diff options
author | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-18 17:50:05 +0100 |
---|---|---|
committer | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-26 00:41:27 +0100 |
commit | f718e2b0db0fe3477212a8dd6c3ec067f4432862 (patch) | |
tree | 8dfbd3b3d4bdcd967b50f1ee4655440bcdef5bb8 /vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php | |
parent | 2115eb26a7fd2ca937286bd4e98ab74c7d6e9525 (diff) | |
download | volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.gz volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.bz2 volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.zip |
:arrow_up: Update HTML Purifier library.
Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility.
Used composer to manage this library.
Diffstat (limited to 'vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php')
-rw-r--r-- | vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php new file mode 100644 index 000000000..f609c47a3 --- /dev/null +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php @@ -0,0 +1,68 @@ +<?php + +/** + * Implements safety checks for safe iframes. + * + * @warning This filter is *critical* for ensuring that %HTML.SafeIframe + * works safely. + */ +class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter +{ + /** + * @type string + */ + public $name = 'SafeIframe'; + + /** + * @type bool + */ + public $always_load = true; + + /** + * @type string + */ + protected $regexp = null; + + // XXX: The not so good bit about how this is all set up now is we + // can't check HTML.SafeIframe in the 'prepare' step: we have to + // defer till the actual filtering. + /** + * @param HTMLPurifier_Config $config + * @return bool + */ + public function prepare($config) + { + $this->regexp = $config->get('URI.SafeIframeRegexp'); + return true; + } + + /** + * @param HTMLPurifier_URI $uri + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool + */ + public function filter(&$uri, $config, $context) + { + // check if filter not applicable + if (!$config->get('HTML.SafeIframe')) { + return true; + } + // check if the filter should actually trigger + if (!$context->get('EmbeddedURI', true)) { + return true; + } + $token = $context->get('CurrentToken', true); + if (!($token && $token->name == 'iframe')) { + return true; + } + // check if we actually have some whitelists enabled + if ($this->regexp === null) { + return false; + } + // actually check the whitelists + return preg_match($this->regexp, $uri->toString()); + } +} + +// vim: et sw=4 sts=4 |