[2.1.0] Fix some minor DirectLex bugs that may lead to PHP errors

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1310 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 19:30:21 +02:00 · 2007-07-05 21:29:07 +00:00
parent 626b2a13c8
commit e7e81c0a5b
3 changed files with 41 additions and 5 deletions
--- a/library/HTMLPurifier/Lexer/DirectLex.php
+++ b/library/HTMLPurifier/Lexer/DirectLex.php
@@ -150,6 +150,14 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                // We are in tag and it is well formed
                // Grab the internals of the tag
                $strlen_segment = $position_next_gt - $cursor;
+                
+                if ($strlen_segment < 1) {
+                    // there's nothing to process!
+                    $token = new HTMLPurifier_Token_Text('<');
+                    $cursor++;
+                    continue;
+                }
+                
                $segment = substr($html, $cursor, $strlen_segment);
                
                // Check if it's a comment
@@ -372,6 +380,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                    $value = $quoted_value;
                }
            }
+            if ($value === false) $value = '';
            return array($key => $value);
        }
        
@@ -386,7 +395,6 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
        
        // infinite loop protection
        $loops = 0;
-        
        while(true) {
            
            // infinite loop protection
@@ -400,7 +408,6 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
            }
            
            $cursor += ($value = strspn($string, $this->_whitespace, $cursor));
-            
            // grab the key
            
            $key_begin = $cursor; //we're currently at the start of the key
@@ -436,6 +443,11 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                $cursor++;
                $cursor += strspn($string, $this->_whitespace, $cursor);
                
+                if ($cursor === false) {
+                    $array[$key] = '';
+                    break;
+                }
+                
                // we might be in front of a quote right now
                
                $char = @$string[$cursor];
@@ -453,7 +465,14 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                    $value_end = $cursor;
                }
                
+                // we reached a premature end
+                if ($cursor === false) {
+                    $cursor = $size;
+                    $value_end = $cursor;
+                }
+                
                $value = substr($string, $value_begin, $value_end - $value_begin);
+                if ($value === false) $value = '';
                $array[$key] = $this->parseData($value);
                $cursor++;