1 files changed, 121 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
new file mode 100644
index 00000000..8450948c
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * Adds important param elements to inside of object in order to make
+ * things safe.
+ */
+class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
+{
+    /**
+     * @type string
+     */
+    public $name = 'SafeObject';
+    /**
+     * @type array
+     */
+    public $needed = array('object', 'param');
+    /**
+     * @type array
+     */
+    protected $objectStack = array();
+    /**
+     * @type array
+     */
+    protected $paramStack = array();
+    /**
+     * Keep this synchronized with AttrTransform/SafeParam.php.
+     * @type array
+     */
+    protected $addParam = array(
+        'allowScriptAccess' => 'never',
+        'allowNetworking' => 'internal',
+    );
+    /**
+     * @type array
+     */
+    protected $allowedParam = array(
+        'wmode' => true,
+        'movie' => true,
+        'flashvars' => true,
+        'src' => true,
+        'allowFullScreen' => true, // if omitted, assume to be 'false'
+    );
+    /**
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return void
+     */
+    public function prepare($config, $context)
+    {
+        parent::prepare($config, $context);
+    }
+    /**
+     * @param HTMLPurifier_Token $token
+     */
+    public function handleElement(&$token)
+    {
+        if ($token->name == 'object') {
+            $this->objectStack[] = $token;
+            $this->paramStack[] = array();
+            $new = array($token);
+            foreach ($this->addParam as $name => $value) {
+                $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
+            }
+            $token = $new;
+        } elseif ($token->name == 'param') {
+            $nest = count($this->currentNesting) - 1;
+            if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
+                $i = count($this->objectStack) - 1;
+                if (!isset($token->attr['name'])) {
+                    $token = false;
+                    return;
+                }
+                $n = $token->attr['name'];
+                // We need this fix because YouTube doesn't supply a data
+                // attribute, which we need if a type is specified. This is
+                // *very* Flash specific.
+                if (!isset($this->objectStack[$i]->attr['data']) &&
+                    ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
+                ) {
+                    $this->objectStack[$i]->attr['data'] = $token->attr['value'];
+                }
+                // Check if the parameter is the correct value but has not
+                // already been added
+                if (!isset($this->paramStack[$i][$n]) &&
+                    isset($this->addParam[$n]) &&
+                    $token->attr['name'] === $this->addParam[$n]) {
+                    // keep token, and add to param stack
+                    $this->paramStack[$i][$n] = true;
+                } elseif (isset($this->allowedParam[$n])) {
+                    // keep token, don't do anything to it
+                    // (could possibly check for duplicates here)
+                } else {
+                    $token = false;
+                }
+            } else {
+                // not directly inside an object, DENY!
+                $token = false;
+            }
+        }
+    }
+    public function handleEnd(&$token)
+    {
+        // This is the WRONG way of handling the object and param stacks;
+        // we should be inserting them directly on the relevant object tokens
+        // so that the global stack handling handles it.
+        if ($token->name == 'object') {
+            array_pop($this->objectStack);
+            array_pop($this->paramStack);
+        }
+    }
+}
+// vim: et sw=4 sts=4

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php new file mode 100644 index 00000000..8450948c --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
@@ -0,0 +1,121 @@
	1	<?php
	2
	3	/**
	4	* Adds important param elements to inside of object in order to make
	5	* things safe.
	6	*/
	7	class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
	8	{
	9	/**
	10	* @type string
	11	*/
	12	public $name = 'SafeObject';
	13
	14	/**
	15	* @type array
	16	*/
	17	public $needed = array('object', 'param');
	18
	19	/**
	20	* @type array
	21	*/
	22	protected $objectStack = array();
	23
	24	/**
	25	* @type array
	26	*/
	27	protected $paramStack = array();
	28
	29	/**
	30	* Keep this synchronized with AttrTransform/SafeParam.php.
	31	* @type array
	32	*/
	33	protected $addParam = array(
	34	'allowScriptAccess' => 'never',
	35	'allowNetworking' => 'internal',
	36	);
	37
	38	/**
	39	* @type array
	40	*/
	41	protected $allowedParam = array(
	42	'wmode' => true,
	43	'movie' => true,
	44	'flashvars' => true,
	45	'src' => true,
	46	'allowFullScreen' => true, // if omitted, assume to be 'false'
	47	);
	48
	49	/**
	50	* @param HTMLPurifier_Config $config
	51	* @param HTMLPurifier_Context $context
	52	* @return void
	53	*/
	54	public function prepare($config, $context)
	55	{
	56	parent::prepare($config, $context);
	57	}
	58
	59	/**
	60	* @param HTMLPurifier_Token $token
	61	*/
	62	public function handleElement(&$token)
	63	{
	64	if ($token->name == 'object') {
	65	$this->objectStack[] = $token;
	66	$this->paramStack[] = array();
	67	$new = array($token);
	68	foreach ($this->addParam as $name => $value) {
	69	$new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
	70	}
	71	$token = $new;
	72	} elseif ($token->name == 'param') {
	73	$nest = count($this->currentNesting) - 1;
	74	if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
	75	$i = count($this->objectStack) - 1;
	76	if (!isset($token->attr['name'])) {
	77	$token = false;
	78	return;
	79	}
	80	$n = $token->attr['name'];
	81	// We need this fix because YouTube doesn't supply a data
	82	// attribute, which we need if a type is specified. This is
	83	// very Flash specific.
	84	if (!isset($this->objectStack[$i]->attr['data']) &&
	85	($token->attr['name'] == 'movie' \|\| $token->attr['name'] == 'src')
	86	) {
	87	$this->objectStack[$i]->attr['data'] = $token->attr['value'];
	88	}
	89	// Check if the parameter is the correct value but has not
	90	// already been added
	91	if (!isset($this->paramStack[$i][$n]) &&
	92	isset($this->addParam[$n]) &&
	93	$token->attr['name'] === $this->addParam[$n]) {
	94	// keep token, and add to param stack
	95	$this->paramStack[$i][$n] = true;
	96	} elseif (isset($this->allowedParam[$n])) {
	97	// keep token, don't do anything to it
	98	// (could possibly check for duplicates here)
	99	} else {
	100	$token = false;
	101	}
	102	} else {
	103	// not directly inside an object, DENY!
	104	$token = false;
	105	}
	106	}
	107	}
	108
	109	public function handleEnd(&$token)
	110	{
	111	// This is the WRONG way of handling the object and param stacks;
	112	// we should be inserting them directly on the relevant object tokens
	113	// so that the global stack handling handles it.
	114	if ($token->name == 'object') {
	115	array_pop($this->objectStack);
	116	array_pop($this->paramStack);
	117	}
	118	}
	119	}
	120
	121	// vim: et sw=4 sts=4