| 1 | <?php |
|---|
| 2 | |
|---|
| 3 | /** |
|---|
| 4 | * Validates the HTML attribute ID. |
|---|
| 5 | * @warning Even though this is the id processor, it |
|---|
| 6 | * will ignore the directive Attr:IDBlacklist, since it will only |
|---|
| 7 | * go according to the ID accumulator. Since the accumulator is |
|---|
| 8 | * automatically generated, it will have already absorbed the |
|---|
| 9 | * blacklist. If you're hacking around, make sure you use load()! |
|---|
| 10 | */ |
|---|
| 11 | |
|---|
| 12 | class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef |
|---|
| 13 | { |
|---|
| 14 | |
|---|
| 15 | // ref functionality disabled, since we also have to verify |
|---|
| 16 | // whether or not the ID it refers to exists |
|---|
| 17 | |
|---|
| 18 | public function validate($id, $config, $context) { |
|---|
| 19 | |
|---|
| 20 | if (!$config->get('Attr', 'EnableID')) return false; |
|---|
| 21 | |
|---|
| 22 | $id = trim($id); // trim it first |
|---|
| 23 | |
|---|
| 24 | if ($id === '') return false; |
|---|
| 25 | |
|---|
| 26 | $prefix = $config->get('Attr', 'IDPrefix'); |
|---|
| 27 | if ($prefix !== '') { |
|---|
| 28 | $prefix .= $config->get('Attr', 'IDPrefixLocal'); |
|---|
| 29 | // prevent re-appending the prefix |
|---|
| 30 | if (strpos($id, $prefix) !== 0) $id = $prefix . $id; |
|---|
| 31 | } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') { |
|---|
| 32 | trigger_error('%Attr.IDPrefixLocal cannot be used unless '. |
|---|
| 33 | '%Attr.IDPrefix is set', E_USER_WARNING); |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | //if (!$this->ref) { |
|---|
| 37 | $id_accumulator =& $context->get('IDAccumulator'); |
|---|
| 38 | if (isset($id_accumulator->ids[$id])) return false; |
|---|
| 39 | //} |
|---|
| 40 | |
|---|
| 41 | // we purposely avoid using regex, hopefully this is faster |
|---|
| 42 | |
|---|
| 43 | if (ctype_alpha($id)) { |
|---|
| 44 | $result = true; |
|---|
| 45 | } else { |
|---|
| 46 | if (!ctype_alpha(@$id[0])) return false; |
|---|
| 47 | $trim = trim( // primitive style of regexps, I suppose |
|---|
| 48 | $id, |
|---|
| 49 | 'A..Za..z0..9:-._' |
|---|
| 50 | ); |
|---|
| 51 | $result = ($trim === ''); |
|---|
| 52 | } |
|---|
| 53 | |
|---|
| 54 | $regexp = $config->get('Attr', 'IDBlacklistRegexp'); |
|---|
| 55 | if ($regexp && preg_match($regexp, $id)) { |
|---|
| 56 | return false; |
|---|
| 57 | } |
|---|
| 58 | |
|---|
| 59 | if (/*!$this->ref && */$result) $id_accumulator->add($id); |
|---|
| 60 | |
|---|
| 61 | // if no change was made to the ID, return the result |
|---|
| 62 | // else, return the new id if stripping whitespace made it |
|---|
| 63 | // valid, or return false. |
|---|
| 64 | return $result ? $id : false; |
|---|
| 65 | |
|---|
| 66 | } |
|---|
| 67 | |
|---|
| 68 | } |
|---|
| 69 | |
|---|
