tel protocol support.

2024-09-16 17:35:19 +00:00 · 2016-06-17 18:39:18 -05:00 · 2016-06-17 18:39:18 -05:00 · cc35c8eb8c
commit cc35c8eb8c
parent a11aeab4a6
12 changed files with 111 additions and 5 deletions
--- a/1
+++ b/1
@ -12,6 +12,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 4.8.0, unknown release date
 ! Full PHP 7 compatibility, the test suite is ALL GO.
 ! %CSS.AllowDuplicates permits duplicate CSS properties.
+! Support for 'tel' URIs.
 - alt truncation could result in malformed UTF-8 sequence. Don't
  truncate.  Thanks Brandon Farber for reporting.
 - Linkify regex is smarter, based off of Gruber's regex.
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@ -296,6 +296,11 @@
   <line>49</line>
  </file>
 </directive>
+ <directive id="CSS.AllowDuplicates">
+  <file name="HTMLPurifier/AttrDef/CSS.php">
+   <line>28</line>
+  </file>
+ </directive>
 <directive id="URI.Disable">
  <file name="HTMLPurifier/AttrDef/URI.php">
   <line>47</line>
@ -362,7 +367,7 @@
 </directive>
 <directive id="Core.EnableIDNA">
  <file name="HTMLPurifier/AttrDef/URI/Host.php">
-   <line>96</line>
+   <line>105</line>
  </file>
 </directive>
 <directive id="Attr.DefaultTextDir">
@ -390,7 +395,7 @@
 </directive>
 <directive id="Attr.DefaultInvalidImageAlt">
  <file name="HTMLPurifier/AttrTransform/ImgRequired.php">
-   <line>41</line>
+   <line>40</line>
  </file>
 </directive>
 <directive id="HTML.Attr.Name.UseCDATA">
@ -408,13 +413,13 @@
 </directive>
 <directive id="Cache.SerializerPath">
  <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>171</line>
+   <line>183</line>
  </file>
 </directive>
 <directive id="Cache.SerializerPermissions">
  <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>188</line>
-   <line>206</line>
+   <line>200</line>
+   <line>218</line>
  </file>
 </directive>
 <directive id="Filter.ExtractStyleBlocks.TidyImpl">
--- a/docs/dev-code-quality.txt
+++ b/docs/dev-code-quality.txt
@ -25,5 +25,6 @@ URIScheme - needs to have callable generic checks
    mailto - doesn't validate emails, doesn't validate querystring
    news - doesn't validate opaque path
    nntp - doesn't constrain path
+    tel - doesn't validate phone numbers, only allows characters '+', '1-9', and 'x'

    vim: et sw=4 sts=4
--- a/library/HTMLPurifier.includes.php
+++ b/library/HTMLPurifier.includes.php
@ -225,5 +225,6 @@ require 'HTMLPurifier/URIScheme/https.php';
 require 'HTMLPurifier/URIScheme/mailto.php';
 require 'HTMLPurifier/URIScheme/news.php';
 require 'HTMLPurifier/URIScheme/nntp.php';
+require 'HTMLPurifier/URIScheme/tel.php';
 require 'HTMLPurifier/VarParser/Flexible.php';
 require 'HTMLPurifier/VarParser/Native.php';
--- a/library/HTMLPurifier.safe-includes.php
+++ b/library/HTMLPurifier.safe-includes.php
@ -219,5 +219,6 @@ require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/news.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/tel.php';
 require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php';
 require_once $__dir . '/HTMLPurifier/VarParser/Native.php';
--- a/library/HTMLPurifier/ConfigSchema/schema.ser
+++ b/library/HTMLPurifier/ConfigSchema/schema.ser
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@ -8,6 +8,7 @@ array (
  'ftp' => true,
  'nntp' => true,
  'news' => true,
+  'tel' => true,
 )
 --DESCRIPTION--
 Whitelist that defines the schemes that a URI is allowed to have.  This
--- a/library/HTMLPurifier/URIScheme/tel.php
+++ b/library/HTMLPurifier/URIScheme/tel.php
@ -0,0 +1,46 @@
+<?php
+
+/**
+ * Validates tel (for phone numbers).
+ *
+ * The relevant specifications for this protocol are RFC 3966 and RFC 5341,
+ * but this class takes a much simpler approach: we normalize phone
+ * numbers so that they only include (possibly) a leading plus,
+ * and then any number of digits and x'es.
+ */
+
+class HTMLPurifier_URIScheme_tel extends HTMLPurifier_URIScheme
+{
+    /**
+     * @type bool
+     */
+    public $browsable = false;
+
+    /**
+     * @type bool
+     */
+    public $may_omit_host = true;
+
+    /**
+     * @param HTMLPurifier_URI $uri
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool
+     */
+    public function doValidate(&$uri, $config, $context)
+    {
+        $uri->userinfo = null;
+        $uri->host     = null;
+        $uri->port     = null;
+
+        // Delete all non-numeric characters, non-x characters
+        // from phone number, EXCEPT for a leading plus sign.
+        $uri->path = preg_replace('/(?!^\+)[^\dx]/', '',
+                     // Normalize e(x)tension to lower-case
+                     str_replace('X', 'x', $uri->path));
+
+        return true;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@ -22,6 +22,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        $this->assertDef('news:rec.alt');
        $this->assertDef('nntp://news.example.com/324234');
        $this->assertDef('mailto:bob@example.com');
+        $this->assertDef('tel:+15555555555');
    }

    public function testIntegrationWithPercentEncoder()
--- a/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
+++ b/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
@ -37,6 +37,11 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
        $this->assertFiltering('mailto:bob@example.com');
    }

+    public function testPreserveAltSchemeWithTel()
+    {
+        $this->assertFiltering('tel:+15555555555');
+    }
+
    public function testFilterIgnoreHTTPSpecialCase()
    {
        $this->assertFiltering('http:/', 'http://example.com/');
--- a/tests/HTMLPurifier/URIParserTest.php
+++ b/tests/HTMLPurifier/URIParserTest.php
@ -69,6 +69,14 @@ class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
        );
    }

+    public function testTelURI()
+    {
+        $this->assertParsing(
+            'tel:+1 (555) 555-5555',
+            'tel', null, null, null, '+1 (555) 555-5555', null, null
+        );
+    }
+
    public function testIPv4Address()
    {
        $this->assertParsing(
--- a/tests/HTMLPurifier/URISchemeTest.php
+++ b/tests/HTMLPurifier/URISchemeTest.php
@ -172,6 +172,42 @@ class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
        );
    }

+    public function test_tel_strip_punctuation()
+    {
+        $this->assertValidation(
+            'tel:+1 (555) 555-5555', 'tel:+15555555555'
+        );
+    }
+
+    public function test_tel_regular()
+    {
+        $this->assertValidation(
+            'tel:+15555555555'
+        );
+    }
+
+    public function test_tel_with_extension()
+    {
+        $this->assertValidation(
+            'tel:+1-555-555-5555x123', 'tel:+15555555555x123'
+        );
+    }
+
+    public function test_tel_no_plus()
+    {
+        $this->assertValidation(
+            'tel:555-555-5555', 'tel:5555555555'
+        );
+    }
+
+    public function test_tel_strip_letters()
+    {
+        $this->assertValidation(
+            'tel:abcd1234',
+            'tel:1234'
+        );
+    }
+
    public function test_data_png()
    {
        $this->assertValidation(