HTMLPurifier 4.4.0
/home/ezyang/Dev/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
Go to the documentation of this file.
00001 <?php
00002 
00007 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
00008 {
00009 
00010     protected $parser;
00011     protected $embedsResource;
00012 
00016     public function __construct($embeds_resource = false) {
00017         $this->parser = new HTMLPurifier_URIParser();
00018         $this->embedsResource = (bool) $embeds_resource;
00019     }
00020 
00021     public function make($string) {
00022         $embeds = ($string === 'embedded');
00023         return new HTMLPurifier_AttrDef_URI($embeds);
00024     }
00025 
00026     public function validate($uri, $config, $context) {
00027 
00028         if ($config->get('URI.Disable')) return false;
00029 
00030         $uri = $this->parseCDATA($uri);
00031 
00032         // parse the URI
00033         $uri = $this->parser->parse($uri);
00034         if ($uri === false) return false;
00035 
00036         // add embedded flag to context for validators
00037         $context->register('EmbeddedURI', $this->embedsResource);
00038 
00039         $ok = false;
00040         do {
00041 
00042             // generic validation
00043             $result = $uri->validate($config, $context);
00044             if (!$result) break;
00045 
00046             // chained filtering
00047             $uri_def = $config->getDefinition('URI');
00048             $result = $uri_def->filter($uri, $config, $context);
00049             if (!$result) break;
00050 
00051             // scheme-specific validation
00052             $scheme_obj = $uri->getSchemeObj($config, $context);
00053             if (!$scheme_obj) break;
00054             if ($this->embedsResource && !$scheme_obj->browsable) break;
00055             $result = $scheme_obj->validate($uri, $config, $context);
00056             if (!$result) break;
00057 
00058             // Post chained filtering
00059             $result = $uri_def->postFilter($uri, $config, $context);
00060             if (!$result) break;
00061 
00062             // survived gauntlet
00063             $ok = true;
00064 
00065         } while (false);
00066 
00067         $context->destroy('EmbeddedURI');
00068         if (!$ok) return false;
00069 
00070         // back to string
00071         return $uri->toString();
00072 
00073     }
00074 
00075 }
00076 
00077 // vim: et sw=4 sts=4