PageRenderTime 40ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/common/libraries/plugin/htmlpurifier/library/HTMLPurifier/URI.php

https://bitbucket.org/renaatdemuynck/chamilo
PHP | 240 lines | 142 code | 21 blank | 77 comment | 28 complexity | 0484b58e045ec01b9c96dcf8c5930176 MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-2.1, LGPL-3.0, GPL-3.0, MIT, GPL-2.0 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  * HTML Purifier's internal representation of a URI.

    5. 

  5.  * @note

    6. 

  6.  * Internal data-structures are completely escaped. If the data needs

    7. 

  7.  * to be used in a non-URI context (which is very unlikely), be sure

    8. 

  8.  * to decode it first. The URI may not necessarily be well-formed until

    9. 

  9.  * validate() is called.

    10. 

  10.  */

    11. 

  11. class HTMLPurifier_URI

    12. 

  12. {

    13. 

  13.     

    14. 

  14.     public $scheme, $userinfo, $host, $port, $path, $query, $fragment;

    15. 

  15. 

    16. 

  16.     /**

    17. 

  17.      * @note Automatically normalizes scheme and port

    18. 

  18.      */

    19. 

  19.     public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)

    20. 

  20.     {

    21. 

  21.         $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);

    22. 

  22.         $this->userinfo = $userinfo;

    23. 

  23.         $this->host = $host;

    24. 

  24.         $this->port = is_null($port) ? $port : (int) $port;

    25. 

  25.         $this->path = $path;

    26. 

  26.         $this->query = $query;

    27. 

  27.         $this->fragment = $fragment;

    28. 

  28.     }

    29. 

  29. 

    30. 

  30.     /**

    31. 

  31.      * Retrieves a scheme object corresponding to the URI's scheme/default

    32. 

  32.      * @param $config Instance of HTMLPurifier_Config

    33. 

  33.      * @param $context Instance of HTMLPurifier_Context

    34. 

  34.      * @return Scheme object appropriate for validating this URI

    35. 

  35.      */

    36. 

  36.     public function getSchemeObj($config, $context)

    37. 

  37.     {

    38. 

  38.         $registry = HTMLPurifier_URISchemeRegistry :: instance();

    39. 

  39.         if ($this->scheme !== null)

    40. 

  40.         {

    41. 

  41.             $scheme_obj = $registry->getScheme($this->scheme, $config, $context);

    42. 

  42.             if (! $scheme_obj)

    43. 

  43.                 return false; // invalid scheme, clean it out

    44. 

  44.         }

    45. 

  45.         else

    46. 

  46.         {

    47. 

  47.             // no scheme: retrieve the default one

    48. 

  48.             $def = $config->getDefinition('URI');

    49. 

  49.             $scheme_obj = $registry->getScheme($def->defaultScheme, $config, $context);

    50. 

  50.             if (! $scheme_obj)

    51. 

  51.             {

    52. 

  52.                 // something funky happened to the default scheme object

    53. 

  53.                 trigger_error('Default scheme object "' . $def->defaultScheme . '" was not readable', E_USER_WARNING);

    54. 

  54.                 return false;

    55. 

  55.             }

    56. 

  56.         }

    57. 

  57.         return $scheme_obj;

    58. 

  58.     }

    59. 

  59. 

    60. 

  60.     /**

    61. 

  61.      * Generic validation method applicable for all schemes. May modify

    62. 

  62.      * this URI in order to get it into a compliant form.

    63. 

  63.      * @param $config Instance of HTMLPurifier_Config

    64. 

  64.      * @param $context Instance of HTMLPurifier_Context

    65. 

  65.      * @return True if validation/filtering succeeds, false if failure

    66. 

  66.      */

    67. 

  67.     public function validate($config, $context)

    68. 

  68.     {

    69. 

  69.         

    70. 

  70.         // ABNF definitions from RFC 3986

    71. 

  71.         $chars_sub_delims = '!$&\'()*+,;=';

    72. 

  72.         $chars_gen_delims = ':/?#[]@';

    73. 

