From afce790e56ba7cd4c5c049e7c3a9aac20846981e Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Tue, 25 Oct 2011 14:59:31 +0200 Subject: [PATCH] oembed: wrap in iframe only html from remote service --- include/bbcode.php | 2 +- include/oembed.php | 12 ++-- js/webtoolkit.base64.js | 142 ++++++++++++++++++++++++++++++++++++++++ view/oembed_video.tpl | 2 +- 4 files changed, 150 insertions(+), 8 deletions(-) create mode 100644 js/webtoolkit.base64.js diff --git a/include/bbcode.php b/include/bbcode.php index e20b2478d3..d7b64c0cf1 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -19,7 +19,7 @@ function tryoembed($match){ if ($o->type=="error") return $match[0]; $html = oembed_format_object($o); - return oembed_iframe($html,$o->width,$o->height); + return $html; //oembed_iframe($html,$o->width,$o->height); } diff --git a/include/oembed.php b/include/oembed.php index 71b62b839d..3e86627e4d 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -4,7 +4,7 @@ function oembed_replacecb($matches){ $embedurl=$matches[1]; $j = oembed_fetch_url($embedurl); $s = oembed_format_object($j); - return oembed_iframe($s,$j->width,$j->height); + return $s;//oembed_iframe($s,$j->width,$j->height); } @@ -56,6 +56,7 @@ function oembed_fetch_url($embedurl){ function oembed_format_object($j){ $embedurl = $j->embedurl; + $jhtml = oembed_iframe($j->html,$j->width,$j->height ); $ret=""; switch ($j->type) { case "video": { @@ -68,14 +69,14 @@ function oembed_format_object($j){ $tpl=get_markup_template('oembed_video.tpl'); $ret.=replace_macros($tpl, array( '$embedurl'=>$embedurl, - '$escapedhtml'=>urlencode($j->html), + '$escapedhtml'=>base64_encode($jhtml), '$tw'=>$tw, '$th'=>$th, '$turl'=>$j->thumbnail_url, )); } else { - $ret=$j->html; + $ret=$jhtml; } $ret.="
"; }; break; @@ -88,12 +89,12 @@ function oembed_format_object($j){ }; break; case "rich": { // not so safe.. - $ret.= $j->html; + $ret.= $jhtml; }; break; } // add link to source if not present in "rich" type - if ( $j->type!='rich' || !strpos($ret,$embedurl) ){ + if ( $j->type!='rich' || !strpos($j->html,$embedurl) ){ $embedlink = (isset($j->title))?$j->title:$embedurl; $ret .= "$embedlink"; if (isset($j->author_name)) $ret.=" by ".$j->author_name; @@ -107,7 +108,6 @@ function oembed_format_object($j){ } function oembed_iframe($src,$width,$height) { - if(! $width || strstr($width,'%')) $width = '640'; if(! $height || strstr($height,'%')) diff --git a/js/webtoolkit.base64.js b/js/webtoolkit.base64.js new file mode 100644 index 0000000000..5fa3c1ed7b --- /dev/null +++ b/js/webtoolkit.base64.js @@ -0,0 +1,142 @@ +/** +* +* Base64 encode / decode +* http://www.webtoolkit.info/ +* +**/ + +var Base64 = { + + // private property + _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", + + // public method for encoding + encode : function (input) { + var output = ""; + var chr1, chr2, chr3, enc1, enc2, enc3, enc4; + var i = 0; + + input = Base64._utf8_encode(input); + + while (i < input.length) { + + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + + enc1 = chr1 >> 2; + enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); + enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); + enc4 = chr3 & 63; + + if (isNaN(chr2)) { + enc3 = enc4 = 64; + } else if (isNaN(chr3)) { + enc4 = 64; + } + + output = output + + this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) + + this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4); + + } + + return output; + }, + + // public method for decoding + decode : function (input) { + var output = ""; + var chr1, chr2, chr3; + var enc1, enc2, enc3, enc4; + var i = 0; + + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + + while (i < input.length) { + + enc1 = this._keyStr.indexOf(input.charAt(i++)); + enc2 = this._keyStr.indexOf(input.charAt(i++)); + enc3 = this._keyStr.indexOf(input.charAt(i++)); + enc4 = this._keyStr.indexOf(input.charAt(i++)); + + chr1 = (enc1 << 2) | (enc2 >> 4); + chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); + chr3 = ((enc3 & 3) << 6) | enc4; + + output = output + String.fromCharCode(chr1); + + if (enc3 != 64) { + output = output + String.fromCharCode(chr2); + } + if (enc4 != 64) { + output = output + String.fromCharCode(chr3); + } + + } + + output = Base64._utf8_decode(output); + + return output; + + }, + + // private method for UTF-8 encoding + _utf8_encode : function (string) { + string = string.replace(/\r\n/g,"\n"); + var utftext = ""; + + for (var n = 0; n < string.length; n++) { + + var c = string.charCodeAt(n); + + if (c < 128) { + utftext += String.fromCharCode(c); + } + else if((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } + else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + + } + + return utftext; + }, + + // private method for UTF-8 decoding + _utf8_decode : function (utftext) { + var string = ""; + var i = 0; + var c = c1 = c2 = 0; + + while ( i < utftext.length ) { + + c = utftext.charCodeAt(i); + + if (c < 128) { + string += String.fromCharCode(c); + i++; + } + else if((c > 191) && (c < 224)) { + c2 = utftext.charCodeAt(i+1); + string += String.fromCharCode(((c & 31) << 6) | (c2 & 63)); + i += 2; + } + else { + c2 = utftext.charCodeAt(i+1); + c3 = utftext.charCodeAt(i+2); + string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)); + i += 3; + } + + } + + return string; + } + +} diff --git a/view/oembed_video.tpl b/view/oembed_video.tpl index 29b5149ba2..5824d8d4e8 100644 --- a/view/oembed_video.tpl +++ b/view/oembed_video.tpl @@ -1,4 +1,4 @@ - +