HTMLPurifier 4.4.0
|
00001 <?php 00002 00012 class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef 00013 { 00014 00015 // selector is NOT a valid thing to use for IDREFs, because IDREFs 00016 // *must* target IDs that exist, whereas selector #ids do not. 00017 00022 protected $selector; 00023 00024 public function __construct($selector = false) { 00025 $this->selector = $selector; 00026 } 00027 00028 public function validate($id, $config, $context) { 00029 00030 if (!$this->selector && !$config->get('Attr.EnableID')) return false; 00031 00032 $id = trim($id); // trim it first 00033 00034 if ($id === '') return false; 00035 00036 $prefix = $config->get('Attr.IDPrefix'); 00037 if ($prefix !== '') { 00038 $prefix .= $config->get('Attr.IDPrefixLocal'); 00039 // prevent re-appending the prefix 00040 if (strpos($id, $prefix) !== 0) $id = $prefix . $id; 00041 } elseif ($config->get('Attr.IDPrefixLocal') !== '') { 00042 trigger_error('%Attr.IDPrefixLocal cannot be used unless '. 00043 '%Attr.IDPrefix is set', E_USER_WARNING); 00044 } 00045 00046 if (!$this->selector) { 00047 $id_accumulator =& $context->get('IDAccumulator'); 00048 if (isset($id_accumulator->ids[$id])) return false; 00049 } 00050 00051 // we purposely avoid using regex, hopefully this is faster 00052 00053 if (ctype_alpha($id)) { 00054 $result = true; 00055 } else { 00056 if (!ctype_alpha(@$id[0])) return false; 00057 $trim = trim( // primitive style of regexps, I suppose 00058 $id, 00059 'A..Za..z0..9:-._' 00060 ); 00061 $result = ($trim === ''); 00062 } 00063 00064 $regexp = $config->get('Attr.IDBlacklistRegexp'); 00065 if ($regexp && preg_match($regexp, $id)) { 00066 return false; 00067 } 00068 00069 if (!$this->selector && $result) $id_accumulator->add($id); 00070 00071 // if no change was made to the ID, return the result 00072 // else, return the new id if stripping whitespace made it 00073 // valid, or return false. 00074 return $result ? $id : false; 00075 00076 } 00077 00078 } 00079 00080 // vim: et sw=4 sts=4