library/HTMLPurifier/URIScheme.php

   1 <?php
   2
   3 /**
   4  * Validator for the components of a URI for a specific scheme
   5  */
   6 abstract class HTMLPurifier_URIScheme
   7 {
   8
   9     /**
  10      * Scheme's default port (integer).  If an explicit port number is
  11      * specified that coincides with the default port, it will be
  12      * elided.
  13      */
  14     public $default_port = null;
  15
  16     /**
  17      * Whether or not URIs of this schem are locatable by a browser
  18      * http and ftp are accessible, while mailto and news are not.
  19      */
  20     public $browsable = false;
  21
  22     /**
  23      * Whether or not data transmitted over this scheme is encrypted.
  24      * https is secure, http is not.
  25      */
  26     public $secure = false;
  27
  28     /**
  29      * Whether or not the URI always uses <hier_part>, resolves edge cases
  30      * with making relative URIs absolute
  31      */
  32     public $hierarchical = false;
  33
  34     /**
  35      * Whether or not the URI may omit a hostname when the scheme is
  36      * explicitly specified, ala file:///path/to/file. As of writing,
  37      * 'file' is the only scheme that browsers support his properly.
  38      */
  39     public $may_omit_host = false;
  40
  41     /**
  42      * Validates the components of a URI for a specific scheme.
  43      * @param $uri Reference to a HTMLPurifier_URI object
  44      * @param $config HTMLPurifier_Config object
  45      * @param $context HTMLPurifier_Context object
  46      * @return Bool success or failure
  47      */
  48     public abstract function doValidate(&$uri, $config, $context);
  49
  50     /**
  51      * Public interface for validating components of a URI.  Performs a
  52      * bunch of default actions. Don't overload this method.
  53      * @param $uri Reference to a HTMLPurifier_URI object
  54      * @param $config HTMLPurifier_Config object
  55      * @param $context HTMLPurifier_Context object
  56      * @return Bool success or failure
  57      */
  58     public function validate(&$uri, $config, $context) {
  59         if ($this->default_port == $uri->port) $uri->port = null;
  60         // kludge: browsers do funny things when the scheme but not the
  61         // authority is set
  62         if (!$this->may_omit_host &&
  63             // if the scheme is present, a missing host is always in error
  64             (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
  65             // if the scheme is not present, a *blank* host is in error,
  66             // since this translates into '///path' which most browsers
  67             // interpret as being 'http://path'.
  68              (is_null($uri->scheme) && $uri->host === '')
  69         ) {
  70             do {
  71                 if (is_null($uri->scheme)) {
  72                     if (substr($uri->path, 0, 2) != '//') {
  73                         $uri->host = null;
  74                         break;
  75                     }
  76                     // URI is '////path', so we cannot nullify the
  77                     // host to preserve semantics.  Try expanding the
  78                     // hostname instead (fall through)
  79                 }
  80                 // first see if we can manually insert a hostname
  81                 $host = $config->get('URI.Host');
  82                 if (!is_null($host)) {
  83                     $uri->host = $host;
  84                 } else {
  85                     // we can't do anything sensible, reject the URL.
  86                     return false;
  87                 }
  88             } while (false);
  89         }
  90         return $this->doValidate($uri, $config, $context);
  91     }
  92
  93 }
  94
  95 // vim: et sw=4 sts=4