ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Data Fields
HTMLPurifier_URI Class Reference

HTML Purifier's internal representation of a URI. More...

+ Collaboration diagram for HTMLPurifier_URI:

Public Member Functions

 __construct ($scheme, $userinfo, $host, $port, $path, $query, $fragment)
 
 getSchemeObj ($config, $context)
 Retrieves a scheme object corresponding to the URI's scheme/default. More...
 
 validate ($config, $context)
 Generic validation method applicable for all schemes. More...
 
 toString ()
 Convert URI back to string. More...
 
 isLocal ($config, $context)
 Returns true if this URL might be considered a 'local' URL given the current context. More...
 
 isBenign ($config, $context)
 Returns true if this URL should be considered a 'benign' URL, that is: More...
 

Data Fields

 $scheme
 string More...
 
 $userinfo
 string More...
 
 $host
 string More...
 
 $port
 int More...
 
 $path
 string More...
 
 $query
 string More...
 
 $fragment
 string More...
 

Detailed Description

HTML Purifier's internal representation of a URI.

Note
Internal data-structures are completely escaped. If the data needs to be used in a non-URI context (which is very unlikely), be sure to decode it first. The URI may not necessarily be well-formed until validate() is called.

Definition at line 11 of file URI.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier_URI::__construct (   $scheme,
  $userinfo,
  $host,
  $port,
  $path,
  $query,
  $fragment 
)
Parameters
string$scheme
string$userinfo
string$host
int$port
string$path
string$query
string$fragment
Note
Automatically normalizes scheme and port

Definition at line 58 of file URI.php.

References $fragment, $host, $path, $port, $query, $scheme, and $userinfo.

59  {
60  $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
61  $this->userinfo = $userinfo;
62  $this->host = $host;
63  $this->port = is_null($port) ? $port : (int)$port;
64  $this->path = $path;
65  $this->query = $query;
66  $this->fragment = $fragment;
67  }
HTMLPurifier_URI\$path
$path
string
Definition: URI.php:36
HTMLPurifier_URI\$query
$query
string
Definition: URI.php:41
HTMLPurifier_URI\$port
$port
int
Definition: URI.php:31
HTMLPurifier_URI\$userinfo
$userinfo
string
Definition: URI.php:21
HTMLPurifier_URI\$scheme
$scheme
string
Definition: URI.php:16
HTMLPurifier_URI\$host
$host
string
Definition: URI.php:26
HTMLPurifier_URI\$fragment
$fragment
string
Definition: URI.php:46

Member Function Documentation

◆ getSchemeObj()

HTMLPurifier_URI::getSchemeObj (   $config,
  $context 
)

Retrieves a scheme object corresponding to the URI's scheme/default.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
HTMLPurifier_URIScheme Scheme object appropriate for validating this URI

Definition at line 75 of file URI.php.

References $config, $def, and HTMLPurifier_URISchemeRegistry\instance().

Referenced by isBenign().

76  {
77  $registry = HTMLPurifier_URISchemeRegistry::instance();
78  if ($this->scheme !== null) {
79  $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80  if (!$scheme_obj) {
81  return false;
82  } // invalid scheme, clean it out
83  } else {
84  // no scheme: retrieve the default one
85  $def = $config->getDefinition('URI');
86  $scheme_obj = $def->getDefaultScheme($config, $context);
87  if (!$scheme_obj) {
88  if ($def->defaultScheme !== null) {
89  // something funky happened to the default scheme object
90  trigger_error(
91  'Default scheme object "' . $def->defaultScheme . '" was not readable',
92  E_USER_WARNING
93  );
94  } // suppress error if it's null
95  return false;
96  }
97  }
98  return $scheme_obj;
99  }
HTMLPurifier_URISchemeRegistry\instance
static instance($prototype=null)
Retrieve sole instance of the registry.
Definition: URISchemeRegistry.php:17
$def
$def
Definition: croninfo.php:21
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isBenign()

HTMLPurifier_URI::isBenign (   $config,
  $context 
)

Returns true if this URL should be considered a 'benign' URL, that is:

Definition at line 295 of file URI.php.

References $config, getSchemeObj(), and isLocal().

