forked from GNUsocial/gnu-social
[Embed][StoreRemoteMedia] Re-add {white,black}list check config
This commit is contained in:
parent
de444a2a5a
commit
177801c81b
@ -77,12 +77,15 @@ class Embed extends Plugin
|
||||
* Settings which can be set in social.local.yaml
|
||||
* WARNING, these are _regexps_ (slashes added later). Always escape your dots and end ('$') your strings
|
||||
*/
|
||||
public bool $check_whitelist = false;
|
||||
public bool $check_blacklist = false;
|
||||
public array $domain_whitelist = [
|
||||
// hostname => service provider
|
||||
'.*' => '', // Default to allowing any host
|
||||
// hostname
|
||||
'.*', // Default to allowing any host
|
||||
];
|
||||
|
||||
public bool $store_image = true; // Whether to maintain a copy of the original media or only a thumbnail of it
|
||||
public array $domain_blacklist = [];
|
||||
// Whether to maintain a copy of the original media or only a thumbnail of it
|
||||
public bool $store_image = true;
|
||||
public ?int $thumbnail_width;
|
||||
public ?int $thumbnail_height;
|
||||
public ?int $max_size;
|
||||
@ -198,28 +201,6 @@ class Embed extends Plugin
|
||||
return Event::next;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return bool true if allowed by the lists, false otherwise
|
||||
*/
|
||||
private function allowedLink(string $url): bool
|
||||
{
|
||||
return true;
|
||||
if ($this->check_whitelist ?? false) {
|
||||
return false; // indicates "no check made"
|
||||
}
|
||||
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
foreach ($this->domain_whitelist as $regex => $provider) {
|
||||
if (preg_match("/{$regex}/", $host)) {
|
||||
return $provider; // we trust this source, return provider name
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* This code executes when GNU social creates the page routing, and we hook
|
||||
* on this event to add our action handler for Embed.
|
||||
@ -231,6 +212,7 @@ class Embed extends Plugin
|
||||
* @return bool
|
||||
*
|
||||
*
|
||||
*
|
||||
*/
|
||||
public function onAddRoute(RouteLoader $m): bool
|
||||
{
|
||||
@ -301,10 +283,11 @@ class Embed extends Plugin
|
||||
* @param Link $link
|
||||
* @param Note $note
|
||||
*
|
||||
*@throws DuplicateFoundException
|
||||
* @throws DuplicateFoundException
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
*
|
||||
*/
|
||||
public function onNewLinkFromNote(Link $link, Note $note): bool
|
||||
{
|
||||
@ -362,6 +345,39 @@ class Embed extends Plugin
|
||||
return Event::stop;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return bool true if allowed by the lists, false otherwise
|
||||
*/
|
||||
private function allowedLink(string $url): bool
|
||||
{
|
||||
$passed_whitelist = !$this->check_whitelist;
|
||||
$passed_blacklist = !$this->check_blacklist;
|
||||
|
||||
if ($this->check_whitelist) {
|
||||
$passed_whitelist = false; // don't trust be default
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
foreach ($this->domain_whitelist as $regex => $provider) {
|
||||
if (preg_match("/{$regex}/", $host)) {
|
||||
$passed_whitelist = true; // we trust this source
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->check_blacklist) {
|
||||
// assume it passed by default
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
foreach ($this->domain_blacklist as $regex => $provider) {
|
||||
if (preg_match("/{$regex}/", $host)) {
|
||||
$passed_blacklist = false; // we blocked this source
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $passed_whitelist && $passed_blacklist;
|
||||
}
|
||||
|
||||
/**
|
||||
* Perform an oEmbed or OpenGraph lookup for the given $url.
