Merge pull request #4179 from MrPetovan/bug/4173-fix-oembed-iframe-url

Fix OEmbed iframe
This commit is contained in:
Michael Vogel 2018-01-07 09:28:44 +01:00 committed by GitHub
commit 1fdde9b140
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 108 additions and 86 deletions

View file

@ -40,8 +40,19 @@ function bb_map_location($match) {
return str_replace($match[0], '<div class="map" >' . Map::byLocation($match[1]) . '</div>', $match[0]); return str_replace($match[0], '<div class="map" >' . Map::byLocation($match[1]) . '</div>', $match[0]);
} }
function bb_attachment($Text, $simplehtml = false, $tryoembed = true) { /**
* Processes [attachment] tags
*
* Note: Can produce a [bookmark] tag in the returned string
*
* @brief Processes [attachment] tags
* @param string $Text
* @param bool|int $simplehtml
* @param bool $tryoembed
* @return string
*/
function bb_attachment($Text, $simplehtml = false, $tryoembed = true)
{
$data = get_attachment_data($Text); $data = get_attachment_data($Text);
if (!$data) { if (!$data) {
return $Text; return $Text;
@ -52,10 +63,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
$data["title"] = str_replace(array("http://", "https://"), "", $data["title"]); $data["title"] = str_replace(array("http://", "https://"), "", $data["title"]);
} }
if (((strpos($data["text"], "[img=") !== false) if (((strpos($data["text"], "[img=") !== false) || (strpos($data["text"], "[img]") !== false) || Config::get('system', 'always_show_preview')) && ($data["image"] != "")) {
|| (strpos($data["text"], "[img]") !== false)
|| Config::get('system', 'always_show_preview'))
&& ($data["image"] != "")) {
$data["preview"] = $data["image"]; $data["preview"] = $data["image"];
$data["image"] = ""; $data["image"] = "";
} }
@ -69,14 +77,16 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
$text = sprintf('<span class="type-%s">', $data["type"]); $text = sprintf('<span class="type-%s">', $data["type"]);
} }
$bookmark = array(sprintf('[bookmark=%s]%s[/bookmark]', $data["url"], $data["title"]), $data["url"], $data["title"]); $oembed = sprintf('[bookmark=%s]%s[/bookmark]', $data['url'], $data['title']);
if ($tryoembed) { if ($tryoembed) {
$oembed = tryoembed($bookmark); try {
} else { $oembed = OEmbed::getHTML($data['url'], $data['title']);
$oembed = $bookmark[0]; } catch (Exception $e) {
// $oembed isn't modified
}
} }
if (strstr(strtolower($oembed), "<iframe ")) { if (stripos($oembed, "<iframe ") !== false) {
$text = $oembed; $text = $oembed;
} else { } else {
if (($data["image"] != "") && !strstr(strtolower($oembed), "<img ")) { if (($data["image"] != "") && !strstr(strtolower($oembed), "<img ")) {
@ -100,7 +110,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
$text .= '</span>'; $text .= '</span>';
} }
} }
return trim($data["text"].' '.$text.' '.$data["after"]); return trim($data["text"] . ' ' . $text . ' ' . $data["after"]);
} }
function bb_remove_share_information($Text, $plaintext = false, $nolink = false) { function bb_remove_share_information($Text, $plaintext = false, $nolink = false) {
@ -223,32 +233,6 @@ function stripcode_br_cb($s) {
return '[code]' . str_replace('<br />', '', $s[1]) . '[/code]'; return '[code]' . str_replace('<br />', '', $s[1]) . '[/code]';
} }
function tryoembed($match) {
$url = $match[1];
// Always embed the SSL version
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
$o = OEmbed::fetchURL($url);
if (!is_object($o)) {
return $match[0];
}
if (isset($match[2])) {
$o->title = $match[2];
}
if ($o->type == "error") {
return $match[0];
}
$html = OEmbed::formatObject($o);
return $html;
}
/* /*
* [noparse][i]italic[/i][/noparse] turns into * [noparse][i]italic[/i][/noparse] turns into
* [noparse][ i ]italic[ /i ][/noparse], * [noparse][ i ]italic[ /i ][/noparse],
@ -432,6 +416,16 @@ function bb_replace_images($body, $images) {
return $newbody; return $newbody;
} }
/**
* Processes [share] tags
*
* Note: Can produce a [bookmark] tag in the output
*
* @brief Processes [share] tags
* @param array $share preg_match_callback result array
* @param bool|int $simplehtml
* @return string
*/
function bb_ShareAttributes($share, $simplehtml) function bb_ShareAttributes($share, $simplehtml)
{ {
$attributes = $share[2]; $attributes = $share[2];
@ -520,7 +514,6 @@ function bb_ShareAttributes($share, $simplehtml)
} }
$preshare = trim($share[1]); $preshare = trim($share[1]);
if ($preshare != "") { if ($preshare != "") {
$preshare .= "<br /><br />"; $preshare .= "<br /><br />";
} }
@ -541,7 +534,7 @@ function bb_ShareAttributes($share, $simplehtml)
$text .= "<hr />"; $text .= "<hr />";
} }
if (substr(normalise_link($link), 0, 19) != "http://twitter.com/") { if (stripos(normalise_link($link), 'http://twitter.com/') === 0) {
$text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />"; $text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />";
if ($link != "") { if ($link != "") {
@ -586,6 +579,16 @@ function bb_ShareAttributes($share, $simplehtml)
} }
break; break;
default: default:
// Transforms quoted tweets in rich attachments to avoid nested tweets
if (stripos(normalise_link($link), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($link)) {
try {
$oembed = OEmbed::getHTML($link, $preshare);
} catch (Exception $e) {
$oembed = sprintf('[bookmark=%s]%s[/bookmark]', $link, $preshare);
}
$text = $preshare . $oembed;
} else {
$text = trim($share[1]) . "\n"; $text = trim($share[1]) . "\n";
$avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB); $avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
@ -598,8 +601,8 @@ function bb_ShareAttributes($share, $simplehtml)
'$link' => $link, '$link' => $link,
'$posted' => $posted, '$posted' => $posted,
'$content' => trim($share[3]) '$content' => trim($share[3])
) ));
); }
break; break;
} }

