diff options
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php new file mode 100644 index 00000000..3bd93a8f --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIScheme/data.php | |||
@@ -0,0 +1,127 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Implements data: URI for base64 encoded images supported by GD. | ||
5 | */ | ||
6 | class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme | ||
7 | { | ||
8 | /** | ||
9 | * @type bool | ||
10 | */ | ||
11 | public $browsable = true; | ||
12 | |||
13 | /** | ||
14 | * @type array | ||
15 | */ | ||
16 | public $allowed_types = array( | ||
17 | // you better write validation code for other types if you | ||
18 | // decide to allow them | ||
19 | 'image/jpeg' => true, | ||
20 | 'image/gif' => true, | ||
21 | 'image/png' => true, | ||
22 | ); | ||
23 | // this is actually irrelevant since we only write out the path | ||
24 | // component | ||
25 | /** | ||
26 | * @type bool | ||
27 | */ | ||
28 | public $may_omit_host = true; | ||
29 | |||
30 | /** | ||
31 | * @param HTMLPurifier_URI $uri | ||
32 | * @param HTMLPurifier_Config $config | ||
33 | * @param HTMLPurifier_Context $context | ||
34 | * @return bool | ||
35 | */ | ||
36 | public function doValidate(&$uri, $config, $context) | ||
37 | { | ||
38 | $result = explode(',', $uri->path, 2); | ||
39 | $is_base64 = false; | ||
40 | $charset = null; | ||
41 | $content_type = null; | ||
42 | if (count($result) == 2) { | ||
43 | list($metadata, $data) = $result; | ||
44 | // do some legwork on the metadata | ||
45 | $metas = explode(';', $metadata); | ||
46 | while (!empty($metas)) { | ||
47 | $cur = array_shift($metas); | ||
48 | if ($cur == 'base64') { | ||
49 | $is_base64 = true; | ||
50 | break; | ||
51 | } | ||
52 | if (substr($cur, 0, 8) == 'charset=') { | ||
53 | // doesn't match if there are arbitrary spaces, but | ||
54 | // whatever dude | ||
55 | if ($charset !== null) { | ||
56 | continue; | ||
57 | } // garbage | ||
58 | $charset = substr($cur, 8); // not used | ||
59 | } else { | ||
60 | if ($content_type !== null) { | ||
61 | continue; | ||
62 | } // garbage | ||
63 | $content_type = $cur; | ||
64 | } | ||
65 | } | ||
66 | } else { | ||
67 | $data = $result[0]; | ||
68 | } | ||
69 | if ($content_type !== null && empty($this->allowed_types[$content_type])) { | ||
70 | return false; | ||
71 | } | ||
72 | if ($charset !== null) { | ||
73 | // error; we don't allow plaintext stuff | ||
74 | $charset = null; | ||
75 | } | ||
76 | $data = rawurldecode($data); | ||
77 | if ($is_base64) { | ||
78 | $raw_data = base64_decode($data); | ||
79 | } else { | ||
80 | $raw_data = $data; | ||
81 | } | ||
82 | // XXX probably want to refactor this into a general mechanism | ||
83 | // for filtering arbitrary content types | ||
84 | $file = tempnam("/tmp", ""); | ||
85 | file_put_contents($file, $raw_data); | ||
86 | if (function_exists('exif_imagetype')) { | ||
87 | $image_code = exif_imagetype($file); | ||
88 | unlink($file); | ||
89 | } elseif (function_exists('getimagesize')) { | ||
90 | set_error_handler(array($this, 'muteErrorHandler')); | ||
91 | $info = getimagesize($file); | ||
92 | restore_error_handler(); | ||
93 | unlink($file); | ||
94 | if ($info == false) { | ||
95 | return false; | ||
96 | } | ||
97 | $image_code = $info[2]; | ||
98 | } else { | ||
99 | trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); | ||
100 | } | ||
101 | $real_content_type = image_type_to_mime_type($image_code); | ||
102 | if ($real_content_type != $content_type) { | ||
103 | // we're nice guys; if the content type is something else we | ||
104 | // support, change it over | ||
105 | if (empty($this->allowed_types[$real_content_type])) { | ||
106 | return false; | ||
107 | } | ||
108 | $content_type = $real_content_type; | ||
109 | } | ||
110 | // ok, it's kosher, rewrite what we need | ||
111 | $uri->userinfo = null; | ||
112 | $uri->host = null; | ||
113 | $uri->port = null; | ||
114 | $uri->fragment = null; | ||
115 | $uri->query = null; | ||
116 | $uri->path = "$content_type;base64," . base64_encode($raw_data); | ||
117 | return true; | ||
118 | } | ||
119 | |||
120 | /** | ||
121 | * @param int $errno | ||
122 | * @param string $errstr | ||
123 | */ | ||
124 | public function muteErrorHandler($errno, $errstr) | ||
125 | { | ||
126 | } | ||
127 | } | ||