mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-05-04 17:44:38 +09:00
embed whitelist 설정파일에서 XML을 제거하고 http/https를 구분하지 않도록 함
This commit is contained in:
Kijin Sung
parent
002d239137
commit
ca3001141c
3 changed files with 93 additions and 137 deletions
|
|
@ -17,7 +17,7 @@ class EmbedFilter
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
var $allowscriptaccessKey = 0;
|
var $allowscriptaccessKey = 0;
|
||||||
var $whiteUrlXmlFile = './classes/security/conf/embedWhiteUrl.xml';
|
var $whiteUrlDefaultFile = './classes/security/conf/whitelist.php';
|
||||||
var $whiteUrlCacheFile = './files/cache/embedfilter/embedWhiteUrl.php';
|
var $whiteUrlCacheFile = './files/cache/embedfilter/embedWhiteUrl.php';
|
||||||
var $whiteUrlList = array();
|
var $whiteUrlList = array();
|
||||||
var $whiteIframeUrlList = array();
|
var $whiteIframeUrlList = array();
|
||||||
|
|
@ -495,7 +495,7 @@ class EmbedFilter
|
||||||
{
|
{
|
||||||
foreach($this->whiteUrlList AS $key => $value)
|
foreach($this->whiteUrlList AS $key => $value)
|
||||||
{
|
{
|
||||||
if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
|
if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
|
||||||
{
|
{
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -514,7 +514,7 @@ class EmbedFilter
|
||||||
{
|
{
|
||||||
foreach($this->whiteIframeUrlList AS $key => $value)
|
foreach($this->whiteIframeUrlList AS $key => $value)
|
||||||
{
|
{
|
||||||
if(preg_match('@^' . preg_quote($value) . '@i', $urlAttribute))
|
if(preg_match('@^https?://' . preg_quote($value, '@') . '@i', $urlAttribute))
|
||||||
{
|
{
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -595,7 +595,7 @@ class EmbedFilter
|
||||||
*/
|
*/
|
||||||
function _makeWhiteDomainList($whitelist = NULL)
|
function _makeWhiteDomainList($whitelist = NULL)
|
||||||
{
|
{
|
||||||
$whiteUrlXmlFile = FileHandler::getRealPath($this->whiteUrlXmlFile);
|
$whiteUrlDefaultFile = FileHandler::getRealPath($this->whiteUrlDefaultFile);
|
||||||
$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
|
$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
|
||||||
|
|
||||||
$isMake = FALSE;
|
$isMake = FALSE;
|
||||||
|
|
@ -603,7 +603,7 @@ class EmbedFilter
|
||||||
{
|
{
|
||||||
$isMake = TRUE;
|
$isMake = TRUE;
|
||||||
}
|
}
|
||||||
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
|
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlDefaultFile))
|
||||||
{
|
{
|
||||||
$isMake = TRUE;
|
$isMake = TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -625,50 +625,25 @@ class EmbedFilter
|
||||||
|
|
||||||
if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
|
if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
|
||||||
{
|
{
|
||||||
$whiteUrlList = $whitelist->object;
|
foreach ($whitelist->object as $prefix)
|
||||||
$whiteIframeUrlList = $whitelist->iframe;
|
{
|
||||||
|
$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||||
|
}
|
||||||
|
foreach ($whitelist->iframe as $prefix)
|
||||||
|
{
|
||||||
|
$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
$safeurls = (include $whiteUrlDefaultFile);
|
||||||
|
foreach ($safeurls['object'] as $prefix)
|
||||||
$xmlParser = new XmlParser();
|
|
||||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
|
||||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
|
||||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
|
||||||
if(!is_array($embedDomainList)) $embedDomainList = array();
|
|
||||||
if(!is_array($iframeDomainList)) $iframeDomainList = array();
|
|
||||||
|
|
||||||
foreach($embedDomainList AS $key => $value)
|
|
||||||
{
|
{
|
||||||
$patternList = $value->pattern;
|
$whiteUrlList[] = $prefix;
|
||||||
if(is_array($patternList))
|
|
||||||
{
|
|
||||||
foreach($patternList AS $key => $value)
|
|
||||||
{
|
|
||||||
$whiteUrlList[] = $value->body;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$whiteUrlList[] = $patternList->body;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
foreach ($safeurls['iframe'] as $prefix)
|
||||||
foreach($iframeDomainList AS $key => $value)
|
|
||||||
