HTMLPurifier_URI Class Reference
HTML Purifier's internal representation of a URI. More...
Collaboration diagram for HTMLPurifier_URI:
Public Member Functions | |
| __construct ($scheme, $userinfo, $host, $port, $path, $query, $fragment) | |
| getSchemeObj ($config, $context) | |
| Retrieves a scheme object corresponding to the URI's scheme/default. More... | |
| validate ($config, $context) | |
| Generic validation method applicable for all schemes. More... | |
| toString () | |
| Convert URI back to string. More... | |
| isLocal ($config, $context) | |
| Returns true if this URL might be considered a 'local' URL given the current context. More... | |
| isBenign ($config, $context) | |
| Returns true if this URL should be considered a 'benign' URL, that is: More... | |
Data Fields | |
| $scheme | |
| @type string More... | |
| $userinfo | |
| @type string More... | |
| $host | |
| @type string More... | |
| $port | |
| @type int More... | |
| $path | |
| @type string More... | |
| $query | |
| @type string More... | |
| $fragment | |
| @type string More... | |
Detailed Description
HTML Purifier's internal representation of a URI.
- Note
- Internal data-structures are completely escaped. If the data needs to be used in a non-URI context (which is very unlikely), be sure to decode it first. The URI may not necessarily be well-formed until validate() is called.
Constructor & Destructor Documentation
◆ __construct()
| HTMLPurifier_URI::__construct | ( | $scheme, | |
| $userinfo, | |||
| $host, | |||
| $port, | |||
| $path, | |||
| $query, | |||
| $fragment | |||
| ) |
- Parameters
-
string $scheme string $userinfo string $host int $port string $path string $query string $fragment
- Note
- Automatically normalizes scheme and port
Definition at line 58 of file URI.php.
59 {
61 $this->userinfo = $userinfo;
62 $this->host = $host;
64 $this->path = $path;
65 $this->query = $query;
66 $this->fragment = $fragment;
67 }
References $fragment, $host, $path, $port, $query, $scheme, and $userinfo.
Member Function Documentation
◆ getSchemeObj()
| HTMLPurifier_URI::getSchemeObj | ( | $config, | |
| $context | |||
| ) |
Retrieves a scheme object corresponding to the URI's scheme/default.
- Parameters
-
HTMLPurifier_Config $config HTMLPurifier_Context $context
- Returns
- HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
Definition at line 75 of file URI.php.
76 {
77 $registry = HTMLPurifier_URISchemeRegistry::instance();
78 if ($this->scheme !== null) {
79 $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
80 if (!$scheme_obj) {
81 return false;
82 } // invalid scheme, clean it out
83 } else {
84 // no scheme: retrieve the default one
87 if (!$scheme_obj) {
89 // something funky happened to the default scheme object
90 trigger_error(
92 E_USER_WARNING
93 );
94 } // suppress error if it's null
95 return false;
96 }
97 }
98 return $scheme_obj;
99 }
static instance($prototype=null)
Retrieve sole instance of the registry.
Definition: URISchemeRegistry.php:17
References $config, $def, and HTMLPurifier_URISchemeRegistry\instance().
Referenced by isBenign().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ isBenign()
| HTMLPurifier_URI::isBenign | ( | $config, | |
| $context | |||
| ) |
Returns true if this URL should be considered a 'benign' URL, that is:
- It is a local URL (isLocal), and - It has a equal or better level of security
- Parameters
-
HTMLPurifier_Config $config HTMLPurifier_Context $context
- Returns
- bool
Definition at line 295 of file URI.php.
296 {
298 return false;
299 }
300
302 if (!$scheme_obj) {
303 return false;
304 } // conservative approach
305
307 if ($current_scheme_obj->secure) {
308 if (!$scheme_obj->secure) {
309 return false;
310 }
311 }
312 return true;
313 }
isLocal($config, $context)
Returns true if this URL might be considered a 'local' URL given the current context.
Definition: URI.php:273
getSchemeObj($config, $context)
Retrieves a scheme object corresponding to the URI's scheme/default.
Definition: URI.php:75
References $config, getSchemeObj(), and isLocal().
Here is the call graph for this function:
◆ isLocal()
| HTMLPurifier_URI::isLocal | ( | $config, | |
| $context | |||
| ) |
Returns true if this URL might be considered a 'local' URL given the current context.
This is true when the host is null, or when it matches the host supplied to the configuration.
Note that this does not do any scheme checking, so it is mostly only appropriate for metadata that doesn't care about protocol security. isBenign is probably what you actually want.
- Parameters
-
HTMLPurifier_Config $config HTMLPurifier_Context $context
- Returns
- bool
Definition at line 273 of file URI.php.
274 {
275 if ($this->host === null) {
276 return true;
277 }
279 if ($uri_def->host === $this->host) {
280 return true;
281 }
282 return false;
283 }
References $config.
Referenced by isBenign().
Here is the caller graph for this function:
◆ toString()
| HTMLPurifier_URI::toString | ( | ) |
Convert URI back to string.
- Returns
- string URI appropriate for output
Definition at line 219 of file URI.php.
