Merge pull request #4179 from MrPetovan/bug/4173-fix-oembed-iframe-url
Fix OEmbed iframe
This commit is contained in:
commit
1fdde9b140
2 changed files with 108 additions and 86 deletions
|
@ -40,8 +40,19 @@ function bb_map_location($match) {
|
||||||
return str_replace($match[0], '<div class="map" >' . Map::byLocation($match[1]) . '</div>', $match[0]);
|
return str_replace($match[0], '<div class="map" >' . Map::byLocation($match[1]) . '</div>', $match[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
/**
|
||||||
|
* Processes [attachment] tags
|
||||||
|
*
|
||||||
|
* Note: Can produce a [bookmark] tag in the returned string
|
||||||
|
*
|
||||||
|
* @brief Processes [attachment] tags
|
||||||
|
* @param string $Text
|
||||||
|
* @param bool|int $simplehtml
|
||||||
|
* @param bool $tryoembed
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
function bb_attachment($Text, $simplehtml = false, $tryoembed = true)
|
||||||
|
{
|
||||||
$data = get_attachment_data($Text);
|
$data = get_attachment_data($Text);
|
||||||
if (!$data) {
|
if (!$data) {
|
||||||
return $Text;
|
return $Text;
|
||||||
|
@ -52,10 +63,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
||||||
$data["title"] = str_replace(array("http://", "https://"), "", $data["title"]);
|
$data["title"] = str_replace(array("http://", "https://"), "", $data["title"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (((strpos($data["text"], "[img=") !== false)
|
if (((strpos($data["text"], "[img=") !== false) || (strpos($data["text"], "[img]") !== false) || Config::get('system', 'always_show_preview')) && ($data["image"] != "")) {
|
||||||
|| (strpos($data["text"], "[img]") !== false)
|
|
||||||
|| Config::get('system', 'always_show_preview'))
|
|
||||||
&& ($data["image"] != "")) {
|
|
||||||
$data["preview"] = $data["image"];
|
$data["preview"] = $data["image"];
|
||||||
$data["image"] = "";
|
$data["image"] = "";
|
||||||
}
|
}
|
||||||
|
@ -69,14 +77,16 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
||||||
$text = sprintf('<span class="type-%s">', $data["type"]);
|
$text = sprintf('<span class="type-%s">', $data["type"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$bookmark = array(sprintf('[bookmark=%s]%s[/bookmark]', $data["url"], $data["title"]), $data["url"], $data["title"]);
|
$oembed = sprintf('[bookmark=%s]%s[/bookmark]', $data['url'], $data['title']);
|
||||||
if ($tryoembed) {
|
if ($tryoembed) {
|
||||||
$oembed = tryoembed($bookmark);
|
try {
|
||||||
} else {
|
$oembed = OEmbed::getHTML($data['url'], $data['title']);
|
||||||
$oembed = $bookmark[0];
|
} catch (Exception $e) {
|
||||||
|
// $oembed isn't modified
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strstr(strtolower($oembed), "<iframe ")) {
|
if (stripos($oembed, "<iframe ") !== false) {
|
||||||
$text = $oembed;
|
$text = $oembed;
|
||||||
} else {
|
} else {
|
||||||
if (($data["image"] != "") && !strstr(strtolower($oembed), "<img ")) {
|
if (($data["image"] != "") && !strstr(strtolower($oembed), "<img ")) {
|
||||||
|
@ -100,7 +110,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
||||||
$text .= '</span>';
|
$text .= '</span>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return trim($data["text"].' '.$text.' '.$data["after"]);
|
return trim($data["text"] . ' ' . $text . ' ' . $data["after"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
function bb_remove_share_information($Text, $plaintext = false, $nolink = false) {
|
function bb_remove_share_information($Text, $plaintext = false, $nolink = false) {
|
||||||
|
@ -223,32 +233,6 @@ function stripcode_br_cb($s) {
|
||||||
return '[code]' . str_replace('<br />', '', $s[1]) . '[/code]';
|
return '[code]' . str_replace('<br />', '', $s[1]) . '[/code]';
|
||||||
}
|
}
|
||||||
|
|
||||||
function tryoembed($match) {
|
|
||||||
$url = $match[1];
|
|
||||||
|
|
||||||
// Always embed the SSL version
|
|
||||||
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
