��ѧۧݧ�ӧ�� ާ֧ߧ֧էا֧�

��ѧۧݧ�ӧ�� ާ֧ߧ֧էا֧� - ��֧էѧܧ�ڧ��ӧѧ�� - /home3/cpr76684/public_html/URIScheme.tar

��ѧ٧ѧ�
https.php��0000644��00000000452�15152206501�0006415 0��ustar�00��<?php /** * Validates https (Secure HTTP) according to http scheme. / class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http { /* * @type int / public $default_port = 443; /* * @type bool / public $secure = true; } // vim: et sw=4 sts=4 ��data.php��0000644��00000010416�15152206501�0006165 0��ustar�00��<?php /* * Implements data: URI for base64 encoded images supported by GD. / class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme { /* * @type bool / public $browsable = true; /* * @type array / public $allowed_types = array( // you better write validation code for other types if you // decide to allow them 'image/jpeg' => true, 'image/gif' => true, 'image/png' => true, ); // this is actually irrelevant since we only write out the path // component /* * @type bool / public $may_omit_host = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $result = explode(',', $uri->path, 2); $is_base64 = false; $charset = null; $content_type = null; if (count($result) == 2) { list($metadata, $data) = $result; // do some legwork on the metadata $metas = explode(';', $metadata); while (!empty($metas)) { $cur = array_shift($metas); if ($cur == 'base64') { $is_base64 = true; break; } if (substr($cur, 0, 8) == 'charset=') { // doesn't match if there are arbitrary spaces, but // whatever dude if ($charset !== null) { continue; } // garbage $charset = substr($cur, 8); // not used } else { if ($content_type !== null) { continue; } // garbage $content_type = $cur; } } } else { $data = $result[0]; } if ($content_type !== null && empty($this->allowed_types[$content_type])) { return false; } if ($charset !== null) { // error; we don't allow plaintext stuff $charset = null; } $data = rawurldecode($data); if ($is_base64) { $raw_data = base64_decode($data); } else { $raw_data = $data; } if ( strlen($raw_data) < 12 ) { // error; exif_imagetype throws exception with small files, // and this likely indicates a corrupt URI/failed parse anyway return false; } // XXX probably want to refactor this into a general mechanism // for filtering arbitrary content types if (function_exists('sys_get_temp_dir')) { $file = tempnam(sys_get_temp_dir(), ""); } else { $file = tempnam("/tmp", ""); } file_put_contents($file, $raw_data); if (function_exists('exif_imagetype')) { $image_code = exif_imagetype($file); unlink($file); } elseif (function_exists('getimagesize')) { set_error_handler(array($this, 'muteErrorHandler')); $info = getimagesize($file); restore_error_handler(); unlink($file); if ($info == false) { return false; } $image_code = $info[2]; } else { trigger_error("could not find exif_imagetype or getimagesize functions", E_USER_ERROR); } $real_content_type = image_type_to_mime_type($image_code); if ($real_content_type != $content_type) { // we're nice guys; if the content type is something else we // support, change it over if (empty($this->allowed_types[$real_content_type])) { return false; } $content_type = $real_content_type; } // ok, it's kosher, rewrite what we need $uri->userinfo = null; $uri->host = null; $uri->port = null; $uri->fragment = null; $uri->query = null; $uri->path = "$content_type;base64," . base64_encode($raw_data); return true; } /* * @param int $errno * @param string $errstr / public function muteErrorHandler($errno, $errstr) { } } ��mailto.php��0000644��00000001575�15152206501�0006547 0��ustar�00��<?php // VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the // email is valid, but be careful! /* * Validates mailto (for E-mail) according to RFC 2368 * @todo Validate the email address * @todo Filter allowed query parameters / class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme { /* * @type bool / public $browsable = false; /* * @type bool / public $may_omit_host = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->host = null; $uri->port = null; // we need to validate path against RFC 2368's addr-spec return true; } } // vim: et sw=4 sts=4 ��nntp.php��0000644��00000001164�15152206501�0006233 0��ustar�00��<?php /* * Validates nntp (Network News Transfer Protocol) as defined by generic RFC 1738 / class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme { /* * @type int / public $default_port = 119; /* * @type bool / public $browsable = false; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->query = null; return true; } } // vim: et sw=4 sts=4 ��news.php��0000644��00000001276�15152206501�0006234 0��ustar�00��<?php /* * Validates news (Usenet) as defined by generic RFC 1738 / class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme { /* * @type bool / public $browsable = false; /* * @type bool / public $may_omit_host = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->host = null; $uri->port = null; $uri->query = null; // typecode check needed on path return true; } } // vim: et sw=4 sts=4 ��tel.php��0000644��00000002230�15152206501�0006033 0��ustar�00��<?php /* * Validates tel (for phone numbers). * * The relevant specifications for this protocol are RFC 3966 and RFC 5341, * but this class takes a much simpler approach: we normalize phone * numbers so that they only include (possibly) a leading plus, * and then any number of digits and x'es. / class HTMLPurifier_URIScheme_tel extends HTMLPurifier_URIScheme { /* * @type bool / public $browsable = false; /* * @type bool / public $may_omit_host = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; $uri->host = null; $uri->port = null; // Delete all non-numeric characters, non-x characters // from phone number, EXCEPT for a leading plus sign. $uri->path = preg_replace('/(?!^\+)[^\dx]/', '', // Normalize e(x)tension to lower-case str_replace('X', 'x', $uri->path)); return true; } } // vim: et sw=4 sts=4 ��http.php��0000644��00000001217�15152206501�0006232 0��ustar�00��<?php /* * Validates http (HyperText Transfer Protocol) as defined by RFC 2616 / class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme { /* * @type int / public $default_port = 80; /* * @type bool / public $browsable = true; /* * @type bool / public $hierarchical = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->userinfo = null; return true; } } // vim: et sw=4 sts=4 ��ftp.php��0000644��00000003156�15152206501�0006050 0��ustar�00��<?php /* * Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738. / class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme { /* * @type int / public $default_port = 21; /* * @type bool / public $browsable = true; // usually /* * @type bool / public $hierarchical = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool / public function doValidate(&$uri, $config, $context) { $uri->query = null; // typecode check $semicolon_pos = strrpos($uri->path, ';'); // reverse if ($semicolon_pos !== false) { $type = substr($uri->path, $semicolon_pos + 1); // no semicolon $uri->path = substr($uri->path, 0, $semicolon_pos); $type_ret = ''; if (strpos($type, '=') !== false) { // figure out whether or not the declaration is correct list($key, $typecode) = explode('=', $type, 2); if ($key !== 'type') { // invalid key, tack it back on encoded $uri->path .= '%3B' . $type; } elseif ($typecode === 'a' \|\| $typecode === 'i' \|\| $typecode === 'd') { $type_ret = ";type=$typecode"; } } else { $uri->path .= '%3B' . $type; } $uri->path = str_replace(';', '%3B', $uri->path); $uri->path .= $type_ret; } return true; } } // vim: et sw=4 sts=4 ��file.php��0000644��00000002374�15152206501�0006177 0��ustar�00��<?php /* * Validates file as defined by RFC 1630 and RFC 1738. / class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme { /* * Generally file:// URLs are not accessible from most * machines, so placing them as an img src is incorrect. * @type bool / public $browsable = false; /* * Basically the only URI scheme for which this is true, since * accessing files on the local machine is very common. In fact, * browsers on some operating systems don't understand the * authority, though I hear it is used on Windows to refer to * network shares. * @type bool / public $may_omit_host = true; /* * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool */ public function doValidate(&$uri, $config, $context) { // Authentication method is not supported $uri->userinfo = null; // file:// makes no provisions for accessing the resource $uri->port = null; // While it seems to work on Firefox, the querystring has // no possible effect and is thus stripped. $uri->query = null; return true; } } // vim: et sw=4 sts=4 ��

| ver. 1.4 | Github | . | PHP 7.4.33 | ��֧ߧ֧�ѧ�ڧ� ��ѧߧڧ��: 0 | proxy | phpinfo | ��ѧ��ۧܧ