File indexing completed on 2024-12-22 05:36:21
0001 <?php 0002 0003 /** 0004 * Performs safe variable parsing based on types which can be used by 0005 * users. This may not be able to represent all possible data inputs, 0006 * however. 0007 */ 0008 class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser 0009 { 0010 /** 0011 * @param mixed $var 0012 * @param int $type 0013 * @param bool $allow_null 0014 * @return array|bool|float|int|mixed|null|string 0015 * @throws HTMLPurifier_VarParserException 0016 */ 0017 protected function parseImplementation($var, $type, $allow_null) 0018 { 0019 if ($allow_null && $var === null) { 0020 return null; 0021 } 0022 switch ($type) { 0023 // Note: if code "breaks" from the switch, it triggers a generic 0024 // exception to be thrown. Specific errors can be specifically 0025 // done here. 0026 case self::MIXED: 0027 case self::ISTRING: 0028 case self::STRING: 0029 case self::TEXT: 0030 case self::ITEXT: 0031 return $var; 0032 case self::INT: 0033 if (is_string($var) && ctype_digit($var)) { 0034 $var = (int)$var; 0035 } 0036 return $var; 0037 case self::FLOAT: 0038 if ((is_string($var) && is_numeric($var)) || is_int($var)) { 0039 $var = (float)$var; 0040 } 0041 return $var; 0042 case self::BOOL: 0043 if (is_int($var) && ($var === 0 || $var === 1)) { 0044 $var = (bool)$var; 0045 } elseif (is_string($var)) { 0046 if ($var == 'on' || $var == 'true' || $var == '1') { 0047 $var = true; 0048 } elseif ($var == 'off' || $var == 'false' || $var == '0') { 0049 $var = false; 0050 } else { 0051 throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type"); 0052 } 0053 } 0054 return $var; 0055 case self::ALIST: 0056 case self::HASH: 0057 case self::LOOKUP: 0058 if (is_string($var)) { 0059 // special case: technically, this is an array with 0060 // a single empty string item, but having an empty 0061 // array is more intuitive 0062 if ($var == '') { 0063 return array(); 0064 } 0065 if (strpos($var, "\n") === false && strpos($var, "\r") === false) { 0066 // simplistic string to array method that only works 0067 // for simple lists of tag names or alphanumeric characters 0068 $var = explode(',', $var); 0069 } else { 0070 $var = preg_split('/(,|[\n\r]+)/', $var); 0071 } 0072 // remove spaces 0073 foreach ($var as $i => $j) { 0074 $var[$i] = trim($j); 0075 } 0076 if ($type === self::HASH) { 0077 // key:value,key2:value2 0078 $nvar = array(); 0079 foreach ($var as $keypair) { 0080 $c = explode(':', $keypair, 2); 0081 if (!isset($c[1])) { 0082 continue; 0083 } 0084 $nvar[trim($c[0])] = trim($c[1]); 0085 } 0086 $var = $nvar; 0087 } 0088 } 0089 if (!is_array($var)) { 0090 break; 0091 } 0092 $keys = array_keys($var); 0093 if ($keys === array_keys($keys)) { 0094 if ($type == self::ALIST) { 0095 return $var; 0096 } elseif ($type == self::LOOKUP) { 0097 $new = array(); 0098 foreach ($var as $key) { 0099 $new[$key] = true; 0100 } 0101 return $new; 0102 } else { 0103 break; 0104 } 0105 } 0106 if ($type === self::ALIST) { 0107 trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING); 0108 return array_values($var); 0109 } 0110 if ($type === self::LOOKUP) { 0111 foreach ($var as $key => $value) { 0112 if ($value !== true) { 0113 trigger_error( 0114 "Lookup array has non-true value at key '$key'; " . 0115 "maybe your input array was not indexed numerically", 0116 E_USER_WARNING 0117 ); 0118 } 0119 $var[$key] = true; 0120 } 0121 } 0122 return $var; 0123 default: 0124 $this->errorInconsistent(__CLASS__, $type); 0125 } 0126 $this->errorGeneric($var, $type); 0127 } 0128 } 0129 0130 // vim: et sw=4 sts=4