[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Validates the HTML attribute ID.
   5   * @warning Even though this is the id processor, it
   6   *          will ignore the directive Attr:IDBlacklist, since it will only
   7   *          go according to the ID accumulator. Since the accumulator is
   8   *          automatically generated, it will have already absorbed the
   9   *          blacklist. If you're hacking around, make sure you use load()!
  10   */
  11  
  12  class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
  13  {
  14  
  15      // ref functionality disabled, since we also have to verify
  16      // whether or not the ID it refers to exists
  17  
  18      public function validate($id, $config, $context) {
  19  
  20          if (!$config->get('Attr', 'EnableID')) return false;
  21  
  22          $id = trim($id); // trim it first
  23  
  24          if ($id === '') return false;
  25  
  26          $prefix = $config->get('Attr', 'IDPrefix');
  27          if ($prefix !== '') {
  28              $prefix .= $config->get('Attr', 'IDPrefixLocal');
  29              // prevent re-appending the prefix
  30              if (strpos($id, $prefix) !== 0) $id = $prefix . $id;
  31          } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') {
  32              trigger_error('%Attr.IDPrefixLocal cannot be used unless '.
  33                  '%Attr.IDPrefix is set', E_USER_WARNING);
  34          }
  35  
  36          //if (!$this->ref) {
  37              $id_accumulator =& $context->get('IDAccumulator');
  38              if (isset($id_accumulator->ids[$id])) return false;
  39          //}
  40  
  41          // we purposely avoid using regex, hopefully this is faster
  42  
  43          if (ctype_alpha($id)) {
  44              $result = true;
  45          } else {
  46              if (!ctype_alpha(@$id[0])) return false;
  47              $trim = trim( // primitive style of regexps, I suppose
  48                  $id,
  49                  'A..Za..z0..9:-._'
  50                );
  51              $result = ($trim === '');
  52          }
  53  
  54          $regexp = $config->get('Attr', 'IDBlacklistRegexp');
  55          if ($regexp && preg_match($regexp, $id)) {
  56              return false;
  57          }
  58  
  59          if (/*!$this->ref && */$result) $id_accumulator->add($id);
  60  
  61          // if no change was made to the ID, return the result
  62          // else, return the new id if stripping whitespace made it
  63          //     valid, or return false.
  64          return $result ? $id : false;
  65  
  66      }
  67  
  68  }
  69  
  70  // vim: et sw=4 sts=4