From 5bc7c726080449e32f81b05c8d29d58086aebc3f Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sun, 12 Mar 2017 20:05:09 -0700 Subject: [PATCH] Add tests for new entity decoding codepath. Signed-off-by: Edward Z. Yang --- NEWS | 1 + library/HTMLPurifier/EntityParser.php | 4 ++-- tests/HTMLPurifier/EntityParserTest.php | 13 +++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4129346d6..09aa61d9e 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier 4.9.2, unknown release date - Fixes PHP 5.3 compatibility +- Fix breakage when decoding decimal entities. Thanks @rybakit (#129) 4.9.1, released 2017-03-08 ! %URI.DefaultScheme can now be set to null, in which case diff --git a/library/HTMLPurifier/EntityParser.php b/library/HTMLPurifier/EntityParser.php index e18d7325f..c372b5a6a 100644 --- a/library/HTMLPurifier/EntityParser.php +++ b/library/HTMLPurifier/EntityParser.php @@ -119,9 +119,9 @@ protected function entityCallback($matches) $hex_part = @$matches[1]; $dec_part = @$matches[2]; $named_part = empty($matches[3]) ? @$matches[4] : $matches[3]; - if ($hex_part) { + if ($hex_part !== NULL && $hex_part !== "") { return HTMLPurifier_Encoder::unichr(hexdec($hex_part)); - } elseif ($dec_part) { + } elseif ($dec_part !== NULL && $dec_part !== "") { return HTMLPurifier_Encoder::unichr((int) $dec_part); } else { if (!$this->_entity_lookup) { diff --git a/tests/HTMLPurifier/EntityParserTest.php b/tests/HTMLPurifier/EntityParserTest.php index dddb4d495..989676c14 100644 --- a/tests/HTMLPurifier/EntityParserTest.php +++ b/tests/HTMLPurifier/EntityParserTest.php @@ -16,8 +16,12 @@ public function test_substituteNonSpecialEntities() $char_theta = $this->_entity_lookup->table['theta']; $this->assertIdentical($char_theta, $this->EntityParser->substituteNonSpecialEntities('θ') ); + $this->assertIdentical($char_theta, + $this->EntityParser->substituteTextEntities('θ') ); $this->assertIdentical('"', $this->EntityParser->substituteNonSpecialEntities('"') ); + $this->assertIdentical('"', + $this->EntityParser->substituteTextEntities('"') ); // numeric tests, adapted from Feyd $args = array(); @@ -71,6 +75,11 @@ public function test_substituteNonSpecialEntities() $expect, 'Identical expectation [Hex: '. dechex($arg[0]) .']' ); + $this->assertIdentical( + $this->EntityParser->substituteTextEntities($string), + $expect, + 'Identical expectation [Hex: '. dechex($arg[0]) .']' + ); } } @@ -81,6 +90,10 @@ public function test_substituteSpecialEntities() "'", $this->EntityParser->substituteSpecialEntities(''') ); + $this->assertIdentical( + "'", + $this->EntityParser->substituteTextEntities(''') + ); } }