fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Absorb core functionality of stripEmbedTagForAdmin() into HTMLFilter class

Browse source
This commit is contained in:
Kijin Sung 2016-03-12 23:17:37 +09:00
parent 616d894021
commit ef6f0c839f
2 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

15
common/framework/security/htmlfilter.php
View file

@ -87,6 +87,21 @@ class HTMLFilter
return $output;
}
/**
* Remove embedded media from HTML content.
*
* @param string $input
* @param string $replacement
* @return string
*/
public static function removeEmbeddedMedia($input, $replacement = '')
{
$input = preg_replace('!<object[^>]*>(.*?</object>)?!is', $replacement, $input);
$input = preg_replace('!<embed[^>]*>(.*?</embed>)?!is', $replacement, $input);
$input = preg_replace('!<img[^>]*editor_component="multimedia_link"[^>]*>(.*?</img>)?!is', $replacement, $input);
return $input;
}
/**
* Get an instance of HTMLPurifier.
*

28
common/legacy.php
View file

@ -1012,29 +1012,31 @@ function isCrawler($agent = NULL)
*/
function stripEmbedTagForAdmin(&$content, $writer_member_srl)
{
if(!Context::get('is_logged'))
if (!Context::get('is_logged'))
{
return;
}
$oModuleModel = getModel('module');
$logged_info = Context::get('logged_info');
if($writer_member_srl != $logged_info->member_srl && ($logged_info->is_admin == "Y" || $oModuleModel->isSiteAdmin($logged_info)))
if ($logged_info->member_srl == $writer_member_srl)
{
if($writer_member_srl)
return;
}
if ($logged_info->is_admin === 'Y' || getModel('module')->isSiteAdmin($logged_info))
{
if ($writer_member_srl)
{
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($writer_member_srl);
if($member_info->is_admin == "Y")
$member_info = getModel('member')->getMemberInfoByMemberSrl($writer_member_srl);
if ($member_info && $member_info->is_admin === 'Y')
{
return;
}
}
$security_msg = "<div style='border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;'><p style='margin: 1em;'>" . lang('security_warning_embed') . "</p></div>";
$content = preg_replace('/<object[^>]+>(.*?<\/object>)?/is', $security_msg, $content);
$content = preg_replace('/<embed[^>]+>(\s*<\/embed>)?/is', $security_msg, $content);
$content = preg_replace('/<img[^>]+editor_component="multimedia_link"[^>]*>(\s*<\/img>)?/is', $security_msg, $content);
$security_msg = '<div style="border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;">' .
'<p style="margin: 1em;">' . lang('security_warning_embed') . '</p></div>';
$content = Rhymix\Framework\Security\HTMLFilter::removeEmbeddedMedia($content, $security_msg);
}
return;