', 0, '', 0, '', 0, 'productManager', 'projectManager', 'testManager', 'productManager', '公司开发团队', 'open', '', '2', '0');
+INSERT INTO `zt_project` (`id`, `isCat`, `catID`, `type`, `parent`, `name`, `code`, `begin`, `end`, `days`, `status`, `statge`, `pri`, `desc`, `openedBy`, `openedDate`, `closedBy`, `closedDate`, `canceledBy`, `canceledDate`, `PO`, `PM`, `QD`, `RD`, `team`, `acl`, `whitelist`, `order`, `deleted`) VALUES(1, '0', 0, 'sprint', 0, '企业网站第一期', 'coWeb1', '2012-06-05', '2012-12-04', 184, 'done', '1', '1', '开发企业网站的基本雏形。<br />', '', 0, '', 0, '', 0, 'productManager', 'projectManager', 'testManager', 'productManager', '公司开发团队', 'open', '', '5', '0');
+INSERT INTO `zt_project` (`id`, `isCat`, `catID`, `type`, `parent`, `name`, `code`, `begin`, `end`, `days`, `status`, `statge`, `pri`, `desc`, `openedBy`, `openedDate`, `closedBy`, `closedDate`, `canceledBy`, `canceledDate`, `PO`, `PM`, `QD`, `RD`, `team`, `acl`, `whitelist`, `order`, `deleted`) VALUES(2, '0', 0, 'sprint', 0, '企业网站第二期', 'coWebsite2', '2013-06-05', '2014-06-04', 365, 'wait', '1', '1', '', '', 0, '', 0, '', 0, 'productManager', 'projectManager', 'testManager', 'productManager', '公司开发团队', 'open', '', '10', '0');
 
 INSERT INTO `zt_projectproduct` (`project`, `product`) VALUES(1, 1);
 INSERT INTO `zt_projectproduct` (`project`, `product`) VALUES(2, 1);

db/update7.3.sql

@@ -0,0 +1,32 @@
+ALTER TABLE `zt_action` CHANGE `extra` `extra` text COLLATE 'utf8_general_ci' NOT NULL AFTER `comment`;
+ALTER TABLE `zt_release` ADD `leftBugs` text COLLATE 'utf8_general_ci' NOT NULL AFTER `bugs`;
+ALTER TABLE `zt_release` ADD `status` varchar(20) COLLATE 'utf8_general_ci' NOT NULL DEFAULT 'normal' AFTER `desc`;
+ALTER TABLE `zt_product` ADD `type` varchar(30) COLLATE 'utf8_general_ci' NOT NULL DEFAULT 'normal' AFTER `code`;
+
+ALTER TABLE `zt_projectproduct` ADD `branch` mediumint(8) unsigned NOT NULL;
+ALTER TABLE `zt_productplan` ADD `branch` mediumint(8) unsigned NOT NULL AFTER `product`;
+ALTER TABLE `zt_build` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `product`;
+ALTER TABLE `zt_release` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `product`;
+ALTER TABLE `zt_bug` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `product`;
+ALTER TABLE `zt_case` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `product`;
+ALTER TABLE `zt_module` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `root`;
+ALTER TABLE `zt_story` ADD `branch` mediumint(8) unsigned NOT NULL DEFAULT '0' AFTER `product`;
+
+CREATE TABLE IF NOT EXISTS `zt_branch` (
+  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
+  `product` mediumint(8) unsigned NOT NULL,
+  `name` varchar(255) NOT NULL,
+  `deleted` enum('0','1') NOT NULL DEFAULT '0',
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+CREATE TABLE IF NOT EXISTS `zt_storystage` (
+  `story` mediumint(8) unsigned NOT NULL,
+  `branch` mediumint(8) unsigned NOT NULL,
+  `stage` varchar(50) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+ALTER TABLE `zt_story` ADD INDEX `product` (`product`, `module`, `type`, `pri`), DROP INDEX `product`;
+ALTER TABLE `zt_story` CHANGE `plan` `plan` text COLLATE 'utf8_general_ci' NOT NULL AFTER `module`;
+UPDATE `zt_story` SET `plan`='' WHERE `plan`='0';
+
+ALTER TABLE `zt_release` DROP INDEX `name`;
+ALTER TABLE `zt_user` ADD `ranzhi` char(30) COLLATE 'utf8_general_ci' NOT NULL DEFAULT '' AFTER `locked`;

db/update7.4.beta.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `zt_story` CHANGE `plan` `plan` text COLLATE 'utf8_general_ci' NOT NULL AFTER `module`;
+UPDATE `zt_story` SET `plan`='' WHERE `plan`='0';

db/zentao.sql

@@ -9,14 +9,24 @@ CREATE TABLE IF NOT EXISTS `zt_action` (
   `action` varchar(30) NOT NULL default '',
   `date` datetime NOT NULL,
   `comment` text NOT NULL,
-  `extra` varchar(255) NOT NULL,
+  `extra` text NOT NULL,
   `read` enum('0','1') NOT NULL default '0',
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+-- DROP TABLE IF EXISTS `zt_branch`;
+CREATE TABLE IF NOT EXISTS `zt_branch` (
+  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
+  `product` mediumint(8) unsigned NOT NULL,
+  `name` varchar(255) NOT NULL,
+  `deleted` enum('0','1') NOT NULL DEFAULT '0',
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- DROP TABLE IF EXISTS `zt_bug`;
 CREATE TABLE IF NOT EXISTS `zt_bug` (
   `id` mediumint(8) NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `module` mediumint(8) unsigned NOT NULL default '0',
   `project` mediumint(8) unsigned NOT NULL default '0',
   `plan` mediumint(8) unsigned NOT NULL default '0',
@@ -65,6 +75,7 @@ CREATE TABLE IF NOT EXISTS `zt_bug` (
 CREATE TABLE IF NOT EXISTS `zt_build` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `project` mediumint(8) unsigned NOT NULL default '0',
   `name` char(150) NOT NULL,
   `scmPath` char(255) NOT NULL,
@@ -89,6 +100,7 @@ CREATE TABLE IF NOT EXISTS `zt_burn` (
 CREATE TABLE IF NOT EXISTS `zt_case` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `module` mediumint(8) unsigned NOT NULL default '0',
   `path` mediumint(8) unsigned NOT NULL default '0',
   `story` mediumint(30) unsigned NOT NULL default '0',
@@ -323,6 +335,7 @@ CREATE TABLE IF NOT EXISTS `zt_mailqueue` (
 CREATE TABLE IF NOT EXISTS `zt_module` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `root` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `name` char(60) NOT NULL default '',
   `parent` mediumint(8) unsigned NOT NULL default '0',
   `path` char(255) NOT NULL default '',
@@ -337,6 +350,7 @@ CREATE TABLE IF NOT EXISTS `zt_product` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `name` varchar(90) NOT NULL,
   `code` varchar(45) NOT NULL,
+  `type` varchar(30) NOT NULL default 'normal',
   `status` varchar(30) NOT NULL default '',
   `desc` text NOT NULL,
   `PO` varchar(30) NOT NULL,
@@ -355,6 +369,7 @@ CREATE TABLE IF NOT EXISTS `zt_product` (
 CREATE TABLE IF NOT EXISTS `zt_productplan` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL,
+  `branch` mediumint(8) unsigned NOT NULL,
   `title` varchar(90) NOT NULL,
   `desc` text NOT NULL,
   `begin` date NOT NULL,
@@ -401,6 +416,7 @@ CREATE TABLE IF NOT EXISTS `zt_project` (
 CREATE TABLE IF NOT EXISTS `zt_projectproduct` (
   `project` mediumint(8) unsigned NOT NULL,
   `product` mediumint(8) unsigned NOT NULL,
+  `branch` mediumint(8) unsigned NOT NULL,
   PRIMARY KEY  (`project`,`product`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- DROP TABLE IF EXISTS `zt_projectstory`;
@@ -415,22 +431,25 @@ CREATE TABLE IF NOT EXISTS `zt_projectstory` (
 CREATE TABLE IF NOT EXISTS `zt_release` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `build` mediumint(8) unsigned NOT NULL,
   `name` char(30) NOT NULL default '',
   `date` date NOT NULL,
   `stories` text NOT NULL,
   `bugs` text NOT NULL,
+  `leftBugs` text NOT NULL,
   `desc` text NOT NULL,
+  `status` varchar(20) NOT NULL default 'normal',
   `deleted` enum('0','1') NOT NULL default '0',
-  PRIMARY KEY  (`id`),
-  UNIQUE KEY `name` (`name`)
+  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- DROP TABLE IF EXISTS `zt_story`;
 CREATE TABLE IF NOT EXISTS `zt_story` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
   `product` mediumint(8) unsigned NOT NULL default '0',
+  `branch` mediumint(8) unsigned NOT NULL default '0',
   `module` mediumint(8) unsigned NOT NULL default '0',
-  `plan` mediumint(8) unsigned NOT NULL default '0',
+  `plan` text NOT NULL default '',
   `source` varchar(20) NOT NULL,
   `fromBug` mediumint(8) unsigned NOT NULL default '0',
   `title` varchar(255) NOT NULL,
@@ -459,7 +478,7 @@ CREATE TABLE IF NOT EXISTS `zt_story` (
   `version` smallint(6) NOT NULL default '1',
   `deleted` enum('0','1') NOT NULL default '0',
   PRIMARY KEY  (`id`),
-  KEY `product` (`product`,`module`,`plan`,`type`,`pri`),
+  KEY `product` (`product`,`module`,`type`,`pri`),
   KEY `status` (`status`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- DROP TABLE IF EXISTS `zt_storyspec`;
@@ -471,6 +490,12 @@ CREATE TABLE IF NOT EXISTS `zt_storyspec` (
   `verify` text NOT NULL,
   UNIQUE KEY `story` (`story`,`version`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+-- DROP TABLE IF EXISTS `zt_storystage`;
+CREATE TABLE IF NOT EXISTS `zt_storystage` (
+  `story` mediumint(8) unsigned NOT NULL,
+  `branch` mediumint(8) unsigned NOT NULL,
+  `stage` varchar(50) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- DROP TABLE IF EXISTS `zt_task`;
 CREATE TABLE IF NOT EXISTS `zt_task` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
@@ -621,6 +646,7 @@ CREATE TABLE IF NOT EXISTS `zt_user` (
   `last` int(10) unsigned NOT NULL default '0',
   `fails` tinyint(5) NOT NULL default '0',
   `locked` datetime NOT NULL default '0000-00-00 00:00:00',
+  `ranzhi` char(30) NOT NULL default '',
   `deleted` enum('0','1') NOT NULL default '0',
   PRIMARY KEY  (`id`),
   UNIQUE KEY `account` (`account`),
@@ -831,6 +857,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (1, 'my', 'testCase'),
 (1, 'my', 'testTask'),
 (1, 'my', 'todo'),
+(1, 'my', 'unbind'),
 (1, 'product', 'batchEdit'),
 (1, 'product', 'browse'),
 (1, 'product', 'close'),
@@ -845,6 +872,8 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (1, 'product', 'roadmap'),
 (1, 'product', 'view'),
 (1, 'product', 'updateOrder'),
+(1, 'branch', 'manage'),
+(1, 'branch', 'delete'),
 (1, 'productplan', 'batchUnlinkBug'),
 (1, 'productplan', 'batchUnlinkStory'),
 (1, 'productplan', 'browse'),
@@ -903,6 +932,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (1, 'release', 'unlinkBug'),
 (1, 'release', 'unlinkStory'),
 (1, 'release', 'view'),
+(1, 'release', 'changeStatus'),
 (1, 'report', 'bugAssign'),
 (1, 'report', 'bugCreate'),
 (1, 'report', 'index'),
@@ -917,6 +947,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (1, 'story', 'activate'),
 (1, 'story', 'batchAssignTo'),
 (1, 'story', 'batchChangePlan'),
+(1, 'story', 'batchChangeBranch'),
 (1, 'story', 'batchChangeStage'),
 (1, 'story', 'batchClose'),
 (1, 'story', 'batchCreate'),
@@ -1026,6 +1057,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (1, 'user', 'todo'),
 (1, 'user', 'unlock'),
 (1, 'user', 'view'),
+(1, 'user', 'unbind'),
 (2, 'action', 'editComment'),
 (2, 'api', 'getModel'),
 (2, 'bug', 'activate'),
@@ -1080,6 +1112,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (2, 'my', 'story'),
 (2, 'my', 'task'),
 (2, 'my', 'todo'),
+(2, 'my', 'unbind'),
 (2, 'product', 'browse'),
 (2, 'product', 'doc'),
 (2, 'product', 'dynamic'),
@@ -1238,6 +1271,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (3, 'my', 'testCase'),
 (3, 'my', 'testTask'),
 (3, 'my', 'todo'),
+(3, 'my', 'unbind'),
 (3, 'product', 'browse'),
 (3, 'product', 'doc'),
 (3, 'product', 'dynamic'),
@@ -1437,6 +1471,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (4, 'my', 'testCase'),
 (4, 'my', 'testTask'),
 (4, 'my', 'todo'),
+(4, 'my', 'unbind'),
 (4, 'product', 'browse'),
 (4, 'product', 'doc'),
 (4, 'product', 'dynamic'),
@@ -1636,6 +1671,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (5, 'my', 'testCase'),
 (5, 'my', 'testTask'),
 (5, 'my', 'todo'),
+(5, 'my', 'unbind'),
 (5, 'product', 'batchEdit'),
 (5, 'product', 'browse'),
 (5, 'product', 'close'),
@@ -1650,6 +1686,8 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (5, 'product', 'roadmap'),
 (5, 'product', 'view'),
 (5, 'product', 'updateOrder'),
+(5, 'branch', 'manage'),
+(5, 'branch', 'delete'),
 (5, 'productplan', 'batchUnlinkBug'),
 (5, 'productplan', 'batchUnlinkStory'),
 (5, 'productplan', 'browse'),
@@ -1708,6 +1746,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (5, 'release', 'unlinkBug'),
 (5, 'release', 'unlinkStory'),
 (5, 'release', 'view'),
+(5, 'release', 'changeStatus'),
 (5, 'report', 'bugAssign'),
 (5, 'report', 'bugCreate'),
 (5, 'report', 'index'),
@@ -1721,6 +1760,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (5, 'search', 'select'),
 (5, 'story', 'activate'),
 (5, 'story', 'batchChangePlan'),
+(5, 'story', 'batchChangeBranch'),
 (5, 'story', 'batchChangeStage'),
 (5, 'story', 'batchClose'),
 (5, 'story', 'batchCreate'),
@@ -1865,6 +1905,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (6, 'my', 'testCase'),
 (6, 'my', 'testTask'),
 (6, 'my', 'todo'),
+(6, 'my', 'unbind'),
 (6, 'product', 'browse'),
 (6, 'product', 'doc'),
 (6, 'product', 'dynamic'),
@@ -2062,6 +2103,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (7, 'my', 'testCase'),
 (7, 'my', 'testTask'),
 (7, 'my', 'todo'),
+(7, 'my', 'unbind'),
 (7, 'product', 'batchEdit'),
 (7, 'product', 'browse'),
 (7, 'product', 'close'),
@@ -2076,6 +2118,8 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (7, 'product', 'roadmap'),
 (7, 'product', 'view'),
 (7, 'product', 'updateOrder'),
+(7, 'branch', 'manage'),
+(7, 'branch', 'delete'),
 (7, 'productplan', 'batchUnlinkBug'),
 (7, 'productplan', 'batchUnlinkStory'),
 (7, 'productplan', 'browse'),
@@ -2117,6 +2161,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (7, 'release', 'unlinkBug'),
 (7, 'release', 'unlinkStory'),
 (7, 'release', 'view'),
+(7, 'release', 'changeStatus'),
 (7, 'report', 'bugAssign'),
 (7, 'report', 'bugCreate'),
 (7, 'report', 'index'),
@@ -2131,6 +2176,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (7, 'story', 'activate'),
 (7, 'story', 'batchAssignTo'),
 (7, 'story', 'batchChangePlan'),
+(7, 'story', 'batchChangeBranch'),
 (7, 'story', 'batchChangeStage'),
 (7, 'story', 'batchClose'),
 (7, 'story', 'batchCreate'),
@@ -2269,6 +2315,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (8, 'my', 'testCase'),
 (8, 'my', 'testTask'),
 (8, 'my', 'todo'),
+(8, 'my', 'unbind'),
 (8, 'product', 'browse'),
 (8, 'product', 'doc'),
 (8, 'product', 'dynamic'),
@@ -2456,6 +2503,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (9, 'my', 'testCase'),
 (9, 'my', 'testTask'),
 (9, 'my', 'todo'),
+(9, 'my', 'unbind'),
 (9, 'product', 'browse'),
 (9, 'product', 'doc'),
 (9, 'product', 'dynamic'),
@@ -2548,6 +2596,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (9, 'user', 'todo'),
 (9, 'user', 'unlock'),
 (9, 'user', 'view'),
+(9, 'user', 'unbind'),
 (10, 'action', 'editComment'),
 (10, 'api', 'getModel'),
 (10, 'bug', 'activate'),
@@ -2576,6 +2625,7 @@ INSERT INTO `zt_grouppriv` (`group`, `module`, `method`) VALUES
 (10, 'my', 'profile'),
 (10, 'my', 'task'),
 (10, 'my', 'todo'),
+(10, 'my', 'unbind'),
 (10, 'product', 'browse'),
 (10, 'product', 'doc'),
 (10, 'product', 'dynamic'),

