update lock clucknut
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 14s
Build, Push and Deploy / build-and-push (push) Successful in 3m14s
Build, Push and Deploy / deploy-staging (push) Successful in 25s
Build, Push and Deploy / deploy-production (push) Has been skipped

This commit is contained in:
2026-04-18 20:32:18 +07:00
parent 4554035227
commit dcaf267458
3359 changed files with 153185 additions and 205489 deletions

View File

@@ -45,7 +45,7 @@ public function render(Node $node, ChildNodeRendererInterface $childRenderer): ?
return $rendered;
}
$regex = \sprintf('/<(\/?(?:%s)[ \/>])/i', \implode('|', \array_map('preg_quote', $tags)));
$regex = \sprintf('/<(\/?(?:%s)[\s\/>])/i', \implode('|', \array_map('preg_quote', $tags)));
// Match these types of tags: <title> </title> <title x="sdf"> <title/> <title />
return \preg_replace($regex, '&lt;$1', $rendered);

View File

@@ -17,16 +17,16 @@ class DomainFilteringAdapter implements EmbedAdapterInterface
{
private EmbedAdapterInterface $decorated;
/** @psalm-var non-empty-string */
private string $regex;
/** @var string[] */
private array $allowedDomains;
/**
* @param string[] $allowedDomains
*/
public function __construct(EmbedAdapterInterface $decorated, array $allowedDomains)
{
$this->decorated = $decorated;
$this->regex = self::createRegex($allowedDomains);
$this->decorated = $decorated;
$this->allowedDomains = \array_map('strtolower', $allowedDomains);
}
/**
@@ -34,20 +34,29 @@ public function __construct(EmbedAdapterInterface $decorated, array $allowedDoma
*/
public function updateEmbeds(array $embeds): void
{
$this->decorated->updateEmbeds(\array_values(\array_filter($embeds, function (Embed $embed): bool {
return \preg_match($this->regex, $embed->getUrl()) === 1;
})));
$this->decorated->updateEmbeds(\array_values(\array_filter($embeds, [$this, 'isAllowed'])));
}
/**
* @param string[] $allowedDomains
*
* @psalm-return non-empty-string
*/
private static function createRegex(array $allowedDomains): string
private function isAllowed(Embed $embed): bool
{
$allowedDomains = \array_map('preg_quote', $allowedDomains);
$url = $embed->getUrl();
$scheme = \parse_url($url, \PHP_URL_SCHEME);
if ($scheme === null || $scheme === false) {
// Bare domain (no scheme) - assume https:// so parse_url can extract the host
$url = 'https://' . $url;
} elseif (\strtolower($scheme) !== 'http' && \strtolower($scheme) !== 'https') {
return false;
}
return '/^(?:https?:\/\/)?(?:[^.]+\.)*(' . \implode('|', $allowedDomains) . ')/';
$host = \parse_url($url, \PHP_URL_HOST);
$host = \strtolower(\rtrim((string) $host, '.'));
foreach ($this->allowedDomains as $domain) {
if ($host === $domain || \str_ends_with($host, '.' . $domain)) {
return true;
}
}
return false;
}
}

View File

@@ -56,7 +56,7 @@ public static function unescapeAndEncode(string $uri): string
}
}
if (\ord($code) < 128) {
if (\strlen($code) === 1 && \ord($code) < 128) {
$result .= self::ENCODE_CACHE[\ord($code)];
continue;
}