Merge pull request #4179 from MrPetovan/bug/4173-fix-oembed-iframe-url
Fix OEmbed iframe
This commit is contained in:
commit
1fdde9b140
2 changed files with 108 additions and 86 deletions
|
@ -40,8 +40,19 @@ function bb_map_location($match) {
|
|||
return str_replace($match[0], '<div class="map" >' . Map::byLocation($match[1]) . '</div>', $match[0]);
|
||||
}
|
||||
|
||||
function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
||||
|
||||
/**
|
||||
* Processes [attachment] tags
|
||||
*
|
||||
* Note: Can produce a [bookmark] tag in the returned string
|
||||
*
|
||||
* @brief Processes [attachment] tags
|
||||
* @param string $Text
|
||||
* @param bool|int $simplehtml
|
||||
* @param bool $tryoembed
|
||||
* @return string
|
||||
*/
|
||||
function bb_attachment($Text, $simplehtml = false, $tryoembed = true)
|
||||
{
|
||||
$data = get_attachment_data($Text);
|
||||
if (!$data) {
|
||||
return $Text;
|
||||
|
@ -52,10 +63,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
|||
$data["title"] = str_replace(array("http://", "https://"), "", $data["title"]);
|
||||
}
|
||||
|
||||
if (((strpos($data["text"], "[img=") !== false)
|
||||
|| (strpos($data["text"], "[img]") !== false)
|
||||
|| Config::get('system', 'always_show_preview'))
|
||||
&& ($data["image"] != "")) {
|
||||
if (((strpos($data["text"], "[img=") !== false) || (strpos($data["text"], "[img]") !== false) || Config::get('system', 'always_show_preview')) && ($data["image"] != "")) {
|
||||
$data["preview"] = $data["image"];
|
||||
$data["image"] = "";
|
||||
}
|
||||
|
@ -69,14 +77,16 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
|||
$text = sprintf('<span class="type-%s">', $data["type"]);
|
||||
}
|
||||
|
||||
$bookmark = array(sprintf('[bookmark=%s]%s[/bookmark]', $data["url"], $data["title"]), $data["url"], $data["title"]);
|
||||
$oembed = sprintf('[bookmark=%s]%s[/bookmark]', $data['url'], $data['title']);
|
||||
if ($tryoembed) {
|
||||
$oembed = tryoembed($bookmark);
|
||||
} else {
|
||||
$oembed = $bookmark[0];
|
||||
try {
|
||||
$oembed = OEmbed::getHTML($data['url'], $data['title']);
|
||||
} catch (Exception $e) {
|
||||
// $oembed isn't modified
|
||||
}
|
||||
}
|
||||
|
||||
if (strstr(strtolower($oembed), "<iframe ")) {
|
||||
if (stripos($oembed, "<iframe ") !== false) {
|
||||
$text = $oembed;
|
||||
} else {
|
||||
if (($data["image"] != "") && !strstr(strtolower($oembed), "<img ")) {
|
||||
|
@ -100,7 +110,7 @@ function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
|
|||
$text .= '</span>';
|
||||
}
|
||||
}
|
||||
return trim($data["text"].' '.$text.' '.$data["after"]);
|
||||
return trim($data["text"] . ' ' . $text . ' ' . $data["after"]);
|
||||
}
|
||||
|
||||
function bb_remove_share_information($Text, $plaintext = false, $nolink = false) {
|
||||
|
@ -223,32 +233,6 @@ function stripcode_br_cb($s) {
|
|||
return '[code]' . str_replace('<br />', '', $s[1]) . '[/code]';
|
||||
}
|
||||
|
||||
function tryoembed($match) {
|
||||
$url = $match[1];
|
||||
|
||||
// Always embed the SSL version
|
||||
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
|
||||
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
|
||||
|
||||
$o = OEmbed::fetchURL($url);
|
||||
|
||||
if (!is_object($o)) {
|
||||
return $match[0];
|
||||
}
|
||||
|
||||
if (isset($match[2])) {
|
||||
$o->title = $match[2];
|
||||
}
|
||||
|
||||
if ($o->type == "error") {
|
||||
return $match[0];
|
||||
}
|
||||
|
||||
$html = OEmbed::formatObject($o);
|
||||
|
||||
