mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 01:01:41 +09:00
embed whitelist 설정파일에서 XML을 제거하고 http/https를 구분하지 않도록 함
This commit is contained in:
Kijin Sung
parent
002d239137
commit
ca3001141c
3 changed files with 93 additions and 137 deletions
|
|
@ -17,7 +17,7 @@ class EmbedFilter
|
|||
* @var int
|
||||
*/
|
||||
var $allowscriptaccessKey = 0;
|
||||
var $whiteUrlXmlFile = './classes/security/conf/embedWhiteUrl.xml';
|
||||
var $whiteUrlDefaultFile = './classes/security/conf/whitelist.php';
|
||||
var $whiteUrlCacheFile = './files/cache/embedfilter/embedWhiteUrl.php';
|
||||
var $whiteUrlList = array();
|
||||
var $whiteIframeUrlList = array();
|
||||
|
|
@ -495,7 +495,7 @@ class EmbedFilter
|
|||
{
|
||||
foreach($this->whiteUrlList AS $key => $value)
|
||||
{
|
||||
if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
|
||||
if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
|
@ -514,7 +514,7 @@ class EmbedFilter
|
|||
{
|
||||
foreach($this->whiteIframeUrlList AS $key => $value)
|
||||
{
|
||||
if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
|
||||
if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
|
@ -595,7 +595,7 @@ class EmbedFilter
|
|||
*/
|
||||
function _makeWhiteDomainList($whitelist = NULL)
|
||||
{
|
||||
$whiteUrlXmlFile = FileHandler::getRealPath($this->whiteUrlXmlFile);
|
||||
$whiteUrlDefaultFile = FileHandler::getRealPath($this->whiteUrlDefaultFile);
|
||||
$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
|
||||
|
||||
$isMake = FALSE;
|
||||
|
|
@ -603,7 +603,7 @@ class EmbedFilter
|
|||
{
|
||||
$isMake = TRUE;
|
||||
}
|
||||
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
|
||||
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlDefaultFile))
|
||||
{
|
||||
$isMake = TRUE;
|
||||
}
|
||||
|
|
@ -625,50 +625,25 @@ class EmbedFilter
|
|||
|
||||
if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
|
||||
{
|
||||
$whiteUrlList = $whitelist->object;
|
||||
$whiteIframeUrlList = $whitelist->iframe;
|
||||
foreach ($whitelist->object as $prefix)
|
||||
{
|
||||
$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||
}
|
||||
foreach ($whitelist->iframe as $prefix)
|
||||
{
|
||||
$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
||||
|
||||
$xmlParser = new XmlParser();
|
||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
||||
if(!is_array($embedDomainList)) $embedDomainList = array();
|
||||
if(!is_array($iframeDomainList)) $iframeDomainList = array();
|
||||
|
||||
foreach($embedDomainList AS $key => $value)
|
||||
$safeurls = (include $whiteUrlDefaultFile);
|
||||
foreach ($safeurls['object'] as $prefix)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
if(is_array($patternList))
|
||||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$whiteUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$whiteUrlList[] = $patternList->body;
|
||||
}
|
||||
$whiteUrlList[] = $prefix;
|
||||
}
|
||||
|
||||
foreach($iframeDomainList AS $key => $value)
|
||||
foreach ($safeurls['iframe'] as $prefix)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
if(is_array($patternList))
|
||||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$whiteIframeUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$whiteIframeUrlList[] = $patternList->body;
|
||||
}
|
||||
$whiteIframeUrlList[] = $prefix;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -676,18 +651,24 @@ class EmbedFilter
|
|||
|
||||
if($db_info->embed_white_object)
|
||||
{
|
||||
$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
|
||||
foreach ($db_info->embed_white_object as $prefix)
|
||||
{
|
||||
$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||
}
|
||||
}
|
||||
|
||||
if($db_info->embed_white_iframe)
|
||||
{
|
||||
$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
|
||||
foreach ($db_info->embed_white_iframe as $prefix)
|
||||
{
|
||||
$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||
}
|
||||
}
|
||||
|
||||
$whiteUrlList = array_unique($whiteUrlList);
|
||||
$whiteIframeUrlList = array_unique($whiteIframeUrlList);
|
||||
asort($whiteUrlList);
|
||||
asort($whiteIframeUrlList);
|
||||
natcasesort($whiteUrlList);
|
||||
natcasesort($whiteIframeUrlList);
|
||||
|
||||
$buff = array();
|
||||
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
||||
|
|
|
|||
|
|
@ -1,90 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<whiteurl>
|
||||
<embed>
|
||||
<domain name="http://www.naver.com" isNAVER="true" desc="네이버">
|
||||
<pattern>http://serviceapi.nmv.naver.com/</pattern>
|
||||
<pattern>http://scrap.ad.naver.com/</pattern>
|
||||
<pattern>http://event.dn.naver.com/sbsplayer/vmplayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="네이버 뮤직 서비스">
|
||||
<pattern>http://musicplayer.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://player.music.naver.com/naverPlayer/posting/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.daum.net" desc="다음">
|
||||
<pattern>http://flvs.daum.net/flvPlayer.swf</pattern>
|
||||
<pattern>http://api.v.daum.net/</pattern>
|
||||
