update lock clucknut
All checks were successful
All checks were successful
This commit is contained in:
@@ -45,7 +45,7 @@ public function render(Node $node, ChildNodeRendererInterface $childRenderer): ?
|
||||
return $rendered;
|
||||
}
|
||||
|
||||
$regex = \sprintf('/<(\/?(?:%s)[ \/>])/i', \implode('|', \array_map('preg_quote', $tags)));
|
||||
$regex = \sprintf('/<(\/?(?:%s)[\s\/>])/i', \implode('|', \array_map('preg_quote', $tags)));
|
||||
|
||||
// Match these types of tags: <title> </title> <title x="sdf"> <title/> <title />
|
||||
return \preg_replace($regex, '<$1', $rendered);
|
||||
|
||||
@@ -17,16 +17,16 @@ class DomainFilteringAdapter implements EmbedAdapterInterface
|
||||
{
|
||||
private EmbedAdapterInterface $decorated;
|
||||
|
||||
/** @psalm-var non-empty-string */
|
||||
private string $regex;
|
||||
/** @var string[] */
|
||||
private array $allowedDomains;
|
||||
|
||||
/**
|
||||
* @param string[] $allowedDomains
|
||||
*/
|
||||
public function __construct(EmbedAdapterInterface $decorated, array $allowedDomains)
|
||||
{
|
||||
$this->decorated = $decorated;
|
||||
$this->regex = self::createRegex($allowedDomains);
|
||||
$this->decorated = $decorated;
|
||||
$this->allowedDomains = \array_map('strtolower', $allowedDomains);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -34,20 +34,29 @@ public function __construct(EmbedAdapterInterface $decorated, array $allowedDoma
|
||||
*/
|
||||
public function updateEmbeds(array $embeds): void
|
||||
{
|
||||
$this->decorated->updateEmbeds(\array_values(\array_filter($embeds, function (Embed $embed): bool {
|
||||
return \preg_match($this->regex, $embed->getUrl()) === 1;
|
||||
})));
|
||||
$this->decorated->updateEmbeds(\array_values(\array_filter($embeds, [$this, 'isAllowed'])));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string[] $allowedDomains
|
||||
*
|
||||
* @psalm-return non-empty-string
|
||||
*/
|
||||
private static function createRegex(array $allowedDomains): string
|
||||
private function isAllowed(Embed $embed): bool
|
||||
{
|
||||
$allowedDomains = \array_map('preg_quote', $allowedDomains);
|
||||
$url = $embed->getUrl();
|
||||
$scheme = \parse_url($url, \PHP_URL_SCHEME);
|
||||
if ($scheme === null || $scheme === false) {
|
||||
// Bare domain (no scheme) - assume https:// so parse_url can extract the host
|
||||
$url = 'https://' . $url;
|
||||
} elseif (\strtolower($scheme) !== 'http' && \strtolower($scheme) !== 'https') {
|
||||
return false;
|
||||
}
|
||||
|
||||
return '/^(?:https?:\/\/)?(?:[^.]+\.)*(' . \implode('|', $allowedDomains) . ')/';
|
||||
$host = \parse_url($url, \PHP_URL_HOST);
|
||||
$host = \strtolower(\rtrim((string) $host, '.'));
|
||||
|
||||
foreach ($this->allowedDomains as $domain) {
|
||||
if ($host === $domain || \str_ends_with($host, '.' . $domain)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ public static function unescapeAndEncode(string $uri): string
|
||||
}
|
||||
}
|
||||
|
||||
if (\ord($code) < 128) {
|
||||
if (\strlen($code) === 1 && \ord($code) < 128) {
|
||||
$result .= self::ENCODE_CACHE[\ord($code)];
|
||||
continue;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user