From 7e6ae7ca6c09a2e566623824a9b24add3d4b6acd Mon Sep 17 00:00:00 2001
From: Ryan McCue <me@ryanmccue.info>
Date: Tue, 30 Oct 2012 12:14:33 -0400
Subject: [PATCH] Fix issue #214 by ensuring we handle invalid URIs

Also closes #228, but doesn't fix the base problem where paths starting
with // aren't parsed by SimplePie_IRI.
---
 library/SimplePie/Locator.php  | 15 ++++++++++++++-
 library/SimplePie/Misc.php     |  4 ++++
 library/SimplePie/Parser.php   |  8 ++++++--
 library/SimplePie/Sanitize.php | 11 +++++++++--
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/library/SimplePie/Locator.php b/library/SimplePie/Locator.php
index 1551b3666..57a741435 100644
--- a/library/SimplePie/Locator.php
+++ b/library/SimplePie/Locator.php
@@ -180,7 +180,12 @@ public function get_base()
 		{
 			if ($element->hasAttribute('href'))
 			{
-				$this->base = $this->registry->call('Misc', 'absolutize_url', array(trim($element->getAttribute('href')), $this->http_base));
+				$base = $this->registry->call('Misc', 'absolutize_url', array(trim($element->getAttribute('href')), $this->http_base));
+				if ($base === false)
+				{
+					continue;
+				}
+				$this->base = $base;
 				$this->base_location = method_exists($element, 'getLineNo') ? $element->getLineNo() : 0;
 				break;
 			}
@@ -232,6 +237,10 @@ protected function search_elements_by_tag($name, &$done, $feeds)
 				{
 					$href = $this->registry->call('Misc', 'absolutize_url', array(trim($link->getAttribute('href')), $this->http_base));
 				}
+				if ($href === false)
+				{
+					continue;
+				}
 
 				if (!in_array($href, $done) && in_array('feed', $rel) || (in_array('alternate', $rel) && !in_array('stylesheet', $rel) && $link->hasAttribute('type') && in_array(strtolower($this->registry->call('Misc', 'parse_mime', array($link->getAttribute('type')))), array('application/rss+xml', 'application/atom+xml'))) && !isset($feeds[$href]))
 				{
@@ -276,6 +285,10 @@ public function get_links()
 					{
 						$href = $this->registry->call('Misc', 'absolutize_url', array(trim($link->getAttribute('href')), $this->http_base));
 					}
+					if ($href === false)
+					{
+						continue;
+					}
 
 					$current = $this->registry->call('Misc', 'parse_url', array($this->file->url));
 
diff --git a/library/SimplePie/Misc.php b/library/SimplePie/Misc.php
index c4e6f3c41..fb8d0e5a7 100644
--- a/library/SimplePie/Misc.php
+++ b/library/SimplePie/Misc.php
@@ -80,6 +80,10 @@ public static function time_hms($seconds)
 	public static function absolutize_url($relative, $base)
 	{
 		$iri = SimplePie_IRI::absolutize(new SimplePie_IRI($base), $relative);
+		if ($iri === false)
+		{
+			return false;
+		}
 		return $iri->get_uri();
 	}
 
diff --git a/library/SimplePie/Parser.php b/library/SimplePie/Parser.php
index 64980ded6..88f5cdff0 100644
--- a/library/SimplePie/Parser.php
+++ b/library/SimplePie/Parser.php
@@ -278,8 +278,12 @@ public function tag_open($parser, $tag, $attributes)
 
 		if (isset($attribs[SIMPLEPIE_NAMESPACE_XML]['base']))
 		{
-			$this->xml_base[] = $this->registry->call('Misc', 'absolutize_url', array($attribs[SIMPLEPIE_NAMESPACE_XML]['base'], end($this->xml_base)));
-			$this->xml_base_explicit[] = true;
+			$base = $this->registry->call('Misc', 'absolutize_url', array($attribs[SIMPLEPIE_NAMESPACE_XML]['base'], end($this->xml_base)));
+			if ($base !== false)
+			{
+				$this->xml_base[] = $base;
+				$this->xml_base_explicit[] = true;
+			}
 		}
 		else
 		{
diff --git a/library/SimplePie/Sanitize.php b/library/SimplePie/Sanitize.php
index 8e7bc0b85..c2d88e5dd 100644
--- a/library/SimplePie/Sanitize.php
+++ b/library/SimplePie/Sanitize.php
@@ -356,7 +356,11 @@ public function sanitize($data, $type, $base = '')
 
 			if ($type & SIMPLEPIE_CONSTRUCT_IRI)
 			{
-				$data = $this->registry->call('Misc', 'absolutize_url', array($data, $base));
+				$absolute = $this->registry->call('Misc', 'absolutize_url', array($data, $base));
+				if ($absolute !== false)
+				{
+					$data = $absolute;
+				}
 			}
 
 			if ($type & (SIMPLEPIE_CONSTRUCT_TEXT | SIMPLEPIE_CONSTRUCT_IRI))
@@ -412,7 +416,10 @@ public function replace_urls($document, $tag, $attributes)
 					if ($element->hasAttribute($attribute))
 					{
 						$value = $this->registry->call('Misc', 'absolutize_url', array($element->getAttribute($attribute), $this->base));
-						$element->setAttribute($attribute, $value);
+						if ($value !== false)
+						{
+							$element->setAttribute($attribute, $value);
+						}
 					}
 				}
 			}