|
||||
*
|
||||
@ -481,6 +497,7 @@ class Embed extends Plugin
|
||||
* @throws ServerException
|
||||
*
|
||||
* @return bool true hook value
|
||||
*
|
||||
*/
|
||||
public function onPluginVersion(array &$versions): bool
|
||||
{
|
||||
|
@ -22,6 +22,8 @@ use App\Core\DB\DB;
|
||||
use App\Core\Event;
|
||||
use App\Core\GSFile;
|
||||
use App\Core\HTTPClient;
|
||||
use function App\Core\I18n\_m;
|
||||
use App\Core\Log;
|
||||
use App\Core\Modules\Plugin;
|
||||
use App\Entity\AttachmentThumbnail;
|
||||
use App\Entity\AttachmentToLink;
|
||||
@ -54,7 +56,19 @@ class StoreRemoteMedia extends Plugin
|
||||
return '3.0.0';
|
||||
}
|
||||
|
||||
public bool $store_original = false; // Whether to maintain a copy of the original media or only a thumbnail of it
|
||||
/**
|
||||
* Settings which can be set in social.local.yaml
|
||||
* WARNING, these are _regexps_ (slashes added later). Always escape your dots and end ('$') your strings
|
||||
*/
|
||||
public bool $check_whitelist = false;
|
||||
public bool $check_blacklist = false;
|
||||
public array $domain_whitelist = [
|
||||
// hostname
|
||||
'.*', // Default to allowing any host
|
||||
];
|
||||
public array $domain_blacklist = [];
|
||||
// Whether to maintain a copy of the original media or only a thumbnail of it
|
||||
public bool $store_original = false;
|
||||
public ?int $thumbnail_width;
|
||||
public ?int $thumbnail_height;
|
||||
public ?int $max_size;
|
||||
@ -64,6 +78,7 @@ class StoreRemoteMedia extends Plugin
|
||||
{
|
||||
return $this->store_original;
|
||||
}
|
||||
|
||||
private function getThumbnailWidth(): int
|
||||
{
|
||||
return $this->thumbnail_width ?? Common::config('thumbnail', 'width');
|
||||
@ -88,11 +103,12 @@ class StoreRemoteMedia extends Plugin
|
||||
* @param Link $link
|
||||
* @param Note $note
|
||||
*
|
||||
* @throws DuplicateFoundException
|
||||
* @throws ServerException
|
||||
* @throws TemporaryFileException
|
||||
* @throws DuplicateFoundException
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
*/
|
||||
public function onNewLinkFromNote(Link $link, Note $note): bool
|
||||
{
|
||||
@ -101,6 +117,12 @@ class StoreRemoteMedia extends Plugin
|
||||
return Event::next;
|
||||
}
|
||||
|
||||
// Is this URL trusted?
|
||||
if (!$this->allowedLink($link->getUrl())) {
|
||||
Log::info("Blocked URL ({$link->getUrl()}) in StoreRemoteMedia->onNewLinkFromNote.");
|
||||
return Event::next;
|
||||
}
|
||||
|
||||
// Have we handled it already?
|
||||
$attachment_to_link = DB::find('attachment_to_link',
|
||||
['link_id' => $link->getId()]);
|
||||
@ -165,6 +187,39 @@ class StoreRemoteMedia extends Plugin
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return bool true if allowed by the lists, false otherwise
|
||||
*/
|
||||
private function allowedLink(string $url): bool
|
||||
{
|
||||
$passed_whitelist = !$this->check_whitelist;
|
||||
$passed_blacklist = !$this->check_blacklist;
|
||||
|
||||
if ($this->check_whitelist) {
|
||||
$passed_whitelist = false; // don't trust be default
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
foreach ($this->domain_whitelist as $regex => $provider) {
|
||||
if (preg_match("/{$regex}/", $host)) {
|
||||
$passed_whitelist = true; // we trust this source
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->check_blacklist) {
|
||||
// assume it passed by default
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
foreach ($this->domain_blacklist as $regex => $provider) {
|
||||
if (preg_match("/{$regex}/", $host)) {
|
||||
$passed_blacklist = false; // we blocked this source
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $passed_whitelist && $passed_blacklist;
|
||||
}
|
||||
|
||||
/**
|
||||
* Event raised when GNU social polls the plugin for information about it.
|
||||
* Adds this plugin's version information to $versions array
|
||||
|
Loading…
Reference in New Issue
Block a user