* @link http://www.yiiframework.com/ * @copyright 2008-2013 Yii Software LLC * @license http://www.yiiframework.com/license/ */ /** * CUrlValidator validates that the attribute value is a valid http or https URL. * * @author Qiang Xue * @package system.validators * @since 1.0 */ class CUrlValidator extends CValidator { /** * @var string the regular expression used to validate the attribute value. * Since version 1.1.7 the pattern may contain a {schemes} token that will be replaced * by a regular expression which represents the {@see validSchemes}. */ public $pattern='/^{schemes}:\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)/i'; /** * @var array list of URI schemes which should be considered valid. By default, http and https * are considered to be valid schemes. * @since 1.1.7 **/ public $validSchemes=array('http','https'); /** * @var string the default URI scheme. If the input doesn't contain the scheme part, the default * scheme will be prepended to it (thus changing the input). Defaults to null, meaning a URL must * contain the scheme part. * @since 1.1.7 **/ public $defaultScheme; /** * @var boolean whether the attribute value can be null or empty. Defaults to true, * meaning that if the attribute is empty, it is considered valid. */ public $allowEmpty=true; /** * @var boolean whether validation process should care about IDN (internationalized domain names). Default * value is false which means that validation of URLs containing IDN will always fail. * @since 1.1.13 */ public $validateIDN=false; /** * Validates the attribute of the object. * If there is any error, the error message is added to the object. * @param CModel $object the object being validated * @param string $attribute the attribute being validated */ protected function validateAttribute($object,$attribute) { $value=$object->$attribute; if($this->allowEmpty && $this->isEmpty($value)) return; if(($value=$this->validateValue($value))!==false) $object->$attribute=$value; else { $message=$this->message!==null?$this->message:Yii::t('yii','{attribute} is not a valid URL.'); $this->addError($object,$attribute,$message); } } /** * Validates a static value to see if it is a valid URL. * Note that this method does not respect {@link allowEmpty} property. * This method is provided so that you can call it directly without going through the model validation rule mechanism. * @param string $value the value to be validated * @return mixed false if the the value is not a valid URL, otherwise the possibly modified value ({@see defaultScheme}) * @since 1.1.1 */ public function validateValue($value) { if(is_string($value) && strlen($value)<2000) // make sure the length is limited to avoid DOS attacks { if($this->defaultScheme!==null && strpos($value,'://')===false) $value=$this->defaultScheme.'://'.$value; if($this->validateIDN) $value=$this->encodeIDN($value); if(strpos($this->pattern,'{schemes}')!==false) $pattern=str_replace('{schemes}','('.implode('|',$this->validSchemes).')',$this->pattern); else $pattern=$this->pattern; if(preg_match($pattern,$value)) return $this->validateIDN ? $this->decodeIDN($value) : $value; } return false; } /** * Returns the JavaScript needed for performing client-side validation. * @param CModel $object the data object being validated * @param string $attribute the name of the attribute to be validated. * @return string the client-side validation script. * @see CActiveForm::enableClientValidation * @since 1.1.7 */ public function clientValidateAttribute($object,$attribute) { if($this->validateIDN) { Yii::app()->getClientScript()->registerCoreScript('punycode'); // punycode.js works only with the domains - so we have to extract it before punycoding $validateIDN=' var info = value.match(/^(.+:\/\/|)([^/]+)/); if (info) value = info[1] + punycode.toASCII(info[2]); '; } else $validateIDN=''; $message=$this->message!==null ? $this->message : Yii::t('yii','{attribute} is not a valid URL.'); $message=strtr($message, array( '{attribute}'=>$object->getAttributeLabel($attribute), )); if(strpos($this->pattern,'{schemes}')!==false) $pattern=str_replace('{schemes}','('.implode('|',$this->validSchemes).')',$this->pattern); else $pattern=$this->pattern; $js=" $validateIDN if(!value.match($pattern)) { messages.push(".CJSON::encode($message)."); } "; if($this->defaultScheme!==null) { $js=" if(!value.match(/:\\/\\//)) { value=".CJSON::encode($this->defaultScheme)."+'://'+value; } $js "; } if($this->allowEmpty) { $js=" if(jQuery.trim(value)!='') { $js } "; } return $js; } /** * Converts given IDN to the punycode. * @param string $value IDN to be converted. * @return string resulting punycode. * @since 1.1.13 */ private function encodeIDN($value) { if(preg_match_all('/^(.*):\/\/([^\/]+)(.*)$/',$value,$matches)) { if(function_exists('idn_to_ascii')) $value=$matches[1][0].'://'.idn_to_ascii($matches[2][0]).$matches[3][0]; else { require_once(Yii::getPathOfAlias('system.vendors.Net_IDNA2.Net').DIRECTORY_SEPARATOR.'IDNA2.php'); $idna=new Net_IDNA2(); $value=$matches[1][0].'://'.@$idna->encode($matches[2][0]).$matches[3][0]; } } return $value; } /** * Converts given punycode to the IDN. * @param string $value punycode to be converted. * @return string resulting IDN. * @since 1.1.13 */ private function decodeIDN($value) { if(preg_match_all('/^(.*):\/\/([^\/]+)(.*)$/',$value,$matches)) { if(function_exists('idn_to_utf8')) $value=$matches[1][0].'://'.idn_to_utf8($matches[2][0]).$matches[3][0]; else { require_once(Yii::getPathOfAlias('system.vendors.Net_IDNA2.Net').DIRECTORY_SEPARATOR.'IDNA2.php'); $idna=new Net_IDNA2(); $value=$matches[1][0].'://'.@$idna->decode($matches[2][0]).$matches[3][0]; } } return $value; } }