| 1: | <?php |
| 2: | |
| 3: | /** |
| 4: | * Validator for the components of a URI for a specific scheme |
| 5: | */ |
| 6: | abstract class HTMLPurifier_URIScheme |
| 7: | { |
| 8: | |
| 9: | /** |
| 10: | * Scheme's default port (integer). If an explicit port number is |
| 11: | * specified that coincides with the default port, it will be |
| 12: | * elided. |
| 13: | * @type int |
| 14: | */ |
| 15: | public $default_port = null; |
| 16: | |
| 17: | /** |
| 18: | * Whether or not URIs of this scheme are locatable by a browser |
| 19: | * http and ftp are accessible, while mailto and news are not. |
| 20: | * @type bool |
| 21: | */ |
| 22: | public $browsable = false; |
| 23: | |
| 24: | /** |
| 25: | * Whether or not data transmitted over this scheme is encrypted. |
| 26: | * https is secure, http is not. |
| 27: | * @type bool |
| 28: | */ |
| 29: | public $secure = false; |
| 30: | |
| 31: | /** |
| 32: | * Whether or not the URI always uses <hier_part>, resolves edge cases |
| 33: | * with making relative URIs absolute |
| 34: | * @type bool |
| 35: | */ |
| 36: | public $hierarchical = false; |
| 37: | |
| 38: | /** |
| 39: | * Whether or not the URI may omit a hostname when the scheme is |
| 40: | * explicitly specified, ala file:///path/to/file. As of writing, |
| 41: | * 'file' is the only scheme that browsers support his properly. |
| 42: | * @type bool |
| 43: | */ |
| 44: | public $may_omit_host = false; |
| 45: | |
| 46: | /** |
| 47: | * Validates the components of a URI for a specific scheme. |
| 48: | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object |
| 49: | * @param HTMLPurifier_Config $config |
| 50: | * @param HTMLPurifier_Context $context |
| 51: | * @return bool success or failure |
| 52: | */ |
| 53: | abstract public function doValidate(&$uri, $config, $context); |
| 54: | |
| 55: | /** |
| 56: | * Public interface for validating components of a URI. Performs a |
| 57: | * bunch of default actions. Don't overload this method. |
| 58: | * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object |
| 59: | * @param HTMLPurifier_Config $config |
| 60: | * @param HTMLPurifier_Context $context |
| 61: | * @return bool success or failure |
| 62: | */ |
| 63: | public function validate(&$uri, $config, $context) |
| 64: | { |
| 65: | if ($this->default_port == $uri->port) { |
| 66: | $uri->port = null; |
| 67: | } |
| 68: | // kludge: browsers do funny things when the scheme but not the |
| 69: | // authority is set |
| 70: | if (!$this->may_omit_host && |
| 71: | // if the scheme is present, a missing host is always in error |
| 72: | (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) || |
| 73: | // if the scheme is not present, a *blank* host is in error, |
| 74: | // since this translates into '///path' which most browsers |
| 75: | // interpret as being 'http://path'. |
| 76: | (is_null($uri->scheme) && $uri->host === '') |
| 77: | ) { |
| 78: | do { |
| 79: | if (is_null($uri->scheme)) { |
| 80: | if (substr($uri->path, 0, 2) != '//') { |
| 81: | $uri->host = null; |
| 82: | break; |
| 83: | } |
| 84: | // URI is '////path', so we cannot nullify the |
| 85: | // host to preserve semantics. Try expanding the |
| 86: | // hostname instead (fall through) |
| 87: | } |
| 88: | // first see if we can manually insert a hostname |
| 89: | $host = $config->get('URI.Host'); |
| 90: | if (!is_null($host)) { |
| 91: | $uri->host = $host; |
| 92: | } else { |
| 93: | // we can't do anything sensible, reject the URL. |
| 94: | return false; |
| 95: | } |
| 96: | } while (false); |
| 97: | } |
| 98: | return $this->doValidate($uri, $config, $context); |
| 99: | } |
| 100: | } |
| 101: | |
| 102: | // vim: et sw=4 sts=4 |
| 103: |