fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-12 05:22:35 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix incorrect generation of whitelist regexp

Browse source
This commit is contained in:
Kijin Sung 2016-01-12 19:23:27 +09:00
parent 2be2e8e73e
commit 5196ddaf83
1 changed files with 7 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

31
classes/security/Purifier.class.php
View file

@ -26,20 +26,17 @@ class Purifier
private function _setConfig() private function _setConfig()
{ {
$whiteDomainRegex = $this->_getWhiteDomainRegx();
//$allowdClasses = array('emoticon');
$this->_config = HTMLPurifier_Config::createDefault(); $this->_config = HTMLPurifier_Config::createDefault();
$this->_config->set('HTML.TidyLevel', 'light'); $this->_config->set('HTML.TidyLevel', 'light');
$this->_config->set('Output.FlashCompat', TRUE); $this->_config->set('Output.FlashCompat', TRUE);
$this->_config->set('HTML.SafeObject', TRUE); $this->_config->set('HTML.SafeObject', TRUE);
$this->_config->set('HTML.SafeEmbed', TRUE); $this->_config->set('HTML.SafeEmbed', TRUE);
$this->_config->set('HTML.SafeIframe', TRUE); $this->_config->set('HTML.SafeIframe', TRUE);
$this->_config->set('URI.SafeIframeRegexp', $whiteDomainRegex); $this->_config->set('URI.SafeIframeRegexp', $this->_getWhiteDomainRegexp());
$this->_config->set('Cache.SerializerPath', $this->_cacheDir); $this->_config->set('Cache.SerializerPath', $this->_cacheDir);
$this->_config->set('Attr.AllowedFrameTargets', array('_blank')); $this->_config->set('Attr.AllowedFrameTargets', array('_blank'));
//$allowdClasses = array('emoticon');
//$this->_config->set('Attr.AllowedClasses', $allowdClasses); //$this->_config->set('Attr.AllowedClasses', $allowdClasses);
$this->_def = $this->_config->getHTMLDefinition(TRUE); $this->_def = $this->_config->getHTMLDefinition(TRUE);
} }
@ -135,31 +132,17 @@ class Purifier
return array_unique($attributeList); return array_unique($attributeList);
} }
private function _getWhiteDomainRegx() private function _getWhiteDomainRegexp()
{ {
$oEmbedFilter = EmbedFilter::getInstance(); $oEmbedFilter = EmbedFilter::getInstance();
$whiteIframeUrlList = $oEmbedFilter->getWhiteIframeUrlList(); $whiteIframeUrlList = $oEmbedFilter->getWhiteIframeUrlList();
$whiteDomainRegex = '%^https?://('; $whiteDomains = array();
$whiteDomainCount = count($whiteIframeUrlList); foreach($whiteIframeUrlList as $domain)
$i=1;
if(is_array($whiteIframeUrlList))
{ {
foreach($whiteIframeUrlList as $value) $whiteDomains[] = preg_quote($domain, '%');
{
$whiteDomainRegex .= $value;
if($i < $whiteDomainCount)
{
$whiteDomainRegex .= '|';
} }
$i++; return '%^https?://(' . implode('|', $whiteDomains) . ')%';
}
}
$whiteDomainRegex .= ')%';
return $whiteDomainRegex;
} }
private function _checkCacheDir() private function _checkCacheDir()