mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

Prevent filtering of audio and video tags.

Browse Source
This commit is contained in:
Cameron
2015-06-28 16:31:02 -07:00
parent 5208107c21
commit 872be15668
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
e107_handlers/e_parse_class.php
View File

@@ -2040,7 +2040,7 @@ class e_parse extends e_parser
*/ */
public function thumbWidth($width=null) public function thumbWidth($width=null)
{ {
if($height !== null) if($width !== null)
{ {
$this->thumbWidth = intval($width); $this->thumbWidth = intval($width);
} }
@@ -2685,7 +2685,9 @@ class e_parser
'script' => array('type', 'src', 'language'), 'script' => array('type', 'src', 'language'),
'iframe' => array('id', 'src', 'frameborder', 'class', 'width', 'height', 'style'), 'iframe' => array('id', 'src', 'frameborder', 'class', 'width', 'height', 'style'),
'input' => array('type','name','value','class','style'), 'input' => array('type','name','value','class','style'),
'form' => array('action','method','target') 'form' => array('action','method','target'),
'audio' => array('src','controls', 'autoplay', 'loop', 'muted', 'preload' ),
'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width')
); );
protected $badAttrValues = array('javascript[\s]*?:','alert\(','vbscript[\s]*?:','data:text\/html', 'mhtml[\s]*?:', 'data:[\s]*?image'); protected $badAttrValues = array('javascript[\s]*?:','alert\(','vbscript[\s]*?:','data:text\/html', 'mhtml[\s]*?:', 'data:[\s]*?image');
@@ -2696,7 +2698,7 @@ class e_parser
protected $allowedTags = array('html', 'body','div','a','img','table','tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b', protected $allowedTags = array('html', 'body','div','a','img','table','tr', 'td', 'th', 'tbody', 'thead', 'colgroup', 'b',
'i', 'pre','code', 'strong', 'u', 'em','ul', 'ol', 'li','img','h1','h2','h3','h4','h5','h6','p', 'i', 'pre','code', 'strong', 'u', 'em','ul', 'ol', 'li','img','h1','h2','h3','h4','h5','h6','p',
'div','pre','section','article', 'blockquote','hgroup','aside','figure','span', 'video', 'br', 'div','pre','section','article', 'blockquote','hgroup','aside','figure','span', 'audio', 'video', 'br',
'small', 'caption', 'noscript' 'small', 'caption', 'noscript'
); );
protected $scriptTags = array('script','applet','iframe','form','input','button'); //allowed when $pref['post_script'] is enabled. protected $scriptTags = array('script','applet','iframe','form','input','button'); //allowed when $pref['post_script'] is enabled.