<?php
+if (!defined('GNUSOCIAL')) { exit(1); }
+
class OembedPlugin extends Plugin
{
+ // settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
+ // WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings
+ public $domain_whitelist = array( // hostname => service provider
+ '^i\d*\.ytimg\.com$' => 'YouTube',
+ '^i\d*\.vimeocdn\.com$' => 'Vimeo',
+ );
+ public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
+ public $check_whitelist = true; // security/abuse precaution
+
+ protected $imgData = array();
+
+ // these should be declared protected everywhere
+ public function initialize()
+ {
+ parent::initialize();
+
+ $this->domain_whitelist = array_merge($this->domain_whitelist, $this->append_whitelist);
+ }
+
public function onCheckSchema()
{
$schema = Schema::get();
'title'=>'oEmbed'),null);
break;
case 'shownotice':
- $action->element('link',array('rel'=>'alternate',
- 'type'=>'application/json+oembed',
- 'href'=>common_local_url(
- 'oembed',
- array(),
- array('format'=>'json','url'=>$action->notice->getUrl())),
- 'title'=>'oEmbed'),null);
- $action->element('link',array('rel'=>'alternate',
- 'type'=>'text/xml+oembed',
- 'href'=>common_local_url(
- 'oembed',
- array(),
- array('format'=>'xml','url'=>$action->notice->getUrl())),
- 'title'=>'oEmbed'),null);
+ try {
+ $action->element('link',array('rel'=>'alternate',
+ 'type'=>'application/json+oembed',
+ 'href'=>common_local_url(
+ 'oembed',
+ array(),
+ array('format'=>'json','url'=>$action->notice->getUrl())),
+ 'title'=>'oEmbed'),null);
+ $action->element('link',array('rel'=>'alternate',
+ 'type'=>'text/xml+oembed',
+ 'href'=>common_local_url(
+ 'oembed',
+ array(),
+ array('format'=>'xml','url'=>$action->notice->getUrl())),
+ 'title'=>'oEmbed'),null);
+ } catch (InvalidUrlException $e) {
+ // The notice is probably a share or similar, which don't
+ // have a representational URL of their own.
+ }
break;
}
if (empty($oembed->author_name) && empty($oembed->provider)) {
return true;
}
- $out->elementStart('div', array('id'=>'oembed_info', 'class'=>'entry-content'));
+ $out->elementStart('div', array('id'=>'oembed_info', 'class'=>'e-content'));
if (!empty($oembed->author_name)) {
$out->elementStart('div', 'fn vcard author');
if (empty($oembed->author_url)) {
case 'rich':
case 'video':
case 'link':
- if (!empty($oembed->html)) {
+ if (!empty($oembed->html)
+ && (StatusNet::isAjax() || common_config('attachments', 'show_html'))) {
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array(
'safe'=>1,
}
}
+ public function onCreateFileImageThumbnailSource(File $file, &$imgPath, $media=null)
+ {
+ // If we are on a private node, we won't do any remote calls (just as a precaution until
+ // we can configure this from config.php for the private nodes)
+ if (common_config('site', 'private')) {
+ return true;
+ }
+
+ // All our remote Oembed images lack a local filename property in the File object
+ if ($file->filename !== null) {
+ return true;
+ }
+
+ try {
+ // If we have proper oEmbed data, there should be an entry in the File_oembed
+ // and File_thumbnail tables respectively. If not, we're not going to do anything.
+ $file_oembed = File_oembed::byFile($file);
+ $thumbnail = File_thumbnail::byFile($file);
+ } catch (Exception $e) {
+ // Not Oembed data, or at least nothing we either can or want to use.
+ return true;
+ }
+
+ try {
+ $this->storeRemoteFileThumbnail($thumbnail);
+ } catch (AlreadyFulfilledException $e) {
+ // aw yiss!
+ }
+
+ $imgPath = $thumbnail->getPath();
+
+ return false;
+ }
+
+ /**
+ * @return boolean false on no check made, provider name on success
+ * @throws ServerException if check is made but fails
+ */
+ protected function checkWhitelist($url)
+ {
+ if (!$this->check_whitelist) {
+ return false; // indicates "no check made"
+ }
+
+ $host = parse_url($url, PHP_URL_HOST);
+ foreach ($this->domain_whitelist as $regex => $provider) {
+ if (preg_match("/$regex/", $host)) {
+ return $provider; // we trust this source, return provider name
+ }
+ }
+
+ throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
+ }
+
+ protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
+ {
+ if (!empty($thumbnail->filename) && file_exists($thumbnail->getPath())) {
+ throw new AlreadyFulfilledException(sprintf('A thumbnail seems to already exist for remote file with id==%u', $thumbnail->file_id));
+ }
+
+ $url = $thumbnail->getUrl();
+ $this->checkWhitelist($url);
+
+ // First we download the file to memory and test whether it's actually an image file
+ // FIXME: To support remote video/whatever files, this needs reworking.
+ common_debug(sprintf('Downloading remote thumbnail for file id==%u with thumbnail URL: %s', $thumbnail->file_id, $url));
+ $imgData = HTTPClient::quickGet($url);
+ $info = @getimagesizefromstring($imgData);
+ if ($info === false) {
+ throw new UnsupportedMediaException(_('Remote file format was not identified as an image.'), $url);
+ } elseif (!$info[0] || !$info[1]) {
+ throw new UnsupportedMediaException(_('Image file had impossible geometry (0 width or height)'));
+ }
+
+ // We'll trust sha256 not to have collision issues any time soon :)
+ $filename = hash('sha256', $imgData) . '.' . common_supported_mime_to_ext($info['mime']);
+ $fullpath = File_thumbnail::path($filename);
+ // Write the file to disk. Throw Exception on failure
+ if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) {
+ throw new ServerException(_('Could not write downloaded file to disk.'));
+ }
+ // Get rid of the file from memory
+ unset($imgData);
+
+ // Updated our database for the file record
+ $orig = clone($thumbnail);
+ $thumbnail->filename = $filename;
+ $thumbnail->width = $info[0]; // array indexes documented on php.net:
+ $thumbnail->height = $info[1]; // https://php.net/manual/en/function.getimagesize.php
+ // Throws exception on failure.
+ $thumbnail->updateWithKeys($orig, 'file_id');
+ }
+
public function onPluginVersion(array &$versions)
{
$versions[] = array('name' => 'Oembed',