forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
44 lines
1.4 KiB
PHP
Executable File
44 lines
1.4 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738.
|
|
*/
|
|
class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
|
|
|
|
public $default_port = 21;
|
|
public $browsable = true; // usually
|
|
public $hierarchical = true;
|
|
|
|
public function validate(&$uri, $config, $context) {
|
|
parent::validate($uri, $config, $context);
|
|
$uri->query = null;
|
|
|
|
// typecode check
|
|
$semicolon_pos = strrpos($uri->path, ';'); // reverse
|
|
if ($semicolon_pos !== false) {
|
|
$type = substr($uri->path, $semicolon_pos + 1); // no semicolon
|
|
$uri->path = substr($uri->path, 0, $semicolon_pos);
|
|
$type_ret = '';
|
|
if (strpos($type, '=') !== false) {
|
|
// figure out whether or not the declaration is correct
|
|
list($key, $typecode) = explode('=', $type, 2);
|
|
if ($key !== 'type') {
|
|
// invalid key, tack it back on encoded
|
|
$uri->path .= '%3B' . $type;
|
|
} elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') {
|
|
$type_ret = ";type=$typecode";
|
|
}
|
|
} else {
|
|
$uri->path .= '%3B' . $type;
|
|
}
|
|
$uri->path = str_replace(';', '%3B', $uri->path);
|
|
$uri->path .= $type_ret;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|