aboutsummaryrefslogblamecommitdiffstats
path: root/include/oembed.php
blob: af5e51a6fd783ee41740232280c96d147a1e762e (plain) (tree)
1
2
3
4
5
                  
                                    
 
                              
 




































                                                                             



                                                      




                                               
                                                                              


                                                          


                         


                       
                                                       




                                               
                                                                                         

                                                                                                                   
















                                                                                                                      


                                 

                                                         


                 



                                                                                   

                                                                               




                                                       
                                                                                      
                                                                  



                                                      


                 
                                                                                     
 


                       
 











                                                                
                                     
 






                                                                             
 

                                                        
                    
 

                                                                
 


                                                                       
         

                           
 
                          



                                     
                                                           
                                                    
                                 
                                                        
                 


                                                                       

                                                   
                                                                                                                                                     


                                                             
                                        



                                                                          
                                                                                  
 


                                                                                                            
                                                                                                          
                                                                  
                                                      
                                         




                                                                                                                        
                                                                                                          


                                                                  
                                 


                         
                                              
                                                                                        


                                                        


                                
 


                                                          

                                                                 
                                                                      
 
         

 
                               









                                                                                                                                   
                                 


                                               
                  

 


                                  

                             
 

                                         
                                                                                                                            
 



                                                       




                                                                                               
                                                                             
                                                                                            
                                                                                            




                                                                                                             
                                                                 
                                           
                                                               
                                                                              




                                                                   
                                
                                            



                                     
                                                                               


                                     
                                               



                                                                                   


                                                                                                                                              



                                                                             
                                      


                         
                                                           
                                                                
                                                                    
                                                                                     
                                 



                                                                             
                                                                               
         
                                               
                                                                                     

 
                                             

                                            
                               


                                               
                                


                                               



                                                             
                                                            
 
                                                                        
 
                                                                                                                            
                                                       




 
                                   
                                                       


                                                                                                                                                              
                                                                                                 
 




















                                                                                                                                                                                                                                                                                           














                                                                                                    

                                                                          

                                                                                            
                                                                                                                      


                                                                                        
                             
          

 

 
<?php /** @file */
function oembed_replacecb($matches){

	$embedurl=$matches[1];

	$action = oembed_action($embedurl);
	if($action === 'block') {
		return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
	}

	$j = oembed_fetch_url($embedurl);
	$s = oembed_format_object($j);
	return $s;  
}


function oembed_action($embedurl) {

	$host = '';

	$action = 'allow';

	// The default action is 'allow'. This is insecure. We might want to 
	// change this to 'filter' except it will be a support burden because
	// then youtube videos won't work out of the box and will need to be
	// explicitly enabled.

	$embedurl = str_replace('&amp;','&', $embedurl);

	logger('oembed_action: ' . $embedurl);

	$p = parse_url($embedurl);

	if($p)
		$host = $p['host'];

	// These media files should now be caught in bbcode.php
	// left here as a fallback in case this is called from another source

	$noexts = array("mp3","mp4","ogg","ogv","oga","ogm","webm","opus");
	$ext = pathinfo(strtolower($embedurl),PATHINFO_EXTENSION);


	// site white/black list

	if(($x = get_config('system','embed_deny'))) {
		if(($x) && (! is_array($x)))
			$x = explode("\n",$x);
		if($x) {
			foreach($x as $ll) {
				$t = trim($ll);
				if(($t) && (strpos($embedurl,$t) !== false)) {
					$action = 'block';
					break;
				}
			}
		}
	}
	
	$found = false;

	if(($x = get_config('system','embed_allow'))) {
		if(($x) && (! is_array($x)))
			$x = explode("\n",$x);
		if($x) {
			foreach($x as $ll) {
				$t = trim($ll);
				$has_slash = ((strpos($t,'/') !== false) ? true : false);

				// don't allow somebody to provide a url like https://foobar.com/something/youtube 
				// to bypass an allow of youtube. Note they could still get through this
				// with something like https://youtube.com.foobar.com/something so this is tagged with
				// @FIXME, otherwise to fully secure a site will require every possible variation
				// of every allowed service base URL. http vs. https, www. vs nothing, 
				// youtube.[com|org|whatever], youtu.be, and this is just for one service. 

				if($t) {
					if(strpos($t,$host) !== false) {
						$found = true;
						$action = 'allow';
						break;
					}
					elseif(($has_slash) && (strpos($embedurl,$t) !== false)) {
						$found = true;
						$action = 'allow';
						break;
					}
				}
			}
		}
		if((! $found) && ($action !== 'block')) {
			$action = 'filter';
		}
	}

	// allow individual members to block something that wasn't blocked already.
	// They cannot over-ride the site to allow or change the filtering on an 
	// embed that is not allowed by the site.

