4 * Performs safe variable parsing based on types which can be used by
5 * users. This may not be able to represent all possible data inputs,
8 class HTMLPurifier_VarParser_Flexible
extends HTMLPurifier_VarParser
11 protected function parseImplementation($var, $type, $allow_null) {
12 if ($allow_null && $var === null) return null;
14 // Note: if code "breaks" from the switch, it triggers a generic
15 // exception to be thrown. Specific errors can be specifically
24 if (is_string($var) && ctype_digit($var)) $var = (int) $var;
27 if ((is_string($var) && is_numeric($var)) ||
is_int($var)) $var = (float) $var;
30 if (is_int($var) && ($var === 0 ||
$var === 1)) {
32 } elseif (is_string($var)) {
33 if ($var == 'on' ||
$var == 'true' ||
$var == '1') {
35 } elseif ($var == 'off' ||
$var == 'false' ||
$var == '0') {
38 throw new HTMLPurifier_VarParserException("Unrecognized value '$var' for $type");
45 if (is_string($var)) {
46 // special case: technically, this is an array with
47 // a single empty string item, but having an empty
48 // array is more intuitive
49 if ($var == '') return array();
50 if (strpos($var, "\n") === false && strpos($var, "\r") === false) {
51 // simplistic string to array method that only works
52 // for simple lists of tag names or alphanumeric characters
53 $var = explode(',',$var);
55 $var = preg_split('/(,|[\n\r]+)/', $var);
58 foreach ($var as $i => $j) $var[$i] = trim($j);
59 if ($type === self
::HASH
) {
60 // key:value,key2:value2
62 foreach ($var as $keypair) {
63 $c = explode(':', $keypair, 2);
64 if (!isset($c[1])) continue;
70 if (!is_array($var)) break;
71 $keys = array_keys($var);
72 if ($keys === array_keys($keys)) {
73 if ($type == self
::ALIST
) return $var;
74 elseif ($type == self
::LOOKUP
) {
76 foreach ($var as $key) {
82 if ($type === self
::LOOKUP
) {
83 foreach ($var as $key => $value) {
89 $this->errorInconsistent(__CLASS__
, $type);
91 $this->errorGeneric($var, $type);