From 38fde6672eb3d46b8b154ba2f22df99f91f64852 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Mon, 13 Sep 2010 17:12:54 -0700
Subject: provide allow list of friend sites for education/corporate
 environments, pattern matchable

---
 boot.php | 44 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 41 insertions(+), 3 deletions(-)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index 30a8b2441..b69502ef2 100644
--- a/boot.php
+++ b/boot.php
@@ -782,16 +782,54 @@ function get_uid() {
 }}
 
 if(! function_exists('validate_url')) {
-function validate_url($url) {
+function validate_url(&$url) {
 	if(substr($url,0,4) != 'http')
 		$url = 'http://' . $url;
 	$h = parse_url($url);
 
-	if(! $h)
+	if(! $h) {
 		return false;
-	if(! checkdnsrr($h['host'], 'ANY'))
+	}
+	if(! checkdnsrr($h['host'], 'ANY')) {
 		return false;
+	}
 	return true;
 }}
 
+if(! function_exists('allowed_url')) {
+function allowed_url($url) {
+
+	$h = parse_url($url);
+
+	if(! $h) {
+		return false;
+	}
+
+	$str_allowed = get_config('system','allowed_sites');
+	if(! $str_allowed)
+		return true;
+
+	$found = false;
+
+	$host = strtolower($h['host']);
+
+	// always allow our own site
+
+	if($host == strtolower($_SERVER['SERVER_NAME']))
+		return true;
+
+	$fnmatch = function_exists('fnmatch');
+	$allowed = explode(',',$str_allowed);
+
+	if(count($allowed)) {
+		foreach($allowed as $a) {
+			$pat = strtolower(trim($a));
+			if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+				$found = true; 
+				break;
+			}
+		}
+	}
+	return $found;
+}}
 
-- 
cgit v1.2.3