return $html;
|
||||
}
|
||||
|
||||
/*
|
||||
* [noparse][i]italic[/i][/noparse] turns into
|
||||
* [noparse][ i ]italic[ /i ][/noparse],
|
||||
|
@ -432,6 +416,16 @@ function bb_replace_images($body, $images) {
|
|||
return $newbody;
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes [share] tags
|
||||
*
|
||||
* Note: Can produce a [bookmark] tag in the output
|
||||
*
|
||||
* @brief Processes [share] tags
|
||||
* @param array $share preg_match_callback result array
|
||||
* @param bool|int $simplehtml
|
||||
* @return string
|
||||
*/
|
||||
function bb_ShareAttributes($share, $simplehtml)
|
||||
{
|
||||
$attributes = $share[2];
|
||||
|
@ -520,7 +514,6 @@ function bb_ShareAttributes($share, $simplehtml)
|
|||
}
|
||||
|
||||
$preshare = trim($share[1]);
|
||||
|
||||
if ($preshare != "") {
|
||||
$preshare .= "<br /><br />";
|
||||
}
|
||||
|
@ -541,7 +534,7 @@ function bb_ShareAttributes($share, $simplehtml)
|
|||
$text .= "<hr />";
|
||||
}
|
||||
|
||||
if (substr(normalise_link($link), 0, 19) != "http://twitter.com/") {
|
||||
if (stripos(normalise_link($link), 'http://twitter.com/') === 0) {
|
||||
$text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />";
|
||||
|
||||
if ($link != "") {
|
||||
|
@ -586,6 +579,16 @@ function bb_ShareAttributes($share, $simplehtml)
|
|||
}
|
||||
break;
|
||||
default:
|
||||
// Transforms quoted tweets in rich attachments to avoid nested tweets
|
||||
if (stripos(normalise_link($link), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($link)) {
|
||||
try {
|
||||
$oembed = OEmbed::getHTML($link, $preshare);
|
||||
} catch (Exception $e) {
|
||||
$oembed = sprintf('[bookmark=%s]%s[/bookmark]', $link, $preshare);
|
||||
}
|
||||
|
||||
$text = $preshare . $oembed;
|
||||
} else {
|
||||
$text = trim($share[1]) . "\n";
|
||||
|
||||
$avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
|
||||
|
@ -598,8 +601,8 @@ function bb_ShareAttributes($share, $simplehtml)
|
|||
'$link' => $link,
|
||||
'$posted' => $posted,
|
||||
'$content' => trim($share[3])
|
||||
)
|
||||
);
|
||||
));
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@ use dba;
|
|||
use DOMDocument;
|
||||
use DOMXPath;
|
||||
use DOMNode;
|
||||
use Exception;
|
||||
|
||||
require_once 'include/dba.php';
|
||||
require_once 'mod/proxy.php';
|
||||
|
@ -160,8 +161,8 @@ class OEmbed
|
|||
public static function formatObject($j)
|
||||
{
|
||||
$embedurl = $j->embedurl;
|
||||
$jhtml = self::iframe($j->embedurl, (isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null));
|
||||
$ret = "<span class='oembed " . $j->type . "'>";
|
||||
$jhtml = $j->html;
|
||||
$ret = '<div class="oembed ' . $j->type . '">';
|
||||
switch ($j->type) {
|
||||
case "video":
|
||||
if (isset($j->thumbnail_url)) {
|
||||
|
@ -173,7 +174,7 @@ class OEmbed
|
|||
$th = 120;
|
||||
$tw = $th * $tr;
|
||||
$tpl = get_markup_template('oembed_video.tpl');
|
||||
$ret.=replace_macros($tpl, array(
|
||||
$ret .= replace_macros($tpl, array(
|
||||
'$baseurl' => System::baseUrl(),
|
||||
'$embedurl' => $embedurl,
|
||||
'$escapedhtml' => base64_encode($jhtml),
|
||||
|
@ -184,33 +185,32 @@ class OEmbed
|
|||
} else {
|
||||
$ret = $jhtml;
|
||||
}
|
||||
//$ret.="<br>";
|
||||
break;
|
||||
case "photo":
|
||||
$ret.= "<img width='" . $j->width . "' src='" . proxy_url($j->url) . "'>";
|
||||
$ret .= '<img width="' . $j->width . '" src="' . proxy_url($j->url) . '">';
|
||||
break;
|
||||
case "link":
|
||||
break;
|
||||
case "rich":
|
||||
// not so safe..
