X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=plugins%2FOembed%2FOembedPlugin.php;h=7d66bdebefac568c7148392decc56b9693e523b7;hb=d4be5349b30f49fa049dbfc854bb2a95eeb1d5c1;hp=177fd6ed3ef4bdce3a760985de53b83439e50ce6;hpb=1776c90cb98d5ca738db143703fb998612ada31e;p=quix0rs-gnu-social.git diff --git a/plugins/Oembed/OembedPlugin.php b/plugins/Oembed/OembedPlugin.php index 177fd6ed3e..7d66bdebef 100644 --- a/plugins/Oembed/OembedPlugin.php +++ b/plugins/Oembed/OembedPlugin.php @@ -1,7 +1,28 @@ 'value', ...)); + // WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings + public $domain_whitelist = array( // hostname => service provider + '^i\d*\.ytimg\.com$' => 'YouTube', + '^i\d*\.vimeocdn\.com$' => 'Vimeo', + ); + public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources + public $check_whitelist = false; // security/abuse precaution + + protected $imgData = array(); + + // these should be declared protected everywhere + public function initialize() + { + parent::initialize(); + + $this->domain_whitelist = array_merge($this->domain_whitelist, $this->append_whitelist); + } + public function onCheckSchema() { $schema = Schema::get(); @@ -14,6 +35,24 @@ class OembedPlugin extends Plugin $m->connect('main/oembed', array('action' => 'oembed')); } + public function onGetRemoteUrlMetadataFromDom($url, DOMDocument $dom, stdClass &$metadata) + { + try { + common_log(LOG_INFO, 'Trying to discover an oEmbed endpoint using link headers.'); + $api = oEmbedHelper::oEmbedEndpointFromHTML($dom); + common_log(LOG_INFO, 'Found API endpoint ' . $api . ' for URL ' . $url); + $params = array( + 'maxwidth' => common_config('thumbnail', 'width'), + 'maxheight' => common_config('thumbnail', 'height'), + ); + $metadata = oEmbedHelper::getOembedFrom($api, $url, $params); + + } catch (Exception $e) { + common_log(LOG_INFO, 'Could not find an oEmbed endpoint using link headers.'); + // Just ignore it! + } + } + public function onEndShowHeadElements(Action $action) { switch ($action->getActionName()) { @@ -38,20 +77,28 @@ class OembedPlugin extends Plugin 'title'=>'oEmbed'),null); break; case 'shownotice': - $this->element('link',array('rel'=>'alternate', - 'type'=>'application/json+oembed', - 'href'=>common_local_url( - 'oembed', - array(), - array('format'=>'json','url'=>$this->notice->getUrl())), - 'title'=>'oEmbed'),null); - $this->element('link',array('rel'=>'alternate', - 'type'=>'text/xml+oembed', - 'href'=>common_local_url( - 'oembed', - array(), - array('format'=>'xml','url'=>$this->notice->getUrl())), - 'title'=>'oEmbed'),null); + if (!$action->notice->isLocal()) { + break; + } + try { + $action->element('link',array('rel'=>'alternate', + 'type'=>'application/json+oembed', + 'href'=>common_local_url( + 'oembed', + array(), + array('format'=>'json','url'=>$action->notice->getUrl())), + 'title'=>'oEmbed'),null); + $action->element('link',array('rel'=>'alternate', + 'type'=>'text/xml+oembed', + 'href'=>common_local_url( + 'oembed', + array(), + array('format'=>'xml','url'=>$action->notice->getUrl())), + 'title'=>'oEmbed'),null); + } catch (InvalidUrlException $e) { + // The notice is probably a share or similar, which don't + // have a representational URL of their own. + } break; } @@ -64,28 +111,23 @@ class OembedPlugin extends Plugin * Normally this event is called through File::saveNew() * * @param File $file The newly inserted File object. - * @param array $redir_data lookup data eg from File_redirection::where() - * @param string $given_url * * @return boolean success */ - public function onEndFileSaveNew(File $file, array $redir_data, $given_url) + public function onEndFileSaveNew(File $file) { $fo = File_oembed::getKV('file_id', $file->id); if ($fo instanceof File_oembed) { - common_log(LOG_WARNING, "Strangely, a File_oembed object exists for new file $file_id", __FILE__); - return true; + common_log(LOG_WARNING, "Strangely, a File_oembed object exists for new file {$file->id}", __FILE__); + return true; } - if (isset($redir_data['oembed']['json']) - && !empty($redir_data['oembed']['json'])) { - File_oembed::saveNew($redir_data['oembed']['json'], $file->id); - } elseif (isset($redir_data['type']) - && (('text/html' === substr($redir_data['type'], 0, 9) - || 'application/xhtml+xml' === substr($redir_data['type'], 0, 21)))) { + if (isset($file->mimetype) + && (('text/html' === substr($file->mimetype, 0, 9) + || 'application/xhtml+xml' === substr($file->mimetype, 0, 21)))) { try { - $oembed_data = File_oembed::_getOembed($given_url); + $oembed_data = File_oembed::_getOembed($file->url); if ($oembed_data === false) { throw new Exception('Did not get oEmbed data from URL'); } @@ -104,7 +146,7 @@ class OembedPlugin extends Plugin if (empty($oembed->author_name) && empty($oembed->provider)) { return true; } - $out->elementStart('div', array('id'=>'oembed_info', 