1 : <?php
2 :
3 : /**
4 : * Validates the HTML attribute ID.
5 : * @warning Even though this is the id processor, it
6 : * will ignore the directive Attr:IDBlacklist, since it will only
7 : * go according to the ID accumulator. Since the accumulator is
8 : * automatically generated, it will have already absorbed the
9 : * blacklist. If you're hacking around, make sure you use load()!
10 : */
11 :
12 1 : class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
13 : {
14 :
15 : // ref functionality disabled, since we also have to verify
16 : // whether or not the ID it refers to exists
17 :
18 : public function validate($id, $config, $context) {
19 :
20 1 : if (!$config->get('Attr', 'EnableID')) return false;
21 :
22 1 : $id = trim($id); // trim it first
23 :
24 1 : if ($id === '') return false;
25 :
26 1 : $prefix = $config->get('Attr', 'IDPrefix');
27 1 : if ($prefix !== '') {
28 0 : $prefix .= $config->get('Attr', 'IDPrefixLocal');
29 : // prevent re-appending the prefix
30 0 : if (strpos($id, $prefix) !== 0) $id = $prefix . $id;
31 1 : } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') {
32 0 : trigger_error('%Attr.IDPrefixLocal cannot be used unless '.
33 0 : '%Attr.IDPrefix is set', E_USER_WARNING);
34 0 : }
35 :
36 : //if (!$this->ref) {
37 1 : $id_accumulator =& $context->get('IDAccumulator');
38 1 : if (isset($id_accumulator->ids[$id])) return false;
39 : //}
40 :
41 : // we purposely avoid using regex, hopefully this is faster
42 :
43 1 : if (ctype_alpha($id)) {
44 1 : $result = true;
45 1 : } else {
46 0 : if (!ctype_alpha(@$id[0])) return false;
47 0 : $trim = trim( // primitive style of regexps, I suppose
48 0 : $id,
49 : 'A..Za..z0..9:-._'
50 0 : );
51 0 : $result = ($trim === '');
52 : }
53 :
54 1 : $regexp = $config->get('Attr', 'IDBlacklistRegexp');
55 1 : if ($regexp && preg_match($regexp, $id)) {
56 0 : return false;
57 : }
58 :
59 1 : if (/*!$this->ref && */$result) $id_accumulator->add($id);
60 :
61 : // if no change was made to the ID, return the result
62 : // else, return the new id if stripping whitespace made it
63 : // valid, or return false.
64 1 : return $result ? $id : false;
65 :
66 : }
67 :
68 : }
69 :
|