mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-09 07:36:40 +02:00
Code Issues Releases Wiki Activity

Commit IPv6 fix, with majoring factoring out. Thank you Feyd!

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@284 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2006-08-17 01:05:35 +00:00
parent cd0108d656
commit 1cadb08fbb
9 changed files with 291 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
library/HTMLPurifier/AttrDef/URI.php
View File

@@ -1,7 +1,9 @@
<?php
require_once 'HTMLPurifier/AttrDef.php';
require_once 'HTMLPurifier/URIScheme.php';
require_once 'HTMLPurifier/URISchemeRegistry.php';
require_once 'HTMLPurifier/AttrDef/Host.php';
HTMLPurifier_ConfigDef::define(
'URI', 'DefaultScheme', 'http',
@@ -12,6 +14,12 @@ HTMLPurifier_ConfigDef::define(
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
{
var $host;
function HTMLPurifier_AttrDef_URI() {
$this->host = new HTMLPurifier_AttrDef_Host();
}
function validate($uri, $config, &$context) {
// We'll write stack-based parsers later, for now, use regexps to
@@ -63,34 +71,12 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if ($authority !== null) {
// define regexps
// this stuff may need to be factored out so Email can get to it
$HEXDIG = '[A-Fa-f0-9]';
$unreserved = 'A-Za-z0-9-._~'; // make sure you wrap with []
$sub_delims = '!$&\'()'; // needs []
$pct_encoded = "%$HEXDIG$HEXDIG";
$h16 = "{$HEXDIG}{1,4}";
$dec_octet = '(?:25[0-5]|2[0-4]\d|1\d\d|1\d|[0-9])';
$IPv4address = "$dec_octet.$dec_octet.$dec_octet.$dec_octet";
$ls32 = "(?:$h16:$h16|$IPv4address)";
$IPvFuture = "v$HEXDIG+\.[:$unreserved$sub_delims]+";
$IPv6Address = "(?:".
"(?:$h16:){6}$ls32" .
"|::(?:$h16:){5}$ls32" .
"|(?:$h16)?::(?:$h16:){4}$ls32" .
"|(?:(?:$h16:){1}$h16)?::(?:$h16:){3}$ls32" .
"|(?:(?:$h16:){2}$h16)?::(?:$h16:){2}$ls32" .
"|(?:(?:$h16:){3}$h16)?::(?:$h16:){1}$ls32" .
"|(?:(?:$h16:){4}$h16)?::$ls32" .
"|(?:(?:$h16:){5}$h16)?::$h16" .
"|(?:(?:$h16:){6}$h16)?::" .
")";
$IP_literal = "\[(?:$IPvFuture|$IPv6Address)\]";
$r_userinfo = "(?:[$unreserved$sub_delims:]|$pct_encoded)*";
// IPv6 is broken
$r_authority = "/^(($r_userinfo)@)?(\[$IP_literal\]|[^:]*)(:(\d*))?/";
$r_authority = "/^(($r_userinfo)@)?(\[[^\]]+\]|[^:]*)(:(\d*))?/";
$matches = array();
preg_match($r_authority, $authority, $matches);
// overloads regexp!
@@ -104,6 +90,9 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if ($port < 1 || $port > 65535) $port = null;
}
$host = $this->host->validate($host, $config, $context);
if ($host === false) $host = null;
// userinfo and host are validated within the regexp
} else {