. /** * OembedPlugin implementation for GNU social * * @package GNUsocial * @author Mikael Nordfeldth * @author hannes * @author Diogo Cordeiro * @copyright 2019 Free Software Foundation, Inc http://www.fsf.org * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ defined('GNUSOCIAL') || die(); /** * Utility class to wrap basic embed lookups. * * Blacklisted hosts will use an alternate lookup method: * - Twitpic * * Whitelisted hosts will use known embed API endpoints: * - Flickr, YFrog * * Sites that provide discovery links will use them directly; a bug * in use of discovery links with query strings is worked around. * * Others will fall back to oohembed (unless disabled). * The API endpoint can be configured or disabled through config * as 'oohembed'/'endpoint'. * * @copyright 2019 Free Software Foundation, Inc http://www.fsf.org * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ class EmbedHelper { protected static $apiMap = array( 'flickr.com' => 'https://www.flickr.com/services/oembed/', 'youtube.com' => 'https://www.youtube.com/oembed', 'viddler.com' => 'http://lab.viddler.com/services/oembed/', 'revision3.com' => 'https://revision3.com/api/oembed/', 'vimeo.com' => 'https://vimeo.com/api/oembed.json', ); /** * Perform or fake an oEmbed lookup for the given resource. * * Some known hosts are whitelisted with API endpoints where we * know they exist but autodiscovery data isn't available. * If autodiscovery links are missing and we don't recognize the * host, we'll pass it to noembed.com's public service which * will either proxy or fake info on a lot of sites. * * A few hosts are blacklisted due to known problems with oohembed, * in which case we'll look up the info another way and return * equivalent data. * * Throws exceptions on failure. * * @param string $url * @param array $params * @return object */ public static function getObject($url, $params=array()) { common_log(LOG_INFO, 'Checking for remote URL metadata for ' . $url); // TODO: Make this class something like UrlMetadata, or use a dataobject? $metadata = new stdClass(); if (Event::handle('GetRemoteUrlMetadata', array($url, &$metadata))) { // If that event didn't return anything, try downloading the body and parse it // don't use quickGet since we want to check Content-Type header for utf-8 $client = new HTTPClient(); $response = $client->get($url); if (!$response->isOk()) { // TRANS: Exception. %s is the URL we tried to GET. throw new Exception(sprintf(_m('Could not GET URL %s.'), $url), $response->getStatus()); } $body = $response->getBody(); // DOMDocument::loadHTML may throw warnings on unrecognized elements, // and notices on unrecognized namespaces. $old = error_reporting(error_reporting() & ~(E_WARNING | E_NOTICE)); // DOMDocument assumes ISO-8859-1 per HTML spec // use UTF-8 if we find any evidence of that encoding $utf8_evidence = false; $unicode_check_dom = new DOMDocument(); $ok = $unicode_check_dom->loadHTML($body); if (!$ok) { throw new EmbedHelper_BadHtmlException(); } $metaNodes = $unicode_check_dom->getElementsByTagName('meta'); foreach ($metaNodes as $metaNode) { // case in-sensitive since Content-type and utf-8 can be written in many ways if (stristr($metaNode->getAttribute('http-equiv'), 'content-type') && stristr($metaNode->getAttribute('content'), 'utf-8')) { $utf8_evidence = true; break; } elseif (stristr($metaNode->getAttribute('charset'), 'utf-8')) { $utf8_evidence = true; break; } } unset($unicode_check_dom); // The Content-Type HTTP response header overrides encoding metatags in DOM if (stristr($response->getHeader('Content-Type'), 'utf-8')) { $utf8_evidence = true; } // add utf-8 encoding prolog if we have reason to believe this is utf-8 content // DOMDocument('1.0', 'UTF-8') does not work! $utf8_tag = $utf8_evidence ? '' : ''; $dom = new DOMDocument(); $ok = $dom->loadHTML($utf8_tag.$body); unset($body); // storing the DOM in memory is enough... error_reporting($old); if (!$ok) { throw new EmbedHelper_BadHtmlException(); } Event::handle('GetRemoteUrlMetadataFromDom', array($url, $dom, &$metadata)); } return self::normalize($metadata); } /** * Partially ripped from OStatus' FeedDiscovery class. * * @param string $url source URL, used to resolve relative links * @param string $body HTML body text * @return mixed string with URL or false if no target found */ public static function oEmbedEndpointFromHTML(DOMDocument $dom) { // Ok... now on to the links! $feeds = array( 'application/json+oembed' => false, ); $nodes = $dom->getElementsByTagName('link'); for ($i = 0; $i < $nodes->length; $i++) { $node = $nodes->item($i); if ($node->hasAttributes()) { $rel = $node->attributes->getNamedItem('rel'); $type = $node->attributes->getNamedItem('type'); $href = $node->attributes->getNamedItem('href'); if ($rel && $type && $href) { $rel = array_filter(explode(" ", $rel->value)); $type = trim($type->value); $href = trim($href->value); if (in_array('alternate', $rel) && array_key_exists($type, $feeds) && empty($feeds[$type])) { // Save the first feed found of each type... $feeds[$type] = $href; } } } } // Return the highest-priority feed found foreach ($feeds as $type => $url) { if ($url) { return $url; } } throw new EmbedHelper_DiscoveryException(); } /** * Actually do an oEmbed lookup to a particular API endpoint. * * @param string $api oEmbed API endpoint URL * @param string $url target URL to look up info about * @param array $params * @return object */ public static function getOembedFrom($api, $url, $params=array()) { if (empty($api)) { // TRANS: Server exception thrown in oEmbed action if no API endpoint is available. throw new ServerException(_('No oEmbed API endpoint available.')); } $params['url'] = $url; $params['format'] = 'json'; $key=common_config('oembed', 'apikey'); if (isset($key)) { $params['key'] = common_config('oembed', 'apikey'); } $oembed_data = HTTPClient::quickGetJson($api, $params); if (isset($oembed_data->html)) { $oembed_data->html = common_purify($oembed_data->html); } return $oembed_data; } /** * Normalize oEmbed format. * * @param object $orig * @return object */ public static function normalize(stdClass $data) { if (empty($data->type)) { throw new Exception('Invalid oEmbed data: no type field.'); } if ($data->type == 'image') { // YFrog does this. $data->type = 'photo'; } if (isset($data->thumbnail_url)) { if (!isset($data->thumbnail_width)) { // !?!?! $data->thumbnail_width = common_config('thumbnail', 'width'); $data->thumbnail_height = common_config('thumbnail', 'height'); } } return $data; } } class EmbedHelper_Exception extends Exception { public function __construct($message = "", $code = 0, $previous = null) { parent::__construct($message, $code); } } class EmbedHelper_BadHtmlException extends EmbedHelper_Exception { public function __construct($previous=null) { return parent::__construct('Bad HTML in discovery data.', 0, $previous); } } class EmbedHelper_DiscoveryException extends EmbedHelper_Exception { public function __construct($previous=null) { return parent::__construct('No oEmbed discovery data.', 0, $previous); } }