library/HTMLPurifier/URIFilter/HostBlacklist.php

   1 <?php
   2
   3 // It's not clear to me whether or not Punycode means that hostnames
   4 // do not have canonical forms anymore. As far as I can tell, it's
   5 // not a problem (punycoding should be identity when no Unicode
   6 // points are involved), but I'm not 100% sure
   7 class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
   8 {
   9     /**
  10      * @type string
  11      */
  12     public $name = 'HostBlacklist';
  13
  14     /**
  15      * @type array
  16      */
  17     protected $blacklist = array();
  18
  19     /**
  20      * @param HTMLPurifier_Config $config
  21      * @return bool
  22      */
  23     public function prepare($config)
  24     {
  25         $this->blacklist = $config->get('URI.HostBlacklist');
  26         return true;
  27     }
  28
  29     /**
  30      * @param HTMLPurifier_URI $uri
  31      * @param HTMLPurifier_Config $config
  32      * @param HTMLPurifier_Context $context
  33      * @return bool
  34      */
  35     public function filter(&$uri, $config, $context)
  36     {
  37         foreach ($this->blacklist as $blacklisted_host_fragment) {
  38             if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
  39                 return false;
  40             }
  41         }
  42         return true;
  43     }
  44 }
  45
  46 // vim: et sw=4 sts=4