Commit initial URI unit tests and implementation. They're not complete yet though.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@206 48356398-32a2-884e-a903-53898d9a118a
2025-07-30 19:00:10 +02:00 · 2006-08-12 01:12:35 +00:00
parent c86df12ed7
commit 4b097ef493
5 changed files with 312 additions and 1 deletions
--- a/library/HTMLPurifier/AttrDef/URI.php
+++ b/library/HTMLPurifier/AttrDef/URI.php
@@ -0,0 +1,93 @@
+<?php
+
+require_once 'HTMLPurifier/URIScheme.php';
+require_once 'HTMLPurifier/URISchemeRegistry.php';
+
+class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
+{
+    function validate($uri, $config = null) {
+        
+        // We'll write stack-based parsers later, for now, use regexps to
+        // get things working as fast as possible (irony)
+        
+        // parse as CDATA
+        $uri = $this->parseCDATA($uri);
+        
+        // while it would be nice to use parse_url(), that's specifically
+        // for HTTP and thus won't work for our generic URI parsing
+        
+        // according to the RFC... (but this cuts corners, i.e. non-validating)
+        $regexp = '!^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?!';
+        //           12            3  4          5       6  7        8 9
+        $matches = array();
+        
+        $result = preg_match($regexp, $uri, $matches);
+        
+        if (!$result) return ''; // wow, that's very strange
+        
+        // seperate out parts
+        $scheme     = !empty($matches[1]) ? $matches[2] : null;
+        $authority  = !empty($matches[3]) ? $matches[4] : null;
+        $path       = $matches[5]; // always present
+        $query      = !empty($matches[6]) ? $matches[7] : null;
+        $fragment   = !empty($matches[8]) ? $matches[9] : null;
+        
+        // okay, no need to validate the scheme since we do that when we
+        // retrieve the specific scheme object from the registry
+        $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
+        $registry = HTMLPurifier_URISchemeRegistry::instance();
+        $scheme_obj = $registry->getScheme($scheme);
+        
+        if (!$scheme_obj) return ''; // invalid scheme, clean it out
+        
+        if ($authority !== null) {
+            // validate authority
+            $matches = array();
+            
+            $HEXDIG = '[A-Fa-f0-9]';
+            $unreserved = 'A-Za-z0-9-._~';
+            $sub_delims = '!$&\'()';
+            $h16 = "{$HEXDIG}{1,4}";
+            $dec_octet = '(?:25[0-5]|2[0-4]\d|1\d\d|1\d|[0-9])';
+            $IPv4address = "$dec_octet.$dec_octet.$dec_octet.$dec_octet";
+            $ls32 = "(?:$h16:$h16|$IPv4address)";
+            $IPvFuture = "v$HEXDIG+\.[:$unreserved$sub_delims]+";
+            $IPv6Address = "(?:".
+                                        "(?:$h16:){6}$ls32" .
+                                     "|::(?:$h16:){5}$ls32" .
+                            "|(?:$h16)?::(?:$h16:){4}$ls32" .
+                "|(?:(?:$h16:){1}$h16)?::(?:$h16:){3}$ls32" .
+                "|(?:(?:$h16:){2}$h16)?::(?:$h16:){2}$ls32" .
+                "|(?:(?:$h16:){3}$h16)?::(?:$h16:){1}$ls32" .
+                "|(?:(?:$h16:){4}$h16)?::$ls32" .
+                "|(?:(?:$h16:){5}$h16)?::$h16" .
+                "|(?:(?:$h16:){6}$h16)?::" .
+                ")";
+            $IP_literal = "\[(?:$IPvFuture|$IPv6Address)\]";
+            $regexp = "/^(([^@]+)@)?(\[$IP_literal\]|[^:]*)(:(\d*))?/";
+            
+            preg_match($regexp, $authority, $matches);
+            $userinfo   = !empty($matches[1]) ? $matches[2] : null;
+            $host       = !empty($matches[3]) ? $matches[3] : null;
+            $port       = !empty($matches[4]) ? $matches[5] : null;
+            
+            if ($port !== null) {
+                if (!ctype_digit($port) || $port < 1 || $port > 65535) {
+                    $port = null;
+                }
+            }
+            $authority =
+                ($userinfo === null ? '' : ($userinfo . '@')) .
+                $host .
+                ($port === null ? '' : (':' . $port));
+        }
+        
+        list($authority, $path, $query, $fragment) = 
+        $scheme_obj->validateComponents($authority, $path, $query, $fragment);
+        
+        
+        
+    }
+}
+
+?>
--- a/library/HTMLPurifier/URIScheme.php
+++ b/library/HTMLPurifier/URIScheme.php
@@ -0,0 +1,12 @@
+<?php
+
+class HTMLPurifier_URIScheme
+{
+    
+    function validateComponents() {
+        
+    }
+    
+}
+
+?>
--- a/library/HTMLPurifier/URISchemeRegistry.php
+++ b/library/HTMLPurifier/URISchemeRegistry.php
@@ -0,0 +1,23 @@
+<?php
+
+class HTMLPurifier_URISchemeRegistry
+{
+    
+    // pass a registry object $prototype with a compatible interface and
+    // the function will copy it and return it all further times.
+    // pass bool true to reset to the default registry
+    function &instance($prototype = null) {
+        static $instance = null;
+        if ($prototype !== null) {
+            $instance = $prototype;
+        } elseif ($instance === null || $prototype == true) {
+            $instance = new HTMLPurifier_URISchemeRegistry();
+        }
+        return $instance;
+    }
+    
+    function &getScheme($scheme) {}
+    
+}
+
+?>