xpressengine /
xe-core
@@ -5,92 +5,92 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - public $browsable = true; |
|
| 9 | - public $allowed_types = array( |
|
| 10 | - // you better write validation code for other types if you |
|
| 11 | - // decide to allow them |
|
| 12 | - 'image/jpeg' => true, |
|
| 13 | - 'image/gif' => true, |
|
| 14 | - 'image/png' => true, |
|
| 15 | - ); |
|
| 16 | - // this is actually irrelevant since we only write out the path |
|
| 17 | - // component |
|
| 18 | - public $may_omit_host = true; |
|
| 8 | + public $browsable = true; |
|
| 9 | + public $allowed_types = array( |
|
| 10 | + // you better write validation code for other types if you |
|
| 11 | + // decide to allow them |
|
| 12 | + 'image/jpeg' => true, |
|
| 13 | + 'image/gif' => true, |
|
| 14 | + 'image/png' => true, |
|
| 15 | + ); |
|
| 16 | + // this is actually irrelevant since we only write out the path |
|
| 17 | + // component |
|
| 18 | + public $may_omit_host = true; |
|
| 19 | 19 | |
| 20 | - public function doValidate(&$uri, $config, $context) { |
|
| 21 | - $result = explode(',', $uri->path, 2); |
|
| 22 | - $is_base64 = false; |
|
| 23 | - $charset = null; |
|
| 24 | - $content_type = null; |
|
| 25 | - if (count($result) == 2) { |
|
| 26 | - list($metadata, $data) = $result; |
|
| 27 | - // do some legwork on the metadata |
|
| 28 | - $metas = explode(';', $metadata); |
|
| 29 | - while(!empty($metas)) { |
|
| 30 | - $cur = array_shift($metas); |
|
| 31 | - if ($cur == 'base64') { |
|
| 32 | - $is_base64 = true; |
|
| 33 | - break; |
|
| 34 | - } |
|
| 35 | - if (substr($cur, 0, 8) == 'charset=') { |
|
| 36 | - // doesn't match if there are arbitrary spaces, but |
|
| 37 | - // whatever dude |
|
| 38 | - if ($charset !== null) continue; // garbage |
|
| 39 | - $charset = substr($cur, 8); // not used |
|
| 40 | - } else { |
|
| 41 | - if ($content_type !== null) continue; // garbage |
|
| 42 | - $content_type = $cur; |
|
| 43 | - } |
|
| 44 | - } |
|
| 45 | - } else { |
|
| 46 | - $data = $result[0]; |
|
| 47 | - } |
|
| 48 | - if ($content_type !== null && empty($this->allowed_types[$content_type])) { |
|
| 49 | - return false; |
|
| 50 | - } |
|
| 51 | - if ($charset !== null) { |
|
| 52 | - // error; we don't allow plaintext stuff |
|
| 53 | - $charset = null; |
|
| 54 | - } |
|
| 55 | - $data = rawurldecode($data); |
|
| 56 | - if ($is_base64) { |
|
| 57 | - $raw_data = base64_decode($data); |
|
| 58 | - } else { |
|
| 59 | - $raw_data = $data; |
|
| 60 | - } |
|
| 61 | - // XXX probably want to refactor this into a general mechanism |
|
| 62 | - // for filtering arbitrary content types |
|
| 63 | - $file = tempnam("/tmp", ""); |
|
| 64 | - file_put_contents($file, $raw_data, LOCK_EX); |
|
| 65 | - if (function_exists('exif_imagetype')) { |
|
| 66 | - $image_code = exif_imagetype($file); |
|
| 67 | - } elseif (function_exists('getimagesize')) { |
|
| 68 | - set_error_handler(array($this, 'muteErrorHandler')); |
|
| 69 | - $info = getimagesize($file); |
|
| 70 | - restore_error_handler(); |
|
| 71 | - if ($info == false) return false; |
|
| 72 | - $image_code = $info[2]; |
|
| 73 | - } else { |
|
| 74 | - trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); |
|
| 75 | - } |
|
| 76 | - $real_content_type = image_type_to_mime_type($image_code); |
|
| 77 | - if ($real_content_type != $content_type) { |
|
| 78 | - // we're nice guys; if the content type is something else we |
|
| 79 | - // support, change it over |
|
| 80 | - if (empty($this->allowed_types[$real_content_type])) return false; |
