[ Index ]

PHP Cross Reference of vtigercrm-6.1.0

title

Body

[close]

/libraries/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ -> URI.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  
   3  /**
   4   * Validates a URI in CSS syntax, which uses url('http://example.com')
   5   * @note While theoretically speaking a URI in a CSS document could
   6   *       be non-embedded, as of CSS2 there is no such usage so we're
   7   *       generalizing it. This may need to be changed in the future.
   8   * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
   9   *          the separator, you cannot put a literal semicolon in
  10   *          in the URI. Try percent encoding it, in that case.
  11   */
  12  class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
  13  {
  14  
  15      public function __construct() {
  16          parent::__construct(true); // always embedded
  17      }
  18  
  19      public function validate($uri_string, $config, $context) {
  20          // parse the URI out of the string and then pass it onto
  21          // the parent object
  22  
  23          $uri_string = $this->parseCDATA($uri_string);
  24          if (strpos($uri_string, 'url(') !== 0) return false;
  25          $uri_string = substr($uri_string, 4);
  26          $new_length = strlen($uri_string) - 1;
  27          if ($uri_string[$new_length] != ')') return false;
  28          $uri = trim(substr($uri_string, 0, $new_length));
  29  
  30          if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
  31              $quote = $uri[0];
  32              $new_length = strlen($uri) - 1;
  33              if ($uri[$new_length] !== $quote) return false;
  34              $uri = substr($uri, 1, $new_length - 1);
  35          }
  36  
  37          $keys   = array(  '(',   ')',   ',',   ' ',   '"',   "'");
  38          $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
  39          $uri = str_replace($values, $keys, $uri);
  40  
  41          $result = parent::validate($uri, $config, $context);
  42  
  43          if ($result === false) return false;
  44  
  45          // escape necessary characters according to CSS spec
  46          // except for the comma, none of these should appear in the
  47          // URI at all
  48          $result = str_replace($keys, $values, $result);
  49  
  50          return "url($result)";
  51  
  52      }
  53  
  54  }
  55  
  56  // vim: et sw=4 sts=4

Body

Body

Body

Body


Generated: Fri Nov 28 20:08:37 2014 Cross-referenced by PHPXref 0.7.1