diff options
author | friendica <info@friendica.com> | 2014-02-20 21:15:35 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-02-20 21:15:35 -0800 |
commit | 44d7047fce57085fe63ad5e1088911e9fc07a32e (patch) | |
tree | 078e9d4b634d583de8359ddae94c69d86ec19d17 /include/bbcode.php | |
parent | 9db40322abaccd036a71252633f755ad46064798 (diff) | |
download | volse-hubzilla-44d7047fce57085fe63ad5e1088911e9fc07a32e.tar.gz volse-hubzilla-44d7047fce57085fe63ad5e1088911e9fc07a32e.tar.bz2 volse-hubzilla-44d7047fce57085fe63ad5e1088911e9fc07a32e.zip |
SECURITY: do not automatically open an iframe which points into the local website.
Diffstat (limited to 'include/bbcode.php')
-rw-r--r-- | include/bbcode.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 1969f8444..8bbf7ae01 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -227,6 +227,13 @@ function bb_location($match) { // not yet implemented } +function bbiframe($match) { + $a = get_app(); + if(strpos($match[1],get_app()->get_hostname())) + return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; + return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; +} + function bb_ShareAttributesSimple($match) { $attributes = $match[1]; @@ -677,7 +684,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { if ($tryoembed){ if (strpos($Text,'[/iframe]') !== false) { - $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<iframe src="$1" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="$1">$1</a></iframe>', $Text); + $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bbiframe', $Text); } } else { |