[2.1.3] Fix PHP warning from MakeAbsolute, also improve URIFilter documentation

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1422 48356398-32a2-884e-a903-53898d9a118a

NEWS

@@ -17,6 +17,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Corrective blockquote definition now enabled for HTML 4.01 Strict
 - Fatal error when <img> tag (or any other element with required attributes)
   has 'id' attribute fixed, thanks NykO18 for reporting
+- Fix warning emitted when a non-supported URI scheme is passed to the
+  MakeAbsolute URIFilter, thanks NykO18 (again)
 . %Core.AcceptFullDocuments renamed to %Core.ConvertDocumentToFragment 
   to better communicate its purpose
 

library/HTMLPurifier/AttrDef/URI.php

@@ -102,7 +102,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
             $result = $uri->validate($config, $context);
             if (!$result) break;
             
-            // chained validation
+            // chained filtering
             $uri_def =& $config->getDefinition('URI');
             $result = $uri_def->filter($uri, $config, $context);
             if (!$result) break;

library/HTMLPurifier/URIFilter.php

@@ -1,10 +1,22 @@
 <?php
 
 /**
- * Chainable filters for custom URI processing 
+ * Chainable filters for custom URI processing.
+ * 
+ * These filters can perform custom actions on a URI filter object,
+ * including transformation or blacklisting.
+ * 
+ * @warning This filter is called before scheme object validation occurs.
+ *          Make sure, if you require a specific scheme object, you
+ *          you check that it exists. This allows filters to convert
+ *          proprietary URI schemes into regular ones.
  */
 class HTMLPurifier_URIFilter
 {
+    
+    /**
+     * Unique identifier of filter
+     */
     var $name;
     
     /**
@@ -17,8 +29,12 @@ class HTMLPurifier_URIFilter
      * @param &$uri Reference to URI object
      * @param $config Instance of HTMLPurifier_Config
      * @param &$context Instance of HTMLPurifier_Context
+     * @return bool Whether or not to continue processing: false indicates
+     *         URL is no good, true indicates continue processing. Note that
+     *         all changes are committed directly on the URI object
      */
     function filter(&$uri, $config, &$context) {
         trigger_error('Cannot call abstract function', E_USER_ERROR);
     }
+    
 }

library/HTMLPurifier/URIFilter/MakeAbsolute.php

@@ -47,6 +47,10 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
             // absolute URI already: don't change
             if (!is_null($uri->host)) return true;
             $scheme_obj = $uri->getSchemeObj($config, $context);
+            if (!$scheme_obj) {
+                // scheme not recognized
+                return false;
+            }
             if (!$scheme_obj->hierarchical) {
                 // non-hierarchal URI with explicit scheme, don't change
                 return true;

tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php

@@ -111,6 +111,12 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
         $this->assertFiltering('.', '../');
     }
     
+    function testRemoveJavaScriptWithEmbeddedLink() {
+        // credits: NykO18
+        $this->setBase('http://www.example.com/');
+        $this->assertFiltering('javascript: window.location = \'http://www.example.com\';', false);
+    }
+    
     // error case
     
     function testErrorNoBase() {