diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2014-02-21 15:57:10 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2014-02-21 15:57:10 +0100 |
commit | 99679d06884120c57f43b44e55e03595f1f87bed (patch) | |
tree | a3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme | |
parent | 655214ab30ee84884dc408488b85586f36263fcb (diff) | |
parent | d3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff) | |
download | wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.gz wallabag-99679d06884120c57f43b44e55e03595f1f87bed.tar.zst wallabag-99679d06884120c57f43b44e55e03595f1f87bed.zip |
Merge pull request #481 from wallabag/dev1.5.2
1.5.2
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme')
8 files changed, 390 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php new file mode 100644 index 00000000..3bd93a8f --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php | |||
@@ -0,0 +1,127 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Implements data: URI for base64 encoded images supported by GD. | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type bool | ||
10 | */ | ||
11 | public $browsable = true; | ||
12 | |||
13 | /** | ||
14 | * @type array | ||
15 | */ | ||
16 | public $allowed_types = array( | ||
17 | // you better write validation code for other types if you | ||
18 | // decide to allow them | ||
19 | 'image/jpeg' => true, | ||
20 | 'image/gif' => true, | ||
21 | 'image/png' => true, | ||
22 | ); | ||
23 | // this is actually irrelevant since we only write out the path | ||
24 | // component | ||
25 | /** | ||
26 | * @type bool | ||
27 | */ | ||
28 | public $may_omit_host = true; | ||
29 | |||
30 | /** | ||
31 | * @param HTMLPurifier_URI $uri | ||
32 | * @param HTMLPurifier_Config $config | ||
33 | * @param HTMLPurifier_Context $context | ||
34 | * @return bool | ||
35 | */ | ||
36 | public function doValidate(&$uri, $config, $context) | ||
37 | { | ||
38 | $result = explode(',', $uri->path, 2); | ||
39 | $is_base64 = false; | ||
40 | $charset = null; | ||
41 | $content_type = null; | ||
42 | if (count($result) == 2) { | ||
43 | list($metadata, $data) = $result; | ||
44 | // do some legwork on the metadata | ||
45 | $metas = explode(';', $metadata); | ||
46 | while (!empty($metas)) { | ||
47 | $cur = array_shift($metas); | ||
48 | if ($cur == 'base64') { | ||
49 | $is_base64 = true; | ||
50 | break; | ||
51 | } | ||
52 | if (substr($cur, 0, 8) == 'charset=') { | ||
53 | // doesn't match if there are arbitrary spaces, but | ||
54 | // whatever dude | ||
55 | if ($charset !== null) { | ||
56 | continue; | ||
57 | } // garbage | ||
58 | $charset = substr($cur, 8); // not used | ||
59 | } else { | ||
60 | if ($content_type !== null) { | ||
61 | continue; | ||
62 | } // garbage | ||
63 | $content_type = $cur; | ||
64 | } | ||
65 | } | ||
66 | } else { | ||
67 | $data = $result[0]; | ||
68 | } | ||
69 | if ($content_type !== null && empty($this->allowed_types[$content_type])) { | ||
70 | return false; | ||
71 | } | ||
72 | if ($charset !== null) { | ||
73 | // error; we don't allow plaintext stuff | ||
74 | $charset = null; | ||
75 | } | ||
76 | $data = rawurldecode($data); | ||
77 | if ($is_base64) { | ||
78 | $raw_data = base64_decode($data); | ||
79 | } else { | ||
80 | $raw_data = $data; | ||
81 | } | ||
82 | // XXX probably want to refactor this into a general mechanism | ||
83 | // for filtering arbitrary content types | ||
84 | $file = tempnam("/tmp", ""); | ||
85 | file_put_contents($file, $raw_data); | ||
86 | if (function_exists('exif_imagetype')) { | ||
87 | $image_code = exif_imagetype($file); | ||
88 | unlink($file); | ||
89 | } elseif (function_exists('getimagesize')) { | ||
90 | set_error_handler(array($this, 'muteErrorHandler')); | ||
91 | $info = getimagesize($file); | ||
92 | restore_error_handler(); | ||
93 | unlink($file); | ||
94 | if ($info == false) { | ||
95 | return false; | ||
96 | } | ||
97 | $image_code = $info[2]; | ||
98 | } else { | ||
99 | trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); | ||
100 | } | ||
101 | $real_content_type = image_type_to_mime_type($image_code); | ||
102 | if ($real_content_type != $content_type) { | ||
103 | // we're nice guys; if the content type is something else we | ||
104 | // support, change it over | ||
105 | if (empty($this->allowed_types[$real_content_type])) { | ||
106 | return false; | ||
107 | } | ||
108 | $content_type = $real_content_type; | ||
109 | } | ||
110 | // ok, it's kosher, rewrite what we need | ||
111 | $uri->userinfo = null; | ||
112 | $uri->host = null; | ||
113 | $uri->port = null; | ||
114 | $uri->fragment = null; | ||
115 | $uri->query = null; | ||
116 | $uri->path = "$content_type;base64," . base64_encode($raw_data); | ||
117 | return true; | ||
118 | } | ||
119 | |||
120 | /** | ||
121 | * @param int $errno | ||
122 | * @param string $errstr | ||
123 | */ | ||
124 | public function muteErrorHandler($errno, $errstr) | ||
125 | { | ||
126 | } | ||
127 | } | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php new file mode 100644 index 00000000..a220a6ad --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/file.php | |||
@@ -0,0 +1,44 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates file as defined by RFC 1630 and RFC 1738. | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * Generally file:// URLs are not accessible from most | ||
10 | * machines, so placing them as an img src is incorrect. | ||
11 | * @type bool | ||
12 | */ | ||
13 | public $browsable = false; | ||
14 | |||
15 | /** | ||
16 | * Basically the *only* URI scheme for which this is true, since | ||
17 | * accessing files on the local machine is very common. In fact, | ||
18 | * browsers on some operating systems don't understand the | ||
19 | * authority, though I hear it is used on Windows to refer to | ||
20 | * network shares. | ||
21 | * @type bool | ||
22 | */ | ||
23 | public $may_omit_host = true; | ||
24 | |||
25 | /** | ||
26 | * @param HTMLPurifier_URI $uri | ||
27 | * @param HTMLPurifier_Config $config | ||
28 | * @param HTMLPurifier_Context $context | ||
29 | * @return bool | ||
30 | */ | ||
31 | public function doValidate(&$uri, $config, $context) | ||
32 | { | ||
33 | // Authentication method is not supported | ||
34 | $uri->userinfo = null; | ||
35 | // file:// makes no provisions for accessing the resource | ||
36 | $uri->port = null; | ||
37 | // While it seems to work on Firefox, the querystring has | ||
38 | // no possible effect and is thus stripped. | ||
39 | $uri->query = null; | ||
40 | return true; | ||
41 | } | ||
42 | } | ||
43 | |||
44 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php new file mode 100644 index 00000000..8e7fb8c3 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/ftp.php | |||
@@ -0,0 +1,58 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738. | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type int | ||
10 | */ | ||
11 | public $default_port = 21; | ||
12 | |||
13 | /** | ||
14 | * @type bool | ||
15 | */ | ||
16 | public $browsable = true; // usually | ||
17 | |||
18 | /** | ||
19 | * @type bool | ||
20 | */ | ||
21 | public $hierarchical = true; | ||
22 | |||
23 | /** | ||
24 | * @param HTMLPurifier_URI $uri | ||
25 | * @param HTMLPurifier_Config $config | ||
26 | * @param HTMLPurifier_Context $context | ||
27 | * @return bool | ||
28 | */ | ||
29 | public function doValidate(&$uri, $config, $context) | ||
30 | { | ||
31 | $uri->query = null; | ||
32 | |||
33 | // typecode check | ||
34 | $semicolon_pos = strrpos($uri->path, ';'); // reverse | ||
35 | if ($semicolon_pos !== false) { | ||
36 | $type = substr($uri->path, $semicolon_pos + 1); // no semicolon | ||
37 | $uri->path = substr($uri->path, 0, $semicolon_pos); | ||
38 | $type_ret = ''; | ||
39 | if (strpos($type, '=') !== false) { | ||
40 | // figure out whether or not the declaration is correct | ||
41 | list($key, $typecode) = explode('=', $type, 2); | ||
42 | if ($key !== 'type') { | ||
43 | // invalid key, tack it back on encoded | ||
44 | $uri->path .= '%3B' . $type; | ||
45 | } elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') { | ||
46 | $type_ret = ";type=$typecode"; | ||
47 | } | ||
48 | } else { | ||
49 | $uri->path .= '%3B' . $type; | ||
50 | } | ||
51 | $uri->path = str_replace(';', '%3B', $uri->path); | ||
52 | $uri->path .= $type_ret; | ||
53 | } | ||
54 | return true; | ||
55 | } | ||
56 | } | ||
57 | |||
58 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php new file mode 100644 index 00000000..63c8c928 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/http.php | |||
@@ -0,0 +1,36 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates http (HyperText Transfer Protocol) as defined by RFC 2616 | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type int | ||
