1: | <?php |
2: | |
3: | /** |
4: | * Validates file as defined by RFC 1630 and RFC 1738. |
5: | */ |
6: | class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme |
7: | { |
8: | /** |
9: | * Generally file:// URLs are not accessible from most |
10: | * machines, so placing them as an img src is incorrect. |
11: | * @type bool |
12: | */ |
13: | public $browsable = false; |
14: | |
15: | /** |
16: | * Basically the *only* URI scheme for which this is true, since |
17: | * accessing files on the local machine is very common. In fact, |
18: | * browsers on some operating systems don't understand the |
19: | * authority, though I hear it is used on Windows to refer to |
20: | * network shares. |
21: | * @type bool |
22: | */ |
23: | public $may_omit_host = true; |
24: | |
25: | /** |
26: | * @param HTMLPurifier_URI $uri |
27: | * @param HTMLPurifier_Config $config |
28: | * @param HTMLPurifier_Context $context |
29: | * @return bool |
30: | */ |
31: | public function doValidate(&$uri, $config, $context) |
32: | { |
33: | // Authentication method is not supported |
34: | $uri->userinfo = null; |
35: | // file:// makes no provisions for accessing the resource |
36: | $uri->port = null; |
37: | // While it seems to work on Firefox, the querystring has |
38: | // no possible effect and is thus stripped. |
39: | $uri->query = null; |
40: | return true; |
41: | } |
42: | } |
43: | |
44: | // vim: et sw=4 sts=4 |
45: |