0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

Fix a bounds error which now errors in PHP 7.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2016-03-24 00:12:52 -07:00
parent 753c830239
commit 1f3e282fde
2 changed files with 4 additions and 0 deletions

1
NEWS
View File

@ -17,6 +17,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- IDNA supported natively on PHP 5.3 and later. - IDNA supported natively on PHP 5.3 and later.
- Non all-numeric top-level names (e.g., foo.1f, 1f) are now - Non all-numeric top-level names (e.g., foo.1f, 1f) are now
allowed. allowed.
- Minor bounds error fix to squash a PHP 7 notice.
4.7.0, released 2015-08-04 4.7.0, released 2015-08-04
# opacity is now considered a "tricky" CSS property rather than a # opacity is now considered a "tricky" CSS property rather than a

View File

@ -33,6 +33,9 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
return false; return false;
} }
$uri_string = substr($uri_string, 4); $uri_string = substr($uri_string, 4);
if (strlen($uri_string) == 0) {
return false;
}
$new_length = strlen($uri_string) - 1; $new_length = strlen($uri_string) - 1;
if ($uri_string[$new_length] != ')') { if ($uri_string[$new_length] != ')') {
return false; return false;