Fix two bugs in MakeAbsolute filter involving base URIs that have empty path.

The bugs are: * Undefined $is_folder variable when path is empty, and * Improper concatenation of host and path together. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2025-01-03 05:11:52 +00:00 · 2008-07-05 03:12:44 -04:00 · 2008-07-05 03:12:44 -04:00 · 594268ca3b
commit 594268ca3b
parent 965be3bd73
3 changed files with 14 additions and 1 deletions
--- a/2
+++ b/2
@ -22,6 +22,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
  use on hand-written HTML.
 ! Add error-cases for unsupported elements in MakeWellFormed. This enables
  the strategy to be used, standalone, on untrusted input.
+- Fix two bugs in %URI.MakeAbsolute; one involving empty paths in base URLs,
+  the other involving an undefined $is_folder error.
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
  for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
--- a/library/HTMLPurifier/URIFilter/MakeAbsolute.php
+++ b/library/HTMLPurifier/URIFilter/MakeAbsolute.php
@ -55,6 +55,9 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
            // relative path, needs more complicated processing
            $stack = explode('/', $uri->path);
            $new_stack = array_merge($this->basePathStack, $stack);
+            if ($new_stack[0] !== '' && !is_null($this->base->host)) {
+                array_unshift($new_stack, '');
+            }
            $new_stack = $this->_collapseStack($new_stack);
            $uri->path = implode('/', $new_stack);
        }
@ -71,6 +74,7 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
     */
    private function _collapseStack($stack) {
        $result = array();
+        $is_folder = false;
        for ($i = 0; isset($stack[$i]); $i++) {
            $is_folder = false;
            // absorb an internally duplicated slash
--- a/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
+++ b/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
@ -114,6 +114,13 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
        $this->assertFiltering('javascript: window.location = \'http://www.example.com\';', false);
    }
    
+    // miscellaneous
+    
+    function testFilterDomainWithNoSlash() {
+        $this->setBase('http://example.com');
+        $this->assertFiltering('foo', 'http://example.com/foo');
+    }
+    
    // error case
    
    function testErrorNoBase() {