aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php')
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php79
1 files changed, 0 insertions, 79 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
deleted file mode 100644
index 20664414..00000000
--- a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
+++ /dev/null
@@ -1,79 +0,0 @@
1<?php
2
3/**
4 * Validates name/value pairs in param tags to be used in safe objects. This
5 * will only allow name values it recognizes, and pre-fill certain attributes
6 * with required values.
7 *
8 * @note
9 * This class only supports Flash. In the future, Quicktime support
10 * may be added.
11 *
12 * @warning
13 * This class expects an injector to add the necessary parameters tags.
14 */
15class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
16{
17 /**
18 * @type string
19 */
20 public $name = "SafeParam";
21
22 /**
23 * @type HTMLPurifier_AttrDef_URI
24 */
25 private $uri;
26
27 public function __construct()
28 {
29 $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
30 $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
31 }
32
33 /**
34 * @param array $attr
35 * @param HTMLPurifier_Config $config
36 * @param HTMLPurifier_Context $context
37 * @return array
38 */
39 public function transform($attr, $config, $context)
40 {
41 // If we add support for other objects, we'll need to alter the
42 // transforms.
43 switch ($attr['name']) {
44 // application/x-shockwave-flash
45 // Keep this synchronized with Injector/SafeObject.php
46 case 'allowScriptAccess':
47 $attr['value'] = 'never';
48 break;
49 case 'allowNetworking':
50 $attr['value'] = 'internal';
51 break;
52 case 'allowFullScreen':
53 if ($config->get('HTML.FlashAllowFullScreen')) {
54 $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
55 } else {
56 $attr['value'] = 'false';
57 }
58 break;
59 case 'wmode':
60 $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
61 break;
62 case 'movie':
63 case 'src':
64 $attr['name'] = "movie";
65 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
66 break;
67 case 'flashvars':
68 // we're going to allow arbitrary inputs to the SWF, on
69 // the reasoning that it could only hack the SWF, not us.
70 break;
71 // add other cases to support other param name/value pairs
72 default:
73 $attr['name'] = $attr['value'] = null;
74 }
75 return $attr;
76 }
77}
78
79// vim: et sw=4 sts=4