Fix bug with SecureMunge regarding embedded URIs.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1775 48356398-32a2-884e-a903-53898d9a118a
2025-08-03 20:58:11 +02:00 · 2008-06-02 17:39:29 +00:00
parent 36fb284d2f
commit 3af2ff8f98
3 changed files with 9 additions and 2 deletions
--- a/library/HTMLPurifier/URIFilter/SecureMunge.php
+++ b/library/HTMLPurifier/URIFilter/SecureMunge.php
@@ -17,6 +17,7 @@ class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter
    }
    public function filter(&$uri, $config, $context) {
        if (!$this->target || !$this->secretKey) return true;
+        if ($context->get('EmbeddedURI', true)) return true; // abort for embedded URIs
        $scheme_obj = $uri->getSchemeObj($config, $context);
        if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
        if (is_null($uri->host) || empty($scheme_obj->browsable)) {