xpressengine /
xe-core
@@ -10,63 +10,63 @@ |
||
| 10 | 10 | class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef |
| 11 | 11 | { |
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * Bool indicating whether or not negative values are allowed |
|
| 15 | - */ |
|
| 16 | - protected $negative = true; |
|
| 13 | + /** |
|
| 14 | + * Bool indicating whether or not negative values are allowed |
|
| 15 | + */ |
|
| 16 | + protected $negative = true; |
|
| 17 | 17 | |
| 18 | - /** |
|
| 19 | - * Bool indicating whether or not zero is allowed |
|
| 20 | - */ |
|
| 21 | - protected $zero = true; |
|
| 18 | + /** |
|
| 19 | + * Bool indicating whether or not zero is allowed |
|
| 20 | + */ |
|
| 21 | + protected $zero = true; |
|
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * Bool indicating whether or not positive values are allowed |
|
| 25 | - */ |
|
| 26 | - protected $positive = true; |
|
| 23 | + /** |
|
| 24 | + * Bool indicating whether or not positive values are allowed |
|
| 25 | + */ |
|
| 26 | + protected $positive = true; |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * @param $negative Bool indicating whether or not negative values are allowed |
|
| 30 | - * @param $zero Bool indicating whether or not zero is allowed |
|
| 31 | - * @param $positive Bool indicating whether or not positive values are allowed |
|
| 32 | - */ |
|
| 33 | - public function __construct( |
|
| 34 | - $negative = true, $zero = true, $positive = true |
|
| 35 | - ) { |
|
| 36 | - $this->negative = $negative; |
|
| 37 | - $this->zero = $zero; |
|
| 38 | - $this->positive = $positive; |
|
| 39 | - } |
|
| 28 | + /** |
|
| 29 | + * @param $negative Bool indicating whether or not negative values are allowed |
|
| 30 | + * @param $zero Bool indicating whether or not zero is allowed |
|
| 31 | + * @param $positive Bool indicating whether or not positive values are allowed |
|
| 32 | + */ |
|
| 33 | + public function __construct( |
|
| 34 | + $negative = true, $zero = true, $positive = true |
|
| 35 | + ) { |
|
| 36 | + $this->negative = $negative; |
|
| 37 | + $this->zero = $zero; |
|
| 38 | + $this->positive = $positive; |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - public function validate($integer, $config, $context) { |
|
| 41 | + public function validate($integer, $config, $context) { |
|
| 42 | 42 | |
| 43 | - $integer = $this->parseCDATA($integer); |
|
| 44 | - if ($integer === '') return false; |
|
| 43 | + $integer = $this->parseCDATA($integer); |
|
| 44 | + if ($integer === '') return false; |
|
| 45 | 45 | |
| 46 | - // we could possibly simply typecast it to integer, but there are |
|
| 47 | - // certain fringe cases that must not return an integer. |
|
| 46 | + // we could possibly simply typecast it to integer, but there are |
|
| 47 | + // certain fringe cases that must not return an integer. |
|
| 48 | 48 | |
| 49 | - // clip leading sign |
|
| 50 | - if ( $this->negative && $integer[0] === '-' ) { |
|
| 51 | - $digits = substr($integer, 1); |
|
| 52 | - if ($digits === '0') $integer = '0'; // rm minus sign for zero |
|
| 53 | - } elseif( $this->positive && $integer[0] === '+' ) { |
|
| 54 | - $digits = $integer = substr($integer, 1); // rm unnecessary plus |
|
| 55 | - } else { |
|
| 56 | - $digits = $integer; |
|
| 57 | - } |
|
| 49 | + // clip leading sign |
|
| 50 | + if ( $this->negative && $integer[0] === '-' ) { |
|
| 51 | + $digits = substr($integer, 1); |
|
| 52 | + if ($digits === '0') $integer = '0'; // rm minus sign for zero |
|
| 53 | + } elseif( $this->positive && $integer[0] === '+' ) { |
|
| 54 | + $digits = $integer = substr($integer, 1); // rm unnecessary plus |
|
| 55 | + } else { |
|
| 56 | + $digits = $integer; |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - // test if it's numeric |
|
| 60 | - if (!ctype_digit($digits)) return false; |
|
| 59 | + // test if it's numeric |
|
| 60 | + if (!ctype_digit($digits)) return false; |
|
| 61 | 61 | |
| 62 | - // perform scope tests |
|
| 63 | - if (!$this->zero && $integer == 0) return false; |
|
| 64 | - if (!$this->positive && $integer > 0) return false; |
|
| 65 | - if (!$this->negative && $integer < 0) return false; |
|
| 62 | + // perform scope tests |
|
| 63 | + if (!$this->zero && $integer == 0) return false; |
|
| 64 | + if (!$this->positive && $integer > 0) return false; |
|
| 65 | + if (!$this->negative && $integer < 0) return false; |
|
| 66 | 66 | |
| 67 | - return $integer; |
|
| 67 | + return $integer; |
|
| 68 | 68 | |
| 69 | - } |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | 71 | } |
| 72 | 72 | |
@@ -47,10 +47,10 @@ discard block |
||
