lib/htmlpurifier/HTMLPurifier/URIDefinition.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/Definition.php';
   4 require_once 'HTMLPurifier/URIFilter.php';
   5 require_once 'HTMLPurifier/URIParser.php';
   6
   7 require_once 'HTMLPurifier/URIFilter/DisableExternal.php';
   8 require_once 'HTMLPurifier/URIFilter/DisableExternalResources.php';
   9 require_once 'HTMLPurifier/URIFilter/HostBlacklist.php';
  10 require_once 'HTMLPurifier/URIFilter/MakeAbsolute.php';
  11
  12 HTMLPurifier_ConfigSchema::define(
  13     'URI', 'DefinitionID', null, 'string/null', '
  14 <p>
  15     Unique identifier for a custom-built URI definition. If you  want
  16     to add custom URIFilters, you must specify this value.
  17     This directive has been available since 2.1.0.
  18 </p>
  19 ');
  20
  21 HTMLPurifier_ConfigSchema::define(
  22     'URI', 'DefinitionRev', 1, 'int', '
  23 <p>
  24     Revision identifier for your custom definition. See
  25     %HTML.DefinitionRev for details. This directive has been available
  26     since 2.1.0.
  27 </p>
  28 ');
  29
  30 // informative URI directives
  31
  32 HTMLPurifier_ConfigSchema::define(
  33     'URI', 'DefaultScheme', 'http', 'string', '
  34 <p>
  35     Defines through what scheme the output will be served, in order to
  36     select the proper object validator when no scheme information is present.
  37 </p>
  38 ');
  39
  40 HTMLPurifier_ConfigSchema::define(
  41     'URI', 'Host', null, 'string/null', '
  42 <p>
  43     Defines the domain name of the server, so we can determine whether or
  44     an absolute URI is from your website or not.  Not strictly necessary,
  45     as users should be using relative URIs to reference resources on your
  46     website.  It will, however, let you use absolute URIs to link to
  47     subdomains of the domain you post here: i.e. example.com will allow
  48     sub.example.com.  However, higher up domains will still be excluded:
  49     if you set %URI.Host to sub.example.com, example.com will be blocked.
  50     <strong>Note:</strong> This directive overrides %URI.Base because
  51     a given page may be on a sub-domain, but you wish HTML Purifier to be
  52     more relaxed and allow some of the parent domains too.
  53     This directive has been available since 1.2.0.
  54 </p>
  55 ');
  56
  57 HTMLPurifier_ConfigSchema::define(
  58     'URI', 'Base', null, 'string/null', '
  59 <p>
  60     The base URI is the URI of the document this purified HTML will be
  61     inserted into.  This information is important if HTML Purifier needs
  62     to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
  63     is on.  You may use a non-absolute URI for this value, but behavior
  64     may vary (%URI.MakeAbsolute deals nicely with both absolute and
  65     relative paths, but forwards-compatibility is not guaranteed).
  66     <strong>Warning:</strong> If set, the scheme on this URI
  67     overrides the one specified by %URI.DefaultScheme. This directive has
  68     been available since 2.1.0.
  69 </p>
  70 ');
  71
  72 class HTMLPurifier_URIDefinition extends HTMLPurifier_Definition
  73 {
  74
  75     var $type = 'URI';
  76     var $filters = array();
  77     var $registeredFilters = array();
  78
  79     /**
  80      * HTMLPurifier_URI object of the base specified at %URI.Base
  81      */
  82     var $base;
  83
  84     /**
  85      * String host to consider "home" base
  86      */
  87     var $host;
  88
  89     /**
  90      * Name of default scheme based on %URI.DefaultScheme and %URI.Base
  91      */
  92     var $defaultScheme;
  93
  94     function HTMLPurifier_URIDefinition() {
  95         $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternal());
  96         $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternalResources());
  97         $this->registerFilter(new HTMLPurifier_URIFilter_HostBlacklist());
  98         $this->registerFilter(new HTMLPurifier_URIFilter_MakeAbsolute());
  99     }
 100
 101     function registerFilter($filter) {
 102         $this->registeredFilters[$filter->name] = $filter;
 103     }
 104
 105     function addFilter($filter, $config) {
 106         $filter->prepare($config);
 107         $this->filters[$filter->name] = $filter;
 108     }
 109
 110     function doSetup($config) {
 111         $this->setupMemberVariables($config);
 112         $this->setupFilters($config);
 113     }
 114
 115     function setupFilters($config) {
 116         foreach ($this->registeredFilters as $name => $filter) {
 117             $conf = $config->get('URI', $name);
 118             if ($conf !== false && $conf !== null) {
 119                 $this->addFilter($filter, $config);
 120             }
 121         }
 122         unset($this->registeredFilters);
 123     }
 124
 125     function setupMemberVariables($config) {
 126         $this->host = $config->get('URI', 'Host');
 127         $base_uri = $config->get('URI', 'Base');
 128         if (!is_null($base_uri)) {
 129             $parser = new HTMLPurifier_URIParser();
 130             $this->base = $parser->parse($base_uri);
 131             $this->defaultScheme = $this->base->scheme;
 132             if (is_null($this->host)) $this->host = $this->base->host;
 133         }
 134         if (is_null($this->defaultScheme)) $this->defaultScheme = $config->get('URI', 'DefaultScheme');
 135     }
 136
 137     function filter(&$uri, $config, &$context) {
 138         foreach ($this->filters as $name => $x) {
 139             $result = $this->filters[$name]->filter($uri, $config, $context);
 140             if (!$result) return false;
 141         }
 142         return true;
 143     }
 144
 145 }