mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 19:30:21 +02:00
Code Issues Releases Wiki Activity

[2.1.0] URI scheme is munged off if there is no authority and the scheme is the default one

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1330 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2007-08-01 13:15:33 +00:00
parent b03a44abff
commit b0f3116b9e
3 changed files with 53 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
library/HTMLPurifier/AttrDef/URI.php
View File

@@ -134,7 +134,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
$matches = array();
$result = preg_match($r_URI, $uri, $matches);
if (!$result) return false; // invalid URI
if (!$result) return false; // *really* invalid URI
// seperate out parts
$scheme = !empty($matches[1]) ? $matches[2] : null;
@@ -146,6 +146,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
$registry =& HTMLPurifier_URISchemeRegistry::instance();
$default_scheme = $config->get('URI', 'DefaultScheme');
if ($scheme !== null) {
// no need to validate the scheme's fmt since we do that when we
// retrieve the specific scheme object from the registry
@@ -154,7 +155,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if (!$scheme_obj) return false; // invalid scheme, clean it out
} else {
$scheme_obj = $registry->getScheme(
$config->get('URI', 'DefaultScheme'), $config, $context
$default_scheme, $config, $context
);
}
@@ -176,6 +177,8 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if ($authority !== null) {
// ridiculously inefficient
// remove URI if it's absolute and we disabled externals or
// if it's absolute and embedded and we disabled external resources
unset($our_host);
@@ -259,6 +262,8 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if($userinfo !== null) $authority .= $userinfo . '@';
$authority .= $host;
if($port !== null) $authority .= ':' . $port;
} else {
if ($default_scheme == $scheme) $scheme = null; // munge scheme off when unnecessary
}
// reconstruct the result