From cc35c8eb8cdad097d14ae1f66b6951cb5b675cd4 Mon Sep 17 00:00:00 2001
From: Wes Cossick <WesCossick@users.noreply.github.com>
Date: Fri, 17 Jun 2016 18:39:18 -0500
Subject: [PATCH] tel protocol support.

---
 NEWS                                          |   1 +
 configdoc/usage.xml                           |  15 ++++--
 docs/dev-code-quality.txt                     |   1 +
 library/HTMLPurifier.includes.php             |   1 +
 library/HTMLPurifier.safe-includes.php        |   1 +
 library/HTMLPurifier/ConfigSchema/schema.ser  | Bin 15398 -> 15426 bytes
 .../schema/URI.AllowedSchemes.txt             |   1 +
 library/HTMLPurifier/URIScheme/tel.php        |  46 ++++++++++++++++++
 tests/HTMLPurifier/AttrDef/URITest.php        |   1 +
 .../URIFilter/MakeAbsoluteTest.php            |   5 ++
 tests/HTMLPurifier/URIParserTest.php          |   8 +++
 tests/HTMLPurifier/URISchemeTest.php          |  36 ++++++++++++++
 12 files changed, 111 insertions(+), 5 deletions(-)
 create mode 100644 library/HTMLPurifier/URIScheme/tel.php

diff --git a/NEWS b/NEWS
index dc059946..a098fb46 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 4.8.0, unknown release date
 ! Full PHP 7 compatibility, the test suite is ALL GO.
 ! %CSS.AllowDuplicates permits duplicate CSS properties.
+! Support for 'tel' URIs.
 - alt truncation could result in malformed UTF-8 sequence. Don't
   truncate.  Thanks Brandon Farber for reporting.
 - Linkify regex is smarter, based off of Gruber's regex.
diff --git a/configdoc/usage.xml b/configdoc/usage.xml
index 97bc34cb..afdea088 100644
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@@ -296,6 +296,11 @@
    <line>49</line>
   </file>
  </directive>
+ <directive id="CSS.AllowDuplicates">
+  <file name="HTMLPurifier/AttrDef/CSS.php">
+   <line>28</line>
+  </file>
+ </directive>
  <directive id="URI.Disable">
   <file name="HTMLPurifier/AttrDef/URI.php">
    <line>47</line>
@@ -362,7 +367,7 @@
  </directive>
  <directive id="Core.EnableIDNA">
   <file name="HTMLPurifier/AttrDef/URI/Host.php">
-   <line>96</line>
+   <line>105</line>
   </file>
  </directive>
  <directive id="Attr.DefaultTextDir">
@@ -390,7 +395,7 @@
  </directive>
  <directive id="Attr.DefaultInvalidImageAlt">
   <file name="HTMLPurifier/AttrTransform/ImgRequired.php">
-   <line>41</line>
+   <line>40</line>
   </file>
  </directive>
  <directive id="HTML.Attr.Name.UseCDATA">
@@ -408,13 +413,13 @@
  </directive>
  <directive id="Cache.SerializerPath">
   <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>171</line>
+   <line>183</line>
   </file>
  </directive>
  <directive id="Cache.SerializerPermissions">
   <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>188</line>
-   <line>206</line>
+   <line>200</line>
+   <line>218</line>
   </file>
  </directive>
  <directive id="Filter.ExtractStyleBlocks.TidyImpl">
diff --git a/docs/dev-code-quality.txt b/docs/dev-code-quality.txt
index bceedebc..6c4deb17 100644
--- a/docs/dev-code-quality.txt
+++ b/docs/dev-code-quality.txt
@@ -25,5 +25,6 @@ URIScheme - needs to have callable generic checks
     mailto - doesn't validate emails, doesn't validate querystring
     news - doesn't validate opaque path
     nntp - doesn't constrain path
+    tel - doesn't validate phone numbers, only allows characters '+', '1-9', and 'x'
 
     vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier.includes.php b/library/HTMLPurifier.includes.php
index fdb58c2d..bc28112c 100644
--- a/library/HTMLPurifier.includes.php
+++ b/library/HTMLPurifier.includes.php
@@ -225,5 +225,6 @@ require 'HTMLPurifier/URIScheme/https.php';
 require 'HTMLPurifier/URIScheme/mailto.php';
 require 'HTMLPurifier/URIScheme/news.php';
 require 'HTMLPurifier/URIScheme/nntp.php';
+require 'HTMLPurifier/URIScheme/tel.php';
 require 'HTMLPurifier/VarParser/Flexible.php';
 require 'HTMLPurifier/VarParser/Native.php';
diff --git a/library/HTMLPurifier.safe-includes.php b/library/HTMLPurifier.safe-includes.php
index 9dea6d1e..c58a9403 100644
--- a/library/HTMLPurifier.safe-includes.php
+++ b/library/HTMLPurifier.safe-includes.php
@@ -219,5 +219,6 @@ require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/news.php';
 require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/tel.php';
 require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php';
 require_once $__dir . '/HTMLPurifier/VarParser/Native.php';
diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser
index 30785dcf52c6e4c95a489d008d6213b8653e5fcb..98fd412a7b3327363bed37a007e4ab767a8523ca 100644
GIT binary patch
delta 47
pcmZ2haj0U$Gyz8Q$<qbmIEt-|t&~bqb2h&hC>KH(+pnB10RW`65U>CM

delta 34
jcmX?9v8-alGyz7l$<qbmHZuzr3c;DD7&ot0oh}9d<+u!4

diff --git a/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt b/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
index 666635a5..eb97307e 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@@ -8,6 +8,7 @@ array (
   'ftp' => true,
   'nntp' => true,
   'news' => true,
+  'tel' => true,
 )
 --DESCRIPTION--
 Whitelist that defines the schemes that a URI is allowed to have.  This
diff --git a/library/HTMLPurifier/URIScheme/tel.php b/library/HTMLPurifier/URIScheme/tel.php
new file mode 100644
index 00000000..8cd19335
--- /dev/null
+++ b/library/HTMLPurifier/URIScheme/tel.php
@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * Validates tel (for phone numbers).
+ *
+ * The relevant specifications for this protocol are RFC 3966 and RFC 5341,
+ * but this class takes a much simpler approach: we normalize phone
+ * numbers so that they only include (possibly) a leading plus,
+ * and then any number of digits and x'es.
+ */
+
+class HTMLPurifier_URIScheme_tel extends HTMLPurifier_URIScheme
+{
+    /**
+     * @type bool
+     */
+    public $browsable = false;
+
+    /**
+     * @type bool
+     */
+    public $may_omit_host = true;
+
+    /**
+     * @param HTMLPurifier_URI $uri
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool
+     */
+    public function doValidate(&$uri, $config, $context)
+    {
+        $uri->userinfo = null;
+        $uri->host     = null;
+        $uri->port     = null;
+
+        // Delete all non-numeric characters, non-x characters
+        // from phone number, EXCEPT for a leading plus sign.
+        $uri->path = preg_replace('/(?!^\+)[^\dx]/', '',
+                     // Normalize e(x)tension to lower-case
+                     str_replace('X', 'x', $uri->path));
+
+        return true;
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/tests/HTMLPurifier/AttrDef/URITest.php b/tests/HTMLPurifier/AttrDef/URITest.php
index 01274ca2..d2c5d7ab 100644
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@@ -22,6 +22,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('news:rec.alt');
         $this->assertDef('nntp://news.example.com/324234');
         $this->assertDef('mailto:bob@example.com');
+        $this->assertDef('tel:+15555555555');
     }
 
     public function testIntegrationWithPercentEncoder()
diff --git a/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php b/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
index f357ce05..19b65b3b 100644
--- a/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
+++ b/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
@@ -37,6 +37,11 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
         $this->assertFiltering('mailto:bob@example.com');
     }
 
+    public function testPreserveAltSchemeWithTel()
+    {
+        $this->assertFiltering('tel:+15555555555');
+    }
+
     public function testFilterIgnoreHTTPSpecialCase()
     {
         $this->assertFiltering('http:/', 'http://example.com/');
diff --git a/tests/HTMLPurifier/URIParserTest.php b/tests/HTMLPurifier/URIParserTest.php
index a188862c..4bc21b76 100644
--- a/tests/HTMLPurifier/URIParserTest.php
+++ b/tests/HTMLPurifier/URIParserTest.php
@@ -69,6 +69,14 @@ class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
         );
     }
 
+    public function testTelURI()
+    {
+        $this->assertParsing(
+            'tel:+1 (555) 555-5555',
+            'tel', null, null, null, '+1 (555) 555-5555', null, null
+        );
+    }
+
     public function testIPv4Address()
     {
         $this->assertParsing(
diff --git a/tests/HTMLPurifier/URISchemeTest.php b/tests/HTMLPurifier/URISchemeTest.php
index 99a46548..867e845e 100644
--- a/tests/HTMLPurifier/URISchemeTest.php
+++ b/tests/HTMLPurifier/URISchemeTest.php
@@ -172,6 +172,42 @@ class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
         );
     }
 
+    public function test_tel_strip_punctuation()
+    {
+        $this->assertValidation(
+            'tel:+1 (555) 555-5555', 'tel:+15555555555'
+        );
+    }
+
+    public function test_tel_regular()
+    {
+        $this->assertValidation(
+            'tel:+15555555555'
+        );
+    }
+
+    public function test_tel_with_extension()
+    {
+        $this->assertValidation(
+            'tel:+1-555-555-5555x123', 'tel:+15555555555x123'
+        );
+    }
+
+    public function test_tel_no_plus()
+    {
+        $this->assertValidation(
+            'tel:555-555-5555', 'tel:5555555555'
+        );
+    }
+
+    public function test_tel_strip_letters()
+    {
+        $this->assertValidation(
+            'tel:abcd1234',
+            'tel:1234'
+        );
+    }
+
     public function test_data_png()
     {
         $this->assertValidation(