first commit
This commit is contained in:
aschwarz
111
htmlpurifier-4.10.0/library/HTMLPurifier/AttrDef/URI.php
Executable file
111
htmlpurifier-4.10.0/library/HTMLPurifier/AttrDef/URI.php
Executable file
@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Validates a URI as defined by RFC 3986.
|
||||
* @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
|
||||
*/
|
||||
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_URIParser
|
||||
*/
|
||||
protected $parser;
|
||||
|
||||
/**
|
||||
* @type bool
|
||||
*/
|
||||
protected $embedsResource;
|
||||
|
||||
/**
|
||||
* @param bool $embeds_resource Does the URI here result in an extra HTTP request?
|
||||
*/
|
||||
public function __construct($embeds_resource = false)
|
||||
{
|
||||
$this->parser = new HTMLPurifier_URIParser();
|
||||
$this->embedsResource = (bool)$embeds_resource;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $string
|
||||
* @return HTMLPurifier_AttrDef_URI
|
||||
*/
|
||||
public function make($string)
|
||||
{
|
||||
$embeds = ($string === 'embedded');
|
||||
return new HTMLPurifier_AttrDef_URI($embeds);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $uri
|
||||
* @param HTMLPurifier_Config $config
|
||||
* @param HTMLPurifier_Context $context
|
||||
* @return bool|string
|
||||
*/
|
||||
public function validate($uri, $config, $context)
|
||||
{
|
||||
if ($config->get('URI.Disable')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$uri = $this->parseCDATA($uri);
|
||||
|
||||
// parse the URI
|
||||
$uri = $this->parser->parse($uri);
|
||||
if ($uri === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// add embedded flag to context for validators
|
||||
$context->register('EmbeddedURI', $this->embedsResource);
|
||||
|
||||
$ok = false;
|
||||
do {
|
||||
|
||||
// generic validation
|
||||
$result = $uri->validate($config, $context);
|
||||
if (!$result) {
|
||||
break;
|
||||
}
|
||||
|
||||
// chained filtering
|
||||
$uri_def = $config->getDefinition('URI');
|
||||
$result = $uri_def->filter($uri, $config, $context);
|
||||
if (!$result) {
|
||||
break;
|
||||
}
|
||||
|
||||
// scheme-specific validation
|
||||
$scheme_obj = $uri->getSchemeObj($config, $context);
|
||||
if (!$scheme_obj) {
|
||||
break;
|
||||
}
|
||||
if ($this->embedsResource && !$scheme_obj->browsable) {
|
||||
break;
|
||||
}
|
||||
$result = $scheme_obj->validate($uri, $config, $context);
|
||||
if (!$result) {
|
||||
break;
|
||||
}
|
||||
|
||||
// Post chained filtering
|
||||
$result = $uri_def->postFilter($uri, $config, $context);
|
||||
if (!$result) {
|
||||
break;
|
||||
}
|
||||
|
||||
// survived gauntlet
|
||||
$ok = true;
|
||||
|
||||
} while (false);
|
||||
|
||||
$context->destroy('EmbeddedURI');
|
||||
if (!$ok) {
|
||||
return false;
|
||||
}
|
||||
// back to string
|
||||
return $uri->toString();
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
Reference in New Issue
Block a user