URIScheme.php 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. <?php
  2. /**
  3. * Validator for the components of a URI for a specific scheme
  4. */
  5. abstract class HTMLPurifier_URIScheme
  6. {
  7. /**
  8. * Scheme's default port (integer). If an explicit port number is
  9. * specified that coincides with the default port, it will be
  10. * elided.
  11. * @type int
  12. */
  13. public $default_port = null;
  14. /**
  15. * Whether or not URIs of this scheme are locatable by a browser
  16. * http and ftp are accessible, while mailto and news are not.
  17. * @type bool
  18. */
  19. public $browsable = false;
  20. /**
  21. * Whether or not data transmitted over this scheme is encrypted.
  22. * https is secure, http is not.
  23. * @type bool
  24. */
  25. public $secure = false;
  26. /**
  27. * Whether or not the URI always uses <hier_part>, resolves edge cases
  28. * with making relative URIs absolute
  29. * @type bool
  30. */
  31. public $hierarchical = false;
  32. /**
  33. * Whether or not the URI may omit a hostname when the scheme is
  34. * explicitly specified, ala file:///path/to/file. As of writing,
  35. * 'file' is the only scheme that browsers support his properly.
  36. * @type bool
  37. */
  38. public $may_omit_host = false;
  39. /**
  40. * Validates the components of a URI for a specific scheme.
  41. * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
  42. * @param HTMLPurifier_Config $config
  43. * @param HTMLPurifier_Context $context
  44. * @return bool success or failure
  45. */
  46. abstract public function doValidate(&$uri, $config, $context);
  47. /**
  48. * Public interface for validating components of a URI. Performs a
  49. * bunch of default actions. Don't overload this method.
  50. * @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
  51. * @param HTMLPurifier_Config $config
  52. * @param HTMLPurifier_Context $context
  53. * @return bool success or failure
  54. */
  55. public function validate(&$uri, $config, $context)
  56. {
  57. if ($this->default_port == $uri->port) {
  58. $uri->port = null;
  59. }
  60. // kludge: browsers do funny things when the scheme but not the
  61. // authority is set
  62. if (!$this->may_omit_host &&
  63. // if the scheme is present, a missing host is always in error
  64. (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
  65. // if the scheme is not present, a *blank* host is in error,
  66. // since this translates into '///path' which most browsers
  67. // interpret as being 'http://path'.
  68. (is_null($uri->scheme) && $uri->host === '')
  69. ) {
  70. do {
  71. if (is_null($uri->scheme)) {
  72. if (substr($uri->path, 0, 2) != '//') {
  73. $uri->host = null;
  74. break;
  75. }
  76. // URI is '////path', so we cannot nullify the
  77. // host to preserve semantics. Try expanding the
  78. // hostname instead (fall through)
  79. }
  80. // first see if we can manually insert a hostname
  81. $host = $config->get('URI.Host');
  82. if (!is_null($host)) {
  83. $uri->host = $host;
  84. } else {
  85. // we can't do anything sensible, reject the URL.
  86. return false;
  87. }
  88. } while (false);
  89. }
  90. return $this->doValidate($uri, $config, $context);
  91. }
  92. }
  93. // vim: et sw=4 sts=4