Inheritance: extends HTMLPurifier_AttrDef
示例#1
0
文件: URI.php 项目: hasshy/sahana-tw
 function validate($uri_string, $config, &$context)
 {
     // parse the URI out of the string and then pass it onto
     // the parent object
     $uri_string = $this->parseCDATA($uri_string);
     if (strpos($uri_string, 'url(') !== 0) {
         return false;
     }
     $uri_string = substr($uri_string, 4);
     $new_length = strlen($uri_string) - 1;
     if ($uri_string[$new_length] != ')') {
         return false;
     }
     $uri = trim(substr($uri_string, 0, $new_length));
     if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
         $quote = $uri[0];
         $new_length = strlen($uri) - 1;
         if ($uri[$new_length] !== $quote) {
             return false;
         }
         $uri = substr($uri, 1, $new_length - 1);
     }
     $keys = array('(', ')', ',', ' ', '"', "'");
     $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
     $uri = str_replace($values, $keys, $uri);
     $result = parent::validate($uri, $config, $context);
     if ($result === false) {
         return false;
     }
     // escape necessary characters according to CSS spec
     // except for the comma, none of these should appear in the
     // URI at all
     $result = str_replace($keys, $values, $result);
     return "url({$result})";
 }
示例#2
0
 public function validate($uri_string, $config, $context)
 {
     // parse the URI out of the string and then pass it onto
     // the parent object
     $uri_string = $this->parseCDATA($uri_string);
     if (strpos($uri_string, 'url(') !== 0) {
         return false;
     }
     $uri_string = substr($uri_string, 4);
     $new_length = strlen($uri_string) - 1;
     if ($uri_string[$new_length] != ')') {
         return false;
     }
     $uri = trim(substr($uri_string, 0, $new_length));
     if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
         $quote = $uri[0];
         $new_length = strlen($uri) - 1;
         if ($uri[$new_length] !== $quote) {
             return false;
         }
         $uri = substr($uri, 1, $new_length - 1);
     }
     $uri = $this->expandCSSEscape($uri);
     $result = parent::validate($uri, $config, $context);
     if ($result === false) {
         return false;
     }
     // extra sanity check; should have been done by URI
     $result = str_replace(array('"', "\\", "\n", "\f", "\r"), "", $result);
     return "url(\"{$result}\")";
 }
示例#3
0
 /**
  * @param string $uri_string
  * @param HTMLPurifier_Config $config
  * @param HTMLPurifier_Context $context
  * @return bool|string
  */
 public function validate($uri_string, $config, $context)
 {
     // parse the URI out of the string and then pass it onto
     // the parent object
     $uri_string = $this->parseCDATA($uri_string);
     if (strpos($uri_string, 'url(') !== 0) {
         return false;
     }
     $uri_string = substr($uri_string, 4);
     $new_length = strlen($uri_string) - 1;
     if ($uri_string[$new_length] != ')') {
         return false;
     }
     $uri = trim(substr($uri_string, 0, $new_length));
     $quote = '"';
     // BSz
     if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
         $quote = $uri[0];
         $new_length = strlen($uri) - 1;
         if ($uri[$new_length] !== $quote) {
             return false;
         }
         $uri = substr($uri, 1, $new_length - 1);
     }
     $uri = $this->expandCSSEscape($uri);
     $result = parent::validate($uri, $config, $context);
     if ($result === false) {
         return false;
     }
     // extra sanity check; should have been done by URI
     $result = str_replace(array('"', "\\", "\n", "\f", "\r"), "", $result);
     // suspicious characters are ()'; we're going to percent encode
     // them for safety.
     $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
     // there's an extra bug where ampersands lose their escaping on
     // an innerHTML cycle, so a very unlucky query parameter could
     // then change the meaning of the URL.  Unfortunately, there's
     // not much we can do about that...
     return 'url(' . $quote . $result . $quote . ')';
     // BSz
 }
示例#4
0
 function test_make()
 {
     $factory = new HTMLPurifier_AttrDef_URI();
     $def = $factory->make('');
     $def2 = new HTMLPurifier_AttrDef_URI();
     $this->assertIdentical($def, $def2);
     $def = $factory->make('embedded');
     $def2 = new HTMLPurifier_AttrDef_URI(true);
     $this->assertIdentical($def, $def2);
 }
 public function validate($uri_string, $config, $context)
 {
     $uri_string = $this->parseCDATA($uri_string);
     if (strpos($uri_string, 'url(') !== 0) {
         return false;
     }
     $uri_string = substr($uri_string, 4);
     $new_length = strlen($uri_string) - 1;
     if ($uri_string[$new_length] != ')') {
         return false;
     }
     $uri = trim(substr($uri_string, 0, $new_length));
     if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
         $quote = $uri[0];
         $new_length = strlen($uri) - 1;
         if ($uri[$new_length] !== $quote) {
             return false;
         }
         $uri = substr($uri, 1, $new_length - 1);
     }
     $uri = $this->expandCSSEscape($uri);
     $result = parent::validate($uri, $config, $context);
     if ($result === false) {
         return false;
     }
     $result = str_replace(array('"', "\\", "\n", "\f", "\r"), "", $result);
     $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
     return "url(\"{$result}\")";
 }