|
||||
if (self::isAllowedURL($embedurl)) {
|
||||
$ret .= proxy_parse_html($jhtml);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
$ret .= '</div>';
|
||||
// add link to source if not present in "rich" type
|
||||
if ($j->type != 'rich' || !strpos($j->html, $embedurl)) {
|
||||
$ret .= "<h4>";
|
||||
$ret .= '<h4>';
|
||||
if (isset($j->title)) {
|
||||
if (isset($j->provider_name)) {
|
||||
$ret .= $j->provider_name . ": ";
|
||||
}
|
||||
|
||||
$embedlink = (isset($j->title)) ? $j->title : $embedurl;
|
||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>";
|
||||
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
|
||||
if (isset($j->author_name)) {
|
||||
$ret.=" (" . $j->author_name . ")";
|
||||
$ret .= ' (' . $j->author_name . ')';
|
||||
}
|
||||
} elseif (isset($j->provider_name) || isset($j->author_name)) {
|
||||
$embedlink = "";
|
||||
|
@ -229,16 +229,14 @@ class OEmbed
|
|||
$embedlink = $embedurl;
|
||||
}
|
||||
|
||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedlink</a>";
|
||||
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $embedlink . '</a>';
|
||||
}
|
||||
//if (isset($j->author_name)) $ret.=" by ".$j->author_name;
|
||||
//if (isset($j->provider_name)) $ret.=" on ".$j->provider_name;
|
||||
$ret .= "</h4>";
|
||||
} else {
|
||||
} elseif (!strpos($j->html, $embedurl)) {
|
||||
// add <a> for html2bbcode conversion
|
||||
$ret .= "<a href='$embedurl' rel='oembed'>$embedurl</a>";
|
||||
$ret .= '<a href="' . $embedurl . '" rel="oembed">' . $j->title . '</a>';
|
||||
}
|
||||
$ret.="</span>";
|
||||
|
||||
$ret = str_replace("\n", "", $ret);
|
||||
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
||||
}
|
||||
|
@ -272,7 +270,7 @@ class OEmbed
|
|||
$xpath = new DOMXPath($dom);
|
||||
|
||||
$xattr = self::buildXPath("class", "oembed");
|
||||
$entries = $xpath->query("//span[$xattr]");
|
||||
$entries = $xpath->query("//div[$xattr]");
|
||||
|
||||
$xattr = "@rel='oembed'"; //oe_build_xpath("rel","oembed");
|
||||
foreach ($entries as $e) {
|
||||
|
@ -287,6 +285,48 @@ class OEmbed
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if rich content OEmbed is allowed for the provided URL
|
||||
*
|
||||
* @brief Determines if rich content OEmbed is allowed for the provided URL
|
||||
* @param string $url
|
||||
* @return boolean
|
||||
*/
|
||||
public static function isAllowedURL($url)
|
||||
{
|
||||
if (!Config::get('system', 'no_oembed_rich_content')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$domain = parse_url($url, PHP_URL_HOST);
|
||||
|
||||
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
||||
$allowed = explode(',', $str_allowed);
|
||||
|
||||
return allowed_domain($domain, $allowed, true);
|
||||
}
|
||||
|
||||
public static function getHTML($url, $title = null)
|
||||
{
|
||||
// Always embed the SSL version
|
||||
$url = str_replace(array("http://www.youtube.com/", "http://player.vimeo.com/"),
|
||||
array("https://www.youtube.com/", "https://player.vimeo.com/"), $url);
|
||||
|
||||
$o = OEmbed::fetchURL($url);
|
||||
|
||||
if (!is_object($o) || $o->type == 'error') {
|
||||
throw new Exception('OEmbed failed for URL: ' . $url);
|
||||
}
|
||||
|
||||
if (x($title)) {
|
||||
$o->title = $title;
|
||||
}
|
||||
|
||||
$html = OEmbed::formatObject($o);
|
||||
|
||||
return $html;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Generates the iframe HTML for an oembed attachment.
|
||||
*
|
||||
|
@ -299,6 +339,8 @@ class OEmbed
|
|||
* Since the iframe is automatically resized on load, there are no need for ugly
|
||||
* and impractical scrollbars.
|
||||
*
|
||||
* @todo This function is currently unused until someone™ adds support for a separate OEmbed domain
|
||||
*
|
||||
* @param string $src Original remote URL to embed
|
||||
* @param string $width
|
||||
* @param string $height
|
||||
|
@ -315,10 +357,7 @@ class OEmbed
|
|||
}
|
||||
$width = '100%';
|
||||
|
||||
// Only proxy OEmbed URLs to avoid mixed-content errors
|
||||
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL && parse_url($src, PHP_URL_SCHEME) !== 'https') {
|
||||
$src = System::baseUrl() . '/oembed/' . base64url_encode($src);
|
||||
}
|
||||
return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>';
|
||||
}
|
||||
|
||||
|
@ -356,24 +395,4 @@ class OEmbed
|
|||
return $innerHTML;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if rich content OEmbed is allowed for the provided URL
|
||||
*
|
||||
* @brief Determines if rich content OEmbed is allowed for the provided URL
|
||||
* @param string $url
|
||||
* @return boolean
|
||||
*/
|
||||
private static function isAllowedURL($url)
|
||||
{
|
||||
if (!Config::get('system', 'no_oembed_rich_content')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$domain = parse_url($url, PHP_URL_HOST);
|
||||
|
||||
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
||||
$allowed = explode(',', $str_allowed);
|
||||
|
||||
return allowed_domain($domain, $allowed, true);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue