Fix bug with anonymous module and the SafeObject/SafeEmbed modules.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2024-09-18 18:25:18 +00:00 · 2008-08-31 19:06:25 -04:00 · 2008-08-31 19:06:25 -04:00 · 9977350143
commit 9977350143
parent d9e60350d3
2 changed files with 5 additions and 3 deletions
--- a/2
+++ b/2
@ -46,6 +46,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Detect if HTML support is disabled for DOM by checking for loadHTML() method.
 - Fix bug where dots and double-dots in absolute URLs without hostname were
  not collapsed by URIFilter_MakeAbsolute.
+- Fix bug with anonymous modules operating on SafeEmbed or SafeObject elements
+  by reordering their addition.
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
  for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
--- a/library/HTMLPurifier/HTMLModuleManager.php
+++ b/library/HTMLPurifier/HTMLModuleManager.php
@ -216,9 +216,6 @@ class HTMLPurifier_HTMLModuleManager
            }
        }
        
-        // merge in custom modules
-        $modules = array_merge($modules, $this->userModules);
-        
        // add proprietary module (this gets special treatment because
        // it is completely removed from doctypes, etc.)
        if ($config->get('HTML', 'Proprietary')) {
@ -233,6 +230,9 @@ class HTMLPurifier_HTMLModuleManager
            $modules[] = 'SafeEmbed';
        }
        
+        // merge in custom modules
+        $modules = array_merge($modules, $this->userModules);
+        
        foreach ($modules as $module) {
            $this->processModule($module);
            $this->modules[$module]->setup($config);