HTMLPurifier 4.4.0
|
00001 <?php 00002 00006 abstract class HTMLPurifier_URIScheme 00007 { 00008 00014 public $default_port = null; 00015 00020 public $browsable = false; 00021 00026 public $secure = false; 00027 00032 public $hierarchical = false; 00033 00039 public $may_omit_host = false; 00040 00048 public abstract function doValidate(&$uri, $config, $context); 00049 00058 public function validate(&$uri, $config, $context) { 00059 if ($this->default_port == $uri->port) $uri->port = null; 00060 // kludge: browsers do funny things when the scheme but not the 00061 // authority is set 00062 if (!$this->may_omit_host && 00063 // if the scheme is present, a missing host is always in error 00064 (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) || 00065 // if the scheme is not present, a *blank* host is in error, 00066 // since this translates into '///path' which most browsers 00067 // interpret as being 'http://path'. 00068 (is_null($uri->scheme) && $uri->host === '') 00069 ) { 00070 do { 00071 if (is_null($uri->scheme)) { 00072 if (substr($uri->path, 0, 2) != '//') { 00073 $uri->host = null; 00074 break; 00075 } 00076 // URI is '////path', so we cannot nullify the 00077 // host to preserve semantics. Try expanding the 00078 // hostname instead (fall through) 00079 } 00080 // first see if we can manually insert a hostname 00081 $host = $config->get('URI.Host'); 00082 if (!is_null($host)) { 00083 $uri->host = $host; 00084 } else { 00085 // we can't do anything sensible, reject the URL. 00086 return false; 00087 } 00088 } while (false); 00089 } 00090 return $this->doValidate($uri, $config, $context); 00091 } 00092 00093 } 00094 00095 // vim: et sw=4 sts=4