From 072f0ff1ceeff6109ff854e0eaf2e2b536ab4ae4 Mon Sep 17 00:00:00 2001
From: bnu <bnufactory@gmail.com>
Date: Fri, 3 Jan 2014 20:19:07 +0900
Subject: [PATCH] SECISSUE

---
 classes/security/EmbedFilter.class.php | 21 +++------------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/classes/security/EmbedFilter.class.php b/classes/security/EmbedFilter.class.php
index 15f6e1ae8..1913963af 100644
--- a/classes/security/EmbedFilter.class.php
+++ b/classes/security/EmbedFilter.class.php
@@ -347,12 +347,7 @@ class EmbedFilter
 					}
 				}
 
-				if($isWhiteDomain && $isWhiteMimetype && $ext)
-				{
-					$isWhiteExt = $this->isWhiteExt($ext);
-				}
-
-				if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
+				if(!$isWhiteDomain || !$isWhiteMimetype)
 				{
 					$content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT, 'UTF-8', false), $content);
 				}
@@ -400,12 +395,7 @@ class EmbedFilter
 					}
 				}
 
-				if($isWhiteDomain && $isWhiteMimetype && $ext)
-				{
-					$isWhiteExt = $this->isWhiteExt($ext);
-				}
-
-				if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
+				if(!$isWhiteDomain || !$isWhiteMimetype)
 				{
 					$content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT, 'UTF-8', false), $content);
 				}
@@ -483,12 +473,7 @@ class EmbedFilter
 							$ext = strtolower(substr(strrchr($parser->iNodeAttributes['value'], "."), 1));
 							$isWhiteDomain = $this->isWhiteDomain($parser->iNodeAttributes['value']);
 
-							if($isWhiteDomain && $ext)
-							{
-								$isWhiteExt = $this->isWhiteExt($ext);
-							}
-
-							if(!$isWhiteDomain || !$isWhiteExt)
+							if(!$isWhiteDomain)
 							{
 								$content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT, 'UTF-8', false), $content);
 							}