Namespaces

Classes

Interfaces

Exceptions

Functions

1: <?php
2:
3: /**
4: * HTML Purifier's internal representation of a URI.
5: * @note
6: * Internal data-structures are completely escaped. If the data needs
7: * to be used in a non-URI context (which is very unlikely), be sure
8: * to decode it first. The URI may not necessarily be well-formed until
9: * validate() is called.
10: */
11: class HTMLPurifier_URI
12: {
13: /**
14: * @type string
15: */
16: public $scheme;
17:
18: /**
19: * @type string
20: */
21: public $userinfo;
22:
23: /**
24: * @type string
25: */
26: public $host;
27:
28: /**
29: * @type int
30: */
31: public $port;
32:
33: /**
34: * @type string
35: */
36: public $path;
37:
38: /**
39: * @type string
40: */
41: public $query;
42:
43: /**
44: * @type string
45: */
46: public $fragment;
47:
48: /**
49: * @param string $scheme
50: * @param string $userinfo
51: * @param string $host
52: * @param int $port
53: * @param string $path
54: * @param string $query
55: * @param string $fragment
56: * @note Automatically normalizes scheme and port
57: */
58: public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
59: {
60: $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
61: $this->userinfo = $userinfo;
62: $this->host = $host;
63: $this->port = is_null($port) ? $port : (int)$port;
64: $this->path = $path;
65: $this->query = $query;
66: $this->fragment = $fragment;
67: }
68:
69: /**
70: * Retrieves a scheme object corresponding to the URI's scheme/default
71: * @param HTMLPurifier_Config $config
72: * @param HTMLPurifier_Context $context
73: * @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
74: */
75: public function getSchemeObj($config, $context)
76: {
77: $registry = HTMLPurifier_URISchemeRegistry::instance();
78: if ($this->scheme !== null) {
79: $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80: if (!$scheme_obj) {
81: return false;
82: } // invalid scheme, clean it out
83: } else {
84: // no scheme: retrieve the default one
85: $def = $config->getDefinition('URI');
86: $scheme_obj = $def->getDefaultScheme($config, $context);
87: if (!$scheme_obj) {
88: if ($def->defaultScheme !== null) {
89: // something funky happened to the default scheme object
90: trigger_error(
91: 'Default scheme object "' . $def->defaultScheme . '" was not readable',
92: E_USER_WARNING
93: );
94: } // suppress error if it's null
95: return false;
96: }
97: }
98: return $scheme_obj;
99: }
100:
101: /**
102: * Generic validation method applicable for all schemes. May modify
103: * this URI in order to get it into a compliant form.
104: * @param HTMLPurifier_Config $config
105: * @param HTMLPurifier_Context $context
106: * @return bool True if validation/filtering succeeds, false if failure
107: */
108: public function validate($config, $context)
109: {
110: // ABNF definitions from RFC 3986
111: $chars_sub_delims = '!$&\'()*+,;=';
112: $chars_gen_delims = ':/?#[]@';
113: $chars_pchar = $chars_sub_delims . ':@';
114:
115: // validate host
116: if (!is_null($this->host)) {
117: $host_def = new HTMLPurifier_AttrDef_URI_Host();
118: $this->host = $host_def->validate($this->host, $config, $context);
119: if ($this->host === false) {
120: $this->host = null;
121: }
122: }
123:
124: // validate scheme
125: // NOTE: It's not appropriate to check whether or not this
126: // scheme is in our registry, since a URIFilter may convert a
127: // URI that we don't allow into one we do. So instead, we just
128: // check if the scheme can be dropped because there is no host
129: // and it is our default scheme.
130: if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
131: // support for relative paths is pretty abysmal when the
132: // scheme is present, so axe it when possible
133: $def = $config->getDefinition('URI');
134: if ($def->defaultScheme === $this->scheme) {
135: $this->scheme = null;
136: }
137: }
138:
139: // validate username
140: if (!is_null($this->userinfo)) {
141: $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
142: $this->userinfo = $encoder->encode($this->userinfo);
143: }
144:
145: // validate port
146: if (!is_null($this->port)) {
147: if ($this->port < 1 || $this->port > 65535) {
148: $this->port = null;
149: }
150: }
151:
152: // validate path
153: $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
154: if (!is_null($this->host)) { // this catches $this->host === ''
155: // path-abempty (hier and relative)
156: // http://www.example.com/my/path
157: // //www.example.com/my/path (looks odd, but works, and
158: // recognized by most browsers)
159: // (this set is valid or invalid on a scheme by scheme
160: // basis, so we'll deal with it later)
