Merge pull request #4167 from MrPetovan/bug/4155-remove-proxy-oembed

Add settings for OEmbed

doc/htconfig.md

@@ -65,7 +65,6 @@ Example: To set the directory value please add this line to your .htconfig.php:
 * **memcache_port** - Portnumber of the memcache daemon. Default is 11211.
 * **no_count** (Boolean) - Don't do count calculations (currently only when showing albums)
 * **no_oembed** (Boolean) - Don't use OEmbed to fetch more information about a link.
-* **no_oembed_rich_content** (Boolean) - Don't show the rich content (e.g. embedded PDF).
 * **no_smilies** (Boolean) - Don't show smilies.
 * **no_view_full_size** (Boolean) - Don't add the link "View full size" under a resized image.
 * **optimize_items** (Boolean) - Triggers an SQL command to optimize the item table before expiring items.

include/items.php

@@ -3,7 +3,6 @@
  * @file include/items.php
  */
 use Friendica\App;
-use Friendica\ParseUrl;
 use Friendica\Content\Feature;
 use Friendica\Core\Config;
 use Friendica\Core\PConfig;
@@ -18,6 +17,7 @@ use Friendica\Object\Image;
 use Friendica\Protocol\DFRN;
 use Friendica\Protocol\OStatus;
 use Friendica\Protocol\Feed;
+use Friendica\Util\ParseUrl;
 
 require_once 'include/bbcode.php';
 require_once 'include/tags.php';

include/network.php

@@ -615,24 +615,37 @@ function allowed_email($email)
 		return false;
 	}
 
-	$str_allowed = Config::get('system', 'allowed_email');
-	if (! $str_allowed) {
-		return true;
-	}
-
-	$found = false;
-
-	$fnmatch = function_exists('fnmatch');
+	$str_allowed = Config::get('system', 'allowed_email', '');
 	$allowed = explode(',', $str_allowed);
 
-	if (count($allowed)) {
-		foreach ($allowed as $a) {
-			$pat = strtolower(trim($a));
-			if (($fnmatch && fnmatch($pat, $domain)) || ($pat == $domain)) {
+	return allowed_domain($domain, $allowed);
+}
+
+/**
+ * Checks for the existence of a domain in a domain list
+ *
+ * If strict is not set, an empty domain list counts as found
+ *
+ * @brief Checks for the existence of a domain in a domain list
+ * @param string $domain
+ * @param array $domain_list
+ * @param bool   $strict
+ * @return boolean
+ */
+function allowed_domain($domain, array $domain_list, $strict = false)
+{
+	$found = false;
+
+	if (count($domain_list)) {
+		foreach ($domain_list as $item) {
+			$pat = strtolower(trim($item));
+			if (fnmatch($pat, $domain) || ($pat == $domain)) {
 				$found = true;
 				break;
 			}
 		}
+	} elseif(!$strict) {
+		$found = true;
 	}
 	return $found;
 }

include/plaintext.php

@@ -3,9 +3,9 @@
  * @file include/plaintext.php
  */
 use Friendica\App;
-use Friendica\ParseUrl;
 use Friendica\Core\PConfig;
 use Friendica\Object\Image;
+use Friendica\Util\ParseUrl;
 
 require_once "include/bbcode.php";
 require_once "include/html2plain.php";

mod/admin.php

@@ -908,6 +908,8 @@ function admin_page_site_post(App $a)
 
 	$allowed_sites		=	((x($_POST,'allowed_sites'))		? notags(trim($_POST['allowed_sites']))		: '');
 	$allowed_email		=	((x($_POST,'allowed_email'))		? notags(trim($_POST['allowed_email']))		: '');
+	$no_oembed_rich_content = x($_POST,'no_oembed_rich_content');
+	$allowed_oembed		=	((x($_POST,'allowed_embed'))		? notags(trim($_POST['allowed_embed']))		: '');
 	$block_public		=	((x($_POST,'block_public'))		? True						: False);
 	$force_publish		=	((x($_POST,'publish_all'))		? True						: False);
 	$global_directory	=	((x($_POST,'directory'))		? notags(trim($_POST['directory']))		: '');
@@ -1064,6 +1066,8 @@ function admin_page_site_post(App $a)
 	Config::set('config', 'register_text', $register_text);
 	Config::set('system', 'allowed_sites', $allowed_sites);
 	Config::set('system', 'allowed_email', $allowed_email);
+	Config::set('system', 'no_oembed_rich_content', $no_oembed_rich_content);
+	Config::set('system', 'allowed_oembed', $allowed_oembed);
 	Config::set('system', 'block_public', $block_public);
 	Config::set('system', 'publish_all', $force_publish);
 	Config::set('system', 'newuser_private', $newuser_private);
@@ -1302,6 +1306,8 @@ function admin_page_site(App $a)
 		'$abandon_days'		=> array('abandon_days', t('Accounts abandoned after x days'), Config::get('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
 		'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), Config::get('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
 		'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), Config::get('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
+		'$no_oembed_rich_content' => array('no_oembed_rich_content', t("No OEmbed rich content"), Config::get('system','no_oembed_rich_content'), t("Don't show the rich content (e.g. embedded PDF), except from the domains listed below.")),
+		'$allowed_oembed'	=> array('allowed_oembed', t("Allowed OEmbed domains"), Config::get('system','allowed_oembed'), t("Comma separated list of domains which oembed content is allowed to be displayed. Wildcards are accepted.")),
 		'$block_public'		=> array('block_public', t("Block public"), Config::get('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")),
 		'$force_publish'	=> array('publish_all', t("Force publish"), Config::get('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
 		'$global_directory'	=> array('directory', t("Global directory URL"), Config::get('system','directory'), t("URL to the global directory. If this is not set, the global directory is completely unavailable to the application.")),

