XOOPS 2.5.6
Final
Main Page
Related Pages
Classes
Files
Examples
File List
File Members
All
Classes
Namespaces
Files
Functions
Variables
Pages
SafeParam.php
Go to the documentation of this file.
1
<?php
2
15
class
HTMLPurifier_AttrTransform_SafeParam
extends
HTMLPurifier_AttrTransform
16
{
17
public
$name
=
"SafeParam"
;
18
private
$uri
;
19
20
public
function
__construct
() {
21
$this->uri =
new
HTMLPurifier_AttrDef_URI
(
true
);
// embedded
22
$this->wmode =
new
HTMLPurifier_AttrDef_Enum
(array(
'window'
,
'opaque'
,
'transparent'
));
23
}
24
25
public
function
transform
($attr,
$config
, $context) {
26
// If we add support for other objects, we'll need to alter the
27
// transforms.
28
switch
($attr[
'name'
]) {
29
// application/x-shockwave-flash
30
// Keep this synchronized with Injector/SafeObject.php
31
case
'allowScriptAccess'
:
32
$attr[
'value'
] =
'never'
;
33
break
;
34
case
'allowNetworking'
:
35
$attr[
'value'
] =
'internal'
;
36
break
;
37
case
'allowFullScreen'
:
38
if
(
$config
->get(
'HTML.FlashAllowFullScreen'
)) {
39
$attr[
'value'
] = ($attr[
'value'
] ==
'true'
) ?
'true'
:
'false'
;
40
}
else
{
41
$attr[
'value'
] =
'false'
;
42
}
43
break
;
44
case
'wmode'
:
45
$attr[
'value'
] = $this->wmode->validate($attr[
'value'
],
$config
, $context);
46
break
;
47
case
'movie'
:
48
case
'src'
:
49
$attr[
'name'
] =
"movie"
;
50
$attr[
'value'
] = $this->uri->validate($attr[
'value'
],
$config
, $context);
51
break
;
52
case
'flashvars'
:
53
// we're going to allow arbitrary inputs to the SWF, on
54
// the reasoning that it could only hack the SWF, not us.
55
break
;
56
// add other cases to support other param name/value pairs
57
default
:
58
$attr[
'name'
] = $attr[
'value'
] = null;
59
}
60
return
$attr;
61
}
62
}
63
64
// vim: et sw=4 sts=4
L:
0xoops
xoops-2.5.6
htdocs
xoops_lib
modules
protector
library
HTMLPurifier
AttrTransform
SafeParam.php
Generated on Fri May 10 2013 01:04:30 for XOOPS 2.5.6 by
1.8.3.1