diff options
Diffstat (limited to 'include/oembed.php')
| -rwxr-xr-x | include/oembed.php | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/include/oembed.php b/include/oembed.php index c2bf0a0ed..41ab001d3 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -32,6 +32,7 @@ function oembed_action($embedurl) { $action = 'block'; } } + if(strpos($embedurl,'.well-known') !== false) $action = 'block'; @@ -104,6 +105,7 @@ function oembed_action($embedurl) { // if the url is embeddable with oembed, return the bbcode link. function oembed_process($url) { + $j = oembed_fetch_url($url); logger('oembed_process: ' . print_r($j,true), LOGGER_DATA, LOG_DEBUG); if($j && $j['type'] !== 'error') @@ -131,6 +133,7 @@ function oembed_fetch_url($embedurl){ } } + $txt = null; // we should try to cache this and avoid a lookup on each render @@ -216,10 +219,19 @@ function oembed_fetch_url($embedurl){ } - $j = json_decode($txt,true); + if(strpos(strtolower($embedurl),'.pdf') !== false) { + $action = 'allow'; + $j = [ 'html' => '<object data="' . $embedurl . '" type="application/pdf" width="500" height="720">' . '<a href="' . $embedurl . '">' . t('View PDF') . '</a></object>', 'width' => 500, 'height' => 720, 'type' => 'pdf' ]; + + } + + if(! $j) { + $j = json_decode($txt,true); + } - if(! $j) + if(! $j) { $j = []; + } if($action === 'filter') { if($j['html']) { @@ -233,9 +245,11 @@ function oembed_fetch_url($embedurl){ if(preg_match('#\<iframe(.*?)src\=[\'\"](.*?)[\'\"]#',$j['html'],$matches)) { $x = z_fetch_url($matches[2]); - $j['html'] = $x['body']; + $orig = $j['html'] = $x['body']; } - + + logger('frame src: ' . $j['html'], LOGGER_DATA); + $j['html'] = purify_html($j['html'],$allow_position); if($j['html'] != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); @@ -314,6 +328,11 @@ function oembed_format_object($j){ //$ret = "<a href='".$embedurl."'>".$j['title']."</a>"; }; break; + case 'pdf': { + $ret = $j['html']; + break; + } + case "rich": { // not so safe.. $ret.= $jhtml; |