296  {
297  if (!$this->isLocal($config, $context)) {
298  return false;
299  }
300 
301  $scheme_obj = $this->getSchemeObj($config, $context);
302  if (!$scheme_obj) {
303  return false;
304  } // conservative approach
305 
306  $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
307  if ($current_scheme_obj->secure) {
308  if (!$scheme_obj->secure) {
309  return false;
310  }
311  }
312  return true;
313  }
HTMLPurifier_URI\isLocal
isLocal($config, $context)
Returns true if this URL might be considered a 'local' URL given the current context.
Definition: URI.php:273
HTMLPurifier_URI\getSchemeObj
getSchemeObj($config, $context)
Retrieves a scheme object corresponding to the URI's scheme/default.
Definition: URI.php:75
+ Here is the call graph for this function:

◆ isLocal()

HTMLPurifier_URI::isLocal (   $config,
  $context 
)

Returns true if this URL might be considered a 'local' URL given the current context.

This is true when the host is null, or when it matches the host supplied to the configuration.

Note that this does not do any scheme checking, so it is mostly only appropriate for metadata that doesn't care about protocol security. isBenign is probably what you actually want.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
bool

Definition at line 273 of file URI.php.

References $config.

Referenced by isBenign().

274  {
275  if ($this->host === null) {
276  return true;
277  }
278  $uri_def = $config->getDefinition('URI');
279  if ($uri_def->host === $this->host) {
280  return true;
281  }
282  return false;
283  }
+ Here is the caller graph for this function:

◆ toString()

HTMLPurifier_URI::toString ( )

Convert URI back to string.

Returns
string URI appropriate for output

Definition at line 219 of file URI.php.

References $authority, $fragment, $host, $path, $port, $query, and $result.

220  {
221  // reconstruct authority
222  $authority = null;
223  // there is a rendering difference between a null authority
224  // (http:foo-bar) and an empty string authority
225  // (http:///foo-bar).
226  if (!is_null($this->host)) {
227  $authority = '';
228  if (!is_null($this->userinfo)) {
229  $authority .= $this->userinfo . '@';
230  }
231  $authority .= $this->host;
232  if (!is_null($this->port)) {
233  $authority .= ':' . $this->port;
234  }
235  }
236 
237  // Reconstruct the result
238  // One might wonder about parsing quirks from browsers after
239  // this reconstruction. Unfortunately, parsing behavior depends
240  // on what *scheme* was employed (file:///foo is handled *very*
241  // differently than http:///foo), so unfortunately we have to
242  // defer to the schemes to do the right thing.
243  $result = '';
244  if (!is_null($this->scheme)) {
245  $result .= $this->scheme . ':';
246  }
247  if (!is_null($authority)) {
248  $result .= '//' . $authority;
249  }
250  $result .= $this->path;
251  if (!is_null($this->query)) {
252  $result .= '?' . $this->query;
253  }
254  if (!is_null($this->fragment)) {
255  $result .= '#' . $this->fragment;
256  }
257 
258  return $result;
259  }
$result
$result
Definition: CleanUpTest.php:463
HTMLPurifier_URI\$path
$path
string
Definition: URI.php:36
HTMLPurifier_URI\$query
$query
string
Definition: URI.php:41
HTMLPurifier_URI\$port
$port
int
Definition: URI.php:31
HTMLPurifier_URI\$host
$host
string
Definition: URI.php:26
$authority
$authority
Definition: consentAdmin.php:71
HTMLPurifier_URI\$fragment
$fragment
string
Definition: URI.php:46

◆ validate()

HTMLPurifier_URI::validate (   $config,
  $context 
)

Generic validation method applicable for all schemes.

May modify this URI in order to get it into a compliant form.

Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
bool True if validation/filtering succeeds, false if failure

Definition at line 108 of file URI.php.

References $config, and $def.