doc/CHANGELOG

@@ -1,3 +1,135 @@
+2015-11-13 7.4.beta
+完成的功能：
+1770 用户属性中的“加入时间”改成“入职时间”
+1696 把数据库缺少字段时候的报错记录到 tmp/php日志中。
+1749 统计-组织-员工负责表增加实际可用工作日天数选项
+1519 调整批量添加用户页面部门下拉列宽
+1630 统计-产品页面当所有产品都没有计划的时候也列出所有产品的列表信息
+1631 项目-版本提交测试自动同步版本所属产品信息
+1636 创建版本如果项目没有关联产品，出现一个关联页面的链接提示
+1640 调整统计报表功能的界面
+1695 需求和bug的关闭原因如果是重复的话显示重复的链接
+1697 bug的自定义模板检查重复逻辑调整
+1699 调整安装页面的首页
+1700 详情页面处理连续英文字符的内容
+1701 优化浏览器贴图的逻辑
+1711 产品增加类型设置
+1712 完成产品多分支的数据库设计
+1713 实现产品多分支的管理功能
+1714 实现产品分支的切换
+1715 可以为分支维护独立的模块
+1716 添加需求的时候可以选择分支或者平台
+1717 添加计划的时候可以选择分支或者平台
+1718 添加项目的时候可以选择产品的平台或者分支
+1719 为项目关联需求的时候检索逻辑调整
+1720 调整需求的研发阶段的计算逻辑
+1721 调整需求详情页面的研发阶段的展示
+1722 调整需求的发布的计算逻辑和显示
+1723 调整需求的等待关闭的的判断逻辑
+1724 为发布增加分支的管理
+1725 为bug增加分支管理
+1726 为用例增加分支管理
+1727 为版本增加分支管理
+1750 新增需求的时候产品列表不显示已关闭产品
+1752 项目创建任务的时候如果只关联一个产品的话，模块列表把产品去掉
+1756 发布增加停止维护操作
+1757 优化创建bug时候的版本检索逻辑
+1758 优化编辑bug时候版本的检索逻辑
+1759 优化创建bug时候的指派人列表功能
+1761 项目导入任务的时候可以选择显示所有可以导入的任务
+1769 发布的遗留bug改为手工关联
+1771 然之集成的时候可以提示用户进行绑定
+1772 一键安装包对路径的格式进行判断。
+1773 调整需求的创建页面
+1774 调整bug的创建页面
+1776 发信页面的sendcloud按钮样式调整下。
+1778 批量添加bug的时候把和需求相关的类型隐藏掉
+1779 计划需求列表页面增加转移计划的功能
+1780 计划关联需求的搜索结果页面增加排序功能和title提示
+1781 需求批量修改计划的时候只列最近的若干个，其他的搜索
+1782 按照计划搜索的时候，计划的下拉菜单更改其宽度
+1784 计划的需求列表页面的删除图标改为移除图标
+
+修复的BUG：
+748 后台->二次开发->编辑器->用户-> setMenu等 扩展 API 打不开
+749 如果用例比较多测试-版本下面用例列表显示时间会比较长
+751 搜索时表单展开时，导出下拉菜单弹出时被遮挡
+752 组织权限 产品视图出现2个同名权限
+753 组织-用户搜索没有隐藏现在不用的字段信息
+754 创建任务页面的抄送人员列表出现 closed
+756 后台-备份中设置只保留几天的备份功能只能删除过期的sql不能删除file文件
+757 发布检查是否重复的时候不要计算已经删除的发布
+758 邮件设置如果出错之后，button的状态没有解除
+
+2015-09-18 7.3.stable
+完成的功能：
+1632    需求、任务、bug、用例、文档的搜索功能的下拉框增加关键字快捷搜索功能
+1633    项目-需求页面增加分页功能
+1638    统计报表中的柱状图默认显示数值。
+1641    实现计划的批量编辑功能
+1642    编辑计划的时候把日期的快捷选择也加上
+1644    调整计划、版本和发布的界面
+1649    替换ke里面的swf上传漏洞
+1650    从bug转入的任务，直接增加bug的描述。
+1651    调整模块的复制功能
+1652    调整安装时候对session目录的提示
+1653    我的地盘里面的任务把基本的创建，指派，完成信息都列出来
+1654    项目的模块列表如果只有一个产品的时候隐藏产品名称
+1656    在需求详情页面也可以直接提交需求
+1657    团队里面已经删除的用户显示其用户名
+1659    调整bug重现步骤颜色的解析
+1660    修改代码中的版权提示时间
+1662    调整模块的折叠展开按钮的样式
+1665    调整组织动态浏览页面
+1666    调整组织视图里面的用户页面
+1667    调整组织视图待办页面
+1668    调整组织视图的日志页面
+1671    调整文档详情的展示样式
+1682    导入数据的时候给用户一个选择是全新导入，还是覆盖
+1685    附件表单默认改为显示一个
+1686    调整添加任务表单页面
+1687    调整需求的添加页面
+1688    调整bug的提交页面
+1689    调整用例添加页面
+1698    下拉菜单列出计划的时候将计划的起止时间也列出
+1702    需求批量编辑修改计划的时候保证计划下拉菜单显示在屏幕视野内
+1703    优化燃尽图在项目第一天的显示逻辑
+1705    燃尽图的日期可以斜着显示完整日期
+1731    发信配置可以设置发信人的名称
+1736    去掉guest帐号的退出系统日志。
+1737    解决bug的时候，指派给列表去掉删除的。
+1738    在然之里面解决一个bug的时候，会跳出然之的框架。
+1739    项目的bug页面增加导出功能。
+1740    调整禅道发信的格式
+1741    bug的检索标签增加一个待关闭的标签。
+1742    将禅道和然之的集成功能直接内置到禅道里面。
+1743    项目批量编辑的时候增加排序字段，可以方便用户进行排序。
+1744    计划详情页面右侧的历史记录 + 号不要换行。
+1745    完善后台计划任务的调度逻辑
+1746    系统内置计划任务的编辑功能。
+1747    燃尽图不用显示阴影。
+1751    用户登录之后再访问登录页面的话，跳转到首页
+1643    调整燃尽图功能
+1748    内置sendcoud的消息通知服务
+
+修复的BUG：
+674     继续为需求填写任务模块信息没有同步
+720     修改密码的时候密码框组件显示不对
+726     组织视图的待办用户列表把删除的去掉。
+729     创建任务页面抄送没有显示首字母用于快速定位
+730     需求详情页面点击创建用例模块信息没有带过去
+732     所有产品页面不能显示已关闭的产品
+733     任务详情的svndiff应该是看单个的文件。现在是把所有的都打开了。
+734     任务需求变更的时候的颜色丢失。
+735     转需求的bug不应该列在遗留bug里面。
+736     版本的产生bug逻辑有误
+737     项目的拖动排序失效。
+739     bug历史记录不能显示用户自定义的解决方案的中文名称
+740     项目-测试页面提交测试会列出已经删除的版本
+741     历史记录显示的操作记录不是保存在数据库中的新定义内容
+742     组织-权限-视图维护显示名称错误
+743     点击所有页面的产品名称进行排序会显示网址代码
+
 2015-05-22 7.2.stable
 完成的功能：
 727 	实现模块更换产品功能

doc/LICENSE

@@ -1,4 +1,4 @@
-Z PUBLIC LICENSE授权协议1.1
+Z PUBLIC LICENSE 1.2
 
 许可
 
@@ -8,7 +8,7 @@ Z PUBLIC LICENSE 由青岛易软天创网络科技有限公司（www.cnezsoft.co
 
 前言：
 
-禅道项目管理软件（以下简称该软件）由  青岛易软天创网络科技有限公司（www.cnezsoft.com）开发（以下简称我）。我依法拥有该软件的所有版权。
+禅道项目管理软件（以下简称该软件）由 青岛易软天创网络科技有限公司（www.cnezsoft.com）开发（以下简称我）。我依法拥有该软件的所有版权。
 本着共享开放的角度，我以开放源代码的形式发布该软件。您可以在遵守该协议的前提下使用该软件。
 自您安装该软件开始，您和我之间的合同关系自动成立。除非您停止使用该软件或与我有签署额外合同，
 您须认真遵循该授权协议约定的每一条款。
@@ -24,25 +24,25 @@ QQ：    1492153927
 
 下述条款中所指该软件的标志包括如下方面：
 
-该软件源代码及文档中关于该软件的版权提示、文字、图片和链接。
-该软件运行时界面上呈现出来的有关该软件的文字、图片和链接。
+    该软件源代码及文档中关于该软件的版权提示、文字、图片和链接。
+    该软件运行时界面上呈现出来的有关该软件的文字、图片和链接。
 
 不包括如下方面：
 
-该软件提供的演示数据中关于该软件的文字、图片和链接。
+    该软件提供的演示数据中关于该软件的文字、图片和链接。
 
 一、免责
 
 该软件是以开放源代码的方式发行，您使用该软件无需任何费用，因此在使用该软件前，您须知晓：
 
-1.1 我没有对该软件提供任何技术支持的义务，您可联系我购买商业的技术支持。
-1.2 我对因使用该软件而产生直接或间接的任何问题不负任何责任。
-1.3 开源不等于免费，开源不等于无版权，开源软件的发展需要您我共同的努力。
+  1.1 我没有对该软件提供任何技术支持的义务，您可联系我购买商业的技术支持。  
+  1.2 我对因使用该软件而产生直接或间接的任何问题不负任何责任。  
+  1.3 开源不等于免费，开源不等于无版权，开源软件的发展需要您我共同的努力。
 
 二、自用该软件
 
 2.1 您个人或您就职的公司（组织）可自由使用该软件，我不对您或您就职公司（组织）的性质做任何限制。
-2.2 您可以在您个人或您就职公司（组织）任意数量的电脑上运行该软件，我不对电脑的数量做任何限制。 
+2.2 您可以在您个人或您就职公司（组织）任意数量的电脑上运行该软件，我不对电脑的数量做任何限制。
 2.3 您可以对该软件源代码进行修改以适应您个人或您所在公司（组织）使用的要求，您做的改动无需对外发布。
 2.4 您个人或您就职公司（组织）使用该软件时，必须保留该软件的所有标志，不得以任何方式隐藏或遮掩任一标志。
 
@@ -72,19 +72,19 @@ QQ：    1492153927
 5.3 您在发布或者集成该软件的时候，不得对该软件源码做任何改动。
 5.4 您在发布或者集成该软件的时候，须保留该软件的所有标志。
 
-六、发布基于该软件的扩展
+六、发布基于该软件的衍生作品
 
-6.1 我欢迎并感谢您为该软件开发扩展。
-6.2 您开发的扩展中涉及到对该软件源代码改动的地方，须遵循如下条款：
+6.1 我欢迎并感谢您为该软件开发衍生作品。
+6.2 您开发的衍生作品中涉及到对该软件源代码改动的地方，须遵循如下条款：
 
-6.2.1 凡涉及到该软件源代码改动的地方，须提供源代码。
-6.2.2 凡涉及到该软件源代码改动的地方，须保留代码里面该软件原有的所有标志。
-6.2.3 您可以在代码中追加您自己的标志。
-6.2.4 第三方的用户可在遵循5.2所有条款下可继续在您开发的扩展基础上进行改动并发布。
-6.2.5 您可以对您开发的扩展进行收费。
+  6.2.1 如修改了该软件的源代码，须依据本协议发布修改后的源代码。 
+  6.2.2 如修改了该软件的源代码，须保留代码里面该软件原有的所有标志。 
+  6.2.3 您可以在代码中追加您自己的标志。 
+  6.2.4 您可以对您开发的衍生作品进行收费。  
+  6.2.5 第三方的用户可在遵循6.2所有条款下可继续在您开发的衍生作品基础上进行修改并发布。
 
-6.3 您开发的扩展中独立开发的代码，可以源代码或二进制的方式进行发布，可免费或收费发布。
-6.4 您开发的扩展不得以任何方式去除、隐藏或遮掩该软件的任一标志。
+6.3 您开发的衍生作品中独立于本软件开发的代码，可以源代码或二进制的方式进行发布，可免费或收费发布。
+6.4 您开发的衍生作品不得以任何方式去除、隐藏或遮掩该软件的任一标志。
 
 七、发布基于该软件API的应用
 
@@ -100,3 +100,106 @@ QQ：    1492153927
 九、合同约束
 
 9.1 如果您违反了该协议的任一条款，该授权协议将自动终止，我保留通过法律手段追究责任的权利。
+
+Z PUBLIC LICENSE 1.2
+
+Authorization
+
+Z PUBLIC LICENSE, also known as ZPL Agreement, is drafted by QingDao Nature Easy Soft Network Technology Co,LTD. (,www.cnezsoft.com).
+Anyone can use the agreement to publish open source software, and modify the blank underlined part of the following text of the agreement accordingly. 
+No other text of the agreement shall be changed. QingDao Nature Easy Soft Network Technology Co,LTD has the final authority to interpret the terms of the agreement.
+
+Preface
+
+ZenTaoPMS (Hereinafter referred to as "the software") developed by Nature EasySoft Network Tecnology Co.ltd, QingDao, China (www.cnezsoft.com) (hereinafter referred to I). I'm entitled to all copyright of the software. 
+The software is released as open source software. You are authorized to use the software as long as you are in compliance with this agreement. 
+By installation of the software, you agree that a contractual relationship between you and me is automatically established. 
+You are obliged to fully comply with all the terms of this agreement unless you choose to stop using the software or you have signed additional contracts with me.
+
+My Contact: 
+Contact: Mr. Xu
+Phone: 4006-8899-23
+Email: co@cnezsoft.com
+QQ:    1492153927
+Address:  Qingdao Development Zone, the Oriental Kenzo C 1106
+
+We agree: 
+
+Indications of the software include: 
+
+    Notes, texts, pictures and links showing copyright attribution of the software in the source code and related documentation.                                  
+    and texts, picture and links on the interface of the software when running.
+
+Excluding
+
+    texts, picture and links on the interface of the demo versions of the software.
+
+1. Disclaimer
+
+The software is an open-source software, so you are authorized to use the software without paying a fee. Before you start to use it, please note:
+
+  1.1 I do not have any obligation to provide technical support for the software. You can contact me to purchase technical support service.
+  1.2 I'm not responsible for any liability caused by your using the software directly or indirectly.
+  1.3 Open source software does not mean it's free of charge, neither does it mean the software does not enjoy copyright. 
+
+2. For personal use 
+
+2.1 You or your company/organization are authorized to use the software for your internal use for both commercial and non-commercial purposes..
+2.2 You or your company/organization are authorized to run the software on any number of computers.
+2.3 You or your company/organization are authorized to modify the source code of the software to meet your requirements. You do not need to release the modified codes.
+2.4 You or your company/organization must keep all the indications of the software when using it. None of the indications can be removed, hidden or obscured in any way.
+
+3. For customized software
+
+3.1 You are authorized to use the software to deploy various forms of application for your users in any way you like.
+3.2 You are authorized to use the software to deploy any number of applications for your users.
+3.3 You are authorized to modify the source code to meet your user's requirements without releasing the modified codes.
+3.4 You are authorized to provide the modified codes to your users in either source code form or binary. 
+3.5 You must keep all the indications of the software when providing applications to your users.
+3.6 None of the indications of the software may be removed, hidden or obscured in any way when you provide applications to your users. 
+
+4. Online service
+
+4.1 You are authorized to use the software to build your online service for your users in any way you like.
+4.2 You are authorized to use the software to build your online service for any number of your users.
+4.3 You are authorized to modify the source codes of the software to meet your user's requirements on online service without releasing the modified codes.
+4.4 You must notify your users clearly that your service is based on the software when you use it to build your online service.
+4.5 You must keep all the indications of the software when providing online service to your users.
+4.6 You must keep all the indications of the software in any application you make for your users. None of the indications can be hidden or obscured in any way.
+4.7 You are forbidden from assisting your users by providing tools for your users to remove, hide or obscure any indication of the software when you use the software to build your online service.
+
+5. Publish or integrate the software without modification 
+
+5.1 You are authorized to publish the software on your personal sites, corporate official website or other third-party sites.
+5.2 You are authorized to integrate the software  with other systems, such as cloud virtual machine images, operating system images and so on.
+5.3 Do not modify the source code of the software when you publish or integrate it.
+5.4 All indications of the software must be kept the same when you publish or integrate the software.
+
+6. Publish derived work based on the software
+
+6.1 You are authorized to develop derived work based on the software.
+6.2 The modified codes of the software in your derived work must follow the following terms:
+
+  6.2.1 The source codes must be released if you make any modification to the software.  
+  6.2.2 All indications of the software must be kept the same.  
+  6.2.3 You are entitled to add your indications to the modified codes.  
+  6.2.4 You are entitled to charge fees for the derived work you developed based on the software.  
+  6.2.5 You agree to authorize third party users to modify and release the derived work in compliance with 6.2.
+
+6.3 If the codes of the work are independently developed by yourself, You are authorized to release the work in either source code form or binary. You are entitled to charge your users or make it free.
+6.4 None of the indications of the software can be removed, hidden or obscured in any way in the derived work you developed.
+
+7. Publish applications based on API of the software
+
+7.1 You are authorized to develop your applications based on the API of the software, for example, client software.
+7.2 You are authorized to publish applications you developed based on the API in either source code form or binary.
+7.3 You are authorized to use your own license to release applications you developed based on the API. 
+7.4 You are entitled to release applications you developed based on the API either free or with a charge.
+
+8. Exceptions
+
+If the terms above do not meet your requirements when using the software, please contact me for a more flexible license.
+
+9. Termination
+
+9.1 Violation of any of the terms of the agreement will result in immediate termination of this license. I reserve all rights to take legal actions in case of dispute. 

framework/helper.class.php

@@ -4,7 +4,7 @@
  *
  * The author disclaims copyright to this source code.  In place of
  * a legal notice, here is a blessing:
- * 
+ *
  *  May you do good and not evil.
  *  May you find forgiveness for yourself and forgive others.
  *  May you share freely, never taking more than you give.
@@ -57,6 +57,7 @@ class helper
      * @param string       $methodName     method name
      * @param string|array $vars           the params passed to the method, can be array('key' => 'value') or key1=value1&key2=value2) or key1=value1&key2=value2
      * @param string       $viewType       the view type
+     * @param string       $onlybody       the view type
      * @static
      * @access public
      * @return string the link string.

framework/router.class.php

@@ -4,7 +4,7 @@
  *
  * The author disclaims copyright to this source code.  In place of
  * a legal notice, here is a blessing:
- * 
+ *
  *  May you do good and not evil.
  *  May you find forgiveness for yourself and forgive others.
  *  May you share freely, never taking more than you give.
@@ -12,7 +12,7 @@
 
 /**
  * The router class.
- * 
+ *
  * @package framework
  */
 class router
@@ -292,9 +292,9 @@ class router
         $this->setModuleRoot();
         $this->setThemeRoot();
 
-        $this->setSuperVars();
-
         $this->loadConfig('common');
+        $this->filterSuperVars();
+        $this->setSuperVars();
         $this->setDebug();
         $this->setErrorHandler();
 
@@ -468,6 +468,53 @@ class router
         $this->themeRoot = $this->appRoot . 'www' . $this->pathFix . 'theme' . $this->pathFix;
     }
 
+    /**
+     * Filter superVars.
+     * 
+     * @access public
+     * @return void
+     */
+    public function filterSuperVars()
+    {
+        if(!empty($_COOKIE))
+        {
+            foreach($_COOKIE as $cookieKey => $cookieValue)
+            {
+                if(preg_match('/[^a-zA-Z0-9_\.]/', $cookieKey)) unset($_COOKIE[$cookieKey]);
+                if(preg_match('/[^a-zA-Z0-9=_\|\- ,`+\/\.%\x7f-\xff]/', $cookieValue)) unset($_COOKIE[$cookieKey]);
+            }
+        }
+
+        if(!empty($_FILES))
+        {
+            foreach($_FILES as $varName => $files)
+            {
+                if(is_array($files['name']))
+                {
+                    foreach($files['name'] as $i => $fileName)
+                    {
+                        $extension = ltrim(strrchr($fileName, '.'), '.');
+                        if(strrpos($this->config->file->dangers, $extension) !== false)
+                        {
+                            foreach($files as $fileKey => $value)
+                            {
+                                unset($_FILES);
+                                break 2;
+                            }
+                        }
+                    }
+                }
+                else
+                {
+                    $extension = ltrim(strrchr($files['name'], '.'), '.');
+                    if(strrpos($this->config->file->dangers, $extension) !== false) unset($_FILES);
+                }
+            }
+        }
+        unset($_GLOBALS);
+        unset($_REQUEST);
+    }
+
     /**
      * Set the super vars.
      * 
@@ -1189,7 +1236,14 @@ class router
      */
     private function mergeParams($defaultParams, $passedParams)
     {
-        /* If the not strict mode, the keys of passed params and defaaul params msut be the same. */
+        /* Check params from URL. */
+        foreach($passedParams as $param => $value)
+        {
+            if(preg_match('/[^a-zA-Z0-9_\.]/', $param)) die('Bad Request!');
+            if(preg_match('/[^a-zA-Z0-9=_,`+\/\.%\|\x7f-\xff]/', trim($value))) die('Bad Request!');
+        }
+
+        /* If not strict mode, the keys of passed params and default params must be the same order. */
         if(!isset($this->config->strictParams) or $this->config->strictParams == false) 
         {
             unset($passedParams['onlybody']);

lib/api/api.class.php

@@ -3,7 +3,7 @@
  * The api library of zentaopms.
  *
  * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
- * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @license     ZPL (http://zpl.pub/page/zplv12.html)
  * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
  * @package     API
  * @version     $Id: api.class.php 4132 2013-01-18 02:30:05Z wwccss $

lib/dao/dao.class.php

@@ -4,7 +4,7 @@
  *
  * The author disclaims copyright to this source code.  In place of
  * a legal notice, here is a blessing:
- * 
+ *
  *  May you do good and not evil.
  *  May you find forgiveness for yourself and forgive others.
  *  May you share freely, never taking more than you give.
@@ -12,7 +12,7 @@
 
