From d15f0349bf1671d3b3704f728372b7fb3f4045bd Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 27 Nov 2019 11:52:51 +0300
Subject: remove hardcoded iframe domain whitelist, make iframe script
 whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)

---
 include/functions.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index c152454b9..0f5464990 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1250,13 +1250,11 @@
 	}
 
 	function iframe_whitelisted($entry) {
-		$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
-
 		@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
 
 		if ($src) {
-			foreach ($whitelist as $w) {
-				if ($src == $w || $src == "www.$w")
+			foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
+				if ($plugin->hook_iframe_whitelisted($src))
 					return true;
 			}
 		}
-- 
cgit v1.2.3