mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 03:10:09 +02:00
Code Issues Releases Wiki Activity

%URI.DisableExternal(Resources) uses %URI.Base if %URI.Host is not available.

Browse Source 
As part of its duties, URIDefinition determine the base URL and the host URL
of the page based on the two corresponding configuration directives. The
DisableExternal URIFilter, however, bypassed this check by directly checking
%URI.Host. This fix forwards the call through URIDefinition.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang
2008-07-10 18:46:46 -04:00
parent 3a4b92da81
commit 3b6aa10592
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/HTMLPurifier/URIFilter/DisableExternal.php
View File

@@ -5,7 +5,7 @@ class HTMLPurifier_URIFilter_DisableExternal extends HTMLPurifier_URIFilter
public $name = 'DisableExternal';
protected $ourHostParts = false;
public function prepare($config) {
$our_host = $config->get('URI', 'Host');
$our_host = $config->getDefinition('URI')->host;
if ($our_host !== null) $this->ourHostParts = array_reverse(explode('.', $our_host));
}
public function filter(&$uri, $config, $context) {