10 | */ | ||
11 | public $default_port = 80; | ||
12 | |||
13 | /** | ||
14 | * @type bool | ||
15 | */ | ||
16 | public $browsable = true; | ||
17 | |||
18 | /** | ||
19 | * @type bool | ||
20 | */ | ||
21 | public $hierarchical = true; | ||
22 | |||
23 | /** | ||
24 | * @param HTMLPurifier_URI $uri | ||
25 | * @param HTMLPurifier_Config $config | ||
26 | * @param HTMLPurifier_Context $context | ||
27 | * @return bool | ||
28 | */ | ||
29 | public function doValidate(&$uri, $config, $context) | ||
30 | { | ||
31 | $uri->userinfo = null; | ||
32 | return true; | ||
33 | } | ||
34 | } | ||
35 | |||
36 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php new file mode 100644 index 00000000..4de39090 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/https.php | |||
@@ -0,0 +1,18 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates https (Secure HTTP) according to http scheme. | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http | ||
7 | { | ||
8 | /** | ||
9 | * @type int | ||
10 | */ | ||
11 | public $default_port = 443; | ||
12 | /** | ||
13 | * @type bool | ||
14 | */ | ||
15 | public $secure = true; | ||
16 | } | ||
17 | |||
18 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php new file mode 100644 index 00000000..b8a40d7e --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/mailto.php | |||
@@ -0,0 +1,40 @@ | |||
1 | <?php | ||
2 | |||
3 | // VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the | ||
4 | // email is valid, but be careful! | ||
5 | |||
6 | /** | ||
7 | * Validates mailto (for E-mail) according to RFC 2368 | ||
8 | * @todo Validate the email address | ||
9 | * @todo Filter allowed query parameters | ||
10 | */ | ||
11 | |||
12 | class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme | ||
13 | { | ||
14 | /** | ||
15 | * @type bool | ||
16 | */ | ||
17 | public $browsable = false; | ||
18 | |||
19 | /** | ||
20 | * @type bool | ||
21 | */ | ||
22 | public $may_omit_host = true; | ||
23 | |||
24 | /** | ||
25 | * @param HTMLPurifier_URI $uri | ||
26 | * @param HTMLPurifier_Config $config | ||
27 | * @param HTMLPurifier_Context $context | ||
28 | * @return bool | ||
29 | */ | ||
30 | public function doValidate(&$uri, $config, $context) | ||
31 | { | ||
32 | $uri->userinfo = null; | ||
33 | $uri->host = null; | ||
34 | $uri->port = null; | ||
35 | // we need to validate path against RFC 2368's addr-spec | ||
36 | return true; | ||
37 | } | ||
38 | } | ||
39 | |||
40 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php new file mode 100644 index 00000000..22c9ebc5 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/news.php | |||
@@ -0,0 +1,35 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates news (Usenet) as defined by generic RFC 1738 | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type bool | ||
10 | */ | ||
11 | public $browsable = false; | ||
12 | |||
13 | /** | ||
14 | * @type bool | ||
15 | */ | ||
16 | public $may_omit_host = true; | ||
17 | |||
18 | /** | ||
19 | * @param HTMLPurifier_URI $uri | ||
20 | * @param HTMLPurifier_Config $config | ||
21 | * @param HTMLPurifier_Context $context | ||
22 | * @return bool | ||
23 | */ | ||
24 | public function doValidate(&$uri, $config, $context) | ||
25 | { | ||
26 | $uri->userinfo = null; | ||
27 | $uri->host = null; | ||
28 | $uri->port = null; | ||
29 | $uri->query = null; | ||
30 | // typecode check needed on path | ||
31 | return true; | ||
32 | } | ||
33 | } | ||
34 | |||
35 | // vim: et sw=4 sts=4 | ||
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php new file mode 100644 index 00000000..803ed138 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/nntp.php | |||
@@ -0,0 +1,32 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738 | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type int | ||
10 | */ | ||
11 | public $default_port = 119; | ||
12 | |||
13 | /** | ||
14 | * @type bool | ||
15 | */ | ||
16 | public $browsable = false; | ||
17 | |||
18 | /** | ||
19 | * @param HTMLPurifier_URI $uri | ||
20 | * @param HTMLPurifier_Config $config | ||
21 | * @param HTMLPurifier_Context $context | ||
22 | * @return bool | ||
23 | */ | ||
24 | public function doValidate(&$uri, $config, $context) | ||
25 | { | ||
26 | $uri->userinfo = null; | ||
27 | $uri->query = null; | ||
28 | return true; | ||
29 | } | ||
30 | } | ||
31 | |||
32 | // vim: et sw=4 sts=4 | ||