aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Lib/Enotify.php2
-rw-r--r--Zotlabs/Widget/Messages.php2
-rw-r--r--Zotlabs/Widget/Notes.php2
-rw-r--r--include/oembed.php19
4 files changed, 22 insertions, 3 deletions
diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php
index 59e4d9a4e..07c426960 100644
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -860,7 +860,7 @@ class Enotify {
// convert this logic into a json array just like the system notifications
$who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author');
- $body = html2plain(bbcode($item['body'], ['drop_media']), 75, true);
+ $body = html2plain(bbcode($item['body'], ['drop_media' => true, 'tryoembed' => false]), 75, true);
if ($body) {
$body = htmlentities($body, ENT_QUOTES, 'UTF-8', false);
}
diff --git a/Zotlabs/Widget/Messages.php b/Zotlabs/Widget/Messages.php
index d045ae85b..3d9ed8955 100644
--- a/Zotlabs/Widget/Messages.php
+++ b/Zotlabs/Widget/Messages.php
@@ -113,7 +113,7 @@ class Messages {
}
if (!$summary) {
- $summary = html2plain(bbcode($item['body'], ['drop_media' => true]), 75, true);
+ $summary = html2plain(bbcode($item['body'], ['drop_media' => true, 'tryoembed' => false]), 75, true);
if ($summary) {
$summary = htmlentities($summary, ENT_QUOTES, 'UTF-8', false);
}
diff --git a/Zotlabs/Widget/Notes.php b/Zotlabs/Widget/Notes.php
index c9d08c6b7..836159edd 100644
--- a/Zotlabs/Widget/Notes.php
+++ b/Zotlabs/Widget/Notes.php
@@ -31,7 +31,7 @@ class Notes {
$o = replace_macros($tpl, array(
'$text' => $text,
- '$html' => bbcode($text),
+ '$html' => bbcode($text, ['tryoembed' => false]),
'$app' => ((isset($arr['app'])) ? true : false),
'$hidden' => ((isset($arr['hidden'])) ? true : false),
'$strings' => [
diff --git a/include/oembed.php b/include/oembed.php
index 36938c577..bcf5d525c 100644
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -164,6 +164,25 @@ function oembed_fetch_url($embedurl){
$txt = EMPTY_STR;
if ($action !== 'block') {
+ $max_oembed_size = get_config('system', 'oembed_max_size', 1 * 1024 * 1024 /* 1MB */);
+
+ stream_context_set_default(
+ [
+ 'http' => [
+ 'method' => 'HEAD',
+ 'timeout' => 5
+ ]
+ ]
+ );
+
+ $headers = get_headers($furl, true);
+
+ if (isset($headers['Content-Length']) && $headers['Content-Length'] > $max_oembed_size) {
+ $action = 'block';
+ }
+ }
+
+ if ($action !== 'block') {
// try oembed autodiscovery
$redirects = 0;
$result = z_fetch_url($furl, false, $redirects,