fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Also apply embed filter to <audio> and <video> tags

Browse source
This commit is contained in:
Kijin Sung 2016-03-14 15:32:39 +09:00
parent 19ad1d1ac4
commit 804fd0515b
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common/framework/security/htmlfilter.php
View file

@ -401,11 +401,12 @@ class HTMLFilter
// Remove object and embed URLs that are not allowed.
$whitelist = MediaFilter::getObjectWhitelistRegex();
$content = preg_replace_callback('!<(object|embed|param)([^>]+)>!i', function($matches) use($whitelist) {
$content = preg_replace_callback('!<(object|embed|param|audio|video|source|track)([^>]+)>!i', function($matches) use($whitelist) {
return preg_replace_callback('!([a-zA-Z0-9_-]+)="([^"]+)"!', function($attr) use($whitelist) {
if (in_array($attr[1], array('data', 'src', 'href', 'url', 'movie', 'source')))
{
if (!preg_match($whitelist, htmlspecialchars_decode($attr[2])))
$url = trim(htmlspecialchars_decode($attr[2]));
if (preg_match('!^(https?:)?//!i', $url) && !preg_match($whitelist, $url))
{
return $attr[1] . '=""';
}