library/HTMLPurifier/AttrDef/URI.php

   1 <?php
   2
   3 /**
   4  * Validates a URI as defined by RFC 3986.
   5  * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
   6  */
   7 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
   8 {
   9
  10     /**
  11      * @type HTMLPurifier_URIParser
  12      */
  13     protected $parser;
  14
  15     /**
  16      * @type bool
  17      */
  18     protected $embedsResource;
  19
  20     /**
  21      * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
  22      */
  23     public function __construct($embeds_resource = false)
  24     {
  25         $this->parser = new HTMLPurifier_URIParser();
  26         $this->embedsResource = (bool)$embeds_resource;
  27     }
  28
  29     /**
  30      * @param string $string
  31      * @return HTMLPurifier_AttrDef_URI
  32      */
  33     public function make($string)
  34     {
  35         $embeds = ($string === 'embedded');
  36         return new HTMLPurifier_AttrDef_URI($embeds);
  37     }
  38
  39     /**
  40      * @param string $uri
  41      * @param HTMLPurifier_Config $config
  42      * @param HTMLPurifier_Context $context
  43      * @return bool|string
  44      */
  45     public function validate($uri, $config, $context)
  46     {
  47         if ($config->get('URI.Disable')) {
  48             return false;
  49         }
  50
  51         $uri = $this->parseCDATA($uri);
  52
  53         // parse the URI
  54         $uri = $this->parser->parse($uri);
  55         if ($uri === false) {
  56             return false;
  57         }
  58
  59         // add embedded flag to context for validators
  60         $context->register('EmbeddedURI', $this->embedsResource);
  61
  62         $ok = false;
  63         do {
  64
  65             // generic validation
  66             $result = $uri->validate($config, $context);
  67             if (!$result) {
  68                 break;
  69             }
  70
  71             // chained filtering
  72             $uri_def = $config->getDefinition('URI');
  73             $result = $uri_def->filter($uri, $config, $context);
  74             if (!$result) {
  75                 break;
  76             }
  77
  78             // scheme-specific validation
  79             $scheme_obj = $uri->getSchemeObj($config, $context);
  80             if (!$scheme_obj) {
  81                 break;
  82             }
  83             if ($this->embedsResource && !$scheme_obj->browsable) {
  84                 break;
  85             }
  86             $result = $scheme_obj->validate($uri, $config, $context);
  87             if (!$result) {
  88                 break;
  89             }
  90
  91             // Post chained filtering
  92             $result = $uri_def->postFilter($uri, $config, $context);
  93             if (!$result) {
  94                 break;
  95             }
  96
  97             // survived gauntlet
  98             $ok = true;
  99
 100         } while (false);
 101
 102         $context->destroy('EmbeddedURI');
 103         if (!$ok) {
 104             return false;
 105         }
 106         // back to string
 107         return $uri->toString();
 108     }
 109 }
 110
 111 // vim: et sw=4 sts=4