URI.Munge munges https to http URIs.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2024-09-18 18:25:18 +00:00 · 2011-04-10 13:09:24 +01:00 · 2011-04-10 13:09:24 +01:00 · bcfbb8338c
commit bcfbb8338c
parent f51a6f7de9
5 changed files with 35 additions and 2 deletions
--- a/2
+++ b/2
@ -10,6 +10,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================

 4.3.1, unknown release date
+# URI.Munge now munges URIs inside the same host that go from https
+  to http.  Reported by Neike Taika-Tessaro.
 - Color keywords are now case insensitive.  Thanks Yzmir Ramirez
  <yramirez-htmlpurifier@adicio.com> for reporting.

--- a/library/HTMLPurifier/URIFilter/Munge.php
+++ b/library/HTMLPurifier/URIFilter/Munge.php
@ -23,9 +23,16 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
        if (is_null($uri->host) || empty($scheme_obj->browsable)) {
            return true;
        }
+        $uri_definition = $config->getDefinition('URI');
        // don't redirect if target host is our host
-        if ($uri->host === $config->getDefinition('URI')->host) {
-            return true;
+        if ($uri->host === $uri_definition->host) {
+            // but do redirect if we're currently on a secure scheme,
+            // and the target scheme is insecure
+            $current_scheme_obj = HTMLPurifier_URISchemeRegistry::instance()->getScheme($uri_definition->defaultScheme, $config, $context);
+            if ($scheme_obj->secure || !$current_scheme_obj->secure) {
+                return true;
+            }
+            // target scheme was not secure, but we were secure
        }

        $this->makeReplace($uri, $config, $context);
--- a/library/HTMLPurifier/URIScheme.php
+++ b/library/HTMLPurifier/URIScheme.php
@ -19,6 +19,12 @@ abstract class HTMLPurifier_URIScheme
     */
    public $browsable = false;

+    /**
+     * Whether or not data transmitted over this scheme is encrypted.
+     * https is secure, http is not.
+     */
+    public $secure = false;
+
    /**
     * Whether or not the URI always uses <hier_part>, resolves edge cases
     * with making relative URIs absolute
--- a/library/HTMLPurifier/URIScheme/https.php
+++ b/library/HTMLPurifier/URIScheme/https.php
@ -6,6 +6,7 @@
 class HTMLPurifier_URIScheme_https extends HTMLPurifier_URIScheme_http {

    public $default_port = 443;
+    public $secure = true;

 }

--- a/tests/HTMLPurifier/URIFilter/MungeTest.php
+++ b/tests/HTMLPurifier/URIFilter/MungeTest.php
@ -117,6 +117,23 @@ class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
        $this->assertFiltering('http://example.com/foobar');
    }

+    function testMungeIgnoreSameDomainInsecureToSecure() {
+        $this->setMunge('http://example.com/%s');
+        $this->assertFiltering('https://example.com/foobar');
+    }
+
+    function testMungeIgnoreSameDomainSecureToSecure() {
+        $this->config->set('URI.Base', 'https://example.com');
+        $this->setMunge('http://example.com/%s');
+        $this->assertFiltering('https://example.com/foobar');
+    }
+
+    function testMungeSameDomainSecureToInsecure() {
+        $this->config->set('URI.Base', 'https://example.com');
+        $this->setMunge('/%s');
+        $this->assertFiltering('http://example.com/foobar', '/http%3A%2F%2Fexample.com%2Ffoobar');
+    }
+
    function testMungeIgnoresSourceHost() {
        $this->config->set('URI.Host', 'foo.example.com');
        $this->setMunge('http://example.com/%s');