mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 05:07:27 +02:00
Code Issues Releases Wiki Activity

Fixes #3793 TinyMce video tags fix and expansion of allowed attributes.

Browse Source
This commit is contained in:
Cameron
2020-05-05 10:14:38 -07:00
parent 14e8a28d2d
commit 25f580ce2f
2 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
e107_handlers/e_parse_class.php
View File

@@ -3821,21 +3821,22 @@ class e_parser
protected $nodesToDisableSC = array(); protected $nodesToDisableSC = array();
protected $pathList = array(); protected $pathList = array();
protected $allowedAttributes = array( protected $allowedAttributes = array(
'default' => array('id', 'style', 'class'), 'default' => array('id', 'style', 'class', 'title', 'lang', 'accesskey'),
'img' => array('id', 'src', 'style', 'class', 'alt', 'title', 'width', 'height'), 'img' => array('src', 'alt', 'width', 'height'),
'a' => array('id', 'href', 'style', 'class', 'title', 'target', 'rel'), 'a' => array('href', 'target', 'rel'),
'script' => array('type', 'src', 'language', 'async'), 'script' => array('type', 'src', 'language', 'async'),
'iframe' => array('id', 'src', 'frameborder', 'class', 'width', 'height', 'style'), 'iframe' => array('src', 'frameborder', 'width', 'height'),
'input' => array('type','name','value','class','style'), 'input' => array('type','name','value'),
'form' => array('action','method','target'), 'form' => array('action','method','target'),
'audio' => array('src','controls', 'autoplay', 'loop', 'muted', 'preload' ), 'audio' => array('src','controls', 'autoplay', 'loop', 'muted', 'preload' ),
'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'), 'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'),
'td' => array('id', 'style', 'class', 'colspan', 'rowspan'), 'td' => array('colspan', 'rowspan'),
'th' => array('id', 'style', 'class', 'colspan', 'rowspan'), 'th' => array('colspan', 'rowspan'),
'col' => array('id', 'span', 'class','style'), 'col' => array('span'),
'embed' => array('id', 'src', 'style', 'class', 'wmode', 'type', 'title', 'width', 'height'), 'embed' => array('src', 'wmode', 'type', 'width', 'height'),
'x-bbcode' => array('alt'), 'x-bbcode' => array('alt'),
'label' => array('for'), 'label' => array('for'),
'source' => array('media', 'sizes', 'src', 'srcset', 'type'),
); );
@@ -3847,7 +3848,7 @@ class e_parser
protected $allowedTags = array('html', 'body','div','a','img','table','tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b', protected $allowedTags = array('html', 'body','div','a','img','table','tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b',
'i', 'pre','code', 'strong', 'u', 'em','ul', 'ol', 'li','img','h1','h2','h3','h4','h5','h6','p', 'i', 'pre','code', 'strong', 'u', 'em','ul', 'ol', 'li','img','h1','h2','h3','h4','h5','h6','p',
'div','pre','section','article', 'blockquote','hgroup','aside','figure','figcaption', 'abbr','span', 'audio', 'video', 'br', 'div','pre','section','article', 'blockquote','hgroup','aside','figure','figcaption', 'abbr','span', 'audio', 'video', 'source', 'br',
'small', 'caption', 'noscript', 'hr', 'section', 'iframe', 'sub', 'sup', 'cite', 'x-bbcode', 'label' 'small', 'caption', 'noscript', 'hr', 'section', 'iframe', 'sub', 'sup', 'cite', 'x-bbcode', 'label'
); );
protected $scriptTags = array('script','applet','form','input','button', 'embed', 'object', 'ins', 'select','textarea'); //allowed when $pref['post_script'] is enabled. protected $scriptTags = array('script','applet','form','input','button', 'embed', 'object', 'ins', 'select','textarea'); //allowed when $pref['post_script'] is enabled.
@@ -3869,12 +3870,35 @@ class e_parser
{ {
$this->init(); $this->init();
$this->compileAttributeDefaults();
/* /*
$meths = get_class_methods('DomDocument'); $meths = get_class_methods('DomDocument');
sort($meths); sort($meths);
print_a($meths); print_a($meths);
*/ */
} }
/**
* Merge default 'global' attributes into assigned tags.
*/
private function compileAttributeDefaults()
{
foreach($this->allowedAttributes as $tag=>$array)
{
if($tag === 'default')
{
continue;
}
foreach($this->allowedAttributes['default'] as $def)
{
$this->allowedAttributes[$tag][] = $def;
}
}
}
/** /**
* Used by e_parse to start * Used by e_parse to start

16
e107_tests/tests/unit/e_parseTest.php
View File

@@ -25,6 +25,7 @@
$this->assertTrue(false, "Couldn't load e_parser object"); $this->assertTrue(false, "Couldn't load e_parser object");
} }
$this->tp->__construct();
} }
/* /*
public function testHtmlAbuseFilter() public function testHtmlAbuseFilter()
@@ -635,12 +636,16 @@ while($row = $sql->fetch())
$result = $this->tp->getScriptAccess(); $result = $this->tp->getScriptAccess();
$this->assertFalse($result); $this->assertFalse($result);
} }
/*
public function testSetAllowedAttributes() public function testGetAllowedAttributes()
{ {
$result = $this->tp->getAllowedAttributes();
$true = is_array($result) && in_array('style',$result['img']);
$this->assertTrue($true);
} }
/*
public function testSetScriptTags() public function testSetScriptTags()
{ {
@@ -1114,6 +1119,11 @@ while($row = $sql->fetch())
'expected' => "<pre>/* &#123;THEME_PREF: code=header_width&amp;default=container&#125; */</pre>", 'expected' => "<pre>/* &#123;THEME_PREF: code=header_width&amp;default=container&#125; */</pre>",
), ),
13 => array(
'html' => '<div class="video-responsive"><div class="video-responsive"><video width="320" height="240" controls="controls"><source src="e107_media/xxxxx5/videos/2018-07/SampleVideo.mp4" type="video/mp4">Your browser does not support the video tag.</video></div></div>',
'expected' => '<div class="video-responsive"><div class="video-responsive"><video width="320" height="240" controls="controls"><source src="e107_media/xxxxx5/videos/2018-07/SampleVideo.mp4" type="video/mp4">Your browser does not support the video tag.</source></video></div></div>'
),
); );