[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Validates file as defined by RFC 1630 and RFC 1738.
   5   */
   6  class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
   7  {
   8      /**
   9       * Generally file:// URLs are not accessible from most
  10       * machines, so placing them as an img src is incorrect.
  11       * @type bool
  12       */
  13      public $browsable = false;
  14  
  15      /**
  16       * Basically the *only* URI scheme for which this is true, since
  17       * accessing files on the local machine is very common.  In fact,
  18       * browsers on some operating systems don't understand the
  19       * authority, though I hear it is used on Windows to refer to
  20       * network shares.
  21       * @type bool
  22       */
  23      public $may_omit_host = true;
  24  
  25      /**
  26       * @param HTMLPurifier_URI $uri
  27       * @param HTMLPurifier_Config $config
  28       * @param HTMLPurifier_Context $context
  29       * @return bool
  30       */
  31      public function doValidate(&$uri, $config, $context)
  32      {
  33          // Authentication method is not supported
  34          $uri->userinfo = null;
  35          // file:// makes no provisions for accessing the resource
  36          $uri->port = null;
  37          // While it seems to work on Firefox, the querystring has
  38          // no possible effect and is thus stripped.
  39          $uri->query = null;
  40          return true;
  41      }
  42  }
  43  
  44  // vim: et sw=4 sts=4