[ Index ]

PHP Cross Reference of Moodle 1.9.3 [Build 15-Oct-2008]

title

Body

[close]

/lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/ -> URI.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  
   3  require_once 'HTMLPurifier/AttrDef/URI.php';
   4  
   5  /**
   6   * Validates a URI in CSS syntax, which uses url('http://example.com')
   7   * @note While theoretically speaking a URI in a CSS document could
   8   *       be non-embedded, as of CSS2 there is no such usage so we're
   9   *       generalizing it. This may need to be changed in the future.
  10   * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
  11   *          the separator, you cannot put a literal semicolon in
  12   *          in the URI. Try percent encoding it, in that case.
  13   */
  14  class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
  15  {
  16      
  17      function HTMLPurifier_AttrDef_CSS_URI() {
  18          parent::HTMLPurifier_AttrDef_URI(true); // always embedded
  19      }
  20      
  21      function validate($uri_string, $config, &$context) {
  22          // parse the URI out of the string and then pass it onto
  23          // the parent object
  24          
  25          $uri_string = $this->parseCDATA($uri_string);
  26          if (strpos($uri_string, 'url(') !== 0) return false;
  27          $uri_string = substr($uri_string, 4);
  28          $new_length = strlen($uri_string) - 1;
  29          if ($uri_string[$new_length] != ')') return false;
  30          $uri = trim(substr($uri_string, 0, $new_length));
  31          
  32          if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
  33              $quote = $uri[0];
  34              $new_length = strlen($uri) - 1;
  35              if ($uri[$new_length] !== $quote) return false;
  36              $uri = substr($uri, 1, $new_length - 1);
  37          }
  38          
  39          $keys   = array(  '(',   ')',   ',',   ' ',   '"',   "'");
  40          $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
  41          $uri = str_replace($values, $keys, $uri);
  42          
  43          $result = parent::validate($uri, $config, $context);
  44          
  45          if ($result === false) return false;
  46          
  47          // escape necessary characters according to CSS spec
  48          // except for the comma, none of these should appear in the
  49          // URI at all
  50          $result = str_replace($keys, $values, $result);
  51          
  52          return "url($result)";
  53          
  54      }
  55      
  56  }
  57

Body

Body

Body

Body


Generated: Wed Jan 14 11:33:29 2009 Cross-referenced by PHPXref 0.7