161: // file:///my/path
162: // ///my/path
163: $this->path = $segments_encoder->encode($this->path);
164: } elseif ($this->path !== '') {
165: if ($this->path[0] === '/') {
166: // path-absolute (hier and relative)
167: // http:/my/path
168: // /my/path
169: if (strlen($this->path) >= 2 && $this->path[1] === '/') {
170: // This could happen if both the host gets stripped
171: // out
172: // http://my/path
173: // //my/path
174: $this->path = '';
175: } else {
176: $this->path = $segments_encoder->encode($this->path);
177: }
178: } elseif (!is_null($this->scheme)) {
179: // path-rootless (hier)
180: // http:my/path
181: // Short circuit evaluation means we don't need to check nz
182: $this->path = $segments_encoder->encode($this->path);
183: } else {
184: // path-noscheme (relative)
185: // my/path
186: // (once again, not checking nz)
187: $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
188: $c = strpos($this->path, '/');
189: if ($c !== false) {
190: $this->path =
191: $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
192: $segments_encoder->encode(substr($this->path, $c));
193: } else {
194: $this->path = $segment_nc_encoder->encode($this->path);
195: }
196: }
197: } else {
198: // path-empty (hier and relative)
199: $this->path = ''; // just to be safe
200: }
201:
202: // qf = query and fragment
203: $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
204:
205: if (!is_null($this->query)) {
206: $this->query = $qf_encoder->encode($this->query);
207: }
208:
209: if (!is_null($this->fragment)) {
210: $this->fragment = $qf_encoder->encode($this->fragment);
211: }
212: return true;
213: }
214:
215: /**
216: * Convert URI back to string
217: * @return string URI appropriate for output
218: */
219: public function toString()
220: {
221: // reconstruct authority
222: $authority = null;
223: // there is a rendering difference between a null authority
224: // (http:foo-bar) and an empty string authority
225: // (http:///foo-bar).
226: if (!is_null($this->host)) {
227: $authority = '';
228: if (!is_null($this->userinfo)) {
229: $authority .= $this->userinfo . '@';
230: }
231: $authority .= $this->host;
232: if (!is_null($this->port)) {
233: $authority .= ':' . $this->port;
234: }
235: }
236:
237: // Reconstruct the result
238: // One might wonder about parsing quirks from browsers after
239: // this reconstruction. Unfortunately, parsing behavior depends
240: // on what *scheme* was employed (file:///foo is handled *very*
241: // differently than http:///foo), so unfortunately we have to
242: // defer to the schemes to do the right thing.
243: $result = '';
244: if (!is_null($this->scheme)) {
245: $result .= $this->scheme . ':';
246: }
247: if (!is_null($authority)) {
248: $result .= '//' . $authority;
249: }
250: $result .= $this->path;
251: if (!is_null($this->query)) {
252: $result .= '?' . $this->query;
253: }
254: if (!is_null($this->fragment)) {
255: $result .= '#' . $this->fragment;
256: }
257:
258: return $result;
259: }
260:
261: /**
262: * Returns true if this URL might be considered a 'local' URL given
263: * the current context. This is true when the host is null, or
264: * when it matches the host supplied to the configuration.
265: *
266: * Note that this does not do any scheme checking, so it is mostly
267: * only appropriate for metadata that doesn't care about protocol
268: * security. isBenign is probably what you actually want.
269: * @param HTMLPurifier_Config $config
270: * @param HTMLPurifier_Context $context
271: * @return bool
272: */
273: public function isLocal($config, $context)
274: {
275: if ($this->host === null) {
276: return true;
277: }
278: $uri_def = $config->getDefinition('URI');
279: if ($uri_def->host === $this->host) {
280: return true;
281: }
282: return false;
283: }
284:
285: /**
286: * Returns true if this URL should be considered a 'benign' URL,
287: * that is:
288: *
289: * - It is a local URL (isLocal), and
290: * - It has a equal or better level of security
291: * @param HTMLPurifier_Config $config
292: * @param HTMLPurifier_Context $context
293: * @return bool
294: */
295: public function isBenign($config, $context)
296: {
297: if (!$this->isLocal($config, $context)) {
298: return false;
299: }
300:
301: $scheme_obj = $this->getSchemeObj($config, $context);
302: if (!$scheme_obj) {
303: return false;
304: } // conservative approach
305:
306: $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
307: if ($current_scheme_obj->secure) {
308: if (!$scheme_obj->secure) {
309: return false;
310: }
311: }
312: return true;
313: }
314: }
315:
316: // vim: et sw=4 sts=4
317:
API documentation generated by ApiGen v7.0.0-alpha.6