0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

[1.1.0] Enforce alphanumeric namespace and directive names for configuration.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@389 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-09-06 02:07:46 +00:00
parent a5b4ed2126
commit 65a628bcb7
3 changed files with 29 additions and 0 deletions

1
NEWS
View File

@ -4,6 +4,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
1.1.0, unknown release date 1.1.0, unknown release date
- Made URI validator more forgiving: will ignore leading and trailing - Made URI validator more forgiving: will ignore leading and trailing
quotes, apostrophes and less than or greater than signs. quotes, apostrophes and less than or greater than signs.
- Enforce alphanumeric namespace and directive names for configuration.
1.0.1, unknown release date 1.0.1, unknown release date
- Fixed slight bug in DOMLex attribute parsing - Fixed slight bug in DOMLex attribute parsing

View File

@ -86,6 +86,11 @@ class HTMLPurifier_ConfigDef {
E_USER_ERROR); E_USER_ERROR);
return; return;
} }
if (!ctype_alnum($name)) {
trigger_error('Directive name must be alphanumeric',
E_USER_ERROR);
return;
}
if (isset($def->info[$namespace][$name])) { if (isset($def->info[$namespace][$name])) {
if ( if (
$def->info[$namespace][$name]->type !== $type || $def->info[$namespace][$name]->type !== $type ||
@ -127,6 +132,11 @@ class HTMLPurifier_ConfigDef {
trigger_error('Cannot redefine namespace', E_USER_ERROR); trigger_error('Cannot redefine namespace', E_USER_ERROR);
return; return;
} }
if (!ctype_alnum($namespace)) {
trigger_error('Namespace name must be alphanumeric',
E_USER_ERROR);
return;
}
$def->info[$namespace] = array(); $def->info[$namespace] = array();
$def->info_namespace[$namespace] = new HTMLPurifier_ConfigEntity_Namespace(); $def->info_namespace[$namespace] = new HTMLPurifier_ConfigEntity_Namespace();
$backtrace = debug_backtrace(); $backtrace = debug_backtrace();

View File

@ -231,6 +231,24 @@ class HTMLPurifier_ConfigDefTest extends UnitTestCase
$this->swallowErrors(); $this->swallowErrors();
// define a directive with bad characters
HTMLPurifier_ConfigDef::define(
'Core', 'Core.Attr', 10, 'int',
'No periods! >:-('
);
$this->assertError('Directive name must be alphanumeric');
$this->assertNoErrors();
$this->swallowErrors();
// define a namespace with bad characters
HTMLPurifier_ConfigDef::defineNamespace(
'Foobar&Gromit', $description
);
$this->assertError('Namespace name must be alphanumeric');
$this->assertNoErrors();
$this->swallowErrors();
} }