109  {
110  // ABNF definitions from RFC 3986
111  $chars_sub_delims = '!$&\'()*+,;=';
112  $chars_gen_delims = ':/?#[]@';
113  $chars_pchar = $chars_sub_delims . ':@';
114 
115  // validate host
116  if (!is_null($this->host)) {
117  $host_def = new HTMLPurifier_AttrDef_URI_Host();
118  $this->host = $host_def->validate($this->host, $config, $context);
119  if ($this->host === false) {
120  $this->host = null;
121  }
122  }
123 
124  // validate scheme
125  // NOTE: It's not appropriate to check whether or not this
126  // scheme is in our registry, since a URIFilter may convert a
127  // URI that we don't allow into one we do. So instead, we just
128  // check if the scheme can be dropped because there is no host
129  // and it is our default scheme.
130  if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
131  // support for relative paths is pretty abysmal when the
132  // scheme is present, so axe it when possible
133  $def = $config->getDefinition('URI');
134  if ($def->defaultScheme === $this->scheme) {
135  $this->scheme = null;
136  }
137  }
138 
139  // validate username
140  if (!is_null($this->userinfo)) {
141  $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
142  $this->userinfo = $encoder->encode($this->userinfo);
143  }
144 
145  // validate port
146  if (!is_null($this->port)) {
147  if ($this->port < 1 || $this->port > 65535) {
148  $this->port = null;
149  }
150  }
151 
152  // validate path
153  $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
154  if (!is_null($this->host)) { // this catches $this->host === ''
155  // path-abempty (hier and relative)
156  // http://www.example.com/my/path
157  // //www.example.com/my/path (looks odd, but works, and
158  // recognized by most browsers)
159  // (this set is valid or invalid on a scheme by scheme
160  // basis, so we'll deal with it later)
161  // file:///my/path
162  // ///my/path
163  $this->path = $segments_encoder->encode($this->path);
164  } elseif ($this->path !== '') {
165  if ($this->path[0] === '/') {
166  // path-absolute (hier and relative)
167  // http:/my/path
168  // /my/path
169  if (strlen($this->path) >= 2 && $this->path[1] === '/') {
170  // This could happen if both the host gets stripped
171  // out
172  // http://my/path
173  // //my/path
174  $this->path = '';
175  } else {
176  $this->path = $segments_encoder->encode($this->path);
177  }
178  } elseif (!is_null($this->scheme)) {
179  // path-rootless (hier)
180  // http:my/path
181  // Short circuit evaluation means we don't need to check nz
182  $this->path = $segments_encoder->encode($this->path);
183  } else {
184  // path-noscheme (relative)
185  // my/path
186  // (once again, not checking nz)
187  $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
188  $c = strpos($this->path, '/');
189  if ($c !== false) {
190  $this->path =
191  $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
192  $segments_encoder->encode(substr($this->path, $c));
193  } else {
194  $this->path = $segment_nc_encoder->encode($this->path);
195  }
196  }
197  } else {
198  // path-empty (hier and relative)
199  $this->path = ''; // just to be safe
200  }
201 
202  // qf = query and fragment
203  $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
204 
205  if (!is_null($this->query)) {
206  $this->query = $qf_encoder->encode($this->query);
207  }
208 
209  if (!is_null($this->fragment)) {
210  $this->fragment = $qf_encoder->encode($this->fragment);
211  }
212  return true;
213  }
HTMLPurifier_PercentEncoder
Class that handles operations involving percent-encoding in URIs.
Definition: PercentEncoder.php:11
HTMLPurifier_AttrDef_URI_Host
Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
Definition: Host.php:6
$def
$def
Definition: croninfo.php:21

Field Documentation

◆ $fragment

HTMLPurifier_URI::$fragment

string

Definition at line 46 of file URI.php.

Referenced by __construct(), and toString().

◆ $host

HTMLPurifier_URI::$host

string

Definition at line 26 of file URI.php.

Referenced by __construct(), and toString().

◆ $path

HTMLPurifier_URI::$path

string

Definition at line 36 of file URI.php.

Referenced by __construct(), and toString().

◆ $port

HTMLPurifier_URI::$port

int

Definition at line 31 of file URI.php.

Referenced by __construct(), and toString().

◆ $query

HTMLPurifier_URI::$query

string

Definition at line 41 of file URI.php.

Referenced by __construct(), and toString().

◆ $scheme

HTMLPurifier_URI::$scheme

string

Definition at line 16 of file URI.php.

Referenced by __construct().

◆ $userinfo

HTMLPurifier_URI::$userinfo

string

Definition at line 21 of file URI.php.

Referenced by __construct().

The documentation for this class was generated from the following file: