Fix allowed_email()
- Reworked allowed_domain - Added more variable checks to allowed_email() and OEmbed::isAllowedURL()pull/4185/head
parent
6496a721ea
commit
4a20bcd6f0
|
@ -609,11 +609,15 @@ function blocked_url($url)
|
||||||
function allowed_email($email)
|
function allowed_email($email)
|
||||||
{
|
{
|
||||||
$domain = strtolower(substr($email, strpos($email, '@') + 1));
|
$domain = strtolower(substr($email, strpos($email, '@') + 1));
|
||||||
if (! $domain) {
|
if (!$domain) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$str_allowed = Config::get('system', 'allowed_email', '');
|
$str_allowed = Config::get('system', 'allowed_email', '');
|
||||||
|
if (!x($str_allowed)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
$allowed = explode(',', $str_allowed);
|
$allowed = explode(',', $str_allowed);
|
||||||
|
|
||||||
return allowed_domain($domain, $allowed);
|
return allowed_domain($domain, $allowed);
|
||||||
|
@ -622,29 +626,23 @@ function allowed_email($email)
|
||||||
/**
|
/**
|
||||||
* Checks for the existence of a domain in a domain list
|
* Checks for the existence of a domain in a domain list
|
||||||
*
|
*
|
||||||
* If strict is not set, an empty domain list counts as found
|
|
||||||
*
|
|
||||||
* @brief Checks for the existence of a domain in a domain list
|
* @brief Checks for the existence of a domain in a domain list
|
||||||
* @param string $domain
|
* @param string $domain
|
||||||
* @param array $domain_list
|
* @param array $domain_list
|
||||||
* @param bool $strict
|
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
function allowed_domain($domain, array $domain_list, $strict = false)
|
function allowed_domain($domain, array $domain_list)
|
||||||
{
|
{
|
||||||
$found = false;
|
$found = false;
|
||||||
|
|
||||||
if (count($domain_list)) {
|
foreach ($domain_list as $item) {
|
||||||
foreach ($domain_list as $item) {
|
$pat = strtolower(trim($item));
|
||||||
$pat = strtolower(trim($item));
|
if (fnmatch($pat, $domain) || ($pat == $domain)) {
|
||||||
if (fnmatch($pat, $domain) || ($pat == $domain)) {
|
$found = true;
|
||||||
$found = true;
|
break;
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} elseif(!$strict) {
|
|
||||||
$found = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $found;
|
return $found;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -237,15 +237,15 @@ function register_content(App $a)
|
||||||
|
|
||||||
$license = '';
|
$license = '';
|
||||||
|
|
||||||
$o = get_markup_template("register.tpl");
|
$tpl = get_markup_template("register.tpl");
|
||||||
|
|
||||||
$arr = array('template' => $o);
|
$arr = array('template' => $tpl);
|
||||||
|
|
||||||
call_hooks('register_form', $arr);
|
call_hooks('register_form', $arr);
|
||||||
|
|
||||||
$o = $arr['template'];
|
$tpl = $arr['template'];
|
||||||
|
|
||||||
$o = replace_macros($o, [
|
$o = replace_macros($tpl, [
|
||||||
'$oidhtml' => $oidhtml,
|
'$oidhtml' => $oidhtml,
|
||||||
'$invitations' => Config::get('system', 'invitation_only'),
|
'$invitations' => Config::get('system', 'invitation_only'),
|
||||||
'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,
|
'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,
|
||||||
|
|
|
@ -299,11 +299,18 @@ class OEmbed
|
||||||
}
|
}
|
||||||
|
|
||||||
$domain = parse_url($url, PHP_URL_HOST);
|
$domain = parse_url($url, PHP_URL_HOST);
|
||||||
|
if (!x($domain)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
$str_allowed = Config::get('system', 'allowed_oembed', '');
|
||||||
|
if (!x($str_allowed)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$allowed = explode(',', $str_allowed);
|
$allowed = explode(',', $str_allowed);
|
||||||
|
|
||||||
return allowed_domain($domain, $allowed, true);
|
return allowed_domain($domain, $allowed);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function getHTML($url, $title = null)
|
public static function getHTML($url, $title = null)
|
||||||
|
|
Loading…
Reference in New Issue