1: <?php
2:
3: /**
4: * Validator for the components of a URI for a specific scheme
5: */
6: abstract class HTMLPurifier_URIScheme
7: {
8:
9: /**
10: * Scheme's default port (integer). If an explicit port number is
11: * specified that coincides with the default port, it will be
12: * elided.
13: */
14: public $default_port = null;
15:
16: /**
17: * Whether or not URIs of this schem are locatable by a browser
18: * http and ftp are accessible, while mailto and news are not.
19: */
20: public $browsable = false;
21:
22: /**
23: * Whether or not the URI always uses <hier_part>, resolves edge cases
24: * with making relative URIs absolute
25: */
26: public $hierarchical = false;
27:
28: /**
29: * Whether or not the URI may omit a hostname when the scheme is
30: * explicitly specified, ala file:///path/to/file. As of writing,
31: * 'file' is the only scheme that browsers support his properly.
32: */
33: public $may_omit_host = false;
34:
35: /**
36: * Validates the components of a URI for a specific scheme.
37: * @param $uri Reference to a HTMLPurifier_URI object
38: * @param $config HTMLPurifier_Config object
39: * @param $context HTMLPurifier_Context object
40: * @return Bool success or failure
41: */
42: public abstract function doValidate(&$uri, $config, $context);
43:
44: /**
45: * Public interface for validating components of a URI. Performs a
46: * bunch of default actions. Don't overload this method.
47: * @param $uri Reference to a HTMLPurifier_URI object
48: * @param $config HTMLPurifier_Config object
49: * @param $context HTMLPurifier_Context object
50: * @return Bool success or failure
51: */
52: public function validate(&$uri, $config, $context) {
53: if ($this->default_port == $uri->port) $uri->port = null;
54: // kludge: browsers do funny things when the scheme but not the
55: // authority is set
56: if (!$this->may_omit_host &&
57: // if the scheme is present, a missing host is always in error
58: (!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
59: // if the scheme is not present, a *blank* host is in error,
60: // since this translates into '///path' which most browsers
61: // interpret as being 'http://path'.
62: (is_null($uri->scheme) && $uri->host === '')
63: ) {
64: do {
65: if (is_null($uri->scheme)) {
66: if (substr($uri->path, 0, 2) != '//') {
67: $uri->host = null;
68: break;
69: }
70: // URI is '////path', so we cannot nullify the
71: // host to preserve semantics. Try expanding the
72: // hostname instead (fall through)
73: }
74: // first see if we can manually insert a hostname
75: $host = $config->get('URI.Host');
76: if (!is_null($host)) {
77: $uri->host = $host;
78: } else {
79: // we can't do anything sensible, reject the URL.
80: return false;
81: }
82: } while (false);
83: }
84: return $this->doValidate($uri, $config, $context);
85: }
86:
87: }
88:
89: // vim: et sw=4 sts=4
90: