diff --git a/NEWS b/NEWS index 8c07d048..d9d33f08 100644 --- a/NEWS +++ b/NEWS @@ -45,6 +45,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier - Fix bug in ExtractStyleBlocks with comments in style tags - Fix bug in comment parsing for DirectLex - Flush output now displayed when in command line mode for unit tester +- Fix bug with rgb(0, 1, 2) color syntax with spaces inside shorthand syntax . Plugins now get their own changelogs according to project conventions. . Convert tokens to use instanceof, reducing memory footprint and improving comparison speed. diff --git a/library/HTMLPurifier/AttrDef.php b/library/HTMLPurifier/AttrDef.php index f29c933c..1f1ab2f7 100644 --- a/library/HTMLPurifier/AttrDef.php +++ b/library/HTMLPurifier/AttrDef.php @@ -76,5 +76,13 @@ abstract class HTMLPurifier_AttrDef return $this; } + /** + * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work + * properly. THIS IS A HACK! + */ + protected function mungeRgb($string) { + return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); + } + } diff --git a/library/HTMLPurifier/AttrDef/CSS/Background.php b/library/HTMLPurifier/AttrDef/CSS/Background.php index 4d262832..76afa440 100644 --- a/library/HTMLPurifier/AttrDef/CSS/Background.php +++ b/library/HTMLPurifier/AttrDef/CSS/Background.php @@ -28,6 +28,9 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $string = $this->parseCDATA($string); if ($string === '') return false; + // munge rgb() decl if necessary + $string = $this->mungeRgb($string); + // assumes URI doesn't have spaces in it $bits = explode(' ', strtolower($string)); // bits to process diff --git a/library/HTMLPurifier/AttrDef/CSS/Border.php b/library/HTMLPurifier/AttrDef/CSS/Border.php index daacb4ec..ec0249ef 100644 --- a/library/HTMLPurifier/AttrDef/CSS/Border.php +++ b/library/HTMLPurifier/AttrDef/CSS/Border.php @@ -20,7 +20,7 @@ class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef public function validate($string, $config, $context) { $string = $this->parseCDATA($string); - // we specifically will not support rgb() syntax with spaces + $string = $this->mungeRgb($string); $bits = explode(' ', $string); $done = array(); // segments we've finished $ret = ''; // return value diff --git a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php index 60f06405..0d511ce5 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php @@ -11,6 +11,10 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes $valid = '#333 url(chess.png) repeat fixed 50% top'; $this->assertDef($valid); $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid); + $this->assertDef( + 'rgb(34, 56, 33) url(chess.png) repeat fixed top', + 'rgb(34,56,33) url(chess.png) repeat fixed top' + ); } diff --git a/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php b/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php index c760dedc..3f1a68f7 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php @@ -12,6 +12,7 @@ class HTMLPurifier_AttrDef_CSS_BorderTest extends HTMLPurifier_AttrDefHarness $this->assertDef('thick solid'); $this->assertDef('solid red', 'solid #FF0000'); $this->assertDef('1px solid #000'); + $this->assertDef('1px solid rgb(0, 0, 0)', '1px solid rgb(0,0,0)'); }