1
0

205 lines
6.0 KiB
PHP

<?php
/**
* CUrlValidator class file.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.yiiframework.com/
* @copyright 2008-2013 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
/**
* CUrlValidator validates that the attribute value is a valid http or https URL.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @package system.validators
* @since 1.0
*/
class CUrlValidator extends CValidator
{
/**
* @var string the regular expression used to validate the attribute value.
* Since version 1.1.7 the pattern may contain a {schemes} token that will be replaced
* by a regular expression which represents the {@see validSchemes}.
*/
public $pattern='/^{schemes}:\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)/i';
/**
* @var array list of URI schemes which should be considered valid. By default, http and https
* are considered to be valid schemes.
* @since 1.1.7
**/
public $validSchemes=array('http','https');
/**
* @var string the default URI scheme. If the input doesn't contain the scheme part, the default
* scheme will be prepended to it (thus changing the input). Defaults to null, meaning a URL must
* contain the scheme part.
* @since 1.1.7
**/
public $defaultScheme;
/**
* @var boolean whether the attribute value can be null or empty. Defaults to true,
* meaning that if the attribute is empty, it is considered valid.
*/
public $allowEmpty=true;
/**
* @var boolean whether validation process should care about IDN (internationalized domain names). Default
* value is false which means that validation of URLs containing IDN will always fail.
* @since 1.1.13
*/
public $validateIDN=false;
/**
* Validates the attribute of the object.
* If there is any error, the error message is added to the object.
* @param CModel $object the object being validated
* @param string $attribute the attribute being validated
*/
protected function validateAttribute($object,$attribute)
{
$value=$object->$attribute;
if($this->allowEmpty && $this->isEmpty($value))
return;
if(($value=$this->validateValue($value))!==false)
$object->$attribute=$value;
else
{
$message=$this->message!==null?$this->message:Yii::t('yii','{attribute} is not a valid URL.');
$this->addError($object,$attribute,$message);
}
}
/**
* Validates a static value to see if it is a valid URL.
* Note that this method does not respect {@link allowEmpty} property.
* This method is provided so that you can call it directly without going through the model validation rule mechanism.
* @param string $value the value to be validated
* @return mixed false if the the value is not a valid URL, otherwise the possibly modified value ({@see defaultScheme})
* @since 1.1.1
*/
public function validateValue($value)
{
if(is_string($value) && strlen($value)<2000) // make sure the length is limited to avoid DOS attacks
{
if($this->defaultScheme!==null && strpos($value,'://')===false)
$value=$this->defaultScheme.'://'.$value;
if($this->validateIDN)
$value=$this->encodeIDN($value);
if(strpos($this->pattern,'{schemes}')!==false)
$pattern=str_replace('{schemes}','('.implode('|',$this->validSchemes).')',$this->pattern);
else
$pattern=$this->pattern;
if(preg_match($pattern,$value))
return $this->validateIDN ? $this->decodeIDN($value) : $value;
}
return false;
}
/**
* Returns the JavaScript needed for performing client-side validation.
* @param CModel $object the data object being validated
* @param string $attribute the name of the attribute to be validated.
* @return string the client-side validation script.
* @see CActiveForm::enableClientValidation
* @since 1.1.7
*/
public function clientValidateAttribute($object,$attribute)
{
if($this->validateIDN)
{
Yii::app()->getClientScript()->registerCoreScript('punycode');
// punycode.js works only with the domains - so we have to extract it before punycoding
$validateIDN='
var info = value.match(/^(.+:\/\/|)([^/]+)/);
if (info)
value = info[1] + punycode.toASCII(info[2]);
';
}
else
$validateIDN='';
$message=$this->message!==null ? $this->message : Yii::t('yii','{attribute} is not a valid URL.');
$message=strtr($message, array(
'{attribute}'=>$object->getAttributeLabel($attribute),
));
if(strpos($this->pattern,'{schemes}')!==false)
$pattern=str_replace('{schemes}','('.implode('|',$this->validSchemes).')',$this->pattern);
else
$pattern=$this->pattern;
$js="
$validateIDN
if(!value.match($pattern)) {
messages.push(".CJSON::encode($message).");
}
";
if($this->defaultScheme!==null)
{
$js="
if(!value.match(/:\\/\\//)) {
value=".CJSON::encode($this->defaultScheme)."+'://'+value;
}
$js
";
}
if($this->allowEmpty)
{
$js="
if(jQuery.trim(value)!='') {
$js
}
";
}
return $js;
}
/**
* Converts given IDN to the punycode.
* @param string $value IDN to be converted.
* @return string resulting punycode.
* @since 1.1.13
*/
private function encodeIDN($value)
{
if(preg_match_all('/^(.*):\/\/([^\/]+)(.*)$/',$value,$matches))
{
if(function_exists('idn_to_ascii'))
$value=$matches[1][0].'://'.idn_to_ascii($matches[2][0]).$matches[3][0];
else
{
require_once(Yii::getPathOfAlias('system.vendors.Net_IDNA2.Net').DIRECTORY_SEPARATOR.'IDNA2.php');
$idna=new Net_IDNA2();
$value=$matches[1][0].'://'.@$idna->encode($matches[2][0]).$matches[3][0];
}
}
return $value;
}
/**
* Converts given punycode to the IDN.
* @param string $value punycode to be converted.
* @return string resulting IDN.
* @since 1.1.13
*/
private function decodeIDN($value)
{
if(preg_match_all('/^(.*):\/\/([^\/]+)(.*)$/',$value,$matches))
{
if(function_exists('idn_to_utf8'))
$value=$matches[1][0].'://'.idn_to_utf8($matches[2][0]).$matches[3][0];
else
{
require_once(Yii::getPathOfAlias('system.vendors.Net_IDNA2.Net').DIRECTORY_SEPARATOR.'IDNA2.php');
$idna=new Net_IDNA2();
$value=$matches[1][0].'://'.@$idna->decode($matches[2][0]).$matches[3][0];
}
}
return $value;
}
}