File indexing completed on 2025-01-26 05:29:06
0001 <?php 0002 0003 /** 0004 * Validates an IPv6 address. 0005 * @author Feyd @ forums.devnetwork.net (public domain) 0006 * @note This function requires brackets to have been removed from address 0007 * in URI. 0008 */ 0009 class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4 0010 { 0011 0012 /** 0013 * @param string $aIP 0014 * @param HTMLPurifier_Config $config 0015 * @param HTMLPurifier_Context $context 0016 * @return bool|string 0017 */ 0018 public function validate($aIP, $config, $context) 0019 { 0020 if (!$this->ip4) { 0021 $this->_loadRegex(); 0022 } 0023 0024 $original = $aIP; 0025 0026 $hex = '[0-9a-fA-F]'; 0027 $blk = '(?:' . $hex . '{1,4})'; 0028 $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))'; // /0 - /128 0029 0030 // prefix check 0031 if (strpos($aIP, '/') !== false) { 0032 if (preg_match('#' . $pre . '$#s', $aIP, $find)) { 0033 $aIP = substr($aIP, 0, 0 - strlen($find[0])); 0034 unset($find); 0035 } else { 0036 return false; 0037 } 0038 } 0039 0040 // IPv4-compatiblity check 0041 if (preg_match('#(?<=:' . ')' . $this->ip4 . '$#s', $aIP, $find)) { 0042 $aIP = substr($aIP, 0, 0 - strlen($find[0])); 0043 $ip = explode('.', $find[0]); 0044 $ip = array_map('dechex', $ip); 0045 $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3]; 0046 unset($find, $ip); 0047 } 0048 0049 // compression check 0050 $aIP = explode('::', $aIP); 0051 $c = count($aIP); 0052 if ($c > 2) { 0053 return false; 0054 } elseif ($c == 2) { 0055 list($first, $second) = $aIP; 0056 $first = explode(':', $first); 0057 $second = explode(':', $second); 0058 0059 if (count($first) + count($second) > 8) { 0060 return false; 0061 } 0062 0063 while (count($first) < 8) { 0064 array_push($first, '0'); 0065 } 0066 0067 array_splice($first, 8 - count($second), 8, $second); 0068 $aIP = $first; 0069 unset($first, $second); 0070 } else { 0071 $aIP = explode(':', $aIP[0]); 0072 } 0073 $c = count($aIP); 0074 0075 if ($c != 8) { 0076 return false; 0077 } 0078 0079 // All the pieces should be 16-bit hex strings. Are they? 0080 foreach ($aIP as $piece) { 0081 if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece))) { 0082 return false; 0083 } 0084 } 0085 return $original; 0086 } 0087 } 0088 0089 // vim: et sw=4 sts=4