<?php

/**
 * Adds important param elements to inside of object in order to make
 * things safe.
 */
class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
{
    /** @type string */
    public $name = 'SafeObject';

    /** @type array */
    public $needed = ['object', 'param'];

    /** @type array */
    protected $objectStack = [];

    /** @type array */
    protected $paramStack = [];

    /**
     * Keep this synchronized with AttrTransform/SafeParam.php.
     * @type array
     */
    protected $addParam = ['allowScriptAccess' => 'never', 'allowNetworking' => 'internal'];

    /**
     * These are all lower-case keys.
     * @type array
     */
    protected $allowedParam = [
        'wmode' => true,
        'movie' => true,
        'flashvars' => true,
        'src' => true,
        'allowfullscreen' => true,
    ];

    /**
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return void
     */
    public function prepare($config, $context)
    {
        parent::prepare($config, $context);
    }

    /**
     * @param HTMLPurifier_Token $token
     */
    public function handleElement(&$token)
    {
        if ($token->name == 'object') {
            $this->objectStack[] = $token;
            $this->paramStack[] = array();
            $new = array($token);
            foreach ($this->addParam as $name => $value) {
                $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
            }
            $token = $new;
        } elseif ($token->name == 'param') {
            $nest = count($this->currentNesting) - 1;
            if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
                $i = count($this->objectStack) - 1;
                if (!isset($token->attr['name'])) {
                    $token = false;
                    return;
                }
                $n = $token->attr['name'];
                // We need this fix because YouTube doesn't supply a data
                // attribute, which we need if a type is specified. This is
                // *very* Flash specific.
                if (!isset($this->objectStack[$i]->attr['data']) &&
                    ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
                ) {
                    $this->objectStack[$i]->attr['data'] = $token->attr['value'];
                }
                // Check if the parameter is the correct value but has not
                // already been added
                if (!isset($this->paramStack[$i][$n]) &&
                    isset($this->addParam[$n]) &&
                    $token->attr['name'] === $this->addParam[$n]) {
                    // keep token, and add to param stack
                    $this->paramStack[$i][$n] = true;
                } elseif (isset($this->allowedParam[strtolower($n)])) {
                    // keep token, don't do anything to it
                    // (could possibly check for duplicates here)
                    // Note: In principle, parameters should be case sensitive.
                    // But it seems they are not really; so accept any case.
                } else {
                    $token = false;
                }
            } else {
                // not directly inside an object, DENY!
                $token = false;
            }
        }
    }

    public function handleEnd(&$token)
    {
        // This is the WRONG way of handling the object and param stacks;
        // we should be inserting them directly on the relevant object tokens
        // so that the global stack handling handles it.
        if ($token->name == 'object') {
            array_pop($this->objectStack);
            array_pop($this->paramStack);
        }
    }
}__halt_compiler();----SIGNATURE:----taD8rSzQyGZcdbxTKcd/ho+Eri9RPlhkNOSontdgJYyn+TFM8H5Hbu2K17GiOdU7d+LOnNK9FoMTkN35isLmuAP7hhFuoEkDDIwiP5YIjDoQPK7+olwEVDV+Z1aDoeEFhJ8GPnQnR+tsS0KNnOsS4MTduvnTenEVTHuEdVPPHB4Kl23JRjO3ehATdu4tBKgVvhl5zjzq4XNgZcXAWjorPHl0CIyMPabkkrQlzaN1PLn2sHI9VHmMSirV+CTVhzjd65+R201XXEipbjxFOs71sJlhkt/evGIOy7b54oH4l7pd+RmwFC79M3bDM9jiJX+wbkpDAE7N5meQ+kTi2kz2kz5tWbxx9trkB6XcADlBD7qVx2zUqPSBtw0sCb4Zh/JzkA5RA1aXXiU72O9CBCb3NmHGax3aGRGoEfD4UpY8zCGZwv5LF9EhDnFh70WBNG9+s94r9M7jQdGTeiUc3lN/wXqgu/w6mhSUaCa3qgyUWIue0Ot6XlqrIJ3A3EQXIN2o/t1HBUs5eyEYyFWu2ivpILLI1K+OXiem4RVRi2PL4Wkt3WVoNGshLMM7j9oo5UiDPstWIp51/yqM7PaaZFESk/Sw0Hoq5XFbSq1v8Z9apeZi/tOxJFFjunkIULtktDp14BUT/ndICNzjDp5m7vwdIfmaHy+ri0OjVyBfJDAAq94=----ATTACHMENT:----NjE3NTQ2NDgxOTE0MTM0MSAxMDEyODgxMDYzMTA0ODY1IDQzODA1MDA2MDAwMzI2Njk=