From 0927bb5f2c50a8927d774df94c44a1bc8acac7a9 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 8 Feb 2021 02:03:48 -0500
Subject: [PATCH] Harden OEmbed link discovery

- Check OEmbed call return code before storing response
- Stop at first successful OEmbed response
---
 src/Content/OEmbed.php | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php
index 355dda3fc1..3afa36904a 100644
--- a/src/Content/OEmbed.php
+++ b/src/Content/OEmbed.php
@@ -98,21 +98,19 @@ class OEmbed
 				// try oembed autodiscovery
 				$html_text = DI::httpRequest()->fetch($embedurl, 15, 'text/*');
 				if ($html_text) {
-					$dom = @DOMDocument::loadHTML($html_text);
-					if ($dom) {
+					$dom = new DOMDocument();
+					if ($dom->loadHTML($html_text)) {
 						$xpath = new DOMXPath($dom);
-						$entries = $xpath->query("//link[@type='application/json+oembed']");
-						foreach ($entries as $e) {
-							$href = $e->getAttributeNode('href')->nodeValue;
-							$json_string = DI::httpRequest()->fetch($href . '&maxwidth=' . $a->videowidth);
-							break;
-						}
-
-						$entries = $xpath->query("//link[@type='text/json+oembed']");
-						foreach ($entries as $e) {
-							$href = $e->getAttributeNode('href')->nodeValue;
-							$json_string = DI::httpRequest()->fetch($href . '&maxwidth=' . $a->videowidth);
-							break;
+						foreach (
+							$xpath->query("//link[@type='application/json+oembed'] | //link[@type='text/json+oembed']")
+							as $link)
+						{
+							$href = $link->getAttributeNode('href')->nodeValue;
+							$result = DI::httpRequest()->fetchFull($href . '&maxwidth=' . $a->videowidth);
+							if ($result->getReturnCode() === 200) {
+								$json_string = $result->getBody();
+								break;
+							}
 						}
 					}
 				}