4 * Validator for the components of a URI for a specific scheme
6 abstract class HTMLPurifier_URIScheme
10 * Scheme's default port (integer). If an explicit port number is
11 * specified that coincides with the default port, it will be
14 public $default_port = null;
17 * Whether or not URIs of this schem are locatable by a browser
18 * http and ftp are accessible, while mailto and news are not.
20 public $browsable = false;
23 * Whether or not the URI always uses <hier_part>, resolves edge cases
24 * with making relative URIs absolute
26 public $hierarchical = false;
29 * Whether or not the URI may omit a hostname when the scheme is
30 * explicitly specified, ala file:///path/to/file. As of writing,
31 * 'file' is the only scheme that browsers support his properly.
33 public $may_omit_host = false;
36 * Validates the components of a URI for a specific scheme.
37 * @param $uri Reference to a HTMLPurifier_URI object
38 * @param $config HTMLPurifier_Config object
39 * @param $context HTMLPurifier_Context object
40 * @return Bool success or failure
42 public abstract function doValidate(&$uri, $config, $context);
45 * Public interface for validating components of a URI. Performs a
46 * bunch of default actions. Don't overload this method.
47 * @param $uri Reference to a HTMLPurifier_URI object
48 * @param $config HTMLPurifier_Config object
49 * @param $context HTMLPurifier_Context object
50 * @return Bool success or failure
52 public function validate(&$uri, $config, $context) {
53 if ($this->default_port
== $uri->port
) $uri->port
= null;
54 // kludge: browsers do funny things when the scheme but not the
56 if (!$this->may_omit_host
&&
57 // if the scheme is present, a missing host is always in error
58 (!is_null($uri->scheme
) && ($uri->host
=== '' ||
is_null($uri->host
))) ||
59 // if the scheme is not present, a *blank* host is in error,
60 // since this translates into '///path' which most browsers
61 // interpret as being 'http://path'.
62 (is_null($uri->scheme
) && $uri->host
=== '')
65 if (is_null($uri->scheme
)) {
66 if (substr($uri->path
, 0, 2) != '//') {
70 // URI is '////path', so we cannot nullify the
71 // host to preserve semantics. Try expanding the
72 // hostname instead (fall through)
74 // first see if we can manually insert a hostname
75 $host = $config->get('URI.Host');
76 if (!is_null($host)) {
79 // we can't do anything sensible, reject the URL.
84 return $this->doValidate($uri, $config, $context);