From 1798ebd39524354a6955e871ce231c908f5bd0cc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 19 Dec 2016 15:38:42 -0800 Subject: improve oembed cache security --- include/oembed.php | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'include/oembed.php') diff --git a/include/oembed.php b/include/oembed.php index eb7b76437..36395cfbc 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -104,7 +104,7 @@ function oembed_action($embedurl) { function oembed_process($url) { $j = oembed_fetch_url($url); - logger('oembed_process: ' . print_r($j,true)); + logger('oembed_process: ' . print_r($j,true), LOGGER_DATA, LOG_DEBUG); if($j && $j['type'] !== 'error') return '[embed]' . $url . '[/embed]'; return false; @@ -135,19 +135,15 @@ function oembed_fetch_url($embedurl){ // we should try to cache this and avoid a lookup on each render $zrl = is_matrix_url($embedurl); + $furl = ((local_channel() && $zrl) ? zid($embedurl) : $embedurl); + if($action !== 'block') { - $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $embedurl); + $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $furl); } if(is_null($txt)) { $txt = ""; - $furl = $embedurl; - - logger('local_channel: ' . local_channel()); - - if(local_channel() && $zrl) - $furl = zid($furl); if ($action !== 'block') { // try oembed autodiscovery @@ -206,11 +202,10 @@ function oembed_fetch_url($embedurl){ //save in cache if(! get_config('system','oembed_cache_disable')) - Zlib\Cache::set('[' . App::$videowidth . '] ' . $embedurl,$txt); + Zlib\Cache::set('[' . App::$videowidth . '] ' . $furl, $txt); } - $j = json_decode($txt,true); if(! $j) -- cgit v1.2.3