ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5
HTMLPurifier_URI Class Reference

HTML Purifier's internal representation of a URI. More...

+ Collaboration diagram for HTMLPurifier_URI:

Public Member Functions

 __construct ($scheme, $userinfo, $host, $port, $path, $query, $fragment)
 
 getSchemeObj ($config, $context)
 Retrieves a scheme object corresponding to the URI's scheme/default. More...
 
 validate ($config, $context)
 Generic validation method applicable for all schemes. More...
 
 toString ()
 Convert URI back to string. More...
 
 isLocal ($config, $context)
 Returns true if this URL might be considered a 'local' URL given the current context. More...
 
 isBenign ($config, $context)
 Returns true if this URL should be considered a 'benign' URL, that is: More...
 

Data Fields

 $scheme
 string More...
 
 $userinfo
 string More...
 
 $host
 string More...
 
 $port
 int More...
 
 $path
 string More...
 
 $query
 string More...
 
 $fragment
 string More...
 

Detailed Description

HTML Purifier's internal representation of a URI.

Note
Internal data-structures are completely escaped. If the data needs to be used in a non-URI context (which is very unlikely), be sure to decode it first. The URI may not necessarily be well-formed until validate() is called.

Definition at line 11 of file URI.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier_URI::__construct (   $scheme,
  $userinfo,
  $host,
  $port,
  $path,
  $query,
  $fragment 
)
Parameters
string$scheme
string$userinfo
string$host
int$port
string$path
string$query
string$fragment
Note
Automatically normalizes scheme and port

Definition at line 58 of file URI.php.

References $fragment, $host, $path, $port, $query, $scheme, and $userinfo.

59  {
60  $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
61  $this->userinfo = $userinfo;
62  $this->host = $host;
63  $this->port = is_null($port) ? $port : (int)$port;
64  $this->path = $path;
65  $this->query = $query;
66  $this->fragment = $fragment;
67  }
$path
string
Definition: URI.php:36
$query
string
Definition: URI.php:41
$userinfo
string
Definition: URI.php:21
$scheme
string
Definition: URI.php:16
$host
string
Definition: URI.php:26
$fragment
string
Definition: URI.php:46

Member Function Documentation

◆ getSchemeObj()

HTMLPurifier_URI::getSchemeObj (   $config,
  $context 
)

Retrieves a scheme object corresponding to the URI's scheme/default.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
HTMLPurifier_URIScheme Scheme object appropriate for validating this URI

Definition at line 75 of file URI.php.

References HTMLPurifier_URISchemeRegistry\instance().

Referenced by isBenign().

76  {
78  if ($this->scheme !== null) {
79  $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80  if (!$scheme_obj) {
81  return false;
82  } // invalid scheme, clean it out
83  } else {
84  // no scheme: retrieve the default one
85  $def = $config->getDefinition('URI');
86  $scheme_obj = $def->getDefaultScheme($config, $context);
87  if (!$scheme_obj) {
88  // something funky happened to the default scheme object
89  trigger_error(
90  'Default scheme object "' . $def->defaultScheme . '" was not readable',
91  E_USER_WARNING
92  );
93  return false;
94  }
95  }
96  return $scheme_obj;
97  }
static instance($prototype=null)
Retrieve sole instance of the registry.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isBenign()

HTMLPurifier_URI::isBenign (   $config,
  $context 
)

Returns true if this URL should be considered a 'benign' URL, that is:

Definition at line 293 of file URI.php.

References getSchemeObj(), and isLocal().

294  {
295  if (!$this->isLocal($config, $context)) {
296  return false;
297  }
298 
299  $scheme_obj = $this->getSchemeObj($config, $context);
300  if (!$scheme_obj) {
301  return false;
302  } // conservative approach
303 
304  $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
305  if ($current_scheme_obj->secure) {
306  if (!$scheme_obj->secure) {
307  return false;
308  }
309  }
310  return true;
311  }
isLocal($config, $context)
Returns true if this URL might be considered a 'local' URL given the current context.
Definition: URI.php:271
getSchemeObj($config, $context)
Retrieves a scheme object corresponding to the URI's scheme/default.
Definition: URI.php:75
+ Here is the call graph for this function:

◆ isLocal()

HTMLPurifier_URI::isLocal (   $config,
  $context 
)

Returns true if this URL might be considered a 'local' URL given the current context.

This is true when the host is null, or when it matches the host supplied to the configuration.

Note that this does not do any scheme checking, so it is mostly only appropriate for metadata that doesn't care about protocol security. isBenign is probably what you actually want.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
bool

Definition at line 271 of file URI.php.

Referenced by isBenign().

272  {
273  if ($this->host === null) {
274  return true;
275  }
276  $uri_def = $config->getDefinition('URI');
277  if ($uri_def->host === $this->host) {
278  return true;
279  }
280  return false;
281  }
+ Here is the caller graph for this function:

◆ toString()

HTMLPurifier_URI::toString ( )

Convert URI back to string.

Returns
string URI appropriate for output

Definition at line 217 of file URI.php.

References $fragment, $host, $path, $port, $query, and $result.

