From 59463c5c39c0816bf000e52d015f7ac6c6c1e2d4 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Thu, 27 Oct 2016 17:24:34 -0700 Subject: [PATCH] Allow %URI.DefaultScheme to be null. Fixes #103. Signed-off-by: Edward Z. Yang --- NEWS | 4 ++++ configdoc/usage.xml | 6 +++--- library/HTMLPurifier/ConfigSchema/schema.ser | Bin 15598 -> 15599 bytes .../ConfigSchema/schema/URI.DefaultScheme.txt | 7 ++++++- library/HTMLPurifier/URI.php | 12 +++++++----- tests/HTMLPurifier/AttrDef/URITest.php | 6 ++++++ 6 files changed, 26 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 039c31e9..974ef649 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier . Internal change ========================== +4.9.0, unknown release date +! %URI.DefaultScheme can now be set to null, in which case + all relative paths are removed. + 4.8.0, released 2016-07-16 # By default, when a link has a target attribute associated with it, we now also add rel="noreferrer" in order to diff --git a/configdoc/usage.xml b/configdoc/usage.xml index c3fe3f81..d80ab51e 100644 --- a/configdoc/usage.xml +++ b/configdoc/usage.xml @@ -423,13 +423,13 @@ - 183 + 185 - 200 - 216 + 202 + 218 diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser index 0a7a406e132dd5dfe79e4b52f8f44b7d4f8d5481..0def14c87f9494060ffa71b558eac01411e1c9fb 100644 GIT binary patch delta 19 bcwT!~`Mz?)XDcRM!^s7LlAC$0A2I>}U + +

+ Starting with HTML Purifier 4.9.0, the default scheme can be null, in + which case we reject all URIs which do not have explicit schemes. +

--# vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/URI.php b/library/HTMLPurifier/URI.php index a5e7ae29..9c5be39d 100644 --- a/library/HTMLPurifier/URI.php +++ b/library/HTMLPurifier/URI.php @@ -85,11 +85,13 @@ class HTMLPurifier_URI $def = $config->getDefinition('URI'); $scheme_obj = $def->getDefaultScheme($config, $context); if (!$scheme_obj) { - // something funky happened to the default scheme object - trigger_error( - 'Default scheme object "' . $def->defaultScheme . '" was not readable', - E_USER_WARNING - ); + if ($def->defaultScheme !== null) { + // something funky happened to the default scheme object + trigger_error( + 'Default scheme object "' . $def->defaultScheme . '" was not readable', + E_USER_WARNING + ); + } // suppress error if it's null return false; } } diff --git a/tests/HTMLPurifier/AttrDef/URITest.php b/tests/HTMLPurifier/AttrDef/URITest.php index d2c5d7ab..f4002173 100644 --- a/tests/HTMLPurifier/AttrDef/URITest.php +++ b/tests/HTMLPurifier/AttrDef/URITest.php @@ -81,6 +81,12 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness $this->assertDef('http://example.com/foo/bar'); } + public function testDefaultSchemeNull() + { + $this->config->set('URI.DefaultScheme', null); + $this->assertDef('foo', false); + } + public function testAltSchemeNotRemoved() { $this->assertDef('mailto:this-looks-like-a-path@example.com'); -- 2.11.4.GIT