mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-08 23:11:52 +00:00
[1.1.2] ftp:// URIs now have their typecodes checked
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@471 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
c7e798080c
commit
7e6a3fc990
3
NEWS
3
NEWS
@ -13,12 +13,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
|
|
||||||
1.1.2, unknown projected release date
|
1.1.2, unknown projected release date
|
||||||
(bugfix release, may be merged with 1.2.0 if new features precede major bugs)
|
(bugfix release, may be merged with 1.2.0 if new features precede major bugs)
|
||||||
! Add HTMLPurifier.auto.php stub file that automatically configures path
|
! Add HTMLPurifier.auto.php stub file that automatically configures pathx
|
||||||
- Documentation updated
|
- Documentation updated
|
||||||
+ INSTALL document rewritten
|
+ INSTALL document rewritten
|
||||||
+ TODO added semi-lossy conversion
|
+ TODO added semi-lossy conversion
|
||||||
+ API Doxygen docs' file exclusions updated
|
+ API Doxygen docs' file exclusions updated
|
||||||
- Fixed lack of attribute parsing in HTMLPurifier_Lexer_PEARSax3
|
- Fixed lack of attribute parsing in HTMLPurifier_Lexer_PEARSax3
|
||||||
|
- ftp:// URIs now have their typecodes checked
|
||||||
. Line endings standardized throughout project (svn:eol-style standardized)
|
. Line endings standardized throughout project (svn:eol-style standardized)
|
||||||
. Refactored parseData() to general Lexer class
|
. Refactored parseData() to general Lexer class
|
||||||
|
|
||||||
|
@ -4,7 +4,6 @@ require_once 'HTMLPurifier/URIScheme.php';
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738.
|
* Validates ftp (File Transfer Protocol) URIs as defined by generic RFC 1738.
|
||||||
* @todo Typecode check on path
|
|
||||||
*/
|
*/
|
||||||
class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
|
class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
|
||||||
|
|
||||||
@ -16,7 +15,27 @@ class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
|
|||||||
list($userinfo, $host, $port, $path, $query) =
|
list($userinfo, $host, $port, $path, $query) =
|
||||||
parent::validateComponents(
|
parent::validateComponents(
|
||||||
$userinfo, $host, $port, $path, $query, $config );
|
$userinfo, $host, $port, $path, $query, $config );
|
||||||
// typecode check needed on path
|
$semicolon_pos = strrpos($path, ';'); // reverse
|
||||||
|
if ($semicolon_pos !== false) {
|
||||||
|
// typecode check
|
||||||
|
$type = substr($path, $semicolon_pos + 1); // no semicolon
|
||||||
|
$path = substr($path, 0, $semicolon_pos);
|
||||||
|
$type_ret = '';
|
||||||
|
if (strpos($type, '=') !== false) {
|
||||||
|
// figure out whether or not the declaration is correct
|
||||||
|
list($key, $typecode) = explode('=', $type, 2);
|
||||||
|
if ($key !== 'type') {
|
||||||
|
// invalid key, tack it back on encoded
|
||||||
|
$path .= '%3B' . $type;
|
||||||
|
} elseif ($typecode === 'a' || $typecode === 'i' || $typecode === 'd') {
|
||||||
|
$type_ret = ";type=$typecode";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$path .= '%3B' . $type;
|
||||||
|
}
|
||||||
|
$path = str_replace(';', '%3B', $path);
|
||||||
|
$path .= $type_ret;
|
||||||
|
}
|
||||||
return array($userinfo, $host, $port, $path, null);
|
return array($userinfo, $host, $port, $path, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -54,12 +54,34 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
|
|||||||
|
|
||||||
$scheme = new HTMLPurifier_URIScheme_ftp();
|
$scheme = new HTMLPurifier_URIScheme_ftp();
|
||||||
$config = HTMLPurifier_Config::createDefault();
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
|
|
||||||
$this->assertIdentical(
|
$this->assertIdentical(
|
||||||
$scheme->validateComponents(
|
$scheme->validateComponents(
|
||||||
'user', 'www.example.com', 21, '/', 's=foobar', $config),
|
'user', 'www.example.com', 21, '/', 's=foobar', $config),
|
||||||
array('user', 'www.example.com', null, '/', null)
|
array('user', 'www.example.com', null, '/', null)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// valid typecode
|
||||||
|
$this->assertIdentical(
|
||||||
|
$scheme->validateComponents(
|
||||||
|
null, 'www.example.com', null, '/file.txt;type=a', null, $config),
|
||||||
|
array(null, 'www.example.com', null, '/file.txt;type=a', null)
|
||||||
|
);
|
||||||
|
|
||||||
|
// remove invalid typecode
|
||||||
|
$this->assertIdentical(
|
||||||
|
$scheme->validateComponents(
|
||||||
|
null, 'www.example.com', null, '/file.txt;type=z', null, $config),
|
||||||
|
array(null, 'www.example.com', null, '/file.txt', null)
|
||||||
|
);
|
||||||
|
|
||||||
|
// encode errant semicolons
|
||||||
|
$this->assertIdentical(
|
||||||
|
$scheme->validateComponents(
|
||||||
|
null, 'www.example.com', null, '/too;many;semicolons=1', null, $config),
|
||||||
|
array(null, 'www.example.com', null, '/too%3Bmany%3Bsemicolons=1', null)
|
||||||
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_news() {
|
function test_news() {
|
||||||
|
Loading…
Reference in New Issue
Block a user