From cd518625bf561f1ed42db0b78030b74c32435136 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sun, 1 May 2016 19:19:17 -0700
Subject: some much needed work on oembed security

---
 include/text.php | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'include/text.php')

diff --git a/include/text.php b/include/text.php
index c61c5fbd4..cf2f777aa 100644
--- a/include/text.php
+++ b/include/text.php
@@ -122,7 +122,7 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
 
 
 
-function purify_html($s) {
+function purify_html($s, $allow_position) {
 	require_once('library/HTMLPurifier.auto.php');
 	require_once('include/html2bbcode.php');
 
@@ -202,6 +202,35 @@ function purify_html($s) {
 	$def->addElement('header',  'Block', 'Flow', 'Common');
 	$def->addElement('footer',  'Block', 'Flow', 'Common');
 
+
+	if($allow_position) {
+		$cssDefinition = $config->getCSSDefinition();
+
+		$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);
+
+		$cssDefinition->info['left'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$cssDefinition->info['right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$cssDefinition->info['top'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+		$cssDefinition->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+			new HTMLPurifier_AttrDef_CSS_Length(),
+			new HTMLPurifier_AttrDef_CSS_Percentage()
+		));
+
+	}
+
+
 	$purifier = new HTMLPurifier($config);
 
 	return $purifier->purify($s);
-- 
cgit v1.2.3