218  {
219  // reconstruct authority
220  $authority = null;
221  // there is a rendering difference between a null authority
222  // (http:foo-bar) and an empty string authority
223  // (http:///foo-bar).
224  if (!is_null($this->host)) {
225  $authority = '';
226  if (!is_null($this->userinfo)) {
227  $authority .= $this->userinfo . '@';
228  }
229  $authority .= $this->host;
230  if (!is_null($this->port)) {
231  $authority .= ':' . $this->port;
232  }
233  }
234 
235  // Reconstruct the result
236  // One might wonder about parsing quirks from browsers after
237  // this reconstruction. Unfortunately, parsing behavior depends
238  // on what *scheme* was employed (file:///foo is handled *very*
239  // differently than http:///foo), so unfortunately we have to
240  // defer to the schemes to do the right thing.
241  $result = '';
242  if (!is_null($this->scheme)) {
243  $result .= $this->scheme . ':';
244  }
245  if (!is_null($authority)) {
246  $result .= '//' . $authority;
247  }
248  $result .= $this->path;
249  if (!is_null($this->query)) {
250  $result .= '?' . $this->query;
251  }
252  if (!is_null($this->fragment)) {
253  $result .= '#' . $this->fragment;
254  }
255 
256  return $result;
257  }
$result
$path
string
Definition: URI.php:36
$query
string
Definition: URI.php:41
$host
string
Definition: URI.php:26
$fragment
string
Definition: URI.php:46

◆ validate()

HTMLPurifier_URI::validate (   $config,
  $context 
)

Generic validation method applicable for all schemes.

May modify this URI in order to get it into a compliant form.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
bool True if validation/filtering succeeds, false if failure

Definition at line 106 of file URI.php.

107  {
108  // ABNF definitions from RFC 3986
109  $chars_sub_delims = '!$&\'()*+,;=';
110  $chars_gen_delims = ':/?#[]@';
111  $chars_pchar = $chars_sub_delims . ':@';
112 
113  // validate host
114  if (!is_null($this->host)) {
115  $host_def = new HTMLPurifier_AttrDef_URI_Host();
116  $this->host = $host_def->validate($this->host, $config, $context);
117  if ($this->host === false) {
118  $this->host = null;
119  }
120  }
121 
122  // validate scheme
123  // NOTE: It's not appropriate to check whether or not this
124  // scheme is in our registry, since a URIFilter may convert a
125  // URI that we don't allow into one we do. So instead, we just
126  // check if the scheme can be dropped because there is no host
127  // and it is our default scheme.
128  if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
129  // support for relative paths is pretty abysmal when the
130  // scheme is present, so axe it when possible
131  $def = $config->getDefinition('URI');
132  if ($def->defaultScheme === $this->scheme) {
133  $this->scheme = null;
134  }
135  }
136 
137  // validate username
138  if (!is_null($this->userinfo)) {
139  $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
140  $this->userinfo = $encoder->encode($this->userinfo);
141  }
142 
143  // validate port
144  if (!is_null($this->port)) {
145  if ($this->port < 1 || $this->port > 65535) {
146  $this->port = null;
147  }
148  }
149 
150  // validate path
151  $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
152  if (!is_null($this->host)) { // this catches $this->host === ''
153  // path-abempty (hier and relative)
154  // http://www.example.com/my/path
155  // //www.example.com/my/path (looks odd, but works, and
156  // recognized by most browsers)
157  // (this set is valid or invalid on a scheme by scheme
158  // basis, so we'll deal with it later)
159  // file:///my/path
160  // ///my/path
161  $this->path = $segments_encoder->encode($this->path);
162  } elseif ($this->path !== '') {
163  if ($this->path[0] === '/') {
164  // path-absolute (hier and relative)
165  // http:/my/path
166  // /my/path
167  if (strlen($this->path) >= 2 && $this->path[1] === '/') {
168  // This could happen if both the host gets stripped
169  // out
170  // http://my/path
171  // //my/path
172  $this->path = '';
173  } else {
174  $this->path = $segments_encoder->encode($this->path);
175  }
176  } elseif (!is_null($this->scheme)) {
177  // path-rootless (hier)
178  // http:my/path
179  // Short circuit evaluation means we don't need to check nz
180  $this->path = $segments_encoder->encode($this->path);
181  } else {
182  // path-noscheme (relative)
183  // my/path
184  // (once again, not checking nz)
185  $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
186  $c = strpos($this->path, '/');
187  if ($c !== false) {
188  $this->path =
189  $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
190  $segments_encoder->encode(substr($this->path, $c));
191  } else {
192  $this->path = $segment_nc_encoder->encode($this->path);
193  }
194  }
195  } else {
196  // path-empty (hier and relative)
197  $this->path = ''; // just to be safe
198  }
199 
200  // qf = query and fragment
201  $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
202 
203  if (!is_null($this->query)) {
204  $this->query = $qf_encoder->encode($this->query);
205  }
206 
207  if (!is_null($this->fragment)) {
208  $this->fragment = $qf_encoder->encode($this->fragment);
209  }
210  return true;
211  }
Class that handles operations involving percent-encoding in URIs.
Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
Definition: Host.php:6

Field Documentation

◆ $fragment

HTMLPurifier_URI::$fragment

string

Definition at line 46 of file URI.php.

Referenced by __construct(), and toString().

◆ $host

HTMLPurifier_URI::$host

string

Definition at line 26 of file URI.php.

Referenced by __construct(), and toString().

◆ $path

HTMLPurifier_URI::$path

string

Definition at line 36 of file URI.php.

Referenced by __construct(), and toString().

◆ $port

HTMLPurifier_URI::$port

int

Definition at line 31 of file URI.php.

Referenced by __construct(), and toString().

◆ $query

HTMLPurifier_URI::$query

string

Definition at line 41 of file URI.php.

Referenced by __construct(), and toString().

◆ $scheme

HTMLPurifier_URI::$scheme

string

Definition at line 16 of file URI.php.

Referenced by __construct().

◆ $userinfo

HTMLPurifier_URI::$userinfo

string

Definition at line 21 of file URI.php.

Referenced by __construct().


The documentation for this class was generated from the following file: