Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
  • Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
   1  <?php
   2  
   3  /**
   4   * Validates a URI as defined by RFC 3986.
   5   * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
   6   */
   7  class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
   8  {
   9  
  10      /**
  11       * @type HTMLPurifier_URIParser
  12       */
  13      protected $parser;
  14  
  15      /**
  16       * @type bool
  17       */
  18      protected $embedsResource;
  19  
  20      /**
  21       * @param bool $embeds_resource Does the URI here result in an extra HTTP request?
  22       */
  23      public function __construct($embeds_resource = false)
  24      {
  25          $this->parser = new HTMLPurifier_URIParser();
  26          $this->embedsResource = (bool)$embeds_resource;
  27      }
  28  
  29      /**
  30       * @param string $string
  31       * @return HTMLPurifier_AttrDef_URI
  32       */
  33      public function make($string)
  34      {
  35          $embeds = ($string === 'embedded');
  36          return new HTMLPurifier_AttrDef_URI($embeds);
  37      }
  38  
  39      /**
  40       * @param string $uri
  41       * @param HTMLPurifier_Config $config
  42       * @param HTMLPurifier_Context $context
  43       * @return bool|string
  44       */
  45      public function validate($uri, $config, $context)
  46      {
  47          if ($config->get('URI.Disable')) {
  48              return false;
  49          }
  50  
  51          $uri = $this->parseCDATA($uri);
  52  
  53          // parse the URI
  54          $uri = $this->parser->parse($uri);
  55          if ($uri === false) {
  56              return false;
  57          }
  58  
  59          // add embedded flag to context for validators
  60          $context->register('EmbeddedURI', $this->embedsResource);
  61  
  62          $ok = false;
  63          do {
  64  
  65              // generic validation
  66              $result = $uri->validate($config, $context);
  67              if (!$result) {
  68                  break;
  69              }
  70  
  71              // chained filtering
  72              $uri_def = $config->getDefinition('URI');
  73              $result = $uri_def->filter($uri, $config, $context);
  74              if (!$result) {
  75                  break;
  76              }
  77  
  78              // scheme-specific validation
  79              $scheme_obj = $uri->getSchemeObj($config, $context);
  80              if (!$scheme_obj) {
  81                  break;
  82              }
  83              if ($this->embedsResource && !$scheme_obj->browsable) {
  84                  break;
  85              }
  86              $result = $scheme_obj->validate($uri, $config, $context);
  87              if (!$result) {
  88                  break;
  89              }
  90  
  91              // Post chained filtering
  92              $result = $uri_def->postFilter($uri, $config, $context);
  93              if (!$result) {
  94                  break;
  95              }
  96  
  97              // survived gauntlet
  98              $ok = true;
  99  
 100          } while (false);
 101  
 102          $context->destroy('EmbeddedURI');
 103          if (!$ok) {
 104              return false;
 105          }
 106          // back to string
 107          return $uri->toString();
 108      }
 109  }
 110  
 111  // vim: et sw=4 sts=4