Task #1297 - HTMLPurifier: Enabling the parameter/attribute allowfullscreen for Flash objects. For the FLV player the "Full Screen" button should work in the "Forums" tool using any browser.

15 years ago · 065de91186
parent 0113271e58
commit 065de91186
6 changed files with 22 additions and 5 deletions
--- a/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php
+++ b/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php
@ -300,7 +300,7 @@ $allowed_tags_student['embed']['type'] = array();
 $allowed_tags_student['embed']['src'] = array();
 $allowed_tags_student['embed']['flashvars'] = array();
 $allowed_tags_student['embed']['allowscriptaccess'] = array();
-//$allowed_tags_student['embed']['allowfullscreen'] = array();
+$allowed_tags_student['embed']['allowfullscreen'] = array();
 //$allowed_tags_student['embed']['bgcolor'] = array();
 //$allowed_tags_student['embed']['pluginspage'] = array();

--- a/main/inc/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
@ -8,6 +8,11 @@ class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
        $attr['allowscriptaccess'] = 'never';
        $attr['allownetworking'] = 'internal';
        $attr['type'] = 'application/x-shockwave-flash';
+
+        if (!$config->get('HTML.FlashAllowFullScreen') || !$attr['allowfullscreen'] == 'true') {
+            unset($attr['allowfullscreen']);
+        }
+
        return $attr;
    }
 }
--- a/main/inc/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
@ -29,12 +29,15 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
            // application/x-shockwave-flash
            // Keep this synchronized with Injector/SafeObject.php
            case 'allowScriptAccess':
+            case 'allowscriptaccess':
                $attr['value'] = 'never';
                break;
            case 'allowNetworking':
+            case 'allownetworking':
                $attr['value'] = 'internal';
                break;
            case 'allowFullScreen':
+            case 'allowfullscreen':
                if ($config->get('HTML.FlashAllowFullScreen')) {
                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
                } else {
--- a/main/inc/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeEmbed.php
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeEmbed.php
@ -11,9 +11,7 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
    public function setup($config) {

        $max = $config->get('HTML.MaxImgLength');
-        $embed = $this->addElement(
-            'embed', 'Inline', 'Empty', 'Common',
-            array(
+        $attr = array(
                'src*' => 'URI#embedded',
                'type' => 'Enum#application/x-shockwave-flash',
                'width' => 'Pixels#' . $max,
@ -23,7 +21,13 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
                'flashvars' => 'Text',
                'wmode' => 'Enum#window,transparent,opaque',
                'name' => 'ID',
-            )
+        );
+        if ($config->get('HTML.FlashAllowFullScreen')) {
+            $attr['allowfullscreen'] = 'Enum#true,false';
+        }
+
+        $embed = $this->addElement(
+            'embed', 'Inline', 'Empty', 'Common', $attr
        );
        $embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeEmbed();

--- a/main/inc/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
@ -16,6 +16,9 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
    protected $addParam = array(
        'allowScriptAccess' => 'never',
        'allowNetworking' => 'internal',
+        'allowscriptaccess' => 'never',
+        'allownetworking' => 'internal',
+
    );
    protected $allowedParam = array(
        'wmode' => true,
@ -23,6 +26,7 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
        'flashvars' => true,
        'src' => true,
        'allowFullScreen' => true, // if omitted, assume to be 'false'
+        'allowfullscreen' => true, // if omitted, assume to be 'false'
    );

    public function prepare($config, $context) {
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@ -254,6 +254,7 @@ class Security {
                mkdir($cache_dir, 0777);
            }
            $config = HTMLPurifier_Config::createDefault();
+            //$config->set('Cache.DefinitionImpl', null); // Enable this line for testing purposes, for turning off caching. Don't forget to disable this line later!
            $config->set('Cache.SerializerPath', $cache_dir);
            $config->set('Core.Encoding', api_get_system_encoding());
            $config->set('HTML.Doctype', 'XHTML 1.0 Transitional');