|
|
||||||
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
|
|
||||||
|
|
||||||
$o = OEmbed::fetchURL($url);
|
|
||||||
|
|
||||||
if (!is_object($o)) {
|
|
||||||
return $match[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($match[2])) {
|
|
||||||
$o->title = $match[2];
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($o->type == "error") {
|
|
||||||
return $match[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
$html = OEmbed::formatObject($o);
|
|
||||||
|
|
||||||
return $html;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* [noparse][i]italic[/i][/noparse] turns into
|
* [noparse][i]italic[/i][/noparse] turns into
|
||||||
* [noparse][ i ]italic[ /i ][/noparse],
|
* [noparse][ i ]italic[ /i ][/noparse],
|
||||||
|
@ -432,6 +416,16 @@ function bb_replace_images($body, $images) {
|
||||||
return $newbody;
|
return $newbody;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Processes [share] tags
|
||||||
|
*
|
||||||
|
* Note: Can produce a [bookmark] tag in the output
|
||||||
|
*
|
||||||
|
* @brief Processes [share] tags
|
||||||
|
* @param array $share preg_match_callback result array
|
||||||
|
* @param bool|int $simplehtml
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function bb_ShareAttributes($share, $simplehtml)
|
function bb_ShareAttributes($share, $simplehtml)
|
||||||
{
|
{
|
||||||
$attributes = $share[2];
|
$attributes = $share[2];
|
||||||
|
@ -520,7 +514,6 @@ function bb_ShareAttributes($share, $simplehtml)
|
||||||
}
|
}
|
||||||
|
|
||||||
$preshare = trim($share[1]);
|
$preshare = trim($share[1]);
|
||||||
|
|
||||||
if ($preshare != "") {
|
if ($preshare != "") {
|
||||||
$preshare .= "<br /><br />";
|
$preshare .= "<br /><br />";
|
||||||
}
|
}
|
||||||
|
@ -541,7 +534,7 @@ function bb_ShareAttributes($share, $simplehtml)
|
||||||
$text .= "<hr />";
|
$text .= "<hr />";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (substr(normalise_link($link), 0, 19) != "http://twitter.com/") {
|
if (stripos(normalise_link($link), 'http://twitter.com/') === 0) {
|
||||||
$text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />";
|
$text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />";
|
||||||
|
|
||||||
if ($link != "") {
|
if ($link != "") {
|
||||||
|
@ -586,6 +579,16 @@ function bb_ShareAttributes($share, $simplehtml)
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
// Transforms quoted tweets in rich attachments to avoid nested tweets
|
||||||
|
if (stripos(normalise_link($link), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($link)) {
|
||||||
|
try {
|
||||||
|
$oembed = OEmbed::getHTML($link, $preshare);
|
||||||
|
} catch (Exception $e) {
|
||||||
|
$oembed = sprintf('[bookmark=%s]%s[/bookmark]', $link, $preshare);
|
||||||
|
}
|
||||||
|
|
||||||
|
$text = $preshare . $oembed;
|
||||||
|
} else {
|
||||||
$text = trim($share[1]) . "\n";
|
$text = trim($share[1]) . "\n";
|
||||||
|
|
||||||
$avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
|
$avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
|
||||||
|
@ -598,8 +601,8 @@ function bb_ShareAttributes($share, $simplehtml)
|
||||||
'$link' => $link,
|
'$link' => $link,
|
||||||
'$posted' => $posted,
|
'$posted' => $posted,
|
||||||
'$content' => trim($share[3])
|
'$content' => trim($share[3])
|
||||||
)
|
));
|
||||||
);
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ use dba;
|
||||||
use DOMDocument;
|
use DOMDocument;
|
||||||
use DOMXPath;
|
use DOMXPath;
|
||||||
use DOMNode;
|
use DOMNode;
|
||||||
|
use Exception;
|
||||||
|
|
||||||
require_once 'include/dba.php';
|
require_once 'include/dba.php';
|
||||||
require_once 'mod/proxy.php';
|
require_once 'mod/proxy.php';
|
||||||
|
@ -160,8 +161,8 @@ class OEmbed
|
||||||
public static function formatObject($j)
|
public static function formatObject($j)
|
||||||
{
|
{
|
||||||
$embedurl = $j->embedurl;
|
$embedurl = $j->embedurl;
|
||||||
