File indexing completed on 2024-12-22 05:36:18 

0001 <?php
0002 
0003 /**
0004  * Validates a URI in CSS syntax, which uses url('http://example.com')
0005  * @note While theoretically speaking a URI in a CSS document could
0006  *       be non-embedded, as of CSS2 there is no such usage so we're
0007  *       generalizing it. This may need to be changed in the future.
0008  * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
0009  *          the separator, you cannot put a literal semicolon in
0010  *          in the URI. Try percent encoding it, in that case.
0011  */
0012 class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
0013 {
0014 
0015     public function __construct()
0016     {
0017         parent::__construct(true); // always embedded
0018     }
0019 
0020     /**
0021      * @param string $uri_string
0022      * @param HTMLPurifier_Config $config
0023      * @param HTMLPurifier_Context $context
0024      * @return bool|string
0025      */
0026     public function validate($uri_string, $config, $context)
0027     {
0028         // parse the URI out of the string and then pass it onto
0029         // the parent object
0030 
0031         $uri_string = $this->parseCDATA($uri_string);
0032         if (strpos($uri_string, 'url(') !== 0) {
0033             return false;
0034         }
0035         $uri_string = substr($uri_string, 4);
0036         if (strlen($uri_string) == 0) {
0037             return false;
0038         }
0039         $new_length = strlen($uri_string) - 1;
0040         if ($uri_string[$new_length] != ')') {
0041             return false;
0042         }
0043         $uri = trim(substr($uri_string, 0, $new_length));
0044 
0045         if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
0046             $quote = $uri[0];
0047             $new_length = strlen($uri) - 1;
0048             if ($uri[$new_length] !== $quote) {
0049                 return false;
0050             }
0051             $uri = substr($uri, 1, $new_length - 1);
0052         }
0053 
0054         $uri = $this->expandCSSEscape($uri);
0055 
0056         $result = parent::validate($uri, $config, $context);
0057 
0058         if ($result === false) {
0059             return false;
0060         }
0061 
0062         // extra sanity check; should have been done by URI
0063         $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
0064 
0065         // suspicious characters are ()'; we're going to percent encode
0066         // them for safety.
0067         $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
0068 
0069         // there's an extra bug where ampersands lose their escaping on
0070         // an innerHTML cycle, so a very unlucky query parameter could
0071         // then change the meaning of the URL.  Unfortunately, there's
0072         // not much we can do about that...
0073         return "url(\"$result\")";
0074     }
0075 }
0076 
0077 // vim: et sw=4 sts=4