Fixed Bug #9774: Incorrect validation of allowed classes in RTE transformation
authorSteffen Kamper <info@sk-typo3.de>
Tue, 20 Jan 2009 12:21:29 +0000 (12:21 +0000)
committerSteffen Kamper <info@sk-typo3.de>
Tue, 20 Jan 2009 12:21:29 +0000 (12:21 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@4794 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_parsehtml_proc.php

index 4ae5d62..5d245d8 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-01-20  Steffen Kamper  <info@sk-typo3.de>
+
+       * Fixed bug #9774: Incorrect validation of allowed classes in RTE transformation
+
 2009-01-20  Ingmar Schlecht  <ingmar@typo3.org>
 
        * Fixed bug #10186: Time shifting (again) in datetime fields (followup to Bug#8746; thanks to Ernesto Baschny)
index 43abdd6..8a9b48a 100755 (executable)
@@ -311,7 +311,7 @@ class t3lib_parsehtml_proc extends t3lib_parsehtml {
                                                case 'ts_transform':
                                                case 'css_transform':
                                                        $value = str_replace(chr(13),'',$value);        // Has a very disturbing effect, so just remove all '13' - depend on '10'
-                                                       $this->allowedClasses = t3lib_div::trimExplode(',',strtoupper($this->procOptions['allowedClasses']),1);
+                                                       $this->allowedClasses = t3lib_div::trimExplode(',', $this->procOptions['allowedClasses'], 1);
                                                        $value = $this->TS_transform_db($value,$cmd=='css_transform');
                                                break;
                                                case 'ts_strip':
@@ -1279,8 +1279,19 @@ class t3lib_parsehtml_proc extends t3lib_parsehtml {
 
                                                        // CLASS attribute:
                                                if (!$this->procOptions['skipClass'] && strcmp(trim($attribs[0]['class']),''))  {       // Set to whatever value
-                                                       if (!count($this->allowedClasses) || in_array(strtoupper($attribs[0]['class']),$this->allowedClasses))  {
-                                                               $newAttribs['class']=$attribs[0]['class'];
+                                                       if (!count($this->allowedClasses) || in_array($attribs[0]['class'], $this->allowedClasses))     {
+                                                               $newAttribs['class'] = $attribs[0]['class'];
+                                                       } else {
+                                                               $classes = t3lib_div::trimExplode(' ', $attribs[0]['class'], true);
+                                                               $newClasses = array();
+                                                               foreach ($classes as $class) {
+                                                                       if (in_array($class, $this->allowedClasses)) {
+                                                                               $newClasses[] = $class;
+                                                                       }
+                                                               }
+                                                               if (count($newClasses)) {
+                                                                       $newAttribs['class'] = implode(' ', $newClasses);
+                                                               }
                                                        }
                                                }