$jhtml = self::iframe($j->embedurl, (isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null));
|
$jhtml = $j->html;
|
||||||
$ret = "<span class='oembed " . $j->type . "'>";
|
$ret = '<div class="oembed ' . $j->type . '">';
|
||||||
switch ($j->type) {
|
switch ($j->type) {
|
||||||
case "video":
|
case "video":
|
||||||
if (isset($j->thumbnail_url)) {
|
if (isset($j->thumbnail_url)) {
|
||||||
|
@ -173,7 +174,7 @@ class OEmbed
|
||||||
$th = 120;
|
$th = 120;
|
||||||
$tw = $th * $tr;
|
$tw = $th * $tr;
|
||||||
$tpl = get_markup_template('oembed_video.tpl');
|
$tpl = get_markup_template('oembed_video.tpl');
|
||||||
$ret.=replace_macros($tpl, array(
|
$ret .= replace_macros($tpl, array(
|
||||||
'$baseurl' => System::baseUrl(),
|
'$baseurl' => System::baseUrl(),
|
||||||
'$embedurl' => $embedurl,
|
'$embedurl' => $embedurl,
|
||||||
'$escapedhtml' => base64_encode($jhtml),
|
'$escapedhtml' => base64_encode($jhtml),
|
||||||
|
@ -184,33 +185,32 @@ class OEmbed
|
||||||
} else {
|
} else {
|
||||||
$ret = $jhtml;
|
$ret = $jhtml;
|
||||||
}
|
}
|
||||||
//$ret.="<br>";
|
|
||||||
break;
|
break;
|
||||||
case "photo":
|
case "photo":
|
||||||
$ret.= "<img width='" . $j->width . "' src='" . proxy_url($j->url) . "'>";
|
$ret .= '<img width="' . $j->width . '" src="' . proxy_url($j->url) . '">';
|
||||||
break;
|
break;
|
||||||
case "link":
|
case "link":
|
||||||
break;
|
break;
|
||||||
case "rich":
|
case "rich":
|
||||||
// not so safe..
|
|
||||||
if (self::isAllowedURL($embedurl)) {
|
if (self::isAllowedURL($embedurl)) {
|
||||||
$ret .= proxy_parse_html($jhtml);
|
$ret .= proxy_parse_html($jhtml);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$ret .= '</div>';
|
||||||
// add link to source if not present in "rich" type
|
// add link to source if not present in "rich" type
|
||||||
if ($j->type != 'rich' || !strpos($j->html, $embedurl)) {
|
if ($j->type != 'rich' || !strpos($j->html, $embedurl)) {
|
||||||
$ret .= "<h4>";
|
$ret .= '<h4>';
|
||||||
if (isset($j->title)) {
|
if (isset($j->title)) {
|
||||||
if (isset($j->provider_name)) {
|
if (isset($j->provider_name)) {
|
||||||
$ret .= $j->provider_name . ": ";
|
$ret .= $j->provider_name . ": ";
|
||||||
}
|
}
|
||||||
|
|
||||||
$embedlink = (isset($j->title)) ? $j->title : $embedurl;
|
$embedlink = (isset($j->title)) ? $j->title : $embedurl;
|
||||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>";
|
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
|
||||||
if (isset($j->author_name)) {
|
if (isset($j->author_name)) {
|
||||||
$ret.=" (" . $j->author_name . ")";
|
$ret .= ' (' . $j->author_name . ')';
|
||||||
}
|
}
|
||||||
} elseif (isset($j->provider_name) || isset($j->author_name)) {
|
} elseif (isset($j->provider_name) || isset($j->author_name)) {
|
||||||
$embedlink = "";
|
$embedlink = "";
|
||||||
|
@ -229,16 +229,14 @@ class OEmbed
|
||||||
$embedlink = $embedurl;
|
$embedlink = $embedurl;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>";
|
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
|
||||||
}
|
}
|
||||||
//if (isset($j->author_name)) $ret.=" by ".$j->author_name;
|
|
||||||
//if (isset($j->provider_name)) $ret.=" on ".$j->provider_name;
|
|
||||||
$ret .= "</h4>";
|
$ret .= "</h4>";
|
||||||
} else {
|
} elseif (!strpos($j->html, $embedurl)) {
|
||||||
// add <a> for html2bbcode conversion
|
// add <a> for html2bbcode conversion
|
||||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedurl</a>";
|
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $j->title . '</a>';
|
||||||
}
|
}
|
||||||
$ret.="</span>";
|
|
||||||
$ret = str_replace("\n", "", $ret);
|
$ret = str_replace("\n", "", $ret);
|
||||||
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
||||||
}
|
}
|
||||||
|
@ -272,7 +270,7 @@ class OEmbed
|
||||||
$xpath = new DOMXPath($dom);
|
$xpath = new DOMXPath($dom);
|
||||||
|
|
||||||
$xattr = self::buildXPath("class", "oembed");
|
$xattr = self::buildXPath("class", "oembed");
|
||||||
