File indexing completed on 2024-06-16 05:29:43

0001 <?php
0002 
0003 /**
0004  * Validates an IPv6 address.
0005  * @author Feyd @ forums.devnetwork.net (public domain)
0006  * @note This function requires brackets to have been removed from address
0007  *       in URI.
0008  */
0009 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
0010 {
0011 
0012     /**
0013      * @param string $aIP
0014      * @param HTMLPurifier_Config $config
0015      * @param HTMLPurifier_Context $context
0016      * @return bool|string
0017      */
0018     public function validate($aIP, $config, $context)
0019     {
0020         if (!$this->ip4) {
0021             $this->_loadRegex();
0022         }
0023 
0024         $original = $aIP;
0025 
0026         $hex = '[0-9a-fA-F]';
0027         $blk = '(?:' . $hex . '{1,4})';
0028         $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128
0029 
0030         //      prefix check
0031         if (strpos($aIP, '/') !== false) {
0032             if (preg_match('#' . $pre . '$#s', $aIP, $find)) {
0033                 $aIP = substr($aIP, 0, 0 - strlen($find[0]));
0034                 unset($find);
0035             } else {
0036                 return false;
0037             }
0038         }
0039 
0040         //      IPv4-compatiblity check
0041         if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) {
0042             $aIP = substr($aIP, 0, 0 - strlen($find[0]));
0043             $ip = explode('.', $find[0]);
0044             $ip = array_map('dechex', $ip);
0045             $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
0046             unset($find, $ip);
0047         }
0048 
0049         //      compression check
0050         $aIP = explode('::', $aIP);
0051         $c = count($aIP);
0052         if ($c > 2) {
0053             return false;
0054         } elseif ($c == 2) {
0055             list($first, $second) = $aIP;
0056             $first = explode(':', $first);
0057             $second = explode(':', $second);
0058 
0059             if (count($first) + count($second) > 8) {
0060                 return false;
0061             }
0062 
0063             while (count($first) < 8) {
0064                 array_push($first, '0');
0065             }
0066 
0067             array_splice($first, 8 - count($second), 8, $second);
0068             $aIP = $first;
0069             unset($first, $second);
0070         } else {
0071             $aIP = explode(':', $aIP[0]);
0072         }
0073         $c = count($aIP);
0074 
0075         if ($c != 8) {
0076             return false;
0077         }
0078 
0079         //      All the pieces should be 16-bit hex strings. Are they?
0080         foreach ($aIP as $piece) {
0081             if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) {
0082                 return false;
0083             }
0084         }
0085         return $original;
0086     }
0087 }
0088 
0089 // vim: et sw=4 sts=4