1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-10-23 17:46:18 +02:00
Files
php-htmlpurifier/library/HTMLPurifier/AttrDef/Pixels.php
Edward Z. Yang 38e0485fcd Prevent image crash attacks.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 22:53:12 +00:00

34 lines
901 B
PHP

<?php
require_once 'HTMLPurifier/AttrDef.php';
class HTMLPurifier_AttrDef_Pixels extends HTMLPurifier_AttrDef
{
function validate($string, $config, &$context) {
$string = trim($string);
if ($string === '0') return $string;
if ($string === '') return false;
$length = strlen($string);
if (substr($string, $length - 2) == 'px') {
$string = substr($string, 0, $length - 2);
}
if (!is_numeric($string)) return false;
$int = (int) $string;
if ($int < 0) return '0';
// upper-bound value, extremely high values can
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
// WARNING, above link WILL crash you if you're using Windows
if ($int > 1200) return '1200';
return (string) $int;
}
}
?>