mahara-contributors team mailing list archive

Thread
Date

[Bug 1558830] Re: Set "URI.DefinitionID" and "URI.DefinitionRev" in HTMLPurifier

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Wed, 07 Mar 2018 21:08:23 -0000
Reply-to: Bug 1558830 <1558830@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
    Milestone: 18.04.0 => 18.10.0

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1558830

Title:
  Set "URI.DefinitionID" and "URI.DefinitionRev" in HTMLPurifier

Status in Mahara:
  Confirmed

Bug description:
  While working on https://bugs.launchpad.net/mahara/+bug/1558387,
  Robert pointed out to me that we don't set URI.DefinitionRev. We also
  don't set URI.DefinitionID. Although the HTMLPurifier docs say that
  URI.DefinitionID is required if you have custom URIFilters (and our
  allowed iframe list is a custom URIFilter), it looks like the fallback
  behavior is that it generates a URI.DefinitionID based on a hash of
  the config. This has the effect that a new "Revision 1" URI config
  file is generated each time the allowed iframes list changes. It also
  results in an accumulation of old URI cache files in the
  dataroot/htmlpurifier directory, since they're all Revision 1, and all
  have different IDs.

  I think the best approach here is to give the URI.DefinitionRev its
  own revision number, stored in the database, and increment it every
  time we change the allowed iframe list.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1558830/+subscriptions

References

[Bug 1558830] [NEW] Set "URI.DefinitionID" and "URI.DefinitionRev" in HTMLPurifier
From: Aaron Wells, 2016-03-17