1<?php 2 3/** 4 * Validates contents based on NMTOKENS attribute type. 5 */ 6class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef 7{ 8 9 /** 10 * @param string $string 11 * @param HTMLPurifier_Config $config 12 * @param HTMLPurifier_Context $context 13 * @return bool|string 14 */ 15 public function validate($string, $config, $context) 16 { 17 $string = trim($string); 18 19 // early abort: '' and '0' (strings that convert to false) are invalid 20 if (!$string) { 21 return false; 22 } 23 24 $tokens = $this->split($string, $config, $context); 25 $tokens = $this->filter($tokens, $config, $context); 26 if (empty($tokens)) { 27 return false; 28 } 29 return implode(' ', $tokens); 30 } 31 32 /** 33 * Splits a space separated list of tokens into its constituent parts. 34 * @param string $string 35 * @param HTMLPurifier_Config $config 36 * @param HTMLPurifier_Context $context 37 * @return array 38 */ 39 protected function split($string, $config, $context) 40 { 41 // OPTIMIZABLE! 42 // do the preg_match, capture all subpatterns for reformulation 43 44 // we don't support U+00A1 and up codepoints or 45 // escaping because I don't know how to do that with regexps 46 // and plus it would complicate optimization efforts (you never 47 // see that anyway). 48 $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start 49 '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' . 50 '(?:(?=\s)|\z)/'; // look ahead for space or string end 51 preg_match_all($pattern, $string, $matches); 52 return $matches[1]; 53 } 54 55 /** 56 * Template method for removing certain tokens based on arbitrary criteria. 57 * @note If we wanted to be really functional, we'd do an array_filter 58 * with a callback. But... we're not. 59 * @param array $tokens 60 * @param HTMLPurifier_Config $config 61 * @param HTMLPurifier_Context $context 62 * @return array 63 */ 64 protected function filter($tokens, $config, $context) 65 { 66 return $tokens; 67 } 68} 69 70// vim: et sw=4 sts=4 71