diff --git a/NEWS b/NEWS index 990b9450..f0d553b3 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier both span tags closed. - Fix bug with trusted script handling in libxml versions later than 2.6.28. - Fix bug in comment parsing with DirectLex +- Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax 2.1.3, released 2007-11-05 ! tests/multitest.php allows you to test multiple versions by running diff --git a/library/HTMLPurifier/AttrDef.php b/library/HTMLPurifier/AttrDef.php index 882b6260..e94ee713 100644 --- a/library/HTMLPurifier/AttrDef.php +++ b/library/HTMLPurifier/AttrDef.php @@ -82,5 +82,13 @@ class HTMLPurifier_AttrDef return $this; } + /** + * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work + * properly. THIS IS A HACK! + */ + function mungeRgb($string) { + return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); + } + } diff --git a/library/HTMLPurifier/AttrDef/CSS/Background.php b/library/HTMLPurifier/AttrDef/CSS/Background.php index b82e98e5..a5c1046a 100644 --- a/library/HTMLPurifier/AttrDef/CSS/Background.php +++ b/library/HTMLPurifier/AttrDef/CSS/Background.php @@ -31,6 +31,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $string = $this->parseCDATA($string); if ($string === '') return false; + // munge rgb() decl if necessary + $string = $this->mungeRgb($string); + // assumes URI doesn't have spaces in it $bits = explode(' ', strtolower($string)); // bits to process diff --git a/library/HTMLPurifier/AttrDef/CSS/Border.php b/library/HTMLPurifier/AttrDef/CSS/Border.php index f6d4d684..4eb3e25a 100644 --- a/library/HTMLPurifier/AttrDef/CSS/Border.php +++ b/library/HTMLPurifier/AttrDef/CSS/Border.php @@ -22,7 +22,7 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef function validate($string, $config, &$context) { $string = $this->parseCDATA($string); - // we specifically will not support rgb() syntax with spaces + $string = $this->mungeRgb($string); $bits = explode(' ', $string); $done = array(); // segments we've finished $ret = ''; // return value diff --git a/library/HTMLPurifier/Lexer/DirectLex.php b/library/HTMLPurifier/Lexer/DirectLex.php index e7f39361..1b101687 100644 --- a/library/HTMLPurifier/Lexer/DirectLex.php +++ b/library/HTMLPurifier/Lexer/DirectLex.php @@ -184,8 +184,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer } $strlen_segment = $position_comment_end - $cursor; $segment = substr($html, $cursor, $strlen_segment); - $token = new - HTMLPurifier_Token_Comment($segment, 3); + $token = new HTMLPurifier_Token_Comment(substr($segment, 3)); if ($maintain_line_numbers) { $token->line = $current_line; $current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment); diff --git a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php index 7cd60d34..e4d9a15f 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php @@ -14,6 +14,10 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes $valid = '#333 url(chess.png) repeat fixed 50% top'; $this->assertDef($valid); $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid); + $this->assertDef( + 'rgb(34, 56, 33) url(chess.png) repeat fixed top', + 'rgb(34,56,33) url(chess.png) repeat fixed top' + ); } diff --git a/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php b/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php index 5eaceae4..85d12d33 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php @@ -14,6 +14,7 @@ class HTMLPurifier_AttrDef_CSS_BorderTest extends HTMLPurifier_AttrDefHarness $this->assertDef('thick solid'); $this->assertDef('solid red', 'solid #FF0000'); $this->assertDef('1px solid #000'); + $this->assertDef('1px solid rgb(0, 0, 0)', '1px solid rgb(0,0,0)'); }