0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-05 06:01:52 +00:00

Give warnings when attempting to use encoding iconv doesn't support.

Previously, attempting to set %Core.Encoding to an encoding iconv didn't
know about would result in a silent failure, with the return of the
boolean false. Now it will fatally error out.

Reported-by: mcgrailm <mgm19@psu.edu>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang 2008-07-05 03:14:32 -04:00
parent 594268ca3b
commit c845f0bb78
3 changed files with 20 additions and 1 deletions

2
NEWS
View File

@ -24,6 +24,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
the strategy to be used, standalone, on untrusted input. the strategy to be used, standalone, on untrusted input.
- Fix two bugs in %URI.MakeAbsolute; one involving empty paths in base URLs, - Fix two bugs in %URI.MakeAbsolute; one involving empty paths in base URLs,
the other involving an undefined $is_folder error. the other involving an undefined $is_folder error.
- Throw error when %Core.Encoding is set to a spurious value. Previously,
this errored silently and returned false.
. Strategy_MakeWellFormed now operates in-place, saving memory and allowing . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
for more interesting filter-backtracking for more interesting filter-backtracking
. New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind

View File

@ -271,6 +271,12 @@ class HTMLPurifier_Encoder
set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler')); set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
if ($iconv && !$config->get('Test', 'ForceNoIconv')) { if ($iconv && !$config->get('Test', 'ForceNoIconv')) {
$str = iconv($encoding, 'utf-8//IGNORE', $str); $str = iconv($encoding, 'utf-8//IGNORE', $str);
if ($str === false) {
// $encoding is not a valid encoding
restore_error_handler();
trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
return '';
}
// If the string is bjorked by Shift_JIS or a similar encoding // If the string is bjorked by Shift_JIS or a similar encoding
// that doesn't support all of ASCII, convert the naughty // that doesn't support all of ASCII, convert the naughty
// characters to their true byte-wise ASCII/UTF-8 equivalents. // characters to their true byte-wise ASCII/UTF-8 equivalents.
@ -282,7 +288,7 @@ class HTMLPurifier_Encoder
restore_error_handler(); restore_error_handler();
return $str; return $str;
} }
trigger_error('Encoding not supported', E_USER_ERROR); trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
} }
/** /**

View File

@ -38,6 +38,17 @@ class HTMLPurifier_EncoderTest extends HTMLPurifier_Harness
); );
} }
function test_convertToUTF8_spuriousEncoding() {
// We don't support this as UTF-8, because UTF-8 is the default and
// shouldn't be set if not necessary.
$this->config->set('Core', 'Encoding', 'utf8');
$this->expectError('Invalid encoding utf8');
$this->assertIdentical(
HTMLPurifier_Encoder::convertToUTF8("\xF6", $this->config, $this->context),
''
);
}
function test_convertToUTF8_iso8859_1() { function test_convertToUTF8_iso8859_1() {
$this->config->set('Core', 'Encoding', 'ISO-8859-1'); $this->config->set('Core', 'Encoding', 'ISO-8859-1');
$this->assertIdentical( $this->assertIdentical(