mod/parse_url.php

@@ -11,7 +11,7 @@
 */
 
 use Friendica\App;
-use Friendica\ParseUrl;
+use Friendica\Util\ParseUrl;
 
 require_once("include/items.php");
 

src/Content/OEmbed.php

@@ -8,9 +8,9 @@ namespace Friendica\Content;
 
 use Friendica\Core\Cache;
 use Friendica\Core\System;
-use Friendica\ParseUrl;
 use Friendica\Core\Config;
 use Friendica\Database\DBM;
+use Friendica\Util\ParseUrl;
 use dba;
 use DOMDocument;
 use DOMXPath;
@@ -193,8 +193,8 @@ class OEmbed
 				break;
 			case "rich":
 				// not so safe..
-				if (!Config::get("system", "no_oembed_rich_content")) {
-					$ret.= proxy_parse_html($jhtml);
+				if (self::isAllowedURL($embedurl)) {
+					$ret .= proxy_parse_html($jhtml);
 				}
 				break;
 		}
@@ -315,7 +315,10 @@ class OEmbed
 		}
 		$width = '100%';
 
-		$s = System::baseUrl() . '/oembed/' . base64url_encode($src);
+		// Only proxy OEmbed URLs to avoid mixed-content errors
+		if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL && parse_url($src, PHP_URL_SCHEME) !== 'https') {
+			$src = System::baseUrl() . '/oembed/' . base64url_encode($src);
+		}
 		return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $s . '" allowfullscreen scrolling="no" frameborder="no">' . t('Embedded content') . '</iframe>';
 	}
 
@@ -352,4 +355,25 @@ class OEmbed
 		}
 		return $innerHTML;
 	}
+
+	/**
+	 * Determines if rich content OEmbed is allowed for the provided URL
+	 *
+	 * @brief Determines if rich content OEmbed is allowed for the provided URL
+	 * @param string $url
+	 * @return boolean
+	 */
+	private static function isAllowedURL($url)
+	{
+		if (!Config::get('system', 'no_oembed_rich_content')) {
+			return true;
+		}
+
+		$domain = parse_url($url, PHP_URL_HOST);
+
+		$str_allowed = Config::get('system', 'allowed_oembed', '');
+		$allowed = explode(',', $str_allowed);
+
+		return allowed_domain($domain, $allowed, true);
+	}
 }

src/Util/ParseUrl.php

@@ -1,9 +1,9 @@
 <?php
 /**
- * @file include/ParseUrl.php
+ * @file src/Util/ParseUrl.php
  * @brief Get informations about a given URL
  */
-namespace Friendica;
+namespace Friendica\Util;
 
 use Friendica\Content\OEmbed;
 use Friendica\Object\Image;

