]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /**\r | |
4 | * Validates a URI as defined by RFC 3986.\r | |
5 | * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme\r | |
6 | */\r | |
7 | class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef\r | |
8 | {\r | |
9 | \r | |
10 | /**\r | |
11 | * @type HTMLPurifier_URIParser\r | |
12 | */\r | |
13 | protected $parser;\r | |
14 | \r | |
15 | /**\r | |
16 | * @type bool\r | |
17 | */\r | |
18 | protected $embedsResource;\r | |
19 | \r | |
20 | /**\r | |
21 | * @param bool $embeds_resource Does the URI here result in an extra HTTP request?\r | |
22 | */\r | |
23 | public function __construct($embeds_resource = false)\r | |
24 | {\r | |
25 | $this->parser = new HTMLPurifier_URIParser();\r | |
26 | $this->embedsResource = (bool)$embeds_resource;\r | |
27 | }\r | |
28 | \r | |
29 | /**\r | |
30 | * @param string $string\r | |
31 | * @return HTMLPurifier_AttrDef_URI\r | |
32 | */\r | |
33 | public function make($string)\r | |
34 | {\r | |
35 | $embeds = ($string === 'embedded');\r | |
36 | return new HTMLPurifier_AttrDef_URI($embeds);\r | |
37 | }\r | |
38 | \r | |
39 | /**\r | |
40 | * @param string $uri\r | |
41 | * @param HTMLPurifier_Config $config\r | |
42 | * @param HTMLPurifier_Context $context\r | |
43 | * @return bool|string\r | |
44 | */\r | |
45 | public function validate($uri, $config, $context)\r | |
46 | {\r | |
47 | if ($config->get('URI.Disable')) {\r | |
48 | return false;\r | |
49 | }\r | |
50 | \r | |
51 | $uri = $this->parseCDATA($uri);\r | |
52 | \r | |
53 | // parse the URI\r | |
54 | $uri = $this->parser->parse($uri);\r | |
55 | if ($uri === false) {\r | |
56 | return false;\r | |
57 | }\r | |
58 | \r | |
59 | // add embedded flag to context for validators\r | |
60 | $context->register('EmbeddedURI', $this->embedsResource);\r | |
61 | \r | |
62 | $ok = false;\r | |
63 | do {\r | |
64 | \r | |
65 | // generic validation\r | |
66 | $result = $uri->validate($config, $context);\r | |
67 | if (!$result) {\r | |
68 | break;\r | |
69 | }\r | |
70 | \r | |
71 | // chained filtering\r | |
72 | $uri_def = $config->getDefinition('URI');\r | |
73 | $result = $uri_def->filter($uri, $config, $context);\r | |
74 | if (!$result) {\r | |
75 | break;\r | |
76 | }\r | |
77 | \r | |
78 | // scheme-specific validation\r | |
79 | $scheme_obj = $uri->getSchemeObj($config, $context);\r | |
80 | if (!$scheme_obj) {\r | |
81 | break;\r | |
82 | }\r | |
83 | if ($this->embedsResource && !$scheme_obj->browsable) {\r | |
84 | break;\r | |
85 | }\r | |
86 | $result = $scheme_obj->validate($uri, $config, $context);\r | |
87 | if (!$result) {\r | |
88 | break;\r | |
89 | }\r | |
90 | \r | |
91 | // Post chained filtering\r | |
92 | $result = $uri_def->postFilter($uri, $config, $context);\r | |
93 | if (!$result) {\r | |
94 | break;\r | |
95 | }\r | |
96 | \r | |
97 | // survived gauntlet\r | |
98 | $ok = true;\r | |
99 | \r | |
100 | } while (false);\r | |
101 | \r | |
102 | $context->destroy('EmbeddedURI');\r | |
103 | if (!$ok) {\r | |
104 | return false;\r | |
105 | }\r | |
106 | // back to string\r | |
107 | return $uri->toString();\r | |
108 | }\r | |
109 | }\r | |
110 | \r | |
111 | // vim: et sw=4 sts=4\r |