Pixels.php 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. <?php
  2. /**
  3. * Validates an integer representation of pixels according to the HTML spec.
  4. */
  5. class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
  6. {
  7. /**
  8. * @type int
  9. */
  10. protected $max;
  11. /**
  12. * @param int $max
  13. */
  14. public function __construct($max = null)
  15. {
  16. $this->max = $max;
  17. }
  18. /**
  19. * @param string $string
  20. * @param HTMLPurifier_Config $config
  21. * @param HTMLPurifier_Context $context
  22. * @return bool|string
  23. */
  24. public function validate($string, $config, $context)
  25. {
  26. $string = trim($string);
  27. if ($string === '0') {
  28. return $string;
  29. }
  30. if ($string === '') {
  31. return false;
  32. }
  33. $length = strlen($string);
  34. if (substr($string, $length - 2) == 'px') {
  35. $string = substr($string, 0, $length - 2);
  36. }
  37. if (!is_numeric($string)) {
  38. return false;
  39. }
  40. $int = (int)$string;
  41. if ($int < 0) {
  42. return '0';
  43. }
  44. // upper-bound value, extremely high values can
  45. // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
  46. // WARNING, above link WILL crash you if you're using Windows
  47. if ($this->max !== null && $int > $this->max) {
  48. return (string)$this->max;
  49. }
  50. return (string)$int;
  51. }
  52. /**
  53. * @param string $string
  54. * @return HTMLPurifier_AttrDef
  55. */
  56. public function make($string)
  57. {
  58. if ($string === '') {
  59. $max = null;
  60. } else {
  61. $max = (int)$string;
  62. }
  63. $class = get_class($this);
  64. return new $class($max);
  65. }
  66. }
  67. // vim: et sw=4 sts=4