diff --git a/phpgwapi/inc/htmLawed/htmLawed.php b/phpgwapi/inc/htmLawed/htmLawed.php index 0c6dff1415..f787cde7e2 100644 --- a/phpgwapi/inc/htmLawed/htmLawed.php +++ b/phpgwapi/inc/htmLawed/htmLawed.php @@ -1,9 +1,9 @@ $v){ - if(((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k])) or isset($rl[$k])) && ((!isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])) && (isset($aN[$k][$e]) or (isset($aNU[$k]) && !isset($aNU[$k][$e])))){ + if(((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k])) && (isset($aN[$k][$e]) or (isset($aNU[$k]) && !isset($aNU[$k][$e]))) && !isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])){ if(isset($aNE[$k])){$v = $k;} elseif(!empty($lcase) && (($e != 'button' or $e != 'input') or $k == 'type')){ // Rather loose but ?not cause issues $v = (isset($aNL[($v2 = strtolower($v))])) ? $v2 : $v; @@ -624,7 +624,7 @@ if($e == 'u'){$e = 'span'; return 'text-decoration: underline;';} static $fs = array('0'=>'xx-small', '1'=>'xx-small', '2'=>'small', '3'=>'medium', '4'=>'large', '5'=>'x-large', '6'=>'xx-large', '7'=>'300%', '-1'=>'smaller', '-2'=>'60%', '+1'=>'larger', '+2'=>'150%', '+3'=>'200%', '+4'=>'300%'); if($e == 'font'){ $a2 = ''; - if(preg_match('`face\s*=\s*(\'|")([^=]+?)\\1`i', $a, $m) or preg_match('`face\s*=\s*([^"])(\S+)`i', $a, $m)){ + if(preg_match('`face\s*=\s*(\'|")([^=]+?)\\1`i', $a, $m) or preg_match('`face\s*=(\s*)(\S+)`i', $a, $m)){ $a2 .= ' font-family: '. str_replace('"', '\'', trim($m[2])). ';'; } if(preg_match('`color\s*=\s*(\'|")?(.+?)(\\1|\s|$)`i', $a, $m)){ @@ -688,7 +688,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array( function hl_version(){ // rel -return '1.1.11'; +return '1.1.13'; // eof } diff --git a/phpgwapi/inc/htmLawed/htmLawedTest.php b/phpgwapi/inc/htmLawed/htmLawedTest.php index 581beaa256..136c9575d9 100644 --- a/phpgwapi/inc/htmLawed/htmLawedTest.php +++ b/phpgwapi/inc/htmLawed/htmLawedTest.php @@ -1,10 +1,10 @@ Input code » ', strlen($_POST['text']), ' chars, ~', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), ' tag', ($tag > 1 ? 's' : ''), ' ', (!isset($_POST['text'][$_hlimit]) ? ' Input binary » ' : ''), ' Finalized internal settings »  ', '
Output » htmLawed processing time ', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), ' s', (($mem = memory_get_peak_usage()) !== false ? ', peak memory usage '. round(($mem-$pre_mem)/1048576, 2). ' MB' : ''), '
'; + echo '
Input code » ', strlen($_POST['text']), ' chars, ~', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), ' tag', ($tag > 1 ? 's' : ''), ' ', (!isset($_POST['text'][$_hlimit]) ? ' Input binary » ' : ''), ' Finalized internal settings »  ', '
Output » htmLawed processing time ', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), ' s', (($mem = memory_get_peak_usage()) !== false ? ', peak memory usage '. round(($mem-$pre_mem)/1048576, 2). ' MB' : ''), '
'; if($_w3c_validate && $validation) { ?> diff --git a/phpgwapi/inc/htmLawed/htmLawed_README.htm b/phpgwapi/inc/htmLawed/htmLawed_README.htm index aac76e2444..4589ef1aa7 100644 --- a/phpgwapi/inc/htmLawed/htmLawed_README.htm +++ b/phpgwapi/inc/htmLawed/htmLawed_README.htm @@ -110,10 +110,10 @@ span.totop a, span.totop a:visited {color: #6699cc;}

