| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/**
|
|
|
4 |
* Validator for the components of a URI for a specific scheme
|
|
|
5 |
*/
|
|
|
6 |
abstract class HTMLPurifier_URIScheme
|
|
|
7 |
{
|
|
|
8 |
|
|
|
9 |
/**
|
|
|
10 |
* Scheme's default port (integer). If an explicit port number is
|
|
|
11 |
* specified that coincides with the default port, it will be
|
|
|
12 |
* elided.
|
|
|
13 |
* @type int
|
|
|
14 |
*/
|
|
|
15 |
public $default_port = null;
|
|
|
16 |
|
|
|
17 |
/**
|
|
|
18 |
* Whether or not URIs of this scheme are locatable by a browser
|
|
|
19 |
* http and ftp are accessible, while mailto and news are not.
|
|
|
20 |
* @type bool
|
|
|
21 |
*/
|
|
|
22 |
public $browsable = false;
|
|
|
23 |
|
|
|
24 |
/**
|
|
|
25 |
* Whether or not data transmitted over this scheme is encrypted.
|
|
|
26 |
* https is secure, http is not.
|
|
|
27 |
* @type bool
|
|
|
28 |
*/
|
|
|
29 |
public $secure = false;
|
|
|
30 |
|
|
|
31 |
/**
|
|
|
32 |
* Whether or not the URI always uses <hier_part>, resolves edge cases
|
|
|
33 |
* with making relative URIs absolute
|
|
|
34 |
* @type bool
|
|
|
35 |
*/
|
|
|
36 |
public $hierarchical = false;
|
|
|
37 |
|
|
|
38 |
/**
|
|
|
39 |
* Whether or not the URI may omit a hostname when the scheme is
|
|
|
40 |
* explicitly specified, ala file:///path/to/file. As of writing,
|
|
|
41 |
* 'file' is the only scheme that browsers support his properly.
|
|
|
42 |
* @type bool
|
|
|
43 |
*/
|
|
|
44 |
public $may_omit_host = false;
|
|
|
45 |
|
|
|
46 |
/**
|
|
|
47 |
* Validates the components of a URI for a specific scheme.
|
|
|
48 |
* @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
|
|
|
49 |
* @param HTMLPurifier_Config $config
|
|
|
50 |
* @param HTMLPurifier_Context $context
|
|
|
51 |
* @return bool success or failure
|
|
|
52 |
*/
|
|
|
53 |
abstract public function doValidate(&$uri, $config, $context);
|
|
|
54 |
|
|
|
55 |
/**
|
|
|
56 |
* Public interface for validating components of a URI. Performs a
|
|
|
57 |
* bunch of default actions. Don't overload this method.
|
|
|
58 |
* @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
|
|
|
59 |
* @param HTMLPurifier_Config $config
|
|
|
60 |
* @param HTMLPurifier_Context $context
|
|
|
61 |
* @return bool success or failure
|
|
|
62 |
*/
|
|
|
63 |
public function validate(&$uri, $config, $context)
|
|
|
64 |
{
|
|
|
65 |
if ($this->default_port == $uri->port) {
|
|
|
66 |
$uri->port = null;
|
|
|
67 |
}
|
|
|
68 |
// kludge: browsers do funny things when the scheme but not the
|
|
|
69 |
// authority is set
|
|
|
70 |
if (!$this->may_omit_host &&
|
|
|
71 |
// if the scheme is present, a missing host is always in error
|
|
|
72 |
(!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
|
|
|
73 |
// if the scheme is not present, a *blank* host is in error,
|
|
|
74 |
// since this translates into '///path' which most browsers
|
|
|
75 |
// interpret as being 'http://path'.
|
|
|
76 |
(is_null($uri->scheme) && $uri->host === '')
|
|
|
77 |
) {
|
|
|
78 |
do {
|
|
|
79 |
if (is_null($uri->scheme)) {
|
|
|
80 |
if (substr($uri->path, 0, 2) != '//') {
|
|
|
81 |
$uri->host = null;
|
|
|
82 |
break;
|
|
|
83 |
}
|
|
|
84 |
// URI is '////path', so we cannot nullify the
|
|
|
85 |
// host to preserve semantics. Try expanding the
|
|
|
86 |
// hostname instead (fall through)
|
|
|
87 |
}
|
|
|
88 |
// first see if we can manually insert a hostname
|
|
|
89 |
$host = $config->get('URI.Host');
|
|
|
90 |
if (!is_null($host)) {
|
|
|
91 |
$uri->host = $host;
|
|
|
92 |
} else {
|
|
|
93 |
// we can't do anything sensible, reject the URL.
|
|
|
94 |
return false;
|
|
|
95 |
}
|
|
|
96 |
} while (false);
|
|
|
97 |
}
|
|
|
98 |
return $this->doValidate($uri, $config, $context);
|
|
|
99 |
}
|
|
|
100 |
}
|
|
|
101 |
|
|
|
102 |
// vim: et sw=4 sts=4
|