]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /**\r | |
4 | * Performs safe variable parsing based on types which can be used by\r | |
5 | * users. This may not be able to represent all possible data inputs,\r | |
6 | * however.\r | |
7 | */\r | |
8 | class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser\r | |
9 | {\r | |
10 | /**\r | |
11 | * @param mixed $var\r | |
12 | * @param int $type\r | |
13 | * @param bool $allow_null\r | |
14 | * @return array|bool|float|int|mixed|null|string\r | |
15 | * @throws HTMLPurifier_VarParserException\r | |
16 | */\r | |
17 | protected function parseImplementation($var, $type, $allow_null)\r | |
18 | {\r | |
19 | if ($allow_null && $var === null) {\r | |
20 | return null;\r | |
21 | }\r | |
22 | switch ($type) {\r | |
23 | // Note: if code "breaks" from the switch, it triggers a generic\r | |
24 | // exception to be thrown. Specific errors can be specifically\r | |
25 | // done here.\r | |
26 | case self::MIXED:\r | |
27 | case self::ISTRING:\r | |
28 | case self::STRING:\r | |
29 | case self::TEXT:\r | |
30 | case self::ITEXT:\r | |
31 | return $var;\r | |
32 | case self::INT:\r | |
33 | if (is_string($var) && ctype_digit($var)) {\r | |
34 | $var = (int)$var;\r | |
35 | }\r | |
36 | return $var;\r | |
37 | case self::FLOAT:\r | |
38 | if ((is_string($var) && is_numeric($var)) || is_int($var)) {\r | |
39 | $var = (float)$var;\r | |
40 | }\r | |
41 | return $var;\r | |
42 | case self::BOOL:\r | |
43 | if (is_int($var) && ($var === 0 || $var === 1)) {\r | |
44 | $var = (bool)$var;\r | |
45 | } elseif (is_string($var)) {\r | |
46 | if ($var == 'on' || $var == 'true' || $var == '1') {\r | |
47 | $var = true;\r | |
48 | } elseif ($var == 'off' || $var == 'false' || $var == '0') {\r | |
49 | $var = false;\r | |
50 | } else {\r | |
51 | throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");\r | |
52 | }\r | |
53 | }\r | |
54 | return $var;\r | |
55 | case self::ALIST:\r | |
56 | case self::HASH:\r | |
57 | case self::LOOKUP:\r | |
58 | if (is_string($var)) {\r | |
59 | // special case: technically, this is an array with\r | |
60 | // a single empty string item, but having an empty\r | |
61 | // array is more intuitive\r | |
62 | if ($var == '') {\r | |
63 | return array();\r | |
64 | }\r | |
65 | if (strpos($var, "\n") === false && strpos($var, "\r") === false) {\r | |
66 | // simplistic string to array method that only works\r | |
67 | // for simple lists of tag names or alphanumeric characters\r | |
68 | $var = explode(',', $var);\r | |
69 | } else {\r | |
70 | $var = preg_split('/(,|[\n\r]+)/', $var);\r | |
71 | }\r | |
72 | // remove spaces\r | |
73 | foreach ($var as $i => $j) {\r | |
74 | $var[$i] = trim($j);\r | |
75 | }\r | |
76 | if ($type === self::HASH) {\r | |
77 | // key:value,key2:value2\r | |
78 | $nvar = array();\r | |
79 | foreach ($var as $keypair) {\r | |
80 | $c = explode(':', $keypair, 2);\r | |
81 | if (!isset($c[1])) {\r | |
82 | continue;\r | |
83 | }\r | |
84 | $nvar[trim($c[0])] = trim($c[1]);\r | |
85 | }\r | |
86 | $var = $nvar;\r | |
87 | }\r | |
88 | }\r | |
89 | if (!is_array($var)) {\r | |
90 | break;\r | |
91 | }\r | |
92 | $keys = array_keys($var);\r | |
93 | if ($keys === array_keys($keys)) {\r | |
94 | if ($type == self::ALIST) {\r | |
95 | return $var;\r | |
96 | } elseif ($type == self::LOOKUP) {\r | |
97 | $new = array();\r | |
98 | foreach ($var as $key) {\r | |
99 | $new[$key] = true;\r | |
100 | }\r | |
101 | return $new;\r | |
102 | } else {\r | |
103 | break;\r | |
104 | }\r | |
105 | }\r | |
106 | if ($type === self::ALIST) {\r | |
107 | trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING);\r | |
108 | return array_values($var);\r | |
109 | }\r | |
110 | if ($type === self::LOOKUP) {\r | |
111 | foreach ($var as $key => $value) {\r | |
112 | if ($value !== true) {\r | |
113 | trigger_error(\r | |
114 | "Lookup array has non-true value at key '$key'; " .\r | |
115 | "maybe your input array was not indexed numerically",\r | |
116 | E_USER_WARNING\r | |
117 | );\r | |
118 | }\r | |
119 | $var[$key] = true;\r | |
120 | }\r | |
121 | }\r | |
122 | return $var;\r | |
123 | default:\r | |
124 | $this->errorInconsistent(__CLASS__, $type);\r | |
125 | }\r | |
126 | $this->errorGeneric($var, $type);\r | |
127 | }\r | |
128 | }\r | |
129 | \r | |
130 | // vim: et sw=4 sts=4\r |