Make extractBody not terminate prematurely on first </body>.

Previously, if two </body> tags were present, HTML Purifier
would truncate everything after the first </body>.  This is
not ideal behavior; so HTML Purifier has been changed to
match up to the last </body>.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

NEWS

@@ -51,6 +51,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Fix fatal error in HTMLPurifier_Encoder on certain platforms (probably NetBSD 5.0)
 - Fix bug in Linkify autoformatter involving <a><span>http://foo</span></a>
 - Make %URI.Munge not apply to links that have the same host as your host.
+- Prevent stray </body> tag from truncating output, if a second </body>
+  is present.
 . Created script maintenance/rename-config.php for renaming a configuration
   directive while maintaining its alias.  This script does not change source code.
 . Implement namespace locking for definition construction, to prevent

library/HTMLPurifier/Lexer.php

@@ -285,7 +285,7 @@ class HTMLPurifier_Lexer
      */
     public function extractBody($html) {
         $matches = array();
-        $result = preg_match('!<body[^>]*>(.+?)</body>!is', $html, $matches);
+        $result = preg_match('!<body[^>]*>(.*)</body>!is', $html, $matches);
         if ($result) {
             return $matches[1];
         } else {

tests/HTMLPurifier/LexerTest.php

@@ -151,6 +151,10 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
         $this->assertExtractBody('<body>asdf'); // not closed, don't accept
     }
 
+    function test_extractBody_useLastBody() {
+        $this->assertExtractBody('<body>foo</body>bar</body>', 'foo</body>bar');
+    }
+
     // HTMLPurifier_Lexer->tokenizeHTML() --------------------------------------
 
     function assertTokenization($input, $expect, $alt_expect = array()) {