URI.Munge munges https to http URIs.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

library/HTMLPurifier/URIFilter/Munge.php

@@ -23,9 +23,16 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
         if (is_null($uri->host) || empty($scheme_obj->browsable)) {
             return true;
         }
+        $uri_definition = $config->getDefinition('URI');
         // don't redirect if target host is our host
-        if ($uri->host === $config->getDefinition('URI')->host) {
-            return true;
+        if ($uri->host === $uri_definition->host) {
+            // but do redirect if we're currently on a secure scheme,
+            // and the target scheme is insecure
+            $current_scheme_obj = HTMLPurifier_URISchemeRegistry::instance()->getScheme($uri_definition->defaultScheme, $config, $context);
+            if ($scheme_obj->secure || !$current_scheme_obj->secure) {
+                return true;
+            }
+            // target scheme was not secure, but we were secure
         }
 
         $this->makeReplace($uri, $config, $context);

library/HTMLPurifier/URIScheme.php

@@ -19,6 +19,12 @@ abstract class HTMLPurifier_URIScheme
      */
     public $browsable = false;
 
+    /**
+     * Whether or not data transmitted over this scheme is encrypted.
+     * https is secure, http is not.
+     */
+    public $secure = false;
+
     /**
      * Whether or not the URI always uses <hier_part>, resolves edge cases
      * with making relative URIs absolute

library/HTMLPurifier/URIScheme/https.php

@@ -6,6 +6,7 @@
 class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http {
 
     public $default_port = 443;
+    public $secure = true;
 
 }