]>
Commit | Line | Data |
---|---|---|
f4f0f80d AD |
1 | <?php |
2 | ||
3 | /** | |
4 | * Implements data: URI for base64 encoded images supported by GD. | |
5 | */ | |
6 | class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme { | |
7 | ||
8 | public $browsable = true; | |
9 | public $allowed_types = array( | |
10 | // you better write validation code for other types if you | |
11 | // decide to allow them | |
12 | 'image/jpeg' => true, | |
13 | 'image/gif' => true, | |
14 | 'image/png' => true, | |
15 | ); | |
16 | // this is actually irrelevant since we only write out the path | |
17 | // component | |
18 | public $may_omit_host = true; | |
19 | ||
20 | public function doValidate(&$uri, $config, $context) { | |
21 | $result = explode(',', $uri->path, 2); | |
22 | $is_base64 = false; | |
23 | $charset = null; | |
24 | $content_type = null; | |
25 | if (count($result) == 2) { | |
26 | list($metadata, $data) = $result; | |
27 | // do some legwork on the metadata | |
28 | $metas = explode(';', $metadata); | |
29 | while(!empty($metas)) { | |
30 | $cur = array_shift($metas); | |
31 | if ($cur == 'base64') { | |
32 | $is_base64 = true; | |
33 | break; | |
34 | } | |
35 | if (substr($cur, 0, 8) == 'charset=') { | |
36 | // doesn't match if there are arbitrary spaces, but | |
37 | // whatever dude | |
38 | if ($charset !== null) continue; // garbage | |
39 | $charset = substr($cur, 8); // not used | |
40 | } else { | |
41 | if ($content_type !== null) continue; // garbage | |
42 | $content_type = $cur; | |
43 | } | |
44 | } | |
45 | } else { | |
46 | $data = $result[0]; | |
47 | } | |
48 | if ($content_type !== null && empty($this->allowed_types[$content_type])) { | |
49 | return false; | |
50 | } | |
51 | if ($charset !== null) { | |
52 | // error; we don't allow plaintext stuff | |
53 | $charset = null; | |
54 | } | |
55 | $data = rawurldecode($data); | |
56 | if ($is_base64) { | |
57 | $raw_data = base64_decode($data); | |
58 | } else { | |
59 | $raw_data = $data; | |
60 | } | |
61 | // XXX probably want to refactor this into a general mechanism | |
62 | // for filtering arbitrary content types | |
63 | $file = tempnam("/tmp", ""); | |
64 | file_put_contents($file, $raw_data); | |
65 | if (function_exists('exif_imagetype')) { | |
66 | $image_code = exif_imagetype($file); | |
67 | } elseif (function_exists('getimagesize')) { | |
68 | set_error_handler(array($this, 'muteErrorHandler')); | |
69 | $info = getimagesize($file); | |
70 | restore_error_handler(); | |
71 | if ($info == false) return false; | |
72 | $image_code = $info[2]; | |
73 | } else { | |
74 | trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); | |
75 | } | |
76 | $real_content_type = image_type_to_mime_type($image_code); | |
77 | if ($real_content_type != $content_type) { | |
78 | // we're nice guys; if the content type is something else we | |
79 | // support, change it over | |
80 | if (empty($this->allowed_types[$real_content_type])) return false; | |
81 | $content_type = $real_content_type; | |
82 | } | |
83 | // ok, it's kosher, rewrite what we need | |
84 | $uri->userinfo = null; | |
85 | $uri->host = null; | |
86 | $uri->port = null; | |
87 | $uri->fragment = null; | |
88 | $uri->query = null; | |
89 | $uri->path = "$content_type;base64," . base64_encode($raw_data); | |
90 | return true; | |
91 | } | |
92 | ||
93 | public function muteErrorHandler($errno, $errstr) {} | |
94 | ||
95 | } | |
96 |