New fix for the YouTube issue (bug #1207140)

This time around instead of changing the protocol-relative URLs
to be matching the protocol of what Mahara is using I've changed
how html purifier checks iframes to allow protocol-relative URLs.

Change-Id: I2a9436ecf3f6046acdefce8ac7751c12ad2bbf9d
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

htdocs/lib/db/upgrade.php

@@ -3226,5 +3226,11 @@ function xmldb_core_upgrade($oldversion=0) {
         }
     }
 
+    if ($oldversion < 2013081400) {
+        // We've made a change to how update_safe_iframe_regex() generates the regex
+        // Call this function to make sure the stored value reflects that change.
+        update_safe_iframe_regex();
+    }
+
     return $status;
 }

htdocs/lib/upgrade.php

@@ -1166,7 +1166,9 @@ function update_safe_iframe_regex() {
                 throw new SystemException('Invalid site passed to update_safe_iframe_regex');
             }
         }
-        $iframeregexp = '%^https?://(' . str_replace('.', '\.', implode('|', $prefixes)) . ')%';
+        // Allowed iframe URLs should be one of the partial URIs in iframe_source,
+        // prefaced by http:// or https:// or just // (which is a protocol-relative URL)
+        $iframeregexp = '%^(http:|https:|)//(' . str_replace('.', '\.', implode('|', $prefixes)) . ')%';
     }
     set_config('iframeregexp', isset($iframeregexp) ? $iframeregexp : null);
 }

htdocs/lib/version.php

@@ -32,7 +32,7 @@ $config = new StdClass;
 // For upgrades on stable branches, increment the version by one.  On master, use the date.
 
 
-$config->version = 2013071200;
+$config->version = 2013081400;
 $config->release = '1.8.0dev';
 $config->minupgradefrom = 2008040200;
 $config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';