HTMLPurifier/URIScheme/data.php Quellcode

data.php
gehe zur Dokumentation dieser Datei
1 <?php
2 
7 {
11  public $browsable = true;
12 
16  public $allowed_types = array(
17  // you better write validation code for other types if you
18  // decide to allow them
19  'image/jpeg' => true,
20  'image/gif' => true,
21  'image/png' => true,
22  );
23  // this is actually irrelevant since we only write out the path
24  // component
28  public $may_omit_host = true;
29 
36  public function doValidate(&$uri, $config, $context)
37  {
38  $result = explode(',', $uri->path, 2);
39  $is_base64 = false;
40  $charset = null;
41  $content_type = null;
42  if (count($result) == 2) {
43  list($metadata, $data) = $result;
44  // do some legwork on the metadata
45  $metas = explode(';', $metadata);
46  while (!empty($metas)) {
47  $cur = array_shift($metas);
48  if ($cur == 'base64') {
49  $is_base64 = true;
50  break;
51  }
52  if (substr($cur, 0, 8) == 'charset=') {
53  // doesn't match if there are arbitrary spaces, but
54  // whatever dude
55  if ($charset !== null) {
56  continue;
57  } // garbage
58  $charset = substr($cur, 8); // not used
59  } else {
60  if ($content_type !== null) {
61  continue;
62  } // garbage
63  $content_type = $cur;
64  }
65  }
66  } else {
67  $data = $result[0];
68  }
69  if ($content_type !== null && empty($this->allowed_types[$content_type])) {
70  return false;
71  }
72  if ($charset !== null) {
73  // error; we don't allow plaintext stuff
74  $charset = null;
75  }
76  $data = rawurldecode($data);
77  if ($is_base64) {
78  $raw_data = base64_decode($data);
79  } else {
80  $raw_data = $data;
81  }
82  // XXX probably want to refactor this into a general mechanism
83  // for filtering arbitrary content types
84  $file = tempnam("/tmp", "");
85  file_put_contents($file, $raw_data);
86  if (function_exists('exif_imagetype')) {
87  $image_code = exif_imagetype($file);
88  unlink($file);
89  } elseif (function_exists('getimagesize')) {
90  set_error_handler(array($this, 'muteErrorHandler'));
91  $info = getimagesize($file);
92  restore_error_handler();
93  unlink($file);
94  if ($info == false) {
95  return false;
96  }
97  $image_code = $info[2];
98  } else {
99  trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR);
100  }
101  $real_content_type = image_type_to_mime_type($image_code);
102  if ($real_content_type != $content_type) {
103  // we're nice guys; if the content type is something else we
104  // support, change it over
105  if (empty($this->allowed_types[$real_content_type])) {
106  return false;
107  }
108  $content_type = $real_content_type;
109  }
110  // ok, it's kosher, rewrite what we need
111  $uri->userinfo = null;
112  $uri->host = null;
113  $uri->port = null;
114  $uri->fragment = null;
115  $uri->query = null;
116  $uri->path = "$content_type;base64," . base64_encode($raw_data);
117  return true;
118  }
119 
124  public function muteErrorHandler($errno, $errstr)
125  {
126  }
127 }




Korrekturen, Hinweise und Ergänzungen

Bitte scheuen Sie sich nicht und melden Sie, was auf dieser Seite sachlich falsch oder irreführend ist, was ergänzt werden sollte, was fehlt usw. Dazu bitte oben aus dem Menü Seite den Eintrag Support Forum wählen. Es ist eine kostenlose Anmeldung erforderlich, um Anmerkungen zu posten. Unpassende Postings, Spam usw. werden kommentarlos entfernt.