]>
Commit | Line | Data |
---|---|---|
1 | <?php\r | |
2 | \r | |
3 | /**\r | |
4 | * Base class for all validating attribute definitions.\r | |
5 | *\r | |
6 | * This family of classes forms the core for not only HTML attribute validation,\r | |
7 | * but also any sort of string that needs to be validated or cleaned (which\r | |
8 | * means CSS properties and composite definitions are defined here too).\r | |
9 | * Besides defining (through code) what precisely makes the string valid,\r | |
10 | * subclasses are also responsible for cleaning the code if possible.\r | |
11 | */\r | |
12 | \r | |
13 | abstract class HTMLPurifier_AttrDef\r | |
14 | {\r | |
15 | \r | |
16 | /**\r | |
17 | * Tells us whether or not an HTML attribute is minimized.\r | |
18 | * Has no meaning in other contexts.\r | |
19 | * @type bool\r | |
20 | */\r | |
21 | public $minimized = false;\r | |
22 | \r | |
23 | /**\r | |
24 | * Tells us whether or not an HTML attribute is required.\r | |
25 | * Has no meaning in other contexts\r | |
26 | * @type bool\r | |
27 | */\r | |
28 | public $required = false;\r | |
29 | \r | |
30 | /**\r | |
31 | * Validates and cleans passed string according to a definition.\r | |
32 | *\r | |
33 | * @param string $string String to be validated and cleaned.\r | |
34 | * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.\r | |
35 | * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.\r | |
36 | */\r | |
37 | abstract public function validate($string, $config, $context);\r | |
38 | \r | |
39 | /**\r | |
40 | * Convenience method that parses a string as if it were CDATA.\r | |
41 | *\r | |
42 | * This method process a string in the manner specified at\r | |
43 | * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing\r | |
44 | * leading and trailing whitespace, ignoring line feeds, and replacing\r | |
45 | * carriage returns and tabs with spaces. While most useful for HTML\r | |
46 | * attributes specified as CDATA, it can also be applied to most CSS\r | |
47 | * values.\r | |
48 | *\r | |
49 | * @note This method is not entirely standards compliant, as trim() removes\r | |
50 | * more types of whitespace than specified in the spec. In practice,\r | |
51 | * this is rarely a problem, as those extra characters usually have\r | |
52 | * already been removed by HTMLPurifier_Encoder.\r | |
53 | *\r | |
54 | * @warning This processing is inconsistent with XML's whitespace handling\r | |
55 | * as specified by section 3.3.3 and referenced XHTML 1.0 section\r | |
56 | * 4.7. However, note that we are NOT necessarily\r | |
57 | * parsing XML, thus, this behavior may still be correct. We\r | |
58 | * assume that newlines have been normalized.\r | |
59 | */\r | |
60 | public function parseCDATA($string)\r | |
61 | {\r | |
62 | $string = trim($string);\r | |
63 | $string = str_replace(array("\n", "\t", "\r"), ' ', $string);\r | |
64 | return $string;\r | |
65 | }\r | |
66 | \r | |
67 | /**\r | |
68 | * Factory method for creating this class from a string.\r | |
69 | * @param string $string String construction info\r | |
70 | * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string\r | |
71 | */\r | |
72 | public function make($string)\r | |
73 | {\r | |
74 | // default implementation, return a flyweight of this object.\r | |
75 | // If $string has an effect on the returned object (i.e. you\r | |
76 | // need to overload this method), it is best\r | |
77 | // to clone or instantiate new copies. (Instantiation is safer.)\r | |
78 | return $this;\r | |
79 | }\r | |
80 | \r | |
81 | /**\r | |
82 | * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work\r | |
83 | * properly. THIS IS A HACK!\r | |
84 | * @param string $string a CSS colour definition\r | |
85 | * @return string\r | |
86 | */\r | |
87 | protected function mungeRgb($string)\r | |
88 | {\r | |
89 | return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);\r | |
90 | }\r | |
91 | \r | |
92 | /**\r | |
93 | * Parses a possibly escaped CSS string and returns the "pure"\r | |
94 | * version of it.\r | |
95 | */\r | |
96 | protected function expandCSSEscape($string)\r | |
97 | {\r | |
98 | // flexibly parse it\r | |
99 | $ret = '';\r | |
100 | for ($i = 0, $c = strlen($string); $i < $c; $i++) {\r | |
101 | if ($string[$i] === '\\') {\r | |
102 | $i++;\r | |
103 | if ($i >= $c) {\r | |
104 | $ret .= '\\';\r | |
105 | break;\r | |
106 | }\r | |
107 | if (ctype_xdigit($string[$i])) {\r | |
108 | $code = $string[$i];\r | |
109 | for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {\r | |
110 | if (!ctype_xdigit($string[$i])) {\r | |
111 | break;\r | |
112 | }\r | |
113 | $code .= $string[$i];\r | |
114 | }\r | |
115 | // We have to be extremely careful when adding\r | |
116 | // new characters, to make sure we're not breaking\r | |
117 | // the encoding.\r | |
118 | $char = HTMLPurifier_Encoder::unichr(hexdec($code));\r | |
119 | if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {\r | |
120 | continue;\r | |
121 | }\r | |
122 | $ret .= $char;\r | |
123 | if ($i < $c && trim($string[$i]) !== '') {\r | |
124 | $i--;\r | |
125 | }\r | |
126 | continue;\r | |
127 | }\r | |
128 | if ($string[$i] === "\n") {\r | |
129 | continue;\r | |
130 | }\r | |
131 | }\r | |
132 | $ret .= $string[$i];\r | |
133 | }\r | |
134 | return $ret;\r | |
135 | }\r | |
136 | }\r | |
137 | \r | |
138 | // vim: et sw=4 sts=4\r |