diff options
| author | Michael Kuhn <[email protected]> | 2012-04-28 14:37:51 +0200 |
|---|---|---|
| committer | Michael Kuhn <[email protected]> | 2012-04-28 14:37:51 +0200 |
| commit | dd205fbad642ace6d0e33c8553f7d73404f140b4 (patch) | |
| tree | c358d2c6749f953b4bdf5fe34ff9d1d9b0354f4a /lib/htmlpurifier/library/HTMLPurifier/URI.php | |
| parent | f9c0fc6eb74440c761b9b12dd1684a1c1e52213c (diff) | |
Update HTML Purifier to version 4.4.0.
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/URI.php')
| -rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/URI.php | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URI.php b/lib/htmlpurifier/library/HTMLPurifier/URI.php index efdfb2c68..f158ef5e3 100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URI.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URI.php @@ -40,7 +40,7 @@ class HTMLPurifier_URI } else { // no scheme: retrieve the default one $def = $config->getDefinition('URI'); - $scheme_obj = $registry->getScheme($def->defaultScheme, $config, $context); + $scheme_obj = $def->getDefaultScheme($config, $context); if (!$scheme_obj) { // something funky happened to the default scheme object trigger_error( @@ -199,6 +199,44 @@ class HTMLPurifier_URI return $result; } + /** + * Returns true if this URL might be considered a 'local' URL given + * the current context. This is true when the host is null, or + * when it matches the host supplied to the configuration. + * + * Note that this does not do any scheme checking, so it is mostly + * only appropriate for metadata that doesn't care about protocol + * security. isBenign is probably what you actually want. + */ + public function isLocal($config, $context) { + if ($this->host === null) return true; + $uri_def = $config->getDefinition('URI'); + if ($uri_def->host === $this->host) return true; + return false; + } + + /** + * Returns true if this URL should be considered a 'benign' URL, + * that is: + * + * - It is a local URL (isLocal), and + * - It has a equal or better level of security + */ + public function isBenign($config, $context) { + if (!$this->isLocal($config, $context)) return false; + + $scheme_obj = $this->getSchemeObj($config, $context); + if (!$scheme_obj) return false; // conservative approach + + $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context); + if ($current_scheme_obj->secure) { + if (!$scheme_obj->secure) { + return false; + } + } + return true; + } + } // vim: et sw=4 sts=4 |