'class'=>'entry-content')); + $out->elementStart('div', array('id'=>'oembed_info', 'class'=>'e-content')); if (!empty($oembed->author_name)) { $out->elementStart('div', 'fn vcard author'); if (empty($oembed->author_url)) { @@ -145,32 +187,125 @@ class OembedPlugin extends Plugin return true; } - public function onStartShowAttachmentRepresentation(HTMLOutputter $out, File $file) + public function onShowUnsupportedAttachmentRepresentation(HTMLOutputter $out, File $file) { - $oembed = File_oembed::getKV('file_id', $file->id); - if (empty($oembed->type)) { + try { + $oembed = File_oembed::getByFile($file); + } catch (NoResultException $e) { return true; } + + // the 'photo' type is shown through ordinary means, using StartShowAttachmentRepresentation! switch ($oembed->type) { case 'rich': case 'video': case 'link': - if (!empty($oembed->html)) { + if (!empty($oembed->html) + && (GNUsocial::isAjax() || common_config('attachments', 'show_html'))) { require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; $config = array( 'safe'=>1, 'elements'=>'*+object+embed'); $out->raw(htmLawed($oembed->html,$config)); } + return false; break; + } - case 'photo': - $out->element('img', array('src' => $oembed->url, 'width' => $oembed->width, 'height' => $oembed->height, 'alt' => 'alt')); - break; + return true; + } - default: - Event::handle('ShowUnsupportedAttachmentRepresentation', array($out, $file)); + public function onCreateFileImageThumbnailSource(File $file, &$imgPath, $media=null) + { + // If we are on a private node, we won't do any remote calls (just as a precaution until + // we can configure this from config.php for the private nodes) + if (common_config('site', 'private')) { + return true; + } + + // All our remote Oembed images lack a local filename property in the File object + if (!is_null($file->filename)) { + return true; + } + + try { + // If we have proper oEmbed data, there should be an entry in the File_oembed + // and File_thumbnail tables respectively. If not, we're not going to do anything. + $file_oembed = File_oembed::getByFile($file); + $thumbnail = File_thumbnail::byFile($file); + } catch (Exception $e) { + // Not Oembed data, or at least nothing we either can or want to use. + return true; + } + + try { + $this->storeRemoteFileThumbnail($thumbnail); + } catch (AlreadyFulfilledException $e) { + // aw yiss! + } + + $imgPath = $thumbnail->getPath(); + + return false; + } + + /** + * @return boolean false on no check made, provider name on success + * @throws ServerException if check is made but fails + */ + protected function checkWhitelist($url) + { + if (!$this->check_whitelist) { + return false; // indicates "no check made" + } + + $host = parse_url($url, PHP_URL_HOST); + foreach ($this->domain_whitelist as $regex => $provider) { + if (preg_match("/$regex/", $host)) { + return $provider; // we trust this source, return provider name + } + } + + throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host)); + } + + protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail) + { + if (!empty($thumbnail->filename) && file_exists($thumbnail->getPath())) { + throw new AlreadyFulfilledException(sprintf('A thumbnail seems to already exist for remote file with id==%u', $thumbnail->file_id)); + } + + $url = $thumbnail->getUrl(); + $this->checkWhitelist($url); + + // First we download the file to memory and test whether it's actually an image file + // FIXME: To support remote video/whatever files, this needs reworking. + common_debug(sprintf('Downloading remote thumbnail for file id==%u with thumbnail URL: %s', $thumbnail->file_id, $url)); + $imgData = HTTPClient::quickGet($url); + $info = @getimagesizefromstring($imgData); + if ($info === false) { + throw new UnsupportedMediaException(_('Remote file format was not identified as an image.'), $url); + } elseif (!$info[0] || !$info[1]) { + throw new UnsupportedMediaException(_('Image file had impossible geometry (0 width or height)')); + } + + // We'll trust sha256 (File::FILEHASH_ALG) not to have collision issues any time soon :) + $filename = hash(File::FILEHASH_ALG, $imgData) . '.' . common_supported_mime_to_ext($info['mime']); + $fullpath = File_thumbnail::path($filename); + // Write the file to disk. Throw Exception on failure + if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) { + throw new ServerException(_('Could not write downloaded file to disk.')); } + // Get rid of the file from memory + unset($imgData); + + // Updated our database for the file record + $orig = clone($thumbnail); + $thumbnail->filename = $filename; + $thumbnail->width = $info[0]; // array indexes documented on php.net: + $thumbnail->height = $info[1]; // https://php.net/manual/en/function.getimagesize.php + // Throws exception on failure. + $thumbnail->updateWithKeys($orig, 'file_id'); } public function onPluginVersion(array &$versions)