Your message dated Tue, 11 Feb 2014 21:20:52 +0000 with message-id <[email protected]> and subject line Bug#736835: fixed in php-htmlpurifier 4.4.0+dfsg1-2 has caused the Debian Bug report #736835, regarding php-htmlpurifier: "Undefined index" notice due to bug in library/HTMLPurifier/AttrDef/HTML/Color.php to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 736835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736835 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: php-htmlpurifier Version: 4.4.0+dfsg1-1 Severity: normal Dear Maintainer, the following code raises a notice: <? require_once "HTMLPurifier.auto.php"; $cfg = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($cfg); echo $purifier->purify("<font color='Green'>test</font>"); ?> Notice: Undefined index: Green in /usr/share/php-htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php on line 17 This is caued by a bug in /usr/share/php-htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php on line 17 - the code use strtolower($string) to check for the existence of an array element, but then uses $string to access it. if (isset($colors[strtolower($string)])) return $colors[$string]; The issue is apparently already resolved upstream, because the most recent version uses strtolower in both cases. I've attached a small patch that fixes the issue in the current Debian version. -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.10-0.bpo.3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-htmlpurifier depends on: ii php5 5.4.4-14+deb7u7 Versions of packages php-htmlpurifier recommends: ii php5-cli 5.4.4-14+deb7u7 php-htmlpurifier suggests no packages. -- no debconf information--- Color.php.orig 2012-01-19 01:24:10.000000000 +0100 +++ Color.php 2014-01-27 12:48:27.000000000 +0100 @@ -14,7 +14,7 @@ $string = trim($string); if (empty($string)) return false; - if (isset($colors[strtolower($string)])) return $colors[$string]; + if (isset($colors[strtolower($string)])) return $colors[strtolower($string)]; if ($string[0] === '#') $hex = substr($string, 1); else $hex = $string;
--- End Message ---
--- Begin Message ---Source: php-htmlpurifier Source-Version: 4.4.0+dfsg1-2 We believe that the bug you reported is fixed in the latest version of php-htmlpurifier, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Glaser <[email protected]> (supplier of updated php-htmlpurifier package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Format: 1.8 Date: Tue, 11 Feb 2014 21:59:25 +0100 Source: php-htmlpurifier Binary: php-htmlpurifier Architecture: source all Version: 4.4.0+dfsg1-2 Distribution: unstable Urgency: low Maintainer: Christian Bayle <[email protected]> Changed-By: Thorsten Glaser <[email protected]> Description: php-htmlpurifier - Standards-compliant HTML filter Closes: 736835 Changes: php-htmlpurifier (4.4.0+dfsg1-2) unstable; urgency=low . [ Martin von Wittich ] * Fix undefined array index deref (Closes: #736835) . [ Thorsten Glaser ] * Remove myself from Uploaders Checksums-Sha1: f815e795156ead821de4cf5224bdeab822ccab59 2009 php-htmlpurifier_4.4.0+dfsg1-2.dsc 86736b5792ba8daca91692631ff20d144525e669 8024 php-htmlpurifier_4.4.0+dfsg1-2.debian.tar.xz ec27bf9bca069b84dd386055d80172c06f4f30ea 460828 php-htmlpurifier_4.4.0+dfsg1-2_all.deb Checksums-Sha256: 43b6161d89dd2660cc90872303c360ce8b9d51b722041811224ba46bcd210f8d 2009 php-htmlpurifier_4.4.0+dfsg1-2.dsc 2f8a89c94012d0eeaf6a4f3e9b6dc2de9d1052c28f2b1dc42d0bc5683a1c7cb0 8024 php-htmlpurifier_4.4.0+dfsg1-2.debian.tar.xz ada17447ef01c2f28926d23f436cd6269347cb3591322e9906bb374f10bff253 460828 php-htmlpurifier_4.4.0+dfsg1-2_all.deb Files: 50d729fca7fa0d23f75c034fd215e909 2009 php optional php-htmlpurifier_4.4.0+dfsg1-2.dsc d4b408c329046515215dce66442d4a20 8024 php optional php-htmlpurifier_4.4.0+dfsg1-2.debian.tar.xz 7f76f22fc151cd0170ff98ac5fcb3fec 460828 php optional php-htmlpurifier_4.4.0+dfsg1-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (MirBSD) iQIcBAEBCQAGBQJS+o+6AAoJEHa1NLLpkAfgui8P/j1ElQ9HJNBxx8SC8tOwaeNt 1NPXBTwpEJqEOqo8L4S59BZyyk4NGPMVwqW02oFL6OX7e1okUZba4HgeGK5O9tMH PgMZGD13Epq5SQjl0s+EJeJRd5TuwsE/qUf7/JD8bleYIYvbkBJlP7dVeVUeTeS4 jyrc3lnh6ZaJeY1DK7io1+rKxMVIlO5gecjjs8wkxSwdfhmtiYsDVDysXUriUUPl 4IwlDKPxbMr3p4gfMkAI4IGDV7P4UawYOsQtG/lT0JCMtmfv6UmcAIgeyiGUJVmk CraKx9wWaAVtHhQKZKFu2VpCKYibD5ICE5c1Q8smdNXvEGO28M8nhGmTSxXg9omc 6mAySjGXSK0gCxAYrlgeCwdMyyNjSCQsciJphicyqIamYi0TZbKW7pgd18OtMhBh s2ruzdAskt8g1+gnpY1P9x7t3u0gcJUpXoUs5rFhbtbIUuEkud7sC2pyDb7oA6cQ 5fy/zTG7rb0979XLWtZZJ/xCI+N8nh7wRUPTXOT/NOVDgw7Ukp8EsDHdmE4hbt4N AfARhuXGkJejyBFJZXUCi90mvkJfhAx45Wam2nU8JsenoggkYPkAJVDZuzuG1gL8 zT2DM7p7IO2sM9y/nZLNmqnbiFL3ChaWE7P4A0SiQOd3vl4CJ1thL65eGo8nklN1 3r3v5qNDDqVyATUUljsS =4Wqg -----END PGP SIGNATURE-----
--- End Message ---
