From 3af2ff8f98bdcf866b9d8949fec8a7b5c45ed678 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Mon, 2 Jun 2008 17:39:29 +0000 Subject: [PATCH] Fix bug with SecureMunge regarding embedded URIs. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1775 48356398-32a2-884e-a903-53898d9a118a --- library/HTMLPurifier/URIFilter/SecureMunge.php | 1 + tests/HTMLPurifier/URIFilter/SecureMungeTest.php | 6 ++++++ tests/HTMLPurifierTest.php | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/library/HTMLPurifier/URIFilter/SecureMunge.php b/library/HTMLPurifier/URIFilter/SecureMunge.php index fe74ac53..f131ad4e 100644 --- a/library/HTMLPurifier/URIFilter/SecureMunge.php +++ b/library/HTMLPurifier/URIFilter/SecureMunge.php @@ -17,6 +17,7 @@ class HTMLPurifier_URIFilter_SecureMunge extends HTMLPurifier_URIFilter } public function filter(&$uri, $config, $context) { if (!$this->target || !$this->secretKey) return true; + if ($context->get('EmbeddedURI', true)) return true; // abort for embedded URIs $scheme_obj = $uri->getSchemeObj($config, $context); if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it if (is_null($uri->host) || empty($scheme_obj->browsable)) { diff --git a/tests/HTMLPurifier/URIFilter/SecureMungeTest.php b/tests/HTMLPurifier/URIFilter/SecureMungeTest.php index dd55dd5e..4a71ce04 100644 --- a/tests/HTMLPurifier/URIFilter/SecureMungeTest.php +++ b/tests/HTMLPurifier/URIFilter/SecureMungeTest.php @@ -22,6 +22,12 @@ class HTMLPurifier_URIFilter_SecureMungeTest extends HTMLPurifier_URIFilterHarne $this->assertFiltering('/local'); } + function testPreserveEmbedded() { + $embedded = true; + $this->context->register('EmbeddedURI', $embedded); + $this->assertFiltering('http://google.com'); + } + function testStandardMunge() { $this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892'); } diff --git a/tests/HTMLPurifierTest.php b/tests/HTMLPurifierTest.php index 181acaa7..d6c86584 100644 --- a/tests/HTMLPurifierTest.php +++ b/tests/HTMLPurifierTest.php @@ -189,8 +189,8 @@ alert(""); $this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t'); $this->config->set('URI', 'SecureMungeSecretKey', 'foo'); $this->assertPurification( - 'foo', - 'foo' + 'foolocal', + 'foolocal' ); }