MyOOS [Shopsystem] is Free Software released under the GNU/GPL License.
Webmaster: info@r23.de (Impressum)
00001 <?php 00002 00012 class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI 00013 { 00014 00015 public function __construct() { 00016 parent::__construct(true); // always embedded 00017 } 00018 00019 public function validate($uri_string, $config, $context) { 00020 // parse the URI out of the string and then pass it onto 00021 // the parent object 00022 00023 $uri_string = $this->parseCDATA($uri_string); 00024 if (strpos($uri_string, 'url(') !== 0) return false; 00025 $uri_string = substr($uri_string, 4); 00026 $new_length = strlen($uri_string) - 1; 00027 if ($uri_string[$new_length] != ')') return false; 00028 $uri = trim(substr($uri_string, 0, $new_length)); 00029 00030 if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) { 00031 $quote = $uri[0]; 00032 $new_length = strlen($uri) - 1; 00033 if ($uri[$new_length] !== $quote) return false; 00034 $uri = substr($uri, 1, $new_length - 1); 00035 } 00036 00037 $keys = array( '(', ')', ',', ' ', '"', "'"); 00038 $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'"); 00039 $uri = str_replace($values, $keys, $uri); 00040 00041 $result = parent::validate($uri, $config, $context); 00042 00043 if ($result === false) return false; 00044 00045 // escape necessary characters according to CSS spec 00046 // except for the comma, none of these should appear in the 00047 // URI at all 00048 $result = str_replace($keys, $values, $result); 00049 00050 return "url($result)"; 00051 00052 } 00053 00054 } 00055 00056 // vim: et sw=4 sts=4
| Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved. MyOOS [Shopsystem] is Free Software released under the GNU/GPL License. Webmaster: info@r23.de (Impressum) |
|