 /**
  * DAO, data access object.
- * 
+ *
  * @package framework
  */
 class dao
@@ -392,7 +392,8 @@ class dao
     /**
      * Set the data to update or insert.
      * 
-     * @param  object $data         the data object or array
+     * @param  object $data        the data object or array
+     * @param  object $skipFields  the fields to skip.
      * @access public
      * @return object the dao object self.
      */
@@ -427,6 +428,20 @@ class dao
         echo $this->processSQL();
     }
 
+    /**
+     * Explain sql. 
+     * 
+     * @param  string $sql 
+     * @access public
+     * @return void
+     */
+    public function explain($sql = '')
+    {
+        $sql    = empty($sql) ? $this->processSQL() : $sql;
+        $result = $this->dbh->query('explain ' . $sql)->fetch();
+        a($result);
+    }
+
     /**
      * Process the sql, replace the table, fields.
      * 
@@ -1227,6 +1242,7 @@ class sql
      * Join the data items by key = value.
      * 
      * @param  object $data 
+     * @param  string $skipFields   the fields to skip.
      * @access public
      * @return object the sql object.
      */
@@ -1236,14 +1252,14 @@ class sql
         if($skipFields) $skipFields = ',' . str_replace(' ', '', $skipFields) . ',';
 
         foreach($data as $field => $value)
-        {    
+        {
             if(!preg_match('|^\w+$|', $field)) 
-            {    
+            {
                 unset($data->$field);
                 continue;
-            }    
+            }
             if(strpos($skipFields, ",$field,") !== false) continue;
-            $this->sql .= "`$field` = " . $this->quote($value) . ','; 
+            $this->sql .= "`$field` = " . $this->quote($value) . ',';
         }
 
         $this->data = $data;
@@ -1260,6 +1276,7 @@ class sql
      */
     public function markLeft($count = 1)
     {
+        if($this->inCondition and !$this->conditionIsTrue) return $this;
         $this->sql .= str_repeat('(', $count);
         return $this;
     }
@@ -1273,6 +1290,7 @@ class sql
      */
     public function markRight($count = 1)
     {
+        if($this->inCondition and !$this->conditionIsTrue) return $this;
         $this->sql .= str_repeat(')', $count);
         return $this;
     }

lib/date/date.class.php

@@ -3,7 +3,7 @@
  * The date library of zentaopms.
  *
  * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
- * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @license     ZPL (http://zpl.pub/page/zplv12.html)
  * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
  * @package     Date
  * @version     $Id: date.class.php 2605 2013-01-09 07:22:58Z wwccss $

lib/filter/filter.class.php

@@ -316,6 +316,19 @@ class validater
         if(!is_array($value)) $value = explode(',', $value);
         return in_array($var, $value);
     }
+   
+    /**
+     * Check file name.
+     * 
+     * @param  string    $var 
+     * @static
+     * @access public
+     * @return bool
+     */
+    public static function checkFileName($var)
+    {
+        return !preg_match('/>+|:+|<+/', $var);
+    }
 
     /**
      * Call a function to check it.
@@ -515,12 +528,24 @@ class fixer
      */
     public function stripTags($fieldName, $allowedTags)
     {
+        global $app;
+        $app->loadClass('purifier', true);
+        $config = HTMLPurifier_Config::createDefault();
+        $config->set('Filter.YouTube', 1);
+
+        /* Disable caching. */
+        $config->set('Cache.DefinitionImpl', null);
+
+        $purifier = new HTMLPurifier($config);
+        $def = $config->getHTMLDefinition(true);
+        $def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
+
         $fields = $this->processFields($fieldName);
         foreach($fields as $fieldName)
         {
             if(version_compare(phpversion(), '5.4', '<') and get_magic_quotes_gpc()) $this->data->$fieldName = stripslashes($this->data->$fieldName);
 
-            if(!in_array($fieldName, $this->stripedFields)) $this->data->$fieldName = strip_tags($this->data->$fieldName, $allowedTags);
+            if(!in_array($fieldName, $this->stripedFields)) $this->data->$fieldName = $purifier->purify($this->data->$fieldName);
             $this->stripedFields[] = $fieldName;
         }
         return $this;

lib/front/front.class.php

@@ -267,7 +267,7 @@ class html
      * @param  boolean $checked if the type is checkbox, set the checked attribute.
      * @return string
      */
-    static public function selectAll($scope = "", $type = "button", $checked = false)
+    static public function selectAll($scope = "", $type = "button", $checked = false, $class = '')
     {
         $string = <<<EOT
 <script>
@@ -324,7 +324,7 @@ EOT;
         }
         elseif($type == 'button')
         {
-            $string .= "<input type='button' name='allchecker' id='allchecker' class='btn btn-select-all' value='{$lang->selectAll}' onclick='selectAll(this, \"$scope\", \"$type\")' />";
+            $string .= "<input type='button' name='allchecker' id='allchecker' class='btn btn-select-all $class' value='{$lang->selectAll}' onclick='selectAll(this, \"$scope\", \"$type\")' />";
         }
 
         return  $string;

lib/phpmailer/phpmailer.class.php

@@ -451,7 +451,7 @@ class PHPMailer {
    */
   private function AddAnAddress($kind, $address, $name = '') {
     if (!preg_match('/^(to|cc|bcc|ReplyTo)$/', $kind)) {
-      echo 'Invalid recipient array: ' . kind;
+      echo 'Invalid recipient array: ' . $kind;
       return false;
     }
     $address = trim($address);

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php

@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Converts HTMLPurifier_ConfigSchema_Interchange to our runtime
+ * representation used to perform checks on user configuration.
+ */
+class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
+{
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @return HTMLPurifier_ConfigSchema
+     */
+    public function build($interchange)
+    {
+        $schema = new HTMLPurifier_ConfigSchema();
+        foreach ($interchange->directives as $d) {
+            $schema->add(
+                $d->id->key,
+                $d->default,
+                $d->type,
+                $d->typeAllowsNull
+            );
+            if ($d->allowed !== null) {
+                $schema->addAllowedValues(
+                    $d->id->key,
+                    $d->allowed
+                );
+            }
+            foreach ($d->aliases as $alias) {
+                $schema->addAlias(
+                    $alias->key,
+                    $d->id->key
+                );
+            }
+            if ($d->valueAliases !== null) {
+                $schema->addValueAliases(
+                    $d->id->key,
+                    $d->valueAliases
+                );
+            }
+        }
+        $schema->postProcess();
+        return $schema;
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php

@@ -0,0 +1,144 @@
+<?php
+
+/**
+ * Converts HTMLPurifier_ConfigSchema_Interchange to an XML format,
+ * which can be further processed to generate documentation.
+ */
+class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
+{
+
+    /**
+     * @type HTMLPurifier_ConfigSchema_Interchange
+     */
+    protected $interchange;
+
+    /**
+     * @type string
+     */
+    private $namespace;
+
+    /**
+     * @param string $html
+     */
+    protected function writeHTMLDiv($html)
+    {
+        $this->startElement('div');
+
+        $purifier = HTMLPurifier::getInstance();
+        $html = $purifier->purify($html);
+        $this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
+        $this->writeRaw($html);
+
+        $this->endElement(); // div
+    }
+
+    /**
+     * @param mixed $var
+     * @return string
+     */
+    protected function export($var)
+    {
+        if ($var === array()) {
+            return 'array()';
+        }
+        return var_export($var, true);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     */
+    public function build($interchange)
+    {
+        // global access, only use as last resort
+        $this->interchange = $interchange;
+
+        $this->setIndent(true);
+        $this->startDocument('1.0', 'UTF-8');
+        $this->startElement('configdoc');
+        $this->writeElement('title', $interchange->name);
+
+        foreach ($interchange->directives as $directive) {
+            $this->buildDirective($directive);
+        }
+
+        if ($this->namespace) {
+            $this->endElement();
+        } // namespace
+
+        $this->endElement(); // configdoc
+        $this->flush();
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+     */
+    public function buildDirective($directive)
+    {
+        // Kludge, although I suppose having a notion of a "root namespace"
+        // certainly makes things look nicer when documentation is built.
+        // Depends on things being sorted.
+        if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
+            if ($this->namespace) {
+                $this->endElement();
+            } // namespace
+            $this->namespace = $directive->id->getRootNamespace();
+            $this->startElement('namespace');
+            $this->writeAttribute('id', $this->namespace);
+            $this->writeElement('name', $this->namespace);
+        }
+
+        $this->startElement('directive');
+        $this->writeAttribute('id', $directive->id->toString());
+
+        $this->writeElement('name', $directive->id->getDirective());
+
+        $this->startElement('aliases');
+        foreach ($directive->aliases as $alias) {
+            $this->writeElement('alias', $alias->toString());
+        }
+        $this->endElement(); // aliases
+
+        $this->startElement('constraints');
+        if ($directive->version) {
+            $this->writeElement('version', $directive->version);
+        }
+        $this->startElement('type');
+        if ($directive->typeAllowsNull) {
+            $this->writeAttribute('allow-null', 'yes');
+        }
+        $this->text($directive->type);
+        $this->endElement(); // type
+        if ($directive->allowed) {
+            $this->startElement('allowed');
+            foreach ($directive->allowed as $value => $x) {
+                $this->writeElement('value', $value);
+            }
+            $this->endElement(); // allowed
+        }
+        $this->writeElement('default', $this->export($directive->default));
+        $this->writeAttribute('xml:space', 'preserve');
+        if ($directive->external) {
+            $this->startElement('external');
+            foreach ($directive->external as $project) {
+                $this->writeElement('project', $project);
+            }
+            $this->endElement();
+        }
+        $this->endElement(); // constraints
+
+        if ($directive->deprecatedVersion) {
+            $this->startElement('deprecated');
+            $this->writeElement('version', $directive->deprecatedVersion);
+            $this->writeElement('use', $directive->deprecatedUse->toString());
+            $this->endElement(); // deprecated
+        }
+
+        $this->startElement('description');
+        $this->writeHTMLDiv($directive->description);
+        $this->endElement(); // description
+
+        $this->endElement(); // directive
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Exception.php

@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * Exceptions related to configuration schema
+ */
+class HTMLPurifier_ConfigSchema_Exception extends HTMLPurifier_Exception
+{
+
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php

@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * Generic schema interchange format that can be converted to a runtime
+ * representation (HTMLPurifier_ConfigSchema) or HTML documentation. Members
+ * are completely validated.
+ */
+class HTMLPurifier_ConfigSchema_Interchange
+{
+
+    /**
+     * Name of the application this schema is describing.
+     * @type string
+     */
+    public $name;
+
+    /**
+     * Array of Directive ID => array(directive info)
+     * @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
+     */
+    public $directives = array();
+
+    /**
+     * Adds a directive array to $directives
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function addDirective($directive)
+    {
+        if (isset($this->directives[$i = $directive->id->toString()])) {
+            throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
+        }
+        $this->directives[$i] = $directive;
+    }
+
+    /**
+     * Convenience function to perform standard validation. Throws exception
+     * on failed validation.
+     */
+    public function validate()
+    {
+        $validator = new HTMLPurifier_ConfigSchema_Validator();
+        return $validator->validate($this);
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php

@@ -0,0 +1,89 @@
+<?php
+
+/**
+ * Interchange component class describing configuration directives.
+ */
+class HTMLPurifier_ConfigSchema_Interchange_Directive
+{
+
+    /**
+     * ID of directive.
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public $id;
+
+    /**
+     * Type, e.g. 'integer' or 'istring'.
+     * @type string
+     */
+    public $type;
+
+    /**
+     * Default value, e.g. 3 or 'DefaultVal'.
+     * @type mixed
+     */
+    public $default;
+
+    /**
+     * HTML description.
+     * @type string
+     */
+    public $description;
+
+    /**
+     * Whether or not null is allowed as a value.
+     * @type bool
+     */
+    public $typeAllowsNull = false;
+
+    /**
+     * Lookup table of allowed scalar values.
+     * e.g. array('allowed' => true).
+     * Null if all values are allowed.
+     * @type array
+     */
+    public $allowed;
+
+    /**
+     * List of aliases for the directive.
+     * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id[]
+     */
+    public $aliases = array();
+
+    /**
+     * Hash of value aliases, e.g. array('alt' => 'real'). Null if value
+     * aliasing is disabled (necessary for non-scalar types).
+     * @type array
+     */
+    public $valueAliases;
+
+    /**
+     * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
+     * Null if the directive has always existed.
+     * @type string
+     */
+    public $version;
+
+    /**
+     * ID of directive that supercedes this old directive.
+     * Null if not deprecated.
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public $deprecatedUse;
+
+    /**
+     * Version of HTML Purifier this directive was deprecated. Null if not
+     * deprecated.
+     * @type string
+     */
+    public $deprecatedVersion;
+
+    /**
+     * List of external projects this directive depends on, e.g. array('CSSTidy').
+     * @type array
+     */
+    public $external = array();
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php

@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Represents a directive ID in the interchange format.
+ */
+class HTMLPurifier_ConfigSchema_Interchange_Id
+{
+
+    /**
+     * @type string
+     */
+    public $key;
+
+    /**
+     * @param string $key
+     */
+    public function __construct($key)
+    {
+        $this->key = $key;
+    }
+
+    /**
+     * @return string
+     * @warning This is NOT magic, to ensure that people don't abuse SPL and
+     *          cause problems for PHP 5.0 support.
+     */
+    public function toString()
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return string
+     */
+    public function getRootNamespace()
+    {
+        return substr($this->key, 0, strpos($this->key, "."));
+    }
+
+    /**
+     * @return string
+     */
+    public function getDirective()
+    {
+        return substr($this->key, strpos($this->key, ".") + 1);
+    }
+
+    /**
+     * @param string $id
+     * @return HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public static function make($id)
+    {
+        return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php

@@ -0,0 +1,226 @@
+<?php
+
+class HTMLPurifier_ConfigSchema_InterchangeBuilder
+{
+
+    /**
+     * Used for processing DEFAULT, nothing else.
+     * @type HTMLPurifier_VarParser
+     */
+    protected $varParser;
+
+    /**
+     * @param HTMLPurifier_VarParser $varParser
+     */
+    public function __construct($varParser = null)
+    {
+        $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
+    }
+
+    /**
+     * @param string $dir
+     * @return HTMLPurifier_ConfigSchema_Interchange
+     */
+    public static function buildFromDirectory($dir = null)
+    {
+        $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
+        $interchange = new HTMLPurifier_ConfigSchema_Interchange();
+        return $builder->buildDir($interchange, $dir);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param string $dir
+     * @return HTMLPurifier_ConfigSchema_Interchange
+     */
+    public function buildDir($interchange, $dir = null)
+    {
+        if (!$dir) {
+            $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
+        }
+        if (file_exists($dir . '/info.ini')) {
+            $info = parse_ini_file($dir . '/info.ini');
+            $interchange->name = $info['name'];
+        }
+
+        $files = array();
+        $dh = opendir($dir);
+        while (false !== ($file = readdir($dh))) {
+            if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
+                continue;
+            }
+            $files[] = $file;
+        }
+        closedir($dh);
+
+        sort($files);
+        foreach ($files as $file) {
+            $this->buildFile($interchange, $dir . '/' . $file);
+        }
+        return $interchange;
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param string $file
+     */
+    public function buildFile($interchange, $file)
+    {
+        $parser = new HTMLPurifier_StringHashParser();
+        $this->build(
+            $interchange,
+            new HTMLPurifier_StringHash($parser->parseFile($file))
+        );
+    }
+
+    /**
+     * Builds an interchange object based on a hash.
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
+     * @param HTMLPurifier_StringHash $hash source data
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function build($interchange, $hash)
+    {
+        if (!$hash instanceof HTMLPurifier_StringHash) {
+            $hash = new HTMLPurifier_StringHash($hash);
+        }
+        if (!isset($hash['ID'])) {
+            throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
+        }
+        if (strpos($hash['ID'], '.') === false) {
+            if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
+                $hash->offsetGet('DESCRIPTION'); // prevent complaining
+            } else {
+                throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
+            }
+        } else {
+            $this->buildDirective($interchange, $hash);
+        }
+        $this->_findUnused($hash);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param HTMLPurifier_StringHash $hash
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function buildDirective($interchange, $hash)
+    {
+        $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
+
+        // These are required elements:
+        $directive->id = $this->id($hash->offsetGet('ID'));
+        $id = $directive->id->toString(); // convenience
+
+        if (isset($hash['TYPE'])) {
+            $type = explode('/', $hash->offsetGet('TYPE'));
+            if (isset($type[1])) {
+                $directive->typeAllowsNull = true;
+            }
+            $directive->type = $type[0];
+        } else {
+            throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
+        }
+
+        if (isset($hash['DEFAULT'])) {
+            try {
+                $directive->default = $this->varParser->parse(
+                    $hash->offsetGet('DEFAULT'),
+                    $directive->type,
+                    $directive->typeAllowsNull
+                );
+            } catch (HTMLPurifier_VarParserException $e) {
+                throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
+            }
+        }
+
+        if (isset($hash['DESCRIPTION'])) {
+            $directive->description = $hash->offsetGet('DESCRIPTION');
+        }
+
+        if (isset($hash['ALLOWED'])) {
+            $directive->allowed = $this->lookup($this->evalArray($hash->offsetGet('ALLOWED')));
+        }
+
+        if (isset($hash['VALUE-ALIASES'])) {
+            $directive->valueAliases = $this->evalArray($hash->offsetGet('VALUE-ALIASES'));
+        }
+
+        if (isset($hash['ALIASES'])) {
+            $raw_aliases = trim($hash->offsetGet('ALIASES'));
+            $aliases = preg_split('/\s*,\s*/', $raw_aliases);
+            foreach ($aliases as $alias) {
+                $directive->aliases[] = $this->id($alias);
+            }
+        }
+
+        if (isset($hash['VERSION'])) {
+            $directive->version = $hash->offsetGet('VERSION');
+        }
+
+        if (isset($hash['DEPRECATED-USE'])) {
+            $directive->deprecatedUse = $this->id($hash->offsetGet('DEPRECATED-USE'));
+        }
+
+        if (isset($hash['DEPRECATED-VERSION'])) {
+            $directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
+        }
+
+        if (isset($hash['EXTERNAL'])) {
+            $directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
+        }
+
+        $interchange->addDirective($directive);
+    }
+
+    /**
+     * Evaluates an array PHP code string without array() wrapper
+     * @param string $contents
+     */
+    protected function evalArray($contents)
+    {
+        return eval('return array(' . $contents . ');');
+    }
+
+    /**
+     * Converts an array list into a lookup array.
+     * @param array $array
+     * @return array
+     */
+    protected function lookup($array)
+    {
+        $ret = array();
+        foreach ($array as $val) {
+            $ret[$val] = true;
+        }
+        return $ret;
+    }
+
+    /**
+     * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
+     * object based on a string Id.
+     * @param string $id
+     * @return HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    protected function id($id)
+    {
+        return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
+    }
+
+    /**
+     * Triggers errors for any unused keys passed in the hash; such keys
+     * may indicate typos, missing values, etc.
+     * @param HTMLPurifier_StringHash $hash Hash to check.
+     */
+    protected function _findUnused($hash)
+    {
+        $accessed = $hash->getAccessed();
+        foreach ($hash as $k => $v) {
+            if (!isset($accessed[$k])) {
+                trigger_error("String hash key '$k' not used by builder", E_USER_NOTICE);
+            }
+        }
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/Validator.php

@@ -0,0 +1,248 @@
+<?php
+
+/**
+ * Performs validations on HTMLPurifier_ConfigSchema_Interchange
+ *
+ * @note If you see '// handled by InterchangeBuilder', that means a
+ *       design decision in that class would prevent this validation from
+ *       ever being necessary. We have them anyway, however, for
+ *       redundancy.
+ */
+class HTMLPurifier_ConfigSchema_Validator
+{
+
+    /**
+     * @type HTMLPurifier_ConfigSchema_Interchange
+     */
+    protected $interchange;
+
+    /**
+     * @type array
+     */
+    protected $aliases;
+
+    /**
+     * Context-stack to provide easy to read error messages.
+     * @type array
+     */
+    protected $context = array();
+
+    /**
+     * to test default's type.
+     * @type HTMLPurifier_VarParser
+     */
+    protected $parser;
+
+    public function __construct()
+    {
+        $this->parser = new HTMLPurifier_VarParser();
+    }
+
+    /**
+     * Validates a fully-formed interchange object.
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @return bool
+     */
+    public function validate($interchange)
+    {
+        $this->interchange = $interchange;
+        $this->aliases = array();
+        // PHP is a bit lax with integer <=> string conversions in
+        // arrays, so we don't use the identical !== comparison
+        foreach ($interchange->directives as $i => $directive) {
+            $id = $directive->id->toString();
+            if ($i != $id) {
+                $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
+            }
+            $this->validateDirective($directive);
+        }
+        return true;
+    }
+
+    /**
+     * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Id $id
+     */
+    public function validateId($id)
+    {
+        $id_string = $id->toString();
+        $this->context[] = "id '$id_string'";
+        if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
+            // handled by InterchangeBuilder
+            $this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
+        }
+        // keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
+        // we probably should check that it has at least one namespace
+        $this->with($id, 'key')
+            ->assertNotEmpty()
+            ->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
+        array_pop($this->context);
+    }
+
+    /**
+     * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirective($d)
+    {
+        $id = $d->id->toString();
+        $this->context[] = "directive '$id'";
+        $this->validateId($d->id);
+
+        $this->with($d, 'description')
+            ->assertNotEmpty();
+
+        // BEGIN - handled by InterchangeBuilder
+        $this->with($d, 'type')
+            ->assertNotEmpty();
+        $this->with($d, 'typeAllowsNull')
+            ->assertIsBool();
+        try {
+            // This also tests validity of $d->type
+            $this->parser->parse($d->default, $d->type, $d->typeAllowsNull);
+        } catch (HTMLPurifier_VarParserException $e) {
+            $this->error('default', 'had error: ' . $e->getMessage());
+        }
+        // END - handled by InterchangeBuilder
+
+        if (!is_null($d->allowed) || !empty($d->valueAliases)) {
+            // allowed and valueAliases require that we be dealing with
+            // strings, so check for that early.
+            $d_int = HTMLPurifier_VarParser::$types[$d->type];
+            if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
+                $this->error('type', 'must be a string type when used with allowed or value aliases');
+            }
+        }
+
+        $this->validateDirectiveAllowed($d);
+        $this->validateDirectiveValueAliases($d);
+        $this->validateDirectiveAliases($d);
+
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $allowed member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveAllowed($d)
+    {
+        if (is_null($d->allowed)) {
+            return;
+        }
+        $this->with($d, 'allowed')
+            ->assertNotEmpty()
+            ->assertIsLookup(); // handled by InterchangeBuilder
+        if (is_string($d->default) && !isset($d->allowed[$d->default])) {
+            $this->error('default', 'must be an allowed value');
+        }
+        $this->context[] = 'allowed';
+        foreach ($d->allowed as $val => $x) {
+            if (!is_string($val)) {
+                $this->error("value $val", 'must be a string');
+            }
+        }
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $valueAliases member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveValueAliases($d)
+    {
+        if (is_null($d->valueAliases)) {
+            return;
+        }
+        $this->with($d, 'valueAliases')
+            ->assertIsArray(); // handled by InterchangeBuilder
+        $this->context[] = 'valueAliases';
+        foreach ($d->valueAliases as $alias => $real) {
+            if (!is_string($alias)) {
+                $this->error("alias $alias", 'must be a string');
+            }
+            if (!is_string($real)) {
+                $this->error("alias target $real from alias '$alias'", 'must be a string');
+            }
+            if ($alias === $real) {
+                $this->error("alias '$alias'", "must not be an alias to itself");
+            }
+        }
+        if (!is_null($d->allowed)) {
+            foreach ($d->valueAliases as $alias => $real) {
+                if (isset($d->allowed[$alias])) {
+                    $this->error("alias '$alias'", 'must not be an allowed value');
+                } elseif (!isset($d->allowed[$real])) {
+                    $this->error("alias '$alias'", 'must be an alias to an allowed value');
+                }
+            }
+        }
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $aliases member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveAliases($d)
+    {
+        $this->with($d, 'aliases')
+            ->assertIsArray(); // handled by InterchangeBuilder
+        $this->context[] = 'aliases';
+        foreach ($d->aliases as $alias) {
+            $this->validateId($alias);
+            $s = $alias->toString();
+            if (isset($this->interchange->directives[$s])) {
+                $this->error("alias '$s'", 'collides with another directive');
+            }
+            if (isset($this->aliases[$s])) {
+                $other_directive = $this->aliases[$s];
+                $this->error("alias '$s'", "collides with alias for directive '$other_directive'");
+            }
+            $this->aliases[$s] = $d->id->toString();
+        }
+        array_pop($this->context);
+    }
+
+    // protected helper functions
+
+    /**
+     * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
+     * for validating simple member variables of objects.
+     * @param $obj
+     * @param $member
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    protected function with($obj, $member)
+    {
+        return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
+    }
+
+    /**
+     * Emits an error, providing helpful context.
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    protected function error($target, $msg)
+    {
+        if ($target !== false) {
+            $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
+        } else {
+            $prefix = ucfirst($this->getFormattedContext());
+        }
+        throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
+    }
+
+    /**
+     * Returns a formatted context string.
+     * @return string
+     */
+    protected function getFormattedContext()
+    {
+        return implode(' in ', array_reverse($this->context));
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php

