[3.1.1] Implement more robust imagecrash protection for CSS width/height.

- Change API for HTMLPurifier_AttrDef_CSS_Length - Implement HTMLPurifier_AttrDef_Switch class - Implement HTMLPurifier_Length->compareTo, and make make() accept object instances git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
2025-08-06 14:16:32 +02:00 · 2008-05-21 01:56:48 +00:00
parent c3fab7200e
commit 1a95852007
15 changed files with 208 additions and 27 deletions
--- a/tests/HTMLPurifier/AttrDef/CSS/LengthTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/LengthTest.php
@@ -28,12 +28,20 @@ class HTMLPurifier_AttrDef_CSS_LengthTest extends HTMLPurifier_AttrDefHarness
    
    function testNonNegative() {
        
-        $this->def = new HTMLPurifier_AttrDef_CSS_Length(true);
+        $this->def = new HTMLPurifier_AttrDef_CSS_Length('0');
        
        $this->assertDef('3cm');
        $this->assertDef('-3mm', false);
        
    }
    
+    function testBounding() {
+        $this->def = new HTMLPurifier_AttrDef_CSS_Length('-1in', '1in');
+        $this->assertDef('1cm');
+        $this->assertDef('-1cm');
+        $this->assertDef('0');
+        $this->assertDef('1em', false);
+    }
+    
 }

--- a/tests/HTMLPurifier/AttrDef/SwitchTest.php
+++ b/tests/HTMLPurifier/AttrDef/SwitchTest.php
@@ -0,0 +1,32 @@
+<?php
+
+class HTMLPurifier_AttrDef_SwitchTest extends HTMLPurifier_AttrDefHarness
+{
+    
+    protected $with, $without;
+    
+    function setUp() {
+        parent::setUp();
+        generate_mock_once('HTMLPurifier_AttrDef');
+        $this->with = new HTMLPurifier_AttrDefMock();
+        $this->without = new HTMLPurifier_AttrDefMock();
+        $this->def = new HTMLPurifier_AttrDef_Switch('tag', $this->with, $this->without);
+    }
+    
+    function testWith() {
+        $token = new HTMLPurifier_Token_Start('tag');
+        $this->context->register('CurrentToken', $token);
+        $this->with->expectOnce('validate');
+        $this->with->setReturnValue('validate', 'foo');
+        $this->assertDef('bar', 'foo');
+    }
+    
+    function testWithout() {
+        $token = new HTMLPurifier_Token_Start('other-tag');
+        $this->context->register('CurrentToken', $token);
+        $this->without->expectOnce('validate');
+        $this->without->setReturnValue('validate', 'foo');
+        $this->assertDef('bar', 'foo');
+    }
+    
+}
--- a/tests/HTMLPurifier/LengthTest.php
+++ b/tests/HTMLPurifier/LengthTest.php
@@ -47,4 +47,25 @@ class HTMLPurifier_LengthTest extends HTMLPurifier_Harness
        $this->assertValidate('3miles', false);
    }
    
+    /**
+     * @param $s1 First string to compare
+     * @param $s2 Second string to compare
+     * @param $expect 0 for $s1 == $s2, 1 for $s1 > $s2 and -1 for $s1 < $s2
+     */
+    protected function assertComparison($s1, $s2, $expect = 0) {
+        $l1 = HTMLPurifier_Length::make($s1);
+        $l2 = HTMLPurifier_Length::make($s2);
+        $r1 = $l1->compareTo($l2);
+        $r2 = $l2->compareTo($l1);
+        $this->assertIdentical($r1 == 0 ? 0 : ($r1 > 0 ? 1 : -1), $expect);
+        $this->assertIdentical($r2 == 0 ? 0 : ($r2 > 0 ? 1 : -1), - $expect);
+    }
+    
+    function testCompareTo() {
+        $this->assertComparison('12in', '12in');
+        $this->assertComparison('12in', '12mm', 1);
+        $this->assertComparison('1px', '1mm', -1);
+        $this->assertComparison(str_repeat('2', 38) . 'in', '100px', 1);
+    }
+    
 }
--- a/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
+++ b/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
@@ -177,9 +177,44 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
        );
    }
    
-    function testRemoveCSSWidthAndHeightOnImg() {
+    function testKeepAbsoluteCSSWidthAndHeightOnImg() {
        $this->assertResult(
-            '<img src="" alt="" style="width:10px;height:10px;border:1px solid #000;" />',
+            '<img src="" alt="" style="width:10px;height:10px;border:1px solid #000;" />'
+        );
+    }
+    
+    function testRemoveLargeCSSWidthAndHeightOnImg() {
+        $this->assertResult(
+            '<img src="" alt="" style="width:10000000px;height:10000000px;border:1px solid #000;" />',
+            '<img src="" alt="" style="border:1px solid #000;" />'
+        );
+    }
+    
+    function testRemoveLargeCSSWidthAndHeightOnImgWithUserConf() {
+        $this->config->set('CSS', 'MaxImgLength', '1px');
+        $this->assertResult(
+            '<img src="" alt="" style="width:1mm;height:1mm;border:1px solid #000;" />',
+            '<img src="" alt="" style="border:1px solid #000;" />'
+        );
+    }
+    
+    function testKeepLargeCSSWidthAndHeightOnImgWhenToldTo() {
+        $this->config->set('CSS', 'MaxImgLength', null);
+        $this->assertResult(
+            '<img src="" alt="" style="width:10000000px;height:10000000px;border:1px solid #000;" />'
+        );
+    }
+    
+    function testRemoveRelativeCSSWidthAndHeightOnImg() {
+        $this->assertResult(
+            '<img src="" alt="" style="width:10em;height:10em;border:1px solid #000;" />',
+            '<img src="" alt="" style="border:1px solid #000;" />'
+        );
+    }
+    
+    function testRemovePercentCSSWidthAndHeightOnImg() {
+        $this->assertResult(
+            '<img src="" alt="" style="width:100%;height:100%;border:1px solid #000;" />',
            '<img src="" alt="" style="border:1px solid #000;" />'
        );
    }