library/HTMLPurifier/URIFilter/HostBlacklist.php

   1 <?php
   2
   3 // It's not clear to me whether or not Punycode means that hostnames
   4 // do not have canonical forms anymore. As far as I can tell, it's
   5 // not a problem (punycoding should be identity when no Unicode
   6 // points are involved), but I'm not 100% sure
   7 class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
   8 {
   9     public $name = 'HostBlacklist';
  10     protected $blacklist = array();
  11     public function prepare($config) {
  12         $this->blacklist = $config->get('URI.HostBlacklist');
  13         return true;
  14     }
  15     public function filter(&$uri, $config, $context) {
  16         foreach($this->blacklist as $blacklisted_host_fragment) {
  17             if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
  18                 return false;
  19             }
  20         }
  21         return true;
  22     }
  23 }
  24
  25 // vim: et sw=4 sts=4