]>
Commit | Line | Data |
---|---|---|
f45a286b AD |
1 | <?php |
2 | ||
3 | /** | |
4 | * Validates a URI as defined by RFC 3986. | |
5 | * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme | |
6 | */ | |
7 | class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef | |
8 | { | |
9 | ||
10 | protected $parser; | |
11 | protected $embedsResource; | |
12 | ||
13 | /** | |
14 | * @param $embeds_resource_resource Does the URI here result in an extra HTTP request? | |
15 | */ | |
16 | public function __construct($embeds_resource = false) { | |
17 | $this->parser = new HTMLPurifier_URIParser(); | |
18 | $this->embedsResource = (bool) $embeds_resource; | |
19 | } | |
20 | ||
21 | public function make($string) { | |
dd205fba | 22 | $embeds = ($string === 'embedded'); |
f45a286b AD |
23 | return new HTMLPurifier_AttrDef_URI($embeds); |
24 | } | |
25 | ||
26 | public function validate($uri, $config, $context) { | |
27 | ||
f4f0f80d | 28 | if ($config->get('URI.Disable')) return false; |
f45a286b AD |
29 | |
30 | $uri = $this->parseCDATA($uri); | |
31 | ||
32 | // parse the URI | |
33 | $uri = $this->parser->parse($uri); | |
34 | if ($uri === false) return false; | |
35 | ||
36 | // add embedded flag to context for validators | |
37 | $context->register('EmbeddedURI', $this->embedsResource); | |
38 | ||
39 | $ok = false; | |
40 | do { | |
41 | ||
42 | // generic validation | |
43 | $result = $uri->validate($config, $context); | |
44 | if (!$result) break; | |
45 | ||
46 | // chained filtering | |
47 | $uri_def = $config->getDefinition('URI'); | |
48 | $result = $uri_def->filter($uri, $config, $context); | |
49 | if (!$result) break; | |
50 | ||
51 | // scheme-specific validation | |
52 | $scheme_obj = $uri->getSchemeObj($config, $context); | |
53 | if (!$scheme_obj) break; | |
54 | if ($this->embedsResource && !$scheme_obj->browsable) break; | |
55 | $result = $scheme_obj->validate($uri, $config, $context); | |
56 | if (!$result) break; | |
57 | ||
58 | // Post chained filtering | |
59 | $result = $uri_def->postFilter($uri, $config, $context); | |
60 | if (!$result) break; | |
61 | ||
62 | // survived gauntlet | |
63 | $ok = true; | |
64 | ||
65 | } while (false); | |
66 | ||
67 | $context->destroy('EmbeddedURI'); | |
68 | if (!$ok) return false; | |
69 | ||
70 | // back to string | |
71 | return $uri->toString(); | |
72 | ||
73 | } | |
74 | ||
75 | } | |
76 | ||
77 | // vim: et sw=4 sts=4 |