Merge branch 'remote-media-blacklist-mk2' into 'nightly'

add server blacklist to StoreRemoteMedia plugin

allows server admins to block local storage of remote media from particular servers while still allowing a default policy of acceptance

See merge request !114

plugins/StoreRemoteMedia/README

@@ -7,9 +7,19 @@ to the bottom of your config.php
 
 Settings
 ========
+domain_blacklist: Array of regular expressions. Always escape your dots and end your strings.
+check_blacklist: Whether to check the domain_blacklist.
+
 domain_whitelist: Array of regular expressions. Always escape your dots and end your strings.
 check_whitelist: Whether to check the domain_whitelist.
 
+When check_whitelist is set, only images from URLs matching a regex in the
+domain_whitelist array are accepted for local storage. When check_blacklist
+is set, images from URLs matching any regex in the domain_blacklist are
+denied local storage. When both lists are checked, only images from URLs
+that match a regex in the domain_whitelist and that match no regexen in the
+domain_blacklist are accepted for local storage.
+
 Example
 =======
 addPlugin('StoreRemoteMedia', array(
@@ -17,6 +27,6 @@ addPlugin('StoreRemoteMedia', array(
         '^i\d*\.ytimg\.com$' => 'YouTube',
         '^i\d*\.vimeocdn\.com$' => 'Vimeo'
     ),
-    'check_whitelist' => true
+    'check_whitelist' => true,
 ));
 

plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php

@@ -15,6 +15,9 @@ class StoreRemoteMediaPlugin extends Plugin
     public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
     public $check_whitelist  = false;    // security/abuse precaution
 
+    public $domain_blacklist = array();
+    public $check_blacklist = false;
+
     protected $imgData = array();
 
     // these should be declared protected everywhere
@@ -74,7 +77,10 @@ class StoreRemoteMediaPlugin extends Plugin
             return true;
         }
 
-        $this->checkWhitelist($file->getUrl());
+        if (!$this->checkWhiteList($file->getUrl()) ||
+            !$this->checkBlackList($file->getUrl())) {
+		    return true;
+        }
 
         // First we download the file to memory and test whether it's actually an image file
         common_debug(sprintf('Downloading remote file id==%u with URL: %s', $file->getID(), _ve($file->getUrl())));
@@ -124,23 +130,39 @@ class StoreRemoteMediaPlugin extends Plugin
     }
 
     /**
-     * @return boolean          false on no check made, provider name on success
+     * @return boolean          true if given url passes blacklist check
-     * @throws ServerException  if check is made but fails
      */
-    protected function checkWhitelist($url)
+    protected function checkBlackList($url)
     {
-        if (!$this->check_whitelist) {
+        if (!$this->check_blacklist) {
-            return false;   // indicates "no check made"
+            return true;
         }
-
         $host = parse_url($url, PHP_URL_HOST);
-        foreach ($this->domain_whitelist as $regex => $provider) {
+        foreach ($this->domain_blacklist as $regex => $provider) {
             if (preg_match("/$regex/", $host)) {
-                return $provider;    // we trust this source, return provider name
+                return false;
             }
         }
 
-        throw new ServerException(sprintf(_('Domain not in remote source whitelist: %s'), $host));
+        return true;
+    }
+
+    /***
+     * @return boolean          true if given url passes whitelist check
+     */
+    protected function checkWhiteList($url)
+    {
+        if (!$this->check_whitelist) {
+            return true;
+        }
+        $host = parse_url($url, PHP_URL_HOST);
+        foreach ($this->domain_whitelist as $regex => $provider) {
+            if (preg_match("/$regex/", $host)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     public function onPluginVersion(array &$versions)