From cb73535c8eae02092df984bafbecabbce8049cd0 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 5 Jun 2012 21:52:37 +0400
Subject: Revert "Update HTML Purifier to version 4.4.0."

This reverts commit dd205fbad642ace6d0e33c8553f7d73404f140b4.
---
 .../HTMLPurifier/URIFilter/HostBlacklist.php       |  4 ---
 .../library/HTMLPurifier/URIFilter/Munge.php       |  9 ++++--
 .../library/HTMLPurifier/URIFilter/SafeIframe.php  | 35 ----------------------
 3 files changed, 7 insertions(+), 41 deletions(-)
 delete mode 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php

(limited to 'lib/htmlpurifier/library/HTMLPurifier/URIFilter')

diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php
index 55fde3bf4..045aa0992 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php
@@ -1,9 +1,5 @@
 <?php
 
-// It's not clear to me whether or not Punycode means that hostnames
-// do not have canonical forms anymore. As far as I can tell, it's
-// not a problem (punycoding should be identity when no Unicode
-// points are involved), but I'm not 100% sure
 class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
 {
     public $name = 'HostBlacklist';
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/Munge.php b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/Munge.php
index de695df14..efa10a645 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/Munge.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/Munge.php
@@ -20,8 +20,13 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
 
         $scheme_obj = $uri->getSchemeObj($config, $context);
         if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
-        if (!$scheme_obj->browsable) return true; // ignore non-browseable schemes, since we can't munge those in a reasonable way
-        if ($uri->isBenign($config, $context)) return true; // don't redirect if a benign URL
+        if (is_null($uri->host) || empty($scheme_obj->browsable)) {
+            return true;
+        }
+        // don't redirect if target host is our host
+        if ($uri->host === $config->getDefinition('URI')->host) {
+            return true;
+        }
 
         $this->makeReplace($uri, $config, $context);
         $this->replace = array_map('rawurlencode', $this->replace);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php
deleted file mode 100644
index 284bb13de..000000000
--- a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-/**
- * Implements safety checks for safe iframes.
- *
- * @warning This filter is *critical* for ensuring that %HTML.SafeIframe
- * works safely.
- */
-class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
-{
-    public $name = 'SafeIframe';
-    public $always_load = true;
-    protected $regexp = NULL;
-    // XXX: The not so good bit about how this is all setup now is we
-    // can't check HTML.SafeIframe in the 'prepare' step: we have to
-    // defer till the actual filtering.
-    public function prepare($config) {
-        $this->regexp = $config->get('URI.SafeIframeRegexp');
-        return true;
-    }
-    public function filter(&$uri, $config, $context) {
-        // check if filter not applicable
-        if (!$config->get('HTML.SafeIframe')) return true;
-        // check if the filter should actually trigger
-        if (!$context->get('EmbeddedURI', true)) return true;
-        $token = $context->get('CurrentToken', true);
-        if (!($token && $token->name == 'iframe')) return true;
-        // check if we actually have some whitelists enabled
-        if ($this->regexp === null) return false;
-        // actually check the whitelists
-        return preg_match($this->regexp, $uri->toString());
-    }
-}
-
-// vim: et sw=4 sts=4
-- 
cgit v1.2.3