diff options
| author | Andrew Dolgov <[email protected]> | 2019-11-27 11:52:51 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-11-27 11:52:51 +0300 |
| commit | d15f0349bf1671d3b3704f728372b7fb3f4045bd (patch) | |
| tree | 8762bfff2181162591e3ecce6a843fda7f99ee9b /include | |
| parent | e5b7b145e53915b8ff026f8caaa92fa2f7c833aa (diff) | |
remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/include/functions.php b/include/functions.php index c152454b9..0f5464990 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1250,13 +1250,11 @@ } function iframe_whitelisted($entry) { - $whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com"); - @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); if ($src) { - foreach ($whitelist as $w) { - if ($src == $w || $src == "www.$w") + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) { + if ($plugin->hook_iframe_whitelisted($src)) return true; } } |