public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-15 09:25:57 +00:00
Code Issues Releases Wiki Activity

Revert "Update HTML Purifier to version 4.4.0."

Browse Source 
This reverts commit dd205fbad6.
This commit is contained in:
Andrew Dolgov
2012-06-05 21:52:37 +04:00
parent 010efc9b81
commit cb73535c8e
61 changed files with 362 additions and 1031 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
lib/htmlpurifier/library/HTMLPurifier/URI.php
View File

@@ -40,7 +40,7 @@ class HTMLPurifier_URI
} else {
// no scheme: retrieve the default one
$def = $config->getDefinition('URI');
$scheme_obj = $def->getDefaultScheme($config, $context);
$scheme_obj = $registry->getScheme($def->defaultScheme, $config, $context);
if (!$scheme_obj) {
// something funky happened to the default scheme object
trigger_error(
@@ -199,44 +199,6 @@ class HTMLPurifier_URI
return $result;
}
/**
* Returns true if this URL might be considered a 'local' URL given
* the current context. This is true when the host is null, or
* when it matches the host supplied to the configuration.
*
* Note that this does not do any scheme checking, so it is mostly
* only appropriate for metadata that doesn't care about protocol
* security. isBenign is probably what you actually want.
*/
public function isLocal($config, $context) {
if ($this->host === null) return true;
$uri_def = $config->getDefinition('URI');
if ($uri_def->host === $this->host) return true;
return false;
}
/**
* Returns true if this URL should be considered a 'benign' URL,
* that is:
*
* - It is a local URL (isLocal), and
* - It has a equal or better level of security
*/
public function isBenign($config, $context) {
if (!$this->isLocal($config, $context)) return false;
$scheme_obj = $this->getSchemeObj($config, $context);
if (!$scheme_obj) return false; // conservative approach
$current_scheme_obj = $config->getDefinition('URI')->getDefaultScheme($config, $context);
if ($current_scheme_obj->secure) {
if (!$scheme_obj->secure) {
return false;
}
}
return true;
}
}
// vim: et sw=4 sts=4