From c2aadb6cdc58b547d5a0bfdecf2191147a700b85 Mon Sep 17 00:00:00 2001 From: Atsushi Matsuo Date: Mon, 29 Jul 2024 21:04:46 +0900 Subject: [PATCH 1/2] Add a test case to confirm that a deprecated error is not shown when the attribute name is numeric and DirectLex is used --- tests/HTMLPurifier/HTMLDefinitionTest.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/HTMLPurifier/HTMLDefinitionTest.php b/tests/HTMLPurifier/HTMLDefinitionTest.php index 56d680f8..3e8a1da7 100644 --- a/tests/HTMLPurifier/HTMLDefinitionTest.php +++ b/tests/HTMLPurifier/HTMLDefinitionTest.php @@ -222,6 +222,17 @@ public function test_AllowedAttributes_multipleErrors() $this->assertPurification_AllowedAttributes_local_p_style(); } + public function test_AllowedAttributes_invalidAttributeDueToConsistingOfNumbers_UsingDirectLex() + { + $this->config->set('HTML.AllowedElements', array('a')); + $this->config->set('HTML.AllowedAttributes', 'href'); + $this->config->set('Core.LexerImpl', 'DirectLex'); + $this->assertPurification( + 'Test', + 'Test' + ); + } + public function test_ForbiddenElements() { $this->config->set('HTML.ForbiddenElements', 'b'); From 65c48c817cb0455b2d8ab2240d245f818665c89f Mon Sep 17 00:00:00 2001 From: Atsushi Matsuo Date: Mon, 29 Jul 2024 21:10:02 +0900 Subject: [PATCH 2/2] Avoid a deprecated error when the attribute name is numeric and DirectLex is used (Fix #393) --- library/HTMLPurifier/Token/Tag.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/HTMLPurifier/Token/Tag.php b/library/HTMLPurifier/Token/Tag.php index d643fa64..dcf36558 100644 --- a/library/HTMLPurifier/Token/Tag.php +++ b/library/HTMLPurifier/Token/Tag.php @@ -44,7 +44,7 @@ public function __construct($name, $attr = array(), $line = null, $col = null, $ $this->name = ctype_lower($name) ? $name : strtolower($name); foreach ($attr as $key => $value) { // normalization only necessary when key is not lowercase - if (!ctype_lower($key)) { + if (!ctype_lower((string)$key)) { $new_key = strtolower($key); if (!isset($attr[$new_key])) { $attr[$new_key] = $attr[$key];