[theme-reviewers] Filtering the_content - Security Issues?
Austin Matzko
austin at pressedcode.com
Thu Oct 7 19:35:16 UTC 2010
On Thu, Oct 7, 2010 at 2:01 PM, Chip Bennett <chip at chipbennett.net> wrote:
> In reviewing a Theme, I ran across the following function:
>
> //add a fix for embed videos overlaing quickbar
> function fastfood_content_replace(){
> $content = get_the_content();
> $content = apply_filters('the_content', $content);
> $content = str_replace(']]>', ']]>', $content);
> $content = str_replace('<param name="allowscriptaccess" value="always">',
> '<param name="allowscriptaccess" value="always"><param name="wmode"
> value="transparent">', $content);
> $content = str_replace('<embed ', '<embed wmode="transparent" ', $content);
> echo $content;
> }
It looks like a hack to set the wmode parameter for oEmbed stuff,
probably to solve z-level styling issues. For example, suppose
there's a drop-down menu that would otherwise come in front of a
video; without that wmode="transparent" the drop-down menu will
probably go behind the video.
More information about the theme-reviewers
mailing list