From da839c3f8cb0bd465a2e87c5a34088d3e1e78732 Mon Sep 17 00:00:00 2001 From: NicoDucou Date: Thu, 7 Nov 2024 21:36:51 +0100 Subject: [PATCH] Editor: Allow all domain in iframes insertion if setting to allow iframe is true in HTMLPurifier filter - refs BT#22175 BT#22102 --- .../HTMLPurifier/Filter/AllowIframes.php | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/src/Chamilo/CoreBundle/Component/HTMLPurifier/Filter/AllowIframes.php b/src/Chamilo/CoreBundle/Component/HTMLPurifier/Filter/AllowIframes.php index d01713d9df..b962bd0422 100644 --- a/src/Chamilo/CoreBundle/Component/HTMLPurifier/Filter/AllowIframes.php +++ b/src/Chamilo/CoreBundle/Component/HTMLPurifier/Filter/AllowIframes.php @@ -59,24 +59,16 @@ class AllowIframes extends HTMLPurifier_Filter // Domain Whitelist $hostName = []; preg_match('#https?://(.*)#i', api_get_path(WEB_PATH), $hostName); + $extra = ' frameborder="0"'; $youTubeMatch = preg_match('#src="(https:)?//www.youtube(-nocookie)?.com/#i', $matches[1]); $vimeoMatch = preg_match('#://player.vimeo.com/#i', $matches[1]); - $googleMapsMatch = preg_match('#src="https://maps.google.com/#i', $matches[1]); - $slideShare = preg_match('#src="(https?:)?//www.slideshare.net/#', $matches[1]); - $platformDomain = preg_match('#src="https?://(.+\.)?'.$hostName[1].'#i', $matches[1]); - if ($youTubeMatch || $vimeoMatch || $googleMapsMatch || $slideShare || $platformDomain) { - $extra = ' frameborder="0"'; - if ($youTubeMatch) { - $extra .= ' allowfullscreen'; - } elseif ($vimeoMatch) { - $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; - } - - return ''; - } else { - return ''; + if ($youTubeMatch) { + $extra .= ' allowfullscreen'; + } elseif ($vimeoMatch) { + $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen'; } + return ''; } }