Plugin Directory


Ignore:
Timestamp:
06/05/2024 06:04:48 AM (11 months ago)
Author:
extendthemes
Message:

update

File:
1 edited

Legend:

Unmodified
Added
Removed
  • colibri-page-builder/trunk/extend-builder/shortcodes/video.php

    r3083764 r3097694  
    1919
    2020function colibri_html_embed_video( $url, $attributes ) {
    21     $attrs          = explode( " ", $attributes );
    22     $filtered_attrs = array_filter( $attrs, function ( $attr ) {
    23         if ( ! str_contains( $attr, "=" ) ) {
    24             return true;
    25         }
     21    $attrs         = explode( " ", $attributes );
     22    $allowed_attrs = [
     23        'controls',
     24        'muted',
     25        'loop',
     26        'autoplay'
     27    ];
    2628
    27         [ $name, $value ] = explode( "=", $attr );
    28         if ( str_starts_with( $name, 'on' ) || preg_match( '/\(|\)/', $value ) ) {
     29    $filtered_attrs = array_filter( $attrs, function ( $attr ) use ( $allowed_attrs ) {
     30        [ $name ] = explode( "=", $attr );
     31        if ( ! in_array( $name, $allowed_attrs ) ) {
    2932            return false;
    3033        }
     
    3336    } );
    3437
     38    $sanitized_attrs = array_map( function ( $attr ) {
     39        if ( ! str_contains( $attr, "=" ) ) {
     40            return preg_replace( '/[^[a-z]*/i', "", $attr );
     41        }
    3542
    36     echo "<video class='h-video-main' " . esc_attr( implode( " ", $filtered_attrs ) ) . " ><source src=" . esc_url( $url ) . " type='video/mp4' /></video>";
     43        [ $name, $value ] = explode( "=", $attr );
     44        $sanitized_name  = preg_replace( '/[^[a-z]*/i', "", $name );
     45        $sanitized_value = preg_replace( '/[^[a-z|A-Z|0-9]*/i', "", $value );
     46
     47        return implode( '=', array( $sanitized_name, $sanitized_value ) );
     48    }, $filtered_attrs );
     49
     50    echo "<video class='h-video-main' " . esc_attr( implode( " ", $sanitized_attrs ) ) . " ><source src=" . esc_url( $url ) . " type='video/mp4' /></video>";
    3751}
    3852
Note: See TracChangeset for help on using the changeset viewer.