Commit e1d79ece authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

New fix for the YouTube issue (bug #1207140)



This time around instead of changing the protocol-relative URLs
to be matching the protocol of what Mahara is using I've changed
how html purifier checks iframes to allow protocol-relative URLs.

Change-Id: I2a9436ecf3f6046acdefce8ac7751c12ad2bbf9d
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
Signed-off-by: Aaron Wells's avatarAaron Wells <aaronw@catalyst.net.nz>
parent 4084cd06
......@@ -3226,5 +3226,11 @@ function xmldb_core_upgrade($oldversion=0) {
}
}
if ($oldversion < 2013081400) {
// We've made a change to how update_safe_iframe_regex() generates the regex
// Call this function to make sure the stored value reflects that change.
update_safe_iframe_regex();
}
return $status;
}
......@@ -1166,7 +1166,9 @@ function update_safe_iframe_regex() {
throw new SystemException('Invalid site passed to update_safe_iframe_regex');
}
}
$iframeregexp = '%^https?://(' . str_replace('.', '\.', implode('|', $prefixes)) . ')%';
// Allowed iframe URLs should be one of the partial URIs in iframe_source,
// prefaced by http:// or https:// or just // (which is a protocol-relative URL)
$iframeregexp = '%^(http:|https:|)//(' . str_replace('.', '\.', implode('|', $prefixes)) . ')%';
}
set_config('iframeregexp', isset($iframeregexp) ? $iframeregexp : null);
}
......
......@@ -32,7 +32,7 @@ $config = new StdClass;
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2013071200;
$config->version = 2013081400;
$config->release = '1.8.0dev';
$config->minupgradefrom = 2008040200;
$config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment