/**
* {@inheritdoc}
*/
public function isSafeAsURL()
{
try {
$regexpInfo = RegexpParser::parse($this->vars['regexp']);
// Match any number of "(" optionally followed by "?:"
$captureStart = '(?>\\((?:\\?:)?)*';
// Regexps that start with a fixed scheme are considered safe. As a special case, we
// allow the scheme part to end with a single ? to allow the regexp "https?"
$regexp = '#^\\^' . $captureStart . '(?!data|\\w*script)[a-z0-9]+\\??:#i';
if (preg_match($regexp, $regexpInfo['regexp']) && strpos($regexpInfo['modifiers'], 'm') === false) {
return true;
}
// Test whether this regexp could allow any character that's disallowed in URLs
$regexp = RegexpParser::getAllowedCharacterRegexp($this->vars['regexp']);
foreach (ContextSafeness::getDisallowedCharactersAsURL() as $char) {
if (preg_match($regexp, $char)) {
return false;
}
}
return true;
} catch (Exception $e) {
// If anything unexpected happens, we'll consider this filter is not safe
return false;
}
}
/**
* @testdox getDisallowedCharactersAsURL() returns a list of strings
*/
public function testGetDisallowedCharactersAsURL()
{
$disallowedChars = ContextSafeness::getDisallowedCharactersAsURL();
$this->assertInternalType('array', $disallowedChars);
foreach ($disallowedChars as $char) {
$this->assertInternalType('string', $char);
}
}
public function isSafeAsURL()
{
try {
$regexpInfo = RegexpParser::parse($this->vars['regexp']);
$captureStart = '(?>\\((?:\\?:)?)*';
$regexp = '#^\\^' . $captureStart . '(?!data|\\w*script)[a-z0-9]+\\??:#i';
if (\preg_match($regexp, $regexpInfo['regexp']) && \strpos($regexpInfo['modifiers'], 'm') === \false) {
return \true;
}
$regexp = RegexpParser::getAllowedCharacterRegexp($this->vars['regexp']);
foreach (ContextSafeness::getDisallowedCharactersAsURL() as $char) {
if (\preg_match($regexp, $char)) {
return \false;
}
}
return \true;
} catch (Exception $e) {
return \false;
}
}
