From a32d5b52e1483e47ecc17bcfaa691a39756c82d7 Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Fri, 21 May 2010 12:56:37 -0400
Subject: [PATCH] Fix embedding flash on non-IE browsers and allow more wmode.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 NEWS                                             |  2 ++
 configdoc/usage.xml                              |  2 +-
 library/HTMLPurifier/AttrTransform/SafeParam.php |  3 ++-
 library/HTMLPurifier/Generator.php               | 14 +-------------
 library/HTMLPurifier/HTMLModule/SafeEmbed.php    |  2 +-
 library/HTMLPurifier/HTMLModule/SafeObject.php   |  1 -
 smoketests/preserveYouTube.php                   | 17 +++++++++++++++++
 tests/HTMLPurifier/HTMLT/double-youtube.htmlt    |  2 +-
 8 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index 3e9bada3..04a7fa9e 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
   when %CSS.Trusted is on.
 ! Add %Cache.SerializerPermissions option for custom serializer
   directory/file permissions
+! Fix longstanding bug in Flash support for non-IE browsers, and
+  allow more wmode attributes.
 - Switch to an iterative traversal of the DOM, which prevents us
   from running out of stack space for deeply nested documents.
   Thanks Maxim Krizhanovsky for contributing a patch.
diff --git a/configdoc/usage.xml b/configdoc/usage.xml
index e962ca96..a401a9ee 100644
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@@ -367,7 +367,7 @@
  </directive>
  <directive id="HTML.FlashAllowFullScreen">
   <file name="HTMLPurifier/AttrTransform/SafeParam.php">
-   <line>37</line>
+   <line>38</line>
   </file>
  </directive>
  <directive id="Core.EscapeInvalidChildren">
diff --git a/library/HTMLPurifier/AttrTransform/SafeParam.php b/library/HTMLPurifier/AttrTransform/SafeParam.php
index d378c4f5..bd86a745 100644
--- a/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
 
     public function __construct() {
         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
     }
 
     public function transform($attr, $config, $context) {
@@ -41,7 +42,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
                 }
                 break;
             case 'wmode':
-                $attr['value'] = 'window';
+                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
                 break;
             case 'movie':
             case 'src':
diff --git a/library/HTMLPurifier/Generator.php b/library/HTMLPurifier/Generator.php
index e6221db7..5e589315 100644
--- a/library/HTMLPurifier/Generator.php
+++ b/library/HTMLPurifier/Generator.php
@@ -132,19 +132,7 @@ class HTMLPurifier_Generator
             $_extra = '';
             if ($this->_flashCompat) {
                 if ($token->name == "object" && !empty($this->_flashStack)) {
-                    $flash = array_pop($this->_flashStack);
-                    $compat_token = new HTMLPurifier_Token_Empty("embed");
-                    foreach ($flash->attr as $name => $val) {
-                        if ($name == "classid") continue;
-                        if ($name == "type") continue;
-                        if ($name == "data") $name = "src";
-                        $compat_token->attr[$name] = $val;
-                    }
-                    foreach ($flash->param as $name => $val) {
-                        if ($name == "movie") $name = "src";
-                        $compat_token->attr[$name] = $val;
-                    }
-                    $_extra = "<!--[if IE]>".$this->generateFromToken($compat_token)."<![endif]-->";
+                    // doesn't do anything for now
                 }
             }
             return $_extra . '</' . $token->name . '>';
diff --git a/library/HTMLPurifier/HTMLModule/SafeEmbed.php b/library/HTMLPurifier/HTMLModule/SafeEmbed.php
index ea256716..9f3758a3 100644
--- a/library/HTMLPurifier/HTMLModule/SafeEmbed.php
+++ b/library/HTMLPurifier/HTMLModule/SafeEmbed.php
@@ -21,7 +21,7 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
                 'allowscriptaccess' => 'Enum#never',
                 'allownetworking' => 'Enum#internal',
                 'flashvars' => 'Text',
-                'wmode' => 'Enum#window',
+                'wmode' => 'Enum#window,transparent,opaque',
                 'name' => 'ID',
             )
         );
diff --git a/library/HTMLPurifier/HTMLModule/SafeObject.php b/library/HTMLPurifier/HTMLModule/SafeObject.php
index 64ab8c07..00da342e 100644
--- a/library/HTMLPurifier/HTMLModule/SafeObject.php
+++ b/library/HTMLPurifier/HTMLModule/SafeObject.php
@@ -29,7 +29,6 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
                 'width'  => 'Pixels#' . $max,
                 'height' => 'Pixels#' . $max,
                 'data'   => 'URI#embedded',
-                'classid' => 'Enum#clsid:d27cdb6e-ae6d-11cf-96b8-444553540000',
                 'codebase' => new HTMLPurifier_AttrDef_Enum(array(
                     'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
             )
diff --git a/smoketests/preserveYouTube.php b/smoketests/preserveYouTube.php
index d114dbe8..1dfa85cb 100644
--- a/smoketests/preserveYouTube.php
+++ b/smoketests/preserveYouTube.php
@@ -22,6 +22,23 @@ $string = '<object width="425" height="350"><param name="movie" value="http://ww
 <object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
 
 <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="385" width="480"><param name="width" value="480" /><param name="height" value="385" /><param name="src" value="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" /><embed height="385" src="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" type="application/x-shockwave-flash" width="480"></embed></object>
+
+<object
+    classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
+    id="ooyalaPlayer_229z0_gbps1mrs" width="630" height="354"
+    codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param
+    name="movie" value="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
+    /><param name="bgcolor" value="#000000" /><param
+    name="allowScriptAccess" value="always" /><param
+    name="allowFullScreen" value="true" /><param name="flashvars"
+    value="embedType=noscriptObjectTag&embedCode=pteGRrMTpcKMyQ052c8NwYZ5M5FdSV3j"
+    /><embed src="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
+    bgcolor="#000000" width="630" height="354"
+    name="ooyalaPlayer_229z0_gbps1mrs" align="middle" play="true"
+    loop="false" allowscriptaccess="always" allowfullscreen="true"
+    type="application/x-shockwave-flash"
+    flashvars="&embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za"
+    pluginspage="http://www.adobe.com/go/getflashplayer"></embed></object>
 ';
 
 $regular_purifier = new HTMLPurifier();
diff --git a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
index dd22b18b..a46ce473 100644
--- a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
+++ b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
@@ -2,5 +2,5 @@
 HTML.SafeObject = true
 Output.FlashCompat = true
 --HTML--
-<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /><!--[if IE]><embed width="425" height="350" src="http://www.youtube.com/v/BdU--T8rLns" allowScriptAccess="never" allowNetworking="internal" wmode="window" /><![endif]--></object>
+<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /></object>
 --# vim: et sw=4 sts=4
-- 
2.11.4.GIT