|
| 81 | - $content_type = $real_content_type; |
|
| 82 | - } |
|
| 83 | - // ok, it's kosher, rewrite what we need |
|
| 84 | - $uri->userinfo = null; |
|
| 85 | - $uri->host = null; |
|
| 86 | - $uri->port = null; |
|
| 87 | - $uri->fragment = null; |
|
| 88 | - $uri->query = null; |
|
| 89 | - $uri->path = "$content_type;base64," . base64_encode($raw_data); |
|
| 90 | - return true; |
|
| 91 | - } |
|
| 20 | + public function doValidate(&$uri, $config, $context) { |
|
| 21 | + $result = explode(',', $uri->path, 2); |
|
| 22 | + $is_base64 = false; |
|
| 23 | + $charset = null; |
|
| 24 | + $content_type = null; |
|
| 25 | + if (count($result) == 2) { |
|
| 26 | + list($metadata, $data) = $result; |
|
| 27 | + // do some legwork on the metadata |
|
| 28 | + $metas = explode(';', $metadata); |
|
| 29 | + while(!empty($metas)) { |
|
| 30 | + $cur = array_shift($metas); |
|
| 31 | + if ($cur == 'base64') { |
|
| 32 | + $is_base64 = true; |
|
| 33 | + break; |
|
| 34 | + } |
|
| 35 | + if (substr($cur, 0, 8) == 'charset=') { |
|
| 36 | + // doesn't match if there are arbitrary spaces, but |
|
| 37 | + // whatever dude |
|
| 38 | + if ($charset !== null) continue; // garbage |
|
| 39 | + $charset = substr($cur, 8); // not used |
|
| 40 | + } else { |
|
| 41 | + if ($content_type !== null) continue; // garbage |
|
| 42 | + $content_type = $cur; |
|
| 43 | + } |
|
| 44 | + } |
|
| 45 | + } else { |
|
| 46 | + $data = $result[0]; |
|
| 47 | + } |
|
| 48 | + if ($content_type !== null && empty($this->allowed_types[$content_type])) { |
|
| 49 | + return false; |
|
| 50 | + } |
|
| 51 | + if ($charset !== null) { |
|
| 52 | + // error; we don't allow plaintext stuff |
|
| 53 | + $charset = null; |
|
| 54 | + } |
|
| 55 | + $data = rawurldecode($data); |
|
| 56 | + if ($is_base64) { |
|
| 57 | + $raw_data = base64_decode($data); |
|
| 58 | + } else { |
|
| 59 | + $raw_data = $data; |
|
| 60 | + } |
|
| 61 | + // XXX probably want to refactor this into a general mechanism |
|
| 62 | + // for filtering arbitrary content types |
|
| 63 | + $file = tempnam("/tmp", ""); |
|
| 64 | + file_put_contents($file, $raw_data, LOCK_EX); |
|
| 65 | + if (function_exists('exif_imagetype')) { |
|
| 66 | + $image_code = exif_imagetype($file); |
|
| 67 | + } elseif (function_exists('getimagesize')) { |
|
| 68 | + set_error_handler(array($this, 'muteErrorHandler')); |
|
| 69 | + $info = getimagesize($file); |
|
| 70 | + restore_error_handler(); |
|
| 71 | + if ($info == false) return false; |
|
| 72 | + $image_code = $info[2]; |
|
| 73 | + } else { |
|
| 74 | + trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); |
|
| 75 | + } |
|
| 76 | + $real_content_type = image_type_to_mime_type($image_code); |
|
| 77 | + if ($real_content_type != $content_type) { |
|
| 78 | + // we're nice guys; if the content type is something else we |
|
| 79 | + // support, change it over |
|
| 80 | + if (empty($this->allowed_types[$real_content_type])) return false; |
|
| 81 | + $content_type = $real_content_type; |
|
| 82 | + } |
|
| 83 | + // ok, it's kosher, rewrite what we need |
|
| 84 | + $uri->userinfo = null; |
|
| 85 | + $uri->host = null; |
|
| 86 | + $uri->port = null; |
|
| 87 | + $uri->fragment = null; |
|
| 88 | + $uri->query = null; |
|
| 89 | + $uri->path = "$content_type;base64," . base64_encode($raw_data); |
|
| 90 | + return true; |
|
| 91 | + } |
|
| 92 | 92 | |
| 93 | - public function muteErrorHandler($errno, $errstr) {} |
|
| 93 | + public function muteErrorHandler($errno, $errstr) {} |
