From 6944b6464372d617322fc282c8bfd4d7e7e04428 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 14 Mar 2016 16:02:21 +0900
Subject: [PATCH] Add wildcard support and customization method to media filter

---
 common/framework/security/mediafilter.php     | 60 ++++++++++++++++++-
 .../framework/security/MediaFilterTest.php    | 11 ++++
 2 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/common/framework/security/mediafilter.php b/common/framework/security/mediafilter.php
index 4460b0899..362bf03f3 100644
--- a/common/framework/security/mediafilter.php
+++ b/common/framework/security/mediafilter.php
@@ -13,6 +13,62 @@ class MediaFilter
 	protected static $_iframe_whitelist;
 	protected static $_object_whitelist;
 	
+	/**
+	 * Add a prefix to the iframe whitelist.
+	 * 
+	 * @param string $prefix
+	 * @parsm bool $permanently
+	 * @return void
+	 */
+	public static function addIframePrefix($prefix, $permanently = false)
+	{
+		if (!count(self::$_iframe_whitelist))
+		{
+			self::_loadWhitelists();
+		}
+		
+		$prefix = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+		if (!in_array($prefix, self::$_iframe_whitelist))
+		{
+			self::$_iframe_whitelist[] = $prefix;
+			natcasesort(self::$_iframe_whitelist);
+			
+			if ($permanently)
+			{
+				\Rhymix\Framework\Config::set('mediafilter.iframe', self::$_iframe_whitelist);
+				\Rhymix\Framework\Config::save();
+			}
+		}
+	}
+	
+	/**
+	 * Add a prefix to the object whitelist.
+	 * 
+	 * @param string $prefix
+	 * @parsm bool $permanently
+	 * @return void
+	 */
+	public static function addObjectPrefix($prefix, $permanently = false)
+	{
+		if (!count(self::$_object_whitelist))
+		{
+			self::_loadWhitelists();
+		}
+		
+		$prefix = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
+		if (!in_array($prefix, self::$_object_whitelist))
+		{
+			self::$_object_whitelist[] = $prefix;
+			natcasesort(self::$_object_whitelist);
+			
+			if ($permanently)
+			{
+				\Rhymix\Framework\Config::set('mediafilter.object', self::$_object_whitelist);
+				\Rhymix\Framework\Config::save();
+			}
+		}
+	}
+	
 	/**
 	 * Get the iframe whitelist.
 	 * 
@@ -41,7 +97,7 @@ class MediaFilter
 		$result = array();
 		foreach(self::$_iframe_whitelist as $domain)
 		{
-			$result[] = preg_quote($domain, '%');
+			$result[] = str_replace('\*\.', '[a-z0-9-]+\.', preg_quote($domain, '%'));
 		}
 		return '%^https?://(' . implode('|', $result) . ')%';
 	}
@@ -74,7 +130,7 @@ class MediaFilter
 		$result = array();
 		foreach(self::$_object_whitelist as $domain)
 		{
-			$result[] = preg_quote($domain, '%');
+			$result[] = str_replace('\*\.', '[a-z0-9-]+\.', preg_quote($domain, '%'));
 		}
 		return '%^https?://(' . implode('|', $result) . ')%';
 	}
diff --git a/tests/unit/framework/security/MediaFilterTest.php b/tests/unit/framework/security/MediaFilterTest.php
index 920ad2fd7..404bc0a4c 100644
--- a/tests/unit/framework/security/MediaFilterTest.php
+++ b/tests/unit/framework/security/MediaFilterTest.php
@@ -29,6 +29,17 @@ class MediaFilterTest extends \Codeception\TestCase\Test
 		$this->assertFalse(Rhymix\Framework\Security\MediaFilter::matchObjectWhitelist('http://www-youtube.com/v'));
 	}
 	
+	public function testAddPrefix()
+	{
+		$this->assertFalse(Rhymix\Framework\Security\MediaFilter::matchIframeWhitelist('http://some.custom.website.com/video.mp4'));
+		Rhymix\Framework\Security\MediaFilter::addIframePrefix('*.custom.website.com/');
+		$this->assertTrue(Rhymix\Framework\Security\MediaFilter::matchIframeWhitelist('http://some.custom.website.com/video.mp4'));
+		
+		$this->assertFalse(Rhymix\Framework\Security\MediaFilter::matchObjectWhitelist('http://some.custom.website.com/video.mp4'));
+		Rhymix\Framework\Security\MediaFilter::addObjectPrefix('*.custom.website.com/');
+		$this->assertTrue(Rhymix\Framework\Security\MediaFilter::matchObjectWhitelist('http://some.custom.website.com/video.mp4'));
+	}
+	
 	public function testRemoveEmbeddedMedia()
 	{
 		$tests = array(