-
htmLawed_README.txt, 5 June 2012
-htmLawed 1.1.11, 5 June 2012
+
htmLawed_README.txt, 22 July 2012
+htmLawed 1.1.13, 22 July 2012
Copyright Santosh Patnaik
-Dual licensed with LGPL 3 and GPL 2 or later
+Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed 

@@ -170,6 +170,7 @@ A PHP Labware internal utility - id attribute values  ^~`
  *  double-quote attribute values  ^
  *  lower-case standard attribute values like password  ^`
+  *  permit custom, non-standard attributes as well as custom rules for standard attributes  ~`

  *  attribute-specific URL protocol/scheme restriction  *~`
  *  disable dynamic expressions in style values  *~`
@@ -222,7 +223,7 @@ A PHP Labware internal utility - 1.4  License & copyright (to top)

-  htmLawed is free and open-source software dual licensed under LGPL license version 3 and GPL license version 2 or later, and copyrighted by Santosh Patnaik, MD, PhD.
+  htmLawed is free and open-source software dual licensed under LGPL license version 3, and GPL license version 2 (or later), and copyrighted by Santosh Patnaik, MD, PhD.

@@ -258,7 +259,7 @@ A PHP Labware internal utility - demo (htmLawed.php and htmLawedTest.php should be in the same directory on the web-server).

Note: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the htmLawed website; the filtering itself can be configured, etc., as described here.
Note: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to this page on the htmLawed website; the filtering itself can be configured, etc., as described here.

2.1  Simple @@ -558,6 +559,14 @@ A PHP Labware internal utility - ;, ,, /, (, ), |, ~ and space have special meanings in the rules. Words in the rules that use such characters, or the characters themselves, should be escaped by enclosing in pairs of double-quotes ("). A back-tick (`) can be used to escape a literal ". An example rule illustrating this is input=value(maxlen=30/match="/^\w/"/default="your `"ID`"").

  Note: To deny an attribute for all elements for which it is legal, $config["deny_attribute"] (see section 3.4) can be used instead of $spec. Also, attributes can be allowed element-specifically through $spec while being denied globally through $config["deny_attribute"]. The hook_tag parameter (section 3.4.9) can also be used to implement the $spec functionality.
+
$spec can also be used to permit custom, non-standard attributes as well as custom rules for standard attributes. Thus, the following value of $spec will permit the custom uses of the standard rel attribute in input (not permitted as per standards) and of a non-standard attribute, vFlag, in img.
+
+ +    $spec = 'img=vFlag; input=rel' +
+
+  The attribute names can contain alphabets, colons (:) and hyphens (-) but must start with an alphabet.

@@ -1158,7 +1167,7 @@ A PHP Labware internal utility - 1 is useful, e.g., when a writer previews his submission, whereas one like 3 is useful before content is finalized and made available to all.

Note: In the example above, unlike <*>, <xml> gets considered as a tag (even though there is no HTML element named xml). In general, text matching the regular expression pattern <(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?> is considered a tag (phrase enclosed by the angled brackets < and >, and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...).
Note: In the example above, unlike <*>, <xml> gets considered as a tag (even though there is no HTML element named xml). Thus, the keep_bad parameter's value affects <xml> but not <*>. In general, text matching the regular expression pattern <(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?> is considered a tag (phrase enclosed by the angled brackets < and >, and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...), and is subjected to the keep_bad value.

  Nesting/content rules for each of the 86 elements in htmLawed's default set (see section 3.3) are defined in function hl_bal(). This means that if a non-standard element besides embed is being permitted through $config["elements"], the element's tag content will end up getting removed if $config["balance"] is set to 1.

@@ -1206,7 +1215,7 @@ A PHP Labware internal utility - 3.4  Attributes

(to top)

-  htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the embed element (the non-standard embed element is supported in htmLawed because of its widespread use), and the the xml:space attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in section 5.2.
+  htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the embed element (the non-standard embed element is supported in htmLawed because of its widespread use), and the the xml:space attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in section 5.2. Using the $spec argument, htmLawed can be forced to permit custom, non-standard attributes as well as custom rules for standard attributes (section 2.3).

  When $config["deny_attribute"] is not set, or set to 0, or empty (""), all the 111 attributes are permitted. Otherwise, $config["deny_attribute"] can be set as a list of comma-separated names of the denied attributes. on* can be used to refer to the group of potentially dangerous, script-accepting attributes: onblur, onchange, onclick, ondblclick, onfocus, onkeydown, onkeypress, onkeyup, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onreset, onselect and onsubmit.

@@ -1539,7 +1548,7 @@ A PHP Labware internal utility -       // If second argument is not received, it means a closing tag is being handled
-      if(ctype_digit($attribute_array)){ +      if(is_numeric($attribute_array)){
        return "</$element>"; @@ -1731,6 +1740,10 @@ A PHP Labware internal utility - face attribute
+
  1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. $config["hook_tag"], if specified, now receives names of elements in closing tags.

  1.1.10 - 22 October 2011. Fix for a bug in the tidy functionality that caused the entire input to be replaced with a single space; new parameter, $config["direct_list_nest"] to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.)
@@ -1795,9 +1808,9 @@ A PHP Labware internal utility - htmLawed.php (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content.

Important  The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes:
Important  The following upgrades may affect the functionality of a specific htmLawed installation:

-  (1) From version 1.1-1.1.10 to 1.1.11, if a hook_tag function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a hook_tag function receives only the element name. The hook_tag function therefore may have to be edited. See section 3.4.9.
+  (1) From version 1.1-1.1.10 to 1.1.11 (or later), if a hook_tag function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a hook_tag function receives only the element name. The hook_tag function therefore may have to be edited. See section 3.4.9.

  Old versions of htmLawed may be available online. E.g., for version 1.0, check http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip.
@@ -2119,8 +2132,8 @@ A PHP Labware internal utility - HTM version of htmLawed_README.txt generated on 06 Jun, 2012 using rTxt2htm from PHP Labware +


HTM version of htmLawed_README.txt generated on 22 Jul, 2012 using rTxt2htm from PHP Labware

