mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-03 05:11:52 +00:00
Make %URI.Munge respect %URI.Host (don't munge).
%URI.Munge incorrectly munged URIs that pointed to the same host as the current website (it did, however, have the correct behavior for when the munge URL was on the same server). Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
parent
8f573df3dc
commit
4d27906b02
1
NEWS
1
NEWS
@ -50,6 +50,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
changed.
|
||||
- Fix fatal error in HTMLPurifier_Encoder on certain platforms (probably NetBSD 5.0)
|
||||
- Fix bug in Linkify autoformatter involving <a><span>http://foo</span></a>
|
||||
- Make %URI.Munge not apply to links that have the same host as your host.
|
||||
. Created script maintenance/rename-config.php for renaming a configuration
|
||||
directive while maintaining its alias. This script does not change source code.
|
||||
. Implement namespace locking for definition construction, to prevent
|
||||
|
@ -23,6 +23,10 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
|
||||
if (is_null($uri->host) || empty($scheme_obj->browsable)) {
|
||||
return true;
|
||||
}
|
||||
// don't redirect if target host is our host
|
||||
if ($uri->host === $config->getDefinition('URI')->host) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$this->makeReplace($uri, $config, $context);
|
||||
$this->replace = array_map('rawurlencode', $this->replace);
|
||||
|
@ -117,6 +117,12 @@ class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
|
||||
$this->assertFiltering('http://example.com/foobar');
|
||||
}
|
||||
|
||||
function testMungeIgnoresSourceHost() {
|
||||
$this->config->set('URI.Host', 'foo.example.com');
|
||||
$this->setMunge('http://example.com/%s');
|
||||
$this->assertFiltering('http://foo.example.com/bar');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
Loading…
Reference in New Issue
Block a user