mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2026-02-10 16:01:33 +00:00
update HTMLPurifier; enable embedded flash video in articles
This commit is contained in:
11
lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php
Executable file → Normal file
11
lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php
Executable file → Normal file
@@ -36,21 +36,20 @@ class HTMLPurifier_URISchemeRegistry
|
||||
*/
|
||||
public function getScheme($scheme, $config, $context) {
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
$null = null; // for the sake of passing by reference
|
||||
|
||||
// important, otherwise attacker could include arbitrary file
|
||||
$allowed_schemes = $config->get('URI', 'AllowedSchemes');
|
||||
if (!$config->get('URI', 'OverrideAllowedSchemes') &&
|
||||
$allowed_schemes = $config->get('URI.AllowedSchemes');
|
||||
if (!$config->get('URI.OverrideAllowedSchemes') &&
|
||||
!isset($allowed_schemes[$scheme])
|
||||
) {
|
||||
return $null;
|
||||
return;
|
||||
}
|
||||
|
||||
if (isset($this->schemes[$scheme])) return $this->schemes[$scheme];
|
||||
if (!isset($allowed_schemes[$scheme])) return $null;
|
||||
if (!isset($allowed_schemes[$scheme])) return;
|
||||
|
||||
$class = 'HTMLPurifier_URIScheme_' . $scheme;
|
||||
if (!class_exists($class)) return $null;
|
||||
if (!class_exists($class)) return;
|
||||
$this->schemes[$scheme] = new $class();
|
||||
return $this->schemes[$scheme];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user