file.php 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. <?php
  2. /**
  3. * Validates file as defined by RFC 1630 and RFC 1738.
  4. */
  5. class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
  6. {
  7. /**
  8. * Generally file:// URLs are not accessible from most
  9. * machines, so placing them as an img src is incorrect.
  10. * @type bool
  11. */
  12. public $browsable = false;
  13. /**
  14. * Basically the *only* URI scheme for which this is true, since
  15. * accessing files on the local machine is very common. In fact,
  16. * browsers on some operating systems don't understand the
  17. * authority, though I hear it is used on Windows to refer to
  18. * network shares.
  19. * @type bool
  20. */
  21. public $may_omit_host = true;
  22. /**
  23. * @param HTMLPurifier_URI $uri
  24. * @param HTMLPurifier_Config $config
  25. * @param HTMLPurifier_Context $context
  26. * @return bool
  27. */
  28. public function doValidate(&$uri, $config, $context)
  29. {
  30. // Authentication method is not supported
  31. $uri->userinfo = null;
  32. // file:// makes no provisions for accessing the resource
  33. $uri->port = null;
  34. // While it seems to work on Firefox, the querystring has
  35. // no possible effect and is thus stripped.
  36. $uri->query = null;
  37. return true;
  38. }
  39. }
  40. // vim: et sw=4 sts=4