aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/VarParser
diff options
context:
space:
mode:
Diffstat (limited to 'library/HTMLPurifier/VarParser')
-rw-r--r--library/HTMLPurifier/VarParser/Flexible.php96
-rw-r--r--library/HTMLPurifier/VarParser/Native.php26
2 files changed, 122 insertions, 0 deletions
diff --git a/library/HTMLPurifier/VarParser/Flexible.php b/library/HTMLPurifier/VarParser/Flexible.php
new file mode 100644
index 000000000..c954250e9
--- /dev/null
+++ b/library/HTMLPurifier/VarParser/Flexible.php
@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * Performs safe variable parsing based on types which can be used by
+ * users. This may not be able to represent all possible data inputs,
+ * however.
+ */
+class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
+{
+
+ protected function parseImplementation($var, $type, $allow_null) {
+ if ($allow_null && $var === null) return null;
+ switch ($type) {
+ // Note: if code "breaks" from the switch, it triggers a generic
+ // exception to be thrown. Specific errors can be specifically
+ // done here.
+ case self::MIXED :
+ case self::ISTRING :
+ case self::STRING :
+ case self::TEXT :
+ case self::ITEXT :
+ return $var;
+ case self::INT :
+ if (is_string($var) && ctype_digit($var)) $var = (int) $var;
+ return $var;
+ case self::FLOAT :
+ if ((is_string($var) && is_numeric($var)) || is_int($var)) $var = (float) $var;
+ return $var;
+ case self::BOOL :
+ if (is_int($var) && ($var === 0 || $var === 1)) {
+ $var = (bool) $var;
+ } elseif (is_string($var)) {
+ if ($var == 'on' || $var == 'true' || $var == '1') {
+ $var = true;
+ } elseif ($var == 'off' || $var == 'false' || $var == '0') {
+ $var = false;
+ } else {
+ throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
+ }
+ }
+ return $var;
+ case self::ALIST :
+ case self::HASH :
+ case self::LOOKUP :
+ if (is_string($var)) {
+ // special case: technically, this is an array with
+ // a single empty string item, but having an empty
+ // array is more intuitive
+ if ($var == '') return array();
+ if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
+ // simplistic string to array method that only works
+ // for simple lists of tag names or alphanumeric characters
+ $var = explode(',',$var);
+ } else {
+ $var = preg_split('/(,|[\n\r]+)/', $var);
+ }
+ // remove spaces
+ foreach ($var as $i => $j) $var[$i] = trim($j);
+ if ($type === self::HASH) {
+ // key:value,key2:value2
+ $nvar = array();
+ foreach ($var as $keypair) {
+ $c = explode(':', $keypair, 2);
+ if (!isset($c[1])) continue;
+ $nvar[$c[0]] = $c[1];
+ }
+ $var = $nvar;
+ }
+ }
+ if (!is_array($var)) break;
+ $keys = array_keys($var);
+ if ($keys === array_keys($keys)) {
+ if ($type == self::ALIST) return $var;
+ elseif ($type == self::LOOKUP) {
+ $new = array();
+ foreach ($var as $key) {
+ $new[$key] = true;
+ }
+ return $new;
+ } else break;
+ }
+ if ($type === self::LOOKUP) {
+ foreach ($var as $key => $value) {
+ $var[$key] = true;
+ }
+ }
+ return $var;
+ default:
+ $this->errorInconsistent(__CLASS__, $type);
+ }
+ $this->errorGeneric($var, $type);
+ }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/VarParser/Native.php b/library/HTMLPurifier/VarParser/Native.php
new file mode 100644
index 000000000..b02a6de54
--- /dev/null
+++ b/library/HTMLPurifier/VarParser/Native.php
@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * This variable parser uses PHP's internal code engine. Because it does
+ * this, it can represent all inputs; however, it is dangerous and cannot
+ * be used by users.
+ */
+class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
+{
+
+ protected function parseImplementation($var, $type, $allow_null) {
+ return $this->evalExpression($var);
+ }
+
+ protected function evalExpression($expr) {
+ $var = null;
+ $result = eval("\$var = $expr;");
+ if ($result === false) {
+ throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
+ }
+ return $var;
+ }
+
+}
+
+// vim: et sw=4 sts=4