diff options
| author | friendica <info@friendica.com> | 2015-01-01 22:18:27 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2015-01-01 22:18:27 -0800 |
| commit | a0052f0176bd079e6a94baec59fea2ec5a8d651e (patch) | |
| tree | c323edd823681bc2e8ca757e7eaf8354d42c7b51 /library/HTMLPurifier/URIFilter/SafeIframe.php | |
| parent | 545e47933a0816699c68d98a7742a03260d6a54f (diff) | |
| download | volse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.tar.gz volse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.tar.bz2 volse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.zip | |
htmlpurifier update - compatibility issue with language library autoloader
Diffstat (limited to 'library/HTMLPurifier/URIFilter/SafeIframe.php')
| -rw-r--r-- | library/HTMLPurifier/URIFilter/SafeIframe.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/library/HTMLPurifier/URIFilter/SafeIframe.php b/library/HTMLPurifier/URIFilter/SafeIframe.php new file mode 100644 index 000000000..f609c47a3 --- /dev/null +++ b/library/HTMLPurifier/URIFilter/SafeIframe.php @@ -0,0 +1,68 @@ +<?php + +/** + * Implements safety checks for safe iframes. + * + * @warning This filter is *critical* for ensuring that %HTML.SafeIframe + * works safely. + */ +class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter +{ + /** + * @type string + */ + public $name = 'SafeIframe'; + + /** + * @type bool + */ + public $always_load = true; + + /** + * @type string + */ + protected $regexp = null; + + // XXX: The not so good bit about how this is all set up now is we + // can't check HTML.SafeIframe in the 'prepare' step: we have to + // defer till the actual filtering. + /** + * @param HTMLPurifier_Config $config + * @return bool + */ + public function prepare($config) + { + $this->regexp = $config->get('URI.SafeIframeRegexp'); + return true; + } + + /** + * @param HTMLPurifier_URI $uri + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool + */ + public function filter(&$uri, $config, $context) + { + // check if filter not applicable + if (!$config->get('HTML.SafeIframe')) { + return true; + } + // check if the filter should actually trigger + if (!$context->get('EmbeddedURI', true)) { + return true; + } + $token = $context->get('CurrentToken', true); + if (!($token && $token->name == 'iframe')) { + return true; + } + // check if we actually have some whitelists enabled + if ($this->regexp === null) { + return false; + } + // actually check the whitelists + return preg_match($this->regexp, $uri->toString()); + } +} + +// vim: et sw=4 sts=4 |