  73.         $chars_pchar = $chars_sub_delims . ':@';

    74. 

  74.         

    75. 

  75.         // validate host

    76. 

  76.         if (! is_null($this->host))

    77. 

  77.         {

    78. 

  78.             $host_def = new HTMLPurifier_AttrDef_URI_Host();

    79. 

  79.             $this->host = $host_def->validate($this->host, $config, $context);

    80. 

  80.             if ($this->host === false)

    81. 

  81.                 $this->host = null;

    82. 

  82.         }

    83. 

  83.         

    84. 

  84.         // validate scheme

    85. 

  85.         // NOTE: It's not appropriate to check whether or not this

    86. 

  86.         // scheme is in our registry, since a URIFilter may convert a

    87. 

  87.         // URI that we don't allow into one we do.  So instead, we just

    88. 

  88.         // check if the scheme can be dropped because there is no host

    89. 

  89.         // and it is our default scheme.

    90. 

  90.         if (! is_null($this->scheme) && is_null($this->host) || $this->host === '')

    91. 

  91.         {

    92. 

  92.             // support for relative paths is pretty abysmal when the

    93. 

  93.             // scheme is present, so axe it when possible

    94. 

  94.             $def = $config->getDefinition('URI');

    95. 

  95.             if ($def->defaultScheme === $this->scheme)

    96. 

  96.             {

    97. 

  97.                 $this->scheme = null;

    98. 

  98.             }

    99. 

  99.         }

    100. 

  100.         

    101. 

  101.         // validate username

    102. 

  102.         if (! is_null($this->userinfo))

    103. 

  103.         {

    104. 

  104.             $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');

    105. 

  105.             $this->userinfo = $encoder->encode($this->userinfo);

    106. 

  106.         }

    107. 

  107.         

    108. 

  108.         // validate port

    109. 

  109.         if (! is_null($this->port))

    110. 

  110.         {

    111. 

  111.             if ($this->port < 1 || $this->port > 65535)

    112. 

  112.                 $this->port = null;

    113. 

  113.         }

    114. 

  114.         

    115. 

  115.         // validate path

    116. 

  116.         $path_parts = array();

    117. 

  117.         $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');

    118. 

  118.         if (! is_null($this->host))

    119. 

  119.         { // this catches $this->host === ''

    120. 

  120.             // path-abempty (hier and relative)

    121. 

  121.             // http://www.example.com/my/path

    122. 

  122.             // //www.example.com/my/path (looks odd, but works, and

    123. 

  123.             //                            recognized by most browsers)

    124. 

  124.             // (this set is valid or invalid on a scheme by scheme

    125. 

  125.             // basis, so we'll deal with it later)

    126. 

  126.             // file:///my/path

    127. 

  127.             // ///my/path

    128. 

  128.             $this->path = $segments_encoder->encode($this->path);

    129. 

  129.         }

    130. 

  130.         elseif ($this->path !== '')

    131. 

  131.         {

    132. 

  132.             if ($this->path[0] === '/')

    133. 

  133.             {

    134. 

  134.                 // path-absolute (hier and relative)

    135. 

  135.                 // http:/my/path

    136. 

  136.                 // /my/path

    137. 

  137.                 if (strlen($this->path) >= 2 && $this->path[1] === '/')

    138. 

  138.                 {

    139. 

  139.                     // This could happen if both the host gets stripped

    140. 

  140.                     // out

    141. 

  141.                     // http://my/path

    142. 

  142.                     // //my/path

    143. 

  143.                     $this->path = '';

    144. 

  144.                 }

    145. 

  145.                 else

    146. 

  146.                 {

    147. 

  147.                     $this->path = $segments_encoder->encode($this->path);

    148. 

  148.                 }

    149. 

  149.             }

    150. 

  150.             elseif (! is_null($this->scheme))

    151. 

  151.             {

    152. 

  152.                 // path-rootless (hier)

    153. 

  153.                 // http:my/path

    154. 

