aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/AttrDef/CSS/URI.php
diff options
context:
space:
mode:
authorChristian Vogeley <christian.vogeley@hotmail.de>2015-01-11 16:22:59 +0100
committerChristian Vogeley <christian.vogeley@hotmail.de>2015-01-11 16:22:59 +0100
commitf0c7612bcd49d32e408e67ac1829ee891c677f7e (patch)
treed4cff4aa2d728524b631776ffffee71f42056421 /library/HTMLPurifier/AttrDef/CSS/URI.php
parent43f143a211c75138d09ceb89acc48ea7d5c31ca9 (diff)
parent10102ac2ac4d5b02012a9794e23656717ab05556 (diff)
downloadvolse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.tar.gz
volse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.tar.bz2
volse-hubzilla-f0c7612bcd49d32e408e67ac1829ee891c677f7e.zip
Merge remote-tracking branch 'upstream/master'
Conflicts: doc/html/classRedmatrix_1_1Import_1_1Import-members.html doc/html/classRedmatrix_1_1Import_1_1Import.js
Diffstat (limited to 'library/HTMLPurifier/AttrDef/CSS/URI.php')
-rw-r--r--library/HTMLPurifier/AttrDef/CSS/URI.php38
1 files changed, 30 insertions, 8 deletions
diff --git a/library/HTMLPurifier/AttrDef/CSS/URI.php b/library/HTMLPurifier/AttrDef/CSS/URI.php
index 1df17dc25..f9434230e 100644
--- a/library/HTMLPurifier/AttrDef/CSS/URI.php
+++ b/library/HTMLPurifier/AttrDef/CSS/URI.php
@@ -12,25 +12,39 @@
class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
{
- public function __construct() {
+ public function __construct()
+ {
parent::__construct(true); // always embedded
}
- public function validate($uri_string, $config, $context) {
+ /**
+ * @param string $uri_string
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return bool|string
+ */
+ public function validate($uri_string, $config, $context)
+ {
// parse the URI out of the string and then pass it onto
// the parent object
$uri_string = $this->parseCDATA($uri_string);
- if (strpos($uri_string, 'url(') !== 0) return false;
+ if (strpos($uri_string, 'url(') !== 0) {
+ return false;
+ }
$uri_string = substr($uri_string, 4);
$new_length = strlen($uri_string) - 1;
- if ($uri_string[$new_length] != ')') return false;
+ if ($uri_string[$new_length] != ')') {
+ return false;
+ }
$uri = trim(substr($uri_string, 0, $new_length));
if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
$quote = $uri[0];
$new_length = strlen($uri) - 1;
- if ($uri[$new_length] !== $quote) return false;
+ if ($uri[$new_length] !== $quote) {
+ return false;
+ }
$uri = substr($uri, 1, $new_length - 1);
}
@@ -38,15 +52,23 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
$result = parent::validate($uri, $config, $context);
- if ($result === false) return false;
+ if ($result === false) {
+ return false;
+ }
// extra sanity check; should have been done by URI
$result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
- return "url(\"$result\")";
+ // suspicious characters are ()'; we're going to percent encode
+ // them for safety.
+ $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
+ // there's an extra bug where ampersands lose their escaping on
+ // an innerHTML cycle, so a very unlucky query parameter could
+ // then change the meaning of the URL. Unfortunately, there's
+ // not much we can do about that...
+ return "url(\"$result\")";
}
-
}
// vim: et sw=4 sts=4