Fixes PHP warning after upgrading HTMLPurifier

11 years ago · 7abb779042
parent 017a2c159e
commit 7abb779042
2 changed files with 70 additions and 3 deletions
--- a/main/inc/lib/htmlpurifier/library/HTMLPurifier/Filter/AllowIframes.php
+++ b/main/inc/lib/htmlpurifier/library/HTMLPurifier/Filter/AllowIframes.php
@ -0,0 +1,65 @@
+<?php
+/**
+ * Class definition for HTMLPurifier that allows (but controls) iframes
+ * @package chamilo.lib
+ */
+/**
+ * Based on: http://stackoverflow.com/questions/4739284/htmlpurifier-iframe-vimeo-and-youtube-video
+ * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
+ */
+class HTMLPurifier_Filter_AllowIframes extends HTMLPurifier_Filter
+{
+    public $name = 'AllowIframes';
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function preFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
+    {
+        $html = preg_replace('#<iframe#i', '<img class="MyIframe"', $html);
+        $html = preg_replace('#</iframe>#i', '</img>', $html);
+        return $html;
+    }
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function postFilter($html, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
+    {
+        $post_regex = '#<img class="MyIframe"([^>]+?)>#';
+        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+    }
+
+    /**
+     *
+     * @param array $matches
+     * @return string
+     */
+    protected function postFilterCallback($matches)
+    {
+        // Domain Whitelist
+        $youTubeMatch       = preg_match('#src="(https:)?//www.youtube(-nocookie)?.com/#i', $matches[1]);
+        $vimeoMatch         = preg_match('#src="http://player.vimeo.com/#i', $matches[1]);
+        $googleMapsMatch    = preg_match('#src="https://maps.google.com/#i', $matches[1]);
+
+        if ($youTubeMatch || $vimeoMatch || $googleMapsMatch) {
+            $extra = ' frameborder="0"';
+            if ($youTubeMatch) {
+                $extra .= ' allowfullscreen';
+            } elseif ($vimeoMatch) {
+                $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
+            }
+            return '<iframe ' . $matches[1] . $extra . '></iframe>';
+        } else {
+            return '';
+        }
+    }
+}
--- a/main/inc/lib/redirect.class.php
+++ b/main/inc/lib/redirect.class.php
@ -53,7 +53,7 @@ class Redirect
            return;
        }

-        $url = isset($_SESSION['request_uri']) ? $_SESSION['request_uri'] : '';
+        $url = isset($_SESSION['request_uri']) ? Security::remove_XSS($_SESSION['request_uri']) : '';
        unset($_SESSION['request_uri']);

        if (!empty($url)) {
@ -92,7 +92,9 @@ class Redirect
                }
            }
            global $_configuration;
-            if (!isset($_configuration['redirect_admin_to_courses_list']) or $_configuration['redirect_admin_to_courses_list'] === 'false') {
+            if (!isset($_configuration['redirect_admin_to_courses_list']) or
+                $_configuration['redirect_admin_to_courses_list'] === 'false'
+            ) {
                // If the user is a platform admin, redirect to the main admin page
                if (api_is_multiple_url_enabled()) {
                    // if multiple URLs are enabled, make sure he's admin of the
@ -139,7 +141,7 @@ class Redirect
     */
    protected static function navigate($url)
    {
-        $url = Security::remove_XSS($url);
+        //$url = Security::remove_XSS($url);
        session_write_close(); //should not be neeeded
        header("Location: $url");
        exit;