1<?php 2 3/** 4 * Validates file as defined by RFC 1630 and RFC 1738. 5 */ 6class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme 7{ 8 /** 9 * Generally file:// URLs are not accessible from most 10 * machines, so placing them as an img src is incorrect. 11 * @type bool 12 */ 13 public $browsable = false; 14 15 /** 16 * Basically the *only* URI scheme for which this is true, since 17 * accessing files on the local machine is very common. In fact, 18 * browsers on some operating systems don't understand the 19 * authority, though I hear it is used on Windows to refer to 20 * network shares. 21 * @type bool 22 */ 23 public $may_omit_host = true; 24 25 /** 26 * @param HTMLPurifier_URI $uri 27 * @param HTMLPurifier_Config $config 28 * @param HTMLPurifier_Context $context 29 * @return bool 30 */ 31 public function doValidate(&$uri, $config, $context) 32 { 33 // Authentication method is not supported 34 $uri->userinfo = null; 35 // file:// makes no provisions for accessing the resource 36 $uri->port = null; 37 // While it seems to work on Firefox, the querystring has 38 // no possible effect and is thus stripped. 39 $uri->query = null; 40 return true; 41 } 42} 43 44// vim: et sw=4 sts=4 45