	if(local_channel()) {
		if(($x = get_pconfig(local_channel(),'system','embed_deny'))) {
			if(($x) && (! is_array($x)))
				$x = explode("\n",$x);
			if($x) {
				foreach($x as $ll) {
					$t = trim($ll);
					if(($t) && (strpos($embedurl,$t) !== false)) {
						$action = 'block';
						break;
					}
				}
			}
		}
	}

	logger('action: ' . $action . ' url: ' . $embedurl, LOGGER_DEBUG,LOG_DEBUG); 

	return $action;

}

// if the url is embeddable with oembed, return the bbcode link.

function oembed_process($url) {
	$j = oembed_fetch_url($url);
	logger('oembed_process: ' . print_r($j,true));
	if($j && $j->type !== 'error')
		return '[embed]' . $url . '[/embed]';
	return false;
}



function oembed_fetch_url($embedurl){

	// These media files should now be caught in bbcode.php
	// left here as a fallback in case this is called from another source

	$noexts = array("mp3","mp4","ogg","ogv","oga","ogm","webm","opus");
	$ext = pathinfo(strtolower($embedurl),PATHINFO_EXTENSION);

	$action = oembed_action($embedurl); 

	$embedurl = str_replace('&amp;','&', $embedurl);

	$txt = null;

	if($action !== 'block') {
		$txt = Cache::get(App::$videowidth . $embedurl);

		if(strstr($txt,'youtu') && strstr(z_root(),'https:')) {
			$txt = str_replace('http:','https:',$txt);
		}
	}
		
	if(is_null($txt)) {

		$txt = "";
		$furl = $embedurl;
		$zrl = false;

		if(local_channel()) {
			require_once('include/hubloc.php');
			$zrl = is_matrix_url($furl);
			if($zrl) 
				$furl = zid($furl);	
		}


		if (! in_array($ext, $noexts) && $action !== 'block') {
			// try oembed autodiscovery
			$redirects = 0;
			$result = z_fetch_url($furl, false, $redirects, array('timeout' => 15, 'accept_content' => "text/*", 'novalidate' => true ));
			if($result['success'])
				$html_text = $result['body'];

			if($html_text) {
				$dom = @DOMDocument::loadHTML($html_text);
				if ($dom){
					$xpath = new DOMXPath($dom);
					$attr = "oembed";
					$xattr = oe_build_xpath("class","oembed");

					$entries = $xpath->query("//link[@type='application/json+oembed']");
					foreach($entries as $e){
						$href = $e->getAttributeNode("href")->nodeValue;
						$x = z_fetch_url($href . '&maxwidth=' . App::$videowidth);
						$txt = $x['body'];
						break;
					}
					// soundcloud is now using text/json+oembed instead of application/json+oembed, 
					// others may be also
					$entries = $xpath->query("//link[@type='text/json+oembed']");
					foreach($entries as $e){
						$href = $e->getAttributeNode("href")->nodeValue;
						$x = z_fetch_url($href . '&maxwidth=' . App::$videowidth);
						$txt = $x['body'];
						break;
					}
				}
			}
		}
		
		if ($txt==false || $txt=="") {
			$x = array('url' => $embedurl,'videowidth' => App::$videowidth);
			call_hooks('oembed_probe',$x);
			if(array_key_exists('embed',$x))
				$txt = $x['embed'];
		}
		
		$txt=trim($txt);

		if ($txt[0]!="{") $txt='{"type":"error"}';
	
		//save in cache

		if(! get_config('system','oembed_cache_disable'))
			Cache::set(App::$videowidth . $embedurl,$txt);

	}


	$j = json_decode($txt);

	if($j->html && $action === 'filter') {
		$orig = $j->html;
		$allow_position = (($zrl) ? true : false);
		$j->html = purify_html($j->html,$allow_position);
		if($j->html != $orig) {
			logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j->html, LOGGER_DEBUG, LOG_INFO); 
		}
	}

	$j->embedurl = $embedurl;

// logger('fetch return: ' . print_r($j,true));

	return $j;


}
	
function oembed_format_object($j){
	$a = get_app();
    $embedurl = $j->embedurl;

// logger('format: ' . print_r($j,true));

	$jhtml = oembed_iframe($j->embedurl,(isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null));

	$ret="<span class='oembed ".$j->type."'>";
	switch ($j->type) {
		case "video": {
			if (isset($j->thumbnail_url)) {
				$tw = (isset($j->thumbnail_width)) ? $j->thumbnail_width:200;
				$th = (isset($j->thumbnail_height)) ? $j->thumbnail_height:180;
				$tr = $tw/$th;
				
				$th=120; $tw = $th*$tr;
				$tpl=get_markup_template('oembed_video.tpl');
				if(strstr($embedurl,'youtu') && strstr(z_root(),'https:')) {
					$embedurl = str_replace('http:','https:',$embedurl);
					$j->thumbnail_url = str_replace('http:','https:', $j->thumbnail_url);
					$jhtml = str_replace('http:','https:', $jhtml);
					$j->html = str_replace('http:','https:', $j->html);
				
