1: | <?php
|
2: |
|
3: | |
4: | |
5: |
|
6: | class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
|
7: | {
|
8: | |
9: | |
10: |
|
11: | public $browsable = true;
|
12: |
|
13: | |
14: | |
15: |
|
16: | public $allowed_types = array(
|
17: |
|
18: |
|
19: | 'image/jpeg' => true,
|
20: | 'image/gif' => true,
|
21: | 'image/png' => true,
|
22: | );
|
23: |
|
24: |
|
25: | |
26: | |
27: |
|
28: | public $may_omit_host = true;
|
29: |
|
30: | |
31: | |
32: | |
33: | |
34: | |
35: |
|
36: | public function doValidate(&$uri, $config, $context)
|
37: | {
|
38: | $result = explode(',', $uri->path, 2);
|
39: | $is_base64 = false;
|
40: | $charset = null;
|
41: | $content_type = null;
|
42: | if (count($result) == 2) {
|
43: | list($metadata, $data) = $result;
|
44: |
|
45: | $metas = explode(';', $metadata);
|
46: | while (!empty($metas)) {
|
47: | $cur = array_shift($metas);
|
48: | if ($cur == 'base64') {
|
49: | $is_base64 = true;
|
50: | break;
|
51: | }
|
52: | if (substr($cur, 0, 8) == 'charset=') {
|
53: |
|
54: |
|
55: | if ($charset !== null) {
|
56: | continue;
|
57: | }
|
58: | $charset = substr($cur, 8);
|
59: | } else {
|
60: | if ($content_type !== null) {
|
61: | continue;
|
62: | }
|
63: | $content_type = $cur;
|
64: | }
|
65: | }
|
66: | } else {
|
67: | $data = $result[0];
|
68: | }
|
69: | if ($content_type !== null && empty($this->allowed_types[$content_type])) {
|
70: | return false;
|
71: | }
|
72: | if ($charset !== null) {
|
73: |
|
74: | $charset = null;
|
75: | }
|
76: | $data = rawurldecode($data);
|
77: | if ($is_base64) {
|
78: | $raw_data = base64_decode($data);
|
79: | } else {
|
80: | $raw_data = $data;
|
81: | }
|
82: | if ( strlen($raw_data) < 12 ) {
|
83: |
|
84: |
|
85: | return false;
|
86: | }
|
87: |
|
88: |
|
89: | if (function_exists('sys_get_temp_dir')) {
|
90: | $file = tempnam(sys_get_temp_dir(), "");
|
91: | } else {
|
92: | $file = tempnam("/tmp", "");
|
93: | }
|
94: | file_put_contents($file, $raw_data);
|
95: | if (function_exists('exif_imagetype')) {
|
96: | $image_code = exif_imagetype($file);
|
97: | unlink($file);
|
98: | } elseif (function_exists('getimagesize')) {
|
99: | set_error_handler(array($this, 'muteErrorHandler'));
|
100: | $info = getimagesize($file);
|
101: | restore_error_handler();
|
102: | unlink($file);
|
103: | if ($info == false) {
|
104: | return false;
|
105: | }
|
106: | $image_code = $info[2];
|
107: | } else {
|
108: | trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR);
|
109: | }
|
110: | $real_content_type = image_type_to_mime_type($image_code);
|
111: | if ($real_content_type != $content_type) {
|
112: |
|
113: |
|
114: | if (empty($this->allowed_types[$real_content_type])) {
|
115: | return false;
|
116: | }
|
117: | $content_type = $real_content_type;
|
118: | }
|
119: |
|
120: | $uri->userinfo = null;
|
121: | $uri->host = null;
|
122: | $uri->port = null;
|
123: | $uri->fragment = null;
|
124: | $uri->query = null;
|
125: | $uri->path = "$content_type;base64," . base64_encode($raw_data);
|
126: | return true;
|
127: | }
|
128: |
|
129: | |
130: | |
131: | |
132: |
|
133: | public function muteErrorHandler($errno, $errstr)
|
134: | {
|
135: | }
|
136: | }
|
137: | |