diff --git a/include/bbcode.php b/include/bbcode.php index 3e82f90a16..ab599e7c91 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -586,8 +586,8 @@ function bb_ShareAttributes($share, $simplehtml) } break; default: - // Transforms quoted tweets in rich attachments to avoid nested tweetsx - if (stripos(normalise_link($link), 'http://twitter.com/') === 0) { + // Transforms quoted tweets in rich attachments to avoid nested tweets + if (stripos(normalise_link($link), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($link)) { $bookmark = array(sprintf('[bookmark=%s]%s[/bookmark]', $link, $preshare), $link, $preshare); $text = $preshare . tryoembed($bookmark); } else { diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php index 0095d2b3cb..4aaae4d5dc 100644 --- a/src/Content/OEmbed.php +++ b/src/Content/OEmbed.php @@ -284,6 +284,27 @@ class OEmbed } } + /** + * Determines if rich content OEmbed is allowed for the provided URL + * + * @brief Determines if rich content OEmbed is allowed for the provided URL + * @param string $url + * @return boolean + */ + public static function isAllowedURL($url) + { + if (!Config::get('system', 'no_oembed_rich_content')) { + return true; + } + + $domain = parse_url($url, PHP_URL_HOST); + + $str_allowed = Config::get('system', 'allowed_oembed', ''); + $allowed = explode(',', $str_allowed); + + return allowed_domain($domain, $allowed, true); + } + /** * @brief Generates the iframe HTML for an oembed attachment. * @@ -352,24 +373,4 @@ class OEmbed return $innerHTML; } - /** - * Determines if rich content OEmbed is allowed for the provided URL - * - * @brief Determines if rich content OEmbed is allowed for the provided URL - * @param string $url - * @return boolean - */ - private static function isAllowedURL($url) - { - if (!Config::get('system', 'no_oembed_rich_content')) { - return true; - } - - $domain = parse_url($url, PHP_URL_HOST); - - $str_allowed = Config::get('system', 'allowed_oembed', ''); - $allowed = explode(',', $str_allowed); - - return allowed_domain($domain, $allowed, true); - } }