]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /**\r | |
4 | * Validates the HTML attribute ID.\r | |
5 | * @warning Even though this is the id processor, it\r | |
6 | * will ignore the directive Attr:IDBlacklist, since it will only\r | |
7 | * go according to the ID accumulator. Since the accumulator is\r | |
8 | * automatically generated, it will have already absorbed the\r | |
9 | * blacklist. If you're hacking around, make sure you use load()!\r | |
10 | */\r | |
11 | \r | |
12 | class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef\r | |
13 | {\r | |
14 | \r | |
15 | // selector is NOT a valid thing to use for IDREFs, because IDREFs\r | |
16 | // *must* target IDs that exist, whereas selector #ids do not.\r | |
17 | \r | |
18 | /**\r | |
19 | * Determines whether or not we're validating an ID in a CSS\r | |
20 | * selector context.\r | |
21 | * @type bool\r | |
22 | */\r | |
23 | protected $selector;\r | |
24 | \r | |
25 | /**\r | |
26 | * @param bool $selector\r | |
27 | */\r | |
28 | public function __construct($selector = false)\r | |
29 | {\r | |
30 | $this->selector = $selector;\r | |
31 | }\r | |
32 | \r | |
33 | /**\r | |
34 | * @param string $id\r | |
35 | * @param HTMLPurifier_Config $config\r | |
36 | * @param HTMLPurifier_Context $context\r | |
37 | * @return bool|string\r | |
38 | */\r | |
39 | public function validate($id, $config, $context)\r | |
40 | {\r | |
41 | if (!$this->selector && !$config->get('Attr.EnableID')) {\r | |
42 | return false;\r | |
43 | }\r | |
44 | \r | |
45 | $id = trim($id); // trim it first\r | |
46 | \r | |
47 | if ($id === '') {\r | |
48 | return false;\r | |
49 | }\r | |
50 | \r | |
51 | $prefix = $config->get('Attr.IDPrefix');\r | |
52 | if ($prefix !== '') {\r | |
53 | $prefix .= $config->get('Attr.IDPrefixLocal');\r | |
54 | // prevent re-appending the prefix\r | |
55 | if (strpos($id, $prefix) !== 0) {\r | |
56 | $id = $prefix . $id;\r | |
57 | }\r | |
58 | } elseif ($config->get('Attr.IDPrefixLocal') !== '') {\r | |
59 | trigger_error(\r | |
60 | '%Attr.IDPrefixLocal cannot be used unless ' .\r | |
61 | '%Attr.IDPrefix is set',\r | |
62 | E_USER_WARNING\r | |
63 | );\r | |
64 | }\r | |
65 | \r | |
66 | if (!$this->selector) {\r | |
67 | $id_accumulator =& $context->get('IDAccumulator');\r | |
68 | if (isset($id_accumulator->ids[$id])) {\r | |
69 | return false;\r | |
70 | }\r | |
71 | }\r | |
72 | \r | |
73 | // we purposely avoid using regex, hopefully this is faster\r | |
74 | \r | |
75 | if (ctype_alpha($id)) {\r | |
76 | $result = true;\r | |
77 | } else {\r | |
78 | if (!ctype_alpha(@$id[0])) {\r | |
79 | return false;\r | |
80 | }\r | |
81 | // primitive style of regexps, I suppose\r | |
82 | $trim = trim(\r | |
83 | $id,\r | |
84 | 'A..Za..z0..9:-._'\r | |
85 | );\r | |
86 | $result = ($trim === '');\r | |
87 | }\r | |
88 | \r | |
89 | $regexp = $config->get('Attr.IDBlacklistRegexp');\r | |
90 | if ($regexp && preg_match($regexp, $id)) {\r | |
91 | return false;\r | |
92 | }\r | |
93 | \r | |
94 | if (!$this->selector && $result) {\r | |
95 | $id_accumulator->add($id);\r | |
96 | }\r | |
97 | \r | |
98 | // if no change was made to the ID, return the result\r | |
99 | // else, return the new id if stripping whitespace made it\r | |
100 | // valid, or return false.\r | |
101 | return $result ? $id : false;\r | |
102 | }\r | |
103 | }\r | |
104 | \r | |
105 | // vim: et sw=4 sts=4\r |