Context Navigation

FontFamily.php

Revision 21, 2.1 kB (checked in by admin, 18 years ago)

Line
1	<?php
2
3	/**
4	* Validates a font family list according to CSS spec
5	* @todo whitelisting allowed fonts would be nice
6	*/
7	class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
8	{
9
10	public function validate($string, $config, $context) {
11	static $generic_names = array(
12	'serif' => true,
13	'sans-serif' => true,
14	'monospace' => true,
15	'fantasy' => true,
16	'cursive' => true
17	);
18
19	$string = $this->parseCDATA($string);
20	// assume that no font names contain commas in them
21	$fonts = explode(',', $string);
22	$final = '';
23	foreach($fonts as $font) {
24	$font = trim($font);
25	if ($font === '') continue;
26	// match a generic name
27	if (isset($generic_names[$font])) {
28	$final .= $font . ', ';
29	continue;
30	}
31	// match a quoted name
32	if ($font[0] === '"' \|\| $font[0] === "'") {
33	$length = strlen($font);
34	if ($length <= 2) continue;
35	$quote = $font[0];
36	if ($font[$length - 1] !== $quote) continue;
37	$font = substr($font, 1, $length - 2);
38	// double-backslash processing is buggy
39	$font = str_replace("\\$quote", $quote, $font); // de-escape quote
40	$font = str_replace("\\\n", "\n", $font); // de-escape newlines
41	}
42	// $font is a pure representation of the font name
43
44	if (ctype_alnum($font)) {
45	// very simple font, allow it in unharmed
46	$final .= $font . ', ';
47	continue;
48	}
49
50	// complicated font, requires quoting
51
52	// armor single quotes and new lines
53	$font = str_replace("'", "\\'", $font);
54	$font = str_replace("\n", "\\\n", $font);
55	$final .= "'$font', ";
56	}
57	$final = rtrim($final, ', ');
58	if ($final === '') return false;
59	return $final;
60	}
61
62	}
63

Note: See TracBrowser for help on using the browser.

Context Navigation

root/afridex/plugins/Flutter/purifier_lib/HTMLPurifier/AttrDef/CSS/FontFamily.php

Download in other formats: