1: | <?php
|
2: |
|
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: |
|
15: | class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
16: | {
|
17: | |
18: | |
19: |
|
20: | public $name = "SafeParam";
|
21: |
|
22: | |
23: | |
24: |
|
25: | private $uri;
|
26: |
|
27: | |
28: | |
29: |
|
30: | public $wmode;
|
31: |
|
32: | public function __construct()
|
33: | {
|
34: | $this->uri = new HTMLPurifier_AttrDef_URI(true);
|
35: | $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
|
36: | }
|
37: |
|
38: | |
39: | |
40: | |
41: | |
42: | |
43: |
|
44: | public function transform($attr, $config, $context)
|
45: | {
|
46: |
|
47: |
|
48: | switch ($attr['name']) {
|
49: |
|
50: |
|
51: | case 'allowScriptAccess':
|
52: | $attr['value'] = 'never';
|
53: | break;
|
54: | case 'allowNetworking':
|
55: | $attr['value'] = 'internal';
|
56: | break;
|
57: | case 'allowFullScreen':
|
58: | if ($config->get('HTML.FlashAllowFullScreen')) {
|
59: | $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
|
60: | } else {
|
61: | $attr['value'] = 'false';
|
62: | }
|
63: | break;
|
64: | case 'wmode':
|
65: | $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
|
66: | break;
|
67: | case 'movie':
|
68: | case 'src':
|
69: | $attr['name'] = "movie";
|
70: | $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
|
71: | break;
|
72: | case 'flashvars':
|
73: |
|
74: |
|
75: | break;
|
76: |
|
77: | default:
|
78: | $attr['name'] = $attr['value'] = null;
|
79: | }
|
80: | return $attr;
|
81: | }
|
82: | }
|
83: |
|
84: |
|
85: | |