fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Prevent path conversion of data: URL in <img> tag

Browse source
This commit is contained in:
Kijin Sung 2022-07-11 21:55:09 +09:00
parent de629d6d43
commit 099d8397c9
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/template/TemplateHandler.class.php
View file

@ -269,7 +269,7 @@ class TemplateHandler
$buff = preg_replace('@<!--//.*?-->@s', '', $buff); $buff = preg_replace('@<!--//.*?-->@s', '', $buff);
// replace value of src in img/input/script tag // replace value of src in img/input/script tag
$buff = preg_replace_callback('/<(?:img|input|script)(?:[^<>]*?)(?(?=cond=")(?:cond="[^"]+"[^<>]*)+|)[^<>]* src="(?!(?:https?|file):\/\/|[\/\{])([^"]+)"/is', array($this, '_replacePath'), $buff); $buff = preg_replace_callback('/<(?:img|input|script)(?:[^<>]*?)(?(?=cond=")(?:cond="[^"]+"[^<>]*)+|)[^<>]* src="(?!(?:https?|file|data):|[\/\{])([^"]+)"/is', array($this, '_replacePath'), $buff);
// replace value of srcset in img/source/link tag // replace value of srcset in img/source/link tag
$buff = preg_replace_callback('/<(?:img|source|link)(?:[^<>]*?)(?(?=cond=")(?:cond="[^"]+"[^<>]*)+|)[^<>]* srcset="([^"]+)"/is', array($this, '_replaceSrcsetPath'), $buff); $buff = preg_replace_callback('/<(?:img|source|link)(?:[^<>]*?)(?(?=cond=")(?:cond="[^"]+"[^<>]*)+|)[^<>]* srcset="([^"]+)"/is', array($this, '_replaceSrcsetPath'), $buff);
@ -503,7 +503,7 @@ class TemplateHandler
foreach ($url_list as &$url) { foreach ($url_list as &$url) {
// replace if url is not starting with the pattern // replace if url is not starting with the pattern
$url = preg_replace_callback( $url = preg_replace_callback(
'/^(?!(?:https?|file):\/\/|[\/\{])(\S+)/i', '/^(?!(?:https?|file|data):|[\/\{])(\S+)/i',
array($this, '_replaceRelativePath'), array($this, '_replaceRelativePath'),
trim($url) trim($url)
); );

4
tests/unit/classes/TemplateHandlerTest.php
View file

@ -282,6 +282,10 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test
'<input>asdf src="../img/img.gif" asdf</input>', '<input>asdf src="../img/img.gif" asdf</input>',
'?><input>asdf src="../img/img.gif" asdf</input>' '?><input>asdf src="../img/img.gif" asdf</input>'
), ),
array(
'<img src="data:image/png;base64,AAAAAAAAAAA=" />',
'?><img src="data:image/png;base64,AAAAAAAAAAA=" />'
),
// srcset (PR #1544) // srcset (PR #1544)
array( array(
'<img src="./img/sticker_banner_960w.png" alt="this is a test image." srcset="https://abc.com/static/img/test@2x.png 2x, http://abc.com/static/test@2.5x.png 2.5x,../img/test@3x.png 3x, ../img/test_960w.png 960w, {$mid}/image.png 480w">', '<img src="./img/sticker_banner_960w.png" alt="this is a test image." srcset="https://abc.com/static/img/test@2x.png 2x, http://abc.com/static/test@2.5x.png 2.5x,../img/test@3x.png 3x, ../img/test_960w.png 960w, {$mid}/image.png 480w">',