View file

@ -15,6 +15,7 @@ use dba;
use DOMDocument; use DOMDocument;
use DOMXPath; use DOMXPath;
use DOMNode; use DOMNode;
use Exception;
require_once 'include/dba.php'; require_once 'include/dba.php';
require_once 'mod/proxy.php'; require_once 'mod/proxy.php';
@ -160,8 +161,8 @@ class OEmbed
public static function formatObject($j) public static function formatObject($j)
{ {
$embedurl = $j->embedurl; $embedurl = $j->embedurl;
$jhtml = self::iframe($j->embedurl, (isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null)); $jhtml = $j->html;
$ret = "<span class='oembed " . $j->type . "'>"; $ret = '<div class="oembed ' . $j->type . '">';
switch ($j->type) { switch ($j->type) {
case "video": case "video":
if (isset($j->thumbnail_url)) { if (isset($j->thumbnail_url)) {
@ -173,7 +174,7 @@ class OEmbed
$th = 120; $th = 120;
$tw = $th * $tr; $tw = $th * $tr;
$tpl = get_markup_template('oembed_video.tpl'); $tpl = get_markup_template('oembed_video.tpl');
$ret.=replace_macros($tpl, array( $ret .= replace_macros($tpl, array(
'$baseurl' => System::baseUrl(), '$baseurl' => System::baseUrl(),
'$embedurl' => $embedurl, '$embedurl' => $embedurl,
'$escapedhtml' => base64_encode($jhtml), '$escapedhtml' => base64_encode($jhtml),
@ -184,33 +185,32 @@ class OEmbed
} else { } else {
$ret = $jhtml; $ret = $jhtml;
} }
//$ret.="<br>";
break; break;
case "photo": case "photo":
$ret.= "<img width='" . $j->width . "' src='" . proxy_url($j->url) . "'>"; $ret .= '<img width="' . $j->width . '" src="' . proxy_url($j->url) . '">';
break; break;
case "link": case "link":
break; break;
case "rich": case "rich":
// not so safe..
if (self::isAllowedURL($embedurl)) { if (self::isAllowedURL($embedurl)) {
$ret .= proxy_parse_html($jhtml); $ret .= proxy_parse_html($jhtml);
} }
break; break;
} }
$ret .= '</div>';
// add link to source if not present in "rich" type // add link to source if not present in "rich" type
if ($j->type != 'rich' || !strpos($j->html, $embedurl)) { if ($j->type != 'rich' || !strpos($j->html, $embedurl)) {
$ret .= "<h4>"; $ret .= '<h4>';
if (isset($j->title)) { if (isset($j->title)) {
if (isset($j->provider_name)) { if (isset($j->provider_name)) {
$ret .= $j->provider_name . ": "; $ret .= $j->provider_name . ": ";
} }
$embedlink = (isset($j->title)) ? $j->title : $embedurl; $embedlink = (isset($j->title)) ? $j->title : $embedurl;
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>"; $ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
if (isset($j->author_name)) { if (isset($j->author_name)) {
$ret.=" (" . $j->author_name . ")"; $ret .= ' (' . $j->author_name . ')';
} }
} elseif (isset($j->provider_name) || isset($j->author_name)) { } elseif (isset($j->provider_name) || isset($j->author_name)) {
$embedlink = ""; $embedlink = "";
@ -229,16 +229,14 @@ class OEmbed
$embedlink = $embedurl; $embedlink = $embedurl;
} }
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>"; $ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
} }
//if (isset($j->author_name)) $ret.=" by ".$j->author_name;
//if (isset($j->provider_name)) $ret.=" on ".$j->provider_name;
$ret .= "</h4>"; $ret .= "</h4>";
} else { } elseif (!strpos($j->html, $embedurl)) {
// add <a> for html2bbcode conversion // add <a> for html2bbcode conversion
$ret .= "<a href='$embedurl' rel='oembed'>$embedurl</a>"; $ret .= '<a href="' . $embedurl . '" rel="oembed">' . $j->title . '</a>';
