From 44d7047fce57085fe63ad5e1088911e9fc07a32e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 20 Feb 2014 21:15:35 -0800 Subject: SECURITY: do not automatically open an iframe which points into the local website. --- include/bbcode.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'include/bbcode.php') diff --git a/include/bbcode.php b/include/bbcode.php index 1969f8444..8bbf7ae01 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -227,6 +227,13 @@ function bb_location($match) { // not yet implemented } +function bbiframe($match) { + $a = get_app(); + if(strpos($match[1],get_app()->get_hostname())) + return '' . $match[1] . ''; + return ''; +} + function bb_ShareAttributesSimple($match) { $attributes = $match[1]; @@ -677,7 +684,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { if ($tryoembed){ if (strpos($Text,'[/iframe]') !== false) { - $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '', $Text); + $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bbiframe', $Text); } } else { -- cgit v1.2.3