Make %URI.Munge respect %URI.Host (don't munge).

%URI.Munge incorrectly munged URIs that pointed to the
same host as the current website (it did, however, have
the correct behavior for when the munge URL was on the
same server).

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

NEWS

@@ -50,6 +50,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
   changed.
 - Fix fatal error in HTMLPurifier_Encoder on certain platforms (probably NetBSD 5.0)
 - Fix bug in Linkify autoformatter involving <a><span>http://foo</span></a>
+- Make %URI.Munge not apply to links that have the same host as your host.
 . Created script maintenance/rename-config.php for renaming a configuration
   directive while maintaining its alias.  This script does not change source code.
 . Implement namespace locking for definition construction, to prevent

library/HTMLPurifier/URIFilter/Munge.php

@@ -23,6 +23,10 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
         if (is_null($uri->host) || empty($scheme_obj->browsable)) {
             return true;
         }
+        // don't redirect if target host is our host
+        if ($uri->host === $config->getDefinition('URI')->host) {
+            return true;
+        }
 
         $this->makeReplace($uri, $config, $context);
         $this->replace = array_map('rawurlencode', $this->replace);

tests/HTMLPurifier/URIFilter/MungeTest.php

@@ -117,6 +117,12 @@ class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
         $this->assertFiltering('http://example.com/foobar');
     }
 
+    function testMungeIgnoresSourceHost() {
+        $this->config->set('URI.Host', 'foo.example.com');
+        $this->setMunge('http://example.com/%s');
+        $this->assertFiltering('http://foo.example.com/bar');
+    }
+
 }
 
 // vim: et sw=4 sts=4