aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-06-03 08:51:54 +0000
committerMario <mario@mariovavti.com>2022-06-03 08:51:54 +0000
commit5e112b395ddb80b72891361b259b4d3fafa7efc2 (patch)
tree89a3b19ce22cea78d09b76b88ab20a1972ea63bd /include
parentd1a8e7813a5cd695f13339ab0c9cc19daf3f1d94 (diff)
downloadvolse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.gz
volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.tar.bz2
volse-hubzilla-5e112b395ddb80b72891361b259b4d3fafa7efc2.zip
oembed: implement a max oembed size which defaults to 1MB and do not try to oembed text previews
Diffstat (limited to 'include')
-rw-r--r--include/oembed.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/include/oembed.php b/include/oembed.php
index 36938c577..bcf5d525c 100644
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -164,6 +164,25 @@ function oembed_fetch_url($embedurl){
$txt = EMPTY_STR;
if ($action !== 'block') {
+ $max_oembed_size = get_config('system', 'oembed_max_size', 1 * 1024 * 1024 /* 1MB */);
+
+ stream_context_set_default(
+ [
+ 'http' => [
+ 'method' => 'HEAD',
+ 'timeout' => 5
+ ]
+ ]
+ );
+
+ $headers = get_headers($furl, true);
+
+ if (isset($headers['Content-Length']) && $headers['Content-Length'] > $max_oembed_size) {
+ $action = 'block';
+ }
+ }
+
+ if ($action !== 'block') {
// try oembed autodiscovery
$redirects = 0;
$result = z_fetch_url($furl, false, $redirects,