1: <?php
2:
3: 4: 5: 6: 7:
8: class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
9: {
10:
11: protected $intValidator;
12:
13: public function __construct() {
14: $this->intValidator = new HTMLPurifier_AttrDef_Integer();
15: }
16:
17: public function validate($value, $config, $context) {
18: $value = $this->parseCDATA($value);
19: if ($value === 'none') return $value;
20:
21: $function_length = strcspn($value, '(');
22: $function = trim(substr($value, 0, $function_length));
23: if ($function !== 'alpha' &&
24: $function !== 'Alpha' &&
25: $function !== 'progid:DXImageTransform.Microsoft.Alpha'
26: ) return false;
27: $cursor = $function_length + 1;
28: $parameters_length = strcspn($value, ')', $cursor);
29: $parameters = substr($value, $cursor, $parameters_length);
30: $params = explode(',', $parameters);
31: $ret_params = array();
32: $lookup = array();
33: foreach ($params as $param) {
34: list($key, $value) = explode('=', $param);
35: $key = trim($key);
36: $value = trim($value);
37: if (isset($lookup[$key])) continue;
38: if ($key !== 'opacity') continue;
39: $value = $this->intValidator->validate($value, $config, $context);
40: if ($value === false) continue;
41: $int = (int) $value;
42: if ($int > 100) $value = '100';
43: if ($int < 0) $value = '0';
44: $ret_params[] = "$key=$value";
45: $lookup[$key] = true;
46: }
47: $ret_parameters = implode(',', $ret_params);
48: $ret_function = "$function($ret_parameters)";
49: return $ret_function;
50: }
51:
52: }
53:
54:
55: