harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some much needed work on oembed security

Browse Source
This commit is contained in:
redmatrix
2016-05-01 19:19:17 -07:00
parent 84d93cca6e
commit cd518625bf
8 changed files with 279 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
include/text.php
View File

@@ -122,7 +122,7 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
function purify_html($s) {
function purify_html($s, $allow_position) {
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
@@ -202,6 +202,35 @@ function purify_html($s) {
$def->addElement('header', 'Block', 'Flow', 'Common');
$def->addElement('footer', 'Block', 'Flow', 'Common');
if($allow_position) {
$cssDefinition = $config->getCSSDefinition();
$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);
$cssDefinition->info['left'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
$cssDefinition->info['right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
$cssDefinition->info['top'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
$cssDefinition->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
}
$purifier = new HTMLPurifier($config);
return $purifier->purify($s);