| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/**
|
|
|
4 |
* Validates file as defined by RFC 1630 and RFC 1738.
|
|
|
5 |
*/
|
|
|
6 |
class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
|
|
|
7 |
{
|
|
|
8 |
/**
|
|
|
9 |
* Generally file:// URLs are not accessible from most
|
|
|
10 |
* machines, so placing them as an img src is incorrect.
|
|
|
11 |
* @type bool
|
|
|
12 |
*/
|
|
|
13 |
public $browsable = false;
|
|
|
14 |
|
|
|
15 |
/**
|
|
|
16 |
* Basically the *only* URI scheme for which this is true, since
|
|
|
17 |
* accessing files on the local machine is very common. In fact,
|
|
|
18 |
* browsers on some operating systems don't understand the
|
|
|
19 |
* authority, though I hear it is used on Windows to refer to
|
|
|
20 |
* network shares.
|
|
|
21 |
* @type bool
|
|
|
22 |
*/
|
|
|
23 |
public $may_omit_host = true;
|
|
|
24 |
|
|
|
25 |
/**
|
|
|
26 |
* @param HTMLPurifier_URI $uri
|
|
|
27 |
* @param HTMLPurifier_Config $config
|
|
|
28 |
* @param HTMLPurifier_Context $context
|
|
|
29 |
* @return bool
|
|
|
30 |
*/
|
|
|
31 |
public function doValidate(&$uri, $config, $context)
|
|
|
32 |
{
|
|
|
33 |
// Authentication method is not supported
|
|
|
34 |
$uri->userinfo = null;
|
|
|
35 |
// file:// makes no provisions for accessing the resource
|
|
|
36 |
$uri->port = null;
|
|
|
37 |
// While it seems to work on Firefox, the querystring has
|
|
|
38 |
// no possible effect and is thus stripped.
|
|
|
39 |
$uri->query = null;
|
|
|
40 |
return true;
|
|
|
41 |
}
|
|
|
42 |
}
|
|
|
43 |
|
|
|
44 |
// vim: et sw=4 sts=4
|