vendor/composer/autoload_classmap.php

@@ -31,8 +31,6 @@ return array(
     'Friendica\\Model\\Profile' => $baseDir . '/src/Model/Profile.php',
     'Friendica\\Model\\User' => $baseDir . '/src/Model/User.php',
     'Friendica\\Module\\Feed' => $baseDir . '/src/Module/Feed.php',
-    'Friendica\\Module\\Login' => $baseDir . '/src/Module/Login.php',
-    'Friendica\\Module\\Logout' => $baseDir . '/src/Module/Logout.php',
     'Friendica\\Module\\Oembed' => $baseDir . '/src/Module/Oembed.php',
     'Friendica\\Network\\FKOAuth1' => $baseDir . '/src/Network/FKOAuth1.php',
     'Friendica\\Network\\FKOAuthDataStore' => $baseDir . '/src/Network/FKOAuthDataStore.php',
@@ -61,7 +59,6 @@ return array(
     'Friendica\\Object\\Image' => $baseDir . '/src/Object/Image.php',
     'Friendica\\Object\\Post' => $baseDir . '/src/Object/Post.php',
     'Friendica\\Object\\Thread' => $baseDir . '/src/Object/Thread.php',
-    'Friendica\\ParseUrl' => $baseDir . '/src/ParseUrl.php',
     'Friendica\\Protocol\\DFRN' => $baseDir . '/src/Protocol/DFRN.php',
     'Friendica\\Protocol\\Diaspora' => $baseDir . '/src/Protocol/Diaspora.php',
     'Friendica\\Protocol\\Email' => $baseDir . '/src/Protocol/Email.php',
@@ -75,6 +72,7 @@ return array(
     'Friendica\\Util\\ExAuth' => $baseDir . '/src/Util/ExAuth.php',
     'Friendica\\Util\\Lock' => $baseDir . '/src/Util/Lock.php',
     'Friendica\\Util\\Map' => $baseDir . '/src/Util/Map.php',
+    'Friendica\\Util\\ParseUrl' => $baseDir . '/src/Util/ParseUrl.php',
     'Friendica\\Util\\PidFile' => $baseDir . '/src/Util/Pidfile.php',
     'Friendica\\Util\\XML' => $baseDir . '/src/Util/XML.php',
     'Friendica\\Worker\\CheckVersion' => $baseDir . '/src/Worker/CheckVersion.php',

vendor/composer/autoload_static.php

@@ -84,8 +84,6 @@ class ComposerStaticInitFriendica
         'Friendica\\Model\\Profile' => __DIR__ . '/../..' . '/src/Model/Profile.php',
         'Friendica\\Model\\User' => __DIR__ . '/../..' . '/src/Model/User.php',
         'Friendica\\Module\\Feed' => __DIR__ . '/../..' . '/src/Module/Feed.php',
-        'Friendica\\Module\\Login' => __DIR__ . '/../..' . '/src/Module/Login.php',
-        'Friendica\\Module\\Logout' => __DIR__ . '/../..' . '/src/Module/Logout.php',
         'Friendica\\Module\\Oembed' => __DIR__ . '/../..' . '/src/Module/Oembed.php',
         'Friendica\\Network\\FKOAuth1' => __DIR__ . '/../..' . '/src/Network/FKOAuth1.php',
         'Friendica\\Network\\FKOAuthDataStore' => __DIR__ . '/../..' . '/src/Network/FKOAuthDataStore.php',
@@ -114,7 +112,6 @@ class ComposerStaticInitFriendica
         'Friendica\\Object\\Image' => __DIR__ . '/../..' . '/src/Object/Image.php',
         'Friendica\\Object\\Post' => __DIR__ . '/../..' . '/src/Object/Post.php',
         'Friendica\\Object\\Thread' => __DIR__ . '/../..' . '/src/Object/Thread.php',
-        'Friendica\\ParseUrl' => __DIR__ . '/../..' . '/src/ParseUrl.php',
         'Friendica\\Protocol\\DFRN' => __DIR__ . '/../..' . '/src/Protocol/DFRN.php',
         'Friendica\\Protocol\\Diaspora' => __DIR__ . '/../..' . '/src/Protocol/Diaspora.php',
         'Friendica\\Protocol\\Email' => __DIR__ . '/../..' . '/src/Protocol/Email.php',
@@ -128,6 +125,7 @@ class ComposerStaticInitFriendica
         'Friendica\\Util\\ExAuth' => __DIR__ . '/../..' . '/src/Util/ExAuth.php',
         'Friendica\\Util\\Lock' => __DIR__ . '/../..' . '/src/Util/Lock.php',
         'Friendica\\Util\\Map' => __DIR__ . '/../..' . '/src/Util/Map.php',
+        'Friendica\\Util\\ParseUrl' => __DIR__ . '/../..' . '/src/Util/ParseUrl.php',
         'Friendica\\Util\\PidFile' => __DIR__ . '/../..' . '/src/Util/Pidfile.php',
         'Friendica\\Util\\XML' => __DIR__ . '/../..' . '/src/Util/XML.php',
         'Friendica\\Worker\\CheckVersion' => __DIR__ . '/../..' . '/src/Worker/CheckVersion.php',

view/templates/admin/site.tpl

@@ -78,6 +78,8 @@
 	<h3>{{$corporate}}</h3>
 	{{include file="field_input.tpl" field=$allowed_sites}}
 	{{include file="field_input.tpl" field=$allowed_email}}
+	{{include file="field_checkbox.tpl" field=$no_oembed_rich_content}}
+	{{include file="field_input.tpl" field=$allowed_oembed}}
 	{{include file="field_checkbox.tpl" field=$block_public}}
 	{{include file="field_checkbox.tpl" field=$force_publish}}
 	{{include file="field_select.tpl" field=$community_page_style}}