Fix issue #214 by ensuring we handle invalid URIs

Also closes #228, but doesn't fix the base problem where paths starting with // aren't parsed by SimplePie_IRI.
simplepie · Oct 30, 2012 · 7e6ae7c · 7e6ae7c · cosenal · Oct 30, 2012
1 parent 47bbfdd
commit 7e6ae7c
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 5 deletions.
diff --git a/library/SimplePie/Locator.php b/library/SimplePie/Locator.php
@@ -180,7 +180,12 @@ public function get_base()
 		{
 			if ($element->hasAttribute('href'))
 			{
-				$this->base = $this->registry->call('Misc', 'absolutize_url', array(trim($element->getAttribute('href')), $this->http_base));
+				$base = $this->registry->call('Misc', 'absolutize_url', array(trim($element->getAttribute('href')), $this->http_base));
+				if ($base === false)
+				{
+					continue;
+				}
+				$this->base = $base;
 				$this->base_location = method_exists($element, 'getLineNo') ? $element->getLineNo() : 0;
 				break;
 			}
@@ -232,6 +237,10 @@ protected function search_elements_by_tag($name, &$done, $feeds)
 				{
 					$href = $this->registry->call('Misc', 'absolutize_url', array(trim($link->getAttribute('href')), $this->http_base));
 				}
+				if ($href === false)
+				{
+					continue;
+				}
 
 				if (!in_array($href, $done) && in_array('feed', $rel) || (in_array('alternate', $rel) && !in_array('stylesheet', $rel) && $link->hasAttribute('type') && in_array(strtolower($this->registry->call('Misc', 'parse_mime', array($link->getAttribute('type')))), array('application/rss+xml', 'application/atom+xml'))) && !isset($feeds[$href]))
 				{
@@ -276,6 +285,10 @@ public function get_links()
 					{
 						$href = $this->registry->call('Misc', 'absolutize_url', array(trim($link->getAttribute('href')), $this->http_base));
 					}
+					if ($href === false)
+					{
+						continue;
+					}
 
 					$current = $this->registry->call('Misc', 'parse_url', array($this->file->url));
 

diff --git a/library/SimplePie/Misc.php b/library/SimplePie/Misc.php
@@ -80,6 +80,10 @@ public static function time_hms($seconds)
 	public static function absolutize_url($relative, $base)
 	{
 		$iri = SimplePie_IRI::absolutize(new SimplePie_IRI($base), $relative);
+		if ($iri === false)
+		{
+			return false;
+		}
 		return $iri->get_uri();
 	}
 

diff --git a/library/SimplePie/Parser.php b/library/SimplePie/Parser.php
@@ -278,8 +278,12 @@ public function tag_open($parser, $tag, $attributes)
 
 		if (isset($attribs[SIMPLEPIE_NAMESPACE_XML]['base']))
 		{
-			$this->xml_base[] = $this->registry->call('Misc', 'absolutize_url', array($attribs[SIMPLEPIE_NAMESPACE_XML]['base'], end($this->xml_base)));
-			$this->xml_base_explicit[] = true;
+			$base = $this->registry->call('Misc', 'absolutize_url', array($attribs[SIMPLEPIE_NAMESPACE_XML]['base'], end($this->xml_base)));
+			if ($base !== false)
+			{
+				$this->xml_base[] = $base;
+				$this->xml_base_explicit[] = true;
+			}
 		}
 		else
 		{

diff --git a/library/SimplePie/Sanitize.php b/library/SimplePie/Sanitize.php
@@ -356,7 +356,11 @@ public function sanitize($data, $type, $base = '')
 
 			if ($type & SIMPLEPIE_CONSTRUCT_IRI)
 			{
-				$data = $this->registry->call('Misc', 'absolutize_url', array($data, $base));
+				$absolute = $this->registry->call('Misc', 'absolutize_url', array($data, $base));
+				if ($absolute !== false)
+				{
+					$data = $absolute;
+				}
 			}
 
 			if ($type & (SIMPLEPIE_CONSTRUCT_TEXT | SIMPLEPIE_CONSTRUCT_IRI))
@@ -412,7 +416,10 @@ public function replace_urls($document, $tag, $attributes)
 					if ($element->hasAttribute($attribute))
 					{
 						$value = $this->registry->call('Misc', 'absolutize_url', array($element->getAttribute($attribute), $this->base));
-						$element->setAttribute($attribute, $value);
+						if ($value !== false)
+						{
+							$element->setAttribute($attribute, $value);
+						}
 					}
 				}
 			}