patch secure: b7c557f44e

2024-10-05 05:51:34 +09:00 · 2024-10-05 05:51:34 +09:00 · d34933149f
commit d34933149f
parent fe5342038d
1 changed files with 70 additions and 69 deletions
--- a/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php
+++ b/AvocadoEdition_Light/plugin/htmlpurifier/extend.video.php
@ -1,5 +1,6 @@
 <?php
-if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
+if (!defined('_GNUBOARD_'))
  exit; // 개별 페이지 접근 불가
 //https://stackoverflow.com/questions/4739284/htmlpurifier-iframe-vimeo-and-youtube-video
 /**
@ -7,74 +8,74 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
 */
-if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
+if (!class_exists('HTMLPurifier_Filter_Iframevideo')) {
-	class HTMLPurifier_Filter_Iframevideo extends HTMLPurifier_Filter
+  class HTMLPurifier_Filter_Iframevideo extends HTMLPurifier_Filter
-	{
+  {
-		public $name = 'Iframevideo';
+    public $name = 'Iframevideo';
-		/**
+    /**
-		 *
+     *
-		 * @param string $html
+     * @param string $html
-		 * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Config $config
-		 * @param HTMLPurifier_Context $context
+     * @param HTMLPurifier_Context $context
-		 * @return string
+     * @return string
-		 */
+     */
-		public function preFilter($html, $config, $context)
+    public function preFilter($html, $config, $context)
-		{
+    {
-			if (strstr($html, '<iframe')) {
+      if (strstr($html, '<iframe')) {
-				$html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.youtube\.com\/embed\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
+        $html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.youtube\.com\/embed\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
-				$html = preg_replace_callback('/<iframe.*?src="https?:\/\/player\.vimeo.com\/video\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
+        $html = preg_replace_callback('/<iframe.*?src="https?:\/\/player\.vimeo.com\/video\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
-                $html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.facebook.com\/plugins\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
+        $html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.facebook.com\/plugins\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
-				//$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
+        //$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
-				//$html = preg_replace('#</iframe>#i', '</img>', $html);
+        //$html = preg_replace('#</iframe>#i', '</img>', $html);
-			}
+      }
-			return $html;
+      return $html;
-		}
+    }
-		public function trust_url_match($matches)
+    public function trust_url_match($matches)
-		{
+    {
-			$str = $matches[0];
+      $str = $matches[0];
-			if( $matches[1] ){
+      if ($matches[1]) {
-				$str = preg_replace('#<iframe#i', '<img class="Iframevideo"', $str);
+        $str = preg_replace('#<iframe#i', '<img class="Iframevideo"', $str);
-				$str = preg_replace('#</iframe>#i', '</img>', $str);
+        $str = preg_replace('#</iframe>#i', '</img>', $str);
-			}
+      }
-			return $str;
+      return $str;
-		}
+    }
-		/**
+    /**
-		 *
+     *
-		 * @param string $html
+     * @param string $html
-		 * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Config $config
-		 * @param HTMLPurifier_Context $context
+     * @param HTMLPurifier_Context $context
-		 * @return string
+     * @return string
-		 */
+     */
-		public function postFilter($html, $config, $context)
+    public function postFilter($html, $config, $context)
-		{
+    {
-			$post_regex = '#<img class="Iframevideo"([^>]+?)>#';
+      $post_regex = '#<img class="Iframevideo"([^>]+?)>#';
-			return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+      return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
-		}
+    }
-		/**
+    /**
-		 *
+     *
-		 * @param array $matches
+     * @param array $matches
-		 * @return string
+     * @return string
-		 */
+     */
-		protected function postFilterCallback($matches)
+    protected function postFilterCallback($matches)
-		{
+    {
-			// Domain Whitelist
+      // Domain Whitelist
-			$youTubeMatch = preg_match('#src="https?://www\.youtube(-nocookie)?\.com/#i', $matches[1]);
+      $youTubeMatch = preg_match('#src="https?://www\.youtube(-nocookie)?\.com/#i', $matches[1]);
-			$vimeoMatch = preg_match('#src="https?://player\.vimeo\.com/#i', $matches[1]);
+      $vimeoMatch = preg_match('#src="https?://player\.vimeo\.com/#i', $matches[1]);
-            $fackbookMatch = preg_match('#src="https?://www\.facebook\.com/#i', $matches[1]);
+      $fackbookMatch = preg_match('#src="https?://www\.facebook\.com/#i', $matches[1]);
-			if ($youTubeMatch || $vimeoMatch || $fackbookMatch) {
+      if ($youTubeMatch || $vimeoMatch || $fackbookMatch) {
-				$extra = ' frameborder="0"';
+        $extra = ' frameborder="0"';
-				if ($youTubeMatch || $fackbookMatch) {
+        if ($youTubeMatch || $fackbookMatch) {
-					$extra .= ' allowfullscreen';
+          $extra .= ' allowfullscreen';
-				} elseif ($vimeoMatch) {
+        } elseif ($vimeoMatch) {
-					$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
+          $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
-				}
+        }
-				return '<iframe ' . $matches[1] . $extra . '></iframe>';
+        return '<iframe ' . $matches[1] . $extra . '></iframe>';
-			} else {
+      } else {
-				return '';
+        return '';
-			}
+      }
-		}
+    }
-	}
+  }
 }