mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
fac747bdbd
With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
112 lines
2.6 KiB
PHP
112 lines
2.6 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Validates a URI as defined by RFC 3986.
|
|
* @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
|
|
*/
|
|
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
|
{
|
|
|
|
/**
|
|
* @type HTMLPurifier_URIParser
|
|
*/
|
|
protected $parser;
|
|
|
|
/**
|
|
* @type bool
|
|
*/
|
|
protected $embedsResource;
|
|
|
|
/**
|
|
* @param bool $embeds_resource Does the URI here result in an extra HTTP request?
|
|
*/
|
|
public function __construct($embeds_resource = false)
|
|
{
|
|
$this->parser = new HTMLPurifier_URIParser();
|
|
$this->embedsResource = (bool)$embeds_resource;
|
|
}
|
|
|
|
/**
|
|
* @param string $string
|
|
* @return HTMLPurifier_AttrDef_URI
|
|
*/
|
|
public function make($string)
|
|
{
|
|
$embeds = ($string === 'embedded');
|
|
return new HTMLPurifier_AttrDef_URI($embeds);
|
|
}
|
|
|
|
/**
|
|
* @param string $uri
|
|
* @param HTMLPurifier_Config $config
|
|
* @param HTMLPurifier_Context $context
|
|
* @return bool|string
|
|
*/
|
|
public function validate($uri, $config, $context)
|
|
{
|
|
if ($config->get('URI.Disable')) {
|
|
return false;
|
|
}
|
|
|
|
$uri = $this->parseCDATA($uri);
|
|
|
|
// parse the URI
|
|
$uri = $this->parser->parse($uri);
|
|
if ($uri === false) {
|
|
return false;
|
|
}
|
|
|
|
// add embedded flag to context for validators
|
|
$context->register('EmbeddedURI', $this->embedsResource);
|
|
|
|
$ok = false;
|
|
do {
|
|
|
|
// generic validation
|
|
$result = $uri->validate($config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// chained filtering
|
|
$uri_def = $config->getDefinition('URI');
|
|
$result = $uri_def->filter($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// scheme-specific validation
|
|
$scheme_obj = $uri->getSchemeObj($config, $context);
|
|
if (!$scheme_obj) {
|
|
break;
|
|
}
|
|
if ($this->embedsResource && !$scheme_obj->browsable) {
|
|
break;
|
|
}
|
|
$result = $scheme_obj->validate($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// Post chained filtering
|
|
$result = $uri_def->postFilter($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// survived gauntlet
|
|
$ok = true;
|
|
|
|
} while (false);
|
|
|
|
$context->destroy('EmbeddedURI');
|
|
if (!$ok) {
|
|
return false;
|
|
}
|
|
// back to string
|
|
return $uri->toString();
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|