[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / URIFilter / Munge.php

<?php\r
\r
class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter\r
{\r
    /**\r
     * @type string\r
     */\r
    public $name = 'Munge';\r
\r
    /**\r
     * @type bool\r
     */\r
    public $post = true;\r
\r
    /**\r
     * @type string\r
     */\r
    private $target;\r
\r
    /**\r
     * @type HTMLPurifier_URIParser\r
     */\r
    private $parser;\r
\r
    /**\r
     * @type bool\r
     */\r
    private $doEmbed;\r
\r
    /**\r
     * @type string\r
     */\r
    private $secretKey;\r
\r
    /**\r
     * @type array\r
     */\r
    protected $replace = array();\r
\r
    /**\r
     * @param HTMLPurifier_Config $config\r
     * @return bool\r
     */\r
    public function prepare($config)\r
    {\r
        $this->target = $config->get('URI.' . $this->name);\r
        $this->parser = new HTMLPurifier_URIParser();\r
        $this->doEmbed = $config->get('URI.MungeResources');\r
        $this->secretKey = $config->get('URI.MungeSecretKey');\r
        if ($this->secretKey && !function_exists('hash_hmac')) {\r
            throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");\r
        }\r
        return true;\r
    }\r
\r
    /**\r
     * @param HTMLPurifier_URI $uri\r
     * @param HTMLPurifier_Config $config\r
     * @param HTMLPurifier_Context $context\r
     * @return bool\r
     */\r
    public function filter(&$uri, $config, $context)\r
    {\r
        if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {\r
            return true;\r
        }\r
\r
        $scheme_obj = $uri->getSchemeObj($config, $context);\r
        if (!$scheme_obj) {\r
            return true;\r
        } // ignore unknown schemes, maybe another postfilter did it\r
        if (!$scheme_obj->browsable) {\r
            return true;\r
        } // ignore non-browseable schemes, since we can't munge those in a reasonable way\r
        if ($uri->isBenign($config, $context)) {\r
            return true;\r
        } // don't redirect if a benign URL\r
\r
        $this->makeReplace($uri, $config, $context);\r
        $this->replace = array_map('rawurlencode', $this->replace);\r
\r
        $new_uri = strtr($this->target, $this->replace);\r
        $new_uri = $this->parser->parse($new_uri);\r
        // don't redirect if the target host is the same as the\r
        // starting host\r
        if ($uri->host === $new_uri->host) {\r
            return true;\r
        }\r
        $uri = $new_uri; // overwrite\r
        return true;\r
    }\r
\r
    /**\r
     * @param HTMLPurifier_URI $uri\r
     * @param HTMLPurifier_Config $config\r
     * @param HTMLPurifier_Context $context\r
     */\r
    protected function makeReplace($uri, $config, $context)\r
    {\r
        $string = $uri->toString();\r
        // always available\r
        $this->replace['%s'] = $string;\r
        $this->replace['%r'] = $context->get('EmbeddedURI', true);\r
        $token = $context->get('CurrentToken', true);\r
        $this->replace['%n'] = $token ? $token->name : null;\r
        $this->replace['%m'] = $context->get('CurrentAttr', true);\r
        $this->replace['%p'] = $context->get('CurrentCSSProperty', true);\r
        // not always available\r
        if ($this->secretKey) {\r
            $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);\r
        }\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter\r
	4	{\r
	5	/**\r
	6	* @type string\r
	7	*/\r
	8	public $name = 'Munge';\r
	9	\r
	10	/**\r
	11	* @type bool\r
	12	*/\r
	13	public $post = true;\r
	14	\r
	15	/**\r
	16	* @type string\r
	17	*/\r
	18	private $target;\r
	19	\r
	20	/**\r
	21	* @type HTMLPurifier_URIParser\r
	22	*/\r
	23	private $parser;\r
	24	\r
	25	/**\r
	26	* @type bool\r
	27	*/\r
	28	private $doEmbed;\r
	29	\r
	30	/**\r
	31	* @type string\r
	32	*/\r
	33	private $secretKey;\r
	34	\r
	35	/**\r
	36	* @type array\r
	37	*/\r
	38	protected $replace = array();\r
	39	\r
	40	/**\r
	41	* @param HTMLPurifier_Config $config\r
	42	* @return bool\r
	43	*/\r
	44	public function prepare($config)\r
	45	{\r
	46	$this->target = $config->get('URI.' . $this->name);\r
	47	$this->parser = new HTMLPurifier_URIParser();\r
	48	$this->doEmbed = $config->get('URI.MungeResources');\r
	49	$this->secretKey = $config->get('URI.MungeSecretKey');\r
	50	if ($this->secretKey && !function_exists('hash_hmac')) {\r
	51	throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");\r
	52	}\r
	53	return true;\r
	54	}\r
	55	\r
	56	/**\r
	57	* @param HTMLPurifier_URI $uri\r
	58	* @param HTMLPurifier_Config $config\r
	59	* @param HTMLPurifier_Context $context\r
	60	* @return bool\r
	61	*/\r
	62	public function filter(&$uri, $config, $context)\r
	63	{\r
	64	if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {\r
65	return true;\r
66	}\r
67	\r
68	$scheme_obj = $uri->getSchemeObj($config, $context);\r
69	if (!$scheme_obj) {\r
70	return true;\r
71	} // ignore unknown schemes, maybe another postfilter did it\r
72	if (!$scheme_obj->browsable) {\r
73	return true;\r
74	} // ignore non-browseable schemes, since we can't munge those in a reasonable way\r
75	if ($uri->isBenign($config, $context)) {\r
76	return true;\r
77	} // don't redirect if a benign URL\r
78	\r
79	$this->makeReplace($uri, $config, $context);\r
80	$this->replace = array_map('rawurlencode', $this->replace);\r
81	\r
82	$new_uri = strtr($this->target, $this->replace);\r
83	$new_uri = $this->parser->parse($new_uri);\r
84	// don't redirect if the target host is the same as the\r
85	// starting host\r
86	if ($uri->host === $new_uri->host) {\r
87	return true;\r
88	}\r
89	$uri = $new_uri; // overwrite\r
90	return true;\r
91	}\r
92	\r
93	/**\r
94	* @param HTMLPurifier_URI $uri\r
95	* @param HTMLPurifier_Config $config\r
96	* @param HTMLPurifier_Context $context\r
97	*/\r
98	protected function makeReplace($uri, $config, $context)\r
99	{\r
100	$string = $uri->toString();\r
101	// always available\r
102	$this->replace['%s'] = $string;\r
103	$this->replace['%r'] = $context->get('EmbeddedURI', true);\r
104	$token = $context->get('CurrentToken', true);\r
105	$this->replace['%n'] = $token ? $token->name : null;\r
106	$this->replace['%m'] = $context->get('CurrentAttr', true);\r
107	$this->replace['%p'] = $context->get('CurrentCSSProperty', true);\r
108	// not always available\r
109	if ($this->secretKey) {\r
110	$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);\r
111	}\r
112	}\r
113	}\r
114	\r
115	// vim: et sw=4 sts=4\r