Regexp for Oembed domain matching
This commit is contained in:
parent
2b62077fc1
commit
0e0783ee8c
|
@ -5,8 +5,9 @@ if (!defined('GNUSOCIAL')) { exit(1); }
|
|||
class OembedPlugin extends Plugin
|
||||
{
|
||||
// settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
|
||||
// WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings
|
||||
public $domain_whitelist = array( // hostname => service provider
|
||||
'i.ytimg.com' => 'YouTube',
|
||||
'^i\d*\.ytimg\.com$' => 'YouTube',
|
||||
);
|
||||
public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
|
||||
public $check_whitelist = true; // security/abuse precaution
|
||||
|
@ -233,7 +234,7 @@ class OembedPlugin extends Plugin
|
|||
}
|
||||
|
||||
/**
|
||||
* @return boolean false on no check made, true on success
|
||||
* @return boolean false on no check made, provider name on success
|
||||
* @throws ServerException if check is made but fails
|
||||
*/
|
||||
protected function checkWhitelist($url)
|
||||
|
@ -243,11 +244,13 @@ class OembedPlugin extends Plugin
|
|||
}
|
||||
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
if (!in_array($host, array_keys($this->domain_whitelist))) {
|
||||
throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
|
||||
foreach ($this->domain_whitelist as $regex => $provider) {
|
||||
if (preg_match("/$regex/", $host)) {
|
||||
return $provider; // we trust this source, return provider name
|
||||
}
|
||||
}
|
||||
|
||||
return true; // we trust this source
|
||||
throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
|
||||
}
|
||||
|
||||
protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
|
||||
|
|
Loading…
Reference in New Issue
Block a user