diff options
author | Andrew Dolgov <[email protected]> | 2011-04-11 16:41:01 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-04-11 16:41:01 +0400 |
commit | f4f0f80d2118437e5047ba266f92d7acb3c38fb7 (patch) | |
tree | fb15f179dcd68b55613394ad864455f1796de555 /lib/htmlpurifier/library/HTMLPurifier/URIScheme | |
parent | ad92c6ac62903f3bb37f16048fedff44a2eb540d (diff) |
update HTMLPurifier; enable embedded flash video in articles
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/URIScheme')
-rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/URIScheme/data.php | 96 | ||||
-rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/URIScheme/file.php | 32 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php | 3 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php | 3 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php | 0 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php | 4 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php | 4 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php | 3 |
8 files changed, 135 insertions, 10 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/data.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/data.php new file mode 100644 index 000000000..a5c43989e --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/data.php @@ -0,0 +1,96 @@ +<?php + +/** + * Implements data: URI for base64 encoded images supported by GD. + */ +class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme { + + public $browsable = true; + public $allowed_types = array( + // you better write validation code for other types if you + // decide to allow them + 'image/jpeg' => true, + 'image/gif' => true, + 'image/png' => true, + ); + // this is actually irrelevant since we only write out the path + // component + public $may_omit_host = true; + + public function doValidate(&$uri, $config, $context) { + $result = explode(',', $uri->path, 2); + $is_base64 = false; + $charset = null; + $content_type = null; + if (count($result) == 2) { + list($metadata, $data) = $result; + // do some legwork on the metadata + $metas = explode(';', $metadata); + while(!empty($metas)) { + $cur = array_shift($metas); + if ($cur == 'base64') { + $is_base64 = true; + break; + } + if (substr($cur, 0, 8) == 'charset=') { + // doesn't match if there are arbitrary spaces, but + // whatever dude + if ($charset !== null) continue; // garbage + $charset = substr($cur, 8); // not used + } else { + if ($content_type !== null) continue; // garbage + $content_type = $cur; + } + } + } else { + $data = $result[0]; + } + if ($content_type !== null && empty($this->allowed_types[$content_type])) { + return false; + } + if ($charset !== null) { + // error; we don't allow plaintext stuff + $charset = null; + } + $data = rawurldecode($data); + if ($is_base64) { + $raw_data = base64_decode($data); + } else { + $raw_data = $data; + } + // XXX probably want to refactor this into a general mechanism + // for filtering arbitrary content types + $file = tempnam("/tmp", ""); + file_put_contents($file, $raw_data); + if (function_exists('exif_imagetype')) { + $image_code = exif_imagetype($file); + } elseif (function_exists('getimagesize')) { + set_error_handler(array($this, 'muteErrorHandler')); + $info = getimagesize($file); + restore_error_handler(); + if ($info == false) return false; + $image_code = $info[2]; + } else { + trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); + } + $real_content_type = image_type_to_mime_type($image_code); + if ($real_content_type != $content_type) { + // we're nice guys; if the content type is something else we + // support, change it over + if (empty($this->allowed_types[$real_content_type])) return false; + $content_type = $real_content_type; + } + // ok, it's kosher, rewrite what we need + $uri->userinfo = null; + $uri->host = null; + $uri->port = null; + $uri->fragment = null; + $uri->query = null; + $uri->path = "$content_type;base64," . base64_encode($raw_data); + return true; + } + + public function muteErrorHandler($errno, $errstr) {} + +} + diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/file.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/file.php new file mode 100644 index 000000000..d74a3f198 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/file.php @@ -0,0 +1,32 @@ +<?php + +/** + * Validates file as defined by RFC 1630 and RFC 1738. + */ +class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme { + + // Generally file:// URLs are not accessible from most + // machines, so placing them as an img src is incorrect. + public $browsable = false; + + // Basically the *only* URI scheme for which this is true, since + // accessing files on the local machine is very common. In fact, + // browsers on some operating systems don't understand the + // authority, though I hear it is used on Windows to refer to + // network shares. + public $may_omit_host = true; + + public function doValidate(&$uri, $config, $context) { + // Authentication method is not supported + $uri->userinfo = null; + // file:// makes no provisions for accessing the resource + $uri->port = null; + // While it seems to work on Firefox, the querystring has + // no possible effect and is thus stripped. + $uri->query = null; + return true; + } + +} + +// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php index 5849bf7ff..0fb2abf64 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php @@ -9,8 +9,7 @@ class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme { public $browsable = true; // usually public $hierarchical = true; - public function validate(&$uri, $config, $context) { - parent::validate($uri, $config, $context); + public function doValidate(&$uri, $config, $context) { $uri->query = null; // typecode check diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php index b097a31d6..959b8daff 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php @@ -9,8 +9,7 @@ class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme { public $browsable = true; public $hierarchical = true; - public function validate(&$uri, $config, $context) { - parent::validate($uri, $config, $context); + public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; return true; } diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php index 29e380919..29e380919 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php index c1e2cd5aa..9db4cb23f 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php @@ -12,9 +12,9 @@ class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme { public $browsable = false; + public $may_omit_host = true; - public function validate(&$uri, $config, $context) { - parent::validate($uri, $config, $context); + public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->host = null; $uri->port = null; diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php index f5f54f4f5..84a6748d8 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php @@ -6,9 +6,9 @@ class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme { public $browsable = false; + public $may_omit_host = true; - public function validate(&$uri, $config, $context) { - parent::validate($uri, $config, $context); + public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->host = null; $uri->port = null; diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php index 5bf93ea78..4ccea0dfc 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php @@ -8,8 +8,7 @@ class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme { public $default_port = 119; public $browsable = false; - public function validate(&$uri, $config, $context) { - parent::validate($uri, $config, $context); + public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->query = null; return true; |