From 8c3977ce0f6395eb79be1b2579830b4193ea1605 Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Mon, 8 Dec 2008 17:18:12 +0000 Subject: Fix it_html::sanitize with b/br combination (tag prefix of other tag bug) --- it_html.class | 8 ++++---- tests/it_html.t | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/it_html.class b/it_html.class index 9debd34..3ccc084 100644 --- a/it_html.class +++ b/it_html.class @@ -378,26 +378,26 @@ function sanitize($html) $urlpattern = 'https?://[^">]+'; $charset = $GLOBALS['it_html']->p['charset'] ? $GLOBALS['it_html']->p['charset'] : 'iso-8859-1'; - if ($tag = it::match("(.*)<(div|p|i|b)[^>]*>(.*?)(.*)", $html)) + if ($tag = it::match("(.*)<(div|p|i|b)\b[^>]*>(.*?)(.*)", $html)) { # Simple tags with content, no attributes kept list($head, $tagname, $content, $tail) = $tag; $tagname = strtolower($tagname); $result .= it_html::sanitize($head) . "<$tagname>" . it_html::sanitize($content) . "" . it_html::sanitize($tail); } - else if ($tag = it::match('(.*)]+?href="(' . $urlpattern . ')"[^>]*?>(.*?)(.*)', $html)) + else if ($tag = it::match('(.*)]+?href="(' . $urlpattern . ')"[^>]*?>(.*?)(.*)', $html)) { # Link tags, keeps only href attribute list($head, $href, $content, $tail) = $tag; $result .= it_html::sanitize($head) . '' . it_html::sanitize($content) . "" . it_html::sanitize($tail); } - else if ($tag = it::match('(.*)]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html)) + else if ($tag = it::match('(.*)]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html)) { # Image tags, keeps only src attribute list($head, $src, $tail) = $tag; $result .= it_html::sanitize($head) . '' . it_html::sanitize($tail); } - else if ($tag = it::match("(.*)<(br|/tr)[^>]*>(.*)", $html)) + else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html)) { # brs and table rows are converted so simple line breaks list($head, $tagname, $tail) = $tag; diff --git a/tests/it_html.t b/tests/it_html.t index 86afbf8..e77a0a1 100755 --- a/tests/it_html.t +++ b/tests/it_html.t @@ -115,6 +115,12 @@ is( 'it_html::sanitize with latin1' ); +is( + it_html::sanitize('a
b
'), + "a
b
", + 'it_html::sanitize with b and br (tag prefix of other tag bug)' +); + is( U("/foo.html", array('bar' => array('gna' => 42, 'qux' => array('quux' => "", 'gnöp' => "fasel")))), '/foo.html?bar[gna]=42&bar[qux][quux]=%3CZ%FCrich%3E&bar[qux][gn%F6p]=fasel', -- cgit v1.2.3