valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)

This commit is contained in:
Andrew Dolgov 2019-11-27 11:52:51 +03:00
parent e5b7b145e5
commit d15f0349bf
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
classes/pluginhost.php
View File

@ -61,6 +61,7 @@ class PluginHost {
const HOOK_GET_FULL_TEXT = 41;
const HOOK_ARTICLE_IMAGE = 42;
const HOOK_FEED_TREE = 43;
const HOOK_IFRAME_WHITELISTED = 44;
const KIND_ALL = 1;
const KIND_SYSTEM = 2;

6
include/functions.php
View File

@ -1250,13 +1250,11 @@
}
function iframe_whitelisted($entry) {
$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
if ($src) {
foreach ($whitelist as $w) {
if ($src == $w || $src == "www.$w")
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
if ($plugin->hook_iframe_whitelisted($src))
return true;
}
}