add check for subdomains

2025-02-03 10:30:01 +00:00 · 2014-04-16 16:45:31 +04:00 · 2014-04-16 16:45:31 +04:00 · c831247f00
commit c831247f00
parent dd9585f314
1 changed files with 20 additions and 0 deletions
--- a/library/HTMLPurifier/URIFilter/Munge.php
+++ b/library/HTMLPurifier/URIFilter/Munge.php
@ -75,6 +75,9 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
        if ($uri->isBenign($config, $context)) {
            return true;
        } // don't redirect if a benign URL
+        if ($this->isLocalSubdomain($uri, $config)) {
+            return true;
+        }

        $this->makeReplace($uri, $config, $context);
        $this->replace = array_map('rawurlencode', $this->replace);
@ -111,6 +114,23 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
        }
        $this->replace['%b'] = base64_encode($string);
    }
+
+    /**
+     * Is local subdomain
+     *
+     * @param HTMLPurifier_URI $uri
+     * @param HTMLPurifier_Config $config
+     * @access protected
+     * @return void
+     */
+
+    protected function isLocalSubdomain($uri, $config)
+    {
+        return preg_match(
+            '#^[a-z0-9]+\.' . preg_quote($config->getURIDefinition()->host, '#') . '$#',
+            $uri->host
+        );
+    }
 }

 // vim: et sw=4 sts=4