library/HTMLPurifier/URIFilter/SecureMunge.php

   1 <?php
   2
   3 class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter
   4 {
   5     public $name = 'SecureMunge';
   6     public $post = true;
   7     private $target, $secretKey, $parser;
   8     public function prepare($config) {
   9         $this->target = $config->get('URI', 'SecureMunge');
  10         $this->secretKey = $config->get('URI', 'SecureMungeSecretKey');
  11         $this->parser = new HTMLPurifier_URIParser();
  12         if (!$this->secretKey) {
  13             trigger_error('URI.SecureMunge is being ignored due to lack of value for URI.SecureMungeSecretKey', E_USER_WARNING);
  14             return false;
  15         }
  16         return true;
  17     }
  18     public function filter(&$uri, $config, $context) {
  19         if (!$this->target || !$this->secretKey) return true;
  20         if ($context->get('EmbeddedURI', true)) return true; // abort for embedded URIs
  21         $scheme_obj = $uri->getSchemeObj($config, $context);
  22         if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
  23         if (is_null($uri->host) || empty($scheme_obj->browsable)) {
  24             return true;
  25         }
  26         $string = $uri->toString();
  27         $checksum = sha1($this->secretKey . ':' . $string);
  28         $new_uri = str_replace('%s', rawurlencode($string), $this->target);
  29         $new_uri = str_replace('%t', $checksum, $new_uri);
  30         $uri = $this->parser->parse($new_uri); // overwrite
  31         return true;
  32     }
  33 }