1: | <?php
|
2: |
|
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: |
|
11: | class HTMLPurifier_URI
|
12: | {
|
13: | |
14: | |
15: |
|
16: | public $scheme;
|
17: |
|
18: | |
19: | |
20: |
|
21: | public $userinfo;
|
22: |
|
23: | |
24: | |
25: |
|
26: | public $host;
|
27: |
|
28: | |
29: | |
30: |
|
31: | public $port;
|
32: |
|
33: | |
34: | |
35: |
|
36: | public $path;
|
37: |
|
38: | |
39: | |
40: |
|
41: | public $query;
|
42: |
|
43: | |
44: | |
45: |
|
46: | public $fragment;
|
47: |
|
48: | |
49: | |
50: | |
51: | |
52: | |
53: | |
54: | |
55: | |
56: | |
57: |
|
58: | public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
|
59: | {
|
60: | $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
|
61: | $this->userinfo = $userinfo;
|
62: | $this->host = $host;
|
63: | $this->port = is_null($port) ? $port : (int)$port;
|
64: | $this->path = $path;
|
65: | $this->query = $query;
|
66: | $this->fragment = $fragment;
|
67: | }
|
68: |
|
69: | |
70: | |
71: | |
72: | |
73: | |
74: |
|
75: | public function getSchemeObj($config, $context)
|
76: | {
|
77: | $registry = HTMLPurifier_URISchemeRegistry::instance();
|
78: | if ($this->scheme !== null) {
|
79: | $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
|
80: | if (!$scheme_obj) {
|
81: | return false;
|
82: | }
|
83: | } else {
|
84: |
|
85: | $def = $config->getDefinition('URI');
|
86: | $scheme_obj = $def->getDefaultScheme($config, $context);
|
87: | if (!$scheme_obj) {
|
88: | if ($def->defaultScheme !== null) {
|
89: |
|
90: | trigger_error(
|
91: | 'Default scheme object "' . $def->defaultScheme . '" was not readable',
|
92: | E_USER_WARNING
|
93: | );
|
94: | }
|
95: | return false;
|
96: | }
|
97: | }
|
98: | return $scheme_obj;
|
99: | }
|
100: |
|
101: | |
102: | |
103: | |
104: | |
105: | |
106: | |
107: |
|
108: | public function validate($config, $context)
|
109: | {
|
110: |
|
111: | $chars_sub_delims = '!$&\'()*+,;=';
|
112: | $chars_gen_delims = ':/?#[]@';
|
113: | $chars_pchar = $chars_sub_delims . ':@';
|
114: |
|
115: |
|
116: | if (!is_null($this->host)) {
|
117: | $host_def = new HTMLPurifier_AttrDef_URI_Host();
|
118: | $this->host = $host_def->validate($this->host, $config, $context);
|
119: | if ($this->host === false) {
|
120: | $this->host = null;
|
121: | }
|
122: | }
|
123: |
|
124: |
|
125: |
|
126: |
|
127: |
|
128: |
|
129: |
|
130: | if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
|
131: |
|
132: |
|
133: | $def = $config->getDefinition('URI');
|
134: | if ($def->defaultScheme === $this->scheme) {
|
135: | $this->scheme = null;
|
136: | }
|
137: | }
|
138: |
|
139: |
|
140: | if (!is_null($this->userinfo)) {
|
141: | $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
|
142: | $this->userinfo = $encoder->encode($this->userinfo);
|
143: | }
|
144: |
|
145: |
|
146: | if (!is_null($this->port)) {
|
147: | if ($this->port < 1 || $this->port > 65535) {
|
148: | $this->port = null;
|
149: | }
|
150: | }
|
151: |
|
152: |
|
153: | $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
|
154: | if (!is_null($this->host)) {
|
155: |
|
156: |
|
157: |
|
158: |
|
159: |
|
160: |
|
161: |
|
162: |
|
163: | $this->path = $segments_encoder->encode($this->path);
|
164: | } elseif ($this->path !== '') {
|
165: | if ($this->path[0] === '/') {
|
166: |
|
167: |
|
168: |
|
169: | if (strlen($this->path) >= 2 && $this->path[1] === '/') {
|
170: |
|
171: |
|
172: |
|
173: |
|
174: | $this->path = '';
|
175: | } else {
|
176: | $this->path = $segments_encoder->encode($this->path);
|
177: | }
|
178: | } elseif (!is_null($this->scheme)) {
|
179: |
|
180: |
|
181: |
|
182: | $this->path = $segments_encoder->encode($this->path);
|
183: | } else {
|
184: |
|
185: |
|
186: |
|
187: | $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
|
188: | $c = strpos($this->path, '/');
|
189: | if ($c !== false) {
|
190: | $this->path =
|
191: | $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
|
192: | $segments_encoder->encode(substr($this->path, $c));
|
193: | } else {
|
194: | $this->path = $segment_nc_encoder->encode($this->path);
|
195: | }
|
196: | }
|
197: | } else {
|
198: |
|
199: | $this->path = '';
|
200: | }
|
201: |
|
202: |
|
203: | $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
|
204: |
|
205: | if (!is_null($this->query)) {
|
206: | $this->query = $qf_encoder->encode($this->query);
|
207: | }
|
208: |
|
209: | if (!is_null($this->fragment)) {
|
210: | $this->fragment = $qf_encoder->encode($this->fragment);
|
211: | }
|
212: | return true;
|
213: | }
|
214: |
|
215: | |
216: | |
217: | |
218: |
|
219: | public function toString()
|
220: | {
|
221: |
|
222: | $authority = null;
|
223: |
|
224: |
|
225: |
|
226: | if (!is_null($this->host)) {
|
227: | $authority = '';
|
228: | if (!is_null($this->userinfo)) {
|
229: | $authority .= $this->userinfo . '@';
|
230: | }
|
231: | $authority .= $this->host;
|
232: | if (!is_null($this->port)) {
|
233: | $authority .= ':' . $this->port;
|
234: | }
|
235: | }
|
236: |
|
237: |
|
238: |
|
239: |
|
240: |
|
241: |
|
242: |
|
243: | $result = '';
|
244: | if (!is_null($this->scheme)) {
|
245: | $result .= $this->scheme . ':';
|
246: | }
|
247: | if (!is_null($authority)) {
|
248: | $result .= '//' . $authority;
|
249: | }
|
250: | $result .= $this->path;
|
251: | if (!is_null($this->query)) {
|
252: | $result .= '?' . $this->query;
|
253: | }
|
254: | if (!is_null($this->fragment)) {
|
255: | $result .= '#' . $this->fragment;
|
256: | }
|
257: |
|
258: | return $result;
|
259: | }
|
260: |
|
261: | |
262: | |
263: | |
264: | |
265: | |
266: | |
267: | |
268: | |
269: | |
270: | |
271: | |
272: |
|
273: | public function isLocal($config, $context)
|
274: | {
|
275: | if ($this->host === null) {
|
276: | return true;
|
277: | }
|
278: | $uri_def = $config->getDefinition('URI');
|
279: | if ($uri_def->host === $this->host) {
|
280: | return true;
|
281: | }
|
282: | return false;
|
283: | }
|
284: |
|
285: | |
286: | |
287: | |
288: | |
289: | |
290: | |
291: | |
292: | |
293: | |
294: |
|
295: | public function isBenign($config, $context)
|
296: | {
|
297: | if (!$this->isLocal($config, $context)) {
|
298: | return false;
|
299: | }
|
300: |
|
301: | $scheme_obj = $this->getSchemeObj($config, $context);
|
302: | if (!$scheme_obj) {
|
303: | return false;
|
304: | }
|
305: |
|
306: | $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
|
307: | if ($current_scheme_obj->secure) {
|
308: | if (!$scheme_obj->secure) {
|
309: | return false;
|
310: | }
|
311: | }
|
312: | return true;
|
313: | }
|
314: | }
|
315: |
|
316: |
|
317: | |