X7ROOT File Manager
Current Path:
/home/cbholdings/pasukulu/lib/htmlpurifier/HTMLPurifier
home
/
cbholdings
/
pasukulu
/
lib
/
htmlpurifier
/
HTMLPurifier
/
📁
..
📄
Arborize.php
(2.49 KB)
📄
AttrCollections.php
(4.75 KB)
📁
AttrDef
📄
AttrDef.php
(5.07 KB)
📁
AttrTransform
📄
AttrTransform.php
(1.94 KB)
📄
AttrTypes.php
(3.67 KB)
📄
AttrValidator.php
(6.42 KB)
📄
Bootstrap.php
(4.5 KB)
📄
CSSDefinition.php
(19.13 KB)
📁
ChildDef
📄
ChildDef.php
(1.52 KB)
📄
Config.php
(30.96 KB)
📁
ConfigSchema
📄
ConfigSchema.php
(5.76 KB)
📄
ContentSets.php
(5.51 KB)
📄
Context.php
(2.57 KB)
📄
Definition.php
(1.33 KB)
📁
DefinitionCache
📄
DefinitionCache.php
(3.82 KB)
📄
DefinitionCacheFactory.php
(3.13 KB)
📄
Doctype.php
(1.54 KB)
📄
DoctypeRegistry.php
(4.13 KB)
📄
ElementDef.php
(7.35 KB)
📄
Encoder.php
(25.19 KB)
📁
EntityLookup
📄
EntityLookup.php
(1.39 KB)
📄
EntityParser.php
(9.75 KB)
📄
ErrorCollector.php
(7.45 KB)
📄
ErrorStruct.php
(1.85 KB)
📄
Exception.php
(177 B)
📁
Filter
📄
Filter.php
(1.59 KB)
📄
Generator.php
(10.01 KB)
📄
HTMLDefinition.php
(17.33 KB)
📁
HTMLModule
📄
HTMLModule.php
(9.96 KB)
📄
HTMLModuleManager.php
(15.57 KB)
📄
IDAccumulator.php
(1.61 KB)
📁
Injector
📄
Injector.php
(8.79 KB)
📁
Language
📄
Language.php
(5.92 KB)
📄
LanguageFactory.php
(6.46 KB)
📄
Length.php
(3.8 KB)
📁
Lexer
📄
Lexer.php
(13.22 KB)
📁
Node
📄
Node.php
(1.25 KB)
📄
PercentEncoder.php
(3.48 KB)
📁
Printer
📄
Printer.php
(5.76 KB)
📄
PropertyList.php
(2.72 KB)
📄
PropertyListIterator.php
(894 B)
📄
Queue.php
(1.51 KB)
📁
Strategy
📄
Strategy.php
(762 B)
📄
StringHash.php
(1.07 KB)
📄
StringHashParser.php
(3.56 KB)
📁
TagTransform
📄
TagTransform.php
(1.07 KB)
📁
Token
📄
Token.php
(2.17 KB)
📄
TokenFactory.php
(3.03 KB)
📄
URI.php
(10.35 KB)
📄
URIDefinition.php
(3.35 KB)
📁
URIFilter
📄
URIFilter.php
(2.31 KB)
📄
URIParser.php
(2.24 KB)
📁
URIScheme
📄
URIScheme.php
(3.4 KB)
📄
URISchemeRegistry.php
(2.35 KB)
📄
UnitConverter.php
(9.89 KB)
📁
VarParser
📄
VarParser.php
(5.85 KB)
📄
VarParserException.php
(157 B)
📄
Zipper.php
(4.34 KB)
Editing: URI.php
<?php /** * HTML Purifier's internal representation of a URI. * @note * Internal data-structures are completely escaped. If the data needs * to be used in a non-URI context (which is very unlikely), be sure * to decode it first. The URI may not necessarily be well-formed until * validate() is called. */ class HTMLPurifier_URI { /** * @type string */ public $scheme; /** * @type string */ public $userinfo; /** * @type string */ public $host; /** * @type int */ public $port; /** * @type string */ public $path; /** * @type string */ public $query; /** * @type string */ public $fragment; /** * @param string $scheme * @param string $userinfo * @param string $host * @param int $port * @param string $path * @param string $query * @param string $fragment * @note Automatically normalizes scheme and port */ public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment) { $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme); $this->userinfo = $userinfo; $this->host = $host; $this->port = is_null($port) ? $port : (int)$port; $this->path = $path; $this->query = $query; $this->fragment = $fragment; } /** * Retrieves a scheme object corresponding to the URI's scheme/default * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI */ public function getSchemeObj($config, $context) { $registry = HTMLPurifier_URISchemeRegistry::instance(); if ($this->scheme !== null) { $scheme_obj = $registry->getScheme($this->scheme, $config, $context); if (!$scheme_obj) { return false; } // invalid scheme, clean it out } else { // no scheme: retrieve the default one $def = $config->getDefinition('URI'); $scheme_obj = $def->getDefaultScheme($config, $context); if (!$scheme_obj) { if ($def->defaultScheme !== null) { // something funky happened to the default scheme object trigger_error( 'Default scheme object "' . $def->defaultScheme . '" was not readable', E_USER_WARNING ); } // suppress error if it's null return false; } } return $scheme_obj; } /** * Generic validation method applicable for all schemes. May modify * this URI in order to get it into a compliant form. * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool True if validation/filtering succeeds, false if failure */ public function validate($config, $context) { // ABNF definitions from RFC 3986 $chars_sub_delims = '!$&\'()*+,;='; $chars_gen_delims = ':/?#[]@'; $chars_pchar = $chars_sub_delims . ':@'; // validate host if (!is_null($this->host)) { $host_def = new HTMLPurifier_AttrDef_URI_Host(); $this->host = $host_def->validate($this->host, $config, $context); if ($this->host === false) { $this->host = null; } } // validate scheme // NOTE: It's not appropriate to check whether or not this // scheme is in our registry, since a URIFilter may convert a // URI that we don't allow into one we do. So instead, we just // check if the scheme can be dropped because there is no host // and it is our default scheme. if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') { // support for relative paths is pretty abysmal when the // scheme is present, so axe it when possible $def = $config->getDefinition('URI'); if ($def->defaultScheme === $this->scheme) { $this->scheme = null; } } // validate username if (!is_null($this->userinfo)) { $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':'); $this->userinfo = $encoder->encode($this->userinfo); } // validate port if (!is_null($this->port)) { if ($this->port < 1 || $this->port > 65535) { $this->port = null; } } // validate path $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/'); if (!is_null($this->host)) { // this catches $this->host === '' // path-abempty (hier and relative) // http://www.example.com/my/path // //www.example.com/my/path (looks odd, but works, and // recognized by most browsers) // (this set is valid or invalid on a scheme by scheme // basis, so we'll deal with it later) // file:///my/path // ///my/path $this->path = $segments_encoder->encode($this->path); } elseif ($this->path !== '') { if ($this->path[0] === '/') { // path-absolute (hier and relative) // http:/my/path // /my/path if (strlen($this->path) >= 2 && $this->path[1] === '/') { // This could happen if both the host gets stripped // out // http://my/path // //my/path $this->path = ''; } else { $this->path = $segments_encoder->encode($this->path); } } elseif (!is_null($this->scheme)) { // path-rootless (hier) // http:my/path // Short circuit evaluation means we don't need to check nz $this->path = $segments_encoder->encode($this->path); } else { // path-noscheme (relative) // my/path // (once again, not checking nz) $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@'); $c = strpos($this->path, '/'); if ($c !== false) { $this->path = $segment_nc_encoder->encode(substr($this->path, 0, $c)) . $segments_encoder->encode(substr($this->path, $c)); } else { $this->path = $segment_nc_encoder->encode($this->path); } } } else { // path-empty (hier and relative) $this->path = ''; // just to be safe } // qf = query and fragment $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?'); if (!is_null($this->query)) { $this->query = $qf_encoder->encode($this->query); } if (!is_null($this->fragment)) { $this->fragment = $qf_encoder->encode($this->fragment); } return true; } /** * Convert URI back to string * @return string URI appropriate for output */ public function toString() { // reconstruct authority $authority = null; // there is a rendering difference between a null authority // (http:foo-bar) and an empty string authority // (http:///foo-bar). if (!is_null($this->host)) { $authority = ''; if (!is_null($this->userinfo)) { $authority .= $this->userinfo . '@'; } $authority .= $this->host; if (!is_null($this->port)) { $authority .= ':' . $this->port; } } // Reconstruct the result // One might wonder about parsing quirks from browsers after // this reconstruction. Unfortunately, parsing behavior depends // on what *scheme* was employed (file:///foo is handled *very* // differently than http:///foo), so unfortunately we have to // defer to the schemes to do the right thing. $result = ''; if (!is_null($this->scheme)) { $result .= $this->scheme . ':'; } if (!is_null($authority)) { $result .= '//' . $authority; } $result .= $this->path; if (!is_null($this->query)) { $result .= '?' . $this->query; } if (!is_null($this->fragment)) { $result .= '#' . $this->fragment; } return $result; } /** * Returns true if this URL might be considered a 'local' URL given * the current context. This is true when the host is null, or * when it matches the host supplied to the configuration. * * Note that this does not do any scheme checking, so it is mostly * only appropriate for metadata that doesn't care about protocol * security. isBenign is probably what you actually want. * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool */ public function isLocal($config, $context) { if ($this->host === null) { return true; } $uri_def = $config->getDefinition('URI'); if ($uri_def->host === $this->host) { return true; } return false; } /** * Returns true if this URL should be considered a 'benign' URL, * that is: * * - It is a local URL (isLocal), and * - It has a equal or better level of security * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool */ public function isBenign($config, $context) { if (!$this->isLocal($config, $context)) { return false; } $scheme_obj = $this->getSchemeObj($config, $context); if (!$scheme_obj) { return false; } // conservative approach $current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context); if ($current_scheme_obj->secure) { if (!$scheme_obj->secure) { return false; } } return true; } } // vim: et sw=4 sts=4
Upload File
Create Folder