[2.1.4] [MFH] Add protection against imagecrash attack with CSS height/width from r1684

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1719 48356398-32a2-884e-a903-53898d9a118a
2025-08-04 13:18:00 +02:00 · 2008-05-15 05:21:37 +00:00
parent 5fa575f8ac
commit e7fa8cbdd5
4 changed files with 38 additions and 2 deletions
--- a/library/HTMLPurifier/CSSDefinition.php
+++ b/library/HTMLPurifier/CSSDefinition.php
@@ -7,6 +7,7 @@ require_once 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Border.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Color.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Composite.php';
+require_once 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Font.php';
 require_once 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
 require_once 'HTMLPurifier/AttrDef/CSS/Length.php';
@@ -176,12 +177,13 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
        ));
        
        $this->info['width'] =
-        $this->info['height'] = 
+        $this->info['height'] =
+        new HTMLPurifier_AttrDef_CSS_DenyElementDecorator(
        new HTMLPurifier_AttrDef_CSS_Composite(array(
            new HTMLPurifier_AttrDef_CSS_Length(true),
            new HTMLPurifier_AttrDef_CSS_Percentage(true),
            new HTMLPurifier_AttrDef_Enum(array('auto'))
-        ));
+        )), 'img');
        
        $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();