Browse Source

remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)

Andrew Dolgov 7 months ago
parent
commit
d15f0349bf
2 changed files with 3 additions and 4 deletions
  1. 1 0
      classes/pluginhost.php
  2. 2 4
      include/functions.php

+ 1 - 0
classes/pluginhost.php

@@ -61,6 +61,7 @@ class PluginHost {
 	const HOOK_GET_FULL_TEXT = 41;
 	const HOOK_ARTICLE_IMAGE = 42;
 	const HOOK_FEED_TREE = 43;
+	const HOOK_IFRAME_WHITELISTED = 44;
 
 	const KIND_ALL = 1;
 	const KIND_SYSTEM = 2;

+ 2 - 4
include/functions.php

@@ -1250,13 +1250,11 @@
 	}
 
 	function iframe_whitelisted($entry) {
-		$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
-
 		@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
 
 		if ($src) {
-			foreach ($whitelist as $w) {
-				if ($src == $w || $src == "www.$w")
+			foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
+				if ($plugin->hook_iframe_whitelisted($src))
 					return true;
 			}
 		}