@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * Fluent interface for validating the contents of member variables.
+ * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for
+ * use-cases. We name this an 'atom' because it's ONLY for validations that
+ * are independent and usually scalar.
+ */
+class HTMLPurifier_ConfigSchema_ValidatorAtom
+{
+    /**
+     * @type string
+     */
+    protected $context;
+
+    /**
+     * @type object
+     */
+    protected $obj;
+
+    /**
+     * @type string
+     */
+    protected $member;
+
+    /**
+     * @type mixed
+     */
+    protected $contents;
+
+    public function __construct($context, $obj, $member)
+    {
+        $this->context = $context;
+        $this->obj = $obj;
+        $this->member = $member;
+        $this->contents =& $obj->$member;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsString()
+    {
+        if (!is_string($this->contents)) {
+            $this->error('must be a string');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsBool()
+    {
+        if (!is_bool($this->contents)) {
+            $this->error('must be a boolean');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsArray()
+    {
+        if (!is_array($this->contents)) {
+            $this->error('must be an array');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertNotNull()
+    {
+        if ($this->contents === null) {
+            $this->error('must not be null');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertAlnum()
+    {
+        $this->assertIsString();
+        if (!ctype_alnum($this->contents)) {
+            $this->error('must be alphanumeric');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertNotEmpty()
+    {
+        if (empty($this->contents)) {
+            $this->error('must not be empty');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsLookup()
+    {
+        $this->assertIsArray();
+        foreach ($this->contents as $v) {
+            if ($v !== true) {
+                $this->error('must be a lookup array');
+            }
+        }
+        return $this;
+    }
+
+    /**
+     * @param string $msg
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    protected function error($msg)
+    {
+        throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
+    }
+}
+
+// vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt

@@ -0,0 +1,8 @@
+Attr.AllowedClasses
+TYPE: lookup/null
+VERSION: 4.0.0
+DEFAULT: null
+--DESCRIPTION--
+List of allowed class values in the class attribute. By default, this is null,
+which means all classes are allowed.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt

@@ -0,0 +1,12 @@
+Attr.AllowedFrameTargets
+TYPE: lookup
+DEFAULT: array()
+--DESCRIPTION--
+Lookup table of all allowed link frame targets.  Some commonly used link
+targets include _blank, _self, _parent and _top. Values should be
+lowercase, as validation will be done in a case-sensitive manner despite
+W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
+so this directive will have no effect in that doctype. XHTML 1.1 does not
+enable the Target module by default, you will have to manually enable it
+(see the module documentation for more details.)
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt

@@ -0,0 +1,9 @@
+Attr.AllowedRel
+TYPE: lookup
+VERSION: 1.6.0
+DEFAULT: array()
+--DESCRIPTION--
+List of allowed forward document relationships in the rel attribute. Common
+values may be nofollow or print. By default, this is empty, meaning that no
+document relationships are allowed.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt

@@ -0,0 +1,9 @@
+Attr.AllowedRev
+TYPE: lookup
+VERSION: 1.6.0
+DEFAULT: array()
+--DESCRIPTION--
+List of allowed reverse document relationships in the rev attribute. This
+attribute is a bit of an edge-case; if you don't know what it is for, stay
+away.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt

@@ -0,0 +1,19 @@
+Attr.ClassUseCDATA
+TYPE: bool/null
+DEFAULT: null
+VERSION: 4.0.0
+--DESCRIPTION--
+If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
+XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
+it will use a relaxed CDATA definition.  If true, the relaxed CDATA definition
+is forced; if false, the NMTOKENS definition is forced.  To get behavior
+of HTML Purifier prior to 4.0.0, set this directive to false.
+
+Some rational behind the auto-detection:
+in previous versions of HTML Purifier, it was assumed that the form of
+class was NMTOKENS, as specified by the XHTML Modularization (representing
+XHTML 1.1 and XHTML 2.0).  The DTDs for HTML 4.01 and XHTML 1.0, however
+specify class as CDATA.  HTML 5 effectively defines it as CDATA, but
+with the additional constraint that each name should be unique (this is not
+explicitly outlined in previous specifications).
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt

@@ -0,0 +1,11 @@
+Attr.DefaultImageAlt
+TYPE: string/null
+DEFAULT: null
+VERSION: 3.2.0
+--DESCRIPTION--
+This is the content of the alt tag of an image if the user had not
+previously specified an alt attribute.  This applies to all images without
+a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which
+only applies to invalid images, and overrides in the case of an invalid image.
+Default behavior with null is to use the basename of the src tag for the alt.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt

@@ -0,0 +1,9 @@
+Attr.DefaultInvalidImage
+TYPE: string
+DEFAULT: ''
+--DESCRIPTION--
+This is the default image an img tag will be pointed to if it does not have
+a valid src attribute.  In future versions, we may allow the image tag to
+be removed completely, but due to design issues, this is not possible right
+now.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt

@@ -0,0 +1,8 @@
+Attr.DefaultInvalidImageAlt
+TYPE: string
+DEFAULT: 'Invalid image'
+--DESCRIPTION--
+This is the content of the alt tag of an invalid image if the user had not
+previously specified an alt attribute.  It has no effect when the image is
+valid but there was no alt attribute present.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt

@@ -0,0 +1,10 @@
+Attr.DefaultTextDir
+TYPE: string
+DEFAULT: 'ltr'
+--DESCRIPTION--
+Defines the default text direction (ltr or rtl) of the document being
+parsed.  This generally is the same as the value of the dir attribute in
+HTML, or ltr if that is not specified.
+--ALLOWED--
+'ltr', 'rtl'
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt

@@ -0,0 +1,16 @@
+Attr.EnableID
+TYPE: bool
+DEFAULT: false
+VERSION: 1.2.0
+--DESCRIPTION--
+Allows the ID attribute in HTML.  This is disabled by default due to the
+fact that without proper configuration user input can easily break the
+validation of a webpage by specifying an ID that is already on the
+surrounding HTML.  If you don't mind throwing caution to the wind, enable
+this directive, but I strongly recommend you also consider blacklisting IDs
+you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
+(%Attr.IDPrefix).  When set to true HTML Purifier reverts to the behavior of
+pre-1.2.0 versions.
+--ALIASES--
+HTML.EnableAttrID
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt

@@ -0,0 +1,8 @@
+Attr.ForbiddenClasses
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array()
+--DESCRIPTION--
+List of forbidden class values in the class attribute. By default, this is
+empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt

@@ -0,0 +1,5 @@
+Attr.IDBlacklist
+TYPE: list
+DEFAULT: array()
+DESCRIPTION: Array of IDs not allowed in the document.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt

@@ -0,0 +1,9 @@
+Attr.IDBlacklistRegexp
+TYPE: string/null
+VERSION: 1.6.0
+DEFAULT: NULL
+--DESCRIPTION--
+PCRE regular expression to be matched against all IDs. If the expression is
+matches, the ID is rejected. Use this with care: may cause significant
+degradation. ID matching is done after all other validation.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt

@@ -0,0 +1,12 @@
+Attr.IDPrefix
+TYPE: string
+VERSION: 1.2.0
+DEFAULT: ''
+--DESCRIPTION--
+String to prefix to IDs.  If you have no idea what IDs your pages may use,
+you may opt to simply add a prefix to all user-submitted ID attributes so
+that they are still usable, but will not conflict with core page IDs.
+Example: setting the directive to 'user_' will result in a user submitted
+'foo' to become 'user_foo'  Be sure to set %HTML.EnableAttrID to true
+before using this.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt

@@ -0,0 +1,14 @@
+Attr.IDPrefixLocal
+TYPE: string
+VERSION: 1.2.0
+DEFAULT: ''
+--DESCRIPTION--
+Temporary prefix for IDs used in conjunction with %Attr.IDPrefix.  If you
+need to allow multiple sets of user content on web page, you may need to
+have a seperate prefix that changes with each iteration.  This way,
+seperately submitted user content displayed on the same page doesn't
+clobber each other. Ideal values are unique identifiers for the content it
+represents (i.e. the id of the row in the database). Be sure to add a
+seperator (like an underscore) at the end.  Warning: this directive will
+not work unless %Attr.IDPrefix is set to a non-empty value!
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt

@@ -0,0 +1,31 @@
+AutoFormat.AutoParagraph
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  This directive turns on auto-paragraphing, where double newlines are
+  converted in to paragraphs whenever possible. Auto-paragraphing:
+</p>
+<ul>
+  <li>Always applies to inline elements or text in the root node,</li>
+  <li>Applies to inline elements or text with double newlines in nodes
+      that allow paragraph tags,</li>
+  <li>Applies to double newlines in paragraph tags</li>
+</ul>
+<p>
+  <code>p</code> tags must be allowed for this directive to take effect.
+  We do not use <code>br</code> tags for paragraphing, as that is
+  semantically incorrect.
+</p>
+<p>
+  To prevent auto-paragraphing as a content-producer, refrain from using
+  double-newlines except to specify a new paragraph or in contexts where
+  it has special meaning (whitespace usually has no meaning except in
+  tags like <code>pre</code>, so this should not be difficult.) To prevent
+  the paragraphing of inline text adjacent to block elements, wrap them
+  in <code>div</code> tags (the behavior is slightly different outside of
+  the root node.)
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt

@@ -0,0 +1,12 @@
+AutoFormat.Custom
+TYPE: list
+VERSION: 2.0.1
+DEFAULT: array()
+--DESCRIPTION--
+
+<p>
+  This directive can be used to add custom auto-format injectors.
+  Specify an array of injector names (class name minus the prefix)
+  or concrete implementations. Injector class must exist.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt

@@ -0,0 +1,11 @@
+AutoFormat.DisplayLinkURI
+TYPE: bool
+VERSION: 3.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  This directive turns on the in-text display of URIs in &lt;a&gt; tags, and disables
+  those links. For example, <a href="http://example.com">example</a> becomes
+  example (<a>http://example.com</a>).
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt

@@ -0,0 +1,12 @@
+AutoFormat.Linkify
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  This directive turns on linkification, auto-linking http, ftp and
+  https URLs. <code>a</code> tags with the <code>href</code> attribute
+  must be allowed.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt

@@ -0,0 +1,12 @@
+AutoFormat.PurifierLinkify.DocURL
+TYPE: string
+VERSION: 2.0.1
+DEFAULT: '#%s'
+ALIASES: AutoFormatParam.PurifierLinkifyDocURL
+--DESCRIPTION--
+<p>
+  Location of configuration documentation to link to, let %s substitute
+  into the configuration's namespace and directive names sans the percent
+  sign.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt

@@ -0,0 +1,12 @@
+AutoFormat.PurifierLinkify
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  Internal auto-formatter that converts configuration directives in
+  syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
+  with the <code>href</code> attribute must be allowed.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt

@@ -0,0 +1,11 @@
+AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array('td' => true, 'th' => true)
+--DESCRIPTION--
+<p>
+  When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
+  are enabled, this directive defines what HTML elements should not be
+  removede if they have only a non-breaking space in them.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt

@@ -0,0 +1,15 @@
+AutoFormat.RemoveEmpty.RemoveNbsp
+TYPE: bool
+VERSION: 4.0.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  When enabled, HTML Purifier will treat any elements that contain only
+  non-breaking spaces as well as regular whitespace as empty, and remove
+  them when %AutoForamt.RemoveEmpty is enabled.
+</p>
+<p>
+  See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements
+  that don't have this behavior applied to them.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt

@@ -0,0 +1,46 @@
+AutoFormat.RemoveEmpty
+TYPE: bool
+VERSION: 3.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  When enabled, HTML Purifier will attempt to remove empty elements that
+  contribute no semantic information to the document. The following types
+  of nodes will be removed:
+</p>
+<ul><li>
+    Tags with no attributes and no content, and that are not empty
+    elements (remove <code>&lt;a&gt;&lt;/a&gt;</code> but not
+    <code>&lt;br /&gt;</code>), and
+  </li>
+  <li>
+    Tags with no content, except for:<ul>
+      <li>The <code>colgroup</code> element, or</li>
+      <li>
+        Elements with the <code>id</code> or <code>name</code> attribute,
+        when those attributes are permitted on those elements.
+      </li>
+    </ul></li>
+</ul>
+<p>
+  Please be very careful when using this functionality; while it may not
+  seem that empty elements contain useful information, they can alter the
+  layout of a document given appropriate styling. This directive is most
+  useful when you are processing machine-generated HTML, please avoid using
+  it on regular user HTML.
+</p>
+<p>
+  Elements that contain only whitespace will be treated as empty. Non-breaking
+  spaces, however, do not count as whitespace. See
+  %AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
+</p>
+<p>
+  This algorithm is not perfect; you may still notice some empty tags,
+  particularly if a node had elements, but those elements were later removed
+  because they were not permitted in that context, or tags that, after
+  being auto-closed by another tag, where empty. This is for safety reasons
+  to prevent clever code from breaking validation. The general rule of thumb:
+  if a tag looked empty on the way in, it will get removed; if HTML Purifier
+  made it empty, it will stay.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt

@@ -0,0 +1,11 @@
+AutoFormat.RemoveSpansWithoutAttributes
+TYPE: bool
+VERSION: 4.0.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  This directive causes <code>span</code> tags without any attributes
+  to be removed. It will also remove spans that had all attributes
+  removed during processing.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt

@@ -0,0 +1,8 @@
+CSS.AllowImportant
+TYPE: bool
+DEFAULT: false
+VERSION: 3.1.0
+--DESCRIPTION--
+This parameter determines whether or not !important cascade modifiers should
+be allowed in user CSS. If false, !important will stripped.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt

@@ -0,0 +1,11 @@
+CSS.AllowTricky
+TYPE: bool
+DEFAULT: false
+VERSION: 3.1.0
+--DESCRIPTION--
+This parameter determines whether or not to allow "tricky" CSS properties and
+values. Tricky CSS properties/values can drastically modify page layout or
+be used for deceptive practices but do not directly constitute a security risk.
+For example, <code>display:none;</code> is considered a tricky property that
+will only be allowed if this directive is set to true.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt

@@ -0,0 +1,12 @@
+CSS.AllowedFonts
+TYPE: lookup/null
+VERSION: 4.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    Allows you to manually specify a set of allowed fonts.  If
+    <code>NULL</code>, all fonts are allowed.  This directive
+    affects generic names (serif, sans-serif, monospace, cursive,
+    fantasy) as well as specific font families.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt

@@ -0,0 +1,18 @@
+CSS.AllowedProperties
+TYPE: lookup/null
+VERSION: 3.1.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    If HTML Purifier's style attributes set is unsatisfactory for your needs,
+    you can overload it with your own list of tags to allow.  Note that this
+    method is subtractive: it does its job by taking away from HTML Purifier
+    usual feature set, so you cannot add an attribute that HTML Purifier never
+    supported in the first place.
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt

@@ -0,0 +1,11 @@
+CSS.DefinitionRev
+TYPE: int
+VERSION: 2.0.0
+DEFAULT: 1
+--DESCRIPTION--
+
+<p>
+    Revision identifier for your custom definition. See
+    %HTML.DefinitionRev for details.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt

@@ -0,0 +1,13 @@
+CSS.ForbiddenProperties
+TYPE: lookup
+VERSION: 4.2.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    This is the logical inverse of %CSS.AllowedProperties, and it will
+    override that directive or any other directive.  If possible,
+    %CSS.AllowedProperties is recommended over this directive,
+    because it can sometimes be difficult to tell whether or not you've
+    forbidden all of the CSS properties you truly would like to disallow.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt

@@ -0,0 +1,16 @@
+CSS.MaxImgLength
+TYPE: string/null
+DEFAULT: '1200px'
+VERSION: 3.1.1
+--DESCRIPTION--
+<p>
+ This parameter sets the maximum allowed length on <code>img</code> tags,
+ effectively the <code>width</code> and <code>height</code> properties.
+ Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
+ in place to prevent imagecrash attacks, disable with null at your own risk.
+ This directive is similar to %HTML.MaxImgLength, and both should be
+ concurrently edited, although there are
+ subtle differences in the input format (the CSS max is a number with
+ a unit).
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt

@@ -0,0 +1,10 @@
+CSS.Proprietary
+TYPE: bool
+VERSION: 3.0.0
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+    Whether or not to allow safe, proprietary CSS values.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt

@@ -0,0 +1,9 @@
+CSS.Trusted
+TYPE: bool
+VERSION: 4.2.1
+DEFAULT: false
+--DESCRIPTION--
+Indicates whether or not the user's CSS input is trusted or not. If the
+input is trusted, a more expansive set of allowed properties.  See
+also %HTML.Trusted.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt

@@ -0,0 +1,14 @@
+Cache.DefinitionImpl
+TYPE: string/null
+VERSION: 2.0.0
+DEFAULT: 'Serializer'
+--DESCRIPTION--
+
+This directive defines which method to use when caching definitions,
+the complex data-type that makes HTML Purifier tick. Set to null
+to disable caching (not recommended, as you will see a definite
+performance degradation).
+
+--ALIASES--
+Core.DefinitionCache
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt

@@ -0,0 +1,13 @@
+Cache.SerializerPath
+TYPE: string/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Absolute path with no trailing slash to store serialized definitions in.
+    Default is within the
+    HTML Purifier library inside DefinitionCache/Serializer. This
+    path must be writable by the webserver.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt

@@ -0,0 +1,11 @@
+Cache.SerializerPermissions
+TYPE: int
+VERSION: 4.3.0
+DEFAULT: 0755
+--DESCRIPTION--
+
+<p>
+    Directory permissions of the files and directories created inside
+    the DefinitionCache/Serializer or other custom serializer path.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt

@@ -0,0 +1,18 @@
+Core.AggressivelyFixLt
+TYPE: bool
+VERSION: 2.1.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    This directive enables aggressive pre-filter fixes HTML Purifier can
+    perform in order to ensure that open angled-brackets do not get killed
+    during parsing stage. Enabling this will result in two preg_replace_callback
+    calls and at least two preg_replace calls for every HTML document parsed;
+    if your users make very well-formed HTML, you can set this directive false.
+    This has no effect when DirectLex is used.
+</p>
+<p>
+    <strong>Notice:</strong> This directive's default turned from false to true
+    in HTML Purifier 3.2.0.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt

@@ -0,0 +1,16 @@
+Core.AllowHostnameUnderscore
+TYPE: bool
+VERSION: 4.6.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    By RFC 1123, underscores are not permitted in host names.
+    (This is in contrast to the specification for DNS, RFC
+    2181, which allows underscores.)
+    However, most browsers do the right thing when faced with
+    an underscore in the host name, and so some poorly written
+    websites are written with the expectation this should work.
+    Setting this parameter to true relaxes our allowed character
+    check so that underscores are permitted.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt

@@ -0,0 +1,12 @@
+Core.CollectErrors
+TYPE: bool
+VERSION: 2.0.0
+DEFAULT: false
+--DESCRIPTION--
+
+Whether or not to collect errors found while filtering the document. This
+is a useful way to give feedback to your users. <strong>Warning:</strong>
+Currently this feature is very patchy and experimental, with lots of
+possible error messages not yet implemented. It will not cause any
+problems, but it may not help your users either.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt

@@ -0,0 +1,29 @@
+Core.ColorKeywords
+TYPE: hash
+VERSION: 2.0.0
+--DEFAULT--
+array (
+  'maroon' => '#800000',
+  'red' => '#FF0000',
+  'orange' => '#FFA500',
+  'yellow' => '#FFFF00',
+  'olive' => '#808000',
+  'purple' => '#800080',
+  'fuchsia' => '#FF00FF',
+  'white' => '#FFFFFF',
+  'lime' => '#00FF00',
+  'green' => '#008000',
+  'navy' => '#000080',
+  'blue' => '#0000FF',
+  'aqua' => '#00FFFF',
+  'teal' => '#008080',
+  'black' => '#000000',
+  'silver' => '#C0C0C0',
+  'gray' => '#808080',
+)
+--DESCRIPTION--
+
+Lookup array of color names to six digit hexadecimal number corresponding
+to color, with preceding hash mark. Used when parsing colors.  The lookup
+is done in a case-insensitive manner.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt

@@ -0,0 +1,14 @@
+Core.ConvertDocumentToFragment
+TYPE: bool
+DEFAULT: true
+--DESCRIPTION--
+
+This parameter determines whether or not the filter should convert
+input that is a full document with html and body tags to a fragment
+of just the contents of a body tag. This parameter is simply something
+HTML Purifier can do during an edge-case: for most inputs, this
+processing is not necessary.
+
+--ALIASES--
+Core.AcceptFullDocuments
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt

@@ -0,0 +1,17 @@
+Core.DirectLexLineNumberSyncInterval
+TYPE: int
+VERSION: 2.0.0
+DEFAULT: 0
+--DESCRIPTION--
+
+<p>
+  Specifies the number of tokens the DirectLex line number tracking
+  implementations should process before attempting to resyncronize the
+  current line count by manually counting all previous new-lines. When
+  at 0, this functionality is disabled. Lower values will decrease
+  performance, and this is only strictly necessary if the counting
+  algorithm is buggy (in which case you should report it as a bug).
+  This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
+  not being used.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt

@@ -0,0 +1,14 @@
+Core.DisableExcludes
+TYPE: bool
+DEFAULT: false
+VERSION: 4.5.0
+--DESCRIPTION--
+<p>
+  This directive disables SGML-style exclusions, e.g. the exclusion of
+  <code>&lt;object&gt;</code> in any descendant of a
+  <code>&lt;pre&gt;</code> tag.  Disabling excludes will allow some
+  invalid documents to pass through HTML Purifier, but HTML Purifier
+  will also be less likely to accidentally remove large documents during
+  processing.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt

@@ -0,0 +1,9 @@
+Core.EnableIDNA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.4.0
+--DESCRIPTION--
+Allows international domain names in URLs.  This configuration option
+requires the PEAR Net_IDNA2 module to be installed.  It operates by
+punycoding any internationalized host names for maximum portability.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt

@@ -0,0 +1,15 @@
+Core.Encoding
+TYPE: istring
+DEFAULT: 'utf-8'
+--DESCRIPTION--
+If for some reason you are unable to convert all webpages to UTF-8, you can
+use this directive as a stop-gap compatibility change to let HTML Purifier
+deal with non UTF-8 input.  This technique has notable deficiencies:
+absolutely no characters outside of the selected character encoding will be
+preserved, not even the ones that have been ampersand escaped (this is due
+to a UTF-8 specific <em>feature</em> that automatically resolves all
+entities), making it pretty useless for anything except the most I18N-blind
+applications, although %Core.EscapeNonASCIICharacters offers fixes this
+trouble with another tradeoff. This directive only accepts ISO-8859-1 if
+iconv is not enabled.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt

@@ -0,0 +1,12 @@
+Core.EscapeInvalidChildren
+TYPE: bool
+DEFAULT: false
+--DESCRIPTION--
+<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
+
+<p>When true, a child is found that is not allowed in the context of the
+parent element will be transformed into text as if it were ASCII. When
+false, that element and all internal tags will be dropped, though text will
+be preserved.  There is no option for dropping the element but preserving
+child nodes.</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt

@@ -0,0 +1,7 @@
+Core.EscapeInvalidTags
+TYPE: bool
+DEFAULT: false
+--DESCRIPTION--
+When true, invalid tags will be written back to the document as plain text.
+Otherwise, they are silently dropped.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt

@@ -0,0 +1,13 @@
+Core.EscapeNonASCIICharacters
+TYPE: bool
+VERSION: 1.4.0
+DEFAULT: false
+--DESCRIPTION--
+This directive overcomes a deficiency in %Core.Encoding by blindly
+converting all non-ASCII characters into decimal numeric entities before
+converting it to its native encoding. This means that even characters that
+can be expressed in the non-UTF-8 encoding will be entity-ized, which can
+be a real downer for encodings like Big5. It also assumes that the ASCII
+repetoire is available, although this is the case for almost all encodings.
+Anyway, use UTF-8!
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt

@@ -0,0 +1,19 @@
+Core.HiddenElements
+TYPE: lookup
+--DEFAULT--
+array (
+  'script' => true,
+  'style' => true,
+)
+--DESCRIPTION--
+
+<p>
+  This directive is a lookup array of elements which should have their
+  contents removed when they are not allowed by the HTML definition.
+  For example, the contents of a <code>script</code> tag are not
+  normally shown in a document, so if script tags are to be removed,
+  their contents should be removed to. This is opposed to a <code>b</code>
+  tag, which defines some presentational changes but does not hide its
+  contents.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt

@@ -0,0 +1,10 @@
+Core.Language
+TYPE: string
+VERSION: 2.0.0
+DEFAULT: 'en'
+--DESCRIPTION--
+
+ISO 639 language code for localizable things in HTML Purifier to use,
+which is mainly error reporting. There is currently only an English (en)
+translation, so this directive is currently useless.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt

@@ -0,0 +1,34 @@
+Core.LexerImpl
+TYPE: mixed/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+  This parameter determines what lexer implementation can be used. The
+  valid values are:
+</p>
+<dl>
+  <dt><em>null</em></dt>
+  <dd>
+    Recommended, the lexer implementation will be auto-detected based on
+    your PHP-version and configuration.
+  </dd>
+  <dt><em>string</em> lexer identifier</dt>
+  <dd>
+    This is a slim way of manually overridding the implementation.
+    Currently recognized values are: DOMLex (the default PHP5
+implementation)
+    and DirectLex (the default PHP4 implementation). Only use this if
+    you know what you are doing: usually, the auto-detection will
+    manage things for cases you aren't even aware of.
+  </dd>
+  <dt><em>object</em> lexer instance</dt>
+  <dd>
+    Super-advanced: you can specify your own, custom, implementation that
+    implements the interface defined by <code>HTMLPurifier_Lexer</code>.
+    I may remove this option simply because I don't expect anyone
+    to use it.
+  </dd>
+</dl>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt

@@ -0,0 +1,16 @@
+Core.MaintainLineNumbers
+TYPE: bool/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+  If true, HTML Purifier will add line number information to all tokens.
+  This is useful when error reporting is turned on, but can result in
+  significant performance degradation and should not be used when
+  unnecessary. This directive must be used with the DirectLex lexer,
+  as the DOMLex lexer does not (yet) support this functionality.
+  If the value is null, an appropriate value will be selected based
+  on other configuration.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt

@@ -0,0 +1,11 @@
+Core.NormalizeNewlines
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    Whether or not to normalize newlines to the operating
+    system default.  When <code>false</code>, HTML Purifier
+    will attempt to preserve mixed newline files.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt

@@ -0,0 +1,12 @@
+Core.RemoveInvalidImg
+TYPE: bool
+DEFAULT: true
+VERSION: 1.3.0
+--DESCRIPTION--
+
+<p>
+  This directive enables pre-emptive URI checking in <code>img</code>
+  tags, as the attribute validation strategy is not authorized to
+  remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt

@@ -0,0 +1,11 @@
+Core.RemoveProcessingInstructions
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+Instead of escaping processing instructions in the form <code>&lt;? ...
+?&gt;</code>, remove it out-right.  This may be useful if the HTML
+you are validating contains XML processing instruction gunk, however,
+it can also be user-unfriendly for people attempting to post PHP
+snippets.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt

@@ -0,0 +1,12 @@
+Core.RemoveScriptContents
+TYPE: bool/null
+DEFAULT: NULL
+VERSION: 2.0.0
+DEPRECATED-VERSION: 2.1.0
+DEPRECATED-USE: Core.HiddenElements
+--DESCRIPTION--
+<p>
+  This directive enables HTML Purifier to remove not only script tags
+  but all of their contents.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt

@@ -0,0 +1,11 @@
+Filter.Custom
+TYPE: list
+VERSION: 3.1.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+  This directive can be used to add custom filters; it is nearly the
+  equivalent of the now deprecated <code>HTMLPurifier-&gt;addFilter()</code>
+  method. Specify an array of concrete implementations.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt

@@ -0,0 +1,14 @@
+Filter.ExtractStyleBlocks.Escaping
+TYPE: bool
+VERSION: 3.0.0
+DEFAULT: true
+ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
+--DESCRIPTION--
+
+<p>
+  Whether or not to escape the dangerous characters &lt;, &gt; and &amp;
+  as \3C, \3E and \26, respectively. This is can be safely set to false
+  if the contents of StyleBlocks will be placed in an external stylesheet,
+  where there is no risk of it being interpreted as HTML.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt

@@ -0,0 +1,29 @@
+Filter.ExtractStyleBlocks.Scope
+TYPE: string/null
+VERSION: 3.0.0
+DEFAULT: NULL
+ALIASES: Filter.ExtractStyleBlocksScope, FilterParam.ExtractStyleBlocksScope
+--DESCRIPTION--
+
+<p>
+  If you would like users to be able to define external stylesheets, but
+  only allow them to specify CSS declarations for a specific node and
+  prevent them from fiddling with other elements, use this directive.
+  It accepts any valid CSS selector, and will prepend this to any
+  CSS declaration extracted from the document. For example, if this
+  directive is set to <code>#user-content</code> and a user uses the
+  selector <code>a:hover</code>, the final selector will be
+  <code>#user-content a:hover</code>.
+</p>
+<p>
+  The comma shorthand may be used; consider the above example, with
+  <code>#user-content, #user-content2</code>, the final selector will
+  be <code>#user-content a:hover, #user-content2 a:hover</code>.
+</p>
+<p>
+  <strong>Warning:</strong> It is possible for users to bypass this measure
+  using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
+  Purifier, and I am working to get it fixed. Until then, HTML Purifier
+  performs a basic check to prevent this.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt

@@ -0,0 +1,16 @@
+Filter.ExtractStyleBlocks.TidyImpl
+TYPE: mixed/null
+VERSION: 3.1.0
+DEFAULT: NULL
+ALIASES: FilterParam.ExtractStyleBlocksTidyImpl
+--DESCRIPTION--
+<p>
+  If left NULL, HTML Purifier will attempt to instantiate a <code>csstidy</code>
+  class to use for internal cleaning. This will usually be good enough.
+</p>
+<p>
+  However, for trusted user input, you can set this to <code>false</code> to
+  disable cleaning. In addition, you can supply your own concrete implementation
+  of Tidy's interface to use, although I don't know why you'd want to do that.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt

@@ -0,0 +1,74 @@
+Filter.ExtractStyleBlocks
+TYPE: bool
+VERSION: 3.1.0
+DEFAULT: false
+EXTERNAL: CSSTidy
+--DESCRIPTION--
+<p>
+  This directive turns on the style block extraction filter, which removes
+  <code>style</code> blocks from input HTML, cleans them up with CSSTidy,
+  and places them in the <code>StyleBlocks</code> context variable, for further
+  use by you, usually to be placed in an external stylesheet, or a
+  <code>style</code> block in the <code>head</code> of your document.
+</p>
+<p>
+  Sample usage:
+</p>
+<pre><![CDATA[
+<?php
+    header('Content-type: text/html; charset=utf-8');
+    echo '<?xml version="1.0" encoding="UTF-8"?>';
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+  <title>Filter.ExtractStyleBlocks</title>
+<?php
+    require_once '/path/to/library/HTMLPurifier.auto.php';
+    require_once '/path/to/csstidy.class.php';
+
+    $dirty = '<style>body {color:#F00;}</style> Some text';
+
+    $config = HTMLPurifier_Config::createDefault();
+    $config->set('Filter', 'ExtractStyleBlocks', true);
+    $purifier = new HTMLPurifier($config);
+
+    $html = $purifier->purify($dirty);
+
+    // This implementation writes the stylesheets to the styles/ directory.
+    // You can also echo the styles inside the document, but it's a bit
+    // more difficult to make sure they get interpreted properly by
+    // browsers; try the usual CSS armoring techniques.
+    $styles = $purifier->context->get('StyleBlocks');
+    $dir = 'styles/';
+    if (!is_dir($dir)) mkdir($dir);
+    $hash = sha1($_GET['html']);
+    foreach ($styles as $i => $style) {
+        file_put_contents($name = $dir . $hash . "_$i");
+        echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />';
+    }
+?>
+</head>
+<body>
+  <div>
+    <?php echo $html; ?>
+  </div>
+</b]]><![CDATA[ody>
+</html>
+]]></pre>
+<p>
+  <strong>Warning:</strong> It is possible for a user to mount an
+  imagecrash attack using this CSS. Counter-measures are difficult;
+  it is not simply enough to limit the range of CSS lengths (using
+  relative lengths with many nesting levels allows for large values
+  to be attained without actually specifying them in the stylesheet),
+  and the flexible nature of selectors makes it difficult to selectively
+  disable lengths on image tags (HTML Purifier, however, does disable
+  CSS width and height in inline styling). There are probably two effective
+  counter measures: an explicit width and height set to auto in all
+  images in your document (unlikely) or the disabling of width and
+  height (somewhat reasonable). Whether or not these measures should be
+  used is left to the reader.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt

@@ -0,0 +1,16 @@
+Filter.YouTube
+TYPE: bool
+VERSION: 3.1.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  <strong>Warning:</strong> Deprecated in favor of %HTML.SafeObject and
+  %Output.FlashCompat (turn both on to allow YouTube videos and other
+  Flash content).
+</p>
+<p>
+  This directive enables YouTube video embedding in HTML Purifier. Check
+  <a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
+  on embedding videos</a> for more information on what this filter does.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt

@@ -0,0 +1,25 @@
+HTML.Allowed
+TYPE: itext/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    This is a preferred convenience directive that combines
+    %HTML.AllowedElements and %HTML.AllowedAttributes.
+    Specify elements and attributes that are allowed using:
+    <code>element1[attr1|attr2],element2...</code>.  For example,
+    if you would like to only allow paragraphs and links, specify
+    <code>a[href],p</code>.  You can specify attributes that apply
+    to all elements using an asterisk, e.g. <code>*[lang]</code>.
+    You can also use newlines instead of commas to separate elements.
+</p>
+<p>
+    <strong>Warning</strong>:
+    All of the constraints on the component directives are still enforced.
+    The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
+    whitelist: directly copy-pasting it here will probably result in
+    broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
+    are set, this directive has no effect.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt

@@ -0,0 +1,19 @@
+HTML.AllowedAttributes
+TYPE: lookup/null
+VERSION: 1.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    If HTML Purifier's attribute set is unsatisfactory, overload it!
+    The syntax is "tag.attr" or "*.attr" for the global attributes
+    (style, id, class, dir, lang, xml:lang).
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override. For
+    example, %HTML.EnableAttrID will take precedence over *.id in this
+    directive.  You must set that directive to true before you can use
+    IDs at all.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt

@@ -0,0 +1,10 @@
+HTML.AllowedComments
+TYPE: lookup
+VERSION: 4.4.0
+DEFAULT: array()
+--DESCRIPTION--
+A whitelist which indicates what explicit comment bodies should be
+allowed, modulo leading and trailing whitespace.  See also %HTML.AllowedCommentsRegexp
+(these directives are union'ed together, so a comment is considered
+valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt

@@ -0,0 +1,15 @@
+HTML.AllowedCommentsRegexp
+TYPE: string/null
+VERSION: 4.4.0
+DEFAULT: NULL
+--DESCRIPTION--
+A regexp, which if it matches the body of a comment, indicates that
+it should be allowed. Trailing and leading spaces are removed prior
+to running this regular expression.
+<strong>Warning:</strong> Make sure you specify
+correct anchor metacharacters <code>^regex$</code>, otherwise you may accept
+comments that you did not mean to! In particular, the regex <code>/foo|bar/</code>
+is probably not sufficiently strict, since it also allows <code>foobar</code>.
+See also %HTML.AllowedComments (these directives are union'ed together,
+so a comment is considered valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt

@@ -0,0 +1,23 @@
+HTML.AllowedElements
+TYPE: lookup/null
+VERSION: 1.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    If HTML Purifier's tag set is unsatisfactory for your needs, you can
+    overload it with your own list of tags to allow.  If you change
+    this, you probably also want to change %HTML.AllowedAttributes; see
+    also %HTML.Allowed which lets you set allowed elements and
+    attributes at the same time.
+</p>
+<p>
+    If you attempt to allow an element that HTML Purifier does not know
+    about, HTML Purifier will raise an error.  You will need to manually
+    tell HTML Purifier about this element by using the
+    <a href="http://htmlpurifier.org/docs/enduser-customize.html">advanced customization features.</a>
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt

@@ -0,0 +1,20 @@
+HTML.AllowedModules
+TYPE: lookup/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    A doctype comes with a set of usual modules to use. Without having
+    to mucking about with the doctypes, you can quickly activate or
+    disable these modules by specifying which modules you wish to allow
+    with this directive. This is most useful for unit testing specific
+    modules, although end users may find it useful for their own ends.
+</p>
+<p>
+    If you specify a module that does not exist, the manager will silently
+    fail to use it, so be careful! User-defined modules are not affected
+    by this directive. Modules defined in %HTML.CoreModules are not
+    affected by this directive.
+</p>
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt

@@ -0,0 +1,11 @@
+HTML.Attr.Name.UseCDATA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.0.0
+--DESCRIPTION--
+The W3C specification DTD defines the name attribute to be CDATA, not ID, due
+to limitations of DTD.  In certain documents, this relaxed behavior is desired,
+whether it is to specify duplicate names, or to specify names that would be
+illegal IDs (for example, names that begin with a digit.) Set this configuration
+directive to true to use the relaxed parsing rules.
+--# vim: et sw=4 sts=4

lib/purifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt

@@ -0,0 +1,18 @@
+HTML.BlockWrapper
+TYPE: string
+VERSION: 1.3.0
+DEFAULT: 'p'
+--DESCRIPTION--
+
+<p>
+    String name of element to wrap inline elements that are inside a block
+    context.  This only occurs in the children of blockquote in strict mode.
+</p>
+<p>
+    Example: by default value,
+    <code>&lt;blockquote&gt;Foo&lt;/blockquote&gt;</code> would become
+    <code>&lt;blockquote&gt;&lt;p&gt;Foo&lt;/p&gt;&lt;/blockquote&gt;</code>.
+    The <code>&lt;p&gt;</code> tags can be replaced with whatever you desire,
+    as long as it is a block level element.
+</p>
+--# vim: et sw=4 sts=4