URI.php 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. <?php
  2. /**
  3. * Validates a URI as defined by RFC 3986.
  4. * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
  5. */
  6. class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
  7. {
  8. /**
  9. * @type HTMLPurifier_URIParser
  10. */
  11. protected $parser;
  12. /**
  13. * @type bool
  14. */
  15. protected $embedsResource;
  16. /**
  17. * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
  18. */
  19. public function __construct($embeds_resource = false)
  20. {
  21. $this->parser = new HTMLPurifier_URIParser();
  22. $this->embedsResource = (bool)$embeds_resource;
  23. }
  24. /**
  25. * @param string $string
  26. * @return HTMLPurifier_AttrDef_URI
  27. */
  28. public function make($string)
  29. {
  30. $embeds = ($string === 'embedded');
  31. return new HTMLPurifier_AttrDef_URI($embeds);
  32. }
  33. /**
  34. * @param string $uri
  35. * @param HTMLPurifier_Config $config
  36. * @param HTMLPurifier_Context $context
  37. * @return bool|string
  38. */
  39. public function validate($uri, $config, $context)
  40. {
  41. if ($config->get('URI.Disable')) {
  42. return false;
  43. }
  44. $uri = $this->parseCDATA($uri);
  45. // parse the URI
  46. $uri = $this->parser->parse($uri);
  47. if ($uri === false) {
  48. return false;
  49. }
  50. // add embedded flag to context for validators
  51. $context->register('EmbeddedURI', $this->embedsResource);
  52. $ok = false;
  53. do {
  54. // generic validation
  55. $result = $uri->validate($config, $context);
  56. if (!$result) {
  57. break;
  58. }
  59. // chained filtering
  60. $uri_def = $config->getDefinition('URI');
  61. $result = $uri_def->filter($uri, $config, $context);
  62. if (!$result) {
  63. break;
  64. }
  65. // scheme-specific validation
  66. $scheme_obj = $uri->getSchemeObj($config, $context);
  67. if (!$scheme_obj) {
  68. break;
  69. }
  70. if ($this->embedsResource && !$scheme_obj->browsable) {
  71. break;
  72. }
  73. $result = $scheme_obj->validate($uri, $config, $context);
  74. if (!$result) {
  75. break;
  76. }
  77. // Post chained filtering
  78. $result = $uri_def->postFilter($uri, $config, $context);
  79. if (!$result) {
  80. break;
  81. }
  82. // survived gauntlet
  83. $ok = true;
  84. } while (false);
  85. $context->destroy('EmbeddedURI');
  86. if (!$ok) {
  87. return false;
  88. }
  89. // back to string
  90. return $uri->toString();
  91. }
  92. }
  93. // vim: et sw=4 sts=4