From 8f2c147514ab4066f1b2ca0f6e967d77ec5d9b44 Mon Sep 17 00:00:00 2001
From: gnaegi <none@none>
Date: Thu, 25 Jul 2013 15:20:40 +0200
Subject: [PATCH] OO-679 disable movie buttons in blog as removed by XSS filter
 when saving

---
 .../modules/webFeed/ui/blog/BlogPostFormController.java    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/org/olat/modules/webFeed/ui/blog/BlogPostFormController.java b/src/main/java/org/olat/modules/webFeed/ui/blog/BlogPostFormController.java
index 60635d54a02..435d3d79a01 100644
--- a/src/main/java/org/olat/modules/webFeed/ui/blog/BlogPostFormController.java
+++ b/src/main/java/org/olat/modules/webFeed/ui/blog/BlogPostFormController.java
@@ -33,6 +33,7 @@ import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
 import org.olat.core.gui.components.form.flexible.impl.FormEvent;
 import org.olat.core.gui.components.form.flexible.impl.FormLayoutContainer;
 import org.olat.core.gui.components.form.flexible.impl.elements.richText.RichTextConfiguration;
+import org.olat.core.gui.components.form.flexible.impl.elements.richText.plugins.olatmovieviewer.OlatMovieViewerPlugin;
 import org.olat.core.gui.components.link.Link;
 import org.olat.core.gui.control.Controller;
 import org.olat.core.gui.control.Event;
@@ -165,6 +166,9 @@ public class BlogPostFormController extends FormBasicController {
 		RichTextConfiguration descRichTextConfig = description.getEditorConfiguration();
 		// set upload dir to the media dir
 		descRichTextConfig.setFileBrowserUploadRelPath("media");
+		// disable XSS unsave buttons for movie
+		descRichTextConfig.disableButton(OlatMovieViewerPlugin.BUTTONS);
+		descRichTextConfig.setMediaEnabled(false, 0);
 
 		// Content
 		content = uifactory.addRichTextElementForStringData("content", "blog.form.content", post.getContent(), 18, -1, false, false,
@@ -172,6 +176,9 @@ public class BlogPostFormController extends FormBasicController {
 		RichTextConfiguration richTextConfig = content.getEditorConfiguration();
 		// set upload dir to the media dir
 		richTextConfig.setFileBrowserUploadRelPath("media");
+		// disable XSS unsave buttons for movie
+		richTextConfig.disableButton(OlatMovieViewerPlugin.BUTTONS);
+		richTextConfig.setMediaEnabled(false, 0);
 
 		Calendar cal = Calendar.getInstance(ureq.getLocale());
 		if (post.getPublishDate() != null) {
-- 
GitLab