From: Hypolite Petovan Date: Wed, 26 Apr 2017 02:45:56 +0000 (-0400) Subject: Added check_domain_blocklist X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=c7e1a8e871363d4e60178e30e819c3169ed406c5;p=friendica.git Added check_domain_blocklist --- diff --git a/include/follow.php b/include/follow.php index 3045191077..11138afac8 100644 --- a/include/follow.php +++ b/include/follow.php @@ -82,6 +82,11 @@ function new_contact($uid,$url,$interactive = false) { return $result; } + if (! check_domain_blocklist($url)) { + $result['message'] = t('Blocked domain'); + return $result; + } + if (! $url) { $result['message'] = t('Connect URL missing.'); return $result; diff --git a/include/network.php b/include/network.php index f9d35c52c3..a362f0307c 100644 --- a/include/network.php +++ b/include/network.php @@ -454,13 +454,14 @@ function allowed_url($url) { $h = @parse_url($url); - if(! $h) { + if (! $h) { return false; } - $str_allowed = get_config('system','allowed_sites'); - if(! $str_allowed) + $str_allowed = get_config('system', 'allowed_sites'); + if (! $str_allowed) { return true; + } $found = false; @@ -468,16 +469,17 @@ function allowed_url($url) { // always allow our own site - if($host == strtolower($_SERVER['SERVER_NAME'])) + if ($host == strtolower($_SERVER['SERVER_NAME'])) { return true; + } $fnmatch = function_exists('fnmatch'); - $allowed = explode(',',$str_allowed); + $allowed = explode(',', $str_allowed); - if(count($allowed)) { - foreach($allowed as $a) { + if (count($allowed)) { + foreach ($allowed as $a) { $pat = strtolower(trim($a)); - if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) { + if (($fnmatch && fnmatch($pat, $host)) || ($pat == $host)) { $found = true; break; } @@ -486,6 +488,37 @@ function allowed_url($url) { return $found; } +/** + * Checks if the provided url domain isn't on the domain blacklist. + * Return true if the check passed (not on the blacklist), false if not + * or malformed URL + * + * @param string $url The url to check the domain from + * @return boolean + */ +function check_domain_blocklist($url) { + $h = @parse_url($url); + + if (! $h) { + return false; + } + + $domain_blocklist = get_config('system', 'blocklist', array()); + if (! $domain_blocklist) { + return true; + } + + $host = strtolower($h['host']); + + foreach ($domain_blocklist as $domain_block) { + if (strtolower($domain_block['domain']) == $host) { + return false; + } + } + + return true; +} + /** * @brief Check if email address is allowed to register here. * diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index f3875ed8e4..68f9448a55 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -514,6 +514,11 @@ function dfrn_request_post(App $a) { return; // NOTREACHED } + if (! check_domain_blocklist($url)) { + notice( t('Blocked domain') . EOL); + goaway(App::get_baseurl() . '/' . $a->cmd); + return; // NOTREACHED + } require_once('include/Scrape.php');