$entries = $xpath->query("//span[$xattr]");
|
$entries = $xpath->query("//div[$xattr]");
|
||||||
|
|
||||||
$xattr = "@rel='oembed'"; //oe_build_xpath("rel","oembed");
|
$xattr = "@rel='oembed'"; //oe_build_xpath("rel","oembed");
|
||||||
foreach ($entries as $e) {
|
foreach ($entries as $e) {
|
||||||
|
@ -287,6 +285,48 @@ class OEmbed
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determines if rich content OEmbed is allowed for the provided URL
|
||||||
|
*
|
||||||
|
* @brief Determines if rich content OEmbed is allowed for the provided URL
|
||||||
|
* @param string $url
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public static function isAllowedURL($url)
|
||||||
|
{
|
||||||
|
if (!Config::get('system', 'no_oembed_rich_content')) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$domain = parse_url($url, PHP_URL_HOST);
|
||||||
|
|
||||||
|
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
||||||
|
$allowed = explode(',', $str_allowed);
|
||||||
|
|
||||||
|
return allowed_domain($domain, $allowed, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getHTML($url, $title = null)
|
||||||
|
{
|
||||||
|
// Always embed the SSL version
|
||||||
|
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
|
||||||
|
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
|
||||||
|
|
||||||
|
$o = OEmbed::fetchURL($url);
|
||||||
|
|
||||||
|
if (!is_object($o) || $o->type == 'error') {
|
||||||
|
throw new Exception('OEmbed failed for URL: ' . $url);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (x($title)) {
|
||||||
|
$o->title = $title;
|
||||||
|
}
|
||||||
|
|
||||||
|
$html = OEmbed::formatObject($o);
|
||||||
|
|
||||||
|
return $html;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Generates the iframe HTML for an oembed attachment.
|
* @brief Generates the iframe HTML for an oembed attachment.
|
||||||
*
|
*
|
||||||
|
@ -299,6 +339,8 @@ class OEmbed
|
||||||
* Since the iframe is automatically resized on load, there are no need for ugly
|
* Since the iframe is automatically resized on load, there are no need for ugly
|
||||||
* and impractical scrollbars.
|
* and impractical scrollbars.
|
||||||
*
|
*
|
||||||
|
* @todo This function is currently unused until someone™ adds support for a separate OEmbed domain
|
||||||
|
*
|
||||||
* @param string $src Original remote URL to embed
|
* @param string $src Original remote URL to embed
|
||||||
* @param string $width
|
* @param string $width
|
||||||
* @param string $height
|
* @param string $height
|
||||||
|
@ -315,10 +357,7 @@ class OEmbed
|
||||||
}
|
}
|
||||||
$width = '100%';
|
$width = '100%';
|
||||||
|
|
||||||
// Only proxy OEmbed URLs to avoid mixed-content errors
|
|
||||||
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL && parse_url($src, PHP_URL_SCHEME) !== 'https') {
|
|
||||||
$src = System::baseUrl() . '/oembed/' . base64url_encode($src);
|
$src = System::baseUrl() . '/oembed/' . base64url_encode($src);
|
||||||
}
|
|
||||||
return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>';
|
return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -356,24 +395,4 @@ class OEmbed
|
||||||
return $innerHTML;
|
return $innerHTML;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Determines if rich content OEmbed is allowed for the provided URL
|
|
||||||
*
|
|
||||||
* @brief Determines if rich content OEmbed is allowed for the provided URL
|
|
||||||
* @param string $url
|
|
||||||
* @return boolean
|
|
||||||
*/
|
|
||||||
private static function isAllowedURL($url)
|
|
||||||
{
|
|
||||||
if (!Config::get('system', 'no_oembed_rich_content')) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
$domain = parse_url($url, PHP_URL_HOST);
|
|
||||||
|
|
||||||
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
|
||||||
$allowed = explode(',', $str_allowed);
|
|
||||||
|
|
||||||
return allowed_domain($domain, $allowed, true);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue