Fix bug where absolute paths with dots/double-dots were not collapsed.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>

NEWS

@@ -43,6 +43,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment
 - Fix bug with inline elements in blockquotes conflicting with strict doctype
 - Detect if HTML support is disabled for DOM by checking for loadHTML() method.
+- Fix bug where dots and double-dots in absolute URLs without hostname were
+  not collapsed by URIFilter_MakeAbsolute.
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
   for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind

configdoc/usage.xml

@@ -69,18 +69,18 @@
  <directive id="Core.Encoding">
   <file name="HTMLPurifier/Encoder.php">
    <line>267</line>
-   <line>294</line>
+   <line>300</line>
   </file>
  </directive>
  <directive id="Test.ForceNoIconv">
   <file name="HTMLPurifier/Encoder.php">
    <line>272</line>
-   <line>302</line>
+   <line>308</line>
   </file>
  </directive>
  <directive id="Core.EscapeNonASCIICharacters">
   <file name="HTMLPurifier/Encoder.php">
-   <line>298</line>
+   <line>304</line>
   </file>
  </directive>
  <directive id="Core.MaintainLineNumbers">
@@ -154,7 +154,7 @@
    <line>199</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
-   <line>238</line>
+   <line>233</line>
   </file>
   <file name="HTMLPurifier/HTMLModule/Image.php">
    <line>27</line>
@@ -208,16 +208,13 @@
  </directive>
  <directive id="Core.ConvertDocumentToFragment">
   <file name="HTMLPurifier/Lexer.php">
-   <line>230</line>
+   <line>242</line>
   </file>
  </directive>
  <directive id="URI.Host">
   <file name="HTMLPurifier/URIDefinition.php">
    <line>64</line>
   </file>
-  <file name="HTMLPurifier/URIFilter/DisableExternal.php">
-   <line>8</line>
-  </file>
  </directive>
  <directive id="URI.Base">
   <file name="HTMLPurifier/URIDefinition.php">

library/HTMLPurifier/URIFilter/MakeAbsolute.php

@@ -60,6 +60,9 @@ class HTMLPurifier_URIFilter_MakeAbsolute extends HTMLPurifier_URIFilter
             }
             $new_stack = $this->_collapseStack($new_stack);
             $uri->path = implode('/', $new_stack);
+        } else {
+            // absolute path, but still we should collapse
+            $uri->path = implode('/', $this->_collapseStack(explode('/', $uri->path)));
         }
         // re-combine
         $uri->scheme = $this->base->scheme;

tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php

@@ -59,6 +59,14 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
         $this->assertFiltering('././foo/./bar/.././baz', 'http://example.com/foo/foo/baz');
     }
     
+    function testFilterAbsolutePathWithDot() {
+        $this->assertFiltering('/./foo', 'http://example.com/foo');
+    }
+    
+    function testFilterAbsolutePathWithMultiDot() {
+        $this->assertFiltering('/./foo/../bar/.', 'http://example.com/bar/');
+    }
+    
     function testFilterRelativePathWithInternalDotDot() {
         $this->assertFiltering('../baz.txt', 'http://example.com/baz.txt');
     }