__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<?php
/**
* Validates name/value pairs in param tags to be used in safe objects. This
* will only allow name values it recognizes, and pre-fill certain attributes
* with required values.
*
* @note
* This class only supports Flash. In the future, Quicktime support
* may be added.
*
* @warning
* This class expects an injector to add the necessary parameters tags.
*/
class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
{
/**
* @type string
*/
public $name = "SafeParam";
/**
* @type HTMLPurifier_AttrDef_URI
*/
private $uri;
/**
* @type HTMLPurifier_AttrDef_Enum
*/
public $wmode;
public function __construct()
{
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}
/**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
// If we add support for other objects, we'll need to alter the
// transforms.
switch ($attr['name']) {
// application/x-shockwave-flash
// Keep this synchronized with Injector/SafeObject.php
case 'allowScriptAccess':
$attr['value'] = 'never';
break;
case 'allowNetworking':
$attr['value'] = 'internal';
break;
case 'allowFullScreen':
if ($config->get('HTML.FlashAllowFullScreen')) {
$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
} else {
$attr['value'] = 'false';
}
break;
case 'wmode':
$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
case 'src':
$attr['name'] = "movie";
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
case 'flashvars':
// we're going to allow arbitrary inputs to the SWF, on
// the reasoning that it could only hack the SWF, not us.
break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;
}
return $attr;
}
}
// vim: et sw=4 sts=4
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Background.php | File | 696 B | 0777 |
|
| BdoDir.php | File | 639 B | 0777 |
|
| BgColor.php | File | 672 B | 0777 |
|
| BoolToCSS.php | File | 1.06 KB | 0777 |
|
| Border.php | File | 676 B | 0777 |
|
| EnumToCSS.php | File | 1.68 KB | 0777 |
|
| ImgRequired.php | File | 1.3 KB | 0777 |
|
| ImgSpace.php | File | 1.37 KB | 0777 |
|
| Input.php | File | 1.56 KB | 0777 |
|
| Lang.php | File | 856 B | 0777 |
|
| Length.php | File | 984 B | 0777 |
|
| Name.php | File | 808 B | 0777 |
|
| NameSync.php | File | 1.09 KB | 0777 |
|
| Nofollow.php | File | 1.28 KB | 0777 |
|
| SafeEmbed.php | File | 570 B | 0777 |
|
| SafeObject.php | File | 609 B | 0777 |
|
| SafeParam.php | File | 2.55 KB | 0777 |
|
| ScriptRequired.php | File | 516 B | 0777 |
|
| TargetBlank.php | File | 1.17 KB | 0777 |
|
| TargetNoopener.php | File | 1022 B | 0777 |
|
| TargetNoreferrer.php | File | 1.01 KB | 0777 |
|
| Textarea.php | File | 599 B | 0777 |
|