HTMLPurifier/URIFilter/Munge.php Quellcode

Munge.php
gehe zur Dokumentation dieser Datei
1 <?php
2 
3 class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
4 {
8  public $name = 'Munge';
9 
13  public $post = true;
14 
18  private $target;
19 
23  private $parser;
24 
28  private $doEmbed;
29 
33  private $secretKey;
34 
38  protected $replace = array();
39 
44  public function prepare($config)
45  {
46  $this->target = $config->get('URI.' . $this->name);
47  $this->parser = new HTMLPurifier_URIParser();
48  $this->doEmbed = $config->get('URI.MungeResources');
49  $this->secretKey = $config->get('URI.MungeSecretKey');
50  if ($this->secretKey && !function_exists('hash_hmac')) {
51  throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
52  }
53  return true;
54  }
55 
62  public function filter(&$uri, $config, $context)
63  {
64  if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
65  return true;
66  }
67 
68  $scheme_obj = $uri->getSchemeObj($config, $context);
69  if (!$scheme_obj) {
70  return true;
71  } // ignore unknown schemes, maybe another postfilter did it
72  if (!$scheme_obj->browsable) {
73  return true;
74  } // ignore non-browseable schemes, since we can't munge those in a reasonable way
75  if ($uri->isBenign($config, $context)) {
76  return true;
77  } // don't redirect if a benign URL
78 
79  $this->makeReplace($uri, $config, $context);
80  $this->replace = array_map('rawurlencode', $this->replace);
81 
82  $new_uri = strtr($this->target, $this->replace);
83  $new_uri = $this->parser->parse($new_uri);
84  // don't redirect if the target host is the same as the
85  // starting host
86  if ($uri->host === $new_uri->host) {
87  return true;
88  }
89  $uri = $new_uri; // overwrite
90  return true;
91  }
92 
98  protected function makeReplace($uri, $config, $context)
99  {
100  $string = $uri->toString();
101  // always available
102  $this->replace['%s'] = $string;
103  $this->replace['%r'] = $context->get('EmbeddedURI', true);
104  $token = $context->get('CurrentToken', true);
105  $this->replace['%n'] = $token ? $token->name : null;
106  $this->replace['%m'] = $context->get('CurrentAttr', true);
107  $this->replace['%p'] = $context->get('CurrentCSSProperty', true);
108  // not always available
109  if ($this->secretKey) {
110  $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
111  }
112  }
113 }
114 
115 // vim: et sw=4 sts=4




Korrekturen, Hinweise und Ergänzungen

Bitte scheuen Sie sich nicht und melden Sie, was auf dieser Seite sachlich falsch oder irreführend ist, was ergänzt werden sollte, was fehlt usw. Dazu bitte oben aus dem Menü Seite den Eintrag Support Forum wählen. Es ist eine kostenlose Anmeldung erforderlich, um Anmerkungen zu posten. Unpassende Postings, Spam usw. werden kommentarlos entfernt.
Erzeugt am Mon Aug 4 2014 17:54:18 für MyOOS [Die Shop-Lösung] von   doxygen 1.8.4