| 47 | 47 | // certain fringe cases that must not return an integer. |
| 48 | 48 | |
| 49 | 49 | // clip leading sign |
| 50 | - if ( $this->negative && $integer[0] === '-' ) { |
|
| 50 | + if ($this->negative && $integer[0] === '-') { |
|
| 51 | 51 | $digits = substr($integer, 1); |
| 52 | 52 | if ($digits === '0') $integer = '0'; // rm minus sign for zero |
| 53 | - } elseif( $this->positive && $integer[0] === '+' ) { |
|
| 53 | + } elseif ($this->positive && $integer[0] === '+') { |
|
| 54 | 54 | $digits = $integer = substr($integer, 1); // rm unnecessary plus |
| 55 | 55 | } else { |
| 56 | 56 | $digits = $integer; |
@@ -60,7 +60,7 @@ discard block |
||
| 60 | 60 | if (!ctype_digit($digits)) return false; |
| 61 | 61 | |
| 62 | 62 | // perform scope tests |
| 63 | - if (!$this->zero && $integer == 0) return false; |
|
| 63 | + if (!$this->zero && $integer == 0) return false; |
|
| 64 | 64 | if (!$this->positive && $integer > 0) return false; |
| 65 | 65 | if (!$this->negative && $integer < 0) return false; |
| 66 | 66 | |
@@ -41,7 +41,9 @@ discard block |
||
| 41 | 41 | public function validate($integer, $config, $context) { |
| 42 | 42 | |
| 43 | 43 | $integer = $this->parseCDATA($integer); |
| 44 | - if ($integer === '') return false; |
|
| 44 | + if ($integer === '') { |
|
| 45 | + return false; |
|
| 46 | + } |
|
| 45 | 47 | |
| 46 | 48 | // we could possibly simply typecast it to integer, but there are |
| 47 | 49 | // certain fringe cases that must not return an integer. |
@@ -49,7 +51,10 @@ discard block |
||
| 49 | 51 | // clip leading sign |
| 50 | 52 | if ( $this->negative && $integer[0] === '-' ) { |
| 51 | 53 | $digits = substr($integer, 1); |
| 52 | - if ($digits === '0') $integer = '0'; // rm minus sign for zero |
|
| 54 | + if ($digits === '0') { |
|
| 55 | + $integer = '0'; |
|
| 56 | + } |
|
| 57 | + // rm minus sign for zero |
|
| 53 | 58 | } elseif( $this->positive && $integer[0] === '+' ) { |
| 54 | 59 | $digits = $integer = substr($integer, 1); // rm unnecessary plus |
| 55 | 60 | } else { |
@@ -57,12 +62,20 @@ discard block |
||
| 57 | 62 | } |
| 58 | 63 | |
| 59 | 64 | // test if it's numeric |
| 60 | - if (!ctype_digit($digits)) return false; |
|
| 65 | + if (!ctype_digit($digits)) { |
|
| 66 | + return false; |
|
| 67 | + } |
|
| 61 | 68 | |
| 62 | 69 | // perform scope tests |
| 63 | - if (!$this->zero && $integer == 0) return false; |
|
| 64 | - if (!$this->positive && $integer > 0) return false; |
|
| 65 | - if (!$this->negative && $integer < 0) return false; |
|
| 70 | + if (!$this->zero && $integer == 0) { |
|
| 71 | + return false; |
|
| 72 | + } |
|
| 73 | + if (!$this->positive && $integer > 0) { |
|
| 74 | + return false; |
|
| 75 | + } |
|
| 76 | + if (!$this->negative && $integer < 0) { |
|
| 77 | + return false; |
|
| 78 | + } |
|
| 66 | 79 | |
| 67 | 80 | return $integer; |
| 68 | 81 | |
@@ -7,66 +7,66 @@ |
||
| 7 | 7 | class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - public function validate($string, $config, $context) { |
|
| 10 | + public function validate($string, $config, $context) { |
|
| 11 | 11 | |
| 12 | - $string = trim($string); |
|
| 13 | - if (!$string) return false; |
|
| 12 | + $string = trim($string); |
|
| 13 | + if (!$string) return false; |
|
| 14 | 14 | |
| 15 | - $subtags = explode('-', $string); |
|
| 16 | - $num_subtags = count($subtags); |
|
| 15 | + $subtags = explode('-', $string); |
|
| 16 | + $num_subtags = count($subtags); |
|
| 17 | 17 | |
| 18 | - if ($num_subtags == 0) return false; // sanity check |
|
| 18 | + if ($num_subtags == 0) return false; // sanity check |
|
| 19 | 19 | |
| 20 | - // process primary subtag : $subtags[0] |
|
| 21 | - $length = strlen($subtags[0]); |
|
| 22 | - switch ($length) { |
|
| 23 | - case 0: |
|
| 24 | - return false; |
|
| 25 | - case 1: |
|
| 26 | - if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { |
|
| 27 | - return false; |
|
| 28 | - } |
|
| 29 | - break; |
|
| 30 | - case 2: |
|
| 31 | - case 3: |
|
| 32 | - if (! ctype_alpha($subtags[0]) ) { |
|
| 33 | - return false; |
|
| 34 | - } elseif (! ctype_lower($subtags[0]) ) { |
|
| 35 | - $subtags[0] = strtolower($subtags[0]); |
|
| 36 | - } |
|
| 37 | - break; |
|
| 38 | - default: |
|
| 39 | - return false; |
|
| 40 | - } |
|
| 20 | + // process primary subtag : $subtags[0] |
|
| 21 | + $length = strlen($subtags[0]); |
|
| 22 | + switch ($length) { |
|
| 23 | + case 0: |
|
| 24 | + return false; |
|
| 25 | + case 1: |
|
| 26 | + if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { |
|
| 27 | + return false; |
|
| 28 | + } |
|
| 29 | + break; |
|
| 30 | + case 2: |
|
| 31 | + case 3: |
|
