From: Hypolite Petovan Date: Mon, 8 Jan 2018 00:10:09 +0000 (-0500) Subject: Fix allowed_email() X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=4a20bcd6f05c65c6d167415ec75b97c7b2205bd2;p=friendica.git Fix allowed_email() - Reworked allowed_domain - Added more variable checks to allowed_email() and OEmbed::isAllowedURL() --- diff --git a/include/network.php b/include/network.php index 561c7aa948..413048d5b8 100644 --- a/include/network.php +++ b/include/network.php @@ -609,11 +609,15 @@ function blocked_url($url) function allowed_email($email) { $domain = strtolower(substr($email, strpos($email, '@') + 1)); - if (! $domain) { + if (!$domain) { return false; } $str_allowed = Config::get('system', 'allowed_email', ''); + if (!x($str_allowed)) { + return true; + } + $allowed = explode(',', $str_allowed); return allowed_domain($domain, $allowed); @@ -622,29 +626,23 @@ function allowed_email($email) /** * Checks for the existence of a domain in a domain list * - * If strict is not set, an empty domain list counts as found - * * @brief Checks for the existence of a domain in a domain list * @param string $domain - * @param array $domain_list - * @param bool $strict + * @param array $domain_list * @return boolean */ -function allowed_domain($domain, array $domain_list, $strict = false) +function allowed_domain($domain, array $domain_list) { $found = false; - if (count($domain_list)) { - foreach ($domain_list as $item) { - $pat = strtolower(trim($item)); - if (fnmatch($pat, $domain) || ($pat == $domain)) { - $found = true; - break; - } + foreach ($domain_list as $item) { + $pat = strtolower(trim($item)); + if (fnmatch($pat, $domain) || ($pat == $domain)) { + $found = true; + break; } - } elseif(!$strict) { - $found = true; } + return $found; } diff --git a/mod/register.php b/mod/register.php index c8b333018f..4edf3ee6a6 100644 --- a/mod/register.php +++ b/mod/register.php @@ -237,15 +237,15 @@ function register_content(App $a) $license = ''; - $o = get_markup_template("register.tpl"); + $tpl = get_markup_template("register.tpl"); - $arr = array('template' => $o); + $arr = array('template' => $tpl); call_hooks('register_form', $arr); - $o = $arr['template']; + $tpl = $arr['template']; - $o = replace_macros($o, [ + $o = replace_macros($tpl, [ '$oidhtml' => $oidhtml, '$invitations' => Config::get('system', 'invitation_only'), '$permonly' => $a->config['register_policy'] == REGISTER_APPROVE, diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php index 50b8bb4e35..07c36685c3 100644 --- a/src/Content/OEmbed.php +++ b/src/Content/OEmbed.php @@ -299,11 +299,18 @@ class OEmbed } $domain = parse_url($url, PHP_URL_HOST); + if (!x($domain)) { + return false; + } $str_allowed = Config::get('system', 'allowed_oembed', ''); + if (!x($str_allowed)) { + return false; + } + $allowed = explode(',', $str_allowed); - return allowed_domain($domain, $allowed, true); + return allowed_domain($domain, $allowed); } public static function getHTML($url, $title = null)