} }
$ret.="</span>";
$ret = str_replace("\n", "", $ret); $ret = str_replace("\n", "", $ret);
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret)); return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
} }
@ -272,7 +270,7 @@ class OEmbed
$xpath = new DOMXPath($dom); $xpath = new DOMXPath($dom);
$xattr = self::buildXPath("class", "oembed"); $xattr = self::buildXPath("class", "oembed");
$entries = $xpath->query("//span[$xattr]"); $entries = $xpath->query("//div[$xattr]");
$xattr = "@rel='oembed'"; //oe_build_xpath("rel","oembed"); $xattr = "@rel='oembed'"; //oe_build_xpath("rel","oembed");
foreach ($entries as $e) { foreach ($entries as $e) {
@ -287,6 +285,48 @@ class OEmbed
} }
} }
/**
* Determines if rich content OEmbed is allowed for the provided URL
*
* @brief Determines if rich content OEmbed is allowed for the provided URL
* @param string $url
* @return boolean
*/
public static function isAllowedURL($url)
{
if (!Config::get('system', 'no_oembed_rich_content')) {
return true;
}
$domain = parse_url($url, PHP_URL_HOST);
$str_allowed = Config::get('system', 'allowed_oembed', '');
$allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed, true);
}
public static function getHTML($url, $title = null)
{
// Always embed the SSL version
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
$o = OEmbed::fetchURL($url);
if (!is_object($o) || $o->type == 'error') {
throw new Exception('OEmbed failed for URL: ' . $url);
}
if (x($title)) {
$o->title = $title;
}
$html = OEmbed::formatObject($o);
return $html;
}
/** /**
* @brief Generates the iframe HTML for an oembed attachment. * @brief Generates the iframe HTML for an oembed attachment.
* *
@ -299,6 +339,8 @@ class OEmbed
* Since the iframe is automatically resized on load, there are no need for ugly * Since the iframe is automatically resized on load, there are no need for ugly
* and impractical scrollbars. * and impractical scrollbars.
* *
* @todo This function is currently unused until someone™ adds support for a separate OEmbed domain
*
* @param string $src Original remote URL to embed * @param string $src Original remote URL to embed
* @param string $width * @param string $width
* @param string $height * @param string $height
@ -315,10 +357,7 @@ class OEmbed
} }
$width = '100%'; $width = '100%';
// Only proxy OEmbed URLs to avoid mixed-content errors
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL && parse_url($src, PHP_URL_SCHEME) !== 'https') {
$src = System::baseUrl() . '/oembed/' . base64url_encode($src); $src = System::baseUrl() . '/oembed/' . base64url_encode($src);
}
return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>'; return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>';
} }
@ -356,24 +395,4 @@ class OEmbed
return $innerHTML; return $innerHTML;
} }
/**
* Determines if rich content OEmbed is allowed for the provided URL
*
* @brief Determines if rich content OEmbed is allowed for the provided URL
* @param string $url
* @return boolean
*/
private static function isAllowedURL($url)
{
if (!Config::get('system', 'no_oembed_rich_content')) {
return true;
}
$domain = parse_url($url, PHP_URL_HOST);
$str_allowed = Config::get('system', 'allowed_oembed', '');
$allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed, true);
}
} }