aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-12-19 15:38:42 -0800
committerzotlabs <mike@macgirvin.com>2016-12-19 15:38:42 -0800
commit1798ebd39524354a6955e871ce231c908f5bd0cc (patch)
tree4c88dacb3898693922cea00ece5f5b34c8977156
parentb1f4ea62061e57c02fc46d2cc185da49d9dbeb1c (diff)
downloadvolse-hubzilla-1798ebd39524354a6955e871ce231c908f5bd0cc.tar.gz
volse-hubzilla-1798ebd39524354a6955e871ce231c908f5bd0cc.tar.bz2
volse-hubzilla-1798ebd39524354a6955e871ce231c908f5bd0cc.zip
improve oembed cache security
-rwxr-xr-xinclude/oembed.php15
1 files changed, 5 insertions, 10 deletions
diff --git a/include/oembed.php b/include/oembed.php
index eb7b76437..36395cfbc 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -104,7 +104,7 @@ function oembed_action($embedurl) {
function oembed_process($url) {
$j = oembed_fetch_url($url);
- logger('oembed_process: ' . print_r($j,true));
+ logger('oembed_process: ' . print_r($j,true), LOGGER_DATA, LOG_DEBUG);
if($j && $j['type'] !== 'error')
return '[embed]' . $url . '[/embed]';
return false;
@@ -135,19 +135,15 @@ function oembed_fetch_url($embedurl){
// we should try to cache this and avoid a lookup on each render
$zrl = is_matrix_url($embedurl);
+ $furl = ((local_channel() && $zrl) ? zid($embedurl) : $embedurl);
+
if($action !== 'block') {
- $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $embedurl);
+ $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $furl);
}
if(is_null($txt)) {
$txt = "";
- $furl = $embedurl;
-
- logger('local_channel: ' . local_channel());
-
- if(local_channel() && $zrl)
- $furl = zid($furl);
if ($action !== 'block') {
// try oembed autodiscovery
@@ -206,11 +202,10 @@ function oembed_fetch_url($embedurl){
//save in cache
if(! get_config('system','oembed_cache_disable'))
- Zlib\Cache::set('[' . App::$videowidth . '] ' . $embedurl,$txt);
+ Zlib\Cache::set('[' . App::$videowidth . '] ' . $furl, $txt);
}
-
$j = json_decode($txt,true);
if(! $j)