fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-23 13:19:56 +09:00
Code Issues Projects Releases Packages Wiki Activity

HTMLPurifier update

Browse source 
약간 커스텀 된 부분 모두 반영.
File lock 부분과 htmlspecialchars 부분.
This commit is contained in:
MinSoo Kim 2016-01-02 11:55:54 +09:00
parent ae7cbf51c0
commit 2957f8cebe
242 changed files with 11737 additions and 5915 deletions
Download patch file Download diff file Expand all files Collapse all files

38
classes/security/htmlpurifier/library/HTMLPurifier/URIScheme/file.php
View file

@ -3,30 +3,42 @@
/**
* Validates file as defined by RFC 1630 and RFC 1738.
*/
class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme {
// Generally file:// URLs are not accessible from most
// machines, so placing them as an img src is incorrect.
class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
{
/**
* Generally file:// URLs are not accessible from most
* machines, so placing them as an img src is incorrect.
* @type bool
*/
public $browsable = false;
// Basically the *only* URI scheme for which this is true, since
// accessing files on the local machine is very common. In fact,
// browsers on some operating systems don't understand the
// authority, though I hear it is used on Windows to refer to
// network shares.
/**
* Basically the *only* URI scheme for which this is true, since
* accessing files on the local machine is very common. In fact,
* browsers on some operating systems don't understand the
* authority, though I hear it is used on Windows to refer to
* network shares.
* @type bool
*/
public $may_omit_host = true;
public function doValidate(&$uri, $config, $context) {
/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function doValidate(&$uri, $config, $context)
{
// Authentication method is not supported
$uri->userinfo = null;
// file:// makes no provisions for accessing the resource
$uri->port = null;
$uri->port = null;
// While it seems to work on Firefox, the querystring has
// no possible effect and is thus stripped.
$uri->query = null;
$uri->query = null;
return true;
}
}
// vim: et sw=4 sts=4