3
class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
5
public $name = 'Munge';
7
private $target, $parser, $doEmbed, $secretKey;
9
protected $replace = array();
11
public function prepare($config) {
12
$this->target = $config->get('URI.' . $this->name);
13
$this->parser = new HTMLPurifier_URIParser();
14
$this->doEmbed = $config->get('URI.MungeResources');
15
$this->secretKey = $config->get('URI.MungeSecretKey');
18
public function filter(&$uri, $config, $context) {
19
if ($context->get('EmbeddedURI', true) && !$this->doEmbed) return true;
21
$scheme_obj = $uri->getSchemeObj($config, $context);
22
if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
23
if (!$scheme_obj->browsable) return true; // ignore non-browseable schemes, since we can't munge those in a reasonable way
24
if ($uri->isBenign($config, $context)) return true; // don't redirect if a benign URL
26
$this->makeReplace($uri, $config, $context);
27
$this->replace = array_map('rawurlencode', $this->replace);
29
$new_uri = strtr($this->target, $this->replace);
30
$new_uri = $this->parser->parse($new_uri);
31
// don't redirect if the target host is the same as the
33
if ($uri->host === $new_uri->host) return true;
34
$uri = $new_uri; // overwrite
38
protected function makeReplace($uri, $config, $context) {
39
$string = $uri->toString();
41
$this->replace['%s'] = $string;
42
$this->replace['%r'] = $context->get('EmbeddedURI', true);
43
$token = $context->get('CurrentToken', true);
44
$this->replace['%n'] = $token ? $token->name : null;
45
$this->replace['%m'] = $context->get('CurrentAttr', true);
46
$this->replace['%p'] = $context->get('CurrentCSSProperty', true);
47
// not always available
48
if ($this->secretKey) $this->replace['%t'] = sha1($this->secretKey . ':' . $string);
3
class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
8
public $name = 'Munge';
21
* @type HTMLPurifier_URIParser
38
protected $replace = array();
41
* @param HTMLPurifier_Config $config
44
public function prepare($config)
46
$this->target = $config->get('URI.' . $this->name);
47
$this->parser = new HTMLPurifier_URIParser();
48
$this->doEmbed = $config->get('URI.MungeResources');
49
$this->secretKey = $config->get('URI.MungeSecretKey');
50
if ($this->secretKey && !function_exists('hash_hmac')) {
51
throw new Exception("Cannot use %URI.MungeSecretKey without hash_hmac support.");
57
* @param HTMLPurifier_URI $uri
58
* @param HTMLPurifier_Config $config
59
* @param HTMLPurifier_Context $context
62
public function filter(&$uri, $config, $context)
64
if ($context->get('EmbeddedURI', true) && !$this->doEmbed) {
68
$scheme_obj = $uri->getSchemeObj($config, $context);
71
} // ignore unknown schemes, maybe another postfilter did it
72
if (!$scheme_obj->browsable) {
74
} // ignore non-browseable schemes, since we can't munge those in a reasonable way
75
if ($uri->isBenign($config, $context)) {
77
} // don't redirect if a benign URL
79
$this->makeReplace($uri, $config, $context);
80
$this->replace = array_map('rawurlencode', $this->replace);
82
$new_uri = strtr($this->target, $this->replace);
83
$new_uri = $this->parser->parse($new_uri);
84
// don't redirect if the target host is the same as the
86
if ($uri->host === $new_uri->host) {
89
$uri = $new_uri; // overwrite
94
* @param HTMLPurifier_URI $uri
95
* @param HTMLPurifier_Config $config
96
* @param HTMLPurifier_Context $context
98
protected function makeReplace($uri, $config, $context)
100
$string = $uri->toString();
102
$this->replace['%s'] = $string;
103
$this->replace['%r'] = $context->get('EmbeddedURI', true);
104
$token = $context->get('CurrentToken', true);
105
$this->replace['%n'] = $token ? $token->name : null;
106
$this->replace['%m'] = $context->get('CurrentAttr', true);
107
$this->replace['%p'] = $context->get('CurrentCSSProperty', true);
108
// not always available
109
if ($this->secretKey) {
110
$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
115
// vim: et sw=4 sts=4