]>
Commit | Line | Data |
---|---|---|
f45a286b AD |
1 | <?php |
2 | ||
3 | /** | |
4 | * Performs safe variable parsing based on types which can be used by | |
5 | * users. This may not be able to represent all possible data inputs, | |
6 | * however. | |
7 | */ | |
8 | class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser | |
9 | { | |
10 | ||
11 | protected function parseImplementation($var, $type, $allow_null) { | |
12 | if ($allow_null && $var === null) return null; | |
13 | switch ($type) { | |
14 | // Note: if code "breaks" from the switch, it triggers a generic | |
15 | // exception to be thrown. Specific errors can be specifically | |
16 | // done here. | |
17 | case self::MIXED : | |
18 | case self::ISTRING : | |
19 | case self::STRING : | |
20 | case self::TEXT : | |
21 | case self::ITEXT : | |
22 | return $var; | |
23 | case self::INT : | |
24 | if (is_string($var) && ctype_digit($var)) $var = (int) $var; | |
25 | return $var; | |
26 | case self::FLOAT : | |
27 | if ((is_string($var) && is_numeric($var)) || is_int($var)) $var = (float) $var; | |
28 | return $var; | |
29 | case self::BOOL : | |
30 | if (is_int($var) && ($var === 0 || $var === 1)) { | |
31 | $var = (bool) $var; | |
32 | } elseif (is_string($var)) { | |
33 | if ($var == 'on' || $var == 'true' || $var == '1') { | |
34 | $var = true; | |
35 | } elseif ($var == 'off' || $var == 'false' || $var == '0') { | |
36 | $var = false; | |
37 | } else { | |
38 | throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type"); | |
39 | } | |
40 | } | |
41 | return $var; | |
42 | case self::ALIST : | |
43 | case self::HASH : | |
44 | case self::LOOKUP : | |
45 | if (is_string($var)) { | |
46 | // special case: technically, this is an array with | |
47 | // a single empty string item, but having an empty | |
48 | // array is more intuitive | |
49 | if ($var == '') return array(); | |
50 | if (strpos($var, "\n") === false && strpos($var, "\r") === false) { | |
51 | // simplistic string to array method that only works | |
52 | // for simple lists of tag names or alphanumeric characters | |
53 | $var = explode(',',$var); | |
54 | } else { | |
55 | $var = preg_split('/(,|[\n\r]+)/', $var); | |
56 | } | |
57 | // remove spaces | |
58 | foreach ($var as $i => $j) $var[$i] = trim($j); | |
59 | if ($type === self::HASH) { | |
60 | // key:value,key2:value2 | |
61 | $nvar = array(); | |
62 | foreach ($var as $keypair) { | |
63 | $c = explode(':', $keypair, 2); | |
64 | if (!isset($c[1])) continue; | |
f4f0f80d | 65 | $nvar[trim($c[0])] = trim($c[1]); |
f45a286b AD |
66 | } |
67 | $var = $nvar; | |
68 | } | |
69 | } | |
70 | if (!is_array($var)) break; | |
71 | $keys = array_keys($var); | |
72 | if ($keys === array_keys($keys)) { | |
73 | if ($type == self::ALIST) return $var; | |
74 | elseif ($type == self::LOOKUP) { | |
75 | $new = array(); | |
76 | foreach ($var as $key) { | |
77 | $new[$key] = true; | |
78 | } | |
79 | return $new; | |
80 | } else break; | |
81 | } | |
f4f0f80d AD |
82 | if ($type === self::ALIST) { |
83 | trigger_error("Array list did not have consecutive integer indexes", E_USER_WARNING); | |
84 | return array_values($var); | |
85 | } | |
f45a286b AD |
86 | if ($type === self::LOOKUP) { |
87 | foreach ($var as $key => $value) { | |
f4f0f80d AD |
88 | if ($value !== true) { |
89 | trigger_error("Lookup array has non-true value at key '$key'; maybe your input array was not indexed numerically", E_USER_WARNING); | |
90 | } | |
f45a286b AD |
91 | $var[$key] = true; |
92 | } | |
93 | } | |
94 | return $var; | |
95 | default: | |
96 | $this->errorInconsistent(__CLASS__, $type); | |
97 | } | |
98 | $this->errorGeneric($var, $type); | |
99 | } | |
100 | ||
101 | } | |
102 | ||
103 | // vim: et sw=4 sts=4 |