From d34933149f2b95f415b1b763f4fa8e729f9023ed Mon Sep 17 00:00:00 2001 From: Arcturus Date: Sat, 5 Oct 2024 05:51:34 +0900 Subject: [PATCH] patch secure: https://github.com/gnuboard/gnuboard5/commit/b7c557f44e81d212cc7086a265adad32b9195993 --- .../plugin/htmlpurifier/extend.video.php | 139 +++++++++--------- 1 file changed, 70 insertions(+), 69 deletions(-) diff --git a/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php b/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php index 5c8ec59..078037f 100644 --- a/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php +++ b/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php @@ -1,5 +1,6 @@ ]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); - $html = preg_replace_callback('/]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); - $html = preg_replace_callback('/]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); - //$html = preg_replace('##i', '', $html); - } - return $html; - } + /** + * + * @param string $html + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return string + */ + public function preFilter($html, $config, $context) + { + if (strstr($html, ']*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); + $html = preg_replace_callback('/]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); + $html = preg_replace_callback('/]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html); + //$html = preg_replace('##i', '', $html); + } + return $html; + } - public function trust_url_match($matches) - { - $str = $matches[0]; - if( $matches[1] ){ - $str = preg_replace('##i', '', $str); - } - return $str; - } - /** - * - * @param string $html - * @param HTMLPurifier_Config $config - * @param HTMLPurifier_Context $context - * @return string - */ - public function postFilter($html, $config, $context) - { - $post_regex = '#]+?)>#'; - return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html); - } + public function trust_url_match($matches) + { + $str = $matches[0]; + if ($matches[1]) { + $str = preg_replace('##i', '', $str); + } + return $str; + } + /** + * + * @param string $html + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return string + */ + public function postFilter($html, $config, $context) + { + $post_regex = '#]+?)>#'; + return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html); + } - /** - * - * @param array $matches - * @return string - */ - protected function postFilterCallback($matches) - { - // Domain Whitelist - $youTubeMatch = preg_match('#src="https?://www\.youtube(-nocookie)?\.com/#i', $matches[1]); - $vimeoMatch = preg_match('#src="https?://player\.vimeo\.com/#i', $matches[1]); - $fackbookMatch = preg_match('#src="https?://www\.facebook\.com/#i', $matches[1]); - if ($youTubeMatch || $vimeoMatch || $fackbookMatch) { - $extra = ' frameborder="0"'; - if ($youTubeMatch || $fackbookMatch) { - $extra .= ' allowfullscreen'; - } elseif ($vimeoMatch) { - $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; - } - return ''; - } else { - return ''; - } - } - } -} \ No newline at end of file + /** + * + * @param array $matches + * @return string + */ + protected function postFilterCallback($matches) + { + // Domain Whitelist + $youTubeMatch = preg_match('#src="https?://www\.youtube(-nocookie)?\.com/#i', $matches[1]); + $vimeoMatch = preg_match('#src="https?://player\.vimeo\.com/#i', $matches[1]); + $fackbookMatch = preg_match('#src="https?://www\.facebook\.com/#i', $matches[1]); + if ($youTubeMatch || $vimeoMatch || $fackbookMatch) { + $extra = ' frameborder="0"'; + if ($youTubeMatch || $fackbookMatch) { + $extra .= ' allowfullscreen'; + } elseif ($vimeoMatch) { + $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; + } + return ''; + } else { + return ''; + } + } + } +}