library/HTMLPurifier/URIFilter/SecureMunge.php

   1 <?php
   2
   3 class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter
   4 {
   5     public $name = 'SecureMunge';
   6     public $post = true;
   7     private $target, $secretKey, $parser;
   8     public function prepare($config) {
   9         $this->target = $config->get('URI', 'SecureMunge');
  10         $this->secretKey = $config->get('URI', 'SecureMungeSecretKey');
  11         $this->parser = new HTMLPurifier_URIParser();
  12         if (!$this->secretKey) {
  13             trigger_error('URI.SecureMunge is being ignored due to lack of value for URI.SecureMungeSecretKey', E_USER_WARNING);
  14             return false;
  15         }
  16         return true;
  17     }
  18     public function filter(&$uri, $config, $context) {
  19         if (!$this->target || !$this->secretKey) return true;
  20         $scheme_obj = $uri->getSchemeObj($config, $context);
  21         if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
  22         if (is_null($uri->host) || empty($scheme_obj->browsable)) {
  23             return true;
  24         }
  25         $string = $uri->toString();
  26         $checksum = sha1($this->secretKey . ':' . $string);
  27         $new_uri = str_replace('%s', rawurlencode($string), $this->target);
  28         $new_uri = str_replace('%t', $checksum, $new_uri);
  29         $uri = $this->parser->parse($new_uri); // overwrite
  30         return true;
  31     }
  32 }