0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-18 11:41:52 +00:00

[2.1.3] Fix PHP warning from MakeAbsolute, also improve URIFilter documentation

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1422 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-09-27 00:07:27 +00:00
parent f2df669eec
commit 094b20f58f
5 changed files with 30 additions and 2 deletions

2
NEWS
View File

@ -17,6 +17,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Corrective blockquote definition now enabled for HTML 4.01 Strict - Corrective blockquote definition now enabled for HTML 4.01 Strict
- Fatal error when <img> tag (or any other element with required attributes) - Fatal error when <img> tag (or any other element with required attributes)
has 'id' attribute fixed, thanks NykO18 for reporting has 'id' attribute fixed, thanks NykO18 for reporting
- Fix warning emitted when a non-supported URI scheme is passed to the
MakeAbsolute URIFilter, thanks NykO18 (again)
. %Core.AcceptFullDocuments renamed to %Core.ConvertDocumentToFragment . %Core.AcceptFullDocuments renamed to %Core.ConvertDocumentToFragment
to better communicate its purpose to better communicate its purpose

View File

@ -102,7 +102,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
$result = $uri->validate($config, $context); $result = $uri->validate($config, $context);
if (!$result) break; if (!$result) break;
// chained validation // chained filtering
$uri_def =& $config->getDefinition('URI'); $uri_def =& $config->getDefinition('URI');
$result = $uri_def->filter($uri, $config, $context); $result = $uri_def->filter($uri, $config, $context);
if (!$result) break; if (!$result) break;

View File

@ -1,10 +1,22 @@
<?php <?php
/** /**
* Chainable filters for custom URI processing * Chainable filters for custom URI processing.
*
* These filters can perform custom actions on a URI filter object,
* including transformation or blacklisting.
*
* @warning This filter is called before scheme object validation occurs.
* Make sure, if you require a specific scheme object, you
* you check that it exists. This allows filters to convert
* proprietary URI schemes into regular ones.
*/ */
class HTMLPurifier_URIFilter class HTMLPurifier_URIFilter
{ {
/**
* Unique identifier of filter
*/
var $name; var $name;
/** /**
@ -17,8 +29,12 @@ class HTMLPurifier_URIFilter
* @param &$uri Reference to URI object * @param &$uri Reference to URI object
* @param $config Instance of HTMLPurifier_Config * @param $config Instance of HTMLPurifier_Config
* @param &$context Instance of HTMLPurifier_Context * @param &$context Instance of HTMLPurifier_Context
* @return bool Whether or not to continue processing: false indicates
* URL is no good, true indicates continue processing. Note that
* all changes are committed directly on the URI object
*/ */
function filter(&$uri, $config, &$context) { function filter(&$uri, $config, &$context) {
trigger_error('Cannot call abstract function', E_USER_ERROR); trigger_error('Cannot call abstract function', E_USER_ERROR);
} }
} }

View File

@ -47,6 +47,10 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
// absolute URI already: don't change // absolute URI already: don't change
if (!is_null($uri->host)) return true; if (!is_null($uri->host)) return true;
$scheme_obj = $uri->getSchemeObj($config, $context); $scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) {
// scheme not recognized
return false;
}
if (!$scheme_obj->hierarchical) { if (!$scheme_obj->hierarchical) {
// non-hierarchal URI with explicit scheme, don't change // non-hierarchal URI with explicit scheme, don't change
return true; return true;

View File

@ -111,6 +111,12 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
$this->assertFiltering('.', '../'); $this->assertFiltering('.', '../');
} }
function testRemoveJavaScriptWithEmbeddedLink() {
// credits: NykO18
$this->setBase('http://www.example.com/');
$this->assertFiltering('javascript: window.location = \'http://www.example.com\';', false);
}
// error case // error case
function testErrorNoBase() { function testErrorNoBase() {