library/HTMLPurifier/AttrDef/URI.php

   1 <?php
   2
   3 /**
   4  * Validates a URI as defined by RFC 3986.
   5  * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
   6  */
   7 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
   8 {
   9
  10     protected $parser;
  11     protected $embedsResource;
  12
  13     /**
  14      * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
  15      */
  16     public function __construct($embeds_resource = false) {
  17         $this->parser = new HTMLPurifier_URIParser();
  18         $this->embedsResource = (bool) $embeds_resource;
  19     }
  20
  21     public function make($string) {
  22         $embeds = ($string === 'embedded');
  23         return new HTMLPurifier_AttrDef_URI($embeds);
  24     }
  25
  26     public function validate($uri, $config, $context) {
  27
  28         if ($config->get('URI.Disable')) return false;
  29
  30         $uri = $this->parseCDATA($uri);
  31
  32         // parse the URI
  33         $uri = $this->parser->parse($uri);
  34         if ($uri === false) return false;
  35
  36         // add embedded flag to context for validators
  37         $context->register('EmbeddedURI', $this->embedsResource);
  38
  39         $ok = false;
  40         do {
  41
  42             // generic validation
  43             $result = $uri->validate($config, $context);
  44             if (!$result) break;
  45
  46             // chained filtering
  47             $uri_def = $config->getDefinition('URI');
  48             $result = $uri_def->filter($uri, $config, $context);
  49             if (!$result) break;
  50
  51             // scheme-specific validation
  52             $scheme_obj = $uri->getSchemeObj($config, $context);
  53             if (!$scheme_obj) break;
  54             if ($this->embedsResource && !$scheme_obj->browsable) break;
  55             $result = $scheme_obj->validate($uri, $config, $context);
  56             if (!$result) break;
  57
  58             // Post chained filtering
  59             $result = $uri_def->postFilter($uri, $config, $context);
  60             if (!$result) break;
  61
  62             // survived gauntlet
  63             $ok = true;
  64
  65         } while (false);
  66
  67         $context->destroy('EmbeddedURI');
  68         if (!$ok) return false;
  69
  70         // back to string
  71         return $uri->toString();
  72
  73     }
  74
  75 }
  76
  77 // vim: et sw=4 sts=4