Commit a very lenient mailto checker. We'll tighten it later.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a

library/HTMLPurifier/AttrDef/URI.php

@@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
             // retrieve the specific scheme object from the registry
             $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
             $scheme_obj =& $registry->getScheme($scheme, $config);
-            if (!$scheme_obj) return ''; // invalid scheme, clean it out
+            if (!$scheme_obj) return false; // invalid scheme, clean it out
         } else {
             $scheme_obj =& $registry->getScheme(
                 $config->get('URI', 'DefaultScheme'), $config

library/HTMLPurifier/URIScheme/mailto.php

@@ -0,0 +1,22 @@
+<?php
+
+require_once 'HTMLPurifier/URIScheme.php';
+
+// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
+// email is valid, but be careful!
+
+class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
+    
+    function validateComponents(
+        $userinfo, $host, $port, $path, $query, $config
+    ) {
+        list($userinfo, $host, $port, $path, $query) = 
+            parent::validateComponents(
+                $userinfo, $host, $port, $path, $query, $config );
+        // we need to validate path against RFC 2368's addr-spec
+        return array(null, null, null, $path, $query);
+    }
+    
+}
+
+?>

tests/HTMLPurifier/AttrDef/URITest.php

@@ -145,7 +145,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
         
         // test invalid scheme, components shouldn't be passed
         $uri[17] = 'javascript:alert("moo");';
-        $expect_uri[17] = '';
+        $expect_uri[17] = false;
         
         // relative URIs
         
@@ -176,7 +176,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
             $this->config  = isset($config[$i])  ? $config[$i]  : null;
             $this->context = isset($context[$i]) ? $context[$i] : null;
             
-            $this->assertDef($value, $expect_uri[$i], "Test $i: %s");
+            $this->assertDef($value, $expect_uri[$i], true, "Test $i: %s");
             
         }
         
@@ -216,6 +216,20 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
         $this->scheme->tally();
     }
     
+    function testIntegration() {
+        
+        $this->def = new HTMLPurifier_AttrDef_URI();
+        $this->config = $this->context = null;
+        
+        $this->assertDef('http://www.google.com/');
+        $this->assertDef('javascript:bad_stuff();', false);
+        $this->assertDef('ftp://www.example.com/');
+        $this->assertDef('news:rec.alt');
+        $this->assertDef('nntp://news.example.com/324234');
+        $this->assertDef('mailto:bob@example.com');
+        
+    }
+    
 }
 
 ?>

tests/HTMLPurifier/AttrDefHarness.php

@@ -8,18 +8,18 @@ class HTMLPurifier_AttrDefHarness extends UnitTestCase
     var $config;
     
     // cannot be used for accumulator
-    function assertDef($string, $expect = true, $message = '%s') {
+    function assertDef($string, $expect = true, $ini = false, $message = '%s') {
         // $expect can be a string or bool
         if (!$this->config) $this->config = HTMLPurifier_Config::createDefault();
         if (!$this->context) $this->context = new HTMLPurifier_AttrContext();
-        $this->setUpAssertDef();
+        if ($ini) $this->setUpAssertDef();
         $result = $this->def->validate($string, $this->config, $this->context);
         if ($expect === true) {
             $this->assertIdentical($string, $result, $message);
         } else {
             $this->assertIdentical($expect, $result, $message);
         }
-        $this->tearDownAssertDef();
+        if ($ini) $this->tearDownAssertDef();
     }
     
     function setUpAssertDef() {}

tests/HTMLPurifier/URISchemeTest.php

@@ -5,10 +5,13 @@ require_once 'HTMLPurifier/URIScheme.php';
 require_once 'HTMLPurifier/URIScheme/http.php';
 require_once 'HTMLPurifier/URIScheme/ftp.php';
 require_once 'HTMLPurifier/URIScheme/https.php';
-//require_once 'HTMLPurifier/URIScheme/mailto.php';
+require_once 'HTMLPurifier/URIScheme/mailto.php';
 require_once 'HTMLPurifier/URIScheme/news.php';
 require_once 'HTMLPurifier/URIScheme/nntp.php';
 
+// WARNING: All the URI schemes are far to relaxed, we need to tighten
+// the checks.
+
 class HTMLPurifier_URISchemeTest extends UnitTestCase
 {
     
@@ -104,8 +107,7 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
         );
     }
     
-    // mailto currently isn't implemented yet
-    function non_test_mailto() {
+    function test_mailto() {
         
         $scheme = new HTMLPurifier_URIScheme_mailto();
         $config = HTMLPurifier_Config::createDefault();
@@ -116,6 +118,12 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
           array(null, null, null, 'bob@example.com', null)
         );
         
+        $this->assertIdentical(
+          $scheme->validateComponents(
+                'user', 'example.com', 80, 'bob@example.com', 'subject=Foo!', $config),
+          array(null, null, null, 'bob@example.com', 'subject=Foo!')
+        );
+        
     }
     
 }