egroupware/phpgwapi/inc/htmlpurifier/library/HTMLPurifier/VarParser.php
Ralf Becker 8f797be836 Added HTMLPurifier (http://htmlpurifier.org/) Version 3.3.0
- can be used via html class like: 

        $clean_html = html::purify($html);

- using it now in eTemplate to remove malicious code from html:
  a) when displaying "formatted text"
  b) when "formatted text" get's input by the user
2009-05-19 17:32:06 +00:00

155 lines
5.1 KiB
PHP
Executable File

<?php
/**
* Parses string representations into their corresponding native PHP
* variable type. The base implementation does a simple type-check.
*/
class HTMLPurifier_VarParser
{
const STRING = 1;
const ISTRING = 2;
const TEXT = 3;
const ITEXT = 4;
const INT = 5;
const FLOAT = 6;
const BOOL = 7;
const LOOKUP = 8;
const ALIST = 9;
const HASH = 10;
const MIXED = 11;
/**
* Lookup table of allowed types. Mainly for backwards compatibility, but
* also convenient for transforming string type names to the integer constants.
*/
static public $types = array(
'string' => self::STRING,
'istring' => self::ISTRING,
'text' => self::TEXT,
'itext' => self::ITEXT,
'int' => self::INT,
'float' => self::FLOAT,
'bool' => self::BOOL,
'lookup' => self::LOOKUP,
'list' => self::ALIST,
'hash' => self::HASH,
'mixed' => self::MIXED
);
/**
* Lookup table of types that are string, and can have aliases or
* allowed value lists.
*/
static public $stringTypes = array(
self::STRING => true,
self::ISTRING => true,
self::TEXT => true,
self::ITEXT => true,
);
/**
* Validate a variable according to type. Throws
* HTMLPurifier_VarParserException if invalid.
* It may return NULL as a valid type if $allow_null is true.
*
* @param $var Variable to validate
* @param $type Type of variable, see HTMLPurifier_VarParser->types
* @param $allow_null Whether or not to permit null as a value
* @return Validated and type-coerced variable
*/
final public function parse($var, $type, $allow_null = false) {
if (is_string($type)) {
if (!isset(HTMLPurifier_VarParser::$types[$type])) {
throw new HTMLPurifier_VarParserException("Invalid type '$type'");
} else {
$type = HTMLPurifier_VarParser::$types[$type];
}
}
$var = $this->parseImplementation($var, $type, $allow_null);
if ($allow_null && $var === null) return null;
// These are basic checks, to make sure nothing horribly wrong
// happened in our implementations.
switch ($type) {
case (self::STRING):
case (self::ISTRING):
case (self::TEXT):
case (self::ITEXT):
if (!is_string($var)) break;
if ($type == self::ISTRING || $type == self::ITEXT) $var = strtolower($var);
return $var;
case (self::INT):
if (!is_int($var)) break;
return $var;
case (self::FLOAT):
if (!is_float($var)) break;
return $var;
case (self::BOOL):
if (!is_bool($var)) break;
return $var;
case (self::LOOKUP):
case (self::ALIST):
case (self::HASH):
if (!is_array($var)) break;
if ($type === self::LOOKUP) {
foreach ($var as $k) if ($k !== true) $this->error('Lookup table contains value other than true');
} elseif ($type === self::ALIST) {
$keys = array_keys($var);
if (array_keys($keys) !== $keys) $this->error('Indices for list are not uniform');
}
return $var;
case (self::MIXED):
return $var;
default:
$this->errorInconsistent(get_class($this), $type);
}
$this->errorGeneric($var, $type);
}
/**
* Actually implements the parsing. Base implementation is to not
* do anything to $var. Subclasses should overload this!
*/
protected function parseImplementation($var, $type, $allow_null) {
return $var;
}
/**
* Throws an exception.
*/
protected function error($msg) {
throw new HTMLPurifier_VarParserException($msg);
}
/**
* Throws an inconsistency exception.
* @note This should not ever be called. It would be called if we
* extend the allowed values of HTMLPurifier_VarParser without
* updating subclasses.
*/
protected function errorInconsistent($class, $type) {
throw new HTMLPurifier_Exception("Inconsistency in $class: ".HTMLPurifier_VarParser::getTypeName($type)." not implemented");
}
/**
* Generic error for if a type didn't work.
*/
protected function errorGeneric($var, $type) {
$vtype = gettype($var);
$this->error("Expected type ".HTMLPurifier_VarParser::getTypeName($type).", got $vtype");
}
static public function getTypeName($type) {
static $lookup;
if (!$lookup) {
// Lazy load the alternative lookup table
$lookup = array_flip(HTMLPurifier_VarParser::$types);
}
if (!isset($lookup[$type])) return 'unknown';
return $lookup[$type];
}
}
// vim: et sw=4 sts=4