From f4f0f80d2118437e5047ba266f92d7acb3c38fb7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 11 Apr 2011 16:41:01 +0400 Subject: update HTMLPurifier; enable embedded flash video in articles --- lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php (limited to 'lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php') diff --git a/lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php b/lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php old mode 100755 new mode 100644 index d24732c18..576bf7b6d --- a/lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php +++ b/lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php @@ -36,21 +36,20 @@ class HTMLPurifier_URISchemeRegistry */ public function getScheme($scheme, $config, $context) { if (!$config) $config = HTMLPurifier_Config::createDefault(); - $null = null; // for the sake of passing by reference // important, otherwise attacker could include arbitrary file - $allowed_schemes = $config->get('URI', 'AllowedSchemes'); - if (!$config->get('URI', 'OverrideAllowedSchemes') && + $allowed_schemes = $config->get('URI.AllowedSchemes'); + if (!$config->get('URI.OverrideAllowedSchemes') && !isset($allowed_schemes[$scheme]) ) { - return $null; + return; } if (isset($this->schemes[$scheme])) return $this->schemes[$scheme]; - if (!isset($allowed_schemes[$scheme])) return $null; + if (!isset($allowed_schemes[$scheme])) return; $class = 'HTMLPurifier_URIScheme_' . $scheme; - if (!class_exists($class)) return $null; + if (!class_exists($class)) return; $this->schemes[$scheme] = new $class(); return $this->schemes[$scheme]; } -- cgit v1.2.3