From 4d27906b02c754c52207b3cde6de106ed0dec65a Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Mon, 6 Jul 2009 22:04:51 -0400
Subject: [PATCH] Make %URI.Munge respect %URI.Host (don't munge).

%URI.Munge incorrectly munged URIs that pointed to the
same host as the current website (it did, however, have
the correct behavior for when the munge URL was on the
same server).

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 NEWS                                       | 1 +
 library/HTMLPurifier/URIFilter/Munge.php   | 4 ++++
 tests/HTMLPurifier/URIFilter/MungeTest.php | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/NEWS b/NEWS
index 4b8cea81..2bf34aa5 100644
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
   changed.
 - Fix fatal error in HTMLPurifier_Encoder on certain platforms (probably NetBSD 5.0)
 - Fix bug in Linkify autoformatter involving <a><span>http://foo</span></a>
+- Make %URI.Munge not apply to links that have the same host as your host.
 . Created script maintenance/rename-config.php for renaming a configuration
   directive while maintaining its alias.  This script does not change source code.
 . Implement namespace locking for definition construction, to prevent
diff --git a/library/HTMLPurifier/URIFilter/Munge.php b/library/HTMLPurifier/URIFilter/Munge.php
index 6c66a8ee..efa10a64 100644
--- a/library/HTMLPurifier/URIFilter/Munge.php
+++ b/library/HTMLPurifier/URIFilter/Munge.php
@@ -23,6 +23,10 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
         if (is_null($uri->host) || empty($scheme_obj->browsable)) {
             return true;
         }
+        // don't redirect if target host is our host
+        if ($uri->host === $config->getDefinition('URI')->host) {
+            return true;
+        }
 
         $this->makeReplace($uri, $config, $context);
         $this->replace = array_map('rawurlencode', $this->replace);
diff --git a/tests/HTMLPurifier/URIFilter/MungeTest.php b/tests/HTMLPurifier/URIFilter/MungeTest.php
index 77a68733..09624b07 100644
--- a/tests/HTMLPurifier/URIFilter/MungeTest.php
+++ b/tests/HTMLPurifier/URIFilter/MungeTest.php
@@ -117,6 +117,12 @@ class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
         $this->assertFiltering('http://example.com/foobar');
     }
 
+    function testMungeIgnoresSourceHost() {
+        $this->config->set('URI.Host', 'foo.example.com');
+        $this->setMunge('http://example.com/%s');
+        $this->assertFiltering('http://foo.example.com/bar');
+    }
+
 }
 
 // vim: et sw=4 sts=4
-- 
2.11.4.GIT