[Summary view] [Print] [Text view]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Extra classes needed for HTMLPurifier customisation for Moodle.
  19   *
  20   * @package    core
  21   * @copyright  2012 Petr Skoda {@link http://skodak.org}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL 3 or later
  23   */
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  
  28  /**
  29   * Validates RTSP defined by RFC 2326
  30   */
  31  class HTMLPurifier_URIScheme_rtsp extends HTMLPurifier_URIScheme {
  32  
  33      public $browsable = true;
  34      public $hierarchical = true;
  35  
  36      public function doValidate(&$uri, $config, $context) {
  37          $uri->userinfo = null;
  38          return true;
  39      }
  40  
  41  }
  42  
  43  
  44  /**
  45   * Validates RTMP defined by Adobe
  46   */
  47  class HTMLPurifier_URIScheme_rtmp extends HTMLPurifier_URIScheme {
  48  
  49      public $browsable = false;
  50      public $hierarchical = true;
  51  
  52      public function doValidate(&$uri, $config, $context) {
  53          $uri->userinfo = null;
  54          return true;
  55      }
  56  
  57  }
  58  
  59  
  60  /**
  61   * Validates IRC defined by IETF Draft
  62   */
  63  class HTMLPurifier_URIScheme_irc extends HTMLPurifier_URIScheme {
  64  
  65      public $browsable = true;
  66      public $hierarchical = true;
  67  
  68      public function doValidate(&$uri, $config, $context) {
  69          $uri->userinfo = null;
  70          return true;
  71      }
  72  
  73  }
  74  
  75  
  76  /**
  77   * Validates MMS defined by Microsoft
  78   */
  79  class HTMLPurifier_URIScheme_mms extends HTMLPurifier_URIScheme {
  80  
  81      public $browsable = true;
  82      public $hierarchical = true;
  83  
  84      public function doValidate(&$uri, $config, $context) {
  85          $uri->userinfo = null;
  86          return true;
  87      }
  88  
  89  }
  90  
  91  
  92  /**
  93   * Validates Gopher defined by RFC 4266
  94   */
  95  class HTMLPurifier_URIScheme_gopher extends HTMLPurifier_URIScheme {
  96  
  97      public $browsable = true;
  98      public $hierarchical = true;
  99  
 100      public function doValidate(&$uri, $config, $context) {
 101          $uri->userinfo = null;
 102          return true;
 103      }
 104  
 105  }
 106  
 107  
 108  /**
 109   * Validates TeamSpeak defined by TeamSpeak
 110   */
 111  class HTMLPurifier_URIScheme_teamspeak extends HTMLPurifier_URIScheme {
 112  
 113      public $browsable = true;
 114      public $hierarchical = true;
 115  
 116      public function doValidate(&$uri, $config, $context) {
 117          $uri->userinfo = null;
 118          return true;
 119      }
 120  
 121  }
 122  
 123  /**
 124   * A custom HTMLPurifier transformation. Adds rel="noreferrer" to all links with target="_blank".
 125   *
 126   * @package core
 127   * @copyright Cameron Ball
 128   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 129   */
 130  class HTMLPurifier_AttrTransform_Noreferrer extends HTMLPurifier_AttrTransform {
 131      /** @var HTMLPurifier_URIParser $parser */
 132      private $parser;
 133  
 134      /**
 135       * Constructor.
 136       */
 137      public function __construct() {
 138          $this->parser = new HTMLPurifier_URIParser();
 139      }
 140  
 141      /**
 142       * Transforms a tags such that when a target attribute is present, rel="noreferrer" is added.
 143       *
 144       * Note that this will not respect Attr.AllowedRel
 145       *
 146       * @param array $attr Assoc array of attributes, usually from
 147       *              HTMLPurifier_Token_Tag::$attr
 148       * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
 149       * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object
 150       * @return array Processed attribute array.
 151       */
 152      public function transform($attr, $config, $context) {
 153          // Nothing to do If we already have noreferrer in the rel attribute
 154          if (!empty($attr['rel']) && substr($attr['rel'], 'noreferrer') !== false) {
 155              return $attr;
 156          }
 157  
 158          // If _blank target attribute exists, add rel=noreferrer
 159          if (!empty($attr['target']) && $attr['target'] == '_blank') {
 160              $attr['rel'] = !empty($attr['rel']) ? $attr['rel'] . ' noreferrer' : 'noreferrer';
 161          }
 162  
 163          return $attr;
 164      }
 165  }
 166  
 167  /**
 168   * A custom HTMLPurifier module to add rel="noreferrer" attributes a tags.
 169   *
 170   * @package    core
 171   * @copyright  Cameron Ball
 172   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 173   */
 174  class HTMLPurifier_HTMLModule_Noreferrer extends HTMLPurifier_HTMLModule {
 175      /** @var string $name */
 176      public $name = 'Noreferrer';
 177  
 178      /**
 179       * Module setup
 180       *
 181       * @param HTMLPurifier_Config $config
 182       */
 183      public function setup($config) {
 184          $a = $this->addBlankElement('a');
 185          $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Noreferrer();
 186      }
 187  }