{
|
{
|
||||||
$patternList = $value->pattern;
|
$whiteIframeUrlList[] = $prefix;
|
||||||
if(is_array($patternList))
|
|
||||||
{
|
|
||||||
foreach($patternList AS $key => $value)
|
|
||||||
{
|
|
||||||
$whiteIframeUrlList[] = $value->body;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$whiteIframeUrlList[] = $patternList->body;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -676,18 +651,24 @@ class EmbedFilter
|
||||||
|
|
||||||
if($db_info->embed_white_object)
|
if($db_info->embed_white_object)
|
||||||
{
|
{
|
||||||
$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
|
foreach ($db_info->embed_white_object as $prefix)
|
||||||
|
{
|
||||||
|
$whiteUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if($db_info->embed_white_iframe)
|
if($db_info->embed_white_iframe)
|
||||||
{
|
{
|
||||||
$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
|
foreach ($db_info->embed_white_iframe as $prefix)
|
||||||
|
{
|
||||||
|
$whiteIframeUrlList[] = preg_match('@^https?://(.*)$@i', $prefix, $matches) ? $matches[1] : $prefix;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$whiteUrlList = array_unique($whiteUrlList);
|
$whiteUrlList = array_unique($whiteUrlList);
|
||||||
$whiteIframeUrlList = array_unique($whiteIframeUrlList);
|
$whiteIframeUrlList = array_unique($whiteIframeUrlList);
|
||||||
asort($whiteUrlList);
|
natcasesort($whiteUrlList);
|
||||||
asort($whiteIframeUrlList);
|
natcasesort($whiteIframeUrlList);
|
||||||
|
|
||||||
$buff = array();
|
$buff = array();
|
||||||
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
||||||
|
|
|
||||||
|
|
@ -1,90 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<whiteurl>
|
|
||||||
<embed>
|
|
||||||
<domain name="http://www.naver.com" isNAVER="true" desc="네이버">
|
|
||||||
<pattern>http://serviceapi.nmv.naver.com/</pattern>
|
|
||||||
<pattern>http://scrap.ad.naver.com/</pattern>
|
|
||||||
<pattern>http://event.dn.naver.com/sbsplayer/vmplayer.xap</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="" isNAVER="true" desc="네이버 뮤직 서비스">
|
|
||||||
<pattern>http://musicplayer.naver.com/naverPlayer/posting/</pattern>
|
|
||||||
<pattern>http://player.music.naver.com/naverPlayer/posting/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.daum.net" desc="다음">
|
|
||||||
<pattern>http://flvs.daum.net/flvPlayer.swf</pattern>
|
|
||||||
<pattern>http://api.v.daum.net/</pattern>
|
|
||||||
<pattern>http://tvpot.daum.net/playlist/playlist.swf</pattern>
|
|
||||||
<pattern>http://videofarm.daum.net/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.youtube.com" desc="Youtube">
|
|
||||||
<pattern>http://www.youtube.com/</pattern>
|
|
||||||
<pattern>https://www.youtube.com/</pattern>
|
|
||||||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
|
||||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.mgoon.com" desc="엠군">
|
|
||||||
<pattern>http://play.mgoon.com/</pattern>
|
|
||||||
<pattern>http://doc.mgoon.com/player/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.pandora.tv" desc="판도라TV">
|
|
||||||
<pattern>http://flvr.pandora.tv/flv2pan/</pattern>
|
|
||||||
<pattern>http://imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf</pattern>
|
|
||||||
<pattern>http://imgcdn.pandora.tv/gplayer/flJal.swf</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.tagstory.com" desc="태그스토리">
|
|
||||||
<pattern>http://play.tagstory.com/player/</pattern>
|
|
||||||
<pattern>http://www.tagstory.com/player/basic/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="" desc="싸이월드">
|
|
||||||
<pattern>http://dbi.video.cyworld.com/v.sk/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="" desc="이글루스 동영상">
|
|
||||||
<pattern>http://v.egloos.com/v.sk/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.nate.com" desc="네이트">
|
|
||||||
<pattern>http://v.nate.com/v.sk/</pattern>
|
|
||||||
<pattern>http://w.blogdoc.nate.com/</pattern>
|
|
||||||
<pattern>http://blogdoc.nate.com/flash/blogdoc_widget_reco.swf</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.kbs.co.kr" desc="KBS">
|
|
||||||
