BenoitCier
/
Opendistrib
разклонено от Laclic/Souke
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
316 Ревизии
2 Клонове
ИН на ревизия: 095d1cd221
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '095d1cd221'
${ noResults }
Opendistrib/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php

SafeParam.php 2.5KB
Директен файл Normal View История

Ajouter au dépot le dossier "vendor"
преди 8 години
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. <?php

  2. 

  3. /**

  4.  * Validates name/value pairs in param tags to be used in safe objects. This

  5.  * will only allow name values it recognizes, and pre-fill certain attributes

  6.  * with required values.

  7.  *

  8.  * @note

  9.  *      This class only supports Flash. In the future, Quicktime support

  10.  *      may be added.

  11.  *

  12.  * @warning

  13.  *      This class expects an injector to add the necessary parameters tags.

  14.  */

  15. class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform

  16. {

  17.     /**

  18.      * @type string

  19.      */

  20.     public $name = "SafeParam";

  21. 

  22.     /**

  23.      * @type HTMLPurifier_AttrDef_URI

  24.      */

  25.     private $uri;

  26. 

  27.     public function __construct()

  28.     {

  29.         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded

  30.         $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));

  31.     }

  32. 

  33.     /**

  34.      * @param array $attr

  35.      * @param HTMLPurifier_Config $config

  36.      * @param HTMLPurifier_Context $context

  37.      * @return array

  38.      */

  39.     public function transform($attr, $config, $context)

  40.     {

  41.         // If we add support for other objects, we'll need to alter the

  42.         // transforms.

  43.         switch ($attr['name']) {

  44.             // application/x-shockwave-flash

  45.             // Keep this synchronized with Injector/SafeObject.php

  46.             case 'allowScriptAccess':

  47.                 $attr['value'] = 'never';

  48.                 break;

  49.             case 'allowNetworking':

  50.                 $attr['value'] = 'internal';

  51.                 break;

  52.             case 'allowFullScreen':

  53.                 if ($config->get('HTML.FlashAllowFullScreen')) {

  54.                     $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';

  55.                 } else {

  56.                     $attr['value'] = 'false';

  57.                 }

  58.                 break;

  59.             case 'wmode':

  60.                 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);

  61.                 break;

  62.             case 'movie':

  63.             case 'src':

  64.                 $attr['name'] = "movie";

  65.                 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);

  66.                 break;

  67.             case 'flashvars':

  68.                 // we're going to allow arbitrary inputs to the SWF, on

  69.                 // the reasoning that it could only hack the SWF, not us.

  70.                 break;

  71.             // add other cases to support other param name/value pairs

  72.             default:

  73.                 $attr['name'] = $attr['value'] = null;

  74.         }

  75.         return $attr;

  76.     }

  77. }

  78. 

  79. // vim: et sw=4 sts=4