| 32 | + if (! ctype_alpha($subtags[0]) ) { |
|
| 33 | + return false; |
|
| 34 | + } elseif (! ctype_lower($subtags[0]) ) { |
|
| 35 | + $subtags[0] = strtolower($subtags[0]); |
|
| 36 | + } |
|
| 37 | + break; |
|
| 38 | + default: |
|
| 39 | + return false; |
|
| 40 | + } |
|
| 41 | 41 | |
| 42 | - $new_string = $subtags[0]; |
|
| 43 | - if ($num_subtags == 1) return $new_string; |
|
| 42 | + $new_string = $subtags[0]; |
|
| 43 | + if ($num_subtags == 1) return $new_string; |
|
| 44 | 44 | |
| 45 | - // process second subtag : $subtags[1] |
|
| 46 | - $length = strlen($subtags[1]); |
|
| 47 | - if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { |
|
| 48 | - return $new_string; |
|
| 49 | - } |
|
| 50 | - if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); |
|
| 45 | + // process second subtag : $subtags[1] |
|
| 46 | + $length = strlen($subtags[1]); |
|
| 47 | + if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { |
|
| 48 | + return $new_string; |
|
| 49 | + } |
|
| 50 | + if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); |
|
| 51 | 51 | |
| 52 | - $new_string .= '-' . $subtags[1]; |
|
| 53 | - if ($num_subtags == 2) return $new_string; |
|
| 52 | + $new_string .= '-' . $subtags[1]; |
|
| 53 | + if ($num_subtags == 2) return $new_string; |
|
| 54 | 54 | |
| 55 | - // process all other subtags, index 2 and up |
|
| 56 | - for ($i = 2; $i < $num_subtags; $i++) { |
|
| 57 | - $length = strlen($subtags[$i]); |
|
| 58 | - if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) { |
|
| 59 | - return $new_string; |
|
| 60 | - } |
|
| 61 | - if (!ctype_lower($subtags[$i])) { |
|
| 62 | - $subtags[$i] = strtolower($subtags[$i]); |
|
| 63 | - } |
|
| 64 | - $new_string .= '-' . $subtags[$i]; |
|
| 65 | - } |
|
| 55 | + // process all other subtags, index 2 and up |
|
| 56 | + for ($i = 2; $i < $num_subtags; $i++) { |
|
| 57 | + $length = strlen($subtags[$i]); |
|
| 58 | + if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) { |
|
| 59 | + return $new_string; |
|
| 60 | + } |
|
| 61 | + if (!ctype_lower($subtags[$i])) { |
|
| 62 | + $subtags[$i] = strtolower($subtags[$i]); |
|
| 63 | + } |
|
| 64 | + $new_string .= '-' . $subtags[$i]; |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - return $new_string; |
|
| 67 | + return $new_string; |
|
| 68 | 68 | |
| 69 | - } |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | 71 | } |
| 72 | 72 | |
@@ -23,15 +23,15 @@ |
||
| 23 | 23 | case 0: |
| 24 | 24 | return false; |
| 25 | 25 | case 1: |
| 26 | - if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) { |
|
| 26 | + if (!($subtags[0] == 'x' || $subtags[0] == 'i')) { |
|
| 27 | 27 | return false; |
| 28 | 28 | } |
| 29 | 29 | break; |
| 30 | 30 | case 2: |
| 31 | 31 | case 3: |
| 32 | - if (! ctype_alpha($subtags[0]) ) { |
|
| 32 | + if (!ctype_alpha($subtags[0])) { |
|
| 33 | 33 | return false; |
| 34 | - } elseif (! ctype_lower($subtags[0]) ) { |
|
| 34 | + } elseif (!ctype_lower($subtags[0])) { |
|
| 35 | 35 | $subtags[0] = strtolower($subtags[0]); |
| 36 | 36 | } |
| 37 | 37 | break; |
@@ -10,12 +10,17 @@ discard block |
||
| 10 | 10 | public function validate($string, $config, $context) { |
| 11 | 11 | |
| 12 | 12 | $string = trim($string); |
| 13 | - if (!$string) return false; |
|
| 13 | + if (!$string) { |
|
| 14 | + return false; |
|
| 15 | + } |
|
| 14 | 16 | |
| 15 | 17 | $subtags = explode('-', $string); |
| 16 | 18 | $num_subtags = count($subtags); |
| 17 | 19 | |
| 18 | - if ($num_subtags == 0) return false; // sanity check |
|
| 20 | + if ($num_subtags == 0) { |
|
| 21 | + return false; |
|
| 22 | + } |
|
| 23 | + // sanity check |
|
| 19 | 24 | |
| 20 | 25 | // process primary subtag : $subtags[0] |
| 21 | 26 | $length = strlen($subtags[0]); |
@@ -40,17 +45,23 @@ discard block |
||
| 40 | 45 | } |
| 41 | 46 | |
| 42 | 47 | $new_string = $subtags[0]; |
| 43 | - if ($num_subtags == 1) return $new_string; |
|
| 48 | + if ($num_subtags == 1) { |
|
| 49 | + return $new_string; |
|
| 50 | + } |
|
| 44 | 51 | |
| 45 | 52 | // process second subtag : $subtags[1] |
| 46 | 53 | $length = strlen($subtags[1]); |
| 47 | 54 | if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) { |
| 48 | 55 | return $new_string; |
| 49 | 56 | } |
| 50 | - if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]); |
|
| 57 | + if (!ctype_lower($subtags[1])) { |
|
| 58 | + $subtags[1] = strtolower($subtags[1]); |
|
| 59 | + } |
|
| 51 | 60 | |
| 52 | 61 | $new_string .= '-' . $subtags[1]; |
| 53 | - if ($num_subtags == 2) return $new_string; |
|
| 62 | + if ($num_subtags == 2) { |
|
| 63 | + return $new_string; |
|
| 64 | + } |
|
| 54 | 65 | |