|
| 94 | 94 | |
| 95 | 95 | } |
| 96 | 96 | |
@@ -35,10 +35,16 @@ discard block |
||
| 35 | 35 | if (substr($cur, 0, 8) == 'charset=') { |
| 36 | 36 | // doesn't match if there are arbitrary spaces, but |
| 37 | 37 | // whatever dude |
| 38 | - if ($charset !== null) continue; // garbage |
|
| 38 | + if ($charset !== null) { |
|
| 39 | + continue; |
|
| 40 | + } |
|
| 41 | + // garbage |
|
| 39 | 42 | $charset = substr($cur, 8); // not used |
| 40 | 43 | } else { |
| 41 | - if ($content_type !== null) continue; // garbage |
|
| 44 | + if ($content_type !== null) { |
|
| 45 | + continue; |
|
| 46 | + } |
|
| 47 | + // garbage |
|
| 42 | 48 | $content_type = $cur; |
| 43 | 49 | } |
| 44 | 50 | } |
@@ -68,7 +74,9 @@ discard block |
||
| 68 | 74 | set_error_handler(array($this, 'muteErrorHandler')); |
| 69 | 75 | $info = getimagesize($file); |
| 70 | 76 | restore_error_handler(); |
| 71 | - if ($info == false) return false; |
|
| 77 | + if ($info == false) { |
|
| 78 | + return false; |
|
| 79 | + } |
|
| 72 | 80 | $image_code = $info[2]; |
| 73 | 81 | } else { |
| 74 | 82 | trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); |
@@ -77,7 +85,9 @@ discard block |
||
| 77 | 85 | if ($real_content_type != $content_type) { |
| 78 | 86 | // we're nice guys; if the content type is something else we |
| 79 | 87 | // support, change it over |
| 80 | - if (empty($this->allowed_types[$real_content_type])) return false; |
|
| 88 | + if (empty($this->allowed_types[$real_content_type])) { |
|
| 89 | + return false; |
|
| 90 | + } |
|
| 81 | 91 | $content_type = $real_content_type; |
| 82 | 92 | } |
| 83 | 93 | // ok, it's kosher, rewrite what we need |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | list($metadata, $data) = $result; |
| 27 | 27 | // do some legwork on the metadata |
| 28 | 28 | $metas = explode(';', $metadata); |
| 29 | - while(!empty($metas)) { |
|
| 29 | + while (!empty($metas)) { |
|
| 30 | 30 | $cur = array_shift($metas); |
| 31 | 31 | if ($cur == 'base64') { |
| 32 | 32 | $is_base64 = true; |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | $uri->port = null; |
| 87 | 87 | $uri->fragment = null; |
| 88 | 88 | $uri->query = null; |
| 89 | - $uri->path = "$content_type;base64," . base64_encode($raw_data); |
|
| 89 | + $uri->path = "$content_type;base64,".base64_encode($raw_data); |
|
| 90 | 90 | return true; |
| 91 | 91 | } |
| 92 | 92 | |
@@ -5,27 +5,27 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - // Generally file:// URLs are not accessible from most |
|
| 9 | - // machines, so placing them as an img src is incorrect. |
|
| 10 | - public $browsable = false; |
|
| 8 | + // Generally file:// URLs are not accessible from most |
|
| 9 | + // machines, so placing them as an img src is incorrect. |
|
| 10 | + public $browsable = false; |
|
| 11 | 11 | |
| 12 | - // Basically the *only* URI scheme for which this is true, since |
|
| 13 | - // accessing files on the local machine is very common. In fact, |
|
| 14 | - // browsers on some operating systems don't understand the |
|
| 15 | - // authority, though I hear it is used on Windows to refer to |
|
| 16 | - // network shares. |
|
| 17 | - public $may_omit_host = true; |
|
| 12 | + // Basically the *only* URI scheme for which this is true, since |
|
| 13 | + // accessing files on the local machine is very common. In fact, |
|
| 14 | + // browsers on some operating systems don't understand the |
|
| 15 | + // authority, though I hear it is used on Windows to refer to |
|