220 {
221 // reconstruct authority
223 // there is a rendering difference between a null authority
224 // (http:foo-bar) and an empty string authority
225 // (http:///foo-bar).
226 if (!is_null($this->host)) {
228 if (!is_null($this->userinfo)) {
230 }
232 if (!is_null($this->port)) {
234 }
235 }
236
237 // Reconstruct the result
238 // One might wonder about parsing quirks from browsers after
239 // this reconstruction. Unfortunately, parsing behavior depends
240 // on what *scheme* was employed (file:///foo is handled *very*
241 // differently than http:///foo), so unfortunately we have to
242 // defer to the schemes to do the right thing.
244 if (!is_null($this->scheme)) {
246 }
249 }
251 if (!is_null($this->query)) {
253 }
254 if (!is_null($this->fragment)) {
256 }
257
259 }
References $authority, $fragment, $host, $path, $port, $query, and $result.
◆ validate()
| HTMLPurifier_URI::validate | ( | $config, | |
| $context | |||
| ) |
Generic validation method applicable for all schemes.
May modify this URI in order to get it into a compliant form.
- Parameters
-
HTMLPurifier_Config $config HTMLPurifier_Context $context
- Returns
- bool True if validation/filtering succeeds, false if failure
Definition at line 108 of file URI.php.
109 {
110 // ABNF definitions from RFC 3986
111 $chars_sub_delims = '!$&\'()*+,;=';
112 $chars_gen_delims = ':/?#[]@';
113 $chars_pchar = $chars_sub_delims . ':@';
114
115 // validate host
116 if (!is_null($this->host)) {
118 $this->host = $host_def->validate($this->host, $config, $context);
119 if ($this->host === false) {
120 $this->host = null;
121 }
122 }
123
124 // validate scheme
125 // NOTE: It's not appropriate to check whether or not this
126 // scheme is in our registry, since a URIFilter may convert a
127 // URI that we don't allow into one we do. So instead, we just
128 // check if the scheme can be dropped because there is no host
129 // and it is our default scheme.
130 if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
131 // support for relative paths is pretty abysmal when the
132 // scheme is present, so axe it when possible
135 $this->scheme = null;
136 }
137 }
138
139 // validate username
140 if (!is_null($this->userinfo)) {
142 $this->userinfo = $encoder->encode($this->userinfo);
143 }
144
145 // validate port
146 if (!is_null($this->port)) {
147 if ($this->port < 1 || $this->port > 65535) {
148 $this->port = null;
149 }
150 }
151
152 // validate path
154 if (!is_null($this->host)) { // this catches $this->host === ''
155 // path-abempty (hier and relative)
156 // http://www.example.com/my/path
157 // //www.example.com/my/path (looks odd, but works, and
158 // recognized by most browsers)
159 // (this set is valid or invalid on a scheme by scheme
160 // basis, so we'll deal with it later)
161 // file:///my/path
162 // ///my/path
163 $this->path = $segments_encoder->encode($this->path);
164 } elseif ($this->path !== '') {
165 if ($this->path[0] === '/') {
166 // path-absolute (hier and relative)
167 // http:/my/path
168 // /my/path
169 if (strlen($this->path) >= 2 && $this->path[1] === '/') {
170 // This could happen if both the host gets stripped
171 // out
172 // http://my/path
173 // //my/path
174 $this->path = '';
175 } else {
176 $this->path = $segments_encoder->encode($this->path);
177 }
178 } elseif (!is_null($this->scheme)) {
179 // path-rootless (hier)
180 // http:my/path
181 // Short circuit evaluation means we don't need to check nz
182 $this->path = $segments_encoder->encode($this->path);
183 } else {
184 // path-noscheme (relative)
185 // my/path
186 // (once again, not checking nz)
188 $c = strpos($this->path, '/');
189 if ($c !== false) {
190 $this->path =
191 $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
192 $segments_encoder->encode(substr($this->path, $c));
193 } else {
194 $this->path = $segment_nc_encoder->encode($this->path);
195 }
196 }
197 } else {
198 // path-empty (hier and relative)
199 $this->path = ''; // just to be safe
200 }
201
202 // qf = query and fragment
204
205 if (!is_null($this->query)) {
206 $this->query = $qf_encoder->encode($this->query);
207 }
208
209 if (!is_null($this->fragment)) {
210 $this->fragment = $qf_encoder->encode($this->fragment);
211 }
212 return true;
213 }
Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
Definition: Host.php:7
Class that handles operations involving percent-encoding in URIs.
Definition: PercentEncoder.php:12
Field Documentation
◆ $fragment
| HTMLPurifier_URI::$fragment |
◆ $host
| HTMLPurifier_URI::$host |
◆ $path
| HTMLPurifier_URI::$path |
◆ $port
| HTMLPurifier_URI::$port |
◆ $query
| HTMLPurifier_URI::$query |
◆ $scheme
| HTMLPurifier_URI::$scheme |
◆ $userinfo
| HTMLPurifier_URI::$userinfo |
The documentation for this class was generated from the following file:
- libs/composer/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URI.php