| 55 | 66 | // process all other subtags, index 2 and up |
| 56 | 67 | for ($i = 2; $i < $num_subtags; $i++) { |
@@ -6,28 +6,28 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_Switch |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - protected $tag; |
|
| 10 | - protected $withTag, $withoutTag; |
|
| 9 | + protected $tag; |
|
| 10 | + protected $withTag, $withoutTag; |
|
| 11 | 11 | |
| 12 | - /** |
|
| 13 | - * @param string $tag Tag name to switch upon |
|
| 14 | - * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag |
|
| 15 | - * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token |
|
| 16 | - */ |
|
| 17 | - public function __construct($tag, $with_tag, $without_tag) { |
|
| 18 | - $this->tag = $tag; |
|
| 19 | - $this->withTag = $with_tag; |
|
| 20 | - $this->withoutTag = $without_tag; |
|
| 21 | - } |
|
| 12 | + /** |
|
| 13 | + * @param string $tag Tag name to switch upon |
|
| 14 | + * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag |
|
| 15 | + * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token |
|
| 16 | + */ |
|
| 17 | + public function __construct($tag, $with_tag, $without_tag) { |
|
| 18 | + $this->tag = $tag; |
|
| 19 | + $this->withTag = $with_tag; |
|
| 20 | + $this->withoutTag = $without_tag; |
|
| 21 | + } |
|
| 22 | 22 | |
| 23 | - public function validate($string, $config, $context) { |
|
| 24 | - $token = $context->get('CurrentToken', true); |
|
| 25 | - if (!$token || $token->name !== $this->tag) { |
|
| 26 | - return $this->withoutTag->validate($string, $config, $context); |
|
| 27 | - } else { |
|
| 28 | - return $this->withTag->validate($string, $config, $context); |
|
| 29 | - } |
|
| 30 | - } |
|
| 23 | + public function validate($string, $config, $context) { |
|
| 24 | + $token = $context->get('CurrentToken', true); |
|
| 25 | + if (!$token || $token->name !== $this->tag) { |
|
| 26 | + return $this->withoutTag->validate($string, $config, $context); |
|
| 27 | + } else { |
|
| 28 | + return $this->withTag->validate($string, $config, $context); |
|
| 29 | + } |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | 32 | } |
| 33 | 33 | |
@@ -6,9 +6,9 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public function validate($string, $config, $context) { |
|
| 10 | - return $this->parseCDATA($string); |
|
| 11 | - } |
|
| 9 | + public function validate($string, $config, $context) { |
|
| 10 | + return $this->parseCDATA($string); |
|
| 11 | + } |
|
| 12 | 12 | |
| 13 | 13 | } |
| 14 | 14 | |
@@ -7,70 +7,70 @@ |
||
| 7 | 7 | class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - protected $parser; |
|
| 11 | - protected $embedsResource; |
|
| 10 | + protected $parser; |
|
| 11 | + protected $embedsResource; |
|
| 12 | 12 | |
| 13 | - /** |
|
| 14 | - * @param $embeds_resource_resource Does the URI here result in an extra HTTP request? |
|
| 15 | - */ |
|
| 16 | - public function __construct($embeds_resource = false) { |
|
| 17 | - $this->parser = new HTMLPurifier_URIParser(); |
|
| 18 | - $this->embedsResource = (bool) $embeds_resource; |
|
| 19 | - } |
|
| 13 | + /** |
|
| 14 | + * @param $embeds_resource_resource Does the URI here result in an extra HTTP request? |
|
| 15 | + */ |
|
| 16 | + public function __construct($embeds_resource = false) { |
|
| 17 | + $this->parser = new HTMLPurifier_URIParser(); |
|
| 18 | + $this->embedsResource = (bool) $embeds_resource; |
|
| 19 | + } |
|
| 20 | 20 | |
| 21 | - public function make($string) { |
|
| 22 | - $embeds = ($string === 'embedded'); |
|
| 23 | - return new HTMLPurifier_AttrDef_URI($embeds); |
|
| 24 | - } |
|
| 21 | + public function make($string) { |
|
| 22 | + $embeds = ($string === 'embedded'); |
|
| 23 | + return new HTMLPurifier_AttrDef_URI($embeds); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - public function validate($uri, $config, $context) { |
|
| 26 | + public function validate($uri, $config, $context) { |
|
| 27 | 27 | |
| 28 | - if ($config->get('URI.Disable')) return false; |
|
| 28 | + if ($config->get('URI.Disable')) return false; |
|
| 29 | 29 | |
| 30 | - $uri = $this->parseCDATA($uri); |
|
| 30 | + $uri = $this->parseCDATA($uri); |
|
| 31 | 31 | |
| 32 | - // parse the URI |
|
| 33 | - $uri = $this->parser->parse($uri); |
|
| 34 | - if ($uri === false) return false; |
|
| 32 | + // parse the URI |
|
| 33 | + $uri = $this->parser->parse($uri); |
|
| 34 | + if ($uri === false) return false; |
|
| 35 | 35 | |
| 36 | - // add embedded flag to context for validators |
|
| 37 | - $context->register('EmbeddedURI', $this->embedsResource); |
|
| 36 | + // add embedded flag to context for validators |
|
| 37 | + $context->register('EmbeddedURI', $this->embedsResource); |
|
| 38 | 38 | |
| 39 | - $ok = false; |
|
| 40 | - do { |
|
| 39 | + $ok = false; |
|
| 40 | + do { |
|
| 41 | 41 | |
| 42 | - // generic validation |
|
| 43 | - $result = $uri->validate($config, $context); |
|
| 44 | - if (!$result) break; |
|
| 42 | + // generic validation |
|
| 43 | + $result = $uri->validate($config, $context); |
|
| 44 | + if (!$result) break; |
|
| 45 | 45 | |
| 46 | - // chained filtering |
|
| 47 | - $uri_def = $config->getDefinition('URI'); |
|
| 48 | - $result = $uri_def->filter($uri, $config, $context); |
|
| 49 | - if (!$result) break; |
|
| 46 | + // chained filtering |
|
| 47 | + $uri_def = $config->getDefinition('URI'); |
|
| 48 | + $result = $uri_def->filter($uri, $config, $context); |
|
| 49 | + if (!$result) break; |
|
| 50 | 50 | |
| 51 | - // scheme-specific validation |
|
| 52 | - $scheme_obj = $uri->getSchemeObj($config, $context); |
|
| 53 | - if (!$scheme_obj) break; |
|
| 54 | - if ($this->embedsResource && !$scheme_obj->browsable) break; |
|
| 55 | - $result = $scheme_obj->validate($uri, $config, $context); |
|
| 56 | - if (!$result) break; |
|
| 51 | + // scheme-specific validation |
|
| 52 | + $scheme_obj = $uri->getSchemeObj($config, $context); |
|
| 53 | + if (!$scheme_obj) break; |
|
| 54 | + if ($this->embedsResource && !$scheme_obj->browsable) break; |
|
| 55 | + $result = $scheme_obj->validate($uri, $config, $context); |
|
| 56 | + if (!$result) break; |
|
| 57 | 57 | |
| 58 | - // Post chained filtering |
|
| 59 | - $result = $uri_def->postFilter($uri, $config, $context); |
|
| 60 | - if (!$result) break; |
|
| 58 | + // Post chained filtering |
|
| 59 | + $result = $uri_def->postFilter($uri, $config, $context); |
|
| 60 | + if (!$result) break; |
|
| 61 | 61 | |
| 62 | - // survived gauntlet |
|
| 63 | - $ok = true; |
|
| 62 | + // survived gauntlet |
|
| 63 | + $ok = true; |
|
| 64 | 64 | |
| 65 | - } while (false); |
|
| 65 | + } while (false); |
|
| 66 | 66 | |
| 67 | - $context->destroy('EmbeddedURI'); |
|
| 68 | - if (!$ok) return false; |
|
| 67 | + $context->destroy('EmbeddedURI'); |
|
| 68 | + if (!$ok) return false; |
|
| 69 | 69 | |
| 70 | - // back to string |
|
| 71 | - return $uri->toString(); |
|
| 70 | + // back to string |
|
| 71 | + return $uri->toString(); |
|
| 72 | 72 | |
| 73 | - } |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | 75 | } |
| 76 | 76 | |
@@ -25,13 +25,17 @@ discard block |
||
| 25 | 25 | |
| 26 | 26 | public function validate($uri, $config, $context) { |
| 27 | 27 | |
| 28 | - if ($config->get('URI.Disable')) return false; |
|
| 28 | + if ($config->get('URI.Disable')) { |
|
| 29 | + return false; |
|
| 30 | + } |
|
| 29 | 31 | |
| 30 | 32 | $uri = $this->parseCDATA($uri); |
| 31 | 33 | |
| 32 | 34 | // parse the URI |
| 33 | 35 | $uri = $this->parser->parse($uri); |
| 34 | - if ($uri === false) return false; |
|
| 36 | + if ($uri === false) { |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 35 | 39 | |
| 36 | 40 | // add embedded flag to context for validators |
| 37 | 41 | $context->register('EmbeddedURI', $this->embedsResource); |
@@ -41,23 +45,35 @@ discard block |
||
| 41 | 45 | |
| 42 | 46 | // generic validation |
| 43 | 47 | $result = $uri->validate($config, $context); |
| 44 | - if (!$result) break; |
|
| 48 | + if (!$result) { |
|
| 49 | + break; |
|
| 50 | + } |
|
| 45 | 51 | |
| 46 | 52 | // chained filtering |
| 47 | 53 | $uri_def = $config->getDefinition('URI'); |
| 48 | 54 | $result = $uri_def->filter($uri, $config, $context); |
| 49 | - if (!$result) break; |
|
| 55 | + if (!$result) { |
|
| 56 | + break; |
|
| 57 | + } |
|
| 50 | 58 | |
| 51 | 59 | // scheme-specific validation |
| 52 | 60 | $scheme_obj = $uri->getSchemeObj($config, $context); |
| 53 | - if (!$scheme_obj) break; |
|
| 54 | - if ($this->embedsResource && !$scheme_obj->browsable) break; |
|
| 61 | + if (!$scheme_obj) { |
|
| 62 | + break; |
|
| 63 | + } |
|
| 64 | + if ($this->embedsResource && !$scheme_obj->browsable) { |
|
| 65 | + break; |
|
| 66 | + } |
|
| 55 | 67 | $result = $scheme_obj->validate($uri, $config, $context); |
| 56 | - if (!$result) break; |
|
| 68 | + if (!$result) { |
|
| 69 | + break; |
|
| 70 | + } |
|
| 57 | 71 | |
| 58 | 72 | // Post chained filtering |
| 59 | 73 | $result = $uri_def->postFilter($uri, $config, $context); |
| 60 | - if (!$result) break; |
|
| 74 | + if (!$result) { |
|
| 75 | + break; |
|
| 76 | + } |
|
| 61 | 77 | |
| 62 | 78 | // survived gauntlet |
| 63 | 79 | $ok = true; |
@@ -65,7 +81,9 @@ discard block |
||
| 65 | 81 | } while (false); |
| 66 | 82 | |
| 67 | 83 | $context->destroy('EmbeddedURI'); |
| 68 | - if (!$ok) return false; |
|
| 84 | + if (!$ok) { |
|
| 85 | + return false; |
|
| 86 | + } |
|
| 69 | 87 | |
| 70 | 88 | // back to string |
| 71 | 89 | return $uri->toString(); |
@@ -3,12 +3,12 @@ |
||
| 3 | 3 | abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef |
| 4 | 4 | { |
| 5 | 5 | |
| 6 | - /** |
|
| 7 | - * Unpacks a mailbox into its display-name and address |
|
| 8 | - */ |
|
| 9 | - function unpack($string) { |
|
| 10 | - // needs to be implemented |
|
| 11 | - } |
|
| 6 | + /** |
|
| 7 | + * Unpacks a mailbox into its display-name and address |
|
| 8 | + */ |
|
| 9 | + function unpack($string) { |
|
| 10 | + // needs to be implemented |
|
| 11 | + } |
|
| 12 | 12 | |
| 13 | 13 | } |
| 14 | 14 | |
@@ -7,14 +7,14 @@ |
||
| 7 | 7 | class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - public function validate($string, $config, $context) { |
|
| 11 | - // no support for named mailboxes i.e. "Bob <[email protected]>" |
|
| 12 | - // that needs more percent encoding to be done |
|
| 13 | - if ($string == '') return false; |
|
| 14 | - $string = trim($string); |
|
| 15 | - $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); |
|
| 16 | - return $result ? $string : false; |
|
| 17 | - } |
|
| 10 | + public function validate($string, $config, $context) { |
|
| 11 | + // no support for named mailboxes i.e. "Bob <[email protected]>" |
|
| 12 | + // that needs more percent encoding to be done |
|
| 13 | + if ($string == '') return false; |
|
| 14 | + $string = trim($string); |
|
| 15 | + $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); |
|
| 16 | + return $result ? $string : false; |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | 19 | } |
| 20 | 20 | |
@@ -10,7 +10,9 @@ |
||
| 10 | 10 | public function validate($string, $config, $context) { |
| 11 | 11 | // no support for named mailboxes i.e. "Bob <[email protected]>" |
| 12 | 12 | // that needs more percent encoding to be done |
| 13 | - if ($string == '') return false; |
|
| 13 | + if ($string == '') { |
|
| 14 | + return false; |
|
| 15 | + } |
|
| 14 | 16 | $string = trim($string); |
| 15 | 17 | $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); |
| 16 | 18 | return $result ? $string : false; |
@@ -6,95 +6,95 @@ |
||
| 6 | 6 | class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - /** |
|
| 10 | - * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator |
|
| 11 | - */ |
|
| 12 | - protected $ipv4; |
|
| 9 | + /** |
|
| 10 | + * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator |
|
| 11 | + */ |
|
| 12 | + protected $ipv4; |
|
| 13 | 13 | |
| 14 | - /** |
|
| 15 | - * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator |
|
| 16 | - */ |
|
| 17 | - protected $ipv6; |
|
| 14 | + /** |
|
| 15 | + * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator |
|
| 16 | + */ |
|
| 17 | + protected $ipv6; |
|
| 18 | 18 | |
| 19 | - public function __construct() { |
|
| 20 | - $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); |
|
| 21 | - $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); |
|
| 22 | - } |
|
| 19 | + public function __construct() { |
|
| 20 | + $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4(); |
|
| 21 | + $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6(); |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - public function validate($string, $config, $context) { |
|
| 25 | - $length = strlen($string); |
|
| 26 | - // empty hostname is OK; it's usually semantically equivalent: |
|
| 27 | - // the default host as defined by a URI scheme is used: |
|
| 28 | - // |
|
| 29 | - // If the URI scheme defines a default for host, then that |
|
| 30 | - // default applies when the host subcomponent is undefined |
|
| 31 | - // or when the registered name is empty (zero length). |
|
| 32 | - if ($string === '') return ''; |
|
| 33 | - if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { |
|
| 34 | - //IPv6 |
|
| 35 | - $ip = substr($string, 1, $length - 2); |
|
| 36 | - $valid = $this->ipv6->validate($ip, $config, $context); |
|
| 37 | - if ($valid === false) return false; |
|
| 38 | - return '['. $valid . ']'; |
|
| 39 | - } |
|
| 24 | + public function validate($string, $config, $context) { |
|
| 25 | + $length = strlen($string); |
|
| 26 | + // empty hostname is OK; it's usually semantically equivalent: |
|
| 27 | + // the default host as defined by a URI scheme is used: |
|
| 28 | + // |
|
| 29 | + // If the URI scheme defines a default for host, then that |
|
| 30 | + // default applies when the host subcomponent is undefined |
|
| 31 | + // or when the registered name is empty (zero length). |
|
| 32 | + if ($string === '') return ''; |
|
| 33 | + if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { |
|
| 34 | + //IPv6 |
|
| 35 | + $ip = substr($string, 1, $length - 2); |
|
| 36 | + $valid = $this->ipv6->validate($ip, $config, $context); |
|
| 37 | + if ($valid === false) return false; |
|
| 38 | + return '['. $valid . ']'; |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - // need to do checks on unusual encodings too |
|
| 42 | - $ipv4 = $this->ipv4->validate($string, $config, $context); |
|
| 43 | - if ($ipv4 !== false) return $ipv4; |
|
| 41 | + // need to do checks on unusual encodings too |
|
| 42 | + $ipv4 = $this->ipv4->validate($string, $config, $context); |
|
| 43 | + if ($ipv4 !== false) return $ipv4; |
|
| 44 | 44 | |
| 45 | - // A regular domain name. |
|
| 45 | + // A regular domain name. |
|
| 46 | 46 | |
| 47 | - // This doesn't match I18N domain names, but we don't have proper IRI support, |
|
| 48 | - // so force users to insert Punycode. |
|
| 47 | + // This doesn't match I18N domain names, but we don't have proper IRI support, |
|
| 48 | + // so force users to insert Punycode. |
|
| 49 | 49 | |
| 50 | - // The productions describing this are: |
|
| 51 | - $a = '[a-z]'; // alpha |
|
| 52 | - $an = '[a-z0-9]'; // alphanum |
|
| 53 | - $and = '[a-z0-9-]'; // alphanum | "-" |
|
| 54 | - // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum |
|
| 55 | - $domainlabel = "$an($and*$an)?"; |
|
| 56 | - // toplabel = alpha | alpha *( alphanum | "-" ) alphanum |
|
| 57 | - $toplabel = "$a($and*$an)?"; |
|
| 58 | - // hostname = *( domainlabel "." ) toplabel [ "." ] |
|
| 59 | - if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { |
|
| 60 | - return $string; |
|
| 61 | - } |
|
| 50 | + // The productions describing this are: |
|
| 51 | + $a = '[a-z]'; // alpha |
|
| 52 | + $an = '[a-z0-9]'; // alphanum |
|
| 53 | + $and = '[a-z0-9-]'; // alphanum | "-" |
|
| 54 | + // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum |
|
| 55 | + $domainlabel = "$an($and*$an)?"; |
|
| 56 | + // toplabel = alpha | alpha *( alphanum | "-" ) alphanum |
|
| 57 | + $toplabel = "$a($and*$an)?"; |
|
| 58 | + // hostname = *( domainlabel "." ) toplabel [ "." ] |
|
| 59 | + if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { |
|
| 60 | + return $string; |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - // If we have Net_IDNA2 support, we can support IRIs by |
|
| 64 | - // punycoding them. (This is the most portable thing to do, |
|
| 65 | - // since otherwise we have to assume browsers support |
|
| 63 | + // If we have Net_IDNA2 support, we can support IRIs by |
|
| 64 | + // punycoding them. (This is the most portable thing to do, |
|
| 65 | + // since otherwise we have to assume browsers support |
|
| 66 | 66 | |
| 67 | - if ($config->get('Core.EnableIDNA')) { |
|
| 68 | - $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true)); |
|
| 69 | - // we need to encode each period separately |
|
| 70 | - $parts = explode('.', $string); |
|
| 71 | - try { |
|
| 72 | - $new_parts = array(); |
|
| 73 | - foreach ($parts as $part) { |
|
| 74 | - $encodable = false; |
|
| 75 | - for ($i = 0, $c = strlen($part); $i < $c; $i++) { |
|
| 76 | - if (ord($part[$i]) > 0x7a) { |
|
| 77 | - $encodable = true; |
|
| 78 | - break; |
|
| 79 | - } |
|
| 80 | - } |
|
| 81 | - if (!$encodable) { |
|
| 82 | - $new_parts[] = $part; |
|
| 83 | - } else { |
|
| 84 | - $new_parts[] = $idna->encode($part); |
|
| 85 | - } |
|
| 86 | - } |
|
| 87 | - $string = implode('.', $new_parts); |
|
| 88 | - if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { |
|
| 89 | - return $string; |
|
| 90 | - } |
|
| 91 | - } catch (Exception $e) { |
|
| 92 | - // XXX error reporting |
|
| 93 | - } |
|
| 94 | - } |
|
| 67 | + if ($config->get('Core.EnableIDNA')) { |
|
| 68 | + $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true)); |
|
| 69 | + // we need to encode each period separately |
|
| 70 | + $parts = explode('.', $string); |
|
| 71 | + try { |
|
| 72 | + $new_parts = array(); |
|
| 73 | + foreach ($parts as $part) { |
|
| 74 | + $encodable = false; |
|
| 75 | + for ($i = 0, $c = strlen($part); $i < $c; $i++) { |
|
| 76 | + if (ord($part[$i]) > 0x7a) { |
|
| 77 | + $encodable = true; |
|
| 78 | + break; |
|
| 79 | + } |
|
| 80 | + } |
|
| 81 | + if (!$encodable) { |
|
| 82 | + $new_parts[] = $part; |
|
| 83 | + } else { |
|
| 84 | + $new_parts[] = $idna->encode($part); |
|
| 85 | + } |
|
| 86 | + } |
|
| 87 | + $string = implode('.', $new_parts); |
|
| 88 | + if (preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string)) { |
|
| 89 | + return $string; |
