TimeTrex Community Edition v16.2.0
This commit is contained in:
113
vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
vendored
Normal file
113
vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
vendored
Normal file
@ -0,0 +1,113 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Validates the HTML attribute ID.
|
||||
* @warning Even though this is the id processor, it
|
||||
* will ignore the directive Attr:IDBlacklist, since it will only
|
||||
* go according to the ID accumulator. Since the accumulator is
|
||||
* automatically generated, it will have already absorbed the
|
||||
* blacklist. If you're hacking around, make sure you use load()!
|
||||
*/
|
||||
|
||||
class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
// selector is NOT a valid thing to use for IDREFs, because IDREFs
|
||||
// *must* target IDs that exist, whereas selector #ids do not.
|
||||
|
||||
/**
|
||||
* Determines whether or not we're validating an ID in a CSS
|
||||
* selector context.
|
||||
* @type bool
|
||||
*/
|
||||
protected $selector;
|
||||
|
||||
/**
|
||||
* @param bool $selector
|
||||
*/
|
||||
public function __construct($selector = false)
|
||||
{
|
||||
$this->selector = $selector;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $id
|
||||
* @param HTMLPurifier_Config $config
|
||||
* @param HTMLPurifier_Context $context
|
||||
* @return bool|string
|
||||
*/
|
||||
public function validate($id, $config, $context)
|
||||
{
|
||||
if (!$this->selector && !$config->get('Attr.EnableID')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$id = trim($id); // trim it first
|
||||
|
||||
if ($id === '') {
|
||||
return false;
|
||||
}
|
||||
|
||||
$prefix = $config->get('Attr.IDPrefix');
|
||||
if ($prefix !== '') {
|
||||
$prefix .= $config->get('Attr.IDPrefixLocal');
|
||||
// prevent re-appending the prefix
|
||||
if (strpos($id, $prefix) !== 0) {
|
||||
$id = $prefix . $id;
|
||||
}
|
||||
} elseif ($config->get('Attr.IDPrefixLocal') !== '') {
|
||||
trigger_error(
|
||||
'%Attr.IDPrefixLocal cannot be used unless ' .
|
||||
'%Attr.IDPrefix is set',
|
||||
E_USER_WARNING
|
||||
);
|
||||
}
|
||||
|
||||
if (!$this->selector) {
|
||||
$id_accumulator =& $context->get('IDAccumulator');
|
||||
if (isset($id_accumulator->ids[$id])) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// we purposely avoid using regex, hopefully this is faster
|
||||
|
||||
if ($config->get('Attr.ID.HTML5') === true) {
|
||||
if (preg_match('/[\t\n\x0b\x0c ]/', $id)) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
if (ctype_alpha($id)) {
|
||||
// OK
|
||||
} else {
|
||||
if (!ctype_alpha(@$id[0])) {
|
||||
return false;
|
||||
}
|
||||
// primitive style of regexps, I suppose
|
||||
$trim = trim(
|
||||
$id,
|
||||
'A..Za..z0..9:-._'
|
||||
);
|
||||
if ($trim !== '') {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$regexp = $config->get('Attr.IDBlacklistRegexp');
|
||||
if ($regexp && preg_match($regexp, $id)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!$this->selector) {
|
||||
$id_accumulator->add($id);
|
||||
}
|
||||
|
||||
// if no change was made to the ID, return the result
|
||||
// else, return the new id if stripping whitespace made it
|
||||
// valid, or return false.
|
||||
return $id;
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
Reference in New Issue
Block a user