mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 06:18:28 +01:00
be7f6d4834
Prior to this change, all the line endings in the imported HTMLPurifier library were using CRLF (\r\n aka Windows style), but the HTMLPurifier source and also the downloadable artefacts use LF (\n aka Linux style) as line endings. This has been the case since 510d190382003985eafd6f4407190d43509016a5 when with the commit "MDL-38672 import HTML Purifier 4.5.0" all line endings were changed from LF to CRLF. There was no comment in the commit on why this change was done. As the original source uses LF, this commit partly reverts 510d190382003985eafd6f4407190d43509016a5 and goes back to LF as line endings. Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
112 lines
2.6 KiB
PHP
112 lines
2.6 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Validates a URI as defined by RFC 3986.
|
|
* @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
|
|
*/
|
|
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
|
{
|
|
|
|
/**
|
|
* @type HTMLPurifier_URIParser
|
|
*/
|
|
protected $parser;
|
|
|
|
/**
|
|
* @type bool
|
|
*/
|
|
protected $embedsResource;
|
|
|
|
/**
|
|
* @param bool $embeds_resource Does the URI here result in an extra HTTP request?
|
|
*/
|
|
public function __construct($embeds_resource = false)
|
|
{
|
|
$this->parser = new HTMLPurifier_URIParser();
|
|
$this->embedsResource = (bool)$embeds_resource;
|
|
}
|
|
|
|
/**
|
|
* @param string $string
|
|
* @return HTMLPurifier_AttrDef_URI
|
|
*/
|
|
public function make($string)
|
|
{
|
|
$embeds = ($string === 'embedded');
|
|
return new HTMLPurifier_AttrDef_URI($embeds);
|
|
}
|
|
|
|
/**
|
|
* @param string $uri
|
|
* @param HTMLPurifier_Config $config
|
|
* @param HTMLPurifier_Context $context
|
|
* @return bool|string
|
|
*/
|
|
public function validate($uri, $config, $context)
|
|
{
|
|
if ($config->get('URI.Disable')) {
|
|
return false;
|
|
}
|
|
|
|
$uri = $this->parseCDATA($uri);
|
|
|
|
// parse the URI
|
|
$uri = $this->parser->parse($uri);
|
|
if ($uri === false) {
|
|
return false;
|
|
}
|
|
|
|
// add embedded flag to context for validators
|
|
$context->register('EmbeddedURI', $this->embedsResource);
|
|
|
|
$ok = false;
|
|
do {
|
|
|
|
// generic validation
|
|
$result = $uri->validate($config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// chained filtering
|
|
$uri_def = $config->getDefinition('URI');
|
|
$result = $uri_def->filter($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// scheme-specific validation
|
|
$scheme_obj = $uri->getSchemeObj($config, $context);
|
|
if (!$scheme_obj) {
|
|
break;
|
|
}
|
|
if ($this->embedsResource && !$scheme_obj->browsable) {
|
|
break;
|
|
}
|
|
$result = $scheme_obj->validate($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// Post chained filtering
|
|
$result = $uri_def->postFilter($uri, $config, $context);
|
|
if (!$result) {
|
|
break;
|
|
}
|
|
|
|
// survived gauntlet
|
|
$ok = true;
|
|
|
|
} while (false);
|
|
|
|
$context->destroy('EmbeddedURI');
|
|
if (!$ok) {
|
|
return false;
|
|
}
|
|
// back to string
|
|
return $uri->toString();
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|