]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /**\r | |
4 | * Validator for the components of a URI for a specific scheme\r | |
5 | */\r | |
6 | abstract class HTMLPurifier_URIScheme\r | |
7 | {\r | |
8 | \r | |
9 | /**\r | |
10 | * Scheme's default port (integer). If an explicit port number is\r | |
11 | * specified that coincides with the default port, it will be\r | |
12 | * elided.\r | |
13 | * @type int\r | |
14 | */\r | |
15 | public $default_port = null;\r | |
16 | \r | |
17 | /**\r | |
18 | * Whether or not URIs of this scheme are locatable by a browser\r | |
19 | * http and ftp are accessible, while mailto and news are not.\r | |
20 | * @type bool\r | |
21 | */\r | |
22 | public $browsable = false;\r | |
23 | \r | |
24 | /**\r | |
25 | * Whether or not data transmitted over this scheme is encrypted.\r | |
26 | * https is secure, http is not.\r | |
27 | * @type bool\r | |
28 | */\r | |
29 | public $secure = false;\r | |
30 | \r | |
31 | /**\r | |
32 | * Whether or not the URI always uses <hier_part>, resolves edge cases\r | |
33 | * with making relative URIs absolute\r | |
34 | * @type bool\r | |
35 | */\r | |
36 | public $hierarchical = false;\r | |
37 | \r | |
38 | /**\r | |
39 | * Whether or not the URI may omit a hostname when the scheme is\r | |
40 | * explicitly specified, ala file:///path/to/file. As of writing,\r | |
41 | * 'file' is the only scheme that browsers support his properly.\r | |
42 | * @type bool\r | |
43 | */\r | |
44 | public $may_omit_host = false;\r | |
45 | \r | |
46 | /**\r | |
47 | * Validates the components of a URI for a specific scheme.\r | |
48 | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object\r | |
49 | * @param HTMLPurifier_Config $config\r | |
50 | * @param HTMLPurifier_Context $context\r | |
51 | * @return bool success or failure\r | |
52 | */\r | |
53 | abstract public function doValidate(&$uri, $config, $context);\r | |
54 | \r | |
55 | /**\r | |
56 | * Public interface for validating components of a URI. Performs a\r | |
57 | * bunch of default actions. Don't overload this method.\r | |
58 | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object\r | |
59 | * @param HTMLPurifier_Config $config\r | |
60 | * @param HTMLPurifier_Context $context\r | |
61 | * @return bool success or failure\r | |
62 | */\r | |
63 | public function validate(&$uri, $config, $context)\r | |
64 | {\r | |
65 | if ($this->default_port == $uri->port) {\r | |
66 | $uri->port = null;\r | |
67 | }\r | |
68 | // kludge: browsers do funny things when the scheme but not the\r | |
69 | // authority is set\r | |
70 | if (!$this->may_omit_host &&\r | |
71 | // if the scheme is present, a missing host is always in error\r | |
72 | (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||\r | |
73 | // if the scheme is not present, a *blank* host is in error,\r | |
74 | // since this translates into '///path' which most browsers\r | |
75 | // interpret as being 'http://path'.\r | |
76 | (is_null($uri->scheme) && $uri->host === '')\r | |
77 | ) {\r | |
78 | do {\r | |
79 | if (is_null($uri->scheme)) {\r | |
80 | if (substr($uri->path, 0, 2) != '//') {\r | |
81 | $uri->host = null;\r | |
82 | break;\r | |
83 | }\r | |
84 | // URI is '////path', so we cannot nullify the\r | |
85 | // host to preserve semantics. Try expanding the\r | |
86 | // hostname instead (fall through)\r | |
87 | }\r | |
88 | // first see if we can manually insert a hostname\r | |
89 | $host = $config->get('URI.Host');\r | |
90 | if (!is_null($host)) {\r | |
91 | $uri->host = $host;\r | |
92 | } else {\r | |
93 | // we can't do anything sensible, reject the URL.\r | |
94 | return false;\r | |
95 | }\r | |
96 | } while (false);\r | |
97 | }\r | |
98 | return $this->doValidate($uri, $config, $context);\r | |
99 | }\r | |
100 | }\r | |
101 | \r | |
102 | // vim: et sw=4 sts=4\r |