Do not check allowscriptaccess because HTMLPurifier does it better

classes/security/EmbedFilter.class.php

@@ -3,18 +3,11 @@
 
 class EmbedFilter
 {
-
 	/**
 	 * allow script access list
 	 * @var array
 	 */
 	var $allowscriptaccessList = array();
-
-	/**
-	 * allow script access key
-	 * @var int
-	 */
-	var $allowscriptaccessKey = 0;
 	var $whiteUrlList = array();
 	var $whiteIframeUrlList = array();
 	var $mimeTypeList = array();
@@ -60,9 +53,6 @@ class EmbedFilter
 	 */
 	function check(&$content)
 	{
-		$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
-		$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
-
 		$this->checkObjectTag($content);
 		$this->checkEmbedTag($content);
 		$this->checkParamTag($content);
@@ -206,49 +196,6 @@ class EmbedFilter
 		return FALSE;
 	}
 
-	function _checkAllowScriptAccess($m)
-	{
-		if($m[1] == 'object')
-		{
-			$this->allowscriptaccessList[] = 1;
-		}
-
-		if($m[1] == 'param')
-		{
-			if(stripos($m[0], 'allowscriptaccess'))
-			{
-				$m[0] = '<param name="allowscriptaccess" value="never"';
-				if(substr($m[0], -1) == '/')
-				{
-					$m[0] .= '/';
-				}
-				$this->allowscriptaccessList[count($this->allowscriptaccessList) - 1]--;
-			}
-		}
-		else if($m[1] == 'embed')
-		{
-			if(stripos($m[0], 'allowscriptaccess'))
-			{
-				$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
-			}
-			else
-			{
-				$m[0] = preg_replace('/\<embed/i', '<embed allowscriptaccess="never"', $m[0]);
-			}
-		}
-		return $m[0];
-	}
-
-	function _addAllowScriptAccess($m)
-	{
-		if($this->allowscriptaccessList[$this->allowscriptaccessKey] == 1)
-		{
-			$m[0] = $m[0] . '<param name="allowscriptaccess" value="never"></param>';
-		}
-		$this->allowscriptaccessKey++;
-		return $m[0];
-	}
-
 	/**
 	 * Make white domain list cache file from xml config file.
 	 * @param $whitelist array