Regexp for Oembed domain matching
This commit is contained in:
parent
2b62077fc1
commit
0e0783ee8c
|
@ -5,8 +5,9 @@ if (!defined('GNUSOCIAL')) { exit(1); }
|
||||||
class OembedPlugin extends Plugin
|
class OembedPlugin extends Plugin
|
||||||
{
|
{
|
||||||
// settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
|
// settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
|
||||||
|
// WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings
|
||||||
public $domain_whitelist = array( // hostname => service provider
|
public $domain_whitelist = array( // hostname => service provider
|
||||||
'i.ytimg.com' => 'YouTube',
|
'^i\d*\.ytimg\.com$' => 'YouTube',
|
||||||
);
|
);
|
||||||
public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
|
public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
|
||||||
public $check_whitelist = true; // security/abuse precaution
|
public $check_whitelist = true; // security/abuse precaution
|
||||||
|
@ -233,7 +234,7 @@ class OembedPlugin extends Plugin
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return boolean false on no check made, true on success
|
* @return boolean false on no check made, provider name on success
|
||||||
* @throws ServerException if check is made but fails
|
* @throws ServerException if check is made but fails
|
||||||
*/
|
*/
|
||||||
protected function checkWhitelist($url)
|
protected function checkWhitelist($url)
|
||||||
|
@ -243,11 +244,13 @@ class OembedPlugin extends Plugin
|
||||||
}
|
}
|
||||||
|
|
||||||
$host = parse_url($url, PHP_URL_HOST);
|
$host = parse_url($url, PHP_URL_HOST);
|
||||||
if (!in_array($host, array_keys($this->domain_whitelist))) {
|
foreach ($this->domain_whitelist as $regex => $provider) {
|
||||||
throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
|
if (preg_match("/$regex/", $host)) {
|
||||||
|
return $provider; // we trust this source, return provider name
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return true; // we trust this source
|
throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
|
protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user