Initial commit

Signed-off-by: Luke Tainton <luke@tainton.uk>
2020-02-26 12:23:50 +00:00
commit 39782c53ef
500 changed files with 141257 additions and 0 deletions
--- a/hesk/inc/htmlpurifier/custom/heskIframe.php
+++ b/hesk/inc/htmlpurifier/custom/heskIframe.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+/**
+ * Based on: http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/
+ * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
+ */
+class HTMLPurifier_Filter_HeskIframe extends HTMLPurifier_Filter
+{
+    public $name = 'HeskIframe';
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function preFilter($html, $config, $context)
+    {
+        $html = preg_replace('#<iframe#i', '<img class="HeskIframe"', $html);
+        $html = preg_replace('#</iframe>#i', '</img>', $html);
+        return $html;
+    }
+
+    /**
+     *
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function postFilter($html, $config, $context)
+    {
+        $post_regex = '#<img class="HeskIframe"([^>]+?)/?>#';
+        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+    }
+
+    /**
+     *
+     * @param array $matches
+     * @return string
+     */
+    protected function postFilterCallback($matches)
+    {
+        // Domain Whitelist
+        $youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]);
+        $vimeoMatch = preg_match('#src="https?://player.vimeo.com/#i', $matches[1]);
+        if ($youTubeMatch || $vimeoMatch) {
+            $extra = ' frameborder="0"';
+            if ($youTubeMatch) {
+                $extra .= ' allowfullscreen';
+            } elseif ($vimeoMatch) {
+                $extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
+            }
+            return '<iframe ' . $matches[1] . $extra . '></iframe>';
+        } else {
+            return '';
+        }
+    }
+}