File indexing completed on 2024-05-12 06:02:04 

0001 <?php
0002 
0003 /**
0004  * Validates a URI as defined by RFC 3986.
0005  * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
0006  */
0007 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
0008 {
0009 
0010     /**
0011      * @type HTMLPurifier_URIParser
0012      */
0013     protected $parser;
0014 
0015     /**
0016      * @type bool
0017      */
0018     protected $embedsResource;
0019 
0020     /**
0021      * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
0022      */
0023     public function __construct($embeds_resource = false)
0024     {
0025         $this->parser = new HTMLPurifier_URIParser();
0026         $this->embedsResource = (bool)$embeds_resource;
0027     }
0028 
0029     /**
0030      * @param string $string
0031      * @return HTMLPurifier_AttrDef_URI
0032      */
0033     public function make($string)
0034     {
0035         $embeds = ($string === 'embedded');
0036         return new HTMLPurifier_AttrDef_URI($embeds);
0037     }
0038 
0039     /**
0040      * @param string $uri
0041      * @param HTMLPurifier_Config $config
0042      * @param HTMLPurifier_Context $context
0043      * @return bool|string
0044      */
0045     public function validate($uri, $config, $context)
0046     {
0047         if ($config->get('URI.Disable')) {
0048             return false;
0049         }
0050 
0051         $uri = $this->parseCDATA($uri);
0052 
0053         // parse the URI
0054         $uri = $this->parser->parse($uri);
0055         if ($uri === false) {
0056             return false;
0057         }
0058 
0059         // add embedded flag to context for validators
0060         $context->register('EmbeddedURI', $this->embedsResource);
0061 
0062         $ok = false;
0063         do {
0064 
0065             // generic validation
0066             $result = $uri->validate($config, $context);
0067             if (!$result) {
0068                 break;
0069             }
0070 
0071             // chained filtering
0072             $uri_def = $config->getDefinition('URI');
0073             $result = $uri_def->filter($uri, $config, $context);
0074             if (!$result) {
0075                 break;
0076             }
0077 
0078             // scheme-specific validation
0079             $scheme_obj = $uri->getSchemeObj($config, $context);
0080             if (!$scheme_obj) {
0081                 break;
0082             }
0083             if ($this->embedsResource && !$scheme_obj->browsable) {
0084                 break;
0085             }
0086             $result = $scheme_obj->validate($uri, $config, $context);
0087             if (!$result) {
0088                 break;
0089             }
0090 
0091             // Post chained filtering
0092             $result = $uri_def->postFilter($uri, $config, $context);
0093             if (!$result) {
0094                 break;
0095             }
0096 
0097             // survived gauntlet
0098             $ok = true;
0099 
0100         } while (false);
0101 
0102         $context->destroy('EmbeddedURI');
0103         if (!$ok) {
0104             return false;
0105         }
0106         // back to string
0107         return $uri->toString();
0108     }
0109 }
0110 
0111 // vim: et sw=4 sts=4