- \ No newline at end of file + diff --git a/phpgwapi/inc/htmLawed/htmLawed_README.txt b/phpgwapi/inc/htmLawed/htmLawed_README.txt index a4cff6e308..33b1d7fa42 100644 --- a/phpgwapi/inc/htmLawed/htmLawed_README.txt +++ b/phpgwapi/inc/htmLawed/htmLawed_README.txt @@ -1,8 +1,8 @@ /* -htmLawed_README.txt, 5 June 2012 -htmLawed 1.1.11, 5 June 2012 +htmLawed_README.txt, 22 July 2012 +htmLawed 1.1.13, 22 July 2012 Copyright Santosh Patnaik -Dual licensed with LGPL 3 and GPL 2 or later +Dual licensed with LGPL 3 and GPL 2+ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed */ @@ -121,6 +121,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern * ensure *unique* 'id' attribute values ^~` * *double-quote* attribute values ^ * lower-case *standard attribute values* like 'password' ^` + * permit custom, non-standard attributes as well as custom rules for standard attributes ~` * *attribute-specific URL protocol/scheme restriction* *~` * disable *dynamic expressions* in 'style' values *~` @@ -171,7 +172,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 1.4 License & copyright ----------------------------------------o - htmLawed is free and open-source software dual licensed under LGPL license version 3:- http://www.gnu.org/licenses/lgpl-3.0.txt and GPL license version 2:- http://www.gnu.org/licenses/gpl-2.0.txt or later, and copyrighted by Santosh Patnaik, MD, PhD. + htmLawed is free and open-source software dual licensed under LGPL license version 3:- http://www.gnu.org/licenses/lgpl-3.0.txt, and GPL license version 2:- http://www.gnu.org/licenses/gpl-2.0.txt (or later), and copyrighted by Santosh Patnaik, MD, PhD. -- 1.5 Terms used here --------------------------------------------o @@ -204,7 +205,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern To easily *test* htmLawed using a form-based interface, use the provided demo:- htmLawedTest.php ('htmLawed.php' and 'htmLawedTest.php' should be in the same directory on the web-server). - *Note*: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the htmLawed:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed website; the filtering itself can be configured, etc., as described here. + *Note*: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to this page:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/oop.htm on the htmLawed website; the filtering itself can be configured, etc., as described here. -- 2.1 Simple ------------------------------------------------------ @@ -486,6 +487,12 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern *Special characters*: The characters ';', ',', '/', '(', ')', '|', '~' and space have special meanings in the rules. Words in the rules that use such characters, or the characters themselves, should be `escaped` by enclosing in pairs of double-quotes ('"'). A back-tick ('`') can be used to escape a literal '"'. An example rule illustrating this is 'input=value(maxlen=30/match="/^\w/"/default="your `"ID`"")'. *Note*: To deny an attribute for all elements for which it is legal, '$config["deny_attribute"]' (see section:- #3.4) can be used instead of '$spec'. Also, attributes can be allowed element-specifically through '$spec' while being denied globally through '$config["deny_attribute"]'. The 'hook_tag' parameter (section:- #3.4.9) can also be used to implement the '$spec' functionality. + + '$spec' can also be used to permit custom, non-standard attributes as well as custom rules for standard attributes. Thus, the following value of '$spec' will permit the custom uses of the standard 'rel' attribute in 'input' (not permitted as per standards) and of a non-standard attribute, 'vFlag', in 'img'. + + $spec = 'img=vFlag; input=rel' + + The attribute names can contain alphabets, colons (:) and hyphens (-) but must start with an alphabet. -- 2.4 Performance time & memory usage ----------------------------o @@ -924,7 +931,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern An option like '1' is useful, e.g., when a writer previews his submission, whereas one like '3' is useful before content is finalized and made available to all. - *Note:* In the example above, unlike '<*>', '' gets considered as a tag (even though there is no HTML element named 'xml'). In general, text matching the regular expression pattern '<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>' is considered a tag (phrase enclosed by the angled brackets '<' and '>', and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...). + *Note:* In the example above, unlike '<*>', '' gets considered as a tag (even though there is no HTML element named 'xml'). Thus, the 'keep_bad' parameter's value affects '' but not '<*>'. In general, text matching the regular expression pattern '<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>' is considered a tag (phrase enclosed by the angled brackets '<' and '>', and starting [with an optional slash preceding] with an alphanumeric word that starts with an alphabet...), and is subjected to the 'keep_bad' value. Nesting/content rules for each of the 86 elements in htmLawed's default set (see section:- #3.3) are defined in function 'hl_bal()'. This means that if a non-standard element besides 'embed' is being permitted through '$config["elements"]', the element's tag content will end up getting removed if '$config["balance"]' is set to '1'. @@ -966,7 +973,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 3.4 Attributes ------------------------------------------------oo - htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the 'embed' element (the non-standard 'embed' element is supported in htmLawed because of its widespread use), and the the 'xml:space' attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in section:- #5.2. + htmLawed will only permit attributes described in the HTML specs (including deprecated ones). It also permits some attributes for use with the 'embed' element (the non-standard 'embed' element is supported in htmLawed because of its widespread use), and the the 'xml:space' attribute (valid only in XHTML 1.1). A list of such 111 attributes and the elements they are allowed in is in section:- #5.2. Using the '$spec' argument, htmLawed can be forced to permit custom, non-standard attributes as well as custom rules for standard attributes (section:- #2.3). When '$config["deny_attribute"]' is not set, or set to '0', or empty ('""'), all the 111 attributes are permitted. Otherwise, '$config["deny_attribute"]' can be set as a list of comma-separated names of the denied attributes. 'on*' can be used to refer to the group of potentially dangerous, script-accepting attributes: 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onreset', 'onselect' and 'onsubmit'. @@ -1194,7 +1201,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern function my_tag_function($element, $attribute_array=0){ // If second argument is not received, it means a closing tag is being handled - if(ctype_digit($attribute_array)){ + if(is_numeric($attribute_array)){ return ""; } @@ -1321,6 +1328,10 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern `Version number - Release date. Notes` + 1.1.13 - 22 July 2012. Added feature allowing use of custom, non-standard attributes or custom rules for standard attributes + + 1.1.12 - 5 July 2012. Fix for a bug in identifying an unquoted value of the 'face' attribute + 1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. '$config["hook_tag"]', if specified, now receives names of elements in closing tags. 1.1.10 - 22 October 2011. Fix for a bug in the 'tidy' functionality that caused the entire input to be replaced with a single space; new parameter, '$config["direct_list_nest"]' to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.) @@ -1383,9 +1394,9 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern Upgrading is as simple as replacing the previous version of 'htmLawed.php' (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content. - *Important* The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes: + *Important* The following upgrades may affect the functionality of a specific htmLawed installation: - (1) From version 1.1-1.1.10 to 1.1.11, if a 'hook_tag' function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a 'hook_tag' function receives only the element name. The 'hook_tag' function therefore may have to be edited. See section:- #3.4.9. + (1) From version 1.1-1.1.10 to 1.1.11 (or later), if a 'hook_tag' function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a 'hook_tag' function receives only the element name. The 'hook_tag' function therefore may have to be edited. See section:- #3.4.9. Old versions of htmLawed may be available online. E.g., for version 1.0, check http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip. @@ -1698,4 +1709,4 @@ ___________________________________________________________________oo @@encoding: utf-8 @@keywords: htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements @@language: en -@@title: htmLawed documentation \ No newline at end of file +@@title: htmLawed documentation diff --git a/phpgwapi/inc/htmLawed/htmLawed_TESTCASE.txt b/phpgwapi/inc/htmLawed/htmLawed_TESTCASE.txt index 793a5a6a7e..6a266f0271 100644 --- a/phpgwapi/inc/htmLawed/htmLawed_TESTCASE.txt +++ b/phpgwapi/inc/htmLawed/htmLawed_TESTCASE.txt @@ -1,8 +1,8 @@ /* -htmLawed_TESTCASE.txt, 22 October 2011 -htmLawed 1.1.11, 5 June 2012 +htmLawed_TESTCASE.txt, 22 July 2012 +htmLawed 1.1.13, 22 July 2012 Copyright Santosh Patnaik -Dual licensed with LGPL 3 and GPL 2 or later +Dual licensed with LGPL 3 and GPL 2+ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed */ @@ -27,6 +27,7 @@ character encoding to Unicode/UTF-8 Duplicated: a
Deprecated: a,

Casing:
+Custom: image
Admin-restricted?:
Attribute values
@@ -266,6 +267,12 @@ I am X but people call me www.xy.com
+
Microsoft Word
+ +Proprietary tag:

 


+XML declaration:
+XML-invalid character code-point (may not replicate):

“Where is he?” asked both Mary – the one so lovely – and Jane.

+
Non-English text-1
Inscrieţi-vă acum la a Zecea Conferinţă Internaţională
@@ -393,4 +400,15 @@ script:eval(document.all.mycode.expr)')">hi
3 < 4
3 > 4
- > 3
\ No newline at end of file + > 3
+<._.> hi!
+<<< ALERT >>>
+if(13age){say 'teen'}
+age >51 and a smoking history of >51 pack-years was
+age > 51 and a smoking history of >51 pack-years was
+age <51 and a smoking history of <51 pack-years was
+age < 51 and a smoking history of < 51 pack-years was
+age >51 and a smoking history of >51 pack-years
+age > 51 and a smoking history of >51 pack-years
+age <51 and a smoking history of <51 pack-years
+age < 51 and a smoking history of < 51 pack-years
\ No newline at end of file