BenoitCier
/
Opendistrib
atdalīts no Laclic/Souke
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
2 Revīzijas
2 Atzari
Koks: e755510f00
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'e755510f00'
${ noResults }
Opendistrib/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php

75 rindas
2.4KB
Neapstrādāts Vainot Vēsture 

  1. <?php

  2. 

  3. /**

  4.  * Validates a URI in CSS syntax, which uses url('http://example.com')

  5.  * @note While theoretically speaking a URI in a CSS document could

  6.  *       be non-embedded, as of CSS2 there is no such usage so we're

  7.  *       generalizing it. This may need to be changed in the future.

  8.  * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as

  9.  *          the separator, you cannot put a literal semicolon in

  10.  *          in the URI. Try percent encoding it, in that case.

  11.  */

  12. class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI

  13. {

  14. 

  15.     public function __construct()

  16.     {

  17.         parent::__construct(true); // always embedded

  18.     }

  19. 

  20.     /**

  21.      * @param string $uri_string

  22.      * @param HTMLPurifier_Config $config

  23.      * @param HTMLPurifier_Context $context

  24.      * @return bool|string

  25.      */

  26.     public function validate($uri_string, $config, $context)

  27.     {

  28.         // parse the URI out of the string and then pass it onto

  29.         // the parent object

  30. 

  31.         $uri_string = $this->parseCDATA($uri_string);

  32.         if (strpos($uri_string, 'url(') !== 0) {

  33.             return false;

  34.         }

  35.         $uri_string = substr($uri_string, 4);

  36.         $new_length = strlen($uri_string) - 1;

  37.         if ($uri_string[$new_length] != ')') {

  38.             return false;

  39.         }

  40.         $uri = trim(substr($uri_string, 0, $new_length));

  41. 

  42.         if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {

  43.             $quote = $uri[0];

  44.             $new_length = strlen($uri) - 1;

  45.             if ($uri[$new_length] !== $quote) {

  46.                 return false;

  47.             }

  48.             $uri = substr($uri, 1, $new_length - 1);

  49.         }

  50. 

  51.         $uri = $this->expandCSSEscape($uri);

  52. 

  53.         $result = parent::validate($uri, $config, $context);

  54. 

  55.         if ($result === false) {

  56.             return false;

  57.         }

  58. 

  59.         // extra sanity check; should have been done by URI

  60.         $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);

  61. 

  62.         // suspicious characters are ()'; we're going to percent encode

  63.         // them for safety.

  64.         $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);

  65. 

  66.         // there's an extra bug where ampersands lose their escaping on

  67.         // an innerHTML cycle, so a very unlucky query parameter could

  68.         // then change the meaning of the URL.  Unfortunately, there's

  69.         // not much we can do about that...

  70.         return "url(\"$result\")";

  71.     }

  72. }

  73. 

  74. // vim: et sw=4 sts=4