Package: php-htmlpurifier
Version: 4.4.0+dfsg1-1
Severity: normal
Dear Maintainer,
the following code raises a notice:
<?
require_once "HTMLPurifier.auto.php";
$cfg = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($cfg);
echo $purifier->purify("<font color='Green'>test</font>");
?>
Notice: Undefined index: Green in
/usr/share/php-htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
on line 17
This is caued by a bug in
/usr/share/php-htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
on line 17 - the code use strtolower($string) to check for the existence
of an array element, but then uses $string to access it.
if (isset($colors[strtolower($string)])) return $colors[$string];
The issue is apparently already resolved upstream, because the most
recent version uses strtolower in both cases. I've attached a small
patch that fixes the issue in the current Debian version.
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.10-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php-htmlpurifier depends on:
ii php5 5.4.4-14+deb7u7
Versions of packages php-htmlpurifier recommends:
ii php5-cli 5.4.4-14+deb7u7
php-htmlpurifier suggests no packages.
-- no debconf information
--- Color.php.orig 2012-01-19 01:24:10.000000000 +0100
+++ Color.php 2014-01-27 12:48:27.000000000 +0100
@@ -14,7 +14,7 @@
$string = trim($string);
if (empty($string)) return false;
- if (isset($colors[strtolower($string)])) return $colors[$string];
+ if (isset($colors[strtolower($string)])) return $colors[strtolower($string)];
if ($string[0] === '#') $hex = substr($string, 1);
else $hex = $string;
