<?php
/**
* Joomla! Content Management System
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\CMS\Form\Rule;
defined('JPATH_PLATFORM') or die;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Form\FormRule;
use Joomla\Registry\Registry;
use Joomla\String\StringHelper;
use Joomla\Uri\UriHelper;
/**
* Form Rule class for the Joomla Platform.
*
* @since 1.7.0
*/
class UrlRule extends FormRule
{
/**
* Method to test an external or internal url for all valid parts.
*
* @param \SimpleXMLElement $element The SimpleXMLElement object representing the `<field>` tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control value. This acts as an array container for the field.
* For example if the field has name="foo" and the group value is set to "bar" then the
* full field name would end up being "bar[foo]".
* @param Registry $input An optional Registry object with the entire data set to validate against the entire form.
* @param Form $form The form object for which the field is being tested.
*
* @return boolean True if the value is valid, false otherwise.
*
* @since 1.7.0
* @link http://www.w3.org/Addressing/URL/url-spec.txt
* @see JString
*/
public function test(\SimpleXMLElement $element, $value, $group = null, Registry $input = null, Form $form = null)
{
// If the field is empty and not required, the field is valid.
$required = ((string) $element['required'] == 'true' || (string) $element['required'] == 'required');
if (!$required && empty($value))
{
return true;
}
$urlParts = UriHelper::parse_url($value);
// See http://www.w3.org/Addressing/URL/url-spec.txt
// Use the full list or optionally specify a list of permitted schemes.
if ($element['schemes'] == '')
{
$scheme = array('http', 'https', 'ftp', 'ftps', 'gopher', 'mailto', 'news', 'prospero', 'telnet', 'rlogin', 'sftp', 'tn3270', 'wais',
'mid', 'cid', 'nntp', 'tel', 'urn', 'ldap', 'file', 'fax', 'modem', 'git');
}
else
{
$scheme = explode(',', $element['schemes']);
}
/*
* Note that parse_url() does not always parse accurately without a scheme,
* but at least the path should be set always. Note also that parse_url()
* returns False for seriously malformed URLs instead of an associative array.
* @link https://www.php.net/manual/en/function.parse-url.php
*/
if ($urlParts === false || !array_key_exists('scheme', $urlParts))
{
/*
* The function parse_url() returned false (seriously malformed URL) or no scheme
* was found and the relative option is not set: in both cases the field is not valid.
*/
if ($urlParts === false || !$element['relative'])
{
$element->addAttribute('message', \JText::sprintf('JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING', $value, implode(', ', $scheme)));
return false;
}
// The best we can do for the rest is make sure that the path exists and is valid UTF-8.
if (!array_key_exists('path', $urlParts) || !StringHelper::valid((string) $urlParts['path']))
{
return false;
}
// The internal URL seems to be good.
return true;
}
// Scheme found, check all parts found.
$urlScheme = (string) $urlParts['scheme'];
$urlScheme = strtolower($urlScheme);
if (in_array($urlScheme, $scheme) == false)
{
return false;
}
// For some schemes here must be two slashes.
$scheme = array('http', 'https', 'ftp', 'ftps', 'gopher', 'wais', 'prospero', 'sftp', 'telnet', 'git');
if (in_array($urlScheme, $scheme) && substr($value, strlen($urlScheme), 3) !== '://')
{
return false;
}
// The best we can do for the rest is make sure that the strings are valid UTF-8
// and the port is an integer.
if (array_key_exists('host', $urlParts) && !StringHelper::valid((string) $urlParts['host']))
{
return false;
}
if (array_key_exists('port', $urlParts) && !is_int((int) $urlParts['port']))
{
return false;
}
if (array_key_exists('path', $urlParts) && !StringHelper::valid((string) $urlParts['path']))
{
return false;
}
return true;
}
}