From 8d01fcac50843a44152a7cf3888f1a96848ad3f5 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 1 Nov 2013 15:08:31 +0000
Subject: [PATCH] Allow embedding videos via <iframes>

Also ensure that the ticket thread is displayed in a <div> container as some
browsers seems to frown upon <iframe>s in <td> elements

Fixes #75
---
 include/class.format.php          | 7 ++++++-
 include/client/view.inc.php       | 2 +-
 include/staff/ticket-view.inc.php | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/class.format.php b/include/class.format.php
index d246948e5..7fc8e7834 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -134,7 +134,10 @@ class Format {
 
     function html($html, $config=array('balance'=>1)) {
         require_once(INCLUDE_DIR.'htmLawed.php');
-        return htmLawed($html, $config);
+        $spec = false;
+        if (isset($config['spec']))
+            $spec = $config['spec'];
+        return htmLawed($html, $config, $spec);
     }
 
     function html2text($html, $width=74, $tidy=true) {
@@ -215,6 +218,8 @@ class Format {
             'deny_attribute' => 'id',
             'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; src: cid, http, https, data',
             'hook_tag' => function($e, $a=0) { return Format::__html_cleanup($e, $a); },
+            'elements' => '*+iframe',
+            'spec' => 'iframe=-*,height,width,type,src(match="`^(https?:)?//(www\.)?(youtube|dailymotion|vimeo)\.com/`i"),frameborder;',
         );
 
         return Format::html($html, $config);
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index 0ec5b9941..f7884302e 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -97,7 +97,7 @@ if($ticket->getThreadCount() && ($thread=$ticket->getClientThread())) {
         ?>
         <table class="thread-entry <?php echo $threadType[$entry['thread_type']]; ?>" cellspacing="0" cellpadding="1" width="800" border="0">
             <tr><th><?php echo Format::db_datetime($entry['created']); ?> &nbsp;&nbsp;<span class="textra"></span><span><?php echo $poster; ?></span></th></tr>
-            <tr><td class="thread-body"><?php echo Format::viewableImages(Format::display($entry['body'])); ?></td></tr>
+            <tr><td class="thread-body"><div><?php echo Format::viewableImages(Format::display($entry['body'])); ?></div></td></tr>
             <?php
             if($entry['attachments']
                     && ($tentry=$ticket->getThreadEntry($entry['id']))
diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index aecf2edd6..78714bbd3 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -383,8 +383,8 @@ if(!$cfg->showNotesInline()) { ?>
                 <th width="auto" class="tmeta"><?php echo Format::htmlchars($entry['poster']); ?></th>
             </tr>
             <tr><td colspan="4" class="thread-body" id="thread-id-<?php
-                echo $entry['id']; ?>"><?php
-                echo Format::viewableImages(Format::display($entry['body'])); ?></td></tr>
+                echo $entry['id']; ?>"><div><?php
+                echo Format::viewableImages(Format::display($entry['body'])); ?></div></td></tr>
             <?php
             if($entry['attachments']
                     && ($tentry=$ticket->getThreadEntry($entry['id']))
-- 
GitLab