[3.1.1] General munge improvements

- Add CurrentCSSProperty context variable
- Move Munge to its own class, derived off of SecureMunge.
- Rename %URI.SecureMunge to %URI.Munge
- Rename %URI.SecureMungeSecretKey to %URI.MungeSecretKey
- Add extra substitutions for munge

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1803 48356398-32a2-884e-a903-53898d9a118a

library/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt

@@ -6,7 +6,7 @@ DEFAULT: NULL
 
 <p>
     Munges all browsable (usually http, https and ftp)
-    absolute URI's into another URI, usually a URI redirection service.
+    absolute URIs into another URI, usually a URI redirection service.
     This directive accepts a URI, formatted with a <code>%s</code> where 
     the url-encoded original URI should be inserted (sample: 
     <code>http://www.google.com/url?q=%s</code>).
@@ -19,13 +19,58 @@ DEFAULT: NULL
         Prevent PageRank leaks, while being fairly transparent 
         to users (you may also want to add some client side JavaScript to 
         override the text in the statusbar). <strong>Notice</strong>:
-        Many security experts believe that this form of protection does
-not deter spam-bots. 
+        Many security experts believe that this form of protection does not deter spam-bots. 
     </li>
     <li>
         Redirect users to a splash page telling them they are leaving your
-        website. While this is poor usability practice, it is often
-mandated
+        website. While this is poor usability practice, it is often mandated
         in corporate environments.
     </li>
 </ul>
+<p>
+    You may want to also use %URI.MungeSecretKey along with this directive
+    in order to enforce what URIs your redirector script allows. Open
+    redirector scripts can be a security risk and negatively affect the
+    reputation of your domain name.
+</p>
+<p>
+    Starting with HTML Purifier 3.1.1, there is also these substitutions:
+</p>
+<table>
+    <thead>
+        <tr>
+            <th>Key</th>
+            <th>Description</th>
+            <th>Example <code>&lt;a href=""&gt;</code></th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>%r</td>
+            <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>%n</td>
+            <td>The name of the tag this URI came from</td>
+            <td>a</td>
+        </tr>
+        <tr>
+            <td>%m</td>
+            <td>The name of the attribute this URI came from</td>
+            <td>href</td>
+        </tr>
+        <tr>
+            <td>%p</td>
+            <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
+            <td></td>
+        </tr>
+    </tbody>
+</table>
+<p>
+    Admittedly, these letters are somewhat arbitrary; the only stipulation
+    was that they couldn't be a through f. r is for resource (I would have preferred
+    e, but you take what you can get), n is for name, m
+    was picked because it came after n (and I couldn't use a), p is for
+    property.
+</p>

library/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt

@@ -0,0 +1,12 @@
+URI.MungeResources
+TYPE: bool
+VERSION: 3.1.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    If true, any URI munging directives like %URI.Munge or %URI.SecureMunge
+    will also apply to embedded resources, such as <code>&lt;img src=""&gt;</code>.
+    Be careful enabling this directive if you have a redirector script
+    that does not use the <code>Location</code> HTTP header; all of your images
+    and other embedded resources will break.
+</ul>

library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt

@@ -0,0 +1,29 @@
+URI.MungeSecretKey
+TYPE: string/null
+VERSION: 3.1.1
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    This directive enables secure checksum generation along with %URI.Munge.
+    It should be set to a secure key that is not shared with anyone else.
+    The checksum can be placed in the URI using %t. Use of this checksum
+    affords an additional level of protection by allowing a redirector
+    to check if a URI has passed through HTML Purifier with this line:
+</p>
+
+<pre>$checksum === sha1($secret_key . ':' . $url)</pre>
+
+<p>
+    If the output is TRUE, the redirector script should accept the URI.
+</p>
+
+<p>
+    Please note that it would still be possible for an attacker to procure
+    secure hashes en-mass by abusing your website's Preview feature or the
+    like, but this service affords an additional level of protection
+    that should be combined with website blacklisting.
+</p>
+
+<p>
+    Remember this has no effect if %URI.Munge is not on.
+</p>

library/HTMLPurifier/ConfigSchema/schema/URI.SecureMunge.txt

@@ -1,33 +0,0 @@
-URI.SecureMunge
-TYPE: string/null
-VERSION: 3.1.1
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    Like %URI.Munge, this directive munges browsable external resources
-    into another URI redirection service. %URI.SecureMunge accepts a URI
-    with a %s located where the original URI should be substituted in,
-    and %t located where the secure checksum should be provided.
-    However, this directive affords
-    an additional level of protection by generating a secure checksum from
-    the URI as well as a secret key provided by %URI.SecureMungeSecretKey.
-    Any redirector script can check this key by using:
-</p>
-
-<pre>$checksum === sha1($secret_key . ':' . $url)</pre>
-
-<p>
-    If the output is TRUE, the redirector script should accept the URI.
-</p>
-
-<p>
-    Please note that it would still be possible for an attacker to procure
-    secure hashes en-mass by abusing your website's Preview feature or the
-    like, but this service affords an additional level of protection
-    that should be combined with website blacklisting.
-</p>
-
-<p>
-    <strong>This is a post-filter.</strong> This filter may conflict with other
-    post-filters that deal with external links.
-</p>

library/HTMLPurifier/ConfigSchema/schema/URI.SecureMungeSecretKey.txt

@@ -1,11 +0,0 @@
-URI.SecureMungeSecretKey
-TYPE: string/null
-VERSION: 3.1.1
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    This is the secret key used in conjunction with %URI.SecureMunge. Your
-    redirector script needs to know about this key, and no one else should
-    know about this key. Please see the above
-    directive for more details.
-</p>