mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-03 13:21:51 +00:00
[3.1.1] Round up imagecrash support with HTML.MaxImgLength
- Add $max to AttrDef/HTML/Pixels.php - Add %HTML.MaxImgLength - CSS width/height allows percents when MaxImgLength is disabled git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1762 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
fcebb7731d
commit
eb9f9bc7f6
4
NEWS
4
NEWS
@ -10,7 +10,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
==========================
|
==========================
|
||||||
|
|
||||||
3.1.1, unknown release date
|
3.1.1, unknown release date
|
||||||
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength.
|
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
|
||||||
|
and height/width HTML with %HTML.MaxImgLength.
|
||||||
- Disable percent height/width attributes for img
|
- Disable percent height/width attributes for img
|
||||||
- AttrValidator operations are now atomic; updates to attributes are not
|
- AttrValidator operations are now atomic; updates to attributes are not
|
||||||
manifest in token until end of operations. This prevents naughty internal
|
manifest in token until end of operations. This prevents naughty internal
|
||||||
@ -29,6 +30,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
use this rather than __construct(), although legacy code using constructors
|
use this rather than __construct(), although legacy code using constructors
|
||||||
will still work--the new format, however, lets modules access the
|
will still work--the new format, however, lets modules access the
|
||||||
configuration object for HTML namespace dependant tweaks.
|
configuration object for HTML namespace dependant tweaks.
|
||||||
|
. AttrDef_HTML_Pixels now takes a single construction parameter, pixels.
|
||||||
|
|
||||||
3.1.0, released 2008-05-18
|
3.1.0, released 2008-05-18
|
||||||
# Unnecessary references to objects (vestiges of PHP4) removed from method
|
# Unnecessary references to objects (vestiges of PHP4) removed from method
|
||||||
|
@ -23,22 +23,22 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.Proprietary">
|
<directive id="CSS.Proprietary">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>209</line>
|
<line>214</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.AllowTricky">
|
<directive id="CSS.AllowTricky">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>213</line>
|
<line>218</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.AllowImportant">
|
<directive id="CSS.AllowImportant">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>217</line>
|
<line>222</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.AllowedProperties">
|
<directive id="CSS.AllowedProperties">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>269</line>
|
<line>274</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Cache.DefinitionImpl">
|
<directive id="Cache.DefinitionImpl">
|
||||||
@ -151,6 +151,9 @@
|
|||||||
<file name="HTMLPurifier/Lexer.php">
|
<file name="HTMLPurifier/Lexer.php">
|
||||||
<line>238</line>
|
<line>238</line>
|
||||||
</file>
|
</file>
|
||||||
|
<file name="HTMLPurifier/HTMLModule/Image.php">
|
||||||
|
<line>27</line>
|
||||||
|
</file>
|
||||||
<file name="HTMLPurifier/Lexer/DirectLex.php">
|
<file name="HTMLPurifier/Lexer/DirectLex.php">
|
||||||
<line>34</line>
|
<line>34</line>
|
||||||
</file>
|
</file>
|
||||||
@ -310,6 +313,11 @@
|
|||||||
<line>123</line>
|
<line>123</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
|
<directive id="HTML.MaxImgLength">
|
||||||
|
<file name="HTMLPurifier/HTMLModule/Image.php">
|
||||||
|
<line>14</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
<directive id="HTML.TidyLevel">
|
<directive id="HTML.TidyLevel">
|
||||||
<file name="HTMLPurifier/HTMLModule/Tidy.php">
|
<file name="HTMLPurifier/HTMLModule/Tidy.php">
|
||||||
<line>45</line>
|
<line>45</line>
|
||||||
|
@ -6,6 +6,12 @@
|
|||||||
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
||||||
{
|
{
|
||||||
|
|
||||||
|
protected $max;
|
||||||
|
|
||||||
|
public function __construct($max = null) {
|
||||||
|
$this->max = $max;
|
||||||
|
}
|
||||||
|
|
||||||
public function validate($string, $config, $context) {
|
public function validate($string, $config, $context) {
|
||||||
|
|
||||||
$string = trim($string);
|
$string = trim($string);
|
||||||
@ -24,11 +30,18 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
|||||||
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
|
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
|
||||||
// WARNING, above link WILL crash you if you're using Windows
|
// WARNING, above link WILL crash you if you're using Windows
|
||||||
|
|
||||||
if ($int > 1200) return '1200';
|
if ($this->max !== null && $int > $this->max) return (string) $this->max;
|
||||||
|
|
||||||
return (string) $int;
|
return (string) $int;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function make($string) {
|
||||||
|
if ($string === '') $max = null;
|
||||||
|
else $max = (int) $string;
|
||||||
|
$class = get_class($this);
|
||||||
|
return new $class($max);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -149,21 +149,26 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||||||
new HTMLPurifier_AttrDef_CSS_Percentage()
|
new HTMLPurifier_AttrDef_CSS_Percentage()
|
||||||
));
|
));
|
||||||
|
|
||||||
|
$trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||||
|
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||||
|
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
||||||
|
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
||||||
|
));
|
||||||
|
$max = $config->get('CSS', 'MaxImgLength');
|
||||||
|
|
||||||
$this->info['width'] =
|
$this->info['width'] =
|
||||||
$this->info['height'] =
|
$this->info['height'] =
|
||||||
new HTMLPurifier_AttrDef_Switch('img',
|
$max === null ?
|
||||||
// For img tags:
|
$trusted_wh :
|
||||||
new HTMLPurifier_AttrDef_CSS_Composite(array(
|
new HTMLPurifier_AttrDef_Switch('img',
|
||||||
new HTMLPurifier_AttrDef_CSS_Length('0', $config->get('CSS', 'MaxImgLength')),
|
// For img tags:
|
||||||
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||||
)),
|
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
|
||||||
// For everyone else:
|
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
||||||
new HTMLPurifier_AttrDef_CSS_Composite(array(
|
)),
|
||||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
// For everyone else:
|
||||||
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
$trusted_wh
|
||||||
new HTMLPurifier_AttrDef_Enum(array('auto'))
|
);
|
||||||
))
|
|
||||||
);
|
|
||||||
|
|
||||||
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
|
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
@ -8,4 +8,8 @@ VERSION: 3.1.1
|
|||||||
effectively the <code>width</code> and <code>height</code> properties.
|
effectively the <code>width</code> and <code>height</code> properties.
|
||||||
Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
|
Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
|
||||||
in place to prevent imagecrash attacks, disable with null at your own risk.
|
in place to prevent imagecrash attacks, disable with null at your own risk.
|
||||||
|
This directive is similar to %HTML.MaxImgLength, and both should be
|
||||||
|
concurrently edited, although there are
|
||||||
|
subtle differences in the input format (the CSS max is a number with
|
||||||
|
a unit).
|
||||||
</p>
|
</p>
|
||||||
|
@ -0,0 +1,13 @@
|
|||||||
|
HTML.MaxImgLength
|
||||||
|
TYPE: int/null
|
||||||
|
DEFAULT: 1200
|
||||||
|
VERSION: 3.1.1
|
||||||
|
--DESCRIPTION--
|
||||||
|
<p>
|
||||||
|
This directive controls the maximum number of pixels in the width and
|
||||||
|
height attributes in <code>img</code> tags. This is
|
||||||
|
in place to prevent imagecrash attacks, disable with null at your own risk.
|
||||||
|
This directive is similar to %CSS.MaxImgLength, and both should be
|
||||||
|
concurrently edited, although there are
|
||||||
|
subtle differences in the input format (the HTML max is an integer).
|
||||||
|
</p>
|
@ -11,19 +11,24 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
|
|||||||
public $name = 'Image';
|
public $name = 'Image';
|
||||||
|
|
||||||
public function setup($config) {
|
public function setup($config) {
|
||||||
|
$max = $config->get('HTML', 'MaxImgLength');
|
||||||
$img = $this->addElement(
|
$img = $this->addElement(
|
||||||
'img', 'Inline', 'Empty', 'Common',
|
'img', 'Inline', 'Empty', 'Common',
|
||||||
array(
|
array(
|
||||||
'alt*' => 'Text',
|
'alt*' => 'Text',
|
||||||
// According to the spec, it's Length, but percents can
|
// According to the spec, it's Length, but percents can
|
||||||
// be abused, so we allow only Pixels. A trusted module
|
// be abused, so we allow only Pixels.
|
||||||
// could overload this with the real value.
|
'height' => 'Pixels#' . $max,
|
||||||
'height' => 'Pixels',
|
'width' => 'Pixels#' . $max,
|
||||||
'width' => 'Pixels',
|
|
||||||
'longdesc' => 'URI',
|
'longdesc' => 'URI',
|
||||||
'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
|
'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
if ($max === null || $config->get('HTML', 'Trusted')) {
|
||||||
|
$img->attr['height'] =
|
||||||
|
$img->attr['width'] = 'Length';
|
||||||
|
}
|
||||||
|
|
||||||
// kind of strange, but splitting things up would be inefficient
|
// kind of strange, but splitting things up would be inefficient
|
||||||
$img->attr_transform_pre[] =
|
$img->attr_transform_pre[] =
|
||||||
$img->attr_transform_post[] =
|
$img->attr_transform_post[] =
|
||||||
|
@ -33,5 +33,12 @@ class HTMLPurifier_AttrDef_HTML_PixelsTest extends HTMLPurifier_AttrDefHarness
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_make() {
|
||||||
|
$factory = new HTMLPurifier_AttrDef_HTML_Pixels();
|
||||||
|
$this->def = $factory->make('30');
|
||||||
|
$this->assertDef('25');
|
||||||
|
$this->assertDef('35', '30');
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
54
tests/HTMLPurifier/HTMLModule/ImageTest.php
Normal file
54
tests/HTMLPurifier/HTMLModule/ImageTest.php
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
class HTMLPurifier_HTMLModule_ImageTest extends HTMLPurifier_HTMLModuleHarness
|
||||||
|
{
|
||||||
|
|
||||||
|
|
||||||
|
function testNormal() {
|
||||||
|
$this->assertResult('<img height="40" width="40" src="" alt="" />');
|
||||||
|
}
|
||||||
|
|
||||||
|
function testLengthTooLarge() {
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="40000" width="40000" src="" alt="" />',
|
||||||
|
'<img height="1200" width="1200" src="" alt="" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function testLengthPercentage() {
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="100%" width="100%" src="" alt="" />',
|
||||||
|
'<img src="" alt="" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function testLengthCustomMax() {
|
||||||
|
$this->config->set('HTML', 'MaxImgLength', 20);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="30" width="30" src="" alt="" />',
|
||||||
|
'<img height="20" width="20" src="" alt="" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function testLengthCrashFixDisabled() {
|
||||||
|
$this->config->set('HTML', 'MaxImgLength', null);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="100%" width="100%" src="" alt="" />'
|
||||||
|
);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="40000" width="40000" src="" alt="" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function testLengthTrusted() {
|
||||||
|
$this->config->set('HTML', 'Trusted', true);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="100%" width="100%" src="" alt="" />'
|
||||||
|
);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img height="40000" width="40000" src="" alt="" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -205,6 +205,13 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testKeepPercentCSSWidthAndHeightOnImgWhenToldTo() {
|
||||||
|
$this->config->set('CSS', 'MaxImgLength', null);
|
||||||
|
$this->assertResult(
|
||||||
|
'<img src="" alt="" style="width:100%;height:100%;border:1px solid #000;" />'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
function testRemoveRelativeCSSWidthAndHeightOnImg() {
|
function testRemoveRelativeCSSWidthAndHeightOnImg() {
|
||||||
$this->assertResult(
|
$this->assertResult(
|
||||||
'<img src="" alt="" style="width:10em;height:10em;border:1px solid #000;" />',
|
'<img src="" alt="" style="width:10em;height:10em;border:1px solid #000;" />',
|
||||||
|
Loading…
Reference in New Issue
Block a user