Fix allowed_email()
- Reworked allowed_domain - Added more variable checks to allowed_email() and OEmbed::isAllowedURL()
This commit is contained in:
parent
6496a721ea
commit
4a20bcd6f0
3 changed files with 25 additions and 20 deletions
|
@ -609,11 +609,15 @@ function blocked_url($url)
|
|||
function allowed_email($email)
|
||||
{
|
||||
$domain = strtolower(substr($email, strpos($email, '@') + 1));
|
||||
if (! $domain) {
|
||||
if (!$domain) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$str_allowed = Config::get('system', 'allowed_email', '');
|
||||
if (!x($str_allowed)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$allowed = explode(',', $str_allowed);
|
||||
|
||||
return allowed_domain($domain, $allowed);
|
||||
|
@ -622,29 +626,23 @@ function allowed_email($email)
|
|||
/**
|
||||
* Checks for the existence of a domain in a domain list
|
||||
*
|
||||
* If strict is not set, an empty domain list counts as found
|
||||
*
|
||||
* @brief Checks for the existence of a domain in a domain list
|
||||
* @param string $domain
|
||||
* @param array $domain_list
|
||||
* @param bool $strict
|
||||
* @param array $domain_list
|
||||
* @return boolean
|
||||
*/
|
||||
function allowed_domain($domain, array $domain_list, $strict = false)
|
||||
function allowed_domain($domain, array $domain_list)
|
||||
{
|
||||
$found = false;
|
||||
|
||||
if (count($domain_list)) {
|
||||
foreach ($domain_list as $item) {
|
||||
$pat = strtolower(trim($item));
|
||||
if (fnmatch($pat, $domain) || ($pat == $domain)) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
foreach ($domain_list as $item) {
|
||||
$pat = strtolower(trim($item));
|
||||
if (fnmatch($pat, $domain) || ($pat == $domain)) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
} elseif(!$strict) {
|
||||
$found = true;
|
||||
}
|
||||
|
||||
return $found;
|
||||
}
|
||||
|
||||
|
|
|
@ -237,15 +237,15 @@ function register_content(App $a)
|
|||
|
||||
$license = '';
|
||||
|
||||
$o = get_markup_template("register.tpl");
|
||||
$tpl = get_markup_template("register.tpl");
|
||||
|
||||
$arr = array('template' => $o);
|
||||
$arr = array('template' => $tpl);
|
||||
|
||||
call_hooks('register_form', $arr);
|
||||
|
||||
$o = $arr['template'];
|
||||
$tpl = $arr['template'];
|
||||
|
||||
$o = replace_macros($o, [
|
||||
$o = replace_macros($tpl, [
|
||||
'$oidhtml' => $oidhtml,
|
||||
'$invitations' => Config::get('system', 'invitation_only'),
|
||||
'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,
|
||||
|
|
|
@ -299,11 +299,18 @@ class OEmbed
|
|||
}
|
||||
|
||||
$domain = parse_url($url, PHP_URL_HOST);
|
||||
if (!x($domain)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
||||
if (!x($str_allowed)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$allowed = explode(',', $str_allowed);
|
||||
|
||||
return allowed_domain($domain, $allowed, true);
|
||||
return allowed_domain($domain, $allowed);
|
||||
}
|
||||
|
||||
public static function getHTML($url, $title = null)
|
||||
|
|
Loading…
Reference in a new issue