projects / github / wallabag / wallabag.git / blame
| Commit | Line | Data |
|---|---|---|
| d4949327 NL |
1 | <?php\r |
| 2 | \r | |
| 3 | /**\r | |
| 4 | * Validates the HTML attribute ID.\r | |
| 5 | * @warning Even though this is the id processor, it\r | |
| 6 | * will ignore the directive Attr:IDBlacklist, since it will only\r | |
| 7 | * go according to the ID accumulator. Since the accumulator is\r | |
| 8 | * automatically generated, it will have already absorbed the\r | |
| 9 | * blacklist. If you're hacking around, make sure you use load()!\r | |
| 10 | */\r | |
| 11 | \r | |
| 12 | class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef\r | |
| 13 | {\r | |
| 14 | \r | |
| 15 | // selector is NOT a valid thing to use for IDREFs, because IDREFs\r | |
| 16 | // *must* target IDs that exist, whereas selector #ids do not.\r | |
| 17 | \r | |
| 18 | /**\r | |
| 19 | * Determines whether or not we're validating an ID in a CSS\r | |
| 20 | * selector context.\r | |
| 21 | * @type bool\r | |
| 22 | */\r | |
| 23 | protected $selector;\r | |
| 24 | \r | |
| 25 | /**\r | |
| 26 | * @param bool $selector\r | |
| 27 | */\r | |
| 28 | public function __construct($selector = false)\r | |
| 29 | {\r | |
| 30 | $this->selector = $selector;\r | |
| 31 | }\r | |
| 32 | \r | |
| 33 | /**\r | |
| 34 | * @param string $id\r | |
| 35 | * @param HTMLPurifier_Config $config\r | |
| 36 | * @param HTMLPurifier_Context $context\r | |
| 37 | * @return bool|string\r | |
| 38 | */\r | |
| 39 | public function validate($id, $config, $context)\r | |
| 40 | {\r | |
| 41 | if (!$this->selector && !$config->get('Attr.EnableID')) {\r | |
| 42 | return false;\r | |
| 43 | }\r | |
| 44 | \r | |
| 45 | $id = trim($id); // trim it first\r | |
| 46 | \r | |
| 47 | if ($id === '') {\r | |
| 48 | return false;\r | |
| 49 | }\r | |
| 50 | \r | |
| 51 | $prefix = $config->get('Attr.IDPrefix');\r | |
| 52 | if ($prefix !== '') {\r | |
| 53 | $prefix .= $config->get('Attr.IDPrefixLocal');\r | |
| 54 | // prevent re-appending the prefix\r | |
| 55 | if (strpos($id, $prefix) !== 0) {\r | |
| 56 | $id = $prefix . $id;\r | |
| 57 | }\r | |
| 58 | } elseif ($config->get('Attr.IDPrefixLocal') !== '') {\r | |
| 59 | trigger_error(\r | |
| 60 | '%Attr.IDPrefixLocal cannot be used unless ' .\r | |
| 61 | '%Attr.IDPrefix is set',\r | |
| 62 | E_USER_WARNING\r | |
| 63 | );\r | |
| 64 | }\r | |
| 65 | \r | |
| 66 | if (!$this->selector) {\r | |
| 67 | $id_accumulator =& $context->get('IDAccumulator');\r | |
| 68 | if (isset($id_accumulator->ids[$id])) {\r | |
| 69 | return false;\r | |
| 70 | }\r | |
| 71 | }\r | |
| 72 | \r | |
| 73 | // we purposely avoid using regex, hopefully this is faster\r | |
| 74 | \r | |
| 75 | if (ctype_alpha($id)) {\r | |
| 76 | $result = true;\r | |
| 77 | } else {\r | |
| 78 | if (!ctype_alpha(@$id[0])) {\r | |
| 79 | return false;\r | |
| 80 | }\r | |
| 81 | // primitive style of regexps, I suppose\r | |
| 82 | $trim = trim(\r | |
| 83 | $id,\r | |
| 84 | 'A..Za..z0..9:-._'\r | |
| 85 | );\r | |
| 86 | $result = ($trim === '');\r | |
| 87 | }\r | |
| 88 | \r | |
| 89 | $regexp = $config->get('Attr.IDBlacklistRegexp');\r | |
| 90 | if ($regexp && preg_match($regexp, $id)) {\r | |
| 91 | return false;\r | |
| 92 | }\r | |
| 93 | \r | |
| 94 | if (!$this->selector && $result) {\r | |
| 95 | $id_accumulator->add($id);\r | |
| 96 | }\r | |
| 97 | \r | |
| 98 | // if no change was made to the ID, return the result\r | |
| 99 | // else, return the new id if stripping whitespace made it\r | |
| 100 | // valid, or return false.\r | |
| 101 | return $result ? $id : false;\r | |
| 102 | }\r | |
| 103 | }\r | |
| 104 | \r | |
| 105 | // vim: et sw=4 sts=4\r |