1: | <?php
|
2: |
|
3: | class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
|
4: | {
|
5: | |
6: | |
7: |
|
8: | public $name = 'Munge';
|
9: |
|
10: | |
11: | |
12: |
|
13: | public $post = true;
|
14: |
|
15: | |
16: | |
17: |
|
18: | private $target;
|
19: |
|
20: | |
21: | |
22: |
|
23: | private $parser;
|
24: |
|
25: | |
26: | |
27: |
|
28: | private $doEmbed;
|
29: |
|
30: | |
31: | |
32: |
|
33: | private $secretKey;
|
34: |
|
35: | |
36: | |
37: |
|
38: | protected $replace = array();
|
39: |
|
40: | |
41: | |
42: | |
43: |
|
44: | public function prepare($config)
|
45: | {
|
46: | $this->target = $config->get('URI.' . $this->name);
|
47: | $this->parser = new HTMLPurifier_URIParser();
|
48: | $this->doEmbed = $config->get('URI.MungeResources');
|
49: | $this->secretKey = $config->get('URI.MungeSecretKey');
|
50: | if ($this->secretKey && !function_exists('hash_hmac')) {
|
51: | throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
|
52: | }
|
53: | return true;
|
54: | }
|
55: |
|
56: | |
57: | |
58: | |
59: | |
60: | |
61: |
|
62: | public function filter(&$uri, $config, $context)
|
63: | {
|
64: | if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
|
65: | return true;
|
66: | }
|
67: |
|
68: | $scheme_obj = $uri->getSchemeObj($config, $context);
|
69: | if (!$scheme_obj) {
|
70: | return true;
|
71: | }
|
72: | if (!$scheme_obj->browsable) {
|
73: | return true;
|
74: | }
|
75: | if ($uri->isBenign($config, $context)) {
|
76: | return true;
|
77: | }
|
78: |
|
79: | $this->makeReplace($uri, $config, $context);
|
80: | $this->replace = array_map('rawurlencode', $this->replace);
|
81: |
|
82: | $new_uri = strtr($this->target, $this->replace);
|
83: | $new_uri = $this->parser->parse($new_uri);
|
84: |
|
85: |
|
86: | if ($uri->host === $new_uri->host) {
|
87: | return true;
|
88: | }
|
89: | $uri = $new_uri;
|
90: | return true;
|
91: | }
|
92: |
|
93: | |
94: | |
95: | |
96: | |
97: |
|
98: | protected function makeReplace($uri, $config, $context)
|
99: | {
|
100: | $string = $uri->toString();
|
101: |
|
102: | $this->replace['%s'] = $string;
|
103: | $this->replace['%r'] = $context->get('EmbeddedURI', true) ?: '';
|
104: | $token = $context->get('CurrentToken', true) ?: '';
|
105: | $this->replace['%n'] = $token ? $token->name : '';
|
106: | $this->replace['%m'] = $context->get('CurrentAttr', true) ?: '';
|
107: | $this->replace['%p'] = $context->get('CurrentCSSProperty', true) ?: '';
|
108: |
|
109: | if ($this->secretKey) {
|
110: | $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
|
111: | }
|
112: | }
|
113: | }
|
114: |
|
115: |
|
116: | |