oembed: implement a max oembed size which defaults to 1MB and do not try to oembed text previews

author: Mario <mario@mariovavti.com> 2022-06-03 08:51:54 +0000
committer: Mario <mario@mariovavti.com> 2022-06-03 08:51:54 +0000
commit: 5e112b395ddb80b72891361b259b4d3fafa7efc2 (patch)
tree: 89a3b19ce22cea78d09b76b88ab20a1972ea63bd /include/oembed.php
parent: d1a8e7813a5cd695f13339ab0c9cc19daf3f1d94 (diff)
download: volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.gz
volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.bz2
volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/include/oembed.php b/include/oembed.php
index 36938c577..bcf5d525c 100644
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -164,6 +164,25 @@ function oembed_fetch_url($embedurl){
 		$txt = EMPTY_STR;
 
 		if ($action !== 'block') {
+			$max_oembed_size = get_config('system', 'oembed_max_size', 1 * 1024 * 1024 /* 1MB */);
+
+			stream_context_set_default(
+				[
+					'http' => [
+						'method' => 'HEAD',
+						'timeout' => 5
+					]
+				]
+			);
+
+			$headers = get_headers($furl, true);
+
+			if (isset($headers['Content-Length']) && $headers['Content-Length'] > $max_oembed_size) {
+				$action = 'block';
+			}
+		}
+
+		if ($action !== 'block') {
 			// try oembed autodiscovery
 			$redirects = 0;
 			$result = z_fetch_url($furl, false, $redirects,
author	Mario <mario@mariovavti.com>	2022-06-03 08:51:54 +0000
committer	Mario <mario@mariovavti.com>	2022-06-03 08:51:54 +0000
commit	5e112b395ddb80b72891361b259b4d3fafa7efc2 (patch)
tree	89a3b19ce22cea78d09b76b88ab20a1972ea63bd /include/oembed.php
parent	d1a8e7813a5cd695f13339ab0c9cc19daf3f1d94 (diff)
download	volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.gz volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.bz2 volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.zip