1: <?php
2:
3: 4: 5:
6: class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme {
7:
8: public $browsable = true;
9: public $allowed_types = array(
10:
11:
12: 'image/jpeg' => true,
13: 'image/gif' => true,
14: 'image/png' => true,
15: );
16:
17:
18: public $may_omit_host = true;
19:
20: public function doValidate(&$uri, $config, $context) {
21: $result = explode(',', $uri->path, 2);
22: $is_base64 = false;
23: $charset = null;
24: $content_type = null;
25: if (count($result) == 2) {
26: list($metadata, $data) = $result;
27:
28: $metas = explode(';', $metadata);
29: while(!empty($metas)) {
30: $cur = array_shift($metas);
31: if ($cur == 'base64') {
32: $is_base64 = true;
33: break;
34: }
35: if (substr($cur, 0, 8) == 'charset=') {
36:
37:
38: if ($charset !== null) continue;
39: $charset = substr($cur, 8);
40: } else {
41: if ($content_type !== null) continue;
42: $content_type = $cur;
43: }
44: }
45: } else {
46: $data = $result[0];
47: }
48: if ($content_type !== null && empty($this->allowed_types[$content_type])) {
49: return false;
50: }
51: if ($charset !== null) {
52:
53: $charset = null;
54: }
55: $data = rawurldecode($data);
56: if ($is_base64) {
57: $raw_data = base64_decode($data);
58: } else {
59: $raw_data = $data;
60: }
61:
62:
63: $file = tempnam("/tmp", "");
64: file_put_contents($file, $raw_data);
65: if (function_exists('exif_imagetype')) {
66: $image_code = exif_imagetype($file);
67: } elseif (function_exists('getimagesize')) {
68: set_error_handler(array($this, 'muteErrorHandler'));
69: $info = getimagesize($file);
70: restore_error_handler();
71: if ($info == false) return false;
72: $image_code = $info[2];
73: } else {
74: trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR);
75: }
76: $real_content_type = image_type_to_mime_type($image_code);
77: if ($real_content_type != $content_type) {
78:
79:
80: if (empty($this->allowed_types[$real_content_type])) return false;
81: $content_type = $real_content_type;
82: }
83:
84: $uri->userinfo = null;
85: $uri->host = null;
86: $uri->port = null;
87: $uri->fragment = null;
88: $uri->query = null;
89: $uri->path = "$content_type;base64," . base64_encode($raw_data);
90: return true;
91: }
92:
93: public function muteErrorHandler($errno, $errstr) {}
94:
95: }
96:
97: