From f4f0f80d2118437e5047ba266f92d7acb3c38fb7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 11 Apr 2011 16:41:01 +0400
Subject: update HTMLPurifier; enable embedded flash video in articles

---
 lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php

(limited to 'lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php')

diff --git a/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php b/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
old mode 100755
new mode 100644
index 341582868..c1d8b0412
--- a/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
@@ -20,6 +20,9 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
     protected $allowedParam = array(
         'wmode' => true,
         'movie' => true,
+        'flashvars' => true,
+        'src' => true,
+        'allowFullScreen' => true, // if omitted, assume to be 'false'
     );
 
     public function prepare($config, $context) {
@@ -47,7 +50,8 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
                 // We need this fix because YouTube doesn't supply a data
                 // attribute, which we need if a type is specified. This is
                 // *very* Flash specific.
-                if (!isset($this->objectStack[$i]->attr['data']) && $token->attr['name'] == 'movie') {
+                if (!isset($this->objectStack[$i]->attr['data']) &&
+                    ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')) {
                     $this->objectStack[$i]->attr['data'] = $token->attr['value'];
                 }
                 // Check if the parameter is the correct value but has not
-- 
cgit v1.2.3