| 1: | <?php
|
| 2: |
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: | |
| 8: | |
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: | |
| 14: |
|
| 15: | class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
| 16: | {
|
| 17: | |
| 18: | |
| 19: |
|
| 20: | public $name = "SafeParam";
|
| 21: |
|
| 22: | |
| 23: | |
| 24: |
|
| 25: | private $uri;
|
| 26: |
|
| 27: | |
| 28: | |
| 29: |
|
| 30: | public $wmode;
|
| 31: |
|
| 32: | public function __construct()
|
| 33: | {
|
| 34: | $this->uri = new HTMLPurifier_AttrDef_URI(true);
|
| 35: | $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
|
| 36: | }
|
| 37: |
|
| 38: | |
| 39: | |
| 40: | |
| 41: | |
| 42: | |
| 43: |
|
| 44: | public function transform($attr, $config, $context)
|
| 45: | {
|
| 46: |
|
| 47: |
|
| 48: | switch ($attr['name']) {
|
| 49: |
|
| 50: |
|
| 51: | case 'allowScriptAccess':
|
| 52: | $attr['value'] = 'never';
|
| 53: | break;
|
| 54: | case 'allowNetworking':
|
| 55: | $attr['value'] = 'internal';
|
| 56: | break;
|
| 57: | case 'allowFullScreen':
|
| 58: | if ($config->get('HTML.FlashAllowFullScreen')) {
|
| 59: | $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
|
| 60: | } else {
|
| 61: | $attr['value'] = 'false';
|
| 62: | }
|
| 63: | break;
|
| 64: | case 'wmode':
|
| 65: | $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
|
| 66: | break;
|
| 67: | case 'movie':
|
| 68: | case 'src':
|
| 69: | $attr['name'] = "movie";
|
| 70: | $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
|
| 71: | break;
|
| 72: | case 'flashvars':
|
| 73: |
|
| 74: |
|
| 75: | break;
|
| 76: |
|
| 77: | default:
|
| 78: | $attr['name'] = $attr['value'] = null;
|
| 79: | }
|
| 80: | return $attr;
|
| 81: | }
|
| 82: | }
|
| 83: |
|
| 84: |
|
| 85: | |