<pattern>http://www.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
|
||||||
<pattern>http://vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
|
||||||
<pattern>http://netv.sbs.co.kr/sbox/</pattern>
|
|
||||||
<pattern>http://news.sbs.co.kr/</pattern>
|
|
||||||
<pattern>http://wizard2.sbs.co.kr/</pattern>
|
|
||||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.imbc.com" desc="MBC">
|
|
||||||
<pattern>http://onemore.imbc.com/ClientBin/oneplus.xap</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="" isNAVER="true" desc="socialsearch">
|
|
||||||
<pattern>http://static.campaign.naver.com/</pattern>
|
|
||||||
</domain>
|
|
||||||
</embed>
|
|
||||||
<iframe>
|
|
||||||
<domain name="http://www.youtube.com" desc="유튜브 동영상" mobile="true">
|
|
||||||
<pattern>http://www.youtube.com/</pattern>
|
|
||||||
<pattern>https://www.youtube.com/</pattern>
|
|
||||||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
|
||||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://maps.google.com" desc="구글맵스" mobile="true">
|
|
||||||
<pattern>http://maps.google.com/</pattern>
|
|
||||||
<pattern>http://maps.google.co.kr/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://flvs.daum.net" desc="다음 TV 팟 동영상" mobile="false">
|
|
||||||
<pattern>http://flvs.daum.net/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
|
||||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://www.vimeo.com" desc="vimeo.com">
|
|
||||||
<pattern>http://player.vimeo.com/</pattern>
|
|
||||||
</domain>
|
|
||||||
<domain name="http://tvcast.naver.com" isNAVER="true" desc="NAVER TVCAST">
|
|
||||||
<pattern>http://serviceapi.rmcnmv.naver.com/</pattern>
|
|
||||||
</domain>
|
|
||||||
</iframe>
|
|
||||||
</whiteurl>
|
|
||||||
65
classes/security/conf/whitelist.php
Normal file
65
classes/security/conf/whitelist.php
Normal file
|
|
@ -0,0 +1,65 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
return array(
|
||||||
|
'object' => array(
|
||||||
|
// YouTube
|
||||||
|
'www.youtube.com/',
|
||||||
|
'www.youtube-nocookie.com/',
|
||||||
|
// Daum
|
||||||
|
'flvs.daum.net/flvPlayer.swf',
|
||||||
|
'api.v.daum.net/',
|
||||||
|
'tvpot.daum.net/playlist/playlist.swf',
|
||||||
|
'videofarm.daum.net/',
|
||||||
|
// Naver
|
||||||
|
'serviceapi.nmv.naver.com/',
|
||||||
|
'scrap.ad.naver.com/',
|
||||||
|
'event.dn.naver.com/sbsplayer/vmplayer.xap',
|
||||||
|
'static.campaign.naver.com/',
|
||||||
|
'musicplayer.naver.com/naverPlayer/posting/',
|
||||||
|
'player.music.naver.com/naverPlayer/posting/',
|
||||||
|
// Mgoon
|
||||||
|
'play.mgoon.com/',
|
||||||
|
'doc.mgoon.com/player/',
|
||||||
|
// Pandora TV
|
||||||
|
'flvr.pandora.tv/flv2pan/',
|
||||||
|
'imgcdn.pandora.tv/gplayer/pandora_EGplayer.swf',
|
||||||
|
'imgcdn.pandora.tv/gplayer/flJal.swf',
|
||||||
|
// Tagstory
|
||||||
|
'play.tagstory.com/player/',
|
||||||
|
'www.tagstory.com/player/basic/',
|
||||||
|
// Cyworld
|
||||||
|
'dbi.video.cyworld.com/v.sk/',
|
||||||
|
// Egloos
|
||||||
|
'v.egloos.com/v.sk/',
|
||||||
|
// Nate
|
||||||
|
'v.nate.com/v.sk/',
|
||||||
|
'w.blogdoc.nate.com/',
|
||||||
|
'blogdoc.nate.com/flash/blogdoc_widget_reco.swf',
|
||||||
|
// KBS
|
||||||
|
'www.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
|
||||||
|
'vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap',
|
||||||
|
// MBC
|
||||||
|
'onemore.imbc.com/ClientBin/oneplus.xap',
|
||||||
|
// SBS
|
||||||
|
'netv.sbs.co.kr/sbox/',
|
||||||
|
'news.sbs.co.kr/',
|
||||||
|
'wizard2.sbs.co.kr/',
|
||||||
|
'sbsplayer.sbs.co.kr/',
|
||||||
|
),
|
||||||
|
'iframe' => array(
|
||||||
|
// YouTube
|
||||||
|
'www.youtube.com/',
|
||||||
|
'www.youtube-nocookie.com/',
|
||||||
|
// Google Maps
|
||||||
|
'maps.google.com/',
|
||||||
|
'maps.google.co.kr/',
|
||||||
|
// Daum TV Pot
|
||||||
|
'flvs.daum.net/',
|
||||||
|
// NAVER TVCAST
|
||||||
|
'serviceapi.rmcnmv.naver.com/',
|
||||||
|
// SBS
|
||||||
|
'sbsplayer.sbs.co.kr/',
|
||||||
|
// Vimeo
|
||||||
|
'player.vimeo.com/',
|
||||||
|
),
|
||||||
|
);
|
||||||
Loading…
Add table
Add a link
Reference in a new issue