diff options
| author | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-18 17:50:05 +0100 |
|---|---|---|
| committer | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-26 00:41:27 +0100 |
| commit | f718e2b0db0fe3477212a8dd6c3ec067f4432862 (patch) | |
| tree | 8dfbd3b3d4bdcd967b50f1ee4655440bcdef5bb8 /library/HTMLPurifier/AttrTransform/SafeParam.php | |
| parent | 2115eb26a7fd2ca937286bd4e98ab74c7d6e9525 (diff) | |
| download | volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.gz volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.bz2 volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.zip | |
:arrow_up: Update HTML Purifier library.
Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility.
Used composer to manage this library.
Diffstat (limited to 'library/HTMLPurifier/AttrTransform/SafeParam.php')
| -rw-r--r-- | library/HTMLPurifier/AttrTransform/SafeParam.php | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/library/HTMLPurifier/AttrTransform/SafeParam.php b/library/HTMLPurifier/AttrTransform/SafeParam.php deleted file mode 100644 index 1143b4b49..000000000 --- a/library/HTMLPurifier/AttrTransform/SafeParam.php +++ /dev/null @@ -1,79 +0,0 @@ -<?php - -/** - * Validates name/value pairs in param tags to be used in safe objects. This - * will only allow name values it recognizes, and pre-fill certain attributes - * with required values. - * - * @note - * This class only supports Flash. In the future, Quicktime support - * may be added. - * - * @warning - * This class expects an injector to add the necessary parameters tags. - */ -class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform -{ - /** - * @type string - */ - public $name = "SafeParam"; - - /** - * @type HTMLPurifier_AttrDef_URI - */ - private $uri; - - public function __construct() - { - $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded - $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); - } - - /** - * @param array $attr - * @param HTMLPurifier_Config $config - * @param HTMLPurifier_Context $context - * @return array - */ - public function transform($attr, $config, $context) - { - // If we add support for other objects, we'll need to alter the - // transforms. - switch ($attr['name']) { - // application/x-shockwave-flash - // Keep this synchronized with Injector/SafeObject.php - case 'allowScriptAccess': - $attr['value'] = 'never'; - break; - case 'allowNetworking': - $attr['value'] = 'internal'; - break; - case 'allowFullScreen': - if ($config->get('HTML.FlashAllowFullScreen')) { - $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; - } else { - $attr['value'] = 'false'; - } - break; - case 'wmode': - $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); - break; - case 'movie': - case 'src': - $attr['name'] = "movie"; - $attr['value'] = $this->uri->validate($attr['value'], $config, $context); - break; - case 'flashvars': - // we're going to allow arbitrary inputs to the SWF, on - // the reasoning that it could only hack the SWF, not us. - break; - // add other cases to support other param name/value pairs - default: - $attr['name'] = $attr['value'] = null; - } - return $attr; - } -} - -// vim: et sw=4 sts=4 |