1<?php 2 3/** 4 * Validates an integer representation of pixels according to the HTML spec. 5 */ 6class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef 7{ 8 9 /** 10 * @type int 11 */ 12 protected $max; 13 14 /** 15 * @param int $max 16 */ 17 public function __construct($max = null) 18 { 19 $this->max = $max; 20 } 21 22 /** 23 * @param string $string 24 * @param HTMLPurifier_Config $config 25 * @param HTMLPurifier_Context $context 26 * @return bool|string 27 */ 28 public function validate($string, $config, $context) 29 { 30 $string = trim($string); 31 if ($string === '0') { 32 return $string; 33 } 34 if ($string === '') { 35 return false; 36 } 37 $length = strlen($string); 38 if (substr($string, $length - 2) == 'px') { 39 $string = substr($string, 0, $length - 2); 40 } 41 if (!is_numeric($string)) { 42 return false; 43 } 44 $int = (int)$string; 45 46 if ($int < 0) { 47 return '0'; 48 } 49 50 // upper-bound value, extremely high values can 51 // crash operating systems, see <http://ha.ckers.org/imagecrash.html> 52 // WARNING, above link WILL crash you if you're using Windows 53 54 if ($this->max !== null && $int > $this->max) { 55 return (string)$this->max; 56 } 57 return (string)$int; 58 } 59 60 /** 61 * @param string $string 62 * @return HTMLPurifier_AttrDef 63 */ 64 public function make($string) 65 { 66 if ($string === '') { 67 $max = null; 68 } else { 69 $max = (int)$string; 70 } 71 $class = get_class($this); 72 return new $class($max); 73 } 74} 75 76// vim: et sw=4 sts=4 77