From 8197be3061db8bd2f57910fa30d6adf34b04e824 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Tue, 8 Sep 2009 15:26:56 +0000
Subject: Use U() to sanitize URLs in it_html::sanitize and adapted test cases
 to it

---
 it_html.class   | 4 ++--
 tests/it_html.t | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/it_html.class b/it_html.class
index 039f649..2175dd3 100644
--- a/it_html.class
+++ b/it_html.class
@@ -395,13 +395,13 @@ function sanitize($html)
 	{
 		# Link tags, keeps only href attribute
 		list($head, $href, $content, $tail) = $tag;
-		$result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href), ENT_COMPAT, $charset) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<a href="' . it_html::Q(it_html::U(html_entity_decode($href, ENT_COMPAT, $charset))) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match('(.*)<img\b[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html))
 	{
 		# Image tags, keeps only src attribute
 		list($head, $src, $tail) = $tag;
-		$result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src, ENT_COMPAT, $charset)) . '" alt="" />' . it_html::sanitize($tail);
+		$result .= it_html::sanitize($head) . '<img src="' . it_html::Q(it_html::U(html_entity_decode($src, ENT_COMPAT, $charset))) . '" alt="" />' . it_html::sanitize($tail);
 	}
 	else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html))
 	{
diff --git a/tests/it_html.t b/tests/it_html.t
index 9c05341..3b4dc2f 100755
--- a/tests/it_html.t
+++ b/tests/it_html.t
@@ -91,11 +91,11 @@ is(
 );
 
 is(
-	it_html::sanitize(" \r \n " . '                        <p><a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted < &lt; &auml; &amp; yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR />
+	it_html::sanitize(" \r \n " . '                        <p><a href="http://www.flickr.com/people/swisspics%/">swisspics</a> posted < &lt; &auml; &amp; yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR />
 
 <P><a href="javascript:window.close()" title="Wolken"><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" width="240" height="180" alt="Wolken" style="border: 1px solid #ddd;" /></a></p>
 '),
-	 ' <a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted &lt; &lt; � &amp; yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ',
+	 ' <a href="http://www.flickr.com/people/swisspics%25/">swisspics</a> posted &lt; &lt; � &amp; yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ',
 	'it_html::sanitize tag soup'
 );
 
@@ -134,12 +134,12 @@ is(
 is(
 	U('%% %1%x %1x%x1%xx%11%ff%FF'),
 	'%25%25+%251%25x+%251x%25x1%25xx%11%ff%FF',
-	'quoting of % if not followed by 2 hex digits'
+	'U() quoting of % if not followed by 2 hex digits'
 );
 
 is(
 	U('a\\b'),
 	'a/b',
-	'converting of \ to /'
+	'U() converting of \ to /'
 );
 ?>
-- 
cgit v1.2.3