[2.1.5] [MFH] Percent encode query and hash, and lazy update with attr validator

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1787 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 11:20:13 +02:00 · 2008-06-11 04:00:06 +00:00
parent 0d262b3a1d
commit c03953f85e
4 changed files with 28 additions and 3 deletions
--- a/6
+++ b/6
@@ -17,10 +17,14 @@ ERRATA
 2.1.5, unknown release date
 ! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
  and height/width HTML with %HTML.MaxImgLength.
+- AttrValidator operations are now atomic; updates to attributes are not
+  manifest in token until end of operations. This prevents naughty internal
+  code from directly modifying CurrentToken when they're not supposed to.
+- Percent encoding checks enabled for URI query and fragment
+- Disable percent height/width attributes for img
 . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
  handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
  this class.
- Disable percent height/width attributes for img
 . API of HTMLPurifier_AttrDef_CSS_Length changed from __construct($disable_negative)
  to __construct($min, $max). __construct(true) is equivalent to
  __construct('0'). (replace __construct with HTMLPurifier_AttrDef_CSS_Length)
--- a/library/HTMLPurifier/AttrValidator.php
+++ b/library/HTMLPurifier/AttrValidator.php
@@ -40,8 +40,8 @@ class HTMLPurifier_AttrValidator
        // DEFINITION CALL
        $d_defs = $definition->info_global_attr;
        
-        // reference attributes for easy manipulation
-        $attr =& $token->attr;
+        // don't update token until the very end, to ensure an atomic update
+        $attr = $token->attr;
        
        // do global transformations (pre)
        // nothing currently utilizes this
@@ -136,6 +136,8 @@ class HTMLPurifier_AttrValidator
            if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
        }
        
+        $token->attr = $attr;
+        
        // destroy CurrentToken if we made it ourselves
        if (!$current_token) $context->destroy('CurrentToken');
        
--- a/library/HTMLPurifier/URI.php
+++ b/library/HTMLPurifier/URI.php
@@ -131,6 +131,17 @@ class HTMLPurifier_URI
            $this->path = ''; // just to be safe
        }
        
+        // qf = query and fragment
+        $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
+        
+        if (!is_null($this->query)) {
+            $this->query = $qf_encoder->encode($this->query);
+        }
+        
+        if (!is_null($this->fragment)) {
+            $this->fragment = $qf_encoder->encode($this->fragment);
+        }
+        
        return true;
        
    }
--- a/tests/HTMLPurifier/URITest.php
+++ b/tests/HTMLPurifier/URITest.php
@@ -187,6 +187,14 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
        $this->assertValidation("\xE3\x91\x94", '%E3%91%94');
    }
    
+    function test_validate_query() {
+        $this->assertValidation("?/\xE3\x91\x94", '?/%E3%91%94');
+    }
+    
+    function test_validate_fragment() {
+        $this->assertValidation("#/\xE3\x91\x94", '#/%E3%91%94');
+    }
+    
    function test_validate_path_empty() {
        $this->assertValidation('http://google.com');
    }