You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
3.1KB

  1. <?php
  2. /**
  3. * Validates the HTML attribute ID.
  4. * @warning Even though this is the id processor, it
  5. * will ignore the directive Attr:IDBlacklist, since it will only
  6. * go according to the ID accumulator. Since the accumulator is
  7. * automatically generated, it will have already absorbed the
  8. * blacklist. If you're hacking around, make sure you use load()!
  9. */
  10. class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
  11. {
  12. // selector is NOT a valid thing to use for IDREFs, because IDREFs
  13. // *must* target IDs that exist, whereas selector #ids do not.
  14. /**
  15. * Determines whether or not we're validating an ID in a CSS
  16. * selector context.
  17. * @type bool
  18. */
  19. protected $selector;
  20. /**
  21. * @param bool $selector
  22. */
  23. public function __construct($selector = false)
  24. {
  25. $this->selector = $selector;
  26. }
  27. /**
  28. * @param string $id
  29. * @param HTMLPurifier_Config $config
  30. * @param HTMLPurifier_Context $context
  31. * @return bool|string
  32. */
  33. public function validate($id, $config, $context)
  34. {
  35. if (!$this->selector && !$config->get('Attr.EnableID')) {
  36. return false;
  37. }
  38. $id = trim($id); // trim it first
  39. if ($id === '') {
  40. return false;
  41. }
  42. $prefix = $config->get('Attr.IDPrefix');
  43. if ($prefix !== '') {
  44. $prefix .= $config->get('Attr.IDPrefixLocal');
  45. // prevent re-appending the prefix
  46. if (strpos($id, $prefix) !== 0) {
  47. $id = $prefix . $id;
  48. }
  49. } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
  50. trigger_error(
  51. '%Attr.IDPrefixLocal cannot be used unless ' .
  52. '%Attr.IDPrefix is set',
  53. E_USER_WARNING
  54. );
  55. }
  56. if (!$this->selector) {
  57. $id_accumulator =& $context->get('IDAccumulator');
  58. if (isset($id_accumulator->ids[$id])) {
  59. return false;
  60. }
  61. }
  62. // we purposely avoid using regex, hopefully this is faster
  63. if ($config->get('Attr.ID.HTML5') === true) {
  64. if (preg_match('/[\t\n\x0b\x0c ]/', $id)) {
  65. return false;
  66. }
  67. } else {
  68. if (ctype_alpha($id)) {
  69. // OK
  70. } else {
  71. if (!ctype_alpha(@$id[0])) {
  72. return false;
  73. }
  74. // primitive style of regexps, I suppose
  75. $trim = trim(
  76. $id,
  77. 'A..Za..z0..9:-._'
  78. );
  79. if ($trim !== '') {
  80. return false;
  81. }
  82. }
  83. }
  84. $regexp = $config->get('Attr.IDBlacklistRegexp');
  85. if ($regexp && preg_match($regexp, $id)) {
  86. return false;
  87. }
  88. if (!$this->selector) {
  89. $id_accumulator->add($id);
  90. }
  91. // if no change was made to the ID, return the result
  92. // else, return the new id if stripping whitespace made it
  93. // valid, or return false.
  94. return $id;
  95. }
  96. }
  97. // vim: et sw=4 sts=4