| 1: | <?php |
| 2: | |
| 3: | /** |
| 4: | * Validates contents based on NMTOKENS attribute type. |
| 5: | */ |
| 6: | class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef |
| 7: | { |
| 8: | |
| 9: | /** |
| 10: | * @param string $string |
| 11: | * @param HTMLPurifier_Config $config |
| 12: | * @param HTMLPurifier_Context $context |
| 13: | * @return bool|string |
| 14: | */ |
| 15: | public function validate($string, $config, $context) |
| 16: | { |
| 17: | $string = trim($string); |
| 18: | |
| 19: | // early abort: '' and '0' (strings that convert to false) are invalid |
| 20: | if (!$string) { |
| 21: | return false; |
| 22: | } |
| 23: | |
| 24: | $tokens = $this->split($string, $config, $context); |
| 25: | $tokens = $this->filter($tokens, $config, $context); |
| 26: | if (empty($tokens)) { |
| 27: | return false; |
| 28: | } |
| 29: | return implode(' ', $tokens); |
| 30: | } |
| 31: | |
| 32: | /** |
| 33: | * Splits a space separated list of tokens into its constituent parts. |
| 34: | * @param string $string |
| 35: | * @param HTMLPurifier_Config $config |
| 36: | * @param HTMLPurifier_Context $context |
| 37: | * @return array |
| 38: | */ |
| 39: | protected function split($string, $config, $context) |
| 40: | { |
| 41: | // OPTIMIZABLE! |
| 42: | // do the preg_match, capture all subpatterns for reformulation |
| 43: | |
| 44: | // we don't support U+00A1 and up codepoints or |
| 45: | // escaping because I don't know how to do that with regexps |
| 46: | // and plus it would complicate optimization efforts (you never |
| 47: | // see that anyway). |
| 48: | $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start |
| 49: | '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' . |
| 50: | '(?:(?=\s)|\z)/'; // look ahead for space or string end |
| 51: | preg_match_all($pattern, $string, $matches); |
| 52: | return $matches[1]; |
| 53: | } |
| 54: | |
| 55: | /** |
| 56: | * Template method for removing certain tokens based on arbitrary criteria. |
| 57: | * @note If we wanted to be really functional, we'd do an array_filter |
| 58: | * with a callback. But... we're not. |
| 59: | * @param array $tokens |
| 60: | * @param HTMLPurifier_Config $config |
| 61: | * @param HTMLPurifier_Context $context |
| 62: | * @return array |
| 63: | */ |
| 64: | protected function filter($tokens, $config, $context) |
| 65: | { |
| 66: | return $tokens; |
| 67: | } |
| 68: | } |
| 69: | |
| 70: | // vim: et sw=4 sts=4 |
| 71: |