fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

Always format media filter prefixes in exactly the same way

Browse source
This commit is contained in:
Kijin Sung 2016-03-14 16:07:40 +09:00
parent 6944b64643
commit 251b43cd00
2 changed files with 24 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

28
common/framework/security/mediafilter.php
View file

@ -27,7 +27,7 @@ class MediaFilter
self::_loadWhitelists(); self::_loadWhitelists();
} }
$prefix = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; $prefix = self::formatPrefix($prefix);
if (!in_array($prefix, self::$_iframe_whitelist)) if (!in_array($prefix, self::$_iframe_whitelist))
{ {
self::$_iframe_whitelist[] = $prefix; self::$_iframe_whitelist[] = $prefix;
@ -55,7 +55,7 @@ class MediaFilter
self::_loadWhitelists(); self::_loadWhitelists();
} }
$prefix = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; $prefix = self::formatPrefix($prefix);
if (!in_array($prefix, self::$_object_whitelist)) if (!in_array($prefix, self::$_object_whitelist))
{ {
self::$_object_whitelist[] = $prefix; self::$_object_whitelist[] = $prefix;
@ -69,6 +69,22 @@ class MediaFilter
} }
} }
/**
* Format a prefix for standardization.
*
* @param string $prefix
* @return string
*/
public static function formatPrefix($prefix)
{
$prefix = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
if (strpos($prefix, '/') === false)
{
$prefix .= '/';
}
return $prefix;
}
/** /**
* Get the iframe whitelist. * Get the iframe whitelist.
* *
@ -195,11 +211,11 @@ class MediaFilter
} }
foreach ($custom_whitelist['iframe'] as $prefix) foreach ($custom_whitelist['iframe'] as $prefix)
{ {
self::$_iframe_whitelist[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; self::$_iframe_whitelist[] = self::formatPrefix($prefix);
} }
foreach ($custom_whitelist['object'] as $prefix) foreach ($custom_whitelist['object'] as $prefix)
{ {
self::$_object_whitelist[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; self::$_object_whitelist[] = self::formatPrefix($prefix);
} }
} }
else else
@ -216,14 +232,14 @@ class MediaFilter
{ {
foreach ($iframe_whitelist as $prefix) foreach ($iframe_whitelist as $prefix)
{ {
self::$_iframe_whitelist[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; self::$_iframe_whitelist[] = self::formatPrefix($prefix);
} }
} }
if ($object_whitelist = config('mediafilter.object') ?: config('embedfilter.object')) if ($object_whitelist = config('mediafilter.object') ?: config('embedfilter.object'))
{ {
foreach ($object_whitelist as $prefix) foreach ($object_whitelist as $prefix)
{ {
self::$_object_whitelist[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix; self::$_object_whitelist[] = self::formatPrefix($prefix);
} }
} }
} }

4
modules/admin/admin.admin.controller.php
View file

@ -561,7 +561,7 @@ class adminAdminController extends admin
return $item !== ''; return $item !== '';
}); });
$iframe_whitelist = array_unique(array_map(function($item) { $iframe_whitelist = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return Rhymix\Framework\Security\MediaFilter::formatPrefix($item);
}, $iframe_whitelist)); }, $iframe_whitelist));
natcasesort($iframe_whitelist); natcasesort($iframe_whitelist);
Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist)); Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist));
@ -572,7 +572,7 @@ class adminAdminController extends admin
return $item !== ''; return $item !== '';
}); });
$object_whitelist = array_unique(array_map(function($item) { $object_whitelist = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item; return Rhymix\Framework\Security\MediaFilter::formatPrefix($item);
}, $object_whitelist)); }, $object_whitelist));
natcasesort($object_whitelist); natcasesort($object_whitelist);
Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist)); Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist));