mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 19:30:21 +02:00
Code Issues Releases Wiki Activity

[2.1.0] Fix some minor DirectLex bugs that may lead to PHP errors

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1310 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2007-07-05 21:29:07 +00:00
parent 626b2a13c8
commit e7e81c0a5b
3 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
library/HTMLPurifier/Lexer/DirectLex.php
View File

@@ -150,6 +150,14 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
// We are in tag and it is well formed // We are in tag and it is well formed
// Grab the internals of the tag // Grab the internals of the tag
$strlen_segment = $position_next_gt - $cursor; $strlen_segment = $position_next_gt - $cursor;
if ($strlen_segment < 1) {
// there's nothing to process!
$token = new HTMLPurifier_Token_Text('<');
$cursor++;
continue;
}
$segment = substr($html, $cursor, $strlen_segment); $segment = substr($html, $cursor, $strlen_segment);
// Check if it's a comment // Check if it's a comment
@@ -372,6 +380,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
$value = $quoted_value; $value = $quoted_value;
} }
} }
if ($value === false) $value = '';
return array($key => $value); return array($key => $value);
} }
@@ -386,7 +395,6 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
// infinite loop protection // infinite loop protection
$loops = 0; $loops = 0;
while(true) { while(true) {
// infinite loop protection // infinite loop protection
@@ -400,7 +408,6 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
} }
$cursor += ($value = strspn($string, $this->_whitespace, $cursor)); $cursor += ($value = strspn($string, $this->_whitespace, $cursor));
// grab the key // grab the key
$key_begin = $cursor; //we're currently at the start of the key $key_begin = $cursor; //we're currently at the start of the key
@@ -436,6 +443,11 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
$cursor++; $cursor++;
$cursor += strspn($string, $this->_whitespace, $cursor); $cursor += strspn($string, $this->_whitespace, $cursor);
if ($cursor === false) {
$array[$key] = '';
break;
}
// we might be in front of a quote right now // we might be in front of a quote right now
$char = @$string[$cursor]; $char = @$string[$cursor];
@@ -453,7 +465,14 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
$value_end = $cursor; $value_end = $cursor;
} }
// we reached a premature end
if ($cursor === false) {
$cursor = $size;
$value_end = $cursor;
}
$value = substr($string, $value_begin, $value_end - $value_begin); $value = substr($string, $value_begin, $value_end - $value_begin);
if ($value === false) $value = '';
$array[$key] = $this->parseData($value); $array[$key] = $this->parseData($value);
$cursor++; $cursor++;

6
tests/HTMLPurifier/Lexer/DirectLexTest.php
View File

@@ -59,6 +59,12 @@ class HTMLPurifier_Lexer_DirectLexTest extends UnitTestCase
$input[12] = '="" =""'; $input[12] = '="" =""';
$expect[12] = array('"' => ''); // tough to say, just don't throw a loop $expect[12] = array('"' => ''); // tough to say, just don't throw a loop
$input[13] = 'href="';
$expect[13] = array('href' => '');
$input[14] = 'href=" <';
$expect[14] = array('href' => ' <');
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context(); $context = new HTMLPurifier_Context();
$size = count($input); $size = count($input);

17
tests/HTMLPurifier/LexerTest.php
View File

@@ -335,10 +335,21 @@ class HTMLPurifier_LexerTest extends UnitTestCase
// test escaping // test escaping
$input[23] = '<!-- This comment < &lt; & -->'; $input[23] = '<!-- This comment < &lt; & -->';
$expect[23] = array( $expect[23] = array(
new HTMLPurifier_Token_Comment(' This comment < &lt; & ') new HTMLPurifier_Token_Comment(' This comment < &lt; & ') );
$sax_expect[23] = false; $config[23] =
HTMLPurifier_Config::create(array('Core.AggressivelyFixLt' =>
true));
// more DirectLex edge-cases
$input[24] = '<a href="><>">';
$expect[24] = array(
new HTMLPurifier_Token_Start('a', array('href' => '')),
new HTMLPurifier_Token_Text('<">')
);
$sax_expect[24] = false;
$dom_expect[24] = array(
new HTMLPurifier_Token_Empty('a', array('href' => '><>'))
); );
$sax_expect[23] = false;
$config[21] = HTMLPurifier_Config::create(array('Core.AggressivelyFixLt' => true));
$default_config = HTMLPurifier_Config::createDefault(); $default_config = HTMLPurifier_Config::createDefault();
$default_context = new HTMLPurifier_Context(); $default_context = new HTMLPurifier_Context();