0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Fix bug with SecureMunge regarding embedded URIs.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1775 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-06-02 17:39:29 +00:00
parent 36fb284d2f
commit 3af2ff8f98
3 changed files with 9 additions and 2 deletions

View File

@ -17,6 +17,7 @@ class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter
}
public function filter(&$uri, $config, $context) {
if (!$this->target || !$this->secretKey) return true;
if ($context->get('EmbeddedURI', true)) return true; // abort for embedded URIs
$scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
if (is_null($uri->host) || empty($scheme_obj->browsable)) {

View File

@ -22,6 +22,12 @@ class HTMLPurifier_URIFilter_SecureMungeTest extends HTMLPurifier_URIFilterHarne
$this->assertFiltering('/local');
}
function testPreserveEmbedded() {
$embedded = true;
$this->context->register('EmbeddedURI', $embedded);
$this->assertFiltering('http://google.com');
}
function testStandardMunge() {
$this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
}

View File

@ -189,8 +189,8 @@ alert("<This is compatible with XHTML>");
$this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t');
$this->config->set('URI', 'SecureMungeSecretKey', 'foo');
$this->assertPurification(
'<a href="http://localhost">foo</a>',
'<a href="/redirect.php?url=http%3A%2F%2Flocalhost&amp;check=8e8223ae8fac24561104180ea549c21fbd111be7">foo</a>'
'<a href="http://localhost">foo</a><img src="http://localhost" alt="local" />',
'<a href="/redirect.php?url=http%3A%2F%2Flocalhost&amp;check=8e8223ae8fac24561104180ea549c21fbd111be7">foo</a><img src="http://localhost" alt="local" />'
);
}