| 16 | + // network shares. |
|
| 17 | + public $may_omit_host = true; |
|
| 18 | 18 | |
| 19 | - public function doValidate(&$uri, $config, $context) { |
|
| 20 | - // Authentication method is not supported |
|
| 21 | - $uri->userinfo = null; |
|
| 22 | - // file:// makes no provisions for accessing the resource |
|
| 23 | - $uri->port = null; |
|
| 24 | - // While it seems to work on Firefox, the querystring has |
|
| 25 | - // no possible effect and is thus stripped. |
|
| 26 | - $uri->query = null; |
|
| 27 | - return true; |
|
| 28 | - } |
|
| 19 | + public function doValidate(&$uri, $config, $context) { |
|
| 20 | + // Authentication method is not supported |
|
| 21 | + $uri->userinfo = null; |
|
| 22 | + // file:// makes no provisions for accessing the resource |
|
| 23 | + $uri->port = null; |
|
| 24 | + // While it seems to work on Firefox, the querystring has |
|
| 25 | + // no possible effect and is thus stripped. |
|
| 26 | + $uri->query = null; |
|
| 27 | + return true; |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | 30 | } |
| 31 | 31 | |
@@ -5,37 +5,37 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - public $default_port = 21; |
|
| 9 | - public $browsable = true; // usually |
|
| 10 | - public $hierarchical = true; |
|
| 8 | + public $default_port = 21; |
|
| 9 | + public $browsable = true; // usually |
|
| 10 | + public $hierarchical = true; |
|
| 11 | 11 | |
| 12 | - public function doValidate(&$uri, $config, $context) { |
|
| 13 | - $uri->query = null; |
|
| 12 | + public function doValidate(&$uri, $config, $context) { |
|
| 13 | + $uri->query = null; |
|
| 14 | 14 | |
| 15 | - // typecode check |
|
| 16 | - $semicolon_pos = strrpos($uri->path, ';'); // reverse |
|
| 17 | - if ($semicolon_pos !== false) { |
|
| 18 | - $type = substr($uri->path, $semicolon_pos + 1); // no semicolon |
|
| 19 | - $uri->path = substr($uri->path, 0, $semicolon_pos); |
|
| 20 | - $type_ret = ''; |
|
| 21 | - if (strpos($type, '=') !== false) { |
|
| 22 | - // figure out whether or not the declaration is correct |
|
| 23 | - list($key, $typecode) = explode('=', $type, 2); |
|
| 24 | - if ($key !== 'type') { |
|
| 25 | - // invalid key, tack it back on encoded |
|
| 26 | - $uri->path .= '%3B' . $type; |
|
| 27 | - } elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') { |
|
| 28 | - $type_ret = ";type=$typecode"; |
|
| 29 | - } |
|
| 30 | - } else { |
|
| 31 | - $uri->path .= '%3B' . $type; |
|
| 32 | - } |
|
| 33 | - $uri->path = str_replace(';', '%3B', $uri->path); |
|
| 34 | - $uri->path .= $type_ret; |
|
| 35 | - } |
|
| 15 | + // typecode check |
|
| 16 | + $semicolon_pos = strrpos($uri->path, ';'); // reverse |
|
| 17 | + if ($semicolon_pos !== false) { |
|
| 18 | + $type = substr($uri->path, $semicolon_pos + 1); // no semicolon |
|
| 19 | + $uri->path = substr($uri->path, 0, $semicolon_pos); |
|
| 20 | + $type_ret = ''; |
|
| 21 | + if (strpos($type, '=') !== false) { |
|
| 22 | + // figure out whether or not the declaration is correct |
|
| 23 | + list($key, $typecode) = explode('=', $type, 2); |
|
| 24 | + if ($key !== 'type') { |
|
| 25 | + // invalid key, tack it back on encoded |
|
| 26 | + $uri->path .= '%3B' . $type; |
|
| 27 | + } elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') { |
|
| 28 | + $type_ret = ";type=$typecode"; |
|
| 29 | + } |
|
| 30 | + } else { |
|
| 31 | + $uri->path .= '%3B' . $type; |
|
| 32 | + } |
|
| 33 | + $uri->path = str_replace(';', '%3B', $uri->path); |
|
| 34 | + $uri->path .= $type_ret; |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | - return true; |
|
| 38 | - } |
|
| 37 | + return true; |
|
| 38 | + } |
|
| 39 | 39 | |
| 40 | 40 | } |
| 41 | 41 | |
@@ -23,12 +23,12 @@ |
||
| 23 | 23 | list($key, $typecode) = explode('=', $type, 2); |
| 24 | 24 | if ($key !== 'type') { |
| 25 | 25 | // invalid key, tack it back on encoded |
| 26 | - $uri->path .= '%3B' . $type; |
|
| 26 | + $uri->path .= '%3B'.$type; |
|
| 27 | 27 | } elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') { |
| 28 | 28 | $type_ret = ";type=$typecode"; |
| 29 | 29 | } |
| 30 | 30 | } else { |
| 31 | - $uri->path .= '%3B' . $type; |
|
| 31 | + $uri->path .= '%3B'.$type; |
|
| 32 | 32 | } |
| 33 | 33 | $uri->path = str_replace(';', '%3B', $uri->path); |
| 34 | 34 | $uri->path .= $type_ret; |
@@ -5,14 +5,14 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - public $default_port = 80; |
|
| 9 | - public $browsable = true; |
|
| 10 | - public $hierarchical = true; |
|
| 8 | + public $default_port = 80; |
|
| 9 | + public $browsable = true; |
|
| 10 | + public $hierarchical = true; |
|
| 11 | 11 | |
| 12 | - public function doValidate(&$uri, $config, $context) { |
|
| 13 | - $uri->userinfo = null; |
|
| 14 | - return true; |
|
| 15 | - } |
|
| 12 | + public function doValidate(&$uri, $config, $context) { |
|
| 13 | + $uri->userinfo = null; |
|
| 14 | + return true; |
|
| 15 | + } |
|
| 16 | 16 | |
| 17 | 17 | } |
| 18 | 18 | |
@@ -5,8 +5,8 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http { |
| 7 | 7 | |
| 8 | - public $default_port = 443; |
|
| 9 | - public $secure = true; |
|
| 8 | + public $default_port = 443; |
|
| 9 | + public $secure = true; |
|
| 10 | 10 | |
| 11 | 11 | } |
| 12 | 12 | |
@@ -11,16 +11,16 @@ |
||
| 11 | 11 | |
| 12 | 12 | class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme { |
| 13 | 13 | |
| 14 | - public $browsable = false; |
|
| 15 | - public $may_omit_host = true; |
|
| 14 | + public $browsable = false; |
|
| 15 | + public $may_omit_host = true; |
|
| 16 | 16 | |
| 17 | - public function doValidate(&$uri, $config, $context) { |
|
| 18 | - $uri->userinfo = null; |
|
| 19 | - $uri->host = null; |
|
| 20 | - $uri->port = null; |
|
| 21 | - // we need to validate path against RFC 2368's addr-spec |
|
| 22 | - return true; |
|
| 23 | - } |
|
| 17 | + public function doValidate(&$uri, $config, $context) { |
|
| 18 | + $uri->userinfo = null; |
|
| 19 | + $uri->host = null; |
|
| 20 | + $uri->port = null; |
|
| 21 | + // we need to validate path against RFC 2368's addr-spec |
|
| 22 | + return true; |
|
| 23 | + } |
|
| 24 | 24 | |
| 25 | 25 | } |
| 26 | 26 | |
@@ -5,17 +5,17 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - public $browsable = false; |
|
| 9 | - public $may_omit_host = true; |
|
| 8 | + public $browsable = false; |
|
| 9 | + public $may_omit_host = true; |
|
| 10 | 10 | |
| 11 | - public function doValidate(&$uri, $config, $context) { |
|
| 12 | - $uri->userinfo = null; |
|
| 13 | - $uri->host = null; |
|
| 14 | - $uri->port = null; |
|
| 15 | - $uri->query = null; |
|
| 16 | - // typecode check needed on path |
|
| 17 | - return true; |
|
| 18 | - } |
|
| 11 | + public function doValidate(&$uri, $config, $context) { |
|
| 12 | + $uri->userinfo = null; |
|
| 13 | + $uri->host = null; |
|
| 14 | + $uri->port = null; |
|
| 15 | + $uri->query = null; |
|
| 16 | + // typecode check needed on path |
|
| 17 | + return true; |
|
| 18 | + } |
|
| 19 | 19 | |
| 20 | 20 | } |
| 21 | 21 | |
@@ -5,14 +5,14 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme { |
| 7 | 7 | |
| 8 | - public $default_port = 119; |
|
| 9 | - public $browsable = false; |
|
| 8 | + public $default_port = 119; |
|
| 9 | + public $browsable = false; |
|
| 10 | 10 | |
| 11 | - public function doValidate(&$uri, $config, $context) { |
|
| 12 | - $uri->userinfo = null; |
|
| 13 | - $uri->query = null; |
|
| 14 | - return true; |
|
| 15 | - } |
|
| 11 | + public function doValidate(&$uri, $config, $context) { |
|
| 12 | + $uri->userinfo = null; |
|
| 13 | + $uri->query = null; |
|
| 14 | + return true; |
|
| 15 | + } |
|
| 16 | 16 | |
| 17 | 17 | } |
| 18 | 18 | |
@@ -6,62 +6,62 @@ |
||
| 6 | 6 | class HTMLPurifier_URISchemeRegistry |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - /** |
|
| 10 | - * Retrieve sole instance of the registry. |
|
| 11 | - * @param $prototype Optional prototype to overload sole instance with, |
|
| 12 | - * or bool true to reset to default registry. |
|
| 13 | - * @note Pass a registry object $prototype with a compatible interface and |
|
| 14 | - * the function will copy it and return it all further times. |
|
| 15 | - */ |
|
| 16 | - public static function instance($prototype = null) { |
|
| 17 | - static $instance = null; |
|
| 18 | - if ($prototype !== null) { |
|
| 19 | - $instance = $prototype; |
|
| 20 | - } elseif ($instance === null || $prototype == true) { |
|
| 21 | - $instance = new HTMLPurifier_URISchemeRegistry(); |
|
| 22 | - } |
|
| 23 | - return $instance; |
|
| 24 | - } |
|
| 9 | + /** |
|
| 10 | + * Retrieve sole instance of the registry. |
|
| 11 | + * @param $prototype Optional prototype to overload sole instance with, |
|
| 12 | + * or bool true to reset to default registry. |
|
| 13 | + * @note Pass a registry object $prototype with a compatible interface and |
|
| 14 | + * the function will copy it and return it all further times. |
|
| 15 | + */ |
|
| 16 | + public static function instance($prototype = null) { |
|
| 17 | + static $instance = null; |
|
| 18 | + if ($prototype !== null) { |
|
| 19 | + $instance = $prototype; |
|
| 20 | + } elseif ($instance === null || $prototype == true) { |
|
| 21 | + $instance = new HTMLPurifier_URISchemeRegistry(); |
|
| 22 | + } |
|
| 23 | + return $instance; |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * Cache of retrieved schemes. |
|
| 28 | - */ |
|
| 29 | - protected $schemes = array(); |
|
| 26 | + /** |
|
| 27 | + * Cache of retrieved schemes. |
|
| 28 | + */ |
|
| 29 | + protected $schemes = array(); |
|
| 30 | 30 | |
| 31 | - /** |
|
| 32 | - * Retrieves a scheme validator object |
|
| 33 | - * @param $scheme String scheme name like http or mailto |
|
| 34 | - * @param $config HTMLPurifier_Config object |
|
| 35 | - * @param $config HTMLPurifier_Context object |
|
| 36 | - */ |
|
| 37 | - public function getScheme($scheme, $config, $context) { |
|
| 38 | - if (!$config) $config = HTMLPurifier_Config::createDefault(); |
|
| 31 | + /** |
|
| 32 | + * Retrieves a scheme validator object |
|
| 33 | + * @param $scheme String scheme name like http or mailto |
|
| 34 | + * @param $config HTMLPurifier_Config object |
|
| 35 | + * @param $config HTMLPurifier_Context object |
|
| 36 | + */ |
|
| 37 | + public function getScheme($scheme, $config, $context) { |
|
| 38 | + if (!$config) $config = HTMLPurifier_Config::createDefault(); |
|
| 39 | 39 | |
| 40 | - // important, otherwise attacker could include arbitrary file |
|
| 41 | - $allowed_schemes = $config->get('URI.AllowedSchemes'); |
|
| 42 | - if (!$config->get('URI.OverrideAllowedSchemes') && |
|
| 43 | - !isset($allowed_schemes[$scheme]) |
|
| 44 | - ) { |
|
| 45 | - return; |
|
| 46 | - } |
|
| 40 | + // important, otherwise attacker could include arbitrary file |
|
| 41 | + $allowed_schemes = $config->get('URI.AllowedSchemes'); |
|
| 42 | + if (!$config->get('URI.OverrideAllowedSchemes') && |
|
| 43 | + !isset($allowed_schemes[$scheme]) |
|
| 44 | + ) { |
|
| 45 | + return; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; |
|
| 49 | - if (!isset($allowed_schemes[$scheme])) return; |
|
| 48 | + if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; |
|
| 49 | + if (!isset($allowed_schemes[$scheme])) return; |
|
| 50 | 50 | |
| 51 | - $class = 'HTMLPurifier_URIScheme_' . $scheme; |
|
| 52 | - if (!class_exists($class)) return; |
|
| 53 | - $this->schemes[$scheme] = new $class(); |
|
| 54 | - return $this->schemes[$scheme]; |
|
| 55 | - } |
|
| 51 | + $class = 'HTMLPurifier_URIScheme_' . $scheme; |
|
| 52 | + if (!class_exists($class)) return; |
|
| 53 | + $this->schemes[$scheme] = new $class(); |
|
| 54 | + return $this->schemes[$scheme]; |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * Registers a custom scheme to the cache, bypassing reflection. |
|
| 59 | - * @param $scheme Scheme name |
|
| 60 | - * @param $scheme_obj HTMLPurifier_URIScheme object |
|
| 61 | - */ |
|
| 62 | - public function register($scheme, $scheme_obj) { |
|
| 63 | - $this->schemes[$scheme] = $scheme_obj; |
|
| 64 | - } |
|
| 57 | + /** |
|
| 58 | + * Registers a custom scheme to the cache, bypassing reflection. |
|
| 59 | + * @param $scheme Scheme name |
|
| 60 | + * @param $scheme_obj HTMLPurifier_URIScheme object |
|
| 61 | + */ |
|
| 62 | + public function register($scheme, $scheme_obj) { |
|
| 63 | + $this->schemes[$scheme] = $scheme_obj; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | 66 | } |
| 67 | 67 | |
@@ -35,7 +35,9 @@ discard block |
||
| 35 | 35 | * @param $config HTMLPurifier_Context object |
| 36 | 36 | */ |
| 37 | 37 | public function getScheme($scheme, $config, $context) { |
| 38 | - if (!$config) $config = HTMLPurifier_Config::createDefault(); |
|
| 38 | + if (!$config) { |
|
| 39 | + $config = HTMLPurifier_Config::createDefault(); |
|
| 40 | + } |
|
| 39 | 41 | |
| 40 | 42 | // important, otherwise attacker could include arbitrary file |
| 41 | 43 | $allowed_schemes = $config->get('URI.AllowedSchemes'); |
@@ -45,11 +47,17 @@ discard block |
||
| 45 | 47 | return; |
| 46 | 48 | } |
| 47 | 49 | |
| 48 | - if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; |
|
| 49 | - if (!isset($allowed_schemes[$scheme])) return; |
|
| 50 | + if (isset($this->schemes[$scheme])) { |
|
| 51 | + return $this->schemes[$scheme]; |
|
| 52 | + } |
|
| 53 | + if (!isset($allowed_schemes[$scheme])) { |
|
| 54 | + return; |
|
| 55 | + } |
|
| 50 | 56 | |
| 51 | 57 | $class = 'HTMLPurifier_URIScheme_' . $scheme; |
| 52 | - if (!class_exists($class)) return; |
|
| 58 | + if (!class_exists($class)) { |
|
| 59 | + return; |
|
| 60 | + } |
|
| 53 | 61 | $this->schemes[$scheme] = new $class(); |
| 54 | 62 | return $this->schemes[$scheme]; |
| 55 | 63 | } |
@@ -48,7 +48,7 @@ |
||
| 48 | 48 | if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; |
| 49 | 49 | if (!isset($allowed_schemes[$scheme])) return; |
| 50 | 50 | |
| 51 | - $class = 'HTMLPurifier_URIScheme_' . $scheme; |
|
| 51 | + $class = 'HTMLPurifier_URIScheme_'.$scheme; |
|
| 52 | 52 | if (!class_exists($class)) return; |
| 53 | 53 | $this->schemes[$scheme] = new $class(); |
| 54 | 54 | return $this->schemes[$scheme]; |
