2010-09-09 05:14:17 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validates a URI as defined by RFC 3986.
|
|
|
|
|
* @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
|
|
|
|
|
*/
|
|
|
|
|
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
|
|
|
|
{
|
|
|
|
|
|
2016-02-09 11:06:17 +01:00
|
|
|
/**
|
|
|
|
|
* @type HTMLPurifier_URIParser
|
|
|
|
|
*/
|
2010-09-09 05:14:17 +02:00
|
|
|
protected $parser;
|
2016-02-09 11:06:17 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @type bool
|
|
|
|
|
*/
|
2010-09-09 05:14:17 +02:00
|
|
|
protected $embedsResource;
|
|
|
|
|
|
|
|
|
|
/**
|
2016-02-09 11:06:17 +01:00
|
|
|
* @param bool $embeds_resource Does the URI here result in an extra HTTP request?
|
2010-09-09 05:14:17 +02:00
|
|
|
*/
|
2016-02-09 11:06:17 +01:00
|
|
|
public function __construct($embeds_resource = false)
|
|
|
|
|
{
|
2010-09-09 05:14:17 +02:00
|
|
|
$this->parser = new HTMLPurifier_URIParser();
|
2016-02-09 11:06:17 +01:00
|
|
|
$this->embedsResource = (bool)$embeds_resource;
|
2010-09-09 05:14:17 +02:00
|
|
|
}
|
|
|
|
|
|
2016-02-09 11:06:17 +01:00
|
|
|
/**
|
|
|
|
|
* @param string $string
|
|
|
|
|
* @return HTMLPurifier_AttrDef_URI
|
|
|
|
|
*/
|
|
|
|
|
public function make($string)
|
|
|
|
|
{
|
|
|
|
|
$embeds = ($string === 'embedded');
|
2010-09-09 05:14:17 +02:00
|
|
|
return new HTMLPurifier_AttrDef_URI($embeds);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-09 11:06:17 +01:00
|
|
|
/**
|
|
|
|
|
* @param string $uri
|
|
|
|
|
* @param HTMLPurifier_Config $config
|
|
|
|
|
* @param HTMLPurifier_Context $context
|
|
|
|
|
* @return bool|string
|
|
|
|
|
*/
|
|
|
|
|
public function validate($uri, $config, $context)
|
|
|
|
|
{
|
|
|
|
|
if ($config->get('URI.Disable')) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
$uri = $this->parseCDATA($uri);
|
|
|
|
|
|
|
|
|
|
// parse the URI
|
|
|
|
|
$uri = $this->parser->parse($uri);
|
2016-02-09 11:06:17 +01:00
|
|
|
if ($uri === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
// add embedded flag to context for validators
|
|
|
|
|
$context->register('EmbeddedURI', $this->embedsResource);
|
|
|
|
|
|
|
|
|
|
$ok = false;
|
|
|
|
|
do {
|
|
|
|
|
|
|
|
|
|
// generic validation
|
|
|
|
|
$result = $uri->validate($config, $context);
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$result) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
// chained filtering
|
|
|
|
|
$uri_def = $config->getDefinition('URI');
|
|
|
|
|
$result = $uri_def->filter($uri, $config, $context);
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$result) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
// scheme-specific validation
|
|
|
|
|
$scheme_obj = $uri->getSchemeObj($config, $context);
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$scheme_obj) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if ($this->embedsResource && !$scheme_obj->browsable) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
$result = $scheme_obj->validate($uri, $config, $context);
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$result) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
// Post chained filtering
|
|
|
|
|
$result = $uri_def->postFilter($uri, $config, $context);
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$result) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
|
|
|
|
|
// survived gauntlet
|
|
|
|
|
$ok = true;
|
|
|
|
|
|
|
|
|
|
} while (false);
|
|
|
|
|
|
|
|
|
|
$context->destroy('EmbeddedURI');
|
2016-02-09 11:06:17 +01:00
|
|
|
if (!$ok) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-09-09 05:14:17 +02:00
|
|
|
// back to string
|
|
|
|
|
return $uri->toString();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// vim: et sw=4 sts=4
|
