related to #33 – sanitizing enclosure data via trim()

podlove · Nov 6, 2012 · 8c7c975 · 8c7c975
1 parent 50dcb22
commit 8c7c975
Showing 1 changed file with 3 additions and 9 deletions.
diff --git a/podlove-web-player/podlove-web-player.php b/podlove-web-player/podlove-web-player.php
@@ -202,17 +202,11 @@ function podlove_pwp_media_shortcode($tagName, $atts) {
 		$attributes[] = 'type="' . $type . '"';
 	}
 
-/*
-	if ($src) {
-		$attributes[] = 'src="'.htmlspecialchars($src).'"';
-		$flash_src = htmlspecialchars($src);
-	}
-*/
-
 	if ($src) {
-
+		$src = trim($src); 
 		// does it have an extension?
-		if (substr($src, strlen($src) - 4, 1) == '.') {
+		$suffixlength = strlen(substr($src, strrpos($src, ".")));
+		if ($suffixlength == 4 || $suffixlength == 5) {
 			$attributes[] = 'src="' . htmlspecialchars($src) . '"';
 			$flash_src = htmlspecialchars($src);
 		}