1
1
Fork 0

Fix allowed_email()

- Reworked allowed_domain
- Added more variable checks to allowed_email() and
OEmbed::isAllowedURL()
This commit is contained in:
Hypolite Petovan 2018-01-07 19:10:09 -05:00
parent 6496a721ea
commit 4a20bcd6f0
3 changed files with 25 additions and 20 deletions

View file

@ -609,11 +609,15 @@ function blocked_url($url)
function allowed_email($email)
{
$domain = strtolower(substr($email, strpos($email, '@') + 1));
if (! $domain) {
if (!$domain) {
return false;
}
$str_allowed = Config::get('system', 'allowed_email', '');
if (!x($str_allowed)) {
return true;
}
$allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed);
@ -622,29 +626,23 @@ function allowed_email($email)
/**
* Checks for the existence of a domain in a domain list
*
* If strict is not set, an empty domain list counts as found
*
* @brief Checks for the existence of a domain in a domain list
* @param string $domain
* @param array $domain_list
* @param bool $strict
* @param array $domain_list
* @return boolean
*/
function allowed_domain($domain, array $domain_list, $strict = false)
function allowed_domain($domain, array $domain_list)
{
$found = false;
if (count($domain_list)) {
foreach ($domain_list as $item) {
$pat = strtolower(trim($item));
if (fnmatch($pat, $domain) || ($pat == $domain)) {
$found = true;
break;
}
foreach ($domain_list as $item) {
$pat = strtolower(trim($item));
if (fnmatch($pat, $domain) || ($pat == $domain)) {
$found = true;
break;
}
} elseif(!$strict) {
$found = true;
}
return $found;
}

View file

@ -237,15 +237,15 @@ function register_content(App $a)
$license = '';
$o = get_markup_template("register.tpl");
$tpl = get_markup_template("register.tpl");
$arr = array('template' => $o);
$arr = array('template' => $tpl);
call_hooks('register_form', $arr);
$o = $arr['template'];
$tpl = $arr['template'];
$o = replace_macros($o, [
$o = replace_macros($tpl, [
'$oidhtml' => $oidhtml,
'$invitations' => Config::get('system', 'invitation_only'),
'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,

View file

@ -299,11 +299,18 @@ class OEmbed
}
$domain = parse_url($url, PHP_URL_HOST);
if (!x($domain)) {
return false;
}
$str_allowed = Config::get('system', 'allowed_oembed', '');
if (!x($str_allowed)) {
return false;
}
$allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed, true);
return allowed_domain($domain, $allowed);
}
public static function getHTML($url, $title = null)