d9/dc6/SafeParam_8php_source.html

<?php


class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform

{

    public $name = "SafeParam";


    private $uri;


    public function __construct()

    {

        $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded

        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));

    }


    public function transform($attr, $config, $context)

    {

        // If we add support for other objects, we'll need to alter the

        // transforms.

        switch ($attr['name']) {

            // application/x-shockwave-flash

            // Keep this synchronized with Injector/SafeObject.php

            case 'allowScriptAccess':

                $attr['value'] = 'never';

                break;

            case 'allowNetworking':

                $attr['value'] = 'internal';

                break;

            case 'allowFullScreen':

                if ($config->get('HTML.FlashAllowFullScreen')) {

                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';

                } else {

                    $attr['value'] = 'false';

                }

                break;

            case 'wmode':

                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);

                break;

            case 'movie':

            case 'src':

                $attr['name'] = "movie";

                $attr['value'] = $this->uri->validate($attr['value'], $config, $context);

                break;

            case 'flashvars':

                // we're going to allow arbitrary inputs to the SWF, on

                // the reasoning that it could only hack the SWF, not us.

                break;

            // add other cases to support other param name/value pairs

            default:

                $attr['name'] = $attr['value'] = null;

        }

        return $attr;

    }

}


// vim: et sw=4 sts=4

HTMLPurifier_AttrDef_Enum
Validates a keyword against a list of valid values.
Definition: Enum.php:11

HTMLPurifier_AttrDef_URI
Validates a URI as defined by RFC 3986.
Definition: URI.php:8

HTMLPurifier_AttrTransform_SafeParam
Validates name/value pairs in param tags to be used in safe objects.
Definition: SafeParam.php:16

HTMLPurifier_AttrTransform_SafeParam\transform
transform($attr, $config, $context)
Definition: SafeParam.php:39

HTMLPurifier_AttrTransform_SafeParam\__construct
__construct()
Definition: SafeParam.php:27

HTMLPurifier_AttrTransform_SafeParam\$uri
$uri
@type HTMLPurifier_AttrDef_URI
Definition: SafeParam.php:25

HTMLPurifier_AttrTransform_SafeParam\$name
$name
@type string
Definition: SafeParam.php:20

HTMLPurifier_AttrTransform
Processes an entire attribute array for corrections needing multiple values.
Definition: AttrTransform.php:18