- Timestamp:
- 06/05/2024 06:04:48 AM (11 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
colibri-page-builder/trunk/extend-builder/shortcodes/video.php
r3083764 r3097694 19 19 20 20 function colibri_html_embed_video( $url, $attributes ) { 21 $attrs = explode( " ", $attributes ); 22 $filtered_attrs = array_filter( $attrs, function ( $attr ) { 23 if ( ! str_contains( $attr, "=" ) ) { 24 return true; 25 } 21 $attrs = explode( " ", $attributes ); 22 $allowed_attrs = [ 23 'controls', 24 'muted', 25 'loop', 26 'autoplay' 27 ]; 26 28 27 [ $name, $value ] = explode( "=", $attr ); 28 if ( str_starts_with( $name, 'on' ) || preg_match( '/\(|\)/', $value ) ) { 29 $filtered_attrs = array_filter( $attrs, function ( $attr ) use ( $allowed_attrs ) { 30 [ $name ] = explode( "=", $attr ); 31 if ( ! in_array( $name, $allowed_attrs ) ) { 29 32 return false; 30 33 } … … 33 36 } ); 34 37 38 $sanitized_attrs = array_map( function ( $attr ) { 39 if ( ! str_contains( $attr, "=" ) ) { 40 return preg_replace( '/[^[a-z]*/i', "", $attr ); 41 } 35 42 36 echo "<video class='h-video-main' " . esc_attr( implode( " ", $filtered_attrs ) ) . " ><source src=" . esc_url( $url ) . " type='video/mp4' /></video>"; 43 [ $name, $value ] = explode( "=", $attr ); 44 $sanitized_name = preg_replace( '/[^[a-z]*/i', "", $name ); 45 $sanitized_value = preg_replace( '/[^[a-z|A-Z|0-9]*/i', "", $value ); 46 47 return implode( '=', array( $sanitized_name, $sanitized_value ) ); 48 }, $filtered_attrs ); 49 50 echo "<video class='h-video-main' " . esc_attr( implode( " ", $sanitized_attrs ) ) . " ><source src=" . esc_url( $url ) . " type='video/mp4' /></video>"; 37 51 } 38 52
Note: See TracChangeset
for help on using the changeset viewer.