mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-05 13:47:24 +02:00
Code Issues Releases Wiki Activity

[2.1.5] [MFH] Fix stray backslashes in font-family.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1790 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-06-11 17:43:48 +00:00
parent 72f5819ef6
commit 369a69d533
4 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -22,6 +22,8 @@ ERRATA
code from directly modifying CurrentToken when they're not supposed to. code from directly modifying CurrentToken when they're not supposed to.
- Percent encoding checks enabled for URI query and fragment - Percent encoding checks enabled for URI query and fragment
- Disable percent height/width attributes for img - Disable percent height/width attributes for img
- Fix stray backslashes in font-family; CSS Unicode character escapes are
now properly resolved (although *only* in font-family).
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
this class. this class.

8
library/HTMLPurifier/AttrDef/CSS/FontFamily.php
View File

@@ -38,9 +38,11 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
$quote = $font[0]; $quote = $font[0];
if ($font[$length - 1] !== $quote) continue; if ($font[$length - 1] !== $quote) continue;
$font = substr($font, 1, $length - 2); $font = substr($font, 1, $length - 2);
// double-backslash processing is buggy // double-backslash processing is buggy. Namely, it doesn't allow
// fonts that contain an adjacent quote, backslash, or comma
$font = str_replace("\\$quote", $quote, $font); // de-escape quote $font = str_replace("\\$quote", $quote, $font); // de-escape quote
$font = str_replace("\\\n", "\n", $font); // de-escape newlines $font = str_replace("\\\n", '', $font); // de-escape newlines
$font = str_replace("\\\\", "\\", $font); // de-escape double backslashes
} }
// $font is a pure representation of the font name // $font is a pure representation of the font name
@@ -53,8 +55,8 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
// complicated font, requires quoting // complicated font, requires quoting
// armor single quotes and new lines // armor single quotes and new lines
$font = str_replace("\\", "\\\\", $font);
$font = str_replace("'", "\\'", $font); $font = str_replace("'", "\\'", $font);
$font = str_replace("\n", "\\\n", $font);
$final .= "'$font', "; $final .= "'$font', ";
} }
$final = rtrim($final, ', '); $final = rtrim($final, ', ');

1
tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php
View File

@@ -20,6 +20,7 @@ class HTMLPurifier_AttrDef_CSS_FontFamilyTest extends HTMLPurifier_AttrDefHarnes
$this->assertDef("John's Font", $d); $this->assertDef("John's Font", $d);
$this->assertDef($d = "'\xE5\xAE\x8B\xE4\xBD\x93'"); $this->assertDef($d = "'\xE5\xAE\x8B\xE4\xBD\x93'");
$this->assertDef("\xE5\xAE\x8B\xE4\xBD\x93", $d); $this->assertDef("\xE5\xAE\x8B\xE4\xBD\x93", $d);
$this->assertDef("'\\','f'", "'\\\\', f");
} }

1
tests/HTMLPurifier/AttrDef/CSS/URITest.php
View File

@@ -29,7 +29,6 @@ class HTMLPurifier_AttrDef_CSS_URITest extends HTMLPurifier_AttrDefHarness
// escaping // escaping
$this->assertDef("url(http://www.example.com/foo,bar\))", $this->assertDef("url(http://www.example.com/foo,bar\))",
"url(http://www.example.com/foo\,bar\))"); "url(http://www.example.com/foo\,bar\))");
} }
} }