|
| 90 | + } |
|
| 91 | + } catch (Exception $e) { |
|
| 92 | + // XXX error reporting |
|
| 93 | + } |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | - return false; |
|
| 97 | - } |
|
| 96 | + return false; |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | 99 | } |
| 100 | 100 | |
@@ -30,12 +30,12 @@ discard block |
||
| 30 | 30 | // default applies when the host subcomponent is undefined |
| 31 | 31 | // or when the registered name is empty (zero length). |
| 32 | 32 | if ($string === '') return ''; |
| 33 | - if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { |
|
| 33 | + if ($length > 1 && $string[0] === '[' && $string[$length - 1] === ']') { |
|
| 34 | 34 | //IPv6 |
| 35 | 35 | $ip = substr($string, 1, $length - 2); |
| 36 | 36 | $valid = $this->ipv6->validate($ip, $config, $context); |
| 37 | 37 | if ($valid === false) return false; |
| 38 | - return '['. $valid . ']'; |
|
| 38 | + return '[' . $valid . ']'; |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | // need to do checks on unusual encodings too |
@@ -48,8 +48,8 @@ discard block |
||
| 48 | 48 | // so force users to insert Punycode. |
| 49 | 49 | |
| 50 | 50 | // The productions describing this are: |
| 51 | - $a = '[a-z]'; // alpha |
|
| 52 | - $an = '[a-z0-9]'; // alphanum |
|
| 51 | + $a = '[a-z]'; // alpha |
|
| 52 | + $an = '[a-z0-9]'; // alphanum |
|
| 53 | 53 | $and = '[a-z0-9-]'; // alphanum | "-" |
| 54 | 54 | // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum |
| 55 | 55 | $domainlabel = "$an($and*$an)?"; |
@@ -29,18 +29,24 @@ |
||
| 29 | 29 | // If the URI scheme defines a default for host, then that |
| 30 | 30 | // default applies when the host subcomponent is undefined |
| 31 | 31 | // or when the registered name is empty (zero length). |
| 32 | - if ($string === '') return ''; |
|
| 32 | + if ($string === '') { |
|
| 33 | + return ''; |
|
| 34 | + } |
|
| 33 | 35 | if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') { |
| 34 | 36 | //IPv6 |
| 35 | 37 | $ip = substr($string, 1, $length - 2); |
| 36 | 38 | $valid = $this->ipv6->validate($ip, $config, $context); |
| 37 | - if ($valid === false) return false; |
|
| 39 | + if ($valid === false) { |
|
| 40 | + return false; |
|
| 41 | + } |
|
| 38 | 42 | return '['. $valid . ']'; |
| 39 | 43 | } |
| 40 | 44 | |
| 41 | 45 | // need to do checks on unusual encodings too |
| 42 | 46 | $ipv4 = $this->ipv4->validate($string, $config, $context); |
| 43 | - if ($ipv4 !== false) return $ipv4; |
|
| 47 | + if ($ipv4 !== false) { |
|
| 48 | + return $ipv4; |
|
| 49 | + } |
|
| 44 | 50 | |
| 45 | 51 | // A regular domain name. |
| 46 | 52 | |
@@ -7,32 +7,32 @@ |
||
| 7 | 7 | class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - /** |
|
| 11 | - * IPv4 regex, protected so that IPv6 can reuse it |
|
| 12 | - */ |
|
| 13 | - protected $ip4; |
|
| 10 | + /** |
|
| 11 | + * IPv4 regex, protected so that IPv6 can reuse it |
|
| 12 | + */ |
|
| 13 | + protected $ip4; |
|
| 14 | 14 | |
| 15 | - public function validate($aIP, $config, $context) { |
|
| 15 | + public function validate($aIP, $config, $context) { |
|
| 16 | 16 | |
| 17 | - if (!$this->ip4) $this->_loadRegex(); |
|
| 17 | + if (!$this->ip4) $this->_loadRegex(); |
|
| 18 | 18 | |
| 19 | - if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) |
|
| 20 | - { |
|
| 21 | - return $aIP; |
|
| 22 | - } |
|
| 19 | + if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) |
|
| 20 | + { |
|
| 21 | + return $aIP; |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - return false; |
|
| 24 | + return false; |
|
| 25 | 25 | |
| 26 | - } |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * Lazy load function to prevent regex from being stuffed in |
|
| 30 | - * cache. |
|
| 31 | - */ |
|
| 32 | - protected function _loadRegex() { |
|
| 33 | - $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 |
|
| 34 | - $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; |
|
| 35 | - } |
|
| 28 | + /** |
|
| 29 | + * Lazy load function to prevent regex from being stuffed in |
|
| 30 | + * cache. |
|
| 31 | + */ |
|
| 32 | + protected function _loadRegex() { |
|
| 33 | + $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 |
|
| 34 | + $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | 37 | } |
| 38 | 38 | |
@@ -14,7 +14,9 @@ |
||
| 14 | 14 | |
| 15 | 15 | public function validate($aIP, $config, $context) { |
| 16 | 16 | |
| 17 | - if (!$this->ip4) $this->_loadRegex(); |
|
| 17 | + if (!$this->ip4) { |
|
| 18 | + $this->_loadRegex(); |
|
| 19 | + } |
|
| 18 | 20 | |
| 19 | 21 | if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) |
| 20 | 22 | { |
