diff options
| author | Andrew Dolgov <[email protected]> | 2019-11-27 11:52:51 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-11-27 11:52:51 +0300 |
| commit | d15f0349bf1671d3b3704f728372b7fb3f4045bd (patch) | |
| tree | 8762bfff2181162591e3ecce6a843fda7f99ee9b | |
| parent | e5b7b145e53915b8ff026f8caaa92fa2f7c833aa (diff) | |
remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)
| -rwxr-xr-x | classes/pluginhost.php | 1 | ||||
| -rw-r--r-- | include/functions.php | 6 |
2 files changed, 3 insertions, 4 deletions
diff --git a/classes/pluginhost.php b/classes/pluginhost.php index ac782e699..6158880f2 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -61,6 +61,7 @@ class PluginHost { const HOOK_GET_FULL_TEXT = 41; const HOOK_ARTICLE_IMAGE = 42; const HOOK_FEED_TREE = 43; + const HOOK_IFRAME_WHITELISTED = 44; const KIND_ALL = 1; const KIND_SYSTEM = 2; diff --git a/include/functions.php b/include/functions.php index c152454b9..0f5464990 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1250,13 +1250,11 @@ } function iframe_whitelisted($entry) { - $whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com"); - @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); if ($src) { - foreach ($whitelist as $w) { - if ($src == $w || $src == "www.$w") + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) { + if ($plugin->hook_iframe_whitelisted($src)) return true; } } |