/usr/share/php/HTMLPurifier/URIScheme.php is in php-htmlpurifier 4.7.0-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | <?php
/**
* Validator for the components of a URI for a specific scheme
*/
abstract class HTMLPurifier_URIScheme
{
/**
* Scheme's default port (integer). If an explicit port number is
* specified that coincides with the default port, it will be
* elided.
* @type int
*/
public $default_port = null;
/**
* Whether or not URIs of this scheme are locatable by a browser
* http and ftp are accessible, while mailto and news are not.
* @type bool
*/
public $browsable = false;
/**
* Whether or not data transmitted over this scheme is encrypted.
* https is secure, http is not.
* @type bool
*/
public $secure = false;
/**
* Whether or not the URI always uses <hier_part>, resolves edge cases
* with making relative URIs absolute
* @type bool
*/
public $hierarchical = false;
/**
* Whether or not the URI may omit a hostname when the scheme is
* explicitly specified, ala file:///path/to/file. As of writing,
* 'file' is the only scheme that browsers support his properly.
* @type bool
*/
public $may_omit_host = false;
/**
* Validates the components of a URI for a specific scheme.
* @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool success or failure
*/
abstract public function doValidate(&$uri, $config, $context);
/**
* Public interface for validating components of a URI. Performs a
* bunch of default actions. Don't overload this method.
* @param HTMLPurifier_URI $uri Reference to a HTMLPurifier_URI object
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool success or failure
*/
public function validate(&$uri, $config, $context)
{
if ($this->default_port == $uri->port) {
$uri->port = null;
}
// kludge: browsers do funny things when the scheme but not the
// authority is set
if (!$this->may_omit_host &&
// if the scheme is present, a missing host is always in error
(!is_null($uri->scheme) && ($uri->host === '' || is_null($uri->host))) ||
// if the scheme is not present, a *blank* host is in error,
// since this translates into '///path' which most browsers
// interpret as being 'http://path'.
(is_null($uri->scheme) && $uri->host === '')
) {
do {
if (is_null($uri->scheme)) {
if (substr($uri->path, 0, 2) != '//') {
$uri->host = null;
break;
}
// URI is '////path', so we cannot nullify the
// host to preserve semantics. Try expanding the
// hostname instead (fall through)
}
// first see if we can manually insert a hostname
$host = $config->get('URI.Host');
if (!is_null($host)) {
$uri->host = $host;
} else {
// we can't do anything sensible, reject the URL.
return false;
}
} while (false);
}
return $this->doValidate($uri, $config, $context);
}
}
// vim: et sw=4 sts=4
|