]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | /** | |
4 | * Validator for the components of a URI for a specific scheme | |
5 | */ | |
6 | abstract class HTMLPurifier_URIScheme | |
7 | { | |
8 | ||
9 | /** | |
10 | * Scheme's default port (integer). If an explicit port number is | |
11 | * specified that coincides with the default port, it will be | |
12 | * elided. | |
13 | */ | |
14 | public $default_port = null; | |
15 | ||
16 | /** | |
17 | * Whether or not URIs of this schem are locatable by a browser | |
18 | * http and ftp are accessible, while mailto and news are not. | |
19 | */ | |
20 | public $browsable = false; | |
21 | ||
22 | /** | |
23 | * Whether or not the URI always uses <hier_part>, resolves edge cases | |
24 | * with making relative URIs absolute | |
25 | */ | |
26 | public $hierarchical = false; | |
27 | ||
28 | /** | |
29 | * Whether or not the URI may omit a hostname when the scheme is | |
30 | * explicitly specified, ala file:///path/to/file. As of writing, | |
31 | * 'file' is the only scheme that browsers support his properly. | |
32 | */ | |
33 | public $may_omit_host = false; | |
34 | ||
35 | /** | |
36 | * Validates the components of a URI for a specific scheme. | |
37 | * @param $uri Reference to a HTMLPurifier_URI object | |
38 | * @param $config HTMLPurifier_Config object | |
39 | * @param $context HTMLPurifier_Context object | |
40 | * @return Bool success or failure | |
41 | */ | |
42 | public abstract function doValidate(&$uri, $config, $context); | |
43 | ||
44 | /** | |
45 | * Public interface for validating components of a URI. Performs a | |
46 | * bunch of default actions. Don't overload this method. | |
47 | * @param $uri Reference to a HTMLPurifier_URI object | |
48 | * @param $config HTMLPurifier_Config object | |
49 | * @param $context HTMLPurifier_Context object | |
50 | * @return Bool success or failure | |
51 | */ | |
52 | public function validate(&$uri, $config, $context) { | |
53 | if ($this->default_port == $uri->port) $uri->port = null; | |
54 | // kludge: browsers do funny things when the scheme but not the | |
55 | // authority is set | |
56 | if (!$this->may_omit_host && | |
57 | // if the scheme is present, a missing host is always in error | |
58 | (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) || | |
59 | // if the scheme is not present, a *blank* host is in error, | |
60 | // since this translates into '///path' which most browsers | |
61 | // interpret as being 'http://path'. | |
62 | (is_null($uri->scheme) && $uri->host === '') | |
63 | ) { | |
64 | do { | |
65 | if (is_null($uri->scheme)) { | |
66 | if (substr($uri->path, 0, 2) != '//') { | |
67 | $uri->host = null; | |
68 | break; | |
69 | } | |
70 | // URI is '////path', so we cannot nullify the | |
71 | // host to preserve semantics. Try expanding the | |
72 | // hostname instead (fall through) | |
73 | } | |
74 | // first see if we can manually insert a hostname | |
75 | $host = $config->get('URI.Host'); | |
76 | if (!is_null($host)) { | |
77 | $uri->host = $host; | |
78 | } else { | |
79 | // we can't do anything sensible, reject the URL. | |
80 | return false; | |
81 | } | |
82 | } while (false); | |
83 | } | |
84 | return $this->doValidate($uri, $config, $context); | |
85 | } | |
86 | ||
87 | } | |
88 | ||
89 | // vim: et sw=4 sts=4 |