				}
				$ret.=replace_macros($tpl, array(
                    '$baseurl' => z_root(),
					'$embedurl'=>$embedurl,
					'$escapedhtml'=>base64_encode($jhtml),
					'$tw'=>$tw,
					'$th'=>$th,
					'$turl'=>$j->thumbnail_url,
				));
				
			} else {
				$ret=$jhtml;
			}
			$ret.="<br>";
		}; break;
		case "photo": {
			$ret.= "<img width='".$j->width."' src='".$j->url."'>";
			$ret.="<br>";
		}; break;  
		case "link": {
			if($j->thumbnail_url) {
				if(is_matrix_url($embedurl)) {
					$embedurl = zid($embedurl);
					$j->thumbnail_url = zid($j->thumbnail_url);
				}
				$ret = '<a href="' . $embedurl . '" ><img src="' . $j->thumbnail_url . '" alt="thumbnail" /></a><br /><br />';
			}

			//$ret = "<a href='".$embedurl."'>".$j->title."</a>";
		}; break;  
		case "rich": {
			// not so safe.. 
			$ret.= $jhtml;
		}; break;
	}

	// add link to source if not present in "rich" type
	if (  $j->type!='rich' || !strpos($j->html,$embedurl) ){
		$embedlink = (isset($j->title))?$j->title:$embedurl;
		$ret .= '<br />' . "<a href='$embedurl' rel='oembed'>$embedlink</a>";
		$ret .= "<br />";
		if (isset($j->author_name)) $ret.=" by ".$j->author_name;
		if (isset($j->provider_name)) $ret.=" on ".$j->provider_name;
	} else {
		// add <a> for html2bbcode conversion
		$ret .= "<br /><a href='$embedurl' rel='oembed'>$embedurl</a>";
	}
	$ret.="<br style='clear:left'></span>";
	return  mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
}

function oembed_iframe($src,$width,$height) {
	$scroll = ' scrolling="no" ';
	if(! $width || strstr($width,'%')) {
		$width = '640';
		$scroll = ' scrolling="auto" ';
	}
	if(! $height || strstr($height,'%')) {
		$height = '300';
		$scroll = ' scrolling="auto" ';
	}

	// try and leave some room for the description line. 
	$height = intval($height) + 80;
	$width  = intval($width) + 40;

	$s = z_root() . '/oembed/' . base64url_encode($src);

	// Make sure any children are sandboxed within their own iframe.

	return '<iframe ' . $scroll . 'height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' 
		. t('Embedded content') . '</iframe>'; 

}



function oembed_bbcode2html($text){
	$stopoembed = get_config("system","no_oembed");
	if ($stopoembed == true){
		return preg_replace("/\[embed\](.+?)\[\/embed\]/is", "<!-- oembed $1 --><i>". t('Embedding disabled') ." : $1</i><!-- /oembed $1 -->" ,$text);
	}
	return preg_replace_callback("/\[embed\](.+?)\[\/embed\]/is", 'oembed_replacecb' ,$text);
}


function oe_build_xpath($attr, $value){
	// http://westhoffswelt.de/blog/0036_xpath_to_select_html_by_class.html
	return "contains( normalize-space( @$attr ), ' $value ' ) or substring( normalize-space( @$attr ), 1, string-length( '$value' ) + 1 ) = '$value ' or substring( normalize-space( @$attr ), string-length( @$attr ) - string-length( '$value' ) ) = ' $value' or @$attr = '$value'";
}

function oe_get_inner_html( $node ) {
    $innerHTML= '';
    $children = $node->childNodes;
    foreach ($children as $child) {
        $innerHTML .= $child->ownerDocument->saveXML( $child );
    }
    return $innerHTML;
} 

/**
 * Find <span class='oembed'>..<a href='url' rel='oembed'>..</a></span>
 * and replace it with [embed]url[/embed]
 */
function oembed_html2bbcode($text) {
	// start parser only if 'oembed' is in text
	if (strpos($text, "oembed")){
		
		// convert non ascii chars to html entities
		$html_text = mb_convert_encoding($text, 'HTML-ENTITIES', mb_detect_encoding($text));
		
		// If it doesn't parse at all, just return the text.
		$dom = @DOMDocument::loadHTML($html_text);
		if(! $dom)
			return $text;
		$xpath = new DOMXPath($dom);
		$attr = "oembed";
		
		$xattr = oe_build_xpath("class","oembed");
		$entries = $xpath->query("//span[$xattr]");

		$xattr = "@rel='oembed'";//oe_build_xpath("rel","oembed");
		foreach($entries as $e) {
			$href = $xpath->evaluate("a[$xattr]/@href", $e)->item(0)->nodeValue;
			if(!is_null($href)) $e->parentNode->replaceChild(new DOMText("[embed]".$href."[/embed]"), $e);
		}
		return oe_get_inner_html( $dom->getElementsByTagName("body")->item(0) );
	} else {
		return $text;
	} 
}