lib/htmlpurifier/HTMLPurifier/URISchemeRegistry.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/URIScheme/http.php';
   4 require_once 'HTMLPurifier/URIScheme/https.php';
   5 require_once 'HTMLPurifier/URIScheme/mailto.php';
   6 require_once 'HTMLPurifier/URIScheme/ftp.php';
   7 require_once 'HTMLPurifier/URIScheme/nntp.php';
   8 require_once 'HTMLPurifier/URIScheme/news.php';
   9
  10 HTMLPurifier_ConfigSchema::define(
  11     'URI', 'AllowedSchemes', array(
  12         'http'  => true, // "Hypertext Transfer Protocol", nuf' said
  13         'https' => true, // HTTP over SSL (Secure Socket Layer)
  14         // quite useful, but not necessary
  15         'mailto' => true,// Email
  16         'ftp'   => true, // "File Transfer Protocol"
  17         // for Usenet, these two are similar, but distinct
  18         'nntp'  => true, // individual Netnews articles
  19         'news'  => true  // newsgroup or individual Netnews articles
  20     ), 'lookup',
  21     'Whitelist that defines the schemes that a URI is allowed to have.  This '.
  22     'prevents XSS attacks from using pseudo-schemes like javascript or mocha.'
  23 );
  24
  25 HTMLPurifier_ConfigSchema::define(
  26     'URI', 'OverrideAllowedSchemes', true, 'bool',
  27     'If this is set to true (which it is by default), you can override '.
  28     '%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme '.
  29     'to the registry.  If false, you will also have to update that directive '.
  30     'in order to add more schemes.'
  31 );
  32
  33 /**
  34  * Registry for retrieving specific URI scheme validator objects.
  35  */
  36 class HTMLPurifier_URISchemeRegistry
  37 {
  38
  39     /**
  40      * Retrieve sole instance of the registry.
  41      * @static
  42      * @param $prototype Optional prototype to overload sole instance with,
  43      *                   or bool true to reset to default registry.
  44      * @note Pass a registry object $prototype with a compatible interface and
  45      *       the function will copy it and return it all further times.
  46      */
  47     function &instance($prototype = null) {
  48         static $instance = null;
  49         if ($prototype !== null) {
  50             $instance = $prototype;
  51         } elseif ($instance === null || $prototype == true) {
  52             $instance = new HTMLPurifier_URISchemeRegistry();
  53         }
  54         return $instance;
  55     }
  56
  57     /**
  58      * Cache of retrieved schemes.
  59      * @protected
  60      */
  61     var $schemes = array();
  62
  63     /**
  64      * Retrieves a scheme validator object
  65      * @param $scheme String scheme name like http or mailto
  66      * @param $config HTMLPurifier_Config object
  67      * @param $config HTMLPurifier_Context object
  68      */
  69     function &getScheme($scheme, $config, &$context) {
  70         if (!$config) $config = HTMLPurifier_Config::createDefault();
  71         $null = null; // for the sake of passing by reference
  72
  73         // important, otherwise attacker could include arbitrary file
  74         $allowed_schemes = $config->get('URI', 'AllowedSchemes');
  75         if (!$config->get('URI', 'OverrideAllowedSchemes') &&
  76             !isset($allowed_schemes[$scheme])
  77         ) {
  78             return $null;
  79         }
  80
  81         if (isset($this->schemes[$scheme])) return $this->schemes[$scheme];
  82         if (!isset($allowed_schemes[$scheme])) return $null;
  83
  84         $class = 'HTMLPurifier_URIScheme_' . $scheme;
  85         if (!class_exists($class)) return $null;
  86         $this->schemes[$scheme] = new $class();
  87         return $this->schemes[$scheme];
  88     }
  89
  90     /**
  91      * Registers a custom scheme to the cache, bypassing reflection.
  92      * @param $scheme Scheme name
  93      * @param $scheme_obj HTMLPurifier_URIScheme object
  94      */
  95     function register($scheme, &$scheme_obj) {
  96         $this->schemes[$scheme] =& $scheme_obj;
  97     }
  98
  99 }
 100
 101