Allow %URI.DefaultScheme to be null.

Fixes #103. Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2024-11-09 15:28:40 +00:00 · 2016-10-27 17:24:34 -07:00 · 2016-10-27 17:24:34 -07:00 · 59463c5c39
commit 59463c5c39
parent d19d648a26
6 changed files with 26 additions and 9 deletions
--- a/4
+++ b/4
@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
    . Internal change
 ==========================

+4.9.0, unknown release date
+! %URI.DefaultScheme can now be set to null, in which case
+  all relative paths are removed.
+
 4.8.0, released 2016-07-16
 # By default, when a link has a target attribute associated
  with it, we now also add rel="noreferrer" in order to
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@ -423,13 +423,13 @@
 </directive>
 <directive id="Cache.SerializerPath">
  <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>183</line>
+   <line>185</line>
  </file>
 </directive>
 <directive id="Cache.SerializerPermissions">
  <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>200</line>
-   <line>216</line>
+   <line>202</line>
+   <line>218</line>
  </file>
 </directive>
 <directive id="Filter.ExtractStyleBlocks.TidyImpl">
--- a/library/HTMLPurifier/ConfigSchema/schema.ser
+++ b/library/HTMLPurifier/ConfigSchema/schema.ser
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
@ -1,5 +1,5 @@
 URI.DefaultScheme
-TYPE: string
+TYPE: string/null
 DEFAULT: 'http'
 --DESCRIPTION--

@ -7,4 +7,9 @@ DEFAULT: 'http'
    Defines through what scheme the output will be served, in order to
    select the proper object validator when no scheme information is present.
 </p>
+
+<p>
+    Starting with HTML Purifier 4.9.0, the default scheme can be null, in
+    which case we reject all URIs which do not have explicit schemes.
+</p>
 --# vim: et sw=4 sts=4
--- a/library/HTMLPurifier/URI.php
+++ b/library/HTMLPurifier/URI.php
@ -85,11 +85,13 @@ class HTMLPurifier_URI
            $def = $config->getDefinition('URI');
            $scheme_obj = $def->getDefaultScheme($config, $context);
            if (!$scheme_obj) {
-                // something funky happened to the default scheme object
-                trigger_error(
-                    'Default scheme object "' . $def->defaultScheme . '" was not readable',
-                    E_USER_WARNING
-                );
+                if ($def->defaultScheme !== null) {
+                    // something funky happened to the default scheme object
+                    trigger_error(
+                        'Default scheme object "' . $def->defaultScheme . '" was not readable',
+                        E_USER_WARNING
+                    );
+                } // suppress error if it's null
                return false;
            }
        }
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@ -81,6 +81,12 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        $this->assertDef('http://example.com/foo/bar');
    }

+    public function testDefaultSchemeNull()
+    {
+        $this->config->set('URI.DefaultScheme', null);
+        $this->assertDef('foo', false);
+    }
+
    public function testAltSchemeNotRemoved()
    {
        $this->assertDef('mailto:this-looks-like-a-path@example.com');