Fix allowed_email()

- Reworked allowed_domain
- Added more variable checks to allowed_email() and
OEmbed::isAllowedURL()
pull/4185/head
Hypolite Petovan 2018-01-07 19:10:09 -05:00
parent 6496a721ea
commit 4a20bcd6f0
3 changed files with 25 additions and 20 deletions

View File

@ -609,11 +609,15 @@ function blocked_url($url)
function allowed_email($email) function allowed_email($email)
{ {
$domain = strtolower(substr($email, strpos($email, '@') + 1)); $domain = strtolower(substr($email, strpos($email, '@') + 1));
if (! $domain) { if (!$domain) {
return false; return false;
} }
$str_allowed = Config::get('system', 'allowed_email', ''); $str_allowed = Config::get('system', 'allowed_email', '');
if (!x($str_allowed)) {
return true;
}
$allowed = explode(',', $str_allowed); $allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed); return allowed_domain($domain, $allowed);
@ -622,19 +626,15 @@ function allowed_email($email)
/** /**
* Checks for the existence of a domain in a domain list * Checks for the existence of a domain in a domain list
* *
* If strict is not set, an empty domain list counts as found
*
* @brief Checks for the existence of a domain in a domain list * @brief Checks for the existence of a domain in a domain list
* @param string $domain * @param string $domain
* @param array $domain_list * @param array $domain_list
* @param bool $strict
* @return boolean * @return boolean
*/ */
function allowed_domain($domain, array $domain_list, $strict = false) function allowed_domain($domain, array $domain_list)
{ {
$found = false; $found = false;
if (count($domain_list)) {
foreach ($domain_list as $item) { foreach ($domain_list as $item) {
$pat = strtolower(trim($item)); $pat = strtolower(trim($item));
if (fnmatch($pat, $domain) || ($pat == $domain)) { if (fnmatch($pat, $domain) || ($pat == $domain)) {
@ -642,9 +642,7 @@ function allowed_domain($domain, array $domain_list, $strict = false)
break; break;
} }
} }
} elseif(!$strict) {
$found = true;
}
return $found; return $found;
} }

View File

@ -237,15 +237,15 @@ function register_content(App $a)
$license = ''; $license = '';
$o = get_markup_template("register.tpl"); $tpl = get_markup_template("register.tpl");
$arr = array('template' => $o); $arr = array('template' => $tpl);
call_hooks('register_form', $arr); call_hooks('register_form', $arr);
$o = $arr['template']; $tpl = $arr['template'];
$o = replace_macros($o, [ $o = replace_macros($tpl, [
'$oidhtml' => $oidhtml, '$oidhtml' => $oidhtml,
'$invitations' => Config::get('system', 'invitation_only'), '$invitations' => Config::get('system', 'invitation_only'),
'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE, '$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,

View File

@ -299,11 +299,18 @@ class OEmbed
} }
$domain = parse_url($url, PHP_URL_HOST); $domain = parse_url($url, PHP_URL_HOST);
if (!x($domain)) {
return false;
}
$str_allowed = Config::get('system', 'allowed_oembed', ''); $str_allowed = Config::get('system', 'allowed_oembed', '');
if (!x($str_allowed)) {
return false;
}
$allowed = explode(',', $str_allowed); $allowed = explode(',', $str_allowed);
return allowed_domain($domain, $allowed, true); return allowed_domain($domain, $allowed);
} }
public static function getHTML($url, $title = null) public static function getHTML($url, $title = null)