1: | <?php |
2: | |
3: | /** |
4: | * Validator for the components of a URI for a specific scheme |
5: | */ |
6: | abstract class HTMLPurifier_URIScheme |
7: | { |
8: | |
9: | /** |
10: | * Scheme's default port (integer). If an explicit port number is |
11: | * specified that coincides with the default port, it will be |
12: | * elided. |
13: | * @type int |
14: | */ |
15: | public $default_port = null; |
16: | |
17: | /** |
18: | * Whether or not URIs of this scheme are locatable by a browser |
19: | * http and ftp are accessible, while mailto and news are not. |
20: | * @type bool |
21: | */ |
22: | public $browsable = false; |
23: | |
24: | /** |
25: | * Whether or not data transmitted over this scheme is encrypted. |
26: | * https is secure, http is not. |
27: | * @type bool |
28: | */ |
29: | public $secure = false; |
30: | |
31: | /** |
32: | * Whether or not the URI always uses <hier_part>, resolves edge cases |
33: | * with making relative URIs absolute |
34: | * @type bool |
35: | */ |
36: | public $hierarchical = false; |
37: | |
38: | /** |
39: | * Whether or not the URI may omit a hostname when the scheme is |
40: | * explicitly specified, ala file:///path/to/file. As of writing, |
41: | * 'file' is the only scheme that browsers support his properly. |
42: | * @type bool |
43: | */ |
44: | public $may_omit_host = false; |
45: | |
46: | /** |
47: | * Validates the components of a URI for a specific scheme. |
48: | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object |
49: | * @param HTMLPurifier_Config $config |
50: | * @param HTMLPurifier_Context $context |
51: | * @return bool success or failure |
52: | */ |
53: | abstract public function doValidate(&$uri, $config, $context); |
54: | |
55: | /** |
56: | * Public interface for validating components of a URI. Performs a |
57: | * bunch of default actions. Don't overload this method. |
58: | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object |
59: | * @param HTMLPurifier_Config $config |
60: | * @param HTMLPurifier_Context $context |
61: | * @return bool success or failure |
62: | */ |
63: | public function validate(&$uri, $config, $context) |
64: | { |
65: | if ($this->default_port == $uri->port) { |
66: | $uri->port = null; |
67: | } |
68: | // kludge: browsers do funny things when the scheme but not the |
69: | // authority is set |
70: | if (!$this->may_omit_host && |
71: | // if the scheme is present, a missing host is always in error |
72: | (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) || |
73: | // if the scheme is not present, a *blank* host is in error, |
74: | // since this translates into '///path' which most browsers |
75: | // interpret as being 'http://path'. |
76: | (is_null($uri->scheme) && $uri->host === '') |
77: | ) { |
78: | do { |
79: | if (is_null($uri->scheme)) { |
80: | if (substr($uri->path, 0, 2) != '//') { |
81: | $uri->host = null; |
82: | break; |
83: | } |
84: | // URI is '////path', so we cannot nullify the |
85: | // host to preserve semantics. Try expanding the |
86: | // hostname instead (fall through) |
87: | } |
88: | // first see if we can manually insert a hostname |
89: | $host = $config->get('URI.Host'); |
90: | if (!is_null($host)) { |
91: | $uri->host = $host; |
92: | } else { |
93: | // we can't do anything sensible, reject the URL. |
94: | return false; |
95: | } |
96: | } while (false); |
97: | } |
98: | return $this->doValidate($uri, $config, $context); |
99: | } |
100: | } |
101: | |
102: | // vim: et sw=4 sts=4 |
103: |