[3.1.1] Implement percent encoding for URI query and fragment

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1758 48356398-32a2-884e-a903-53898d9a118a
2024-11-09 15:28:40 +00:00 · 2008-05-21 02:58:41 +00:00 · 2008-05-21 02:58:41 +00:00 · 80f59206d7
commit 80f59206d7
parent af3f5190dc
4 changed files with 20 additions and 1 deletions
--- a/1
+++ b/1
@ -15,6 +15,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - AttrValidator operations are now atomic; updates to attributes are not
  manifest in token until end of operations. This prevents naughty internal
  code from directly modifying CurrentToken when they're not supposed to.
+- Percent encoding checks enabled for URI query and fragment
 . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
  handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
  this class.
--- a/1
+++ b/1
@ -11,7 +11,6 @@ If no interest is expressed for a feature that may require a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!

- Implement validation for query and for fragment
 - Ability to fully turn off imagecrash fixes (attribute and CSS will require
  two separate directives due to our architecture.)
 - Investigate how early internal structures can be accessed; this would
--- a/library/HTMLPurifier/URI.php
+++ b/library/HTMLPurifier/URI.php
@ -128,6 +128,17 @@ class HTMLPurifier_URI
            $this->path = ''; // just to be safe
        }
        
+        // qf = query and fragment
+        $qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
+        
+        if (!is_null($this->query)) {
+            $this->query = $qf_encoder->encode($this->query);
+        }
+        
+        if (!is_null($this->fragment)) {
+            $this->fragment = $qf_encoder->encode($this->fragment);
+        }
+        
        return true;
        
    }
--- a/tests/HTMLPurifier/URITest.php
+++ b/tests/HTMLPurifier/URITest.php
@ -184,6 +184,14 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
        $this->assertValidation("\xE3\x91\x94", '%E3%91%94');
    }
    
+    function test_validate_query() {
+        $this->assertValidation("?/\xE3\x91\x94", '?/%E3%91%94');
+    }
+    
+    function test_validate_fragment() {
+        $this->assertValidation("#/\xE3\x91\x94", '#/%E3%91%94');
+    }
+    
    function test_validate_path_empty() {
        $this->assertValidation('http://google.com');
    }