Files
admin
doz
html2pdf_v4.03
htmlpurifier-4.10.0
art
benchmarks
configdoc
docs
extras
library
HTMLPurifier
AttrDef
AttrTransform
Background.php
BdoDir.php
BgColor.php
BoolToCSS.php
Border.php
EnumToCSS.php
ImgRequired.php
ImgSpace.php
Input.php
Lang.php
Length.php
Name.php
NameSync.php
Nofollow.php
SafeEmbed.php
SafeObject.php
SafeParam.php
ScriptRequired.php
TargetBlank.php
TargetNoopener.php
TargetNoreferrer.php
Textarea.php
ChildDef
ConfigSchema
DefinitionCache
EntityLookup
Filter
HTMLModule
Injector
Language
Lexer
Node
Printer
Strategy
TagTransform
Token
URIFilter
URIScheme
VarParser
Arborize.php
AttrCollections.php
AttrDef.php
AttrTransform.php
AttrTypes.php
AttrValidator.php
Bootstrap.php
CSSDefinition.php
ChildDef.php
Config.php
ConfigSchema.php
ContentSets.php
Context.php
Definition.php
DefinitionCache.php
DefinitionCacheFactory.php
Doctype.php
DoctypeRegistry.php
ElementDef.php
Encoder.php
EntityLookup.php
EntityParser.php
ErrorCollector.php
ErrorStruct.php
Exception.php
Filter.php
Generator.php
HTMLDefinition.php
HTMLModule.php
HTMLModuleManager.php
IDAccumulator.php
Injector.php
Language.php
LanguageFactory.php
Length.php
Lexer.php
Node.php
PercentEncoder.php
Printer.php
PropertyList.php
PropertyListIterator.php
Queue.php
Strategy.php
StringHash.php
StringHashParser.php
TagTransform.php
Token.php
TokenFactory.php
URI.php
URIDefinition.php
URIFilter.php
URIParser.php
URIScheme.php
URISchemeRegistry.php
UnitConverter.php
VarParser.php
VarParserException.php
Zipper.php
HTMLPurifier.auto.php
HTMLPurifier.autoload-legacy.php
HTMLPurifier.autoload.php
HTMLPurifier.composer.php
HTMLPurifier.func.php
HTMLPurifier.includes.php
HTMLPurifier.kses.php
HTMLPurifier.path.php
HTMLPurifier.php
HTMLPurifier.safe-includes.php
maintenance
plugins
smoketests
tests
.gitattributes
.gitignore
.travis.yml
CREDITS
Doxyfile
INSTALL
INSTALL.fr.utf8
LICENSE
NEWS
README.md
TODO
VERSION
WHATSNEW
WYSIWYG
composer.json
phpdoc.ini
images
prints
prints3
stud
Kennwortwechsel.php
Konzept Schwerpunktthemen.docx
hauptframe.php
index.php
index_alt.php
index_db.php
index_frame.htm
index_ldap.php
login.php
logout.php
menuframe.htm
styles_pc.css
topframe.php
2023-02-27 11:44:33 +01:00

80 lines
2.6 KiB
PHP
Executable File

<?php
/**
* Validates name/value pairs in param tags to be used in safe objects. This
* will only allow name values it recognizes, and pre-fill certain attributes
* with required values.
*
* @note
* This class only supports Flash. In the future, Quicktime support
* may be added.
*
* @warning
* This class expects an injector to add the necessary parameters tags.
*/
class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
{
/**
* @type string
*/
public $name = "SafeParam";
/**
* @type HTMLPurifier_AttrDef_URI
*/
private $uri;
public function __construct()
{
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}
/**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
// If we add support for other objects, we'll need to alter the
// transforms.
switch ($attr['name']) {
// application/x-shockwave-flash
// Keep this synchronized with Injector/SafeObject.php
case 'allowScriptAccess':
$attr['value'] = 'never';
break;
case 'allowNetworking':
$attr['value'] = 'internal';
break;
case 'allowFullScreen':
if ($config->get('HTML.FlashAllowFullScreen')) {
$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
} else {
$attr['value'] = 'false';
}
break;
case 'wmode':
$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
case 'src':
$attr['name'] = "movie";
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
case 'flashvars':
// we're going to allow arbitrary inputs to the SWF, on
// the reasoning that it could only hack the SWF, not us.
break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;
}
return $attr;
}
}
// vim: et sw=4 sts=4