  154.                 // Short circuit evaluation means we don't need to check nz

    155. 

  155.                 $this->path = $segments_encoder->encode($this->path);

    156. 

  156.             }

    157. 

  157.             else

    158. 

  158.             {

    159. 

  159.                 // path-noscheme (relative)

    160. 

  160.                 // my/path

    161. 

  161.                 // (once again, not checking nz)

    162. 

  162.                 $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');

    163. 

  163.                 $c = strpos($this->path, '/');

    164. 

  164.                 if ($c !== false)

    165. 

  165.                 {

    166. 

  166.                     $this->path = $segment_nc_encoder->encode(substr($this->path, 0, $c)) . $segments_encoder->encode(substr($this->path, $c));

    167. 

  167.                 }

    168. 

  168.                 else

    169. 

  169.                 {

    170. 

  170.                     $this->path = $segment_nc_encoder->encode($this->path);

    171. 

  171.                 }

    172. 

  172.             }

    173. 

  173.         }

    174. 

  174.         else

    175. 

  175.         {

    176. 

  176.             // path-empty (hier and relative)

    177. 

  177.             $this->path = ''; // just to be safe

    178. 

  178.         }

    179. 

  179.         

    180. 

  180.         // qf = query and fragment

    181. 

  181.         $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');

    182. 

  182.         

    183. 

  183.         if (! is_null($this->query))

    184. 

  184.         {

    185. 

  185.             $this->query = $qf_encoder->encode($this->query);

    186. 

  186.         }

    187. 

  187.         

    188. 

  188.         if (! is_null($this->fragment))

    189. 

  189.         {

    190. 

  190.             $this->fragment = $qf_encoder->encode($this->fragment);

    191. 

  191.         }

    192. 

  192.         

    193. 

  193.         return true;

    194. 

  194.     

    195. 

  195.     }

    196. 

  196. 

    197. 

  197.     /**

    198. 

  198.      * Convert URI back to string

    199. 

  199.      * @return String URI appropriate for output

    200. 

  200.      */

    201. 

  201.     public function toString()

    202. 

  202.     {

    203. 

  203.         // reconstruct authority

    204. 

  204.         $authority = null;

    205. 

  205.         // there is a rendering difference between a null authority

    206. 

  206.         // (http:foo-bar) and an empty string authority

    207. 

  207.         // (http:///foo-bar).

    208. 

  208.         if (! is_null($this->host))

    209. 

  209.         {

    210. 

  210.             $authority = '';

    211. 

  211.             if (! is_null($this->userinfo))

    212. 

  212.                 $authority .= $this->userinfo . '@';

    213. 

  213.             $authority .= $this->host;

    214. 

  214.             if (! is_null($this->port))

    215. 

  215.                 $authority .= ':' . $this->port;

    216. 

  216.         }

    217. 

  217.         

    218. 

  218.         // Reconstruct the result

    219. 

  219.         // One might wonder about parsing quirks from browsers after

    220. 

  220.         // this reconstruction.  Unfortunately, parsing behavior depends

    221. 

  221.         // on what *scheme* was employed (file:///foo is handled *very*

    222. 

  222.         // differently than http:///foo), so unfortunately we have to

    223. 

  223.         // defer to the schemes to do the right thing.

    224. 

  224.         $result = '';

    225. 

  225.         if (! is_null($this->scheme))

    226. 

  226.             $result .= $this->scheme . ':';

    227. 

  227.         if (! is_null($authority))

    228. 

  228.             $result .= '//' . $authority;

    229. 

  229.         $result .= $this->path;

    230. 

  230.         if (! is_null($this->query))

    231. 

  231.             $result .= '?' . $this->query;

    232. 

  232.         if (! is_null($this->fragment))

    233. 

  233.             $result .= '#' . $this->fragment;

    234. 

  234.         

    235. 

  235.         return $result;

    236. 

  236.     }

    237. 

  237. 

    238. 

  238. }

    239. 

  239. 

    240. 

  240. // vim: et sw=4 sts=4

    241. 

  241.