[2.1.4] [MFH] Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax from r1612

- Also, repair botched comment patch git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1716 48356398-32a2-884e-a903-53898d9a118a
2025-08-02 12:21:09 +02:00 · 2008-05-15 05:04:39 +00:00
parent a7762c5137
commit 957a840f54
7 changed files with 19 additions and 3 deletions
--- a/1
+++ b/1
@@ -18,6 +18,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
  both span tags closed.
 - Fix bug with trusted script handling in libxml versions later than 2.6.28.
 - Fix bug in comment parsing with DirectLex
 - Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax
 2.1.3, released 2007-11-05
 ! tests/multitest.php allows you to test multiple versions by running
--- a/library/HTMLPurifier/AttrDef.php
+++ b/library/HTMLPurifier/AttrDef.php
@@ -82,5 +82,13 @@ class HTMLPurifier_AttrDef
        return $this;
    }
    /**
     * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
     * properly. THIS IS A HACK!
     */
    function mungeRgb($string) {
        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
    }
 }
--- a/library/HTMLPurifier/AttrDef/CSS/Background.php
+++ b/library/HTMLPurifier/AttrDef/CSS/Background.php
@@ -31,6 +31,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
        $string = $this->parseCDATA($string);
        if ($string === '') return false;
        // munge rgb() decl if necessary
        $string = $this->mungeRgb($string);
        // assumes URI doesn't have spaces in it
        $bits = explode(' ', strtolower($string)); // bits to process
--- a/library/HTMLPurifier/AttrDef/CSS/Border.php
+++ b/library/HTMLPurifier/AttrDef/CSS/Border.php
@@ -22,7 +22,7 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
    function validate($string, $config, &$context) {
        $string = $this->parseCDATA($string);
-        // we specifically will not support rgb() syntax with spaces
+        $string = $this->mungeRgb($string);
        $bits = explode(' ', $string);
        $done = array(); // segments we've finished
        $ret = ''; // return value
--- a/library/HTMLPurifier/Lexer/DirectLex.php
+++ b/library/HTMLPurifier/Lexer/DirectLex.php
@@ -184,8 +184,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                    }
                    $strlen_segment = $position_comment_end - $cursor;
                    $segment = substr($html, $cursor, $strlen_segment);
-                    $token = new
+                    $token = new HTMLPurifier_Token_Comment(substr($segment, 3));
                        HTMLPurifier_Token_Comment($segment, 3);
                    if ($maintain_line_numbers) {
                        $token->line = $current_line;
                        $current_line += $this->substrCount($html, $nl, $cursor, $strlen_segment);
--- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
@@ -14,6 +14,10 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
        $valid = '#333 url(chess.png) repeat fixed 50% top';
        $this->assertDef($valid);
        $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid);
        $this->assertDef(
            'rgb(34, 56, 33) url(chess.png) repeat fixed top',
            'rgb(34,56,33) url(chess.png) repeat fixed top'
        );
    }
--- a/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php
@@ -14,6 +14,7 @@ class HTMLPurifier_AttrDef_CSS_BorderTest extends HTMLPurifier_AttrDefHarness
        $this->assertDef('thick solid');
        $this->assertDef('solid red', 'solid #FF0000');
        $this->assertDef('1px solid #000');
        $this->assertDef('1px solid rgb(0, 0, 0)', '1px solid rgb(0,0,0)');
    }