--- /dev/null
+<?php\r
+\r
+/**\r
+ * Validates a URI as defined by RFC 3986.\r
+ * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme\r
+ */\r
+class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef\r
+{\r
+\r
+ /**\r
+ * @type HTMLPurifier_URIParser\r
+ */\r
+ protected $parser;\r
+\r
+ /**\r
+ * @type bool\r
+ */\r
+ protected $embedsResource;\r
+\r
+ /**\r
+ * @param bool $embeds_resource Does the URI here result in an extra HTTP request?\r
+ */\r
+ public function __construct($embeds_resource = false)\r
+ {\r
+ $this->parser = new HTMLPurifier_URIParser();\r
+ $this->embedsResource = (bool)$embeds_resource;\r
+ }\r
+\r
+ /**\r
+ * @param string $string\r
+ * @return HTMLPurifier_AttrDef_URI\r
+ */\r
+ public function make($string)\r
+ {\r
+ $embeds = ($string === 'embedded');\r
+ return new HTMLPurifier_AttrDef_URI($embeds);\r
+ }\r
+\r
+ /**\r
+ * @param string $uri\r
+ * @param HTMLPurifier_Config $config\r
+ * @param HTMLPurifier_Context $context\r
+ * @return bool|string\r
+ */\r
+ public function validate($uri, $config, $context)\r
+ {\r
+ if ($config->get('URI.Disable')) {\r
+ return false;\r
+ }\r
+\r
+ $uri = $this->parseCDATA($uri);\r
+\r
+ // parse the URI\r
+ $uri = $this->parser->parse($uri);\r
+ if ($uri === false) {\r
+ return false;\r
+ }\r
+\r
+ // add embedded flag to context for validators\r
+ $context->register('EmbeddedURI', $this->embedsResource);\r
+\r
+ $ok = false;\r
+ do {\r
+\r
+ // generic validation\r
+ $result = $uri->validate($config, $context);\r
+ if (!$result) {\r
+ break;\r
+ }\r
+\r
+ // chained filtering\r
+ $uri_def = $config->getDefinition('URI');\r
+ $result = $uri_def->filter($uri, $config, $context);\r
+ if (!$result) {\r
+ break;\r
+ }\r
+\r
+ // scheme-specific validation\r
+ $scheme_obj = $uri->getSchemeObj($config, $context);\r
+ if (!$scheme_obj) {\r
+ break;\r
+ }\r
+ if ($this->embedsResource && !$scheme_obj->browsable) {\r
+ break;\r
+ }\r
+ $result = $scheme_obj->validate($uri, $config, $context);\r
+ if (!$result) {\r
+ break;\r
+ }\r
+\r
+ // Post chained filtering\r
+ $result = $uri_def->postFilter($uri, $config, $context);\r
+ if (!$result) {\r
+ break;\r
+ }\r
+\r
+ // survived gauntlet\r
+ $ok = true;\r
+\r
+ } while (false);\r
+\r
+ $context->destroy('EmbeddedURI');\r
+ if (!$ok) {\r
+ return false;\r
+ }\r
+ // back to string\r
+ return $uri->toString();\r
+ }\r
+}\r
+\r
+// vim: et sw=4 sts=4\r