mirror of
https://github.com/smogon/pokemon-showdown-client.git
synced 2026-05-06 05:26:21 -05:00
2105dc8e57
Closes #1567 The main reason I'm not simply merging Annika's PR is because this way makes it clearer that I'm taking responsibility for all this code, that it's mostly code I wrote, and also because it makes it easier to ensure that none of the files have been changed. (Not that I don't personally trust Annika, but I have something resembling an obligation to users not to expose them to risks based on personal trust.)
33 lines
1.0 KiB
PHP
33 lines
1.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Validates file as defined by RFC 1630 and RFC 1738.
|
|
*/
|
|
class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme {
|
|
|
|
// Generally file:// URLs are not accessible from most
|
|
// machines, so placing them as an img src is incorrect.
|
|
public $browsable = false;
|
|
|
|
// Basically the *only* URI scheme for which this is true, since
|
|
// accessing files on the local machine is very common. In fact,
|
|
// browsers on some operating systems don't understand the
|
|
// authority, though I hear it is used on Windows to refer to
|
|
// network shares.
|
|
public $may_omit_host = true;
|
|
|
|
public function doValidate(&$uri, $config, $context) {
|
|
// Authentication method is not supported
|
|
$uri->userinfo = null;
|
|
// file:// makes no provisions for accessing the resource
|
|
$uri->port = null;
|
|
// While it seems to work on Firefox, the querystring has
|
|
// no possible effect and is thus stripped.
|
|
$uri->query = null;
|
|
return true;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|