From: Saul St John Date: Wed, 2 Mar 2016 15:41:17 +0000 (+0000) Subject: add blacklist to StoreRemoteMedia plugin X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=43754c7f17937fd40582e401af0ccd4a2015b3ce;p=quix0rs-gnu-social.git add blacklist to StoreRemoteMedia plugin --- diff --git a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php index a08ae92572..f38ca4713e 100644 --- a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php +++ b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php @@ -15,6 +15,9 @@ class StoreRemoteMediaPlugin extends Plugin public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources public $check_whitelist = false; // security/abuse precaution + public $domain_blacklist = array(); + public $check_blacklist = false; + protected $imgData = array(); // these should be declared protected everywhere @@ -74,7 +77,10 @@ class StoreRemoteMediaPlugin extends Plugin return true; } - $this->checkWhitelist($file->getUrl()); + if (!$this->checkWhiteList($file->getUrl()) || + !$this->checkBlackList($file->getUrl())) { + return true; + } // First we download the file to memory and test whether it's actually an image file common_debug(sprintf('Downloading remote file id==%u with URL: %s', $file->getID(), _ve($file->getUrl()))); @@ -124,23 +130,39 @@ class StoreRemoteMediaPlugin extends Plugin } /** - * @return boolean false on no check made, provider name on success - * @throws ServerException if check is made but fails + * @return boolean true if given url passes blacklist check */ - protected function checkWhitelist($url) + protected function checkBlackList($url) { - if (!$this->check_whitelist) { - return false; // indicates "no check made" + if (!$this->check_blacklist) { + return true; + } + $host = parse_url($url, PHP_URL_HOST); + foreach ($this->domain_blacklist as $regex => $provider) { + if (preg_match("/$regex/", $host)) { + return false; + } } + return true; + } + + /*** + * @return boolean true if given url passes whitelist check + */ + protected function checkWhiteList($url) + { + if (!$this->check_whitelist) { + return true; + } $host = parse_url($url, PHP_URL_HOST); foreach ($this->domain_whitelist as $regex => $provider) { if (preg_match("/$regex/", $host)) { - return $provider; // we trust this source, return provider name + return true; } } - throw new ServerException(sprintf(_('Domain not in remote source whitelist: %s'), $host)); + return false; } public function onPluginVersion(array &$versions)