PageRenderTime 82ms CodeModel.GetById 40ms app.highlight 3ms RepoModel.GetById 37ms app.codeStats 1ms

/plugins/vjCommentPlugin/lib/tools/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php

https://bitbucket.org/Kudlaty/360kdw
PHP | 52 lines | 36 code | 5 blank | 11 comment | 6 complexity | bfb426e22d4d764adfca7bdfadec7ca6 MD5 | raw file
 1<?php
 2
 3/**
 4 * Validates a URI in CSS syntax, which uses url('http://example.com')
 5 * @note While theoretically speaking a URI in a CSS document could
 6 *       be non-embedded, as of CSS2 there is no such usage so we're
 7 *       generalizing it. This may need to be changed in the future.
 8 * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
 9 *          the separator, you cannot put a literal semicolon in
10 *          in the URI. Try percent encoding it, in that case.
11 */
12class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
13{
14
15    public function __construct() {
16        parent::__construct(true); // always embedded
17    }
18
19    public function validate($uri_string, $config, $context) {
20        // parse the URI out of the string and then pass it onto
21        // the parent object
22
23        $uri_string = $this->parseCDATA($uri_string);
24        if (strpos($uri_string, 'url(') !== 0) return false;
25        $uri_string = substr($uri_string, 4);
26        $new_length = strlen($uri_string) - 1;
27        if ($uri_string[$new_length] != ')') return false;
28        $uri = trim(substr($uri_string, 0, $new_length));
29
30        if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
31            $quote = $uri[0];
32            $new_length = strlen($uri) - 1;
33            if ($uri[$new_length] !== $quote) return false;
34            $uri = substr($uri, 1, $new_length - 1);
35        }
36
37        $uri = $this->expandCSSEscape($uri);
38
39        $result = parent::validate($uri, $config, $context);
40
41        if ($result === false) return false;
42
43        // extra sanity check; should have been done by URI
44        $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
45
46        return "url(\"$result\")";
47
48    }
49
50}
51
52// vim: et sw=4 sts=4