From 3b6aa1059289718af710a86a9cc5acc1897996eb Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Thu, 10 Jul 2008 18:46:46 -0400
Subject: [PATCH] %URI.DisableExternal(Resources) uses %URI.Base if %URI.Host
 is not available.

As part of its duties, URIDefinition determine the base URL and the host URL
of the page based on the two corresponding configuration directives. The
DisableExternal URIFilter, however, bypassed this check by directly checking
%URI.Host. This fix forwards the call through URIDefinition.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
---
 NEWS                                                 | 2 ++
 library/HTMLPurifier/URIFilter/DisableExternal.php   | 2 +-
 tests/HTMLPurifier/URIFilter/DisableExternalTest.php | 7 +++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 4dffe14f..33a0a335 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Throw error when %Core.Encoding is set to a spurious value. Previously,
   this errored silently and returned false.
 - Redirected stderr to stdout for flush error output.
+- %URI.DisableExternal will now use the host in %URI.Base if %URI.Host is not
+  available.
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
   for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
diff --git a/library/HTMLPurifier/URIFilter/DisableExternal.php b/library/HTMLPurifier/URIFilter/DisableExternal.php
index d48bce06..960e2b9b 100644
--- a/library/HTMLPurifier/URIFilter/DisableExternal.php
+++ b/library/HTMLPurifier/URIFilter/DisableExternal.php
@@ -5,7 +5,7 @@ class HTMLPurifier_URIFilter_DisableExternal extends HTMLPurifier_URIFilter
     public $name = 'DisableExternal';
     protected $ourHostParts = false;
     public function prepare($config) {
-        $our_host = $config->get('URI', 'Host');
+        $our_host = $config->getDefinition('URI')->host;
         if ($our_host !== null) $this->ourHostParts = array_reverse(explode('.', $our_host));
     }
     public function filter(&$uri, $config, $context) {
diff --git a/tests/HTMLPurifier/URIFilter/DisableExternalTest.php b/tests/HTMLPurifier/URIFilter/DisableExternalTest.php
index e4559f48..b2319184 100644
--- a/tests/HTMLPurifier/URIFilter/DisableExternalTest.php
+++ b/tests/HTMLPurifier/URIFilter/DisableExternalTest.php
@@ -41,4 +41,11 @@ class HTMLPurifier_URIFilter_DisableExternalTest extends HTMLPurifier_URIFilterH
         );
     }
     
+    function testBaseAsHost() {
+        $this->config->set('URI', 'Base', 'http://www.example.com/foo/bar');
+        $this->assertFiltering(
+            'http://www.example.com/baz'
+        );
+    }
+    
 }