From c845f0bb784347f38e2a667ca67dcfa6ce5e78f0 Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Sat, 5 Jul 2008 03:14:32 -0400
Subject: [PATCH] Give warnings when attempting to use encoding iconv doesn't
 support.

Previously, attempting to set %Core.Encoding to an encoding iconv didn't
know about would result in a silent failure, with the return of the
boolean false. Now it will fatally error out.

Reported-by: mcgrailm <mgm19@psu.edu>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
---
 NEWS                               |  2 ++
 library/HTMLPurifier/Encoder.php   |  8 +++++++-
 tests/HTMLPurifier/EncoderTest.php | 11 +++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 2d4c55d0..acc5dcaa 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
   the strategy to be used, standalone, on untrusted input.
 - Fix two bugs in %URI.MakeAbsolute; one involving empty paths in base URLs,
   the other involving an undefined $is_folder error.
+- Throw error when %Core.Encoding is set to a spurious value. Previously,
+  this errored silently and returned false.
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
   for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
diff --git a/library/HTMLPurifier/Encoder.php b/library/HTMLPurifier/Encoder.php
index 0518814e..c2df3132 100644
--- a/library/HTMLPurifier/Encoder.php
+++ b/library/HTMLPurifier/Encoder.php
@@ -271,6 +271,12 @@ class HTMLPurifier_Encoder
         set_error_handler(array('HTMLPurifier_Encoder', 'muteErrorHandler'));
         if ($iconv && !$config->get('Test', 'ForceNoIconv')) {
             $str = iconv($encoding, 'utf-8//IGNORE', $str);
+            if ($str === false) {
+                // $encoding is not a valid encoding
+                restore_error_handler();
+                trigger_error('Invalid encoding ' . $encoding, E_USER_ERROR);
+                return '';
+            }
             // If the string is bjorked by Shift_JIS or a similar encoding
             // that doesn't support all of ASCII, convert the naughty
             // characters to their true byte-wise ASCII/UTF-8 equivalents.
@@ -282,7 +288,7 @@ class HTMLPurifier_Encoder
             restore_error_handler();
             return $str;
         }
-        trigger_error('Encoding not supported', E_USER_ERROR);
+        trigger_error('Encoding not supported, please install iconv', E_USER_ERROR);
     }
     
     /**
diff --git a/tests/HTMLPurifier/EncoderTest.php b/tests/HTMLPurifier/EncoderTest.php
index 88880ed3..03263e7c 100644
--- a/tests/HTMLPurifier/EncoderTest.php
+++ b/tests/HTMLPurifier/EncoderTest.php
@@ -38,6 +38,17 @@ class HTMLPurifier_EncoderTest extends HTMLPurifier_Harness
         );
     }
     
+    function test_convertToUTF8_spuriousEncoding() {
+        // We don't support this as UTF-8, because UTF-8 is the default and
+        // shouldn't be set if not necessary.
+        $this->config->set('Core', 'Encoding', 'utf8');
+        $this->expectError('Invalid encoding utf8');
+        $this->assertIdentical(
+            HTMLPurifier_Encoder::convertToUTF8("\xF6", $this->config, $this->context),
+            ''
+        );
+    }
+    
     function test_convertToUTF8_iso8859_1() {
         $this->config->set('Core', 'Encoding', 'ISO-8859-1');
         $this->assertIdentical(
-- 
2.11.4.GIT