ifhub/ifhub.club
1
0
Fork 0
mirror of https://github.com/Oreolek/ifhub.club.git synced 2024-07-01 05:55:02 +03:00
Code Issues Releases Wiki Activity

fix parser

Browse source
This commit is contained in:
Mzhelskiy Maxim 2011-02-14 20:16:47 +00:00
parent 6261a11e58
commit 9e075c91de
2 changed files with 26 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
engine/lib/external/Jevix/jevix.class.php vendored
View file

@ -920,9 +920,29 @@ class Jevix{
if(empty($paramAllowedValues)) continue;
// Если есть список разрешённых параметров тега
if(is_array($paramAllowedValues) && !in_array($value, $paramAllowedValues)) {
$this->eror("Недопустимое значение для атрибута тега $tag $param=$value");
continue;
if (is_array($paramAllowedValues)) {
// проверка на список доменов
if (isset($paramAllowedValues['#domain']) and is_array($paramAllowedValues['#domain'])) {
if(preg_match('/javascript:/ui', $value)) {
$this->eror('Попытка вставить JavaScript в URI');
continue;
}
$bOK=false;
foreach ($paramAllowedValues['#domain'] as $sDomain) {
$sDomain=preg_quote($sDomain);
if (preg_match("@^(http|https|ftp)://([\w\d]+\.)?{$sDomain}/@ui",$value)) {
$bOK=true;
break;
}
}
if (!$bOK) {
$this->eror("Недопустимое значение для атрибута тега $tag $param=$value");
continue;
}
} elseif (!in_array($value, $paramAllowedValues)) {
$this->eror("Недопустимое значение для атрибута тега $tag $param=$value");
continue;
}
// Если атрибут тега помечен как разрешённый, но правила не указаны - смотрим в массив стандартных правил для атрибутов
} elseif($paramAllowedValues === true && !empty($this->defaultTagParamRules[$param])){
$paramAllowedValues = $this->defaultTagParamRules[$param];

6
engine/modules/text/Text.class.php
View file

@ -58,7 +58,7 @@ class ModuleText extends Module {
$this->oJevix->cfgAllowTagParams('img', array('src', 'alt' => '#text', 'title', 'align' => array('right', 'left', 'center', 'middle'), 'width' => '#int', 'height' => '#int', 'hspace' => '#int', 'vspace' => '#int'));
$this->oJevix->cfgAllowTagParams('a', array('title', 'href', 'rel' => '#text', 'name' => '#text'));
$this->oJevix->cfgAllowTagParams('cut', array('name'));
$this->oJevix->cfgAllowTagParams('object', array('width' => '#int', 'height' => '#int', 'data' => '#link', 'type' => '#text'));
$this->oJevix->cfgAllowTagParams('object', array('width' => '#int', 'height' => '#int', 'data' => array('#domain'=>array('youtube.com','rutube.ru','vimeo.com')), 'type' => '#text'));
$this->oJevix->cfgAllowTagParams('param', array('name' => '#text', 'value' => '#text'));
$this->oJevix->cfgAllowTagParams('embed', array('src' => '#image', 'type' => '#text','allowscriptaccess' => '#text', 'allowfullscreen' => '#text','width' => '#int', 'height' => '#int', 'flashvars'=> '#text', 'wmode'=> '#text'));
$this->oJevix->cfgAllowTagParams('acronym', array('title'));
@ -116,11 +116,11 @@ class ModuleText extends Module {
/**
* youtube.com
*/
$sText = preg_replace('/<video>http:\/\/(?:www\.|)youtube\.com\/watch\?v=([a-zA-Z0-9_\-]+)<\/video>/Ui', '<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/$1&hl=en"></param><param name="wmode" value="opaque"></param><embed src="http://www.youtube.com/v/$1&hl=en" type="application/x-shockwave-flash" wmode="opaque" width="425" height="344"></embed></object>', $sText);
$sText = preg_replace('/<video>http:\/\/(?:www\.|)youtube\.com\/watch\?v=([a-zA-Z0-9_\-]+)(&.+)?<\/video>/Ui', '<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/$1&hl=en"></param><param name="wmode" value="opaque"></param><embed src="http://www.youtube.com/v/$1&hl=en" type="application/x-shockwave-flash" wmode="opaque" width="425" height="344"></embed></object>', $sText);
/**
* rutube.ru
*/
$sText = preg_replace('/<video>http:\/\/(?:www\.|)rutube.ru\/tracks\/\d+.html\?v=([a-zA-Z0-9_\-]+)<\/video>/Ui', '<OBJECT width="470" height="353"><PARAM name="movie" value="http://video.rutube.ru/$1"></PARAM><PARAM name="wmode" value="opaque"></PARAM><PARAM name="allowFullScreen" value="true"></PARAM><PARAM name="flashVars" value="uid=662118"></PARAM><EMBED src="http://video.rutube.ru/$1" type="application/x-shockwave-flash" wmode="opaque" width="470" height="353" allowFullScreen="true" flashVars="uid=662118"></EMBED></OBJECT>', $sText);
$sText = preg_replace('/<video>http:\/\/(?:www\.|)rutube.ru\/tracks\/\d+.html\?v=([a-zA-Z0-9_\-]+)(&.+)?<\/video>/Ui', '<OBJECT width="470" height="353"><PARAM name="movie" value="http://video.rutube.ru/$1"></PARAM><PARAM name="wmode" value="opaque"></PARAM><PARAM name="allowFullScreen" value="true"></PARAM><PARAM name="flashVars" value="uid=662118"></PARAM><EMBED src="http://video.rutube.ru/$1" type="application/x-shockwave-flash" wmode="opaque" width="470" height="353" allowFullScreen="true" flashVars="uid=662118"></EMBED></OBJECT>', $sText);
return $sText;
}