/**
* Callback function for strip_illegal_entities, do not use.
* @access private
* @param array $m matches
*/
public static function _validate_entity($m)
{
$is_valid = FALSE;
// valid entity references have the form
// /&named([;<\n\r])/
// for named entities, or
// /&#(\d{1,5}|[xX][0-9a-fA-F]{1,4})([;<\n\r])/
// for numeric character references
$e = trim($m[1]);
$r = $m[2];
if ($r == ';') {
$r = '';
}
if ($e[0] == '#') {
$e = strtolower($e);
if ($e[1] == 'x') {
$e = hexdec(substr($e, 2));
} else {
$e = substr($e, 1);
}
// numeric character references may only have values in the range 0-65535 (16 bit)
// we strip null, though, just for kicks
$is_valid = intval($e) > 0 && intval($e) <= 65535;
if ($is_valid) {
// normalize to decimal form
$e = '#' . intval($e) . ';';
}
} else {
if (self::$character_entities_re == '') {
self::$character_entities_re = ';(' . implode('|', self::$character_entities) . ');';
}
// named entities must be known
$is_valid = preg_match(self::$character_entities_re, $e, $matches);
// XXX should we map named entities to their numeric equivalents?
if ($is_valid) {
// normalize to name and nothing but the name... eh.
$e = $matches[1] . ';';
}
}
return $is_valid ? '&' . $e . $r : '';
}
