| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * @package s9e\TextFormatter 5 * @copyright Copyright (c) 2010-2019 The s9e Authors 6 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 7 */ 8 namespace s9e\TextFormatter\Parser\AttributeFilters; 9 use s9e\TextFormatter\Parser\Logger; 10 class UrlFilter 11 { 12 public static function filter($attrValue, array $urlConfig, Logger $logger = \null) 13 { 14 $p = self::parseUrl(\trim($attrValue)); 15 $error = self::validateUrl($urlConfig, $p); 16 if (!empty($error)) 17 { 18 if (isset($logger)) 19 { 20 $p['attrValue'] = $attrValue; 21 $logger->err($error, $p); 22 } 23 return \false; 24 } 25 return self::rebuildUrl($p); 26 } 27 protected static function parseUrl($url) 28 { 29 $regexp = '(^(?:([a-z][-+.\\w]*):)?(?://(?:([^:/?#]*)(?::([^/?#]*)?)?@)?(?:(\\[[a-f\\d:]+\\]|[^:/?#]+)(?::(\\d*))?)?(?![^/?#]))?([^?#]*)(\\?[^#]*)?(#.*)?$)Di'; 30 \preg_match($regexp, $url, $m); 31 $parts = []; 32 $tokens = ['scheme', 'user', 'pass', 'host', 'port', 'path', 'query', 'fragment']; 33 foreach ($tokens as $i => $name) 34 $parts[$name] = (isset($m[$i + 1])) ? $m[$i + 1] : ''; 35 $parts['scheme'] = \strtolower($parts['scheme']); 36 $parts['host'] = \rtrim(\preg_replace("/\xE3\x80\x82|\xEF(?:\xBC\x8E|\xBD\xA1)/s", '.', $parts['host']), '.'); 37 if (\preg_match('#[^[:ascii:]]#', $parts['host']) && \function_exists('idn_to_ascii')) 38 { 39 $variant = (\defined('INTL_IDNA_VARIANT_UTS46')) ? \INTL_IDNA_VARIANT_UTS46 : 0; 40 $parts['host'] = \idn_to_ascii($parts['host'], 0, $variant); 41 } 42 return $parts; 43 } 44 protected static function rebuildUrl(array $p) 45 { 46 $url = ''; 47 if ($p['scheme'] !== '') 48 $url .= $p['scheme'] . ':'; 49 if ($p['host'] === '') 50 { 51 if ($p['scheme'] === 'file') 52 $url .= '//'; 53 } 54 else 55 { 56 $url .= '//'; 57 if ($p['user'] !== '') 58 { 59 $url .= \rawurlencode(\urldecode($p['user'])); 60 if ($p['pass'] !== '') 61 $url .= ':' . \rawurlencode(\urldecode($p['pass'])); 62 $url .= '@'; 63 } 64 $url .= $p['host']; 65 if ($p['port'] !== '') 66 $url .= ':' . $p['port']; 67 } 68 $path = $p['path'] . $p['query'] . $p['fragment']; 69 $path = \preg_replace_callback( 70 '/%.?[a-f]/', 71 function ($m) 72 { 73 return \strtoupper($m[0]); 74 }, 75 $path 76 ); 77 $url .= self::sanitizeUrl($path); 78 if (!$p['scheme']) 79 $url = \preg_replace('#^([^/]*):#', '$1%3A', $url); 80 return $url; 81 } 82 public static function sanitizeUrl($url) 83 { 84 return \preg_replace_callback( 85 '/%(?![0-9A-Fa-f]{2})|[^!#-&*-;=?-Z_a-z]/S', 86 function ($m) 87 { 88 return \rawurlencode($m[0]); 89 }, 90 $url 91 ); 92 } 93 protected static function validateUrl(array $urlConfig, array $p) 94 { 95 if ($p['scheme'] !== '' && !\preg_match($urlConfig['allowedSchemes'], $p['scheme'])) 96 return 'URL scheme is not allowed'; 97 if ($p['host'] === '') 98 { 99 if ($p['scheme'] !== 'file' && $p['scheme'] !== '') 100 return 'Missing host'; 101 } 102 else 103 { 104 $regexp = '/^(?!-)[-a-z0-9]{0,62}[a-z0-9](?:\\.(?!-)[-a-z0-9]{0,62}[a-z0-9])*$/i'; 105 if (!\preg_match($regexp, $p['host'])) 106 if (!NetworkFilter::filterIpv4($p['host']) 107 && !NetworkFilter::filterIpv6(\preg_replace('/^\\[(.*)\\]$/', '$1', $p['host']))) 108 return 'URL host is invalid'; 109 if ((isset($urlConfig['disallowedHosts']) && \preg_match($urlConfig['disallowedHosts'], $p['host'])) 110 || (isset($urlConfig['restrictedHosts']) && !\preg_match($urlConfig['restrictedHosts'], $p['host']))) 111 return 'URL host is not allowed'; 112 } 113 } 114 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |