1 : <?php
2 :
3 : /**
4 : * Validates a number as defined by the CSS spec.
5 : */
6 1 : class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
7 : {
8 :
9 : /**
10 : * Bool indicating whether or not only positive values allowed.
11 : */
12 : protected $non_negative = false;
13 :
14 : /**
15 : * @param $non_negative Bool indicating whether negatives are forbidden
16 : */
17 : public function __construct($non_negative = false) {
18 : $this->non_negative = $non_negative;
19 : }
20 :
21 : /**
22 : * @warning Some contexts do not pass $config, $context. These
23 : * variables should not be used without checking HTMLPurifier_Length
24 : */
25 : public function validate($number, $config, $context) {
26 :
27 0 : $number = $this->parseCDATA($number);
28 :
29 0 : if ($number === '') return false;
30 0 : if ($number === '0') return '0';
31 :
32 0 : $sign = '';
33 0 : switch ($number[0]) {
34 0 : case '-':
35 0 : if ($this->non_negative) return false;
36 0 : $sign = '-';
37 0 : case '+':
38 0 : $number = substr($number, 1);
39 0 : }
40 :
41 0 : if (ctype_digit($number)) {
42 0 : $number = ltrim($number, '0');
43 0 : return $number ? $sign . $number : '0';
44 : }
45 :
46 : // Period is the only non-numeric character allowed
47 0 : if (strpos($number, '.') === false) return false;
48 :
49 0 : list($left, $right) = explode('.', $number, 2);
50 :
51 0 : if ($left === '' && $right === '') return false;
52 0 : if ($left !== '' && !ctype_digit($left)) return false;
53 :
54 0 : $left = ltrim($left, '0');
55 0 : $right = rtrim($right, '0');
56 :
57 0 : if ($right === '') {
58 0 : return $left ? $sign . $left : '0';
59 0 : } elseif (!ctype_digit($right)) {
60 0 : return false;
61 : }
62 :
63 0 : return $sign . $left . '.' . $right;
64 :
65 : }
66 :
67 : }
68 :
|