Fix allowed_email()

- Reworked allowed_domain
- Added more variable checks to allowed_email() and
OEmbed::isAllowedURL()

diff --git a/include/network.php b/include/network.php
index 561c7aa9489a6305009f250bf23f6e38d525e6e3..413048d5b8057992d731b5e489b7ba8bfb8be02a 100644 (file)
--- a/include/network.php
+++ b/include/network.php
@@ -609,11 +609,15 @@ function blocked_url($url)
 function allowed_email($email)
 {
        $domain = strtolower(substr($email, strpos($email, '@') + 1));
-       if (! $domain) {
+       if (!$domain) {
                return false;
        }
 
        $str_allowed = Config::get('system', 'allowed_email', '');
+       if (!x($str_allowed)) {
+               return true;
+       }
+
        $allowed = explode(',', $str_allowed);
 
        return allowed_domain($domain, $allowed);
@@ -622,29 +626,23 @@ function allowed_email($email)
 /**
  * Checks for the existence of a domain in a domain list
  *
- * If strict is not set, an empty domain list counts as found
- *
  * @brief Checks for the existence of a domain in a domain list
  * @param string $domain
- * @param array $domain_list
- * @param bool   $strict
+ * @param array  $domain_list
  * @return boolean
  */
-function allowed_domain($domain, array $domain_list, $strict = false)
+function allowed_domain($domain, array $domain_list)
 {
        $found = false;
 
-       if (count($domain_list)) {
-               foreach ($domain_list as $item) {
-                       $pat = strtolower(trim($item));
-                       if (fnmatch($pat, $domain) || ($pat == $domain)) {
-                               $found = true;
-                               break;
-                       }
+       foreach ($domain_list as $item) {
+               $pat = strtolower(trim($item));
+               if (fnmatch($pat, $domain) || ($pat == $domain)) {
+                       $found = true;
+                       break;
                }
-       } elseif(!$strict) {
-               $found = true;
        }
+
        return $found;
 }
 

diff --git a/mod/register.php b/mod/register.php
index c8b333018fa957790ca5da342f2120aaef2155a0..4edf3ee6a651415eff0378b59421adb5d3c26ba7 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -237,15 +237,15 @@ function register_content(App $a)
 
        $license = '';
 
-       $o = get_markup_template("register.tpl");
+       $tpl = get_markup_template("register.tpl");
 
-       $arr = array('template' => $o);
+       $arr = array('template' => $tpl);
 
        call_hooks('register_form', $arr);
 
-       $o = $arr['template'];
+       $tpl = $arr['template'];
 
-       $o = replace_macros($o, [
+       $o = replace_macros($tpl, [
                '$oidhtml' => $oidhtml,
                '$invitations' => Config::get('system', 'invitation_only'),
                '$permonly'    => $a->config['register_policy'] == REGISTER_APPROVE,

diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php
index 50b8bb4e3545718493fd8d436fc8630868eb41b7..07c36685c3516f3afeb969e124d704bd8df37d02 100644 (file)
--- a/src/Content/OEmbed.php
+++ b/src/Content/OEmbed.php
@@ -299,11 +299,18 @@ class OEmbed
                }\r
 \r
                $domain = parse_url($url, PHP_URL_HOST);\r
+               if (!x($domain)) {\r
+                       return false;\r
+               }\r
 \r
                $str_allowed = Config::get('system', 'allowed_oembed', '');\r
+               if (!x($str_allowed)) {\r
+                       return false;\r
+               }\r
+               \r
                $allowed = explode(',', $str_allowed);\r
 \r
-               return allowed_domain($domain, $allowed, true);\r
+               return allowed_domain($domain, $allowed);\r
        }\r
 \r
        public static function getHTML($url, $title = null)\r