diff options
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php new file mode 100644 index 00000000..5ecb9567 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php | |||
@@ -0,0 +1,68 @@ | |||
1 | <?php | ||
2 | |||
3 | /** | ||
4 | * Implements safety checks for safe iframes. | ||
5 | * | ||
6 | * @warning This filter is *critical* for ensuring that %HTML.SafeIframe | ||
7 | * works safely. | ||
8 | */ | ||
9 | class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter | ||
10 | { | ||
11 | /** | ||
12 | * @type string | ||
13 | */ | ||
14 | public $name = 'SafeIframe'; | ||
15 | |||
16 | /** | ||
17 | * @type bool | ||
18 | */ | ||
19 | public $always_load = true; | ||
20 | |||
21 | /** | ||
22 | * @type string | ||
23 | */ | ||
24 | protected $regexp = null; | ||
25 | |||
26 | // XXX: The not so good bit about how this is all set up now is we | ||
27 | // can't check HTML.SafeIframe in the 'prepare' step: we have to | ||
28 | // defer till the actual filtering. | ||
29 | /** | ||
30 | * @param HTMLPurifier_Config $config | ||
31 | * @return bool | ||
32 | */ | ||
33 | public function prepare($config) | ||
34 | { | ||
35 | $this->regexp = $config->get('URI.SafeIframeRegexp'); | ||
36 | return true; | ||
37 | } | ||
38 | |||
39 | /** | ||
40 | * @param HTMLPurifier_URI $uri | ||
41 | * @param HTMLPurifier_Config $config | ||
42 | * @param HTMLPurifier_Context $context | ||
43 | * @return bool | ||
44 | */ | ||
45 | public function filter(&$uri, $config, $context) | ||
46 | { | ||
47 | // check if filter not applicable | ||
48 | if (!$config->get('HTML.SafeIframe')) { | ||
49 | return true; | ||
50 | } | ||
51 | // check if the filter should actually trigger | ||
52 | if (!$context->get('EmbeddedURI', true)) { | ||
53 | return true; | ||
54 | } | ||
55 | $token = $context->get('CurrentToken', true); | ||
56 | if (!($token && $token->name == 'iframe')) { | ||
57 | return true; | ||
58 | } | ||
59 | // check if we actually have some whitelists enabled | ||
60 | if ($this->regexp === null) { | ||
61 | return false; | ||
62 | } | ||
63 | // actually check the whitelists | ||
64 | return preg_match($this->regexp, $uri->toString()); | ||
65 | } | ||
66 | } | ||
67 | |||
68 | // vim: et sw=4 sts=4 | ||