diff options
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php new file mode 100644 index 00000000..ccd4a24a --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php | |||
@@ -0,0 +1,105 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Validates the HTML attribute ID. | ||
5 | * @warning Even though this is the id processor, it | ||
6 | * will ignore the directive Attr:IDBlacklist, since it will only | ||
7 | * go according to the ID accumulator. Since the accumulator is | ||
8 | * automatically generated, it will have already absorbed the | ||
9 | * blacklist. If you're hacking around, make sure you use load()! | ||
10 | */ | ||
11 | |||
12 | class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef | ||
13 | { | ||
14 | |||
15 | // selector is NOT a valid thing to use for IDREFs, because IDREFs | ||
16 | // *must* target IDs that exist, whereas selector #ids do not. | ||
17 | |||
18 | /** | ||
19 | * Determines whether or not we're validating an ID in a CSS | ||
20 | * selector context. | ||
21 | * @type bool | ||
22 | */ | ||
23 | protected $selector; | ||
24 | |||
25 | /** | ||
26 | * @param bool $selector | ||
27 | */ | ||
28 | public function __construct($selector = false) | ||
29 | { | ||
30 | $this->selector = $selector; | ||
31 | } | ||
32 | |||
33 | /** | ||
34 | * @param string $id | ||
35 | * @param HTMLPurifier_Config $config | ||
36 | * @param HTMLPurifier_Context $context | ||
37 | * @return bool|string | ||
38 | */ | ||
39 | public function validate($id, $config, $context) | ||
40 | { | ||
41 | if (!$this->selector && !$config->get('Attr.EnableID')) { | ||
42 | return false; | ||
43 | } | ||
44 | |||
45 | $id = trim($id); // trim it first | ||
46 | |||
47 | if ($id === '') { | ||
48 | return false; | ||
49 | } | ||
50 | |||
51 | $prefix = $config->get('Attr.IDPrefix'); | ||
52 | if ($prefix !== '') { | ||
53 | $prefix .= $config->get('Attr.IDPrefixLocal'); | ||
54 | // prevent re-appending the prefix | ||
55 | if (strpos($id, $prefix) !== 0) { | ||
56 | $id = $prefix . $id; | ||
57 | } | ||
58 | } elseif ($config->get('Attr.IDPrefixLocal') !== '') { | ||
59 | trigger_error( | ||
60 | '%Attr.IDPrefixLocal cannot be used unless ' . | ||
61 | '%Attr.IDPrefix is set', | ||
62 | E_USER_WARNING | ||
63 | ); | ||
64 | } | ||
65 | |||
66 | if (!$this->selector) { | ||
67 | $id_accumulator =& $context->get('IDAccumulator'); | ||
68 | if (isset($id_accumulator->ids[$id])) { | ||
69 | return false; | ||
70 | } | ||
71 | } | ||
72 | |||
73 | // we purposely avoid using regex, hopefully this is faster | ||
74 | |||
75 | if (ctype_alpha($id)) { | ||
76 | $result = true; | ||
77 | } else { | ||
78 | if (!ctype_alpha(@$id[0])) { | ||
79 | return false; | ||
80 | } | ||
81 | // primitive style of regexps, I suppose | ||
82 | $trim = trim( | ||
83 | $id, | ||
84 | 'A..Za..z0..9:-._' | ||
85 | ); | ||
86 | $result = ($trim === ''); | ||
87 | } | ||
88 | |||
89 | $regexp = $config->get('Attr.IDBlacklistRegexp'); | ||
90 | if ($regexp && preg_match($regexp, $id)) { | ||
91 | return false; | ||
92 | } | ||
93 | |||
94 | if (!$this->selector && $result) { | ||
95 | $id_accumulator->add($id); | ||
96 | } | ||
97 | |||
98 | // if no change was made to the ID, return the result | ||
99 | // else, return the new id if stripping whitespace made it | ||
100 | // valid, or return false. | ||
101 | return $result ? $id : false; | ||
102 | } | ||
103 | } | ||
104 | |||
105 | // vim: et sw=4 sts=4 | ||