ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Munge.php
Go to the documentation of this file.
1 <?php
2 
3 class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
4 {
8  public $name = 'Munge';
9 
13  public $post = true;
14 
18  private $target;
19 
23  private $parser;
24 
28  private $doEmbed;
29 
33  private $secretKey;
34 
38  protected $replace = array();
39 
44  public function prepare($config)
45  {
46  $this->target = $config->get('URI.' . $this->name);
47  $this->parser = new HTMLPurifier_URIParser();
48  $this->doEmbed = $config->get('URI.MungeResources');
49  $this->secretKey = $config->get('URI.MungeSecretKey');
50  if ($this->secretKey && !function_exists('hash_hmac')) {
51  throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
52  }
53  return true;
54  }
55 
62  public function filter(&$uri, $config, $context)
63  {
64  if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
65  return true;
66  }
67 
68  $scheme_obj = $uri->getSchemeObj($config, $context);
69  if (!$scheme_obj) {
70  return true;
71  } // ignore unknown schemes, maybe another postfilter did it
72  if (!$scheme_obj->browsable) {
73  return true;
74  } // ignore non-browseable schemes, since we can't munge those in a reasonable way
75  if ($uri->isBenign($config, $context)) {
76  return true;
77  } // don't redirect if a benign URL
78 
79  $this->makeReplace($uri, $config, $context);
80  $this->replace = array_map('rawurlencode', $this->replace);
81 
82  $new_uri = strtr($this->target, $this->replace);
83  $new_uri = $this->parser->parse($new_uri);
84  // don't redirect if the target host is the same as the
85  // starting host
86  if ($uri->host === $new_uri->host) {
87  return true;
88  }
89  $uri = $new_uri; // overwrite
90  return true;
91  }
92 
98  protected function makeReplace($uri, $config, $context)
99  {
100  $string = $uri->toString();
101  // always available
102  $this->replace['%s'] = $string;
103  $this->replace['%r'] = $context->get('EmbeddedURI', true);
104  $token = $context->get('CurrentToken', true);
105  $this->replace['%n'] = $token ? $token->name : null;
106  $this->replace['%m'] = $context->get('CurrentAttr', true);
107  $this->replace['%p'] = $context->get('CurrentCSSProperty', true);
108  // not always available
109  if ($this->secretKey) {
110  $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
111  }
112  }
113 }
114 
115 // vim: et sw=4 sts=4