From 1f3e282fde48ae517011a306dc2f6ff3ef0126ab Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@cs.stanford.edu>
Date: Thu, 24 Mar 2016 00:12:52 -0700
Subject: [PATCH] Fix a bounds error which now errors in PHP 7.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
---
 NEWS                                     | 1 +
 library/HTMLPurifier/AttrDef/CSS/URI.php | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 90c07839..f4df9b86 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - IDNA supported natively on PHP 5.3 and later.
 - Non all-numeric top-level names (e.g., foo.1f, 1f) are now
   allowed.
+- Minor bounds error fix to squash a PHP 7 notice.
 
 4.7.0, released 2015-08-04
 # opacity is now considered a "tricky" CSS property rather than a
diff --git a/library/HTMLPurifier/AttrDef/CSS/URI.php b/library/HTMLPurifier/AttrDef/CSS/URI.php
index f9434230..6617acac 100644
--- a/library/HTMLPurifier/AttrDef/CSS/URI.php
+++ b/library/HTMLPurifier/AttrDef/CSS/URI.php
@@ -33,6 +33,9 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
             return false;
         }
         $uri_string = substr($uri_string, 4);
+        if (strlen($uri_string) == 0) {
+            return false;
+        }
         $new_length = strlen($uri_string) - 1;
         if ($uri_string[$new_length] != ')') {
             return false;
-- 
2.11.4.GIT