<pattern>http://tvpot.daum.net/playlist/playlist.swf</pattern>
|
||||
<pattern>http://videofarm.daum.net/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.youtube.com" desc="Youtube">
|
||||
<pattern>http://www.youtube.com/</pattern>
|
||||
<pattern>https://www.youtube.com/</pattern>
|
||||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.mgoon.com" desc="엠군">
|
||||
<pattern>http://play.mgoon.com/</pattern>
|
||||
<pattern>http://doc.mgoon.com/player/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.pandora.tv" desc="판도라TV">
|
||||
<pattern>http://flvr.pandora.tv/flv2pan/</pattern>
|
||||
<pattern>http://imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf</pattern>
|
||||
<pattern>http://imgcdn.pandora.tv/gplayer/flJal.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.tagstory.com" desc="태그스토리">
|
||||
<pattern>http://play.tagstory.com/player/</pattern>
|
||||
<pattern>http://www.tagstory.com/player/basic/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="싸이월드">
|
||||
<pattern>http://dbi.video.cyworld.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="이글루스 동영상">
|
||||
<pattern>http://v.egloos.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.nate.com" desc="네이트">
|
||||
<pattern>http://v.nate.com/v.sk/</pattern>
|
||||
<pattern>http://w.blogdoc.nate.com/</pattern>
|
||||
<pattern>http://blogdoc.nate.com/flash/blogdoc_widget_reco.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.kbs.co.kr" desc="KBS">
|
||||
<pattern>http://www.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
<pattern>http://vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
||||
<pattern>http://netv.sbs.co.kr/sbox/</pattern>
|
||||
<pattern>http://news.sbs.co.kr/</pattern>
|
||||
<pattern>http://wizard2.sbs.co.kr/</pattern>
|
||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.imbc.com" desc="MBC">
|
||||
<pattern>http://onemore.imbc.com/ClientBin/oneplus.xap</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="socialsearch">
|
||||
<pattern>http://static.campaign.naver.com/</pattern>
|
||||
</domain>
|
||||
</embed>
|
||||
<iframe>
|
||||
<domain name="http://www.youtube.com" desc="유튜브 동영상" mobile="true">
|
||||
<pattern>http://www.youtube.com/</pattern>
|
||||
<pattern>https://www.youtube.com/</pattern>
|
||||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://maps.google.com" desc="구글맵스" mobile="true">
|
||||
<pattern>http://maps.google.com/</pattern>
|
||||
<pattern>http://maps.google.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://flvs.daum.net" desc="다음 TV 팟 동영상" mobile="false">
|
||||
<pattern>http://flvs.daum.net/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.vimeo.com" desc="vimeo.com">
|
||||
<pattern>http://player.vimeo.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://tvcast.naver.com" isNAVER="true" desc="NAVER TVCAST">
|
||||
<pattern>http://serviceapi.rmcnmv.naver.com/</pattern>
|
||||
</domain>
|
||||
</iframe>
|
||||
</whiteurl>
|
||||
65
classes/security/conf/whitelist.php
Normal file
65
classes/security/conf/whitelist.php
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
<?php
|
||||
|
||||
return array(
|
||||
'object' => array(
|
||||
// YouTube
|
||||
'www.youtube.com/',
|
||||
'www.youtube-nocookie.com/',
|
||||
// Daum
|
||||
'flvs.daum.net/flvPlayer.swf',
|
||||
'api.v.daum.net/',
|
||||
'tvpot.daum.net/playlist/playlist.swf',
|
||||
'videofarm.daum.net/',
|
||||
// Naver
|
||||
'serviceapi.nmv.naver.com/',
|
||||
'scrap.ad.naver.com/',
|
||||
'event.dn.naver.com/sbsplayer/vmplayer.xap',
|
||||
'static.campaign.naver.com/',
|
||||
'musicplayer.naver.com/naverPlayer/posting/',
|
||||
'player.music.naver.com/naverPlayer/posting/',
|
||||
// Mgoon
|
||||
'play.mgoon.com/',
|
||||
'doc.mgoon.com/player/',
|
||||
// Pandora TV
|
||||
'flvr.pandora.tv/flv2pan/',
|
||||
'imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf',
|
||||
'imgcdn.pandora.tv/gplayer/flJal.swf',
|
||||
// Tagstory
|
||||
'play.tagstory.com/player/',
|
||||
'www.tagstory.com/player/basic/',
|
||||
// Cyworld
|
||||
'dbi.video.cyworld.com/v.sk/',
|
||||
// Egloos
|
||||
'v.egloos.com/v.sk/',
|
||||
// Nate
|
||||
'v.nate.com/v.sk/',
|
||||
'w.blogdoc.nate.com/',
|
||||
'blogdoc.nate.com/flash/blogdoc_widget_reco.swf',
|
||||
// KBS
|
||||
'www.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
|
||||
'vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
|
||||
// MBC
|
||||
'onemore.imbc.com/ClientBin/oneplus.xap',
|
||||
// SBS
|
||||
'netv.sbs.co.kr/sbox/',
|
||||
'news.sbs.co.kr/',
|
||||
'wizard2.sbs.co.kr/',
|
||||
'sbsplayer.sbs.co.kr/',
|
||||
),
|
||||
'iframe' => array(
|
||||
// YouTube
|
||||
'www.youtube.com/',
|
||||
'www.youtube-nocookie.com/',
|
||||
// Google Maps
|
||||
'maps.google.com/',
|
||||
'maps.google.co.kr/',
|
||||
// Daum TV Pot
|
||||
'flvs.daum.net/',
|
||||
// NAVER TVCAST
|
||||
'serviceapi.rmcnmv.naver.com/',
|
||||
// SBS
|
||||
'sbsplayer.sbs.co.kr/',
|
||||
// Vimeo
|
||||
'player.vimeo.com/',
|
||||
),
|
||||
);
|
||||
Loading…
Add table
Add a link
Reference in a new issue