remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)
This commit is contained in:
parent
e5b7b145e5
commit
d15f0349bf
|
@ -61,6 +61,7 @@ class PluginHost {
|
||||||
const HOOK_GET_FULL_TEXT = 41;
|
const HOOK_GET_FULL_TEXT = 41;
|
||||||
const HOOK_ARTICLE_IMAGE = 42;
|
const HOOK_ARTICLE_IMAGE = 42;
|
||||||
const HOOK_FEED_TREE = 43;
|
const HOOK_FEED_TREE = 43;
|
||||||
|
const HOOK_IFRAME_WHITELISTED = 44;
|
||||||
|
|
||||||
const KIND_ALL = 1;
|
const KIND_ALL = 1;
|
||||||
const KIND_SYSTEM = 2;
|
const KIND_SYSTEM = 2;
|
||||||
|
|
|
@ -1250,13 +1250,11 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
function iframe_whitelisted($entry) {
|
function iframe_whitelisted($entry) {
|
||||||
$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
|
|
||||||
|
|
||||||
@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
|
@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
|
||||||
|
|
||||||
if ($src) {
|
if ($src) {
|
||||||
foreach ($whitelist as $w) {
|
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
|
||||||
if ($src == $w || $src == "www.$w")
|
if ($plugin->hook_iframe_whitelisted($src))
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue