Commit a very lenient mailto checker. We'll tighten it later.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2024-09-20 03:05:18 +00:00 · 2006-08-12 19:11:21 +00:00 · 2006-08-12 19:11:21 +00:00 · 4193fd018a
commit 4193fd018a
parent d28bad648a
5 changed files with 53 additions and 9 deletions
--- a/library/HTMLPurifier/AttrDef/URI.php
+++ b/library/HTMLPurifier/AttrDef/URI.php
@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
            // retrieve the specific scheme object from the registry
            $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
            $scheme_obj =& $registry->getScheme($scheme, $config);
-            if (!$scheme_obj) return ''; // invalid scheme, clean it out
+            if (!$scheme_obj) return false; // invalid scheme, clean it out
        } else {
            $scheme_obj =& $registry->getScheme(
                $config->get('URI', 'DefaultScheme'), $config
--- a/library/HTMLPurifier/URIScheme/mailto.php
+++ b/library/HTMLPurifier/URIScheme/mailto.php
@ -0,0 +1,22 @@
+<?php
+
+require_once 'HTMLPurifier/URIScheme.php';
+
+// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
+// email is valid, but be careful!
+
+class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
+    
+    function validateComponents(
+        $userinfo, $host, $port, $path, $query, $config
+    ) {
+        list($userinfo, $host, $port, $path, $query) = 
+            parent::validateComponents(
+                $userinfo, $host, $port, $path, $query, $config );
+        // we need to validate path against RFC 2368's addr-spec
+        return array(null, null, null, $path, $query);
+    }
+    
+}
+
+?>
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@ -145,7 +145,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        
        // test invalid scheme, components shouldn't be passed
        $uri[17] = 'javascript:alert("moo");';
-        $expect_uri[17] = '';
+        $expect_uri[17] = false;
        
        // relative URIs
        
@ -176,7 +176,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
            $this->config  = isset($config[$i])  ? $config[$i]  : null;
            $this->context = isset($context[$i]) ? $context[$i] : null;
            
-            $this->assertDef($value, $expect_uri[$i], "Test $i: %s");
+            $this->assertDef($value, $expect_uri[$i], true, "Test $i: %s");
            
        }
        
@ -216,6 +216,20 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        $this->scheme->tally();
    }
    
+    function testIntegration() {
+        
+        $this->def = new HTMLPurifier_AttrDef_URI();
+        $this->config = $this->context = null;
+        
+        $this->assertDef('http://www.google.com/');
+        $this->assertDef('javascript:bad_stuff();', false);
+        $this->assertDef('ftp://www.example.com/');
+        $this->assertDef('news:rec.alt');
+        $this->assertDef('nntp://news.example.com/324234');
+        $this->assertDef('mailto:bob@example.com');
+        
+    }
+    
 }

 ?>
--- a/tests/HTMLPurifier/AttrDefHarness.php
+++ b/tests/HTMLPurifier/AttrDefHarness.php
@ -8,18 +8,18 @@ class HTMLPurifier_AttrDefHarness extends UnitTestCase
    var $config;
    
    // cannot be used for accumulator
-    function assertDef($string, $expect = true, $message = '%s') {
+    function assertDef($string, $expect = true, $ini = false, $message = '%s') {
        // $expect can be a string or bool
        if (!$this->config) $this->config = HTMLPurifier_Config::createDefault();
        if (!$this->context) $this->context = new HTMLPurifier_AttrContext();
-        $this->setUpAssertDef();
+        if ($ini) $this->setUpAssertDef();
        $result = $this->def->validate($string, $this->config, $this->context);
        if ($expect === true) {
            $this->assertIdentical($string, $result, $message);
        } else {
            $this->assertIdentical($expect, $result, $message);
        }
-        $this->tearDownAssertDef();
+        if ($ini) $this->tearDownAssertDef();
    }
    
    function setUpAssertDef() {}
--- a/tests/HTMLPurifier/URISchemeTest.php
+++ b/tests/HTMLPurifier/URISchemeTest.php
@ -5,10 +5,13 @@ require_once 'HTMLPurifier/URIScheme.php';
 require_once 'HTMLPurifier/URIScheme/http.php';
 require_once 'HTMLPurifier/URIScheme/ftp.php';
 require_once 'HTMLPurifier/URIScheme/https.php';
-//require_once 'HTMLPurifier/URIScheme/mailto.php';
+require_once 'HTMLPurifier/URIScheme/mailto.php';
 require_once 'HTMLPurifier/URIScheme/news.php';
 require_once 'HTMLPurifier/URIScheme/nntp.php';

+// WARNING: All the URI schemes are far to relaxed, we need to tighten
+// the checks.
+
 class HTMLPurifier_URISchemeTest extends UnitTestCase
 {
    
@ -104,8 +107,7 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
        );
    }
    
-    // mailto currently isn't implemented yet
-    function non_test_mailto() {
+    function test_mailto() {
        
        $scheme = new HTMLPurifier_URIScheme_mailto();
        $config = HTMLPurifier_Config::createDefault();
@ -116,6 +118,12 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
          array(null, null, null, 'bob@example.com', null)
        );
        
+        $this->assertIdentical(
+          $scheme->validateComponents(
+                'user', 'example.com', 80, 'bob@example.com', 'subject=Foo!', $config),
+          array(null, null, null, 'bob@example.com', 'subject=Foo!')
+        );
+        
    }
    
 }