HTMLPurifier 4.4.0
|
00001 <?php 00002 00006 class HTMLPurifier_URISchemeRegistry 00007 { 00008 00016 public static function instance($prototype = null) { 00017 static $instance = null; 00018 if ($prototype !== null) { 00019 $instance = $prototype; 00020 } elseif ($instance === null || $prototype == true) { 00021 $instance = new HTMLPurifier_URISchemeRegistry(); 00022 } 00023 return $instance; 00024 } 00025 00029 protected $schemes = array(); 00030 00037 public function getScheme($scheme, $config, $context) { 00038 if (!$config) $config = HTMLPurifier_Config::createDefault(); 00039 00040 // important, otherwise attacker could include arbitrary file 00041 $allowed_schemes = $config->get('URI.AllowedSchemes'); 00042 if (!$config->get('URI.OverrideAllowedSchemes') && 00043 !isset($allowed_schemes[$scheme]) 00044 ) { 00045 return; 00046 } 00047 00048 if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; 00049 if (!isset($allowed_schemes[$scheme])) return; 00050 00051 $class = 'HTMLPurifier_URIScheme_' . $scheme; 00052 if (!class_exists($class)) return; 00053 $this->schemes[$scheme] = new $class(); 00054 return $this->schemes[$scheme]; 00055 } 00056 00062 public function register($scheme, $scheme_obj) { 00063 $this->schemes[$scheme] = $scheme_obj; 00064 } 00065 00066 } 00067 00068 // vim: et sw=4 sts=4