diff options
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/URIScheme.php')
-rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/URIScheme.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme.php new file mode 100644 index 000000000..7be958143 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme.php @@ -0,0 +1,95 @@ +<?php + +/** + * Validator for the components of a URI for a specific scheme + */ +abstract class HTMLPurifier_URIScheme +{ + + /** + * Scheme's default port (integer). If an explicit port number is + * specified that coincides with the default port, it will be + * elided. + */ + public $default_port = null; + + /** + * Whether or not URIs of this schem are locatable by a browser + * http and ftp are accessible, while mailto and news are not. + */ + public $browsable = false; + + /** + * Whether or not data transmitted over this scheme is encrypted. + * https is secure, http is not. + */ + public $secure = false; + + /** + * Whether or not the URI always uses <hier_part>, resolves edge cases + * with making relative URIs absolute + */ + public $hierarchical = false; + + /** + * Whether or not the URI may omit a hostname when the scheme is + * explicitly specified, ala file:///path/to/file. As of writing, + * 'file' is the only scheme that browsers support his properly. + */ + public $may_omit_host = false; + + /** + * Validates the components of a URI for a specific scheme. + * @param $uri Reference to a HTMLPurifier_URI object + * @param $config HTMLPurifier_Config object + * @param $context HTMLPurifier_Context object + * @return Bool success or failure + */ + public abstract function doValidate(&$uri, $config, $context); + + /** + * Public interface for validating components of a URI. Performs a + * bunch of default actions. Don't overload this method. + * @param $uri Reference to a HTMLPurifier_URI object + * @param $config HTMLPurifier_Config object + * @param $context HTMLPurifier_Context object + * @return Bool success or failure + */ + public function validate(&$uri, $config, $context) { + if ($this->default_port == $uri->port) $uri->port = null; + // kludge: browsers do funny things when the scheme but not the + // authority is set + if (!$this->may_omit_host && + // if the scheme is present, a missing host is always in error + (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) || + // if the scheme is not present, a *blank* host is in error, + // since this translates into '///path' which most browsers + // interpret as being 'http://path'. + (is_null($uri->scheme) && $uri->host === '') + ) { + do { + if (is_null($uri->scheme)) { + if (substr($uri->path, 0, 2) != '//') { + $uri->host = null; + break; + } + // URI is '////path', so we cannot nullify the + // host to preserve semantics. Try expanding the + // hostname instead (fall through) + } + // first see if we can manually insert a hostname + $host = $config->get('URI.Host'); + if (!is_null($host)) { + $uri->host = $host; + } else { + // we can't do anything sensible, reject the URL. + return false; + } + } while (false); + } + return $this->doValidate($uri, $config, $context); + } + +} + +// vim: et sw=4 sts=4 |