Administrator / test_1

Blame view

vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php 2.89 KB
Edit Raw Normal View History
70f4f18b   Administrator   first_commit 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
  <?php
  
  /**
   * Validates the HTML attribute ID.
   * @warning Even though this is the id processor, it
   *          will ignore the directive Attr:IDBlacklist, since it will only
   *          go according to the ID accumulator. Since the accumulator is
   *          automatically generated, it will have already absorbed the
   *          blacklist. If you're hacking around, make sure you use load()!
   */
  
  class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
  {
  
      // selector is NOT a valid thing to use for IDREFs, because IDREFs
      // *must* target IDs that exist, whereas selector #ids do not.
  
      /**
       * Determines whether or not we're validating an ID in a CSS
       * selector context.
       * @type bool
       */
      protected $selector;
  
      /**
       * @param bool $selector
       */
      public function __construct($selector = false)
      {
          $this->selector = $selector;
      }
  
      /**
       * @param string $id
       * @param HTMLPurifier_Config $config
       * @param HTMLPurifier_Context $context
       * @return bool|string
       */
      public function validate($id, $config, $context)
      {
          if (!$this->selector && !$config->get('Attr.EnableID')) {
              return false;
          }
  
          $id = trim($id); // trim it first
  
          if ($id === '') {
              return false;
          }
  
          $prefix = $config->get('Attr.IDPrefix');
          if ($prefix !== '') {
              $prefix .= $config->get('Attr.IDPrefixLocal');
              // prevent re-appending the prefix
              if (strpos($id, $prefix) !== 0) {
                  $id = $prefix . $id;
              }
          } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
              trigger_error(
                  '%Attr.IDPrefixLocal cannot be used unless ' .
                  '%Attr.IDPrefix is set',
                  E_USER_WARNING
              );
          }
  
          if (!$this->selector) {
              $id_accumulator =& $context->get('IDAccumulator');
              if (isset($id_accumulator->ids[$id])) {
                  return false;
              }
          }
  
          // we purposely avoid using regex, hopefully this is faster
  
          if (ctype_alpha($id)) {
              $result = true;
          } else {
              if (!ctype_alpha(@$id[0])) {
                  return false;
              }
              // primitive style of regexps, I suppose
              $trim = trim(
                  $id,
                  'A..Za..z0..9:-._'
              );
              $result = ($trim === '');
          }
  
          $regexp = $config->get('Attr.IDBlacklistRegexp');
          if ($regexp && preg_match($regexp, $id)) {
              return false;
          }
  
          if (!$this->selector && $result) {
              $id_accumulator->add($id);
          }
  
          // if no change was made to the ID, return the result
          // else, return the new id if stripping whitespace made it
          //     valid, or return false.
          return $result ? $id : false;
      }
  }
  
  // vim: et sw=4 sts=4