| 1: | <?php |
| 2: | |
| 3: | /** |
| 4: | * Validates file as defined by RFC 1630 and RFC 1738. |
| 5: | */ |
| 6: | class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme |
| 7: | { |
| 8: | /** |
| 9: | * Generally file:// URLs are not accessible from most |
| 10: | * machines, so placing them as an img src is incorrect. |
| 11: | * @type bool |
| 12: | */ |
| 13: | public $browsable = false; |
| 14: | |
| 15: | /** |
| 16: | * Basically the *only* URI scheme for which this is true, since |
| 17: | * accessing files on the local machine is very common. In fact, |
| 18: | * browsers on some operating systems don't understand the |
| 19: | * authority, though I hear it is used on Windows to refer to |
| 20: | * network shares. |
| 21: | * @type bool |
| 22: | */ |
| 23: | public $may_omit_host = true; |
| 24: | |
| 25: | /** |
| 26: | * @param HTMLPurifier_URI $uri |
| 27: | * @param HTMLPurifier_Config $config |
| 28: | * @param HTMLPurifier_Context $context |
| 29: | * @return bool |
| 30: | */ |
| 31: | public function doValidate(&$uri, $config, $context) |
| 32: | { |
| 33: | // Authentication method is not supported |
| 34: | $uri->userinfo = null; |
| 35: | // file:// makes no provisions for accessing the resource |
| 36: | $uri->port = null; |
| 37: | // While it seems to work on Firefox, the querystring has |
| 38: | // no possible effect and is thus stripped. |
| 39: | $uri->query = null; |
| 40: | return true; |
| 41: | } |
| 42: | } |
| 43: | |
| 44: | // vim: et sw=4 sts=4 |
| 45: |